feat: migrate puppet-agent to openvox #408
@ -176,9 +176,6 @@ profiles::ntp::client::peers:
|
|||||||
- 2.au.pool.ntp.org
|
- 2.au.pool.ntp.org
|
||||||
- 3.au.pool.ntp.org
|
- 3.au.pool.ntp.org
|
||||||
|
|
||||||
profiles::base::puppet_servers:
|
|
||||||
- 'prodinf01n01.main.unkin.net'
|
|
||||||
|
|
||||||
consul::install_method: 'package'
|
consul::install_method: 'package'
|
||||||
consul::manage_repo: false
|
consul::manage_repo: false
|
||||||
consul::bin_dir: /usr/bin
|
consul::bin_dir: /usr/bin
|
||||||
|
|||||||
@ -3,7 +3,8 @@
|
|||||||
profiles::firewall::firewalld::ensure_package: 'absent'
|
profiles::firewall::firewalld::ensure_package: 'absent'
|
||||||
profiles::firewall::firewalld::ensure_service: 'stopped'
|
profiles::firewall::firewalld::ensure_service: 'stopped'
|
||||||
profiles::firewall::firewalld::enable_service: false
|
profiles::firewall::firewalld::enable_service: false
|
||||||
profiles::puppet::agent::puppet_version: '7.34.0'
|
profiles::puppet::agent::version: '7.37.2'
|
||||||
|
profiles::puppet::agent::openvox_enable: true
|
||||||
|
|
||||||
hiera_include:
|
hiera_include:
|
||||||
- profiles::almalinux::base
|
- profiles::almalinux::base
|
||||||
@ -53,13 +54,6 @@ profiles::yum::global::repos:
|
|||||||
baseurl: https://packagerepo.service.consul/epel/%{facts.os.release.major}/everything-daily/%{facts.os.architecture}/os/
|
baseurl: https://packagerepo.service.consul/epel/%{facts.os.release.major}/everything-daily/%{facts.os.architecture}/os/
|
||||||
gpgkey: https://packagerepo.service.consul/epel/%{facts.os.release.major}/everything-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-EPEL-%{facts.os.release.major}
|
gpgkey: https://packagerepo.service.consul/epel/%{facts.os.release.major}/everything-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-EPEL-%{facts.os.release.major}
|
||||||
mirrorlist: absent
|
mirrorlist: absent
|
||||||
puppet:
|
|
||||||
name: puppet
|
|
||||||
descr: puppet repository
|
|
||||||
target: /etc/yum.repos.d/puppet.repo
|
|
||||||
baseurl: https://packagerepo.service.consul/puppet7/el/%{facts.os.release.major}-daily/%{facts.os.architecture}/os/
|
|
||||||
gpgkey: https://packagerepo.service.consul/puppet7/el/%{facts.os.release.major}-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-puppet-20250406
|
|
||||||
mirrorlist: absent
|
|
||||||
unkinben:
|
unkinben:
|
||||||
name: unkinben
|
name: unkinben
|
||||||
descr: unkinben repository
|
descr: unkinben repository
|
||||||
|
|||||||
@ -11,4 +11,4 @@ profiles::apt::components:
|
|||||||
- main
|
- main
|
||||||
- non-free
|
- non-free
|
||||||
|
|
||||||
profiles::puppet::agent::puppet_version: '7.25.0-1bullseye'
|
profiles::puppet::agent::version: '7.25.0-1bullseye'
|
||||||
|
|||||||
@ -12,4 +12,4 @@ profiles::apt::components:
|
|||||||
- non-free
|
- non-free
|
||||||
- non-free-firmware
|
- non-free-firmware
|
||||||
|
|
||||||
profiles::puppet::agent::puppet_version: 'latest'
|
profiles::puppet::agent::version: 'latest'
|
||||||
|
|||||||
@ -19,6 +19,11 @@ profiles::puppet::autosign::domains:
|
|||||||
# profiles::puppet::autosign::nodes:
|
# profiles::puppet::autosign::nodes:
|
||||||
# - 'somenode.main.unkin.net'
|
# - 'somenode.main.unkin.net'
|
||||||
|
|
||||||
|
# not ready to migrate puppet masters yet
|
||||||
|
profiles::puppet::agent::version: '7.34.0'
|
||||||
|
profiles::puppet::agent::openvox_enable: false
|
||||||
|
|
||||||
|
|
||||||
profiles::puppet::cobbler_enc::cobbler_scheme: https
|
profiles::puppet::cobbler_enc::cobbler_scheme: https
|
||||||
profiles::puppet::cobbler_enc::cobbler_hostname: cobbler.main.unkin.net
|
profiles::puppet::cobbler_enc::cobbler_hostname: cobbler.main.unkin.net
|
||||||
profiles::puppet::cobbler_enc::version: 'system'
|
profiles::puppet::cobbler_enc::version: 'system'
|
||||||
|
|||||||
@ -1,7 +1,5 @@
|
|||||||
# this is the base class, which will be used by all servers
|
# this is the base class, which will be used by all servers
|
||||||
class profiles::base (
|
class profiles::base () {
|
||||||
Array $puppet_servers,
|
|
||||||
) {
|
|
||||||
|
|
||||||
# run a limited set of classes on the first run aimed at bootstrapping the new node
|
# run a limited set of classes on the first run aimed at bootstrapping the new node
|
||||||
if $facts['firstrun'] {
|
if $facts['firstrun'] {
|
||||||
@ -13,11 +11,7 @@ class profiles::base (
|
|||||||
|
|
||||||
# manage the puppet agent
|
# manage the puppet agent
|
||||||
include profiles::puppet::agent
|
include profiles::puppet::agent
|
||||||
|
include profiles::puppet::client
|
||||||
# manage puppet clients
|
|
||||||
if ! member($puppet_servers, $trusted['certname']) {
|
|
||||||
include profiles::puppet::client
|
|
||||||
}
|
|
||||||
|
|
||||||
# include the base profiles
|
# include the base profiles
|
||||||
include profiles::base::repos
|
include profiles::base::repos
|
||||||
|
|||||||
@ -11,6 +11,7 @@ class profiles::defaults {
|
|||||||
ensure => present,
|
ensure => present,
|
||||||
require => [
|
require => [
|
||||||
Class['profiles::base::repos'],
|
Class['profiles::base::repos'],
|
||||||
|
Exec['dnf_makecache'],
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -1,37 +1,68 @@
|
|||||||
# profiles::puppet::agent
|
# profiles::puppet::agent
|
||||||
# This class manages Puppet agent package and service.
|
# This class manages Puppet agent package and service.
|
||||||
class profiles::puppet::agent (
|
class profiles::puppet::agent (
|
||||||
String $puppet_version = 'latest',
|
String $version = 'latest',
|
||||||
|
Boolean $openvox_enable = false,
|
||||||
) {
|
) {
|
||||||
|
|
||||||
# if puppet-version is anything other than latest, set a versionlock
|
# set openvox package, yumrepo, service
|
||||||
$puppet_versionlock_ensure = $puppet_version ? {
|
if $openvox_enable {
|
||||||
|
$use_package = 'openvox-agent'
|
||||||
|
$use_yumrepo = 'openvox'
|
||||||
|
$use_service = 'puppet'
|
||||||
|
}else{
|
||||||
|
$use_package = 'puppet-agent'
|
||||||
|
$use_yumrepo = 'puppet'
|
||||||
|
$use_service = 'puppet'
|
||||||
|
}
|
||||||
|
|
||||||
|
# manage the yumrepo for the given package
|
||||||
|
if $openvox_enable and $facts['os']['family'] == 'RedHat' {
|
||||||
|
yumrepo { 'openvox':
|
||||||
|
ensure => 'present',
|
||||||
|
baseurl => "https://packagerepo.service.consul/openvox7/el/${facts['os']['release']['major']}-daily/${facts['os']['architecture']}/os/",
|
||||||
|
descr => 'openvox repository',
|
||||||
|
gpgkey => "https://packagerepo.service.consul/openvox7/el/${facts['os']['release']['major']}-daily/${facts['os']['architecture']}/os/GPG-KEY-openvox.pub",
