diff --git a/manifests/agent/config.pp b/manifests/agent/config.pp index b67e5661..8f2bd9cf 100644 --- a/manifests/agent/config.pp +++ b/manifests/agent/config.pp @@ -2,67 +2,67 @@ # @api private class puppet::agent::config inherits puppet::config { puppet::config::agent{ - 'classfile': value => $::puppet::classfile; + 'classfile': value => $puppet::classfile; 'localconfig': value => '$vardir/localconfig'; 'default_schedules': value => false; - 'report': value => $::puppet::report; - 'masterport': value => $::puppet::port; - 'environment': value => $::puppet::environment; - 'splay': value => $::puppet::splay; - 'splaylimit': value => $::puppet::splaylimit; - 'runinterval': value => $::puppet::runinterval; - 'noop': value => $::puppet::agent_noop; - 'usecacheonfailure': value => $::puppet::usecacheonfailure; + 'report': value => $puppet::report; + 'masterport': value => $puppet::port; + 'environment': value => $puppet::environment; + 'splay': value => $puppet::splay; + 'splaylimit': value => $puppet::splaylimit; + 'runinterval': value => $puppet::runinterval; + 'noop': value => $puppet::agent_noop; + 'usecacheonfailure': value => $puppet::usecacheonfailure; } - if $::puppet::http_connect_timeout != undef { + if $puppet::http_connect_timeout != undef { puppet::config::agent { - 'http_connect_timeout': value => $::puppet::http_connect_timeout; + 'http_connect_timeout': value => $puppet::http_connect_timeout; } } - if $::puppet::http_read_timeout != undef { + if $puppet::http_read_timeout != undef { puppet::config::agent { - 'http_read_timeout': value => $::puppet::http_read_timeout; + 'http_read_timeout': value => $puppet::http_read_timeout; } } - if $::puppet::prerun_command { + if $puppet::prerun_command { puppet::config::agent { - 'prerun_command': value => $::puppet::prerun_command; + 'prerun_command': value => $puppet::prerun_command; } } - if $::puppet::postrun_command { + if $puppet::postrun_command { puppet::config::agent { - 'postrun_command': value => $::puppet::postrun_command; + 'postrun_command': value => $puppet::postrun_command; } } - unless $::puppet::pluginsync { + unless $puppet::pluginsync { if versioncmp($facts['puppetserver'], '6.0.0') >= 0 { fail('pluginsync is no longer a setting in Puppet 6') } else { puppet::config::agent { 'pluginsync': - value => $::puppet::pluginsync, + value => $puppet::pluginsync, } } } - $::puppet::agent_additional_settings.each |$key,$value| { + $puppet::agent_additional_settings.each |$key,$value| { puppet::config::agent { $key: value => $value } } - if $::puppet::runmode == 'service' { + if $puppet::runmode == 'service' { $should_start = 'yes' } else { $should_start = 'no' } - if $::osfamily == 'Debian' { + if $facts['os']['family'] == 'Debian' { augeas {'puppet::set_start': context => '/files/etc/default/puppet', changes => "set START ${should_start}", incl => '/etc/default/puppet', lens => 'Shellvars.lns', } - if $::puppet::remove_lock { + if $puppet::remove_lock { file {'/var/lib/puppet/state/agent_disabled.lock': ensure => absent, } diff --git a/manifests/agent/install.pp b/manifests/agent/install.pp index e9e2cc6a..388db46e 100644 --- a/manifests/agent/install.pp +++ b/manifests/agent/install.pp @@ -1,11 +1,11 @@ # Install the puppet agent package # @api private class puppet::agent::install( - $manage_packages = $::puppet::manage_packages, - $package_name = $::puppet::client_package, - $package_version = $::puppet::version, - $package_provider = $::puppet::package_provider, - $package_source = $::puppet::package_source, + $manage_packages = $puppet::manage_packages, + $package_name = $puppet::client_package, + $package_version = $puppet::version, + $package_provider = $puppet::package_provider, + $package_source = $puppet::package_source, ) { if $manage_packages == true or $manage_packages == 'agent' { package { $package_name: diff --git a/manifests/agent/service.pp b/manifests/agent/service.pp index 3d0de2a6..c254481d 100644 --- a/manifests/agent/service.pp +++ b/manifests/agent/service.pp @@ -2,7 +2,7 @@ # @api private class puppet::agent::service { - case $::puppet::runmode { + case $puppet::runmode { 'service': { $service_enabled = true $cron_enabled = false @@ -28,7 +28,7 @@ } } - if $::puppet::runmode in $::puppet::unavailable_runmodes { + if $puppet::runmode in $puppet::unavailable_runmodes { fail("Runmode of ${puppet::runmode} not supported on ${::kernel} operating systems!") } @@ -39,15 +39,15 @@ class { 'puppet::agent::service::systemd': enabled => $systemd_enabled, - hour => $::puppet::run_hour, - minute => $::puppet::run_minute, + hour => $puppet::run_hour, + minute => $puppet::run_minute, } contain puppet::agent::service::systemd class { 'puppet::agent::service::cron': enabled => $cron_enabled, - hour => $::puppet::run_hour, - minute => $::puppet::run_minute, + hour => $puppet::run_hour, + minute => $puppet::run_minute, } contain puppet::agent::service::cron } diff --git a/manifests/agent/service/cron.pp b/manifests/agent/service/cron.pp index a9b58197..21164819 100644 --- a/manifests/agent/service/cron.pp +++ b/manifests/agent/service/cron.pp @@ -5,10 +5,10 @@ Optional[Integer[0,23]] $hour = undef, Optional[Integer[0,59]] $minute = undef, ) { - unless $::puppet::runmode == 'unmanaged' or 'cron' in $::puppet::unavailable_runmodes { + unless $puppet::runmode == 'unmanaged' or 'cron' in $puppet::unavailable_runmodes { if $enabled { - $command = pick($::puppet::cron_cmd, "${::puppet::puppet_cmd} agent --config ${::puppet::dir}/puppet.conf --onetime --no-daemonize") - $times = extlib::ip_to_cron($::puppet::runinterval) + $command = pick($puppet::cron_cmd, "${puppet::puppet_cmd} agent --config ${puppet::dir}/puppet.conf --onetime --no-daemonize") + $times = extlib::ip_to_cron($puppet::runinterval) $_hour = pick($hour, $times[0]) $_minute = pick($minute, $times[1]) diff --git a/manifests/agent/service/daemon.pp b/manifests/agent/service/daemon.pp index abcf5c2c..d5d7841c 100644 --- a/manifests/agent/service/daemon.pp +++ b/manifests/agent/service/daemon.pp @@ -3,7 +3,7 @@ class puppet::agent::service::daemon ( Boolean $enabled = false, ) { - unless $::puppet::runmode == 'unmanaged' or 'service' in $::puppet::unavailable_runmodes { + unless $puppet::runmode == 'unmanaged' or 'service' in $puppet::unavailable_runmodes { if $enabled { service {'puppet': ensure => running, diff --git a/manifests/config.pp b/manifests/config.pp index 9f39c1d5..e55c2e93 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -1,32 +1,32 @@ # Set up the puppet config # @api private class puppet::config( - $allow_any_crl_auth = $::puppet::allow_any_crl_auth, - $auth_allowed = $::puppet::auth_allowed, - $auth_template = $::puppet::auth_template, - $ca_server = $::puppet::ca_server, - $ca_port = $::puppet::ca_port, - $dns_alt_names = $::puppet::dns_alt_names, - $module_repository = $::puppet::module_repository, - $pluginsource = $::puppet::pluginsource, - $pluginfactsource = $::puppet::pluginfactsource, - $puppet_dir = $::puppet::dir, - $puppetmaster = $::puppet::puppetmaster, - $syslogfacility = $::puppet::syslogfacility, - $srv_domain = $::puppet::srv_domain, - $use_srv_records = $::puppet::use_srv_records, - $additional_settings = $::puppet::additional_settings, - $client_certname = $::puppet::client_certname, + $allow_any_crl_auth = $puppet::allow_any_crl_auth, + $auth_allowed = $puppet::auth_allowed, + $auth_template = $puppet::auth_template, + $ca_server = $puppet::ca_server, + $ca_port = $puppet::ca_port, + $dns_alt_names = $puppet::dns_alt_names, + $module_repository = $puppet::module_repository, + $pluginsource = $puppet::pluginsource, + $pluginfactsource = $puppet::pluginfactsource, + $puppet_dir = $puppet::dir, + $puppetmaster = $puppet::puppetmaster, + $syslogfacility = $puppet::syslogfacility, + $srv_domain = $puppet::srv_domain, + $use_srv_records = $puppet::use_srv_records, + $additional_settings = $puppet::additional_settings, + $client_certname = $puppet::client_certname, ) { puppet::config::main{ - 'vardir': value => $::puppet::vardir; - 'logdir': value => $::puppet::logdir; - 'rundir': value => $::puppet::rundir; - 'ssldir': value => $::puppet::ssldir; + 'vardir': value => $puppet::vardir; + 'logdir': value => $puppet::logdir; + 'rundir': value => $puppet::rundir; + 'ssldir': value => $puppet::ssldir; 'privatekeydir': value => '$ssldir/private_keys { group = service }'; 'hostprivkey': value => '$privatekeydir/$certname.pem { mode = 640 }'; - 'show_diff': value => $::puppet::show_diff; - 'codedir': value => $::puppet::codedir; + 'show_diff': value => $puppet::show_diff; + 'codedir': value => $puppet::codedir; } if $module_repository and !empty($module_repository) { @@ -51,7 +51,7 @@ } } else { puppet::config::main { - 'server': value => pick($puppetmaster, $::fqdn); + 'server': value => pick($puppetmaster, $facts['networking']['fqdn']); } } if $pluginsource { @@ -75,10 +75,10 @@ file { $puppet_dir: ensure => directory, - owner => $::puppet::dir_owner, - group => $::puppet::dir_group, + owner => $puppet::dir_owner, + group => $puppet::dir_group, } - -> case $::osfamily { + -> case $facts['os']['family'] { 'Windows': { concat { "${puppet_dir}/puppet.conf": mode => '0674', @@ -89,7 +89,7 @@ default: { concat { "${puppet_dir}/puppet.conf": owner => 'root', - group => $::puppet::params::root_group, + group => $puppet::params::root_group, mode => '0644', ensure_newline => true, } diff --git a/manifests/config/entry.pp b/manifests/config/entry.pp index 315a788c..a9a1844d 100644 --- a/manifests/config/entry.pp +++ b/manifests/config/entry.pp @@ -29,7 +29,7 @@ # note the spaces at he end of the 'order' parameters, # they make sure that '1_main ' is ordered before '1_main_*' ensure_resource('concat::fragment', "puppet.conf_${section}", { - target => "${::puppet::dir}/puppet.conf", + target => "${puppet::dir}/puppet.conf", content => "\n[${section}]", order => "${sectionorder}_${section} ", }) @@ -38,13 +38,13 @@ # otherwise it just appends it with the joiner to separate it from the previous value. if (!defined(Concat::Fragment["puppet.conf_${section}_${key}"])){ concat::fragment{"puppet.conf_${section}_${key}": - target => "${::puppet::dir}/puppet.conf", + target => "${puppet::dir}/puppet.conf", content => " ${key} = ${_value}", order => "${sectionorder}_${section}_${key} ", } } else { concat::fragment{"puppet.conf_${section}_${key}_${name}": - target => "${::puppet::dir}/puppet.conf", + target => "${puppet::dir}/puppet.conf", content => "${joiner}${_value}", order => "${sectionorder}_${section}_${key}_${name} ", } diff --git a/manifests/init.pp b/manifests/init.pp index 049b0994..6cd3c719 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -704,13 +704,13 @@ Integer[0] $server_web_idle_timeout = $puppet::params::server_web_idle_timeout, Boolean $server_puppetserver_jruby9k = $puppet::params::server_puppetserver_jruby9k, Optional[Boolean] $server_puppetserver_metrics = $puppet::params::server_puppetserver_metrics, - Boolean $server_metrics_jmx_enable = $::puppet::params::server_metrics_jmx_enable, - Boolean $server_metrics_graphite_enable = $::puppet::params::server_metrics_graphite_enable, - String $server_metrics_graphite_host = $::puppet::params::server_metrics_graphite_host, - Integer $server_metrics_graphite_port = $::puppet::params::server_metrics_graphite_port, - String $server_metrics_server_id = $::puppet::params::server_metrics_server_id, - Integer $server_metrics_graphite_interval = $::puppet::params::server_metrics_graphite_interval, - Optional[Array] $server_metrics_allowed = $::puppet::params::server_metrics_allowed, + Boolean $server_metrics_jmx_enable = $puppet::params::server_metrics_jmx_enable, + Boolean $server_metrics_graphite_enable = $puppet::params::server_metrics_graphite_enable, + String $server_metrics_graphite_host = $puppet::params::server_metrics_graphite_host, + Integer $server_metrics_graphite_port = $puppet::params::server_metrics_graphite_port, + String $server_metrics_server_id = $puppet::params::server_metrics_server_id, + Integer $server_metrics_graphite_interval = $puppet::params::server_metrics_graphite_interval, + Optional[Array] $server_metrics_allowed = $puppet::params::server_metrics_allowed, Boolean $server_puppetserver_experimental = $puppet::params::server_puppetserver_experimental, Array[String] $server_puppetserver_trusted_agents = $puppet::params::server_puppetserver_trusted_agents, Optional[Enum['off', 'jit', 'force']] $server_compile_mode = $puppet::params::server_compile_mode, diff --git a/manifests/params.pp b/manifests/params.pp index 24112475..ea4895fe 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -36,7 +36,7 @@ $use_srv_records = false if defined('$::domain') { - $srv_domain = $::domain + $srv_domain = $facts['networking']['domain'] } else { $srv_domain = undef } @@ -49,11 +49,11 @@ $syslogfacility = undef $environment = $::environment - $aio_package = ($::osfamily == 'Windows' or $::rubysitedir =~ /\/opt\/puppetlabs\/puppet/) + $aio_package = ($facts['os']['family'] == 'Windows' or $facts['ruby']['sitedir'] =~ /\/opt\/puppetlabs\/puppet/) $systemd_randomizeddelaysec = 0 - case $::osfamily { + case $facts['os']['family'] { 'Windows' : { # Windows prefixes normal paths with the Data Directory's path and leaves 'puppet' off the end $dir_prefix = 'C:/ProgramData/PuppetLabs/puppet' @@ -88,8 +88,8 @@ $server_puppetserver_vardir = '/var/puppet/server/data/puppetserver' $server_puppetserver_rundir = '/var/run/puppetserver' $server_puppetserver_logdir = '/var/log/puppetserver' - $ruby_gem_dir = regsubst($::rubyversion, '^(\d+\.\d+).*$', '/usr/local/lib/ruby/gems/\1/gems') - $server_ruby_load_paths = [$::rubysitedir, "${ruby_gem_dir}/facter-${::facterversion}/lib"] + $ruby_gem_dir = regsubst($facts['ruby']['version'], '^(\d+\.\d+).*$', '/usr/local/lib/ruby/gems/\1/gems') + $server_ruby_load_paths = [$facts['ruby']['sitedir'], "${ruby_gem_dir}/facter-${::facterversion}/lib"] $server_jruby_gem_home = '/var/puppet/server/data/puppetserver/jruby-gems' } @@ -129,7 +129,7 @@ $server_jruby_gem_home = '/opt/puppetlabs/server/data/puppetserver/jruby-gems' } else { $dir = '/etc/puppet' - $codedir = $::osfamily ? { + $codedir = $facts['os']['family'] ? { 'Debian' => '/etc/puppet/code', default => '/etc/puppet', } @@ -164,10 +164,10 @@ $manage_packages = true - if $::osfamily == 'Windows' { + if $facts['os']['family'] == 'Windows' { $dir_owner = undef $dir_group = undef - } elsif $aio_package or $::osfamily == 'Suse' { + } elsif $aio_package or $facts['os']['family'] == 'Suse' { $dir_owner = 'root' $dir_group = $root_group } else { @@ -175,7 +175,7 @@ $dir_group = $group } - $package_provider = $::osfamily ? { + $package_provider = $facts['os']['family'] ? { 'windows' => 'chocolatey', default => undef, } @@ -274,7 +274,7 @@ $puppet_major = regsubst($::puppetversion, '^(\d+)\..