From 24aa475d20c413aa3d2925a110be767176989ef3 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Wed, 27 May 2015 15:02:50 -0700 Subject: Add a site directory with example role and profile module --- site/role/manifests/database_server.pp | 7 +++++++ site/role/manifests/webserver.pp | 7 +++++++ 2 files changed, 14 insertions(+) create mode 100644 site/role/manifests/database_server.pp create mode 100644 site/role/manifests/webserver.pp (limited to 'site/role') diff --git a/site/role/manifests/database_server.pp b/site/role/manifests/database_server.pp new file mode 100644 index 0000000..8c37438 --- /dev/null +++ b/site/role/manifests/database_server.pp @@ -0,0 +1,7 @@ +class role::database_server { + + #This role would be made of all the profiles that need to be included to make a database server work + #All roles should include the base profile + include profile::base + +} diff --git a/site/role/manifests/webserver.pp b/site/role/manifests/webserver.pp new file mode 100644 index 0000000..314fa55 --- /dev/null +++ b/site/role/manifests/webserver.pp @@ -0,0 +1,7 @@ +class role::webserver { + + #This role would be made of all the profiles that need to be included to make a webserver work + #All roles should include the base profile + include profile::base + +} -- cgit v1.2.3 From 9b50d5e31ee4de65445b6a5bec39da590dedbe36 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Thu, 13 Aug 2015 14:10:29 -0700 Subject: Update the README, add an all_in_one_pe role Updating README for instructions on how to use the control-repo by putting it in your own git server and then using the r10k answers during installation of PE. Removing the manifest for configuring r10k using zack/r10k. Added a role that can be used to bootstrap an all-in-one PE installation. --- README.md | 64 +++++++++++++++++++++++++++++++----- configure_r10k.pp | 19 ----------- site/role/manifests/all_in_one_pe.pp | 5 +++ 3 files changed, 60 insertions(+), 28 deletions(-) delete mode 100644 configure_r10k.pp create mode 100644 site/role/manifests/all_in_one_pe.pp (limited to 'site/role') diff --git a/README.md b/README.md index 011b779..7877c02 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,61 @@ # Before Starting: -If you've already written or download modules when you start using r10k it will remove all of the existing modules and replace them with what you define in your Puppetfile. Please copy or move your existing modules to another directory to ensure you do not lose any work you've already started. +This control repo and the steps below are intended to be used during a new installation of PE. -## How to Use This Repo +If you intend to use it on an existing installation of PE then you'll have to figure out some of the steps on your own and be warned that if you've already written or downloaded modules when you start using r10k it will remove all of the existing modules and replace them with what you define in your Puppetfile. Please copy or move your existing modules to another directory to ensure you do not lose any work you've already started. -1. Clone this repo down to your master (in /tmp is fine) and upload it to your own internal git server -2. Edit configure_r10k.pp so that the server parameter is set to your interal git server and repo name -3. On your Master, run `puppet module install zack/r10k` -4. On your Master, run `puppet apply configure_r10k.pp` - - This will install r10k and point it at the repo we setup in step 1 -5. You're now ready to run `r10k deploy environment -p --verbose` which will deploy modules from your Puppetfile +## How to Copy This Repo Into Your Own Git Server + +1. Make an user in your internal git server + +2. Make an ssh key to link with your user. You’ll want to do this on the machine you intend to edit code from ( most likely not your puppet master but your local workstation / laptop ) + - https://help.github.com/articles/generating-ssh-keys/ + +3. Create a repository in your git server called control-repo + +4. Setup your control repository by copying this one + - https://github.com/npwalker/control-repo + - git clone https://github.com/npwalker/control-repo.git + +5. Remove the .git directory from the cloned repo. + - `cd control-repo` + - `rm -rf .git` + +6. `git init` + +7. Find the url to your internal repo this is usually on the front page of the repo + - Add the repo as a remote + - git remote add origin git@gitlab-server:root/control-repo.git + +8. Push the repository from your machine up to your git server + - `git push origin production` + +## Lay Down a Trusted Fact Before Installing PE + +This control repository is setup to manage certain portions of your PE installation for you if you lay down a trusted fact called pp_role before installing. In order to immeadiately gain from these benefits you will need to lay down a file that looks exactly like the below in `/etc/puppetlabs/puppet/csr_attributes.yaml` + +``` +--- +extension_requests: + #pp_role + 1.3.6.1.4.1.34380.1.1.13: 'all_in_one_pe' +``` + +## Install a New PE 2015.2+ Instance or Update an Existing PE Instance To Use the Control Repository + +### Install PE Specifying Answers To Point To Your Control Repository + +https://docs.puppetlabs.com/pe/latest/r10k_config_answers.html + +#TODO +Flush out generating an answer file and then appending these answers onto the end of it. + +### Update Existing PE 2015.2+ Install To Point To The Control Repository + +https://docs.puppetlabs.com/pe/latest/r10k_config_console.html + +## Run r10k + +1. Run `r10k deploy environment —verbose` and watch it install the modules from your Puppetfile -Side note: You can remove configure_r10k.pp from the repo now. diff --git a/configure_r10k.pp b/configure_r10k.pp deleted file mode 100644 index fe52a1b..0000000 --- a/configure_r10k.pp +++ /dev/null @@ -1,19 +0,0 @@ -###### ###### -## Configure R10k ## -###### ###### - -## This manifest requires the zack/R10k module -## Beware! (and good luck!) - -class { 'r10k': - version => '1.5.1', - sources => { - 'puppet' => { - #Edit remote to be your own control_repo - 'remote' => 'https://github.com/npwalker/control-repo.git', - 'basedir' => "${::settings::confdir}/environments", - 'prefix' => false, - } - }, - manage_modulepath => false, -} diff --git a/site/role/manifests/all_in_one_pe.pp b/site/role/manifests/all_in_one_pe.pp new file mode 100644 index 0000000..ca99139 --- /dev/null +++ b/site/role/manifests/all_in_one_pe.pp @@ -0,0 +1,5 @@ +class role::all_in_one_pe { + + include profile::puppetmaster + +} -- cgit v1.2.3 From 0bf10aea97a39aeb63a128cd432b1241e959442c Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Fri, 14 Aug 2015 16:21:43 -0700 Subject: Add a gitlab role --- site/role/manifests/gitlab.pp | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 site/role/manifests/gitlab.pp (limited to 'site/role') diff --git a/site/role/manifests/gitlab.pp b/site/role/manifests/gitlab.pp new file mode 100644 index 0000000..1f459d6 --- /dev/null +++ b/site/role/manifests/gitlab.pp @@ -0,0 +1,5 @@ +class role::gitlab { + + include profile::gitlab + +} -- cgit v1.2.3 From 1828e2162304d7d9a2e26743f175d76256b6e0c1 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Fri, 16 Oct 2015 10:53:16 -0700 Subject: Change to using the webhook without mcollective In order to complete the change I refactered the webhook into its own set of profiles, one with mcollective and the other without. --- README.md | 6 ++++-- site/profile/manifests/puppetmaster.pp | 13 ------------- site/profile/manifests/webhook_mcollective.pp | 15 +++++++++++++++ site/profile/manifests/webhook_no_mcollective.pp | 13 +++++++++++++ site/role/manifests/all_in_one_pe.pp | 1 + 5 files changed, 33 insertions(+), 15 deletions(-) create mode 100644 site/profile/manifests/webhook_mcollective.pp create mode 100644 site/profile/manifests/webhook_no_mcollective.pp (limited to 'site/role') diff --git a/README.md b/README.md index 97d5795..2125c09 100644 --- a/README.md +++ b/README.md @@ -46,16 +46,18 @@ http://docs.puppetlabs.com/pe/latest/regenerate_certs_master.html - http://doc.gitlab.com/ce/workflow/groups.html 6. Create a user called `r10k_api_user` and add them to the `puppet` group + - From the landing page, select groups + - Choose the puppet group + - In the left hand pane, select memembers + - Add the `r10k_api_user` with `master` permissions 7. Add your user to the `puppet` group as well 7. Create a project called `control-repo` and set the Namespace to be the `puppet` group - - TODO: Change permissions on the group? 