unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request 'Merge develop -> master' (#8) from develop into master

Browse Source 
Reviewed-on: unkinben/puppet-prod#8
This commit is contained in:
Ben Vincent 2023-07-02 14:36:42 +09:30
commit c82e2cd9ad
32 changed files with 855 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Puppetfile
View File

@ -5,9 +5,13 @@ moduledir 'external_modules'
mod 'puppetlabs-stdlib', '9.1.0'
mod 'puppetlabs-inifile', '6.0.0'
mod 'puppetlabs-concat', '9.0.0'
mod 'eyp-eyplib', '0.1.24'
mod 'eyp-systemd', '3.1.0'
#mod 'eyp-eyplib', '0.1.24'
#mod 'eyp-systemd', '3.1.0'
mod 'puppet-systemd', '5.1.0'
mod 'ghoneycutt-puppet', '3.3.0'
mod 'puppet-archive', '7.0.0'
mod 'puppet-chrony', '2.6.0'
mod 'puppetlabs-vcsrepo', '6.1.0'
mod 'puppetlabs-yumrepo_core', '2.0.0'
mod 'puppet-yum', '7.0.0'
mod 'puppetlabs-apt', '9.1.0'

4
hiera.yaml
View File

@ -6,5 +6,9 @@ defaults:
hierarchy:
- name: Node-specific data
path: "nodes/%{trusted.certname}.yaml"
- name: "Per-OS & Release Specific Data"
path: "os/%{facts.os.name}/%{facts.os.name}%{facts.os.release.major}.yaml"
- name: "Per-OS Specific Data"
path: "os/%{facts.os.name}/all_releases.yaml"
- name: Common data shared across nodes
path: "common.yaml"

25
hieradata/common.yaml
View File

@ -1,9 +1,28 @@
---
profile::base::ntp_servers:
profiles::base::ntp_servers:
- 0.au.pool.ntp.org
- 1.au.pool.ntp.org
profile::puppet::autosign::subnet_ranges:
profiles::base::packages::common:
- ccze
- curl
- dstat
- htop
- mtr
- ncdu
- neovim
- python3
- screen
- strace
- sudo
- tmux
- vim
- vnstat
- wget
- zsh
profiles::puppet::autosign::subnet_ranges:
- '198.18.17.0/24'
profile::puppet::enc::enc_repo: https://git.unkin.net/unkinben/puppet-enc.git
profiles::puppet::enc::enc_repo: https://git.unkin.net/unkinben/puppet-enc.git
profiles::puppet::r10k::r10k_repo: https://git.unkin.net/unkinben/puppet-r10k.git

8
hieradata/os/AlmaLinux/AlmaLinux8.yaml Normal file
View File

@ -0,0 +1,8 @@
# hieradata/os/AlmaLinux/AlmaLinux8.yaml
---
profiles::yum::managed_repos:
- 'base'
- 'extras'
- 'appstream'
- 'epel'
- 'puppet7'

8
hieradata/os/AlmaLinux/AlmaLinux9.yaml Normal file
View File

@ -0,0 +1,8 @@
# hieradata/os/AlmaLinux/AlmaLinux9.yaml
---
profiles::yum::managed_repos:
- 'base'
- 'extras'
- 'appstream'
- 'epel'
- 'puppet7'

4
hieradata/os/AlmaLinux/all_releases.yaml Normal file
View File

@ -0,0 +1,4 @@
# hieradata/os/almalinux/all_releases.yaml
---
profiles::yum::base::baseurl: http://almalinux.mirror.digitalpacific.com.au
profiles::yum::epel::baseurl: http://epel.mirror.digitalpacific.com.au

12
hieradata/os/Debian/Debian11.yaml Normal file
View File

@ -0,0 +1,12 @@
# hieradata/os/Debian/Debian11.yaml
---
profiles::apt::managed_repos:
- 'base'
- 'security'
- 'updates'
- 'puppet7'
profiles::apt::components:
- contrib
- main
- non-free

13
hieradata/os/Debian/Debian12.yaml Normal file
View File

@ -0,0 +1,13 @@
# hieradata/os/Debian/Debian12.yaml
---
profiles::apt::managed_repos:
- 'base'
- 'security'
- 'updates'
- 'puppet7'
profiles::apt::components:
- contrib
- main
- non-free
- non-free-firmware

