devsnack/control-repo
1
0
Fork 0
Code Releases Activity

Compare commits

base: devsnack:production
Branches Tags
devsnack:production
devsnack:main
devsnack:binford2k-patch-1
devsnack:1.1.0
devsnack:1.0.0
devsnack:0.5.1
devsnack:0.5.0
..
compare: devsnack:0.5.0
Branches Tags
devsnack:production
devsnack:main
devsnack:binford2k-patch-1
devsnack:1.1.0
devsnack:1.0.0
devsnack:0.5.1
devsnack:0.5.0

No commits in common. "production" and "0.5.0" have entirely different histories.
production ... 0.5.0

33 changed files with 487 additions and 241 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
modules/
hieradata/nodes/example-puppet-master.yaml

1
CODEOWNERS
View File

@ -1 +0,0 @@
* @puppetlabs/cs-arch

51
Puppetfile
View File

@ -1,17 +1,42 @@
forge 'https://forge.puppet.com'
forge "http://forge.puppetlabs.com"
# Modules from the Puppet Forge
# Versions should be updated to be the latest at the time you start
#mod 'puppetlabs/inifile', '5.0.1'
#mod 'puppetlabs/stdlib', '7.0.1'
#mod 'puppetlabs/concat', '7.0.1'
# Note the versions are all set to :latest but after you've
# installed you should change them to the exact version you want
mod "hunner/hiera", '2.0.1'
mod "puppetlabs/inifile", :latest
mod "puppetlabs/stdlib", :latest
mod "puppetlabs/concat", :latest
mod "puppetlabs/ntp", :latest
mod "saz/ssh", :latest
mod "puppetlabs/postgresql", '4.5.0'
mod "puppet/stash", '1.3.0'
mod "puppetlabs/java", '1.4.1'
mod "npwalker/pe_code_manager_webhook", '1.0.3'
# Modules from Git
# Examples: https://github.com/puppetlabs/r10k/blob/master/doc/puppetfile.mkd#examples
#mod 'apache',
# git: 'https://github.com/puppetlabs/puppetlabs-apache',
# commit: '1b6f89afdde0df7f9433a163d5c4b5328eac5779'
#An example of using a specific forge module version instead of latest
#Notice the addition of single quotes
#mod "puppetlabs/inifile", '1.3.0'
#mod 'apache',
# git: 'https://github.com/puppetlabs/puppetlabs-apache',
# branch: 'docs_experiment'
# Modules from Github using various references
# Further examples: https://github.com/puppetlabs/r10k/blob/master/doc/puppetfile.mkd#examples
# update the tag to the most current release when implementing
mod 'gitlab',
:git => 'https://github.com/vshn/puppet-gitlab',
:ref => '00397b86dfb3487d9df768cbd3698d362132b5bf'
mod 'r10k',
:git => 'https://github.com/acidprime/r10k',
:tag => 'v3.1.1'
#mod 'pe_code_manager_webhook',
# :git => 'https://github.com/npwalker/pe_code_manager_webhook',
# :ref => '6957aa67e376ca7dcc9a60a58c247ed3e7b66c16'
mod 'gms',
:git => 'https://github.com/npwalker/abrader-gms',
:branch => 'gitlab_disable_ssl_verify_support'
mod 'pltraining-rbac',
:git => 'https://github.com/puppetlabs/pltraining-rbac',
:ref => '2f60e1789a721ce83f8df061e13f8bf81cd4e4ce'

291
README.md
View File

@ -1,123 +1,218 @@
# A Puppet Control Repository
Table of Contents
=================
* [Before Starting](#before-starting)
* [What You Get From This control\-repo](#what-you-get-from-this-control-repo)
* [Copy This Repo Into Your Own Git Server](#copy-this-repo-into-your-own-git-server)
* [GitLab](#gitlab)
* [Bitbucket/Stash](#bitbucketstash)
* [Github](#github)
* [Code Manager Setup](#code-manager-setup)
* [How To Set It All Up](#how-to-set-it-all-up)
* [Setup a Trusted Fact On Your PE Master](#setup-a-trusted-fact-on-your-pe-master)
* [If You Have Not Installed PE](#if-you-have-not-installed-pe)
* [If You Have Already Installed PE](#if-you-have-already-installed-pe)
* [Copy This Repo Into Your Own Git Server](#copy-this-repo-into-your-own-git-server)
* [Gitlab](#gitlab)
* [Stash](#stash)
* [Github](#github)
* [Configure PE to Use the Control\-Repo](#configure-pe-to-use-the-control-repo)
* [Install PE](#install-pe)
* [Get the Control\-Repo Deployed On Your Master](#get-the-control-repo-deployed-on-your-master)
* [Test Code Manager](#test-code-manager)
* [Updating From a Previous Version of PE](#updating-from-a-previous-version-of-pe)
* [Upgrading to PE2015\.3\.z from PE 2015\.2\.z](#upgrading-to-pe20153z-from-pe-20152z)
* [Appendix](#appendix)
* [Test The Zack/r10k Webhook](#test-the-zackr10k-webhook)
# Before Starting
## What You Get From This control-repo
This control repo and the steps below are intended to be used during a new installation of PE.
This is a template [control repository](https://puppet.com/docs/pe/latest/control_repo.html) that has the minimum amount of scaffolding to make it easy to get started with [r10k](https://puppet.com/docs/pe/latest/r10k.html) or Puppet Enterprise's [Code Manager](https://puppet.com/docs/pe/latest/code_mgr.html).
The instructions are geared towards a new installation of PE2015.3.z. However, the control-repo should work just fine on [PE2015.2.z](#upgrading-to-pe20153z-from-pe-20152z)
The important files and items in this template are as follows:
If you intend to use this control-repo on an existing installation then be warned that if you've already written or downloaded modules when you start using r10k it will remove all of the existing modules and replace them with what you define in your Puppetfile. Please copy or move your existing modules to another directory to ensure you do not lose any work you've already started.
* Basic example of roles and profiles.
* An example Puppetfile with various module references.
* An example Hiera configuration file and data directory with pre-created common.yaml and nodes directory.
* These match the default hierarchy that ships with PE.
* An [environment.conf](https://puppet.com/docs/puppet/7/config_file_environment.html) that correctly implements:
* A site-modules directory for roles, profiles, and any custom modules for your organization.
* A config\_version script.
* An example [config\_version](https://puppet.com/docs/puppet/7/config_file_environment.html#environment-conf-allowed-settings) script that outputs the git commit ID of the code that was used during a Puppet run.
# What You Get From This control-repo
Here's a visual representation of the structure of this repository:
As a result of following the instructions below you will receive at least the beginning of a best-practices installation of PE including...
- A git server
- The ability to push code to your git server and have it automatically deployed to your PE Master
- A config_version script to output the commit of code that your agent just applied
- Optimal tuning of PE settings for this configuration
- Working and example roles/profiles code
# How To Set It All Up
## Setup a Trusted Fact On Your PE Master
This control repository is setup to manage certain portions of your PE installation for you if you create a trusted fact called `pp_role`. In order to do so, lay down a file that looks exactly like the below in `/etc/puppetlabs/puppet/csr_attributes.yaml`
```
control-repo/
├── data/ # Hiera data directory.
│   ├── nodes/ # Node-specific data goes here.
│   └── common.yaml # Common data goes here.
├── manifests/
│   └── site.pp # The "main" manifest that contains a default node definition.
├── scripts/
│   ├── code_manager_config_version.rb # A config_version script for Code Manager.
│   ├── config_version.rb # A config_version script for r10k.
│   └── config_version.sh # A wrapper that chooses the appropriate config_version script.
├── site-modules/ # This directory contains site-specific modules and is added to $modulepath.
│   ├── profile/ # The profile module.
│   └── role/ # The role module.
├── LICENSE
├── Puppetfile # A list of external Puppet modules to deploy with an environment.
├── README.md
├── environment.conf # Environment-specific settings. Configures the modulepath and config_version.
└── hiera.yaml # Hiera's configuration file. The Hiera hierarchy is defined here.
---
extension_requests:
#pp_role
1.3.6.1.4.1.34380.1.1.13: 'all_in_one_pe'
```
## Copy This Repo Into Your Own Git Server
### If You Have Not Installed PE
To get started with using the control-repo template in your own environment and git server, we've provided steps for the three most common servers we see: [GitLab](#gitlab), [BitBucket](#bitbucketstash), and [GitHub](#github).
