From 4e2a2b81cf17909647728a0c9febab7ab0370e65 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Tue, 13 Jan 2015 16:42:06 -0800 Subject: [PATCH 01/75] Initial Commit Stole Gary's puppet_repository and modified it for general general consumption. Upped the version of r10k to newest (1.4.1) Ripped out the hiera examples just left defaults.yaml Tweaked environment.conf --- Puppetfile | 16 +++++++++++++++ configure_r10k.pp | 21 ++++++++++++++++++++ environment.conf | 8 ++++++++ hiera.yaml | 14 +++++++++++++ hieradata/defaults.yaml | 2 ++ manifests/site.pp | 44 +++++++++++++++++++++++++++++++++++++++++ 6 files changed, 105 insertions(+) create mode 100644 Puppetfile create mode 100644 configure_r10k.pp create mode 100644 environment.conf create mode 100644 hiera.yaml create mode 100644 hieradata/defaults.yaml create mode 100644 manifests/site.pp diff --git a/Puppetfile b/Puppetfile new file mode 100644 index 0000000..77f1ccb --- /dev/null +++ b/Puppetfile @@ -0,0 +1,16 @@ +forge "http://forge.puppetlabs.com" + +# Modules from the Puppet Forge +mod "puppetlabs/apache" +mod "puppetlabs/ntp" + +# Modules from Github using various references +# Further examples: https://github.com/puppetlabs/r10k/blob/master/doc/puppetfile.mkd#examples +mod 'notifyme', + :git => 'git://github.com/glarizza/puppet-notifyme', + :ref => '50c01703b2e3e352520a9a2271ea4947fe17a51f' + +mod 'profiles', + :git => 'git://github.com/glarizza/puppet-profiles', + :ref => '3611ae4253ff01762f9bda1d93620edf8f9a3b22' + diff --git a/configure_r10k.pp b/configure_r10k.pp new file mode 100644 index 0000000..1965a43 --- /dev/null +++ b/configure_r10k.pp @@ -0,0 +1,21 @@ +###### ###### +## Configure R10k ## +###### ###### + +## This manifest requires the zack/R10k module and will attempt to +## configure R10k according to my blog post on directory environments. +## Beware! (and good luck!) + +class { 'r10k': + version => '1.4.1', + sources => { + 'puppet' => { + #Edit remote to be your own control_repo + 'remote' => 'https://github.com/npwalker/control_repo.git', + 'basedir' => "${::settings::confdir}/environments", + 'prefix' => false, + } + }, + purgedirs => ["${::settings::confdir}/environments"], + manage_modulepath => false, +} diff --git a/environment.conf b/environment.conf new file mode 100644 index 0000000..6511fe4 --- /dev/null +++ b/environment.conf @@ -0,0 +1,8 @@ +modulepath = modules:$basemodulepath +config_version = '/usr/bin/git --git-dir $confdir/environments/$environment/.git rev-parse HEAD' + +# Environment timeout should be set to unlimited. When set to zero it is less performant. +# When code is deployed the admin API of puppetserver should be used to force a refresh of code from disk. +# https://docs.puppetlabs.com/puppetserver/1.0/release_notes.html#new-feature-admin-api-for-refreshing-environments +# https://docs.puppetlabs.com/puppet/3.7/reference/environments_configuring.html#environmenttimeout +environment_timeout = 0 diff --git a/hiera.yaml b/hiera.yaml new file mode 100644 index 0000000..1ce9330 --- /dev/null +++ b/hiera.yaml @@ -0,0 +1,14 @@ +--- +:backends: + - yaml +:hierarchy: + - "%{clientcert}" + - "%{application_tier}" + - defaults + +:yaml: +# datadir is empty here, so hiera uses its defaults: +# - /var/lib/hiera on *nix +# - %CommonAppData%\PuppetLabs\hiera\var on Windows +# When specifying a datadir, make sure the directory exists. + :datadir: "/etc/puppetlabs/puppet/environments/%{environment}/hieradata" diff --git a/hieradata/defaults.yaml b/hieradata/defaults.yaml new file mode 100644 index 0000000..2baa62b --- /dev/null +++ b/hieradata/defaults.yaml @@ -0,0 +1,2 @@ +--- +message: "This node is using common data" diff --git a/manifests/site.pp b/manifests/site.pp new file mode 100644 index 0000000..d52e944 --- /dev/null +++ b/manifests/site.pp @@ -0,0 +1,44 @@ + +## site.pp ## + +# This file (/etc/puppetlabs/puppet/manifests/site.pp) is the main entry point +# used when an agent connects to a master and asks for an updated configuration. +# +# Global objects like filebuckets and resource defaults should go in this file, +# as should the default node definition. (The default node can be omitted +# if you use the console and don't define any other nodes in site.pp. See +# http://docs.puppetlabs.com/guides/language_guide.html#nodes for more on +# node definitions.) + +## Active Configurations ## + +# PRIMARY FILEBUCKET +# This configures puppet agent and puppet inspect to back up file contents when +# they run. The Puppet Enterprise console needs this to display file contents +# and differences. + +# Define filebucket 'main': +filebucket { 'main': + #server should point to one master that will be the file bucket + server => 'changeme', + path => false, +} + +# Make filebucket 'main' the default backup location for all File resources: +File { backup => 'main' } + +# DEFAULT NODE +# Node definitions in this file are merged with node data from the console. See +# http://docs.puppetlabs.com/guides/language_guide.html#nodes for more on +# node definitions. + +# The default node definition matches any node lacking a more specific node +# definition. If there are no other nodes in this file, classes declared here +# will be included in every node's catalog, *in addition* to any classes +# specified in the console for that node. + +node default { + # This is where you can declare classes for all nodes. + # Example: + # class { 'my_class': } +} From a6ef3842225e303fc673fdb13b595b36d961e721 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Tue, 13 Jan 2015 16:50:53 -0800 Subject: [PATCH 02/75] Add the README --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..5ab2dc9 --- /dev/null +++ b/README.md @@ -0,0 +1,6 @@ +1. Clone this repo down to your master (in /tmp is fine) and upload it to your own internal git server +2. Edit configure_r10k.pp so that the server parameter is set to your interal git server and repo name +3. On your Master, run `puppet apply configure_r10k.pp` + - This will install r10k and point it at the repo we setup in step 1 +4. You can remove configure_r10k.pp from the repo now. + From f4393ecc07918f5b70454acd68ec2ce1683a27c7 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Wed, 14 Jan 2015 14:22:45 -0800 Subject: [PATCH 03/75] Add stdlib to Puppetfile Comment out Gary's examples --- Puppetfile | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Puppetfile b/Puppetfile index 77f1ccb..8f34ca1 100644 --- a/Puppetfile +++ b/Puppetfile @@ -1,16 +1,16 @@ forge "http://forge.puppetlabs.com" # Modules from the Puppet Forge -mod "puppetlabs/apache" mod "puppetlabs/ntp" +mod "puppetlabs/stdlib" # Modules from Github using various references # Further examples: https://github.com/puppetlabs/r10k/blob/master/doc/puppetfile.mkd#examples -mod 'notifyme', - :git => 'git://github.com/glarizza/puppet-notifyme', - :ref => '50c01703b2e3e352520a9a2271ea4947fe17a51f' +#mod 'notifyme', +# :git => 'git://github.com/glarizza/puppet-notifyme', +# :ref => '50c01703b2e3e352520a9a2271ea4947fe17a51f' -mod 'profiles', - :git => 'git://github.com/glarizza/puppet-profiles', - :ref => '3611ae4253ff01762f9bda1d93620edf8f9a3b22' +#mod 'profiles', +# :git => 'git://github.com/glarizza/puppet-profiles', +# :ref => '3611ae4253ff01762f9bda1d93620edf8f9a3b22' From 0c67040afa385c7894326bf8c50452f4f06c39cd Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Wed, 14 Jan 2015 14:32:59 -0800 Subject: [PATCH 04/75] Update README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 5ab2dc9..c913915 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,7 @@ 1. Clone this repo down to your master (in /tmp is fine) and upload it to your own internal git server 2. Edit configure_r10k.pp so that the server parameter is set to your interal git server and repo name -3. On your Master, run `puppet apply configure_r10k.pp` +3. On your Master, run `puppet module install zack/r10k` +4. On your Master, run `puppet apply configure_r10k.pp` - This will install r10k and point it at the repo we setup in step 1 4. You can remove configure_r10k.pp from the repo now. From e2b5da17e68bf8ef0c378d3c5029d3e1a56fb870 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Wed, 14 Jan 2015 17:17:58 -0800 Subject: [PATCH 05/75] Update README.md --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index c913915..c6ef672 100644 --- a/README.md +++ b/README.md @@ -3,5 +3,7 @@ 3. On your Master, run `puppet module install zack/r10k` 4. On your Master, run `puppet apply configure_r10k.pp` - This will install r10k and point it at the repo we setup in step 1 -4. You can remove configure_r10k.pp from the repo now. +5. You're now ready to run `r10k deploy environment --verbose` which will deploy modules from your Puppetfile + +Side note: You can remove configure_r10k.pp from the repo now. From 4fa14545f65dd1286c89d966339cdf2de6bf672d Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Mon, 11 May 2015 15:28:42 -0700 Subject: [PATCH 06/75] Update site.pp to work OOTB --- manifests/site.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/site.pp b/manifests/site.pp index d52e944..b3319bd 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -20,7 +20,7 @@ # Define filebucket 'main': filebucket { 'main': #server should point to one master that will be the file bucket - server => 'changeme', + server => "${settings::server}", path => false, } From 2567745d68d920960f5800c15b33cb4f4194c5d7 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Thu, 14 May 2015 11:40:35 -0700 Subject: [PATCH 07/75] Update hiera.yaml --- hiera.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hiera.yaml b/hiera.yaml index 1ce9330..80d14c9 100644 --- a/hiera.yaml +++ b/hiera.yaml @@ -2,8 +2,7 @@ :backends: - yaml :hierarchy: - - "%{clientcert}" - - "%{application_tier}" + - "nodes/%{clientcert}" - defaults :yaml: From 368cb4adf0bffcae52842a2d73ff22a38136bf04 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Fri, 15 May 2015 11:37:47 -0700 Subject: [PATCH 08/75] Update configure_r10k.pp for PE3.8 --- configure_r10k.pp | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/configure_r10k.pp b/configure_r10k.pp index 1965a43..c6750ca 100644 --- a/configure_r10k.pp +++ b/configure_r10k.pp @@ -2,16 +2,15 @@ ## Configure R10k ## ###### ###### -## This manifest requires the zack/R10k module and will attempt to -## configure R10k according to my blog post on directory environments. +## This manifest requires the zack/R10k module ## Beware! (and good luck!) class { 'r10k': - version => '1.4.1', + version => '1.5.1', sources => { 'puppet' => { #Edit remote to be your own control_repo - 'remote' => 'https://github.com/npwalker/control_repo.git', + 'remote' => 'https://github.com/npwalker/control-repo.git', 'basedir' => "${::settings::confdir}/environments", 'prefix' => false, } From d3ee945798b98dc9f8abba6a4ddf4f33d4bf1c4e Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Fri, 15 May 2015 11:39:23 -0700 Subject: [PATCH 09/75] Update hiera.yaml --- hiera.yaml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/hiera.yaml b/hiera.yaml index 80d14c9..bc98555 100644 --- a/hiera.yaml +++ b/hiera.yaml @@ -3,11 +3,7 @@ - yaml :hierarchy: - "nodes/%{clientcert}" - - defaults + - common :yaml: -# datadir is empty here, so hiera uses its defaults: -# - /var/lib/hiera on *nix -# - %CommonAppData%\PuppetLabs\hiera\var on Windows -# When specifying a datadir, make sure the directory exists. :datadir: "/etc/puppetlabs/puppet/environments/%{environment}/hieradata" From 222673572abbd538d73ece9f7e03bc73f0f9c7eb Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Fri, 15 May 2015 11:40:37 -0700 Subject: [PATCH 10/75] Rename defaults.yaml to common.yaml --- hieradata/{defaults.yaml => common.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename hieradata/{defaults.yaml => common.yaml} (100%) diff --git a/hieradata/defaults.yaml b/hieradata/common.yaml similarity index 100% rename from hieradata/defaults.yaml rename to hieradata/common.yaml From 52629f31e02e2df40eee288ffdd2828e3bd53960 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Fri, 15 May 2015 11:48:52 -0700 Subject: [PATCH 11/75] Update Puppetfile --- Puppetfile | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/Puppetfile b/Puppetfile index 8f34ca1..893fe04 100644 --- a/Puppetfile +++ b/Puppetfile @@ -1,8 +1,13 @@ forge "http://forge.puppetlabs.com" # Modules from the Puppet Forge -mod "puppetlabs/ntp" -mod "puppetlabs/stdlib" +# Note the versions are all set to :latest but after you've +# installed you should change them to the exact version you want +mod "puppetlabs/inifile", :latest +mod "puppetlabs/stdlib", :latest +mod "puppetlabs/concat", :latest +mod "puppetlabs/ntp", :latest +mod "saz/ssh", :latest # Modules from Github using various references # Further examples: https://github.com/puppetlabs/r10k/blob/master/doc/puppetfile.mkd#examples From 724e3e97d0d1fec8d1c07f5109cb77d59e5d9199 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Fri, 15 May 2015 12:05:33 -0700 Subject: [PATCH 12/75] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c6ef672..370cb64 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ 3. On your Master, run `puppet module install zack/r10k` 4. On your Master, run `puppet apply configure_r10k.pp` - This will install r10k and point it at the repo we setup in step 1 -5. You're now ready to run `r10k deploy environment --verbose` which will deploy modules from your Puppetfile +5. You're now ready to run `r10k deploy environment -p --verbose` which will deploy modules from your Puppetfile Side note: You can remove configure_r10k.pp from the repo now. From bfed08bfea898480e517985250f561ed8557609d Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Tue, 26 May 2015 10:00:02 -0700 Subject: [PATCH 13/75] Update README.md --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 370cb64..011b779 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,9 @@ +# Before Starting: + +If you've already written or download modules when you start using r10k it will remove all of the existing modules and replace them with what you define in your Puppetfile. Please copy or move your existing modules to another directory to ensure you do not lose any work you've already started. + +## How to Use This Repo + 1. Clone this repo down to your master (in /tmp is fine) and upload it to your own internal git server 2. Edit configure_r10k.pp so that the server parameter is set to your interal git server and repo name 3. On your Master, run `puppet module install zack/r10k` From 944a0300cf187c97db8ffdeb3507b0d8b2dc4182 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Wed, 27 May 2015 14:55:24 -0700 Subject: [PATCH 14/75] add site to modulepath in environment.conf --- environment.