feat: firstrun improvements

- add fact to detect firstrun
- run a limited subset of classes on firstrun
- firstrun: includes:
  - vault ca certificates
  - yum/apt repositories
  - fast-install packages with an exec

modules/libs/lib/facter/firstrun.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+Facter.add(:firstrun) do
+  confine kernel: 'Linux'
+  setcode do
+    File.exist?('/root/.cache/puppet_firstrun_complete') ? false : true
+  end
+end

site/profiles/manifests/base.pp

@@ -3,6 +3,11 @@ class profiles::base (
   Array  $puppet_servers,
 ) {
 
+  # run a limited set of classes on the first run aimed at bootstrapping the new node
+  if $facts['firstrun'] {
+    include profiles::firstrun::init
+  }else{
+
     # install the vault ca first
     include profiles::pki::vaultca
 
@@ -57,5 +62,5 @@ class profiles::base (
     Class['profiles::pki::vaultca']
     -> Class['profiles::base::repos']
     -> Class['profiles::packages']
-
+  }
 }

site/profiles/manifests/firstrun/complete.pp

@@ -0,0 +1,11 @@
+# profiles::firstrun::complete
+class profiles::firstrun::complete {
+
+  file {'/root/.cache/puppet_firstrun_complete':
+    ensure  => 'file',
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0750',
+    content => 'firstrun completed',
+  }
+}

site/profiles/manifests/firstrun/init.pp

@@ -0,0 +1,19 @@
+# profiles::firstrun::init
+class profiles::firstrun::init {
+
+  # include the required CA certificates
+  include profiles::pki::vaultca
+
+  # fast install packages on the first run
+  include profiles::base::repos
+  include profiles::firstrun::packages
+
+  # mark the firstrun as done
+  include profiles::firstrun::complete
+
+
+  Class['profiles::pki::vaultca']
+  -> Class['profiles::base::repos']
+  -> Class['profiles::firstrun::packages']
+  -> Class['profiles::firstrun::complete']
+}

site/profiles/manifests/firstrun/packages.pp

@@ -0,0 +1,27 @@
+# profiles::firstrun::packages
+class profiles::firstrun::packages {
+  # include the correct package repositories, define the install_packages exec
+  case $facts['os']['family'] {
+    'RedHat': {
+      include profiles::yum::global
+      $install_command = 'dnf install -y'
+    }
+    'Debian': {
+      include profiles::apt::global
+      $install_command = 'apt-get install -y'
+    }
+    default: {
+      fail("Unsupported OS family ${facts['os']['family']}")
+    }
+  }
+
+  # get all the packages to install, and convert into a space separated list
+  $packages = hiera_array('profiles::packages::install', [])
+  $package_list = $packages.join(' ')
+
+  # install all the packages
+  exec { 'install_packages':
+    command => "${install_command} ${package_list}",
+    path    => ['/bin', '/usr/bin'],
+  }
+}