diff --git a/Gemfile b/Gemfile new file mode 100644 index 0000000..a4a3b20 --- /dev/null +++ b/Gemfile @@ -0,0 +1,32 @@ +# Managed by modulesync - DO NOT EDIT +# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ + +source ENV['GEM_SOURCE'] || 'https://rubygems.org' + +group :test do + gem 'voxpupuli-test', '~> 7.0', :require => false + gem 'coveralls', :require => false + gem 'simplecov-console', :require => false + gem 'puppet_metadata', '~> 3.5', :require => false +end + +group :development do + gem 'guard-rake', :require => false + gem 'overcommit', '>= 0.39.1', :require => false +end + +group :system_tests do + gem 'voxpupuli-acceptance', '~> 3.0', :require => false +end + +group :release do + gem 'voxpupuli-release', '~> 3.0', :require => false +end + +gem 'rake', :require => false +gem 'facter', ENV['FACTER_GEM_VERSION'], :require => false, :groups => [:test] + +puppetversion = ENV['PUPPET_GEM_VERSION'] || '~> 7.24' +gem 'puppet', puppetversion, :require => false, :groups => [:test] + +# vim: syntax=ruby diff --git a/Gemfile.lock b/Gemfile.lock new file mode 100644 index 0000000..f8a5908 --- /dev/null +++ b/Gemfile.lock @@ -0,0 +1,489 @@ +GEM + remote: https://rubygems.org/ + specs: + activesupport (7.1.3.3) + base64 + bigdecimal + concurrent-ruby (~> 1.0, >= 1.0.2) + connection_pool (>= 2.2.5) + drb + i18n (>= 1.6, < 2) + minitest (>= 5.1) + mutex_m + tzinfo (~> 2.0) + addressable (2.8.6) + public_suffix (>= 2.0.2, < 6.0) + ansi (1.5.0) + ast (2.4.2) + async (1.32.1) + console (~> 1.10) + nio4r (~> 2.3) + timers (~> 4.1) + async-http (0.64.2) + async (>= 1.25) + async-io (>= 1.28) + async-pool (>= 0.2) + protocol-http (~> 0.26.0) + protocol-http1 (~> 0.19.0) + protocol-http2 (~> 0.16.0) + traces (>= 0.10.0) + async-http-faraday (0.13.1) + async-http (~> 0.42) + faraday + async-io (1.43.2) + async + async-pool (0.4.0) + async (>= 1.25) + base64 (0.2.0) + bcrypt_pbkdf (1.1.1) + beaker (5.8.1) + bcrypt_pbkdf (>= 1.0, < 2.0) + beaker-hostgenerator (~> 2.0) + ed25519 (>= 1.2, < 2.0) + hocon (~> 1.0) + in-parallel (>= 0.1, < 2.0) + inifile (~> 3.0) + minitar (~> 0.6) + minitest (~> 5.4) + net-scp (>= 1.2, < 5.0) + net-ssh (~> 7.1) + rexml (~> 3.2, >= 3.2.5) + rsync (~> 1.0.9) + stringify-hash (~> 0.0) + thor (>= 1.0.1, < 2.0) + beaker-docker (2.2.1) + beaker (>= 4, < 6) + docker-api (~> 2.1) + stringify-hash (~> 0.0.0) + beaker-hiera (1.0.0) + beaker (>= 4, < 6) + beaker-hostgenerator (2.12.2) + deep_merge (~> 1.0) + beaker-rspec (8.1.0) + beaker (>= 4.0, < 6) + rspec (~> 3.0) + serverspec (~> 2) + specinfra (~> 2) + beaker-vagrant (1.3.0) + beaker (>= 4, < 6) + beaker_puppet_helpers (1.3.0) + beaker (>= 4, < 6) + puppet-modulebuilder (>= 0.3, < 2) + bigdecimal (3.1.8) + builder (3.2.4) + childprocess (5.0.0) + coderay (1.1.3) + concurrent-ruby (1.2.3) + connection_pool (2.4.1) + console (1.24.0) + fiber-annotation + fiber-local + json + coveralls (0.8.23) + json (>= 1.8, < 3) + simplecov (~> 0.16.1) + term-ansicolor (~> 1.3) + thor (>= 0.19.4, < 2.0) + tins (~> 1.6) + deep_merge (1.2.2) + diff-lcs (1.5.1) + docile (1.4.0) + docker-api (2.2.0) + excon (>= 0.47.0) + multi_json + domain_name (0.6.20240107) + drb (2.2.1) + ed25519 (1.3.0) + erubi (1.12.0) + excon (0.110.0) + facter (4.7.0) + hocon (~> 1.3) + thor (>= 1.0.1, < 1.3) + facterdb (1.27.0) + facter (< 5.0.0) + jgrep (~> 1.5, >= 1.5.4) + faraday (2.9.0) + faraday-net_http (>= 2.0, < 3.2) + faraday-http-cache (2.5.1) + faraday (>= 0.8) + faraday-net_http (3.1.0) + net-http + faraday-retry (2.2.1) + faraday (~> 2.0) + fast_gettext (2.4.0) + prime + ffi (1.16.3) + fiber-annotation (0.2.0) + fiber-local (1.0.0) + formatador (1.1.0) + forwardable (1.3.3) + github_changelog_generator (1.16.4) + activesupport + async (>= 1.25.0) + async-http-faraday + faraday-http-cache + multi_json + octokit (~> 4.6) + rainbow (>= 2.2.1) + rake (>= 10.0) + gssapi (1.3.1) + ffi (>= 1.0.1) + guard (2.18.1) + formatador (>= 0.2.4) + listen (>= 2.7, < 4.0) + lumberjack (>= 1.0.12, < 2.0) + nenv (~> 0.1) + notiffany (~> 0.0) + pry (>= 0.13.0) + shellany (~> 0.0) + thor (>= 0.18.1) + guard-rake (1.0.0) + guard + rake + gyoku (1.4.0) + builder (>= 2.1.2) + rexml (~> 3.0) + hiera (3.12.0) + hocon (1.4.0) + http-accept (1.7.0) + http-cookie (1.0.5) + domain_name (~> 0.5) + httpclient (2.8.3) + i18n (1.14.5) + concurrent-ruby (~> 1.0) + in-parallel (1.0.1) + inifile (3.0.0) + iniparse (1.5.0) + jgrep (1.5.4) + json (2.7.2) + json-schema (4.3.0) + addressable (>= 2.8) + listen (3.9.0) + rb-fsevent (~> 0.10, >= 0.10.3) + rb-inotify (~> 0.9, >= 0.9.10) + little-plugger (1.1.4) + locale (2.1.4) + logging (2.3.1) + little-plugger (~> 1.1) + multi_json (~> 1.14) + lumberjack (1.2.10) + metadata-json-lint (4.0.0) + json-schema (>= 2.8, < 5.0) + semantic_puppet (~> 1.0) + spdx-licenses (~> 1.0) + method_source (1.1.0) + mime-types (3.5.2) + mime-types-data (~> 3.2015) + mime-types-data (3.2024.0507) + minitar (0.9) + minitest (5.23.1) + mocha (1.16.1) + multi_json (1.15.0) + mutex_m (0.2.0) + nenv (0.3.0) + net-http (0.4.1) + uri + net-scp (4.0.0) + net-ssh (>= 2.6.5, < 8.0.0) + net-ssh (7.2.3) + net-telnet (0.2.0) + netrc (0.11.0) + nio4r (2.7.3) + nori (2.7.0) + bigdecimal + notiffany (0.1.3) + nenv (~> 0.1) + shellany (~> 0.0) + octokit (4.25.1) + faraday (>= 1, < 3) + sawyer (~> 0.9) + overcommit (0.63.0) + childprocess (>= 0.6.3, < 6) + iniparse (~> 1.4) + rexml (~> 3.2) + parallel (1.24.0) + parallel_tests (4.7.1) + parallel + parser (3.3.1.0) + ast (~> 2.4.1) + racc + pathspec (1.1.3) + prime (0.1.2) + forwardable + singleton + protocol-hpack (1.4.3) + protocol-http (0.26.4) + protocol-http1 (0.19.1) + protocol-http (~> 0.22) + protocol-http2 (0.16.0) + protocol-hpack (~> 1.4) + protocol-http (~> 0.18) + pry (0.14.2) + coderay (~> 1.1) + method_source (~> 