puppet-prod/site/profiles/manifests/base.pp

# this is the base class, which will be used by all servers
class profiles::base (
  Array  $puppet_servers,
) {

  case $facts['os']['family'] {
    'RedHat': {
      include profiles::yum::global
      include profiles::firewall::firewalld
    }
    'Debian': {
      include profiles::apt::global
    }
    default: {
      fail("Unsupported OS family ${facts['os']['family']}")
    }
  }

  # manage puppet clients
  if ! member($puppet_servers, $trusted['certname']) {
    include profiles::puppet::client
  }

  # include the base profiles
  include profiles::packages::base
  include profiles::base::facts
  include profiles::base::motd
  include profiles::base::scripts
  include profiles::base::hosts
  include profiles::accounts::sysadmin
  include profiles::ntp::client

  # include the python class
  class { 'python':
    manage_python_package => true,
    manage_venv_package   => true,
    manage_pip_package    => true,
    use_epel              => false,
  }

  # all hosts will have sudo applied
  class { 'sudo':
    secure_path => '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/opt/puppetlabs/bin'
  }

}