Skip to content
/ puppet Public
forked from freifunk-berlin/puppet

puppet configuration for *.berlin.freifunk.net

License

View license
0 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

pmelange/puppet

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

184 Commits
puppet
puppet
 
 
scripts
scripts
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

berlin.freifunk.net puppet deployment scripts

Puppet is a configuration management tool. Please take a look at the puppet documentation before you start.

Tools

We use vagrant and virtualbox for local testing.

We use librarian-puppet to manage the puppet modules in the puppet/modules directory.

Local development and testing

Make sure you have installed vagrant, virtualbox and librarian-puppet.

Change to the puppet directory and install the puppet modules with librarian-puppet from the Puppetfile:

cd puppet
librarian-puppet install

Once you installed the the puppet modules you can use vagrant to start a virtual machine (vm). For example you could start the monitor vm:

vagrant up monitor

To stop a maschine use the halt command, e.g.:

vagrant halt monitor

If you start a machine for the first time vagrant will start all provisioners too. If you want to reprovision the puppet configuration you can use the provision command, e.g.:

vagrant provision monitor

Server deployment

Copy ./scripts/install.sh into the home directory of the root user. Run the script. The script will install all necessary packages and will run puppet once. Make sure the hostname of the machine is correct once you run puppet.

Execute puppet

Use ./scripts/puppet-apply.sh to start a puppet run.

Update puppet modules

To update the puppet modules use librarian-puppet. It's a module/package manager for puppet modules. Make sure you are in the puppet directory:

  cd puppet
  librarian-puppet update
  git add Puppetfile.lock
  git commit -m "update puppet modules"

Common use cases

Update config.local.php of CGP (monitor.berlin.*)

To update the index of our monitoring site you should first clone the berlin-puppet-files repository. Change the index in files/config.local.php. Commit your changes and push the changes.

The next step is to update the puppet modules. berlin-puppet-files is a puppet module that we use in the deploy process. Please follow the instructions in the Update puppet modules section. Make sure you push the changes to the remote machine and execute the update there as well (librarian-puppet update).

Once the modules are updated on the remote machine start a puppet run. Please follow the instructions in the Execute puppet section.

Certificates and private Keys

If you need a private certificate or private key that is part of the deployment process please ask http://github.com/booo for help or contact the mailing list ([email protected]). We keep offline backups of the keys.

Make sure you add the intermediate certs to the cert on deployment.

Check your ssl deployment with ssllabs.

Copy certs and keys to /etc/ssl/{certs, private}.

Additional information can be found in the wiki:

http://wiki.freifunk.net/StartSSL

Security

Please try to deploy secure configurations. Take a look at the bettercrypto project for reference.

About

puppet configuration for *.berlin.freifunk.net

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Puppet 81.0%
  • Ruby 13.3%
  • Shell 5.7%