feat(puppet): add ehiera deployment and key management

roles/puppet/defaults/main.yml

@@ -11,6 +11,7 @@ puppet_agent_version: "{{ puppet_major_version }}.0.0"
 
 # Path to binary
 puppet_bin_path: /opt/puppetlabs/bin
+puppet_extra_path: /usr/local/bin
 
 # Heap memory
 puppet_server_xms: 1g
@@ -22,3 +23,6 @@ puppet_dns_alt_names: "{{ inventory_hostname }},puppet"
 # Puppet agent
 puppet_certname: "{{ inventory_hostname }}"
 puppet_server: "{{ groups['puppet_server'][0] }}"
+
+# eHiera key management
+puppet_ehiera_create_key: false

roles/puppet/files/etc/puppetlabs/puppet/keys/private_key.pkcs7.pem

@@ -0,0 +1 @@
+# UPDATE THE CONTENT AND ENCRYPT ME

roles/puppet/files/etc/puppetlabs/puppet/keys/public_key.pkcs7.pem

@@ -0,0 +1 @@
+# UPDATE THE CONTENT AND ENCRYPT ME

roles/puppet/tasks/ehiera.yml

@@ -0,0 +1,38 @@
+---
+
+- name: PUPPET EHIERA | Install prerequisites
+  package:
+    name: rubygems
+    state: present
+
+- name: PUPPET EHIERA | Install the ehiera gem
+  gem:
+    name: hiera-eyaml
+    state: present
+
+- name: PUPPET EHIERA | Add the gems to the Puppet server
+  command: /opt/puppetlabs/bin/puppetserver gem install hiera-eyaml
+
+- name: PUPPET EHIERA | Create a key
+  command: eyaml createkeys
+  when: puppet_ehiera_create_key
+
+- name: PUPPET EHIERA | Create directory
+  file:
+    state: directory
+    path: /etc/puppetlabs/puppet/keys
+    owner: root
+    group: root
+    mode: 0755
+
+- name: PUPPET EHIERA | Deploy the eHiera key
+  copy:
+    src: etc/puppetlabs/puppet/keys/{{ item }}
+    dest: /etc/puppetlabs/puppet/keys/{{ item }}
+    owner: root
+    group: root
+    mode: 0600
+  loop:
+    - private_key.pkcs7.pem
+    - public_key.pkcs7.pem
+  when: not puppet_ehiera_create_key

roles/puppet/tasks/main.yml

@@ -25,3 +25,7 @@
 - name: PUPPET | Manage Puppet Agent certificate
   import_tasks: cert.yml
   when: inventory_hostname in groups['puppet_server']
+
+- name: PUPPET | Manage eHiera deployment
+  import_tasks: ehiera.yml
+  when: inventory_hostname in groups['puppet_server']