diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 000000000..9032a014a --- /dev/null +++ b/.gitattributes @@ -0,0 +1,5 @@ +*.rb eol=lf +*.erb eol=lf +*.pp eol=lf +*.sh eol=lf +*.epp eol=lf diff --git a/.gitignore b/.gitignore index 6dd2fdac1..bd9fa9206 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,27 @@ -hieradata/nodes/example-puppet-master.yaml -Gemfile.lock -_site/* -.onceover/* +.git/ +.vscode +.*.sw[op] +.metadata +.vscode +.onceover +.yardoc +.yardwarns +*.iml +/.bundle/ +/.idea/ +/.vagrant/ +/coverage/ +/bin/ +/doc/ +/Gemfile.local +/Gemfile.lock +/junit/ +/log/ +/pkg/ +/spec/fixtures/manifests/ +/spec/fixtures/modules/ +/tmp/ +/vendor/ +/convert_report.txt +/update_report.txt +.DS_Store diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 000000000..4fae77578 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,33 @@ +--- +stages: + - syntax + - unit + +cache: + paths: + - vendor/bundle + +before_script: + - bundle -v + - rm Gemfile.lock || true + - gem --version + - gem update --system + - bundle -v + - bundle install --without system_tests --path vendor/bundle --jobs $(nproc) + +syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop-Ruby 2.4.4-Puppet ~> 5.5: + stage: syntax + image: ruby:2.4.4 + script: + - bundle exec rake syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop + variables: + PUPPET_GEM_VERSION: '~> 5.5' + +parallel_onceover-Ruby 2.4.4-Puppet ~> 5.5: + stage: unit + image: ruby:2.4.4 + script: + - bundle exec onceover run spec + variables: + PUPPET_GEM_VERSION: '~> 5.5' + diff --git a/.pdkignore b/.pdkignore new file mode 100644 index 000000000..650022e58 --- /dev/null +++ b/.pdkignore @@ -0,0 +1,24 @@ +.git/ +.*.sw[op] +.metadata +.yardoc +.yardwarns +*.iml +/.bundle/ +/.idea/ +/.vagrant/ +/coverage/ +/bin/ +/doc/ +/Gemfile.local +/Gemfile.lock +/junit/ +/log/ +/pkg/ +/spec/fixtures/manifests/ +/spec/fixtures/modules/ +/tmp/ +/vendor/ +/convert_report.txt +/update_report.txt +.DS_Store diff --git a/.rspec b/.rspec new file mode 100644 index 000000000..16f9cdb01 --- /dev/null +++ b/.rspec @@ -0,0 +1,2 @@ +--color +--format documentation diff --git a/.rubocop.yml b/.rubocop.yml new file mode 100644 index 000000000..f5a6c2a41 --- /dev/null +++ b/.rubocop.yml @@ -0,0 +1,122 @@ +--- +require: rubocop-rspec +AllCops: + DisplayCopNames: true + TargetRubyVersion: '2.1' + Include: + - "./**/*.rb" + Exclude: + - bin/* + - ".vendor/**/*" + - "**/Gemfile" + - "**/Rakefile" + - pkg/**/* + - spec/fixtures/**/* + - vendor/**/* + - "**/Puppetfile" + - "**/Vagrantfile" + - "**/Guardfile" +Metrics/LineLength: + Description: People have wide screens, use them. + Max: 200 +GetText/DecorateString: + Description: We don't want to decorate test output. + Exclude: + - spec/* +RSpec/BeforeAfterAll: + Description: Beware of using after(:all) as it may cause state to leak between tests. + A necessary evil in acceptance testing. + Exclude: + - spec/acceptance/**/*.rb +RSpec/HookArgument: + Description: Prefer explicit :each argument, matching existing module's style + EnforcedStyle: each +Style/BlockDelimiters: + Description: Prefer braces for chaining. Mostly an aesthetical choice. Better to + be consistent then. + EnforcedStyle: braces_for_chaining +Style/ClassAndModuleChildren: + Description: Compact style reduces the required amount of indentation. + EnforcedStyle: compact +Style/EmptyElse: + Description: Enforce against empty else clauses, but allow `nil` for clarity. + EnforcedStyle: empty +Style/FormatString: + Description: Following the main puppet project's style, prefer the % format format. + EnforcedStyle: percent +Style/FormatStringToken: + Description: Following the main puppet project's style, prefer the simpler template + tokens over annotated ones. + EnforcedStyle: template +Style/Lambda: + Description: Prefer the keyword for easier discoverability. + EnforcedStyle: literal +Style/RegexpLiteral: + Description: Community preference. See https://github.com/voxpupuli/modulesync_config/issues/168 + EnforcedStyle: percent_r +Style/TernaryParentheses: + Description: Checks for use of parentheses around ternary conditions. Enforce parentheses + on complex expressions for better readability, but seriously consider breaking + it up. + EnforcedStyle: require_parentheses_when_complex +Style/TrailingCommaInArguments: + Description: Prefer always trailing comma on multiline argument lists. This makes + diffs, and re-ordering nicer. + EnforcedStyleForMultiline: comma +Style/TrailingCommaInLiteral: + Description: Prefer always trailing comma on multiline literals. This makes diffs, + and re-ordering nicer. + EnforcedStyleForMultiline: comma +Style/SymbolArray: + Description: Using percent style obscures symbolic intent of array's contents. + EnforcedStyle: brackets +RSpec/MessageSpies: + EnforcedStyle: receive +Style/Documentation: + Exclude: + - lib/puppet/parser/functions/**/* + - spec/**/* +Style/WordArray: + EnforcedStyle: brackets +Style/CollectionMethods: + Enabled: true +Style/MethodCalledOnDoEndBlock: + Enabled: true +Style/StringMethods: + Enabled: true +Layout/EndOfLine: + Enabled: false +Layout/IndentHeredoc: + Enabled: false +Metrics/AbcSize: + Enabled: false +Metrics/BlockLength: + Enabled: false +Metrics/ClassLength: + Enabled: false +Metrics/CyclomaticComplexity: + Enabled: false +Metrics/MethodLength: + Enabled: false +Metrics/ModuleLength: + Enabled: false +Metrics/ParameterLists: + Enabled: false +Metrics/PerceivedComplexity: + Enabled: false +RSpec/DescribeClass: + Enabled: false +RSpec/ExampleLength: + Enabled: false +RSpec/MessageExpectation: + Enabled: false +RSpec/MultipleExpectations: + Enabled: false +RSpec/NestedGroups: + Enabled: false +Style/AsciiComments: + Enabled: false +Style/IfUnlessModifier: + Enabled: false +Style/SymbolProc: + Enabled: false diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 000000000..cd1cea768 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,44 @@ +--- +sudo: false +dist: trusty +language: ruby +cache: bundler +before_install: + - bundle -v + - rm -f Gemfile.lock + - gem update --system + - gem --version + - bundle -v + - bundle install --path vendor/bundle --jobs $(nproc) +script: + - 'bundle exec rake $CHECK' +bundler_args: --without system_tests +rvm: + - 2.5.1 +env: + global: + - BEAKER_PUPPET_COLLECTION=puppet6 PUPPET_GEM_VERSION="~> 6.0" +matrix: + fast_finish: true + include: + - + env: CHECK="syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop" + - + env: CHECK=parallel_spec + - + env: PUPPET_GEM_VERSION="~> 5.0" CHECK=parallel_spec + rvm: 2.4.4 + - + env: PUPPET_GEM_VERSION="~> 4.0" CHECK=parallel_spec + rvm: 2.1.9 + - + env: PUPPET_GEM_VERSION="~> 5.5" CHECK=parallel_onceover + script: + - bundle exec onceover run spec + rvm: 2.4.4 +branches: + only: + - master + - /^v\d/ +notifications: + email: false diff --git a/.yardopts b/.yardopts new file mode 100644 index 000000000..29c933bcf --- /dev/null +++ b/.yardopts @@ -0,0 +1 @@ +--markup markdown diff --git a/Gemfile b/Gemfile new file mode 100644 index 000000000..992602822 --- /dev/null +++ b/Gemfile @@ -0,0 +1,74 @@ +source ENV['GEM_SOURCE'] || 'https://rubygems.org' + +def location_for(place_or_version, fake_version = nil) + git_url_regex = %r{\A(?(https?|git)[:@][^#]*)(#(?.*))?} + file_url_regex = %r{\Afile:\/\/(?.*)} + + if place_or_version && (git_url = place_or_version.match(git_url_regex)) + [fake_version, { git: git_url[:url], branch: git_url[:branch], require: false }].compact + elsif place_or_version && (file_url = place_or_version.match(file_url_regex)) + ['>= 0', { path: File.expand_path(file_url[:path]), require: false }] + else + [place_or_version, { require: false }] + end +end + +ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments +minor_version = ruby_version_segments[0..1].join('.') + +group :development do + gem "fast_gettext", '1.1.0', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0') + gem "fast_gettext", require: false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0') + gem "json_pure", '<= 2.0.1', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0') + gem "json", '= 1.8.2', require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.1.9') + gem "json", '<= 2.0.4', require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.4.4') + gem "puppet-module-posix-default-r#{minor_version}", require: false, platforms: [:ruby] + gem "puppet-module-posix-dev-r#{minor_version}", require: false, platforms: [:ruby] + gem "puppet-module-win-default-r#{minor_version}", require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "puppet-module-win-dev-r#{minor_version}", require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "onceover" + gem "hiera-eyaml" +end + +puppet_version = ENV['PUPPET_GEM_VERSION'] +onceover_version = ENV['ONCEOVER_GEM_VERSION'] +facter_version = ENV['FACTER_GEM_VERSION'] +hiera_version = ENV['HIERA_GEM_VERSION'] + +gems = {} + +gems['puppet'] = location_for(puppet_version) + +# If facter or hiera versions have been specified via the environment +# variables + +gems['onceover'] = location_for(onceover_version) if onceover_version +gems['facter'] = location_for(facter_version) if facter_version +gems['hiera'] = location_for(hiera_version) if hiera_version + +if Gem.win_platform? && puppet_version =~ %r{^(file:///|git://)} + # If we're using a Puppet gem on Windows which handles its own win32-xxx gem + # dependencies (>= 3.5.0), set the maximum versions (see PUP-6445). + gems['win32-dir'] = ['<= 0.4.9', require: false] + gems['win32-eventlog'] = ['<= 0.6.5', require: false] + gems['win32-process'] = ['<= 0.7.5', require: false] + gems['win32-security'] = ['<= 0.2.5', require: false] + gems['win32-service'] = ['0.8.8', require: false] +end + +gems.each do |gem_name, gem_params| + gem gem_name, *gem_params +end + +# Evaluate Gemfile.local and ~/.gemfile if they exist +extra_gemfiles = [ + "#{__FILE__}.local", + File.join(Dir.home, '.gemfile'), +] + +extra_gemfiles.each do |gemfile| + if File.file?(gemfile) && File.readable?(gemfile) + eval(File.read(gemfile), binding) + end +end +# vim: syntax=ruby diff --git a/Puppetfile b/Puppetfile index e3711bcdc..5f2448f5f 100644 --- a/Puppetfile +++ b/Puppetfile @@ -1,25 +1,45 @@ forge "http://forge.puppetlabs.com" -# Modules from the Puppet Forge -# Further examples: https://github.com/puppetlabs/r10k/blob/master/doc/puppetfile.mkd#forge-1 -mod "puppetlabs/inifile", '1.6.0' -mod "puppetlabs/stdlib", '4.16.0' -mod "puppetlabs/concat", '2.2.1' -mod "puppet/hiera", '2.4.0' -mod "npwalker/pe_code_manager_webhook", '2.0.1' -mod "npwalker/pe_metric_curl_cron_jobs", '4.0.0' +mod "puppetlabs/inifile", '1.6.0' +mod 'puppetlabs-stdlib', '4.24.0' +mod 'puppetlabs-tomcat', '2.4.0' +mod 'puppetlabs-java', '3.2.0' +mod 'puppetlabs-chocolatey', '3.1.0' +mod 'puppetlabs-iis', '4.5.0' +mod 'puppet-archive', '3.2.1' +mod 'puppet-hiera', '3.3.4' +mod 'saz-ssh', '4.0.0' +mod 'saz-resolv_conf', '3.3.0' +mod 'icinga-icinga2', '1.3.7' +mod 'puppetlabs-concat', '4.2.1' +mod 'puppetlabs-motd', '3.1.0' -# Modules from Github using various references -# Further examples: https://github.com/puppetlabs/r10k/blob/master/doc/puppetfile.mkd#examples -# update the tag to the most current release when implementing -#mod 'pe_code_manager_webhook', -# :git => 'https://github.com/npwalker/pe_code_manager_webhook', -# :ref => '9e167154b146901d7cfd3e67dc70e984796da03f' +mod 'puppetlabs-dsc', '1.7.0' +mod 'puppetlabs-reboot', '2.0.0' +mod 'puppet-windows_env', '3.2.0' +mod 'cyberious-pget', '1.1.0' +mod 'cyberious-windows_java', '1.0.2' +# These modules are to assist in securing the os's +mod 'autostructure-secure_windows', '1.0.5' +mod 'ayohrling-local_security_policy', '0.6.1' +mod 'autostructure-auditpol', '1.0.0' +mod 'puppetlabs-acl', '2.1.0' +mod 'puppetlabs-registry', '2.1.0' +mod 'puppet-windowsfeature', '3.2.2' +mod 'autostructure-applocker', '1.0.0' +mod 'puppet-sslcertificate', '3.4.0' +mod 'ipcrm-registry_acl', '0.0.6' +mod 'puppetlabs-powershell', '2.3.0' +mod 'puppet-windows_firewall', '2.0.2' +mod 'autostructure-ad_acl', '1.0.0' -mod 'gms', - :git => 'https://github.com/abrader/abrader-gms', - :ref => 'a5105e95cf0f8b84a143d7a69a83e3ff3d4e02fb' +mod 'hardening-os_hardening', '2.2.6' +mod 'herculesteam-augeasproviders_sysctl', '2.3.1' +mod 'herculesteam-augeasproviders_core', '2.5.0' -mod 'pltraining-rbac', - :git => 'https://github.com/puppetlabs/pltraining-rbac', - :ref => '9a823ff42810988f80a2b65738054a816620d972' +#This is for fastb_database +mod 'puppetlabs-translate', '2.0.0' +mod 'puppetlabs-mysql', '10.1.0' + +#mod 'tomcat', +# git: 'https://github.com/spidersddd/puppetlabs-tomcat' diff --git a/README-control_repo.md b/README-control_repo.md new file mode 100644 index 000000000..62c56dd1c --- /dev/null +++ b/README-control_repo.md @@ -0,0 +1,119 @@ +# A Puppet Control Repository + +* [What You Get From This control\-repo](#what-you-get-from-this-control-repo) +* [Copy This Repo Into Your Own Git Server](#copy-this-repo-into-your-own-git-server) + * [GitLab](#gitlab) + * [Bitbucket/Stash](#bitbucketstash) + * [Github](#github) +* [Code Manager Setup](#code-manager-setup) + + +## What You Get From This control-repo + +This is a template [control repository](https://puppet.com/docs/pe/latest/code_management/control_repo.html) that has the minimum amount of scaffolding to make it easy to get started with [r10k](https://puppet.com/docs/pe/latest/code_management/r10k.html) or Puppet Enterprise's [Code Manager](https://puppet.com/docs/pe/latest/code_management/code_mgr.html). + +The important files and items in this template are as follows: + +* Basic example of roles and profiles. +* An example Puppetfile with various module references. +* An example Hiera configuration file and data directory with pre-created common.yaml and nodes directory. + * These match the default hierarchy that ships with PE. +* An [environment.conf](https://puppet.com/docs/puppet/5.3/config_file_environment.html) that correctly implements: + * A site directory for roles, profiles, and any custom modules for your organization. + * A config\_version script. +* An example [config\_version](https://puppet.com/docs/puppet/5.3/config_file_environment.html#configversion) script that outputs the git commit ID of the code that was used during a Puppet run. + +Here's a visual representation of the structure of this repository: + +``` +control-repo/ +├── data/ # Hiera data directory. +│   ├── nodes/ # Node-specific data goes here. +│   └── common.yaml # Common data goes here. +├── manifests/ +│   └── site.pp # The "main" manifest that contains a default node definition. +├── scripts/ +│   ├── code_manager_config_version.rb # A config_version script for Code Manager. +│   ├── config_version.rb # A config_version script for r10k. +│   └── config_version.sh # A wrapper that chooses the appropriate config_version script. +├── site/ # This directory contains site-specific modules and is added to $modulepath. +│   ├── profile/ # The profile module. +│   └── role/ # The role module. +├── LICENSE +├── Puppetfile # A list of external Puppet modules to deploy with an environment. +├── README.md +├── environment.conf # Environment-specific settings. Configures the moduelpath and config_version. +└── hiera.yaml # Hiera's configuration file. The Hiera hierarchy is defined here. +``` + +## Copy This Repo Into Your Own Git Server + +To get started with using the control-repo template in your own environment and git server, we've provided steps for the three most common servers we see: [GitLab](#gitlab), [BitBucket](#bitbucketstash), and [GitHub](#github). + +### GitLab + +1. Install GitLab. + * +1. After GitLab is installed you may sign in with the `root` user and password `5iveL!fe`. +1. Make a user for yourself. +1. Make an SSH key to link with your user. You’ll want to do this on the machine you intend to edit code from (most likely not your Puppet master, but your local workstation or laptop). + * + * +1. Create a group called `puppet` (this is case sensitive). + * +1. Add your user to the `puppet` group as well. +1. Create a project called `control-repo`, and set the Namespace to be the `puppet` group. +1. Clone this control repository to your laptop/workstation: + * `git clone ` + * `cd control-repo` +1. Remove this repository as the origin remote: + * `git remote remove origin` +1. Add your internal repository as the origin remote: + * `git remote add origin ` +1. Push the production branch of the repository from your machine up to your git server + * `git push origin production` + +### Bitbucket/Stash + +1. Install Bitbucket + * +1. Make a `Project` called `puppet` (with a short name of `PUP`) +1. Create a repository called `control-repo` +1. Create a user called `r10k` with a password of `puppet`. + * Make the r10k user an admin of the `PUP` project. +1. Either use the admin user to test pushing code, or create a user for yourself and add your SSH key to that user. + * If making a user for yourself, give your user account read/write or admin privilege to the `PUP` project. +1. Clone this control repository to your laptop/workstation + * `git clone ` + * `cd control-repo` +1. Remove this repository as the origin remote + * `git remote remove origin` +1. Add your internal repository as the origin remote + * `git remote add origin ` +1. Push the production branch of the repository from your machine up to your git server + * `git push origin production` + +### GitHub + +1. Prepare your local git client to authenticate with GitHub.com or a local GitHub Enterprise instance. + * + * +1. Create a repository called `control-repo` in your user account or organization. Ensure that "Initialize this repository with a README" is not selected. + * +1. Make a note of your repository URL (HTTPS or SSH, depending on your security configuration). +1. Clone this control repository to your laptop/workstation: + * `git clone ` + * `cd control-repo` +1. Remove this repository as the origin remote: + * `git remote remove origin` +1. Add your internal repository as the origin remote: + * `git remote add origin ` +1. Push the production branch of the repository from your machine up to your git server + * `git push origin production` + +## Code Manager Setup + +If you use Puppet Enterprise and have not yet enabled and configured Code Manager, in addition to reading the official [documentation](https://puppet.com/docs/pe/latest/code_management/code_mgr.html) for enabling it, you may want to look at the Ramp-Up Program's control repository instead of this one. It's similar to this repo except that it has batteries includes, so to speak. There are pre-built profiles for configuring Code Manager, generating SSH keys, and setting up your Git server to work with Code Manager. + +* + diff --git a/README.md b/README.md index d68a899bd..5d08b0062 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,8 @@ Table of contents * [Get the control\-repo deployed on your master](#get-the-control-repo-deployed-on-your-master) * [Setup a webhook in your Git server](#setup-a-webhook-in-your-git-server) * [Gitlab](#gitlab-1) - * [Test Code Manager](#test-code-manager) + * [Test and Troubleshoot Code Manager](#test-and-troubleshoot-code-manager) + * [Example Roles and Profiles primer](#example-roles-and-profiles-primer) # Join the #ramp-up channel on Puppet Community Slack @@ -22,7 +23,7 @@ Our [Puppet Community Slack](http://slack.puppet.com) is a great way to interact # Before starting -This control-repo and the steps below are intended to be used with a new installation of PE. +This control-repo and the steps below are intended to be used with a new installation of PE as well as example of a working control-repo architecture. **Warning:** When using an existing PE installation any existing code or modules in `/etc/puppetlabs/code` will be copied to a backup directory `/etc/puppetlabs/code_bak_` in order to allow deploying code from Code Manager. @@ -32,9 +33,8 @@ When you finish the instructions below, you will have the beginning of a best pr - A Git server - The ability to push code to your Git server and have it automatically deployed to your PE master - - A config_version script that outputs the most recent SHA of your code each time you run `puppet agent -t` + - A config\_version script that outputs the most recent SHA of your code each time you run `puppet agent -t` - Optimal tuning of PE settings for this configuration - - Working and example [roles and profiles](https://docs.puppet.com/pe/latest/puppet_assign_configurations.html#assigning-configuration-data-with-role-and-profile-modules) code # How to set it all up @@ -48,34 +48,34 @@ When you finish the instructions below, you will have the beginning of a best pr 2. After GitLab is installed, sign into the web UI with the user `root`. - The first time you visit the UI it will force you to enter a password for the `root` user. -2. In the GitLab UI, create a group called `puppet`. +3. In the GitLab UI, create a group called `puppet`. - http://doc.gitlab.com/ce/workflow/groups.html -3. In the GitLab UI, make yourself a user to edit and push code. +4. In the GitLab UI, make yourself a user to edit and push code. -4. From your laptop or development machine, make an SSH key and link it with your GitLab user. +5. From your laptop or development machine, make an SSH key and link it with your GitLab user. - Note: The SSH key allows your laptop to communicate with the GitLab server and push code. - https://help.github.com/articles/generating-ssh-keys/ - http://doc.gitlab.com/ce/ssh/README.html -7. In the GitLab UI, add your user to the `puppet` group. +6. In the GitLab UI, add your user to the `puppet` group. - You must give your user at least master permissions to complete the following steps. - Read more about permissions: - https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/permissions/permissions.md -8. In the GitLab UI, create a project called `control-repo` and set its Namespace to the `puppet` group. +7. In the GitLab UI, create a project called `control-repo` and set its Namespace to the `puppet` group. -10. On your laptop, clone this PuppetLabs-RampUpProgram control repo. +8. On your laptop, clone this PuppetLabs-RampUpProgram control repo. - `git clone https://github.com/PuppetLabs-RampUpProgram/control-repo.git` - `cd control-repo` -14. On your laptop, remove the origin remote. +9. On your laptop, remove the origin remote. - `git remote remove origin` -15. On your laptop, add your GitLab repo as the origin remote. +10. On your laptop, add your GitLab repo as the origin remote. - `git remote add origin ` -16. On your laptop, push the production branch of the repo from your machine up to your Git server. +11. On your laptop, push the production branch of the repo from your machine up to your Git server. - `git push origin production` ### Stash @@ -121,9 +121,10 @@ We will set up a deploy key in the Git server that will allow an SSH key we make - Paste in the public key from above 3. Login to the PE console 4. Navigate to the **Nodes > Classification** page + - Click on the **PE Infrastructure** group - Click on the **PE Master** group - - Click the **Classes** tab - - Add the `puppet_enterprise::profile::master` + - Click the **Configuration** tab + - In the `puppet_enterprise::profile::master` class parameters - Set the `r10k_remote` to the SSH URL from the front page of your GitLab repo - Set the `r10k_private_key` parameter to `/etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa` - **Commit** your changes @@ -132,33 +133,12 @@ We will set up a deploy key in the Git server that will allow an SSH key we make ~~~ puppet agent -t - r10k deploy environment -pv + puppet access login -l + puppet code deploy production --wait puppet agent -t ~~~ -5. Navigate back to the **Nodes > Classification** page - - Near the top of the page select "add a group" - - Type `role::all_in_one_pe` for the group name - - Click the **Add Group** button - - Click the **add membership rules, classes and variables** link that appears - - Below **Pin specific nodes to the group** type your master's FQDN into the box - - Click **pin node** - - Select the **Classes** tab - - On the right hand side, click the **Refresh** link - - Wait for this to complete - - In the **add new classes** box type `role::all_in_one_pe` - - Click **add class** - - **Commit** your changes -8. On your Puppet master - - Run: - - ~~~ - puppet agent -t - echo 'code_manager_mv_old_code=true' > /opt/puppetlabs/facter/facts.d/code_manager_mv_old_code.txt - puppet agent -t - ~~~ - -9. Code Manager is configured and has been used to deploy your code +6. Code Manager is configured and has been used to deploy your code ## Setup a webhook in your Git server @@ -178,7 +158,7 @@ Independent of which Git server you choose you will grab the webhook URL from yo - Since Code Manager uses a self-signed cert from the Puppet CA it is not generally trusted 3. After you created the webhook use "test webhook" or similar functionality to confirm it works -## Test Code Manager +## Test and Troubleshoot Code Manager One of the components setup by this control-repo is that when you "push" code to your Git server, the git server will inform the Puppet master to deploy the branch you just pushed. @@ -195,5 +175,16 @@ One of the components setup by this control-repo is that when you "push" code to 3. Allow the push to complete and then wait a few seconds for everything to sync over. - On your Puppet Master, `ls -l /etc/puppetlabs/code/environments/production`. - - Confirm test_file is present + - Confirm test\_file is present 4. In your first terminal window review the `puppetserver.log` to see the type of logging each sync will create. + +## Example Roles and Profiles primer + +The Roles and Profiles in this repo are usable examples. Some of the code has been commented out to protect the inocent but the examples sound. Please review the following README's for a more detailed description of the examples. + + * The role and profile patern (method for naming and suggestions for hierachy) are only examples and suggestions. + * Some of the Windows profiles may not totally work due to depencies. + * Software download locations + * Method for package install ie (chocolatey, or wmi, etc.) are not specified. + + **Please see [Role and Profile examples](./site/README.md)** diff --git a/Rakefile b/Rakefile new file mode 100644 index 000000000..a6b14c564 --- /dev/null +++ b/Rakefile @@ -0,0 +1,76 @@ +require 'puppetlabs_spec_helper/rake_tasks' +require 'puppet-syntax/tasks/puppet-syntax' +require 'puppet_blacksmith/rake_tasks' if Bundler.rubygems.find_name('puppet-blacksmith').any? +require 'github_changelog_generator/task' if Bundler.rubygems.find_name('github_changelog_generator').any? +require 'puppet-strings/tasks' if Bundler.rubygems.find_name('puppet-strings').any? + +def changelog_user + return unless Rake.application.top_level_tasks.include? "changelog" + returnVal = nil || JSON.load(File.read('metadata.json'))['author'] + raise "unable to find the changelog_user in .sync.yml, or the author in metadata.json" if returnVal.nil? + puts "GitHubChangelogGenerator user:#{returnVal}" + returnVal +end + +def changelog_project + return unless Rake.application.top_level_tasks.include? "changelog" + returnVal = nil || JSON.load(File.read('metadata.json'))['name'] + raise "unable to find the changelog_project in .sync.yml or the name in metadata.json" if returnVal.nil? + puts "GitHubChangelogGenerator project:#{returnVal}" + returnVal +end + +def changelog_future_release + return unless Rake.application.top_level_tasks.include? "changelog" + returnVal = JSON.load(File.read('metadata.json'))['version'] + raise "unable to find the future_release (version) in metadata.json" if returnVal.nil? + puts "GitHubChangelogGenerator future_release:#{returnVal}" + returnVal +end + +PuppetLint.configuration.send('disable_relative') + +if Bundler.rubygems.find_name('github_changelog_generator').any? + GitHubChangelogGenerator::RakeTask.new :changelog do |config| + raise "Set CHANGELOG_GITHUB_TOKEN environment variable eg 'export CHANGELOG_GITHUB_TOKEN=valid_token_here'" if Rake.application.top_level_tasks.include? "changelog" and ENV['CHANGELOG_GITHUB_TOKEN'].nil? + config.user = "#{changelog_user}" + config.project = "#{changelog_project}" + config.future_release = "#{changelog_future_release}" + config.exclude_labels = ['maintenance'] + config.header = "# Change log\n\nAll notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org)." + config.add_pr_wo_labels = true + config.issues = false + config.merge_prefix = "### UNCATEGORIZED PRS; GO LABEL THEM" + config.configure_sections = { + "Changed" => { + "prefix" => "### Changed", + "labels" => ["backwards-incompatible"], + }, + "Added" => { + "prefix" => "### Added", + "labels" => ["feature", "enhancement"], + }, + "Fixed" => { + "prefix" => "### Fixed", + "labels" => ["bugfix"], + }, + } + end +else + desc 'Generate a Changelog from GitHub' + task :changelog do + raise <= Gem::Version.new('2.2.2')" +EOM + end +end + diff --git a/appveyor.yml b/appveyor.yml new file mode 100644 index 000000000..9ea31e3ea --- /dev/null +++ b/appveyor.yml @@ -0,0 +1,64 @@ +--- +version: 1.1.x.{build} +branches: + only: + - master +skip_commits: + message: /^\(?doc\)?.*/ +clone_depth: 10 +init: + - SET + - 'mkdir C:\ProgramData\PuppetLabs\code && exit 0' + - 'mkdir C:\ProgramData\PuppetLabs\facter && exit 0' + - 'mkdir C:\ProgramData\PuppetLabs\hiera && exit 0' + - 'mkdir C:\ProgramData\PuppetLabs\puppet\var && exit 0' +environment: + matrix: + - + RUBY_VERSION: 24-x64 + CHECK: syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop + - + PUPPET_GEM_VERSION: ~> 4.0 + RUBY_VERSION: 21 + CHECK: parallel_spec + - + PUPPET_GEM_VERSION: ~> 4.0 + RUBY_VERSION: 21-x64 + CHECK: parallel_spec + - + PUPPET_GEM_VERSION: ~> 5.0 + RUBY_VERSION: 24 + CHECK: parallel_spec + - + PUPPET_GEM_VERSION: ~> 5.0 + RUBY_VERSION: 24-x64 + CHECK: parallel_spec + - + PUPPET_GEM_VERSION: ~> 6.0 + RUBY_VERSION: 25 + CHECK: parallel_spec + - + PUPPET_GEM_VERSION: ~> 6.0 + RUBY_VERSION: 25-x64 + CHECK: parallel_spec +matrix: + fast_finish: true +install: + - set PATH=C:\Ruby%RUBY_VERSION%\bin;%PATH% + - bundle install --jobs 4 --retry 2 --without system_tests + - type Gemfile.lock +build: off +test_script: + - bundle exec puppet -V + - ruby -v + - gem -v + - bundle -v + - bundle exec rake %CHECK% + - bundle exec onceover run spec +notifications: + - provider: Email + to: + - nobody@nowhere.com + on_build_success: false + on_build_failure: false + on_build_status_changed: false diff --git a/hieradata/nodes/example-puppet-master.yaml b/data/nodes/example-puppet-master.yaml similarity index 100% rename from hieradata/nodes/example-puppet-master.yaml rename to data/nodes/example-puppet-master.yaml diff --git a/data/os/Debian.yaml b/data/os/Debian.yaml new file mode 100644 index 000000000..7fba5bda1 --- /dev/null +++ b/data/os/Debian.yaml @@ -0,0 +1,3 @@ +--- + +profile::app::tomcat::webserver::download_url: 'https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.35/bin/apache-tomcat-8.5.35.tar.gz' diff --git a/data/os/RedHat.yaml b/data/os/RedHat.yaml new file mode 100644 index 000000000..7fba5bda1 --- /dev/null +++ b/data/os/RedHat.yaml @@ -0,0 +1,3 @@ +--- + +profile::app::tomcat::webserver::download_url: 'https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.35/bin/apache-tomcat-8.5.35.tar.gz' diff --git a/data/os/Solaris.yaml b/data/os/Solaris.yaml new file mode 100644 index 000000000..b237a8d5f --- /dev/null +++ b/data/os/Solaris.yaml @@ -0,0 +1,3 @@ +--- + +profile::app::tomcat::webserver::download_url: 'https://www-us.apache.org/dist/tomcat/tomcat-8/v8.5.35/bin/apache-tomcat-8.5.35.tar.gz' diff --git a/data/os/windows.yaml b/data/os/windows.yaml new file mode 100644 index 000000000..11c76fcb3 --- /dev/null +++ b/data/os/windows.yaml @@ -0,0 +1,4 @@ +--- + +profile::app::tomcat::webserver::download_url: 'https://www-us.apache.org/dist/tomcat/tomcat-8/v8.5.35/bin/apache-tomcat-8.5.35-windows-x64.zip' +profile::app::tomcat::webserver::tomcat_install_path: 'C:\Program Files\Tomcat' diff --git a/data/role/fastb_database.yaml b/data/role/fastb_database.yaml new file mode 100644 index 000000000..7d8169f74 --- /dev/null +++ b/data/role/fastb_database.yaml @@ -0,0 +1,19 @@ +--- + +profile::app::mysql::server::mysql_users: + fastb_db_user@localhost: + ensure: present + +profile::app::mysql::server::fastb_db_user@localhost::password: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAW555w9viO6soOOVHngrMRv2P+hNn4jBgn4hmXHF0/nvOIvzT7eIwCb+7sdbYbc3BWeEYkHvD+qyj1YUdt3akuAgeYMHdYdajsqU27QOTdERA+Vto2A21gIVyLlRG6x3+fGQAExpzCUiSWE4CEmVawOFCuMibl8FIs337jZrZ5JoEXrLuGXW9lG4EHoMfrNlKzAxQCwDoudhrKcJHtGp3xXJFJ5RV311SlduZeyC/VoYI+eIyxx15C8cvTV08D6dkM9wv1fnkjnqS2Fj5OoKP+fnIoHHxhou/ulMKNBQgH/6I/GpiFZshK8i/y7hptT0qd3n8UVCcfPU0lHdURD4RrzA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAAVeef6a4h7jMgdhdbQbRagBARC9r7oclAgaT/NHx+raTM] + +profile::app::mysql::server::dbs: + 'fastb_db': + user: 'fastb_db_user' + host: 'localhost' + grant: + - 'SELECT' + - 'UPDATE' + password: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAW555w9viO6soOOVHngrMRv2P+hNn4jBgn4hmXHF0/nvOIvzT7eIwCb+7sdbYbc3BWeEYkHvD+qyj1YUdt3akuAgeYMHdYdajsqU27QOTdERA+Vto2A21gIVyLlRG6x3+fGQAExpzCUiSWE4CEmVawOFCuMibl8FIs337jZrZ5JoEXrLuGXW9lG4EHoMfrNlKzAxQCwDoudhrKcJHtGp3xXJFJ5RV311SlduZeyC/VoYI+eIyxx15C8cvTV08D6dkM9wv1fnkjnqS2Fj5OoKP+fnIoHHxhou/ulMKNBQgH/6I/GpiFZshK8i/y7hptT0qd3n8UVCcfPU0lHdURD4RrzA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAAVeef6a4h7jMgdhdbQbRagBARC9r7oclAgaT/NHx+raTM] + +profile::os::baseline::verify_trusted_data::extentions: + - 'pp_preshared_key' diff --git a/data/role/fastb_loadbalancer.yaml b/data/role/fastb_loadbalancer.yaml new file mode 100644 index 000000000..55c217f60 --- /dev/null +++ b/data/role/fastb_loadbalancer.yaml @@ -0,0 +1,4 @@ +--- + +profile::os::baseline::verify_trusted_data::extentions: + - 'pp_preshared_key' \ No newline at end of file diff --git a/data/role/fastb_web-be.yaml b/data/role/fastb_web-be.yaml new file mode 100644 index 000000000..55c217f60 --- /dev/null +++ b/data/role/fastb_web-be.yaml @@ -0,0 +1,4 @@ +--- + +profile::os::baseline::verify_trusted_data::extentions: + - 'pp_preshared_key' \ No newline at end of file diff --git a/data/to_be_deleted.yaml b/data/to_be_deleted.yaml new file mode 100644 index 000000000..125eae369 --- /dev/null +++ b/data/to_be_deleted.yaml @@ -0,0 +1,201 @@ +--- +message: "This node is using common data" + +#Enable code manager +puppet_enterprise::profile::master::code_manager_auto_configure: true +puppet_enterprise::master::code_manager::authenticate_webhook: false +puppet_enterprise::master::code_manager::manage_private_key: false +#pe-console-services tuning +#https://docs.puppetlabs.com/pe/latest/console_config.html#tuning-the-classifier-synchronization-period +#disable classifier scheduled sync and rely on r10k postrun command to sync the classes +puppet_enterprise::profile::console::classifier_synchronization_period: 0 + +# example for deep lookup +# X11Forwarding will be overwritten by virtual/virtualbox to 'yes' +profile::os::linux::security::ssh_server_opts: + PasswordAuthentication: 'no' + SyslogFacility: 'AUTHPRIV' + X11Forwarding: 'no' + +# example of eyaml encrypted mysql password +profile::app::mysql::server::root_password: > + ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEw + DQYJKoZIhvcNAQEBBQAEggEAn1OG1qv3jepoxIrbfU8lOpVc3+4HuyLlncet + QtWvvWRdTtkUu/3A+0rLHbtLHQNo8skLgJZadaQHR3JfAXW+OfKGhS31Q5sb + yOxIWD7t9J7ud1Ks+w2Ejmy2W5SI5W5FAWFM3IpKxTe2LZI2nRQ6IPL1PSG6 + WsU6qeDI47mQtqP030UNBchZafpUlN4KpknSLijhy/Hb1kRU+wyWc1ESt50L + RmLseK+lDx6r8g8DH9XVLM9YpvexnvcyPO2i7i//zRnN1dH6y0D7r3oH3duI + YwqwI1sPPgPVoWTN3bP3sKOoAdTiwXpgakP9rVanxw67S7VtJOJK3ujjP++l + orMyfTBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBADm3woaNcUD4FUmLZI + dsaYgCDJ4RUT7bXT1cHxBdHbvqgype082aVHqhqKHC9CI9mJGQ==] + +#example private key stored in eyaml for profile::app::puppet::compiler +profile::app::puppet::compiler::eyaml_private_key_content: > + ENC[PKCS7,MIIH/QYJKoZIhvcNAQcDoIIH7jCCB+oCAQAxggEhMIIBHQIBADAFMAACAQEw + DQYJKoZIhvcNAQEBBQAEggEA7xJ/b0pCJUSbNsfIKtcC2VJ76U57ACePXtOX + 0E0QDj8aVtBbx6hm2F5rd4ys/7ynIhrB14509E00sTFCJsYyrq2PhVD7gE0h + XPjXtJQbXyKigZMJAlFlDJUJCOM2hjm9x9zrzx30p9OgG8r5FRGKbDoqN1Us + f20+N8f/8qPAKiZGtOmukeDkWqXsJdCT/V8TaU6m/p667+W66m/MhIZ+wTe0 + QidVklcu3bDP33UVfodQNTrOlMZXNGeRnh/Z+SfLjUyp57I7sVq3ZceP0vCF + ulVa+ymED88Hb7chhAT2tWcQUZHd5SbK/qltvzNOaBVy0LUukBRwxD9yJOVB + 1XGmCjCCBr4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEJ/RwACeR4ZK/L4E + lk0WFg2AggaQr+ktXx/g3NPzeGzIlZh0u6sul4qm8DPhoRnVQMhbG095LBqP + kaZBv+b9Hpd339Uo7uBiYihfXmDOV/XHefKBhWbhxuSlQAVcU9EUqHKfxKP7 + Wnakk571lEpNzGbr0NSxuwrJxJwTc4UWCMkAXSMRv/x37a2TH68Zyfr22FIw + +wgBpvrCzUuqRjbFkroxBpLk3UtVfqzQTe8e394+uNoU5DyOJGoFaXcg+QI8 + MB+gcvIl0qWY1n6opNHbOEMaU7Kc1dn/8F7wjzWMvrME1DnS40u0N8hGbWhE + 0W+WSzVkYb0DoPDAaTeXyXzAAkDKtsq/KRFZrQ3jbJc3O1MbtBC19RQ5vUEN + TXYZk11mQFZW41ukOqPk1udfIRnjoerp43opGUyQFHGTh3EVBsE1W5WL2oY9 + KWTpMZRHDHzMNAkBgvdUbmkQY002TZ+Ze2P/zm0iHjtpBqWdzt4DXf5rGrjd + CmDH84GqULfHkUo63vD7bSck6dPnMF1aL7Ro1H6+859aJTSHUhtWJuAmHxRc + /gmAeAybFmjs5IHhM5bWT/rGceOgQv3Wj58Bp1WJyIW04BVMZlouBbdRZ2su + jpBevq7s+l1SRxyfSOaILzEoEuWmMDMZ7JV6RVDUiomemN92fngmLZccdW6A + 7IQcNHIu/JF9CVh46NbwdSsMcHqCn13oB6UDCIbbsWbQc43yxAPK5d1jVBaZ + hb3HVJcmZ9nqxAooHnIPSma46W4kTiR4+BHkgf4hFZMwoNAbWB8qtgxqrb+v + e7FCEprkGfm1Fx/Rb+prvMEoUZbanlA6IcQ5hr965p5Niktn1nCQpVNBFOjG + n6giyg+wXvXdIdnA6Wn+BPmyf/YZbwFZ2jYww5/P2Xfh9VgVQJ61sOpa6Klh + tcwymMqgdrV6RR4sVltv+WmA0yCxm+J3IBoVAmHg6eRngVPNyalRSdUkBSG8 + IHa3QPA2eyiWfHEnrnH9y9ePNYcO0XRPz9+uAbLeIHlKoYIuLFWPs0FKXsiQ + AEyHftnUXZ1AoSr9/y9tyjadiNPu/+qceI8NNNgclhQgxB3YhJ7e7voBLXtd + g8WL25qEuqlhcMoZ58fg1GBeF1tYjtHLpSc5pYvXFaKs3i57jCOK7X32Stjq + ipqgqVWsDKv41CbEaN6pjIUCg73Rn+GlfmjuoxMt61S2TbCj3Yb7mnnYEsND + 45VcxRDCLIXHH676TjleAuZxu7wnrRpobOfdlHxCkM8tidwnjJvKsa1SLvFv + hEU2uAUO0ViSTlIV3LEkgFGyuNb4F0MLMdtNG9Pikx+ILc3kQnRyn4jb3mKW + TmlBCmIAVduxWLzyPM2g6caWpy4RW+72RXh//Sj4lhcmYRpAeI3m59gPFECc + o6n6kAkIYrk1NgjpGmyv/KdH0PBxZqUdeSxztlCbkMtfpIKI+jvRIP7ZXYQY + JffRRxHFFB1G1qRpHBwhVyTHss64mydOuuBSY4snLG+bvP2Q5f0gjQeJ7BHh + eqmVX+fAe3dce8z6VwzVf4l6MLbxwW47GHd/89Tr88MgGVNIKRZkU9jICLJ/ + JwOjnzTFK9DYeD9AlMT8C9W47ruJsL4UvlP5k0qZyAk2fu9/d7BTap5YY9ND + POI+Dkqr30EPcy+Ymgtky1tQuLMWAjKcJxb8/m/Vs8v9P1YL7SR9MbyMTyU6 + 0yhhnVgFVzXuPQpHGbKOMGKZD2UjxSOYya6a5f3lRFRtvLDZH9PfPCULEEAu + LD3aqHiFRRpfEIu3/LcQ15ZuRbDzzICjVNTaOkRfhE0LM49nXIk2zd5M3IQs + xskHKN8nH18hXumJLcKDpowTPTFyDKYgJ64884/oSGl3Vl0pri42mRdSLQBJ + sXhGjgCtKwJqQRx2uJDYX6+OjUTCP7JMpM6SIw0dVKpZfGQkqoqS7ExaJFS8 + Ebgra+Bhx8yVPkvhsrlXpUmE7dyA2RZpqgnl3oxp6KQbRsTRMRgE4UK5KYZT + V3CFq0dEOB/F9uUL821qtSLIQyD1gFlHWGnL97kwzmINTQYCKm38s8gBDM5Y + ecVbMZXrHSbSBm+4IMpBPUBPb4Ui5iRF+4usFyCJBGgSVxl96xXHRPPVvjAK + EyK1k5cl8YwvoJd5CfuixpvzCWRCulh7GrjfEDcUdX4l5E7zFw2vIEAvjj8x + 4gLCkiqX0ZY1B63bl52TVS1QdejMB7McT66DlfF05oWPo7buMjsgTTRb9e5K + 8UA9HrhVrg+ugdPHUzp/d7YlF30/7pS9] +profile::app::puppet::compiler::ssh_private_key_content: > + ENC[PKCS7,MIIH/QYJKoZIhvcNAQcDoIIH7jCCB+oCAQAxggEhMIIBHQIBADAFMAACAQEw + DQYJKoZIhvcNAQEBBQAEggEA4TvF7y+icqTngijNa8M+9NDt/ESIjhifCxUL + 0KSGbC72jwwuNFMBYbLMwPwy4iXg3my7meKp9YoaI4HIe3q7p/Mv6RJ0GSou + yxaGWQ0edOAFCsCuHz8uB4RCY69IOj1hmewb7VlYlf1Y71rtlfCKlfIyiBcY + oIYWXN0brstg/Feg36M7DZQCGOP9M/yvNilOCIQzPYThu5qPBAZzu5yezOzF + L2phAI0tXyHd52RNokIldZPPdL7FxDnR4KTJxl2M2dwk6qbTavlAksl/PoW0 + Jve9g26Q6IxWsl7a/iq77wjOZRNPOZP1FIiveJaXw+B8K5DbIMIkldxSOSy0 + nKOPAzCCBr4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEAYRil4dbCZDOD0D + NcM6dxSAggaQhR3+O7JpTGsHza6NpqX9xsMz+LAbhOTU8SGVyMgMS3gJuM0q + r6JNsb7a/dzNaXxc2fwz/MEI3Vf6TKknJkyVhpB1nAH3CXUtBCYpKrAqRj+v + Pi/kTgU+DoOKnpBOkFaFEJnhlCKvitzvG8x86Y45AGnZwsdXZCGkuY9pXjxl + U4oZu2GvuOHBuz/m/d+a93YELF7NvJ1MYvSVNuHiOW2DZT5bQLpDLpeChQdB + pwQaHfjG580mLnSNm2iTqsWiQ8oQjDNCKhMaxayKM/fITFI0IVtZQ2yNctZq + +gWknUBgvaqZ1xuIHVyGG8OghFlNkRIEKWppvg/dn2bR+2NY7v6EMfeIkdDp + VY6432kzc/GIT00xlnu3EcJHDWq9n7fM5HXjvq4xSial/oFVCbOmkVMqzh4o + wL0x+xrlQRQJ72Wt/C/k+4Yd/n98tiXmG3Zc10YW8XVxsDEDi1d4/2k0Lt/I + kwecN1rT9gbL4szz7JtQPF7U0AzEgIewekqH3WUeFbFR4REoNtgGRnAwawKh + MuVAykZICV7rRgrXL+bafvic6/QNmOqzbbJ8snNEl1dTJ/meB/zzK5DFuq3F + gYEmYJN3ffxd784FkTjeQ3VOFmiTzYHGj0LgJyWuZgy1oz5QSBtdJwfVP53D + Xg93zkNtJess1weQ09cwW7ve/ppDazPFEQQ1ixLxRygOpVtRM3ue9lL+I4zt + BHgzUSeTbfXxc8bvI7n2r3ArLvRE5sVXqbIV82QQg0ZLFMW0seVH21Ui0RDD + 8nMTEgSKnibeitx3P1Ua+Oyqbf+qcwpFDO3T9+ym98ksSgPCW3oJ7dwb4yn+ + EPB9pGMQChQo9pEb9xIm2NbpohqenT2FxR2AvknxEOI2AeVw//YmOxUJtt3J + ovLgPieaghUVq4Vch87uE6V7VgT2pHYB7w/iLJDvgRTYFP0miDIALkVyrceo + gSTitft0aeMGRMV//0aZh70NfqTjBdzlPJmDfkt6PB5rHrlSz7bavt7wSDLc + rY+7FbttFjhwcZiTSnMfWVtKo3RmmmhpF8VO8p3p5vivJ6/cYGi8QZEwZMdU + +hTHGcdSJazH6z8Zv/nloPfxWekjpWxXgyL9CJp4OsMyzS0MR0vObm9e/tF3 + RKlUW9SwEWT2ICAaCxAX6fijV4C6poHhodaOjAMmSnPXthJs2MQwIMF3gryA + ekB6ltNQCJyTorylaNaq/dGVr2IPuJdGlMi9Ydv2YoWXTaYU2AwYYju/2CST + o7tgtu1IAlcZyh533xFU4FVDj4tWTLyxXvxAXhsGluMIo0qEOrsvlPOvmSV6 + PMfqOQPe2Jpt6AB8o6p7w2LDEP5MWU45OZoLGGsphaGUw/CZL30/DKHjqbGn + mqVcQ9GR+/W9sv8rBdUXY1HsAiiPW7L3+Hg7R+2XDkIVQcRmGj0hIeKX5QVX + dBv/DY2Z4iEjKdEYVG/GZfE2WvyAGjblA99Sr28xae2L8eyakPz0vneDV58x + AkhM+ejNHurYZWjqvozbtmLxmthtyWdycFwGE72lujMOeIBkm8NvwEZlLK4B + z8/rrHlTlzW+Iipzr02d4/wmXzEpjZF82uYzCXxyMEmZ1RHWiQYkbZx7AXHc + z0+2kyZUVHX3sBhpHhv1W8NwsTJUWyaBgIpAann+IXsWA8xudMBX4HdAxVM0 + mEHI7KoTMVCm2kZ5gSzmHaHY5q4V1LmTpiCvFWqUfLFz0Z9z5uV6q3pZuOUu + cH+C0biwbhKT+vJRIuVzk6Jx7+JaTVYeBtj46rk/1OVgQQ5uor0dWZ/XphEO + 2hxTkQWytWrIwpoU2TodtVQnI2dxpsSwNrL+oULHeVFMqmH1LszLkiHG6TSB + jgdhvVbNNr33dZU5s3iFRj651bSYnj4NZ8I2LQJzERzhMnvgExw7neNfZR1I + TkMEvXpcFp9H3MlS8clwlvy0vQae5FxGOgHiVRtY+vgHHwUBm8h7clNuHPc+ + /ms02FbQX0CtOCTxfTaA6hR34fSyeCxZvY7UCPqeiAQoOX1cMJJahJ31o6zO + O37LM/5N1JdjXsXfb7woqGCxV8tMt8n/hK+jTZSphn3C5qvN9GvzuSUVEctq + OlIyIcXeJW98S0gBtqNFB2J0rzU99oZrZ2m5qp2YAI/RRlMi1X7LT2cj5x++ + a+KDBrkXUD7+jJc2a9seUH6gOQbiHlGT0EhwFqfhVaX2fX1S95MZmm/WZZS6 + KaMKaApqLrFsVzyNngGgTd8XRXFV9PDR] +profile::app::puppet::compiler::eyaml_public_key_content: > + ENC[PKCS7,MIIFjQYJKoZIhvcNAQcDoIIFfjCCBXoCAQAxggEhMIIBHQIBADAFMAACAQEw + DQYJKoZIhvcNAQEBBQAEggEASWsFHYa/FyWNNE4a9Zuc7Pqg50OOcdA8pV5w + Oxs7sgDAhmO4tUcu5GIk84MwQDd1ieU8eSASCrZGxM84fAfr0xmncA7DEI8F + 1qkprYqto72YUJX1EJi1itAlmC6iXgHsPrjorxG2q1mqMyAl6DyKJ/78gWyR + d3aS+MeShF8QZQjCqQ3y6WIylV5HyxBFCJk77jquiXZeTSc+zWwUjxJOjILX + TjeKXrOVr1pA6PVNPQjQPXNGzeLXdHdqjHvCHNXHet8Ja2bKb3NUqFa58Rzq + nky2tSPcWqjiOo1zjO1TmPkQI1adr2B5zOIQrNF4bU8Rk8BCqJxzs0DxkGqf + slr12jCCBE4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEBu89wK0tIPrUUsW + usyzeqKAggQgKypMUlofJAARYq63AsQl7OnSJSKyHWuKwDpwlZHmmkLB8w4Q + J8YL7m/08OSULpEUoB9afwihrzPrxPnvJT3AbLYmFIH+qSPEnNoS0s4wGw7r + WiHgw6UDolGH6cxPeNjoSBVGvjN7kapxrgF5iz5AqNj3Xv8XvXQLmhbwh2uL + 9VZRXCE2TvfgbcgNZoBw4TdYJu4NpfVzKvpeqibmuLdoGxbuLVLlKYjlGwRF + u5Ssx9Ax2H07fQPiROAlEkw2x7V/+gPd47kiu+5s9gRvYPIhduuhy/Q35NcB + Yxdi2p0HO57tOa2qy2/7N6x0bnXlMi8nn2PwCbyl2S+J68vBEhQ+g2BaLcfA + K4nEycRJjp5ykAKwFlSJWC6Kdsb0DXZBCiTqqrpnjLrRLKzQzKEoc+G16CAw + z3DMRWUss/oH/rxoiWS+MuxQKfQEs3S+AnZjmEKwk+luXV26vKxBjxbyyVmk + I6nv/g008TZH85oaUcbLP6goph9k15olz1m+ECToS64TXZRhrzvCmT+GxFmg + fOIAMONI/Vw8oZJTzWapnQNdxlBRa+GJwncaUn8gk2bH7qQS1cE3O5te3Mu0 + EH7hWtp1dflzKPTUU6mXHt2/O8ROU3QEbF10y7aDsn6bYI/pfe026nEuCSxU + RrJxUTkjnB2lXqeDVDE2XlxjHgS/GhGvYFx4Z9bBPq1RCHR7OWFfqnuQz77n + yrKfmwnpSAgrZINlOAsE7qJg9+PWisn2qcP6Oxzla+wRy/oEkPfUtrM3fBKP + UwIEZ4pBWoE0Hl2QzmmReSCMcwMPn66zssJTn1hGPRyR5GGCMz+LsE9Bn2FI + oJ+MYvDZxrBm5gsdqvqepIlyiKC0EPxXPuBaY1tWXtiRprO7KvGzM6uNzAWz + DHcXggZvYlDGV5+583XlIICqm8TEhHx//pqXJkm9XtALl+cM7bfAryhWVpyU + qj4Lx1uTbnElSHKE3Ru0OleZ//2jknmH1IE4lFgHrIEpFTZYZraZl09qloJI + XiKKSmCa7Diil+iAthyFHgP/AUBJDS85lxd3c0OcWOpl2f7hufno1qBK5g+u + lrjfcz0XwPcNX8ZkdES1ZjN+dmRDK7vh0tRgNbsQweL+9yQuvaMX5imyYFw0 + S9FYyY5WcN6FYuP8GfMDmp5eyUMertlvdr4++g5BPrccQ+bYfmhg7s8hxaYl + 3u8xpMD+8aJgNsO63oIlFWdYWBcguH/up6jA/jkMVUZ/aRulXQMvQ0SJ+7Qn + 5ha9L0cALAyhmmLwHc1BdWyrkYJ+W6CXdzBrM1aURt6XDLM9aaF1m75XEf8S + aqYnQF2nOhdvluuvGFFKBz9fai7K6gFKQVgI9OjS88hFAjkWXMC8g/ZaZmeQ + jYqHGT1oWHHDYtT5KPQtaMbUC0bsEJ+jtbAJeOW9] +profile::app::puppet::compiler::ssh_public_key_content: > + ENC[PKCS7,MIIDDQYJKoZIhvcNAQcDoIIC/jCCAvoCAQAxggEhMIIBHQIBADAFMAACAQEw + DQYJKoZIhvcNAQEBBQAEggEAzyl+GLbgOpZu7I/mI8SXksLOgvrhrZlKeM1z + qyJF9eRxxepSCLRnDee9qo/Gj08/Si+KVZ3mNOljtSQC3XyrIOv+EscZaN9K + DCr9hlhDWT9WaDgykKpIEKnVrqR11vY28l8uHrce4ME1X7A4SQZn0odN9CP0 + 9OzaEYgiWRWcLbw9eGXkH0OCS2OrXiYTuQpkHCcJTDeYma3qN9gMC9mQLSPx + +wBC1143Nb3AprS2O6nu9UHnTpGM72kF1cJt20DaKItlmRVRGL+2rHWfHraR + SXF1wxi5ffpfetzE8MvPlZGLcrt+AQaODkvscZLYLNNgjxYccweu8A309liX + /07mTzCCAc4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEAABNCM7lW1AsVF+ + oyM9yVyAggGgfp/WQ1DUTGHmbPUvgpVWD0hhArQu2r5tmi9lU/aYR5ltOFjt + hnvvyvsiQykqLUlBHI+/Jc0ma5/pDTpZklNSHlXyY69s8wc+SM3yoKwT3//R + PLUVFetSifFDiaIatngNmOF03FbOrnWqa1MqVGCqYPlm1nRdt7i65zU+GlPJ + wTSFOSSvgDEIEuo2pOM1b45kTmf9yrKILGIGhjE8qP5ZEibZf35wBBP9KhW7 + 75yj/DVJgCDlmX7WC7bCdGUTdkFUCui9Z78s0ze6ig4zCykv33TibTksj6zE + RolScusJqtM1+zRDtpT+qk3u7xcUBKrDm4wZ4E7eEVBp5k1rJ6Z+WQ9N4XWe + ZpZ/qSJzo/bJjaQLXtipVsvRtoIi27p7kmjAup1ehgIlyKUbY9GLhOlPYtEn + 4/UWR2PSBOmWb2uE3KWnVPJEfLGKyZhjExOXXH7IAsf8Nn5IGcpfO0nD48QO + U0LFXP8TsaVrBdOLfnhryj8hvwNNEGtOFvJDrtinpPJfJY1pxNFcH4sID3Qt + G1b2zTCABCXgkfwNt0WFcdxMITE=] + +profile::os::baseline::name_servers: [ '192.168.0.10', '192.168.0.7' ] +profile::os::baseline::search_path: [ 'platform9.puppet.net' ] + +profile::os::baseline::banner::motd: "------------- \n +W A R N I N G \n +------------- \n +\n +Authorized users only. All activity may be monitored and logged. Use of \n +this system means you consent to such monitoring. Unauthorized users may \n +be prosecuted.