From 56b23620b73391bacf312b28678d91204b6a9a09 Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Thu, 2 May 2024 22:33:17 +1000
Subject: [PATCH] refactor: reoganise the puppetserver profile

- manage puppetserver package
- set order for puppetserver classes
- for profiles::puppet::server class:
  - set param types using stdlib where possible
  - set default values for all params
- move configuration data to hieradata
- wait for enc_role fact to match role
- exclude puppet::client from puppermaster nodes
---
 hieradata/common.yaml                         | 11 ++++
 .../au/region/drw1/infra/puppet/master.yaml   |  4 ++
 .../au/region/syd1/infra/puppet/master.yaml   |  4 ++
 .../nodes/prodinf01n01.main.unkin.net.yaml    |  4 ++
 hieradata/roles/infra/puppet.yaml             |  3 +
 site/profiles/manifests/puppet/client.pp      | 20 +++---
 .../profiles/manifests/puppet/puppetmaster.pp | 63 ++++++++-----------
 site/profiles/manifests/puppet/server.pp      | 41 ++++++------
 8 files changed, 86 insertions(+), 64 deletions(-)
 create mode 100644 hieradata/country/au/region/drw1/infra/puppet/master.yaml
 create mode 100644 hieradata/country/au/region/syd1/infra/puppet/master.yaml
 create mode 100644 hieradata/nodes/prodinf01n01.main.unkin.net.yaml
 create mode 100644 hieradata/roles/infra/puppet.yaml

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index 4d7b5d0..71eefa0 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -87,6 +87,9 @@ lookup_options:
   profiles::consul::client::node_rules:
     merge:
       strategy: deep
+  profiles::puppet::server::dns_alt_names:
+    merge:
+      strategy: deep
 
 facts_path: '/opt/puppetlabs/facter/facts.d'
 
@@ -237,3 +240,11 @@ profiles::base::hosts::additional_hosts:
     aliases:
       - prodinf01n22
       - repos.main.unkin.net
+
+profiles::puppet::server::dns_alt_names:
+  - "%{facts.networking.fqdn}"
+  - "%{facts.networking.hostname}"
+  - puppetmaster.main.unkin.net
+  - puppet.main.unkin.net
+  - puppetmaster
+  - puppet
diff --git a/hieradata/country/au/region/drw1/infra/puppet/master.yaml b/hieradata/country/au/region/drw1/infra/puppet/master.yaml
new file mode 100644
index 0000000..1b3d42c
--- /dev/null
+++ b/hieradata/country/au/region/drw1/infra/puppet/master.yaml
@@ -0,0 +1,4 @@
+---
+profiles::puppet::server::dns_alt_names:
+  - puppetca.main.unkin.net
+  - puppetca
diff --git a/hieradata/country/au/region/syd1/infra/puppet/master.yaml b/hieradata/country/au/region/syd1/infra/puppet/master.yaml
new file mode 100644
index 0000000..1b3d42c
--- /dev/null
+++ b/hieradata/country/au/region/syd1/infra/puppet/master.yaml
@@ -0,0 +1,4 @@
+---
+profiles::puppet::server::dns_alt_names:
+  - puppetca.main.unkin.net
+  - puppetca
diff --git a/hieradata/nodes/prodinf01n01.main.unkin.net.yaml b/hieradata/nodes/prodinf01n01.main.unkin.net.yaml
new file mode 100644
index 0000000..1b3d42c
--- /dev/null
+++ b/hieradata/nodes/prodinf01n01.main.unkin.net.yaml
@@ -0,0 +1,4 @@
+---
+profiles::puppet::server::dns_alt_names:
+  - puppetca.main.unkin.net
+  - puppetca
diff --git a/hieradata/roles/infra/puppet.yaml b/hieradata/roles/infra/puppet.yaml
new file mode 100644
index 0000000..6ae5977
--- /dev/null
+++ b/hieradata/roles/infra/puppet.yaml
@@ -0,0 +1,3 @@
+---
+profiles::packages::install:
+  - puppetserver
diff --git a/site/profiles/manifests/puppet/client.pp b/site/profiles/manifests/puppet/client.pp
index 973f621..e0f1dd2 100644
--- a/site/profiles/manifests/puppet/client.pp
+++ b/site/profiles/manifests/puppet/client.pp
@@ -14,14 +14,18 @@ class profiles::puppet::client (
   Boolean $usecacheonfailure  = false,
 ) {
 
-  # Assuming you want to manage puppet.conf with this profile
-  file { '/etc/puppetlabs/puppet/puppet.conf':
-    ensure  => 'present',
-    content => template('profiles/puppet/client/puppet.conf.erb'),
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0644',
-    notify  => Service['puppet'],
+  # dont manage puppet.conf if this is a puppetmaster
+  if $facts['enc_role'] != 'roles::infra::puppet::master' {
+
+    # Assuming you want to manage puppet.conf with this profile
+    file { '/etc/puppetlabs/puppet/puppet.conf':
+      ensure  => 'present',
+      content => template('profiles/puppet/client/puppet.conf.erb'),
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0644',
+      notify  => Service['puppet'],
+    }
   }
 }
 
diff --git a/site/profiles/manifests/puppet/puppetmaster.pp b/site/profiles/manifests/puppet/puppetmaster.pp
index a5b7c74..ec2a695 100644
--- a/site/profiles/manifests/puppet/puppetmaster.pp
+++ b/site/profiles/manifests/puppet/puppetmaster.pp
@@ -23,45 +23,34 @@
 # Limitations:
 # This is designed to work on Unix-like systems.
 class profiles::puppet::puppetmaster (
-  String $puppetdb_host = lookup('profiles::puppet::puppetdb::puppetdb_host'),
+  Optional[Stdlib::Fqdn] $puppetdb_host = lookup('profiles::puppet::puppetdb::puppetdb_host', Optional[Stdlib::Fqdn], 'first', undef),
 ) {
-  include profiles::puppet::r10k
-  include profiles::puppet::g10k
-  include profiles::puppet::enc
-  include profiles::puppet::cobbler_enc
-  include profiles::puppet::autosign
-  include profiles::puppet::gems
-  include profiles::helpers::certmanager
 
-  class { 'puppetdb::master::config':
-    puppetdb_server     => $puppetdb_host,
-    manage_storeconfigs => false,
+  if $facts['enc_role'] == 'roles::infra::puppet::master' {
+
+    include profiles::puppet::r10k
+    include profiles::puppet::g10k
+    include profiles::puppet::enc
+    include profiles::puppet::cobbler_enc
+    include profiles::puppet::autosign
+    include profiles::puppet::gems
+    include profiles::helpers::certmanager
+    include profiles::puppet::server
+
+    class { 'puppetdb::master::config':
+      puppetdb_server     => $puppetdb_host,
+      manage_storeconfigs => false,
+    }
+
+    Package['puppetserver']
+    -> Class['profiles::puppet::gems']
+    -> Class['profiles::puppet::r10k']
+    -> Class['profiles::puppet::g10k']
+    -> Class['profiles::puppet::enc']
+    -> Class['profiles::puppet::cobbler_enc']
+    -> Class['profiles::puppet::autosign']
+    -> Class['puppetdb::master::config']
+    -> Class['profiles::puppet::server']
   }
 
-  class { 'profiles::puppet::server':
-    vardir               => '/opt/puppetlabs/server/data/puppetserver',
-    logdir               => '/var/log/puppetlabs/puppetserver',
-    rundir               => '/var/run/puppetlabs/puppetserver',
-    pidfile              => '/var/run/puppetlabs/puppetserver/puppetserver.pid',
-    codedir              => '/etc/puppetlabs/code',
-    dns_alt_names        => [
-      'prodinf01n01.main.unkin.net',
-      'puppet.main.unkin.net',
-      'puppetca.main.unkin.net',
-      'puppetmaster.main.unkin.net',
-      'puppet',
-      'puppetca',
-      'puppetmaster',
-    ],
-    server               => 'prodinf01n01.main.unkin.net',
-    node_terminus        => 'exec',
-    external_nodes       => '/opt/cobbler-enc/cobbler-enc',
-    autosign             => '/etc/puppetlabs/puppet/autosign.conf',
-    default_manifest     => '/etc/puppetlabs/code/environments/develop/manifests',
-    default_environment  => 'develop',
-    storeconfigs         => true,
-    storeconfigs_backend => 'puppetdb',
-    reports              => 'puppetdb',
-    usecacheonfailure    => false,
-  }
 }
diff --git a/site/profiles/manifests/puppet/server.pp b/site/profiles/manifests/puppet/server.pp
index 4930582..ecf1f97 100644
--- a/site/profiles/manifests/puppet/server.pp
+++ b/site/profiles/manifests/puppet/server.pp
@@ -9,28 +9,31 @@
 #   pidfile - File path for the PID file.
 #   codedir - Directory path for code data.
 #   dns_alt_names - Array of alternate DNS names for the server.
-#   server - Server's name.
+#   agent_server - Server name for the puppet agent on the master.
 #   node_terminus - Node terminus.
 #   external_nodes - Path to the external node classifier script.
 #   autosign - Path to the autosign script.
 #
 class profiles::puppet::server (
-  String $vardir,
-  String $logdir,
-  String $rundir,
-  String $pidfile,
-  String $codedir,
-  Array[String[1]] $dns_alt_names,
-  String $server,
-  String $node_terminus,
-  String $external_nodes,
-  String $autosign,
-  String $default_manifest,
-  String $default_environment,
-  Boolean $storeconfigs,
-  String $storeconfigs_backend,
-  String $reports,
-  Boolean $usecacheonfailure,
+  Stdlib::Absolutepath $vardir = '/opt/puppetlabs/server/data/puppetserver',
+  Stdlib::Absolutepath $logdir = '/var/log/puppetlabs/puppetserver',
+  Stdlib::Absolutepath $rundir = '/var/run/puppetlabs/puppetserver',
+  Stdlib::Absolutepath $pidfile = '/var/run/puppetlabs/puppetserver/puppetserver.pid',
+  Stdlib::Absolutepath $codedir = '/etc/puppetlabs/code',
+  Array[String] $dns_alt_names = [
+    $facts['networking']['fqdn'],
+    $facts['networking']['hostname'],
+  ],
+  Stdlib::Fqdn $agent_server = 'puppetmaster',
+  String $node_terminus = 'exec',
+  String $external_nodes = '/opt/cobbler-enc/cobbler-enc',
+  String $default_environment = 'develop',
+  Stdlib::Absolutepath $autosign = '/etc/puppetlabs/puppet/autosign.conf',
+  Stdlib::Absolutepath $default_manifest = "${codedir}/environments/${default_environment}/manifests",
+  Boolean $storeconfigs = true,
+  String $storeconfigs_backend = 'puppetdb',
+  String $reports = 'puppetdb',
+  Boolean $usecacheonfailure = false,
 ) {
 
   file { '/etc/puppetlabs/puppet/puppet.conf':
@@ -44,8 +47,8 @@ class profiles::puppet::server (
       'rundir'               => $rundir,
       'pidfile'              => $pidfile,
       'codedir'              => $codedir,
-      'dns_alt_names'        => join($dns_alt_names, ','),
-      'server'               => $server,
+      'dns_alt_names'        => join(sort($dns_alt_names), ','),
+      'server'               => $agent_server,
       'node_terminus'        => $node_terminus,
       'external_nodes'       => $external_nodes,
       'autosign'             => $autosign,