Good then you can proceed forward and the trusted fact will be used when you get to the install step.
### GitLab
### If You Have Already Installed PE
1. Install GitLab.
* <https://about.gitlab.com/downloads/>
1. After GitLab is installed you may sign in with the `root` user. If you didn't specify a custom password during installation, a temporary password is located in `/etc/gitlab/initial_root_password`.
1. Make a user for yourself.
1. Make an SSH key to link with your user. Youll want to do this on the machine you intend to edit code from (most likely not your Puppet master, but your local workstation or laptop).
* <https://docs.gitlab.com/ee/ssh/index.html>
* <https://help.github.com/articles/generating-ssh-keys/>
1. Create a group called `puppet` (this is case sensitive).
* <https://docs.gitlab.com/ee/user/group/index.html>
1. Add your user to the `puppet` group as well.
1. Create a project called `control-repo`, and set the Namespace to be the `puppet` group.
1. Clone this control repository to your laptop/workstation:
* `git clone <repository url>`
* `cd control-repo`
1. Remove this repository as the origin remote:
* `git remote remove origin`
1. Add your internal repository as the origin remote:
* `git remote add origin <url of your gitlab repository>`
1. Push the production branch of the repository from your machine up to your git server
* `git push origin production`
Trusted facts are created at the time a CSR is generated. So, we need to regenerate the certificate on the master for the above trusted fact to be created.
### Bitbucket/Stash
Follow this document to regenerate the certificate on your master.
1. Install Bitbucket
* <https://www.atlassian.com/software/bitbucket/download>
1. Make a `Project` called `puppet` (with a short name of `PUP`)
1. Create a repository called `control-repo`
1. Create a user called `r10k` with a password of `puppet`.
* Make the r10k user an admin of the `PUP` project.
1. Either use the admin user to test pushing code, or create a user for yourself and add your SSH key to that user.
* If making a user for yourself, give your user account read/write or admin privilege to the `PUP` project.
1. Clone this control repository to your laptop/workstation
* `git clone <repository url>`
* `cd control-repo`
1. Remove this repository as the origin remote
* `git remote remove origin`
1. Add your internal repository as the origin remote
* `git remote add origin <url of your bitbucket repository>`
1. Push the production branch of the repository from your machine up to your git server
* `git push origin production`
http://docs.puppetlabs.com/pe/latest/regenerate_certs_master.html
### GitHub
##Copy This Repo Into Your Own Git Server
Follow [GitHub's documentation](https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/creating-a-repository-from-a-template) to create your control repository starting from this template.
###Gitlab
<img width="429" alt="template button" src="https://user-images.githubusercontent.com/1392917/117215366-f4eeb280-adb2-11eb-9108-1bd45c4d98f3.png">
1. Install Gitlab
- https://about.gitlab.com/downloads/
2. After Gitlab is installed you may sign if with the `root` user and password `5iveL!fe`
### GitHub Enterprise
3. Make a user for yourself
1. Prepare your local git client to authenticate with a **local GitHub Enterprise instance**.
* <https://help.github.com/articles/generating-ssh-keys/>
* <https://help.github.com/articles/adding-a-new-ssh-key-to-your-github-account/>
1. Create a repository called `control-repo` in your user account or organization. Ensure that "Initialize this repository with a README" is not selected.
* <https://help.github.com/articles/creating-a-new-repository/>
1. Make a note of your repository URL (HTTPS or SSH, depending on your security configuration).
1. Clone this control repository to your laptop/workstation:
* `git clone <repository url>`
* `cd control-repo`
1. Remove this repository as the origin remote:
* `git remote remove origin`
1. Add your internal repository as the origin remote:
* `git remote add origin <url of your github repository>`
1. Push the production branch of the repository from your machine up to your git server
* `git push origin production`
4. Make an ssh key to link with your user. Youll want to do this on the machine you intend to edit code from ( most likely not your puppet master but your local workstation / laptop )
- http://doc.gitlab.com/ce/ssh/README.html
- https://help.github.com/articles/generating-ssh-keys/
## Code Manager Setup
5. Create a group called `puppet` ( this is case sensitive )
- http://doc.gitlab.com/ce/workflow/groups.html
If you use Puppet Enterprise see the official [documentation](https://puppet.com/docs/pe/latest/code_mgr.html) for enabling Code Manager.
6. Create a user called `r10k_api_user` and add them to the `puppet` group
- From the landing page, select groups
- Choose the puppet group
- In the left hand pane, select memembers
- Add the `r10k_api_user` with `master` permissions
7. Add your user to the `puppet` group as well
8. Create a project called `control-repo` and set the Namespace to be the `puppet` group
9. Logout of root and login as the `r10k_api_user`
- Go to profile settings -> account ( https://<your_gitlab_server>/profile/account )
