--no-reboot-start Don't reboot to rescue at the beginning
--no-reboot-end Don't reboot to normal at the end
--git-branch Use another puppet branch (default: master)
+ --environment Environment to use for the installl (default: production)
EOF
}
host_user=root
git_branch=master
+environment=production
while [ -n "$1" ]; do
case "$1" in
git_branch="$2"
shift
;;
+ --environment)
+ environment="$2"
+ shift
+ ;;
--help|-h)
usage
exit 0
CODE_PATH="/etc/puppetlabs/code"
rm -rf \$CODE_PATH
git clone -b $git_branch --recursive https://git.immae.eu/perso/Immae/Projets/Puppet.git \$CODE_PATH
-puppet apply --tags base_installation --test \$CODE_PATH/manifests/site.pp
+puppet apply --environment $environment --tags base_installation --test \$CODE_PATH/manifests/site.pp
# The password seed requires puppet to be run twice
-puppet apply --tags base_installation --test \$CODE_PATH/manifests/site.pp
+puppet apply --environment $environment --tags base_installation --test \$CODE_PATH/manifests/site.pp
EOF
chmod a+x $ARCH_HOST_SCRIPT $ARCH_CHROOT_SCRIPT $ARCH_INSTALL_SCRIPT
cat > $ARCH_PUPPET_CONFIGURATION_SCRIPT <<EOF
CODE_PATH="/etc/puppetlabs/code"
-puppet apply --tags base_installation --test \$CODE_PATH/manifests/site.pp
+puppet apply --environment $environment --tags base_installation --test \$CODE_PATH/manifests/site.pp
EOF
cat > $ARCH_HOST_PUPPET_CONFIGURATION_SCRIPT <<EOF
--- /dev/null
+---
+classes:
+ stdlib: ~
+
+base_installation::ldap_base: "dc=immae,dc=eu"
+base_installation::ldap_dn: "cn=%{facts.ec2_metadata.hostname},ou=hosts,dc=immae,dc=eu"
+base_installation::ldap_cn: "%{facts.ec2_metadata.hostname}"
+base_installation::ldap_server: "ldap.immae.eu"
+base_installation::ldap_uri: "ldaps://ldap.immae.eu"
+base_installation::puppet_conf_path: "/etc/puppetlabs/puppet"
+base_installation::puppet_code_path: "/etc/puppetlabs/code"
+base_installation::puppet_pass_seed: "/etc/puppetlabs/puppet/password_seed"
+base_installation::puppet_ssl_path: "/etc/puppetlabs/ssl"
+base_installation::system_locales: ["fr_FR.UTF-8", "en_US.UTF-8"]
+base_installation::system_timezone: "Europe/Paris"
+base_installation::system_users:
+ - userid: 1000
+ username: "immae"
+ groups: ["wheel"]
+ keys:
+ - host: "immae.eu"
+ key: "AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5PgLBwMRyRwzJPnSgUyRAuB9AAxMijsw1pR/t/wmxQne1O5fIPOleHx+D8dyZbwm+XkzlcJpgT0Qy3qC9J8BPhshJvO/tA/8CI/oS/FE0uWsyACH1DMO2dk4gRRZGSE9IuzDMRPlnfZ3n0tdsPzzv3GH4It/oPIgsvkTowKztGLQ7Xmjr5BxzAhXcIQymqA0U3XWHSdWvnSRDaOFG0PDoVMS85IdwlviVKLnV5Sstb4NC/P28LFfgvW8DO/XrOqujgDomqTmR41dK/AyrGGOb2cQUMO4l8Oa+74aOyKaB61rr/rJkr+wCbEttkTvgFa6zZygSk3edfiWE2rgn4+v"
+ key_type: "ssh-rsa"
+xmr_stak::mining_pool: "pool.minexmr.com:7777"
+xmr_stak::wallet: "44CA8TxTFYbQqN2kLyk8AnB6Ghz4mcbGpYC2EyXW7A8H9QspvWnTjDn39XUZDPrFwPa5JNwt4TmAxcooPWv4SaJqL87Bcdo"
-base_installation::system_hostname: cryptoportfolio.immae.eu
+---
+classes:
+ role::cryptoportfolio: ~
cryptoportfolio::front_version: v0.0.2
cryptoportfolio::front_sha256: 2ace0197a34f9f130523eecf8a43aa4f411cdca09de33838e074f25a7e1d6c5e
cryptoportfolio::bot_version: v0.2-4-gf70bb85
--- /dev/null
+---
+classes:
+ base_installation:
+ stage: "setup"
+
+base_installation::system_hostname: "%{ldapvar.self.vars.host.0}"
+base_installation::real_hostname: "%{facts.ec2_metadata.hostname}.ovh.net"
+base_installation::grub_device: "/dev/sdb"
+base_installation::ldap_cert_path: "/etc/ssl/certs/ca-certificates.crt"
+ssl::try_letsencrypt_for_real_hostname: false
--- /dev/null
+---
+version: 5
+
+defaults:
+ datadir: data
+ data_hash: yaml_data
+
+hierarchy:
+ - name: "Initialization variables"
+ path: "/root/puppet_variables.json"
+
+ - name: "Per-role data"
+ mapped_paths: [ldapvar.self.vars.roles, role, "roles/%{role}.yaml"]
+
+ - name: "Per-type data"
+ path: "types/%{facts.ec2_metadata.instance-type}.yaml"
+
+ - name: "Common data"
+ path: "common.yaml"
+++ /dev/null
-base_installation::system_hostname: ns2.immae.eu
---
classes:
role::cryptoportfolio: ~
+cryptoportfolio::front_version: v0.0.2
+cryptoportfolio::front_sha256: 2ace0197a34f9f130523eecf8a43aa4f411cdca09de33838e074f25a7e1d6c5e
+cryptoportfolio::bot_version: v0.2-4-gf70bb85
+cryptoportfolio::bot_sha256: e9850a667e0672cdd0363bb93124b59610c4d67e3ed9908b004a9d15c2276340
base_installation:
stage: "setup"
+base_installation::system_hostname: "%{ldapvar.self.vars.host.0}"
base_installation::real_hostname: "%{facts.ec2_metadata.hostname}.ovh.net"
base_installation::grub_device: "/dev/sdb"
base_installation::ldap_cert_path: "/etc/ssl/certs/ca-certificates.crt"
data_hash: yaml_data
hierarchy:
-# FIXME: those informations should be taken in LDAP, but bootstrap
-# problem for the hostname
- - name: "Per-named-node data"
- mapped_paths: [ldapvar.self.cn, hostname, "named_nodes/%{hostname}.yaml"]
-
- - name: "Per-node data"
- path: "nodes/%{facts.ec2_metadata.hostname}.yaml"
-### /FIXME
-
- name: "Initialization variables"
path: "/root/puppet_variables.json"
Optional[String] $puppet_conf_path = $base_installation::params::puppet_conf_path,
Optional[String] $puppet_pass_seed = $base_installation::params::puppet_pass_seed,
Optional[String] $puppet_ssl_path = $base_installation::params::puppet_ssl_path,
+ Optional[String] $real_hostname = $base_installation::params::real_hostname,
Optional[String] $system_hostname = $base_installation::params::system_hostname,
Optional[Array[String]] $system_locales = $base_installation::params::system_locales,
Optional[String] $system_timezone = $base_installation::params::system_timezone,
$ldap_cert_path = "/etc/ssl/certs/ca-certificates.crt"
$ldap_uri = "ldaps://ldap.example.com"
$ldap_server = "ldap.example.com"
+ $real_hostname = "example.com"
$system_hostname = "example.com"
$system_locales = ["en_US.UTF-8"]
$system_timezone = "UTC"
}
}
- unless empty($base_installation::system_hostname) {
- file { '/etc/hostname':
- content => "$base_installation::system_hostname\n",
- }
+ if empty($base_installation::system_hostname) {
+ $hostname = $base_installation::real_hostname
+ } else {
+ $hostname = $base_installation::system_hostname
+ }
- exec { "set_hostname":
- command => "/usr/bin/hostnamectl set-hostname $base_installation::system_hostname",
- refreshonly => true,
- subscribe => File["/etc/hostname"],
- returns => [0, 1],
- }
+ file { '/etc/hostname':
+ content => "$base_installation::system_hostname\n",
+ }
- # TODO: find a way to ensure that /etc/hostname doesn't change
- # exec { "set_hostname_firstboot":
- # command => "/usr/bin/systemd-firstboot --hostname=$base_installation::system_hostname",
- # creates => "/etc/hostname",
- # }
+ exec { "set_hostname":
+ command => "/usr/bin/hostnamectl set-hostname $base_installation::system_hostname",
+ refreshonly => true,
+ subscribe => File["/etc/hostname"],
+ returns => [0, 1],
}
+ # TODO: find a way to ensure that /etc/hostname doesn't change
+ # exec { "set_hostname_firstboot":
+ # command => "/usr/bin/systemd-firstboot --hostname=$base_installation::system_hostname",
+ # creates => "/etc/hostname",
+ # }
+
}
ldapadd -D "cn=root,<%= @ldap_base %>" -W << 'EOF'
dn: <%= @ldap_dn %>
cn: <%= @ldap_cn %>
-cn: <%= @system_hostname %>
objectclass: device
objectclass: top
objectclass: simpleSecurityObject
<% unless @ips["v4"].nil? -%>ipHostNumber: <%= @ips["v4"]["ipAddress"] %><%- end %>
<% unless @ips["v6"].nil? -%>ipHostNumber: <%= @ips["v6"]["ipAddress"] %>/<%= @ips["v6"]["mask"] %><%- end %>
<%- end -%>
+environment: <%= @environment %>
userpassword: {SSHA}<%= Base64.encode64(Digest::SHA1.digest(@ldap_password+@ssha_ldap_seed)+@ssha_ldap_seed).chomp! %>
EOF
#### Or modify an existing entry:
changetype: modify
replace: userPassword
userpassword: {SSHA}<%= Base64.encode64(Digest::SHA1.digest(@ldap_password+@ssha_ldap_seed)+@ssha_ldap_seed).chomp! %>
+replace: environment
+environment: <%= @environment %>
<%- unless @ips.empty? -%>
-
delete: ipHostNumber
[main]
ssldir = <%= @puppet_ssl_path %>
+environment = <%= @environment %>
+
node_terminus = ldap
-certname = <%= @system_hostname %>
+certname = <%= @real_hostname %>
ldapserver = <%= @ldap_server %>
ldaptls = true
ldapbase = <%= @ldap_base %>
]
}
+ exec { 'Start-apache':
+ command => "/usr/bin/systemctl start httpd",
+ before => Class["::letsencrypt"],
+ unless => "/usr/bin/systemctl is-active httpd",
+ }
+
$letsencrypt_certonly_default = {
plugin => "webroot",
webroot_paths => ["/srv/http/"],
notify => Class['Apache::Service'],
- require => [Apache::Vhost["redirect_no_ssl"],Apache::Custom_config["letsencrypt.conf"]],
+ require => [Exec['Start-apache'],Apache::Vhost["redirect_no_ssl"],Apache::Custom_config["letsencrypt.conf"]],
manage_cron => true,
}
$cf_group = "cryptoportfolio"
$cf_home = "/opt/cryptoportfolio"
$cf_env = "prod"
- $cf_front_app_host = "cryptoportfolio.immae.eu"
+ $cf_front_app_host = lookup("base_installation::system_hostname") |$key| { "example.com" }
$cf_front_app_port = ""
$cf_front_app_ssl = "true"
$cf_front_app = "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front"
--- /dev/null
+try:
+ from ovh import ovh
+except ImportError:
+ # In case it's installed globally
+ import ovh
+
+client = ovh.Client()
+
+vps_list = client.get('/vps/')
+
+for vps in vps_list:
+ print(vps)