Conditionally manage puppet config files

Allows ansible-puppet to configure settings for puppet when manage_config flag is set. Co-Authored-By: Yolanda Robla <info@ysoft.biz> Change-Id: I6cb8dff569f2cca8bca7359412d01cc7ec009c54
2015-11-09 19:14:47 -08:00 · 2015-11-09 19:14:47 -08:00 · 25cc2c9470
commit 25cc2c9470
parent 403d157c45
6 changed files with 98 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -3,4 +3,14 @@
 copy_hieradata: false
 copy_puppet: false
 hieradata: /etc/puppet/hieradata
+#
+
+manage_config: False
+puppet_server: puppet
+certname: "{{ ansible_fqdn }}"
+puppet_data_binding_terminus: hiera
+puppet_reports: store
+puppet_basemodulepath: '$confdir/modules:/usr/share/puppet/modules'
+puppet_environmentpath: '$confdir/environments'
+puppet_hiera_datadir: '/etc/puppet/hieradata'
 puppet_environment: production
--- a/tasks/config.yml
+++ b/tasks/config.yml
@ -0,0 +1,44 @@
+---
+# Create our config
+- name: Create puppet.conf from template
+  template:
+    src: "puppet.conf.j2"
+    dest: "/etc/puppet/puppet.conf"
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Create hiera.yaml from template
+  template:
+    src: "hiera.yaml.j2"
+    dest: "/etc/puppet/hiera.yaml"
+    owner: root
+    group: root
+    mode: 0644
+
+- name: symlink hiera config files together
+  file:
+    src: "/etc/puppet/hiera.yaml"
+    dest: "/etc/hiera.yaml"
+    owner: root
+    group: root
+    state: link
+    force: yes
+
+- name: create environment directory
+  file:
+    path: "/etc/puppet/environments/{{ puppet_environment }}"
+    state: directory
+    owner: root
+    group: root
+    mode: 0755
+  when: puppet_environment is defined
+
+- name: create environment.conf from template
+  template:
+    src: "environment.conf.j2"
+    dest: "/etc/puppet/environments/{{ puppet_environment }}/environment.conf"
+    owner: root
+    group: root
+    mode: 0644
+  when: puppet_environment is defined
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -50,6 +50,10 @@
  - copy_puppet
  - manifest_base is defined

+- name: setup config files
+  when: manage_config
+  include: config.yml
+
 - name: run puppet
  puppet:
    puppetmaster: "{{ puppetmaster|default(omit) }}"
--- a/templates/environment.conf.j2
+++ b/templates/environment.conf.j2
@ -0,0 +1 @@
+modulepath = {{ puppet_basemodulepath }}
--- a/templates/hiera.yaml.j2
+++ b/templates/hiera.yaml.j2
@ -0,0 +1,14 @@
+---
+:hierarchy:
+  # Use private hieradata first
+  - "hieradata/%{::environment}/fqdn/%{::fqdn}"
+  - "hieradata/%{::environment}/group/%{group}" # no :: because group is set at nodescope
+  - "hieradata/%{::environment}/common"
+  # Use public hieradata second, also be environmentally aware
+  - "%{::environment}/fqdn/%{::fqdn}"
+  - "%{::environment}/group/%{group}" # no :: because group is set at nodescope
+  - "%{::environment}/common"
+:backends:
+  - yaml
+:yaml:
+  :datadir: "{{ puppet_hiera_datadir }}"
--- a/templates/puppet.conf.j2
+++ b/templates/puppet.conf.j2
@ -0,0 +1,25 @@
+[main]
+logdir=/var/log/puppet
+vardir=/var/lib/puppet
+ssldir=/var/lib/puppet/ssl
+rundir=/var/run/puppet
+server={{ puppet_server }}
+certname={{ certname }}
+pluginsync=true
+data_binding_terminus={{ puppet_data_binding_terminus }}
+reports={{ puppet_reports }}
+basemodulepath={{ puppet_basemodulepath }}
+environmentpath={{ puppet_environmentpath }}
+environmenttimeout=0
+
+[master]
+# These are needed when the puppetmaster is run by passenger
+# and can safely be removed if webrick is used.
+ssl_client_header=SSL_CLIENT_S_DN
+ssl_client_verify_header=SSL_CLIENT_VERIFY
+
+[agent]
+report=true
+splay=true
+runinterval=600
+