Hi
Thanks for all the input.
What I have gathered
Start with GIT from the beginning. Okay I can do that
/etc/*puppetwhatever*/environments/{production|stage|etc}/ is good
Look at using / implementing r10k
Profiles / roles good.
No need to reinvent modules - wasn't actually planning on that.
>From the puppet user group meeting I got that it is good to (example ntp)
1) reuse forge ntp module
2) wrap it up with $job defaults
3) use the new ntp profile
Something i was looking at doing was managing the server firewall.
I was going to produce some sort of a template with places in it where
I can add dynamic content - depending on what apps where installed on
the server.
Example
profile - ABC Firewall
this would be basic
allow related,connected
allow ssh
<Placeholder for access from any where>
reject anything not from company ip address
<Placeholder for access from inside where>
drop broadcast
drop multicast
allow zabbix monitoring
log with limit
reject with limit
drop
so if I applied this profile to server A it would get the basic firewall.
The next step is if I had profile "app A"
if it had something like
rules to add to from anywhere
allow inbound port 80
allow inbound port 443
rules to add to only from local network
allow inbound port 8080
I would hope to get puppet to update the basic firewall with info from
app A and other profiles.
Is this possible ?
A
On 24 May 2016 at 11:22, Rob Nelson <rnels...@gmail.com> wrote:
> I wrote some articles on using Git with puppet and r10k. It's a little out
> of date in the referenced versions of puppet and r10k, so check to make sure
> you're using the modern file locations, but otherwise remains accurate.
> https://rnelson0.com/2014/05/19/puppet-and-git-201-r10k-setup-installation/
>
> There's a link to a Git 100 series I wrote if you need assistance with Git
> itself.
>
>
> On Monday, May 23, 2016, Alex Samad <a...@samad.com.au> wrote:
>>
>> Hi
>>
>> Is it really that painful to retro fit git. or is the way you think
>> about the DB that different ?
>>
>> Could you point a good starting point to read up on this ?
>>
>> Thanks
>> Alex
>>
>> On 24 May 2016 at 07:16, Christopher Wood <christopher_w...@pobox.com>
>> wrote:
>> > On Mon, May 23, 2016 at 03:51:58PM +1000, Alex Samad wrote:
>> >> How hard is it to retro fit SVN / GIT onto a puppet install.
>> >>
>> >> I am building from scratch, working through the doco.
>> >>
>> >> Was thinking once I have a friendly setup then I would look at putting
>> >> that into SVN/GIT.
>> >
>> > Do yourself a huge favour, use git as the tool you use to construct the
>> > setup. Use it from the start of the process, not just as what you put
>> > things
>> > into when you're done.
>> >
>> >> Thoughts are
>> >> install puppet
>> >> install puppetDB
>> >> install heira ??
>> >>
>> >> setup environments, currently thinking
>> >> Prod - all prod env
>> >> SIM - testing for prod
>> >> INF - inf
>> >> NON Prod - anything thats not above
>> >> dev - testing
>> >> alex - personal
>> >>
>> >> Then I was going to create a whole bundle of profiles break up into
>> >>
>> >> OS app
>> >> things like
>> >> smtp
>> >> ssh
>> >> http
>> >> etc
>> >>
>> >> have the default company setup
>> >>
>> >> Company Apps
>> >> things that cover company apps
>> >>
>> >>
>> >> Then build some roles - based solely from profiles.
>> >>
>> >> Then some how dynamically assign nodes to a roles / environment.
>> >>
>> >>
>> >> Sounds okay ??
>> >>
>> >> A
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> On 23 May 2016 at 10:47, Rilindo Foster <rili...@gmail.com> wrote:
>> >> > You can use any VCS with Puppet. I know of one shop that uses
>> >> > Mercurial.
>> >> >
>> >> > Most of the tooling and integration are closely coupled with git and
>> >> > most of the workflows assumes that you will be using git. So it would
>> >> > be a
>> >> > good idea to get up to speed with it.
>> >> >
>> >> > Of note that you can use git with svn (which may be helpful if you
>> >> > are getting started:
>> >> >
>> >> >
>> >> > https://git-scm.com/book/en/v1/Git-and-Other-Systems-Git-and-Subversion
>> >> >
>> >> > - Rilindo
>> >> >
>> >> > -----Original Message-----
>> >> > From: puppet-users@googlegroups.com
>> >> > [mailto:puppet-users@googlegroups.com] On Behalf Of Alex Samad
>> >> > Sent: Sunday, May 22, 2016 7:44 PM
>> >> > To: puppet-users@googlegroups.com
>> >> > Subject: Re: [Puppet Users] Puppet and SVN
>> >> >
>> >> > Ta
>> >> >
>> >> > I was at the last puppet (sydney ) users group. heard r10k mentioned
>> >> > a lot.
>> >> >
>> >> > Also I got the impression that git was more closely integrated with
>> >> > puppet.
>> >> >
>> >> > Should I be l looking at git ?
>> >> >
>> >> > A
>> >> >
>> >> >
>> >> > On 23 May 2016 at 10:40, Henrik Lindberg <henrik.lindb...@puppet.com>
>> >> > wrote:
>> >> >> On 22/05/16 12:41, Alex Samad wrote:
>> >> >>>
>> >> >>> Hi
>> >> >>>
>> >> >>> just starting out with puppet.
>> >> >>> I found
>> >> >>> this
>> >> >>>
>> >> >>> http://projects.puppetlabs.com/projects/1/wiki/Puppet_Version_Control
>> >> >>> old page
>> >> >>>
>> >> >>> talks about checking /etc/puppet into svn.
>> >> >>>
>> >> >>> But on my centos install I have /etc/puppetlabs/puppet
>> >> >>>
>> >> >>> do I add /etc/puppetlabs or /etc/puppetlabs/puppet to svn and if
>> >> >>> the
>> >> >>> later what about my codedir ?
>> >> >>>
>> >> >>
>> >> >> You probably want to use the project r10k to manage your
>> >> >> manifests/configurations that are stored in a source code control
>> >> >> repository.
>> >> >>
>> >> >> Here is the page that explains a bit about r10k and SVN:
>> >> >>
>> >> >> https://github.com/puppetlabs/r10k/blob/master/doc/dynamic-environment
>> >> >> s/svn-environments.mkd
>> >> >>
>> >> >> There is also lots of material available on r10k itsef that is easy
>> >> >> to
>> >> >> find if you google for it.
>> >> >>
>> >> >> Regards
>> >> >> - henrik
>> >> >>
>> >> >>> Thanks
>> >> >>>
>> >> >>> --
>> >> >>> You received this message because you are subscribed to the Google
>> >> >>> Groups "Puppet Users" group.
>> >> >>> To unsubscribe from this group and stop receiving emails from it,
>> >> >>> send an email to puppet-users+unsubscr...@googlegroups.com
>> >> >>> <mailto:puppet-users+unsubscr...@googlegroups.com>.
>> >> >>> To view this discussion on the web visit
>> >> >>>
>> >> >>>
>> >> >>> https://groups.google.com/d/msgid/puppet-users/ee63fdad-2d0f-4914-b9c
>> >> >>> a-0dbdb5044dc3%40googlegroups.com
>> >> >>>
>> >> >>>
>> >> >>> <https://groups.google.com/d/msgid/puppet-users/ee63fdad-2d0f-4914-b9ca-0dbdb5044dc3%40googlegroups.com?utm_medium=email&utm_source=footer>.
>> >> >>> For more options, visit https://groups.google.com/d/optout.
>> >> >>
>> >> >>
>> >> >>
>> >> >> --
>> >> >>
>> >> >> Visit my Blog "Puppet on the Edge"
>> >> >> http://puppet-on-the-edge.blogspot.se/
>> >> >>
>> >> >> --
>> >> >> You received this message because you are subscribed to a topic in
>> >> >> the
>> >> >> Google Groups "Puppet Users" group.
>> >> >> To unsubscribe from this topic, visit
>> >> >>
>> >> >> https://groups.google.com/d/topic/puppet-users/Q0ke0NzMRjY/unsubscribe.
>> >> >> To unsubscribe from this group and all its topics, send an email to
>> >> >> puppet-users+unsubscr...@googlegroups.com.
>> >> >> To view this discussion on the web visit
>> >> >>
>> >> >> https://groups.google.com/d/msgid/puppet-users/ac7d5df1-1798-e7d2-0215-b05166dc7b71%40puppet.com.
>> >> >>
>> >> >> For more options, visit https://groups.google.com/d/optout.
>> >> >
>> >> > --
>> >> > You received this message because you are subscribed to the Google
>> >> > Groups "Puppet Users" group.
>> >> > To unsubscribe from this group and stop receiving emails from it,
>> >> > send an email to puppet-users+unsubscr...@googlegroups.com.
>> >> > To view this discussion on the web visit
>> >> > https://groups.google.com/d/msgid/puppet-users/CAJ%2BQ1PVrqBsaznadB9z9wTAS6s%3DdEHMZZpwNAqtCtYES7OMCyg%40mail.gmail.com.
>> >> > For more options, visit https://groups.google.com/d/optout.
>> >> >
>> >> > --
>> >> > You received this message because you are subscribed to a topic in
>> >> > the Google Groups "Puppet Users" group.
>> >> > To unsubscribe from this topic, visit
>> >> > https://groups.google.com/d/topic/puppet-users/Q0ke0NzMRjY/unsubscribe.
>> >> > To unsubscribe from this group and all its topics, send an email to
>> >> > puppet-users+unsubscr...@googlegroups.com.
>> >> > To view this discussion on the web visit
>> >> > https://groups.google.com/d/msgid/puppet-users/00ed01d1b48c%24c1c09560%244541c020%24%40gmail.com.
>> >> > For more options, visit https://groups.google.com/d/optout.
>> >>
>> >> --
>> >> You received this message because you are subscribed to the Google
>> >> Groups "Puppet Users" group.
>> >> To unsubscribe from this group and stop receiving emails from it, send
>> >> an email to puppet-users+unsubscr...@googlegroups.com.
>> >> To view this discussion on the web visit
>> >> https://groups.google.com/d/msgid/puppet-users/CAJ%2BQ1PV7FEU9tahp-5hSRqRLH4FXSD4o%3DkhejmjJ%3DoKr9%3DU_1g%40mail.gmail.com.
>> >> For more options, visit https://groups.google.com/d/optout.
>> >
>> > --
>> > You received this message because you are subscribed to a topic in the
>> > Google Groups "Puppet Users" group.
>> > To unsubscribe from this topic, visit
>> > https://groups.google.com/d/topic/puppet-users/Q0ke0NzMRjY/unsubscribe.
>> > To unsubscribe from this group and all its topics, send an email to
>> > puppet-users+unsubscr...@googlegroups.com.
>> > To view this discussion on the web visit
>> > https://groups.google.com/d/msgid/puppet-users/20160523211657.GA6621%40iniquitous.heresiarch.ca.
>> > For more options, visit https://groups.google.com/d/optout.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/CAJ%2BQ1PV3%2BTWUZMTvJFE_wBPM9m6eJsdLqSZKj0ZxxMFmqZgNWQ%40mail.gmail.com.
>> For more options, visit https://groups.google.com/d/optout.
>
>
>
> --
>
> Rob Nelson
> rnels...@gmail.com
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Puppet Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/puppet-users/Q0ke0NzMRjY/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAC76iT-TgCx0KbgavCwjXO8Z-J6xpsCBVn5ntueWRUw3wjpWrw%40mail.gmail.com.
>
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAJ%2BQ1PX9q%2BntHsAXaqWM%2BrXNxJJycdauMhJXDLOpkZ390O75WA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
