Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code

Side by Side Diff: README.md

Issue 4810150141493248: Issue 122 - Puppet ENC via Hiera (Closed)
Patch Set: 112 - Puppet ENC via Hiera Created Nov. 27, 2014, 12:29 a.m.
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments.
Jump to:
View unified diff | Download patch
« no previous file with comments | « .hgignore ('k') | Vagrantfile » ('j') | hiera/install-precise.py » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 Adblock Plus infrastructure 1 Adblock Plus infrastructure
2 =========================== 2 ===========================
3 3
4 The Adblock Plus infrastructure uses [Puppet](http://puppetlabs.com/) 4 The Adblock Plus infrastructure uses [Puppet](http://puppetlabs.com/)
5 to set up servers, and to have a realistic development environment. 5 to set up servers, and to have a realistic development environment.
6 6
7 Our Puppet manifests are only tested with Ubuntu 12.04 right now. 7 Our Puppet manifests are only tested with Ubuntu 12.04 right now.
8 8
9 Private files 9 Host specific setup
10 ------------- 10 -------------------
11 11
12 Some parts of our infrastructure are, obviously, confidential. We have 12 Some infrastructure parts are specific to the environment (such as e.g.
13 htpasswd files, SSH keys and SSL certificates that we need to be 13 *development*, *test* and *production*) whilst passwords, for example,
14 careful with. 14 are confidential. In order to allow for such specific configuration, the
15 repository requires a set of manual operations during the initial setup:
15 16
16 That's why _modules/private_ is missing, and needs to be placed there 17 ### `modules/private`
17 manually. We provide stub versions of all those files in 18
18 _modules/private-stub_, so just linking or copying that to 19 The `private` module is destined to store confidential information such as
19 _modules/private_ will make everything work locally. 20 [RSA](http://en.wikipedia.org/wiki/RSA_%28cryptosystem%29) keys, `htpasswd`
21 files and so on. The repository provides a `private-stub` module containing
22 defaults suitable for development and testing purpose. One can create a
23 symbolic link to start using the resource:
24
25 # UNIX-oid
26 user@host:~/infrastructure$ ln -s private-stub modules/private
27
28 # Windows
29 C:\infrastructure\> MKLINK /D modules\private private-stub
30
31 When creating a custom version, one may inspect the `modules/private-stub`
32 directory to determine which resources have to be provided.
33
34 ### `hiera/environment`
35
36 [Hiera](https://docs.puppetlabs.com/hiera/1/) configuration files specific
37 to the current environment are expected to be found in `hiera/environment`.
38 Default resources for development (and testing) purpose are provided within
39 `hiera/development`:
40
41 # UNIX-oid
42 user@host:~/infrastructure$ ln -s development hiera/environment
43
44 # Windows
45 C:\infrastructure\> MKLINK /D hiera\environment development
46
47 Note that custom versions are recommended to be tracked together with the
48 custom `private` module, if any.
20 49
21 Development environment 50 Development environment
22 ----------------------- 51 -----------------------
23 52
24 As with our other projects, all changes to our infrastructure should 53 As with our other projects, all changes to our infrastructure should
25 be made in a local development environment, and reviewed before 54 be made in a local development environment, and reviewed before
26 deployment. Thanks to Puppet, we can easily set up local VMs that 55 deployment. Thanks to Puppet, we can easily set up local VMs that
27 mirror our production environment. 56 mirror our production environment.
28 57
29 The most convenient way to do this is to use Vagrant, as described 58 The most convenient way to do this is to use Vagrant, as described
(...skipping 138 matching lines...) Expand 10 before | Expand all | Expand 10 after
168 Monitoring is fully functional in any environment, including development. 197 Monitoring is fully functional in any environment, including development.
169 Here, after bootstrapping the `server4` box, one can access the Nagios GUI 198 Here, after bootstrapping the `server4` box, one can access the Nagios GUI
170 from the host machine via <https://nagiosadmin:nagiosadmin@10.8.0.99/>. 199 from the host machine via <https://nagiosadmin:nagiosadmin@10.8.0.99/>.
171 200
172 The monitoring service of our production environment, however, is accessible 201 The monitoring service of our production environment, however, is accessible
173 via <https://monitoring.adblockplus.org/>. 202 via <https://monitoring.adblockplus.org/>.
174 Add yourself to _files/nagios-htpasswd_ in the _private_ module used on the 203 Add yourself to _files/nagios-htpasswd_ in the _private_ module used on the
175 server, or have someone add you if you don't have access. 204 server, or have someone add you if you don't have access.
176 205
177 206
OLDNEW
« no previous file with comments | « .hgignore ('k') | Vagrantfile » ('j') | hiera/install-precise.py » ('J')

Powered by Google App Engine
This is Rietveld