I have Vagrant set up and it's using Puppet as the provisioner with Puppet scripts setting up MySQL, PHP, etc. but the Puppet scripts have the hard coded values for passwords, addresses, etc.
I'd like to pull those out and store them in a external file alongside the Vagrantfile (not nested in the Puppet folder).
I thought this is what Hiera was for but cannot make sense of the documentation when trying to solve my problem. Any sugggestions?
I find that this worked example is a pretty good primer on how to use Hiera with Puppet for node specific configuration.
The above example basically has you go from a sites.pp file that looks like:
node "kermit.example.com" {
class { "ntp":
servers => [ '0.us.pool.ntp.org iburst','1.us.pool.ntp.org iburst','2.us.pool.ntp.org iburst','3.us.pool.ntp.org iburst'],
autoupdate => false,
restrict => [],
enable => true,
}
}
node "grover.example.com" {
class { "ntp":
servers => [ 'kermit.example.com','0.us.pool.ntp.org iburst','1.us.pool.ntp.org iburst','2.us.pool.ntp.org iburst'],
autoupdate => true,
restrict => [],
enable => true,
}
}
node "snuffie.example.com", "bigbird.example.com", "hooper.example.com" {
class { "ntp":
servers => [ 'grover.example.com', 'kermit.example.com'],
autoupdate => true,
enable => true,
}
}
To one that simply defines a list of nodes:
hiera_include('classes')
node "kermit.example.com", "grover.example.com", "snuffie.example.com", "bigbird.example.com", "hooper.example.com"
The config is then inherited depending on the hierarchy defined in hiera.yaml. In their example they simply use this:
---
:backends:
- yaml
:yaml:
:datadir: /etc/puppet/hieradata
:hierarchy:
- "node/%{::fqdn}"
- common
Which says to load any YAML config files under /etc/puppet/hieradata/node/%{::fqdn}.yaml (for example, /etc/puppet/hieradata/node/kermit.example.com.yaml) and where needed config options aren't found in this first step then to pull any remaining config data in from /etc/puppet/hieradata/common.yaml.
The YAML files themselves are then defined like:
kermit.example.com.yaml:
---
classes: ntp
ntp::restrict:
-
ntp::autoupdate: false
ntp::enable: true
ntp::servers:
- 0.us.pool.ntp.org iburst
- 1.us.pool.ntp.org iburst
- 2.us.pool.ntp.org iburst
- 3.us.pool.ntp.org iburst
common.yaml:
---
classes: ntp
ntp::autoupdate: true
ntp::enable: true
ntp::servers:
- grover.example.com iburst
- kermit.example.com iburst
Related
Please consider this Codeception configuration file:
actor: IntegrationTester
modules:
enabled:
- WPLoader
config:
WPLoader:
wpRootFolder: '%WP_ROOT_FOLDER%'
dbName: '%INTEGRATION_TEST_DB_NAME%'
dbHost: '%TEST_SITE_DB_HOST%'
dbUser: '%TEST_SITE_DB_USER%'
dbPassword: '%TEST_SITE_DB_PASSWORD%'
plugins: [
"PLUGIN-A/PLUGIN-A.php",
"PLUGIN-B/PLUGIN-B.php"
]
activatePlugins: [
"PLUGIN-A/PLUGIN-A.php",
"PLUGIN-B/PLUGIN-B.php"
]
env:
PLUGIN_B_OFF:
modules:
config:
WPLoader:
plugins: [
"PLUGIN-A/PLUGIN-A.php"
]
activatePlugins: [
"PLUGIN-A/PLUGIN-A.php"
]
What I'm trying to achieve is to only have PLUGIN A active when running tests in the PLUGIN_B_OFF env; however, Codeception merges the plugins and activatePlugins values, so the end result is that PLUGIN B is still active, even in the PLUGIN_B_OFF env.
Is there any way that I can tell Codeception to override the plugins and activatePlugins values from the env section, rather than merging them with those in the previous section?
I am trying to install nginx from source , My requirement is to install specific version of nginx i.e., 1.16.1 because of which i am downloading from source.
