puppet

Table of Contents

1. Description
2. Setup - The basics of getting started with puppet
   • What puppet affects
   • Setup requirements
   • Beginning with puppet
3. Usage - Configuration options and additional functionality
4. Limitations - OS compatibility, etc.
5. Development - Guide for contributing to the module

Description

This Puppet module is primarily designed to manage the Puppet server itself, automating its configuration, deployment, and maintenance tasks. This ensures the Puppet server operates efficiently and remains up-to-date.

Additionally, the module includes functionality to manage the Puppet agent as well.

Setup

This module can be utilized in two primary ways:

1. As a Regular Puppet Module (e.g., included in a Puppetfile)

   For direct inclusion in your Puppet environment, specify the module in your Puppetfile as follows:

   mod 'puppet',
     git: 'https://github.com/aursu/puppet-puppet.git',
     tag: 'v0.19.1'
   

   Alternatively, you can specify the version directly if it’s available from the module repository on Puppet Forge:

   mod 'aursu/puppet', '0.19.1'
   

2. As a Puppet Server Bootstrap Tool Using Puppet Bolt

   The module includes a Bolt project located in the bootstrap/bolt subfolder. Within this project, there is a Bolt plan named puppet_bootstrap::server that is specifically designed for bootstrapping a Puppet server.

   Using this setup with Puppet Bolt facilitates a more efficient and straightforward installation process for the Puppet server. This method provides a predefined sequence of actions that automate much of the manual setup, streamlining the deployment of Puppet server environments. It also significantly reduces the complexity of the initial server configuration.

   Initiate the bootstrapping and subsequent Puppet agent run in the production environment with the following commands:

   bolt plan run puppet_bootstrap::server -t puppetservers
   bolt plan run puppet_agent::run -t puppetservers environment=production
   

   For a more detailed description, refer to the bootstrap directory.

What puppet affects

When integrated into a Puppet catalog to configure a Puppet server, the puppet module offers comprehensive control over several crucial configurations and components of both the Puppet server and the overall Puppet infrastructure:

Setup Requirements OPTIONAL

Beginning with puppet

Usage

r10k Cache Directory Setup

To configure a custom cache directory for r10k instead of the default (/var/cache/r10k, as defined in puppet::params), there are a few options:

1. Define the r10k_cachedir parameter:

   • If the puppet::profile::server profile is in use, you can set the r10k_cachedir parameter to the desired cache directory.
   • Similarly, if the puppet::profile::puppet profile is in use, you can also define this parameter for that profile.

2. Set the global variable puppet::globals::r10k_cachedir:

   • Alternatively, define the global variable puppet::globals::r10k_cachedir. This corresponds to the r10k_cachedir parameter in the puppet::globals class, allowing you to override the default cache directory across the entire configuration. This option is particularly useful when Bolt plans, such as puppet_bootstrap::server or puppet::server::bootstrap, are in use.

Adding r10k to Cron

To schedule the r10k command in cron, use the puppet::r10k_crontab_setup flag. Set this flag to true to enable the setup of r10k in the crontab.

Puppet Agent Bootstrap

The puppet::agent::bootstrap class is responsible for bootstrapping a Puppet node. It performs the following steps:

1. First Run: It executes the puppet agent --test command to initiate the creation of a Puppet private key and request a certificate from the Puppet server.

2. Subsequent Runs: On subsequent executions, it attempts to download the certificate from the Puppet server. If the certificate is not yet available, the agent will continue to attempt fetching it on each run until the certificate is successfully retrieved.

3. Handling certname: If a certname is specified during the certificate request, the private key and certificate will be propagated into the appropriate locations using the fqdn (fully qualified domain name), if it differs from certname.

The Bolt plan puppet::bootstrap is available to automate the setup of Puppet agents on nodes. This plan performs the following tasks:

1. Install Puppet Agent: It uses the puppet::agent::install Bolt plan to install the Puppet agent on the target node.

2. Configure Puppet: It configures the puppet.conf file with the necessary settings, including the Puppet server name and, if provided, the certname.

3. Run Bootstrap: Finally, it runs the puppet::agent::bootstrap Bolt plan to initiate the Puppet agent bootstrap process, which handles certificate requests and private key creation.

Limitations

Reference

Table of Contents

Classes

• puppet: Puppet 5 installation module
• puppet::agent::bootstrap: Puppet bootstrap commands
• puppet::agent::config: Configure Puppet Agent settings
• puppet::agent::install: Puppet 5 agent installation
• puppet::agent::ssl::clean: Remove Puppet cerificate and keys on the host
• puppet::config: Setup Puppet configuration file (puppet.conf)
• puppet::enc: Install ENC script
• puppet::params: A short summary of the purpose of this class
• puppet::profile::master: Puppet server installation
• puppet::r10k::install: R10K installation on the server
• puppet::repo: Setup Puppet Platform repository
• puppet::server::ca::allow: Adjust Puppet auth.conf to allow 'puppetserver ca' command
• puppet::server::install: Puppet server package installation
• puppet::server::setup: Puppet server environment setup
• puppet::service: Puppet server service management
• puppet::setup: Puppet node environment setup (either agent or server host)

Defined types

• puppet::server::ca::clean: Puppet certificate cleanup call
• puppet::server::ca::sign: Puppet certificate sign

Resource types

• puppet_auth_rule: Create or remove the rule.

Data types

• Puppet::Autosign
• Puppet::Ordering
• Puppet::Priority
• Puppet::Strictness
• Puppet::TimeUnit

Plans

• puppet::agent5::clean
• puppet::agent5::install
• puppet::bootstrap
• puppet::cert::clean: Clean node certificates on Puppet server
• puppet::cert::sign: Sign node certificates on Puppet server
• puppet::server::clean: Clean node certificates on Puppet controller node
• puppet::server::sign: Sign node certificates on Puppet controller node

Classes

puppet

puppet

Puppet 5 installation module

Examples

include puppet

Parameters

The following parameters are available in the puppet class.

environment

Data type: String

production_remote

Data type: String

server

Data type: String

ca_server

Data type: Optional[String]

dns_alt_names

Data type: Optional[Array[String]]

server_ipaddress

Data type: Optional[String]

hosts_update

Data type: Boolean

agent_version

Data type: String

master

Data type: Boolean

server_version

Data type: String

server_service_ensure

Data type: String

server_service_enable

Data type: Boolean

use_common_env

Data type: Boolean

common_envname

Data type: String

common_remote

Data type: String

basemodulepath

Data type: Optional[Stdlib::Absolutepath]

strict

Data type: Puppet::Strictness

strict_variables

Data type: Boolean

daemonize

Data type: Boolean

onetime

Data type: Boolean

runtimeout

Data type: Optional[Puppet::TimeUnit]

http_read_timeout

Data type: Puppet::TimeUnit

ordering

Data type: Puppet::Ordering

priority

Data type: Optional[Puppet::Priority]

usecacheonfailure

Data type: Boolean

autosign

Data type: Optional[Puppet::Autosign]

environment_timeout

Data type: Puppet::TimeUnit

sameca

Data type: Boolean

allow_duplicate_certs

Data type: Boolean

use_enc

Data type: Boolean

enc_template

Data type: String

enc_data_source

Data type: Optional[Stdlib::Absolutepath]

use_enc_env

Data type: Boolean

enc_envname

Data type: String

enc_remote

Data type: String

use_puppetdb

Data type: Boolean

r10k_config_setup

Data type: Boolean

r10k_yaml_template

Data type: String

r10k_cachedir

Data type: String

environment_setup_on_each_run

Data type: Boolean

external_facts_setup

Data type: Boolean

puppet::agent::bootstrap

Puppet bootstrap commands

Examples

include puppet::agent::bootstrap

Parameters

The following parameters are available in the puppet::agent::bootstrap class.

puppet_path

Data type: Stdlib::Unixpath

Default value: $puppet::params::puppet_path

options

Data type: String

Default value: '--test'

hostprivkey

Data type: Stdlib::Unixpath

Default value: $puppet::params::hostprivkey

hostcert

Data type: Stdlib::Unixpath

Default value: $puppet::params::hostcert

puppet::agent::config

Configure Puppet Agent settings

Examples

include puppet::agent::config

Parameters

The following parameters are available in the puppet::agent::config class.

server

Data type: Stdlib::Fqdn

Default value: 'puppet'

node_environment

Data type: String

Default value: 'production'

onetime

Data type: Boolean

Default value: true

runtimeout

Data type: Puppet::TimeUnit

Default value: '10m'

puppet::agent::install

puppet::agent::install

Puppet 5 agent installation

Examples

include puppet::agent::install

Parameters

The following parameters are available in the puppet::agent::install class.

