From 87d9d920e84f323e93f85f2ae708582a2a824d4b Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Thu, 22 Jun 2023 21:35:24 +1000 Subject: [PATCH 01/17] Added classes to manage repositories for yum * manage all base repositories * manage epel if required * cleanup /etc/yum.repos.d directory --- Puppetfile | 2 + hiera.yaml | 4 + hieradata/os/AlmaLinux/AlmaLinux8.yaml | 7 ++ hieradata/os/AlmaLinux/AlmaLinux9.yaml | 7 ++ hieradata/os/AlmaLinux/all_releases.yaml | 4 + site/profile/manifests/base.pp | 2 + site/profile/manifests/yum/base.pp | 67 ++++++++++++++++ site/profile/manifests/yum/epel.pp | 57 ++++++++++++++ site/profile/manifests/yum/global.pp | 98 ++++++++++++++++++++++++ 9 files changed, 248 insertions(+) create mode 100644 hieradata/os/AlmaLinux/AlmaLinux8.yaml create mode 100644 hieradata/os/AlmaLinux/AlmaLinux9.yaml create mode 100644 hieradata/os/AlmaLinux/all_releases.yaml create mode 100644 site/profile/manifests/yum/base.pp create mode 100644 site/profile/manifests/yum/epel.pp create mode 100644 site/profile/manifests/yum/global.pp diff --git a/Puppetfile b/Puppetfile index 3c81565..fd87de8 100644 --- a/Puppetfile +++ b/Puppetfile @@ -11,3 +11,5 @@ mod 'ghoneycutt-puppet', '3.3.0' mod 'puppet-archive', '7.0.0' mod 'puppet-chrony', '2.6.0' mod 'puppetlabs-vcsrepo', '6.1.0' +mod 'puppetlabs-yumrepo_core', '2.0.0' +mod 'puppet-yum', '7.0.0' diff --git a/hiera.yaml b/hiera.yaml index 600c7fd..c601683 100644 --- a/hiera.yaml +++ b/hiera.yaml @@ -6,5 +6,9 @@ defaults: hierarchy: - name: Node-specific data path: "nodes/%{trusted.certname}.yaml" + - name: "Per-OS & Release Specific Data" + path: "os/%{facts.os.name}/%{facts.os.name}%{facts.os.release.major}.yaml" + - name: "Per-OS Specific Data" + path: "os/%{facts.os.name}/all_releases.yaml" - name: Common data shared across nodes path: "common.yaml" diff --git a/hieradata/os/AlmaLinux/AlmaLinux8.yaml b/hieradata/os/AlmaLinux/AlmaLinux8.yaml new file mode 100644 index 0000000..054926a --- /dev/null +++ b/hieradata/os/AlmaLinux/AlmaLinux8.yaml @@ -0,0 +1,7 @@ +# hieradata/os/AlmaLinux/AlmaLinux8.yaml +--- +profile::yum::managed_repos: + - 'base' + - 'extras' + - 'appstream' + - 'epel' diff --git a/hieradata/os/AlmaLinux/AlmaLinux9.yaml b/hieradata/os/AlmaLinux/AlmaLinux9.yaml new file mode 100644 index 0000000..b0c9384 --- /dev/null +++ b/hieradata/os/AlmaLinux/AlmaLinux9.yaml @@ -0,0 +1,7 @@ +# hieradata/os/AlmaLinux/AlmaLinux9.yaml +--- +profile::yum::managed_repos: + - 'base' + - 'extras' + - 'appstream' + - 'epel' diff --git a/hieradata/os/AlmaLinux/all_releases.yaml b/hieradata/os/AlmaLinux/all_releases.yaml new file mode 100644 index 0000000..a02c28e --- /dev/null +++ b/hieradata/os/AlmaLinux/all_releases.yaml @@ -0,0 +1,4 @@ +# hieradata/os/almalinux/all_releases.yaml +--- +profile::yum::base::baseurl: http://almalinux.mirror.digitalpacific.com.au +profile::yum::epel::baseurl: http://epel.mirror.digitalpacific.com.au diff --git a/site/profile/manifests/base.pp b/site/profile/manifests/base.pp index 1e9744e..feb8c5e 100644 --- a/site/profile/manifests/base.pp +++ b/site/profile/manifests/base.pp @@ -5,4 +5,6 @@ class profile::base ( class { 'chrony': servers => $ntp_servers, } + + include profile::yum::global } diff --git a/site/profile/manifests/yum/base.pp b/site/profile/manifests/yum/base.pp new file mode 100644 index 0000000..7ac952e --- /dev/null +++ b/site/profile/manifests/yum/base.pp @@ -0,0 +1,67 @@ +# Class: profile::yum::base +# +# This class manages the 'base', extras' and 'appstream' yum +# repositories for a system, based on the provided list of managed repositories. +# +# Parameters: +# ----------- +# - $managed_repos: An array containing the names of the repositories to be +# managed. This can include 'base', 'extras', +# and 'appstream'. +# +# - $baseurl: The base URL for the yum repositories. This should be the root +# URL of your yum mirror server. +# +# Actions: +# -------- +# - Sets up the 'base', extras', and 'appstream' yum repositories +# as specified in the $managed_repos parameter, all using the provided baseurl. +# +# - Each repo configuration includes the baseurl parameterized with the OS +# release version and architecture, and specifies the GPG key. +# +# Example usage: +# -------------- +# To use this class with the default parameters: +# class { 'profile::yum::base': +# managed_repos => ['base', 'extras', 'appstream'], +# baseurl => 'http://mylocalmirror.com/yum', +# } +# +class profile::yum::base ( + Array[String] $managed_repos, + String $baseurl, +) { + $releasever = $facts['os']['release']['major'] + $basearch = $facts['os']['architecture'] + + if 'base' in $managed_repos { + yumrepo { 'base': + name => 'base', + descr => 'base repository', + target => '/etc/yum.repos.d/base.repo', + baseurl => "${baseurl}/${releasever}/BaseOS/${basearch}/os/", + gpgkey => "${baseurl}/RPM-GPG-KEY-${facts['os']['name']}", + } + } + + if 'extras' in $managed_repos { + yumrepo { 'extras': + name => 'extras', + descr => 'extras repository', + target => '/etc/yum.repos.d/extras.repo', + baseurl => "${baseurl}/${releasever}/extras/${basearch}/os/", + gpgkey => "${baseurl}/RPM-GPG-KEY-${facts['os']['name']}", + } + } + + if 'appstream' in $managed_repos { + yumrepo { 'appstream': + name => 'appstream', + descr => 'appstream repository', + target => '/etc/yum.repos.d/appstream.repo', + baseurl => "${baseurl}/${releasever}/AppStream/${basearch}/os/", + gpgkey => "${baseurl}/RPM-GPG-KEY-${facts['os']['name']}", + } + } +} diff --git a/site/profile/manifests/yum/epel.pp b/site/profile/manifests/yum/epel.pp new file mode 100644 index 0000000..47f1b10 --- /dev/null +++ b/site/profile/manifests/yum/epel.pp @@ -0,0 +1,57 @@ +# Class: profile::yum::epel +# +# This class manages the EPEL yum repository for the system. +# +# Parameters: +# ----------- +# - $baseurl: The base URL for the EPEL yum repository. This should be the root +# URL of your EPEL mirror server. +# +# Actions: +# -------- +# - Checks the OS release version. +# +# - If the release version is 7, 8, or 9, it sets up the 'epel' yum repository +# and installs the EPEL release RPM from the provided baseurl. +# +# - If the release version is not supported, it raises an error. +# +# - The repo configuration includes the baseurl parameterized with the OS +# release version and architecture, and specifies the GPG key. +# +# Example usage: +# -------------- +# To use this class with the default parameters: +# include profile::yum::epel +# +# To specify a custom base URL: +# class { 'profile::yum::epel': +# baseurl => 'http://mylocalmirror.com/yum', +# } +class profile::yum::epel ( + Array[String] $managed_repos, + String $baseurl, +) { + $releasever = $facts['os']['release']['major'] + $basearch = $facts['os']['architecture'] + + if 'epel' in $managed_repos { + if ($releasever in [7,8,9]) { + $source = "${baseurl}/epel-release-latest-${releasever}.noarch.rpm" + + yum::install { 'epel-release': + ensure => present, + source => $source, + } + } else { + err("Unsupported OS release ${releasever}") + } + yumrepo { 'epel': + name => 'epel', + descr => 'epel repository', + target => '/etc/yum.repos.d/epel.repo', + baseurl => "${baseurl}/${releasever}/Everything/${basearch}/", + gpgkey => "${baseurl}/RPM-GPG-KEY-EPEL-${releasever}", + } + } +} diff --git a/site/profile/manifests/yum/global.pp b/site/profile/manifests/yum/global.pp new file mode 100644 index 0000000..6946d9a --- /dev/null +++ b/site/profile/manifests/yum/global.pp @@ -0,0 +1,98 @@ +# Class: profile::yum::global +# +# This class manages global YUM configurations and optionally includes the +# base and EPEL yum repository profiles based on the content of the +# $managed_repos parameter, which is an array of repository names. +# +# Parameters: +# ----------- +# - $managed_repos: An array of repository names that the Puppet agent should +# manage. This parameter is mandatory and the class will +# fail if it is not provided via hieradata. +# Example: ['base', 'updates', 'extras', 'appstream'] +# +# Actions: +# -------- +# - Configures global YUM settings, including keeping the kernel development +# packages and cleaning old kernels. +# +# - Establishes default parameters for any YUM repositories managed by Puppet. +# This includes the repository file location, the repository description, +# and enabling the repository and GPG checks. +# +# - Depending on the content of the $managed_repos parameter, it includes the +# profile::yum::base and/or profile::yum::epel classes. +# +# - Manages all .repo files under /etc/yum.repos.d. All the repositories listed +# in $managed_repos will have their corresponding .repo files preserved. Any +# .repo file that is not listed in $managed_repos will be removed. +# +# - Creates and maintains a /etc/yum.repos.d/.managed file that lists all the +# .repo files that should be managed by Puppet. +# +# Example usage: +# -------------- +# To use this class, include the class and configure hieradata: +# include profile::yum::global +# +# profile::yum::managed_repos: +# - 'base' +# - 'extras' +# - 'appstream' +# +class profile::yum::global ( + Array[String] $managed_repos = lookup('profile::yum::managed_repos'), +){ + class { 'yum': + keep_kernel_devel => true, + clean_old_kernels => true, + config_options => { + gpgcheck => true, + }, + } + + Yumrepo { + ensure => 'present', + enabled => 1, + gpgcheck => 1, + mirrorlist => 'absent', + } + +# tidy { '/etc/yum.repos.d': +# matches => ['*.repo', '!*.managed.repo'], +# recurse => true, +# rmdirs => false, +# age => '0s', +# backup => false, +# type => 'ctime', +# } + + # Generate the content for the .managed file + $managed_file_content = $managed_repos.map |$repo_name| { "${repo_name}.repo" }.join("\n") + + # Create the .managed file + file { '/etc/yum.repos.d/.managed': + ensure => file, + content => $managed_file_content, + } + + # Define exec resource to remove .repo files not listed in .managed + exec { 'cleanup_yum_repos': + command => '/bin/bash -c "comm -23 <(ls /etc/yum.repos.d | sort) + <(sort /etc/yum.repos.d/.managed) | + xargs -n1 rm -f /etc/yum.repos.d/{}"', + path => ['/bin', '/usr/bin'], + onlyif => '/bin/bash -c "comm -23 <(ls /etc/yum.repos.d | sort) + <(sort /etc/yum.repos.d/.managed) | grep .repo"', + } + + # Setup base repos + class { 'profile::yum::base': + managed_repos => $managed_repos, + } + + # Setup epel if included in managed_repos + class { 'profile::yum::epel': + managed_repos => $managed_repos, + } +} From 93c4689d8d0f3356a389bbf70756cfd9e7d7dd5a Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sat, 24 Jun 2023 22:21:49 +1000 Subject: [PATCH 02/17] Setup puppet7 repo for el distros * create that puppet7.repo file * install the puppet-release rpm --- hieradata/os/AlmaLinux/AlmaLinux8.yaml | 1 + hieradata/os/AlmaLinux/AlmaLinux9.yaml | 1 + site/profile/manifests/yum/global.pp | 5 +++ site/profile/manifests/yum/puppet7.pp | 59 ++++++++++++++++++++++++++ 4 files changed, 66 insertions(+) create mode 100644 site/profile/manifests/yum/puppet7.pp diff --git a/hieradata/os/AlmaLinux/AlmaLinux8.yaml b/hieradata/os/AlmaLinux/AlmaLinux8.yaml index 054926a..5fbacc0 100644 --- a/hieradata/os/AlmaLinux/AlmaLinux8.yaml +++ b/hieradata/os/AlmaLinux/AlmaLinux8.yaml @@ -5,3 +5,4 @@ profile::yum::managed_repos: - 'extras' - 'appstream' - 'epel' + - 'puppet7' diff --git a/hieradata/os/AlmaLinux/AlmaLinux9.yaml b/hieradata/os/AlmaLinux/AlmaLinux9.yaml index b0c9384..2332cc2 100644 --- a/hieradata/os/AlmaLinux/AlmaLinux9.yaml +++ b/hieradata/os/AlmaLinux/AlmaLinux9.yaml @@ -5,3 +5,4 @@ profile::yum::managed_repos: - 'extras' - 'appstream' - 'epel' + - 'puppet7' diff --git a/site/profile/manifests/yum/global.pp b/site/profile/manifests/yum/global.pp index 6946d9a..d6f2ee8 100644 --- a/site/profile/manifests/yum/global.pp +++ b/site/profile/manifests/yum/global.pp @@ -95,4 +95,9 @@ class profile::yum::global ( class { 'profile::yum::epel': managed_repos => $managed_repos, } + + # Setup puppet7 if included in managed_repos + class { 'profile::yum::puppet7': + managed_repos => $managed_repos, + } } diff --git a/site/profile/manifests/yum/puppet7.pp b/site/profile/manifests/yum/puppet7.pp new file mode 100644 index 0000000..da603be --- /dev/null +++ b/site/profile/manifests/yum/puppet7.pp @@ -0,0 +1,59 @@ +# Class: profile::yum::epel +# +# This class manages the puppet7 yum repository for the system. +# +# Parameters: +# ----------- +# - $baseurl: The base URL for the puppet7 yum repository. This should be the root +# URL of your puppet7 mirror server. +# +# Actions: +# -------- +# - Checks the OS release version. +# +# - If the release version is 7, 8, or 9, it sets up the 'puppet7' yum repository +# and installs the puppet7 release RPM from the provided baseurl. +# +# - If the release version is not supported, it raises an error. +# +# - The repo configuration includes the baseurl parameterized with the OS +# release version and architecture, and specifies the GPG key. +# +# Example usage: +# -------------- +# To use this class with the default parameters: +# include profile::yum::puppet7 +# +# To specify a custom base URL: +# class { 'profile::yum::puppet7': +# baseurl => 'http://mylocalmirror.com/yum', +# } +class profile::yum::puppet7 ( + Array[String] $managed_repos, + String $baseurl = 'http://yum.puppet.com', +) { + $releasever = $facts['os']['release']['major'] + $basearch = $facts['os']['architecture'] + + if 'puppet7' in $managed_repos { + if ($releasever in [7,8,9]) { + $source = "${baseurl}/puppet7-release-el-${releasever}.noarch.rpm" + + yum::install { 'puppet-release-el': + ensure => present, + source => $source, + } + } else { + err("Unsupported OS release ${releasever}") + } + + + yumrepo { 'puppet7': + name => 'puppet7', + descr => 'puppet7 repository', + target => '/etc/yum.repos.d/puppet7.repo', + baseurl => "${baseurl}/puppet/el/${releasever}/${basearch}/", + gpgkey => "${baseurl}/RPM-GPG-KEY-puppet", + } + } +} From 1b7e807c0ede0ea08539491d9923f8f162fda0c1 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sun, 25 Jun 2023 13:06:36 +1000 Subject: [PATCH 03/17] Renamed role/profile directories * renamed role to roles * renamed profile to profiles * cleaned up all profiles/roles/hieradata to match new paths --- hieradata/common.yaml | 6 +++--- hieradata/os/AlmaLinux/AlmaLinux8.yaml | 2 +- hieradata/os/AlmaLinux/AlmaLinux9.yaml | 2 +- hieradata/os/AlmaLinux/all_releases.yaml | 4 ++-- site/{profile => profiles}/manifests/base.pp | 4 ++-- .../manifests/puppet/autosign.pp | 6 +++--- .../manifests/puppet/enc.pp | 6 +++--- .../manifests/puppet/g10k.pp | 6 +++--- .../manifests/puppet/puppetmaster.pp | 12 ++++++------ .../manifests/puppet/server.pp | 4 ++-- .../manifests/yum/base.pp | 6 +++--- .../manifests/yum/epel.pp | 8 ++++---- .../manifests/yum/global.pp | 18 +++++++++--------- .../manifests/yum/puppet7.pp | 8 ++++---- .../templates/puppet/server/puppet.conf.epp | 0 site/role/manifests/puppet/puppetmaster.pp | 6 ------ site/roles/manifests/puppet/puppetmaster.pp | 6 ++++++ 17 files changed, 52 insertions(+), 52 deletions(-) rename site/{profile => profiles}/manifests/base.pp (72%) rename site/{profile => profiles}/manifests/puppet/autosign.pp (92%) rename site/{profile => profiles}/manifests/puppet/enc.pp (95%) rename site/{profile => profiles}/manifests/puppet/g10k.pp (95%) rename site/{profile => profiles}/manifests/puppet/puppetmaster.pp (84%) rename site/{profile => profiles}/manifests/puppet/server.pp (95%) rename site/{profile => profiles}/manifests/yum/base.pp (95%) rename site/{profile => profiles}/manifests/yum/epel.pp (92%) rename site/{profile => profiles}/manifests/yum/global.pp (88%) rename site/{profile => profiles}/manifests/yum/puppet7.pp (92%) rename site/{profile => profiles}/templates/puppet/server/puppet.conf.epp (100%) delete mode 100644 site/role/manifests/puppet/puppetmaster.pp create mode 100644 site/roles/manifests/puppet/puppetmaster.pp diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 0553b6c..afa73b2 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -1,9 +1,9 @@ --- -profile::base::ntp_servers: +profiles::base::ntp_servers: - 0.au.pool.ntp.org - 1.au.pool.ntp.org -profile::puppet::autosign::subnet_ranges: +profiles::puppet::autosign::subnet_ranges: - '198.18.17.0/24' -profile::puppet::enc::enc_repo: https://git.unkin.net/unkinben/puppet-enc.git +profiles::puppet::enc::enc_repo: https://git.unkin.net/unkinben/puppet-enc.git diff --git a/hieradata/os/AlmaLinux/AlmaLinux8.yaml b/hieradata/os/AlmaLinux/AlmaLinux8.yaml index 5fbacc0..b932b45 100644 --- a/hieradata/os/AlmaLinux/AlmaLinux8.yaml +++ b/hieradata/os/AlmaLinux/AlmaLinux8.yaml @@ -1,6 +1,6 @@ # hieradata/os/AlmaLinux/AlmaLinux8.yaml --- -profile::yum::managed_repos: +profiles::yum::managed_repos: - 'base' - 'extras' - 'appstream' diff --git a/hieradata/os/AlmaLinux/AlmaLinux9.yaml b/hieradata/os/AlmaLinux/AlmaLinux9.yaml index 2332cc2..2c7f1c2 100644 --- a/hieradata/os/AlmaLinux/AlmaLinux9.yaml +++ b/hieradata/os/AlmaLinux/AlmaLinux9.yaml @@ -1,6 +1,6 @@ # hieradata/os/AlmaLinux/AlmaLinux9.yaml --- -profile::yum::managed_repos: +profiles::yum::managed_repos: - 'base' - 'extras' - 'appstream' diff --git a/hieradata/os/AlmaLinux/all_releases.yaml b/hieradata/os/AlmaLinux/all_releases.yaml index a02c28e..beee352 100644 --- a/hieradata/os/AlmaLinux/all_releases.yaml +++ b/hieradata/os/AlmaLinux/all_releases.yaml @@ -1,4 +1,4 @@ # hieradata/os/almalinux/all_releases.yaml --- -profile::yum::base::baseurl: http://almalinux.mirror.digitalpacific.com.au -profile::yum::epel::baseurl: http://epel.mirror.digitalpacific.com.au +profiles::yum::base::baseurl: http://almalinux.mirror.digitalpacific.com.au +profiles::yum::epel::baseurl: http://epel.mirror.digitalpacific.com.au diff --git a/site/profile/manifests/base.pp b/site/profiles/manifests/base.pp similarity index 72% rename from site/profile/manifests/base.pp rename to site/profiles/manifests/base.pp index feb8c5e..ecf07e4 100644 --- a/site/profile/manifests/base.pp +++ b/site/profiles/manifests/base.pp @@ -1,10 +1,10 @@ # this is the base class, which will be used by all servers -class profile::base ( +class profiles::base ( Array $ntp_servers, ) { class { 'chrony': servers => $ntp_servers, } - include profile::yum::global + include profiles::yum::global } diff --git a/site/profile/manifests/puppet/autosign.pp b/site/profiles/manifests/puppet/autosign.pp similarity index 92% rename from site/profile/manifests/puppet/autosign.pp rename to site/profiles/manifests/puppet/autosign.pp index 56c072a..dd722b8 100644 --- a/site/profile/manifests/puppet/autosign.pp +++ b/site/profiles/manifests/puppet/autosign.pp @@ -1,4 +1,4 @@ -# Class: profile::puppet::autosign +# Class: profiles::puppet::autosign # # This class manages an autosign script for the Puppet master. # It sets up a Ruby script that automatically signs Puppet node requests @@ -15,7 +15,7 @@ # The class can be declared in a node definition or classified using an ENC or Hiera. # Example: # node 'puppet.example.com' { -# class { 'profile::puppet::autosign': +# class { 'profiles::puppet::autosign': # subnet_ranges => ['198.18.17.0/24', '10.0.0.0/8'], # } # } @@ -27,7 +27,7 @@ # # Limitations: # This is designed to work on Unix-like systems. -class profile::puppet::autosign ( +class profiles::puppet::autosign ( Array[Stdlib::IP::Address::V4::CIDR] $subnet_ranges, ) { diff --git a/site/profile/manifests/puppet/enc.pp b/site/profiles/manifests/puppet/enc.pp similarity index 95% rename from site/profile/manifests/puppet/enc.pp rename to site/profiles/manifests/puppet/enc.pp index 62db939..897cc98 100644 --- a/site/profile/manifests/puppet/enc.pp +++ b/site/profiles/manifests/puppet/enc.pp @@ -1,4 +1,4 @@ -# Class: profile::puppet::enc +# Class: profiles::puppet::enc # # This class manages a Git repository at /opt/puppetlabs/enc. It includes a # systemd service and timer to keep the repository updated every minute. @@ -19,7 +19,7 @@ # using an ENC or Hiera. # Example: # node 'puppet.example.com' { -# class { 'profile::puppet::enc': +# class { 'profiles::puppet::enc': # enc_repo => 'https://github.com/user/repo.git', # } # } @@ -33,7 +33,7 @@ # Limitations: # This is designed to work on Unix-like systems only. # -class profile::puppet::enc ( +class profiles::puppet::enc ( String $enc_repo, ) { diff --git a/site/profile/manifests/puppet/g10k.pp b/site/profiles/manifests/puppet/g10k.pp similarity index 95% rename from site/profile/manifests/puppet/g10k.pp rename to site/profiles/manifests/puppet/g10k.pp index cc420c2..72e5309 100644 --- a/site/profile/manifests/puppet/g10k.pp +++ b/site/profiles/manifests/puppet/g10k.pp @@ -1,4 +1,4 @@ -# Class: profile::puppet::g10k +# Class: profiles::puppet::g10k # # This class handles downloading and installation of the g10k tool, a fast # Git and Forge based Puppet environment and module deployment tool. @@ -19,7 +19,7 @@ # using an ENC or Hiera. # Example: # node 'puppet.example.com' { -# include profile::puppet::g10k +# include profiles::puppet::g10k # } # # Requirements: @@ -30,7 +30,7 @@ # # Limitations: # This is designed to work on Unix-like systems only. -class profile::puppet::g10k { +class profiles::puppet::g10k { package { 'unzip': ensure => installed, diff --git a/site/profile/manifests/puppet/puppetmaster.pp b/site/profiles/manifests/puppet/puppetmaster.pp similarity index 84% rename from site/profile/manifests/puppet/puppetmaster.pp rename to site/profiles/manifests/puppet/puppetmaster.pp index 4424712..dbcdf38 100644 --- a/site/profile/manifests/puppet/puppetmaster.pp +++ b/site/profiles/manifests/puppet/puppetmaster.pp @@ -1,4 +1,4 @@ -# Class: profile::puppet::puppetmaster +# Class: profiles::puppet::puppetmaster # # This class manages the puppetmaster using the ghoneycutt-puppet module. # It manages the server settings in the puppet.conf file. @@ -13,7 +13,7 @@ # using an ENC or Hiera. # Example: # node 'puppet.example.com' { -# include profile::puppet::puppetmaster +# include profiles::puppet::puppetmaster # } # # Requirements: @@ -22,10 +22,10 @@ # # Limitations: # This is designed to work on Unix-like systems. -class profile::puppet::puppetmaster { - include profile::puppet::g10k - include profile::puppet::enc - include profile::puppet::autosign +class profiles::puppet::puppetmaster { + include profiles::puppet::g10k + include profiles::puppet::enc + include profiles::puppet::autosign class { 'profile::puppet::server': vardir => '/opt/puppetlabs/server/data/puppetserver', diff --git a/site/profile/manifests/puppet/server.pp b/site/profiles/manifests/puppet/server.pp similarity index 95% rename from site/profile/manifests/puppet/server.pp rename to site/profiles/manifests/puppet/server.pp index 235bf88..4b97470 100644 --- a/site/profile/manifests/puppet/server.pp +++ b/site/profiles/manifests/puppet/server.pp @@ -1,4 +1,4 @@ -# Class: profile::puppet::server +# Class: profiles::puppet::server # # This class manages Puppet server's configuration and service. # @@ -14,7 +14,7 @@ # external_nodes - Path to the external node classifier script. # autosign - Path to the autosign script. # -class profile::puppet::server ( +class profiles::puppet::server ( String $vardir, String $logdir, String $rundir, diff --git a/site/profile/manifests/yum/base.pp b/site/profiles/manifests/yum/base.pp similarity index 95% rename from site/profile/manifests/yum/base.pp rename to site/profiles/manifests/yum/base.pp index 7ac952e..4d2ea53 100644 --- a/site/profile/manifests/yum/base.pp +++ b/site/profiles/manifests/yum/base.pp @@ -1,4 +1,4 @@ -# Class: profile::yum::base +# Class: profiles::yum::base # # This class manages the 'base', extras' and 'appstream' yum # repositories for a system, based on the provided list of managed repositories. @@ -23,12 +23,12 @@ # Example usage: # -------------- # To use this class with the default parameters: -# class { 'profile::yum::base': +# class { 'profiles::yum::base': # managed_repos => ['base', 'extras', 'appstream'], # baseurl => 'http://mylocalmirror.com/yum', # } # -class profile::yum::base ( +class profiles::yum::base ( Array[String] $managed_repos, String $baseurl, ) { diff --git a/site/profile/manifests/yum/epel.pp b/site/profiles/manifests/yum/epel.pp similarity index 92% rename from site/profile/manifests/yum/epel.pp rename to site/profiles/manifests/yum/epel.pp index 47f1b10..fe2be21 100644 --- a/site/profile/manifests/yum/epel.pp +++ b/site/profiles/manifests/yum/epel.pp @@ -1,4 +1,4 @@ -# Class: profile::yum::epel +# Class: profiles::yum::epel # # This class manages the EPEL yum repository for the system. # @@ -22,13 +22,13 @@ # Example usage: # -------------- # To use this class with the default parameters: -# include profile::yum::epel +# include profiles::yum::epel # # To specify a custom base URL: -# class { 'profile::yum::epel': +# class { 'profiles::yum::epel': # baseurl => 'http://mylocalmirror.com/yum', # } -class profile::yum::epel ( +class profiles::yum::epel ( Array[String] $managed_repos, String $baseurl, ) { diff --git a/site/profile/manifests/yum/global.pp b/site/profiles/manifests/yum/global.pp similarity index 88% rename from site/profile/manifests/yum/global.pp rename to site/profiles/manifests/yum/global.pp index d6f2ee8..bbeb2dd 100644 --- a/site/profile/manifests/yum/global.pp +++ b/site/profiles/manifests/yum/global.pp @@ -1,4 +1,4 @@ -# Class: profile::yum::global +# Class: profiles::yum::global # # This class manages global YUM configurations and optionally includes the # base and EPEL yum repository profiles based on the content of the @@ -21,7 +21,7 @@ # and enabling the repository and GPG checks. # # - Depending on the content of the $managed_repos parameter, it includes the -# profile::yum::base and/or profile::yum::epel classes. +# profiles::yum::base and/or profiles::yum::epel classes. # # - Manages all .repo files under /etc/yum.repos.d. All the repositories listed # in $managed_repos will have their corresponding .repo files preserved. Any @@ -33,15 +33,15 @@ # Example usage: # -------------- # To use this class, include the class and configure hieradata: -# include profile::yum::global +# include profiles::yum::global # -# profile::yum::managed_repos: +# profiles::yum::managed_repos: # - 'base' # - 'extras' # - 'appstream' # -class profile::yum::global ( - Array[String] $managed_repos = lookup('profile::yum::managed_repos'), +class profiles::yum::global ( + Array[String] $managed_repos = lookup('profiles::yum::managed_repos'), ){ class { 'yum': keep_kernel_devel => true, @@ -87,17 +87,17 @@ class profile::yum::global ( } # Setup base repos - class { 'profile::yum::base': + class { 'profiles::yum::base': managed_repos => $managed_repos, } # Setup epel if included in managed_repos - class { 'profile::yum::epel': + class { 'profiles::yum::epel': managed_repos => $managed_repos, } # Setup puppet7 if included in managed_repos - class { 'profile::yum::puppet7': + class { 'profiles::yum::puppet7': managed_repos => $managed_repos, } } diff --git a/site/profile/manifests/yum/puppet7.pp b/site/profiles/manifests/yum/puppet7.pp similarity index 92% rename from site/profile/manifests/yum/puppet7.pp rename to site/profiles/manifests/yum/puppet7.pp index da603be..4ceb7a1 100644 --- a/site/profile/manifests/yum/puppet7.pp +++ b/site/profiles/manifests/yum/puppet7.pp @@ -1,4 +1,4 @@ -# Class: profile::yum::epel +# Class: profiles::yum::epel # # This class manages the puppet7 yum repository for the system. # @@ -22,13 +22,13 @@ # Example usage: # -------------- # To use this class with the default parameters: -# include profile::yum::puppet7 +# include profiles::yum::puppet7 # # To specify a custom base URL: -# class { 'profile::yum::puppet7': +# class { 'profiles::yum::puppet7': # baseurl => 'http://mylocalmirror.com/yum', # } -class profile::yum::puppet7 ( +class profiles::yum::puppet7 ( Array[String] $managed_repos, String $baseurl = 'http://yum.puppet.com', ) { diff --git a/site/profile/templates/puppet/server/puppet.conf.epp b/site/profiles/templates/puppet/server/puppet.conf.epp similarity index 100% rename from site/profile/templates/puppet/server/puppet.conf.epp rename to site/profiles/templates/puppet/server/puppet.conf.epp diff --git a/site/role/manifests/puppet/puppetmaster.pp b/site/role/manifests/puppet/puppetmaster.pp deleted file mode 100644 index f04f3fe..0000000 --- a/site/role/manifests/puppet/puppetmaster.pp +++ /dev/null @@ -1,6 +0,0 @@ -# a role to deploy the puppetmaster -# work in progress -class role::puppet::puppetmaster { - include profile::base - include profile::puppet::puppetmaster - } diff --git a/site/roles/manifests/puppet/puppetmaster.pp b/site/roles/manifests/puppet/puppetmaster.pp new file mode 100644 index 0000000..9536470 --- /dev/null +++ b/site/roles/manifests/puppet/puppetmaster.pp @@ -0,0 +1,6 @@ +# a role to deploy the puppetmaster +# work in progress +class roles::puppet::puppetmaster { + include profiles::base + include profiles::puppet::puppetmaster + } From 87c38eadf25515a90b32a9e75b0814a6bba3a0b1 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sun, 25 Jun 2023 13:06:36 +1000 Subject: [PATCH 04/17] Renamed role/profile directories * renamed role to roles * renamed profile to profiles * cleaned up all profiles/roles/hieradata to match new paths --- hieradata/common.yaml | 6 +++--- hieradata/os/AlmaLinux/AlmaLinux8.yaml | 2 +- hieradata/os/AlmaLinux/AlmaLinux9.yaml | 2 +- hieradata/os/AlmaLinux/all_releases.yaml | 4 ++-- site/{profile => profiles}/manifests/base.pp | 4 ++-- .../manifests/puppet/autosign.pp | 6 +++--- .../manifests/puppet/enc.pp | 6 +++--- .../manifests/puppet/g10k.pp | 6 +++--- .../manifests/puppet/puppetmaster.pp | 14 +++++++------- .../manifests/puppet/server.pp | 6 +++--- .../manifests/yum/base.pp | 6 +++--- .../manifests/yum/epel.pp | 8 ++++---- .../manifests/yum/global.pp | 18 +++++++++--------- .../manifests/yum/puppet7.pp | 8 ++++---- .../templates/puppet/server/puppet.conf.epp | 0 site/role/manifests/puppet/puppetmaster.pp | 6 ------ site/roles/manifests/puppet/puppetmaster.pp | 6 ++++++ 17 files changed, 54 insertions(+), 54 deletions(-) rename site/{profile => profiles}/manifests/base.pp (72%) rename site/{profile => profiles}/manifests/puppet/autosign.pp (92%) rename site/{profile => profiles}/manifests/puppet/enc.pp (95%) rename site/{profile => profiles}/manifests/puppet/g10k.pp (95%) rename site/{profile => profiles}/manifests/puppet/puppetmaster.pp (81%) rename site/{profile => profiles}/manifests/puppet/server.pp (91%) rename site/{profile => profiles}/manifests/yum/base.pp (95%) rename site/{profile => profiles}/manifests/yum/epel.pp (92%) rename site/{profile => profiles}/manifests/yum/global.pp (88%) rename site/{profile => profiles}/manifests/yum/puppet7.pp (92%) rename site/{profile => profiles}/templates/puppet/server/puppet.conf.epp (100%) delete mode 100644 site/role/manifests/puppet/puppetmaster.pp create mode 100644 site/roles/manifests/puppet/puppetmaster.pp diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 0553b6c..afa73b2 