pupistry 0.0.12 → 0.0.13
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +56 -2
- data/bin/pupistry +4 -0
- data/lib/pupistry/artifact.rb +1 -0
- data/lib/pupistry/config.rb +1 -0
- data/resources/aws/README_AWS.md +76 -0
- data/resources/aws/cfn_pupistry_bucket_and_iam.template +177 -0
- data/resources/bootstrap/BOOTSTRAP_NOTES.md +38 -0
- data/resources/bootstrap/amazon-any.erb +44 -0
- data/resources/bootstrap/centos-7.erb +40 -0
- data/resources/bootstrap/debian-7.erb +41 -0
- data/resources/bootstrap/debian-8.erb +41 -0
- data/resources/bootstrap/fedora-any.erb +42 -0
- data/resources/bootstrap/freebsd-10.erb +41 -0
- data/resources/bootstrap/ubuntu-14.04.erb +41 -0
- metadata +12 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d6aef4225635815e466f5014722f365982a3652a
|
4
|
+
data.tar.gz: f388761170a210c40011fea91a2f765702af9c00
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 71c7b1162a505865fea30f22699c366cf2843751709b4c1d678b1056068863127cf40a81e16baffa1f798d8af8a3a070923e43a1df0eeb3b076acee4e781878c
|
7
|
+
data.tar.gz: 102bb7f0fc67e1217f1e83586e9a5b0f5c71cd9a15cb58cffc2efd6834ee990be582d407080d5d739e6276ba0d82876edea83445048319d0a87a5acca63bff05
|
data/README.md
CHANGED
@@ -214,6 +214,9 @@ Alternatively if you like living on the edge, download this repository and run:
|
|
214
214
|
gem install pupistry-VERSION.gem
|
215
215
|
pupistry setup
|
216
216
|
|
217
|
+
Pupistry will write an example config file into `~/.pupistry/settings.yaml` for
|
218
|
+
you.
|
219
|
+
|
217
220
|
|
218
221
|
## 2. S3 Bucket
|
219
222
|
|
@@ -230,7 +233,57 @@ workstation should be permitted to write new artifacts. IE, don't share your
|
|
230
233
|
AWS root account around the place. :-)
|
231
234
|
|
232
235
|
Note that if you're running EC2 instances and using IAM roles, you can avoid
|
233
|
-
needing to create explicit IAM credentials for the agents/servers
|
236
|
+
needing to create explicit IAM credentials for the agents/servers, as long as
|
237
|
+
you include read access to the Pupistry S3 bucket in the IAM roles for all
|
238
|
+
servers that will be running it.
|
239
|
+
|
240
|
+
|
241
|
+
If you're new to AWS, we've made your life easy - there's an AWS CloudFormation
|
242
|
+
template included with Pupistry that will build an S3 bucket and two IAM user
|
243
|
+
accounts for you with sensible default policies.
|
244
|
+
|
245
|
+
Just make sure you have a working `aws` command - that's the Python CLI issued
|
246
|
+
by AWS themselves setup instructions can be found at:
|
247
|
+
http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-set-up.html
|
248
|
+
|
249
|
+
Provided that you've setup `aws` correctly and have full permissions to your
|
250
|
+
account, you can now build your S3 bucket and IAM users with:
|
251
|
+
|
252
|
+
wget https://raw.githubusercontent.com/jethrocarr/pupistry/master/resources/aws/cfn_pupistry_bucket_and_iam.template
|
253
|
+
|
254
|
+
aws cloudformation create-stack \
|
255
|
+
--capabilities CAPABILITY_IAM \
|
256
|
+
--template-body file://cfn_pupistry_bucket_and_iam.template \
|
257
|
+
--stack-name pupistry-resources-changeme
|
258
|
+
|
259
|
+
It is *very important* that you change the stack name to something globally
|
260
|
+
unique, or the stack will fail to build.
|
261
|
+
|
262
|
+
It may take 30 seconds or so to build, you can check for completion (or for an
|
263
|
+
error) with:
|
264
|
+
|
265
|
+
aws cloudformation describe-stacks --query "Stacks[*].StackStatus" --stack-name pupistry-resources-changeme
|
266
|
+
|
267
|
+
Once status is CREATE_COMPLETE, you can get all the outputs from the stack with:
|
268
|
+
|
269
|
+
aws cloudformation describe-stacks --query "Stacks[*].Outputs[*]" --stack-name pupistry-resources
|
270
|
+
|
271
|
+
You now need to edit `~/.pupistry/settings.yaml` and enter in the equalivent
|
272
|
+
OutputValue for the following labels:
|
273
|
+
|
274
|
+
general:
|
275
|
+
s3_bucket: S3Bucket
|
276
|
+
...
|
277
|
+
agent:
|
278
|
+
access_key_id: AgentAccessKeyId
|
279
|
+
secret_access_key: AgentSecretKeyID
|
280
|
+
region: S3Region
|
281
|
+
...
|
282
|
+
build:
|
283
|
+
access_key_id: BuildAccessKeyId
|
284
|
+
secret_access_key: BuildSecretKeyID
|
285
|
+
region: S3Region
|
286
|
+
...
|
234
287
|
|
235
288
|
|
236
289
|
|
@@ -481,7 +534,8 @@ If you find a bug or need support, please use the issue tracker rather than
|
|
481
534
|
personal emails to the author.
|
482
535
|
|
483
536
|
Feel free to grep the source for "TODO" comments on various tasks that
|
484
|
-
need doing
|
537
|
+
need doing, or check out the issuer tracker for interesting issues to
|
538
|
+
tackle.
|
485
539
|
|
486
540
|
|
487
541
|
|
data/bin/pupistry
CHANGED
@@ -267,6 +267,10 @@ class CLI < Thor
|
|
267
267
|
|
268
268
|
config_dest = File.expand_path config_dest
|
269
269
|
|
270
|
+
# Make sure the directory exists
|
271
|
+
unless Dir.exists?(File.dirname(config_dest))
|
272
|
+
FileUtils.mkdir_p(File.dirname(config_dest))
|
273
|
+
end
|
270
274
|
|
271
275
|
# Does a local template exist?
|
272
276
|
if File.exists?("#{Dir.pwd}/settings.example.yaml")
|
data/lib/pupistry/artifact.rb
CHANGED
data/lib/pupistry/config.rb
CHANGED
@@ -27,6 +27,7 @@ module Pupistry
|
|
27
27
|
unless Dir.exists?($config["general"]["app_cache"])
|
28
28
|
begin
|
29
29
|
FileUtils.mkdir_p($config["general"]["app_cache"])
|
30
|
+
FileUtils.chmod(0700, $config["general"]["app_cache"]) # Generally only the user running Pupistry should have access
|
30
31
|
rescue Exception => e
|
31
32
|
$logger.fatal "Unable to create cache directory at \"#{$config["general"]["app_cache"]}\"."
|
32
33
|
raise e
|
@@ -0,0 +1,76 @@
|
|
1
|
+
# AWS Resources
|
2
|
+
|
3
|
+
This directory contains resources for use with AWS and Pupistry
|
4
|
+
|
5
|
+
|
6
|
+
## cfn_pupistry_bucket_and_iam.template
|
7
|
+
|
8
|
+
This is an template that can build an S3 bucket plus two IAM accounts, one for
|
9
|
+
the Pupistry build host and another for the hosts running Pupistry itself and
|
10
|
+
needing read access to the bucket.
|
11
|
+
|
12
|
+
It's a perfectly functional stack which is parameterised so you can simply
|
13
|
+
enter your specific details (like desired bucket name) and it will go and build
|
14
|
+
a complete setup of the AWS resources needed for using Pupistry that is
|
15
|
+
suitable for most end users.
|
16
|
+
|
17
|
+
Altneratively if you have complex requirements, feel free to incorporate the
|
18
|
+
ideas and examples of this stack into your own design.
|
19
|
+
|
20
|
+
Building the stack (simple):
|
21
|
+
|
22
|
+
aws cloudformation create-stack \
|
23
|
+
--capabilities CAPABILITY_IAM \
|
24
|
+
--template-body file://cfn_pupistry_bucket_and_iam.template \
|
25
|
+
--stack-name pupistry-resources
|
26
|
+
|
27
|
+
|
28
|
+
Building the stack and setting specific parameter values
|
29
|
+
|
30
|
+
aws cloudformation create-stack \
|
31
|
+
--capabilities CAPABILITY_IAM \
|
32
|
+
--template-body file://cfn_pupistry_bucket_and_iam.template \
|
33
|
+
--stack-name pupistry-resources \
|
34
|
+
--parameters \
|
35
|
+
ParameterKey=S3BucketName,ParameterValue=pupistry-example-bucket \
|
36
|
+
ParameterKey=S3BucketArchive,ParameterValue=30 \
|
37
|
+
ParameterKey=S3BucketPurge,ParameterValue=60
|
38
|
+
|
39
|
+
|
40
|
+
|
41
|
+
Make sure the stack has finished building/is built:
|
42
|
+
|
43
|
+
aws cloudformation describe-stacks --query "Stacks[*].StackStatus" --stack-name pupistry-resources
|
44
|
+
|
45
|
+
Status should be "COMPLETE", if it is set to "ROLLBACK" then it has failed to
|
46
|
+
build. If set to "CREATE_IN_PROGRESS" then you need to give it more time.
|
47
|
+
|
48
|
+
|
49
|
+
Fetching details from the stack:
|
50
|
+
|
51
|
+
aws cloudformation describe-stacks --query "Stacks[*].Outputs[*]" --stack-name pupistry-resources
|
52
|
+
|
53
|
+
Deleting the stack:
|
54
|
+
|
55
|
+
aws cloudformation delete-stack --stack-name PupistryResources
|
56
|
+
|
57
|
+
Note that if the S3 bucket is not empty (ie you've used it for Pupistry
|
58
|
+
artifacts) then it will fail to delete. Make sure you delete all items from
|
59
|
+
the S3 bucket first, then delete the stack. This is generally considered a
|
60
|
+
useful safety feature. ;-)
|
61
|
+
|
62
|
+
|
63
|
+
## Developer Notes
|
64
|
+
|
65
|
+
CloudFormation is an awesome and powerful tool, but it can be annoying to
|
66
|
+
work with thanks to everything being written in the rather picky JSON format.
