diff --git a/manifests/agent/config.pp b/manifests/agent/config.pp index fff72ea5..ab8838d4 100644 --- a/manifests/agent/config.pp +++ b/manifests/agent/config.pp @@ -2,7 +2,6 @@ # @api private class puppet::agent::config inherits puppet::config { puppet::config::agent{ - 'classfile': value => $puppet::classfile; 'localconfig': value => '$vardir/localconfig'; 'default_schedules': value => false; 'report': value => $puppet::report; @@ -14,6 +13,11 @@ 'noop': value => $puppet::agent_noop; 'usecacheonfailure': value => $puppet::usecacheonfailure; } + if $puppet::classfile { + puppet::config::agent { + 'classfile': value => $puppet::classfile; + } + } if $puppet::http_connect_timeout != undef { puppet::config::agent { 'http_connect_timeout': value => $puppet::http_connect_timeout; diff --git a/manifests/init.pp b/manifests/init.pp index 3b242580..4150db37 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -111,10 +111,6 @@ # read after the elapsed interval then the # connection will be closed. # -# $user:: Override the name of the puppet user. -# -# $group:: Override the name of the puppet group. -# # $dir:: Override the puppet directory. # # $codedir:: Override the puppet code directory. @@ -557,9 +553,7 @@ # } # class puppet ( - String $version = $puppet::params::version, - String $user = $puppet::params::user, - String $group = $puppet::params::group, + String $version = 'present', Stdlib::Absolutepath $dir = $puppet::params::dir, Stdlib::Absolutepath $codedir = $puppet::params::codedir, Stdlib::Absolutepath $vardir = $puppet::params::vardir, @@ -567,169 +561,169 @@ Stdlib::Absolutepath $rundir = $puppet::params::rundir, Stdlib::Absolutepath $ssldir = $puppet::params::ssldir, Stdlib::Absolutepath $sharedir = $puppet::params::sharedir, - Variant[Boolean, Enum['server', 'agent']] $manage_packages = $puppet::params::manage_packages, + Variant[Boolean, Enum['server', 'agent']] $manage_packages = true, Optional[String] $dir_owner = $puppet::params::dir_owner, Optional[String] $dir_group = $puppet::params::dir_group, Optional[String] $package_provider = $puppet::params::package_provider, - Optional[Variant[String,Hash,Array]] $package_install_options = $puppet::params::package_install_options, - Optional[Variant[Stdlib::Absolutepath, Stdlib::HTTPUrl]] $package_source = $puppet::params::package_source, - Integer[0, 65535] $port = $puppet::params::port, - Boolean $splay = $puppet::params::splay, - Variant[Integer[0],Pattern[/^\d+[smhdy]?$/]] $splaylimit = $puppet::params::splaylimit, + Optional[Variant[String,Hash,Array]] $package_install_options = undef, + Optional[Variant[Stdlib::Absolutepath, Stdlib::HTTPUrl]] $package_source = undef, + Stdlib::Port $port = 8140, + Boolean $splay = false, + Variant[Integer[0],Pattern[/^\d+[smhdy]?$/]] $splaylimit = 1800, Variant[Boolean, Stdlib::Absolutepath] $autosign = $puppet::params::autosign, - Array[String] $autosign_entries = $puppet::params::autosign_entries, - Pattern[/^[0-9]{3,4}$/] $autosign_mode = $puppet::params::autosign_mode, - Optional[String] $autosign_content = $puppet::params::autosign_content, - Optional[String] $autosign_source = $puppet::params::autosign_source, - Variant[Integer[0],Pattern[/^\d+[smhdy]?$/]] $runinterval = $puppet::params::runinterval, - Boolean $usecacheonfailure = $puppet::params::usecacheonfailure, - Enum['cron', 'service', 'systemd.timer', 'none', 'unmanaged'] $runmode = $puppet::params::runmode, + Array[String] $autosign_entries = [], + Stdlib::Filemode $autosign_mode = '0664', + Optional[String] $autosign_content = undef, + Optional[String] $autosign_source = undef, + Variant[Integer[0],Pattern[/^\d+[smhdy]?$/]] $runinterval = 1800, + Boolean $usecacheonfailure = true, + Enum['cron', 'service', 'systemd.timer', 'none', 'unmanaged'] $runmode = 'service', Optional[Integer[0,23]] $run_hour = undef, Optional[Integer[0,59]] $run_minute = undef, Array[Enum['cron', 'service', 'systemd.timer', 'none']] $unavailable_runmodes = $puppet::params::unavailable_runmodes, - Optional[String] $cron_cmd = $puppet::params::cron_cmd, - Optional[String] $systemd_cmd = $puppet::params::systemd_cmd, - Integer[0] $systemd_randomizeddelaysec = $puppet::params::systemd_randomizeddelaysec, - Boolean $agent_noop = $puppet::params::agent_noop, - Boolean $show_diff = $puppet::params::show_diff, - Optional[Stdlib::HTTPUrl] $module_repository = $puppet::params::module_repository, - Optional[Integer[0]] $http_connect_timeout = $puppet::params::http_connect_timeout, - Optional[Integer[0]] $http_read_timeout = $puppet::params::http_read_timeout, - Optional[Variant[String, Boolean]] $ca_server = $puppet::params::ca_server, - Optional[Integer[0, 65535]] $ca_port = $puppet::params::ca_port, - Optional[String] $ca_crl_filepath = $puppet::params::ca_crl_filepath, - Optional[String] $prerun_command = $puppet::params::prerun_command, - Optional[String] $postrun_command = $puppet::params::postrun_command, - Array[String] $dns_alt_names = $puppet::params::dns_alt_names, - Boolean $use_srv_records = $puppet::params::use_srv_records, + Optional[String] $cron_cmd = undef, + Optional[String] $systemd_cmd = undef, + Integer[0] $systemd_randomizeddelaysec = 0, + Boolean $agent_noop = false, + Boolean $show_diff = false, + Optional[Stdlib::HTTPUrl] $module_repository = undef, + Optional[Integer[0]] $http_connect_timeout = undef, + Optional[Integer[0]] $http_read_timeout = undef, + Optional[Variant[String, Boolean]] $ca_server = undef, + Optional[Stdlib::Port] $ca_port = undef, + Optional[String] $ca_crl_filepath = undef, + Optional[String] $prerun_command = undef, + Optional[String] $postrun_command = undef, + Array[String] $dns_alt_names = [], + Boolean $use_srv_records = false, Optional[String] $srv_domain = $puppet::params::srv_domain, - String $pluginsource = $puppet::params::pluginsource, - String $pluginfactsource = $puppet::params::pluginfactsource, - Hash[String, Data] $additional_settings = $puppet::params::additional_settings, - Hash[String, Data] $agent_additional_settings = $puppet::params::agent_additional_settings, + Optional[String] $pluginsource = undef, + Optional[String] $pluginfactsource = undef, + Hash[String, Data] $additional_settings = {}, + Hash[String, Data] $agent_additional_settings = {}, Optional[String] $agent_restart_command = $puppet::params::agent_restart_command, - String $classfile = $puppet::params::classfile, - String $hiera_config = $puppet::params::hiera_config, - String $auth_template = $puppet::params::auth_template, - Boolean $allow_any_crl_auth = $puppet::params::allow_any_crl_auth, - Array[String] $auth_allowed = $puppet::params::auth_allowed, + Optional[String] $classfile = undef, + String $hiera_config = '$confdir/hiera.yaml', + String $auth_template = 'puppet/auth.conf.erb', + Boolean $allow_any_crl_auth = false, + Array[String] $auth_allowed = ['$1'], Variant[String, Array[String]] $client_package = $puppet::params::client_package, - Boolean $agent = $puppet::params::agent, - Boolean $report = $puppet::params::report, + Boolean $agent = true, + Boolean $report = true, Variant[String, Boolean] $client_certname = $puppet::params::client_certname, Optional[String] $puppetmaster = $puppet::params::puppetmaster, - String $systemd_unit_name = $puppet::params::systemd_unit_name, + String $systemd_unit_name = 'puppet-run', String $service_name = $puppet::params::service_name, - Optional[String] $syslogfacility = $puppet::params::syslogfacility, + Optional[String] $syslogfacility = undef, String $environment = $puppet::params::environment, - Boolean $server = $puppet::params::server, + Boolean $server = false, Array[String] $server_admin_api_whitelist = $puppet::params::server_admin_api_whitelist, - Boolean $server_manage_user = $puppet::params::manage_user, - String $server_user = $puppet::params::user, - String $server_group = $puppet::params::group, + Boolean $server_manage_user = true, + String $server_user = $puppet::params::server_user, + String $server_group = $puppet::params::server_group, String $server_dir = $puppet::params::dir, - String $server_ip = $puppet::params::ip, - Integer $server_port = $puppet::params::port, - Boolean $server_ca = $puppet::params::server_ca, - Boolean $server_ca_crl_sync = $puppet::params::server_ca_crl_sync, - Optional[Boolean] $server_crl_enable = $puppet::params::server_crl_enable, - Boolean $server_ca_auth_required = $puppet::params::server_ca_auth_required, - Boolean $server_ca_client_self_delete = $puppet::params::server_ca_client_self_delete, + String $server_ip = '0.0.0.0', + Stdlib::Port $server_port = 8140, + Boolean $server_ca = true, + Boolean $server_ca_crl_sync = false, + Optional[Boolean] $server_crl_enable = undef, + Boolean $server_ca_auth_required = true, + Boolean $server_ca_client_self_delete = false, Array[String] $server_ca_client_whitelist = $puppet::params::server_ca_client_whitelist, - Optional[Puppet::Custom_trusted_oid_mapping] $server_custom_trusted_oid_mapping = $puppet::params::server_custom_trusted_oid_mapping, - Boolean $server_http = $puppet::params::server_http, - Integer $server_http_port = $puppet::params::server_http_port, - String $server_reports = $puppet::params::server_reports, + Optional[Puppet::Custom_trusted_oid_mapping] $server_custom_trusted_oid_mapping = undef, + Boolean $server_http = false, + Stdlib::Port $server_http_port = 8139, + String $server_reports = 'foreman', Optional[Stdlib::Absolutepath] $server_puppetserver_dir = $puppet::params::server_puppetserver_dir, Optional[Stdlib::Absolutepath] $server_puppetserver_vardir = $puppet::params::server_puppetserver_vardir, Optional[Stdlib::Absolutepath] $server_puppetserver_rundir = $puppet::params::server_puppetserver_rundir, Optional[Stdlib::Absolutepath] $server_puppetserver_logdir = $puppet::params::server_puppetserver_logdir, - Optional[Pattern[/^[\d]\.[\d]+\.[\d]+$/]] $server_puppetserver_version = $puppet::params::server_puppetserver_version, + Optional[Pattern[/^[\d]\.[\d]+\.[\d]+$/]] $server_puppetserver_version = undef, Variant[Undef, String[0], Stdlib::Absolutepath] $server_external_nodes = $puppet::params::server_external_nodes, - Optional[Stdlib::Absolutepath] $server_trusted_external_command = $puppet::params::server_trusted_external_command, + Optional[Stdlib::Absolutepath] $server_trusted_external_command = undef, Array[String] $server_cipher_suites = $puppet::params::server_cipher_suites, - Integer[0] $server_connect_timeout = $puppet::params::server_connect_timeout, - Boolean $server_git_repo = $puppet::params::server_git_repo, - Boolean $server_default_manifest = $puppet::params::server_default_manifest, - Stdlib::Absolutepath $server_default_manifest_path = $puppet::params::server_default_manifest_path, - String $server_default_manifest_content = $puppet::params::server_default_manifest_content, + Integer[0] $server_connect_timeout = 120000, + Boolean $server_git_repo = false, + Boolean $server_default_manifest = false, + Stdlib::Absolutepath $server_default_manifest_path = '/etc/puppet/manifests/default_manifest.pp', + String $server_default_manifest_content = '', # lint:ignore:empty_string_assignment String $server_environments_owner = $puppet::params::server_environments_owner, Optional[String] $server_environments_group = $puppet::params::server_environments_group, - Pattern[/^[0-9]{3,4}$/] $server_environments_mode = $puppet::params::server_environments_mode, + Stdlib::Filemode $server_environments_mode = '0755', Array[Stdlib::Absolutepath, 1] $server_envs_dir = $puppet::params::server_envs_dir, - Optional[Stdlib::Absolutepath] $server_envs_target = $puppet::params::server_envs_target, + Optional[Stdlib::Absolutepath] $server_envs_target = undef, Variant[Undef, String[0], Array[Stdlib::Absolutepath]] $server_common_modules_path = $puppet::params::server_common_modules_path, - Pattern[/^[0-9]{3,4}$/] $server_git_repo_mode = $puppet::params::server_git_repo_mode, + Stdlib::Filemode $server_git_repo_mode = '0755', Stdlib::Absolutepath $server_git_repo_path = $puppet::params::server_git_repo_path, String $server_git_repo_group = $puppet::params::server_git_repo_group, String $server_git_repo_user = $puppet::params::server_git_repo_user, - Hash[String, String] $server_git_branch_map = $puppet::params::server_git_branch_map, - Integer[0] $server_idle_timeout = $puppet::params::server_idle_timeout, - String $server_post_hook_content = $puppet::params::server_post_hook_content, - String $server_post_hook_name = $puppet::params::server_post_hook_name, - Boolean $server_storeconfigs = $puppet::params::server_storeconfigs, + Hash[String, String] $server_git_branch_map = {}, + Integer[0] $server_idle_timeout = 1200000, + String $server_post_hook_content = 'puppet/server/post-receive.erb', + String $server_post_hook_name = 'post-receive', + Boolean $server_storeconfigs = false, Array[Stdlib::Absolutepath] $server_ruby_load_paths = $puppet::params::server_ruby_load_paths, Stdlib::Absolutepath $server_ssl_dir = $puppet::params::server_ssl_dir, - Boolean $server_ssl_dir_manage = $puppet::params::server_ssl_dir_manage, - Boolean $server_ssl_key_manage = $puppet::params::server_ssl_key_manage, - Array[String] $server_ssl_protocols = $puppet::params::server_ssl_protocols, - Optional[Stdlib::Absolutepath] $server_ssl_chain_filepath = $puppet::params::server_ssl_chain_filepath, - Optional[Variant[String, Array[String]]] $server_package = $puppet::params::server_package, - Optional[String] $server_version = $puppet::params::server_version, + Boolean $server_ssl_dir_manage = true, + Boolean $server_ssl_key_manage = true, + Array[String] $server_ssl_protocols = ['TLSv1.2'], + Optional[Stdlib::Absolutepath] $server_ssl_chain_filepath = undef, + Variant[String, Array[String]] $server_package = $puppet::params::server_package, + Optional[String] $server_version = undef, String $server_certname = $puppet::params::server_certname, - Integer[0] $server_request_timeout = $puppet::params::server_request_timeout, - Boolean $server_strict_variables = $puppet::params::server_strict_variables, - Hash[String, Data] $server_additional_settings = $puppet::params::server_additional_settings, - Boolean $server_foreman = $puppet::params::server_foreman, + Integer[0] $server_request_timeout = 60, + Boolean $server_strict_variables = false, + Hash[String, Data] $server_additional_settings = {}, + Boolean $server_foreman = true, Stdlib::HTTPUrl $server_foreman_url = $puppet::params::server_foreman_url, - Optional[Stdlib::Absolutepath] $server_foreman_ssl_ca = $puppet::params::server_foreman_ssl_ca, - Optional[Stdlib::Absolutepath] $server_foreman_ssl_cert = $puppet::params::server_foreman_ssl_cert, - Optional[Stdlib::Absolutepath] $server_foreman_ssl_key = $puppet::params::server_foreman_ssl_key, - Boolean $server_foreman_facts = $puppet::params::server_foreman_facts, + Optional[Stdlib::Absolutepath] $server_foreman_ssl_ca = undef, + Optional[Stdlib::Absolutepath] $server_foreman_ssl_cert = undef, + Optional[Stdlib::Absolutepath] $server_foreman_ssl_key = undef, + Boolean $server_foreman_facts = true, Optional[Stdlib::Absolutepath] $server_puppet_basedir = $puppet::params::server_puppet_basedir, - Enum['current', 'future'] $server_parser = $puppet::params::server_parser, - Variant[Undef, Enum['unlimited'], Pattern[/^\d+[smhdy]?$/]] $server_environment_timeout = $puppet::params::server_environment_timeout, - String $server_jvm_java_bin = $puppet::params::server_jvm_java_bin, + Enum['current', 'future'] $server_parser = 'current', + Variant[Undef, Enum['unlimited'], Pattern[/^\d+[smhdy]?$/]] $server_environment_timeout = undef, + String $server_jvm_java_bin = '/usr/bin/java', String $server_jvm_config = $puppet::params::server_jvm_config, Pattern[/^[0-9]+[kKmMgG]$/] $server_jvm_min_heap_size = $puppet::params::server_jvm_min_heap_size, Pattern[/^[0-9]+[kKmMgG]$/] $server_jvm_max_heap_size = $puppet::params::server_jvm_max_heap_size, - Optional[Variant[String,Array[String]]] $server_jvm_extra_args = $puppet::params::server_jvm_extra_args, - Optional[String] $server_jvm_cli_args = $puppet::params::server_jvm_cli_args, + Optional[Variant[String,Array[String]]] $server_jvm_extra_args = undef, + Optional[String] $server_jvm_cli_args = undef, Optional[Stdlib::Absolutepath] $server_jruby_gem_home = $puppet::params::server_jruby_gem_home, - Hash[String, String] $server_environment_vars = $puppet::params::server_environment_vars, + Hash[String, String] $server_environment_vars = {}, Integer[1] $server_max_active_instances = $puppet::params::server_max_active_instances, - Integer[0] $server_max_requests_per_instance = $puppet::params::server_max_requests_per_instance, - Integer[0] $server_max_queued_requests = $puppet::params::server_max_queued_requests, - Integer[0] $server_max_retry_delay = $puppet::params::server_max_retry_delay, - Boolean $server_multithreaded = $puppet::params::server_multithreaded, - Boolean $server_use_legacy_auth_conf = $puppet::params::server_use_legacy_auth_conf, - Boolean $server_check_for_updates = $puppet::params::server_check_for_updates, - Boolean $server_environment_class_cache_enabled = $puppet::params::server_environment_class_cache_enabled, - Boolean $server_allow_header_cert_info = $puppet::params::server_allow_header_cert_info, - Integer[0] $server_web_idle_timeout = $puppet::params::server_web_idle_timeout, + Integer[0] $server_max_requests_per_instance = 0, + Integer[0] $server_max_queued_requests = 0, + Integer[0] $server_max_retry_delay = 1800, + Boolean $server_multithreaded = false, + Boolean $server_use_legacy_auth_conf = false, + Boolean $server_check_for_updates = true, + Boolean $server_environment_class_cache_enabled = false, + Boolean $server_allow_header_cert_info = false, + Integer[0] $server_web_idle_timeout = 30000, Boolean $server_puppetserver_metrics = false, Boolean $server_puppetserver_profiler = false, - Boolean $server_metrics_jmx_enable = $puppet::params::server_metrics_jmx_enable, - Boolean $server_metrics_graphite_enable = $puppet::params::server_metrics_graphite_enable, - String $server_metrics_graphite_host = $puppet::params::server_metrics_graphite_host, - Integer $server_metrics_graphite_port = $puppet::params::server_metrics_graphite_port, + Boolean $server_metrics_jmx_enable = true, + Boolean $server_metrics_graphite_enable = false, + String $server_metrics_graphite_host = '127.0.0.1', + Stdlib::Port $server_metrics_graphite_port = 2003, String $server_metrics_server_id = $puppet::params::server_metrics_server_id, - Integer $server_metrics_graphite_interval = $puppet::params::server_metrics_graphite_interval, - Optional[Array] $server_metrics_allowed = $puppet::params::server_metrics_allowed, - Boolean $server_puppetserver_experimental = $puppet::params::server_puppetserver_experimental, - Optional[String[1]] $server_puppetserver_auth_template = $puppet::params::server_puppetserver_auth_template, - Array[String] $server_puppetserver_trusted_agents = $puppet::params::server_puppetserver_trusted_agents, - Array[Hash] $server_puppetserver_trusted_certificate_extensions = $puppet::params::server_puppetserver_trusted_certificate_extensions, - Optional[Enum['off', 'jit', 'force']] $server_compile_mode = $puppet::params::server_compile_mode, + Integer $server_metrics_graphite_interval = 5, + Optional[Array] $server_metrics_allowed = undef, + Boolean $server_puppetserver_experimental = true, + Optional[String[1]] $server_puppetserver_auth_template = undef, + Array[String] $server_puppetserver_trusted_agents = [], + Array[Hash] $server_puppetserver_trusted_certificate_extensions = [], + Optional[Enum['off', 'jit', 'force']] $server_compile_mode = undef, Optional[Integer[1]] $server_acceptor_threads = undef, Optional[Integer[1]] $server_selector_threads = undef, Optional[Integer[1]] $server_ssl_acceptor_threads = undef, Optional[Integer[1]] $server_ssl_selector_threads = undef, Optional[Integer[1]] $server_max_threads = undef, - Boolean $server_ca_allow_sans = $puppet::params::server_ca_allow_sans, - Boolean $server_ca_allow_auth_extensions = $puppet::params::server_ca_allow_auth_extensions, - Boolean $server_ca_enable_infra_crl = $puppet::params::server_ca_enable_infra_crl, - Optional[Integer[1]] $server_max_open_files = $puppet::params::server_max_open_files, + Boolean $server_ca_allow_sans = false, + Boolean $server_ca_allow_auth_extensions = false, + Boolean $server_ca_enable_infra_crl = false, + Optional[Integer[1]] $server_max_open_files = undef, Optional[Stdlib::Absolutepath] $server_versioned_code_id = undef, Optional[Stdlib::Absolutepath] $server_versioned_code_content = undef, ) inherits puppet::params { diff --git a/manifests/params.pp b/manifests/params.pp index 4eab6d50..79b2bca0 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -1,57 +1,12 @@ # Default parameters # @api private class puppet::params { - - # Basic config - $version = 'present' - $manage_user = true - $user = 'puppet' - $group = 'puppet' - $ip = '0.0.0.0' - $port = 8140 - $splay = false - $splaylimit = 1800 - $runinterval = 1800 - $runmode = 'service' - $report = true - - # Not defined here as the commands depend on module parameter "dir" - $cron_cmd = undef - $systemd_cmd = undef - - $agent_noop = false - $show_diff = false - $module_repository = undef - $hiera_config = '$confdir/hiera.yaml' - $usecacheonfailure = true - $ca_server = undef - $ca_port = undef - $ca_crl_filepath = undef - $server_crl_enable = undef - $prerun_command = undef - $postrun_command = undef - $server_compile_mode = undef - $dns_alt_names = [] - $use_srv_records = false - - if defined('$::domain') { - $srv_domain = $facts['networking']['domain'] - } else { - $srv_domain = undef - } - - # lint:ignore:puppet_url_without_modules - $pluginsource = 'puppet:///plugins' - $pluginfactsource = 'puppet:///pluginfacts' - # lint:endignore - $classfile = '$statedir/classes.txt' - $syslogfacility = undef - $environment = $::environment - + $server_user = 'puppet' + $server_group = 'puppet' + $srv_domain = fact('networking.domain') + $environment = $::environment # aio_agent_version is a core fact that's empty on non-AIO - $aio_package = fact('aio_agent_version') =~ String[1] - - $systemd_randomizeddelaysec = 0 + $aio_package = fact('aio_agent_version') =~ String[1] case $facts['os']['family'] { 'Windows' : { @@ -158,20 +113,11 @@ } } - $http_connect_timeout = undef - $http_read_timeout = undef - $autosign = "${dir}/autosign.conf" - $autosign_entries = [] - $autosign_mode = '0664' - $autosign_content = undef - $autosign_source = undef $puppet_cmd = "${bindir}/puppet" $puppetserver_cmd = "${bindir}/puppetserver" - $manage_packages = true - if $facts['os']['family'] == 'Windows' { $dir_owner = undef $dir_group = undef @@ -185,93 +131,43 @@ default => undef, } - $package_source = undef - $package_install_options = undef - - # Need your own config templates? Specify here: - $auth_template = 'puppet/auth.conf.erb' - - # Allow any to the CRL. Needed in case of puppet CA proxy - $allow_any_crl_auth = false - - # Authenticated nodes to allow - $auth_allowed = ['$1'] - - # Will this host be a puppet agent ? - $agent = true $client_certname = $::clientcert - if defined('$::puppetmaster') { $puppetmaster = $::puppetmaster } else { $puppetmaster = undef } - # Hashes containing additional settings - $additional_settings = {} - $agent_additional_settings = {} - $server_additional_settings = {} - # Will this host be a puppetmaster? - $server = false - $server_ca = true - $server_ca_crl_sync = false - $server_reports = 'foreman' $server_external_nodes = "${dir}/node.rb" - $server_trusted_external_command = undef - $server_request_timeout = 60 $server_certname = $::clientcert - $server_strict_variables = false - $server_http = false - $server_http_port = 8139 - - # Need a new master template for the server? - $server_template = 'puppet/server/puppet.conf.erb' - # Template for server settings in [main] - $server_main_template = 'puppet/server/puppet.conf.main.erb' - - # Set 'false' for static environments, or 'true' for git-based workflow - $server_git_repo = false - # Git branch to puppet env mapping for the post receive hook - $server_git_branch_map = {} # Owner of the environments dir: for cases external service needs write # access to manage it. - $server_environments_owner = $user + $server_environments_owner = $server_user $server_environments_group = $root_group - $server_environments_mode = '0755' # Where we store our puppet environments $server_envs_dir = ["${codedir}/environments"] - $server_envs_target = undef # Modules in this directory would be shared across all environments $server_common_modules_path = unique(["${server_envs_dir[0]}/common", "${codedir}/modules", "${sharedir}/modules", '/usr/share/puppet/modules']) # Dynamic environments config, ignore if the git_repo is 'false' # Path to the repository $server_git_repo_path = "${vardir}/puppet.git" - # mode of the repository - $server_git_repo_mode = '0755' # user of the repository - $server_git_repo_user = $user + $server_git_repo_user = $server_user # group of the repository - $server_git_repo_group = $user - # Override these if you need your own hooks - $server_post_hook_content = 'puppet/server/post-receive.erb' - $server_post_hook_name = 'post-receive' - $server_custom_trusted_oid_mapping = undef - - $server_storeconfigs = false + $server_git_repo_group = $server_group $puppet_major = regsubst($::puppetversion, '^(\d+)\..*$', '\1') if ($facts['os']['family'] =~ /(FreeBSD|DragonFly)/) { $server_package = "puppetserver${puppet_major}" } else { - $server_package = undef + $server_package = 'puppetserver' } $server_ssl_dir = $ssldir - $server_version = undef if $aio_package { $client_package = ['puppet-agent'] @@ -284,8 +180,6 @@ # Puppet service name $service_name = 'puppet' - # Puppet onedshot systemd service and timer name - $systemd_unit_name = 'puppet-run' # Mechanisms to manage and reload/restart the agent # If supported on the OS, reloading is prefered since it does not kill a currently active puppet run if $facts['service_provider'] == 'systemd' { @@ -317,22 +211,11 @@ # Foreman parameters $lower_fqdn = downcase($facts['networking']['fqdn']) - $server_foreman = true - $server_foreman_facts = true $server_puppet_basedir = $aio_package ? { true => '/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet', false => undef, } $server_foreman_url = "https://${lower_fqdn}" - $server_foreman_ssl_ca = undef - $server_foreman_ssl_cert = undef - $server_foreman_ssl_key = undef - - # Which Parser do we want to use? https://docs.puppetlabs.com/references/latest/configuration.html#parser - $server_parser = 'current' - - # Timeout for cached environments, changed in puppet 3.7.x - $server_environment_timeout = undef # puppet server configuration file $server_jvm_config = $facts['os']['family'] ? { @@ -341,10 +224,6 @@ default => '/etc/default/puppetserver', } - $server_jvm_java_bin = '/usr/bin/java' - $server_jvm_extra_args = undef - $server_jvm_cli_args = undef - # This is some very trivial "tuning". See the puppet reference: # https://docs.puppet.com/puppetserver/latest/tuning_guide.html $mem_in_mb = $facts['memory']['system']['total_bytes'] / 1024 / 1024 @@ -363,20 +242,6 @@ $server_jvm_max_heap_size = '768m' } - $server_ssl_dir_manage = true - $server_ssl_key_manage = true - $server_default_manifest = false - $server_default_manifest_path = '/etc/puppet/manifests/default_manifest.pp' - $server_default_manifest_content = '' # lint:ignore:empty_string_assignment - $server_max_requests_per_instance = 0 - $server_max_queued_requests = 0 - $server_max_retry_delay = 1800 - $server_multithreaded = false - $server_idle_timeout = 1200000 - $server_web_idle_timeout = 30000 - $server_connect_timeout = 120000 - $server_ca_auth_required = true - $server_ca_client_self_delete = false $server_admin_api_whitelist = [ 'localhost', $lower_fqdn ] $server_ca_client_whitelist = [ 'localhost', $lower_fqdn ] $server_cipher_suites = [ @@ -387,38 +252,7 @@ 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', ] - $server_ssl_protocols = [ 'TLSv1.2' ] - $server_ssl_chain_filepath = undef - $server_check_for_updates = true - $server_environment_class_cache_enabled = false - $server_allow_header_cert_info = false - $server_ca_allow_sans = false - $server_ca_allow_auth_extensions = false - $server_ca_enable_infra_crl = false - $server_max_open_files = undef - $server_environment_vars = {} - - $server_puppetserver_version = undef - - # Which auth.conf shall we use? - $server_use_legacy_auth_conf = false # Puppetserver metrics shipping - $server_metrics_jmx_enable = true - $server_metrics_graphite_enable = false - $server_metrics_graphite_host = '127.0.0.1' - $server_metrics_graphite_port = 2003 $server_metrics_server_id = $lower_fqdn - $server_metrics_graphite_interval = 5 - $server_metrics_allowed = undef - - # Should the /puppet/experimental route be enabled? - $server_puppetserver_experimental = true - - # For custom auth.conf settings allow passing in a template - $server_puppetserver_auth_template = undef - - # Normally agents can only fetch their own catalogs. If you want some nodes to be able to fetch *any* catalog, add them here. - $server_puppetserver_trusted_agents = [] - $server_puppetserver_trusted_certificate_extensions = [] } diff --git a/manifests/server.pp b/manifests/server.pp index d80ad45e..eb988a23 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -334,7 +334,7 @@ class puppet::server( Variant[Boolean, Stdlib::Absolutepath] $autosign = $puppet::autosign, Array[String] $autosign_entries = $puppet::autosign_entries, - Pattern[/^[0-9]{3,4}$/] $autosign_mode = $puppet::autosign_mode, + Stdlib::Filemode $autosign_mode = $puppet::autosign_mode, Optional[String] $autosign_content = $puppet::autosign_content, Optional[String] $autosign_source = $puppet::autosign_source, String $hiera_config = $puppet::hiera_config, @@ -344,7 +344,7 @@ String $group = $puppet::server_group, String $dir = $puppet::server_dir, Stdlib::Absolutepath $codedir = $puppet::codedir, - Integer $port = $puppet::server_port, + Stdlib::Port $port = $puppet::server_port, String $ip = $puppet::server_ip, Boolean $ca = $puppet::server_ca, Optional[String] $ca_crl_filepath = $puppet::ca_crl_filepath, @@ -355,7 +355,7 @@ Array[String] $ca_client_whitelist = $puppet::server_ca_client_whitelist, Optional[Puppet::Custom_trusted_oid_mapping] $custom_trusted_oid_mapping = $puppet::server_custom_trusted_oid_mapping, Boolean $http = $puppet::server_http, - Integer $http_port = $puppet::server_http_port, + Stdlib::Port $http_port = $puppet::server_http_port, String $reports = $puppet::server_reports, Stdlib::Absolutepath $puppetserver_vardir = $puppet::server_puppetserver_vardir, Optional[Stdlib::Absolutepath] $puppetserver_rundir = $puppet::server_puppetserver_rundir, @@ -373,11 +373,11 @@ String $default_manifest_content = $puppet::server_default_manifest_content, String $environments_owner = $puppet::server_environments_owner, Optional[String] $environments_group = $puppet::server_environments_group, - Pattern[/^[0-9]{3,4}$/] $environments_mode = $puppet::server_environments_mode, + Stdlib::Filemode $environments_mode = $puppet::server_environments_mode, Array[Stdlib::Absolutepath, 1] $envs_dir = $puppet::server_envs_dir, Optional[Stdlib::Absolutepath] $envs_target = $puppet::server_envs_target, Variant[Undef, String[0], Array[Stdlib::Absolutepath]] $common_modules_path = $puppet::server_common_modules_path, - Pattern[/^[0-9]{3,4}$/] $git_repo_mode = $puppet::server_git_repo_mode, + Stdlib::Filemode $git_repo_mode = $puppet::server_git_repo_mode, Stdlib::Absolutepath $git_repo_path = $puppet::server_git_repo_path, String $git_repo_group = $puppet::server_git_repo_group, String $git_repo_user = $puppet::server_git_repo_user, @@ -392,7 +392,7 @@ Boolean $ssl_key_manage = $puppet::server_ssl_key_manage, Array[String] $ssl_protocols = $puppet::server_ssl_protocols, Optional[Stdlib::Absolutepath] $ssl_chain_filepath = $puppet::server_ssl_chain_filepath, - Optional[Variant[String, Array[String]]] $package = $puppet::server_package, + Variant[String, Array[String]] $package = $puppet::server_package, Optional[String] $version = $puppet::server_version, String $certname = $puppet::server_certname, Integer[0] $request_timeout = $puppet::server_request_timeout, @@ -429,7 +429,7 @@ Boolean $metrics_jmx_enable = $puppet::server_metrics_jmx_enable, Boolean $metrics_graphite_enable = $puppet::server_metrics_graphite_enable, String $metrics_graphite_host = $puppet::server_metrics_graphite_host, - Integer $metrics_graphite_port = $puppet::server_metrics_graphite_port, + Stdlib::Port $metrics_graphite_port = $puppet::server_metrics_graphite_port, String $metrics_server_id = $puppet::server_metrics_server_id, Integer $metrics_graphite_interval = $puppet::server_metrics_graphite_interval, Variant[Undef, Array] $metrics_allowed = $puppet::server_metrics_allowed, diff --git a/manifests/server/config.pp b/manifests/server/config.pp index 26f4640c..845276de 100644 --- a/manifests/server/config.pp +++ b/manifests/server/config.pp @@ -216,8 +216,8 @@ if $puppet::server::default_manifest and $puppet::server::default_manifest_content != '' { file { $puppet::server::default_manifest_path: ensure => file, - owner => $puppet::user, - group => $puppet::group, + owner => $puppet::server::user, + group => $puppet::server::group, mode => '0644', content => $puppet::server::default_manifest_content, } diff --git a/manifests/server/install.pp b/manifests/server/install.pp index 8a2e6aeb..96945a3a 100644 --- a/manifests/server/install.pp +++ b/manifests/server/install.pp @@ -26,16 +26,15 @@ } if $puppet::manage_packages == true or $puppet::manage_packages == 'server' { - $server_package = pick($puppet::server::package, 'puppetserver') $server_version = pick($puppet::server::version, $puppet::version) - package { $server_package: + package { $puppet::server::package: ensure => $server_version, install_options => $puppet::package_install_options, } if $puppet::server::manage_user { - Package[$server_package] -> User[$puppet::server::user] + Package[$puppet::server::package] -> User[$puppet::server::user] } } } diff --git a/manifests/server/puppetserver.pp b/manifests/server/puppetserver.pp index d7ecbaba..89132806 100644 --- a/manifests/server/puppetserver.pp +++ b/manifests/server/puppetserver.pp @@ -147,8 +147,6 @@ fail('puppetserver <6.15.0 is not supported by this module version') } - $puppetserver_package = pick($puppet::server::package, 'puppetserver') - $jvm_cmd_arr = ["-Xms${jvm_min_heap_size}", "-Xmx${jvm_max_heap_size}", $jvm_extra_args] $jvm_cmd = strip(join(flatten($jvm_cmd_arr), ' '))