From 63abd80d7bae459cbd0d1469bad0390ccdefaec2 Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Tue, 17 Jun 2025 16:40:25 +0200 Subject: [PATCH 01/13] Improvements to psick::admin --- CHANGELOG.md | 5 +++++ manifests/admin.pp | 6 +++++- manifests/admin/master.pp | 28 ++++++++++++++++++++++------ manifests/admin/node.pp | 15 +++++++++------ manifests/admin/user.pp | 7 +++++-- manifests/puppet/pe_agent.pp | 2 +- metadata.json | 2 +- templates/admin/sudo.epp | 2 ++ 8 files changed, 50 insertions(+), 17 deletions(-) create mode 100644 templates/admin/sudo.epp diff --git a/CHANGELOG.md b/CHANGELOG.md index f5318fdc..b22dcec5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ ## Changelog +## Release 1.1.2 + +- Improvements to psick::admin class +- Fix to psick::puppet::pe_agent settings + ## Release 1.1.1 - A few more puppet 8 fixes diff --git a/manifests/admin.pp b/manifests/admin.pp index b0e487e6..b61dc46e 100644 --- a/manifests/admin.pp +++ b/manifests/admin.pp @@ -63,6 +63,7 @@ String $node_class = '::psick::admin::node', String $user = 'admin', + String $group = 'admin', String $master = '', # lint:ignore:params_empty_string_assignment Variant[Undef,String] $keyshare_method = 'storeconfigs', @@ -75,13 +76,16 @@ Boolean $manage = $psick::manage, Boolean $noop_manage = $psick::noop_manage, Boolean $noop_value = $psick::noop_value, + + Boolean $notify_changed_user = true, + Boolean $manage_host_key = true, ) { if $manage { if $noop_manage { noop($noop_value) } - if $user != 'admin' { + if $user != 'admin' and $notify_changed_user { notify { 'admin user warning': message => 'If you change the default admin user name change psick/facts.d/admin_user_key.sh or set $::psick::admin::master::ssh_key', # lint:ignore:140chars } diff --git a/manifests/admin/master.pp b/manifests/admin/master.pp index 740578dd..ddd5b512 100644 --- a/manifests/admin/master.pp +++ b/manifests/admin/master.pp @@ -6,10 +6,14 @@ Variant[Undef,String] $inventory_epp = undef, Variant[Undef,String] $ssh_key = undef, + Variant[Undef,String] $from = undef, Boolean $manage = $psick::manage, Boolean $noop_manage = $psick::noop_manage, Boolean $noop_value = $psick::noop_value, + + Boolean $manage_host_key = $psick::admin::manage_host_key, + ) { if $manage { if $noop_manage { @@ -19,14 +23,26 @@ if $psick::admin::keyshare_method == 'storeconfigs' and ($ssh_key or getvar('facts.admin_user_key')) { + if $from { + $options = {} + + } else { + $options = [from] + from => $from, + } + } @@ssh_authorized_key { "admin_user_${psick::admin::user}_rsa-${facts['clientcert']}": - ensure => $ensure, - key => pick($ssh_key,getvar('facts.admin_user_key')), - user => $psick::admin::user, - type => 'rsa', - tag => "admin_master_${psick::admin::master}", + ensure => $ensure, + key => pick($ssh_key,getvar('facts.admin_user_key')), + user => $psick::admin::user, + type => 'rsa', + tag => "admin_master_${psick::admin::master}", + options => $options, + } + + if $manage_host_key { + Sshkey <<| tag == "admin_node_${psick::admin::master}_rsa" |>> } - Sshkey <<| tag == "admin_node_${psick::admin::master}_rsa" |>> } } } diff --git a/manifests/admin/node.pp b/manifests/admin/node.pp index 46c56717..768c7111 100644 --- a/manifests/admin/node.pp +++ b/manifests/admin/node.pp @@ -6,6 +6,7 @@ Boolean $manage = $psick::manage, Boolean $noop_manage = $psick::noop_manage, Boolean $noop_value = $psick::noop_value, + Boolean $manage_host_key = $psick::admin::manage_host_key, ) { if $manage { if $noop_manage { @@ -14,12 +15,14 @@ include psick::admin if $psick::admin::keyshare_method == 'storeconfigs' { - @@sshkey { "admin_${facts['networking']['fqdn']}_rsa": - ensure => $ensure, - host_aliases => [$facts['networking']['fqdn'], $facts['networking']['hostname'], $facts['networking']['ip']], - type => 'ssh-rsa', - key => $facts['ssh']['rsa']['key'], - tag => "admin_node_${psick::admin::master}_rsa", + if $manage_host_key { + @@sshkey { "admin_${facts['networking']['fqdn']}_rsa": + ensure => $ensure, + host_aliases => [$facts['networking']['fqdn'], $facts['networking']['hostname'], $facts['networking']['ip']], + type => 'ssh-rsa', + key => $facts['ssh']['rsa']['key'], + tag => "admin_node_${psick::admin::master}_rsa", + } } # Authorize master host ssh key for remote connection Ssh_authorized_key <<| tag == "admin_master_${psick::admin::master}" |>> diff --git a/manifests/admin/user.pp b/manifests/admin/user.pp index d8fb6331..4298a8ec 100644 --- a/manifests/admin/user.pp +++ b/manifests/admin/user.pp @@ -4,12 +4,15 @@ Variant[Boolean,String] $ensure = pick($psick::admin::ensure, 'present'), Optional[String] $password = undef, Boolean $configure_sudo = true, + String $sudo_template = 'psick/admin/sudo.epp', + Boolean $run_ssh_keygen = true, Boolean $manage = $psick::manage, Boolean $noop_manage = $psick::noop_manage, Boolean $noop_value = $psick::noop_value, + ) { if $manage { if $noop_manage { @@ -33,7 +36,7 @@ ensure => $dir_ensure, mode => '0700', owner => $psick::admin::user, - group => $psick::admin::user, + group => $psick::admin::group, require => User[$psick::admin::user], } @@ -53,7 +56,7 @@ mode => '0440', owner => 'root', group => 'root', - content => "${psick::admin::user} ALL = NOPASSWD : ALL\n", + content => $sudo_template, } } } diff --git a/manifests/puppet/pe_agent.pp b/manifests/puppet/pe_agent.pp index 3267a91d..fbd1945e 100644 --- a/manifests/puppet/pe_agent.pp +++ b/manifests/puppet/pe_agent.pp @@ -89,7 +89,7 @@ notify => $service_notify, } $ini_settings_hash.each | $k,$v | { - $k.each | $kk,$vv | { + $v.each | $kk,$vv | { $ini_settings = { section => $k, setting => $kk, diff --git a/metadata.json b/metadata.json index aaafaf4b..f68d9578 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "example42-psick", - "version": "1.1.1", + "version": "1.1.2", "author": "Example42", "summary": "Psick: the infrastructure module.", "license": "Apache-2.0", diff --git a/templates/admin/sudo.epp b/templates/admin/sudo.epp new file mode 100644 index 00000000..b682f744 --- /dev/null +++ b/templates/admin/sudo.epp @@ -0,0 +1,2 @@ +# File managed by Puppet +<%= $psick::admin::user %> ALL = NOPASSWD : ALL From 79f6eeddf0e88b609071643c53c6864f5ba0ad22 Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Tue, 17 Jun 2025 16:48:12 +0200 Subject: [PATCH 02/13] Fix from option --- manifests/admin/master.pp | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/manifests/admin/master.pp b/manifests/admin/master.pp index ddd5b512..11d3d3b4 100644 --- a/manifests/admin/master.pp +++ b/manifests/admin/master.pp @@ -24,13 +24,11 @@ if $psick::admin::keyshare_method == 'storeconfigs' and ($ssh_key or getvar('facts.admin_user_key')) { if $from { - $options = {} - + $options = "from=\"${from}\"" } else { - $options = [from] - from => $from, - } + $options = undef, } + @@ssh_authorized_key { "admin_user_${psick::admin::user}_rsa-${facts['clientcert']}": ensure => $ensure, key => pick($ssh_key,getvar('facts.admin_user_key')), From a64a631c866dd5388691a50ac2693809039b4ee4 Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Tue, 17 Jun 2025 16:57:49 +0200 Subject: [PATCH 03/13] Syntax --- manifests/admin/master.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/admin/master.pp b/manifests/admin/master.pp index 11d3d3b4..6d81fb88 100644 --- a/manifests/admin/master.pp +++ b/manifests/admin/master.pp @@ -26,7 +26,7 @@ if $from { $options = "from=\"${from}\"" } else { - $options = undef, + $options = undef } @@ssh_authorized_key { "admin_user_${psick::admin::user}_rsa-${facts['clientcert']}": From ce1027a105cecdc90cacd722cba37159b366f9b1 Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Tue, 17 Jun 2025 19:39:04 +0200 Subject: [PATCH 04/13] Lint --- manifests/admin/user.pp | 1 - 1 file changed, 1 deletion(-) diff --git a/manifests/admin/user.pp b/manifests/admin/user.pp index 4298a8ec..9ec4ad5e 100644 --- a/manifests/admin/user.pp +++ b/manifests/admin/user.pp @@ -12,7 +12,6 @@ Boolean $noop_manage = $psick::noop_manage, Boolean $noop_value = $psick::noop_value, - ) { if $manage { if $noop_manage { From 145586f79a33a5002127df5c3af4a56ca86a3a59 Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Wed, 18 Jun 2025 09:14:27 +0200 Subject: [PATCH 05/13] Added manage_host_key param to bolt --- manifests/bolt.pp | 4 ++-- manifests/bolt/master.pp | 7 ++++++- manifests/bolt/node.pp | 16 ++++++++++------ 3 files changed, 18 insertions(+), 9 deletions(-) diff --git a/manifests/bolt.pp b/manifests/bolt.pp index b1bcb8f7..ca4e9a38 100644 --- a/manifests/bolt.pp +++ b/manifests/bolt.pp @@ -4,8 +4,8 @@ Variant[Boolean,String] $ensure = present, - String $master_class = '::psick::bolt::master', - String $node_class = '::psick::bolt::node', + String $master_class = 'psick::bolt::master', + String $node_class = 'psick::bolt::node', String $bolt_user = 'bolt', String $bolt_group = 'bolt', diff --git a/manifests/bolt/master.pp b/manifests/bolt/master.pp index ffd0893a..4ab5d614 100644 --- a/manifests/bolt/master.pp +++ b/manifests/bolt/master.pp @@ -17,6 +17,9 @@ Boolean $run_ssh_keygen = true, String $fact_template = 'psick/bolt/bolt_user_key.sh.erb', + # Management of hostkeys + Boolean $manage_host_key = true, + # Management of automatic host list files used by bolt command Variant[Undef,String] $inventory_epp = undef, Boolean $generate_nodes_list = true, @@ -116,7 +119,9 @@ type => 'rsa', tag => "bolt_master_${psick::bolt::master}_${psick::bolt::bolt_user}", } - Sshkey <<| tag == "bolt_node_${psick::bolt::master}_rsa" |>> + if $manage_host_key { + Sshkey <<| tag == "bolt_node_${psick::bolt::master}_rsa" |>> + } } if $psick::bolt::bolt_user_pub_key and $psick::bolt::bolt_user_priv_key { diff --git a/manifests/bolt/node.pp b/manifests/bolt/node.pp index b001ff17..4fdefb04 100644 --- a/manifests/bolt/node.pp +++ b/manifests/bolt/node.pp @@ -8,6 +8,8 @@ Boolean $configure_sudo = true, String $sudo_template = 'psick/bolt/user/sudo.erb', + Boolean $manage_host_key = true, + Boolean $manage = $psick::manage, Boolean $noop_manage = $psick::noop_manage, Boolean $noop_value = $psick::noop_value, @@ -59,12 +61,14 @@ } if $psick::bolt::keyshare_method == 'storeconfigs' { - @@sshkey { "bolt_${facts['networking']['fqdn']}_rsa": - ensure => $ensure, - host_aliases => [$facts['networking']['fqdn'], $facts['networking']['hostname'], $facts['networking']['ip']], - type => 'ssh-rsa', - key => $facts['ssh']['rsa']['key'], - tag => "bolt_node_${psick::bolt::master}_rsa", + if $manage_host_key { + @@sshkey { "bolt_${facts['networking']['fqdn']}_rsa": + ensure => $ensure, + host_aliases => [$facts['networking']['fqdn'], $facts['networking']['hostname'], $facts['networking']['ip']], + type => 'ssh-rsa', + key => $facts['ssh']['rsa']['key'], + tag => "bolt_node_${psick::bolt::master}_rsa", + } } # Authorize master host bolt user ssh key for remote connection Ssh_authorized_key <<| tag == "bolt_master_${psick::bolt::master}_${psick::bolt::bolt_user}" |>> From 0e51d998bb157d0fc65706a92bce9e346fb2e487 Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Wed, 18 Jun 2025 09:38:35 +0200 Subject: [PATCH 06/13] Added psick::bolt::manage_host_key --- manifests/bolt.pp | 2 ++ manifests/bolt/master.pp | 2 +- manifests/bolt/node.pp | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/manifests/bolt.pp b/manifests/bolt.pp index ca4e9a38..3148348c 100644 --- a/manifests/bolt.pp +++ b/manifests/bolt.pp @@ -18,6 +18,8 @@ String $master = '', # lint:ignore:params_empty_string_assignment Enum['storeconfigs','static'] $keyshare_method = 'storeconfigs', + Boolean $manage_host_key = true, + Boolean $auto_prereq = $psick::auto_prereq, Boolean $is_master = false, diff --git a/manifests/bolt/master.pp b/manifests/bolt/master.pp index 4ab5d614..c1639762 100644 --- a/manifests/bolt/master.pp +++ b/manifests/bolt/master.pp @@ -18,7 +18,7 @@ String $fact_template = 'psick/bolt/bolt_user_key.sh.erb', # Management of hostkeys - Boolean $manage_host_key = true, + Boolean $manage_host_key = $psick::bolt::manage_host_key, # Management of automatic host list files used by bolt command Variant[Undef,String] $inventory_epp = undef, diff --git a/manifests/bolt/node.pp b/manifests/bolt/node.pp index 4fdefb04..d3ab879c 100644 --- a/manifests/bolt/node.pp +++ b/manifests/bolt/node.pp @@ -8,7 +8,7 @@ Boolean $configure_sudo = true, String $sudo_template = 'psick/bolt/user/sudo.erb', - Boolean $manage_host_key = true, + Boolean $manage_host_key = $psick::bolt::manage_host_key, Boolean $manage = $psick::manage, Boolean $noop_manage = $psick::noop_manage, From 64354d5de5eec5b85ea43d0dd6a32fbf03c7d16e Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Wed, 18 Jun 2025 09:50:41 +0200 Subject: [PATCH 07/13] Manage ssh dir param --- manifests/bolt/master.pp | 4 +++- manifests/bolt/node.pp | 15 +++++++++------ 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/manifests/bolt/master.pp b/manifests/bolt/master.pp index c1639762..e9529ce8 100644 --- a/manifests/bolt/master.pp +++ b/manifests/bolt/master.pp @@ -16,6 +16,7 @@ Boolean $create_bolt_user = true, Boolean $run_ssh_keygen = true, String $fact_template = 'psick/bolt/bolt_user_key.sh.erb', + Boolean $manage_ssh_dir = true, # Management of hostkeys Boolean $manage_host_key = $psick::bolt::manage_host_key, @@ -89,7 +90,8 @@ false => undef, } - if $run_ssh_keygen or $psick::bolt::bolt_user_pub_key { + if ($run_ssh_keygen or $psick::bolt::bolt_user_pub_key) + and $manage_ssh_dir { file { "${user_home_dir}/.ssh" : ensure => $dir_ensure, mode => '0700', diff --git a/manifests/bolt/node.pp b/manifests/bolt/node.pp index d3ab879c..b64bf995 100644 --- a/manifests/bolt/node.pp +++ b/manifests/bolt/node.pp @@ -9,6 +9,7 @@ String $sudo_template = 'psick/bolt/user/sudo.erb', Boolean $manage_host_key = $psick::bolt::manage_host_key, + Boolean $manage_ssh_dir = true, Boolean $manage = $psick::manage, Boolean $noop_manage = $psick::noop_manage, @@ -41,12 +42,14 @@ password => $user_password, } - file { "${user_home_dir}/.ssh" : - ensure => $dir_ensure, - mode => '0700', - owner => $psick::bolt::ssh_user, - group => $psick::bolt::ssh_group, - require => User[$psick::bolt::ssh_user], + if $manage_ssh_dir { + file { "${user_home_dir}/.ssh" : + ensure => $dir_ensure, + mode => '0700', + owner => $psick::bolt::ssh_user, + group => $psick::bolt::ssh_group, + require => User[$psick::bolt::ssh_user], + } } } From 020253b34202723a625cccc65c1f920d20caa573 Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Wed, 18 Jun 2025 10:06:07 +0200 Subject: [PATCH 08/13] Added from param --- manifests/bolt.pp | 10 +++++++++- manifests/bolt/master.pp | 20 ++++++++++++-------- manifests/bolt/node.pp | 10 ++++++---- 3 files changed, 27 insertions(+), 13 deletions(-) diff --git a/manifests/bolt.pp b/manifests/bolt.pp index 3148348c..0d5770a2 100644 --- a/manifests/bolt.pp +++ b/manifests/bolt.pp @@ -18,7 +18,9 @@ String $master = '', # lint:ignore:params_empty_string_assignment Enum['storeconfigs','static'] $keyshare_method = 'storeconfigs', - Boolean $manage_host_key = true, + Variant[Undef,String] $from = undef, + + Boolean $manage_host_key = true, Boolean $auto_prereq = $psick::auto_prereq, @@ -37,6 +39,12 @@ noop($noop_value) } + if $from { + $ssh_auth_key_options = "from=\"${from}\"" + } else { + $ssh_auth_key_options = undef + } + if $is_node { contain $node_class } diff --git a/manifests/bolt/master.pp b/manifests/bolt/master.pp index e9529ce8..a66fabd6 100644 --- a/manifests/bolt/master.pp +++ b/manifests/bolt/master.pp @@ -115,28 +115,32 @@ and defined('psick::bolt::bolt_user_pub_key') or defined('bolt_user_key') { @@ssh_authorized_key { "bolt_user_${psick::bolt::ssh_user}_rsa-${facts['clientcert']}": - ensure => $ensure, - key => pick($psick::bolt::bolt_user_pub_key,getvar('facts.bolt_user_key')), - user => $psick::bolt::ssh_user, - type => 'rsa', - tag => "bolt_master_${psick::bolt::master}_${psick::bolt::bolt_user}", + ensure => $ensure, + key => pick($psick::bolt::bolt_user_pub_key,getvar('facts.bolt_user_key')), + user => $psick::bolt::ssh_user, + type => 'rsa', + tag => "bolt_master_${psick::bolt::master}_${psick::bolt::bolt_user}", + options => $psick::bolt::ssh_auth_key_options, } if $manage_host_key { Sshkey <<| tag == "bolt_node_${psick::bolt::master}_rsa" |>> } } - if $psick::bolt::bolt_user_pub_key and $psick::bolt::bolt_user_priv_key { + if $psick::bolt::bolt_user_pub_key { file { "${user_home_dir}/.ssh/id_rsa.pub": ensure => $dir_ensure, - mode => '0700', + mode => '0600', owner => $psick::bolt::bolt_user, group => $psick::bolt::bolt_group, content => $psick::bolt::bolt_user_pub_key, } + } + + if $psick::bolt::bolt_user_priv_key { file { "${user_home_dir}/.ssh/id_rsa": ensure => $dir_ensure, - mode => '0700', + mode => '0600', owner => $psick::bolt::bolt_user, group => $psick::bolt::bolt_group, content => $psick::bolt::bolt_user_priv_key, diff --git a/manifests/bolt/node.pp b/manifests/bolt/node.pp index b64bf995..bdca3de9 100644 --- a/manifests/bolt/node.pp +++ b/manifests/bolt/node.pp @@ -77,11 +77,13 @@ Ssh_authorized_key <<| tag == "bolt_master_${psick::bolt::master}_${psick::bolt::bolt_user}" |>> } if $psick::bolt::keyshare_method == 'static' { + ssh_authorized_key { "bolt_user_${psick::bolt::ssh_user}_rsa-${psick::bolt::bolt_user_pub_key}": - ensure => $ensure, - key => $psick::bolt::bolt_user_pub_key, - user => $psick::bolt::ssh_user, - type => 'rsa', + ensure => $ensure, + key => $psick::bolt::bolt_user_pub_key, + user => $psick::bolt::ssh_user, + type => 'rsa', + options => $psick::bolt::ssh_auth_key_options, } } } From 53e0c58b084bb1a7106f77c5b9191ba4c7818794 Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Wed, 18 Jun 2025 10:15:11 +0200 Subject: [PATCH 09/13] files are not dirs --- manifests/bolt/master.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/bolt/master.pp b/manifests/bolt/master.pp index a66fabd6..8e9853bf 100644 --- a/manifests/bolt/master.pp +++ b/manifests/bolt/master.pp @@ -129,7 +129,7 @@ if $psick::bolt::bolt_user_pub_key { file { "${user_home_dir}/.ssh/id_rsa.pub": - ensure => $dir_ensure, + ensure => $ensure, mode => '0600', owner => $psick::bolt::bolt_user, group => $psick::bolt::bolt_group, @@ -139,7 +139,7 @@ if $psick::bolt::bolt_user_priv_key { file { "${user_home_dir}/.ssh/id_rsa": - ensure => $dir_ensure, + ensure => $ensure, mode => '0600', owner => $psick::bolt::bolt_user, group => $psick::bolt::bolt_group, From 360a35c232799c2528041fc3c9d76fc768cebb46 Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Wed, 18 Jun 2025 10:35:40 +0200 Subject: [PATCH 10/13] More options --- manifests/bolt.pp | 1 + manifests/bolt/master.pp | 2 +- manifests/bolt/node.pp | 4 ++-- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/manifests/bolt.pp b/manifests/bolt.pp index 0d5770a2..409c210e 100644 --- a/manifests/bolt.pp +++ b/manifests/bolt.pp @@ -14,6 +14,7 @@ String $ssh_user = 'root', String $ssh_group = 'root', + String $ssh_key_type = 'rsa', String $master = '', # lint:ignore:params_empty_string_assignment Enum['storeconfigs','static'] $keyshare_method = 'storeconfigs', diff --git a/manifests/bolt/master.pp b/manifests/bolt/master.pp index 8e9853bf..0601f098 100644 --- a/manifests/bolt/master.pp +++ b/manifests/bolt/master.pp @@ -118,7 +118,7 @@ ensure => $ensure, key => pick($psick::bolt::bolt_user_pub_key,getvar('facts.bolt_user_key')), user => $psick::bolt::ssh_user, - type => 'rsa', + type => $psick::bolt::ssh_key_type, tag => "bolt_master_${psick::bolt::master}_${psick::bolt::bolt_user}", options => $psick::bolt::ssh_auth_key_options, } diff --git a/manifests/bolt/node.pp b/manifests/bolt/node.pp index bdca3de9..e267ea2f 100644 --- a/manifests/bolt/node.pp +++ b/manifests/bolt/node.pp @@ -78,11 +78,11 @@ } if $psick::bolt::keyshare_method == 'static' { - ssh_authorized_key { "bolt_user_${psick::bolt::ssh_user}_rsa-${psick::bolt::bolt_user_pub_key}": + ssh_authorized_key { "bolt_user_${psick::bolt::ssh_user}_rsa-${psick::bolt::master}": ensure => $ensure, key => $psick::bolt::bolt_user_pub_key, user => $psick::bolt::ssh_user, - type => 'rsa', + type => $psick::bolt::ssh_key_type, options => $psick::bolt::ssh_auth_key_options, } } From d8672ee3e1e8c2d3d9ddb3e50792140ed6ff66af Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Wed, 18 Jun 2025 11:47:46 +0200 Subject: [PATCH 11/13] lints --- .puppet-lint.rc | 1 + manifests/bolt/master.pp | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.puppet-lint.rc b/.puppet-lint.rc index 9e15c6e0..df33c5ba 100644 --- a/.puppet-lint.rc +++ b/.puppet-lint.rc @@ -5,5 +5,6 @@ --no-class_inherits_from_params_class-check --no-autoloader_layout-check --no-documentation-check +--no-parameter-documentation-check --no-single_quote_string_with_variables-check --ignore-paths=.vendor/**/*.pp,.bundle/**/*.pp,pkg/**/*.pp,spec/**/*.pp,tests/**/*.pp,types/**/*.pp,vendor/**/*.pp diff --git a/manifests/bolt/master.pp b/manifests/bolt/master.pp index 0601f098..d9106333 100644 --- a/manifests/bolt/master.pp +++ b/manifests/bolt/master.pp @@ -60,7 +60,7 @@ } if $install_package { - package { 'bolt': + package { 'puppet-bolt': ensure => $ensure, } } From 7b3499fd62a9bd57227602fbb814ddba2214efdb Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Wed, 18 Jun 2025 14:00:28 +0200 Subject: [PATCH 12/13] Lints --- manifests/aws/puppet.pp | 2 +- manifests/bolt/master.pp | 6 +++--- manifests/bolt/node.pp | 1 - manifests/git/clone.pp | 2 +- manifests/hosts/resource.pp | 2 +- manifests/nodejs.pp | 2 +- manifests/puppet.pp | 2 +- manifests/puppet/autosign.pp | 2 +- manifests/puppet/ci.pp | 2 +- manifests/puppet/postrun.pp | 2 +- manifests/tools/gpgkey.pp | 2 +- manifests/update.pp | 4 ++-- 12 files changed, 14 insertions(+), 15 deletions(-) diff --git a/manifests/aws/puppet.pp b/manifests/aws/puppet.pp index 706d3ec6..9a91b5f6 100644 --- a/manifests/aws/puppet.pp +++ b/manifests/aws/puppet.pp @@ -15,7 +15,7 @@ } $install_modules.each | $mod | { psick::puppet::module { $mod: - user => $module_user, + user => $module_user, } } } diff --git a/manifests/bolt/master.pp b/manifests/bolt/master.pp index d9106333..69f31d30 100644 --- a/manifests/bolt/master.pp +++ b/manifests/bolt/master.pp @@ -61,14 +61,14 @@ if $install_package { package { 'puppet-bolt': - ensure => $ensure, + ensure => $ensure, } } # Management of the user running bolt $user_home_dir = $user_home ? { undef => $psick::bolt::bolt_user ? { - 'root' => '/root', + 'root' => '/root', default => "/home/${psick::bolt::bolt_user}", }, default => $user_home @@ -91,7 +91,7 @@ } if ($run_ssh_keygen or $psick::bolt::bolt_user_pub_key) - and $manage_ssh_dir { + and $manage_ssh_dir { file { "${user_home_dir}/.ssh" : ensure => $dir_ensure, mode => '0700', diff --git a/manifests/bolt/node.pp b/manifests/bolt/node.pp index e267ea2f..923e9b20 100644 --- a/manifests/bolt/node.pp +++ b/manifests/bolt/node.pp @@ -77,7 +77,6 @@ Ssh_authorized_key <<| tag == "bolt_master_${psick::bolt::master}_${psick::bolt::bolt_user}" |>> } if $psick::bolt::keyshare_method == 'static' { - ssh_authorized_key { "bolt_user_${psick::bolt::ssh_user}_rsa-${psick::bolt::master}": ensure => $ensure, key => $psick::bolt::bolt_user_pub_key, diff --git a/manifests/git/clone.pp b/manifests/git/clone.pp index 7271accf..cb940e4a 100644 --- a/manifests/git/clone.pp +++ b/manifests/git/clone.pp @@ -83,7 +83,7 @@ } } else { file { "/etc/cron.d/sync_${cron_safe_path}": - ensure => absent, + ensure => absent, } } diff --git a/manifests/hosts/resource.pp b/manifests/hosts/resource.pp index 10c3b124..e7c416ac 100644 --- a/manifests/hosts/resource.pp +++ b/manifests/hosts/resource.pp @@ -20,7 +20,7 @@ $all_hosts.each |$k,$v| { host { $k: - * => $v, + * => $v, } } } diff --git a/manifests/nodejs.pp b/manifests/nodejs.pp index 5aa18bb3..f6afdb61 100644 --- a/manifests/nodejs.pp +++ b/manifests/nodejs.pp @@ -87,7 +87,7 @@ ensure => $ensure, } package { $package_name: - * => $package_defaults + $package_params, + * => $package_defaults + $package_params, } } diff --git a/manifests/puppet.pp b/manifests/puppet.pp index 6feee460..765e425e 100644 --- a/manifests/puppet.pp +++ b/manifests/puppet.pp @@ -51,7 +51,7 @@ $modules.each | $mod | { psick::puppet::module { $mod: - user => $module_user, + user => $module_user, } } } diff --git a/manifests/puppet/autosign.pp b/manifests/puppet/autosign.pp index dad463ac..a1bf6546 100644 --- a/manifests/puppet/autosign.pp +++ b/manifests/puppet/autosign.pp @@ -25,7 +25,7 @@ case $autosign { 'off', default: { ini_setting { 'puppet_server_autosign_off': - ensure => absent, + ensure => absent, } } 'on': { diff --git a/manifests/puppet/ci.pp b/manifests/puppet/ci.pp index e217dabb..5f1c6184 100644 --- a/manifests/puppet/ci.pp +++ b/manifests/puppet/ci.pp @@ -57,7 +57,7 @@ if $modules != [] { $modules.each | $m | { psick::puppet::module { $m: - user => $modules_user, + user => $modules_user, } } } diff --git a/manifests/puppet/postrun.pp b/manifests/puppet/postrun.pp index 884ffdad..b5f2a492 100644 --- a/manifests/puppet/postrun.pp +++ b/manifests/puppet/postrun.pp @@ -36,7 +36,7 @@ } if $command { ini_setting { 'puppet_postrun_command': - value => $command, + value => $command, } } if $path { diff --git a/manifests/tools/gpgkey.pp b/manifests/tools/gpgkey.pp index fd7ab496..3a89d3f9 100644 --- a/manifests/tools/gpgkey.pp +++ b/manifests/tools/gpgkey.pp @@ -21,7 +21,7 @@ $short_title = regsubst($title,'RPM-GPG-KEY-','') gpg_key { $short_title: - path => "${rpm_gpg_dir_path}/${title}", + path => "${rpm_gpg_dir_path}/${title}", } if $checksum != '' { diff --git a/manifests/update.pp b/manifests/update.pp index 1413aea6..a1b7d0cb 100644 --- a/manifests/update.pp +++ b/manifests/update.pp @@ -42,7 +42,7 @@ if $facts['os']['family'] == 'RedHat' and $use_yum_cron { contain psick::yum::cron file { '/etc/cron.d/system_update': - ensure => absent, + ensure => absent, } } else { # Custom update script @@ -53,7 +53,7 @@ } } else { file { '/etc/cron.d/system_update': - ensure => absent, + ensure => absent, } } From fd8dc3a6bbdd14fd76c1f784ec981b0d1cc63a1b Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Wed, 18 Jun 2025 14:06:45 +0200 Subject: [PATCH 13/13] Updated CHANGELOG --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b22dcec5..9080c4ee 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,8 @@ ## Release 1.1.2 - Improvements to psick::admin class +- Improvements to psick::bolt class +- Lints - Fix to psick::puppet::pe_agent settings ## Release 1.1.1