From 2742958fd69c91c442685be62140f1e29e363b95 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Isma=C3=ABl=20Bouya?= Date: Tue, 10 Jul 2018 12:31:32 +0200 Subject: [PATCH] Move todos to readme.md and add first documentation --- .../manifests/postgresql/backup_pgbouncer.pp | 2 +- modules/profile/manifests/postgresql/ssl.pp | 2 -- modules/role/manifests/cryptoportfolio.pp | 1 - readme.md | 32 +++++++++++++++++++ .../ovh_cloud_instance/arch_host_script.sh | 4 +-- scripts/ovh_vps_ssd/arch_chroot_script.sh | 4 +-- 6 files changed, 37 insertions(+), 8 deletions(-) create mode 100644 readme.md diff --git a/modules/profile/manifests/postgresql/backup_pgbouncer.pp b/modules/profile/manifests/postgresql/backup_pgbouncer.pp index c82eefd..5fd7861 100644 --- a/modules/profile/manifests/postgresql/backup_pgbouncer.pp +++ b/modules/profile/manifests/postgresql/backup_pgbouncer.pp @@ -48,7 +48,7 @@ define profile::postgresql::backup_pgbouncer ( content => "${pg_infos[pgbouncer_dbname]} = host=$pg_path$pg_port user=${pg_infos[dbuser]} dbname=${pg_infos[dbname]}", } - # FIXME: current pam configuration requires password for postgres + # Current pam configuration requires password for postgres # @profile::monitoring::local_service { "Database ${pg_infos[pgbouncer_dbname]} is available in pgbouncer": # sudos => { # "naemon-postgresql-database-public" => "naemon ALL=(postgres) NOPASSWD: /usr/bin/psql -c select\ nspname\ from\ pg_catalog.pg_namespace ${pg_infos[pgbouncer_dbname]}" diff --git a/modules/profile/manifests/postgresql/ssl.pp b/modules/profile/manifests/postgresql/ssl.pp index 9b0a95c..b809a9d 100644 --- a/modules/profile/manifests/postgresql/ssl.pp +++ b/modules/profile/manifests/postgresql/ssl.pp @@ -78,6 +78,4 @@ define profile::postgresql::ssl ( content => "ssl = on\nssl_key_file = '$ssl_key'\nssl_cert_file = '$ssl_cert'\n" } } - - # FIXME: add monitoring for ssl } diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp index c675e91..8f7bfca 100644 --- a/modules/role/manifests/cryptoportfolio.pp +++ b/modules/role/manifests/cryptoportfolio.pp @@ -41,7 +41,6 @@ class role::cryptoportfolio ( contain "role::cryptoportfolio::bot" } - # FIXME: restore backup unless empty($front_version) { contain "role::cryptoportfolio::front" } diff --git a/readme.md b/readme.md new file mode 100644 index 0000000..d8d8046 --- /dev/null +++ b/readme.md @@ -0,0 +1,32 @@ +# Puppet configuration repository for immae.eu's services + +This repository has the aim to help automate the installation of servers +planned for a specific task, with the help of Puppet. The host are +supposed to be listed in an LDAP-like database, which will contain the +necessary credentials, variable configuration and secrets for each +server. + +## Structure + +The repository is structured along Puppet modules (`modules/` +directory). Each machine has one or several `role`, which determine the +set of programs and configuration to install. Each role may be +standalone, or require a set of `profile`, which is seen as a +reusable component. (The structure is inspired from the tutorial at +[https://www.craigdunn.org/2012/05/239/](https://www.craigdunn.org/2012/05/239/) ) + + +## TODO + +- Complete documentation +- Add some monitoring: + - modules/profile/manifests/postgresql/ssl.pp (check postgresql certificate) + - modules/profile/manifests/postgresql/backup\_pgbouncer.pp (check pgbouncer works) + - modules/profile/manifests/apache.pp (check website is accessible and ssl) + - modules/profile/manifests/mail.pp (check e-mails are going through) + - modules/profile/manifests/redis.pp (check redis is running) + - modules/role/\* (role-specific checks) +- Add redis replication and dumps +- Restore backups for cryptoportfolio +- Ensure latest by default for packages +- try to do a mkfs.ext4 for cloud vps diff --git a/scripts/ovh_cloud_instance/arch_host_script.sh b/scripts/ovh_cloud_instance/arch_host_script.sh index 42dcc4a..378b0be 100755 --- a/scripts/ovh_cloud_instance/arch_host_script.sh +++ b/scripts/ovh_cloud_instance/arch_host_script.sh @@ -25,7 +25,7 @@ PART="/dev/disk/by-uuid/$UUID" # mkfs.ext4 -F -U "$UUID" "$DEVICE" sudo mount "$DEVICE" /mnt -##### FIXME: mkfs.ext4 would be better #### +##### mkfs.ext4 would be better #### for i in /mnt/*; do if [ "$i" = "/mnt/boot" ]; then # keep /boot/grub @@ -34,7 +34,7 @@ for i in /mnt/*; do sudo rm -rf $i fi done -##### /FIXME #### +##### / #### sudo pacstrap -G /mnt base git puppet diff --git a/scripts/ovh_vps_ssd/arch_chroot_script.sh b/scripts/ovh_vps_ssd/arch_chroot_script.sh index 7b7887f..57e793b 100755 --- a/scripts/ovh_vps_ssd/arch_chroot_script.sh +++ b/scripts/ovh_vps_ssd/arch_chroot_script.sh @@ -10,7 +10,7 @@ DEVICE=$(realpath "$PART") # mkfs.ext4 -F -U "$UUID" "$DEVICE" mount "$DEVICE" /mnt -##### FIXME: mkfs.ext4 would be better #### +##### mkfs.ext4 would be better #### for i in /mnt/*; do if [ "$i" = "/mnt/boot" ]; then # keep /boot/grub @@ -19,7 +19,7 @@ for i in /mnt/*; do rm -rf $i fi done -##### /FIXME #### +##### / #### pacstrap -G /mnt base git puppet -- 2.41.0