Renamed role/profile directories

* renamed role to roles
  * renamed profile to profiles
  * cleaned up all profiles/roles/hieradata to match new paths
This commit is contained in:
2023-06-25 13:06:36 +10:00
parent cb6aa0f4b1
commit 1b7e807c0e
17 changed files with 52 additions and 52 deletions
+10
View File
@@ -0,0 +1,10 @@
# this is the base class, which will be used by all servers
class profiles::base (
Array $ntp_servers,
) {
class { 'chrony':
servers => $ntp_servers,
}
include profiles::yum::global
}
@@ -0,0 +1,54 @@
# Class: profiles::puppet::autosign
#
# This class manages an autosign script for the Puppet master.
# It sets up a Ruby script that automatically signs Puppet node requests
# originating from certain IP subnet ranges.
#
# Parameters:
# - `subnet_ranges`: An array of IP subnet ranges for which to automatically
# sign certificate requests.
#
# Actions:
# - Ensures the autosign script file is present and has the correct content and permissions.
#
# Usage:
# The class can be declared in a node definition or classified using an ENC or Hiera.
# Example:
# node 'puppet.example.com' {
# class { 'profiles::puppet::autosign':
# subnet_ranges => ['198.18.17.0/24', '10.0.0.0/8'],
# }
# }
#
# Requirements:
# - Puppet master must have access to the /opt/puppetlabs/bin directory.
# - The gem 'ipaddr' module must be installed on the Puppet master.
# - The puppet 'puppetlabs/stdlib' module must be installed on the Puppet master.
#
# Limitations:
# This is designed to work on Unix-like systems.
class profiles::puppet::autosign (
Array[Stdlib::IP::Address::V4::CIDR] $subnet_ranges,
) {
$script_content = @(END)
#!/usr/bin/env ruby
require 'yaml'
require 'ipaddr'
csr = YAML.load(STDIN.read)
networks = #{subnet_ranges}
ip = IPAddr.new(csr['facts']['networking']['ip'])
exit 1 unless networks.any? { |network| IPAddr.new(network).include?(ip) }
exit 0
END
file { '/opt/puppetlabs/bin/autosign.rb':
ensure => file,
content => $script_content,
mode => '0755',
}
}
+83
View File
@@ -0,0 +1,83 @@
# Class: profiles::puppet::enc
#
# This class manages a Git repository at /opt/puppetlabs/enc. It includes a
# systemd service and timer to keep the repository updated every minute.
# The Git package is installed if not present, and the repository at the given
# location will always reflect the state of the remote Git repository.
#
# Parameters:
# - enc_repo: The URL of the Git repository to clone.
#
# Actions:
# - Ensures the Git package is installed.
# - Ensures the /opt/puppetlabs/enc directory is a clone of the given Git repository.
# - Creates a helper script '/opt/puppetlabs/bin/git_update' for updating the Git repository.
# - Creates a systemd service and timer that runs the git update script every minute.
#
# Usage:
# Directly include the class in your node definitions or classify your nodes
# using an ENC or Hiera.
# Example:
# node 'puppet.example.com' {
# class { 'profiles::puppet::enc':
# enc_repo => 'https://github.com/user/repo.git',
# }
# }
#
# Requirements:
# - The 'puppet-vcsrepo' module should be installed on your puppetmaster.
# - The 'puppet-systemd' module should be installed on your puppetmaster.
# - '/opt/puppetlabs/bin/' directory must exist and be writable.
# - Puppet master must have access to the specified Git URL.
#
# Limitations:
# This is designed to work on Unix-like systems only.
#
class profiles::puppet::enc (
String $enc_repo,
) {
package { 'git':
ensure => installed,
}
vcsrepo { '/opt/puppetlabs/enc':
ensure => latest,
provider => git,
source => $enc_repo,
require => Package['git'],
}
file { '/opt/puppetlabs/bin/enc':
ensure => link,
target => '/opt/puppetlabs/enc/enc.py',
require => Vcsrepo['/opt/puppetlabs/enc'],
}
file { '/opt/puppetlabs/bin/puppet-enc':
ensure => file,
owner => 'root',
group => 'root',
mode => '0755',
content => "#!/bin/bash\n(
cd /opt/puppetlabs/enc/
git reset --hard master
git clean -fd
git pull\n)",
require => Package['git'],
}
systemd::service { 'puppet-enc':
description => 'puppet-enc update service',
execstart => '/opt/puppetlabs/bin/puppet-enc',
user => 'root',
require => File['/opt/puppetlabs/bin/puppet-enc'],
}
systemd::timer { 'puppet-enc':
description => 'Run puppet-enc every minute',
unit => 'puppet-enc.service',
on_calendar => '*:0/1',
require => Systemd::Service['puppet-enc'],
}
}
+70
View File
@@ -0,0 +1,70 @@
# Class: profiles::puppet::g10k
#
# This class handles downloading and installation of the g10k tool, a fast
# Git and Forge based Puppet environment and module deployment tool.
# The latest release of g10k is downloaded from GitHub and placed into '/opt/puppetlabs/bin'.
# Additionally, it creates a helper script to easily run g10k with the appropriate configuration.
# It also creates a systemd service and timer that runs the g10k script every minute.
#
# Parameters: None
#
# Actions:
# - Downloads the latest g10k release from GitHub.
# - Extracts the download and places the executable in '/opt/puppetlabs/bin'.
# - Creates a helper script '/opt/puppetlabs/bin/puppet-g10k' for easy usage of g10k.
# - Creates a systemd service and timer that runs the g10k script every minute.
#
# Usage:
# Directly including the class in your node definitions or classify your nodes
# using an ENC or Hiera.
# Example:
# node 'puppet.example.com' {
# include profiles::puppet::g10k
# }
#
# Requirements:
# - The 'puppet-archive' module should be installed in your puppetmaster.
# - The 'puppet-systemd' module should be installed on your puppetmaster.
# - '/opt/puppetlabs/bin/' directory must exist and be writable.
# - Puppet master must have access to the GitHub URL.
#
# Limitations:
# This is designed to work on Unix-like systems only.
class profiles::puppet::g10k {
package { 'unzip':
ensure => installed,
}
archive { '/tmp/g10k.zip':
ensure => present,
source => 'https://github.com/xorpaul/g10k/releases/latest/download/g10k-linux-amd64.zip',
extract => true,
extract_path => '/opt/puppetlabs/bin',
creates => '/opt/puppetlabs/bin/g10k',
cleanup => true,
}
file { '/opt/puppetlabs/bin/puppet-g10k':
ensure => file,
owner => 'root',
group => 'root',
mode => '0755',
content => "#!/usr/bin/bash\n/opt/puppetlabs/bin/g10k -config /etc/puppetlabs/r10k/r10k.yaml\n",
require => Archive['/tmp/g10k.zip'],
}
systemd::service { 'puppet-g10k':
description => 'puppet-g10k update service',
execstart => '/opt/puppetlabs/bin/puppet-g10k',
user => 'root',
require => File['/opt/puppetlabs/bin/puppet-g10k'],
}
systemd::timer { 'puppet-g10k':
