Move todos to readme.md and add first documentation

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2018-07-10 12:31:32 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2018-07-11 08:02:07 +0200
commit: 2742958fd69c91c442685be62140f1e29e363b95 (patch)
tree: 987aee9281ce774c031c40d6626797ad7ec878e9
parent: b5305b5cad5cbb0a2c072b29f2d4dc05126c39d4 (diff)
download: Puppet-2742958fd69c91c442685be62140f1e29e363b95.tar.gz
Puppet-2742958fd69c91c442685be62140f1e29e363b95.tar.zst
Puppet-2742958fd69c91c442685be62140f1e29e363b95.zip
6 files changed, 37 insertions, 8 deletions
diff --git a/modules/profile/manifests/postgresql/backup_pgbouncer.pp b/modules/profile/manifests/postgresql/backup_pgbouncer.pp
index c82eefd..5fd7861 100644
--- a/modules/profile/manifests/postgresql/backup_pgbouncer.pp
+++ b/modules/profile/manifests/postgresql/backup_pgbouncer.pp
@@ -48,7 +48,7 @@ define profile::postgresql::backup_pgbouncer (
    content => "${pg_infos[pgbouncer_dbname]} = host=$pg_path$pg_port user=${pg_infos[dbuser]} dbname=${pg_infos[dbname]}",
  }
-  # FIXME: current pam configuration requires password for postgres
+  # Current pam configuration requires password for postgres
  # @profile::monitoring::local_service { "Database ${pg_infos[pgbouncer_dbname]} is available in pgbouncer":
  #   sudos => {
  #     "naemon-postgresql-database-public" => "naemon ALL=(postgres) NOPASSWD: /usr/bin/psql -c select\ nspname\ from\ pg_catalog.pg_namespace ${pg_infos[pgbouncer_dbname]}"
diff --git a/modules/profile/manifests/postgresql/ssl.pp b/modules/profile/manifests/postgresql/ssl.pp
index 9b0a95c..b809a9d 100644
--- a/modules/profile/manifests/postgresql/ssl.pp
+++ b/modules/profile/manifests/postgresql/ssl.pp
@@ -78,6 +78,4 @@ define profile::postgresql::ssl (
      content => "ssl = on\nssl_key_file = '$ssl_key'\nssl_cert_file = '$ssl_cert'\n"
    }
  }
-  # FIXME: add monitoring for ssl
 }
diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp
index c675e91..8f7bfca 100644
--- a/modules/role/manifests/cryptoportfolio.pp
+++ b/modules/role/manifests/cryptoportfolio.pp
@@ -41,7 +41,6 @@ class role::cryptoportfolio (
    contain "role::cryptoportfolio::bot"
  }
-  # FIXME: restore backup
  unless empty($front_version) {
    contain "role::cryptoportfolio::front"
  }
diff --git a/readme.md b/readme.md
new file mode 100644
index 0000000..d8d8046
--- /dev/null
+++ b/readme.md
@@ -0,0 +1,32 @@
+# Puppet configuration repository for immae.eu's services
+This repository has the aim to help automate the installation of servers
+planned for a specific task, with the help of Puppet. The host are
+supposed to be listed in an LDAP-like database, which will contain the
+necessary credentials, variable configuration and secrets for each
+server.
+## Structure
+The repository is structured along Puppet modules (`modules/`
+directory). Each machine has one or several `role`, which determine the
+set of programs and configuration to install. Each role may be
+standalone, or require a set of `profile`, which is seen as a
+reusable component. (The structure is inspired from the tutorial at
+[https://www.craigdunn.org/2012/05/239/](https://www.craigdunn.org/2012/05/239/) )
+## TODO
+- Complete documentation
+- Add some monitoring:
+  - modules/profile/manifests/postgresql/ssl.pp (check postgresql certificate)
+  - modules/profile/manifests/postgresql/backup\_pgbouncer.pp (check pgbouncer works)
+  - modules/profile/manifests/apache.pp (check website is accessible and ssl)
+  - modules/profile/manifests/mail.pp (check e-mails are going through)
+  - modules/profile/manifests/redis.pp (check redis is running)
+  - modules/role/\* (role-specific checks)
+- Add redis replication and dumps
+- Restore backups for cryptoportfolio
+- Ensure latest by default for packages
+- try to do a mkfs.ext4 for cloud vps
diff --git a/scripts/ovh_cloud_instance/arch_host_script.sh b/scripts/ovh_cloud_instance/arch_host_script.sh
index 42dcc4a..378b0be 100755
--- a/scripts/ovh_cloud_instance/arch_host_script.sh
+++ b/scripts/ovh_cloud_instance/arch_host_script.sh
@@ -25,7 +25,7 @@ PART="/dev/disk/by-uuid/$UUID"
 # mkfs.ext4 -F -U "$UUID" "$DEVICE"
 sudo mount "$DEVICE" /mnt
-##### FIXME: mkfs.ext4 would be better ####
+##### mkfs.ext4 would be better ####
 for i in /mnt/*; do
  if [ "$i" = "/mnt/boot" ]; then
    # keep /boot/grub
@@ -34,7 +34,7 @@ for i in /mnt/*; do
    sudo rm -rf $i
  fi
 done
-##### /FIXME ####
+##### / ####
 sudo pacstrap -G /mnt base git puppet
diff --git a/scripts/ovh_vps_ssd/arch_chroot_script.sh b/scripts/ovh_vps_ssd/arch_chroot_script.sh
index 7b7887f..57e793b 100755
--- a/scripts/ovh_vps_ssd/arch_chroot_script.sh
+++ b/scripts/ovh_vps_ssd/arch_chroot_script.sh
@@ -10,7 +10,7 @@ DEVICE=$(realpath "$PART")
 # mkfs.ext4 -F -U "$UUID" "$DEVICE"
 mount "$DEVICE" /mnt
-##### FIXME: mkfs.ext4 would be better ####
+##### mkfs.ext4 would be better ####
 for i in /mnt/*; do
  if [ "$i" = "/mnt/boot" ]; then
    # keep /boot/grub
@@ -19,7 +19,7 @@ for i in /mnt/*; do
    rm -rf $i
  fi
 done
-##### /FIXME ####
+##### / ####
 pacstrap -G /mnt base git puppet
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2018-07-10 12:31:32 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2018-07-11 08:02:07 +0200
commit	2742958fd69c91c442685be62140f1e29e363b95 (patch)
tree	987aee9281ce774c031c40d6626797ad7ec878e9
parent	b5305b5cad5cbb0a2c072b29f2d4dc05126c39d4 (diff)
download	Puppet-2742958fd69c91c442685be62140f1e29e363b95.tar.gz Puppet-2742958fd69c91c442685be62140f1e29e363b95.tar.zst Puppet-2742958fd69c91c442685be62140f1e29e363b95.zip