Last active
April 10, 2018 13:24
-
-
Save jpadams/cfefa6ace193c9e954bab9e146fe6caf to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # usage is: ./make_role_groups.sh <environment_to_scan> | |
| # example: ./make_role_groups.sh staging | |
| # | |
| find_guid() | |
| { | |
| echo $(curl -s https://$master_hostname:4433/classifier-api/v1/groups --cert $cert --key $key --cacert $cacert | python -m json.tool |grep -C 2 "$1" | grep "id" | cut -d: -f2 | sed 's/[\", ]//g') | |
| } | |
| if [ "$#" -ne 1 ]; then | |
| echo "usage is: ./make_role_groups.sh <environment_to_scan>" | |
| exit 1 | |
| fi | |
| env_to_scan=$1 | |
| master_hostname=$(/opt/puppetlabs/bin/puppet config print certname) | |
| key=$(/opt/puppetlabs/bin/puppet config print hostprivkey) | |
| cert=$(/opt/puppetlabs/bin/puppet config print hostcert) | |
| cacert=$(/opt/puppetlabs/bin/puppet config print localcacert) | |
| autosign_example_class=autosign_example | |
| vro_user_class=vro_plugin_user | |
| vro_sshd_class=vro_plugin_sshd | |
| all_nodes_id='00000000-0000-4000-8000-000000000000' | |
| roles_group_id='235a97b3-949b-48e0-8e8a-000000000666' | |
| autosign_and_user_group_id='235a97b3-949b-48e0-8e8a-000000000999' | |
| production_env_group_id=`find_guid "Production environment"` | |
| echo "\"Production environment\" group uuid is $production_env_group_id" | |
| agent_specified_env_group_id=`find_guid "Agent-specified environment"` | |
| echo "\"Agent-specified environment\" group uuid is $agent_specified_env_group_id" | |
| pemaster_group_id=`find_guid "PE Master"` | |
| # | |
| # Alert and fail if mandatory classes missing from production environment | |
| # | |
| no_errors=0 | |
| for mandatory_class in "$autosign_example_class" "$vro_user_class" "$vro_sshd_class"; do | |
| if [[ $(curl -s -X GET \ -H "Content-Type: application/json" \ | |
| --cert $cert \ | |
| --key $key \ | |
| --cacert $cacert \ | |
| "https://$master_hostname:4433/classifier-api/v1/environments/production/classes/$mandatory_class" | grep "not-found") ]]; then | |
| echo "Could not find class \"$mandatory_class\" in the \"production\" environment. Please add it to your Puppetfile" | |
| ((no_errors+=1)) | |
| fi | |
| done | |
| if [[ no_errors -gt 0 ]]; then | |
| exit 1 | |
| fi | |
| # | |
| # Tell the NC to refresh its cache so that the classes we just installed are available | |
| # | |
| echo "Refreshing NC class lists for production and $env_to_scan puppet environments" | |
| curl -s -X POST -H "Content-Type: application/json" \ | |
| --key $key \ | |
| --cert $cert \ | |
| --cacert $cacert \ | |
| https://$master_hostname:4433/classifier-api/v1/update-classes?environment=production | |
| [ "$?" = 0 ] && echo "Successful refresh of production environment." | |
| curl -s -X POST -H "Content-Type: application/json" \ | |
| --key $key \ | |
| --cert $cert \ | |
| --cacert $cacert \ | |
| https://$master_hostname:4433/classifier-api/v1/update-classes?environment=$env_to_scan | |
| [ "$?" = 0 ] && echo "Successful refresh of $env_to_scan environment." | |
| # | |
| # Create an "Autosign and vRO Plugin User" classification group to set up autosign example and vro-plugin-user | |
| # | |
| echo "Creating the Autosign and vRO Plugin User and sshd config group" | |
| curl -s -X PUT -H 'Content-Type: application/json' \ | |
| --key $key \ | |
| --cert $cert \ | |
| --cacert $cacert \ | |
| -d ' | |
| { | |
| "name": "Autosign and vRO Plugin User and sshd config", | |
| "parent": "'$all_nodes_id'", | |
| "rule": | |
| [ "and", | |
| [ "=", | |
| [ "trusted", "certname" ], | |
| "'$master_hostname'" | |
| ] | |
| ], | |
| "classes": { "'$autosign_example_class'": {}, "'$vro_user_class'": {}, "'$vro_sshd_class'": {} } | |
| }' \ | |
