unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
90ce015d43
puppet-prod/site/profiles/manifests/base.pp
Ben Vincent ce12303576 feat: add firewall module 
- add nftables/ipset modules
- add custom firewall module
2024-11-03 03:32:20 +11:00

73 lines
2.1 KiB
Puppet
Raw Blame History

# this is the base class, which will be used by all servers
class profiles::base (
Array $puppet_servers,
) {
# run a limited set of classes on the first run aimed at bootstrapping the new node
if $facts['firstrun'] {
include profiles::firstrun::init
}else{
# install the vault ca first
include profiles::pki::vaultca
# manage the puppet agent
include profiles::puppet::agent
# manage puppet clients
if ! member($puppet_servers, $trusted['certname']) {
include profiles::puppet::client
}
# include the base profiles
include profiles::base::repos
include profiles::packages
include profiles::base::facts
include profiles::base::motd
include profiles::base::scripts
include profiles::base::hosts
include profiles::base::groups
include profiles::base::root
include profiles::accounts::sysadmin
include profiles::ntp::client
include profiles::dns::base
include profiles::pki::vault
include profiles::ssh::sign
include profiles::ssh::knownhosts
include profiles::cloudinit::init
include profiles::metrics::default
include profiles::helpers::node_lookup
include profiles::consul::client
include firewall
# include the python class
class { 'python':
manage_python_package => true,
manage_venv_package => true,
manage_pip_package => true,
use_epel => false,
}
# all hosts will have sudo applied
class { 'sudo':
secure_path => '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/opt/puppetlabs/bin'
}
# manage virtualised guest agents
if $::facts['is_virtual'] and $::facts['dmi']['manufacturer'] == 'QEMU' {
include profiles::qemu::agent
}
# include classes from hiera
$hiera_include = lookup('hiera_include', Array[String], 'unique', [])
$hiera_exclude = lookup('hiera_exclude', Array[String], 'unique', [])
($hiera_include - $hiera_exclude).include
# specifc ordering constraints
Class['profiles::defaults']
-> Class['profiles::pki::vaultca']
-> Class['profiles::base::repos']
-> Class['profiles::packages']
}
}
Reference in New Issue View Git Blame Copy Permalink