diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-03-04 21:20:20 +0100 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-03-04 21:20:20 +0100 |
commit | 89c7d1dea4af6026af00624af77bb1a08c8ebd53 (patch) | |
tree | 6c3b46adcdadcd75aada126cacf0a36202f31e3e /modules | |
parent | a77b768abb31be9e19563e130d763f163496477d (diff) | |
parent | c17e63ed33a5260ea5bf0f869d7dce39676526cb (diff) | |
download | Puppet-89c7d1dea4af6026af00624af77bb1a08c8ebd53.tar.gz Puppet-89c7d1dea4af6026af00624af77bb1a08c8ebd53.tar.zst Puppet-89c7d1dea4af6026af00624af77bb1a08c8ebd53.zip |
Merge branch 'new_node'
Diffstat (limited to 'modules')
-rw-r--r-- | modules/base_installation/files/cronie/puppet-post-merge | 2 | ||||
-rw-r--r-- | modules/base_installation/files/scripts/puppet_reset_and_apply | 14 | ||||
-rw-r--r-- | modules/base_installation/files/scripts/report_print.rb | 396 | ||||
-rw-r--r-- | modules/base_installation/manifests/cronie.pp | 4 | ||||
-rw-r--r-- | modules/base_installation/manifests/init.pp | 1 | ||||
-rw-r--r-- | modules/base_installation/manifests/params.pp | 1 | ||||
-rw-r--r-- | modules/base_installation/manifests/puppet.pp | 12 | ||||
-rw-r--r-- | modules/base_installation/manifests/system_config.pp | 34 | ||||
-rw-r--r-- | modules/base_installation/templates/puppet/host_ldap.info.erb | 4 | ||||
-rw-r--r-- | modules/base_installation/templates/puppet/puppet.conf.erb | 4 | ||||
-rw-r--r-- | modules/profile/manifests/apache.pp | 8 | ||||
-rw-r--r-- | modules/role/manifests/cryptoportfolio.pp | 123 |
12 files changed, 515 insertions, 88 deletions
diff --git a/modules/base_installation/files/cronie/puppet-post-merge b/modules/base_installation/files/cronie/puppet-post-merge index 35fa2d7..ac5e3ff 100644 --- a/modules/base_installation/files/cronie/puppet-post-merge +++ b/modules/base_installation/files/cronie/puppet-post-merge | |||
@@ -1,7 +1,7 @@ | |||
1 | #!/bin/bash | 1 | #!/bin/bash |
2 | ## Run Puppet locally using puppet apply | 2 | ## Run Puppet locally using puppet apply |
3 | git submodule update --init | 3 | git submodule update --init |
4 | /usr/bin/puppet apply --test `pwd`/manifests/site.pp | 4 | /usr/bin/puppet apply `pwd`/manifests/site.pp |
5 | 5 | ||
6 | ## Log status of the Puppet run | 6 | ## Log status of the Puppet run |
7 | if [ $? -eq 0 ] | 7 | if [ $? -eq 0 ] |
diff --git a/modules/base_installation/files/scripts/puppet_reset_and_apply b/modules/base_installation/files/scripts/puppet_reset_and_apply new file mode 100644 index 0000000..ff71aa8 --- /dev/null +++ b/modules/base_installation/files/scripts/puppet_reset_and_apply | |||
@@ -0,0 +1,14 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | cd /etc/puppetlabs/code | ||
4 | git fetch origin | ||
5 | |||
6 | branch="master" | ||
7 | if [ -n "$1" ]; then | ||
8 | branch="$1" | ||
9 | fi | ||
10 | |||
11 | git reset --hard origin/$1 | ||
12 | |||
13 | git submodule update --init | ||
14 | puppet apply --test manifests/site.pp | ||
diff --git a/modules/base_installation/files/scripts/report_print.rb b/modules/base_installation/files/scripts/report_print.rb new file mode 100644 index 0000000..632374c --- /dev/null +++ b/modules/base_installation/files/scripts/report_print.rb | |||
@@ -0,0 +1,396 @@ | |||
1 | #!/usr/bin/env ruby | ||
2 | # This file was modified from its original version at | ||
3 | # https://github.com/ripienaar/puppet-reportprint/ | ||
4 | # | ||
5 | # Copyright 2013-2016 R.I.Pienaar and contributors | ||
6 | # | ||
7 | # Licensed under the Apache License, Version 2.0 (the "License"); | ||
8 | # you may not use this file except in compliance with the License. | ||
9 | # You may obtain a copy of the License at | ||
10 | # | ||
11 | # http://www.apache.org/licenses/LICENSE-2.0 | ||
12 | # | ||
13 | # Unless required by applicable law or agreed to in writing, software | ||
14 | # distributed under the License is distributed on an "AS IS" BASIS, | ||
15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
16 | # See the License for the specific language governing permissions and | ||
17 | # limitations under the License. | ||
18 | |||
19 | require 'puppet' | ||
20 | require 'pp' | ||
21 | require 'optparse' | ||
22 | |||
23 | def get_server_reports_dir | ||
24 | Puppet.settings[:reportdir] | ||
25 | end | ||
26 | |||
27 | class ::Numeric | ||
28 | def bytes_to_human | ||
29 | # Prevent nonsense values being returned for fractions | ||
30 | if self >= 1 | ||
31 | units = ['B', 'KB', 'MB' ,'GB' ,'TB'] | ||
32 | e = (Math.log(self)/Math.log(1024)).floor | ||
33 | # Cap at TB | ||
34 | e = 4 if e > 4 | ||
35 | s = "%.2f " % (to_f / 1024**e) | ||
36 | s.sub(/\.?0*$/, units[e]) | ||
37 | else | ||
38 | "0 B" | ||
39 | end | ||
40 | end | ||
41 | end | ||
42 | |||
43 | def load_report(path) | ||
44 | YAML.load_file(path) | ||
45 | end | ||
46 | |||
47 | def report_resources(report) | ||
48 | report.resource_statuses | ||
49 | end | ||
