Added puppet-enc setup

* systemd timer/service to update repo every minute * added puppetlabs/vcsrepo module * install git if its not already installed * added to profile::puppet::puppetmaster * updated pre-commit to allow long yaml lines
2023-06-21 21:29:57 +10:00 · 2023-06-21 21:29:57 +10:00 · c6d62a710c
commit c6d62a710c
parent 11a6e95b02
5 changed files with 92 additions and 0 deletions
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -22,3 +22,8 @@ repos:
    rev: v1.32.0
    hooks:
      - id: 'yamllint'
        args:
          [
            "-d {extends: relaxed, rules: {line-length: disable}, ignore: chart}",
            "-s",
          ]
--- a/1
+++ b/1
@ -10,3 +10,4 @@ mod 'eyp-systemd', '3.1.0'
 mod 'ghoneycutt-puppet', '3.3.0'
 mod 'puppet-archive', '7.0.0'
 mod 'puppet-chrony', '2.6.0'
 mod 'puppetlabs-vcsrepo', '6.1.0'
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@ -5,3 +5,5 @@ profile::base::ntp_servers:
 profile::puppet::autosign::subnet_ranges:
  - '198.18.17.0/24'
 profile::puppet::enc::enc_repo: https://git.unkin.net/unkinben/puppet-enc.git
--- a/site/profile/manifests/puppet/enc.pp
+++ b/site/profile/manifests/puppet/enc.pp
@ -0,0 +1,83 @@
 # Class: profile::puppet::enc
 #
 # This class manages a Git repository at /opt/puppetlabs/enc. It includes a 
 # systemd service and timer to keep the repository updated every minute.
 # The Git package is installed if not present, and the repository at the given 
 # location will always reflect the state of the remote Git repository.
 #
 # Parameters:
 # - enc_repo: The URL of the Git repository to clone.
 #
 # Actions:
 # - Ensures the Git package is installed.
 # - Ensures the /opt/puppetlabs/enc directory is a clone of the given Git repository.
 # - Creates a helper script '/opt/puppetlabs/bin/git_update' for updating the Git repository.
 # - Creates a systemd service and timer that runs the git update script every minute.
 #
 # Usage:
 #   Directly include the class in your node definitions or classify your nodes 
 #   using an ENC or Hiera.
 #   Example:
 #     node 'puppet.example.com' {
 #       class { 'profile::puppet::enc':
 #         enc_repo => 'https://github.com/user/repo.git',
 #       }
 #     }
 #
 # Requirements:
 # - The 'puppet-vcsrepo' module should be installed on your puppetmaster.
 # - The 'puppet-systemd' module should be installed on your puppetmaster.
 # - '/opt/puppetlabs/bin/' directory must exist and be writable.
 # - Puppet master must have access to the specified Git URL.
 #
 # Limitations:
 # This is designed to work on Unix-like systems only.
 #
 class profile::puppet::enc (
  String $enc_repo,
 ) {
  package { 'git':
    ensure => installed,
  }
  vcsrepo { '/opt/puppetlabs/enc':
    ensure   => latest,
    provider => git,
    source   => $enc_repo,
    require  => Package['git'],
  }
  file { '/opt/puppetlabs/bin/enc':
    ensure  => link,
    target  => '/opt/puppetlabs/enc/enc.py',
    require => Vcsrepo['/opt/puppetlabs/enc'],
  }
  file { '/opt/puppetlabs/bin/puppet-enc':
    ensure  => file,
    owner   => 'root',
    group   => 'root',
    mode    => '0755',
    content => "#!/bin/bash\n(
      cd /opt/puppetlabs/enc/
      git reset --hard master
      git clean -fd
      git pull\n)",
    require => Package['git'],
  }
  systemd::service { 'puppet-enc':
    description => 'puppet-enc update service',
    execstart   => '/opt/puppetlabs/bin/puppet-enc',
    user        => 'root',
    require     => File['/opt/puppetlabs/bin/puppet-enc'],
  }
  systemd::timer { 'puppet-enc':
    description => 'Run puppet-enc every minute',
    unit        => 'puppet-enc.service',
    on_calendar => '*:0/1',
    require     => Systemd::Service['puppet-enc'],
  }
 }
--- a/site/profile/manifests/puppet/puppetmaster.pp
+++ b/site/profile/manifests/puppet/puppetmaster.pp
@ -24,6 +24,7 @@
 # This is designed to work on Unix-like systems.
 class profile::puppet::puppetmaster {
  include profile::puppet::g10k
  include profile::puppet::enc
  include profile::puppet::autosign
  class { 'profile::puppet::server':