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/environment.conf b/environment.conf index 6511fe4..95c2be1 100644 --- a/environment.conf +++ b/environment.conf @@ -1,4 +1,4 @@ -modulepath = modules:$basemodulepath +modulepath = site:modules:$basemodulepath config_version = '/usr/bin/git --git-dir $confdir/environments/$environment/.git rev-parse HEAD' # Environment timeout should be set to unlimited. When set to zero it is less performant. From 24aa475d20c413aa3d2925a110be767176989ef3 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Wed, 27 May 2015 15:02:50 -0700 Subject: [PATCH 15/75] Add a site directory with example role and profile module --- site/profile/manifests/base.pp | 5 +++++ site/role/manifests/database_server.pp | 7 +++++++ site/role/manifests/webserver.pp | 7 +++++++ 3 files changed, 19 insertions(+) create mode 100644 site/profile/manifests/base.pp create mode 100644 site/role/manifests/database_server.pp create mode 100644 site/role/manifests/webserver.pp diff --git a/site/profile/manifests/base.pp b/site/profile/manifests/base.pp new file mode 100644 index 0000000..ae85e65 --- /dev/null +++ b/site/profile/manifests/base.pp @@ -0,0 +1,5 @@ +class profile::base { + + #the base profile should include component modules that will be on all nodes + +} diff --git a/site/role/manifests/database_server.pp b/site/role/manifests/database_server.pp new file mode 100644 index 0000000..8c37438 --- /dev/null +++ b/site/role/manifests/database_server.pp @@ -0,0 +1,7 @@ +class role::database_server { + + #This role would be made of all the profiles that need to be included to make a database server work + #All roles should include the base profile + include profile::base + +} diff --git a/site/role/manifests/webserver.pp b/site/role/manifests/webserver.pp new file mode 100644 index 0000000..314fa55 --- /dev/null +++ b/site/role/manifests/webserver.pp @@ -0,0 +1,7 @@ +class role::webserver { + + #This role would be made of all the profiles that need to be included to make a webserver work + #All roles should include the base profile + include profile::base + +} From 4e8e16cbdd715bf44dd1c1697c04b5b0f9ddf529 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Thu, 25 Jun 2015 10:54:39 -0700 Subject: [PATCH 16/75] Remove purgedirs --- configure_r10k.pp | 1 - 1 file changed, 1 deletion(-) diff --git a/configure_r10k.pp b/configure_r10k.pp index c6750ca..fe52a1b 100644 --- a/configure_r10k.pp +++ b/configure_r10k.pp @@ -15,6 +15,5 @@ class { 'r10k': 'prefix' => false, } }, - purgedirs => ["${::settings::confdir}/environments"], manage_modulepath => false, } From e972bafa1a056d46840d3aaa38dcc2844cf04042 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Fri, 26 Jun 2015 08:49:49 -0700 Subject: [PATCH 17/75] Update Puppetfile --- Puppetfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Puppetfile b/Puppetfile index 893fe04..bba46dd 100644 --- a/Puppetfile +++ b/Puppetfile @@ -9,6 +9,10 @@ mod "puppetlabs/concat", :latest mod "puppetlabs/ntp", :latest mod "saz/ssh", :latest +#An example of using a specific forge module version instead of latest +#Notice the addition of single quotes +#mod "puppetlabs/inifile", '1.3.0' + # Modules from Github using various references # Further examples: https://github.com/puppetlabs/r10k/blob/master/doc/puppetfile.mkd#examples #mod 'notifyme', From bc6bae23d79aed7b05ac018496b8cddc02fe4fba Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Fri, 26 Jun 2015 10:21:51 -0700 Subject: [PATCH 18/75] Update environment.conf --- environment.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/environment.conf b/environment.conf index 95c2be1..a1579ce 100644 --- a/environment.conf +++ b/environment.conf @@ -1,4 +1,4 @@ -modulepath = site:modules:$basemodulepath +modulepath = modules:site:$basemodulepath config_version = '/usr/bin/git --git-dir $confdir/environments/$environment/.git rev-parse HEAD' # Environment timeout should be set to unlimited. When set to zero it is less performant. From 437433ff44cd77915a4a7b1d61d7aa624c44b41a Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Mon, 3 Aug 2015 14:44:35 -0700 Subject: [PATCH 19/75] Remove hiera.yaml and instead manage it with puppet code Added hunner/hiera to the Puppetfile and a manifest to use it instead of placing a hiera.yaml in the repo. --- Puppetfile | 5 +++++ hiera.yaml | 9 --------- site/profile/manifests/puppetmaster.pp | 14 ++++++++++++++ 3 files changed, 19 insertions(+), 9 deletions(-) delete mode 100644 hiera.yaml create mode 100644 site/profile/manifests/puppetmaster.pp diff --git a/Puppetfile b/Puppetfile index bba46dd..fde9831 100644 --- a/Puppetfile +++ b/Puppetfile @@ -15,6 +15,11 @@ mod "saz/ssh", :latest # Modules from Github using various references # Further examples: https://github.com/puppetlabs/r10k/blob/master/doc/puppetfile.mkd#examples +# update the tag to the most current release when implementing +mod 'hiera', + :git => 'https://github.com/hunner/puppet-hiera', + :tag => '1.3.1' + #mod 'notifyme', # :git => 'git://github.com/glarizza/puppet-notifyme', # :ref => '50c01703b2e3e352520a9a2271ea4947fe17a51f' diff --git a/hiera.yaml b/hiera.yaml deleted file mode 100644 index bc98555..0000000 --- a/hiera.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -:backends: - - yaml -:hierarchy: - - "nodes/%{clientcert}" - - common - -:yaml: - :datadir: "/etc/puppetlabs/puppet/environments/%{environment}/hieradata" diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp new file mode 100644 index 0000000..8242110 --- /dev/null +++ b/site/profile/manifests/puppetmaster.pp @@ -0,0 +1,14 @@ +class profile::puppetmaster { + + class { 'hiera': + hierarchy => [ + "nodes/%{::trusted.certname}", + :common", + ], + hiera_yaml => '/etc/puppetlabs/code/hiera.yaml', + datadir => "/etc/puppetlabs/code/environments/%{environment}/hieradata", + owner => 'root', + group => 'root', + } + +} From f5cb1fa75796327cefe8054efeab855c143ef2e3 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Mon, 3 Aug 2015 17:05:06 -0700 Subject: [PATCH 20/75] Update config_version to use a script that does not require git The config_version now uses a script that will do one of two things: 1. call config_version.rb which uses rugged to find the information about the latest commit if PE is on version 2015.2 or newer 2. make a call to git if the PE version is less than 2015.2 --- environment.conf | 2 +- scripts/config_version.rb | 17 +++++++++++++++++ scripts/config_version.sh | 7 +++++++ 3 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 scripts/config_version.rb create mode 100644 scripts/config_version.sh diff --git a/environment.conf b/environment.conf index a1579ce..6d60708 100644 --- a/environment.conf +++ b/environment.conf @@ -1,5 +1,5 @@ modulepath = modules:site:$basemodulepath -config_version = '/usr/bin/git --git-dir $confdir/environments/$environment/.git rev-parse HEAD' +config_version = 'scripts/config_version.sh $environmentpath $environment' # Environment timeout should be set to unlimited. When set to zero it is less performant. # When code is deployed the admin API of puppetserver should be used to force a refresh of code from disk. diff --git a/scripts/config_version.rb b/scripts/config_version.rb new file mode 100644 index 0000000..52f32c5 --- /dev/null +++ b/scripts/config_version.rb @@ -0,0 +1,17 @@ +require 'rugged' + +environmentpath = ARGV[0] +environment = ARGV[1] + +repo = Rugged::Repository.discover(File.join(environmentpath, environment)) +head = repo.head + +#sha1 hash of the newest commit +head_sha = head.target_id + +#the commit message associated the newest commit +commit = repo.lookup(head_sha) + +#add something to find the remote url + +puts head_sha diff --git a/scripts/config_version.sh b/scripts/config_version.sh new file mode 100644 index 0000000..1f42d34 --- /dev/null +++ b/scripts/config_version.sh @@ -0,0 +1,7 @@ +#!/bin/bash +if [ -e /opt/puppetlabs/server/pe_version ] +then + /opt/puppetlabs/puppet/bin/ruby $1/$2/scripts/config_version.rb $1 $2 +else + /usr/bin/git --git-dir $codedir/environments/$environment/.git rev-parse HEAD +fi From 921c83736ee9ec1ff48d3e18137292bb38829262 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Mon, 3 Aug 2015 17:24:41 -0700 Subject: [PATCH 21/75] Update site.pp to use a trusted fact role Allow including a role if defined via a trusted fact on the node during provisioning time. This is how I will bootstrap any necessary configuration on the master, or other PE internal nodes. --- manifests/site.pp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/manifests/site.pp b/manifests/site.pp index b3319bd..cc02727 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -38,6 +38,11 @@ File { backup => 'main' } # specified in the console for that node. node default { + #incude a role on any node that specifies it's role via a trusted fact at provision time + #https://docs.puppetlabs.com/puppet/latest/reference/lang_facts_and_builtin_vars.html#trusted-facts + #https://docs.puppetlabs.com/puppet/latest/reference/ssl_attributes_extensions.html#aws-attributes-and-extensions-population-example + include $trusted['extensions']['pp_role'] + # This is where you can declare classes for all nodes. # Example: # class { 'my_class': } From 5d0ae0c01fc5f3dbc1da07fe0a58ea1b36f2ead6 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Mon, 3 Aug 2015 17:45:12 -0700 Subject: [PATCH 22/75] fix config_version script for 3.8 and below --- scripts/config_version.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/config_version.sh b/scripts/config_version.sh index 1f42d34..543ec26 100644 --- a/scripts/config_version.sh +++ b/scripts/config_version.sh @@ -3,5 +3,5 @@ if [ -e /opt/puppetlabs/server/pe_version ] then /opt/puppetlabs/puppet/bin/ruby $1/$2/scripts/config_version.rb $1 $2 else - /usr/bin/git --git-dir $codedir/environments/$environment/.git rev-parse HEAD + /usr/bin/git --git-dir $1/$2/.git rev-parse HEAD fi From 9b50d5e31ee4de65445b6a5bec39da590dedbe36 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Thu, 13 Aug 2015 14:10:29 -0700 Subject: [PATCH 23/75] Update the README, add an all_in_one_pe role Updating README for instructions on how to use the control-repo by putting it in your own git server and then using the r10k answers during installation of PE. Removing the manifest for configuring r10k using zack/r10k. Added a role that can be used to bootstrap an all-in-one PE installation. --- README.md | 64 ++++++++++++++++++++++++---- configure_r10k.pp | 19 --------- site/role/manifests/all_in_one_pe.pp | 5 +++ 3 files changed, 60 insertions(+), 28 deletions(-) delete mode 100644 configure_r10k.pp create mode 100644 site/role/manifests/all_in_one_pe.pp diff --git a/README.md b/README.md index 011b779..7877c02 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,61 @@ # Before Starting: -If you've already written or download modules when you start using r10k it will remove all of the existing modules and replace them with what you define in your Puppetfile. Please copy or move your existing modules to another directory to ensure you do not lose any work you've already started. +This control repo and the steps below are intended to be used during a new installation of PE. -## How to Use This Repo +If you intend to use it on an existing installation of PE then you'll have to figure out some of the steps on your own and be warned that if you've already written or downloaded modules when you start using r10k it will remove all of the existing modules and replace them with what you define in your Puppetfile. Please copy or move your existing modules to another directory to ensure you do not lose any work you've already started. -1. Clone this repo down to your master (in /tmp is fine) and upload it to your own internal git server -2. Edit configure_r10k.pp so that the server parameter is set to your interal git server and repo name -3. On your Master, run `puppet module install zack/r10k` -4. On your Master, run `puppet apply configure_r10k.pp` - - This will install r10k and point it at the repo we setup in step 1 -5. You're now ready to run `r10k deploy environment -p --verbose` which will deploy modules from your Puppetfile +## How to Copy This Repo Into Your Own Git Server + +1. Make an user in your internal git server + +2. Make an ssh key to link with your user. You’ll want to do this on the machine you intend to edit code from ( most likely not your puppet master but your local workstation / laptop ) + - https://help.github.com/articles/generating-ssh-keys/ + +3. Create a repository in your git server called control-repo + +4. Setup your control repository by copying this one + - https://github.com/npwalker/control-repo + - git clone https://github.com/npwalker/control-repo.git + +5. Remove the .git directory from the cloned repo. + - `cd control-repo` + - `rm -rf .git` + +6. `git init` + +7. Find the url to your internal repo this is usually on the front page of the repo + - Add the repo as a remote + - git remote add origin git@gitlab-server:root/control-repo.git + +8. Push the repository from your machine up to your git server + - `git push origin production` + +## Lay Down a Trusted Fact Before Installing PE + +This control repository is setup to manage certain portions of your PE installation for you if you lay down a trusted fact called pp_role before installing. In order to immeadiately gain from these benefits you will need to lay down a file that looks exactly like the below in `/etc/puppetlabs/puppet/csr_attributes.yaml` + +``` +--- +extension_requests: + #pp_role + 1.3.6.1.4.1.34380.1.1.13: 'all_in_one_pe' +``` + +## Install a New PE 2015.2+ Instance or Update an Existing PE Instance To Use the Control Repository + +### Install PE Specifying Answers To Point To Your Control Repository + +https://docs.puppetlabs.com/pe/latest/r10k_config_answers.html + +#TODO +Flush out generating an answer file and then appending these answers onto the end of it. + +### Update Existing PE 2015.2+ Install To Point To The Control Repository + +https://docs.puppetlabs.com/pe/latest/r10k_config_console.html + +## Run r10k + +1. Run `r10k deploy environment —verbose` and watch it install the modules from your Puppetfile -Side note: You can remove configure_r10k.pp from the repo now. diff --git a/configure_r10k.pp b/configure_r10k.pp deleted file mode 100644 index fe52a1b..0000000 --- a/configure_r10k.pp +++ /dev/null @@ -1,19 +0,0 @@ -###### ###### -## Configure R10k ## -###### ###### - -## This manifest requires the zack/R10k module -## Beware! (and good luck!) - -class { 'r10k': - version => '1.5.1', - sources => { - 'puppet' => { - #Edit remote to be your own control_repo - 'remote' => 'https://github.com/npwalker/control-repo.git', - 'basedir' => "${::settings::confdir}/environments", - 