Syncing with starter content
This commit is contained in:
parent
88c3984c97
commit
9bde731d14
54
Puppetfile
54
Puppetfile
@ -1,20 +1,15 @@
|
|||||||
forge "http://forge.puppetlabs.com"
|
|
||||||
|
|
||||||
# Modules from the Puppet Forge
|
# This is a Puppetfile, which describes a collection of Puppet modules.
|
||||||
# Versions should be updated to be the latest at the time you start
|
# For format and syntax examples, see:
|
||||||
#mod "puppetlabs/inifile", '1.5.0'
|
#
|
||||||
#mod "puppetlabs/stdlib", '4.11.0'
|
# https://docs.puppet.com/pe/latest/cmgmt_puppetfile.html
|
||||||
#mod "puppetlabs/concat", '2.1.0'
|
#
|
||||||
|
# In addition to the component modules listed here, the 'site' directory
|
||||||
|
# includes 'role' and 'profile' modules. The 'role' module contains
|
||||||
|
# Puppet classes that constitute a machine role or business function.
|
||||||
|
|
||||||
# Modules from Git
|
forge "https://forgeapi.puppetlabs.com"
|
||||||
# Examples: https://github.com/puppetlabs/r10k/blob/master/doc/puppetfile.mkd#examples
|
|
||||||
#mod 'apache',
|
|
||||||
# :git => 'https://github.com/puppetlabs/puppetlabs-apache',
|
|
||||||
# :commit => '83401079053dca11d61945bd9beef9ecf7576cbf'
|
|
||||||
|
|
||||||
#mod 'apache',
|
|
||||||
# :git => 'https://github.com/puppetlabs/puppetlabs-apache',
|
|
||||||
# :branch => 'docs_experiment'
|
|
||||||
mod 'beersy-pe_code_manager_easy_setup', '2.0.0'
|
mod 'beersy-pe_code_manager_easy_setup', '2.0.0'
|
||||||
mod 'tspy-code_deploy', '1.0.2'
|
mod 'tspy-code_deploy', '1.0.2'
|
||||||
mod 'puppetlabs-exec', '0.2.0'
|
mod 'puppetlabs-exec', '0.2.0'
|
||||||
@ -32,3 +27,34 @@ mod 'google-gcontainer', '0.2.0'
|
|||||||
mod 'google-gpubsub', '0.1.0'
|
mod 'google-gpubsub', '0.1.0'
|
||||||
mod 'google-glogging', '0.1.1'
|
mod 'google-glogging', '0.1.1'
|
||||||
mod 'google-gspanner', '0.1.0'
|
mod 'google-gspanner', '0.1.0'
|
||||||
|
|
||||||
|
# Forge Modules from Puppet
|
||||||
|
|
||||||
|
mod 'puppetlabs-apache', '1.10.0'
|
||||||
|
mod 'puppetlabs-chocolatey', '2.0.0'
|
||||||
|
mod 'puppetlabs-mysql', '3.10.0'
|
||||||
|
mod 'puppetlabs-stdlib', '4.12.0'
|
||||||
|
mod 'puppetlabs-concat', '2.2.0'
|
||||||
|
mod 'puppetlabs-powershell', '1.0.6'
|
||||||
|
mod 'puppetlabs-registry', '1.1.3'
|
||||||
|
mod 'puppetlabs-inifile', '1.6.0'
|
||||||
|
mod 'puppetlabs-puppetserver_gem', '0.2.0'
|
||||||
|
|
||||||
|
# Forge Community Modules
|
||||||
|
|
||||||
|
mod 'crayfishx-firewalld', '3.1.4'
|
||||||
|
mod 'puppet-iis', '2.0.2'
|
||||||
|
mod 'puppet-staging', '2.0.1'
|
||||||
|
mod 'puppet-windows_firewall', '1.0.3'
|
||||||
|
mod 'puppet-windowsfeature', '2.0.0'
|
||||||
|
mod 'puppet/hiera', '2.1.2'
|
||||||
|
mod 'reidmv-unzip', '0.1.2'
|
||||||
|
mod 'stahnma-epel', '1.3.0'
|
||||||
|
mod 'herculesteam-augeasproviders_core', '2.1.3'
|
||||||
|
mod 'herculesteam-augeasproviders_ssh', '2.5.0'
|
||||||
|
mod 'liamjbennett-win_facts', '0.0.2'
|
||||||
|
|
||||||
|
# Module Content from git
|
||||||
|
|
||||||
|
mod 'autosign_example',
|
||||||
|
:git => 'https://github.com/puppetlabs/puppet-vro-autosign_example'
|
||||||
|
114
README.md
114
README.md
@ -1,96 +1,28 @@
|
|||||||
New test
|
# Puppet Enterprise Starter Content Pack
|
||||||
|
|
||||||
Table of Contents
|
## Introduction
|
||||||
=================
|
|
||||||
|
|
||||||
* [Where Did All The Previous Code Go?](#where-did-all-the-previous-code-go)
|
This repository provides "batteries-included" starter Puppet content. It shows you how Puppet code is organized to make self-service provisioning easy and can create 5 different machine types out of the box:
|
||||||
* [What You Get From This control\-repo](#what-you-get-from-this-control-repo)
|
- Linux base server
|
||||||
* [Copy This Repo Into Your Own Git Server](#copy-this-repo-into-your-own-git-server)
|
- Linux MySQL server
|
||||||
* [GitLab](#gitlab)
|
- Linux web server
|
||||||
* [Stash](#stash)
|
- Windows base server
|
||||||
* [GitHub](#github)
|
- Windows web server
|
||||||
|
|
||||||
Created by [gh-md-toc](https://github.com/ekalinin/github-markdown-toc.go)
|
## Install Starter Content on your PE Master
|
||||||
|
|
||||||
# Where Did All The Previous Code Go?
|
Installation with git
|
||||||
|
```
|
||||||
|
git clone https://github.com/puppetlabs/puppet-starter_content.git
|
||||||
|
cd puppet-starter_content
|
||||||
|
sudo bash scripts/nc_setup.sh
|
||||||
|
sudo /opt/puppetlabs/bin/puppet agent -t
|
||||||
|
```
|
||||||
|
|
||||||
Initially, the control-repo project began as a 'starter' template for anyone who wanted to get started with r10k. As time passed, and Code Manager was integrated into Puppet Enterprise, the scope of this project grew to include opinionated Puppet profiles to set up many Puppet Enterprise components. As the code increased, so did the complexity of the control-repo project. To reduce that complexity, as well as continuing to meet the needs of individuals who would like a more minimal template, this repository was stripped of anything other than the bare minimum files necessary to get started with a functioning
|
Installation with curl
|
||||||
control-repo.
|
```
|
||||||
|
curl -sSL https://github.com/puppetlabs/puppet-starter_content/archive/production.tar.gz | tar -zx
|
||||||
All of the code that was previously in this repository still exists in separate repositories under the [Puppet Ramp Up Program namespace within Github](https://github.com/Puppet-RampUpProgram) and can be re-connected to an existing control-repo if that is required by adding the modules to the Puppetfile. Alternatively, if that previously opinionated control-repo is desired, [it still exists on Github under the Puppet Ramp Up Program namespace.](https://github.com/Puppet-RampUpProgram/control-repo) This control-repo project will remain a template for anyone who would like a minimal 'starter' template.
|
cd puppet-starter_content-production
|
||||||
|
sudo bash scripts/nc_setup.sh
|
||||||
# What You Get From This control-repo
|
sudo /opt/puppetlabs/bin/puppet agent -t
|
||||||
|
```
|
||||||
This repository is a template control-repo that can be used with r10k or Puppet Enterprise Code Manager.
|
|
||||||
|
|
||||||
The major points are:
|
|
||||||
- An environment.conf that correctly implements:
|
|
||||||
- A site directory for roles, profiles, and any custom modules for your organization.
|
|
||||||
- A config_version script.
|
|
||||||
- Provided config_version scripts to output the commit of code that your agent just applied.
|
|
||||||
- Basic example of roles/profiles code.
|
|
||||||
- Example hieradata directory with pre-created common.yaml and nodes directory.
|
|
||||||
- These match the default hierarchy that ships with PE.
|
|
||||||
|
|
||||||
## Copy This Repo Into Your Own Git Server
|
|
||||||
|
|
||||||
### GitLab
|
|
||||||
|
|
||||||
1. Install GitLab.
|
|
||||||
- https://about.gitlab.com/downloads/
|
|
||||||
|
|
||||||
2. After GitLab is installed you may sign if with the `root` user and password `5iveL!fe`.
|
|
||||||
|
|
||||||
3. Make a user for yourself.
|
|
||||||
|
|
||||||
4. Make an SSH key to link with your user. You’ll want to do this on the machine you intend to edit code from (most likely not your Puppet master, but your local workstation or laptop).
|
|
||||||
- http://doc.gitlab.com/ce/ssh/README.html
|
|
||||||
- https://help.github.com/articles/generating-ssh-keys/
|
|
||||||
|
|
||||||
5. Create a group called `puppet` (this is case sensitive).
|
|
||||||
- http://doc.gitlab.com/ce/workflow/groups.html
|
|
||||||
|
|
||||||
6. Add your user to the `puppet` group as well.
|
|
||||||
|
|
||||||
7. Create a project called `control-repo`, and set the Namespace to be the `puppet` group.
|
|
||||||
|
|
||||||
8. Clone this control repository to your laptop/workstation:
|
|
||||||
- `git clone <repository url>`
|
|
||||||
- `cd control-repo`
|
|
||||||
|
|
||||||
9. Remove this repository as the origin remote:
|
|
||||||
- `git remote remove origin`
|
|
||||||
|
|
||||||
10. Add your internal repository as the origin remote:
|
|
||||||
- `git remote add origin <url of your gitlab repository>`
|
|
||||||
|
|
||||||
11. Push the production branch of the repository from your machine up to your git server
|
|
||||||
- `git push origin production`
|
|
||||||
|
|
||||||
### Stash
|
|
||||||
|
|
||||||
Coming soon!
|
|
||||||
|
|
||||||
### GitHub
|
|
||||||
|
|
||||||
1. Prepare your local git client to authenticate with GitHub.com or a local GitHub Enterprise instance.
|
|
||||||
- https://help.github.com/articles/generating-ssh-keys/
|
|
||||||
- https://help.github.com/articles/adding-a-new-ssh-key-to-your-github-account/
|
|
||||||
|
|
||||||
2. Create a repository called `control-repo` in your user account or organization. Ensure that "Initialize this repository with a README" is not selected.
|
|
||||||
- https://help.github.com/articles/creating-a-new-repository/
|
|
||||||
|
|
||||||
3. Make a note of your repository URL (HTTPS or SSH, depending on your security configuration).
|
|
||||||
|
|
||||||
4. Clone this control repository to your laptop/workstation:
|
|
||||||
- `git clone <repository url>`
|
|
||||||
- `cd control-repo`
|
|
||||||
|
|
||||||
5. Remove this repository as the origin remote:
|
|
||||||
- `git remote remove origin`
|
|
||||||
|
|
||||||
6. Add your internal repository as the origin remote:
|
|
||||||
- `git remote add origin <url of your github repository>`
|
|
||||||
|
|
||||||
7. Push the production branch of the repository from your machine up to your git server
|
|
||||||
- `git push origin production`
|
|
||||||
|
11
data/common.yaml
Normal file
11
data/common.yaml
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
---
|
||||||
|
profile::sample_website::windows::webserver_port: 80
|
||||||
|
profile::sample_website::windows::doc_root: 'C:\inetpub\wwwroot\sample_website'
|
||||||
|
|
||||||
|
profile::sample_website::linux::webserver_port: 80
|
||||||
|
profile::sample_website::linux::doc_root: '/var/www/sample_website'
|
||||||
|
|
||||||
|
profile::sample_data::database_content: 'puppet:///modules/profile/sample_data.sql'
|
||||||
|
profile::sample_data::database_name: 'pe_sample_db'
|
||||||
|
|
||||||
|
website_source_dir: 'puppet:///modules/profile/sample_website'
|
@ -1,2 +1 @@
|
|||||||
modulepath = site:modules:$basemodulepath
|
modulepath = modules:site:$basemodulepath
|
||||||
config_version = 'scripts/config_version.sh $environmentpath $environment'
|
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
version: 5
|
version: 5
|
||||||
|
|
||||||
defaults:
|
defaults:
|
||||||
datadir: "hieradata"
|
datadir: "data"
|
||||||
|
|
||||||
hierarchy:
|
hierarchy:
|
||||||
- name: 'Yaml backend'
|
- name: 'Yaml backend'
|
||||||
|
@ -1,2 +1,11 @@
|
|||||||
---
|
---
|
||||||
message: "This node is using common data"
|
profile::sample_website::windows::webserver_port: 80
|
||||||
|
profile::sample_website::windows::doc_root: 'C:\inetpub\wwwroot\sample_website'
|
||||||
|
|
||||||
|
profile::sample_website::linux::webserver_port: 80
|
||||||
|
profile::sample_website::linux::doc_root: '/var/www/sample_website'
|
||||||
|
|
||||||
|
profile::sample_data::database_content: 'puppet:///modules/profile/sample_data.sql'
|
||||||
|
profile::sample_data::database_name: 'pe_sample_db'
|
||||||
|
|
||||||
|
website_source_dir: 'puppet:///modules/profile/sample_website'
|
||||||
|
@ -1 +0,0 @@
|
|||||||
---
|
|
@ -12,7 +12,7 @@
|
|||||||
## Active Configurations ##
|
## Active Configurations ##
|
||||||
|
|
||||||
# Disable filebucket by default for all File resources:
|
# Disable filebucket by default for all File resources:
|
||||||
#https://docs.puppet.com/pe/2015.3/release_notes.html#filebucket-resource-no-longer-created-by-default
|
#http://docs.puppetlabs.com/pe/latest/release_notes.html#filebucket-resource-no-longer-created-by-default
|
||||||
File { backup => false }
|
File { backup => false }
|
||||||
|
|
||||||
# DEFAULT NODE
|
# DEFAULT NODE
|
||||||
@ -26,7 +26,7 @@ File { backup => false }
|
|||||||
# specified in the console for that node.
|
# specified in the console for that node.
|
||||||
|
|
||||||
node default {
|
node default {
|
||||||
# This is where you can declare classes for all nodes.
|
##################
|
||||||
# Example:
|
# Configure Puppet
|
||||||
# class { 'my_class': }
|
##################
|
||||||
}
|
}
|
||||||
|
@ -1,18 +0,0 @@
|
|||||||
#!/opt/puppetlabs/puppet/bin/ruby
|
|
||||||
require 'json'
|
|
||||||
require 'socket'
|
|
||||||
|
|
||||||
environmentpath = ARGV[0]
|
|
||||||
environment = ARGV[1]
|
|
||||||
|
|
||||||
# Get the hostname of the Puppet master compiling the catalog.
|
|
||||||
compiling_master = Socket.gethostname
|
|
||||||
|
|
||||||
# Get the path to the Code Manager deployment info file.
|
|
||||||
r10k_deploy_file_path = File.join(environmentpath, environment, '.r10k-deploy.json')
|
|
||||||
|
|
||||||
# Get the first 12 characters of the commit ID out of the deployment file.
|
|
||||||
commit_id = JSON.parse(File.read(r10k_deploy_file_path))['signature'][0...11]
|
|
||||||
|
|
||||||
# Show the compiling master, environment name, and commit ID.
|
|
||||||
puts "#{compiling_master}-#{environment}-#{commit_id}"
|
|
@ -1,24 +0,0 @@
|
|||||||
#!/usr/bin/env ruby
|
|
||||||
begin
|
|
||||||
require 'rugged'
|
|
||||||
require 'socket'
|
|
||||||
rescue LoadError => e
|
|
||||||
t = Time.new
|
|
||||||
puts t.to_i
|
|
||||||
else
|
|
||||||
environmentpath = ARGV[0]
|
|
||||||
environment = ARGV[1]
|
|
||||||
|
|
||||||
# Get the hostname of the Puppet master compiling the catalog.
|
|
||||||
compiling_master = Socket.gethostname
|
|
||||||
|
|
||||||
# Get the path to the environment being compiled.
|
|
||||||
repo = Rugged::Repository.discover(File.join(environmentpath, environment))
|
|
||||||
head = repo.head
|
|
||||||
|
|
||||||
# First 12 characters of the sha1 hash of the newest commit.
|
|
||||||
commit_id = head.target_id[0...11]
|
|
||||||
|
|
||||||
# Show the compiling master, environment name, and commit ID.
|
|
||||||
puts "#{compiling_master}-#{environment}-#{commit_id}"
|
|
||||||
end
|
|
@ -1,12 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
if [ -e $1/$2/.r10k-deploy.json ]
|
|
||||||
then
|
|
||||||
/opt/puppetlabs/puppet/bin/ruby $1/$2/scripts/code_manager_config_version.rb $1 $2
|
|
||||||
elif [ -e /opt/puppetlabs/server/pe_version ]
|
|
||||||
then
|
|
||||||
/opt/puppetlabs/puppet/bin/ruby $1/$2/scripts/config_version.rb $1 $2
|
|
||||||
else
|
|
||||||
/usr/bin/git --version > /dev/null 2>&1 &&
|
|
||||||
/usr/bin/git --git-dir $1/$2/.git rev-parse HEAD ||
|
|
||||||
date +%s
|
|
||||||
fi
|
|
249
scripts/nc_setup.sh
Executable file
249
scripts/nc_setup.sh
Executable file
@ -0,0 +1,249 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# This script automates the NC classification and environment group setup for many self-service provisioning workflows
|
||||||
|
# Run this as root on your master
|
||||||
|
# Note: this script does not randomize uuid for the classification group it creates, so it will create/replace the same group everytime instead of creating a new group
|
||||||
|
# This script assumes it is being run on a freshly installed master that is not using code manager.
|
||||||
|
#
|
||||||
|
# User configuration
|
||||||
|
#
|
||||||
|
echo Puppet Master Setup Script
|
||||||
|
echo --------------------------
|
||||||
|
echo This script expects to be run from puppet-starter_content directory. If run from a different directory, the script will fail.
|
||||||
|
echo This script also assumes it is being run on a freshly installed master that is not using code manager.
|
||||||
|
echo --------------------------
|
||||||
|
|
||||||
|
alternate_environment=dev
|
||||||
|
autosign_example_class=autosign_example
|
||||||
|
|
||||||
|
all_nodes_id='00000000-0000-4000-8000-000000000000'
|
||||||
|
roles_group_id='235a97b3-949b-48e0-8e8a-000000000666'
|
||||||
|
dev_env_group_id='235a97b3-949b-48e0-e8a-000000000888'
|
||||||
|
autosign_group_id='235a97b3-949b-48e0-8e8a-000000000999'
|
||||||
|
|
||||||
|
#
|
||||||
|
# Configuration we can detect
|
||||||
|
#
|
||||||
|
master_hostname=$(/opt/puppetlabs/bin/puppet config print certname)
|
||||||
|
key=$(/opt/puppetlabs/bin/puppet config print hostprivkey)
|
||||||
|
cert=$(/opt/puppetlabs/bin/puppet config print hostcert)
|
||||||
|
cacert=$(/opt/puppetlabs/bin/puppet config print localcacert)
|
||||||
|
|
||||||
|
#
|
||||||
|
# Do some error checking first before running the script
|
||||||
|
#
|
||||||
|
error_checking()
|
||||||
|
{
|
||||||
|
# Check to see if user running script has root privs
|
||||||
|
if (( $EUID != 0 )); then
|
||||||
|
echo "ERROR: This script should only be run by the root user or via sudo."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check to see if script is running from puppet-starter_content directory
|
||||||
|
if [[ $PWD != *"puppet-starter_content"* ]]
|
||||||
|
then
|
||||||
|
echo "ERROR: You must run 'bash scripts/nc_setup.sh' inside the 'puppet-starter_content' directory.";
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check to see if script is being run on a puppet master
|
||||||
|
if [ ! -f /opt/puppetlabs/server/bin/puppetserver ]; then
|
||||||
|
echo "ERROR: This script should only be run on the Puppet master server."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
#
|
||||||
|
# Check if code manager is being used
|
||||||
|
#
|
||||||
|
curl -s -X GET \ -H "Content-Type: application/json" \
|
||||||
|
--cert $cert \
|
||||||
|
--key $key \
|
||||||
|
--cacert $cacert \
|
||||||
|
"https://$master_hostname:4433/classifier-api/v1/groups" | grep -q code_manager_auto_configure
|
||||||
|
if [ $? -eq 0 ]; then
|
||||||
|
echo "ERROR: It appears that code manager is being used. This script cannot continue."
|
||||||
|
echo "Instead, use desired modules from the Puppetfile and use in your own control-repo's Puppetfile."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
error_checking
|
||||||
|
|
||||||
|
#
|
||||||
|
# Determine the uuids for groups that are created during PE install but with randomly generated uuids
|
||||||
|
#
|
||||||
|
find_guid()
|
||||||
|
{
|
||||||
|
echo $(curl -s https://$master_hostname:4433/classifier-api/v1/groups --cert $cert --key $key --cacert $cacert | python -m json.tool |grep -C 2 "$1" | grep "id" | cut -d: -f2 | sed 's/[\", ]//g')
|
||||||
|
}
|
||||||
|
|
||||||
|
production_env_group_id=`find_guid "Production environment"`
|
||||||
|
echo "\"Production environment\" group uuid is $production_env_group_id"
|
||||||
|
agent_specified_env_group_id=`find_guid "Agent-specified environment"`
|
||||||
|
echo "\"Agent-specified environment\" group uuid is $agent_specified_env_group_id"
|
||||||
|
pemaster_group_id=`find_guid "PE Master"`
|
||||||
|
|
||||||
|
date_string=`date +%Y-%m-%d:%H:%M:%S`
|
||||||
|
echo "Backing up existing contents of /etc/puppetlabs/code to $date_string"
|
||||||
|
cp -R /etc/puppetlabs/code /etc/puppetlabs/code_backup_$date_string
|
||||||
|
|
||||||
|
#
|
||||||
|
# Copying starter content and create an alternate puppet environment in addition to production
|
||||||
|
#
|
||||||
|
echo 'Copying starter content repo into /etc/puppetlabs/code/environments'
|
||||||
|
mkdir -p /etc/puppetlabs/code/environments/$alternate_environment
|
||||||
|
rm -rf /etc/puppetlabs/code/environments/$alternate_environment/*
|
||||||
|
cp -R * /etc/puppetlabs/code/environments/$alternate_environment
|
||||||
|
r10k puppetfile install --moduledir /etc/puppetlabs/code/environments/$alternate_environment/modules --verbose
|
||||||
|
|
||||||
|
# Put a copy in production
|
||||||
|
echo "Duplicating $alternate_environment contents into production"
|
||||||
|
rm -rf /etc/puppetlabs/code/environments/production/
|
||||||
|
cp -R /etc/puppetlabs/code/environments/$alternate_environment /etc/puppetlabs/code/environments/production
|
||||||
|
#
|
||||||
|
# Tell the NC to refresh its cache so that the classes we just installed are available
|
||||||
|
#
|
||||||
|
echo "Refreshing NC class lists for production and $alternate_environment puppet environments"
|
||||||
|
curl -s -X POST -H "Content-Type: application/json" \
|
||||||
|
--key $key \
|
||||||
|
--cert $cert \
|
||||||
|
--cacert $cacert \
|
||||||
|
https://$master_hostname:4433/classifier-api/v1/update-classes?environment=production
|
||||||
|
[ "$?" = 0 ] && echo "Successful refresh of production environment."
|
||||||
|
curl -s -X POST -H "Content-Type: application/json" \
|
||||||
|
--key $key \
|
||||||
|
--cert $cert \
|
||||||
|
--cacert $cacert \
|
||||||
|
https://$master_hostname:4433/classifier-api/v1/update-classes?environment=$alternate_environment
|
||||||
|
[ "$?" = 0 ] && echo "Successful refresh of $alternate_environment environment."
|
||||||
|
#
|
||||||
|
# Create an "Autosign" classification group to set up autosign example
|
||||||
|
#
|
||||||
|
echo "Creating the Autosign group"
|
||||||
|
curl -s -X PUT -H 'Content-Type: application/json' \
|
||||||
|
--key $key \
|
||||||
|
--cert $cert \
|
||||||
|
--cacert $cacert \
|
||||||
|
-d '
|
||||||
|
{
|
||||||
|
"name": "Autosign",
|
||||||
|
"parent": "'$all_nodes_id'",
|
||||||
|
"rule":
|
||||||
|
[ "and",
|
||||||
|
[ "=",
|
||||||
|
[ "trusted", "certname" ],
|
||||||
|
"'$master_hostname'"
|
||||||
|
]
|
||||||
|
],
|
||||||
|
"classes": { "'$autosign_example_class'": {} }
|
||||||
|
}' \
|
||||||
|
https://$master_hostname:4433/classifier-api/v1/groups/$autosign_group_id | python -m json.tool
|
||||||
|
echo
|
||||||
|
#
|
||||||
|
# Add 64 bit Windows agent installer to pe_repo
|
||||||
|
#
|
||||||
|
echo "Adding 64 bit Windows agent installer to pe_repo in PE Master group"
|
||||||
|
curl -s -X POST -H 'Content-Type: application/json' \
|
||||||
|
--key $key \
|
||||||
|
--cert $cert \
|
||||||
|
--cacert $cacert \
|
||||||
|
-d '
|
||||||
|
{
|
||||||
|
"classes": { "pe_repo::platform::windows_x86_64": {} }
|
||||||
|
}' \
|
||||||
|
https://$master_hostname:4433/classifier-api/v1/groups/$pemaster_group_id | python -m json.tool
|
||||||
|
echo
|
||||||
|
#
|
||||||
|
# Create a "Roles" classification group so that the integration role groups are organized more cleanly
|
||||||
|
#
|
||||||
|
echo "Creating the Roles group"
|
||||||
|
curl -s -X PUT -H 'Content-Type: application/json' \
|
||||||
|
--key $key \
|
||||||
|
--cert $cert \
|
||||||
|
--cacert $cacert \
|
||||||
|
-d '
|
||||||
|
{
|
||||||
|
"name": "Roles",
|
||||||
|
"parent": "'$all_nodes_id'",
|
||||||
|
"classes": {}
|
||||||
|
}' \
|
||||||
|
https://$master_hostname:4433/classifier-api/v1/groups/$roles_group_id | python -m json.tool
|
||||||
|
echo
|
||||||
|
#
|
||||||
|
# Create an environment group for an alternative puppet environment, e.g. dev puppet environment
|
||||||
|
#
|
||||||
|
for file in /etc/puppetlabs/code/environments/$alternate_environment/site/role/manifests/*; do
|
||||||
|
basefilename=$(basename "$file")
|
||||||
|
role_class="role::${basefilename%.*}"
|
||||||
|
echo "Creating the \"$role_class\" classification group"
|
||||||
|
|
||||||
|
curl -s -X POST -H "Content-Type: application/json" \
|
||||||
|
--key $key \
|
||||||
|
--cert $cert \
|
||||||
|
--cacert $cacert \
|
||||||
|
-d '
|
||||||
|
{
|
||||||
|
"name": "'$role_class'",
|
||||||
|
"parent": "'$roles_group_id'",
|
||||||
|
"environment": "'$alternate_environment'",
|
||||||
|
"rule":
|
||||||
|
[ "and",
|
||||||
|
[ "=",
|
||||||
|
[ "trusted", "extensions", "pp_role" ],
|
||||||
|
"'$role_class'"
|
||||||
|
]
|
||||||
|
],
|
||||||
|
"classes": { "'$role_class'": {} }
|
||||||
|
}' \
|
||||||
|
https://$master_hostname:4433/classifier-api/v1/groups
|
||||||
|
done
|
||||||
|
echo
|
||||||
|
#
|
||||||
|
# Create alternate_environment environment group
|
||||||
|
#
|
||||||
|
echo "Creating the \"$alternate_environment\" environment group"
|
||||||
|
curl -s -X PUT -H "Content-Type: application/json" \
|
||||||
|
--key $key \
|
||||||
|
--cert $cert \
|
||||||
|
--cacert $cacert \
|
||||||
|
-d '
|
||||||
|
{
|
||||||
|
"name": "'$alternate_environment' environment",
|
||||||
|
"parent": "'$production_env_group_id'",
|
||||||
|
"environment_trumps": true,
|
||||||
|
"environment": "'$alternate_environment'",
|
||||||
|
"rule":
|
||||||
|
[ "and",
|
||||||
|
[ "=",
|
||||||
|
[ "trusted", "extensions", "pp_environment" ],
|
||||||
|
"'$alternate_environment'"
|
||||||
|
]
|
||||||
|
],
|
||||||
|
"classes": {}
|
||||||
|
}' \
|
||||||
|
https://$master_hostname:4433/classifier-api/v1/groups/$dev_env_group_id | python -m json.tool
|
||||||
|
#
|
||||||
|
# Update the "Agent-specified environment" group so that pp_environment=agent-specified works as expected
|
||||||
|
#
|
||||||
|
echo "Updating \"Agent-specified environment\" group to use pp_environment in its matching rules"
|
||||||
|
curl -s -X PUT -H "Content-type: application/json" \
|
||||||
|
--key $key \
|
||||||
|
--cert $cert \
|
||||||
|
--cacert $cacert \
|
||||||
|
-d '
|
||||||
|
{
|
||||||
|
"name": "Agent-specified environment",
|
||||||
|
"parent": "'$production_env_group_id'",
|
||||||
|
"environment_trumps": true,
|
||||||
|
"rule":
|
||||||
|
[ "and",
|
||||||
|
[ "=",
|
||||||
|
[ "trusted", "extensions", "pp_environment" ],
|
||||||
|
"agent-specified"
|
||||||
|
]
|
||||||
|
],
|
||||||
|
"environment": "agent-specified",
|
||||||
|
"classes": {}
|
||||||
|
}' \
|
||||||
|
https://$master_hostname:4433/classifier-api/v1/groups/$agent_specified_env_group_id | python -m json.tool
|
||||||
|
echo
|
9
site/profile/files/sample_data.sql
Normal file
9
site/profile/files/sample_data.sql
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
DROP TABLE IF EXISTS `test_data`;
|
||||||
|
CREATE TABLE `test_data` (
|
||||||
|
`id` int(11) NOT NULL PRIMARY KEY AUTO_INCREMENT,
|
||||||
|
`first_name` text NOT NULL,
|
||||||
|
`last_name` text NOT NULL
|
||||||
|
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
|
||||||
|
|
||||||
|
INSERT INTO `test_data` (`id`, `first_name`, `last_name`) VALUES
|
||||||
|
(1, 'David', 'Bowie');
|
23
site/profile/files/sample_website/css/main.css
Normal file
23
site/profile/files/sample_website/css/main.css
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
body {
|
||||||
|
margin-top: 200px;
|
||||||
|
margin-left: 60px;
|
||||||
|
width: 70%;
|
||||||
|
font-family: 'Helvetica', 'Arial', 'Sans-Serif';
|
||||||
|
background:black url(../img/logo.png) no-repeat left top;
|
||||||
|
}
|
||||||
|
|
||||||
|
a { text-decoration: none; color: #999; }
|
||||||
|
a:hover { text-decoration: underline; }
|
||||||
|
|
||||||
|
p, ul { font-size: 1.5em; line-height: 0.5em; color: #fff; }
|
||||||
|
|
||||||
|
h1, h2, h3, h4 { color: #ffad1a }
|
||||||
|
h1 { font-size: 2em; }
|
||||||
|
h2 { font-size: 1.7em; }
|
||||||
|
h3 { font-size: 1.5em; }
|
||||||
|
h4 { font-size: 1.3em; }
|
||||||
|
|
||||||
|
nav ul, footer ul { padding: 0px; list-style: none; font-weight: bold; }
|
||||||
|
nav ul li, footer ul li { display: inline; margin-right: 20px; }
|
||||||
|
|
||||||
|
footer { border-top: 1px solid #d5d5d5; font-size: .8em; }
|
BIN
site/profile/files/sample_website/img/apple.png
Normal file
BIN
site/profile/files/sample_website/img/apple.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 6.9 KiB |
BIN
site/profile/files/sample_website/img/favicon.ico
Normal file
BIN
site/profile/files/sample_website/img/favicon.ico
Normal file
Binary file not shown.
After Width: | Height: | Size: 32 KiB |
BIN
site/profile/files/sample_website/img/logo.png
Executable file
BIN
site/profile/files/sample_website/img/logo.png
Executable file
Binary file not shown.
After Width: | Height: | Size: 8.1 KiB |
BIN
site/profile/files/sample_website/img/tux.png
Normal file
BIN
site/profile/files/sample_website/img/tux.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 18 KiB |
BIN
site/profile/files/sample_website/img/windows.png
Normal file
BIN
site/profile/files/sample_website/img/windows.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 6.8 KiB |
8
site/profile/manifests/apache.pp
Normal file
8
site/profile/manifests/apache.pp
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
# @summary This profile installs apache and turns off the default vhost
|
||||||
|
class profile::apache {
|
||||||
|
|
||||||
|
class { 'apache':
|
||||||
|
default_vhost => false,
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -1,5 +0,0 @@
|
|||||||
class profile::base {
|
|
||||||
|
|
||||||
#the base profile should include component modules that will be on all nodes
|
|
||||||
|
|
||||||
}
|
|
@ -1,3 +0,0 @@
|
|||||||
class profile::example {
|
|
||||||
|
|
||||||
}
|
|
20
site/profile/manifests/iis.pp
Normal file
20
site/profile/manifests/iis.pp
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
# @summary This profile installs IIS and turns off the default website
|
||||||
|
class profile::iis {
|
||||||
|
|
||||||
|
$iis_features = [
|
||||||
|
'Web-Server',
|
||||||
|
'Web-WebServer',
|
||||||
|
'Web-Http-Redirect',
|
||||||
|
'Web-Mgmt-Console',
|
||||||
|
'Web-Mgmt-Tools'
|
||||||
|
]
|
||||||
|
|
||||||
|
windowsfeature { $iis_features:
|
||||||
|
ensure => present,
|
||||||
|
}
|
||||||
|
|
||||||
|
iis::manage_site { 'Default Web Site':
|
||||||
|
ensure => absent,
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
12
site/profile/manifests/linux_baseline.pp
Normal file
12
site/profile/manifests/linux_baseline.pp
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
# @summary This profile installs unzip and git as part of the Linux baseline
|
||||||
|
class profile::linux_baseline {
|
||||||
|
|
||||||
|
package { 'unzip':
|
||||||
|
ensure => installed,
|
||||||
|
}
|
||||||
|
|
||||||
|
package { 'git':
|
||||||
|
ensure => installed,
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
8
site/profile/manifests/mysql.pp
Normal file
8
site/profile/manifests/mysql.pp
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
# @summary This profile installs mysql without default accounts
|
||||||
|
class profile::mysql {
|
||||||
|
|
||||||
|
class { 'mysql::server':
|
||||||
|
remove_default_accounts => true
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
21
site/profile/manifests/sample_data.pp
Normal file
21
site/profile/manifests/sample_data.pp
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
# @summary This profile installs sample data into a mysql db
|
||||||
|
class profile::sample_data (
|
||||||
|
$database_content,
|
||||||
|
$database_name,
|
||||||
|
) {
|
||||||
|
|
||||||
|
include mysql::server
|
||||||
|
|
||||||
|
file { '/tmp/sample_data.sql':
|
||||||
|
ensure => file,
|
||||||
|
source => $database_content,
|
||||||
|
}
|
||||||
|
|
||||||
|
mysql::db { $database_name:
|
||||||
|
user => 'admin',
|
||||||
|
password => 'admin',
|
||||||
|
host => 'localhost',
|
||||||
|
grant => ['ALL'],
|
||||||
|
sql => '/tmp/sample_data.sql',
|
||||||
|
}
|
||||||
|
}
|
9
site/profile/manifests/sample_website.pp
Normal file
9
site/profile/manifests/sample_website.pp
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
# @summary This profile installs a sample website
|
||||||
|
class profile::sample_website {
|
||||||
|
|
||||||
|
case $::kernel {
|
||||||
|
'windows': { include profile::sample_website::windows }
|
||||||
|
'Linux': { include profile::sample_website::linux }
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
41
site/profile/manifests/sample_website/linux.pp
Normal file
41
site/profile/manifests/sample_website/linux.pp
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
#
|
||||||
|
class profile::sample_website::linux (
|
||||||
|
$doc_root,
|
||||||
|
$webserver_port,
|
||||||
|
) {
|
||||||
|
require profile::apache
|
||||||
|
include firewalld
|
||||||
|
|
||||||
|
# configure apache
|
||||||
|
apache::vhost { $::fqdn:
|
||||||
|
port => $webserver_port,
|
||||||
|
docroot => $doc_root,
|
||||||
|
require => File[$doc_root],
|
||||||
|
}
|
||||||
|
|
||||||
|
firewalld_port { 'Open port for web':
|
||||||
|
ensure => present,
|
||||||
|
zone => 'public',
|
||||||
|
port => $webserver_port,
|
||||||
|
protocol => 'tcp',
|
||||||
|
}
|
||||||
|
|
||||||
|
# deploy website
|
||||||
|
$website_source_dir = lookup('website_source_dir')
|
||||||
|
|
||||||
|
file { $website_source_dir:
|
||||||
|
ensure => directory,
|
||||||
|
owner => $::apache::user,
|
||||||
|
group => $::apache::group,
|
||||||
|
mode => '0755',
|
||||||
|
path => $doc_root,
|
||||||
|
source => $website_source_dir,
|
||||||
|
recurse => true,
|
||||||
|
}
|
||||||
|
|
||||||
|
file { "${doc_root}/index.html":
|
||||||
|
ensure => file,
|
||||||
|
content => epp('profile/index.html.epp'),
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
53
site/profile/manifests/sample_website/windows.pp
Normal file
53
site/profile/manifests/sample_website/windows.pp
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
#
|
||||||
|
class profile::sample_website::windows (
|
||||||
|
$doc_root,
|
||||||
|
$webserver_port,
|
||||||
|
) {
|
||||||
|
require profile::iis
|
||||||
|
|
||||||
|
# configure iis
|
||||||
|
iis::manage_app_pool {'sample_website':
|
||||||
|
require => [
|
||||||
|
Windowsfeature[$iis_features],
|
||||||
|
Iis::Manage_site['Default Web Site'],
|
||||||
|
],
|
||||||
|
}
|
||||||
|
|
||||||
|
iis::manage_site { $::fqdn:
|
||||||
|
site_path => $doc_root,
|
||||||
|
port => $webserver_port,
|
||||||
|
ip_address => '*',
|
||||||
|
app_pool => 'sample_website',
|
||||||
|
require => [
|
||||||
|
Windowsfeature[$iis_features],
|
||||||
|
Iis::Manage_app_pool['sample_website']
|
||||||
|
],
|
||||||
|
}
|
||||||
|
|
||||||
|
windows_firewall::exception { 'IIS':
|
||||||
|
ensure => present,
|
||||||
|
direction => 'in',
|
||||||
|
action => 'Allow',
|
||||||
|
enabled => 'yes',
|
||||||
|
protocol => 'TCP',
|
||||||
|
local_port => "${webserver_port}",
|
||||||
|
display_name => 'HTTP Inbound',
|
||||||
|
description => 'Inbound rule for HTTP Server',
|
||||||
|
}
|
||||||
|
|
||||||
|
# deploy website
|
||||||
|
$website_source_dir = lookup('website_source_dir')
|
||||||
|
|
||||||
|
file { $website_source_dir:
|
||||||
|
ensure => directory,
|
||||||
|
path => $doc_root,
|
||||||
|
source => $website_source_dir,
|
||||||
|
recurse => true,
|
||||||
|
}
|
||||||
|
|
||||||
|
file { "${doc_root}/index.html":
|
||||||
|
ensure => file,
|
||||||
|
content => epp('profile/index.html.epp'),
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
30
site/profile/manifests/vro_provisioned.pp
Normal file
30
site/profile/manifests/vro_provisioned.pp
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
# @summary This profile does some post agent install cleanup.
|
||||||
|
class profile::vro_provisioned {
|
||||||
|
|
||||||
|
# any operating system-specific state for vro-provisioned machines.
|
||||||
|
# it's common to change the Administrator user name on Windows, for example.
|
||||||
|
case $kernel {
|
||||||
|
'Linux': {
|
||||||
|
$agent_confdir = '/etc/puppetlabs/puppet'
|
||||||
|
}
|
||||||
|
'windows': {
|
||||||
|
$agent_confdir = 'C:/ProgramData/PuppetLabs/puppet/etc'
|
||||||
|
|
||||||
|
#exec { 'rename-Administrator':
|
||||||
|
# command => '$(Get-WMIObject Win32_UserAccount -Filter "Name=\'Administrator\'").Rename("puppet#adm1n")',
|
||||||
|
# unless => 'if (Get-WmiObject Win32_UserAccount -Filter "Name=\'Administrator\'") { exit 1 }',
|
||||||
|
# provider => powershell,
|
||||||
|
#}
|
||||||
|
|
||||||
|
}
|
||||||
|
default: {}
|
||||||
|
}
|
||||||
|
|
||||||
|
# ensure that the csr_attributes.yaml file containing the shared
|
||||||
|
# autosign secret is removed on the first puppet agent run.
|
||||||
|
file { "${agent_confdir}/csr_attributes.yaml":
|
||||||
|
ensure => absent,
|
||||||
|
backup => false,
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
16
site/profile/manifests/windows_baseline.pp
Normal file
16
site/profile/manifests/windows_baseline.pp
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
# @summary This profile installs unzip and git as part of the Windows baseline
|
||||||
|
class profile::windows_baseline {
|
||||||
|
|
||||||
|
include chocolatey
|
||||||
|
|
||||||
|
package { 'unzip':
|
||||||
|
ensure => installed,
|
||||||
|
provider => chocolatey,
|
||||||
|
}
|
||||||
|
|
||||||
|
package { 'git':
|
||||||
|
ensure => installed,
|
||||||
|
provider => chocolatey,
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
37
site/profile/templates/index.html.epp
Normal file
37
site/profile/templates/index.html.epp
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
|
||||||
|
<head>
|
||||||
|
<title>Sample Website</title>
|
||||||
|
<link rel="stylesheet" type="text/css" href="css/main.css">
|
||||||
|
<link rel="icon" type="image/x-icon" href="img/favicon.ico">
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<div class="container">
|
||||||
|
<div class="blurb">
|
||||||
|
<% if $kernel == 'windows' { -%>
|
||||||
|
<img src="img/windows.png" height="128" width="128" />
|
||||||
|
<% } elsif $kernel == 'Linux' { -%>
|
||||||
|
<img src="img/tux.png" height="128" width="128" />
|
||||||
|
<% } elsif $kernel == 'Darwin' { -%>
|
||||||
|
<img src="img/apple.png" height="128" width="128" />
|
||||||
|
<% } -%>
|
||||||
|
<h1>System Info </h1>
|
||||||
|
<p>fqdn/certname:
|
||||||
|
<%= $trusted[certname] %>
|
||||||
|
</p>
|
||||||
|
<p>ip address:
|
||||||
|
<%= $networking[ip] %>
|
||||||
|
</p>
|
||||||
|
<p>total system memory:
|
||||||
|
<%= $memory[system][total] %>
|
||||||
|
</p>
|
||||||
|
<p>vm uuid:
|
||||||
|
<%= $trusted[extensions][pp_uuid] %>
|
||||||
|
</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</body>
|
||||||
|
|
||||||
|
</html>
|
@ -1,7 +0,0 @@
|
|||||||
class role::database_server {
|
|
||||||
|
|
||||||
#This role would be made of all the profiles that need to be included to make a database server work
|
|
||||||
#All roles should include the base profile
|
|
||||||
include profile::base
|
|
||||||
|
|
||||||
}
|
|
@ -1,3 +0,0 @@
|
|||||||
class role::example {
|
|
||||||
|
|
||||||
}
|
|
4
site/role/manifests/linux_base.pp
Normal file
4
site/role/manifests/linux_base.pp
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
# @summary This role installs a baseline of packages on Linux machines
|
||||||
|
class role::linux_base {
|
||||||
|
include profile::linux_baseline
|
||||||
|
}
|
6
site/role/manifests/linux_mysql_database.pp
Normal file
6
site/role/manifests/linux_mysql_database.pp
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
# @summary This role installs a mysql databse and sample data
|
||||||
|
class role::linux_mysql_database {
|
||||||
|
include profile::linux_baseline
|
||||||
|
include profile::mysql
|
||||||
|
include profile::sample_data
|
||||||
|
}
|
7
site/role/manifests/linux_webserver.pp
Normal file
7
site/role/manifests/linux_webserver.pp
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
# @summary This role installs an apache webserver and sample content on port 80.
|
||||||
|
class role::linux_webserver {
|
||||||
|
include profile::linux_baseline
|
||||||
|
include profile::vro_provisioned
|
||||||
|
include profile::apache
|
||||||
|
include profile::sample_website
|
||||||
|
}
|
@ -1,7 +0,0 @@
|
|||||||
class role::webserver {
|
|
||||||
|
|
||||||
#This role would be made of all the profiles that need to be included to make a webserver work
|
|
||||||
#All roles should include the base profile
|
|
||||||
include profile::base
|
|
||||||
|
|
||||||
}
|
|
4
site/role/manifests/windows_base.pp
Normal file
4
site/role/manifests/windows_base.pp
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
# @summary This role installs a baseline of packages on Windows machines
|
||||||
|
class role::windows_base {
|
||||||
|
include profile::windows_baseline
|
||||||
|
}
|
7
site/role/manifests/windows_webserver.pp
Normal file
7
site/role/manifests/windows_webserver.pp
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
# @summary This role installs IIS and sample content on port 80.
|
||||||
|
class role::windows_webserver {
|
||||||
|
include profile::windows_baseline
|
||||||
|
include profile::vro_provisioned
|
||||||
|
include profile::iis
|
||||||
|
include profile::sample_website
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user