source /etc/lsb-release wget https://apt.puppetlabs.com/puppetlabs-release-$DISTRIB_CODENAME.deb dpkg -i puppetlabs-release-$DISTRIB_CODENAME.deb rm puppetlabs-release-$DISTRIB_CODENAME.deb
apt-get update apt-get install puppet puppetmaster
puppet
group write permissions:
mkdir /etc/puppet/environments chgrp puppet /etc/puppet/environments chmod 2775 /etc/puppet/environment
r10k
via git hook, which we will configure later.
/etc/puppet/puppet.conf
file. Here is a good example from which you can start:
[main] environment = production confdir = /etc/puppet logdir = /var/log/puppet vardir = /var/lib/puppet ssldir = $vardir/ssl rundir = /var/run/puppet factpath = $vardir/lib/facter templatedir = $confdir/templates pluginsync = true [agent] environment = production report = true show_diff = true [master] environment = production manifest = $confdir/environments/$environment/manifests/site.pp modulepath = $confdir/environments/$environment/modules:$confdir/environments/$environment/site # Passenger ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY
manifest
/ modulepath
/ config_version
are deprecated in favor of the environments .
puppet
" in DNS, you can add server = your.server.com
to the [main]
section.
/etc/puppet/hiera.yaml
file:
--- :hierarchy: - "nodes/%{::fqdn}" - "manufacturers/%{::manufacturer}" - "virtual/%{::virtual}" - common :backends: - yaml :yaml: :datadir: "/etc/puppet/environments/%{::environment}/hieradata"
/etc/hiera.yaml
(which Puppet is not even aware of) with a symbolic link to /etc/puppet/hiera.yaml
:
ln -sf /etc/puppet/hiera.yaml /etc/hiera.yaml
/etc/init.d/puppetmaster restart
puppet agent --test
Info: Retrieving plugin Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve information from environment production source(s) puppet://testpm.qix.no/plugins Info: Caching catalog for testpm.qix.no Info: Applying configuration version '1384949455' Info: Creating state file /var/lib/puppet/state/state.yaml Notice: Finished catalog run in 0.03 seconds
apt-get install rubygems gem install r10k
r10k
directory in which r10k
will store copies of the modules:
mkdir /var/cache/r10k chgrp puppet /var/cache/r10k chmod 2775 /var/cache/r10k
r10k
has its own settings file. Create /etc/r10k.yaml
with the following contents:
# location for cached repos :cachedir: '/var/cache/r10k' # git repositories containing environments :sources: :base: remote: '/srv/puppet.git' basedir: '/etc/puppet/environments' # purge non-existing environments found here :purgedirs: - '/etc/puppet/environments'
apt-get install python-software-properties add-apt-repository ppa:git-core/ppa
apt-get update apt-get install git
r10k
will be updated from it to automatically create (or delete) Puppet environments.
/srv/puppet.git
:
git init --bare --shared=group /srv/puppet.git chgrp -R puppet /srv/puppet.git cd /srv/puppet.git git symbolic-ref HEAD refs/heads/production
puppet
group that will be used to restrict access to the repository:
adduser <myuser> puppet
id | grep puppet
/srv/puppet.git/hooks/post-receive
, which will run r10k
on each push into the repository:
#!/bin/bash umask 0002 while read oldrev newrev ref do branch=$(echo $ref | cut -d/ -f3) echo echo "--> Deploying ${branch}..." echo r10k deploy environment $branch -p # sometimes r10k gets permissions wrong too find /etc/puppet/environments/$branch/modules -type d -exec chmod 2775 {} \; 2> /dev/null find /etc/puppet/environments/$branch/modules -type f -exec chmod 664 {} \; 2> /dev/null done
chmod 0775 /srv/puppet.git/hooks/post-receive
cd git clone /srv/puppet.git cd puppet
mkdir -p hieradata/nodes manifests site
modules
folder, because It will be controlled through r10k
. Local modules (i.e., modules exclusively for this puppet master server) will be located in the site
directory.
