Puppet Class: puppet::master

Inherits:
::puppet::defaults
Defined in:
manifests/master.pp

Overview

Parameters:

  • autosign (Boolean) (defaults to: false)

    Default: false Whether or not to enable autosign.

  • autosign_domains (Array) (defaults to: [])

    Default: empty array of domains to use for basic autosigning

  • autosign_file (String) (defaults to: $::puppet::defaults::autosign_file)

    Default: $confdir/autosign.conf file to use for basic autosigning

  • autosign_method (String) (defaults to: 'file')

    Default: file Method to use for autosign the default ‘file’ will use the $confdir/autosign.conf file to determine which certs to sign. This file is empty by default so autosigning will be effectivly off ‘on’ will set the autosign variable to true and thus all certs will be signed. ‘off’ will set the autosign variable to false disabling autosign completely.

  • basemodulepath (*absolute path* Default Puppet 4: ${codedir}/environments Default Puppet 3: /etc/puppet/environments) (defaults to: $::puppet::defaults::basemodulepath)

    The base directory path to have environments checked out into.

  • deep_merge_version ([String] Default: 'installed') (defaults to: 'installed')

    The version of the deep_merge package to install.

  • env_owner (String) (defaults to: 'puppet')

    Default: ‘puppet’ The user which should own hieradata and r10k repos

  • environmentpath (*absolute path* Default Puppet 4: ${codedir}/modules:${confdir}/modules Default Puppet 3: ${confdir}/modules:/usr/share/puppet/modules) (defaults to: $::puppet::defaults::environmentpath)

    The base directory path to have environments checked out into.

  • eyaml_keys ([Boolean] Default: false) (defaults to: false)

    Toggle whether or not to deploy [eyaml](github.com/TomPoulton/hiera-eyaml) keys

  • future_parser ([Boolean] Default: false) (defaults to: false)

    Toggle to dictate whether or not to enable the [future parser](docs.puppetlabs.com/puppet/latest/reference/experiments_future.html)

  • hiera_backends ([Hash] Default Puppet 3: {'yaml' => { 'datadir' => '/etc/puppet/hiera/%{environment}',} } Default Puppet 4: {'yaml' => { 'datadir' => '$codedir/hieradata/%{environment}',} }) (defaults to: $::puppet::defaults::hiera_backends)

    The backends to configure hiera to query.

  • hiera_eyaml_version ([String] Default: 'installed') (defaults to: 'installed')

    The version of the hiera-eyaml package to install. *It is important to note that the hiera-eyaml package will be installed via gem*

  • hiera_eyaml_key_directory ([String] Default $::settings::confdir/hiera_eyaml_keys) (defaults to: $::puppet::defaults::hiera_eyaml_key_directory)

    Directory to store the hiera-eyaml keys

  • hiera_eyaml_pkcs7_private_key ([String] Default: undef) (defaults to: 'private_key.pkcs7.pem')

    The location to store the hiera-eyaml private key

  • hiera_eyaml_pkcs7_public_key ([String] Default: undef) (defaults to: 'public_key.pkcs7.pem')

    The location to store the hiera-eyaml public key

  • hiera_eyaml_pkcs7_private_key_file ([String] Default: undef) (defaults to: undef)

    The puppet source of the file to use as the hiera-eyaml private key

  • hiera_eyaml_pkcs7_public_key_file ([String] Default: undef) (defaults to: undef)

    The puppet source of the file to use as the hiera-eyaml private key

  • hiera_hierarchy ([Array] Default: ['node/%{::clientcert}', 'env/%{::environment}', 'global']) (defaults to: [ 'node/%{::clientcert}', 'env/%{::environment}', 'global'])

    The hierarchy to configure hiera to use

  • hiera_merge_behavior ([String] Default: undef) (defaults to: undef)

    The type of [merge behaviour](docs.puppetlabs.com/hiera/latest/configuring.html#mergebehavior) that should be used by hiera. Defaults to not being set.

  • hieradata_path (*absolute path* Default Puppet 3: /etc/puppet/hiera Default Puppet 4: $codedir/hieradata) (defaults to: $::puppet::defaults::hieradata_path)

    The location to configure hiera to look for the hierarchy. This also impacts the [puppet::master::modules](#public-class-puppetmastermodules) module’s deployment of your r10k hiera repo.

