refactor: reoganise the puppetserver profile

- manage puppetserver package - set order for puppetserver classes - for profiles::puppet::server class: - set param types using stdlib where possible - set default values for all params - move configuration data to hieradata - wait for enc_role fact to match role - exclude puppet::client from puppermaster nodes
2024-05-02 22:33:17 +10:00 · 2024-05-02 22:33:17 +10:00 · 56b23620b7
commit 56b23620b7
parent 8697492611
8 changed files with 86 additions and 64 deletions
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@ -87,6 +87,9 @@ lookup_options:
  profiles::consul::client::node_rules:
    merge:
      strategy: deep
+  profiles::puppet::server::dns_alt_names:
+    merge:
+      strategy: deep

 facts_path: '/opt/puppetlabs/facter/facts.d'

@ -237,3 +240,11 @@ profiles::base::hosts::additional_hosts:
    aliases:
      - prodinf01n22
      - repos.main.unkin.net
+
+profiles::puppet::server::dns_alt_names:
+  - "%{facts.networking.fqdn}"
+  - "%{facts.networking.hostname}"
+  - puppetmaster.main.unkin.net
+  - puppet.main.unkin.net
+  - puppetmaster
+  - puppet
--- a/hieradata/country/au/region/drw1/infra/puppet/master.yaml
+++ b/hieradata/country/au/region/drw1/infra/puppet/master.yaml
@ -0,0 +1,4 @@
+---
+profiles::puppet::server::dns_alt_names:
+  - puppetca.main.unkin.net
+  - puppetca
--- a/hieradata/country/au/region/syd1/infra/puppet/master.yaml
+++ b/hieradata/country/au/region/syd1/infra/puppet/master.yaml
@ -0,0 +1,4 @@
+---
+profiles::puppet::server::dns_alt_names:
+  - puppetca.main.unkin.net
+  - puppetca
--- a/hieradata/nodes/prodinf01n01.main.unkin.net.yaml
+++ b/hieradata/nodes/prodinf01n01.main.unkin.net.yaml
@ -0,0 +1,4 @@
+---
+profiles::puppet::server::dns_alt_names:
+  - puppetca.main.unkin.net
+  - puppetca
--- a/hieradata/roles/infra/puppet.yaml
+++ b/hieradata/roles/infra/puppet.yaml
@ -0,0 +1,3 @@
+---
+profiles::packages::install:
+  - puppetserver
--- a/site/profiles/manifests/puppet/client.pp
+++ b/site/profiles/manifests/puppet/client.pp
@ -14,14 +14,18 @@ class profiles::puppet::client (
  Boolean $usecacheonfailure  = false,
 ) {

-  # Assuming you want to manage puppet.conf with this profile
-  file { '/etc/puppetlabs/puppet/puppet.conf':
-    ensure  => 'present',
-    content => template('profiles/puppet/client/puppet.conf.erb'),
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0644',
-    notify  => Service['puppet'],
+  # dont manage puppet.conf if this is a puppetmaster
+  if $facts['enc_role'] != 'roles::infra::puppet::master' {
+
+    # Assuming you want to manage puppet.conf with this profile
+    file { '/etc/puppetlabs/puppet/puppet.conf':
+      ensure  => 'present',
+      content => template('profiles/puppet/client/puppet.conf.erb'),
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0644',
+      notify  => Service['puppet'],
+    }
  }
 }

--- a/site/profiles/manifests/puppet/puppetmaster.pp
+++ b/site/profiles/manifests/puppet/puppetmaster.pp
@ -23,45 +23,34 @@
 # Limitations:
 # This is designed to work on Unix-like systems.
 class profiles::puppet::puppetmaster (
-  String $puppetdb_host = lookup('profiles::puppet::puppetdb::puppetdb_host'),
+  Optional[Stdlib::Fqdn] $puppetdb_host = lookup('profiles::puppet::puppetdb::puppetdb_host', Optional[Stdlib::Fqdn], 'first', undef),
 ) {
-  include profiles::puppet::r10k
-  include profiles::puppet::g10k
-  include profiles::puppet::enc
-  include profiles::puppet::cobbler_enc
-  include profiles::puppet::autosign
-  include profiles::puppet::gems
-  include profiles::helpers::certmanager

