tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' of https://bitbucket.org/tmakinen/puppet

Browse source 
Conflicts:
	python/manifests/init.pp
This commit is contained in:
Ossi Herrala 2012-04-02 12:54:32 +00:00
commit 2e15368940
83 changed files with 1945 additions and 1562 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Makefile
View file

@ -36,6 +36,9 @@ check-all:
fi \
done
lint:
@rake lint
rdoc: $(MANIFESTS)
mkdir .$$$$ ; \
puppetdoc --mode rdoc --outputdir rdoc --modulepath . --manifestdir .$$$$ ; \

4
Rakefile Normal file
View file

@ -0,0 +1,4 @@
require 'puppet-lint/tasks/puppet-lint'
PuppetLint.configuration.send('disable_double_quoted_strings')

14
abusehelper/manifests/init.pp
View file

@ -42,7 +42,7 @@ class abusehelper {
file { "/usr/local/src/abusehelper.tar.gz":
ensure => present,
mode => 0644,
mode => "0644",
owner => "root",
group => $operatingsystem ? {
"openbsd" => "wheel",
@ -60,7 +60,7 @@ class abusehelper {
}
file { "/usr/local/src/idiokit.tar.gz":
ensure => present,
mode => 0644,
mode => "0644",
owner => "root",
group => $operatingsystem ? {
"openbsd" => "wheel",
@ -84,9 +84,9 @@ class abusehelper {
realize(User["abusehel"], Group["abusehel"])
if $abusehelper_datadir {
file { "${abusehelper_datadir}":
file { $abusehelper_datadir:
ensure => directory,
mode => 0750,
mode => "0750",
owner => "root",
group => "abusehel",
require => User["abusehel"],
@ -94,13 +94,13 @@ class abusehelper {
file { "/var/lib/ah2":
ensure => link,
target => "${abusehelper_datadir}",
require => File["${abusehelper_datadir}"],
target => $abusehelper_datadir,
require => File[$abusehelper_datadir],
}
} else {
file { "/var/lib/ah2":
ensure => directory,
mode => 0750,
mode => "0750",
owner => "root",
group => "abusehel",
require => User["abusehel"],

8
alpine/manifests/init.pp
View file

@ -9,7 +9,7 @@ class alpine {
$mail_server = "mail.${domain}"
}
if ! $mail_domain {
$mail_domain = "${domain}"
$mail_domain = $domain
}
file { "/usr/bin/pine":
@ -21,9 +21,9 @@ class alpine {
file { "/etc/pine.conf.fixed":
ensure => present,
content => template("alpine/pine.conf.fixed.erb"),
mode => 0644,
owner => root,
group => root,
mode => "0644",
owner => "root",
group => "root",
require => Package["alpine"],
}

22
amanda/manifests/init.pp
View file

@ -2,16 +2,16 @@ class amanda::common {
file { "/var/lib/amanda/.ssh":
ensure => directory,
mode => 0700,
owner => amandabackup,
group => disk,
mode => "0700",
owner => "amandabackup",
group => "disk",
}
file { "/var/lib/amanda/.ssh/authorized_keys":
ensure => present,
mode => 0600,
owner => amandabackup,
group => disk,
mode => "0600",
owner => "amandabackup",
group => "disk",
require => File["/var/lib/amanda/.ssh"],
}
@ -45,9 +45,9 @@ class amanda::client inherits amanda::common {
file { "/etc/amanda/amanda-client.conf":
ensure => present,
mode => 0644,
owner => amandabackup,
group => disk,
mode => "0644",
owner => "amandabackup",
group => "disk",
content => template("amanda/amanda-client.conf.erb"),
require => Package["amanda-enterprise-backup-client"],
}
@ -55,7 +55,7 @@ class amanda::client inherits amanda::common {
if $amanda_clientkey {
@@ssh_authorized_key { "amrecover@${homename}":
ensure => present,
key => "${amanda_clientkey}",
key => $amanda_clientkey,
type => "ssh-rsa",
user => "amandabackup",
tag => "amandaclient",
@ -75,7 +75,7 @@ class amanda::server inherits amanda::common {
if $amanda_serverkey {
@@ssh_authorized_key { "amdump@${homename}":
ensure => present,
key => "${amanda_serverkey}",
key => $amanda_serverkey,
type => "ssh-rsa",
user => "amandabackup",
tag => "amandaserver",

60
apache/manifests/debian.pp
View file

@ -14,7 +14,7 @@ class apache::debian::common {
"/etc/apache2/conf.d",
"/etc/apache2/sites-enabled", ]:
ensure => directory,
mode => 0644,
mode => "0644",
owner => root,
group => root,
require => Package["httpd"],
@ -31,7 +31,7 @@ class apache::debian::common {
file { "/etc/apache2/envvars":
ensure => present,
content => template("apache/apache2.envvars.erb"),
mode => 0644,
mode => "0644",
owner => root,
group => root,
before => File["/etc/apache2/apache2.conf"],
@ -42,7 +42,7 @@ class apache::debian::common {
file { "/etc/apache2/httpd.conf":
ensure => present,
content => template("apache/apache2.httpd.conf.erb"),
mode => 0644,
mode => "0644",
owner => root,
group => root,
before => File["/etc/apache2/apache2.conf"],
@ -53,7 +53,7 @@ class apache::debian::common {
file { "/etc/apache2/ports.conf":
ensure => present,
content => "# HTTP server disabled\n",
mode => 0644,
mode => "0644",
owner => root,
group => root,
before => File["/etc/apache2/apache2.conf"],
@ -64,7 +64,7 @@ class apache::debian::common {
file { "/etc/apache2/apache2.conf":
ensure => present,
content => template("apache/apache2.conf.erb"),
mode => 0644,
mode => "0644",
owner => root,
group => root,
notify => Service["apache2"],
@ -104,47 +104,47 @@ define apache::debian::site($aliases, $root, $redirect) {
file { "/srv/www/http/${site_fqdn}":
ensure => link,
target => $root,
before => File["${site_conf}"],
before => File[$site_conf],
}
} else {
file { "/srv/www/http/${site_fqdn}":
ensure => directory,
mode => 0755,
mode => "0755",
owner => root,
group => root,
before => File["${site_conf}"],
before => File[$site_conf],
}
}
file { "/srv/www/log/http/${site_fqdn}":
ensure => directory,
mode => 0755,
mode => "0755",
owner => root,
group => root,
before => File["${site_conf}"],
before => File[$site_conf],
}
}
}
file { "${site_conf}":
file { $site_conf:
ensure => present,
mode => 0644,
mode => "0644",
owner => root,
group => root,
notify => Service["apache2"],
}
if $redirect {
File["${site_conf}"] {
File[$site_conf] {
content => "<VirtualHost *:80>\n ServerName ${site_fqdn}\n Redirect permanent / ${redirect}\n</VirtualHost>\n",
}
} else {
File["${site_conf}"] {
File[$site_conf] {
content => template("apache/site.http.conf.erb"),
}
file { "${site_confdir}":
file { $site_confdir:
ensure => directory,
mode => 0644,
mode => "0644",
owner => root,
group => root,
purge => true,
@ -152,7 +152,7 @@ define apache::debian::site($aliases, $root, $redirect) {
recurse => true,
source => [ "puppet:///files/apache/sites/${site_fqdn}",
"puppet:///modules/custom/empty", ],
before => File["${site_conf}"],
before => File[$site_conf],
notify => Service["apache2"],
}
}
@ -168,7 +168,7 @@ class apache::debian::sslserver inherits apache::debian::common {
"/srv/www/log/https",
"/srv/www/log/https/${homename}", ]:
ensure => directory,
mode => 0644,
mode => "0644",
owner => root,
group => root,
require => Package["httpd"],
@ -196,7 +196,7 @@ define apache::debian::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain)
} else {
file { "/srv/www/https/${site_fqdn}":
ensure => directory,
mode => 0755,
mode => "0755",
owner => root,
group => root,
before => Service["apache2"],
@ -205,7 +205,7 @@ define apache::debian::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain)
file { "/srv/www/log/https/${site_fqdn}":
ensure => directory,
mode => 0755,
mode => "0755",
owner => root,
group => root,
before => Service["apache2"],
@ -221,7 +221,7 @@ define apache::debian::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain)
file { "/etc/ssl/certs/${site_fqdn}.crt":
ensure => present,
source => $real_ssl_cert,
mode => 0644,
mode => "0644",
owner => root,
group => root,
notify => Service["apache2"],
@ -236,7 +236,7 @@ define apache::debian::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain)
file { "/etc/ssl/private/${site_fqdn}.key":
ensure => present,
source => $real_ssl_key,
mode => 0600,
mode => "0600",
owner => root,
group => root,
notify => Service["apache2"],
@ -246,7 +246,7 @@ define apache::debian::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain)
file { "/etc/ssl/certs/${site_fqdn}.chain.crt":
ensure => present,
source => $ssl_chain,
mode => 0644,
mode => "0644",
owner => root,
group => root,
notify => Service["apache2"],
@ -256,10 +256,10 @@ define apache::debian::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain)
$site_conf = "/etc/apache2/sites-enabled/${site_fqdn}-ssl.conf"
$site_confdir = "/etc/apache2/sites-enabled/${site_fqdn}-ssl.d"
file { "${site_conf}":
file { $site_conf:
ensure => present,
content => template("apache/site.https.conf.erb"),
mode => 0644,
mode => "0644",
owner => root,
group => root,
notify => Service["apache2"],
@ -267,9 +267,9 @@ define apache::debian::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain)
File["/etc/ssl/private/${site_fqdn}.key"], ],
}
file { "${site_confdir}":
file { $site_confdir:
ensure => directory,
mode => 0644,
mode => "0644",
owner => root,
group => root,
purge => true,
@ -277,7 +277,7 @@ define apache::debian::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain)
recurse => true,
source => [ "puppet:///files/apache/sslsites/${site_fqdn}",
"puppet:///modules/custom/empty", ],
before => File["${site_conf}"],
before => File[$site_conf],
notify => Service["apache2"],
}
@ -288,7 +288,7 @@ define apache::debian::configfile($source, $content, $http, $https) {
file { "/etc/apache2/conf.d/${name}":
ensure => present,
mode => 0644,
mode => "0644",
owner => root,
group => root,
notify => Service["apache2"],
@ -334,7 +334,7 @@ define apache::debian::a2enmod($source="", $content="") {
if $source or $content {
file { "/etc/apache2/mods-available/${name}.conf":
mode => 0644,
mode => "0644",
owner => root,
group => root,
notify => Service["apache2"],

