diff --git a/Puppetfile b/Puppetfile
index 37924b6b..2bb1e20d 100644
--- a/Puppetfile
+++ b/Puppetfile
@@ -23,3 +23,11 @@ mod 'saz/sudo', '8.0.0'
mod 'puppet/github_actions_runner', '1.1.0'
mod 'puppet/nftables', '4.0.0'
mod 'puppetlabs/docker', '10.0.1'
+mod 'theforeman/puppetserver_foreman', '4.0.0'
+mod 'theforeman/foreman', '25.2.1'
+mod 'theforeman/foreman_proxy', '26.1.0'
+mod 'theforeman/dns', '11.0.0'
+mod 'puppetlabs/puppetdb', '8.1.0'
+mod 'puppet/redis', '11.0.0'
+mod 'puppetlabs/apache', '12.1.0'
+mod 'richardc/datacat', '0.6.2'
diff --git a/README.md b/README.md
index f801eb87..2b470483 100644
--- a/README.md
+++ b/README.md
@@ -23,3 +23,46 @@ sed -i 's#remote:.*#remote: https://github.com/voxpupuli/controlrepo.git#' /etc/
r10k deploy environment production --puppetfile --verbose
puppet apply /etc/puppetlabs/code/environments/production/manifests/site.pp --show_diff
```
+
+## Hetzner Cloud cloud-init userdata:
+
+```yaml
+#cloud-config
+---
+package_reboot_if_required: true
+package_upgrade: true
+packages:
+- git
+- ca-certificates
+repo_update: true
+repo_upgrade: all
+puppet:
+ install_type: aio
+ collection: puppet8
+ cleanup: false
+ package_name: puppet-agent
+ csr_attributes:
+ extension_requests:
+ pp_role: puppetserver
+runcmd:
+ - systemctl disable --now puppet
+ - /opt/puppetlabs/puppet/bin/gem install --no-document r10k toml
+ - cd /root && git clone https://github.com/voxpupuli/controlrepo
+ - cd /root/controlrepo && /opt/puppetlabs/puppet/bin/r10k puppetfile install --verbose
+ - /opt/puppetlabs/puppet/bin/puppet apply /root/controlrepo/manifests/site.pp --modulepath /root/controlrepo/modules:/root/controlrepo/site --show_diff --write_catalog_summary --hiera_config /root/controlrepo/hiera.yaml --summarize --graph --tags r10k,hacked_pluginsync
+ - /opt/puppetlabs/puppet/bin/r10k deploy environment --modules --verbose
+ - /opt/puppetlabs/puppet/bin/puppet apply /etc/puppetlabs/code/environments/production/manifests/site.pp --show_diff --environment production --write_catalog_summary --summarize --graph
+ - /opt/puppetlabs/puppet/bin/puppet agent -t
+ - /opt/puppetlabs/puppet/bin/puppet agent -t
+```
+
+## ToDos
+
+* setup csr_attributes (cloud-inits supports that as well)
+* write the r10k config so we can do the initial provisioning into `/etc/puppetlabs/code/environments` and not `/root`
+
+## metadata.json and dependencies
+
+the `site/profiles/metadata.json` only tracks modules that are direct
+dependencies to profiles. The `.fixtures.yml` can be autogenerated with the
+`generate_fixtures` rake task.
