Difference between revisions of "Infrastructure Team/Puppet"

From Sugar Labs
Jump to navigation Jump to search
 
(13 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{TOCright}}
 
 
 
Sugar Labs Puppet infrastructure.
 
Sugar Labs Puppet infrastructure.
  
 
== Modules ==
 
== Modules ==
  
Modules are end-usage environment independent blocks to build final configuration. All end-usage configuration happen via class/define/type arguments from out of these modules in the nodes. Modules are stored in vcs.
+
Puppet modules configure particular services like [[Service/git|git.sugarlabs.org]] or MySQL but not tied to final configurations, they are being configured from [[#Master|puppetmaster]].
  
=== Low-level ===
+
All modules are collected as repositories in [http://git.sugarlabs.org/puppets puppets] Gitorious project. Modules might be created from scratch or mirrored from upstream, so, all modules that are used within Sugar Labs are stored in one place. Module repository might have followed branches:
  
'''[http://git.sugarlabs.org/projects/puppet-util util]'''
+
* ''master'', development version (might be absent if project is mirrorred from upstream),
[http://git.sugarlabs.org/projects/puppet-util/repos/mainline/blobs/master/README README]<br>
+
* ''production'', version is being used in production,
Common infrastructure routines. Module contains only code, not any data.
+
* ''upstream'', if it is mirrorred project.
  
'''[http://git.sugarlabs.org/projects/puppet-firewall firewall]'''
+
Auto generated [http://api.sugarlabs.org/puppets/ documentation].
[http://git.sugarlabs.org/projects/puppet-firewall/repos/mainline/blobs/master/README README]<br>
 
High level setup of iptables.
 
  
'''[http://git.sugarlabs.org/projects/puppet-mysql mysql]'''
+
== Master ==
[http://git.sugarlabs.org/projects/puppet-mysql/repos/mainline/blobs/master/README README]<br>
 
MySQL procedures.
 
  
'''[http://git.sugarlabs.org/projects/puppet-lighttpd lighttpd]'''
+
Only puppetmaster keeps final configuration for all Sugar Labs services. It is being started in a private git repository on [[Machine/lightwave]], which is a high security machine.
[http://git.sugarlabs.org/projects/puppet-lighttpd/repos/mainline/blobs/master/README README]<br>
 
Lighttpd support.
 
  
'''[http://github.com/alsroot/puppet-vcsrepo vcsrepo]'''
+
=== Private repository ===
[http://github.com/reductivelabs/puppet-vcsrepo/raw/master/README.GIT.markdown README]<br>
 
Version control systems procedures.
 
  
'''[http://git.sugarlabs.org/projects/puppet-memcached memcached]'''
+
* {{Code|/var/lib/puppet/etc/puppet.git}}
[http://git.sugarlabs.org/projects/puppet-memcached/repos/mainline/blobs/master/README README]<br>
+
* {{Code|/var/lib/puppet/etc/puppet}} detached working directory
Setup memcached.
+
* {{Code|/etc/puppet}} symlink to detached working directory
 +
* {{Code|/var/lib/puppet/etc/puppet.git/config}}:
  
=== End applications ===
+
[core]
 +
repositoryformatversion = 0
 +
filemode = true
 +
bare = false
 +
sharedRepository = true
 +
logallrefupdates = true
 +
worktree = /etc/puppet
 +
 +
[receive]
 +
denycurrentbranch = ignore
 +
 +
[hooks]
 +
mailinglist = systems-logs@...
 +
emailprefix = "[PUPPET] "
 +
showrev = "git show -C %s; echo"
  
'''[http://git.sugarlabs.org/projects/puppet-supybot supybot]'''
+
* {{Code|/var/lib/puppet/etc/puppet.git/description}}:
[http://git.sugarlabs.org/projects/puppet-supybot/repos/mainline/blobs/master/README README]<br>
 
Setup supybot IRC bot.
 
  
'''[http://git.sugarlabs.org/projects/puppet-bazaar bazaar]'''
+
Sugar Labs Puppet configuration
[http://git.sugarlabs.org/projects/puppet-bazaar/repos/mainline/blobs/master/README README]<br>
+
 
Maintain bazaar.sugarlabs.org infrastructure.
+
* {{Code|/var/lib/puppet/etc/puppet.git/hooks/post-receive}}
 +
 
 +
#!/bin/bash
 +
sh /usr/share/doc/git-core/contrib/hooks/post-receive-email
 +
git checkout -f
 +
for i in $(ls /etc/puppet/manifests/nodes/*.pp); do puppet kick $(basename $i .pp); done
 +
 
 +
=== Repository hierarchy ===
 +
 
 +
Git repository consists of:
 +
 
 +
* {{Code|manifests/site.pp}}, main recipe which contain common settings and includes nodes.
 +
* {{Code|manifests/services/}}, recipes that describes final configuration for particular services.
 +
* {{Code|manifests/nodes/}}, puppetized nodes, configuration for hosts that ask puppetmaster.
 +
* {{Code|modules/}}, git submodules with Puppet [[#Modules|modules]].
  
 
== Nodes ==
 
== Nodes ==
  
''In progress''
+
Hosts that fetch configuration from the [[#Master|puppetmast]] need <code>puppet >= 2.6</code> package.
 +
 
 +
If {{Code|puppet}} was installed from gems, it needs to be initially configured:
 +
 
 +
puppet master --mkusers
 +
 
 +
To complete configuration, execute:
  
End-usage nodes. Configuration settings are tracked by local git repository only since contain private data.
+
puppet agent --no-daemonize --onetime --server puppet.sugarlabs.org
  
=== jita.sugarlabs.org ===
+
Every puppetized host should have particular node file in {{Code|manifests/nodes/<host-name>.pp}} on [[#Master|puppetmaster]].

Latest revision as of 18:17, 1 October 2011

Sugar Labs Puppet infrastructure.

Modules

Puppet modules configure particular services like git.sugarlabs.org or MySQL but not tied to final configurations, they are being configured from puppetmaster.

All modules are collected as repositories in puppets Gitorious project. Modules might be created from scratch or mirrored from upstream, so, all modules that are used within Sugar Labs are stored in one place. Module repository might have followed branches:

  • master, development version (might be absent if project is mirrorred from upstream),
  • production, version is being used in production,
  • upstream, if it is mirrorred project.

Auto generated documentation.

Master

Only puppetmaster keeps final configuration for all Sugar Labs services. It is being started in a private git repository on Machine/lightwave, which is a high security machine.

Private repository

  • /var/lib/puppet/etc/puppet.git
  • /var/lib/puppet/etc/puppet detached working directory
  • /etc/puppet symlink to detached working directory
  • /var/lib/puppet/etc/puppet.git/config:
[core]
repositoryformatversion = 0
filemode = true
bare = false
sharedRepository = true
logallrefupdates = true
worktree = /etc/puppet

[receive]
denycurrentbranch = ignore

[hooks]
mailinglist = systems-logs@...
emailprefix = "[PUPPET] "
showrev = "git show -C %s; echo"
  • /var/lib/puppet/etc/puppet.git/description:
Sugar Labs Puppet configuration
  • /var/lib/puppet/etc/puppet.git/hooks/post-receive
#!/bin/bash
sh /usr/share/doc/git-core/contrib/hooks/post-receive-email
git checkout -f
for i in $(ls /etc/puppet/manifests/nodes/*.pp); do puppet kick $(basename $i .pp); done

Repository hierarchy

Git repository consists of:

  • manifests/site.pp, main recipe which contain common settings and includes nodes.
  • manifests/services/, recipes that describes final configuration for particular services.
  • manifests/nodes/, puppetized nodes, configuration for hosts that ask puppetmaster.
  • modules/, git submodules with Puppet modules.

Nodes

Hosts that fetch configuration from the puppetmast need puppet >= 2.6 package.

If puppet was installed from gems, it needs to be initially configured:

puppet master --mkusers

To complete configuration, execute:

puppet agent --no-daemonize --onetime --server puppet.sugarlabs.org

Every puppetized host should have particular node file in manifests/nodes/<host-name>.pp on puppetmaster.