Delta Between Two Patch Sets: README.md
Issue 4810150141493248:
Issue 122 - Puppet ENC via Hiera (Closed)
Left Patch Set: Puppet ENC via Hiera
Created March 4, 2015, 5:59 p.m.
Right Patch Set: Puppet ENC via Hiera - Without Arrow Alignment
Created March 16, 2015, 2:04 p.m.
| Left: | ||
| Right: |
Use n/p to move between diff chunks;
N/P to move between comments.
« no previous file with change/comment
|
« .hgignore ('k')
|
Vagrantfile » ('j')
|
no next file with change/comment »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')
| LEFT | RIGHT |
|---|---|
| 1 Adblock Plus infrastructure | 1 Adblock Plus infrastructure |
| 2 =========================== | 2 =========================== |
| 3 | 3 |
| 4 The Adblock Plus infrastructure uses [Puppet](http://puppetlabs.com/) | 4 The Adblock Plus infrastructure uses [Puppet](http://puppetlabs.com/) |
| 5 to set up servers, and to have a realistic development environment. | 5 to set up servers, and to have a realistic development environment. |
| 6 | 6 |
| 7 Our Puppet manifests are only tested with Ubuntu 12.04 right now. | 7 Our Puppet manifests are only tested with Ubuntu 12.04 right now. |
| 8 | 8 |
| 9 Environment specific setup | 9 Environment specific setup |
| 10 -------------------------- | 10 -------------------------- |
| 11 | 11 |
| 12 Some infrastructure parts are specific to the environment (such as e.g. | 12 Some infrastructure parts are specific to the environment (such as e.g. |
| 13 *development*, *test* and *production*) whilst passwords, for example, | 13 *development*, *test* and *production*) whilst passwords, for example, |
| 14 are confidential. In order to allow for such specific configuration, the | 14 are confidential. In order to allow for such specific configuration, the |
| 15 repository requires a set of manual operations during the initial setup: | 15 repository requires a set of manual operations during the initial setup: |
| 16 | 16 |
| 17 ### `modules/private` | 17 ### `modules/private` |
| 18 | 18 |
| 19 The `private` module is destined to store confidential information such as | 19 The `private` module is destined to store confidential information such as |
| 20 [RSA](http://en.wikipedia.org/wiki/RSA_%28cryptosystem%29) keys, `htpasswd` | 20 [RSA](http://en.wikipedia.org/wiki/RSA_%28cryptosystem%29) keys, `htpasswd` |
| 21 files and so on. The repository provides a `private-stub` module containing | 21 files and so on. The repository provides a `private-stub` module containing |
| 22 defaults suitable for development and testing purpose. One can create a | 22 defaults suitable for development and testing purposes. One can create a |
|
Felix Dahlke
2015/03/09 23:14:51
Should be: "testing purposeS"
mathias
2015/03/16 12:07:11
Done.
| |
| 23 symbolic link to start using the resource: | 23 symbolic link to start using the resource: |
| 24 | 24 |
| 25 #### UNIX-like | 25 #### UNIX-like |
| 26 | 26 |
| 27 ln -s private-stub modules/private | 27 ln -s private-stub modules/private |
| 28 | 28 |
| 29 #### Windows | 29 #### Windows |
| 30 | 30 |
| 31 MKLINK /D modules\private private-stub | 31 MKLINK /D modules\private private-stub |
| 32 | 32 |
| 33 When creating a custom version, one may inspect the `modules/private-stub` | 33 When creating a custom version, one may inspect the `modules/private-stub` |
| 34 directory to determine which resources have to be provided. | 34 directory to determine which resources have to be provided. |
| 35 | 35 |
| 36 ### `hiera/private` | 36 ### `hiera/private` |
| 37 | 37 |
| 38 Analogous to `modules/private`, [Hiera](https://docs.puppetlabs.com/hiera/1/) | 38 Analogous to `modules/private`, [Hiera](https://docs.puppetlabs.com/hiera/1/) |
| 39 configuration files specific to the current environment are expected to be | 39 configuration files specific to the current environment are expected to be |
| 40 found in `hiera/private`. Default resources for development (and testing) | 40 found in `hiera/private`. Default resources for development (and testing) |
| 41 purpose are provided within `modules/private-stub/hiera`: | 41 purposes are provided within `modules/private-stub/hiera`: |
|
Felix Dahlke
2015/03/09 23:14:51
"purposeS" again
mathias
2015/03/16 12:07:11
Done.
| |
| 42 | 42 |
| 43 #### UNIX-like | 43 #### UNIX-like |
| 44 | 44 |
| 45 ln -s ../modules/private-stub/hiera hiera/private | 45 ln -s ../modules/private-stub/hiera hiera/private |
| 46 | 46 |
| 47 #### Windows | 47 #### Windows |
| 48 | 48 |
| 49 MKLINK /D ..\modules\private-stub\hiera hiera\private | 49 MKLINK /D ..\modules\private-stub\hiera hiera\private |
| 50 | 50 |
| 51 Note that custom versions are recommended to be tracked together with the | 51 Note that custom versions are recommended to be tracked together with the |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 103 To set up a new host, extend the custom `hiera/private/host.yaml` by another | 103 To set up a new host, extend the custom `hiera/private/host.yaml` by another |
| 104 `servers:` item, e.g.: | 104 `servers:` item, e.g.: |
| 105 | 105 |
| 106 # ... | 106 # ... |
| 107 custom1: | 107 custom1: |
| 108 ip: [10.8.0.254] | 108 ip: [10.8.0.254] |
| 109 dns: foobar.example.com | 109 dns: foobar.example.com |
| 110 ssh_public_key: AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAA... | 110 ssh_public_key: AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAA... |
| 111 role: codereviewserver | 111 role: codereviewserver |
| 112 | 112 |
| 113 See `modules/base/manifests/init.pp`, especially the `explicit_host_record()` | 113 See `modules/base/manifests/init.pp`, especially the definition of the named |
|
Felix Dahlke
2015/03/09 23:14:51
sounds weird, I'd say "especially the type named `
mathias
2015/03/16 12:07:11
Fair enough, though it's actually a "named type" a
| |
| 114 named type within class `base`, for more information on the possible option | 114 type `explicit_host_record()` within class `base`, for more information on the |
| 115 keys and values. | 115 possible option keys and values. |
| 116 | 116 |
| 117 In development, this is all that needs to be done before the new box can be | 117 In development, this is all that needs to be done before the new box can be |
| 118 started using `vagrant up ...`. Production servers, however, need a working | 118 started using `vagrant up ...`. Production servers, however, need a working |
| 119 Puppet configuration first (see below). | 119 Puppet configuration first (see below). |
| 120 | 120 |
| 121 Configuring Puppet | 121 Configuring Puppet |
| 122 ------------------ | 122 ------------------ |
| 123 | 123 |
| 124 ### Prerequisites | 124 ### Prerequisites |
| 125 | 125 |
| 126 1. Install Ubuntu Server 12.04 LTS | 126 1. Install Ubuntu Server 12.04 LTS |
| 127 2. Run `hiera/install-precise.py` as user `root` to install Puppet and Hiera | 127 2. Run `hiera/install_precise.py` as user `root` to install Puppet and Hiera |
| 128 3. Enable pluginsync (Add the following to the _main_ section in | 128 3. Enable pluginsync (Add the following to the _main_ section in |
| 129 _/etc/puppet/puppet.conf_) | 129 _/etc/puppet/puppet.conf_) |
| 130 | 130 |
| 131 pluginsync=true | 131 pluginsync=true |
| 132 | 132 |
| 133 4. Configure the master address (Add the following to the bottom of | 133 4. Configure the master address (Add the following to the bottom of |
| 134 _/etc/puppet/puppet.conf_) | 134 _/etc/puppet/puppet.conf_) |
| 135 | 135 |
| 136 [agent] | 136 [agent] |
| 137 server = puppetmaster.adblockplus.org | 137 server = puppetmaster.adblockplus.org |
| (...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 205 Monitoring is fully functional in any environment, including development. | 205 Monitoring is fully functional in any environment, including development. |
| 206 Here, after bootstrapping the `server4` box, one can access the Nagios GUI | 206 Here, after bootstrapping the `server4` box, one can access the Nagios GUI |
| 207 from the host machine via <https://nagiosadmin:nagiosadmin@10.8.0.99/>. | 207 from the host machine via <https://nagiosadmin:nagiosadmin@10.8.0.99/>. |
| 208 | 208 |
| 209 The monitoring service of our production environment, however, is accessible | 209 The monitoring service of our production environment, however, is accessible |
| 210 via <https://monitoring.adblockplus.org/>. | 210 via <https://monitoring.adblockplus.org/>. |
| 211 Add yourself to _files/nagios-htpasswd_ in the _private_ module used on the | 211 Add yourself to _files/nagios-htpasswd_ in the _private_ module used on the |
| 212 server, or have someone add you if you don't have access. | 212 server, or have someone add you if you don't have access. |
| 213 | 213 |
| 214 | 214 |
| LEFT | RIGHT |
« .hgignore ('k')
|
Vagrantfile » ('j')
|
Toggle Intra-line Diffs ('i')
|
Expand Comments ('e')
|
Collapse Comments ('c')
|
Toggle Comments ('s')
