manifests/puppetserver.pp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

# @summary Set up puppet server.
#
# Configures the puppet server, along with default hiera syst.m
#
# @param hiera
#   Global hiera configuration for the server. The default is something
#   sensible, mostly here so we can populate our classes through hiera
#   before this module is set up, handling bootstrap problems.
# @param public_key
# @param private_key
class profiles::puppetserver (
  Hash $hiera = {
    'version'   => 5,
    'defaults'  => {
      'datadir' => '/puppet',
    },
    'hierarchy' => [
      {
        'name'      => 'Data',
        'data_hash' => 'yaml_data',
        'paths'     => [
          'nodes/%{trusted.certname}.yaml',
          'os/name/%{facts.os.name}.yaml',
          'os/family/%{facts.os.family}.yaml',
          'common.yaml',
        ],
      }
    ]
  },
) {

  if defined(Class['profiles::puppetagent']) {
    fail('Can only either be puppetagent or puppetserver (which is also a puppetagent), not both')
  }

  # required for the git hook
  ensure_packages(['ruby'])

  file { '/usr/libexec':
    ensure => directory,
  }

  ensure_packages(['python3-yaml'])

  inifile::create_ini_settings(
    { common   => {
        node_fmt => yaml,
        nodes    => '/puppet/nodes.yaml',
      },
    },
    {
      path => '/etc/node-classifier.ini',
    }
  )

  file { '/usr/libexec/external-node-classifier':
    mode   => '0555',
    source => 'puppet:///modules/profiles/node-classifier.py',
  }

  class { 'puppet':
    server                  => true,
    show_diff               => true,
    server_foreman          => false,
    server_reports          => 'puppetdb',
    server_storeconfigs     => true,
    server_git_repo         => true,
    server_git_repo_path    => '/var/lib/puppet.git',
    server_external_nodes   => '/usr/libexec/external-node-classifier',
    server_strict_variables => true,
    autosign_entries        => [
      '*.adrift.space',
    ],
  }

  # This is the default value, and shouldn't have to be set (which is
  # why theforeman-puppet module doesnt), but puppetlabs-puppetdb
  # does, which forecus us into an infinite restart loop since
  # the main config is constantly changed
  if ! defined(Puppet::Config::Master['storeconfigs_backend']) {
    puppet::config::master { 'storeconfigs_backend':
      value => 'puppetdb',
    }
  }

  # TODO
  # apt install puppetdb-termini

  file { '/etc/puppetlabs/puppet/hiera.yaml':
    ensure  => file,
    content => hash2yaml($hiera, {
      'header' => '# This file is managed by puppet',
    }),
  }

  include profiles::eyaml_master
}