cloudscript/puppet.cloudscript at master · muraliselva10/cloudscript · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
# Install latest Puppet Master and Agent on CS1-SSD (2x $.015/hr) all running Linux Ubuntu Server 14.04 LTS 64-bit
cloudscript puppet_multi_stack
    version             = _latest
    result_template     = puppet_pair_result_tmpl

globals
    puppet_hostname_master  = 'puppet-master'
    puppet_hostname_agent   = 'puppet-agent'
    puppet_instance_type    = 'CS1-SSD' # 1GB RAM, 1 vCore, 25GB SSD, 10Gbps
    puppet_image_type       = 'Ubuntu Server 14.04 LTS'

    server_password     = lib::random_password()
    console_password    = lib::random_password()
    puppet_slice_user   = 'puppet'

thread puppet_setup
    tasks               = [puppet_master_agent_setup]

task puppet_master_agent_setup

    #-----------------------
    # create puppet keys
    #-----------------------

    /key/password puppet_server_pass_key read_or_create
        key_group       = _SERVER
        password        = server_password

    /key/password puppet_server_console_key read_or_create
        key_group       = _CONSOLE
        password        = console_password

    # create storage slice keys
    /key/token puppet_slice_key read_or_create
        username        = puppet_slice_user

    #----------------------------------------
    # create puppet master/agent bootstraps,
    # scripts and recipes
    #----------------------------------------

    # create slice to store script in cloudstorage
    /storage/slice puppet_slice read_or_create
        keys            = [puppet_slice_key]

    # create slice container to store script in cloudstorage
    /storage/container puppet_container read_or_create
        slice           = puppet_slice

    # place script data in cloudstorage
    /storage/object puppet_master_script_object => [puppet_slice] read_or_create
        container_name  = 'puppet_container'
        file_name       = 'puppet_master_script.sh'
        slice           = puppet_slice
        content_data    = puppet_master_script_tmpl

    # associate the cloudstorage object with the puppet script
    /orchestration/script puppet_master_script => [puppet_slice, puppet_container, puppet_master_script_object] read_or_create
        data_uri        = 'cloudstorage://puppet_slice/puppet_container/puppet_master_script.sh'
        script_type     = _shell
        encoding        = _storage

    # place script data in cloudstorage
    /storage/object puppet_agent_script_object => [puppet_master_server, puppet_slice] read_or_create
        container_name  = 'puppet_container'
        file_name       = 'puppet_agent_script.sh'
        slice           = puppet_slice
        content_data    = puppet_agent_script_tmpl

    # associate the cloudstorage object with the puppet script
    /orchestration/script puppet_agent_script => [puppet_slice, puppet_container, puppet_agent_script_object] read_or_create
        data_uri        = 'cloudstorage://puppet_slice/puppet_container/puppet_agent_script.sh'
        script_type     = _shell
        encoding        = _storage

    /orchestration/recipe puppet_master_recipe read_or_create
        scripts         = [puppet_master_script]

    /orchestration/recipe puppet_agent_recipe read_or_create
        scripts         = [puppet_agent_script]

    #-----------------------
    # create puppet servers
    #-----------------------

    /server/cloud puppet_master_server read_or_create
        hostname        = '{{ puppet_hostname_master }}'
        image           = '{{ puppet_image_type }}'
        service_type    = '{{ puppet_instance_type }}'
        keys            = [puppet_server_pass_key, puppet_server_console_key]
        recipes         = [puppet_master_recipe]

    /server/cloud puppet_agent_server read_or_create
        hostname        = '{{ puppet_hostname_agent }}'
        image           = '{{ puppet_image_type }}'
        service_type    = '{{ puppet_instance_type }}'
        keys            = [puppet_server_pass_key, puppet_server_console_key]
        recipes         = [puppet_agent_recipe]

text_template puppet_agent_script_tmpl
#!/bin/bash

sudo apt-get update
sudo apt-get -y install puppet facter

echo "Using IP={{ puppet_master_server.ipaddress_private }} as IP for puppetmaster"

# setup client /etc/hosts
HOSTS_FILE='/etc/hosts'

LAN_IPADDR="{{ puppet_master_server.ipaddress_private }}"

# see if interface eth1 exists
if [ ! -z "${LAN_IPADDR}" ]; then
    # see if puppet name already in hosts file
    grep -o "puppetmaster[ ]*$" ${HOSTS_FILE}
    if [ $? -ne 0 ]; then
       # Divide the hosts file entry (if it exists) into the non-comment and comment portions
       IPENTRY=`grep ${LAN_IPADDR} ${HOSTS_FILE} | cut -d'#' -f1`
       COMMENT=`grep ${LAN_IPADDR} ${HOSTS_FILE} | grep -o "#[^$]*$"`
       if [ -z "${IPENTRY}" ]; then
          # ip was not listed in host file, let's put it there
          echo "${LAN_IPADDR} puppetmaster" >> ${HOSTS_FILE}
       else
          # ip was listed in host file so let's append to it
          sed -i -e "s/^${IPENTRY}/& puppetmaster ${COMMENT}/" ${HOSTS_FILE}
       fi
    else
       echo "INFO: 'puppetmaster' already defined in hosts file."
    fi
else
    echo "ERROR: Interface eth1 was not detected on puppet server install."
    echo "       Please report this error to technical support."
fi

# test agent connectivity - one shot
puppetd agent --test --server=puppetmaster --no-daemonize --verbose --onetime

puppetd agent --server=puppetmaster  --verbose

_eof

text_template puppet_master_script_tmpl
#!/bin/bash

sudo apt-get update
sudo apt-get install -y puppet puppetmaster facter

mkdir -p /etc/puppet/manifests
mkdir -p /etc/puppet/files

grep 'puppetserver' /etc/puppet/manifests/site.pp
if [ $? -ne 0 ]; then
   echo '
import "nodes.pp"
$puppetserver="puppetmaster"
' > /etc/puppet/manifests/site.pp
fi

grep 'puppetagent' /etc/puppet/manifests/nodes.pp
if [ $? -ne 0 ]; then
   echo '
node puppet-agent {

    include sudo
    package { "vim"    :  ensure => present, }
    package { "apache2":  ensure => present, }
    service { "apache2":  ensure => running, require => Package["apache2"], }

    file { "/var/www/html/index.html":
      content => "This web server was provisioned by puppet.",
      require => Package["apache2"],
      owner => "www-data",
      group => "www-data",
      mode => 0644,
    }


}
' > /etc/puppet/manifests/nodes.pp
fi

grep 'autosign=' /etc/puppet/puppet.conf
if [ $? -ne 0 ]; then
   echo '# Note this is for demonstration pupposes only.  autosign set to true is bad from a security standpoint.' >> /etc/puppet/puppet.conf
   echo 'autosign=true' >> /etc/puppet/puppet.conf
fi

grep 'certname=' /etc/puppet/puppet.conf
if [ $? -ne 0 ]; then
   echo 'certname=puppetmaster' >> /etc/puppet/puppet.conf
fi

# For our demo we'll force the agents to include sudo
mkdir -p /etc/puppet/modules/sudo/files
mkdir -p /etc/puppet/modules/sudo/templates
mkdir -p /etc/puppet/modules/sudo/manifests

# workaround to bug #2244 create a lib dir in any module - "pluginsync fails when no source is available"
mkdir -p /etc/puppet/modules/sudo/lib

touch /etc/puppet/modules/sudo/manifests/init.pp
grep 'class sudo' /etc/puppet/modules/sudo/manifests/init.pp
if [ $? -ne 0 ]; then
   echo '
class sudo {
   package { sudo :
       ensure => present,
   }

   if $operatingsystem == "Ubuntu" {
      package { "sudo-ldap":
         ensure => present,
         require => Package["sudo"],
      }
   }

   file { "/etc/sudoers":
      owner => "root",
      group => "root",
      mode  => 0440,
      source => "puppet://$puppetserver/modules/sudo/etc/sudoers",
      require => Package["sudo"],
   }

}
' >> /etc/puppet/modules/sudo/manifests/init.pp
fi

mkdir -p /etc/puppet/modules/sudo/files/etc
# Note: be sure to check/sanitize this copy of /etc/sudoers
cp /etc/sudoers /etc/puppet/modules/sudo/files/etc
chmod 444 /etc/puppet/modules/sudo/files/etc/sudoers

# restart the master
service puppetmaster restart

_eof

text_template puppet_pair_result_tmpl

Thank you for provisioning a puppet master/agent setup.

You can login to the master server directly via SSH by connecting
to:

root@{{ puppet_master_server.ipaddress_public }}
using the password: {{ puppet_server_pass_key.password }}

You can login to the agent client directly via SSH by connecting to:

root@{{ puppet_agent_server.ipaddress_public }}
using the password: {{ puppet_server_pass_key.password }}

_eof