agent_package_name

Data type: String

Default value: $puppet::params::agent_package_name

agent_version

Data type: String

Default value: $puppet::agent_version

puppet::agent::ssl::clean

Remove Puppet cerificate and keys on the host

Examples

include puppet::agent::ssl::clean

Parameters

The following parameters are available in the puppet::agent::ssl::clean class.

hostprivkey

Data type: Stdlib::Unixpath

Default value: $puppet::params::hostprivkey

hostpubkey

Data type: Stdlib::Unixpath

Default value: $puppet::params::hostpubkey

hostcert

Data type: Stdlib::Unixpath

Default value: $puppet::params::hostcert

hostreq

Data type: Stdlib::Unixpath

Default value: $puppet::params::hostreq

localcacert

Data type: Stdlib::Unixpath

Default value: $puppet::params::localcacert

puppet::config

Setup Puppet configuration file (puppet.conf)

Examples

include puppet::config

Parameters

The following parameters are available in the puppet::config class.

basemodulepath

Data type: Optional[Stdlib::Absolutepath]

The search path for global modules. Should be specified as a list of directories separated by the system path separator character. (The POSIX path separator is ':', and the Windows path separator is ';'.) These are the modules that will be used by all environments. Note that the modules directory of the active environment will have priority over any global directories. For more info, see https://docs.puppet.com/puppet/latest/environments.html Default: $codedir/modules:/opt/puppetlabs/puppet/modules

Default value: $puppet::basemodulepath

common_envname

Data type: String

String. Default is 'common'. Name of common environment which will consists global Hiera config (data/global.yaml) and glomal modules (see use_common_env and basemodulepath)

Default value: $puppet::common_envname

use_common_env

Data type: Boolean

If set to true then basemodulepath will set to "${environmentpath}/${common_envname}/modules" only if basemodulepath parameter (see above) is not defined.

Default value: $puppet::use_common_env

dns_alt_names

Data type: Optional[Array[String]]

Array of String or undef. A comma-separated list of alternate DNS names for Puppet Server. These are extra hostnames (in addition to its certname) that the server is allowed to use when serving agents. Puppet checks this setting when automatically requesting a certificate for Puppet agent or Puppet Server, and when manually generating a certificate with puppet cert generate. In order to handle agent requests at a given hostname (like "puppet.example.com"), Puppet Server needs a certificate that proves it’s allowed to use that name; if a server shows a certificate that doesn’t include its hostname, Puppet agents will refuse to trust it. If you use a single hostname for Puppet traffic but load-balance it to multiple Puppet Servers, each of those servers needs to include the official hostname in its list of extra names. Note: The list of alternate names is locked in when the server’s certificate is signed. If you need to change the list later, you can’t just change this setting; you also need to:

• On the server: Stop Puppet Server.
• On the CA server: Revoke and clean the server’s old certificate. (puppet cert clean )
• On the server: Delete the old certificate (and any old certificate signing requests) from the ssldir.
• On the server: Run puppet agent -t --ca_server to request a new certificate
• On the CA server: Sign the certificate request, explicitly allowing alternate names (puppet cert sign --allow-dns-alt-names ).
• On the server: Run puppet agent -t --ca_server to retrieve the cert.
• On the server: Start Puppet Server again. To see all the alternate names your servers are using, log into your CA server and run puppet cert list -a, then check the output for (alt names: ...). Most agent nodes should NOT have alternate names; the only certs that should have them are Puppet Server nodes that you want other agents to trust.

Default value: $puppet::dns_alt_names

environment_timeout

Data type: Puppet::TimeUnit

Puppet::TimeUnit. Default - 0. How long the Puppet master should cache data it loads from an environment. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). A value of 0 will disable caching. This setting can also be set to unlimited, which will cache environments until the master is restarted or told to refresh the cache. You should change this setting once your Puppet deployment is doing non- trivial work. We chose the default value of 0 because it lets new users update their code without any extra steps, but it lowers the performance of your Puppet master. We recommend setting this to unlimited and explicitly refreshing your Puppet master as part of your code deployment process.

• With Puppet Server, you should refresh environments by calling the environment-cache API endpoint. See the docs for the Puppet Server administrative API.
• With a Rack Puppet master, you should restart the web server or the application server. Passenger lets you touch a restart.txt file to refresh an application without restarting Apache; see the Passenger docs for details. We don’t recommend using any value other than 0 or unlimited, since most Puppet masters use a pool of Ruby interpreters which all have their own cache timers. When these timers drift out of sync, agents can be served inconsistent catalogs. Default: 0

Default value: $puppet::environment_timeout

sameca

Data type: Boolean

Whether the master should function as a certificate authority. Default: true

Default value: $puppet::sameca

allow_duplicate_certs

Data type: Boolean

Whether to allow a new certificate request to overwrite an existing certificate. Default: false

Default value: $puppet::allow_duplicate_certs

use_enc

Data type: Boolean

When enabled, Puppet will use external nodes classifier script which defined in puppet::params::external_nodes variable

Default value: $puppet::use_enc

puppet_master

Data type: Boolean

Default value: $puppet::master

server

Data type: String

Default value: $puppet::server

ca_server

Data type: Optional[String]

Default value: $puppet::ca_server

strict

Data type: Puppet::Strictness

Default value: $puppet::strict

strict_variables

Data type: Boolean

Default value: $puppet::strict_variables

daemonize

Data type: Boolean

Default value: $puppet::daemonize

onetime

Data type: Boolean

Default value: $puppet::onetime

http_read_timeout

Data type: Puppet::TimeUnit

Default value: $puppet::http_read_timeout

ordering

Data type: Puppet::Ordering

Default value: $puppet::ordering

priority

Data type: Optional[Puppet::Priority]

Default value: $puppet::priority

usecacheonfailure

Data type: Boolean

Default value: $puppet::usecacheonfailure

autosign

Data type: Optional[Puppet::Autosign]

Default value: $puppet::autosign

use_puppetdb

Data type: Boolean

Default value: $puppet::use_puppetdb

puppet_config

Data type: Stdlib::Absolutepath

Default value: $puppet::params::puppet_config

environmentpath

Data type: Stdlib::Absolutepath

Default value: $puppet::params::environmentpath

external_nodes

Data type: Stdlib::Absolutepath

Default value: $puppet::params::external_nodes

node_environment

Data type: Optional[String]

Default value: undef

runtimeout

Data type: Optional[Puppet::TimeUnit]

Default value: $puppet::runtimeout

puppet::enc

puppet::enc

Install ENC script

Examples

include puppet::enc

Parameters

The following parameters are available in the puppet::enc class.

enc_template

Data type: String

Default value: $puppet::enc_template

enc_data_source

Data type: Optional[Stdlib::Absolutepath]

Default value: $puppet::enc_data_source

enc_envname

Data type: String

Default value: $puppet::enc_envname

ruby_path

Data type: Stdlib::Absolutepath

Default value: $puppet::params::ruby_path

external_nodes

Data type: Stdlib::Absolutepath

Default value: $puppet::params::external_nodes

puppet::params

puppet::params

A description of what this class does

Examples

include puppet::params

puppet::profile::master

Puppet single host installation (Puppet Agent/Server/PuppetDB)

Examples

include puppet::profile::master

Parameters

The following parameters are available in the puppet::profile::master class.

use_puppetdb

Data type: Boolean

Boolean. Default is true. If set puppet.conf will be set to use PuppetDB for storeconfigs and reports storage. Also PuppetDB will be managed through puppetlabs-puppetdb module (including PostgreSQL database)

Default value: true

puppetdb_server

Data type: String

String. Default is 'puppet'. Server name for PuppetDB. Puppetdb::Master::Config class (from puppetlabs-puppetdb) use ::fqdn for check connection to PuppetDB server. As ::fqdn could be ot resolvable it is possible to set up server name via parameter puppetdb_server. Class '::puppet' by default set into /etc/hosts file record 127.0.0.1 puppet therefore hostname 'puppet' is resolvable. If you changed this behavior - you should properly set parameter puppetdb_server as well

Default value: 'puppet'

manage_puppet_config

Data type: Boolean

Boolean. Default is false. If set then class Puppetdb::Master::Config will check puppet.conf (using Ini_setting resources) for proper setup of report/reports and storeconfigs/storeconfigs_backend directives. By default class Puppet generates Puppet config from template therefore we do not manage it inside class Puppetdb::Master::Config.

