Skip to content

Commit 3f94daf

Browse files
author
Gary Larizza
committed
Merge pull request #27 from npwalker/reduce_scope_of_control_repo
Reduce the scope of the control-repo to mostly an example
2 parents 6a44737 + 2c98a92 commit 3f94daf

File tree

8 files changed

+59
-295
lines changed

8 files changed

+59
-295
lines changed

Puppetfile

Lines changed: 14 additions & 51 deletions
Original file line numberDiff line numberDiff line change
@@ -1,54 +1,17 @@
11
forge "http://forge.puppetlabs.com"
22

33
# Modules from the Puppet Forge
4-
# Note the versions are all set to :latest but after you've
5-
# installed you should change them to the exact version you want
6-
mod "hunner/hiera", '2.0.1'
7-
mod "puppetlabs/inifile", :latest
8-
mod "puppetlabs/stdlib", :latest
9-
mod "puppetlabs/concat", :latest
10-
mod "puppetlabs/ntp", :latest
11-
mod "saz/ssh", :latest
12-
mod "puppetlabs/postgresql", '4.5.0'
13-
mod "puppet/stash", '1.3.0'
14-
mod "puppetlabs/java", '1.4.1'
15-
mod "npwalker/pe_code_manager_webhook", '1.0.3'
16-
17-
#An example of using a specific forge module version instead of latest
18-
#Notice the addition of single quotes
19-
#mod "puppetlabs/inifile", '1.3.0'
20-
21-
# Modules from Github using various references
22-
# Further examples: https://github.com/puppetlabs/r10k/blob/master/doc/puppetfile.mkd#examples
23-
# update the tag to the most current release when implementing
24-
mod 'gitlab',
25-
:git => 'https://github.com/vshn/puppet-gitlab',
26-
:ref => '00397b86dfb3487d9df768cbd3698d362132b5bf'
27-
28-
mod 'r10k',
29-
:git => 'https://github.com/acidprime/r10k',
30-
:tag => 'v3.1.1'
31-
32-
#mod 'pe_code_manager_webhook',
33-
# :git => 'https://github.com/npwalker/pe_code_manager_webhook',
34-
# :ref => '6957aa67e376ca7dcc9a60a58c247ed3e7b66c16'
35-
36-
mod 'gms',
37-
:git => 'https://github.com/npwalker/abrader-gms',
38-
:branch => 'gitlab_disable_ssl_verify_support'
39-
40-
mod 'pltraining-rbac',
41-
:git => 'https://github.com/puppetlabs/pltraining-rbac',
42-
:ref => '2f60e1789a721ce83f8df061e13f8bf81cd4e4ce'
43-
44-
mod 'rampup_profile_puppetmaster',
45-
:git => 'https://github.com/PuppetLabs-RampUpProgram/RampUp_profile_puppetmaster',
46-
:branch => 'master'
47-
48-
mod 'rampup_profile_gitlab',
49-
:git => 'https://github.com/PuppetLabs-RampUpProgram/RampUp_profile_gitlab',
50-
:branch => 'master'
51-
52-
mod 'rampup_profile_stash',
53-
:git => 'https://github.com/PuppetLabs-RampUpProgram/RampUp_profile_stash',
54-
:branch => 'master'
4+
# Versions should be updated to be the latest at the time you start
5+
#mod "puppetlabs/inifile", '1.5.0'
6+
#mod "puppetlabs/stdlib", '4.11.0'
7+
#mod "puppetlabs/concat", '2.1.0'
8+
9+
# Modules from Git
10+
# Examples: https://github.com/puppetlabs/r10k/blob/master/doc/puppetfile.mkd#examples
11+
#mod 'apache',
12+
# :git => 'https://github.com/puppetlabs/puppetlabs-apache',
13+
# :commit => '83401079053dca11d61945bd9beef9ecf7576cbf'
14+
15+
#mod 'apache',
16+
# :git => 'https://github.com/puppetlabs/puppetlabs-apache',
17+
# :branch => 'docs_experiment'

README.md

Lines changed: 44 additions & 177 deletions
Original file line numberDiff line numberDiff line change
@@ -1,67 +1,45 @@
11
Table of Contents
22
=================
33

4-
* [Before Starting](#before-starting)
5-
* [What You Get From This control\-repo](#what-you-get-from-this-control-repo)
6-
* [How To Set It All Up](#how-to-set-it-all-up)
7-
* [Setup a Trusted Fact On Your PE Master](#setup-a-trusted-fact-on-your-pe-master)
8-
* [If You Have Not Installed PE](#if-you-have-not-installed-pe)
9-
* [If You Have Already Installed PE](#if-you-have-already-installed-pe)
10-
* [Copy This Repo Into Your Own Git Server](#copy-this-repo-into-your-own-git-server)
11-
* [Gitlab](#gitlab)
12-
* [Stash](#stash)
13-
* [Github](#github)
14-
* [Configure PE to Use the Control\-Repo](#configure-pe-to-use-the-control-repo)
15-
* [Install PE](#install-pe)
16-
* [Get the Control\-Repo Deployed On Your Master](#get-the-control-repo-deployed-on-your-master)
17-
* [Test Code Manager](#test-code-manager)
18-
* [Updating From a Previous Version of PE](#updating-from-a-previous-version-of-pe)
19-
* [Upgrading to PE2015\.3\.z from PE 2015\.2\.z](#upgrading-to-pe20153z-from-pe-20152z)
20-
* [Appendix](#appendix)
21-
* [Test The Zack/r10k Webhook](#test-the-zackr10k-webhook)
22-
23-
# Before Starting
24-
25-
This control repo and the steps below are intended to be used during a new installation of PE.
26-
27-
The instructions are geared towards a new installation of PE2015.3.z. However, the control-repo should work just fine on [PE2015.2.z](#upgrading-to-pe20153z-from-pe-20152z)
28-
29-
If you intend to use this control-repo on an existing installation then be warned that if you've already written or downloaded modules when you start using r10k it will remove all of the existing modules and replace them with what you define in your Puppetfile. Please copy or move your existing modules to another directory to ensure you do not lose any work you've already started.
4+
* [Where Did All The Previous Code Go?](#where-did-all-the-previous-code-go)
5+
* [What You Get From This control\-repo](#what-you-get-from-this-control-repo)
6+
* [Copy This Repo Into Your Own Git Server](#copy-this-repo-into-your-own-git-server)
7+
* [Gitlab](#gitlab)
8+
* [Stash](#stash)
9+
* [Github](#github)
10+
11+
Created by [gh-md-toc](https://github.com/ekalinin/github-markdown-toc.go)
12+
13+
# Where Did All The Previous Code Go?
14+
15+
Initially, the control-repo project began as a 'starter' template for anyone
16+
who wanted to get started with R10k. As time passed (and Code Manager was
17+
integrated into Puppet Enterprise), the scope of this project grew to include
18+
opinionated Puppet profiles to setup many Puppet Enterprise components. As the
19+
code increased, so did the complexity of the control-repo project. To reduce
20+
that complexity, as well as continue to meet the needs of individuals who would
21+
like a more minimal template, this repository was stripped of anything other
22+
than the bare minimum files necessary to get started with a functioning
23+
control-repo. All of the code that was previously in this repository still
24+
exists in separate repositories under the [Puppet Labs RampUp Program namespace within Github](https://github.com/PuppetLabs-RampUpProgram)
25+
and can easily be re-connected to an existing control-repo if that is required
26+
(simply add the modules to the Puppetfile). Alternatively, if that
27+
previously-opinoinated control-repo is desired, [it still exists on Github under the Puppet Labs RampUp Program namespace.](https://github.com/PuppetLabs-RampUpProgram/control-repo)
28+
This control-repo project will remain a template for anyone who would like a minimal
29+
'starter' template.
3030

3131
# What You Get From This control-repo
3232

33-
As a result of following the instructions below you will receive at least the beginning of a best-practices installation of PE including...
33+
This repository exists as a template control-repo that can be used with R10k or Puppet Enterprise Code Manager.
3434

35-
- A git server
36-
- The ability to push code to your git server and have it automatically deployed to your PE Master
37-
- A config_version script to output the commit of code that your agent just applied
38-
- Optimal tuning of PE settings for this configuration
39-
- Working and example roles/profiles code
40-
41-
# How To Set It All Up
42-
43-
## Setup a Trusted Fact On Your PE Master
44-
45-
This control repository is setup to manage certain portions of your PE installation for you if you create a trusted fact called `pp_role`. In order to do so, lay down a file that looks exactly like the below in `/etc/puppetlabs/puppet/csr_attributes.yaml`
46-
47-
```
48-
---
49-
extension_requests:
50-
#pp_role
51-
1.3.6.1.4.1.34380.1.1.13: 'all_in_one_pe'
52-
```
53-
54-
### If You Have Not Installed PE
55-
56-
Good then you can proceed forward and the trusted fact will be used when you get to the install step.
57-
58-
### If You Have Already Installed PE
59-
60-
Trusted facts are created at the time a CSR is generated. So, we need to regenerate the certificate on the master for the above trusted fact to be created.
61-
62-
Follow this document to regenerate the certificate on your master.
63-
64-
http://docs.puppetlabs.com/pe/latest/regenerate_certs_master.html
35+
The major points are:
36+
- An environment.conf that correctly implements:
37+
- A site directory for roles, profiles, and any custom modules for your organization
38+
- A config_version script
39+
- Provided config_version scripts to output the commit of code that your agent just applied
40+
- Basic example of roles/profiles code
41+
- Example hieradata directory with pre-created common.yaml and nodes directory
42+
- These match the default hierarchy that ships with PE
6543

6644
##Copy This Repo Into Your Own Git Server
6745

@@ -74,145 +52,34 @@ http://docs.puppetlabs.com/pe/latest/regenerate_certs_master.html
7452

7553
3. Make a user for yourself
7654

77-
4. Make an ssh key to link with your user. You’ll want to do this on the machine you intend to edit code from ( most likely not your puppet master but your local workstation / laptop )
55+
4. Make an ssh key to link with your user. You’ll want to do this on the machine you intend to edit code from ( most likely not your puppet master but your local workstation / laptop )
7856
- http://doc.gitlab.com/ce/ssh/README.html
7957
- https://help.github.com/articles/generating-ssh-keys/
8058

81-
5. Create a group called `puppet` ( this is case sensitive )
59+
5. Create a group called `puppet` ( this is case sensitive )
8260
- http://doc.gitlab.com/ce/workflow/groups.html
8361

84-
6. Create a user called `r10k_api_user` and add them to the `puppet` group
85-
- From the landing page, select groups
86-
- Choose the puppet group
87-
- In the left hand pane, select memembers
88-
- Add the `r10k_api_user` with `master` permissions
62+
6. Add your user to the `puppet` group as well
8963

90-
7. Add your user to the `puppet` group as well
64+
7. Create a project called `control-repo` and set the Namespace to be the `puppet` group
9165

92-
8. Create a project called `control-repo` and set the Namespace to be the `puppet` group
93-
94-
9. Logout of root and login as the `r10k_api_user`
95-
- Go to profile settings -> account ( https://<your_gitlab_server>/profile/account )
96-
- Copy the api token
97-
98-
10. Clone this control repository to your laptop/workstation
66+
8. Clone this control repository to your laptop/workstation
9967
- `git clone <repository url>`
10068
- `cd control-repo`
10169

102-
11. `git mv hieradata/nodes/example-puppet-master.yaml hieradata/nodes/<fqdn_of_your_puppet_master>.yaml`
103-
- Open `hieradata/nodes/<fqdn_of_your_puppet_master>.yaml`
104-
- edit `gms_api_token` to be your api token
105-
- edit `git_management_system` to be 'gitlab'
106-
- edit the `gms_server_url`
107-
108-
12. `git add hieradata/nodes/<fqdn_of_your_puppet_master>.yaml`
109-
110-
13. `git commit -m "renaming example-puppet-master.yaml"`
111-
112-
14. Rename my repository as the upstream remote
113-
- `git remote rename origin upstream`
70+
9. Remove this repository as the origin remote
71+
- `git remote remove origin`
11472

115-
15. Add your internal repository as the origin remote
73+
10. Add your internal repository as the origin remote
11674
- `git remote add origin <url of your gitlab repository>`
11775

118-
16. Push the production branch of the repository from your machine up to your git server
76+
11. Push the production branch of the repository from your machine up to your git server
11977
- `git push origin production`
12078

121-
17. `git branch --set-upstream-to origin/production`
122-
12379
###Stash
12480

