Friday, March 14, 2014

Puppet manifest PHP compilation (build) server


# PHP build and rpm packaging server
# Used for adding (compiling) extensions for PHP (ie: mysql native driver)
#
# Copy the php-5.3.28.tar.gz source to /BUILDS and extract
# Copy php_config_script to /BUILDS/php-5.3.28 and run to set compilation options
# Run /BUILDS/make_install_pkg.sh
# -- End result should be an rpm in /BUILDS
#
# 03/11/14 mfeenstra

node /mybuildserver0[1|2].yourdomain.net/ {

    class { "yum":
        enable_base_6_4    => '1',
        enable_updates_6_4 => '1',
        epel               => 'yes',
        sernet_samba       => 'yes'
    }

    class { "sudoers":
        sudoer => {
            "%ops"       => [ "ALL=(ALL) ALL" ],
            "%secteam"   => [ "ALL=(ALL) ALL" ],
            "%releng"    => [ "ALL=(ALL) ALL" ],
            "%dev"       => [ "ALL=(ALL) ALL" ],
            "%qa"        => [ "ALL=(ALL) ALL" ],
            "%qa-unix"   => [ "ALL=(ALL) ALL" ],
        }
    }

    class { "base": }
    class { "sites": }
    class { "motd": description => 'PHP build and rpm packaging server' }

    class { "ssh":
        pamsshd => {
            "dev"     => [ "account sufficient pam_succeed_if.so user ingroup" ],
            "releng"  => [ "account sufficient pam_succeed_if.so user ingroup" ],
            "qa"      => [ "account sufficient pam_succeed_if.so user ingroup" ],
            "qa-unix" => [ "account sufficient pam_succeed_if.so user ingroup" ],
        }
    }

    package { "gcc":
        ensure  =>  present
    }

    package { "httpd":
        ensure  =>  present
    }

    package { "httpd-devel":
        ensure  =>  present
    }

    package { "httpd-tools":
        ensure  =>  present
    }

    package { "libxml2-devel":
        ensure  =>  present
    }

    package { "openssl-devel":
        ensure  =>  '1.0.0-27.el6_4.2'
    }

    package { "bzip2-devel":
        ensure  =>  present
    }

    package { "libcurl-devel":
        ensure  =>  present
    }

    package { "gmp-devel":
        ensure  =>  present
    }

    package { "unixODBC":
        ensure  =>  present
    }

    package { "freetds":
        ensure  =>  present
    }
    
    file { '/usr/lib/libsybdb.so.5':
        ensure  =>  'link',
        target  =>  '/usr/lib64/libsybdb.so.5',
        require    =>  Package["freetds"]
    }

    file { '/usr/lib/libsybdb.so.5.0.0':
        ensure  =>  'link',
        target  =>  '/usr/lib64/libsybdb.so.5.0.0',
        require    =>  Package["freetds"]
    }

    package { "freetds-devel":
        ensure  =>  present,
        require    =>  Package["freetds"]
    }

    file { '/usr/lib/libsybdb.so':
        ensure  =>  'link',
        target  =>  '/usr/lib64/libsybdb.so',
        require    =>  Package["freetds-devel"]
    }

    package { "readline":
        ensure  =>  present
    }

    package { "readline-devel":
        ensure  =>  present
    }

    package { "pcre":
        ensure  =>  present
    }

    package { "pcre-devel":
        ensure  =>  present
    }



    # FPM is a super awesome and easy RPM packaging tool written in Ruby

    package { "ruby":
        ensure  =>  present
    }

    package { "ruby-devel":
        ensure  =>  present,
        require =>  Package["ruby"]
    }

    package { "ruby-irb":
        ensure  =>  present,
        require =>  Package["ruby"]
    }

    package { "ruby-libs":
        ensure  =>  present,
        require =>  Package["ruby"]
    }

    package {"ruby-rdoc":
        ensure  =>  present,
        require =>  Package["ruby"]
    }

    package {"rubygems":
        ensure  =>  present,
        require =>  Package["ruby"]
    }

    package { "rpm-build":
        ensure  =>  present
    }

    # ruby gem FPM for creating RPM packages

    package { "fpm":
        ensure  =>  'installed',
        provider => 'gem',
        require  => Package["rubygems"]
    }

    # build scripts

    file { "/BUILDS":
        ensure  =>  "directory"
    }

    file { "/BUILDS/make_install_pkg.sh":
        ensure  => present,
        owner   => root,
        group   => root,
        mode    => '0755',
        source  => 'puppet:///files/phpbuild/make_install_pkg.sh',
        path    => '/BUILDS/make_install_pkg.sh',
        require => File["/BUILDS"]
    }

    file { "/BUILDS/php_config_script":
        ensure  => present,
        owner   => root,
        group   => root,
        mode    => '0755',
        source  => 'puppet:///files/phpbuild/php_config_script',
        path    => '/BUILDS/php_config_script',
        require => File["/BUILDS"]
    }


