summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbrian m. carlson <sandals@crustytoothpaste.net>2021-01-01 00:33:38 +0000
committerbrian m. carlson <sandals@crustytoothpaste.net>2021-01-01 00:33:38 +0000
commit47efdbb939c57aee67037a5384e11ad7a91b1cce (patch)
treec53805c2af4fac64716025ea9ea30003a4202959
parentcf350c0399712f101d3bd4e12f7641c1bbff9059 (diff)
Set up separate development and production environmentsenvironments
We're going to want to start to use Hiera, and it's convenient to have separate configuration for production and development environments. Let's adjust our bootstrap script so that it symlinks the environment directory appropriately and remove the absolute path in the manifest declaration in favor of a relative one. Let's also make our puppet container set up the environments before invoking Puppet. Since we need to explicitly specify a section in puppet.conf for this to work, we now have the pleasant side effect that our declared use of SHA-256 is also preferred over MD5. Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
-rw-r--r--docker/Dockerfile.puppet-base2
-rw-r--r--docker/Dockerfile.puppet-puppet13
-rw-r--r--environments/development/environment.conf2
-rw-r--r--environments/development/manifests/site.pp37
l---------environments/development/modules1
-rw-r--r--environments/production/environment.conf2
l---------environments/production/manifests1
-rw-r--r--environments/production/manifests/site.pp (renamed from manifests/site.pp)38
-rwxr-xr-xscript/bootstrap14
9 files changed, 58 insertions, 52 deletions
diff --git a/docker/Dockerfile.puppet-base b/docker/Dockerfile.puppet-base
index 88bdef5..43a9431 100644
--- a/docker/Dockerfile.puppet-base
+++ b/docker/Dockerfile.puppet-base
@@ -21,8 +21,10 @@ RUN \
RUN adduser --disabled-password --gecos "Test User" testuser
RUN printf "%s\n" >>/etc/puppet/puppet.conf \
+ "[main]" \
"digest_algorithm = sha256" \
"confdir = /srv/puppet/puppet.crustytoothpaste.net" \
+ "environment = development" \
"" \
"[agent]" \
"server = puppet"
diff --git a/docker/Dockerfile.puppet-puppet b/docker/Dockerfile.puppet-puppet
index 80dcc4a..34ac752 100644
--- a/docker/Dockerfile.puppet-puppet
+++ b/docker/Dockerfile.puppet-puppet
@@ -4,7 +4,7 @@ ENV DEBIAN_FRONTEND=noninteractive
COPY script/bootstrap /root/bootstrap
-RUN /root/bootstrap --skip-clone --skip-run
+RUN /root/bootstrap --skip-clone --skip-run --environment development
RUN apt-get -y install openssl
@@ -34,21 +34,20 @@ RUN mkdir -p /etc/letsencrypt/archive/crustytoothpaste.net && \
/srv/puppet/puppet-private.crustytoothpaste.net/files/etc/dkimkeys/default.key \
/srv/puppet/puppet-private.crustytoothpaste.net/files/secrets
+COPY environments /srv/puppet/puppet.crustytoothpaste.net/environments/
+COPY modules /srv/puppet/puppet.crustytoothpaste.net/modules/
+
RUN puppet module \
--modulepath \
/srv/puppet/puppet.crustytoothpaste.net/modules:/usr/share/puppet/modules \
install camptocamp-openldap --version 1.18.0
-COPY environments /srv/puppet/puppet.crustytoothpaste.net/environments/
-COPY manifests /srv/puppet/puppet.crustytoothpaste.net/manifests/
-COPY modules /srv/puppet/puppet.crustytoothpaste.net/modules/
-
RUN sed -i -e "s/node 'puppet.dev.crustytoothpaste.net'/node 'default'/" \
- /srv/puppet/puppet.crustytoothpaste.net/manifests/site.pp && \
+ /srv/puppet/puppet.crustytoothpaste.net/environments/development/manifests/site.pp && \
puppet apply --modulepath /srv/puppet/puppet.crustytoothpaste.net/modules:/usr/share/puppet/modules \
/srv/puppet/puppet.crustytoothpaste.net --debug && \
sed -i -e "s/node 'default'/node 'puppet.dev.crustytoothpaste.net'/" \
- /srv/puppet/puppet.crustytoothpaste.net/manifests/site.pp
+ /srv/puppet/puppet.crustytoothpaste.net/environments/development/manifests/site.pp
RUN echo "*.dev.crustytoothpaste.net" >/srv/puppet/puppet.crustytoothpaste.net/autosign.conf
diff --git a/environments/development/environment.conf b/environments/development/environment.conf
new file mode 100644
index 0000000..4cf901e
--- /dev/null
+++ b/environments/development/environment.conf
@@ -0,0 +1,2 @@
+manifest = ./manifests/site.pp
+modulepath = /srv/puppet/puppet.crustytoothpaste.net/modules:$basemodulepath
diff --git a/environments/development/manifests/site.pp b/environments/development/manifests/site.pp
new file mode 100644
index 0000000..ccb692b
--- /dev/null
+++ b/environments/development/manifests/site.pp
@@ -0,0 +1,37 @@
+node 'mx.dev.crustytoothpaste.net' {
+ include crustytoothpaste::role::container
+ include crustytoothpaste::role::server
+ include crustytoothpaste::role::mx
+}
+
+node 'controller.dev.crustytoothpaste.net' {