8. Logout of root and login as the `r10k_api_user` - Go to profile settings -> account ( https:///profile/account ) - Copy the api token - - TODO: Change permissions for this user? 9. Clone this control repository to your laptop/workstation - `git clone https://github.com/npwalker/control-repo.git` diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp index 4fc06f2..bc52d3b 100644 --- a/site/profile/manifests/puppetmaster.pp +++ b/site/profile/manifests/puppetmaster.pp @@ -12,19 +12,6 @@ class profile::puppetmaster { group => 'root', notify => Service['pe-puppetserver'], } - - ##BEGIN - r10k webhook support - include r10k::mcollective - - include r10k::webhook::config - - class {'r10k::webhook': - user => 'root', - group => '0', - require => Class['r10k::webhook::config'], - notify => Service['mcollective'], - } - ##END - r10k webhook support #BEGIN - Generate an SSH key for r10k to connect to git $r10k_ssh_key_file = '/root/.ssh/r10k_rsa' diff --git a/site/profile/manifests/webhook_mcollective.pp b/site/profile/manifests/webhook_mcollective.pp new file mode 100644 index 0000000..395cc7a --- /dev/null +++ b/site/profile/manifests/webhook_mcollective.pp @@ -0,0 +1,15 @@ +class profile::webhook_mcollective { + + class { 'r10k::mcollective': + notify => Service['mcollective'], + } + + include r10k::webhook::config + + class {'r10k::webhook': + user => 'root', + group => '0', + require => Class['r10k::webhook::config'], + } + +} diff --git a/site/profile/manifests/webhook_no_mcollective.pp b/site/profile/manifests/webhook_no_mcollective.pp new file mode 100644 index 0000000..42c4954 --- /dev/null +++ b/site/profile/manifests/webhook_no_mcollective.pp @@ -0,0 +1,13 @@ +class profile::webhook_no_mcollective { + + class {'r10k::webhook::config': + use_mcollective => false, + } + + class {'r10k::webhook': + user => 'root', + group => '0', + require => Class['r10k::webhook::config'], + } + +} diff --git a/site/role/manifests/all_in_one_pe.pp b/site/role/manifests/all_in_one_pe.pp index ca99139..f34a261 100644 --- a/site/role/manifests/all_in_one_pe.pp +++ b/site/role/manifests/all_in_one_pe.pp @@ -1,5 +1,6 @@ class role::all_in_one_pe { + include profile::webhook_no_mcollective include profile::puppetmaster } -- cgit v1.2.3 From 8e271e3043fd55ce7c39f520360214e6844085af Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Fri, 30 Oct 2015 13:04:42 -0700 Subject: Change the zack/r10k webhook to utilize username and password To accomodate generating random usernames and passwords, I had to parameterize the profiles which I didn't feel great about but I also didn't want to have to put the username and pass in hiera. --- site/profile/manifests/puppetmaster.pp | 7 +++++-- site/profile/manifests/webhook_no_mcollective.pp | 9 +++++++-- site/role/manifests/all_in_one_pe.pp | 14 ++++++++++++-- 3 files changed, 24 insertions(+), 6 deletions(-) (limited to 'site/role') diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp index d306ad5..d3f1a87 100644 --- a/site/profile/manifests/puppetmaster.pp +++ b/site/profile/manifests/puppetmaster.pp @@ -1,4 +1,7 @@ -class profile::puppetmaster { +class profile::puppetmaster ( + $webhook_username, + $webhook_password +) { class { 'hiera': hierarchy => [ @@ -38,7 +41,7 @@ class profile::puppetmaster { git_webhook { "web_post_receive_webhook-${::fqdn}" : ensure => present, - webhook_url => "https://${::fqdn}:8088/payload", + webhook_url => "https://${webhook_username}:${webhook_password}@${::fqdn}:8088/payload", token => hiera('gms_api_token'), project_name => 'puppet/control-repo', server_url => hiera('gms_server_url'), diff --git a/site/profile/manifests/webhook_no_mcollective.pp b/site/profile/manifests/webhook_no_mcollective.pp index f4f50d7..dc7b1aa 100644 --- a/site/profile/manifests/webhook_no_mcollective.pp +++ b/site/profile/manifests/webhook_no_mcollective.pp @@ -1,8 +1,13 @@ -class profile::webhook_no_mcollective { +class profile::webhook_no_mcollective ( + $username, + $password +) { class {'r10k::webhook::config': enable_ssl => true, - protected => false, + protected => true, + user => $username, + pass => $password, use_mcollective => false, } diff --git a/site/role/manifests/all_in_one_pe.pp b/site/role/manifests/all_in_one_pe.pp index f34a261..3762325 100644 --- a/site/role/manifests/all_in_one_pe.pp +++ b/site/role/manifests/all_in_one_pe.pp @@ -1,6 +1,16 @@ class role::all_in_one_pe { - include profile::webhook_no_mcollective - include profile::puppetmaster + $webhook_username = hiera('webhook_username', fqdn_rand_string(10, '', 'username')) + $webhook_password = hiera('webhook_password', fqdn_rand_string(20, '', 'password')) + + class { 'profile::puppetmaster' : + webhook_username => $webhook_username, + webhook_password => $webhook_password, + } + + class { 'profile::webhook_no_mcollective' : + username => $webhook_username, + password => $webhook_password, + } } -- cgit v1.2.3 From 3149d9707f2882bdd4bc499a2bc65fb6dff36bf9 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Fri, 30 Oct 2015 13:42:33 -0700 Subject: Refactor webhook profiles into one profile with a parameter Previously there was a mcollective and no_mcollective version of the webhook profile. They were almost identical so I merged them and manage the difference with a "use_mcollective" parameter. I renamed the webhook profile to zack_r10k_webhook. --- site/profile/manifests/puppetmaster.pp | 22 +++++++++--------- site/profile/manifests/webhook_mcollective.pp | 15 ------------ site/profile/manifests/webhook_no_mcollective.pp | 20 ---------------- site/profile/manifests/zack_r10k_webhook.pp | 29 ++++++++++++++++++++++++ site/role/manifests/all_in_one_pe.pp | 2 +- 5 files changed, 41 insertions(+), 47 deletions(-) delete mode 100644 site/profile/manifests/webhook_mcollective.pp delete mode 100644 site/profile/manifests/webhook_no_mcollective.pp create mode 100644 site/profile/manifests/zack_r10k_webhook.pp (limited to 'site/role') diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp index d3f1a87..1a199cd 100644 --- a/site/profile/manifests/puppetmaster.pp +++ b/site/profile/manifests/puppetmaster.pp @@ -23,20 +23,20 @@ class profile::puppetmaster ( creates => $r10k_ssh_key_file, } #END - Generate an SSH key for r10k to connect to git - + #BEGIN - Add deploy key and webook to git management system $git_management_system = hiera('git_management_system', '') if $git_management_system in ['gitlab', 'github'] { - + git_deploy_key { "add_deploy_key_to_puppet_control-${::fqdn}": - ensure => present, - name => $::fqdn, - path => "${r10k_ssh_key_file}.pub", - token => hiera('gms_api_token'), - project_name => 'puppet/control-repo', - server_url => hiera('gms_server_url'), - provider => $git_management_system, + ensure => present, + name => $::fqdn, + path => "${r10k_ssh_key_file}.pub", + token => hiera('gms_api_token'), + project_name => 'puppet/control-repo', + server_url => hiera('gms_server_url'), + provider => $git_management_system, } git_webhook { "web_post_receive_webhook-${::fqdn}" : @@ -57,11 +57,11 @@ class profile::puppetmaster ( file { '/usr/local/bin/update-classes.sh' : ensure => file, source => 'puppet:///modules/profile/puppetmaster/update-classes.sh', - mode => '755', + mode => '0755', } #https://docs.puppetlabs.com/puppet/latest/reference/config_file_environment.html#environmenttimeout - ini_setting { "environment_timeout = unlimited": + ini_setting { 'environment_timeout = unlimited': ensure => present, path => '/etc/puppetlabs/puppet/puppet.conf', section => 'main', diff --git a/site/profile/manifests/webhook_mcollective.pp b/site/profile/manifests/webhook_mcollective.pp deleted file mode 100644 index 395cc7a..0000000 --- a/site/profile/manifests/webhook_mcollective.pp +++ /dev/null @@ -1,15 +0,0 @@ -class profile::webhook_mcollective { - - class { 'r10k::mcollective': - notify => Service['mcollective'], - } - - include r10k::webhook::config - - class {'r10k::webhook': - user => 'root', - group => '0', - require => Class['r10k::webhook::config'], - } - -} diff --git a/site/profile/manifests/webhook_no_mcollective.pp b/site/profile/manifests/webhook_no_mcollective.pp deleted file mode 100644 index dc7b1aa..0000000 --- a/site/profile/manifests/webhook_no_mcollective.pp +++ /dev/null @@ -1,20 +0,0 @@ -class profile::webhook_no_mcollective ( - $username, - $password -) { - - class {'r10k::webhook::config': - enable_ssl => true, - protected => true, - user => $username, - pass => $password, - use_mcollective => false, - } - - class {'r10k::webhook': - user => 'root', - group => '0', - require => Class['r10k::webhook::config'], - } - -} diff --git a/site/profile/manifests/zack_r10k_webhook.pp b/site/profile/manifests/zack_r10k_webhook.pp new file mode 100644 index 0000000..7e0bd40 --- /dev/null +++ b/site/profile/manifests/zack_r10k_webhook.pp @@ -0,0 +1,29 @@ +class profile::zack_r10k_webhook ( + $username, + $password, + $use_mcollective = false, +) { + + if $use_mcollective { + + class { 'r10k::mcollective': + notify => Service['mcollective'], + } + + } + + class {'r10k::webhook::config': + enable_ssl => true, + protected => true, + user => $username, + pass => $password, + use_mcollective => $use_mcollective, + } + + class {'r10k::webhook': + user => 'root', + group => '0', + require => Class['r10k::webhook::config'], + } + +} diff --git a/site/role/manifests/all_in_one_pe.pp b/site/role/manifests/all_in_one_pe.pp index 3762325..6bc2eb3 100644 --- a/site/role/manifests/all_in_one_pe.pp +++ b/site/role/manifests/all_in_one_pe.pp @@ -8,7 +8,7 @@ class role::all_in_one_pe { webhook_password => $webhook_password, } - class { 'profile::webhook_no_mcollective' : + class { 'profile::zack_r10k_webhook' : username => $webhook_username, password => $webhook_password, } -- cgit v1.2.3 From e5be3e2ddd2201a26a848fbc412b6705ff9154f9 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Fri, 30 Oct 2015 13:50:10 -0700 Subject: fixing a bunch of puppet lint warnings --- site/profile/manifests/gitlab.pp | 10 +++++----- site/profile/manifests/stash.pp | 8 ++++---- site/role/manifests/database_server.pp | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) (limited to 'site/role') diff --git a/site/profile/manifests/gitlab.pp b/site/profile/manifests/gitlab.pp index c3e5f82..72c57e5 100644 --- a/site/profile/manifests/gitlab.pp +++ b/site/profile/manifests/gitlab.pp @@ -4,21 +4,21 @@ class profile::gitlab { ensure => directory, } - file { "/etc/gitlab/ssl/${fqdn}.key" : + file { "/etc/gitlab/ssl/${::fqdn}.key" : ensure => file, - source => "${settings::privatekeydir}/${trusted['certname']}.pem", + source => "${::settings::privatekeydir}/${::trusted['certname']}.pem", notify => Exec['gitlab_reconfigure'], } - file { "/etc/gitlab/ssl/${fqdn}.crt" : + file { "/etc/gitlab/ssl/${::fqdn}.crt" : ensure => file, - source => "${settings::certdir}/${trusted['certname']}.pem", + source => "${::settings::certdir}/${::trusted['certname']}.pem", notify => Exec['gitlab_reconfigure'], } class { 'gitlab': external_url => hiera( 'gms_server_url', "https://${::fqdn}") , - require => File["/etc/gitlab/ssl/${fqdn}.key", "/etc/gitlab/ssl/${fqdn}.key"], + require => File["/etc/gitlab/ssl/${::fqdn}.key", "/etc/gitlab/ssl/${::fqdn}.key"], } } diff --git a/site/profile/manifests/stash.pp b/site/profile/manifests/stash.pp index b3298e4..18b0468 100644 --- a/site/profile/manifests/stash.pp +++ b/site/profile/manifests/stash.pp @@ -2,8 +2,8 @@ class profile::stash { class { 'java' : version => present, - } -> - + } -> + class { 'postgresql::globals': manage_package_repo => true, version => '9.4', @@ -16,9 +16,9 @@ class profile::stash { } -> class { 'stash': - javahome => '/etc/alternatives/java_sdk', + javahome => '/etc/alternatives/java_sdk', #dev.mode grants a 24-hour license for testing - java_opts => '-Datlassian.dev.mode=true', + java_opts => '-Datlassian.dev.mode=true', } file { '/opt/puppetlabs/bin/stash_mco.rb': diff --git a/site/role/manifests/database_server.pp b/site/role/manifests/database_server.pp index 8c37438..aacc912 100644 --- a/site/role/manifests/database_server.pp +++ b/site/role/manifests/database_server.pp @@ -2,6 +2,6 @@ class role::database_server { #This role would be made of all the profiles that need to be included to make a database server work #All roles should include the base profile - include profile::base + include profile::base } -- cgit v1.2.3