Pre Launch

.gitignore

@@ -1,3 +1,6 @@
+# Private
+.env
+
 # Everything in data except global.yaml
 /hieradata/*
 !/hieradata/common.yaml

.travis.yml

@@ -1,12 +1,16 @@
 sudo: false
 language: ruby
-install: cd dist/profile && bundle install --without development system_tests --path vendor
+before_install:
+  - openssl aes-256-cbc -K $encrypted_4543e8d896b8_key -iv $encrypted_4543e8d896b8_iv -in .env.enc -out .env -d || true
+install: bin/ci.sh install
+script: bin/ci.sh script
+after_script: bin/ci.sh deploy
 env: PUPPET_GEM_VERSION="~> 4.0" STRICT_VARIABLES=yes
-script: bundle exec rake test
 cache:
   directories:
   - dist/profile/vendor
   - dist/profile/spec/fixtures/modules
+  - $HOME/.cache/pip
 notifications:
   slack:
     secure: PO+9V7wfK1zJZTO3RgewarOo2Uk6bhPXTAUFwDhwEoBnbhOEIq1ItLkOZfXW4LgQ9WpK03x1y9LNA4xHK89Z3yxO/s+/Csf5YOcv9+CUuwQR4vjfiFmedB8DCObGKc5HdsuohJx6G/YyLag8gFTJMGIDyQRN4uodXjrK2NGuMG8QRYhq4qwYtmnw3Q4q3o9Nsso1486qTnbWuRtF78ofgVnBurNYefbOiycGRvX4on2WI8syGcBVLQWIO/9Lc3Nye3arKdvtrVKI15/QM5DpgyPCmSTeqeu122XgVP/vPqYtmBXttU3lTladAq3S5VpMo9DQlltgTLvAl4a8ma+mzqtux1K628tMsAcNLUpcsXYbbUTRQILCmIQlDomC8oQOtSWnYPCtMpTr/5pGElVlNoWUSahlZS/VV9m/1Om64lgFdxY+MI9sI8UlXi6Ny47JfpHp7xQJPe80sFVLtwtrs9ievcEyw1R+9rSL1ASs3JIevKu5q9wTFL8Dy8lzWHlwyth8kkSruzUc7b5wsLpOPhJoKXuEJjY1ac3abgBjuX06Vk0y0y/dJdPDKy3Uo+ajY4IdjoppuJPRklXv77/hU04W8XTlD5eBR+M4tWAsUZgU1GkgtoUV05GSfNwhRfpeqzqqqzVjeUDUmXvhUG1YmkNd3wdRaW6t57iCi7P6ikI=

Puppetfile

@@ -8,26 +8,13 @@ mod 'puppetlabs/mysql', '3.6.2'
 mod 'puppetlabs/ntp', '4.1.2'
 mod 'puppetlabs/stdlib', '4.10.0'
 mod 'puppetlabs/vcsrepo', '1.3.2'
-mod 'concat',
-  :git => 'https://github.com/puppetlabs/puppetlabs-concat.git',
-  :tag => '2.0.1'
+mod 'puppetlabs/concat', '1.2.5'
 
 # Puppet approved modules
+mod 'garethr/docker', '5.0.0'
+mod 'hunner/hiera', '1.4.1'
 mod 'maestrodev/wget', '1.7.1'
-# This can revert to forge syntax when v5.x is released
-# Currently there is now support for the new docker repositories
-mod 'docker',
-  :git => 'https://github.com/garethr/garethr-docker.git',
-  :ref => 'master'
-# This can revert to forge syntax when v1.3.3 is released
-# PR #86 is needed
-mod 'hiera',
-  :git => 'https://github.com/hunner/puppet-hiera.git',
-  :ref => 'master'
-# This can revert to forge syntax when version > 3.1.1 is released
-mod 'r10k',
-  :git => 'https://github.com/acidprime/r10k.git',
-  :ref => 'master'
+mod 'zack/r10k', '3.2.0'
 
 # Others
 mod 'saz/limits', '2.3.0'

README.md

@@ -8,35 +8,45 @@ This project is still in a prototype development stage.
 Vlad's Puppet Control Repo.
 
 ## Description
-### Puppetfile
-r10k needs this file to figure out what component modules you want from the
-Forge. The result is a modules directory containing all the modules specified in
-this file, for each environment/branch. The modules directory is listed in
-environment.conf's modulepath.
-
-### environment.conf
-This file can override several settings whenever the Puppet master is serving
-nodes assigned to that environment.
-[Config Files: environment.conf](https://docs.puppetlabs.com/puppet/latest/reference/config_file_environment.html)
-
 ### bin/
 Contains various executable scripts.
 
-### data/
-Contains the hiera data files. It's intended to serve as a base only, for
-public data, and it should be overwritten or amended with data from private
-sources.
+### cfn/
+Contains AWS CloudFormation templates.
 
 ### dist/
 Contains organization-specific roles and profiles.
 This directory is specified as a modulepath in environment.conf
 [Designing Puppet – Roles and Profiles.](http://www.craigdunn.org/2012/05/239/)
 
+### hieradata/
+Contains the hiera data files. It's intended to serve as a base only, for
+public data, with sane defaults. It should be overwritten or amended with data
+from private sources.
+
+### include/
+Contains various functions that can be sourced in other scripts.
+
 ### manifests/
 Contains Puppet's manifests:
-  - `bootstrap.pp`: the bootstrapping manifest
   - `site.pp`: the main manifest
 
+### Puppetfile
+r10k needs this file to figure out what component modules you want from the
+Forge. The result is a modules directory containing all the modules specified in
+this file, for each environment/branch. The modules directory is listed in
+environment.conf's modulepath.
+
+### environment.conf
+This file can override several settings whenever the Puppet master is serving
+nodes assigned to that environment.
+[Config Files: environment.conf](https://docs.puppetlabs.com/puppet/latest/reference/config_file_environment.html)
+
+### environment.sh
+This file contains global variables. It can be sourced by other scripts. **All
+variables declared here are public**. Any sensitive information should be
+placed in an `.env` file which will overwrite the information here.
+
 ## Testing
 ### Prerequisites
 

bin/bootstrap.sh

@@ -17,17 +17,17 @@
 #
 # * Trusted facts info: https://docs.puppetlabs.com/puppet/latest/reference/lang_facts_and_builtin_vars.html#trusted-facts
 
+# Immediately exit on errors
+set -euo pipefail
+
 # DEFAULTS
 PP_MASTER=${PP_MASTER:-puppet}
 PP_ROLE=${PP_ROLE:-none}
 PP_SECRET=${PP_SECRET:-none}
 PP_COLLECTION=${PP_COLLECTION:-pc1}
 PP_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd -P)"
+PP_COLOR=${PP_COLOR:-true}
 PATH="/opt/puppetlabs/bin:/opt/puppetlabs/puppet/bin:${PATH}"
-CONFDIR="$(puppet master --configprint confdir)"
-
-# Immediately exit on errors
-set -euo pipefail
 
 # Check if root
 is_root(){
@@ -98,19 +98,23 @@ configure_puppet(){
     echo 'Install/update puppet modules'
     r10k puppetfile install \
       --puppetfile "${PP_DIR}/Puppetfile" \
-      --moduledir "${PP_DIR}/modules" \
+      --moduledir '/tmp/modules' \
       --verbose
   elif [[ "$PP_MASTER" != 'puppet' ]]; then
     echo "Set puppet master address - '$PP_MASTER'"
     puppet config set \
       server "$PP_MASTER" --section master
   fi
+
+  # VARs
+  PP_CONFDIR="$(puppet master --configprint confdir)"
 }
 
 # Generate certificate request attributes file
 generate_csr_attributes_file(){
+  [[ "$PP_MASTER" == 'none' ]] && return
   echo 'Generating a CSR Attributes file'
-  local file="${CONFDIR}/csr_attributes.yaml"
+  local file="${PP_CONFDIR}/csr_attributes.yaml"
   local file_path; file_path=$(dirname "$file")
 
   # Ensure directory is present
@@ -150,24 +154,27 @@ EPP
     }" > "$file"
 }
 
+# Apply puppet
+apply_puppet(){
+  [[ "$PP_MASTER" == 'none' ]] || return 1
+  echo 'Applying puppet'
+  FACTER_ROLE="${PP_ROLE}" puppet apply \
+    --color="$PP_COLOR" \
+    --modulepath "${PP_DIR}/dist:/tmp/modules"  \
+    "${PP_DIR}/manifests/site.pp"
+}
+
 # Run puppet
 run_puppet(){
-  if [[ "$PP_MASTER" == 'none' ]]; then
-    echo 'Applying puppet'
-    FACTER_ROLE="${PP_ROLE}" puppet apply \
-      --modulepath "${PP_DIR}/dist:${PP_DIR}/modules"  \
-      "${PP_DIR}/manifests/site.pp"
-  elif [[ "$PP_MASTER" != 'puppet' ]]; then
-    echo 'Running puppet'
-    puppet agent \
-      --server "$PP_MASTER" \
-      --waitforcert 5 \
-      --no-daemonize \
-      --onetime \
-      --verbose
-  else
-    echo 'WARNING: No puppet master specified'
-  fi
+  [[ -n "$PP_MASTER" ]] || return 1
+  echo 'Running puppet'
+  puppet agent \
+    --server "$PP_MASTER" \
+    --waitforcert 5 \
+    --no-daemonize \
+    --onetime \
+    --color="$PP_COLOR" \
+    --verbose
 }
 
 # Logic
@@ -176,7 +183,7 @@ main(){
   install_release_pkg
   configure_puppet
   generate_csr_attributes_file
-  run_puppet
+  apply_puppet || run_puppet || echo 'WARNING: No puppet master specified'
 }
 
 # Run

bin/cfn_create_stack

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+# Creates CloudFormation stack
+
+# Load environment
+# shellcheck disable=1090
+. "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)/../include/aws.sh"
+
+aws cloudformation create-stack \
+  --stack-name "${vgh_stack_name:?}" \
+  --template-body "${vgh_stack_file:?}" \
+  --parameters "${vgh_stack_parameters:?}" \
+  --capabilities "${vgh_stack_capabilities:?}" \
+  --tags "${vgh_stack_tags:?}" \
+  --on-failure 'DELETE'
+
+if ! aws_cfn_wait_for_stack "${vgh_stack_name:?}"; then
+  echo "FATAL: The stack ${vgh_stack_name:?} failed to create properly" >&2
+  exit 1
+fi

bin/cfn_delete_stack

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+# Creates CloudFormation stack
+
+# Load environment
+# shellcheck disable=1090
+. "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)/../include/aws.sh"
+
+aws cloudformation delete-stack --stack-name "${vgh_stack_name:?}"
+
+if ! aws_cfn_wait_for_stack "${vgh_stack_name:?}"; then
+  echo "FATAL: The stack ${vgh_stack_name:?} failed to delete properly" >&2
+  exit 1
+fi

bin/ci.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+# Creates CloudFormation stack
+
+# Load environment
+# shellcheck disable=1090
+. "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)/../include/aws.sh"
+
+case "$1" in
+  install)
+    pip install --user --upgrade awscli
+    cd dist/profile || exit
+    bundle install --without development system_tests --path vendor
+    ;;
+  script)
+    cd dist/profile || exit
+    bundle exec rake test
+    ;;
+  deploy)
+    aws s3 sync "${REPODIR}/cfn/" "${vgh_cfn_stack_s3:?}/" \
+      --delete --acl public-read \
+      --exclude "*" --include "*.json"
+    ;;
+esac
+

bin/pre-commit-hook

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # pre-commit git hook
 #
 # Prerequisites:
@@ -17,6 +17,10 @@
 [ -s "${HOME}/.rvm/scripts/rvm" ] && source "${HOME}/.rvm/scripts/rvm"
 [ -d "${HOME}/.rvm" ] && export PATH="$PATH:$HOME/.rvm/bin"
 
+# Add /usr/local/bin to PATH
+PATH=/usr/local/bin:${PATH}
+
+# Check YAML
 function checkyaml() {
   ruby -e "require 'yaml'; YAML.load_file('$1')"
 }
@@ -56,6 +60,14 @@ if ! [ -x "$path_to_ruby" ]; then
   exit 1
 fi
 
+path_to_aws=$(command -v aws)
+if ! [ -x "$path_to_aws" ]; then
+  echo "The AWS CLI binary wasn't found."
+  echo "Sorry, I won't allow you to commit without aws cli installed."
+  echo "Please install aws cli and try again."
+  exit 1
+fi
+
 echo "### Checking puppet syntax, for science! ###"
 # for file in `git diff --name-only --cached | grep -E '\.(pp|erb)'`
 for file in $(git diff --name-only --cached | grep -E '\.(pp)'); do
@@ -134,6 +146,22 @@ for file in $(git diff --name-only --cached | grep -E '\.(yaml)'); do
 done
 echo ""
 
+echo "### Checking if CloudFormation syntax is valid ###"
+for file in $(git diff --name-only --cached | grep -E 'cfn\/.*\.(json)'); do
+  if [[ -f $file ]]; then
+    aws --region 'us-west-2' --output text \
+      cloudformation validate-template \
+      --template-body "file://${file}"
+    if [[ $? -ne 0 ]]; then
+      echo "ERROR: Cloudformation syntax validation failed at: $file"
+      syntax_is_bad=1
+    else
+       echo "OK: $file looks valid"
+    fi
+  fi
+done
+echo ""
+
 if [[ $syntax_is_bad -eq 1 ]]; then
   echo
   echo "################################################################"