-  class { 'puppetdb::master::config':
-    puppetdb_server     => $puppetdb_host,
-    manage_storeconfigs => false,
+  if $facts['enc_role'] == 'roles::infra::puppet::master' {
+
+    include profiles::puppet::r10k
+    include profiles::puppet::g10k
+    include profiles::puppet::enc
+    include profiles::puppet::cobbler_enc
+    include profiles::puppet::autosign
+    include profiles::puppet::gems
+    include profiles::helpers::certmanager
+    include profiles::puppet::server
+
+    class { 'puppetdb::master::config':
+      puppetdb_server     => $puppetdb_host,
+      manage_storeconfigs => false,
+    }
+
+    Package['puppetserver']
+    -> Class['profiles::puppet::gems']
+    -> Class['profiles::puppet::r10k']
+    -> Class['profiles::puppet::g10k']
+    -> Class['profiles::puppet::enc']
+    -> Class['profiles::puppet::cobbler_enc']
+    -> Class['profiles::puppet::autosign']
+    -> Class['puppetdb::master::config']
+    -> Class['profiles::puppet::server']
  }

-  class { 'profiles::puppet::server':
-    vardir               => '/opt/puppetlabs/server/data/puppetserver',
-    logdir               => '/var/log/puppetlabs/puppetserver',
-    rundir               => '/var/run/puppetlabs/puppetserver',
-    pidfile              => '/var/run/puppetlabs/puppetserver/puppetserver.pid',
-    codedir              => '/etc/puppetlabs/code',
-    dns_alt_names        => [
-      'prodinf01n01.main.unkin.net',
-      'puppet.main.unkin.net',
-      'puppetca.main.unkin.net',
-      'puppetmaster.main.unkin.net',
-      'puppet',
-      'puppetca',
-      'puppetmaster',
-    ],
-    server               => 'prodinf01n01.main.unkin.net',
-    node_terminus        => 'exec',
-    external_nodes       => '/opt/cobbler-enc/cobbler-enc',
-    autosign             => '/etc/puppetlabs/puppet/autosign.conf',
-    default_manifest     => '/etc/puppetlabs/code/environments/develop/manifests',
-    default_environment  => 'develop',
-    storeconfigs         => true,
-    storeconfigs_backend => 'puppetdb',
-    reports              => 'puppetdb',
-    usecacheonfailure    => false,
-  }
 }
--- a/site/profiles/manifests/puppet/server.pp
+++ b/site/profiles/manifests/puppet/server.pp
@ -9,28 +9,31 @@
 #   pidfile - File path for the PID file.
 #   codedir - Directory path for code data.
 #   dns_alt_names - Array of alternate DNS names for the server.
-#   server - Server's name.
+#   agent_server - Server name for the puppet agent on the master.
 #   node_terminus - Node terminus.
 #   external_nodes - Path to the external node classifier script.
 #   autosign - Path to the autosign script.
 #
 class profiles::puppet::server (
-  String $vardir,
-  String $logdir,
-  String $rundir,
-  String $pidfile,
-  String $codedir,
-  Array[String[1]] $dns_alt_names,
-  String $server,
-  String $node_terminus,
-  String $external_nodes,
-  String $autosign,
-  String $default_manifest,
-  String $default_environment,
-  Boolean $storeconfigs,
-  String $storeconfigs_backend,
-  String $reports,
-  Boolean $usecacheonfailure,
+  Stdlib::Absolutepath $vardir = '/opt/puppetlabs/server/data/puppetserver',
+  Stdlib::Absolutepath $logdir = '/var/log/puppetlabs/puppetserver',
+  Stdlib::Absolutepath $rundir = '/var/run/puppetlabs/puppetserver',
+  Stdlib::Absolutepath $pidfile = '/var/run/puppetlabs/puppetserver/puppetserver.pid',
+  Stdlib::Absolutepath $codedir = '/etc/puppetlabs/code',
+  Array[String] $dns_alt_names = [
+    $facts['networking']['fqdn'],
+    $facts['networking']['hostname'],
+  ],
+  Stdlib::Fqdn $agent_server = 'puppetmaster',
+  String $node_terminus = 'exec',
+  String $external_nodes = '/opt/cobbler-enc/cobbler-enc',
+  String $default_environment = 'develop',
+  Stdlib::Absolutepath $autosign = '/etc/puppetlabs/puppet/autosign.conf',
+  Stdlib::Absolutepath $default_manifest = "${codedir}/environments/${default_environment}/manifests",
+  Boolean $storeconfigs = true,
+  String $storeconfigs_backend = 'puppetdb',
+  String $reports = 'puppetdb',
+  Boolean $usecacheonfailure = false,
 ) {

  file { '/etc/puppetlabs/puppet/puppet.conf':
@ -44,8 +47,8 @@ class profiles::puppet::server (
      'rundir'               => $rundir,
      'pidfile'              => $pidfile,
      'codedir'              => $codedir,
-      'dns_alt_names'        => join($dns_alt_names, ','),
-      'server'               => $server,
+      'dns_alt_names'        => join(sort($dns_alt_names), ','),
+      'server'               => $agent_server,
      'node_terminus'        => $node_terminus,
      'external_nodes'       => $external_nodes,
      'autosign'             => $autosign,