cc34e25fd5
- Moved ssh key generation and git deploy key out of the puppetmaster profile and into zack_r10k and code_manager - Swapped code manager into the all_in_one role - Made a 2015.2 all_in_one role if users prefer to use it - Conditionally move all existing code out of environmentpath to allow file sync to sync files - Update the README to compliment the new puppet code |
||
---|---|---|
hieradata | ||
manifests | ||
scripts | ||
site | ||
.gitignore | ||
environment.conf | ||
LICENSE | ||
Puppetfile | ||
README.md |
Before Starting:
This control repo and the steps below are intended to be used during a new installation of PE.
This control repo has only been tested against PE2015.2.z, it's likely close to working on PE3.8.z but has not been tested.
If you intend to use it on an existing installation then be warned that if you've already written or downloaded modules when you start using r10k it will remove all of the existing modules and replace them with what you define in your Puppetfile. Please copy or move your existing modules to another directory to ensure you do not lose any work you've already started.
Setup a Trusted Fact On Your PE Master
This control repository is setup to manage certain portions of your PE installation for you if you create a trusted fact called pp_role
. In order to do so, lay down a file that looks exactly like the below in /etc/puppetlabs/puppet/csr_attributes.yaml
---
extension_requests:
#pp_role
1.3.6.1.4.1.34380.1.1.13: 'all_in_one_pe'
If You Have Not Installed PE
Good then you can proceed forward and the trusted fact will be used when you get to the install step.
If You Have Already Installed PE
Trusted facts are created at the time a CSR is generated. So, we need to regenerate the certificate on the master for the above trusted fact to be created.
Follow this document to regenerate the certificate on your master.
http://docs.puppetlabs.com/pe/latest/regenerate_certs_master.html
##Copy This Repo Into Your Own Git Server
###Gitlab
- Install Gitlab
-
After Gitlab is installed you may sign if with the
root
user and password5iveL!fe
-
Make an user for yourself
-
Make an ssh key to link with your user. You’ll want to do this on the machine you intend to edit code from ( most likely not your puppet master but your local workstation / laptop )
- Create a group called
puppet
( this is case sensitive )
- Create a user called
r10k_api_user
and add them to thepuppet
group
- From the landing page, select groups
- Choose the puppet group
- In the left hand pane, select memembers
- Add the
r10k_api_user
withmaster
permissions
-
Add your user to the
puppet
group as well -
Create a project called
control-repo
and set the Namespace to be thepuppet
group -
Logout of root and login as the
r10k_api_user
- Go to profile settings -> account ( https://<your_gitlab_server>/profile/account )
- Copy the api token
- Clone this control repository to your laptop/workstation
git clone <repository url>
cd control-repo
git mv hieradata/nodes/example-puppet-master.yaml hieradata/nodes/<fqdn_of_your_puppet_master>.yaml
- Open
hieradata/nodes/<fqdn_of_your_puppet_master>.yaml
- edit
gms_api_token
to be your api token - edit
git_management_system
to be 'gitlab' - edit the
gms_server_url
- edit
-
git add hieradata/nodes/<fqdn_of_your_puppet_master>.yaml
-
git commit -m "renaming example-puppet-master.yaml"
-
Rename my repository as the upstream remote
git remote rename origin upstream
- Add your internal repository as the origin remote
git remote add origin <url of your gitlab repository>
- Push the production branch of the repository from your machine up to your git server
git push origin production
git branch --set-upstream-to origin/production
###Stash
Coming soon!
###Github
Coming soon!
##Configure PE to Use the Control-Repo
###Install PE
- Download the latest version of the PE installer for your platform and copy it to your master
- Expand the tarball and
cd
into the directory - Run
puppet-enterprise-installer
to install
If you run into any issues or have more questions about the installer you can see our docs here:
http://docs.puppetlabs.com/pe/latest/install_basic.html
###Get the Control-Repo Deployed On Your Master
At this point you have our control-repo code deployed into your git server. However, we have one final challenge: getting that code onto your puppet master. In the end state the master will pull code from the git server via r10k, however, at this moment your puppet master doesn't have credentials to get code from the git server.
So, we'll set up a deploy key in the git server that will allow a ssh-key we make to deploy the code and configure everything else.
- On your puppet master, make an ssh key for r10k to connect to gitlab
/usr/bin/ssh-keygen -t rsa -b 2048 -C 'code_manager' -f /etc/puppetlabs/puppetserver/code_manager.key -q -N ''
- http://doc.gitlab.com/ce/ssh/README.html
- https://help.github.com/articles/generating-ssh-keys/
- Create a deploy key on the
control-repo
project in Gitlab
- Paste in the public key from above
cat /etc/puppetlabs/puppetserver/code_manager.key.pub
- Login to the PE console
- Select Access Control in the left hand panel
- On the User Roles page, add a new role called
Deploy Environments
- NOTE: Make sure to name it exactly as I have because the puppet code expects that exact name
- After creating the role click through and select the permissions tab
- Add Puppet Environment type, Deploy Code permission, and All object
- Add Tokens type, override default expiry permission
- Still in the PE Console, navigate to the Classification page
- Click on the PE Master group
- Click the Classes tab
- Add the
puppet_enterprise::profile::master
- Set the
r10k_remote
to the ssh url from the front page of your gitlab repo - Set the
r10k_private_key
parameter to/etc/puppetlabs/puppetserver/code_manager.key
- Set the
- Commit your changes
- Run
puppet agent -t
- Expect to see changes to
r10k.yaml
- Run
r10k deploy environment -pv
- Run
puppet agent -t
- Expect to see code manager enabled
echo 'code_manager_mv_old_code=true' > /opt/puppetlabs/facter/facts.d/code_manager_mv_old_code.txt
- Run
puppet agent -t
- Now you should see many more changes
- Your code has been deployed with code manager now
Test Code Manager
Test The Zack/r10k Webhook
One of the components setup by this control-repo is that when you "push" code to your git server, the git server will inform the puppet master to run r10k deploy environment -p
.
- Edit README.md
- Just add something to it
git add README.md
git commit -m "edit README"
git push origin production
- Allow the push to complete and then give it few seconds to complete
- Open
/etc/puppetlabs/code/environments/production/README.md
and confirm your change is present
#Miscellaneous
If You Want to Install Pointing To This Repo on Github
Setting Up Gitlab
- Install Gitlab on a server by specifying the following trusted fact on the soon-to-be Gitlab server and then install the PE agent.
---
extension_requests:
#pp_role
1.3.6.1.4.1.34380.1.1.13: 'gitlab'
Setting up Github
Not yet completed.
Setting up Stash
Not yet completed.
#TODO Flush out generating an answer file and then appending extra answers onto the end of it.