70
apache/manifests/init.pp
View file

@ -21,9 +21,9 @@ class apache::common {
}
if $apache_datadir {
file { "${apache_datadir}":
file { $apache_datadir:
ensure => directory,
mode => 0755,
mode => "0755",
owner => "root",
group => "root",
seltype => "httpd_sys_content_t",
@ -31,13 +31,13 @@ class apache::common {
file { "/srv/www":
ensure => link,
target => "${apache_datadir}",
require => File["${apache_datadir}"],
target => $apache_datadir,
require => File[$apache_datadir],
}
} else {
file { "/srv/www":
ensure => directory,
mode => 0755,
mode => "0755",
owner => root,
group => root,
}
@ -45,7 +45,7 @@ class apache::common {
file { "/srv/www/log":
ensure => directory,
mode => 0755,
mode => "0755",
owner => root,
group => root,
require => File["/srv/www"],
@ -55,7 +55,7 @@ class apache::common {
if $apache_datadir {
selinux::manage_fcontext { "${apache_datadir}(/.*)?":
type => "httpd_sys_content_t",
before => File["${apache_datadir}"],
before => File[$apache_datadir],
}
}
}
@ -70,11 +70,11 @@ class apache::common {
}
file { "/usr/local/sbin/www-logrotate.sh":
ensure => present,
source => "puppet:///modules/apache/www-logrotate.sh",
mode => 0755,
owner => root,
group => root,
ensure => present,
source => "puppet:///modules/apache/www-logrotate.sh",
mode => "0755",
owner => root,
group => root,
seluser => "system_u",
selrole => "object_r",
seltype => "httpd_rotatelogs_exec_t",
@ -155,14 +155,14 @@ define apache::site($aliases="", $root="", $redirect="") {
case $operatingsystem {
debian,ubuntu: {
apache::debian::site { "${name}":
apache::debian::site { $name:
aliases => $aliases,
root => $root,
redirect => $redirect,
}
}
centos,fedora: {
apache::redhat::site { "${name}":
apache::redhat::site { $name:
aliases => $aliases,
root => $root,
redirect => $redirect,
@ -175,8 +175,8 @@ define apache::site($aliases="", $root="", $redirect="") {
if !$redirect {
$site_fqdn = $name ? {
"default" => "${homename}",
default => "${name}",
"default" => $homename,
default => $name,
}
apache::webalizer::site { "http/${site_fqdn}":
site_proto => "http",
@ -268,7 +268,7 @@ define apache::sslsite($ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="",
case $operatingsystem {
debian,ubuntu: {
$apache_ssldir = "/etc/ssl"
apache::debian::sslsite { "${name}":
apache::debian::sslsite { $name:
ipaddr => $ipaddr,
root => $root,
ssl_cert => $ssl_cert,
@ -279,7 +279,7 @@ define apache::sslsite($ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="",
}
centos,fedora: {
$apache_ssldir = "/etc/pki/tls"
apache::redhat::sslsite { "${name}":
apache::redhat::sslsite { $name:
ipaddr => $ipaddr,
root => $root,
ssl_cert => $ssl_cert,
@ -294,8 +294,8 @@ define apache::sslsite($ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="",
}
$site_fqdn = $name ? {
"default" => "${homename}",
default => "${name}",
"default" => $homename,
default => $name,
}
apache::webalizer::site { "https/${site_fqdn}":
site_proto => "https",
@ -335,17 +335,17 @@ define apache::configfile($source="", $content="", $http=true, $https=true) {
case $operatingsystem {
debian,ubuntu: {
apache::debian::configfile { "${name}":
source => "${source}",
content => "${content}",
apache::debian::configfile { $name:
source => $source,
content => $content,
http => $http,
https => $https,
}
}
centos,fedora: {
apache::redhat::configfile { "${name}":
source => "${source}",
content => "${content}",
apache::redhat::configfile { $name:
source => $source,
content => $content,
http => $http,
https => $https,
}
@ -418,7 +418,7 @@ class apache::mod::fcgid {
ubuntu => "libapache2-mod-fcgid",
default => "mod_fcgid",
},
ensure => installed,
ensure => installed,
require => Package["httpd"],
}
@ -485,7 +485,7 @@ class apache::mod::perl {
ubuntu => "libapache2-mod-perl2",
default => "mod_perl",
},
ensure => installed,
ensure => installed,
require => Package["httpd"],
}
@ -518,7 +518,7 @@ class apache::mod::php {
ubuntu => "libapache2-mod-php5",
default => "php",
},
ensure => installed,
ensure => installed,
require => Package["httpd"],
}
@ -608,7 +608,7 @@ class apache::mod::python {
ubuntu => "libapache2-mod-python",
default => "mod_python",
},
ensure => installed,
ensure => installed,
require => Package["httpd"],
}
@ -697,7 +697,7 @@ class apache::webalizer {
"/srv/www/webalizer/html/https",
"/srv/www/webalizer/html", ]:
ensure => directory,
mode => 0755,
mode => "0755",
owner => $operatingsystem ? {
debian => root,
ubuntu => root,
@ -711,7 +711,7 @@ class apache::webalizer {
"/etc/webalizer/http",
"/etc/webalizer/https", ]:
ensure => directory,
mode => 0644,
mode => "0644",
owner => root,
group => root,
}
@ -741,7 +741,7 @@ class apache::webalizer {
file { "/usr/local/sbin/www-webalizer.sh":
ensure => present,
source => "puppet:///modules/apache/www-webalizer.sh",
mode => 0755,
mode => "0755",
owner => root,
group => root,
require => Package["webalizer"],
@ -770,7 +770,7 @@ define apache::webalizer::site($site_proto, $site_fqdn) {
@file { "/etc/webalizer/${name}.conf":
ensure => present,
mode => 0644,
mode => "0644",
owner => root,
group => root,
content => template("apache/webalizer.conf.erb"),
@ -781,7 +781,7 @@ define apache::webalizer::site($site_proto, $site_fqdn) {
@file { [ "/srv/www/webalizer/history/${name}",
"/srv/www/webalizer/html/${name}", ]:
ensure => directory,
mode => 0755,
mode => "0755",
owner => $operatingsystem ? {
debian => root,
ubuntu => root,

62
apache/manifests/redhat.pp
View file

@ -7,7 +7,7 @@ class apache::redhat::server {
"/srv/www/log/http",
"/srv/www/log/http/${homename}", ]:
ensure => directory,
mode => 0644,
mode => "0644",
owner => root,
group => root,
require => Package["httpd"],
@ -24,7 +24,7 @@ class apache::redhat::server {
file { "/etc/httpd/conf/httpd.conf":
ensure => present,
content => template("apache/httpd.conf.erb"),
mode => 0644,
mode => "0644",
owner => root,
group => root,
require => Package["httpd"],
@ -57,47 +57,47 @@ define apache::redhat::site($aliases, $root, $redirect) {
file { "/srv/www/http/${site_fqdn}":
ensure => link,
target => $root,
before => File["${site_conf}"],
before => File[$site_conf],
}
} else {
file { "/srv/www/http/${site_fqdn}":
ensure => directory,
mode => 0755,
mode => "0755",
owner => root,
group => root,
before => File["${site_conf}"],
before => File[$site_conf],
}
}
file { "/srv/www/log/http/${site_fqdn}":
ensure => directory,
mode => 0755,
mode => "0755",
owner => root,
group => root,
before => File["${site_conf}"],
before => File[$site_conf],
}
}
}
file { "${site_conf}":
file { $site_conf:
ensure => present,
mode => 0644,
mode => "0644",
owner => root,
group => root,
notify => Service["httpd"],
}
if $redirect {
File["${site_conf}"] {
File[$site_conf] {
content => "<VirtualHost *:80>\n ServerName ${site_fqdn}\n Redirect permanent / ${redirect}\n</VirtualHost>\n",
}
} else {
File["${site_conf}"] {
File[$site_conf] {
content => template("apache/site.http.conf.erb"),
}
file { "${site_confdir}":
file { $site_confdir:
ensure => directory,
mode => 0644,
mode => "0644",
owner => root,
group => root,
purge => true,
@ -105,7 +105,7 @@ define apache::redhat::site($aliases, $root, $redirect) {
recurse => true,
source => [ "puppet:///files/apache/sites/${site_fqdn}",
"puppet:///modules/custom/empty", ],
before => File["${site_conf}"],
before => File[$site_conf],
notify => Service["httpd"],
}
}
@ -126,7 +126,7 @@ class apache::redhat::sslserver {
"/srv/www/log/https",
"/srv/www/log/https/${homename}", ]:
ensure => directory,
mode => 0644,
mode => "0644",
owner => root,
group => root,
require => Package["httpd"],
@ -142,7 +142,7 @@ class apache::redhat::sslserver {
file { "/etc/httpd/conf/httpsd.conf":
ensure => present,
mode => 0644,
mode => "0644",
owner => root,
group => root,
content => template("apache/httpsd.conf.erb"),
@ -153,7 +153,7 @@ class apache::redhat::sslserver {
file { "/etc/init.d/httpsd":
ensure => present,
source => "puppet:///modules/apache/httpsd",
mode => 0755,
mode => "0755",
owner => root,
group => root,
}
@ -197,7 +197,7 @@ define apache::redhat::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain)
} else {
file { "/srv/www/https/${site_fqdn}":
ensure => directory,
mode => 0755,
mode => "0755",
owner => root,
group => root,
before => Service["httpsd"],
@ -206,7 +206,7 @@ define apache::redhat::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain)
file { "/srv/www/log/https/${site_fqdn}":
ensure => directory,
mode => 0755,
mode => "0755",
owner => root,
group => root,
before => Service["httpsd"],
@ -222,7 +222,7 @@ define apache::redhat::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain)
file { "/etc/pki/tls/certs/${site_fqdn}.crt":
ensure => present,
source => $real_ssl_cert,
mode => 0644,
mode => "0644",
owner => root,
group => root,
notify => Service["httpsd"],
@ -237,7 +237,7 @@ define apache::redhat::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain)
file { "/etc/pki/tls/private/${site_fqdn}.key":
ensure => present,
source => $real_ssl_key,
mode => 0600,
mode => "0600",
owner => root,
group => root,
notify => Service["httpsd"],
@ -247,7 +247,7 @@ define apache::redhat::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain)
file { "/etc/pki/tls/certs/${site_fqdn}.chain.crt":
ensure => present,
source => $ssl_chain,
mode => 0644,
mode => "0644",
owner => root,
group => root,
notify => Service["httpsd"],
@ -257,10 +257,10 @@ define apache::redhat::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain)
$site_conf = "/etc/httpd/site.https.d/${site_fqdn}.conf"
$site_confdir = "/etc/httpd/site.https.d/${site_fqdn}.d"
file { "${site_conf}":
file { $site_conf:
ensure => present,
content => template("apache/site.https.conf.erb"),
mode => 0644,
mode => "0644",
owner => root,
group => root,
notify => Service["httpsd"],
@ -268,9 +268,9 @@ define apache::redhat::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain)
File["/etc/pki/tls/private/${site_fqdn}.key"], ],
}
file { "${site_confdir}":
file { $site_confdir:
ensure => directory,
mode => 0644,
mode => "0644",
owner => root,
group => root,
purge => true,
@ -278,7 +278,7 @@ define apache::redhat::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain)
recurse => true,
source => [ "puppet:///files/apache/sslsites/${site_fqdn}",
"puppet:///modules/custom/empty", ],
before => File["${site_conf}"],
before => File[$site_conf],
notify => Service["httpsd"],
}
@ -289,11 +289,11 @@ define apache::redhat::configfile($source, $content, $http, $https) {
if defined(Service["httpd"]) {
file { "/etc/httpd/conf.http.d/${name}":
ensure => $http ? {
ensure => $http ? {
true => present,
default => absent,
},
mode => 0644,
mode => "0644",
owner => root,
group => root,
notify => Service["httpd"],
@ -322,11 +322,11 @@ define apache::redhat::configfile($source, $content, $http, $https) {
if defined(Service["httpsd"]) {
file { "/etc/httpd/conf.https.d/${name}":
ensure => $https ? {
ensure => $https ? {
true => present,
default => absent,
},
mode => 0644,
mode => "0644",
owner => root,
group => root,
notify => Service["httpsd"],

10
apcupsd/manifests/init.pp
View file

@ -4,18 +4,18 @@
class apcupsd {
package { "apcupsd":
ensure => installed,
ensure => installed,
}
service { "apcupsd":
ensure => running,
enable => true,
require => Package["apcupsd"],
ensure => running,
enable => true,
require => Package["apcupsd"],
}
file { "/etc/apcupsd/apcupsd.conf":
ensure => present,
mode => 0644,
mode => "0644",
owner => "root",
group => "root",
require => Package["apcupsd"],

73
apt/manifests/init.pp
View file

@ -2,7 +2,7 @@ class apt {
file { "/var/cache/apt/local-archives":
ensure => directory,
mode => 0755,
mode => "0755",
owner => root,
group => root,
}
@ -16,6 +16,63 @@ class apt {
}
# Install common packages for using PPA's.
#
class apt::ppa::helper {
package { "python-software-properties":
ensure => installed,
}
}
# Add PPA archive to system.
#
# === Parameters
#
# $name:
# PPA name. Needs to be in format "ppa:user/ppa-name".
#
# $ensure:
# Ensure archive is absent or present. Defaults to present.
#
# === Sample usage
#
# apt::ppa { "ppa:igraph/ppa": }
#
define apt::ppa($ensure = "present") {
tag("bootstrap")
include apt
include apt::ppa::helper
$fname = regsubst($name, "^ppa:([^\/]+)\/(.+)", "\\1-\\2-${lsbdistcodename}.list")
case $ensure {
"present": {
exec { "add-apt-repository ${name}":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
user => "root",
creates => "/etc/apt/sources.list.d/${fname}",
require => Package["python-software-properties"],
notify => Exec["apt-get-update"],
}
}
"absent": {
file { "/etc/apt/sources.list.d/${fname}":
ensure => absent,
notify => Exec["apt-get-update"],
}
}
default: {
fail("test")
}
}
}
# Configure /etc/apt/sources.list
#
# === Global variables
@ -40,7 +97,7 @@ class apt::sources {
file { "/etc/apt/sources.list":
ensure => present,
mode => 0644,
mode => "0644",
owner => root,
group => root,
content => template("apt/sources.list.erb"),
@ -68,7 +125,7 @@ class apt::cacher {
ensure => present,
source => [ "puppet:///files/apt/apt-cacher.conf",
"puppet:///modules/apt/apt-cacher.conf", ],
mode => 0644,
mode => "0644",
owner => root,
group => root,
notify => Service["apt-cacher"],
@ -121,7 +178,7 @@ class apt::mirror {
default => "/etc/apt/miror.list",
},
content => template("apt/mirror.list.erb"),
mode => 0644,
mode => "0644",
owner => root,
group => root,
require => Package["apt-mirror"],
@ -160,13 +217,13 @@ define apt::package($ensure, $source) {
default => absent,
},
source => $source,
mode => 0644,
mode => "0644",
owner => root,
group => root,
require => File["/var/cache/apt/local-archives"],
}
package { "${name}":
package { $name:
ensure => $ensure,
source => "/var/cache/apt/local-archives/${filename}",
provider => dpkg,
@ -248,7 +305,7 @@ define apt::repo($ensure, $source, $dist="", $components="main",
file { "/etc/apt/sources.list.d/${name}.list":
ensure => $ensure,
mode => 0644,
mode => "0644",
owner => root,
group => root,
content => $content,
@ -281,7 +338,7 @@ define apt::repo($ensure, $source, $dist="", $components="main",
$origin = regsubst($source, "^([^:]+://)([^/]+)/.*$", "\\2")
file { "/etc/apt/preferences.d/${name}.pref":
ensure => $ensure,
mode => 0644,
mode => "0644",
owner => root,
group => root,
content => $label ? {

2
arduino/manifests/init.pp
View file

@ -34,7 +34,7 @@ class arduino {
file { "/usr/local/src/arduino.tgz":
ensure => present,
source => "puppet:///files/packages/${arduino_package}",
mode => 0644,
mode => "0644",
owner => "root",
group => "root",
}

28
autofs/manifests/init.pp
View file

@ -2,26 +2,26 @@
class autofs {
package { "autofs":
ensure => installed,
ensure => installed,
}
service { "autofs":
ensure => running,
enable => true,
hasstatus => true,
require => Package["autofs"],
ensure => running,
enable => true,
hasstatus => true,
require => Package["autofs"],
}
file { "/etc/auto.master":
ensure => present,
source => [ "puppet:///files/autofs/auto.master.${fqdn}",
"puppet:///files/autofs/auto.master",
"puppet:///modules/autofs/auto.master", ],
mode => 0644,
owner => root,
group => root,
require => Package["autofs"],
notify => Service["autofs"],
ensure => present,
source => [ "puppet:///files/autofs/auto.master.${fqdn}",
"puppet:///files/autofs/auto.master",
"puppet:///modules/autofs/auto.master", ],
mode => "0644",
owner => "root",
group => "root",
require => Package["autofs"],
notify => Service["autofs"],
}
}

4
avahi/manifests/init.pp
View file

@ -33,7 +33,7 @@ class avahi::daemon {
force => true,
recurse => true,
source => "puppet:///modules/custom/empty",
mode => 0755,
mode => "0755",
owner => root,
group => $operatingsystem ? {
openbsd => wheel,
@ -94,7 +94,7 @@ define avahi::service($port = "AUTO", $description = "%h", $ensure = "present",
file { "/etc/avahi/services/${filename}":
ensure => $ensure,
content => template("avahi/service.erb"),
mode => 0644,
mode => "0644",
owner => root,
group => $operatingsystem ? {
openbsd => wheel,

116
backuppc/manifests/init.pp
View file

@ -17,17 +17,17 @@
define backuppc::manualclient($ensure = "present", $operatingsystem = "default") {
@@file { "/etc/BackupPC/pc/${name}.pl":
ensure => "${ensure}",
source => [ "puppet:///files/backuppc/${name}.pl",
"puppet:///files/backuppc/${operatingsystem}.pl",
"puppet:///files/backuppc/default.pl",
"puppet:///modules/backuppc/default.pl", ],
mode => 0640,
owner => root,
group => backuppc,
tag => "backuppc",
require => File["/etc/BackupPC/pc"],
notify => Exec["generate-backuppc-hosts"],
ensure => $ensure,
source => [ "puppet:///files/backuppc/${name}.pl",
"puppet:///files/backuppc/${operatingsystem}.pl",
"puppet:///files/backuppc/default.pl",
"puppet:///modules/backuppc/default.pl", ],
mode => "0640",
owner => root,
group => backuppc,
tag => "backuppc",
require => File["/etc/BackupPC/pc"],
notify => Exec["generate-backuppc-hosts"],
}
}
@ -36,9 +36,9 @@ define backuppc::manualclient($ensure = "present", $operatingsystem = "default")
#
class backuppc::client {
backuppc::manualclient { "${homename}":
ensure => present,
operatingsystem => "${operatingsystem}",
backuppc::manualclient { $homename:
ensure => present,
operatingsystem => $operatingsystem,
}
include rsync
@ -57,25 +57,25 @@ class backuppc::server {
realize(User["backuppc"], Group["backuppc"])
package { "BackupPC":
ensure => installed,
ensure => installed,
require => [ User["backuppc"],
Group["backuppc"], ],
}
if $backuppc_datadir {
file { "${backuppc_datadir}":
file { $backuppc_datadir:
ensure => directory,
mode => 0750,
mode => "0750",
owner => "backuppc",
group => "root",
require => Package["BackupPC"],
}
file { "/var/lib/BackupPC":
ensure => "${backuppc_datadir}",
ensure => $backuppc_datadir,
force => true,
backup => ".orig",
require => File["${backuppc_datadir}"],
require => File[$backuppc_datadir],
before => File["/var/lib/BackupPC/.ssh"],
}
}
@ -88,7 +88,7 @@ class backuppc::server {
file { "/usr/share/BackupPC/sbin/.htaccess":
ensure => present,
mode => 0644,
mode => "0644",
owner => "root",
group => "root",
source => [ "puppet:///files/backuppc/htaccess",
@ -98,7 +98,7 @@ class backuppc::server {
file { "/usr/share/BackupPC/sbin/BackupPC_Admin":
ensure => present,
mode => 4750,
mode => "4750",
owner => "backuppc",
group => $apache::sslserver::group,
require => Package["BackupPC"],
@ -114,7 +114,7 @@ class backuppc::server {
file { "/etc/BackupPC/apache.users":
ensure => present,
mode => 0640,
mode => "0640",
owner => "root",
group => $apache::sslserver::group,
seltype => $operatingsystem ? {
@ -128,11 +128,11 @@ class backuppc::server {
}
file { "/etc/BackupPC/config.pl":
ensure => present,
source => "puppet:///files/backuppc/config.pl",
mode => 0440,
owner => "backuppc",
group => "backuppc",
ensure => present,
source => "puppet:///files/backuppc/config.pl",
mode => "0440",
owner => "backuppc",
group => "backuppc",
seltype => $operatingsystem ? {
"centos" => $operatingsystemrelease ? {
/^5/ => "httpd_sys_script_rw_t",
@ -140,17 +140,17 @@ class backuppc::server {
},
default => "httpd_sys_rw_content_t",
},
require => Package["BackupPC"],
notify => Service["backuppc"],
require => Package["BackupPC"],
notify => Service["backuppc"],
}
file { "/etc/BackupPC/hosts.in":
ensure => present,
source => [ "puppet:///files/backuppc/hosts.in",
"puppet:///modules/backuppc/hosts.in", ],
mode => 0644,
owner => "root",
group => "backuppc",
ensure => present,
source => [ "puppet:///files/backuppc/hosts.in",
"puppet:///modules/backuppc/hosts.in", ],
mode => "0644",
owner => "root",
group => "backuppc",
seltype => $operatingsystem ? {
"centos" => $operatingsystemrelease ? {
/^5/ => "httpd_sys_script_rw_t",
@ -158,18 +158,18 @@ class backuppc::server {
},
default => "httpd_sys_rw_content_t",
},
require => Package["BackupPC"],
notify => Exec["generate-backuppc-hosts"],
require => Package["BackupPC"],
notify => Exec["generate-backuppc-hosts"],
}
file { "/etc/BackupPC/pc":
ensure => directory,
purge => true,
force => true,
recurse => true,
mode => 0640,
owner => "root",
group => "backuppc",
ensure => directory,
purge => true,
force => true,
recurse => true,
mode => "0640",
owner => "root",
group => "backuppc",
seltype => $operatingsystem ? {
"centos" => $operatingsystemrelease ? {
/^5/ => "httpd_sys_script_rw_t",
@ -177,17 +177,17 @@ class backuppc::server {
},
default => "httpd_sys_rw_content_t",
},
source => "puppet:///modules/custom/empty",
require => Package["BackupPC"],
notify => Exec["generate-backuppc-hosts"],
source => "puppet:///modules/custom/empty",
require => Package["BackupPC"],
notify => Exec["generate-backuppc-hosts"],
}
exec { "generate-backuppc-hosts":
command => "/bin/sh -c '(cat /etc/BackupPC/hosts.in ; find /etc/BackupPC/pc -name \\*.pl -exec basename {} .pl \\; | sed -e \"s/\$/ 0 adm/\") > /etc/BackupPC/hosts'",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
refreshonly => true,
require => File["/etc/BackupPC/hosts.in"],
notify => Service["backuppc"],
command => "/bin/sh -c '(cat /etc/BackupPC/hosts.in ; find /etc/BackupPC/pc -name \\*.pl -exec basename {} .pl \\; | sed -e \"s/\$/ 0 adm/\") > /etc/BackupPC/hosts'",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
refreshonly => true,
require => File["/etc/BackupPC/hosts.in"],
notify => Service["backuppc"],
}
File <<| tag == "backuppc" |>> {
@ -201,21 +201,21 @@ class backuppc::server {
}
service { "backuppc":
ensure => running,
enable => true,
require => Package["BackupPC"],
ensure => running,
enable => true,
require => Package["BackupPC"],
}
file { "/var/lib/BackupPC/.ssh":
ensure => directory,
mode => 0750,
mode => "0750",
owner => "root",
group => "backuppc",
}
file { "/var/lib/BackupPC/.ssh/id_rsa":
ensure => present,
source => "/etc/ssh/ssh_host_rsa_key",
mode => 0640,
mode => "0640",
owner => "root",
group => "backuppc",
require => File["/var/lib/BackupPC/.ssh"],
@ -224,7 +224,7 @@ class backuppc::server {
file { "/var/lib/BackupPC/.ssh/id_rsa.pub":
ensure => present,
source => "/etc/ssh/ssh_host_rsa_key.pub",
mode => 0640,
mode => "0640",
owner => "root",
group => "backuppc",
require => File["/var/lib/BackupPC/.ssh"],