|
67
|
+
|
68
|
+
When writing CFN files, you can validate the templates with:
|
69
|
+
|
70
|
+
aws cloudformation validate-template --template-body file://filename.template
|
71
|
+
|
72
|
+
|
73
|
+
It can often be easier to debug why stacks failed to build with the AWS web
|
74
|
+
console due to better UI than reading JSON event output on the CLI.
|
75
|
+
|
76
|
+
|
@@ -0,0 +1,177 @@
|
|
1
|
+
{
|
2
|
+
"AWSTemplateFormatVersion" : "2010-09-09",
|
3
|
+
|
4
|
+
"Description" : "Pupistry S3 bucket and IAM users for both read (servers) and write (build workstation) roles. Note that deleting the stack will fail if the bucket is not empty.",
|
5
|
+
|
6
|
+
"Parameters" : {
|
7
|
+
"S3BucketName": {
|
8
|
+
"Type": "String",
|
9
|
+
"Description" : "Globally unique name of the S3 bucket to create",
|
10
|
+
"Default" : "AWS::StackName"
|
11
|
+
},
|
12
|
+
"S3BucketArchive": {
|
13
|
+
"Type": "Number",
|
14
|
+
"Description" : "Archive old artifacts in the S3 bucket to Glacier after specified number of days.",
|
15
|
+
"Default" : "30"
|
16
|
+
},
|
17
|
+
"S3BucketPurge": {
|
18
|
+
"Type": "Number",
|
19
|
+
"Description" : "Permanently delete old artifacts after specified number of days.",
|
20
|
+
"Default" : "365"
|
21
|
+
}
|
22
|
+
|
23
|
+
},
|
24
|
+
|
25
|
+
"Conditions" : {
|
26
|
+
"UseStackNameForBucket" : {
|
27
|
+
"Fn::Equals": [
|
28
|
+
{"Ref": "S3BucketName"},
|
29
|
+
"AWS::StackName"
|
30
|
+
]
|
31
|
+
}
|
32
|
+
},
|
33
|
+
|
34
|
+
|
35
|
+
"Resources" : {
|
36
|
+
|
37
|
+
"S3Bucket" : {
|
38
|
+
"Type" : "AWS::S3::Bucket",
|
39
|
+
"Properties" : {
|
40
|
+
"BucketName" : {
|
41
|
+
"Fn::If" : [
|
42
|
+
"UseStackNameForBucket",
|
43
|
+
{ "Ref" : "AWS::StackName" },
|
44
|
+
{ "Ref" : "S3BucketName" }
|
45
|
+
]
|
46
|
+
},
|
47
|
+
"AccessControl" : "Private",
|
48
|
+
"LifecycleConfiguration" : {
|
49
|
+
"Rules" : [{
|
50
|
+
"Status": "Enabled",
|
51
|
+
"ExpirationInDays": { "Ref" : "S3BucketPurge" },
|
52
|
+
"Transition": {
|
53
|
+
"StorageClass": "Glacier",
|
54
|
+
"TransitionInDays": { "Ref" : "S3BucketArchive" }
|
55
|
+
}
|
56
|
+
}]
|
57
|
+
}
|
58
|
+
},
|
59
|
+
"DeletionPolicy" : "Delete"
|
60
|
+
},
|
61
|
+
|
62
|
+
"IAMReadOnly" : {
|
63
|
+
"Type" : "AWS::IAM::User",
|
64
|
+
"Properties" : {
|
65
|
+
"Policies" : [{
|
66
|
+
"PolicyName" : "S3BucketReadOnly",
|
67
|
+
"PolicyDocument" : {
|
68
|
+
"Statement":[
|
69
|
+
{
|
70
|
+
"Effect":"Allow",
|
71
|
+
"Action":[
|
72
|
+
"s3:ListAllMyBuckets"
|
73
|
+
],
|
74
|
+
"Resource": [{ "Fn::Join" : ["", [ "arn:aws:s3:::", { "Ref" : "S3Bucket" } ] ] }]
|
75
|
+
},
|
76
|
+
{
|
77
|
+
"Effect":"Allow",
|
78
|
+
"Action":[
|
79
|
+
"s3:ListBucket",
|
80
|
+
"s3:GetBucketLocation"
|
81
|
+
],
|
82
|
+
"Resource": [{ "Fn::Join" : ["", [ "arn:aws:s3:::", { "Ref" : "S3Bucket" } ] ] }]
|
83
|
+
},
|
84
|
+
{
|
85
|
+
"Effect":"Allow",
|
86
|
+
"Action":[
|
87
|
+
"s3:GetObject"
|
88
|
+
],
|
89
|
+
"Resource": [{ "Fn::Join" : ["", [ "arn:aws:s3:::", { "Ref" : "S3Bucket" } , "/*" ] ] }]
|
90
|
+
}
|
91
|
+
]
|
92
|
+
}
|
93
|
+
}]
|
94
|
+
}
|
95
|
+
},
|
96
|
+
|
97
|
+
"IAMReadOnlyKeys" : {
|
98
|
+
"Type" : "AWS::IAM::AccessKey",
|
99
|
+
"Properties" : {
|
100
|
+
"UserName" : { "Ref": "IAMReadOnly" }
|
101
|
+
}
|
102
|
+
},
|
103
|
+
|
104
|
+
"IAMReadWrite" : {
|
105
|
+
"Type" : "AWS::IAM::User",
|
106
|
+
"Properties" : {
|
107
|
+
"Policies" : [{
|
108
|
+
"PolicyName" : "S3BucketReadAndAppend",
|
109
|
+
"PolicyDocument" : {
|
110
|
+
"Statement":[
|
111
|
+
{
|
112
|
+
"Effect":"Allow",
|
113
|
+
"Action":[
|
114
|
+
"s3:ListAllMyBuckets"
|
115
|
+
],
|
116
|
+
"Resource": [{ "Fn::Join" : ["", [ "arn:aws:s3:::", { "Ref" : "S3Bucket" } ] ] }]
|
117
|
+
},
|
118
|
+
{
|
119
|
+
"Effect":"Allow",
|
120
|
+
"Action":[
|
121
|
+
"s3:ListBucket",
|
122
|
+
"s3:GetBucketLocation"
|
123
|
+
],
|
124
|
+
"Resource": [{ "Fn::Join" : ["", [ "arn:aws:s3:::", { "Ref" : "S3Bucket" } ] ] }]
|
125
|
+
},
|
126
|
+
{
|
127
|
+
"Effect":"Allow",
|
128
|
+
"Action":[
|
129
|
+
"s3:PutObject",
|
130
|
+
"s3:GetObject"
|
131
|
+
],
|
132
|
+
"Resource": [{ "Fn::Join" : ["", [ "arn:aws:s3:::", { "Ref" : "S3Bucket" } , "/*" ] ] }]
|
133
|
+
}
|
134
|
+
]
|
135
|
+
}
|
136
|
+
}]
|
137
|
+
}
|
138
|
+
},
|
139
|
+
|
140
|
+
"IAMReadWriteKeys" : {
|
141
|
+
"Type" : "AWS::IAM::AccessKey",
|
142
|
+
"Properties" : {
|
143
|
+
"UserName" : { "Ref": "IAMReadWrite" }
|
144
|
+
}
|
145
|
+
}
|
146
|
+
|
147
|
+
|
148
|
+
},
|
149
|
+
|
150
|
+
"Outputs" : {
|
151
|
+
"S3Region" : {
|
152
|
+
"Value" : { "Ref" : "AWS::Region" },
|
153
|
+
"Description" : "Region where the S3 bucket is located."
|
154
|
+
},
|
155
|
+
"S3Bucket" : {
|
156
|
+
"Value" : { "Ref" : "S3Bucket" },
|
157
|
+
"Description" : "Name of the S3 bucket for Pupistry artifacts"
|
158
|
+
},
|
159
|
+
"AgentAccessKeyId" : {
|
160
|
+
"Value" : { "Ref" : "IAMReadOnlyKeys" },
|
161
|
+
"Description" : "AWSAccessKeyId of the read-only IAM user account for use by agents."
|
162
|
+
},
|
163
|
+
"AgentSecretKeyID" : {
|
164
|
+
"Value" : { "Fn::GetAtt" : ["IAMReadOnlyKeys", "SecretAccessKey"] },
|
165
|
+
"Description" : "AWSSecretAccessKey of the read-only IAM user account for use by agents."
|
166
|
+
},
|
167
|
+
"BuildAccessKeyId" : {
|
168
|
+
"Value" : { "Ref" : "IAMReadWriteKeys" },
|
169
|
+
"Description" : "AWSAccessKeyId of the read-write (append-only) IAM user account for use by build workstations."
|
170
|
+
},
|
171
|
+
"BuildSecretKeyID" : {
|
172
|
+
"Value" : { "Fn::GetAtt" : ["IAMReadWriteKeys", "SecretAccessKey"] },
|
173
|
+
"Description" : "AWSSecretAccessKey of the read-write (append-only) IAM user account for use by build workstations."
|
174
|
+
}
|
175
|
+
|
176
|
+
}
|
177
|
+
}
|
@@ -0,0 +1,38 @@
|
|
1
|
+
# Bootstrap Scripts
|
2
|
+
|
3
|
+
Additional bootstrap scripts for major platforms are always welcome. Please
|
4
|
+
submit a pull request for review and if acceptable, will be merged.
|
5
|
+
|
6
|
+
|
7
|
+
# Development Guide Lines
|
8
|
+
|
9
|
+
DO:
|
10
|
+
|
11
|
+
* Install Puppet from the most OS-native source possible - either distribution repos, or Puppetlab's repos.
|
12
|
+
* Install Pupistry from the most OS-native source - either distribution repos, or rubygems.
|
13
|
+
* Install the latest OS updates for the platform - not all users will want this, but we should provide a good default security example.
|
14
|
+
* Wrap the user data in a Bash subshell & log all output to syslog - most systems are headless and it's very useful for debug. Also remember to log the commands being run themselves (`#!/bin/bash -x` will do this for you).
|
15
|
+
* Test the script both in cut & paste into your distro, but also via the user-data field of a major provider like AWS or Digital Ocean. Sometimes interesting bugs show up like user-data being run before networking is ready, or some distributions not defining key environmentals when running user data.
|
16
|
+
|
17
|
+
DON'T:
|
18
|
+
|
19
|
+
* Use third party respositories or download sites, it needs to be stock vendor OS and packages.
|
20
|
+
* Execute code from third party sites (eg no wget http://example.com/malware/myscript.sh)
|
21
|
+
* Tie user data to any particular cloud provider unless unavoidable for that platform.
|
22
|
+
* Make the script any more complex than it needs to be.
|
23
|
+
|
24
|
+
|
25
|
+
# Examples
|
26
|
+
|
27
|
+
See the "centos-7" or "ubuntu-14.04" templates for examples on how the bootstrap
|
28
|
+
templates should be written. The "fedora-any" template also shows an example of
|
29
|
+
dealing with networking not being ready and also how to handle frequently
|
30
|
+
changing distribution versions.
|
31
|
+
|
32
|
+
|
33
|
+
# Life Span
|
34
|
+
|
35
|
+
Any distribution that is EOL and no longer supported by either the distribution
|
36
|
+
or by Puppetlabs will be subject to removal to keep the bootstrap selection
|
37
|
+
modern and clean. Pull requests to clean up cruft are accepted.
|
38
|
+
|
@@ -0,0 +1,44 @@
|
|
1
|
+
#!/bin/bash -x
|
2
|
+
# This bootstrap is specifcially for Amazon's Linux AMIs, if you are using
|
3
|
+
# other distributions like Ubuntu or CentOS on AWS, use those bootstrap
|
4
|
+
# templates.
|
5
|
+
#
|
6
|
+
# Amazon Linux is based on RHEL, but has a lot more variations that other
|
7
|
+
# clones like CentOS, such as shipping with multiple versions of Puppet
|
8
|
+
# and Ruby - which is useful, but can also make life.... interesting.
|
9
|
+
(
|
10
|
+
exec 1> >(logger -s -t user-data) 2>&1
|
11
|
+
|
12
|
+
export PATH=$PATH:/usr/local/bin
|
13
|
+
|
14
|
+
yum update --assumeyes
|
15
|
+
yum install --assumeyes puppet3 ruby-devel rubygems gcc zlib-devel libxml2-devel patch gnupg2
|
16
|
+
|
17
|
+
# Not sure why this doesn't get pulled down properly, maybe it's core and
|
18
|
+
# Amazon didn't package it properly? Need it for Thor which is used by Pupistry
|
19
|
+
gem install io-console
|
20
|
+
|
21
|
+
gem install pupistry
|
22
|
+
mkdir -p /etc/pupistry
|
23
|
+
mkdir -p <%= puppetcode %>
|
24
|
+
cat > /etc/pupistry/settings.yaml << "EOF"
|
25
|
+
general:
|
26
|
+
app_cache: ~/.pupistry/cache
|
27
|
+
s3_bucket: <%= s3_bucket %>
|
28
|
+
s3_prefix: <%= s3_prefix %>
|
29
|
+
gpg_disable: <%= gpg_disable %>
|
30
|
+
gpg_signing_key: <%= gpg_signing_key %>
|
31
|
+
agent:
|
32
|
+
puppetcode: <%= puppetcode %>
|
33
|
+
access_key_id: <%= access_key_id %>
|
34
|
+
secret_access_key: <%= secret_access_key %>
|
35
|
+
region: <%= region %>
|
36
|
+
proxy_uri: <%= proxy_uri %>
|
37
|
+
daemon_frequency: <%= daemon_frequency %>
|
38
|
+
daemon_minimal: <%= daemon_minimal %>
|
39
|
+
EOF
|
40
|
+
chmod 700 /etc/pupistry/settings.yaml
|
41
|
+
chmod 700 <%= puppetcode %>
|
42
|
+
pupistry apply --verbose
|
43
|
+
|
44
|
+
)
|
@@ -0,0 +1,40 @@
|
|
1
|
+
#!/bin/bash -x
|
2
|
+
# Bootstrap for CentOS 7 and maybe other EL-derived platforms.
|
3
|
+
#
|
4
|
+
# Note: Amusingly doesn't actually work on RHEL itself, since ruby-devel
|
5
|
+
# does not seem to exist on it :-/ If you actually care about RHEL
|
6
|
+
# itself, I'll happily accept a pull request that does whatever is
|
7
|
+
# needed to fix ruby-devel on RHEL.
|
8
|
+
#
|
9
|
+
(
|
10
|
+
exec 1> >(logger -s -t user-data) 2>&1
|
11
|
+
|
12
|
+
rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
|
13
|
+
|
14
|
+
yum update --assumeyes
|
15
|
+
yum install --assumeyes puppet ruby-devel rubygems gcc zlib-devel libxml2-devel patch gnupg2
|
16
|
+
|
17
|
+
gem install pupistry
|
18
|
+
mkdir -p /etc/pupistry
|
19
|
+
mkdir -p <%= puppetcode %>
|
20
|
+
cat > /etc/pupistry/settings.yaml << "EOF"
|
21
|
+
general:
|
22
|
+
app_cache: ~/.pupistry/cache
|
23
|
+
s3_bucket: <%= s3_bucket %>
|
24
|
+
s3_prefix: <%= s3_prefix %>
|
25
|
+
gpg_disable: <%= gpg_disable %>
|
26
|
+
gpg_signing_key: <%= gpg_signing_key %>
|
27
|
+
agent:
|
28
|
+
puppetcode: <%= puppetcode %>
|
29
|
+
access_key_id: <%= access_key_id %>
|
30
|
+
secret_access_key: <%= secret_access_key %>
|
31
|
+
region: <%= region %>
|
32
|
+
proxy_uri: <%= proxy_uri %>
|
33
|
+
daemon_frequency: <%= daemon_frequency %>
|
34
|
+
daemon_minimal: <%= daemon_minimal %>
|
35
|
+
EOF
|
36
|
+
chmod 700 /etc/pupistry/settings.yaml
|
37
|
+
chmod 700 <%= puppetcode %>
|
38
|
+
pupistry apply --verbose
|
39
|
+
|
40
|
+
)
|
@@ -0,0 +1,41 @@
|
|
1
|
+
#!/bin/bash -x
|
2
|
+
# Bootstrap for Debian 7 stable (Wheezy)
|
3
|
+
# It will *probably* work with other Debian versions supported by Puppetlabs.
|
4
|
+
# It *might* work with other Debian or Ubuntu derived systems.
|
5
|
+
(
|
6
|
+
exec 1> >(logger -s -t user-data) 2>&1
|
7
|
+
|
8
|
+
wget -O /tmp/puppetlabs-release.deb https://apt.puppetlabs.com/puppetlabs-release-`lsb_release -sc`.deb
|
9
|
+
dpkg -i /tmp/puppetlabs-release.deb
|
10
|
+
|
11
|
+
export DEBIAN_FRONTEND=noninteractive
|
12
|
+
|
13
|
+
apt-get update
|
14
|
+
apt-get -y upgrade
|
15
|
+
|
16
|
+
apt-get install -y puppet ruby ruby-dev zlib1g-dev libxml2-dev gcc make patch gnupg2
|
17
|
+
|
18
|
+
gem install pupistry
|
19
|
+
mkdir -p /etc/pupistry
|
20
|
+
mkdir -p <%= puppetcode %>
|
21
|
+
cat > /etc/pupistry/settings.yaml << "EOF"
|
22
|
+
general:
|
23
|
+
app_cache: ~/.pupistry/cache
|
24
|
+
s3_bucket: <%= s3_bucket %>
|
25
|
+
s3_prefix: <%= s3_prefix %>
|
26
|
+
gpg_disable: <%= gpg_disable %>
|
27
|
+
gpg_signing_key: <%= gpg_signing_key %>
|
28
|
+
agent:
|
29
|
+
puppetcode: <%= puppetcode %>
|
30
|
+
access_key_id: <%= access_key_id %>
|
31
|
+
secret_access_key: <%= secret_access_key %>
|
32
|
+
region: <%= region %>
|
33
|
+
proxy_uri: <%= proxy_uri %>
|
34
|
+
daemon_frequency: <%= daemon_frequency %>
|
35
|
+
daemon_minimal: <%= daemon_minimal %>
|
36
|
+
EOF
|
37
|
+
chmod 700 /etc/pupistry/settings.yaml
|
38
|
+
chmod 700 <%= puppetcode %>
|
39
|
+
pupistry apply --verbose
|
40
|
+
|
41
|
+
)