diff --git a/data/nodes/puppetserver.voxpupuli.org.yaml b/data/nodes/puppetserver.voxpupuli.org.yaml
new file mode 100644
index 00000000..bc1d08c2
--- /dev/null
+++ b/data/nodes/puppetserver.voxpupuli.org.yaml
@@ -0,0 +1,3 @@
+---
+profiles::puppet::server: true
+profiles::postgresql::version: '15'
diff --git a/data/roles/puppetserver.yaml b/data/roles/puppetserver.yaml
new file mode 100644
index 00000000..fa20baec
--- /dev/null
+++ b/data/roles/puppetserver.yaml
@@ -0,0 +1,3 @@
+---
+classes:
+ - profiles::puppet
diff --git a/hiera.yaml b/hiera.yaml
index 9c5d018a..d19bc03f 100644
--- a/hiera.yaml
+++ b/hiera.yaml
@@ -10,5 +10,7 @@ defaults:
hierarchy:
- name: "Per-node data"
path: "nodes/%{facts.networking.fqdn}.yaml"
+ - name: "Role data"
+ path: "roles/%{trusted.extensions.pp_role}.yaml"
- name: "one file to rule them all"
path: "global.yaml"
diff --git a/manifests/site.pp b/manifests/site.pp
index 02cd7bc1..dc380a02 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1,16 +1,21 @@
+# hack pluginsync as file resource. only required for `puppet apply` usage
+# this works by accident with puppet agent, but only on the puppetserver
+# it breaks puppet agent on other systems, so we need to guard it
+if $trusted['authenticated'] == 'local' {
+ file { $settings::libdir:
+ ensure => directory,
+ source => 'puppet:///plugins', # lint:ignore:puppet_url_without_modules
+ recurse => true,
+ purge => true,
+ backup => false,
+ noop => false,
+ tag => 'hacked_pluginsync',
+ }
+}
+
# include base profile that every node gets
contain profiles::base
-## pluginsync
-file { $::settings::libdir: # lint:ignore:top_scope_facts
- ensure => directory,
- source => 'puppet:///plugins', # lint:ignore:puppet_url_without_modules
- recurse => true,
- purge => true,
- backup => false,
- noop => false,
-}
-
# include node specific profiles
lookup('classes', Array[String[1]], 'unique', []).each |$c| {
contain $c
diff --git a/site/profiles/.fixtures.yml b/site/profiles/.fixtures.yml
index 314e69fe..fe2a594e 100644
--- a/site/profiles/.fixtures.yml
+++ b/site/profiles/.fixtures.yml
@@ -14,12 +14,16 @@ fixtures:
inifile: https://github.com/puppetlabs/puppetlabs-inifile
systemd: https://github.com/voxpupuli/puppet-systemd
postgresql: https://github.com/puppetlabs/puppetlabs-postgresql
+ puppetdb: https://github.com/puppetlabs/puppetlabs-puppetdb.git
prometheus: https://github.com/voxpupuli/puppet-prometheus.git
borg: https://github.com/voxpupuli/puppet-borg.git
puppet: https://github.com/theforeman/puppet-puppet
+ foreman: https://github.com/theforeman/puppet-foreman
+ foreman_proxy: https://github.com/theforeman/puppet-foreman_proxy
extlib: https://github.com/voxpupuli/puppet-extlib.git
nftables: https://github.com/voxpupuli/puppet-nftables.git
docker: https://github.com/puppetlabs/puppetlabs-docker
+ redis: https://github.com/voxpupuli/puppet-redis.git
archive: https://github.com/voxpupuli/puppet-archive
concat: https://github.com/puppetlabs/puppetlabs-concat
ssh_keys: https://github.com/puppetlabs/puppetlabs-sshkeys_core
diff --git a/site/profiles/REFERENCE.md b/site/profiles/REFERENCE.md
index 2815e3c4..53a599be 100644
--- a/site/profiles/REFERENCE.md
+++ b/site/profiles/REFERENCE.md
@@ -12,17 +12,19 @@
* [`profiles::borg`](#profiles--borg): configures borg backups
* [`profiles::certbot`](#profiles--certbot): configures the certbot foo. Doesn't create certificates!
* [`profiles::docker`](#profiles--docker): installs docker
+* [`profiles::foreman`](#profiles--foreman): configure foreman + plugins
* [`profiles::github_runners`](#profiles--github_runners): configures a self-hosted github runner
* [`profiles::grafana`](#profiles--grafana): installs grafana to display stats from dropsonde about Vox Pupuli modules
+* [`profiles::nftables`](#profiles--nftables): configure certain nftable rules
* [`profiles::nginx`](#profiles--nginx): multiple profiles requires nginx vhosts, this profile pulls in the nginx class/package/service setup
* [`profiles::node_exporter`](#profiles--node_exporter): install node_exporter
* [`profiles::postfix`](#profiles--postfix): installs postfix
* [`profiles::postgres_exporter`](#profiles--postgres_exporter): installs a postgres exporter
* [`profiles::postgresql`](#profiles--postgresql): install latest postgresql with upstream repositories
* [`profiles::prometheus`](#profiles--prometheus): install Prometheus
-* [`profiles::puppetagent`](#profiles--puppetagent): profile to manage puppet agent + deps
-* [`profiles::puppetcode`](#profiles--puppetcode): some resources to manage puppete code
+* [`profiles::puppet`](#profiles--puppet): configure puppet agent and server
* [`profiles::puppetmodule`](#profiles--puppetmodule): configures puppetmodule.info
+* [`profiles::redis`](#profiles--redis): configures redis on different platforms
* [`profiles::ssh`](#profiles--ssh): ssh profile to manage sshd + ssh keys
* [`profiles::ssh_keys`](#profiles--ssh_keys): configure keys from GitHubs in the authorized_keys file
* [`profiles::vpt`](#profiles--vpt): this profile will, in the future, instal Vox Pupuli Tasks
@@ -30,6 +32,9 @@
#### Private Classes
* `profiles::github_runners::ruby`: install ruby for GitHub self hosted runners
+* `profiles::puppet::code`: some resources to manage puppete code
+* `profiles::puppet::db`: installs puppetdb *on a puppetserver that also runs foreman*
+* `profiles::puppet::server_firewalling`: manages nft rules on Puppetserver/PuppetDB
### Defined types
@@ -153,6 +158,14 @@ configures the certbot foo. Doesn't create certificates!
installs docker
+### `profiles::foreman`
+
+configure foreman + plugins
+
+* **See also**
+ * `cat
+ * /opt/puppetlabs/puppet/cache/foreman_cache_data/admin_password` provides the admin password
+
### `profiles::github_runners`
configures a self-hosted github runner
@@ -287,6 +300,51 @@ Data type: `String[1]`
Default value: `$postgresql_user`
+### `profiles::nftables`
+
+configure certain nftable rules
+
+#### Parameters
+
+The following parameters are available in the `profiles::nftables` class:
+
+* [`in_ssh`](#-profiles--nftables--in_ssh)
+* [`icmp`](#-profiles--nftables--icmp)
+* [`nat`](#-profiles--nftables--nat)
+* [`out_all`](#-profiles--nftables--out_all)
+
+##### `in_ssh`
+
+Data type: `Boolean`
+
+allows incoming ssh connections
+
+Default value: `true`
+
+##### `icmp`
+
+Data type: `Boolean`
+
+allow all ICMP traffic
+
+Default value: `true`
+
+##### `nat`
+
+Data type: `Boolean`
+
+decide if the box should be allowed to handle NAT traffic
+
+Default value: `false`
+
+##### `out_all`
+
+Data type: `Boolean`
+