}

Wednesday, January 8, 2014

Puppet manifest for PostgreSQL Master / Slave setup


# DevOps manifest for setting up primary / warm standby postgres servers
# These postgres are created in pairs with the first being master.
#
# Requires PuppetLabs PostgreSQL module from puppetlabs.com
#
# mfeenstra 12/16/13



# Master Postgres DB

node /your-master-server.com/ {

    class { "yum":
        enable_base_6_4    => '1',
        enable_updates_6_4 => '1',
        enable_base_6_3    => '1',
        enable_updates_6_3 => '1',
        enable_base_6_2    => '1',
        enable_updates_6_2 => '1',
        enable_base_6_1    => '1',
        enable_updates_6_1 => '1',
        move_system        => 'yes',
        epel               => 'yes',
        pgdg               => 'yes',
        sernet_samba       => 'yes'
    }

    class { "sudoers":
        sudoer => {
            "%ops"       => [ "ALL=(ALL) ALL" ],
            "%secteam"   => [ "ALL=(ALL) ALL" ],
            "%wheel"     => [ "ALL=(ALL) ALL" ],
            "%dev"       => [ "ALL=(ALL) ALL" ],
            "%dbaadmins" => [ "ALL=(ALL) ALL" ],
"%releng" => [ "ALL=(ALL) ALL" ]
        }
    }

    class { "base": }
    class { "corp": }
    class { "motd": description => 'add your server description here' }

    class { "ssh":
        pamsshd => {
            "dev"      => [ "account sufficient pam_succeed_if.so user ingroup" ],
            "dbadmins" => [ "account sufficient pam_succeed_if.so user ingroup" ],
"releng" => [ "account sufficient pam_succeed_if.so user ingroup" ],
        }
    }

    # mount filesystem from warm-standby server
    file { "/var/lib/pgsql/wal_archive":
    ensure  =>  directory,
  owner   =>  'postgres',
    group   =>  'postgres',
    mode    =>  0755,
    path    =>  "/var/lib/pgsql/wal_archive"
}

    mount { "/var/lib/pgsql/wal_archive":
    device  =>  "your-slave-server.com:/var/lib/pgsql/wal_archive",
    fstype  =>  "nfs",
    ensure  =>  "mounted",
    options =>  "defaults,rw",
    atboot  =>  "true",
    require  =>  File["/var/lib/pgsql/wal_archive"]
}

### install extra packages

    package { "postgresql91-devel":
        ensure => present,
        require => Package["postgresql91-server"]
    }

    package { "postgresql91-contrib":
        ensure => present,
        require => Package["postgresql91-server"]
    }

    ### postgresql91 db configuration

    class { "postgresql::globals":
        version     =>  '9.1'
    }

    # package installation and service auto-start are handled by this class

    class { "postgresql::server":
    ensure     =>  present,
    listen_addresses =>  "*",
    encoding => "UTF8",
    locale => "en_US.UTF-8",
    ip_mask_allow_all_users =>  "10.0.0.0/8"
}

postgresql::server::role { "myapplication_name":
password_hash => postgresql_password('someuser', 'somepassword'),
createdb  => true,
superuser  => true,
require       => Class["postgresql::server"]
}

# postgresql::server::db { "testdb1":
# user  =>  "alertsapp",
# password  =>  "alertsapp",
# require   =>  Class["postgresql::server"]
# }

postgresql::server::config_entry {
'port' : value => 5432;
'max_connections' : value => 300;
'shared_buffers' : value => "128MB";
'work_mem' : value => "50MB";
'checkpoint_segments' : value => 32;
'log_destination' : value => 'stderr';
'logging_collector' : value => "on";
'log_directory' : value => "pg_log";
'log_filename' : value => "postgresql-%a.log";
'log_truncate_on_rotation' : value => "on";
'log_rotation_age' : value => "1d";
'log_rotation_size' : value => 0;
'log_min_duration_statement' : value => 500;
'datestyle' : value => "iso, mdy";
'lc_messages' : value => "en_US.UTF-8";
'lc_monetary' : value => "en_US.UTF-8";
'lc_numeric' : value => "en_US.UTF-8";
'lc_time' : value => "en_US.UTF-8";
'default_text_search_config' : value => "pg_catalog.english";

############## Master-only config setup (enable archiving) #############
'wal_level' : value => "archive";
'archive_mode' : value => "on";
# this command is run to move logs from pg_xlog to the "WAL archive" directory
'archive_command' : value => 'cp %p /var/lib/pgsql/wal_archive/%f';
        'archive_timeout'               : value => '120';

}


# postgresql::server::pg_hba_rule { 'allow network app to access db':
# type    => 'host',
# database    => 'all',
# user        => 'all',
# address     => '10.0.0.0/8',
# auth_method => 'md5',
# require    => Class["postgresql::server"]
# }



}

# Warm-standby Postgres DB

node /your-slave-server.com/ {

    class { "yum":
        enable_base_6_4    => '1',
        enable_updates_6_4 => '1',
        enable_base_6_3    => '1',
        enable_updates_6_3 => '1',
        enable_base_6_2    => '1',
        enable_updates_6_2 => '1',
        enable_base_6_1    => '1',
        enable_updates_6_1 => '1',
        move_system        => 'yes',
        epel               => 'yes',
        pgdg               => 'yes',
        sernet_samba       => 'yes'
    }

    class { "sudoers":
        sudoer => {
            "%ops"       => [ "ALL=(ALL) ALL" ],
            "%secteam"   => [ "ALL=(ALL) ALL" ],
            "%wheel"     => [ "ALL=(ALL) ALL" ],
            "%dev"       => [ "ALL=(ALL) ALL" ],
            "%dbaadmins" => [ "ALL=(ALL) ALL" ],
            "%releng"        => [ "ALL=(ALL) ALL" ]
        }
    }

    class { "base": }
    class { "corp": }
    class { "motd": description => 'add your server description here' }

    class { "ssh":
        pamsshd => {
            "dev"      => [ "account sufficient pam_succeed_if.so user ingroup" ],
            "dbadmins" => [ "account sufficient pam_succeed_if.so user ingroup" ],
            "releng" => [ "account sufficient pam_succeed_if.so user ingroup" ],
        }
    }

    # Setup filesystem and export for wal_archive.
    #
    # This FS is shared between the master and standby, facilitating the transfer
    # or "log shipping" of archive logs across the network.
    #
    # note: the standby server should export the archive filesystem, in case master
    # goes down.  The master will mount and write to this disk.  Otherwise the shared
    # disk should be NFS mounted.

    # Cannot mount /var/lib/pgsql with default permission 0700, changed to 755 within the
    # postgres module install.pp due to dependency problems

    file { "/var/lib/pgsql/wal_archive":
    ensure  =>  directory,
    owner   =>  'postgres',
    group   =>  'postgres',
    mode    =>  0755,
    path    =>  "/var/lib/pgsql/wal_archive",
        require =>  Package["postgresql91-contrib"]
}

    # allow master server to mount
file { "/etc/exports":
notify  =>  Service["nfs"],
ensure  =>  present,
owner   =>  'root',
group   =>  'root',
mode    =>  '644',
content =>  "/var/lib/pgsql/wal_archive master-server-name-here.com(rw,sync)"
}

service { "nfs":
ensure  => running,
require => File["/etc/exports"]
}

    ### install extra packages

    package { "postgresql91-devel":
        ensure => present,
    }

    package { "postgresql91-contrib":
        ensure => present,
    }

    ### postgresql91 db configuration

    class { "postgresql::globals":
        version     =>  '9.1'
    }

    # package installation and service auto-start are handled by this class

    class { "postgresql::server":
        ensure                  =>  present,
        listen_addresses        =>  "*",
        encoding                =>  "UTF8",
        locale                  =>  "en_US.UTF-8",
        ip_mask_allow_all_users =>  "10.0.0.0/8",

    }

    postgresql::server::role { "myapplication_name":
        password_hash => postgresql_password('someuser', 'somepass'),
        createdb      => true,
        superuser     => true,
        require       => Class["postgresql::server"]
    }

    postgresql::server::config_entry {
        'port'                          : value => 5432;
        'max_connections'               : value => 300;
        'shared_buffers'                : value => "128MB";
        'work_mem'                      : value => "50MB";
        'checkpoint_segments'           : value => 32;
        'log_destination'               : value => 'stderr';
        'logging_collector'             : value => "on";
        'log_directory'                 : value => "pg_log";
        'log_filename'                  : value => "postgresql-%a.log";
        'log_truncate_on_rotation'      : value => "on";
        'log_rotation_age'              : value => "1d";
        'log_rotation_size'             : value => 0;
        'log_min_duration_statement'    : value => 500;
        'datestyle'                     : value => "iso, mdy";
        'lc_messages'                   : value => "en_US.UTF-8";
        'lc_monetary'                   : value => "en_US.UTF-8";
        'lc_numeric'                    : value => "en_US.UTF-8";
        'lc_time'                       : value => "en_US.UTF-8";
        'default_text_search_config'    : value => "pg_catalog.english";
       
    }

}