diff --git a/Puppetfile b/Puppetfile index 2bf9711..0d79c77 100644 --- a/Puppetfile +++ b/Puppetfile @@ -1,20 +1,15 @@ -forge "http://forge.puppetlabs.com" -# Modules from the Puppet Forge -# Versions should be updated to be the latest at the time you start -#mod "puppetlabs/inifile", '1.5.0' -#mod "puppetlabs/stdlib", '4.11.0' -#mod "puppetlabs/concat", '2.1.0' +# This is a Puppetfile, which describes a collection of Puppet modules. +# For format and syntax examples, see: +# +# https://docs.puppet.com/pe/latest/cmgmt_puppetfile.html +# +# In addition to the component modules listed here, the 'site' directory +# includes 'role' and 'profile' modules. The 'role' module contains +# Puppet classes that constitute a machine role or business function. -# Modules from Git -# Examples: https://github.com/puppetlabs/r10k/blob/master/doc/puppetfile.mkd#examples -#mod 'apache', -# :git => 'https://github.com/puppetlabs/puppetlabs-apache', -# :commit => '83401079053dca11d61945bd9beef9ecf7576cbf' +forge "https://forgeapi.puppetlabs.com" -#mod 'apache', -# :git => 'https://github.com/puppetlabs/puppetlabs-apache', -# :branch => 'docs_experiment' mod 'beersy-pe_code_manager_easy_setup', '2.0.0' mod 'tspy-code_deploy', '1.0.2' mod 'puppetlabs-exec', '0.2.0' @@ -32,3 +27,34 @@ mod 'google-gcontainer', '0.2.0' mod 'google-gpubsub', '0.1.0' mod 'google-glogging', '0.1.1' mod 'google-gspanner', '0.1.0' + +# Forge Modules from Puppet + +mod 'puppetlabs-apache', '1.10.0' +mod 'puppetlabs-chocolatey', '2.0.0' +mod 'puppetlabs-mysql', '3.10.0' +mod 'puppetlabs-stdlib', '4.12.0' +mod 'puppetlabs-concat', '2.2.0' +mod 'puppetlabs-powershell', '1.0.6' +mod 'puppetlabs-registry', '1.1.3' +mod 'puppetlabs-inifile', '1.6.0' +mod 'puppetlabs-puppetserver_gem', '0.2.0' + +# Forge Community Modules + +mod 'crayfishx-firewalld', '3.1.4' +mod 'puppet-iis', '2.0.2' +mod 'puppet-staging', '2.0.1' +mod 'puppet-windows_firewall', '1.0.3' +mod 'puppet-windowsfeature', '2.0.0' +mod 'puppet/hiera', '2.1.2' +mod 'reidmv-unzip', '0.1.2' +mod 'stahnma-epel', '1.3.0' +mod 'herculesteam-augeasproviders_core', '2.1.3' +mod 'herculesteam-augeasproviders_ssh', '2.5.0' +mod 'liamjbennett-win_facts', '0.0.2' + +# Module Content from git + +mod 'autosign_example', + :git => 'https://github.com/puppetlabs/puppet-vro-autosign_example' diff --git a/README.md b/README.md index e633a1e..f27120e 100644 --- a/README.md +++ b/README.md @@ -1,96 +1,28 @@ -New test +# Puppet Enterprise Starter Content Pack -Table of Contents -================= +## Introduction - * [Where Did All The Previous Code Go?](#where-did-all-the-previous-code-go) - * [What You Get From This control\-repo](#what-you-get-from-this-control-repo) - * [Copy This Repo Into Your Own Git Server](#copy-this-repo-into-your-own-git-server) - * [GitLab](#gitlab) - * [Stash](#stash) - * [GitHub](#github) +This repository provides "batteries-included" starter Puppet content. It shows you how Puppet code is organized to make self-service provisioning easy and can create 5 different machine types out of the box: +- Linux base server +- Linux MySQL server +- Linux web server +- Windows base server +- Windows web server -Created by [gh-md-toc](https://github.com/ekalinin/github-markdown-toc.go) +## Install Starter Content on your PE Master -# Where Did All The Previous Code Go? +Installation with git +``` +git clone https://github.com/puppetlabs/puppet-starter_content.git +cd puppet-starter_content +sudo bash scripts/nc_setup.sh +sudo /opt/puppetlabs/bin/puppet agent -t +``` -Initially, the control-repo project began as a 'starter' template for anyone who wanted to get started with r10k. As time passed, and Code Manager was integrated into Puppet Enterprise, the scope of this project grew to include opinionated Puppet profiles to set up many Puppet Enterprise components. As the code increased, so did the complexity of the control-repo project. To reduce that complexity, as well as continuing to meet the needs of individuals who would like a more minimal template, this repository was stripped of anything other than the bare minimum files necessary to get started with a functioning -control-repo. - -All of the code that was previously in this repository still exists in separate repositories under the [Puppet Ramp Up Program namespace within Github](https://github.com/Puppet-RampUpProgram) and can be re-connected to an existing control-repo if that is required by adding the modules to the Puppetfile. Alternatively, if that previously opinionated control-repo is desired, [it still exists on Github under the Puppet Ramp Up Program namespace.](https://github.com/Puppet-RampUpProgram/control-repo) This control-repo project will remain a template for anyone who would like a minimal 'starter' template. - -# What You Get From This control-repo - -This repository is a template control-repo that can be used with r10k or Puppet Enterprise Code Manager. - -The major points are: - - An environment.conf that correctly implements: - - A site directory for roles, profiles, and any custom modules for your organization. - - A config_version script. - - Provided config_version scripts to output the commit of code that your agent just applied. - - Basic example of roles/profiles code. - - Example hieradata directory with pre-created common.yaml and nodes directory. - - These match the default hierarchy that ships with PE. - -## Copy This Repo Into Your Own Git Server - -### GitLab - -1. Install GitLab. - - https://about.gitlab.com/downloads/ - -2. After GitLab is installed you may sign if with the `root` user and password `5iveL!fe`. - -3. Make a user for yourself. - -4. Make an SSH key to link with your user. You’ll want to do this on the machine you intend to edit code from (most likely not your Puppet master, but your local workstation or laptop). - - http://doc.gitlab.com/ce/ssh/README.html - - https://help.github.com/articles/generating-ssh-keys/ - -5. Create a group called `puppet` (this is case sensitive). - - http://doc.gitlab.com/ce/workflow/groups.html - -6. Add your user to the `puppet` group as well. - -7. Create a project called `control-repo`, and set the Namespace to be the `puppet` group. - -8. Clone this control repository to your laptop/workstation: - - `git clone ` - - `cd control-repo` - -9. Remove this repository as the origin remote: - - `git remote remove origin` - -10. Add your internal repository as the origin remote: - - `git remote add origin ` - -11. Push the production branch of the repository from your machine up to your git server - - `git push origin production` - -### Stash - -Coming soon! - -### GitHub - -1. Prepare your local git client to authenticate with GitHub.com or a local GitHub Enterprise instance. - - https://help.github.com/articles/generating-ssh-keys/ - - https://help.github.com/articles/adding-a-new-ssh-key-to-your-github-account/ - -2. Create a repository called `control-repo` in your user account or organization. Ensure that "Initialize this repository with a README" is not selected. - - https://help.github.com/articles/creating-a-new-repository/ - -3. Make a note of your repository URL (HTTPS or SSH, depending on your security configuration). - -4. Clone this control repository to your laptop/workstation: - - `git clone ` - - `cd control-repo` - -5. Remove this repository as the origin remote: - - `git remote remove origin` - -6. Add your internal repository as the origin remote: - - `git remote add origin ` - -7. Push the production branch of the repository from your machine up to your git server - - `git push origin production` +Installation with curl +``` +curl -sSL https://github.com/puppetlabs/puppet-starter_content/archive/production.tar.gz | tar -zx +cd puppet-starter_content-production +sudo bash scripts/nc_setup.sh +sudo /opt/puppetlabs/bin/puppet agent -t +``` diff --git a/data/common.yaml b/data/common.yaml new file mode 100644 index 0000000..b8978aa --- /dev/null +++ b/data/common.yaml @@ -0,0 +1,11 @@ +--- +profile::sample_website::windows::webserver_port: 80 +profile::sample_website::windows::doc_root: 'C:\inetpub\wwwroot\sample_website' + +profile::sample_website::linux::webserver_port: 80 +profile::sample_website::linux::doc_root: '/var/www/sample_website' + +profile::sample_data::database_content: 'puppet:///modules/profile/sample_data.sql' +profile::sample_data::database_name: 'pe_sample_db' + +website_source_dir: 'puppet:///modules/profile/sample_website' diff --git a/environment.conf b/environment.conf index a986777..3f62a54 100644 --- a/environment.conf +++ b/environment.conf @@ -1,2 +1 @@ -modulepath = site:modules:$basemodulepath -config_version = 'scripts/config_version.sh $environmentpath $environment' +modulepath = modules:site:$basemodulepath diff --git a/hiera.yaml b/hiera.yaml index 75799f7..912ba45 100644 --- a/hiera.yaml +++ b/hiera.yaml @@ -2,7 +2,7 @@ version: 5 defaults: - datadir: "hieradata" + datadir: "data" hierarchy: - name: 'Yaml backend' diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 2baa62b..b8978aa 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -1,2 +1,11 @@ --- -message: "This node is using common data" +profile::sample_website::windows::webserver_port: 80 +profile::sample_website::windows::doc_root: 'C:\inetpub\wwwroot\sample_website' + +profile::sample_website::linux::webserver_port: 80 +profile::sample_website::linux::doc_root: '/var/www/sample_website' + +profile::sample_data::database_content: 'puppet:///modules/profile/sample_data.sql' +profile::sample_data::database_name: 'pe_sample_db' + +website_source_dir: 'puppet:///modules/profile/sample_website' diff --git a/hieradata/nodes/example-node.yaml b/hieradata/nodes/example-node.yaml deleted file mode 100644 index ed97d53..0000000 --- a/hieradata/nodes/example-node.yaml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/manifests/site.pp b/manifests/site.pp index 7059c8c..e16cb06 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -12,7 +12,7 @@ ## Active Configurations ## # Disable filebucket by default for all File resources: -#https://docs.puppet.com/pe/2015.3/release_notes.html#filebucket-resource-no-longer-created-by-default +#http://docs.puppetlabs.com/pe/latest/release_notes.html#filebucket-resource-no-longer-created-by-default File { backup => false } # DEFAULT NODE @@ -26,7 +26,7 @@ File { backup => false } # specified in the console for that node. node default { - # This is where you can declare classes for all nodes. - # Example: - # class { 'my_class': } + ################## + # Configure Puppet + ################## } diff --git a/scripts/code_manager_config_version.rb b/scripts/code_manager_config_version.rb deleted file mode 100755 index 1ef62af..0000000 --- a/scripts/code_manager_config_version.rb +++ /dev/null @@ -1,18 +0,0 @@ -#!/opt/puppetlabs/puppet/bin/ruby -require 'json' -require 'socket' - -environmentpath = ARGV[0] -environment = ARGV[1] - -# Get the hostname of the Puppet master compiling the catalog. -compiling_master = Socket.gethostname - -# Get the path to the Code Manager deployment info file. -r10k_deploy_file_path = File.join(environmentpath, environment, '.r10k-deploy.json') - -# Get the first 12 characters of the commit ID out of the deployment file. -commit_id = JSON.parse(File.read(r10k_deploy_file_path))['signature'][0...11] - -# Show the compiling master, environment name, and commit ID. -puts "#{compiling_master}-#{environment}-#{commit_id}" diff --git a/scripts/config_version.rb b/scripts/config_version.rb deleted file mode 100755 index 5aade34..0000000 --- a/scripts/config_version.rb +++ /dev/null @@ -1,24 +0,0 @@ -#!/usr/bin/env ruby -begin - require 'rugged' - require 'socket' -rescue LoadError => e - t = Time.new - puts t.to_i -else - environmentpath = ARGV[0] - environment = ARGV[1] - - # Get the hostname of the Puppet master compiling the catalog. - compiling_master = Socket.gethostname - - # Get the path to the environment being compiled. - repo = Rugged::Repository.discover(File.join(environmentpath, environment)) - head = repo.head - - # First 12 characters of the sha1 hash of the newest commit. - commit_id = head.target_id[0...11] - - # Show the compiling master, environment name, and commit ID. - puts "#{compiling_master}-#{environment}-#{commit_id}" -end diff --git a/scripts/config_version.sh b/scripts/config_version.sh deleted file mode 100755 index 8dd8086..0000000 --- a/scripts/config_version.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -if [ -e $1/$2/.r10k-deploy.json ] -then - /opt/puppetlabs/puppet/bin/ruby $1/$2/scripts/code_manager_config_version.rb $1 $2 -elif [ -e /opt/puppetlabs/server/pe_version ] -then - /opt/puppetlabs/puppet/bin/ruby $1/$2/scripts/config_version.rb $1 $2 -else - /usr/bin/git --version > /dev/null 2>&1 && - /usr/bin/git --git-dir $1/$2/.git rev-parse HEAD || - date +%s -fi diff --git a/scripts/nc_setup.sh b/scripts/nc_setup.sh new file mode 100755 index 0000000..7d964e2 --- /dev/null +++ b/scripts/nc_setup.sh @@ -0,0 +1,249 @@ +#!