summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2016-11-05 11:41:46 +0100
committerroot <root@puppet.intra.cacert.org>2016-11-05 11:43:06 +0100
commitbef9c83e74228604c5e7ed46c3e308408b5f6ca6 (patch)
tree997a1c116ae1db03430d8dc9005636e8d08fb882
parent1dad9bcf5c2f3212052ce493b08b1a2af754b7f1 (diff)
downloadcacert-puppet-bef9c83e74228604c5e7ed46c3e308408b5f6ca6.tar.gz
cacert-puppet-bef9c83e74228604c5e7ed46c3e308408b5f6ca6.tar.xz
cacert-puppet-bef9c83e74228604c5e7ed46c3e308408b5f6ca6.zip
Restructure to use r10k
This commit adds metadata to the profiles module, introduces a Puppetfile for r10k and moves site specific modules to its own sitemodules directory.
-rw-r--r--.gitignore1
-rw-r--r--Puppetfile1
-rw-r--r--environment.conf2
-rw-r--r--hieradata/common.yaml2
-rw-r--r--hieradata/nodes/puppet.infra.cacert.org.yaml2
-rw-r--r--hieradata/nodes/svn.infra.cacert.org.yaml2
-rw-r--r--sitemodules/profiles/Gemfile18
-rw-r--r--sitemodules/profiles/README.md83
-rw-r--r--sitemodules/profiles/Rakefile32
-rw-r--r--sitemodules/profiles/examples/init.pp12
-rw-r--r--sitemodules/profiles/files/puppet.init113
-rw-r--r--sitemodules/profiles/manifests/base.pp (renamed from modules/profiles/manifests/base.pp)15
-rw-r--r--sitemodules/profiles/manifests/init.pp (renamed from modules/profiles/manifests/init.pp)0
-rw-r--r--sitemodules/profiles/metadata.json14
-rw-r--r--sitemodules/profiles/profiles_/README.md3
-rw-r--r--sitemodules/profiles/spec/classes/init_spec.rb6
-rw-r--r--sitemodules/profiles/spec/spec_helper.rb1
-rw-r--r--sitemodules/roles/manifests/init.pp (renamed from modules/roles/manifests/init.pp)0
-rw-r--r--sitemodules/roles/manifests/puppetmaster.pp (renamed from modules/roles/manifests/puppetmaster.pp)0
-rw-r--r--sitemodules/roles/manifests/svnserver.pp (renamed from modules/roles/manifests/svnserver.pp)0
20 files changed, 299 insertions, 8 deletions
diff --git a/.gitignore b/.gitignore
index 0c37026..0eae9e7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
keys/private_key.pkcs7.pem
+modules/
diff --git a/Puppetfile b/Puppetfile
new file mode 100644
index 0000000..8b954f1
--- /dev/null
+++ b/Puppetfile
@@ -0,0 +1 @@
+mod 'puppetlabs/stdlib'
diff --git a/environment.conf b/environment.conf
index c39193f..0fb493e 100644
--- a/environment.conf
+++ b/environment.conf
@@ -10,7 +10,7 @@
# Allowed settings and default values:
-# modulepath = ./modules:$basemodulepath
+modulepath = ./sitemodules:./modules:$basemodulepath
# manifest = (default_manifest from puppet.conf, which defaults to ./manifests)
# config_version = (no script; Puppet will use the time the catalog was compiled)
# environment_timeout = (environment_timeout from puppet.conf, which defaults to 0)
diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index b2e666c..1b33a33 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -1,5 +1,5 @@
---
-users:
+profiles::base::users:
jandd:
username: jandd
fullname: Jan Dittberner
diff --git a/hieradata/nodes/puppet.infra.cacert.org.yaml b/hieradata/nodes/puppet.infra.cacert.org.yaml
index f7bc115..02eee27 100644
--- a/hieradata/nodes/puppet.infra.cacert.org.yaml
+++ b/hieradata/nodes/puppet.infra.cacert.org.yaml
@@ -1,5 +1,5 @@
---
classes:
- roles::puppetmaster
-admins:
+profiles::base::admins:
- jandd
diff --git a/hieradata/nodes/svn.infra.cacert.org.yaml b/hieradata/nodes/svn.infra.cacert.org.yaml
index 760c36b..7a66efe 100644
--- a/hieradata/nodes/svn.infra.cacert.org.yaml
+++ b/hieradata/nodes/svn.infra.cacert.org.yaml
@@ -1,6 +1,6 @@
---
classes:
- roles::svnserver
-admins:
+profiles::base::admins:
- jandd
- law
diff --git a/sitemodules/profiles/Gemfile b/sitemodules/profiles/Gemfile
new file mode 100644
index 0000000..4f662dc
--- /dev/null
+++ b/sitemodules/profiles/Gemfile
@@ -0,0 +1,18 @@
+source ENV['GEM_SOURCE'] || 'https://rubygems.org'
+
+puppetversion = ENV.key?('PUPPET_VERSION') ? ENV['PUPPET_VERSION'] : ['>= 3.3']
+gem 'metadata-json-lint'
+gem 'puppet', puppetversion
+gem 'puppetlabs_spec_helper', '>= 1.0.0'
+gem 'puppet-lint', '>= 1.0.0'
+gem 'facter', '>= 1.7.0'
+gem 'rspec-puppet'
+
+# rspec must be v2 for ruby 1.8.7
+if RUBY_VERSION >= '1.8.7' && RUBY_VERSION < '1.9'
+ gem 'rspec', '~> 2.0'
+ gem 'rake', '~> 10.0'
+else
+ # rubocop requires ruby >= 1.9
+ gem 'rubocop'
+end
diff --git a/sitemodules/profiles/README.md b/sitemodules/profiles/README.md
new file mode 100644
index 0000000..25ac564
--- /dev/null
+++ b/sitemodules/profiles/README.md
@@ -0,0 +1,83 @@
+# profiles
+
+#### Table of Contents
+
+1. [Description](#description)
+1. [Setup - The basics of getting started with profiles](#setup)
+ * [What profiles affects](#what-profiles-affects)
+ * [Setup requirements](#setup-requirements)
+ * [Beginning with profiles](#beginning-with-profiles)
+1. [Usage - Configuration options and additional functionality](#usage)
+1. [Reference - An under-the-hood peek at what the module is doing and how](#reference)
+1. [Limitations - OS compatibility, etc.](#limitations)
+1. [Development - Guide for contributing to the module](#development)
+
+## Description
+
+Start with a one- or two-sentence summary of what the module does and/or what
+problem it solves. This is your 30-second elevator pitch for your module.
+Consider including OS/Puppet version it works with.
+
+You can give more descriptive information in a second paragraph. This paragraph
+should answer the questions: "What does this module *do*?" and "Why would I use
+it?" If your module has a range of functionality (installation, configuration,
+management, etc.), this is the time to mention it.
+
+## Setup
+
+### What profiles affects **OPTIONAL**
+
+If it's obvious what your module touches, you can skip this section. For
+example, folks can probably figure out that your mysql_instance module affects
+their MySQL instances.
+
+If there's more that they should know about, though, this is the place to mention:
+
+* A list of files, packages, services, or operations that the module will alter,
+ impact, or execute.
+* Dependencies that your module automatically installs.
+* Warnings or other important notices.
+
+### Setup Requirements **OPTIONAL**
+
+If your module requires anything extra before setting up (pluginsync enabled,
+etc.), mention it here.
+
+If your most recent release breaks compatibility or requires particular steps
+for upgrading, you might want to include an additional "Upgrading" section
+here.
+
+### Beginning with profiles
+
+The very basic steps needed for a user to get the module up and running. This
+can include setup steps, if necessary, or it can be an example of the most
+basic use of the module.
+
+## Usage
+
+This section is where you describe how to customize, configure, and do the
+fancy stuff with your module here. It's especially helpful if you include usage
+examples and code samples for doing things with your module.
+
+## Reference
+
+Here, include a complete list of your module's classes, types, providers,
+facts, along with the parameters for each. Users refer to this section (thus
+the name "Reference") to find specific details; most users don't read it per
+se.
+
+## Limitations
+
+This is where you list OS compatibility, version compatibility, etc. If there
+are Known Issues, you might want to include them under their own heading here.
+
+## Development
+
+Since your module is awesome, other users will want to play with it. Let them
+know what the ground rules for contributing are.
+
+## Release Notes/Contributors/Etc. **Optional**
+
+If you aren't using changelog, put your release notes here (though you should
+consider using changelog). You can also add any additional sections you feel
+are necessary or important to include here. Please use the `## ` header.
