{"id":25313077,"url":"https://github.com/jameslikeslinux/puppet-node_orchestration","last_synced_at":"2025-04-07T13:12:04.591Z","repository":{"id":171435844,"uuid":"647852213","full_name":"jameslikeslinux/puppet-node_orchestration","owner":"jameslikeslinux","description":"Puppet automation for managing node lifecycles in cloud providers","archived":false,"fork":false,"pushed_at":"2023-06-22T20:46:37.000Z","size":52,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-01T07:21:16.301Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Puppet","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jameslikeslinux.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-05-31T16:54:02.000Z","updated_at":"2023-09-13T20:19:35.000Z","dependencies_parsed_at":null,"dependency_job_id":"898bb200-540d-4243-96b9-6ea171624efb","html_url":"https://github.com/jameslikeslinux/puppet-node_orchestration","commit_stats":null,"previous_names":["jameslikeslinux/puppet-node_orchestration"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jameslikeslinux%2Fpuppet-node_orchestration","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jameslikeslinux%2Fpuppet-node_orchestration/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jameslikeslinux%2Fpuppet-node_orchestration/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jameslikeslinux%2Fpuppet-node_orchestration/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jameslikeslinux","download_url":"https://codeload.github.com/jameslikeslinux/puppet-node_orchestration/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247657277,"owners_count":20974345,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-02-13T15:36:29.293Z","updated_at":"2025-04-07T13:12:04.585Z","avatar_url":"https://github.com/jameslikeslinux.png","language":"Puppet","funding_links":[],"categories":[],"sub_categories":[],"readme":"# node_orchestration\n\nTasks and plans for automatically provisioning cloud instances, registering\nthem to Puppet Enterprise, and bootstrapping Puppet agent on them.\n\n## Table of Contents\n\n1. [Description](#description)\n1. [Setup - The basics of getting started with node_orchestration](#setup)\n    * [Setup requirements](#setup-requirements)\n    * [Beginning with node_orchestration](#beginning-with-node_orchestration)\n1. [Usage - Configuration options and additional functionality](#usage)\n1. [Limitations - OS compatibility, etc.](#limitations)\n\n## Description\n\nThis module wraps low-level automation for cloud providers to provide\nreasonable default settings and a simple user interface to create new nodes in\nPuppet Enterprise. The plans provided in this module will launch an instance,\nregister it with the PE inventory service, and bootstrap Puppet agent on the\nnew node. By looking up common organization settings from Hiera, consistency\namong the nodes managed by this automation is ensured. Puppet Orchestrator also\nprovides granular access control that can eliminate the need for direct user\naccess to the cloud providers.\n\n## Setup\n\n### Puppet Enterprise Requirements\n\n1. Define a `plan_hierarchy` in Hiera as described at\n   https://www.puppet.com/docs/bolt/latest/hiera.html#outside-apply-blocks.\n2. Create a new PE user role called \"Inventory Manager\" with the permissions\n   from type \"Nodes\" with action \"add and delete connection information from\n   inventory service.\" Assign a new service account to this role and generate a\n   long-lived API token for the account, such as with the command: `puppet\n   access login --lifetime 1y --print`. Provide the token in the Hiera plan\n   hierarchy under the key `node_orchestration::api_token`. EYAML is suggested.\n3. Tell the plan where to run its tasks with the Hiera plan hierarchy key\n   `node_orchestration::task_server`. This is the server where you declared the\n   `node_orchestration::aws` class. If this differs from your main Puppet\n   server, also set the `node_orchestrator::puppet_server` key so the plan\n   knows against which server to bootstrap the new agent.\n\n### AWS Requirements\n\n1. Create an IAM user with the `AmazonEC2FullAccess` policy. This policy is\n   sufficient, but not necessarily required. There may be a reduced set of\n   privileges that can be associated with this user. Create an access key for\n   this user. Pass the key information to the `node_orchestration::aws` class\n   which you should declare on your Puppet server, like:\n   ```puppet\n   class { 'node_orchestration::aws':\n     access_key_id     =\u003e 'AKIASUQFAKEACCESSKEY',\n     secret_access_key =\u003e Sensitive('the-secret-access-key'),\n     region            =\u003e 'us-east-1', # the default region to interact with\n   }\n   ```\n   These values can of course be set in Hiera.\n2. Create the following AWS resources: SSH key pair (note name and private key\n   content), named subnet (VPC subnets have no names out of the box), and one\n   or more named security groups.