*$', '\1') - if ($::osfamily =~ /(FreeBSD|DragonFly)/ and versioncmp($puppet_major, '5') >= 0) { + if ($facts['os']['family'] =~ /(FreeBSD|DragonFly)/ and versioncmp($puppet_major, '5') >= 0) { $server_package = "puppetserver${puppet_major}" } else { $server_package = undef @@ -285,7 +285,7 @@ if $aio_package { $client_package = ['puppet-agent'] - } elsif ($::osfamily =~ /(FreeBSD|DragonFly)/) { + } elsif ($facts['os']['family'] =~ /(FreeBSD|DragonFly)/) { $client_package = ["puppet${puppet_major}"] } else { $client_package = ['puppet'] @@ -298,7 +298,7 @@ $systemd_unit_name = 'puppet-run' # Mechanisms to manage and reload/restart the agent # If supported on the OS, reloading is prefered since it does not kill a currently active puppet run - case $::osfamily { + case $facts['os']['family'] { 'Debian' : { $agent_restart_command = "/usr/sbin/service ${service_name} reload" $unavailable_runmodes = [] @@ -308,13 +308,12 @@ # it reports its $osreleasemajor as 2, not 6. # thats why we're matching for '2' in both parts # Amazon Linux is like RHEL6 but reports its osreleasemajor as 2017 or 2018. - $osreleasemajor = regsubst($::operatingsystemrelease, '^(\d+)\..*$', '\1') # workaround for the possibly missing operatingsystemmajrelease - $agent_restart_command = $osreleasemajor ? { + $agent_restart_command = $facts['os']['release']['major'] ? { /^(2|5|6|2017|2018)$/ => "/sbin/service ${service_name} reload", '7' => "/usr/bin/systemctl reload-or-restart ${service_name}", default => undef, } - $unavailable_runmodes = $osreleasemajor ? { + $unavailable_runmodes = $facts['os']['release']['major'] ? { /^(2|5|6|2017|2018)$/ => ['systemd.timer'], default => [], } @@ -334,7 +333,7 @@ } # Foreman parameters - $lower_fqdn = downcase($::fqdn) + $lower_fqdn = downcase($facts['networking']['fqdn']) $server_foreman = true $server_foreman_facts = true $server_puppet_basedir = $aio_package ? { @@ -353,7 +352,7 @@ $server_environment_timeout = undef # puppet server configuration file - $server_jvm_config = $::osfamily ? { + $server_jvm_config = $facts['os']['family'] ? { 'RedHat' => '/etc/sysconfig/puppetserver', 'Debian' => '/etc/default/puppetserver', default => '/etc/default/puppetserver', @@ -365,15 +364,11 @@ # This is some very trivial "tuning". See the puppet reference: # https://docs.puppet.com/puppetserver/latest/tuning_guide.html - if ($::memorysize_mb =~ String) { - $mem_in_mb = scanf($::memorysize_mb, '%i')[0] - } else { - $mem_in_mb = 0 + $::memorysize_mb - } + $mem_in_mb = $facts['memory']['system']['total_bytes'] / 1024 / 1024 if $mem_in_mb >= 3072 { $server_jvm_min_heap_size = '2G' $server_jvm_max_heap_size = '2G' - $server_max_active_instances = min(abs($::processorcount), 4) + $server_max_active_instances = min(abs($facts['processors']['count']), 4) } elsif $mem_in_mb >= 1024 { $server_max_active_instances = 1 $server_jvm_min_heap_size = '1G' diff --git a/manifests/server.pp b/manifests/server.pp index 0093c4e5..95132a88 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -60,7 +60,7 @@ # # $external_nodes:: External nodes classifier executable # -# $server_trusted_external_command:: The external trusted facts script to use. +# $trusted_external_command:: The external trusted facts script to use. # (Puppet >= 6.11 only). # # $git_repo:: Use git repository as a source of modules @@ -120,6 +120,9 @@ # $parser:: Sets the parser to use. Valid options are 'current' or 'future'. # Defaults to 'current'. # +# $max_open_files:: Increase the max open files limit for Puppetserver. +# +# # === Advanced server parameters: # # $codedir:: Override the puppet code directory. @@ -342,126 +345,126 @@ # a static_file_content API request for the contents of a file resource that # has a source attribute with a puppet:/// URI value. class puppet::server( - Variant[Boolean, Stdlib::Absolutepath] $autosign = $::puppet::autosign, - Array[String] $autosign_entries = $::puppet::autosign_entries, - Pattern[/^[0-9]{3,4}$/] $autosign_mode = $::puppet::autosign_mode, - Optional[String] $autosign_content = $::puppet::autosign_content, - Optional[String] $autosign_source = $::puppet::autosign_source, - String $hiera_config = $::puppet::hiera_config, - Array[String] $admin_api_whitelist = $::puppet::server_admin_api_whitelist, - Boolean $manage_user = $::puppet::server_manage_user, - String $user = $::puppet::server_user, - String $group = $::puppet::server_group, - String $dir = $::puppet::server_dir, - Stdlib::Absolutepath $codedir = $::puppet::codedir, - Integer $port = $::puppet::server_port, - String $ip = $::puppet::server_ip, - Boolean $ca = $::puppet::server_ca, - Optional[String] $ca_crl_filepath = $::puppet::ca_crl_filepath, - Boolean $ca_crl_sync = $::puppet::server_ca_crl_sync, - Optional[Boolean] $crl_enable = $::puppet::server_crl_enable, - Boolean $ca_auth_required = $::puppet::server_ca_auth_required, - Boolean $ca_client_self_delete = $::puppet::server_ca_client_self_delete, - Array[String] $ca_client_whitelist = $::puppet::server_ca_client_whitelist, - Optional[Puppet::Custom_trusted_oid_mapping] $custom_trusted_oid_mapping = $::puppet::server_custom_trusted_oid_mapping, - Boolean $http = $::puppet::server_http, - Integer $http_port = $::puppet::server_http_port, - String $reports = $::puppet::server_reports, - Stdlib::Absolutepath $puppetserver_vardir = $::puppet::server_puppetserver_vardir, - Optional[Stdlib::Absolutepath] $puppetserver_rundir = $::puppet::server_puppetserver_rundir, - Optional[Stdlib::Absolutepath] $puppetserver_logdir = $::puppet::server_puppetserver_logdir, - Stdlib::Absolutepath $puppetserver_dir = $::puppet::server_puppetserver_dir, - Optional[Pattern[/^[\d]\.[\d]+\.[\d]+$/]] $puppetserver_version = $::puppet::server_puppetserver_version, - Variant[Undef, String[0], Stdlib::Absolutepath] $external_nodes = $::puppet::server_external_nodes, - Optional[Stdlib::Absolutepath] $trusted_external_command = $::puppet::server_trusted_external_command, - Array[String] $cipher_suites = $::puppet::server_cipher_suites, - Optional[String] $config_version = $::puppet::server_config_version, - Integer[0] $connect_timeout = $::puppet::server_connect_timeout, + Variant[Boolean, Stdlib::Absolutepath] $autosign = $puppet::autosign, + Array[String] $autosign_entries = $puppet::autosign_entries, + Pattern[/^[0-9]{3,4}$/] $autosign_mode = $puppet::autosign_mode, + Optional[String] $autosign_content = $puppet::autosign_content, + Optional[String] $autosign_source = $puppet::autosign_source, + String $hiera_config = $puppet::hiera_config, + Array[String] $admin_api_whitelist = $puppet::server_admin_api_whitelist, + Boolean $manage_user = $puppet::server_manage_user, + String $user = $puppet::server_user, + String $group = $puppet::server_group, + String $dir = $puppet::server_dir, + Stdlib::Absolutepath $codedir = $puppet::codedir, + Integer $port = $puppet::server_port, + String $ip = $puppet::server_ip, + Boolean $ca = $puppet::server_ca, + Optional[String] $ca_crl_filepath = $puppet::ca_crl_filepath, + Boolean $ca_crl_sync = $puppet::server_ca_crl_sync, + Optional[Boolean] $crl_enable = $puppet::server_crl_enable, + Boolean $ca_auth_required = $puppet::server_ca_auth_required, + Boolean $ca_client_self_delete = $puppet::server_ca_client_self_delete, + Array[String] $ca_client_whitelist = $puppet::server_ca_client_whitelist, + Optional[Puppet::Custom_trusted_oid_mapping] $custom_trusted_oid_mapping = $puppet::server_custom_trusted_oid_mapping, + Boolean $http = $puppet::server_http, + Integer $http_port = $puppet::server_http_port, + String $reports = $puppet::server_reports, + Stdlib::Absolutepath $puppetserver_vardir = $puppet::server_puppetserver_vardir, + Optional[Stdlib::Absolutepath] $puppetserver_rundir = $puppet::server_puppetserver_rundir, + Optional[Stdlib::Absolutepath] $puppetserver_logdir = $puppet::server_puppetserver_logdir, + Stdlib::Absolutepath $puppetserver_dir = $puppet::server_puppetserver_dir, + Optional[Pattern[/^[\d]\.[\d]+\.[\d]+$/]] $puppetserver_version = $puppet::server_puppetserver_version, + Variant[Undef, String[0], Stdlib::Absolutepath] $external_nodes = $puppet::server_external_nodes, + Optional[Stdlib::Absolutepath] $trusted_external_command = $puppet::server_trusted_external_command, + Array[String] $cipher_suites = $puppet::server_cipher_suites, + Optional[String] $config_version = $puppet::server_config_version, + Integer[0] $connect_timeout = $puppet::server_connect_timeout, Integer[0] $web_idle_timeout = $puppet::server_web_idle_timeout, - Boolean $git_repo = $::puppet::server_git_repo, - Boolean $default_manifest = $::puppet::server_default_manifest, - Stdlib::Absolutepath $default_manifest_path = $::puppet::server_default_manifest_path, - String $default_manifest_content = $::puppet::server_default_manifest_content, - String $environments_owner = $::puppet::server_environments_owner, - Optional[String] $environments_group = $::puppet::server_environments_group, - Pattern[/^[0-9]{3,4}$/] $environments_mode = $::puppet::server_environments_mode, - Stdlib::Absolutepath $envs_dir = $::puppet::server_envs_dir, - Optional[Stdlib::Absolutepath] $envs_target = $::puppet::server_envs_target, - Variant[Undef, String[0], Array[Stdlib::Absolutepath]] $common_modules_path = $::puppet::server_common_modules_path, - Pattern[/^[0-9]{3,4}$/] $git_repo_mode = $::puppet::server_git_repo_mode, - Stdlib::Absolutepath $git_repo_path = $::puppet::server_git_repo_path, - String $git_repo_group = $::puppet::server_git_repo_group, - String $git_repo_user = $::puppet::server_git_repo_user, - Hash[String, String] $git_branch_map = $::puppet::server_git_branch_map, - Integer[0] $idle_timeout = $::puppet::server_idle_timeout, - String $post_hook_content = $::puppet::server_post_hook_content, - String $post_hook_name = $::puppet::server_post_hook_name, - Variant[Undef, Boolean, Enum['active_record', 'puppetdb']] $storeconfigs_backend = $::puppet::server_storeconfigs_backend, - Array[Stdlib::Absolutepath] $ruby_load_paths = $::puppet::server_ruby_load_paths, - Stdlib::Absolutepath $ssl_dir = $::puppet::server_ssl_dir, - Boolean $ssl_dir_manage = $::puppet::server_ssl_dir_manage, - Boolean $ssl_key_manage = $::puppet::server_ssl_key_manage, - Array[String] $ssl_protocols = $::puppet::server_ssl_protocols, - Optional[Stdlib::Absolutepath] $ssl_chain_filepath = $::puppet::server_ssl_chain_filepath, - Optional[Variant[String, Array[String]]] $package = $::puppet::server_package, - Optional[String] $version = $::puppet::server_version, - String $certname = $::puppet::server_certname, - Enum['v2'] $enc_api = $::puppet::server_enc_api, - Enum['v2'] $report_api = $::puppet::server_report_api, - Integer[0] $request_timeout = $::puppet::server_request_timeout, - Boolean $strict_variables = $::puppet::server_strict_variables, - Hash[String, Data] $additional_settings = $::puppet::server_additional_settings, - Boolean $foreman = $::puppet::server_foreman, - Stdlib::HTTPUrl $foreman_url = $::puppet::server_foreman_url, - Optional[Stdlib::Absolutepath] $foreman_ssl_ca = $::puppet::server_foreman_ssl_ca, - Optional[Stdlib::Absolutepath] $foreman_ssl_cert = $::puppet::server_foreman_ssl_cert, - Optional[Stdlib::Absolutepath] $foreman_ssl_key = $::puppet::server_foreman_ssl_key, - Boolean $server_foreman_facts = $::puppet::server_foreman_facts, - Optional[Stdlib::Absolutepath] $puppet_basedir = $::puppet::server_puppet_basedir, - Optional[String] $puppetdb_host = $::puppet::server_puppetdb_host, - Integer[0, 65535] $puppetdb_port = $::puppet::server_puppetdb_port, - Boolean $puppetdb_swf = $::puppet::server_puppetdb_swf, - Enum['current', 'future'] $parser = $::puppet::server_parser, - Variant[Undef, Enum['unlimited'], Pattern[/^\d+[smhdy]?$/]] $environment_timeout = $::puppet::server_environment_timeout, - String $jvm_java_bin = $::puppet::server_jvm_java_bin, - String $jvm_config = $::puppet::server_jvm_config, - Pattern[/^[0-9]+[kKmMgG]$/] $jvm_min_heap_size = $::puppet::server_jvm_min_heap_size, - Pattern[/^[0-9]+[kKmMgG]$/] $jvm_max_heap_size = $::puppet::server_jvm_max_heap_size, - Optional[Variant[String,Array[String]]] $jvm_extra_args = $::puppet::server_jvm_extra_args, - Optional[String] $jvm_cli_args = $::puppet::server_jvm_cli_args, - Optional[Stdlib::Absolutepath] $jruby_gem_home = $::puppet::server_jruby_gem_home, - Integer[1] $max_active_instances = $::puppet::server_max_active_instances, - Integer[0] $max_requests_per_instance = $::puppet::server_max_requests_per_instance, + Boolean $git_repo = $puppet::server_git_repo, + Boolean $default_manifest = $puppet::server_default_manifest, + Stdlib::Absolutepath $default_manifest_path = $puppet::server_default_manifest_path, + String $default_manifest_content = $puppet::server_default_manifest_content, + String $environments_owner = $puppet::server_environments_owner, + Optional[String] $environments_group = $puppet::server_environments_group, + Pattern[/^[0-9]{3,4}$/] $environments_mode = $puppet::server_environments_mode, + Stdlib::Absolutepath $envs_dir = $puppet::server_envs_dir, + Optional[Stdlib::Absolutepath] $envs_target = $puppet::server_envs_target, + Variant[Undef, String[0], Array[Stdlib::Absolutepath]] $common_modules_path = $puppet::server_common_modules_path, + Pattern[/^[0-9]{3,4}$/] $git_repo_mode = $puppet::server_git_repo_mode, + Stdlib::Absolutepath $git_repo_path = $puppet::server_git_repo_path, + String $git_repo_group = $puppet::server_git_repo_group, + String $git_repo_user = $puppet::server_git_repo_user, + Hash[String, String] $git_branch_map = $puppet::server_git_branch_map, + Integer[0] $idle_timeout = $puppet::server_idle_timeout, + String $post_hook_content = $puppet::server_post_hook_content, + String $post_hook_name = $puppet::server_post_hook_name, + Variant[Undef, Boolean, Enum['active_record', 'puppetdb']] $storeconfigs_backend = $puppet::server_storeconfigs_backend, + Array[Stdlib::Absolutepath] $ruby_load_paths = $puppet::server_ruby_load_paths, + Stdlib::Absolutepath $ssl_dir = $puppet::server_ssl_dir, + Boolean $ssl_dir_manage = $puppet::server_ssl_dir_manage, + Boolean $ssl_key_manage = $puppet::server_ssl_key_manage, + Array[String] $ssl_protocols = $puppet::server_ssl_protocols, + Optional[Stdlib::Absolutepath] $ssl_chain_filepath = $puppet::server_ssl_chain_filepath, + Optional[Variant[String, Array[String]]] $package = $puppet::server_package, + Optional[String] $version = $puppet::server_version, + String $certname = $puppet::server_certname, + Enum['v2'] $enc_api = $puppet::server_enc_api, + Enum['v2'] $report_api = $puppet::server_report_api, + Integer[0] $request_timeout = $puppet::server_request_timeout, + Boolean $strict_variables = $puppet::server_strict_variables, + Hash[String, Data] $additional_settings = $puppet::server_additional_settings, + Boolean $foreman = $puppet::server_foreman, + Stdlib::HTTPUrl $foreman_url = $puppet::server_foreman_url, + Optional[Stdlib::Absolutepath] $foreman_ssl_ca = $puppet::server_foreman_ssl_ca, + Optional[Stdlib::Absolutepath] $foreman_ssl_cert = $puppet::server_foreman_ssl_cert, + Optional[Stdlib::Absolutepath] $foreman_ssl_key = $puppet::server_foreman_ssl_key, + Boolean $server_foreman_facts = $puppet::server_foreman_facts, + Optional[Stdlib::Absolutepath] $puppet_basedir = $puppet::server_puppet_basedir, + Optional[String] $puppetdb_host = $puppet::server_puppetdb_host, + Integer[0, 65535] $puppetdb_port = $puppet::server_puppetdb_port, + Boolean $puppetdb_swf = $puppet::server_puppetdb_swf, + Enum['current', 'future'] $parser = $puppet::server_parser, + Variant[Undef, Enum['unlimited'], Pattern[/^\d+[smhdy]?