adding in roles and profiles

Puppetfile

@@ -14,10 +14,10 @@ mod 'ghoneycutt-ssh', '3.61.0'
 
 # Modules from Git
 # Examples: https://github.com/puppetlabs/r10k/blob/master/doc/puppetfile.mkd#examples
-#mod 'apache',
+# mod 'apache',
 #  git:    'https://github.com/puppetlabs/puppetlabs-apache',
 #  commit: '1b6f89afdde0df7f9433a163d5c4b5328eac5779'
 
-#mod 'apache',
+# mod 'apache',
 #  git:    'https://github.com/puppetlabs/puppetlabs-apache',
 #  branch: 'docs_experiment'

manifests/site.pp

@@ -25,7 +25,16 @@ File { backup => false }
 #
 # For more on node definitions, see: https://puppet.com/docs/puppet/latest/lang_node_definitions.html
 node default {
-  # This is where you can declare classes for all nodes.
-  # Example:
-  #   class { 'my_class': }
+
+    if $trusted['extentions']['pp_role'] {
+      include ($trusted['extentions']['pp_role'])
+    } else {
+    fail('This node has no role')
+  }
+}
+
+node 'puppet' {
+
+    include role::puppetserver
+
 }

site-modules/profile/manifests/base.pp

@@ -1,5 +1,35 @@
-class profile::base {
-
-  #the base profile should include component modules that will be on all nodes
-
+class profile::base (
+  Boolean $firewall = false,
+  Boolean $lvm      = false,
+  Boolean $ntp      = false,
+  Boolean $puppet   = false,
+  Boolean $repos    = false,
+  Boolean $resolver = false,
+  Boolean $ssh      = true,
+  Boolean $selinux  = true,
+) {
+  if $firewall {
+    class { '::profile::base::firewall': }
+  }
+  if $lvm {
+    class { '::profile::base::lvm': }
+  }
+  if $ntp {
+    class { '::profile::base::time': }
+  }
+  if $puppet {
+    class { '::profile::base::puppet': }
+  }
+  if $repos {
+    class { '::profile::base::repositories': }
+  }
+  if $resolver {
+    class { '::profile::base::resolver': }
+  }
+  if $ssh {
+    class { '::profile::base::ssh': }
+  }
+  if $selinux {
+    class { '::profile::base::selinux': }
+  }
 }

site-modules/profile/manifests/base/selinux.pp

@@ -0,0 +1,7 @@
+class profile::base::selinux (
+  String $mode = 'disabled',
+) {
+  class { '::selinux':
+    mode => $mode,
+  }
+}

site-modules/profile/manifests/base/ssh.pp

@@ -0,0 +1,19 @@
+class profile::bootstrap::ssh (
+  Hash $config_entries = {},
+  String $permit_root_login = 'no',
+  String $ssh_config_forward_agent = 'no',
+  String $sshd_config_allowagentforwarding = 'no',
+  Hash $sshd_config_match = {},
+  String $sshd_config_port = '22',
+  String $sshd_password_authentication = 'no'
+) {
+  class { '::ssh':
+    config_entries                   => $config_entries,
+    permit_root_login                => $permit_root_login,
+    ssh_config_forward_agent         => $ssh_config_forward_agent,
+    sshd_config_allowagentforwarding => $sshd_config_allowagentforwarding,
+    sshd_config_match                => $sshd_config_match,
+    sshd_config_port                 => $sshd_config_port,
+    sshd_password_authentication     => $sshd_password_authentication,
+  }
+}

site-modules/profile/manifests/example.pp

@@ -1,3 +0,0 @@
-class profile::example {
-
-}

site-modules/profile/manifests/puppet.pp

@@ -0,0 +1,11 @@
+class profile::puppet (
+  Boolean $puppetserver = true,
+  Boolean $authority    = true,
+) {
+  if $puppetserver {
+    class { '::profile::puppet::puppetserver': }
+  }
+  if $authority {
+    class { '::profile::puppet::authority': }
+  }
+}

site-modules/profile/manifests/puppet/authority.pp

@@ -0,0 +1,23 @@
+class profile::puppet::authority {
+
+  ini_setting { 'policy-based autosigning':
+    setting => 'autosign',
+    path    => "${confdir}/puppet.conf",
+    section => 'master',
+    value   => '/opt/puppetlabs/puppet/bin/autosign-validator',
+    notify  => Service['pe-puppetserver'],
+  }
+
+  class { ::autosign:
+    ensure => 'latest',
+    config => {
+      'general' => {
+        'loglevel' => 'INFO',
+      },
+      'jwt_token' => {
+        'secret'   => 'puppet'
+        'validity' => '0',
+      }
+    },
+  }
+}

site-modules/profile/manifests/puppet/puppet.pp

@@ -0,0 +1,34 @@
+class profile::puppet::puppetserver {
+
+  ini_setting { 'hiera_config':
+    ensure => present,
+    path => $::settings::config,
+    section => 'master',
+    setting => 'hiera_config',
+    value => "${::settings::environmentpath}/production/hiera.yaml",
+  }
+
+  file { "${::settings::confdir}/hiera.yaml":
+    ensure => absent,
+  }
+
+  package { 'puppetserver hiera-eyaml':
+    ensure   => present,
+    name     => 'hiera-eyaml',
+    provider => 'puppetserver_gem',
+    notify   => Service['pe-puppetserver'],
+  }
+
+  package { 'puppet hiera-eyaml':
+    ensure   => present,
+    name     => 'hiera-eyaml',
+    provider => 'puppet_gem',
+  }
+
+  file { ['/etc/puppetlabs/secure', '/etc/puppetlabs/secure/keys']:
+    ensure => directory,
+    owner  => 'pe-puppet',
+    group  => 'pe-puppet',
+    mode   => '0750',
+  }
+}

site-modules/role/manifests/database_server.pp

@@ -1,7 +0,0 @@
-class role::database_server {
-
-  #This role would be made of all the profiles that need to be included to make a database server work
-  #All roles should include the base profile
-  include profile::base
-
-}

site-modules/role/manifests/example.pp

@@ -1,3 +0,0 @@
-class role::example {
-
-}

site-modules/role/manifests/node.pp

@@ -0,0 +1,5 @@
+class role::node {
+
+    include profile::base
+
+}

site-modules/role/manifests/puppetserver.pp

@@ -0,0 +1,6 @@
+class role::puppetserver {
+
+  include profile::base
+  include profile::puppet
+
+}

site-modules/role/manifests/webserver.pp

@@ -1,7 +0,0 @@
-class role::webserver {
-
-  #This role would be made of all the profiles that need to be included to make a webserver work
-  #All roles should include the base profile
-  include profile::base
-
-}