From e9fe2798c00a31c40ead2ce1ef69c68274de919a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Taavi=20V=C3=A4=C3=A4n=C3=A4nen?= Date: Sun, 12 Nov 2023 23:21:09 +0200 Subject: [PATCH] P:puppet: add puppet-04 on bookworm Still need to implement data migration from 03 to 04, but these changes should at least provision the Puppet services using the Debian provided packages. --- manifests/site.pp | 5 ++ .../files/puppet/server/puppet-merge.sh | 8 ++- modules/profile/manifests/puppet/puppetdb.pp | 15 ++++- modules/profile/manifests/puppet/server.pp | 63 +++++++++++++++---- .../puppet/puppetdb/config/config.ini.erb | 6 +- .../templates/puppet/server/default.erb | 28 ++------- .../templates/puppet/server/puppet.conf.erb | 10 +-- .../tarsnap-keys/puppet-04.ops.jquery.net.key | 1 + 8 files changed, 89 insertions(+), 47 deletions(-) create mode 100644 test_data/private/files/tarsnap-keys/puppet-04.ops.jquery.net.key diff --git a/manifests/site.pp b/manifests/site.pp index dfe82e6..a71c38e 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -42,6 +42,11 @@ role('puppet') } +# 2 CPU, 4 GB mem, Debian 12 Bookworm +node 'puppet-04.ops.jquery.net' { + role('puppet') +} + # 2 CPU, 4 GB mem, Debian 11 Bullseye, 80 GB disk node 'swarm-02.ops.jquery.net' { role('testswarm') diff --git a/modules/profile/files/puppet/server/puppet-merge.sh b/modules/profile/files/puppet/server/puppet-merge.sh index c5f6106..e7a172b 100644 --- a/modules/profile/files/puppet/server/puppet-merge.sh +++ b/modules/profile/files/puppet/server/puppet-merge.sh @@ -1,4 +1,10 @@ #!/bin/bash set -euo pipefail -sudo -u gitpuppet g10k -config /etc/puppetlabs/g10k.yaml + +G10K_CONFIG_FILE=/etc/puppet/g10k.yaml +if [ ! -f "$G10K_CONFIG_FILE" ]; then + G10K_CONFIG_FILE=/etc/puppetlabs/g10k.yaml +fi + +sudo -u gitpuppet g10k -config "$G10K_CONFIG_FILE" diff --git a/modules/profile/manifests/puppet/puppetdb.pp b/modules/profile/manifests/puppet/puppetdb.pp index 208c9e7..303411f 100644 --- a/modules/profile/manifests/puppet/puppetdb.pp +++ b/modules/profile/manifests/puppet/puppetdb.pp @@ -13,9 +13,18 @@ ensure => installed, } - $puppetservers = [$::facts['fqdn']] + $puppetservers = jqlib::resource_hosts('class', 'profile::puppet::server') - file { '/etc/puppetlabs/puppetdb/cert-allowlist': + $config_path = debian::codename() ? { + 'bullseye' => '/etc/puppetlabs/puppetdb', + default => '/etc/puppetdb', + } + $var_path = debian::codename() ? { + 'bullseye' => '/opt/puppetlabs/server/data/puppetdb', + default => '/var/lib/puppetdb', + } + + file { "${config_path}/cert-allowlist": ensure => file, mode => '0444', content => "${puppetservers.join("\n")}\n", @@ -23,7 +32,7 @@ } ['config.ini', 'database.ini'].each |String $file| { - file { "/etc/puppetlabs/puppetdb/conf.d/${file}": + file { "${config_path}/conf.d/${file}": ensure => file, mode => '0440', group => 'puppetdb', diff --git a/modules/profile/manifests/puppet/server.pp b/modules/profile/manifests/puppet/server.pp index 87e0c9b..8fc647c 100644 --- a/modules/profile/manifests/puppet/server.pp +++ b/modules/profile/manifests/puppet/server.pp @@ -7,9 +7,44 @@ ) { include profile::puppet::common + $termini_package = debian::codename() ? { + 'bullseye' => 'puppetdb-termini', + default => 'puppet-terminus-puppetdb', + } + + $server_config_path = debian::codename() ? { + 'bullseye' => '/etc/puppetlabs/puppetserver', + default => '/etc/puppet/puppetserver', + } + + $server_var_dir = debian::codename() ? { + 'bullseye' => '/opt/puppetlabs/server/data/puppetserver', + default => '/var/lib/puppetserver', + } + + $server_run_dir = debian::codename() ? { + 'bullseye' => '/var/run/puppetlabs/puppetserver', + default => '/run/puppetserver', + } + + $server_log_dir = debian::codename() ? { + 'bullseye' => '/var/log/puppetlabs/puppetserver', + default => '/var/log/puppetserver', + } + + $code_path = debian::codename() ? { + 'bullseye' => '/etc/puppetlabs/code', + default => '/etc/puppet/code', + } + + $g10k_config_path = debian::codename() ? { + 'bullseye' => '/etc/puppetlabs/g10k.yaml', + default => '/etc/puppet/g10k.yaml', + } + package { [ 'puppetserver', - 'puppetdb-termini', + $termini_package, 'g10k', # for the htpasswd tool @@ -23,11 +58,11 @@ } exec { 'remove-old-code-dir': - command => '/usr/bin/mv /etc/puppetlabs/code /etc/puppetlabs/code-old', - creates => '/etc/puppetlabs/code-old', + command => "/usr/bin/mv ${code_path} ${code_path}-old", + creates => "${code_path}-old", } - file { '/etc/puppetlabs/code': + file { $code_path: ensure => directory, owner => 'gitpuppet', group => 'gitpuppet', @@ -41,10 +76,10 @@ ensure => directory, } - $g10k_deploy_base_path = '/etc/puppetlabs/code/environments' + $g10k_deploy_base_path = "${code_path}/environments" $private_repo_dir = '/srv/git/puppet/private' - file { '/etc/puppetlabs/g10k.yaml': + file { $g10k_config_path: ensure => file, content => template('profile/puppet/server/g10k.yaml.erb'), owner => 'root', @@ -54,11 +89,11 @@ } exec { 'g10k': - command => '/usr/bin/g10k -config /etc/puppetlabs/g10k.yaml', + command => "/usr/bin/g10k -config ${g10k_config_path}", user => 'gitpuppet', refreshonly => true, logoutput => true, - require => File['/etc/puppetlabs/code'], + require => File[$code_path], } file { '/usr/local/bin/puppet-merge': @@ -94,7 +129,10 @@ require => Exec['git-init-puppet-private'], } - file { '/etc/puppetlabs/hieradata': + file { [ + '/etc/puppetlabs/hieradata', + '/etc/puppet/hieradata' + ]: ensure => absent, recurse => true, force => true, @@ -115,7 +153,7 @@ Concat[$::profile::puppet::common::config_file] ~> Service['puppetserver'] ['puppetserver.conf'].each |String $file| { - file { "/etc/puppetlabs/puppetserver/conf.d/${file}": + file { "${server_config_path}/conf.d/${file}": ensure => file, mode => '0440', group => 'puppet', @@ -124,14 +162,14 @@ } } - file { '/etc/puppetlabs/puppet/routes.yaml': + file { "${profile::puppet::common::config_path}/routes.yaml": ensure => file, mode => '0444', content => template('profile/puppet/server/routes.yaml.erb'), notify => Service['puppetserver'], } - file { '/etc/puppetlabs/puppet/puppetdb.conf': + file { "${profile::puppet::common::config_path}/puppetdb.conf": ensure => file, mode => '0444', content => template('profile/puppet/server/puppetdb.conf.erb'), @@ -196,7 +234,6 @@ mode => '0550', } - include profile::ssh::ca # Expose SSH keys so users can verify them diff --git a/modules/profile/templates/puppet/puppetdb/config/config.ini.erb b/modules/profile/templates/puppet/puppetdb/config/config.ini.erb index c078e42..018b4a7 100644 --- a/modules/profile/templates/puppet/puppetdb/config/config.ini.erb +++ b/modules/profile/templates/puppet/puppetdb/config/config.ini.erb @@ -1,13 +1,13 @@ [global] # Store mq/db data in a custom directory -vardir = /opt/puppetlabs/server/data/puppetdb +vardir = <%= @var_path %> # Use an external logback config file -logging-config = /etc/puppetlabs/puppetdb/logback.xml +logging-config = <%= @config_path %>/logback.xml [puppetdb] -certificate-allowlist = /etc/puppetlabs/puppetdb/cert-allowlist +certificate-allowlist = <%= @config_path %>/cert-allowlist [command-processing] # How many command-processing threads to use, defaults to (CPUs / 2) diff --git a/modules/profile/templates/puppet/server/default.erb b/modules/profile/templates/puppet/server/default.erb index 8425849..769d05d 100644 --- a/modules/profile/templates/puppet/server/default.erb +++ b/modules/profile/templates/puppet/server/default.erb @@ -1,8 +1,3 @@ -########################################### -# Init settings for puppetserver -########################################### - -# Location of your Java binary (version 8) JAVA_BIN="/usr/bin/java" # Modify this if you'd like to change the memory allocation, enable JMX, etc @@ -10,31 +5,20 @@ JAVA_ARGS="-Xms<%= @java_memory %> -Xmx<%= @java_memory %> -Djruby.logger.class= # Modify this as you would JAVA_ARGS but for non-service related subcommands JAVA_ARGS_CLI="${JAVA_ARGS_CLI:-}" - -# Modify this if you'd like TrapperKeeper specific arguments TK_ARGS="" -# These normally shouldn't need to be edited if using OS packages USER="puppet" GROUP="puppet" +<%- if @server_config_path == '/etc/puppetlabs/puppetserver' -%> INSTALL_DIR="/opt/puppetlabs/server/apps/puppetserver" CONFIG="/etc/puppetlabs/puppetserver/conf.d" - -# Bootstrap path BOOTSTRAP_CONFIG="/etc/puppetlabs/puppetserver/services.d/,/opt/puppetlabs/server/apps/puppetserver/config/services.d/" +<%- else -%> +INSTALL_DIR="/usr/share/puppetserver" +CONFIG="/etc/puppet/puppetserver/conf.d" +BOOTSTRAP_CONFIG="/etc/puppet/puppetserver/services.d" +<%- end -%> -# SERVICE_STOP_RETRIES can be set here to alter the default stop timeout in -# seconds. For systemd, the shorter of this setting or 'TimeoutStopSec' in -# the systemd.service definition will effectively be the timeout which is used. SERVICE_STOP_RETRIES=60 - -# START_TIMEOUT can be set here to alter the default startup timeout in -# seconds. For systemd, the shorter of this setting or 'TimeoutStartSec' -# in the service's systemd.service configuration file will effectively be the -# timeout which is used. START_TIMEOUT=300 - - -# Maximum number of seconds that can expire for a service reload attempt before -# the result of the attempt is interpreted as a failure. RELOAD_TIMEOUT=120 diff --git a/modules/profile/templates/puppet/server/puppet.conf.erb b/modules/profile/templates/puppet/server/puppet.conf.erb index 8919413..8c6abea 100644 --- a/modules/profile/templates/puppet/server/puppet.conf.erb +++ b/modules/profile/templates/puppet/server/puppet.conf.erb @@ -1,9 +1,9 @@ [server] -vardir = /opt/puppetlabs/server/data/puppetserver -logdir = /var/log/puppetlabs/puppetserver -rundir = /var/run/puppetlabs/puppetserver -pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid -codedir = /etc/puppetlabs/code +vardir = <%= @server_var_dir %> +logdir = <%= @server_log_dir %> +rundir = <%= @server_run_dir %> +pidfile = <%= @server_run_dir %>/puppetserver.pid +codedir = <%= @code_path %> environment = <%= @environment %> [master] diff --git a/test_data/private/files/tarsnap-keys/puppet-04.ops.jquery.net.key b/test_data/private/files/tarsnap-keys/puppet-04.ops.jquery.net.key new file mode 100644 index 0000000..acbc962 --- /dev/null +++ b/test_data/private/files/tarsnap-keys/puppet-04.ops.jquery.net.key @@ -0,0 +1 @@ +fake