|
@@ -0,0 +1,41 @@
|
|
1
|
+
#!/bin/bash -x
|
2
|
+
# Bootstrap for Debian 8 stable (Jessie)
|
3
|
+
# It will *probably* work with other Debian versions supported by Puppetlabs.
|
4
|
+
# It *might* work with other Debian or Ubuntu derived systems.
|
5
|
+
(
|
6
|
+
exec 1> >(logger -s -t user-data) 2>&1
|
7
|
+
|
8
|
+
wget -O /tmp/puppetlabs-release.deb https://apt.puppetlabs.com/puppetlabs-release-`lsb_release -sc`.deb
|
9
|
+
dpkg -i /tmp/puppetlabs-release.deb
|
10
|
+
|
11
|
+
export DEBIAN_FRONTEND=noninteractive
|
12
|
+
|
13
|
+
apt-get update
|
14
|
+
apt-get -y upgrade
|
15
|
+
|
16
|
+
apt-get install -y puppet ruby ruby-dev zlib1g-dev libxml2-dev gcc make patch gnupg2
|
17
|
+
|
18
|
+
gem install pupistry
|
19
|
+
mkdir -p /etc/pupistry
|
20
|
+
mkdir -p <%= puppetcode %>
|
21
|
+
cat > /etc/pupistry/settings.yaml << "EOF"
|
22
|
+
general:
|
23
|
+
app_cache: ~/.pupistry/cache
|
24
|
+
s3_bucket: <%= s3_bucket %>
|
25
|
+
s3_prefix: <%= s3_prefix %>
|
26
|
+
gpg_disable: <%= gpg_disable %>
|
27
|
+
gpg_signing_key: <%= gpg_signing_key %>
|
28
|
+
agent:
|
29
|
+
puppetcode: <%= puppetcode %>
|
30
|
+
access_key_id: <%= access_key_id %>
|
31
|
+
secret_access_key: <%= secret_access_key %>
|
32
|
+
region: <%= region %>
|
33
|
+
proxy_uri: <%= proxy_uri %>
|
34
|
+
daemon_frequency: <%= daemon_frequency %>
|
35
|
+
daemon_minimal: <%= daemon_minimal %>
|
36
|
+
EOF
|
37
|
+
chmod 700 /etc/pupistry/settings.yaml
|
38
|
+
chmod 700 <%= puppetcode %>
|
39
|
+
pupistry apply --verbose
|
40
|
+
|
41
|
+
)
|
@@ -0,0 +1,42 @@
|
|
1
|
+
#!/bin/bash -x
|
2
|
+
# Bootstrap for Fedora, generally made to be compatible with any version to
|
3
|
+
# keep up with the rapid rate of Fedora releases. We don't bother trying to
|
4
|
+
# support any version of Fedora older than the current release due to the
|
5
|
+
# 6 month EOL.
|
6
|
+
(
|
7
|
+
# No need for logger with Fedora, cloud-init logs all the user-data output.
|
8
|
+
|
9
|
+
# Sometimes Fedora runs user-data before networking is ready, so we should
|
10
|
+
# make sure the network is ready before starting to try and downlod stuff!
|
11
|
+
t=300; c=0; r=0; until ping -c 1 www.google.com >/dev/null 2>&1 || ((++c >= t)); do r=$?; echo "Waiting for network... ($r)"; done
|
12
|
+
|
13
|
+
yum install --assumeyes redhat-lsb-core
|
14
|
+
rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-fedora-`lsb_release -sr`.noarch.rpm
|
15
|
+
|
16
|
+
yum update --assumeyes
|
17
|
+
yum install --assumeyes puppet ruby-devel rubygems gcc zlib-devel libxml2-devel patch gnupg2
|
18
|
+
|
19
|
+
gem install pupistry
|
20
|
+
mkdir -p /etc/pupistry
|
21
|
+
mkdir -p <%= puppetcode %>
|
22
|
+
cat > /etc/pupistry/settings.yaml << "EOF"
|
23
|
+
general:
|
24
|
+
app_cache: ~/.pupistry/cache
|
25
|
+
s3_bucket: <%= s3_bucket %>
|
26
|
+
s3_prefix: <%= s3_prefix %>
|
27
|
+
gpg_disable: <%= gpg_disable %>
|
28
|
+
gpg_signing_key: <%= gpg_signing_key %>
|
29
|
+
agent:
|
30
|
+
puppetcode: <%= puppetcode %>
|
31
|
+
access_key_id: <%= access_key_id %>
|
32
|
+
secret_access_key: <%= secret_access_key %>
|
33
|
+
region: <%= region %>
|
34
|
+
proxy_uri: <%= proxy_uri %>
|
35
|
+
daemon_frequency: <%= daemon_frequency %>
|
36
|
+
daemon_minimal: <%= daemon_minimal %>
|
37
|
+
EOF
|
38
|
+
chmod 700 /etc/pupistry/settings.yaml
|
39
|
+
chmod 700 <%= puppetcode %>
|
40
|
+
pupistry apply --verbose
|
41
|
+
|
42
|
+
)
|
@@ -0,0 +1,41 @@
|
|
1
|
+
#!/bin/tcsh -x
|
2
|
+
# This bootstrap is for FreeBSD 10.x which has most of the same principals of
|
3
|
+
# Linux, but we have had to make some variations to account for tcsh weirdness
|
4
|
+
# vs the general behavior we expect from bash on Linux distributions
|
5
|
+
|
6
|
+
# Known Issues:
|
7
|
+
# * AWS and Digital Ocean issues:
|
8
|
+
# http://www.jethrocarr.com/2015/04/19/freebsd-in-the-cloud/
|
9
|
+
# * Puppet and PkgNg issues:
|
10
|
+
# https://www.jethrocarr.com/2015/04/22/puppet-3-and-4-on-freebsd/
|
11
|
+
# * tcsh makes capturing all the output to syslog difficult, so we don't do it.
|
12
|
+
# * We can't rely on Bash, since it's not available in FreeBSD by default.
|
13
|
+
#
|
14
|
+
|
15
|
+
env ASSUME_ALWAYS_YES=YES pkg bootstrap
|
16
|
+
env ASSUME_ALWAYS_YES=YES pkg upgrade --yes
|
17
|
+
env ASSUME_ALWAYS_YES=YES pkg install --yes ruby devel/ruby-gems puppet gnupg
|
18
|
+
|
19
|
+
/usr/local/bin/gem install pupistry
|
20
|
+
mkdir -p /usr/local/etc/pupistry
|
21
|
+
mkdir -p /usr/local/etc/puppetlabs/code/environments
|
22
|
+
cat > /usr/local/etc/pupistry/settings.yaml << EOF
|
23
|
+
general:
|
24
|
+
app_cache: ~/.pupistry/cache
|
25
|
+
s3_bucket: <%= s3_bucket %>
|
26
|
+
s3_prefix: <%= s3_prefix %>
|
27
|
+
gpg_disable: <%= gpg_disable %>
|
28
|
+
gpg_signing_key: <%= gpg_signing_key %>
|
29
|
+
agent:
|
30
|
+
puppetcode: /usr/local/etc/puppetlabs/code/environments
|
31
|
+
access_key_id: <%= access_key_id %>
|
32
|
+
secret_access_key: <%= secret_access_key %>
|
33
|
+
region: <%= region %>
|
34
|
+
proxy_uri: <%= proxy_uri %>
|
35
|
+
daemon_frequency: <%= daemon_frequency %>
|
36
|
+
daemon_minimal: <%= daemon_minimal %>
|
37
|
+
EOF
|
38
|
+
chmod 700 /usr/local/etc/pupistry
|
39
|
+
chmod 700 /usr/local/etc/puppetlabs/code/environments
|
40
|
+
pupistry apply --verbose
|
41
|
+
|
@@ -0,0 +1,41 @@
|
|
1
|
+
#!/bin/bash -x
|
2
|
+
# Bootstrap for Ubuntu 14.04 LTS (Trusty)
|
3
|
+
# It will *probably* work with other Ubuntu versions supported by Puppetlabs.
|
4
|
+
# It *might* work with other Ubuntu or Debian derived systems.
|
5
|
+
(
|
6
|
+
exec 1> >(logger -s -t user-data) 2>&1
|
7
|
+
|
8
|
+
wget -O /tmp/puppetlabs-release.deb https://apt.puppetlabs.com/puppetlabs-release-`lsb_release -sc`.deb
|
9
|
+
dpkg -i /tmp/puppetlabs-release.deb
|
10
|
+
|
11
|
+
export DEBIAN_FRONTEND=noninteractive
|
12
|
+
|
13
|
+
apt-get update
|
14
|
+
apt-get -y upgrade
|
15
|
+
|
16
|
+
apt-get install -y puppet ruby ruby-dev zlib1g-dev libxml2-dev gcc make patch gnupg2
|
17
|
+
|
18
|
+
gem install pupistry
|
19
|
+
mkdir -p /etc/pupistry
|
20
|
+
mkdir -p <%= puppetcode %>
|
21
|
+
cat > /etc/pupistry/settings.yaml << "EOF"
|
22
|
+
general:
|
23
|
+
app_cache: ~/.pupistry/cache
|
24
|
+
s3_bucket: <%= s3_bucket %>
|
25
|
+
s3_prefix: <%= s3_prefix %>
|
26
|
+
gpg_disable: <%= gpg_disable %>
|
27
|
+
gpg_signing_key: <%= gpg_signing_key %>
|
28
|
+
agent:
|
29
|
+
puppetcode: <%= puppetcode %>
|
30
|
+
access_key_id: <%= access_key_id %>
|
31
|
+
secret_access_key: <%= secret_access_key %>
|
32
|
+
region: <%= region %>
|
33
|
+
proxy_uri: <%= proxy_uri %>
|
34
|
+
daemon_frequency: <%= daemon_frequency %>
|
35
|
+
daemon_minimal: <%= daemon_minimal %>
|
36
|
+
EOF
|
37
|
+
chmod 700 /etc/pupistry/settings.yaml
|
38
|
+
chmod 700 <%= puppetcode %>
|
39
|
+
pupistry apply --verbose
|
40
|
+
|
41
|
+
)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pupistry
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.13
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jethro Carr
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-04
|
11
|
+
date: 2015-05-04 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-v1
|
@@ -95,6 +95,16 @@ files:
|
|
95
95
|
- lib/pupistry/config.rb
|
96
96
|
- lib/pupistry/gpg.rb
|
97
97
|
- lib/pupistry/storage_aws.rb
|
98
|
+
- resources/aws/cfn_pupistry_bucket_and_iam.template
|
99
|
+
- resources/aws/README_AWS.md
|
100
|
+
- resources/bootstrap/amazon-any.erb
|
101
|
+
- resources/bootstrap/BOOTSTRAP_NOTES.md
|
102
|
+
- resources/bootstrap/centos-7.erb
|
103
|
+
- resources/bootstrap/debian-7.erb
|
104
|
+
- resources/bootstrap/debian-8.erb
|
105
|
+
- resources/bootstrap/fedora-any.erb
|
106
|
+
- resources/bootstrap/freebsd-10.erb
|
107
|
+
- resources/bootstrap/ubuntu-14.04.erb
|
98
108
|
- README.md
|
99
109
|
- settings.example.yaml
|
100
110
|
homepage: https://github.com/jethrocarr/pupistry
|