pupistry 1.4.0 → 1.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +33 -33
- data/lib/pupistry/artifact.rb +1 -1
- data/lib/pupistry/hieracrypt.rb +14 -6
- data/lib/pupistry/storage_aws.rb +9 -1
- data/lib/pupistry/version.rb +1 -1
- data/resources/aws/README_AWS.md +3 -3
- data/resources/bootstrap/BOOTSTRAP_NOTES.md +3 -3
- data/resources/bootstrap/fedora-any.erb +1 -4
- data/resources/bootstrap/openbsd-6.0.erb +53 -0
- data/resources/bootstrap/ubuntu-16.04-puppet4.erb +48 -0
- data/resources/bootstrap/ubuntu-16.04.erb +39 -0
- data/resources/packer/PACKER_NOTES.md +5 -5
- data/settings.example.yaml +5 -0
- metadata +6 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3592a1a26670a659f59808e3cee82a64852e43bf
|
4
|
+
data.tar.gz: 2c38660daaa902a4f82353405ef3cc06be17297a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 696c60d351a9aa13e736301286fdc4f8d7411fe079b73944ebb4a8ed8519716ada4031b9efa3ebb18159160743e6e70fb4277e35e652f7aca34338fe77f28cb3
|
7
|
+
data.tar.gz: 375d678d998288c046c3fe8fbc429a8ffc11a649a5000bc1ba2246382b011e6c292e773434e467bc7d3027840bf7b2aea06bccb74aefbd40f77edc9b857e4b80
|
data/README.md
CHANGED
@@ -3,14 +3,14 @@
|
|
3
3
|
[![Build Status](https://travis-ci.org/jethrocarr/pupistry.svg)](https://travis-ci.org/jethrocarr/pupistry)
|
4
4
|
|
5
5
|
Pupistry (puppet + artistry) is a solution for implementing reliable and secure
|
6
|
-
masterless puppet deployments by taking Puppet modules assembled by r10k and
|
7
|
-
generating
|
6
|
+
masterless puppet deployments by taking Puppet modules assembled by `r10k` and
|
7
|
+
generating compressed and signed archives for distribution to the masterless
|
8
8
|
servers.
|
9
9
|
|
10
|
-
Pupistry builds on the functionality offered by the r10k workflow but rather
|
10
|
+
Pupistry builds on the functionality offered by the `r10k` workflow but rather
|
11
11
|
than requiring the implementing of site-specific custom bootstrap and custom
|
12
|
-
workflow mechanisms, Pupistry executes r10k
|
13
|
-
and then generates a
|
12
|
+
workflow mechanisms, Pupistry executes `r10k`, assembles the combined modules
|
13
|
+
and then generates a compressed artifact file. It then optionally signs the
|
14
14
|
artifact with GPG and finally uploads it into an Amazon S3 bucket along with a
|
15
15
|
manifest file.
|
16
16
|
|
@@ -30,12 +30,12 @@ Masterless Puppet is a great solution for anyone wanting to avoid scaling issues
|
|
30
30
|
and risk of centralised failure due to a central Puppet master, but it does bring
|
31
31
|
a number of issues with it.
|
32
32
|
|
33
|
-
1. Having to setup deployer keys to every
|
34
|
-
2. Your system build success is dependent on all the
|
33
|
+
1. Having to setup deployer keys to every Git repo used is a maintainance headache. Pupistry means only your workstation needs access, which presumably will have access to most/all repos already.
|
34
|
+
2. Your system build success is dependent on all the Git repos you've used, including any third parties that could vanish. A single missing or broken repo could prevent autoscaling or new machine builds at a critical time. Pupistry's use of artifact files prevents surprises - if you can hit S3, you're sorted.
|
35
35
|
3. It is easy for malicious code in the third party repos to slip in without noticing. Even if the author themselves is honest, not all repos have proper security like two-factor. Pupistry prevents surprise updates of modules and also has an easy diff feature to see what changed since you last generated an artifact.
