From 683f366bef93e7846e5c8b1cd75f731f3e4acb5e Mon Sep 17 00:00:00 2001 From: Dan Bode Date: Thu, 28 Jul 2011 21:57:12 -0700 Subject: [PATCH 01/37] Add support for gem provider Makes the package provider a config param. If the provider is gem, start Puppet with an exec. Otherwise, use the service script. --- manifests/agent.pp | 32 ++++++++++++++++++++++---------- manifests/init.pp | 2 ++ manifests/master.pp | 27 +++++++++++++++++++-------- 3 files changed, 43 insertions(+), 18 deletions(-) diff --git a/manifests/agent.pp b/manifests/agent.pp index 55f9ebd44..6a73cdd69 100644 --- a/manifests/agent.pp +++ b/manifests/agent.pp @@ -16,6 +16,7 @@ $puppet_agent_name, $puppet_conf, $puppet_server, + $package_provider = undef, $version ) inherits puppet::params { @@ -29,17 +30,28 @@ } package { 'puppet': - name => $puppet_agent_name, - ensure => $version, + name => $puppet_agent_name, + ensure => $version, + provider => $package_provider, } - service { "puppet_agent": - name => "$puppet_agent_service", - ensure => running, - enable => true, - hasstatus => true, - hasrestart => true, - subscribe => Concat[$puppet_conf], + if $package_provider == 'gem' { + exec { 'puppet_agent_start': + command => '/usr/bin/nohup puppet agent &', + refresh => '/usr/bin/pkill puppet && /usr/bin/nohup puppet agent &', + unless => "/bin/ps -ef | grep -v grep | /bin/grep 'puppet agent'", + require => File['/etc/puppet/puppet.conf'], + subscribe => Package[$puppet_agent_package], + } + } else { + service { $puppet_agent_service: + ensure => running, + enable => true, + hasstatus => true, + require => File['/etc/puppet/puppet.conf'], + subscribe => Package[$puppet_agent_package], + #before => Service['httpd']; + } } concat::fragment { 'puppet.conf-common': @@ -54,4 +66,4 @@ notify => Service['puppet_agent'], } -} \ No newline at end of file +} diff --git a/manifests/init.pp b/manifests/init.pp index 4e9de833d..c7c497db5 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -40,6 +40,7 @@ $storeconfigs_dbsocket = $puppet::params::storeconfigs_dbsocket, $certname = $puppet::params::certname, $puppet_master_package = $puppet::params::puppet_master_package, + $package_provider = undef, $modulepath = $puppet::params::modulepath, $dashboard_version = undef, $dashboard_site = undef, @@ -119,6 +120,7 @@ certname => $certname_real, puppet_master_service => $puppet_master_service_real, puppet_master_package => $puppet_master_package_real, + package_provider => $package_provider, } } diff --git a/manifests/master.pp b/manifests/master.pp index eed9a2d43..6751f6c08 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -42,6 +42,7 @@ $certname, $puppet_master_package, $puppet_master_service, + $package_provider = undef, $version ) { @@ -59,6 +60,7 @@ package { $puppet_master_package: ensure => $version, + provider => $package_provider, } file { '/etc/puppet/namespaceauth.conf': @@ -72,16 +74,25 @@ order => '05', target => "/etc/puppet/puppet.conf", content => template("puppet/puppet.conf-master.erb"), - before => Service[$puppet_master_service], } - service { $puppet_master_service: - ensure => running, - enable => true, - hasstatus => true, - require => File['/etc/puppet/puppet.conf'], - #before => Service['httpd']; + if $package_provider == 'gem' { + exec { 'puppet_master_start': + command => '/usr/bin/nohup puppet master &', + refresh => '/usr/bin/pkill puppet && /usr/bin/nohup puppet master &', + unless => "/bin/ps -ef | grep -v grep | /bin/grep 'puppet master'", + require => File['/etc/puppet/puppet.conf'], + subscribe => Package[$puppet_master_package], + } + } else { + service { $puppet_master_service: + ensure => running, + enable => true, + hasstatus => true, + require => File['/etc/puppet/puppet.conf'], + subscribe => Package[$puppet_master_package], + #before => Service['httpd']; + } } - } From 405cee813c358eee8e956104a99ec996eb2bb141 Mon Sep 17 00:00:00 2001 From: Dan Bode Date: Thu, 28 Jul 2011 22:00:10 -0700 Subject: [PATCH 02/37] Fixed dependecy issue with gem provider addition Fixed dependency to either be set on the master starting exec or service. --- manifests/master.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifests/master.pp b/manifests/master.pp index 6751f6c08..d54a793a4 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -47,6 +47,12 @@ ) { + if $package_provider == 'gem' { + Concat::Fragment['puppet.conf-header']->Exec['puppet_master_start'] + } else { + Concat::Fragment['puppet.conf-header']->Service[$puppet_master_service] + } + if $storeconfigs { class { 'puppet::storeconfigs': From e4f7558ab3cbaf7955e895a261d0f69f82b869ac Mon Sep 17 00:00:00 2001 From: Dan Bode Date: Thu, 28 Jul 2011 22:04:56 -0700 Subject: [PATCH 03/37] Simplify storeconfigs manifest Removed redundant variable namespace. Since the class is already called storedconfigs prefixig variables with this namespace is unneccassry. Made installation of mysql packages optional. This will allow the module to be usable on systems that already install mysql from another module. Condensed data, database_user, and grants in the single mysql::db define --- manifests/master.pp | 11 +++-- manifests/storeconfigs.pp | 20 ++++----- manifests/storeconfigs/mysql.pp | 45 ++++++++----------- templates/puppet-server.conf.erb | 2 +- templates/puppet.conf-master-storeconfigs.erb | 10 ++--- 5 files changed, 40 insertions(+), 48 deletions(-) diff --git a/manifests/master.pp b/manifests/master.pp index d54a793a4..194bb96f7 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -54,13 +54,12 @@ } if $storeconfigs { - class { 'puppet::storeconfigs': - storeconfigs_dbadapter => $storeconfigs_dbadapter, - storeconfigs_dbuser => $storeconfigs_dbuser, - storeconfigs_dbpassword => $storeconfigs_dbpassword, - storeconfigs_dbserver => $storeconfigs_dbserver, - storeconfigs_dbsocket => $storeconfigs_dbsocket, + dbadapter => $storeconfigs_dbadapter, + dbuser => $storeconfigs_dbuser, + dbpassword => $storeconfigs_dbpassword, + dbserver => $storeconfigs_dbserver, + dbsocket => $storeconfigs_dbsocket, } } diff --git a/manifests/storeconfigs.pp b/manifests/storeconfigs.pp index e6561cd18..f1ff784b5 100644 --- a/manifests/storeconfigs.pp +++ b/manifests/storeconfigs.pp @@ -11,11 +11,11 @@ # Sample Usage: # class puppet::storeconfigs ( - $storeconfigs_dbadapter, - $storeconfigs_dbuser, - $storeconfigs_dbpassword, - $storeconfigs_dbserver, - $storeconfigs_dbsocket + $dbadapter, + $dbuser, + $dbpassword, + $dbserver, + $dbsocket ) { case $dbadapter { @@ -23,13 +23,13 @@ include puppet::storeconfig::sqlite } 'mysql': { - class { - "puppet::storeconfigs::mysql": - dbuser => $storeconfigs_dbuser, - dbpassword => $storeconfigs_dbpassword, + class { + "puppet::storeconfigs::mysql": + dbuser => $dbuser, + dbpassword => $dbpassword, } } - default: { err("targer dbadapter $storeconfigs_dbadapter not implemented") } + default: { err("target dbadapter $dbadapter not implemented") } } concat::fragment { 'puppet.conf-master-storeconfig': diff --git a/manifests/storeconfigs/mysql.pp b/manifests/storeconfigs/mysql.pp index 951d35739..930a67a35 100644 --- a/manifests/storeconfigs/mysql.pp +++ b/manifests/storeconfigs/mysql.pp @@ -1,34 +1,27 @@ class puppet::storeconfigs::mysql ( - $storeconfigs_dbuser, - $storeconfigs_dbpassword + $dbuser, + $dbpassword, + $install_packages = false ){ include puppet::params - package { $puppet::params::puppet_storeconfigs_packages: - ensure => installed, - } - - package { 'mysql': - ensure => installed, - provider => 'gem', - } - - database{ 'puppet': - ensure => present, - charset => 