pupistry 0.0.12 → 0.0.13

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9115de292a5e3f0d311106668e5fd4bcaff4d6c9
-  data.tar.gz: f8edac31e048b92bb700fb7c39b5efb9e0842f67
+  metadata.gz: d6aef4225635815e466f5014722f365982a3652a
+  data.tar.gz: f388761170a210c40011fea91a2f765702af9c00
 SHA512:
-  metadata.gz: 1b9d62141382fe5c9e62e20f7858f6917c52c877ff8b33c9e14820b80b886538fbb267303848da5a5e6b56b1d762f3bf8ed5ddb73b58bcfb9905a9095eacbb1b
-  data.tar.gz: ff1342d57c5c5f818693fef2b343edcb73f5eb449349f492541074b017e84a145e4b1fefe0ad38193b5dff3eff3c12a5086fb2ccae5b0485a41dafcbbb644305
+  metadata.gz: 71c7b1162a505865fea30f22699c366cf2843751709b4c1d678b1056068863127cf40a81e16baffa1f798d8af8a3a070923e43a1df0eeb3b076acee4e781878c
+  data.tar.gz: 102bb7f0fc67e1217f1e83586e9a5b0f5c71cd9a15cb58cffc2efd6834ee990be582d407080d5d739e6276ba0d82876edea83445048319d0a87a5acca63bff05

data/README.md

@@ -214,6 +214,9 @@ Alternatively if you like living on the edge, download this repository and run:
     gem install pupistry-VERSION.gem
     pupistry setup
 
+Pupistry will write an example config file into `~/.pupistry/settings.yaml` for
+you.
+
 
 ## 2. S3 Bucket
 
@@ -230,7 +233,57 @@ workstation should be permitted to write new artifacts. IE, don't share your
 AWS root account around the place. :-)
 
 Note that if you're running EC2 instances and using IAM roles, you can avoid
-needing to create explicit IAM credentials for the agents/servers.
+needing to create explicit IAM credentials for the agents/servers, as long as
+you include read access to the Pupistry S3 bucket in the IAM roles for all
+servers that will be running it.
+
+
+If you're new to AWS, we've made your life easy - there's an AWS CloudFormation
+template included with Pupistry that will build an S3 bucket and two IAM user
+accounts for you with sensible default policies.
+
+Just make sure you have a working `aws` command - that's the Python CLI issued
+by AWS themselves setup instructions can be found at:
+http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-set-up.html
+
+Provided that you've setup `aws` correctly and have full permissions to your
+account, you can now build your S3 bucket and IAM users with:
+
+    wget https://raw.githubusercontent.com/jethrocarr/pupistry/master/resources/aws/cfn_pupistry_bucket_and_iam.template
+
+    aws cloudformation create-stack \
+    --capabilities CAPABILITY_IAM \
+    --template-body file://cfn_pupistry_bucket_and_iam.template \
+    --stack-name pupistry-resources-changeme
+
+It is *very important* that you change the stack name to something globally
+unique, or the stack will fail to build.
+
+It may take 30 seconds or so to build, you can check for completion (or for an
+error) with:
+
+    aws cloudformation describe-stacks --query "Stacks[*].StackStatus" --stack-name pupistry-resources-changeme
+
+Once status is CREATE_COMPLETE, you can get all the outputs from the stack with:
+
+    aws cloudformation describe-stacks --query "Stacks[*].Outputs[*]" --stack-name pupistry-resources
+
+You now need to edit `~/.pupistry/settings.yaml` and enter in the equalivent
+OutputValue for the following labels:
+
+    general:
+      s3_bucket: S3Bucket
+    ...
+    agent:
+      access_key_id: AgentAccessKeyId
+      secret_access_key: AgentSecretKeyID
+      region: S3Region
+    ...
+    build:
+      access_key_id: BuildAccessKeyId
+      secret_access_key: BuildSecretKeyID
+      region: S3Region
+    ...
 
 
 
@@ -481,7 +534,8 @@ If you find a bug or need support, please use the issue tracker rather than
 personal emails to the author.
 
 Feel free to grep the source for "TODO" comments on various tasks that
-need doing.
+need doing, or check out the issuer tracker for interesting issues to
+tackle.
 
 
 

data/bin/pupistry

@@ -267,6 +267,10 @@ class CLI < Thor
     
     config_dest = File.expand_path config_dest
 
+    # Make sure the directory exists
+    unless Dir.exists?(File.dirname(config_dest))
+      FileUtils.mkdir_p(File.dirname(config_dest))
+    end
 
     # Does a local template exist?
     if File.exists?("#{Dir.pwd}/settings.example.yaml")

data/lib/pupistry/artifact.rb

@@ -488,6 +488,7 @@ module Pupistry
             FileUtils.rm_r Dir.glob($config["agent"]["puppetcode"] + "/*"), :secure => true
           else
             FileUtils.mkdir_p $config["agent"]["puppetcode"]
+            FileUtils.chmod(0700, $config["agent"]["puppetcode"])
           end
 
           return true

data/lib/pupistry/config.rb

@@ -27,6 +27,7 @@ module Pupistry
       unless Dir.exists?($config["general"]["app_cache"])
         begin
           FileUtils.mkdir_p($config["general"]["app_cache"])
+          FileUtils.chmod(0700, $config["general"]["app_cache"]) # Generally only the user running Pupistry should have access
         rescue Exception => e
           $logger.fatal "Unable to create cache directory at \"#{$config["general"]["app_cache"]}\"."
           raise e

data/resources/aws/README_AWS.md

@@ -0,0 +1,76 @@
+# AWS Resources
+
+This directory contains resources for use with AWS and Pupistry
+
+
+## cfn_pupistry_bucket_and_iam.template
+
+This is an template that can build an S3 bucket plus two IAM accounts, one for
+the Pupistry build host and another for the hosts running Pupistry itself and
+needing read access to the bucket.
+
+It's a perfectly functional stack which is parameterised so you can simply
+enter your specific details (like desired bucket name) and it will go and build
+a complete setup of the AWS resources needed for using Pupistry that is
+suitable for most end users.
+
+Altneratively if you have complex requirements, feel free to incorporate the
+ideas and examples of this stack into your own design.
+
+Building the stack (simple):
+
+    aws cloudformation create-stack \
+    --capabilities CAPABILITY_IAM \
+    --template-body file://cfn_pupistry_bucket_and_iam.template \
+    --stack-name pupistry-resources
+
+
+Building the stack and setting specific parameter values
+
+    aws cloudformation create-stack \
+    --capabilities CAPABILITY_IAM \
+    --template-body file://cfn_pupistry_bucket_and_iam.template \
+    --stack-name pupistry-resources \
+    --parameters \
+    ParameterKey=S3BucketName,ParameterValue=pupistry-example-bucket \
+    ParameterKey=S3BucketArchive,ParameterValue=30 \
+    ParameterKey=S3BucketPurge,ParameterValue=60
+
+
+
+Make sure the stack has finished building/is built:
+
+    aws cloudformation describe-stacks --query "Stacks[*].StackStatus" --stack-name pupistry-resources
+
+Status should be "COMPLETE", if it is set to "ROLLBACK" then it has failed to
+build. If set to "CREATE_IN_PROGRESS" then you need to give it more time.
+
+
+Fetching details from the stack:
+
+    aws cloudformation describe-stacks --query "Stacks[*].Outputs[*]" --stack-name pupistry-resources
+
+Deleting the stack:
+
+    aws cloudformation delete-stack --stack-name PupistryResources
+
+Note that if the S3 bucket is not empty (ie you've used it for Pupistry
+artifacts) then it will fail to delete. Make sure you delete all items from
+the S3 bucket first, then delete the stack. This is generally considered a
+useful safety feature. ;-)
+
+
+## Developer Notes
+
+CloudFormation is an awesome and powerful tool, but it can be annoying to
+work with thanks to everything being written in the rather picky JSON format.
+
+When writing CFN files, you can validate the templates with:
+
+    aws cloudformation validate-template --template-body file://filename.template
+
+
+It can often be easier to debug why stacks failed to build with the AWS web
+console due to better UI than reading JSON event output on the CLI.
+
+

data/resources/aws/cfn_pupistry_bucket_and_iam.template

@@ -0,0 +1,177 @@
+{
+  "AWSTemplateFormatVersion" : "2010-09-09",
+
+  "Description" : "Pupistry S3 bucket and IAM users for both read (servers) and write (build workstation) roles. Note that deleting the stack will fail if the bucket is not empty.",
+
+  "Parameters" : {
+    "S3BucketName": {
+      "Type": "String",
+      "Description" : "Globally unique name of the S3 bucket to create",
+      "Default" : "AWS::StackName"
+    },
+    "S3BucketArchive": {
+      "Type": "Number",
+      "Description" : "Archive old artifacts in the S3 bucket to Glacier after specified number of days.",
+      "Default" : "30"
+    },
+    "S3BucketPurge": {
+      "Type": "Number",
+      "Description" : "Permanently delete old artifacts after specified number of days.",
+      "Default" : "365"
+    }
+
+  },
+
+  "Conditions" : {
+    "UseStackNameForBucket" : {
+      "Fn::Equals": [
+        {"Ref": "S3BucketName"},
+        "AWS::StackName"
+      ]
+    }
+  },
+
+
+  "Resources" : {
+
+    "S3Bucket" : {
+      "Type" : "AWS::S3::Bucket",
+      "Properties" : {
+        "BucketName" : {
+          "Fn::If" : [
+            "UseStackNameForBucket",
+            { "Ref" : "AWS::StackName" },
+            { "Ref" : "S3BucketName" }
+          ]
+        },
+        "AccessControl" : "Private",
+        "LifecycleConfiguration" : {
+	  "Rules" : [{
+	    "Status": "Enabled",
+            "ExpirationInDays": { "Ref" : "S3BucketPurge" },
+            "Transition": {
+              "StorageClass": "Glacier",
+              "TransitionInDays": { "Ref" : "S3BucketArchive" }
+	    }
+          }]
+        }
+      },
+      "DeletionPolicy" : "Delete"
+    },
+
+    "IAMReadOnly" : {
+      "Type" : "AWS::IAM::User",
+      "Properties" : {
+        "Policies" : [{
+          "PolicyName" : "S3BucketReadOnly",
+          "PolicyDocument" : {
+             "Statement":[
+                {
+                   "Effect":"Allow",
+                   "Action":[
+                      "s3:ListAllMyBuckets"
+                   ],
+                   "Resource": [{ "Fn::Join" : ["", [ "arn:aws:s3:::", { "Ref" : "S3Bucket" } ] ] }]
+                },
+                {
+                   "Effect":"Allow",
+                   "Action":[
+                      "s3:ListBucket",
+                      "s3:GetBucketLocation"
+                   ],
+                   "Resource": [{ "Fn::Join" : ["", [ "arn:aws:s3:::", { "Ref" : "S3Bucket" } ] ] }]
+                },
+                {
+                   "Effect":"Allow",
+                   "Action":[
+                      "s3:GetObject"
+                   ],
+                   "Resource": [{ "Fn::Join" : ["", [ "arn:aws:s3:::", { "Ref" : "S3Bucket" } , "/*" ] ] }]
+                }
+             ]
+          }
+        }]
+      }
+    },
+
+    "IAMReadOnlyKeys" : {
+      "Type" : "AWS::IAM::AccessKey",
+      "Properties" : {
+        "UserName" : { "Ref": "IAMReadOnly" }
+      }
+    },
+
+    "IAMReadWrite" : {
+      "Type" : "AWS::IAM::User",
+      "Properties" : {
+        "Policies" : [{
+          "PolicyName" : "S3BucketReadAndAppend",
+          "PolicyDocument" : {
+             "Statement":[
+                {
+                   "Effect":"Allow",
+                   "Action":[
+                      "s3:ListAllMyBuckets"
+                   ],
+                   "Resource": [{ "Fn::Join" : ["", [ "arn:aws:s3:::", { "Ref" : "S3Bucket" } ] ] }]
+                },
+                {
+                   "Effect":"Allow",
+                   "Action":[
+                      "s3:ListBucket",
+                      "s3:GetBucketLocation"
+                   ],
+                   "Resource": [{ "Fn::Join" : ["", [ "arn:aws:s3:::", { "Ref" : "S3Bucket" } ] ] }]
+                },
+                {
+                   "Effect":"Allow",
+                   "Action":[
+                      "s3:PutObject",
+                      "s3:GetObject"
+                   ],
+                   "Resource": [{ "Fn::Join" : ["", [ "arn:aws:s3:::", { "Ref" : "S3Bucket" } , "/*" ] ] }]
+                }
+             ]
+          }
+        }]
+      }
+    },
+
+    "IAMReadWriteKeys" : {
+      "Type" : "AWS::IAM::AccessKey",
+      "Properties" : {
+        "UserName" : { "Ref": "IAMReadWrite" }
+      }
+    }
+
+
+  },
+
+  "Outputs" : {
+    "S3Region" : {
+      "Value" : { "Ref" : "AWS::Region" },
+      "Description" : "Region where the S3 bucket is located."
+    },
+    "S3Bucket" : {
+      "Value" : { "Ref" : "S3Bucket" },
+      "Description" : "Name of the S3 bucket for Pupistry artifacts"
+    },
+    "AgentAccessKeyId" : {
+      "Value" : { "Ref" : "IAMReadOnlyKeys" },
+      "Description" : "AWSAccessKeyId of the read-only IAM user account for use by agents."
+    },
+    "AgentSecretKeyID" : {
+      "Value" : { "Fn::GetAtt" : ["IAMReadOnlyKeys", "SecretAccessKey"] },
+      "Description" : "AWSSecretAccessKey of the read-only IAM user account for use by agents."
+    },
+    "BuildAccessKeyId" : {
+      "Value" : { "Ref" : "IAMReadWriteKeys" },
+      "Description" : "AWSAccessKeyId of the read-write (append-only) IAM user account for use by build workstations."
+    },
+    "BuildSecretKeyID" : {
+      "Value" : { "Fn::GetAtt" : ["IAMReadWriteKeys", "SecretAccessKey"] },
+      "Description" : "AWSSecretAccessKey of the read-write (append-only) IAM user account for use by build workstations."
+    }
+
+  } 
+}

data/resources/bootstrap/BOOTSTRAP_NOTES.md

@@ -0,0 +1,38 @@
+# Bootstrap Scripts
+
+Additional bootstrap scripts for major platforms are always welcome. Please
+submit a pull request for review and if acceptable, will be merged.
+
+
+# Development Guide Lines
+
+DO:
+
+* Install Puppet from the most OS-native source possible - either distribution repos, or Puppetlab's repos.
+* Install Pupistry from the most OS-native source - either distribution repos, or rubygems.
+* Install the latest OS updates for the platform - not all users will want this, but we should provide a good default security example.
+* Wrap the user data in a Bash subshell & log all output to syslog - most systems are headless and it's very useful for debug. Also remember to log the commands being run themselves (`#!/bin/bash -x` will do this for you).
+* Test the script both in cut & paste into your distro, but also via the user-data field of a major provider like AWS or Digital Ocean. Sometimes interesting bugs show up like user-data being run before networking is ready, or some distributions not defining key environmentals when running user data.
+
+DON'T:
+
+* Use third party respositories or download sites, it needs to be stock vendor OS and packages.
+* Execute code from third party sites (eg no wget http://example.com/malware/myscript.sh)
+* Tie user data to any particular cloud provider unless unavoidable for that platform.
+* Make the script any more complex than it needs to be.
+
+
+# Examples
+
+See the "centos-7" or "ubuntu-14.04" templates for examples on how the bootstrap
+templates should be written. The "fedora-any" template also shows an example of
+dealing with networking not being ready and also how to handle frequently
+changing distribution versions.
+
+
+# Life Span
+
+Any distribution that is EOL and no longer supported by either the distribution
+or by Puppetlabs will be subject to removal to keep the bootstrap selection
+modern and clean. Pull requests to clean up cruft are accepted.
+

data/resources/bootstrap/amazon-any.erb

@@ -0,0 +1,44 @@
+#!/bin/bash -x
+# This bootstrap is specifcially for Amazon's Linux AMIs, if you are using
+# other distributions like Ubuntu or CentOS on AWS, use those bootstrap
+# templates.
+#
+# Amazon Linux is based on RHEL, but has a lot more variations that other
+# clones like CentOS, such as shipping with multiple versions of Puppet
+# and Ruby - which is useful, but can also make life.... interesting.
+(
+exec 1> >(logger -s -t user-data) 2>&1
+
+export PATH=$PATH:/usr/local/bin
+
+yum update --assumeyes
+yum install --assumeyes puppet3 ruby-devel rubygems gcc zlib-devel libxml2-devel patch gnupg2
+
+# Not sure why this doesn't get pulled down properly, maybe it's core and
+# Amazon didn't package it properly? Need it for Thor which is used by Pupistry
+gem install io-console
+
+gem install pupistry
+mkdir -p /etc/pupistry
+mkdir -p <%= puppetcode %>
+cat > /etc/pupistry/settings.yaml << "EOF"
+general:
+  app_cache: ~/.pupistry/cache
+  s3_bucket: <%= s3_bucket %>
+  s3_prefix: <%= s3_prefix %>
+  gpg_disable: <%= gpg_disable %>
+  gpg_signing_key: <%= gpg_signing_key %>
+agent:
+  puppetcode: <%= puppetcode %>
+  access_key_id: <%= access_key_id %>
+  secret_access_key: <%= secret_access_key %>
+  region: <%= region %>
+  proxy_uri: <%= proxy_uri %>
+  daemon_frequency: <%= daemon_frequency %>
+  daemon_minimal: <%= daemon_minimal %>
+EOF
+chmod 700 /etc/pupistry/settings.yaml
+chmod 700 <%= puppetcode %>
+pupistry apply --verbose
+
+)

data/resources/bootstrap/centos-7.erb

@@ -0,0 +1,40 @@
+#!/bin/bash -x
+# Bootstrap for CentOS 7 and maybe other EL-derived platforms.
+#
+# Note: Amusingly doesn't actually work on RHEL itself, since ruby-devel
+#       does not seem to exist on it :-/ If you actually care about RHEL
+#       itself, I'll happily accept a pull request that does whatever is
+#       needed to fix ruby-devel on RHEL.
+#
+(
+exec 1> >(logger -s -t user-data) 2>&1
+
+rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
+
+yum update --assumeyes
+yum install --assumeyes puppet ruby-devel rubygems gcc zlib-devel libxml2-devel patch gnupg2
+
+gem install pupistry
+mkdir -p /etc/pupistry
+mkdir -p <%= puppetcode %>
+cat > /etc/pupistry/settings.yaml << "EOF"
+general:
+  app_cache: ~/.pupistry/cache
+  s3_bucket: <%= s3_bucket %>
+  s3_prefix: <%= s3_prefix %>
+  gpg_disable: <%= gpg_disable %>
+  gpg_signing_key: <%= gpg_signing_key %>
+agent:
+  puppetcode: <%= puppetcode %>
+  access_key_id: <%= access_key_id %>
+  secret_access_key: <%= secret_access_key %>
+  region: <%= region %>
+  proxy_uri: <%= proxy_uri %>
+  daemon_frequency: <%= daemon_frequency %>
+  daemon_minimal: <%= daemon_minimal %>
+EOF
+chmod 700 /etc/pupistry/settings.yaml
+chmod 700 <%= puppetcode %>
+pupistry apply --verbose
+
+)

data/resources/bootstrap/debian-7.erb

@@ -0,0 +1,41 @@
+#!/bin/bash -x
+# Bootstrap for Debian 7 stable (Wheezy)
+# It will *probably* work with other Debian versions supported by Puppetlabs.
+# It *might* work with other Debian or Ubuntu derived systems.
+(
+exec 1> >(logger -s -t user-data) 2>&1
+
+wget -O /tmp/puppetlabs-release.deb https://apt.puppetlabs.com/puppetlabs-release-`lsb_release -sc`.deb
+dpkg -i /tmp/puppetlabs-release.deb
+
+export DEBIAN_FRONTEND=noninteractive
+
+apt-get update
+apt-get -y upgrade
+
+apt-get install -y puppet ruby ruby-dev zlib1g-dev libxml2-dev gcc make patch gnupg2
+
+gem install pupistry
+mkdir -p /etc/pupistry
+mkdir -p <%= puppetcode %>
+cat > /etc/pupistry/settings.yaml << "EOF"
+general:
+  app_cache: ~/.pupistry/cache
+  s3_bucket: <%= s3_bucket %>
+  s3_prefix: <%= s3_prefix %>
+  gpg_disable: <%= gpg_disable %>
+  gpg_signing_key: <%= gpg_signing_key %>
+agent:
+  puppetcode: <%= puppetcode %>
+  access_key_id: <%= access_key_id %>
+  secret_access_key: <%= secret_access_key %>
+  region: <%= region %>
+  proxy_uri: <%= proxy_uri %>
+  daemon_frequency: <%= daemon_frequency %>
+  daemon_minimal: <%= daemon_minimal %>
+EOF
+chmod 700 /etc/pupistry/settings.yaml
+chmod 700 <%= puppetcode %>
+pupistry apply --verbose
+
+)

data/resources/bootstrap/debian-8.erb

@@ -0,0 +1,41 @@
+#!/bin/bash -x
+# Bootstrap for Debian 8 stable (Jessie)
+# It will *probably* work with other Debian versions supported by Puppetlabs.
+# It *might* work with other Debian or Ubuntu derived systems.
+(
+exec 1> >(logger -s -t user-data) 2>&1
+
+wget -O /tmp/puppetlabs-release.deb https://apt.puppetlabs.com/puppetlabs-release-`lsb_release -sc`.deb
+dpkg -i /tmp/puppetlabs-release.deb
+
+export DEBIAN_FRONTEND=noninteractive
+
+apt-get update
+apt-get -y upgrade
+
+apt-get install -y puppet ruby ruby-dev zlib1g-dev libxml2-dev gcc make patch gnupg2
+
+gem install pupistry
+mkdir -p /etc/pupistry
+mkdir -p <%= puppetcode %>
+cat > /etc/pupistry/settings.yaml << "EOF"
+general:
+  app_cache: ~/.pupistry/cache
+  s3_bucket: <%= s3_bucket %>
+  s3_prefix: <%= s3_prefix %>
+  gpg_disable: <%= gpg_disable %>
+  gpg_signing_key: <%= gpg_signing_key %>
+agent:
+  puppetcode: <%= puppetcode %>
+  access_key_id: <%= access_key_id %>
+  secret_access_key: <%= secret_access_key %>
+  region: <%= region %>
+  proxy_uri: <%= proxy_uri %>
+  daemon_frequency: <%= daemon_frequency %>
+  daemon_minimal: <%= daemon_minimal %>
+EOF
+chmod 700 /etc/pupistry/settings.yaml
+chmod 700 <%= puppetcode %>
+pupistry apply --verbose
+
+)

data/resources/bootstrap/fedora-any.erb

@@ -0,0 +1,42 @@
+#!/bin/bash -x
+# Bootstrap for Fedora, generally made to be compatible with any version to
+# keep up with the rapid rate of Fedora releases. We don't bother trying to
+# support any version of Fedora older than the current release due to the
+# 6 month EOL.
+(
+# No need for logger with Fedora, cloud-init logs all the user-data output.
+
+# Sometimes Fedora runs user-data before networking is ready, so we should
+# make sure the network is ready before starting to try and downlod stuff!
+t=300; c=0; r=0; until ping -c 1 www.google.com >/dev/null 2>&1 || ((++c >= t)); do r=$?; echo "Waiting for network... ($r)"; done
+
+yum install --assumeyes redhat-lsb-core
+rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-fedora-`lsb_release -sr`.noarch.rpm
+
+yum update --assumeyes
+yum install --assumeyes puppet ruby-devel rubygems gcc zlib-devel libxml2-devel patch gnupg2
+
+gem install pupistry
+mkdir -p /etc/pupistry
+mkdir -p <%= puppetcode %>
+cat > /etc/pupistry/settings.yaml << "EOF"
+general:
+  app_cache: ~/.pupistry/cache
+  s3_bucket: <%= s3_bucket %>
+  s3_prefix: <%= s3_prefix %>
+  gpg_disable: <%= gpg_disable %>
+  gpg_signing_key: <%= gpg_signing_key %>
+agent:
+  puppetcode: <%= puppetcode %>
+  access_key_id: <%= access_key_id %>
+  secret_access_key: <%= secret_access_key %>
+  region: <%= region %>
+  proxy_uri: <%= proxy_uri %>
+  daemon_frequency: <%= daemon_frequency %>
+  daemon_minimal: <%= daemon_minimal %>
+EOF
+chmod 700 /etc/pupistry/settings.yaml
+chmod 700 <%= puppetcode %>
+pupistry apply --verbose
+
+)

data/resources/bootstrap/freebsd-10.erb

@@ -0,0 +1,41 @@
+#!/bin/tcsh -x
+# This bootstrap is for FreeBSD 10.x which has most of the same principals of
+# Linux, but we have had to make some variations to account for tcsh weirdness
+# vs the general behavior we expect from bash on Linux distributions
+
+# Known Issues:
+# * AWS and Digital Ocean issues:
+#   http://www.jethrocarr.com/2015/04/19/freebsd-in-the-cloud/
+# * Puppet and PkgNg issues:
+#   https://www.jethrocarr.com/2015/04/22/puppet-3-and-4-on-freebsd/
+# * tcsh makes capturing all the output to syslog difficult, so we don't do it.
+# * We can't rely on Bash, since it's not available in FreeBSD by default.
+#
+
+env ASSUME_ALWAYS_YES=YES pkg bootstrap
+env ASSUME_ALWAYS_YES=YES pkg upgrade --yes
+env ASSUME_ALWAYS_YES=YES pkg install --yes ruby devel/ruby-gems puppet gnupg
+
+/usr/local/bin/gem install pupistry
+mkdir -p /usr/local/etc/pupistry
+mkdir -p /usr/local/etc/puppetlabs/code/environments
+cat > /usr/local/etc/pupistry/settings.yaml << EOF
+general:
+  app_cache: ~/.pupistry/cache
+  s3_bucket: <%= s3_bucket %>
+  s3_prefix: <%= s3_prefix %>
+  gpg_disable: <%= gpg_disable %>
+  gpg_signing_key: <%= gpg_signing_key %>
+agent:
+  puppetcode: /usr/local/etc/puppetlabs/code/environments
+  access_key_id: <%= access_key_id %>
+  secret_access_key: <%= secret_access_key %>
+  region: <%= region %>
+  proxy_uri: <%= proxy_uri %>
+  daemon_frequency: <%= daemon_frequency %>
+  daemon_minimal: <%= daemon_minimal %>
+EOF
+chmod 700 /usr/local/etc/pupistry
+chmod 700 /usr/local/etc/puppetlabs/code/environments
+pupistry apply --verbose
+

data/resources/bootstrap/ubuntu-14.04.erb

@@ -0,0 +1,41 @@
+#!/bin/bash -x
+# Bootstrap for Ubuntu 14.04 LTS (Trusty)
+# It will *probably* work with other Ubuntu versions supported by Puppetlabs.
+# It *might* work with other Ubuntu or Debian derived systems.
+(
+exec 1> >(logger -s -t user-data) 2>&1
+
+wget -O /tmp/puppetlabs-release.deb https://apt.puppetlabs.com/puppetlabs-release-`lsb_release -sc`.deb
+dpkg -i /tmp/puppetlabs-release.deb
+
+export DEBIAN_FRONTEND=noninteractive
+
+apt-get update
+apt-get -y upgrade
+
+apt-get install -y puppet ruby ruby-dev zlib1g-dev libxml2-dev gcc make patch gnupg2
+
+gem install pupistry
+mkdir -p /etc/pupistry
+mkdir -p <%= puppetcode %>
+cat > /etc/pupistry/settings.yaml << "EOF"
+general:
+  app_cache: ~/.pupistry/cache
+  s3_bucket: <%= s3_bucket %>
+  s3_prefix: <%= s3_prefix %>
+  gpg_disable: <%= gpg_disable %>
+  gpg_signing_key: <%= gpg_signing_key %>
+agent:
+  puppetcode: <%= puppetcode %>
+  access_key_id: <%= access_key_id %>
+  secret_access_key: <%= secret_access_key %>
+  region: <%= region %>
+  proxy_uri: <%= proxy_uri %>
+  daemon_frequency: <%= daemon_frequency %>
+  daemon_minimal: <%= daemon_minimal %>
+EOF
+chmod 700 /etc/pupistry/settings.yaml
+chmod 700 <%= puppetcode %>
+pupistry apply --verbose
+
+)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pupistry
 version: !ruby/object:Gem::Version
-  version: 0.0.12
+  version: 0.0.13
 platform: ruby
 authors:
 - Jethro Carr
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-04-24 00:00:00.000000000 Z
+date: 2015-05-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-v1
@@ -95,6 +95,16 @@ files:
 - lib/pupistry/config.rb
 - lib/pupistry/gpg.rb
 - lib/pupistry/storage_aws.rb
+- resources/aws/cfn_pupistry_bucket_and_iam.template
+- resources/aws/README_AWS.md
+- resources/bootstrap/amazon-any.erb
+- resources/bootstrap/BOOTSTRAP_NOTES.md
+- resources/bootstrap/centos-7.erb
+- resources/bootstrap/debian-7.erb
+- resources/bootstrap/debian-8.erb
+- resources/bootstrap/fedora-any.erb
+- resources/bootstrap/freebsd-10.erb
+- resources/bootstrap/ubuntu-14.04.erb
 - README.md
 - settings.example.yaml
 homepage: https://github.com/jethrocarr/pupistry