Difference between revisions of "Infrastructure Team/Puppet"

From Sugar Labs
Jump to navigation Jump to search
 
(17 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{TOCright}}
+
Sugar Labs Puppet infrastructure.
  
Sugar Labs Puppet infrastructure.
+
== Modules ==
  
== Run stages ==
+
Puppet modules configure particular services like [[Service/git|git.sugarlabs.org]] or MySQL but not tied to final configurations, they are being configured from [[#Master|puppetmaster]].
  
[http://docs.puppetlabs.com/guides/language_tutorial.html#run_stages Run stages] were introduced in Puppet v2.6. Within Sugar Labs infrastructure there are additional, to default Puppet, stages. All puppet modules should take care about it.
+
All modules are collected as repositories in [http://git.sugarlabs.org/puppets puppets] Gitorious project. Modules might be created from scratch or mirrored from upstream, so, all modules that are used within Sugar Labs are stored in one place. Module repository might have followed branches:
  
Defined stages:
+
* ''master'', development version (might be absent if project is mirrorred from upstream),
 +
* ''production'', version is being used in production,
 +
* ''upstream'', if it is mirrorred project.
  
* ''initialize'' only for high-level initialization on nodes level,
+
Auto generated [http://api.sugarlabs.org/puppets/ documentation].
* ''main'' default Puppet stage to run nodes.
 
  
Module resources should be registered after ''initialize'' stage and might be before ''main'' one.
+
== Master ==
  
== Modules ==
+
Only puppetmaster keeps final configuration for all Sugar Labs services. It is being started in a private git repository on [[Machine/lightwave]], which is a high security machine.
  
Modules are end-usage environment independent blocks to build final configuration. All end-usage configuration happen via class/define/type arguments from out of these modules in the nodes. Modules are stored in vcs.
+
=== Private repository ===
  
=== Low-level ===
+
* {{Code|/var/lib/puppet/etc/puppet.git}}
 +
* {{Code|/var/lib/puppet/etc/puppet}} detached working directory
 +
* {{Code|/etc/puppet}} symlink to detached working directory
 +
* {{Code|/var/lib/puppet/etc/puppet.git/config}}:
  
'''[http://git.sugarlabs.org/projects/puppet-util util]'''<br>
+
[core]
Common infrastructure routines. Module contains only code, not any data.
+
repositoryformatversion = 0
 +
filemode = true
 +
bare = false
 +
sharedRepository = true
 +
logallrefupdates = true
 +
worktree = /etc/puppet
 +
 +
[receive]
 +
denycurrentbranch = ignore
 +
 +
[hooks]
 +
mailinglist = systems-logs@...
 +
emailprefix = "[PUPPET] "
 +
showrev = "git show -C %s; echo"
  
'''[http://git.sugarlabs.org/projects/puppet-firewall firewall]'''<br>
+
* {{Code|/var/lib/puppet/etc/puppet.git/description}}:
High level setup of iptables.
 
  
'''[http://git.sugarlabs.org/projects/puppet-mysql mysql]'''<br>
+
Sugar Labs Puppet configuration
MySQL procedures.
 
  
'''[http://git.sugarlabs.org/projects/puppet-lighttpd lighttpd]'''<br>
+
* {{Code|/var/lib/puppet/etc/puppet.git/hooks/post-receive}}
Lighttpd support.
 
  
'''[http://github.com/reductivelabs/puppet-vcsrepo vcsrepo]'''<br>
+
#!/bin/bash
Version control systems procedures.
+
sh /usr/share/doc/git-core/contrib/hooks/post-receive-email
 +
git checkout -f
 +
for i in $(ls /etc/puppet/manifests/nodes/*.pp); do puppet kick $(basename $i .pp); done
  
=== End applications ===
+
=== Repository hierarchy ===
  
'''[http://git.sugarlabs.org/projects/puppet-supybot supybot]'''<br>
+
Git repository consists of:
Setup supybot IRC bot.
 
  
'''[http://git.sugarlabs.org/projects/puppet-bazaar bazaar]'''<br>
+
* {{Code|manifests/site.pp}}, main recipe which contain common settings and includes nodes.
Maintain bazaar.sugarlabs.org infrastructure.
+
* {{Code|manifests/services/}}, recipes that describes final configuration for particular services.
 +
* {{Code|manifests/nodes/}}, puppetized nodes, configuration for hosts that ask puppetmaster.
 +
* {{Code|modules/}}, git submodules with Puppet [[#Modules|modules]].
  
 
== Nodes ==
 
== Nodes ==
  
''In progress''
+
Hosts that fetch configuration from the [[#Master|puppetmast]] need <code>puppet >= 2.6</code> package.
 +
 
 +
If {{Code|puppet}} was installed from gems, it needs to be initially configured:
 +
 
 +
puppet master --mkusers
 +
 
 +
To complete configuration, execute:
  
End-usage nodes. Configuration settings are tracked by local git repository only since contain private data.
+
puppet agent --no-daemonize --onetime --server puppet.sugarlabs.org
  
=== jita.sugarlabs.org ===
+
Every puppetized host should have particular node file in {{Code|manifests/nodes/<host-name>.pp}} on [[#Master|puppetmaster]].

Latest revision as of 18:17, 1 October 2011

Sugar Labs Puppet infrastructure.

Modules

Puppet modules configure particular services like git.sugarlabs.org or MySQL but not tied to final configurations, they are being configured from puppetmaster.

All modules are collected as repositories in puppets Gitorious project. Modules might be created from scratch or mirrored from upstream, so, all modules that are used within Sugar Labs are stored in one place. Module repository might have followed branches:

  • master, development version (might be absent if project is mirrorred from upstream),
  • production, version is being used in production,
  • upstream, if it is mirrorred project.

Auto generated documentation.

Master

Only puppetmaster keeps final configuration for all Sugar Labs services. It is being started in a private git repository on Machine/lightwave, which is a high security machine.

Private repository

  • /var/lib/puppet/etc/puppet.git
  • /var/lib/puppet/etc/puppet detached working directory
  • /etc/puppet symlink to detached working directory
  • /var/lib/puppet/etc/puppet.git/config:
[core]
repositoryformatversion = 0
filemode = true
bare = false
sharedRepository = true
logallrefupdates = true
worktree = /etc/puppet

[receive]
denycurrentbranch = ignore

[hooks]
mailinglist = systems-logs@...
emailprefix = "[PUPPET] "
showrev = "git show -C %s; echo"
  • /var/lib/puppet/etc/puppet.git/description:
Sugar Labs Puppet configuration
  • /var/lib/puppet/etc/puppet.git/hooks/post-receive
#!/bin/bash
sh /usr/share/doc/git-core/contrib/hooks/post-receive-email
git checkout -f
for i in $(ls /etc/puppet/manifests/nodes/*.pp); do puppet kick $(basename $i .pp); done

Repository hierarchy

Git repository consists of:

  • manifests/site.pp, main recipe which contain common settings and includes nodes.
  • manifests/services/, recipes that describes final configuration for particular services.
  • manifests/nodes/, puppetized nodes, configuration for hosts that ask puppetmaster.
  • modules/, git submodules with Puppet modules.

Nodes

Hosts that fetch configuration from the puppetmast need puppet >= 2.6 package.

If puppet was installed from gems, it needs to be initially configured:

puppet master --mkusers

To complete configuration, execute:

puppet agent --no-daemonize --onetime --server puppet.sugarlabs.org

Every puppetized host should have particular node file in manifests/nodes/<host-name>.pp on puppetmaster.