From 68b796e24f80726213a3af278b782e5b04863f9d Mon Sep 17 00:00:00 2001 From: John Van de Meulebrouck Brendgard Date: Sat, 27 Aug 2016 16:06:11 +0200 Subject: [PATCH 1/6] Updated documentation --- docs/cosmos-puppet-ops.mkd | 36 ++++++++++++++++++++++++------------ 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/docs/cosmos-puppet-ops.mkd b/docs/cosmos-puppet-ops.mkd index 46ceb50..5bd119c 100644 --- a/docs/cosmos-puppet-ops.mkd +++ b/docs/cosmos-puppet-ops.mkd @@ -1,5 +1,5 @@ % System Operations using Cosmos & Puppet -% Leif Johansson / SUNET / 2013 / v0.0.3 +% Leif Johansson / SUNET / 2013 / v0.0.4 Introduction @@ -152,7 +152,7 @@ system state using a set of idempotent operations. In theory, anything that can using puppet can be done using cosmos post-processors but puppet allows for greater abstraction which greatly increases readability. -The combination of puppet and cosmos is maintained on github in the 'leifj/multiverse' +The combination of puppet and cosmos is maintained on github in the 'SUNET/multiverse' project. The Cosmos Puppet Module @@ -160,7 +160,7 @@ The Cosmos Puppet Module Although not necessary, a few nice-to-have utilities in the form of puppet modules have been collected as the cosmos puppet module (for want of a better name). The source for -this module is at http://github.com/leifj/puppet-cosmos and it is included (but commented +this module is at https://github.com/SUNET/puppet-cosmos and it is included (but commented out) in the cosmos-modules.conf file (cf below) for easy inclusion. @@ -186,11 +186,11 @@ multiverse. Fabric provides the 'fab' command which will be introduced later on. These two tools (git & fabric) are only needed on mashines where system operators work. -Next clone git://github.com/leifj/multiverse.git - this will form the basis of your cosmos+puppet +Next clone git@github.com:SUNET/multiverse.git - this will form the basis of your cosmos+puppet repository: ``` -# git clone git://github.com/leifj/multiverse.git myproj-cosmos +# git clone git@github.com:SUNET/multiverse.git myproj-cosmos # cd myproj-cosmos ``` @@ -207,12 +207,19 @@ as 'ro'. The read-only remote is used by multiverse scripts during host bootstra ``` # git remote add origin git@yourhost:myproj-cosmos.git -# git remote add ro git://yourhost/myproj-cosmos.git +# git remote add ro https://yourhost/myproj-cosmos.git ``` Now edit .git/config and rename the 'master' branch to use the new 'origin' remote or -you'll try to push to the multiverse remote! Finally create a branch for the 'multiverse' -upstream so you can merge changes to multiverse: +you'll try to push to the multiverse remote! + +``` +[branch "master"] + remote = origin + merge = refs/heads/master +``` + +Finally create a branch for the 'multiverse' upstream so you can merge changes to multiverse: ``` # git checkout -b multiverse --track multiverse/master @@ -238,6 +245,10 @@ At this point you should create and sign your first tag: # ./bump-tag ``` +If Git complains during the first run of bump-tag that "Your configuration specifies to +merge with the ref 'master' from the remote, but no such ref was fetched." then you +have run 'git push' to initialize the connection with the remote repository. + Make sure that you are using the key whose public key you just added to the repository! You can now start adding hosts. @@ -330,14 +341,14 @@ with 3 columns: # concat puppetlabs/concat no stdlib puppetlabs/stdlib no -cosmos git://github.com/leifj/puppet-cosmos.git yes -ufw git://github.com/fredrikt/puppet-module-ufw.git yes +cosmos git@github.com:SUNET/puppet-cosmos.git yes +ufw git://github.com/SUNET/puppet-module-ufw.git yes apt puppetlabs/apt no vcsrepo puppetlabs/vcsrepo no xinetd puppetlabs/xinetd no #golang elithrar/golang yes -python git://github.com/fredrikt/puppet-python.git yes -hiera-gpg git://github.com/fredrikt/hiera-gpg.git no +python git://github.com/SUNET/puppet-python.git yes +hiera-gpg git://github.com/SUNET/hiera-gpg.git no ``` This is an example file - the first field is the name of the module, the second is @@ -448,3 +459,4 @@ On all hosts: ``` # fab -- reboot # danger Will Robinsson! ``` + From b10c250c8eb161d5446f65f5169548d1802750ff Mon Sep 17 00:00:00 2001 From: John Van de Meulebrouck Brendgard Date: Sat, 27 Aug 2016 16:22:16 +0200 Subject: [PATCH 2/6] Removed obsolete references to git:// and changed remotes to https:// MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit "The downside of the Git protocol is the lack of authentication. It’s generally undesirable for the Git protocol to be the only access to your project." Source: https://git-scm.com/book/tr/v2/Git-on-the-Server-The-Protocols --- docs/cosmos-puppet-ops.mkd | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/cosmos-puppet-ops.mkd b/docs/cosmos-puppet-ops.mkd index 5bd119c..3c7bfcd 100644 --- a/docs/cosmos-puppet-ops.mkd +++ b/docs/cosmos-puppet-ops.mkd @@ -226,9 +226,9 @@ Finally create a branch for the 'multiverse' upstream so you can merge changes t ``` Note that you can maintain your repo on just about any git hosting platform, including -github, gitorius or your own local setup as long as it supports read-only "git://" access -to your repository. It is important that the remotes called 'origin' and 'ro' refer to -your repository and not to anything else (like a private version of multiverse). +github, gitorius or your own local setup as long as it supports read-only access to your +repository. It is important that the remotes called 'origin' and 'ro' refer to your +repository and not to anything else (like a private version of multiverse). Now add at least one key to 'global/overlay/etc/cosmos/keys/' in a file with a .pub extension (eg 'operator.pub') - the name of the file doesn't matter other than the extension. @@ -341,14 +341,14 @@ with 3 columns: # concat puppetlabs/concat no stdlib puppetlabs/stdlib no -cosmos git@github.com:SUNET/puppet-cosmos.git yes -ufw git://github.com/SUNET/puppet-module-ufw.git yes +cosmos https://github.com/SUNET/puppet-cosmos.git yes +ufw https://github.com/SUNET/puppet-module-ufw.git yes apt puppetlabs/apt no vcsrepo puppetlabs/vcsrepo no xinetd puppetlabs/xinetd no #golang elithrar/golang yes -python git://github.com/SUNET/puppet-python.git yes -hiera-gpg git://github.com/SUNET/hiera-gpg.git no +python https://github.com/SUNET/puppet-python.git yes +hiera-gpg https://github.com/SUNET/hiera-gpg.git no ``` This is an example file - the first field is the name of the module, the second is From f939c526e656c21e60727658c1c7e3cea5bcd1cb Mon Sep 17 00:00:00 2001 From: John Van de Meulebrouck Brendgard Date: Sat, 27 Aug 2016 17:05:11 +0200 Subject: [PATCH 3/6] Changed tag from eduid-cosmos to the more generic cosmos-ops --- cosmos.conf | 2 +- global/overlay/usr/local/sbin/cosmos_vm | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cosmos.conf b/cosmos.conf index 32f286a..46ef448 100644 --- a/cosmos.conf +++ b/cosmos.conf @@ -1,2 +1,2 @@ -tag="eduid-cosmos" +tag="cosmos-ops" #repo=git://override-repo-URL diff --git a/global/overlay/usr/local/sbin/cosmos_vm b/global/overlay/usr/local/sbin/cosmos_vm index bf27576..498ef43 100755 --- a/global/overlay/usr/local/sbin/cosmos_vm +++ b/global/overlay/usr/local/sbin/cosmos_vm @@ -9,8 +9,8 @@ hostname="default" bridge="br0" cpus="1" mem="1024" -repo="git://code.mnt.se/mnt-cosmos.git" -tag="eduid-cosmos" +repo="https://yourhost/myproj-cosmos.git" +tag="cosmos-ops" ip="" gateway="" netmask="" From b2afd3482ed899e8483226b136c9b28c7d486c36 Mon Sep 17 00:00:00 2001 From: John Van de Meulebrouck Brendgard Date: Sat, 27 Aug 2016 17:05:55 +0200 Subject: [PATCH 4/6] Changed cosmos-modules.conf to reflect the changes in doc --- global/overlay/etc/puppet/cosmos-modules.conf | 42 +++++++++---------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/global/overlay/etc/puppet/cosmos-modules.conf b/global/overlay/etc/puppet/cosmos-modules.conf index e1ef0e5..991a570 100644 --- a/global/overlay/etc/puppet/cosmos-modules.conf +++ b/global/overlay/etc/puppet/cosmos-modules.conf @@ -5,14 +5,14 @@ # in the Cosmos trust list. That is why all the URLs point to forked # versions in the SUNET github organization. # -concat git://github.com/SUNET/puppetlabs-concat.git yes sunet-* -stdlib git://github.com/SUNET/puppetlabs-stdlib.git yes sunet-* -cosmos git://github.com/SUNET/puppet-cosmos.git yes sunet-* -ufw git://github.com/SUNET/puppet-module-ufw.git yes sunet_dev-* -apt git://github.com/SUNET/puppetlabs-apt.git yes sunet_dev-* -vcsrepo git://github.com/SUNET/puppetlabs-vcsrepo.git yes sunet-* -xinetd git://github.com/SUNET/puppetlabs-xinetd.git yes sunet-* -hiera-gpg git://github.com/SUNET/hiera-gpg.git yes sunet-* +concat https://github.com/SUNET/puppetlabs-concat.git yes sunet-* +stdlib https://github.com/SUNET/puppetlabs-stdlib.git yes sunet-* +cosmos https://github.com/SUNET/puppet-cosmos.git yes sunet-* +ufw https://github.com/SUNET/puppet-module-ufw.git yes sunet_dev-* +apt https://github.com/SUNET/puppetlabs-apt.git yes sunet_dev-* +vcsrepo https://github.com/SUNET/puppetlabs-vcsrepo.git yes sunet-* +xinetd https://github.com/SUNET/puppetlabs-xinetd.git yes sunet-* +hiera-gpg https://github.com/SUNET/hiera-gpg.git yes sunet-* # # Alternate sources you might or might not want to use: #concat puppetlabs/concat no @@ -21,16 +21,16 @@ hiera-gpg git://github.com/SUNET/hiera-gpg.git yes sunet-* #apt puppetlabs/apt no #vcsrepo puppetlabs/vcsrepo no #xinetd puppetlabs/xinetd no -#cosmos git://github.com/leifj/puppet-cosmos.git yes -#python git://github.com/SUNET/puppet-python.git yes sunet-* -#erlang git://github.com/SUNET/garethr-erlang.git yes sunet-* -#rabbitmq git://github.com/SUNET/puppetlabs-rabbitmq.git yes sunet_dev-* -#pound git://github.com/SUNET/puppet-pound.git yes sunet_dev-* -#augeas git://github.com/SUNET/puppet-augeas.git yes sunet-* -#bastion git://github.com/SUNET/puppet-bastion.git yes sunet-* -#postgresql git://github.com/SUNET/puppetlabs-postgresql.git yes sunet_dev-* -#munin git://github.com/SUNET/ssm-munin.git yes sunet-* -#nagios git://github.com/SUNET/puppet-nagios.git yes sunet-* -#staging git://github.com/SUNET/puppet-staging.git yes sunet-* -#apparmor git://github.com/SUNET/puppet-apparmor.git yes sunet-* -#docker git://github.com/SUNET/garethr-docker.git yes sunet_dev-* +#cosmos https://github.com/SUNET/puppet-cosmos.git yes +#python https://github.com/SUNET/puppet-python.git yes sunet-* +#erlang https://github.com/SUNET/garethr-erlang.git yes sunet-* +#rabbitmq https://github.com/SUNET/puppetlabs-rabbitmq.git yes sunet_dev-* +#pound https://github.com/SUNET/puppet-pound.git yes sunet_dev-* +#augeas https://github.com/SUNET/puppet-augeas.git yes sunet-* +#bastion https://github.com/SUNET/puppet-bastion.git yes sunet-* +#postgresql https://github.com/SUNET/puppetlabs-postgresql.git yes sunet_dev-* +#munin https://github.com/SUNET/ssm-munin.git yes sunet-* +#nagios https://github.com/SUNET/puppet-nagios.git yes sunet-* +#staging https://github.com/SUNET/puppet-staging.git yes sunet-* +#apparmor https://github.com/SUNET/puppet-apparmor.git yes sunet-* +#docker https://github.com/SUNET/garethr-docker.git yes sunet_dev-* From b9ec2c8f69f6d263053ae15f0111e329970996e9 Mon Sep 17 00:00:00 2001 From: John Van de Meulebrouck Brendgard Date: Sat, 27 Aug 2016 17:53:18 +0200 Subject: [PATCH 5/6] Various improvements made to bump-tag at SUNET --- bump-tag | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/bump-tag b/bump-tag index b163569..0bfe7be 100755 --- a/bump-tag +++ b/bump-tag @@ -4,16 +4,23 @@ set -e test -f cosmos.conf && . ./cosmos.conf +echo "Fetching any updates from server:" git pull +echo "" deftag=`basename $PWD` tagpfx=${tag:="$deftag"} last_tag=`git tag -l "${tagpfx}-*"|sort|tail -1` -git tag -v $last_tag +echo "Verifying last tag $last_tag:" +(git tag -v $last_tag | grep ^gpg:) || true +# again to not mask exit status of git with grep +git tag -v $last_tag > /dev/null 2>&1 +echo "" -PAGER=cat git diff $last_tag..master +echo "Differences between tag $last_tag and what you are about to sign:" +PAGER=cat git diff --color $last_tag..master iter=1 ok= @@ -29,8 +36,13 @@ while test -z "$ok"; do esac done -echo using new tag $this_tag -echo ONLY SIGN IF YOU APPROVE OF VERIFICATION AND DIFF ABOVE +if [ "$deftag" != "$tagpfx" ]; then + echo -e "Using new tag \e[94m$this_tag\e[0m according to pattern in cosmos.conf" +else + echo "Using new tag \e[94m$this_tag\e[0m" +fi + +echo -e "\e[1mONLY SIGN IF YOU APPROVE OF VERIFICATION AND DIFF ABOVE\e[0m" # GITTAGEXTRA is for putting things like "-u 2117364A" From 55da5cd7eaa5bd20ba98411bacbf6d89ba9d1feb Mon Sep 17 00:00:00 2001 From: John Van de Meulebrouck Brendgard Date: Sun, 28 Aug 2016 17:12:10 +0200 Subject: [PATCH 6/6] Included ft improvement to able to specify tag for bump-tag Also changed from #!/bin/sh -> #!/bin/bash since echo -e is not supported in sh --- bump-tag | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/bump-tag b/bump-tag index 0bfe7be..440809b 100755 --- a/bump-tag +++ b/bump-tag @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash set -e @@ -8,7 +8,11 @@ echo "Fetching any updates from server:" git pull echo "" -deftag=`basename $PWD` +if [ "x$1" = "x" ]; then + deftag=`basename $PWD` +else + deftag="$1" +fi tagpfx=${tag:="$deftag"} last_tag=`git tag -l "${tagpfx}-*"|sort|tail -1` @@ -39,7 +43,7 @@ done if [ "$deftag" != "$tagpfx" ]; then echo -e "Using new tag \e[94m$this_tag\e[0m according to pattern in cosmos.conf" else - echo "Using new tag \e[94m$this_tag\e[0m" + echo -e "Using new tag \e[94m$this_tag\e[0m" fi echo -e "\e[1mONLY SIGN IF YOU APPROVE OF VERIFICATION AND DIFF ABOVE\e[0m"