Puppet Class: puppet::server::setup

Inherits:
puppet::params
Defined in:
manifests/server/setup.pp

Summary

Puppet server environment setup

Overview

puppet::server::setup

This class setup dynamic environments using r10k invocation. If r10k is not configured, than it will setup it from template

Examples:

include puppet::server::setup

Parameters:

  • r10k_config_setup (Boolean) (defaults to: $puppet::r10k_config_setup)
  • r10k_yaml_template (String) (defaults to: $puppet::r10k_yaml_template)
  • r10k_crontab_setup (Boolean) (defaults to: $puppet::r10k_crontab_setup)
  • production_remote (String) (defaults to: $puppet::production_remote)
  • use_common_env (Boolean) (defaults to: $puppet::use_common_env)
  • common_remote (String) (defaults to: $puppet::common_remote)
  • use_enc (Boolean) (defaults to: $puppet::use_enc)
  • enc_remote (String) (defaults to: $puppet::enc_remote)
  • cachedir (Stdlib::Absolutepath) (defaults to: $puppet::params::r10k_cachedir)
  • r10k_config_file (Stdlib::Absolutepath) (defaults to: $puppet::params::r10k_config_file)
  • r10k_path (Stdlib::Absolutepath) (defaults to: $puppet::params::r10k_path)
  • environmentpath (Stdlib::Absolutepath) (defaults to: $puppet::params::environmentpath)
  • eyaml_keys_path (Stdlib::Absolutepath) (defaults to: $puppet::params::eyaml_keys_path)
  • eyaml_public_key (String) (defaults to: $puppet::params::eyaml_public_key)
  • eyaml_private_key (String) (defaults to: $puppet::params::eyaml_private_key)
  • setup_on_each_run (Boolean) (defaults to: $puppet::environment_setup_on_each_run)
  • environment_setup_timeout (Integer) (defaults to: 900) 


10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
 
# File 'manifests/server/setup.pp', line 10

class puppet::server::setup (
  Boolean $r10k_config_setup = $puppet::r10k_config_setup,
  String  $r10k_yaml_template = $puppet::r10k_yaml_template,
  Boolean $r10k_crontab_setup = $puppet::r10k_crontab_setup,
  String  $production_remote = $puppet::production_remote,
  Boolean $use_common_env = $puppet::use_common_env,
  String  $common_remote = $puppet::common_remote,
  Boolean $use_enc = $puppet::use_enc,
  String  $enc_remote = $puppet::enc_remote,
  Stdlib::Absolutepath $cachedir = $puppet::params::r10k_cachedir,
  Stdlib::Absolutepath $r10k_config_file = $puppet::params::r10k_config_file,
  Stdlib::Absolutepath $r10k_path = $puppet::params::r10k_path,
  Stdlib::Absolutepath $environmentpath = $puppet::params::environmentpath,
  Stdlib::Absolutepath $eyaml_keys_path = $puppet::params::eyaml_keys_path,
  String $eyaml_public_key = $puppet::params::eyaml_public_key,
  String $eyaml_private_key = $puppet::params::eyaml_private_key,
  Boolean $setup_on_each_run = $puppet::environment_setup_on_each_run,
  Integer $environment_setup_timeout = 900,
) inherits puppet::params {
  include puppet::agent::install
  include puppet::r10k::install

  # /opt/puppetlabs/puppet/cache/r10k
  $r10k_vardir = "${facts['puppet_vardir']}/r10k"
  exec { 'r10k-vardir':
    command => "mkdir -p ${r10k_vardir}",
    creates => $r10k_vardir,
    path    => '/bin:/usr/bin',
  }

  # this should be one time installation
  file { "${r10k_vardir}/r10k.yaml":
    content => template($r10k_yaml_template),
    mode    => '0600',
    owner   => 'root',
    group   => 'root',
    notify  => Exec['r10k-config'],
    require => Exec['r10k-vardir'],
  }

  $r10k_config_path = dirname($r10k_config_file)
  # exec in order to avoid conflict with r10k module
  exec { 'r10k-confpath-setup':
    command => "mkdir -p ${r10k_config_path}",
    creates => $r10k_config_path,
    path    => '/bin:/usr/bin',
  }

  if $r10k_config_setup {
    # only if ${r10k_vardir}/r10k.yaml just created or changed
    exec { 'r10k-config':
      command     => "cp ${r10k_vardir}/r10k.yaml ${r10k_config_file}",
      refreshonly => true,
      path        => '/bin:/usr/bin',
      require     => [
        File["${r10k_vardir}/r10k.yaml"],
        Exec['r10k-confpath-setup'],
      ],
    }
  }
  else {
    # only if config file not exists
    exec { 'r10k-config':
      command => "cp ${r10k_vardir}/r10k.yaml ${r10k_config_file}",
      creates => $r10k_config_file,
      path    => '/bin:/usr/bin',
      require => [
        File["${r10k_vardir}/r10k.yaml"],
        Exec['r10k-confpath-setup'],
      ],
    }
  }

  exec { 'environment-setup':
    command     => "${r10k_path} deploy environment -p",
    cwd         => '/',
    refreshonly => !$setup_on_each_run,
    path        => '/bin:/usr/bin',
    timeout     => $environment_setup_timeout,
    require     => Exec['r10k-installation'],
    subscribe   => Exec['r10k-config'],
  }

  # Hardening of Hiera Eyaml keys
  file { $eyaml_keys_path:
    ensure => directory,
    owner  => 'puppet',
    group  => 'puppet',
    mode   => '0500',
  }

  # poka-yoke
  if '/etc/puppetlabs/puppet/' in $eyaml_keys_path {
    File <| title == $eyaml_keys_path |> {
      recurse => true,
      purge   => true,
    }
  }

  [$eyaml_public_key, $eyaml_private_key].each |$key| {
    file { "${eyaml_keys_path}/${key}":
      owner => 'puppet',
      group => 'puppet',
      mode  => '0400',
    }
  }

  if $r10k_crontab_setup {
    cron { 'r10k-crontab':
      command => "/usr/bin/flock -n /run/r10k.lock ${r10k_path} deploy environment -p",
      user    => 'root',
      minute  => '*',
      require => Exec['r10k-config'],
    }

    Class['puppet::agent::install'] -> Cron['r10k-crontab']
  }

  Class['puppet::agent::install'] -> Exec['r10k-vardir']
  Class['puppet::agent::install'] -> Exec['r10k-confpath-setup']
  Class['puppet::agent::install'] -> File[$eyaml_keys_path]
}