145 lines
No EOL
4.2 KiB
YAML
145 lines
No EOL
4.2 KiB
YAML
---
|
|
- name: Ensure puppet server master section is configured
|
|
ini_file:
|
|
path: /etc/puppetlabs/puppet/puppet.conf
|
|
section: master
|
|
option: "{{ item.key }}"
|
|
value: "{{ item.value }}"
|
|
mode: '0644'
|
|
backup: true
|
|
create: true
|
|
loop: "{{ puppet_master_config | dict2items }}"
|
|
notify: 'Restart puppetserver'
|
|
|
|
- name: Ensure puppet server server section is configured
|
|
ini_file:
|
|
path: /etc/puppetlabs/puppet/puppet.conf
|
|
section: server
|
|
option: "{{ item.key }}"
|
|
value: "{{ item.value }}"
|
|
mode: '0644'
|
|
backup: true
|
|
create: true
|
|
loop: "{{ puppet_server_config | dict2items }}"
|
|
notify: 'Restart puppetserver'
|
|
|
|
- name: Find puppetserver command
|
|
shell: which puppetserver | awk '{print($1)}' | true
|
|
register: which_puppetserver
|
|
|
|
- name: Find puppetserver command with where
|
|
shell: "whereis puppetserver | awk 'BEGIN {FS=\": \"} {print($2)}'"
|
|
register: which_puppetserver
|
|
when: which_puppetserver.stdout == ""
|
|
|
|
- name: Fail if not found puppetserver command
|
|
fail:
|
|
msg: "Puppet server command couldn't be found"
|
|
when: which_puppetserver.stdout == ""
|
|
|
|
- name: Create self-signed certificate authority
|
|
shell: "{{ which_puppetserver.stdout }} ca setup --subject-alt-names {{ subject_alt_names | join(',') }} --ca-name {{ puppet_server_name }} --certname {{ puppet_server_name }}"
|
|
args:
|
|
creates: /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem
|
|
|
|
- name: Find puppet command
|
|
shell: which puppet | awk '{print($1)}' | true
|
|
register: which_puppet
|
|
- name: Show puppet command
|
|
debug:
|
|
msg: "Puppet command: '{{ which_puppet.stdout }}'"
|
|
|
|
- name: Find puppet command with where
|
|
shell: "whereis puppet | awk 'BEGIN {FS=\" \"} {print($2)}'"
|
|
register: which_puppet
|
|
when: which_puppet.stdout == ""
|
|
|
|
- name: Fail if not found puppet command
|
|
fail:
|
|
msg: "Puppet command couldn't be found"
|
|
when: which_puppet.stdout == ""
|
|
|
|
- name: Configure CA server
|
|
shell: "{{ which_puppet.stdout }} config set ca_server {{ puppet_server_name }}"
|
|
|
|
- name: Configure autosign server
|
|
shell: "{{ which_puppet.stdout }} config set autosign true"
|
|
|
|
- name: Check if puppet code folder exists
|
|
stat:
|
|
path: /etc/puppetlabs/code/environments/production
|
|
register: puppet_code
|
|
|
|
- name: Check if readme file exists in puppet code folder
|
|
stat:
|
|
path: /etc/puppetlabs/code/environments/production/README.md
|
|
register: code_readme
|
|
when: puppet_code.stat.exists
|
|
|
|
- name: Copy puppet code folder if there is no readme (not from repo then)
|
|
copy:
|
|
remote_src: true
|
|
src: /etc/puppetlabs/code/environments/production
|
|
dest: /etc/puppetlabs/code/environments/production.bak
|
|
when: puppet_code.stat.exists and not code_readme.stat.exists
|
|
|
|
- name: Remove puppet code folder if there is no readme (not from repo then)
|
|
file:
|
|
path: /etc/puppetlabs/code/environments/production
|
|
state: absent
|
|
|
|
- name: Ensure puppet code repo is cloned
|
|
git:
|
|
repo: "{{ puppet_code_repo }}"
|
|
dest: /etc/puppetlabs/code/environments/production
|
|
depth: 1
|
|
|
|
- name: Ensure service unit to update puppet code exists
|
|
template:
|
|
src: templates/update_puppet_code.service.j2
|
|
dest: /etc/systemd/system/update_puppet_code.service
|
|
mode: 0644
|
|
backup: yes
|
|
notify: Reload Systemd daemon
|
|
|
|
- name: Ensure timer unit to update puppet code exists
|
|
copy:
|
|
src: files/update_puppet_code.timer
|
|
dest: /etc/systemd/system/update_puppet_code.timer
|
|
mode: 0644
|
|
backup: yes
|
|
notify: Reload Systemd daemon
|
|
|
|
- name: Ensure service to update puppet code is enabled
|
|
service:
|
|
name: update_puppet_code
|
|
enabled: true
|
|
|
|
- name: Ensure UFW allow access to the server
|
|
ufw:
|
|
rule: allow
|
|
port: "{{ puppet_master_config['serverport'] | default(8140) }}"
|
|
|
|
- name: Ensure puppetserver service is enabled and start
|
|
service:
|
|
name: puppetserver
|
|
state: started
|
|
enabled: true
|
|
|
|
- name: Ensure r10k configuration folder exists
|
|
file:
|
|
path: /etc/puppetlabs/r10k
|
|
state: directory
|
|
owner: puppet
|
|
group: puppet
|
|
|
|
- name: Ensure r10k is configured
|
|
copy:
|
|
dest: /etc/puppetlabs/r10k/r10k.yaml
|
|
content: "{{ r10k_config | to_nice_yaml }}"
|
|
owner: puppet
|
|
group: puppet
|
|
backup: true
|
|
|
|
- name: Deploy environment
|
|
shell: r10k deploy environment --config /etc/puppetlabs/r10k/r10k.yaml |