39
clarified/manifests/init.pp
View file

@ -14,12 +14,19 @@ class clarified::analyzer {
file { "/usr/local/src/clarified-analyzer-linux-i686.sh":
ensure => present,
mode => 0755,
mode => "0755",
owner => root,
group => root,
source => "puppet:///files/packages/${clarified_analyzer_package}",
before => Exec["/usr/local/src/clarified-analyzer-linux-i686.sh"],
}
exec { "rm -f /usr/local/clarified-analyzer":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
onlyif => "test -h /usr/local/clarified-analyzer",
subscribe => File["/usr/local/src/clarified-analyzer-linux-i686.sh"],
before => Exec["/usr/local/src/clarified-analyzer-linux-i686.sh"],
refreshonly => true,
}
exec { "/usr/local/src/clarified-analyzer-linux-i686.sh":
creates => "/usr/local/clarified-analyzer",
}
@ -42,22 +49,22 @@ class clarified::recorder {
}
if $recorder_datadir {
file { "${recorder_datadir}":
file { $recorder_datadir:
ensure => directory,
mode => 0700,
mode => "0700",
owner => root,
group => root,
}
file { "/var/lib/recorder":
ensure => link,
target => "${recorder_datadir}",
require => File["${recorder_datadir}"],
target => $recorder_datadir,
require => File[$recorder_datadir],
}
} else {
file { "/var/lib/recorder":
ensure => directory,
mode => 0700,
mode => "0700",
owner => root,
group => root,
}
@ -67,7 +74,7 @@ class clarified::recorder {
"/etc/clarified/probe.d",
"/etc/clarified/remote.d", ]:
ensure => directory,
mode => 0644,
mode => "0644",
owner => root,
group => root,
before => Exec["/usr/local/src/clarified-recorder-linux-i686.sh"],
@ -82,12 +89,20 @@ class clarified::recorder {
file { "/usr/local/src/clarified-recorder-linux-i686.sh":
ensure => present,
mode => 0755,
mode => "0755",
owner => root,
group => root,
source => "puppet:///files/packages/${clarified_recorder_package}",
before => Exec["/usr/local/src/clarified-recorder-linux-i686.sh"],
}
exec { "rm -f /usr/local/probe":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
onlyif => "test -h /usr/local/probe",
subscribe => File["/usr/local/src/clarified-recorder-linux-i686.sh"],
before => Exec["/usr/local/src/clarified-recorder-linux-i686.sh"],
notify => Service["clarified-probe"],
refreshonly => true,
}
exec { "/usr/local/src/clarified-recorder-linux-i686.sh":
creates => "/usr/local/probe",
}
@ -103,7 +118,7 @@ class clarified::recorder {
file { "/etc/init.d/clarified-probe":
ensure => present,
mode => 0755,
mode => "0755",
owner => root,
group => root,
source => "/usr/local/probe/probe-init.sh",
@ -171,7 +186,7 @@ define clarified::probe($interface="", $snaplen="65535", $keeptime="100GB",
true => present,
false => absent,
},
mode => 0755,
mode => "0755",
owner => root,
group => root,
content => template("clarified/probe.erb"),
@ -184,7 +199,7 @@ define clarified::probe($interface="", $snaplen="65535", $keeptime="100GB",
true => present,
false => absent,
},
mode => 0755,
mode => "0755",
owner => root,
group => root,
content => template("clarified/remote.erb"),
@ -194,7 +209,7 @@ define clarified::probe($interface="", $snaplen="65535", $keeptime="100GB",
file { "/var/lib/recorder/${name}":
ensure => directory,
mode => 0700,
mode => "0700",
owner => root,
group => root,
require => File["/var/lib/recorder"],

116
cups/manifests/init.pp
View file

@ -4,23 +4,23 @@
class cups::client {
package { "cups":
ensure => installed,
ensure => installed,
}
file { "/etc/cups/client.conf":
ensure => present,
content => template("cups/client.conf.erb"),
mode => 0644,
owner => root,
group => $operatingsystem ? {
openbsd => wheel,
default => lp,
},
require => Package["cups"],
ensure => present,
content => template("cups/client.conf.erb"),
mode => "0644",
owner => root,
group => $operatingsystem ? {
openbsd => wheel,
default => lp,
},
require => Package["cups"],
}
case $operatingsystem {
openbsd: {
openbsd: {
exec { "cups-enable":
command => $operatingsystemrelease ? {
/4\.[1-8]/ => "echo y | cups-enable",
@ -30,8 +30,8 @@ class cups::client {
user => "root",
creates => "/usr/bin/lpr.pre-cups",
require => Package["cups"],
}
}
}
}
}
}
@ -41,7 +41,7 @@ class cups::client {
class cups::server inherits cups::client {
package { [ "ghostscript", "system-config-printer" ]:
ensure => installed,
ensure => installed,
}
file { "/etc/cups/cupsd.conf":
@ -49,7 +49,7 @@ class cups::server inherits cups::client {
source => [ "puppet:///files/cups/cupsd.conf.${fqdn}",
"puppet:///files/cups/cupsd.conf",
"puppet:///modules/cups/cupsd.conf", ],
mode => 0640,
mode => "0640",
owner => root,
group => lp,
require => Package["cups"],
@ -57,21 +57,21 @@ class cups::server inherits cups::client {
}
service { "cups":
ensure => running,
enable => true,
require => Package["cups"],
ensure => running,
enable => true,
require => Package["cups"],
}
file { "/etc/cups/ppd":
ensure => directory,
mode => 0755,
mode => "0755",
owner => root,
group => lp,
require => Package["cups"],
}
File["/etc/cups/client.conf"] {
content => "ServerName 127.0.0.1\n",
content => "ServerName 127.0.0.1\n",
}
}
@ -136,7 +136,7 @@ define cups::printer($uri, $ensure = present) {
ensure => $ensure,
source => [ "puppet:///files/cups/${name}.ppd",
"puppet:///modules/cups/postscript.ppd" ],
mode => 0644,
mode => "0644",
owner => root,
group => root,
require => $ensure ? {
@ -157,12 +157,12 @@ class cups::lpd {
include inetd::server
package { "cups-lpd":
ensure => installed,
ensure => installed,
}
inetd::service { "cups-lpd":
ensure => present,
require => Package["cups-lpd"],
ensure => present,
require => Package["cups-lpd"],
}
}
@ -175,26 +175,26 @@ class cups::samba {
include samba::server
file { [ "/etc/samba/drivers",
"/usr/share/cups/drivers",
"/usr/share/cups/drivers/x64", ]:
ensure => directory,
mode => 0755,
owner => root,
group => root,
require => [ Package["samba"],
Package["cups"], ],
"/usr/share/cups/drivers",
"/usr/share/cups/drivers/x64", ]:
ensure => directory,
mode => "0755",
owner => root,
group => root,
require => [ Package["samba"],
Package["cups"], ],
}
define driverfile() {
file { "/usr/share/cups/drivers/${name}":
ensure => present,
source => "puppet:///modules/cups/drivers/${name}",
mode => 0644,
owner => root,
group => root,
require => [ File["/usr/share/cups/drivers"],
File["/usr/share/cups/drivers/x64"], ],
}
file { "/usr/share/cups/drivers/${name}":
ensure => present,
source => "puppet:///modules/cups/drivers/${name}",
mode => "0644",
owner => root,
group => root,
require => [ File["/usr/share/cups/drivers"],
File["/usr/share/cups/drivers/x64"], ],
}
}
driverfile { "cups6.inf": }
@ -218,11 +218,11 @@ class cups::samba {
driverfile { "x64/pscript5.dll": }
file { "/etc/cron.hourly/update-printer-inf.sh":
ensure => present,
source => "puppet:///modules/cups/update-printer-inf.sh",
mode => 0755,
owner => root,
group => root,
ensure => present,
source => "puppet:///modules/cups/update-printer-inf.sh",
mode => "0755",
owner => root,
group => root,
}
}
@ -233,24 +233,24 @@ class cups::samba {
class cups::snmp {
package { "net-snmp-utils":
ensure => installed,
ensure => installed,
}
file { "/etc/cron.hourly/printer-details.py":
ensure => present,
source => "puppet:///modules/cups/printer-details.py",
mode => 0755,
owner => root,
group => root,
require => Package["net-snmp-utils"],
ensure => present,
source => "puppet:///modules/cups/printer-details.py",
mode => "0755",
owner => root,
group => root,
require => Package["net-snmp-utils"],
}
exec { "create-details-dir":
command => "umask 022 ; mkdir /usr/share/doc/cups-`rpm -q --queryformat='%{VERSION}' cups`/details",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
user => root,
unless => "test -d /usr/share/doc/cups-`rpm -q --queryformat='%{VERSION}' cups`/details",
require => Package["cups"],
command => "umask 022 ; mkdir /usr/share/doc/cups-`rpm -q --queryformat='%{VERSION}' cups`/details",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
user => root,
unless => "test -d /usr/share/doc/cups-`rpm -q --queryformat='%{VERSION}' cups`/details",
require => Package["cups"],
}
}

42
custom/manifests/init.pp
View file

@ -3,7 +3,7 @@ class custom {
file { "/srv":
ensure => directory,
mode => 0755,
mode => "0755",
owner => root,
group => $operatingsystem ? {
OpenBSD => wheel,
@ -50,9 +50,9 @@ define custom::file($ensure, $group="NONE", $mode="NONE", $owner="NONE", $seltyp
$test = regsubst($source, '^([^:]+)://.+$', '\1')
if "${test}" == "${source}" {
$method = "file"
$path = "${source}"
$path = $source
} else {
$method = "${test}"
$method = $test
}
case $method {
@ -75,33 +75,33 @@ define custom::file($ensure, $group="NONE", $mode="NONE", $owner="NONE", $seltyp
cwd => regsubst($name, '(.*)/[^/]+$', '\1'),
command => $fetch_cmd,
unless => $diff_cmd,
before => File["${name}"],
before => File[$name],
}
}
}
file { "${name}":
ensure => "${ensure}",
source => "${method}" ? {
"file" => "${path}",
"puppet" => "${source}",
default => undef,
file { $name:
ensure => $ensure,
source => $method ? {
"file" => $path,
"puppet" => $source,
default => undef,
},
mode => "${mode}" ? {
"NONE" => undef,
default => "${mode}",
},
owner => "${owner}" ? {
mode => $mode ? {
"NONE" => undef,
default => "${owner}",
default => $mode,
},
group => "${group}" ? {
owner => $owner ? {
"NONE" => undef,
default => "${group}",
default => $owner,
},
seltype => "${seltype}" ? {
group => $group ? {
"NONE" => undef,
default => "${seltype}",
default => $group,
},
seltype => $seltype ? {
"NONE" => undef,
default => $seltype,
},
}
@ -132,7 +132,7 @@ class custom::rootpassword {
default: {
user { "root":
ensure => present,
password => "${root_password}",
password => $root_password,
}
}
}

2
daap/manifests/init.pp
View file

@ -19,7 +19,7 @@ class daap::server {
file { "/etc/mt-daapd.conf":
ensure => present,
source => "puppet:///files/daap/mt-daapd.conf",
mode => 0640,
mode => "0640",
owner => root,
group => mt-daapd,
require => Package["mt-daapd"],

124
dhcp/manifests/init.pp
View file

@ -2,42 +2,42 @@
class dhcp::server::common {
package { "dhcp":
name => $operatingsystem ? {
name => $operatingsystem ? {
Debian => "dhcp3-server",
OpenBSD => "isc-dhcp-server",
OpenBSD => "isc-dhcp-server",
Ubuntu => "dhcp3-server",
default => "dhcp",
},
ensure => installed,
default => "dhcp",
},
ensure => installed,
}
file { "dhcpd.leases":
name => $operatingsystem ? {
name => $operatingsystem ? {
Debian => "/var/lib/dhcp3/dhcpd.leases",
OpenBSD => "/var/db/dhcpd.leases",
OpenBSD => "/var/db/dhcpd.leases",
Ubuntu => "/var/lib/dhcp3/dhcpd.leases",
default => "/var/lib/dhcpd/dhcpd.leases",
},
ensure => present,
owner => $operatingsystem ? {
default => "/var/lib/dhcpd/dhcpd.leases",
},
ensure => present,
owner => $operatingsystem ? {
debian => dhcpd,
ubuntu => dhcpd,
default => root,
},
group => $operatingsystem ? {
group => $operatingsystem ? {
Debian => dhcpd,
OpenBSD => wheel,
OpenBSD => wheel,
Ubuntu => dhcpd,
default => root,
},
require => Package["dhcp"],
before => Service["dhcpd"],
default => root,
},
require => Package["dhcp"],
before => Service["dhcpd"],
}
if $operatingsystem == "OpenBSD" and $operatingsystemrelease !~ /4\.[1-8]/ {
file { "/etc/rc.d/isc_dhcpd":
ensure => present,
mode => 0555,
mode => "0555",
owner => "root",
group => "bin",
source => "puppet:///modules/dhcp/isc_dhcpd.rc",
@ -55,8 +55,8 @@ class dhcp::server::common {
Ubuntu => "dhcp3-server",
default => "dhcpd",
},
ensure => running,
enable => true,
ensure => running,
enable => true,
binary => $operatingsystem ? {
OpenBSD => "/usr/local/sbin/dhcpd",
default => undef,
@ -65,7 +65,7 @@ class dhcp::server::common {
OpenBSD => "/usr/local/sbin/dhcpd -q",
default => undef,
},
require => Package["dhcp"],
require => Package["dhcp"],
}
}
@ -82,7 +82,7 @@ class dhcp::server inherits dhcp::server::common {
ensure => present,
source => [ "puppet:///files/dhcp/dhcpd.conf.${fqdn}",
"puppet:///files/dhcp/dhcpd.conf", ],
mode => 0644,
mode => "0644",
owner => root,
group => $operatingsystem ? {
openbsd => wheel,
@ -99,36 +99,68 @@ class dhcp::server::ldap inherits dhcp::server::common {
include ldap::client::python
file { "/usr/local/sbin/dhcpdump.py":
ensure => present,
source => "puppet:///modules/dhcp/dhcpdump.py",
mode => 0755,
owner => root,
group => $operatingsystem ? {
OpenBSD => wheel,
default => root,
},
ensure => present,
source => "puppet:///modules/dhcp/dhcpdump.py",
mode => "0755",
owner => root,
group => $operatingsystem ? {
OpenBSD => wheel,
default => root,
},
}
file { "/etc/dhcpd.conf.in":
ensure => present,
source => [ "puppet:///files/dhcp/dhcpd.conf.in.${hostname}",
"puppet:///files/dhcp/dhcpd.conf.in", ],
mode => 0644,
owner => root,
group => $operatingsystem ? {
OpenBSD => wheel,
default => root,
},
require => Package["dhcp"],
ensure => present,
source => [ "puppet:///files/dhcp/dhcpd.conf.in.${hostname}",
"puppet:///files/dhcp/dhcpd.conf.in", ],
mode => "0644",
owner => root,
group => $operatingsystem ? {
OpenBSD => wheel,
default => root,
},
require => Package["dhcp"],
}
exec { "generate-dhcp-conf":
path => "/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin",
command => "dhcpdump.py /etc/dhcpd.conf.in* > /etc/dhcpd.conf",
unless => "dhcpdump.py /etc/dhcpd.conf.in* | diff /etc/dhcpd.conf -",
require => [ File["/etc/dhcpd.conf.in"],
File["/usr/local/sbin/dhcpdump.py"], ],
notify => Service["dhcpd"],
path => "/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin",
command => "dhcpdump.py /etc/dhcpd.conf.in* > /etc/dhcpd.conf",
unless => "dhcpdump.py /etc/dhcpd.conf.in* | diff /etc/dhcpd.conf -",
require => [ File["/etc/dhcpd.conf.in"],
File["/usr/local/sbin/dhcpdump.py"], ],
notify => Service["dhcpd"],
}
}
# Configure DHCP relay
#
# === Parameters
#
# $name:
# Relay name (can be anything).
# $interface:
# IP address for interface to listen.
# $server_addr:
# Address for DHCP server to relay requests.
#
# === Sample usage
#
# dhcp::relay { "relay0": interface => "em2", server_addr => "10.20.110.11" }
#
define dhcp::relay ($interface, $server_addr) {
service { $name:
name => $name,
ensure => running,
provider => "base",
hasrestart => false,
hasstatus => false,
pattern => "/usr/sbin/dhcrelay -i ${interface} ${server_addr}",
start => $operatingsystem ? {
OpenBSD => "/usr/sbin/dhcrelay -i ${interface} ${server_addr}",
default => undef,
}
}
}

94
dns/files/dnsdump.py Executable file
View file

@ -0,0 +1,94 @@
#!/usr/bin/env python
import re
import sys
import time
import os
import glob
from subprocess import Popen, PIPE
# Example templates:
#
# --(A#(&(objectClass=ipHost)(cn=ap*.panoulu.local)(!(cn=*.*.panoulu.local)))--
# --(PTR#(&(objectClass=ipHost)(cn=ap*.panoulu.local)(ipHostNumber=10.40.*.*)(!(cn=*.*.panoulu.local)))--
# --(serial)--
def main():
if len(sys.argv) != 4:
print >>sys.stderr, 'Usage: %s --test/--notest <template_dir> <target_dir>' % sys.argv[0]
sys.exit(1)
for template in glob.glob(os.path.join(sys.argv[2], '*.in')):
infile = open(template, 'r')
input = infile.readlines()
input_string = ""
output = ""
for line in input:
input_string += line
m = re.match('([ \t]*)--(.+)--[ \t]*$', line)
if m is not None:
indent = m.group(1)
if (m.group(2) == "(serial)"):
serial = time.localtime(time.time())
output += '\t\t\t%s\t; serial\n' % (time.strftime("%Y%m%d%H"))
else:
for entry in ldapsearch(m.group(2)):
output += '%s%s\n' % (indent, entry)
else:
output += line
if sys.argv[1] == "--test":
o = open(os.path.join(sys.argv[3], os.path.basename(template[:-3])), 'r')
str = ""
for line in o.readlines():
str += line
o.close()
for a, b in zip(str.splitlines(), output.splitlines()):
if a != b:
if not "serial" in a:
print a,b
sys.exit(1)
else:
outfile = open(os.path.join(sys.argv[3], os.path.basename(template[:-3])), 'w')
outfile.write(output)
outfile.close()
infile.close()
def ldapsearch(f):
filter_list = f.split("#")
type = filter_list[0][1:]
filter = filter_list[1]
p = Popen(['ldapsearch', '-x', '-z', '0', '-LLL', filter, 'cn', 'macAddress', 'ipHostNumber'],
bufsize=1024, stdout=PIPE, close_fds=True)
ret = []
cur = {}
for l in p.stdout.readlines():
l = l.strip()
if l == '':
try:
if (type == "A"):
ret.append('%s.\tA\t%s' % (
cur["cn"], cur["ipHostNumber"]))
elif type == "PTR":
ip_list = cur["ipHostNumber"].split(".")
ret.append('%s.%s.%s.%s.in-addr.arpa.\tPTR\t%s.' % (
ip_list[-1], ip_list[-2], ip_list[-3], ip_list[-4], cur["cn"]))
else:
raise "missing record type"
except KeyError:
print >>sys.stderr, "skipping: %s" % repr(cur)
cur = {}
continue
l = l.split()
if l[0] in ('cn:', 'macAddress:', 'ipHostNumber:'):
cur[l[0][0:-1]] = l[1]
return ret
if __name__ == '__main__':
try:
main()
except KeyboardInterrupt:
sys.exit()

2
dns/files/named.conf.local Normal file
View file

@ -0,0 +1,2 @@
acl trusted { localhost; localnets; };
acl nameservers { localhost; };

9
dns/files/named.conf.options Normal file
View file

@ -0,0 +1,9 @@
options {
listen-on { any; };
listen-on-v6 { none; };
allow-query { any; };
allow-recursion { trusted; };
allow-transfer { nameservers; };
};

210
dns/manifests/init.pp
View file

@ -6,37 +6,52 @@ class dns::server {
package { "bind":
name => $operatingsystem ? {
"ubuntu" => "bind9",
"centos" => $operatingsystemrelease ? {
/^5\..*/ => [ "bind-chroot", "caching-nameserver", ],
default => "bind-chroot",
},
default => "bind-chroot",
}
}
}
# first set per os paths
case $operatingsystem {
"fedora": {
$chroot = ""
$confdir = "/etc/named"
}
"centos": {
case $operatingsystemrelease {
/^5\..*/: {
$chroot = "/var/named/chroot"
$confdir = "/etc"
}
default: {
$chroot = ""
$confdir = "/etc/named"
}
}
}
"ubuntu": {
$chroot = ""
$confdir = "/etc/bind"
$config = "${confdir}/named.conf"
$rndckey = "${confdir}/rndc.key"
}
default: {
"openbsd": {
$chroot = "/var/named"
$confdir = "/etc"
}
}
# if some var is not set use default value
if !$confdir {
$confdir = "/etc"
}
if !$config {
$config = "/etc/named.conf"
}
if !$rndckey {
$rndckey = "/etc/rndc.key"
}
if !$chroot {
$chroot = ""
}
case $operatingsystem {
"ubuntu": {
@ -47,9 +62,9 @@ class dns::server {
}
}
file { "${chroot}${confdir}/rndc.key":
file { "${chroot}${rndckey}":
ensure => present,
mode => 0640,
mode => "0640",
owner => "root",
group => $group,
require => $operatingsystem ? {
@ -63,12 +78,13 @@ class dns::server {
default => "rndc-confgen -r /dev/urandom -a -t ${chroot}",
},
path => "/bin:/usr/bin:/sbin:/usr/sbin",
unless => "test -s ${chroot}${confdir}/rndc.key",
require => File["${chroot}${confdir}/rndc.key"],
unless => "test -s ${chroot}${rndckey}",
require => File["${chroot}${rndckey}"],
}
if "${chroot}" != "" {
file { "/etc/rndc.key":
ensure => "${chroot}${confdir}/rndc.key",
ensure => link,
target => "${chroot}${rndckey}",
owner => "root",
group => $group,
require => Exec["rndc-confgen"],
@ -94,54 +110,108 @@ class dns::server {
require => Exec["rndc-confgen"],
}
case $operatingsystem {
"ubuntu": {
$ipaddr = $dns_listener_ipaddr
file { "${chroot}${confdir}/named.conf.local":
ensure => present,
content => template("dns/named.conf.local.erb"),
mode => 0640,
owner => "root",
group => $group,
require => Package["bind"],
notify => Service["named"],
}
file { "${chroot}${confdir}/named.conf.options":
ensure => present,
content => template("dns/named.conf.options.erb"),
mode => 0640,
owner => "root",
group => $group,
require => Package["bind"],
notify => Service["named"],
}
}
default: {
file { "named.conf":
path => $operatingsystem ? {
"centos" => $operatingsystemrelease ? {
/^5\..*/ => "${chroot}${confdir}/named.conf",
default => "/etc/named.conf",
},
"fedora" => "/etc/named.conf",
default => "${chroot}${confdir}/named.conf",
},
ensure => present,
source => [ "puppet:///files/dns/named.conf.${fqdn}",
"puppet:///files/dns/named.conf", ],
mode => 0640,
owner => "root",
group => $group,
require => $operatingsystem ? {
openbsd => undef,
default => Package["bind"],
},
notify => Service["named"],
}
}
file { "named.conf":
ensure => present,
path => "${chroot}${config}",
mode => "0640",
owner => "root",
group => $group,
require => $operatingsystem ? {
"openbsd" => undef,
default => Package["bind"],
},
notify => Exec["generate-named-conf"],
}
file { "/usr/local/sbin/generate-named-conf.sh":
ensure => present,
content => template("dns/generate-named-conf.sh.erb"),
mode => "0755",
owner => "root",
group => $operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
notify => Exec["generate-named-conf"],
}
exec { "generate-named-conf":
command => "/usr/local/sbin/generate-named-conf.sh > ${chroot}${config}",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
user => "root",
refreshonly => true,
require => File["/usr/local/sbin/generate-named-conf.sh"],
notify => Service["named"],
}
file { "${chroot}${confdir}/named.conf.options":
ensure => present,
source => [ "puppet:///files/dns/named.conf.options.${fqdn}",
"puppet:///files/dns/named.conf.options",
"puppet:///modules/dns/named.conf.options", ],
mode => "0640",
owner => "root",
group => $group,
require => $operatingsystem ? {
"openbsd" => undef,
default => Package["bind"],
},
notify => Service["named"],
}
file { "${chroot}${confdir}/named.conf.local":
ensure => present,
source => [ "puppet:///files/dns/named.conf.local.${fqdn}",
"puppet:///files/dns/named.conf.local",
"puppet:///modules/dns/named.conf.local", ],
mode => "0640",
owner => "root",
group => $group,
require => $operatingsystem ? {
"openbsd" => undef,
default => Package["bind"],
},
notify => Service["named"],
}
}
# Generate named config from LDAP
#
# Usage:
#
# Put templates you want to generate to master.in directory.
# See dnsdump.py for example template tags.
class dns::server::ldap inherits dns::server {
include ldap::client::python
file { "/usr/local/sbin/dnsdump.py":
ensure => present,
source => "puppet:///modules/dns/dnsdump.py",
mode => 0755,
owner => root,
group => $operatingsystem ? {
OpenBSD => wheel,
default => root,
},
}
file { "/var/named/master.in":
ensure => directory,
source => "puppet:///files/dns/master.in",
recurse => true,
mode => 0755,
owner => root,
purge => true,
}
exec { "generate-dns-conf":
path => "/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin",
command => "dnsdump.py --notest /var/named/master.in /var/named/master",
require => File["/usr/local/sbin/dnsdump.py"],
unless => "dnsdump.py --test /var/named/master.in /var/named/master",
notify => Service["named"]
}
}
# Configure DNS zone.
#
@ -152,13 +222,16 @@ class dns::server {
# $role:
# The role {master, slave} of this host.
# $master:
# IP address and FQDN or hostname of the DNS master for this zone.
# IP address of DNS master for this zone if role is slave.
# IP address and FQDN of DNS master for this zone if running as
# master and using autogenerated zone.
# $slaves:
# IP addresess and host names of the DNS slaves for this zone.
# Required only when using autogenrated zones.
# $source:
# Source file to use for zone. Defaults to auto.
#
define dns::zone($role = "master", $master = [], $slaves = [], $source = "AUTO") {
define dns::zone($role = "master", $master = "", $slaves = [], $source = "AUTO") {
$zone = $name
case $role {
@ -176,6 +249,9 @@ define dns::zone($role = "master", $master = [], $slaves = [], $source = "AUTO")
}
}
"slave": {
if $master == "" {
fail("No master defined for dns::zone '${name}'")
}
case $operatingsystem {
"openbsd": {
$zonedir = "/slave"
@ -197,35 +273,35 @@ define dns::zone($role = "master", $master = [], $slaves = [], $source = "AUTO")
file { "${dns::server::chroot}${dns::server::confdir}/zone.${zonefile}":
ensure => present,
content => template("dns/zone.$role.erb"),
mode => 0640,
mode => "0640",
owner => "root",
group => $dns::server::group,
require => $operatingsystem ? {
"openbsd" => undef,
default => Package["bind"],
},
notify => Service["named"],
notify => Exec["generate-named-conf"],
}
if $role == "master" {
if $role == "master" and $zone != "." {
if $source != "AUTO" {
file { "${dns::server::chroot}${zonedir}/db.${zonefile}":
ensure => present,
source => $source,
mode => 0640,
mode => "0640",
owner => "root",
group => $dns::server::group,
require => $operatingsystem ? {
"openbsd" => undef,
default => Package["bind"],
},
notify => Service["named"],
notify => Exec["generate-named-conf"],
}
} else {
file { "${dns::server::chroot}${zonedir}/db.${zonefile}":
ensure => present,
content => template("dns/db.erb"),
mode => 0640,
mode => "0640",
owner => "root",
group => $dns::server::group,
require => $operatingsystem ? {
@ -238,7 +314,7 @@ define dns::zone($role = "master", $master = [], $slaves = [], $source = "AUTO")
ensure => present,
source => [ "puppet:///files/dns/db.${zonefile}-dynamic.${homename}",
"puppet:///modules/dns/empty", ],
mode => 0640,
mode => "0640",
owner => "root",
group => $dns::server::group,
require => $operatingsystem ? {
@ -251,7 +327,7 @@ define dns::zone($role = "master", $master = [], $slaves = [], $source = "AUTO")
ensure => present,
source => [ "puppet:///files/dns/db.${zonefile}-static.${homename}",
"puppet:///modules/dns/empty", ],
mode => 0640,
mode => "0640",
owner => "root",
group => $dns::server::group,
require => $operatingsystem ? {
@ -291,7 +367,7 @@ class dns::nsupdate {
file { "/usr/local/sbin/nsupdate.sh":
ensure => present,
content => template("dns/nsupdate.sh.erb"),
mode => 0700,
mode => "0700",
owner => root,
group => $operatingsystem ? {
openbsd => wheel,

58
dns/templates/generate-named-conf.sh.erb Normal file
View file

@ -0,0 +1,58 @@
#!/bin/sh
chroot="<%= chroot %>"
confdir="<%= confdir %>"
operatingsystem="<%= operatingsystem %>"
cat <<EOF
include "${confdir}/named.conf.local";
include "${confdir}/named.conf.options";
view default {
match-clients { any; };
EOF
for name in ${chroot}${confdir}/zone.* ; do
echo " include \"${confdir}/`basename ${name}`\";"
done
case $operatingsystem in
OpenBSD)
cat <<EOF
zone "." {
type hint;
file "/etc/root.hint";
};
zone "localhost" {
type master;
file "/standard/localhost";
};
zone "127.in-addr.arpa" {
type master;
file "/standard/loopback";
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
type master;
file "/standard/loopback6.arpa";
};
EOF
;;
Ubuntu)
echo " include \"${confdir}/named.conf.default-zones\";"
;;
*)
cat <<EOF
zone "." {
type hint;
file "/var/named/named.ca";
};
EOF
cat ${chroot}/etc/named.rfc1912.zones | \
sed -e 's%file "%file "/var/named/%' -e 's/^/ /'
;;
esac
echo "};"
echo ""

32
dns/templates/named.conf.local.erb
View file

@ -1,32 +0,0 @@
//
// Do any local configuration here
//
acl "xfer" {
none; // Allow no transfers. If we have other
// name servers, place them here.
};
acl "trusted" {
// Place our internal and DMZ subnets in here so that
// intranet and DMZ clients may send DNS queries. This
// also prevents outside hosts from using our name server
// as a resolver for other domains.
<% dns_client_networks.each do |network| -%>
<%= network %>;
<% end -%>
localhost;
};
<% dns_zones.each do |zone| -%>
<% if zone.match(/\//) %>
include "/etc/bind/zone.<%= zone.sub(/\//, '-') %>";
<% else %>
include "/etc/bind/zone.<%= zone %>";
<% end -%>
<% end -%>
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

30
dns/templates/named.conf.options.erb
View file

@ -1,30 +0,0 @@
options {
listen-on { any; };
listen-on-v6 { none; };
allow-transfer { xfer; };
allow-recursion {
trusted;
};
# recursion yes;
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.
// query-source address * port 53;
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
auth-nxdomain no; # conform to RFC1035
version ""; // remove this to allow version queries
};

18
dns/templates/zone.master.erb
View file

@ -1,14 +1,20 @@
zone "<%= zone %>" {
type master;
<% if zone.match(/\//) %>
<% if zone.match(/\//) -%>
file "<%= zonedir %>/db.<%= zone.sub(/\//, '-') %>";
<% else %>
<% else -%>
file "<%= zonedir %>/db.<%= zone %>";
<% end -%>
<% end -%>
allow-transfer {
<% slaves.each_pair do |k, v| -%>
<% if slaves != [] -%>
<% slaves.each_pair do |k, v| -%>
<%= v['ip'] %>;
<% end -%>
<% end -%>
<% else -%>
nameservers;
<% end -%>
};
allow-update {
none;
};
allow-update { none; };
};

10
dns/templates/zone.slave.erb
View file

@ -1,12 +1,10 @@
zone "<%= zone %>" {
type slave;
<% if zone.match(/\//) %>
<% if zone.match(/\//) %>
file "<%= zonedir %>/db.<%= zone.sub(/\//, '-') %>";
<% else %>
<% else -%>
file "<%= zonedir %>/db.<%= zone %>";
<% end -%>
<% master.each_pair do |k, v| -%>
masters { <%= v['ip'] %>; };
<% end -%>
<% end -%>
masters { <%= master %>; };
allow-transfer { none; };
};

32
dovecot/manifests/init.pp
View file

@ -46,9 +46,9 @@ class dovecot::server inherits dovecot::common {
file { "$dovecot_ssl_dir/private/dovecot.csr":
ensure => present,
source => $dovecot_ssl_csr,
mode => 0640,
owner => root,
group => root,
mode => "0640",
owner => "root",
group => "root",
notify => Service["dovecot"],
}
}
@ -57,9 +57,9 @@ class dovecot::server inherits dovecot::common {
file { "$dovecot_ssl_dir/certs/dovecot.ca.crt":
ensure => present,
source => $dovecot_ssl_ca,
mode => 0644,
owner => root,
group => root,
mode => "0644",
owner => "root",
group => "root",
notify => Service["dovecot"],
}
}
@ -68,9 +68,9 @@ class dovecot::server inherits dovecot::common {
file { "$dovecot_ssl_dir/certs/dovecot.crt":
ensure => present,
source => $dovecot_ssl_cert,
mode => 0644,
owner => root,
group => root,
mode => "0644",
owner => "root",
group => "root",
notify => Service["dovecot"],
}
} else {
@ -81,9 +81,9 @@ class dovecot::server inherits dovecot::common {
file { "$dovecot_ssl_dir/private/dovecot.key":
ensure => present,
source => $dovecot_ssl_key,
mode => 0600,
owner => root,
group => root,
mode => "0600",
owner => "root",
group => "root",
notify => Service["dovecot"],
}
} else {
@ -93,10 +93,10 @@ class dovecot::server inherits dovecot::common {
file { "/etc/dovecot.conf":
ensure => present,
content => template("dovecot/dovecot.conf.erb"),
mode => 0644,
owner => root,
group => root,
notify => Service["dovecot"],
mode => "0644",
owner => "root",
group => "root",
notify => Service["dovecot"],
}
}

46
ejabberd/manifests/init.pp
View file

@ -26,7 +26,7 @@ class ejabberd {
realize(User["ejabberd"], Group["ejabberd"])
if !$ejabberd_hosts {
$ejabberd_hosts = [ "${homename}" ]
$ejabberd_hosts = [ $homename ]
}
if !$ejabberd_admin {
$ejabberd_admin = []
@ -55,26 +55,26 @@ class ejabberd {
file { "${cert_prefix}/private/ejabberd.key":
ensure => present,
source => $ejabberd_ssl_key,
mode => 0600,
owner => root,
group => root,
mode => "0600",
owner => "root",
group => "root",
notify => Exec["generate-ejabberd-pem"],
}
file { "${cert_prefix}/certs/ejabberd.crt":
ensure => present,
source => $ejabberd_ssl_cert,
mode => 0644,
owner => root,
group => root,
mode => "0644",
owner => "root",
group => "root",
notify => Exec["generate-ejabberd-pem"],
}
if $ejabberd_ssl_chain {
file { "${cert_prefix}/certs/ejabberd.chain.crt":
ensure => present,
source => $ejabberd_ssl_chain,
mode => 0644,
owner => root,
group => root,
mode => "0644",
owner => "root",
group => "root",
notify => Exec["generate-ejabberd-pem"],
}
$cert_files = "private/ejabberd.key certs/ejabberd.crt certs/ejabberd.chain.crt"
@ -94,7 +94,7 @@ class ejabberd {
file { "/etc/ejabberd/ejabberd.pem":
ensure => present,
mode => 0640,
mode => "0640",
owner => "root",
group => "ejabberd",
require => Package["ejabberd"],
@ -102,7 +102,7 @@ class ejabberd {
file { "/etc/ejabberd/ejabberd.cfg":
ensure => present,
mode => 0640,
mode => "0640",
owner => "root",
group => "ejabberd",
content => template("ejabberd/ejabberd.cfg.erb"),
@ -121,14 +121,14 @@ class ejabberd {
if $ejabberd_webhosts {
file { "/var/www/jabber":
ensure => directory,
mode => 0755,
mode => "0755",
owner => "root",
group => "root",
}
file { "/var/www/jabber/.htaccess":
ensure => present,
mode => 0644,
mode => "0644",
owner => "root",
group => "root",
source => "puppet:///modules/ejabberd/htaccess",
@ -181,7 +181,7 @@ class ejabberd::collab inherits ejabberd {
}
file { "/usr/local/src/${ejabberd_package}":
ensure => present,
mode => 0644,
mode => "0644",
owner => "root",
group => "root",
source => "puppet:///files/packages/${ejabberd_package}",
@ -213,19 +213,19 @@ class ejabberd::backup {
$ejabberd_backup_datadir = "/srv/ejabberd-backup"
}
file { "${ejabberd_backup_datadir}":
file { $ejabberd_backup_datadir:
ensure => directory,
mode => 0700,
owner => root,
group => root,
mode => "0700",
owner => "root",
group => "root",
}
file { "/usr/local/sbin/ejabberd-backup":
ensure => present,
content => template("ejabberd/ejabberd-backup.erb"),
mode => 0755,
owner => root,
group => root,
mode => "0755",
owner => "root",
group => "root",
}
cron { "ejabberd-backup":
@ -234,7 +234,7 @@ class ejabberd::backup {
user => "root",
minute => 15,
hour => 21,
require => File[ "${ejabberd_backup_datadir}",
require => File[ $ejabberd_backup_datadir,
"/usr/local/sbin/ejabberd-backup" ],
}

