From 84757e20374bee7ce792eeaa1641b36eedd98dbc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix-Antoine=20Fortin?= Date: Tue, 12 Sep 2023 09:26:32 -0400 Subject: [PATCH 1/3] Replace librarian-puppet by r10k --- common/configuration/puppet.yaml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/common/configuration/puppet.yaml b/common/configuration/puppet.yaml index a3015ebd..51e8fb5c 100644 --- a/common/configuration/puppet.yaml +++ b/common/configuration/puppet.yaml @@ -46,7 +46,7 @@ runcmd: grub2-mkconfig -o /boot/grub2/grub.cfg fi %{ if contains(tags, "puppet") } - # Install Java 11 and puppetserver +# Install Java 11 and puppetserver - yum -y install java-11-openjdk-headless puppetserver-7.11.0 # Configure puppetserver to use Java 11 - sudo sed -i 's;\(JAVA_BIN=\).*;\1"/usr/lib/jvm/jre-11/bin/java";g' /etc/sysconfig/puppetserver @@ -54,14 +54,14 @@ runcmd: - sed -i 's/^\(After=.*\)$/\1 puppetserver.service/' /usr/lib/systemd/system/puppet.service - systemctl daemon-reload - systemctl enable puppetserver +# Install gem dependencies + - "/opt/puppetlabs/puppet/bin/gem install autosign:1.0.1 hiera-eyaml:3.4.0 r10k:4.0.0" # Enable autosign with password - chgrp puppet /etc/autosign.conf - chown puppet:puppet /var/log/autosign.log - - /opt/puppetlabs/puppet/bin/gem install autosign - /opt/puppetlabs/bin/puppet config set autosign /opt/puppetlabs/puppet/bin/autosign-validator --section server - /opt/puppetlabs/bin/puppet config set allow_duplicate_certs true --section server # Generate hieradata asymmetric encryption key - - /opt/puppetlabs/puppet/bin/gem install hiera-eyaml - mkdir -p /etc/puppetlabs/puppet/eyaml - /opt/puppetlabs/puppet/bin/eyaml createkeys --pkcs7-private-key=/etc/puppetlabs/puppet/eyaml/private_key.pkcs7.pem --pkcs7-public-key=/etc/puppetlabs/puppet/eyaml/public_key.pkcs7.pem - /opt/puppetlabs/puppet/bin/eyaml createkeys --pkcs7-private-key=/etc/puppetlabs/puppet/eyaml/boot_private_key.pkcs7.pem --pkcs7-public-key=/etc/puppetlabs/puppet/eyaml/boot_public_key.pkcs7.pem @@ -70,7 +70,8 @@ runcmd: - chmod 0400 /etc/puppetlabs/puppet/eyaml/boot_private_key.pkcs7.pem # Setup puppet environment code and modules - rm -rf /etc/puppetlabs/code/environments/production - - git clone ${puppetenv_git} /etc/puppetlabs/code/environments/production + - git clone ${puppetenv_git} /etc/puppetlabs/code/environments/main + - ln -s /etc/puppetlabs/code/environments/main /etc/puppetlabs/code/environments/production - "(cd /etc/puppetlabs/code/environments/production; git checkout ${puppetenv_rev})" %{ if puppetfile != "" ~} %{ if strcontains(puppetfile, "forge") ~} @@ -85,10 +86,10 @@ runcmd: - ln -sf /etc/puppetlabs/data/terraform_data.yaml /etc/puppetlabs/code/environments/production/data/ - ln -sf /etc/puppetlabs/data/user_data.yaml /etc/puppetlabs/code/environments/production/data/ - ln -sf /etc/puppetlabs/facts/terraform_facts.yaml /etc/puppetlabs/code/environments/production/site/profile/facts.d - - /opt/puppetlabs/puppet/bin/gem install librarian-puppet +# We use r10k solely to install the modules of the main branch environment. + - "(cd /etc/puppetlabs/code/environments/production; /opt/puppetlabs/puppet/bin/r10k puppetfile install)" # Wait for Terraform to scp its YAML data - while [ ! -e "/etc/puppetlabs/data/terraform_data.yaml" ]; do echo "$(date -I'seconds') Waiting for terraform to scp terraform_data.yaml"; sleep 5; done - - "(cd /etc/puppetlabs/code/environments/production/ && HOME=/root PATH=$PATH:/opt/puppetlabs/puppet/bin /opt/puppetlabs/puppet/bin/librarian-puppet install)" %{ if node_name != keys(puppetservers)[0] } - sed -e '/certificate-authority-service/ s/^/#/' -i /etc/puppetlabs/puppetserver/services.d/ca.cfg - sed -e '/certificate-authority-disabled-service/ s/^#//' -i /etc/puppetlabs/puppetserver/services.d/ca.cfg From f0155762d38b295c65dd2e79b96d816e4262d6cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix-Antoine=20Fortin?= Date: Tue, 12 Sep 2023 11:36:07 -0400 Subject: [PATCH 2/3] Bump puppet versions --- common/configuration/puppet.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/common/configuration/puppet.yaml b/common/configuration/puppet.yaml index 51e8fb5c..08e7ec2d 100644 --- a/common/configuration/puppet.yaml +++ b/common/configuration/puppet.yaml @@ -37,7 +37,7 @@ runcmd: %{ endif ~} # Puppet agent configuration and install yum -y install https://yum.puppet.com/puppet7-release-el-$(grep -oP 'VERSION_ID="\K[^"]' /etc/os-release).noarch.rpm - yum -y install puppet-agent-7.24.0 + yum -y install puppet-agent-7.26.0 install -m 700 /dev/null /opt/puppetlabs/bin/postrun # kernel configuration systemctl disable kdump @@ -47,7 +47,7 @@ runcmd: fi %{ if contains(tags, "puppet") } # Install Java 11 and puppetserver - - yum -y install java-11-openjdk-headless puppetserver-7.11.0 + - yum -y install java-11-openjdk-headless puppetserver-7.13.0 # Configure puppetserver to use Java 11 - sudo sed -i 's;\(JAVA_BIN=\).*;\1"/usr/lib/jvm/jre-11/bin/java";g' /etc/sysconfig/puppetserver # Configure puppet-agent to start after puppetserver when on puppetserver From 6da7a6e482254998b5cad4c4737fbdc872eab894 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix-Antoine=20Fortin?= Date: Tue, 12 Sep 2023 14:08:12 -0400 Subject: [PATCH 3/3] Fix puppet_forge version to avoid threading issue with r10k --- common/configuration/puppet.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/configuration/puppet.yaml b/common/configuration/puppet.yaml index 08e7ec2d..9f1a1391 100644 --- a/common/configuration/puppet.yaml +++ b/common/configuration/puppet.yaml @@ -55,7 +55,7 @@ runcmd: - systemctl daemon-reload - systemctl enable puppetserver # Install gem dependencies - - "/opt/puppetlabs/puppet/bin/gem install autosign:1.0.1 hiera-eyaml:3.4.0 r10k:4.0.0" + - "/opt/puppetlabs/puppet/bin/gem install autosign:1.0.1 hiera-eyaml:3.4.0 puppet_forge:4.1.0 r10k:4.0.0" # Enable autosign with password - chgrp puppet /etc/autosign.conf - chown puppet:puppet /var/log/autosign.log