From fdb13b7338eedfad5e093c130e17b2aed4c9afd4 Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Fri, 17 Nov 2023 21:13:59 +1100
Subject: [PATCH 1/3] feat: find resolvers by role

- use puppetdbquery module to query puppetdb for resolvers
- move dns client config to profiles::dns::base
- manage the /etc/resolv.conf file
---
 Puppetfile                                 |  1 +
 hieradata/common.yaml                      |  1 +
 site/profiles/manifests/base.pp            |  4 +--
 site/profiles/manifests/dns/base.pp        | 31 ++++++++++++++++++++++
 site/profiles/manifests/dns/client.pp      |  6 ++---
 site/profiles/manifests/dns/resolvconf.pp  | 14 ++++++++++
 site/profiles/templates/dns/resolvconf.erb |  7 +++++
 7 files changed, 58 insertions(+), 6 deletions(-)
 create mode 100644 site/profiles/manifests/dns/base.pp
 create mode 100644 site/profiles/manifests/dns/resolvconf.pp
 create mode 100644 site/profiles/templates/dns/resolvconf.erb

diff --git a/Puppetfile b/Puppetfile
index fda7e8a..06bdf6b 100644
--- a/Puppetfile
+++ b/Puppetfile
@@ -27,6 +27,7 @@ mod 'puppet-selinux', '4.1.0'
 # other
 mod 'ghoneycutt-puppet', '3.3.0'
 mod 'saz-sudo', '8.0.0'
+mod 'dalen-puppetdbquery', '3.0.1'
 
 mod 'bind',
   :git => 'https://git.unkin.net/unkinben/puppet-bind.git',
diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index dce34c8..dcf2885 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -7,6 +7,7 @@ profiles::base::puppet_servers:
   - 'prodinf01n01.main.unkin.net'
 
 profiles::dns::master::basedir: '/var/named/sources'
+profiles::dns::base::ns_role: 'roles::infra::dns::resolver'
 
 profiles::packages::base:
   - bash-completion
diff --git a/site/profiles/manifests/base.pp b/site/profiles/manifests/base.pp
index 1182097..9abb043 100644
--- a/site/profiles/manifests/base.pp
+++ b/site/profiles/manifests/base.pp
@@ -29,9 +29,7 @@ class profiles::base (
   include profiles::base::hosts
   include profiles::accounts::sysadmin
   include profiles::ntp::client
-
-  # configure dns records for client
-  profiles::dns::client {"${facts['networking']['fqdn']}-default":}
+  include profiles::dns::base
 
   # include the python class
   class { 'python':
diff --git a/site/profiles/manifests/dns/base.pp b/site/profiles/manifests/dns/base.pp
new file mode 100644
index 0000000..6510453
--- /dev/null
+++ b/site/profiles/manifests/dns/base.pp
@@ -0,0 +1,31 @@
+# profiles::dns::base
+class profiles::dns::base (
+  String $ns_role = undef,
+  Array  $search  = [],
+  Array  $nameservers = ['8.8.8.8', '1.1.1.1'],
+){
+
+  # if ns_role is set, find all hosts matching that enc_role
+  if $ns_role == undef {
+    $nameserver_array = $nameservers
+  }else{
+    $nameserver_array = query_nodes("enc_role='${ns_role}'", 'networking.ip')
+  }
+
+  # if search is undef, fallback to domainname from facts
+  if $search == [] {
+    $search_array = [$::facts['networking']['domain']]
+  }else{
+    $search_array = $search
+  }
+
+  # include resolvconf class
+  class { 'profiles::dns::resolvconf':
+    nameservers    => $nameserver_array,
+    search_domains => $search_array,
+  }
+
+  # export dns records for client
+  profiles::dns::client {"${facts['networking']['fqdn']}-default":}
+
+}
diff --git a/site/profiles/manifests/dns/client.pp b/site/profiles/manifests/dns/client.pp
index 1441299..3dca748 100644
--- a/site/profiles/manifests/dns/client.pp
+++ b/site/profiles/manifests/dns/client.pp
@@ -1,8 +1,8 @@
 # profiles::dns::client
 define profiles::dns::client (
-  Boolean   $forward = true,
-  Boolean   $reverse = true,
-  Integer   $order   = 10,
+  Boolean   $forward    = true,
+  Boolean   $reverse    = true,
+  Integer   $order      = 10,
 ){
 
   $intf = $facts['networking']['primary']
diff --git a/site/profiles/manifests/dns/resolvconf.pp b/site/profiles/manifests/dns/resolvconf.pp
new file mode 100644
index 0000000..e8b44c9
--- /dev/null
+++ b/site/profiles/manifests/dns/resolvconf.pp
@@ -0,0 +1,14 @@
+# profiles::dns::resolvconf
+class profiles::dns::resolvconf (
+  Array[String] $nameservers,
+  Array[String] $search_domains,
+) {
+
+  file { '/etc/resolv.conf':
+    ensure  => file,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    content => template('profiles/dns/resolvconf.erb'),
+  }
+}
diff --git a/site/profiles/templates/dns/resolvconf.erb b/site/profiles/templates/dns/resolvconf.erb
new file mode 100644
index 0000000..f0a91c8
--- /dev/null
+++ b/site/profiles/templates/dns/resolvconf.erb
@@ -0,0 +1,7 @@
+# Managed by Puppet
+<% @nameservers.each do |ns| -%>
+nameserver <%= ns %>
+<% end -%>
+<% unless @search_domains.empty? -%>
+search <%= @search_domains.join(' ') %>
+<% end -%>

From 8d80fa3c516046d6d1fe81a6891b087de63de595 Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Fri, 17 Nov 2023 22:17:24 +1100
Subject: [PATCH 2/3] feat: manage cloudinit

- add/remove cloud-init, default to remove
---
 site/profiles/manifests/base.pp           |  1 +
 site/profiles/manifests/cloudinit/init.pp | 28 +++++++++++++++++++++++
 2 files changed, 29 insertions(+)
 create mode 100644 site/profiles/manifests/cloudinit/init.pp

diff --git a/site/profiles/manifests/base.pp b/site/profiles/manifests/base.pp
index 1182097..6d1d6dc 100644
--- a/site/profiles/manifests/base.pp
+++ b/site/profiles/manifests/base.pp
@@ -29,6 +29,7 @@ class profiles::base (
   include profiles::base::hosts
   include profiles::accounts::sysadmin
   include profiles::ntp::client
+  include profiles::cloudinit::init
 
   # configure dns records for client
   profiles::dns::client {"${facts['networking']['fqdn']}-default":}
diff --git a/site/profiles/manifests/cloudinit/init.pp b/site/profiles/manifests/cloudinit/init.pp
new file mode 100644
index 0000000..f2edb9c
--- /dev/null
+++ b/site/profiles/manifests/cloudinit/init.pp
@@ -0,0 +1,28 @@
+# profiles::cloudinit::init
+class profiles::cloudinit::init (
+  Boolean $enabled = false,
+  String  $package = 'cloud-init',
+  String  $service = 'cloud-init',
+){
+
+  if $enabled {
+    package { $package:
+      ensure => installed,
+    }
+
+    service { $service:
+      ensure  => running,
+      enable  => true,
+      require => Package[$package],
+    }
+  } else {
+    service { $service:
+      ensure => stopped,
+      enable => false,
+    }
+
+    package { $package:
+      ensure => absent,
+    }
+  }
+}

From d6f3262836317884529b31bffeef964141db4d38 Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Fri, 17 Nov 2023 22:25:43 +1100
Subject: [PATCH 3/3] feat: manage qemu-agent

---
 site/profiles/manifests/base.pp       |  4 ++++
 site/profiles/manifests/qemu/agent.pp | 28 +++++++++++++++++++++++++++
 2 files changed, 32 insertions(+)
 create mode 100644 site/profiles/manifests/qemu/agent.pp

diff --git a/site/profiles/manifests/base.pp b/site/profiles/manifests/base.pp
index 1182097..b22badc 100644
--- a/site/profiles/manifests/base.pp
+++ b/site/profiles/manifests/base.pp
@@ -46,4 +46,8 @@ class profiles::base (
     secure_path => '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/opt/puppetlabs/bin'
   }
 
+  # manage virtualised guest agents
+  if $::facts['is_virtual'] and $::facts['dmi']['manufacturer'] == 'QEMU' {
+    include profiles::qemu::agent
+  }
 }
diff --git a/site/profiles/manifests/qemu/agent.pp b/site/profiles/manifests/qemu/agent.pp
new file mode 100644
index 0000000..5a9eeba
--- /dev/null
+++ b/site/profiles/manifests/qemu/agent.pp
@@ -0,0 +1,28 @@
+# profiles::qemu::agent
+class profiles::qemu::agent (
+  Boolean $enabled = true,
+  String  $package = 'qemu-guest-agent',
+  String  $service = 'qemu-guest-agent',
+){
+
+  if $enabled {
+    package { $package:
+      ensure => installed,
+    }
+
+    service { $service:
+      ensure  => running,
+      enable  => true,
+      require => Package[$package],
+    }
+  } else {
+    service { $service:
+      ensure => stopped,
+      enable => false,
+    }
+
+    package { $package:
+      ensure => absent,
+    }
+  }
+}