forked from Puppet-Finland/terraform-aws_instance_wrapper
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathwrite-scripts.cfg
231 lines (205 loc) · 8.71 KB
/
write-scripts.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
#cloud-config
write_files:
- path: /var/cache/set-hostname.sh
owner: root:root
permissions: '0755'
content: |
#!/bin/sh
#
# Exit on any error
set -e
HOSTNAME=$1
if [ "${HOSTNAME}" = "" ]; then
echo "NOTICE: Hostname not defined, will not modify the hostname"
exit 0
fi
hostnamectl set-hostname $1
- path: /var/cache/add-puppetmaster-to-etc-hosts.sh
owner: root:root
permissions: '0755'
content: |
#!/bin/sh
#
# Exit on any error
set -e
PUPPETMASTER_IP=$1
if [ "${PUPPETMASTER_IP}" = "" ]; then
echo "NOTICE: Puppetmaster IP not defined, will not modify /etc/hosts"
exit 0
fi
export PATH=$PATH:/bin:/sbin:/usr/bin:/usr/sbin:/opt/puppetlabs/bin:/opt/puppetlabs/puppet/bin
echo ${PUPPETMASTER_IP} puppet >> /etc/hosts
- path: /var/cache/add-deployment-fact.sh
owner: root:root
permissions: '0755'
content: |
#!/bin/sh
#
# Exit on any error
set -e
DEPLOYMENT=$1
if [ "${DEPLOYMENT}" = "" ]; then
echo "NOTICE: Deployment not defined, will not add the fact"
exit 0
fi
export PATH=$PATH:/bin:/sbin:/usr/bin:/usr/sbin:/opt/puppetlabs/bin:/opt/puppetlabs/puppet/bin
mkdir -p /etc/facter/facts.d
chown -R root:root /etc/facter
echo "deployment: ${DEPLOYMENT}" > /etc/facter/facts.d/deployment.yaml
- path: /var/cache/install-puppet.sh
owner: root:root
permissions: '0755'
content: |
#!/bin/sh
#
# Exit on any error
set -e
usage() {
echo "Usage: install-puppet.sh [-n <hostname>] [-e <puppet env>] [-p <puppet version>] [-s] [-h]"
echo
echo "Options:"
echo " -n hostname to set (default: do not set hostname)"
echo " -e puppet agent environment (default: production)"
echo " -p puppet version: 6 (default) or 7"
echo " -s enable and start puppet agent (default: no)"
echo " -h show this help"
echo
exit 2
}
# Default settings
HOST_NAME="false"
PUPPET_ENV="production"
PUPPET_VERSION="6"
START_AGENT="false"
while getopts 'n:e:p:sh' arg
do
case $arg in
n) HOST_NAME=$OPTARG ;;
e) PUPPET_ENV=$OPTARG ;;
p) PUPPET_VERSION=$OPTARG ;;
s) START_AGENT="true" ;;
h) usage ;;
esac
done
export PATH=$PATH:/bin:/sbin:/usr/bin:/usr/sbin:/opt/puppetlabs/bin:/opt/puppetlabs/puppet/bin
CWD=`pwd`
set_hostname() {
hostnamectl set-hostname $1
}
detect_osfamily() {
if [ -f /etc/redhat-release ]; then
OSFAMILY='redhat'
RELEASE=$(cat /etc/redhat-release)
if [ "`echo $RELEASE | grep -E 7\.[0-9]+`" ]; then
REDHAT_VERSION="7"
REDHAT_RELEASE="el-7"
elif [ "`echo $RELEASE | grep -E 8\.[0-9]+`" ]; then
REDHAT_VERSION="8"
REDHAT_RELEASE="el-8"
elif [ "`echo $RELEASE | grep "(Thirty)"`" ]; then
REDHAT_VERSION="30"
# Puppetlabs does not have Fedora 30 packages yet
REDHAT_RELEASE="fedora-29"
else
echo "Unsupported Redhat/Centos/Fedora version. RedHat/CentOS 7-8 and Fedora 30 are supported."
