From e183ee2b443a1f168c9af45a31999843acda872f Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Mon, 27 Nov 2023 18:16:54 +1100 Subject: [PATCH 01/11] feat: add extra repositories - mariadb 11.2 - puppet el8 --- hieradata/roles/infra/reposync/syncer.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/hieradata/roles/infra/reposync/syncer.yaml b/hieradata/roles/infra/reposync/syncer.yaml index 123fbaa..0427abe 100644 --- a/hieradata/roles/infra/reposync/syncer.yaml +++ b/hieradata/roles/infra/reposync/syncer.yaml @@ -49,3 +49,17 @@ profiles::reposync::repos_list: release: '8' baseurl: 'https://dl.fedoraproject.org/pub/epel/8/Modular/x86_64/' gpgkey: 'https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8' + mariadb_11_2_el8: + repository: 'el8' + description: 'MariaDB 11.2' + osname: 'mariadb' + release: '11.2' + baseurl: 'http://mariadb.mirror.digitalpacific.com.au/yum/11.2/rhel8-amd64/' + gpgkey: 'https://mariadb.mirror.digitalpacific.com.au/yum/RPM-GPG-KEY-MariaDB' + puppet7_el8: + repository: '8' + description: 'Puppet 7 EL8' + osname: 'puppet7' + release: 'el' + baseurl: 'https://yum.puppet.com/puppet7/el/8/x86_64/' + gpgkey: 'http://yum.puppet.com/RPM-GPG-KEY-puppet' From 705c02c3a1ffaab8e3cd82d180a89ee38afc7519 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Mon, 27 Nov 2023 23:19:01 +1100 Subject: [PATCH 02/11] feat: fix selinux permissions each sync - restorecon on each sync, to update selinux for new files/directories --- site/profiles/manifests/reposync/autosyncer.pp | 4 +++- site/profiles/templates/reposync/autosyncer.erb | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/site/profiles/manifests/reposync/autosyncer.pp b/site/profiles/manifests/reposync/autosyncer.pp index e2e8683..04393cd 100644 --- a/site/profiles/manifests/reposync/autosyncer.pp +++ b/site/profiles/manifests/reposync/autosyncer.pp @@ -1,5 +1,7 @@ # setup the autosyncer -class profiles::reposync::autosyncer { +class profiles::reposync::autosyncer ( + Stdlib::Absolutepath $basepath = '/data/repos', +) { # Ensure the autosyncer script is present and executable file { '/usr/local/bin/autosyncer': diff --git a/site/profiles/templates/reposync/autosyncer.erb b/site/profiles/templates/reposync/autosyncer.erb index 9c3caed..cd6c963 100644 --- a/site/profiles/templates/reposync/autosyncer.erb +++ b/site/profiles/templates/reposync/autosyncer.erb @@ -88,4 +88,7 @@ for conf in /etc/reposync/conf.d/*.conf; do # After syncing each repo, fix the repository metadata create_repo_metadata "${snap_path}" + # Update selinux + restorecon <%= @basepath %> + done From cfec05f3c77a5e98c6a98ecb122e5f6eb83f5ccf Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Mon, 27 Nov 2023 23:27:44 +1100 Subject: [PATCH 03/11] feat: update repositories to sync - remove epel modular - add postgresql 16 for rhel8 - add postgresql common for rhel8 --- hieradata/roles/infra/reposync/syncer.yaml | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/hieradata/roles/infra/reposync/syncer.yaml b/hieradata/roles/infra/reposync/syncer.yaml index 0427abe..04bf952 100644 --- a/hieradata/roles/infra/reposync/syncer.yaml +++ b/hieradata/roles/infra/reposync/syncer.yaml @@ -42,13 +42,6 @@ profiles::reposync::repos_list: release: '8' baseurl: 'https://dl.fedoraproject.org/pub/epel/8/Everything/x86_64/' gpgkey: 'https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8' - epel_8_modular: - repository: 'Modular' - description: 'EPEL 8 Modular' - osname: 'epel' - release: '8' - baseurl: 'https://dl.fedoraproject.org/pub/epel/8/Modular/x86_64/' - gpgkey: 'https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8' mariadb_11_2_el8: repository: 'el8' description: 'MariaDB 11.2' @@ -63,3 +56,17 @@ profiles::reposync::repos_list: release: 'el' baseurl: 'https://yum.puppet.com/puppet7/el/8/x86_64/' gpgkey: 'http://yum.puppet.com/RPM-GPG-KEY-puppet' + postgresql_rhel8_common: + repository: 'common' + description: 'PostgreSQL Common RHEL 8' + osname: 'postgresql' + release: 'rhel8' + baseurl: 'https://download.postgresql.org/pub/repos/yum/common/redhat/rhel-8-x86_64/' + gpgkey: 'https://download.postgresql.org/pub/repos/yum/RPM-GPG-KEY-PGDG' + postgresql_rhel8_16: + repository: '16' + description: 'PostgreSQL 16 RHEL 8' + osname: 'postgresql' + release: 'rhel8' + baseurl: 'https://download.postgresql.org/pub/repos/yum/16/redhat/rhel-8-x86_64/' + gpgkey: 'https://download.postgresql.org/pub/repos/yum/RPM-GPG-KEY-PGDG' From ae05b870aad0cb5e4994282ea9afc0fc786286ab Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Mon, 27 Nov 2023 23:38:25 +1100 Subject: [PATCH 04/11] fix: wrong scheme for gpgkey - change gpg key for puppet7 from http:// to https:// --- hieradata/roles/infra/reposync/syncer.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hieradata/roles/infra/reposync/syncer.yaml b/hieradata/roles/infra/reposync/syncer.yaml index 04bf952..d76231e 100644 --- a/hieradata/roles/infra/reposync/syncer.yaml +++ b/hieradata/roles/infra/reposync/syncer.yaml @@ -55,7 +55,7 @@ profiles::reposync::repos_list: osname: 'puppet7' release: 'el' baseurl: 'https://yum.puppet.com/puppet7/el/8/x86_64/' - gpgkey: 'http://yum.puppet.com/RPM-GPG-KEY-puppet' + gpgkey: 'https://yum.puppet.com/RPM-GPG-KEY-puppet' postgresql_rhel8_common: repository: 'common' description: 'PostgreSQL Common RHEL 8' From 1ccd8141abcbde5594f4cdd02edc256cc61b623c Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Wed, 29 Nov 2023 23:08:01 +1100 Subject: [PATCH 05/11] feat: add cname for repos --- site/profiles/manifests/reposync/webserver.pp | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/site/profiles/manifests/reposync/webserver.pp b/site/profiles/manifests/reposync/webserver.pp index 66f549a..9321db1 100644 --- a/site/profiles/manifests/reposync/webserver.pp +++ b/site/profiles/manifests/reposync/webserver.pp @@ -30,6 +30,15 @@ class profiles::reposync::webserver ( } } + # export cnames for webserver + profiles::dns::record { "${::facts['networking']['fqdn']}_repos.main.unkin.net_CNAME": + value => $::facts['networking']['hostname'], + type => 'CNAME', + record => 'repos.main.unkin.net.', + zone => $::facts['networking']['domain'], + order => 10, + } + if $selinux { # include packages that are required From 8a6b3ef0fb299124fa1e316efbdb7842465a4c36 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sat, 2 Dec 2023 23:45:35 +1100 Subject: [PATCH 06/11] feat: add mirrorlist capability to reposyncer - add mirrorlist param to reposyncer repos - update almalinux 8.8 repos to use mirrorlist - add almalinux 8.9 repos --- hieradata/roles/infra/reposync/syncer.yaml | 48 +++++++++++++++++++--- site/profiles/manifests/reposync/repos.pp | 22 ++++++---- 2 files changed, 56 insertions(+), 14 deletions(-) diff --git a/hieradata/roles/infra/reposync/syncer.yaml b/hieradata/roles/infra/reposync/syncer.yaml index d76231e..e6a341e 100644 --- a/hieradata/roles/infra/reposync/syncer.yaml +++ b/hieradata/roles/infra/reposync/syncer.yaml @@ -5,42 +5,78 @@ profiles::reposync::repos_list: description: 'AlmaLinux 8.8 - BaseOS' osname: 'almalinux' release: '8.8' - baseurl: 'http://mirror.aarnet.edu.au/pub/almalinux/8.8/BaseOS/x86_64/os/' + mirrorlist: https://mirrors.almalinux.org/mirrorlist/8.8/baseos gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux' almalinux_8_8_appstream: repository: 'AppStream' description: 'AlmaLinux 8.8 - AppStream' osname: 'almalinux' release: '8.8' - baseurl: 'http://mirror.aarnet.edu.au/pub/almalinux/8.8/AppStream/x86_64/os/' + mirrorlist: https://mirrors.almalinux.org/mirrorlist/8.8/appstream gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux' almalinux_8_8_highavailability: repository: 'HighAvailability' description: 'AlmaLinux 8.8 - HighAvailability' osname: 'almalinux' release: '8.8' - baseurl: 'http://mirror.aarnet.edu.au/pub/almalinux/8.8/HighAvailability/x86_64/os/' + mirrorlist: https://mirrors.almalinux.org/mirrorlist/8.8/ha gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux' almalinux_8_8_powertools: repository: 'PowerTools' description: 'AlmaLinux 8.8 - PowerTools' osname: 'almalinux' release: '8.8' - baseurl: 'http://mirror.aarnet.edu.au/pub/almalinux/8.8/PowerTools/x86_64/os/' + mirrorlist: https://mirrors.almalinux.org/mirrorlist/8.8/powertools gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux' almalinux_8_8_extras: repository: 'extras' description: 'AlmaLinux 8.8 - extras' osname: 'almalinux' release: '8.8' - baseurl: 'http://mirror.aarnet.edu.au/pub/almalinux/8.8/extras/x86_64/os/' + mirrorlist: https://mirrors.almalinux.org/mirrorlist/8.8/extras + gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux' + almalinux_8_9_baseos: + repository: 'BaseOS' + description: 'AlmaLinux 8.9 - BaseOS' + osname: 'almalinux' + release: '8.9' + mirrorlist: https://mirrors.almalinux.org/mirrorlist/8.9/baseos + gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux' + almalinux_8_9_appstream: + repository: 'AppStream' + description: 'AlmaLinux 8.9 - AppStream' + osname: 'almalinux' + release: '8.9' + mirrorlist: https://mirrors.almalinux.org/mirrorlist/8.9/appstream + gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux' + almalinux_8_9_highavailability: + repository: 'HighAvailability' + description: 'AlmaLinux 8.9 - HighAvailability' + osname: 'almalinux' + release: '8.9' + mirrorlist: https://mirrors.almalinux.org/mirrorlist/8.9/ha + gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux' + almalinux_8_9_powertools: + repository: 'PowerTools' + description: 'AlmaLinux 8.9 - PowerTools' + osname: 'almalinux' + release: '8.9' + mirrorlist: https://mirrors.almalinux.org/mirrorlist/8.9/powertools + gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux' + almalinux_8_9_extras: + repository: 'extras' + description: 'AlmaLinux 8.9 - extras' + osname: 'almalinux' + release: '8.9' + mirrorlist: https://mirrors.almalinux.org/mirrorlist/8.9/extras gpgkey: 'http://mirror.aarnet.edu.au/pub/almalinux/RPM-GPG-KEY-AlmaLinux' epel_8_everything: repository: 'Everything' description: 'EPEL 8 Everything' osname: 'epel' release: '8' - baseurl: 'https://dl.fedoraproject.org/pub/epel/8/Everything/x86_64/' + # baseurl: 'https://dl.fedoraproject.org/pub/epel/8/Everything/x86_64/' + mirrorlist: 'https://mirrors.fedoraproject.org/mirrorlist?repo=epel-8&arch=x86_64' gpgkey: 'https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8' mariadb_11_2_el8: repository: 'el8' diff --git a/site/profiles/manifests/reposync/repos.pp b/site/profiles/manifests/reposync/repos.pp index 5886785..046e404 100644 --- a/site/profiles/manifests/reposync/repos.pp +++ b/site/profiles/manifests/reposync/repos.pp @@ -4,26 +4,32 @@ define profiles::reposync::repos ( String $description, String $osname, String $release, - Stdlib::HTTPUrl $baseurl, Stdlib::HTTPUrl $gpgkey, String $arch = 'x86_64', String $repo_owner = 'root', String $repo_group = 