Index: README.md |
=================================================================== |
--- a/README.md |
+++ b/README.md |
@@ -6,17 +6,50 @@ |
Our Puppet manifests are only tested with Ubuntu 12.04 right now. |
-Private files |
-------------- |
+Environment specific setup |
+-------------------------- |
-Some parts of our infrastructure are, obviously, confidential. We have |
-htpasswd files, SSH keys and SSL certificates that we need to be |
-careful with. |
+Some infrastructure parts are specific to the environment (such as e.g. |
+*development*, *test* and *production*) whilst passwords, for example, |
+are confidential. In order to allow for such specific configuration, the |
+repository requires a set of manual operations during the initial setup: |
-That's why _modules/private_ is missing, and needs to be placed there |
-manually. We provide stub versions of all those files in |
-_modules/private-stub_, so just linking or copying that to |
-_modules/private_ will make everything work locally. |
+### `modules/private` |
+ |
+The `private` module is destined to store confidential information such as |
+[RSA](http://en.wikipedia.org/wiki/RSA_%28cryptosystem%29) keys, `htpasswd` |
+files and so on. The repository provides a `private-stub` module containing |
+defaults suitable for development and testing purpose. One can create a |
Felix Dahlke
2015/03/09 23:14:51
Should be: "testing purposeS"
mathias
2015/03/16 12:07:11
Done.
|
+symbolic link to start using the resource: |
+ |
+#### UNIX-like |
+ |
+ ln -s private-stub modules/private |
+ |
+#### Windows |
+ |
+ MKLINK /D modules\private private-stub |
+ |
+When creating a custom version, one may inspect the `modules/private-stub` |
+directory to determine which resources have to be provided. |
+ |
+### `hiera/private` |
+ |
+Analogous to `modules/private`, [Hiera](https://docs.puppetlabs.com/hiera/1/) |
+configuration files specific to the current environment are expected to be |
+found in `hiera/private`. Default resources for development (and testing) |
+purpose are provided within `modules/private-stub/hiera`: |
Felix Dahlke
2015/03/09 23:14:51
"purposeS" again
mathias
2015/03/16 12:07:11
Done.
|
+ |
+#### UNIX-like |
+ |
+ ln -s ../modules/private-stub/hiera hiera/private |
+ |
+#### Windows |
+ |
+ MKLINK /D ..\modules\private-stub\hiera hiera\private |
+ |
+Note that custom versions are recommended to be tracked together with the |
+custom `private` module, if any. |
Development environment |
----------------------- |
@@ -33,7 +66,7 @@ |
* [VirtualBox](https://www.virtualbox.org/) |
* [Vagrant](http://vagrantup.com/) |
-* _modules/private_ exists (see above) |
+* Both `modules/private` and `hiera/private` exist (see above) |
### Start a VM |
@@ -64,30 +97,34 @@ |
The default password for this user (required for the _sudo_ command) is "test". |
-Adding a server |
---------------- |
+Adding a host |
+------------- |
-To set up a new server, you should first add it to the development |
-environment and test the setup, then set up a corresponding production |
-server. |
+To set up a new host, extend the custom `hiera/private/host.yaml` by another |
+`servers:` item, e.g.: |
-### Development environment |
+ # ... |
+ custom1: |
+ ip: [10.8.0.254] |
+ dns: foobar.example.com |
+ ssh_public_key: AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAA... |
+ role: codereviewserver |
-1. Add entries in _Vagrantfile_ and _manifests/vagrant.pp_ |
+See `modules/base/manifests/init.pp`, especially the `explicit_host_record()` |
Felix Dahlke
2015/03/09 23:14:51
sounds weird, I'd say "especially the type named `
mathias
2015/03/16 12:07:11
Fair enough, though it's actually a "named type" a
|
+named type within class `base`, for more information on the possible option |
+keys and values. |
-2. Add the host name to one of the manifests imported by |
-_manifests/nodes.pp_ |
+In development, this is all that needs to be done before the new box can be |
+started using `vagrant up ...`. Production servers, however, need a working |
+Puppet configuration first (see below). |
-3. Make sure the server uses the _nagios::client_ class and add a |
-_nagios\_host_ to _manifests/monitoringserver.pp_ |
+Configuring Puppet |
+------------------ |
-### Production environment |
+### Prerequisites |
1. Install Ubuntu Server 12.04 LTS |
-2. Perform an update and install Puppet |
- |
- apt-get -y update && apt-get -y upgrade && apt-get -y install puppet |
- |
+2. Run `hiera/install-precise.py` as user `root` to install Puppet and Hiera |
3. Enable pluginsync (Add the following to the _main_ section in |
_/etc/puppet/puppet.conf_) |
@@ -104,7 +141,7 @@ |
apply it locally. The master is also an agent, fetching configuration |
from itself. |
-#### Puppet agent |
+### Puppet agent |
1. Attempt an initial provisioning, this will fail |
@@ -123,7 +160,7 @@ |
puppet agent --test |
-#### Puppet master |
+### Puppet master |
1. Configure the certificate name (Add the following to the _master_ |
section in _/etc/puppet/puppet.conf_) |