Skip to content
/ opsec-puppet Public
forked from mozilla/opsec-puppet

OpSec Puppet - $ git clone --recursive git@github.com:mozilla/opsec-puppet.git

1 star 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mpurzynski/opsec-puppet

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

56 Commits
hieradata
hieradata
 
 
manifests
manifests
 
 
modules
modules
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
README.md
README.md
 
 

Repository files navigation

OpSec Puppet

Because OpSec systems need love too...

Bootstrap a node

To puppetize a new EC2 instance, run the following commands:

Centos packages:

sudo yum -y install epel-release && sudo yum -y install puppet

Ubuntu packages:

sudo apt-get update && sudo apt-get -y install puppet && sudo puppet agent --enable

Set the hostname of the instances:

sudo echo "myhostname" > /etc/hostname
sudo echo "1.2.3.4 myhostname.mysubdomain myhostname" >> /etc/hosts
sudo hostname -F /etc/hostname

Bootstrap puppet:

sudo puppet agent --server puppet.use1.opsec.mozilla.com --onetime --no-daemonize --verbose

A cronjob that runs puppet every 30 minutes will be created in /var/spool/cron/root.

Developing using the dev branch

Clone this repository and all its submodules with:

git clone --recursive git@github.com:mozilla/opsec-puppet.git

Work in progress must go into the dev branch. The puppetmaster pull the dev branch every minute into the dev environment. You can then run puppet agent against the dev environment from your node as follow:

puppet agent --test --environment=dev

Once happy with your changes, submit a pull request against the master branch. The master branch is made available as the production (default) environment.

Pin a node to the dev branch

In the node definition in manifests/site.pp, set the $pin_puppet_env to dev:

node /observer-retriever\d+.use1.opsec.mozilla.com/ {
    $pin_puppet_env = "dev"
    include observer::retriever
}

And run puppet agent --test --environment=dev to set the pin. To reset the environment to production, simply unset the pining in site.pp.

Submodules

When including third party modules, it is preferred to insert them as submodules. A submodule can be added with the following command:

** /!\ Note: Only use HTTPS links when adding submodules /!\ **

git submodule add https://github.com/maestrodev/puppet-wget.git modules/wget

You can pull the latest version of a submodule by calling git pull from the submodule directory, or from the root for all submodules with:

git submodule foreach git pull origin master

To remove a submodule, do the following:

git submodule deinit modules/mymodule
git rm --cached modules/mymodule
rm -rf .git/modules/modules/mymodule
git commit -m "removed mymodule" .gitmodules

About

OpSec Puppet - $ git clone --recursive git@github.com:mozilla/opsec-puppet.git

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Puppet 86.6%
  • HTML 13.4%