Yuvipanda has submitted this change and it was merged. Change subject: labs: Add a standalone puppetmaster role ......................................................................
labs: Add a standalone puppetmaster role - Uses the puppetmaster module rather than the puppet module. - Based off the labs puppetmaster code, but much simplified - Uses apache + mod_passenger like prod rather than the default WEBrick server - Probably does not support precise! Should work on trusty & jessie. - Is standalone puppetmaster, does not support replication / HA like the prod puppetmasters DEATH TO THE PUPPET MODULE Bug: T120159 Change-Id: I5f11761bdd2a1f292d3d061363fa53346d1eb768 --- M modules/puppetmaster/manifests/gitclone.pp M modules/puppetmaster/manifests/gitsync.pp M modules/puppetmaster/manifests/init.pp A modules/role/manifests/puppetmaster/standalone.pp 4 files changed, 69 insertions(+), 4 deletions(-) Approvals: Yuvipanda: Verified; Looks good to me, approved diff --git a/modules/puppetmaster/manifests/gitclone.pp b/modules/puppetmaster/manifests/gitclone.pp index f7a240d..2929ba1 100644 --- a/modules/puppetmaster/manifests/gitclone.pp +++ b/modules/puppetmaster/manifests/gitclone.pp @@ -187,9 +187,22 @@ force => true; } } else { + file { '/var/lib/git/labs': + ensure => directory, + owner => 'gitpuppet', + group => 'gitpuppet', + mode => '0755', + } + + git::clone { 'labs/private': + require => File["${puppetmaster::gitdir}/labs"], + owner => 'gitpuppet', + directory => "${puppetmaster::gitdir}/labs/private", + } + file { '/etc/puppet/private': ensure => link, - target => "${puppetmaster::gitdir}/operations/labs/private", + target => "${puppetmaster::gitdir}/labs/private", force => true, } } diff --git a/modules/puppetmaster/manifests/gitsync.pp b/modules/puppetmaster/manifests/gitsync.pp index e19da77..2cc2265 100644 --- a/modules/puppetmaster/manifests/gitsync.pp +++ b/modules/puppetmaster/manifests/gitsync.pp @@ -1,7 +1,6 @@ # == Class: puppetmaster::gitsync # # Sync local operations/puppet.git checkout with upstream. -# Meant for use with local puppetmasters. class puppetmaster::gitsync( $run_every_minutes = '10', ) { diff --git a/modules/puppetmaster/manifests/init.pp b/modules/puppetmaster/manifests/init.pp index dc2a8ca..6525d9a 100644 --- a/modules/puppetmaster/manifests/init.pp +++ b/modules/puppetmaster/manifests/init.pp @@ -49,6 +49,7 @@ $hiera_config=$::realm, $secure_private=true, $extra_auth_rules='', + $include_conftool=true, ){ $gitdir = '/var/lib/git' @@ -164,6 +165,8 @@ source => "puppet:///modules/puppetmaster/${hiera_config}.hiera.yaml", } - # This is required for the conftool perser function - include ::conftool + if $include_conftool { + # This is required for the conftool perser function + include ::conftool + } } diff --git a/modules/role/manifests/puppetmaster/standalone.pp b/modules/role/manifests/puppetmaster/standalone.pp new file mode 100644 index 0000000..00ee13b --- /dev/null +++ b/modules/role/manifests/puppetmaster/standalone.pp @@ -0,0 +1,50 @@ +# = Class: role::puppetmaster::standalone +# +# Sets up a standalone puppetmaster, without frontend/backend +# separation. +# +# Useful only in labs. +# +# == Parameters +# +# [*autosign*] +# Set to true to have puppetmaster automatically accept all +# certificate signing requests. Note that if you want to +# keep any secrets secure in your puppetmaster, you *can not* +# use this, and will have to sign manually. +class role::puppetmaster::standalone( + $autosign = false, +) { + include ldap::role::config::labs + + $ldapconfig = $ldap::role::config::labs::ldapconfig + $basedn = $ldapconfig['basedn'] + + $encconfig = { + 'ldapserver' => $ldapconfig['servernames'][0], + 'ldapbase' => "ou=hosts,${basedn}", + 'ldapstring' => '(&(objectclass=puppetClient)(associatedDomain=%s))', + 'ldapuser' => $ldapconfig['proxyagent'], + 'ldappassword' => $ldapconfig['proxypass'], + 'ldaptls' => true, + 'node_terminus' => 'ldap' + } + + # Allow access from everywhere! Use certificates to + # control access + $allow_from = ['10.0.0.0/8'] + + class { '::puppetmaster': + server_name => $::fqdn, + allow_from => $allow_from, + secure_private => false, + include_conftool => false, + config => merge($encconfig, { + 'thin_storeconfigs' => false, + 'autosign' => $autosign, + }) + } + + # Update git checkout + include ::puppetmaster::gitsync +} -- To view, visit https://gerrit.wikimedia.org/r/311163 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I5f11761bdd2a1f292d3d061363fa53346d1eb768 Gerrit-PatchSet: 11 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Yuvipanda <yuvipa...@wikimedia.org> Gerrit-Reviewer: Yuvipanda <yuvipa...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits