From: Ismaël Bouya <ismael.bouya@normalesup.org>
Date: Sat, 3 Mar 2018 21:24:19 +0000 (+0100)
Subject: Fetch node informations from LDAP
X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FProjets%2FPuppet.git;a=commitdiff_plain;h=85abd2fdbad83430df4824843764719064afb9b4

Fetch node informations from LDAP

environment, hostname
---

diff --git a/bin/install_script.sh b/bin/install_script.sh
index 49a737f..6b1aa39 100755
--- a/bin/install_script.sh
+++ b/bin/install_script.sh
@@ -12,6 +12,7 @@ cat <<EOF
   --no-reboot-start       Don't reboot to rescue at the beginning
   --no-reboot-end         Don't reboot to normal at the end
   --git-branch            Use another puppet branch (default: master)
+  --environment           Environment to use for the installl (default: production)
 EOF
 }
 
@@ -19,6 +20,7 @@ set -e
 
 host_user=root
 git_branch=master
+environment=production
 
 while [ -n "$1" ]; do
   case "$1" in
@@ -50,6 +52,10 @@ while [ -n "$1" ]; do
       git_branch="$2"
       shift
       ;;
+    --environment)
+      environment="$2"
+      shift
+      ;;
     --help|-h)
       usage
       exit 0
@@ -173,9 +179,9 @@ cat > $ARCH_INSTALL_SCRIPT <<EOF
 CODE_PATH="/etc/puppetlabs/code"
 rm -rf \$CODE_PATH
 git clone -b $git_branch --recursive https://git.immae.eu/perso/Immae/Projets/Puppet.git \$CODE_PATH
-puppet apply --tags base_installation --test \$CODE_PATH/manifests/site.pp
+puppet apply --environment $environment --tags base_installation --test \$CODE_PATH/manifests/site.pp
 # The password seed requires puppet to be run twice
-puppet apply --tags base_installation --test \$CODE_PATH/manifests/site.pp
+puppet apply --environment $environment --tags base_installation --test \$CODE_PATH/manifests/site.pp
 EOF
 
 chmod a+x $ARCH_HOST_SCRIPT $ARCH_CHROOT_SCRIPT $ARCH_INSTALL_SCRIPT
@@ -197,7 +203,7 @@ read -p "Press key when LDAP is configured" i
 
 cat > $ARCH_PUPPET_CONFIGURATION_SCRIPT <<EOF
 CODE_PATH="/etc/puppetlabs/code"
-puppet apply --tags base_installation --test \$CODE_PATH/manifests/site.pp
+puppet apply --environment $environment --tags base_installation --test \$CODE_PATH/manifests/site.pp
 EOF
 
