3

��b67�@s�dZd
dl
Z
d
dlZd
dlmZ
d
dlZd
dlmZmZm	Z	m
Z
mZ
dZdg
Z
Gdd�de�Zd	d
�Zdd�Zeddd
fdd�
Zdd�ZdS)aK
Puppet
------
**Summary:** install, configure and start puppet

This module handles puppet installation and configuration. If the ``puppet``
key does not exist in global configuration, no action will be taken. If a
config entry for ``puppet`` is present, then by default the latest version of
puppet will be installed. If ``install`` is set to ``false``, puppet will not
be installed. However, this will result in an error if puppet is not already
present on the system. The version of puppet to be installed can be specified
under ``version``, and defaults to ``none``, which selects the latest version
in the repos. If the ``puppet`` config key exists in the config archive, this
module will attempt to start puppet even if no installation was performed.

The module also provides keys for configuring the new puppet 4 paths and
installing the puppet package from the puppetlabs repositories:
https://docs.puppet.com/puppet/4.2/reference/whered_it_go.html
The keys are ``package_name``, ``conf_file``, ``ssl_dir`` and
``csr_attributes_path``. If unset, their values will default to
ones that work with puppet 3.x and with distributions that ship modified
puppet 4.x that uses the old paths.

Agent packages from the puppetlabs repositories can be installed by setting
``install_type`` to ``aio``. Based on this setting, the default config/SSL/CSR
paths will be adjusted accordingly. To maintain backwards compatibility this
setting defaults to ``packages`` which will install puppet from the distro
packages.

If installing ``aio`` packages, ``collection`` can also be set to one of
``puppet`` (rolling release), ``puppet6``, ``puppet7`` (or their nightly
counterparts) in order to install specific release streams. By default, the
puppetlabs repository will be purged after installation finishes; set
``cleanup`` to ``false`` to prevent this. AIO packages are installed through a
shell script which is downloaded on the machine and then executed; the path to
this script can be overridden using the ``aio_install_url`` key.

Puppet configuration can be specified under the ``conf`` key. The
configuration is specified as a dictionary containing high-level ``<section>``
keys and lists of ``<key>=<value>`` pairs within each section. Each section
name and ``<key>=<value>`` pair is written directly to ``puppet.conf``. As
such,  section names should be one of: ``main``, ``server``, ``agent`` or
``user`` and keys should be valid puppet configuration options. The
``certname`` key supports string substitutions for ``%i`` and ``%f``,
corresponding to the instance id and fqdn of the machine respectively.
If ``ca_cert`` is present, it will not be written to ``puppet.conf``, but
instead will be used as the puppetserver certificate. It should be specified
in pem format as a multi-line string (using the ``|`` yaml notation).

Additionally it's possible to create a ``csr_attributes.yaml`` file for CSR
attributes and certificate extension requests.
See https://puppet.com/docs/puppet/latest/config_file_csr_attributes.html

By default, the puppet service will be automatically enabled after installation
and set to automatically start on boot. To override this in favor of manual
puppet execution set ``start_service`` to ``false``.

A single manual run can be triggered by setting ``exec`` to ``true``, and
additional arguments can be passed to ``puppet agent`` via the ``exec_args``
key (by default the agent will execute with the ``--test`` flag).

**Internal name:** ``cc_puppet``

**Module frequency:** per instance

**Supported distros:** all

**Config keys**::

    puppet:
        install: <true/false>
        version: <version>
        collection: <aio collection>
        install_type: <packages/aio>
        aio_install_url: 'https://git.io/JBhoQ'
        cleanup: <true/false>
        conf_file: '/etc/puppet/puppet.conf'
        ssl_dir: '/var/lib/puppet/ssl'
        csr_attributes_path: '/etc/puppet/csr_attributes.yaml'
        package_name: 'puppet'
        exec: <true/false>
        exec_args: ['--test']
        start_service: <true/false>
        conf:
            agent:
                server: "puppetserver.example.org"
                certname: "%i.%f"
                ca_cert: |
                    -------BEGIN CERTIFICATE-------
                    <cert data>
                    -------END CERTIFICATE-------
        csr_attributes:
            custom_attributes:
                1.2.840.113549.1.9.7: 342thbjkt82094y0uthhor289jnqthpc2290
            extension_requests:
                pp_uuid: ED803750-E3C7-44F5-BB08-41A04433FE2E
                pp_image_name: my_ami_image
                pp_preshared_key: 342thbjkt82094y0uthhor289jnqthpc2290
�N)
�StringIO)�helpers�subp�
temp_utils�
url_helper�utilzKhttps://raw.githubusercontent.com/puppetlabs/install-puppet/main/install.shz--testc@seZ
dZd
d�ZdS)�PuppetConstantscCs8|
|_||_
tjj|d
�|_tjj|jd�|_||_dS)NZcertszca.pem)�	conf_path�ssl_dir�os�path�join�ssl_cert_dir�
ssl_cert_path�csr_attributes_path)�selfZpuppet_conf_fileZpuppet_ssl_dirr�log�r�/usr/lib/python3.6/cc_puppet.py�__init__zs




zPuppetConstants.__init__N)�__name__�
__module__�__qualname__rrrrrrys
rc

Csxtj
jd
�
r&tjddddd
gdd�
nNtj
jd�
rHtjdd	d
gdd�
n,tj
jd�
rjtjddd
gdd�
n
|jd�

dS)Nz/etc/default/puppetZsedz-iz-ezs/^START=.*/START=yes/F)
�capturez/bin/systemctl�enablezpuppet.servicez/sbin/chkconfig�puppetZonzASorry we do not know how to enable puppet services on this system)rr�existsr�warning)
rrrr�_autostart_puppet�s









rcCstj|d
d|
g�
\}}|j
�S)z�Get the config value for a given setting using `puppet config print`
    :param puppet_bin: path to puppet binary
    :param setting: setting to query
    �config�print)r�rstrip)�
puppet_binZsetting�out�
_rrr�get_config_value�s
r%TcCs�g}|
d
k	rd|
g}|d
k	r(|d|g7}|r6|dg
7}tj
|dd�j}tjdd�
�4}tjj|d	�}tj	||d
d�
t
j
|g
|dd
�SQRXd
S)aq
Install puppet-agent from the puppetlabs repositories using the one-shot
    shell script

    :param url: URL from where to download the install script
    :param version: version to install, blank defaults to latest
    :param collection: collection to install, blank defaults to latest
    :param cleanup: whether to purge the puppetlabs repo after installation
    Nz-vz-cz	--cleanup�)�urlZretriesT)
Z	needs_exezpuppet-installi�
)
�modeF)
r)rZreadurl�contentsrZtempdirrrr
r�
write_filer)r'�version�
collection�cleanup�argsZcontentZtmpdZtmpfrrr�install_puppet_aio�s









r/cCs�d
|
kr|jd|�
dS|
d
}t
j|dd�}t
j|dd�}t
j|dd�}t
j|dd�}	t
j|d	d�}
t
j|d
dd�}t
j|d
dd�}t
j|dtd�}
|	dkr�d}d}d}nd
}d
}d
}t
j|d|�}|r�|r�|jd�

nb|�
r>|jd|r�|nd|	�
|	dk�
r|jj||f�

n*|	dk�
r.t|
|||
�
n|jd|	�
d}t
j|dt	|d��}t
j|dt	|d��}t
j|dt	|d��}t
||||�}d|k�r�t
j|j�
}t
j�}dd �|j�D�
}d!j|�
}|jt|�
|jd"�
x�|dj�D]�\}}
|d#k�rPt
j|jd$�
t
j|j|d�
t
j|j�

t
j|j|d�
t
j|j|
�
t
j|j|d�
nXxV|
j�D]J\}}|d%k�r�|jd&tj��}|jd'|j��}|j�}|j|||�
�qZWt
j |jd(|j�
t
j|j|j!��
�
q�Wd|k�r�t
j|j"t#j$|ddd)��
|�rt%|�

|�r�|jd*�

|d+g}d,|k�r�|d,}t&|t't(f��rN|j)|�

n6t&|t*��rj|j)|j+��

n|jd-t,|�
�
|j)t-�

n
|j)t-�

t.j.|dd.�
|�r�t.j.d/d
d0gdd.�
dS)1Nrz9Skipping module named %s, no 'puppet' configuration found�installTr+r,�install_typeZpackagesr-�execF)
�defaultZ
start_service�aio_install_urlZaio�rootz/opt/puppetlabs/bin/puppetzpuppet-agent�package_namez@Puppet install set to false but version supplied, doing nothing.z'Attempting to install puppet %s from %sZlatestz Unknown puppet install type '%s'�	conf_filerr
ZssldirrZcsr_attributesZconfc
Ssg|]}
|
j��qSr)
�lstrip)�.0�
irrr�
<listcomp>
szhandle.<locals>.<listcomp>�

)
�sourceZca_certi�
Zcertnamez%fz%iz%s.old)
Zdefault_flow_stylezRunning puppet-agentZagentZ	exec_argszOUnknown type %s provided for puppet 'exec_args' expected list, tuple, or string)
rZservice�start)/�debugrZget_cfg_option_boolZget_cfg_option_str�AIO_INSTALL_URLrZdistroZinstall_packagesr/r%rZ	load_filer	rZDefaultingConfigParser�
splitlinesr
Z	read_filer�itemsZ
ensure_dirr
Zchownbynamerr*r�replace�socketZgetfqdnZget_instance_id�lower�set�renameZ	stringifyr�yaml�dumpr�
isinstance�list�tuple�extend�str�split�type�PUPPET_AGENT_DEFAULT_ARGSr)�nameZcfgZcloudrZ_argsZ
puppet_cfgr0r+r,r1r-ZrunZ
start_puppetdr4Zpuppet_userr"Zpuppet_packager6r7r
rZp_constantsr)Z
puppet_configZ
cleaned_linesZcleaned_contentsZcfg_name�
o�
v�cmdZcmd_argsrrr�handle�s�





































































rV)�__doc__rrD�iorrHZ	cloudinitrrrrrr@rQ�objectrrr%r/rVrrrr�<module>ks