Default value: false

postgres_local

Data type: Boolean

Boolean. Default is true. If set then class Puppetdb will use puppetlabs/postgresql for Postgres database server management and PuppetDB database setup

Default value: true

manage_puppetdb_firewall

Data type: Boolean

Boolean. Default is false. If set than class Puppetdb::Server will use puppetlabs/firewall for firewall rules setup, iptables/ip6tables services management

Default value: false

server

Data type: String

Default value: 'puppet'

postgres_database_name

Data type: String

Default value: 'puppetdb'

postgres_database_username

Data type: String

Default value: 'puppetdb'

postgres_database_password

Data type: String

Default value: 'puppetdb'

r10k_cachedir

Data type: String

Default value: '/var/cache/r10k'

puppet::r10k::install

puppet::install::r10k

R10K installation on the server

Examples

include puppet::install::r10k

Parameters

The following parameters are available in the puppet::r10k::install class.

r10k_package_name

Data type: String

Default value: $puppet::params::r10k_package_name

gem_path

Data type: Stdlib::Absolutepath

Default value: $puppet::params::gem_path

r10k_path

Data type: Stdlib::Absolutepath

Default value: $puppet::params::r10k_path

puppet::repo

puppet::repo

Setup Puppet Platform repository

Examples

include puppet::repo

Parameters

The following parameters are available in the puppet::repo class.

package_name

Data type: String

Default value: $puppet::params::package_name

package_filename

Data type: String

Default value: $puppet::params::package_filename

package_provider

Data type: String

Default value: $puppet::params::package_provider

platform_repository

Data type: String

Default value: $puppet::params::platform_repository

puppet::server::ca::allow

Adjust Puppet auth.conf to allow 'puppetserver ca' command

Examples

include puppet::server::ca::allow

Parameters

The following parameters are available in the puppet::server::ca::allow class.

puppet_master

Data type: Boolean

Default value: true

server

Data type: String

Default value: $puppet::server

ca_server

Data type: Optional[String]

Default value: undef

puppet::server::install

puppet::install::server

Puppet server package installation

Examples

include puppet::install::server

Parameters

The following parameters are available in the puppet::server::install class.

server_version

Data type: String

puppetserver package version or one of puppet Package resource ensure parameter values (latest, installed, absent)

Default value: $puppet::server_version

server_package_name

Data type: String

Default value: $puppet::params::server_package_name

puppet::server::setup

puppet::setup::server

This class setup dynamic environments using r10k invocation. If r10k is not configured, than it will setup it from template

Examples

include puppet::setup::server

Parameters

The following parameters are available in the puppet::server::setup class.

r10k_config_setup

Data type: Boolean

Default value: $puppet::r10k_config_setup

r10k_yaml_template

Data type: String

Default value: $puppet::r10k_yaml_template

production_remote

Data type: String

Default value: $puppet::production_remote

use_common_env

Data type: Boolean

Default value: $puppet::use_common_env

common_remote

Data type: String

Default value: $puppet::common_remote

use_enc

Data type: Boolean

Default value: $puppet::use_enc

enc_remote

Data type: String

Default value: $puppet::enc_remote

cachedir

Data type: Stdlib::Absolutepath

Default value: $puppet::r10k_cachedir

r10k_config_file

Data type: Stdlib::Absolutepath

Default value: $puppet::params::r10k_config_file

r10k_path

Data type: Stdlib::Absolutepath

Default value: $puppet::params::r10k_path

environmentpath

Data type: Stdlib::Absolutepath

Default value: $puppet::params::environmentpath

eyaml_keys_path

Data type: Stdlib::Absolutepath

Default value: $puppet::params::eyaml_keys_path

eyaml_public_key

Data type: String

Default value: $puppet::params::eyaml_public_key

eyaml_private_key

Data type: String

Default value: $puppet::params::eyaml_private_key

setup_on_each_run

Data type: Boolean

Default value: $puppet::environment_setup_on_each_run

puppet::service

puppet::service

Puppet server service management

Examples

include puppet::service

Parameters

The following parameters are available in the puppet::service class.

server_service_ensure

Data type: String

Default value: $puppet::server_service_ensure

server_service_enable

Data type: Boolean

Default value: $puppet::server_service_enable

service_name

Data type: String

Default value: $puppet::params::service_name

puppet::setup

puppet::setup

Puppet node environment setup

Examples

include puppet::setup

Parameters

The following parameters are available in the puppet::setup class.

external_facts_setup

Data type: Boolean

whether to setup directories for external facts see https://puppet.com/docs/puppet/6.18/external_facts.html