 cat > $ARCH_HOST_PUPPET_CONFIGURATION_SCRIPT <<EOF
diff --git a/environments/integration/data/common.yaml b/environments/integration/data/common.yaml
new file mode 100644
index 0000000..78cce6b
--- /dev/null
+++ b/environments/integration/data/common.yaml
@@ -0,0 +1,25 @@
+---
+classes:
+  stdlib: ~
+
+base_installation::ldap_base: "dc=immae,dc=eu"
+base_installation::ldap_dn: "cn=%{facts.ec2_metadata.hostname},ou=hosts,dc=immae,dc=eu"
+base_installation::ldap_cn: "%{facts.ec2_metadata.hostname}"
+base_installation::ldap_server: "ldap.immae.eu"
+base_installation::ldap_uri: "ldaps://ldap.immae.eu"
+base_installation::puppet_conf_path: "/etc/puppetlabs/puppet"
+base_installation::puppet_code_path: "/etc/puppetlabs/code"
+base_installation::puppet_pass_seed: "/etc/puppetlabs/puppet/password_seed"
+base_installation::puppet_ssl_path: "/etc/puppetlabs/ssl"
+base_installation::system_locales: ["fr_FR.UTF-8", "en_US.UTF-8"]
+base_installation::system_timezone: "Europe/Paris"
+base_installation::system_users:
+  - userid: 1000
+    username: "immae"
+    groups: ["wheel"]
+    keys:
+      - host: "immae.eu"
+        key: "AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5PgLBwMRyRwzJPnSgUyRAuB9AAxMijsw1pR/t/wmxQne1O5fIPOleHx+D8dyZbwm+XkzlcJpgT0Qy3qC9J8BPhshJvO/tA/8CI/oS/FE0uWsyACH1DMO2dk4gRRZGSE9IuzDMRPlnfZ3n0tdsPzzv3GH4It/oPIgsvkTowKztGLQ7Xmjr5BxzAhXcIQymqA0U3XWHSdWvnSRDaOFG0PDoVMS85IdwlviVKLnV5Sstb4NC/P28LFfgvW8DO/XrOqujgDomqTmR41dK/AyrGGOb2cQUMO4l8Oa+74aOyKaB61rr/rJkr+wCbEttkTvgFa6zZygSk3edfiWE2rgn4+v"
+        key_type: "ssh-rsa"
+xmr_stak::mining_pool: "pool.minexmr.com:7777"
+xmr_stak::wallet: "44CA8TxTFYbQqN2kLyk8AnB6Ghz4mcbGpYC2EyXW7A8H9QspvWnTjDn39XUZDPrFwPa5JNwt4TmAxcooPWv4SaJqL87Bcdo"
diff --git a/environments/production/data/nodes/vps494082.yaml b/environments/integration/data/roles/cryptoportfolio.yaml
similarity index 81%
rename from environments/production/data/nodes/vps494082.yaml
rename to environments/integration/data/roles/cryptoportfolio.yaml
index c7d1c85..7464b3d 100644
--- a/environments/production/data/nodes/vps494082.yaml
+++ b/environments/integration/data/roles/cryptoportfolio.yaml
@@ -1,4 +1,6 @@
-base_installation::system_hostname: cryptoportfolio.immae.eu
+---
+classes:
+  role::cryptoportfolio: ~
 cryptoportfolio::front_version: v0.0.2
 cryptoportfolio::front_sha256: 2ace0197a34f9f130523eecf8a43aa4f411cdca09de33838e074f25a7e1d6c5e
 cryptoportfolio::bot_version: v0.2-4-gf70bb85
diff --git a/environments/integration/data/types/vps-ovhssd-1.yaml b/environments/integration/data/types/vps-ovhssd-1.yaml
new file mode 100644
index 0000000..73f7a45
--- /dev/null
+++ b/environments/integration/data/types/vps-ovhssd-1.yaml
@@ -0,0 +1,10 @@
+---
+classes:
+  base_installation:
+    stage: "setup"
+
+base_installation::system_hostname: "%{ldapvar.self.vars.host.0}"
+base_installation::real_hostname: "%{facts.ec2_metadata.hostname}.ovh.net"
+base_installation::grub_device: "/dev/sdb"
+base_installation::ldap_cert_path: "/etc/ssl/certs/ca-certificates.crt"
+ssl::try_letsencrypt_for_real_hostname: false
diff --git a/environments/integration/hiera.yaml b/environments/integration/hiera.yaml
new file mode 100644
index 0000000..a63fc92
--- /dev/null
+++ b/environments/integration/hiera.yaml
@@ -0,0 +1,19 @@
+---
+version: 5
+
+defaults:
+  datadir: data
+  data_hash: yaml_data
+
+hierarchy:
+  - name: "Initialization variables"
+    path: "/root/puppet_variables.json"
+
+  - name: "Per-role data"
+    mapped_paths: [ldapvar.self.vars.roles, role, "roles/%{role}.yaml"]
+
+  - name: "Per-type data"
+    path: "types/%{facts.ec2_metadata.instance-type}.yaml"
+
+  - name: "Common data"
+    path: "common.yaml"
diff --git a/environments/production/data/nodes/vps464408.novalocal.yaml b/environments/production/data/nodes/vps464408.novalocal.yaml
deleted file mode 100644
index ad3a440..0000000
--- a/environments/production/data/nodes/vps464408.novalocal.yaml
+++ /dev/null
@@ -1 +0,0 @@
-base_installation::system_hostname: ns2.immae.eu
diff --git a/environments/production/data/roles/cryptoportfolio.yaml b/environments/production/data/roles/cryptoportfolio.yaml
index da46382..7464b3d 100644
--- a/environments/production/data/roles/cryptoportfolio.yaml
+++ b/environments/production/data/roles/cryptoportfolio.yaml
@@ -1,3 +1,7 @@
 ---
 classes:
   role::cryptoportfolio: ~
+cryptoportfolio::front_version: v0.0.2
+cryptoportfolio::front_sha256: 2ace0197a34f9f130523eecf8a43aa4f411cdca09de33838e074f25a7e1d6c5e
+cryptoportfolio::bot_version: v0.2-4-gf70bb85
+cryptoportfolio::bot_sha256: e9850a667e0672cdd0363bb93124b59610c4d67e3ed9908b004a9d15c2276340
diff --git a/environments/production/data/types/vps-ovhssd-1.yaml b/environments/production/data/types/vps-ovhssd-1.yaml
index 9130ad1..73f7a45 100644
--- a/environments/production/data/types/vps-ovhssd-1.yaml
+++ b/environments/production/data/types/vps-ovhssd-1.yaml
@@ -3,6 +3,7 @@ classes:
   base_installation:
     stage: "setup"
 