description => 'Run puppet-g10k every minute',
unit => 'puppet-g10k.service',
on_calendar => '*:0/1',
require => Systemd::Service['puppet-g10k'],
}
}
@@ -0,0 +1,42 @@
# Class: profiles::puppet::puppetmaster
#
# This class manages the puppetmaster using the ghoneycutt-puppet module.
# It manages the server settings in the puppet.conf file.
#
# Parameters: None
#
# Actions:
# - Sets up the server, main, agent, and master sections in the puppet.conf file
#
# Usage:
# Directly include the class in your node definitions or classify your nodes
# using an ENC or Hiera.
# Example:
# node 'puppet.example.com' {
# include profiles::puppet::puppetmaster
# }
#
# Requirements:
# - The 'ghoneycutt/puppet' module should be installed in your Puppet master.
# - Puppet master must have access to the necessary directories.
#
# Limitations:
# This is designed to work on Unix-like systems.
class profiles::puppet::puppetmaster {
include profiles::puppet::g10k
include profiles::puppet::enc
include profiles::puppet::autosign
class { 'profile::puppet::server':
vardir => '/opt/puppetlabs/server/data/puppetserver',
logdir => '/var/log/puppetlabs/puppetserver',
rundir => '/var/run/puppetlabs/puppetserver',
pidfile => '/var/run/puppetlabs/puppetserver/puppetserver.pid',
codedir => '/etc/puppetlabs/code',
dns_alt_names => ['prodinf01n01.main.unkin.net'],
server => 'prodinf01n01.main.unkin.net',
node_terminus => 'exec',
external_nodes => '/opt/puppetlabs/bin/enc',
autosign => '/etc/puppetlabs/puppet/autosign.rb',
}
}
+57
View File
@@ -0,0 +1,57 @@
# Class: profiles::puppet::server
#
# This class manages Puppet server's configuration and service.
#
# Parameters:
# vardir - Directory path for variable data.
# logdir - Directory path for logs.
# rundir - Directory path for run-time data.
# pidfile - File path for the PID file.
# codedir - Directory path for code data.
# dns_alt_names - Array of alternate DNS names for the server.
# server - Server's name.
# node_terminus - Node terminus.
# external_nodes - Path to the external node classifier script.
# autosign - Path to the autosign script.
#
class profiles::puppet::server (
String $vardir,
String $logdir,
String $rundir,
String $pidfile,
String $codedir,
Array[String[1]] $dns_alt_names,
String $server,
String $node_terminus,
String $external_nodes,
String $autosign,
) {
file { '/etc/puppetlabs/puppet/puppet.conf':
ensure => file,
owner => 'root',
group => 'root',
mode => '0644',
content => epp('profile/puppet/server/puppet.conf.epp', {
'vardir' => $vardir,
'logdir' => $logdir,
'rundir' => $rundir,
'pidfile' => $pidfile,
'codedir' => $codedir,
'dns_alt_names' => join($dns_alt_names, ','),
'server' => $server,
'node_terminus' => $node_terminus,
'external_nodes' => $external_nodes,
'autosign' => $autosign,
}),
notify => Service['puppetserver'],
}
service { 'puppetserver':
