unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
f73d6f07ce
puppet-prod/site/profiles/manifests/puppet/server.pp
Ben Vincent f73d6f07ce fix: generate types as root (#375) 
- larger permission issue that needs fixing
- reduce the number of failed runs

Reviewed-on: #375
2025-08-09 13:30:12 +10:00

138 lines
4.6 KiB
Puppet
Raw Blame History

# Class: profiles::puppet::server
#
# This class manages Puppet server's configuration and service.
class profiles::puppet::server (
Stdlib::Absolutepath $vardir = '/opt/puppetlabs/server/data/puppetserver',
Stdlib::Absolutepath $logdir = '/var/log/puppetlabs/puppetserver',
Stdlib::Absolutepath $rundir = '/var/run/puppetlabs/puppetserver',
Stdlib::Absolutepath $pidfile = '/var/run/puppetlabs/puppetserver/puppetserver.pid',
Stdlib::Absolutepath $codedir = '/etc/puppetlabs/code',
Array[String] $dns_alt_names = [
$facts['networking']['fqdn'],
$facts['networking']['hostname'],
],
Stdlib::Fqdn $agent_server = 'puppetmaster',
Stdlib::Fqdn $report_server = $agent_server,
Stdlib::Fqdn $ca_server = 'puppetca',
String $node_terminus = 'exec',
String $external_nodes = '/opt/cobbler-enc/cobbler-enc',
String $default_environment = 'develop',
String $environment = 'develop',
Stdlib::Absolutepath $autosign = '/etc/puppetlabs/puppet/autosign.conf',
Stdlib::Absolutepath $default_manifest = "${codedir}/environments/${default_environment}/manifests",
String $reports = 'puppetdb',
Boolean $storeconfigs = true,
String $storeconfigs_backend = 'puppetdb',
Boolean $usecacheonfailure = false,
Boolean $report = true,
Integer $runinterval = 1800,
Integer $runtimeout = 3600,
Boolean $show_diff = true,
Integer $facts_soft_limit = 4096,
) {
# add a bool for if this host is a ca, used in the auth.conf file
$is_ca = hiera('profiles::puppet::puppetca::is_puppetca', false)
file { '/etc/puppetlabs/puppet/puppet.conf':
ensure => file,
owner => 'root',
group => 'root',
mode => '0644',
content => epp('profiles/puppet/server/puppet.conf.epp', {
'vardir' => $vardir,
'logdir' => $logdir,
'rundir' => $rundir,
'pidfile' => $pidfile,
'codedir' => $codedir,
'dns_alt_names' => join(sort($dns_alt_names), ','),
'server' => $agent_server,
'ca_server' => $ca_server,
'environment' => $environment,
'report' => $report,
'runinterval' => $runinterval,
'runtimeout' => $runtimeout,
'show_diff' => $show_diff,
'report_server' => $report_server,
'node_terminus' => $node_terminus,
'external_nodes' => $external_nodes,
'autosign' => $autosign,
'default_manifest' => $default_manifest,
'default_environment' => $default_environment,
'storeconfigs' => $storeconfigs,
'storeconfigs_backend' => $storeconfigs_backend,
'reports' => $reports,
'usecacheonfailure' => $usecacheonfailure,
'facts_soft_limit' => $facts_soft_limit,
}),
notify => Service['puppetserver'],
}
file { '/etc/puppetlabs/puppetserver/conf.d/auth.conf':
ensure => 'file',
content => template('profiles/puppet/server/auth.conf.erb'),
group => 'root',
owner => 'root',
mode => '0644',
notify => Service['puppetserver'],
}
service { 'puppetserver':
ensure => running,
enable => true,
hasstatus => true,
hasrestart => true,
}
# generate puppet types when restarting
systemd::manage_dropin { 'generate_types.conf':
ensure => absent,
unit => 'puppetserver.service',
service_entry => {
'ExecStartPost' => [
"/opt/puppetlabs/bin/puppet generate types --environmentpath ${codedir}/environments",
],
},
}
file { '/usr/local/bin/puppet_generate_types.sh':
ensure => file,
mode => '0755',
content => @("EOF")
#!/bin/bash
/opt/puppetlabs/bin/puppet generate types --environmentpath ${codedir}/environments
exit 0
| EOF
}
$_timer = @(EOT)
[Unit]
Description=puppet-generate-types timer
[Timer]
OnCalendar=*:0/1
RandomizedDelaySec=1s
[Install]
WantedBy=timers.target
EOT
$_service = @(EOT)
[Unit]
Description=puppet-generate-types service
[Service]
Type=oneshot
ExecStart=/usr/local/bin/puppet_generate_types.sh
User=root
Group=root
PermissionsStartOnly=false
PrivateTmp=no
EOT
systemd::timer { 'puppet-generate-types.timer':
timer_content => $_timer,
service_content => $_service,
active => true,
enable => true,
require => File['/usr/local/bin/puppet_generate_types.sh'],
}
}
Reference in New Issue View Git Blame Copy Permalink