From 130669a1301d630a395786b974d6eaed984e3d91 Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Sun, 29 Oct 2023 20:17:07 +1100
Subject: [PATCH] feat: manage puppet clients

- manage the service
- manage the package, version lock it
- deploy the /etc/puppetlabs/puppet/puppet.conf from template for puppet
  clients only
---
 hieradata/common.yaml                         | 10 ++++
 site/profiles/manifests/base.pp               |  6 +++
 site/profiles/manifests/puppet/client.pp      | 50 +++++++++++++++++++
 .../templates/puppet/client/puppet.conf.erb   | 13 +++++
 4 files changed, 79 insertions(+)
 create mode 100644 site/profiles/manifests/puppet/client.pp
 create mode 100644 site/profiles/templates/puppet/client/puppet.conf.erb

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index eea398c..0f3ff84 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -3,6 +3,9 @@ profiles::base::ntp_servers:
   - 0.au.pool.ntp.org
   - 1.au.pool.ntp.org
 
+profiles::base::puppet_servers:
+  - 'prodinf01n01.main.unkin.net'
+
 profiles::base::packages::common:
   - ccze
   - curl
@@ -31,6 +34,13 @@ profiles::puppet::autosign::domains:
 # profiles::puppet::autosign::nodes:
 #  - 'somenode.main.unkin.net'
 
+profiles::puppet::client::puppet_version: '7.26.0'
+profiles::puppet::client::environment: 'develop'
+profiles::puppet::client::runinterval: 1800
+profiles::puppet::client::runtimeout: 3600
+profiles::puppet::client::show_diff: true
+profiles::puppet::client::usecacheonfailure: false
+
 profiles::puppet::enc::enc_repo: https://git.unkin.net/unkinben/puppet-enc.git
 profiles::puppet::r10k::r10k_repo: https://git.unkin.net/unkinben/puppet-r10k.git
 profiles::puppet::g10k::bin_path: '/opt/puppetlabs/bin/g10k'
diff --git a/site/profiles/manifests/base.pp b/site/profiles/manifests/base.pp
index 056d3e1..35874eb 100644
--- a/site/profiles/manifests/base.pp
+++ b/site/profiles/manifests/base.pp
@@ -1,6 +1,7 @@
 # this is the base class, which will be used by all servers
 class profiles::base (
   Array  $ntp_servers,
+  Array  $puppet_servers,
 ) {
   class { 'chrony':
     servers => $ntp_servers,
@@ -24,6 +25,11 @@ class profiles::base (
     ensure   => 'installed',
   }
 
+  # manage puppet clients
+  if ! member($puppet_servers, $trusted['certname']) {
+    include profiles::puppet::client
+  }
+
   # include admin scripts
   include profiles::base::scripts
 
diff --git a/site/profiles/manifests/puppet/client.pp b/site/profiles/manifests/puppet/client.pp
new file mode 100644
index 0000000..360e296
--- /dev/null
+++ b/site/profiles/manifests/puppet/client.pp
@@ -0,0 +1,50 @@
+# Class: profiles::puppet::client
+#
+# This class manages Puppet client configuration and service.
+#
+# Parameters:
+#   vardir - Directory path for variable data.
+#   logdir - Directory path for logs.
+#   rundir - Directory path for run-time data.
+#   pidfile - File path for the PID file.
+#   codedir - Directory path for code data.
+#   dns_alt_names - Array of alternate DNS names for the server.
+#   server - Server's name.
+#
+# site/profile/manifests/puppet/client.pp
+class profiles::puppet::client (
+  String $dns_alt_names       = $trusted['certname'],
+  String $server              = 'puppetmaster',
+  String $ca_server           = 'puppetca',
+  String $environment         = 'develop',
+  Integer $runinterval        = 1800,
+  Integer $runtimeout         = 3600,
+  Boolean $show_diff          = true,
+  Boolean $usecacheonfailure  = false,
+  String $puppet_version      = 'latest',
+) {
+
+  # Ensure the puppet-agent package is installed and locked to a specific version
+  package { 'puppet-agent':
+    ensure => $puppet_version,
+  }
+
+  # Ensure the puppet service is running
+  service { 'puppet':
+    ensure     => 'running',
+    enable     => true,
+    hasrestart => true,
+    require    => Package['puppet-agent'],
+  }
+
+  # Assuming you want to manage puppet.conf with this profile
+  file { '/etc/puppetlabs/puppet/puppet.conf':
+    ensure  => 'present',
+    content => template('profiles/puppet/client/puppet.conf.erb'),
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    notify  => Service['puppet'],
+  }
+}
+
diff --git a/site/profiles/templates/puppet/client/puppet.conf.erb b/site/profiles/templates/puppet/client/puppet.conf.erb
new file mode 100644
index 0000000..e7a86c6
--- /dev/null
+++ b/site/profiles/templates/puppet/client/puppet.conf.erb
@@ -0,0 +1,13 @@
+[main]
+dns_alt_names = <%= @dns_alt_names %>
+
+[agent]
+server = <%= @server %>
+ca_server = <%= @ca_server %>
+environment = <%= @environment %>
+report = true
+report_server = <%= @server %>
+runinterval = <%= @runinterval %>
+runtimeout = <%= @runtimeout %>
+show_diff = <%= @show_diff %>
+usecacheonfailure = <%= @usecacheonfailure %>