tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into puppet3

Browse source
This commit is contained in:
Ossi Salmi 2013-05-08 16:35:12 +03:00
commit 17654bb71a
7 changed files with 50 additions and 48 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
apache/manifests/init.pp
View file

@ -544,7 +544,7 @@ class apache::mod::passenger {
}
}
file { "/var/lib/passenger":
file { [ "/var/lib/passenger", "/var/run/passenger", ]:
ensure => directory,
mode => "0755",
owner => "root",

3
ntpd/manifests/init.pp
View file

@ -3,7 +3,8 @@
# === Global variables
#
# $ntp_server:
# Array of NTP servers.
# Array of NTP servers using [] will disable external servers.
# Defaults to pool.ntp.org.
#
# $ntp_client_networks:
# Array of networks that are allowed to query this server in format

1
puppet/bootstrap-server.sh
View file

@ -39,6 +39,7 @@ mkdir -p /etc/puppet/manifests/node
if [ ! -s /etc/puppet/manifests/site.pp ]; then
cat > /etc/puppet/manifests/site.pp << EOF
import "/srv/puppet/files/common/packages/manifests/*.pp"
import "node/*.pp"
\$puppet_server = "${FQDN}"

70
puppet/manifests/init.pp
View file

@ -195,11 +195,9 @@ class puppet::server {
class puppet::server::common inherits puppet::client {
if $::operatingsystem in ["CentOS","RedHat"] and $::operatingsystemrelease =~ /^[1-5]\..*/ {
$seltype_readonly = "var_lib_t"
$seltype_writable = "var_lib_t"
$seltype = "var_lib_t"
} else {
$seltype_readonly = "puppetmaster_t"
$seltype_writable = "puppet_var_lib_t"
$seltype = "puppet_var_lib_t"
}
case $::operatingsystem {
@ -276,7 +274,7 @@ class puppet::server::common inherits puppet::client {
mode => "0750",
owner => $user,
group => $group,
seltype => $seltype_readonly,
seltype => $seltype,
require => File["/srv/puppet"],
}
}
@ -294,8 +292,6 @@ class puppet::server::common inherits puppet::client {
}
}
include ruby::rrd
if $puppet_datadir {
file { $puppet_datadir:
ensure => directory,
@ -305,27 +301,23 @@ class puppet::server::common inherits puppet::client {
"openbsd" => "wheel",
default => "root",
},
seltype => $seltype_readonly,
seltype => $seltype,
require => Package["puppetmaster"],
}
selinux::manage_fcontext { "${puppet_datadir}(/.*)?":
type => $seltype_readonly,
type => $seltype,
before => File[$puppet_datadir],
}
selinux::manage_fcontext { [
"${puppet_datadir}/bucket(/.*)?",
"${puppet_datadir}/reports(/.*)?",
"${puppet_datadir}/rrd(/.*)?",
]:
type => $seltype_writable,
before => File["/srv/puppet/reports"],
}
file { "/srv/puppet":
ensure => link,
target => $puppet_datadir,
seltype => $seltype_readonly,
seltype => "usr_t",
require => File[$puppet_datadir],
}
selinux::manage_fcontext { "/srv/puppet(/.*)?":
type => "usr_t",
before => File["/srv/puppet"],
}
} else {
file { "/srv/puppet":
ensure => directory,
@ -335,35 +327,29 @@ class puppet::server::common inherits puppet::client {
"openbsd" => "wheel",
default => "root",
},
seltype => $seltype_readonly,
seltype => $seltype,
require => Package["puppetmaster"],
}
}
selinux::manage_fcontext { "/srv/puppet(/.*)?":
type => $seltype_readonly,
before => File["/srv/puppet"],
}
selinux::manage_fcontext { [
"/srv/puppet/bucket(/.*)?",
"/srv/puppet/reports(/.*)?",
"/srv/puppet/rrd(/.*)?",
]:
type => $seltype_writable,
before => File["/srv/puppet/reports"],
selinux::manage_fcontext { "/srv/puppet(/.*)?":
type => $seltype,
before => File["/srv/puppet"],
}
}
file { [ "/srv/puppet/bucket",
"/srv/puppet/reports",
"/srv/puppet/rrd", ]:
"/srv/puppet/reports", ]:
ensure => directory,
mode => "0750",
owner => $user,
group => $group,
seltype => $seltype_writable,
seltype => $seltype,
require => File["/srv/puppet"],
}
file { [ "/srv/puppet/files",
"/srv/puppet/templates" ]:
"/srv/puppet/files/common",
"/srv/puppet/files/common/packages",
"/srv/puppet/files/common/packages/manifests",
"/srv/puppet/templates", ]:
ensure => directory,
mode => "0755",
owner => "root",
@ -371,26 +357,26 @@ class puppet::server::common inherits puppet::client {
"openbsd" => "wheel",
default => "root",
},
seltype => $seltype_readonly,
seltype => $seltype,
require => File["/srv/puppet"],
}
file { "/srv/puppet/files/common":
ensure => directory,
mode => "0755",
file { "/srv/puppet/files/common/packages/manifests/init.pp":
ensure => present,
mode => "0644",
owner => "root",
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
seltype => $seltype_readonly,
require => File["/srv/puppet/files"],
seltype => $seltype,
require => File["/srv/puppet/files/common/packages/manifests"],
}
file { "/srv/puppet/files/private":
ensure => directory,
mode => "0750",
owner => "root",
group => $group,
seltype => $seltype_readonly,
seltype => $seltype,
require => File["/srv/puppet/files"],
}

1
puppet/templates/passenger-httpd.conf.erb
View file

@ -47,6 +47,7 @@ Listen 8140
PassengerGroup puppet
PassengerHighPerformance On
PassengerMaxRequests 1000
PassengerTempDir /var/run/passenger
DocumentRoot /var/lib/passenger/puppet/public
<Directory "/var/lib/passenger/puppet">
Options None

5
puppet/templates/puppetmaster.conf.erb
View file

@ -5,10 +5,7 @@
[puppetmasterd]
<% end -%>
# Enable reporting on server.
reports = tagmail,store,rrdgraph
rrdgraph = true
rrddir = /srv/puppet/rrd
reports = tagmail,store
report = true
reportdir = /srv/puppet/reports

16
sudo/manifests/init.pp
View file

@ -65,3 +65,19 @@ define sudo::sudoer($where="ALL", $as_whom="ALL", $what="ALL") {
}
}
# Disable sudo
#
# Cannot remove sudo package itself due to depencies
#
class sudo::disable {
exec { "chmod 0000 /usr/bin/sudo":
user => "root",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
onlyif => "test -u /usr/bin/sudo",
}
}