50 | |||
51 | def resource_with_evaluation_time(report) | ||
52 | report_resources(report).select{|r_name, r| !r.evaluation_time.nil? } | ||
53 | end | ||
54 | |||
55 | def resource_by_eval_time(report) | ||
56 | report_resources(report).reject{|r_name, r| r.evaluation_time.nil? }.sort_by{|r_name, r| r.evaluation_time rescue 0} | ||
57 | end | ||
58 | |||
59 | def resources_of_type(report, type) | ||
60 | report_resources(report).select{|r_name, r| r.resource_type == type} | ||
61 | end | ||
62 | |||
63 | def color(code, msg, reset=false) | ||
64 | colors = { | ||
65 | :red => "[31m", | ||
66 | :green => "[32m", | ||
67 | :yellow => "[33m", | ||
68 | :cyan => "[36m", | ||
69 | :bold => "[1m", | ||
70 | :underline => "[4m", | ||
71 | :reset => "[0m", | ||
72 | } | ||
73 | |||
74 | colors.merge!( | ||
75 | :changed => colors[:yellow], | ||
76 | :unchanged => colors[:green], | ||
77 | :failed => colors[:red] | ||
78 | ) | ||
79 | |||
80 | return "%s%s%s%s" % [colors.fetch(code, ""), msg, colors[:reset], reset ? colors.fetch(reset, "") : ""] if @options[:color] | ||
81 | |||
82 | msg | ||
83 | end | ||
84 | |||
85 | def print_report_summary(report) | ||
86 | puts color(:bold, "Report for %s in environment %s at %s" % [color(:underline, report.host, :bold), color(:underline, report.environment, :bold), color(:underline, report.time, :bold)]) | ||
87 | puts | ||
88 | puts " Report File: %s" % @options[:report] | ||
89 | puts " Report Status: %s" % report.status | ||
90 | puts " Puppet Version: %s" % report.puppet_version | ||
91 | puts " Report Format: %s" % report.report_format | ||
92 | puts " Configuration Version: %s" % report.configuration_version | ||
93 | puts " UUID: %s" % report.transaction_uuid rescue nil | ||
94 | puts " Log Lines: %s %s" % [report.logs.size, @options[:logs] ? "" : "(show with --log)"] | ||
95 | |||
96 | puts | ||
97 | end | ||
98 | |||
99 | def print_report_motd(report, motd_path) | ||
100 | motd = [] | ||
101 | header = "# #{report.host} #" | ||
102 | headline = "#" * header.size | ||
103 | motd << headline << header << headline << '' | ||
104 | |||
105 | motd << "Last puppet run happened at %s in environment %s." % [report.time, report.environment] | ||
106 | |||
107 | motd << "The result of this puppet run was %s." % color(report.status.to_sym, report.status) | ||
108 | |||
109 | if report.metrics.empty? or report.metrics["events"].nil? | ||
110 | motd << 'No Report Metrics.' | ||
111 | else | ||
112 | motd << 'Events:' | ||
113 | report.metrics["events"].values.each do |metric| | ||
114 | i, m, v = metric | ||
115 | motd.last << ' ' << [m, v].join(': ') << '.' | ||
116 | end | ||
117 | end | ||
118 | |||
119 | motd << '' << '' | ||
120 | |||
121 | File.write(motd_path, motd.join("\n")) | ||
122 | end | ||
123 | |||
124 | def print_report_metrics(report) | ||
125 | if report.metrics.empty? | ||
126 | puts color(:bold, "No Report Metrics") | ||
127 | puts | ||
128 | return | ||
129 | end | ||
130 | |||
131 | puts color(:bold, "Report Metrics:") | ||
132 | puts | ||
133 | |||
134 | padding = report.metrics.map{|i, m| m.values}.flatten(1).map{|i, m, v| m.size}.sort[-1] + 6 | ||
135 | |||
136 | report.metrics.sort_by{|i, m| m.label}.each do |i, metric| | ||
137 | puts " %s:" % metric.label | ||
138 | |||
139 | metric.values.sort_by{|j, m, v| v}.reverse.each do |j, m, v| | ||
140 | puts "%#{padding}s: %s" % [m, v] | ||
141 | end | ||
142 | |||
143 | puts | ||
144 | end | ||
145 | |||
146 | puts | ||
147 | end | ||
148 | |||
149 | def print_summary_by_type(report) | ||
150 | summary = {} | ||
151 | |||
152 | report_resources(report).each do |resource| | ||
153 | if resource[0] =~ /^(.+?)\[/ | ||
154 | name = $1 | ||
155 | |||
156 | summary[name] ||= 0 | ||
157 | summary[name] += 1 | ||
158 | else | ||
159 | STDERR.puts "ERROR: Cannot parse type %s" % resource[0] | ||
160 | end | ||
161 | end | ||
162 | |||
163 | puts color(:bold, "Resources by resource type:") | ||
164 | puts | ||
165 | |||
166 | summary.sort_by{|k, v| v}.reverse.each do |type, count| | ||
167 | puts " %4d %s" % [count, type] | ||
168 | end | ||
169 | |||
170 | puts | ||
171 | end | ||
172 | |||
173 | def print_slow_resources(report, number=20) | ||
174 | if report.report_format < 4 | ||
175 | puts color(:red, " Cannot print slow resources for report versions %d" % report.report_format) | ||
176 | puts | ||
177 | return | ||
178 | end | ||
179 | |||
180 | resources = resource_by_eval_time(report) | ||
181 | |||
182 | number = resources.size if resources.size < number | ||
183 | |||
184 | puts color(:bold, "Slowest %d resources by evaluation time:" % number) | ||
185 | puts | ||
186 | |||
187 | resources[(0-number)..-1].reverse.each do |r_name, r| | ||
188 | puts " %7.2f %s" % [r.evaluation_time, r_name] | ||
189 | end | ||
190 | |||
191 | puts | ||
192 | end | ||
193 | |||
194 | def print_logs(report) | ||
195 | puts color(:bold, "%d Log lines:" % report.logs.size) | ||
196 | puts | ||
197 | |||
198 | report.logs.each do |log| | ||
199 | puts " %s" % log.to_report | ||
200 | end | ||
201 | |||
202 | puts | ||
203 | end | ||
204 | |||
205 | def print_summary_by_containment_path(report, number=20) | ||
206 | resources = resource_with_evaluation_time(report) | ||
207 | |||
208 | containment = Hash.new(0) | ||
209 | |||
210 | resources.each do |r_name, r| | ||
211 | r.containment_path.each do |containment_path| | ||
212 | #if containment_path !~ /\[/ | ||
213 | containment[containment_path] += r.evaluation_time | ||
214 | #end | ||
215 | end | ||
216 | end | ||
217 | |||
218 | number = containment.size if containment.size < number | ||
219 | |||
220 | puts color(:bold, "%d most time consuming containment" % number) | ||
221 | puts | ||
222 | |||
223 | containment.sort_by{|c, s| s}[(0-number)..-1].reverse.each do |c_name, evaluation_time| | ||
224 | puts " %7.2f %s" % [evaluation_time, c_name] | ||
225 | end | ||
226 | |||
227 | puts | ||
228 | end | ||
229 | |||
230 | def print_files(report, number=20) | ||
231 | resources = resources_of_type(report, "File") | ||
232 | |||
233 | files = {} | ||
234 | |||
235 | resources.each do |r_name, r| | ||
236 | if r_name =~ /^File\[(.+)\]$/ | ||
237 | file = $1 | ||
238 | |||
239 | if File.exist?(file) && File.readable?(file) && File.file?(file) && !File.symlink?(file) | ||
240 | files[file] = File.size?(file) || 0 | ||
241 | end | ||
242 | end | ||
243 | end | ||
244 | |||
245 | number = files.size if files.size < number | ||
246 | |||
247 | puts color(:bold, "%d largest managed files" % number) + " (only those with full path as resource name that are readable)" | ||
248 | puts | ||
249 | |||
250 | files.sort_by{|f, s| s}[(0-number)..-1].reverse.each do |f_name, size| | ||
251 | puts " %9s %s" % [size.bytes_to_human, f_name] | ||
252 | end | ||
253 | |||
254 | puts | ||
255 | end | ||
256 | |||
257 | def get_reports_for_node(nodename) | ||
258 | Dir.glob("%s/%s/*.yaml" % [get_server_reports_dir, nodename]).sort_by{|p|File.basename(p, ".*")} | ||
259 | end | ||
260 | |||
261 | def load_report_for_node(nodename, report) | ||
262 | report_path = "%s/%s/%s.yaml" % [get_server_reports_dir, nodename, report] | ||
263 | puts report_path | ||
264 | load_report(report_path) unless report_path.nil? | ||
265 | end | ||
266 | |||
267 | def load_report_by_id(report) | ||
268 | report_glob = "%s/*/%s.yaml" % [get_server_reports_dir, report] | ||
269 | Dir.glob(report_glob).map do |report_path| | ||
270 | puts report_path | ||
271 | load_report(report_path) unless report_path.nil? | ||
272 | end.first | ||
273 | end | ||
274 | |||
275 | def load_last_report_for_node(nodename) | ||
276 | report_path = get_reports_for_node(nodename).last | ||
277 | load_report(report_path) unless report_path.nil? | ||
278 | end | ||
279 | |||
280 | def print_reports_for_node(nodename) | ||
281 | puts color(:bold, "Reports for %s" % nodename) | ||
282 | get_reports_for_node(nodename).each do |report_path| | ||
283 | prefix = File.basename(report_path, ".*") | ||
284 | report = load_report(report_path) | ||
285 | print_report_oneliner(report, prefix) | ||
286 | end | ||
287 | end | ||
288 | |||
289 | def print_report_oneliner(report, prefix) | ||
290 | puts "%s: %s" % [prefix, color(report.status.to_sym, report.status)] | ||
291 | end | ||
292 | |||
293 | def print_node_oneliner(nodename) | ||
294 | report = load_last_report_for_node(nodename) | ||
295 | print_report_oneliner(report, report.name) unless report.nil? | ||
296 | end | ||
297 | |||
298 | def print_server_nodes_status | ||
299 | puts color(:bold, 'Nodes list') | ||
300 | dir = get_server_reports_dir | ||
301 | puts color(:bold, 'No nodes found!') unless Puppet::FileSystem.exist?(dir) | ||
302 | Dir.glob("%s/*/" % dir).each do |node_path| | ||
303 | print_node_oneliner(File.basename(node_path)) | ||
304 | end | ||
305 | end | ||
306 | |||
307 | def initialize_puppet | ||
308 | require 'puppet/util/run_mode' | ||
309 | Puppet.settings.preferred_run_mode = :agent | ||
310 | Puppet.settings.initialize_global_settings([]) | ||
311 | Puppet.settings.initialize_app_defaults(Puppet::Settings.app_defaults_for_run_mode(Puppet.run_mode)) | ||
312 | end | ||
313 | |||
314 | initialize_puppet | ||
315 | |||
316 | opt = OptionParser.new | ||
317 | |||
318 | @options = { | ||
319 | :logs => false, | ||
320 | :history => false, | ||
321 | :server => false, | ||
322 | :node => nil, | ||
323 | :motd => false, | ||
324 | :motd_path => '/etc/motd', | ||
325 | :count => 20, | ||
326 | :report => Puppet[:lastrunreport], | ||
327 | :reportid => nil, | ||
328 | :color => STDOUT.tty?} | ||
329 | |||
330 | opt.on("--logs", "Show logs") do |val| | ||
331 | @options[:logs] = val | ||
332 | end | ||
333 | |||
334 | opt.on("--nodelist", "(Puppet Server) List Puppet nodes and the status of their last report") do |val| | ||