- Copy the api token
10. Clone this control repository to your laptop/workstation
- `git clone <repository url>`
- `cd control-repo`
11. `git mv hieradata/nodes/example-puppet-master.yaml hieradata/nodes/<fqdn_of_your_puppet_master>.yaml`
- Open `hieradata/nodes/<fqdn_of_your_puppet_master>.yaml`
- edit `gms_api_token` to be your api token
- edit `git_management_system` to be 'gitlab'
- edit the `gms_server_url`
12. `git add hieradata/nodes/<fqdn_of_your_puppet_master>.yaml`
13. `git commit -m "renaming example-puppet-master.yaml"`
14. Rename my repository as the upstream remote
- `git remote rename origin upstream`
15. Add your internal repository as the origin remote
- `git remote add origin <url of your gitlab repository>`
16. Push the production branch of the repository from your machine up to your git server
- `git push origin production`
17. `git branch --set-upstream-to origin/production`
###Stash
Coming soon!
###Github
Coming soon!
##Configure PE to Use the Control-Repo
###Install PE
1. Download the latest version of the PE installer for your platform and copy it to your master
- https://puppetlabs.com/download-puppet-enterprise
2. Expand the tarball and `cd` into the directory
3. Run `puppet-enterprise-installer` to install
If you run into any issues or have more questions about the installer you can see our docs here:
http://docs.puppetlabs.com/pe/latest/install_basic.html
###Get the Control-Repo Deployed On Your Master
At this point you have our control-repo code deployed into your git server. However, we have one final challenge: getting that code onto your puppet master. In the end state the master will pull code from the git server via r10k, however, at this moment your puppet master doesn't have credentials to get code from the git server.
So, we'll set up a deploy key in the git server that will allow a ssh-key we make to deploy the code and configure everything else.
1. On your puppet master, make an ssh key for r10k to connect to gitlab
- `/usr/bin/ssh-keygen -t rsa -b 2048 -C 'code_manager' -f /etc/puppetlabs/puppetserver/code_manager.key -q -N ''`
- http://doc.gitlab.com/ce/ssh/README.html
- https://help.github.com/articles/generating-ssh-keys/
2. Create a deploy key on the `control-repo` project in Gitlab
- Paste in the public key from above
- `cat /etc/puppetlabs/puppetserver/code_manager.key.pub`
3. Login to the PE console
7. Navigate to the Classification page
- Click on the PE Master group
- Click the Classes tab
- Add the `puppet_enterprise::profile::master`
- Set the `r10k_remote` to the ssh url from the front page of your gitlab repo
- Set the `r10k_private_key` parameter to `/etc/puppetlabs/puppetserver/code_manager.key`
- Commit your changes
8. Run `puppet agent -t`
- Expect to see changes to `r10k.yaml`
9. Run `r10k deploy environment -pv`
10. Run `puppet agent -t`
- Expect to see code manager enabled
10. `echo 'code_manager_mv_old_code=true' > /opt/puppetlabs/facter/facts.d/code_manager_mv_old_code.txt`
11. Run `puppet agent -t`
- Now you should see many more changes
- Your code has been deployed with code manager now
## Test Code Manager
One of the components setup by this control-repo is that when you "push" code to your git server, the git server will inform the puppet master to deploy branch you just pushed.
1. In one terminal window, `tail -f /var/log/puppetlabs/puppetserver/puppetserver.log`
2. In a second terminal window
- Add a new file, `touch test_file`
- `git add test_file`
- `git commit -m "adding a test_file"`
- `git push origin production`
3. Allow the push to complete and then wait a few seconds for everything to sync over
- `ls -l /etc/puppetlabs/code/environments/production`
- Confirm test_file is present
4. In your first terminal window review the `puppetserver.log` to see the type of logging each sync will create
----
# Updating From a Previous Version of PE
## Upgrading to PE2015.3.z from PE 2015.2.z
Remove `pe_r10k` from the PE master group in the console and instead add the following two parameters to the `puppet_enterprise::profile::master` class under the PE master group.
- `r10k_remote` = the ssh url for your internal repo
- `r10k_private_key` = `/etc/puppetlabs/puppetserver/code_manager.key`
When upgrading the `puppet_enterprise::profile::master` class has the `file_sync_enabled` parameter set to `false`. This parameter should be removed so that code manager can configure file sync.
Finally, youll need to `echo 'code_manager_mv_old_code=true' > /opt/puppetlabs/facter/facts.d/code_manager_mv_old_code.txt` so that my puppet code will redeploy all of your code with code manager.
# Appendix
## Test The Zack/r10k Webhook
If you are using PE2015.2.z or if you've forced the use of the zack/r10k webhook then you'll want to test that it works.
One of the components setup by this control-repo is that when you "push" code to your git server, the git server will inform the puppet master to run `r10k deploy environment -p`.
1. Edit README.md
- Just add something to it
2. `git add README.md`
3. `git commit -m "edit README"`
4. `git push origin production`
5. Allow the push to complete and then give it few seconds to complete
- Open `/etc/puppetlabs/code/environments/production/README.md` and confirm your change is present

2
data/common.yaml
View File

@ -1,2 +0,0 @@
---
message: "This node is using common data"

1
data/nodes/example-node.yaml
View File

@ -1 +0,0 @@
---

4
environment.conf
View File

@ -1,2 +1,2 @@
modulepath = site-modules:modules:$basemodulepath
config_version = 'scripts/config_version.sh $environmentpath $environment'
modulepath = modules:site:$basemodulepath
config_version = 'scripts/config_version.sh $environmentpath $environment'

12
hiera.yaml
View File

@ -1,12 +0,0 @@
---
version: 5
defaults:
datadir: "data"
hierarchy:
- name: "Yaml backend"
data_hash: yaml_data
paths:
- "nodes/%{trusted.certname}.yaml"
- "common.yaml"

13
hieradata/common.yaml Normal file
View File

@ -0,0 +1,13 @@
---
message: "This node is using common data"
#Puppet Server Tuning
puppet_enterprise::master::puppetserver::jruby_max_requests_per_instance: 0
#Enable code manager
puppet_enterprise::profile::master::code_manager_auto_configure: true
puppet_enterprise::master::code_manager::authenticate_webhook: false
#pe-console-services tuning
#https://docs.puppetlabs.com/pe/latest/console_config.html#tuning-the-classifier-synchronization-period
#disable classifier scheduled sync and rely on r10k postrun command to sync the classes
puppet_enterprise::profile::console::classifier_synchronization_period: 0

8
hieradata/nodes/example-puppet-master.yaml Normal file
View File

@ -0,0 +1,8 @@
---
git_management_system: 'gitlab'
gms_server_url: 'https://gitlab-server'
gms_api_token: 'BDkZfWWnk4LVTLHdAywd'
#setup r10k to update classes in the console after code deploy
pe_r10k::postrun:
- '/usr/local/bin/update-classes.sh'

42
hieradata/virtual/virtualbox.yaml Normal file
View File

@ -0,0 +1,42 @@
#These setting are intended for low memory testing VMs
#Not intended for general usage
---
#Drop puppetdb Java Heap Size
#PE3.2 and above
pe_puppetdb::pe::java_args:
-Xmx: '256m'
-Xms: '64m'
#PE3.1 and below
pe_puppetdb::java_args:
-Xmx: '256m'
-Xms: '64m'
#Drop the activemq java heap size
pe_mcollective::role::master::activemq_heap_mb: '96'
#Allow access to the puppetdb performance dashboard from non-localhost
#This is insecure and also allows access to all API endpoints without verification
pe_puppetdb::pe::listen_address: '0.0.0.0'
#PE3.7+
#Allow access to the puppetdb performance dashboard from non-localhost
#This is insecure and also allows access to all API endpoints without verification
puppet_enterprise::profile::puppetdb::listen_address: '0.0.0.0'
puppet_enterprise::profile::amq::broker::heap_mb: '96'
puppet_enterprise::profile::master::java_args:
Xmx: '192m'
Xms: '128m'
'XX:MaxPermSize': '=96m'
'XX:PermSize': '=64m'
puppet_enterprise::profile::puppetdb::java_args:
Xmx: '96m'
Xms: '96m'
'XX:MaxPermSize': '=96m'
'XX:PermSize': '=64m'
puppet_enterprise::profile::console::java_args:
Xmx: '64m'
Xms: '64m'
'XX:MaxPermSize': '=96m'
'XX:PermSize': '=64m'
puppet_enterprise::master::puppetserver::jruby_max_active_instances: 1 #PE3.7.2 only
puppet_enterprise::profile::console::delayed_job_workers: 1
#shared_buffers takes affect during install but is not managed after
puppet_enterprise::profile::database::shared_buffers: '4MB'

