WIP: install and configure puppetserver #193
Conversation
add another option to puppet::server's servertype: server puppet server is the new form of running the master, built on the same technology as puppetdb. this patchset tries to give our users the option to install that product
|
let's get this discussion started. i really have no idea what's going on in /etc/puppetserver/ or /etc/puppet/conf.d, which of these parts we need to manage… right now it works as is. then there's also /etc/default/puppetserver, which also has to be edited… |
|
The work I started a while back can be seen at https://github.com/puppetlabs-operations/puppet-puppet/blob/a8f02ae9d99e5aa1147539280fccaea83cdc1b49/manifests/server/puppetserver.pp, for reference. It needs rebasing but might be useful as a point of reference. (also, thanks for helping with this - keeps falling off my list) |
|
cool, will take that up and update! |
There was a problem hiding this comment.
this is vaporware ;)
i'll rebase @danieldreier's and go with that one.
There was a problem hiding this comment.
another fragment from another effort I'd made:
https://github.com/puppetlabs-operations/puppet-puppet/blob/2653e222bf1275ea1426eed694a5716f58524d00/manifests/server/puppetserver/webserver.pp
The docs I'm aware of that may be interesting to you for this are:
basic setup:
https://github.com/puppetlabs/puppet-server/blob/master/documentation/install_from_packages.markdown
external SSL termination (probably not needed for most cases)
https://github.com/puppetlabs/puppet-server/blob/master/documentation/external_ssl_termination.markdown
https://github.com/puppetlabs/puppet-server/blob/master/documentation/configuration.markdown
- where JRuby will look for gems
- path to puppet conf dir
- path to puppet var dir
- maximum number of JRuby instances to allow; defaults to +2
- enable/disable the CA service via trapperkeeper settings
- configure logging via logback
Basic parameters:
https://github.com/puppetlabs/puppet-server/blob/master/documentation/configuration.markdown
[memory] - (optional) set JVM memory use; 2gb recommended by default
format is "2gb", "512m", etc.
[max_active_instances] - (optional) maximum number of JRuby instances to allow
[logging_config] - (optional) Path to logback logging configuration file
http://logback.qos.ch/manual/configuration.html
[gem_home] - (optional) determines where JRuby will look for gems. Also
used by the puppetserver gem command line tool.
[master_conf_dir] - (optional) path to puppet conf dir
[master_var_dir] - (optional) path to puppet var dir
[enable_profiler] - (optional) enable or disable profiling for the Ruby code
(true|false)
[*allow_header_cert_info - (optional) Allows the "ssl_client_header" and
(true|false) "ssl_client_verify_header" options set in
puppet.conf to work. These headers will be
ignored unless "allow-header-cert-info" is true
Also note that puppetserver.conf is in HOCON format, which is a (somewhat odd strange) superset of JSON (https://github.com/puppetlabs/puppet-server/blob/master/documentation/configuration.markdown, https://github.com/typesafehub/config#using-hocon-the-json-superset)
I'd suggest that puppet-puppet simply create pure JSON puppetserver.conf files because
that's way easier to work with, until we get a proper augeas provider for HOCON.
The most common failure cases for very basic puppetserver use are:
- insufficient memory allocated for JVM (it's 2gb by default, vagrant is 512mb by default)
- init script will return success even if the service didn't really succeed starting
- service starts but doesn't respond to requests for a few minutes while the JVM starts and threads come up
We may want to help manage gems inside of jruby (see https://github.com/puppetlabs/puppet-server/blob/master/documentation/gems.markdown) because the gem path is different, and many modules/report processors/providers/etc require gems, and system gems won't be available.
One significant and little-noted change is that puppetserver has environment caches which improve performance but lead to confusing behavior if you redeploy environments frequently via r10k. This was introduced in Puppet 3.6 but I've only noticed the impact on puppetserver systems for whatever reason. See https://docs.puppetlabs.com/puppet/latest/reference/environments_limitations.html for more information; the key setting to manage is environment_timeout.
Sorry about the wall of text - I just spent a lot of time researching all the settings we might want to manage while I was going about adding puppetserver support, then never got around to implementing it fully.
There was a problem hiding this comment.
Side note -
The puppetlabs-hocon module appears to be intended as the standard way to manage hocon-format configuration files in puppet server and other trapperkeeper projects. It provides approximately the same functionality as the ini_setting resource from puppetlabs/inifile.
add another option to puppet::server's servertype: server
puppet server is the new form of running the master, built on the same
technology as puppetdb.
this patchset tries to give our users the option to install that product