Unified Diff: README.md
Issue 4810150141493248:
Issue 122 - Puppet ENC via Hiera (Closed)
Patch Set: Puppet ENC via Hiera
Created March 4, 2015, 12:32 p.m.
Use n/p to move between diff chunks;
N/P to move between comments.
« no previous file with comments
|
« .hgignore ('k')
|
Vagrantfile » ('j')
|
hiera/roles/monitoringserver.yaml » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')
| Index: README.md |
| =================================================================== |
| --- a/README.md |
| +++ b/README.md |
| @@ -6,17 +6,50 @@ |
| Our Puppet manifests are only tested with Ubuntu 12.04 right now. |
| -Private files |
| -------------- |
| +Environment specific setup |
| +-------------------------- |
| -Some parts of our infrastructure are, obviously, confidential. We have |
| -htpasswd files, SSH keys and SSL certificates that we need to be |
| -careful with. |
| +Some infrastructure parts are specific to the environment (such as e.g. |
| +*development*, *test* and *production*) whilst passwords, for example, |
| +are confidential. In order to allow for such specific configuration, the |
| +repository requires a set of manual operations during the initial setup: |
| -That's why _modules/private_ is missing, and needs to be placed there |
| -manually. We provide stub versions of all those files in |
| -_modules/private-stub_, so just linking or copying that to |
| -_modules/private_ will make everything work locally. |
| +### `modules/private` |
| + |
| +The `private` module is destined to store confidential information such as |
| +[RSA](http://en.wikipedia.org/wiki/RSA_%28cryptosystem%29) keys, `htpasswd` |
| +files and so on. The repository provides a `private-stub` module containing |
| +defaults suitable for development and testing purpose. One can create a |
| +symbolic link to start using the resource: |
| + |
| +#### UNIX-like |
| + |
| + ln -s private-stub modules/private |
| + |
| +#### Windows |
| + |
| + MKLINK /D modules\private private-stub |
| + |
| +When creating a custom version, one may inspect the `modules/private-stub` |
| +directory to determine which resources have to be provided. |
| + |
| +### `hiera/private` |
| + |
| +Analogous to `modules/private`, [Hiera](https://docs.puppetlabs.com/hiera/1/) |
| +configuration files specific to the current environment are expected to be |
| +found in `hiera/private`. Default resources for development (and testing) |
| +purpose are provided within `modules/private-stub/hiera`: |
| + |
| +#### UNIX-like |
| + |
| + ln -s ../modules/private-stub/hiera hiera/private |
| + |
| +#### Windows |
| + |
| + MKLINK /D ..\modules\private-stub\hiera hiera\private |
| + |
| +Note that custom versions are recommended to be tracked together with the |
| +custom `private` module, if any. |
| Development environment |
| ----------------------- |
| @@ -33,7 +66,7 @@ |
| * [VirtualBox](https://www.virtualbox.org/) |
| * [Vagrant](http://vagrantup.com/) |
| -* _modules/private_ exists (see above) |
| +* Both `modules/private` and `hiera/private` exist (see above) |
| ### Start a VM |
| @@ -64,30 +97,34 @@ |
| The default password for this user (required for the _sudo_ command) is "test". |
| -Adding a server |
| ---------------- |
| +Adding a host |
| +------------- |
| -To set up a new server, you should first add it to the development |
| -environment and test the setup, then set up a corresponding production |
| -server. |
| +To set up a new host, extend the custom `hiera/private/host.yaml` by another |
| +`servers:` item, e.g.: |
| -### Development environment |
| + # ... |
| + custom1: |
| + ip: [10.8.0.254] |
| + dns: foobar.example.com |
| + ssh_public_key: AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAA... |
| + role: codereviewserver |
| -1. Add entries in _Vagrantfile_ and _manifests/vagrant.pp_ |
| +See `modules/base/manifests/init.pp`, especially the `explicit_host_record()` |
| +named type within class `base`, for more information on the possible option |
| +keys and values. |
| -2. Add the host name to one of the manifests imported by |
| -_manifests/nodes.pp_ |
| +In development, this is all that needs to be done before the new box can be |
| +started using `vagrant up ...`. Production servers, however, need a working |
| +Puppet configuration first (see below). |
| -3. Make sure the server uses the _nagios::client_ class and add a |
| -_nagios\_host_ to _manifests/monitoringserver.pp_ |
| +Configuring Puppet |
| +------------------ |
| -### Production environment |
| +### Prerequisites |
| 1. Install Ubuntu Server 12.04 LTS |
| -2. Perform an update and install Puppet |
| - |
| - apt-get -y update && apt-get -y upgrade && apt-get -y install puppet |
| - |
| +2. Run `hiera/install-precise.py` as user `root` to install Puppet and Hiera |
| 3. Enable pluginsync (Add the following to the _main_ section in |
| _/etc/puppet/puppet.conf_) |
| @@ -104,7 +141,7 @@ |
| apply it locally. The master is also an agent, fetching configuration |
| from itself. |
| -#### Puppet agent |
| +### Puppet agent |
| 1. Attempt an initial provisioning, this will fail |
| @@ -123,7 +160,7 @@ |
| puppet agent --test |
| -#### Puppet master |
| +### Puppet master |
| 1. Configure the certificate name (Add the following to the _master_ |
| section in _/etc/puppet/puppet.conf_) |
« no previous file with comments
|
« .hgignore ('k')
|
Vagrantfile » ('j')
|
hiera/roles/monitoringserver.yaml » ('J')
