From efc769191e8e9dc8250f16f4244b642f93e23ac5 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sat, 26 Aug 2023 14:28:41 +1000 Subject: [PATCH 1/6] Adding a default environment - set through puppet.conf - created symbolic link from develop -> production in code/environments - changed puppet-g10k script to be generated from a template - parameterised g10k into hieradata --- hieradata/common.yaml | 4 ++++ site/profiles/manifests/puppet/g10k.pp | 10 +++++--- .../profiles/manifests/puppet/puppetmaster.pp | 22 +++++++++-------- site/profiles/manifests/puppet/server.pp | 24 +++++++++++-------- .../templates/puppet/g10k/puppet-g10k.erb | 4 ++++ .../templates/puppet/server/puppet.conf.epp | 2 ++ 6 files changed, 43 insertions(+), 23 deletions(-) create mode 100644 site/profiles/templates/puppet/g10k/puppet-g10k.erb diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 5c004ed..cd02e13 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -32,3 +32,7 @@ profiles::puppet::autosign::domains: profiles::puppet::enc::enc_repo: https://git.unkin.net/unkinben/puppet-enc.git profiles::puppet::r10k::r10k_repo: https://git.unkin.net/unkinben/puppet-r10k.git +profiles::puppet::g10k::bin_path: '/opt/puppetlabs/bin/g10k' +profiles::puppet::g10k::cfg_path: '/etc/puppetlabs/r10k/r10k.yaml' +profiles::puppet::g10k::environments_path: '/etc/puppetlabs/code/environments' +profiles::puppet::g10k::default_environment: 'develop' diff --git a/site/profiles/manifests/puppet/g10k.pp b/site/profiles/manifests/puppet/g10k.pp index 958e53e..617190b 100644 --- a/site/profiles/manifests/puppet/g10k.pp +++ b/site/profiles/manifests/puppet/g10k.pp @@ -30,8 +30,12 @@ # # Limitations: # This is designed to work on Unix-like systems only. -class profiles::puppet::g10k { - +class profiles::puppet::g10k ( + String $bin_path, + String $cfg_path, + String $environments_path, + String $default_environment, +){ package { 'unzip': ensure => installed, } @@ -50,7 +54,7 @@ class profiles::puppet::g10k { owner => 'root', group => 'root', mode => '0755', - content => "#!/usr/bin/bash\n/opt/puppetlabs/bin/g10k -config /etc/puppetlabs/r10k/r10k.yaml\n", + content => template('profiles/puppet/g10k/puppet-g10k.erb'), require => Archive['/tmp/g10k.zip'], } diff --git a/site/profiles/manifests/puppet/puppetmaster.pp b/site/profiles/manifests/puppet/puppetmaster.pp index d50ed16..d9e9e3d 100644 --- a/site/profiles/manifests/puppet/puppetmaster.pp +++ b/site/profiles/manifests/puppet/puppetmaster.pp @@ -29,15 +29,17 @@ class profiles::puppet::puppetmaster { include profiles::puppet::autosign class { 'profiles::puppet::server': - vardir => '/opt/puppetlabs/server/data/puppetserver', - logdir => '/var/log/puppetlabs/puppetserver', - rundir => '/var/run/puppetlabs/puppetserver', - pidfile => '/var/run/puppetlabs/puppetserver/puppetserver.pid', - codedir => '/etc/puppetlabs/code', - dns_alt_names => ['prodinf01n01.main.unkin.net'], - server => 'prodinf01n01.main.unkin.net', - node_terminus => 'exec', - external_nodes => '/opt/puppetlabs/bin/enc', - autosign => '/etc/puppetlabs/puppet/autosign.conf', + vardir => '/opt/puppetlabs/server/data/puppetserver', + logdir => '/var/log/puppetlabs/puppetserver', + rundir => '/var/run/puppetlabs/puppetserver', + pidfile => '/var/run/puppetlabs/puppetserver/puppetserver.pid', + codedir => '/etc/puppetlabs/code', + dns_alt_names => ['prodinf01n01.main.unkin.net'], + server => 'prodinf01n01.main.unkin.net', + node_terminus => 'exec', + external_nodes => '/opt/puppetlabs/bin/enc', + autosign => '/etc/puppetlabs/puppet/autosign.conf', + default_manifest => '/etc/puppetlabs/code/environments/develop/manifests', + default_environment => 'develop', } } diff --git a/site/profiles/manifests/puppet/server.pp b/site/profiles/manifests/puppet/server.pp index 03b82c3..ca68998 100644 --- a/site/profiles/manifests/puppet/server.pp +++ b/site/profiles/manifests/puppet/server.pp @@ -25,6 +25,8 @@ class profiles::puppet::server ( String $node_terminus, String $external_nodes, String $autosign, + String $default_manifest, + String $default_environment, ) { file { '/etc/puppetlabs/puppet/puppet.conf': @@ -33,16 +35,18 @@ class profiles::puppet::server ( group => 'root', mode => '0644', content => epp('profiles/puppet/server/puppet.conf.epp', { - 'vardir' => $vardir, - 'logdir' => $logdir, - 'rundir' => $rundir, - 'pidfile' => $pidfile, - 'codedir' => $codedir, - 'dns_alt_names' => join($dns_alt_names, ','), - 'server' => $server, - 'node_terminus' => $node_terminus, - 'external_nodes' => $external_nodes, - 'autosign' => $autosign, + 'vardir' => $vardir, + 'logdir' => $logdir, + 'rundir' => $rundir, + 'pidfile' => $pidfile, + 'codedir' => $codedir, + 'dns_alt_names' => join($dns_alt_names, ','), + 'server' => $server, + 'node_terminus' => $node_terminus, + 'external_nodes' => $external_nodes, + 'autosign' => $autosign, + 'default_manifest' => $default_manifest, + 'default_environment' => $default_environment, }), notify => Service['puppetserver'], } diff --git a/site/profiles/templates/puppet/g10k/puppet-g10k.erb b/site/profiles/templates/puppet/g10k/puppet-g10k.erb new file mode 100644 index 0000000..2bb537e --- /dev/null +++ b/site/profiles/templates/puppet/g10k/puppet-g10k.erb @@ -0,0 +1,4 @@ +#!/usr/bin/bash +<%= @bin_path %> -config <%= @cfg_path %> +rm -f <%= @environments_path %>/production +ln -s <%= @environments_path %>/<%= @default_environment %> <%= @environments_path %>/production diff --git a/site/profiles/templates/puppet/server/puppet.conf.epp b/site/profiles/templates/puppet/server/puppet.conf.epp index 37f3a5e..a22777b 100644 --- a/site/profiles/templates/puppet/server/puppet.conf.epp +++ b/site/profiles/templates/puppet/server/puppet.conf.epp @@ -15,3 +15,5 @@ server = <%= $server %> node_terminus = exec external_nodes = <%= $external_nodes %> autosign = <%= $autosign %> +default_manifest = <%= $default_manifest %> +default_environment = <%= $default_environment %> From afb30f9dcec2c89896086cd94a6b7f91130722c7 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sat, 26 Aug 2023 19:45:43 +1000 Subject: [PATCH 2/6] Updated dns_alt_names for puppetmaster --- site/profiles/manifests/puppet/puppetmaster.pp | 10 +++++++++- site/roles/manifests/base.pp | 6 +++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/site/profiles/manifests/puppet/puppetmaster.pp b/site/profiles/manifests/puppet/puppetmaster.pp index d50ed16..74c2141 100644 --- a/site/profiles/manifests/puppet/puppetmaster.pp +++ b/site/profiles/manifests/puppet/puppetmaster.pp @@ -34,7 +34,15 @@ class profiles::puppet::puppetmaster { rundir => '/var/run/puppetlabs/puppetserver', pidfile => '/var/run/puppetlabs/puppetserver/puppetserver.pid', codedir => '/etc/puppetlabs/code', - dns_alt_names => ['prodinf01n01.main.unkin.net'], + dns_alt_names => [ + 'prodinf01n01.main.unkin.net', + 'puppet.main.unkin.net', + 'puppetca.main.unkin.net', + 'puppetmaster.main.unkin.net', + 'puppet', + 'puppetca', + 'puppetmaster', + ], server => 'prodinf01n01.main.unkin.net', node_terminus => 'exec', external_nodes => '/opt/puppetlabs/bin/enc', diff --git a/site/roles/manifests/base.pp b/site/roles/manifests/base.pp index 86164e4..d6a7fa2 100644 --- a/site/roles/manifests/base.pp +++ b/site/roles/manifests/base.pp @@ -1,6 +1,6 @@ # a role to deploy the base system # work in progress class roles::base { - include profiles::defaults - include profiles::base - } + include profiles::defaults + include profiles::base +} From 81784f819fddf05247c42a9ffb7e65bb6b9701f3 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Tue, 29 Aug 2023 21:46:39 +1000 Subject: [PATCH 3/6] Show commit version when applying puppet - set the config_version in the environment.conf file --- environment.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/environment.conf b/environment.conf index 4569646..19e7e87 100644 --- a/environment.conf +++ b/environment.conf @@ -1,2 +1,3 @@ manifest = manifests/site.pp modulepath = external_modules:site +config_version = '/usr/bin/grep signature /etc/puppetlabs/code/environments/$environment/.g10k-deploy.json | /usr/bin/cut -d \" -f 4' From 2b11a9417c33f4ba3884921832ef076d386cfd54 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Tue, 29 Aug 2023 23:10:40 +1000 Subject: [PATCH 4/6] Account/Sudo management - imported account and sudo puppet modules - created account management wrapper - defined sysadmin account, set to be created on all nodes - removed sudo from base packages as its managed by sudo module now --- Puppetfile | 2 + hieradata/common.yaml | 4 +- site/profiles/manifests/accounts/sysadmin.pp | 15 +++++++ site/profiles/manifests/base.pp | 7 +++ site/profiles/manifests/base/account.pp | 45 ++++++++++++++++++++ 5 files changed, 72 insertions(+), 1 deletion(-) create mode 100644 site/profiles/manifests/accounts/sysadmin.pp create mode 100644 site/profiles/manifests/base/account.pp diff --git a/Puppetfile b/Puppetfile index 5995d48..e24a9bc 100644 --- a/Puppetfile +++ b/Puppetfile @@ -15,3 +15,5 @@ mod 'puppetlabs-vcsrepo', '6.1.0' mod 'puppetlabs-yumrepo_core', '2.0.0' mod 'puppet-yum', '7.0.0' mod 'puppetlabs-apt', '9.1.0' +mod 'saz-sudo', '8.0.0' +mod 'puppetlabs-accounts', '8.1.0' diff --git a/hieradata/common.yaml b/hieradata/common.yaml index cd02e13..8708200 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -14,7 +14,6 @@ profiles::base::packages::common: - python3 - screen - strace - - sudo - tmux - vim - vnstat @@ -36,3 +35,6 @@ profiles::puppet::g10k::bin_path: '/opt/puppetlabs/bin/g10k' profiles::puppet::g10k::cfg_path: '/etc/puppetlabs/r10k/r10k.yaml' profiles::puppet::g10k::environments_path: '/etc/puppetlabs/code/environments' profiles::puppet::g10k::default_environment: 'develop' + +profiles::accounts::sysadmin::sshkeys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ8SRLlPiDylBpdWR9LpvPg4fDVD+DZst4yRPFwMMhta4mnB1H9XuvZkptDhXywWQ7QIcqa2WbhCen0OQJCtwn3s7EYtacmF5MxmwBYocPoK2AArGuh6NA9rwTdLrPdzhZ+gwe88PAzRLNzjm0ZBR+mA9saMbPJdqpKp0AWeAM8QofRQAWuCzQg9i0Pn1KDMvVDRHCZof4pVlHSTyHNektq4ifovn0zhKC8jD/cYu95mc5ftBbORexpGiQWwQ3HZw1IBe0ZETB1qPIPwsoJpt3suvMrL6T2//fcIIUE3TcyJKb/yhztja4TZs5jT8370G/vhlT70He0YPxqHub8ZfBv0khlkY93VBWYpNGJwM1fVqlw7XbfBNdOuJivJac8eW317ZdiDnKkBTxapThpPG3et9ib1HoPGKRsd/fICzNz16h2R3tddSdihTFL+bmTCa6Lo+5t5uRuFjQvhSLSgO2/gRAprc3scYOB4pY/lxOFfq3pU2VvSJtRgLNEYMUYKk= ben@unkin.net diff --git a/site/profiles/manifests/accounts/sysadmin.pp b/site/profiles/manifests/accounts/sysadmin.pp new file mode 100644 index 0000000..81bde92 --- /dev/null +++ b/site/profiles/manifests/accounts/sysadmin.pp @@ -0,0 +1,15 @@ +# create the sysadmin user +class profiles::accounts::sysadmin( + Array[String] $sshkeys = [], +){ + profiles::base::account {'sysadmin': + username => 'sysadmin', + uid => 1000, + gid => 1000, + groups => ['wheel'], + sshkeys => $sshkeys, + sudo_rules => ['sysadmin ALL=(ALL) NOPASSWD:ALL'], + password => '', + ignore_pass => true, + } +} diff --git a/site/profiles/manifests/base.pp b/site/profiles/manifests/base.pp index 5a5493c..7383b59 100644 --- a/site/profiles/manifests/base.pp +++ b/site/profiles/manifests/base.pp @@ -21,4 +21,11 @@ class profiles::base ( packages => hiera('profiles::base::packages::common'), ensure => 'installed', } + + # all hosts will have sudo applied + include sudo + + # default users + include profiles::accounts::sysadmin + } diff --git a/site/profiles/manifests/base/account.pp b/site/profiles/manifests/base/account.pp new file mode 100644 index 0000000..92011b4 --- /dev/null +++ b/site/profiles/manifests/base/account.pp @@ -0,0 +1,45 @@ +# a wrapper for puppetlabs-account and saz-sudo +define profiles::base::account ( + String $username, + Integer $uid, + Integer $gid = undef, + Boolean $manage_home = true, + Boolean $create_group = true, + Boolean $purge_sshkeys = true, + Boolean $system = false, + Boolean $locked = false, + String $password = '!!', + Boolean $ignore_pass = false, + Array[String] $groups = [], + Array[String] $sshkeys = [], + Array[String] $sudo_rules = [], + String $shell = '/usr/bin/bash', +) { + + # Set gid to uid if gid is undef + $final_gid = $gid ? { + undef => $uid, + default => $gid, + } + + # Manage user + accounts::user { $username: + uid => $uid, + gid => $final_gid, + shell => $shell, + groups => $groups, + sshkeys => $sshkeys, + system => $system, + locked => $locked, + password => $password, + create_group => $create_group, + managehome => $manage_home, + purge_sshkeys => $purge_sshkeys, + ignore_password_if_empty => $ignore_pass, + } + + # Manage sudo rules + sudo::conf { "${username}_sudo": + content => $sudo_rules, + } +} From 080cdd8884eac10e09e1d4d2640f96a54ae5498c Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sat, 26 Aug 2023 23:50:22 +1000 Subject: [PATCH 5/6] Setup PuppetDB/Puppetboard - install modules required - puppetdb - postgresql - puppetboard - python - create new profiles to manage each item (puppetdb/puppetboard) - added puppetdb role - include the puppetdb::master::config in puppetmaster role - re-organised the puppetfile - moved python to be managed by the python module - added postgresql to list of managed repos --- Puppetfile | 23 ++++++---- hieradata/common.yaml | 4 +- hieradata/os/AlmaLinux/AlmaLinux8.yaml | 1 + hieradata/os/AlmaLinux/AlmaLinux9.yaml | 1 + site/profiles/manifests/base.pp | 9 ++++ site/profiles/manifests/puppet/puppetboard.pp | 43 +++++++++++++++++++ site/profiles/manifests/puppet/puppetdb.pp | 38 ++++++++++++++++ .../profiles/manifests/puppet/puppetmaster.pp | 1 + site/roles/manifests/puppet/puppetdb.pp | 7 +++ 9 files changed, 118 insertions(+), 9 deletions(-) create mode 100644 site/profiles/manifests/puppet/puppetboard.pp create mode 100644 site/profiles/manifests/puppet/puppetdb.pp create mode 100644 site/roles/manifests/puppet/puppetdb.pp diff --git a/Puppetfile b/Puppetfile index 5995d48..2ac7bc2 100644 --- a/Puppetfile +++ b/Puppetfile @@ -1,17 +1,24 @@ forge 'forge.puppetlabs.com' moduledir 'external_modules' -# Forge Modules +# puppetlabs mod 'puppetlabs-stdlib', '9.1.0' mod 'puppetlabs-inifile', '6.0.0' mod 'puppetlabs-concat', '9.0.0' -#mod 'eyp-eyplib', '0.1.24' -#mod 'eyp-systemd', '3.1.0' -mod 'puppet-systemd', '5.1.0' -mod 'ghoneycutt-puppet', '3.3.0' -mod 'puppet-archive', '7.0.0' -mod 'puppet-chrony', '2.6.0' mod 'puppetlabs-vcsrepo', '6.1.0' mod 'puppetlabs-yumrepo_core', '2.0.0' -mod 'puppet-yum', '7.0.0' mod 