feat: prepare puppet for debian

- set yum::versionlock to be only for redhat family
- set puppet-agent require statement to use apt or yum
- remove requirement of downloading puppet7-release-$dist.deb
- create all paths in $base_path for vault certificate
- set correct $PATH for update-ca-certificates
- dynamically set debian release name
- split packages to install from common.yaml to os-specific
- create groups profile to manage local groups
- change sysadmin to be a member of admins group
- setup admins sudo rules
This commit is contained in:
2024-04-13 21:04:08 +10:00
parent 5f8b0ba102
commit d0d67e316a
10 changed files with 86 additions and 28 deletions
+23 -9
View File
@@ -4,12 +4,6 @@ class profiles::puppet::agent (
String $puppet_version = 'latest',
) {
# Ensure the puppet-agent package is installed and locked to a specific version
package { 'puppet-agent':
ensure => $puppet_version,
require => Class['profiles::yum::puppet7'],
}
# if puppet-version is anything other than latest, set a versionlock
$puppet_versionlock_ensure = $puppet_version ? {
'latest' => 'absent',
@@ -19,9 +13,29 @@ class profiles::puppet::agent (
'latest' => undef,
default => $puppet_version,
}
yum::versionlock{'puppet-agent':
ensure => $puppet_versionlock_ensure,
version => $puppet_versionlock_version,
case $facts['os']['family'] {
'RedHat': {
# Ensure the puppet-agent package is installed and locked to a specific version
package { 'puppet-agent':
ensure => $puppet_version,
require => Class['profiles::yum::puppet7'],
}
# versionlock puppet-agent
yum::versionlock{'puppet-agent':
ensure => $puppet_versionlock_ensure,
version => $puppet_versionlock_version,
}
}
'Debian': {
# Ensure the puppet-agent package is installed and locked to a specific version
package { 'puppet-agent':
ensure => $puppet_version,
require => Class['profiles::apt::puppet7'],
}
}
default: {}
}
# Ensure the puppet service is running