This project contains puppet modules used by Unruly for configuration management, developed in the open to improve code quality and decouple data (e.g. credentials and secrets) from configuration.
unruly-puppet requires Puppet, Ruby, pdk, and pre-commit installed.
$ git clone git@github.com:unruly/unruly-puppet.git
$ pre-commit install # install validation pre-commit hooks
We use pdk to test and build this project.
$ ./lint-and-test.sh # run puppet parser to validate files, and pdk test on all modules
The feedback loop for applying a puppet class in a Docker container is conveniently short.
The Docker configuration for the smoke test environment implements a masterless puppet agent in order to optimise for quick application of catalogs.
For further documentation please see the test_configuration README
The smoke tests require Docker to be installed locally.
Users should ensure any hiera data is configured in hieradata/
yaml files, and those files are referenced in hiera.yaml
.
To run smoke tests on a designated Puppet class:
Add the class you're requiring into a manifest inside the test_configuration/manifests directory.
$ ./smoke-test.sh test_configuration::my_puppet_class_name
unruly-puppet is versioned with tags against the master branch e.g. v0.0.10
We aim to support Semantic Versioning as closely as possible.
Individual modules can be imported in your Puppetfile using librarian
e.g.
def unruly_mod(name, version)
mod "unruly/#{name}",
:git => 'git@github.com:unruly/unruly-puppet.git',
:path => "modules/#{name}",
:ref => version
end
unruly_mod 'base', 'v0.0.10'
Module | Resource | Description |
---|---|---|
credentials | credentials |
Manages the /etc/credentials directory tree for storing configuration files. |
cron | cron::cleanup |
Cleans up files not modified past a defined threshold within a directory. |
base | base |
Includes base::* subclasses. |
base::awscli |
Install awscli from pip, and symlink it so it is available on all paths | |
base::collectd |
Installs collectd, provides configuration, and ensures service is running. | |
base::collectd::plugins |
Installs collectd plugins. | |
base::collectd::config |
Defines configuration resource for backend service (e.g. graphite). | |
base::crond |
Install awscli from pip, and symlink it so it is available on all paths | |
base::nrpe |
Installs nrpe, provides base configuration, and ensures service is running | |
base::nrpe::plugins |
Sets up and configures default NRPE plugins for every node | |
base::nrpe::plugins::disk_params |
Contains the nrpe parameters for disk related checks | |
base::nrpe::plugins::load_params |
Contains the nrpe parameters for load related checks | |
base::ntp |
Installs ntp and ensures that the daemon is running. | |
base::python |
Installs python and pip. | |
base::selinux |
Sets up SELinux for the system. | |
base::ssh::server |
Ensures sshd is running and sets up sshd configuration. | |
base::ssh::server::config |
Configures the SSH daemon. | |
base::syslog_ng |
Installs syslog-ng for system logging and removes known incompatible logging packages | |
base::wget |
Installs wget. | |
base::yum |
Installs base yum plugins on CentOS 7 images. Uses hiera to source plugins by default, but can be customised. | |
base::yum::clean |
Sets up a cronjob to clean Yum repo metadata once per day at random, determined by FQDN. | |
base::yum::cloudinit |
Ensures a file is present in /etc/cloud/cloud-init.disable that stops the cloud-init service from running | |
base::yum::repos::unruly |
Sets up unruly repository configuration for yum. | |
base::yum::repos::epel |
Sets up unruly repository configuration for EPEL. | |
base::yum::repos::artifactory |
Sets up unruly repository configuration for Artifactory. | |
monitoring | monitoring |
Includes monitoring::* subclasses. |
monitoring::nagios |
Installs and starts nagios | |
monitoring::nagios::plugins |
Installs a default set of nagios plugins. | |
monitoring::nagios::nsca |
Installs nsca for accepting passive checks. | |
monitoring::nagios::xinetd |
Installs xinetd. | |
nrpe_custom_check | nrpe_custom_check |
Sets up an nrpe plugin and its configuration. |
nrpe_custom_check::plugin |
Sets up an individual nrpe plugin script. | |
nrpe_custom_check::plugin_config |
Sets up nrpe configuration for a plugin. | |
nrpe_custom_check::sudo_config |
Sets up sudoers configuration for an individual nrpe plugin that requires extra permissions. |