diff --git a/Puppetfile b/Puppetfile index 3c81565..5995d48 100644 --- a/Puppetfile +++ b/Puppetfile @@ -5,9 +5,13 @@ moduledir 'external_modules' mod 'puppetlabs-stdlib', '9.1.0' mod 'puppetlabs-inifile', '6.0.0' mod 'puppetlabs-concat', '9.0.0' -mod 'eyp-eyplib', '0.1.24' -mod 'eyp-systemd', '3.1.0' +#mod 'eyp-eyplib', '0.1.24' +#mod 'eyp-systemd', '3.1.0' +mod 'puppet-systemd', '5.1.0' mod 'ghoneycutt-puppet', '3.3.0' mod 'puppet-archive', '7.0.0' mod 'puppet-chrony', '2.6.0' mod 'puppetlabs-vcsrepo', '6.1.0' +mod 'puppetlabs-yumrepo_core', '2.0.0' +mod 'puppet-yum', '7.0.0' +mod 'puppetlabs-apt', '9.1.0' diff --git a/hiera.yaml b/hiera.yaml index 600c7fd..c601683 100644 --- a/hiera.yaml +++ b/hiera.yaml @@ -6,5 +6,9 @@ defaults: hierarchy: - name: Node-specific data path: "nodes/%{trusted.certname}.yaml" + - name: "Per-OS & Release Specific Data" + path: "os/%{facts.os.name}/%{facts.os.name}%{facts.os.release.major}.yaml" + - name: "Per-OS Specific Data" + path: "os/%{facts.os.name}/all_releases.yaml" - name: Common data shared across nodes path: "common.yaml" diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 0553b6c..67fb423 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -1,9 +1,28 @@ --- -profile::base::ntp_servers: +profiles::base::ntp_servers: - 0.au.pool.ntp.org - 1.au.pool.ntp.org -profile::puppet::autosign::subnet_ranges: +profiles::base::packages::common: + - ccze + - curl + - dstat + - htop + - mtr + - ncdu + - neovim + - python3 + - screen + - strace + - sudo + - tmux + - vim + - vnstat + - wget + - zsh + +profiles::puppet::autosign::subnet_ranges: - '198.18.17.0/24' -profile::puppet::enc::enc_repo: https://git.unkin.net/unkinben/puppet-enc.git +profiles::puppet::enc::enc_repo: https://git.unkin.net/unkinben/puppet-enc.git +profiles::puppet::r10k::r10k_repo: https://git.unkin.net/unkinben/puppet-r10k.git diff --git a/hieradata/os/AlmaLinux/AlmaLinux8.yaml b/hieradata/os/AlmaLinux/AlmaLinux8.yaml new file mode 100644 index 0000000..b932b45 --- /dev/null +++ b/hieradata/os/AlmaLinux/AlmaLinux8.yaml @@ -0,0 +1,8 @@ +# hieradata/os/AlmaLinux/AlmaLinux8.yaml +--- +profiles::yum::managed_repos: + - 'base' + - 'extras' + - 'appstream' + - 'epel' + - 'puppet7' diff --git a/hieradata/os/AlmaLinux/AlmaLinux9.yaml b/hieradata/os/AlmaLinux/AlmaLinux9.yaml new file mode 100644 index 0000000..2c7f1c2 --- /dev/null +++ b/hieradata/os/AlmaLinux/AlmaLinux9.yaml @@ -0,0 +1,8 @@ +# hieradata/os/AlmaLinux/AlmaLinux9.yaml +--- +profiles::yum::managed_repos: + - 'base' + - 'extras' + - 'appstream' + - 'epel' + - 'puppet7' diff --git a/hieradata/os/AlmaLinux/all_releases.yaml b/hieradata/os/AlmaLinux/all_releases.yaml new file mode 100644 index 0000000..beee352 --- /dev/null +++ b/hieradata/os/AlmaLinux/all_releases.yaml @@ -0,0 +1,4 @@ +# hieradata/os/almalinux/all_releases.yaml +--- +profiles::yum::base::baseurl: http://almalinux.mirror.digitalpacific.com.au +profiles::yum::epel::baseurl: http://epel.mirror.digitalpacific.com.au diff --git a/hieradata/os/Debian/Debian11.yaml b/hieradata/os/Debian/Debian11.yaml new file mode 100644 index 0000000..8ed26ec --- /dev/null +++ b/hieradata/os/Debian/Debian11.yaml @@ -0,0 +1,12 @@ +# hieradata/os/Debian/Debian11.yaml +--- +profiles::apt::managed_repos: + - 'base' + - 'security' + - 'updates' + - 'puppet7' + +profiles::apt::components: + - contrib + - main + - non-free diff --git a/hieradata/os/Debian/Debian12.yaml b/hieradata/os/Debian/Debian12.yaml new file mode 100644 index 0000000..7063126 --- /dev/null +++ b/hieradata/os/Debian/Debian12.yaml @@ -0,0 +1,13 @@ +# hieradata/os/Debian/Debian12.yaml +--- +profiles::apt::managed_repos: + - 'base' + - 'security' + - 'updates' + - 'puppet7' + +profiles::apt::components: + - contrib + - main + - non-free + - non-free-firmware diff --git a/hieradata/os/Debian/all_releases.yaml b/hieradata/os/Debian/all_releases.yaml new file mode 100644 index 0000000..aa8a5bf --- /dev/null +++ b/hieradata/os/Debian/all_releases.yaml @@ -0,0 +1,7 @@ +# hieradata/os/debian/all_releases.yaml +--- +profiles::apt::base::mirrorurl: http://debian.mirror.digitalpacific.com.au/debian +profiles::apt::base::secureurl: http://security.debian.org/debian-security +profiles::apt::puppet7::mirror: http://apt.puppetlabs.com +profiles::apt::puppet7::repo: puppet7 +profiles::apt::puppet7::dist: bullseye diff --git a/manifests/site.pp b/manifests/site.pp index f2695d5..8b13789 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -1 +1 @@ -#hiera_include('classes') + diff --git a/site/profile/manifests/base.pp b/site/profile/manifests/base.pp deleted file mode 100644 index 1e9744e..0000000 --- a/site/profile/manifests/base.pp +++ /dev/null @@ -1,8 +0,0 @@ -# this is the base class, which will be used by all servers -class profile::base ( - Array $ntp_servers, -) { - class { 'chrony': - servers => $ntp_servers, - } -} diff --git a/site/profiles/manifests/apt/base.pp b/site/profiles/manifests/apt/base.pp new file mode 100644 index 0000000..584acdc --- /dev/null +++ b/site/profiles/manifests/apt/base.pp @@ -0,0 +1,71 @@ +# This class manages the configuration of base APT repositories +# +# Parameters: +# - $managed_repos: An array of repositories to manage, such as 'base', 'security', +# 'updates', 'backports' (optional) +# - $components: An array of components for the repositories (e.g., 'main', 'contrib') +# - $mirrorurl: The base URL of the mirror for the base repository +# - $secureurl: The base URL of the mirror for the security repository +# +# Dependencies: +# - Puppet facts: The class relies on certain facts about the target system, +# including the OS architecture and distribution codename. +# +# Description: +# This class manages the configuration of base APT repositories on the target system. +# It supports the management of repositories specified in the $managed_repos parameter, +# including 'base', 'security', 'updates', and 'backports'. The class retrieves necessary +# information from Puppet facts, such as the OS architecture and distribution codename. +# It creates apt::source resources for each repository, setting the appropriate location, +# repos, and release values based on the provided parameters. +# +# Example usage: +# class { 'profiles::apt::base': +# managed_repos => ['base', 'security'], +# components => ['main', 'contrib'], +# mirrorurl => 'http://mirror.example.com', +# secureurl => 'http://security.example.com', +# } +class profiles::apt::base ( + Array[String] $managed_repos, + Array[String] $components, + String $mirrorurl, + String $secureurl, +) { + $codename = $facts['os']['distro']['codename'] + + # Join the array into a space-separated string + $repo_components = join($components, ' ') + + if 'base' in $managed_repos { + apt::source { 'base': + location => $mirrorurl, + repos => $repo_components, + release => $codename, + } + } + + if 'security' in $managed_repos { + apt::source { 'security': + location => $secureurl, + repos => $repo_components, + release => "${codename}-security", + } + } + + if 'updates' in $managed_repos { + apt::source { 'updates': + location => $mirrorurl, + repos => $repo_components, + release => "${codename}-updates", + } + } + + if 'backports' in $managed_repos { + apt::source { 'backports': + location => $mirrorurl, + repos => $repo_components, + release => "${codename}-backports", + } + } +} diff --git a/site/profiles/manifests/apt/global.pp b/site/profiles/manifests/apt/global.pp new file mode 100644 index 0000000..58845bb --- /dev/null +++ b/site/profiles/manifests/apt/global.pp @@ -0,0 +1,70 @@ +# Class: profiles::apt::global +# +# This class manages global APT configurations and optionally includes the +# base and Puppet7 apt repository profiles. The profiles included are based on +# the content of the $managed_repos parameter, which is an array of repository names. +# +# Parameters: +# ----------- +# $managed_repos: An array of repository names that should be managed by Puppet agent. +# This parameter is mandatory and the class will fail if it is not provided via hieradata. +# Example: ['base', 'security', 'updates', 'backports'] +# +# Actions: +# -------- +# Configures global APT settings, including setting up the 'src' and 'deb' options for all +# repositories managed by Puppet. +# Establishes default parameters for any APT repositories managed by Puppet. +# These parameters include the repository description, the inclusion of 'src' and 'deb', +# and the pinning. +# Depending on the content of the $managed_repos parameter, it includes the +# profiles::apt::base and/or profiles::apt::puppet7 classes. +# Manages all .list files under /etc/apt/sources.list.d. All the repositories listed +# in $managed_repos will have their corresponding .list files preserved. Any +# .list file that is not listed in $managed_repos will be removed. +# Manages /etc/apt/sources.list file to be empty. +# +# Example usage: +# -------------- +# To use this class, include it and configure hieradata: +# include profiles::apt::global +# +# profiles::apt::managed_repos: +# - 'base' +# - 'security' +# - 'updates' +# - 'backports' +class profiles::apt::global ( + Array[String] $managed_repos = lookup('profiles::apt::managed_repos'), + Array[String] $components = lookup('profiles::apt::components'), +){ + class { 'apt': + sources_list_force => true, + purge => { + 'sources.list' => true, + 'sources.list.d' => true, + }, + update => { + frequency => 'daily', + loglevel => 'debug', + }, + } + + Apt::Source { + include => { + 'src' => true, + 'deb' => true, + }, + } + + # Setup base repos + class { 'profiles::apt::base': + managed_repos => $managed_repos, + components => $components, + } + + # Setup puppet7 if included in managed_repos + class { 'profiles::apt::puppet7': + managed_repos => $managed_repos, + } +} diff --git a/site/profiles/manifests/apt/puppet7.pp b/site/profiles/manifests/apt/puppet7.pp new file mode 100644 index 0000000..e9e336f --- /dev/null +++ b/site/profiles/manifests/apt/puppet7.pp @@ -0,0 +1,60 @@ +# This class manages the installation and configuration of Puppet 7 +# +# Parameters: +# - $managed_repos: An array of additional repositories to manage (optional) +# - $mirror: The base URL of the repository mirror +# - $repo: The repository name +# - $release: The release name +# +# Dependencies: +# - Puppet facts: The class relies on certain facts about the target system, +# including the OS release, architecture, and distribution codename. +# +# Description: +# This class installs Puppet 7 on the target system by managing the repository +# configuration and installing the appropriate package. It also supports the +# management of additional repositories specified in the $managed_repos parameter. +# The class retrieves necessary information from Puppet facts, such as the OS +# release version, architecture, and distribution codename. It downloads the +# Puppet release deb file from the specified mirror and installs it using dpkg. +# Additionally, it configures the main Puppet repository using the apt::source resource. +# +# Example usage: +# class { 'profiles::apt::puppet7': +# managed_repos => ['extra-repo'], +# mirror => 'http://mirror.example.com', +# release => 'puppet7', +# repo => 'bullseye', +# } +class profiles::apt::puppet7 ( + Array[String] $managed_repos, + String $mirror, + String $repo, + String $dist, +) { + + $codename = $facts['os']['distro']['codename'] + + if 'puppet7' in $managed_repos { + $puppet_source = "${mirror}/${repo}-release-${dist}.deb" + + # Install the puppet release using dpkg + package { "${repo}-${dist}": + ensure => installed, + name => "${repo}-release", + provider => dpkg, + source => $puppet_source, + } + + # deb http://apt.puppet.com bullseye puppet7 + apt::source { 'puppet7': + location => $mirror, + repos => $repo, + release => $dist, + include => { + 'src' => false, + 'deb' => true, + }, + } + } +} diff --git a/site/profiles/manifests/base.pp b/site/profiles/manifests/base.pp new file mode 100644 index 0000000..5a5493c --- /dev/null +++ b/site/profiles/manifests/base.pp @@ -0,0 +1,24 @@ +# this is the base class, which will be used by all servers +class profiles::base ( + Array $ntp_servers, +) { + class { 'chrony': + servers => $ntp_servers, + } + case $facts['os']['family'] { + 'RedHat': { + include profiles::yum::global + } + 'Debian': { + include profiles::apt::global + } + default: { + fail("Unsupported OS family ${facts['os']['family']}") + } + } + + class { 'profiles::base::packages': + packages => hiera('profiles::base::packages::common'), + ensure => 'installed', + } +} diff --git a/site/profiles/manifests/base/packages.pp b/site/profiles/manifests/base/packages.pp new file mode 100644 index 0000000..6c15811 --- /dev/null +++ b/site/profiles/manifests/base/packages.pp @@ -0,0 +1,27 @@ +# This class manages the installation of packages for the base profile +# +# Parameters: +# - $packages: An array of package names to be installed (optional) +# +# Description: +# This class installs a list of packages specified in the $packages parameter +# using the `package` resource from Puppet. Each package in the array is installed +# with the `ensure => installed` attribute, ensuring that the package is present +# on the target system. By default, the class retrieves the package list from Hiera +# using the key 'profiles::base::packages::common'. +# +# Example usage: +# class { 'profiles::base::packages': +# packages => ['package1', 'package2', 'package3'], +# +class profiles::base::packages ( + Array $packages, + Enum[ + 'present', + 'absent', + 'latest', + 'installed' + ] $ensure = 'installed', +){ + ensure_packages($packages, {'ensure' => $ensure}) +} diff --git a/site/profiles/manifests/defaults.pp b/site/profiles/manifests/defaults.pp new file mode 100644 index 0000000..5c72fb6 --- /dev/null +++ b/site/profiles/manifests/defaults.pp @@ -0,0 +1,30 @@ +# settings that apply to all nodes +# use this as a place to set resource defaults +class profiles::defaults { + + # set the global exec path + Exec { + path => ['/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/'], + } + + Package { + ensure => present, + } + + File { + ensure => present, + owner => 'root', + group => 'root', + mode => '0644', + } + + Service { + ensure => running, + enable => true, + } + + User { + ensure => present, + shell => '/bin/bash', + } +} diff --git a/site/profiles/manifests/git/git.pp b/site/profiles/manifests/git/git.pp new file mode 100644 index 0000000..ca3b4e7 --- /dev/null +++ b/site/profiles/manifests/git/git.pp @@ -0,0 +1,24 @@ +# Class: profiles::git::git +# +# This class ensures that the Git package is installed. +# +# It uses the 'package' resource to manage the Git package, +# and will ensure that it is installed. This class does not +# manage any configurations related to Git, it only ensures +# that the package is installed. +# +# The class does not take any parameters. +# +# Example usage: +# -------------- +# To use this class, you simply need to declare it in your manifest: +# +# include profiles::git::git +# +# You do not need to pass any parameters. +# +class profiles::git::git { + package { 'git': + ensure => installed, + } +} diff --git a/site/profile/manifests/puppet/autosign.pp b/site/profiles/manifests/puppet/autosign.pp similarity index 92% rename from site/profile/manifests/puppet/autosign.pp rename to site/profiles/manifests/puppet/autosign.pp index 56c072a..dd722b8 100644 --- a/site/profile/manifests/puppet/autosign.pp +++ b/site/profiles/manifests/puppet/autosign.pp @@ -1,4 +1,4 @@ -# Class: profile::puppet::autosign +# Class: profiles::puppet::autosign # # This class manages an autosign script for the Puppet master. # It sets up a Ruby script that automatically signs Puppet node requests @@ -15,7 +15,7 @@ # The class can be declared in a node definition or classified using an ENC or Hiera. # Example: # node 'puppet.example.com' { -# class { 'profile::puppet::autosign': +# class { 'profiles::puppet::autosign': # subnet_ranges => ['198.18.17.0/24', '10.0.0.0/8'], # } # } @@ -27,7 +27,7 @@ # # Limitations: # This is designed to work on Unix-like systems. -class profile::puppet::autosign ( +class profiles::puppet::autosign ( Array[Stdlib::IP::Address::V4::CIDR] $subnet_ranges, ) { diff --git a/site/profile/manifests/puppet/enc.pp b/site/profiles/manifests/puppet/enc.pp similarity index 72% rename from site/profile/manifests/puppet/enc.pp rename to site/profiles/manifests/puppet/enc.pp index 62db939..6745587 100644 --- a/site/profile/manifests/puppet/enc.pp +++ b/site/profiles/manifests/puppet/enc.pp @@ -1,4 +1,4 @@ -# Class: profile::puppet::enc +# Class: profiles::puppet::enc # # This class manages a Git repository at /opt/puppetlabs/enc. It includes a # systemd service and timer to keep the repository updated every minute. @@ -19,7 +19,7 @@ # using an ENC or Hiera. # Example: # node 'puppet.example.com' { -# class { 'profile::puppet::enc': +# class { 'profiles::puppet::enc': # enc_repo => 'https://github.com/user/repo.git', # } # } @@ -33,13 +33,11 @@ # Limitations: # This is designed to work on Unix-like systems only. # -class profile::puppet::enc ( +class profiles::puppet::enc ( String $enc_repo, ) { - package { 'git': - ensure => installed, - } + include profiles::git::git vcsrepo { '/opt/puppetlabs/enc': ensure => latest, @@ -67,17 +65,33 @@ class profile::puppet::enc ( require => Package['git'], } - systemd::service { 'puppet-enc': - description => 'puppet-enc update service', - execstart => '/opt/puppetlabs/bin/puppet-enc', - user => 'root', - require => File['/opt/puppetlabs/bin/puppet-enc'], - } + $_timer = @(EOT) + [Unit] + Description=puppet-enc downloader timer + [Timer] + OnCalendar=*:0/1 + RandomizedDelaySec=1s + [Install] + WantedBy=timers.target + EOT - systemd::timer { 'puppet-enc': - description => 'Run puppet-enc every minute', - unit => 'puppet-enc.service', - on_calendar => '*:0/1', - require => Systemd::Service['puppet-enc'], + $_service = @(EOT) + [Unit] + Description=puppet-enc downloader service + [Service] + Type=oneshot + ExecStart=/opt/puppetlabs/bin/puppet-enc + User=root + Group=root + PermissionsStartOnly=false + PrivateTmp=no + EOT + + systemd::timer { 'puppet-enc.timer': + timer_content => $_timer, + service_content => $_service, + active => true, + enable => true, + require => File['/opt/puppetlabs/bin/puppet-enc'], } } diff --git a/site/profile/manifests/puppet/g10k.pp b/site/profiles/manifests/puppet/g10k.pp similarity index 72% rename from site/profile/manifests/puppet/g10k.pp rename to site/profiles/manifests/puppet/g10k.pp index cc420c2..958e53e 100644 --- a/site/profile/manifests/puppet/g10k.pp +++ b/site/profiles/manifests/puppet/g10k.pp @@ -1,4 +1,4 @@ -# Class: profile::puppet::g10k +# Class: profiles::puppet::g10k # # This class handles downloading and installation of the g10k tool, a fast # Git and Forge based Puppet environment and module deployment tool. @@ -19,7 +19,7 @@ # using an ENC or Hiera. # Example: # node 'puppet.example.com' { -# include profile::puppet::g10k +# include profiles::puppet::g10k # } # # Requirements: @@ -30,7 +30,7 @@ # # Limitations: # This is designed to work on Unix-like systems only. -class profile::puppet::g10k { +class profiles::puppet::g10k { package { 'unzip': ensure => installed, @@ -54,17 +54,33 @@ class profile::puppet::g10k { require => Archive['/tmp/g10k.zip'], } - systemd::service { 'puppet-g10k': - description => 'puppet-g10k update service', - execstart => '/opt/puppetlabs/bin/puppet-g10k', - user => 'root', - require => File['/opt/puppetlabs/bin/puppet-g10k'], - } + $_timer = @(EOT) + [Unit] + Description=puppet-g10k downloader timer + [Timer] + OnCalendar=*:0/1 + RandomizedDelaySec=1s + [Install] + WantedBy=timers.target + EOT - systemd::timer { 'puppet-g10k': - description => 'Run puppet-g10k every minute', - unit => 'puppet-g10k.service', - on_calendar => '*:0/1', - require => Systemd::Service['puppet-g10k'], + $_service = @(EOT) + [Unit] + Description=puppet-g10k downloader service + [Service] + Type=oneshot + ExecStart=/opt/puppetlabs/bin/puppet-g10k + User=root + Group=root + PermissionsStartOnly=false + PrivateTmp=no + EOT + + systemd::timer { 'puppet-g10k.timer': + timer_content => $_timer, + service_content => $_service, + active => true, + enable => true, + require => File['/opt/puppetlabs/bin/puppet-g10k'], } } diff --git a/site/profile/manifests/puppet/puppetmaster.pp b/site/profiles/manifests/puppet/puppetmaster.pp similarity index 80% rename from site/profile/manifests/puppet/puppetmaster.pp rename to site/profiles/manifests/puppet/puppetmaster.pp index 4424712..eaeaeba 100644 --- a/site/profile/manifests/puppet/puppetmaster.pp +++ b/site/profiles/manifests/puppet/puppetmaster.pp @@ -1,4 +1,4 @@ -# Class: profile::puppet::puppetmaster +# Class: profiles::puppet::puppetmaster # # This class manages the puppetmaster using the ghoneycutt-puppet module. # It manages the server settings in the puppet.conf file. @@ -13,7 +13,7 @@ # using an ENC or Hiera. # Example: # node 'puppet.example.com' { -# include profile::puppet::puppetmaster +# include profiles::puppet::puppetmaster # } # # Requirements: @@ -22,12 +22,13 @@ # # Limitations: # This is designed to work on Unix-like systems. -class profile::puppet::puppetmaster { - include profile::puppet::g10k - include profile::puppet::enc - include profile::puppet::autosign +class profiles::puppet::puppetmaster { + include profiles::puppet::r10k + include profiles::puppet::g10k + include profiles::puppet::enc + include profiles::puppet::autosign - class { 'profile::puppet::server': + class { 'profiles::puppet::server': vardir => '/opt/puppetlabs/server/data/puppetserver', logdir => '/var/log/puppetlabs/puppetserver', rundir => '/var/run/puppetlabs/puppetserver', diff --git a/site/profiles/manifests/puppet/r10k.pp b/site/profiles/manifests/puppet/r10k.pp new file mode 100644 index 0000000..c404be7 --- /dev/null +++ b/site/profiles/manifests/puppet/r10k.pp @@ -0,0 +1,91 @@ +# Class: profiles::puppet::r10k +# +# This class manages a Git repository at /etc/puppetlabs/r10k. It includes a +# systemd service and timer to keep the repository updated every minute. +# The Git package is installed if not present, and the repository at the given +# location will always reflect the state of the remote Git repository. +# +# Parameters: +# - r10k_repo: The URL of the Git repository to clone. +# +# Actions: +# - Ensures the Git package is installed. +# - Ensures the /etc/puppetlabs/r10k directory is a clone of the given Git repository. +# - Creates a helper script '/opt/puppetlabs/bin/puppet-r10k' for updating the Git repository. +# - Creates a systemd service and timer that runs the git update script every minute. +# +# Usage: +# Directly include the class in your node definitions or classify your nodes +# using an enc or Hiera. +# Example: +# node 'puppet.example.com' { +# class { 'profiles::puppet::r10k': +# r10k_repo => 'https://github.com/user/repo.git', +# } +# } +# +# Requirements: +# - The 'puppet-vcsrepo' module should be installed on your puppetmaster. +# - The 'puppet-systemd' module should be installed on your puppetmaster. +# - '/opt/puppetlabs/bin/' directory must exist and be writable. +# - Puppet master must have access to the specified Git URL. +# +# Limitations: +# This is designed to work on Unix-like systems only. +# +class profiles::puppet::r10k ( + String $r10k_repo, +){ + + include profiles::git::git + + vcsrepo { '/etc/puppetlabs/r10k': + ensure => latest, + provider => git, + source => $r10k_repo, + require => Package['git'], + } + + file { '/opt/puppetlabs/bin/puppet-r10k': + ensure => file, + owner => 'root', + group => 'root', + mode => '0755', + content => "#!/bin/bash\n( + cd /etc/puppetlabls/r10k + git reset --hard master + git clean -fd + git pull\n)", + require => Package['git'], + } + + $_timer = @(EOT) + [Unit] + Description=puppet-r10k downloader timer + [Timer] + OnCalendar=*:0/5 + RandomizedDelaySec=1s + [Install] + WantedBy=timers.target + EOT + + $_service = @(EOT) + [Unit] + Description=puppet-r10k downloader service + [Service] + Type=oneshot + ExecStart=/opt/puppetlabs/bin/puppet-r10k + User=root + Group=root + PermissionsStartOnly=false + PrivateTmp=no + EOT + + systemd::timer { 'puppet-r10k.timer': + timer_content => $_timer, + service_content => $_service, + active => true, + enable => true, + require => File['/opt/puppetlabs/bin/puppet-r10k'], + } +} diff --git a/site/profile/manifests/puppet/server.pp b/site/profiles/manifests/puppet/server.pp similarity index 91% rename from site/profile/manifests/puppet/server.pp rename to site/profiles/manifests/puppet/server.pp index 235bf88..03b82c3 100644 --- a/site/profile/manifests/puppet/server.pp +++ b/site/profiles/manifests/puppet/server.pp @@ -1,4 +1,4 @@ -# Class: profile::puppet::server +# Class: profiles::puppet::server # # This class manages Puppet server's configuration and service. # @@ -14,7 +14,7 @@ # external_nodes - Path to the external node classifier script. # autosign - Path to the autosign script. # -class profile::puppet::server ( +class profiles::puppet::server ( String $vardir, String $logdir, String $rundir, @@ -32,7 +32,7 @@ class profile::puppet::server ( owner => 'root', group => 'root', mode => '0644', - content => epp('profile/puppet/server/puppet.conf.epp', { + content => epp('profiles/puppet/server/puppet.conf.epp', { 'vardir' => $vardir, 'logdir' => $logdir, 'rundir' => $rundir, diff --git a/site/profiles/manifests/yum/base.pp b/site/profiles/manifests/yum/base.pp new file mode 100644 index 0000000..4d2ea53 --- /dev/null +++ b/site/profiles/manifests/yum/base.pp @@ -0,0 +1,67 @@ +# Class: profiles::yum::base +# +# This class manages the 'base', extras' and 'appstream' yum +# repositories for a system, based on the provided list of managed repositories. +# +# Parameters: +# ----------- +# - $managed_repos: An array containing the names of the repositories to be +# managed. This can include 'base', 'extras', +# and 'appstream'. +# +# - $baseurl: The base URL for the yum repositories. This should be the root +# URL of your yum mirror server. +# +# Actions: +# -------- +# - Sets up the 'base', extras', and 'appstream' yum repositories +# as specified in the $managed_repos parameter, all using the provided baseurl. +# +# - Each repo configuration includes the baseurl parameterized with the OS +# release version and architecture, and specifies the GPG key. +# +# Example usage: +# -------------- +# To use this class with the default parameters: +# class { 'profiles::yum::base': +# managed_repos => ['base', 'extras', 'appstream'], +# baseurl => 'http://mylocalmirror.com/yum', +# } +# +class profiles::yum::base ( + Array[String] $managed_repos, + String $baseurl, +) { + $releasever = $facts['os']['release']['major'] + $basearch = $facts['os']['architecture'] + + if 'base' in $managed_repos { + yumrepo { 'base': + name => 'base', + descr => 'base repository', + target => '/etc/yum.repos.d/base.repo', + baseurl => "${baseurl}/${releasever}/BaseOS/${basearch}/os/", + gpgkey => "${baseurl}/RPM-GPG-KEY-${facts['os']['name']}", + } + } + + if 'extras' in $managed_repos { + yumrepo { 'extras': + name => 'extras', + descr => 'extras repository', + target => '/etc/yum.repos.d/extras.repo', + baseurl => "${baseurl}/${releasever}/extras/${basearch}/os/", + gpgkey => "${baseurl}/RPM-GPG-KEY-${facts['os']['name']}", + } + } + + if 'appstream' in $managed_repos { + yumrepo { 'appstream': + name => 'appstream', + descr => 'appstream repository', + target => '/etc/yum.repos.d/appstream.repo', + baseurl => "${baseurl}/${releasever}/AppStream/${basearch}/os/", + gpgkey => "${baseurl}/RPM-GPG-KEY-${facts['os']['name']}", + } + } +} diff --git a/site/profiles/manifests/yum/epel.pp b/site/profiles/manifests/yum/epel.pp new file mode 100644 index 0000000..fe2be21 --- /dev/null +++ b/site/profiles/manifests/yum/epel.pp @@ -0,0 +1,57 @@ +# Class: profiles::yum::epel +# +# This class manages the EPEL yum repository for the system. +# +# Parameters: +# ----------- +# - $baseurl: The base URL for the EPEL yum repository. This should be the root +# URL of your EPEL mirror server. +# +# Actions: +# -------- +# - Checks the OS release version. +# +# - If the release version is 7, 8, or 9, it sets up the 'epel' yum repository +# and installs the EPEL release RPM from the provided baseurl. +# +# - If the release version is not supported, it raises an error. +# +# - The repo configuration includes the baseurl parameterized with the OS +# release version and architecture, and specifies the GPG key. +# +# Example usage: +# -------------- +# To use this class with the default parameters: +# include profiles::yum::epel +# +# To specify a custom base URL: +# class { 'profiles::yum::epel': +# baseurl => 'http://mylocalmirror.com/yum', +# } +class profiles::yum::epel ( + Array[String] $managed_repos, + String $baseurl, +) { + $releasever = $facts['os']['release']['major'] + $basearch = $facts['os']['architecture'] + + if 'epel' in $managed_repos { + if ($releasever in [7,8,9]) { + $source = "${baseurl}/epel-release-latest-${releasever}.noarch.rpm" + + yum::install { 'epel-release': + ensure => present, + source => $source, + } + } else { + err("Unsupported OS release ${releasever}") + } + yumrepo { 'epel': + name => 'epel', + descr => 'epel repository', + target => '/etc/yum.repos.d/epel.repo', + baseurl => "${baseurl}/${releasever}/Everything/${basearch}/", + gpgkey => "${baseurl}/RPM-GPG-KEY-EPEL-${releasever}", + } + } +} diff --git a/site/profiles/manifests/yum/global.pp b/site/profiles/manifests/yum/global.pp new file mode 100644 index 0000000..70481c7 --- /dev/null +++ b/site/profiles/manifests/yum/global.pp @@ -0,0 +1,102 @@ +# Class: profiles::yum::global +# +# This class manages global YUM configurations and optionally includes the +# base and EPEL yum repository profiles based on the content of the +# $managed_repos parameter, which is an array of repository names. +# +# Parameters: +# ----------- +# - $managed_repos: An array of repository names that the Puppet agent should +# manage. This parameter is mandatory and the class will +# fail if it is not provided via hieradata. +# Example: ['base', 'updates', 'extras', 'appstream'] +# +# Actions: +# -------- +# - Configures global YUM settings, including keeping the kernel development +# packages and cleaning old kernels. +# +# - Establishes default parameters for any YUM repositories managed by Puppet. +# This includes the repository file location, the repository description, +# and enabling the repository and GPG checks. +# +# - Depending on the content of the $managed_repos parameter, it includes the +# profiles::yum::base and/or profiles::yum::epel classes. +# +# - Manages all .repo files under /etc/yum.repos.d. All the repositories listed +# in $managed_repos will have their corresponding .repo files preserved. Any +# .repo file that is not listed in $managed_repos will be removed. +# +# - Creates and maintains a /etc/yum.repos.d/.managed file that lists all the +# .repo files that should be managed by Puppet. +# +# Example usage: +# -------------- +# To use this class, include the class and configure hieradata: +# include profiles::yum::global +# +# profiles::yum::managed_repos: +# - 'base' +# - 'extras' +# - 'appstream' +# +class profiles::yum::global ( + Array[String] $managed_repos = lookup('profiles::yum::managed_repos'), +){ + class { 'yum': + keep_kernel_devel => true, + clean_old_kernels => true, + config_options => { + gpgcheck => true, + }, + } + + Yumrepo { + ensure => 'present', + enabled => 1, + gpgcheck => 1, + mirrorlist => 'absent', + } + +# tidy { '/etc/yum.repos.d': +# matches => ['*.repo', '!*.managed.repo'], +# recurse => true, +# rmdirs => false, +# age => '0s', +# backup => false, +# type => 'ctime', +# } + + # Generate the content for the .managed file + $managed_file_content = $managed_repos.map |$repo_name| { "${repo_name}.repo" }.join("\n") + + # Create the .managed file + file { '/etc/yum.repos.d/.managed': + ensure => file, + content => $managed_file_content, + } + + # Define exec resource to remove .repo files not listed in .managed + exec { 'cleanup_yum_repos': + command => '/bin/bash -c "comm -23 <(ls /etc/yum.repos.d | sort) + <(sort /etc/yum.repos.d/.managed) | + xargs -n1 rm -f /etc/yum.repos.d/{}"', + onlyif => '/bin/bash -c "comm -23 <(ls /etc/yum.repos.d | sort) + <(sort /etc/yum.repos.d/.managed) | grep .repo"', + } + + # Setup base repos + class { 'profiles::yum::base': + managed_repos => $managed_repos, + } + + # Setup epel if included in managed_repos + class { 'profiles::yum::epel': + managed_repos => $managed_repos, + } + + # Setup puppet7 if included in managed_repos + class { 'profiles::yum::puppet7': + managed_repos => $managed_repos, + } +} diff --git a/site/profiles/manifests/yum/puppet7.pp b/site/profiles/manifests/yum/puppet7.pp new file mode 100644 index 0000000..4ceb7a1 --- /dev/null +++ b/site/profiles/manifests/yum/puppet7.pp @@ -0,0 +1,59 @@ +# Class: profiles::yum::epel +# +# This class manages the puppet7 yum repository for the system. +# +# Parameters: +# ----------- +# - $baseurl: The base URL for the puppet7 yum repository. This should be the root +# URL of your puppet7 mirror server. +# +# Actions: +# -------- +# - Checks the OS release version. +# +# - If the release version is 7, 8, or 9, it sets up the 'puppet7' yum repository +# and installs the puppet7 release RPM from the provided baseurl. +# +# - If the release version is not supported, it raises an error. +# +# - The repo configuration includes the baseurl parameterized with the OS +# release version and architecture, and specifies the GPG key. +# +# Example usage: +# -------------- +# To use this class with the default parameters: +# include profiles::yum::puppet7 +# +# To specify a custom base URL: +# class { 'profiles::yum::puppet7': +# baseurl => 'http://mylocalmirror.com/yum', +# } +class profiles::yum::puppet7 ( + Array[String] $managed_repos, + String $baseurl = 'http://yum.puppet.com', +) { + $releasever = $facts['os']['release']['major'] + $basearch = $facts['os']['architecture'] + + if 'puppet7' in $managed_repos { + if ($releasever in [7,8,9]) { + $source = "${baseurl}/puppet7-release-el-${releasever}.noarch.rpm" + + yum::install { 'puppet-release-el': + ensure => present, + source => $source, + } + } else { + err("Unsupported OS release ${releasever}") + } + + + yumrepo { 'puppet7': + name => 'puppet7', + descr => 'puppet7 repository', + target => '/etc/yum.repos.d/puppet7.repo', + baseurl => "${baseurl}/puppet/el/${releasever}/${basearch}/", + gpgkey => "${baseurl}/RPM-GPG-KEY-puppet", + } + } +} diff --git a/site/profile/templates/puppet/server/puppet.conf.epp b/site/profiles/templates/puppet/server/puppet.conf.epp similarity index 100% rename from site/profile/templates/puppet/server/puppet.conf.epp rename to site/profiles/templates/puppet/server/puppet.conf.epp diff --git a/site/role/manifests/puppet/puppetmaster.pp b/site/role/manifests/puppet/puppetmaster.pp deleted file mode 100644 index f04f3fe..0000000 --- a/site/role/manifests/puppet/puppetmaster.pp +++ /dev/null @@ -1,6 +0,0 @@ -# a role to deploy the puppetmaster -# work in progress -class role::puppet::puppetmaster { - include profile::base - include profile::puppet::puppetmaster - } diff --git a/site/roles/manifests/base.pp b/site/roles/manifests/base.pp new file mode 100644 index 0000000..86164e4 --- /dev/null +++ b/site/roles/manifests/base.pp @@ -0,0 +1,6 @@ +# a role to deploy the base system +# work in progress +class roles::base { + include profiles::defaults + include profiles::base + } diff --git a/site/roles/manifests/puppet/puppetmaster.pp b/site/roles/manifests/puppet/puppetmaster.pp new file mode 100644 index 0000000..b87f183 --- /dev/null +++ b/site/roles/manifests/puppet/puppetmaster.pp @@ -0,0 +1,7 @@ +# a role to deploy the puppetmaster +# work in progress +class roles::puppet::puppetmaster { + include profiles::defaults + include profiles::base + include profiles::puppet::puppetmaster + }