335 | @options[:server] = val | ||
336 | end | ||
337 | |||
338 | opt.on("--node [NODE]", "(Puppet Server) Use last report of a node") do |val| | ||
339 | @options[:node] = val | ||
340 | end | ||
341 | |||
342 | opt.on("--history", "(with --node) Print the reports history for a node") do |val| | ||
343 | @options[:history] = val | ||
344 | end | ||
345 | |||
346 | opt.on("--motd", "Produce an output suitable for MOTD") do |val| | ||
347 | @options[:motd] = val | ||
348 | end | ||
349 | |||
350 | opt.on("--motd-path [PATH]", "Path to the MOTD file to overwrite with the --motd option") do |val| | ||
351 | @options[:motd_path] = val | ||
352 | end | ||
353 | |||
354 | opt.on("--count [RESOURCES]", Integer, "Number of resources to show evaluation times for") do |val| | ||
355 | @options[:count] = val | ||
356 | end | ||
357 | |||
358 | opt.on("--report [REPORT]", "Path to the Puppet last run report") do |val| | ||
359 | abort("Could not find report %s" % val) unless File.readable?(val) | ||
360 | @options[:report] = val | ||
361 | end | ||
362 | |||
363 | opt.on("--report-id [REPORTID]", "(with --node) ID of the report to load") do |val| | ||
364 | @options[:reportid] = val | ||
365 | end | ||
366 | |||
367 | opt.on("--[no-]color", "Colorize the report") do |val| | ||
368 | @options[:color] = val | ||
369 | end | ||
370 | |||
371 | opt.parse! | ||
372 | |||
373 | report = load_report(@options[:report]) unless @options[:server] or @options[:node] | ||
374 | if @options[:node] and not @options[:history] and not @options[:reportid] | ||
375 | report = load_last_report_for_node(@options[:node]) | ||
376 | elsif @options[:node] and @options[:reportid] | ||
377 | report = load_report_for_node(@options[:node], @options[:reportid]) | ||
378 | elsif @options[:reportid] | ||
379 | report = load_report_by_id(@options[:reportid]) | ||
380 | end | ||
381 | |||
382 | if @options[:server] | ||
383 | print_server_nodes_status | ||
384 | elsif @options[:node] and @options[:history] | ||
385 | print_reports_for_node(@options[:node]) | ||
386 | elsif @options[:motd] | ||
387 | print_report_motd(report, @options[:motd_path]) | ||
388 | else | ||
389 | print_report_summary(report) | ||
390 | print_report_metrics(report) | ||
391 | print_summary_by_type(report) | ||
392 | print_slow_resources(report, @options[:count]) | ||
393 | print_files(report, @options[:count]) | ||
394 | print_summary_by_containment_path(report, @options[:count]) | ||
395 | print_logs(report) if @options[:logs] | ||
396 | end | ||
diff --git a/modules/base_installation/manifests/cronie.pp b/modules/base_installation/manifests/cronie.pp index 4df0e37..72f2d8f 100644 --- a/modules/base_installation/manifests/cronie.pp +++ b/modules/base_installation/manifests/cronie.pp | |||
@@ -19,13 +19,13 @@ class base_installation::cronie inherits base_installation { | |||
19 | } | 19 | } |
20 | cron { 'puppet-apply': | 20 | cron { 'puppet-apply': |
21 | ensure => present, | 21 | ensure => present, |
22 | command => "cd $base_installation::puppet_code_path ; puppet apply --test $base_installation::puppet_code_path/manifests/site.pp", | 22 | command => "cd $base_installation::puppet_code_path ; puppet apply $base_installation::puppet_code_path/manifests/site.pp", |
23 | user => root, | 23 | user => root, |
24 | minute => '*/20' | 24 | minute => '*/20' |
25 | } | 25 | } |
26 | cron { 'puppet-apply-reboot': | 26 | cron { 'puppet-apply-reboot': |
27 | ensure => present, | 27 | ensure => present, |
28 | command => "cd $base_installation::puppet_code_path ; puppet apply --test $base_installation::puppet_code_path/manifests/site.pp", | 28 | command => "cd $base_installation::puppet_code_path ; puppet apply $base_installation::puppet_code_path/manifests/site.pp", |
29 | user => root, | 29 | user => root, |
30 | special => "reboot" | 30 | special => "reboot" |
31 | } | 31 | } |
diff --git a/modules/base_installation/manifests/init.pp b/modules/base_installation/manifests/init.pp index f9fdcd4..998f8ff 100644 --- a/modules/base_installation/manifests/init.pp +++ b/modules/base_installation/manifests/init.pp | |||
@@ -10,6 +10,7 @@ class base_installation ( | |||
10 | Optional[String] $puppet_conf_path = $base_installation::params::puppet_conf_path, | 10 | Optional[String] $puppet_conf_path = $base_installation::params::puppet_conf_path, |
11 | Optional[String] $puppet_pass_seed = $base_installation::params::puppet_pass_seed, | 11 | Optional[String] $puppet_pass_seed = $base_installation::params::puppet_pass_seed, |
12 | Optional[String] $puppet_ssl_path = $base_installation::params::puppet_ssl_path, | 12 | Optional[String] $puppet_ssl_path = $base_installation::params::puppet_ssl_path, |
13 | Optional[String] $real_hostname = $base_installation::params::real_hostname, | ||
13 | Optional[String] $system_hostname = $base_installation::params::system_hostname, | 14 | Optional[String] $system_hostname = $base_installation::params::system_hostname, |
