2025-10-18 19:11:39 +11:00
9 changed files with 62 additions and 38 deletions
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@ -176,9 +176,6 @@ profiles::ntp::client::peers:
  - 2.au.pool.ntp.org
  - 3.au.pool.ntp.org
 profiles::base::puppet_servers:
  - 'prodinf01n01.main.unkin.net'
 consul::install_method: 'package'
 consul::manage_repo: false
 consul::bin_dir: /usr/bin
--- a/hieradata/os/AlmaLinux/all_releases.yaml
+++ b/hieradata/os/AlmaLinux/all_releases.yaml
@ -3,7 +3,8 @@
 profiles::firewall::firewalld::ensure_package: 'absent'
 profiles::firewall::firewalld::ensure_service: 'stopped'
 profiles::firewall::firewalld::enable_service: false
-profiles::puppet::agent::puppet_version: '7.34.0'
+profiles::puppet::agent::version: '7.37.2'
 profiles::puppet::agent::openvox_enable: true
 hiera_include:
  - profiles::almalinux::base
@ -53,13 +54,6 @@ profiles::yum::global::repos:
    baseurl: https://packagerepo.service.consul/epel/%{facts.os.release.major}/everything-daily/%{facts.os.architecture}/os/
    gpgkey: https://packagerepo.service.consul/epel/%{facts.os.release.major}/everything-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-EPEL-%{facts.os.release.major}
    mirrorlist: absent
  puppet:
    name: puppet
    descr: puppet repository
    target: /etc/yum.repos.d/puppet.repo
    baseurl: https://packagerepo.service.consul/puppet7/el/%{facts.os.release.major}-daily/%{facts.os.architecture}/os/
    gpgkey: https://packagerepo.service.consul/puppet7/el/%{facts.os.release.major}-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-puppet-20250406
    mirrorlist: absent
  unkinben:
    name: unkinben
    descr: unkinben repository
--- a/hieradata/os/Debian/Debian11.yaml
+++ b/hieradata/os/Debian/Debian11.yaml
@ -11,4 +11,4 @@ profiles::apt::components:
  - main
  - non-free
-profiles::puppet::agent::puppet_version: '7.25.0-1bullseye'
+profiles::puppet::agent::version: '7.25.0-1bullseye'
--- a/hieradata/os/Debian/Debian12.yaml
+++ b/hieradata/os/Debian/Debian12.yaml
@ -12,4 +12,4 @@ profiles::apt::components:
  - non-free
  - non-free-firmware
-profiles::puppet::agent::puppet_version: 'latest'
+profiles::puppet::agent::version: 'latest'
--- a/hieradata/roles/infra/puppet/master.yaml
+++ b/hieradata/roles/infra/puppet/master.yaml
@ -19,6 +19,11 @@ profiles::puppet::autosign::domains:
 # profiles::puppet::autosign::nodes:
 #  - 'somenode.main.unkin.net'
 # not ready to migrate puppet masters yet
 profiles::puppet::agent::version: '7.34.0'
 profiles::puppet::agent::openvox_enable: false
 profiles::puppet::cobbler_enc::cobbler_scheme: https
 profiles::puppet::cobbler_enc::cobbler_hostname: cobbler.main.unkin.net
 profiles::puppet::cobbler_enc::version: 'system'
--- a/site/profiles/manifests/base.pp
+++ b/site/profiles/manifests/base.pp
@ -1,7 +1,5 @@
 # this is the base class, which will be used by all servers
-class profiles::base (
+class profiles::base () {
  Array  $puppet_servers,
 ) {
  # run a limited set of classes on the first run aimed at bootstrapping the new node
  if $facts['firstrun'] {
@ -13,11 +11,7 @@ class profiles::base (
    # manage the puppet agent
    include profiles::puppet::agent
-
+    include profiles::puppet::client
    # manage puppet clients
    if ! member($puppet_servers, $trusted['certname']) {
      include profiles::puppet::client
    }
    # include the base profiles
    include profiles::base::repos
--- a/site/profiles/manifests/defaults.pp
+++ b/site/profiles/manifests/defaults.pp
@ -11,6 +11,7 @@ class profiles::defaults {
    ensure  => present,
    require => [
      Class['profiles::base::repos'],
      Exec['dnf_makecache'],
    ]
  }
--- a/site/profiles/manifests/puppet/agent.pp
+++ b/site/profiles/manifests/puppet/agent.pp
@ -1,37 +1,68 @@
 # profiles::puppet::agent
 # This class manages Puppet agent package and service.
 class profiles::puppet::agent (
-  String $puppet_version      = 'latest',
+  String  $version        = 'latest',
  Boolean $openvox_enable = false,
 ) {
-  # if puppet-version is anything other than latest, set a versionlock
+  # set openvox package, yumrepo, service
-  $puppet_versionlock_ensure = $puppet_version ? {
+  if $openvox_enable {
    $use_package = 'openvox-agent'
    $use_yumrepo = 'openvox'
    $use_service = 'puppet'
  }else{
    $use_package = 'puppet-agent'
    $use_yumrepo = 'puppet'
    $use_service = 'puppet'
  }
  # manage the yumrepo for the given package
  if $openvox_enable and $facts['os']['family'] == 'RedHat' {
    yumrepo { 'openvox':
      ensure  => 'present',
      baseurl => "https://packagerepo.service.consul/openvox7/el/${facts['os']['release']['major']}-daily/${facts['os']['architecture']}/os/",
      descr   => 'openvox repository',
      gpgkey  => "https://packagerepo.service.consul/openvox7/el/${facts['os']['release']['major']}-daily/${facts['os']['architecture']}/os/GPG-KEY-openvox.pub",
      notify  => Exec['dnf_makecache'],
    }
  }else{
    yumrepo { 'puppet':
      ensure  => 'present',
      baseurl => "https://packagerepo.service.consul/puppet7/el/${facts['os']['release']['major']}-daily/${facts['os']['architecture']}/os/",
      descr   => 'puppet repository',
      gpgkey  => "https://packagerepo.service.consul/puppet7/el/${facts['os']['release']['major']}-daily/${facts['os']['architecture']}/os/RPM-GPG-KEY-puppet-20250406",
      notify  => Exec['dnf_makecache'],
    }
  }
  # if agent-version is anything other than latest, set a versionlock
  $agent_versionlock_ensure = $version ? {
    'latest' => 'absent',
    default  => 'present',
  }
-  $puppet_versionlock_version = $puppet_version ? {
+  $agent_versionlock_version = $version ? {
    'latest' => undef,
-    default  => $puppet_version,
+    default  => $version,
  }
  case $facts['os']['family'] {
    'RedHat': {
-      # Ensure the puppet-agent package is installed and locked to a specific version
+      # Ensure the agent package is installed and locked to a specific version
-      package { 'puppet-agent':
+      package { $use_package:
-        ensure  => $puppet_version,
+        ensure  => $version,
-        require => Yumrepo['puppet'],
+        require => Yumrepo[$use_yumrepo],
      }
      # versionlock puppet-agent
-      yum::versionlock{'puppet-agent':
+      yum::versionlock{$use_package:
-        ensure  => $puppet_versionlock_ensure,
+        ensure  => $agent_versionlock_ensure,
-        version => $puppet_versionlock_version,
+        version => $agent_versionlock_version,
      }
    }
    'Debian': {
      # Ensure the puppet-agent package is installed and locked to a specific version
-      package { 'puppet-agent':
+      package { $use_package:
-        ensure  => $puppet_version,
+        ensure  => $version,
        require => Class['profiles::apt::puppet7'],
      }
    }
@ -39,12 +70,11 @@ class profiles::puppet::agent (
  }
  # Ensure the puppet service is running
-  service { 'puppet':
+  service { $use_service:
    ensure     => 'running',
    enable     => true,
    hasrestart => true,
-    require    => Package['puppet-agent'],
+    require    => Package[$use_package],
  }
 }
--- a/site/profiles/manifests/yum/global.pp
+++ b/site/profiles/manifests/yum/global.pp
@ -55,4 +55,7 @@ class profiles::yum::global (
  # setup dnf-autoupdate
  include profiles::yum::autoupdater
  # ensure dnf makecache runs before packages
  Yumrepo <| |> -> Exec['dnf_makecache'] -> Package <| |>
 }