feat: prepare puppet for debian

- set yum::versionlock to be only for redhat family
- set puppet-agent require statement to use apt or yum
- remove requirement of downloading puppet7-release-$dist.deb
- create all paths in $base_path for vault certificate
- set correct $PATH for update-ca-certificates
- dynamically set debian release name
- split packages to install from common.yaml to os-specific
- create groups profile to manage local groups
- change sysadmin to be a member of admins group
- setup admins sudo rules
This commit is contained in:
2024-04-13 21:04:08 +10:00
parent 5f8b0ba102
commit d0d67e316a
10 changed files with 86 additions and 28 deletions
+19 -2
View File
@@ -30,6 +30,12 @@ lookup_options:
haproxy::backend:
merge:
strategy: deep
sudo::configs:
merge:
strategy: deep
profiles::base::groups::local:
merge:
strategy: deep
facts_path: '/opt/puppetlabs/facter/facts.d'
@@ -59,7 +65,6 @@ profiles::packages::install:
- iotop
- jq
- lz4
- lzo
- mtr
- ncdu
- neovim
@@ -79,7 +84,6 @@ profiles::packages::install:
- vim
- vnstat
- wget
- xz
- zsh
- zstd
@@ -111,6 +115,19 @@ profiles::puppet::client::usecacheonfailure: false
prometheus::node_exporter::export_scrape_job: true
prometheus::systemd_exporter::export_scrape_job: true
profiles::base::groups::local:
admins:
ensure: present
gid: 10000
allowdupe: false
forcelocal: true
sudo::configs:
admins:
priority: 10
content: |
%admins ALL=(ALL) NOPASSWD: ALL
profiles::accounts::sysadmin::sshkeys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ8SRLlPiDylBpdWR9LpvPg4fDVD+DZst4yRPFwMMhta4mnB1H9XuvZkptDhXywWQ7QIcqa2WbhCen0OQJCtwn3s7EYtacmF5MxmwBYocPoK2AArGuh6NA9rwTdLrPdzhZ+gwe88PAzRLNzjm0ZBR+mA9saMbPJdqpKp0AWeAM8QofRQAWuCzQg9i0Pn1KDMvVDRHCZof4pVlHSTyHNektq4ifovn0zhKC8jD/cYu95mc5ftBbORexpGiQWwQ3HZw1IBe0ZETB1qPIPwsoJpt3suvMrL6T2//fcIIUE3TcyJKb/yhztja4TZs5jT8370G/vhlT70He0YPxqHub8ZfBv0khlkY93VBWYpNGJwM1fVqlw7XbfBNdOuJivJac8eW317ZdiDnKkBTxapThpPG3et9ib1HoPGKRsd/fICzNz16h2R3tddSdihTFL+bmTCa6Lo+5t5uRuFjQvhSLSgO2/gRAprc3scYOB4pY/lxOFfq3pU2VvSJtRgLNEYMUYKk= ben@unkin.net