Skip to content

unruly/unruly-puppet

Repository files navigation

unruly-puppet

Build Status GitHub tag GitHub

Contents

Introduction

This project contains puppet modules used by Unruly for configuration management, developed in the open to improve code quality and decouple data (e.g. credentials and secrets) from configuration.

Building

unruly-puppet requires Puppet, Ruby, pdk, and pre-commit installed.

$ git clone git@github.com:unruly/unruly-puppet.git

$ pre-commit install # install validation pre-commit hooks

Testing

We use pdk to test and build this project.

$ ./lint-and-test.sh # run puppet parser to validate files, and pdk test on all modules

Smoke Testing with Docker

The feedback loop for applying a puppet class in a Docker container is conveniently short.

The Docker configuration for the smoke test environment implements a masterless puppet agent in order to optimise for quick application of catalogs.

For further documentation please see the test_configuration README

Usage

The smoke tests require Docker to be installed locally.

Users should ensure any hiera data is configured in hieradata/ yaml files, and those files are referenced in hiera.yaml.

To run smoke tests on a designated Puppet class:

Add the class you're requiring into a manifest inside the test_configuration/manifests directory.

$ ./smoke-test.sh test_configuration::my_puppet_class_name

Versioning

unruly-puppet is versioned with tags against the master branch e.g. v0.0.10

We aim to support Semantic Versioning as closely as possible.

Usage

Individual modules can be imported in your Puppetfile using librarian e.g.

  def unruly_mod(name, version)
    mod "unruly/#{name}",
      :git    => 'git@github.com:unruly/unruly-puppet.git',
      :path   => "modules/#{name}",
      :ref    => version
  end
  
  unruly_mod 'base', 'v0.0.10'      

Modules

Module Resource Description
credentials credentials Manages the /etc/credentials directory tree for storing configuration files.
cron cron::cleanup Cleans up files not modified past a defined threshold within a directory.
base base Includes base::* subclasses.
base::awscli Install awscli from pip, and symlink it so it is available on all paths
base::collectd Installs collectd, provides configuration, and ensures service is running.
base::collectd::plugins Installs collectd plugins.
base::collectd::config Defines configuration resource for backend service (e.g. graphite).
base::crond Install awscli from pip, and symlink it so it is available on all paths
base::nrpe Installs nrpe, provides base configuration, and ensures service is running
base::nrpe::plugins Sets up and configures default NRPE plugins for every node
base::nrpe::plugins::disk_params Contains the nrpe parameters for disk related checks
base::nrpe::plugins::load_params Contains the nrpe parameters for load related checks
base::ntp Installs ntp and ensures that the daemon is running.
base::python Installs python and pip.
base::selinux Sets up SELinux for the system.
base::ssh::server Ensures sshd is running and sets up sshd configuration.
base::ssh::server::config Configures the SSH daemon.
base::syslog_ng Installs syslog-ng for system logging and removes known incompatible logging packages
base::wget Installs wget.
base::yum Installs base yum plugins on CentOS 7 images. Uses hiera to source plugins by default, but can be customised.
base::yum::clean Sets up a cronjob to clean Yum repo metadata once per day at random, determined by FQDN.
base::yum::cloudinit Ensures a file is present in /etc/cloud/cloud-init.disable that stops the cloud-init service from running
base::yum::repos::unruly Sets up unruly repository configuration for yum.
base::yum::repos::epel Sets up unruly repository configuration for EPEL.
base::yum::repos::artifactory Sets up unruly repository configuration for Artifactory.
monitoring monitoring Includes monitoring::* subclasses.
monitoring::nagios Installs and starts nagios
monitoring::nagios::plugins Installs a default set of nagios plugins.
monitoring::nagios::nsca Installs nsca for accepting passive checks.
monitoring::nagios::xinetd Installs xinetd.
nrpe_custom_check nrpe_custom_check Sets up an nrpe plugin and its configuration.
nrpe_custom_check::plugin Sets up an individual nrpe plugin script.
nrpe_custom_check::plugin_config Sets up nrpe configuration for a plugin.
nrpe_custom_check::sudo_config Sets up sudoers configuration for an individual nrpe plugin that requires extra permissions.