'prefix' => false, - } - }, - manage_modulepath => false, -} diff --git a/site/role/manifests/all_in_one_pe.pp b/site/role/manifests/all_in_one_pe.pp new file mode 100644 index 0000000..ca99139 --- /dev/null +++ b/site/role/manifests/all_in_one_pe.pp @@ -0,0 +1,5 @@ +class role::all_in_one_pe { + + include profile::puppetmaster + +} From b0c5ac495c40e6208460afaedd2ae5b8b1cb954f Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Thu, 13 Aug 2015 14:47:08 -0700 Subject: [PATCH 24/75] Add execute bit to config_version scripts --- scripts/config_version.rb | 0 scripts/config_version.sh | 0 2 files changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 scripts/config_version.rb mode change 100644 => 100755 scripts/config_version.sh diff --git a/scripts/config_version.rb b/scripts/config_version.rb old mode 100644 new mode 100755 diff --git a/scripts/config_version.sh b/scripts/config_version.sh old mode 100644 new mode 100755 From 70690333eedbb28b3f286912e6d9749b4a7e2618 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Thu, 13 Aug 2015 15:41:11 -0700 Subject: [PATCH 25/75] Fix some quoting issues and add role:: to the include in site.pp --- manifests/site.pp | 2 +- site/profile/manifests/puppetmaster.pp | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/site.pp b/manifests/site.pp index cc02727..5ba0af4 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -41,7 +41,7 @@ node default { #incude a role on any node that specifies it's role via a trusted fact at provision time #https://docs.puppetlabs.com/puppet/latest/reference/lang_facts_and_builtin_vars.html#trusted-facts #https://docs.puppetlabs.com/puppet/latest/reference/ssl_attributes_extensions.html#aws-attributes-and-extensions-population-example - include $trusted['extensions']['pp_role'] + include "role::${trusted['extensions']['pp_role']}" # This is where you can declare classes for all nodes. # Example: diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp index 8242110..b22500c 100644 --- a/site/profile/manifests/puppetmaster.pp +++ b/site/profile/manifests/puppetmaster.pp @@ -2,11 +2,11 @@ class profile::puppetmaster { class { 'hiera': hierarchy => [ - "nodes/%{::trusted.certname}", - :common", + "\"nodes/%{::trusted.certname}\"", + "common", ], hiera_yaml => '/etc/puppetlabs/code/hiera.yaml', - datadir => "/etc/puppetlabs/code/environments/%{environment}/hieradata", + datadir => "\"/etc/puppetlabs/code/environments/%{environment}/hieradata\"", owner => 'root', group => 'root', } From 6a78949ca8b24fd0e655b34cfc1406d967fe6e26 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Thu, 13 Aug 2015 17:10:55 -0700 Subject: [PATCH 26/75] Fix some incorrect quoting in the hiera class I thought I needed to double quote items that had interpolated variables but it turns out I don't need to which is good because I effectively can't due to .to_yaml not doing what I wanted it to do. --- site/profile/manifests/puppetmaster.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp index b22500c..2747d40 100644 --- a/site/profile/manifests/puppetmaster.pp +++ b/site/profile/manifests/puppetmaster.pp @@ -2,11 +2,11 @@ class profile::puppetmaster { class { 'hiera': hierarchy => [ - "\"nodes/%{::trusted.certname}\"", - "common", + 'nodes/%{::trusted.certname}', + 'common', ], hiera_yaml => '/etc/puppetlabs/code/hiera.yaml', - datadir => "\"/etc/puppetlabs/code/environments/%{environment}/hieradata\"", + datadir => '/etc/puppetlabs/code/environments/%{environment}/hieradata\', owner => 'root', group => 'root', } From 6425d2bbe2759ba2bbbf75131f9abdd0a5e675df Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Fri, 14 Aug 2015 10:41:03 -0700 Subject: [PATCH 27/75] Remove extraneous slash from puppetmaster profile --- site/profile/manifests/puppetmaster.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp index 2747d40..7bd9bea 100644 --- a/site/profile/manifests/puppetmaster.pp +++ b/site/profile/manifests/puppetmaster.pp @@ -6,7 +6,7 @@ class profile::puppetmaster { 'common', ], hiera_yaml => '/etc/puppetlabs/code/hiera.yaml', - datadir => '/etc/puppetlabs/code/environments/%{environment}/hieradata\', + datadir => '/etc/puppetlabs/code/environments/%{environment}/hieradata', owner => 'root', group => 'root', } From 2e0181142bc3ce8d6945c83ff43a78b7436244e2 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Fri, 14 Aug 2015 12:01:30 -0700 Subject: [PATCH 28/75] Add puppet-master.yaml to hieradata I need a way to tune my VMs to use less memory and this allows me to do that. --- hieradata/nodes/puppet-master.yaml | 42 ++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 hieradata/nodes/puppet-master.yaml diff --git a/hieradata/nodes/puppet-master.yaml b/hieradata/nodes/puppet-master.yaml new file mode 100644 index 0000000..ba1a8ad --- /dev/null +++ b/hieradata/nodes/puppet-master.yaml @@ -0,0 +1,42 @@ +#These setting are intended for low memory testing VMs +#Not intended for general usage +--- +#Drop puppetdb Java Heap Size +#PE3.2 and above +pe_puppetdb::pe::java_args: + -Xmx: '256m' + -Xms: '64m' +#PE3.1 and below +pe_puppetdb::java_args: + -Xmx: '256m' + -Xms: '64m' +#Drop the activemq java heap size +pe_mcollective::role::master::activemq_heap_mb: '96' +#Allow access to the puppetdb performance dashboard from non-localhost +#This is insecure and also allows access to all API endpoints without verification +pe_puppetdb::pe::listen_address: '0.0.0.0' + +#PE3.7+ +#Allow access to the puppetdb performance dashboard from non-localhost +#This is insecure and also allows access to all API endpoints without verification +puppet_enterprise::profile::puppetdb::listen_address: '0.0.0.0' +puppet_enterprise::profile::amq::broker::heap_mb: '96' +puppet_enterprise::profile::master::java_args: + Xmx: '128m' + Xms: '128m' + 'XX:MaxPermSize': '=96m' + 'XX:PermSize': '=64m' +puppet_enterprise::profile::puppetdb::java_args: + Xmx: '64m' + Xms: '64m' + 'XX:MaxPermSize': '=96m' + 'XX:PermSize': '=64m' +puppet_enterprise::profile::console::java_args: + Xmx: '64m' + Xms: '64m' + 'XX:MaxPermSize': '=96m' + 'XX:PermSize': '=64m' +puppet_enterprise::master::puppetserver::jruby_max_active_instances: 1 #PE3.7.2 only +puppet_enterprise::profile::console::delayed_job_workers: 1 +#shared_buffers takes affect during install but is not managed after +puppet_enterprise::profile::database::shared_buffers: '4MB' From ab679260c6d04f08d70cda5b452c2accfeceac35 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Fri, 14 Aug 2015 16:17:25 -0700 Subject: [PATCH 29/75] Add a gitlab profile / add ssh-keygen to puppetmaster profile --- site/profile/manifests/gitlab.pp | 7 +++++ site/profile/manifests/puppetmaster.pp | 38 ++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 site/profile/manifests/gitlab.pp diff --git a/site/profile/manifests/gitlab.pp b/site/profile/manifests/gitlab.pp new file mode 100644 index 0000000..720ee7f --- /dev/null +++ b/site/profile/manifests/gitlab.pp @@ -0,0 +1,7 @@ +class profile::gitlab { + + class { 'gitlab': + external_url => hiera( 'gms_server_url', "http://${::fqdn}") , + } + +} diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp index 7bd9bea..1b00bdf 100644 --- a/site/profile/manifests/puppetmaster.pp +++ b/site/profile/manifests/puppetmaster.pp @@ -11,4 +11,42 @@ class profile::puppetmaster { group => 'root', } + ##BEGIN - r10k webhook support + include r10k::mcollective + + include r10k::webhook::config + + class {'r10k::webhook': + user => 'root', + group => '0', + require => Class['r10k::webhook::config'], + } + ##END - r10k webhook support + + #BEGIN - Generate an SSH key for r10k to connect to git + $r10k_ssh_key_file = '/root/.ssh/r10k_rsa' + exec { 'create r10k ssh key' : + command => "/usr/bin/ssh-keygen -t rsa -b 2048 -C 'r10k' -f ${r10k_ssh_key_file} -q -N ''", + creates => $r10k_ssh_key_file, + } + #END - Generate an SSH key for r10k to connect to git + + #BEGIN - Add deploy key to git management system + $git_management_system = hiera('git_management_system', '') + + if $git_management_system in ['gitlab', 'github'] { + + git_deploy_key { "add_deploy_key_to_puppet_control-${fqdn}": + ensure => present, + name => $::fqdn, + path => "${r10k_ssh_key_file}.pub", + token => hiera('gms_api_token'), + project_name => 'puppet/control', + server_url => hiera('gms_server_url'), + provider => $git_management_system, + } + + } + #END - Add deploy key to git management system + } From 0bf10aea97a39aeb63a128cd432b1241e959442c Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Fri, 14 Aug 2015 16:21:43 -0700 Subject: [PATCH 30/75] Add a gitlab role --- site/role/manifests/gitlab.pp | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 site/role/manifests/gitlab.pp diff --git a/site/role/manifests/gitlab.pp b/site/role/manifests/gitlab.pp new file mode 100644 index 0000000..1f459d6 --- /dev/null +++ b/site/role/manifests/gitlab.pp @@ -0,0 +1,5 @@ +class role::gitlab { + + include profile::gitlab + +} From 96fc614ace9f6f8566f8d2ce923424db2e380bf7 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Fri, 14 Aug 2015 17:09:01 -0700 Subject: [PATCH 31/75] Add vhsn/gitlab and acidprime/r10k to Puppetfile --- Puppetfile | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Puppetfile b/Puppetfile index fde9831..8e2131a 100644 --- a/Puppetfile +++ b/Puppetfile @@ -20,6 +20,13 @@ mod 'hiera', :git => 'https://github.com/hunner/puppet-hiera', :tag => '1.3.1' +mod 'gitlab', + :git => 'https://github.com/vshn/puppet-gitlab', + :ref => '00397b86dfb3487d9df768cbd3698d362132b5bf' + +mod 'r10k', + :git => 'https://github.com/acidprime/r10k', + :tag => 'v3.1.1' #mod 'notifyme', # :git => 'git://github.com/glarizza/puppet-notifyme', # :ref => '50c01703b2e3e352520a9a2271ea4947fe17a51f' From fc3ed995a73dd767152a10b7733d65cb8ece5bdb Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Mon, 17 Aug 2015 10:54:41 -0700 Subject: [PATCH 32/75] Add abrader-gms module to Puppetfile --- Puppetfile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Puppetfile b/Puppetfile index 8e2131a..aabc7b8 100644 --- a/Puppetfile +++ b/Puppetfile @@ -27,6 +27,11 @@ mod 'gitlab', mod 'r10k', :git => 'https://github.com/acidprime/r10k', :tag => 'v3.1.1' + +mod 'gms', + :git => 'https://github.com/abrader/abrader-gms', + :tag => 'v0.0.9' + #mod 'notifyme', # :git => 'git://github.com/glarizza/puppet-notifyme', # :ref => '50c01703b2e3e352520a9a2271ea4947fe17a51f' From 1525bf59548068834a897d54a1f84cee117676b8 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Mon, 17 Aug 2015 14:00:21 -0700 Subject: [PATCH 33/75] Add webhook config to git management system --- site/profile/manifests/puppetmaster.pp | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp index 1b00bdf..20a4416 100644 --- a/site/profile/manifests/puppetmaster.pp +++ b/site/profile/manifests/puppetmaster.pp @@ -31,7 +31,7 @@ class profile::puppetmaster { } #END - Generate an SSH key for r10k to connect to git - #BEGIN - Add deploy key to git management system + #BEGIN - Add deploy key and webook to git management system $git_management_system = hiera('git_management_system', '') if $git_management_system in ['gitlab', 'github'] { @@ -46,7 +46,16 @@ class profile::puppetmaster { provider => $git_management_system, } + git_webhook { 'web_post_receive_webhook' : + ensure => present, + webhook_url => "http://${fqdn}:8088/payload", + token => hiera('gms_api_token'), + project_name => 'puppet/control', + server_url => hiera('gms_server_url'), + provider => $git_management_system, + } + } - #END - Add deploy key to git management system + #END - Add deploy key and webhook to git management system } From 184cf7e80e1c1585e6365181e8b6528bcee32977 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Mon, 17 Aug 2015 15:45:22 -0700 Subject: [PATCH 34/75] Change default gitlab url to be https instead of http --- site/profile/manifests/gitlab.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site/profile/manifests/gitlab.pp b/site/profile/manifests/gitlab.pp index 720ee7f..e8cc2fd 100644 --- a/site/profile/manifests/gitlab.pp +++ b/site/profile/manifests/gitlab.pp @@ -1,7 +1,7 @@ class profile::gitlab { class { 'gitlab': - external_url => hiera( 'gms_server_url', "http://${::fqdn}") , + external_url => hiera( 'gms_server_url', "https://${::fqdn}") , } } From 246626e6394c444f661692ac8c0e7e590a5da226 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Tue, 18 Aug 2015 13:53:21 -0700 Subject: [PATCH 35/75] Copy agent certs into Gitlab directory for Gitlab SSL --- site/profile/manifests/gitlab.pp | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/site/profile/manifests/gitlab.pp b/site/profile/manifests/gitlab.pp index e8cc2fd..f4b5bfe 100644 --- a/site/profile/manifests/gitlab.pp +++ b/site/profile/manifests/gitlab.pp @@ -1,7 +1,20 @@ class profile::gitlab { + file { "/etc/gitlab/ssl/${fqdn}.key" : + ensure => file, + source => "${settings::privatekeydir}/${trusted['certname']}.pem", + notify => Exec['gitlab_reconfigure'], + } + + file { "/etc/gitlab/ssl/${fqdn}.crt" : + ensure => file, + source => "${settings::certdir}/${trusted['certname']}.pem", + notify => Exec['gitlab_reconfigure'], + } + class { 'gitlab': external_url => hiera( 'gms_server_url', "https://${::fqdn}") , + require => File["/etc/gitlab/ssl/${fqdn}.key", "/etc/gitlab/ssl/${fqdn}.key"], } } From 0af9bbf52d7283902141f05da3c642dcd2d64231 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Tue, 18 Aug 2015 14:01:20 -0700 Subject: [PATCH 36/75] Move some hieradata around for easier testing in vagrant I now have a virtual hierarchy level for setting up my lower memory settings when using vagrant/virtualbox. The gms settings are in an example-puppet-master.yaml file in the nodes directory which are needed for the instructions. --- hieradata/nodes/example-puppet-master.yaml | 4 ++++ .../{nodes/puppet-master.yaml => virtual/virtualbox.yaml} | 0 site/profile/manifests/puppetmaster.pp | 1 + 3 files changed, 5 insertions(+) create mode 100644 hieradata/nodes/example-puppet-master.yaml rename hieradata/{nodes/puppet-master.yaml => virtual/virtualbox.yaml} (100%) diff --git a/hieradata/nodes/example-puppet-master.yaml b/hieradata/nodes/example-puppet-master.yaml new file mode 100644 index 0000000..677e10d --- /dev/null +++ b/hieradata/nodes/example-puppet-master.yaml @@ -0,0 +1,4 @@ +--- +git_management_system: 'gitlab' +gms_server_url: 'https://gitlab-server' +gms_api_token: 'BDkZfWWnk4LVTLHdAywd' diff --git a/hieradata/nodes/puppet-master.yaml b/hieradata/virtual/virtualbox.yaml similarity index 100% rename from hieradata/nodes/puppet-master.yaml rename to hieradata/virtual/virtualbox.yaml diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp index 20a4416..95a4408 100644 --- a/site/profile/manifests/puppetmaster.pp +++ b/site/profile/manifests/puppetmaster.pp @@ -2,6 +2,7 @@ class profile::puppetmaster { class { 'hiera': hierarchy => [ + 'virtual/%{::virtual}', 'nodes/%{::trusted.certname}', 'common', ], From 1eab000f1fdaa9deca07507dfcf6b571760f7a13 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Tue, 18 Aug 2015 14:03:08 -0700 Subject: [PATCH 37/75] Update the README with more specific instructions This is still a WIP --- README.