cleanup

2024-08-07 15:20:20 +02:00
parent d4bc4c3636
commit 4182aa7a0d
6 changed files with 42 additions and 174 deletions
@@ -92,12 +92,6 @@ chapters:
      - file: admin-guide/accounts-and-groups
      - file: admin-guide/active-directory
      - file: admin-guide/updates
-      - file: admin-guide/mgmt-tools
-        sections:
-          - file: admin-guide/mgmt-tools/sysdb
-          - file: admin-guide/mgmt-tools/bob
-          - file: admin-guide/mgmt-tools/sphinx
-          - file: admin-guide/mgmt-tools/puppetdb
      - file: admin-guide/operations
        sections:
          - file: admin-guide/operations/certificates
@@ -1,51 +0,0 @@
-bob - a CLI sysdb client
-========================
-
-``bob`` is a command-line client for sysdb. It supports adding, updating, and
-retrieving information about environments, nodes, MAC addresses and attributes.
-It can authenticate using Kerberos credentials or username/password pairs.
-
-For more information about bob refer to https://git.psi.ch/linux-infra/bob
-
-Attributes
----------
-
-The following attributes can be set for a node:
-
-+------------------------+------------------+-----------+--------------------------------------------------------------------------------+
-| attribute name         | sample value     | mandatory | meaning                                                                        | 
-+========================+==================+===========+================================================================================+
-| ``iface``              | ``enp225s0f0``   | no        | the installation entry to use for automatic installation                       |
-+------------------------+------------------+-----------+--------------------------------------------------------------------------------+
-| ``ipxe_installer``     | ``rhel8install`` | no        | the installation entry to use for automatic installation  (``netboot``)        |
-+------------------------+------------------+-----------+--------------------------------------------------------------------------------+
-| ``network``            | ``static``       | no        | network setup of the installed system; can be ``static`` or ``dhcp`` (default) |
-+------------------------+------------------+-----------+--------------------------------------------------------------------------------+
-| ``puppet_env``         | ``preprod``      | no        | puppet environment with ``prod`` as default                                    |
-+------------------------+------------------+-----------+--------------------------------------------------------------------------------+
-| ``puppet_role``        | ``role::server`` | yes       | puppet role of the node. String should start with ``role::``                   |
-+------------------------+------------------+-----------+--------------------------------------------------------------------------------+
-| ``puppet_group``       | ``computing``    | no        | defines the group for the hiera values. If not set takes the ``default`` one   |
-+------------------------+------------------+-----------+--------------------------------------------------------------------------------+
-| ``rootpw``             | ``$y$j9T$f...``  | no        | root password hash                                                             |
-+------------------------+------------------+-----------+--------------------------------------------------------------------------------+
-
-
-root password
-~~~~~~~~~~~~~
-
-The root password can be set with the attribute ``rootpw``. The value
-of the attribute must be the password hash, and can be generated with the command 
-``openssl passwd -6``
-
-partitions
-~~~~~~~~~~
-
-Partition schema can be passed as a url using the ``partitions`` attribute.
-It must be a publicly accessible url and its content will be copied into the
-kickstart section related to the partition.
-
-The usage of this attribute is generally discouraged and is provided to cover
-only the cases that are not actually already covered by the installation system,
-eg. the software raid configuration.
-
@@ -1,52 +0,0 @@
-puppetdb
-========
-
-Authentication
--------------
-
-We need a client certificate (including the key) accepted by the Puppet server
-for authentication. On Puppet-enabled nodes the node's certificate works, ie
-
- Certificate: ``/etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem``
- Key: ``/etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem``
-
-These can be supplied to ``curl(1)`` using the ``--key``, ``--cert``, and
-``--cacert`` options::
-
-    curl --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem \
-         --key /etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem \
-         --cert /etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem \
-         https://puppet01.psi.ch:8080/pdb/query/v4/nodes
-
-
-Queries
-------
-
-There are several API endpoints, eg. ``/pdb/query/v4`` (note that there is no
-``/`` at the end), or ``/pdb/query/v4/nodes``.
-
-
-Examples
--------
-
-First, let's define a function to simplify the queries::
-
-    function pdb {
-      local pql=$1
-    
-      curl --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem \
-           --key /etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem \
-           --cert /etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem \
-           -H content-type:application/json --data "{ \"query\": \"$pql\" }" \
-           https://puppet01.psi.ch:8080/pdb/query/v4 | json_reformat
-    }
-
-
-List all nodes::
-
-    pdb "nodes[certname] { order by certname }"
-
-
-List environments and times of the last Puppet run::
-
-    pdb "reports[certname,environment,start_time,end_time] { order by certname }"
@@ -1,46 +0,0 @@
-Sphinx
-======
-
-`Sphinx <http://www.sphinx-doc.org/en/stable/>`_ is a tool for generating
-documentation from `reStructuredText
-<http://docutils.sourceforge.net/docs/ref/rst/restructuredtext.html>`_.
-
-It can generate various formats, including HTML and PDF.
-
-
-Installing Sphinx
-----------------
-
-basically it is enough to install the ``python-sphinx`` package:
-
-On RHEL 7::
-
-    yum install python-sphinx
-
-On RHEL8::
-
-    dnf install python3-sphinx
-
-
-Editing
-------
-
-On Linux with the ``inotify-tools`` it is easy to have the documentation recompiled
-automatically while editing. Just run the following in the base directory of the
-documentation::
-
-    inotifywait --monitor --recursive --event close_write --exclude '_build' . | while read l; do make html;done
-
-On OSX you can install `fswatch <https://github.com/emcrisostomo/fswatch>`_ and then run the following::
-
-    fswatch --exclude=_build --monitor=fsevents_monitor --recursive --event Updated --event Created --event Renamed .| while read l; do make html ;done
-
-An even better alternative is `sphinx-autobuild
-<https://pypi.python.org/pypi/sphinx-autobuild>`_, which can be installed using
-pip::
-
-    pip install sphinx-autobuild
-
-It can then be called like this::
-
-    sphinx-autobuild /path/to/sphinx/repo /path/to/sphinx/repo/_build/html/
@@ -1,19 +0,0 @@
-sysdb
-=====
-
-sysdb is a simple database holding information relevant to system deployment,
-including
-
-#. a MAC to FQDN mapping
-
-#. whether to boot from local disk or install
-
-#. if installation is requested, which distribution/release to install
-
-#. which environment a system belongs to, and who can manage the environment
-
-#. arbitrary key-value pairs which can be used to store additional information
-   like the Puppet role of a system.
-
-sysdb runs on the server, ie. ``sysdb.psi.ch`` (production).
-
@@ -52,3 +52,45 @@ The data-xxx repositories have a webhook configured that points to http://puppet
 The triggered webhook code can be found on puppet01 at /var/www/webhook/app/webhook.py

 This webhook checks out the data repositories in /srv/puppet/data
+
+# PuppetDB
+To be able to talk to the PuppetDB we need a (client) certificate (including the key) accepted by the Puppet server
+for authentication. On Puppet-enabled nodes the node's certificate works, i.e.:
+
+- Certificate: `/etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem`
+- Key: `/etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem`
+
+These can be supplied to `curl(1)` using the `--key`, `--cert`, and
+`--cacert` options:
+
+```bash
+    curl --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem \
+         --key /etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem \
+         --cert /etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem \
+         https://puppet01.psi.ch:8080/pdb/query/v4/nodes
+```
+
+There are several API endpoints that can be queried, e.g. `/pdb/query/v4` (note that there is no
+`/` at the end), or `/pdb/query/v4/nodes`.
+
+
+## Examples
+
+```bash
+# define a function to simplify the queries
+function pdb {
+    local pql=$1
+    curl --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem \
+        --key /etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem \
+        --cert /etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem \
+        -H content-type:application/json --data "{ \"query\": \"$pql\" }" \
+        https://puppet01.psi.ch:8080/pdb/query/v4 | json_reformat
+    }
+
+# list all nodes
+pdb "nodes[certname] { order by certname }"
+
+
+# list environments and times of the last Puppet run
+pdb "reports[certname,environment,start_time,end_time] { order by certname }"
+```