jigen e8198b84bd Using future parser | пре 9 година | |
---|---|---|
manifests | пре 9 година | |
modules | пре 9 година | |
.gitignore | пре 9 година | |
.gitmodules | пре 9 година | |
README.md | пре 9 година | |
etckeeper-commit-post | пре 10 година | |
etckeeper-commit-pre | пре 10 година | |
hiera.yaml | пре 9 година | |
puppet.conf | пре 9 година |
Ovvero della centralizzazione, automazione e documentazione delle configurazioni di un server autogestito
[DEFAULT] lib = SITE="nome_site" && \ HOSTFQDN="$(hostname --fqdn)" && HOSTNAME="$(hostname)" && \ REPO_ROOT="git@gitlab.com:organization/" [/etc/puppet] checkout = git clone ${REPO_ROOT}/puppet-deploy.git puppet order = 1 [/etc/puppet/site-conf] checkout = git clone gcrypt::${REPO_ROOT}/siteconf-${SITE}.git site-conf order = 2 chain = true [/etc/puppet/site-conf/host-conf] checkout = git clone gcrypt::${REPO_ROOT}/hostconf-${HOSTNAME}.git host-conf order = 3 chain = true [/etc/puppet/modules/common] checkout = git clone ${REPO_ROOT}/module-common.git common order = 4 [/etc/puppet/modules/stdlib] checkout = git clone ${REPO_ROOT}/puppetlabs-stdlib.git stdlib cd stdlib && git checkout tags/4.5.1 order = 4 [/etc/puppet/modules/apt] checkout = git clone ${REPO_ROOT}/module-apt.git apt order = 4 [/etc/puppet/modules/concat] checkout = git clone ${REPO_ROOT}/module-concat.git concat order = 4 [/etc/puppet/modules/lsb] checkout = git clone ${REPO_ROOT}/module-lsb.git lsb order = 4 [/etc/puppet/modules/postfix] checkout = git clone ${REPO_ROOT}/module-postfix.git postfix order = 4
/etc/puppet/site-conf/.mrconfig /etc/puppet/site-conf/host-conf/.mrconfig
[conf, world-wide, clear] puppet-deploy
/etc/puppet
(su Debian);manifests/site.pp
contiene la dichiarazione di default per i nodi, che include i ruoli definiti nella configurazione [hiera_include('host-roles')
][logic, world-wide, clear] module-$(prog-name)
[conf, site-wide, gcrypt] siteconf-$(site-name)
[logic, site-wide, gcrypt] module-$(site-name)
[conf, host-wide, gcrypt] hostconf-$(server-name)
[logic, host-wide, gcrypt] module-$(server-name)
gem install deep_merge
git init siteconf-$(sitename)
cd siteconf-$(sitename)/ git remote add $(gcrypt_remote) gcrypt::/siteconf-$(site-name).git git config remote.$(gcrypt_remote).gcrypt-participants "$(sysadm1-key-fingerprint) $(sysadm2-key-fingerprint) $(server1-key-fingerprint) $(server2-key-fingerprint)" git config remote.$(gcrypt_remote).gcrypt-publish-participants true touch README git add . git commit -m "Initial gcrypt commit" git push --set-upstream $(gcrypt_remote) master
E' importante importare le chiavi pubbliche di TUTTI i sysadmin e TUTTI i servers elencati in gcrypt-participants
prima di continuare oltre
[DEFAULT] lib = SITE="$(sitename)" && \ HOSTFQDN="$(hostname --fqdn)" && HOSTNAME="$(hostname)" && \ REPO_ROOT="git@gitlab.com:organization/"
[/etc/puppet/modules/$(modulename)] checkout = git clone gcrypt::${REPO_ROOT}/module-${SITE}.git $(modulename)] order=3
git init module-$(sitename)
cd module-$(sitename)/ git remote add $(gcrypt_remote) gcrypt::/module-$(site-name).git git config remote.$(gcrypt_remote).gcrypt-participants "$(sysadm1-key-fingerprint) $(sysadm2-key-fingerprint) $(server1-key-fingerprint) $(server2-key-fingerprint)" git config remote.$(gcrypt_remote).gcrypt-publish-participants true touch README git add . git commit -m "Initial gcrypt commit" git push --set-upstream $(gcrypt_remote) master
E' importante importare le chiavi pubbliche di TUTTI i sysadmin e TUTTI i servers elencati in gcrypt-participants
prima di continuare oltre
git-remote-gcrypt
)
echo "deb http://http.debian.net/debian wheezy-backports main" >> /etc/apt/sources.list
Creare il file /etc/apt/preferences.d/00-puppet.pref
con le seguente configurazione:
`Package: puppet puppet-common
Pin: version 3.7*
Pin-Priority: 999
Package: facter Pin: version 2.3* Pin-Priority: 999`
Aggiornare la lista dei pacchetti disponibili
apt-get update
Da root apt-get install puppet git git-remote-gcrypt myrepos
Eliminare i file esistenti per puppet rm -rf /etc/puppet
Generare una nuova coppia di chiavi gpg gpg --gen-key
Configurare sul repository git l'account e i permessi per il nuovo server. Questo passo potrebbe non essere indispensabile, dipende dal repository configurato.
(Opzionale) Configurare l'agent gpg
Copiare i file .mrconfig
e .mrtrust
forniti sopra in /root
e configurare le variabili SITE
e REPO_ROOT
in .mrconfig
.
Eseguire l'update di tutti i moduli mr -d /etc/ update
Lanciare l'esecuzione di puppet puppet apply -v /etc/puppet/manifests/site.pp
init.pp
is special and always contains a class with the same name as the module. You may not have a class named init.