18
firewall/manifests/init.pp
View file

@ -91,9 +91,9 @@ class firewall::common::iptables {
default => "/etc/sysconfig/iptables",
},
ensure => present,
mode => 0600,
owner => root,
group => root,
mode => "0600",
owner => "root",
group => "root",
require => Package["iptables"],
notify => Service["iptables"],
}
@ -103,9 +103,9 @@ class firewall::common::iptables {
$ip6states = versioncmp($kernelversion, "2.6.20")
file { "/etc/sysconfig/ip6tables":
ensure => present,
mode => 0600,
owner => root,
group => root,
mode => "0600",
owner => "root",
group => "root",
require => Package["iptables"],
notify => Service["ip6tables"],
}
@ -177,9 +177,9 @@ class firewall::common::pf {
file { "/etc/pf.conf":
ensure => present,
mode => 0600,
owner => root,
group => wheel,
mode => "0600",
owner => "root",
group => "wheel",
notify => Exec["pfctl -f /etc/pf.conf"],
}

48
func/manifests/init.pp
View file

@ -9,9 +9,9 @@ class func::minion {
ensure => present,
source => [ "puppet:///files/func/minion.conf",
"puppet:///modules/func/minion.conf", ],
mode => 0644,
owner => root,
group => root,
mode => "0644",
owner => "root",
group => "root",
require => Package["func"],
notify => Service["funcd"],
}
@ -19,27 +19,27 @@ class func::minion {
file { "/etc/pki/certmaster/${hostname}.pem":
ensure => present,
source => "${puppet_ssldir}/private_keys/${fqdn}.pem",
mode => 0600,
owner => root,
group => root,
mode => "0600",
owner => "root",
group => "root",
require => Package["func"],
notify => Service["funcd"],
}
file { "/etc/pki/certmaster/${hostname}.cert":
ensure => present,
source => "${puppet_ssldir}/certs/${fqdn}.pem",
mode => 0644,
owner => root,
group => root,
mode => "0644",
owner => "root",
group => "root",
require => Package["func"],
notify => Service["funcd"],
}
file { "/etc/pki/certmaster/ca.cert":
ensure => present,
source => "${puppet_ssldir}/certs/ca.pem",
mode => 0644,
owner => root,
group => root,
mode => "0644",
owner => "root",
group => "root",
require => Package["func"],
notify => Service["funcd"],
}
@ -56,9 +56,9 @@ class func::server inherits func::minion {
file { "/etc/pki/certmaster/ca":
ensure => directory,
mode => 0750,
owner => root,
group => sysadm,
mode => "0750",
owner => "root",
group => "sysadm",
}
exec { "umask 077; openssl rsa -in ${puppet_ssldir}/ca/ca_key.pem -out /etc/pki/certmaster/ca/certmaster.key -passin file:${puppet_ssldir}/ca/private/ca.pass":
path => "/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin",
@ -68,17 +68,17 @@ class func::server inherits func::minion {
file { "/etc/pki/certmaster/ca/certmaster.crt":
ensure => present,
source => "${puppet_ssldir}/ca/ca_crt.pem",
mode => 0644,
owner => root,
group => root,
mode => "0644",
owner => "root",
group => "root",
require => File["/etc/pki/certmaster/ca"],
}
file { "/var/lib/certmaster/certmaster":
ensure => directory,
mode => 0755,
owner => root,
group => root,
mode => "0755",
owner => "root",
group => "root",
}
file { "/var/lib/certmaster/certmaster/certs":
ensure => link,
@ -89,9 +89,9 @@ class func::server inherits func::minion {
ensure => present,
source => [ "puppet:///files/func/certmaster.conf",
"puppet:///modules/func/certmaster.conf", ],
mode => 0644,
owner => root,
group => root,
mode => "0644",
owner => "root",
group => "root",
require => Package["func"],
}

28
git/manifests/init.pp
View file

@ -8,7 +8,7 @@ class git::client {
"ubuntu" => "git-core",
default => "git",
},
ensure => installed,
ensure => installed,
}
}
@ -26,23 +26,23 @@ class git::server {
include git::client
if $git_datadir {
file { "${git_datadir}":
file { $git_datadir:
ensure => directory,
mode => 0755,
owner => root,
group => root,
mode => "0755",
owner => "root",
group => "root",
}
file { "/srv/git":
ensure => link,
target => "${git_datadir}",
require => File["${git_datadir}"],
target => $git_datadir,
require => File[$git_datadir],
}
} else {
file { "/srv/git":
ensure => directory,
mode => 0755,
owner => root,
group => root,
mode => "0755",
owner => "root",
group => "root",
seltype => "httpd_sys_content_t",
}
}
@ -55,7 +55,7 @@ class git::server {
if $git_datadir {
selinux::manage_fcontext { "${git_datadir}(/.*)?":
type => "httpd_sys_content_t",
before => File["${git_datadir}"],
before => File[$git_datadir],
}
}
}
@ -108,9 +108,9 @@ class git::gitweb inherits git::server {
source => [ "puppet:///files/git/gitweb_config.perl.${fqdn}",
"puppet:///files/git/gitweb_config.perl",
"puppet:///modules/git/gitweb_config.perl", ],
mode => 0644,
owner => root,
group => root,
mode => "0644",
owner => "root",
group => "root",
require => Package["gitweb"],
}

16
hastymail/manifests/init.pp
View file

@ -12,7 +12,7 @@ class hastymail {
file { "/usr/local/src/hastymail.tar.gz":
ensure => present,
source => "puppet:///files/packages/$hastymail_package",
mode => 0644,
mode => "0644",
owner => "root",
group => "root",
links => follow,
@ -26,17 +26,17 @@ class hastymail {
file { "/etc/hastymail2":
ensure => directory,
mode => 0750,
mode => "0750",
owner => "root",
group => "${apache::sslserver::group}",
group => $apache::sslserver::group,
}
file { "/etc/hastymail2/hastymail2.conf":
ensure => present,
source => [ "puppet:///private/hastymail2.conf",
"puppet:///files/mail/hastymail2.conf", ],
mode => 0640,
mode => "0640",
owner => "root",
group => "${apache::sslserver::group}",
group => $apache::sslserver::group,
require => File["/etc/hastymail2"],
}
exec { "rm /etc/hastymail2/hastymail2.rc && php /usr/local/share/hastymail/install_scripts/install_config.php /etc/hastymail2/hastymail2.conf /etc/hastymail2/hastymail2.rc":
@ -48,9 +48,9 @@ class hastymail {
}
file { "/etc/hastymail2/hastymail2.rc":
ensure => present,
mode => 0640,
owner => "root",
group => "${apache::sslserver::group}",
mode => "0640",
owner => "root",
group => $apache::sslserver::group,
}
}

6
ifstated/manifests/init.pp
View file

@ -8,9 +8,9 @@ class ifstated {
source => [ "puppet:///private/ifstated.conf",
"puppet:///files/firewall/ifstated.conf.${fqdn}",
"puppet:///files/firewall/ifstated.conf", ],
mode => 0644,
owner => root,
group => wheel,
mode => "0644",
owner => "root",
group => "wheel",
notify => Service["ifstated"],
}

50
inetd/manifests/init.pp
View file

@ -6,15 +6,15 @@
class inetd::server {
case $operatingsystem {
centos,fedora,ubuntu,debian: {
include inetd::server::xinetd
}
openbsd: {
include inetd::server::inetd
}
default: {
fail("Inetd module not supported in ${operatingsystem}")
}
centos,fedora,ubuntu,debian: {
include inetd::server::xinetd
}
openbsd: {
include inetd::server::inetd
}
default: {
fail("Inetd module not supported in ${operatingsystem}")
}
}
}
@ -29,13 +29,13 @@ class inetd::server {
class inetd::server::xinetd {
package { "xinetd":
ensure => installed,
ensure => installed,
}
service { "xinetd":
ensure => running,
enable => true,
require => Package["xinetd"],
ensure => running,
enable => true,
require => Package["xinetd"],
}
}
@ -75,15 +75,15 @@ class inetd::server::inetd {
define inetd::service($ensure = present) {
case $operatingsystem {
centos,fedora,ubuntu,debian: {
service { "${name}":
enable => $ensure ? {
present => true,
absent => false,
},
notify => Service["xinetd"],
}
}
centos,fedora,ubuntu,debian: {
service { $name:
enable => $ensure ? {
present => true,
absent => false,
},
notify => Service["xinetd"],
}
}
openbsd: {
exec { "enable-inetd-${name}":
command => $ensure ? {
@ -98,9 +98,9 @@ define inetd::service($ensure = present) {
notify => Service["inetd"],
}
}
default: {
fail("Inetd module not supported in ${operatingsystem}")
}
default: {
fail("Inetd module not supported in ${operatingsystem}")
}
}
}

56
irc/manifests/init.pp
View file

@ -8,9 +8,9 @@ class irc::server {
file { "/var/lib/ratbox":
ensure => directory,
owner => irc,
group => irc,
mode => 0700,
owner => "irc",
group => "irc",
mode => "0700",
require => Package["ircd-ratbox"],
}
@ -27,9 +27,9 @@ class irc::services inherits irc::server {
file { "/var/lib/ratbox-services":
ensure => directory,
owner => irc,
group => irc,
mode => 0700,
owner => "irc",
group => "irc",
mode => "0700",
require => Package["ircd-ratbox", "ratbox-services-sqlite"],
}
@ -46,17 +46,17 @@ define irc::network($desc, $servername, $serverdesc,
file { "/var/lib/ratbox/${name}":
ensure => directory,
owner => irc,
group => irc,
mode => 0700,
owner => "irc",
group => "irc",
mode => "0700",
require => File["/var/lib/ratbox"],
}
file { "/var/lib/ratbox/${name}/ircd.conf":
ensure => present,
mode => 0600,
owner => irc,
group => irc,
mode => "0600",
owner => "irc",
group => "irc",
content => $services ? {
true => template("irc/ircd-ratbox.conf.erb", "irc/ircd-ratbox-services.conf.erb"),
false => template("irc/ircd-ratbox.conf.erb"),
@ -67,15 +67,15 @@ define irc::network($desc, $servername, $serverdesc,
}
ssl::certificate { "/var/lib/ratbox/${name}/ircd.pem":
cn => "${servername}",
mode => 0600,
cn => $servername,
mode => "0600",
owner => "irc",
group => "irc",
require => File["/var/lib/ratbox/${name}"],
}
ssl::dhparam { "/var/lib/ratbox/${name}/dh.pem":
mode => 0600,
mode => "0600",
owner => "irc",
group => "irc",
require => File["/var/lib/ratbox/${name}"],
@ -83,7 +83,7 @@ define irc::network($desc, $servername, $serverdesc,
file { "/etc/init.d/ircd-${name}":
ensure => present,
mode => 0755,
mode => "0755",
owner => root,
group => root,
content => template("irc/ircd-ratbox.init.erb"),
@ -125,9 +125,9 @@ define irc::network($desc, $servername, $serverdesc,
"/var/lib/ratbox-services/${name}/var/run",
"/var/lib/ratbox-services/${name}/var/run/ratbox-services", ]:
ensure => directory,
owner => irc,
group => irc,
mode => 0600,
owner => "irc",
group => "irc",
mode => "0600",
before => Service["ratbox-services-${name}"],
require => File["/var/lib/ratbox-services"],
}
@ -139,9 +139,9 @@ define irc::network($desc, $servername, $serverdesc,
file { "/var/lib/ratbox-services/${name}/etc/ratbox-services/ratbox-services.conf":
ensure => present,
mode => 0600,
owner => irc,
group => irc,
mode => "0600",
owner => "irc",
group => "irc",
content => template("irc/ratbox-services.conf.erb"),
before => Service["ratbox-services-${name}"],
notify => Service["ratbox-services-${name}"],
@ -150,9 +150,9 @@ define irc::network($desc, $servername, $serverdesc,
file { "/var/lib/ratbox-services/${name}/etc/ratbox-services/ratbox-services.db":
ensure => present,
mode => 0600,
owner => irc,
group => irc,
mode => "0600",
owner => "irc",
group => "irc",
source => "/etc/ratbox-services/ratbox-services.db",
replace => false,
before => Service["ratbox-services-${name}"],
@ -161,9 +161,9 @@ define irc::network($desc, $servername, $serverdesc,
file { "/etc/init.d/ratbox-services-${name}":
ensure => present,
mode => 0755,
owner => root,
group => root,
mode => "0755",
owner => "root",
group => "root",
content => template("irc/ratbox-services.init.erb"),
before => Service["ratbox-services-${name}"],
notify => Exec["enable-ratbox-services-${name}"],

