2024-06-01 14:48:48 +10:00
8 changed files with 105 additions and 12 deletions
--- a/hiera.yaml
+++ b/hiera.yaml
@ -5,10 +5,14 @@ defaults:
  data_hash: "yaml_data"
 hierarchy:
  - name: Node-specific data
-    path: "nodes/%{trusted.certname}.yaml"
+    paths:
-  - name: "Per-OS & Release Specific Data"
+      - "nodes/%{trusted.certname}.yaml"
-    path: "os/%{facts.os.name}/%{facts.os.name}%{facts.os.release.major}.yaml"
+  - name: Role-specific data
-  - name: "Per-OS Specific Data"
+    paths:
-    path: "os/%{facts.os.name}/all_releases.yaml"
+      - "%{facts.enc_role_path}.yaml"
  - name: "OS Related"
    paths:
      - "os/%{facts.os.name}/%{facts.os.name}%{facts.os.release.major}.yaml"
      - "os/%{facts.os.name}/all_releases.yaml"
  - name: Common data shared across nodes
    path: "common.yaml"
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@ -1,7 +1,7 @@
 ---
-profiles::base::ntp_servers:
+profiles::ntp::client::peers:
-  - 0.au.pool.ntp.org
+  - ntp01.main.unkin.net
-  - 1.au.pool.ntp.org
+  - ntp02.main.unkin.net
 profiles::base::puppet_servers:
  - 'prodinf01n01.main.unkin.net'
@ -116,6 +116,16 @@ profiles::base::hosts::additional_hosts:
    hostname: prodinf01n06.main.unkin.net
    aliases:
      - prodinf01n06
  - ip: 198.18.17.9
    hostname: prodinf01n09.main.unkin.net
    aliases:
      - prodinf01n09
      - ntp01.main.unkin.net
  - ip: 198.18.17.10
    hostname: prodinf01n10.main.unkin.net
    aliases:
      - prodinf01n10
      - ntp02.main.unkin.net
  - ip: 198.18.17.22
    hostname: prodinf01n22.main.unkin.net
    aliases:
--- a/hieradata/roles/infra/ntpserver.yaml
+++ b/hieradata/roles/infra/ntpserver.yaml
@ -0,0 +1,10 @@
 ---
 profiles::ntp::client::client_only: false
 profiles::ntp::server::allowquery:
  - '198.18.17.0/24'
 profiles::ntp::server::peers:
  - '0.au.pool.ntp.org'
  - '1.au.pool.ntp.org'
  - '2.au.pool.ntp.org'
  - '3.au.pool.ntp.org'
--- a/site/profiles/manifests/base.pp
+++ b/site/profiles/manifests/base.pp
@ -1,11 +1,8 @@
 # this is the base class, which will be used by all servers
 class profiles::base (
  Array  $ntp_servers,
  Array  $puppet_servers,
 ) {
-  class { 'chrony':
+
    servers => $ntp_servers,
  }
  case $facts['os']['family'] {
    'RedHat': {
      include profiles::yum::global
@ -31,6 +28,7 @@ class profiles::base (
  include profiles::base::scripts
  include profiles::base::hosts
  include profiles::accounts::sysadmin
  include profiles::ntp::client
  # include the python class
  class { 'python':
--- a/site/profiles/manifests/ntp/client.pp
+++ b/site/profiles/manifests/ntp/client.pp
@ -0,0 +1,30 @@
 # setup an ntp client using chrony
 # use exported resources from profiles::ntp::server if they are available
 class profiles::ntp::client (
  Array     $peers,
  Boolean   $wait_enable = true,
  Enum[
    'running',
    'stopped'
  ]         $wait_ensure = 'running',
  Boolean   $client_only = true,
 ) {
  # If $client_only, setup a client. Servers are set to false so that they are configured
  # through the profiles::ntp::server class.
  if $client_only {
    # Define the client configuration based on OS family
    if $facts['os']['family'] == 'RedHat' {
      class { 'chrony':
        servers     => $peers,
        wait_enable => $wait_enable,
        wait_ensure => $wait_ensure,
      }
    } else {
      class { 'chrony':
        servers    => $peers,
      }
    }
  }
 }
--- a/site/profiles/manifests/ntp/server.pp
+++ b/site/profiles/manifests/ntp/server.pp
@ -0,0 +1,34 @@
 # chronyd server class with exported resources
 class profiles::ntp::server (
  Array[Variant[
    Stdlib::IP::Address::V4,
    Stdlib::IP::Address::V4::CIDR
  ]]                  $allowquery = ['127.0.0.1'],
  Array[Stdlib::Host] $peers = [
    '0.pool.ntp.org',
    '1.pool.ntp.org',
    '2.pool.ntp.org',
    '3.pool.ntp.org'
  ],
  Boolean             $wait_enable = true,
  Enum[
    'running',
    'stopped'
  ]                   $wait_ensure = 'running',
 ){
  # define the server
  if $facts['os']['family'] == 'RedHat' {
    class { 'chrony':
      servers     => $peers,
      queryhosts  => $allowquery,
      wait_enable => $wait_enable,
      wait_ensure => $wait_ensure,
    }
  } else {
    class { 'chrony':
      servers    => $peers,
      queryhosts => $allowquery,
    }
  }
 }
--- a/site/profiles/templates/base/facts/enc_role.erb
+++ b/site/profiles/templates/base/facts/enc_role.erb
@ -1 +1,2 @@
 enc_role=<%= @enc_role[0] %>
 enc_role=<%= @enc_role[0].gsub('::', '/') %>
--- a/site/roles/manifests/infra/ntpserver.pp
+++ b/site/roles/manifests/infra/ntpserver.pp
@ -0,0 +1,6 @@
 # a role to deploy a ntp server
 class roles::infra::ntpserver {
  include profiles::defaults
  include profiles::base
  include profiles::ntp::server
 }
`@ -1 +1,2 @@`
	`enc_role=<%= @enc_role[0] %>`	`enc_role=<%= @enc_role[0] %>`
		`enc_role=<%= @enc_role[0].gsub('::', '/') %>`