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -1,9 +1,9 @@ --- -profile::base::ntp_servers: +profiles::base::ntp_servers: - 0.au.pool.ntp.org - 1.au.pool.ntp.org -profile::puppet::autosign::subnet_ranges: +profiles::puppet::autosign::subnet_ranges: - '198.18.17.0/24' -profile::puppet::enc::enc_repo: https://git.unkin.net/unkinben/puppet-enc.git +profiles::puppet::enc::enc_repo: https://git.unkin.net/unkinben/puppet-enc.git diff --git a/hieradata/os/AlmaLinux/AlmaLinux8.yaml b/hieradata/os/AlmaLinux/AlmaLinux8.yaml index 5fbacc0..b932b45 100644 --- a/hieradata/os/AlmaLinux/AlmaLinux8.yaml +++ b/hieradata/os/AlmaLinux/AlmaLinux8.yaml @@ -1,6 +1,6 @@ # hieradata/os/AlmaLinux/AlmaLinux8.yaml --- -profile::yum::managed_repos: +profiles::yum::managed_repos: - 'base' - 'extras' - 'appstream' diff --git a/hieradata/os/AlmaLinux/AlmaLinux9.yaml b/hieradata/os/AlmaLinux/AlmaLinux9.yaml index 2332cc2..2c7f1c2 100644 --- a/hieradata/os/AlmaLinux/AlmaLinux9.yaml +++ b/hieradata/os/AlmaLinux/AlmaLinux9.yaml @@ -1,6 +1,6 @@ # hieradata/os/AlmaLinux/AlmaLinux9.yaml --- -profile::yum::managed_repos: +profiles::yum::managed_repos: - 'base' - 'extras' - 'appstream' diff --git a/hieradata/os/AlmaLinux/all_releases.yaml b/hieradata/os/AlmaLinux/all_releases.yaml index a02c28e..beee352 100644 --- a/hieradata/os/AlmaLinux/all_releases.yaml +++ b/hieradata/os/AlmaLinux/all_releases.yaml @@ -1,4 +1,4 @@ # hieradata/os/almalinux/all_releases.yaml --- -profile::yum::base::baseurl: http://almalinux.mirror.digitalpacific.com.au -profile::yum::epel::baseurl: http://epel.mirror.digitalpacific.com.au +profiles::yum::base::baseurl: http://almalinux.mirror.digitalpacific.com.au +profiles::yum::epel::baseurl: http://epel.mirror.digitalpacific.com.au diff --git a/site/profile/manifests/base.pp b/site/profiles/manifests/base.pp similarity index 72% rename from site/profile/manifests/base.pp rename to site/profiles/manifests/base.pp index feb8c5e..ecf07e4 100644 --- a/site/profile/manifests/base.pp +++ b/site/profiles/manifests/base.pp @@ -1,10 +1,10 @@ # this is the base class, which will be used by all servers -class profile::base ( +class profiles::base ( Array $ntp_servers, ) { class { 'chrony': servers => $ntp_servers, } - include profile::yum::global + include profiles::yum::global } diff --git a/site/profile/manifests/puppet/autosign.pp b/site/profiles/manifests/puppet/autosign.pp similarity index 92% rename from site/profile/manifests/puppet/autosign.pp rename to site/profiles/manifests/puppet/autosign.pp index 56c072a..dd722b8 100644 --- a/site/profile/manifests/puppet/autosign.pp +++ b/site/profiles/manifests/puppet/autosign.pp @@ -1,4 +1,4 @@ -# Class: profile::puppet::autosign +# Class: profiles::puppet::autosign # # This class manages an autosign script for the Puppet master. # It sets up a Ruby script that automatically signs Puppet node requests @@ -15,7 +15,7 @@ # The class can be declared in a node definition or classified using an ENC or Hiera. # Example: # node 'puppet.example.com' { -# class { 'profile::puppet::autosign': +# class { 'profiles::puppet::autosign': # subnet_ranges => ['198.18.17.0/24', '10.0.0.0/8'], # } # } @@ -27,7 +27,7 @@ # # Limitations: # This is designed to work on Unix-like systems. -class profile::puppet::autosign ( +class profiles::puppet::autosign ( Array[Stdlib::IP::Address::V4::CIDR] $subnet_ranges, ) { diff --git a/site/profile/manifests/puppet/enc.pp b/site/profiles/manifests/puppet/enc.pp similarity index 95% rename from site/profile/manifests/puppet/enc.pp rename to site/profiles/manifests/puppet/enc.pp index 62db939..897cc98 100644 --- a/site/profile/manifests/puppet/enc.pp +++ b/site/profiles/manifests/puppet/enc.pp @@ -1,4 +1,4 @@ -# Class: profile::puppet::enc +# Class: profiles::puppet::enc # # This class manages a Git repository at /opt/puppetlabs/enc. It includes a # systemd service and timer to keep the repository updated every minute. @@ -19,7 +19,7 @@ # using an ENC or Hiera. # Example: # node 'puppet.example.com' { -# class { 'profile::puppet::enc': +# class { 'profiles::puppet::enc': # enc_repo => 'https://github.com/user/repo.git', # } # } @@ -33,7 +33,7 @@ # Limitations: # This is designed to work on Unix-like systems only. # -class profile::puppet::enc ( +class profiles::puppet::enc ( String $enc_repo, ) { diff --git a/site/profile/manifests/puppet/g10k.pp b/site/profiles/manifests/puppet/g10k.pp similarity index 95% rename from site/profile/manifests/puppet/g10k.pp rename to site/profiles/manifests/puppet/g10k.pp index cc420c2..72e5309 100644 --- a/site/profile/manifests/puppet/g10k.pp +++ b/site/profiles/manifests/puppet/g10k.pp @@ -1,4 +1,4 @@ -# Class: profile::puppet::g10k +# Class: profiles::puppet::g10k # # This class handles downloading and installation of the g10k tool, a fast # Git and Forge based Puppet environment and module deployment tool. @@ -19,7 +19,7 @@ # using an ENC or Hiera. # Example: # node 'puppet.example.com' { -# include profile::puppet::g10k +# include profiles::puppet::g10k # } # # Requirements: @@ -30,7 +30,7 @@ # # Limitations: # This is designed to work on Unix-like systems only. -class profile::puppet::g10k { +class profiles::puppet::g10k { package { 'unzip': ensure => installed, diff --git a/site/profile/manifests/puppet/puppetmaster.pp b/site/profiles/manifests/puppet/puppetmaster.pp similarity index 81% rename from site/profile/manifests/puppet/puppetmaster.pp rename to site/profiles/manifests/puppet/puppetmaster.pp index 4424712..919b8f3 100644 --- a/site/profile/manifests/puppet/puppetmaster.pp +++ b/site/profiles/manifests/puppet/puppetmaster.pp @@ -1,4 +1,4 @@ -# Class: profile::puppet::puppetmaster +# Class: profiles::puppet::puppetmaster # # This class manages the puppetmaster using the ghoneycutt-puppet module. # It manages the server settings in the puppet.conf file. @@ -13,7 +13,7 @@ # using an ENC or Hiera. # Example: # node 'puppet.example.com' { -# include profile::puppet::puppetmaster +# include profiles::puppet::puppetmaster # } # # Requirements: @@ -22,12 +22,12 @@ # # Limitations: # This is designed to work on Unix-like systems. -class profile::puppet::puppetmaster { - include profile::puppet::g10k - include profile::puppet::enc - include profile::puppet::autosign +class profiles::puppet::puppetmaster { + include profiles::puppet::g10k + include profiles::puppet::enc + include profiles::puppet::autosign - class { 'profile::puppet::server': + class { 'profiles::puppet::server': vardir => '/opt/puppetlabs/server/data/puppetserver', logdir => '/var/log/puppetlabs/puppetserver', rundir => '/var/run/puppetlabs/puppetserver', diff --git a/site/profile/manifests/puppet/server.pp b/site/profiles/manifests/puppet/server.pp similarity index 91% rename from site/profile/manifests/puppet/server.pp rename to site/profiles/manifests/puppet/server.pp index 235bf88..03b82c3 100644 --- a/site/profile/manifests/puppet/server.pp +++ b/site/profiles/manifests/puppet/server.pp @@ -1,4 +1,4 @@ -# Class: profile::puppet::server +# Class: profiles::puppet::server # # This class manages Puppet server's configuration and service. # @@ -14,7 +14,7 @@ # external_nodes - Path to the external node classifier script. # autosign - Path to the autosign script. # -class profile::puppet::server ( +class profiles::puppet::server ( String $vardir, String $logdir, String $rundir, @@ -32,7 +32,7 @@ class profile::puppet::server ( owner => 'root', group => 'root', mode => '0644', - content => epp('profile/puppet/server/puppet.conf.epp', { + content => epp('profiles/puppet/server/puppet.conf.epp', { 'vardir' => $vardir, 'logdir' => $logdir, 'rundir' => $rundir, diff --git a/site/profile/manifests/yum/base.pp b/site/profiles/manifests/yum/base.pp similarity index 95% rename from site/profile/manifests/yum/base.pp rename to site/profiles/manifests/yum/base.pp index 7ac952e..4d2ea53 100644 --- a/site/profile/manifests/yum/base.pp +++ b/site/profiles/manifests/yum/base.pp @@ -1,4 +1,4 @@ -# Class: profile::yum::base +# Class: profiles::yum::base # # This class manages the 'base', extras' and 'appstream' yum # repositories for a system, based on the provided list of managed repositories. @@ -23,12 +23,12 @@ # Example usage: # -------------- # To use this class with the default parameters: -# class { 'profile::yum::base': +# class { 'profiles::yum::base': # managed_repos => ['base', 'extras', 'appstream'], # baseurl => 'http://mylocalmirror.com/yum', # } # -class profile::yum::base ( +class profiles::yum::base ( Array[String] $managed_repos, String $baseurl, ) { diff --git a/site/profile/manifests/yum/epel.pp b/site/profiles/manifests/yum/epel.pp similarity index 92% rename from site/profile/manifests/yum/epel.pp rename to site/profiles/manifests/yum/epel.pp index 47f1b10..fe2be21 100644 --- a/site/profile/manifests/yum/epel.pp +++ b/site/profiles/manifests/yum/epel.pp @@ -1,4 +1,4 @@ -# Class: profile::yum::epel +# Class: profiles::yum::epel # # This class manages the EPEL yum repository for the system. # @@ -22,13 +22,13 @@ # Example usage: # -------------- # To use this class with the default parameters: -# include profile::yum::epel +# include profiles::yum::epel # # To specify a custom base URL: -# class { 'profile::yum::epel': +# class { 'profiles::yum::epel': # baseurl => 'http://mylocalmirror.com/yum', # } -class profile::yum::epel ( +class profiles::yum::epel ( Array[String] $managed_repos, String $baseurl, ) { diff --git a/site/profile/manifests/yum/global.pp b/site/profiles/manifests/yum/global.pp similarity index 88% rename from site/profile/manifests/yum/global.pp rename to site/profiles/manifests/yum/global.pp index d6f2ee8..bbeb2dd 100644 --- a/site/profile/manifests/yum/global.pp +++ b/site/profiles/manifests/yum/global.pp @@ -1,4 +1,4 @@ -# Class: profile::yum::global +# Class: profiles::yum::global # # This class manages global YUM configurations and optionally includes the # base and EPEL yum repository profiles based on the content of the @@ -21,7 +21,7 @@ # and enabling the repository and GPG checks. # # - Depending on the content of the $managed_repos parameter, it includes the -# profile::yum::base and/or profile::yum::epel classes. +# profiles::yum::base and/or profiles::yum::epel classes. # # - Manages all .repo files under /etc/yum.repos.d. All the repositories listed # in $managed_repos will have