diff options
| -rw-r--r-- | onboarding/puppet.conf.epp | 47 | ||||
| -rw-r--r-- | onboarding/puppet.conf.pp | 10 | ||||
| -rwxr-xr-x | onboarding/puppet.conf.sh | 63 |
3 files changed, 120 insertions, 0 deletions
diff --git a/onboarding/puppet.conf.epp b/onboarding/puppet.conf.epp new file mode 100644 index 0000000..0905f90 --- /dev/null +++ b/onboarding/puppet.conf.epp @@ -0,0 +1,47 @@ +<%# +# vim:syntax=embeddedpuppet +# TO BE USED WITH PUPPET-AGENT.PP IN THE SAME FOLDER, +# for manually kicking off the agent deployment +# Set my_certname for manually determining the node's certname, and/or +# my_dns_alt_names for additional SANs. +# Bear in mind this should be regarded as the absolute bare minimum +# for a working and correct certificate and first run, and OpenVox +# (formerly Puppet) should take over managing this file after the +# first run. +-%> +<% +# If you want to determine the certname manually, do it here. +# If this remains undefined or empty, facts.networking.fqdn will be used. +$my_certname = '' +# This should be a comma separated list of values - it's the same in +# puppet.conf. puppet.conf will not bear the directive if this is empty. +$my_dns_alt_names = '' +# The server you intend to use. Has to be set. +$my_server = 'puppet.example.com' +-%> +# vim:syntax=dosini +# File manually created with Puppet. +# This file can be used to override the default puppet settings. +# See the following links for more details on what settings are available: +# - https://puppet.com/docs/puppet/latest/config_important_settings.html +# - https://puppet.com/docs/puppet/latest/config_about_settings.html +# - https://puppet.com/docs/puppet/latest/config_file_main.html +# - https://puppet.com/docs/puppet/latest/configuration.html +<% +$res_certname = $my_certname ? { + String[1] => $my_certname, + default => $facts['networking']['fqdn'], +} +$res_alt_names = $my_dns_alt_names ? { + String[1] => true, + default => false, +} +-%> +[main] +certname=<%= $res_certname %> +<% if $res_alt_names { -%> +dns_alt_names=<%= $my_dns_alt_names %> +<% } %> +[agent] +server=<%= $my_server %> +runinterval=30m diff --git a/onboarding/puppet.conf.pp b/onboarding/puppet.conf.pp new file mode 100644 index 0000000..97ba9ab --- /dev/null +++ b/onboarding/puppet.conf.pp @@ -0,0 +1,10 @@ +# Manually kick off node agent configuration. +# USE THIS THROUGH PUPPET.CONF.SH IN THIS FOLDER - +# that will ensure the template is underneath /tmp. +file { '/etc/puppetlabs/puppet/puppet.conf': + ensure => file, + content => epp('/tmp/puppet.conf.epp'), + mode => '0644', + owner => 'root', + group => 'root', +} diff --git a/onboarding/puppet.conf.sh b/onboarding/puppet.conf.sh new file mode 100755 index 0000000..ee05858 --- /dev/null +++ b/onboarding/puppet.conf.sh @@ -0,0 +1,63 @@ +#!/usr/bin/env bash + +function myhelp { + printf '\n' + printf '\033[1mUSAGE:\033[0m %b [ -r REMOTEHOST ]\n' "$(basename "$0")" + printf '\n' + ( + printf -- '--help,\n' + printf -- '-h;This help\n' + printf -- '--remote,\n' + printf -- '-r;Execute on remote host instead of localhost.\n' + printf ';Specify REMOTEHOST for rsync+ssh execution (as you would with rsync and ssh).\n' + ) | column -ts\; + printf '\n' +} + +declare EREMOTE=0 RHOST +while [[ $# -gt 0 ]]; do + case "$1" in + '--help'|'-h') + myhelp + exit 0 + ;; + '--remote'|'-r') + EREMOTE=1 + shift + RHOST="$1" + shift + + ;; + *) + myhelp + printf '\033[3m\033[1mWrong parameter:\033[0m "%b"\n' "$1" >&2 + exit 101 + ;; + esac +done +MYDIR="$(cd "$(dirname "$0")" && pwd)" || exit 101 +if [ "$EREMOTE" -gt 0 ]; then + rsync -auP "${MYDIR}/puppet.conf.epp" "${MYDIR}/puppet.conf.pp" "${RHOST}:/tmp/" || exit 110 + ARHOST="$(printf '%b' "$RHOST" | awk -F'@' '{print $NF}')" + printf '\033[3mExecuting "puppet apply" for initial onboarding configuration:\033[0m\n' + ssh "$RHOST" '/usr/bin/sudo puppet apply -t /tmp/puppet.conf.pp' + case "$?" in + 0|2) + printf '\033[3mRunning "puppet agent" once to onboard system:\033[0m\n' + ssh "$RHOST" '/usr/bin/sudo puppet agent -t' + case "$?" in + 0|2) /usr/bin/true ;; + *) exit 112 ;; + esac + ;; + *) + printf '\n\n\033[3m\033[33;1mRun the following commands on %b:\033[0m\n' "$ARHOST" + printf ' • /usr/bin/sudo puppet apply -t /tmp/puppet.conf.pp\n' + printf ' • /usr/bin/sudo puppet agent -t\n\n' + ssh "$RHOST" || exit 111 + ;; + esac +else + cp -vp "${MYDIR}/puppet.conf.epp" "/tmp/" || exit 102 + /usr/bin/sudo puppet apply -t "${MYDIR}/puppet.conf.pp" || exit 103 +fi |