# this is the base class, which will be used by all servers class profiles::base ( Array $puppet_servers, ) { # run a limited set of classes on the first run aimed at bootstrapping the new node if $facts['firstrun'] { include profiles::firstrun::init }else{ # install the vault ca first include profiles::pki::vaultca # manage the puppet agent include profiles::puppet::agent # manage puppet clients if ! member($puppet_servers, $trusted['certname']) { include profiles::puppet::client } # include the base profiles include profiles::base::repos include profiles::packages include profiles::base::facts include profiles::base::motd include profiles::base::scripts include profiles::base::hosts include profiles::base::groups include profiles::base::root include profiles::accounts::sysadmin include profiles::ntp::client include profiles::dns::base include profiles::pki::vault include profiles::ssh::sign include profiles::ssh::knownhosts include profiles::cloudinit::init include profiles::metrics::default include profiles::helpers::node_lookup include profiles::consul::client include firewall # include the python class class { 'python': manage_python_package => true, manage_venv_package => true, manage_pip_package => true, use_epel => false, } # all hosts will have sudo applied class { 'sudo': secure_path => '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/opt/puppetlabs/bin' } # manage virtualised guest agents if $::facts['is_virtual'] and $::facts['dmi']['manufacturer'] == 'QEMU' { include profiles::qemu::agent } # include classes from hiera $hiera_include = lookup('hiera_include', Array[String], 'unique', []) $hiera_exclude = lookup('hiera_exclude', Array[String], 'unique', []) ($hiera_include - $hiera_exclude).include # specifc ordering constraints Class['profiles::defaults'] -> Class['profiles::pki::vaultca'] -> Class['profiles::base::repos'] -> Class['profiles::packages'] } }