Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Puppet (apply) provisioning plugin #629

Merged
merged 29 commits into from
Feb 8, 2019
Merged

Puppet (apply) provisioning plugin #629

merged 29 commits into from
Feb 8, 2019

Conversation

igalic
Copy link
Collaborator

@igalic igalic commented Feb 3, 2019

This patch introduces Puppet (apply) as provisioning method, addressing #625

So far the design requires a (unique) name, a source (the control-repo) and an optional list of packages to be pre-installed.
By default that List of packages is puppet6, and if the source is a git repo, rubygem-r10k.

To begin the provisioning, we

  • install puppet
  • optionall install r10k
  • (optionally) clone the control repo
  • mount the control-repo
  • (optionally, if the repo was cloned) run r10k
  • run puppet

we could also consider to run puppet more than once, to guarantee idempotence.

igalic
igalic commented Feb 3, 2019
View reviewed changes
Copy link
Collaborator Author

@igalic igalic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

😻

libioc/Provisioning/__init__.py Show resolved Hide resolved
libioc/Provisioning/puppet.py Outdated
self.url = url
self.name = name

_pkgs = ['puppet6'] # make this a Global Varialbe
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we can make the 6 a provisioning.puppet.version=6 default.

libioc/Provisioning/puppet.py Outdated Show resolved Hide resolved
libioc/ZFS.py Outdated Show resolved Hide resolved
gronke
gronke requested changes Feb 3, 2019
View reviewed changes
libioc/Provisioning/puppet.py Outdated Show resolved Hide resolved
igalic
igalic commented Feb 3, 2019
View reviewed changes
Copy link
Collaborator Author

@igalic igalic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

help with nomenclature please

libioc/Provisioning/puppet.py Outdated Show resolved Hide resolved
@igalic igalic force-pushed the feat/provision-puppet branch 4 times, most recently from 1669aa9 to 43fd53a Compare February 4, 2019 22:25
igalic
igalic commented Feb 4, 2019
View reviewed changes
Copy link
Collaborator Author

@igalic igalic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there's a lot of potential here

libioc/Provisioning/puppet.py Outdated Show resolved Hide resolved
libioc/Provisioning/puppet.py Outdated Show resolved Hide resolved
libioc/Provisioning/puppet.py Outdated Show resolved Hide resolved
igalic
igalic commented Feb 5, 2019
View reviewed changes
Copy link
Collaborator Author

@igalic igalic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👀

libioc/Provisioning/puppet.py Outdated Show resolved Hide resolved
igalic
igalic commented Feb 5, 2019
View reviewed changes
Copy link
Collaborator Author

@igalic igalic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

provisioning plugins: dedicated dataset for caching / sharing.

libioc/Provisioning/puppet.py Show resolved Hide resolved
igalic
igalic commented Feb 5, 2019
View reviewed changes
Copy link
Collaborator Author

@igalic igalic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👀

libioc/Provisioning/puppet.py Outdated Show resolved Hide resolved
libioc/Provisioning/puppet.py Outdated Show resolved Hide resolved
igalic
igalic commented Feb 5, 2019
View reviewed changes
Copy link
Collaborator Author

@igalic igalic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

provisioning.name has been re-removed.

libioc/Config/Jail/Defaults.py Outdated Show resolved Hide resolved
libioc/Provisioning/__init__.py Outdated Show resolved Hide resolved
igalic
igalic commented Feb 5, 2019
View reviewed changes
Copy link
Collaborator Author

@igalic igalic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

local control-repo no longer works.

libioc/Provisioning/puppet.py Outdated Show resolved Hide resolved
@gronke
Copy link
Member

gronke commented Feb 7, 2019

@igalic we still have to test remote repositories. Also it would be nice to provide authentication information for remote sources. Any ideas?

igalic
igalic commented Feb 7, 2019
View reviewed changes
Copy link
Collaborator Author

@igalic igalic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👀

libioc/Config/Jail/File/Fstab.py
filepath=path,
resource=self.jail
)
self.jail._require_relative_path(path)
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a method so important for security could be made public…

libioc/Config/Jail/File/__init__.py Show resolved Hide resolved
libioc/Jail.py Show resolved Hide resolved
libioc/Provisioning/__init__.py Show resolved Hide resolved
libioc/Provisioning/__init__.py Show resolved Hide resolved
libioc/Provisioning/puppet.py Outdated Show resolved Hide resolved
libioc/Provisioning/puppet.py Outdated Show resolved Hide resolved
libioc/Provisioning/puppet.py Show resolved Hide resolved
@igalic
Copy link
Collaborator Author

igalic commented Feb 7, 2019

@gronke wrote:

