Repose Puppet Setup
Only manual steps!
For additional details, see Good things to know - Replace Jenkins Slave.
- Create a Debian 8 (Jessie) cloud box.
- Set up it's local hostname.
- Update any DNS records, both IPV4 and IPV6, to point to the new box.
- Add it's hostname to the
site.pp
if necessary. - Download and execute the client
bootstrap.sh
from this repositorywget https://raw.githubusercontent.com/rackerlabs/repose-infrastructure-ng/master/bootstrap-puppet-client.sh && chmod u+x bootstrap-puppet-client.sh && ./bootstrap-puppet-client.sh
- The last step of the
bootstrap.sh
fires up the puppet agent in test mode.- There may be some additional steps indicated when the
bootstrap.sh
completes; read them all and do in order. - The client's host certificate will need to be signed on the master:
puppet cert sign <FQHN>
- Then the puppet agent will need to be executed on the client again:
puppet agent --test
- Sometimes the package management system needs updated and the puppet agent ran yet again.
apt-get update && puppet agent --test
- There may be some additional steps indicated when the
- If the new box is a Jenkins slave, then update the Jenkins' node list.
- Add it to Nagios
- Add a host config to the nagios module
- Add it to any relevant host groups
- Add any specific host checks
Manual steps for master
- Set hostname.
- Set up the eyaml backend key/cert.
- Run the master bootstrap script.
TODO: UPDATE THIS
Contains puppet manifests and related material for the repose teams project infrastructure
Run locally with
sudo puppet apply --modulepath ./modules manifests/jenkins-slave.pp
Puppet Forge Modules in use
Please refer to the Puppetfile for a full list of the modules currently in use.
Useful references
- http://ttboj.wordpress.com/2013/02/20/automatic-hiera-lookups-in-puppet-3-x/
- http://librarian-puppet.com/
- https://forge.puppetlabs.com/puppetlabs/firewall
Setting up eyaml
https://github.com/TomPoulton/hiera-eyaml#configuration-file-for-eyaml
Rebuilding Master
If you need to rebuild a new master you can run these commands on the clients to hook them up to the new master.
puppet resource service puppet ensure=stopped
# puppet config print ssldir this will output the directory for use in the next command, for now all our boxes have it in that directory though
rm -rf /var/lib/puppet/ssl
puppet resource service puppet ensure=running
puppet agent --test