\n" + +profile::app::mysql::server::settings: + remove_default_accounts: true + +profile::app::haproxy::server::stats_password: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEA2/B9diMes+/bwkA3XX4ezcWkYMRaaJxCnTeHAi6TcH9/GIfdbzWubGwsHKr3gS07UsYIKzXeJaK5TExxMalXZenx8x4EJ113MOs7vNQ1O6wytS944FOw2Cjd4LunuaeoGRw3biRora/eUxG5gqQR4ZPJUDk3FakX2pOFqaruvvcKHvo3+MHvcE5Mbf3WkM5sOHVsWVhLOO4p3aj5cHKPvxuqE5RsnOHhopLaIln3Hgr0nVEetOw24dwFSBOwsdz4yKxrp1skMH1BJWNVwh5EnuMTKyB+/rT7EDG8j50pT92PnLy7Xox+XXSvzFsMa1NIPFuFqcrIuOqkDU5ckupSADA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAAC7PxGEQGuhQ9aQ3XHO5tgBBLH9b+677eakHW3nOvvN4h] + +profile::os::baseline::verify_trusted_data::extentions: + - 'pp_role' + - 'pp_service' + - 'pp_product' + +profile::app::fastb::fastb_db_password::iETraGpZcnRcPiuZGPCytoq3eWkwaWC6vqzudJkvPmu2: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAHPuFhkR38VKbQ76hhp5wWkjuD90sOMXSnw8bbQjU29abIChXtSTll1MZv1iWr2d5BHX1a/E/8cmJxZpc+GXjiV0YXnMHODAOCc+I4QWYmBBKUsUC9N2x6kIYoTAOupOWMnsCOxgyWea9+aWaNsuchg+cRmgQqgo9Ry3nuiEbdD7YHpywRElG4CbTUAMOEJEHexxW54B4svzUFklTNDFRsyura3qkyZLQzf/3rB8WrMKKrbM5vcNg0p0Y8LLp9KYRR13jBmsQ1FawhbS3BIz2f6mHjQrW/DnFxRCi+9fNd8yMHmWM2tAcXyjMdHs3dau41t+9APKuqOWjG3KlV3lGXzA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAZ3nrbPxeAmXguU6LfmXzbgBDo/PVHoLJxFfpwp+VMjXId] diff --git a/hieradata/virtual/virtualbox.yaml b/data/virtual/virtualbox.yaml similarity index 88% rename from hieradata/virtual/virtualbox.yaml rename to data/virtual/virtualbox.yaml index 236ff7b05..10e60502e 100644 --- a/hieradata/virtual/virtualbox.yaml +++ b/data/virtual/virtualbox.yaml @@ -27,3 +27,9 @@ puppet_enterprise::profile::orchestrator::java_args: Xmx: '64m' Xms: '64m' 'XX:+UseG1GC': '' + +profile::os::linux::security::ssh_server_opts: + Protocol: '2' + PasswordAuthentication: 'yes' + UsePAM: 'yes' + X11Forwarding: 'yes' diff --git a/hiera.yaml b/hiera.yaml new file mode 100644 index 000000000..a881025f8 --- /dev/null +++ b/hiera.yaml @@ -0,0 +1,31 @@ +--- +version: 5 +defaults: # Used for any hierarchy level that omits these keys. + datadir: data # This path is relative to hiera.yaml's directory. + lookup_key: eyaml_lookup_key # Uses non-default backend. + options: + pkcs7_private_key: /etc/puppetlabs/puppet/eyaml/private_key.pkcs7.pem + pkcs7_public_key: /etc/puppetlabs/puppet/eyaml/public_key.pkcs7.pem + +hierarchy: + - name: "Should be deleted data (this data is for testing purposes only)" # feel free to delete this layer + path: "to_be_deleted.yaml" + + - name: "Per-node trusted.certname data (can be encrypted)" # Using same file as unencrypted + path: "nodes/%{trusted.certname}.yaml" + + - name: "Per-datacenter buiness trusted.extentions.pp_role data (can be encrypted)" # Using same file as unencrypted + path: "datacenter/%{facts.datacenter}/%{trusted.extensions.pp_role}.yaml" + + - name: "Role trusted.extentions.pp_role data (can be encrypted)" # Using same file as unencrypted + path: "role/%{trusted.extensions.pp_role}.yaml" + + - name: "Per-OS facts.os.family defaults data (can be encrypted)" # Using same file as unencrypted + path: "os/%{facts.os.family}.yaml" + + - name: "Virtual facts.virtual defaults" # Used to configure PE master from within virtual + path: "virtual/%{facts.virtual}.yaml" # like virtualbox or testing platform + + - name: "Common data (can be encrypted)" # Using same file as unencrypted + path: "common.yaml" + diff --git a/hieradata/common.yaml b/hieradata/common.yaml deleted file mode 100644 index 57fc73757..000000000 --- a/hieradata/common.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -message: "This node is using common data" - -#Enable code manager -puppet_enterprise::profile::master::code_manager_auto_configure: true -puppet_enterprise::master::code_manager::authenticate_webhook: false -puppet_enterprise::master::code_manager::manage_private_key: false -#pe-console-services tuning -#https://docs.puppetlabs.com/pe/latest/console_config.html#tuning-the-classifier-synchronization-period -#disable classifier scheduled sync and rely on r10k postrun command to sync the classes -puppet_enterprise::profile::console::classifier_synchronization_period: 0 diff --git a/keys/private_key.pkcs7.pem b/keys/private_key.pkcs7.pem new file mode 100644 index 000000000..f6182508f --- /dev/null +++ b/keys/private_key.pkcs7.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA9A+IuFu4HGKrRNBTsHADTKhDH7ZYXQCFYB/PeFj3kWpo9mZo +c26KIfvK6DXyaLATV3NStitLiAnAzVGIreeIdttlXm+hX+Ig1DeJrO+CZJxXXx+P +AfurpvsGaZMn46GvJfrh+h1dxYpX4UASpWIDIjoz16yHF1uVrd7yvoSM2znGNAHU +FFfdkT5qGLcOxe46iTlyK0gbtSUvT8arK1FKYiOjbyZ4RsOv5l0cvPY85HKKOc9p +t+f+vWzMuARh7HxcnKwA6FedLEBWQa1T2AxfRGBHK0pRj2sicaIxgnQXnKuuKBss +pLZSjIlTRSoH3Fdvqmk+FQJLPex//rXPiIyDYQIDAQABAoIBAQCrUcwzPY77vfdj +kqlsjPSD9wlHVYSppBf75diJLkp6dSvA6xofDVVBjbJdVqEXA6JQHM/OuI2IrO/+ +MGG1UXXlmRSLOekZmW5aCbJHBsmNPoHGcCy+w58207conPe/PlvoWTgPjlWouPf/ +Ui7EkQyKFjkWCDG8H7nuFzZmrj0CFSkzbZeaWFChQTgr9QGVKlW+iF4Upf7MK3i6 +xbHZCZpQJjZX7meGLo5I2mtJF0BQN+f7JQbsCqKLqYvcSpZXPfTg6Fhpt6mKdykq +y/N+CiVxLw2BmWd0pdiVWD/kTxW0DZ7Puby/Apx1UWPcydCy9WZYtalbbyVn1Plb ++AfzShwRAoGBAPqXapz1y8zATAyU4u44ar3yYo5ueWGhixxeZ1BiJ16yEpWwxqDl +G50JOO6y5Gcy/EbnOJ6ek7xvgBWMys1sOte5MtUIyo581/wkFgEnTaazTNWW+5ve +5jvh8f1r61IqFvMeK8aqL4jH2KbkH5KXN9pormGJgy7J3ssK0JaoB7cjAoGBAPlU +CITH9diJcNUmciJ/3o3VxqMdO5kwJb5px6JgqT7QrEu+v6WVwMz/D13xe0/gHY9d +Sju+1oD+uhQ+1/t17RcdI7CRzNVVlsORSW0feV1xPjAoHONrk3N8smDCM2tZJI1K +Ca771+cVb20EnMewxzUynbaK9aKiyLhDmM7FwIWrAoGAYsHxvlIQM21Fi1/R31hU +mO9BcCiRpaxoipGZ3dAQ+/zp3hyA6z/flg/gZBIUeadaTQcrBTgxuP2oWNXXxwV0 +WzgdlF+WlHkXFcOS+Hlo3N2k1jheiJtb2RW+rMUvRH5Z9Q5a6jx/50P7WiplVvxJ +gsXmk4ICNRpRt2tXsUgfYkkCgYEA1CL0sI02FwwxzZnNiJ8Fa+aVANnxiJBXvOBh +tD3MIp8Hyda9VxTIm2L03ziEc9y7Kez1KUphVhXlmy4xNEoM9Rqc8DHNd0JAaZtn +PwqFh8S/ZdfrZHB2X8+cMglqGI8bM3/oJ1MuSvaI/Nfs0VcO16t+Vv96qesZHvac +wGmvOcsCgYAruN9HJqbK7urAA1SaJ1mRlpf37YVzdH8Lsl+mr+BIAfalSabP120z +vE4TRvqREdrxNajiwSFjRMjl2hdx1s20fhcUYPrV+ubTxIYvJsxcSx/qyTxPC7jP +KBihxVxofJbr6DEzVFTSnQhYeoqtA5Rd0ILme82IlVhmZbXmZSIo2A== +-----END RSA PRIVATE KEY----- diff --git a/keys/public_key.pkcs7.pem b/keys/public_key.pkcs7.pem new file mode 100644 index 000000000..075f8e0cd --- /dev/null +++ b/keys/public_key.pkcs7.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2TCCAcGgAwIBAgIBATANBgkqhkiG9w0BAQUFADAAMCAXDTE4MTIwNDE2MTAw +NVoYDzIwNjgxMTIxMTYxMDA1WjAAMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEA9A+IuFu4HGKrRNBTsHADTKhDH7ZYXQCFYB/PeFj3kWpo9mZoc26KIfvK +6DXyaLATV3NStitLiAnAzVGIreeIdttlXm+hX+Ig1DeJrO+CZJxXXx+PAfurpvsG +aZMn46GvJfrh+h1dxYpX4UASpWIDIjoz16yHF1uVrd7yvoSM2znGNAHUFFfdkT5q +GLcOxe46iTlyK0gbtSUvT8arK1FKYiOjbyZ4RsOv5l0cvPY85HKKOc9pt+f+vWzM +uARh7HxcnKwA6FedLEBWQa1T2AxfRGBHK0pRj2sicaIxgnQXnKuuKBsspLZSjIlT +RSoH3Fdvqmk+FQJLPex//rXPiIyDYQIDAQABo1wwWjAPBgNVHRMBAf8EBTADAQH/ +MB0GA1UdDgQWBBTe28JgTJmSHIg12fJfhr8O/j5wKDAoBgNVHSMEITAfgBTe28Jg +TJmSHIg12fJfhr8O/j5wKKEEpAIwAIIBATANBgkqhkiG9w0BAQUFAAOCAQEAmAf7 +fiVGzeVDf6sJto5urI89hNfXwTECOjw03oMifZPVicG0Yu2RarMsS4Kc0XTjXpxb +Jue+AH6wK34RYpPs71aGkkOhcxNuu0l35GV6aeVyUPRD7LIp5bCoW3wfLfhmTNXD +YR2ICdkOlgvaAStnezg1dkTWojxu07q0hVRVE3ij2/JLd/qe3oy6tDUaDwrNWTpk +Ty/pd8J9B8FpyJ2Z47Rr47XbRCJiJQW5U8INSgPHt3sfdDuTn5UcXeUO1TBeVLND +U1eZpMi+YXhALKHFCi/9Vx4o9AmSbGjs5lZT2KAWnhN+VwNayqJXIOHYO+PNt4c9 +PomXmMQZnY8jRaFdoQ== +-----END CERTIFICATE----- diff --git a/metadata.json b/metadata.json new file mode 100644 index 000000000..754139aa2 --- /dev/null +++ b/metadata.json @@ -0,0 +1,72 @@ +{ + "name": "spidersddd-puppet_control_starter", + "version": "0.1.0", + "author": "spidersddd", + "summary": "", + "license": "Apache-2.0", + "source": "", + "dependencies": [ + + ], + "operatingsystem_support": [ + { + "operatingsystem": "CentOS", + "operatingsystemrelease": [ + "7" + ] + }, + { + "operatingsystem": "OracleLinux", + "operatingsystemrelease": [ + "7" + ] + }, + { + "operatingsystem": "RedHat", + "operatingsystemrelease": [ + "7" + ] + }, + { + "operatingsystem": "Scientific", + "operatingsystemrelease": [ + "7" + ] + }, + { + "operatingsystem": "Debian", + "operatingsystemrelease": [ + "8" + ] + }, + { + "operatingsystem": "Ubuntu", + "operatingsystemrelease": [ + "16.04" + ] + }, + { + "operatingsystem": "windows", + "operatingsystemrelease": [ + "2008 R2", + "2012 R2", + "10" + ] + }, + { + "operatingsystem": "Solaris", + "operatingsystemrelease": [ + "11" + ] + } + ], + "requirements": [ + { + "name": "puppet", + "version_requirement": ">= 4.10.0 < 7.0.0" + } + ], + "pdk-version": "1.8.0", + "template-url": "https://github.com/puppetlabs/pdk-templates", + "template-ref": "1.8.0-0-g0d9da00" +} diff --git a/scripts/code_manager_config_version.rb b/scripts/code_manager_config_version.rb index 2c9cb62f5..beacabcc8 100755 --- a/scripts/code_manager_config_version.rb +++ b/scripts/code_manager_config_version.rb @@ -1,10 +1,19 @@ -#!/usr/bin/env ruby +#!/opt/puppetlabs/puppet/bin/ruby require 'json' +require 'socket' environmentpath = ARGV[0] environment = ARGV[1] +# Get the hostname of the Puppet master compiling the catalog. +# Sometimes the hostname is the fqdn, so we'll take the first segment. +compiling_master = Socket.gethostname.split('.').first + +# Get the path to the Code Manager deployment info file. r10k_deploy_file_path = File.join(environmentpath, environment, '.r10k-deploy.json') -#output the sha1 from the control-repo -puts JSON.parse(File.read(r10k_deploy_file_path))['signature'] +# Get the first 12 characters of the commit ID out of the deployment file. +commit_id = JSON.parse(File.read(r10k_deploy_file_path))['signature'][0...11] + +# Show the compiling master, environment name, and commit ID. +puts "#{compiling_master}-#{environment}-#{commit_id}" diff --git a/scripts/config_version.rb b/scripts/config_version.rb index 3016a27b9..abb339032 100755 --- a/scripts/config_version.rb +++ b/scripts/config_version.rb @@ -1,24 +1,25 @@ -#!/usr/bin/env ruby +#!/opt/puppetlabs/puppet/bin/ruby begin require 'rugged' -rescue LoadError => e + require 'socket' +rescue LoadError t = Time.new puts t.to_i else - environmentpath = ARGV[0] environment = ARGV[1] - repo = Rugged::Repository.discover(File.join(environmentpath, environment)) - head = repo.head - - #sha1 hash of the newest commit - head_sha = head.target_id + # Get the hostname of the Puppet master compiling the catalog. + # Sometimes the hostname is the fqdn, so we'll take the first segment. + compiling_master = Socket.gethostname.split('.').first - #the commit message associated the newest commit - commit = repo.lookup(head_sha) + # Get the path to the environment being compiled. + repo = Rugged::Repository.discover(File.join(environmentpath, environment)) + head = repo.head - #add something to find the remote url + # First 12 characters of the sha1 hash of the newest commit. + commit_id = head.target_id[0...11] - puts head_sha + # Show the compiling master, environment name, and commit ID. + puts "#{compiling_master}-#{environment}-#{commit_id}" end diff --git a/scripts/config_version.sh b/scripts/config_version.sh index bc7721354..8dd8086b6 100755 --- a/scripts/config_version.sh +++ b/scripts/config_version.sh @@ -3,10 +3,10 @@ if [ -e $1/$2/.r10k-deploy.json ] then /opt/puppetlabs/puppet/bin/ruby $1/$2/scripts/code_manager_config_version.rb $1 $2 elif [ -e /opt/puppetlabs/server/pe_version ] -then - /opt/puppetlabs/puppet/bin/ruby $1/$2/scripts/config_version.rb $1 $2 +then + /opt/puppetlabs/puppet/bin/ruby $1/$2/scripts/config_version.rb $1 $2 else /usr/bin/git --version > /dev/null 2>&1 && /usr/bin/git --git-dir $1/$2/.git rev-parse HEAD || date +%s -fi +fi diff --git a/site/README.md b/site/README.md new file mode 100644 index 000000000..2efe94cea --- /dev/null +++ b/site/README.md @@ -0,0 +1,40 @@ +# Puppet Example Roles and Profiles + +These directories are example layout of Roles and Profiles practice. They have been constructed to represent current best practice and to support multiple operating systems. + +It SHOULD go without saying that everything should pass linting/validation, but +we're gonna go ahead and say that anyway. + +## Example requirements + +These examples have been constructed with the following requirements: + +======= +| Supported OS | Product Role | State | +|--------------------------|---------------------|-----| +| Win 2012r2 | `role::spider::web_be` | WIP | +| Win 2012r2 | `role::spider::database` | WIP | +| CentOS 7 | `role::spider::balancer` | WIP | +| Ubuntu 16.04 | role::fastb::web_be | Complete | + + + - Modeling should support three operating systems + - Windows 2012R2 + - CentOS (6,7) + - Ubuntu 16.04 + - Solaris 11.2 + - Two products should be represented + - Spider + - Windows systems hosting the product + - IIS Web service 'role::spiders::web_be' + - HAProxy loadbalancer 'role::spiders::balancer' + - SQL Database server 'role::spiders::database' + - Fastb + - Linux and Solaris systems hosting the product + - Tomcat web backend 'role::fastb::web_be' + - HAProxy loadbalancer 'role::fastb::balancer' + - MYSQL Database server 'role::fastb::database' + - These products are examples and will be deploying a `hello world` java application code base + - Support services + - While products usually do not share hosts support services do + - Example of monitoring service 'role::sup\_svc::monitoring::server' diff --git a/site/example_role/README.md b/site/example_role/README.md new file mode 100644 index 000000000..e99cd2734 --- /dev/null +++ b/site/example_role/README.md @@ -0,0 +1,22 @@ +# Puppet Example Roles + +This directory is working example roles for customers to use as well as model +future development after. They should follow best practice and model a multi OS +use case. + +It SHOULD go without saying that everything should pass linting/validation, but +we're gonna go ahead and say that anyway. + +## Organization and Namespaces + +Roles should be organized in a hierarchical form with product categories that descend into more specific services for the product. DO NOT just throw all your roles at the root of the `manifests/` folder. Oh, and please use sub-folders for related roles. + +### The Product folders + +`/manifests//` + + * This directory should contain example roles that manage nodes running specific product line functions. + * For example: + * `./manifests/fastb/web_be.pp` is `FastB product Web Backend`. + * `./manifests/spiders/database.pp` is `Spiders product SQL Database Backend`. + diff --git a/site/example_role/manifests/fastb/database.pp b/site/example_role/manifests/fastb/database.pp new file mode 100644 index 000000000..5c2218827 --- /dev/null +++ b/site/example_role/manifests/fastb/database.pp @@ -0,0 +1,7 @@ +# This is an example of a product called +# "Fast B" +# This is a database for that product. +class example_role::fastb::database { + include profile::os::baseline + include profile::app::mysql::server +} diff --git a/site/example_role/manifests/fastb/web_be.pp b/site/example_role/manifests/fastb/web_be.pp new file mode 100644 index 000000000..5e0fb68cb --- /dev/null +++ b/site/example_role/manifests/fastb/web_be.pp @@ -0,0 +1,7 @@ +# This is an example of a product called +# "Fast B" +# This is a web backend for that product. +class example_role::fastb::web_be { + include profile::os::baseline + include profile::app::fastb +} diff --git a/site/example_role/manifests/spider/web_be.pp b/site/example_role/manifests/spider/web_be.pp new file mode 100644 index 000000000..2f3b04ab2 --- /dev/null +++ b/site/example_role/manifests/spider/web_be.pp @@ -0,0 +1,8 @@ +# This is an example of a product called +# "Fast B" +# This is a web backend for that product. +class example_role::spider::web_be { + include profile::os::baseline + include profile::app::iis::default_app_pool + # include profile::app::spider +} diff --git a/site/example_role/manifests/sup_svc/monitor/server.pp b/site/example_role/manifests/sup_svc/monitor/server.pp new file mode 100644 index 000000000..91460f829 --- /dev/null +++ b/site/example_role/manifests/sup_svc/monitor/server.pp @@ -0,0 +1,5 @@ +# This is a monitoring server for that many products and services +class example_role::sup_svc::monitor::server { + include profile::os::baseline + include profile::app::icinga::server +} diff --git a/site/example_role/manifests/sup_svc/puppet/compiler.pp b/site/example_role/manifests/sup_svc/puppet/compiler.pp new file mode 100644 index 000000000..74fdb2581 --- /dev/null +++ b/site/example_role/manifests/sup_svc/puppet/compiler.pp @@ -0,0 +1,4 @@ +# This is a role to add to the Puppet compiler group +class example_role::sup_svc::puppet::compiler { + include profile::os::baseline +} diff --git a/site/example_role/manifests/sup_svc/puppet/master.pp b/site/example_role/manifests/sup_svc/puppet/master.pp new file mode 100644 index 000000000..206f17024 --- /dev/null +++ b/site/example_role/manifests/sup_svc/puppet/master.pp @@ -0,0 +1,5 @@ +# This is a role to add to the Puppet Master. +class example_role::sup_svc::puppet::master { + include profile::os::baseline + include profile::app::puppet::masters +} diff --git a/site/profile/README.md b/site/profile/README.md new file mode 100644 index 000000000..fe104ea73 --- /dev/null +++ b/site/profile/README.md @@ -0,0 +1,57 @@ +# Puppet Example Profiles + +This directory is working example profiles for customers to use as well as model +future development after. They should follow best practice and model a multi OS +use case. + +It SHOULD go without saying that everything should pass linting/validation, but +we're gonna go ahead and say that anyway. + +## Organization and Namespaces + +Profile sprawl is a real concern. To prevent that, please try to follow a convention. + +Profiles should be organized in a hierarchical form with a few top-level categories that descend into more specific things. DO NOT just throw all your profiles at the root of the `manifests/` folder. Oh, and please use sub-folders for related profiles. + +### The OS folder + +`./manifests/os/` + + * This directory should contain profiles that manage items built-in to an operating system. For example, DNS, NTP, Users, firewall rules, etc.... + * If the thing being managed is "out of the box", it goes here. + +`./manifests/os/baseline.pp` + + * Profile that will wrap the OS level profiles + * Profile that build to support all business supported OS. + * Profile to implement the minimium base that security, product and sysadmins will allow on a company network. + * Profile built to install the base software for a company that is identified as site wide software, ie backup etc. + +`./manifests/os//` + + * Profiles that are specific to built-in settings of one operating system go here. + * For example, `/manifests/os/windows/security.pp`, `/manifests/os/linux/firewall.pp`, or `/manifests/os/solaris/enable_ssh.pp`. + +### The App folder + +`./manifests/app//.pp` + + * This directory should contain profiles to manage applications stacks. + * An "app" is anything that does **not** come out of the box or is **not** built-in to the operating system. + * Use simple and easy to understand sub folders that describe the type of application being managed. + * For example, `app/liferay.pp` is **bad**. While `app/cms/liferay.pp` is better as it groups it in the "CMS" category. + * Avoid ambiguous profile names. `profile::app::splunk::forwarder` is better than `profile::app::splunk`. + * Other examples: `/manifests/app/apache.pp`, `/manifests/app/sql/server.pp`, or `/manifests/app/f5/load_balancer.pp`. + +`./manifests/cloud//.pp` + + * This directory is for profiles that will be used to implement cloud API services. + * This should be things like profiles to communicate to API's like Azure, Google Cloud, OpenStack, etc. + +`./lib/facter/` + + * This will be used a location to store site (company) specific facts not specific to a component module. + +`./functions/` + + * This directory is for site specific functions not related to modules. diff --git a/site/profile/functions/bool2num_hash_recursive.pp b/site/profile/functions/bool2num_hash_recursive.pp new file mode 100644 index 000000000..a3fb3be8b --- /dev/null +++ b/site/profile/functions/bool2num_hash_recursive.pp @@ -0,0 +1,45 @@ +# This functions converts the Boolean values of a Hash to Integers, +# either '0' or '1'. It does this recursively, decending as far as the +# language implemenation will allow. Note that Structs and Arrays will +# be ignored, even if they contain Hashes. +# +# @private +# +# @param arg [Hash] The hash on which to operate +# @return [Hash] +# +# @example Usage +# +# ```puppet +# Hash $foo = { +# bar => { 'a' => true, 'b' => 'b' }, +# baz => false, +# qux => [{ 'c' => true }, { 'd' => false }], +# } +# +# profile::bool2num_hash_recursive($foo) +# ``` +# +# The above would return: +# +# ```puppet +# { +# bar => { 'a' => 1, 'b' => 'b' }, +# baz => 0, +# qux => [{ 'c' => true }, { 'd' => false }], +# } +# ``` +# +function profile::bool2num_hash_recursive($arg) { + assert_type(Hash, $arg) + $arg.map |$key, $value| { + $return_value = $value ? { + Boolean => bool2num($value), + Hash => profile::bool2num_hash_recursive($value), + default => $value, + } + Hash({ $key => $return_value }) + }.reduce |$attrs_memo, $kv| { + merge($attrs_memo, $kv) + } +} diff --git a/site/profile/functions/data.pp b/site/profile/functions/data.pp new file mode 100644 index 000000000..9c39fb4c5 --- /dev/null +++ b/site/profile/functions/data.pp @@ -0,0 +1,8 @@ +function profile::data(){ + $base_params = { + + } + + $base_params +} + diff --git a/site/profile/lib/facter/app_tier_subnet.rb b/site/profile/lib/facter/app_tier_subnet.rb new file mode 100644 index 000000000..b8cff4d7d --- /dev/null +++ b/site/profile/lib/facter/app_tier_subnet.rb @@ -0,0 +1,32 @@ +# Accessible in puppet as $::app_tier_subnet +require 'ipaddr' +Facter.add(:app_tier_subnet) do + setcode do + begin + # Set segment_name to nil + # If error occures the nil will be passed + segment_name = nil + # Mapping of vlans to ipaddresses + # NOTE: To extend this fact, modify this hash + vlan_segments = { + 'prod' => IPAddr.new('10.10.10/22'), + 'dev' => IPAddr.new('11.11.11/22'), + 'uat' => IPAddr.new('12.12.12/22'), + 'cloud' => IPAddr.new('13.13.13/24'), + } + + # Iterate through all segments and find the one that matches + vlan_segments.each do |segment, address| + if address.include?