|
36
|
-
4. Puppet masterless tends to be implemented in many different ways using everyone's own hacky scripts. Pupistry's goal is to create a singular standard
|
37
|
-
5. No dodgy cronjobs running r10k and Puppet in weird ways. A simple clean agent with daemon or run-once functionality.
|
38
|
-
6. Performance - Go from 30+ seconds r10k update checks to 2 second Pupistry update checks. And when there is a change, it's a fast efficent compressed file download from S3 rather than pulling numerious
|
36
|
+
4. Puppet masterless tends to be implemented in many different ways using everyone's own hacky scripts. Pupistry's goal is to create a singular standard approach to masterless, in the same way that `r10k` created a standard approach to Git-based Puppet workflows. And this makes things easy - install Pupistry, add the companion Puppet module and run the bootstrap script. Easy!
|
37
|
+
5. No dodgy cronjobs running `r10k` and Puppet in weird ways. A simple clean agent with daemon or run-once functionality.
|
38
|
+
6. Performance - Go from 30+ seconds `r10k` update checks to 2 second Pupistry update checks. And when there is a change, it's a fast efficent compressed file download from S3 rather than pulling numerious Git repos.
|
39
39
|
|
40
40
|
|
41
41
|
|
@@ -66,8 +66,8 @@ Build a new artifact:
|
|
66
66
|
Tip: Run pupistry diff to see what changed since the last artifact version
|
67
67
|
|
68
68
|
|
69
|
-
Note that artifact builds are done from the upstream
|
70
|
-
have made changes, remember to git push first before generating. The tool will
|
69
|
+
Note that artifact builds are done from the upstream Git repos, so if you
|
70
|
+
have made changes, remember to `git push` first before generating. The tool will
|
71
71
|
remind you if it detects nothing has changed since the last run.
|
72
72
|
|
73
73
|
Once your artifact is built, you can double check what has changed in the
|
@@ -141,7 +141,7 @@ with AWS, you can make it part of the stack itself.
|
|
141
141
|
|
142
142
|
These bootstraps aren't mandatory, if you prefer a different approach you can
|
143
143
|
use these as an example and write your own - generally the essential bit is to
|
144
|
-
get puppet installed, get pupistry (and deps to build
|
144
|
+
get puppet installed, get pupistry (and deps to build its gems) installed and
|
145
145
|
write the config before finally executing your first Pupistry/Puppet run.
|
146
146
|
|
147
147
|
If using AWS and IAM Roles feature, it is acceptable for access_key_id and
|
@@ -151,12 +151,12 @@ account with read-only access to the configured S3 bucket!
|
|
151
151
|
|
152
152
|
## Running Puppet on target nodes
|
153
153
|
|
154
|
-
Pupistry replaces the need to call Puppet directly. Instead, call Pupistry
|
155
|
-
|
154
|
+
Pupistry replaces the need to call Puppet directly. Instead, call Pupistry and
|
155
|
+
it will handle getting the artifact and then executing Puppet for you. It
|
156
156
|
respects some parameters like --environment and --noop for easy testing of new
|
157
157
|
manifests and modules.
|
158
158
|
|
159
|
-
At
|
159
|
+
At its simplest, to apply the current Puppet manifests:
|
160
160
|
|
161
161
|
$ pupistry apply
|
162
162
|
I, [2015-04-10T00:44:40.623101 #6726] INFO -- : Pulling latest artifact....
|
@@ -258,7 +258,7 @@ Once status is CREATE_COMPLETE, you can get all the outputs from the stack with:
|
|
258
258
|
|
259
259
|
aws cloudformation describe-stacks --query "Stacks[*].Outputs[*]" --stack-name pupistry-resources-changeme
|
260
260
|
|
261
|
-
You now need to edit `~/.pupistry/settings.yaml` and enter in the
|
261
|
+
You now need to edit `~/.pupistry/settings.yaml` and enter in the equivalent
|
262
262
|
OutputValue for the following labels:
|
263
263
|
|
264
264
|
general:
|
@@ -281,16 +281,16 @@ OutputValue for the following labels:
|
|
281
281
|
|
282
282
|
### Puppet Code Structure
|
283
283
|
|
284
|
-
The following is the expected
|
284
|
+
The following is the expected minimum structure of the Puppetcode repository to
|
285
285
|
enable it to work with Pupistry:
|
286
286
|
|
287
287
|
/Puppetfile
|
288
288
|
/hiera.yaml
|
289
289
|
/manifests/site.pp
|
290
290
|
|
291
|
-
Puppetfile is standard r10k and site.pp is standard Puppet. The Hiera config
|
291
|
+
`Puppetfile` is standard `r10k` and `site.pp` is standard Puppet. The Hiera config
|
292
292
|
is generally normal, but you do need to define a datadir to tell Puppet to look
|
293
|
-
where the
|
293
|
+
where the puppet code gets unpacked to. Generally the following sample Hiera
|
294
294
|
will do the trick:
|
295
295
|
|
296
296
|
---
|
@@ -312,7 +312,7 @@ the `datadir` parameter in Hiera to a fixed path and the `puppetcode` parameter
|
|
312
312
|
in Pupistry to be the exact same value, since `%{::settings::confdir}` will
|
313
313
|
differ between Pupistry and masterful Puppet.
