Puppet is a configuration management tool. Please take a look at the puppet documentation before you start.
Currently we migrate to ansible. Please add your configuration to the ansible-repository.
We use vagrant with virtualbox for local testing.
We use librarian-puppet to manage the puppet
modules in the puppet/modules
directory.
Make sure you have installed vagrant, virtualbox and librarian-puppet.
Change to the puppet
directory and install the puppet modules with
librarian-puppet from the Puppetfile
:
cd puppet
librarian-puppet install
Once you installed the the puppet modules you can use vagrant to start a virtual machine (vm). For example you could start the monitor vm:
vagrant up monitor
To stop a machine use the halt
command, e.g.:
vagrant halt monitor
If you start a machine for the first time vagrant will start all provisioners
too. If you want to reprovision the puppet configuration you can use the
provision
command, e.g.:
vagrant provision monitor
Copy ./scripts/install.sh
into the home directory of the root user. Run the
script. The script will install all necessary packages and will run puppet once.
Make sure the hostname of the machine is correct once you run puppet.
Use ./scripts/puppet-apply.sh
to start a puppet run.
To update the puppet modules use librarian-puppet
. It's a module/package
manager for puppet modules. Make sure you are in the puppet
directory:
cd puppet
librarian-puppet update
git add Puppetfile.lock
git commit -m "update puppet modules"
To update the index of our monitoring site
you should first clone the berlin-puppet-files
repository. Change the index in files/config.local.php
. Commit your changes
and push the changes.
The next step is to update the puppet modules. berlin-puppet-files is a puppet module that we use in the deploy process. Please follow the instructions in the Update puppet modules section. Make sure you push the changes to the remote machine and execute the update there as well (librarian-puppet update).
Once the modules are updated on the remote machine start a puppet run. Please follow the instructions in the Execute puppet section.
If you need a private certificate or private key that is part of the deployment process please ask http://github.com/booo for help or contact the mailing list (berlin@berlin.freifunk.net). We keep offline backups of the keys.
Make sure you add the intermediate certs to the cert on deployment.
Check your ssl deployment with ssllabs.
Copy certs and keys to /etc/ssl/{certs, private}
.
Additional information can be found in the wiki:
http://wiki.freifunk.net/StartSSL
Please try to deploy secure configurations. Take a look at the bettercrypto project for reference.