35
manifests/site.pp
View File

@ -1,30 +1,39 @@
## site.pp ##
# This file (./manifests/site.pp) is the main entry point
# This file (/etc/puppetlabs/puppet/manifests/site.pp) is the main entry point
# used when an agent connects to a master and asks for an updated configuration.
# https://puppet.com/docs/puppet/latest/dirs_manifest.html
#
# Global objects like filebuckets and resource defaults should go in this file,
# as should the default node definition if you want to use it.
# as should the default node definition. (The default node can be omitted
# if you use the console and don't define any other nodes in site.pp. See
# http://docs.puppetlabs.com/guides/language_guide.html#nodes for more on
# node definitions.)
## Active Configurations ##
# Disable filebucket by default for all File resources:
# https://github.com/puppetlabs/docs-archive/blob/master/pe/2015.3/release_notes.markdown#filebucket-resource-no-longer-created-by-default
#http://docs.puppetlabs.com/pe/latest/release_notes.html#filebucket-resource-no-longer-created-by-default
File { backup => false }
## Node Definitions ##
# DEFAULT NODE
# Node definitions in this file are merged with node data from the console. See
# http://docs.puppetlabs.com/guides/language_guide.html#nodes for more on
# node definitions.
# The default node definition matches any node lacking a more specific node
# definition. If there are no other node definitions in this file, classes
# and resources declared in the default node definition will be included in
# every node's catalog.
#
# Note that node definitions in this file are merged with node data from the
# Puppet Enterprise console and External Node Classifiers (ENC's).
#
# For more on node definitions, see: https://puppet.com/docs/puppet/latest/lang_node_definitions.html
# definition. If there are no other nodes in this file, classes declared here
# will be included in every node's catalog, *in addition* to any classes
# specified in the console for that node.
node default {
#incude a role on any node that specifies it's role via a trusted fact at provision time
#https://docs.puppetlabs.com/puppet/latest/reference/lang_facts_and_builtin_vars.html#trusted-facts
#https://docs.puppetlabs.com/puppet/latest/reference/ssl_attributes_extensions.html#aws-attributes-and-extensions-population-example
if !empty( $trusted['extensions']['pp_role'] ) {
include "role::${trusted['extensions']['pp_role']}"
}
# This is where you can declare classes for all nodes.
# Example:
# class { 'my_class': }

9
scripts/code_manager_config_version.rb Normal file
View File

@ -0,0 +1,9 @@
require 'json'
environmentpath = ARGV[0]
environment = ARGV[1]
r10k_deploy_file_path = File.join(environmentpath, environment, '.r10k-deploy.json')
#output the sha1 from the control-repo
puts JSON.parse(File.read(r10k_deploy_file_path))['signature']

19
scripts/config_version-r10k.rb
View File

@ -1,19 +0,0 @@
#!/opt/puppetlabs/puppet/bin/ruby
require 'json'
require 'socket'
environmentpath = ARGV[0]
environment = ARGV[1]
# Get the hostname of the Puppet master compiling the catalog.
# Sometimes the hostname is the fqdn, so we'll take the first segment.
compiling_master = Socket.gethostname.split('.').first
# Get the path to the Code Manager deployment info file.
r10k_deploy_file_path = File.join(environmentpath, environment, '.r10k-deploy.json')
# Get the first 12 characters of the commit ID out of the deployment file.
commit_id = JSON.parse(File.read(r10k_deploy_file_path))['signature'][0...11]
# Show the compiling master, environment name, and commit ID.
puts "#{compiling_master}-#{environment}-#{commit_id}"

25
scripts/config_version-rugged.rb
View File

@ -1,25 +0,0 @@
#!/opt/puppetlabs/puppet/bin/ruby
begin
require 'rugged'
require 'socket'
rescue LoadError
t = Time.new
puts t.to_i
else
environmentpath = ARGV[0]
environment = ARGV[1]
# Get the hostname of the Puppet master compiling the catalog.
# Sometimes the hostname is the fqdn, so we'll take the first segment.
compiling_master = Socket.gethostname.split('.').first
# Get the path to the environment being compiled.
repo = Rugged::Repository.discover(File.join(environmentpath, environment))
head = repo.head
# First 12 characters of the sha1 hash of the newest commit.
commit_id = head.target_id[0...11]
# Show the compiling master, environment name, and commit ID.
puts "#{compiling_master}-#{environment}-#{commit_id}"
end

23
scripts/config_version.rb Executable file
View File

@ -0,0 +1,23 @@
begin
require 'rugged'
rescue LoadError => e
t = Time.new
puts t.to_i
else
environmentpath = ARGV[0]
environment = ARGV[1]
repo = Rugged::Repository.discover(File.join(environmentpath, environment))
head = repo.head
#sha1 hash of the newest commit
head_sha = head.target_id
#the commit message associated the newest commit
commit = repo.lookup(head_sha)
#add something to find the remote url
puts head_sha
end

43
scripts/config_version.sh
View File

@ -1,35 +1,12 @@
#!/bin/sh
# Usage
if [ $# -ne 2 -o ! -d "$1" -o ! -d "$1/$2" ]; then
echo "usage: $0 <environmentpath> <environment>" >&2
exit 1
fi
# For portability, identify a preferred ruby executable to use
ruby() {
[ -x /opt/puppetlabs/puppet/bin/ruby ] \
&& /opt/puppetlabs/puppet/bin/ruby "$@" \
|| /usr/bin/env ruby "$@"
}
# Determine how best to calculate a config_version
if [ -e $1/$2/.r10k-deploy.json ]; then
# The environment was deployed using r10k. We will calculate the config
# version using the r10k data.
ruby $1/$2/scripts/config_version-r10k.rb $1 $2
elif [ -e /opt/puppetlabs/server/pe_version ]; then
# This is a Puppet Enterprise system and we can rely on the rugged ruby gem
# being available.
ruby $1/$2/scripts/config_version-rugged.rb $1 $2
elif type git >/dev/null; then
# The git command is available.
git --git-dir $1/$2/.git rev-parse HEAD
#!/bin/bash
if [ -e $1/$2/.r10k-deploy.json ]
then
/opt/puppetlabs/puppet/bin/ruby $1/$2/scripts/code_manager_config_version.rb $1 $2
elif [ -e /opt/puppetlabs/server/pe_version ]
then
/opt/puppetlabs/puppet/bin/ruby $1/$2/scripts/config_version.rb $1 $2
else
# Nothing else available; just use the date.
/usr/bin/git --version > /dev/null 2>&1 &&
/usr/bin/git --git-dir $1/$2/.git rev-parse HEAD ||
date +%s
fi
fi

9
site-modules/adhoc/plans/myplan.pp
View File

@ -1,9 +0,0 @@
# This is a description for my plan
plan adhoc::myplan(
# input parameters go here
TargetSpec $targets,
) {
# plan steps go here
}

4
site-modules/adhoc/tasks/nix_example.json
View File

@ -1,4 +0,0 @@
{
"description": "This is the description for the nix_example task",
"input_method": "environment"
}

3
site-modules/adhoc/tasks/nix_example.sh
View File

@ -1,3 +0,0 @@
#!/bin/bash
# task content goes here

4
site-modules/adhoc/tasks/win_example.json
View File

@ -1,4 +0,0 @@
{
"description": "This is the description for the win_example task",
"input_method": "powershell"
}

1
site-modules/adhoc/tasks/win_example.ps1
View File

@ -1 +0,0 @@
# task content goes here

11
site/profile/files/puppetmaster/update-classes.sh Normal file
View File

@ -0,0 +1,11 @@
#https://docs.puppetlabs.com/pe/latest/nc_update_classes.html#post-v1update-classes
CONFDIR=$(puppet master --configprint confdir)
CERT=$(puppet master --confdir ${CONFDIR} --configprint hostcert)
CACERT=$(puppet master --confdir ${CONFDIR} --configprint localcacert)
PRVKEY=$(puppet master --confdir ${CONFDIR} --configprint hostprivkey)
OPTIONS="--cert ${CERT} --cacert ${CACERT} --key ${PRVKEY}"
CONSOLE=$(awk '/server: /{print $NF}' ${CONFDIR}/classifier.yaml)
curl -k -X POST ${OPTIONS} "https://${CONSOLE}:4433/classifier-api/v1/update-classes"

0
site-modules/profile/manifests/base.pp → site/profile/manifests/base.pp
View File

0
site-modules/profile/manifests/example.pp → site/profile/manifests/example.pp
View File

24
site/profile/manifests/gitlab.pp Normal file
View File

@ -0,0 +1,24 @@
class profile::gitlab {
file { ['/etc/gitlab', '/etc/gitlab/ssl'] :
ensure => directory,
}
file { "/etc/gitlab/ssl/${::fqdn}.key" :
ensure => file,
source => "${::settings::privatekeydir}/${::trusted['certname']}.pem",
notify => Exec['gitlab_reconfigure'],
}
file { "/etc/gitlab/ssl/${::fqdn}.crt" :
ensure => file,
source => "${::settings::certdir}/${::trusted['certname']}.pem",
notify => Exec['gitlab_reconfigure'],
}
class { 'gitlab':
external_url => hiera( 'gms_server_url', "https://${::fqdn}") ,
require => File["/etc/gitlab/ssl/${::fqdn}.key", "/etc/gitlab/ssl/${::fqdn}.key"],
}
}

52
site/profile/manifests/puppetmaster.pp Normal file
View File

@ -0,0 +1,52 @@
class profile::puppetmaster {
$hiera_yaml = "${::settings::confdir}/hiera.yaml"
class { 'hiera':
hierarchy => [
'virtual/%{::virtual}',
'nodes/%{::trusted.certname}',
'common',
],
hiera_yaml => $hiera_yaml,
datadir => '/etc/puppetlabs/code/environments/%{environment}/hieradata',
owner => 'pe-puppet',
group => 'pe-puppet',
notify => Service['pe-puppetserver'],
}
ini_setting { 'puppet.conf hiera_config master section' :
ensure => absent,
path => "${::settings::confdir}/puppet.conf",
section => 'master',
setting => 'hiera_config',
value => $hiera_yaml,
notify => Service['pe-puppetserver'],
}
#remove the default hiera.yaml from the code-staging directory
#after the next code manager deployment it should be removed
#from the live codedir
file { '/etc/puppetlabs/code-staging/hiera.yaml' :
ensure => absent,
}
#Lay down update-classes.sh for use in r10k postrun_command
#This is configured via the pe_r10k::postrun key in hiera
file { '/usr/local/bin/update-classes.sh' :
ensure => file,
source => 'puppet:///modules/profile/puppetmaster/update-classes.sh',
mode => '0755',
}
#https://docs.puppetlabs.com/puppet/latest/reference/config_file_environment.html#environmenttimeout
ini_setting { 'environment_timeout = unlimited':
ensure => present,
path => '/etc/puppetlabs/puppet/puppet.conf',
section => 'main',
setting => 'environment_timeout',
value => 'unlimited',
notify => Service['pe-puppetserver'],
}
}

28
site/profile/manifests/stash.pp Normal file
View File

@ -0,0 +1,28 @@
class profile::stash {
class { 'java' :
version => present,
} ->
class { 'postgresql::globals':
manage_package_repo => true,
version => '9.4',
}->
class { 'postgresql::server': } ->
postgresql::server::db { 'stash':
user => 'stash',
password => postgresql_password('stash', 'password'),
} ->
class { 'stash':
javahome => '/etc/alternatives/java_sdk',
#dev.mode grants a 24-hour license for testing
java_opts => '-Datlassian.dev.mode=true',
}
file { '/opt/puppetlabs/bin/stash_mco.rb':
source => 'puppet:///modules/r10k/stash_mco.rb',
}
}

6
site/role/manifests/all_in_one_pe.pp Normal file
View File

@ -0,0 +1,6 @@
class role::all_in_one_pe {
include profile::puppetmaster
include pe_code_manager_webhook
}

0
site-modules/role/manifests/database_server.pp → site/role/manifests/database_server.pp
View File

0
site-modules/role/manifests/example.pp → site/role/manifests/example.pp
View File

5
site/role/manifests/gitlab.pp Normal file
View File

@ -0,0 +1,5 @@
class role::gitlab {
include profile::gitlab
}

0
site-modules/role/manifests/webserver.pp → site/role/manifests/webserver.pp
View File