Default value: $puppet::external_facts_setup

server_name

Data type: String

Default value: $puppet::server

hosts_update

Data type: Boolean

Default value: $puppet::hosts_update

server_ipaddress

Data type: Optional[String]

Default value: $puppet::server_ipaddress

dns_alt_names

Data type: Optional[Array[String]]

Default value: $puppet::dns_alt_names

Defined types

puppet::server::ca::clean

Puppet certificate cleanup call

Examples

puppet::server::ca::clean { 'namevar': }

Parameters

The following parameters are available in the puppet::server::ca::clean defined type.

certname

Data type: String

Certificate name for which run puppetserver ca clean command

Default value: $name

puppet::server::ca::sign

Puppet certificate sign

Examples

puppet::server::ca::sign { 'namevar': }

Parameters

The following parameters are available in the puppet::server::ca::sign defined type.

certname

Data type: String

Certificate name, for which run command puppetserver ca sign

Default value: $name

Resource types

puppet_auth_rule

Create or remove the rule.

Properties

The following properties are available in the puppet_auth_rule type.

allow

If the request's authenticated name matches the parameter's value, Puppet Server allows it.

allow_unauthenticated

Valid values: true, false

Enable domain (default)

deny

Refuses the request if the authenticated name matches - even if the rule contains an allow value that also matches.

ensure

Valid values: present, absent

Create or remove the rule.

Default value: present

match_request_method

Valid values: get, post, put, delete, head

Puppet Server applies that rule only to requests that use its value's listed HTTP methods.

match_request_path

The parameter path can be a literal string or regular expression

match_request_type

Valid values: regex, path

Type of the perameter path. The parameter path can be a literal string or regular expression.

sort_order

Valid values: %r{\d+}

Sets the order in which Puppet Server evaluates the rule by prioritizing it on a numeric value between 1 and 399 (to be evaluated before default Puppet rules) or 601 to 998 (to be evaluated after Puppet), with lower-numbered values evaluated first.

Default value: 500

Parameters

The following parameters are available in the puppet_auth_rule type.

name

namevar

Unique string value identifies the rule to Puppet Server

provider

The specific backend to use for this puppet_auth_rule resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform.

Data types

Puppet::Autosign

The Puppet::Autosign data type.

Alias of Variant[Boolean, Stdlib::Absolutepath]

Puppet::Ordering

The Puppet::Ordering data type.

Alias of Enum['manifest', 'title-hash', 'random']

Puppet::Priority

The Puppet::Priority data type.

Alias of Variant[Enum['high', 'normal', 'low', 'idle'], Integer]

Puppet::Strictness

The Puppet::Strictness data type.

Alias of Enum['off', 'warning', 'error']

Puppet::TimeUnit

The Puppet::TimeUnit data type.

Alias of Variant[Integer, Pattern[/^[0-9]+[ydhms]?$/]]

Plans

puppet::agent5::clean

The puppet::agent5::clean class.

Parameters

The following parameters are available in the puppet::agent5::clean plan.

targets

Data type: TargetSpec

puppet::agent5::install

The puppet::agent5::install class.

Parameters

The following parameters are available in the puppet::agent5::install plan.

targets

Data type: TargetSpec

puppet::bootstrap

The puppet::bootstrap class.

Parameters

The following parameters are available in the puppet::bootstrap plan.

targets

Data type: TargetSpec

server

Data type: Stdlib::Fqdn

puppet::cert::clean

Bolt plan which run puppetserver ca clean command for each node on Puppet controller node. The Bolt plan targets are Nodes

Parameters

The following parameters are available in the puppet::cert::clean plan.

targets

Data type: TargetSpec

Nodes for which certificate should be cleaned

server

Data type: Stdlib::Fqdn

Puppet controller server(s) on which certificate should be cleaned

puppet::cert::sign

Bolt plan which run puppetserver ca sign command for each node on Puppet controller node. The Bolt plan targets are Nodes

Parameters

The following parameters are available in the puppet::cert::sign plan.

targets

Data type: TargetSpec

Nodes for which certificate signing requests should be signed

server

Data type: Stdlib::Fqdn

Puppet controller server(s) on which certificate should be signed

puppet::server::clean

Bolt plan which run puppetserver ca clean command for each node on Puppet controller node as Bolt plan target

Parameters

The following parameters are available in the puppet::server::clean plan.

targets

Data type: TargetSpec

Puppet server(s) where certificate should be cleaned

nodes

Data type: Array[Stdlib::Fqdn]

Nodes for which certificates should be cleaned

puppet::server::sign

Bolt plan which run puppetserver ca sign command for each node on Puppet controller node as Bolt plan target

Parameters

The following parameters are available in the puppet::server::sign plan.

targets

Data type: TargetSpec

Puppet server(s) where certificate should be signed

nodes

Data type: Array[Stdlib::Fqdn]

Nodes for which certificate signing requesgts should be signed

Changelog

All notable changes to this project will be documented in this file.