+Allow all outbound connections
+
+Default value: `false`
+
### `profiles::nginx`
multiple profiles requires nginx vhosts, this profile pulls in the nginx class/package/service setup
@@ -315,7 +373,7 @@ The following parameters are available in the `profiles::postgresql` class:
##### `version`
-Data type: `Enum['11', '12', '13', '14']`
+Data type: `Enum['11', '12', '13', '14', '15']`
desired postgresql version
@@ -325,13 +383,32 @@ Default value: `'13'`
install Prometheus
-### `profiles::puppetagent`
+### `profiles::puppet`
+
+configure puppet agent and server
+
+#### Parameters
+
+The following parameters are available in the `profiles::puppet` class:
+
+* [`server`](#-profiles--puppet--server)
+* [`manage_msgpack`](#-profiles--puppet--manage_msgpack)
+
+##### `server`
+
+Data type: `Boolean`
-profile to manage puppet agent + deps
+decide if the server should be configured as well
-### `profiles::puppetcode`
+Default value: `($trusted['pp_role'] == 'puppetserver'`
-some resources to manage puppete code
+##### `manage_msgpack`
+
+Data type: `Boolean`
+
+configure if we should install msgpack on the agent
+
+Default value: `($facts['os']['name'] != 'gentoo'`
### `profiles::puppetmodule`
@@ -382,6 +459,10 @@ the database user
Default value: `'puppetmodule'`
+### `profiles::redis`
+
+configures redis on different platforms
+
### `profiles::ssh`
ssh profile to manage sshd + ssh keys
diff --git a/site/profiles/manifests/base.pp b/site/profiles/manifests/base.pp
index 64a11e74..047490a9 100644
--- a/site/profiles/manifests/base.pp
+++ b/site/profiles/manifests/base.pp
@@ -27,6 +27,16 @@
package { 'snapd':
ensure => 'absent',
}
+ # do an apt update daily, don't log it, run it before packages
+ class { 'apt':
+ update => {
+ frequency => 'daily',
+ loglevel => 'debug',
+ },
+ }
+ # ensure update runs before installing packages
+ Class['apt::update'] -> Package <| provider == 'apt' |>
+
# https://www.sshaudit.com/hardening_guides.html
class { 'ssh':
storeconfigs_enabled => false,
@@ -162,12 +172,8 @@
}
}
- class { 'nftables':
- in_ssh => true,
- in_icmp => true,
- out_icmp => true,
- in_out_conntrack => true,
- reject_with => false,
- out_all => true,
- }
+ include profiles::nftables
+
+ # configure puppet agent/server
+ contain profiles::puppet
}
diff --git a/site/profiles/manifests/foreman.pp b/site/profiles/manifests/foreman.pp
new file mode 100644
index 00000000..7454725b
--- /dev/null
+++ b/site/profiles/manifests/foreman.pp
@@ -0,0 +1,55 @@
+#
+# @summary configure foreman + plugins
+#
+# @see `cat /opt/puppetlabs/puppet/cache/foreman_cache_data/admin_password` provides the admin password
+#
+class profiles::foreman {
+ require profiles::redis
+ require profiles::postgresql
+ require profiles::nftables # ensures hkp access is working to download the apt key
+
+ class { 'foreman::repo':
+ repo => '3.11',
+ }
+
+ class { 'foreman':
+ logging_type => 'journald',
+ initial_admin_username => 'admin',
+ initial_admin_first_name => 'Vox',
+ initial_admin_last_name => 'Pupuli',
+ initial_admin_email => 'pmc@voxpupuli.org',
+ register_in_foreman => true, # is a foreman 3.1+ feature
+ rails_cache_store => {
+ 'type' => 'redis',