diff --git a/sitemodules/profiles/Rakefile b/sitemodules/profiles/Rakefile
new file mode 100644
index 0000000..02609e3
--- /dev/null
+++ b/sitemodules/profiles/Rakefile
@@ -0,0 +1,32 @@
+require 'puppetlabs_spec_helper/rake_tasks'
+require 'puppet-lint/tasks/puppet-lint'
+require 'metadata-json-lint/rake_task'
+
+if RUBY_VERSION >= '1.9'
+ require 'rubocop/rake_task'
+ RuboCop::RakeTask.new
+end
+
+PuppetLint.configuration.send('disable_80chars')
+PuppetLint.configuration.relative = true
+PuppetLint.configuration.ignore_paths = ['spec/**/*.pp', 'pkg/**/*.pp']
+
+desc 'Validate manifests, templates, and ruby files'
+task :validate do
+ Dir['manifests/**/*.pp'].each do |manifest|
+ sh "puppet parser validate --noop #{manifest}"
+ end
+ Dir['spec/**/*.rb', 'lib/**/*.rb'].each do |ruby_file|
+ sh "ruby -c #{ruby_file}" unless ruby_file =~ %r{spec/fixtures}
+ end
+ Dir['templates/**/*.erb'].each do |template|
+ sh "erb -P -x -T '-' #{template} | ruby -c"
+ end
+end
+
+desc 'Run metadata_lint, lint, validate, and spec tests.'
+task :test do
+ [:metadata_lint, :lint, :validate, :spec].each do |test|
+ Rake::Task[test].invoke
+ end
+end
diff --git a/sitemodules/profiles/examples/init.pp b/sitemodules/profiles/examples/init.pp
new file mode 100644
index 0000000..e08ceb7
--- /dev/null
+++ b/sitemodules/profiles/examples/init.pp
@@ -0,0 +1,12 @@
+# The baseline for module testing used by Puppet Labs is that each manifest
+# should have a corresponding test manifest that declares that class or defined
+# type.
+#
+# Tests are then run by using puppet apply --noop (to check for compilation
+# errors and view a log of events) or by fully applying the test in a virtual
+# environment (to compare the resulting system state to the desired state).
+#
+# Learn more about module testing here:
+# https://docs.puppet.com/guides/tests_smoke.html
+#
+include ::profiles
diff --git a/sitemodules/profiles/files/puppet.init b/sitemodules/profiles/files/puppet.init
new file mode 100644
index 0000000..8d909bc
--- /dev/null
+++ b/sitemodules/profiles/files/puppet.init
@@ -0,0 +1,113 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: puppet
+# Required-Start: $network $named $remote_fs $syslog
+# Required-Stop: $network $named $remote_fs $syslog
+# Should-Start: puppet
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+### END INIT INFO
+
+DAEMON=/opt/puppetlabs/puppet/bin/puppet
+DAEMON_OPTS=""
+NAME="agent"
+PROCNAME="puppet"
+DESC="puppet agent"
+PIDFILE="/var/run/puppetlabs/${NAME}.pid"
+
+test -x $DAEMON || exit 0
+
+[ -r /etc/default/puppet ] && . /etc/default/puppet
+
+. /lib/lsb/init-functions
+
+reload_puppet_agent() {
+ start-stop-daemon --stop --quiet --signal HUP --pidfile $PIDFILE --name $PROCNAME
+}
+
+start_puppet_agent() {
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --startas $DAEMON -- $NAME $DAEMON_OPTS
+}
+
+stop_puppet_agent() {
+ start-stop-daemon --stop --retry TERM/10/KILL/5 --quiet --oknodo --pidfile $PIDFILE --name $PROCNAME
+ rm -f "$PIDFILE"
+}
+
+restart_puppet_agent() {
+ log_begin_msg "Restarting $DESC"
+ stop_puppet_agent
+ start_puppet_agent
+ log_end_msg $?
+}
+
+status_puppet_agent() {
+ if (type status_of_proc > /dev/null 2>&1) ; then
+ status_of_proc -p "${PIDFILE}" "${DAEMON}" "${NAME}"
+ else
+ status_of_proc() {
+ local pidfile daemon name status
+
+ pidfile=
+ OPTIND=1
+ while getopts p: opt ; do
+ case "$opt" in
+ p) pidfile="$OPTARG";;
+ esac
+ done
+ shift $(($OPTIND - 1))
+
+ if [ -n "$pidfile" ]; then
+ pidfile="-p $pidfile"
+ fi
+ daemon="$1"
+ name="$2"
+ status="0"
+ pidofproc $pidfile $daemon >/dev/null || status="$?"
+ if [ "$status" = 0 ]; then
+ log_success_msg "$name is running"
+ return 0
+ elif [ "$status" = 4 ]; then
+ log_failure_msg "could not access PID file for $name"
+ return $status
+ else
+ log_failure_msg "$name is not running"
+ return $status
+ fi
+ }
+ status_of_proc -p "${PIDFILE}" "${DAEMON}" "${NAME}"
+ fi
+}
+
+case "$1" in
+ start)
+ log_begin_msg "Starting $DESC"
+ start_puppet_agent
+ log_end_msg $?