7
hieradata/os/Debian/all_releases.yaml Normal file
View File

@ -0,0 +1,7 @@
# hieradata/os/debian/all_releases.yaml
---
profiles::apt::base::mirrorurl: http://debian.mirror.digitalpacific.com.au/debian
profiles::apt::base::secureurl: http://security.debian.org/debian-security
profiles::apt::puppet7::mirror: http://apt.puppetlabs.com
profiles::apt::puppet7::repo: puppet7
profiles::apt::puppet7::dist: bullseye

2
manifests/site.pp
View File

@ -1 +1 @@
#hiera_include('classes')

8
site/profile/manifests/base.pp
View File

@ -1,8 +0,0 @@
# this is the base class, which will be used by all servers
class profile::base (
Array $ntp_servers,
) {
class { 'chrony':
servers => $ntp_servers,
}
}

71
site/profiles/manifests/apt/base.pp Normal file
View File

@ -0,0 +1,71 @@
# This class manages the configuration of base APT repositories
#
# Parameters:
# - $managed_repos: An array of repositories to manage, such as 'base', 'security',
# 'updates', 'backports' (optional)
# - $components: An array of components for the repositories (e.g., 'main', 'contrib')
# - $mirrorurl: The base URL of the mirror for the base repository
# - $secureurl: The base URL of the mirror for the security repository
#
# Dependencies:
# - Puppet facts: The class relies on certain facts about the target system,
# including the OS architecture and distribution codename.
#
# Description:
# This class manages the configuration of base APT repositories on the target system.
# It supports the management of repositories specified in the $managed_repos parameter,
# including 'base', 'security', 'updates', and 'backports'. The class retrieves necessary
# information from Puppet facts, such as the OS architecture and distribution codename.
# It creates apt::source resources for each repository, setting the appropriate location,
# repos, and release values based on the provided parameters.
#
# Example usage:
# class { 'profiles::apt::base':
# managed_repos => ['base', 'security'],
# components => ['main', 'contrib'],
# mirrorurl => 'http://mirror.example.com',
# secureurl => 'http://security.example.com',
# }
class profiles::apt::base (
Array[String] $managed_repos,
Array[String] $components,
String $mirrorurl,
String $secureurl,
) {
$codename = $facts['os']['distro']['codename']
# Join the array into a space-separated string
$repo_components = join($components, ' ')
if 'base' in $managed_repos {
apt::source { 'base':
location => $mirrorurl,
repos => $repo_components,
release => $codename,
}
}
if 'security' in $managed_repos {
apt::source { 'security':
location => $secureurl,
repos => $repo_components,
release => "${codename}-security",
}
}
if 'updates' in $managed_repos {
apt::source { 'updates':
location => $mirrorurl,
repos => $repo_components,
release => "${codename}-updates",
}
}
if 'backports' in $managed_repos {
apt::source { 'backports':
location => $mirrorurl,
repos => $repo_components,
release => "${codename}-backports",
}
}
}

70
site/profiles/manifests/apt/global.pp Normal file
View File

@ -0,0 +1,70 @@
# Class: profiles::apt::global
#
# This class manages global APT configurations and optionally includes the
# base and Puppet7 apt repository profiles. The profiles included are based on
# the content of the $managed_repos parameter, which is an array of repository names.
#
# Parameters:
# -----------
# $managed_repos: An array of repository names that should be managed by Puppet agent.
# This parameter is mandatory and the class will fail if it is not provided via hieradata.
# Example: ['base', 'security', 'updates', 'backports']
#
# Actions:
# --------
# Configures global APT settings, including setting up the 'src' and 'deb' options for all
# repositories managed by Puppet.
# Establishes default parameters for any APT repositories managed by Puppet.
# These parameters include the repository description, the inclusion of 'src' and 'deb',
# and the pinning.
# Depending on the content of the $managed_repos parameter, it includes the
# profiles::apt::base and/or profiles::apt::puppet7 classes.
# Manages all .list files under /etc/apt/sources.list.d. All the repositories listed
# in $managed_repos will have their corresponding .list files preserved. Any
# .list file that is not listed in $managed_repos will be removed.
# Manages /etc/apt/sources.list file to be empty.
#
# Example usage:
# --------------
# To use this class, include it and configure hieradata:
# include profiles::apt::global
#
# profiles::apt::managed_repos:
# - 'base'
# - 'security'
# - 'updates'
# - 'backports'
class profiles::apt::global (
Array[String] $managed_repos = lookup('profiles::apt::managed_repos'),
Array[String] $components = lookup('profiles::apt::components'),
){
class { 'apt':
sources_list_force => true,
purge => {
'sources.list' => true,
'sources.list.d' => true,
},
update => {
frequency => 'daily',
loglevel => 'debug',
},
}
Apt::Source {
include => {
'src' => true,
'deb' => true,
},
}
# Setup base repos
class { 'profiles::apt::base':
managed_repos => $managed_repos,
components => $components,
}
# Setup puppet7 if included in managed_repos
class { 'profiles::apt::puppet7':
managed_repos => $managed_repos,
}
}

60
site/profiles/manifests/apt/puppet7.pp Normal file
View File

@ -0,0 +1,60 @@
# This class manages the installation and configuration of Puppet 7
#
# Parameters:
# - $managed_repos: An array of additional repositories to manage (optional)
# - $mirror: The base URL of the repository mirror
# - $repo: The repository name
# - $release: The release name
#
# Dependencies:
# - Puppet facts: The class relies on certain facts about the target system,
# including the OS release, architecture, and distribution codename.
#
# Description:
# This class installs Puppet 7 on the target system by managing the repository
# configuration and installing the appropriate package. It also supports the
# management of additional repositories specified in the $managed_repos parameter.
# The class retrieves necessary information from Puppet facts, such as the OS
# release version, architecture, and distribution codename. It downloads the
# Puppet release deb file from the specified mirror and installs it using dpkg.
# Additionally, it configures the main Puppet repository using the apt::source resource.
#
# Example usage:
# class { 'profiles::apt::puppet7':
# managed_repos => ['extra-repo'],
# mirror => 'http://mirror.example.com',
# release => 'puppet7',
# repo => 'bullseye',
# }
class profiles::apt::puppet7 (
Array[String] $managed_repos,
String $mirror,
String $repo,
String $dist,
) {
$codename = $facts['os']['distro']['codename']
if 'puppet7' in $managed_repos {
$puppet_source = "${mirror}/${repo}-release-${dist}.deb"
# Install the puppet release using dpkg
package { "${repo}-${dist}":
ensure => installed,
name => "${repo}-release",
provider => dpkg,
source => $puppet_source,
}
# deb http://apt.puppet.com bullseye puppet7
apt::source { 'puppet7':
location => $mirror,
repos => $repo,
release => $dist,
include => {
'src' => false,
'deb' => true,
},
}
}
}

24
site/profiles/manifests/base.pp Normal file
View File

@ -0,0 +1,24 @@
# this is the base class, which will be used by all servers
class profiles::base (
Array $ntp_servers,
) {
class { 'chrony':
servers => $ntp_servers,
}
case $facts['os']['family'] {
'RedHat': {
include profiles::yum::global
}
'Debian': {
include profiles::apt::global
}
default: {
fail("Unsupported OS family ${facts['os']['family']}")
}
}
class { 'profiles::base::packages':
packages => hiera('profiles::base::packages::common'),
ensure => 'installed',
}
}

27
site/profiles/manifests/base/packages.pp Normal file
View File

@ -0,0 +1,27 @@
# This class manages the installation of packages for the base profile
#
# Parameters:
# - $packages: An array of package names to be installed (optional)
#
# Description:
# This class installs a list of packages specified in the $packages parameter
# using the `package` resource from Puppet. Each package in the array is installed
# with the `ensure => installed` attribute, ensuring that the package is present
# on the target system. By default, the class retrieves the package list from Hiera
# using the key 'profiles::base::packages::common'.
#
# Example usage:
# class { 'profiles::base::packages':
# packages => ['package1', 'package2', 'package3'],
#
class profiles::base::packages (
Array $packages,
Enum[
'present',
'absent',
'latest',
'installed'
] $ensure = 'installed',
){
ensure_packages($packages, {'ensure' => $ensure})
}

30
site/profiles/manifests/defaults.pp Normal file
View File

@ -0,0 +1,30 @@
# settings that apply to all nodes
# use this as a place to set resource defaults
class profiles::defaults {
# set the global exec path
Exec {
path => ['/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/'],
}
Package {
ensure => present,
}
File {
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
}
Service {
ensure => running,
enable => true,
}
User {
ensure => present,
shell => '/bin/bash',
}
}

24
site/profiles/manifests/git/git.pp Normal file
View File

@ -0,0 +1,24 @@
# Class: profiles::git::git
#
# This class ensures that the Git package is installed.
#
# It uses the 'package' resource to manage the Git package,
# and will ensure that it is installed. This class does not
# manage any configurations related to Git, it only ensures
# that the package is installed.
#
# The class does not take any parameters.
#
# Example usage:
# --------------
# To use this class, you simply need to declare it in your manifest:
#
# include profiles::git::git
#
# You do not need to pass any parameters.
#
class profiles::git::git {
package { 'git':
ensure => installed,
}
}

6
site/profile/manifests/puppet/autosign.pp → site/profiles/manifests/puppet/autosign.pp
View File

@ -1,4 +1,4 @@
# Class: profile::puppet::autosign
# Class: profiles::puppet::autosign
#
# This class manages an autosign script for the Puppet master.
# It sets up a Ruby script that automatically signs Puppet node requests
@ -15,7 +15,7 @@
# The class can be declared in a node definition or classified using an ENC or Hiera.
# Example:
# node 'puppet.example.com' {
# class { 'profile::puppet::autosign':
# class { 'profiles::puppet::autosign':
# subnet_ranges => ['198.18.17.0/24', '10.0.0.0/8'],
# }
# }
@ -27,7 +27,7 @@
#
# Limitations:
# This is designed to work on Unix-like systems.
class profile::puppet::autosign (
class profiles::puppet::autosign (
Array[Stdlib::IP::Address::V4::CIDR] $subnet_ranges,
) {

48
site/profile/manifests/puppet/enc.pp → site/profiles/manifests/puppet/enc.pp
View File

@ -1,4 +1,4 @@
# Class: profile::puppet::enc
# Class: profiles::puppet::enc
#
# This class manages a Git repository at /opt/puppetlabs/enc. It includes a
# systemd service and timer to keep the repository updated every minute.
@ -19,7 +19,7 @@
# using an ENC or Hiera.
# Example:
# node 'puppet.example.com' {
# class { 'profile::puppet::enc':
# class { 'profiles::puppet::enc':
# enc_repo => 'https://github.com/user/repo.git',
# }
# }
@ -33,13 +33,11 @@
# Limitations:
# This is designed to work on Unix-like systems only.
#
class profile::puppet::enc (
class profiles::puppet::enc (
String $enc_repo,
) {
package { 'git':
ensure => installed,
}
include profiles::git::git
vcsrepo { '/opt/puppetlabs/enc':
ensure => latest,
@ -67,17 +65,33 @@ class profile::puppet::enc (
require => Package['git'],
}
systemd::service { 'puppet-enc':
description => 'puppet-enc update service',
execstart => '/opt/puppetlabs/bin/puppet-enc',
user => 'root',
require => File['/opt/puppetlabs/bin/puppet-enc'],
}
$_timer = @(EOT)
[Unit]
Description=puppet-enc downloader timer
[Timer]
OnCalendar=*:0/1
RandomizedDelaySec=1s
[Install]
WantedBy=timers.target
EOT
systemd::timer { 'puppet-enc':
description => 'Run puppet-enc every minute',
unit => 'puppet-enc.service',
on_calendar => '*:0/1',
require => Systemd::Service['puppet-enc'],
$_service = @(EOT)
[Unit]
Description=puppet-enc downloader service
[Service]
Type=oneshot
ExecStart=/opt/puppetlabs/bin/puppet-enc
User=root
Group=root
PermissionsStartOnly=false
PrivateTmp=no
EOT
systemd::timer { 'puppet-enc.timer':
timer_content => $_timer,
service_content => $_service,
active => true,
enable => true,
require => File['/opt/puppetlabs/bin/puppet-enc'],
}
}

44
site/profile/manifests/puppet/g10k.pp → site/profiles/manifests/puppet/g10k.pp
View File

@ -1,4 +1,4 @@
# Class: profile::puppet::g10k
# Class: profiles::puppet::g10k
#
# This class handles downloading and installation of the g10k tool, a fast
# Git and Forge based Puppet environment and module deployment tool.
@ -19,7 +19,7 @@
# using an ENC or Hiera.
# Example:
# node 'puppet.example.com' {
# include profile::puppet::g10k
# include profiles::puppet::g10k
# }
#
# Requirements:
@ -30,7 +30,7 @@
#
# Limitations:
# This is designed to work on Unix-like systems only.
class profile::puppet::g10k {
class profiles::puppet::g10k {
package { 'unzip':
ensure => installed,
@ -54,17 +54,33 @@ class profile::puppet::g10k {
require => Archive['/tmp/g10k.zip'],
}
systemd::service { 'puppet-g10k':
description => 'puppet-g10k update service',
execstart => '/opt/puppetlabs/bin/puppet-g10k',
user => 'root',
require => File['/opt/puppetlabs/bin/puppet-g10k'],
}
$_timer = @(EOT)
[Unit]
Description=puppet-g10k downloader timer
[Timer]
OnCalendar=*:0/1
RandomizedDelaySec=1s
[Install]
WantedBy=timers.target
EOT
systemd::timer { 'puppet-g10k':
description => 'Run puppet-g10k every minute',
unit => 'puppet-g10k.service',
on_calendar => '*:0/1',
require => Systemd::Service['puppet-g10k'],
$_service = @(EOT)
[Unit]
Description=puppet-g10k downloader service
[Service]
Type=oneshot
ExecStart=/opt/puppetlabs/bin/puppet-g10k
User=root
Group=root
PermissionsStartOnly=false
PrivateTmp=no
EOT
systemd::timer { 'puppet-g10k.timer':
timer_content => $_timer,
service_content => $_service,
active => true,
enable => true,
require => File['/opt/puppetlabs/bin/puppet-g10k'],
}
}

15
site/profile/manifests/puppet/puppetmaster.pp → site/profiles/manifests/puppet/puppetmaster.pp
View File

@ -1,4 +1,4 @@
# Class: profile::puppet::puppetmaster
# Class: profiles::puppet::puppetmaster
#
# This class manages the puppetmaster using the ghoneycutt-puppet module.
# It manages the server settings in the puppet.conf file.
@ -13,7 +13,7 @@
# using an ENC or Hiera.
# Example:
# node 'puppet.example.com' {
# include profile::puppet::puppetmaster
# include profiles::puppet::puppetmaster
# }
#
# Requirements:
@ -22,12 +22,13 @@
#
# Limitations:
# This is designed to work on Unix-like systems.
class profile::puppet::puppetmaster {
include profile::puppet::g10k
include profile::puppet::enc
include profile::puppet::autosign
class profiles::puppet::puppetmaster {
include profiles::puppet::r10k
include profiles::puppet::g10k
include profiles::puppet::enc
include profiles::puppet::autosign
class { 'profile::puppet::server':
class { 'profiles::puppet::server':
vardir => '/opt/puppetlabs/server/data/puppetserver',
logdir => '/var/log/puppetlabs/puppetserver',
rundir => '/var/run/puppetlabs/puppetserver',