$/]] $environment_timeout = $puppet::server_environment_timeout, + String $jvm_java_bin = $puppet::server_jvm_java_bin, + String $jvm_config = $puppet::server_jvm_config, + Pattern[/^[0-9]+[kKmMgG]$/] $jvm_min_heap_size = $puppet::server_jvm_min_heap_size, + Pattern[/^[0-9]+[kKmMgG]$/] $jvm_max_heap_size = $puppet::server_jvm_max_heap_size, + Optional[Variant[String,Array[String]]] $jvm_extra_args = $puppet::server_jvm_extra_args, + Optional[String] $jvm_cli_args = $puppet::server_jvm_cli_args, + Optional[Stdlib::Absolutepath] $jruby_gem_home = $puppet::server_jruby_gem_home, + Integer[1] $max_active_instances = $puppet::server_max_active_instances, + Integer[0] $max_requests_per_instance = $puppet::server_max_requests_per_instance, Integer[0] $max_queued_requests = $puppet::server_max_queued_requests, Integer[0] $max_retry_delay = $puppet::server_max_retry_delay, Boolean $multithreaded = $puppet::server_multithreaded, - Boolean $use_legacy_auth_conf = $::puppet::server_use_legacy_auth_conf, - Boolean $check_for_updates = $::puppet::server_check_for_updates, - Boolean $environment_class_cache_enabled = $::puppet::server_environment_class_cache_enabled, - Boolean $allow_header_cert_info = $::puppet::server_allow_header_cert_info, - Boolean $puppetserver_jruby9k = $::puppet::server_puppetserver_jruby9k, - Optional[Boolean] $puppetserver_metrics = $::puppet::server_puppetserver_metrics, - Boolean $metrics_jmx_enable = $::puppet::server_metrics_jmx_enable, - Boolean $metrics_graphite_enable = $::puppet::server_metrics_graphite_enable, - String $metrics_graphite_host = $::puppet::server_metrics_graphite_host, - Integer $metrics_graphite_port = $::puppet::server_metrics_graphite_port, - String $metrics_server_id = $::puppet::server_metrics_server_id, - Integer $metrics_graphite_interval = $::puppet::server_metrics_graphite_interval, - Variant[Undef, Array] $metrics_allowed = $::puppet::server_metrics_allowed, - Boolean $puppetserver_experimental = $::puppet::server_puppetserver_experimental, - Array[String] $puppetserver_trusted_agents = $::puppet::server_puppetserver_trusted_agents, - Optional[Enum['off', 'jit', 'force']] $compile_mode = $::puppet::server_compile_mode, - Optional[Integer[1]] $selector_threads = $::puppet::server_selector_threads, - Optional[Integer[1]] $acceptor_threads = $::puppet::server_acceptor_threads, - Optional[Integer[1]] $ssl_selector_threads = $::puppet::server_ssl_selector_threads, - Optional[Integer[1]] $ssl_acceptor_threads = $::puppet::server_ssl_acceptor_threads, - Optional[Integer[1]] $max_threads = $::puppet::server_max_threads, - Boolean $ca_allow_sans = $::puppet::server_ca_allow_sans, - Boolean $ca_allow_auth_extensions = $::puppet::server_ca_allow_auth_extensions, - Boolean $ca_enable_infra_crl = $::puppet::server_ca_enable_infra_crl, - Optional[Integer[1]] $max_open_files = $::puppet::server_max_open_files, - Optional[Stdlib::Absolutepath] $versioned_code_id = $::puppet::server_versioned_code_id, - Optional[Stdlib::Absolutepath] $versioned_code_content = $::puppet::server_versioned_code_content, + Boolean $use_legacy_auth_conf = $puppet::server_use_legacy_auth_conf, + Boolean $check_for_updates = $puppet::server_check_for_updates, + Boolean $environment_class_cache_enabled = $puppet::server_environment_class_cache_enabled, + Boolean $allow_header_cert_info = $puppet::server_allow_header_cert_info, + Boolean $puppetserver_jruby9k = $puppet::server_puppetserver_jruby9k, + Optional[Boolean] $puppetserver_metrics = $puppet::server_puppetserver_metrics, + Boolean $metrics_jmx_enable = $puppet::server_metrics_jmx_enable, + Boolean $metrics_graphite_enable = $puppet::server_metrics_graphite_enable, + String $metrics_graphite_host = $puppet::server_metrics_graphite_host, + Integer $metrics_graphite_port = $puppet::server_metrics_graphite_port, + String $metrics_server_id = $puppet::server_metrics_server_id, + Integer $metrics_graphite_interval = $puppet::server_metrics_graphite_interval, + Variant[Undef, Array] $metrics_allowed = $puppet::server_metrics_allowed, + Boolean $puppetserver_experimental = $puppet::server_puppetserver_experimental, + Array[String] $puppetserver_trusted_agents = $puppet::server_puppetserver_trusted_agents, + Optional[Enum['off', 'jit', 'force']] $compile_mode = $puppet::server_compile_mode, + Optional[Integer[1]] $selector_threads = $puppet::server_selector_threads, + Optional[Integer[1]] $acceptor_threads = $puppet::server_acceptor_threads, + Optional[Integer[1]] $ssl_selector_threads = $puppet::server_ssl_selector_threads, + Optional[Integer[1]] $ssl_acceptor_threads = $puppet::server_ssl_acceptor_threads, + Optional[Integer[1]] $max_threads = $puppet::server_max_threads, + Boolean $ca_allow_sans = $puppet::server_ca_allow_sans, + Boolean $ca_allow_auth_extensions = $puppet::server_ca_allow_auth_extensions, + Boolean $ca_enable_infra_crl = $puppet::server_ca_enable_infra_crl, + Optional[Integer[1]] $max_open_files = $puppet::server_max_open_files, + Optional[Stdlib::Absolutepath] $versioned_code_id = $puppet::server_versioned_code_id, + Optional[Stdlib::Absolutepath] $versioned_code_content = $puppet::server_versioned_code_content, ) { if $ca { $ssl_ca_cert = "${ssl_dir}/ca/ca_crt.pem" diff --git a/manifests/server/config.pp b/manifests/server/config.pp index 7d827574..399b6cf9 100644 --- a/manifests/server/config.pp +++ b/manifests/server/config.pp @@ -2,19 +2,19 @@ # @api private class puppet::server::config inherits puppet::config { contain 'puppet::server::puppetserver' - unless empty($::puppet::server::puppetserver_vardir) { + unless empty($puppet::server::puppetserver_vardir) { puppet::config::master { - 'vardir': value => $::puppet::server::puppetserver_vardir; + 'vardir': value => $puppet::server::puppetserver_vardir; } } - unless empty($::puppet::server::puppetserver_rundir) { + unless empty($puppet::server::puppetserver_rundir) { puppet::config::master { - 'rundir': value => $::puppet::server::puppetserver_rundir; + 'rundir': value => $puppet::server::puppetserver_rundir; } } - unless empty($::puppet::server::puppetserver_logdir) { + unless empty($puppet::server::puppetserver_logdir) { puppet::config::master { - 'logdir': value => $::puppet::server::puppetserver_logdir; + 'logdir': value => $puppet::server::puppetserver_logdir; } } @@ -31,15 +31,15 @@ } ## General configuration - $ca_server = $::puppet::ca_server - $ca_port = $::puppet::ca_port - $server_storeconfigs_backend = $::puppet::server::storeconfigs_backend - $server_external_nodes = $::puppet::server::external_nodes - $server_environment_timeout = $::puppet::server::environment_timeout - $trusted_external_command = $::puppet::server::trusted_external_command + $ca_server = $puppet::ca_server + $ca_port = $puppet::ca_port + $server_storeconfigs_backend = $puppet::server::storeconfigs_backend + $server_external_nodes = $puppet::server::external_nodes + $server_environment_timeout = $puppet::server::environment_timeout + $trusted_external_command = $puppet::server::trusted_external_command if $server_external_nodes and $server_external_nodes != '' { - class{ '::puppet::server::enc': + class{ 'puppet::server::enc': enc_path => $server_external_nodes, } } @@ -53,18 +53,18 @@ } } - $autosign = ($::puppet::server::autosign =~ Boolean)? { - true => $::puppet::server::autosign, - false => "${::puppet::server::autosign} { mode = ${::puppet::server::autosign_mode} }" + $autosign = ($puppet::server::autosign =~ Boolean)? { + true => $puppet::server::autosign, + false => "${puppet::server::autosign} { mode = ${puppet::server::autosign_mode} }" } puppet::config::main { - 