welcome: please sign in

Diff for "ServerGibran"

Differences between revisions 12 and 13
Revision 12 as of 2018-04-08 01:58:53
Size: 2775
Editor: ClintonEbadi
Comment:
Revision 13 as of 2018-04-08 04:30:55
Size: 2812
Editor: ClintonEbadi
Comment:
Deletions are marked like this. Additions are marked like this.
Line 58: Line 58:
 * herculesteam-augeasproviders_pam

gibran.hcoop.net is virtual machine at digital ocean that will become our primary afs server

It is named after the author Kahlil Gibran

1. Setup Notes

Or: things that need to go into Puppet

  • added /opt/puppetlabs/bin/ to root $PATH in .bashrc, should be done in /etc/profile.d/
  • removed joe (or at least update-alternatives editor to either vim or emacs...)

  • set domain name to hcoop.net manually
  • set search hcoop.net in /etc/resolv.conf manually

  • root has basic emacs config for puppet-mode and melpa (probably no need to formalize that...)
  • manually installed libnss-afs

1.1. todo

2. Puppet

2.1. puppetserver

Puppet git structure (different repos for each): /etc/puppetlabs/puppet, /etc/puppetlabs/code/environments/production (excludes modules), /etc/puppetlabs/code/environments/production/modules/hcoop. Subject to change.

Git repos structure and tracking of installed modules will be revisited once we need to set up multiple environments. For now,  /etc/puppetlabs/code/environments/production/modules/hcoop is where all of our code aside from node definitions lives.

Puppet module structure:

  • hcoop
    • server
      • $server (e.g. gibran)
    • service
      • openafs-client

2.2. puppetdb

install guide is weird

  • puppet resource package puppetdb ensure=latest puppet resource package puppetdb-termini ensure=latest puppet module install puppetlabs-puppetdb

2.3. installed modules

  • puppetlabs-firewall
  • puppetlabs-puppetdb
  • alexharvey-firewall_multi (says incompatible, but works... enough).
  • stm-resolv_conf
  • ccin2p3-mit_krb5
  • stm-debconf
  • saz-sudo
  • herculesteam-augeasproviders_pam

2.4. style guide

Ideas for keeping consistency among admins

  • Use firewall_multi for all rules unless it really is ipv4 or ipv6 only, provider is set in defaults and will keep ipv4 and ipv6 firewall in sync
  • Should pass puppet-lint (enforce using git hook) / rspect https://puppet.com/docs/puppet/5.5/style_guide.html

  • Inheritance is discouraged? Avoiding it for now
  • Files controlled by puppet have comment "Puppet controlled" somewhere near the top
  • Some structure to firewall rule numbers
    • Under 100 for core system things that need to go near the beginning
    • Over 900 for core system things that need to go near the end (e.g. jumping to fwtool output chains)

ServerGibran (last edited 2018-04-22 02:02:56 by ClintonEbadi)