After running installNginx.rb , i see nginx.conf file got updated with default nginx configs , but nginx -v says command not found.
below is my configuration -
installNginx.rb
include_recipe 'nginx::source'
begin
t = resources(:template => 'nginx.conf')
t.source 'nginx.conf'
t.cookbook 'my_nginx'
rescue Chef::Exceptions::ResourceNotFound
Chef::Log.warn "Could not find template nginx.conf to modify"
end
service 'nginx' do
action :restart
end
attributes/Source.rb
node.default['nginx']['source']['version'] = '1.16.1'
node.default['nginx']['source']['url'] = 'http://nginx.org/download/nginx-1.16.1.tar.gz'
node.default['nginx']['source']['checksum'] = 'f11c2a6dd1d3515736f0324857957db2de98be862461b5a542a3ac6188dbe32b'
metadata.rb
depends 'nginx'
After analysing what I observed on cookbook logs is: The source version I gave is 1.16.1 but for some reason, the nginx::source recipe is pulling in 1.12.1 and nginx is not starting
"nginx": {
"version": "1.12.1",
"package_name": "nginx",
"port": "80",
"dir": "/etc/nginx",
"script_dir": "/usr/sbin",
"log_dir": "/var/log/nginx",
"log_dir_perm": "0750",
"binary": "/opt/nginx-1.12.1/sbin/nginx",
"default_root": "/var/www/nginx-default",
"ulimit": "1024",
"cleanup_runit": true,
"repo_source": "nginx",
"install_method": "package",
"user": "webadmin",
"upstart": {
"runlevels": "2345",
"respawn_limit": null,
"foreground": true
}
"init_style": "init",
"source": {
"version": "1.16.1",
"prefix": "/opt/nginx-1.12.1",
"conf_path": "/etc/nginx/nginx.conf",
"sbin_path": "/opt/nginx-1.12.1/sbin/nginx",
"default_configure_flags": [
"--prefix=/opt/nginx-1.12.1",
"--conf-path=/etc/nginx/nginx.conf",
"--sbin-path=/opt/nginx-1.12.1/sbin/nginx",
"--with-cc-opt=-Wno-error"
],
"url": "http://nginx.org/download/nginx-1.16.1.tar.gz",
"checksum": "f11c2a6dd1d3515736f0324857957db2de98be862461b5a542a3ac6188dbe32b",
"modules": [
"nginx::http_ssl_module",
"nginx::http_gzip_static_module"
],
INFO: remote_file[nginx source] created file /var/chef/runs/58bffee4-b5aa-4632-97cd-0eeacc4ebd4c/local-mode-cache/cache/nginx-1.16.1.tar.gz
INFO: remote_file[nginx source] updated file contents /var/chef/runs/58bffee4-b5aa-4632-97cd-0eeacc4ebd4c/local-mode-cache/cache/nginx-1.16.1.tar.gz
I am unable to figure out where the issue is, any help is appreciated.
The attributes file in the nginx cookbook refers to the default version in multiple places. For example, it uses the default version to define the directory where nginx is installed to as well as download URL for the nginx sources as
default['nginx']['source']['prefix'] = "/opt/nginx-#{node['nginx']['source']['version']}"
default['nginx']['source']['url'] = "http://nginx.org/download/nginx-#{node['nginx']['source']['version']}.tar.gz"
Thus, if you later update the version attribute in your own cookbook, the download URL will not automatically be updated with the new version since it has no reference to it anymore.
To resolve this, you have two options
You can manually set all related attributes in your cookbook. This is likely error-prone and may lead to inconsistencies as you have seen.
You can reload the default nginx attributes file after having set the overridden attributes. This can look like this in your attributes file:
override['nginx']['version'] = '1.16.1'
override['nginx']['source']['checksum'] = 'f11c2a6dd1d3515736f0324857957db2de98be862461b5a542a3ac6188dbe32b'
# Reload nginx::source attributes with our updated version
node.from_file(run_context.resolve_attribute('nginx', 'source'))
Note that the nginx cookbook maintains two nginx versions: node['nginx']['version'] and node['nginx']['source']['version'], with the latter value being set to the former value by default.
In your ohai output, you have only seen the node['nginx']['version'] attribute (which you have not overridden).
By overriding this attribute and reloading the attributes/source.rb file as shown about, things should be consistent again.
I'm trying to set up a chef recipe for automatic deployment of my app over ssl with tomcat chef cookbook.
It works fine without ssl, but when I try to set the attributes for ssl support I'm getting error:
undefined method `truststore_password' for Custom resource tomcat_instance from cookbook tomcat.
My role:
name "myapp"
override_attributes ({
"java" => {
"jdk_version"=> "6"
},
"oracle" => {
"accept_oracle_download_terms" => true
},
"tomcat" => {
"base_version" => 7,
"java_options" => "${JAVA_OPTS} -Xmx128M -Djava.awt.headless=true",
"secure" => true,
"client_auth" => true,
"scheme" => "https",
"ssl_enabled_protocols" => "TLSv1",
"keystore_password" => "mypass",
"truststore_password" => "mypass",
"ciphers" => "SSL_RSA_WITH_RC4_128_SHA",
"keystore_file" => "/etc/tomcat7/client.jks",
"truststore_file" => "/etc/tomcat7/cert.jks"
}
})
run_list "recipe[java]", "recipe[tomcat]"
Maybe I'm missing something, because I can't find any good tutorials on how to do this I'm also using chef-solo with vagrant.
If you look at the Tomcat cookbook documentation, you will see the following regarding the truststore_password attribute:
node['tomcat']['truststore_password'] - Generated by the secure_password method from the
openssl cookbook; if you are using Chef Solo,
set this attribute on the node
Perhaps this means that you can not set the attribute in your role definition whilst using Chef Solo, and you have to manually add it to the node attributes JSON file.
How should I set up my settings.py file for Django on EC2 Elastic Beanstalk to use a Postgres RDS ?
These docs only give the settings.py for MySQL.
You will probably just need to change the engine setting in your databases object. you will need to install psycopg2 to your environment. Here is what mine looks like. just fill in your db's info.
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql_psycopg2', # Add 'postgresql_psycopg2', 'postgresql', 'mysql', 'sqlite3' or 'oracle'.
'NAME': '', # Or path to database file if using sqlite3.
'USER': '', # Not used with sqlite3.
'PASSWORD': '', # Not used with sqlite3.
'HOST': '', # Set to empty string for localhost. Not used with sqlite3.
'PORT': '', # Set to empty string for default. Not used with sqlite3.
}
}
Use psycopg2, and use environment variables (made available for you within Elastic Beanstalk):
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql_psycopg2',
'NAME': os.environ['RDS_DB_NAME'],
'USER': os.environ['RDS_USERNAME'],
'PASSWORD': os.environ['RDS_PASSWORD'],
'HOST': os.environ['RDS_HOSTNAME'],
'PORT': os.environ['RDS_PORT'],
}
}
You'll need to include psycopg2 in a pip requirements.txt file (made using pip freeze > requirements.txt) and likely also install a Postgres dependency, postgresql-devel, by including the following in an .ebextensions/package.config file (the filename doesn't have to be packages.config, that's just what I use):
packages:
yum:
postgresql-devel: []
I am developing puppet manifests for provisioning a VM through Vagrant. I am also new to puppet. While trying to use puppetlabs/apt module, I am encountering problems:
# manifests/default.pp (with commented lines removed)
import "stdlib"
import "apt"
class { 'apt':
always_apt_update => false,
disable_keys => undef,
proxy_host => false,
proxy_port => '8080',
purge_sources_list => false,
purge_sources_list_d => false,
purge_preferences_d => false
}
apt::release { "sid":}
This is the error message:
Puppet::Parser::AST::Resource failed with error ArgumentError:
Invalid resource type apt::release at /tmp/vagrant-puppet/manifests/default.pp:18
on node vmas1.dokeda.lt
I have been reading puppet docs; however, it hasn't helped. Could someone explain to me how to properly use this module?
I think the README incorrectly implies that apt::release is a define or type, when in fact the source code shows it's a class.
Instead, try calling it like this:
class { 'apt::release':
release_id => 'sid',
}
Also be sure not to use "import" but instead use "include".
Import is deprecated in more recent versions of puppet.