-
Notifications
You must be signed in to change notification settings - Fork 2
/
write-scripts.cfg
277 lines (249 loc) · 10.7 KB
/
write-scripts.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
#cloud-config
write_files:
- path: /var/cache/set-hostname.sh
owner: root:root
permissions: '0755'
content: |
#!/bin/sh
#
# Exit on any error
set -e
HOSTNAME=$1
if [ "${HOSTNAME}" = "" ]; then
echo "NOTICE: Hostname not defined, will not modify the hostname"
exit 0
fi
hostnamectl set-hostname $1
- path: /var/cache/add-puppetmaster-to-etc-hosts.sh
owner: root:root
permissions: '0755'
content: |
#!/bin/sh
#
# Exit on any error
set -e
PUPPETMASTER_IP=$1
if [ "${PUPPETMASTER_IP}" = "" ]; then
echo "NOTICE: Puppetmaster IP not defined, will not modify /etc/hosts"
exit 0
fi
export PATH=$PATH:/bin:/sbin:/usr/bin:/usr/sbin:/opt/puppetlabs/bin:/opt/puppetlabs/puppet/bin
echo ${PUPPETMASTER_IP} puppet >> /etc/hosts
- path: /var/cache/add-deployment-fact.sh
owner: root:root
permissions: '0755'
content: |
#!/bin/sh
#
# Exit on any error
set -e
DEPLOYMENT=$1
if [ "${DEPLOYMENT}" = "" ]; then
echo "NOTICE: Deployment not defined, will not add the fact"
exit 0
fi
export PATH=$PATH:/bin:/sbin:/usr/bin:/usr/sbin:/opt/puppetlabs/bin:/opt/puppetlabs/puppet/bin
# Add Puppet fact (deployment)
mkdir -p /etc/facter/facts.d
chown -R root:root /etc/facter
echo "deployment: ${DEPLOYMENT}" > /etc/facter/facts.d/deployment.yaml
# Add Ansible fact (deployment.name)
mkdir -p /etc/ansible/facts.d
chown -R root:root /etc/ansible/facts.d
echo "{ \"name\": \"${DEPLOYMENT}\" }" > /etc/ansible/facts.d/deployment.fact
- path: /var/cache/install-puppet.sh
owner: root:root
permissions: '0755'
content: |
#!/bin/sh
#
# Exit on any error
set -e
usage() {
echo "Usage: install-puppet.sh [-n <hostname>] [-e <puppet env>] [-p <puppet version>] [-d <url>] [-s] [-6] [-h]"
echo
echo "Options:"
echo " -n hostname to set (default: do not set hostname)"
echo " -e puppet agent environment (default: production)"
echo " -p puppet version: 7 (default). Version 6 is no longer supported."
echo " -s enable and start puppet agent (default: no)"
echo " -6 use IPv6 only for outbound connections (default: no)"
echo " -d puppet release package download URL (default: select automatically)"
echo " -h show this help"
echo
exit 2
}
# Default settings
HOST_NAME="false"
PUPPET_ENV="production"
PUPPET_VERSION="7"
PUPPET_RELEASE_DOWNLOAD_URL="autodetect"
START_AGENT="false"
IPV6_ONLY="false"
while getopts 'n:e:p:d:s6h' arg
do
case $arg in
n) HOST_NAME=$OPTARG ;;
e) PUPPET_ENV=$OPTARG ;;
p) PUPPET_VERSION=$OPTARG ;;
d) PUPPET_RELEASE_DOWNLOAD_URL=$OPTARG ;;
s) START_AGENT="true" ;;
6) IPV6_ONLY="true" ;;
h) usage ;;
esac
done
export PATH=$PATH:/bin:/sbin:/usr/bin:/usr/sbin:/opt/puppetlabs/bin:/opt/puppetlabs/puppet/bin
CWD=`pwd`
set_hostname() {
hostnamectl set-hostname $1
}
detect_osfamily() {
if [ -f /etc/redhat-release ]; then
OSFAMILY='redhat'
RELEASE=$(cat /etc/redhat-release)
if [ "`echo $RELEASE | grep -E 7\.[0-9]+`" ]; then
REDHAT_VERSION="7"
REDHAT_RELEASE="el-7"
elif [ "`echo $RELEASE | grep -E 8\.[0-9]+`" ]; then
REDHAT_VERSION="8"
REDHAT_RELEASE="el-8"
elif [ "`echo $RELEASE | grep -E 9\.[0-9]+`" ]; then
REDHAT_VERSION="9"
REDHAT_RELEASE="el-9"
elif [ "`echo $RELEASE | grep "(Thirty)"`" ]; then
REDHAT_VERSION="30"
# Puppetlabs does not have Fedora 30 packages yet
REDHAT_RELEASE="fedora-29"
else
echo "Unsupported Redhat/Centos/Fedora version. Red Hat 7-9 and Fedora 30 are supported."
exit 1
fi
elif [ "`lsb_release -d | grep -E '(Ubuntu|Debian)'`" ]; then
OSFAMILY='debian'
DESCR="$(lsb_release -d | awk '{ print $2}')"
if [ `echo $DESCR|grep Ubuntu` ]; then
UBUNTU_VERSION="$(lsb_release -c | awk '{ print $2}')"
elif [ `echo $DESCR|grep Debian` ]; then
DEBIAN_VERSION="$(lsb_release -c | awk '{ print $2}')"
else
echo "Unsupported Debian family operating system. Supported are Debian and Ubuntu"
exit 1
fi
else
echo "ERROR: unsupported osfamily. Supported are Debian and RedHat"
exit 1
fi
}
force_ipv6() {
if [ "$IPV6_ONLY" = "true" ]; then
if [ -r "/etc/dnf/dnf.conf" ]; then
echo "ip_resolve=6" >> /etc/dnf/dnf.conf
elif [ -r /etc/yum.conf ]; then
echo "ip_resolve=6" >> /etc/yum.conf
else
echo "NOTICE: -6 (IPV6_ONLY) is a no-op on non-Red Hat operating systems"
fi
fi
}
install_dependencies() {
# Ensure that facts such as $::lsbdistcodename are available for Puppet
if [ -f /etc/redhat-release ]; then
# RHEL9 will never have redhat-lsb-core, according to
#
# https://access.redhat.com/solutions/6960807
#
if ! [ "${REDHAT_VERSION}" = "9" ]; then
yum -y install redhat-lsb-core
fi
fi
if [ "${REDHAT_VERSION}" = "30" ]; then
dnf -y install libxcrypt-compat
fi
}
setup_puppet() {
if [ -x /opt/puppetlabs/bin/puppet ]; then
true
else
if [ $REDHAT_RELEASE ]; then
if [ "$PUPPET_RELEASE_DOWNLOAD_URL" = "autodetect" ]; then
RELEASE_URL="https://yum.puppetlabs.com/puppet${PUPPET_VERSION}-release-${REDHAT_RELEASE}.noarch.rpm"
else
RELEASE_URL=$PUPPET_RELEASE_DOWNLOAD_URL
fi
rpm -hiv "${RELEASE_URL}" || (c=$?; echo "Failed to install ${RELEASE_URL}"; (exit $c))
yum -y install puppet-agent || (c=$?; echo "Failed to install puppet agent"; (exit $c))
if systemctl list-unit-files --type=service | grep firewalld; then
systemctl stop firewalld
systemctl disable firewalld
systemctl mask firewalld
fi
else
if [ $UBUNTU_VERSION ]; then
if [ "$PUPPET_RELEASE_DOWNLOAD_URL" = "autodetect" ]; then
APT_URL="https://apt.puppetlabs.com/puppet${PUPPET_VERSION}-release-${UBUNTU_VERSION}.deb"
else
APT_URL=$PUPPET_RELEASE_DOWNLOAD_URL
fi
fi
if [ $DEBIAN_VERSION ]; then
if [ "$PUPPET_RELEASE_DOWNLOAD_URL" = "autodetect" ]; then
APT_URL="https://apt.puppetlabs.com/puppet${PUPPET_VERSION}-release-${DEBIAN_VERSION}.deb"
else
APT_URL=$PUPPET_RELEASE_DOWNLOAD_URL
fi
fi
# https://serverfault.com/questions/500764/dpkg-reconfigure-unable-to-re-open-stdin-no-file-or-directory
export DEBIAN_FRONTEND=noninteractive
FILE="$(mktemp -d)/puppet-release.db"
wget "${APT_URL}" -qO $FILE || (c=$?; echo "Failed to retrieve ${APT_URL}"; (exit $c))
# The apt-daily and apt-daily-upgrade services have a nasty habit of
# launching immediately on boot. This prevents the installer from updating
# the package caches itself, which causes some packages to be missing and
# subsequently causing puppetmaster-installer to fail. So, wait for those
# two services to run before attempting to run the installer. There are
# ways to use systemd-run to accomplish this rather nicely:
#
# https://unix.stackexchange.com/questions/315502/how-to-disable-apt-daily-service-on-ubuntu-cloud-vm-image
#
# However, that approach fails on Ubuntu 16.04 (and earlier) as well as
# Debian 9, so it is not practical. This approach uses a simple polling
# method and built-in tools.
APT_READY=no
while [ "$APT_READY" = "no" ]; do
# This checks three things to prevent package installation failures, in this order:
#
# 1) Is "apt-get update" running?
# 2) Is "apt-get install" running?
# 3) Is "dpkg" running?
#
# The "apt-get install" commands locks dpkg as well, but the last check ensures that dpkg running outside of apt does not cause havoc.
#
# FIXME: this fails in Azure because package "psmisc" that
# provides "fuser" is not installed. However, we can't really
# install it here because of a chicken-and-egg problem.
fuser -s /var/lib/apt/lists/lock || fuser -s /var/cache/apt/archives/lock || fuser -s /var/lib/dpkg/lock || APT_READY=yes
sleep 1
done
dpkg --install $FILE; rm $FILE; apt-get update || (c=$?; echo "Failed to install from ${FILE}"; (exit $c))
apt-get -y install puppet-agent || (c=$?; echo "Failed to install puppet agent"; (exit $c))
fi
fi
}
set_puppet_agent_environment() {
puppet config set --section agent environment $1
}
run_puppet_agent() {
systemctl enable puppet
systemctl start puppet
}
if [ "${HOST_NAME}" != "false" ]; then
set_hostname $HOST_NAME
fi
detect_osfamily
force_ipv6
install_dependencies
setup_puppet
set_puppet_agent_environment $PUPPET_ENV
if [ "${START_AGENT}" = "true" ]; then
run_puppet_agent
fi