# this is the base class, which will be used by all servers class profiles::base () { # run a limited set of classes on the first run aimed at bootstrapping the new node if $facts['firstrun'] { include profiles::firstrun::init }else{ # install the vault ca first include profiles::pki::vaultca # manage the puppet agent include profiles::puppet::agent include profiles::puppet::client # include the base profiles include profiles::base::repos include profiles::packages include profiles::base::motd include profiles::base::scripts include profiles::base::hosts include profiles::base::groups include profiles::accounts::root include profiles::accounts::sysadmin if $facts['virtual'] != 'lxc' { include profiles::ntp::client } include profiles::dns::base include profiles::pki::vault include profiles::ssh::sign include profiles::ssh::knownhosts include profiles::ssh::service include profiles::cloudinit::init include profiles::helpers::node_lookup include profiles::consul::client include victorialogs::client::journald # include the python class class { 'python': manage_python_package => true, manage_venv_package => true, manage_pip_package => true, use_epel => false, } # all hosts will have sudo applied class { 'sudo': secure_path => '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/opt/puppetlabs/bin' } # manage virtualised guest agents if $::facts['is_virtual'] and $::facts['dmi']['manufacturer'] == 'QEMU' { include profiles::qemu::agent } class { 'limits': purge_limits_d_dir => false, } # include classes from hiera $hiera_include = lookup('hiera_include', Array[String], 'unique', []) $hiera_exclude = lookup('hiera_exclude', Array[String], 'unique', []) ($hiera_include - $hiera_exclude).include # specifc ordering constraints Class['profiles::defaults'] -> Class['profiles::pki::vaultca'] -> Class['profiles::base::repos'] -> Class['profiles::packages'] } }