Merge tmakinen/puppet

Conflicts:
	dns/manifests/init.pp

apache/templates/site.https.conf.erb

@@ -138,9 +138,10 @@ SSLCertificateChainFile <%= @apache_ssldir %>/certs/<%= site_fqdn %>.chain.crt
 #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
 #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
 #   "force-response-1.0" for this.
-SetEnvIf User-Agent ".*MSIE.*" \
+BrowserMatch "MSIE [2-5]" \
-         nokeepalive ssl-unclean-shutdown \
+        nokeepalive ssl-unclean-shutdown \
-         downgrade-1.0 force-response-1.0
+        downgrade-1.0 force-response-1.0
+
 
 #   Per-Server Logging:
 #   The home of a custom SSL log file. Use this when you want a

cups/manifests/init.pp

@@ -31,6 +31,14 @@ class cups::client {
                 creates => "/usr/bin/lpr.pre-cups",
                 require => Package["cups"],
             }
+            file { "/etc/printcap":
+                ensure  => present,
+                source  => "/etc/cups/printcap",
+                mode    => "0644",
+                owner   => "root",
+                group   => "wheel",
+                require => Exec["cups-enable"],
+            }
         }
     }
 

dns/manifests/init.pp

@@ -107,6 +107,16 @@ class dns::server {
         }
     }
 
+    exec { "named-checkconf":
+        command => $chroot ? {
+            ""      => "/usr/sbin/named-checkconf -z",
+            default => "/usr/sbin/named-checkconf -z -t ${chroot}"
+        },
+        refreshonly => true,
+        require     => Exec["rndc-confgen"],
+        notify      => Service["named"],
+    }
+
     service { "named":
         name    => $::operatingsystem ? {
             "ubuntu" => "bind9",
@@ -123,7 +133,6 @@ class dns::server {
             "openbsd" => "/usr/sbin/named",
             default   => undef,
         },
-        require => Exec["rndc-confgen"],
     }
 
     file { "named.conf":
@@ -155,7 +164,7 @@ class dns::server {
         user        => "root",
         refreshonly => true,
         require     => File["/usr/local/sbin/generate-named-conf.sh"],
-        notify      => Service["named"],
+        notify      => Exec["named-checkconf"],
     }
 
     file { "${chroot}${confdir}/named.conf.options":
@@ -170,7 +179,7 @@ class dns::server {
             "openbsd" => undef,
             default   => Package["bind"],
         },
-        notify  => Service["named"],
+        notify  => Exec["named-checkconf"],
     }
 
     file { "${chroot}${confdir}/named.conf.local":
@@ -185,7 +194,7 @@ class dns::server {
             "openbsd" => undef,
             default   => Package["bind"],
         },
-        notify  => Service["named"],
+        notify  => Exec["named-checkconf"],
     }
 }
 
@@ -225,7 +234,7 @@ class dns::server::ldap inherits dns::server {
         command   => "dnsdump.py --notest /var/named/master.in /var/named/master",
         require   => File["/usr/local/sbin/dnsdump.py"],
         unless    => "dnsdump.py --test /var/named/master.in /var/named/master",
-        notify    => Service["named"]
+        notify    => Exec["named-checkconf"],
     }
 }
 
@@ -389,7 +398,7 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [],
                     "openbsd" => undef,
                     default   => Package["bind"],
                 },
-                notify  => Service["named"],
+                notify  => Exec["named-checkconf"],
             }
 
             file { "${dns::server::chroot}${zonedir}/db.${zone}-dynamic":
@@ -401,7 +410,7 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [],
                     "openbsd" => undef,
                     default   => Package["bind"],
                 },
-                notify  => Service["named"],
+                notify  => Exec["named-checkconf"],
             }
             file { "${dns::server::chroot}${zonedir}/db.${zone}-dynamic.d":
                 ensure  => directory,
@@ -423,6 +432,7 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [],
                 ensure  => present,
                 source  => [
                   "puppet:///files/dns/db.${zone}-static.${homename}",
+                  "puppet:///files/dns/db.${zone}-static",
                   "puppet:///modules/dns/empty",
                 ],
                 mode    => "0640",
@@ -432,7 +442,7 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [],
                     "openbsd" => undef,
                     default   => Package["bind"],
                 },
-                notify  => Service["named"],
+                notify  => Exec["named-checkconf"],
             }
 
             exec { "update-db.${zone}-dynamic":
@@ -585,5 +595,4 @@ class dns::nsupdate {
         minute  => "*/5",
         require => File["/usr/local/sbin/nsupdate.sh"],
     }
-
 }

munin/manifests/init.pp

@@ -269,6 +269,13 @@ class munin::server {
         group   => $apache::sslserver::group,
         require => Package["munin"],
     }
+    file { "/etc/logrotate.d/munin-cgi":
+        ensure  => present,
+        content => template("munin/munin-cgi.logrotate.erb"),
+        mode    => "0644",
+        owner   => "root",
+        group   => "root",
+    }
 
     file { "/var/www/html/munin/.htaccess":
         ensure  => present,

munin/templates/munin-cgi.logrotate.erb

@@ -0,0 +1,17 @@
+/var/log/munin/munin-cgi-graph.log {
+	daily
+	missingok
+	rotate 7
+	compress
+	notifempty
+	create 0664 munin <%= scope.lookupvar('apache::sslserver::group') %>
+}
+
+/var/log/munin/munin-cgi-html.log {
+	daily
+	missingok
+	rotate 7
+	compress
+	notifempty
+	create 0664 munin <%= scope.lookupvar('apache::sslserver::group') %>
+}

