From: Ismaël Bouya <ismael.bouya@normalesup.org>
Date: Sun, 10 Sep 2017 10:45:41 +0000 (+0200)
Subject: Make use of LDAP variables to configure node
X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FProjets%2FPuppet.git;a=commitdiff_plain;h=503e4cf5c54e3fe4b802038e8917341c4ce803e5

Make use of LDAP variables to configure node
---

diff --git a/bin/install_script.sh b/bin/install_script.sh
index f250285..f46ab29 100755
--- a/bin/install_script.sh
+++ b/bin/install_script.sh
@@ -20,9 +20,12 @@ ARCH_DIR=`mktemp -d`
 ARCH_HOST_SCRIPT="$ARCH_DIR/arch_host_script.sh"
 ARCH_CHROOT_SCRIPT="$ARCH_DIR/arch_chroot_script.sh"
 ARCH_INSTALL_SCRIPT="$ARCH_DIR/arch_install_script.sh"
+ARCH_HOST_PUPPET_CONFIGURATION_SCRIPT="$ARCH_DIR/arch_host_puppet_configuration_script.sh"
+ARCH_PUPPET_CONFIGURATION_SCRIPT="$ARCH_DIR/arch_puppet_configuration_script.sh"
 
 trap "rm -rf $ARCH_DIR" EXIT
 
+#### Base installation stage
 cat > $ARCH_HOST_SCRIPT <<EOF
 #!/bin/bash
 
@@ -117,6 +120,39 @@ send "$password\r"
 expect eof
 EOF
 
+### Role specific stage
+read -p "Press key when LDAP is configured" i
+
+cat > $ARCH_PUPPET_CONFIGURATION_SCRIPT <<EOF
+CODE_PATH="/etc/puppetlabs/code"
+puppet apply --test \$CODE_PATH/manifests/site.pp
+EOF
+
+cat > $ARCH_HOST_PUPPET_CONFIGURATION_SCRIPT <<EOF
+DEVICE_STR=\$(cat /proc/mounts | grep "/dev/sd.. /mnt/")
+DEVICE=\$(echo "\$DEVICE_STR" | cut -d' ' -f1)
+MOUNTPOINT=\$(echo "\$DEVICE_STR" | cut -d' ' -f2)
+
+cp /tmp/arch_puppet_configuration_script.sh "\$MOUNTPOINT/root/"
+
+/tmp/root.x86_64/bin/arch-chroot "\$MOUNTPOINT" /root/arch_puppet_configuration_script.sh
+EOF
+
+chmod a+x $ARCH_PUPPET_CONFIGURATION_SCRIPT $ARCH_HOST_PUPPET_CONFIGURATION_SCRIPT
+
+expect -f - <<EOF
+set timeout -1
+spawn scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o CheckHostIP=no $ARCH_PUPPET_CONFIGURATION_SCRIPT $ARCH_HOST_PUPPET_CONFIGURATION_SCRIPT root@$vps_name:/tmp
+expect "assword:"
+send "$password\n"
+expect eof
+spawn ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o CheckHostIP=no root@$vps_name /tmp/arch_host_puppet_configuration_script.sh
+expect "assword:"
+send "$password\r"
+expect eof
+EOF
+
+### Installation finished
 read -p "Reboot to normal? [Y/n]" reboot
 if [ "x$reboot" != "xn" ]; then
   echo "Rebooting"
diff --git a/environments/production/data/nodes/vps443660.novalocal.yaml b/environments/production/data/nodes/vps443660.novalocal.yaml
new file mode 100644
index 0000000..e6d3c1c
--- /dev/null
+++ b/environments/production/data/nodes/vps443660.novalocal.yaml
@@ -0,0 +1 @@
+base_installation::system_hostname: foo.immae.eu
diff --git a/environments/production/data/types/vps-ovhssd-1.yaml b/environments/production/data/types/vps-ovhssd-1.yaml
index 217dd82..968bf6b 100644
--- a/environments/production/data/types/vps-ovhssd-1.yaml
+++ b/environments/production/data/types/vps-ovhssd-1.yaml
@@ -5,4 +5,3 @@ classes:
 
 base_installation::grub_device: "/dev/sdb"
 base_installation::ldap_cert_path: "/etc/ssl/certs/ca-certificates.crt"
-base_installation::system_hostname: "new.immae.eu"
diff --git a/environments/production/hiera.yaml b/environments/production/hiera.yaml
index f5e5bc2..44c7ecd 100644
--- a/environments/production/hiera.yaml
+++ b/environments/production/hiera.yaml
@@ -6,8 +6,14 @@ defaults:
   data_hash: yaml_data
 
 hierarchy:
+# FIXME: those informations should be taken in LDAP, but bootstrap
+# problem for the hostname
+  - name: "Per-named-node data"
+    mapped_paths: [ldapvar.self.cn, hostname, "named_nodes/%{hostname}.yaml"]
+
   - name: "Per-node data"
     path: "nodes/%{facts.ec2_metadata.hostname}.yaml"
+### /FIXME
 
   - name: "Per-role data"
     mapped_paths: [ldapvar.self.vars.roles, role, "roles/%{role}.yaml"]
diff --git a/modules/base_installation/manifests/cronie.pp b/modules/base_installation/manifests/cronie.pp
index bcdd9a7..918bce3 100644
--- a/modules/base_installation/manifests/cronie.pp
+++ b/modules/base_installation/manifests/cronie.pp
@@ -10,12 +10,18 @@ class base_installation::cronie inherits base_installation {
       owner   => root,
       group   => root,
     }
-    cron { 'puppet-apply':
+    cron { 'puppet-pull-apply':
       ensure  => present,
       command => "cd $base_installation::puppet_code_path ; /usr/bin/git pull",
       user    => root,
       minute  => '*/30',
       require => File['post-hook'],
     }
+    cron { 'puppet-apply':
+      ensure  => present,
+      command => "cd $base_installation::puppet_code_path ; puppet apply --test $base_installation::puppet_code_path/manifests/site.pp",
+      user    => root,
+      minute  => '*/20'
+    }
   }
 }
diff --git a/modules/base_installation/templates/puppet/host_ldap.info.erb b/modules/base_installation/templates/puppet/host_ldap.info.erb
index a350c37..f742da7 100644
--- a/modules/base_installation/templates/puppet/host_ldap.info.erb
+++ b/modules/base_installation/templates/puppet/host_ldap.info.erb
@@ -2,6 +2,7 @@
 ldapadd -D "cn=root,<%= @ldap_base %>" -W << 'EOF'
 dn: <%= @ldap_dn %>
 cn: <%= @ldap_cn %>
+cn: <%= @system_hostname %>
 objectclass: device
 objectclass: top
 objectclass: simpleSecurityObject
diff --git a/modules/base_installation/templates/puppet/puppet.conf.erb b/modules/base_installation/templates/puppet/puppet.conf.erb
index 99d9fc3..3748039 100644
--- a/modules/base_installation/templates/puppet/puppet.conf.erb
+++ b/modules/base_installation/templates/puppet/puppet.conf.erb
@@ -2,6 +2,7 @@
 ssldir = <%= @puppet_ssl_path %>
 
 node_terminus = ldap
+certname = <%= @system_hostname %>
 ldapserver = <%= @ldap_server %>
 ldaptls = true
 ldapbase = <%= @ldap_base %>