Initial commit with previous code

defaults/main.yml

@@ -0,0 +1,11 @@
+---
+puppet_version: 6
+puppet_server_name: pm.example.com
+subject_alt_names:
+  - puppet.example.com
+puppet_code_repo: htps://mygit.example.com/puppet_code
+puppet_master_config:
+  autosign: 'false'
+  report: 'true'
+  reports: prometheus
+  pluginsync: 'true'

files/update_puppet_code.timer

@@ -0,0 +1,10 @@
+[Unit]
+Description=Filter mail
+
+[Timer]
+OnBootSec=5min
+OnUnitActiveSec=5min
+Unit=update_puppet_code.service
+
+[Install]
+WantedBy=timers.target

handlers/main.yml

@@ -0,0 +1,8 @@
+---
+- name: Restart puppetserver
+  service:
+    name: puppetserver
+    state: restarted
+
+- name: Reload Systemd daemon
+  shell: systemctl daemon-reload

tasks/configure.yml

@@ -0,0 +1,124 @@
+---
+- name: Ensure puppet server master section is configured
+  ini_file:
+    path: /etc/puppetlabs/puppet.conf
+    section: master
+    option: "{{ item.key }}"
+    value: "{{ item.value }}"
+    mode: '0644'
+    backup: true
+    create: true
+  loop: "{{ puppet_master_config | dict2items }}"
+  notify: 'Restart puppetserver'
+
+- name: Ensure puppet server server section is configured
+  ini_file:
+    path: /etc/puppetlabs/puppet.conf
+    section: server
+    option: "{{ item.key }}"
+    value: "{{ item.value }}"
+    mode: '0644'
+    backup: true
+    create: true
+  loop: "{{ puppet_server_config | dict2items }}"
+  notify: 'Restart puppetserver'
+
+- name: Find puppetserver command
+  shell: which puppetserver | true
+  register: which_puppetserver
+
+- name: Find puppetserver command with where
+  shell: "whereis puppetserver | awk 'BEGIN {FS=\": \"} {print($2)}'"
+  register: which_puppetserver
+  when: which_puppetserver.stdout == ""
+
+- name: Fail if not found puppetserver command
+  fail:
+    msg: "Puppet server command couldn't be found"
+  when: which_puppetserver.stdout == ""
+
+- name: Create self-signed certificate authority
+  shell: "{{ which_puppetserver.stdout }} ca setup --subject-alt-names {{ subject_alt_names | join(',') }} --ca-name {{ puppet_server_name }} --certname {{ puppet_server_name }}"
+  args:
+    creates: /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem
+
+- name: Find puppet command
+  shell: which puppet | true
+  register: which_puppet
+
+- name: Find puppet command with where
+  shell: "whereis puppet | awk 'BEGIN {FS=\": \"} {print($2)}'"
+  register: which_puppet
+  when: which_puppet.stdout == ""
+
+- name: Fail if not found puppet command
+  fail:
+    msg: "Puppet command couldn't be found"
+  when: which_puppet.stdout == ""
+
+- name: Configure CA server
+  shell: "{{ which_puppet.stdout }} config set ca_server {{ puppet_server_name }}"
+
+- name: Configure autosign server
+  shell: "{{ which_puppet.stdout }} config set autosign true"
+
+- name: Check if puppet code folder exists
+  stat:
+    path: /etc/puppetlabs/code/environments/production
+  register: puppet_code
+
+- name: Check if readme file exists in puppet code folder
+  stat:
+    path: /etc/puppetlabs/code/environments/production/README
+  register: code_readme
+  when: puppet_code.stat.exists
+
+- name: Copy puppet code folder if there is no readme (not from repo then)
+  copy:
+    remote_src: true
+    src: /etc/puppetlabs/code/environments/production
+    dest: /etc/puppetlabs/code/environments/production.bak
+  when: puppet_code.stat.exists and not code_readme.stat.exists
+
+- name: Remove puppet code folder if there is no readme (not from repo then)
+  file:
+    path: /etc/puppetlabs/code/environments/production
+    state: absent
+
+- name: Ensure puppet code repo is cloned
+  git:
+    repo: "{{ puppet_code_repo }}"
+    dest: /etc/puppetlabs/code/environments/production
+    depth: 1
+
+- name: Ensure service unit to update puppet code exists
+  template:
+    src: templates/update_puppet_code.service.j2
+    dest: /etc/systemd/system/update_puppet_code.service
+    mode: 0644
+    backup: yes
+  notify: Reload Systemd daemon
+
+- name: Ensure timer unit to update puppet code exists
+  copy:
+    src: files/update_puppet_code.timer
+    dest: /etc/systemd/system/update_puppet_code.timer
+    mode: 0644
+    backup: yes
+  notify: Reload Systemd daemon
+
+- name: Ensure service to update puppet code is enabled
+  service:
+    name: update_puppet_code
+    enabled: true
+
+- name: Ensure UFW allow access to the server
+  ufw:
+    rule: allow
+    port: "{{ puppet_master_config['serverport'] | default(8140) }}"
+
+- name: Ensure puppetserver service is enabled and start
+  service:
+    name: puppetserver
+    state: started
+    enabled: true

tasks/install.yml

@@ -0,0 +1,16 @@
+---
+- name: Ensure Puppet repository is installed
+  apt:
+    deb: "https://apt.puppetlabs.com/puppet{{ puppet_version }}-release-{{ ansible_distribution_release }}.deb"
+  when: ansible_distribution_release != "hirsute" and ansible_distribution_release != "jammy"
+
+- name: Ensure Puppet repository is installed
+  apt:
+    deb: "https://apt.puppetlabs.com/puppet{{ puppet_version }}-release-focal.deb"
+  when: ansible_distribution_release == "hirsute" or ansible_distribution_release == "jammy"
+
+- name: Ensure software for Puppet server is installed
+  package:
+    name:
+      - puppetserver
+    update_cache: true

tasks/main.yml

@@ -0,0 +1,5 @@
+---
+- name: Ensure installation
+  include_tasks: install.yml
+- name: Ensure configuration
+  include_tasks: configure.yml

templates/update_puppet_code.service.j2

@@ -0,0 +1,7 @@
+[Service]
+Type=oneshot
+WorkingDirectory=/etc/puppetlabs/code/environments/production
+ExecStart=git pull
+
+[Unit]
+OnFailure=status_email_antoniodelgado@%n.service