1.0) + public_suffix (5.0.5) + puppet (7.30.0) + concurrent-ruby (~> 1.0) + deep_merge (~> 1.0) + facter (> 2.0.1, < 5) + fast_gettext (>= 1.1, < 3) + hiera (>= 3.2.1, < 4) + locale (~> 2.1) + multi_json (~> 1.10) + puppet-resource_api (~> 1.5) + scanf (~> 1.0) + semantic_puppet (~> 1.0) + puppet-blacksmith (7.0.0) + puppet-modulebuilder (~> 1.0) + rest-client (~> 2.0) + puppet-lint (4.2.4) + puppet-lint-absolute_classname-check (4.0.0) + puppet-lint (>= 3.0, < 5) + puppet-lint-anchor-check (2.0.0) + puppet-lint (>= 3, < 5) + puppet-lint-file_ensure-check (2.0.0) + puppet-lint (>= 3, < 5) + puppet-lint-leading_zero-check (2.0.0) + puppet-lint (>= 3, < 5) + puppet-lint-lookup_in_parameter-check (2.0.0) + puppet-lint (>= 3, < 5) + puppet-lint-manifest_whitespace-check (0.3.0) + puppet-lint (>= 1.0, < 5) + puppet-lint-optional_default-check (2.0.0) + puppet-lint (>= 3, < 5) + puppet-lint-param-docs (2.0.0) + puppet-lint (>= 3, < 5) + puppet-lint-param-types (2.0.0) + puppet-lint (>= 3, < 5) + puppet-lint-params_empty_string-check (2.0.0) + puppet-lint (>= 3, < 5) + puppet-lint-resource_reference_syntax (2.0.0) + puppet-lint (>= 3, < 5) + puppet-lint-strict_indent-check (3.0.0) + puppet-lint (>= 3, < 5) + puppet-lint-topscope-variable-check (2.0.0) + puppet-lint (>= 3, < 5) + puppet-lint-trailing_comma-check (2.0.0) + puppet-lint (>= 3, < 5) + puppet-lint-unquoted_string-check (3.0.0) + puppet-lint (>= 3, < 5) + puppet-lint-variable_contains_upcase (2.0.0) + puppet-lint (>= 3, < 5) + puppet-lint-version_comparison-check (2.0.0) + puppet-lint (>= 3, < 5) + puppet-modulebuilder (1.0.0) + minitar (~> 0.9) + pathspec (>= 0.2.1, < 2.0.0) + puppet-resource_api (1.9.0) + hocon (>= 1.0) + puppet-strings (4.1.2) + rgen (~> 0.9) + yard (~> 0.9) + puppet-syntax (4.1.1) + puppet (>= 7, < 9) + rake (~> 13.1) + puppet_metadata (3.7.1) + metadata-json-lint (>= 2.0, < 5) + semantic_puppet (~> 1.0) + puppetlabs_spec_helper (7.2.0) + mocha (~> 1.0) + pathspec (>= 0.2, < 2.0.0) + puppet-lint (~> 4.0) + puppet-syntax (~> 4.1, >= 4.1.1) + rspec-github (~> 2.0) + rspec-puppet (~> 4.0) + racc (1.8.0) + rainbow (3.1.1) + rake (13.2.1) + rb-fsevent (0.11.2) + rb-inotify (0.11.1) + ffi (~> 1.0) + regexp_parser (2.9.2) + rest-client (2.1.0) + http-accept (>= 1.7.0, < 2.0) + http-cookie (>= 1.0.2, < 2.0) + mime-types (>= 1.16, < 4.0) + netrc (~> 0.8) + rexml (3.2.8) + strscan (>= 3.0.9) + rgen (0.9.1) + rspec (3.13.0) + rspec-core (~> 3.13.0) + rspec-expectations (~> 3.13.0) + rspec-mocks (~> 3.13.0) + rspec-core (3.13.0) + rspec-support (~> 3.13.0) + rspec-expectations (3.13.0) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.13.0) + rspec-github (2.4.0) + rspec-core (~> 3.0) + rspec-its (1.3.0) + rspec-core (>= 3.0.0) + rspec-expectations (>= 3.0.0) + rspec-mocks (3.13.1) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.13.0) + rspec-puppet (4.0.2) + rspec (~> 3.0) + rspec-puppet-facts (2.0.5) + facter + facterdb (>= 0.5.0) + puppet + rspec-puppet-utils (3.4.0) + mocha + puppet + puppetlabs_spec_helper + rspec + rspec-puppet + rspec-support (3.13.1) + rsync (1.0.9) + rubocop (1.50.2) + json (~> 2.3) + parallel (~> 1.10) + parser (>= 3.2.0.0) + rainbow (>= 2.2.2, < 4.0) + regexp_parser (>= 1.8, < 3.0) + rexml (>= 3.2.5, < 4.0) + rubocop-ast (>= 1.28.0, < 2.0) + ruby-progressbar (~> 1.7) + unicode-display_width (>= 2.4.0, < 3.0) + rubocop-ast (1.31.3) + parser (>= 3.3.1.0) + rubocop-capybara (2.20.0) + rubocop (~> 1.41) + rubocop-rake (0.6.0) + rubocop (~> 1.0) + rubocop-rspec (2.20.0) + rubocop (~> 1.33) + rubocop-capybara (~> 2.17) + ruby-progressbar (1.13.0) + rubyntlm (0.6.3) + sawyer (0.9.2) + addressable (>= 2.3.5) + faraday (>= 0.17.3, < 3) + scanf (1.0.0) + semantic_puppet (1.1.0) + serverspec (2.42.3) + multi_json + rspec (~> 3.0) + rspec-its + specinfra (~> 2.72) + sfl (2.3) + shellany (0.0.1) + simplecov (0.16.1) + docile (~> 1.1) + json (>= 1.8, < 3) + simplecov-html (~> 0.10.0) + simplecov-console (0.9.1) + ansi + simplecov + terminal-table + simplecov-html (0.10.2) + singleton (0.2.0) + spdx-licenses (1.3.0) + specinfra (2.89.0) + net-scp + net-ssh (>= 2.7) + net-telnet + sfl + stringify-hash (0.0.2) + strscan (3.1.0) + sync (0.5.0) + term-ansicolor (1.8.0) + tins (~> 1.0) + terminal-table (3.0.2) + unicode-display_width (>= 1.1.1, < 3) + thor (1.2.2) + timers (4.3.5) + tins (1.33.0) + bigdecimal + sync + traces (0.11.1) + tzinfo (2.0.6) + concurrent-ruby (~> 1.0) + unicode-display_width (2.5.0) + uri (0.13.0) + voxpupuli-acceptance (3.1.0) + bcrypt_pbkdf (~> 1.1) + beaker (>= 4.33, < 6) + beaker-docker (~> 2.1) + beaker-hiera (~> 1.0) + beaker-hostgenerator (~> 2.2) + beaker-rspec (~> 8.0, >= 8.0.1) + beaker-vagrant (~> 1.2) + beaker_puppet_helpers (~> 1.3) + puppet-modulebuilder (~> 1.0) + rake (~> 13.0, >= 13.0.6) + rspec-github (~> 2.0) + serverspec (~> 2.42, >= 2.42.2) + winrm (~> 2.3, >= 2.3.6) + voxpupuli-puppet-lint-plugins (5.0.0) + puppet-lint (~> 4.0) + puppet-lint-absolute_classname-check (~> 4.0) + puppet-lint-anchor-check (~> 2.0) + puppet-lint-file_ensure-check (~> 2.0) + puppet-lint-leading_zero-check (~> 2.0) + puppet-lint-lookup_in_parameter-check (~> 2.0) + puppet-lint-manifest_whitespace-check (~> 0.3, < 1.0.0) + puppet-lint-optional_default-check (~> 2.0) + puppet-lint-param-docs (~> 2.0) + puppet-lint-param-types (~> 2.0) + puppet-lint-params_empty_string-check (~> 2.0) + puppet-lint-resource_reference_syntax (~> 2.0) + puppet-lint-strict_indent-check (~> 3.0) + puppet-lint-topscope-variable-check (~> 2.0) + puppet-lint-trailing_comma-check (~> 2.0) + puppet-lint-unquoted_string-check (~> 3.0) + puppet-lint-variable_contains_upcase (~> 2.0) + puppet-lint-version_comparison-check (~> 2.0) + voxpupuli-release (3.0.1) + faraday-retry (~> 2.1) + github_changelog_generator (~> 1.16, >= 1.16.4) + puppet-blacksmith (~> 7.0) + puppet-strings (~> 4) + rake (~> 13.0, >= 13.0.6) + voxpupuli-test (7.1.0) + facterdb (>= 1.4.0, < 2) + metadata-json-lint (~> 4.0) + parallel_tests (~> 4.2) + puppet-strings (~> 4.0) + puppetlabs_spec_helper (~> 7.0, >= 7.0.1) + rake (~> 13.0, >= 13.0.6) + rspec-puppet (~> 4.0) + rspec-puppet-facts (~> 2.0, >= 2.0.5) + rspec-puppet-utils (~> 3.4) + rubocop (~> 1.50.0) + rubocop-rake (~> 0.6.0) + rubocop-rspec (~> 2.20.0) + voxpupuli-puppet-lint-plugins (~> 5.0) + winrm (2.3.6) + builder (>= 2.1.2) + erubi (~> 1.8) + gssapi (~> 1.2) + gyoku (~> 1.0) + httpclient (~> 2.2, >= 2.2.0.2) + logging (>= 1.6.1, < 3.0) + nori (~> 2.0) + rubyntlm (~> 0.6.0, >= 0.6.3) + yard (0.9.36) + +PLATFORMS + ruby + x86_64-linux + +DEPENDENCIES + coveralls + facter + guard-rake + overcommit (>= 0.39.1) + puppet (~> 7.24) + puppet_metadata (~> 3.5) + rake + simplecov-console + voxpupuli-acceptance (~> 3.0) + voxpupuli-release (~> 3.0) + voxpupuli-test (~> 7.0) + +BUNDLED WITH + 2.5.4 diff --git a/Rakefile b/Rakefile new file mode 100644 index 0000000..b211ba0 --- /dev/null +++ b/Rakefile @@ -0,0 +1,44 @@ +# Managed by modulesync - DO NOT EDIT +# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ + +# Attempt to load voxpupuli-test (which pulls in puppetlabs_spec_helper), +# otherwise attempt to load it directly. +begin + require 'voxpupuli/test/rake' +rescue LoadError + begin + require 'puppetlabs_spec_helper/rake_tasks' + rescue LoadError + end +end + +# load optional tasks for acceptance +# only available if gem group releases is installed +begin + require 'voxpupuli/acceptance/rake' +rescue LoadError +end + +# load optional tasks for releases +# only available if gem group releases is installed +begin + require 'voxpupuli/release/rake_tasks' +rescue LoadError + # voxpupuli-release not present +else + GCGConfig.user = 'voxpupuli' + GCGConfig.project = 'puppet-borg' +end + +desc "Run main 'test' task and report merged results to coveralls" +task test_with_coveralls: [:test] do + if Dir.exist?(File.expand_path('../lib', __FILE__)) + require 'coveralls/rake/task' + Coveralls::RakeTask.new + Rake::Task['coveralls:push'].invoke + else + puts 'Skipping reporting to coveralls. Module has no lib dir' + end +end + +# vim: syntax=ruby diff --git a/manifests/init.pp b/manifests/init.pp new file mode 100644 index 0000000..b6b3821 --- /dev/null +++ b/manifests/init.pp @@ -0,0 +1,43 @@ +# +# @summary installs bolt via yumrepo or release package +# +# @param version +# @param base_url +# @param gpgkey +# @param use_release_package +# +# @author Tim Meusel +# +class bolt ( + String[1] $version = '3.29.0', + Stdlib::HTTPSUrl $base_url = 'https://yum.puppet.com/', + String[1] $release_package = "puppet-tools-release-el-${facts['os']['release']['major']}.noarch.rpm", + String[1] $gpgkey = 'RPM-GPG-KEY-puppet-20250406', + Boolean $use_release_package = true, +) { + unless $facts['os']['family'] == 'RedHat' { + fail('class bolt only works on RedHat OS family') + } + + if $use_release_package { + package { 'puppet-tools-release': + ensure => present, + source => "${base_url}${release_package}", + before => Package['puppet-bolt'], + } + } else { + yumrepo { 'puppet-tools': + ensure => 'present', + baseurl => "${base_url}puppet-tools/el/${facts['os']['release']['major']}/\$basearch", + descr => "Puppet Tools Repository el ${facts['os']['release']['major']} - \$basearch", + enabled => '1', + gpgcheck => '1', + gpgkey => "${base_url}${gpgkey}", + before => Package['puppet-bolt'], + } + } + + package { 'puppet-bolt': + ensure => $version, + } +} diff --git a/manifests/project.pp b/manifests/project.pp new file mode 100644 index 0000000..3107ee0 --- /dev/null +++ b/manifests/project.pp @@ -0,0 +1,95 @@ +# +# @summary creates required files for a bolt project. Will create one oneshot service for each plan +# +# @param basepath +# @param project +# +# @author Tim Meusel +# +define bolt::project ( + Stdlib::Absolutepath $basepath = '/opt/', + String[1] $project = $name, + String[1] $owner = $project, + String[1] $group = $project, + Boolean $manage_user = true, + Array[String[1]] $plans = [], + String[1] $environment = 'peadm', + Array[Stdlib::Absolutepath] $modulepaths = ["/etc/puppetlabs/code/environments/${environment}/modules", "/etc/puppetlabs/code/environments/${environment}/site",], +) { + # installs bolt + require bolt + + # ensure /tmp is mounted with +exec, otherwise we cannot call bolt later on + + $project_path = "${basepath}${name}" + if $manage_user { + user { $project: + ensure => 'present', + managehome => true, + purge_ssh_keys => true, + system => true, + home => $project_path, + gid => $project, + groups => ['pe-puppet'], # required to read codedir + shell => '/sbin/nologin', + comment => 'user to run bolt plans', + } + group { $project: + ensure => 'present', + system => true, + } + } + file { $project_path: + ensure => 'directory', + owner => $owner, + group => $group, + } + + $bolt_project = { + 'analytics' => false, + 'name' => $project, + 'modulepath' => $modulepaths, + 'stream' => true, + 'puppetdb' => { 'server_urls' => ['http://127.0.0.1:8080'] }, + }.stdlib::to_yaml({ 'indentation' => 2 }) + + file { "${project_path}/bolt-project.yaml": + ensure => 'file', + owner => $owner, + group => $group, + content => $bolt_project, + } + + $inventory = { + 'groups' => [ + { + 'name' => 'primary', + 'targets' => [ + { + 'name' => $facts['networking']['fqdn'], + 'uri' => 'local://localhost', + },, + ] + } + ], + }.stdlib::to_yaml({ indentation => 2 }) + + file { "${project_path}/inventory.yaml": + ensure => 'file', + owner => $owner, + group => $group, + content => $inventory, + } + + $data = { 'project' => $project, 'user'=> $owner, 'group' => $group, 'project_path' => $project_path, 'environment' => 'peadm' } + + systemd::unit_file { "${project}@.service": + content => epp("${module_name}/project.service.epp", $data), + } + + include sudo + sudo::conf { $owner: + priority => 10, + content => "${owner} ALL=(ALL) NOPASSWD: ALL", + } +} diff --git a/metadata.json b/metadata.json new file mode 100644 index 0000000..68a387c --- /dev/null +++ b/metadata.json @@ -0,0 +1,69 @@ +{ + "name": "puppet-bolt", + "version": "1.0.0", + "source": "https://github.com/voxpupuli/puppet-bolt", + "author": "Vox Pupuli", + "license": "AGPL-3.0", + "summary": "configures bolt and provides hacks to execute it via systemd services", + "project_page": "https://github.com/voxpupuli/puppet-bolt", + "issues_url": "https://github.com/voxpupuli/puppet-bolt/issues", + "dependencies": [ + { + "name": "puppetlabs/stdlib", + "version_requirement": ">= 9.6.0 < 10.0.0" + }, + { + "name": "puppet/systemd", + "version_requirement": ">= 7.0.0 < 8.0.0" + }, + { + "name": "saz/sudo", + "version_requirement": ">= 8.0.0 < 9.0.0" + } + ], + "operatingsystem_support": [ + { + "operatingsystem": "AlmaLinux", + "operatingsystemrelease": [ + "8", + "9" + ] + }, + { + "operatingsystem": "Rocky", + "operatingsystemrelease": [ + "8", + "9" + ] + }, + { + "operatingsystem": "RedHat", + "operatingsystemrelease": [ + "7", + "8", + "9" + ] + }, + { + "operatingsystem": "CentOS", + "operatingsystemrelease": [ + "7", + "8", + "9" + ] + }, + { + "operatingsystem": "OracleLinux", + "operatingsystemrelease": [ + "8", + "9" + ] + } + ], + "requirements": [ + { + "name": "puppet", + "version_requirement": ">= 7.0.0 < 9.0.0" + } + ] +} diff --git a/templates/project.service.epp b/templates/project.service.epp new file mode 100644 index 0000000..01cb41e --- /dev/null +++ b/templates/project.service.epp @@ -0,0 +1,24 @@ +<%- | String[1] $project, + String[1] $user, + String[1] $group, + String[1] $project_path, + String[1] $environment, +| -%> +# THIS FILE IS MANAGED BY PUPPET +[Unit] +Description=run bolt plans in project <%= $project %> +Documentation=https://www.puppet.com/docs/bolt/latest/bolt +Documentation=https://www.freedesktop.org/software/systemd/man/latest/systemd.service.html +Documentation=https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html +Documentation=https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html + +[Service] +Type=exec +# We hardcode the params file in ExecStart, so we need to ensure it exists always, +# even for plans that don't accept any parameters. Problem is, bolt expects a valid json file :sadface: +#ExecStartPre=/usr/bin/touch @<%= $project_path %>/%i.json +ExecStart=/opt/puppetlabs/bin/bolt plan run %i --params @<%= $project_path %>/%i.json +User=<%= $user %> +Group=<%= $group %> +WorkingDirectory=<%= $project_path %> +# don't add RemainAfterExit, then we cannot tracke the state via puppet anymore after bolt started