From c18a5e7c140eeabb00386058e7c7e1ac87950bd9 Mon Sep 17 00:00:00 2001 From: ebner Date: Thu, 8 Aug 2024 14:55:39 +0200 Subject: [PATCH] reshuffle --- _toc.yml | 3 +- admin-guide/puppet/general.rst | 101 ------------------ admin-guide/puppet/overview.md | 5 + admin-guide/puppet/puppet_client.md | 3 +- .../puppet/_static}/puppet_workflow.jpg | Bin infrastructure-guide/puppet/overview.md | 40 +++++++ 6 files changed, 49 insertions(+), 103 deletions(-) delete mode 100644 admin-guide/puppet/general.rst create mode 100644 admin-guide/puppet/overview.md rename {admin-guide/puppet => infrastructure-guide/puppet/_static}/puppet_workflow.jpg (100%) create mode 100644 infrastructure-guide/puppet/overview.md diff --git a/_toc.yml b/_toc.yml index f400fdf5..79cd7e57 100644 --- a/_toc.yml +++ b/_toc.yml @@ -93,7 +93,7 @@ chapters: - file: admin-guide/active-directory - file: admin-guide/puppet sections: - - file: admin-guide/puppet/general + - file: admin-guide/puppet/overview - file: admin-guide/puppet/puppet_client - file: admin-guide/puppet/puppet_environments - file: admin-guide/puppet/hiera @@ -122,6 +122,7 @@ chapters: - file: infrastructure-guide/ipxe - file: infrastructure-guide/puppet sections: + - file: infrastructure-guide/puppet/overview - file: infrastructure-guide/puppet/modules sections: - glob: infrastructure-guide/puppet/roles/* diff --git a/admin-guide/puppet/general.rst b/admin-guide/puppet/general.rst deleted file mode 100644 index c6f50c62..00000000 --- a/admin-guide/puppet/general.rst +++ /dev/null @@ -1,101 +0,0 @@ -General -======= - -[Puppet](https://puppet.com/docs/puppet) is the *configuration management system* used to configure the hosts. - -Our [Puppet Dashboard](https://puppet01.psi.ch/puppetboard) gives an overview over all systems managed using Puppet at PSI. - - -`Puppet `_ is the *configuration management system* used to configure the hosts. - -Introduction ------------- - -Puppet is used in master mode and the general idea is to make large -use of indipendent and (relatively) small puppet -modules and composing profiles and roles based on them to create -classes that are assigned to the hosts. With indipendence -of puppet modules we mean that each puppet module targets a single -functionality (eg. `web server`, `afs client`) and this -is choosen to keep the code of the single module smaller, more -coherent and easier to debug. - -Furthermore the system makes use of some puppet modules from the `puppet forge -`_. These puppet modules are not accessed directly but -through their PSI mirror, inside of the `Linux-infra group `_. - -Code and data are kept separated, using puppet modules -for code and hiera for data. Secure data are safely managed -inside hiera using `hiera eyaml `_. - -To each host the following element will determine how it will be configured: - -- the puppet environment (that will determine the puppet role/profile code base) -- the sysdb data environment (that will determine the hiera code base) -- the puppet group (that will determine what files will be considered in the hiera code base) -- the role - -All these elements are configured inside sysdb as attributes and are accessed -by the puppet master via the ENC. - -Here you can get a general overview: - -.. following image generated from https://docs.google.com/drawings/d/16AXZd5PF-HgW379Cxgvwzvc6MTl_34LVFHzP5Fi8RdQ/edit - -.. image:: puppet_workflow.jpg - - - -Environments ------------- - -We use Puppet environments for two purposes: - -- roll out changes to a small subset of all systems first -- module development - - -The following environments exist: - -- ``prod`` - - The most stable, and most systems are attached to it. All changes to ``prod`` - have to go through ``preprod`` first. - -- ``preprod`` - -- Development environments. These are private to a single developer, - can have names matching the regex ``^[a-z]+[a-z,0-9,_]+$`` like ``ganglia_issue_21`` or - ``klog_client``, and are used for developing and testing - changes. Generally, only individual systems are attached to these - environments. - - - -puppet master -------------- - -The puppet master will make use of the `ENC -`_ for getting -two informations: - - - the environment; - - the role. - -The environment is used to determine the directory location inside -`/etc/puppetlabs/code/environments` where to look code for. - -The role is a class-name inside the specific environment that will be -used to generate the node catalog. - -Assuming for example the following result from the ENC for a specific node: :: - - --- - environment: production - classes: - - role::log_server - -the puppet master will look for the a puppet class named -``role::log_server`` in the file -`/etc/puppetlabs/code/environments/productions/modules/psi/manifests/role/log_server.pp`. - diff --git a/admin-guide/puppet/overview.md b/admin-guide/puppet/overview.md new file mode 100644 index 00000000..e0f3c22f --- /dev/null +++ b/admin-guide/puppet/overview.md @@ -0,0 +1,5 @@ +# Overview + +[Puppet](https://puppet.com/docs/puppet) is the *configuration management system* used to configure our nodes at PSI. + +Our [Puppet Dashboard](https://puppet.psi.ch/puppetboard) gives an overview over all systems managed using Puppet at PSI. diff --git a/admin-guide/puppet/puppet_client.md b/admin-guide/puppet/puppet_client.md index 210ff763..00c269ba 100644 --- a/admin-guide/puppet/puppet_client.md +++ b/admin-guide/puppet/puppet_client.md @@ -25,7 +25,8 @@ The client will keep this environment until -## Attach Node to Different Puppet Server +## Configuration +### Attach Node to Different Puppet Server For testing purpose you might want to change the Puppet server to which a test node is attached to. To do so do, change the ``server`` in the ``[main]`` section of ``/etc/puppetlabs/puppet/puppet.conf`` accordingly. diff --git a/admin-guide/puppet/puppet_workflow.jpg b/infrastructure-guide/puppet/_static/puppet_workflow.jpg similarity index 100% rename from admin-guide/puppet/puppet_workflow.jpg rename to infrastructure-guide/puppet/_static/puppet_workflow.jpg diff --git a/infrastructure-guide/puppet/overview.md b/infrastructure-guide/puppet/overview.md new file mode 100644 index 00000000..7b090a70 --- /dev/null +++ b/infrastructure-guide/puppet/overview.md @@ -0,0 +1,40 @@ + +# Overview + +Puppet is used in master mode and the general idea is to make large use of indipendent and (relatively) small puppet modules and composing profiles and roles based on them to create classes that are assigned to the hosts. By independence of puppet modules we mean that each puppet module targets a single functionality (eg. `web server`, `afs client`) and this is choosen to keep the code of the single module smaller, more coherent and easier to debug. + +Furthermore the system makes use of some puppet modules from the [puppet forge](https://forge.puppet.com). These puppet modules are not accessed directly but through a PSI mirror. + +Code and data are kept separated, using puppet modules for code and hiera for data. Secure data are safely managed inside hiera using [hiera eyaml](https://github.com/TomPoulton/hiera-eyaml). + +For each host the following parameters will determine how it will be configured: + +- the puppet environment (that will determine the puppet role/profile code base) +- the sysdb data environment (that will determine the hiera code base) +- the puppet group (that will determine what files will be considered in the hiera code base) +- the role + +All these elements are configured inside sysdb as attributes and are accessed by the puppet master via the ENC. + +Here you can get a general overview: +![puppet workflow](_static/puppet_workflow.jpg) + + +## Puppet Environments +------------ + +We use Puppet environments for two purposes: +- roll out changes to a small subset of all systems first +- module development + + +The following environments exist: +- `prod` - The most stable, and most systems are attached to it. All changes to `prod` have to go through `preprod` first. + +- `preprod` - production test environment + +- Development environments. These are private to a single developer, + can have names matching the regex ``^[a-z]+[a-z,0-9,_]+$`` like ``ganglia_issue_21`` or + ``klog_client``, and are used for developing and testing + changes. Generally, only individual systems are attached to these + environments.