From f0d3f994d50d893d627f8c662167f87733e79a84 Mon Sep 17 00:00:00 2001 From: ebner Date: Wed, 7 Aug 2024 16:58:05 +0200 Subject: [PATCH] cleanup --- infrastructure-guide/puppet_server.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/infrastructure-guide/puppet_server.md b/infrastructure-guide/puppet_server.md index 0b83e7c3..f67b43bb 100644 --- a/infrastructure-guide/puppet_server.md +++ b/infrastructure-guide/puppet_server.md @@ -13,7 +13,7 @@ Other optional environments can be arbitrarily created and immediately used unde At https://puppet01.psi.ch/ , a small web app to delete server side certificates is made available. The authentication uses LDAP against the AD, but access rights are granted from the /etc/httpd/conf.d/ssl.conf -# Branches +## Branches You can create a branch to develop new code from the master branch of the puppet repository. To test the code, a directory with the same name as the branch can be created at puppet01:/srv/puppet/code/dev/envs/ . Upon creating the directory, preprod gets rsynced in here. If the branch alrady exists and if it's to be pulled, that can be done via the command: @@ -27,11 +27,11 @@ This can then be tested on any controlled host by running: puppet agent -t --environment=xyz ``` -# Merge Process +## Merge Process Merge meetings are usually held weekly. To record the meeting a https://git.psi.ch/linux-infra/org/wikis/meeting_reports/YYYY-MM-DD page is to be created based on the https://git.psi.ch/linux-infra/org/wikis/merge-meeting-guidelines template. -# Modules +## Modules The modules, which are not part of the base repo are to be pulled into /srv/puppet/code/dev/envs/(pre)prod/code/modules/ @@ -47,13 +47,13 @@ The solution is to always run librarian with the lock file removed: This way the latest commit will be pulled for all incorrectly defined modules. -# Hiera / data-xxx +## Hiera / data-xxx The data-xxx repositories have a webhook configured that points to http://puppet01.psi.ch/events/dataupdate The triggered webhook code can be found on puppet01 at /var/www/webhook/app/webhook.py This webhook checks out the data repositories in /srv/puppet/data -# PuppetDB +## PuppetDB To be able to talk to the PuppetDB we need a (client) certificate (including the key) accepted by the Puppet server for authentication. On Puppet-enabled nodes the node's certificate works, i.e.: @@ -74,7 +74,7 @@ There are several API endpoints that can be queried, e.g. `/pdb/query/v4` (note `/` at the end), or `/pdb/query/v4/nodes`. -## Examples +### Examples ```bash # define a function to simplify the queries