Como inicializar o puppetmaster no lxc no Ubuntu?

0

A instalação do mestre de bonecos no Ubuntu sempre foi uma questão de sorte e muita paciência para mim - há muitas coisas aparentemente não relacionadas a fazer, que precisam ser feitas na ordem precisa, muitas combinações e mudanças no comportamento do software. . Então eu configurei para escrever um script de bootstrapping, que um dia seria capaz de automatizar essa tarefa. Eu compartilho isso aqui na esperança de que, com a ajuda de vocês, será um bom ponto de partida para muitos iniciantes.

Entrada:

  • Nome do contêiner lxc ( puppetmaster )
  • Nome da base de código do Ubuntu (isto é, se é preciso, picante ou confiável) mycodename .
  • Nome de domínio totalmente qualificado para o puppetmaster ( puppetmasterfqdn )
  • Usuário usado para operar o boneco na máquina; ele também é proprietário do /etc/puppet ( puppetuser )
  • Localização do repositório git externo. Ele será clonado no contêiner lxc. %código%
  • Localização da chave ssh pública usada para login ( gitlocation )
  • Endereço IP estático do contêiner, preferencialmente dentro da rede privada do lxc ( puppetauth )
  • Gateway para o lxc. Ele pode ser configurado automaticamente com base na configuração lxc padrão, mas tenho muito preguiça de gravar a automação em torno dele ( puppetip )

Recursos:

  • Instala o suporte do contêiner puppetgetewayip no host
  • Instala o template do Ubuntu (o codinome pode ser personalizado)
  • instala a chave ssh do usuário na máquina
  • instala o puppetmaster com suporte a puppetdb (para configurações armazenadas)
  • define o endereço IP fixo.
  • conecta o repositório git externo de fantoches com o contêiner

O roteiro é escrito em um espírito de marionete, ou seja, garante que determinadas propriedades do sistema sejam definidas, ignorando ações se já estiverem definidas. Por isso, pode ser executado quantas vezes forem necessárias.

Como um bônus adicional, ele também ajusta o nome do usuário do padrão 'ubuntu'

    
por Adam Ryczkowski 05.04.2014 / 10:10

1 resposta

1

O script:

#!/bin/bash

puppetmaster=puppetmaster
puppetmasterfqdn=puppetmaster.fqdn.name
puppetuser=adam
gitlocation=/home/puppet.git
puppetauth='cat ~/.ssh/id_rsa.pub'
puppetip='10.0.3.90'
puppetgetewayip='10.0.3.1'

#mycodename='lsb_release -c | perl -pe 's/^Codename:\s*(.*)$/$1/''
mycodename=saucy

######################################

mydir="/var/lib/lxc/$puppetmaster/rootfs"


#lxc installation

sudo dpkg -s lxc>/dev/null
if [ $? -eq 0 ]; then
    echo "lxc already installed!"
else
    sudo apt-get --yes install lxc
fi


#Container creation

sudo lxc-ls | grep $puppetmaster >/dev/null

if [ $? -eq 0 ]; then
    echo "Container '$puppetmaster' already created!"
else
    sudo lxc-create -t ubuntu -n $puppetmaster -- -r $mycodename
fi


#Container's hostname

sudo grep $puppetmasterfqdn $mydir/etc/hostname >/dev/null
if [ $? -eq 0 ]; then
    echo "Puppet master's name is correctly set to FQDN!"
else
    echo $puppetmasterfqdn | sudo tee $mydir/etc/hostname >/dev/null
fi

host='sudo grep -E ^127\.0\.1\.1 $mydir/etc/hosts'
if [ $? -eq 0 ]; then
    echo $host | grep "$puppetmasterfqdn" >/dev/null
    if [ $? -eq 0 ]; then
        echo "Puppet master's name is correctly set in hosts!"
    else
        sudo sed -i.old "s/^127\.0\.1\.1\s*/127.0.1.1 $puppetmasterfqdn /" $mydir/etc/hosts
    fi
else
    echo "127.0.1.1\t$puppetmasterfqdn" | sudo tee -a $mydir/etc/hosts >/dev/null
fi


