diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2016-03-21 11:28:12 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2016-03-21 11:28:12 -0300 |
commit | 6ebba3b8240d58ae749216ffa6254b9f7d2a2b9d (patch) | |
tree | 4e9745c0c73d74cb85fe91e1113f20652bb9c4f8 | |
parent | e40b3514e041a4bb2aac962b639c947333365b4b (diff) | |
parent | 8addf3ea71f50050a791e618bd4511860264c0de (diff) | |
download | hydra-6ebba3b8240d58ae749216ffa6254b9f7d2a2b9d.tar.gz hydra-6ebba3b8240d58ae749216ffa6254b9f7d2a2b9d.tar.bz2 |
Merge branch 'master' into develop
Conflicts:
TODO.md
share/hydra/install
share/hydra/mass
share/hydractl/bootstrap
share/hydractl/puppet-enable
share/hydractl/system-upgrade
-rw-r--r-- | TODO.md | 2 | ||||
-rwxr-xr-x | share/hydra/install | 15 | ||||
-rw-r--r-- | share/hydra/inventory | 0 | ||||
-rwxr-xr-x | share/hydra/list-sites | 38 | ||||
-rwxr-xr-x | share/hydra/mass | 4 | ||||
l--------- | share/hydra/mass-update | 1 | ||||
-rwxr-xr-x | share/hydra/puppet-finger | 26 | ||||
-rwxr-xr-x | share/hydra/puppet-trigger | 32 | ||||
-rwxr-xr-x | share/hydra/whereis | 25 | ||||
-rwxr-xr-x | share/hydractl/bootstrap | 36 | ||||
-rwxr-xr-x | share/hydractl/dist-upgrade | 190 | ||||
-rwxr-xr-x | share/hydractl/puppet-clean-stored | 91 | ||||
l--------- | share/hydractl/puppet-disable | 1 | ||||
-rwxr-xr-x | share/hydractl/puppet-enable | 47 | ||||
-rwxr-xr-x | share/hydractl/puppet-finger | 74 | ||||
-rwxr-xr-x | share/hydractl/puppet-initialize | 20 | ||||
-rwxr-xr-x | share/hydractl/puppet-install | 20 | ||||
-rwxr-xr-x | share/hydractl/puppet-reset-agent | 21 | ||||
-rwxr-xr-x | share/hydractl/puppet-reset-master | 52 | ||||
-rwxr-xr-x | share/hydractl/puppet-reset-stored | 23 | ||||
-rwxr-xr-x | share/hydractl/puppet-setup-stored | 24 | ||||
-rwxr-xr-x | share/hydractl/puppet-trigger | 23 | ||||
-rwxr-xr-x | share/hydractl/puppet-update | 28 | ||||
-rwxr-xr-x | share/hydractl/requirements | 24 | ||||
l---------[-rwxr-xr-x] | share/hydractl/system-upgrade | 180 |
25 files changed, 207 insertions, 790 deletions
@@ -9,6 +9,8 @@ Hydra - bootless: properly support `$subdevice` in parted or always use first partition (like `/dev/sdb1`). - init: add new repositories as superproject's submodules. - newnode: do not generate manifest file, only hiera. +- ssh-config: hydra integration. +- init: version control in the superproject? - deploy: - fix /etc/puppet permissions. - import keys and certs. diff --git a/share/hydra/install b/share/hydra/install index 6a3c07f..00154b7 100755 --- a/share/hydra/install +++ b/share/hydra/install @@ -28,15 +28,14 @@ if [ -z "$NODES" ]; then NODES="`hydra $HYDRA nodes`" fi -# Validation -if [ -z "$ORIGIN" ]; then - ORIGIN="git://git.fluxo.info/hydra.git" -else - ORIGIN_CONFIG="`hydra $HYDRA config git`" +# Get origin +ORIGIN_CONFIG="`hydra $HYDRA config git`" - if [ ! -z "$ORIGIN_CONFIG" ]; then - ORIGIN="$ORIGIN_CONFIG/hydra.git" - fi +# Validate origin +if [ ! -z "$ORIGIN_CONFIG" ]; then + ORIGIN="$ORIGIN_CONFIG/hydra.git" +else + ORIGIN="git://git.fluxo.info/hydra.git" fi # Deploy diff --git a/share/hydra/inventory b/share/hydra/inventory deleted file mode 100644 index e69de29..0000000 --- a/share/hydra/inventory +++ /dev/null diff --git a/share/hydra/list-sites b/share/hydra/list-sites deleted file mode 100755 index 3778e8b..0000000 --- a/share/hydra/list-sites +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public -# License along with this program. If not, see -# <http://www.gnu.org/licenses/>. - -# Load. -source $APP_BASE/lib/hydra/functions || exit 1 -hydra_config_load - -# Parameters -BASENAME="`basename $0`" -LAYER="$1" -DOMAIN="`hydra $HYDRA config domain`" - -# Checks -if [ -z "$LAYER" ]; then - echo "usage: $BASENAME <node>" - exit 1 -elif [ -z "$DOMAIN" ]; then - echo "Please set 'domain' at $HYDRA hydra config." - exit 1 -fi - -# This is crude but we're in a hurry! -if [ -e "$PUPPET/manifests/classes/websites.pp" ]; then - cat $PUPPET/manifests/classes/websites.pp | perl -pe 's/[,:]\n$//;' | grep $LAYER | grep apache::site | cut -d '"' -f 2 -fi diff --git a/share/hydra/mass b/share/hydra/mass index 928836f..a716bae 100755 --- a/share/hydra/mass +++ b/share/hydra/mass @@ -61,9 +61,7 @@ BASEDIR="/tmp" set_nodes # Validation -if [ "$BASENAME" == "mass-update" ]; then - COMMAND="apt-get update" -elif [ "$BASENAME" == "mass-upgrade" ]; then +if [ "$BASENAME" == "mass-upgrade" ]; then COMMAND="DEBIAN_FRONTEND=noninteractive hydractl upgrade clean" elif [ "$BASENAME" == "mass-web" ]; then set_nodes web diff --git a/share/hydra/mass-update b/share/hydra/mass-update deleted file mode 120000 index 698f7d4..0000000 --- a/share/hydra/mass-update +++ /dev/null @@ -1 +0,0 @@ -mass
\ No newline at end of file diff --git a/share/hydra/puppet-finger b/share/hydra/puppet-finger deleted file mode 100755 index a96800b..0000000 --- a/share/hydra/puppet-finger +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -# -# Check puppet fingerprints, hydra perspective. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public -# License along with this program. If not, see -# <http://www.gnu.org/licenses/>. - -# Load -source $APP_BASE/lib/hydra/functions || exit 1 -hydra_config_load - -# Command line arguments -BASENAME="`basename $0`" - -hydra $HYDRA mass hydractl puppet-finger diff --git a/share/hydra/puppet-trigger b/share/hydra/puppet-trigger deleted file mode 100755 index eba1996..0000000 --- a/share/hydra/puppet-trigger +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -# -# Execute commands in a single remote node. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public -# License along with this program. If not, see -# <http://www.gnu.org/licenses/>. - -# Load -source $APP_BASE/lib/hydra/functions || exit 1 -hydra_config_load - -# Parameters -NODO="$1" - -# Connect -if [ ! -z "$NODO" ]; then - $HYDRA_CONNECT $NODO sudo hydractl puppet-trigger -else - echo "No node given." - exit 1 -fi diff --git a/share/hydra/whereis b/share/hydra/whereis index 687b280..515218b 100755 --- a/share/hydra/whereis +++ b/share/hydra/whereis @@ -38,31 +38,18 @@ echo "-------------------------------------------------------------------------- echo "" # Is it a node? -if [ -e "$PUPPET/manifests/nodes/$LAYER.pp" ]; then - echo "Defined as a node at $PUPPET/manifests/nodes/$LAYER.pp" - - if [ -e "$PUPPET/hiera/production/domain/$DOMAIN/node/$LAYER.$DOMAIN.yaml" ]; then - echo "Configuration:" - echo "" - grep "nodo::role:" $PUPPET/hiera/production/domain/$DOMAIN/node/$LAYER.$DOMAIN.yaml - grep "nodo::location:" $PUPPET/hiera/production/domain/$DOMAIN/node/$LAYER.$DOMAIN.yaml - fi -fi - -# Is it a website? -if [ -e "$PUPPET/modules/site_websites" ] && \ - grep -R -e "apache::site" "$PUPPET/modules/site_websites/manifests/" | grep -q "$LAYER" ; then - MANIFEST="$(cd $PUPPET && grep -R -e "apache::site" "modules/site_websites/manifests/" | grep "$LAYER" | cut -d : -f 1)" - - echo "Defined as a website on $MANIFEST:" +if [ -e "$PUPPET/hiera/node/$LAYER.$DOMAIN.yaml" ]; then + echo "Defined as a node at hiera/node/$LAYER.$DOMAIN.yaml" + echo "Configuration:" echo "" - sed -n -e "/apache::site { \"$LAYER\":/,/ }/ p" $PUPPET/$MANIFEST + grep "nodo::role:" $PUPPET/hiera/node/$LAYER.$DOMAIN.yaml + grep "nodo::location:" $PUPPET/hiera/node/$LAYER.$DOMAIN.yaml fi # DNS config if [ -e "$HYDRA_FOLDER/dns/$DOMAIN.conf" ]; then echo "" - echo "DNS configuration at $HYDRA_FOLDER/dns/$DOMAIN.conf" + echo "DNS configuration at dns/$DOMAIN.conf" echo "----------------------------------------------------------------------------------" echo "" diff --git a/share/hydractl/bootstrap b/share/hydractl/bootstrap deleted file mode 100755 index ce1d643..0000000 --- a/share/hydractl/bootstrap +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash -# -# Bootstrap a new hydra using the current host as a starting point. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public -# License along with this program. If not, see -# <http://www.gnu.org/licenses/>. - -STAGE="$1" - -if [ "$STAGE" == "repository" ]; then - hydractl puppet-install - - if [ ! -d "/etc/puppet/.git" ]; then - rm -rf /etc/puppet && git clone git://git.fluxo.info/puppet-bootstrap /etc/puppet - hydra_bootstrap_config /etc/puppet - chown -R puppet. /etc/puppet - fi -fi - -if [ -e "/etc/puppet/manifests/$stage.pp" ]; then - ( - cd /etc/puppet - make apply stage=$stage - ) -fi diff --git a/share/hydractl/dist-upgrade b/share/hydractl/dist-upgrade new file mode 100755 index 0000000..f0c42b1 --- /dev/null +++ b/share/hydractl/dist-upgrade @@ -0,0 +1,190 @@ +#!/bin/bash +# +# Do a system upgrade, from a version to the next. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public +# License along with this program. If not, see +# <http://www.gnu.org/licenses/>. + +# Load +source $APP_BASE/lib/hydra/functions || exit 1 +hydra_config_load + +# Parameters +TMP="/tmp" +STATE="$TMP/system-upgrade" +ENV="$TMP/system-upgrade-env" + +# Command line arguments +BASENAME="`basename $0`" +NEXTRELEASE="$1" + +# Proceed to the next upgrade stage +function hydra_system_upgrade_stage { + STAGE="$1" + echo $STAGE > $STATE + hydra_system_upgrade_$STAGE +} + +# Set and check upgrade environment +function hydra_system_upgrade_env { + # Set initial state + hydra_system_upgrade_stage env + + # Available releases + #release="`facter lsbdistcodename`" # this doesn't work on squeeze + release="`facter 2> /dev/null | grep lsbdistcodename | sed -e 's/lsbdistcodename => //'`" + nextrelease="`hydra_next_debian_release $release`" + + # Is a virtual machine? + virtual="`facter 2> /dev/null | grep virtual | grep -v '^is_virtual' | sed -e 's/virtual => //'`" + + # Save environment + echo "release=$release" > $ENV + echo "nextrelease=$nextrelease" >> $ENV + echo "nextrelease=$nextrelease" >> $ENV + echo "virtual=$virtual" >> $ENV + + # Check release + if [ "$?" != "0" ]; then + echo "Unsupported release" + exit 1 + fi + + # Check optional parameter + if [ ! -z "$NEXTRELEASE" ]; then + if [ "$NEXTRELEASE" == "$release" ]; then + echo "System is already upgraded to $NEXTRELEASE" + exit 1 + fi + + if [ "$NEXTRELEASE" != "$nextrelease" ]; then + echo "Cannot upgrade: next release for this system is $nextrelease" + exit 1 + fi + fi + + # Set next state + hydra_system_upgrade_stage prepare +} + +# Prepare the environment for a system upgrade +function hydra_system_upgrade_prepare { + # Ensure puppet is stopped during the process + if [ -e "/etc/default/puppet" ]; then + echo "Disabling puppet agent..." + sed -i -e 's/START=yes/START=no/' /etc/default/puppet + service puppet stop + fi + + # Configure apt for the next debian release + echo "" + echo "Updating apt configuration..." + sed -i -e "s/$release/$nextrelease/g" /etc/apt/sources.list + sed -i -e "s/$release/$nextrelease/g" /etc/apt/preferences + sed -i -e 's|^deb http://backports.debian.org/debian-backports|#deb http://backports.debian.org/debian-backports|' /etc/apt/sources.list + + # These will be generated by puppet and can be safely removed + rm -f /etc/apt/sources.list.d/* + rm -f /etc/apt/preferences.d/* + + # These might lead in upgrade errors + if [ "$virtual" == "vserver" ] && [ "$nextrelease" == "wheezy" ]; then + apt-get remove makedev -y + apt-get remove colord -y + fi + + # Set next state + hydra_system_upgrade_stage download +} + +# Update package listing and download new packages +function hydra_system_upgrade_download { + echo "" + echo "Updating package listing..." + apt-get update + echo "" + echo "Downloading packages..." + apt-get dist-upgrade -d -y + hydra_system_upgrade_stage upgrade +} + +# Proceed with the actual upgrade +function hydra_system_upgrade_upgrade { + echo "" + echo "Upgrading the system..." + DEBIAN_FRONTEND=noninteractive apt-get dist-upgrade + + if [ "$?" != "0" ]; then + echo "Upgrade failed. Please fix it manually and run this command again." + exit 1 + fi + + hydra_system_upgrade_stage custom +} + +# Custom upgrade procedures +function hydra_system_upgrade_custom { + if [ "$nextrelease" == "wheezy" ]; then + # Old suhosin config + rm -f /etc/php5/conf.d/suhosin.ini + + # This has to be manually installed again + if [ -f "/etc/php5/cli/conf.d/uploadprogress.ini" ]; then + pecl uninstall uploadprogress + pecl install uploadprogress + fi + fi + + if [ "$nextrelease" == "jessie" ]; then + # We're using a masterless puppet setup, so no agent + apt-get install puppet-common + apt-get purge puppet + + # Purge old monitoring infrastructure + apt-get purge 'munin*' 'nagios*' + rm -rf /etc/nagios* /etc/munin* /etc/munin* /usr/share/munin* + + # Cleanup old scripts + rm -f /usr/local/sbin/check-puppetd.sh + rm -f remove /etc/cron.d/puppetd + fi + + hydractl trac-upgrade + hydra_system_upgrade_stage cleanup +} + +# Cleanup procedures +function hydra_system_upgrade_cleanup { + apt-get autoremove --purge -y + apt-get clean +} + +# Initialize +if [ ! -e "$STATE" ]; then + hydra_system_upgrade_env +else + # Resume from the previous state + STAGE="`cat $STATE`" + + # Restore environment + if [ -e "$ENV" ]; then + source $ENV + fi + + hydra_system_upgrade_$STAGE +fi + +# Teardown +rm -f $STATE +rm -f $ENV diff --git a/share/hydractl/puppet-clean-stored b/share/hydractl/puppet-clean-stored deleted file mode 100755 index dcbefa8..0000000 --- a/share/hydractl/puppet-clean-stored +++ /dev/null @@ -1,91 +0,0 @@ -#!/usr/bin/env ruby - -# Script to clean up stored configs for (a) given host(s) -# -# Credits: -# Script was taken from http://reductivelabs.com/trac/puppet/attachment/wiki/UsingStoredConfiguration/kill_node_in_storedconfigs_db.rb (link no longer valid), -# which haven been initially posted by James Turnbull -# duritong adapted and improved the script a bit. - -require 'getoptlong' -config = '/etc/puppet/puppet.conf' - -def printusage(error_code) - puts "Usage: #{$0} [ list of hostnames as stored in hosts table ]" - puts "\n Options:" - puts "--config <puppet config file>" - exit(error_code) -end - - - opts = GetoptLong.new( - - [ "--config", "-c", GetoptLong::REQUIRED_ARGUMENT ], - [ "--help", "-h", GetoptLong::NO_ARGUMENT ], - [ "--usage", "-u", GetoptLong::NO_ARGUMENT ], - - [ "--version", "-v", GetoptLong::NO_ARGUMENT ] -) - -begin - opts.each do |opt, arg| - case opt - when "--config" - config = arg - - when "--help" - printusage(0) - - when "--usage" - printusage(0) - - when "--version" - puts "#{Puppet.version}" - exit - end - end -rescue GetoptLong::InvalidOption => detail - $stderr.puts "Try '#{$0} --help'" - exit(1) -end - -printusage(1) unless ARGV.size > 0 - -require 'puppet/rails' -Puppet[:config] = config -Puppet.parse_config -pm_conf = Puppet.settings.instance_variable_get(:@values)[:master] - -adapter = pm_conf[:dbadapter] -args = {:adapter => adapter, :log_level => pm_conf[:rails_loglevel]} - -case adapter - when "sqlite3" - args[:dbfile] = pm_conf[:dblocation] - when "mysql", "postgresql" - args[:host] = pm_conf[:dbserver] unless pm_conf[:dbserver].to_s.empty? - args[:username] = pm_conf[:dbuser] unless pm_conf[:dbuser].to_s.empty? - args[:password] = pm_conf[:dbpassword] unless pm_conf[:dbpassword].to_s.empty? - args[:database] = pm_conf[:dbname] unless pm_conf[:dbname].to_s.empty? - args[:port] = pm_conf[:dbport] unless pm_conf[:dbport].to_s.empty? - socket = pm_conf[:dbsocket] - args[:socket] = socket unless socket.to_s.empty? - else - raise ArgumentError, "Invalid db adapter #{adapter}" -end - -args[:database] = "puppet" unless not args[:database].to_s.empty? - -ActiveRecord::Base.establish_connection(args) - -ARGV.each { |hostname| - if @host = Puppet::Rails::Host.find_by_name(hostname.strip) - print "Killing #{hostname}..." - $stdout.flush - @host.destroy - puts "done." - else - puts "Can't find host #{hostname}." - end -} -exit 0 diff --git a/share/hydractl/puppet-disable b/share/hydractl/puppet-disable deleted file mode 120000 index d68c04b..0000000 --- a/share/hydractl/puppet-disable +++ /dev/null @@ -1 +0,0 @@ -puppet-enable
\ No newline at end of file diff --git a/share/hydractl/puppet-enable b/share/hydractl/puppet-enable deleted file mode 100755 index bdb4455..0000000 --- a/share/hydractl/puppet-enable +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash -# -# Disable puppet agent. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public -# License along with this program. If not, see -# <http://www.gnu.org/licenses/>. - -# Load -source $APP_BASE/lib/hydra/functions || exit 1 -hydra_config_load - -# Command line arguments -BASENAME="`basename $0`" - -# Newer systems are masterless -if [ "$OSVERSION" != "7" ]; then - exit -fi - -# Set sudo config -if [ "`whoami`" != 'root' ]; then - sudo="sudo" -fi - -# Business -if [ "$BASENAME" == "puppet-enable" ]; then - if [ -e "/etc/default/puppet" ]; then - $sudo sed -i -e 's/START=no/START=yes/' /etc/default/puppet - $sudo service puppet start - fi -else - if [ -e "/etc/default/puppet" ]; then - $sudo sed -i -e 's/START=yes/START=no/' /etc/default/puppet - $sudo service puppet stop - fi -fi diff --git a/share/hydractl/puppet-finger b/share/hydractl/puppet-finger deleted file mode 100755 index af83cc9..0000000 --- a/share/hydractl/puppet-finger +++ /dev/null @@ -1,74 +0,0 @@ -#!/bin/bash -# -# Check puppet fingerprints, hydractl perspective. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public -# License along with this program. If not, see -# <http://www.gnu.org/licenses/>. - -# Load -source $APP_BASE/lib/hydra/functions || exit 1 -hydra_config_load - -# Command line arguments -BASENAME="`basename $0`" - -# Execute openssl -function puppet_openssl { - if [ -z "$1" ]; then - return - fi - - openssl x509 -text -noout -fingerprint -in $1 | grep "^SHA1 Fingerprint=" | \ - sed -e 's/^SHA1 Fingerprint=//' -} - -# Print a fingerprint with correct padding. -function print_fingerprint { - if [ -z "$2" ]; then - return - fi - - len="`echo $1 | wc -c`" - offset="$((85 - $len))" - printf "$1: %${offset}s\n" "$2" -} - -# Master: -# -# openssl x509 -text -noout -fingerprint -in /var/lib/puppetmaster/ssl/ca/signed/fqdn.pem -# openssl x509 -text -noout -fingerprint -in /var/lib/puppetmaster/ssl/certs/ca.pem -# -if [ -d "/var/lib/puppetmaster/ssl" ]; then - if [ -d "/var/lib/puppetmaster/ssl/ca/signed" ]; then - for file in `ls /var/lib/puppetmaster/ssl/ca/signed`; do - fp="`puppet_openssl /var/lib/puppetmaster/ssl/ca/signed/$file`" - print_fingerprint `basename $file .pem` $fp - done - fi - - if [ -f "/var/lib/puppetmaster/ssl/certs/ca.pem" ]; then - print_fingerprint ca `puppet_openssl /var/lib/puppetmaster/ssl/certs/ca.pem` - fi -fi - -# Node: -# -# openssl x509 -text -noout -fingerprint -in /var/lib/puppet/ssl/certs/fqdn.pem -# openssl x509 -text -noout -fingerprint -in /var/lib/puppet/ssl/certs/ca.pem -# -if [ -d "/var/lib/puppet/ssl" ]; then - fqdn="`facter fqdn`" - print_fingerprint $fqdn `puppet_openssl /var/lib/puppet/ssl/certs/$fqdn.pem` - print_fingerprint ca `puppet_openssl /var/lib/puppet/ssl/certs/ca.pem` -fi diff --git a/share/hydractl/puppet-initialize b/share/hydractl/puppet-initialize deleted file mode 100755 index 26b0165..0000000 --- a/share/hydractl/puppet-initialize +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -# -# Make puppet agent first connection with the master node. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public -# License along with this program. If not, see -# <http://www.gnu.org/licenses/>. - -puppet agent --server puppet.`facter domain` --pluginsync true --waitforcert 60 --test \ - --vardir /var/lib/puppet --ssldir /var/lib/puppet/ssl $* diff --git a/share/hydractl/puppet-install b/share/hydractl/puppet-install deleted file mode 100755 index 63027b0..0000000 --- a/share/hydractl/puppet-install +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -# -# Install puppet and puppetmaster. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public -# License along with this program. If not, see -# <http://www.gnu.org/licenses/>. - -apt-get update -apt-get install puppet puppetmaster diff --git a/share/hydractl/puppet-reset-agent b/share/hydractl/puppet-reset-agent deleted file mode 100755 index 2c7b724..0000000 --- a/share/hydractl/puppet-reset-agent +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -# -# Reset puppet SSL setup and register again. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public -# License along with this program. If not, see -# <http://www.gnu.org/licenses/>. - -/etc/init.d/puppet stop -rm -rf /var/lib/puppet/ssl -hydractl puppet-initialize diff --git a/share/hydractl/puppet-reset-master b/share/hydractl/puppet-reset-master deleted file mode 100755 index 99dd7ae..0000000 --- a/share/hydractl/puppet-reset-master +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/bash -# -# Reset puppet master and start over again. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public -# License along with this program. If not, see -# <http://www.gnu.org/licenses/>. - -# Stop agent -/etc/init.d/puppet stop - -# Stop master -if [ -e "/etc/init.d/puppetmaster" ]; then - /etc/init.d/puppetmaster stop - /etc/init.d/nginx stop -else - /etc/init.d/apache2 stop -fi - -# Reset configuration -hydractl puppet-reset-stored -rm -rf /var/lib/puppetmaster/ssl - -# Generate new certificate -# See http://blkperl.github.io/replace-puppet-ca.html -# http://docs.puppetlabs.com/puppet/latest/reference/ssl_regenerate_certificates.html -puppet cert --generate puppet.`facter domain` -hydractl puppet-finger - -# Get fresh config -rm -rf /etc/puppet/ && git clone /var/git/repositories/puppet.git/ /etc/puppet -( cd /etc/puppet/ && git submodule update --init ) -chown -R puppet.puppet /etc/puppet/ - -# Start master -if [ -e "/etc/init.d/puppetmaster" ]; then - /etc/init.d/puppetmaster start - sleep 5 - /etc/init.d/nginx start -else - /etc/init.d/apache2 start -fi diff --git a/share/hydractl/puppet-reset-stored b/share/hydractl/puppet-reset-stored deleted file mode 100755 index ec7cea7..0000000 --- a/share/hydractl/puppet-reset-stored +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash -# -# Reset puppet stored configs. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public -# License along with this program. If not, see -# <http://www.gnu.org/licenses/>. - -# Load. -source $APP_BASE/lib/hydra/functions || exit 1 -hydra_config_load - -hydra_truncate_database puppet diff --git a/share/hydractl/puppet-setup-stored b/share/hydractl/puppet-setup-stored deleted file mode 100755 index 8e04261..0000000 --- a/share/hydractl/puppet-setup-stored +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -# -# Setup puppet stored configs. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public -# License along with this program. If not, see -# <http://www.gnu.org/licenses/>. - -# Load. -source $APP_BASE/lib/hydra/functions || exit 1 -hydra_config_load - -# TODO -echo "TODO!" diff --git a/share/hydractl/puppet-trigger b/share/hydractl/puppet-trigger deleted file mode 100755 index 1f964db..0000000 --- a/share/hydractl/puppet-trigger +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash -# -# Triggers puppet agend execution. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public -# License along with this program. If not, see -# <http://www.gnu.org/licenses/>. - -if [ -e '/var/run/puppet/agent.pid' ]; then - kill -USR1 `cat /var/run/puppet/agent.pid` -elif [ -e '/var/run/puppet/puppetd.pid' ]; then - kill -USR1 `cat /var/run/puppet/puppetd.pid` -fi diff --git a/share/hydractl/puppet-update b/share/hydractl/puppet-update deleted file mode 100755 index 0e9e8fe..0000000 --- a/share/hydractl/puppet-update +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -# -# Update puppet repository. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public -# License along with this program. If not, see -# <http://www.gnu.org/licenses/>. - -if [ -x '/usr/local/sbin/update-puppet-conf.sh' ]; then - /usr/local/sbin/update-puppet-conf.sh - - # Avoid reparsing of puppet config by just fixing perms if needed. - chown --from=root:root -R puppet.puppet /etc/puppet/* - chown --from=root:root -R puppet.puppet /etc/puppet/.git -else - echo "Could not find /usr/local/sbin/update-puppet-conf.sh" - exit 1 -fi diff --git a/share/hydractl/requirements b/share/hydractl/requirements deleted file mode 100755 index ccebab8..0000000 --- a/share/hydractl/requirements +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -# -# Get all needed requirements. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public -# License along with this program. If not, see -# <http://www.gnu.org/licenses/>. - -REQUIREMENTS="lsb-release facter" - -# Check for requirements. -for req in "$REQUIREMENTS"; do - hydra_install_package $req -done diff --git a/share/hydractl/system-upgrade b/share/hydractl/system-upgrade index 374a3b0..bb7a06e 100755..120000 --- a/share/hydractl/system-upgrade +++ b/share/hydractl/system-upgrade @@ -1,179 +1 @@ -#!/bin/bash -# -# Do a system upgrade, from a version to the next. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public -# License along with this program. If not, see -# <http://www.gnu.org/licenses/>. - -# Load -source $APP_BASE/lib/hydra/functions || exit 1 -hydra_config_load - -# Parameters -TMP="/tmp" -STATE="$TMP/system-upgrade" -ENV="$TMP/system-upgrade-env" - -# Command line arguments -BASENAME="`basename $0`" -NEXTRELEASE="$1" - -# Proceed to the next upgrade stage -function hydra_system_upgrade_stage { - STAGE="$1" - echo $STAGE > $STATE - hydra_system_upgrade_$STAGE -} - -# Set and check upgrade environment -function hydra_system_upgrade_env { - # Available releases - #release="`facter