feat: add puppet-initial package

- deploy the puppet-initial service
- deploy the puppet-initial script
- prepare puppet service for puppet-initial
- ensure cert installed

rpms/puppet-initial/1.0.1/release

@@ -0,0 +1 @@
+1

rpms/puppet-initial/Dockerfile

@@ -0,0 +1,19 @@
+# Start with the AlmaLinux 8.10 base image
+FROM git.query.consul/unkin/almalinux9-rpmbuilder:latest
+
+# Create output directory for RPMs
+RUN mkdir -p /app/dist
+
+# Set working directory
+WORKDIR /app
+
+ARG PACKAGE_RELEASE
+ENV PACKAGE_RELEASE=${PACKAGE_RELEASE}
+ARG PACKAGE_VERSION
+ENV PACKAGE_VERSION=${PACKAGE_VERSION}
+
+COPY scripts /app/scripts
+COPY resources /app/resources
+
+# Default command to build RPMs
+CMD /app/scripts/build-packages.sh

rpms/puppet-initial/resources/nfpm.yaml

@@ -0,0 +1,41 @@
+# nfpm.yaml
+
+name: puppet-initial
+version: ${PACKAGE_VERSION}
+release: ${PACKAGE_RELEASE}
+arch: amd64
+platform: linux
+section: default
+priority: extra
+description: "A script and service to initialise puppet for the unkin environmnet."
+
+maintainer: UNKIN
+license: MIT
+
+disable_globbing: false
+
+depends:
+  - unkin-ca-certificates
+  - puppet-agent
+
+# Files to include in the package
+contents:
+  - src: /app/resources/puppet-initial
+    dst: /usr/local/bin/puppet-initial
+    file_info:
+      mode: 0755
+      owner: root
+      group: root
+  - src: /app/resources/puppet-initial.service
+    dst: /usr/lib/systemd/system/puppet-initial.service
+    file_info:
+      mode: 0644
+      owner: root
+      group: root
+
+# Scripts to run during installation/removal (optional)
+scripts:
+  postinstall: ./scripts/postinstall.sh
+  preremove: ./scripts/preremove.sh
+  postremove: ./scripts/postremove.sh
+  preinstall: ./scripts/preinstall.sh

rpms/puppet-initial/resources/puppet-initial

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+# Install CA for Puppet
+test -f /etc/puppetlabs/puppet/ssl/certs/ca.pem || mkdir -p /etc/puppetlabs/puppet/ssl/certs && wget --no-check-certificate https://puppetca.query.consul:8140/puppet-ca/v1/certificate/ca -O /etc/puppetlabs/puppet/ssl/certs/ca.pem
+
+# Registering to Puppet server
+/opt/puppetlabs/bin/puppet agent --test --server puppetca.query.consul --noop --onetime --no-daemonize --verbose
+
+# Running Puppet agent five times with a 30-second gap between each run, stop puppet service at the end of each run
+for i in {1..5}; do
+    /opt/puppetlabs/bin/puppet agent -t --server puppet.query.consul
+    systemctl stop puppet
+    sleep 30
+done
+
+# Start and enable the puppet service at the end
+systemctl start puppet.service
+systemctl enable puppet.service
+
+# Disable the systemd service at the end
+systemctl disable puppet-initial.service

rpms/puppet-initial/resources/puppet-initial.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=Puppet Initial Service
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+ExecStart=/usr/local/bin/puppet-initial
+RemainAfterExit=true
+ExecStop=/bin/true
+
+[Install]
+WantedBy=multi-user.target

rpms/puppet-initial/scripts/build-packages.sh

@@ -0,0 +1,2 @@
+#!/usr/bin/bash
+nfpm pkg --config /app/resources/nfpm.yaml --target /app/dist --packager rpm

rpms/puppet-initial/scripts/postinstall.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+systemctl daemon-reload
+systemctl enable puppet-initial.service

rpms/puppet-initial/scripts/postremove.sh

@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+systemctl daemon-reload

rpms/puppet-initial/scripts/preinstall.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+systemctl stop puppet
+systemctl disable puppet

rpms/puppet-initial/scripts/preremove.sh

@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+systemctl stop puppet-initial.service