Last active
September 6, 2017 20:36
-
-
Save jtopjian/6153246 to your computer and use it in GitHub Desktop.
Puppet Infrastructure 2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class admin::roles::base { | |
class { 'ntp': } | |
class { 'stdlib': } | |
class { 'firewall': } | |
class { 'admin::base::security_updates': } | |
class { 'admin::base::packages': } | |
# Firewall | |
resources { 'firewall': | |
purge => true | |
} | |
# root's SSH key | |
sshkeys::create_key { 'root': | |
home => '/root', | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class { 'admin::roles::base': } -> | |
class { 'admin::roles::puppet::master': } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Variables | |
repo_location="/root/t" | |
echo "Installing base packages" | |
read -p "Press [Enter] to continue..." | |
wget http://apt.puppetlabs.com/puppetlabs-release-precise.deb | |
dpkg -i puppetlabs-release-precise.deb | |
apt-get update | |
apt-get install -y git puppet rake rubygems | |
rm *.deb | |
echo "Setting up dotfiles" | |
read -p "Press [Enter] to continue..." | |
# Set up environment | |
cd | |
git clone https://github.com/jtopjian/dotfiles .dotfiles | |
cd .dotfiles | |
bash create.sh | |
echo "Installing core site modules" | |
read -p "Press [Enter] to continue..." | |
# Get core site modules | |
mkdir -p /etc/puppet/site/modules | |
cd /etc/puppet/site/modules | |
for repo in admin puppet nginx unicorn gitolite sshkeys | |
do | |
cp -a ${repo_location}/${repo} $repo | |
rm -rf $repo/.git | |
done | |
chown -R root:root /etc/puppet/site/modules | |
echo "Installing third party modules" | |
read -p "Press [Enter] to continue..." | |
# Get supplemental modules | |
cd /etc/puppet/modules | |
git clone https://github.com/puppetlabs/puppetlabs-stdlib stdlib | |
git clone https://github.com/puppetlabs/puppetlabs-inifile inifile | |
git clone https://github.com/jtopjian/jtopjian-fqdn_underscore fqdn_underscore | |
git clone https://github.com/puppetlabs/puppetlabs-apt apt | |
git clone https://github.com/puppetlabs/puppetlabs-mysql mysql | |
git clone https://github.com/puppetlabs/puppetlabs-vcsrepo vcsrepo | |
git clone https://github.com/ripienaar/puppet-concat concat | |
git clone https://github.com/puppetlabs/puppetlabs-ntp ntp | |
git clone https://github.com/puppetlabs/puppetlabs-puppetdb puppetdb | |
git clone https://github.com/puppetlabs/puppetlabs-postgresql postgresql | |
git clone https://github.com/puppetlabs/puppetlabs-firewall firewall | |
git clone https://github.com/dalen/puppet-puppetdbquery puppetdbquery | |
echo "Configuring Puppet" | |
read -p "Press [Enter] to continue..." | |
rm /etc/puppet/puppet.conf | |
ln -s /etc/puppet/site/modules/admin/ext/puppet.conf /etc/puppet/ | |
ln -s /etc/puppet/site/modules/admin/ext/hiera.yaml /etc/puppet/ | |
ln -s /etc/puppet/site/modules/admin/ext/nodes.pp /etc/puppet/manifests | |
ln -s /etc/puppet/site/modules/admin/ext/site.pp /etc/puppet/manifests |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
puppet apply --verbose bootstrap.pp |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class admin::roles::puppet::master { | |
anchor { 'admin::roles::puppet::master::begin': } -> Class['::puppetdb'] | |
Class['nginx::server'] -> anchor { 'admin::roles::puppet::master::end': } | |
# Rake dependency | |
package { 'rake': | |
ensure => present, | |
} | |
# PuppetDB | |
class { '::puppetdb': } -> | |
class { '::puppetdb::master::config': } -> | |
# Puppet Server | |
class { '::puppet': | |
settings => hiera('puppet_config'), | |
agent => true, | |
master => true, | |
master_type => 'nginx', | |
} -> | |
# Nginx and Unicorn | |
class { 'unicorn::server': } -> | |
class { 'nginx::server': } | |
# Firewall | |
$interfaces = hiera('interfaces') | |
$interfaces.each { |$interface| | |
firewall { "100 allow puppet to puppetdb on ${interface}": | |
proto => 'tcp', | |
port => 8081, | |
source => $interface, | |
action => 'accept', | |
} | |
} | |
firewall { '900 deny all to puppetdb': | |
proto => 'tcp', | |
port => [8080, 8081], | |
action => 'drop', | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment