diff --git a/hieradata/common.yaml b/hieradata/common.yaml index a257843..aa7b70c 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -1,9 +1,15 @@ --- lookup_options: - profiles::packages::base::add: + profiles::packages::install: merge: strategy: deep - profiles::packages::base::remove: + profiles::packages::install_exclude: + merge: + strategy: deep + profiles::packages::remove: + merge: + strategy: deep + profiles::packages::remove_exclude: merge: strategy: deep @@ -22,13 +28,14 @@ profiles::base::puppet_servers: profiles::dns::master::basedir: '/var/named/sources' profiles::dns::base::ns_role: 'roles::infra::dns::resolver' -profiles::packages::base::add: +profiles::packages::install: - bash-completion - bzip2 - ccze - curl - dstat - gzip + - git - htop - inotify-tools - iotop @@ -57,7 +64,7 @@ profiles::packages::base::add: - zsh - zstd -profiles::packages::base::remove: +profiles::packages::remove: - iwl100-firmware - iwl1000-firmware - iwl105-firmware diff --git a/hieradata/roles/infra.yaml b/hieradata/roles/infra.yaml index b2164e7..3192355 100644 --- a/hieradata/roles/infra.yaml +++ b/hieradata/roles/infra.yaml @@ -1,4 +1,7 @@ --- +profiles::packages::install: + - policycoreutils + profiles::puppet::puppetdb::puppetdb_host: prodinf01n04.main.unkin.net profiles::puppet::puppetdb::postgres_host: prodinf01n05.main.unkin.net puppetdb::master::config::create_puppet_service_resource: false diff --git a/hieradata/roles/infra/reposync/syncer.yaml b/hieradata/roles/infra/reposync/syncer.yaml index b9d9dc0..762a9d4 100644 --- a/hieradata/roles/infra/reposync/syncer.yaml +++ b/hieradata/roles/infra/reposync/syncer.yaml @@ -1,4 +1,7 @@ --- +profiles::packages::install: + - createrepo + profiles::reposync::repos_list: almalinux_8_9_baseos: repository: 'BaseOS' diff --git a/site/profiles/manifests/base.pp b/site/profiles/manifests/base.pp index 607136b..40eaa2b 100644 --- a/site/profiles/manifests/base.pp +++ b/site/profiles/manifests/base.pp @@ -25,7 +25,7 @@ class profiles::base ( } # include the base profiles - include profiles::packages::base + include profiles::packages include profiles::base::facts include profiles::base::motd include profiles::base::scripts diff --git a/site/profiles/manifests/packages.pp b/site/profiles/manifests/packages.pp new file mode 100644 index 0000000..ca43908 --- /dev/null +++ b/site/profiles/manifests/packages.pp @@ -0,0 +1,23 @@ +# This class manages the installation of packages for the base profile +# +# Parameters: +# - $install: An array of package names to be installed +# - $remove: An array of package names to be removed +# +class profiles::packages ( + Array $install = [], + Array $install_exclude = [], + Array $remove = [], + Array $remove_exclude = [], +) { + + # Filter out excluded packages + $install_real = $install.filter |$item| { !$install_exclude.any |$exclude_item| { $exclude_item == $item } } + $remove_real = $remove.filter |$item| { !$remove_exclude.any |$exclude_item| { $exclude_item == $item } } + + # Ensure packages to install are installed + ensure_packages($install_real, {'ensure' => 'present'}) + + # Ensure packages to remove are absent + ensure_packages($remove_real, {'ensure' => 'absent'}) +} diff --git a/site/profiles/manifests/packages/base.pp b/site/profiles/manifests/packages/base.pp deleted file mode 100644 index f7d51cf..0000000 --- a/site/profiles/manifests/packages/base.pp +++ /dev/null @@ -1,21 +0,0 @@ -# This class manages the installation of packages for the base profile -# -# Parameters: -# - $add: An array of package names to be installed -# - $remove: An array of package names to be removed -# -class profiles::packages::base ( - Array $add = [], - Array $remove = [], -) { - - # Ensure packages to add are installed - ensure_packages($add, {'ensure' => 'present'}) - - # Ensure packages to remove are absent - $remove.each |String $package| { - package { $package: - ensure => 'absent', - } - } -} diff --git a/site/profiles/manifests/packages/git.pp b/site/profiles/manifests/packages/git.pp deleted file mode 100644 index 578aca7..0000000 --- a/site/profiles/manifests/packages/git.pp +++ /dev/null @@ -1,11 +0,0 @@ -# installs git related packages -# -class profiles::packages::git ( - Array[String] $packages = lookup('profiles::packages::git', Array, 'first', ['git']), -) { - $packages.each |String $package| { - package { $package: - ensure => installed, - } - } -} diff --git a/site/profiles/manifests/packages/reposync.pp b/site/profiles/manifests/packages/reposync.pp deleted file mode 100644 index f6525a5..0000000 --- a/site/profiles/manifests/packages/reposync.pp +++ /dev/null @@ -1,11 +0,0 @@ -# installs reposync related packages -# -class profiles::packages::reposync ( - Array[String] $packages = lookup('profiles::packages::reposync', Array, 'first', ['createrepo']), -) { - $packages.each |String $package| { - package { $package: - ensure => installed, - } - } -} diff --git a/site/profiles/manifests/packages/selinux.pp b/site/profiles/manifests/packages/selinux.pp deleted file mode 100644 index 1bbd457..0000000 --- a/site/profiles/manifests/packages/selinux.pp +++ /dev/null @@ -1,11 +0,0 @@ -# installs selinux related packages -# -class profiles::packages::selinux ( - Array[String] $packages = lookup('profiles::packages::selinux', Array, 'first', ['policycoreutils']), -) { - $packages.each |String $package| { - package { $package: - ensure => installed, - } - } -} diff --git a/site/profiles/manifests/puppet/enc.pp b/site/profiles/manifests/puppet/enc.pp index dad9d11..b0a4a49 100644 --- a/site/profiles/manifests/puppet/enc.pp +++ b/site/profiles/manifests/puppet/enc.pp @@ -39,8 +39,6 @@ class profiles::puppet::enc ( Boolean $force = false, ) { - include profiles::packages::git - vcsrepo { '/opt/puppetlabs/enc': ensure => latest, provider => git, diff --git a/site/profiles/manifests/puppet/g10k.pp b/site/profiles/manifests/puppet/g10k.pp index 617190b..eddb6f1 100644 --- a/site/profiles/manifests/puppet/g10k.pp +++ b/site/profiles/manifests/puppet/g10k.pp @@ -36,9 +36,6 @@ class profiles::puppet::g10k ( String $environments_path, String $default_environment, ){ - package { 'unzip': - ensure => installed, - } archive { '/tmp/g10k.zip': ensure => present, @@ -47,6 +44,7 @@ class profiles::puppet::g10k ( extract_path => '/opt/puppetlabs/bin', creates => '/opt/puppetlabs/bin/g10k', cleanup => true, + require => Package['unzip'] } file { '/opt/puppetlabs/bin/puppet-g10k': diff --git a/site/profiles/manifests/puppet/r10k.pp b/site/profiles/manifests/puppet/r10k.pp index 402f49a..baa16d5 100644 --- a/site/profiles/manifests/puppet/r10k.pp +++ b/site/profiles/manifests/puppet/r10k.pp @@ -37,8 +37,6 @@ class profiles::puppet::r10k ( String $r10k_repo, ){ - include profiles::packages::git - vcsrepo { '/etc/puppetlabs/r10k': ensure => latest, provider => git, diff --git a/site/profiles/manifests/reposync/autosyncer.pp b/site/profiles/manifests/reposync/autosyncer.pp index 04393cd..5271ec2 100644 --- a/site/profiles/manifests/reposync/autosyncer.pp +++ b/site/profiles/manifests/reposync/autosyncer.pp @@ -10,7 +10,7 @@ class profiles::reposync::autosyncer ( group => 'root', mode => '0755', content => template('profiles/reposync/autosyncer.erb'), - require => Class['profiles::packages::reposync'], + require => Package['createrepo'], } # daily autosyncr service/timer diff --git a/site/profiles/manifests/reposync/syncer.pp b/site/profiles/manifests/reposync/syncer.pp index a670679..3be81d8 100644 --- a/site/profiles/manifests/reposync/syncer.pp +++ b/site/profiles/manifests/reposync/syncer.pp @@ -1,7 +1,6 @@ # setup a reposync syncer class profiles::reposync::syncer { - include profiles::packages::reposync include profiles::reposync::autosyncer include profiles::reposync::autopromoter include profiles::reposync::webserver diff --git a/site/profiles/manifests/reposync/webserver.pp b/site/profiles/manifests/reposync/webserver.pp index 8008968..789ce21 100644 --- a/site/profiles/manifests/reposync/webserver.pp +++ b/site/profiles/manifests/reposync/webserver.pp @@ -40,9 +40,6 @@ class profiles::reposync::webserver ( if $::facts['os']['selinux']['config_mode'] == 'enforcing' { - # include packages that are required - include profiles::packages::selinux - # set httpd_sys_content_t to all files under the www_root selinux::fcontext { $www_root: ensure => 'present', diff --git a/site/profiles/manifests/selinux/mysqld.pp b/site/profiles/manifests/selinux/mysqld.pp index 2c31e82..8a5d3b0 100644 --- a/site/profiles/manifests/selinux/mysqld.pp +++ b/site/profiles/manifests/selinux/mysqld.pp @@ -7,8 +7,6 @@ class profiles::selinux::mysqld ( Boolean $selinuxuser_mysql_connect_enabled = true, String $selinux_mode = 'enforcing', ){ - # include packages that are required - include profiles::packages::selinux # setenforce class { 'profiles::selinux::setenforce': diff --git a/site/profiles/manifests/selinux/nginx.pp b/site/profiles/manifests/selinux/nginx.pp index 2c8f585..25d47f6 100644 --- a/site/profiles/manifests/selinux/nginx.pp +++ b/site/profiles/manifests/selinux/nginx.pp @@ -5,8 +5,6 @@ class profiles::selinux::nginx ( Boolean $httpd_can_network_connect = true, String $selinux_mode = 'enforcing', ){ - # include packages that are required - include profiles::packages::selinux # setenforce class { 'profiles::selinux::setenforce': diff --git a/site/profiles/manifests/selinux/setenforce.pp b/site/profiles/manifests/selinux/setenforce.pp index fa2c753..309ea71 100644 --- a/site/profiles/manifests/selinux/setenforce.pp +++ b/site/profiles/manifests/selinux/setenforce.pp @@ -3,7 +3,8 @@ class profiles::selinux::setenforce ( Enum['enforcing', 'permissive', 'disabled'] $mode = 'enforcing', ) { class { 'selinux': - mode => $mode, + mode => $mode, + require => Package['policycoreutils'] } }