主机上的人偶运行命令

我正在尝试在Puppet中创建一个letencrypt模块。基本上,我想要实现的目标如下:

  1. Adding a new node and importing my module: class { "letsencrypt": url => "example.com" }
  2. The puppet master will then check in his file folder if there is already a private key and a CSR for the given URL and then either:
    • copy the private key and the CSR to the node, or
    • run openssl openssl genrsa 4096 > example.com.key (and one key for the letsencrypt account and the certificate signing request), save it to the puppet files folder and run step 2 again.
  3. Setup a cron job on the node to run acme-tiny once every three months.
  4. Run acme-tiny once on the node and get the first certificate and reload/start the web server.

基本上我的问题是如何在人偶主控上运行命令。我想在人偶主服务器上运行密钥生成,并在那里拥有私钥,并且仅在节点上运行证书请求。

木偶甚至有可能吗?还是我应该将完整的过程完全传递给节点,而不是完全不跟踪Puppet中的任何内容(只需设置cronjob等)?

谢谢!

最佳答案

Puppet provides a function named generate, which will populate a local manifest variable with the output of an arbitrary local command. It could be used to call a custom local script that performs the key generation, installs the public key locally, and returns the private key content, which can then be installed as a file resource on the puppet agent. For example:

file { "/path/to/private/key": ensure => present, content => generate("/path/to/my/custom/script"), ... }