canmove, Confirmed users
1,394
edits
No edit summary |
No edit summary |
||
Line 13: | Line 13: | ||
The puppet configuration includes 'node_name = cert' and 'strict_host_checking = true' to ensure that a host can only get manifests for the hostname in its certificate (which the deployment system gets from DNS). | The puppet configuration includes 'node_name = cert' and 'strict_host_checking = true' to ensure that a host can only get manifests for the hostname in its certificate (which the deployment system gets from DNS). | ||
== | == Hostnames == | ||
The closest master is available at the unqualified | The closest master is available at the unqualified hostnames <tt>puppet</tt> and <tt>repos</tt> (assuming the DNS search path is set correctly), on ports 8140 (puppet), 80 (http), and 443 (https). The http/https URI space looks like this: | ||
* /repos | * /repos | ||
Line 21: | Line 21: | ||
* /deploy (HTTPS only) | * /deploy (HTTPS only) | ||
** deployment CGI script | ** deployment CGI script | ||
== Repos == | |||
Each puppet master hosts a collection of RPM repositories under <tt>/yum</tt>. These repositories do *not* automatically update, but can be updated by hand as desired. The respositories should be accessed with the <tt>repos</tt> hostname, rather than <tt>puppet</tt>, to allow a later segregation of these two functions. | |||
See [[ReleaseEngineering/PuppetAgain/Repositories]] for more detail. | |||
== Environments == | == Environments == | ||
For each of the members of release engineering, an environment is set up with e.g., | For each of the members of release engineering, an environment is set up with e.g., | ||
[jford] | [jford] | ||
modulepath = /etc/puppet/environments/jford/env/modules | modulepath = /etc/puppet/environments/jford/env/modules | ||
templatedir = /etc/puppet/environments/jford/env/templates | templatedir = /etc/puppet/environments/jford/env/templates | ||
manifestdir = /etc/puppet/environments/jford/env/manifests | manifestdir = /etc/puppet/environments/jford/env/manifests | ||
manifest = $manifestdir/site.pp | manifest = $manifestdir/site.pp | ||
and per-user logins are enabled. A clone of the hg library at this location, along with any necessary secrets and settings, can be used to test and develop changes to puppet. | and per-user logins are enabled. A clone of the hg library at this location, along with any necessary secrets and settings, can be used to test and develop changes to puppet. | ||
Releng | Releng users will all have sudo access on the puppet masters, allowing them to diagnose and solve any small issues that come up without depending on IT, although IT is happy to help (and will be required for any changes to the sysadmins puppet configs). | ||
== Cert Signing == | == Cert Signing == |