feat: prepare puppet for debian
- set yum::versionlock to be only for redhat family - set puppet-agent require statement to use apt or yum - remove requirement of downloading puppet7-release-$dist.deb - create all paths in $base_path for vault certificate - set correct $PATH for update-ca-certificates - dynamically set debian release name - split packages to install from common.yaml to os-specific - create groups profile to manage local groups - change sysadmin to be a member of admins group - setup admins sudo rules
This commit is contained in:
+19
-2
@@ -30,6 +30,12 @@ lookup_options:
|
||||
haproxy::backend:
|
||||
merge:
|
||||
strategy: deep
|
||||
sudo::configs:
|
||||
merge:
|
||||
strategy: deep
|
||||
profiles::base::groups::local:
|
||||
merge:
|
||||
strategy: deep
|
||||
|
||||
facts_path: '/opt/puppetlabs/facter/facts.d'
|
||||
|
||||
@@ -59,7 +65,6 @@ profiles::packages::install:
|
||||
- iotop
|
||||
- jq
|
||||
- lz4
|
||||
- lzo
|
||||
- mtr
|
||||
- ncdu
|
||||
- neovim
|
||||
@@ -79,7 +84,6 @@ profiles::packages::install:
|
||||
- vim
|
||||
- vnstat
|
||||
- wget
|
||||
- xz
|
||||
- zsh
|
||||
- zstd
|
||||
|
||||
@@ -111,6 +115,19 @@ profiles::puppet::client::usecacheonfailure: false
|
||||
prometheus::node_exporter::export_scrape_job: true
|
||||
prometheus::systemd_exporter::export_scrape_job: true
|
||||
|
||||
profiles::base::groups::local:
|
||||
admins:
|
||||
ensure: present
|
||||
gid: 10000
|
||||
allowdupe: false
|
||||
forcelocal: true
|
||||
|
||||
sudo::configs:
|
||||
admins:
|
||||
priority: 10
|
||||
content: |
|
||||
%admins ALL=(ALL) NOPASSWD: ALL
|
||||
|
||||
profiles::accounts::sysadmin::sshkeys:
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ8SRLlPiDylBpdWR9LpvPg4fDVD+DZst4yRPFwMMhta4mnB1H9XuvZkptDhXywWQ7QIcqa2WbhCen0OQJCtwn3s7EYtacmF5MxmwBYocPoK2AArGuh6NA9rwTdLrPdzhZ+gwe88PAzRLNzjm0ZBR+mA9saMbPJdqpKp0AWeAM8QofRQAWuCzQg9i0Pn1KDMvVDRHCZof4pVlHSTyHNektq4ifovn0zhKC8jD/cYu95mc5ftBbORexpGiQWwQ3HZw1IBe0ZETB1qPIPwsoJpt3suvMrL6T2//fcIIUE3TcyJKb/yhztja4TZs5jT8370G/vhlT70He0YPxqHub8ZfBv0khlkY93VBWYpNGJwM1fVqlw7XbfBNdOuJivJac8eW317ZdiDnKkBTxapThpPG3et9ib1HoPGKRsd/fICzNz16h2R3tddSdihTFL+bmTCa6Lo+5t5uRuFjQvhSLSgO2/gRAprc3scYOB4pY/lxOFfq3pU2VvSJtRgLNEYMUYKk= ben@unkin.net
|
||||
|
||||
|
||||
@@ -7,5 +7,8 @@ profiles::yum::ovirt::baseurl: https://repos.main.unkin.net/centos
|
||||
profiles::firewall::firewalld::ensure_package: 'absent'
|
||||
profiles::firewall::firewalld::ensure_service: 'stopped'
|
||||
profiles::firewall::firewalld::enable_service: false
|
||||
|
||||
profiles::puppet::agent::puppet_version: '7.26.0'
|
||||
|
||||
profiles::packages::install:
|
||||
- lzo
|
||||
- xz
|
||||
|
||||
@@ -1,7 +1,12 @@
|
||||
# hieradata/os/debian/all_releases.yaml
|
||||
---
|
||||
profiles::apt::base::mirrorurl: http://debian.mirror.digitalpacific.com.au/debian
|
||||
profiles::apt::base::mirrorurl: http://repos.main.unkin.net/debian
|
||||
profiles::apt::base::secureurl: http://security.debian.org/debian-security
|
||||
profiles::apt::puppet7::mirror: http://apt.puppetlabs.com
|
||||
profiles::apt::puppet7::repo: puppet7
|
||||
profiles::apt::puppet7::dist: bullseye
|
||||
profiles::pki::vaultca::ca_cert-path: /usr/local/share/ca-certificates/
|
||||
|
||||
profiles::packages::install:
|
||||
- lzop
|
||||
- python3.11-venv
|
||||
- xz-utils
|
||||
|
||||
Reference in New Issue
Block a user