Merge branch 'production' of https://github.com/npwalker/control-repo into merge_npwalker_control_repo

10 files changed, 205 insertions, 0 deletions

diff --git a/site/profile/files/puppetmaster/update-classes.sh b/site/profile/files/puppetmaster/update-classes.sh
new file mode 100644
index 0000000..fc33026
--- /dev/null
+++ b/site/profile/files/puppetmaster/update-classes.sh
@@ -0,0 +1,11 @@
+#https://docs.puppetlabs.com/pe/latest/nc_update_classes.html#post-v1update-classes
+
+CONFDIR=$(puppet master --configprint confdir)
+
+CERT=$(puppet master   --confdir ${CONFDIR} --configprint hostcert)
+CACERT=$(puppet master --confdir ${CONFDIR} --configprint localcacert)
+PRVKEY=$(puppet master --confdir ${CONFDIR} --configprint hostprivkey)
+OPTIONS="--cert ${CERT} --cacert ${CACERT} --key ${PRVKEY}"
+CONSOLE=$(awk '/server: /{print $NF}' ${CONFDIR}/classifier.yaml)
+
+curl -k -X POST ${OPTIONS} "https://${CONSOLE}:4433/classifier-api/v1/update-classes"
diff --git a/site/profile/manifests/base.pp b/site/profile/manifests/base.pp
new file mode 100644
index 0000000..ae85e65
--- /dev/null
+++ b/site/profile/manifests/base.pp
@@ -0,0 +1,5 @@
+class profile::base {
+
+  #the base profile should include component modules that will be on all nodes
+
+}
diff --git a/site/profile/manifests/gitlab.pp b/site/profile/manifests/gitlab.pp
new file mode 100644
index 0000000..72c57e5
--- /dev/null
+++ b/site/profile/manifests/gitlab.pp
@@ -0,0 +1,24 @@
+class profile::gitlab {
+
+  file { ['/etc/gitlab', '/etc/gitlab/ssl'] :
+    ensure => directory,
+  }
+
+  file { "/etc/gitlab/ssl/${::fqdn}.key" :
+    ensure => file,
+    source => "${::settings::privatekeydir}/${::trusted['certname']}.pem",
+    notify => Exec['gitlab_reconfigure'],
+  }
+
+  file { "/etc/gitlab/ssl/${::fqdn}.crt" :
+    ensure => file,
+    source => "${::settings::certdir}/${::trusted['certname']}.pem",
+    notify => Exec['gitlab_reconfigure'],
+  }
+
+  class { 'gitlab':
+    external_url => hiera( 'gms_server_url', "https://${::fqdn}") ,
+    require      => File["/etc/gitlab/ssl/${::fqdn}.key", "/etc/gitlab/ssl/${::fqdn}.key"],
+  }
+
+}
diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp
new file mode 100644
index 0000000..0954807
--- /dev/null
+++ b/site/profile/manifests/puppetmaster.pp
@@ -0,0 +1,73 @@
+class profile::puppetmaster (
+  $webhook_username,
+  $webhook_password
+) {
+
+  class { 'hiera':
+    hierarchy  => [
+      'virtual/%{::virtual}',
+      'nodes/%{::trusted.certname}',
+      'common',
+    ],
+    hiera_yaml => '/etc/puppetlabs/code/hiera.yaml',
+    datadir    => '/etc/puppetlabs/code/environments/%{environment}/hieradata',
+    owner      => 'pe-puppet',
+    group      => 'pe-puppet',
+    notify     => Service['pe-puppetserver'],
+  }
+
+  #BEGIN - Generate an SSH key for r10k to connect to git
+  $r10k_ssh_key_file = '/root/.ssh/r10k_rsa'
+  exec { 'create r10k ssh key' :
+    command => "/usr/bin/ssh-keygen -t rsa -b 2048 -C 'r10k' -f ${r10k_ssh_key_file} -q -N ''",
+    creates => $r10k_ssh_key_file,
+  }
+  #END - Generate an SSH key for r10k to connect to git  
+
+  #BEGIN - Add deploy key and webook to git management system
+  $git_management_system = hiera('git_management_system', '')
+
+  if $git_management_system in ['gitlab', 'github'] {
+
+    git_deploy_key { "add_deploy_key_to_puppet_control-${::fqdn}":
+      ensure       => present,
+      name         => $::fqdn,
+      path         => "${r10k_ssh_key_file}.pub",
+      token        => hiera('gms_api_token'),
+      project_name => 'puppet/control-repo',
+      server_url   => hiera('gms_server_url'),
+      provider     => $git_management_system,
+    }
+  
+    git_webhook { "web_post_receive_webhook-${::fqdn}" :
+      ensure             => present,
+      webhook_url        => "https://${webhook_username}:${webhook_password}@${::fqdn}:8088/payload",
+      token              => hiera('gms_api_token'),
+      project_name       => 'puppet/control-repo',
+      server_url         => hiera('gms_server_url'),
+      provider           => $git_management_system,
+      disable_ssl_verify => true,