@igalic we still have to test remote repositories. Also it would be nice to provide authentication information for remote sources. Any ideas?

so, right now, the repo i'm using is on gitlab and is only accessible with the correct SSH keys

however, it has no secretes and i could expose it publicly

as for authentication:

the easiest way would be to mount an (root's?) ~/.ssh/?
It would also be nice if this could happen temporarily — i.e.: only during provisioning.

@gronke
Copy link
Member

gronke commented Feb 7, 2019

the easiest way would be to mount an (root's?) ~/.ssh/?

Nein! We need proper key management to allow authenticated sources. How about an .ssh directory in a jails dataset (next to the config.json file) and the provisioning.key=gronke with .ssh/gronke and .ssh/gronke.pub as the key files.

igalic and others added 5 commits February 8, 2019 13:32
@igalic
crude design attempt for a puppet-apply provisioning plugin
030aedd 
this is mostly copied from the iX plugin and renames / removes a bunch of things
we don't need.
There's still a lot of confusion wrt the naming.
We also need to generalize the plugin so we'll be able to work with both `puppet
apply` and `puppet agent`
@igalic
remove iocage (c) from copy/pasted code
e15d43e
@gronke @igalic
add puppet to available provisioning modules
b979db8
@gronke @igalic
break cli example in puppet provisioner in multiple lines
4cb9e05
@igalic
pkgs is a property and needs to be accessed by .
c5063d6 
address review by @gronke
igalic and others added 24 commits February 8, 2019 13:32
@igalic
be consistent with naming: use pluginDefinition as variable name
312ed37 
regardless of what type of plugin it was created from
@igalic
add local & remote property to our plugin definition
0ea62f4 
use these for generate_postscript
which, so far, is still just a hollow ghost.
@igalic
puppet: use persistent dataset
c6a45c5
@igalic
remove unused copy/pasted function
3e925a3
@igalic
only clone the repo if it doesnt already exist
8fa883d 
let r10k handle the rest!
and, to let r10k handle the rest, we need to mount the dataset as rw
@igalic
only mount plugin dataset as rw when it needs to be rw
ca19958
@igalic
write postinstall (provisioning) script
5a266d1
@igalic
fix flake8 warnings
35359c7
@gronke @igalic
fix scope and name in puppet provisioning
e19087f
@gronke @igalic
puppet provisioning uses urllib.parse
f48a1b5
@igalic
rename url to source and allow it to be AbsolutePath
87e3a43 
This fixes a regression with previous functionality!
@igalic
add --debug to puppet, libioc will filter it out anyway
010047c
@gronke @igalic
correct puppet provisioner url to source property
12f538a
@gronke @igalic
use interpolation for used variables
0b22678
@gronke @igalic
raise correct ValueError instead of TypeError in Types.AbsolutePath a…
8c946e5 
…nd Types.Path
@gronke @igalic
move path validation methods from config to Resource
c6ec4e9
@gronke @igalic
ToDo: remove unused jailed argument
b98a7d9
@gronke @igalic
docstring on JailGenerator._ensure_script_dir
c671d88
@igalic
refactor Provisioning
c14904f
@igalic
set /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/roo…
5adbb3b 
…t/bin globally in Jail.env
@igalic
fix typo in variable name in Fstab.insert
d56ca12
@igalic
puppet: fix for remote sources
4d5ae50 
- do *not* git clone the control repo
- instead, let r10k do the work
- do do so, install git(-lite)

Finally, fix r10k's config location (create dir), name (yml -> yaml), and
content (indentation)
@igalic
Better documentation! for provisioning.method=puppet
ad97934
@igalic
fix flake8 complaints
a0f8d2a
@gronke gronke merged commit a0f8d2a into bsdci:master Feb 8, 2019
@igalic igalic deleted the feat/provision-puppet branch February 8, 2019 12:50
@igalic igalic mentioned this pull request Feb 8, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gronke gronke gronke approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@igalic @gronke