r10k
. Create a Puppetfile
file in the repository root with the following contents:
# Puppet Forge mod 'puppetlabs/ntp', '3.0.0-rc1' mod 'puppetlabs/puppetdb', '3.0.0' mod 'puppetlabs/stdlib', '4.1.0' mod 'puppetlabs/concat', '1.0.0' mod 'puppetlabs/inifile', '1.0.0' mod 'puppetlabs/postgresql', '3.2.0' mod 'puppetlabs/firewall', '0.4.2' # A module from your own git server #mod 'custom', # :git => 'git://git.mydomain.com/custom.git', # :ref => '1.0'
Puppetfile
file Puppetfile
was first proposed by Tim Sharpe for use with librarian-puppet , so use it as a source for documentation.
Puppetfile
:
puppet module
command, r10k
does not support automatic dependency handling (for version 1.1.0). You must enable all dependencies manually.ref
to something like master
, but this is probably not a good idea in a combat environment.Hiera
.
ntp
module, so create a file hieradata/common.yaml
with the following contents:
--- classes: - ntp ntp::servers: - 0.pool.ntp.org - 1.pool.ntp.org - 2.pool.ntp.org - 3.pool.ntp.org
hieradata/nodes/$(hostname -f).yaml
and add the necessary class with default settings to it:
--- classes: - puppetdb - puppetdb::master::config
manifests/site.pp
that will include all the classes we defined in Hiera
:
hiera_include('classes')
site
directory:
touch site/.keep
git checkout -b production git add * git commit -a -m "initital commit" git push -u origin production
Counting objects: 11, done. Compressing objects: 100% (5/5), done. Writing objects: 100% (11/11), 867 bytes | 0 bytes/s, done. Total 11 (delta 0), reused 0 (delta 0) remote: remote: --> Deploying production... remote: To /srv/puppet.git * [new branch] production -> production Branch production set up to track remote branch production from origin.
--> Deploying production...
, which means that our git hook worked.
/etc/puppet/environments/production
directory has been created and the contents of its modules
folder contain the Puppet Forge modules that we listed in the Puppetfile
.
root
and start the agent puppet:
puppet agent --test
/etc/init.d/ntp status /etc/init.d/puppetdb status
puppet agent --test
puppet node status $(hostname -f)
testpm.qix.no Currently active Last catalog: 2013-11-20T13:22:05.036Z Last facts: 2013-11-20T13:22:00.437Z
puppet node find $(hostname -f) | python -mjson.tool
hiera -a classes ::environment=production ::fqdn=$(hostname -f)
["puppetdb", "puppetdb::master::config", "ntp"]
# git checkout -b new_feature vim somefile git add somefile git commit -m "best feature ever" # == git push --set-upstream origin new_feature # ( , ?) puppet agent --test --noop --environment new_feature puppet agent --test --environment new_feature # diff and merge git checkout production git diff ..new_feature git diff --name-only new_feature git merge new_feature # production git push # git branch -d new_feature # == git push origin :new_feature
Puppetfile
:
mod 'my_app', :git => 'git://git.mydomain.com/my_app.git', :ref => 'master'
master
branch every time you make a push repository /srv/puppet.git
. What if you didn't make any changes to this repository? In that case, simply execute r10k
explicitly. This command will update all modules in all environments:
r10k deploy environment -p
r10k deploy environment testing -p
r10k
in this way is that the rights in /etc/puppet/environments
can go, which leads to problems in the shared repository. To avoid this, create the /usr/local/bin/deploy
script and give it execution rights:
#!/bin/sh umask 0002 r10k deploy environment $1 -p find /etc/puppet/environments -mindepth 1 -type d -exec chmod 2775 {} \; find /etc/puppet/environments -type f -exec chmod 0664 {} \;
# deploy # deploy testing
git tag -a 1.0 -m "finally no error messages" git push --tags
environments
added to .gitignore
)
AngularJS
and CoffeeScript
).
Source: https://habr.com/ru/post/229867/