Release 0.1.6

Features

• Added external facts standard directories management

Bugfixes

Known Issues

Release 0.1.7

Features

• Updated dependencies

Bugfixes

Known Issues

Release 0.2.0

Features

• Added puppet::globals to support few major versions of Puppet

Bugfixes

Known Issues

Release 0.3.0

Features

• Added puppet::profile::agent to setup Puppet agent properly

Bugfixes

Known Issues

Release 0.3.1

Features

• Added ca_server into puppet agent config

Bugfixes

Known Issues

Release 0.3.2

Features

Bugfixes

• Added /usr/local/bin into path for Puppet cron jobs

Known Issues

Release 0.3.3

Features

• Added flag to enable/disable cron jobs

Bugfixes

Known Issues

Release 0.3.4

Features

• Switched from default Puppet 5 to Puppet 7 for Bolt plans

Bugfixes

• Updated dependencies versions

Known Issues

Release 0.3.5

Features

Bugfixes

• Bugfix: wrong parameters count

Known Issues

Release 0.3.6

Features

• Added ability to separate Puppet Server, Puppet CA and PuppetDB
• Added compiler mode of Puppet Server

Bugfixes

Known Issues

Release 0.3.7

Features

• Added Bolt plan puppet::agent::hostname to set hostname on target hosts
• PDK upgrade

Bugfixes

Known Issues

Release 0.3.8

Features

• Added ability to disable verbose mode in cron

Bugfixes

Known Issues

Release 0.3.9

Features

• PDK update to 2.5.0

Bugfixes

Known Issues

Release 0.4.0

Features

• Added separate class for PuppetDB

Bugfixes

• Fixed bug manage_database flag for PuppetDB

Known Issues

Release 0.4.1

Features

• For profile puppet::profile::server added ability to override default ENC environment name

Bugfixes

Known Issues

Release 0.4.2

Features

• Added timeout 900 seconds for r10k exec

Bugfixes

Known Issues

Release 0.4.3

Features

Bugfixes

• Bugfix: agentrun script installation

Known Issues

Release 0.5.0

Features

Bugfixes

• Bugfix: disable import ca resource

Known Issues

Release 0.5.1

Features

• Added ability to setup static certname

Bugfixes

Known Issues

Release 0.5.2

Features

• Added ability to setup r10k crontab

Bugfixes

Known Issues

Release 0.6.0

Features

• Added webserver.conf with SSL settings
• PDK upgrade to 2.6.1

Bugfixes

Known Issues

Release 0.6.1

Features

• Added flag to set on/off webserver.conf management

Bugfixes

Known Issues

Release 0.7.1

Features

• Added fileserver configuration management

Bugfixes

Known Issues

Release 0.8.0

Features

• Switched to lsys_postgresql module

Bugfixes

Known Issues

Release 0.8.1

Features

• Added version compilation for RPM-based systems

Bugfixes

Known Issues

Release 0.9.0

Features

• General Puppet profile

Bugfixes

Known Issues

Release 0.10.0

Features

• Integrated Puppet bootstrap

Bugfixes

Known Issues

Release 0.11.0

Features

• Set Puppet 8 as default version
• Added agent_version parameter into puppet::server::bootstrap
• PDK upgrade to 3.0.0
• Force to use Hiera for SSH access_data and client configuration

Bugfixes

Known Issues

Release 0.11.1

Features

• Added node_environment parameter into puppet::server::bootstrap
• removed parameter -t rsa from ssh-keyscan command to fetch all host keys
• Added flag use_ssh into puppet::server::bootstrap class in case if r10k does not require SSH keys for Puppet code deployment.