their corresponding .repo files preserved. Any @@ -33,15 +33,15 @@ # Example usage: # -------------- # To use this class, include the class and configure hieradata: -# include profile::yum::global +# include profiles::yum::global # -# profile::yum::managed_repos: +# profiles::yum::managed_repos: # - 'base' # - 'extras' # - 'appstream' # -class profile::yum::global ( - Array[String] $managed_repos = lookup('profile::yum::managed_repos'), +class profiles::yum::global ( + Array[String] $managed_repos = lookup('profiles::yum::managed_repos'), ){ class { 'yum': keep_kernel_devel => true, @@ -87,17 +87,17 @@ class profile::yum::global ( } # Setup base repos - class { 'profile::yum::base': + class { 'profiles::yum::base': managed_repos => $managed_repos, } # Setup epel if included in managed_repos - class { 'profile::yum::epel': + class { 'profiles::yum::epel': managed_repos => $managed_repos, } # Setup puppet7 if included in managed_repos - class { 'profile::yum::puppet7': + class { 'profiles::yum::puppet7': managed_repos => $managed_repos, } } diff --git a/site/profile/manifests/yum/puppet7.pp b/site/profiles/manifests/yum/puppet7.pp similarity index 92% rename from site/profile/manifests/yum/puppet7.pp rename to site/profiles/manifests/yum/puppet7.pp index da603be..4ceb7a1 100644 --- a/site/profile/manifests/yum/puppet7.pp +++ b/site/profiles/manifests/yum/puppet7.pp @@ -1,4 +1,4 @@ -# Class: profile::yum::epel +# Class: profiles::yum::epel # # This class manages the puppet7 yum repository for the system. # @@ -22,13 +22,13 @@ # Example usage: # -------------- # To use this class with the default parameters: -# include profile::yum::puppet7 +# include profiles::yum::puppet7 # # To specify a custom base URL: -# class { 'profile::yum::puppet7': +# class { 'profiles::yum::puppet7': # baseurl => 'http://mylocalmirror.com/yum', # } -class profile::yum::puppet7 ( +class profiles::yum::puppet7 ( Array[String] $managed_repos, String $baseurl = 'http://yum.puppet.com', ) { diff --git a/site/profile/templates/puppet/server/puppet.conf.epp b/site/profiles/templates/puppet/server/puppet.conf.epp similarity index 100% rename from site/profile/templates/puppet/server/puppet.conf.epp rename to site/profiles/templates/puppet/server/puppet.conf.epp diff --git a/site/role/manifests/puppet/puppetmaster.pp b/site/role/manifests/puppet/puppetmaster.pp deleted file mode 100644 index f04f3fe..0000000 --- a/site/role/manifests/puppet/puppetmaster.pp +++ /dev/null @@ -1,6 +0,0 @@ -# a role to deploy the puppetmaster -# work in progress -class role::puppet::puppetmaster { - include profile::base - include profile::puppet::puppetmaster - } diff --git a/site/roles/manifests/puppet/puppetmaster.pp b/site/roles/manifests/puppet/puppetmaster.pp new file mode 100644 index 0000000..9536470 --- /dev/null +++ b/site/roles/manifests/puppet/puppetmaster.pp @@ -0,0 +1,6 @@ +# a role to deploy the puppetmaster +# work in progress +class roles::puppet::puppetmaster { + include profiles::base + include profiles::puppet::puppetmaster + } From 7f2c82e07dd3e05810e5e2dbd68e4b7a4de5e346 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sun, 25 Jun 2023 13:31:29 +1000 Subject: [PATCH 05/17] Add a switch to check for os family This is so I can include either apt or yum/dnf based profiles. This can be expanded easily if new families are added, or if new base role includes are added that are different based on the family of the os. --- site/profiles/manifests/base.pp | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/site/profiles/manifests/base.pp b/site/profiles/manifests/base.pp index ecf07e4..3aa9c2b 100644 --- a/site/profiles/manifests/base.pp +++ b/site/profiles/manifests/base.pp @@ -5,6 +5,15 @@ class profiles::base ( class { 'chrony': servers => $ntp_servers, } - - include profiles::yum::global + case $facts['os']['family'] { + 'RedHat': { + include profiles::yum::global + } + #'Debian': { + # include profiles::apt:;global + #} + default: { + fail("Unsupported OS family ${facts['os']['family']}") + } + } } From 7a789ceaeec19b2205b03c0bd1a2a2e357dc6ba2 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sun, 25 Jun 2023 13:06:36 +1000 Subject: [PATCH 06/17] Renamed role/profile directories * renamed role to roles * renamed profile to profiles * cleaned up all profiles/roles/hieradata to match new paths --- site/profiles/manifests/puppet/puppetmaster.pp | 2 +- site/profiles/manifests/puppet/server.pp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/site/profiles/manifests/puppet/puppetmaster.pp b/site/profiles/manifests/puppet/puppetmaster.pp index dbcdf38..919b8f3 100644 --- a/site/profiles/manifests/puppet/puppetmaster.pp +++ b/site/profiles/manifests/puppet/puppetmaster.pp @@ -27,7 +27,7 @@ class profiles::puppet::puppetmaster { include profiles::puppet::enc include profiles::puppet::autosign - class { 'profile::puppet::server': + class { 'profiles::puppet::server': vardir => '/opt/puppetlabs/server/data/puppetserver', logdir => '/var/log/puppetlabs/puppetserver', rundir => '/var/run/puppetlabs/puppetserver', diff --git a/site/profiles/manifests/puppet/server.pp b/site/profiles/manifests/puppet/server.pp index 4b97470..03b82c3 100644 --- a/site/profiles/manifests/puppet/server.pp +++ b/site/profiles/manifests/puppet/server.pp @@ -32,7 +32,7 @@ class profiles::puppet::server ( owner => 'root', group => 'root', mode => '0644', - content => epp('profile/puppet/server/puppet.conf.epp', { + content => epp('profiles/puppet/server/puppet.conf.epp', { 'vardir' => $vardir, 'logdir' => $logdir, 'rundir' => $rundir, From 5ee489115729216b62a47b66b9cd22f9d02b0e8e Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sun, 25 Jun 2023 13:31:29 +1000 Subject: [PATCH 07/17] Add a switch to check for os family This is so I can include either apt or yum/dnf based profiles. This can be expanded easily if new families are added, or if new base role includes are added that are different based on the family of the os. --- site/profiles/manifests/base.pp | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/site/profiles/manifests/base.pp b/site/profiles/manifests/base.pp index ecf07e4..3aa9c2b 100644 --- a/site/profiles/manifests/base.pp +++ b/site/profiles/manifests/base.pp @@ -5,6 +5,15 @@ class profiles::base ( class { 'chrony': servers => $ntp_servers, } - - include profiles::yum::global + case $facts['os']['family'] { + 'RedHat': { + include profiles::yum::global + } + #'Debian': { + # include profiles::apt:;global + #} + default: { + fail("Unsupported OS family ${facts['os']['family']}") + } + } } From f1f39ef4e39287408ea8e6abe87fb237fc971e29 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sun, 25 Jun 2023 14:34:42 +1000 Subject: [PATCH 08/17] Changed to vox systemd module * updated Puppetfile * updated puppet-enc timer/service * updated puppet-g10k timer/service --- Puppetfile | 5 ++-- site/profiles/manifests/puppet/enc.pp | 38 ++++++++++++++++++-------- site/profiles/manifests/puppet/g10k.pp | 38 ++++++++++++++++++-------- 3 files changed, 57 insertions(+), 24 deletions(-) diff --git a/Puppetfile b/Puppetfile index fd87de8..94caeb9 100644 --- a/Puppetfile +++ b/Puppetfile @@ -5,8 +5,9 @@ moduledir 'external_modules' mod 'puppetlabs-stdlib', '9.1.0' mod 'puppetlabs-inifile', '6.0.0' mod 'puppetlabs-concat', '9.0.0' -mod 'eyp-eyplib', '0.1.24' -mod 'eyp-systemd', '3.1.0' +#mod 'eyp-eyplib', '0.1.24' +#mod 'eyp-systemd', '3.1.0' +mod 'puppet-systemd', '5.1.0' mod 'ghoneycutt-puppet', '3.3.0' mod 'puppet-archive', '7.0.0' mod 'puppet-chrony', '2.6.0' diff --git a/site/profiles/manifests/puppet/enc.pp b/site/profiles/manifests/puppet/enc.pp index 897cc98..5ab06ef 100644 --- a/site/profiles/manifests/puppet/enc.pp +++ b/site/profiles/manifests/puppet/enc.pp @@ -67,17 +67,33 @@ class profiles::puppet::enc ( require => Package['git'], } - systemd::service { 'puppet-enc': - description => 'puppet-enc update service', - execstart => '/opt/puppetlabs/bin/puppet-enc', - user => 'root', - require => File['/opt/puppetlabs/bin/puppet-enc'], - } + $_timer = @(EOT) + [Unit] + Description=puppet-enc downloader timer + [Timer] + OnCalendar=*:0/1 + RandomizedDelaySec=1s + [Install] + WantedBy=timers.target + EOT - systemd::timer { 'puppet-enc': - description => 'Run puppet-enc every minute', - unit => 'puppet-enc.service', - on_calendar => '*:0/1', - require => Systemd::Service['puppet-enc'], + $_service = @(EOT) + [Unit] + Description=puppet-enc downloader service + [Service] + Type=oneshot + ExecStart=/opt/puppetlabs/bin/puppet-enc + User=root + Group=root + PermissionsStartOnly=false + PrivateTmp=no + EOT + + systemd::timer { 'puppet-enc.timer': + timer_content => $_timer, + service_content => $_service, + active => true, + enable => true, + require => File['/opt/puppetlabs/bin/puppet-enc'], } } diff --git a/site/profiles/manifests/puppet/g10k.pp b/site/profiles/manifests/puppet/g10k.pp index 72e5309..958e53e 100644 --- a/site/profiles/manifests/puppet/g10k.pp +++ b/site/profiles/manifests/puppet/g10k.pp @@ -54,17 +54,33 @@ class profiles::puppet::g10k { require => Archive['/tmp/g10k.zip'], } - systemd::service { 'puppet-g10k': - description => 'puppet-g10k update service', - execstart => '/opt/puppetlabs/bin/puppet-g10k', - user => 'root', - require => File['/opt/puppetlabs/bin/puppet-g10k'], - } + $_timer = @(EOT) + [Unit] + Description=puppet-g10k downloader timer + [Timer] + OnCalendar=*:0/1 + RandomizedDelaySec=1s + [Install] + WantedBy=timers.target + EOT - systemd::timer { 'puppet-g10k': - description => 'Run puppet-g10k every minute', - unit => 'puppet-g10k.service', - on_calendar => '*:0/1', - require => Systemd::Service['puppet-g10k'], + $_service = @(EOT) + [Unit] + Description=puppet-g10k downloader service + [Service] + Type=oneshot + ExecStart=/opt/puppetlabs/bin/puppet-g10k + User=root + Group=root + PermissionsStartOnly=false + PrivateTmp=no + EOT + + systemd::timer { 'puppet-g10k.timer': + timer_content => $_timer, + service_content => $_service, + active => true, + enable => true, + require => File['/opt/puppetlabs/bin/puppet-g10k'], } } From 4e30d9b6d9aedd82e64f7bfb8f13a42f279b7ff7 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Mon, 26 Jun 2023 19:20:05 +1000 Subject: [PATCH 09/17] Added boilerplate for debian host management * added apt repo management * added switcher based on OS to base.pp --- hieradata/os/Debian/Debian12.yaml | 7 ++ hieradata/os/Debian/all_releases.yaml | 3 + site/profiles/manifests/apt/base.pp | 36 ++++++++++ site/profiles/manifests/apt/global.pp | 97 ++++++++++++++++++++++++++ site/profiles/manifests/apt/puppet7.pp | 0 5 files changed, 143 insertions(+) create mode 100644 hieradata/os/Debian/Debian12.yaml create mode 100644 hieradata/os/Debian/all_releases.yaml create mode 100644 site/profiles/manifests/apt/base.pp create mode 100644 site/profiles/manifests/apt/global.pp create mode 100644 site/profiles/manifests/apt/puppet7.pp diff --git a/hieradata/os/Debian/Debian12.yaml b/hieradata/os/Debian/Debian12.yaml new file mode 100644 index 0000000..9b25537 --- /dev/null +++ b/hieradata/os/Debian/Debian12.yaml @@ -0,0 +1,7 @@ +# hieradata/os/Debian/Debian12.yaml +--- +profiles::apt::managed_repos: + - 'base' + - 'security' + - 'updates' + - 'puppet7' diff --git a/hieradata/os/Debian/all_releases.yaml b/hieradata/os/Debian/all_releases.yaml new file mode 100644 index 0000000..1e30c28 --- /dev/null +++ b/hieradata/os/Debian/all_releases.yaml @@ -0,0 +1,3 @@ +# hieradata/os/debian/all_releases.yaml +--- +profiles::apt::base::baseurl: http://debian.mirror.digitalpacific.com.au/debian diff --git a/site/profiles/manifests/apt/base.pp b/site/profiles/manifests/apt/base.pp new file mode 100644 index 0000000..bb71aa7 --- /dev/null +++ b/site/profiles/manifests/apt/base.pp @@ -0,0 +1,36 @@ +class profiles::apt::base ( + Array[String] $managed_repos, + Array[String] $components, + String $baseurl, +) { + $releasever = $facts['os']['release']['major'] + $basearch = $facts['os']['architecture'] + $codename = $facts['os']['distro']['codename'] + + # Join the array into a space-separated string + $repo_components = join($components, ' ') + + apt::source { "deb.debian.org-${codename}": + location => $baseurl, + repos => $repo_components, + release => $codename, + } + + apt::source { "deb.debian.org-${codename}-security": + location => $baseurl, + repos => $repo_components, + release => "${codename}-security", + } + + apt::source { "deb.debian.org-${codename}-updates": + location => $baseurl, + repos => $repo_components, + release => "${codename}-updates", + } + + apt::source { "deb.debian.org-${codename}-backports": + location => $baseurl, + repos => $repo_components, + release => "${codename}-backports", + } +} diff --git a/site/profiles/manifests/apt/global.pp b/site/profiles/manifests/apt/global.pp new file mode 100644 index 0000000..574c668 --- /dev/null +++ b/site/profiles/manifests/apt/global.pp @@ -0,0 +1,97 @@ +# Class: profiles::apt::global +# +# This class manages global APT configurations and optionally includes the +# base and Puppet7 apt repository profiles. The profiles included are based on +# the content of the $managed_repos parameter, which is an array of repository names. +# +# Parameters: +# ----------- +# $managed_repos: An array of repository names that should be managed by Puppet agent. +# This parameter is mandatory and the class will fail if it is not provided via hieradata. +# Example: ['base', 'security', 'updates', 'backports'] +# +# Actions: +# -------- +# Configures global APT settings, including setting up the 'src' and 'deb' options for all +# repositories managed by Puppet. +# Establishes default parameters for any APT repositories managed by Puppet. +# These parameters include the repository description, the inclusion of 'src' and 'deb', +# and the pinning. +# Depending on the content of the $managed_repos parameter, it includes the +# profiles::apt::base and/or profiles::apt::puppet7 classes. +# Manages all .list files under /etc/apt/sources.list.d. All the repositories listed +# in $managed_repos will have their corresponding .list files preserved. Any +# .list file that is not listed in $managed_repos will be removed. +# Creates and maintains a /etc/apt/sources.list.d/.managed file that lists all the +# .list files that should be managed by Puppet. +# Manages /etc/apt/sources.list file to include the .list files in /etc/apt/sources.list.d. +# +# Example usage: +# -------------- +# To use this class, include it and configure hieradata: +# include profiles::apt::global +# +# profiles::apt::managed_repos: +# - 'base' +# - 'security' +# - 'updates' +# - 'backports' +class profiles::apt::global ( + Array[String] $managed_repos = lookup('profiles::apt::managed_repos'), + Array[String] $components = lookup('profiles::apt::components'), +){ + class { 'apt': + update => { + frequency => 'daily', + loglevel => 'debug', + }, + } + + Apt::Source { + include => { + 'src' => true, + 'deb' => true, + }, + } + + # Generate the content for the .managed file + $managed_file_content = $managed_repos.map |$repo_name| { "${repo_name}.repo" }.join("\n") + + # Create the .managed file + file { '/etc/apt/sources.list.d/.managed': + ensure => file, + content => $managed_file_content, + } + + # Define exec resource to remove .list files not listed in .managed + exec { 'cleanup_apt_repos': + command => '/bin/bash -c "comm -23 <(ls /etc/apt/sources.list.d | sort) + <(sort /etc/apt/sources.list.d/.managed) | + xargs -n1 rm -f /etc/apt/sources.list.d/{}"', + path => ['/bin', '/usr/bin'], + onlyif => '/bin/bash -c "comm -23 <(ls /etc/apt/sources.list.d | sort) + <(sort /etc/apt/sources.list.d/.managed) | grep .list"', + } + + file { '/etc/apt/sources.list': + ensure => 'file', + owner => 'root', + group => 'root', + mode => '0644', + content => @(END) + ## Apt is managed by Puppet, do not edit this file + END + } + + # Setup base repos + class { 'profiles::apt::base': + managed_repos => $managed_repos, + components => $components, + } + + # Setup puppet7 if included in managed_repos + class { 'profiles::apt::puppet7': + managed_repos => $managed_repos, + components => $components, + } +} diff --git a/site/profiles/manifests/apt/puppet7.pp b/site/profiles/manifests/apt/puppet7.pp new file mode 100644 index 0000000..e69de29 From 5d758da66e41129052bbb78bcddea8d89db7e19c Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Mon, 26 Jun 2023 19:42:15 +1000 Subject: [PATCH 10/17] Added r10k repo management * added profile to download puppet-r10k, add a script to pull changes, and scheduled it to happen automatically with systemd timer/service * added to the puppetmaster profile * updated hieradata --- hieradata/common.yaml | 1 + .../profiles/manifests/puppet/puppetmaster.pp | 1 + site/profiles/manifests/puppet/r10k.pp | 93 +++++++++++++++++++ 3 files changed, 95 insertions(+) create mode 100644 site/profiles/manifests/puppet/r10k.pp diff --git a/hieradata/common.yaml b/hieradata/common.yaml index afa73b2..a96f967 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -7,3 +7,4 @@ profiles::puppet::autosign::subnet_ranges: - '198.18.17.0/24' profiles::puppet::enc::enc_repo: https://git.unkin.net/unkinben/puppet-enc.git +profiles::puppet::r10k::r10k_repo: https://git.unkin.net/unkinben/puppet-r10k.git diff --git a/site/profiles/manifests/puppet/puppetmaster.pp b/site/profiles/manifests/puppet/puppetmaster.pp index 919b8f3..eaeaeba 100644 --- a/site/profiles/manifests/puppet/puppetmaster.pp +++ b/site/profiles/manifests/puppet/puppetmaster.pp @@ -23,6 +23,7 @@ # Limitations: # This is designed to work on Unix-like systems. class profiles::puppet::puppetmaster { + include profiles::puppet::r10k include profiles::puppet::g10k include profiles::puppet::enc include profiles::puppet::autosign diff --git a/site/profiles/manifests/puppet/r10k.pp b/site/profiles/manifests/puppet/r10k.pp new file mode 100644 index 0000000..c5e8e85 --- /dev/null +++ b/site/profiles/manifests/puppet/r10k.pp @@ -0,0 +1,93 @@ +# Class: profiles::puppet::r10k +# +# This class manages a Git repository at /etc/puppetlabs/r10k. It includes a +# systemd service and timer to keep the repository updated every minute. +# The Git package is installed if not present, and the repository at the given +# location will always reflect the state of the remote Git repository. +# +# Parameters: +# - r10k_repo: The URL of the Git repository to clone. +# +# Actions: +# - Ensures the Git package is installed. +# - Ensures the /etc/puppetlabs/r10k directory is a clone of the given Git repository. +# - Creates a helper script '/opt/puppetlabs/bin/puppet-r10k' for updating the Git repository. +# - Creates a systemd service and timer that runs the git update script every minute. +# +# Usage: +# Directly include the class in your node definitions or classify your nodes +# using an enc or Hiera. +# Example: +# node 'puppet.example.com' { +# class { 'profiles::puppet::r10k': +# r10k_repo => 'https://github.com/user/repo.git', +# } +# } +# +# Requirements: +# - The 'puppet-vcsrepo' module should be installed on your puppetmaster. +# - The 'puppet-systemd' module should be installed on your puppetmaster. +# - '/opt/puppetlabs/bin/' directory must exist and be writable. +# - Puppet master must have access to the specified Git URL. +# +# Limitations: +# This is designed to work on Unix-like systems only. +# +class profiles::puppet::r10k ( + String $r10k_repo, +){ + + package { 'git': + ensure => installed, + } + + vcsrepo { '/etc/puppetlabs/r10k': + ensure => latest, + provider => git, + source => $r10k_repo, + require => Package['git'], + } + + file { '/opt/puppetlabs/bin/puppet-r10k': + ensure => file, + owner => 'root', + group => 'root', + mode => '0755', + content => "#!/bin/bash\n( + cd /etc/puppetlabls/r10k + git reset --hard master + git clean -fd + git pull\n)", + require => Package['git'], + } + + $_timer = @(EOT) + [Unit] + Description=puppet-r10k downloader timer + [Timer] + OnCalendar=*:0/1 + RandomizedDelaySec=1s + [Install] + WantedBy=timers.target + EOT + + $_service = @(EOT) + [Unit] + Description=puppet-r10k downloader service + [Service] + Type=oneshot + ExecStart=/opt/puppetlabs/bin/puppet-r10k + User=root + Group=root + PermissionsStartOnly=false + PrivateTmp=no + EOT + + systemd::timer { 'puppet-r10k.timer': + timer_content => $_timer, + service_content => $_service, + active => true, + enable => true, + require => File['/opt/puppetlabs/bin/puppet-r10k'], + } +} From 45a96393468dd2b1d5ca14499727032174926e44 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Mon, 26 Jun 2023 20:02:08 +1000 Subject: [PATCH 11/17] Changed r10k to update every 5 minutes --- site/profiles/manifests/puppet/r10k.