commit 7f818e3c31fbb0a4bcdee0e13c9a0037581f5e65 Author: Kris Lamoureux Date: Wed Jan 9 15:48:17 2019 -0500 Setup Puppet Environment Ansible sets up a puppet master and puppet agent on two virtual machines with a hello world puppet application. diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..9f6435d --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +.vagrant +*.retry + diff --git a/Vagrantfile b/Vagrantfile new file mode 100644 index 0000000..6e101aa --- /dev/null +++ b/Vagrantfile @@ -0,0 +1,41 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +Vagrant.configure("2") do |config| + + # Disable default syncing of the project directory + config.vm.synced_folder ".", "/vagrant", disabled: true + + # Puppet Master + config.vm.define "master" do |master| + master.vm.box = "debian/stretch64" + master.vm.hostname = "puppetmaster" + master.vm.network 'private_network', ip: '192.168.121.100' + + # Setup Puppet Master via Ansible + master.vm.provision "ansible" do |ansible| + ansible.compatibility_mode = "2.0" + ansible.playbook = "setup/master.yml" + end + + # Sync Puppet code to Puppet Master + master.vm.synced_folder "./code", "/etc/puppet/code" + + end + + # Puppet Agent + config.vm.define "webserv" do |webserv| + webserv.vm.box = "debian/stretch64" + webserv.vm.hostname = "webserver" + webserv.vm.network 'private_network', ip: '192.168.121.101' + + # Setup Puppet Agent via Ansible + webserv.vm.provision "ansible" do |ansible| + ansible.compatibility_mode = "2.0" + ansible.playbook = "setup/client.yml" + end + + end + +end + diff --git a/code/environments/production/manifests/site.pp b/code/environments/production/manifests/site.pp new file mode 100644 index 0000000..e8b79fa --- /dev/null +++ b/code/environments/production/manifests/site.pp @@ -0,0 +1,3 @@ +node 'webserver' { + notify { 'Hello Puppet!': } +} diff --git a/setup/client.yml b/setup/client.yml new file mode 100644 index 0000000..3da8d15 --- /dev/null +++ b/setup/client.yml @@ -0,0 +1,6 @@ +- hosts: all + become: yes + roles: + - common + - client + diff --git a/setup/master.yml b/setup/master.yml new file mode 100644 index 0000000..ef595ea --- /dev/null +++ b/setup/master.yml @@ -0,0 +1,6 @@ +- hosts: all + become: yes + roles: + - common + - server + diff --git a/setup/roles/client/tasks/main.yml b/setup/roles/client/tasks/main.yml new file mode 100644 index 0000000..fcd6411 --- /dev/null +++ b/setup/roles/client/tasks/main.yml @@ -0,0 +1,26 @@ +- name: Install Puppet Agent + apt: name=puppet state=present + register: agent_install + +- name: Deploy puppet.conf + template: + src: puppet.conf.j2 + dest: /etc/puppet/puppet.conf + +- name: Start Puppet + service: name=puppet state=started + +- name: Wait for Puppet Master + wait_for: + host: puppet + port: 8140 + delay: 10 + when: agent_install.changed + +- name: Request Puppet Master + command: puppet agent -t + register: send_csr + failed_when: send_csr.rc > 1 + when: agent_install.changed + become_user: vagrant + diff --git a/setup/roles/client/templates/puppet.conf.j2 b/setup/roles/client/templates/puppet.conf.j2 new file mode 100644 index 0000000..e159544 --- /dev/null +++ b/setup/roles/client/templates/puppet.conf.j2 @@ -0,0 +1,6 @@ +[main] +ssldir = /var/lib/puppet/ssl + +[agent] +server = puppet + diff --git a/setup/roles/common/tasks/main.yml b/setup/roles/common/tasks/main.yml new file mode 100644 index 0000000..9f95874 --- /dev/null +++ b/setup/roles/common/tasks/main.yml @@ -0,0 +1,14 @@ +# vi uses elvis-tiny on Debian. vim is better. +- name: Install VIM + apt: name=vim state=present + +- name: Lock Puppet Version + template: + src: 00-puppet.pref.j2 + dest: /etc/apt/preferences.d/00-puppet.pref + +- name: Deploy hosts file + template: + src: hosts.j2 + dest: /etc/hosts + diff --git a/setup/roles/common/templates/00-puppet.pref.j2 b/setup/roles/common/templates/00-puppet.pref.j2 new file mode 100644 index 0000000..0f257b0 --- /dev/null +++ b/setup/roles/common/templates/00-puppet.pref.j2 @@ -0,0 +1,4 @@ +Package: puppet puppetmaster +Pin: version 4.8* +Pin-Priority: 501 + diff --git a/setup/roles/common/templates/hosts.j2 b/setup/roles/common/templates/hosts.j2 new file mode 100644 index 0000000..2590626 --- /dev/null +++ b/setup/roles/common/templates/hosts.j2 @@ -0,0 +1,11 @@ +127.0.0.1 localhost +127.0.1.1 {{ ansible_hostname }} + +# The following lines are desirable for IPv6 capable hosts +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + +192.168.121.100 puppet +192.168.121.101 webserver + diff --git a/setup/roles/server/tasks/main.yml b/setup/roles/server/tasks/main.yml new file mode 100644 index 0000000..f7cf285 --- /dev/null +++ b/setup/roles/server/tasks/main.yml @@ -0,0 +1,22 @@ +- name: Install Puppet Master + apt: name=puppetmaster state=present + register: pup_install + +- name: Install NTP + apt: name=ntp state=present + register: ntp_status + +- name: Restart NTP + service: name=ntp state=restarted + when: ntp_status.changed + +- name: Wait for Webserver Key + wait_for: + path: /var/lib/puppet/ssl/ca/requests/webserver.pem + when: pup_install.changed + +- name: Sign Webserver Key + command: puppet cert sign webserver + args: + removes: /var/lib/puppet/ssl/ca/requests/webserver.pem +