aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2018-03-03 22:24:19 +0100
committerIsmaël Bouya <ismael.bouya@normalesup.org>2018-03-04 12:32:55 +0100
commit85abd2fdbad83430df4824843764719064afb9b4 (patch)
tree767792a5691b3b253508a87362cde079a4a6f8fb
parenta77b768abb31be9e19563e130d763f163496477d (diff)
downloadPuppet-85abd2fdbad83430df4824843764719064afb9b4.tar.gz
Puppet-85abd2fdbad83430df4824843764719064afb9b4.tar.zst
Puppet-85abd2fdbad83430df4824843764719064afb9b4.zip
Fetch node informations from LDAP
environment, hostname
-rwxr-xr-xbin/install_script.sh12
-rw-r--r--environments/integration/data/common.yaml25
-rw-r--r--environments/integration/data/roles/cryptoportfolio.yaml (renamed from environments/production/data/nodes/vps494082.yaml)4
-rw-r--r--environments/integration/data/types/vps-ovhssd-1.yaml10
-rw-r--r--environments/integration/hiera.yaml19
-rw-r--r--environments/production/data/nodes/vps464408.novalocal.yaml1
-rw-r--r--environments/production/data/roles/cryptoportfolio.yaml4
-rw-r--r--environments/production/data/types/vps-ovhssd-1.yaml1
-rw-r--r--environments/production/hiera.yaml9
-rw-r--r--modules/base_installation/manifests/init.pp1
-rw-r--r--modules/base_installation/manifests/params.pp1
-rw-r--r--modules/base_installation/manifests/system_config.pp34
-rw-r--r--modules/base_installation/templates/puppet/host_ldap.info.erb4
-rw-r--r--modules/base_installation/templates/puppet/puppet.conf.erb4
-rw-r--r--modules/profile/manifests/apache.pp8
-rw-r--r--modules/role/manifests/cryptoportfolio.pp2
-rw-r--r--python/list_servers.py12
17 files changed, 118 insertions, 33 deletions
diff --git a/bin/install_script.sh b/bin/install_script.sh
index 49a737f..6b1aa39 100755
--- a/bin/install_script.sh
+++ b/bin/install_script.sh
@@ -12,6 +12,7 @@ cat <<EOF
12 --no-reboot-start Don't reboot to rescue at the beginning 12 --no-reboot-start Don't reboot to rescue at the beginning
13 --no-reboot-end Don't reboot to normal at the end 13 --no-reboot-end Don't reboot to normal at the end
14 --git-branch Use another puppet branch (default: master) 14 --git-branch Use another puppet branch (default: master)
15 --environment Environment to use for the installl (default: production)
15EOF 16EOF
16} 17}
17 18
@@ -19,6 +20,7 @@ set -e
19 20
20host_user=root 21host_user=root
21git_branch=master 22git_branch=master
23environment=production
22 24
23while [ -n "$1" ]; do 25while [ -n "$1" ]; do
24 case "$1" in 26 case "$1" in
@@ -50,6 +52,10 @@ while [ -n "$1" ]; do
50 git_branch="$2" 52 git_branch="$2"
51 shift 53 shift
52 ;; 54 ;;
55 --environment)
56 environment="$2"
57 shift
58 ;;
53 --help|-h) 59 --help|-h)
54 usage 60 usage
55 exit 0 61 exit 0
@@ -173,9 +179,9 @@ cat > $ARCH_INSTALL_SCRIPT <<EOF
173CODE_PATH="/etc/puppetlabs/code" 179CODE_PATH="/etc/puppetlabs/code"
174rm -rf \$CODE_PATH 180rm -rf \$CODE_PATH
175git clone -b $git_branch --recursive https://git.immae.eu/perso/Immae/Projets/Puppet.git \$CODE_PATH 181git clone -b $git_branch --recursive https://git.immae.eu/perso/Immae/Projets/Puppet.git \$CODE_PATH
176puppet apply --tags base_installation --test \$CODE_PATH/manifests/site.pp 182puppet apply --environment $environment --tags base_installation --test \$CODE_PATH/manifests/site.pp
177# The password seed requires puppet to be run twice 183# The password seed requires puppet to be run twice
178puppet apply --tags base_installation --test \$CODE_PATH/manifests/site.pp 184puppet apply --environment $environment --tags base_installation --test \$CODE_PATH/manifests/site.pp
179EOF 185EOF
180 186
181chmod a+x $ARCH_HOST_SCRIPT $ARCH_CHROOT_SCRIPT $ARCH_INSTALL_SCRIPT 187chmod a+x $ARCH_HOST_SCRIPT $ARCH_CHROOT_SCRIPT $ARCH_INSTALL_SCRIPT
@@ -197,7 +203,7 @@ read -p "Press key when LDAP is configured" i
197 203
198cat > $ARCH_PUPPET_CONFIGURATION_SCRIPT <<EOF 204cat > $ARCH_PUPPET_CONFIGURATION_SCRIPT <<EOF
199CODE_PATH="/etc/puppetlabs/code" 205CODE_PATH="/etc/puppetlabs/code"
200puppet apply --tags base_installation --test \$CODE_PATH/manifests/site.pp 206puppet apply --environment $environment --tags base_installation --test \$CODE_PATH/manifests/site.pp
201EOF 207EOF
202 208
203cat > $ARCH_HOST_PUPPET_CONFIGURATION_SCRIPT <<EOF 209cat > $ARCH_HOST_PUPPET_CONFIGURATION_SCRIPT <<EOF
diff --git a/environments/integration/data/common.yaml b/environments/integration/data/common.yaml
new file mode 100644
index 0000000..78cce6b
--- /dev/null
+++ b/environments/integration/data/common.yaml
@@ -0,0 +1,25 @@
1---
2classes:
3 stdlib: ~
4
5base_installation::ldap_base: "dc=immae,dc=eu"
6base_installation::ldap_dn: "cn=%{facts.ec2_metadata.hostname},ou=hosts,dc=immae,dc=eu"
7base_installation::ldap_cn: "%{facts.ec2_metadata.hostname}"
8base_installation::ldap_server: "ldap.immae.eu"
9base_installation::ldap_uri: "ldaps://ldap.immae.eu"
10base_installation::puppet_conf_path: "/etc/puppetlabs/puppet"
11base_installation::puppet_code_path: "/etc/puppetlabs/code"
12base_installation::puppet_pass_seed: "/etc/puppetlabs/puppet/password_seed"
13base_installation::puppet_ssl_path: "/etc/puppetlabs/ssl"
14base_installation::system_locales: ["fr_FR.UTF-8", "en_US.UTF-8"]
15base_installation::system_timezone: "Europe/Paris"
16base_installation::system_users:
17 - userid: 1000
18 username: "immae"
19 groups: ["wheel"]
20 keys:
21 - host: "immae.eu"
22 key: "AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5PgLBwMRyRwzJPnSgUyRAuB9AAxMijsw1pR/t/wmxQne1O5fIPOleHx+D8dyZbwm+XkzlcJpgT0Qy3qC9J8BPhshJvO/tA/8CI/oS/FE0uWsyACH1DMO2dk4gRRZGSE9IuzDMRPlnfZ3n0tdsPzzv3GH4It/oPIgsvkTowKztGLQ7Xmjr5BxzAhXcIQymqA0U3XWHSdWvnSRDaOFG0PDoVMS85IdwlviVKLnV5Sstb4NC/P28LFfgvW8DO/XrOqujgDomqTmR41dK/AyrGGOb2cQUMO4l8Oa+74aOyKaB61rr/rJkr+wCbEttkTvgFa6zZygSk3edfiWE2rgn4+v"
23 key_type: "ssh-rsa"
24xmr_stak::mining_pool: "pool.minexmr.com:7777"
25xmr_stak::wallet: "44CA8TxTFYbQqN2kLyk8AnB6Ghz4mcbGpYC2EyXW7A8H9QspvWnTjDn39XUZDPrFwPa5JNwt4TmAxcooPWv4SaJqL87Bcdo"
diff --git a/environments/production/data/nodes/vps494082.yaml b/environments/integration/data/roles/cryptoportfolio.yaml
index c7d1c85..7464b3d 100644
--- a/environments/production/data/nodes/vps494082.yaml
+++ b/environments/integration/data/roles/cryptoportfolio.yaml
@@ -1,4 +1,6 @@
1base_installation::system_hostname: cryptoportfolio.immae.eu 1---
2classes:
3 role::cryptoportfolio: ~
2cryptoportfolio::front_version: v0.0.2 4cryptoportfolio::front_version: v0.0.2