|
314
314
|
|
315
|
-
Pupistry will default to applying the
|
315
|
+
Pupistry will default to applying the `master` branch if one is not listed, if
|
316
316
|
you are doing branch-based environments, you can specifiy when bootstrapping
|
317
317
|
and override on a per-execution basis with `--environment`.
|
318
318
|
|
@@ -320,11 +320,11 @@ You'll notice pretty quickly if something is broken when doing `pupistry apply`
|
|
320
320
|
|
321
321
|
Confused? No worried, check out the sample repo that shows a very simple setup.
|
322
322
|
You can copy this and start your own Puppet adventure, just add in your modules
|
323
|
-
to Puppetfile and add them to the
|
323
|
+
to `Puppetfile` and add them to the relevant machines in `manifests/site.pp`.
|
324
324
|
|
325
325
|
https://github.com/jethrocarr/pupistry-samplepuppet
|
326
326
|
|
327
|
-
TODO: Longer term intend to add support for various popular
|
327
|
+
TODO: Longer term intend to add support for various popular structures, but
|
328
328
|
for now it is what it is. It's not hard, check out bin/puppistry and send
|
329
329
|
pull requests.
|
330
330
|
|
@@ -342,9 +342,9 @@ operation.
|
|
342
342
|
You can fetch the module from:
|
343
343
|
https://github.com/jethrocarr/puppet-pupistry
|
344
344
|
|
345
|
-
If you're doing r10k and Puppet masterless from scratch, this is probably
|
346
|
-
something you want to make life easy. With r10k
|
347
|
-
Puppetfile
|
345
|
+
If you're doing `r10k` and Puppet masterless from scratch, this is probably
|
346
|
+
something you want to make life easy. With `r10k`, just add the following to your
|
347
|
+
`Puppetfile`:
|
348
348
|
|
349
349
|
# Install the Pupistry companion module
|
350
350
|
mod 'jethrocarr/pupistry'
|
@@ -361,7 +361,7 @@ And include the pupistry module in all your systems:
|
|
361
361
|
}
|
362
362
|
|
363
363
|
|
364
|
-
## 4. Building
|
364
|
+
## 4. Building your first node (Bootstrapping)
|
365
365
|
|
366
366
|
No need for manual configuration of your servers/nodes, you just need to build
|
367
367
|
your first artifact with Pupistry (`pupistry build && pupistry push`) and then
|
@@ -383,7 +383,7 @@ skills to make your node actually do something useful. :-)
|
|
383
383
|
|
384
384
|
## 5. (optional) Baking an image with Packer
|
385
385
|
|
386
|
-
Note that the node initialisation process is still
|
386
|
+
Note that the node initialisation process is still susceptible to weaknesses
|
387
387
|
such as a bug in a new version of Puppet or Pupistry, or changes to the OS
|
388
388
|
packages. If this is a concern/issue for you and you want complete reliability,
|
389
389
|
then use the user data to build a host pre-loaded with Puppet and Pupistry and
|
@@ -429,7 +429,7 @@ https://www.jethrocarr.com/2015/05/10/setting-up-and-using-pupistry
|
|
429
429
|
|
430
430
|
By following this tutorial you can go from nothing, to having a complete up
|
431
431
|
and running masterless Puppet environment using Pupistry. It covers the very
|
432
|
-
basics of setting up your r10k environment.
|
432
|
+
basics of setting up your `r10k` environment.
|
433
433
|
|
434
434
|
|
435
435
|
# GPG Notes
|
@@ -457,7 +457,7 @@ would be from you accidentally sharing your IAM credentials in the wrong place,
|
|
457
457
|
or an exploited build server.
|
458
458
|
|
459
459
|
|
460
|
-
# Securing
|
460
|
+
# Securing Hiera with HieraCrypt
|
461
461
|
|
462
462
|
In a standard Puppet master situation, the Puppet master parses the Hiera data
|
463
463
|
and then passes only the values that apply to a particular host to it. But with
|
@@ -511,7 +511,7 @@ against their key.
|
|
511
511
|
|
512
512
|
## Use r10k
|
513
513
|
|
514
|
-
Currently only an r10k workflow is supported. Pull requests for others (eg
|
514
|
+
Currently only an `r10k` workflow is supported. Pull requests for others (eg
|
515
515
|
Librarian Puppet) are welcome, but it's not a priority for this author as r10k
|
516
516
|
is working nicely.
|
517
517
|
|
@@ -536,7 +536,7 @@ Please see resources/bootstrap/BOOTSTRAP_NOTES.md for more details on how to
|
|
536
536
|
write and debug bootstrap templates.
|
537
537
|
|
538
538
|
|
539
|
-
##
|
539
|
+
## Continuous Deployment
|
540
540
|
|
541
541
|
A lot of what Pupistry does can also be accomplished by various home-grown
|
542
542
|
Continious Deployment (CD) solutions using platforms like Jenkins or Bamboo. CD
|
@@ -566,7 +566,7 @@ author.
|
|
566
566
|
|
567
567
|
# Developing
|
568
568
|
|
569
|
-
When developing Pupistry, you can run the
|
569
|
+
When developing Pupistry, you can run the Git repo copy with:
|
570
570
|
|
571
571
|
gem install bundler
|
572
572
|
bundle install
|
data/lib/pupistry/artifact.rb
CHANGED
@@ -425,7 +425,7 @@ module Pupistry
|
|
425
425
|
tar = Pupistry::Config.which_tar
|
426
426
|
$logger.debug "Using tar at #{tar}"
|
427
427
|
|
428
|
-
if system "#{tar} -
|
428
|
+
if system "#{tar} -xzf ../artifact.#{@checksum}.tar.gz"
|
429
429
|
$logger.debug "Successfully unpacked artifact #{@checksum}"
|
430
430
|
else
|
431
431
|
$logger.error "Unable to unpack artifact files to #{Dir.pwd}"
|
data/lib/pupistry/hieracrypt.rb
CHANGED
@@ -152,6 +152,10 @@ module Pupistry
|
|
152
152
|
if puppet_facts['environment'] == nil
|
153
153
|
puppet_facts['environment'] = env
|
154
154
|
end
|
155
|
+
|
156
|
+
if puppet_facts['environment'] == ""
|
157
|
+
puppet_facts['environment'] = env
|
158
|
+
end
|
155
159
|
end
|
156
160
|
|
157
161
|
|
@@ -202,12 +206,16 @@ module Pupistry
|
|
202
206
|
|
203
207
|
hiera_rules.each do |rule|
|
204
208
|
for file in Dir.glob("hieradata/#{rule}.*")
|
205
|
-
|
206
|
-
|
207
|
-
|
208
|
-
|
209
|
-
|
210
|
-
|
209
|
+
if /\/\.\.?$/.match(file)