lsbdistcodename`" # this doesn't work on squeeze - release="`facter 2> /dev/null | grep lsbdistcodename | sed -e 's/lsbdistcodename => //'`" - nextrelease="`hydra_next_debian_release $release`" - - # Is a virtual machine? - virtual="`facter 2> /dev/null | grep virtual | grep -v '^is_virtual' | sed -e 's/virtual => //'`" - - # Save environment - echo "release=$release" > $ENV - echo "nextrelease=$nextrelease" >> $ENV - echo "nextrelease=$nextrelease" >> $ENV - echo "virtual=$virtual" >> $ENV - - # Check release - if [ "$?" != "0" ]; then - echo "Unsupported release" - exit 1 - fi - - # Check optional parameter - if [ ! -z "$NEXTRELEASE" ]; then - if [ "$NEXTRELEASE" == "$release" ]; then - echo "System is already upgraded to $NEXTRELEASE" - exit 1 - fi - - if [ "$NEXTRELEASE" != "$nextrelease" ]; then - echo "Cannot upgrade: next release for this system is $nextrelease" - exit 1 - fi - fi - - # Set next state - hydra_system_upgrade_stage prepare -} - -# Prepare the environment for a system upgrade -function hydra_system_upgrade_prepare { - # Ensure puppet is stopped during the process - echo "Disabling puppet during the upgrade..." - hydractl puppet-disable - - # Configure apt for the next debian release - echo "" - echo "Updating apt configuration..." - sed -i -e "s/$release/$nextrelease/g" /etc/apt/sources.list - sed -i -e 's|^deb http://backports.debian.org/debian-backports|#deb http://backports.debian.org/debian-backports|' /etc/apt/sources.list - - if [ -e "/etc/apt/preferences" ]; then - sed -i -e "s/$release/$nextrelease/g" /etc/apt/preferences - fi - - # These will be generated by puppet and can be safely removed - rm -f /etc/apt/sources.list.d/* - rm -f /etc/apt/preferences.d/* - - # These might lead in upgrade errors - if [ "$virtual" == "vserver" ] && [ "$nextrelease" == "wheezy" ]; then - apt-get remove makedev -y - apt-get remove colord -y - fi - - # Set next state - hydra_system_upgrade_stage download -} - -# Update package listing and download new packages -function hydra_system_upgrade_download { - echo "" - echo "Updating package listing..." - apt-get update - echo "" - echo "Downloading packages..." - apt-get dist-upgrade -d -y - hydra_system_upgrade_stage upgrade -} - -# Proceed with the actual upgrade -function hydra_system_upgrade_upgrade { - echo "" - echo "Upgrading the system..." - DEBIAN_FRONTEND=noninteractive apt-get dist-upgrade - - if [ "$?" != "0" ]; then - echo "Upgrade failed. Please fix it manually and run this command again." - exit 1 - fi - - hydra_system_upgrade_stage custom -} - -# Custom upgrade procedures -function hydra_system_upgrade_custom { - # Custom jessie stuff - if [ "$nextrelease" == "jessie" ]; then - # We're going masterless, so no puppet and old services - apt-get purge puppet libapache2-mod-passenger 'munin*' 'nagios*' -y - rm -rf /etc/munin/plugins /etc/munin/plugin-conf.d /usr/local/sbin/check-puppetd.sh - fi - - hydractl trac-upgrade - hydra_system_upgrade_stage cleanup -} - -# Cleanup procedures -function hydra_system_upgrade_cleanup { - apt-get autoremove -y --purge - apt-get clean - #hydra_system_upgrade_stage puppet -} - -# Enable puppet again -#function hydra_system_upgrade_puppet { -# echo "" -# echo "Starting puppet again..." -# hydractl puppet-enable -#} - -# Initialize -if [ ! -e "$STATE" ]; then - hydra_system_upgrade_stage env -else - # Resume from the previous state - STAGE="`cat $STATE`" - - # Restore environment - if [ -e "$ENV" ]; then - source $ENV - fi - - if [ ! -z "$STAGE" ]; then - hydra_system_upgrade_stage $STAGE - fi -fi - -# Teardown -rm -f $STATE -rm -f $ENV +dist-upgrade
\ No newline at end of file |