|
TPA uses [Puppet](https://puppet.com/) to manage all servers it operates. It handles
|
|
TPA uses [Puppet](https://puppet.com/) to manage all servers it operates. It handles
|
|
most of the configuration management of the base operating system and
|
|
most of the configuration management of the base operating system and
|
|
some services. It is *not* designed to handle ad-hoc tasks, for which
|
|
some services. It is *not* designed to handle ad hoc tasks, for which
|
|
we favor the use of [howto/fabric](howto/fabric).
|
|
we favor the use of [fabric](howto/fabric).
|
|
|
|
|
|
[[_TOC_]]
|
|
[[_TOC_]]
|
|
|
|
|
|
# Tutorial
|
|
# Tutorial
|
|
|
|
|
|
This page has a lot of stuff! There's a `Reference` section that
|
|
This page is long! This first section hopes to get
|
|
explains how everything is setup, then a few `How-to guides` that show
|
|
you running with a simple task quickly.
|
|
how to do more specific things. But this first section hopes to get
|
|
|
|
you running with a simple task that you will get you to do *something*
|
|
## Adding an IP address to the global allow list
|
|
correctly quickly.
|
|
|
|
|
|
|
|
In this tutorial, we will add an IP address to the global allow list,
|
|
In this tutorial, we will add an IP address to the global allow list,
|
|
on all firewalls on all machines. This is a big deal! It will allow
|
|
on all firewalls on all machines. This is a big deal! It will allow
|
|
that IP address to access the SSH servers on all boxes and more. This
|
|
that IP address to access the SSH servers on all boxes and more. This
|
|
should be an **static** IP address on a trusted network.
|
|
should be an **static** IP address on a trusted network.
|
|
|
|
|
|
If you have never used Puppet before or if you are nervous at all
|
|
If you have never used Puppet before or are nervous at all
|
|
about making such a change, it's a good idea to have a more
|
|
about making such a change, it is a good idea to have a more
|
|
experienced sysadmin nearby to help you or to ask for help. They can
|
|
experienced sysadmin nearby to help you. They can
|
|
also confirm this tutorial is what you actually need to do.
|
|
also confirm this tutorial is what is actually needed.
|
|
|
|
|
|
1. To any change on the Puppet server, you will first need to clone
|
|
1. To any change on the Puppet server, you will first need to clone
|
|
the git repository:
|
|
the git repository:
|
... | @@ -908,5 +907,5 @@ Ansible was considered for managing [GitLab](gitlab) for a while, but |
... | @@ -908,5 +907,5 @@ Ansible was considered for managing [GitLab](gitlab) for a while, but |
|
this was eventually abandoned in favor of using Puppet and the
|
|
this was eventually abandoned in favor of using Puppet and the
|
|
"Omnibus" package.
|
|
"Omnibus" package.
|
|
|
|
|
|
For ad-hoc jobs, [fabric](fabric) is being used.
|
|
For ad hoc jobs, [fabric](fabric) is being used.
|
|
|
|
|