+base_installation::system_hostname: "%{ldapvar.self.vars.host.0}"
 base_installation::real_hostname: "%{facts.ec2_metadata.hostname}.ovh.net"
 base_installation::grub_device: "/dev/sdb"
 base_installation::ldap_cert_path: "/etc/ssl/certs/ca-certificates.crt"
diff --git a/environments/production/hiera.yaml b/environments/production/hiera.yaml
index 9cedf47..a63fc92 100644
--- a/environments/production/hiera.yaml
+++ b/environments/production/hiera.yaml
@@ -6,15 +6,6 @@ defaults:
   data_hash: yaml_data
 
 hierarchy:
-# FIXME: those informations should be taken in LDAP, but bootstrap
-# problem for the hostname
-  - name: "Per-named-node data"
-    mapped_paths: [ldapvar.self.cn, hostname, "named_nodes/%{hostname}.yaml"]
-
-  - name: "Per-node data"
-    path: "nodes/%{facts.ec2_metadata.hostname}.yaml"
-### /FIXME
-
   - name: "Initialization variables"
     path: "/root/puppet_variables.json"
 
diff --git a/modules/base_installation/manifests/init.pp b/modules/base_installation/manifests/init.pp
index f9fdcd4..998f8ff 100644
--- a/modules/base_installation/manifests/init.pp
+++ b/modules/base_installation/manifests/init.pp
@@ -10,6 +10,7 @@ class base_installation (
   Optional[String]        $puppet_conf_path = $base_installation::params::puppet_conf_path,
   Optional[String]        $puppet_pass_seed = $base_installation::params::puppet_pass_seed,
   Optional[String]        $puppet_ssl_path  = $base_installation::params::puppet_ssl_path,
+  Optional[String]        $real_hostname    = $base_installation::params::real_hostname,
   Optional[String]        $system_hostname  = $base_installation::params::system_hostname,
   Optional[Array[String]] $system_locales   = $base_installation::params::system_locales,
   Optional[String]        $system_timezone  = $base_installation::params::system_timezone,
diff --git a/modules/base_installation/manifests/params.pp b/modules/base_installation/manifests/params.pp
index c03eb1e..5ade838 100644
--- a/modules/base_installation/manifests/params.pp
+++ b/modules/base_installation/manifests/params.pp
@@ -10,6 +10,7 @@ class base_installation::params {
   $ldap_cert_path   = "/etc/ssl/certs/ca-certificates.crt"
   $ldap_uri         = "ldaps://ldap.example.com"
   $ldap_server      = "ldap.example.com"
+  $real_hostname    = "example.com"
   $system_hostname  = "example.com"
   $system_locales   = ["en_US.UTF-8"]
   $system_timezone  = "UTC"
diff --git a/modules/base_installation/manifests/system_config.pp b/modules/base_installation/manifests/system_config.pp
index 25bfe0f..ccc5dcc 100644
--- a/modules/base_installation/manifests/system_config.pp
+++ b/modules/base_installation/manifests/system_config.pp
@@ -6,23 +6,27 @@ class base_installation::system_config inherits base_installation {
     }
   }
 
-  unless empty($base_installation::system_hostname) {
-    file { '/etc/hostname':
-      content => "$base_installation::system_hostname\n",
-    }
+  if empty($base_installation::system_hostname) {
+    $hostname = $base_installation::real_hostname
+  } else {
+    $hostname = $base_installation::system_hostname
+  }
 
-    exec { "set_hostname":
-      command     => "/usr/bin/hostnamectl set-hostname $base_installation::system_hostname",
-      refreshonly => true,
-      subscribe   => File["/etc/hostname"],
-      returns     => [0, 1],
-    }
+  file { '/etc/hostname':
+    content => "$base_installation::system_hostname\n",
+  }
 
-    # TODO: find a way to ensure that /etc/hostname doesn't change
-    # exec { "set_hostname_firstboot":
-    #   command     => "/usr/bin/systemd-firstboot --hostname=$base_installation::system_hostname",
-    #   creates     => "/etc/hostname",
-    # }
+  exec { "set_hostname":
+    command     => "/usr/bin/hostnamectl set-hostname $base_installation::system_hostname",
+    refreshonly => true,
+    subscribe   => File["/etc/hostname"],
+    returns     => [0, 1],
   }
 
