commit ee282d194df7434bbf512e0551a02c0b360a3378 Author: jonnybravo Date: Sat Dec 6 11:46:55 2025 +0100 add diff --git a/ca-ssl/ca b/ca-ssl/ca new file mode 120000 index 0000000..9977801 --- /dev/null +++ b/ca-ssl/ca @@ -0,0 +1 @@ +/etc/puppetlabs/puppetserver/ca \ No newline at end of file diff --git a/ca-ssl/certs/ca.pem b/ca-ssl/certs/ca.pem new file mode 100755 index 0000000..3ca892d --- /dev/null +++ b/ca-ssl/certs/ca.pem @@ -0,0 +1,63 @@ +-----BEGIN CERTIFICATE----- +MIIFgTCCA2mgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMScwJQYDVQQDDB5QdXBw +ZXQgUm9vdCBDQTogZmZmNjYxYWI3NDBlMjIwHhcNMjUxMjA0MjI1MDE3WhcNMzAx +MjA0MjI1MDE5WjBFMUMwQQYDVQQDDDpQdXBwZXQgQ0EgZ2VuZXJhdGVkIG9uIHB1 +cHBldCBhdCAyMDI1LTEyLTA1IDIyOjUwOjE3ICswMDAwMIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEArc99Lx0gu8A7HgTaBIyIIVteGLOMxQtWj5KtsqH8 +LgpteNFVQFfOsnFW8LaKGAFCET3I5viNmD+txJVoIkac8NjajViW+y21J3vOxYVI +Etb7eNOyrlBoyzCLVDKgJWySdju7x73Qw1HzAbgSgcM59J88q4YfAvFHpatX6+cp +QQe1WO5JFAHN4hR4Pf47wPi5F4q2s+RRR/Kl9aRflg3dVCQs8MM9tYv8Ca3DYKmw +ZbZM7fFCMnqoAA8CY5f6U6tGiHFi6IOaJQVmNZosep7zzIohhrNx4cW+ORLFaCW1 +5JDy30396jo0sP6QseJEFTue9Q+7ReRXlC5FEIRjGdaQbTN6nUx4ObPl5nmnEkBF +MPqRfSXz1FMsepaOVwpss9Ggb8+91HL+rxyqE6IWUP5A4n/7y3iU/oFFrQ9RC7rE +l3NxyFi87wLyME4gMIkAYZHr5SWFexcYk3Z0zGlMhfysc1HRykh/bMGt8lzUmhRE +Bh1CWs0DumYU7G2z5jdAIlyLSWNU/Vvm+nZMveVPn781DFS+wHYWtgVb0j5giHbl +ph19aidPlIgzCiVKpgi1XCwmlpIUs+yp3VPnkFR5lk1vTSZJkaKnH3kr1WW3J4CU +KDw1ftK3CwV5KAA34xcs1xNI0NxvsdIwQAlGw/KyVaRPmcwwm3dmUjPVtA64Ij6V +VkECAwEAAaOBlzCBlDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAd +BgNVHQ4EFgQUaN0DSCpQ9X/vRbjswjh6FRRngmcwMQYJYIZIAYb4QgENBCQWIlB1 +cHBldCBTZXJ2ZXIgSW50ZXJuYWwgQ2VydGlmaWNhdGUwHwYDVR0jBBgwFoAUHZnQ +f1RICLo0IiFV9LjEjG9/9VYwDQYJKoZIhvcNAQELBQADggIBABYWZhcDPtT06g3A +OvdEuejnfj6JFB8SH1OxLV5aKjUWT2fVKqngKlBTDUIX+MosN1yMlkk+gePnIy1Q ++ykEuBgB9b3SVXvT4Qj1j0JNt2e+BoklC2NOmxJHV283DJ7YH0YIl9c3G+5/njb/ +5lKKmk3yDRKxH+rw5U3DOXW0m9Qyj/SOHrBeewGsA0NWvkYRnxvOF8pUdmhaNhTE +wI7PectNkm8rXn+7nVaCXDhW8IEj90ZnirQCoLFASPVhzm5SS3cvXrXuWGaVw0wg +i0qmRWybqXGbpU/NmoYcFfkzBfcPplQU1TXzWS2HtukIKRT1EydljVxw8suFt1sL +02QQgRCxiDNUnQkcXcC/c2Wb8tAs2YQZ6mgxtNb1T05Cf67RfjxGeICsXBa335I+ +ioUp2xt+EBk3qjSJ+TtpfG1vGABxC5T8SOxD3DMyKa/C1SnF8nAAYuIVHJBdkvUR +d8kDnmcWl/bcjS7Zm/KO9ZJud0nb6X54iUnOOQ5IV5WWh1BGCxRvGZD6ItlW21cn +uw+vdmu32RRulApXjZfw4HnG87lZC5LcB3xPpzpA7eAg2nm2bxO/tyJ5RWdVGmKJ +M2uXH67935uckRbQ6hPYji8LMt0OfKDKBXcALeR73RZIbMikdOM0K5AzCBHle0gH +YnDivlWp+jCR7Y21BzJ1jQDgFKK8 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFZTCCA02gAwIBAgIBATANBgkqhkiG9w0BAQsFADApMScwJQYDVQQDDB5QdXBw +ZXQgUm9vdCBDQTogZmZmNjYxYWI3NDBlMjIwHhcNMjUxMjA0MjI1MDE3WhcNMzAx +MjA0MjI1MDE4WjApMScwJQYDVQQDDB5QdXBwZXQgUm9vdCBDQTogZmZmNjYxYWI3 +NDBlMjIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCY3JYtGQJW6xeD +wg9S/GJ5wQUTgIyHKU+pCB/nD5O7i9VLHjxdttMGvalk8FksVxhIPX1Y6XBAoE6O +3vdmm7pHt+byzpggZhxZQr7oGBopq9iAjDe6s1vX6hRfLYQ5MOBRsiBOJXmE1Px+ +CeIEXrYQYQkkDEh/cXKVuDoUtnue/CmhBn58u2R3jyIp9RRpvMokv9XUujg0oPlL +F+5h66baDZr2USdddj97g7gFOoMiTcG7ZwqSpL7sPfMOzHeOjMCIIAMERJkEC56R +ns+KverL56skAFNUndJpOaTwQEQo1kdjYkkwbLp9sTUTAiYbDBAalEwWKltQ5kOF +J2khyA7nv7LfMU1ob879xAxg47aFwoQEX/aLShBP8lWukr0BfzYrJwMSWRNql35w +Flyzh9Z5jd/WX+aceVkYJ1k4FSCpzUqtszLT1scDFrdbwnxeur2qfA779W5DIAx9 +rNEypRVpj6BqM5ckhHD8v8SgAitEETXV9lyIlJYtnFU2rfwIRujRIoVNwxw76aip +aWDcPO2cH90lLyInh43Ab+8Mf+KL86VeGKDrwkB6L3rMnFfVyefC9DfH0Yvmo3vI +i8jb1znM8WLhHDIz3Ikj+vTyfffx0qyatrpthcNNZ5TbdL5WWksu8iyqdiPvoxfX +FPSbWGN7CR/WxjOf952B+Ni2rWTRSwIDAQABo4GXMIGUMA8GA1UdEwEB/wQFMAMB +Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQdmdB/VEgIujQiIVX0uMSMb3/1 +VjAxBglghkgBhvhCAQ0EJBYiUHVwcGV0IFNlcnZlciBJbnRlcm5hbCBDZXJ0aWZp +Y2F0ZTAfBgNVHSMEGDAWgBQdmdB/VEgIujQiIVX0uMSMb3/1VjANBgkqhkiG9w0B +AQsFAAOCAgEAgo+7VyVvAuYmUvw+fR78zjQpijFBAJuPMGKFRgJnOe+PaCBRDtex +3vFtwZR2BjhkW4/1+33gD45cjAIjZ65oeTBo0M7Z3LbGlIsZCl/zAK7pjBuJpiFP +mgxaRPm/zO8Hgz9uozoMlDq/Bao2HfxD4tf/yOhgkA8rZ2UMdMNZhpXQU3zK+3MJ +5lIhGzkrGLxbKjYXiTL0POQCYK5IhNStfsl2Kmk7I3K6G52Y9oYt0D0heZdzrorp +RsoGwJGRgX+RRcMybWppHCNWrFtBDUA0yZ6daJjXpEMizErsocS+Fla/YnjbJVMh +xxfHVMvFKZVNnYic0qi+ip4uA0SfrtV63pmBCGPmab0e7FiZUYJZkTxmszF3i0wP +L9CcXnrU1uH0tog38jcDzTVKqjDQULyctygc/7N+CJLCkgE3ch/aDrtEdcKxOuQf +xXfkG189jf5HYgzNCGvzPbq964PnAA+Vx/gkMXhSItUWr1tzD62vFI6AiS4p0fQo +PGQYiVKGUKnkDCwLceENTJZ88g9+YeWQQtPtcc2yfD9OCWNMpij/gr5xCkQL+cCf +ER2RAQLYGCcUuVkC6ObDcy/FxKDtgIHhoRNox+mehmjEoHWU40wjvTshUin5+F57 +OkFoxPyB9VE0hzJM0ccgY4iRo1Dt0R8EZnTqtDotRESo+aNtB7bEUlc= +-----END CERTIFICATE----- diff --git a/ca-ssl/certs/puppet.speedport.ip.pem b/ca-ssl/certs/puppet.speedport.ip.pem new file mode 100755 index 0000000..bcd36f6 --- /dev/null +++ b/ca-ssl/certs/puppet.speedport.ip.pem @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF1DCCA7ygAwIBAgIBATANBgkqhkiG9w0BAQsFADBFMUMwQQYDVQQDDDpQdXBw +ZXQgQ0EgZ2VuZXJhdGVkIG9uIHB1cHBldCBhdCAyMDI1LTEyLTA1IDIyOjUwOjE3 +ICswMDAwMB4XDTI1MTIwNDIyNTAxN1oXDTMwMTIwNDIyNTAyMlowHjEcMBoGA1UE +AwwTcHVwcGV0LnNwZWVkcG9ydC5pcDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC +AgoCggIBAMPWIb7BpU7q9ROWWDnhbY/YWU26j13DW5Kxz4rWUOXzv3ebqyFTA+e9 +tExvCHfCq555ROAtYAlHKRQSz6aA7bLoQGNywxpdbeJfcG0C9cGv1C3bHk9+qql5 +YeNNfirj1THRanH/ZbW1fNUO3XehntKveEXb8mgFfAh4CQAXOcVR0eSjY7LyfPRX +vXYkd/LtHlTDaR9PNnBUaAZcur3/ylTPvBR8UwOKbchGr7ZEkzqW6EaEA0r8Culy +OJY+StBlHU0owuPi6u6HsIR2YEA/rRx/ERtUhROPXXsymQPWjp07Rl1JFLPIRYwW +8F2fH50ViFloouQPNnj/HDzX6+Zfcc388EpE3l42/z4Hm3l8JjrFlDzSq+mk1frW +uZz3n+NsZGTkWKZa4qp3UiIxidjwJgrrGres3UgBv65hgq54fg/5jGAOstSnYKzU +biNAxytSipECRstUWsKIuX0cIdMZzhYVIRSnaDWzUa/EiareBVG3uZ7AD6BFQyhv +MOMCtG3hcmC+SjVTZWs4JSHJs84Bo20+uS7AjG9FDrbPrqPi5SoCPQuBLsggghkN +YMiB/sNqErbpT2KtVEcn1jIT71HqSQ9NGLi5g4fg+YnOIIYVBIHG+PD7AsatUWwQ +84imemjwq4HW9u48lw9H/JQk6kb9X5pz4MAlXd1B1ApZSuQtg+DXAgMBAAGjgfUw +gfIwDAYDVR0TAQH/BAIwADAxBglghkgBhvhCAQ0EJBYiUHVwcGV0IFNlcnZlciBJ +bnRlcm5hbCBDZXJ0aWZpY2F0ZTAfBgNVHSMEGDAWgBRo3QNIKlD1f+9FuOzCOHoV +FGeCZzAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/ +BAQDAgWgMB0GA1UdDgQWBBSztTQjy5ZflFlzOoyfzXRJK7BpVjAVBgsrBgEEAYKM +TAEDJwQGDAR0cnVlMCYGA1UdEQQfMB2CBnB1cHBldIITcHVwcGV0LnNwZWVkcG9y +dC5pcDANBgkqhkiG9w0BAQsFAAOCAgEARLvJc6SeWMXrPLunZBsdFc6WuBrQgkh4 +1lUwqZ3hYViCWP/Enm3BefloZAst0ZXUDV6nFADCwU4ODv07KmWeG5jUL4GcA6G4 +zMrwmUNWzioI42oVtPqFT6dvCz6WMh9UqZmp5upkMp3Yi2S+kEwOlPD4VVx2CGSt +JC28rA59EcWMhoVzsnlgzyLcBPDHj05D/pU23zwl9aHommTMczpiqDuKgihTNwZt +sMpLQoyqorZyJ8+1QkHXH2etYevv01x3g5l/NuXOavDrFcSYEaEKmtORkRMOF6fA +L4N5I1olc0RaMelWccx+XyaUQm1G1NVY0qLM25T3QpODylLLEkfxxVsAS5uHwotZ +M+GhwI5JLrCluaJ6BXpcoQj6kZ8b5NF9R0DbCZlNC1lwLRPtDuyLTDxqMStRIIVn +Jt9JCnA+6PKSfPZ0soPkbZE0oYOkar3gAP5FAVBZJi/0AXMCs9/VJLW8Ow6tQW1q +6YshhtXEALZaFnZ9gqS+9y5/cTi62g4vZ9faACf9E/h5xhow2YlUyz3at8U7Xlno +VAmaOBxmB+zVzbyL+XjUfyW8aIhPRap6t6R14077GunuSH8XYYi3XHoz0pd4uZ3S +NQZ0H+NPCqH/RWN0+BglrdfIOoTkMM2PUu2ekWLHzp0pM3WHQqb8nJJ9V5/4QbsB +11h1JX9+0Zw= +-----END CERTIFICATE----- diff --git a/ca-ssl/crl.pem b/ca-ssl/crl.pem new file mode 100755 index 0000000..e98b875 --- /dev/null +++ b/ca-ssl/crl.pem @@ -0,0 +1,34 @@ +-----BEGIN X509 CRL----- +MIICvzCBqAIBATANBgkqhkiG9w0BAQsFADBFMUMwQQYDVQQDDDpQdXBwZXQgQ0Eg +Z2VuZXJhdGVkIG9uIHB1cHBldCBhdCAyMDI1LTEyLTA1IDIyOjUwOjE3ICswMDAw +Fw0yNTEyMDQyMjUwMTdaFw0zMDEyMDQyMjUwMTlaoC8wLTAfBgNVHSMEGDAWgBRo +3QNIKlD1f+9FuOzCOHoVFGeCZzAKBgNVHRQEAwIBADANBgkqhkiG9w0BAQsFAAOC +AgEAVrcpf7vF0dD8t4LfLFvh4wWMCHgo+veFNTMqHUbandRjMTLHUqbujnHj3C5B +qrbHtTp6lzTDw8W25niJtIkLSMiYue666RzePcvBoknDvvw4/OEIPa6gaSSJgc9k +DGu1qRd7btbILeXWO5jCb0KElS8aWSHT51gH9eAbTRICETltAKwbXWPFg/0AQv3R +ab5Fyj7vYO9+JfdfP8BNyUSKeQls+7UVTOsFOYACFZqhXzPUUlc4+vKj/gpeujgc +58w+IPPMNyPXG8xeleFYTzZ1/zMIXbW14YTBdTtPPWjcU2DriRL9fJmH5wYkU2/0 +MDfaZOByf8twhe1V7nT3hiBkjflYywNXFgsojE+TYqkoIrtkMmFtpL40UA8zAUW9 +GfV6O+6wzkG9FXKiG/ZUbviQFd5sE3/5fPJt6qukH9E7612PJ5C1mgdiW4c+181v +TqaZuHkWTY1U7Ciwn0aj0Cxp00HyIeKDAVp17rNCYnfhNbwZC6Vu0Edyn2r1qztN +BQrRL3AmbS4yjkEGIwtj/FP3UvyZqNBVyEbgDlDZClyo/aOoW090DNx9V4b1jzX6 +UpjOLTvb0u72e6vCbo6zhMD1TqnLBzzUaGbMkVg+xmsdrxAmTvy0B/roldkCdxQ2 +FtEFGyLnh8m8wInA7J8s4noutmS4GWOAX3h+PAqufrXY/Hw= +-----END X509 CRL----- +-----BEGIN X509 CRL----- +MIICozCBjAIBATANBgkqhkiG9w0BAQsFADApMScwJQYDVQQDDB5QdXBwZXQgUm9v +dCBDQTogZmZmNjYxYWI3NDBlMjIXDTI1MTIwNDIyNTAxN1oXDTMwMTIwNDIyNTAx +OFqgLzAtMB8GA1UdIwQYMBaAFB2Z0H9USAi6NCIhVfS4xIxvf/VWMAoGA1UdFAQD +AgEAMA0GCSqGSIb3DQEBCwUAA4ICAQArWJW4adDARe/rySBK2oq7IDXdz+8HRghZ +bOs4E9pdrmVSVNYdTTvbcAPd2T0RhJaZPph+djfyj+/yijmaunnACTAwLiaoroJf +LcHCgOSu/n3zUMkszkzsuVYN7p0sV3OAUKMknvzz2qNV/P0ErQUN4yShemi71K0N +HklGuVIk3UOswVzw/6jn0DglCIOtpYgRiB2fixYUMMSK1u0FxtXDTQqdholqjv3F +1kRDCiy7qXQeQe6Xa5tc+Jm1UILk7pUo1MulTIJpuEQXqjVaVU8/HrWGCAYejN9A +9IW97leVo6x3tsP3OYixX2jefpvkLbnJWe+tFCqhMjF3Tpy32ru93ThCB8EAz0BN +THiqMQZ21YLsxSgd7elaEtV66lior9ciJC6wUNuYmXlwXuzMtI+Z39I+bXacmUNg +6sk0Mos+Bnmf0vGypRMxsrhe2v30ndFdkYKTG1PP4nMowJ5DYxEG+KS72LpsysHt +aQHiwZ2HJLX5E79q2gvJ9KMWTijSy0ZnSLa4c1fBuSkJ0t8pLFFUP9nvbpbw8P5H +9LG+mYfopxOgeRPg4my5Fxh5Y4+rAxZRuetzuVi8nDU63QGCiwoU8Hc7CBdGAUvd +MD3aiZAB6w/tJ1+IAoZw7yoSqOeqs9YaXA2bZG+1NYsjOB+ttglte3TDTPsCd75I +lRa0kJ2NoQ== +-----END X509 CRL----- diff --git a/ca-ssl/private_keys/puppet.speedport.ip.pem b/ca-ssl/private_keys/puppet.speedport.ip.pem new file mode 100755 index 0000000..767290c --- /dev/null +++ b/ca-ssl/private_keys/puppet.speedport.ip.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEAw9YhvsGlTur1E5ZYOeFtj9hZTbqPXcNbkrHPitZQ5fO/d5ur +IVMD5720TG8Id8KrnnlE4C1gCUcpFBLPpoDtsuhAY3LDGl1t4l9wbQL1wa/ULdse +T36qqXlh401+KuPVMdFqcf9ltbV81Q7dd6Ge0q94RdvyaAV8CHgJABc5xVHR5KNj +svJ89Fe9diR38u0eVMNpH082cFRoBly6vf/KVM+8FHxTA4ptyEavtkSTOpboRoQD +SvwK6XI4lj5K0GUdTSjC4+Lq7oewhHZgQD+tHH8RG1SFE49dezKZA9aOnTtGXUkU +s8hFjBbwXZ8fnRWIWWii5A82eP8cPNfr5l9xzfzwSkTeXjb/PgebeXwmOsWUPNKr +6aTV+ta5nPef42xkZORYplriqndSIjGJ2PAmCusat6zdSAG/rmGCrnh+D/mMYA6y +1KdgrNRuI0DHK1KKkQJGy1Rawoi5fRwh0xnOFhUhFKdoNbNRr8SJqt4FUbe5nsAP +oEVDKG8w4wK0beFyYL5KNVNlazglIcmzzgGjbT65LsCMb0UOts+uo+LlKgI9C4Eu +yCCCGQ1gyIH+w2oStulPYq1URyfWMhPvUepJD00YuLmDh+D5ic4ghhUEgcb48PsC +xq1RbBDziKZ6aPCrgdb27jyXD0f8lCTqRv1fmnPgwCVd3UHUCllK5C2D4NcCAwEA +AQKCAgARGra/znH9vo/BMjRqecHz+lVycITtD48D9PvHiIhwTSW/8Jy1wGZq6yrA +MkJvE1Wh9b2KRuxIYyq3Uh1I0aHxKk/VX8SinN5oEyXin4uPaygBCU5QayPEwZFH +JRGL9XI9c6j0Y/YiNMO+aBn3xOn2RNUgZOF7LF907eb7Vwv4q/jFG3AtxPgc7zzh +ALZpRUSM6rRXw7dhgD3FsHuu9JRba/llYKZvfLux7lqSdNLXHy8SWZ1gAzuAwDUp +Ci/Gm84/WvwKo1sZkkhciWpGskkQYBjCZlNpLfBgPj8XErpKCU9P/n4MZcWNQsOj +qa49LhBGntj7SkjbsIxq1AEKkfOCfuWDv1en0qglpTc+UVPs1/VVK4VyIA6UInyA +HccfOstXLrIL8/jzj1KI/r5LX8EsqdXGvmEfvBhNoIdRqtOUG3LNbtqQyoVK9jbZ +kaW+FCEXUbDatBsWhpqLEfJ4SZEp10jv92XNan9VTeClsURoVDrjFjtitOHeFb02 +OKbK3Lb97ikUHrj3QORAa3twC2wBkk7jXyVL3RFiSx012xLfQ02Ukz57E8RYKKYQ +ICwFB1oaoubGfA7JOlDZl+9KJvm+41uv5qXkog2TCzXvdQMiVxEeJduj3e65752z +jINP/50+EsemVZJsIqn+1nWbUzZjM+KfBxSCZkF0fl1EHmJt4QKCAQEA+mjevs/a +79Nx9yVk/wNOx4a6zVsJNgecbloYWintBEy0uTZxECKNE/H1ZIMGW01Wm2SvMyIB +8YI91+BNtdt8Tdqy++14yebNU6b/N5BHXVkiUwXgRHy3UkwmcT6VY0cOFM7gPvKe +3esIPF+sumi6o0kCkmzrivAX55UX2vnvLPeFAjs8QQGIKnxO7ZN29w4rQU1mupbh +NN79wTKbZBi9muBD2ACNepeP0iOdtJMEoeJmrMQaNyXeTmoZ35TInyDoFv5qn8OU +HfYuta0mA92oA5l2Wq9R4UZp6Jt/KKwqpVPG925Fmz0rm62VqYBNlT4TtKigGLJU +pR2sTeFfaA2RtQKCAQEAyDVeEXF6xDh8Nz3tdsZV52ogIGQfsdxQZ/ymrqs6evDH +g0Y6CCklyLdIePo0hlTW4fBTyKFrClWxQr/MLkZQcwhmsXOei3LUbvx2IIBtzYPt +k4RYJUE2m9Axb2zkFaKbkf87AyAKYw2Suc9PzxQzOjjTOmfOp99dePh2ogxFqMTN +jN/SQqS83Y8BBuOJXLGoZM1iI/vcUFqvu1HzA91QZhKLKD0nDEU9VcuIn3Ap9/4i +Nx0zOahb62XWVfJTWDiHOqONJXoJO0+yAPi2V4VWLR/qqTDaKSG77Pd4fJqyzbPJ +LxC/pziJ0Zo9+ENujAMvWBf4+V64nIo8a5RXtIgv2wKCAQEAoA2hufKfLMVIxcB4 +Emtp0ixyf8mdVJR+zyX1BMRhg2sH5I5ArCB5bfMsdycsS/Vd0wsC1Lr65QPrRW1Q +HloA1L5hwpbhqqNEQCCwZjJo+uh7APfzhbL1dbvIon9u+rqy7GfiezmWg5+zbut0 +Ot2v1ahX5YGK+A5IKTRpwAQadPJsaKW1+JLjFszHoiCsXHMJAL9ZVxATODkDlpYj +LlKF9lU75/dKdr4jJhyvs3h48IQGPo1FeFRTCGnWycqOhO+CiRfqzN00cgYliuf2 +MWhe+JYBSStgOY5JKW0iVLvesjefKA2qnfP2SJYl3+ZrMGYyMDnLwp1RbwxNUqYn +1hk+NQKCAQBGeSqknzpkqbFnzJ+zCHuimuO2IyhY9kFDaVbO8y0Bq5G/LtAsoTdQ +oNuc4g3tHx4IqA0F+XPxTlq4MUVRIKUe6N0lJ5quYXxPmQSHyk1cY00UeSiB7KOp +Uy6jl0PuLa/vQ1VlczjUxylXyJbCQM0LeIc57uJ6ixCfDW7M+d7nWmc0aHDdzplA +sB7fauamP08UNIuQOQ7DJjjniiAtwxCS7YIYZvZAxnqhoaR04wmS5tzqY5ftesro +YI+C72rRCgzn4jxD7eIkA5iX6PReeGvuNGboqW6RvfMlpbK+wcGg0OFHdPDRjwBM +TKv1oN7f4BshOkcEmIgJakt8XtpEjQ+zAoIBAQCxiw8kpdNXybadaWhQ+Fv2pW/m +gZsnyxuMwM7+TM5/CfCt5lepS5mUQXc064fdoOc2gCY1HaBV06PCPYQ0X00zBU3L +8Md1F7X5apTIv7ltoF/OxeLTWepW+QUJZBXoxys3uW4qbAp1BA+m9D03hR3csZX/ +wAT7QF3mtGpmTndLBmNw2W0vGMI80P/53jAPvHqlX/AXAshvKcsnTfRt05oqbHny +gI2stRw1TVKjvGtkAOA6KHakLZdtZNqYn3QJktYMiBNVV+eLHcjJYU+5+eT7fe/P +7BpYp98YutcQrksgHvORNaPlX/eKKL7jca0/5LQkiW8QaQaj49D79ICVbI8z +-----END RSA PRIVATE KEY----- diff --git a/ca-ssl/public_keys/puppet.speedport.ip.pem b/ca-ssl/public_keys/puppet.speedport.ip.pem new file mode 100755 index 0000000..fe1db2a --- /dev/null +++ b/ca-ssl/public_keys/puppet.speedport.ip.pem @@ -0,0 +1,14 @@ +-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw9YhvsGlTur1E5ZYOeFt +j9hZTbqPXcNbkrHPitZQ5fO/d5urIVMD5720TG8Id8KrnnlE4C1gCUcpFBLPpoDt +suhAY3LDGl1t4l9wbQL1wa/ULdseT36qqXlh401+KuPVMdFqcf9ltbV81Q7dd6Ge +0q94RdvyaAV8CHgJABc5xVHR5KNjsvJ89Fe9diR38u0eVMNpH082cFRoBly6vf/K +VM+8FHxTA4ptyEavtkSTOpboRoQDSvwK6XI4lj5K0GUdTSjC4+Lq7oewhHZgQD+t +HH8RG1SFE49dezKZA9aOnTtGXUkUs8hFjBbwXZ8fnRWIWWii5A82eP8cPNfr5l9x +zfzwSkTeXjb/PgebeXwmOsWUPNKr6aTV+ta5nPef42xkZORYplriqndSIjGJ2PAm +Cusat6zdSAG/rmGCrnh+D/mMYA6y1KdgrNRuI0DHK1KKkQJGy1Rawoi5fRwh0xnO +FhUhFKdoNbNRr8SJqt4FUbe5nsAPoEVDKG8w4wK0beFyYL5KNVNlazglIcmzzgGj +bT65LsCMb0UOts+uo+LlKgI9C4EuyCCCGQ1gyIH+w2oStulPYq1URyfWMhPvUepJ +D00YuLmDh+D5ic4ghhUEgcb48PsCxq1RbBDziKZ6aPCrgdb27jyXD0f8lCTqRv1f +mnPgwCVd3UHUCllK5C2D4NcCAwEAAQ== +-----END PUBLIC KEY----- diff --git a/code/environments/production/manifests/all_system.pp b/code/environments/production/manifests/all_system.pp new file mode 100644 index 0000000..c39c80c --- /dev/null +++ b/code/environments/production/manifests/all_system.pp @@ -0,0 +1,29 @@ +class all_system { + file { '/etc/motd': + ensure => 'file', + owner => 'root', + group => 'root', + mode => '0644', + content => "Willkommen auf diesem Server von JonnyBravo ein neuer Nerd am Himmel DANIEL. Er wird von Puppet verwaltet.\n", + } +} + + + +class apt_upgrade { + cron { 'apt_update_upgrade': + command => '/usr/bin/apt-get update && /usr/bin/apt-get -y upgrade', + user => 'root', + weekday => 0, # 0 = Sonntag + hour => '2', + minute => '0', + require => File['/usr/bin/apt-get'], + } + + file { '/usr/bin/apt-get': + ensure => 'file', + owner => 'root', + group => 'root', + mode => '0755', + } +} diff --git a/code/environments/production/manifests/site.pp b/code/environments/production/manifests/site.pp new file mode 100644 index 0000000..fd89fe2 --- /dev/null +++ b/code/environments/production/manifests/site.pp @@ -0,0 +1,4 @@ +node default { + include all_system + +} diff --git a/config/postgres/pg_hba.conf b/config/postgres/pg_hba.conf new file mode 100644 index 0000000..4d360ee --- /dev/null +++ b/config/postgres/pg_hba.conf @@ -0,0 +1,11 @@ +# pg_hba.conf +# TYPE DATABASE USER ADDRESS METHOD + +# "local" is for Unix domain socket connections only +local all all trust +# IPv4 local connections: +host all all 127.0.0.1/32 trust +# IPv6 local connections: +host all all ::1/128 trust +# Allow connections from anywhere for all databases and users (adjust as needed) +host all all 0.0.0.0/0 md5 \ No newline at end of file diff --git a/config/postgres/postgresql.conf b/config/postgres/postgresql.conf new file mode 100644 index 0000000..11dd0fa --- /dev/null +++ b/config/postgres/postgresql.conf @@ -0,0 +1 @@ +ssl=off diff --git a/config/postgres/script/init-pg-trgm.sql b/config/postgres/script/init-pg-trgm.sql new file mode 100644 index 0000000..80bc4e4 --- /dev/null +++ b/config/postgres/script/init-pg-trgm.sql @@ -0,0 +1,2 @@ +-- Enable pg_trgm extension for PuppetDB +CREATE EXTENSION IF NOT EXISTS pg_trgm; diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..7ca46c5 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,76 @@ +services: + openvox: + image: ghcr.io/openvoxproject/openvoxserver:8.8.0-latest + container_name: openvox + hostname: puppet + ports: + - "8140:8140" # Puppet Server API + - "8141:8141" # Puppet Server HTTP + - "8142:8142" # Puppet Server HTTPS + volumes: + - ./code:/etc/puppetlabs/code + - ./ca-ssl:/etc/puppetlabs/puppet/ssl + environment: + - OPENVOXSERVER_ENVIRONMENT_TIMEOUT=10 + networks: + - openvox_network + + postgres: + image: postgres:16.2 + container_name: postgres + hostname: postgres + environment: + POSTGRES_USER: openvox + POSTGRES_PASSWORD: StartStart1234 + POSTGRES_DB: openvoxdb + POSTGRES_EXTENSIONS: pg_trgm + volumes: + - postgres_data:/var/lib/postgresql/data + - ./config/postgres/postgresql.conf:/etc/postgresql/postgresql.conf + - ./config/postgres/pg_hba.conf:/etc/postgresql/pg_hba.conf + - ./config/postgres/script:/docker-entrypoint-initdb.d + ports: + - "5432:5432" + networks: + - openvox_network + healthcheck: + test: ["CMD-SHELL", "pg_isready -U openvox -d openvoxdb"] + interval: 5s + timeout: 3s + retries: 5 + start_period: 10s + + openvoxdb: + image: ghcr.io/openvoxproject/openvoxdb:8.9.0-latest + container_name: openvoxdb + environment: + OPENVOXDB_POSTGRES_HOSTNAME: postgres + OPENVOXDB_POSTGRES_PORT: 5432 + OPENVOXDB_POSTGRES_USER: openvox + OPENVOXDB_POSTGRES_DATABASE: openvoxdb + OPENVOXDB_POSTGRES_PASSWORD: StartStart1234 + OPENVOXSERVER_HOSTNAME: puppet + OPENVOXSERVER_PORT: 8140 + networks: + - openvox_network + volumes: + - openvoxdb_data:/var/lib/openvoxdb + - openvoxdb_ca:/etc/puppetlabs/puppetserver/ca + depends_on: + postgres: + condition: service_healthy + healthcheck: + test: ["CMD-SHELL", "PGPASSWORD=StartStart1234 pg_isready -h postgres -p 5432 -U openvox"] + interval: 5s + timeout: 5s + retries: 5 + start_period: 30s + +volumes: + postgres_data: + openvoxdb_data: + openvoxdb_ca: + +networks: + openvox_network: + driver: bridge diff --git a/docker-entrypoint-debug.sh b/docker-entrypoint-debug.sh new file mode 100755 index 0000000..efc7fe1 --- /dev/null +++ b/docker-entrypoint-debug.sh @@ -0,0 +1,134 @@ +#!/bin/bash +# bash is required to pass ENV vars with dots as sh cannot + +set -o errexit +set -o pipefail +set -o nounset + +pid=0 # Initialize pid to 0 + +echoerr() { echo "$@" 1>&2; } + +echoerr "Entrypoint PID $$" + +## Pre execution handler +pre_execution_handler() { + export CA_ENABLED=true # Force CA_ENABLED to true + if [ -d /docker-custom-entrypoint.d/ ]; then + if [ -d /docker-custom-entrypoint.d/pre-default/ ]; then + find /docker-custom-entrypoint.d/pre-default/ -type f -name "*.sh" \ + -exec chmod +x {} \; + sync + for f in /docker-custom-entrypoint.d/pre-default/*.sh; do + if [[ -f "$f" && -x $(realpath "$f") ]]; then + echo "Running $f" + "$f" + fi + done + fi + fi + + # Removed 'set -x' as it was only for pre-execution scripts + # set -x # Enable debug output for pre-execution scripts + echo "CA_ENABLED is: $CA_ENABLED" + for f in /docker-entrypoint.d/*.sh; do + echo "Running $f" + "$f" + done + + if [ -d /docker-custom-entrypoint.d/ ]; then + find /docker-custom-entrypoint.d/ -type f -name "*.sh" \ + -exec chmod +x {} \; + sync + for f in /docker-custom-entrypoint.d/*.sh; do + if [[ -f "$f" && -x $(realpath "$f") ]]; then + echo "Running $f" + "$f" + fi + done + fi +} + +## Post startup handler +post_startup_handler() { + if [ -d /docker-custom-entrypoint.d/ ]; then + if [ -d /docker-custom-entrypoint.d/post-startup/ ]; then + find /docker-custom-entrypoint.d/post-startup/ -type f -name "*.sh" \ + -exec chmod +x {} \; + sync + for f in /docker-custom-entrypoint.d/post-startup/*.sh; do + if [[ -f "$f" && -x $(realpath "$f") ]]; then + echo "Running $f" + "$f" + fi + done + fi + fi +} + +## Post execution handler +post_execution_handler() { + if [ -d /docker-custom-entrypoint.d/ ]; then + if [ -d /docker-custom-entrypoint.d/post-execution/ ]; then + find /docker-custom-entrypoint.d/post-execution/ -type f -name "*.sh" \ + -exec chmod +x {} \; + sync + for f in /docker-custom-entrypoint.d/post-execution/*.sh; do + if [[ -f "$f" && -x $(realpath "$f") ]]; then + echo "Running $f" + "$f" + fi + done + fi + fi +} + +## Sigterm Handler +sigterm_handler() { + echoerr "Catching SIGTERM" + if [ $pid -ne 0 ]; then + echoerr "sigterm_handler for PID '${pid}' triggered" + if [ -d /docker-custom-entrypoint.d/ ]; then + if [ -d /docker-custom-entrypoint.d/sigterm-handler/ ]; then + find /docker-custom-entrypoint.d/sigterm-handler/ -type f -name "*.sh" \ + -exec chmod +x {} \; + sync + for f in /docker-custom-entrypoint.d/sigterm-handler/*.sh; do + if [[ -f "$f" && -x $(realpath "$f") ]]; then + echo "Running $f" + "$f" + fi + done + fi + fi + kill -15 "$pid" + wait "$pid" + post_execution_handler + fi + exit 143; # 128 + 15 -- SIGTERM +} + +## Setup signal trap +trap sigterm_handler SIGTERM + +## Initialization +pre_execution_handler + +## Start Process +echoerr "DEBUG: Attempting to start Puppetserver in foreground." +# run process in foreground +# set -x # Enable debug output - moved to be after pid capture +/opt/puppetlabs/bin/puppetserver foreground "$@" & +pid=$! # Capture the PID of the background process +echoerr "DEBUG: Puppetserver started with PID $pid." +set -x # Enable debug output after pid capture + +wait "$pid" # Wait for the puppetserver process to finish +return_code=$? +echoerr "DEBUG: Puppetserver exited with code $return_code." +exit $return_code + +# The following lines will not be reached if exec is successful +# If exec fails, the script will continue here, which indicates an issue +# echoerr "ERROR: Puppetserver failed to start in foreground." +# exit 1