Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code

Unified Diff: README.md

Issue 4810150141493248: Issue 122 - Puppet ENC via Hiera (Closed)
Patch Set: Puppet ENC via Hiera Created March 4, 2015, 5:59 p.m.
Use n/p to move between diff chunks; N/P to move between comments.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « .hgignore ('k') | Vagrantfile » ('j') | Vagrantfile » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: README.md
===================================================================
--- a/README.md
+++ b/README.md
@@ -6,17 +6,50 @@
Our Puppet manifests are only tested with Ubuntu 12.04 right now.
-Private files
--------------
+Environment specific setup
+--------------------------
-Some parts of our infrastructure are, obviously, confidential. We have
-htpasswd files, SSH keys and SSL certificates that we need to be
-careful with.
+Some infrastructure parts are specific to the environment (such as e.g.
+*development*, *test* and *production*) whilst passwords, for example,
+are confidential. In order to allow for such specific configuration, the
+repository requires a set of manual operations during the initial setup:
-That's why _modules/private_ is missing, and needs to be placed there
-manually. We provide stub versions of all those files in
-_modules/private-stub_, so just linking or copying that to
-_modules/private_ will make everything work locally.
+### `modules/private`
+
+The `private` module is destined to store confidential information such as
+[RSA](http://en.wikipedia.org/wiki/RSA_%28cryptosystem%29) keys, `htpasswd`
+files and so on. The repository provides a `private-stub` module containing
+defaults suitable for development and testing purpose. One can create a
Felix Dahlke 2015/03/09 23:14:51 Should be: "testing purposeS"
mathias 2015/03/16 12:07:11 Done.
+symbolic link to start using the resource:
+
+#### UNIX-like
+
+ ln -s private-stub modules/private
+
+#### Windows
+
+ MKLINK /D modules\private private-stub
+
+When creating a custom version, one may inspect the `modules/private-stub`
+directory to determine which resources have to be provided.
+
+### `hiera/private`
+
+Analogous to `modules/private`, [Hiera](https://docs.puppetlabs.com/hiera/1/)
+configuration files specific to the current environment are expected to be
+found in `hiera/private`. Default resources for development (and testing)
+purpose are provided within `modules/private-stub/hiera`:
Felix Dahlke 2015/03/09 23:14:51 "purposeS" again
mathias 2015/03/16 12:07:11 Done.
+
+#### UNIX-like
+
+ ln -s ../modules/private-stub/hiera hiera/private
+
+#### Windows
+
+ MKLINK /D ..\modules\private-stub\hiera hiera\private
+
+Note that custom versions are recommended to be tracked together with the
+custom `private` module, if any.
Development environment
-----------------------
@@ -33,7 +66,7 @@
* [VirtualBox](https://www.virtualbox.org/)
* [Vagrant](http://vagrantup.com/)
-* _modules/private_ exists (see above)
+* Both `modules/private` and `hiera/private` exist (see above)
### Start a VM
@@ -64,30 +97,34 @@
The default password for this user (required for the _sudo_ command) is "test".
-Adding a server
----------------
+Adding a host
+-------------
-To set up a new server, you should first add it to the development
-environment and test the setup, then set up a corresponding production
-server.
+To set up a new host, extend the custom `hiera/private/host.yaml` by another
+`servers:` item, e.g.:
-### Development environment
+ # ...
+ custom1:
+ ip: [10.8.0.254]
+ dns: foobar.example.com
+ ssh_public_key: AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAA...
+ role: codereviewserver
-1. Add entries in _Vagrantfile_ and _manifests/vagrant.pp_
+See `modules/base/manifests/init.pp`, especially the `explicit_host_record()`
Felix Dahlke 2015/03/09 23:14:51 sounds weird, I'd say "especially the type named `
mathias 2015/03/16 12:07:11 Fair enough, though it's actually a "named type" a
+named type within class `base`, for more information on the possible option
+keys and values.
-2. Add the host name to one of the manifests imported by
-_manifests/nodes.pp_
+In development, this is all that needs to be done before the new box can be
+started using `vagrant up ...`. Production servers, however, need a working
+Puppet configuration first (see below).
-3. Make sure the server uses the _nagios::client_ class and add a
-_nagios\_host_ to _manifests/monitoringserver.pp_
+Configuring Puppet
+------------------
-### Production environment
+### Prerequisites
1. Install Ubuntu Server 12.04 LTS
-2. Perform an update and install Puppet
-
- apt-get -y update && apt-get -y upgrade && apt-get -y install puppet
-
+2. Run `hiera/install-precise.py` as user `root` to install Puppet and Hiera
3. Enable pluginsync (Add the following to the _main_ section in
_/etc/puppet/puppet.conf_)
@@ -104,7 +141,7 @@
apply it locally. The master is also an agent, fetching configuration
from itself.
-#### Puppet agent
+### Puppet agent
1. Attempt an initial provisioning, this will fail
@@ -123,7 +160,7 @@
puppet agent --test
-#### Puppet master
+### Puppet master
1. Configure the certificate name (Add the following to the _master_
section in _/etc/puppet/puppet.conf_)
« no previous file with comments | « .hgignore ('k') | Vagrantfile » ('j') | Vagrantfile » ('J')

Powered by Google App Engine
This is Rietveld