diff --git a/apache/templates/site.https.conf.erb b/apache/templates/site.https.conf.erb index 30e9982..14f55be 100644 --- a/apache/templates/site.https.conf.erb +++ b/apache/templates/site.https.conf.erb @@ -138,9 +138,10 @@ SSLCertificateChainFile <%= @apache_ssldir %>/certs/<%= site_fqdn %>.chain.crt # Similarly, one has to force some clients to use HTTP/1.0 to workaround # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and # "force-response-1.0" for this. -SetEnvIf User-Agent ".*MSIE.*" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 +BrowserMatch "MSIE [2-5]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + # Per-Server Logging: # The home of a custom SSL log file. Use this when you want a diff --git a/cups/manifests/init.pp b/cups/manifests/init.pp index 7cdd606..f72e8b3 100644 --- a/cups/manifests/init.pp +++ b/cups/manifests/init.pp @@ -31,6 +31,14 @@ class cups::client { creates => "/usr/bin/lpr.pre-cups", require => Package["cups"], } + file { "/etc/printcap": + ensure => present, + source => "/etc/cups/printcap", + mode => "0644", + owner => "root", + group => "wheel", + require => Exec["cups-enable"], + } } } diff --git a/dns/manifests/init.pp b/dns/manifests/init.pp index e2b6f6b..b545cc2 100644 --- a/dns/manifests/init.pp +++ b/dns/manifests/init.pp @@ -107,6 +107,16 @@ class dns::server { } } + exec { "named-checkconf": + command => $chroot ? { + "" => "/usr/sbin/named-checkconf -z", + default => "/usr/sbin/named-checkconf -z -t ${chroot}" + }, + refreshonly => true, + require => Exec["rndc-confgen"], + notify => Service["named"], + } + service { "named": name => $::operatingsystem ? { "ubuntu" => "bind9", @@ -123,7 +133,6 @@ class dns::server { "openbsd" => "/usr/sbin/named", default => undef, }, - require => Exec["rndc-confgen"], } file { "named.conf": @@ -155,7 +164,7 @@ class dns::server { user => "root", refreshonly => true, require => File["/usr/local/sbin/generate-named-conf.sh"], - notify => Service["named"], + notify => Exec["named-checkconf"], } file { "${chroot}${confdir}/named.conf.options": @@ -170,7 +179,7 @@ class dns::server { "openbsd" => undef, default => Package["bind"], }, - notify => Service["named"], + notify => Exec["named-checkconf"], } file { "${chroot}${confdir}/named.conf.local": @@ -185,7 +194,7 @@ class dns::server { "openbsd" => undef, default => Package["bind"], }, - notify => Service["named"], + notify => Exec["named-checkconf"], } } @@ -225,7 +234,7 @@ class dns::server::ldap inherits dns::server { command => "dnsdump.py --notest /var/named/master.in /var/named/master", require => File["/usr/local/sbin/dnsdump.py"], unless => "dnsdump.py --test /var/named/master.in /var/named/master", - notify => Service["named"] + notify => Exec["named-checkconf"], } } @@ -389,7 +398,7 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [], "openbsd" => undef, default => Package["bind"], }, - notify => Service["named"], + notify => Exec["named-checkconf"], } file { "${dns::server::chroot}${zonedir}/db.${zone}-dynamic": @@ -401,7 +410,7 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [], "openbsd" => undef, default => Package["bind"], }, - notify => Service["named"], + notify => Exec["named-checkconf"], } file { "${dns::server::chroot}${zonedir}/db.${zone}-dynamic.d": ensure => directory, @@ -423,6 +432,7 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [], ensure => present, source => [ "puppet:///files/dns/db.${zone}-static.${homename}", + "puppet:///files/dns/db.${zone}-static", "puppet:///modules/dns/empty", ], mode => "0640", @@ -432,7 +442,7 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [], "openbsd" => undef, default => Package["bind"], }, - notify => Service["named"], + notify => Exec["named-checkconf"], } exec { "update-db.${zone}-dynamic": @@ -585,5 +595,4 @@ class dns::nsupdate { minute => "*/5", require => File["/usr/local/sbin/nsupdate.sh"], } - } diff --git a/munin/manifests/init.pp b/munin/manifests/init.pp index 1772eb8..5c13aff 100644 --- a/munin/manifests/init.pp +++ b/munin/manifests/init.pp @@ -269,6 +269,13 @@ class munin::server { group => $apache::sslserver::group, require => Package["munin"], } + file { "/etc/logrotate.d/munin-cgi": + ensure => present, + content => template("munin/munin-cgi.logrotate.erb"), + mode => "0644", + owner => "root", + group => "root", + } file { "/var/www/html/munin/.htaccess": ensure => present, diff --git a/munin/templates/munin-cgi.logrotate.erb b/munin/templates/munin-cgi.logrotate.erb new file mode 100644 index 0000000..63df851 --- /dev/null +++ b/munin/templates/munin-cgi.logrotate.erb @@ -0,0 +1,17 @@ +/var/log/munin/munin-cgi-graph.log { + daily + missingok + rotate 7 + compress + notifempty + create 0664 munin <%= scope.lookupvar('apache::sslserver::group') %> +} + +/var/log/munin/munin-cgi-html.log { + daily + missingok + rotate 7 + compress + notifempty + create 0664 munin <%= scope.lookupvar('apache::sslserver::group') %> +} diff --git a/network/manifests/init.pp b/network/manifests/init.pp index cf71c68..f112715 100644 --- a/network/manifests/init.pp +++ b/network/manifests/init.pp @@ -572,3 +572,96 @@ class network::manager::disable { } } + +# Define IPv6 prefixes for advertisement +# +# === Sample usage +# +# network::routeradvertisement::ipv6prefix { "em1": +# prefix => "2001:db8:c0de:cafe::/64" +# } +define network::routeradvertisement::ipv6prefix($prefix = "", $description = "") { + case $::operatingsystem { + "centos","redhat": { + file { "/etc/radvd.conf.d": + ensure => directory, + } + + file { "/etc/radvd.conf.d/radvd-${name}.conf": + ensure => present, + mode => "0644", + owner => "root", + group => "root", + content => template("network/radvd.conf.erb"), + require => File["/etc/radvd.conf.d"], + notify => Exec["generate-radvd-conf"], + } + } + "openbsd": { + file { "/etc/rtadvd.conf.d": + ensure => directory, + } + + file { "/etc/rtadvd.conf.d/rtadvd-${name}.conf": + ensure => present, + mode => "0644", + owner => "root", + group => "wheel", + content => template("network/rtadvd.conf.erb"), + before => Service["rtadvd-${name}"], + notify => Service["rtadvd-${name}"], + } + + service { "rtadvd-${name}": + ensure => running, + enable => true, + start => "/usr/sbin/rtadvd -c /etc/rtadvd.conf.d/rtadvd-${name}.conf ${name}", + stop => "/usr/bin/pkill -f \"^/usr/sbin/rtadvd -c [^ ]+ ${name}\$\"", + status => "/usr/bin/pgrep -f \"^/usr/sbin/rtadvd -c [^ ]+ ${name}\$\"", + } + } + default: { + fail("Router advertisement not supported in $::operatingsystem.") + } + } +} + +# Router Advertisement daemon +# +class network::routeradvertisement { + case $::operatingsystem { + "centos","redhat": { + package { "radvd": + ensure => installed, + } + + service { "radvd": + ensure => running, + enable => true, + hasstatus => true, + require => [File["/etc/radvd.conf"], Package["radvd"]], + } + + file { "/etc/radvd.conf": + ensure => present, + mode => "0644", + owner => "root", + group => "root", + require => Exec["generate-radvd-conf"], + notify => Service["radvd"], + } + + exec { "generate-radvd-conf": + command => "/bin/cat /etc/radvd.conf.d/radvd-*.conf >/etc/radvd.conf", + path => "/bin:/usr/bin:/sbin:/usr/sbin", + refreshonly => true, + } + } + "openbsd": { + # Only network::ipv6network is needed for OpenBSD + } + default: { + fail("Router advertisement not supported in $::operatingsystem") + } + } +} diff --git a/network/templates/radvd.conf.erb b/network/templates/radvd.conf.erb new file mode 100644 index 0000000..d1dca27 --- /dev/null +++ b/network/templates/radvd.conf.erb @@ -0,0 +1,16 @@ + +# <%= description %> +interface <%= name %> +{ + AdvSendAdvert on; + MinRtrAdvInterval 3; + MaxRtrAdvInterval 10; + AdvHomeAgentFlag off; + + prefix <%= prefix %> + { + AdvOnLink on; + AdvAutonomous on; + AdvRouterAddr off; + }; +}; diff --git a/network/templates/rtadvd.conf.erb b/network/templates/rtadvd.conf.erb new file mode 100644 index 0000000..b65f119 --- /dev/null +++ b/network/templates/rtadvd.conf.erb @@ -0,0 +1,4 @@ + +# <%= description %> +<%= name %>:\ + :addr="<%= prefix.split("/").first %>":":prefixlen#<%= prefix.split("/").last %>:raflags#8: diff --git a/python/manifests/init.pp b/python/manifests/init.pp index 238d6b9..db35d90 100644 --- a/python/manifests/init.pp +++ b/python/manifests/init.pp @@ -30,12 +30,37 @@ class python { # Source directory. # $python: # Python executable name. Defaults to python. +# $source: +# Source path to package archive. # # === Sample usage # -# python::setup::install { "/usr/local/src/moin-1.8.8": } +# python::setup::install { "/usr/local/src/moin-1.8.8": +# source => "puppet:///files/packages/moin-1.8.8.tar.gz", +# } # -define python::setup::install($python="python") { +define python::setup::install($python="python", source="") { + + if $source { + $filename = basename($source) + file { "/usr/local/src/${filename}": + ensure => present, + mode => "0644", + owner => "root", + group => $operatingsystem ? { + "openbsd" => "wheel", + default => "root", + }, + source => $source, + } + util::extract::tar { $name: + ensure => latest, + strip => 1, + source => "/usr/local/src/${filename}", + require => File["/usr/local/src/${filename}"], + before => Exec["python-setup-install-${name}"], + } + } exec { "python-setup-install-${name}": path => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin",