berlin.freifunk.net puppet deployment scripts
Puppet is a configuration management tool. Please take a look at the puppet documentation before you start.
We use librarian-puppet to manage the puppet
modules in the
Local development and testing
Make sure you have installed vagrant, virtualbox and librarian-puppet.
Change to the
puppet directory and install the puppet modules with
librarian-puppet from the
cd puppet librarian-puppet install
Once you installed the the puppet modules you can use vagrant to start a virtual machine (vm). For example you could start the monitor vm:
vagrant up monitor
To stop a maschine use the
halt command, e.g.:
vagrant halt monitor
If you start a machine for the first time vagrant will start all provisioners
too. If you want to reprovision the puppet configuration you can use the
provision command, e.g.:
vagrant provision monitor
./scripts/install.sh into the home directory of the root user. Run the
script. The script will install all necessary packages and will run puppet once.
Make sure the hostname of the machine is correct once you run puppet.
./scripts/puppet-apply.sh to start a puppet run.
Update puppet modules
To update the puppet modules use
librarian-puppet. It's a module/package
manager for puppet modules. Make sure you are in the
cd puppet librarian-puppet update git add Puppetfile.lock git commit -m "update puppet modules"
Common use cases
Update config.local.php of CGP (monitor.berlin.*)
The next step is to update the puppet modules. berlin-puppet-files is a puppet module that we use in the deploy process. Please follow the instructions in the Update puppet modules section. Make sure you push the changes to the remote machine and execute the update there as well (librarian-puppet update).
Once the modules are updated on the remote machine start a puppet run. Please follow the instructions in the Execute puppet section.
Certificates and private Keys
If you need a private certificate or private key that is part of the deployment process please ask http://github.com/booo for help or contact the mailing list (email@example.com). We keep offline backups of the keys.
Make sure you add the intermediate certs to the cert on deployment.
Check your ssl deployment with ssllabs.
Copy certs and keys to
Additional information can be found in the wiki:
Please try to deploy secure configurations. Take a look at the bettercrypto project for reference.