P:puppet: add puppet-04 on bookworm

Still need to implement data migration from 03 to 04, but these changes
should at least provision the Puppet services using the Debian provided
packages.

Author: supertassu

manifests/site.pp

@@ -42,6 +42,11 @@
   role('puppet')
 }
 
+# 2 CPU, 4 GB mem, Debian 12 Bookworm
+node 'puppet-04.ops.jquery.net' {
+  role('puppet')
+}
+
 # 2 CPU, 4 GB mem, Debian 11 Bullseye, 80 GB disk
 node 'swarm-02.ops.jquery.net' {
   role('testswarm')

modules/profile/files/puppet/server/puppet-merge.sh

@@ -1,4 +1,10 @@
 #!/bin/bash
 
 set -euo pipefail
-sudo -u gitpuppet g10k -config /etc/puppetlabs/g10k.yaml
+
+G10K_CONFIG_FILE=/etc/puppet/g10k.yaml
+if [ ! -f "$G10K_CONFIG_FILE" ]; then
+  G10K_CONFIG_FILE=/etc/puppetlabs/g10k.yaml
+fi
+
+sudo -u gitpuppet g10k -config "$G10K_CONFIG_FILE"

modules/profile/manifests/puppet/puppetdb.pp

@@ -13,17 +13,26 @@
     ensure => installed,
   }
 
-  $puppetservers = [$::facts['fqdn']]
+  $puppetservers = jqlib::resource_hosts('class', 'profile::puppet::server')
 
-  file { '/etc/puppetlabs/puppetdb/cert-allowlist':
+  $config_path = debian::codename() ? {
+    'bullseye' => '/etc/puppetlabs/puppetdb',
+    default    => '/etc/puppetdb',
+  }
+  $var_path = debian::codename() ? {
+    'bullseye' => '/opt/puppetlabs/server/data/puppetdb',
+    default    => '/var/lib/puppetdb',
+  }
+
+  file { "${config_path}/cert-allowlist":
     ensure  => file,
     mode    => '0444',
     content => "${puppetservers.join("\n")}\n",
     notify  => Service['puppetdb'],
   }
 
   ['config.ini', 'database.ini'].each |String $file| {
-    file { "/etc/puppetlabs/puppetdb/conf.d/${file}":
+    file { "${config_path}/conf.d/${file}":
       ensure    => file,
       mode      => '0440',
       group     => 'puppetdb',

modules/profile/manifests/puppet/server.pp

@@ -7,9 +7,44 @@
 ) {
   include profile::puppet::common
 
+  $termini_package = debian::codename() ? {
+    'bullseye' => 'puppetdb-termini',
+    default    => 'puppet-terminus-puppetdb',
+  }
+
+  $server_config_path = debian::codename() ? {
+    'bullseye' => '/etc/puppetlabs/puppetserver',
+    default    => '/etc/puppet/puppetserver',
+  }
+
+  $server_var_dir = debian::codename() ? {
+    'bullseye' => '/opt/puppetlabs/server/data/puppetserver',
+    default    => '/var/lib/puppetserver',
+  }
+
+  $server_run_dir = debian::codename() ? {
+    'bullseye' => '/var/run/puppetlabs/puppetserver',
+    default    => '/run/puppetserver',
+  }
+
+  $server_log_dir = debian::codename() ? {
+    'bullseye' => '/var/log/puppetlabs/puppetserver',
+    default    => '/var/log/puppetserver',
+  }
+
+  $code_path = debian::codename() ? {
+    'bullseye' => '/etc/puppetlabs/code',
+    default    => '/etc/puppet/code',
+  }
+
+  $g10k_config_path = debian::codename() ? {
+    'bullseye' => '/etc/puppetlabs/g10k.yaml',
+    default    => '/etc/puppet/g10k.yaml',
+  }
+
   package { [
     'puppetserver',
-    'puppetdb-termini',
+    $termini_package,
     'g10k',
 
     # for the htpasswd tool
@@ -23,11 +58,11 @@
   }
 
   exec { 'remove-old-code-dir':
-    command => '/usr/bin/mv /etc/puppetlabs/code /etc/puppetlabs/code-old',
-    creates => '/etc/puppetlabs/code-old',
+    command => "/usr/bin/mv ${code_path} ${code_path}-old",
+    creates => "${code_path}-old",
   }
 
-  file { '/etc/puppetlabs/code':
+  file { $code_path:
     ensure  => directory,
     owner   => 'gitpuppet',
     group   => 'gitpuppet',
@@ -41,10 +76,10 @@
     ensure => directory,
   }
 
-  $g10k_deploy_base_path = '/etc/puppetlabs/code/environments'
+  $g10k_deploy_base_path = "${code_path}/environments"
   $private_repo_dir = '/srv/git/puppet/private'
 
-  file { '/etc/puppetlabs/g10k.yaml':
+  file { $g10k_config_path:
     ensure  => file,
     content => template('profile/puppet/server/g10k.yaml.erb'),
     owner   => 'root',
@@ -54,11 +89,11 @@
   }
 
   exec { 'g10k':
-    command     => '/usr/bin/g10k -config /etc/puppetlabs/g10k.yaml',
+    command     => "/usr/bin/g10k -config ${g10k_config_path}",
     user        => 'gitpuppet',
     refreshonly => true,
     logoutput   => true,
-    require     => File['/etc/puppetlabs/code'],
+    require     => File[$code_path],
   }
 
   file { '/usr/local/bin/puppet-merge':
@@ -94,7 +129,10 @@
     require => Exec['git-init-puppet-private'],
   }
 
-  file { '/etc/puppetlabs/hieradata':
+  file { [
+    '/etc/puppetlabs/hieradata',
+    '/etc/puppet/hieradata'
+  ]:
     ensure  => absent,
     recurse => true,
     force   => true,
@@ -115,7 +153,7 @@
   Concat[$::profile::puppet::common::config_file] ~> Service['puppetserver']
 
   ['puppetserver.conf'].each |String $file| {
-    file { "/etc/puppetlabs/puppetserver/conf.d/${file}":
+    file { "${server_config_path}/conf.d/${file}":
       ensure  => file,
       mode    => '0440',
       group   => 'puppet',
@@ -124,14 +162,14 @@
     }
   }
 
-  file { '/etc/puppetlabs/puppet/routes.yaml':
+  file { "${profile::puppet::common::config_path}/routes.yaml":
     ensure  => file,
     mode    => '0444',
     content => template('profile/puppet/server/routes.yaml.erb'),
     notify  => Service['puppetserver'],
   }
 
-  file { '/etc/puppetlabs/puppet/puppetdb.conf':
+  file { "${profile::puppet::common::config_path}/puppetdb.conf":
     ensure  => file,
     mode    => '0444',
     content => template('profile/puppet/server/puppetdb.conf.erb'),
@@ -196,7 +234,6 @@
     mode   => '0550',
   }
 
-
   include profile::ssh::ca
 
   # Expose SSH keys so users can verify them

modules/profile/templates/puppet/puppetdb/config/config.ini.erb

@@ -1,13 +1,13 @@
 
 [global]
 # Store mq/db data in a custom directory
-vardir = /opt/puppetlabs/server/data/puppetdb
+vardir = <%= @var_path %>
 
 # Use an external logback config file
-logging-config = /etc/puppetlabs/puppetdb/logback.xml
+logging-config = <%= @config_path %>/logback.xml
 
 [puppetdb]
-certificate-allowlist = /etc/puppetlabs/puppetdb/cert-allowlist
+certificate-allowlist = <%= @config_path %>/cert-allowlist
 
 [command-processing]
 # How many command-processing threads to use, defaults to (CPUs / 2)

modules/profile/templates/puppet/server/default.erb

@@ -1,40 +1,24 @@
-###########################################
-# Init settings for puppetserver
-###########################################
-
-# Location of your Java binary (version 8)
 JAVA_BIN="/usr/bin/java"
 
 # Modify this if you'd like to change the memory allocation, enable JMX, etc
 JAVA_ARGS="-Xms<%= @java_memory %> -Xmx<%= @java_memory %> -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"
 
 # Modify this as you would JAVA_ARGS but for non-service related subcommands
 JAVA_ARGS_CLI="${JAVA_ARGS_CLI:-}"
-
-# Modify this if you'd like TrapperKeeper specific arguments
 TK_ARGS=""
 
-# These normally shouldn't need to be edited if using OS packages
 USER="puppet"
 GROUP="puppet"
+<%- if @server_config_path == '/etc/puppetlabs/puppetserver' -%>
 INSTALL_DIR="/opt/puppetlabs/server/apps/puppetserver"
 CONFIG="/etc/puppetlabs/puppetserver/conf.d"
-
-# Bootstrap path
 BOOTSTRAP_CONFIG="/etc/puppetlabs/puppetserver/services.d/,/opt/puppetlabs/server/apps/puppetserver/config/services.d/"
+<%- else -%>
+INSTALL_DIR="/usr/share/puppetserver"
+CONFIG="/etc/puppet/puppetserver/conf.d"
+BOOTSTRAP_CONFIG="/etc/puppet/puppetserver/services.d"
+<%- end -%>
 
-# SERVICE_STOP_RETRIES can be set here to alter the default stop timeout in
-# seconds.  For systemd, the shorter of this setting or 'TimeoutStopSec' in
-# the systemd.service definition will effectively be the timeout which is used.
 SERVICE_STOP_RETRIES=60
-
-# START_TIMEOUT can be set here to alter the default startup timeout in
-# seconds.  For systemd, the shorter of this setting or 'TimeoutStartSec'
-# in the service's systemd.service configuration file will effectively be the
-# timeout which is used.
 START_TIMEOUT=300
-
-
-# Maximum number of seconds that can expire for a service reload attempt before
-# the result of the attempt is interpreted as a failure.
 RELOAD_TIMEOUT=120

modules/profile/templates/puppet/server/puppet.conf.erb

@@ -1,9 +1,9 @@
 [server]
-vardir = /opt/puppetlabs/server/data/puppetserver
-logdir = /var/log/puppetlabs/puppetserver
-rundir = /var/run/puppetlabs/puppetserver
-pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
-codedir = /etc/puppetlabs/code
+vardir = <%= @server_var_dir %>
+logdir = <%= @server_log_dir %>
+rundir = <%= @server_run_dir %>
+pidfile = <%= @server_run_dir %>/puppetserver.pid
+codedir = <%= @code_path %>
 environment = <%= @environment %>
 
 [master]

test_data/private/files/tarsnap-keys/puppet-04.ops.jquery.net.key

@@ -0,0 +1 @@
+fake