gibran.hcoop.net is virtual machine at digital ocean that will become our primary afs server

It is named after the author Kahlil Gibran

1. Setup Notes

Or: things that need to go into Puppet

• Volume mounted in /vicepa
• added /opt/puppetlabs/bin/ to root $PATH in .bashrc, should be done in /etc/profile.d/

• removed joe (or at least update-alternatives editor to either vim or emacs...)

• set domain name to hcoop.net manually

• set search hcoop.net in /etc/resolv.conf manually

• root has basic emacs config for puppet-mode and melpa (probably no need to formalize that...)

1.1. todo

• default "cloud-config" system may be active, check license and remove if it is non-free

2. Puppet

2.1. puppetserver

• Installed https://apt.puppetlabs.com/puppet5-release-stretch.deb manually

• Packages: puppetserver, puppet-agent
• added /opt/puppetlabs/bin/ to root $PATH in .bashrc

Puppet git structure (different repos for each): /etc/puppetlabs/puppet, /etc/puppetlabs/code/environments/production, /etc/puppetlabs/modules. Subject to change.

Puppet module structure:

• hcoop
  • server
    • $server (e.g. gibran)
  • service
    • openafs-client

2.2. puppetdb

install guide is weird

• puppet resource package puppetdb ensure=latest puppet resource package puppetdb-termini ensure=latest puppet module install puppetlabs-puppetdb

2.3. installed modules

• puppetlabs-firewall
• puppetlabs-puppetdb
• alexharvey-firewall_multi (says incompatible, but works... enough).

2.4. style guide

Ideas for keeping consistency among admins

• Use firewall_multi for all rules unless it really is ipv4 or ipv6 only, provider is set in defaults and will keep ipv4 and ipv6 firewall in sync
• Should pass puppet-lint (enforce using git hook)
• Inheritance is discouraged? Avoiding it for now
• Files controlled by puppet have comment "Puppet controlled" somewhere near the top