+ include crustytoothpaste::role::container
+ include crustytoothpaste::role::server
+ include crustytoothpaste::role::nullmail
+ include crustytoothpaste::role::ldap::server::development
+}
+
+node 'controller-replica.dev.crustytoothpaste.net' {
+ include crustytoothpaste::role::container
+ include crustytoothpaste::role::server
+ include crustytoothpaste::role::nullmail
+ include crustytoothpaste::role::ldap::server::development
+}
+
+node 'http.dev.crustytoothpaste.net' {
+ include crustytoothpaste::role::container
+ include crustytoothpaste::role::server
+ include crustytoothpaste::role::nullmail
+ include crustytoothpaste::role::http::user
+ include crustytoothpaste::role::http::authenticated
+ include crustytoothpaste::role::http::ruby
+ include crustytoothpaste::role::http::tls
+ include crustytoothpaste::role::http::main
+}
+
+node 'puppet.dev.crustytoothpaste.net' {
+ include crustytoothpaste::role::container
+ include crustytoothpaste::role::server
+ include crustytoothpaste::role::nullmail
+ include crustytoothpaste::role::puppet::master
+}
diff --git a/environments/development/modules b/environments/development/modules
new file mode 120000
index 0000000..8b0e854
--- /dev/null
+++ b/environments/development/modules
@@ -0,0 +1 @@
+../../modules \ No newline at end of file
diff --git a/environments/production/environment.conf b/environments/production/environment.conf
new file mode 100644
index 0000000..4cf901e
--- /dev/null
+++ b/environments/production/environment.conf
@@ -0,0 +1,2 @@
+manifest = ./manifests/site.pp
+modulepath = /srv/puppet/puppet.crustytoothpaste.net/modules:$basemodulepath
diff --git a/environments/production/manifests b/environments/production/manifests
deleted file mode 120000
index c4c1ce1..0000000
--- a/environments/production/manifests
+++ /dev/null
@@ -1 +0,0 @@
-../../manifests \ No newline at end of file
diff --git a/manifests/site.pp b/environments/production/manifests/site.pp
index 033cd78..ea36c24 100644
--- a/manifests/site.pp
+++ b/environments/production/manifests/site.pp
@@ -46,41 +46,3 @@ node 'union.crustytoothpaste.net' {
include crustytoothpaste::role::puppet::master
include crustytoothpaste::role::ldap::server::production
}
-
-node 'mx.dev.crustytoothpaste.net' {
- include crustytoothpaste::role::container
- include crustytoothpaste::role::server
- include crustytoothpaste::role::mx
-}
-
-node 'puppet.dev.crustytoothpaste.net' {
- include crustytoothpaste::role::container
- include crustytoothpaste::role::server
- include crustytoothpaste::role::nullmail
- include crustytoothpaste::role::puppet::master
-}
-
-node 'controller.dev.crustytoothpaste.net' {
- include crustytoothpaste::role::container
- include crustytoothpaste::role::server
- include crustytoothpaste::role::nullmail
- include crustytoothpaste::role::ldap::server::development
-}
-
-node 'controller-replica.dev.crustytoothpaste.net' {
- include crustytoothpaste::role::container
- include crustytoothpaste::role::server
- include crustytoothpaste::role::nullmail
- include crustytoothpaste::role::ldap::server::development
-}
-
-node 'http.dev.crustytoothpaste.net' {
- include crustytoothpaste::role::container
- include crustytoothpaste::role::server
- include crustytoothpaste::role::nullmail
- include crustytoothpaste::role::http::user
- include crustytoothpaste::role::http::authenticated
- include crustytoothpaste::role::http::ruby
- include crustytoothpaste::role::http::tls
- include crustytoothpaste::role::http::main
-}
diff --git a/script/bootstrap b/script/bootstrap
index 1564387..ac7ca23 100755
--- a/script/bootstrap
+++ b/script/bootstrap
@@ -2,6 +2,7 @@
PUBLIC=/srv/puppet/puppet.crustytoothpaste.net
PRIVATE=/srv/puppet/puppet-private.crustytoothpaste.net
+ENVIRONMENT=production
make_private_dir () {
local dir="$1"
@@ -19,6 +20,9 @@ do
--skip-run)
SKIP_RUN=t;
shift;;
+ --environment)
+ ENVIRONMENT="$2";
+ shift 2;;
*)
break;;
esac
@@ -28,15 +32,13 @@ apt-get update
apt-get -y upgrade
apt-get -y install puppet puppet-master puppet-module-puppetlabs-stdlib git
-mkdir -p /etc/puppet/code/environments/production
-
-printf "%s\n" >/etc/puppet/code/environments/production/environment.conf \
- 'manifest = /srv/puppet/puppet.crustytoothpaste.net/manifests/site.pp' \
- 'modulepath = /srv/puppet/puppet.crustytoothpaste.net/modules:$basemodulepath'
+mkdir -p /etc/puppet/code/
+ln -s /srv/puppet/puppet.crustytoothpaste.net/environments /etc/puppet/code/environments
printf "%s\n" >>/etc/puppet/puppet.conf \
'supported_checksum_algorithm = sha256' \
- 'digest_algorithm = sha256'
+ 'digest_algorithm = sha256' \
+ "environment = $ENVIRONMENT"
make_private_dir "$PRIVATE"