Customer Pacco
This is a special how-to for customers who want do puppet module / profile development. The idea is to need access to as few as possible puppet modules in our GitLab, meaning that the VM won’t get most of the VSHN basic puppet modules, mainly just the customer profile / the profile that wants to be developed on and its dependencies.
There are, of course, things like not purging the Vagrant user, package manger, etc. which we can’t live without.
Setup
-
Install VirtualBox.
-
Install Vagrant (2.x version works well, will also work with old 1.8+ vagrant).
-
Clone pacco to your workstation (latest tag, not master or devel!)
$ git clone git@git.vshn.net:vshn/pacco.gitYou can clone this to any directory you want. The folder doesn’t need to be called "pacco."
-
Create a SSH RSA key WITHOUT a passphrase, and add it in GitLab to your user. Keep this key safe and personal.
-
Don’t share the created puppet master VM, as this key is copied into that VM on provision.
-
Don’t use your normal SSH key with passphrase removed. You need to be able to remove this key from GitLab at anytime.
-
-
Configure the vagrant environment in the
.vagrantuserfile.From here on all command examples are executed inside the pacco folder where you cloned pacco.
.vagrantuserprojectname: 'pacco' # change this, if you use multiple copies of pacco puppetserver_tag: v1.1.0 r10k_repo: git@git.vshn.net:<customer>/pacco-r10k.git # the customer minimal r10k control repo r10k_deploykey: | -----BEGIN RSA PRIVATE KEY----- the key created in step 5 -----END RSA PRIVATE KEY-----We use a per customer r10k control repo here including only public accessible and needed modules from VSHN. ** Currently there is no automatic way to keep module version up to date in this control repository.
-
Clone the special minimal hieradata (VSHN needs to give a customer access to this repo)
$ cd data $ git clone git@git.vshn.net:vshn-puppet/pacco_basic_hieradata.git hieradata -
Start the Puppet master
$ vagrant up masterThis will take a while. Red messages in vagrant output are kind of normal–errors aren’t, though.
-
Clone the puppet environment. It’s a branch in the customer pacco-r10k control repo and should be named
<Customer>Pacco$ vagrant ssh master -- docker-compose -f /vagrant/docker-compose.yaml exec r10k r10k deploy environment <Customer>Pacco -pvThis is a SSH remote execute into the master VM and there an execution of docker-compose inside the r10k container. -
Define your first agent VM. The definition of the VM goes into
data/vmdefinitions.Don’t forget to set the correct environment, the one from step 8.
data/vmdefinitions/agent1.vagrant.dev.yaml--- ## Puppet ENC environment: '<Customer>Pacco' parameters: customer: '<customer>' project: 'localdev' role: 'vagrant' zone: puppet4 location: 'vagrant' ## Vagrant VM definition cores: 1 memory: 512 private_networks: default: type: 'static' ip: '192.168.216.11' auto_config: trueYou can create as many VMs as you want this way. Just make sure they get their own IP address.
-
Start this VM:
$ vagrant up agent1This will also take a while.
-
SSH into your new VM:
$ vagrant ssh agent1 -
Run puppet in agent1:
sudo /opt/puppetlabs/bin/puppet agent -t --server puppet.localspecifying the server as needed, since we don’t use profile_puppet which would configure the server in the puppet config.
Usage
-
You can always add modules or update module versions in your control Repo’s puppetfile and push it, event to master. It’s a per customer pacco only control repo.
-
Write all the hieradata you need in the
data/localhieradata/<vmfqdn>.yamlfile
Known Issues
-
If you get such an error, just re-run provision / puppet. This is a cache issue inside puppet, we didn’t yet find a fix for this:
Error 500 on SERVER: {"message":"Server Error: Evaluation Error: Error while evaluating a Resource Statement, Could not autoload puppet/type/archive: Could not autoload puppet/provider/archive/wget: