Merged osalmi/puppet into master
This commit is contained in:
Ossi Salmi
commit
08feba510c
6 changed files with 118 additions and 81 deletions
|
|
@ -2,6 +2,9 @@
|
||||||
#
|
#
|
||||||
# === Global variables
|
# === Global variables
|
||||||
#
|
#
|
||||||
|
# $abusehelper_datadir
|
||||||
|
# Abusehelper home directory. Defaults to /var/lib/ah2.
|
||||||
|
#
|
||||||
# $abusehelper_botnets
|
# $abusehelper_botnets
|
||||||
# Array of botnet paths to start at boot.
|
# Array of botnet paths to start at boot.
|
||||||
#
|
#
|
||||||
|
|
@ -92,8 +95,8 @@ class abusehelper {
|
||||||
if $abusehelper_datadir {
|
if $abusehelper_datadir {
|
||||||
file { $abusehelper_datadir:
|
file { $abusehelper_datadir:
|
||||||
ensure => directory,
|
ensure => directory,
|
||||||
mode => "2750",
|
mode => "2770",
|
||||||
owner => "root",
|
owner => "abusehel",
|
||||||
group => "abusehel",
|
group => "abusehel",
|
||||||
require => User["abusehel"],
|
require => User["abusehel"],
|
||||||
}
|
}
|
||||||
|
|
@ -106,18 +109,32 @@ class abusehelper {
|
||||||
} else {
|
} else {
|
||||||
file { "/var/lib/ah2":
|
file { "/var/lib/ah2":
|
||||||
ensure => directory,
|
ensure => directory,
|
||||||
mode => "2750",
|
mode => "2770",
|
||||||
owner => "root",
|
owner => "abusehel",
|
||||||
group => "abusehel",
|
group => "abusehel",
|
||||||
require => User["abusehel"],
|
require => User["abusehel"],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if $abusehelper_botnets {
|
||||||
|
include abusehelper::init
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# Install abusehelper init script.
|
||||||
|
#
|
||||||
|
class abusehelper::init {
|
||||||
|
|
||||||
|
if !$abusehelper_botnets {
|
||||||
|
fail("Must define \$abusehelper_botnets")
|
||||||
|
}
|
||||||
|
|
||||||
if !$abusehelper_user {
|
if !$abusehelper_user {
|
||||||
$abusehelper_user = "abusehel"
|
$abusehelper_user = "abusehel"
|
||||||
}
|
}
|
||||||
|
|
||||||
if $abusehelper_botnets {
|
|
||||||
file { "/etc/sysconfig/botnet":
|
file { "/etc/sysconfig/botnet":
|
||||||
ensure => present,
|
ensure => present,
|
||||||
name => $::operatingsystem ? {
|
name => $::operatingsystem ? {
|
||||||
|
|
@ -154,6 +171,5 @@ class abusehelper {
|
||||||
service { "botnet":
|
service { "botnet":
|
||||||
enable => true,
|
enable => true,
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,9 @@
|
||||||
# $abusesa_datadir
|
# $abusesa_datadir
|
||||||
# AbuseSA home directory. Defaults to /var/lib/abusesa.
|
# AbuseSA home directory. Defaults to /var/lib/abusesa.
|
||||||
#
|
#
|
||||||
|
# $abusesa_botnets
|
||||||
|
# Array of botnet paths to start at boot.
|
||||||
|
#
|
||||||
class abusesa {
|
class abusesa {
|
||||||
|
|
||||||
case $::operatingsystem {
|
case $::operatingsystem {
|
||||||
|
|
@ -76,4 +79,10 @@ class abusesa {
|
||||||
}
|
}
|
||||||
python::setup::install { "/usr/local/src/abusesa": }
|
python::setup::install { "/usr/local/src/abusesa": }
|
||||||
|
|
||||||
|
if $abusesa_botnets {
|
||||||
|
$abusehelper_botnets = $abusesa_botnets
|
||||||
|
$abusehelper_user = "abusesa"
|
||||||
|
include abusehelper::init
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -78,7 +78,13 @@ class ejabberd {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if $ejabberd_ssl_key and $ejabberd_ssl_cert {
|
if !$ejabberd_ssl_key {
|
||||||
|
$ejabberd_ssl_key = "${puppet_ssldir}/private_keys/${homename}.pem"
|
||||||
|
}
|
||||||
|
if !$ejabberd_ssl_cert {
|
||||||
|
$ejabberd_ssl_cert = "${puppet_ssldir}/certs/${homename}.pem"
|
||||||
|
}
|
||||||
|
|
||||||
file { "${cert_prefix}/private/ejabberd.key":
|
file { "${cert_prefix}/private/ejabberd.key":
|
||||||
ensure => present,
|
ensure => present,
|
||||||
source => $ejabberd_ssl_key,