#Montowanie puppet.git

sudo mkdir -p $mydir/mnt/puppet.git
sudo grep rootfs/mnt/puppet.git $mydir/../fstab >/dev/null
if [ $? -eq 0 ]; then
    echo "Puppet git repository is already mounted!"
else
    echo "$gitlocation $mydir/mnt/puppet.git none bind 0 0" | sudo tee -a $mydir/../fstab  >/dev/null
    sudo lxc-info -n $puppetmaster |grep RUNNING >/dev/null
    if [ $? -eq 0 ]; then
        sudo lxc-stop -n $puppetmaster
    fi
fi



#Network setup
sudo grep $puppetip $mydir/etc/network/interfaces >/dev/null
if [ $? -eq 0 ]; then
    echo "Static ip on the container is already set!"
else
    sudo sed -i "iface eth0 inet dhcp/iface eth0 inet static \naddress $puppetip\nnetmask 255.255.255.0\ngateway $puppetgetewayip/" $mydir/etc/network/interfaces
fi



#Container startup

sudo lxc-info -n $puppetmaster |grep RUNNING >/dev/null
if [ $? -eq 0 ]; then
    echo "Container is '$puppetmaster' already running!"
else
    sudo lxc-start -d -n $puppetmaster
    sleep 5
fi


#Learning the assigned dynamic IP. Static IP will be assigned later.

myip='sudo lxc-info -n $puppetmaster -i | grep -oE "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}"'
echo "puppetmaster IP = $myip"


#Preparing the puppet's configuration bare repository for cross-container mount

mount | grep $gitlocation >/dev/null
if [ $? -eq 0 ]; then
    echo "Mount point '$gitlocation' is already declared"
else
    sudo mount --bind $gitlocation $gitlocation
    sudo mount --make-unbindable $gitlocation $gitlocation
    sudo mount --make-shared $gitlocation $gitlocation
fi


#Puppet release.deb

if sudo [ -f $mydir/tmp/puppetdeb.deb ]; then
    echo "Puppet release deb already exists!"
else
    sudo wget -O $mydir/tmp/puppetdeb.deb http://apt.puppetlabs.com/puppetlabs-release-$mycodename.deb
fi


#Second stage script

sudo tee $mydir/tmp/bootstrap-puppetmaster-insider.sh >/dev/null <<EOT
#!/bin/bash

getent passwd $puppetuser >/dev/null
if [ \$? -eq 0 ]; then
    echo "user $puppetuser already exists"
else
    usermod -l $puppetuser -d /home/$puppetuser ubuntu
    groupmod -n $puppetuser ubuntu
    sudo mv /home/ubuntu /home/adam
fi

if [ -d /home/$puppetuser/.ssh ]; then
    echo "'.ssh' folder already exists"
    sudo chown $puppetuser:$puppetuser /home/$puppetuser/.ssh
else
    sudo mkdir -p /home/$puppetuser/.ssh
    sudo chown $puppetuser:$puppetuser /home/$puppetuser/.ssh
    sudo chmod 0700 /home/$puppetuser/.ssh
fi

id $puppetuser | grep sudo >/dev/null
if [ \$? -eq 0 ]; then
    echo "user $puppetuser already is a sudoer"
else
    sudo usermod -a -G sudo $puppetuser
fi


if [ -f /home/$puppetuser/.ssh/authorized_keys ]; then
    echo "File .ssh/authorized_keys already exists"
else
    sudo -u $puppetuser touch /home/$puppetuser/.ssh/authorized_keys
fi

sudo grep "$puppetauth" /home/$puppetuser/.ssh/authorized_keys >/dev/null

if [ \$? -eq 0 ]; then
    echo "proper key in authorized_keys already present"
else
    echo $puppetauth | sudo -u $puppetuser tee /home/$puppetuser/.ssh/authorized_keys >/dev/null
fi

sudo dpkg -s puppetlabs-release>/dev/null
if [ \$? -eq 0 ]; then
    echo "puppetlabs-release is already installed!"
else
    sudo dpkg -i /tmp/puppetdeb.deb
fi

sudo dpkg -s puppetmaster>/dev/null
if [ \$? -eq 0 ]; then
    echo "puppetlabsmaster is already installed!"
else
    sudo apt-get update
    sudo apt-get --yes install puppetmaster
fi

sudo dpkg -s git>/dev/null
if [ \$? -eq 0 ]; then
    echo "git already installed!"
else
    sudo apt-get --yes install git
    sudo -u $puppetuser git config --global push.default simple
fi


sudo puppet module list|grep  puppetlabs-puppetdb>/dev/null
if [ \$? -eq 0 ]; then
    echo "PuppetDB module already installed!"
else
    sudo puppet module install puppetlabs-puppetdb
fi

sudo puppet agent --test --server $puppetmasterfqdn

sudo puppet apply /tmp/puppetdb.pp

if [ -d /etc/puppet/.git ]; then
    echo "Git repository is already clonned!"
else
    if [ -d /etc/puppet.old ]; then
        sudo rm -r /etc/puppet.old
    fi
    sudo mv /etc/puppet /etc/puppet.old
    user='whoami'
    sudo git clone /mnt/puppet.git /etc/puppet
    sudo chown -R $puppetuser:$puppetuser /etc/puppet
fi

grep "export LANG=C.UTF-8" /etc/default/puppetmaster >/dev/null
if [ \$? -eq 0 ]; then
    echo "UTF-8 is properly set"
else
    echo "export LANG=C.UTF-8" | sudo tee -a /etc/default/puppetmaster
    sudo service puppetmaster restart
fi

sudo chown -R $puppetuser:$puppetuser /home/$puppetuser

EOT

sudo tee $mydir/tmp/puppetdb.pp >/dev/null <<'EOT'
node puppetmaster {
  # Configure puppetdb and its underlying database
  class { 'puppetdb': database => 'embedded'}
  # Configure the puppet master to use puppetdb
  class { 'puppetdb::master::config': }
}
EOT

sudo chmod +x $mydir/tmp/bootstrap-puppetmaster-insider.sh


# Disabling use of DNS on ssh

sudo lxc-attach -n $puppetmaster -- bash -x "/tmp/bootstrap-puppetmaster-insider.sh"

tmp=$(sudo grep -E '^UseDNS' $mydir/etc/ssh/sshd_config)
if [ $? -eq 0 ]; then
    echo $tmp | grep UseDNS >/dev/null
    if [ $? -eq 0 ]; then
        echo "Puppet master's sshd is correctly configured to skip reverse DNS!"
    else
        sudo sed -i.old "s/^\s*UseDNS\s*.*$/UseDNS no/" $mydir/etc/ssh/sshd_config
    fi
else
    echo "UseDNS no" | sudo tee -a $mydir/etc/ssh/sshd_config >/dev/null
    sudo lxc-attach -n $puppetmaster -- service ssh restart
fi


tmp=$(sudo grep -E '^iface eth0 inet dhcp$' $mydir/etc/network/interfaces)
if [ $? -eq 0 ]; then
    sudo sed -i.old "s/iface eth0 inet dhcp/iface eth0 inet static\naddress $puppetip \nnetmask 255.255.255.0 \ngateway $puppetgetewayip/" $mydir/etc/network/interfaces
else
    tmp=$(sudo grep -E '^iface eth0 inet static$' $mydir/etc/ssh/sshd_config)
    if [ $? -eq 0 ]; then
        echo "Networking is already configured with static IP on $puppetmaster!"
    else
        echo "### Cannot configure static IP on $puppetmaster! Please configure networking manually."
    fi
fi

tmp=$(sudo grep -E '^iface eth0 inet static$' $mydir/etc/ssh/sshd_config)


echo "puppetmaster IP = $myip"
    
por Adam Ryczkowski 05.04.2014 / 10:10