cristifalcas / Puppet Etcd
Licence: apache-2.0
etcd is a distributed key value store that provides a reliable way to store data across a cluster of machines.
Labels
Projects that are alternatives of or similar to Puppet Etcd
Puppet Manila
OpenStack Manila Puppet Module. Mirror of code maintained at opendev.org.
Stars: ✭ 26 (+188.89%)
Mutual labels: puppet
Puppet Monasca
OpenStack Monasca Puppet Module. Mirror of code maintained at opendev.org.
Stars: ✭ 22 (+144.44%)
Mutual labels: puppet
Drupal Puppet
Puppet modules for managing Drupal and the LAMP stack
Stars: ✭ 24 (+166.67%)
Mutual labels: puppet
Puppet Node manager
Create and manage PE node groups as resources.
Stars: ✭ 7 (-22.22%)
Mutual labels: puppet
Puppet
My collection of puppet modules - mostly licensed under GPLv3
Stars: ✭ 18 (+100%)
Mutual labels: puppet
Vagrant Puppet Nginx Uwsgi Flask
A pretty bare set up for running Flask in nginx through uwsgi in Vagrant deployed by Puppet. Got it?
Stars: ✭ 25 (+177.78%)
Mutual labels: puppet
Vagrant Hadoop
Vagrant configuration to bootstrap a Hadoop cluster
Stars: ✭ 24 (+166.67%)
Mutual labels: puppet
Logging Hooks Presentation
material for presentation about logging hooks in PostgreSQL
Stars: ✭ 7 (-22.22%)
Mutual labels: puppet
Puppet Zookeeper
Puppet module for managing Apache ZooKeeper
Stars: ✭ 19 (+111.11%)
Mutual labels: puppet
Puppet Redis cluster
Install multiple redis instances via Puppet to configure a cluster with redis-trib.rb (for Redis version >= 3.0)
Stars: ✭ 8 (-11.11%)
Mutual labels: puppet
Fuel Plugin External Glusterfs
MOVED: now at https://opendev.org/x/fuel-plugin-external-glusterfs
Stars: ✭ 19 (+111.11%)
Mutual labels: puppet
Symfony2 Puppet
A simple layout of your Vagrant / puppet manifests that you can drop into your root directory of your symfony2 project
Stars: ✭ 26 (+188.89%)
Mutual labels: puppet
Stingray Puppet
Puppet module to control Riverbed Stingray Traffic Manager
Stars: ✭ 8 (-11.11%)
Mutual labels: puppet
Windows sql
Puppet Module wich allow you to install and configure SQL Server on windows server 2012 or newer
Stars: ✭ 8 (-11.11%)
Mutual labels: puppet
This repos is archived. Please use https://github.com/puppet-etcd/puppet-etcd from now on
etcd
This module installs and configures etcd.
A basic provider is also implemented that can add/update/delete node keys
Because of the way etcd is working, you can't change any of the initial cluster variables after first run:
initial_advertise_peer_urls
initial_cluster
initial_cluster_state
initial_cluster_token
This is annoying if you first bootstraped the cluster in http mode and you want to add ssl after that to initial_cluster parameter.
Solution:
- Don't care. Even if the protocol is http, the communication will be over ssl
- redeploy the cluster (rm -rf /var/lib/etcd/$data_dir)
##Usage:
Basic usage:
include etcd
or
class { 'etcd':
ensure => 'latest',
etcd_listen_client_urls => 'http://0.0.0.0:2379',
}
Add a key/value pair to etcd:
etcd_key { '/coreos.com/network/config': value => '{ "Network": "10.1.0.0/16" }' }
Remove a key:
etcd_key { '/coreos.com/network1/config': ensure => absent }
Deploy a cluster:
class { 'etcd':
listen_client_urls => 'http://0.0.0.0:2379',
advertise_client_urls => "http://${::fqdn}:2379,http://127.0.0.1:2379",
listen_peer_urls => 'http://0.0.0.0:2380',
initial_advertise_peer_urls => "http://${::fqdn}:2380,http://127.0.0.1:2379",
initial_cluster => [
"${::hostname}=http://${::fqdn}:2380",
'infra1=http://infra1.domain.net:2380',
'infra2=http://infra2.domain.net:2380'],
}
Enable ssl for client communication:
class { 'etcd':
ensure => 'latest',
etcd_name => $::hostname,
listen_client_urls => 'https://0.0.0.0:2379',
advertise_client_urls => "https://${::fqdn}:2379",
# clients should speak over ssl
cert_file => "${::settings::ssldir}/certs/${::clientcert}.pem",
key_file => "${::settings::ssldir}/private_keys/${::clientcert}.pem",
# authorize clients
client_cert_auth => true,
# and verify clients certificates
trusted_ca_file => "${::settings::ssldir}/certs/ca.pem",
initial_cluster => [
"${::hostname}=http://${::fqdn}:2380",
'infra1=http://infra1.domain.net:2380',
'infra2=http://infra2.domain.net:2380'],
}
Use the etcd provider with ssl certificates:
etcd_key { '/coreos.com/network/config':
value => '{ "Network": "10.1.0.0/18" }',
peers => "https://${::fqdn}:2379",
cert_file => "${::settings::ssldir}/certs/${::clientcert}.pem",
key_file => "${::settings::ssldir}/private_keys/${::clientcert}.pem",
# verify server ceretificate
ca_file => "${::settings::ssldir}/certs/ca.pem",
}
Deploy a cluster with full ssl for both clients and peers
class { 'etcd':
ensure => 'latest',
etcd_name => $::hostname,
# clients
listen_client_urls => 'https://0.0.0.0:2379',
advertise_client_urls => "https://${::fqdn}:2379",
# clients ssl
cert_file => '/etc/pki/puppet_certs/etcd/public_cert.pem',
key_file => '/etc/pki/puppet_certs/etcd/private_cert.pem',
# authorize clients
client_cert_auth => true,
# verify clients certificates
trusted_ca_file => '/etc/pki/puppet_certs/etcd/ca_cert.pem',
# cluster
listen_peer_urls => 'https://0.0.0.0:2380',
initial_advertise_peer_urls => "https://${::fqdn}:2380",
initial_cluster => [
"${::hostname}=http://${::fqdn}:2380",
'infra1=http://infra1.domain.net:2380',
'infra2=http://infra2.domain.net:2380'],
# peers ssl
peer_cert_file => '/etc/pki/puppet_certs/etcd/public_cert.pem',
peer_key_file => '/etc/pki/puppet_certs/etcd/private_cert.pem',
# authorize peers
peer_client_cert_auth => true,
# verify peers certificates
peer_trusted_ca_file => '/etc/pki/puppet_certs/etcd/ca_cert.pem',
debug => true,
}
Deploy a proxy
If the $proxy parameter is undef, we will try to guess if the node should be a proxy by checking if $::fqdn or $::ipaddress appears in initial_cluster parameter.
class { 'etcd':
ensure => 'latest',
etcd_name => $::hostname,
proxy => 'on',
# clients
listen_client_urls => 'https://0.0.0.0:2379',
advertise_client_urls => "https://${::fqdn}:2379",
# clients ssl
cert_file => '/etc/pki/puppet_certs/etcd/public_cert.pem',
key_file => '/etc/pki/puppet_certs/etcd/private_cert.pem',
# authorize clients
client_cert_auth => true,
# verify clients certificates
trusted_ca_file => '/etc/pki/puppet_certs/etcd/ca_cert.pem',
# cluster
listen_peer_urls => 'https://0.0.0.0:2380',
initial_cluster => [
'infra0=http://infra0.domain.net:2380',
'infra1=http://infra1.domain.net:2380',
'infra2=http://infra2.domain.net:2380'],
# peers ssl
peer_cert_file => '/etc/pki/puppet_certs/etcd/public_cert.pem',
peer_key_file => '/etc/pki/puppet_certs/etcd/private_cert.pem',
# authorize peers
peer_client_cert_auth => true,
# verify peers certificates
peer_trusted_ca_file => '/etc/pki/puppet_certs/etcd/ca_cert.pem',
debug => true,
}
Journald forward:
The class support a parameter called journald_forward_enable.
This was added because of the PIPE signal that is sent to go programs when systemd-journald dies.
For more information read here: https://github.com/projectatomic/forward-journald
Usage:
include ::forward_journald
Class['forward_journald'] -> Class['etcd']
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].