+ ;;
+ stop)
+ log_begin_msg "Stopping $DESC"
+ stop_puppet_agent
+ log_end_msg $?
+ ;;
+ reload)
+ log_begin_msg "Reloading $DESC"
+ reload_puppet_agent
+ log_end_msg $?
+ ;;
+ status)
+ status_puppet_agent
+ ;;
+ restart|force-reload)
+ restart_puppet_agent
+ ;;
+ condrestart)
+ if status_puppet_agent >/dev/null 2>&1; then
+ restart_puppet_agent
+ fi
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|status|restart|condrestart|force-reload|reload}" >&2
+ exit 1
+ ;;
+esac
diff --git a/modules/profiles/manifests/base.pp b/sitemodules/profiles/manifests/base.pp
index 044fbdd..bd0a428 100644
--- a/modules/profiles/manifests/base.pp
+++ b/sitemodules/profiles/manifests/base.pp
@@ -1,11 +1,10 @@
class profiles::base (
+ $admins = [],
+ $users = {},
) {
# ensure admin users for this container
- $admins = hiera('admins')
-
$admins.each |String $username| {
- notice("Admin user ${username}")
- $user = hiera('users')[$username]
+ $user = $users[$username]
group { $user['username']:
ensure => present,
} ->
@@ -18,4 +17,12 @@ class profiles::base (
uid => $user['uid'],
}
}
+
+ file { '/etc/init.d/puppet':
+ ensure => file,
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
+ source => 'puppet:///modules/profiles/puppet.init',
+ }
}
diff --git a/modules/profiles/manifests/init.pp b/sitemodules/profiles/manifests/init.pp
index 49f1f51..49f1f51 100644
--- a/modules/profiles/manifests/init.pp
+++ b/sitemodules/profiles/manifests/init.pp
diff --git a/sitemodules/profiles/metadata.json b/sitemodules/profiles/metadata.json
new file mode 100644
index 0000000..711747b
--- /dev/null
+++ b/sitemodules/profiles/metadata.json
@@ -0,0 +1,14 @@
+{
+ "name": "cacert/profiles",
+ "version": "0.1.0",
+ "author": "Jan Dittberner",
+ "summary": "This module provides the CAcert specific profiles.",
+ "license": "GPL-3.0+",
+ "source": "git://git.cacert.org/cacert-puppet.git",
+ "project_page": "https://infradocs.cacert.org/",
+ "issues_url": null,
+ "dependencies": [
+ {"name":"puppetlabs-stdlib","version_requirement":">= 1.0.0 < 5.0.0"}
+ ],
+ "data_provider": "hiera"
+}
diff --git a/sitemodules/profiles/profiles_/README.md b/sitemodules/profiles/profiles_/README.md
new file mode 100644
index 0000000..514b3cc
--- /dev/null
+++ b/sitemodules/profiles/profiles_/README.md
@@ -0,0 +1,3 @@
+# CAcert profiles
+
+This module defines CAcert infrastructure specific profiles.
diff --git a/sitemodules/profiles/spec/classes/init_spec.rb b/sitemodules/profiles/spec/classes/init_spec.rb
new file mode 100644
index 0000000..6bdf019
--- /dev/null
+++ b/sitemodules/profiles/spec/classes/init_spec.rb
@@ -0,0 +1,6 @@
+require 'spec_helper'
+describe 'profiles' do
+ context 'with default values for all parameters' do
+ it { should contain_class('profiles') }
+ end
+end
diff --git a/sitemodules/profiles/spec/spec_helper.rb b/sitemodules/profiles/spec/spec_helper.rb
new file mode 100644
index 0000000..2c6f566
--- /dev/null
+++ b/sitemodules/profiles/spec/spec_helper.rb
@@ -0,0 +1 @@
+require 'puppetlabs_spec_helper/module_spec_helper'
diff --git a/modules/roles/manifests/init.pp b/sitemodules/roles/manifests/init.pp
index 0b8b1a7..0b8b1a7 100644
--- a/modules/roles/manifests/init.pp
+++ b/sitemodules/roles/manifests/init.pp
diff --git a/modules/roles/manifests/puppetmaster.pp b/sitemodules/roles/manifests/puppetmaster.pp
index 9cdc95d..9cdc95d 100644
--- a/modules/roles/manifests/puppetmaster.pp
+++ b/sitemodules/roles/manifests/puppetmaster.pp
diff --git a/modules/roles/manifests/svnserver.pp b/sitemodules/roles/manifests/svnserver.pp
index f744651..f744651 100644
--- a/modules/roles/manifests/svnserver.pp
+++ b/sitemodules/roles/manifests/svnserver.pp