Bugfixes

• Added PDK ignore record /bootstrap see https://www.puppet.com/docs/pdk/2.x/pdk_testing.html#ignoring-files-during-module-validation
• Added proper resource apply order during server installation

Known Issues

Release 0.12.0

Features

• Added into Bolt project Puppet bootstrap module bootstrap_assets

Bugfixes

Known Issues

Release 0.13.0

Features

• Added into Bolt plans parmeters use_ssh and bootstrap_path

Bugfixes

Known Issues

Release 0.13.1

Features

• Added rspec testing for r10k run during bootstrap

Bugfixes

• Added dependency of r10k run on SSH config

Known Issues

Release 0.14.0

Features

• Set cwd to be the same as bootstrap_path by default.
• Added a class to set up the bootstrap directory on the Puppet server.

Bugfixes

• Removed the dependency of SSH configuration bootstrap process on eyaml keys and Hiera configuration.
• Excluded PuppetDB settings from the Puppet configuration during the bootstrap stage.

Known Issues

Release 0.14.1

Features

• Added ability to install PuppetDB on Puppet compiler
• Added ENC bootstrap repo into bootstrap process

Bugfixes

Known Issues

Release 0.15.0

Features

• Added ability to pass certname during bootstrap

Bugfixes

Known Issues

Release 0.16.0

Features

• Added puppet_bootstrap::puppetdb Bolt plan for initializing PuppetDB.
• Introduced the ability to provide dns_alt_names during Puppet server bootstrap
• Added puppet::profile::puppetdb profile, offering a predefined set of configurations for easier PuppetDB integration
• Introduced puppet_bootstrap::puppetdb::node Bolt plan to authorise PuppetDB node on Puppet server.
• Added support for specifying certname during PuppetDB bootstrap

Bugfixes

Known Issues

Release 0.17.2

Features

• Updated documentation

Bugfixes

• Added CA serial file sync to avoid new certificates automatic revocation
• Do not manage Puppet service init template only on RedHat 7 and below

Known Issues

Release 0.18.0

Features

• Added Ubuntu into supported OSes

Bugfixes

Known Issues

Release 0.18.1

Features

Bugfixes

• Disable crontab manage during PuppetDB bootstrap

Known Issues

Release 0.19.0

Features

• Added certname parameter into profiles

Bugfixes

Known Issues

Release 0.19.1

Features

• Added plan puppet::agent::run with only puppet agent output
• Added ability to set up specific hostname in puppet::agent::hostname
• Updated some documentation

Bugfixes

Known Issues

Release 0.19.2

Features

• Added ability to disable upstream repo management Flag puppet::manage_repo

Bugfixes

Known Issues

Release 0.19.5

Features

Bugfixes

• Make dependency on puppetlabs/puppet_agent >= 4.20.0 as it has environment validation fix
• Moved the decommissioning of other Puppet platform repositories under the repository management section
• Added ability to disable upstream repo management into profiles

Known Issues

Release 0.19.6

Features

• Added Bolt plan puppet::server::sync

Bugfixes

Known Issues

Release 0.19.8

Features

• Added Bolt task and plan puppet::repo

Bugfixes

• Added collection parameter into Bolt plan puppet::server::sync

Known Issues

Release 0.19.9

Features

• Updated aursu/lsys_postgresql module to 0.50.4

Bugfixes

Known Issues

Release 0.20.6

Features

• Repo installation process isolation

Bugfixes

• Fixed SSH access configuration compilation issue
• Corrected Puppet platform repository URL
• Added support for r10k installation on Puppet 7
• Fixed gem install command by adding the --no-document option
• Fixed puppetdb bootstrap error for Puppet 7
• Fixed node bootstrap Bolt plan puppet::bootstrap for Puppet 7
• Fix into startup issue for PuppetDB

Known Issues

Release 0.21.0

Features

• Renamed puppet_server variable to avoid conflicts with the puppet_server fact.

Bugfixes

• Set ssl_set_cert_paths flag to true for PuppetDB installation

Known Issues

Release 0.22.1

Features

• Added TLS assets setup for PuppetDB web service HTTPS

Bugfixes

Known Issues

Release 0.22.5

Features

• Moved the r10k_vardir variable into puppet::params.
• Added the ability to define a custom value for r10k_cachedir.
• Added filesystem class to manage directories

Bugfixes

• Bugfix: added proper dependencies for PuppetDB $ssl_dir File resource
• Bugfix: added certname PEM files propagation to clientcert PEM files

Known Issues

Release 0.23.0

Features

• Updated puppetlabs/puppet_agent dependency to support Ubuntu 24.04

Bugfixes

Known Issues