+    }
+
+  }
+  #END - Add deploy key and webhook to git management system
+
+  #Lay down update-classes.sh for use in r10k postrun_command
+  #This is configured via the pe_r10k::postrun key in hiera
+  file { '/usr/local/bin/update-classes.sh' :
+    ensure => file,
+    source => 'puppet:///modules/profile/puppetmaster/update-classes.sh',
+    mode   => '0755',
+  }
+
+  #https://docs.puppetlabs.com/puppet/latest/reference/config_file_environment.html#environmenttimeout
+  ini_setting { 'environment_timeout = unlimited':
+    ensure  => present,
+    path    => '/etc/puppetlabs/puppet/puppet.conf',
+    section => 'main',
+    setting => 'environment_timeout',
+    value   => 'unlimited',
+    notify  => Service['pe-puppetserver'],
+  }
+
+}
diff --git a/site/profile/manifests/stash.pp b/site/profile/manifests/stash.pp
new file mode 100644
index 0000000..18b0468
--- /dev/null
+++ b/site/profile/manifests/stash.pp
@@ -0,0 +1,28 @@
+class profile::stash {
+
+  class { 'java' :
+    version => present,
+  } ->
+
+  class { 'postgresql::globals':
+    manage_package_repo => true,
+    version             => '9.4',
+  }->
+  class { 'postgresql::server': } ->
+  
+  postgresql::server::db { 'stash':
+    user     => 'stash',
+    password => postgresql_password('stash', 'password'),
+  } ->
+
+  class { 'stash':
+    javahome  => '/etc/alternatives/java_sdk',
+    #dev.mode grants a 24-hour license for testing
+    java_opts => '-Datlassian.dev.mode=true',
+  }
+
+  file { '/opt/puppetlabs/bin/stash_mco.rb':
+    source => 'puppet:///modules/r10k/stash_mco.rb',
+  }
+
+}
diff --git a/site/profile/manifests/zack_r10k_webhook.pp b/site/profile/manifests/zack_r10k_webhook.pp
new file mode 100644
index 0000000..7e0bd40
--- /dev/null
+++ b/site/profile/manifests/zack_r10k_webhook.pp
@@ -0,0 +1,29 @@
+class profile::zack_r10k_webhook (
+  $username,
+  $password,
+  $use_mcollective = false,
+) {
+
+  if $use_mcollective {
+  
+    class { 'r10k::mcollective':
+      notify  => Service['mcollective'],
+    }
+
+  }
+
+  class {'r10k::webhook::config':
+    enable_ssl      => true,
+    protected       => true,
+    user            => $username,
+    pass            => $password,
+    use_mcollective => $use_mcollective,
+  }
+
+  class {'r10k::webhook':
+    user    => 'root',
+    group   => '0',
+    require => Class['r10k::webhook::config'],
+  }
+
+}
diff --git a/site/role/manifests/all_in_one_pe.pp b/site/role/manifests/all_in_one_pe.pp
new file mode 100644
index 0000000..6bc2eb3
--- /dev/null
+++ b/site/role/manifests/all_in_one_pe.pp
@@ -0,0 +1,16 @@
+class role::all_in_one_pe {
+
+  $webhook_username = hiera('webhook_username', fqdn_rand_string(10, '', 'username'))
+  $webhook_password = hiera('webhook_password', fqdn_rand_string(20, '', 'password'))
+
+  class { 'profile::puppetmaster' :
+    webhook_username => $webhook_username,
+    webhook_password => $webhook_password,
+  }
+
+  class { 'profile::zack_r10k_webhook' :
+    username => $webhook_username,
+    password => $webhook_password,
+  }
+
+}
diff --git a/site/role/manifests/database_server.pp b/site/role/manifests/database_server.pp
new file mode 100644
index 0000000..aacc912
--- /dev/null
+++ b/site/role/manifests/database_server.pp
@@ -0,0 +1,7 @@
+class role::database_server {
+
+  #This role would be made of all the profiles that need to be included to make a database server work
+  #All roles should include the base profile
+  include profile::base
+
+}
diff --git a/site/role/manifests/gitlab.pp b/site/role/manifests/gitlab.pp
new file mode 100644
index 0000000..1f459d6
--- /dev/null
+++ b/site/role/manifests/gitlab.pp
@@ -0,0 +1,5 @@
+class role::gitlab {
+
+  include profile::gitlab
+
+}
diff --git a/site/role/manifests/webserver.pp b/site/role/manifests/webserver.pp
new file mode 100644
index 0000000..314fa55
--- /dev/null
+++ b/site/role/manifests/webserver.pp
@@ -0,0 +1,7 @@
+class role::webserver {
+
+  #This role would be made of all the profiles that need to be included to make a webserver work
+  #All roles should include the base profile
+  include profile::base
+
+}