+ 'urls' => ['localhost:6379/0'],
+ 'options' => {
+ 'compress' => 'true',
+ 'namespace' => 'foreman',
+ },
+ },
+ }
+ $packages = $facts['os']['family'] ? {
+ 'RedHat' => ['rubygem-foreman_puppet', 'rubygem-puppetdb_foreman'],
+ 'Debian' => ['ruby-foreman-puppet', 'ruby-puppetdb-foreman'],
+ }
+ $packages.each |$package| {
+ package { $package:
+ ensure => 'installed',
+ require => Package['foreman-service'],
+ notify => Service['foreman'],
+ }
+ }
+ class { 'foreman_proxy':
+ register_in_foreman => true, # is a foreman 3.1+ feature
+ puppet => true,
+ puppetca => true,
+ tftp => false,
+ dhcp => false,
+ dns => false,
+ bmc => false,
+ realm => false,
+ }
+ # open http/https in firewall
+ require nftables::rules::http
+ require nftables::rules::https
+}
diff --git a/site/profiles/manifests/grafana.pp b/site/profiles/manifests/grafana.pp
index fddaf1e9..2c813107 100644
--- a/site/profiles/manifests/grafana.pp
+++ b/site/profiles/manifests/grafana.pp
@@ -15,6 +15,7 @@
String[1] $postgresql_user = 'grafana',
String[1] $postgresql_database = $postgresql_user,
) {
+ require profiles::base
$domain = "grafana.${facts['networking']['fqdn']}"
require profiles::nginx
require profiles::certbot
diff --git a/site/profiles/manifests/nftables.pp b/site/profiles/manifests/nftables.pp
new file mode 100644
index 00000000..2d9754c8
--- /dev/null
+++ b/site/profiles/manifests/nftables.pp
@@ -0,0 +1,27 @@
+# @summary configure certain nftable rules
+#
+# @param in_ssh allows incoming ssh connections
+# @param icmp allow all ICMP traffic
+# @param nat decide if the box should be allowed to handle NAT traffic
+# @param out_all Allow all outbound connections
+#
+class profiles::nftables (
+ Boolean $in_ssh = true,
+ Boolean $icmp = true,
+ Boolean $nat = false,
+ Boolean $out_all = false
+) {
+ class { 'nftables':
+ in_ssh => $in_ssh,
+ in_icmp => $icmp,
+ out_icmp => $icmp,
+ in_out_conntrack => true,
+ inet_filter => true,
+ nat => $nat,
+ reject_with => false,
+ out_all => $out_all,
+ }
+ include nftables::rules::out::ssh
+ include nftables::rules::out::whois
+ include nftables::rules::out::hkp
+}
diff --git a/site/profiles/manifests/postgresql.pp b/site/profiles/manifests/postgresql.pp
index ae8ee370..39b8f564 100644
--- a/site/profiles/manifests/postgresql.pp
+++ b/site/profiles/manifests/postgresql.pp
@@ -6,7 +6,7 @@
# @author Tim Meusel
#
class profiles::postgresql (
- Enum['11', '12', '13', '14'] $version = '13',
+ Enum['11', '12', '13', '14', '15'] $version = '13',
) {
class { 'postgresql::globals':
encoding => 'UTF-8',
@@ -28,4 +28,12 @@
require => File['/srv/pg_dumps'],
}
contain dbbackup
+ $activity = $facts['os']['family'] ? {
+ 'RedHat' => 'pg_activity',
+ 'Debian' => 'pg-activity',
+ default => undef,
+ }
+ package { ['pgbadger', $activity,]:
+ ensure => 'installed',
+ }
}
diff --git a/site/profiles/manifests/puppet.pp b/site/profiles/manifests/puppet.pp
new file mode 100644
index 00000000..cf73e2ab
--- /dev/null
+++ b/site/profiles/manifests/puppet.pp
@@ -0,0 +1,57 @@
+# @summary configure puppet agent and server
+#
+# @param server decide if the server should be configured as well
+# @param manage_msgpack configure if we should install msgpack on the agent
+#
+# @author Tim Meusel
+#
+class profiles::puppet (
+ Boolean $server = ($trusted['pp_role'] == 'puppetserver'),
+ Boolean $manage_msgpack = ($facts['os']['name'] != 'gentoo'),
+) {
+ include profiles::puppet::code
+ if $server {
+ require profiles::foreman
+ include profiles::puppet::db
+ $params = {
+ server => true,
+ server_reports => 'puppetdb,foreman',
+ server_storeconfigs => true,
+ server_foreman => true,
+ # don't create /etc/puppetlabs/code/environments/common
+ server_common_modules_path => [],
+ server_jvm_min_heap_size => '1G',
+ server_jvm_max_heap_size => '1G',
+ #server_jvm_extra_args => ['-Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger', '-XX:+UseParallelGC'],
+ server_multithreaded => true,
+ }
+ package { 'msgpack-server':
+ ensure => 'installed',
+ provider => 'puppetserver_gem',
+ name => 'msgpack',
+ require => [Package['make'],Package['gcc'],Class['puppet']],
+ }
+ contain profiles::puppet::server_firewalling
+ } else {
+ $params = {}
+ }
+ class { 'puppet':
+ runmode => 'unmanaged',
+ unavailable_runmodes => ['cron', 'systemd.timer'],
+ * => $params,
+ }
+ if $manage_msgpack {
+ if $facts['os']['name'] == 'Archlinux' {
+ $provider = undef
+ $package = 'ruby-msgpack'
+ } else {
+ $provider = 'puppet_gem'
+ $package = 'msgpack'
+ }
+ package { $package:
+ ensure => 'installed',
+ provider => $provider,
+ require => Class['puppet'],
+ }
+ }
+}
diff --git a/site/profiles/manifests/puppetcode.pp b/site/profiles/manifests/puppet/code.pp
similarity index 78%
rename from site/profiles/manifests/puppetcode.pp
rename to site/profiles/manifests/puppet/code.pp
index d889f748..32cef404 100644
--- a/site/profiles/manifests/puppetcode.pp
+++ b/site/profiles/manifests/puppet/code.pp
@@ -3,7 +3,9 @@
#
# @author Tim Meusel
#
-class profiles::puppetcode {
+# @api private
+class profiles::puppet::code {
+ assert_private()
ssh_keygen { 'root_github':
type => 'ed25519',
filename => '/root/.ssh/id_ed25519_github',
@@ -26,19 +28,19 @@
},
}
if $facts['os']['name'] == 'Archlinux' {
- $deploy = { 'generate_types' => true, 'puppet_path' => '/usr/bin/puppet' }
+ $deploy = { 'generate_types' => true, 'exclude_spec' => true, 'puppet_path' => '/usr/bin/puppet' }
$version = 'installed'
} else {
- $deploy = { 'generate_types' => true }
+ $deploy = { 'generate_types' => true, 'exclude_spec' => true, }
# we hardcode this and update it from time to time.
# agent runs faster compared to ensure latest
- $version = '3.14.2'
+ $version = '3.16.0'
}
class { 'r10k':
pool_size => $facts['processors']['count']*2,
sources => {
'puppet' => {
- 'remote' => 'git@github.com:voxpupuli/controlrepo.git',
+ 'remote' => 'https://github.com/voxpupuli/controlrepo.git',
'basedir' => '/etc/puppetlabs/code/environments',
},
},
diff --git a/site/profiles/manifests/puppet/db.pp b/site/profiles/manifests/puppet/db.pp
new file mode 100644
index 00000000..2b1fb026
--- /dev/null
+++ b/site/profiles/manifests/puppet/db.pp
@@ -0,0 +1,26 @@
+#
+# @summary installs puppetdb *on a puppetserver that also runs foreman*
+#
+# @api private
+#
+# @author Tim Meusel
+#
+class profiles::puppet::db {
+ assert_private()
+ require profiles::postgresql
+ include postgresql::server::contrib
+ postgresql::server::extension { 'pg_trgm':
+ database => 'puppetdb',
+ require => Postgresql::Server::Db['puppetdb'],
+ before => Service['puppetdb'],
+ }
+ class { 'puppetdb':
+ manage_dbserver => false,
+ manage_firewall => false,
+ }
+ contain puppetdb
+ class { 'puppet::server::puppetdb':
+ server => $facts['networking']['fqdn'],
+ }
+ contain puppet::server::puppetdb
+}
diff --git a/site/profiles/manifests/puppet/server_firewalling.pp b/site/profiles/manifests/puppet/server_firewalling.pp
new file mode 100644
index 00000000..58b579fe
--- /dev/null
+++ b/site/profiles/manifests/puppet/server_firewalling.pp
@@ -0,0 +1,41 @@
+#
+# @summary manages nft rules on Puppetserver/PuppetDB
+#
+# @author Tim Meusel
+#
+# @api private
+class profiles::puppet::server_firewalling {
+ assert_private()
+ include profiles::nftables
+ nftables::simplerule { 'allow_puppet_4':
+ action => 'accept',
+ proto => 'tcp',
+ dport => 8140,
+ saddr => "${facts['networking']['ip']}/32",
+ }
+ nftables::simplerule { 'allow_puppet_6':
+ action => 'accept',
+ proto => 'tcp',
+ dport => 8140,
+ saddr => "${facts['networking']['ip6']}/128",
+ }
+ nftables::simplerule { 'allow_puppetdb_4':
+ action => 'accept',
+ proto => 'tcp',
+ dport => 8081,
+ saddr => "${facts['networking']['ip']}/32",
+ }
+ nftables::simplerule { 'allow_puppetdb_6':
+ action => 'accept',
+ proto => 'tcp',
+ dport => 8081,
+ saddr => "${facts['networking']['ip6']}/128",
+ }
+ # allow connections from the agent/curl to reach the PuppetDB via http/https
+ nftables::rule { 'default_out-puppetdbv6':
+ content => "tcp dport { 8080, 8081 } ip6 daddr ${facts['networking']['ip6']}/128 accept",
+ }
+ nftables::rule { 'default_out-puppetdbv4':
+ content => "tcp dport { 8080, 8081 } ip daddr ${facts['networking']['ip']}/32 accept",
+ }
+}
diff --git a/site/profiles/manifests/puppetagent.pp b/site/profiles/manifests/puppetagent.pp
deleted file mode 100644
index c079a3fe..00000000
--- a/site/profiles/manifests/puppetagent.pp
+++ /dev/null
@@ -1,18 +0,0 @@
-#
-# @summary profile to manage puppet agent + deps
-#
-# @author Tim Meusel
-#
-class profiles::puppetagent {
- contain puppet
-
- # If this is an AIO setup, puppet uses a vendored ruby
- # we don't care about the value of the fact, we only want to know if it is present
- # msgpack will be used by the agent for connections to the server
- if fact('aio_agent_version') {
- package { 'msgpack':
- ensure => 'present',
- provider => 'puppet_gem',
- }
- }
-}
diff --git a/site/profiles/manifests/redis.pp b/site/profiles/manifests/redis.pp
new file mode 100644
index 00000000..54301057
--- /dev/null
+++ b/site/profiles/manifests/redis.pp
@@ -0,0 +1,22 @@
+#
+# @summary configures redis on different platforms
+#
+class profiles::redis {
+ if $facts['os']['name'] == 'Archlinux' {
+ fail('profiles::redis does not work on Archlinux, because puppet/redis does not support Archlinux')
+ }
+ # manage_repo pulls in the epel module, but that's broken on CentOS 8
+ # https://github.com/voxpupuli/puppet-epel/issues/108
+ elsif $facts['os']['family'] == 'RedHat' {
+ $params = { 'require' => Package['epel-release'], 'manage_repo' => false }
+ require profiles::centos
+ } elsif $facts['os']['family'] == 'Debian' {
+ $params = { 'redis_apt_repo' => true, 'manage_repo' => true }
+ } else {
+ $params = {}
+ }
+ class { 'redis':
+ * => $params,
+ }
+ contain redis
+}
diff --git a/site/profiles/metadata.json b/site/profiles/metadata.json
index dc93cd08..c70a0ff5 100644
--- a/site/profiles/metadata.json
+++ b/site/profiles/metadata.json
@@ -32,11 +32,11 @@
"dependencies": [
{
"name": "puppetlabs/stdlib",
- "version_requirement": ">= 8.1.0 < 9.0.0"
+ "version_requirement": ">= 9.2.0 < 10.0.0"
},
{
"name": "puppet/nginx",
- "version_requirement": ">= 4.2.0 < 5.0.0"
+ "version_requirement": ">= 4.2.0 < 6.0.0"
},
{
"name": "puppet/ferm",
@@ -44,7 +44,7 @@
},
{
"name": "saz/ssh",
- "version_requirement": ">= 10.0.0 < 11.0.0"
+ "version_requirement": ">= 10.0.0 < 12.0.0"
},
{
"name": "puppet/ssh_keygen",
@@ -52,11 +52,11 @@
},
{
"name": "puppet/r10k",
- "version_requirement": ">= 10.1.1 < 11.0.0"
+ "version_requirement": ">= 10.1.1 < 12.0.0"
},
{
"name": "puppet/grafana",
- "version_requirement": ">= 10.0.1 < 12.0.0"
+ "version_requirement": ">= 10.0.1 < 14.0.0"
},
{
"name": "puppet/letsencrypt",
@@ -76,15 +76,19 @@
},
{
"name": "puppet/systemd",
- "version_requirement": ">= 3.8.0 < 5.0.0"
+ "version_requirement": ">= 3.8.0 < 6.0.0"
},
{
"name": "puppetlabs/postgresql",
- "version_requirement": ">= 8.0.0 < 10.0.0"
+ "version_requirement": ">= 8.0.0 < 14.0.0"
+ },
+ {
+ "name": "puppetlabs/puppetdb",
+ "version_requirement": ">= 7.13.0 < 8.0.0"
},
{
"name": "puppet/prometheus",
- "version_requirement": ">= 12.3.0 < 13.0.0"
+ "version_requirement": ">= 12.3.0 < 14.0.0"
},
{
"name": "puppet/borg",
@@ -94,6 +98,14 @@
"name": "theforeman/puppet",
"version_requirement": ">= 20.0.0 < 21.0.0"
},
+ {
+ "name": "theforeman/foreman",
+ "version_requirement": ">= 23.0.0 < 24.0.0"
+ },
+ {
+ "name": "theforeman/foreman_proxy",
+ "version_requirement": ">= 25.0.0 < 26.0.0"
+ },
{
"name": "puppet/extlib",
"version_requirement": ">= 7.2.0 < 8.0.0"
@@ -105,6 +117,10 @@
{
"name": "puppetlabs/docker",
"version_requirement": ">= 10.0.1 < 11.0.0"
+ },
+ {
+ "name": "puppet/redis",
+ "version_requirement": ">= 9.0.0 < 10.0.0"
}
]
}
diff --git a/site/profiles/spec/classes/puppetcode_spec.rb b/site/profiles/spec/classes/puppet_spec.rb
similarity index 93%
rename from site/profiles/spec/classes/puppetcode_spec.rb
rename to site/profiles/spec/classes/puppet_spec.rb
index 7dbb591e..eed470d5 100644
--- a/site/profiles/spec/classes/puppetcode_spec.rb
+++ b/site/profiles/spec/classes/puppet_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe 'profiles::puppetcode' do
+describe 'profiles::puppet' do
on_supported_os.each do |os, os_facts|
context "on #{os}" do
let :facts do
diff --git a/site/roles/manifests/voxpupuli.pp b/site/roles/manifests/voxpupuli.pp
index 180b1b4a..45564517 100644
--- a/site/roles/manifests/voxpupuli.pp
+++ b/site/roles/manifests/voxpupuli.pp
@@ -6,7 +6,5 @@
class roles::voxpupuli {
contain profiles::basics
contain profiles::ssh
- contain profiles::puppetagent
- Class['profiles::basics']
- -> Class['profiles::puppetagent']
+ contain profiles::puppet
}