feat: complete cobbler automation

- add facts to manage the /var/www/cobbler and /data/cobbler directories - move /var/www/cobbler -> /data/cobbler - create symlink from /var/www/cobbler -> /data/cobbler - ensure that cobbler nodes are set to permissive selinux mode
2024-05-09 19:47:01 +10:00 · 2024-05-09 19:47:01 +10:00 · fee0bde604
commit fee0bde604
parent 72077d64a2
7 changed files with 62 additions and 0 deletions
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@ -98,6 +98,7 @@ facts_path: '/opt/puppetlabs/facter/facts.d'

 hiera_classes:
  - timezone
+  - profiles::selinux::setenforce

 profiles::ntp::client::ntp_role: 'roles::infra::ntp::server'
 profiles::ntp::client::use_ntp: 'region'
--- a/hieradata/roles/infra/cobbler/server.yaml
+++ b/hieradata/roles/infra/cobbler/server.yaml
@ -15,3 +15,4 @@ profiles::pki::vault::alt_names:
  - cobbler.main.unkin.net

 profiles::cobbler::params::service_cname: 'cobbler.main.unkin.net'
+profiles::selinux::setenforce::mode: permissive
--- a/modules/libs/lib/facter/cobbler_data_dir_exists.rb
+++ b/modules/libs/lib/facter/cobbler_data_dir_exists.rb
@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+Facter.add('cobbler_data_dir_exists') do
+  confine enc_role: 'roles::infra::cobbler::server'
+  setcode do
+    File.exist?('/data/cobbler')
+  end
+end
--- a/modules/libs/lib/facter/cobbler_var_www_exists.rb
+++ b/modules/libs/lib/facter/cobbler_var_www_exists.rb
@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+Facter.add('cobbler_var_www_exists') do
+  confine enc_role: 'roles::infra::cobbler::server'
+  setcode do
+    File.exist?('/var/www/cobbler')
+  end
+end
--- a/modules/libs/lib/facter/cobbler_var_www_islink.rb
+++ b/modules/libs/lib/facter/cobbler_var_www_islink.rb
@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+Facter.add('cobbler_var_www_islink') do
+  confine enc_role: 'roles::infra::cobbler::server'
+  setcode do
+    File.exist?('/var/www/cobbler') and File.symlink?('/var/www/cobbler')
+  end
+end
--- a/site/profiles/manifests/cobbler/install.pp
+++ b/site/profiles/manifests/cobbler/install.pp
@ -6,4 +6,29 @@ class profiles::cobbler::install {
  $packages = $profiles::cobbler::params::packages

  ensure_packages($packages, { ensure => 'present' })
+
+  # move the /var/www/cobbler directory to /data/cobbler
+  if ! $facts['cobbler_var_www_islink'] and ! $facts['cobbler_data_exists'] {
+    exec {'move_cobbler_data':
+      command => 'mv /var/www/cobbler /data/cobbler',
+      onlyif  => 'test -d /var/www/cobbler',
+      path    => ['/bin', '/usr/bin'],
+      before  => Service['cobblerd'],
+    }
+    file { '/var/www/cobbler':
+      ensure  => 'link',
+      target  => '/data/cobbler',
+      require => Exec['move_cobbler_data'],
+      before  => Service['httpd'],
+      notify  => Service['httpd'],
+    }
+  }
+  if ! $facts['cobbler_var_www_exists'] and $facts['cobbler_data_exists'] {
+    file { '/var/www/cobbler':
+      ensure => 'link',
+      target => '/data/cobbler',
+      before => Service['httpd'],
+      notify => Service['httpd'],
+    }
+  }
 }
--- a/site/profiles/manifests/cobbler/selinux.pp
+++ b/site/profiles/manifests/cobbler/selinux.pp
@ -26,6 +26,11 @@ class profiles::cobbler::selinux inherits profiles::cobbler::params {
      seltype  => 'cobbler_var_lib_t',
      pathspec => "${tftpboot_path}(/.*)?",
    }
+    selinux::fcontext { '/data/cobbler':
+      ensure   => 'present',
+      seltype  => 'cobbler_var_lib_t',
+      pathspec => '/data/cobbler(/.*)?',
+    }

    exec { "restorecon_${tftpboot_path}":
      path        => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
@ -33,5 +38,11 @@ class profiles::cobbler::selinux inherits profiles::cobbler::params {
      refreshonly => true,
      subscribe   => Selinux::Fcontext[$tftpboot_path],
    }
+    exec { 'restorecon_/data/cobbler':
+      path        => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
+      command     => 'restorecon -Rv /data/cobbler',
+      refreshonly => true,
+      subscribe   => Selinux::Fcontext['/data/cobbler'],
+    }
  }
 }