diff options
Diffstat (limited to 'site')
-rw-r--r-- | site/profile/files/puppetmaster/update-classes.sh | 11 | ||||
-rw-r--r-- | site/profile/manifests/base.pp | 5 | ||||
-rw-r--r-- | site/profile/manifests/gitlab.pp | 24 | ||||
-rw-r--r-- | site/profile/manifests/puppetmaster.pp | 73 | ||||
-rw-r--r-- | site/profile/manifests/stash.pp | 28 | ||||
-rw-r--r-- | site/profile/manifests/zack_r10k_webhook.pp | 29 | ||||
-rw-r--r-- | site/role/manifests/all_in_one_pe.pp | 16 | ||||
-rw-r--r-- | site/role/manifests/database_server.pp | 7 | ||||
-rw-r--r-- | site/role/manifests/gitlab.pp | 5 | ||||
-rw-r--r-- | site/role/manifests/webserver.pp | 7 |
10 files changed, 205 insertions, 0 deletions
diff --git a/site/profile/files/puppetmaster/update-classes.sh b/site/profile/files/puppetmaster/update-classes.sh new file mode 100644 index 0000000..fc33026 --- /dev/null +++ b/site/profile/files/puppetmaster/update-classes.sh @@ -0,0 +1,11 @@ +#https://docs.puppetlabs.com/pe/latest/nc_update_classes.html#post-v1update-classes + +CONFDIR=$(puppet master --configprint confdir) + +CERT=$(puppet master --confdir ${CONFDIR} --configprint hostcert) +CACERT=$(puppet master --confdir ${CONFDIR} --configprint localcacert) +PRVKEY=$(puppet master --confdir ${CONFDIR} --configprint hostprivkey) +OPTIONS="--cert ${CERT} --cacert ${CACERT} --key ${PRVKEY}" +CONSOLE=$(awk '/server: /{print $NF}' ${CONFDIR}/classifier.yaml) + +curl -k -X POST ${OPTIONS} "https://${CONSOLE}:4433/classifier-api/v1/update-classes" diff --git a/site/profile/manifests/base.pp b/site/profile/manifests/base.pp new file mode 100644 index 0000000..ae85e65 --- /dev/null +++ b/site/profile/manifests/base.pp @@ -0,0 +1,5 @@ +class profile::base { + + #the base profile should include component modules that will be on all nodes + +} diff --git a/site/profile/manifests/gitlab.pp b/site/profile/manifests/gitlab.pp new file mode 100644 index 0000000..72c57e5 --- /dev/null +++ b/site/profile/manifests/gitlab.pp @@ -0,0 +1,24 @@ +class profile::gitlab { + + file { ['/etc/gitlab', '/etc/gitlab/ssl'] : + ensure => directory, + } + + file { "/etc/gitlab/ssl/${::fqdn}.key" : + ensure => file, + source => "${::settings::privatekeydir}/${::trusted['certname']}.pem", + notify => Exec['gitlab_reconfigure'], + } + + file { "/etc/gitlab/ssl/${::fqdn}.crt" : + ensure => file, + source => "${::settings::certdir}/${::trusted['certname']}.pem", + notify => Exec['gitlab_reconfigure'], + } + + class { 'gitlab': + external_url => hiera( 'gms_server_url', "https://${::fqdn}") , + require => File["/etc/gitlab/ssl/${::fqdn}.key", "/etc/gitlab/ssl/${::fqdn}.key"], + } + +} diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp new file mode 100644 index 0000000..0954807 --- /dev/null +++ b/site/profile/manifests/puppetmaster.pp @@ -0,0 +1,73 @@ +class profile::puppetmaster ( + $webhook_username, + $webhook_password +) { + + class { 'hiera': + hierarchy => [ + 'virtual/%{::virtual}', + 'nodes/%{::trusted.certname}', + 'common', + ], + hiera_yaml => '/etc/puppetlabs/code/hiera.yaml', + datadir => '/etc/puppetlabs/code/environments/%{environment}/hieradata', + owner => 'pe-puppet', + group => 'pe-puppet', + notify => Service['pe-puppetserver'], + } + + #BEGIN - Generate an SSH key for r10k to connect to git + $r10k_ssh_key_file = '/root/.ssh/r10k_rsa' + exec { 'create r10k ssh key' : + command => "/usr/bin/ssh-keygen -t rsa -b 2048 -C 'r10k' -f ${r10k_ssh_key_file} -q -N ''", + creates => $r10k_ssh_key_file, + } + #END - Generate an SSH key for r10k to connect to git + + #BEGIN - Add deploy key and webook to git management system + $git_management_system = hiera('git_management_system', '') + + if $git_management_system in ['gitlab', 'github'] { + + git_deploy_key { "add_deploy_key_to_puppet_control-${::fqdn}": + ensure => present, + name => $::fqdn, + path => "${r10k_ssh_key_file}.pub", + token => hiera('gms_api_token'), + project_name => 'puppet/control-repo', + server_url => hiera('gms_server_url'), + provider => $git_management_system, + } + + git_webhook { "web_post_receive_webhook-${::fqdn}" : + ensure => present, + webhook_url => "https://${webhook_username}:${webhook_password}@${::fqdn}:8088/payload", + token => hiera('gms_api_token'), + project_name => 'puppet/control-repo', + server_url => hiera('gms_server_url'), + provider => $git_management_system, + disable_ssl_verify => true, + } + + } + #END - Add deploy key and webhook to git management system + + #Lay down update-classes.sh for use in r10k postrun_command + #This is configured via the pe_r10k::postrun key in hiera + file { '/usr/local/bin/update-classes.sh' : + ensure => file, + source => 'puppet:///modules/profile/puppetmaster/update-classes.sh', + mode => '0755', + } + + #https://docs.puppetlabs.com/puppet/latest/reference/config_file_environment.html#environmenttimeout + ini_setting { 'environment_timeout = unlimited': + ensure => present, + path => '/etc/puppetlabs/puppet/puppet.conf', + section => 'main', + setting => 'environment_timeout', + value => 'unlimited', + notify => Service['pe-puppetserver'], + } + +} diff --git a/site/profile/manifests/stash.pp b/site/profile/manifests/stash.pp new file mode 100644 index 0000000..18b0468 --- /dev/null +++ b/site/profile/manifests/stash.pp @@ -0,0 +1,28 @@ +class profile::stash { + + class { 'java' : + version => present, + } -> + + class { 'postgresql::globals': + manage_package_repo => true, + version => '9.4', + }-> + class { 'postgresql::server': } -> + + postgresql::server::db { 'stash': + user => 'stash', + password => postgresql_password('stash', 'password'), + } -> + + class { 'stash': + javahome => '/etc/alternatives/java_sdk', + #dev.mode grants a 24-hour license for testing + java_opts => '-Datlassian.dev.mode=true', + } + + file { '/opt/puppetlabs/bin/stash_mco.rb': + source => 'puppet:///modules/r10k/stash_mco.rb', + } + +} diff --git a/site/profile/manifests/zack_r10k_webhook.pp b/site/profile/manifests/zack_r10k_webhook.pp new file mode 100644 index 0000000..7e0bd40 --- /dev/null +++ b/site/profile/manifests/zack_r10k_webhook.pp @@ -0,0 +1,29 @@ +class profile::zack_r10k_webhook ( + $username, + $password, + $use_mcollective = false, +) { + + if $use_mcollective { + + class { 'r10k::mcollective': + notify => Service['mcollective'], + } + + } + + class {'r10k::webhook::config': + enable_ssl => true, + protected => true, + user => $username, + pass => $password, + use_mcollective => $use_mcollective, + } + + class {'r10k::webhook': + user => 'root', + group => '0', + require => Class['r10k::webhook::config'], + } + +} diff --git a/site/role/manifests/all_in_one_pe.pp b/site/role/manifests/all_in_one_pe.pp new file mode 100644 index 0000000..6bc2eb3 --- /dev/null +++ b/site/role/manifests/all_in_one_pe.pp @@ -0,0 +1,16 @@ +class role::all_in_one_pe { + + $webhook_username = hiera('webhook_username', fqdn_rand_string(10, '', 'username')) + $webhook_password = hiera('webhook_password', fqdn_rand_string(20, '', 'password')) + + class { 'profile::puppetmaster' : + webhook_username => $webhook_username, + webhook_password => $webhook_password, + } + + class { 'profile::zack_r10k_webhook' : + username => $webhook_username, + password => $webhook_password, + } + +} diff --git a/site/role/manifests/database_server.pp b/site/role/manifests/database_server.pp new file mode 100644 index 0000000..aacc912 --- /dev/null +++ b/site/role/manifests/database_server.pp @@ -0,0 +1,7 @@ +class role::database_server { + + #This role would be made of all the profiles that need to be included to make a database server work + #All roles should include the base profile + include profile::base + +} diff --git a/site/role/manifests/gitlab.pp b/site/role/manifests/gitlab.pp new file mode 100644 index 0000000..1f459d6 --- /dev/null +++ b/site/role/manifests/gitlab.pp @@ -0,0 +1,5 @@ +class role::gitlab { + + include profile::gitlab + +} diff --git a/site/role/manifests/webserver.pp b/site/role/manifests/webserver.pp new file mode 100644 index 0000000..314fa55 --- /dev/null +++ b/site/role/manifests/webserver.pp @@ -0,0 +1,7 @@ +class role::webserver { + + #This role would be made of all the profiles that need to be included to make a webserver work + #All roles should include the base profile + include profile::base + +} |