  • java_ram ([String] Default: '2g') (defaults to: '2g')

    Set the ram to use for the new puppetserver

  • manage_deep_merge_package ([Boolean] Default: false) (defaults to: false)

    Whether the [deep_merge gem](rubygems.org/gems/deep_merge) should be installed.

  • manage_hiera_eyaml_package ([Boolean] Default: true) (defaults to: true)

    Whether the [hiera-eyaml gem](rubygems.org/gems/hiera-eyaml) should be installed.

  • manage_hiera_config ([Boolean] Default: true) (defaults to: true)

    Whether to manage the content of the hiera config file

  • passenger_max_pool_size ([Number] Default: 12) (defaults to: '12')

    Adjusts the [apache::mod::passenger](github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/mod/passenger.pp) configuration to configure the specified [max pool size](www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerMaxPoolSize).

  • passenger_max_requests ([Number] Default: 0) (defaults to: '0')

    Adjusts the [apache::mod::passenger](github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/mod/passenger.pp) configuration to configure the specified [max requests](www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerMaxRequests).

  • passenger_pool_idle_time ([Number] Default: 1500) (defaults to: '1500')

    Adjusts the [apache::mod::passenger](github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/mod/passenger.pp) configuration to configure the specified [pool idle time](www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerPoolIdleTime)

  • passenger_stat_throttle_rate ([Number] Default: 120) (defaults to: '120')

    Adjusts the [apache::mod::passenger](github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/mod/passenger.pp) configuration to configure the specified [stat throttle rate](www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#_passengerstatthrottlerate_lt_integer_gt)

  • puppet_fqdn ([String] Default: $::fqdn) (defaults to: $::fqdn)

    Sets the namevar of the [apache::vhost](github.com/puppetlabs/puppetlabs-apache#defined-type-apachevhost) resource declared. It is also used to derive the ssl_cert and ssl_key parameters to the apache::vhost resource.

  • puppet_version ([String] Default: 'installed') (defaults to: 'installed')

    Specifies the version of the puppetmaster package to install

  • report_age ([String] Default: '7') (defaults to: '7')

    Specifies number of days of reports to keep

  • report_clean_hour ([String] Default: '21') (defaults to: '21')

    Specifies hour to run the report clean cronjob

  • report_clean_min ([String] Default: '22') (defaults to: '22')

    Specifies minute to run the report clean cronjob

  • report_clean_weekday ([String] Default: '0') (defaults to: '0')

    Specifies weekday to run the report clean cronjob

  • server_type ([String] Default Puppet 4: 'puppetserver' Default Puppet 4: 'passenger') (defaults to: $::puppet::defaults::server_type)

    Specifies the type of server to use puppetserver is always used on Puppet 4

  • $external_nodes ([String] Default undef)

    Specifies the script tom use as a node classifier

  • $node_terminus ([String] Default undef)

    Specifies method to use for the external_nodes

  • module_path (Any) (defaults to: undef)

    DEPRECATED ([String] Default: undef) If this is set, it will be used to populate the basemodulepath parameter in /etc/puppet/puppet.conf. This does not impact [environment.conf](docs.puppetlabs.com/puppet/latest/reference/config_file_environment.html), which should live in your [r10k](github.com/adrienthebo/r10k) environment repo.

  • pre_module_path (Any) (defaults to: undef)

    DEPRECATED ([String] Default: undef) If set, this is prepended to the modulepath parameter *if it is set* and to a static modulepath list if modulepath is unspecified. *A colon separator will be appended to the end of this if needed*

  • r10k_version (Any) (defaults to: undef)

    DEPRECATED ([String] Default: undef) Specifies the version of r10k to install. *It is important to note that the r10k package will be installed via gem*

  • environment_timeout (Any) (defaults to: '0')
  • server_version (Any) (defaults to: 'installed')
  • external_nodes (Any) (defaults to: undef)
  • node_terminus (Any) (defaults to: undef) 