'utf8', - } - - database_user{"$dbuser@localhost": - ensure => present, - password_hash => mysql_password($storeconfigs_dbpassword), - require => Database['puppet'], - } - - database_grant{ 'puppet@localhost/puppet': - privileges => [all], - require => [ Database['puppet'], Database_user['puppet@localhost'] ], - } + if $install_packages { + package { $puppet::params::puppet_storeconfigs_packages: + ensure => installed, + } + package { 'mysql': + ensure => installed, + provider => 'gem', + } + } + mysql::db { 'puppet': + user => $dbuser, + password => $dbpassword, + charset => 'utf8', + host => 'localhost', + grant => 'all', + } } diff --git a/templates/puppet-server.conf.erb b/templates/puppet-server.conf.erb index 3009837f6..63049b25c 100644 --- a/templates/puppet-server.conf.erb +++ b/templates/puppet-server.conf.erb @@ -25,6 +25,6 @@ reporturl = http://dashboard.puppetlabs.com/reports storeconfigs = true dbadapter = mysql dbuser = puppet -dbpassword = <%= puppet_storedconfig_password %> +dbpassword = <%= puppet_storedconfig_password %> dbserver = localhost dbsocket = /var/run/mysqld/mysqld.sock diff --git a/templates/puppet.conf-master-storeconfigs.erb b/templates/puppet.conf-master-storeconfigs.erb index 17582a070..a477dedfb 100644 --- a/templates/puppet.conf-master-storeconfigs.erb +++ b/templates/puppet.conf-master-storeconfigs.erb @@ -1,7 +1,7 @@ storeconfigs = <%= storeconfigs %> -dbadapter = <%= storeconfigs_dbadapter %> -dbuser = <%= storeconfigs_dbuser %> -dbpassword = <%= storeconfigs_dbpassword %> -dbserver = <%= storeconfigs_dbserver %> -dbsocket = <%= storeconfigs_dbsocket %> +dbadapter = <%= dbadapter %> +dbuser = <%= dbuser %> +dbpassword = <%= dbpassword %> +dbserver = <%= dbserver %> +dbsocket = <%= dbsocket %> dbmigrate = true From a1307f7ce5b0f798f029acfcccc0ef20327a049c Mon Sep 17 00:00:00 2001 From: Dan Bode Date: Thu, 28 Jul 2011 22:07:04 -0700 Subject: [PATCH 04/37] Add more params and set more defaults Added reasonable defaults for puppet master params Added a manifest, autosign, and certname param. set reasonable defaults for certname, service, package and modulepath --- manifests/master.pp | 12 +++++++----- templates/puppet.conf-master.erb | 6 ++++-- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/manifests/master.pp b/manifests/master.pp index 194bb96f7..fba12e053 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -32,20 +32,22 @@ # } # class puppet::master ( - $modulepath, + $modulepath = '/etc/puppet/modules', + $manifest = '/etc/puppet/manifests/site.pp', $storeconfigs, $storeconfigs_dbadapter, $storeconfigs_dbuser, $storeconfigs_dbpassword, $storeconfigs_dbserver, $storeconfigs_dbsocket, - $certname, - $puppet_master_package, - $puppet_master_service, + $certname = $fqdn, + $autosign = false, + $puppet_master_package = $puppet::params::puppet_master_package, $package_provider = undef, + $puppet_master_service = $puppet::params::puppet_master_service, $version -) { +) inherits puppet::params { if $package_provider == 'gem' { Concat::Fragment['puppet.conf-header']->Exec['puppet_master_start'] diff --git a/templates/puppet.conf-master.erb b/templates/puppet.conf-master.erb index 28f436843..0eb57762f 100644 --- a/templates/puppet.conf-master.erb +++ b/templates/puppet.conf-master.erb @@ -1,6 +1,8 @@ [master] modulepath = <%= modulepath %> +manifest = <%= manifest %> environment = production -manifest = $confdir/manifests/site.pp -ssl_client_header = SSL_CLIENT_S_DN +autosign = <%= autosign %> +ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY +certname = <%= certname %> From b795f3a4a103cdf6950fbc585c2909858a2d6d50 Mon Sep 17 00:00:00 2001 From: Dan Bode Date: Thu, 28 Jul 2011 22:07:35 -0700 Subject: [PATCH 05/37] Document external module dependencies --- manifests/master.pp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/manifests/master.pp b/manifests/master.pp index fba12e053..267a7754d 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -16,6 +16,11 @@ # # Requires: # +# Class['concat'] +# Class['stdlib'] +# Class['concat::setup'] +# Class['mysql'] (conditionally) +# # Sample Usage: # # $modulepath = [ From 4d1b85018119cd9f8a8ed267a7bd5bc136c5e166 Mon Sep 17 00:00:00 2001 From: Dan Bode Date: Thu, 28 Jul 2011 22:09:35 -0700 Subject: [PATCH 06/37] Avoid resource duplication. To avoid duplicate configs when client and server are installed together. --- manifests/master.pp | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/manifests/master.pp b/manifests/master.pp index 267a7754d..d9d4f3d11 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -82,6 +82,17 @@ source => 'puppet:///modules/puppet/namespaceauth.conf', } + if ! defined(Concat[$pupet_conf]) { + concat { $puppet_conf: + mode => '0644', + require => Package[$puppet_master_package], + } + } else { + Concat<| title == $puppet_conf |> { + require => Package[$puppet_master_package] + } + } + concat::fragment { 'puppet.conf-header': order => '05', target => "/etc/puppet/puppet.conf", From 403af71af53ef566be8f3110ca58020ba1d77a32 Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Mon, 15 Aug 2011 12:34:25 -0400 Subject: [PATCH 07/37] Documentation - init.pp --- manifests/init.pp | 57 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/manifests/init.pp b/manifests/init.pp index c7c497db5..0cf37a94f 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -4,6 +4,63 @@ # # Parameters: # +# [*version*] - The value of the ensure parameter for the +# puppet master and agent packages +# [*master*] - Boolean determining whether the the puppet +# master service should be setup +# [*agent*] - Boolean determining whether the puppet agent +# should be setup +# [*confdir*] - The confdir configuration value in puppet.conf +# [*manifest*] - The manifest configuration value in puppet.conf +# [*certname*] - The certname configuration value in puppet.conf +# [*autosign*] - The autosign configuration value in puppet.conf +# [*puppet_server*] - The server configuration value in puppet.conf +# [*modulepath*] - The modulepath configuration value used in +# puppet.conf +# [*puppet_conf*] - The path to the puppet.conf file +# [*puppet_logdir*] - The path to the puppet log +# [*puppet_vardir*] - The path to the puppet vardir +# [*puppet_defaults*] - The path to your distro's puppet defaults file +# [*puppet_master_service*] - The name of the puppet master service +# [*puppet_agent_service*] - The name of the puppet agent service +# [*puppet_passenger*] - Boolean value to determine whether puppet is +# to be run with Passenger +# [*puppet_site*] - The VirtualHost value used in the apache vhost +# configuration file when Passenger is enabled +# [*puppet_passenger_port*] - The port on which puppet is listening when +# Passenger is enabled +# [*puppet_docroot*] - The DocumentRoot value used in the apache vhost +# configuration file when Passenger is enabled +# [*storeconfigs*] - Boolean determining whether storeconfigs is +# to be enabled. +# [*storeconfigs_dbadapter*] - The database adapter to use with storeconfigs +# [*storeconfigs_dbuser*] - The database username used with storeconfigs +# [*storeconfigs_dbpassword*] - The database password used with storeconfigs +# [*storeconfigs_dbserver*] - Fqdn of the storeconfigs database server +# [*storeconfigs_dbsocket*] - The path to the mysql socket file +# [*install_mysql_pkgs*] - Boolean determining whether mysql and related +# devel packages should be installed. +# [*puppet_master_package*] - The name of the puppet master package +# [*package_provider*] - The provider used for package installation +# [*dashboard*] - Boolean determining whether the puppet +# dashboard is to be enabled +# [*dashboard_ensure*] - The value of the ensure parameter for the +# puppet dashboard package +# [*dashboard_user*] - Name of the puppet-dashboard database and +# system user +# [*dashboard_group*] - Name of the puppet-dashboard group +# [*dashbaord_password*] - Password for the puppet-dashboard database use +# [*dashboard_db*] - The puppet-dashboard database name +# [*dashboard_charset*] - Character set for the puppet-dashboard database +# [*dashboard_site*] - The ServerName setting for Apache +# [*dashboard_port*] - The port on which puppet-dashboard should run +# [*dashboard_passenger*] - Boolean to determine whether Dashboard is to be +# used with Passenger +# [*dashboard_mysql_provider*] - The package provider to use when installing +# the ruby-mysql package +# [*dashboard_mysql_pkg*] - The package name used for installing the +# ruby-mysql package +# # Actions: # # Requires: From dfffe33c4a8d83e003eaffbd84ad80ac7f4293a9 Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Mon, 15 Aug 2011 12:36:53 -0400 Subject: [PATCH 08/37] Parameters for init.pp Add parameters for puppet.conf configuration and to allow for the puppet master to be run with Passenger. --- manifests/init.pp | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 0cf37a94f..eb4d4a120 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -79,7 +79,9 @@ $version = 'present', $master = false, $agent = true, - $dashboard = false, + $confdir = $puppet::params::confdir, + $manifest = $puppet::params::manifest, + $modulepath = $puppet::params::modulepath, $puppet_conf = $puppet::params::puppet_conf, $puppet_logdir = $puppet::params::puppet_logdir, $puppet_vardir = $puppet::params::puppet_vardir, @@ -87,8 +89,11 @@ $puppet_defaults = $puppet::params::puppet_defaults, $puppet_master_service = $puppet::params::puppet_master_service, $puppet_agent_service = $puppet::params::puppet_agent_service, - $puppet_agent_name = $puppet::params::puppet_agent_name, $puppet_server = $puppet::params::puppet_server, + $puppet_passenger = false, + $puppet_site = $puppet::params::puppet_site, + $puppet_passenger_port = $puppet::params::puppet_passenger_port, + $puppet_docroot = $puppet::params::puppet_docroot, $storeconfigs = $puppet::params::storeconfigs, $storeconfigs_dbadapter = $puppet::params::storeconfigs_dbadapter, $storeconfigs_dbuser = $puppet::params::storeconfigs_dbuser, @@ -96,13 +101,22 @@ $storeconfigs_dbserver = $puppet::params::storeconfigs_dbserver, $storeconfigs_dbsocket = $puppet::params::storeconfigs_dbsocket, $certname = $puppet::params::certname, + $install_mysql_pkgs = false, + $autosign = false, $puppet_master_package = $puppet::params::puppet_master_package, $package_provider = undef, - $modulepath = $puppet::params::modulepath, - $dashboard_version = undef, - $dashboard_site = undef, + $dashboard = false, + $dashboard_ensure = undef, $dashboard_user = undef, - $dashboard_password = undef + $dashboard_group = undef, + $dashboard_password = undef, + $dashboard_db = undef, + $dashboard_charset = undef, + $dashboard_site = undef, + $dashboard_port = undef, + $dashboard_passenger = undef, + $dashboard_mysql_provider = undef, + $dashboard_mysql_pkg = undef ) inherits puppet::params { From ab63d0c1c425531435300c5c21966f1670f29e51 Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Mon, 15 Aug 2011 12:40:10 -0400 Subject: [PATCH 09/37] Remove _real variables Remove the validation and _real variables for consistency. Some classes used this method, and some did not. --- manifests/init.pp | 88 ++++++++++------------------------------------- 1 file changed, 19 insertions(+), 69 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index eb4d4a120..2d7128e86 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -120,56 +120,7 @@ ) inherits puppet::params { - $v_bool = [ '^true$', '^false$' ] - $v_alphanum = '^[._0-9a-zA-Z:-]+$' - $v_path = '^/' - validate_re($version, $v_alphanum) - validate_re("$master", $v_bool) - validate_re("$agent", $v_bool) - validate_re("$dashboard", $v_bool) - validate_re("$storeconfigs", $v_bool) - validate_re($puppet_conf, $v_path) - validate_re($puppet_logdir, $v_path) - validate_re($puppet_vardir, $v_path) - validate_re($puppet_ssldir, $v_path) - validate_re($puppet_defaults, $v_path) - validate_re($puppet_master_service, $v_alphanum) - validate_re($puppet_agent_service, $v_alphanum) - validate_re($puppet_agent_name, $v_alphanum) - validate_re($puppet_server, $v_alphanum) - validate_re($storeconfigs_dbadapter,$v_alphanum) - validate_re($storeconfigs_dbuser, $v_alphanum) - validate_re($storeconfigs_dbpassword, $v_alphanum) - validate_re($storeconfigs_dbsocket, $v_path) - validate_re($storeconfigs_dbserver, $v_alphanum) - validate_re($certname, $v_alphanum) - validate_re($modulepath, $v_path) - - $version_real = $version - $master_real = $master - $agent_real = $agent - $dashboard_real = $dashboard - $puppet_conf_real = $puppet_conf - $puppet_logdir_real = $puppetlogdir - $puppet_vardir_real = $puppet_vardir - $puppet_ssldir_real = $puppet_ssldir - $puppet_defaults_real = $puppet_defaults - $puppet_master_service_real = $puppet_master_service - $puppet_agent_service_real = $puppet_agent_service - $puppet_agent_name_real = $puppet_agent_name - $puppet_server_real = $puppet_server - $storeconfigs_dbadapter_real = $storeconfigs_dbadapter - $storeconfigs_dbuser_real = $storeconfigs_dbuser - $storeconfigs_dbpassword_real = $storeconfigs_dbpassword - $storeconfigs_dbsocket_real = $storeconfigs_dbsocket - $storeconfigs_dbserver_real = $storeconfigs_dbserver - $storeconfigs_real = $storeconfigs - $certname_real = $certname - $puppet_master_package_real = $puppet_master_package - $modulepath_real = $modulepath - - if $dashboard_real { - + if $dashboard { class {'dashboard': dashboard_version => $dashboard_version, dashboard_site => $dashboard_site, @@ -178,31 +129,30 @@ } } - if $master_real { + if $master { class {'puppet::master': - version => $version_real, - modulepath => $modulepath_real, - storeconfigs => $storeconfigs_real, - storeconfigs_dbadapter => $storeconfigs_dbadapter_real, - storeconfigs_dbuser => $storeconfigs_dbuser_real, - storeconfigs_dbpassword => $storeconfigs_dbpassword_real, - storeconfigs_dbserver => $storeconfigs_dbserver_real, - storeconfigs_dbsocket => $storeconfigs_dbsocket_real, - certname => $certname_real, - puppet_master_service => $puppet_master_service_real, - puppet_master_package => $puppet_master_package_real, + version => $version, + modulepath => $modulepath, + storeconfigs => $storeconfigs, + storeconfigs_dbadapter => $storeconfigs_dbadapter, + storeconfigs_dbuser => $storeconfigs_dbuser, + storeconfigs_dbpassword => $storeconfigs_dbpassword, + storeconfigs_dbserver => $storeconfigs_dbserver, + storeconfigs_dbsocket => $storeconfigs_dbsocket, + certname => $certname, + puppet_master_service => $puppet_master_service, + puppet_master_package => $puppet_master_package, package_provider => $package_provider, } } - if $agent_real { + if $agent { class {'puppet::agent': - version => $version_real, - puppet_defaults => $puppet_defaults_real, - puppet_agent_service => $puppet_agent_service_real, - puppet_agent_name => $puppet_agent_name_real, - puppet_server => $puppet_server_real, - puppet_conf => $puppet_conf_real, + version => $version, + puppet_defaults => $puppet_defaults, + puppet_agent_service => $puppet_agent_service, + puppet_server => $puppet_server, + puppet_conf => $puppet_conf, } } From 8788846e2b04dbcd49f17d9d4dfdbc0c14833610 Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Mon, 15 Aug 2011 12:41:24 -0400 Subject: [PATCH 10/37] Documentation for master.pp --- manifests/master.pp | 36 ++++++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) diff --git a/manifests/master.pp b/manifests/master.pp index d9d4f3d11..3d47d579f 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -3,14 +3,34 @@ # This class installs and configures a Puppet master # # Parameters: -# * modulepath -# * storeconfigs -# * dbadapter -# * dbuser -# * dbpassword -# * dbserver -# * dbsocket -# * certname +# [*modulepath*] - The modulepath configuration value used in +# puppet.conf +# [*confdir*] - The confdir configuration value in puppet.conf +# [*manifest*] - The manifest configuration value in puppet.conf +# [*storeconfigs*] - Boolean determining whether storeconfigs is +# to be enabled. +# [*storeconfigs_dbadapter*] - The database adapter to use with storeconfigs +# [*storeconfigs_dbuser*] - The database username used with storeconfigs +# [*storeconfigs_dbpassword*] - The database password used with storeconfigs +# [*storeconfigs_dbserver*] - Fqdn of the storeconfigs database server +# [*storeconfigs_dbsocket*] - The path to the mysql socket file +# [*install_mysql_pkgs*] - Boolean determining whether mysql and related +# devel packages should be installed. +# [*certname*] - The certname configuration value in puppet.conf +# [*autosign*] - The autosign configuration value in puppet.conf +# [*dashboard_port*] - The port on which puppet-dashboard should run +# [*puppet_passenger*] - Boolean value to determine whether puppet is +# to be run with Passenger +# [*puppet_site*] - The VirtualHost value used in the apache vhost +# configuration file when Passenger is enabled +# [*puppet_docroot*] - The DocumentRoot value used in the apache vhost +# configuration file when Passenger is enabled +# [*puppet_passenger_port*] - The port on which puppet is listening when +# Passenger is enabled +# [*puppet_master_package*] - The name of the puppet master package +# [*package_provider*] - The provider used for package installation +# [*version*] - The value of the ensure parameter for the +# puppet master and agent packages # # Actions: # From fd127759b65dcb7bcb4b971803dd89911795efa8 Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Mon, 15 Aug 2011 12:49:39 -0400 Subject: [PATCH 11/37] Remove unnecessary master.pp parameters Fix parameters that have their defaults set in init.pp and remove the unneeded manifests parameter. --- manifests/master.pp | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/manifests/master.pp b/manifests/master.pp index 3d47d579f..43ec79212 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -57,19 +57,18 @@ # } # class puppet::master ( - $modulepath = '/etc/puppet/modules', - $manifest = '/etc/puppet/manifests/site.pp', + $modulepath, $storeconfigs, $storeconfigs_dbadapter, $storeconfigs_dbuser, $storeconfigs_dbpassword, $storeconfigs_dbserver, $storeconfigs_dbsocket, - $certname = $fqdn, - $autosign = false, - $puppet_master_package = $puppet::params::puppet_master_package, + $certname, + $autosign, + $puppet_master_package, $package_provider = undef, - $puppet_master_service = $puppet::params::puppet_master_service, + $puppet_master_service, $version ) inherits puppet::params { From b96f43e7b4d1031b77c88101006f9f78a609a5c4 Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Mon, 15 Aug 2011 12:58:16 -0400 Subject: [PATCH 12/37] Implement Passenger with Puppet Master Add functionality to run puppet master with Passenger. If Passenger is to be used, ensure that that the puppet master cert exists, declare the passenger class, declare an Apache virtual host, modify puppet.conf, and ensure that the puppet master config.ru file is present. --- files/config.ru | 16 +++++++ manifests/init.pp | 9 ++++ manifests/master.pp | 79 ++++++++++++++++++++++---------- templates/apache2.conf.erb | 30 ++++++++++++ templates/puppet.conf-master.erb | 14 ++++-- 5 files changed, 121 insertions(+), 27 deletions(-) create mode 100644 files/config.ru create mode 100644 templates/apache2.conf.erb diff --git a/files/config.ru b/files/config.ru new file mode 100644 index 000000000..f45126f8e --- /dev/null +++ b/files/config.ru @@ -0,0 +1,16 @@ +# a config.ru, for use with every rack-compatible webserver. +# SSL needs to be handled outside this, though. + +# if puppet is not in your RUBYLIB: +# $:.unshift('/opt/puppet/lib') + +$0 = "master" + +# if you want debugging: +# ARGV << "--debug" + +ARGV << "--rack" +require 'puppet/application/master' +# we're usually running inside a Rack::Builder.new {} block, +# therefore we need to call run *here*. +run Puppet::Application[:master].run \ No newline at end of file diff --git a/manifests/init.pp b/manifests/init.pp index 2d7128e86..3580b9446 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -132,6 +132,11 @@ if $master { class {'puppet::master': version => $version, + confdir => $confdir, + puppet_passenger => $puppet_passenger, + puppet_site => $puppet_site, + puppet_passenger_port => $puppet_passenger_port, + puppet_docroot => $puppet_docroot, modulepath => $modulepath, storeconfigs => $storeconfigs, storeconfigs_dbadapter => $storeconfigs_dbadapter, @@ -139,10 +144,14 @@ storeconfigs_dbpassword => $storeconfigs_dbpassword, storeconfigs_dbserver => $storeconfigs_dbserver, storeconfigs_dbsocket => $storeconfigs_dbsocket, + install_mysql_pkgs => $install_mysql_pkgs, certname => $certname, + autosign => $autosign, + manifest => $manifest, puppet_master_service => $puppet_master_service, puppet_master_package => $puppet_master_package, package_provider => $package_provider, + dashboard_port => $dashboard_port, } } diff --git a/manifests/master.pp b/manifests/master.pp index 43ec79212..cf579d69d 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -58,14 +58,22 @@ # class puppet::master ( $modulepath, + $confdir, + $manifest, $storeconfigs, $storeconfigs_dbadapter, $storeconfigs_dbuser, $storeconfigs_dbpassword, $storeconfigs_dbserver, $storeconfigs_dbsocket, + $install_mysql_pkgs, $certname, $autosign, + $dashboard_port = UNSET, + $puppet_passenger, + $puppet_site, + $puppet_docroot, + $puppet_passenger_port, $puppet_master_package, $package_provider = undef, $puppet_master_service, @@ -86,37 +94,59 @@ dbpassword => $storeconfigs_dbpassword, dbserver => $storeconfigs_dbserver, dbsocket => $storeconfigs_dbsocket, + if $puppet_passenger { + + exec { "Certificate_Check": + command => "/usr/bin/puppet cert --generate ${certname}", + unless => "/bin/ls ${puppet_ssldir}/certs/${certname}.pem", + before => Class['::passenger'], + require => Package[$puppet_master_package], } - } - package { $puppet_master_package: - ensure => $version, - provider => $package_provider, - } + if ! defined(Class['passenger']) { + class { '::passenger': } + } - file { '/etc/puppet/namespaceauth.conf': - owner => root, - group => root, - mode => 644, - source => 'puppet:///modules/puppet/namespaceauth.conf', - } + apache::vhost { "puppet-$puppet_site": + port => $puppet_passenger_port, + priority => '40', + docroot => $puppet_docroot, + template => 'puppet/apache2.conf.erb', + require => [ File['/etc/puppet/rack/config.ru'], File['/etc/puppet/puppet.conf'] ], + ssl => true, + } - if ! defined(Concat[$pupet_conf]) { - concat { $puppet_conf: - mode => '0644', - require => Package[$puppet_master_package], + file { ["/etc/puppet/rack", "/etc/puppet/rack/public"]: + ensure => directory, + mode => '0755', } - } else { - Concat<| title == $puppet_conf |> { - require => Package[$puppet_master_package] + + file { "/etc/puppet/rack/config.ru": + ensure => present, + source => "puppet:///modules/puppet/config.ru", + mode => '0644', } - } - concat::fragment { 'puppet.conf-header': - order => '05', - target => "/etc/puppet/puppet.conf", - content => template("puppet/puppet.conf-master.erb"), - } + if ! defined(Concat[$puppet_conf]) { + concat { $puppet_conf: + mode => '0644', + require => [Package[$puppet_master_package], Class['passenger']], + notify => Service['httpd'], + } + } else { + Concat<| title == $puppet_conf |> { + require => [Package[$puppet_master_package], Class['passenger']], + notify +> Service['httpd'], + } + } + + concat::fragment { 'puppet.conf-header': + order => '05', + target => "/etc/puppet/puppet.conf", + content => template("puppet/puppet.conf-master.erb"), + } + + } else { if $package_provider == 'gem' { exec { 'puppet_master_start': @@ -134,6 +164,7 @@ require => File['/etc/puppet/puppet.conf'], subscribe => Package[$puppet_master_package], #before => Service['httpd']; + } } } } diff --git a/templates/apache2.conf.erb b/templates/apache2.conf.erb new file mode 100644 index 000000000..bc1ef48e4 --- /dev/null +++ b/templates/apache2.conf.erb @@ -0,0 +1,30 @@ +LoadModule ssl_module modules/mod_ssl.so + +Listen <%= puppet_passenger_port %> + +> + ServerName <%= puppet_site %> + SSLEngine on + SSLProtocol -ALL +SSLv3 +TLSv1 + SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP + + SSLCertificateFile <%= puppet_ssldir %>/certs/<%= certname %>.pem + SSLCertificateKeyFile <%= puppet_ssldir %>/private_keys/<%= certname %>.pem + SSLCertificateChainFile <%= puppet_ssldir %>/ca/ca_crt.pem + SSLCACertificateFile <%= puppet_ssldir %>/ca/ca_crt.pem + # If Apache complains about invalid signatures on the CRL, you can try disabling + # CRL checking by commenting the next line, but this is not recommended. + SSLCARevocationFile <%= puppet_ssldir %>/ca/ca_crl.pem + SSLVerifyClient optional + SSLVerifyDepth 1 + SSLOptions +StdEnvVars + + DocumentRoot <%= puppet_docroot %> + RackBaseURI / + + Options None + AllowOverride None + Order allow,deny + allow from all + + diff --git a/templates/puppet.conf-master.erb b/templates/puppet.conf-master.erb index 0eb57762f..89a49bb43 100644 --- a/templates/puppet.conf-master.erb +++ b/templates/puppet.conf-master.erb @@ -1,8 +1,16 @@ + [master] -modulepath = <%= modulepath %> +modulepath = <%= modulepath %> manifest = <%= manifest %> -environment = production +environment = production autosign = <%= autosign %> ssl_client_header = SSL_CLIENT_S_DN -ssl_client_verify_header = SSL_CLIENT_VERIFY +ssl_client_verify_header = SSL_CLIENT_VERIFY certname = <%= certname %> +report = true +reports = store, http +<% if dashboard_port != 'UNSET' %> +reporturl = http://<%= puppet_site %>:<%= dashboard_port %>/reports +<% else -%> +reporturl = http://<%= puppet_site %>/reports +<% end -%> \ No newline at end of file From 692801f288d7cb6015af4bc66c764d358d5f163f Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Mon, 15 Aug 2011 13:01:07 -0400 Subject: [PATCH 13/37] Implement Dashboard Class Parameters Implement the parameters used in the puppetlabs-dashboard class. --- manifests/init.pp | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 3580b9446..5072f4817 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -122,10 +122,17 @@ if $dashboard { class {'dashboard': - dashboard_version => $dashboard_version, - dashboard_site => $dashboard_site, - dashboard_user => $dashboard_user, - dashboard_password => $dashboard_password, + dashboard_ensure => $dashboard_version, + dashboard_group => $dashboard_group, + dashboard_db => $dashboard_db, + dashboard_charset => $dashboard_charset, + dashboard_site => $dashboard_site, + dashboard_port => $dashboard_port, + passenger => $dashboard_passenger, + mysql_package_provider => $dashboard_mysql_provider, + ruby_mysql_package => $dashboard_mysql_pkg, + dashboard_user => $dashboard_user, + dashboard_password => $dashboard_password, } } From 17281ae6a4bb0c97bbb52849a5267f7964991f41 Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Mon, 15 Aug 2011 13:02:45 -0400 Subject: [PATCH 14/37] Declare concat::setup Declare the concat::setup class and ensure its order. --- manifests/master.pp | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/manifests/master.pp b/manifests/master.pp index cf579d69d..a8539f8f8 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -85,6 +85,12 @@ Concat::Fragment['puppet.conf-header']->Exec['puppet_master_start'] } else { Concat::Fragment['puppet.conf-header']->Service[$puppet_master_service] + include concat::setup + + File { + require => Package[$puppet_master_package], + owner => 'puppet', + group => 'puppet', } if $storeconfigs { @@ -149,6 +155,8 @@ } else { if $package_provider == 'gem' { + Concat::Fragment['puppet.conf-header']->Exec['puppet_master_start'] + exec { 'puppet_master_start': command => '/usr/bin/nohup puppet master &', refresh => '/usr/bin/pkill puppet && /usr/bin/nohup puppet master &', From 299ca797ffb2b974e282e4d8e9bc587289f05f07 Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Tue, 16 Aug 2011 11:23:19 -0700 Subject: [PATCH 15/37] Repair Certificate Check This commit fixes the certificate check by setting a path and logging output on failure. --- manifests/master.pp | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/manifests/master.pp b/manifests/master.pp index a8539f8f8..d6dd8bd60 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -103,10 +103,12 @@ if $puppet_passenger { exec { "Certificate_Check": - command => "/usr/bin/puppet cert --generate ${certname}", - unless => "/bin/ls ${puppet_ssldir}/certs/${certname}.pem", - before => Class['::passenger'], - require => Package[$puppet_master_package], + command => "puppet cert --generate ${certname} --trace", + unless => "/bin/ls ${puppet_ssldir}/certs/${certname}.pem", + path => "/usr/bin:/usr/local/bin", + before => Class['::passenger'], + require => Package[$puppet_master_package], + logoutput => on_failure, } if ! defined(Class['passenger']) { From 4342f09a779d9003838df198540a06e145387306 Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Tue, 16 Aug 2011 11:29:32 -0700 Subject: [PATCH 16/37] Declare puppet.conf with concat This commit declares two variables: $service_notify and $service_require and uses them to setup puppet.conf with concat. --- manifests/agent.pp | 24 +++++++++++++++++------- manifests/master.pp | 33 +++++++++++++++++---------------- 2 files changed, 34 insertions(+), 23 deletions(-) diff --git a/manifests/agent.pp b/manifests/agent.pp index 6a73cdd69..5d544f377 100644 --- a/manifests/agent.pp +++ b/manifests/agent.pp @@ -36,6 +36,8 @@ } if $package_provider == 'gem' { + $service_notify = Exec['puppet_agent_start'] + exec { 'puppet_agent_start': command => '/usr/bin/nohup puppet agent &', refresh => '/usr/bin/pkill puppet && /usr/bin/nohup puppet agent &', @@ -44,6 +46,8 @@ subscribe => Package[$puppet_agent_package], } } else { + $service_notify = Service[$puppet_agent_service] + service { $puppet_agent_service: ensure => running, enable => true, @@ -54,16 +58,22 @@ } } + if ! defined(Concat[$puppet_conf]) { + concat { $puppet_conf: + mode => '0644', + require => Package['puppet'], + notify => $puppet::agent::service_notify, + } + } else { + Concat<| title == $puppet_conf |> { + require => Package['puppet'], + notify +> $puppet::agent::service_notify, + } + } + concat::fragment { 'puppet.conf-common': order => '00', target => $puppet_conf, content => template("puppet/puppet.conf-common.erb"), } - - concat { $puppet_conf: - mode => '0644', - require => Package['puppet'], - notify => Service['puppet_agent'], - } - } diff --git a/manifests/master.pp b/manifests/master.pp index d6dd8bd60..de18ea6ad 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -101,6 +101,9 @@ dbserver => $storeconfigs_dbserver, dbsocket => $storeconfigs_dbsocket, if $puppet_passenger { + $service_notify = Service['httpd'] + $service_require = [Package[$puppet_master_package], Class['passenger']] + exec { "Certificate_Check": command => "puppet cert --generate ${certname} --trace", @@ -135,29 +138,16 @@ mode => '0644', } - if ! defined(Concat[$puppet_conf]) { - concat { $puppet_conf: - mode => '0644', - require => [Package[$puppet_master_package], Class['passenger']], - notify => Service['httpd'], - } - } else { - Concat<| title == $puppet_conf |> { - require => [Package[$puppet_master_package], Class['passenger']], - notify +> Service['httpd'], - } - } - concat::fragment { 'puppet.conf-header': order => '05', target => "/etc/puppet/puppet.conf", content => template("puppet/puppet.conf-master.erb"), } - } else { - if $package_provider == 'gem' { - Concat::Fragment['puppet.conf-header']->Exec['puppet_master_start'] + $service_require = Package[$puppet_master_package] + $service_notify = Exec['puppet_master_start'] + exec { 'puppet_master_start': command => '/usr/bin/nohup puppet master &', @@ -175,6 +165,17 @@ subscribe => Package[$puppet_master_package], #before => Service['httpd']; } + + if ! defined(Concat[$puppet_conf]) { + concat { $puppet_conf: + mode => '0644', + require => $service_require, + notify => $service_notify, + } + } else { + Concat<| title == $puppet_conf |> { + require => $service_require, + notify +> $service_notify, } } } From 1d322c71b94ed1e7d10979653fffb0a8b4437f72 Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Tue, 16 Aug 2011 13:10:59 -0700 Subject: [PATCH 17/37] Check for package declaration The agent now checks to see if the puppet package has been declared. If it hasn't, it will do so. --- manifests/agent.pp | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/manifests/agent.pp b/manifests/agent.pp index 5d544f377..661f5614f 100644 --- a/manifests/agent.pp +++ b/manifests/agent.pp @@ -29,10 +29,11 @@ } } - package { 'puppet': - name => $puppet_agent_name, - ensure => $version, - provider => $package_provider, + if ! defined(Package[$puppet_agent_name]) { + package { $puppet_agent_name: + ensure => $version, + provider => $package_provider, + } } if $package_provider == 'gem' { From c57bfbafc71bf6dba240e49b841b925a58d1888c Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Tue, 16 Aug 2011 13:11:34 -0700 Subject: [PATCH 18/37] Change agent package name Use the $puppet_agent_name variable for the puppet package. --- manifests/agent.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/agent.pp b/manifests/agent.pp index 661f5614f..0b6ad062b 100644 --- a/manifests/agent.pp +++ b/manifests/agent.pp @@ -44,7 +44,7 @@ refresh => '/usr/bin/pkill puppet && /usr/bin/nohup puppet agent &', unless => "/bin/ps -ef | grep -v grep | /bin/grep 'puppet agent'", require => File['/etc/puppet/puppet.conf'], - subscribe => Package[$puppet_agent_package], + subscribe => Package[$puppet_agent_name], } } else { $service_notify = Service[$puppet_agent_service] @@ -54,7 +54,7 @@ enable => true, hasstatus => true, require => File['/etc/puppet/puppet.conf'], - subscribe => Package[$puppet_agent_package], + subscribe => Package[$puppet_agent_name], #before => Service['httpd']; } } From 328417c1e8f9612aff8ebc264761d138ac062d8b Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Tue, 16 Aug 2011 13:12:51 -0700 Subject: [PATCH 19/37] Documentation for group_id and user_id --- manifests/init.pp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/manifests/init.pp b/manifests/init.pp index 5072f4817..54a68c051 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -42,6 +42,8 @@ # devel packages should be installed. # [*puppet_master_package*] - The name of the puppet master package # [*package_provider*] - The provider used for package installation +# [*user_id*] - The UID of the puppet user +# [*group_id*] - The GID of the puppet group # [*dashboard*] - Boolean determining whether the puppet # dashboard is to be enabled # [*dashboard_ensure*] - The value of the ensure parameter for the @@ -105,6 +107,8 @@ $autosign = false, $puppet_master_package = $puppet::params::puppet_master_package, $package_provider = undef, + $user_id = undef, + $group_id = undef, $dashboard = false, $dashboard_ensure = undef, $dashboard_user = undef, From 61a1ffb6fda04eeee9f7180c404c838d2b19dee8 Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Tue, 16 Aug 2011 13:13:53 -0700 Subject: [PATCH 20/37] Declare puppet user and group If you install via rubygems, the puppet user and group is not created. This declaration will do that for you and allow you to pass a parameter for the UID and GID of the puppet user/group. --- manifests/init.pp | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/manifests/init.pp b/manifests/init.pp index 54a68c051..2867e991f 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -176,5 +176,16 @@ } } + user { 'puppet': + ensure => present, + uid => $user_id, + gid => 'puppet', + } + + group { 'puppet': + ensure => present, + gid => $group_id, + } + } From d57e2cdf7a1d15a2fc1df1f5d00d395147ac8c9a Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Tue, 16 Aug 2011 13:21:23 -0700 Subject: [PATCH 21/37] Defaults storeconfigs to false --- manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/init.pp b/manifests/init.pp index 2867e991f..84287fff9 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -96,7 +96,7 @@ $puppet_site = $puppet::params::puppet_site, $puppet_passenger_port = $puppet::params::puppet_passenger_port, $puppet_docroot = $puppet::params::puppet_docroot, - $storeconfigs = $puppet::params::storeconfigs, + $storeconfigs = false, $storeconfigs_dbadapter = $puppet::params::storeconfigs_dbadapter, $storeconfigs_dbuser = $puppet::params::storeconfigs_dbuser, $storeconfigs_dbpassword = $puppet::params::storeconfigs_dbpassword, From 96ed89347037f6322bbf765ce58bed2a2478a872 Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Tue, 16 Aug 2011 13:23:51 -0700 Subject: [PATCH 22/37] Pass puppet_vardir to master class --- manifests/init.pp | 1 + manifests/master.pp | 2 ++ 2 files changed, 3 insertions(+) diff --git a/manifests/init.pp b/manifests/init.pp index 84287fff9..0d2033592 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -148,6 +148,7 @@ puppet_site => $puppet_site, puppet_passenger_port => $puppet_passenger_port, puppet_docroot => $puppet_docroot, + puppet_vardir => $puppet_vardir, modulepath => $modulepath, storeconfigs => $storeconfigs, storeconfigs_dbadapter => $storeconfigs_dbadapter, diff --git a/manifests/master.pp b/manifests/master.pp index de18ea6ad..1d22bf95a 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -25,6 +25,7 @@ # configuration file when Passenger is enabled # [*puppet_docroot*] - The DocumentRoot value used in the apache vhost # configuration file when Passenger is enabled +# [*puppet_vardir*] - The path to the puppet vardir # [*puppet_passenger_port*] - The port on which puppet is listening when # Passenger is enabled # [*puppet_master_package*] - The name of the puppet master package @@ -73,6 +74,7 @@ $puppet_passenger, $puppet_site, $puppet_docroot, + $puppet_vardir, $puppet_passenger_port, $puppet_master_package, $package_provider = undef, From 8647b83f145da9e7cbcc96bdb173a8265a8163a4 Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Tue, 16 Aug 2011 13:24:46 -0700 Subject: [PATCH 23/37] Pass parameters to agent class This commit will pass both puppet_agent_name and package_provider to the agent class. --- manifests/init.pp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/manifests/init.pp b/manifests/init.pp index 0d2033592..a4a0f23ff 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -174,6 +174,8 @@ puppet_agent_service => $puppet_agent_service, puppet_server => $puppet_server, puppet_conf => $puppet_conf, + puppet_agent_name => $puppet_agent_name, + package_provider => $package_provider, } } From 2fd4574401d744074e8960ec7853a8ad2ca02177 Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Tue, 16 Aug 2011 13:25:50 -0700 Subject: [PATCH 24/37] Set /etc/puppet permissions This commit ensures that /etc/puppet is owned by the puppet user and group with a recurselimit of 1. --- manifests/init.pp | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/manifests/init.pp b/manifests/init.pp index a4a0f23ff..6f876cabd 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -190,5 +190,13 @@ gid => $group_id, } + file { '/etc/puppet': + ensure => directory, + group => 'puppet', + owner => 'puppet', + recurse => true, + recurselimit => '1', + } + } From 362a854ed425d96ef42284d9bf23d658f28bd4ad Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Tue, 16 Aug 2011 13:26:10 -0700 Subject: [PATCH 25/37] Remove certname fact This fact is unnecessary as we pass certname as a parameter. --- lib/facter/certname.rb | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 lib/facter/certname.rb diff --git a/lib/facter/certname.rb b/lib/facter/certname.rb deleted file mode 100644 index d92c6f8d9..000000000 --- a/lib/facter/certname.rb +++ /dev/null @@ -1,7 +0,0 @@ -Facter.add("certname") do - path = '/usr/bin/puppet' - setcode do - %x{#{path} --configprint certname}.chomp if File.exists?(path) - end -end - From 87c8572cdb16dae3ff4274c2c86178df4bbd5f1f Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Tue, 16 Aug 2011 13:36:20 -0700 Subject: [PATCH 26/37] Manage /etc/puppet This commit checks to see if /etc/puppet is being managed elsewhere. If not, it will declare it. The agent and master class also append the require and notify parameters to accomodate for its package and service declarations. --- manifests/agent.pp | 7 +++++++ manifests/init.pp | 14 ++++++++------ manifests/master.pp | 7 +++++++ 3 files changed, 22 insertions(+), 6 deletions(-) diff --git a/manifests/agent.pp b/manifests/agent.pp index 0b6ad062b..095677c65 100644 --- a/manifests/agent.pp +++ b/manifests/agent.pp @@ -59,6 +59,13 @@ } } + if defined(File['/etc/puppet']) { + File ['/etc/puppet'] { + require +> Package[$puppet_agent_name], + notify +> $service_notify + } + } + if ! defined(Concat[$puppet_conf]) { concat { $puppet_conf: mode => '0644', diff --git a/manifests/init.pp b/manifests/init.pp index 6f876cabd..a66364b63 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -190,12 +190,14 @@ gid => $group_id, } - file { '/etc/puppet': - ensure => directory, - group => 'puppet', - owner => 'puppet', - recurse => true, - recurselimit => '1', + if ! defined(File['/etc/puppet']) { + file { '/etc/puppet': + ensure => directory, + group => 'puppet', + owner => 'puppet', + recurse => true, + recurselimit => '1', + } } } diff --git a/manifests/master.pp b/manifests/master.pp index 1d22bf95a..375d4b498 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -180,5 +180,12 @@ notify +> $service_notify, } } + if defined(File['/etc/puppet']) { + File ['/etc/puppet'] { + require +> Package[$puppet_master_package], + notify +> $service_notify + } + } + } From 1e574c009c80b40daeef4d74c97bb7239817474c Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Tue, 16 Aug 2011 13:37:10 -0700 Subject: [PATCH 27/37] Declare puppet master package If the puppet master package is not declared, we will declare it in the master class. --- manifests/master.pp | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/manifests/master.pp b/manifests/master.pp index 375d4b498..79f4cda05 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -102,6 +102,16 @@ dbpassword => $storeconfigs_dbpassword, dbserver => $storeconfigs_dbserver, dbsocket => $storeconfigs_dbsocket, + } + } + + if ! defined(Package[$puppet_master_package]) { + package { $puppet_master_package: + ensure => $version, + provider => $package_provider, + } + } + if $puppet_passenger { $service_notify = Service['httpd'] $service_require = [Package[$puppet_master_package], Class['passenger']] From d95123cac2ff775f259ab70e9e4b37dd65bb523b Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Tue, 16 Aug 2011 13:38:14 -0700 Subject: [PATCH 28/37] Use exec to start/stop puppet master service This commit removes the service declaration for the master class. We will use the exec to start/stop the service. --- manifests/master.pp | 8 -------- 1 file changed, 8 deletions(-) diff --git a/manifests/master.pp b/manifests/master.pp index 79f4cda05..3683c9dab 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -168,14 +168,6 @@ require => File['/etc/puppet/puppet.conf'], subscribe => Package[$puppet_master_package], } - } else { - service { $puppet_master_service: - ensure => running, - enable => true, - hasstatus => true, - require => File['/etc/puppet/puppet.conf'], - subscribe => Package[$puppet_master_package], - #before => Service['httpd']; } if ! defined(Concat[$puppet_conf]) { From 1cef093c4af784bc9a6db72cd3cb96fe9ff0bd1c Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Tue, 16 Aug 2011 13:39:41 -0700 Subject: [PATCH 29/37] Rename and order puppet master concat fragment Rename the concat::fragment to puppet.conf-master and order it based on if we're using Passenger or not. --- manifests/master.pp | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/manifests/master.pp b/manifests/master.pp index 3683c9dab..94a2fbb63 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -83,10 +83,6 @@ ) inherits puppet::params { - if $package_provider == 'gem' { - Concat::Fragment['puppet.conf-header']->Exec['puppet_master_start'] - } else { - Concat::Fragment['puppet.conf-header']->Service[$puppet_master_service] include concat::setup File { @@ -116,6 +112,7 @@ $service_notify = Service['httpd'] $service_require = [Package[$puppet_master_package], Class['passenger']] + Concat::Fragment['puppet.conf-master'] -> Service['httpd'] exec { "Certificate_Check": command => "puppet cert --generate ${certname} --trace", @@ -150,7 +147,7 @@ mode => '0644', } - concat::fragment { 'puppet.conf-header': + concat::fragment { 'puppet.conf-master': order => '05', target => "/etc/puppet/puppet.conf", content => template("puppet/puppet.conf-master.erb"), @@ -160,6 +157,13 @@ $service_require = Package[$puppet_master_package] $service_notify = Exec['puppet_master_start'] + Concat::Fragment['puppet.conf-master'] -> Exec['puppet_master_start'] + + concat::fragment { 'puppet.conf-master': + order => '05', + target => "/etc/puppet/puppet.conf", + content => template("puppet/puppet.conf-master.erb"), + } exec { 'puppet_master_start': command => '/usr/bin/nohup puppet master &', From 20546feee7229cd3707a061c3525d6b02f5c9f65 Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Tue, 16 Aug 2011 13:40:28 -0700 Subject: [PATCH 30/37] Manage $vardir Ensure the owner/group on the $vardir and notify the puppet service if it's changed. --- manifests/master.pp | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/manifests/master.pp b/manifests/master.pp index 94a2fbb63..6cd5ae633 