12581
Coming soon!
12682

12783
###Github
12884

12985
Coming soon!
130-
131-
##Configure PE to Use the Control-Repo
132-
133-
###Install PE
134-
135-
1. Download the latest version of the PE installer for your platform and copy it to your master
136-
- https://puppetlabs.com/download-puppet-enterprise
137-
2. Expand the tarball and `cd` into the directory
138-
3. Run `puppet-enterprise-installer` to install
139-
140-
If you run into any issues or have more questions about the installer you can see our docs here:
141-
142-
http://docs.puppetlabs.com/pe/latest/install_basic.html
143-
144-
###Get the Control-Repo Deployed On Your Master
145-
146-
At this point you have our control-repo code deployed into your git server. However, we have one final challenge: getting that code onto your puppet master. In the end state the master will pull code from the git server via r10k, however, at this moment your puppet master doesn't have credentials to get code from the git server.
147-
148-
So, we'll set up a deploy key in the git server that will allow a ssh-key we make to deploy the code and configure everything else.
149-
150-
1. On your puppet master, make an ssh key for r10k to connect to gitlab
151-
- `/usr/bin/ssh-keygen -t rsa -b 2048 -C 'code_manager' -f /etc/puppetlabs/puppetserver/code_manager.key -q -N ''`
152-
- http://doc.gitlab.com/ce/ssh/README.html
153-
- https://help.github.com/articles/generating-ssh-keys/
154-
2. Create a deploy key on the `control-repo` project in Gitlab
155-
- Paste in the public key from above
156-
- `cat /etc/puppetlabs/puppetserver/code_manager.key.pub`
157-
3. Login to the PE console
158-
7. Navigate to the Classification page
159-
- Click on the PE Master group
160-
- Click the Classes tab
161-
- Add the `puppet_enterprise::profile::master`
162-
- Set the `r10k_remote` to the ssh url from the front page of your gitlab repo
163-
- Set the `r10k_private_key` parameter to `/etc/puppetlabs/puppetserver/code_manager.key`
164-
- Commit your changes
165-
8. Run `puppet agent -t`
166-
- Expect to see changes to `r10k.yaml`
167-
9. Run `r10k deploy environment -pv`
168-
10. Run `puppet agent -t`
169-
- Expect to see code manager enabled
170-
10. `echo 'code_manager_mv_old_code=true' > /opt/puppetlabs/facter/facts.d/code_manager_mv_old_code.txt`
171-
11. Run `puppet agent -t`
172-
- Now you should see many more changes
173-
- Your code has been deployed with code manager now
174-
175-
## Test Code Manager
176-
177-
One of the components setup by this control-repo is that when you "push" code to your git server, the git server will inform the puppet master to deploy branch you just pushed.
178-
179-
1. In one terminal window, `tail -f /var/log/puppetlabs/puppetserver/puppetserver.log`
180-
2. In a second terminal window
181-
- Add a new file, `touch test_file`
182-
- `git add test_file`
183-
- `git commit -m "adding a test_file"`
184-
- `git push origin production`
185-
3. Allow the push to complete and then wait a few seconds for everything to sync over
186-
- `ls -l /etc/puppetlabs/code/environments/production`
187-
- Confirm test_file is present
188-
4. In your first terminal window review the `puppetserver.log` to see the type of logging each sync will create
189-
190-
----
191-
# Updating From a Previous Version of PE
192-
193-
## Upgrading to PE2015.3.z from PE 2015.2.z
194-
195-
Remove `pe_r10k` from the PE master group in the console and instead add the following two parameters to the `puppet_enterprise::profile::master` class under the PE master group.
196-
197-
- `r10k_remote` = the ssh url for your internal repo
198-
- `r10k_private_key` = `/etc/puppetlabs/puppetserver/code_manager.key`
199-
200-
When upgrading the `puppet_enterprise::profile::master` class has the `file_sync_enabled` parameter set to `false`. This parameter should be removed so that code manager can configure file sync.
201-
202-
Finally, you’ll need to `echo 'code_manager_mv_old_code=true' > /opt/puppetlabs/facter/facts.d/code_manager_mv_old_code.txt` so that my puppet code will redeploy all of your code with code manager.
203-
204-
# Appendix
205-
206-
## Test The Zack/r10k Webhook
207-
208-
If you are using PE2015.2.z or if you've forced the use of the zack/r10k webhook then you'll want to test that it works.
209-
210-
One of the components setup by this control-repo is that when you "push" code to your git server, the git server will inform the puppet master to run `r10k deploy environment -p`.
211-
212-
1. Edit README.md
213-
- Just add something to it
214-
2. `git add README.md`
215-
3. `git commit -m "edit README"`
216-
4. `git push origin production`
217-
5. Allow the push to complete and then give it few seconds to complete
218-
- Open `/etc/puppetlabs/code/environments/production/README.md` and confirm your change is present

hieradata/common.yaml

Lines changed: 0 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -3,11 +3,3 @@ message: "This node is using common data"
33

44
#Puppet Server Tuning
55
puppet_enterprise::master::puppetserver::jruby_max_requests_per_instance: 0
6-
#Enable code manager
7-
puppet_enterprise::profile::master::code_manager_auto_configure: true
8-
puppet_enterprise::master::code_manager::authenticate_webhook: false
9-
10-
#pe-console-services tuning
11-
#https://docs.puppetlabs.com/pe/latest/console_config.html#tuning-the-classifier-synchronization-period
12-
#disable classifier scheduled sync and rely on r10k postrun command to sync the classes
13-
puppet_enterprise::profile::console::classifier_synchronization_period: 0

hieradata/nodes/example-node.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
---

hieradata/nodes/example-puppet-master.yaml

Lines changed: 0 additions & 8 deletions
This file was deleted.

hieradata/virtual/virtualbox.yaml

Lines changed: 0 additions & 42 deletions
This file was deleted.

0 commit comments

Comments
 (0)