|
210
|
+
# If we end up with /. or /.. in the glob, exclude.
|
211
|
+
$logger.debug " - Excluding invalid file #{file}"
|
212
|
+
else
|
213
|
+
$logger.debug " - #{file}"
|
214
|
+
|
215
|
+
file_rel = file.sub("hieradata/", "")
|
216
|
+
FileUtils.mkdir_p "hieracrypt.#{node}/#{File.dirname(file_rel)}"
|
217
|
+
FileUtils.cp file, "hieracrypt.#{node}/#{file_rel}"
|
218
|
+
end
|
211
219
|
end
|
212
220
|
end
|
213
221
|
|
data/lib/pupistry/storage_aws.rb
CHANGED
@@ -42,7 +42,15 @@ module Pupistry
|
|
42
42
|
end
|
43
43
|
|
44
44
|
# Setup S3 bucket
|
45
|
-
|
45
|
+
if defined? $config['general']['s3_endpoint'] and $config['general']['s3_endpoint'] != nil
|
46
|
+
$logger.debug 'Connecting to alternative endpoint ' + $config['general']['s3_endpoint']
|
47
|
+
@s3 = AWS::S3.new(
|
48
|
+
s3_endpoint: $config['general']['s3_endpoint'],
|
49
|
+
s3_force_path_style: true,
|
50
|
+
)
|
51
|
+
else
|
52
|
+
@s3 = AWS::S3.new
|
53
|
+
end
|
46
54
|
@bucket = @s3.buckets[$config[mode]['s3_bucket']]
|
47
55
|
end
|
48
56
|
|
data/lib/pupistry/version.rb
CHANGED
data/resources/aws/README_AWS.md
CHANGED
@@ -14,7 +14,7 @@ enter your specific details (like desired bucket name) and it will go and build
|
|
14
14
|
a complete setup of the AWS resources needed for using Pupistry that is
|
15
15
|
suitable for most end users.
|
16
16
|
|
17
|
-
|
17
|
+
Alternatively, if you have complex requirements, feel free to incorporate the
|
18
18
|
ideas and examples of this stack into your own design.
|
19
19
|
|
20
20
|
Building the stack (simple):
|
@@ -42,8 +42,8 @@ Make sure the stack has finished building/is built:
|
|
42
42
|
|
43
43
|
aws cloudformation describe-stacks --query "Stacks[*].StackStatus" --stack-name pupistry-resources
|
44
44
|
|
45
|
-
Status should be
|
46
|
-
build. If set to
|
45
|
+
Status should be `COMPLETE`, if it is set to `ROLLBACK` then it has failed to
|
46
|
+
build. If set to `CREATE_IN_PROGRESS` then you need to give it more time.
|
47
47
|
|
48
48
|
|
49
49
|
Fetching details from the stack:
|
@@ -17,15 +17,15 @@ DO:
|
|
17
17
|
DON'T:
|
18
18
|
|
19
19
|
* Use third party respositories or download sites, it needs to be stock vendor OS and packages.
|
20
|
-
* Execute code from third party sites (eg no wget http://example.com/malware/myscript.sh)
|
20
|
+
* Execute code from third party sites (eg no `wget http://example.com/malware/myscript.sh`)
|
21
21
|
* Tie user data to any particular cloud provider unless unavoidable for that platform.
|
22
22
|
* Make the script any more complex than it needs to be.
|
23
23
|
|
24
24
|
|
25
25
|
# Examples
|
26
26
|
|
27
|
-
See the
|
28
|
-
templates should be written. The
|
27
|
+
See the `centos-7` or `ubuntu-14.04` templates for examples on how the bootstrap
|
28
|
+
templates should be written. The `fedora-any` template also shows an example of
|
29
29
|
dealing with networking not being ready and also how to handle frequently
|
30
30
|
changing distribution versions.
