Skip to content

Instantly share code, notes, and snippets.

@TJM

TJM/A-ExtractPuppetEnvironmentsAndRolesForMorpheus.md

Last active December 14, 2018 16:23
Show Gist options
  • Save TJM/4d7441dd6dafc18c6afbe89ce9dbc757 to your computer and use it in GitHub Desktop.
Save TJM/4d7441dd6dafc18c6afbe89ce9dbc757 to your computer and use it in GitHub Desktop.
Download ZIP
Extract roles from puppet for Morpheus OptionList
Raw
A-ExtractPuppetEnvironmentsAndRolesForMorpheus.md

Extract Puppet Environments and Roles for Morpheus

See inside for javascript to "translate" the output of Puppet API queries to name/value list for Morpheus.

Puppet Enterprise Setup

  • Generate a certificate on the Puppet Master (CA) for morpheus
    • puppet cert generate morhpeus-api
  • Grant Access to the environment_classes API
    • Add mod 'puppetlabs-puppet_authorization', '0.5.0' to Puppetfile (if its not already there)
    • Add the following to a profile for the puppetmaster:
    # White list certs for informational APIs
puppet_authorization::rule { 'Morpheus Provisioning environment_classes':
  match_request_path   => '/puppet/v3/environment_classes',
  match_request_type   => 'path',
  match_request_method => 'get',
  allow                => 'morpheus-api',
  sort_order           => 300,
  path                 => '/etc/puppetlabs/puppetserver/conf.d/auth.conf',
  notify               => Service['pe-puppetserver'],
}

Morpheus Setup

stunnel

Since Morpheus does not currently support the ability to use client side SSL certs for REST API authentication, we created an "stunnel" to handle that.

NOTE: This should be done using Puppet.

  • Install stunnel
    • yum install stunel # (or your OS equivalent, such as apt-get install stunnel)
  • Copy morpheus-api certs to morpheus server(s) from Puppet Master (CA)
    • /etc/puppetlabs/puppet/ssl/certs/morpheus-api.pem
    • /etc/puppetlabs/puppet/ssl/private_keys/morpheus-api.pem
  • Setup stunnel config (/etc/stunnel/puppet-api.conf)
[puppet-api]
client = yes
accept = 127.0.0.1:18140
connect = pe-master.domain.com:8140
sni = pe-master.domain.com:8140
cert = /etc/puppetlabs/puppet/ssl/certs/morpheus-api.pem
key = /etc/puppetlabs/puppet/ssl/private_keys/morpheus-api.pem
CAfile = /etc/puppetlabs/puppet/ssl/certs/ca.pem
  • Run stunnel
    • stunnel /etc/stunnel/puppet-api.conf
    • NOTE: It is up to the administrator how they want to start this at reboot.

Configure OptionsLists

Configure the Provisioning -> Library -> Options Lists as per the Morpheus documentation. The URL will be:

Make sure to use the translation scripts (paste them in) below in the appropriate list.

Raw
environments.js
for (var key in data.environments) {
results.push({name: key, value:key});
}
Raw
roles.js
var fileList = data.files;
var roleList = [];
for(var i = 0; i < fileList.length; i++) {
var row = fileList[i];
if(row.classes && row.classes.length > 0) {
for(var j = 0; j < row.classes.length; j++) {
var rowClass = row.classes[j];
if(rowClass.name.startsWith('role::')) {
var roleName = rowClass.name.substring(6);
var addRole = {name:roleName, value:roleName};
roleList.push(addRole);
}
}
}
}
results = roleList;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment