auth.conf,hiera.yaml,puppet.conf: Config change from puppetserver 5.x to puppetserver 7.x.

3 files changed, 9 insertions, 158 deletions

diff --git a/auth.conf b/auth.conf
deleted file mode 100644
index 9629d3e..0000000
--- a/auth.conf
+++ /dev/null
@@ -1,150 +0,0 @@
-# This is the default auth.conf file, which implements the default rules
-# used by the puppet master. (That is, the rules below will still apply
-# even if this file is deleted.)
-#
-# The ACLs are evaluated in top-down order. More specific stanzas should
-# be towards the top of the file and more general ones at the bottom;
-# otherwise, the general rules may "steal" requests that should be
-# governed by the specific rules.
-#
-# See https://puppet.com/docs/puppet/latest/config_file_auth.html
-# for a more complete description of auth.conf's behavior.
-#
-# Supported syntax:
-# Each stanza in auth.conf starts with a path to match, followed
-# by optional modifiers, and finally, a series of allow or deny
-# directives.
-#
-# Example Stanza
-# ---------------------------------
-# path /path/to/resource     # simple prefix match
-# # path ~ regex             # alternately, regex match
-# [environment envlist]
-# [method methodlist]
-# [auth[enthicated] {yes|no|on|off|any}]
-# allow [host|backreference|*|regex]
-# deny [host|backreference|*|regex]
-# allow_ip [ip|cidr|ip_wildcard|*]
-# deny_ip [ip|cidr|ip_wildcard|*]
-#
-# The path match can either be a simple prefix match or a regular
-# expression. `path /file` would match both `/file_metadata` and
-# `/file_content`. Regex matches allow the use of backreferences
-# in the allow/deny directives.
-#
-# The regex syntax is the same as for Ruby regex, and captures backreferences
-# for use in the `allow` and `deny` lines of that stanza
-#
-# Examples:
-#
-# path ~ ^/puppet/v3/path/to/resource    # Equivalent to `path /puppet/v3/path/to/resource`.
-# allow *                                # Allow all authenticated nodes (since auth
-#                                        # defaults to `yes`).
-#
-# path ~ ^/puppet/v3/catalog/([^/]+)$    # Permit nodes to access their own catalog (by
-# allow $1                               # certname), but not any other node's catalog.
-#
-# path ~ ^/puppet/v3/file_(metadata|content)/extra_files/  # Only allow certain nodes to
-# auth yes                                                 # access the "extra_files"
-# allow /^(.+)\.example\.com$/                             # mount point; note this must
-# allow_ip 192.168.100.0/24                                # go ABOVE the "/file" rule,
-#                                                          # since it is more specific.
-#
-# environment:: restrict an ACL to a comma-separated list of environments
-# method:: restrict an ACL to a comma-separated list of HTTP methods
-# auth:: restrict an ACL to an authenticated or unauthenticated request
-# the default when unspecified is to restrict the ACL to authenticated requests
-# (ie exactly as if auth yes was present).
-#
-
-# CONTROLLING FILE ACCESS (previously in fileserver.conf)
-
-# In previous versions of Puppet, you controlled file access by adding
-# rules to fileserver.conf. In Puppet 5 with Puppet Server, you can control
-# file access in auth.conf by controlling the /file_metadata(s)/<mount point>,
-# /file_content(s)/<mount point>, and /static_file_content/<file> paths. See the
-# Puppet Server documentation at
-# https://puppet.com/docs/puppetserver/latest/config_file_auth.html.
-#
-# If you are not using Puppet Server, or are using Puppet Server but with the
-# "jruby-puppet.use-legacy-auth-conf" setting set to "true", you could set the
-# desired file access in a new rule in this file. For example:
-#
-# path ~ ^/file_(metadata|content)s?/extra_files/
-# auth yes
-# allow /^(.+)\.example\.com$/
-# allow_ip 192.168.100.0/24
-#
-# If added to auth.conf BEFORE the default "path /file" rule, this rule
-# will add stricter restrictions to the extra_files mount point.
-
-### Authenticated ACLs - these rules apply only when the client
-### has a valid certificate and is thus authenticated
-
-path /puppet/v3/environments
-method find
-allow *
-
-# allow nodes to retrieve their own catalog
-path ~ ^/puppet/v3/catalog/([^/]+)$
-method find
-allow $1
-
-# allow nodes to retrieve their own node definition
-path ~ ^/puppet/v3/node/([^/]+)$
-method find
-allow $1
-
-# allow all nodes to store their own reports
-path ~ ^/puppet/v3/report/([^/]+)$
-method save
-allow $1
-
-# allow all nodes to update their own facts
-path ~ ^/puppet/v3/facts/([^/]+)$
-method save
-allow $1
-
-# Allow all nodes to access all file services; this is necessary for
-# pluginsync, file serving from modules, and file serving from custom
-# mount points (see fileserver.conf). Note that the `/file` prefix matches
-# requests to both the file_metadata and file_content paths. See "Examples"
-# above if you need more granular access control for custom mount points.
-path /puppet/v3/file
-allow *
-
-path /puppet/v3/status
-method find
-allow *
-
-# allow all nodes to access the certificates services
-path /puppet-ca/v1/certificate_revocation_list/ca
-method find
-allow *
-
-### Unauthenticated ACLs, for clients without valid certificates; authenticated
-### clients can also access these paths, though they rarely need to.
-
-# allow access to the CA certificate; unauthenticated nodes need this
-# in order to validate the puppet master's certificate
-path /puppet-ca/v1/certificate/ca
-auth any
-method find
-allow *
-
-# allow nodes to retrieve the certificate they requested earlier
-path /puppet-ca/v1/certificate/
-auth any
-method find
-allow *
-
-# allow nodes to request a new certificate
-path /puppet-ca/v1/certificate_request
-auth any
-method find, save
-allow *
-
-# deny everything else; this ACL is not strictly necessary, but
-# illustrates the default policy.
-path /
-auth any
diff --git a/hiera.yaml b/hiera.yaml
index dde32ca..2536e86 100644
--- a/hiera.yaml
+++ b/hiera.yaml
@@ -1,10 +1,11 @@
 ---
-:backends:
-  - yaml
+# Hiera 5 Global configuration file
 
-:hierarchy:
-  - "osfamily/%{::osfamily}"
-  - common
+version: 5
 
-:yaml:
-  :datadir: /etc/puppet/code/hiera
+# defaults:
+#   data_hash: yaml_data
+# hierarchy:
+#  - name: Common
+#    data_hash: yaml_data
+hierarchy: []
diff --git a/puppet.conf b/puppet.conf
index f9e4817..64302d8 100644
--- a/puppet.conf
+++ b/puppet.conf
@@ -9,5 +9,5 @@ http_proxy_port = 3128
 
 [master]
 vardir = /var/lib/puppet
-cadir  = /var/lib/puppet/ssl/ca
+cadir  = /etc/puppet/puppetserver/ca
 dns_alt_names = puppet