| https://$master_hostname:4433/classifier-api/v1/groups/$autosign_and_user_group_id | python -m json.tool | |
| echo | |
| # | |
| # Add 64 bit Windows agent installer to pe_repo | |
| # | |
| echo "Adding 64 bit Windows agent installer to pe_repo in PE Master group" | |
| curl -s -X POST -H 'Content-Type: application/json' \ | |
| --key $key \ | |
| --cert $cert \ | |
| --cacert $cacert \ | |
| -d ' | |
| { | |
| "classes": { "pe_repo::platform::windows_x86_64": {} } | |
| }' \ | |
| https://$master_hostname:4433/classifier-api/v1/groups/$pemaster_group_id | python -m json.tool | |
| echo | |
| # | |
| # create Roles parent group | |
| # | |
| echo "Creating the Roles group" | |
| curl -s -X PUT -H 'Content-Type: application/json' \ | |
| --key $key \ | |
| --cert $cert \ | |
| --cacert $cacert \ | |
| -d ' | |
| { | |
| "name": "Roles", | |
| "parent": "'$all_nodes_id'", | |
| "classes": {} | |
| }' \ | |
| https://$master_hostname:4433/classifier-api/v1/groups/$roles_group_id | python -m json.tool | |
| echo | |
| # | |
| # Create a role group for each role class in environment | |
| # | |
| envpath="/etc/puppetlabs/code/environments/$env_to_scan" | |
| for file in $envpath/site/role/manifests/*; do | |
| basefilename=$(basename "$file") | |
| role_class="role::${basefilename%.*}" | |
| echo "Creating the \"$role_class\" classification group" | |
| curl -s -X POST -H "Content-Type: application/json" \ | |
| --key $key \ | |
| --cert $cert \ | |
| --cacert $cacert \ | |
| -d ' | |
| { | |
| "name": "'$role_class'", | |
| "parent": "'$roles_group_id'", | |
| "environment": "'$env_to_scan'", | |
| "rule": | |
| [ "and", | |
| [ "=", | |
| [ "trusted", "extensions", "pp_role" ], | |
| "'$role_class'" | |
| ] | |
| ], | |
| "classes": { "'$role_class'": {} } | |
| }' \ | |
| https://$master_hostname:4433/classifier-api/v1/groups | |
| done | |
| # | |
| # Create env_to_scan environment group | |
| # | |
| echo "Creating the \"$env_to_scan\" environment group" | |
| curl -L -s -X POST -H "Content-Type: application/json" \ | |
| --key $key \ | |
| --cert $cert \ | |
| --cacert $cacert \ | |
| -d ' | |
| { | |
| "name": "'$env_to_scan' environment", | |
| "parent": "'$production_env_group_id'", | |
| "environment_trumps": true, | |
| "environment": "'$env_to_scan'", | |
| "rule": | |
| [ "and", | |
| [ "=", | |
| [ "trusted", "extensions", "pp_environment" ], | |
| "'$env_to_scan'" | |
| ] | |
| ], | |
| "classes": {} | |
| }' \ | |
| https://$master_hostname:4433/classifier-api/v1/groups | python -m json.tool | |
| # | |
| # Update the "Agent-specified environment" group so that pp_environment=agent-specified works as expected | |
| # | |
| echo "Updating \"Agent-specified environment\" group to use pp_environment in its matching rules" | |
| curl -s -X PUT -H "Content-type: application/json" \ | |
| --key $key \ | |
| --cert $cert \ | |
| --cacert $cacert \ | |
| -d ' | |
| { | |
| "name": "Agent-specified environment", | |
| "parent": "'$production_env_group_id'", | |
| "environment_trumps": true, | |
| "rule": | |
| [ "and", | |
| [ "=", | |
| [ "trusted", "extensions", "pp_environment" ], | |
| "agent-specified" | |
| ] | |
| ], | |
| "environment": "agent-specified", | |
| "classes": {} | |
| }' \ | |
| https://$master_hostname:4433/classifier-api/v1/groups/$agent_specified_env_group_id | python -m json.tool | |
| echo | |
| # | |
| # Ensure that the puppet-strings gem is installed for role class summaries in Puppet component of vRA | |
| # | |
| /opt/puppetlabs/bin/puppet resource package rgen provider=puppet_gem ensure=latest | |
| /opt/puppetlabs/bin/puppet resource package puppet-strings provider=puppet_gem ensure=latest |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment