From 2c45cd012ec1e05bc215cffca94804f4e22b6d63 Mon Sep 17 00:00:00 2001 From: martyewings Date: Wed, 13 Jan 2021 17:02:15 +0000 Subject: [PATCH 01/21] readme updates --- README.md | 72 ++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 50 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index aa39043..149369a 100644 --- a/README.md +++ b/README.md @@ -30,44 +30,72 @@ Software required for the proper functioning of the RSAN will be deployed on the ### Setup Requirements -Dependencies - -derdanne/nfs (>= 2.1.5) -puppetlabs/postgresql (>= 6.6.0) -puppetlabs/puppet_metrics_dashboard (>= 2.3.0) -puppetlabs/stdlib (>= 4.5.0 < 7.0.0) -puppetlabs/concat (>= 1.1.2 < 7.0.0) -puppetlabs/transition (>= 0.1.0 < 1.0.0) -herculesteam/augeasproviders_core (>= 2.1.5 < 4.0.0) -herculesteam/augeasproviders_shellvar (>= 1.2.0 < 5.0.0) -puppetlabs/apt (>= 2.0.0 < 8.0.0) -puppet-grafana (>= 3.0.0 < 7.0.0) -puppet-telegraf (>= 2.0.0 < 4.0.0) -puppetlabs-apt (>= 4.3.0 < 8.0.0) -puppetlabs-inifile (>= 2.0.0 < 5.0.0) -puppetlabs-puppetserver_gem (>= 1.1.1 < 3.0.0) -puppet/openvpn (>= 8.3.0) +Module Dependencies + - derdanne/nfs (>= 2.1.5) + - puppetlabs/postgresql (>= 6.6.0) + - puppetlabs/puppet_metrics_dashboard (>= 2.3.0) + - puppetlabs/stdlib (>= 4.5.0 < 7.0.0) +- puppetlabs/concat (>= 1.1.2 < 7.0.0) +- puppetlabs/transition (>= 0.1.0 < 1.0.0) +- herculesteam/augeasproviders_core (>= 2.1.5 < 4.0.0) +- herculesteam/augeasproviders_shellvar (>= 1.2.0 < 5.0.0) +- puppetlabs/apt (>= 2.0.0 < 8.0.0) +- puppet-grafana (>= 3.0.0 < 7.0.0) +- puppet-telegraf (>= 2.0.0 < 4.0.0) +- puppetlabs-apt (>= 4.3.0 < 8.0.0) +- puppetlabs-inifile (>= 2.0.0 < 5.0.0) +- puppetlabs-puppetserver_gem (>= 1.1.1 < 3.0.0) ### Beginning with rsan -RSAN has Two Classes: +RSAN has two main classes for use in the installation: - rsan::exporter - to be applied to all Puppet infrastructure agents - Console node group "PE Infrastructure Agent" - - rsan::importer - to be applied to a single node which will be come the Remote Support Access Node + - rsan::importer - to be applied to a single node which will be come the Remote Support Access Node(RSAN) + +Following the application of these clases to the infrastructure Puppet Will need to be run on the corresponding agents in the following order: -Adding these two classes will set up all applications and configurations to run RSAN +Infrastructure Agent(s)->RSAN Agent->Infrastrcture Agent(s)->RSAN Agent ## Usage +The following outlines the main features of RSAN and how to consume them +### Live Telemetry Display -TBC - detailed description of feature switches and configurable parameters +The Rsan node will host an instance of the [Puppet Metrics Dashboard](https://forge.puppet.com/modules/puppetlabs/puppet_metrics_dashboard) + +The Dashboard can be accessed on -## Limitations +:3000\ +User: admin\ +Password: admin + +For advanced configuration and documentation please see [Puppet Metrics Dashboard](https://forge.puppet.com/modules/puppetlabs/puppet_metrics_dashboard) + +### Infrastructure node file and log access + +The RSAN node will, by default, mount /var/log/ /opt/puppetlabs and /etc/puppetlabs from each of the Puppet Enterprise Infrastructure nodes on the RSAN platform in the following location, as read only file systems. + +/var/pesupport//var/log\ +/var/pesupport//opt/puppetlabs\ +/var/pesupport//etc/puppetlabs +### PE Client tools + +The RSAN node will deploy Puppet Client tools for use by Puppet Enterprise + + +### Puppet Enterprise Database Access + +## Uninstallation + +## Limitations + - The RSAN importer class should only be applied one agent node + ## Contributions For feature development + bug reporting: From 8f79cc152bf4f943f20086478df4b0628b23e770 Mon Sep 17 00:00:00 2001 From: martyewings Date: Wed, 13 Jan 2021 17:02:15 +0000 Subject: [PATCH 02/21] readme updates --- README.md | 113 ++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 92 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index aa39043..56e4605 100644 --- a/README.md +++ b/README.md @@ -30,43 +30,114 @@ Software required for the proper functioning of the RSAN will be deployed on the ### Setup Requirements -Dependencies - -derdanne/nfs (>= 2.1.5) -puppetlabs/postgresql (>= 6.6.0) -puppetlabs/puppet_metrics_dashboard (>= 2.3.0) -puppetlabs/stdlib (>= 4.5.0 < 7.0.0) -puppetlabs/concat (>= 1.1.2 < 7.0.0) -puppetlabs/transition (>= 0.1.0 < 1.0.0) -herculesteam/augeasproviders_core (>= 2.1.5 < 4.0.0) -herculesteam/augeasproviders_shellvar (>= 1.2.0 < 5.0.0) -puppetlabs/apt (>= 2.0.0 < 8.0.0) -puppet-grafana (>= 3.0.0 < 7.0.0) -puppet-telegraf (>= 2.0.0 < 4.0.0) -puppetlabs-apt (>= 4.3.0 < 8.0.0) -puppetlabs-inifile (>= 2.0.0 < 5.0.0) -puppetlabs-puppetserver_gem (>= 1.1.1 < 3.0.0) -puppet/openvpn (>= 8.3.0) +Module Dependencies + - derdanne/nfs (>= 2.1.5) + - puppetlabs/postgresql (>= 6.6.0) + - puppetlabs/puppet_metrics_dashboard (>= 2.3.0) + - puppetlabs/stdlib (>= 4.5.0 < 7.0.0) +- puppetlabs/concat (>= 1.1.2 < 7.0.0) +- puppetlabs/transition (>= 0.1.0 < 1.0.0) +- herculesteam/augeasproviders_core (>= 2.1.5 < 4.0.0) +- herculesteam/augeasproviders_shellvar (>= 1.2.0 < 5.0.0) +- puppetlabs/apt (>= 2.0.0 < 8.0.0) +- puppet-grafana (>= 3.0.0 < 7.0.0) +- puppet-telegraf (>= 2.0.0 < 4.0.0) +- puppetlabs-apt (>= 4.3.0 < 8.0.0) +- puppetlabs-inifile (>= 2.0.0 < 5.0.0) +- puppetlabs-puppetserver_gem (>= 1.1.1 < 3.0.0) ### Beginning with rsan -RSAN has Two Classes: +RSAN has two main classes for use in the installation: - rsan::exporter - to be applied to all Puppet infrastructure agents - Console node group "PE Infrastructure Agent" - - rsan::importer - to be applied to a single node which will be come the Remote Support Access Node + - rsan::importer - to be applied to a single node which will be come the Remote Support Access Node(RSAN) + +Following the application of these clases to the infrastructure Puppet Will need to be run on the corresponding agents in the following order: -Adding these two classes will set up all applications and configurations to run RSAN +Infrastructure Agent(s)->RSAN Agent->Infrastrcture Agent(s)->RSAN Agent ## Usage +The following outlines the main features of RSAN and how to consume them +### Live Telemetry Display + +The Rsan node will host an instance of the [Puppet Metrics Dashboard](https://forge.puppet.com/modules/puppetlabs/puppet_metrics_dashboard) + +The Dashboard can be accessed on + +:3000\ +User: admin\ +Password: admin + +For advanced configuration and documentation please see [Puppet Metrics Dashboard](https://forge.puppet.com/modules/puppetlabs/puppet_metrics_dashboard) + +### Infrastructure node file and log access + +The RSAN node will, by default, mount /var/log/ /opt/puppetlabs and /etc/puppetlabs from each of the Puppet Enterprise Infrastructure nodes on the RSAN platform in the following location, as read only file systems. + +/var/pesupport//var/log\ +/var/pesupport//opt/puppetlabs\ +/var/pesupport//etc/puppetlabs + +#### Optional Configuration + +The RSAN Class assumes the RSAN server will mount the shared partitions using the IP address Source designated by the "ipaddress" fact. In any deployment should this assertion not be true, it is nessary to set the following parameter to the source IP address of the RSAN Host: + +**rsan::exporter::rsan_importer_ips** + +### PE Client tools + +The RSAN node will deploy Puppet Client tools for use by Puppet Enterprise on the RSAN platform, For More information please see the Puppet Enterprise Documentation: + +[PE Client tools](https://puppet.com/docs/pe/2019.8/installing_pe_client_tools.html) + +A supplementary task is available to generate an RBAC user and role, so that the credentials may be used provided to Puppet Enterprise Support personnel. + +#### Creating Support User + +Run the following task against the Primary Puppet Enterprise Server\ +For imformation on executing PE tasks see the [Puppet Enterprise Documentation](https://puppet.com/docs/pe/2019.8/tasks_in_pe.html)\ +RSAN::supportuser\ +When successful the task will return a password, this should be delivered to Puppet Enterprise Support personnel. + +The Task creates the following user and role: + +**User:** pesupport + +**Role:** PE Suport Role + +The role is intentonally left without permissions, and should be given only the permissions the installing organisation are authorised to grant to Puppet Enterprise Support personnel. For more information on RBAC permissions please see the [Puppet Enterprise Documentation](https://puppet.com/docs/pe/2019.8/rbac_permissions_intro.html) + +### Puppet Enterprise Database Access + +The RSAN Platform has a Postgresql client installed, and is granted certificate based access to all Puppet Enterprise Databases on any pe_postgresl node within the current deployment. The access is limited to the [SELECT](https://www.postgresql.org/docs/11/sql-grant.html) privilege and is therefore READONLY in nature. + +To use this function execute the following command from the CLI of the RSAN host + +``` +psql "sslmode=verify-ca sslrootcert=/etc/puppetlabs/puppet/ssl/certs/ca.pem sslcert=/etc/puppetlabs/puppet/ssl/certs/.pem sslkey=/etc/puppetlabs/puppet/ssl/private_keys/.pem hostaddr= port=5432 user=rsan dbname=" +``` + +Where valid options for are: + +- pe-rbac +- pe-puppetdb +- pe-orchestrator +- pe-inventory +- pe-classifier +- pe-activity -TBC - detailed description of feature switches and configurable parameters +## Uninstallation ## Limitations + - The RSAN importer class should only be applied one agent node +## Known Issues +- When accessing ## Contributions From 13ec7920b923fe1f263c3b9bd08d81fe283251df Mon Sep 17 00:00:00 2001 From: martyewings Date: Thu, 14 Jan 2021 15:27:50 +0000 Subject: [PATCH 03/21] update readme --- README.md | 48 +++++++++++++++++++++++++++++++++--------------- 1 file changed, 33 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index f8c5a59..29989ec 100644 --- a/README.md +++ b/README.md @@ -56,7 +56,7 @@ RSAN has two main classes for use in the installation: - rsan::exporter - to be applied to all Puppet infrastructure agents - Console node group "PE Infrastructure Agent" - rsan::importer - to be applied to a single node which will be come the Remote Support Access Node(RSAN) -Following the application of these clases to the infrastructure Puppet Will need to be run on the corresponding agents in the following order: +Following the application of these clases to the infrastructure, Puppet Will need to be run on the corresponding agents in the following order: Infrastructure Agent(s)->RSAN Agent->Infrastrcture Agent(s)->RSAN Agent @@ -97,20 +97,20 @@ The RSAN node will deploy Puppet Client tools for use by Puppet Enterprise on th A supplementary task is available to generate an RBAC user and role, so that the credentials may be used provided to Puppet Enterprise Support personnel. -#### Creating Support User +>>#### Creating Support User -Run the following task against the Primary Puppet Enterprise Server\ +>>>Run the following task against the Primary Puppet Enterprise Server\ For imformation on executing PE tasks see the [Puppet Enterprise Documentation](https://puppet.com/docs/pe/2019.8/tasks_in_pe.html)\ RSAN::supportuser\ When successful the task will return a password, this should be delivered to Puppet Enterprise Support personnel. -The Task creates the following user and role: +>>>The Task creates the following user and role: -**User:** pesupport +>>>>**User:** pesupport -**Role:** PE Suport Role +>>>>**Role:** PE Suport Role -The role is intentonally left without permissions, and should be given only the permissions the installing organisation are authorised to grant to Puppet Enterprise Support personnel. For more information on RBAC permissions please see the [Puppet Enterprise Documentation](https://puppet.com/docs/pe/2019.8/rbac_permissions_intro.html) +>>>The role is intentonally left without permissions, and should be given only the permissions the installing organisation are authorised to grant to Puppet Enterprise Support personnel. For more information on RBAC permissions please see the [Puppet Enterprise Documentation](https://puppet.com/docs/pe/2019.8/rbac_permissions_intro.html) ### Puppet Enterprise Database Access @@ -133,24 +133,42 @@ Where valid options for are: ## Uninstallation +To Uninsuall RSAN from your Puppet Enterprise Infrastructure. + + - Remove the following Classification: +>>>rsan::exporter\ +>>>rsan::importer + + - Add the following classification to the "PE Infrastructure Agent" node group + >>> rsan::remove_exporter + + - Remove the following classification to the "PE Infrastructure Agent" node group + >>> rsan::remove_exporter + + - Run Puppet on all nodes in "PE Infrastructure Agent" node group + + - Decommission the RSAN platform + + ## Limitations - The RSAN importer class should only be applied one agent node + - All features are currently ## Known Issues -- When accessing +- When accessing the database from the RSAN node for the first time, an error message will be presented: [#40](https://github.com/MartyEwings/RSAN/issues/40) -### PE Client tools - -The RSAN node will deploy Puppet Client tools for use by Puppet Enterprise +>>>```psql: private key file "/etc/puppetlabs/puppet/ssl/private_keys/rsan-target.platform9.puppet.net.pem" has group or world access; permissions should be u=rw (0600) or less``` + >>> To workaround change the private key file to 0600 or less, Puppet will manage this file back to incorrect permissions, for long term access making a copy of the key with the correct permissions is the best course of action. -### Puppet Enterprise Database Access + - PuppetDB Metric Collection fails due to CVE-2020-7943 [27](https://github.com/MartyEwings/RSAN/issues/27) -## Uninstallation +>>>Please refer to the documenation of Puppet Metrics collector for recommended work arounds -## Limitations - - The RSAN importer class should only be applied one agent node + - RSAN NFS volumes are mounted RW, but exported RO [26](https://github.com/MartyEwings/RSAN/issues/26) + + >>>There is no impact to the end user ## Contributions From 36088780baa4051e509142e4f90ab8091616e322 Mon Sep 17 00:00:00 2001 From: martyewings Date: Thu, 14 Jan 2021 15:35:00 +0000 Subject: [PATCH 04/21] uprelease prep --- CHANGELOG.md | 2 ++ manifests/importer.pp | 7 ------- metadata.json | 2 +- tasks/supportsession.json | 7 ------- tasks/supportsession.sh | 28 ---------------------------- tasks/supportuser.json | 2 +- 6 files changed, 4 insertions(+), 44 deletions(-) delete mode 100644 tasks/supportsession.json delete mode 100644 tasks/supportsession.sh diff --git a/CHANGELOG.md b/CHANGELOG.md index 4c954cd..dee8e6e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,8 @@ All notable changes to this project will be documented in this file. **Features** +Initial Release + **Bugfixes** **Known Issues** diff --git a/manifests/importer.pp b/manifests/importer.pp index 98fee5b..eeb60b1 100644 --- a/manifests/importer.pp +++ b/manifests/importer.pp @@ -54,13 +54,6 @@ ####################################################################################### - ##################### 4. VPN client (openvpn) ######################################## - # deploy openvpn client, set up connection with preshared key use licence key UUID as preshared key - # destination will need IT involvement, scope to make it possible with a dummy end point - # Task to enable and disable connection - ###################################################################################### - - diff --git a/metadata.json b/metadata.json index 79248ba..42ad4c4 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "martyewings-rsan", - "version": "0.0.1", + "version": "0.1.0", "author": "Martin Ewings", "summary": "Module to Configure Remote Support Access Node for Puppet Enterprise", "license": "Apache-2.0", diff --git a/tasks/supportsession.json b/tasks/supportsession.json deleted file mode 100644 index c5f3c88..0000000 --- a/tasks/supportsession.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "puppet_task_version": 1, - "supports_noop": false, - "description": "A short description of this task", - "parameters": { - } -} diff --git a/tasks/supportsession.sh b/tasks/supportsession.sh deleted file mode 100644 index 74083e4..0000000 --- a/tasks/supportsession.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh - -# Puppet Task Name: supportsession -# -# This is where you put the shell code for your task. -# -# You can write Puppet tasks in any language you want and it's easy to -# adapt an existing Python, PowerShell, Ruby, etc. script. Learn more at: -# https://puppet.com/docs/bolt/0.x/writing_tasks.html -# -# Puppet tasks make it easy for you to enable others to use your script. Tasks -# describe what it does, explains parameters and which are required or optional, -# as well as validates parameter type. For examples, if parameter "instances" -# must be an integer and the optional "datacenter" parameter must be one of -# portland, sydney, belfast or singapore then the .json file -# would include: -# "parameters": { -# "instances": { -# "description": "Number of instances to create", -# "type": "Integer" -# }, -# "datacenter": { -# "description": "Datacenter where instances will be created", -# "type": "Enum[portland, sydney, belfast, singapore]" -# } -# } -# Learn more at: https://puppet.com/docs/bolt/0.x/writing_tasks.html#ariaid-title11 -# diff --git a/tasks/supportuser.json b/tasks/supportuser.json index c5f3c88..5b191a1 100644 --- a/tasks/supportuser.json +++ b/tasks/supportuser.json @@ -1,7 +1,7 @@ { "puppet_task_version": 1, "supports_noop": false, - "description": "A short description of this task", + "description": "Creates pesupport user and PE Support Role, generated password should be shared with Puppet Enterprise Support personnel", "parameters": { } } From f37ff92b6ab21f371a6b44c6265a78341c39dfae Mon Sep 17 00:00:00 2001 From: martyewings Date: Thu, 14 Jan 2021 15:36:25 +0000 Subject: [PATCH 05/21] uprelease prep --- README.md | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 29989ec..9a5e672 100644 --- a/README.md +++ b/README.md @@ -97,20 +97,20 @@ The RSAN node will deploy Puppet Client tools for use by Puppet Enterprise on th A supplementary task is available to generate an RBAC user and role, so that the credentials may be used provided to Puppet Enterprise Support personnel. ->>#### Creating Support User +#### Creating Support User ->>>Run the following task against the Primary Puppet Enterprise Server\ +Run the following task against the Primary Puppet Enterprise Server\ For imformation on executing PE tasks see the [Puppet Enterprise Documentation](https://puppet.com/docs/pe/2019.8/tasks_in_pe.html)\ RSAN::supportuser\ When successful the task will return a password, this should be delivered to Puppet Enterprise Support personnel. ->>>The Task creates the following user and role: +The Task creates the following user and role: ->>>>**User:** pesupport +**User:** pesupport ->>>>**Role:** PE Suport Role +**Role:** PE Suport Role ->>>The role is intentonally left without permissions, and should be given only the permissions the installing organisation are authorised to grant to Puppet Enterprise Support personnel. For more information on RBAC permissions please see the [Puppet Enterprise Documentation](https://puppet.com/docs/pe/2019.8/rbac_permissions_intro.html) +The role is intentonally left without permissions, and should be given only the permissions the installing organisation are authorised to grant to Puppet Enterprise Support personnel. For more information on RBAC permissions please see the [Puppet Enterprise Documentation](https://puppet.com/docs/pe/2019.8/rbac_permissions_intro.html) ### Puppet Enterprise Database Access @@ -136,14 +136,14 @@ Where valid options for are: To Uninsuall RSAN from your Puppet Enterprise Infrastructure. - Remove the following Classification: ->>>rsan::exporter\ ->>>rsan::importer +rsan::exporter\ +rsan::importer - Add the following classification to the "PE Infrastructure Agent" node group - >>> rsan::remove_exporter + rsan::remove_exporter - Remove the following classification to the "PE Infrastructure Agent" node group - >>> rsan::remove_exporter + rsan::remove_exporter - Run Puppet on all nodes in "PE Infrastructure Agent" node group @@ -158,17 +158,17 @@ To Uninsuall RSAN from your Puppet Enterprise Infrastructure. - When accessing the database from the RSAN node for the first time, an error message will be presented: [#40](https://github.com/MartyEwings/RSAN/issues/40) ->>>```psql: private key file "/etc/puppetlabs/puppet/ssl/private_keys/rsan-target.platform9.puppet.net.pem" has group or world access; permissions should be u=rw (0600) or less``` +```psql: private key file "/etc/puppetlabs/puppet/ssl/private_keys/rsan-target.platform9.puppet.net.pem" has group or world access; permissions should be u=rw (0600) or less``` - >>> To workaround change the private key file to 0600 or less, Puppet will manage this file back to incorrect permissions, for long term access making a copy of the key with the correct permissions is the best course of action. + To workaround change the private key file to 0600 or less, Puppet will manage this file back to incorrect permissions, for long term access making a copy of the key with the correct permissions is the best course of action. - PuppetDB Metric Collection fails due to CVE-2020-7943 [27](https://github.com/MartyEwings/RSAN/issues/27) ->>>Please refer to the documenation of Puppet Metrics collector for recommended work arounds +Please refer to the documenation of Puppet Metrics collector for recommended work arounds - RSAN NFS volumes are mounted RW, but exported RO [26](https://github.com/MartyEwings/RSAN/issues/26) - >>>There is no impact to the end user + There is no impact to the end user ## Contributions From c1f9900d09df28521464da65720b72772c04baab Mon Sep 17 00:00:00 2001 From: MartyEwings Date: Thu, 14 Jan 2021 16:03:20 +0000 Subject: [PATCH 06/21] Update README.md Co-authored-by: Jarret Lavallee --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9a5e672..a59a9f1 100644 --- a/README.md +++ b/README.md @@ -119,7 +119,7 @@ The RSAN Platform has a Postgresql client installed, and is granted certificate To use this function execute the following command from the CLI of the RSAN host ``` -psql "sslmode=verify-ca sslrootcert=/etc/puppetlabs/puppet/ssl/certs/ca.pem sslcert=/etc/puppetlabs/puppet/ssl/certs/.pem sslkey=/etc/puppetlabs/puppet/ssl/private_keys/.pem hostaddr= port=5432 user=rsan dbname=" +psql "host=$(puppet config print server) port=5432 user=rsan sslmode=verify-full sslcert=$(puppet config print hostcert) sslkey=$(puppet config print hostprivkey) sslrootcert=$(puppet config print localcacert) dbname=" ``` Where valid options for are: From 28e65eddb53cb428012137abea40633ec583a601 Mon Sep 17 00:00:00 2001 From: MartyEwings Date: Thu, 14 Jan 2021 16:03:44 +0000 Subject: [PATCH 07/21] Update README.md Co-authored-by: Jarret Lavallee --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a59a9f1..ccba531 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,7 @@ The Rsan node will host an instance of the [Puppet Metrics Dashboard](https://fo The Dashboard can be accessed on -:3000\ +http://:3000\ User: admin\ Password: admin From 3ff20a6a9507adb7d20676a475efb16e6ce38d33 Mon Sep 17 00:00:00 2001 From: martyewings Date: Thu, 14 Jan 2021 16:12:49 +0000 Subject: [PATCH 08/21] upreference file --- REFERENCE.md | 155 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 155 insertions(+) create mode 100644 REFERENCE.md diff --git a/REFERENCE.md b/REFERENCE.md new file mode 100644 index 0000000..82561c1 --- /dev/null +++ b/REFERENCE.md @@ -0,0 +1,155 @@ +# Reference + + + +## Table of Contents + +### Classes + +* [`rsan::exporter`](#rsanexporter) +* [`rsan::importer`](#rsanimporter): Class to consume the resources provided by the exporter class. when applied to a node, all tooling agttributed to RSAN will be set up +* [`rsan::remove_exporter`](#rsanremove_exporter): A short summary of the purpose of this class + +### Functions + +* [`rsan::get_postgres_hosts`](#rsanget_postgres_hosts) +* [`rsan::get_puppet_servers`](#rsanget_puppet_servers) +* [`rsan::get_puppetdb_hosts`](#rsanget_puppetdb_hosts) +* [`rsan::get_rsan_importer_ips`](#rsanget_rsan_importer_ips) +* [`rsan::license_uuid`](#rsanlicense_uuid): return the uuid from a Puppet license file supplied in $content If no $content parameter specified, tries to read the license file from /etc/ + +### Tasks + +* [`supportuser`](#supportuser): Creates pesupport user and PE Support Role, generated password should be shared with Puppet Enterprise Support personnel + +## Classes + +### `rsan::exporter` + +The rsan::exporter class. + +#### Parameters + +The following parameters are available in the `rsan::exporter` class. + +##### `rsan_importer_ips` + +Data type: `Array` + + + +Default value: `rsan::get_rsan_importer_ips()` + +##### `rsan_host` + +Data type: `Optional[String]` + + + +Default value: ``undef`` + +### `rsan::importer` + +Class to consume the resources provided by the exporter class. +when applied to a node, all tooling agttributed to RSAN will be set up + +#### Examples + +##### + +```puppet +include rsan::importer +``` + +### `rsan::remove_exporter` + +A description of what this class does + +#### Examples + +##### + +```puppet +include rsan::remove_exporter +``` + +## Functions + +### `rsan::get_postgres_hosts` + +Type: Puppet Language + +The rsan::get_postgres_hosts function. + +#### `rsan::get_postgres_hosts()` + +The rsan::get_postgres_hosts function. + +Returns: `Any` + +### `rsan::get_puppet_servers` + +Type: Puppet Language + +The rsan::get_puppet_servers function. + +#### `rsan::get_puppet_servers()` + +The rsan::get_puppet_servers function. + +Returns: `Any` + +### `rsan::get_puppetdb_hosts` + +Type: Puppet Language + +The rsan::get_puppetdb_hosts function. + +#### `rsan::get_puppetdb_hosts()` + +The rsan::get_puppetdb_hosts function. + +Returns: `Any` + +### `rsan::get_rsan_importer_ips` + +Type: Puppet Language + +The rsan::get_rsan_importer_ips function. + +#### `rsan::get_rsan_importer_ips()` + +The rsan::get_rsan_importer_ips function. + +Returns: `Array` List of IP addresses for RSAN nodes or an empty array + +### `rsan::license_uuid` + +Type: Puppet Language + +return the uuid from a Puppet license file supplied in $content +If no $content parameter specified, tries to read the license file +from /etc/puppetlabs/license.key + +#### `rsan::license_uuid(Optional[String] $content)` + +return the uuid from a Puppet license file supplied in $content +If no $content parameter specified, tries to read the license file +from /etc/puppetlabs/license.key + +Returns: `String` + +##### `content` + +Data type: `Optional[String]` + + + +## Tasks + +### `supportuser` + +Creates pesupport user and PE Support Role, generated password should be shared with Puppet Enterprise Support personnel + +**Supports noop?** false + From 1863ab83c51305dda423efc3cb0445ef9b7391a5 Mon Sep 17 00:00:00 2001 From: MartyEwings Date: Fri, 15 Jan 2021 14:14:48 +0000 Subject: [PATCH 09/21] Update README.md Co-authored-by: Jarret Lavallee --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ccba531..648c9d2 100644 --- a/README.md +++ b/README.md @@ -164,7 +164,7 @@ rsan::importer - PuppetDB Metric Collection fails due to CVE-2020-7943 [27](https://github.com/MartyEwings/RSAN/issues/27) -Please refer to the documenation of Puppet Metrics collector for recommended work arounds +Please refer to the documentation of [Puppet Metrics Dashboard](https://forge.puppet.com/modules/puppetlabs/puppet_metrics_dashboard) for recommended workarounds - RSAN NFS volumes are mounted RW, but exported RO [26](https://github.com/MartyEwings/RSAN/issues/26) From 018cece9d291353c3e7aa35859df087b2ed37559 Mon Sep 17 00:00:00 2001 From: martyewings Date: Fri, 15 Jan 2021 14:27:32 +0000 Subject: [PATCH 10/21] Update docs --- README.md | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 648c9d2..2a2652c 100644 --- a/README.md +++ b/README.md @@ -31,12 +31,12 @@ Software required for the proper functioning of the RSAN will be deployed on the ### Setup Requirements -Module Dependencies +#### Module Dependencies - - derdanne/nfs (>= 2.1.5) - - puppetlabs/postgresql (>= 6.6.0) - - puppetlabs/puppet_metrics_dashboard (>= 2.3.0) - - puppetlabs/stdlib (>= 4.5.0 < 7.0.0) +- derdanne/nfs (>= 2.1.5) +- puppetlabs/postgresql (>= 6.6.0) +- puppetlabs/puppet_metrics_dashboard (>= 2.3.0) +- puppetlabs/stdlib (>= 4.5.0 < 7.0.0) - puppetlabs/concat (>= 1.1.2 < 7.0.0) - puppetlabs/transition (>= 0.1.0 < 1.0.0) - herculesteam/augeasproviders_core (>= 2.1.5 < 4.0.0) @@ -49,6 +49,15 @@ Module Dependencies - puppetlabs-puppetserver_gem (>= 1.1.1 < 3.0.0) +#### Minimum Hardware requirements + + +| AWS EC2|Cores| RAM |Disk| +| --- | ----------- | --| --| +| m1.medium | 2 CPU | 4GB Memory | 40GB Disk + + + ### Beginning with rsan RSAN has two main classes for use in the installation: @@ -63,7 +72,6 @@ Infrastructure Agent(s)->RSAN Agent->Infrastrcture Agent(s)->RSAN Agent ## Usage The following outlines the main features of RSAN and how to consume them ### Live Telemetry Display -<<<<<<< HEAD The Rsan node will host an instance of the [Puppet Metrics Dashboard](https://forge.puppet.com/modules/puppetlabs/puppet_metrics_dashboard) @@ -164,7 +172,7 @@ rsan::importer - PuppetDB Metric Collection fails due to CVE-2020-7943 [27](https://github.com/MartyEwings/RSAN/issues/27) -Please refer to the documentation of [Puppet Metrics Dashboard](https://forge.puppet.com/modules/puppetlabs/puppet_metrics_dashboard) for recommended workarounds +Please refer to the documenation of Puppet Metrics collector for recommended work arounds - RSAN NFS volumes are mounted RW, but exported RO [26](https://github.com/MartyEwings/RSAN/issues/26) From 3b59ce9b5c6c3d40c31118201c793485f32f823e Mon Sep 17 00:00:00 2001 From: MartyEwings Date: Fri, 15 Jan 2021 14:28:34 +0000 Subject: [PATCH 11/21] Update README.md Co-authored-by: Jarret Lavallee --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2a2652c..d0716cc 100644 --- a/README.md +++ b/README.md @@ -85,7 +85,7 @@ For advanced configuration and documentation please see [Puppet Metrics Dashboar ### Infrastructure node file and log access -The RSAN node will, by default, mount /var/log/ /opt/puppetlabs and /etc/puppetlabs from each of the Puppet Enterprise Infrastructure nodes on the RSAN platform in the following location, as read only file systems. +The RSAN node will, by default, mount `/var/log/`, `/opt/puppetlabs` and `/etc/puppetlabs` from each of the Puppet Enterprise Infrastructure nodes on the RSAN platform in the following location, as read-only file systems. /var/pesupport//var/log\ /var/pesupport//opt/puppetlabs\ From 33d69934b478011624acecbd96b9f2df2a3ce307 Mon Sep 17 00:00:00 2001 From: MartyEwings Date: Fri, 15 Jan 2021 14:28:45 +0000 Subject: [PATCH 12/21] Update README.md Co-authored-by: Jarret Lavallee --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d0716cc..80368b5 100644 --- a/README.md +++ b/README.md @@ -79,7 +79,7 @@ The Dashboard can be accessed on http://:3000\ User: admin\ -Password: admin +**Password:** admin For advanced configuration and documentation please see [Puppet Metrics Dashboard](https://forge.puppet.com/modules/puppetlabs/puppet_metrics_dashboard) From 8bd03a96955e7ba6801836f38e1dc9b8df55e711 Mon Sep 17 00:00:00 2001 From: MartyEwings Date: Fri, 15 Jan 2021 14:29:18 +0000 Subject: [PATCH 13/21] Update README.md Co-authored-by: Jarret Lavallee --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 80368b5..2a0a5e9 100644 --- a/README.md +++ b/README.md @@ -87,7 +87,7 @@ For advanced configuration and documentation please see [Puppet Metrics Dashboar The RSAN node will, by default, mount `/var/log/`, `/opt/puppetlabs` and `/etc/puppetlabs` from each of the Puppet Enterprise Infrastructure nodes on the RSAN platform in the following location, as read-only file systems. -/var/pesupport//var/log\ +`/var/pesupport//var/log\` /var/pesupport//opt/puppetlabs\ /var/pesupport//etc/puppetlabs From 6b68cc00a36440f095237737e731aa1845c2d8a5 Mon Sep 17 00:00:00 2001 From: MartyEwings Date: Fri, 15 Jan 2021 14:29:28 +0000 Subject: [PATCH 14/21] Update README.md Co-authored-by: Jarret Lavallee --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2a0a5e9..229afa9 100644 --- a/README.md +++ b/README.md @@ -78,7 +78,7 @@ The Rsan node will host an instance of the [Puppet Metrics Dashboard](https://fo The Dashboard can be accessed on http://:3000\ -User: admin\ +**User:** admin\ **Password:** admin For advanced configuration and documentation please see [Puppet Metrics Dashboard](https://forge.puppet.com/modules/puppetlabs/puppet_metrics_dashboard) From dddab9d6532da2e44572d7e9151b10c35802ca8d Mon Sep 17 00:00:00 2001 From: MartyEwings Date: Fri, 15 Jan 2021 14:29:38 +0000 Subject: [PATCH 15/21] Update README.md Co-authored-by: Jarret Lavallee --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 229afa9..d2606ef 100644 --- a/README.md +++ b/README.md @@ -77,7 +77,7 @@ The Rsan node will host an instance of the [Puppet Metrics Dashboard](https://fo The Dashboard can be accessed on -http://:3000\ +**URL:** http://:3000\ **User:** admin\ **Password:** admin From f8563e1a1051fb4e27f1038dc175808aadb388f9 Mon Sep 17 00:00:00 2001 From: MartyEwings Date: Fri, 15 Jan 2021 14:29:47 +0000 Subject: [PATCH 16/21] Update README.md Co-authored-by: Jarret Lavallee --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d2606ef..78164f8 100644 --- a/README.md +++ b/README.md @@ -89,7 +89,7 @@ The RSAN node will, by default, mount `/var/log/`, `/opt/puppetlabs` and `/etc/p `/var/pesupport//var/log\` /var/pesupport//opt/puppetlabs\ -/var/pesupport//etc/puppetlabs +`/var/pesupport//etc/puppetlabs` #### Optional Configuration From ee7f233c268102e7b9b5cc57813692ce8487b76d Mon Sep 17 00:00:00 2001 From: MartyEwings Date: Fri, 15 Jan 2021 14:29:56 +0000 Subject: [PATCH 17/21] Update README.md Co-authored-by: Jarret Lavallee --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 78164f8..48a3448 100644 --- a/README.md +++ b/README.md @@ -88,7 +88,7 @@ For advanced configuration and documentation please see [Puppet Metrics Dashboar The RSAN node will, by default, mount `/var/log/`, `/opt/puppetlabs` and `/etc/puppetlabs` from each of the Puppet Enterprise Infrastructure nodes on the RSAN platform in the following location, as read-only file systems. `/var/pesupport//var/log\` -/var/pesupport//opt/puppetlabs\ +`/var/pesupport//opt/puppetlabs\` `/var/pesupport//etc/puppetlabs` #### Optional Configuration From ad50c1f78bbd6bee6f4d80f098ed5a87f7223aca Mon Sep 17 00:00:00 2001 From: martyewings Date: Fri, 15 Jan 2021 15:18:05 +0000 Subject: [PATCH 18/21] Doc Review --- README.md | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 48a3448..58c7ab1 100644 --- a/README.md +++ b/README.md @@ -56,7 +56,9 @@ Software required for the proper functioning of the RSAN will be deployed on the | --- | ----------- | --| --| | m1.medium | 2 CPU | 4GB Memory | 40GB Disk +#### OS Restrictions +RSAN will support RHEL / Debian / Ubuntu however due to the additional of PE Client tools in the installation, you are restricted to installing it on a platform with the same OS as the Primary PE Server. ### Beginning with rsan @@ -95,7 +97,18 @@ The RSAN node will, by default, mount `/var/log/`, `/opt/puppetlabs` and `/etc/p The RSAN Class assumes the RSAN server will mount the shared partitions using the IP address Source designated by the "ipaddress" fact. In any deployment should this assertion not be true, it is nessary to set the following parameter to the source IP address of the RSAN Host: -**rsan::exporter::rsan_importer_ips** +In Hiera + +``` +rsan::exporter::rsan_importer_ips: + - 1.2.3.4 + ``` + +Console Class Declaration + +``` +["1.2.3.4"] +``` ### PE Client tools @@ -160,7 +173,7 @@ rsan::importer ## Limitations - The RSAN importer class should only be applied one agent node - - All features are currently + - All features are currently enabled and can not be individually disabled, this will be addressed in future releases ## Known Issues From ccef9c5f316be41535efe7abcd925fc497fcd009 Mon Sep 17 00:00:00 2001 From: martyewings Date: Fri, 15 Jan 2021 15:28:18 +0000 Subject: [PATCH 19/21] Formatting new line outside of ' tag --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 58c7ab1..d3508f5 100644 --- a/README.md +++ b/README.md @@ -89,8 +89,8 @@ For advanced configuration and documentation please see [Puppet Metrics Dashboar The RSAN node will, by default, mount `/var/log/`, `/opt/puppetlabs` and `/etc/puppetlabs` from each of the Puppet Enterprise Infrastructure nodes on the RSAN platform in the following location, as read-only file systems. -`/var/pesupport//var/log\` -`/var/pesupport//opt/puppetlabs\` +`/var/pesupport//var/log`\ +`/var/pesupport//opt/puppetlabs`\ `/var/pesupport//etc/puppetlabs` #### Optional Configuration From 2279105662a2463ee99298e2c75274eaa5f1c469 Mon Sep 17 00:00:00 2001 From: MartyEwings Date: Fri, 15 Jan 2021 15:33:31 +0000 Subject: [PATCH 20/21] Update README.md Co-authored-by: Jarret Lavallee --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d3508f5..b7426b4 100644 --- a/README.md +++ b/README.md @@ -121,7 +121,7 @@ A supplementary task is available to generate an RBAC user and role, so that the #### Creating Support User Run the following task against the Primary Puppet Enterprise Server\ -For imformation on executing PE tasks see the [Puppet Enterprise Documentation](https://puppet.com/docs/pe/2019.8/tasks_in_pe.html)\ +For information on executing PE tasks see the [Puppet Enterprise Documentation](https://puppet.com/docs/pe/2019.8/tasks_in_pe.html)\ RSAN::supportuser\ When successful the task will return a password, this should be delivered to Puppet Enterprise Support personnel. From f2cf211bedde9636dbcce1189b53e8b0dfd620c7 Mon Sep 17 00:00:00 2001 From: martyewings Date: Fri, 15 Jan 2021 16:18:51 +0000 Subject: [PATCH 21/21] formatting --- README.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index d3508f5..6e483f6 100644 --- a/README.md +++ b/README.md @@ -116,17 +116,19 @@ The RSAN node will deploy Puppet Client tools for use by Puppet Enterprise on th [PE Client tools](https://puppet.com/docs/pe/2019.8/installing_pe_client_tools.html) -A supplementary task is available to generate an RBAC user and role, so that the credentials may be used provided to Puppet Enterprise Support personnel. - -#### Creating Support User - +A supplementary task is available to generate an RBAC user and role, so that the credentials may be used provided to Puppet Enterprise Support personnel. +
+#### Creating Support User +
Run the following task against the Primary Puppet Enterprise Server\ For imformation on executing PE tasks see the [Puppet Enterprise Documentation](https://puppet.com/docs/pe/2019.8/tasks_in_pe.html)\ RSAN::supportuser\ When successful the task will return a password, this should be delivered to Puppet Enterprise Support personnel. - +
+
The Task creates the following user and role: - +
+
**User:** pesupport **Role:** PE Suport Role