|
source => $ejabberd_ssl_key,
|
||||||
|
|
@ -108,6 +114,7 @@ class ejabberd {
|
||||||
} else {
|
} else {
|
||||||
$cert_files = "private/ejabberd.key certs/ejabberd.crt"
|
$cert_files = "private/ejabberd.key certs/ejabberd.crt"
|
||||||
}
|
}
|
||||||
|
|
||||||
exec { "generate-ejabberd-pem":
|
exec { "generate-ejabberd-pem":
|
||||||
path => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin",
|
path => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin",
|
||||||
cwd => $cert_prefix,
|
cwd => $cert_prefix,
|
||||||
|
|
@ -117,7 +124,6 @@ class ejabberd {
|
||||||
require => Package["ejabberd"],
|
require => Package["ejabberd"],
|
||||||
notify => Service["ejabberd"],
|
notify => Service["ejabberd"],
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
file { "/etc/ejabberd/ejabberd.pem":
|
file { "/etc/ejabberd/ejabberd.pem":
|
||||||
ensure => present,
|
ensure => present,
|
||||||
|
|
|
||||||
|
|
@ -331,8 +331,8 @@ class syslog::standalone inherits syslog::common::standalone {
|
||||||
class syslog::standalone::syslogd inherits syslog::client::syslogd {
|
class syslog::standalone::syslogd inherits syslog::client::syslogd {
|
||||||
|
|
||||||
File["/etc/syslog.conf"] {
|
File["/etc/syslog.conf"] {
|
||||||
content => template("syslog/syslog.conf.$operatingsystem.erb",
|
content => template("syslog/syslog.conf.server.erb",
|
||||||
"syslog/syslog.conf.server.erb"),
|
"syslog/syslog.conf.$operatingsystem.erb"),
|
||||||
require => [ File["/srv/log"],
|
require => [ File["/srv/log"],
|
||||||
File["/var/log/all.log"], ],
|
File["/var/log/all.log"], ],
|
||||||
}
|
}
|
||||||
|
|
@ -346,8 +346,8 @@ class syslog::standalone::rsyslog inherits syslog::client::rsyslog {
|
||||||
|
|
||||||
File["/etc/rsyslog.conf"] {
|
File["/etc/rsyslog.conf"] {
|
||||||
content => template("syslog/rsyslog.conf.erb",
|
content => template("syslog/rsyslog.conf.erb",
|
||||||
"syslog/syslog.conf.$operatingsystem.erb",
|
"syslog/syslog.conf.server.erb",
|
||||||
"syslog/syslog.conf.server.erb"),
|
"syslog/syslog.conf.$operatingsystem.erb"),
|
||||||
require => [ File["/srv/log"],
|
require => [ File["/srv/log"],
|
||||||
File["/var/log/all.log"], ],
|
File["/var/log/all.log"], ],
|
||||||
}
|
}
|
||||||
|
|
@ -375,8 +375,8 @@ class syslog::server::rsyslog inherits syslog::client::rsyslog {
|
||||||
File["/etc/rsyslog.conf"] {
|
File["/etc/rsyslog.conf"] {
|
||||||
content => template("syslog/rsyslog.conf.erb",
|
content => template("syslog/rsyslog.conf.erb",
|
||||||
"syslog/rsyslog.conf.server.erb",
|
"syslog/rsyslog.conf.server.erb",
|
||||||
"syslog/syslog.conf.$operatingsystem.erb",
|
"syslog/syslog.conf.server.erb",
|
||||||
"syslog/syslog.conf.server.erb"),
|
"syslog/syslog.conf.$operatingsystem.erb"),
|
||||||
require => [ File["/srv/log"],
|
require => [ File["/srv/log"],
|
||||||
File["/var/log/all.log"], ],
|
File["/var/log/all.log"], ],
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,9 @@
|
||||||
|
# Everything goes here
|
||||||
*.* /srv/log/all.log
|
*.* /srv/log/all.log
|
||||||
mark.* /srv/log/all.log
|
mark.* /srv/log/all.log
|
||||||
|
|
||||||
|
<% if syslog_type == "rsyslog" -%>
|
||||||
|
# Remote logs only go in all.log
|
||||||
|
:fromhost-ip, !isequal, "127.0.0.1" ~
|
||||||
|
|
||||||
|
<% end -%>
|
||||||
|
|
|
||||||
|
|
@ -198,7 +198,7 @@ class user::system {
|
||||||
uid => 813,
|
uid => 813,
|
||||||
gid => 813,
|
gid => 813,
|
||||||
comment => "Service AbuseHelper",
|
comment => "Service AbuseHelper",
|
||||||
home => "/var/empty",
|
home => "/var/lib/ah2",
|
||||||
shell => "/sbin/nologin",
|
shell => "/sbin/nologin",
|
||||||
require => Group["abusehel"],
|
require => Group["abusehel"],
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue