unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

promote develop to master #6

Merged
unkinben merged 449 commits from develop into master 2024-06-01 14:48:48 +10:00
Conversation 0 Commits 449 Files Changed 291 +45 -76
18 changed files with 45 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 12ff053c6d - Show all commits

15
hieradata/common.yaml
View File

@ -1,9 +1,15 @@
--- ---
lookup_options: lookup_options:
profiles::packages::base::add: profiles::packages::install:
merge: merge:
strategy: deep strategy: deep
profiles::packages::base::remove: profiles::packages::install_exclude:
merge:
strategy: deep
profiles::packages::remove:
merge:
strategy: deep
profiles::packages::remove_exclude:
merge: merge:
strategy: deep strategy: deep
@ -22,13 +28,14 @@ profiles::base::puppet_servers:
profiles::dns::master::basedir: '/var/named/sources' profiles::dns::master::basedir: '/var/named/sources'
profiles::dns::base::ns_role: 'roles::infra::dns::resolver' profiles::dns::base::ns_role: 'roles::infra::dns::resolver'
profiles::packages::base::add: profiles::packages::install:
- bash-completion - bash-completion
- bzip2 - bzip2
- ccze - ccze
- curl - curl
- dstat - dstat
- gzip - gzip
- git
- htop - htop
- inotify-tools - inotify-tools
- iotop - iotop
@ -57,7 +64,7 @@ profiles::packages::base::add:
- zsh - zsh
- zstd - zstd
profiles::packages::base::remove: profiles::packages::remove:
- iwl100-firmware - iwl100-firmware
- iwl1000-firmware - iwl1000-firmware
- iwl105-firmware - iwl105-firmware

3
hieradata/roles/infra.yaml
View File

@ -1,4 +1,7 @@
--- ---
profiles::packages::install:
- policycoreutils
profiles::puppet::puppetdb::puppetdb_host: prodinf01n04.main.unkin.net profiles::puppet::puppetdb::puppetdb_host: prodinf01n04.main.unkin.net
profiles::puppet::puppetdb::postgres_host: prodinf01n05.main.unkin.net profiles::puppet::puppetdb::postgres_host: prodinf01n05.main.unkin.net
puppetdb::master::config::create_puppet_service_resource: false puppetdb::master::config::create_puppet_service_resource: false

3
hieradata/roles/infra/reposync/syncer.yaml
View File

@ -1,4 +1,7 @@
--- ---
profiles::packages::install:
- createrepo
profiles::reposync::repos_list: profiles::reposync::repos_list:
almalinux_8_9_baseos: almalinux_8_9_baseos:
repository: 'BaseOS' repository: 'BaseOS'

2
site/profiles/manifests/base.pp
View File

@ -25,7 +25,7 @@ class profiles::base (
} }
# include the base profiles # include the base profiles
include profiles::packages::base include profiles::packages
include profiles::base::facts include profiles::base::facts
include profiles::base::motd include profiles::base::motd
include profiles::base::scripts include profiles::base::scripts

23
site/profiles/manifests/packages.pp Normal file
View File

@ -0,0 +1,23 @@
# This class manages the installation of packages for the base profile
#
# Parameters:
# - $install: An array of package names to be installed
# - $remove: An array of package names to be removed
#
class profiles::packages (
Array $install = [],
Array $install_exclude = [],
Array $remove = [],
Array $remove_exclude = [],
) {
# Filter out excluded packages
$install_real = $install.filter |$item| { !$install_exclude.any |$exclude_item| { $exclude_item == $item } }
$remove_real = $remove.filter |$item| { !$remove_exclude.any |$exclude_item| { $exclude_item == $item } }
# Ensure packages to install are installed
ensure_packages($install_real, {'ensure' => 'present'})
# Ensure packages to remove are absent
ensure_packages($remove_real, {'ensure' => 'absent'})
}

21
site/profiles/manifests/packages/base.pp
View File

@ -1,21 +0,0 @@
# This class manages the installation of packages for the base profile
#
# Parameters:
# - $add: An array of package names to be installed
# - $remove: An array of package names to be removed
#
class profiles::packages::base (
Array $add = [],
Array $remove = [],
) {
# Ensure packages to add are installed
ensure_packages($add, {'ensure' => 'present'})
# Ensure packages to remove are absent
$remove.each |String $package| {
package { $package:
ensure => 'absent',
}
}
}

11
site/profiles/manifests/packages/git.pp
View File

@ -1,11 +0,0 @@
# installs git related packages
#
class profiles::packages::git (
Array[String] $packages = lookup('profiles::packages::git', Array, 'first', ['git']),
) {
$packages.each |String $package| {
package { $package:
ensure => installed,
}
}
}

11
site/profiles/manifests/packages/reposync.pp
View File

@ -1,11 +0,0 @@
# installs reposync related packages
#
class profiles::packages::reposync (
Array[String] $packages = lookup('profiles::packages::reposync', Array, 'first', ['createrepo']),
) {
$packages.each |String $package| {
package { $package:
ensure => installed,
}
}
}