89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
 
# File 'manifests/master.pp', line 89

class puppet::master (
  $autosign                           = false,
  $autosign_domains                   = [],
  $autosign_file                      = $::puppet::defaults::autosign_file,
  $autosign_method                    = 'file',
  $basemodulepath                     = $::puppet::defaults::basemodulepath,
  $deep_merge_version                 = 'installed',
  $env_owner                          = 'puppet',
  $environmentpath                    = $::puppet::defaults::environmentpath,
  $environment_timeout                = '0',
  $eyaml_keys                         = false,
  $future_parser                      = false,
  $hiera_backends                     = $::puppet::defaults::hiera_backends,
  $hiera_eyaml_key_directory          = $::puppet::defaults::hiera_eyaml_key_directory,
  $hiera_eyaml_pkcs7_private_key      = 'private_key.pkcs7.pem',
  $hiera_eyaml_pkcs7_public_key       = 'public_key.pkcs7.pem',
  $hiera_eyaml_pkcs7_private_key_file = undef,
  $hiera_eyaml_pkcs7_public_key_file  = undef,
  $hiera_eyaml_version                = 'installed',
  $manage_deep_merge_package          = false,
  $manage_hiera_eyaml_package         = true,
  $hiera_hierarchy                    = [
    'node/%{::clientcert}',
    'env/%{::environment}',
    'global'],
  $hiera_merge_behavior               = undef,
  $hieradata_path                     = $::puppet::defaults::hieradata_path,
  $java_ram                           = '2g',
  $manage_hiera_config                = true,
  $passenger_max_pool_size            = '12',
  $passenger_max_requests             = '0',
  $passenger_pool_idle_time           = '1500',
  $passenger_stat_throttle_rate       = '120',
  $puppet_fqdn                        = $::fqdn,
  $puppet_version                     = 'installed',
  $report_age                         = '7',
  $report_clean_min                   = '22',
  $report_clean_hour                  = '21',
  $report_clean_weekday               = '0',
  $server_type                        = $::puppet::defaults::server_type,
  $server_version                     = 'installed',
  $external_nodes                     = undef,
  $node_terminus                      = undef,
  $module_path                        = undef,
  $pre_module_path                    = undef,
  $r10k_version                       = undef,
) inherits ::puppet::defaults {

  #input validation
  validate_absolute_path(
    $environmentpath,
    $hieradata_path,
  )
  validate_array(
    $hiera_hierarchy,
  )

  validate_bool(
    $autosign,
    $eyaml_keys,
    $future_parser,
    $manage_hiera_config,
  )

  validate_hash(
    $hiera_backends
  )

  validate_string(
    $env_owner,
    $environment_timeout,
    $hiera_eyaml_version,
    $puppet_fqdn,
    $puppet_version,
    $server_version,
    $passenger_max_pool_size,
    $passenger_max_requests,
    $passenger_pool_idle_time,
    $passenger_stat_throttle_rate,
    $external_nodes,
    $node_terminus,
  )

  # add deprecation warnings
  if $r10k_version != undef {
    notify { 'Deprecation notice: puppet::master::r10k_version is deprecated, use puppet::profile::r10k class instead': }
  }
  if $module_path != undef {
    notify { 'Deprecation notice: puppet::master::module_path is deprecated, use puppet::master::basemodulepath instead': }
  }
  if $pre_module_path != undef {
    notify { 'Deprecation notice: puppet::master::pre_module_path is deprecated, use puppet::master::basemodulepath instead': }
  }

  if $eyaml_keys == true {
    if $hiera_eyaml_pkcs7_private_key_file == undef {
      notify { 'hiera_eyaml_pkcs7_private_key_file needs to be set if you want to manage your hiera eyaml keys': }
    }
    if $hiera_eyaml_pkcs7_public_key_file == undef {
      notify { 'hiera_eyaml_pkcs7_public_key_file needs to be set if you want to manage your hiera eyaml keys': }
    }
  }

  # check autosign methods
  $autosign_methods = ['off','on','file']
  validate_re($autosign_method,$autosign_methods)

  # set autosign_method_interpolated to on if autosign is true
  if $autosign == true {
    notify { 'autosign is now managed with autosign_method. The autosign parameter is deprecated and will be removed in a future version': }
  }

  # check merge_behavior for hiera
  if $hiera_merge_behavior {
    $hiera_merge_behaviors = ['native', 'deep', 'deeper']
    validate_re($hiera_merge_behavior,$hiera_merge_behaviors)
  }

  include ::puppet::master::install
  include ::puppet::master::config
  include ::puppet::master::hiera

  case $server_type {
    'puppetserver': {
      include ::puppet::master::server
      # Class['puppet::master::hiera'] ~>
      # Class['puppet::master::server']
    }
    default: {
      include ::puppet::master::passenger
      # Class['puppet::master::hiera'] ~>
      # Class['puppet::master::passenger']
    }
  }

  Class['puppet::master::install'] ->
  Class['puppet::master::config'] ->
  Class['puppet::master::hiera']

}