/bin/bash +# This script automates the NC classification and environment group setup for many self-service provisioning workflows +# Run this as root on your master +# Note: this script does not randomize uuid for the classification group it creates, so it will create/replace the same group everytime instead of creating a new group +# This script assumes it is being run on a freshly installed master that is not using code manager. +# +# User configuration +# +echo Puppet Master Setup Script +echo -------------------------- +echo This script expects to be run from puppet-starter_content directory. If run from a different directory, the script will fail. +echo This script also assumes it is being run on a freshly installed master that is not using code manager. +echo -------------------------- + +alternate_environment=dev +autosign_example_class=autosign_example + +all_nodes_id='00000000-0000-4000-8000-000000000000' +roles_group_id='235a97b3-949b-48e0-8e8a-000000000666' +dev_env_group_id='235a97b3-949b-48e0-e8a-000000000888' +autosign_group_id='235a97b3-949b-48e0-8e8a-000000000999' + +# +# Configuration we can detect +# +master_hostname=$(/opt/puppetlabs/bin/puppet config print certname) +key=$(/opt/puppetlabs/bin/puppet config print hostprivkey) +cert=$(/opt/puppetlabs/bin/puppet config print hostcert) +cacert=$(/opt/puppetlabs/bin/puppet config print localcacert) + +# +# Do some error checking first before running the script +# +error_checking() +{ + # Check to see if user running script has root privs + if (( $EUID != 0 )); then + echo "ERROR: This script should only be run by the root user or via sudo." + exit 1 + fi + + # Check to see if script is running from puppet-starter_content directory + if [[ $PWD != *"puppet-starter_content"* ]] + then + echo "ERROR: You must run 'bash scripts/nc_setup.sh' inside the 'puppet-starter_content' directory."; + exit 1 + fi + + # Check to see if script is being run on a puppet master + if [ ! -f /opt/puppetlabs/server/bin/puppetserver ]; then + echo "ERROR: This script should only be run on the Puppet master server." + exit 1 + fi + + # + # Check if code manager is being used + # + curl -s -X GET \ -H "Content-Type: application/json" \ + --cert $cert \ + --key $key \ + --cacert $cacert \ + "https://$master_hostname:4433/classifier-api/v1/groups" | grep -q code_manager_auto_configure + if [ $? -eq 0 ]; then + echo "ERROR: It appears that code manager is being used. This script cannot continue." + echo "Instead, use desired modules from the Puppetfile and use in your own control-repo's Puppetfile." + exit 1 + fi +} + +error_checking + +# +# Determine the uuids for groups that are created during PE install but with randomly generated uuids +# +find_guid() +{ + echo $(curl -s https://$master_hostname:4433/classifier-api/v1/groups --cert $cert --key $key --cacert $cacert | python -m json.tool |grep -C 2 "$1" | grep "id" | cut -d: -f2 | sed 's/[\", ]//g') +} + +production_env_group_id=`find_guid "Production environment"` +echo "\"Production environment\" group uuid is $production_env_group_id" +agent_specified_env_group_id=`find_guid "Agent-specified environment"` +echo "\"Agent-specified environment\" group uuid is $agent_specified_env_group_id" +pemaster_group_id=`find_guid "PE Master"` + +date_string=`date +%Y-%m-%d:%H:%M:%S` +echo "Backing up existing contents of /etc/puppetlabs/code to $date_string" +cp -R /etc/puppetlabs/code /etc/puppetlabs/code_backup_$date_string + +# +# Copying starter content and create an alternate puppet environment in addition to production +# +echo 'Copying starter content repo into /etc/puppetlabs/code/environments' +mkdir -p /etc/puppetlabs/code/environments/$alternate_environment +rm -rf /etc/puppetlabs/code/environments/$alternate_environment/* +cp -R * /etc/puppetlabs/code/environments/$alternate_environment +r10k puppetfile install --moduledir /etc/puppetlabs/code/environments/$alternate_environment/modules --verbose + +# Put a copy in production +echo "Duplicating $alternate_environment contents into production" +rm -rf /etc/puppetlabs/code/environments/production/ +cp -R /etc/puppetlabs/code/environments/$alternate_environment /etc/puppetlabs/code/environments/production +# +# Tell the NC to refresh its cache so that the classes we just installed are available +# +echo "Refreshing NC class lists for production and $alternate_environment puppet environments" +curl -s -X POST -H "Content-Type: application/json" \ +--key $key \ +--cert $cert \ +--cacert $cacert \ +https://$master_hostname:4433/classifier-api/v1/update-classes?environment=production +[ "$?" = 0 ] && echo "Successful refresh of production environment." +curl -s -X POST -H "Content-Type: application/json" \ +--key $key \ +--cert $cert \ +--cacert $cacert \ +https://$master_hostname:4433/classifier-api/v1/update-classes?environment=$alternate_environment +[ "$?" = 0 ] && echo "Successful refresh of $alternate_environment environment." +# +# Create an "Autosign" classification group to set up autosign example +# +echo "Creating the Autosign group" +curl -s -X PUT -H 'Content-Type: application/json' \ + --key $key \ + --cert $cert \ + --cacert $cacert \ + -d ' + { + "name": "Autosign", + "parent": "'$all_nodes_id'", + "rule": + [ "and", + [ "=", + [ "trusted", "certname" ], + "'$master_hostname'" + ] + ], + "classes": { "'$autosign_example_class'": {} } + }' \ + https://$master_hostname:4433/classifier-api/v1/groups/$autosign_group_id | python -m json.tool +echo +# +# Add 64 bit Windows agent installer to pe_repo +# +echo "Adding 64 bit Windows agent installer to pe_repo in PE Master group" +curl -s -X POST -H 'Content-Type: application/json' \ + --key $key \ + --cert $cert \ + --cacert $cacert \ + -d ' + { + "classes": { "pe_repo::platform::windows_x86_64": {} } + }' \ + https://$master_hostname:4433/classifier-api/v1/groups/$pemaster_group_id | python -m json.tool +echo +# +# Create a "Roles" classification group so that the integration role groups are organized more cleanly +# +echo "Creating the Roles group" +curl -s -X PUT -H 'Content-Type: application/json' \ + --key $key \ + --cert $cert \ + --cacert $cacert \ + -d ' + { + "name": "Roles", + "parent": "'$all_nodes_id'", + "classes": {} + }' \ + https://$master_hostname:4433/classifier-api/v1/groups/$roles_group_id | python -m json.tool +echo +# +# Create an environment group for an alternative puppet environment, e.g. dev puppet environment +# +for file in /etc/puppetlabs/code/environments/$alternate_environment/site/role/manifests/*; do + basefilename=$(basename "$file") + role_class="role::${basefilename%.*}" + echo "Creating the \"$role_class\" classification group" + + curl -s -X POST -H "Content-Type: application/json" \ + --key $key \ + --cert $cert \ + --cacert $cacert \ + -d ' + { + "name": "'$role_class'", + "parent": "'$roles_group_id'", + "environment": "'$alternate_environment'", + "rule": + [ "and", + [ "=", + [ "trusted", "extensions", "pp_role" ], + "'$role_class'" + ] + ], + "classes": { "'$role_class'": {} } + }' \ + https://$master_hostname:4433/classifier-api/v1/groups +done +echo +# +# Create alternate_environment environment group +# +echo "Creating the \"$alternate_environment\" environment group" +curl -s -X PUT -H "Content-Type: application/json" \ +--key $key \ +--cert $cert \ +--cacert $cacert \ +-d ' +{ + "name": "'$alternate_environment' environment", + "parent": "'$production_env_group_id'", + "environment_trumps": true, + "environment": "'$alternate_environment'", + "rule": + [ "and", + [ "=", + [ "trusted", "extensions", "pp_environment" ], + "'$alternate_environment'" + ] + ], + "classes": {} +}' \ +https://$master_hostname:4433/classifier-api/v1/groups/$dev_env_group_id | python -m json.tool +# +# Update the "Agent-specified environment" group so that pp_environment=agent-specified works as expected +# +echo "Updating \"Agent-specified environment\" group to use pp_environment in its matching rules" +curl -s -X PUT -H "Content-type: application/json" \ +--key $key \ +--cert $cert \ +--cacert $cacert \ +-d ' +{ + "name": "Agent-specified environment", + "parent": "'$production_env_group_id'", + "environment_trumps": true, + "rule": + [ "and", + [ "=", + [ "trusted", "extensions", "pp_environment" ], + "agent-specified" + ] + ], + "environment": "agent-specified", + "classes": {} +}' \ +https://$master_hostname:4433/classifier-api/v1/groups/$agent_specified_env_group_id | python -m json.tool +echo diff --git a/site/profile/files/sample_data.sql b/site/profile/files/sample_data.sql new file mode 100644 index 0000000..c5daebc --- /dev/null +++ b/site/profile/files/sample_data.sql @@ -0,0 +1,9 @@ +DROP TABLE IF EXISTS `test_data`; +CREATE TABLE `test_data` ( + `id` int(11) NOT NULL PRIMARY KEY AUTO_INCREMENT, + `first_name` text NOT NULL, + `last_name` text NOT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1; + +INSERT INTO `test_data` (`id`, `first_name`, `last_name`) VALUES +(1, 'David', 'Bowie'); diff --git a/LICENSE b/site/profile/files/sample_website/LICENSE similarity index 100% rename from LICENSE rename to site/profile/files/sample_website/LICENSE diff --git a/site/profile/files/sample_website/css/main.css b/site/profile/files/sample_website/css/main.css new file mode 100644 index 0000000..a35b8f2 --- /dev/null +++ b/site/profile/files/sample_website/css/main.css @@ -0,0 +1,23 @@ +body { + margin-top: 200px; + margin-left: 60px; + width: 70%; + font-family: 'Helvetica', 'Arial', 'Sans-Serif'; + background:black url(../img/logo.png) no-repeat left top; +} + +a { text-decoration: none; color: #999; } +a:hover { text-decoration: underline; } + +p, ul { font-size: 1.5em; line-height: 0.5em; color: #fff; } + +h1, h2, h3, h4 { color: #ffad1a } +h1 { font-size: 2em; } +h2 { font-size: 1.7em; } +h3 { font-size: 1.5em; } +h4 { font-size: 1.3em; } + +nav ul, footer ul { padding: 0px; list-style: none; font-weight: bold; } +nav ul li, footer ul li { display: inline; margin-right: 20px; } + +footer { border-top: 1px solid #d5d5d5; font-size: .8em; } diff --git a/site/profile/files/sample_website/img/apple.png b/site/profile/files/sample_website/img/apple.png new file mode 100644 index 0000000..cba0895 Binary files /dev/null and b/site/profile/files/sample_website/img/apple.png differ diff --git a/site/profile/files/sample_website/img/favicon.ico b/site/profile/files/sample_website/img/favicon.ico new file mode 100644 index 0000000..3892169 Binary files /dev/null and b/site/profile/files/sample_website/img/favicon.ico differ diff --git a/site/profile/files/sample_website/img/logo.png b/site/profile/files/sample_website/img/logo.png new file mode 100755 index 0000000..8a38c0e Binary files /dev/null and b/site/profile/files/sample_website/img/logo.png differ diff --git a/site/profile/files/sample_website/img/tux.png b/site/profile/files/sample_website/img/tux.png new file mode 100644 index 0000000..ff85f10 Binary files /dev/null and b/site/profile/files/sample_website/img/tux.png differ diff --git a/site/profile/files/sample_website/img/windows.png b/site/profile/files/sample_website/img/windows.png new file mode 100644 index 0000000..da54d46 Binary files /dev/null and b/site/profile/files/sample_website/img/windows.png differ diff --git a/site/profile/manifests/apache.pp b/site/profile/manifests/apache.pp new file mode 100644 index 0000000..51d57e2 --- /dev/null +++ b/site/profile/manifests/apache.pp @@ -0,0 +1,8 @@ +# @summary This profile installs apache and turns off the default vhost +class profile::apache { + + class { 'apache': + default_vhost => false, + } + +} diff --git a/site/profile/manifests/base.pp b/site/profile/manifests/base.pp deleted file mode 100644 index ae85e65..0000000 --- a/site/profile/manifests/base.pp +++ /dev/null @@ -1,5 +0,0 @@ -class profile::base { - - #the base profile should include component modules that will be on all nodes - -} diff --git a/site/profile/manifests/example.pp b/site/profile/manifests/example.pp deleted file mode 100644 index 0b48c3a..0000000 --- a/site/profile/manifests/example.pp +++ /dev/null @@ -1,3 +0,0 @@ -class profile::example { - -} diff --git a/site/profile/manifests/iis.pp b/site/profile/manifests/iis.pp new file mode 100644 index 0000000..75b3f68 --- /dev/null +++ b/site/profile/manifests/iis.pp @@ -0,0 +1,20 @@ +# @summary This profile installs IIS and turns off the default website +class profile::iis { + + $iis_features = [ + 'Web-Server', + 'Web-WebServer', + 'Web-Http-Redirect', + 'Web-Mgmt-Console', + 'Web-Mgmt-Tools' + ] + + windowsfeature { $iis_features: + ensure => present, + } + + iis::manage_site { 'Default Web Site': + ensure => absent, + } + +} diff --git a/site/profile/manifests/linux_baseline.pp b/site/profile/manifests/linux_baseline.pp new file mode 100644 index 0000000..78ca4e1 --- /dev/null +++ b/site/profile/manifests/linux_baseline.pp @@ -0,0 +1,12 @@ +# @summary This profile installs unzip and git as part of the Linux baseline +class profile::linux_baseline { + + package { 'unzip': + ensure => installed, + } + + package { 'git': + ensure => installed, + } + +} diff --git a/site/profile/manifests/mysql.pp b/site/profile/manifests/mysql.pp new file mode 100644 index 0000000..d325781 --- /dev/null +++ b/site/profile/manifests/mysql.pp @@ -0,0 +1,8 @@ +# @summary This profile installs mysql without default accounts +class profile::mysql { + + class { 'mysql::server': + remove_default_accounts => true + } + +} diff --git a/site/profile/manifests/sample_data.pp b/site/profile/manifests/sample_data.pp new file mode 100644 index 0000000..49ef480 --- /dev/null +++ b/site/profile/manifests/sample_data.pp @@ -0,0 +1,21 @@ +# @summary This profile installs sample data into a mysql db +class profile::sample_data ( + $database_content, + $database_name, +) { + + include mysql::server + + file { '/tmp/sample_data.sql': + ensure => file, + source => $database_content, + } + + mysql::db { $database_name: + user => 'admin', + password => 'admin', + host => 'localhost', + grant => ['ALL'], + sql => '/tmp/sample_data.sql', + } +} diff --git a/site/profile/manifests/sample_website.pp b/site/profile/manifests/sample_website.pp new file mode 100644 index 0000000..0f90370 --- /dev/null +++ b/site/profile/manifests/sample_website.pp @@ -0,0 +1,9 @@ +# @summary This profile installs a sample website +class profile::sample_website { + + case $::kernel { + 'windows': { include profile::sample_website::windows } + 'Linux': { include profile::sample_website::linux } + } + +} diff --git a/site/profile/manifests/sample_website/linux.pp b/site/profile/manifests/sample_website/linux.pp new file mode 100644 index 0000000..df98b97 --- /dev/null +++ b/site/profile/manifests/sample_website/linux.pp @@ -0,0 +1,41 @@ +# +class profile::sample_website::linux ( + $doc_root, + $webserver_port, +) { + require profile::apache + include firewalld + + # configure apache + apache::vhost { $::fqdn: + port => $webserver_port, + docroot => $doc_root, + require => File[$doc_root], + } + + firewalld_port { 'Open port for web': + ensure => present, + zone => 'public', + port => $webserver_port, + protocol => 'tcp', + } + + # deploy website + $website_source_dir = lookup('website_source_dir') + + file { $website_source_dir: + ensure => directory, + owner => $::apache::user, + group => $::apache::group, + mode => '0755', + path => $doc_root, + source => $website_source_dir, + recurse => true, + } + + file { "${doc_root}/index.html": + ensure => file, + content => epp('profile/index.html.epp'), + } + +} diff --git a/site/profile/manifests/sample_website/windows.pp b/site/profile/manifests/sample_website/windows.pp new file mode 100644 index 0000000..629dd36 --- /dev/null +++ b/site/profile/manifests/sample_website/windows.pp @@ -0,0 +1,53 @@ +# +class profile::sample_website::windows ( + $doc_root, + $webserver_port, +) { + require profile::iis + + # configure iis + iis::manage_app_pool {'sample_website': + require => [ + Windowsfeature[$iis_features], + Iis::Manage_site['Default Web Site'], + ], + } + + iis::manage_site { $::fqdn: + site_path => $doc_root, + port => $webserver_port, + ip_address => '*', + app_pool => 'sample_website', + require => [ + Windowsfeature[$iis_features], + Iis::Manage_app_pool['sample_website'] + ], + } + + windows_firewall::exception { 'IIS': + ensure => present, + direction => 'in', + action => 'Allow', + enabled => 'yes', + protocol => 'TCP', + local_port => "${webserver_port}", + display_name => 'HTTP Inbound', + description => 'Inbound rule for HTTP Server', + } + + # deploy website + $website_source_dir = lookup('website_source_dir') + + file { $website_source_dir: + ensure => directory, + path => $doc_root, + source => $website_source_dir, + recurse => true, + } + + file { "${doc_root}/index.html": + ensure => file, + content => epp('profile/index.html.epp'), + } + +} diff --git a/site/profile/manifests/vro_provisioned.pp b/site/profile/manifests/vro_provisioned.pp new file mode 100644 index 0000000..f589dd6 --- /dev/null +++ b/site/profile/manifests/vro_provisioned.pp @@ -0,0 +1,30 @@ +# @summary This profile does some post agent install cleanup. +class profile::vro_provisioned { + + # any operating system-specific state for vro-provisioned machines. + # it's common to change the Administrator user name on Windows, for example. + case $kernel { + 'Linux': { + $agent_confdir = '/etc/puppetlabs/puppet' + } + 'windows': { + $agent_confdir = 'C:/ProgramData/PuppetLabs/puppet/etc' + + #exec { 'rename-Administrator': + # command => '$(Get-WMIObject Win32_UserAccount -Filter "Name=\'Administrator\'").Rename("puppet#adm1n")', + # unless => 'if (Get-WmiObject Win32_UserAccount -Filter "Name=\'Administrator\'") { exit 1 }', + # provider => powershell, + #} + + } + default: {} + } + + # ensure that the csr_attributes.yaml file containing the shared + # autosign secret is removed on the first puppet agent run. + file { "${agent_confdir}/csr_attributes.yaml": + ensure => absent, + backup => false, + } + +} diff --git a/site/profile/manifests/windows_baseline.pp b/site/profile/manifests/windows_baseline.pp new file mode 100644 index 0000000..9555074 --- /dev/null +++ b/site/profile/manifests/windows_baseline.pp @@ -0,0 +1,16 @@ +# @summary This profile installs unzip and git as part of the Windows baseline +class profile::windows_baseline { + + include chocolatey + + package { 'unzip': + ensure => installed, + provider => chocolatey, + } + + package { 'git': + ensure => installed, + provider => chocolatey, + } + +} diff --git a/site/profile/templates/index.html.epp b/site/profile/templates/index.html.epp new file mode 100644 index 0000000..aebb6b8 --- /dev/null +++ b/site/profile/templates/index.html.epp @@ -0,0 +1,37 @@ + + + + + Sample Website + + + + + +
+
+ <% if $kernel == 'windows' { -%> + + <% } elsif $kernel == 'Linux' { -%> + + <% } elsif $kernel == 'Darwin' { -%> + + <% } -%> +

System Info

+

fqdn/certname: + <%= $trusted[certname] %> +

+

ip address: + <%= $networking[ip] %> +

+

total system memory: + <%= $memory[system][total] %> +

+

vm uuid: + <%= $trusted[extensions][pp_uuid] %> +

+
+
+ + + diff --git a/site/role/manifests/database_server.pp b/site/role/manifests/database_server.pp deleted file mode 100644 index aacc912..0000000 --- a/site/role/manifests/database_server.pp +++ /dev/null @@ -1,7 +0,0 @@ -class role::database_server { - - #This role would be made of all the profiles that need to be included to make a database server work - #All roles should include the base profile - include profile::base - -} diff --git a/site/role/manifests/example.pp b/site/role/manifests/example.pp deleted file mode 100644 index 2c1d2d7..0000000 --- a/site/role/manifests/example.pp +++ /dev/null @@ -1,3 +0,0 @@ -class role::example { - -} diff --git a/site/role/manifests/linux_base.pp b/site/role/manifests/linux_base.pp new file mode 100644 index 0000000..54e281f --- /dev/null +++ b/site/role/manifests/linux_base.pp @@ -0,0 +1,4 @@ +# @summary This role installs a baseline of packages on Linux machines +class role::linux_base { + include profile::linux_baseline +} diff --git a/site/role/manifests/linux_mysql_database.pp b/site/role/manifests/linux_mysql_database.pp new file mode 100644 index 0000000..70c9b69 --- /dev/null +++ b/site/role/manifests/linux_mysql_database.pp @@ -0,0 +1,6 @@ +# @summary This role installs a mysql databse and sample data +class role::linux_mysql_database { + include profile::linux_baseline + include profile::mysql + include profile::sample_data +} diff --git a/site/role/manifests/linux_webserver.pp b/site/role/manifests/linux_webserver.pp new file mode 100644 index 0000000..5d8deb5 --- /dev/null +++ b/site/role/manifests/linux_webserver.pp @@ -0,0 +1,7 @@ +# @summary This role installs an apache webserver and sample content on port 80. +class role::linux_webserver { + include profile::linux_baseline + include profile::vro_provisioned + include profile::apache + include profile::sample_website +} diff --git a/site/role/manifests/webserver.pp b/site/role/manifests/webserver.pp deleted file mode 100644 index 314fa55..0000000 --- a/site/role/manifests/webserver.pp +++ /dev/null @@ -1,7 +0,0 @@ -class role::webserver { - - #This role would be made of all the profiles that need to be included to make a webserver work - #All roles should include the base profile - include profile::base - -} diff --git a/site/role/manifests/windows_base.pp b/site/role/manifests/windows_base.pp new file mode 100644 index 0000000..9aa054a --- /dev/null +++ b/site/role/manifests/windows_base.pp @@ -0,0 +1,4 @@ +# @summary This role installs a baseline of packages on Windows machines +class role::windows_base { + include profile::windows_baseline +} diff --git a/site/role/manifests/windows_webserver.pp b/site/role/manifests/windows_webserver.pp new file mode 100644 index 0000000..df35cd4 --- /dev/null +++ b/site/role/manifests/windows_webserver.pp @@ -0,0 +1,7 @@ +# @summary This role installs IIS and sample content on port 80. +class role::windows_webserver { + include profile::windows_baseline + include profile::vro_provisioned + include profile::iis + include profile::sample_website +}