feat: prepare puppet for debian

- set yum::versionlock to be only for redhat family
- set puppet-agent require statement to use apt or yum
- remove requirement of downloading puppet7-release-$dist.deb
- create all paths in $base_path for vault certificate
- set correct $PATH for update-ca-certificates
- dynamically set debian release name
- split packages to install from common.yaml to os-specific
- create groups profile to manage local groups
- change sysadmin to be a member of admins group
- setup admins sudo rules
This commit is contained in:
2024-04-13 21:04:08 +10:00
parent 5f8b0ba102
commit d0d67e316a
10 changed files with 86 additions and 28 deletions
+19 -2
View File
@@ -30,6 +30,12 @@ lookup_options:
haproxy::backend:
merge:
strategy: deep
sudo::configs:
merge:
strategy: deep
profiles::base::groups::local:
merge:
strategy: deep
facts_path: '/opt/puppetlabs/facter/facts.d'
@@ -59,7 +65,6 @@ profiles::packages::install:
- iotop
- jq
- lz4
- lzo
- mtr
- ncdu
- neovim
@@ -79,7 +84,6 @@ profiles::packages::install:
- vim
- vnstat
- wget
- xz
- zsh
- zstd
@@ -111,6 +115,19 @@ profiles::puppet::client::usecacheonfailure: false
prometheus::node_exporter::export_scrape_job: true
prometheus::systemd_exporter::export_scrape_job: true
profiles::base::groups::local:
admins:
ensure: present
gid: 10000
allowdupe: false
forcelocal: true
sudo::configs:
admins:
priority: 10
content: |
%admins ALL=(ALL) NOPASSWD: ALL
profiles::accounts::sysadmin::sshkeys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ8SRLlPiDylBpdWR9LpvPg4fDVD+DZst4yRPFwMMhta4mnB1H9XuvZkptDhXywWQ7QIcqa2WbhCen0OQJCtwn3s7EYtacmF5MxmwBYocPoK2AArGuh6NA9rwTdLrPdzhZ+gwe88PAzRLNzjm0ZBR+mA9saMbPJdqpKp0AWeAM8QofRQAWuCzQg9i0Pn1KDMvVDRHCZof4pVlHSTyHNektq4ifovn0zhKC8jD/cYu95mc5ftBbORexpGiQWwQ3HZw1IBe0ZETB1qPIPwsoJpt3suvMrL6T2//fcIIUE3TcyJKb/yhztja4TZs5jT8370G/vhlT70He0YPxqHub8ZfBv0khlkY93VBWYpNGJwM1fVqlw7XbfBNdOuJivJac8eW317ZdiDnKkBTxapThpPG3et9ib1HoPGKRsd/fICzNz16h2R3tddSdihTFL+bmTCa6Lo+5t5uRuFjQvhSLSgO2/gRAprc3scYOB4pY/lxOFfq3pU2VvSJtRgLNEYMUYKk= ben@unkin.net
+4 -1
View File
@@ -7,5 +7,8 @@ profiles::yum::ovirt::baseurl: https://repos.main.unkin.net/centos
profiles::firewall::firewalld::ensure_package: 'absent'
profiles::firewall::firewalld::ensure_service: 'stopped'
profiles::firewall::firewalld::enable_service: false
profiles::puppet::agent::puppet_version: '7.26.0'
profiles::packages::install:
- lzo
- xz
+7 -2
View File
@@ -1,7 +1,12 @@
# hieradata/os/debian/all_releases.yaml
---
profiles::apt::base::mirrorurl: http://debian.mirror.digitalpacific.com.au/debian
profiles::apt::base::mirrorurl: http://repos.main.unkin.net/debian
profiles::apt::base::secureurl: http://security.debian.org/debian-security
profiles::apt::puppet7::mirror: http://apt.puppetlabs.com
profiles::apt::puppet7::repo: puppet7
profiles::apt::puppet7::dist: bullseye
profiles::pki::vaultca::ca_cert-path: /usr/local/share/ca-certificates/
profiles::packages::install:
- lzop
- python3.11-venv
- xz-utils