tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merged osalmi/puppet into master

Browse source
This commit is contained in:
Ossi Salmi 2013-03-07 14:41:23 +02:00
commit 08feba510c
6 changed files with 118 additions and 81 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

94
abusehelper/manifests/init.pp
View file

@ -2,6 +2,9 @@
# #
# === Global variables # === Global variables
# #
# $abusehelper_datadir
# Abusehelper home directory. Defaults to /var/lib/ah2.
#
# $abusehelper_botnets # $abusehelper_botnets
# Array of botnet paths to start at boot. # Array of botnet paths to start at boot.
# #
@ -92,8 +95,8 @@ class abusehelper {
if $abusehelper_datadir { if $abusehelper_datadir {
file { $abusehelper_datadir: file { $abusehelper_datadir:
ensure => directory, ensure => directory,
mode => "2750", mode => "2770",
owner => "root", owner => "abusehel",
group => "abusehel", group => "abusehel",
require => User["abusehel"], require => User["abusehel"],
} }
@ -106,54 +109,67 @@ class abusehelper {
} else { } else {
file { "/var/lib/ah2": file { "/var/lib/ah2":
ensure => directory, ensure => directory,
mode => "2750", mode => "2770",
owner => "root", owner => "abusehel",
group => "abusehel", group => "abusehel",
require => User["abusehel"], require => User["abusehel"],
} }
} }
if $abusehelper_botnets {
include abusehelper::init
}
}
# Install abusehelper init script.
#
class abusehelper::init {
if !$abusehelper_botnets {
fail("Must define \$abusehelper_botnets")
}
if !$abusehelper_user { if !$abusehelper_user {
$abusehelper_user = "abusehel" $abusehelper_user = "abusehel"
} }
if $abusehelper_botnets { file { "/etc/sysconfig/botnet":
file { "/etc/sysconfig/botnet": ensure => present,
ensure => present, name => $::operatingsystem ? {
name => $::operatingsystem ? { "debian" => "/etc/default/botnet",
"debian" => "/etc/default/botnet", "ubuntu" => "/etc/default/botnet",
"ubuntu" => "/etc/default/botnet", default => "/etc/sysconfig/botnet",
default => "/etc/sysconfig/botnet", },
}, mode => "0644",
mode => "0644", owner => "root",
owner => "root", group => "root",
group => "root", content => template("abusehelper/botnet.sysconfig.erb"),
content => template("abusehelper/botnet.sysconfig.erb"), before => Service["botnet"],
before => Service["botnet"], }
}
file { "/etc/init.d/botnet": file { "/etc/init.d/botnet":
ensure => present, ensure => present,
mode => "0755", mode => "0755",
owner => "root", owner => "root",
group => "root", group => "root",
source => "puppet:///modules/abusehelper/botnet.init", source => "puppet:///modules/abusehelper/botnet.init",
notify => Exec["add-service-botnet"], notify => Exec["add-service-botnet"],
} }
exec { "add-service-botnet": exec { "add-service-botnet":
path => "/bin:/usr/bin:/sbin:/usr/sbin", path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => $::operatingsystem ? { command => $::operatingsystem ? {
"debian" => "update-rc.d botnet defaults", "debian" => "update-rc.d botnet defaults",
"ubuntu" => "update-rc.d botnet defaults", "ubuntu" => "update-rc.d botnet defaults",
default => "chkconfig --add botnet", default => "chkconfig --add botnet",
}, },
refreshonly => true, refreshonly => true,
before => Service["botnet"], before => Service["botnet"],
} }
service { "botnet": service { "botnet":
enable => true, enable => true,
}
} }
} }

9
abusesa/manifests/init.pp
View file

@ -5,6 +5,9 @@
# $abusesa_datadir # $abusesa_datadir
# AbuseSA home directory. Defaults to /var/lib/abusesa. # AbuseSA home directory. Defaults to /var/lib/abusesa.
# #
# $abusesa_botnets
# Array of botnet paths to start at boot.
#
class abusesa { class abusesa {
case $::operatingsystem { case $::operatingsystem {
@ -76,4 +79,10 @@ class abusesa {
} }
python::setup::install { "/usr/local/src/abusesa": } python::setup::install { "/usr/local/src/abusesa": }
if $abusesa_botnets {
$abusehelper_botnets = $abusesa_botnets
$abusehelper_user = "abusesa"
include abusehelper::init
}
} }

72
ejabberd/manifests/init.pp
View file

@ -78,45 +78,51 @@ class ejabberd {
} }
} }
if $ejabberd_ssl_key and $ejabberd_ssl_cert { if !$ejabberd_ssl_key {
file { "${cert_prefix}/private/ejabberd.key": $ejabberd_ssl_key = "${puppet_ssldir}/private_keys/${homename}.pem"
}
if !$ejabberd_ssl_cert {
$ejabberd_ssl_cert = "${puppet_ssldir}/certs/${homename}.pem"
}
file { "${cert_prefix}/private/ejabberd.key":
ensure => present,
source => $ejabberd_ssl_key,
mode => "0600",
owner => "root",
group => "root",
notify => Exec["generate-ejabberd-pem"],
}
file { "${cert_prefix}/certs/ejabberd.crt":
ensure => present,
source => $ejabberd_ssl_cert,
mode => "0644",
owner => "root",
group => "root",
notify => Exec["generate-ejabberd-pem"],
}
if $ejabberd_ssl_chain {
file { "${cert_prefix}/certs/ejabberd.chain.crt":
ensure => present, ensure => present,
source => $ejabberd_ssl_key, source => $ejabberd_ssl_chain,
mode => "0600",
owner => "root",
group => "root",
notify => Exec["generate-ejabberd-pem"],
}
file { "${cert_prefix}/certs/ejabberd.crt":
ensure => present,
source => $ejabberd_ssl_cert,
mode => "0644", mode => "0644",
owner => "root", owner => "root",
group => "root", group => "root",
notify => Exec["generate-ejabberd-pem"], notify => Exec["generate-ejabberd-pem"],
} }
if $ejabberd_ssl_chain { $cert_files = "private/ejabberd.key certs/ejabberd.crt certs/ejabberd.chain.crt"
file { "${cert_prefix}/certs/ejabberd.chain.crt": } else {
ensure => present, $cert_files = "private/ejabberd.key certs/ejabberd.crt"
source => $ejabberd_ssl_chain, }
mode => "0644",
owner => "root", exec { "generate-ejabberd-pem":
group => "root", path => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin",
notify => Exec["generate-ejabberd-pem"], cwd => $cert_prefix,
} command => "/bin/sh -c 'umask 077 ; cat ${cert_files} > /etc/ejabberd/ejabberd.pem'",
$cert_files = "private/ejabberd.key certs/ejabberd.crt certs/ejabberd.chain.crt" refreshonly => true,
} else { before => File["/etc/ejabberd/ejabberd.pem"],
$cert_files = "private/ejabberd.key certs/ejabberd.crt" require => Package["ejabberd"],
} notify => Service["ejabberd"],
exec { "generate-ejabberd-pem":
path => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin",
cwd => $cert_prefix,
command => "/bin/sh -c 'umask 077 ; cat ${cert_files} > /etc/ejabberd/ejabberd.pem'",
refreshonly => true,
before => File["/etc/ejabberd/ejabberd.pem"],
require => Package["ejabberd"],
notify => Service["ejabberd"],
}
} }
file { "/etc/ejabberd/ejabberd.pem": file { "/etc/ejabberd/ejabberd.pem":

12
syslog/manifests/init.pp
View file

@ -331,8 +331,8 @@ class syslog::standalone inherits syslog::common::standalone {
class syslog::standalone::syslogd inherits syslog::client::syslogd { class syslog::standalone::syslogd inherits syslog::client::syslogd {
File["/etc/syslog.conf"] { File["/etc/syslog.conf"] {
content => template("syslog/syslog.conf.$operatingsystem.erb", content => template("syslog/syslog.conf.server.erb",
"syslog/syslog.conf.server.erb"), "syslog/syslog.conf.$operatingsystem.erb"),
require => [ File["/srv/log"], require => [ File["/srv/log"],
File["/var/log/all.log"], ], File["/var/log/all.log"], ],
} }
@ -346,8 +346,8 @@ class syslog::standalone::rsyslog inherits syslog::client::rsyslog {
File["/etc/rsyslog.conf"] { File["/etc/rsyslog.conf"] {
content => template("syslog/rsyslog.conf.erb", content => template("syslog/rsyslog.conf.erb",
"syslog/syslog.conf.$operatingsystem.erb", "syslog/syslog.conf.server.erb",
"syslog/syslog.conf.server.erb"), "syslog/syslog.conf.$operatingsystem.erb"),
require => [ File["/srv/log"], require => [ File["/srv/log"],
File["/var/log/all.log"], ], File["/var/log/all.log"], ],
} }
@ -375,8 +375,8 @@ class syslog::server::rsyslog inherits syslog::client::rsyslog {
File["/etc/rsyslog.conf"] { File["/etc/rsyslog.conf"] {
content => template("syslog/rsyslog.conf.erb", content => template("syslog/rsyslog.conf.erb",
"syslog/rsyslog.conf.server.erb", "syslog/rsyslog.conf.server.erb",
"syslog/syslog.conf.$operatingsystem.erb", "syslog/syslog.conf.server.erb",
"syslog/syslog.conf.server.erb"), "syslog/syslog.conf.$operatingsystem.erb"),
require => [ File["/srv/log"], require => [ File["/srv/log"],
File["/var/log/all.log"], ], File["/var/log/all.log"], ],
} }

10
syslog/templates/syslog.conf.server.erb
View file

@ -1,3 +1,9 @@
# Everything goes here
*.* /srv/log/all.log
mark.* /srv/log/all.log
*.* /srv/log/all.log <% if syslog_type == "rsyslog" -%>
mark.* /srv/log/all.log # Remote logs only go in all.log
:fromhost-ip, !isequal, "127.0.0.1" ~
<% end -%>

2
user/manifests/init.pp
View file

@ -198,7 +198,7 @@ class user::system {
uid => 813, uid => 813,
gid => 813, gid => 813,
comment => "Service AbuseHelper", comment => "Service AbuseHelper",
home => "/var/empty", home => "/var/lib/ah2",
shell => "/sbin/nologin", shell => "/sbin/nologin",
require => Group["abusehel"], require => Group["abusehel"],
} }