ensure => running,
enable => true,
hasstatus => true,
hasrestart => true,
}
}
+67
View File
@@ -0,0 +1,67 @@
# Class: profiles::yum::base
#
# This class manages the 'base', extras' and 'appstream' yum
# repositories for a system, based on the provided list of managed repositories.
#
# Parameters:
# -----------
# - $managed_repos: An array containing the names of the repositories to be
# managed. This can include 'base', 'extras',
# and 'appstream'.
#
# - $baseurl: The base URL for the yum repositories. This should be the root
# URL of your yum mirror server.
#
# Actions:
# --------
# - Sets up the 'base', extras', and 'appstream' yum repositories
# as specified in the $managed_repos parameter, all using the provided baseurl.
#
# - Each repo configuration includes the baseurl parameterized with the OS
# release version and architecture, and specifies the GPG key.
#
# Example usage:
# --------------
# To use this class with the default parameters:
# class { 'profiles::yum::base':
# managed_repos => ['base', 'extras', 'appstream'],
# baseurl => 'http://mylocalmirror.com/yum',
# }
#
class profiles::yum::base (
Array[String] $managed_repos,
String $baseurl,
) {
$releasever = $facts['os']['release']['major']
$basearch = $facts['os']['architecture']
if 'base' in $managed_repos {
yumrepo { 'base':
name => 'base',
descr => 'base repository',
target => '/etc/yum.repos.d/base.repo',
baseurl => "${baseurl}/${releasever}/BaseOS/${basearch}/os/",
gpgkey => "${baseurl}/RPM-GPG-KEY-${facts['os']['name']}",
}
}
if 'extras' in $managed_repos {
yumrepo { 'extras':
name => 'extras',
descr => 'extras repository',
target => '/etc/yum.repos.d/extras.repo',
baseurl => "${baseurl}/${releasever}/extras/${basearch}/os/",
gpgkey => "${baseurl}/RPM-GPG-KEY-${facts['os']['name']}",
}
}
if 'appstream' in $managed_repos {
yumrepo { 'appstream':
name => 'appstream',
descr => 'appstream repository',
target => '/etc/yum.repos.d/appstream.repo',
baseurl => "${baseurl}/${releasever}/AppStream/${basearch}/os/",
gpgkey => "${baseurl}/RPM-GPG-KEY-${facts['os']['name']}",
}
}
}
+57
View File
@@ -0,0 +1,57 @@
# Class: profiles::yum::epel
#
# This class manages the EPEL yum repository for the system.
#
# Parameters:
# -----------
# - $baseurl: The base URL for the EPEL yum repository. This should be the root
# URL of your EPEL mirror server.
#
# Actions:
# --------
# - Checks the OS release version.
#
# - If the release version is 7, 8, or 9, it sets up the 'epel' yum repository
# and installs the EPEL release RPM from the provided baseurl.
#
# - If the release version is not supported, it raises an error.
#
# - The repo configuration includes the baseurl parameterized with the OS
# release version and architecture, and specifies the GPG key.
#
# Example usage:
# --------------
# To use this class with the default parameters:
# include profiles::yum::epel
#
# To specify a custom base URL:
# class { 'profiles::yum::epel':
# baseurl => 'http://mylocalmirror.com/yum',
# }
class profiles::yum::epel (
Array[String] $managed_repos,
String $baseurl,
) {
$releasever = $facts['os']['release']['major']
$basearch = $facts['os']['architecture']
if 'epel' in $managed_repos {
if ($releasever in [7,8,9]) {
$source = "${baseurl}/epel-release-latest-${releasever}.noarch.rpm"
yum::install { 'epel-release':
ensure => present,
source => $source,
}
} else {
err("Unsupported OS release ${releasever}")
}
yumrepo { 'epel':
name => 'epel',
descr => 'epel repository',
target => '/etc/yum.repos.d/epel.repo',
baseurl => "${baseurl}/${releasever}/Everything/${basearch}/",
gpgkey => "${baseurl}/RPM-GPG-KEY-EPEL-${releasever}",
}
}
}
+103
View File
@@ -0,0 +1,103 @@
# Class: profiles::yum::global
#
# This class manages global YUM configurations and optionally includes the
# base and EPEL yum repository profiles based on the content of the
# $managed_repos parameter, which is an array of repository names.
#
# Parameters:
# -----------
# - $managed_repos: An array of repository names that the Puppet agent should
# manage. This parameter is mandatory and the class will
# fail if it is not provided via hieradata.
# Example: ['base', 'updates', 'extras', 'appstream']
#
# Actions:
# --------
# - Configures global YUM settings, including keeping the kernel development
# packages and cleaning old kernels.
#
# - Establishes default parameters for any YUM repositories managed by Puppet.
# This includes the repository file location, the repository description,
# and enabling the repository and GPG checks.
#
# - Depending on the content of the $managed_repos parameter, it includes the
# profiles::yum::base and/or profiles::yum::epel classes.
#
# - Manages all .repo files under /etc/yum.repos.d. All the repositories listed
# in $managed_repos will have their corresponding .repo files preserved. Any
# .repo file that is not listed in $managed_repos will be removed.
#
# - Creates and maintains a /etc/yum.repos.d/.managed file that lists all the
# .repo files that should be managed by Puppet.
#
# Example usage:
# --------------
# To use this class, include the class and configure hieradata:
# include profiles::yum::global
#
# profiles::yum::managed_repos:
# - 'base'
# - 'extras'
# - 'appstream'
#
class profiles::yum::global (
Array[String] $managed_repos = lookup('profiles::yum::managed_repos'),
){
class { 'yum':
keep_kernel_devel => true,
clean_old_kernels => true,
config_options => {
gpgcheck => true,
},
}
Yumrepo {
ensure => 'present',
enabled => 1,
gpgcheck => 1,
mirrorlist => 'absent',
}
# tidy { '/etc/yum.repos.d':
# matches => ['*.repo', '!*.managed.repo'],
# recurse => true,
# rmdirs => false,
# age => '0s',
# backup => false,
# type => 'ctime',
# }
# Generate the content for the .managed file
$managed_file_content = $managed_repos.map |$repo_name| { "${repo_name}.repo" }.join("\n")
# Create the .managed file
file { '/etc/yum.repos.d/.managed':
ensure => file,
content => $managed_file_content,
}
# Define exec resource to remove .repo files not listed in .managed
exec { 'cleanup_yum_repos':
command => '/bin/bash -c "comm -23 <(ls /etc/yum.repos.d | sort)
<(sort /etc/yum.repos.d/.managed) |
xargs -n1 rm -f /etc/yum.repos.d/{}"',
path => ['/bin', '/usr/bin'],
onlyif => '/bin/bash -c "comm -23 <(ls /etc/yum.repos.d | sort)
<(sort /etc/yum.repos.d/.managed) | grep .repo"',
}
# Setup base repos
class { 'profiles::yum::base':
managed_repos => $managed_repos,
}
# Setup epel if included in managed_repos
class { 'profiles::yum::epel':
managed_repos => $managed_repos,
}
# Setup puppet7 if included in managed_repos
class { 'profiles::yum::puppet7':
managed_repos => $managed_repos,
}
}
+59
View File
@@ -0,0 +1,59 @@
# Class: profiles::yum::epel
#
# This class manages the puppet7 yum repository for the system.
#
# Parameters:
# -----------
# - $baseurl: The base URL for the puppet7 yum repository. This should be the root
# URL of your puppet7 mirror server.
#
# Actions:
# --------
# - Checks the OS release version.
#
# - If the release version is 7, 8, or 9, it sets up the 'puppet7' yum repository
# and installs the puppet7 release RPM from the provided baseurl.
#
# - If the release version is not supported, it raises an error.
#
# - The repo configuration includes the baseurl parameterized with the OS
# release version and architecture, and specifies the GPG key.
#
# Example usage:
# --------------
# To use this class with the default parameters:
# include profiles::yum::puppet7
#
# To specify a custom base URL:
# class { 'profiles::yum::puppet7':
# baseurl => 'http://mylocalmirror.com/yum',
# }
class profiles::yum::puppet7 (
Array[String] $managed_repos,
String $baseurl = 'http://yum.puppet.com',
) {
$releasever = $facts['os']['release']['major']
$basearch = $facts['os']['architecture']
if 'puppet7' in $managed_repos {
if ($releasever in [7,8,9]) {
$source = "${baseurl}/puppet7-release-el-${releasever}.noarch.rpm"
yum::install { 'puppet-release-el':
ensure => present,
source => $source,
}
} else {
err("Unsupported OS release ${releasever}")
}
yumrepo { 'puppet7':
name => 'puppet7',
descr => 'puppet7 repository',
target => '/etc/yum.repos.d/puppet7.repo',
baseurl => "${baseurl}/puppet/el/${releasever}/${basearch}/",
gpgkey => "${baseurl}/RPM-GPG-KEY-puppet",
}
}
}