rnelson0/Bootstrap.md Secret

## Bootstrap.md

      
    Raw
  

              Bootstrap.md
            
          
    How to bootstrap a new master
Preparation

Run ssh-keygen and attach the new key to Github
Bootstrap

systemctl stop firewalld
mkdir /root/bootstrap
puppet module install zack/r10k --modulepath=/root/bootstrap
git clone git@github.com:rnelson0/controlrepo.git
cd controlrepo
puppet apply r10k_installation.pp --modulepath=/root/bootstrap
rm -f /etc/hiera.yaml /etc/puppetlabs/code/hiera.yaml
cp hiera.yaml /etc
cp hiera.yaml /etc/puppetlabs/code
r10k deploy environment -pv
yum install -y puppetserver
systemctl start puppetserver
puppet agent -t


## hiera.yaml
---
:backends:
  - yaml

:logger: console

:hierarchy:
  - "clientcert/%{clientcert}"
  - "puppet_role/%{puppet_role}"
  - global

:yaml:
  :datadir: /etc/puppetlabs/code/environments/%{::environment}/hiera

## kickstart.pp
class profile::kickstart {
  include ::apache

  #::kickstart::ks_file{'el6-dhcp.ks': }
  #::kickstart::ks_file{'el6-dhcp-with-tools.ks':
  #  vmwaretools_location => 'http://10.0.0.8/',
  #}

  $el7_packages = [
    '@core',
    'ntpdate',
    'ntp',
    'wget',
    'screen',
    'git',
    'perl',
    'openssh-clients',
    'open-vm-tools',
    'man',
    'mlocate',
    'bind-utils',
    'traceroute',
    'mailx',
  ]

  ::community_kickstarts::centos7{'/var/www/html/centos7.ks':}

  firewall { '100 HTTP/S inbound':
    dport  => [80, 443],
    proto  => tcp,
    action => accept,
  }
}

## puppet_master.pp
class profile::puppet_master {
  include ::epel
  include ::puppet

  include ::hiera

  include ::r10k
  include ::r10k::webhook::config
  include ::r10k::webhook
  Class['r10k::webhook::config'] -> Class['r10k::webhook']
  Package['puppetdb'] ->  Service[webhook]

  # Deploy the home_config module on a regular basis
  cron {'home_config deploy':
    ensure => present,
    command => 'r10k deploy module home_config',
    minute => 0,
  }

  firewall { '110 zack-r10k web hook':
    dport  => 8088,
    proto  => tcp,
    action => accept,
  }
}

## puppet_master.yaml
# delta only
puppet::server_version: 'latest'
puppet::dns_alt_names:
  - 'puppet'
puppet::puppetdb_server: 'puppet.example.com'
puppet::puppetdb: true
puppet::manage_puppetdb: false
puppet::manage_hiera: false
puppet::firewall: true
puppet::runmode: service
hiera::hierarchy:
  - 'clientcert/%%{::}{clientcert}'
  - 'puppet_role/%%{::}{puppet_role}'
  - 'global'
hiera::datadir: '/etc/puppetlabs/code/environments/%%{::}{::environment}/hiera'
r10k::webhook::config::public_key_path: '/etc/puppetlabs/puppetdb/ssl/public.pem'
r10k::webhook::config::private_key_path: '/etc/puppetlabs/puppetdb/ssl/private.pem'

## puppet_master_spec.rb
#delta only
  # after let (:facts) and before the first context
  let (:pre_condition) {
    "package{'puppetdb': ensure => present, }"
  }

## Puppetfile_for_Kickstart
# delta only
mod 'danzilio/kickstart', '0.2.0'
mod 'puppet/community_kickstarts', '0.2.2'
	---
	:backends:
	- yaml

	:logger: console

	:hierarchy:
	- "clientcert/%{clientcert}"
	- "puppet_role/%{puppet_role}"
	- global

	:yaml:
	:datadir: /etc/puppetlabs/code/environments/%{::environment}/hiera
	class profile::kickstart {
	include ::apache

	#::kickstart::ks_file{'el6-dhcp.ks': }
	#::kickstart::ks_file{'el6-dhcp-with-tools.ks':
	# vmwaretools_location => 'http://10.0.0.8/',
	#}

	$el7_packages = [
	'@core',
	'ntpdate',
	'ntp',
	'wget',
	'screen',
	'git',
	'perl',
	'openssh-clients',
	'open-vm-tools',
	'man',
	'mlocate',
	'bind-utils',
	'traceroute',
	'mailx',
	]

	::community_kickstarts::centos7{'/var/www/html/centos7.ks':}

	firewall { '100 HTTP/S inbound':
	dport => [80, 443],
	proto => tcp,
	action => accept,
	}
	}
	class profile::puppet_master {
	include ::epel
	include ::puppet

	include ::hiera

	include ::r10k
	include ::r10k::webhook::config
	include ::r10k::webhook
	Class['r10k::webhook::config'] -> Class['r10k::webhook']
	Package['puppetdb'] -> Service[webhook]

	# Deploy the home_config module on a regular basis
	cron {'home_config deploy':
	ensure => present,
	command => 'r10k deploy module home_config',
	minute => 0,
	}

	firewall { '110 zack-r10k web hook':
	dport => 8088,
	proto => tcp,
	action => accept,
	}
	}
	# delta only
	puppet::server_version: 'latest'
	puppet::dns_alt_names:
	- 'puppet'
	puppet::puppetdb_server: 'puppet.example.com'
	puppet::puppetdb: true
	puppet::manage_puppetdb: false
	puppet::manage_hiera: false
	puppet::firewall: true
	puppet::runmode: service
	hiera::hierarchy:
	- 'clientcert/%%{::}{clientcert}'
	- 'puppet_role/%%{::}{puppet_role}'
	- 'global'
	hiera::datadir: '/etc/puppetlabs/code/environments/%%{::}{::environment}/hiera'
	r10k::webhook::config::public_key_path: '/etc/puppetlabs/puppetdb/ssl/public.pem'
	r10k::webhook::config::private_key_path: '/etc/puppetlabs/puppetdb/ssl/private.pem'
	#delta only
	# after let (:facts) and before the first context
	let (:pre_condition) {
	"package{'puppetdb': ensure => present, }"
	}
	# delta only
	mod 'danzilio/kickstart', '0.2.0'
	mod 'puppet/community_kickstarts', '0.2.2'