refactor: reoganise the puppetserver profile

- manage puppetserver package - set order for puppetserver classes - for profiles::puppet::server class: - set param types using stdlib where possible - set default values for all params - move configuration data to hieradata - wait for enc_role fact to match role - exclude puppet::client from puppermaster nodes
2024-05-02 22:33:17 +10:00 · 2024-05-02 22:33:17 +10:00 · 56b23620b7
commit 56b23620b7
parent 8697492611
8 changed files with 86 additions and 64 deletions
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@ -87,6 +87,9 @@ lookup_options:
  profiles::consul::client::node_rules:
    merge:
      strategy: deep
  profiles::puppet::server::dns_alt_names:
    merge:
      strategy: deep
 facts_path: '/opt/puppetlabs/facter/facts.d'
@ -237,3 +240,11 @@ profiles::base::hosts::additional_hosts:
    aliases:
      - prodinf01n22
      - repos.main.unkin.net
 profiles::puppet::server::dns_alt_names:
  - "%{facts.networking.fqdn}"
  - "%{facts.networking.hostname}"
  - puppetmaster.main.unkin.net
  - puppet.main.unkin.net
  - puppetmaster
  - puppet
--- a/hieradata/country/au/region/drw1/infra/puppet/master.yaml
+++ b/hieradata/country/au/region/drw1/infra/puppet/master.yaml
@ -0,0 +1,4 @@
 ---
 profiles::puppet::server::dns_alt_names:
  - puppetca.main.unkin.net
  - puppetca
--- a/hieradata/country/au/region/syd1/infra/puppet/master.yaml
+++ b/hieradata/country/au/region/syd1/infra/puppet/master.yaml
@ -0,0 +1,4 @@
 ---
 profiles::puppet::server::dns_alt_names:
  - puppetca.main.unkin.net
  - puppetca
--- a/hieradata/nodes/prodinf01n01.main.unkin.net.yaml
+++ b/hieradata/nodes/prodinf01n01.main.unkin.net.yaml
@ -0,0 +1,4 @@
 ---
 profiles::puppet::server::dns_alt_names:
  - puppetca.main.unkin.net
  - puppetca
--- a/hieradata/roles/infra/puppet.yaml
+++ b/hieradata/roles/infra/puppet.yaml
@ -0,0 +1,3 @@
 ---
 profiles::packages::install:
  - puppetserver
--- a/site/profiles/manifests/puppet/client.pp
+++ b/site/profiles/manifests/puppet/client.pp
@ -14,14 +14,18 @@ class profiles::puppet::client (
  Boolean $usecacheonfailure  = false,
 ) {
-  # Assuming you want to manage puppet.conf with this profile
+  # dont manage puppet.conf if this is a puppetmaster
-  file { '/etc/puppetlabs/puppet/puppet.conf':
+  if $facts['enc_role'] != 'roles::infra::puppet::master' {
-    ensure  => 'present',
+
-    content => template('profiles/puppet/client/puppet.conf.erb'),
+    # Assuming you want to manage puppet.conf with this profile
-    owner   => 'root',
+    file { '/etc/puppetlabs/puppet/puppet.conf':
-    group   => 'root',
+      ensure  => 'present',
-    mode    => '0644',
+      content => template('profiles/puppet/client/puppet.conf.erb'),
-    notify  => Service['puppet'],
+      owner   => 'root',
      group   => 'root',
      mode    => '0644',
      notify  => Service['puppet'],
    }
  }
 }
--- a/site/profiles/manifests/puppet/puppetmaster.pp
+++ b/site/profiles/manifests/puppet/puppetmaster.pp
@ -23,45 +23,34 @@
 # Limitations:
 # This is designed to work on Unix-like systems.
 class profiles::puppet::puppetmaster (
-  String $puppetdb_host = lookup('profiles::puppet::puppetdb::puppetdb_host'),
+  Optional[Stdlib::Fqdn] $puppetdb_host = lookup('profiles::puppet::puppetdb::puppetdb_host', Optional[Stdlib::Fqdn], 'first', undef),
 ) {
  include profiles::puppet::r10k
  include profiles::puppet::g10k
  include profiles::puppet::enc
  include profiles::puppet::cobbler_enc
  include profiles::puppet::autosign
  include profiles::puppet::gems
  include profiles::helpers::certmanager
-  class { 'puppetdb::master::config':
+  if $facts['enc_role'] == 'roles::infra::puppet::master' {
-    puppetdb_server     => $puppetdb_host,
+
-    manage_storeconfigs => false,
+    include profiles::puppet::r10k
    include profiles::puppet::g10k
    include profiles::puppet::enc
    include profiles::puppet::cobbler_enc
    include profiles::puppet::autosign
    include profiles::puppet::gems
    include profiles::helpers::certmanager
    include profiles::puppet::server
    class { 'puppetdb::master::config':
      puppetdb_server     => $puppetdb_host,
      manage_storeconfigs => false,
    }
    Package['puppetserver']
    -> Class['profiles::puppet::gems']
    -> Class['profiles::puppet::r10k']
    -> Class['profiles::puppet::g10k']
    -> Class['profiles::puppet::enc']
    -> Class['profiles::puppet::cobbler_enc']
    -> Class['profiles::puppet::autosign']
    -> Class['puppetdb::master::config']
    -> Class['profiles::puppet::server']
  }
  class { 'profiles::puppet::server':
    vardir               => '/opt/puppetlabs/server/data/puppetserver',
    logdir               => '/var/log/puppetlabs/puppetserver',
    rundir               => '/var/run/puppetlabs/puppetserver',
    pidfile              => '/var/run/puppetlabs/puppetserver/puppetserver.pid',
    codedir              => '/etc/puppetlabs/code',
    dns_alt_names        => [
      'prodinf01n01.main.unkin.net',
      'puppet.main.unkin.net',
      'puppetca.main.unkin.net',
      'puppetmaster.main.unkin.net',
      'puppet',
      'puppetca',
      'puppetmaster',
    ],
    server               => 'prodinf01n01.main.unkin.net',
    node_terminus        => 'exec',
    external_nodes       => '/opt/cobbler-enc/cobbler-enc',
    autosign             => '/etc/puppetlabs/puppet/autosign.conf',
    default_manifest     => '/etc/puppetlabs/code/environments/develop/manifests',
    default_environment  => 'develop',
    storeconfigs         => true,
    storeconfigs_backend => 'puppetdb',
    reports              => 'puppetdb',
    usecacheonfailure    => false,
  }
 }
--- a/site/profiles/manifests/puppet/server.pp
+++ b/site/profiles/manifests/puppet/server.pp
@ -9,28 +9,31 @@
 #   pidfile - File path for the PID file.
 #   codedir - Directory path for code data.
 #   dns_alt_names - Array of alternate DNS names for the server.
-#   server - Server's name.
+#   agent_server - Server name for the puppet agent on the master.
 #   node_terminus - Node terminus.
 #   external_nodes - Path to the external node classifier script.
 #   autosign - Path to the autosign script.
 #
 class profiles::puppet::server (
-  String $vardir,
+  Stdlib::Absolutepath $vardir = '/opt/puppetlabs/server/data/puppetserver',
-  String $logdir,
+  Stdlib::Absolutepath $logdir = '/var/log/puppetlabs/puppetserver',
-  String $rundir,
+  Stdlib::Absolutepath $rundir = '/var/run/puppetlabs/puppetserver',
-  String $pidfile,
+  Stdlib::Absolutepath $pidfile = '/var/run/puppetlabs/puppetserver/puppetserver.pid',
-  String $codedir,
+  Stdlib::Absolutepath $codedir = '/etc/puppetlabs/code',
-  Array[String[1]] $dns_alt_names,
+  Array[String] $dns_alt_names = [
-  String $server,
+    $facts['networking']['fqdn'],
-  String $node_terminus,
+    $facts['networking']['hostname'],
-  String $external_nodes,
+  ],
-  String $autosign,
+  Stdlib::Fqdn $agent_server = 'puppetmaster',
-  String $default_manifest,
+  String $node_terminus = 'exec',
-  String $default_environment,
+  String $external_nodes = '/opt/cobbler-enc/cobbler-enc',
-  Boolean $storeconfigs,
+  String $default_environment = 'develop',
-  String $storeconfigs_backend,
+  Stdlib::Absolutepath $autosign = '/etc/puppetlabs/puppet/autosign.conf',
-  String $reports,
+  Stdlib::Absolutepath $default_manifest = "${codedir}/environments/${default_environment}/manifests",
-  Boolean $usecacheonfailure,
+  Boolean $storeconfigs = true,
  String $storeconfigs_backend = 'puppetdb',
  String $reports = 'puppetdb',
  Boolean $usecacheonfailure = false,
 ) {
  file { '/etc/puppetlabs/puppet/puppet.conf':
@ -44,8 +47,8 @@ class profiles::puppet::server (
      'rundir'               => $rundir,
      'pidfile'              => $pidfile,
      'codedir'              => $codedir,
-      'dns_alt_names'        => join($dns_alt_names, ','),
+      'dns_alt_names'        => join(sort($dns_alt_names), ','),
-      'server'               => $server,
+      'server'               => $agent_server,
      'node_terminus'        => $node_terminus,
      'external_nodes'       => $external_nodes,
      'autosign'             => $autosign,