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/README.md b/README.md index 7877c02..fb27fac 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,32 @@ If you intend to use it on an existing installation of PE then you'll have to fi 8. Push the repository from your machine up to your git server - `git push origin production` +## Setting Up Your Git Management System + +### Setting Up Gitlab + +1. Install Gitlab on a server by specifying laying down the following trusted fact + +2. After Gitlab is installed you may sign if with the `root` user and password `5iveL!fe` + +3. Create a group called `puppet` ( notice the lower case p ) + - http://doc.gitlab.com/ce/workflow/groups.html + +4. Create a user called `r10k_api_user` and add them to the `puppet` group + +5. Create a project called `control-repo` and set the Namespace to be the `puppet` group + - If you have direct internet access from your Gitlab server you can also use the "Import project from" option to import this repo + - If you do not have direct internet access then wait a little bit and we'll get to that later + +6. Login as the `r10k_api_user` + - Go to profile settings -> account ( https:///profile/account ) + - Copy the api token + +7. `mv hieradata/nodes/example-puppet-master.yaml hieradata/nodes/.yaml` + - Open `hieradata/nodes/.yaml` and edit `gms_api_token` to be your api token + +8. + ## Lay Down a Trusted Fact Before Installing PE This control repository is setup to manage certain portions of your PE installation for you if you lay down a trusted fact called pp_role before installing. In order to immeadiately gain from these benefits you will need to lay down a file that looks exactly like the below in `/etc/puppetlabs/puppet/csr_attributes.yaml` From 308e73a80022739ff62822006f6828839f825fbf Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Tue, 18 Aug 2015 14:22:23 -0700 Subject: [PATCH 38/75] Update version of abrader-gms --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index aabc7b8..10c4b3e 100644 --- a/Puppetfile +++ b/Puppetfile @@ -30,7 +30,7 @@ mod 'r10k', mod 'gms', :git => 'https://github.com/abrader/abrader-gms', - :tag => 'v0.0.9' + :tag => '3d088c8ba8cef6d108236a8cee06ab7bedd6deeb' #mod 'notifyme', # :git => 'git://github.com/glarizza/puppet-notifyme', From 4e555b20e0afe8b391970430b63b54e810adc484 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Tue, 18 Aug 2015 16:09:53 -0700 Subject: [PATCH 39/75] Update README --- README.md | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index fb27fac..e0e0950 100644 --- a/README.md +++ b/README.md @@ -34,11 +34,20 @@ If you intend to use it on an existing installation of PE then you'll have to fi ### Setting Up Gitlab -1. Install Gitlab on a server by specifying laying down the following trusted fact +1. Install Gitlab on a server by specifying laying down the following trusted fact the soon-to-be Gitlab server and then [install the PE agent](http://docs.puppetlabs.com/pe/latest/install_agents.html#using-the-puppet-agent-package-installation-script). -2. After Gitlab is installed you may sign if with the `root` user and password `5iveL!fe` + ``` + --- + extension_requests: + #pp_role + 1.3.6.1.4.1.34380.1.1.13: 'gitlab' + ``` + +2. After the install of the agent completes and an agent run completes Gitlab will be installed. -3. Create a group called `puppet` ( notice the lower case p ) +2. After Gitlab is installed you may sign if with the `root` user and password `5iveL!fe` + +3. Create a group called `puppet` ( this is case sensitive ) - http://doc.gitlab.com/ce/workflow/groups.html 4. Create a user called `r10k_api_user` and add them to the `puppet` group @@ -47,18 +56,24 @@ If you intend to use it on an existing installation of PE then you'll have to fi - If you have direct internet access from your Gitlab server you can also use the "Import project from" option to import this repo - If you do not have direct internet access then wait a little bit and we'll get to that later -6. Login as the `r10k_api_user` +6. Logout of root and login as the `r10k_api_user` - Go to profile settings -> account ( https:///profile/account ) - Copy the api token 7. `mv hieradata/nodes/example-puppet-master.yaml hieradata/nodes/.yaml` - - Open `hieradata/nodes/.yaml` and edit `gms_api_token` to be your api token + - Open `hieradata/nodes/.yaml` + - edit `gms_api_token` to be your api token + - edit `git_management_system` to be 'gitlab' + - You should not need to edit the `gms_server_url` + -8. +### Setting up Github + +You ## Lay Down a Trusted Fact Before Installing PE -This control repository is setup to manage certain portions of your PE installation for you if you lay down a trusted fact called pp_role before installing. In order to immeadiately gain from these benefits you will need to lay down a file that looks exactly like the below in `/etc/puppetlabs/puppet/csr_attributes.yaml` +This control repository is setup to manage certain portions of your PE installation for you if you lay down a trusted fact called `pp_role` before installing. In order to immeadiately gain from these benefits you will need to lay down a file that looks exactly like the below in `/etc/puppetlabs/puppet/csr_attributes.yaml` ``` --- @@ -84,4 +99,3 @@ https://docs.puppetlabs.com/pe/latest/r10k_config_console.html 1. Run `r10k deploy environment —verbose` and watch it install the modules from your Puppetfile - From 01baf7695aa63041d6639e9422d86ad28e902a90 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Tue, 18 Aug 2015 16:11:25 -0700 Subject: [PATCH 40/75] Update the repo name for deploy keys and webhook to match README --- site/profile/manifests/puppetmaster.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp index 95a4408..7ae8c18 100644 --- a/site/profile/manifests/puppetmaster.pp +++ b/site/profile/manifests/puppetmaster.pp @@ -42,7 +42,7 @@ class profile::puppetmaster { name => $::fqdn, path => "${r10k_ssh_key_file}.pub", token => hiera('gms_api_token'), - project_name => 'puppet/control', + project_name => 'puppet/control-repo', server_url => hiera('gms_server_url'), provider => $git_management_system, } @@ -51,7 +51,7 @@ class profile::puppetmaster { ensure => present, webhook_url => "http://${fqdn}:8088/payload", token => hiera('gms_api_token'), - project_name => 'puppet/control', + project_name => 'puppet/control-repo', server_url => hiera('gms_server_url'), provider => $git_management_system, } From 04f3239514f39333e91b88e27908eea916ecfa75 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Tue, 25 Aug 2015 16:51:42 -0700 Subject: [PATCH 41/75] add modules for stash and a profile --- Puppetfile | 14 ++++---------- site/profile/manifests/stash.pp | 28 ++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 10 deletions(-) create mode 100644 site/profile/manifests/stash.pp diff --git a/Puppetfile b/Puppetfile index 10c4b3e..a220865 100644 --- a/Puppetfile +++ b/Puppetfile @@ -8,6 +8,9 @@ mod "puppetlabs/stdlib", :latest mod "puppetlabs/concat", :latest mod "puppetlabs/ntp", :latest mod "saz/ssh", :latest +mod "puppetlabs/postgresql", '4.5.0' +mod "puppetlabs/stash", '1.3.0' +mod "puppetlabs/java", '1.4.1' #An example of using a specific forge module version instead of latest #Notice the addition of single quotes @@ -30,13 +33,4 @@ mod 'r10k', mod 'gms', :git => 'https://github.com/abrader/abrader-gms', - :tag => '3d088c8ba8cef6d108236a8cee06ab7bedd6deeb' - -#mod 'notifyme', -# :git => 'git://github.com/glarizza/puppet-notifyme', -# :ref => '50c01703b2e3e352520a9a2271ea4947fe17a51f' - -#mod 'profiles', -# :git => 'git://github.com/glarizza/puppet-profiles', -# :ref => '3611ae4253ff01762f9bda1d93620edf8f9a3b22' - + :tag => 'bb5bcaa4e0fbeb2dae08eedb09d7eec1681a6172' diff --git a/site/profile/manifests/stash.pp b/site/profile/manifests/stash.pp new file mode 100644 index 0000000..b3298e4 --- /dev/null +++ b/site/profile/manifests/stash.pp @@ -0,0 +1,28 @@ +class profile::stash { + + class { 'java' : + version => present, + } -> + + class { 'postgresql::globals': + manage_package_repo => true, + version => '9.4', + }-> + class { 'postgresql::server': } -> + + postgresql::server::db { 'stash': + user => 'stash', + password => postgresql_password('stash', 'password'), + } -> + + class { 'stash': + javahome => '/etc/alternatives/java_sdk', + #dev.mode grants a 24-hour license for testing + java_opts => '-Datlassian.dev.mode=true', + } + + file { '/opt/puppetlabs/bin/stash_mco.rb': + source => 'puppet:///modules/r10k/stash_mco.rb', + } + +} From 809f68208617d1ad0695696e1ef30250a86a4c6d Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Tue, 22 Sep 2015 09:41:21 -0700 Subject: [PATCH 42/75] Add hiera key for tuning max_requests_per_instance https://docs.puppetlabs.com/pe/2015.2/config_puppetserver.html#tuning-maxrequestsperinstance-on-puppet-server --- hieradata/common.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 2baa62b..18422d3 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -1,2 +1,5 @@ --- message: "This node is using common data" + +#Puppet Server Tuning +puppet_enterprise::master::puppetserver::jruby_max_requests_per_instance: 50000 From 06f2e5e5aae05b3d29c6ff95019448f37a6a16f5 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Tue, 22 Sep 2015 12:38:46 -0700 Subject: [PATCH 43/75] Correct module namespace for stash module --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index a220865..df6bec9 100644 --- a/Puppetfile +++ b/Puppetfile @@ -9,7 +9,7 @@ mod "puppetlabs/concat", :latest mod "puppetlabs/ntp", :latest mod "saz/ssh", :latest mod "puppetlabs/postgresql", '4.5.0' -mod "puppetlabs/stash", '1.3.0' +mod "puppet/stash", '1.3.0' mod "puppetlabs/java", '1.4.1' #An example of using a specific forge module version instead of latest From fe07a8553031dd7f0d501616754d568630dfca04 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Tue, 22 Sep 2015 13:39:39 -0700 Subject: [PATCH 44/75] Update README partially I made some updates to the README that I never committed. I'm probably going to change some of this but it's more useful with these additions than without. --- README.md | 49 ++++++++++++++++++++++++++++++++++--------------- 1 file changed, 34 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index e0e0950..8d63619 100644 --- a/README.md +++ b/README.md @@ -4,18 +4,41 @@ This control repo and the steps below are intended to be used during a new insta If you intend to use it on an existing installation of PE then you'll have to figure out some of the steps on your own and be warned that if you've already written or downloaded modules when you start using r10k it will remove all of the existing modules and replace them with what you define in your Puppetfile. Please copy or move your existing modules to another directory to ensure you do not lose any work you've already started. +## Lay Down a Trusted Fact Before Installing PE + +This control repository is setup to manage certain portions of your PE installation for you if you lay down a trusted fact called `pp_role` before installing. In order to immeadiately gain from these benefits you will need to lay down a file that looks exactly like the below in `/etc/puppetlabs/puppet/csr_attributes.yaml` + +``` +--- +extension_requests: + #pp_role + 1.3.6.1.4.1.34380.1.1.13: 'all_in_one_pe' +``` + +##Install PE 2015.2 + +1. Download the 2015.2 installer for your platform and copy it to your master + - https://puppetlabs.com/download-puppet-enterprise-expand +2. Expand the tarball and `cd` into the directory +3. Run `puppet-enterprise-installer` to install + + ## How to Copy This Repo Into Your Own Git Server -1. Make an user in your internal git server +1. Make an user in your internal git server for yourself 2. Make an ssh key to link with your user. You’ll want to do this on the machine you intend to edit code from ( most likely not your puppet master but your local workstation / laptop ) - https://help.github.com/articles/generating-ssh-keys/ -3. Create a repository in your git server called control-repo +3. Create a group or organization called "puppet" -4. Setup your control repository by copying this one +4. Create a repository in your git server called control-repo + +4. Upload this control repository to your control repository - https://github.com/npwalker/control-repo - - git clone https://github.com/npwalker/control-repo.git + - git clone --mirror https://github.com/npwalker/control-repo.git + - cd control-repo + - git remote set-url --push 5. Remove the .git directory from the cloned repo. - `cd control-repo` @@ -30,6 +53,10 @@ If you intend to use it on an existing installation of PE then you'll have to fi 8. Push the repository from your machine up to your git server - `git push origin production` +## Update Your Install To Point To The Control Repository + +https://docs.puppetlabs.com/pe/latest/r10k_config_console.html + ## Setting Up Your Git Management System ### Setting Up Gitlab @@ -69,18 +96,12 @@ If you intend to use it on an existing installation of PE then you'll have to fi ### Setting up Github -You +Not yet completed. -## Lay Down a Trusted Fact Before Installing PE +### Setting up Stash -This control repository is setup to manage certain portions of your PE installation for you if you lay down a trusted fact called `pp_role` before installing. In order to immeadiately gain from these benefits you will need to lay down a file that looks exactly like the below in `/etc/puppetlabs/puppet/csr_attributes.yaml` +Not yet completed. -``` ---- -extension_requests: - #pp_role - 1.3.6.1.4.1.34380.1.1.13: 'all_in_one_pe' -``` ## Install a New PE 2015.2+ Instance or Update an Existing PE Instance To Use the Control Repository @@ -91,9 +112,7 @@ https://docs.puppetlabs.com/pe/latest/r10k_config_answers.html #TODO Flush out generating an answer file and then appending these answers onto the end of it. -### Update Existing PE 2015.2+ Install To Point To The Control Repository -https://docs.puppetlabs.com/pe/latest/r10k_config_console.html ## Run r10k From 0c486e2fccf762f0d1bb6aa8a800f1e67cb8e510 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Thu, 24 Sep 2015 14:59:39 -0700 Subject: [PATCH 45/75] Ensure /etc/gitlab/ssl exists before putting certs in it --- site/profile/manifests/gitlab.pp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/site/profile/manifests/gitlab.pp