(Facter.value(:ipaddress)) + segment_name = segment + break + end + end + + # Return the name of the segment that matches + segment_name + rescue + segment_name + end + end +end diff --git a/site/profile/lib/facter/datacenter.rb b/site/profile/lib/facter/datacenter.rb new file mode 100644 index 000000000..cad0d26da --- /dev/null +++ b/site/profile/lib/facter/datacenter.rb @@ -0,0 +1,27 @@ +Facter.add(:datacenter) do + setcode do + datacenters_map = { + 'lax' => ['lax', 'lax2', 'hq'], + 'dc' => ['dc', 'dc2', 'dc3', 'foo'], + 'london' => ['lon', 'uk', 'london', 'bar'], + 'none' => ['localhost', 'local'], + } + + # Assume that all hostnames look like this: + # lax-prod-www-291 + # dc-dev-www-111 + # lon-prod-db-101 + # The 'datacenter' segment is the first part of a host name. + first_segment = Facter.value(:hostname).split('-')[0] + + datacenter = nil + + datacenters_map.each do |datacenter_name, datacenter_aliases| + if datacenter_aliases.include? first_segment + datacenter = datacenter_name + break + end + end + datacenter + end +end diff --git a/site/profile/manifests/app/README.md b/site/profile/manifests/app/README.md new file mode 100644 index 000000000..630aa4a4e --- /dev/null +++ b/site/profile/manifests/app/README.md @@ -0,0 +1,10 @@ +### The App folder + +`./manifests/app//.pp` + + * This directory should contain profiles to manage applications stacks. + * An "app" is anything that does **not** come out of the box or is **not** built-in to the operating system. + * Use simple and easy to understand sub folders that describe the type of application being managed. + * For example, `app/liferay.pp` is **bad**. While `app/cms/liferay.pp` is better as it groups it in the "CMS" category. + * Avoid ambiguous profile names. `profile::app::splunk::forwarder` is better than `profile::app::splunk`. + * Other examples: `/manifests/app/apache.pp`, `/manifests/app/sql/server.pp`, or `/manifests/app/f5/load_balancer.pp`. diff --git a/site/profile/manifests/app/f5/load_balancer.pp b/site/profile/manifests/app/f5/load_balancer.pp new file mode 100644 index 000000000..db620f6fe --- /dev/null +++ b/site/profile/manifests/app/f5/load_balancer.pp @@ -0,0 +1,113 @@ +# profile::app::f5::load_balancer +# +# @summary This is a defined-type profile that creates everything +# needed in an F5 to load-balance a set of servers. +# +# @example Declaring a set of load-balanced servers: +# +# profile::app::f5::load_balancer { 'Awesome WebApp': +# nodes => [ +# { name => 'web1', address => '10.1.1.11', port => '80' }, +# { name => 'web2', address => '10.1.1.12', port => '80' }, +# { name => 'web3', address => '10.1.1.13', port => '80' }, +# ], +# pool_name => 'web_pool', +# virtualserver_name => 'website.foo.net', +# destination_address => '10.1.1.10', +# } +# +# @param nodes An array of hashes, where each hash contains a 'name', 'address', 'port', and optional 'monitors' key. +# @param pool_name The name of the pool to create and manage. +# @param virtualserver_name The name of the virtualserver to create and mange. +# @param destination_address The IP address of the VIP destination. +# +define profile::app::f5::load_balancer ( + Array[Hash] $nodes, + String $pool_name, + String $virtualserver_name, + String $destination_address, + Optional[Array[String]] $irules = undef, + String $destination_mask = '255.255.255.255', + Array[String] $health_monitors = [ '/Common/tcp' ], + String $load_balancing_method = 'round-robin', + Enum['present','absent'] $ensure = 'present', + String $http_profile = '/Common/http', + String $service_port = '80', + String $source = '0.0.0.0', +) { + + $description = "Managed by Puppet: ${title}" + + $_pool_name = $pool_name ? { + /^\/Common\// => $pool_name, + default => "/Common/${pool_name}", + } + + $_virtualserver_name = $virtualserver_name ? { + /^\/Common\// => $virtualserver_name, + default => "/Common/${virtualserver_name}", + } + + # Iterate over each node and manage it. + $nodes.each |Hash $node| { + + # Check that all required node properties are defined. + ['name','address','port'].each |$property| { + if !(has_key($node, $property)) or ($node[$property] == undef) { + fail("${title}: Missing required node property '${property}'") + } + } + + # Use the ICMP monitor if none defined. + $_monitors = $node['monitors'] ? { + undef => [ '/Common/icmp' ], + default => $node['monitors'], + } + + f5_node { $node['name']: + ensure => $ensure, + address => $node['address'], + health_monitors => $_monitors, + availability_requirement => 'all', + description => $description, + before => [ + F5_pool[$_pool_name], + F5_virtualserver[$_virtualserver_name], + ], + } + + } + + # Generate the members parameter value to use in the f5_pool. + # We are creating an array of hashes with 'name' and 'port' keys. + $members = $nodes.map |Hash $node| { + { + 'name' => $node['name'], + 'port' => $node['port'], + } + } + + f5_pool { $_pool_name: + ensure => $ensure, + health_monitors => $health_monitors, + load_balancing_method => $load_balancing_method, + members => $members, + description => $description, + before => F5_virtualserver[$_virtualserver_name], + } + + f5_virtualserver { $_virtualserver_name: + ensure => $ensure, + provider => 'standard', + default_pool => $_pool_name, + destination_address => $destination_address, + destination_mask => $destination_mask, + http_profile => $http_profile, + service_port => $service_port, + irules => $irules, + source => $source, + description => $description, + require => F5_pool[$_pool_name], + } + +} diff --git a/site/profile/manifests/app/fastb.pp b/site/profile/manifests/app/fastb.pp new file mode 100644 index 000000000..d1ff81ba6 --- /dev/null +++ b/site/profile/manifests/app/fastb.pp @@ -0,0 +1,29 @@ +# This is a example profile to deploy fastb application software. +class profile::app::fastb ( + Stdlib::HTTPSUrl $download_url = 'https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/sureshatt/http-demo.war', + String $app_dir = 'fastb', +) { + require profile::app::tomcat::webserver + + $user = $profile::app::tomcat::webserver::user + $group = $profile::app::tomcat::webserver::group + $service = $profile::app::tomcat::webserver::service + $catalina_home = $profile::app::tomcat::webserver::tomcat_install_path + + tomcat::war { 'http-demo.war': + war_source => $download_url, + user => $user, + group => $group, + } + + $mysql_passwd = lookup( { 'name' => "profile::app::fastb::fastb_db_password::${trusted['extensions']['pp_preshared_key']}", + 'merge' => { + 'strategy' => 'unique', + 'default_value' => 'somesillystringfortestdata' }, }) + + + @@mysql_user { "fastb_db_user@${facts['fqdn']}": + ensure => present, + password_hash => mysql_password($mysql_passwd) + } +} diff --git a/site/profile/manifests/app/haproxy/server.pp b/site/profile/manifests/app/haproxy/server.pp new file mode 100644 index 000000000..342c8ff39 --- /dev/null +++ b/site/profile/manifests/app/haproxy/server.pp @@ -0,0 +1,44 @@ +#class for HaProxy services +class profile::app::haproxy::server( + Hash[String, Hash[String, Any]] $listeners = {}, + Hash[String, Hash[String, Any]] $frontends = {}, + Hash[String, Hash[String, Any]] $backends = {}, + Enum['enable', 'disable' ] $admin_stats = 'disable', + Array[Integer] $stats_port = [9090], + String $stats_username = 'puppet', + String $stats_password = 'puppet', +) { + + include haproxy + +class { 'haproxy': + global_options => { + 'log' => "${facts['ipaddress']} local0", + 'chroot' => '/var/lib/haproxy', + 'pidfile' => '/var/run/haproxy.pid', + 'maxconn' => '4000', + 'user' => 'haproxy', + 'group' => 'haproxy', + 'daemon' => '', + 'stats' => 'socket /var/lib/haproxy/stats', + }, + defaults_options => { + 'log' => 'global', + 'stats' => $admin_stats, + 'option' => [ + 'redispatch', + ], + 'retries' => '3', + 'timeout' => [ + 'http-request 10s', + 'queue 1m', + 'connect 10s', + 'client 1m', + 'server 1m', + 'check 10s', + ], + 'maxconn' => '8000', + }, +} + +} diff --git a/site/profile/manifests/app/icinga/server.pp b/site/profile/manifests/app/icinga/server.pp new file mode 100644 index 000000000..6d2ba6a08 --- /dev/null +++ b/site/profile/manifests/app/icinga/server.pp @@ -0,0 +1,13 @@ +# A description of what this class does +# +# @summary This class will install a icinga2 server +# +# @example +# include profile::app::icinga::server +class profile::app::icinga::server ( + Boolean $manage_repo = false, +) { + class { '::icinga2': + manage_repo => $manage_repo, + } +} diff --git a/site/profile/manifests/app/iis/default_app_pool.pp b/site/profile/manifests/app/iis/default_app_pool.pp new file mode 100644 index 000000000..932541df3 --- /dev/null +++ b/site/profile/manifests/app/iis/default_app_pool.pp @@ -0,0 +1,31 @@ +# example class of default IIS app pool +class profile::app::iis::default_app_pool ( + String $site_name = 'Default Web Site' +) { + $iis_features = ['Web-WebServer','Web-Scripting-Tools'] + + iis_feature { $iis_features: + ensure => 'present', + } + + # Delete the default website to prevent a port binding conflict. + iis_site {'Default Web Site': + ensure => absent, + require => Iis_feature['Web-WebServer'], + } + + iis_site { 'minimal': + ensure => 'started', + physicalpath => 'c:\\inetpub\\minimal', + applicationpool => 'DefaultAppPool', + require => [ + File['minimal'], + Iis_site[$site_name] + ], + } + + file { 'minimal': + ensure => 'directory', + path => 'c:\\inetpub\\minimal', + } +} diff --git a/site/profile/manifests/app/java.pp b/site/profile/manifests/app/java.pp new file mode 100644 index 000000000..ebddeb7a3 --- /dev/null +++ b/site/profile/manifests/app/java.pp @@ -0,0 +1,18 @@ +# This profile os to install an normalize java for +# agent hosts. +class profile::app::java { + case $facts['os']['family'] { + 'RedHat', 'Debian': { + require java + } + 'windows': { + require windows_java + } + 'Solaris': { + require java + } + default: { + fail("OS family ${facts['os']['family']} is not supported with ${title}.") + } + } +} diff --git a/site/profile/manifests/app/mysql/server.pp b/site/profile/manifests/app/mysql/server.pp new file mode 100644 index 000000000..eee74c09a --- /dev/null +++ b/site/profile/manifests/app/mysql/server.pp @@ -0,0 +1,52 @@ +# This is an example profile to install +# MYSql +class profile::app::mysql::server ( + # root_password is set in hiera data based on role and env_n_role + # Please delete files in " 'profile::app::mysql::server::settings', + 'merge' => { + 'strategy' => 'deep', + 'knockout_prefix' => '--', + }, + } ) + assert_type(Hash[String, Any], $lookup_settings) + + $tag_for_exported_mysql_users = $trusted['extensions']['pp_preshared_key'] + + assert_type(String, $tag_for_exported_mysql_users) + + # This will ensure the root_password is of Sensitive datatype to protect the + # root_password from showing up in the logs. + # Currently mysql::server expects String not Sensitive[String] that is why + # this is commented out. + #$secure_root_pass = $root_password ? { + # Sensitive[String] => $root_password, + # default => Sensitive($root_password) + #} + $secure_root_pass = $root_password + + class { 'mysql::server': + root_password => $secure_root_pass, + * => $lookup_settings, + } + contain mysql::server + + $mysql_bindings.each | String $binding | { + contain "mysql::bindings::${binding}" + } + + Mysql_user <<| tag == $tag_for_exported_mysql_users |>> + + $dbs.each |$dbname, $opts| { + mysql::db { $dbname: + * => $opts, + } + } + +} diff --git a/site/profile/manifests/app/puppet/check_hiera_keys.pp b/site/profile/manifests/app/puppet/check_hiera_keys.pp new file mode 100644 index 000000000..075413af2 --- /dev/null +++ b/site/profile/manifests/app/puppet/check_hiera_keys.pp @@ -0,0 +1,22 @@ +# This section will check repo provided keys in the demo/example +# control-repo and warn if they are still in use. +class profile::app::puppet::check_hiera_keys { + + $hiera_private_key = '/etc/puppetlabs/code/environments/production/keys/private_key.pkcs7.pem' + $hiera_private_key_exists = inline_template("<% if File.exist?('${hiera_private_key}') -%>true<% end -%>") + + if $hiera_private_key_exists { + $warning_content = "\n**WARNING** ${hiera_private_key}\n \ + file should be removed from the control repo!\n \ + Please generate new eyaml keys for your Puppet Master.\n \ + Any eyaml encrypted data should be re-encrypted with new keys.\n \ + DO NOT PLACE PRIVATE KEY in control-repo!\n \ + See https://github.com/voxpupuli/hiera-eyaml#generate-keys \n" + + warning($warning_content) + notify { 'key error': + message => $warning_content, + } + } + +} diff --git a/site/profile/manifests/app/puppet/compiler.pp b/site/profile/manifests/app/puppet/compiler.pp new file mode 100644 index 000000000..1a8464a7a --- /dev/null +++ b/site/profile/manifests/app/puppet/compiler.pp @@ -0,0 +1,47 @@ +# class profile::app::puppet::compiler +# This profile has a chicken and egg complex +# The content of the keys cannot reside in hiera-eyaml until Primary Master has been configured. +class profile::app::puppet::compiler ( + String $ssh_private_key_content, + String $ssh_public_key_content, + String $eyaml_private_key_content, + String $eyaml_public_key_content, +) { + + file { [ '/etc/puppetlabs/puppet/eyaml', '/etc/puppetlabs/puppetserver/ssh/' ]: + ensure => directory, + owner => 'pe-puppet', + group => 'pe-puppet', + mode => '0750', + } + + file { '/etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa': + ensure => file, + owner => 'pe-puppet', + group => 'pe-puppet', + content => $ssh_private_key_content, + } + + file { '/etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa.pub': + ensure => file, + owner => 'pe-puppet', + group => 'pe-puppet', + content => $ssh_public_key_content, + } + + file { '/etc/puppetlabs/puppet/eyaml/private_key.pkcs7.pem': + ensure => file, + owner => 'pe-puppet', + group => 'pe-puppet', + mode => '0600', + content => $eyaml_private_key_content, + } + + file { '/etc/puppetlabs/puppet/eyaml/public_key.pkcs7.pem': + ensure => file, + owner => 'pe-puppet', + group => 'pe-puppet', + mode => '0644', + content => $eyaml_public_key_content, + } +} diff --git a/site/profile/manifests/app/puppet/masters.pp b/site/profile/manifests/app/puppet/masters.pp new file mode 100644 index 000000000..d73b53d37 --- /dev/null +++ b/site/profile/manifests/app/puppet/masters.pp @@ -0,0 +1,34 @@ +# This class can be used to enforce site specific settings on the +# masters +class profile::app::puppet::masters ( + Optional[String] $puppet_ca = undef, + Boolean $debug_messages = false, +) { + if $facts['pe_server_version'] { + include puppet_enterprise + + # This will quiery the puppet_db to see what hosts are running as the Puppet CA. + $puppetdb_puppet_ca = 'resources[certname] { type = "Class" and title = "Puppet_enterprise::Profile::Certificate_authority" }' + $puppet_ca_nodes = puppetdb_query($puppetdb_puppet_ca).each |$value| { $value["certname"] } + # This will check if puppet_ca param was assigned and if not use $puppet_enterprise::certificate_authority_host + if $puppet_ca == undef { + $pe_ca = $puppet_enterprise::certificate_authority_host + } else { + $pe_ca = $puppet_ca + } + + # This code will include a class on compilers but not on the puppet_ca (Master of Masters) + if (! $trusted['certname'] in $puppet_ca_nodes) and (! $trusted['certname'] == $pe_ca) { + include profile::app::puppet::compiler + } else { + # This is a Master of Masters section to add classes to + if $debug_messages { + notify { 'Master message': + message => "${facts['fqdn']} is running the Puppet_enterprise::Profile::Certificate_authority class", + } + } + } + } + include profile::app::puppet::check_hiera_keys + +} diff --git a/site/profile/manifests/app/puppet/non_pe_infra_agent.pp b/site/profile/manifests/app/puppet/non_pe_infra_agent.pp new file mode 100644 index 000000000..79acbd6f1 --- /dev/null +++ b/site/profile/manifests/app/puppet/non_pe_infra_agent.pp @@ -0,0 +1,13 @@ +# class to help manage server settings +class profile::app::puppet::non_pe_infra_agent ( + String $puppet_server = 'puppet.exampledomain.com', + Stdlib::Absolutepath $path_to_puppet_conf_dir = '/etc/puppetlabs/puppet', +) { + ini_setting { 'puppet server setting': + ensure => present, + path => "${path_to_puppet_conf_dir}/puppet.conf", + section => 'main', + setting => 'server', + value => $puppet_server, + } +} diff --git a/site/profile/manifests/app/sql/sap_server.pp b/site/profile/manifests/app/sql/sap_server.pp new file mode 100644 index 000000000..f3e85245c --- /dev/null +++ b/site/profile/manifests/app/sql/sap_server.pp @@ -0,0 +1,7 @@ +# This is the profile to use for SAP database servers +class profile::app::sql::sap_server { + class { 'profile::app::sql::common': + use_sql_as_security_mode => true, + sql_collation => 'SQL_Latin1_General_CP850_BIN2', + } +} diff --git a/site/profile/manifests/app/sql/server.pp b/site/profile/manifests/app/sql/server.pp new file mode 100644 index 000000000..6f0f68bc7 --- /dev/null +++ b/site/profile/manifests/app/sql/server.pp @@ -0,0 +1,76 @@ +# Class: profile::app::sql::server +# +# +class profile::app::sql::server ( +# Commented out due to mount not working +# Stdlib::Absolutepath $sql_iso_to_mount, + String[1] $sa_password, + Stdlib::Absolutepath $temp_db_location = 'D:\\TempDB', + Stdlib::Absolutepath $sql_source = 'K:\\', + String[1] $sql_version_fact = 'SQL_2017', + Boolean $use_sql_as_security_mode = false, + Array $sql_feature_array = [ 'Conn', 'BC', 'SDK' ], + Enum['SQL_Latin1_General_CP1_CI_AS', 'SQL_Latin1_General_CP850_BIN2'] $sql_collation = 'SQL_Latin1_General_CP1_CI_AS', +) { + # resources + file { $temp_db_location: + ensure => directory, + } + +# if $facts['sqlserver_instances'][$sql_version_fact].empty and $facts['sqlserver_features'][$sql_version_fact] != $sql_feature_array { +# class {'profile::tools::map_install_storage': +# iso_to_mount => $sql_iso_to_mount, +# before => [ Sqlserver_instance['MSSQLSERVER'],Sqlserver_features['Generic Features'] ], +# } +# } + + if $use_sql_as_security_mode { + sqlserver_instance { 'MSSQLSERVER': + source => $sql_source, + features => ['SQLEngine','FullText'], + security_mode => 'SQL', + sa_pwd => $sa_password, + sql_svc_account => 'SYSTEM', + install_switches => { + 'SQLTEMPDBDIR' => $temp_db_location, + 'SQLCOLLATION' => $sql_collation, + }, + agt_svc_account => 'SYSTEM', + sql_sysadmin_accounts => 'BUILTIN\Administrators', + require => File[$temp_db_location], + } + } else { + sqlserver_instance { 'MSSQLSERVER': + source => $sql_source, + features => ['SQLEngine','FullText'], + sql_svc_account => 'SYSTEM', + install_switches => { + 'SQLTEMPDBDIR' => $temp_db_location, + 'SQLCOLLATION' => $sql_collation, + }, + agt_svc_account => 'SYSTEM', + sql_sysadmin_accounts => 'BUILTIN\Administrators', + require => File[$temp_db_location], + } + } + + sqlserver_features { 'Generic Features': + source => $sql_source, + features => $sql_feature_array, + require => Sqlserver_instance['MSSQLSERVER'], + } + +# Resource to connect to the DB instance +sqlserver::config { 'MSSQLSERVER': + admin_login_type => 'WINDOWS_LOGIN' +} + +sqlserver::login {'sa': + instance => 'MSSQLSERVER', + disabled => true, + } + + reboot { 'reboot after sql installation change': + subscribe => [Sqlserver_instance['MSSQLSERVER'],Sqlserver_features['Generic Features']], + } +} diff --git a/site/profile/manifests/app/tomcat/webserver.pp b/site/profile/manifests/app/tomcat/webserver.pp new file mode 100644 index 000000000..606eeed5a --- /dev/null +++ b/site/profile/manifests/app/tomcat/webserver.pp @@ -0,0 +1,32 @@ +# This profile will install tomcat +class profile::app::tomcat::webserver ( + Optional[String] $download_url = undef, + Stdlib::Absolutepath $tomcat_install_path = '/opt/tomcat', + String[1] $user = 'tomcat', + String[1] $group = 'tomcat', + String[1] $service = 'tomcat', + Integer $port = 8080, +) { + require profile::app::java + + if $download_url { + class { 'tomcat': + catalina_home => $tomcat_install_path, + user => $user, + group => $group, + } + + tomcat::install { $tomcat_install_path: + source_url => $download_url, + user => $user, + group => $group, + } + + tomcat::service { $service: + require => Tomcat::Install[$tomcat_install_path] + } + } else { + fail("download_url not set for ${title}.") + } + contain tomcat +} diff --git a/site/profile/manifests/app/wordpress.pp b/site/profile/manifests/app/wordpress.pp new file mode 100644 index 000000000..1958dbec5 --- /dev/null +++ b/site/profile/manifests/app/wordpress.pp @@ -0,0 +1,24 @@ +# This profile will deploy a wordpress blogserver +class profile::app::wordpress ( + String $mysql_server = 'localhost', + String $mysql_user = 'wp_db_user', + Stdlib::HTTPUrl $wp_site_url = "http://${facts['networking']['ip']}/port/4005/", +) { + if ($mysql_server == 'localhost') { + contain profile::app::mysql::server + } + + include apache + include apache::mod::php + apache::vhost { $facts['fqdn']: + port => '80', + priority => '00', + docroot => '/opt/wordpress', + } + + class { 'wordpress': + wp_owner => 'apache', + wp_site_url => $wp_site_url, + require => Class['apache'], + } +} diff --git a/site/profile/manifests/base.pp b/site/profile/manifests/base.pp deleted file mode 100644 index ae85e6550..000000000 --- a/site/profile/manifests/base.pp +++ /dev/null @@ -1,5 +0,0 @@ -class profile::base { - - #the base profile should include component modules that will be on all nodes - -} diff --git a/site/profile/manifests/cloud/azure/deployhost.pp b/site/profile/manifests/cloud/azure/deployhost.pp new file mode 100644 index 000000000..543e7fe06 --- /dev/null +++ b/site/profile/manifests/cloud/azure/deployhost.pp @@ -0,0 +1,91 @@ +## +# profile::cloud::azure::deployhost +# +# Builds a host used to interface with Azure (to be used by puppetlabs/azure module). +# Gems and packages are required to be installed into ruby packaged with Puppet Agent. +# Tested on CentOS and Windows 2012R2. +# +# Module requirements: +# * puppetlabs/hocon +# +# Other requirements: +# * Azure login (https://azure.microsoft.com/) +# * Azure Service Principal (SP) with permissions to create objects. +# +# @summary Micosoft Azure deployer proxy host. +# +# @param azure_packages Packages required for azure_gems on Linux. +# +# @param azure_gems Gems required. +# +# @param azure_config +# subscription_id: +# * Portal: Subscriptions -> $name -> Subscription ID +# * CLI 2.0: `az account list --output table` +# tenant_id: +# * Portal: Azure Active Directory -> Properties -> Directory ID +# * CLI 2.0: `az account show --output table` +# client_id: +# * Portal: Azure Active Directory -> App Registrations -> $name -> Application ID +# * CLI 2.0: `az ad app list` +# client_secret: Only displayed once upon creation of client_id. +# * Portal: Azure Active Directory -> App Registrations -> New application registration +# * CLI 2.0: `az ad sp create-for-rbac --name $sp_name` +# +class profile::cloud::azure::deployhost ( + Array $azure_packages = ['gcc-c++', 'zlib-devel'], + Hash $azure_gems = { + 'activesupport' => '4.2.9', + 'nokogiri' => '~>1.7.0', + 'azure' => '~>0.7.0', + 'azure-armrest' => '0.3.1', + 'azure_mgmt_compute' => '~>0.3.0', + 'azure_mgmt_storage' => '~>0.3.0', + 'azure_mgmt_resources' => '~>0.3.0', + 'azure_mgmt_network' => '~>0.3.0', + 'hocon' => '~>1.1.2', + 'retries' => 'latest', + }, + + Hash $azure_config = { + 'subscription_id' => undef, + 'tenant_id' => undef, + 'client_id' => undef, + 'client_secret' => undef, + } +) { + + ## + # Packges & Gems + # + if $facts['kernel'] == 'Linux' { + package { $azure_packages: + ensure => installed, + } + } + + $azure_gems.each | String $gem, String $version | { + package { $gem: + ensure => $version, + provider => 'puppet_gem', + } + } + + ## + # Configuration + # + $agent_confdir = $facts['os']['family'] ? { + 'windows' => 'C:/ProgramData/PuppetLabs/puppet/etc', + default => '/etc/puppetlabs/puppet', + } + + $azure_config.each | $i, $v | { + hocon_setting {"azure.conf-${i}": + ensure => present, + path => "${agent_confdir}/azure.conf", + setting => "azure.${i}", + value => $v, + } + } + +} diff --git a/site/profile/manifests/cloud/azure/vm_test.pp b/site/profile/manifests/cloud/azure/vm_test.pp new file mode 100644 index 000000000..2d1493884 --- /dev/null +++ b/site/profile/manifests/cloud/azure/vm_test.pp @@ -0,0 +1,19 @@ +## +# Create a VM in Azure using Resource Manager method. +# +# Caveats: +# * 'user' can not be "admin". +# * 'password' must be at least 12 characters. +# +class profile::cloud::azure::vm_test { + azure_vm { 'vm1': + ensure => present, + location => 'westus', + image => 'OpenLogic:CentOS:7.3:latest', + user => 'puppet', + password => '6Eji6PB9ErXJ7PrJtWQP', + size => 'Basic_A0', + resource_group => 'my-group', + } +} + diff --git a/site/profile/manifests/example.pp b/site/profile/manifests/example.pp deleted file mode 100644 index 0b48c3a10..000000000 --- a/site/profile/manifests/example.pp +++ /dev/null @@ -1,3 +0,0 @@ -class profile::example { - -} diff --git a/site/profile/manifests/os/README.md b/site/profile/manifests/os/README.md new file mode 100644 index 000000000..3edf25691 --- /dev/null +++ b/site/profile/manifests/os/README.md @@ -0,0 +1,19 @@ +### The OS folder + +`./manifests/os/` + + * This directory should contain profiles that manage items built-in to an operating system. For example, DNS, NTP, Users, firewall rules, etc.... + * If the thing being managed is "out of the box", it goes here. + +`./manifests/os/baseline.pp` + + * Profile that will wrap the OS level profiles + * Profile that build to support all business supported OS. + * Profile to implement the minimium base that security, product and sysadmins will allow on a company network. + * Profile built to install the base software for a company that is identified as site wide software, ie backup etc. + +`./manifests/os//` + + * Profiles that are specific to built-in settings of one operating system go here. + * For example, `/manifests/os/windows/registry.pp`, `/manifests/os/linux/firewall.pp`, or `/manifests/os/solaris/enable_ssh.pp`. + diff --git a/site/profile/manifests/os/baseline.pp b/site/profile/manifests/os/baseline.pp new file mode 100644 index 000000000..ee744ec72 --- /dev/null +++ b/site/profile/manifests/os/baseline.pp @@ -0,0 +1,47 @@ +# This profile an example of base profile. +# It should support all site OS's and sould be enforced +# on all agent hosts. This is the minimum bar of site +# specific hosts. +class profile::os::baseline ( + Array[String[1]] $name_servers = [ '8.8.8.8', '8.8.4.4' ], + Array[String[1]] $search_path = [ 'localdomain', 'puppet.vm' ], +) { + # Profile to set a default base level of acceptable security and + # configuration for systems to be used within the company networks. + case $facts['os']['family'] { + 'RedHat','Debian': { + class { 'profile::os::baseline::dns_resolver': + name_servers => $name_servers, + search_path => $search_path, + } + include 'profile::os::linux::security' + } + 'windows': { + class { 'profile::os::baseline::dns_resolver': + name_servers => $name_servers, + search_path => $search_path, + } + include profile::os::windows::security + } + 'Solaris': { + class { 'profile::os::baseline::dns_resolver': + name_servers => $name_servers, + search_path => $search_path, + } + include profile::os::solaris::enable_ssh + } + default: { + fail("OS family ${facts['os']['family']} is not supported with ${title}.") + } + } + # Profile does the OS case statement + # Profile will normalize the 'temp' path for Linux, Solaris, and Windows + include profile::os::baseline::archives + # Profile does motd and banner + include profile::os::baseline::banner + # Profile validates trusted.extensions are set + $extensions = lookup('profile::os::baseline::verify_trusted_data::extentions', Array, 'deep') + class { 'profile::os::baseline::verify_trusted_data': + extensions_to_check => $extensions, + } +} diff --git a/site/profile/manifests/os/baseline/archives.pp b/site/profile/manifests/os/baseline/archives.pp new file mode 100644 index 000000000..a3c4711cc --- /dev/null +++ b/site/profile/manifests/os/baseline/archives.pp @@ -0,0 +1,24 @@ +# This profile is to normalize archive for a site +# it will set temp dir and install dir for the build +class profile::os::baseline::archives ( + Optional[Stdlib::Absolutepath] $in_temp_path = undef, +) { + include '::archive' + + if ! $in_temp_path { + case $facts['kernel'] { + 'Linux', 'SunOS': { + $temp_path = '/tmp' + } + 'windows': { + $temp_path = 'C:/Windows/Temp' + } + default: { + fail("OS ${facts['kernel']} is not supported with ${title}.") + } + } + } else { + $temp_path = $in_temp_path + } + +} diff --git a/site/profile/manifests/os/baseline/banner.pp b/site/profile/manifests/os/baseline/banner.pp new file mode 100644 index 000000000..982ca1f2e --- /dev/null +++ b/site/profile/manifests/os/baseline/banner.pp @@ -0,0 +1,8 @@ +# This class will setup MOTD for Windows and Linux hosts +class profile::os::baseline::banner ( + String $motd, +) { + class { 'motd': + content => $motd, + } +} diff --git a/site/profile/manifests/os/baseline/dns_resolver.pp b/site/profile/manifests/os/baseline/dns_resolver.pp new file mode 100644 index 000000000..0eb88d876 --- /dev/null +++ b/site/profile/manifests/os/baseline/dns_resolver.pp @@ -0,0 +1,54 @@ +# @summary A DNS profile for *nix and Windows +# +# @description This profile abstracts away the configuration of DNS settings into +# 2 parameters, 'name_servers' and 'search_path'. +# +# @param name_servers An array of DNS name servers to use. +# @param search_path An array of domain suffixes to use in the DNS search path. +# +class profile::os::baseline::dns_resolver ( + Array[String[1]] $name_servers, + Array[String[1]] $search_path, +) { + + case $facts['kernel'] { + 'Linux','SunOS': { + + # Use saz/resolv_conf Forge module + class { 'resolv_conf': + nameservers => $name_servers, + searchpath => $search_path, + } + + } + 'windows': { + + # Use the puppetlabs/dsc module + # Rather than set every interface, you could instead just set the primary + # by changing the dsc_interfacealias param to $facts['networking']['primary'] + # and removing the each loop. + #$facts['networking']['interfaces'].keys.each |$interface| { + # dsc_xdnsserveraddress { "Configure-DNS-${interface}-interface": + # ensure => present, + # dsc_address => $name_servers, + # dsc_interfacealias => $interface, + # dsc_addressfamily => 'IPv4', + # } + #} + dsc_xdnsserveraddress { 'Configure-DNS-primary-interface': + ensure => present, + dsc_address => $name_servers, + dsc_interfacealias => $facts['networking']['primary'], + dsc_addressfamily => 'IPv4', + } + dsc_xdnsclientglobalsetting { 'Configure-DNS-search-path': + ensure => present, + dsc_suffixsearchlist => $search_path, + dsc_issingleinstance => 'Yes' + } + + } + default: { fail("This profile does not support your OS type ${facts['kernel']}") } + } + +} diff --git a/site/profile/manifests/os/baseline/verify_trusted_data.pp b/site/profile/manifests/os/baseline/verify_trusted_data.pp new file mode 100644 index 000000000..b1637d6cd --- /dev/null +++ b/site/profile/manifests/os/baseline/verify_trusted_data.pp @@ -0,0 +1,27 @@ +# profile::base::chk_facts_exist +# +# This class to to check and see if required facts are set. +# The list of facts can be placed in hiera or can be set +# when the class is called (param) +# +# @summary Check and see if required trusted.extensions are set +# +# @param extensions_to_check: list of extensions to verify are not undef +# +# @example +# class { '::profile::os::baseline::verify_trusted_data': +# extensions_to_check => [ 'pp_product', 'pp_role', +# 'pp_service' ], +# } +class profile::os::baseline::verify_trusted_data ( + Optional[Array] $extensions_to_check = undef +) { + if $extensions_to_check != undef { + $extensions_to_check.each | $key | { + $extension_value = $trusted['extensions'][$key] + if $extension_value == undef { + fail("Required trusted.extensions.${key} does not exists!\nExtension must be set!") + } + } + } +} diff --git a/site/profile/manifests/os/linux/ms_ca_root_cert.pp b/site/profile/manifests/os/linux/ms_ca_root_cert.pp new file mode 100644 index 000000000..a02a27ffa --- /dev/null +++ b/site/profile/manifests/os/linux/ms_ca_root_cert.pp @@ -0,0 +1,19 @@ +# Assuming you have the root CA cert stored on the master +# this declaration will allow you to push it around +# so a linux node can use it for web services +# and windows users will get internally trusted certs +# without needing to provision third party certs +class profile::os::linux::ms_ca_root_cert { + + file { '/etc/pki/tls/certs/msca.crt': + ensure => 'file', + source => 'puppet:///modules/profile/msca.crt', + } + + file { '/etc/pki/tls/certs/4adae044.0': + ensure => 'link', + target => '/etc/pki/tls/certs/msca.crt', + require => File['/etc/pki/tls/certs/msca.crt'], + } + +} diff --git a/site/profile/manifests/os/linux/security.pp b/site/profile/manifests/os/linux/security.pp new file mode 100644 index 000000000..9f905300e --- /dev/null +++ b/site/profile/manifests/os/linux/security.pp @@ -0,0 +1,8 @@ +# This is a class example for security +class profile::os::linux::security ( + Boolean $pe_environment = true, +) { + class { '::os_hardening': + pe_environment => $pe_environment, + } +} diff --git a/site/profile/manifests/os/solaris/enable_ssh.pp b/site/profile/manifests/os/solaris/enable_ssh.pp new file mode 100644 index 000000000..19960ff86 --- /dev/null +++ b/site/profile/manifests/os/solaris/enable_ssh.pp @@ -0,0 +1,22 @@ +# This class enables SSH and enables root login + +class profile::os::solaris::enable_ssh ( + String $permit_root_login = 'yes', +) { + + # Start up the service and enable it at boot time. + service { 'svc:/network/ssh:default': + ensure => running, + enable => true, + } + + # Manage whether root is allowed to login. (Default: yes) + file_line { 'permit root ssh': + ensure => present, + path => '/etc/ssh/sshd_config', + line => "PermitRootLogin ${permit_root_login}", + match => '^PermitRootLogin ', + notify => Service['svc:/network/ssh:default'], + } + +} diff --git a/site/profile/manifests/os/windows/disable_firewall.pp b/site/profile/manifests/os/windows/disable_firewall.pp new file mode 100644 index 000000000..ccd006350 --- /dev/null +++ b/site/profile/manifests/os/windows/disable_firewall.pp @@ -0,0 +1,29 @@ +# This profile disables all local firewalls on Windows nodes. +# +# Requires: puppetlabs/registry +# +class profile::os::windows::disable_firewall { + + registry::value { 'Disable DomainProfile firewall': + key => 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile', + value => 'EnableFirewall', + data => '0', + type => 'dword', + } + + registry::value { 'Disable PublicProfile firewall': + key => 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile', + value => 'EnableFirewall', + data => '0', + type => 'dword', + } + + registry::value { 'Disable StandardProfile firewall': + key => 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile', + value => 'EnableFirewall', + data => '0', + type => 'dword', + } + +} + diff --git a/site/profile/manifests/os/windows/disable_ieesc.pp b/site/profile/manifests/os/windows/disable_ieesc.pp new file mode 100644 index 000000000..2399dda83 --- /dev/null +++ b/site/profile/manifests/os/windows/disable_ieesc.pp @@ -0,0 +1,22 @@ +# This will disable Internet Explorer Enhanced Security Configuration +# +# Requires: puppetlabs/registry +# +class profile::os::windows::disable_ieesc { + + registry::value { 'Disable IE ESC for Administrators': + key => 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}', + value => 'IsInstalled', + data => '0', + type => 'dword', + } + + registry::value { 'Disable IE ESC for Users': + key => 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}', + value => 'IsInstalled', + data => '0', + type => 'dword', + } + +} + diff --git a/site/profile/manifests/os/windows/disable_ipv6.pp b/site/profile/manifests/os/windows/disable_ipv6.pp new file mode 100644 index 000000000..4d4ede92b --- /dev/null +++ b/site/profile/manifests/os/windows/disable_ipv6.pp @@ -0,0 +1,14 @@ +# This will turn off ipv6 for Windows nodes +# +# Requires puppetlabs/registry +# +class profile::os::windows::disable_ipv6 { + + registry::value { 'Disable IPv6': + key => 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters', + value => 'DisabledComponents', + data => '255', + type => 'dword', + } + +} diff --git a/site/profile/manifests/os/windows/disable_uac.pp b/site/profile/manifests/os/windows/disable_uac.pp new file mode 100644 index 000000000..84b1077ed --- /dev/null +++ b/site/profile/manifests/os/windows/disable_uac.pp @@ -0,0 +1,25 @@ +# This will disable UAC on Windows nodes. +# +# Requires: puppetlabs/registry +# +class profile::os::windows::disable_uac { + + registry::value { 'Disable UAC': + key => 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System', + value => 'EnableLUA', + data => '0', + type => 'dword', + } + + # Refer to the link below to determine what different values do. + # Valid data values are 0 - 5. + # https://msdn.microsoft.com/en-us/library/Cc232761.aspx + registry::value { 'Set UAC Consent Prompt Level': + key => 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System', + value => 'ConsentPromptBehaviorAdmin', + data => '5', + type => 'dword', + } + +} + diff --git a/site/profile/manifests/os/windows/enable_remote_desktop.pp b/site/profile/manifests/os/windows/enable_remote_desktop.pp new file mode 100644 index 000000000..6c439f84c --- /dev/null +++ b/site/profile/manifests/os/windows/enable_remote_desktop.pp @@ -0,0 +1,21 @@ +# This profile will enable remote desktop connections +# +# Requires: puppetlabs/registry +# +class profile::os::windows::enable_remote_desktop { + + registry::value { 'Enable Terminal Services connections': + key => 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server', + value => 'fDenyTSConnections', + data => '0', + type => 'dword', + } + + registry::value { 'Enable TS Network Level Authentication': + key => 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp', + value => 'SecurityLayer', + data => '1', + type => 'dword', + } + +} diff --git a/site/profile/manifests/os/windows/security.pp b/site/profile/manifests/os/windows/security.pp new file mode 100644 index 000000000..c572af37f --- /dev/null +++ b/site/profile/manifests/os/windows/security.pp @@ -0,0 +1,16 @@ +# This profile is example of security configurations for +# site specific security settings. +class profile::os::windows::security ( + Boolean $disable_ipv6 = true, + Boolean $enable_rdesktop = false, +) { + if $disable_ipv6 { + include profile::os::windows::disable_ipv6 + } + if $enable_rdesktop { + include profile::os::windows::enable_remote_desktop + } + if $facts['os']['release']['major'] != '2012 R2' { + contain secure_windows + } +} diff --git a/site/profile/manifests/os/windows/winrm_ssl_config.pp b/site/profile/manifests/os/windows/winrm_ssl_config.pp new file mode 100644 index 000000000..66c1c079f --- /dev/null +++ b/site/profile/manifests/os/windows/winrm_ssl_config.pp @@ -0,0 +1,33 @@ +# This profile configures winrm to use SSL, and uses +# an existing certificate already installed in the +# trusted store. +# +# This assumes a root CA has already been passed +# via GPO or the like. +# +# Required modules in Puppetfile format, versions current as of last update: +# mod 'puppet-windows_firewall', '2.0.0' +# mod 'puppetlabs-stdlib', '4.24.0' ( windows_firewall (>= 4.6.0 < 5.0.0)) +# mod 'puppetlabs-registry', '1.1.4' ( windows_firewall (>= 1.1.1 < 2.0.0)) +# mod 'liamjbennett-win_facts', '0.0.2' ( windows_firewall (>= 0.0.2 < 2.0.0)) +# mod 'nekototori-winrmssl', '0.1.0' +class profile::os::windows::winrm_ssl_config { + + winrmssl { 'example.com': + ensure => 'present', + issuer => 'CN=example.com, DC=example, DC=com', + } + + windows_firewall::exception { '$CLIENT_WINRM_SSL': + ensure => 'present', + direction => 'in', + action => 'Allow', + enabled => 'yes', + protocol => 'TCP', + local_port => '5986', + remote_port => 'any', + display_name => '$CLIENT_WINRM_SSL', + description => 'Inbound rule for secure remote management. [TCP 5986]', + } + +} diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp deleted file mode 100644 index 9109c7d0a..000000000 --- a/site/profile/manifests/puppetmaster.pp +++ /dev/null @@ -1,17 +0,0 @@ -class profile::puppetmaster ( - $hiera_yaml = "${::settings::confdir}/hiera.yaml" -){ - - class { 'hiera': - hierarchy => [ - 'virtual/%{::virtual}', - 'nodes/%{::trusted.certname}', - 'common', - ], - hiera_yaml => $hiera_yaml, - datadir => '/etc/puppetlabs/code/environments/%{environment}/hieradata', - owner => 'pe-puppet', - group => 'pe-puppet', - notify => Service['pe-puppetserver'], - } -} diff --git a/site/role/manifests/all_in_one_pe.pp b/site/role/manifests/all_in_one_pe.pp deleted file mode 100644 index b6b883e80..000000000 --- a/site/role/manifests/all_in_one_pe.pp +++ /dev/null @@ -1,7 +0,0 @@ -class role::all_in_one_pe { - - include profile::puppetmaster - include pe_code_manager_webhook - include pe_metric_curl_cron_jobs - -} diff --git a/site/role/manifests/database_server.pp b/site/role/manifests/database_server.pp deleted file mode 100644 index aacc912b2..000000000 --- a/site/role/manifests/database_server.pp +++ /dev/null @@ -1,7 +0,0 @@ -class role::database_server { - - #This role would be made of all the profiles that need to be included to make a database server work - #All roles should include the base profile - include profile::base - -} diff --git a/site/role/manifests/example.pp b/site/role/manifests/example.pp deleted file mode 100644 index 2c1d2d724..000000000 --- a/site/role/manifests/example.pp +++ /dev/null @@ -1,3 +0,0 @@ -class role::example { - -} diff --git a/site/role/manifests/webserver.pp b/site/role/manifests/webserver.pp deleted file mode 100644 index 314fa55f3..000000000 --- a/site/role/manifests/webserver.pp +++ /dev/null @@ -1,7 +0,0 @@ -class role::webserver { - - #This role would be made of all the profiles that need to be included to make a webserver work - #All roles should include the base profile - include profile::base - -} diff --git a/spec/acceptance/nodesets/onceover-nodes.yml b/spec/acceptance/nodesets/onceover-nodes.yml new file mode 100644 index 000000000..707300694 --- /dev/null +++ b/spec/acceptance/nodesets/onceover-nodes.yml @@ -0,0 +1,41 @@ +HOSTS: + centos6a: + roles: + - agent + type: aio + platform: el-6-64 + box: puppetlabs/centos-6.6-64-puppet + box_url: https://app.vagrantup.com/puppetlabs/boxes/centos-6.6-64-puppet + hypervisor: vagrant_virtualbox + CentOS-7.0-64: + roles: + - agent + type: aio + platform: el-7-64 + box: puppetlabs/centos-7.2-64-puppet + box_url: https://app.vagrantup.com/puppetlabs/boxes/centos-7.2-64-puppet + hypervisor: vagrant_virtualbox + centos7b: + roles: + - agent + type: aio + platform: el-7-64 + box: puppetlabs/centos-7.2-64-puppet + box_url: https://app.vagrantup.com/puppetlabs/boxes/centos-7.2-64-puppet + hypervisor: vagrant_virtualbox + ubuntu1404: + roles: + - agent + type: aio + platform: ubuntu-14.04-64 + box: puppetlabs/ubuntu-14.04-64-puppet + box_url: https://app.vagrantup.com/puppetlabs/boxes/ubuntu-14.04-64-puppet + hypervisor: vagrant_virtualbox + debian82: + roles: + - agent + type: aio + platform: debian-8.2-64 + box: puppetlabs/debian-8.2-64-puppet + box_url: https://app.vagrantup.com/puppetlabs/boxes/debian-8.2-64-puppet + hypervisor: vagrant_virtualbox diff --git a/spec/default_facts.yml b/spec/default_facts.yml new file mode 100644 index 000000000..ea1e4808e --- /dev/null +++ b/spec/default_facts.yml @@ -0,0 +1,7 @@ +# Use default_module_facts.yml for module specific facts. +# +# Facts specified here will override the values provided by rspec-puppet-facts. +--- +ipaddress: "172.16.254.254" +is_pe: false +macaddress: "AA:AA:AA:AA:AA:AA" diff --git a/spec/factsets/CentOS-6.6-64.json b/spec/factsets/CentOS-6.6-64.json new file mode 100644 index 000000000..e52ef3d71 --- /dev/null +++ b/spec/factsets/CentOS-6.6-64.json @@ -0,0 +1,350 @@ +{ + "name": "centos6a.pdx.puppetlabs.demo", + "trusted": { + "pp_role": "agent", + "pp_service": "puppet", + "pp_product": "puppet", + "pp_preshared_key": "somekey" + }, + "values": { + "aio_agent_build": "1.2.2", + "aio_agent_version": "1.2.2", + "architecture": "x86_64", + "augeas": { + "version": "1.4.0" + }, + "augeasversion": "1.4.0", + "bios_release_date": "12/01/2006", + "bios_vendor": "innotek GmbH", + "bios_version": "VirtualBox", + "blockdevice_sda_model": "VBOX HARDDISK", + "blockdevice_sda_size": 21474836480, + "blockdevice_sda_vendor": "ATA", + "blockdevices": "sda", + "boardmanufacturer": "Oracle Corporation", + "boardproductname": "VirtualBox", + "boardserialnumber": "0", + "chassistype": "Other", + "concat_basedir": "/opt/puppetlabs/puppet/cache/concat", + "custom_auth_conf": "false", + "datacenter": "portland", + "dhcp_servers": { + "eth0": "10.0.2.2", + "system": "10.0.2.2" + }, + "disks": { + "sda": { + "model": "VBOX HARDDISK", + "size": "20.00 GiB", + "size_bytes": 21474836480, + "vendor": "ATA" + } + }, + "dmi": { + "bios": { + "release_date": "12/01/2006", + "vendor": "innotek GmbH", + "version": "VirtualBox" + }, + "board": { + "manufacturer": "Oracle Corporation", + "product": "VirtualBox", + "serial_number": "0" + }, + "chassis": { + "type": "Other" + }, + "manufacturer": "innotek GmbH", + "product": { + "name": "VirtualBox", + "serial_number": "0", + "uuid": "DA4CD203-2C23-4E21-B169-293D1749C38C" + } + }, + "domain": "pdx.puppetlabs.demo", + "facterversion": "3.0.2", + "filesystems": "ext4,iso9660", + "fqdn": "centos6a.pdx.puppetlabs.demo", + "gid": "root", + "hardwareisa": "x86_64", + "hardwaremodel": "x86_64", + "homedir": "/root", + "home_users": "/home/centos", + "hostname": "centos6a", + "id": "root", + "identity": { + "gid": 0, + "group": "root", + "uid": 0, + "user": "root" + }, + "interfaces": "eth0,eth1,lo", + "ip6tables_version": "1.4.7", + "ipaddress": "10.0.2.15", + "ipaddress6": "fe80::a00:27ff:fe0f:d276", + "ipaddress6_eth0": "fe80::a00:27ff:fe0f:d276", + "ipaddress6_eth1": "fe80::a00:27ff:fe66:988a", + "ipaddress6_lo": "::1", + "ipaddress_eth0": "10.0.2.15", + "ipaddress_eth1": "10.20.1.88", + "ipaddress_lo": "127.0.0.1", + "iptables_version": "1.4.7", + "is_admin": true, + "is_pe": false, + "is_virtual": true, + "kernel": "Linux", + "kernelmajversion": "2.6", + "kernelrelease": "2.6.32-504.8.1.el6.x86_64", + "kernelversion": "2.6.32", + "load_averages": { + "15m": 0.0, + "1m": 0.0, + "5m": 0.0 + }, + "macaddress": "08:00:27:0f:d2:76", + "macaddress_eth0": "08:00:27:0f:d2:76", + "macaddress_eth1": "08:00:27:66:98:8a", + "manufacturer": "innotek GmbH", + "memory": { + "swap": { + "available": "992.00 MiB", + "available_bytes": 1040183296, + "capacity": "0%", + "total": "992.00 MiB", + "total_bytes": 1040183296, + "used": "0 bytes", + "used_bytes": 0 + }, + "system": { + "available": "348.41 MiB", + "available_bytes": 365338624, + "capacity": "28.95%", + "total": "490.39 MiB", + "total_bytes": 514215936, + "used": "141.98 MiB", + "used_bytes": 148877312 + } + }, + "memoryfree": "348.41 MiB", + "memoryfree_mb": 348.4140625, + "memorysize": "490.39 MiB", + "memorysize_mb": 490.39453125, + "mountpoints": { + "/": { + "available": "16.94 GiB", + "available_bytes": 18193268736, + "capacity": "6.51%", + "device": "/dev/mapper/VolGroup-lv_root", + "filesystem": "ext4", + "options": [ + "rw" + ], + "size": "18.12 GiB", + "size_bytes": 19459338240, + "used": "1.18 GiB", + "used_bytes": 1266069504 + }, + "/boot": { + "available": "448.35 MiB", + "available_bytes": 470125568, + "capacity": "5.85%", + "device": "/dev/sda1", + "filesystem": "ext4", + "options": [ + "rw" + ], + "size": "476.22 MiB", + "size_bytes": 499355648, + "used": "27.88 MiB", + "used_bytes": 29230080 + } + }, + "mtu_eth0": 1500, + "mtu_eth1": 1500, + "mtu_lo": 65536, + "mysql_server_id": 8555670, + "netmask": "255.255.255.0", + "netmask6": "ffff:ffff:ffff:ffff::", + "netmask6_eth0": "ffff:ffff:ffff:ffff::", + "netmask6_eth1": "ffff:ffff:ffff:ffff::", + "netmask6_lo": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", + "netmask_eth0": "255.255.255.0", + "netmask_eth1": "255.255.255.0", + "netmask_lo": "255.0.0.0", + "network": "10.0.2.0", + "network6": "fe80::", + "network6_eth0": "fe80::", + "network6_eth1": "fe80::", + "network6_lo": "::1", + "network_eth0": "10.0.2.0", + "network_eth1": "10.20.1.0", + "network_lo": "127.0.0.0", + "networking": { + "dhcp": "10.0.2.2", + "domain": "pdx.puppetlabs.demo", + "fqdn": "centos6a.pdx.puppetlabs.demo", + "hostname": "centos6a", + "interfaces": { + "eth0": { + "dhcp": "10.0.2.2", + "ip": "10.0.2.15", + "ip6": "fe80::a00:27ff:fe0f:d276", + "mac": "08:00:27:0f:d2:76", + "mtu": 1500, + "netmask": "255.255.255.0", + "netmask6": "ffff:ffff:ffff:ffff::", + "network": "10.0.2.0", + "network6": "fe80::" + }, + "eth1": { + "ip": "10.20.1.88", + "ip6": "fe80::a00:27ff:fe66:988a", + "mac": "08:00:27:66:98:8a", + "mtu": 1500, + "netmask": "255.255.255.0", + "netmask6": "ffff:ffff:ffff:ffff::", + "network": "10.20.1.0", + "network6": "fe80::" + }, + "lo": { + "ip": "127.0.0.1", + "ip6": "::1", + "mtu": 65536, + "netmask": "255.0.0.0", + "netmask6": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", + "network": "127.0.0.0", + "network6": "::1" + } + }, + "ip": "10.0.2.15", + "ip6": "fe80::a00:27ff:fe0f:d276", + "mac": "08:00:27:0f:d2:76", + "mtu": 1500, + "netmask": "255.255.255.0", + "netmask6": "ffff:ffff:ffff:ffff::", + "network": "10.0.2.0", + "network6": "fe80::" + }, + "operatingsystem": "CentOS", + "operatingsystemmajrelease": "6", + "operatingsystemrelease": "6.6", + "os": { + "architecture": "x86_64", + "family": "RedHat", + "hardware": "x86_64", + "name": "CentOS", + "release": { + "full": "6.6", + "major": "6", + "minor": "6" + }, + "selinux": { + "enabled": false + } + }, + "osfamily": "RedHat", + "partitions": { + "/dev/mapper/VolGroup-lv_root": { + "filesystem": "ext4", + "mount": "/", + "size": "0 bytes", + "size_bytes": 0, + "uuid": "a29409f8-0b58-4271-a348-032caefec8b8" + }, + "/dev/mapper/VolGroup-lv_swap": { + "filesystem": "swap", + "size": "0 bytes", + "size_bytes": 0, + "uuid": "b30b464a-8ac9-492a-a1c5-2da75bb7488a" + }, + "/dev/sda1": { + "filesystem": "ext4", + "mount": "/boot", + "size": "500.00 MiB", + "size_bytes": 524288000, + "uuid": "da946872-1406-4ac1-9a4d-f7ce5f7be47e" + }, + "/dev/sda2": { + "filesystem": "LVM2_member", + "size": "19.51 GiB", + "size_bytes": 20949499904, + "uuid": "nRdWPh-INkA-aHPs-TNtk-HjJG-SxBU-DdqI8a" + } + }, + "path": "/opt/puppetlabs/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin", + "pe_concat_basedir": "/opt/puppetlabs/puppet/cache/pe_concat", + "pe_razor_server_version": "package pe-razor-server is not installed", + "physicalprocessorcount": 1, + "platform_symlink_writable": true, + "platform_tag": "el-6-x86_64", + "processor0": "Intel(R) Core(TM) i7-4850HQ CPU @ 2.30GHz", + "processorcount": 1, + "processors": { + "count": 1, + "isa": "x86_64", + "models": [ + "Intel(R) Core(TM) i7-4850HQ CPU @ 2.30GHz" + ], + "physicalcount": 1 + }, + "productname": "VirtualBox", + "puppet_files_dir_present": false, + "puppet_vardir": "/opt/puppetlabs/puppet/cache", + "puppetversion": "4.2.1", + "root_home": "/root", + "retrieve_system_users": "root,bin,daemon,adm,lp,sync,shutdown,halt,mail,operator,games,ftp,nobody,systemd-network,dbus,polkitd,rpc,rpcuser,sshd,postfix,chrony", + "ruby": { + "platform": "x86_64-linux", + "sitedir": "/opt/puppetlabs/puppet/lib/ruby/site_ruby/2.1.0", + "version": "2.1.6" + }, + "rubyplatform": "x86_64-linux", + "rubysitedir": "/opt/puppetlabs/puppet/lib/ruby/site_ruby/2.1.0", + "rubyversion": "2.1.6", + "selinux": false, + "serialnumber": "0", + "ssh": { + "dsa": { + "fingerprints": { + "sha1": "SSHFP 2 1 5dad11db93cde6e3b1d5ce5a5fe5ad02825037e8", + "sha256": "SSHFP 2 2 576fe2b6a8412ada50cb776e6f1da5dd4bc301f2aa682be2ff82c70558c14745" + }, + "key": "AAAAB3NzaC1kc3MAAACBAJSFgQJi2VfgHnp2MQsV2wNpONevQuhi1Jb/nX0EjHtrAgc8MNRXLQTmjunh5q4+mjcYMHXDIx6F0Oc4XCnR5g6uQwBOGg70oXJmUkmwCw/mdgu3ppepOQJssBKnKFCR7QsbrBL+U1YmYmV8eGYDB76eXWRBOd9LewcGkjhHYbpzAAAAFQCShhFDlgHvmj6kcr6XRUuYPNziNwAAAIBBjLzEbwqoedlUKXRGuKc7nU71qWAkahN8rI4lU7d6PrVS7XziNX3OTCXbRCF3wT/dlYBU+grjmOIF4dbOrjBCHmmYVzlntXsefyR6XIbJw/H08L2LdDT6aye+MDWdYGK0PqgV6AZ5pWUzu7wS+qJduOaNMts5YrzqvlhiFDO8EAAAAIAJoqYk2bkNTPnjYi4qhIP3o+7Lhpxh5akAkjPMpM4tf/BedBqzKimvWhtDNVTcNCOZwJuSkHL4SSafvPCoxbKY4YhFWYykS/Vdle9ixNtH+wMU5d8DsSsvZpfa4lvj9FpzgfcM+NT1aYHis/pIRpBblPfHHnFBsxGKX66v6webHg==" + }, + "rsa": { + "fingerprints": { + "sha1": "SSHFP 1 1 e1e2811771eb093d9b74333a111e089bc8e434ef", + "sha256": "SSHFP 1 2 4513b7ba6b47b22319ea40fe9e0f12e9ac200b367b78508364a80a2a9b92409c" + }, + "key": "AAAAB3NzaC1yc2EAAAABIwAAAQEA3Gn072MPvlL1R0RpTGod7BxiCvm4Wp6p8gRYJgEba9FLtYTWYhx18ueLnuFWKnK6WMpwe24732ZGGCsagjBkEo8DFJZABZbfSHxW1gsmU6smUM9o2wt9ZEeYJ036DqIkg4DzsBLc206NKStuKCTOINFSwBtHAWkZCeGdon8ssEoery//yZchbHBXQB1f312Re42W4eLNpWm0T93eEwRRMOpnLtNFrVa9kvHv71eQx2crvDG2xd6BfN0PkU0tx0TBzDS2xUqBg5m1MdNbarxWH1Km8JUEH40jl3YKgh5g0lrfEE36xIItPtW2mFawsMBpMK0iPerqs60or9SjM1LwXQ==" + } + }, + "sshdsakey": "AAAAB3NzaC1kc3MAAACBAJSFgQJi2VfgHnp2MQsV2wNpONevQuhi1Jb/nX0EjHtrAgc8MNRXLQTmjunh5q4+mjcYMHXDIx6F0Oc4XCnR5g6uQwBOGg70oXJmUkmwCw/mdgu3ppepOQJssBKnKFCR7QsbrBL+U1YmYmV8eGYDB76eXWRBOd9LewcGkjhHYbpzAAAAFQCShhFDlgHvmj6kcr6XRUuYPNziNwAAAIBBjLzEbwqoedlUKXRGuKc7nU71qWAkahN8rI4lU7d6PrVS7XziNX3OTCXbRCF3wT/dlYBU+grjmOIF4dbOrjBCHmmYVzlntXsefyR6XIbJw/H08L2LdDT6aye+MDWdYGK0PqgV6AZ5pWUzu7wS+qJduOaNMts5YrzqvlhiFDO8EAAAAIAJoqYk2bkNTPnjYi4qhIP3o+7Lhpxh5akAkjPMpM4tf/BedBqzKimvWhtDNVTcNCOZwJuSkHL4SSafvPCoxbKY4YhFWYykS/Vdle9ixNtH+wMU5d8DsSsvZpfa4lvj9FpzgfcM+NT1aYHis/pIRpBblPfHHnFBsxGKX66v6webHg==", + "sshfp_dsa": "SSHFP 2 1 5dad11db93cde6e3b1d5ce5a5fe5ad02825037e8\nSSHFP 2 2 576fe2b6a8412ada50cb776e6f1da5dd4bc301f2aa682be2ff82c70558c14745", + "sshfp_rsa": "SSHFP 1 1 e1e2811771eb093d9b74333a111e089bc8e434ef\nSSHFP 1 2 4513b7ba6b47b22319ea40fe9e0f12e9ac200b367b78508364a80a2a9b92409c", + "sshrsakey": "AAAAB3NzaC1yc2EAAAABIwAAAQEA3Gn072MPvlL1R0RpTGod7BxiCvm4Wp6p8gRYJgEba9FLtYTWYhx18ueLnuFWKnK6WMpwe24732ZGGCsagjBkEo8DFJZABZbfSHxW1gsmU6smUM9o2wt9ZEeYJ036DqIkg4DzsBLc206NKStuKCTOINFSwBtHAWkZCeGdon8ssEoery//yZchbHBXQB1f312Re42W4eLNpWm0T93eEwRRMOpnLtNFrVa9kvHv71eQx2crvDG2xd6BfN0PkU0tx0TBzDS2xUqBg5m1MdNbarxWH1Km8JUEH40jl3YKgh5g0lrfEE36xIItPtW2mFawsMBpMK0iPerqs60or9SjM1LwXQ==", + "staging_http_get": "curl", + "swapfree": "992.00 MiB", + "swapfree_mb": 991.99609375, + "swapsize": "992.00 MiB", + "swapsize_mb": 991.99609375, + "system_uptime": { + "days": 0, + "hours": 0, + "seconds": 352, + "uptime": "0:05 hours" + }, + "timezone": "UTC", + "uptime": "0:05 hours", + "uptime_days": 0, + "uptime_hours": 0, + "uptime_seconds": 352, + "uuid": "DA4CD203-2C23-4E21-B169-293D1749C38C", + "virtual": "virtualbox", + "clientcert": "centos6a.pdx.puppetlabs.demo", + "clientversion": "4.2.1", + "clientnoop": false + }, + "timestamp": "2015-09-23T01:56:02.689718267+00:00", + "expiration": "2015-09-23T02:26:02.690130706+00:00" +} diff --git a/spec/factsets/CentOS-7.0-64.json b/spec/factsets/CentOS-7.0-64.json new file mode 100644 index 000000000..73790aedd --- /dev/null +++ b/spec/factsets/CentOS-7.0-64.json @@ -0,0 +1,512 @@ +{ + "name": "centos7.somedomain.info", + "trusted": { + "pp_role": "agent", + "pp_service": "puppet", + "pp_product": "puppet", + "pp_preshared_key": "somekey" + }, + "values": { + "aio_agent_build": "6.4.3", + "aio_agent_version": "6.4.3", + "architecture": "x86_64", + "augeas": { + "version": "1.12.0" + }, + "augeasversion": "1.12.0", + "bios_release_date": "01/01/2011", + "bios_vendor": "Seabios", + "bios_version": "0.5.1", + "blockdevice_vda_size": 8589934592, + "blockdevice_vda_vendor": "0x1af4", + "blockdevices": "vda", + "chassistype": "Other", + "dhcp_servers": { + "eth0": "192.168.0.10", + "system": "192.168.0.10" + }, + "disks": { + "vda": { + "size": "8.00 GiB", + "size_bytes": 8589934592, + "vendor": "0x1af4" + } + }, + "dmi": { + "bios": { + "release_date": "01/01/2011", + "vendor": "Seabios", + "version": "0.5.1" + }, + "chassis": { + "type": "Other" + }, + "manufacturer": "OpenStack Foundation", + "product": { + "name": "OpenStack Nova", + "serial_number": "3c2513f4-b791-4ce7-9b2f-558c71093ec7", + "uuid": "F037E492-B099-4C5F-9D71-983D102E9AEB" + } + }, + "domain": "somedomain.info", + "ec2_metadata": { + "ami-id": "None", + "ami-launch-index": "0", + "ami-manifest-path": "FIXME", + "block-device-mapping": { + "ami": "vda", + "ebs0": "/dev/vda", + "root": "/dev/vda" + }, + "hostname": "centos7", + "instance-action": "none", + "instance-id": "i-000085b6", + "instance-type": "vol.small", + "local-hostname": "centos7", + "local-ipv4": "192.168.0.2", + "placement": { + "availability-zone": "local-storage" + }, + "public-hostname": "centos7", + "public-ipv4": "", + "public-keys": { + "0": { + "openssh-key": "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsMvODgIqL1NoUgP65qmgf0sJjQy78QdA5rHw9tIwK5KstVSh+0w4TLHJq8Jz8E4UeXhx0NioP3kE3otjCC8kSM5y99QOs4qQh7q6cLN9hQpXMQUD9UnJMP0b5agd0PdErH0ML9hnWfsZX707v31VSIbco+X6Kg9wN8WJhlTXgbbrJTUIPnMzNXrN7Z5/jY6Vss7NTCVI7OxUbIna37l5y8s4jxViaXjoVEXP8e4QtTX8p0BYc2vgerI04ZilhbIe4KEcHiR+n/GUr6MmkY5qtLum/7IZLHbHfWha1q7VaPnz/CHmlDySxxq4sF81N4x2V7d0+x8/wNZx2d+duJmV0Q==" + } + }, + "reservation-id": "r-pz8wel3j", + "security-groups": "default" + }, + "facterversion": "3.13.3", + "filesystems": "xfs", + "fips_enabled": false, + "fqdn": "centos7.somedomain.info", + "gid": "root", + "hardwareisa": "x86_64", + "hardwaremodel": "x86_64", + "home_users": "/home/centos,/home/tomcat", + "hostname": "centos7", + "hypervisors": { + "kvm": { + "openstack": true + } + }, + "icinga2_puppet_hostcert": "/etc/puppetlabs/puppet/ssl/certs/centos7.somedomain.info.pem", + "icinga2_puppet_hostprivkey": "/etc/puppetlabs/puppet/ssl/private_keys/centos7.somedomain.info.pem", + "icinga2_puppet_localcacert": "/etc/puppetlabs/puppet/ssl/certs/ca.pem", + "id": "root", + "identity": { + "gid": 0, + "group": "root", + "privileged": true, + "uid": 0, + "user": "root" + }, + "interfaces": "eth0,lo", + "ipaddress": "192.168.0.2", + "ipaddress_eth0": "192.168.0.2", + "ipaddress_lo": "127.0.0.1", + "is_pe": false, + "is_virtual": true, + "java_default_home": "/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.222.b10-0.el7_6.x86_64", + "java_libjvm_path": "/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.222.b10-0.el7_6.x86_64/jre/lib/amd64/server", + "java_major_version": "8", + "java_patch_level": "222", + "java_version": "1.8.0_222", + "kernel": "Linux", + "kernelmajversion": "3.10", + "kernelrelease": "3.10.0-957.1.3.el7.x86_64", + "kernelversion": "3.10.0", + "load_averages": { + "15m": 0.15, + "1m": 0.32, + "5m": 0.14 + }, + "macaddress": "fa:16:3e:ee:90:cd", + "macaddress_eth0": "fa:16:3e:ee:90:cd", + "manufacturer": "OpenStack Foundation", + "memory": { + "system": { + "available": "1.47 GiB", + "available_bytes": 1583357952, + "capacity": "17.86%", + "total": "1.80 GiB", + "total_bytes": 1927516160, + "used": "328.21 MiB", + "used_bytes": 344158208 + } + }, + "memoryfree": "1.47 GiB", + "memoryfree_mb": 1510.0078125, + "memorysize": "1.80 GiB", + "memorysize_mb": 1838.22265625, + "mountpoints": { + "/": { + "available": "6.66 GiB", + "available_bytes": 7149559808, + "capacity": "16.66%", + "device": "rootfs", + "filesystem": "rootfs", + "options": [ + "rw" + ], + "size": "7.99 GiB", + "size_bytes": 8578400256, + "used": "1.33 GiB", + "used_bytes": 1428840448 + }, + "/dev": { + "available": "896.79 MiB", + "available_bytes": 940351488, + "capacity": "0%", + "device": "devtmpfs", + "filesystem": "devtmpfs", + "options": [ + "rw", + "seclabel", + "nosuid", + "size=918312k", + "nr_inodes=229578", + "mode=755" + ], + "size": "896.79 MiB", + "size_bytes": 940351488, + "used": "0 bytes", + "used_bytes": 0 + }, + "/dev/hugepages": { + "available": "0 bytes", + "available_bytes": 0, + "capacity": "100%", + "device": "hugetlbfs", + "filesystem": "hugetlbfs", + "options": [ + "rw", + "seclabel", + "relatime" + ], + "size": "0 bytes", + "size_bytes": 0, + "used": "0 bytes", + "used_bytes": 0 + }, + "/dev/mqueue": { + "available": "0 bytes", + "available_bytes": 0, + "capacity": "100%", + "device": "mqueue", + "filesystem": "mqueue", + "options": [ + "rw", + "seclabel", + "relatime" + ], + "size": "0 bytes", + "size_bytes": 0, + "used": "0 bytes", + "used_bytes": 0 + }, + "/dev/pts": { + "available": "0 bytes", + "available_bytes": 0, + "capacity": "100%", + "device": "devpts", + "filesystem": "devpts", + "options": [ + "rw", + "seclabel", + "nosuid", + "noexec", + "relatime", + "gid=5", + "mode=620", + "ptmxmode=000" + ], + "size": "0 bytes", + "size_bytes": 0, + "used": "0 bytes", + "used_bytes": 0 + }, + "/dev/shm": { + "available": "919.11 MiB", + "available_bytes": 963756032, + "capacity": "0%", + "device": "tmpfs", + "filesystem": "tmpfs", + "options": [ + "rw", + "seclabel", + "nosuid", + "nodev" + ], + "size": "919.11 MiB", + "size_bytes": 963756032, + "used": "0 bytes", + "used_bytes": 0 + }, + "/run": { + "available": "902.70 MiB", + "available_bytes": 946548736, + "capacity": "1.79%", + "device": "tmpfs", + "filesystem": "tmpfs", + "options": [ + "rw", + "seclabel", + "nosuid", + "nodev", + "mode=755" + ], + "size": "919.11 MiB", + "size_bytes": 963756032, + "used": "16.41 MiB", + "used_bytes": 17207296 + }, + "/run/user/1000": { + "available": "183.82 MiB", + "available_bytes": 192753664, + "capacity": "0%", + "device": "tmpfs", + "filesystem": "tmpfs", + "options": [ + "rw", + "seclabel", + "nosuid", + "nodev", + "relatime", + "size=188236k", + "mode=700", + "uid=1000", + "gid=1000" + ], + "size": "183.82 MiB", + "size_bytes": 192753664, + "used": "0 