3cryptoportfolio::front_sha256: 2ace0197a34f9f130523eecf8a43aa4f411cdca09de33838e074f25a7e1d6c5e 5cryptoportfolio::front_sha256: 2ace0197a34f9f130523eecf8a43aa4f411cdca09de33838e074f25a7e1d6c5e
4cryptoportfolio::bot_version: v0.2-4-gf70bb85 6cryptoportfolio::bot_version: v0.2-4-gf70bb85
diff --git a/environments/integration/data/types/vps-ovhssd-1.yaml b/environments/integration/data/types/vps-ovhssd-1.yaml
new file mode 100644
index 0000000..73f7a45
--- /dev/null
+++ b/environments/integration/data/types/vps-ovhssd-1.yaml
@@ -0,0 +1,10 @@
1---
2classes:
3 base_installation:
4 stage: "setup"
5
6base_installation::system_hostname: "%{ldapvar.self.vars.host.0}"
7base_installation::real_hostname: "%{facts.ec2_metadata.hostname}.ovh.net"
8base_installation::grub_device: "/dev/sdb"
9base_installation::ldap_cert_path: "/etc/ssl/certs/ca-certificates.crt"
10ssl::try_letsencrypt_for_real_hostname: false
diff --git a/environments/integration/hiera.yaml b/environments/integration/hiera.yaml
new file mode 100644
index 0000000..a63fc92
--- /dev/null
+++ b/environments/integration/hiera.yaml
@@ -0,0 +1,19 @@
1---
2version: 5
3
4defaults:
5 datadir: data
6 data_hash: yaml_data
7
8hierarchy:
9 - name: "Initialization variables"
10 path: "/root/puppet_variables.json"
11
12 - name: "Per-role data"
13 mapped_paths: [ldapvar.self.vars.roles, role, "roles/%{role}.yaml"]
14
15 - name: "Per-type data"
16 path: "types/%{facts.ec2_metadata.instance-type}.yaml"
17
18 - name: "Common data"
19 path: "common.yaml"
diff --git a/environments/production/data/nodes/vps464408.novalocal.yaml b/environments/production/data/nodes/vps464408.novalocal.yaml
deleted file mode 100644
index ad3a440..0000000
--- a/environments/production/data/nodes/vps464408.novalocal.yaml
+++ /dev/null
@@ -1 +0,0 @@
1base_installation::system_hostname: ns2.immae.eu
diff --git a/environments/production/data/roles/cryptoportfolio.yaml b/environments/production/data/roles/cryptoportfolio.yaml
index da46382..7464b3d 100644
--- a/environments/production/data/roles/cryptoportfolio.yaml
+++ b/environments/production/data/roles/cryptoportfolio.yaml
@@ -1,3 +1,7 @@
1--- 1---
2classes: 2classes:
3 role::cryptoportfolio: ~ 3 role::cryptoportfolio: ~
4cryptoportfolio::front_version: v0.0.2
5cryptoportfolio::front_sha256: 2ace0197a34f9f130523eecf8a43aa4f411cdca09de33838e074f25a7e1d6c5e
6cryptoportfolio::bot_version: v0.2-4-gf70bb85
7cryptoportfolio::bot_sha256: e9850a667e0672cdd0363bb93124b59610c4d67e3ed9908b004a9d15c2276340
diff --git a/environments/production/data/types/vps-ovhssd-1.yaml b/environments/production/data/types/vps-ovhssd-1.yaml
index 9130ad1..73f7a45 100644
--- a/environments/production/data/types/vps-ovhssd-1.yaml
+++ b/environments/production/data/types/vps-ovhssd-1.yaml
@@ -3,6 +3,7 @@ classes:
3 base_installation: 3 base_installation:
4 stage: "setup" 4 stage: "setup"
5 5
6base_installation::system_hostname: "%{ldapvar.self.vars.host.0}"
6base_installation::real_hostname: "%{facts.ec2_metadata.hostname}.ovh.net" 7base_installation::real_hostname: "%{facts.ec2_metadata.hostname}.ovh.net"
7base_installation::grub_device: "/dev/sdb" 8base_installation::grub_device: "/dev/sdb"
8base_installation::ldap_cert_path: "/etc/ssl/certs/ca-certificates.crt" 9base_installation::ldap_cert_path: "/etc/ssl/certs/ca-certificates.crt"
diff --git a/environments/production/hiera.yaml b/environments/production/hiera.yaml
index 9cedf47..a63fc92 100644
--- a/environments/production/hiera.yaml
+++ b/environments/production/hiera.yaml
@@ -6,15 +6,6 @@ defaults:
6 data_hash: yaml_data 6 data_hash: yaml_data
7 7
8hierarchy: 8hierarchy:
9# FIXME: those informations should be taken in LDAP, but bootstrap
10# problem for the hostname
11 - name: "Per-named-node data"
12 mapped_paths: [ldapvar.self.cn, hostname, "named_nodes/%{hostname}.yaml"]
13
14 - name: "Per-node data"
15 path: "nodes/%{facts.ec2_metadata.hostname}.yaml"
16### /FIXME
17
18 - name: "Initialization variables" 9 - name: "Initialization variables"
19 path: "/root/puppet_variables.json" 10 path: "/root/puppet_variables.json"
20 11
diff --git a/modules/base_installation/manifests/init.pp b/modules/base_installation/manifests/init.pp
index f9fdcd4..998f8ff 100644
--- a/modules/base_installation/manifests/init.pp
+++ b/modules/base_installation/manifests/init.pp
@@ -10,6 +10,7 @@ class base_installation (
10 Optional[String] $puppet_conf_path = $base_installation::params::puppet_conf_path, 10 Optional[String] $puppet_conf_path = $base_installation::params::puppet_conf_path,
11 Optional[String] $puppet_pass_seed = $base_installation::params::puppet_pass_seed, 11 Optional[String] $puppet_pass_seed = $base_installation::params::puppet_pass_seed,
12 Optional[String] $puppet_ssl_path = $base_installation::params::puppet_ssl_path, 12 Optional[String] $puppet_ssl_path = $base_installation::params::puppet_ssl_path,
13 Optional[String] $real_hostname = $base_installation::params::real_hostname,
13 Optional[String] $system_hostname = $base_installation::params::system_hostname, 14 Optional[String] $system_hostname = $base_installation::params::system_hostname,
14 Optional[Array[String]] $system_locales = $base_installation::params::system_locales, 15 Optional[Array[String]] $system_locales = $base_installation::params::system_locales,
15 Optional[String] $system_timezone = $base_installation::params::system_timezone, 16 Optional[String] $system_timezone = $base_installation::params::system_timezone,
diff --git a/modules/base_installation/manifests/params.pp b/modules/base_installation/manifests/params.pp
index c03eb1e..5ade838 100644
--- a/modules/base_installation/manifests/params.pp
+++ b/modules/base_installation/manifests/params.pp
@@ -10,6 +10,7 @@ class base_installation::params {
10 $ldap_cert_path = "/etc/ssl/certs/ca-certificates.crt" 10 $ldap_cert_path = "/etc/ssl/certs/ca-certificates.crt"
11 $ldap_uri = "ldaps://ldap.example.com" 11 $ldap_uri = "ldaps://ldap.example.com"
12 $ldap_server = "ldap.example.com" 12 $ldap_server = "ldap.example.com"
13 $real_hostname = "example.com"
13 $system_hostname = "example.com" 14 $system_hostname = "example.com"
14 $system_locales = ["en_US.UTF-8"] 15 $system_locales = ["en_US.UTF-8"]
15 $system_timezone = "UTC" 16 $system_timezone = "UTC"
diff --git a/modules/base_installation/manifests/system_config.pp b/modules/base_installation/manifests/system_config.pp
index 25bfe0f..ccc5dcc 100644
--- a/modules/base_installation/manifests/system_config.pp
+++ b/modules/base_installation/manifests/system_config.pp
@@ -6,23 +6,27 @@ class base_installation::system_config inherits base_installation {
6 } 6 }
7 } 7 }
8 8
9 unless empty($base_installation::system_hostname) { 9 if empty($base_installation::system_hostname) {
10 file { '/etc/hostname': 10 $hostname = $base_installation::real_hostname
11 content => "$base_installation::system_hostname\n", 11 } else {
12 } 12 $hostname = $base_installation::system_hostname
13 }
13 14
14 exec { "set_hostname": 15 file { '/etc/hostname':
15 command => "/usr/bin/hostnamectl set-hostname $base_installation::system_hostname", 16 content => "$base_installation::system_hostname\n",
16 refreshonly => true, 17 }
17 subscribe => File["/etc/hostname"],
18 returns => [0, 1],
19 }
20 18
21 # TODO: find a way to ensure that /etc/hostname doesn't change 19 exec { "set_hostname":
22 # exec { "set_hostname_firstboot": 20 command => "/usr/bin/hostnamectl set-hostname $base_installation::system_hostname",
23 # command => "/usr/bin/systemd-firstboot --hostname=$base_installation::system_hostname", 21 refreshonly => true,
24 # creates => "/etc/hostname", 22 subscribe => File["/etc/hostname"],
25 # } 23 returns => [0, 1],
26 } 24 }
27 25
26 # TODO: find a way to ensure that /etc/hostname doesn't change
27 # exec { "set_hostname_firstboot":
28 # command => "/usr/bin/systemd-firstboot --hostname=$base_installation::system_hostname",
29 # creates => "/etc/hostname",
30 # }
31
28} 32}
diff --git a/modules/base_installation/templates/puppet/host_ldap.info.erb b/modules/base_installation/templates/puppet/host_ldap.info.erb
index 525739b..a71c6f3 100644
--- a/modules/base_installation/templates/puppet/host_ldap.info.erb
+++ b/modules/base_installation/templates/puppet/host_ldap.info.erb
@@ -2,7 +2,6 @@
2ldapadd -D "cn=root,<%= @ldap_base %>" -W << 'EOF' 2ldapadd -D "cn=root,<%= @ldap_base %>" -W << 'EOF'
3dn: <%= @ldap_dn %> 3dn: <%= @ldap_dn %>
4cn: <%= @ldap_cn %> 4cn: <%= @ldap_cn %>
5cn: <%= @system_hostname %>
6objectclass: device 5objectclass: device
7objectclass: top 6objectclass: top
8objectclass: simpleSecurityObject 7objectclass: simpleSecurityObject
@@ -12,6 +11,7 @@ objectclass: ipHost
12<% unless @ips["v4"].nil? -%>ipHostNumber: <%= @ips["v4"]["ipAddress"] %><%- end %> 11<% unless @ips["v4"].nil? -%>ipHostNumber: <%= @ips["v4"]["ipAddress"] %><%- end %>
13<% unless @ips["v6"].nil? -%>ipHostNumber: <%= @ips["v6"]["ipAddress"] %>/<%= @ips["v6"]["mask"] %><%- end %> 12<% unless @ips["v6"].nil? -%>ipHostNumber: <%= @ips["v6"]["ipAddress"] %>/<%= @ips["v6"]["mask"] %><%- end %>
14<%- end -%> 13<%- end -%>
14environment: <%= @environment %>
15userpassword: {SSHA}<%= Base64.encode64(Digest::SHA1.digest(@ldap_password+@ssha_ldap_seed)+@ssha_ldap_seed).chomp! %> 15userpassword: {SSHA}<%= Base64.encode64(Digest::SHA1.digest(@ldap_password+@ssha_ldap_seed)+@ssha_ldap_seed).chomp! %>
16EOF 16EOF
17#### Or modify an existing entry: 17#### Or modify an existing entry:
@@ -20,6 +20,8 @@ dn: <%= @ldap_dn %>
20changetype: modify 20changetype: modify
21replace: userPassword 21replace: userPassword
22userpassword: {SSHA}<%= Base64.encode64(Digest::SHA1.digest(@ldap_password+@ssha_ldap_seed)+@ssha_ldap_seed).chomp! %> 22userpassword: {SSHA}<%= Base64.encode64(Digest::SHA1.digest(@ldap_password+@ssha_ldap_seed)+@ssha_ldap_seed).chomp! %>
23replace: environment
24environment: <%= @environment %>
23<%- unless @ips.empty? -%> 25<%- unless @ips.empty? -%>
24- 26-
25delete: ipHostNumber 27delete: ipHostNumber
diff --git a/modules/base_installation/templates/puppet/puppet.conf.erb b/modules/base_installation/templates/puppet/puppet.conf.erb
index 3748039..24e67c8 100644
--- a/modules/base_installation/templates/puppet/puppet.conf.erb
+++ b/modules/base_installation/templates/puppet/puppet.conf.erb
@@ -1,8 +1,10 @@
1[main] 1[main]
2ssldir = <%= @puppet_ssl_path %> 2ssldir = <%= @puppet_ssl_path %>
3 3
4environment = <%= @environment %>
5
4node_terminus = ldap 6node_terminus = ldap
5certname = <%= @system_hostname %> 7certname = <%= @real_hostname %>
6ldapserver = <%= @ldap_server %> 8ldapserver = <%= @ldap_server %>
7ldaptls = true 9ldaptls = true
8ldapbase = <%= @ldap_base %> 10ldapbase = <%= @ldap_base %>
diff --git a/modules/profile/manifests/apache.pp b/modules/profile/manifests/apache.pp
index 605b701..8db58da 100644
--- a/modules/profile/manifests/apache.pp
+++ b/modules/profile/manifests/apache.pp
@@ -49,11 +49,17 @@ class profile::apache {
49 ] 49 ]
50 } 50 }
51 51
52 exec { 'Start-apache':
53 command => "/usr/bin/systemctl start httpd",
54 before => Class["::letsencrypt"],
55 unless => "/usr/bin/systemctl is-active httpd",
56 }
57
52 $letsencrypt_certonly_default = { 58 $letsencrypt_certonly_default = {
53 plugin => "webroot", 59 plugin => "webroot",
54 webroot_paths => ["/srv/http/"], 60 webroot_paths => ["/srv/http/"],
55 notify => Class['Apache::Service'], 61 notify => Class['Apache::Service'],
56 require => [Apache::Vhost["redirect_no_ssl"],Apache::Custom_config["letsencrypt.conf"]], 62 require => [Exec['Start-apache'],Apache::Vhost["redirect_no_ssl"],Apache::Custom_config["letsencrypt.conf"]],
57 manage_cron => true, 63 manage_cron => true,
58 } 64 }
59 65
diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp
index 32b6ac7..1e39479 100644
--- a/modules/role/manifests/cryptoportfolio.pp
+++ b/modules/role/manifests/cryptoportfolio.pp
@@ -26,7 +26,7 @@ class role::cryptoportfolio {
26 $cf_group = "cryptoportfolio" 26 $cf_group = "cryptoportfolio"
27 $cf_home = "/opt/cryptoportfolio" 27 $cf_home = "/opt/cryptoportfolio"
28 $cf_env = "prod" 28 $cf_env = "prod"
29 $cf_front_app_host = "cryptoportfolio.immae.eu" 29 $cf_front_app_host = lookup("base_installation::system_hostname") |$key| { "example.com" }
30 $cf_front_app_port = "" 30 $cf_front_app_port = ""
31 $cf_front_app_ssl = "true" 31 $cf_front_app_ssl = "true"
32 $cf_front_app = "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front" 32 $cf_front_app = "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front"
diff --git a/python/list_servers.py b/python/list_servers.py
new file mode 100644
index 0000000..9b8bc64
--- /dev/null
+++ b/python/list_servers.py
@@ -0,0 +1,12 @@
1try:
2 from ovh import ovh
3except ImportError:
4 # In case it's installed globally
5 import ovh
6
7client = ovh.Client()
8
9vps_list = client.get('/vps/')
10
11for vps in vps_list:
12 print(vps)