Last active
September 4, 2020 05:40
-
-
Save sgnn7/362ea52dcb2ce848ae931f5be619148c to your computer and use it in GitHub Desktop.
Puppet w/ Compile Masters Test Env
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: "3" | |
| services: | |
| # Puppet - Compilation Server | |
| puppet-compiler: | |
| image: puppet/puppetserver:${PUPPET_SERVER_TAG:-latest} | |
| network_mode: "host" | |
| ports: | |
| - 8140 | |
| volumes: | |
| - ./code:/etc/puppetlabs/code/ | |
| environment: | |
| - CA_ENABLED=false | |
| - CA_HOSTNAME=sgnn7-puppet-master.domain.com | |
| - PUPPETSERVER_HOSTNAME=sgnn7-puppet-compiler1.domain.com | |
| - PUPPETDB_SERVER_URLS=https://sgnn7-puppet-master.domain.com:8081 | |
| - DNS_ALT_NAMES=puppet,sgnn7-puppet-master.domain.com,sgnn7-puppet-compiler1.domain.com,sgnn7-puppet-compiler2.domain.com,sgnn7-puppet-compiler.domain.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: "3" | |
| services: | |
| # Puppet - Main Server | |
| puppet: | |
| image: puppet/puppetserver:${PUPPET_SERVER_TAG:-latest} | |
| network_mode: host | |
| ports: | |
| - 8140 | |
| volumes: | |
| - ./code:/etc/puppetlabs/code/ | |
| environment: | |
| - PUPPETSERVER_HOSTNAME=puppet | |
| - PUPPETDB_SERVER_URLS=https://localhost:8081 | |
| - CA_ALLOW_SUBJECT_ALT_NAMES=true | |
| - DNS_ALT_NAMES=puppet,sgnn7-puppet-master.domain.com,sgnn7-puppet-compiler1.domain.com,sgnn7-puppet-compiler2.domain.com,sgnn7-puppet-compiler.domain.com | |
| depends_on: | |
| - puppetdb-main | |
| puppetdb-main: | |
| image: puppet/puppetdb | |
| network_mode: host | |
| environment: | |
| - CERTNAME=sgnn7-puppet-master.domain.com | |
| - PUPPETSERVER_HOSTNAME=sgnn7-puppet-master.domain.com | |
| - PUPPETDB_POSTGRES_DATABASE=puppetdb-main | |
| - PUPPETDB_POSTGRES_HOSTNAME=localhost | |
| - PUPPETDB_PASSWORD=puppetdb-main | |
| - PUPPETDB_USER=puppetdb-main | |
| - DNS_ALT_NAMES=localhost,sgnn7-puppet-master.domain.com | |
| ports: | |
| - 8080 | |
| - 8081 | |
| depends_on: | |
| - postgres-main | |
| postgres-main: | |
| image: postgres:9.6 | |
| network_mode: host | |
| environment: | |
| - POSTGRES_DB=puppetdb-main | |
| - POSTGRES_PASSWORD=puppetdb-main | |
| - POSTGRES_USER=puppetdb-main | |
| ports: | |
| - 5432 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -e | |
| # COPY_FILES=false | |
| SERVERS=( | |
| "sgnn7-puppet-master.domain.com" | |
| "sgnn7-puppet-compiler1.domain.com" | |
| "sgnn7-puppet-compiler2.domain.com" | |
| ) | |
| if [ ! "$COPY_FILES" = "false" ]; then | |
| echo "Pushing files to servers" | |
| for server in ${SERVERS[@]}; do | |
| echo "Pushing files to $server..." | |
| scp -C -q ./pkg/cyberark-conjur-3.0.0-rc2.tar.gz ubuntu@$server: | |
| scp -C -q -r ./examples/puppetmaster ubuntu@$server: || true | |
| ssh ubuntu@$server bash -ec 'echo > $HOME/.hushlogin' | |
| echo "Pushing files to $server OK!" | |
| echo | |
| done | |
| fi | |
| echo "Installing Docker..." | |
| for server in ${SERVERS[@]}; do | |
| echo "Installing Docker on $server..." | |
| ssh ubuntu@$server << EOSSH | |
| if command -v docker &> /dev/null; then | |
| echo "Docker already installed" | |
| exit 0 | |
| fi | |
| set -e | |
| sudo apt update | |
| sudo apt install -y apt-transport-https ca-certificates curl software-properties-common | |
| curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - | |
| sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable" | |
| sudo apt update | |
| sudo apt install -y docker-ce docker-compose | |
| sudo usermod -aG docker ubuntu | |
| EOSSH | |
| echo "Installing Docker on $server OK!" | |
| echo | |
| done | |
| for server in ${SERVERS[@]}; do | |
| echo "Pulling mages on $server..." | |
| ssh ubuntu@$server << EOSSH | |
| for image in puppet/puppetserver puppet/puppetdb postgres:9.6 cyberark/conjur postgres:9.3 nginx:alpine cyberark/conjur-cli:5; do | |
| docker pull -q \$image | |
| done | |
| EOSSH | |
| done | |
| echo "All done!" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -e | |
| # wget https://apt.puppetlabs.com/puppet6-release-bionic.deb | |
| # sudo dpkg -i puppet6-release-bionic.deb | |
| # sudo apt update | |
| # sudo apt install puppet-agent | |
| /opt/puppetlabs/bin/puppet agent --verbose \ | |
| --onetime \ | |
| --no-daemonize \ | |
| --ca_server sgnn7-puppet-master.domain.com \ | |
| --certname "linux-agent" \ | |
| --server sgnn7-puppet-compiler1.domain.com \ | |
| --summarize |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| File { backup => false } | |
| if $facts['os']['family'] == 'Windows' { | |
| $cred_file_prefix = 'c:/' | |
| } else { | |
| $cred_file_prefix = '/tmp' | |
| } | |
| $output_file1 = "${cred_file_prefix}/creds1.txt" | |
| $output_file2 = "${cred_file_prefix}/creds2.txt" | |
| $output_file3 = "${cred_file_prefix}/creds3.txt" | |
| node /windows-.*/ { | |
| notify { "Grabbing 'puppet/credentials/api-key' secret...": } | |
| $secret1 = Sensitive(Deferred(conjur::secret, ['puppet/credentials/api-key'])) | |
| notify { "Grabbing 'puppet/credentials/public certificate' secret...": } | |
| $secret3 = Sensitive(Deferred(conjur::secret, ['puppet/credentials/public certificate'])) | |
| notify { "Writing secret1 to ${output_file1}...": } | |
| file { $output_file1: ensure => file, content => $secret1 } | |
| notify { "Writing secret3 to ${output_file3}...": } | |
| file { $output_file3: ensure => file, content => $secret3 } | |
| exec { "cat ${output_file1}": | |
| path => '/usr/bin:/usr/sbin:/bin', | |
| provider => shell, | |
| logoutput => true, | |
| } | |
| exec { "cat ${output_file3}": | |
| path => '/usr/bin:/usr/sbin:/bin', | |
| provider => shell, | |
| logoutput => true, | |
| } | |
| notify { 'Done!': } | |
| } | |
| node /linux-.*/ { | |
| notify { "Grabbing 'puppet/credentials/authorization-token' secret...": } | |
| $secret2 = Sensitive(Deferred(conjur::secret, ['puppet/credentials/authorization-token'])) | |
| notify { "Grabbing 'puppet/credentials/public certificate' secret...": } | |
| $secret3 = Sensitive(Deferred(conjur::secret, ['puppet/credentials/public certificate'])) | |
| notify { "Writing secret2 to ${output_file2}...": } | |
| file { $output_file2: ensure => file, content => $secret2 } | |
| notify { "Writing secret3 to ${output_file3}...": } | |
| file { $output_file3: ensure => file, content => $secret3 } | |
| exec { "cat ${output_file2}": | |
| path => '/usr/bin:/usr/sbin:/bin', | |
| provider => shell, | |
| logoutput => true, | |
| } | |
| exec { "cat ${output_file3}": | |
| path => '/usr/bin:/usr/sbin:/bin', | |
| provider => shell, | |
| logoutput => true, | |
| } | |
| notify { 'Done!': } | |
| } | |
| node default { | |
| notify { "Default node step": } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment