initial commit

Vagrantfile

@@ -0,0 +1,74 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
+VAGRANTFILE_API_VERSION = "2"
+
+
+Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
+
+  # PuppetMaster
+  config.vm.define "puppetca", primary: true do |puppet|
+    #puppet.vm.box = "puppetmaster"
+    puppet.vm.box = "centos/7"
+    puppet.vm.hostname = "puppet.example.com"
+    puppet.vm.network :forwarded_port, guest: 8140, host: 8140, id: "puppet"
+    puppet.vm.network :private_network, ip: "192.168.50.100"
+    puppet.vm.network :forwarded_port, guest: 22, host: 2222, id: "ssh"
+    puppet.vm.provider "virtualbox" do |v|
+      v.memory = 1024
+      v.cpus = 2
+    end
+    puppet.vm.synced_folder ".", "/home/vagrant/sync", disabled: true
+  end
+  # PuppetMaster
+  config.vm.define "puppetmaster1", primary: true do |puppet|
+    #puppet.vm.box = "puppetmaster"
+    puppet.vm.box = "centos/7"
+    puppet.vm.hostname = "puppet.example.com"
+    puppet.vm.network :private_network, ip: "192.168.50.201"
+    puppet.vm.network :forwarded_port, guest: 22, host: 2223, id: "ssh"
+    puppet.vm.provider "virtualbox" do |v|
+      v.memory = 1024
+      v.cpus = 2
+    end
+    puppet.vm.synced_folder ".", "/home/vagrant/sync", disabled: true
+  end
+  # PuppetMaster2
+  config.vm.define "puppetmaster2", primary: true do |puppet|
+    #puppet.vm.box = "puppetmaster"
+    puppet.vm.box = "centos/7"
+    puppet.vm.hostname = "puppet.example.com"
+    puppet.vm.network :private_network, ip: "192.168.50.202"
+    puppet.vm.network :forwarded_port, guest: 22, host: 2224, id: "ssh"
+    puppet.vm.provider "virtualbox" do |v|
+      v.memory = 1024
+      v.cpus = 2
+    end
+    puppet.vm.synced_folder ".", "/home/vagrant/sync", disabled: true
+  end
+  # PuppetDB
+  config.vm.define "puppetdb", primary: true do |puppet|
+    puppet.vm.box = "centos/7"
+    puppet.vm.hostname = "puppetdb.example.com"
+    puppet.vm.network :private_network, ip: "192.168.50.101"
+    puppet.vm.network :forwarded_port, guest: 22, host: 2225, id: "ssh"
+    puppet.vm.provider "virtualbox" do |v|
+      v.memory = 1024
+      v.cpus = 2
+    end
+    puppet.vm.synced_folder ".", "/home/vagrant/sync", disabled: true
+  end
+
+  # Example Node (mpli)
+  config.vm.define "mpli" do |casit|
+    casit.vm.box = "centos/7"
+    casit.vm.hostname = "mpli.example.com"
+    casit.vm.network :private_network, ip: "192.168.50.101"
+    casit.vm.network :forwarded_port, guest: 22, host: 2226, id: "ssh"
+    casit.vm.provider "virtualbox" do |v|
+      v.memory = 1024
+      v.cpus = 2
+    end
+  end
+end

section2.markdown

@@ -0,0 +1,66 @@
+## Section 2:
+### Architecting Puppet for scalability, redundancy and performance
+
+## Puppetserver
+  puppetca              192.168.50.100/24
+  puppet certificate generate
+  lsof / firewalld / iptables
+
+## Load Balancer / PuppetCA 
+  puppetca / lb         192.168.50.100/24
+    - puppetmaster 1    192.168.50.201/24
+    - puppetmaster 2    192.168.50.202/24
+
+webserver: {
+  access-log-config: /etc/puppetlabs/puppetserver/request-logging.xml
+  client-auth: want
+  ssl-host: 0.0.0.0
+  ssl-port: 8141
+  host: 0.0.0.0
+  port: 18140
+}
+
+Listen 8140
+<VirtualHost *:8140>
+  ServerName puppet.example.com
+  SSLEngine on
+  SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2
+  SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
+  SSLCertificateFile /etc/puppetlabs/puppet/ssl/certs/puppet.example.com.pem
+  SSLCertificateKeyFile /etc/puppetlabs/puppet/ssl/private_keys/puppet.example.com.pem
+  SSLCertificateChainFile /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem
+  SSLCACertificateFile /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem
+  # If Apache complains about invalid signatures on the CRL, you can try disabling
+  # CRL checking by commenting the next line, but this is not recommended.
+  SSLCARevocationFile /etc/puppetlabs/puppet/ssl/ca/ca_crl.pem
+  SSLVerifyClient optional
+  SSLVerifyDepth 1
+  # The `ExportCertData` option is needed for agent certificate expiration warnings
+  SSLOptions +StdEnvVars +ExportCertData
+  # This header needs to be set if using a loadbalancer or proxy
+  RequestHeader unset X-Forwarded-For
+  RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
+  RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
+  RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
+  ProxyPassMatch ^/(puppet-ca/v[123]/.*)$ balancer://puppetca/$1
+  ProxyPass / balancer://puppetworker/
+  ProxyPassReverse / balancer://puppetworker
+  <Proxy balancer://puppetca>
+    BalancerMember http://127.0.0.1:18140
+  </Proxy>
+  <Proxy balancer://puppetworker>
+    BalancerMember http://192.168.50.201:18140
+    BalancerMember http://192.168.50.202:18140
+  </Proxy>
+</VirtualHost>
+
+
+
+node default {
+  notify { "compiled on puppetmaster1": }
+}
+
+
+## Master of Master
+
+## Performance

section3.markdown

@@ -0,0 +1,86 @@
+## Section 3:
+### PuppetDB
+
+## Exported Resources / Storeconfigs
+
+## PuppetDB
+  puppetca              192.168.50.100/24
+  puppetdb              192.168.50.101/24
+  postgresql            192.168.50.101/24
+
+## puppetlabs-puppetdb 
+ * Quick easy way to configure puppetdb and postgresql
+   - Obscures the details
+
+## Postgresql
+ * Find latest PostgreSQL you can - get repo rpm for that.
+
+ * Install postgresql repo rpm
+   http://yum.postgresql.org/9.4/redhat/rhel-7-x86_64/pgdg-redhat94-9.4-2.noarch.rpm
+
+ * Install postgresql
+   yum install postgresql94-server
+
+ * Initialize the database
+   postgresql-setup initdb
+
+ * Start the database
+   systemctl start postgresql-9.4
+
+## Create puppetdb database
+ * Create the User
+   sudo -iu postgres
+   createuser -DRSP puppetdb
+
+ * Create the Database
+   createdb -E UTF8 -O puppetdb_puppetdb
+
+ * Allow access to postgres locally
+   /var/lib/pgsql/9.4/data/pg_hba.conf
+   local puppetdb puppetdb    md5
+   host  puppetdb puppetdb    127.0.0.1/32  md5
+   host  puppetdb puppetdb    ::1/128       md5   
+
+ * Restart postgresql
+   systemctl restart postgresql-9.4
+
+ * Verify puppetdb user can access postgresql
+   psql -h localhost puppetdb_puppetdb
+   \d
+   \q
+
+## Install and configure puppetdb to use postgresql
+ * Edit database.ini, point to local postgresql installation
+   /etc/puppetlabs/puppetdb/conf.d/database.ini
+   localhost:5432/puppetdb
+   username = puppetdb
+   password = PacktPub
+
+## Configure Puppetserver to use PuppetDB
+ * Tell Puppetserver where to find puppetdb
+   /etc/puppetlabs/puppet/puppetdb.conf
+   [main]
+     server_urls = https://puppetdb.example.com:8081/
+     soft_write_failure = false
+
+ * Enabled storeconfigs
+   /etc/puppetlabs/puppet/puppet.conf
+     storeconfigs = true
+     storeconfigs_backend = puppetdb
+
+ * Create routes.yaml
+   /etc/puppetlabs/puppet/routes.yaml
+     ---
+     master:
+       facts:
+         terminus: puppetdb
+         cache: yaml
+
+  * restart puppetserver
+    systemctl restart puppetserver
+
+  * Verify connectivity to puppetdb
+    puppet agent -t
+    psql -h localhost puppetdb puppetdb
+    \x
+    SELECT * from catalogs;