|
Size: 1394
Comment: more setup
|
Size: 2775
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 9: | Line 9: |
| * Volume mounted in /vicepa | |
| Line 15: | Line 14: |
| * manually installed libnss-afs | |
| Line 19: | Line 19: |
| * looks like it might just be https://help.ubuntu.com/community/CloudInit which would make it acceptable to keep in place | |
| Line 20: | Line 21: |
| === puppet server === | == Puppet == === puppetserver === |
| Line 26: | Line 29: |
| Puppet git structure (different repos for each): /etc/puppetlabs/puppet, /etc/puppetlabs/code/environments/production (excludes modules), /etc/puppetlabs/code/environments/production/modules/hcoop. Subject to change. | |
| Line 28: | Line 31: |
| Puppet git structure (different repos for each): /etc/puppetlabs/puppet, /etc/puppetlabs/code/environments/production, /etc/puppetlabs/modules | Git repos structure and tracking of installed modules will be revisited once we need to set up multiple environments. For now, ` /etc/puppetlabs/code/environments/production/modules/hcoop` is where all of our code aside from node definitions lives. |
| Line 31: | Line 34: |
| Line 37: | Line 41: |
| ==== puppetdb ==== | === puppetdb === |
| Line 44: | Line 48: |
=== installed modules === * puppetlabs-firewall * puppetlabs-puppetdb * alexharvey-firewall_multi (says incompatible, but works... enough). * stm-resolv_conf * ccin2p3-mit_krb5 * stm-debconf * saz-sudo === style guide === Ideas for keeping consistency among admins * Use firewall_multi for all rules unless it really is ipv4 or ipv6 only, provider is set in defaults and will keep ipv4 and ipv6 firewall in sync * Should pass puppet-lint (enforce using git hook) / rspect https://puppet.com/docs/puppet/5.5/style_guide.html * Inheritance is discouraged? Avoiding it for now * Files controlled by puppet have comment "Puppet controlled" somewhere near the top * Some structure to firewall rule numbers * Under 100 for core system things that need to go near the beginning * Over 900 for core system things that need to go near the end (e.g. jumping to fwtool output chains) |
gibran.hcoop.net is virtual machine at digital ocean that will become our primary afs server
It is named after the author Kahlil Gibran
1. Setup Notes
Or: things that need to go into Puppet
- added /opt/puppetlabs/bin/ to root $PATH in .bashrc, should be done in /etc/profile.d/
removed joe (or at least update-alternatives editor to either vim or emacs...)
- set domain name to hcoop.net manually
set search hcoop.net in /etc/resolv.conf manually
- root has basic emacs config for puppet-mode and melpa (probably no need to formalize that...)
- manually installed libnss-afs
1.1. todo
- default "cloud-config" system may be active, check license and remove if it is non-free
looks like it might just be https://help.ubuntu.com/community/CloudInit which would make it acceptable to keep in place
2. Puppet
2.1. puppetserver
Installed https://apt.puppetlabs.com/puppet5-release-stretch.deb manually
- Packages: puppetserver, puppet-agent
- added /opt/puppetlabs/bin/ to root $PATH in .bashrc
Puppet git structure (different repos for each): /etc/puppetlabs/puppet, /etc/puppetlabs/code/environments/production (excludes modules), /etc/puppetlabs/code/environments/production/modules/hcoop. Subject to change.
Git repos structure and tracking of installed modules will be revisited once we need to set up multiple environments. For now, /etc/puppetlabs/code/environments/production/modules/hcoop is where all of our code aside from node definitions lives.
Puppet module structure:
- hcoop
- server
- $server (e.g. gibran)
- service
- openafs-client
- server
2.2. puppetdb
install guide is weird
- puppet resource package puppetdb ensure=latest puppet resource package puppetdb-termini ensure=latest puppet module install puppetlabs-puppetdb
2.3. installed modules
- puppetlabs-firewall
- puppetlabs-puppetdb
- alexharvey-firewall_multi (says incompatible, but works... enough).
- stm-resolv_conf
- ccin2p3-mit_krb5
- stm-debconf
- saz-sudo
2.4. style guide
Ideas for keeping consistency among admins
- Use firewall_multi for all rules unless it really is ipv4 or ipv6 only, provider is set in defaults and will keep ipv4 and ipv6 firewall in sync
Should pass puppet-lint (enforce using git hook) / rspect https://puppet.com/docs/puppet/5.5/style_guide.html
- Inheritance is discouraged? Avoiding it for now
- Files controlled by puppet have comment "Puppet controlled" somewhere near the top
- Some structure to firewall rule numbers
- Under 100 for core system things that need to go near the beginning
- Over 900 for core system things that need to go near the end (e.g. jumping to fwtool output chains)