b/site/profile/manifests/gitlab.pp index f4b5bfe..c3e5f82 100644 --- a/site/profile/manifests/gitlab.pp +++ b/site/profile/manifests/gitlab.pp @@ -1,5 +1,9 @@ class profile::gitlab { + file { ['/etc/gitlab', '/etc/gitlab/ssl'] : + ensure => directory, + } + file { "/etc/gitlab/ssl/${fqdn}.key" : ensure => file, source => "${settings::privatekeydir}/${trusted['certname']}.pem", From 03d6c0c74c113732c9e7f64c93209793f8b1262b Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Thu, 24 Sep 2015 16:03:26 -0700 Subject: [PATCH 46/75] Update README some more --- README.md | 174 ++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 111 insertions(+), 63 deletions(-) diff --git a/README.md b/README.md index 8d63619..b98026a 100644 --- a/README.md +++ b/README.md @@ -4,9 +4,9 @@ This control repo and the steps below are intended to be used during a new insta If you intend to use it on an existing installation of PE then you'll have to figure out some of the steps on your own and be warned that if you've already written or downloaded modules when you start using r10k it will remove all of the existing modules and replace them with what you define in your Puppetfile. Please copy or move your existing modules to another directory to ensure you do not lose any work you've already started. -## Lay Down a Trusted Fact Before Installing PE +## Setup a Trusted Fact On Your PE Master -This control repository is setup to manage certain portions of your PE installation for you if you lay down a trusted fact called `pp_role` before installing. In order to immeadiately gain from these benefits you will need to lay down a file that looks exactly like the below in `/etc/puppetlabs/puppet/csr_attributes.yaml` +This control repository is setup to manage certain portions of your PE installation for you if you create a trusted fact called `pp_role`. In order to do so, lay down a file that looks exactly like the below in `/etc/puppetlabs/puppet/csr_attributes.yaml` ``` --- @@ -15,53 +15,135 @@ extension_requests: 1.3.6.1.4.1.34380.1.1.13: 'all_in_one_pe' ``` -##Install PE 2015.2 +### If You Have Not Installed PE -1. Download the 2015.2 installer for your platform and copy it to your master - - https://puppetlabs.com/download-puppet-enterprise-expand -2. Expand the tarball and `cd` into the directory -3. Run `puppet-enterprise-installer` to install +Good then you can proceed forward and the trusted fact will be used when you get to the install step. +### If You Have Already Installed PE -## How to Copy This Repo Into Your Own Git Server +Trusted facts are created at the time a CSR is generated. So, we need to regenerate the certificate on the master for the above trusted fact to be created. -1. Make an user in your internal git server for yourself +Follow this document to regenerate the certificate on your master. -2. Make an ssh key to link with your user. You’ll want to do this on the machine you intend to edit code from ( most likely not your puppet master but your local workstation / laptop ) +http://docs.puppetlabs.com/pe/latest/regenerate_certs_master.html + +##Copy This Repo Into Your Own Git Server + +###Gitlab + +1. Install Gitlab + - https://about.gitlab.com/downloads/ + +2. After Gitlab is installed you may sign if with the `root` user and password `5iveL!fe` + +3. Make an user for yourself + +4. Make an ssh key to link with your user. You’ll want to do this on the machine you intend to edit code from ( most likely not your puppet master but your local workstation / laptop ) + - http://doc.gitlab.com/ce/ssh/README.html - https://help.github.com/articles/generating-ssh-keys/ -3. Create a group or organization called "puppet" +5. Create a group called `puppet` ( this is case sensitive ) + - http://doc.gitlab.com/ce/workflow/groups.html + +6. Create a user called `r10k_api_user` and add them to the `puppet` group + +7. Add your user to the `puppet` group as well + +7. Create a project called `control-repo` and set the Namespace to be the `puppet` group + - TODO: Change permissions on the group? + +8. Logout of root and login as the `r10k_api_user` + - Go to profile settings -> account ( https:///profile/account ) + - Copy the api token + - TODO: Change permissions for this user? + +9. Clone this control repository to your laptop/workstation + - `git clone --mirror https://github.com/npwalker/control-repo.git` + - `cd control-repo` + +10. `mv hieradata/nodes/example-puppet-master.yaml hieradata/nodes/.yaml` + - Open `hieradata/nodes/.yaml` + - edit `gms_api_token` to be your api token + - edit `git_management_system` to be 'gitlab' + - You should not need to edit the `gms_server_url` + +11. Rename my repository as the upstream remote + - `git remote rename origin upstream` + +12. Add your internal repository as the origin remote + - `git remote add origin ` + +13. Push the production branch of the repository from your machine up to your git server + - `git push origin production` + +###Stash + +###Github + +###The General Idea - Not Specific to GMS + +1. Make an user in your internal git server for yourself + +2. Make an ssh key to link with your user. You’ll want to do this on the machine you intend to edit code from ( most likely not your puppet master but your local workstation / laptop ) + + - https://help.github.com/articles/generating-ssh-keys/ + +3. Create a group or organization called "puppet" 4. Create a repository in your git server called control-repo -4. Upload this control repository to your control repository - - https://github.com/npwalker/control-repo - - git clone --mirror https://github.com/npwalker/control-repo.git - - cd control-repo - - git remote set-url --push - -5. Remove the .git directory from the cloned repo. +4. Clone this control repository to your laptop/workstation + - `git clone https://github.com/npwalker/control-repo.git` - `cd control-repo` - - `rm -rf .git` -6. `git init` +5. Rename my repository as the upstream remote + - `git remote rename origin upstream` -7. Find the url to your internal repo this is usually on the front page of the repo - - Add the repo as a remote - - git remote add origin git@gitlab-server:root/control-repo.git +6. Add your internal repository as the origin remote + - `git remote add origin ` -8. Push the repository from your machine up to your git server +7. Push the production branch of the repository from your machine up to your git server - `git push origin production` -## Update Your Install To Point To The Control Repository +8. Find the url to your internal repo this is usually on the front page of the repo + +9. Add the repo as a remote + - git remote add origin git@your-git-server:puppet/control-repo.git + +10. Push the repository from your machine up to your git server + + - git push origin production + +##Configure PE to Use the Control-Repo + +###Install PE + +1. Download the latest version of the PE installer for your platform and copy it to your master + - https://puppetlabs.com/download-puppet-enterprise +2. Expand the tarball and `cd` into the directory +3. Run `puppet-enterprise-installer` to install + +If you run into any issues or have more questions about the installer you can see our docs here: + +http://docs.puppetlabs.com/pe/latest/install_basic.html + +### Update Your Existing Install To Point To The Control Repository https://docs.puppetlabs.com/pe/latest/r10k_config_console.html -## Setting Up Your Git Management System +## Run r10k -### Setting Up Gitlab +1. Run `r10k deploy environment —verbose` and watch it install the modules from your Puppetfile -1. Install Gitlab on a server by specifying laying down the following trusted fact the soon-to-be Gitlab server and then [install the PE agent](http://docs.puppetlabs.com/pe/latest/install_agents.html#using-the-puppet-agent-package-installation-script). + +---- +#Miscellaneous + +## If You Want to Install Pointing To This Repo on Github + +### Setting Up Gitlab + +1. Install Gitlab on a server by specifying the following trusted fact on the soon-to-be Gitlab server and then [install the PE agent](http://docs.puppetlabs.com/pe/latest/install_agents.html#using-the-puppet-agent-package-installation-script). ``` --- @@ -69,30 +151,6 @@ https://docs.puppetlabs.com/pe/latest/r10k_config_console.html #pp_role 1.3.6.1.4.1.34380.1.1.13: 'gitlab' ``` - -2. After the install of the agent completes and an agent run completes Gitlab will be installed. - -2. After Gitlab is installed you may sign if with the `root` user and password `5iveL!fe` - -3. Create a group called `puppet` ( this is case sensitive ) - - http://doc.gitlab.com/ce/workflow/groups.html - -4. Create a user called `r10k_api_user` and add them to the `puppet` group - -5. Create a project called `control-repo` and set the Namespace to be the `puppet` group - - If you have direct internet access from your Gitlab server you can also use the "Import project from" option to import this repo - - If you do not have direct internet access then wait a little bit and we'll get to that later - -6. Logout of root and login as the `r10k_api_user` - - Go to profile settings -> account ( https:///profile/account ) - - Copy the api token - -7. `mv hieradata/nodes/example-puppet-master.yaml hieradata/nodes/.yaml` - - Open `hieradata/nodes/.yaml` - - edit `gms_api_token` to be your api token - - edit `git_management_system` to be 'gitlab' - - You should not need to edit the `gms_server_url` - ### Setting up Github @@ -103,18 +161,8 @@ Not yet completed. Not yet completed. -## Install a New PE 2015.2+ Instance or Update an Existing PE Instance To Use the Control Repository - -### Install PE Specifying Answers To Point To Your Control Repository - -https://docs.puppetlabs.com/pe/latest/r10k_config_answers.html - #TODO -Flush out generating an answer file and then appending these answers onto the end of it. +Flush out generating an answer file and then appending extra answers onto the end of it. -## Run r10k - -1. Run `r10k deploy environment —verbose` and watch it install the modules from your Puppetfile - From c54b9000ead6ad616604ea7182a7b3a9189304cb Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Fri, 25 Sep 2015 08:33:08 -0700 Subject: [PATCH 47/75] Update README to remove --mirror from git clone --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b98026a..3461e35 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ http://docs.puppetlabs.com/pe/latest/regenerate_certs_master.html - TODO: Change permissions for this user? 9. Clone this control repository to your laptop/workstation - - `git clone --mirror https://github.com/npwalker/control-repo.git` + - `git clone https://github.com/npwalker/control-repo.git` - `cd control-repo` 10. `mv hieradata/nodes/example-puppet-master.yaml hieradata/nodes/.yaml` From a8cbec54e0efb9f3baaa5824a7fe664014de900c Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Tue, 29 Sep 2015 11:09:54 -0700 Subject: [PATCH 48/75] update README --- README.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 3461e35..97d5795 100644 --- a/README.md +++ b/README.md @@ -61,11 +61,13 @@ http://docs.puppetlabs.com/pe/latest/regenerate_certs_master.html - `git clone https://github.com/npwalker/control-repo.git` - `cd control-repo` -10. `mv hieradata/nodes/example-puppet-master.yaml hieradata/nodes/.yaml` +10. `git mv hieradata/nodes/example-puppet-master.yaml hieradata/nodes/.yaml` - Open `hieradata/nodes/.yaml` - edit `gms_api_token` to be your api token - edit `git_management_system` to be 'gitlab' - - You should not need to edit the `gms_server_url` + - edit the `gms_server_url` + +11. `git commit -m "renaming example-puppet-master.yaml"` 11. Rename my repository as the upstream remote - `git remote rename origin upstream` @@ -133,7 +135,7 @@ https://docs.puppetlabs.com/pe/latest/r10k_config_console.html ## Run r10k -1. Run `r10k deploy environment —verbose` and watch it install the modules from your Puppetfile +1. Run `r10k deploy environment -pv` and watch it install the modules from your Puppetfile ---- From 03bfb397681a71e2b0191f5be4116a0b38e62b03 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Tue, 6 Oct 2015 12:58:04 -0700 Subject: [PATCH 49/75] Change max_requests_per_instance to 10K --- hieradata/common.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 18422d3..07fbd80 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -2,4 +2,4 @@ message: "This node is using common data" #Puppet Server Tuning -puppet_enterprise::master::puppetserver::jruby_max_requests_per_instance: 50000 +puppet_enterprise::master::puppetserver::jruby_max_requests_per_instance: 10000 From 6ff5658a2a47cd3e6feaf20fa4083d33342e4b91 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Thu, 15 Oct 2015 12:22:45 -0700 Subject: [PATCH 50/75] Add some notifies to pe services after making changes --- site/profile/manifests/puppetmaster.pp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp index 7ae8c18..4fc06f2 100644 --- a/site/profile/manifests/puppetmaster.pp +++ b/site/profile/manifests/puppetmaster.pp @@ -10,6 +10,7 @@ class profile::puppetmaster { datadir => '/etc/puppetlabs/code/environments/%{environment}/hieradata', owner => 'root', group => 'root', + notify => Service['pe-puppetserver'], } ##BEGIN - r10k webhook support @@ -21,6 +22,7 @@ class profile::puppetmaster { user => 'root', group => '0', require => Class['r10k::webhook::config'], + notify => Service['mcollective'], } ##END - r10k webhook support From 1828e2162304d7d9a2e26743f175d76256b6e0c1 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Fri, 16 Oct 2015 10:53:16 -0700 Subject: [PATCH 51/75] Change to using the webhook without mcollective In order to complete the change I refactered the webhook into its own set of profiles, one with mcollective and the other without. --- README.md | 6 ++++-- site/profile/manifests/puppetmaster.pp | 13 ------------- site/profile/manifests/webhook_mcollective.pp | 15 +++++++++++++++ site/profile/manifests/webhook_no_mcollective.pp | 13 +++++++++++++ site/role/manifests/all_in_one_pe.pp | 1 + 5 files changed, 33 insertions(+), 15 deletions(-) create mode 100644 site/profile/manifests/webhook_mcollective.pp create mode 100644 site/profile/manifests/webhook_no_mcollective.pp diff --git a/README.md b/README.md index 97d5795..2125c09 100644 --- a/README.md +++ b/README.md @@ -46,16 +46,18 @@ http://docs.puppetlabs.com/pe/latest/regenerate_certs_master.html - http://doc.gitlab.com/ce/workflow/groups.html 6. Create a user called `r10k_api_user` and add them to the `puppet` group + - From the landing page, select groups + - Choose the puppet group + - In the left hand pane, select memembers + - Add the `r10k_api_user` with `master` permissions 7. Add your user to the `puppet` group as well 7. Create a project called `control-repo` and set the Namespace to be the `puppet` group - - TODO: Change permissions on the group? 8. Logout of root and login as the `r10k_api_user` - Go to profile settings -> account ( https:///profile/account ) - Copy the api token - - TODO: Change permissions for this user? 9. Clone this control repository to your laptop/workstation - `git clone https://github.com/npwalker/control-repo.git` diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp index 4fc06f2..bc52d3b 100644 --- a/site/profile/manifests/puppetmaster.pp +++ b/site/profile/manifests/puppetmaster.pp @@ -12,19 +12,6 @@ class profile::puppetmaster { group => 'root', notify => Service['pe-puppetserver'], } - - ##BEGIN - r10k webhook support - include r10k::mcollective - - include r10k::webhook::config - - class {'r10k::webhook': - user => 'root', - group => '0', - require => Class['r10k::webhook::config'], - notify => Service['mcollective'], - } - ##END - r10k webhook support #BEGIN - Generate an SSH key for r10k to connect to git $r10k_ssh_key_file = '/root/.ssh/r10k_rsa' diff --git a/site/profile/manifests/webhook_mcollective.pp b/site/profile/manifests/webhook_mcollective.pp new file mode 100644 index 0000000..395cc7a --- /dev/null +++ b/site/profile/manifests/webhook_mcollective.pp @@ -0,0 +1,15 @@ +class profile::webhook_mcollective { + + class { 'r10k::mcollective': + notify => Service['mcollective'], + } + + include r10k::webhook::config + + class {'r10k::webhook': + user => 'root', + group => '0', + require => Class['r10k::webhook::config'], + } + +} diff --git a/site/profile/manifests/webhook_no_mcollective.pp b/site/profile/manifests/webhook_no_mcollective.pp new file mode 100644 index 0000000..42c4954 --- /dev/null +++ b/site/profile/manifests/webhook_no_mcollective.pp @@ -0,0 +1,13 @@ +class profile::webhook_no_mcollective { + + class {'r10k::webhook::config': + use_mcollective => false, + } + + class {'r10k::webhook': + user => 'root', + group => '0', + require => Class['r10k::webhook::config'], + } + +} diff --git a/site/role/manifests/all_in_one_pe.pp b/site/role/manifests/all_in_one_pe.pp index ca99139..f34a261 100644 --- a/site/role/manifests/all_in_one_pe.pp +++ b/site/role/manifests/all_in_one_pe.pp @@ -1,5 +1,6 @@ class role::all_in_one_pe { + include profile::webhook_no_mcollective include profile::puppetmaster } From 683a2209a66899647860416f7d66d9a6ee9dc24a Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Fri, 16 Oct 2015 14:28:17 -0700 Subject: [PATCH 52/75] Change puppetdb heap size to 96MB from 64MB --- hieradata/virtual/virtualbox.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hieradata/virtual/virtualbox.yaml b/hieradata/virtual/virtualbox.yaml index ba1a8ad..7676f17 100644 --- a/hieradata/virtual/virtualbox.yaml +++ b/hieradata/virtual/virtualbox.yaml @@ -27,8 +27,8 @@ puppet_enterprise::profile::master::java_args: 'XX:MaxPermSize': '=96m' 'XX:PermSize': '=64m' puppet_enterprise::profile::puppetdb::java_args: - Xmx: '64m' - Xms: '64m' + Xmx: '96m' + Xms: '96m' 'XX:MaxPermSize': '=96m' 'XX:PermSize': '=64m' puppet_enterprise::profile::console::java_args: From 65820675e5d02ed55c2cd3627a0d95a5ed9b6ac0 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Tue, 20 Oct 2015 21:24:44 -0700 Subject: [PATCH 53/75] Change the zack/r10k webhook to not authenticate --- README.md | 32 ++++++++++++++++++- .../manifests/webhook_no_mcollective.pp | 2 ++ 2 files changed, 33 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 2125c09..2e6bc99 100644 --- a/README.md +++ b/README.md @@ -54,6 +54,8 @@ http://docs.puppetlabs.com/pe/latest/regenerate_certs_master.html 7. Add your user to the `puppet` group as well 7. Create a project called `control-repo` and set the Namespace to be the `puppet` group + - Set the permissions of the project to `Public' + - We'll change this back to private at the end 8. Logout of root and login as the `r10k_api_user` - Go to profile settings -> account ( https:///profile/account ) @@ -69,6 +71,8 @@ http://docs.puppetlabs.com/pe/latest/regenerate_certs_master.html - edit `git_management_system` to be 'gitlab' - edit the `gms_server_url` +11. `git add hieradata/nodes/.yaml` + 11. `git commit -m "renaming example-puppet-master.yaml"` 11. Rename my repository as the upstream remote @@ -77,9 +81,13 @@ http://docs.puppetlabs.com/pe/latest/regenerate_certs_master.html 12. Add your internal repository as the origin remote - `git remote add origin ` +13. `git branch --set-upstream-to origin/production` + 13. Push the production branch of the repository from your machine up to your git server - `git push origin production` +14. Change the permission of control-repo in your gitlab server to `private` + ###Stash ###Github @@ -109,7 +117,7 @@ http://docs.puppetlabs.com/pe/latest/regenerate_certs_master.html 7. Push the production branch of the repository from your machine up to your git server - `git push origin production` -8. Find the url to your internal repo this is usually on the front page of the repo +8. Find the url to your internal repo. This is usually on the front page of the repo 9. Add the repo as a remote - git remote add origin git@your-git-server:puppet/control-repo.git @@ -131,6 +139,28 @@ If you run into any issues or have more questions about the installer you can se http://docs.puppetlabs.com/pe/latest/install_basic.html +##Get the Control-Repo Deployed On Your Master + +At this point you have my control-repo code deployed into your git server. However, we have one final challenge getting that code onto your puppet master. In the end state the master will pull code from the git server via r10k, however, at this moment your puppet master doesn't have credentials to get code from the git server. + +So, we'll set up a deploy key in the git server that will allow a ssh-key we make to deploy the code and configure everything else. + +1. On your puppet master, make an ssh key for r10k to connect to gitlab + - `/usr/bin/ssh-keygen -t rsa -b 2048 -C 'r10k' -f /root/.ssh/r10k_rsa -q -N ''` + - http://doc.gitlab.com/ce/ssh/README.html + - https://help.github.com/articles/generating-ssh-keys/ +2. Create a deploy key on the `control-repo` project in Gitlab + - paste in the public key from above +3. Follow https://docs.puppetlabs.com/pe/latest/r10k_config_console.html + - The remote is on the front page of the project in the gitlab UI + - git_settings should be: + - `{"provider": "rugged", + "private_key": "/root/.ssh/r10k_rsa"}` +3. Run `puppet agent -t` + - Expect to see changes to `r10k.yaml` +3. Run `r10k deploy environment -pv` +4. Run `puppet agent -t` + ### Update Your Existing Install To Point To The Control Repository https://docs.puppetlabs.com/pe/latest/r10k_config_console.html diff --git a/site/profile/manifests/webhook_no_mcollective.pp b/site/profile/manifests/webhook_no_mcollective.pp index 42c4954..a245cf0 100644 --- a/site/profile/manifests/webhook_no_mcollective.pp +++ b/site/profile/manifests/webhook_no_mcollective.pp @@ -1,6 +1,8 @@ class profile::webhook_no_mcollective { class {'r10k::webhook::config': + enable_ssl => false, + protected => false, use_mcollective => false, } From 726052fefcc82b408149b887c95de77ec88343fa Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Tue, 20 Oct 2015 21:27:11 -0700 Subject: [PATCH 54/75] Remove notes about making control-repo public --- README.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/README.md b/README.md index 2e6bc99..1a0afa6 100644 --- a/README.md +++ b/README.md @@ -54,8 +54,6 @@ http://docs.puppetlabs.com/pe/latest/regenerate_certs_master.html 7. Add your user to the `puppet` group as well 7. Create a project called `control-repo` and set the Namespace to be the `puppet` group - - Set the permissions of the project to `Public' - - We'll change this back to private at the end 8. Logout of root and login as the `r10k_api_user` - Go to profile settings -> account ( https:///profile/account ) @@ -86,8 +84,6 @@ http://docs.puppetlabs.com/pe/latest/regenerate_certs_master.html 13. Push the production branch of the repository from your machine up to your git server - `git push origin production` -14. Change the permission of control-repo in your gitlab server to `private` - ###Stash ###Github From ae3b7c7d4ad94753a58d75cce37d659b2eb35d62 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Wed, 21 Oct 2015 08:47:57 -0700 Subject: [PATCH 55/75] fix whitespace --- site/profile/manifests/webhook_no_mcollective.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site/profile/manifests/webhook_no_mcollective.pp b/site/profile/manifests/webhook_no_mcollective.pp index a245cf0..9f4b7fa 100644 --- a/site/profile/manifests/webhook_no_mcollective.pp +++ b/site/profile/manifests/webhook_no_mcollective.pp @@ -1,8 +1,8 @@ class profile::webhook_no_mcollective { class {'r10k::webhook::config': - enable_ssl => false, - protected => false, + enable_ssl => false, + protected => false, use_mcollective => false, } From 2ffc83ac7c702ab96a604baea7ddf3b454b1f9ab Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Wed, 21 Oct 2015 08:58:52 -0700 Subject: [PATCH 56/75] Clean up the README so it works from top to bottom I removed some extraneos notes I had and added a few more bits of documentation. --- README.md | 62 ++++++++++++++++++------------------------------------- 1 file changed, 20 insertions(+), 42 deletions(-) diff --git a/README.md b/README.md index 1a0afa6..333d136 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ This control repo and the steps below are intended to be used during a new installation of PE. -If you intend to use it on an existing installation of PE then you'll have to figure out some of the steps on your own and be warned that if you've already written or downloaded modules when you start using r10k it will remove all of the existing modules and replace them with what you define in your Puppetfile. Please copy or move your existing modules to another directory to ensure you do not lose any work you've already started. +If you intend to use it on an existing installation then be warned that if you've already written or downloaded modules when you start using r10k it will remove all of the existing modules and replace them with what you define in your Puppetfile. Please copy or move your existing modules to another directory to ensure you do not lose any work you've already started. ## Setup a Trusted Fact On Your PE Master @@ -86,41 +86,11 @@ http://docs.puppetlabs.com/pe/latest/regenerate_certs_master.html ###Stash +Coming soon! + ###Github -###The General Idea - Not Specific to GMS - -1. Make an user in your internal git server for yourself - -2. Make an ssh key to link with your user. You’ll want to do this on the machine you intend to edit code from ( most likely not your puppet master but your local workstation / laptop ) - - - https://help.github.com/articles/generating-ssh-keys/ - -3. Create a group or organization called "puppet" - -4. Create a repository in your git server called control-repo - -4. Clone this control repository to your laptop/workstation - - `git clone https://github.com/npwalker/control-repo.git` - - `cd control-repo` - -5. Rename my repository as the upstream remote - - `git remote rename origin upstream` - -6. Add your internal repository as the origin remote - - `git remote add origin ` - -7. Push the production branch of the repository from your machine up to your git server - - `git push origin production` - -8. Find the url to your internal repo. This is usually on the front page of the repo - -9. Add the repo as a remote - - git remote add origin git@your-git-server:puppet/control-repo.git - -10. Push the repository from your machine up to your git server - - - git push origin production +Coming soon! ##Configure PE to Use the Control-Repo @@ -135,7 +105,7 @@ If you run into any issues or have more questions about the installer you can se http://docs.puppetlabs.com/pe/latest/install_basic.html -##Get the Control-Repo Deployed On Your Master +###Get the Control-Repo Deployed On Your Master At this point you have my control-repo code deployed into your git server. However, we have one final challenge getting that code onto your puppet master. In the end state the master will pull code from the git server via r10k, however, at this moment your puppet master doesn't have credentials to get code from the git server. @@ -146,25 +116,33 @@ So, we'll set up a deploy key in the git server that will allow a ssh-key we mak - http://doc.gitlab.com/ce/ssh/README.html - https://help.github.com/articles/generating-ssh-keys/ 2. Create a deploy key on the `control-repo` project in Gitlab - - paste in the public key from above + - Paste in the public key from above + - `cat /root/.ssh/r10k_rsa.pub` 3. Follow https://docs.puppetlabs.com/pe/latest/r10k_config_console.html - The remote is on the front page of the project in the gitlab UI - git_settings should be: - - `{"provider": "rugged", + - `{"provider": "rugged", "private_key": "/root/.ssh/r10k_rsa"}` 3. Run `puppet agent -t` - Expect to see changes to `r10k.yaml` 3. Run `r10k deploy environment -pv` -4. Run `puppet agent -t` +4. Run `puppet agent -t` + - Now you should see many more changes -### Update Your Existing Install To Point To The Control Repository -https://docs.puppetlabs.com/pe/latest/r10k_config_console.html +## Test The Zack/r10k Webhook -## Run r10k +One of the components setup by this control-repo is that when you "push" code to your git server, the git server will inform the puppet master to run `r10k deploy environment -p`. -1. Run `r10k deploy environment -pv` and watch it install the modules from your Puppetfile +1. Edit README.md + - Just add something to it +2. `git add README.md` +3. `git commit -m "edit README"` +4. `git push origin production` +5. Allow the push to complete and then give it few seconds to complete + - Open `/etc/puppetlabs/code/environments/production/README.md` and confirm your change is present + ---- #Miscellaneous From 9d1b750d743a4060101949de41838fec61985862 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Thu, 22 Oct 2015 14:15:13 -0700 Subject: [PATCH 57/75] fix site.pp to not include a role that is empty --- manifests/site.pp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/manifests/site.pp b/manifests/site.pp index 5ba0af4..7f7b8db 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -41,7 +41,10 @@ node default { #incude a role on any node that specifies it's role via a trusted fact at provision time #https://docs.puppetlabs.com/puppet/latest/reference/lang_facts_and_builtin_vars.html#trusted-facts #https://docs.puppetlabs.com/puppet/latest/reference/ssl_attributes_extensions.html#aws-attributes-and-extensions-population-example - include "role::${trusted['extensions']['pp_role']}" + + if !empty( ${trusted['extensions']['pp_role']} ) { + include "role::${trusted['extensions']['pp_role']}" + } # This is where you can declare classes for all nodes. # Example: From 86cb66b057c0d2c45519f0cdceb28206528c7e1b Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Thu, 22 Oct 2015 14:25:17 -0700 Subject: [PATCH 58/75] fix incorrect curly brace --- manifests/site.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/site.pp b/manifests/site.pp index 7f7b8db..5442bc0 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -42,7 +42,7 @@ node default { #https://docs.puppetlabs.com/puppet/latest/reference/lang_facts_and_builtin_vars.html#trusted-facts #https://docs.puppetlabs.com/puppet/latest/reference/ssl_attributes_extensions.html#aws-attributes-and-extensions-population-example - if !empty( ${trusted['extensions']['pp_role']} ) { + if !empty( $trusted['extensions']['pp_role'] ) { include "role::${trusted['extensions']['pp_role']}" } From ac0f1b0cdc7f0a6dff8e2922f12e6af6f1dc986c Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Thu, 22 Oct 2015 15:43:36 -0700 Subject: [PATCH 59/75] Multiple fixes to the README fix step 16 and 17 being out of order fix a step that referred erronously to step 4 change the numbering to be reflective of actual numbering --- README.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 333d136..70383ab 100644 --- a/README.md +++ b/README.md @@ -53,37 +53,37 @@ http://docs.puppetlabs.com/pe/latest/regenerate_certs_master.html 7. Add your user to the `puppet` group as well -7. Create a project called `control-repo` and set the Namespace to be the `puppet` group +8. Create a project called `control-repo` and set the Namespace to be the `puppet` group -8. Logout of root and login as the `r10k_api_user` +9. Logout of root and login as the `r10k_api_user` - Go to profile settings -> account ( https:///profile/account ) - Copy the api token -9. Clone this control repository to your laptop/workstation +10. Clone this control repository to your laptop/workstation - `git clone https://github.com/npwalker/control-repo.git` - `cd control-repo` -10. `git mv hieradata/nodes/example-puppet-master.yaml hieradata/nodes/.yaml` +11. `git mv hieradata/nodes/example-puppet-master.yaml hieradata/nodes/.yaml` - Open `hieradata/nodes/.yaml` - edit `gms_api_token` to be your api token - edit `git_management_system` to be 'gitlab' - edit the `gms_server_url` -11. `git add hieradata/nodes/.yaml` +12. `git add hieradata/nodes/.yaml` -11. `git commit -m "renaming example-puppet-master.yaml"` +13. `git commit -m "renaming example-puppet-master.yaml"` -11. Rename my repository as the upstream remote +14. Rename my repository as the upstream remote - `git remote rename origin upstream` -12. Add your internal repository as the origin remote - - `git remote add origin ` +15. Add your internal repository as the origin remote + - `git remote add origin ` -13. `git branch --set-upstream-to origin/production` - -13. Push the production branch of the repository from your machine up to your git server +16. Push the production branch of the repository from your machine up to your git server - `git push origin production` +17. `git branch --set-upstream-to origin/production` + ###Stash Coming soon! From baf376d30fc851cb401b7852dfd262b926c5ba0d Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Thu, 22 Oct 2015 15:48:06 -0700 Subject: [PATCH 60/75] add .gitignore to ignore my example hiera file --- .gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..897fdc4 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +hieradata/nodes/example-puppet-master.yaml From 92f8d2d251d9e6fde5c124cb9a6974b1455269f7 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Mon, 26 Oct 2015 14:59:20 -0700 Subject: [PATCH 61/75] Configure the MoM to update the classifier after deploying code This entailed configring the classifier to never sync on a schedule. Changing environment_timeout to unlimited for all masters. Setting a postrun command for r10k that would update the class information in the classifier (the update-classes endpoint). --- hieradata/common.yaml | 5 +++++ hieradata/nodes/example-puppet-master.yaml | 4 ++++ .../profile/files/puppetmaster/update-classes.sh | 11 +++++++++++ site/profile/manifests/puppetmaster.pp | 16 ++++++++++++++++ 4 files changed, 36 insertions(+) create mode 100644 site/profile/files/puppetmaster/update-classes.sh diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 07fbd80..f3fb25a 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -3,3 +3,8 @@ message: "This node is using common data" #Puppet Server Tuning puppet_enterprise::master::puppetserver::jruby_max_requests_per_instance: 10000 + +#pe-console-services tuning +#https://docs.puppetlabs.com/pe/latest/console_config.html#tuning-the-classifier-synchronization-period +#disable classifier scheduled sync and rely on r10k postrun command to sync the classes +puppet_enterprise::profile::consolei::classifier_synchronization_period: 0 diff --git a/hieradata/nodes/example-puppet-master.yaml b/hieradata/nodes/example-puppet-master.yaml index 677e10d..584faac 100644 --- a/hieradata/nodes/example-puppet-master.yaml +++ b/hieradata/nodes/example-puppet-master.yaml @@ -2,3 +2,7 @@ git_management_system: 'gitlab' gms_server_url: 'https://gitlab-server' gms_api_token: 'BDkZfWWnk4LVTLHdAywd' + +#setup r10k to update classes in the console after code deploy +pe_r10k::postrun: + - '/usr/local/bin/update-classes.sh' diff --git a/site/profile/files/puppetmaster/update-classes.sh b/site/profile/files/puppetmaster/update-classes.sh new file mode 100644 index 0000000..dea10a9 --- /dev/null +++ b/site/profile/files/puppetmaster/update-classes.sh @@ -0,0 +1,11 @@ +#https://docs.puppetlabs.com/pe/latest/nc_update_classes.html#post-v1update-classes + +CONFDIR=$(puppet master --configprint confdir) + +CERT=$(puppet master --confdir ${CONFDIR} --configprint hostcert) +CACERT=$(puppet master --confdir ${CONFDIR} --configprint localcacert) +PRVKEY=$(puppet master --confdir ${CONFDIR} --configprint hostprivkey) +OPTIONS="--cert ${CERT} --cacert ${CACERT} --key ${PRVKEY}" +CONSOLE=$(awk '/server =/{print $NF}' ${CONFDIR}/console.conf) + +curl -k -X POST ${OPTIONS} "https://${CONSOLE}:4433/classifier-api/v1/update-classes" diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp index bc52d3b..687b957 100644 --- a/site/profile/manifests/puppetmaster.pp +++ b/site/profile/manifests/puppetmaster.pp @@ -48,4 +48,20 @@ class profile::puppetmaster { } #END - Add deploy key and webhook to git management system + #Lay down update-classes.sh for use in r10k postrun_command + #This is configured via the pe_r10k::postrun key in hiera + file { '/usr/local/bin/update-classes.sh' : + ensure => file, + source => 'puppet::///modules/profile/puppetmaster/update-classes.sh', + } + + #https://docs.puppetlabs.com/puppet/latest/reference/config_file_environment.html#environmenttimeout + ini_setting { "environment_timeout = unlimited": + ensure => present, + path => '/etc/puppetlabs/puppet/puppet.conf', + section => 'main', + setting => 'environment_timeout', + value => 'unlimited', + } + } From 1cb89d981a7845453529a3a86ac9a9b1254fe61f Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Mon, 26 Oct 2015 15:12:39 -0700 Subject: [PATCH 62/75] Fix some embarassing typos --- hieradata/common.yaml | 2 +- site/profile/manifests/puppetmaster.pp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/hieradata/common.yaml b/hieradata/common.yaml index f3fb25a..191061c 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -7,4 +7,4 @@ puppet_enterprise::master::puppetserver::jruby_max_requests_per_instance: 10000 #pe-console-services tuning #https://docs.puppetlabs.com/pe/latest/console_config.html#tuning-the-classifier-synchronization-period #disable classifier scheduled sync and rely on r10k postrun command to sync the classes -puppet_enterprise::profile::consolei::classifier_synchronization_period: 0 +puppet_enterprise::profile::console::classifier_synchronization_period: 0 diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp index 687b957..ec85155 100644 --- a/site/profile/manifests/puppetmaster.pp +++ b/site/profile/manifests/puppetmaster.pp @@ -52,7 +52,7 @@ class profile::puppetmaster { #This is configured via the pe_r10k::postrun key in hiera file { '/usr/local/bin/update-classes.sh' : ensure => file, - source => 'puppet::///modules/profile/puppetmaster/update-classes.sh', + source => 'puppet:///modules/profile/puppetmaster/update-classes.sh', } #https://docs.puppetlabs.com/puppet/latest/reference/config_file_environment.html#environmenttimeout From 4598483d0f7faf357c443e12816a45cd0f975e50 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Mon, 26 Oct 2015 15:50:22 -0700 Subject: [PATCH 63/75] Fix the update-classes script and set appropriate perms on it --- site/profile/files/puppetmaster/update-classes.sh | 2 +- site/profile/manifests/puppetmaster.pp | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/site/profile/files/puppetmaster/update-classes.sh b/site/profile/files/puppetmaster/update-classes.sh index dea10a9..fc33026 100644 --- a/site/profile/files/puppetmaster/update-classes.sh +++ b/site/profile/files/puppetmaster/update-classes.sh @@ -6,6 +6,6 @@ CERT=$(puppet master --confdir ${CONFDIR} --configprint hostcert) CACERT=$(puppet master --confdir ${CONFDIR} --configprint localcacert) PRVKEY=$(puppet master --confdir ${CONFDIR} --configprint hostprivkey) OPTIONS="--cert ${CERT} --cacert ${CACERT} --key ${PRVKEY}" -CONSOLE=$(awk '/server =/{print $NF}' ${CONFDIR}/console.conf) +CONSOLE=$(awk '/server: /{print $NF}' ${CONFDIR}/classifier.yaml) curl -k -X POST ${OPTIONS} "https://${CONSOLE}:4433/classifier-api/v1/update-classes" diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp index ec85155..193f0ca 100644 --- a/site/profile/manifests/puppetmaster.pp +++ b/site/profile/manifests/puppetmaster.pp @@ -53,6 +53,7 @@ class profile::puppetmaster { file { '/usr/local/bin/update-classes.sh' : ensure => file, source => 'puppet:///modules/profile/puppetmaster/update-classes.sh', + mode => '755', } #https://docs.puppetlabs.com/puppet/latest/reference/config_file_environment.html#environmenttimeout From 8fe670beb09ffa086c5c8937bfc12d64d3296578 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Mon, 26 Oct 2015 16:32:24 -0700 Subject: [PATCH 64/75] make environment timeout setting refresh the puppet master service --- site/profile/manifests/puppetmaster.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp index 193f0ca..1c618a2 100644 --- a/site/profile/manifests/puppetmaster.pp +++ b/site/profile/manifests/puppetmaster.pp @@ -63,6 +63,7 @@ class profile::puppetmaster { section => 'main', setting => 'environment_timeout', value => 'unlimited', + notify => Service['pe-puppetserver'], } } From d6cb170a787da4ca4c0d830c5002893f7ae72bb3 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Wed, 28 Oct 2015 10:37:59 -0700 Subject: [PATCH 65/75] enable ssl on the webhook --- site/profile/manifests/puppetmaster.pp | 30 ++++++++++--------- .../manifests/webhook_no_mcollective.pp | 2 +- 2 files changed, 17 insertions(+), 15 deletions(-) diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp index 1c618a2..3085300 100644 --- a/site/profile/manifests/puppetmaster.pp +++ b/site/profile/manifests/puppetmaster.pp @@ -27,22 +27,24 @@ class profile::puppetmaster { if $git_management_system in ['gitlab', 'github'] { git_deploy_key { "add_deploy_key_to_puppet_control-${fqdn}": - ensure => present, - name => $::fqdn, - path => "${r10k_ssh_key_file}.pub", - token => hiera('gms_api_token'), - project_name => 'puppet/control-repo', - server_url => hiera('gms_server_url'), - provider => $git_management_system, + ensure => present, + name => $::fqdn, + path => "${r10k_ssh_key_file}.pub", + token => hiera('gms_api_token'), + project_name => 'puppet/control-repo', + server_url => hiera('gms_server_url'), + provider => $git_management_system, + disable_ssl_verify => true, } git_webhook { 'web_post_receive_webhook' : - ensure => present, - webhook_url => "http://${fqdn}:8088/payload", - token => hiera('gms_api_token'), - project_name => 'puppet/control-repo', - server_url => hiera('gms_server_url'), - provider => $git_management_system, + ensure => present, + webhook_url => "http://${fqdn}:8088/payload", + token => hiera('gms_api_token'), + project_name => 'puppet/control-repo', + server_url => hiera('gms_server_url'), + provider => $git_management_system, + disable_ssl_verify => true, } } @@ -63,7 +65,7 @@ class profile::puppetmaster { section => 'main', setting => 'environment_timeout', value => 'unlimited', - notify => Service['pe-puppetserver'], + notify => Service['pe-puppetserver'], } } diff --git a/site/profile/manifests/webhook_no_mcollective.pp b/site/profile/manifests/webhook_no_mcollective.pp index 9f4b7fa..f4f50d7 100644 --- a/site/profile/manifests/webhook_no_mcollective.pp +++ b/site/profile/manifests/webhook_no_mcollective.pp @@ -1,7 +1,7 @@ class profile::webhook_no_mcollective { class {'r10k::webhook::config': - enable_ssl => false, + enable_ssl => true, protected => false, use_mcollective => false, } From c2aeccd388fb56fdb7b02d4796ab5e140bce00e8 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Wed, 28 Oct 2015 11:27:57 -0700 Subject: [PATCH 66/75] disable SSL on the zack/r10k webhook The abrader/gms provider for gitlab doesn't support disabling ssl verification but will soon. --- site/profile/manifests/puppetmaster.pp | 1 - site/profile/manifests/webhook_no_mcollective.pp | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp index 3085300..8e0817c 100644 --- a/site/profile/manifests/puppetmaster.pp +++ b/site/profile/manifests/puppetmaster.pp @@ -34,7 +34,6 @@ class profile::puppetmaster { project_name => 'puppet/control-repo', server_url => hiera('gms_server_url'), provider => $git_management_system, - disable_ssl_verify => true, } git_webhook { 'web_post_receive_webhook' : diff --git a/site/profile/manifests/webhook_no_mcollective.pp b/site/profile/manifests/webhook_no_mcollective.pp index f4f50d7..9f4b7fa 100644 --- a/site/profile/manifests/webhook_no_mcollective.pp +++ b/site/profile/manifests/webhook_no_mcollective.pp @@ -1,7 +1,7 @@ class profile::webhook_no_mcollective { class {'r10k::webhook::config': - enable_ssl => true, + enable_ssl => false, protected => false, use_mcollective => false, } From 591f9b9f0b262fa7a3099c81aace527e09fbbd0b Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Wed, 28 Oct 2015 11:36:44 -0700 Subject: [PATCH 67/75] remove environment_timeout =0 from environment.conf --- environment.conf | 6 ------ 1 file changed, 6 deletions(-) diff --git a/environment.conf b/environment.conf index 6d60708..5ba929b 100644 --- a/environment.conf +++ b/environment.conf @@ -1,8 +1,2 @@ modulepath = modules:site:$basemodulepath config_version = 'scripts/config_version.sh $environmentpath $environment' - -# Environment timeout should be set to unlimited. When set to zero it is less performant. -# When code is deployed the admin API of puppetserver should be used to force a refresh of code from disk. -# https://docs.puppetlabs.com/puppetserver/1.0/release_notes.html#new-feature-admin-api-for-refreshing-environments -# https://docs.puppetlabs.com/puppet/3.7/reference/environments_configuring.html#environmenttimeout -environment_timeout = 0 From b6351f9e5d80bbf93374575591e8a95ad07c255d Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Wed, 28 Oct 2015 13:16:36 -0700 Subject: [PATCH 68/75] Add $::fqdn to post receive hook title Also, change other references of $fqdn to $::fqdn --- site/profile/manifests/puppetmaster.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp index 8e0817c..5c9b59a 100644 --- a/site/profile/manifests/puppetmaster.pp +++ b/site/profile/manifests/puppetmaster.pp @@ -26,7 +26,7 @@ class profile::puppetmaster { if $git_management_system in ['gitlab', 'github'] { - git_deploy_key { "add_deploy_key_to_puppet_control-${fqdn}": + git_deploy_key { "add_deploy_key_to_puppet_control-${::fqdn}": ensure => present, name => $::fqdn, path => "${r10k_ssh_key_file}.pub", @@ -36,9 +36,9 @@ class profile::puppetmaster { provider => $git_management_system, } - git_webhook { 'web_post_receive_webhook' : + git_webhook { "web_post_receive_webhook-${::fqdn}" : ensure => present, - webhook_url => "http://${fqdn}:8088/payload", + webhook_url => "http://${::fqdn}:8088/payload", token => hiera('gms_api_token'), project_name => 'puppet/control-repo', server_url => hiera('gms_server_url'), From e045f172bd5d1b14873bf323fe83230f7cc1aa2c Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Thu, 29 Oct 2015 09:44:01 -0700 Subject: [PATCH 69/75] enable SSL on the zack/r10k webhook --- site/profile/manifests/puppetmaster.pp | 2 +- site/profile/manifests/webhook_no_mcollective.pp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp index 5c9b59a..d306ad5 100644 --- a/site/profile/manifests/puppetmaster.pp +++ b/site/profile/manifests/puppetmaster.pp @@ -38,7 +38,7 @@ class profile::puppetmaster { git_webhook { "web_post_receive_webhook-${::fqdn}" : ensure => present, - webhook_url => "http://${::fqdn}:8088/payload", + webhook_url => "https://${::fqdn}:8088/payload", token => hiera('gms_api_token'), project_name => 'puppet/control-repo', server_url => hiera('gms_server_url'), diff --git a/site/profile/manifests/webhook_no_mcollective.pp b/site/profile/manifests/webhook_no_mcollective.pp index 9f4b7fa..f4f50d7 100644 --- a/site/profile/manifests/webhook_no_mcollective.pp +++ b/site/profile/manifests/webhook_no_mcollective.pp @@ -1,7 +1,7 @@ class profile::webhook_no_mcollective { class {'r10k::webhook::config': - enable_ssl => false, + enable_ssl => true, protected => false, use_mcollective => false, } From 0b7acebc34beb3890eba34edd5b6ac8b7a1e9251 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Thu, 29 Oct 2015 11:42:19 -0700 Subject: [PATCH 70/75] switch to npwalker/abrader-gms --- Puppetfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Puppetfile b/Puppetfile index df6bec9..ac90e14 100644 --- a/Puppetfile +++ b/Puppetfile @@ -32,5 +32,5 @@ mod 'r10k', :tag => 'v3.1.1' mod 'gms', - :git => 'https://github.com/abrader/abrader-gms', - :tag => 'bb5bcaa4e0fbeb2dae08eedb09d7eec1681a6172' + :git => 'https://github.com/npwalker/abrader-gms', + :branch => 'gitlab_disable_ssl_verify_support' From 3fcf6e3d5e631491272a39177448c97b431ea477 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Thu, 29 Oct 2015 11:59:19 -0700 Subject: [PATCH 71/75] change puppetserver heap to 192m --- hieradata/virtual/virtualbox.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hieradata/virtual/virtualbox.yaml b/hieradata/virtual/virtualbox.yaml index 7676f17..9bc8237 100644 --- a/hieradata/virtual/virtualbox.yaml +++ b/hieradata/virtual/virtualbox.yaml @@ -22,7 +22,7 @@ pe_puppetdb::pe::listen_address: '0.0.0.0' puppet_enterprise::profile::puppetdb::listen_address: '0.0.0.0' puppet_enterprise::profile::amq::broker::heap_mb: '96' puppet_enterprise::profile::master::java_args: - Xmx: '128m' + Xmx: '192m' Xms: '128m' 'XX:MaxPermSize': '=96m' 'XX:PermSize': '=64m' From 8e271e3043fd55ce7c39f520360214e6844085af Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Fri, 30 Oct 2015 13:04:42 -0700 Subject: [PATCH 72/75] Change the zack/r10k webhook to utilize username and password To accomodate generating random usernames and passwords, I had to parameterize the profiles which I didn't feel great about but I also didn't want to have to put the username and pass in hiera. --- site/profile/manifests/puppetmaster.pp | 7 +++++-- site/profile/manifests/webhook_no_mcollective.pp | 9 +++++++-- site/role/manifests/all_in_one_pe.pp | 14 ++++++++++++-- 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp index d306ad5..d3f1a87 100644 --- a/site/profile/manifests/puppetmaster.pp +++ b/site/profile/manifests/puppetmaster.pp @@ -1,4 +1,7 @@ -class profile::puppetmaster { +class profile::puppetmaster ( + $webhook_username, + $webhook_password +) { class { 'hiera': hierarchy => [ @@ -38,7 +41,7 @@ class profile::puppetmaster { git_webhook { "web_post_receive_webhook-${::fqdn}" : ensure => present, - webhook_url => "https://${::fqdn}:8088/payload", + webhook_url => "https://${webhook_username}:${webhook_password}@${::fqdn}:8088/payload", token => hiera('gms_api_token'), project_name => 'puppet/control-repo', server_url => hiera('gms_server_url'), diff --git a/site/profile/manifests/webhook_no_mcollective.pp b/site/profile/manifests/webhook_no_mcollective.pp index f4f50d7..dc7b1aa 100644 --- a/site/profile/manifests/webhook_no_mcollective.pp +++ b/site/profile/manifests/webhook_no_mcollective.pp @@ -1,8 +1,13 @@ -class profile::webhook_no_mcollective { +class profile::webhook_no_mcollective ( + $username, + $password +) { class {'r10k::webhook::config': enable_ssl => true, - protected => false, + protected => true, + user => $username, + pass => $password, use_mcollective => false, } diff --git a/site/role/manifests/all_in_one_pe.pp b/site/role/manifests/all_in_one_pe.pp index f34a261..3762325 100644 --- a/site/role/manifests/all_in_one_pe.pp +++ b/site/role/manifests/all_in_one_pe.pp @@ -1,6 +1,16 @@ class role::all_in_one_pe { - include profile::webhook_no_mcollective - include profile::puppetmaster + $webhook_username = hiera('webhook_username', fqdn_rand_string(10, '', 'username')) + $webhook_password = hiera('webhook_password', fqdn_rand_string(20, '', 'password')) + + class { 'profile::puppetmaster' : + webhook_username => $webhook_username, + webhook_password => $webhook_password, + } + + class { 'profile::webhook_no_mcollective' : + username => $webhook_username, + password => $webhook_password, + } } From 3149d9707f2882bdd4bc499a2bc65fb6dff36bf9 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Fri, 30 Oct 2015 13:42:33 -0700 Subject: [PATCH 73/75] Refactor webhook profiles into one profile with a parameter Previously there was a mcollective and no_mcollective version of the webhook profile. They were almost identical so I merged them and manage the difference with a "use_mcollective" parameter. I renamed the webhook profile to zack_r10k_webhook. --- site/profile/manifests/puppetmaster.pp | 22 +++++++++---------- site/profile/manifests/webhook_mcollective.pp | 15 ------------- ...no_mcollective.pp => zack_r10k_webhook.pp} | 15 ++++++++++--- site/role/manifests/all_in_one_pe.pp | 2 +- 4 files changed, 24 insertions(+), 30 deletions(-) delete mode 100644 site/profile/manifests/webhook_mcollective.pp rename site/profile/manifests/{webhook_no_mcollective.pp => zack_r10k_webhook.pp} (57%) diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp index d3f1a87..1a199cd 100644 --- a/site/profile/manifests/puppetmaster.pp +++ b/site/profile/manifests/puppetmaster.pp @@ -23,20 +23,20 @@ class profile::puppetmaster ( creates => $r10k_ssh_key_file, } #END - Generate an SSH key for r10k to connect to git - + #BEGIN - Add deploy key and webook to git management system $git_management_system = hiera('git_management_system', '') if $git_management_system in ['gitlab', 'github'] { - + git_deploy_key { "add_deploy_key_to_puppet_control-${::fqdn}": - ensure => present, - name => $::fqdn, - path => "${r10k_ssh_key_file}.pub", - token => hiera('gms_api_token'), - project_name => 'puppet/control-repo', - server_url => hiera('gms_server_url'), - provider => $git_management_system, + ensure => present, + name => $::fqdn, + path => "${r10k_ssh_key_file}.pub", + token => hiera('gms_api_token'), + project_name => 'puppet/control-repo', + server_url => hiera('gms_server_url'), + provider => $git_management_system, } git_webhook { "web_post_receive_webhook-${::fqdn}" : @@ -57,11 +57,11 @@ class profile::puppetmaster ( file { '/usr/local/bin/update-classes.sh' : ensure => file, source => 'puppet:///modules/profile/puppetmaster/update-classes.sh', - mode => '755', + mode => '0755', } #https://docs.puppetlabs.com/puppet/latest/reference/config_file_environment.html#environmenttimeout - ini_setting { "environment_timeout = unlimited": + ini_setting { 'environment_timeout = unlimited': ensure => present, path => '/etc/puppetlabs/puppet/puppet.conf', section => 'main', diff --git a/site/profile/manifests/webhook_mcollective.pp b/site/profile/manifests/webhook_mcollective.pp deleted file mode 100644 index 395cc7a..0000000 --- a/site/profile/manifests/webhook_mcollective.pp +++ /dev/null @@ -1,15 +0,0 @@ -class profile::webhook_mcollective { - - class { 'r10k::mcollective': - notify => Service['mcollective'], - } - - include r10k::webhook::config - - class {'r10k::webhook': - user => 'root', - group => '0', - require => Class['r10k::webhook::config'], - } - -} diff --git a/site/profile/manifests/webhook_no_mcollective.pp b/site/profile/manifests/zack_r10k_webhook.pp similarity index 57% rename from site/profile/manifests/webhook_no_mcollective.pp rename to site/profile/manifests/zack_r10k_webhook.pp index dc7b1aa..7e0bd40 100644 --- a/site/profile/manifests/webhook_no_mcollective.pp +++ b/site/profile/manifests/zack_r10k_webhook.pp @@ -1,14 +1,23 @@ -class profile::webhook_no_mcollective ( +class profile::zack_r10k_webhook ( $username, - $password + $password, + $use_mcollective = false, ) { + if $use_mcollective { + + class { 'r10k::mcollective': + notify => Service['mcollective'], + } + + } + class {'r10k::webhook::config': enable_ssl => true, protected => true, user => $username, pass => $password, - use_mcollective => false, + use_mcollective => $use_mcollective, } class {'r10k::webhook': diff --git a/site/role/manifests/all_in_one_pe.pp b/site/role/manifests/all_in_one_pe.pp index 3762325..6bc2eb3 100644 --- a/site/role/manifests/all_in_one_pe.pp +++ b/site/role/manifests/all_in_one_pe.pp @@ -8,7 +8,7 @@ class role::all_in_one_pe { webhook_password => $webhook_password, } - class { 'profile::webhook_no_mcollective' : + class { 'profile::zack_r10k_webhook' : username => $webhook_username, password => $webhook_password, } From e5be3e2ddd2201a26a848fbc412b6705ff9154f9 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Fri, 30 Oct 2015 13:50:10 -0700 Subject: [PATCH 74/75] fixing a bunch of puppet lint warnings --- site/profile/manifests/gitlab.pp | 10 +++++----- site/profile/manifests/stash.pp | 8 ++++---- site/role/manifests/database_server.pp | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/site/profile/manifests/gitlab.pp b/site/profile/manifests/gitlab.pp index c3e5f82..72c57e5 100644 --- a/site/profile/manifests/gitlab.pp +++ b/site/profile/manifests/gitlab.pp @@ -4,21 +4,21 @@ class profile::gitlab { ensure => directory, } - file { "/etc/gitlab/ssl/${fqdn}.key" : + file { "/etc/gitlab/ssl/${::fqdn}.key" : ensure => file, - source => "${settings::privatekeydir}/${trusted['certname']}.pem", + source => "${::settings::privatekeydir}/${::trusted['certname']}.pem", notify => Exec['gitlab_reconfigure'], } - file { "/etc/gitlab/ssl/${fqdn}.crt" : + file { "/etc/gitlab/ssl/${::fqdn}.crt" : ensure => file, - source => "${settings::certdir}/${trusted['certname']}.pem", + source => "${::settings::certdir}/${::trusted['certname']}.pem", notify => Exec['gitlab_reconfigure'], } class { 'gitlab': external_url => hiera( 'gms_server_url', "https://${::fqdn}") , - require => File["/etc/gitlab/ssl/${fqdn}.key", "/etc/gitlab/ssl/${fqdn}.key"], + require => File["/etc/gitlab/ssl/${::fqdn}.key", "/etc/gitlab/ssl/${::fqdn}.key"], } } diff --git a/site/profile/manifests/stash.pp b/site/profile/manifests/stash.pp index b3298e4..18b0468 100644 --- a/site/profile/manifests/stash.pp +++ b/site/profile/manifests/stash.pp @@ -2,8 +2,8 @@ class profile::stash { class { 'java' : version => present, - } -> - + } -> + class { 'postgresql::globals': manage_package_repo => true, version => '9.4', @@ -16,9 +16,9 @@ class profile::stash { } -> class { 'stash': - javahome => '/etc/alternatives/java_sdk', + javahome => '/etc/alternatives/java_sdk', #dev.mode grants a 24-hour license for testing - java_opts => '-Datlassian.dev.mode=true', + java_opts => '-Datlassian.dev.mode=true', } file { '/opt/puppetlabs/bin/stash_mco.rb': diff --git a/site/role/manifests/database_server.pp b/site/role/manifests/database_server.pp index 8c37438..aacc912 100644 --- a/site/role/manifests/database_server.pp +++ b/site/role/manifests/database_server.pp @@ -2,6 +2,6 @@ class role::database_server { #This role would be made of all the profiles that need to be included to make a database server work #All roles should include the base profile - include profile::base + include profile::base } From 7e40513c531d98015101367baf5d480d7ea6d2e3 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Tue, 17 Nov 2015 14:10:45 -0800 Subject: [PATCH 75/75] Change owner/group to pe-puppet for hiera module When the owner / group was root this meant that enabling hiera-eyaml wouldn't work properly as the keys couldn't be read by puppetserver. Changing to pe-puppet should resolve the issue. --- site/profile/manifests/puppetmaster.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp index 1a199cd..0954807 100644 --- a/site/profile/manifests/puppetmaster.pp +++ b/site/profile/manifests/puppetmaster.pp @@ -11,8 +11,8 @@ class profile::puppetmaster ( ], hiera_yaml => '/etc/puppetlabs/code/hiera.yaml', datadir => '/etc/puppetlabs/code/environments/%{environment}/hieradata', - owner => 'root', - group => 'root', + owner => 'pe-puppet', + group => 'pe-puppet', notify => Service['pe-puppetserver'], }