11
site/profiles/manifests/packages/selinux.pp
View File

@ -1,11 +0,0 @@
# installs selinux related packages
#
class profiles::packages::selinux (
Array[String] $packages = lookup('profiles::packages::selinux', Array, 'first', ['policycoreutils']),
) {
$packages.each |String $package| {
package { $package:
ensure => installed,
}
}
}

2
site/profiles/manifests/puppet/enc.pp
View File

@ -39,8 +39,6 @@ class profiles::puppet::enc (
Boolean $force = false, Boolean $force = false,
) { ) {
include profiles::packages::git
vcsrepo { '/opt/puppetlabs/enc': vcsrepo { '/opt/puppetlabs/enc':
ensure => latest, ensure => latest,
provider => git, provider => git,

4
site/profiles/manifests/puppet/g10k.pp
View File

@ -36,9 +36,6 @@ class profiles::puppet::g10k (
String $environments_path, String $environments_path,
String $default_environment, String $default_environment,
){ ){
package { 'unzip':
ensure => installed,
}
archive { '/tmp/g10k.zip': archive { '/tmp/g10k.zip':
ensure => present, ensure => present,
@ -47,6 +44,7 @@ class profiles::puppet::g10k (
extract_path => '/opt/puppetlabs/bin', extract_path => '/opt/puppetlabs/bin',
creates => '/opt/puppetlabs/bin/g10k', creates => '/opt/puppetlabs/bin/g10k',
cleanup => true, cleanup => true,
require => Package['unzip']
} }
file { '/opt/puppetlabs/bin/puppet-g10k': file { '/opt/puppetlabs/bin/puppet-g10k':

2
site/profiles/manifests/puppet/r10k.pp
View File

@ -37,8 +37,6 @@ class profiles::puppet::r10k (
String $r10k_repo, String $r10k_repo,
){ ){
include profiles::packages::git
vcsrepo { '/etc/puppetlabs/r10k': vcsrepo { '/etc/puppetlabs/r10k':
ensure => latest, ensure => latest,
provider => git, provider => git,

2
site/profiles/manifests/reposync/autosyncer.pp
View File

@ -10,7 +10,7 @@ class profiles::reposync::autosyncer (
group => 'root', group => 'root',
mode => '0755', mode => '0755',
content => template('profiles/reposync/autosyncer.erb'), content => template('profiles/reposync/autosyncer.erb'),
require => Class['profiles::packages::reposync'], require => Package['createrepo'],
} }
# daily autosyncr service/timer # daily autosyncr service/timer

1
site/profiles/manifests/reposync/syncer.pp
View File

@ -1,7 +1,6 @@
# setup a reposync syncer # setup a reposync syncer
class profiles::reposync::syncer { class profiles::reposync::syncer {
include profiles::packages::reposync
include profiles::reposync::autosyncer include profiles::reposync::autosyncer
include profiles::reposync::autopromoter include profiles::reposync::autopromoter
include profiles::reposync::webserver include profiles::reposync::webserver

3
site/profiles/manifests/reposync/webserver.pp
View File

@ -40,9 +40,6 @@ class profiles::reposync::webserver (
if $::facts['os']['selinux']['config_mode'] == 'enforcing' { if $::facts['os']['selinux']['config_mode'] == 'enforcing' {
# include packages that are required
include profiles::packages::selinux
# set httpd_sys_content_t to all files under the www_root # set httpd_sys_content_t to all files under the www_root
selinux::fcontext { $www_root: selinux::fcontext { $www_root:
ensure => 'present', ensure => 'present',

2
site/profiles/manifests/selinux/mysqld.pp
View File

@ -7,8 +7,6 @@ class profiles::selinux::mysqld (
Boolean $selinuxuser_mysql_connect_enabled = true, Boolean $selinuxuser_mysql_connect_enabled = true,
String $selinux_mode = 'enforcing', String $selinux_mode = 'enforcing',
){ ){
# include packages that are required
include profiles::packages::selinux
# setenforce # setenforce
class { 'profiles::selinux::setenforce': class { 'profiles::selinux::setenforce':

2
site/profiles/manifests/selinux/nginx.pp
View File

@ -5,8 +5,6 @@ class profiles::selinux::nginx (
Boolean $httpd_can_network_connect = true, Boolean $httpd_can_network_connect = true,
String $selinux_mode = 'enforcing', String $selinux_mode = 'enforcing',
){ ){
# include packages that are required
include profiles::packages::selinux
# setenforce # setenforce
class { 'profiles::selinux::setenforce': class { 'profiles::selinux::setenforce':

3
site/profiles/manifests/selinux/setenforce.pp
View File

@ -3,7 +3,8 @@ class profiles::selinux::setenforce (
Enum['enforcing', 'permissive', 'disabled'] $mode = 'enforcing', Enum['enforcing', 'permissive', 'disabled'] $mode = 'enforcing',
) { ) {
class { 'selinux': class { 'selinux':
mode => $mode, mode => $mode,
require => Package['policycoreutils']
} }
} }