bytes", + "used_bytes": 0 + }, + "/sys/fs/cgroup": { + "available": "919.11 MiB", + "available_bytes": 963756032, + "capacity": "0%", + "device": "tmpfs", + "filesystem": "tmpfs", + "options": [ + "ro", + "seclabel", + "nosuid", + "nodev", + "noexec", + "mode=755" + ], + "size": "919.11 MiB", + "size_bytes": 963756032, + "used": "0 bytes", + "used_bytes": 0 + }, + "/var/lib/nfs/rpc_pipefs": { + "available": "0 bytes", + "available_bytes": 0, + "capacity": "100%", + "device": "rpc_pipefs", + "filesystem": "rpc_pipefs", + "options": [ + "rw", + "relatime" + ], + "size": "0 bytes", + "size_bytes": 0, + "used": "0 bytes", + "used_bytes": 0 + } + }, + "mtu_eth0": 1500, + "mtu_lo": 65536, + "mysql_server_id": 17237197, + "netmask": "255.255.255.0", + "netmask_eth0": "255.255.255.0", + "netmask_lo": "255.0.0.0", + "network": "192.168.0.0", + "network_eth0": "192.168.0.0", + "network_lo": "127.0.0.0", + "networking": { + "dhcp": "192.168.0.10", + "domain": "somedomain.info", + "fqdn": "centos7.somedomain.info", + "hostname": "centos7", + "interfaces": { + "eth0": { + "bindings": [ + { + "address": "192.168.0.2", + "netmask": "255.255.255.0", + "network": "192.168.0.0" + } + ], + "dhcp": "192.168.0.10", + "ip": "192.168.0.2", + "mac": "fa:16:3e:ee:90:cd", + "mtu": 1500, + "netmask": "255.255.255.0", + "network": "192.168.0.0" + }, + "lo": { + "bindings": [ + { + "address": "127.0.0.1", + "netmask": "255.0.0.0", + "network": "127.0.0.0" + } + ], + "ip": "127.0.0.1", + "mtu": 65536, + "netmask": "255.0.0.0", + "network": "127.0.0.0" + } + }, + "ip": "192.168.0.2", + "mac": "fa:16:3e:ee:90:cd", + "mtu": 1500, + "netmask": "255.255.255.0", + "network": "192.168.0.0", + "primary": "eth0" + }, + "operatingsystem": "CentOS", + "operatingsystemmajrelease": "7", + "operatingsystemrelease": "7.6.1810", + "os": { + "architecture": "x86_64", + "family": "RedHat", + "hardware": "x86_64", + "name": "CentOS", + "release": { + "full": "7.6.1810", + "major": "7", + "minor": "6" + }, + "selinux": { + "config_mode": "enforcing", + "config_policy": "targeted", + "current_mode": "enforcing", + "enabled": true, + "enforced": true, + "policy_version": "31" + } + }, + "osfamily": "RedHat", + "package_provider": "yum", + "partitions": { + "/dev/vda1": { + "filesystem": "xfs", + "mount": "/", + "size": "8.00 GiB", + "size_bytes": 8588886016, + "uuid": "f41e390f-835b-4223-a9bb-9b45984ddf8d" + } + }, + "path": "/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/opt/puppetlabs/bin:/root/bin", + "pe_concat_basedir": "/opt/puppetlabs/puppet/cache/pe_concat", + "pe_razor_server_version": "package pe-razor-server is not installed", + "physicalprocessorcount": 1, + "platform_symlink_writable": true, + "platform_tag": "el-7-x86_64", + "powershell_version": 0, + "processor0": "Intel Core Processor (Haswell)", + "processorcount": 1, + "processors": { + "count": 1, + "isa": "x86_64", + "models": [ + "Intel Core Processor (Haswell)" + ], + "physicalcount": 1 + }, + "productname": "OpenStack Nova", + "puppet_environmentpath": "/etc/puppetlabs/code/environments", + "puppet_files_dir_present": false, + "puppet_inventory_metadata": { + "packages": { + "collection_enabled": false, + "last_collection_time": "0.0s" + } + }, + "puppet_server": "rampup-test-master.somedomain.info", + "puppet_vardir": "/opt/puppetlabs/puppet/cache", + "puppetversion": "6.4.3", + "retrieve_system_users": "root,bin,daemon,adm,lp,sync,shutdown,halt,mail,operator,games,ftp,nobody,systemd-network,dbus,polkitd,rpc,rpcuser,sshd,postfix,chrony", + "root_home": "/root", + "ruby": { + "platform": "x86_64-linux", + "sitedir": "/opt/puppetlabs/puppet/lib/ruby/site_ruby/2.5.0", + "version": "2.5.3" + }, + "rubyplatform": "x86_64-linux", + "rubysitedir": "/opt/puppetlabs/puppet/lib/ruby/site_ruby/2.5.0", + "rubyversion": "2.5.3", + "selinux": true, + "selinux_config_mode": "enforcing", + "selinux_config_policy": "targeted", + "selinux_current_mode": "enforcing", + "selinux_enforced": true, + "selinux_policyversion": "31", + "serialnumber": "3c2513f4-b791-4ce7-9b2f-558c71093ec7", + "service_provider": "systemd", + "should_install_shiro_ini": true, + "ssh": { + "ecdsa": { + "fingerprints": { + "sha1": "SSHFP 3 1 2fe85de6459487dc3ab85f5995a6d5e8958f565f", + "sha256": "SSHFP 3 2 0fa1224c2453f230b076433dd42b5f5a862a862bc508c594ebb348bbc1deefc0" + }, + "key": "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKzZbfdqsDgzsxWqTmcEPWoZdo4sYZWPOCB6/4J5kdJDlBxZvOzn3doBXo1QiTHkK9a5TEqwUKkFoWJbwRgqpxM=", + "type": "ecdsa-sha2-nistp256" + }, + "ed25519": { + "fingerprints": { + "sha1": "SSHFP 4 1 1e0256cc498990e4d80d6a2b39fd4808a458efe3", + "sha256": "SSHFP 4 2 f0cc3e18b108026d598d67aa6dbb226e6eb73aa172d27a9d7ac5b580c5ea5402" + }, + "key": "AAAAC3NzaC1lZDI1NTE5AAAAIARKGmVDn4GWu7g/LOEZQ3Bonlc3l2rfWHUTq2+dI1lH", + "type": "ssh-ed25519" + }, + "rsa": { + "fingerprints": { + "sha1": "SSHFP 1 1 e8667b8ae1174e1d7f0c0c47af3afd776b021dbe", + "sha256": "SSHFP 1 2 51689e30a5e077d3143b85acf31c5cb0aec78a0722883de3b51180034a43af63" + }, + "key": "AAAAB3NzaC1yc2EAAAADAQABAAABAQCsaoFsStAo0xJdOWveTYg/PF98PxHMu8vtbP8041saU6D8X7Ero/M1lTfL+oSjHaCbGe9zjoOm9NLnKd0Qfbxaol5oHqmsfi+0C5iITD4U9ELvy2OBb8qtSqsDeterJ4OuQpxllDNVQaenMw+iYdHQh3BzAdbqTyxWveXE64JJJPYUfUd6tj0rVeDuRe2+Vf2H128agAqwwgjH0ueUaWk6EWAkAN788H92uUNrbq0VLUhWUHy9jGmI/mI+NfwYFO+NA3eAMeJMSZnN4E8FUrtoZDaFZsOs7BoEtcdJSKbQR156wdkUz69l0v1FY9T5x38+JjE4wjEU1ifd5pJJQozl", + "type": "ssh-rsa" + } + }, + "ssh_client_version_full": "7.4p1", + "ssh_server_version_full": "7.4p1", + "ssh_server_version_major": "7", + "ssh_server_version_release": "7.4", + "sshecdsakey": "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKzZbfdqsDgzsxWqTmcEPWoZdo4sYZWPOCB6/4J5kdJDlBxZvOzn3doBXo1QiTHkK9a5TEqwUKkFoWJbwRgqpxM=", + "sshed25519key": "AAAAC3NzaC1lZDI1NTE5AAAAIARKGmVDn4GWu7g/LOEZQ3Bonlc3l2rfWHUTq2+dI1lH", + "sshfp_ecdsa": "SSHFP 3 1 2fe85de6459487dc3ab85f5995a6d5e8958f565f\nSSHFP 3 2 0fa1224c2453f230b076433dd42b5f5a862a862bc508c594ebb348bbc1deefc0", + "sshfp_ed25519": "SSHFP 4 1 1e0256cc498990e4d80d6a2b39fd4808a458efe3\nSSHFP 4 2 f0cc3e18b108026d598d67aa6dbb226e6eb73aa172d27a9d7ac5b580c5ea5402", + "sshfp_rsa": "SSHFP 1 1 e8667b8ae1174e1d7f0c0c47af3afd776b021dbe\nSSHFP 1 2 51689e30a5e077d3143b85acf31c5cb0aec78a0722883de3b51180034a43af63", + "sshrsakey": "AAAAB3NzaC1yc2EAAAADAQABAAABAQCsaoFsStAo0xJdOWveTYg/PF98PxHMu8vtbP8041saU6D8X7Ero/M1lTfL+oSjHaCbGe9zjoOm9NLnKd0Qfbxaol5oHqmsfi+0C5iITD4U9ELvy2OBb8qtSqsDeterJ4OuQpxllDNVQaenMw+iYdHQh3BzAdbqTyxWveXE64JJJPYUfUd6tj0rVeDuRe2+Vf2H128agAqwwgjH0ueUaWk6EWAkAN788H92uUNrbq0VLUhWUHy9jGmI/mI+NfwYFO+NA3eAMeJMSZnN4E8FUrtoZDaFZsOs7BoEtcdJSKbQR156wdkUz69l0v1FY9T5x38+JjE4wjEU1ifd5pJJQozl", + "staging_http_get": "curl", + "system_uptime": { + "days": 0, + "hours": 1, + "seconds": 6872, + "uptime": "1:54 hours" + }, + "system_users": "sshd", + "timezone": "UTC", + "uptime": "1:54 hours", + "uptime_days": 0, + "uptime_hours": 1, + "uptime_seconds": 6872, + "uuid": "F037E492-B099-4C5F-9D71-983D102E9AEB", + "virtual": "kvm", + "windows_java_temp": "\\tmp", + "clientcert": "centos7.somedomain.info", + "clientversion": "6.4.3", + "clientnoop": false + }, + "timestamp": "2019-09-06T15:32:06.821290011+00:00", + "expiration": "2019-09-06T16:02:06.822101814+00:00" + } diff --git a/spec/factsets/README.md b/spec/factsets/README.md new file mode 100644 index 000000000..dd72566c9 --- /dev/null +++ b/spec/factsets/README.md @@ -0,0 +1,7 @@ +# Factsets + +This directory is where we put any custom factsets that we want to use. They can be generated by running `puppet facts` on the target system. + +**Hot tip:** If you already have factsets in here when you run `onceover init` they will be picked up and added to the config file Automatically + +More info: https://github.com/dylanratcliffe/onceover#factsets diff --git a/spec/factsets/Windows_Server-2012r2-64.json b/spec/factsets/Windows_Server-2012r2-64.json new file mode 100644 index 000000000..dfa5e2923 --- /dev/null +++ b/spec/factsets/Windows_Server-2012r2-64.json @@ -0,0 +1,170 @@ +{ + "name": "win-e5k8tm30719", + "trusted": { + "pp_role": "agent", + "pp_service": "puppet", + "pp_product": "puppet", + "pp_preshared_key": "somekey" + }, + "values": { + "agent_specified_environment": "production", + "architecture": "x64", + "dhcp_servers": { + "Ethernet": "10.0.2.2", + "system": "10.0.2.2" + }, + "dmi": { + "manufacturer": "innotek GmbH", + "product": { + "name": "VirtualBox", + "serial_number": "0" + } + }, + "env_windows_installdir": "C:\\Program Files\\Puppet Labs\\Puppet", + "facterversion": "3.1.1", + "fqdn": "WIN-E5K8TM30719", + "hardwareisa": "x64", + "hardwaremodel": "x86_64", + "hostname": "WIN-E5K8TM30719", + "id": "WIN-E5K8TM30719\\vagrant", + "identity": { + "user": "WIN-E5K8TM30719\\vagrant" + }, + "interfaces": "Ethernet", + "ipaddress": "10.0.2.15", + "ipaddress6": "fe80::a180:36e0:3a6e:1005%12", + "ipaddress6_Ethernet": "fe80::a180:36e0:3a6e:1005%12", + "ipaddress_Ethernet": "10.0.2.15", + "is_virtual": true, + "kernel": "windows", + "kernelmajversion": "6.3", + "kernelrelease": "6.3.9600", + "kernelversion": "6.3.9600", + "macaddress": "08:00:27:81:38:FA", + "macaddress_Ethernet": "08:00:27:81:38:FA", + "manufacturer": "innotek GmbH", + "memory": { + "system": { + "available": "1.42 GiB", + "available_bytes": 1521610752, + "capacity": "29.13%", + "total": "2.00 GiB", + "total_bytes": 2147012608, + "used": "596.43 MiB", + "used_bytes": 625401856 + } + }, + "memoryfree": "1.42 GiB", + "memoryfree_mb": 1451.12109375, + "memorysize": "2.00 GiB", + "memorysize_mb": 2047.55078125, + "mtu_Ethernet": 1500, + "netmask": "255.255.255.0", + "netmask6": "ffff:ffff:ffff:ffff::", + "netmask6_Ethernet": "ffff:ffff:ffff:ffff::", + "netmask_Ethernet": "255.255.255.0", + "network": "10.0.2.0", + "network6": "fe80::%12", + "network6_Ethernet": "fe80::%12", + "network_Ethernet": "10.0.2.0", + "networking": { + "dhcp": "10.0.2.2", + "fqdn": "WIN-E5K8TM30719", + "hostname": "WIN-E5K8TM30719", + "interfaces": { + "Ethernet": { + "bindings": [ + { + "address": "10.0.2.15", + "netmask": "255.255.255.0", + "network": "10.0.2.0" + } + ], + "bindings6": [ + { + "address": "fe80::a180:36e0:3a6e:1005%12", + "netmask": "ffff:ffff:ffff:ffff::", + "network": "fe80::%12" + } + ], + "dhcp": "10.0.2.2", + "ip": "10.0.2.15", + "ip6": "fe80::a180:36e0:3a6e:1005%12", + "mac": "08:00:27:81:38:FA", + "mtu": 1500, + "netmask": "255.255.255.0", + "netmask6": "ffff:ffff:ffff:ffff::", + "network": "10.0.2.0", + "network6": "fe80::%12" + } + }, + "ip": "10.0.2.15", + "ip6": "fe80::a180:36e0:3a6e:1005%12", + "mac": "08:00:27:81:38:FA", + "mtu": 1500, + "netmask": "255.255.255.0", + "netmask6": "ffff:ffff:ffff:ffff::", + "network": "10.0.2.0", + "network6": "fe80::%12", + "primary": "Ethernet" + }, + "operatingsystem": "windows", + "operatingsystemmajrelease": "2012 R2", + "operatingsystemrelease": "2012 R2", + "os": { + "architecture": "x64", + "family": "windows", + "hardware": "x86_64", + "name": "windows", + "release": { + "full": "2012 R2", + "major": "2012 R2" + }, + "windows": { + "system32": "C:\\Windows\\system32" + } + }, + "osfamily": "windows", + "path": "C:/Program Files/Puppet Labs/Puppet/facter/bin;C:\\Program Files\\Puppet Labs\\Puppet\\puppet\\bin;C:\\Program Files\\Puppet Labs\\Puppet\\facter\\bin;C:\\Program Files\\Puppet Labs\\Puppet\\hiera\\bin;C:\\Program Files\\Puppet Labs\\Puppet\\mcollective\\bin;C:\\Program Files\\Puppet Labs\\Puppet\\bin;C:\\Program Files\\Puppet Labs\\Puppet\\sys\\ruby\\bin;C:\\Program Files\\Puppet Labs\\Puppet\\sys\\tools\\bin;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Program Files (x86)\\Git\\cmd;C:\\Program Files (x86)\\Git\\bin;C:\\Program Files\\Puppet Labs\\Puppet\\bin", + "physicalprocessorcount": 1, + "processor0": "Intel(R) Core(TM) i7-4850HQ CPU @ 2.30GHz", + "processorcount": 1, + "processors": { + "count": 1, + "isa": "x64", + "models": [ + "Intel(R) Core(TM) i7-4850HQ CPU @ 2.30GHz" + ], + "physicalcount": 1 + }, + "productname": "VirtualBox", + "puppetversion": "4.2.3", + "ruby": { + "platform": "x64-mingw32", + "sitedir": "C:/Program Files/Puppet Labs/Puppet/sys/ruby/lib/ruby/site_ruby/2.1.0", + "version": "2.1.7" + }, + "rubyplatform": "x64-mingw32", + "rubysitedir": "C:/Program Files/Puppet Labs/Puppet/sys/ruby/lib/ruby/site_ruby/2.1.0", + "rubyversion": "2.1.7", + "serialnumber": "0", + "system32": "C:\\Windows\\system32", + "system_uptime": { + "days": 0, + "hours": 0, + "seconds": 287, + "uptime": "0:04 hours" + }, + "timezone": "Coordinated Universal Time", + "uptime": "0:04 hours", + "uptime_days": 0, + "uptime_hours": 0, + "uptime_seconds": 287, + "virtual": "virtualbox", + "clientcert": "win-e5k8tm30719", + "clientversion": "4.2.3", + "clientnoop": false + }, + "timestamp": "2015-11-19T01:47:05.215450000+00:00", + "expiration": "2015-11-19T02:17:05.215450000+00:00" +} diff --git a/spec/factsets/osx-10.13-x86_64.json b/spec/factsets/osx-10.13-x86_64.json new file mode 100644 index 000000000..5cf1490a7 --- /dev/null +++ b/spec/factsets/osx-10.13-x86_64.json @@ -0,0 +1,190 @@ +{ + "name": "something-c02nfmkgg3qh", + "trusted": { + "pp_role": "agent", + "pp_service": "puppet", + "pp_product": "puppet", + "pp_preshared_key": "somekey" + }, + "values": { + "puppetversion": "6.0.4", + "agent_specified_environment": "production", + "puppet_inventory_metadata": { + "packages": { + "collection_enabled": false, + "last_collection_time": "0.0s" + } + }, + "platform_symlink_writable": true, + "pe_concat_basedir": "/Users/something/.puppetlabs/opt/puppet/cache/pe_concat", + "is_pe": false, + "puppet_files_dir_present": false, + "platform_tag": "osx-10.13-x86_64", + "aio_agent_build": "1.10.14", + "staging_http_get": "curl", + "aio_agent_version": "1.10.14", + "kernelversion": "17.7.0", + "uptime": "5:20 hours", + "kernelrelease": "17.7.0", + "uptime_seconds": 19255, + "path": "/usr/local/sbin:/Users/something/bin:/Library/Frameworks/Python.framework/Versions/2.7/bin:/usr/local/bin:/opt/local/bin:/opt/local/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/MacGPG2/bin:/opt/puppetlabs/bin:/usr/local/munki:/opt/puppetlabs/pdk/bin:/Users/something/.rvm/bin:/usr/local/Cellar/ec2-api-tools/1.7.1.0/bin", + "kernel": "Darwin", + "hostname": "something", + "productname": "MacBookPro11,1", + "operatingsystem": "Darwin", + "processors": { + "count": 4, + "speed": "2.6 GHz" + }, + "uptime_days": 0, + "kernelmajversion": "17.7", + "timezone": "CST", + "ps": "ps auxwww", + "virtual": "physical", + "is_virtual": false, + "architecture": "x86_64", + "hardwaremodel": "x86_64", + "os": { + "name": "Darwin", + "family": "Darwin", + "release": { + "major": "17", + "minor": "7", + "full": "17.7.0" + } + }, + "network_lo0": "127.0.0.0", + "network_en0": "192.168.1.0", + "network_vboxnet0": "10.20.1.0", + "rubysitedir": "/Library/Ruby/Site/2.3.0", + "sp_smc_version_system": "2.16f68", + "sp_boot_rom_version": "149.0.0.0.0", + "sp_cpu_type": "Intel Core i5", + "sp_current_processor_speed": "2.6 GHz", + "sp_l2_cache_core": "256 KB", + "sp_l3_cache": "3 MB", + "sp_machine_model": "MacBookPro11,1", + "sp_machine_name": "MacBook Pro", + "sp_number_processors": 2, + "sp_packages": 1, + "sp_physical_memory": "8 GB", + "sp_platform_uuid": "83B229EC-0FF7-589A-8239-C087E9DCE28C", + "sp_serial_number": "C02NFMKGG3QH", + "sp_boot_mode": "normal_boot", + "sp_boot_volume": "Macintosh HD", + "sp_kernel_version": "Darwin 17.7.0", + "sp_local_host_name": "Troys Macbook Pro (2)", + "sp_os_version": "macOS 10.13.6 (17G3025)", + "sp_secure_vm": "secure_vm_enabled", + "sp_system_integrity": "integrity_enabled", + "sp_uptime": "up 0:5:21:24", + "sp_user_name": "Troy E Klein (something)", + "macosx_productname": "Mac OS X", + "macosx_productversion": "10.13.6", + "macosx_buildversion": "17G3025", + "macosx_productversion_major": "10.13", + "macosx_productversion_minor": "6", + "operatingsystemmajrelease": "17", + "gid": "staff", + "hardwareisa": "i386", + "rubyversion": "2.3.7", + "processorcount": 4, + "system_uptime": { + "seconds": 19255, + "hours": 5, + "days": 0, + "uptime": "5:20 hours" + }, + "macaddress": "6c:40:08:8b:27:76", + "osfamily": "Darwin", + "id": "something", + "uptime_hours": 5, + "facterversion": "2.5.1", + "memorysize": "8.00 GB", + "memoryfree": "96.96 MB", + "swapsize": "1024.00 MB", + "swapfree": "980.00 MB", + "swapsize_mb": "1024.00", + "swapfree_mb": "980.00", + "memorysize_mb": "8192.00", + "memoryfree_mb": "96.96", + "swapencrypted": true, + "netmask": "255.255.255.0", + "domain": "something-C02NFMKGG3QH", + "interfaces": "lo0,gif0,stf0,XHC20,en1,en2,en0,p2p0,awdl0,bridge0,utun0,vboxnet0,vboxnet1,vboxnet10,vboxnet11,vboxnet12,vboxnet13,vboxnet14,vboxnet15,vboxnet16,vboxnet17,vboxnet18,vboxnet19,vboxnet2,vboxnet20,vboxnet3,vboxnet4,vboxnet5,vboxnet6,vboxnet7,vboxnet8,vboxnet9", + "ipaddress_lo0": "127.0.0.1", + "netmask_lo0": "255.0.0.0", + "mtu_lo0": 16384, + "mtu_gif0": 1280, + "mtu_stf0": 1280, + "mtu_xhc20": 0, + "macaddress_en1": "72:00:06:01:a0:10", + "mtu_en1": 1500, + "macaddress_en2": "72:00:06:01:a0:11", + "mtu_en2": 1500, + "ipaddress_en0": "192.168.1.31", + "macaddress_en0": "6c:40:08:8b:27:76", + "netmask_en0": "255.255.255.0", + "mtu_en0": 1500, + "macaddress_p2p0": "0e:40:08:8b:27:76", + "mtu_p2p0": 2304, + "macaddress_awdl0": "f6:a3:5b:2a:e2:8a", + "mtu_awdl0": 1484, + "macaddress_bridge0": "72:00:06:01:a0:10", + "mtu_bridge0": 1500, + "mtu_utun0": 2000, + "ipaddress_vboxnet0": "10.20.1.1", + "macaddress_vboxnet0": "0a:00:27:00:00:00", + "netmask_vboxnet0": "255.255.255.0", + "mtu_vboxnet0": 1500, + "macaddress_vboxnet1": "0a:00:27:00:00:01", + "mtu_vboxnet1": 1500, + "macaddress_vboxnet10": "0a:00:27:00:00:0a", + "mtu_vboxnet10": 1500, + "macaddress_vboxnet11": "0a:00:27:00:00:0b", + "mtu_vboxnet11": 1500, + "macaddress_vboxnet12": "0a:00:27:00:00:0c", + "mtu_vboxnet12": 1500, + "macaddress_vboxnet13": "0a:00:27:00:00:0d", + "mtu_vboxnet13": 1500, + "macaddress_vboxnet14": "0a:00:27:00:00:0e", + "mtu_vboxnet14": 1500, + "macaddress_vboxnet15": "0a:00:27:00:00:0f", + "mtu_vboxnet15": 1500, + "macaddress_vboxnet16": "0a:00:27:00:00:10", + "mtu_vboxnet16": 1500, + "macaddress_vboxnet17": "0a:00:27:00:00:11", + "mtu_vboxnet17": 1500, + "macaddress_vboxnet18": "0a:00:27:00:00:12", + "mtu_vboxnet18": 1500, + "macaddress_vboxnet19": "0a:00:27:00:00:13", + "mtu_vboxnet19": 1500, + "macaddress_vboxnet2": "0a:00:27:00:00:02", + "mtu_vboxnet2": 1500, + "macaddress_vboxnet20": "0a:00:27:00:00:14", + "mtu_vboxnet20": 1500, + "macaddress_vboxnet3": "0a:00:27:00:00:03", + "mtu_vboxnet3": 1500, + "macaddress_vboxnet4": "0a:00:27:00:00:04", + "mtu_vboxnet4": 1500, + "macaddress_vboxnet5": "0a:00:27:00:00:05", + "mtu_vboxnet5": 1500, + "macaddress_vboxnet6": "0a:00:27:00:00:06", + "mtu_vboxnet6": 1500, + "macaddress_vboxnet7": "0a:00:27:00:00:07", + "mtu_vboxnet7": 1500, + "macaddress_vboxnet8": "0a:00:27:00:00:08", + "mtu_vboxnet8": 1500, + "macaddress_vboxnet9": "0a:00:27:00:00:09", + "mtu_vboxnet9": 1500, + "fqdn": "something-C02NFMKGG3QH", + "operatingsystemrelease": "17.7.0", + "ipaddress": "192.168.1.31", + "rubyplatform": "universal.x86_64-darwin17", + "clientcert": "something-c02nfmkgg3qh", + "clientversion": "6.0.4", + "clientnoop": false + }, + "timestamp": "2018-12-03T14:16:56.056860000-06:00", + "expiration": "2018-12-03T14:46:56.057472000-06:00" +} diff --git a/spec/factsets/solaris-11.2-sparc-64.json b/spec/factsets/solaris-11.2-sparc-64.json new file mode 100644 index 000000000..8d6a0e9c3 --- /dev/null +++ b/spec/factsets/solaris-11.2-sparc-64.json @@ -0,0 +1,780 @@ +{ + "name": "solaris-11_2-sparc-t4-64.puppet.example", + "trusted": { + "pp_role": "agent", + "pp_service": "puppet", + "pp_product": "puppet", + "pp_preshared_key": "somekey" + }, + "values": { + "aio_agent_build": "1.4.2", + "aio_agent_version": "1.4.2", + "architecture": "sun4v", + "augeas": { + "version": "1.4.0" + }, + "augeasversion": "1.4.0", + "blockdevice_sd4_size": -1168154624, + "blockdevice_sd4_vendor": "HITACHI", + "blockdevice_sd5_size": -647710720, + "blockdevice_sd5_vendor": "HITACHI", + "blockdevice_sd6_size": 0, + "blockdevice_sd6_vendor": "AMI", + "blockdevice_sd7_size": 0, + "blockdevice_sd7_vendor": "TEAC", + "blockdevice_sd8_size": -1168154624, + "blockdevice_sd8_vendor": "HITACHI", + "blockdevice_sd9_size": -647710720, + "blockdevice_sd9_vendor": "HITACHI", + "blockdevices": "sd4,sd5,sd8,sd9,sd7,sd6", + "custom_auth_conf": false, + "dhcp_servers": { + "net0": "10.32.22.10", + "system": "10.32.22.10" + }, + "disks": { + "sd4": { + "product": "H109060SESUN600GRevision", + "size": "558.91 GiB", + "size_bytes": -1168154624, + "vendor": "HITACHI" + }, + "sd5": { + "product": "H109030SESUN300GRevision", + "size": "279.40 GiB", + "size_bytes": -647710720, + "vendor": "HITACHI" + }, + "sd6": { + "product": "Virtual CDROM Revision", + "size": "0 bytes", + "size_bytes": 0, + "vendor": "AMI" + }, + "sd7": { + "product": "DV-W28SS-W Revision", + "size": "0 bytes", + "size_bytes": 0, + "vendor": "TEAC" + }, + "sd8": { + "product": "H109060SESUN600GRevision", + "size": "558.91 GiB", + "size_bytes": -1168154624, + "vendor": "HITACHI" + }, + "sd9": { + "product": "H109030SESUN300GRevision", + "size": "279.40 GiB", + "size_bytes": -647710720, + "vendor": "HITACHI" + } + }, + "dmi": { + "manufacturer": "Oracle Corporation" + }, + "domain": "puppet.example", + "facterversion": "3.1.6", + "fqdn": "solaris-11_2-sparc-t4-64.puppet.example", + "gid": "root", + "hardwareisa": "sparc", + "hardwaremodel": "sun4v", + "hostname": "solaris-11_2-sparc-t4-64", + "id": "root", + "identity": { + "gid": 0, + "group": "root", + "uid": 0, + "user": "root" + }, + "interfaces": "lo0,net0", + "ipaddress": "10.32.77.68", + "ipaddress_lo0": "127.0.0.1", + "ipaddress_net0": "10.32.77.68", + "is_pe": false, + "is_virtual": true, + "kernel": "SunOS", + "kernelmajversion": "11", + "kernelrelease": "5.11", + "kernelversion": "11.2", + "load_averages": { + "15m": 1.0234375, + "1m": 1.21875, + "5m": 1.28125 + }, + "macaddress": "02:08:20:41:26:8c", + "macaddress_net0": "02:08:20:41:26:8c", + "manufacturer": "Oracle Corporation", + "memory": { + "swap": { + "available": "4.00 GiB", + "available_bytes": -8192, + "capacity": "0%", + "total": "4.00 GiB", + "total_bytes": -8192, + "used": "0 bytes", + "used_bytes": 0 + }, + "system": { + "available": "2.34 GiB", + "available_bytes": -1777401856, + "capacity": "84.80%", + "total": "15.43 GiB", + "total_bytes": -611737600, + "used": "13.09 GiB", + "used_bytes": 1165664256 + } + }, + "memoryfree": "2.34 GiB", + "memoryfree_mb": 2400.9375, + "memorysize": "15.43 GiB", + "memorysize_mb": 15800.6015625, + "mountpoints": { + "/": { + "available": "475.29 GiB", + "available_bytes": -757564928, + "capacity": "0.18%", + "device": "rpool/ROOT/solaris-0", + "filesystem": "zfs", + "options": [ + "rw", + "nodevices", + "setuid", + "nonbmand", + "exec", + "rstchown", + "xattr", + "atime", + "mountpoint=/zones/cisparc/root/", + "zone=cisparc", + "nozonemod", + "sharezone=38", + "dev=495017b" + ], + "size": "476.16 GiB", + "size_bytes": 175171072, + "used": "889.53 MiB", + "used_bytes": 932736000 + }, + "/dev": { + "available": "0 bytes", + "available_bytes": 0, + "capacity": "100%", + "device": "/dev", + "filesystem": "dev", + "options": [ + "zone=cisparc", + "nozonemod", + "sharezone=38", + "dev=8e0001c" + ], + "size": "0 bytes", + "size_bytes": 0, + "used": "0 bytes", + "used_bytes": 0 + }, + "/dev/fd": { + "available": "0 bytes", + "available_bytes": 0, + "capacity": "100%", + "device": "fd", + "filesystem": "fd", + "options": [ + "rw", + "nodevices", + "rstchown", + "zone=cisparc", + "sharezone=38", + "dev=9040027" + ], + "size": "0 bytes", + "size_bytes": 0, + "used": "0 bytes", + "used_bytes": 0 + }, + "/etc/dfs/sharetab": { + "available": "0 bytes", + "available_bytes": 0, + "capacity": "100%", + "device": "sharefs", + "filesystem": "sharefs", + "options": [ + "nodevices", + "rstchown", + "zone=cisparc", + "sharezone=38", + "dev=8f40016" + ], + "size": "0 bytes", + "size_bytes": 0, + "used": "0 bytes", + "used_bytes": 0 + }, + "/etc/mnttab": { + "available": "0 bytes", + "available_bytes": 0, + "capacity": "100%", + "device": "mnttab", + "filesystem": "mntfs", + "options": [ + "nodevices", + "rstchown", + "zone=cisparc", + "sharezone=38", + "dev=8e80027" + ], + "size": "0 bytes", + "size_bytes": 0, + "used": "0 bytes", + "used_bytes": 0 + }, + "/export": { + "available": "475.29 GiB", + "available_bytes": -757564928, + "capacity": "0.00%", + "device": "rpool/export", + "filesystem": "zfs", + "options": [ + "rw", + "nodevices", + "setuid", + "nonbmand", + "exec", + "rstchown", + "xattr", + "atime", + "zone=cisparc", + "sharezone=38", + "dev=495017f" + ], + "size": "475.29 GiB", + "size_bytes": -757532160, + "used": "32.00 KiB", + "used_bytes": 32768 + }, + "/export/home": { + "available": "475.29 GiB", + "available_bytes": -757564928, + "capacity": "0.00%", + "device": "rpool/export/home", + "filesystem": "zfs", + "options": [ + "rw", + "nodevices", + "setuid", + "nonbmand", + "exec", + "rstchown", + "xattr", + "atime", + "zone=cisparc", + "sharezone=38", + "dev=4950180" + ], + "size": "475.29 GiB", + "size_bytes": -757533184, + "used": "31.00 KiB", + "used_bytes": 31744 + }, + "/proc": { + "available": "0 bytes", + "available_bytes": 0, + "capacity": "100%", + "device": "proc", + "filesystem": "proc", + "options": [ + "nodevices", + "rstchown", + "zone=cisparc", + "sharezone=38", + "dev=8dc0026" + ], + "size": "0 bytes", + "size_bytes": 0, + "used": "0 bytes", + "used_bytes": 0 + }, + "/rpool": { + "available": "475.29 GiB", + "available_bytes": -757564928, + "capacity": "0.00%", + "device": "rpool", + "filesystem": "zfs", + "options": [ + "rw", + "nodevices", + "setuid", + "nonbmand", + "exec", + "rstchown", + "xattr", + "atime", + "zone=cisparc", + "sharezone=38", + "dev=4950181" + ], + "size": "475.29 GiB", + "size_bytes": -757533184, + "used": "31.00 KiB", + "used_bytes": 31744 + }, + "/system/contract": { + "available": "0 bytes", + "available_bytes": 0, + "capacity": "100%", + "device": "ctfs", + "filesystem": "ctfs", + "options": [ + "nodevices", + "rstchown", + "zone=cisparc", + "sharezone=38", + "dev=8e40027" + ], + "size": "0 bytes", + "size_bytes": 0, + "used": "0 bytes", + "used_bytes": 0 + }, + "/system/object": { + "available": "0 bytes", + "available_bytes": 0, + "capacity": "100%", + "device": "objfs", + "filesystem": "objfs", + "options": [ + "nodevices", + "rstchown", + "zone=cisparc", + "sharezone=38", + "dev=8f00027" + ], + "size": "0 bytes", + "size_bytes": 0, + "used": "0 bytes", + "used_bytes": 0 + }, + "/system/volatile": { + "available": "4.53 GiB", + "available_bytes": 571752448, + "capacity": "0.01%", + "device": "swap", + "filesystem": "tmpfs", + "options": [ + "nodevices", + "rstchown", + "xattr", + "zone=cisparc", + "sharezone=38", + "dev=8ec004d" + ], + "size": "4.53 GiB", + "size_bytes": 572342272, + "used": "576.00 KiB", + "used_bytes": 589824 + }, + "/tmp": { + "available": "4.53 GiB", + "available_bytes": 571752448, + "capacity": "0.95%", + "device": "swap", + "filesystem": "tmpfs", + "options": [ + "nodevices", + "rstchown", + "xattr", + "zone=cisparc", + "sharezone=38", + "dev=8ec004e" + ], + "size": "4.58 GiB", + "size_bytes": 618414080, + "used": "44.50 MiB", + "used_bytes": 46661632 + }, + "/var": { + "available": "475.29 GiB", + "available_bytes": -757564928, + "capacity": "0.05%", + "device": "rpool/ROOT/solaris-0/var", + "filesystem": "zfs", + "options": [ + "rw", + "nodevices", + "setuid", + "nonbmand", + "exec", + "rstchown", + "xattr", + "atime", + "mountpoint=/zones/cisparc/root/var", + "zone=cisparc", + "nozonemod", + "sharezone=38", + "dev=495017d" + ], + "size": "475.51 GiB", + "size_bytes": -521269760, + "used": "225.35 MiB", + "used_bytes": 236295168 + }, + "/var/share": { + "available": "475.29 GiB", + "available_bytes": -757564928, + "capacity": "0.00%", + "device": "rpool/VARSHARE", + "filesystem": "zfs", + "options": [ + "rw", + "nodevices", + "setuid", + "nonbmand", + "exec", + "rstchown", + "xattr", + "atime", + "zone=cisparc", + "sharezone=38", + "dev=495017e" + ], + "size": "475.30 GiB", + "size_bytes": -756610048, + "used": "932.50 KiB", + "used_bytes": 954880 + }, + "/var/share/pkg": { + "available": "475.29 GiB", + "available_bytes": -757564928, + "capacity": "0.00%", + "device": "rpool/VARSHARE/pkg", + "filesystem": "zfs", + "options": [ + "rw", + "nodevices", + "setuid", + "nonbmand", + "exec", + "rstchown", + "xattr", + "atime", + "zone=cisparc", + "sharezone=38", + "dev=4950182" + ], + "size": "475.29 GiB", + "size_bytes": -757532160, + "used": "32.00 KiB", + "used_bytes": 32768 + }, + "/var/share/pkg/repositories": { + "available": "475.29 GiB", + "available_bytes": -757564928, + "capacity": "0.00%", + "device": "rpool/VARSHARE/pkg/repositories", + "filesystem": "zfs", + "options": [ + "rw", + "nodevices", + "setuid", + "nonbmand", + "exec", + "rstchown", + "xattr", + "atime", + "zone=cisparc", + "sharezone=38", + "dev=4950183" + ], + "size": "475.29 GiB", + "size_bytes": -757533184, + "used": "31.00 KiB", + "used_bytes": 31744 + } + }, + "mtu_lo0": 8232, + "mtu_net0": 1500, + "netmask": "255.255.255.0", + "netmask_lo0": "255.0.0.0", + "netmask_net0": "255.255.255.0", + "network": "10.32.77.0", + "network_lo0": "127.0.0.0", + "network_net0": "10.32.77.0", + "networking": { + "dhcp": "10.32.22.10", + "domain": "puppet.example", + "fqdn": "solaris-11_2-sparc-t4-64.puppet.example", + "hostname": "solaris-11_2-sparc-t4-64", + "interfaces": { + "lo0": { + "bindings": [ + { + "address": "127.0.0.1", + "netmask": "255.0.0.0", + "network": "127.0.0.0" + } + ], + "ip": "127.0.0.1", + "mtu": 8232, + "netmask": "255.0.0.0", + "network": "127.0.0.0" + }, + "net0": { + "bindings": [ + { + "address": "10.32.77.68", + "netmask": "255.255.255.0", + "network": "10.32.77.0" + } + ], + "dhcp": "10.32.22.10", + "ip": "10.32.77.68", + "mac": "02:08:20:41:26:8c", + "mtu": 1500, + "netmask": "255.255.255.0", + "network": "10.32.77.0" + } + }, + "ip": "10.32.77.68", + "mac": "02:08:20:41:26:8c", + "mtu": 1500, + "netmask": "255.255.255.0", + "network": "10.32.77.0", + "primary": "net0" + }, + "operatingsystem": "Solaris", + "operatingsystemmajrelease": "11", + "operatingsystemrelease": "11.2", + "os": { + "architecture": "sun4v", + "family": "Solaris", + "hardware": "sun4v", + "name": "Solaris", + "release": { + "full": "11.2", + "major": "11", + "minor": "2" + } + }, + "osfamily": "Solaris", + "path": "PATH:/opt/puppetlabs/bin:/usr/sbin:/usr/bin:/sbin", + "pe_concat_basedir": "/opt/puppetlabs/puppet/cache/pe_concat", + "physicalprocessorcount": 1, + "platform_symlink_writable": true, + "platform_tag": "solaris-11-sparc", + "processor0": "SPARC-T4", + "processor1": "SPARC-T4", + "processor10": "SPARC-T4", + "processor11": "SPARC-T4", + "processor12": "SPARC-T4", + "processor13": "SPARC-T4", + "processor14": "SPARC-T4", + "processor15": "SPARC-T4", + "processor16": "SPARC-T4", + "processor17": "SPARC-T4", + "processor18": "SPARC-T4", + "processor19": "SPARC-T4", + "processor2": "SPARC-T4", + "processor20": "SPARC-T4", + "processor21": "SPARC-T4", + "processor22": "SPARC-T4", + "processor23": "SPARC-T4", + "processor24": "SPARC-T4", + "processor25": "SPARC-T4", + "processor26": "SPARC-T4", + "processor27": "SPARC-T4", + "processor28": "SPARC-T4", + "processor29": "SPARC-T4", + "processor3": "SPARC-T4", + "processor30": "SPARC-T4", + "processor31": "SPARC-T4", + "processor32": "SPARC-T4", + "processor33": "SPARC-T4", + "processor34": "SPARC-T4", + "processor35": "SPARC-T4", + "processor36": "SPARC-T4", + "processor37": "SPARC-T4", + "processor38": "SPARC-T4", + "processor39": "SPARC-T4", + "processor4": "SPARC-T4", + "processor40": "SPARC-T4", + "processor41": "SPARC-T4", + "processor42": "SPARC-T4", + "processor43": "SPARC-T4", + "processor44": "SPARC-T4", + "processor45": "SPARC-T4", + "processor46": "SPARC-T4", + "processor47": "SPARC-T4", + "processor48": "SPARC-T4", + "processor49": "SPARC-T4", + "processor5": "SPARC-T4", + "processor50": "SPARC-T4", + "processor51": "SPARC-T4", + "processor52": "SPARC-T4", + "processor53": "SPARC-T4", + "processor54": "SPARC-T4", + "processor55": "SPARC-T4", + "processor56": "SPARC-T4", + "processor57": "SPARC-T4", + "processor58": "SPARC-T4", + "processor59": "SPARC-T4", + "processor6": "SPARC-T4", + "processor60": "SPARC-T4", + "processor61": "SPARC-T4", + "processor62": "SPARC-T4", + "processor63": "SPARC-T4", + "processor7": "SPARC-T4", + "processor8": "SPARC-T4", + "processor9": "SPARC-T4", + "processorcount": 64, + "processors": { + "count": 64, + "isa": "sparc", + "models": [ + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4", + "SPARC-T4" + ], + "physicalcount": 1, + "speed": "2.85 GHz" + }, + "puppet_files_dir_present": false, + "puppetversion": "4.4.2", + "ruby": { + "platform": "sparc-solaris2.11", + "sitedir": "/opt/puppetlabs/puppet/lib/ruby/site_ruby/2.1.0", + "version": "2.1.8" + }, + "rubyplatform": "sparc-solaris2.11", + "rubysitedir": "/opt/puppetlabs/puppet/lib/ruby/site_ruby/2.1.0", + "rubyversion": "2.1.8", + "solaris_zones": { + "current": "cisparc", + "zones": { + "cisparc": { + "brand": "solaris", + "id": "38", + "ip_type": "excl", + "path": "/", + "status": "running", + "uuid": "9903e75b-f048-4e38-83b3-977cde7b3782" + } + } + }, + "ssh": { + "dsa": { + "fingerprints": { + "sha1": "SSHFP 2 1 db349d276f0d3465ddf320d4f39d91349f1b576f", + "sha256": "SSHFP 2 2 b8e58d26d36f2ce088034a1ce3be70b03ef404671f0c6ed3256152af9c9ad607" + }, + "key": "AAAAB3NzaC1kc3MAAACBAMVAhiKM1nrem5tlbgwagi6NKV1e6RIpLxXj+vovBAb/vWf6+in2lBrxLqljbxYWq1XTOJoXUTybb24gpnDwZC2v/5TytqJ35P4ptOH1fY2zthRnkgyYUMfF7nLslOgoy24A19uwmR3lhFpklhCUe1xkMHOXkToujrfym+nwpFZ5AAAAFQDRqOSYA1u47UtVMg4zXL0txwFHIwAAAIBNxcSYfeOSQrkFawbG0GQpSNs2Z/iqFDbJFz/Ha1xkitkpmBBNizRva5tqNR8uaK/VHoIdaK7Rn1qS/D2Sl3w4Ps4UhEN9qOOylQplUmqb4JAFtAFInDMIHz/69SYMyBJ9eXQHh8mOeLX8s2lQow+Z/iOVpAlGIB0PxrHClqSN5AAAAIEAqHqE/Ry0hL98YpXRvMw0kpMl439iXQjzfx3IgJzSScNpNx3G5QDDysSu8dzanOvqXxJ0ynwc1LxuXhuvq4hJ990snyYLOgNOOJ5v86G1TkXTq3Ny0gb+7efiwI7u4xIY6WrQeXt32hbRY0kF/MswmKjz3NSBK6jozSNwHlP6jeA=" + }, + "rsa": { + "fingerprints": { + "sha1": "SSHFP 1 1 865be76b66792c0d98006a6ed5227f19f8241cf3", + "sha256": "SSHFP 1 2 c74d9f97237b06070909f30fbb68afbe0943450a8ea3d1b85fb16db53441a824" + }, + "key": "AAAAB3NzaC1yc2EAAAABIwAAAQEA8bZpHkHvgZEBhn7qlupS61DjwXYOnTVFuaOaDI6eesXxU1yDJfEqO1eHp6YF6x5gmM/mDyfFU9hixMmH9yLRgi2/QUhoYa44z8NB3EBaHxFtLQLnoFTGq/VR5xZ+pyBcbwUswvDel3OfXTcepmT6lWLCBRLOfYTc6hzwRCfyrWgdVc3kruu9hh9pKIWFEyUUztHWuR7+akNH3nD+EcqsmuMowEzzssWC8msWnAX89geFPuhilAgz7Qcc1bJZUaWGgOzyaZKn3IVNNa3grOWzgKDE6gdLMefnk0dgndtIbB1E9iY1syosQCrBIiEfMMGEBjrDstcNKs+Ge8stRljjMw==" + } + }, + "sshdsakey": "AAAAB3NzaC1kc3MAAACBAMVAhiKM1nrem5tlbgwagi6NKV1e6RIpLxXj+vovBAb/vWf6+in2lBrxLqljbxYWq1XTOJoXUTybb24gpnDwZC2v/5TytqJ35P4ptOH1fY2zthRnkgyYUMfF7nLslOgoy24A19uwmR3lhFpklhCUe1xkMHOXkToujrfym+nwpFZ5AAAAFQDRqOSYA1u47UtVMg4zXL0txwFHIwAAAIBNxcSYfeOSQrkFawbG0GQpSNs2Z/iqFDbJFz/Ha1xkitkpmBBNizRva5tqNR8uaK/VHoIdaK7Rn1qS/D2Sl3w4Ps4UhEN9qOOylQplUmqb4JAFtAFInDMIHz/69SYMyBJ9eXQHh8mOeLX8s2lQow+Z/iOVpAlGIB0PxrHClqSN5AAAAIEAqHqE/Ry0hL98YpXRvMw0kpMl439iXQjzfx3IgJzSScNpNx3G5QDDysSu8dzanOvqXxJ0ynwc1LxuXhuvq4hJ990snyYLOgNOOJ5v86G1TkXTq3Ny0gb+7efiwI7u4xIY6WrQeXt32hbRY0kF/MswmKjz3NSBK6jozSNwHlP6jeA=", + "sshfp_dsa": "SSHFP 2 1 db349d276f0d3465ddf320d4f39d91349f1b576f\nSSHFP 2 2 b8e58d26d36f2ce088034a1ce3be70b03ef404671f0c6ed3256152af9c9ad607", + "sshfp_rsa": "SSHFP 1 1 865be76b66792c0d98006a6ed5227f19f8241cf3\nSSHFP 1 2 c74d9f97237b06070909f30fbb68afbe0943450a8ea3d1b85fb16db53441a824", + "sshrsakey": "AAAAB3NzaC1yc2EAAAABIwAAAQEA8bZpHkHvgZEBhn7qlupS61DjwXYOnTVFuaOaDI6eesXxU1yDJfEqO1eHp6YF6x5gmM/mDyfFU9hixMmH9yLRgi2/QUhoYa44z8NB3EBaHxFtLQLnoFTGq/VR5xZ+pyBcbwUswvDel3OfXTcepmT6lWLCBRLOfYTc6hzwRCfyrWgdVc3kruu9hh9pKIWFEyUUztHWuR7+akNH3nD+EcqsmuMowEzzssWC8msWnAX89geFPuhilAgz7Qcc1bJZUaWGgOzyaZKn3IVNNa3grOWzgKDE6gdLMefnk0dgndtIbB1E9iY1syosQCrBIiEfMMGEBjrDstcNKs+Ge8stRljjMw==", + "staging_http_get": "curl", + "swapfree": "4.00 GiB", + "swapfree_mb": 4095.9921875, + "swapsize": "4.00 GiB", + "swapsize_mb": 4095.9921875, + "system_uptime": { + "days": 2, + "hours": 62, + "seconds": 225780, + "uptime": "2 days" + }, + "timezone": "PDT", + "uptime": "2 days", + "uptime_days": 2, + "uptime_hours": 62, + "uptime_seconds": 225780, + "virtual": "zone", + "zfs_featurenumbers": "1,2,3,4,5,6", + "zfs_version": "6", + "zone_cisparc_brand": "solaris", + "zone_cisparc_id": "38", + "zone_cisparc_iptype": "excl", + "zone_cisparc_name": "cisparc", + "zone_cisparc_path": "/", + "zone_cisparc_status": "running", + "zone_cisparc_uuid": "9903e75b-f048-4e38-83b3-977cde7b3782", + "zonename": "cisparc", + "zones": 1, + "zpool_featurenumbers": "1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35", + "zpool_version": "35", + "clientcert": "solaris-11_2-sparc-t4-64.puppet.example", + "clientversion": "4.4.2", + "clientnoop": false + }, + "timestamp": "2016-05-02T09:17:24.513519261-07:00", + "expiration": "2016-05-02T09:47:24.517016904-07:00" +} diff --git a/spec/hiera.yaml b/spec/hiera.yaml new file mode 100644 index 000000000..f9039821a --- /dev/null +++ b/spec/hiera.yaml @@ -0,0 +1,28 @@ +--- +version: 5 +defaults: # Used for any hierarchy level that omits these keys. + datadir: ../data # This path is relative to hiera.yaml's directory. + data_hash: yaml_data # Use the built-in YAML backend. + +hierarchy: + - name: "Should be deleted data (this data is for testing purposes only)" # feel free to delete this layer + path: "to_be_deleted.yaml" + + - name: "Per-node data" # Human-readable name. + path: "nodes/%{trusted.certname}.yaml" # File path, relative to datadir. + # ^^^ IMPORTANT: include the file extension! + - name: "Per-datacenter business role data" # Uses trusted data extentions. + path: "datacenter/%{facts.datacenter}/%{trusted.extentions.pp_role}.yaml" + + - name: "Role business data" + path: "role/%{trusted.extentions.pp_role}.yaml" + + - name: "Per-OS defaults" + path: "os/%{facts.os.family}.yaml" + + - name: "Virtual defaults" # Used to configure PE master from within virtual + path: "virtual/%{facts.virtual}.yaml" # like virtualbox or testing platform + + - name: "Common data" + path: "common.yaml" + diff --git a/spec/onceover.yaml b/spec/onceover.yaml new file mode 100644 index 000000000..2b55248b4 --- /dev/null +++ b/spec/onceover.yaml @@ -0,0 +1,61 @@ +# Classes to be tested +# test all roles in repo +classes: + - '/role::/' + - profile::os::baseline + +# Nodes to tests classes on, this refers to a 'factset' or 'nodeset' +# depending on weather you are running 'spec' or 'acceptance' tests +nodes: + - CentOS-7.0-64 + - CentOS-6.6-64 + - Windows_Server-2012r2-64 + - solaris-11.2-sparc-64 + +# You can group classes here to save typing +class_groups: + base: + - 'profile::os::baseline' + windows: + - '/role::spider/' + - 'profile::os::baseline' + linux: + - '/role::sup_svc/' + - '/role::fastb/' + - profile::os::baseline +# You can group nodes here to save typing +# We have created a 'non_windows_nodes' group because we can't +# give you Windows vagrant boxes to test with because licensing, +# we can give you fact sets though so go crazy with spec testing! +node_groups: + windows_nodes: + - Windows_Server-2012r2-64 + linux_nodes: + - CentOS-7.0-64 + - CentOS-6.6-64 + solaris_nodes: + - solaris-11.2-sparc-64 + non_windows_nodes: + include: 'linux_nodes' + include: 'solaris_nodes' + exclude: 'windows_nodes' + +test_matrix: + - linux_nodes: + classes: 'linux' + tests: 'spec' + - windows_nodes: + classes: 'windows' + tests: 'spec' + - solaris_nodes: + classes: 'base' + tests: 'spec' + - non_windows_nodes: + classes: + - 'linux' + - 'solaris' + tests: 'acceptance' + +opts: + :facts_dirs: + - spec/factsets \ No newline at end of file diff --git a/spec/pre_conditions/README.md b/spec/pre_conditions/README.md new file mode 100644 index 000000000..f0a81bf9c --- /dev/null +++ b/spec/pre_conditions/README.md @@ -0,0 +1,24 @@ +# Pre Conditions + +This folder should contain any \*.pp files that you want to be included in every test. + +A common use of this is defining resources that may not exist in the catalog when you are running tests. For example, if we are using a resource that tries to restart the `pe-puppetserver` service, unless it is compiled on a Puppet Maser the `pe-puppetserver` service will not exist and the catalog will fail to compile. To get around this we can create a .pp file and define the resource like so: + +``` puppet +# We are not going to actually have this service anywhere on our servers but +# our code needs to refresh it. This is to trick puppet into doing nothing +service { 'pe-puppetserver': + ensure => 'running', + enable => false, + hasrestart => false, # Force Puppet to use start and stop to restart + start => 'echo "Start"', # This will always exit 0 + stop => 'echo "Stop"', # This will also always exit 0 + hasstatus => false, # Force puppet to use our command for status + status => 'echo "Status"', # This will always exit 0 and therefore Puppet will think the service is running + provider => 'base', +} +``` + +This will mean that the `pe-puppetserver` service is in the catalog for spec testing and will even allow you to try to restart it during acceptance tests without the service actually being present. + +More info: https://github.com/dylanratcliffe/onceover#using-workarounds diff --git a/spec/pre_conditions/puppet_enterprise.pp b/spec/pre_conditions/puppet_enterprise.pp new file mode 100644 index 000000000..a41ab15ba --- /dev/null +++ b/spec/pre_conditions/puppet_enterprise.pp @@ -0,0 +1,5 @@ +# this class is just to verify masters class works +class puppet_enterprise ( + $certificate_authority_host = 'localhost', +) { +} diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb new file mode 100644 index 000000000..35654b3d2 --- /dev/null +++ b/spec/spec_helper.rb @@ -0,0 +1,44 @@ +require 'puppetlabs_spec_helper/module_spec_helper' +require 'rspec-puppet-facts' + +require 'spec_helper_local' if File.file?(File.join(File.dirname(__FILE__), 'spec_helper_local.rb')) + +include RspecPuppetFacts + +default_facts = { + puppetversion: Puppet.version, + facterversion: Facter.version, +} + +default_fact_files = [ + File.expand_path(File.join(File.dirname(__FILE__), 'default_facts.yml')), + File.expand_path(File.join(File.dirname(__FILE__), 'default_module_facts.yml')), +] + +default_fact_files.each do |f| + next unless File.exist?(f) && File.readable?(f) && File.size?(f) + + begin + default_facts.merge!(YAML.safe_load(File.read(f))) + rescue => e + RSpec.configuration.reporter.message "WARNING: Unable to load #{f}: #{e}" + end +end + +RSpec.configure do |c| + c.default_facts = default_facts + c.before :each do + # set to strictest setting for testing + # by default Puppet runs at warning level + Puppet.settings[:strict] = :warning + end +end + +def ensure_module_defined(module_name) + module_name.split('::').reduce(Object) do |last_module, next_module| + last_module.const_set(next_module, Module.new) unless last_module.const_defined?(next_module, false) + last_module.const_get(next_module, false) + end +end + +# 'spec_overrides' from sync.yml will appear below this line