91
site/profiles/manifests/puppet/r10k.pp Normal file
View File

@ -0,0 +1,91 @@
# Class: profiles::puppet::r10k
#
# This class manages a Git repository at /etc/puppetlabs/r10k. It includes a
# systemd service and timer to keep the repository updated every minute.
# The Git package is installed if not present, and the repository at the given
# location will always reflect the state of the remote Git repository.
#
# Parameters:
# - r10k_repo: The URL of the Git repository to clone.
#
# Actions:
# - Ensures the Git package is installed.
# - Ensures the /etc/puppetlabs/r10k directory is a clone of the given Git repository.
# - Creates a helper script '/opt/puppetlabs/bin/puppet-r10k' for updating the Git repository.
# - Creates a systemd service and timer that runs the git update script every minute.
#
# Usage:
# Directly include the class in your node definitions or classify your nodes
# using an enc or Hiera.
# Example:
# node 'puppet.example.com' {
# class { 'profiles::puppet::r10k':
# r10k_repo => 'https://github.com/user/repo.git',
# }
# }
#
# Requirements:
# - The 'puppet-vcsrepo' module should be installed on your puppetmaster.
# - The 'puppet-systemd' module should be installed on your puppetmaster.
# - '/opt/puppetlabs/bin/' directory must exist and be writable.
# - Puppet master must have access to the specified Git URL.
#
# Limitations:
# This is designed to work on Unix-like systems only.
#
class profiles::puppet::r10k (
String $r10k_repo,
){
include profiles::git::git
vcsrepo { '/etc/puppetlabs/r10k':
ensure => latest,
provider => git,
source => $r10k_repo,
require => Package['git'],
}
file { '/opt/puppetlabs/bin/puppet-r10k':
ensure => file,
owner => 'root',
group => 'root',
mode => '0755',
content => "#!/bin/bash\n(
cd /etc/puppetlabls/r10k
git reset --hard master
git clean -fd
git pull\n)",
require => Package['git'],
}
$_timer = @(EOT)
[Unit]
Description=puppet-r10k downloader timer
[Timer]
OnCalendar=*:0/5
RandomizedDelaySec=1s
[Install]
WantedBy=timers.target
EOT
$_service = @(EOT)
[Unit]
Description=puppet-r10k downloader service
[Service]
Type=oneshot
ExecStart=/opt/puppetlabs/bin/puppet-r10k
User=root
Group=root
PermissionsStartOnly=false
PrivateTmp=no
EOT
systemd::timer { 'puppet-r10k.timer':
timer_content => $_timer,
service_content => $_service,
active => true,
enable => true,
require => File['/opt/puppetlabs/bin/puppet-r10k'],
}
}

6
site/profile/manifests/puppet/server.pp → site/profiles/manifests/puppet/server.pp
View File

@ -1,4 +1,4 @@
# Class: profile::puppet::server
# Class: profiles::puppet::server
#
# This class manages Puppet server's configuration and service.
#
@ -14,7 +14,7 @@
# external_nodes - Path to the external node classifier script.
# autosign - Path to the autosign script.
#
class profile::puppet::server (
class profiles::puppet::server (
String $vardir,
String $logdir,
String $rundir,
@ -32,7 +32,7 @@ class profile::puppet::server (
owner => 'root',
group => 'root',
mode => '0644',
content => epp('profile/puppet/server/puppet.conf.epp', {
content => epp('profiles/puppet/server/puppet.conf.epp', {
'vardir' => $vardir,
'logdir' => $logdir,
'rundir' => $rundir,

67
site/profiles/manifests/yum/base.pp Normal file
View File

@ -0,0 +1,67 @@
# Class: profiles::yum::base
#
# This class manages the 'base', extras' and 'appstream' yum
# repositories for a system, based on the provided list of managed repositories.
#
# Parameters:
# -----------
# - $managed_repos: An array containing the names of the repositories to be
# managed. This can include 'base', 'extras',
# and 'appstream'.
#
# - $baseurl: The base URL for the yum repositories. This should be the root
# URL of your yum mirror server.
#
# Actions:
# --------
# - Sets up the 'base', extras', and 'appstream' yum repositories
# as specified in the $managed_repos parameter, all using the provided baseurl.
#
# - Each repo configuration includes the baseurl parameterized with the OS
# release version and architecture, and specifies the GPG key.
#
# Example usage:
# --------------
# To use this class with the default parameters:
# class { 'profiles::yum::base':
# managed_repos => ['base', 'extras', 'appstream'],
# baseurl => 'http://mylocalmirror.com/yum',
# }
#
class profiles::yum::base (
Array[String] $managed_repos,
String $baseurl,
) {
$releasever = $facts['os']['release']['major']
$basearch = $facts['os']['architecture']
if 'base' in $managed_repos {
yumrepo { 'base':
name => 'base',
descr => 'base repository',
target => '/etc/yum.repos.d/base.repo',
baseurl => "${baseurl}/${releasever}/BaseOS/${basearch}/os/",
gpgkey => "${baseurl}/RPM-GPG-KEY-${facts['os']['name']}",
}
}
if 'extras' in $managed_repos {
yumrepo { 'extras':
name => 'extras',
descr => 'extras repository',
target => '/etc/yum.repos.d/extras.repo',
baseurl => "${baseurl}/${releasever}/extras/${basearch}/os/",
gpgkey => "${baseurl}/RPM-GPG-KEY-${facts['os']['name']}",
}
}
if 'appstream' in $managed_repos {
yumrepo { 'appstream':
name => 'appstream',
descr => 'appstream repository',
target => '/etc/yum.repos.d/appstream.repo',
baseurl => "${baseurl}/${releasever}/AppStream/${basearch}/os/",
gpgkey => "${baseurl}/RPM-GPG-KEY-${facts['os']['name']}",
}
}
}

57
site/profiles/manifests/yum/epel.pp Normal file
View File

@ -0,0 +1,57 @@
# Class: profiles::yum::epel
#
# This class manages the EPEL yum repository for the system.
#
# Parameters:
# -----------
# - $baseurl: The base URL for the EPEL yum repository. This should be the root
# URL of your EPEL mirror server.
#
# Actions:
# --------
# - Checks the OS release version.
#
# - If the release version is 7, 8, or 9, it sets up the 'epel' yum repository
# and installs the EPEL release RPM from the provided baseurl.
#
# - If the release version is not supported, it raises an error.
#
# - The repo configuration includes the baseurl parameterized with the OS
# release version and architecture, and specifies the GPG key.
#
# Example usage:
# --------------
# To use this class with the default parameters:
# include profiles::yum::epel
#
# To specify a custom base URL:
# class { 'profiles::yum::epel':
# baseurl => 'http://mylocalmirror.com/yum',
# }
class profiles::yum::epel (
Array[String] $managed_repos,
String $baseurl,
) {
$releasever = $facts['os']['release']['major']
$basearch = $facts['os']['architecture']
if 'epel' in $managed_repos {
if ($releasever in [7,8,9]) {
$source = "${baseurl}/epel-release-latest-${releasever}.noarch.rpm"
yum::install { 'epel-release':
ensure => present,
source => $source,
}
} else {
err("Unsupported OS release ${releasever}")
}
yumrepo { 'epel':
name => 'epel',
descr => 'epel repository',
target => '/etc/yum.repos.d/epel.repo',
baseurl => "${baseurl}/${releasever}/Everything/${basearch}/",
gpgkey => "${baseurl}/RPM-GPG-KEY-EPEL-${releasever}",
}
}
}

102
site/profiles/manifests/yum/global.pp Normal file
View File

@ -0,0 +1,102 @@
# Class: profiles::yum::global
#
# This class manages global YUM configurations and optionally includes the
# base and EPEL yum repository profiles based on the content of the
# $managed_repos parameter, which is an array of repository names.
#
# Parameters:
# -----------
# - $managed_repos: An array of repository names that the Puppet agent should
# manage. This parameter is mandatory and the class will
# fail if it is not provided via hieradata.
# Example: ['base', 'updates', 'extras', 'appstream']
#
# Actions:
# --------
# - Configures global YUM settings, including keeping the kernel development
# packages and cleaning old kernels.
#
# - Establishes default parameters for any YUM repositories managed by Puppet.
# This includes the repository file location, the repository description,
# and enabling the repository and GPG checks.
#
# - Depending on the content of the $managed_repos parameter, it includes the
# profiles::yum::base and/or profiles::yum::epel classes.
#
# - Manages all .repo files under /etc/yum.repos.d. All the repositories listed
# in $managed_repos will have their corresponding .repo files preserved. Any
# .repo file that is not listed in $managed_repos will be removed.
#
# - Creates and maintains a /etc/yum.repos.d/.managed file that lists all the
# .repo files that should be managed by Puppet.
#
# Example usage:
# --------------
# To use this class, include the class and configure hieradata:
# include profiles::yum::global
#
# profiles::yum::managed_repos:
# - 'base'
# - 'extras'
# - 'appstream'
#
class profiles::yum::global (
Array[String] $managed_repos = lookup('profiles::yum::managed_repos'),
){
class { 'yum':
keep_kernel_devel => true,
clean_old_kernels => true,
config_options => {
gpgcheck => true,
},
}
Yumrepo {
ensure => 'present',
enabled => 1,
gpgcheck => 1,
mirrorlist => 'absent',
}
# tidy { '/etc/yum.repos.d':
# matches => ['*.repo', '!*.managed.repo'],
# recurse => true,
# rmdirs => false,
# age => '0s',
# backup => false,
# type => 'ctime',
# }
# Generate the content for the .managed file
$managed_file_content = $managed_repos.map |$repo_name| { "${repo_name}.repo" }.join("\n")
# Create the .managed file
file { '/etc/yum.repos.d/.managed':
ensure => file,
content => $managed_file_content,
}
# Define exec resource to remove .repo files not listed in .managed
exec { 'cleanup_yum_repos':
command => '/bin/bash -c "comm -23 <(ls /etc/yum.repos.d | sort)
<(sort /etc/yum.repos.d/.managed) |
xargs -n1 rm -f /etc/yum.repos.d/{}"',
onlyif => '/bin/bash -c "comm -23 <(ls /etc/yum.repos.d | sort)
<(sort /etc/yum.repos.d/.managed) | grep .repo"',
}
# Setup base repos
class { 'profiles::yum::base':
managed_repos => $managed_repos,
}
# Setup epel if included in managed_repos
class { 'profiles::yum::epel':
managed_repos => $managed_repos,
}
# Setup puppet7 if included in managed_repos
class { 'profiles::yum::puppet7':
managed_repos => $managed_repos,
}
}

59
site/profiles/manifests/yum/puppet7.pp Normal file
View File

@ -0,0 +1,59 @@
# Class: profiles::yum::epel
#
# This class manages the puppet7 yum repository for the system.
#
# Parameters:
# -----------
# - $baseurl: The base URL for the puppet7 yum repository. This should be the root
# URL of your puppet7 mirror server.
#
# Actions:
# --------
# - Checks the OS release version.
#
# - If the release version is 7, 8, or 9, it sets up the 'puppet7' yum repository
# and installs the puppet7 release RPM from the provided baseurl.
#
# - If the release version is not supported, it raises an error.
#
# - The repo configuration includes the baseurl parameterized with the OS
# release version and architecture, and specifies the GPG key.
#
# Example usage:
# --------------
# To use this class with the default parameters:
# include profiles::yum::puppet7
#
# To specify a custom base URL:
# class { 'profiles::yum::puppet7':
# baseurl => 'http://mylocalmirror.com/yum',
# }
class profiles::yum::puppet7 (
Array[String] $managed_repos,
String $baseurl = 'http://yum.puppet.com',
) {
$releasever = $facts['os']['release']['major']
$basearch = $facts['os']['architecture']
if 'puppet7' in $managed_repos {
if ($releasever in [7,8,9]) {
$source = "${baseurl}/puppet7-release-el-${releasever}.noarch.rpm"
yum::install { 'puppet-release-el':
ensure => present,
source => $source,
}
} else {
err("Unsupported OS release ${releasever}")
}
yumrepo { 'puppet7':
name => 'puppet7',
descr => 'puppet7 repository',
target => '/etc/yum.repos.d/puppet7.repo',
baseurl => "${baseurl}/puppet/el/${releasever}/${basearch}/",
gpgkey => "${baseurl}/RPM-GPG-KEY-puppet",
}
}
}

0
site/profile/templates/puppet/server/puppet.conf.epp → site/profiles/templates/puppet/server/puppet.conf.epp
View File

6
site/role/manifests/puppet/puppetmaster.pp
View File

@ -1,6 +0,0 @@
# a role to deploy the puppetmaster
# work in progress
class role::puppet::puppetmaster {
include profile::base
include profile::puppet::puppetmaster
}

6
site/roles/manifests/base.pp Normal file
View File

@ -0,0 +1,6 @@
# a role to deploy the base system
# work in progress
class roles::base {
include profiles::defaults
include profiles::base
}

7
site/roles/manifests/puppet/puppetmaster.pp Normal file
View File

@ -0,0 +1,7 @@
# a role to deploy the puppetmaster
# work in progress
class roles::puppet::puppetmaster {
include profiles::defaults
include profiles::base
include profiles::puppet::puppetmaster
}