\n3. Somewhere in the Hiera plan hierarchy, define the following settings:\n   ```yaml\n   ---\n   node_orchestration::ec2_key_name: 'the-key-name'\n   node_orchestration::ec2_subnet: 'the-subnet-name'\n   node_orchestration::ec2_security_groups: ['sg1', 'sg2', etc...]\n   node_orchestration::ssh_private_key: \u003e\n     ENC[PKCS7,MII...the-eyaml-encrypted-private-key-contents]\n   ```\n\n### Azure Requirements\n\n1. Create a new Enterprise Application object in the Azure Active Directory to\n   represent this module. Take note of the resulting client ID and secret.\n2. Create a new Resource Group and Virtual Network to contain the VMs managed\n   by this module.\n3. In the new Resource Group's access control (IAM) settings, add a\n   \"Contributor\" role assignment for your new application principal. \n4. Declare the `node_orchestration::azure` class on your Puppet server to\n   configure the Azure CLI for this module to use, like:\n   ```puppet\n   class { 'node_orchestration::azure':\n     tenant_id     =\u003e 'ea383a66-fake-fake-fake-f3524734e142', # Active Directory ID\n     client_id     =\u003e '6b7f97e9-fake-fake-fake-ad4c99440348',\n     client_secret =\u003e Sensitive('the-secret-access-key'),\n   }\n   ```\n5. Somewhere in the Hiera plan hierarchy, define the following settings:\n   ```yaml\n   ---\n   node_orchestration::az_resource_group: 'ResourceGroupName' # that you created in step 2\n   node_orchestration::az_admin_password: \u003e\n     ENC[PKCS7,MII...the-eyaml-encrypted-initial-virtual-machine-password]\n   ```\n\n### Beginning with node_orchestration\n\nWhen the setup requirements are satisfied, the plans provided by this module\ncan be run from the PE console.\n\n## Usage\n\n### `node_orchestration::launch_ec2_instance`\n\nCreate an EC2 instance with default settings.\n\n* `instance_name`: The name of the instance to create\n* `size`: The type of instance to create (small, medium, large)\n* `image_id`: Overrides the default AMI set in Hiera\n* `ami_user`: Overrides the default AMI username set in Hiera\n* `key_name`: Overrides the default SSH key name set in Hiera\n* `public_ip_address`: Overrides Hiera setting on whether to assign a public IP\n  address. Subnet default takes priority.\n* `security_groups`: Overrides the default SG or list of SGs set in Hiera\n* `subnet`: Overrides the default subnet name set in Hiera\n* `region`: Overrides the default region set in Hiera\n* `os_disk_size`: If set, the size of the OS disk in GB. Otherwise, use EC2 defaults.\n* `role`: Set the `pp_role` extension request (trusted fact) to this value\n\nThe available sizes: small, medium, large; map to EC2 instance types t3.small,\nt3.medium, and t3.large by default. This can be overridden with the\n`node_orchestration::ec2_instance_types` Hiera plan data hash to provide\nreasonable organization defaults. Likewise, many of the plan parameters can be\nexpressed as defaults in Hiera plan data.\n\n### `node_orchestration::create_azure_vm`\n\nCreate an Azure VM with default settings.\n\n* `vm_name`: The name of the VM to create\n* `size`: The type of VM to create (small, medium, large)\n* `image_id`: Overrides the default image ID set in Hiera\n* `admin_user`: Overrides the initial VM username set in Hiera\n* `admin_password`: Overrides the initial VM password set in Hiera\n* `public_ip_address`: Overrides Hiera setting on whether to assign a public IP address\n* `resource_group`: Overrides the resource group set in Hiera\n* `os_disk_size`: If set, the size of the OS disk in GB. Otherwise, use Azure defaults.\n* `data_disk_sizes`: The sizes of the data disks to attach in GB\n* `role`: Set the `pp_role` extension request (trusted fact) to this value\n\nThe available sizes: small, medium, large; map to VM sizes Standard_B1s,\nStandard_B2s, and Standard_D2s_v3 by default. This can be overridden with the\n`node_orchestration::az_vm_sizes` Hiera plan data hash to provide reasonable\norganization defaults. Likewise, many of the plan parameters can be expressed\nas defaults in Hiera plan data.\n\n## Limitations\n\nThis is a proof-of-concept module that provides basic support for AWS and\nAzure. Not all the settings you might want to control are exposed, but the\nplans as implemented aim to demonstrate various ways those settings can be\ndefined: as parameters, in module data, and Hiera. Implementations for other\ncloud providers may look very different from these initial versions. Please\nopen an issue with features you'd like to see.\n\nSupport for Windows nodes has been tested in Azure but not EC2. In Azure,\nbootstrapping a Windows node can be triggered by passing an `image_id`\ncontaining `Win`, as all the Azure-provided Windows images have. This interface\nis subject to change based on future development and feedback.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjameslikeslinux%2Fpuppet-node_orchestration","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjameslikeslinux%2Fpuppet-node_orchestration","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjameslikeslinux%2Fpuppet-node_orchestration/lists"}