'puppetlabs-apt', '9.1.0' +mod 'puppetlabs-puppetdb', '7.13.0' +mod 'puppetlabs-postgresql', '9.1.0' +mod 'puppetlabs-firewall', '6.0.0' + +# puppet +mod 'puppet-python', '7.0.0' +mod 'puppet-systemd', '5.1.0' +mod 'puppet-yum', '7.0.0' +mod 'puppet-archive', '7.0.0' +mod 'puppet-chrony', '2.6.0' +mod 'puppet-puppetboard', '9.0.0' + +# other +mod 'ghoneycutt-puppet', '3.3.0' diff --git a/hieradata/common.yaml b/hieradata/common.yaml index cd02e13..83adf2c 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -11,7 +11,6 @@ profiles::base::packages::common: - mtr - ncdu - neovim - - python3 - screen - strace - sudo @@ -36,3 +35,6 @@ profiles::puppet::g10k::bin_path: '/opt/puppetlabs/bin/g10k' profiles::puppet::g10k::cfg_path: '/etc/puppetlabs/r10k/r10k.yaml' profiles::puppet::g10k::environments_path: '/etc/puppetlabs/code/environments' profiles::puppet::g10k::default_environment: 'develop' +profiles::puppet::puppetdb::puppetdb_host: prodinf01n04.main.unkin.net +puppetdb::master::config::create_puppet_service_resource: false +puppetdb::master::config::puppetdb_host: "%{lookup('profiles::puppet::puppetdb::puppetdb_host')}" diff --git a/hieradata/os/AlmaLinux/AlmaLinux8.yaml b/hieradata/os/AlmaLinux/AlmaLinux8.yaml index b932b45..3447bca 100644 --- a/hieradata/os/AlmaLinux/AlmaLinux8.yaml +++ b/hieradata/os/AlmaLinux/AlmaLinux8.yaml @@ -6,3 +6,4 @@ profiles::yum::managed_repos: - 'appstream' - 'epel' - 'puppet7' + - 'yum.postgresql.org' diff --git a/hieradata/os/AlmaLinux/AlmaLinux9.yaml b/hieradata/os/AlmaLinux/AlmaLinux9.yaml index 2c7f1c2..2613c77 100644 --- a/hieradata/os/AlmaLinux/AlmaLinux9.yaml +++ b/hieradata/os/AlmaLinux/AlmaLinux9.yaml @@ -6,3 +6,4 @@ profiles::yum::managed_repos: - 'appstream' - 'epel' - 'puppet7' + - 'yum.postgresql.org' diff --git a/site/profiles/manifests/base.pp b/site/profiles/manifests/base.pp index 5a5493c..ca34981 100644 --- a/site/profiles/manifests/base.pp +++ b/site/profiles/manifests/base.pp @@ -17,8 +17,17 @@ class profiles::base ( } } + # include the base packages profile class { 'profiles::base::packages': packages => hiera('profiles::base::packages::common'), ensure => 'installed', } + + # include the python class + class { 'python': + manage_python_package => true, + manage_venv_package => true, + manage_pip_package => true, + use_epel => false, + } } diff --git a/site/profiles/manifests/puppet/puppetboard.pp b/site/profiles/manifests/puppet/puppetboard.pp new file mode 100644 index 0000000..85d2d4e --- /dev/null +++ b/site/profiles/manifests/puppet/puppetboard.pp @@ -0,0 +1,43 @@ +# Class: profiles::puppet::puppetboard +# +# This class manages the configuration of Puppetboard, a web frontend for PuppetDB. +# +# Parameters: +# - `python_version`: Specifies the Python version used for the virtualenv where Puppetboard runs. +# - `manage_virtualenv`: Determines if this class should handle the creation of the virtual environment for Puppetboard. +# - `reports_count`: Defines the number of reports to show per node in Puppetboard. +# - `offline_mode`: Determines if Puppetboard should work in offline mode or not. +# - `default_environment`: Sets the default Puppet environment to filter results in Puppetboard. +# +# Usage: +# This class can be called directly in your manifests or through Hiera. +# +# Example: +# To use the default parameters (as shown below), you can declare the class: +# +# include profiles::puppet::puppetboard +# +# Alternatively, you can customize the parameters: +# +# class { 'profiles::puppet::puppetboard': +# python_version => '3.8', +# reports_count => 50, +# offline_mode => false, +# } +# +class profiles::puppet::puppetboard ( + String $python_version = '3.6', + Boolean $manage_virtualenv = false, + Integer $reports_count = 40, + Boolean $offline_mode = true, + String $default_environment = '*', +) { + + class { 'puppetboard': + python_version => $python_version, + manage_virtualenv => $manage_virtualenv, + reports_count => $reports_count, + offline_mode => $offline_mode, + default_environment => $default_environment, + } +} diff --git a/site/profiles/manifests/puppet/puppetdb.pp b/site/profiles/manifests/puppet/puppetdb.pp new file mode 100644 index 0000000..eaf2f44 --- /dev/null +++ b/site/profiles/manifests/puppet/puppetdb.pp @@ -0,0 +1,38 @@ +# profiles::puppet::puppetdb +# +# This class manages the installation and configuration of PuppetDB +# and its underlying PostgreSQL database on a single node. +# +# It makes use of the puppetlabs-puppetdb module to manage both the +# PuppetDB service and its PostgreSQL backend. +# +class profiles::puppet::puppetdb( + String $puppetdb_host, + String $listen_address = $facts['networking']['ip'], +) { + + # disable the postgresql dnf module for el8+ + if $facts['os']['family'] == 'RedHat' and $facts['os']['release']['major'] >= '8' { + # based on https://github.com/puppetlabs/puppetlabs-postgresql/blob/main/manifests/dnfmodule.pp + package { 'postgresql dnf module': + ensure => 'disabled', + name => 'postgresql', + provider => 'dnfmodule', + before => Class['puppetdb::database::postgresql'], + } + } + + # Install and configure PostgreSQL for PuppetDB + class { 'puppetdb::database::postgresql': + listen_addresses => $listen_address, + postgresql_ssl_on => false, + postgres_version => '15', + puppetdb_server => $puppetdb_host, + before => Class['puppetdb::server'], + } + + class { 'puppetdb::server': + database_host => $listen_address, + postgresql_ssl_on => false, + } +} diff --git a/site/profiles/manifests/puppet/puppetmaster.pp b/site/profiles/manifests/puppet/puppetmaster.pp index a835cc0..366317c 100644 --- a/site/profiles/manifests/puppet/puppetmaster.pp +++ b/site/profiles/manifests/puppet/puppetmaster.pp @@ -27,6 +27,7 @@ class profiles::puppet::puppetmaster { include profiles::puppet::g10k include profiles::puppet::enc include profiles::puppet::autosign + include puppetdb::master::config class { 'profiles::puppet::server': vardir => '/opt/puppetlabs/server/data/puppetserver', diff --git a/site/roles/manifests/puppet/puppetdb.pp b/site/roles/manifests/puppet/puppetdb.pp new file mode 100644 index 0000000..29ece76 --- /dev/null +++ b/site/roles/manifests/puppet/puppetdb.pp @@ -0,0 +1,7 @@ +# a role to deploy the puppetdb +# work in progress +class roles::puppet::puppetdb { + include profiles::defaults + include profiles::base + include profiles::puppet::puppetdb + } From 86a6c1bd96b9c38a0e8d4dcc7f65e0ddb9052ec8 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sat, 21 Oct 2023 23:52:48 +1100 Subject: [PATCH 6/6] feat: add sudo secure_path - update the sudo class from an include to a definition - set the secure_path variable to include /usr/local/{bin,sbin} --- site/profiles/manifests/base.pp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/site/profiles/manifests/base.pp b/site/profiles/manifests/base.pp index 23c0746..0f40f27 100644 --- a/site/profiles/manifests/base.pp +++ b/site/profiles/manifests/base.pp @@ -32,7 +32,9 @@ class profiles::base ( } # all hosts will have sudo applied - include sudo + class { 'sudo': + secure_path => '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/opt/puppetlabs/bin' + } # default users include profiles::accounts::sysadmin