Bitcoind Puppet Module

[CraigWatson]

Hi all,

Just want to share a Puppet module I've written to manage bitcoind on Ubuntu.

For those who aren't familiar with it, Puppet is a configuration and system management "Infrastructure as Code" tool that is awesome at applying and enforcing the correct "state of the world" across almost any system.

You can check out my module below:

PuppetForge: https://forge.puppetlabs.com/CraigWatson1987/bitcoind
GitHub: https://github.com/craigwatson/puppet-bitcoind

To install the module into your Puppet code:

Code:

puppet module install CraigWatson1987-bitcoind

Then, to use the module, simply add this single line of code to your Puppet manifest:

Code:

include bitcoind

You can also configure the Bitcoin daemon with a huge number of options, for example to specify an RPC user/password, disable the wallet functionality, set an allowed RPC IP address and SSL key/certificate:

Code:

class { 'bitcoind':
  disablewallet              => true,
  rpcallowip                 => ['123.456.789.100'],
  rpcuser                    => 'oliver'
  rpcpassword                => 'youvegottopickapocketortwoboys',
  rpcssl                     => true,
  rpcsslcertificatechainfile => '/path/to/certificate.pem',
  rpcsslprivatekeyfile       => '/path/to/private.key',
}

The module only runs on Ubuntu at the moment, however I would greatly welcome any contributions and pull requests for other operating systems!

Cheers

[TechnoBibble]

Sounds good. I was going to write something for webmin to do similar, seems to come with a lot of options which is a good point.

Where can we find the source code? If its managing my bitcoind I want to be sure it doesnt have any 'coin stealing' code. Especially as im putting my rpc user/pass in the config.

I'm sure it doesnt but cannot be too careful.

[CraigWatson]

Sounds good. I was going to write something for webmin to do similar, seems to come with a lot of options which is a good point.

Where can we find the source code? If its managing my bitcoind I want to be sure it doesnt have any 'coin stealing' code. Especially as im putting my rpc user/pass in the config.

I'm sure it doesnt but cannot be too careful.

Code for my module is here: https://github.com/craigwatson/puppet-bitcoind

Puppet is an open-source Ruby-based modular DSL - you can download modules to manage pretty much anything, from SSH to Apache to system users, groups and packages. My module is really aimed at those already using Puppet, but the general principle is that you can either have Puppet run 'mastered' or 'masterless':

• Mastered Puppet means that you have a "Puppet Master" which is a central server where all of your nodes check into for their configuration. Your Puppet code lives on this server, and Puppet "manifests" are compiled and sent to nodes when they check in. The client-side Puppet agent parses these manifests and applies the configuration. Communication between the node and agent is done via HTTPS.
• Masterless Puppet means that your Puppet code is checked out on all of your nodes, and the client-side agent both compiles and applies the manifests.

Both approaches mean that you have your code in some kind of source control (Git, SVN, CVS) and checked out on your server, so the security of your credentials is really dependent of the security of your source control - that said, if you're that paranoid, you can back data sources like Hiera with GPG.

[TechnoBibble]

Sounds good. I was going to write something for webmin to do similar, seems to come with a lot of options which is a good point.

Where can we find the source code? If its managing my bitcoind I want to be sure it doesnt have any 'coin stealing' code. Especially as im putting my rpc user/pass in the config.

I'm sure it doesnt but cannot be too careful.

Code for my module is here: https://github.com/craigwatson/puppet-bitcoind

Puppet is an open-source Ruby-based modular DSL - you can download modules to manage pretty much anything, from SSH to Apache to system users, groups and packages. My module is really aimed at those already using Puppet, but the general principle is that you can either have Puppet run 'mastered' or 'masterless':

• Mastered Puppet means that you have a "Puppet Master" which is a central server where all of your nodes check into for their configuration. Your Puppet code lives on this server, and Puppet "manifests" are compiled and sent to nodes when they check in. The client-side Puppet agent parses these manifests and applies the configuration. Communication between the node and agent is done via HTTPS.
• Masterless Puppet means that your Puppet code is checked out on all of your nodes, and the client-side agent both compiles and applies the manifests.

Both approaches mean that you have your code in some kind of source control (Git, SVN, CVS) and checked out on your server, so the security of your credentials is really dependent of the security of your source control - that said, if you're that paranoid, you can back data sources like Hiera with GPG.

Looks and sounds great, Im going to try it out.

Thank You