14 | Optional[Array[String]] $system_locales = $base_installation::params::system_locales, | 15 | Optional[Array[String]] $system_locales = $base_installation::params::system_locales, |
15 | Optional[String] $system_timezone = $base_installation::params::system_timezone, | 16 | Optional[String] $system_timezone = $base_installation::params::system_timezone, |
diff --git a/modules/base_installation/manifests/params.pp b/modules/base_installation/manifests/params.pp index c03eb1e..5ade838 100644 --- a/modules/base_installation/manifests/params.pp +++ b/modules/base_installation/manifests/params.pp | |||
@@ -10,6 +10,7 @@ class base_installation::params { | |||
10 | $ldap_cert_path = "/etc/ssl/certs/ca-certificates.crt" | 10 | $ldap_cert_path = "/etc/ssl/certs/ca-certificates.crt" |
11 | $ldap_uri = "ldaps://ldap.example.com" | 11 | $ldap_uri = "ldaps://ldap.example.com" |
12 | $ldap_server = "ldap.example.com" | 12 | $ldap_server = "ldap.example.com" |
13 | $real_hostname = "example.com" | ||
13 | $system_hostname = "example.com" | 14 | $system_hostname = "example.com" |
14 | $system_locales = ["en_US.UTF-8"] | 15 | $system_locales = ["en_US.UTF-8"] |
15 | $system_timezone = "UTC" | 16 | $system_timezone = "UTC" |
diff --git a/modules/base_installation/manifests/puppet.pp b/modules/base_installation/manifests/puppet.pp index a8dc641..b3ce492 100644 --- a/modules/base_installation/manifests/puppet.pp +++ b/modules/base_installation/manifests/puppet.pp | |||
@@ -27,6 +27,18 @@ class base_installation::puppet ( | |||
27 | } | 27 | } |
28 | ### | 28 | ### |
29 | 29 | ||
30 | file { '/usr/local/sbin/i_puppet_reset_and_apply': | ||
31 | mode => "0755", | ||
32 | ensure => present, | ||
33 | source => "puppet:///modules/base_installation/scripts/puppet_reset_and_apply" | ||
34 | } | ||
35 | |||
36 | file { '/usr/local/sbin/i_puppet_report_print': | ||
37 | mode => "0755", | ||
38 | ensure => present, | ||
39 | source => "puppet:///modules/base_installation/scripts/report_print.rb" | ||
40 | } | ||
41 | |||
30 | unless empty(find_file($password_seed)) { | 42 | unless empty(find_file($password_seed)) { |
31 | $ldap_password = generate_password(24, $password_seed, "ldap") | 43 | $ldap_password = generate_password(24, $password_seed, "ldap") |
32 | $ssha_ldap_seed = generate_password(5, $password_seed, "ldap_seed") | 44 | $ssha_ldap_seed = generate_password(5, $password_seed, "ldap_seed") |
diff --git a/modules/base_installation/manifests/system_config.pp b/modules/base_installation/manifests/system_config.pp index 25bfe0f..ccc5dcc 100644 --- a/modules/base_installation/manifests/system_config.pp +++ b/modules/base_installation/manifests/system_config.pp | |||
@@ -6,23 +6,27 @@ class base_installation::system_config inherits base_installation { | |||
6 | } | 6 | } |
7 | } | 7 | } |
8 | 8 | ||
9 | unless empty($base_installation::system_hostname) { | 9 | if empty($base_installation::system_hostname) { |
10 | file { '/etc/hostname': | 10 | $hostname = $base_installation::real_hostname |
11 | content => "$base_installation::system_hostname\n", | 11 | } else { |
12 | } | 12 | $hostname = $base_installation::system_hostname |
13 | } | ||
13 | 14 | ||
14 | exec { "set_hostname": | 15 | file { '/etc/hostname': |
15 | command => "/usr/bin/hostnamectl set-hostname $base_installation::system_hostname", | 16 | content => "$base_installation::system_hostname\n", |
16 | refreshonly => true, | 17 | } |
17 | subscribe => File["/etc/hostname"], | ||
18 | returns => [0, 1], | ||
19 | } | ||
20 | 18 | ||
21 | # TODO: find a way to ensure that /etc/hostname doesn't change | 19 | exec { "set_hostname": |
22 | # exec { "set_hostname_firstboot": | 20 | command => "/usr/bin/hostnamectl set-hostname $base_installation::system_hostname", |
23 | # command => "/usr/bin/systemd-firstboot --hostname=$base_installation::system_hostname", | 21 | refreshonly => true, |
24 | # creates => "/etc/hostname", | 22 | subscribe => File["/etc/hostname"], |
25 | # } | 23 | returns => [0, 1], |
26 | } | 24 | } |
27 | 25 | ||
26 | # TODO: find a way to ensure that /etc/hostname doesn't change | ||
27 | # exec { "set_hostname_firstboot": | ||
28 | # command => "/usr/bin/systemd-firstboot --hostname=$base_installation::system_hostname", | ||
29 | # creates => "/etc/hostname", | ||
30 | # } | ||
31 | |||
28 | } | 32 | } |
diff --git a/modules/base_installation/templates/puppet/host_ldap.info.erb b/modules/base_installation/templates/puppet/host_ldap.info.erb index 525739b..a71c6f3 100644 --- a/modules/base_installation/templates/puppet/host_ldap.info.erb +++ b/modules/base_installation/templates/puppet/host_ldap.info.erb | |||
@@ -2,7 +2,6 @@ | |||
2 | ldapadd -D "cn=root,<%= @ldap_base %>" -W << 'EOF' | 2 | ldapadd -D "cn=root,<%= @ldap_base %>" -W << 'EOF' |
3 | dn: <%= @ldap_dn %> | 3 | dn: <%= @ldap_dn %> |
4 | cn: <%= @ldap_cn %> | 4 | cn: <%= @ldap_cn %> |
5 | cn: <%= @system_hostname %> | ||
6 | objectclass: device | 5 | objectclass: device |
7 | objectclass: top | 6 | objectclass: top |
8 | objectclass: simpleSecurityObject | 7 | objectclass: simpleSecurityObject |
@@ -12,6 +11,7 @@ objectclass: ipHost | |||
12 | <% unless @ips["v4"].nil? -%>ipHostNumber: <%= @ips["v4"]["ipAddress"] %><%- end %> | 11 | <% unless @ips["v4"].nil? -%>ipHostNumber: <%= @ips["v4"]["ipAddress"] %><%- end %> |
13 | <% unless @ips["v6"].nil? -%>ipHostNumber: <%= @ips["v6"]["ipAddress"] %>/<%= @ips["v6"]["mask"] %><%- end %> | 12 | <% unless @ips["v6"].nil? -%>ipHostNumber: <%= @ips["v6"]["ipAddress"] %>/<%= @ips["v6"]["mask"] %><%- end %> |
14 | <%- end -%> | 13 | <%- end -%> |
14 | environment: <%= @environment %> | ||
15 | userpassword: {SSHA}<%= Base64.encode64(Digest::SHA1.digest(@ldap_password+@ssha_ldap_seed)+@ssha_ldap_seed).chomp! %> | 15 | userpassword: {SSHA}<%= Base64.encode64(Digest::SHA1.digest(@ldap_password+@ssha_ldap_seed)+@ssha_ldap_seed).chomp! %> |
16 | EOF | 16 | EOF |
17 | #### Or modify an existing entry: | 17 | #### Or modify an existing entry: |
@@ -20,6 +20,8 @@ dn: <%= @ldap_dn %> | |||
20 | changetype: modify | 20 | changetype: modify |
21 | replace: userPassword | 21 | replace: userPassword |
22 | userpassword: {SSHA}<%= Base64.encode64(Digest::SHA1.digest(@ldap_password+@ssha_ldap_seed)+@ssha_ldap_seed).chomp! %> | 22 | userpassword: {SSHA}<%= Base64.encode64(Digest::SHA1.digest(@ldap_password+@ssha_ldap_seed)+@ssha_ldap_seed).chomp! %> |
23 | replace: environment | ||
24 | environment: <%= @environment %> | ||
23 | <%- unless @ips.empty? -%> | 25 | <%- unless @ips.empty? -%> |
24 | - | 26 | - |
25 | delete: ipHostNumber | 27 | delete: ipHostNumber |
diff --git a/modules/base_installation/templates/puppet/puppet.conf.erb b/modules/base_installation/templates/puppet/puppet.conf.erb index 3748039..24e67c8 100644 --- a/modules/base_installation/templates/puppet/puppet.conf.erb +++ b/modules/base_installation/templates/puppet/puppet.conf.erb | |||
@@ -1,8 +1,10 @@ | |||
1 | [main] | 1 | [main] |
2 | ssldir = <%= @puppet_ssl_path %> | 2 | ssldir = <%= @puppet_ssl_path %> |
3 | 3 | ||
4 | environment = <%= @environment %> | ||
5 | |||
4 | node_terminus = ldap | 6 | node_terminus = ldap |
5 | certname = <%= @system_hostname %> | 7 | certname = <%= @real_hostname %> |
6 | ldapserver = <%= @ldap_server %> | 8 | ldapserver = <%= @ldap_server %> |
7 | ldaptls = true | 9 | ldaptls = true |
8 | ldapbase = <%= @ldap_base %> | 10 | ldapbase = <%= @ldap_base %> |
diff --git a/modules/profile/manifests/apache.pp b/modules/profile/manifests/apache.pp index 605b701..8db58da 100644 --- a/modules/profile/manifests/apache.pp +++ b/modules/profile/manifests/apache.pp | |||
@@ -49,11 +49,17 @@ class profile::apache { | |||
49 | ] | 49 | ] |
50 | } | 50 | } |
51 | 51 | ||
52 | exec { 'Start-apache': | ||
53 | command => "/usr/bin/systemctl start httpd", | ||
54 | before => Class["::letsencrypt"], | ||
55 | unless => "/usr/bin/systemctl is-active httpd", | ||
56 | } | ||
57 | |||
52 | $letsencrypt_certonly_default = { | 58 | $letsencrypt_certonly_default = { |
53 | plugin => "webroot", | 59 | plugin => "webroot", |
54 | webroot_paths => ["/srv/http/"], | 60 | webroot_paths => ["/srv/http/"], |
55 | notify => Class['Apache::Service'], | 61 | notify => Class['Apache::Service'], |
56 | require => [Apache::Vhost["redirect_no_ssl"],Apache::Custom_config["letsencrypt.conf"]], | 62 | require => [Exec['Start-apache'],Apache::Vhost["redirect_no_ssl"],Apache::Custom_config["letsencrypt.conf"]], |
57 | manage_cron => true, | 63 | manage_cron => true, |
58 | } | 64 | } |
59 | 65 | ||
diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp index 32b6ac7..6c760b5 100644 --- a/modules/role/manifests/cryptoportfolio.pp +++ b/modules/role/manifests/cryptoportfolio.pp | |||
@@ -26,7 +26,7 @@ class role::cryptoportfolio { | |||
26 | $cf_group = "cryptoportfolio" | 26 | $cf_group = "cryptoportfolio" |
27 | $cf_home = "/opt/cryptoportfolio" | 27 | $cf_home = "/opt/cryptoportfolio" |
28 | $cf_env = "prod" | 28 | $cf_env = "prod" |
29 | $cf_front_app_host = "cryptoportfolio.immae.eu" | 29 | $cf_front_app_host = lookup("base_installation::system_hostname") |$key| { "example.com" } |
30 | $cf_front_app_port = "" | 30 | $cf_front_app_port = "" |
31 | $cf_front_app_ssl = "true" | 31 | $cf_front_app_ssl = "true" |
32 | $cf_front_app = "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front" | 32 | $cf_front_app = "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front" |
@@ -196,14 +196,14 @@ class role::cryptoportfolio { | |||
196 | require => User[$cf_user], | 196 | require => User[$cf_user], |
197 | } | 197 | } |
198 | 198 | ||
199 | archive { "${cf_home}/${bot_version}.tar.gz": | 199 | archive { "${cf_home}/trader_${bot_version}.tar.gz": |
200 | path => "${cf_home}/${bot_version}.tar.gz", | 200 | path => "${cf_home}/trader_${bot_version}.tar.gz", |
201 | source => "https://git.immae.eu/releases/cryptoportfolio/trader/trader_${bot_version}.tar.gz", | 201 | source => "https://git.immae.eu/releases/cryptoportfolio/trader/trader_${bot_version}.tar.gz", |
202 | checksum_type => "sha256", | 202 | checksum_type => "sha256", |
203 | checksum => $bot_sha256, | 203 | checksum => $bot_sha256, |
204 | cleanup => false, | 204 | cleanup => false, |
205 | extract => true, | 205 | extract => true, |
206 | user => "cryptoportfolio", | 206 | user => $cf_user, |
207 | username => $facts["ec2_metadata"]["hostname"], | 207 | username => $facts["ec2_metadata"]["hostname"], |
208 | password => generate_password(24, $password_seed, "ldap"), | 208 | password => generate_password(24, $password_seed, "ldap"), |
209 | extract_path => $cf_bot_app, | 209 | extract_path => $cf_bot_app, |
@@ -230,7 +230,7 @@ class role::cryptoportfolio { | |||
230 | content => template("role/cryptoportfolio/bot_config.ini.erb"), | 230 | content => template("role/cryptoportfolio/bot_config.ini.erb"), |
231 | require => [ | 231 | require => [ |
232 | User[$cf_user], | 232 | User[$cf_user], |
233 | Archive["${cf_home}/${bot_version}.tar.gz"], | 233 | Archive["${cf_home}/trader_${bot_version}.tar.gz"], |
234 | ], | 234 | ], |
235 | } | 235 | } |
236 | 236 | ||
@@ -244,7 +244,7 @@ class role::cryptoportfolio { | |||
244 | environment => ["HOME=${cf_home}","PATH=/usr/bin/"], | 244 | environment => ["HOME=${cf_home}","PATH=/usr/bin/"], |
245 | require => [ | 245 | require => [ |
246 | File[$cf_bot_app_conf], | 246 | File[$cf_bot_app_conf], |
247 | Archive["${cf_home}/${bot_version}.tar.gz"] | 247 | Archive["${cf_home}/trader_${bot_version}.tar.gz"] |
248 | ], | 248 | ], |
249 | } | 249 | } |
250 | 250 | ||
@@ -258,12 +258,11 @@ class role::cryptoportfolio { | |||
258 | environment => ["HOME=${cf_home}","PATH=/usr/bin/"], | 258 | environment => ["HOME=${cf_home}","PATH=/usr/bin/"], |
259 | require => [ | 259 | require => [ |
260 | File[$cf_bot_app_conf], | 260 | File[$cf_bot_app_conf], |
261 | Archive["${cf_home}/${bot_version}.tar.gz"] | 261 | Archive["${cf_home}/trader_${bot_version}.tar.gz"] |
262 | ], | 262 | ], |
263 | } | 263 | } |
264 | } | 264 | } |
265 | 265 | ||
266 | # FIXME: incorrect build for go app | ||
267 | # FIXME: restore backup | 266 | # FIXME: restore backup |
268 | unless empty($front_version) { | 267 | unless empty($front_version) { |
269 | ensure_packages(["go", "npm", "nodejs", "yarn"]) | 268 | ensure_packages(["go", "npm", "nodejs", "yarn"]) |
@@ -284,56 +283,10 @@ class role::cryptoportfolio { | |||
284 | require => User[$cf_user], | 283 | require => User[$cf_user], |
285 | } | 284 | } |
286 | 285 | ||
287 | archive { "${cf_home}/${front_version}.tar.gz": | ||
288 | path => "${cf_home}/${front_version}.tar.gz", | ||
289 | source => "https://git.immae.eu/releases/cryptoportfolio/front/front_${front_version}.tar.gz", | ||
290 | checksum_type => "sha256", | ||
291 | checksum => $front_sha256, | ||
292 | cleanup => false, | ||
293 | extract => true, | ||
294 | user => $cf_user, | ||
295 | username => $facts["ec2_metadata"]["hostname"], | ||
296 | password => generate_password(24, $password_seed, "ldap"), | ||
297 | extract_path => $cf_front_app, | ||
298 | require => [User[$cf_user], File[$cf_front_app]], | ||
299 | } | ||
300 | |||
301 | file { "${cf_home}/front": | 286 | file { "${cf_home}/front": |
302 | ensure => "link", | 287 | ensure => "link", |
303 | target => $cf_front_app, | 288 | target => $cf_front_app, |
304 | before => File[$cf_front_app], | 289 | before => File[$cf_front_app], |
305 | } ~> | ||
306 | exec { "remove old ${cf_front_app} directory": | ||
307 | refreshonly => true, | ||
308 | user => $cf_user, | ||
309 | command => "/usr/bin/rm -rf ${cf_front_app}", | ||
310 | before => File[$cf_front_app], | ||
311 | } | ||
312 | |||
313 | exec { "go-get-dep": | ||
314 | user => $cf_user, | ||
315 | environment => ["HOME=${cf_home}"], | ||
316 | creates => "${cf_home}/go/bin/dep", | ||
317 | command => "/usr/bin/go get -u github.com/golang/dep/cmd/dep", | ||
318 | require => User[$cf_user], | ||
319 | } | ||
320 | |||
321 | exec { "go-cryptoportfolio-dependencies": | ||
322 | cwd => $cf_front_app, | ||
323 | user => $cf_user, | ||
324 | environment => ["HOME=${cf_home}"], | ||
325 | creates => "${cf_front_app}/vendor", | ||
326 | command => "${cf_home}/go/bin/dep ensure", | ||
327 | require => [Exec["go-get-dep"], Archive["${cf_home}/${front_version}.tar.gz"]], | ||
328 | } | ||
329 | |||
330 | exec { "go-cryptoportfolio-app": | ||
331 | cwd => $cf_front_app_api_workdir, | ||
332 | user => $cf_user, | ||
333 | environment => ["HOME=${cf_home}"], | ||
334 | creates => $cf_front_app_api_bin, | ||
335 | command => "/usr/bin/make build", | ||
336 | require => Exec["go-cryptoportfolio-dependencies"], | ||
337 | } | 290 | } |
338 | 291 | ||
339 | file { "/etc/systemd/system/cryptoportfolio-app.service": | 292 | file { "/etc/systemd/system/cryptoportfolio-app.service": |
@@ -360,43 +313,79 @@ class role::cryptoportfolio { | |||
360 | command => "/usr/bin/pg_dump --schema-only --clean --no-publications $cf_pg_db > /var/lib/postgres/${cf_pg_db}.schema", | 313 | command => "/usr/bin/pg_dump --schema-only --clean --no-publications $cf_pg_db > /var/lib/postgres/${cf_pg_db}.schema", |
361 | } | 314 | } |
362 | 315 | ||
316 | archive { "${cf_home}/front_${front_version}.tar.gz": | ||
317 | path => "${cf_home}/front_${front_version}.tar.gz", | ||
318 | source => "https://git.immae.eu/releases/cryptoportfolio/front/front_${front_version}.tar.gz", | ||
319 | checksum_type => "sha256", | ||
320 | checksum => $front_sha256, | ||
321 | cleanup => false, | ||
322 | extract => true, | ||
323 | user => $cf_user, | ||
324 | username => $facts["ec2_metadata"]["hostname"], | ||
325 | password => generate_password(24, $password_seed, "ldap"), | ||
326 | extract_path => $cf_front_app, | ||
327 | require => [User[$cf_user], File[$cf_front_app]], | ||
328 | notify => [ | ||
329 | Exec["web-cryptoportfolio-dependencies"], | ||
330 | Exec["go-get-dep"], | ||
331 | ] | ||
332 | } | ||
333 | |||
334 | # Api | ||
363 | file { $cf_front_app_api_conf: | 335 | file { $cf_front_app_api_conf: |
364 | owner => $cf_user, | 336 | owner => $cf_user, |
365 | group => $cf_group, | 337 | group => $cf_group, |
366 | mode => "0600", | 338 | mode => "0600", |
367 | content => template("role/cryptoportfolio/api_conf.toml.erb"), | 339 | content => template("role/cryptoportfolio/api_conf.toml.erb"), |
340 | before => Exec["go-cryptoportfolio-app"], | ||
368 | } | 341 | } |
369 | 342 | ||
343 | exec { "go-get-dep": | ||
344 | user => $cf_user, | ||
345 | environment => ["HOME=${cf_home}"], | ||
346 | creates => "${cf_home}/go/bin/dep", | ||
347 | command => "/usr/bin/go get -u github.com/golang/dep/cmd/dep", | ||
348 | refreshonly => true, | ||
349 | } ~> | ||
350 | exec { "go-cryptoportfolio-dependencies": | ||
351 | cwd => $cf_front_app, | ||
352 | user => $cf_user, | ||
353 | environment => ["HOME=${cf_home}"], | ||
354 | command => "${cf_home}/go/bin/dep ensure", | ||
355 | refreshonly => true, | ||
356 | } ~> | ||
357 | exec { "go-cryptoportfolio-app": | ||
358 | cwd => $cf_front_app_api_workdir, | ||
359 | user => $cf_user, | ||
360 | environment => ["HOME=${cf_home}"], | ||
361 | command => "/usr/bin/make build", | ||
362 | refreshonly => true, | ||
363 | } | ||
364 | |||
365 | # Static pages | ||
370 | file { $cf_front_app_static_conf: | 366 | file { $cf_front_app_static_conf: |
371 | owner => $cf_user, | 367 | owner => $cf_user, |
372 | group => $cf_group, | 368 | group => $cf_group, |
373 | mode => "0600", | 369 | mode => "0600", |
374 | content => template("role/cryptoportfolio/static_conf.env.erb"), | 370 | content => template("role/cryptoportfolio/static_conf.env.erb"), |
375 | notify => Exec["remove build ${cf_front_app}/cmd/web/build/"], | 371 | before => Exec["web-cryptoportfolio-build"], |
376 | } | 372 | } |
377 | 373 | ||
378 | exec { "web-cryptoportfolio-dependencies": | 374 | exec { "web-cryptoportfolio-dependencies": |
379 | cwd => "${cf_front_app}/cmd/web", | 375 | cwd => "${cf_front_app}/cmd/web", |
376 | user => $cf_user, | ||
380 | environment => ["HOME=${cf_home}"], | 377 | environment => ["HOME=${cf_home}"], |
381 | command => "/usr/bin/make install", | 378 | command => "/usr/bin/make install", |
382 | creates => "${cf_front_app}/cmd/web/node_modules", | ||
383 | notify => Exec["remove build ${cf_front_app}/cmd/web/build/"], | ||
384 | require => [Package["npm"], Package["nodejs"], Package["yarn"]] | ||
385 | } | ||
386 | |||
387 | exec { "remove build ${cf_front_app}/cmd/web/build/": | ||
388 | command => "/usr/bin/rm -rf '${cf_front_app}/cmd/web/build/'", | ||
389 | refreshonly => true, | 379 | refreshonly => true, |
390 | before => Exec["web-cryptoportfolio-build"] | 380 | require => [Package["npm"], Package["nodejs"], Package["yarn"]] |
391 | } | 381 | } ~> |
392 | |||
393 | exec { "web-cryptoportfolio-build": | 382 | exec { "web-cryptoportfolio-build": |
394 | cwd => "${cf_front_app}/cmd/web", | 383 | cwd => "${cf_front_app}/cmd/web", |
384 | user => $cf_user, | ||
395 | environment => ["HOME=${cf_home}"], | 385 | environment => ["HOME=${cf_home}"], |
396 | path => ["${cf_front_app}/cmd/web/node_modules/.bin/", "/usr/bin"], | 386 | path => ["${cf_front_app}/cmd/web/node_modules/.bin/", "/usr/bin"], |
397 | command => "/usr/bin/make static ENV=${cf_env}", | 387 | command => "/usr/bin/make static ENV=${cf_env}", |
398 | creates => "${cf_front_app}/cmd/web/build/static", | 388 | refreshonly => true, |
399 | require => [File[$cf_front_app_static_conf], Exec["web-cryptoportfolio-dependencies"]] | ||
400 | } | 389 | } |
401 | } | 390 | } |
402 | } | 391 | } |