Skip to content

Commit

Permalink
Update docuemntation (#74)
Browse files Browse the repository at this point in the history 
add puppet code examples
  • Loading branch information
@tuxmea
tuxmea authored Jul 28, 2022
1 parent 548f772 commit 80aba81
Show file tree
Hide file tree
Showing 2 changed files with 203 additions and 8 deletions.
195 changes: 195 additions & 0 deletions PUPPET.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,195 @@
# Profile for HDM installation

## Requirements:
- puppetlabs-docker Module
- must be added to a node where Puppet code gets deployed
- must have access to Puppet DB

## HDM on Puppet server

### Puppet profile

```puppet
class profile::puppet::hdm () {
# Ensure Docker is installed
include docker
# generate directories and files
$directories = [
'/etc/hdm',
'/etc/hdm/db',
]
$dbs = [
'/etc/hdm/db/development.sqlite3',
'/etc/hdm/db/production.sqlite3',
]
file { $directories:
ensure => directory,
}
file { '/etc/hdm/hdm.yml':
ensure => file,
source => 'puppet:///modules/profile/hdm/hdm.yml',
}
file { '/etc/hdm/database.yml':
ensure => file,
source => 'puppet:///modules/profile/hdm/database.yml',
}
file { $dbs:
ensure => file,
}
# get and run the image
docker::image { 'ghcr.io/betadots/hdm':
image_tag => 'main',
}
docker::run { 'hdm':
image => 'ghcr.io/betadots/hdm:main',
env => [
'TZ=Europe/Berlin',
"RAILS_DEVELOPMENT_HOSTS=puppet.${trusted['extensions']['pp_network']}",
],
volumes => [
'/etc/hdm/:/etc/hdm',
'/etc/puppetlabs/code:/etc/puppetlabs/code:ro',
'/etc/hdm/hdm.yml:/hdm/config/hdm.yml:ro',
'/etc/hdm/database.yml:/hdm/config/database.yml:ro',
],
hostname => "puppet.${trusted['extensions']['pp_network']}",
ports => ['3000'],
net => 'host',
}
}
```
### HDM Database config

```yaml
---
default: &default
adapter: sqlite3
pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
timeout: 5000

development:
<<: *default
database: /etc/hdm/db/development.sqlite3

test:
<<: *default
database: /etc/hdm/db/test.sqlite3

production:
<<: *default
database: /etc/hdm/db/production.sqlite3
```
### HDM config
```yaml
---
development:
read_only: true
allow_encryption: false
puppet_db:
server: "http://localhost:8080"
config_dir: "/etc/puppetlabs/code"
```
## Deploying on a remote system (using PuppetDB SSL)
```puppet
class profile::puppet::hdm () {
include docker
$directories = [
'/etc/hdm',
'/etc/hdm/certs',
'/etc/hdm/db',
]
file { $directories:
ensure => directory,
}
file { '/etc/hdm/hdm.yml':
ensure => file,
source => 'puppet:///modules/profile/hdm/hdm.yml',
}
file { '/etc/hdm/database.yml':
ensure => file,
source => 'puppet:///modules/profile/hdm/database.yml',
}
file { '/etc/hdm/certs/puppet.ca.pem':
ensure => file,
source => '/etc/puppetlabs/puppet/ssl/certs/ca.pem',
}
file { '/etc/hdm/certs/puppet.cert.pem':
ensure => file,
source => "/etc/puppetlabs/puppet/ssl/certs/puppet.${trusted['extensions']['pp_network']}.pem",
}
file { '/etc/hdm/certs/puppet.key.pem':
ensure => file,
source => "/etc/puppetlabs/puppet/ssl/private_keys/puppet.${trusted['extensions']['pp_network']}.pem",
}
$dbs = [
'/etc/hdm/db/development.sqlite3',
'/etc/hdm/db/production.sqlite3',
]
file { $dbs:
ensure => file,
}
docker::image { 'ghcr.io/betadots/hdm':
image_tag => 'main',
}

docker::run { 'hdm':
image => 'ghcr.io/betadots/hdm:main',
env => [
'TZ=Europe/Berlin',
"RAILS_DEVELOPMENT_HOSTS=puppet.${trusted['extensions']['pp_network']}",
],
volumes => [
'/etc/hdm/:/etc/hdm',
'/etc/puppetlabs/code:/etc/puppetlabs/code:ro',
'/etc/hdm/hdm.yml:/hdm/config/hdm.yml:ro',
'/etc/hdm/database.yml:/hdm/config/database.yml:ro',
],
hostname => "puppet.${trusted['extensions']['pp_network']}",
ports => ['3000'],
net => 'host',
}
}
```

### HDM Database config

```yaml
---
default: &default
adapter: sqlite3
pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
timeout: 5000

development:
<<: *default
database: /etc/hdm/db/development.sqlite3

test:
<<: *default
database: /etc/hdm/db/test.sqlite3

production:
<<: *default
database: /etc/hdm/db/production.sqlite3
```
### HDM config
```yaml
---
development:
read_only: true
allow_encryption: false
puppet_db:
server: "https://<puppetdb host>:8081" # Adopt to your PuppetDB FQDN
pem:
key: "/etc/hdm/certs/puppet.key.pem"
cert: "/etc/hdm/certs/puppet.cert.pem"
ca_file: "/etc/hdm/certs/puppet.ca.pem"
config_dir: "/etc/puppetlabs/code"
```
16 changes: 8 additions & 8 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,25 +1,25 @@
# HDM - Hiera Data Manager

Copyright 2022 betadots GmbH
Copyright 2021 example42 GmbH

This Rails application displays [Puppet](https://github.com/puppetlabs/puppet) Hiera data and offers a WebGUI to read/update/create that configuration.

You can find screenshots in the [screenshots](screenshots) directory.

## Usermanagement

A fresh installation needs an admin which has to be created first with the WebGUI. That admin can not read the Puppet configuration. He/She can only create/delete new users. Normal users have the ability to read/change/delete the Puppet configuration.

## Manual installation

At the moment manual install is only tested on macOS, CentOS 7 and 8 Streams. But we highly recommend to use the Docker image!
At the moment manual installation is only tested on macOS, CentOS 7 and 8 Streams. But we highly recommend to use the Docker image!

See [MANUAL_INSTALL.md](MANUAL_INSTALL.md)

## Docker
## Automated Installation

Docker containers are made available. You can find more information in [DOCKER.md](DOCKER.md).
For automated installations we recommend using Puppet code. A working profile example can be found in [PUPPET.md](PUPPET.md)

## Usermanagement

See [DOCKER.md](DOCKER.md)
A fresh installation needs an admin which has to be created first with the WebGUI. That admin can not read the Puppet configuration. He/She can only create/delete new users. Normal users have the ability to read/change/delete the Puppet configuration data.

## Use git repositories instead of "live" yaml files

Expand Down

0 comments on commit 80aba81

Please sign in to comment.