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -186,6 +186,14 @@ notify +> $service_notify, } } + + file { $puppet_vardir: + ensure => directory, + recurse => true, + recurselimit => '1', + notify => $service_notify, + } + if defined(File['/etc/puppet']) { File ['/etc/puppet'] { require +> Package[$puppet_master_package], From 7c1f9aed17e185c902eca3ab0d010bfb7746c4cf Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Tue, 16 Aug 2011 13:44:45 -0700 Subject: [PATCH 31/37] Add necessary parameter defaults to params class --- manifests/params.pp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/manifests/params.pp b/manifests/params.pp index c04603f7e..65de774a7 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -22,6 +22,11 @@ $storeconfigs_dbserver = 'localhost' $storeconfigs_dbsocket = '/var/run/mysqld/mysqld.sock' $certname = $fqdn + $confdir = '/etc/puppet/puppet.conf' + $manifest = '/etc/puppet/manifests/site.pp' + $puppet_site = $fqdn + $puppet_docroot = '/etc/puppet/rack/public/' + $puppet_passenger_port = '8140' case $operatingsystem { 'centos', 'redhat', 'fedora': { From 0ba432c31deca2d5fee007e32217be17cdd80a25 Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Tue, 16 Aug 2011 13:45:42 -0700 Subject: [PATCH 32/37] Fix parameter names Default the dbadapter to mysql, and set the puppet_master_package to be 'puppet' instead of 'puppet-server' --- manifests/params.pp | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index 65de774a7..7ba801e66 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -12,11 +12,10 @@ # class puppet::params { - $puppet_server = 'baal.puppetlabs.com' + $puppet_server = 'aserver.puppetlabs.lan' $puppet_storeconfigs_password = 'password' $modulepath = "/etc/puppet/modules" - $storeconfigs = 'false' - $storeconfigs_dbadapter = 'sqlite3' + $storeconfigs_dbadapter = 'mysql' $storeconfigs_dbuser = 'puppet' $storeconfigs_dbpassword = 'password' $storeconfigs_dbserver = 'localhost' @@ -30,7 +29,7 @@ case $operatingsystem { 'centos', 'redhat', 'fedora': { - $puppet_master_package = 'puppet-server' + $puppet_master_package = 'puppet' $puppet_master_service = 'puppetmaster' $puppet_agent_service = 'puppet' $puppet_agent_name = 'puppet' @@ -43,7 +42,7 @@ $puppet_ssldir = '/var/lib/puppet/ssl' } 'ubuntu', 'debian': { - $puppet_master_package = 'puppetmaster' + $puppet_master_package = 'puppet' $puppet_master_service = 'puppetmaster' $puppet_agent_service = 'puppet' $puppet_agent_name = 'puppet' From 93eb0e386ecb42e7274aba7a5d1c4a5a751c3c4d Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Tue, 16 Aug 2011 13:46:03 -0700 Subject: [PATCH 33/37] Typo on storeconfigs class --- manifests/storeconfigs.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/storeconfigs.pp b/manifests/storeconfigs.pp index f1ff784b5..cb32d78a3 100644 --- a/manifests/storeconfigs.pp +++ b/manifests/storeconfigs.pp @@ -20,7 +20,7 @@ case $dbadapter { 'sqlite3': { - include puppet::storeconfig::sqlite + include puppet::storeconfigs::sqlite } 'mysql': { class { From ae90ca45a9c8f518afb76405d50df4cb08d2d45b Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Tue, 16 Aug 2011 13:46:54 -0700 Subject: [PATCH 34/37] Declare activerecord Activerecord is necessary for storeconfigs, and version 2.2.2 is compatible with ruby 1.8.5 and CentOS 5. --- manifests/storeconfigs.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/storeconfigs.pp b/manifests/storeconfigs.pp index cb32d78a3..479f3163c 100644 --- a/manifests/storeconfigs.pp +++ b/manifests/storeconfigs.pp @@ -18,6 +18,13 @@ $dbsocket ) { + # This version of activerecord works with Ruby 1.8.5 and Centos 5. + # This ensure should be fixed. + package {'activerecord': + ensure => '2.2.2', + provider => gem, + } + case $dbadapter { 'sqlite3': { include puppet::storeconfigs::sqlite From 2f89b3b43892938e0319299ae5437e928b148ac8 Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Tue, 16 Aug 2011 13:47:57 -0700 Subject: [PATCH 35/37] Convert tabs to spaces in templates This will align our puppet.conf templates. --- templates/puppet.conf-common.erb | 24 +++++++++---------- templates/puppet.conf-master-storeconfigs.erb | 14 +++++------ 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/templates/puppet.conf-common.erb b/templates/puppet.conf-common.erb index 9528b0b4f..725f57e49 100644 --- a/templates/puppet.conf-common.erb +++ b/templates/puppet.conf-common.erb @@ -1,17 +1,17 @@ [main] -server = <%= puppet_server %> -logdir = <%= puppet_logdir %> -vardir = <%= puppet_vardir %> -ssldir = <%= puppet_ssldir %> -rundir = /var/run/puppet -factpath = $vardir/lib/facter -pluginsync = true -templatedir = $confdir/templates +server = <%= puppet_server %> +logdir = <%= puppet_logdir %> +vardir = <%= puppet_vardir %> +ssldir = <%= puppet_ssldir %> +rundir = /var/run/puppet +factpath = $vardir/lib/facter +pluginsync = true +templatedir = $confdir/templates <% if operatingsystem == "Ubuntu" %> -prerun_command = /etc/puppet/etckeeper-commit-pre -postrun_command = /etc/puppet/etckeeper-commit-post +prerun_command = /etc/puppet/etckeeper-commit-pre +postrun_command = /etc/puppet/etckeeper-commit-post <% end %> [agent] -report = true -environment = production +report = true +environment = production diff --git a/templates/puppet.conf-master-storeconfigs.erb b/templates/puppet.conf-master-storeconfigs.erb index a477dedfb..2a719c520 100644 --- a/templates/puppet.conf-master-storeconfigs.erb +++ b/templates/puppet.conf-master-storeconfigs.erb @@ -1,7 +1,7 @@ -storeconfigs = <%= storeconfigs %> -dbadapter = <%= dbadapter %> -dbuser = <%= dbuser %> -dbpassword = <%= dbpassword %> -dbserver = <%= dbserver %> -dbsocket = <%= dbsocket %> -dbmigrate = true +storeconfigs = <%= storeconfigs %> +dbadapter = <%= dbadapter %> +dbuser = <%= dbuser %> +dbpassword = <%= dbpassword %> +dbserver = <%= dbserver %> +dbsocket = <%= dbsocket %> +dbmigrate = true From b3d9ad78234e37acceeaa88b286b9fc46c995b4b Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Tue, 16 Aug 2011 13:48:13 -0700 Subject: [PATCH 36/37] Remove extra space in puppet.conf-master.erb --- templates/puppet.conf-master.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/puppet.conf-master.erb b/templates/puppet.conf-master.erb index 89a49bb43..925629413 100644 --- a/templates/puppet.conf-master.erb +++ b/templates/puppet.conf-master.erb @@ -9,7 +9,7 @@ ssl_client_verify_header = SSL_CLIENT_VERIFY certname = <%= certname %> report = true reports = store, http -<% if dashboard_port != 'UNSET' %> +<% if dashboard_port != 'UNSET' -%> reporturl = http://<%= puppet_site %>:<%= dashboard_port %>/reports <% else -%> reporturl = http://<%= puppet_site %>/reports From 431e63365a1c45ced546e90fa1900cca64566bac Mon Sep 17 00:00:00 2001 From: Gary Larizza Date: Tue, 16 Aug 2011 14:10:03 -0700 Subject: [PATCH 37/37] Ensure concat::fragment['puppet.conf-common'] If you declare the master class but not the agent class, the puppet.conf-common concat fragment was not being declared. This commit checks to see if it's not defined - if it isn't, it will declare it for you. --- manifests/master.pp | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/manifests/master.pp b/manifests/master.pp index 6cd5ae633..0a9e3dafa 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -187,6 +187,14 @@ } } + if ! defined(Concat::Fragment['puppet.conf-common']) { + concat::fragment { 'puppet.conf-common': + order => '00', + target => $puppet_conf, + content => template("puppet/puppet.conf-common.erb"), + } + } + file { $puppet_vardir: ensure => directory, recurse => true,