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site/profiles/manifests/puppet/r10k.pp b/site/profiles/manifests/puppet/r10k.pp index c5e8e85..6694540 100644 --- a/site/profiles/manifests/puppet/r10k.pp +++ b/site/profiles/manifests/puppet/r10k.pp @@ -65,7 +65,7 @@ class profiles::puppet::r10k ( [Unit] Description=puppet-r10k downloader timer [Timer] - OnCalendar=*:0/1 + OnCalendar=*:0/5 RandomizedDelaySec=1s [Install] WantedBy=timers.target From 754241bcf2a0fe0bc281c5238cbd875e7176a460 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Mon, 26 Jun 2023 20:06:15 +1000 Subject: [PATCH 12/17] Added class to manage installing the git client --- site/profiles/manifests/git/git.pp | 24 ++++++++++++++++++++++++ site/profiles/manifests/puppet/enc.pp | 4 +--- site/profiles/manifests/puppet/r10k.pp | 4 +--- 3 files changed, 26 insertions(+), 6 deletions(-) create mode 100644 site/profiles/manifests/git/git.pp diff --git a/site/profiles/manifests/git/git.pp b/site/profiles/manifests/git/git.pp new file mode 100644 index 0000000..ca3b4e7 --- /dev/null +++ b/site/profiles/manifests/git/git.pp @@ -0,0 +1,24 @@ +# Class: profiles::git::git +# +# This class ensures that the Git package is installed. +# +# It uses the 'package' resource to manage the Git package, +# and will ensure that it is installed. This class does not +# manage any configurations related to Git, it only ensures +# that the package is installed. +# +# The class does not take any parameters. +# +# Example usage: +# -------------- +# To use this class, you simply need to declare it in your manifest: +# +# include profiles::git::git +# +# You do not need to pass any parameters. +# +class profiles::git::git { + package { 'git': + ensure => installed, + } +} diff --git a/site/profiles/manifests/puppet/enc.pp b/site/profiles/manifests/puppet/enc.pp index 5ab06ef..6745587 100644 --- a/site/profiles/manifests/puppet/enc.pp +++ b/site/profiles/manifests/puppet/enc.pp @@ -37,9 +37,7 @@ class profiles::puppet::enc ( String $enc_repo, ) { - package { 'git': - ensure => installed, - } + include profiles::git::git vcsrepo { '/opt/puppetlabs/enc': ensure => latest, diff --git a/site/profiles/manifests/puppet/r10k.pp b/site/profiles/manifests/puppet/r10k.pp index 6694540..c404be7 100644 --- a/site/profiles/manifests/puppet/r10k.pp +++ b/site/profiles/manifests/puppet/r10k.pp @@ -37,9 +37,7 @@ class profiles::puppet::r10k ( String $r10k_repo, ){ - package { 'git': - ensure => installed, - } + include profiles::git::git vcsrepo { '/etc/puppetlabs/r10k': ensure => latest, From c00821763ece06b0cf1f054e5457d7af620465b3 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Mon, 26 Jun 2023 20:41:06 +1000 Subject: [PATCH 13/17] Added a base role * base role imports the base profile * updated profiles::base to work with debian family --- site/profiles/manifests/base.pp | 6 +++--- site/roles/manifests/base.pp | 5 +++++ 2 files changed, 8 insertions(+), 3 deletions(-) create mode 100644 site/roles/manifests/base.pp diff --git a/site/profiles/manifests/base.pp b/site/profiles/manifests/base.pp index 3aa9c2b..fbb12b8 100644 --- a/site/profiles/manifests/base.pp +++ b/site/profiles/manifests/base.pp @@ -9,9 +9,9 @@ class profiles::base ( 'RedHat': { include profiles::yum::global } - #'Debian': { - # include profiles::apt:;global - #} + 'Debian': { + include profiles::apt::global + } default: { fail("Unsupported OS family ${facts['os']['family']}") } diff --git a/site/roles/manifests/base.pp b/site/roles/manifests/base.pp new file mode 100644 index 0000000..b65b67b --- /dev/null +++ b/site/roles/manifests/base.pp @@ -0,0 +1,5 @@ +# a role to deploy the base system +# work in progress +class roles::base { + include profiles::base + } From 87f174df33a9e433dc601795aad0bfa14dddc7ab Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Thu, 29 Jun 2023 22:10:25 +1000 Subject: [PATCH 14/17] Added Debian components * added debian components for Debian12 and Debian11 * added apt module to puppetfile * removed /etc/apt/sources.list management, done by apt module * added profiles::apt::puppet7 --- Puppetfile | 1 + hieradata/os/Debian/Debian11.yaml | 12 +++++ hieradata/os/Debian/Debian12.yaml | 6 +++ hieradata/os/Debian/all_releases.yaml | 6 ++- site/profiles/manifests/apt/base.pp | 73 +++++++++++++++++++------- site/profiles/manifests/apt/global.pp | 41 +++------------ site/profiles/manifests/apt/puppet7.pp | 72 +++++++++++++++++++++++++ 7 files changed, 157 insertions(+), 54 deletions(-) create mode 100644 hieradata/os/Debian/Debian11.yaml diff --git a/Puppetfile b/Puppetfile index 94caeb9..5995d48 100644 --- a/Puppetfile +++ b/Puppetfile @@ -14,3 +14,4 @@ mod 'puppet-chrony', '2.6.0' mod 'puppetlabs-vcsrepo', '6.1.0' mod 'puppetlabs-yumrepo_core', '2.0.0' mod 'puppet-yum', '7.0.0' +mod 'puppetlabs-apt', '9.1.0' diff --git a/hieradata/os/Debian/Debian11.yaml b/hieradata/os/Debian/Debian11.yaml new file mode 100644 index 0000000..8ed26ec --- /dev/null +++ b/hieradata/os/Debian/Debian11.yaml @@ -0,0 +1,12 @@ +# hieradata/os/Debian/Debian11.yaml +--- +profiles::apt::managed_repos: + - 'base' + - 'security' + - 'updates' + - 'puppet7' + +profiles::apt::components: + - contrib + - main + - non-free diff --git a/hieradata/os/Debian/Debian12.yaml b/hieradata/os/Debian/Debian12.yaml index 9b25537..7063126 100644 --- a/hieradata/os/Debian/Debian12.yaml +++ b/hieradata/os/Debian/Debian12.yaml @@ -5,3 +5,9 @@ profiles::apt::managed_repos: - 'security' - 'updates' - 'puppet7' + +profiles::apt::components: + - contrib + - main + - non-free + - non-free-firmware diff --git a/hieradata/os/Debian/all_releases.yaml b/hieradata/os/Debian/all_releases.yaml index 1e30c28..aa8a5bf 100644 --- a/hieradata/os/Debian/all_releases.yaml +++ b/hieradata/os/Debian/all_releases.yaml @@ -1,3 +1,7 @@ # hieradata/os/debian/all_releases.yaml --- -profiles::apt::base::baseurl: http://debian.mirror.digitalpacific.com.au/debian +profiles::apt::base::mirrorurl: http://debian.mirror.digitalpacific.com.au/debian +profiles::apt::base::secureurl: http://security.debian.org/debian-security +profiles::apt::puppet7::mirror: http://apt.puppetlabs.com +profiles::apt::puppet7::repo: puppet7 +profiles::apt::puppet7::dist: bullseye diff --git a/site/profiles/manifests/apt/base.pp b/site/profiles/manifests/apt/base.pp index bb71aa7..584acdc 100644 --- a/site/profiles/manifests/apt/base.pp +++ b/site/profiles/manifests/apt/base.pp @@ -1,36 +1,71 @@ +# This class manages the configuration of base APT repositories +# +# Parameters: +# - $managed_repos: An array of repositories to manage, such as 'base', 'security', +# 'updates', 'backports' (optional) +# - $components: An array of components for the repositories (e.g., 'main', 'contrib') +# - $mirrorurl: The base URL of the mirror for the base repository +# - $secureurl: The base URL of the mirror for the security repository +# +# Dependencies: +# - Puppet facts: The class relies on certain facts about the target system, +# including the OS architecture and distribution codename. +# +# Description: +# This class manages the configuration of base APT repositories on the target system. +# It supports the management of repositories specified in the $managed_repos parameter, +# including 'base', 'security', 'updates', and 'backports'. The class retrieves necessary +# information from Puppet facts, such as the OS architecture and distribution codename. +# It creates apt::source resources for each repository, setting the appropriate location, +# repos, and release values based on the provided parameters. +# +# Example usage: +# class { 'profiles::apt::base': +# managed_repos => ['base', 'security'], +# components => ['main', 'contrib'], +# mirrorurl => 'http://mirror.example.com', +# secureurl => 'http://security.example.com', +# } class profiles::apt::base ( Array[String] $managed_repos, Array[String] $components, - String $baseurl, + String $mirrorurl, + String $secureurl, ) { - $releasever = $facts['os']['release']['major'] - $basearch = $facts['os']['architecture'] $codename = $facts['os']['distro']['codename'] # Join the array into a space-separated string $repo_components = join($components, ' ') - apt::source { "deb.debian.org-${codename}": - location => $baseurl, - repos => $repo_components, - release => $codename, + if 'base' in $managed_repos { + apt::source { 'base': + location => $mirrorurl, + repos => $repo_components, + release => $codename, + } } - apt::source { "deb.debian.org-${codename}-security": - location => $baseurl, - repos => $repo_components, - release => "${codename}-security", + if 'security' in $managed_repos { + apt::source { 'security': + location => $secureurl, + repos => $repo_components, + release => "${codename}-security", + } } - apt::source { "deb.debian.org-${codename}-updates": - location => $baseurl, - repos => $repo_components, - release => "${codename}-updates", + if 'updates' in $managed_repos { + apt::source { 'updates': + location => $mirrorurl, + repos => $repo_components, + release => "${codename}-updates", + } } - apt::source { "deb.debian.org-${codename}-backports": - location => $baseurl, - repos => $repo_components, - release => "${codename}-backports", + if 'backports' in $managed_repos { + apt::source { 'backports': + location => $mirrorurl, + repos => $repo_components, + release => "${codename}-backports", + } } } diff --git a/site/profiles/manifests/apt/global.pp b/site/profiles/manifests/apt/global.pp index 574c668..58845bb 100644 --- a/site/profiles/manifests/apt/global.pp +++ b/site/profiles/manifests/apt/global.pp @@ -22,9 +22,7 @@ # Manages all .list files under /etc/apt/sources.list.d. All the repositories listed # in $managed_repos will have their corresponding .list files preserved. Any # .list file that is not listed in $managed_repos will be removed. -# Creates and maintains a /etc/apt/sources.list.d/.managed file that lists all the -# .list files that should be managed by Puppet. -# Manages /etc/apt/sources.list file to include the .list files in /etc/apt/sources.list.d. +# Manages /etc/apt/sources.list file to be empty. # # Example usage: # -------------- @@ -41,7 +39,12 @@ class profiles::apt::global ( Array[String] $components = lookup('profiles::apt::components'), ){ class { 'apt': - update => { + sources_list_force => true, + purge => { + 'sources.list' => true, + 'sources.list.d' => true, + }, + update => { frequency => 'daily', loglevel => 'debug', }, @@ -54,35 +57,6 @@ class profiles::apt::global ( }, } - # Generate the content for the .managed file - $managed_file_content = $managed_repos.map |$repo_name| { "${repo_name}.repo" }.join("\n") - - # Create the .managed file - file { '/etc/apt/sources.list.d/.managed': - ensure => file, - content => $managed_file_content, - } - - # Define exec resource to remove .list files not listed in .managed - exec { 'cleanup_apt_repos': - command => '/bin/bash -c "comm -23 <(ls /etc/apt/sources.list.d | sort) - <(sort /etc/apt/sources.list.d/.managed) | - xargs -n1 rm -f /etc/apt/sources.list.d/{}"', - path => ['/bin', '/usr/bin'], - onlyif => '/bin/bash -c "comm -23 <(ls /etc/apt/sources.list.d | sort) - <(sort /etc/apt/sources.list.d/.managed) | grep .list"', - } - - file { '/etc/apt/sources.list': - ensure => 'file', - owner => 'root', - group => 'root', - mode => '0644', - content => @(END) - ## Apt is managed by Puppet, do not edit this file - END - } - # Setup base repos class { 'profiles::apt::base': managed_repos => $managed_repos, @@ -92,6 +66,5 @@ class profiles::apt::global ( # Setup puppet7 if included in managed_repos class { 'profiles::apt::puppet7': managed_repos => $managed_repos, - components => $components, } } diff --git a/site/profiles/manifests/apt/puppet7.pp b/site/profiles/manifests/apt/puppet7.pp index e69de29..aa7d45a 100644 --- a/site/profiles/manifests/apt/puppet7.pp +++ b/site/profiles/manifests/apt/puppet7.pp @@ -0,0 +1,72 @@ +# This class manages the installation and configuration of Puppet 7 +# +# Parameters: +# - $managed_repos: An array of additional repositories to manage (optional) +# - $mirror: The base URL of the repository mirror +# - $repo: The repository name +# - $release: The release name +# +# Dependencies: +# - Puppet facts: The class relies on certain facts about the target system, +# including the OS release, architecture, and distribution codename. +# +# Description: +# This class installs Puppet 7 on the target system by managing the repository +# configuration and installing the appropriate package. It also supports the +# management of additional repositories specified in the $managed_repos parameter. +# The class retrieves necessary information from Puppet facts, such as the OS +# release version, architecture, and distribution codename. It downloads the +# Puppet release deb file from the specified mirror and installs it using dpkg. +# Additionally, it configures the main Puppet repository using the apt::source resource. +# +# Example usage: +# class { 'profiles::apt::puppet7': +# managed_repos => ['extra-repo'], +# mirror => 'http://mirror.example.com', +# release => 'puppet7', +# repo => 'bullseye', +# } +class profiles::apt::puppet7 ( + Array[String] $managed_repos, + String $mirror, + String $repo, + String $dist, +) { + + $codename = $facts['os']['distro']['codename'] + + if 'puppet7' in $managed_repos { + # Path to store the downloaded deb file + $puppet_release = "/root/${repo}-${dist}.deb" + $puppet_source = "${mirror}/${repo}-release-${dist}.deb" + + # Check if the deb file exists + if !defined(File[$puppet_release]) { + # Download the deb file + file { $puppet_release: + ensure => present, + source => $puppet_source, + mode => '0644', + } + } + + # Install the puppet release using dpkg + package { "${repo}-${dist}": + ensure => installed, + provider => dpkg, + source => $puppet_release, + require => File[$puppet_release], + } + + # deb http://apt.puppet.com bullseye puppet7 + apt::source { 'puppet7': + location => $mirror, + repos => $repo, + release => $dist, + include => { + 'src' => false, + 'deb' => true, + }, + } + } +} From e519b2aeffdef371f5ff5c06a15822819079deec Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sun, 2 Jul 2023 14:11:06 +1000 Subject: [PATCH 15/17] Changed source for package to be url * this removes the need to manually download/store the file, then pass it to the dpkg package manager --- site/profiles/manifests/apt/puppet7.pp | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/site/profiles/manifests/apt/puppet7.pp b/site/profiles/manifests/apt/puppet7.pp index aa7d45a..e9e336f 100644 --- a/site/profiles/manifests/apt/puppet7.pp +++ b/site/profiles/manifests/apt/puppet7.pp @@ -36,26 +36,14 @@ class profiles::apt::puppet7 ( $codename = $facts['os']['distro']['codename'] if 'puppet7' in $managed_repos { - # Path to store the downloaded deb file - $puppet_release = "/root/${repo}-${dist}.deb" $puppet_source = "${mirror}/${repo}-release-${dist}.deb" - # Check if the deb file exists - if !defined(File[$puppet_release]) { - # Download the deb file - file { $puppet_release: - ensure => present, - source => $puppet_source, - mode => '0644', - } - } - # Install the puppet release using dpkg package { "${repo}-${dist}": ensure => installed, + name => "${repo}-release", provider => dpkg, - source => $puppet_release, - require => File[$puppet_release], + source => $puppet_source, } # deb http://apt.puppet.com bullseye puppet7 From d7a7198497cfc302141a80f52d27da8377a1aabe Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sun, 2 Jul 2023 13:59:07 +1000 Subject: [PATCH 16/17] Added default resource settings * added profiles::default class in defaults.pp file * imported into all roles * cleaned up some duplicated code --- manifests/site.pp | 2 +- site/profiles/manifests/defaults.pp | 30 +++++++++++++++++++++ site/profiles/manifests/yum/global.pp | 1 - site/roles/manifests/base.pp | 1 + site/roles/manifests/puppet/puppetmaster.pp | 1 + 5 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 site/profiles/manifests/defaults.pp diff --git a/manifests/site.pp b/manifests/site.pp index f2695d5..8b13789 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -1 +1 @@ -#hiera_include('classes') + diff --git a/site/profiles/manifests/defaults.pp b/site/profiles/manifests/defaults.pp new file mode 100644 index 0000000..5c72fb6 --- /dev/null +++ b/site/profiles/manifests/defaults.pp @@ -0,0 +1,30 @@ +# settings that apply to all nodes +# use this as a place to set resource defaults +class profiles::defaults { + + # set the global exec path + Exec { + path => ['/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/'], + } + + Package { + ensure => present, + } + + File { + ensure => present, + owner => 'root', + group => 'root', + mode => '0644', + } + + Service { + ensure => running, + enable => true, + } + + User { + ensure => present, + shell => '/bin/bash', + } +} diff --git a/site/profiles/manifests/yum/global.pp b/site/profiles/manifests/yum/global.pp index bbeb2dd..70481c7 100644 --- a/site/profiles/manifests/yum/global.pp +++ b/site/profiles/manifests/yum/global.pp @@ -81,7 +81,6 @@ class profiles::yum::global ( command => '/bin/bash -c "comm -23 <(ls /etc/yum.repos.d | sort) <(sort /etc/yum.repos.d/.managed) | xargs -n1 rm -f /etc/yum.repos.d/{}"', - path => ['/bin', '/usr/bin'], onlyif => '/bin/bash -c "comm -23 <(ls /etc/yum.repos.d | sort) <(sort /etc/yum.repos.d/.managed) | grep .repo"', } diff --git a/site/roles/manifests/base.pp b/site/roles/manifests/base.pp index b65b67b..86164e4 100644 --- a/site/roles/manifests/base.pp +++ b/site/roles/manifests/base.pp @@ -1,5 +1,6 @@ # a role to deploy the base system # work in progress class roles::base { + include profiles::defaults include profiles::base } diff --git a/site/roles/manifests/puppet/puppetmaster.pp b/site/roles/manifests/puppet/puppetmaster.pp index 9536470..b87f183 100644 --- a/site/roles/manifests/puppet/puppetmaster.pp +++ b/site/roles/manifests/puppet/puppetmaster.pp @@ -1,6 +1,7 @@ # a role to deploy the puppetmaster # work in progress class roles::puppet::puppetmaster { + include profiles::defaults include profiles::base include profiles::puppet::puppetmaster } From d48283734cc92400488721eb42b705465cc0fa13 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sat, 1 Jul 2023 23:10:29 +1000 Subject: [PATCH 17/17] Added a new profile to manage common packages * will by default pull data from hiera * could change it on a per-distro/role basis * requires stdlib for ensure_packages --- hieradata/common.yaml | 18 ++++++++++++++++ site/profiles/manifests/base.pp | 5 +++++ site/profiles/manifests/base/packages.pp | 27 ++++++++++++++++++++++++ 3 files changed, 50 insertions(+) create mode 100644 site/profiles/manifests/base/packages.pp diff --git a/hieradata/common.yaml b/hieradata/common.yaml index a96f967..67fb423 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -3,6 +3,24 @@ profiles::base::ntp_servers: - 0.au.pool.ntp.org - 1.au.pool.ntp.org +profiles::base::packages::common: + - ccze + - curl + - dstat + - htop + - mtr + - ncdu + - neovim + - python3 + - screen + - strace + - sudo + - tmux + - vim + - vnstat + - wget + - zsh + profiles::puppet::autosign::subnet_ranges: - '198.18.17.0/24' diff --git a/site/profiles/manifests/base.pp b/site/profiles/manifests/base.pp index fbb12b8..5a5493c 100644 --- a/site/profiles/manifests/base.pp +++ b/site/profiles/manifests/base.pp @@ -16,4 +16,9 @@ class profiles::base ( fail("Unsupported OS family ${facts['os']['family']}") } } + + class { 'profiles::base::packages': + packages => hiera('profiles::base::packages::common'), + ensure => 'installed', + } } diff --git a/site/profiles/manifests/base/packages.pp b/site/profiles/manifests/base/packages.pp new file mode 100644 index 0000000..6c15811 --- /dev/null +++ b/site/profiles/manifests/base/packages.pp @@ -0,0 +1,27 @@ +# This class manages the installation of packages for the base profile +# +# Parameters: +# - $packages: An array of package names to be installed (optional) +# +# Description: +# This class installs a list of packages specified in the $packages parameter +# using the `package` resource from Puppet. Each package in the array is installed +# with the `ensure => installed` attribute, ensuring that the package is present +# on the target system. By default, the class retrieves the package list from Hiera +# using the key 'profiles::base::packages::common'. +# +# Example usage: +# class { 'profiles::base::packages': +# packages => ['package1', 'package2', 'package3'], +# +class profiles::base::packages ( + Array $packages, + Enum[ + 'present', + 'absent', + 'latest', + 'installed' + ] $ensure = 'installed', +){ + ensure_packages($packages, {'ensure' => $ensure}) +}