Setup Puppet Environment

Ansible sets up a puppet master and puppet agent on two virtual
machines with a hello world puppet application.

.gitignore

@@ -0,0 +1,3 @@
+.vagrant
+*.retry
+

Vagrantfile

@@ -0,0 +1,41 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+
+  # Disable default syncing of the project directory
+  config.vm.synced_folder ".", "/vagrant", disabled: true
+ 
+  # Puppet Master
+  config.vm.define "master" do |master|
+    master.vm.box = "debian/stretch64"
+    master.vm.hostname = "puppetmaster"
+    master.vm.network 'private_network', ip: '192.168.121.100'
+
+    # Setup Puppet Master via Ansible
+    master.vm.provision "ansible" do |ansible|
+      ansible.compatibility_mode = "2.0"
+      ansible.playbook = "setup/master.yml"
+    end
+
+    # Sync Puppet code to Puppet Master
+    master.vm.synced_folder "./code", "/etc/puppet/code"
+
+  end
+
+  # Puppet Agent
+  config.vm.define "webserv" do |webserv|
+    webserv.vm.box = "debian/stretch64"
+    webserv.vm.hostname = "webserver"
+    webserv.vm.network 'private_network', ip: '192.168.121.101'
+
+    # Setup Puppet Agent via Ansible
+    webserv.vm.provision "ansible" do |ansible|
+      ansible.compatibility_mode = "2.0"
+      ansible.playbook = "setup/client.yml"
+    end
+
+  end
+
+end
+

code/environments/production/manifests/site.pp

@@ -0,0 +1,3 @@
+node 'webserver' {
+  notify { 'Hello Puppet!': }
+}

setup/client.yml

@@ -0,0 +1,6 @@
+- hosts: all
+  become: yes
+  roles:
+    - common
+    - client
+

setup/master.yml

@@ -0,0 +1,6 @@
+- hosts: all
+  become: yes
+  roles:
+    - common
+    - server
+

setup/roles/client/tasks/main.yml

@@ -0,0 +1,26 @@
+- name: Install Puppet Agent
+  apt: name=puppet state=present
+  register: agent_install
+
+- name: Deploy puppet.conf
+  template:
+    src: puppet.conf.j2
+    dest: /etc/puppet/puppet.conf
+
+- name: Start Puppet
+  service: name=puppet state=started
+
+- name: Wait for Puppet Master
+  wait_for:
+    host: puppet
+    port: 8140
+    delay: 10
+  when: agent_install.changed
+ 
+- name: Request Puppet Master
+  command: puppet agent -t
+  register: send_csr
+  failed_when: send_csr.rc > 1
+  when: agent_install.changed
+  become_user: vagrant
+

setup/roles/client/templates/puppet.conf.j2

@@ -0,0 +1,6 @@
+[main]
+ssldir = /var/lib/puppet/ssl
+
+[agent]
+server = puppet
+

setup/roles/common/tasks/main.yml

@@ -0,0 +1,14 @@
+# vi uses elvis-tiny on Debian. vim is better.
+- name: Install VIM
+  apt: name=vim state=present
+
+- name: Lock Puppet Version
+  template: 
+    src: 00-puppet.pref.j2
+    dest: /etc/apt/preferences.d/00-puppet.pref
+
+- name: Deploy hosts file
+  template:
+    src: hosts.j2
+    dest: /etc/hosts
+

setup/roles/common/templates/00-puppet.pref.j2

@@ -0,0 +1,4 @@
+Package: puppet puppetmaster
+Pin: version 4.8*
+Pin-Priority: 501
+

setup/roles/common/templates/hosts.j2

@@ -0,0 +1,11 @@
+127.0.0.1 localhost
+127.0.1.1 {{ ansible_hostname }}
+
+# The following lines are desirable for IPv6 capable hosts                               
+::1     localhost ip6-localhost ip6-loopback                                             
+ff02::1 ip6-allnodes                                                                     
+ff02::2 ip6-allrouters
+
+192.168.121.100 puppet 
+192.168.121.101 webserver 
+

setup/roles/server/tasks/main.yml

@@ -0,0 +1,22 @@
+- name: Install Puppet Master
+  apt: name=puppetmaster state=present
+  register: pup_install
+
+- name: Install NTP
+  apt: name=ntp state=present
+  register: ntp_status
+
+- name: Restart NTP
+  service: name=ntp state=restarted
+  when: ntp_status.changed
+
+- name: Wait for Webserver Key
+  wait_for:
+    path: /var/lib/puppet/ssl/ca/requests/webserver.pem
+  when: pup_install.changed
+
+- name: Sign Webserver Key
+  command: puppet cert sign webserver
+  args:
+    removes: /var/lib/puppet/ssl/ca/requests/webserver.pem
+