|
31
31
|
|
@@ -10,11 +10,8 @@
|
|
10
10
|
# make sure the network is ready before starting to try and downlod stuff!
|
11
11
|
t=300; c=0; r=0; until ping -c 1 www.google.com >/dev/null 2>&1 || ((++c >= t)); do r=$?; echo "Waiting for network... ($r)"; done
|
12
12
|
|
13
|
-
yum install --assumeyes redhat-lsb-core
|
14
|
-
rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-fedora-`lsb_release -sr`.noarch.rpm
|
15
|
-
|
16
13
|
yum update --assumeyes
|
17
|
-
yum install --assumeyes puppet ruby-devel rubygems gcc zlib-devel libxml2-devel patch gnupg
|
14
|
+
yum install --assumeyes puppet ruby-devel rubygems gcc zlib-devel libxml2-devel patch gnupg redhat-rpm-config
|
18
15
|
|
19
16
|
gem install pupistry --no-ri --no-rdoc
|
20
17
|
mkdir -p /etc/pupistry
|
@@ -0,0 +1,53 @@
|
|
1
|
+
#!/bin/ksh
|
2
|
+
|
3
|
+
echo \
|
4
|
+
'installpath = http://YOURMIRRORHERE/pub/OpenBSD/%c/packages/%a/' \
|
5
|
+
> /etc/pkg.conf
|
6
|
+
|
7
|
+
# need iconv for nokogiri gem build
|
8
|
+
pkg_add ruby-2.3.1p2 libiconv
|
9
|
+
ln -sf /usr/local/bin/ruby23 /usr/local/bin/ruby
|
10
|
+
ln -sf /usr/local/bin/erb23 /usr/local/bin/erb
|
11
|
+
ln -sf /usr/local/bin/irb23 /usr/local/bin/irb
|
12
|
+
ln -sf /usr/local/bin/rdoc23 /usr/local/bin/rdoc
|
13
|
+
ln -sf /usr/local/bin/ri23 /usr/local/bin/ri
|
14
|
+
ln -sf /usr/local/bin/rake23 /usr/local/bin/rake
|
15
|
+
ln -sf /usr/local/bin/gem23 /usr/local/bin/gem
|
16
|
+
|
17
|
+
# modify RubyGems defaults so gem executables don't all get names
|
18
|
+
# like thor23 and puppet23 and pupistry23 because frankly this
|
19
|
+
# sucks and the alternative (moar symlinks) sucks even more
|
20
|
+
osdefaults_path=/usr/local/lib/ruby/2.3/rubygems/defaults
|
21
|
+
mkdir -p $osdefaults_path
|
22
|
+
cat > $osdefaults_path/operating_system.rb << "OSDEFAULTSRB"
|
23
|
+
module Gem
|
24
|
+
def self.default_exec_format
|
25
|
+
'%s'
|
26
|
+
end
|
27
|
+
end
|
28
|
+
OSDEFAULTSRB
|
29
|
+
|
30
|
+
gem install puppet pupistry --no-ri --no-rdoc
|
31
|
+
|
32
|
+
mkdir -p /etc/pupistry
|
33
|
+
mkdir -p <%= puppetcode %>
|
34
|
+
cat > /etc/pupistry/settings.yaml << "EOF"
|
35
|
+
general:
|
36
|
+
app_cache: ~/.pupistry/cache
|
37
|
+
s3_bucket: <%= s3_bucket %>
|
38
|
+
s3_prefix: <%= s3_prefix %>
|
39
|
+
gpg_disable: <%= gpg_disable %>
|
40
|
+
gpg_signing_key: <%= gpg_signing_key %>
|
41
|
+
agent:
|
42
|
+
puppetcode: <%= puppetcode %>
|
43
|
+
access_key_id: <%= access_key_id %>
|
44
|
+
secret_access_key: <%= secret_access_key %>
|
45
|
+
region: <%= region %>
|
46
|
+
proxy_uri: <%= proxy_uri %>
|
47
|
+
daemon_frequency: <%= daemon_frequency %>
|
48
|
+
daemon_minimal: <%= daemon_minimal %>
|
49
|
+
environment: <%= environment %>
|
50
|
+
EOF
|
51
|
+
chmod 700 /etc/pupistry/settings.yaml
|
52
|
+
chmod 700 <%= puppetcode %>
|
53
|
+
pupistry apply --verbose
|
@@ -0,0 +1,48 @@
|
|
1
|
+
#!/bin/bash -x
|
2
|
+
# Bootstrap for Ubuntu 16.04 LTS (Xenial)
|
3
|
+
# This version of the bootstrap file uses the upstream Puppet 4 series from
|
4
|
+
# Puppetlabs, which differs from Puppet 3.8 series supplied with Ubuntu and
|
5
|
+
# may break environments that are not prepared for Puppet 4.
|
6
|
+
(
|
7
|
+
exec 1> >(logger -s -t user-data) 2>&1
|
8
|
+
|
9
|
+
wget -O /tmp/puppetlabs-release.deb https://apt.puppetlabs.com/puppetlabs-release-pc1-`lsb_release -sc`.deb
|
10
|
+
dpkg -i /tmp/puppetlabs-release.deb
|
11
|
+
|
12
|
+
export DEBIAN_FRONTEND=noninteractive
|
13
|
+
|
14
|
+
apt-get update
|
15
|
+
apt-get -y upgrade
|
16
|
+
|
17
|
+
apt-get install -y puppet-agent ruby ruby-dev zlib1g-dev libxml2-dev gcc make patch gnupg2
|
18
|
+
|
19
|
+
update-alternatives --install /usr/bin/puppet puppet /opt/puppetlabs/bin/puppet 1
|
20
|
+
update-alternatives --install /usr/bin/facter facter /opt/puppetlabs/bin/facter 1
|
21
|
+
update-alternatives --install /usr/bin/hiera hiera /opt/puppetlabs/bin/hiera 1
|
22
|
+
update-alternatives --install /usr/bin/mco mco /opt/puppetlabs/bin/mco 1
|
23
|
+
|
24
|
+
gem install pupistry --no-ri --no-rdoc
|
25
|
+
mkdir -p /etc/pupistry
|
26
|
+
mkdir -p <%= puppetcode %>
|
27
|
+
cat > /etc/pupistry/settings.yaml << "EOF"
|
28
|
+
general:
|
29
|
+
app_cache: ~/.pupistry/cache
|
30
|
+
s3_bucket: <%= s3_bucket %>
|
31
|
+
s3_prefix: <%= s3_prefix %>
|
32
|
+
gpg_disable: <%= gpg_disable %>
|
33
|
+
gpg_signing_key: <%= gpg_signing_key %>
|
34
|
+
agent:
|
35
|
+
puppetcode: <%= puppetcode %>
|
36
|
+
access_key_id: <%= access_key_id %>
|
37
|
+
secret_access_key: <%= secret_access_key %>
|
38
|
+
region: <%= region %>
|
39
|
+
proxy_uri: <%= proxy_uri %>
|
40
|
+
daemon_frequency: <%= daemon_frequency %>
|
41
|
+
daemon_minimal: <%= daemon_minimal %>
|
42
|
+
environment: <%= environment %>
|
43
|
+
EOF
|
44
|
+
chmod 700 /etc/pupistry/settings.yaml
|
45
|
+
chmod 700 <%= puppetcode %>
|
46
|
+
pupistry apply --verbose
|
47
|
+
|
48
|
+
)
|
@@ -0,0 +1,39 @@
|
|
1
|
+
#!/bin/bash -x
|
2
|
+
# Bootstrap for Ubuntu 16.04 LTS (Xenial)
|
3
|
+
# It will *probably* work with other Ubuntu versions supported by Puppetlabs.
|
4
|
+
# It *might* work with other Ubuntu or Debian derived systems.
|
5
|
+
(
|
6
|
+
exec 1> >(logger -s -t user-data) 2>&1
|
7
|
+
|
8
|
+
export DEBIAN_FRONTEND=noninteractive
|
9
|
+
|
10
|
+
apt-get update
|
11
|
+
apt-get -y upgrade
|
12
|
+
|
13
|
+
apt-get install -y puppet ruby ruby-dev zlib1g-dev libxml2-dev gcc make patch gnupg2
|
14
|
+
|
15
|
+
gem install pupistry --no-ri --no-rdoc
|
16
|
+
mkdir -p /etc/pupistry
|
17
|
+
mkdir -p <%= puppetcode %>
|
18
|
+
cat > /etc/pupistry/settings.yaml << "EOF"
|
19
|
+
general:
|
20
|
+
app_cache: ~/.pupistry/cache
|
21
|
+
s3_bucket: <%= s3_bucket %>
|
22
|
+
s3_prefix: <%= s3_prefix %>
|
23
|
+
gpg_disable: <%= gpg_disable %>
|
24
|
+
gpg_signing_key: <%= gpg_signing_key %>
|
25
|
+
agent:
|
26
|
+
puppetcode: <%= puppetcode %>
|
27
|
+
access_key_id: <%= access_key_id %>
|
28
|
+
secret_access_key: <%= secret_access_key %>
|
29
|
+
region: <%= region %>
|
30
|
+
proxy_uri: <%= proxy_uri %>
|
31
|
+
daemon_frequency: <%= daemon_frequency %>
|
32
|
+
daemon_minimal: <%= daemon_minimal %>
|
33
|
+
environment: <%= environment %>
|
34
|
+
EOF
|
35
|
+
chmod 700 /etc/pupistry/settings.yaml
|
36
|
+
chmod 700 <%= puppetcode %>
|
37
|
+
pupistry apply --verbose
|
38
|
+
|
39
|
+
)
|
@@ -8,7 +8,7 @@ is very useful when doing autoscaling and you need fast, consistent startup
|
|
8
8
|
times.
