tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into puppet3

Browse source
This commit is contained in:
Ossi Salmi 2013-05-08 16:35:12 +03:00
commit 17654bb71a
7 changed files with 50 additions and 48 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
apache/manifests/init.pp
View file

@ -544,7 +544,7 @@ class apache::mod::passenger {
} }
} }
file { "/var/lib/passenger": file { [ "/var/lib/passenger", "/var/run/passenger", ]:
ensure => directory, ensure => directory,
mode => "0755", mode => "0755",
owner => "root", owner => "root",

3
ntpd/manifests/init.pp
View file

@ -3,7 +3,8 @@
# === Global variables # === Global variables
# #
# $ntp_server: # $ntp_server:
# Array of NTP servers. # Array of NTP servers using [] will disable external servers.
# Defaults to pool.ntp.org.
# #
# $ntp_client_networks: # $ntp_client_networks:
# Array of networks that are allowed to query this server in format # Array of networks that are allowed to query this server in format

1
puppet/bootstrap-server.sh
View file

@ -39,6 +39,7 @@ mkdir -p /etc/puppet/manifests/node
if [ ! -s /etc/puppet/manifests/site.pp ]; then if [ ! -s /etc/puppet/manifests/site.pp ]; then
cat > /etc/puppet/manifests/site.pp << EOF cat > /etc/puppet/manifests/site.pp << EOF
import "/srv/puppet/files/common/packages/manifests/*.pp"
import "node/*.pp" import "node/*.pp"
\$puppet_server = "${FQDN}" \$puppet_server = "${FQDN}"

70
puppet/manifests/init.pp
View file

@ -195,11 +195,9 @@ class puppet::server {
class puppet::server::common inherits puppet::client { class puppet::server::common inherits puppet::client {
if $::operatingsystem in ["CentOS","RedHat"] and $::operatingsystemrelease =~ /^[1-5]\..*/ { if $::operatingsystem in ["CentOS","RedHat"] and $::operatingsystemrelease =~ /^[1-5]\..*/ {
$seltype_readonly = "var_lib_t" $seltype = "var_lib_t"
$seltype_writable = "var_lib_t"
} else { } else {
$seltype_readonly = "puppetmaster_t" $seltype = "puppet_var_lib_t"
$seltype_writable = "puppet_var_lib_t"
} }
case $::operatingsystem { case $::operatingsystem {
@ -276,7 +274,7 @@ class puppet::server::common inherits puppet::client {
mode => "0750", mode => "0750",
owner => $user, owner => $user,
group => $group, group => $group,
seltype => $seltype_readonly, seltype => $seltype,
require => File["/srv/puppet"], require => File["/srv/puppet"],
} }
} }
@ -294,8 +292,6 @@ class puppet::server::common inherits puppet::client {
} }
} }
include ruby::rrd
if $puppet_datadir { if $puppet_datadir {
file { $puppet_datadir: file { $puppet_datadir:
ensure => directory, ensure => directory,
@ -305,27 +301,23 @@ class puppet::server::common inherits puppet::client {
"openbsd" => "wheel", "openbsd" => "wheel",
default => "root", default => "root",
}, },
seltype => $seltype_readonly, seltype => $seltype,
require => Package["puppetmaster"], require => Package["puppetmaster"],
} }
selinux::manage_fcontext { "${puppet_datadir}(/.*)?": selinux::manage_fcontext { "${puppet_datadir}(/.*)?":
type => $seltype_readonly, type => $seltype,
before => File[$puppet_datadir], before => File[$puppet_datadir],
} }
selinux::manage_fcontext { [
"${puppet_datadir}/bucket(/.*)?",
"${puppet_datadir}/reports(/.*)?",
"${puppet_datadir}/rrd(/.*)?",
]:
type => $seltype_writable,
before => File["/srv/puppet/reports"],
}
file { "/srv/puppet": file { "/srv/puppet":
ensure => link, ensure => link,
target => $puppet_datadir, target => $puppet_datadir,
seltype => $seltype_readonly, seltype => "usr_t",
require => File[$puppet_datadir], require => File[$puppet_datadir],
} }
selinux::manage_fcontext { "/srv/puppet(/.*)?":
type => "usr_t",
before => File["/srv/puppet"],
}
} else { } else {
file { "/srv/puppet": file { "/srv/puppet":
ensure => directory, ensure => directory,
@ -335,35 +327,29 @@ class puppet::server::common inherits puppet::client {
"openbsd" => "wheel", "openbsd" => "wheel",
default => "root", default => "root",
}, },
seltype => $seltype_readonly, seltype => $seltype,
require => Package["puppetmaster"], require => Package["puppetmaster"],
} }
} selinux::manage_fcontext { "/srv/puppet(/.*)?":
selinux::manage_fcontext { "/srv/puppet(/.*)?": type => $seltype,
type => $seltype_readonly, before => File["/srv/puppet"],
before => File["/srv/puppet"], }
}
selinux::manage_fcontext { [
"/srv/puppet/bucket(/.*)?",
"/srv/puppet/reports(/.*)?",
"/srv/puppet/rrd(/.*)?",
]:
type => $seltype_writable,
before => File["/srv/puppet/reports"],
} }
file { [ "/srv/puppet/bucket", file { [ "/srv/puppet/bucket",
"/srv/puppet/reports", "/srv/puppet/reports", ]:
"/srv/puppet/rrd", ]:
ensure => directory, ensure => directory,
mode => "0750", mode => "0750",
owner => $user, owner => $user,
group => $group, group => $group,
seltype => $seltype_writable, seltype => $seltype,
require => File["/srv/puppet"], require => File["/srv/puppet"],
} }
file { [ "/srv/puppet/files", file { [ "/srv/puppet/files",
"/srv/puppet/templates" ]: "/srv/puppet/files/common",
"/srv/puppet/files/common/packages",
"/srv/puppet/files/common/packages/manifests",
"/srv/puppet/templates", ]:
ensure => directory, ensure => directory,
mode => "0755", mode => "0755",
owner => "root", owner => "root",
@ -371,26 +357,26 @@ class puppet::server::common inherits puppet::client {
"openbsd" => "wheel", "openbsd" => "wheel",
default => "root", default => "root",
}, },
seltype => $seltype_readonly, seltype => $seltype,
require => File["/srv/puppet"], require => File["/srv/puppet"],
} }
file { "/srv/puppet/files/common": file { "/srv/puppet/files/common/packages/manifests/init.pp":
ensure => directory, ensure => present,
mode => "0755", mode => "0644",
owner => "root", owner => "root",
group => $::operatingsystem ? { group => $::operatingsystem ? {
"openbsd" => "wheel", "openbsd" => "wheel",
default => "root", default => "root",
}, },
seltype => $seltype_readonly, seltype => $seltype,
require => File["/srv/puppet/files"], require => File["/srv/puppet/files/common/packages/manifests"],
} }
file { "/srv/puppet/files/private": file { "/srv/puppet/files/private":
ensure => directory, ensure => directory,
mode => "0750", mode => "0750",
owner => "root", owner => "root",
group => $group, group => $group,
seltype => $seltype_readonly, seltype => $seltype,
require => File["/srv/puppet/files"], require => File["/srv/puppet/files"],
} }

1
puppet/templates/passenger-httpd.conf.erb
View file

@ -47,6 +47,7 @@ Listen 8140
PassengerGroup puppet PassengerGroup puppet
PassengerHighPerformance On PassengerHighPerformance On
PassengerMaxRequests 1000 PassengerMaxRequests 1000
PassengerTempDir /var/run/passenger
DocumentRoot /var/lib/passenger/puppet/public DocumentRoot /var/lib/passenger/puppet/public
<Directory "/var/lib/passenger/puppet"> <Directory "/var/lib/passenger/puppet">
Options None Options None

5
puppet/templates/puppetmaster.conf.erb
View file

@ -5,10 +5,7 @@
[puppetmasterd] [puppetmasterd]
<% end -%> <% end -%>
# Enable reporting on server. # Enable reporting on server.
reports = tagmail,store,rrdgraph reports = tagmail,store
rrdgraph = true
rrddir = /srv/puppet/rrd
report = true report = true
reportdir = /srv/puppet/reports reportdir = /srv/puppet/reports

16
sudo/manifests/init.pp
View file

@ -65,3 +65,19 @@ define sudo::sudoer($where="ALL", $as_whom="ALL", $what="ALL") {
} }
} }
# Disable sudo
#
# Cannot remove sudo package itself due to depencies
#
class sudo::disable {
exec { "chmod 0000 /usr/bin/sudo":
user => "root",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
onlyif => "test -u /usr/bin/sudo",
}
}