From 1b7e807c0ede0ea08539491d9923f8f162fda0c1 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sun, 25 Jun 2023 13:06:36 +1000 Subject: [PATCH 1/4] Renamed role/profile directories * renamed role to roles * renamed profile to profiles * cleaned up all profiles/roles/hieradata to match new paths --- hieradata/common.yaml | 6 +++--- hieradata/os/AlmaLinux/AlmaLinux8.yaml | 2 +- hieradata/os/AlmaLinux/AlmaLinux9.yaml | 2 +- hieradata/os/AlmaLinux/all_releases.yaml | 4 ++-- site/{profile => profiles}/manifests/base.pp | 4 ++-- .../manifests/puppet/autosign.pp | 6 +++--- .../manifests/puppet/enc.pp | 6 +++--- .../manifests/puppet/g10k.pp | 6 +++--- .../manifests/puppet/puppetmaster.pp | 12 ++++++------ .../manifests/puppet/server.pp | 4 ++-- .../manifests/yum/base.pp | 6 +++--- .../manifests/yum/epel.pp | 8 ++++---- .../manifests/yum/global.pp | 18 +++++++++--------- .../manifests/yum/puppet7.pp | 8 ++++---- .../templates/puppet/server/puppet.conf.epp | 0 site/role/manifests/puppet/puppetmaster.pp | 6 ------ site/roles/manifests/puppet/puppetmaster.pp | 6 ++++++ 17 files changed, 52 insertions(+), 52 deletions(-) rename site/{profile => profiles}/manifests/base.pp (72%) rename site/{profile => profiles}/manifests/puppet/autosign.pp (92%) rename site/{profile => profiles}/manifests/puppet/enc.pp (95%) rename site/{profile => profiles}/manifests/puppet/g10k.pp (95%) rename site/{profile => profiles}/manifests/puppet/puppetmaster.pp (84%) rename site/{profile => profiles}/manifests/puppet/server.pp (95%) rename site/{profile => profiles}/manifests/yum/base.pp (95%) rename site/{profile => profiles}/manifests/yum/epel.pp (92%) rename site/{profile => profiles}/manifests/yum/global.pp (88%) rename site/{profile => profiles}/manifests/yum/puppet7.pp (92%) rename site/{profile => profiles}/templates/puppet/server/puppet.conf.epp (100%) delete mode 100644 site/role/manifests/puppet/puppetmaster.pp create mode 100644 site/roles/manifests/puppet/puppetmaster.pp diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 0553b6c..afa73b2 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -1,9 +1,9 @@ --- -profile::base::ntp_servers: +profiles::base::ntp_servers: - 0.au.pool.ntp.org - 1.au.pool.ntp.org -profile::puppet::autosign::subnet_ranges: +profiles::puppet::autosign::subnet_ranges: - '198.18.17.0/24' -profile::puppet::enc::enc_repo: https://git.unkin.net/unkinben/puppet-enc.git +profiles::puppet::enc::enc_repo: https://git.unkin.net/unkinben/puppet-enc.git diff --git a/hieradata/os/AlmaLinux/AlmaLinux8.yaml b/hieradata/os/AlmaLinux/AlmaLinux8.yaml index 5fbacc0..b932b45 100644 --- a/hieradata/os/AlmaLinux/AlmaLinux8.yaml +++ b/hieradata/os/AlmaLinux/AlmaLinux8.yaml @@ -1,6 +1,6 @@ # hieradata/os/AlmaLinux/AlmaLinux8.yaml --- -profile::yum::managed_repos: +profiles::yum::managed_repos: - 'base' - 'extras' - 'appstream' diff --git a/hieradata/os/AlmaLinux/AlmaLinux9.yaml b/hieradata/os/AlmaLinux/AlmaLinux9.yaml index 2332cc2..2c7f1c2 100644 --- a/hieradata/os/AlmaLinux/AlmaLinux9.yaml +++ b/hieradata/os/AlmaLinux/AlmaLinux9.yaml @@ -1,6 +1,6 @@ # hieradata/os/AlmaLinux/AlmaLinux9.yaml --- -profile::yum::managed_repos: +profiles::yum::managed_repos: - 'base' - 'extras' - 'appstream' diff --git a/hieradata/os/AlmaLinux/all_releases.yaml b/hieradata/os/AlmaLinux/all_releases.yaml index a02c28e..beee352 100644 --- a/hieradata/os/AlmaLinux/all_releases.yaml +++ b/hieradata/os/AlmaLinux/all_releases.yaml @@ -1,4 +1,4 @@ # hieradata/os/almalinux/all_releases.yaml --- -profile::yum::base::baseurl: http://almalinux.mirror.digitalpacific.com.au -profile::yum::epel::baseurl: http://epel.mirror.digitalpacific.com.au +profiles::yum::base::baseurl: http://almalinux.mirror.digitalpacific.com.au +profiles::yum::epel::baseurl: http://epel.mirror.digitalpacific.com.au diff --git a/site/profile/manifests/base.pp b/site/profiles/manifests/base.pp similarity index 72% rename from site/profile/manifests/base.pp rename to site/profiles/manifests/base.pp index feb8c5e..ecf07e4 100644 --- a/site/profile/manifests/base.pp +++ b/site/profiles/manifests/base.pp @@ -1,10 +1,10 @@ # this is the base class, which will be used by all servers -class profile::base ( +class profiles::base ( Array $ntp_servers, ) { class { 'chrony': servers => $ntp_servers, } - include profile::yum::global + include profiles::yum::global } diff --git a/site/profile/manifests/puppet/autosign.pp b/site/profiles/manifests/puppet/autosign.pp similarity index 92% rename from site/profile/manifests/puppet/autosign.pp rename to site/profiles/manifests/puppet/autosign.pp index 56c072a..dd722b8 100644 --- a/site/profile/manifests/puppet/autosign.pp +++ b/site/profiles/manifests/puppet/autosign.pp @@ -1,4 +1,4 @@ -# Class: profile::puppet::autosign +# Class: profiles::puppet::autosign # # This class manages an autosign script for the Puppet master. # It sets up a Ruby script that automatically signs Puppet node requests @@ -15,7 +15,7 @@ # The class can be declared in a node definition or classified using an ENC or Hiera. # Example: # node 'puppet.example.com' { -# class { 'profile::puppet::autosign': +# class { 'profiles::puppet::autosign': # subnet_ranges => ['198.18.17.0/24', '10.0.0.0/8'], # } # } @@ -27,7 +27,7 @@ # # Limitations: # This is designed to work on Unix-like systems. -class profile::puppet::autosign ( +class profiles::puppet::autosign ( Array[Stdlib::IP::Address::V4::CIDR] $subnet_ranges, ) { diff --git a/site/profile/manifests/puppet/enc.pp b/site/profiles/manifests/puppet/enc.pp similarity index 95% rename from site/profile/manifests/puppet/enc.pp rename to site/profiles/manifests/puppet/enc.pp index 62db939..897cc98 100644 --- a/site/profile/manifests/puppet/enc.pp +++ b/site/profiles/manifests/puppet/enc.pp @@ -1,4 +1,4 @@ -# Class: profile::puppet::enc +# Class: profiles::puppet::enc # # This class manages a Git repository at /opt/puppetlabs/enc. It includes a # systemd service and timer to keep the repository updated every minute. @@ -19,7 +19,7 @@ # using an ENC or Hiera. # Example: # node 'puppet.example.com' { -# class { 'profile::puppet::enc': +# class { 'profiles::puppet::enc': # enc_repo => 'https://github.com/user/repo.git', # } # } @@ -33,7 +33,7 @@ # Limitations: # This is designed to work on Unix-like systems only. # -class profile::puppet::enc ( +class profiles::puppet::enc ( String $enc_repo, ) { diff --git a/site/profile/manifests/puppet/g10k.pp b/site/profiles/manifests/puppet/g10k.pp similarity index 95% rename from site/profile/manifests/puppet/g10k.pp rename to site/profiles/manifests/puppet/g10k.pp index cc420c2..72e5309 100644 --- a/site/profile/manifests/puppet/g10k.pp +++ b/site/profiles/manifests/puppet/g10k.pp @@ -1,4 +1,4 @@ -# Class: profile::puppet::g10k +# Class: profiles::puppet::g10k # # This class handles downloading and installation of the g10k tool, a fast # Git and Forge based Puppet environment and module deployment tool. @@ -19,7 +19,7 @@ # using an ENC or Hiera. # Example: # node 'puppet.example.com' { -# include profile::puppet::g10k +# include profiles::puppet::g10k # } # # Requirements: @@ -30,7 +30,7 @@ # # Limitations: # This is designed to work on Unix-like systems only. -class profile::puppet::g10k { +class profiles::puppet::g10k { package { 'unzip': ensure => installed, diff --git a/site/profile/manifests/puppet/puppetmaster.pp b/site/profiles/manifests/puppet/puppetmaster.pp similarity index 84% rename from site/profile/manifests/puppet/puppetmaster.pp rename to site/profiles/manifests/puppet/puppetmaster.pp index 4424712..dbcdf38 100644 --- a/site/profile/manifests/puppet/puppetmaster.pp +++ b/site/profiles/manifests/puppet/puppetmaster.pp @@ -1,4 +1,4 @@ -# Class: profile::puppet::puppetmaster +# Class: profiles::puppet::puppetmaster # # This class manages the puppetmaster using the ghoneycutt-puppet module. # It manages the server settings in the puppet.conf file. @@ -13,7 +13,7 @@ # using an ENC or Hiera. # Example: # node 'puppet.example.com' { -# include profile::puppet::puppetmaster +# include profiles::puppet::puppetmaster # } # # Requirements: @@ -22,10 +22,10 @@ # # Limitations: # This is designed to work on Unix-like systems. -class profile::puppet::puppetmaster { - include profile::puppet::g10k - include profile::puppet::enc - include profile::puppet::autosign +class profiles::puppet::puppetmaster { + include profiles::puppet::g10k + include profiles::puppet::enc + include profiles::puppet::autosign class { 'profile::puppet::server': vardir => '/opt/puppetlabs/server/data/puppetserver', diff --git a/site/profile/manifests/puppet/server.pp b/site/profiles/manifests/puppet/server.pp similarity index 95% rename from site/profile/manifests/puppet/server.pp rename to site/profiles/manifests/puppet/server.pp index 235bf88..4b97470 100644 --- a/site/profile/manifests/puppet/server.pp +++ b/site/profiles/manifests/puppet/server.pp @@ -1,4 +1,4 @@ -# Class: profile::puppet::server +# Class: profiles::puppet::server # # This class manages Puppet server's configuration and service. # @@ -14,7 +14,7 @@ # external_nodes - Path to the external node classifier script. # autosign - Path to the autosign script. # -class profile::puppet::server ( +class profiles::puppet::server ( String $vardir, String $logdir, String $rundir, diff --git a/site/profile/manifests/yum/base.pp b/site/profiles/manifests/yum/base.pp similarity index 95% rename from site/profile/manifests/yum/base.pp rename to site/profiles/manifests/yum/base.pp index 7ac952e..4d2ea53 100644 --- a/site/profile/manifests/yum/base.pp +++ b/site/profiles/manifests/yum/base.pp @@ -1,4 +1,4 @@ -# Class: profile::yum::base +# Class: profiles::yum::base # # This class manages the 'base', extras' and 'appstream' yum # repositories for a system, based on the provided list of managed repositories. @@ -23,12 +23,12 @@ # Example usage: # -------------- # To use this class with the default parameters: -# class { 'profile::yum::base': +# class { 'profiles::yum::base': # managed_repos => ['base', 'extras', 'appstream'], # baseurl => 'http://mylocalmirror.com/yum', # } # -class profile::yum::base ( +class profiles::yum::base ( Array[String] $managed_repos, String $baseurl, ) { diff --git a/site/profile/manifests/yum/epel.pp b/site/profiles/manifests/yum/epel.pp similarity index 92% rename from site/profile/manifests/yum/epel.pp rename to site/profiles/manifests/yum/epel.pp index 47f1b10..fe2be21 100644 --- a/site/profile/manifests/yum/epel.pp +++ b/site/profiles/manifests/yum/epel.pp @@ -1,4 +1,4 @@ -# Class: profile::yum::epel +# Class: profiles::yum::epel # # This class manages the EPEL yum repository for the system. # @@ -22,13 +22,13 @@ # Example usage: # -------------- # To use this class with the default parameters: -# include profile::yum::epel +# include profiles::yum::epel # # To specify a custom base URL: -# class { 'profile::yum::epel': +# class { 'profiles::yum::epel': # baseurl => 'http://mylocalmirror.com/yum', # } -class profile::yum::epel ( +class profiles::yum::epel ( Array[String] $managed_repos, String $baseurl, ) { diff --git a/site/profile/manifests/yum/global.pp b/site/profiles/manifests/yum/global.pp similarity index 88% rename from site/profile/manifests/yum/global.pp rename to site/profiles/manifests/yum/global.pp index d6f2ee8..bbeb2dd 100644 --- a/site/profile/manifests/yum/global.pp +++ b/site/profiles/manifests/yum/global.pp @@ -1,4 +1,4 @@ -# Class: profile::yum::global +# Class: profiles::yum::global # # This class manages global YUM configurations and optionally includes the # base and EPEL yum repository profiles based on the content of the @@ -21,7 +21,7 @@ # and enabling the repository and GPG checks. # # - Depending on the content of the $managed_repos parameter, it includes the -# profile::yum::base and/or profile::yum::epel classes. +# profiles::yum::base and/or profiles::yum::epel classes. # # - Manages all .repo files under /etc/yum.repos.d. All the repositories listed # in $managed_repos will have their corresponding .repo files preserved. Any @@ -33,15 +33,15 @@ # Example usage: # -------------- # To use this class, include the class and configure hieradata: -# include profile::yum::global +# include profiles::yum::global # -# profile::yum::managed_repos: +# profiles::yum::managed_repos: # - 'base' # - 'extras' # - 'appstream' # -class profile::yum::global ( - Array[String] $managed_repos = lookup('profile::yum::managed_repos'), +class profiles::yum::global ( + Array[String] $managed_repos = lookup('profiles::yum::managed_repos'), ){ class { 'yum': keep_kernel_devel => true, @@ -87,17 +87,17 @@ class profile::yum::global ( } # Setup base repos - class { 'profile::yum::base': + class { 'profiles::yum::base': managed_repos => $managed_repos, } # Setup epel if included in managed_repos - class { 'profile::yum::epel': + class { 'profiles::yum::epel': managed_repos => $managed_repos, } # Setup puppet7 if included in managed_repos - class { 'profile::yum::puppet7': + class { 'profiles::yum::puppet7': managed_repos => $managed_repos, } } diff --git a/site/profile/manifests/yum/puppet7.pp b/site/profiles/manifests/yum/puppet7.pp similarity index 92% rename from site/profile/manifests/yum/puppet7.pp rename to site/profiles/manifests/yum/puppet7.pp index da603be..4ceb7a1 100644 --- a/site/profile/manifests/yum/puppet7.pp +++ b/site/profiles/manifests/yum/puppet7.pp @@ -1,4 +1,4 @@ -# Class: profile::yum::epel +# Class: profiles::yum::epel # # This class manages the puppet7 yum repository for the system. # @@ -22,13 +22,13 @@ # Example usage: # -------------- # To use this class with the default parameters: -# include profile::yum::puppet7 +# include profiles::yum::puppet7 # # To specify a custom base URL: -# class { 'profile::yum::puppet7': +# class { 'profiles::yum::puppet7': # baseurl => 'http://mylocalmirror.com/yum', # } -class profile::yum::puppet7 ( +class profiles::yum::puppet7 ( Array[String] $managed_repos, String $baseurl = 'http://yum.puppet.com', ) { diff --git a/site/profile/templates/puppet/server/puppet.conf.epp b/site/profiles/templates/puppet/server/puppet.conf.epp similarity index 100% rename from site/profile/templates/puppet/server/puppet.conf.epp rename to site/profiles/templates/puppet/server/puppet.conf.epp diff --git a/site/role/manifests/puppet/puppetmaster.pp b/site/role/manifests/puppet/puppetmaster.pp deleted file mode 100644 index f04f3fe..0000000 --- a/site/role/manifests/puppet/puppetmaster.pp +++ /dev/null @@ -1,6 +0,0 @@ -# a role to deploy the puppetmaster -# work in progress -class role::puppet::puppetmaster { - include profile::base - include profile::puppet::puppetmaster - } diff --git a/site/roles/manifests/puppet/puppetmaster.pp b/site/roles/manifests/puppet/puppetmaster.pp new file mode 100644 index 0000000..9536470 --- /dev/null +++ b/site/roles/manifests/puppet/puppetmaster.pp @@ -0,0 +1,6 @@ +# a role to deploy the puppetmaster +# work in progress +class roles::puppet::puppetmaster { + include profiles::base + include profiles::puppet::puppetmaster + } From 7a789ceaeec19b2205b03c0bd1a2a2e357dc6ba2 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sun, 25 Jun 2023 13:06:36 +1000 Subject: [PATCH 2/4] Renamed role/profile directories * renamed role to roles * renamed profile to profiles * cleaned up all profiles/roles/hieradata to match new paths --- site/profiles/manifests/puppet/puppetmaster.pp | 2 +- site/profiles/manifests/puppet/server.pp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/site/profiles/manifests/puppet/puppetmaster.pp b/site/profiles/manifests/puppet/puppetmaster.pp index dbcdf38..919b8f3 100644 --- a/site/profiles/manifests/puppet/puppetmaster.pp +++ b/site/profiles/manifests/puppet/puppetmaster.pp @@ -27,7 +27,7 @@ class profiles::puppet::puppetmaster { include profiles::puppet::enc include profiles::puppet::autosign - class { 'profile::puppet::server': + class { 'profiles::puppet::server': vardir => '/opt/puppetlabs/server/data/puppetserver', logdir => '/var/log/puppetlabs/puppetserver', rundir => '/var/run/puppetlabs/puppetserver', diff --git a/site/profiles/manifests/puppet/server.pp b/site/profiles/manifests/puppet/server.pp index 4b97470..03b82c3 100644 --- a/site/profiles/manifests/puppet/server.pp +++ b/site/profiles/manifests/puppet/server.pp @@ -32,7 +32,7 @@ class profiles::puppet::server ( owner => 'root', group => 'root', mode => '0644', - content => epp('profile/puppet/server/puppet.conf.epp', { + content => epp('profiles/puppet/server/puppet.conf.epp', { 'vardir' => $vardir, 'logdir' => $logdir, 'rundir' => $rundir, From 5ee489115729216b62a47b66b9cd22f9d02b0e8e Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sun, 25 Jun 2023 13:31:29 +1000 Subject: [PATCH 3/4] Add a switch to check for os family This is so I can include either apt or yum/dnf based profiles. This can be expanded easily if new families are added, or if new base role includes are added that are different based on the family of the os. --- site/profiles/manifests/base.pp | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/site/profiles/manifests/base.pp b/site/profiles/manifests/base.pp index ecf07e4..3aa9c2b 100644 --- a/site/profiles/manifests/base.pp +++ b/site/profiles/manifests/base.pp @@ -5,6 +5,15 @@ class profiles::base ( class { 'chrony': servers => $ntp_servers, } - - include profiles::yum::global + case $facts['os']['family'] { + 'RedHat': { + include profiles::yum::global + } + #'Debian': { + # include profiles::apt:;global + #} + default: { + fail("Unsupported OS family ${facts['os']['family']}") + } + } } From f1f39ef4e39287408ea8e6abe87fb237fc971e29 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sun, 25 Jun 2023 14:34:42 +1000 Subject: [PATCH 4/4] Changed to vox systemd module * updated Puppetfile * updated puppet-enc timer/service * updated puppet-g10k timer/service --- Puppetfile | 5 ++-- site/profiles/manifests/puppet/enc.pp | 38 ++++++++++++++++++-------- site/profiles/manifests/puppet/g10k.pp | 38 ++++++++++++++++++-------- 3 files changed, 57 insertions(+), 24 deletions(-) diff --git a/Puppetfile b/Puppetfile index fd87de8..94caeb9 100644 --- a/Puppetfile +++ b/Puppetfile @@ -5,8 +5,9 @@ moduledir 'external_modules' mod 'puppetlabs-stdlib', '9.1.0' mod 'puppetlabs-inifile', '6.0.0' mod 'puppetlabs-concat', '9.0.0' -mod 'eyp-eyplib', '0.1.24' -mod 'eyp-systemd', '3.1.0' +#mod 'eyp-eyplib', '0.1.24' +#mod 'eyp-systemd', '3.1.0' +mod 'puppet-systemd', '5.1.0' mod 'ghoneycutt-puppet', '3.3.0' mod 'puppet-archive', '7.0.0' mod 'puppet-chrony', '2.6.0' diff --git a/site/profiles/manifests/puppet/enc.pp b/site/profiles/manifests/puppet/enc.pp index 897cc98..5ab06ef 100644 --- a/site/profiles/manifests/puppet/enc.pp +++ b/site/profiles/manifests/puppet/enc.pp @@ -67,17 +67,33 @@ class profiles::puppet::enc ( require => Package['git'], } - systemd::service { 'puppet-enc': - description => 'puppet-enc update service', - execstart => '/opt/puppetlabs/bin/puppet-enc', - user => 'root', - require => File['/opt/puppetlabs/bin/puppet-enc'], - } + $_timer = @(EOT) + [Unit] + Description=puppet-enc downloader timer + [Timer] + OnCalendar=*:0/1 + RandomizedDelaySec=1s + [Install] + WantedBy=timers.target + EOT - systemd::timer { 'puppet-enc': - description => 'Run puppet-enc every minute', - unit => 'puppet-enc.service', - on_calendar => '*:0/1', - require => Systemd::Service['puppet-enc'], + $_service = @(EOT) + [Unit] + Description=puppet-enc downloader service + [Service] + Type=oneshot + ExecStart=/opt/puppetlabs/bin/puppet-enc + User=root + Group=root + PermissionsStartOnly=false + PrivateTmp=no + EOT + + systemd::timer { 'puppet-enc.timer': + timer_content => $_timer, + service_content => $_service, + active => true, + enable => true, + require => File['/opt/puppetlabs/bin/puppet-enc'], } } diff --git a/site/profiles/manifests/puppet/g10k.pp b/site/profiles/manifests/puppet/g10k.pp index 72e5309..958e53e 100644 --- a/site/profiles/manifests/puppet/g10k.pp +++ b/site/profiles/manifests/puppet/g10k.pp @@ -54,17 +54,33 @@ class profiles::puppet::g10k { require => Archive['/tmp/g10k.zip'], } - systemd::service { 'puppet-g10k': - description => 'puppet-g10k update service', - execstart => '/opt/puppetlabs/bin/puppet-g10k', - user => 'root', - require => File['/opt/puppetlabs/bin/puppet-g10k'], - } + $_timer = @(EOT) + [Unit] + Description=puppet-g10k downloader timer + [Timer] + OnCalendar=*:0/1 + RandomizedDelaySec=1s + [Install] + WantedBy=timers.target + EOT - systemd::timer { 'puppet-g10k': - description => 'Run puppet-g10k every minute', - unit => 'puppet-g10k.service', - on_calendar => '*:0/1', - require => Systemd::Service['puppet-g10k'], + $_service = @(EOT) + [Unit] + Description=puppet-g10k downloader service + [Service] + Type=oneshot + ExecStart=/opt/puppetlabs/bin/puppet-g10k + User=root + Group=root + PermissionsStartOnly=false + PrivateTmp=no + EOT + + systemd::timer { 'puppet-g10k.timer': + timer_content => $_timer, + service_content => $_service, + active => true, + enable => true, + require => File['/opt/puppetlabs/bin/puppet-g10k'], } }