Compare commits
10 Commits
03a66e8247
...
803b4b0218
| Author | SHA1 | Date | |
|---|---|---|---|
| 803b4b0218 | |||
| f529604d1f | |||
| 1306c5488f | |||
| 8d36a0c224 | |||
| 9d860c5abe | |||
| 5a9487514d | |||
| 8db60c0ec1 | |||
| fa9001d850 | |||
| 1f542301e3 | |||
| d91896288f |
105
Jenkinsfile
vendored
105
Jenkinsfile
vendored
@@ -1,105 +0,0 @@
|
||||
pipeline {
|
||||
agent {
|
||||
label 'puppet'
|
||||
}
|
||||
|
||||
post {
|
||||
always {
|
||||
deleteDir() /* clean up our workspace */
|
||||
}
|
||||
success {
|
||||
updateGitlabCommitStatus state: 'success'
|
||||
}
|
||||
failure {
|
||||
updateGitlabCommitStatus state: 'failed'
|
||||
step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'support@confdroid.com', sendToIndividuals: true])
|
||||
}
|
||||
}
|
||||
|
||||
options {
|
||||
gitLabConnection('gitlab.confdroid.com')
|
||||
}
|
||||
|
||||
stages {
|
||||
|
||||
stage('pull master') {
|
||||
steps {
|
||||
sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) {
|
||||
sh '''
|
||||
git config user.name "Jenkins Server"
|
||||
git config user.email jenkins@confdroid.com
|
||||
# Ensure we're on the development branch (triggered by push)
|
||||
git checkout development
|
||||
# Create jenkins branch from development
|
||||
git checkout -b jenkins-build-$BUILD_NUMBER
|
||||
# Optionally merge master into jenkins to ensure compatibility
|
||||
git merge origin/master --no-ff || { echo "Merge conflict detected"; exit 1; }
|
||||
'''
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
stage('SonarScan') {
|
||||
steps {
|
||||
withCredentials([string(credentialsId: 'sonar-token-12ww1160', variable: 'SONAR_TOKEN')]) {
|
||||
sh '''
|
||||
/opt/sonar-scanner/bin/sonar-scanner \
|
||||
-Dsonar.projectKey=puppet_collection \
|
||||
-Dsonar.sources=. \
|
||||
-Dsonar.host.url=https://sonarqube.confdroid.com \
|
||||
-Dsonar.token=$SONAR_TOKEN
|
||||
'''
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
stage('update repo') {
|
||||
steps {
|
||||
sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) {
|
||||
sh '''
|
||||
git config user.name "Jenkins Server"
|
||||
git config user.email jenkins@confdroid.com
|
||||
git add -A && git commit -am "Recommit for updates in build $BUILD_NUMBER" || echo "No changes to commit"
|
||||
git push origin HEAD:master
|
||||
'''
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
stage('Mirror to Gitea') {
|
||||
steps {
|
||||
withCredentials([usernamePassword(
|
||||
credentialsId: 'Jenkins-gitea',
|
||||
usernameVariable: 'GITEA_USER',
|
||||
passwordVariable: 'GITEA_TOKEN')]) {
|
||||
script {
|
||||
// Checkout from GitLab (already done implicitly)
|
||||
sh '''
|
||||
git checkout master
|
||||
git pull origin master
|
||||
git branch -D development
|
||||
git branch -D jenkins-build-$BUILD_NUMBER
|
||||
git rm -f Jenkinsfile
|
||||
git rm -r --cached .vscode || echo "No .vscode to remove from git"
|
||||
git commit --amend --no-edit --allow-empty
|
||||
git remote add master https://sourcecode.confdroid.com/confdroid/puppet_collection.git
|
||||
git -c credential.helper="!f() { echo username=${GITEA_USER}; echo password=${GITEA_TOKEN}; }; f" \
|
||||
push master --mirror
|
||||
'''
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
stage('Mirror to Github') {
|
||||
steps {
|
||||
sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) {
|
||||
sh '''
|
||||
git remote set-url --push master git@github.com:grizzlycoda/puppet_collection.git
|
||||
git push master --mirror
|
||||
'''
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
81
README.md
81
README.md
@@ -2,14 +2,21 @@
|
||||
|
||||
[](https://jenkins.confdroid.com/job/puppet_collection/)
|
||||
[](https://sonarqube.confdroid.com/dashboard?id=puppet_collection)
|
||||
[](https://deepwiki.com/grizzlycoda/puppet_collection)
|
||||
|
||||
- [Readme](#readme)
|
||||
- [Summary](#summary)
|
||||
- [Overview](#overview)
|
||||
- [--confdroid\_puppet--](#--confdroid_puppet--)
|
||||
- [confdroid\_puppet](#confdroid_puppet)
|
||||
- [confdroid\_prometheus](#confdroid_prometheus)
|
||||
- [confdroid\_postgresql](#confdroid_postgresql)
|
||||
- [confdroid\_apache](#confdroid_apache)
|
||||
- [confdroid\_gitea](#confdroid_gitea)
|
||||
- [confdroid\_php](#confdroid_php)
|
||||
- [confdroid\_nrpe](#confdroid_nrpe)
|
||||
- [confdroid\_nagios](#confdroid_nagios)
|
||||
- [confdroid\_fail2ban](#confdroid_fail2ban)
|
||||
- [control repo template](#control-repo-template)
|
||||
- [FAQ](#faq)
|
||||
|
||||
## Summary
|
||||
@@ -26,7 +33,7 @@ The modules themselves are free to use as per license, you might need to adjust
|
||||
|
||||
## Overview
|
||||
|
||||
### [--confdroid_puppet--](https://sourcecode.confdroid.com/confdroid/confdroid_puppet)
|
||||
### [confdroid_puppet](https://3for.me/fcjai)
|
||||
|
||||
A Puppet module to configure a puppet environment:
|
||||
|
||||
@@ -38,7 +45,7 @@ A Puppet module to configure a puppet environment:
|
||||
- r10k deployment service
|
||||
- webhook listener to trigger r10k
|
||||
|
||||
### [confdroid_prometheus](https://sourcecode.confdroid.com/confdroid/confdroid_prometheus)
|
||||
### [confdroid_prometheus](httpshttps://3for.me/vl9de)
|
||||
|
||||
Configures Prometheus, a Time Series Collection and Processing server
|
||||
|
||||
@@ -47,7 +54,7 @@ Configures Prometheus, a Time Series Collection and Processing server
|
||||
- optionally adds remote writing to a Postgresql database via postgresql Adapter ( not part of this module)
|
||||
- Optionally allows pruning of the local TSDB
|
||||
|
||||
### [confdroid_postgresql](https://sourcecode.confdroid.com/confdroid/confdroid_postgresql)
|
||||
### [confdroid_postgresql](https://3for.me/oja4z)
|
||||
|
||||
Automate installation, configuration and management of all aspects of PostgreSQL(standalone)
|
||||
|
||||
@@ -58,15 +65,77 @@ Automate installation, configuration and management of all aspects of PostgreSQL
|
||||
- install and manage pg_bouncer (set `pl_use_pg_bouncer` to true)
|
||||
- enable SL / TLS manage TLS certificates (set `pl_ssl_enabled` to true and populate content externally through variables)
|
||||
|
||||
### [confdroid_apache](https://sourcecode.confdroid.com/confdroid/confdroid_apache)
|
||||
### [confdroid_apache](https://3for.me/kdo6j)
|
||||
|
||||
Install and configure a standalone empty Apache (httpd) server. The module is mainly to be used by other modules to add websites or services on top, i.e. Nagios, Wordpress etd.
|
||||
Install and configure a standalone empty Apache (httpd) server. The module is mainly to be used by other modules to add websites or services on top, i.e. Nagios, Wordpress etd.
|
||||
|
||||
- install the packages
|
||||
- manage main files and directories
|
||||
- ensure the service is up and running
|
||||
- open the firewall
|
||||
|
||||
### [confdroid_gitea](https://3for.me/s0tka)
|
||||
|
||||
Install and configure a gitea standalone instance from non-packaged binaries.
|
||||
|
||||
- install binary
|
||||
- manage main files and directories
|
||||
- manage service file and status
|
||||
- manage the firewall port
|
||||
|
||||
### [confdroid_php](https://3for.me/b5doc)
|
||||
|
||||
Install and configure PHP to allow multiple applications with different settings to run in parallel. Custom php.ini settings should be configured with the application in question.
|
||||
|
||||
- install php
|
||||
- manage required directories including selinux contexts and permissions
|
||||
- manage required files including selinux contexts and permissions
|
||||
|
||||
### [confdroid_nrpe](https://3for.me/77w07)
|
||||
|
||||
Install NRPE as client for Nagios to query the status of hosts and their services.
|
||||
|
||||
- manage NRPE service user properties
|
||||
- manage directory structure (file system permissions, selinux context) through parameters
|
||||
- manage configuration files through parameters:
|
||||
- nrpe.conf
|
||||
- nrpe.cfg
|
||||
- manage sudo role for nagios user on NRPE clients
|
||||
- manage dynamic NRPE check command definitions
|
||||
- manage iptables (optional)
|
||||
- manage selinux rule exceptions (optional)
|
||||
- manage NRPE service
|
||||
|
||||
### [confdroid_nagios](https://3for.me/bh1d2)
|
||||
|
||||
Install, configure and fully populate Nagios via Exports in PuppetDB
|
||||
|
||||
- manage configuration files through parameters:
|
||||
- nagios.cfg
|
||||
- cfi.cfg
|
||||
- manage iptables (optional)
|
||||
- manage service
|
||||
- export client targets (hosts, services)
|
||||
- import resources in nagios (hosts, services, commands, contacts etc.)
|
||||
|
||||
### [confdroid_fail2ban](https://3for.me/fqqjy)
|
||||
|
||||
Install, configure and manage fail2ban to protect hosts and services against brute force attacks.
|
||||
|
||||
- manage directory structure (file system permissions, selinux context)
|
||||
- manage configuration files (file system permissions, selinux context, content based on parameters)
|
||||
- fail2ban.conf
|
||||
- fail2ban.local (overrides default settings in fail2ban.conf)
|
||||
- jail.conf
|
||||
- jail.local (overrides default settings in jail.conf)
|
||||
- manage service status
|
||||
|
||||
### [control repo template](https://3for.me/nq00s)
|
||||
|
||||
A template for starting a r10k control repo in a new puppet infrastructure
|
||||
|
||||
---
|
||||
|
||||
## FAQ
|
||||
|
||||
- Q: "Why are the names of the modules using underscore instead of hyphens?"
|
||||
|
||||
Reference in New Issue
Block a user