exit 1
fi
elif [ "`lsb_release -d | grep -E '(Ubuntu|Debian)'`" ]; then
OSFAMILY='debian'
DESCR="$(lsb_release -d | awk '{ print $2}')"
if [ `echo $DESCR|grep Ubuntu` ]; then
UBUNTU_VERSION="$(lsb_release -c | awk '{ print $2}')"
elif [ `echo $DESCR|grep Debian` ]; then
DEBIAN_VERSION="$(lsb_release -c | awk '{ print $2}')"
else
echo "Unsupported Debian family operating system. Supported are Debian and Ubuntu"
exit 1
fi
else
echo "ERROR: unsupported osfamily. Supported are Debian and RedHat"
exit 1
fi
}
install_dependencies() {
# Ensure that facts such as $::lsbdistcodename are available for Puppet
if [ -f /etc/redhat-release ]; then
yum -y install redhat-lsb-core
fi
if [ "${REDHAT_VERSION}" = "30" ]; then
dnf -y install libxcrypt-compat
fi
}
setup_puppet() {
if [ -x /opt/puppetlabs/bin/puppet ]; then
true
else
if [ $REDHAT_RELEASE ]; then
RELEASE_URL="https://yum.puppetlabs.com/puppet${PUPPET_VERSION}/puppet${PUPPET_VERSION}-release-${REDHAT_RELEASE}.noarch.rpm"
rpm -hiv "${RELEASE_URL}" || (c=$?; echo "Failed to install ${RELEASE_URL}"; (exit $c))
yum -y install puppet-agent || (c=$?; echo "Failed to install puppet agent"; (exit $c))
if systemctl list-unit-files --type=service | grep firewalld; then
systemctl stop firewalld
systemctl disable firewalld
systemctl mask firewalld
fi
else
if [ $UBUNTU_VERSION ]; then
APT_URL="https://apt.puppetlabs.com/puppet${PUPPET_VERSION}-release-${UBUNTU_VERSION}.deb"
fi
if [ $DEBIAN_VERSION ]; then
APT_URL="https://apt.puppetlabs.com/puppet${PUPPET_VERSION}-release-${DEBIAN_VERSION}.deb"
fi
# https://serverfault.com/questions/500764/dpkg-reconfigure-unable-to-re-open-stdin-no-file-or-directory
export DEBIAN_FRONTEND=noninteractive
FILE="$(mktemp -d)/puppet-release.db"
wget "${APT_URL}" -qO $FILE || (c=$?; echo "Failed to retrieve ${APT_URL}"; (exit $c))
# The apt-daily and apt-daily-upgrade services have a nasty habit of
# launching immediately on boot. This prevents the installer from updating
# the package caches itself, which causes some packages to be missing and
# subsequently causing puppetmaster-installer to fail. So, wait for those
# two services to run before attempting to run the installer. There are
# ways to use systemd-run to accomplish this rather nicely:
#
# https://unix.stackexchange.com/questions/315502/how-to-disable-apt-daily-service-on-ubuntu-cloud-vm-image
#
# However, that approach fails on Ubuntu 16.04 (and earlier) as well as
# Debian 9, so it is not practical. This approach uses a simple polling
# method and built-in tools.
APT_READY=no
while [ "$APT_READY" = "no" ]; do
# This checks three things to prevent package installation failures, in this order:
#
# 1) Is "apt-get update" running?
# 2) Is "apt-get install" running?
# 3) Is "dpkg" running?
#
# The "apt-get install" commands locks dpkg as well, but the last check ensures that dpkg running outside of apt does not cause havoc.
#
# FIXME: this fails in Azure because package "psmisc" that
# provides "fuser" is not installed. However, we can't really
# install it here because of a chicken-and-egg problem.
fuser -s /var/lib/apt/lists/lock || fuser -s /var/cache/apt/archives/lock || fuser -s /var/lib/dpkg/lock || APT_READY=yes
sleep 1
done
dpkg --install $FILE; rm $FILE; apt-get update || (c=$?; echo "Failed to install from ${FILE}"; (exit $c))
apt-get -y install puppet-agent || (c=$?; echo "Failed to install puppet agent"; (exit $c))
fi
fi
}
set_puppet_agent_environment() {
puppet config set --section agent environment $1
}
run_puppet_agent() {
systemctl enable puppet
systemctl start puppet
}
if [ "${HOST_NAME}" != "false" ]; then
set_hostname $HOST_NAME
fi
detect_osfamily
install_dependencies
setup_puppet
set_puppet_agent_environment $PUPPET_ENV
if [ "${START_AGENT}" = "true" ]; then
run_puppet_agent
fi