'root', Stdlib::Absolutepath $basepath = '/data/repos', + Optional[Stdlib::HTTPUrl] $baseurl = undef, + Optional[Stdlib::HTTPUrl] $mirrorlist = undef, ){ + if ($mirrorlist == undef and $baseurl == undef) or ($mirrorlist != undef and $baseurl != undef) { + fail('profiles::reposync::repos must have either mirrorlist or baseurl set, but not both') + } + $repos_name = downcase("${osname}-${release}-${repository}-${arch}") $conf_file = "/etc/reposync/conf.d/${repos_name}.conf" # Create the repository configuration yumrepo { $repos_name: - ensure => 'present', - descr => $description, - baseurl => $baseurl, - gpgkey => $gpgkey, - target => '/etc/yum.repos.d/reposync.repo', - enabled => 0, - gpgcheck => 1, + ensure => 'present', + descr => $description, + baseurl => $baseurl, + mirrorlist => $mirrorlist, + gpgkey => $gpgkey, + target => '/etc/yum.repos.d/reposync.repo', + enabled => 0, + gpgcheck => 1, } # Ensure the repo dest path exists From 08c14c232959188c87dc3b6ebcdb21ca4019e027 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sun, 3 Dec 2023 16:49:38 +1100 Subject: [PATCH 07/11] feat: split agent service/package from config - split package/service from config so puppetservers agents can be managed in the same was as clients --- hieradata/os/AlmaLinux/all_releases.yaml | 2 +- hieradata/os/Debian/Debian11.yaml | 2 +- hieradata/os/Debian/Debian12.yaml | 2 +- site/profiles/manifests/base.pp | 3 ++ site/profiles/manifests/puppet/agent.pp | 35 +++++++++++++++++++++ site/profiles/manifests/puppet/client.pp | 39 +----------------------- 6 files changed, 42 insertions(+), 41 deletions(-) create mode 100644 site/profiles/manifests/puppet/agent.pp diff --git a/hieradata/os/AlmaLinux/all_releases.yaml b/hieradata/os/AlmaLinux/all_releases.yaml index 105a19a..6592ae6 100644 --- a/hieradata/os/AlmaLinux/all_releases.yaml +++ b/hieradata/os/AlmaLinux/all_releases.yaml @@ -6,4 +6,4 @@ profiles::firewall::firewalld::ensure_package: 'absent' profiles::firewall::firewalld::ensure_service: 'stopped' profiles::firewall::firewalld::enable_service: false -profiles::puppet::client::puppet_version: '7.26.0' +profiles::puppet::agent::puppet_version: '7.26.0' diff --git a/hieradata/os/Debian/Debian11.yaml b/hieradata/os/Debian/Debian11.yaml index 41e6201..594461c 100644 --- a/hieradata/os/Debian/Debian11.yaml +++ b/hieradata/os/Debian/Debian11.yaml @@ -11,4 +11,4 @@ profiles::apt::components: - main - non-free -profiles::puppet::client::puppet_version: '7.25.0-1bullseye' +profiles::puppet::agent::puppet_version: '7.25.0-1bullseye' diff --git a/hieradata/os/Debian/Debian12.yaml b/hieradata/os/Debian/Debian12.yaml index fab31d1..f6b5f7d 100644 --- a/hieradata/os/Debian/Debian12.yaml +++ b/hieradata/os/Debian/Debian12.yaml @@ -12,4 +12,4 @@ profiles::apt::components: - non-free - non-free-firmware -profiles::puppet::client::puppet_version: 'latest' +profiles::puppet::agent::puppet_version: 'latest' diff --git a/site/profiles/manifests/base.pp b/site/profiles/manifests/base.pp index 6337422..62b242e 100644 --- a/site/profiles/manifests/base.pp +++ b/site/profiles/manifests/base.pp @@ -16,6 +16,9 @@ class profiles::base ( } } + # manage the puppet agent + include profiles::puppet::agent + # manage puppet clients if ! member($puppet_servers, $trusted['certname']) { include profiles::puppet::client diff --git a/site/profiles/manifests/puppet/agent.pp b/site/profiles/manifests/puppet/agent.pp new file mode 100644 index 0000000..0c2122e --- /dev/null +++ b/site/profiles/manifests/puppet/agent.pp @@ -0,0 +1,35 @@ +# profiles::puppet::agent +# This class manages Puppet agent package and service. +class profiles::puppet::agent ( + String $puppet_version = 'latest', +) { + + # Ensure the puppet-agent package is installed and locked to a specific version + package { 'puppet-agent': + ensure => $puppet_version, + } + + # if puppet-version is anything other than latest, set a versionlock + $puppet_versionlock_ensure = $puppet_version ? { + 'latest' => 'absent', + default => 'present', + } + $puppet_versionlock_version = $puppet_version ? { + 'latest' => undef, + default => $puppet_version, + } + yum::versionlock{'puppet-agent': + ensure => $puppet_versionlock_ensure, + version => $puppet_versionlock_version, + } + + # Ensure the puppet service is running + service { 'puppet': + ensure => 'running', + enable => true, + hasrestart => true, + require => Package['puppet-agent'], + } + +} + diff --git a/site/profiles/manifests/puppet/client.pp b/site/profiles/manifests/puppet/client.pp index 68ab61a..973f621 100644 --- a/site/profiles/manifests/puppet/client.pp +++ b/site/profiles/manifests/puppet/client.pp @@ -1,15 +1,6 @@ # Class: profiles::puppet::client # -# This class manages Puppet client configuration and service. -# -# Parameters: -# vardir - Directory path for variable data. -# logdir - Directory path for logs. -# rundir - Directory path for run-time data. -# pidfile - File path for the PID file. -# codedir - Directory path for code data. -# dns_alt_names - Array of alternate DNS names for the server. -# server - Server's name. +# This class manages Puppet client configuration. # # site/profile/manifests/puppet/client.pp class profiles::puppet::client ( @@ -21,36 +12,8 @@ class profiles::puppet::client ( Integer $runtimeout = 3600, Boolean $show_diff = true, Boolean $usecacheonfailure = false, - String $puppet_version = 'latest', ) { - # Ensure the puppet-agent package is installed and locked to a specific version - package { 'puppet-agent': - ensure => $puppet_version, - } - - # if puppet-version is anything other than latest, set a versionlock - $puppet_versionlock_ensure = $puppet_version ? { - 'latest' => 'absent', - default => 'present', - } - $puppet_versionlock_version = $puppet_version ? { - 'latest' => undef, - default => $puppet_version, - } - yum::versionlock{'puppet-agent': - ensure => $puppet_versionlock_ensure, - version => $puppet_versionlock_version, - } - - # Ensure the puppet service is running - service { 'puppet': - ensure => 'running', - enable => true, - hasrestart => true, - require => Package['puppet-agent'], - } - # Assuming you want to manage puppet.conf with this profile file { '/etc/puppetlabs/puppet/puppet.conf': ensure => 'present', From 8f04de2b5212b51b7f420c6db51df1e8f9177bad Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sun, 3 Dec 2023 17:07:45 +1100 Subject: [PATCH 08/11] feat: add/remove capabilities for packages - add deepmerge lookup_options - add packages to remove and packages to add to profiles::packages::base class --- hieradata/common.yaml | 41 +++++++++++++++++++++++- site/profiles/manifests/packages/base.pp | 30 ++++++++--------- 2 files changed, 55 insertions(+), 16 deletions(-) diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 77fddd3..7e4f7ee 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -1,4 +1,12 @@ --- +lookup_options: + profiles::packages::base::add: + merge: + strategy: deep + profiles::packages::base::remove: + merge: + strategy: deep + profiles::ntp::client::ntp_role: 'roles::infra::ntp::server' profiles::ntp::client::peers: - 0.pool.ntp.org @@ -12,23 +20,54 @@ profiles::base::puppet_servers: profiles::dns::master::basedir: '/var/named/sources' profiles::dns::base::ns_role: 'roles::infra::dns::resolver' -profiles::packages::base: +profiles::packages::base::add: - bash-completion + - bzip2 - ccze - curl - dstat + - gzip - htop + - inotify-tools + - iotop + - jq + - lz4 + - lzo - mtr - ncdu - neovim + - p7zip + - pbzip2 + - pigz + - pv - rsync - screen - strace + - sysstat - tmux + - traceroute - vim - vnstat - wget + - xz - zsh + - zstd + +profiles::packages::base::remove: + - iwl100-firmware + - iwl1000-firmware + - iwl105-firmware + - iwl135-firmware + - iwl2000-firmware + - iwl2030-firmware + - iwl3160-firmware + - iwl5000-firmware + - iwl5150-firmware + - iwl6000-firmware + - iwl6000g2a-firmware + - iwl6050-firmware + - iwl7260-firmware + - puppet7-release profiles::base::scripts::scripts: puppet: puppetwrapper.py diff --git a/site/profiles/manifests/packages/base.pp b/site/profiles/manifests/packages/base.pp index 807c8a8..f7d51cf 100644 --- a/site/profiles/manifests/packages/base.pp +++ b/site/profiles/manifests/packages/base.pp @@ -1,21 +1,21 @@ # This class manages the installation of packages for the base profile # # Parameters: -# - $packages: An array of package names to be installed (optional) -# - $ensure: Enum of present, absent, latest or installed (optional) -# -# Example usage: -# class { 'profiles::base::packages': -# packages => ['package1', 'package2', 'package3'], +# - $add: An array of package names to be installed +# - $remove: An array of package names to be removed # class profiles::packages::base ( - Array $packages = lookup('profiles::packages::base', Array, 'first', []), - Enum[ - 'present', - 'absent', - 'latest', - 'installed' - ] $ensure = 'installed', -){ - ensure_packages($packages, {'ensure' => $ensure}) + Array $add = [], + Array $remove = [], +) { + + # Ensure packages to add are installed + ensure_packages($add, {'ensure' => 'present'}) + + # Ensure packages to remove are absent + $remove.each |String $package| { + package { $package: + ensure => 'absent', + } + } } From d8ff9ddb11d1900c3e8b979d13a0bd508b8809d3 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sun, 3 Dec 2023 17:43:49 +1100 Subject: [PATCH 09/11] feat: setup/manage dnf-autoupdate - create service to run dnf update - create timer to call the service - manage settings via params --- site/profiles/manifests/yum/autoupdater.pp | 18 ++++++++++++++++++ site/profiles/manifests/yum/global.pp | 4 ++++ .../templates/yum/autoupdate_service.erb | 6 ++++++ .../templates/yum/autoupdate_timer.erb | 10 ++++++++++ 4 files changed, 38 insertions(+) create mode 100644 site/profiles/manifests/yum/autoupdater.pp create mode 100644 site/profiles/templates/yum/autoupdate_service.erb create mode 100644 site/profiles/templates/yum/autoupdate_timer.erb diff --git a/site/profiles/manifests/yum/autoupdater.pp b/site/profiles/manifests/yum/autoupdater.pp new file mode 100644 index 0000000..17b2935 --- /dev/null +++ b/site/profiles/manifests/yum/autoupdater.pp @@ -0,0 +1,18 @@ +# profiles::yum::autoupdater +# +# manage automatic updates for dnf +# +class profiles::yum::autoupdater ( + String $on_calendar = '*-*-* 05:00:00', + Integer $randomized_delay_sec = 1800, + Boolean $enabled = true, +) { + + # Ensure the timer is enabled and running + systemd::timer { 'dnf-autoupdate.timer': + timer_content => template('profiles/yum/autoupdate_timer.erb'), + service_content => template('profiles/yum/autoupdate_service.erb'), + active => true, + enable => true, + } +} diff --git a/site/profiles/manifests/yum/global.pp b/site/profiles/manifests/yum/global.pp index eca5715..119230e 100644 --- a/site/profiles/manifests/yum/global.pp +++ b/site/profiles/manifests/yum/global.pp @@ -86,4 +86,8 @@ class profiles::yum::global ( class { 'profiles::yum::puppet7': managed_repos => $managed_repos, } + + # setup dnf-autoupdate + include profiles::yum::autoupdater + } diff --git a/site/profiles/templates/yum/autoupdate_service.erb b/site/profiles/templates/yum/autoupdate_service.erb new file mode 100644 index 0000000..988b272 --- /dev/null +++ b/site/profiles/templates/yum/autoupdate_service.erb @@ -0,0 +1,6 @@ +[Unit] +Description=dnf-autoupdater-service + +[Service] +Type=oneshot +ExecStart=/usr/bin/dnf update -y diff --git a/site/profiles/templates/yum/autoupdate_timer.erb b/site/profiles/templates/yum/autoupdate_timer.erb new file mode 100644 index 0000000..6dcc3cb --- /dev/null +++ b/site/profiles/templates/yum/autoupdate_timer.erb @@ -0,0 +1,10 @@ +[Unit] +Description=dnf-autoupdater-timer + +[Timer] +OnCalendar=<%= @on_calendar %> +RandomizedDelaySec=<%= @randomized_delay_sec %> +Persistent=true + +[Install] +WantedBy=timers.target From ebd20a5e5ae7e24f598b43e83e43a27020e9ced9 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Fri, 8 Dec 2023 21:25:01 +1100 Subject: [PATCH 10/11] feat: mysql wsrep_ facts - add facts generated from mysql's wsrep status variables --- site/profiles/lib/facter/mysql_wsrep.rb | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 site/profiles/lib/facter/mysql_wsrep.rb diff --git a/site/profiles/lib/facter/mysql_wsrep.rb b/site/profiles/lib/facter/mysql_wsrep.rb new file mode 100644 index 0000000..caf5459 --- /dev/null +++ b/site/profiles/lib/facter/mysql_wsrep.rb @@ -0,0 +1,21 @@ +# frozen_string_literal: true + +# skip if mysql isnt installed or active +next unless system('which mysql > /dev/null 2>&1') +next unless system('systemctl is-active --quiet mariadb') + +# export mysql wsrep status +wsrep_status = `mysql -e "SHOW STATUS LIKE 'wsrep%';"` + +# loop over the output +wsrep_status.each_line do |line| + # skip the line unless it starts with 'wsrep_' + next unless line.match(/^wsrep_/) + + key, value = line.split("\t") + Facter.add("mysql_#{key.strip}") do + setcode do + value.strip + end + end +end From a9aabfa161e18b5079caf04dc624e88042cbce14 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Fri, 8 Dec 2023 21:32:32 +1100 Subject: [PATCH 11/11] fix: failed to test previously - change next's outside of a loop to a single if statement --- site/profiles/lib/facter/mysql_wsrep.rb | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/site/profiles/lib/facter/mysql_wsrep.rb b/site/profiles/lib/facter/mysql_wsrep.rb index caf5459..e5ff2a2 100644 --- a/site/profiles/lib/facter/mysql_wsrep.rb +++ b/site/profiles/lib/facter/mysql_wsrep.rb @@ -1,21 +1,21 @@ # frozen_string_literal: true # skip if mysql isnt installed or active -next unless system('which mysql > /dev/null 2>&1') -next unless system('systemctl is-active --quiet mariadb') +if system('which mysql > /dev/null 2>&1') && system('systemctl is-active --quiet mariadb') -# export mysql wsrep status -wsrep_status = `mysql -e "SHOW STATUS LIKE 'wsrep%';"` + # export mysql wsrep status + wsrep_status = `mysql -e "SHOW STATUS LIKE 'wsrep%';"` -# loop over the output -wsrep_status.each_line do |line| - # skip the line unless it starts with 'wsrep_' - next unless line.match(/^wsrep_/) + # loop over the output + wsrep_status.each_line do |line| + # skip the line unless it starts with 'wsrep_' + next unless line.match(/^wsrep_/) - key, value = line.split("\t") - Facter.add("mysql_#{key.strip}") do - setcode do - value.strip + key, value = line.split("\t") + Facter.add("mysql_#{key.strip}") do + setcode do + value.strip + end end end end