'reports': value => $::puppet::server::reports; + 'reports': value => $puppet::server::reports; 'environmentpath': value => $puppet::server::envs_dir; } - if $::puppet::server::hiera_config and !empty($::puppet::server::hiera_config){ + if $puppet::server::hiera_config and !empty($puppet::server::hiera_config){ puppet::config::main { - 'hiera_config': value => $::puppet::server::hiera_config; + 'hiera_config': value => $puppet::server::hiera_config; } } if $puppet::server::common_modules_path and !empty($puppet::server::common_modules_path) { @@ -80,15 +80,15 @@ puppet::config::master { 'autosign': value => $autosign; - 'ca': value => $::puppet::server::ca; - 'certname': value => $::puppet::server::certname; - 'parser': value => $::puppet::server::parser; - 'strict_variables': value => $::puppet::server::strict_variables; + 'ca': value => $puppet::server::ca; + 'certname': value => $puppet::server::certname; + 'parser': value => $puppet::server::parser; + 'strict_variables': value => $puppet::server::strict_variables; } - if $::puppet::server::ssl_dir_manage { + if $puppet::server::ssl_dir_manage { puppet::config::master { - 'ssldir': value => $::puppet::server::ssl_dir; + 'ssldir': value => $puppet::server::ssl_dir; } } if $server_environment_timeout { @@ -103,14 +103,14 @@ } } - $::puppet::server_additional_settings.each |$key,$value| { + $puppet::server_additional_settings.each |$key,$value| { puppet::config::master { $key: value => $value } } file { "${puppet::vardir}/reports": ensure => directory, - owner => $::puppet::server::user, - group => $::puppet::server::group, + owner => $puppet::server::user, + group => $puppet::server::group, mode => '0750', } @@ -124,18 +124,18 @@ ## SSL and CA configuration # Open read permissions to private keys to puppet group for foreman, proxy etc. - file { "${::puppet::server::ssl_dir}/private_keys": + file { "${puppet::server::ssl_dir}/private_keys": ensure => directory, - owner => $::puppet::server::user, - group => $::puppet::server::group, + owner => $puppet::server::user, + group => $puppet::server::group, mode => '0750', require => Exec['puppet_server_config-create_ssl_dir'], } if $puppet::server::ssl_key_manage { - file { "${::puppet::server::ssl_dir}/private_keys/${::puppet::server::certname}.pem": - owner => $::puppet::server::user, - group => $::puppet::server::group, + file { "${puppet::server::ssl_dir}/private_keys/${puppet::server::certname}.pem": + owner => $puppet::server::user, + group => $puppet::server::group, mode => '0640', } } @@ -144,10 +144,10 @@ $_custom_trusted_oid_mapping = { oid_mapping => $puppet::server::custom_trusted_oid_mapping, } - file { "${::puppet::dir}/custom_trusted_oid_mapping.yaml": + file { "${puppet::dir}/custom_trusted_oid_mapping.yaml": ensure => file, owner => 'root', - group => $::puppet::params::root_group, + group => $puppet::params::root_group, mode => '0644', content => to_yaml($_custom_trusted_oid_mapping), } @@ -156,35 +156,35 @@ # If the ssl dir is not the default dir, it needs to be created before running # the generate ca cert or it will fail. exec {'puppet_server_config-create_ssl_dir': - creates => $::puppet::server::ssl_dir, - command => "/bin/mkdir -p ${::puppet::server::ssl_dir}", + creates => $puppet::server::ssl_dir, + command => "/bin/mkdir -p ${puppet::server::ssl_dir}", umask => '0022', } # Generate a new CA and host cert if our host cert doesn't exist - if $::puppet::server::ca { + if $puppet::server::ca { if versioncmp($::puppetversion, '6.0') > 0 { - $command = "${::puppet::puppetserver_cmd} ca setup" + $command = "${puppet::puppetserver_cmd} ca setup" } else { - $command = "${::puppet::puppet_cmd} cert --generate ${::puppet::server::certname} --allow-dns-alt-names" + $command = "${puppet::puppet_cmd} cert --generate ${puppet::server::certname} --allow-dns-alt-names" } exec {'puppet_server_config-generate_ca_cert': - creates => $::puppet::server::ssl_cert, + creates => $puppet::server::ssl_cert, command => $command, umask => '0022', require => [ - Concat["${::puppet::server::dir}/puppet.conf"], + Concat["${puppet::server::dir}/puppet.conf"], Exec['puppet_server_config-create_ssl_dir'], ], } - } elsif $::puppet::server::ca_crl_sync { + } elsif $puppet::server::ca_crl_sync { # If not a ca AND sync the crl from the ca master if defined('$::servername') { - file { $::puppet::server::ssl_ca_crl: + file { $puppet::server::ssl_ca_crl: ensure => file, - owner => $::puppet::server::user, - group => $::puppet::server::group, + owner => $puppet::server::user, + group => $puppet::server::group, mode => '0644', content => file($::settings::cacrl, $::settings::hostcrl, '/dev/null'), } @@ -192,63 +192,63 @@ } # autosign file - if $::puppet::server_ca and !($puppet::server::autosign =~ Boolean) { - if $::puppet::server::autosign_content or $::puppet::server::autosign_source { - if !empty($::puppet::server::autosign_entries) { + if $puppet::server_ca and !($puppet::server::autosign =~ Boolean) { + if $puppet::server::autosign_content or $puppet::server::autosign_source { + if !empty($puppet::server::autosign_entries) { fail('Cannot set both autosign_content/autosign_source and autosign_entries') } - $autosign_content = $::puppet::server::autosign_content - } elsif !empty($::puppet::server::autosign_entries) { + $autosign_content = $puppet::server::autosign_content + } elsif !empty($puppet::server::autosign_entries) { $autosign_content = template('puppet/server/autosign.conf.erb') } else { $autosign_content = undef } - file { $::puppet::server::autosign: + file { $puppet::server::autosign: ensure => file, - owner => $::puppet::server::user, - group => $::puppet::server::group, - mode => $::puppet::server::autosign_mode, + owner => $puppet::server::user, + group => $puppet::server::group, + mode => $puppet::server::autosign_mode, content => $autosign_content, - source => $::puppet::server::autosign_source, + source => $puppet::server::autosign_source, } } # only manage this file if we provide content - if $::puppet::server::default_manifest and $::puppet::server::default_manifest_content != '' { - file { $::puppet::server::default_manifest_path: + if $puppet::server::default_manifest and $puppet::server::default_manifest_content != '' { + file { $puppet::server::default_manifest_path: ensure => file, owner => $puppet::user, group => $puppet::group, mode => '0644', - content => $::puppet::server::default_manifest_content, + content => $puppet::server::default_manifest_content, } } ## Environments # location where our puppet environments are located - if $::puppet::server::envs_target and $::puppet::server::envs_target != '' { + if $puppet::server::envs_target and $puppet::server::envs_target != '' { $ensure = 'link' } else { $ensure = 'directory' } - file { $::puppet::server::envs_dir: + file { $puppet::server::envs_dir: ensure => $ensure, - owner => $::puppet::server::environments_owner, - group => $::puppet::server::environments_group, - mode => $::puppet::server::environments_mode, - target => $::puppet::server::envs_target, + owner => $puppet::server::environments_owner, + group => $puppet::server::environments_group, + mode => $puppet::server::environments_mode, + target => $puppet::server::envs_target, force => true, } - if $::puppet::server::git_repo { - include ::git + if $puppet::server::git_repo { + include git - if $::puppet::server::manage_user { - Class['git'] -> User[$::puppet::server::user] + if $puppet::server::manage_user { + Class['git'] -> User[$puppet::server::user] } - file { $::puppet::vardir: + file { $puppet::vardir: ensure => directory, owner => 'root', group => 'root', @@ -256,20 +256,20 @@ git::repo { 'puppet_repo': bare => true, - target => $::puppet::server::git_repo_path, - mode => $::puppet::server::git_repo_mode, - user => $::puppet::server::git_repo_user, - group => $::puppet::server::git_repo_group, - require => File[$::puppet::vardir, $::puppet::server::envs_dir], + target => $puppet::server::git_repo_path, + mode => $puppet::server::git_repo_mode, + user => $puppet::server::git_repo_user, + group => $puppet::server::git_repo_group, + require => File[$puppet::vardir, $puppet::server::envs_dir], } - $git_branch_map = $::puppet::server::git_branch_map + $git_branch_map = $puppet::server::git_branch_map # git post hook to auto generate an environment per branch - file { "${::puppet::server::git_repo_path}/hooks/${::puppet::server::post_hook_name}": - content => template($::puppet::server::post_hook_content), - owner => $::puppet::server::git_repo_user, - group => $::puppet::server::git_repo_group, - mode => $::puppet::server::git_repo_mode, + file { "${puppet::server::git_repo_path}/hooks/${puppet::server::post_hook_name}": + content => template($puppet::server::post_hook_content), + owner => $puppet::server::git_repo_user, + group => $puppet::server::git_repo_group, + mode => $puppet::server::git_repo_mode, require => Git::Repo['puppet_repo'], } } @@ -278,41 +278,41 @@ ensure => directory, } - if $::puppet::server::common_modules_path and !empty($::puppet::server::common_modules_path) { - file { $::puppet::server::common_modules_path: + if $puppet::server::common_modules_path and !empty($puppet::server::common_modules_path) { + file { $puppet::server::common_modules_path: ensure => directory, - owner => $::puppet::server_environments_owner, - group => $::puppet::server_environments_group, - mode => $::puppet::server_environments_mode, + owner => $puppet::server_environments_owner, + group => $puppet::server_environments_group, + mode => $puppet::server_environments_mode, } } ## Foreman - if $::puppet::server::foreman { + if $puppet::server::foreman { # Include foreman components for the puppetmaster # ENC script, reporting script etc. class { 'foreman::puppetmaster': - foreman_url => $::puppet::server::foreman_url, - receive_facts => $::puppet::server::server_foreman_facts, - puppet_home => $::puppet::server::puppetserver_vardir, - puppet_basedir => $::puppet::server::puppet_basedir, + foreman_url => $puppet::server::foreman_url, + receive_facts => $puppet::server::server_foreman_facts, + puppet_home => $puppet::server::puppetserver_vardir, + puppet_basedir => $puppet::server::puppet_basedir, puppet_etcdir => $puppet::dir, - enc_api => $::puppet::server::enc_api, - report_api => $::puppet::server::report_api, - timeout => $::puppet::server::request_timeout, - ssl_ca => pick($::puppet::server::foreman_ssl_ca, $::puppet::server::ssl_ca_cert), - ssl_cert => pick($::puppet::server::foreman_ssl_cert, $::puppet::server::ssl_cert), - ssl_key => pick($::puppet::server::foreman_ssl_key, $::puppet::server::ssl_cert_key), + enc_api => $puppet::server::enc_api, + report_api => $puppet::server::report_api, + timeout => $puppet::server::request_timeout, + ssl_ca => pick($puppet::server::foreman_ssl_ca, $puppet::server::ssl_ca_cert), + ssl_cert => pick($puppet::server::foreman_ssl_cert, $puppet::server::ssl_cert), + ssl_key => pick($puppet::server::foreman_ssl_key, $puppet::server::ssl_cert_key), } contain foreman::puppetmaster } ## PuppetDB - if $::puppet::server::puppetdb_host { - class { '::puppetdb::master::config': - puppetdb_server => $::puppet::server::puppetdb_host, - puppetdb_port => $::puppet::server::puppetdb_port, - puppetdb_soft_write_failure => $::puppet::server::puppetdb_swf, + if $puppet::server::puppetdb_host { + class { 'puppetdb::master::config': + puppetdb_server => $puppet::server::puppetdb_host, + puppetdb_port => $puppet::server::puppetdb_port, + puppetdb_soft_write_failure => $puppet::server::puppetdb_swf, manage_storeconfigs => false, restart_puppet => false, } diff --git a/manifests/server/enc.pp b/manifests/server/enc.pp index 872f0bb2..89918488 100644 --- a/manifests/server/enc.pp +++ b/manifests/server/enc.pp @@ -1,7 +1,7 @@ # Set up the ENC config # @api private class puppet::server::enc( - $enc_path = $::puppet::server::external_nodes + $enc_path = $puppet::server::external_nodes ) { puppet::config::master { 'external_nodes': value => $enc_path; diff --git a/manifests/server/install.pp b/manifests/server/install.pp index 18e3222f..d82a68aa 100644 --- a/manifests/server/install.pp +++ b/manifests/server/install.pp @@ -11,30 +11,30 @@ Class['puppet::server::install'] -> Class['foreman::config'] } - if $::puppet::server::manage_user { - $shell = $::puppet::server::git_repo ? { - true => $::osfamily ? { + if $puppet::server::manage_user { + $shell = $puppet::server::git_repo ? { + true => $facts['os']['family'] ? { /^(FreeBSD|DragonFly)$/ => '/usr/local/bin/git-shell', default => '/usr/bin/git-shell' }, default => undef, } - user { $::puppet::server::user: + user { $puppet::server::user: shell => $shell, } } - if $::puppet::manage_packages == true or $::puppet::manage_packages == 'server' { - $server_package = pick($::puppet::server::package, 'puppetserver') - $server_version = pick($::puppet::server::version, $::puppet::version) + if $puppet::manage_packages == true or $puppet::manage_packages == 'server' { + $server_package = pick($puppet::server::package, 'puppetserver') + $server_version = pick($puppet::server::version, $puppet::version) package { $server_package: ensure => $server_version, } - if $::puppet::server::manage_user { - Package[$server_package] -> User[$::puppet::server::user] + if $puppet::server::manage_user { + Package[$server_package] -> User[$puppet::server::user] } } } diff --git a/manifests/server/puppetserver.pp b/manifests/server/puppetserver.pp index be746388..f92138c0 100644 --- a/manifests/server/puppetserver.pp +++ b/manifests/server/puppetserver.pp @@ -67,86 +67,86 @@ # } # class puppet::server::puppetserver ( - $config = $::puppet::server::jvm_config, - $java_bin = $::puppet::server::jvm_java_bin, - $jvm_extra_args = $::puppet::server::real_jvm_extra_args, - $jvm_cli_args = $::puppet::server::jvm_cli_args, - $jvm_min_heap_size = $::puppet::server::jvm_min_heap_size, - $jvm_max_heap_size = $::puppet::server::jvm_max_heap_size, - $server_puppetserver_dir = $::puppet::server::puppetserver_dir, - $server_puppetserver_vardir = $::puppet::server::puppetserver_vardir, - $server_puppetserver_rundir = $::puppet::server::puppetserver_rundir, - $server_puppetserver_logdir = $::puppet::server::puppetserver_logdir, - $server_jruby_gem_home = $::puppet::server::jruby_gem_home, - $server_ruby_load_paths = $::puppet::server::ruby_load_paths, - $server_cipher_suites = $::puppet::server::cipher_suites, - $server_max_active_instances = $::puppet::server::max_active_instances, - $server_max_requests_per_instance = $::puppet::server::max_requests_per_instance, - $server_max_queued_requests = $::puppet::server::max_queued_requests, - $server_max_retry_delay = $::puppet::server::max_retry_delay, - $server_multithreaded = $::puppet::server::multithreaded, - $server_ssl_protocols = $::puppet::server::ssl_protocols, - $server_ssl_ca_crl = $::puppet::server::ssl_ca_crl, - $server_ssl_ca_cert = $::puppet::server::ssl_ca_cert, - $server_ssl_cert = $::puppet::server::ssl_cert, - $server_ssl_cert_key = $::puppet::server::ssl_cert_key, - $server_ssl_chain = $::puppet::server::ssl_chain, - $server_crl_enable = $::puppet::server::crl_enable_real, - $server_ip = $::puppet::server::ip, - $server_port = $::puppet::server::port, - $server_http = $::puppet::server::http, - $server_http_port = $::puppet::server::http_port, - $server_ca = $::puppet::server::ca, - $server_dir = $::puppet::server::dir, - $codedir = $::puppet::server::codedir, - $server_idle_timeout = $::puppet::server::idle_timeout, - $server_web_idle_timeout = $::puppet::server::web_idle_timeout, - $server_connect_timeout = $::puppet::server::connect_timeout, - $server_ca_auth_required = $::puppet::server::ca_auth_required, - $server_ca_client_self_delete = $::puppet::server::ca_client_self_delete, - $server_ca_client_whitelist = $::puppet::server::ca_client_whitelist, - $server_admin_api_whitelist = $::puppet::server::admin_api_whitelist, - $server_puppetserver_version = $::puppet::server::real_puppetserver_version, - $server_use_legacy_auth_conf = $::puppet::server::use_legacy_auth_conf, - $server_check_for_updates = $::puppet::server::check_for_updates, - $server_environment_class_cache_enabled = $::puppet::server::environment_class_cache_enabled, - $server_jruby9k = $::puppet::server::puppetserver_jruby9k, - $server_metrics = $::puppet::server::real_puppetserver_metrics, - $metrics_jmx_enable = $::puppet::server::metrics_jmx_enable, - $metrics_graphite_enable = $::puppet::server::metrics_graphite_enable, - $metrics_graphite_host = $::puppet::server::metrics_graphite_host, - $metrics_graphite_port = $::puppet::server::metrics_graphite_port, - $metrics_server_id = $::puppet::server::metrics_server_id, - $metrics_graphite_interval = $::puppet::server::metrics_graphite_interval, - $metrics_allowed = $::puppet::server::metrics_allowed, - $server_experimental = $::puppet::server::puppetserver_experimental, - $server_trusted_agents = $::puppet::server::puppetserver_trusted_agents, - $allow_header_cert_info = $::puppet::server::allow_header_cert_info, - $compile_mode = $::puppet::server::compile_mode, - $acceptor_threads = $::puppet::server::acceptor_threads, - $selector_threads = $::puppet::server::selector_threads, - $ssl_acceptor_threads = $::puppet::server::ssl_acceptor_threads, - $ssl_selector_threads = $::puppet::server::ssl_selector_threads, - $max_threads = $::puppet::server::max_threads, - $ca_allow_sans = $::puppet::server::ca_allow_sans, - $ca_allow_auth_extensions = $::puppet::server::ca_allow_auth_extensions, - $ca_enable_infra_crl = $::puppet::server::ca_enable_infra_crl, - $max_open_files = $::puppet::server::max_open_files, - $versioned_code_id = $::puppet::server::versioned_code_id, - $versioned_code_content = $::puppet::server::versioned_code_content, + $config = $puppet::server::jvm_config, + $java_bin = $puppet::server::jvm_java_bin, + $jvm_extra_args = $puppet::server::real_jvm_extra_args, + $jvm_cli_args = $puppet::server::jvm_cli_args, + $jvm_min_heap_size = $puppet::server::jvm_min_heap_size, + $jvm_max_heap_size = $puppet::server::jvm_max_heap_size, + $server_puppetserver_dir = $puppet::server::puppetserver_dir, + $server_puppetserver_vardir = $puppet::server::puppetserver_vardir, + $server_puppetserver_rundir = $puppet::server::puppetserver_rundir, + $server_puppetserver_logdir = $puppet::server::puppetserver_logdir, + $server_jruby_gem_home = $puppet::server::jruby_gem_home, + $server_ruby_load_paths = $puppet::server::ruby_load_paths, + $server_cipher_suites = $puppet::server::cipher_suites, + $server_max_active_instances = $puppet::server::max_active_instances, + $server_max_requests_per_instance = $puppet::server::max_requests_per_instance, + $server_max_queued_requests = $puppet::server::max_queued_requests, + $server_max_retry_delay = $puppet::server::max_retry_delay, + $server_multithreaded = $puppet::server::multithreaded, + $server_ssl_protocols = $puppet::server::ssl_protocols, + $server_ssl_ca_crl = $puppet::server::ssl_ca_crl, + $server_ssl_ca_cert = $puppet::server::ssl_ca_cert, + $server_ssl_cert = $puppet::server::ssl_cert, + $server_ssl_cert_key = $puppet::server::ssl_cert_key, + $server_ssl_chain = $puppet::server::ssl_chain, + $server_crl_enable = $puppet::server::crl_enable_real, + $server_ip = $puppet::server::ip, + $server_port = $puppet::server::port, + $server_http = $puppet::server::http, + $server_http_port = $puppet::server::http_port, + $server_ca = $puppet::server::ca, + $server_dir = $puppet::server::dir, + $codedir = $puppet::server::codedir, + $server_idle_timeout = $puppet::server::idle_timeout, + $server_web_idle_timeout = $puppet::server::web_idle_timeout, + $server_connect_timeout = $puppet::server::connect_timeout, + $server_ca_auth_required = $puppet::server::ca_auth_required, + $server_ca_client_self_delete = $puppet::server::ca_client_self_delete, + $server_ca_client_whitelist = $puppet::server::ca_client_whitelist, + $server_admin_api_whitelist = $puppet::server::admin_api_whitelist, + $server_puppetserver_version = $puppet::server::real_puppetserver_version, + $server_use_legacy_auth_conf = $puppet::server::use_legacy_auth_conf, + $server_check_for_updates = $puppet::server::check_for_updates, + $server_environment_class_cache_enabled = $puppet::server::environment_class_cache_enabled, + $server_jruby9k = $puppet::server::puppetserver_jruby9k, + $server_metrics = $puppet::server::real_puppetserver_metrics, + $metrics_jmx_enable = $puppet::server::metrics_jmx_enable, + $metrics_graphite_enable = $puppet::server::metrics_graphite_enable, + $metrics_graphite_host = $puppet::server::metrics_graphite_host, + $metrics_graphite_port = $puppet::server::metrics_graphite_port, + $metrics_server_id = $puppet::server::metrics_server_id, + $metrics_graphite_interval = $puppet::server::metrics_graphite_interval, + $metrics_allowed = $puppet::server::metrics_allowed, + $server_experimental = $puppet::server::puppetserver_experimental, + $server_trusted_agents = $puppet::server::puppetserver_trusted_agents, + $allow_header_cert_info = $puppet::server::allow_header_cert_info, + $compile_mode = $puppet::server::compile_mode, + $acceptor_threads = $puppet::server::acceptor_threads, + $selector_threads = $puppet::server::selector_threads, + $ssl_acceptor_threads = $puppet::server::ssl_acceptor_threads, + $ssl_selector_threads = $puppet::server::ssl_selector_threads, + $max_threads = $puppet::server::max_threads, + $ca_allow_sans = $puppet::server::ca_allow_sans, + $ca_allow_auth_extensions = $puppet::server::ca_allow_auth_extensions, + $ca_enable_infra_crl = $puppet::server::ca_enable_infra_crl, + $max_open_files = $puppet::server::max_open_files, + $versioned_code_id = $puppet::server::versioned_code_id, + $versioned_code_content = $puppet::server::versioned_code_content, ) { - include ::puppet::server + include puppet::server if versioncmp($server_puppetserver_version, '5.3.6') < 0 { fail('puppetserver <5.3.6 is not supported by this module version') } - $puppetserver_package = pick($::puppet::server::package, 'puppetserver') + $puppetserver_package = pick($puppet::server::package, 'puppetserver') $jvm_cmd_arr = ["-Xms${jvm_min_heap_size}", "-Xmx${jvm_max_heap_size}", $jvm_extra_args] $jvm_cmd = strip(join(flatten($jvm_cmd_arr), ' ')) - if $::osfamily == 'FreeBSD' { + if $facts['os']['family'] == 'FreeBSD' { $server_gem_paths = [ '${jruby-puppet.gem-home}', "\"${server_puppetserver_vardir}/vendored-jruby-gems\"", ] # lint:ignore:single_quote_string_with_variables augeas { 'puppet::server::puppetserver::jvm': context => '/files/etc/rc.conf', @@ -225,7 +225,7 @@ content => template('puppet/server/puppetserver/services.d/ca.cfg.erb'), } - unless $::osfamily == 'FreeBSD' { + unless $facts['os']['family'] == 'FreeBSD' { file { '/opt/puppetlabs/server/apps/puppetserver/config': ensure => directory, }