+  # TODO: find a way to ensure that /etc/hostname doesn't change
+  # exec { "set_hostname_firstboot":
+  #   command     => "/usr/bin/systemd-firstboot --hostname=$base_installation::system_hostname",
+  #   creates     => "/etc/hostname",
+  # }
+
 }
diff --git a/modules/base_installation/templates/puppet/host_ldap.info.erb b/modules/base_installation/templates/puppet/host_ldap.info.erb
index 525739b..a71c6f3 100644
--- a/modules/base_installation/templates/puppet/host_ldap.info.erb
+++ b/modules/base_installation/templates/puppet/host_ldap.info.erb
@@ -2,7 +2,6 @@
 ldapadd -D "cn=root,<%= @ldap_base %>" -W << 'EOF'
 dn: <%= @ldap_dn %>
 cn: <%= @ldap_cn %>
-cn: <%= @system_hostname %>
 objectclass: device
 objectclass: top
 objectclass: simpleSecurityObject
@@ -12,6 +11,7 @@ objectclass: ipHost
 <% unless @ips["v4"].nil? -%>ipHostNumber: <%= @ips["v4"]["ipAddress"] %><%- end %>
 <% unless @ips["v6"].nil? -%>ipHostNumber: <%= @ips["v6"]["ipAddress"] %>/<%= @ips["v6"]["mask"] %><%- end %>
 <%- end -%>
+environment: <%= @environment %>
 userpassword: {SSHA}<%= Base64.encode64(Digest::SHA1.digest(@ldap_password+@ssha_ldap_seed)+@ssha_ldap_seed).chomp! %>
 EOF
 #### Or modify an existing entry:
@@ -20,6 +20,8 @@ dn: <%= @ldap_dn %>
 changetype: modify
 replace: userPassword
 userpassword: {SSHA}<%= Base64.encode64(Digest::SHA1.digest(@ldap_password+@ssha_ldap_seed)+@ssha_ldap_seed).chomp! %>
+replace: environment
+environment: <%= @environment %>
 <%- unless @ips.empty? -%>
 -
 delete: ipHostNumber
diff --git a/modules/base_installation/templates/puppet/puppet.conf.erb b/modules/base_installation/templates/puppet/puppet.conf.erb
index 3748039..24e67c8 100644
--- a/modules/base_installation/templates/puppet/puppet.conf.erb
+++ b/modules/base_installation/templates/puppet/puppet.conf.erb
@@ -1,8 +1,10 @@
 [main]
 ssldir = <%= @puppet_ssl_path %>
 
+environment = <%= @environment %>
+
 node_terminus = ldap
-certname = <%= @system_hostname %>
+certname = <%= @real_hostname %>
 ldapserver = <%= @ldap_server %>
 ldaptls = true
 ldapbase = <%= @ldap_base %>
diff --git a/modules/profile/manifests/apache.pp b/modules/profile/manifests/apache.pp
index 605b701..8db58da 100644
--- a/modules/profile/manifests/apache.pp
+++ b/modules/profile/manifests/apache.pp
@@ -49,11 +49,17 @@ class profile::apache {
     ]
   }
 
+  exec { 'Start-apache':
+    command => "/usr/bin/systemctl start httpd",
+    before  => Class["::letsencrypt"],
+    unless  => "/usr/bin/systemctl is-active httpd",
+  }
+
   $letsencrypt_certonly_default = {
     plugin        => "webroot",
     webroot_paths => ["/srv/http/"],
     notify        => Class['Apache::Service'],
-    require       => [Apache::Vhost["redirect_no_ssl"],Apache::Custom_config["letsencrypt.conf"]],
+    require       => [Exec['Start-apache'],Apache::Vhost["redirect_no_ssl"],Apache::Custom_config["letsencrypt.conf"]],
     manage_cron   => true,
   }
 
diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp
index 32b6ac7..1e39479 100644
--- a/modules/role/manifests/cryptoportfolio.pp
+++ b/modules/role/manifests/cryptoportfolio.pp
@@ -26,7 +26,7 @@ class role::cryptoportfolio {
   $cf_group = "cryptoportfolio"
   $cf_home = "/opt/cryptoportfolio"
   $cf_env = "prod"
-  $cf_front_app_host = "cryptoportfolio.immae.eu"
+  $cf_front_app_host = lookup("base_installation::system_hostname") |$key| { "example.com" }
   $cf_front_app_port = ""
   $cf_front_app_ssl = "true"
   $cf_front_app = "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front"
diff --git a/python/list_servers.py b/python/list_servers.py
new file mode 100644
index 0000000..9b8bc64
--- /dev/null
+++ b/python/list_servers.py
@@ -0,0 +1,12 @@
+try:
+    from ovh import ovh
+except ImportError:
+    # In case it's installed globally
+    import ovh
+
+client = ovh.Client()
+
+vps_list = client.get('/vps/')
+
+for vps in vps_list:
+    print(vps)