adding in roles and profiles

2020-01-10 10:39:27 +00:00 · 2020-01-10 10:39:27 +00:00 · 0907afdd69
commit 0907afdd69
parent 510dc63838
14 changed files with 153 additions and 29 deletions
--- a/manifests/site.pp
+++ b/manifests/site.pp
@ -25,7 +25,16 @@ File { backup => false }
 #
 # For more on node definitions, see: https://puppet.com/docs/puppet/latest/lang_node_definitions.html
 node default {
-  # This is where you can declare classes for all nodes.
-  # Example:
-  #   class { 'my_class': }
+
+    if $trusted['extentions']['pp_role'] {
+      include ($trusted['extentions']['pp_role'])
+    } else {
+    fail('This node has no role')
+  }
+}
+
+node 'puppet' {
+
+    include role::puppetserver
+
 }
--- a/site-modules/profile/manifests/base.pp
+++ b/site-modules/profile/manifests/base.pp
@ -1,5 +1,35 @@
-class profile::base {
-
-  #the base profile should include component modules that will be on all nodes
-
+class profile::base (
+  Boolean $firewall = false,
+  Boolean $lvm      = false,
+  Boolean $ntp      = false,
+  Boolean $puppet   = false,
+  Boolean $repos    = false,
+  Boolean $resolver = false,
+  Boolean $ssh      = true,
+  Boolean $selinux  = true,
+) {
+  if $firewall {
+    class { '::profile::base::firewall': }
+  }
+  if $lvm {
+    class { '::profile::base::lvm': }
+  }
+  if $ntp {
+    class { '::profile::base::time': }
+  }
+  if $puppet {
+    class { '::profile::base::puppet': }
+  }
+  if $repos {
+    class { '::profile::base::repositories': }
+  }
+  if $resolver {
+    class { '::profile::base::resolver': }
+  }
+  if $ssh {
+    class { '::profile::base::ssh': }
+  }
+  if $selinux {
+    class { '::profile::base::selinux': }
+  }
 }
--- a/site-modules/profile/manifests/base/selinux.pp
+++ b/site-modules/profile/manifests/base/selinux.pp
@ -0,0 +1,7 @@
+class profile::base::selinux (
+  String $mode = 'disabled',
+) {
+  class { '::selinux':
+    mode => $mode,
+  }
+}
--- a/site-modules/profile/manifests/base/ssh.pp
+++ b/site-modules/profile/manifests/base/ssh.pp
@ -0,0 +1,19 @@
+class profile::bootstrap::ssh (
+  Hash $config_entries = {},
+  String $permit_root_login = 'no',
+  String $ssh_config_forward_agent = 'no',
+  String $sshd_config_allowagentforwarding = 'no',
+  Hash $sshd_config_match = {},
+  String $sshd_config_port = '22',
+  String $sshd_password_authentication = 'no'
+) {
+  class { '::ssh':
+    config_entries                   => $config_entries,
+    permit_root_login                => $permit_root_login,
+    ssh_config_forward_agent         => $ssh_config_forward_agent,
+    sshd_config_allowagentforwarding => $sshd_config_allowagentforwarding,
+    sshd_config_match                => $sshd_config_match,
+    sshd_config_port                 => $sshd_config_port,
+    sshd_password_authentication     => $sshd_password_authentication,
+  }
+}
--- a/site-modules/profile/manifests/example.pp
+++ b/site-modules/profile/manifests/example.pp
@ -1,3 +0,0 @@
-class profile::example {
-
-}
--- a/site-modules/profile/manifests/puppet.pp
+++ b/site-modules/profile/manifests/puppet.pp
@ -0,0 +1,11 @@
+class profile::puppet (
+  Boolean $puppetserver = true,
+  Boolean $authority    = true,
+) {
+  if $puppetserver {
+    class { '::profile::puppet::puppetserver': }
+  }
+  if $authority {
+    class { '::profile::puppet::authority': }
+  }
+}
--- a/site-modules/profile/manifests/puppet/authority.pp
+++ b/site-modules/profile/manifests/puppet/authority.pp
@ -0,0 +1,23 @@
+class profile::puppet::authority {
+
+  ini_setting { 'policy-based autosigning':
+    setting => 'autosign',
+    path    => "${confdir}/puppet.conf",
+    section => 'master',
+    value   => '/opt/puppetlabs/puppet/bin/autosign-validator',
+    notify  => Service['pe-puppetserver'],
+  }
+
+  class { ::autosign:
+    ensure => 'latest',
+    config => {
+      'general' => {
+        'loglevel' => 'INFO',
+      },
+      'jwt_token' => {
+        'secret'   => 'puppet'
+        'validity' => '0',
+      }
+    },
+  }
+}
--- a/site-modules/profile/manifests/puppet/puppet.pp
+++ b/site-modules/profile/manifests/puppet/puppet.pp
@ -0,0 +1,34 @@
+class profile::puppet::puppetserver {
+
+  ini_setting { 'hiera_config':
+    ensure => present,
+    path => $::settings::config,
+    section => 'master',
+    setting => 'hiera_config',
+    value => "${::settings::environmentpath}/production/hiera.yaml",
+  }
+
+  file { "${::settings::confdir}/hiera.yaml":
+    ensure => absent,
+  }
+
+  package { 'puppetserver hiera-eyaml':
+    ensure   => present,
+    name     => 'hiera-eyaml',
+    provider => 'puppetserver_gem',
+    notify   => Service['pe-puppetserver'],
+  }
+
+  package { 'puppet hiera-eyaml':
+    ensure   => present,
+    name     => 'hiera-eyaml',
+    provider => 'puppet_gem',
+  }
+
+  file { ['/etc/puppetlabs/secure', '/etc/puppetlabs/secure/keys']:
+    ensure => directory,
+    owner  => 'pe-puppet',
+    group  => 'pe-puppet',
+    mode   => '0750',
+  }
+}
--- a/site-modules/role/manifests/database_server.pp
+++ b/site-modules/role/manifests/database_server.pp
@ -1,7 +0,0 @@
-class role::database_server {
-
-  #This role would be made of all the profiles that need to be included to make a database server work
-  #All roles should include the base profile
-  include profile::base
-
-}
--- a/site-modules/role/manifests/example.pp
+++ b/site-modules/role/manifests/example.pp
@ -1,3 +0,0 @@
-class role::example {
-
-}
--- a/site-modules/role/manifests/node.pp
+++ b/site-modules/role/manifests/node.pp
@ -0,0 +1,5 @@
+class role::node {
+
+    include profile::base
+
+}
--- a/site-modules/role/manifests/puppetserver.pp
+++ b/site-modules/role/manifests/puppetserver.pp
@ -0,0 +1,6 @@
+class role::puppetserver {
+
+  include profile::base
+  include profile::puppet
+
+}
--- a/site-modules/role/manifests/webserver.pp
+++ b/site-modules/role/manifests/webserver.pp
@ -1,7 +0,0 @@
-class role::webserver {
-
-  #This role would be made of all the profiles that need to be included to make a webserver work
-  #All roles should include the base profile
-  include profile::base
-
-}