Move todos to readme.md and add first documentation

diff --git a/modules/profile/manifests/postgresql/backup_pgbouncer.pp b/modules/profile/manifests/postgresql/backup_pgbouncer.pp
index c82eefdedf954be3068f68a6888d95488e434d43..5fd7861e52c304ad6988df80f35d816d5d25fde3 100644 (file)
--- a/modules/profile/manifests/postgresql/backup_pgbouncer.pp
+++ b/modules/profile/manifests/postgresql/backup_pgbouncer.pp
@@ -48,7 +48,7 @@ define profile::postgresql::backup_pgbouncer (
     content => "${pg_infos[pgbouncer_dbname]} = host=$pg_path$pg_port user=${pg_infos[dbuser]} dbname=${pg_infos[dbname]}",
   }
 
-  # FIXME: current pam configuration requires password for postgres
+  # Current pam configuration requires password for postgres
   # @profile::monitoring::local_service { "Database ${pg_infos[pgbouncer_dbname]} is available in pgbouncer":
   #   sudos => {
   #     "naemon-postgresql-database-public" => "naemon ALL=(postgres) NOPASSWD: /usr/bin/psql -c select\ nspname\ from\ pg_catalog.pg_namespace ${pg_infos[pgbouncer_dbname]}"

diff --git a/modules/profile/manifests/postgresql/ssl.pp b/modules/profile/manifests/postgresql/ssl.pp
index 9b0a95cf41cd29ec6744e93bdbb7595e33feb51f..b809a9d8ee0ff2b30991eceb51497c96163c38ad 100644 (file)
--- a/modules/profile/manifests/postgresql/ssl.pp
+++ b/modules/profile/manifests/postgresql/ssl.pp
@@ -78,6 +78,4 @@ define profile::postgresql::ssl (
       content => "ssl = on\nssl_key_file = '$ssl_key'\nssl_cert_file = '$ssl_cert'\n"
     }
   }
-
-  # FIXME: add monitoring for ssl
 }

diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp
index c675e91421b7c22f5d5af5d3f14e7b969a542800..8f7bfca5ffe0ad8e3be1f452cb22de2dd346a830 100644 (file)
--- a/modules/role/manifests/cryptoportfolio.pp
+++ b/modules/role/manifests/cryptoportfolio.pp
@@ -41,7 +41,6 @@ class role::cryptoportfolio (
     contain "role::cryptoportfolio::bot"
   }
 
-  # FIXME: restore backup
   unless empty($front_version) {
     contain "role::cryptoportfolio::front"
   }

diff --git a/readme.md b/readme.md
new file mode 100644 (file)
index 0000000..d8d8046
--- /dev/null
+++ b/readme.md
@@ -0,0 +1,32 @@
+# Puppet configuration repository for immae.eu's services
+
+This repository has the aim to help automate the installation of servers
+planned for a specific task, with the help of Puppet. The host are
+supposed to be listed in an LDAP-like database, which will contain the
+necessary credentials, variable configuration and secrets for each
+server.
+
+## Structure
+
+The repository is structured along Puppet modules (`modules/`
+directory). Each machine has one or several `role`, which determine the
+set of programs and configuration to install. Each role may be
+standalone, or require a set of `profile`, which is seen as a
+reusable component. (The structure is inspired from the tutorial at
+[https://www.craigdunn.org/2012/05/239/](https://www.craigdunn.org/2012/05/239/) )
+
+
+## TODO
+
+- Complete documentation
+- Add some monitoring:
+  - modules/profile/manifests/postgresql/ssl.pp (check postgresql certificate)
+  - modules/profile/manifests/postgresql/backup\_pgbouncer.pp (check pgbouncer works)
+  - modules/profile/manifests/apache.pp (check website is accessible and ssl)
+  - modules/profile/manifests/mail.pp (check e-mails are going through)
+  - modules/profile/manifests/redis.pp (check redis is running)
+  - modules/role/\* (role-specific checks)
+- Add redis replication and dumps
+- Restore backups for cryptoportfolio
+- Ensure latest by default for packages
+- try to do a mkfs.ext4 for cloud vps

diff --git a/scripts/ovh_cloud_instance/arch_host_script.sh b/scripts/ovh_cloud_instance/arch_host_script.sh
index 42dcc4a9d8636e07e7d5323051d685ada2cacb04..378b0bef92189092b3a9c5ab9344a15d9d08f93d 100755 (executable)
--- a/scripts/ovh_cloud_instance/arch_host_script.sh
+++ b/scripts/ovh_cloud_instance/arch_host_script.sh
@@ -25,7 +25,7 @@ PART="/dev/disk/by-uuid/$UUID"
 # mkfs.ext4 -F -U "$UUID" "$DEVICE"
 sudo mount "$DEVICE" /mnt
 
-##### FIXME: mkfs.ext4 would be better ####
+##### mkfs.ext4 would be better ####
 for i in /mnt/*; do
   if [ "$i" = "/mnt/boot" ]; then
     # keep /boot/grub
@@ -34,7 +34,7 @@ for i in /mnt/*; do
     sudo rm -rf $i
   fi
 done
-##### /FIXME ####
+##### / ####
 
 sudo pacstrap -G /mnt base git puppet
 

diff --git a/scripts/ovh_vps_ssd/arch_chroot_script.sh b/scripts/ovh_vps_ssd/arch_chroot_script.sh
index 7b7887fd873f1f40e840383c05d31d6dc2bcd15f..57e793bfe9bd51a12059463d4ce9896743525b5a 100755 (executable)
--- a/scripts/ovh_vps_ssd/arch_chroot_script.sh
+++ b/scripts/ovh_vps_ssd/arch_chroot_script.sh
@@ -10,7 +10,7 @@ DEVICE=$(realpath "$PART")
 # mkfs.ext4 -F -U "$UUID" "$DEVICE"
 mount "$DEVICE" /mnt
 
-##### FIXME: mkfs.ext4 would be better ####
+##### mkfs.ext4 would be better ####
 for i in /mnt/*; do
   if [ "$i" = "/mnt/boot" ]; then
     # keep /boot/grub
@@ -19,7 +19,7 @@ for i in /mnt/*; do
     rm -rf $i
   fi
 done
-##### /FIXME ####
+##### / ####
 
 pacstrap -G /mnt base git puppet