|
9
9
|
|
10
10
|
The packer templates provided will build an image which has Pupistry installed
|
11
|
-
and will apply any manifests that match hostname of
|
11
|
+
and will apply any manifests that match hostname of `packer`. This should give
|
12
12
|
you a good general purpose image, but if you want to autoscale a particular app
|
13
13
|
you may wish to build packer images using specific hostnames to match your
|
14
14
|
Puppet manifests
|
@@ -19,17 +19,17 @@ submit a pull request for review and if acceptable, will be merged.
|
|
19
19
|
|
20
20
|
# Usage
|
21
21
|
|
22
|
-
Refer to the main application README.md file for usage information.
|
22
|
+
Refer to the main application `README.md` file for usage information.
|
23
23
|
|
24
24
|
|
25
25
|
# Development Notes
|
26
26
|
|
27
27
|
The filenames of the templates must be in the format of
|
28
|
-
PLATFORM_OPERATINGSYSTEM.json.erb
|
28
|
+
`PLATFORM_OPERATINGSYSTEM.json.erb`, this is intentional since `OPERATINGSYSTEM`
|
29
29
|
then matches one of the OSes in the bootstrap directory and we can
|
30
30
|
automatically populate the inline shell commands.
|
31
31
|
|
32
|
-
When debugging broken packer template runs, add
|
32
|
+
When debugging broken packer template runs, add `-debug` to the build command
|
33
33
|
to have control over stepping through the build process. This will give you
|
34
34
|
the ability to log into the instance before it gets terminated to do any
|
35
35
|
debugging on the system if needed.
|
@@ -37,7 +37,7 @@ debugging on the system if needed.
|
|
37
37
|
|
38
38
|
# Examples
|
39
39
|
|
40
|
-
See the
|
40
|
+
See the `aws_amazon-any.json.erb` template for an example on how the templates
|
41
41
|
should be written for AWS.
|
42
42
|
|
43
43
|
|
data/settings.example.yaml
CHANGED
@@ -10,6 +10,11 @@ general:
|
|
10
10
|
# the latest version of the artifacts.
|
11
11
|
app_cache: ~/.pupistry/cache
|
12
12
|
|
13
|
+
# Some users like to use Pupistry with a non-AWS S3 endpoint such as Minio
|
14
|
+
# which requires setting an alternative endpoint below. DO NOT UNCOMMENT IF
|
15
|
+
# USING STANDARD AWS S3.
|
16
|
+
# s3_endpoint: s3.notaws.example.com
|
17
|
+
|
13
18
|
# The S3 bucket must be set in order to have a place to push and
|
14
19
|
# pull artifact and manifests from. This bucket should be PRIVATE, we
|
15
20
|
# only want your servers accessing the files!
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pupistry
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.5.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jethro Carr
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-
|
11
|
+
date: 2016-09-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -205,7 +205,10 @@ files:
|
|
205
205
|
- resources/bootstrap/debian-8.erb
|
206
206
|
- resources/bootstrap/fedora-any.erb
|
207
207
|
- resources/bootstrap/freebsd-10.erb
|
208
|
+
- resources/bootstrap/openbsd-6.0.erb
|
208
209
|
- resources/bootstrap/ubuntu-14.04.erb
|
210
|
+
- resources/bootstrap/ubuntu-16.04-puppet4.erb
|
211
|
+
- resources/bootstrap/ubuntu-16.04.erb
|
209
212
|
- resources/packer/aws_amazon-any.json.erb
|
210
213
|
- resources/packer/aws_freebsd-10.json.erb
|
211
214
|
- resources/packer/aws_ubuntu-14.04.json.erb
|
@@ -232,7 +235,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
232
235
|
version: '0'
|
233
236
|
requirements: []
|
234
237
|
rubyforge_project:
|
235
|
-
rubygems_version: 2.0.14
|
238
|
+
rubygems_version: 2.0.14.1
|
236
239
|
signing_key:
|
237
240
|
specification_version: 4
|
238
241
|
summary: A workflow tool for Puppet Masterless Deployments
|