network/manifests/init.pp

@@ -572,3 +572,96 @@ class network::manager::disable {
     }
 
 }
+
+# Define IPv6 prefixes for advertisement
+#
+# === Sample usage
+#
+# network::routeradvertisement::ipv6prefix { "em1":
+#     prefix => "2001:db8:c0de:cafe::/64"
+# }
+define network::routeradvertisement::ipv6prefix($prefix = "", $description = "") {
+    case $::operatingsystem {
+        "centos","redhat": {
+            file { "/etc/radvd.conf.d":
+                ensure => directory,
+            }
+
+            file { "/etc/radvd.conf.d/radvd-${name}.conf":
+                ensure  => present,
+                mode    => "0644",
+                owner   => "root",
+                group   => "root",
+                content => template("network/radvd.conf.erb"),
+                require => File["/etc/radvd.conf.d"],
+                notify  => Exec["generate-radvd-conf"],
+            }
+        }
+        "openbsd": {
+            file { "/etc/rtadvd.conf.d":
+                ensure => directory,
+            }
+
+            file { "/etc/rtadvd.conf.d/rtadvd-${name}.conf":
+                ensure  => present,
+                mode    => "0644",
+                owner   => "root",
+                group   => "wheel",
+                content => template("network/rtadvd.conf.erb"),
+                before  => Service["rtadvd-${name}"],
+                notify  => Service["rtadvd-${name}"],
+            }
+
+            service { "rtadvd-${name}":
+                ensure => running,
+                enable => true,
+                start  => "/usr/sbin/rtadvd -c /etc/rtadvd.conf.d/rtadvd-${name}.conf ${name}",
+                stop   => "/usr/bin/pkill -f \"^/usr/sbin/rtadvd -c [^ ]+ ${name}\$\"",
+                status => "/usr/bin/pgrep -f \"^/usr/sbin/rtadvd -c [^ ]+ ${name}\$\"",
+            }
+        }
+        default: {
+            fail("Router advertisement not supported in $::operatingsystem.")
+        }
+    }
+}
+
+# Router Advertisement daemon
+#
+class network::routeradvertisement {
+    case $::operatingsystem {
+        "centos","redhat": {
+            package { "radvd":
+                ensure => installed,
+            }
+
+            service { "radvd":
+                ensure    => running,
+                enable    => true,
+                hasstatus => true,
+                require   => [File["/etc/radvd.conf"], Package["radvd"]],
+            }
+
+            file { "/etc/radvd.conf":
+                ensure  => present,
+                mode    => "0644",
+                owner   => "root",
+                group   => "root",
+                require => Exec["generate-radvd-conf"],
+                notify  => Service["radvd"],
+            }
+
+            exec { "generate-radvd-conf":
+                command     => "/bin/cat /etc/radvd.conf.d/radvd-*.conf >/etc/radvd.conf",
+                path        => "/bin:/usr/bin:/sbin:/usr/sbin",
+                refreshonly => true,
+            }
+        }
+        "openbsd": {
+            # Only network::ipv6network is needed for OpenBSD
+        }
+        default: {
+            fail("Router advertisement not supported in $::operatingsystem")
+        }
+    }
+}

network/templates/radvd.conf.erb

@@ -0,0 +1,16 @@
+
+# <%= description %>
+interface <%= name %>
+{
+        AdvSendAdvert on;
+        MinRtrAdvInterval 3;
+        MaxRtrAdvInterval 10;
+        AdvHomeAgentFlag off;
+
+        prefix <%= prefix %>
+        {
+                AdvOnLink on;
+                AdvAutonomous on;
+                AdvRouterAddr off;
+        };
+};

network/templates/rtadvd.conf.erb

@@ -0,0 +1,4 @@
+
+# <%= description %>
+<%= name %>:\
+        :addr="<%= prefix.split("/").first %>":":prefixlen#<%= prefix.split("/").last %>:raflags#8:

python/manifests/init.pp

@@ -30,12 +30,37 @@ class python {
 #       Source directory.
 #   $python:
 #       Python executable name. Defaults to python.
+#   $source:
+#       Source path to package archive.
 #
 # === Sample usage
 #
-# python::setup::install { "/usr/local/src/moin-1.8.8": }
+# python::setup::install { "/usr/local/src/moin-1.8.8":
+#   source => "puppet:///files/packages/moin-1.8.8.tar.gz",
+# }
 #
-define python::setup::install($python="python") {
+define python::setup::install($python="python", source="") {
+
+    if $source {
+        $filename = basename($source)
+        file { "/usr/local/src/${filename}":
+            ensure => present,
+            mode   => "0644",
+            owner  => "root",
+            group  => $operatingsystem ? {
+                "openbsd" => "wheel",
+                default   => "root",
+            },
+            source => $source,
+        }
+        util::extract::tar { $name:
+            ensure  => latest,
+            strip   => 1,
+            source  => "/usr/local/src/${filename}",
+            require => File["/usr/local/src/${filename}"],
+            before  => Exec["python-setup-install-${name}"],
+        }
+    }
 
     exec { "python-setup-install-${name}":
         path    => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin",