adding in roles and profiles

This commit is contained in:
christopher.lawrence 2020-01-10 10:39:27 +00:00
parent 510dc63838
commit 0907afdd69
14 changed files with 153 additions and 29 deletions

View File

@ -14,10 +14,10 @@ mod 'ghoneycutt-ssh', '3.61.0'
# Modules from Git
# Examples: https://github.com/puppetlabs/r10k/blob/master/doc/puppetfile.mkd#examples
#mod 'apache',
# mod 'apache',
# git: 'https://github.com/puppetlabs/puppetlabs-apache',
# commit: '1b6f89afdde0df7f9433a163d5c4b5328eac5779'
#mod 'apache',
# mod 'apache',
# git: 'https://github.com/puppetlabs/puppetlabs-apache',
# branch: 'docs_experiment'

View File

@ -25,7 +25,16 @@ File { backup => false }
#
# For more on node definitions, see: https://puppet.com/docs/puppet/latest/lang_node_definitions.html
node default {
# This is where you can declare classes for all nodes.
# Example:
# class { 'my_class': }
if $trusted['extentions']['pp_role'] {
include ($trusted['extentions']['pp_role'])
} else {
fail('This node has no role')
}
}
node 'puppet' {
include role::puppetserver
}

View File

@ -1,5 +1,35 @@
class profile::base {
#the base profile should include component modules that will be on all nodes
class profile::base (
Boolean $firewall = false,
Boolean $lvm = false,
Boolean $ntp = false,
Boolean $puppet = false,
Boolean $repos = false,
Boolean $resolver = false,
Boolean $ssh = true,
Boolean $selinux = true,
) {
if $firewall {
class { '::profile::base::firewall': }
}
if $lvm {
class { '::profile::base::lvm': }
}
if $ntp {
class { '::profile::base::time': }
}
if $puppet {
class { '::profile::base::puppet': }
}
if $repos {
class { '::profile::base::repositories': }
}
if $resolver {
class { '::profile::base::resolver': }
}
if $ssh {
class { '::profile::base::ssh': }
}
if $selinux {
class { '::profile::base::selinux': }
}
}

View File

@ -0,0 +1,7 @@
class profile::base::selinux (
String $mode = 'disabled',
) {
class { '::selinux':
mode => $mode,
}
}

View File

@ -0,0 +1,19 @@
class profile::bootstrap::ssh (
Hash $config_entries = {},
String $permit_root_login = 'no',
String $ssh_config_forward_agent = 'no',
String $sshd_config_allowagentforwarding = 'no',
Hash $sshd_config_match = {},
String $sshd_config_port = '22',
String $sshd_password_authentication = 'no'
) {
class { '::ssh':
config_entries => $config_entries,
permit_root_login => $permit_root_login,
ssh_config_forward_agent => $ssh_config_forward_agent,
sshd_config_allowagentforwarding => $sshd_config_allowagentforwarding,
sshd_config_match => $sshd_config_match,
sshd_config_port => $sshd_config_port,
sshd_password_authentication => $sshd_password_authentication,
}
}

View File

@ -1,3 +0,0 @@
class profile::example {
}

View File

@ -0,0 +1,11 @@
class profile::puppet (
Boolean $puppetserver = true,
Boolean $authority = true,
) {
if $puppetserver {
class { '::profile::puppet::puppetserver': }
}
if $authority {
class { '::profile::puppet::authority': }
}
}

View File

@ -0,0 +1,23 @@
class profile::puppet::authority {
ini_setting { 'policy-based autosigning':
setting => 'autosign',
path => "${confdir}/puppet.conf",
section => 'master',
value => '/opt/puppetlabs/puppet/bin/autosign-validator',
notify => Service['pe-puppetserver'],
}
class { ::autosign:
ensure => 'latest',
config => {
'general' => {
'loglevel' => 'INFO',
},
'jwt_token' => {
'secret' => 'puppet'
'validity' => '0',
}
},
}
}

View File

@ -0,0 +1,34 @@
class profile::puppet::puppetserver {
ini_setting { 'hiera_config':
ensure => present,
path => $::settings::config,
section => 'master',
setting => 'hiera_config',
value => "${::settings::environmentpath}/production/hiera.yaml",
}
file { "${::settings::confdir}/hiera.yaml":
ensure => absent,
}
package { 'puppetserver hiera-eyaml':
ensure => present,
name => 'hiera-eyaml',
provider => 'puppetserver_gem',
notify => Service['pe-puppetserver'],
}
package { 'puppet hiera-eyaml':
ensure => present,
name => 'hiera-eyaml',
provider => 'puppet_gem',
}
file { ['/etc/puppetlabs/secure', '/etc/puppetlabs/secure/keys']:
ensure => directory,
owner => 'pe-puppet',
group => 'pe-puppet',
mode => '0750',
}
}

View File

@ -1,7 +0,0 @@
class role::database_server {
#This role would be made of all the profiles that need to be included to make a database server work
#All roles should include the base profile
include profile::base
}

View File

@ -1,3 +0,0 @@
class role::example {
}

View File

@ -0,0 +1,5 @@
class role::node {
include profile::base
}

View File

@ -0,0 +1,6 @@
class role::puppetserver {
include profile::base
include profile::puppet
}

View File

@ -1,7 +0,0 @@
class role::webserver {
#This role would be made of all the profiles that need to be included to make a webserver work
#All roles should include the base profile
include profile::base
}