|
||||||
|
notify => Exec['dnf_makecache'],
|
||||||
|
}
|
||||||
|
}else{
|
||||||
|
yumrepo { 'puppet':
|
||||||
|
ensure => 'present',
|
||||||
|
baseurl => "https://packagerepo.service.consul/puppet7/el/${facts['os']['release']['major']}-daily/${facts['os']['architecture']}/os/",
|
||||||
|
descr => 'puppet repository',
|
||||||
|
gpgkey => "https://packagerepo.service.consul/puppet7/el/${facts['os']['release']['major']}-daily/${facts['os']['architecture']}/os/RPM-GPG-KEY-puppet-20250406",
|
||||||
|
notify => Exec['dnf_makecache'],
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# if agent-version is anything other than latest, set a versionlock
|
||||||
|
$agent_versionlock_ensure = $version ? {
|
||||||
'latest' => 'absent',
|
'latest' => 'absent',
|
||||||
default => 'present',
|
default => 'present',
|
||||||
}
|
}
|
||||||
$puppet_versionlock_version = $puppet_version ? {
|
$agent_versionlock_version = $version ? {
|
||||||
'latest' => undef,
|
'latest' => undef,
|
||||||
default => $puppet_version,
|
default => $version,
|
||||||
}
|
}
|
||||||
|
|
||||||
case $facts['os']['family'] {
|
case $facts['os']['family'] {
|
||||||
'RedHat': {
|
'RedHat': {
|
||||||
# Ensure the puppet-agent package is installed and locked to a specific version
|
# Ensure the agent package is installed and locked to a specific version
|
||||||
package { 'puppet-agent':
|
package { $use_package:
|
||||||
ensure => $puppet_version,
|
ensure => $version,
|
||||||
require => Yumrepo['puppet'],
|
require => Yumrepo[$use_yumrepo],
|
||||||
}
|
}
|
||||||
|
|
||||||
# versionlock puppet-agent
|
# versionlock puppet-agent
|
||||||
yum::versionlock{'puppet-agent':
|
yum::versionlock{$use_package:
|
||||||
ensure => $puppet_versionlock_ensure,
|
ensure => $agent_versionlock_ensure,
|
||||||
version => $puppet_versionlock_version,
|
version => $agent_versionlock_version,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
'Debian': {
|
'Debian': {
|
||||||
# Ensure the puppet-agent package is installed and locked to a specific version
|
# Ensure the puppet-agent package is installed and locked to a specific version
|
||||||
package { 'puppet-agent':
|
package { $use_package:
|
||||||
ensure => $puppet_version,
|
ensure => $version,
|
||||||
require => Class['profiles::apt::puppet7'],
|
require => Class['profiles::apt::puppet7'],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -39,12 +70,11 @@ class profiles::puppet::agent (
|
|||||||
}
|
}
|
||||||
|
|
||||||
# Ensure the puppet service is running
|
# Ensure the puppet service is running
|
||||||
service { 'puppet':
|
service { $use_service:
|
||||||
ensure => 'running',
|
ensure => 'running',
|
||||||
enable => true,
|
enable => true,
|
||||||
hasrestart => true,
|
hasrestart => true,
|
||||||
require => Package['puppet-agent'],
|
require => Package[$use_package],
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -55,4 +55,7 @@ class profiles::yum::global (
|
|||||||
# setup dnf-autoupdate
|
# setup dnf-autoupdate
|
||||||
include profiles::yum::autoupdater
|
include profiles::yum::autoupdater
|
||||||
|
|
||||||
|
# ensure dnf makecache runs before packages
|
||||||
|
Yumrepo <| |> -> Exec['dnf_makecache'] -> Package <| |>
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user