92
iscsi/manifests/init.pp
View file

@ -4,39 +4,39 @@
class iscsi::server {
package { "scsi-target-utils":
ensure => installed,
ensure => installed,
}
service { "tgtd":
ensure => running,
enable => true,
require => Package["scsi-target-utils"],
ensure => running,
enable => true,
require => Package["scsi-target-utils"],
}
file { "/etc/tgt/targets.conf":
ensure => present,
source => [ "puppet:///files/iscsi/targets.conf.${fqdn}",
"puppet:///files/iscsi/targets.conf",
"puppet:///modules/iscsi/targets.conf", ],
mode => 0600,
owner => root,
group => root,
require => Package["scsi-target-utils"],
ensure => present,
source => [ "puppet:///files/iscsi/targets.conf.${fqdn}",
"puppet:///files/iscsi/targets.conf",
"puppet:///modules/iscsi/targets.conf", ],
mode => "0600",
owner => root,
group => root,
require => Package["scsi-target-utils"],
}
file { "/etc/tgt/target.d":
ensure => directory,
mode => 0700,
owner => root,
group => root,
require => Package["scsi-target-utils"],
ensure => directory,
mode => "0700",
owner => root,
group => root,
require => Package["scsi-target-utils"],
}
exec { "iscsi-refresh":
command => "tgt-admin -e",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
onlyif => "tgt-admin -e -p | egrep '^tgtadm '",
require => Service["tgtd"],
command => "tgt-admin -e",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
onlyif => "tgt-admin -e -p | egrep '^tgtadm '",
require => Service["tgtd"],
}
}
@ -74,24 +74,24 @@ define iscsi::target($tid, $initiator = "ALL", $ensure = "present") {
$iqn = sprintf("iqn.2005-08.tgt:%s%s", $hostname, regsubst($name, "/", ".", "G"))
case $ensure {
"present": {
file { "/etc/tgt/target.d/${tid}.conf":
ensure => present,
content => template("iscsi/tid.conf.erb"),
mode => 0600,
owner => root,
group => root,
require => File["/etc/tgt/target.d"],
before => Exec["iscsi-refresh"],
}
"present": {
file { "/etc/tgt/target.d/${tid}.conf":
ensure => present,
content => template("iscsi/tid.conf.erb"),
mode => "0600",
owner => root,
group => root,
require => File["/etc/tgt/target.d"],
before => Exec["iscsi-refresh"],
}
}
"absent": {
file { "/etc/tgt/target.d/${tid}.conf":
ensure => absent,
before => Exec["iscsi-refresh"],
}
}
}
"absent": {
file { "/etc/tgt/target.d/${tid}.conf":
ensure => absent,
before => Exec["iscsi-refresh"],
}
}
}
}
@ -102,13 +102,13 @@ define iscsi::target($tid, $initiator = "ALL", $ensure = "present") {
class iscsi::initiator {
package { "iscsi-initiator-utils":
ensure => installed,
ensure => installed,
}
service { "iscsid":
ensure => running,
enable => true,
require => Package["iscsi-initiator-utils"],
ensure => running,
enable => true,
require => Package["iscsi-initiator-utils"],
}
}
@ -133,10 +133,10 @@ define iscsi::connect($portal) {
include iscsi::initiator
exec { "iscsi-connect-${name}":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "iscsiadm --mode discovery --type sendtargets --portal ${portal} && iscsiadm --mode node --targetname ${name} --portal ${portal} --login && sleep 5",
unless => "iscsiadm --mode session | egrep '${portal}:[0-9]*,[0-9]* ${name}'\$",
require => Service["iscsid"],
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "iscsiadm --mode discovery --type sendtargets --portal ${portal} && iscsiadm --mode node --targetname ${name} --portal ${portal} --login && sleep 5",
unless => "iscsiadm --mode session | egrep '${portal}:[0-9]*,[0-9]* ${name}'\$",
require => Service["iscsid"],
}
}

82
kerberos/manifests/init.pp
View file

@ -19,26 +19,26 @@
class kerberos::client {
case $operatingsystem {
centos,fedora: {
package { "krb5-workstation":
ensure => installed,
}
}
centos,fedora: {
package { "krb5-workstation":
ensure => installed,
}
}
}
file { "krb5.conf":
path => $operatingsystem ? {
openbsd => "/etc/kerberosV/krb5.conf",
default => "/etc/krb5.conf",
},
ensure => present,
content => template("kerberos/krb5.conf.erb"),
mode => 0644,
owner => root,
group => $operatingsystem ? {
openbsd => wheel,
default => root,
},
path => $operatingsystem ? {
openbsd => "/etc/kerberosV/krb5.conf",
default => "/etc/krb5.conf",
},
ensure => present,
content => template("kerberos/krb5.conf.erb"),
mode => "0644",
owner => "root",
group => $operatingsystem ? {
openbsd => "wheel",
default => "root",
},
}
}
@ -99,13 +99,13 @@ class kerberos::auth {
class kerberos::server inherits kerberos::client {
package { "krb5-server":
ensure => installed,
ensure => installed,
}
if $kerberos_datadir {
file { $kerberos_datadir:
ensure => directory,
mode => 0600,
mode => "0600",
owner => "root",
group => "root",
}
@ -119,7 +119,7 @@ class kerberos::server inherits kerberos::client {
} else {
file { "/srv/kerberos":
ensure => directory,
mode => 0600,
mode => "0600",
owner => "root",
group => "root",
}
@ -128,7 +128,7 @@ class kerberos::server inherits kerberos::client {
file { "/var/kerberos/krb5kdc/kdc.conf":
ensure => present,
content => template("kerberos/kdc.conf.erb"),
mode => 0600,
mode => "0600",
owner => "root",
group => "root",
require => [ Package["krb5-server"],
@ -160,15 +160,15 @@ class kerberos::server inherits kerberos::client {
# $name:
# Keytab file path.
# $principals:
# List of principals to be added into keytab
# List of principals to be added into keytab
# $ensure:
# Set to present to create keytab and absent to remove it
# Set to present to create keytab and absent to remove it
# $owner:
# Owner for keytab file
# Owner for keytab file
# $group:
# Group for keytab file
# Group for keytab file
# $mode:
# Permissions for keytab file
# Permissions for keytab file
#
# === Sample usage
#
@ -180,23 +180,23 @@ class kerberos::server inherits kerberos::client {
define kerberos::keytab($principals = [], $ensure = present, $owner = "root", $group = "", $mode = "0600") {
case $group {
"": {
case $operatingsystem {
openbsd: { $real_group = "wheel" }
default: { $real_group = "root" }
}
}
default: {
$real_group = $group
}
"": {
case $operatingsystem {
openbsd: { $real_group = "wheel" }
default: { $real_group = "root" }
}
}
default: {
$real_group = $group
}
}
file { "${name}":
ensure => $ensure,
content => template("kerberos/keytab.erb"),
mode => "${mode}",
owner => "${owner}",
group => "${real_group}",
file { $name:
ensure => $ensure,
content => template("kerberos/keytab.erb"),
mode => $mode,
owner => $owner,
group => $real_group,
}
}

91
ldap/manifests/init.pp
View file

@ -90,7 +90,22 @@ class ldap::auth inherits ldap::client {
require => Package["nscd"],
}
}
Ubuntu: {
Fedora: {
package { [ "sssd", "pam_ldap", ]:
ensure => installed,
}
exec { "authconfig --enableldap --enableldapauth --ldapserver='${ldap_uri}' --ldapbasedn='${ldap_basedn}' --enablesssd --update":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
unless => 'cat /etc/sysconfig/authconfig | egrep "^USELDAPAUTH=yes$|^USELDAP=yes$" | wc -l | egrep "^2$"',
before => Service["sssd"],
require => Package["sssd"],
}
service { "sssd":
ensure => running,
enable => true,
}
}
Ubuntu: {
package { "ldap-auth-client":
ensure => installed,
}
@ -111,19 +126,19 @@ class ldap::auth inherits ldap::client {
"set base ${ldap_basedn}",
"set nss_paged_results yes",
"set pam_password exop",
"rm rootbinddn",
"rm rootbinddn",
"set ssl on", ],
onlyif => [ "get uri != '${ldap_uri}'",
"get base != ${ldap_basedn}",
"get nss_paged_results != yes",
"get pam_password != exop",
"get rootbinddn == 'cn=manager,dc=example,dc=net'",
"get rootbinddn == 'cn=manager,dc=example,dc=net'",
"get ssl != on", ],
}
}
Debian: {
Debian: {
package {[ "libnss-ldap",
"libpam-ldap" ]:
"libpam-ldap" ]:
ensure => installed,
}
## Debian lacks some lenses. nss-ldap-conf and pam_ldap-conf needs corresponding files
@ -144,7 +159,7 @@ class ldap::auth inherits ldap::client {
# "get pam_password != exop",
# "get rootbinddn == 'cn=manager,dc=example,dc=net'",
# "get ssl != on", ],
# require => Package["libnss-ldap"],
# require => Package["libnss-ldap"],
# }
# augeas { "pam_ldap-conf":
# context => "/files/etc/pam_ldap.conf",
@ -160,7 +175,7 @@ class ldap::auth inherits ldap::client {
# "get pam_password != exop",
# "get rootbinddn == 'cn=manager,dc=example,dc=net'",
# "get ssl != on", ],
# require => Package["libpam-ldap"],
# require => Package["libpam-ldap"],
# }
# augeas { "nsswitch-conf":
# context => "/files/etc/nsswitch.conf",
@ -170,7 +185,7 @@ class ldap::auth inherits ldap::client {
# onlyif => [ "get passwd: != 'files ldap'",
# "get group: != 'files ldap'",
# "get shadow: != 'files ldap'", ],
# require => [ Augeas["pam_ldap-conf"],
# require => [ Augeas["pam_ldap-conf"],
# Augeas["nss-ldap-conf"], ],
# }
}
@ -184,7 +199,7 @@ class ldap::auth inherits ldap::client {
file { "/etc/login.conf":
ensure => present,
content => template("ldap/login.conf.erb"),
mode => 0644,
mode => "0644",
owner => root,
group => wheel,
require => [ File["/etc/openldap/ldap.conf"],
@ -215,7 +230,7 @@ class ldap::client {
"debian" => "ldap-utils",
"ubuntu" => "ldap-utils",
"openbsd" => "openldap-client",
default => "openldap-clients",
default => "openldap-clients",
},
ensure => $operatingsystem ? {
darwin => absent,
@ -227,16 +242,16 @@ class ldap::client {
ensure => present,
content => template("ldap/ldap.conf.erb"),
path => $operatingsystem ? {
"debian" => "/etc/ldap/ldap.conf",
"ubuntu" => "/etc/ldap/ldap.conf",
default => "/etc/openldap/ldap.conf",
"debian" => "/etc/ldap/ldap.conf",
"ubuntu" => "/etc/ldap/ldap.conf",
default => "/etc/openldap/ldap.conf",
},
mode => 0644,
mode => "0644",
owner => root,
group => $operatingsystem ? {
"darwin" => wheel,
"openbsd" => wheel,
default => root,
default => root,
},
require => Package["openldap-client"],
}
@ -273,8 +288,8 @@ class ldap::client::ruby {
}
package { "ruby-ldap":
name => $pkgname,
ensure => installed,
name => $pkgname,
}
}
@ -346,14 +361,14 @@ class ldap::server {
}
package { "openldap-server":
name => $package_name,
ensure => installed,
name => $package_name,
}
file { "${ssl::certs}/slapd.crt":
ensure => present,
source => $ldap_server_cert,
mode => 0644,
mode => "0644",
owner => "root",
group => $operatingsystem ? {
"openbsd" => "wheel",
@ -365,7 +380,7 @@ class ldap::server {
file { "${ssl::private}/slapd.key":
ensure => present,
source => $ldap_server_key,
mode => 0640,
mode => "0640",
owner => "root",
group => $group,
require => Package["openldap-server"],
@ -373,10 +388,10 @@ class ldap::server {
}
file { "slapd.conf":
path => "${config}/slapd.conf",
ensure => present,
path => "${config}/slapd.conf",
content => template("ldap/slapd.conf.erb"),
mode => 0640,
mode => "0640",
owner => "root",
group => $group,
notify => Service["slapd"],
@ -385,7 +400,7 @@ class ldap::server {
file { "${config}/slapd.conf.d":
ensure => directory,
source => "puppet:///modules/custom/empty",
mode => 0750,
mode => "0750",
owner => "root",
group => $group,
purge => true,
@ -398,7 +413,7 @@ class ldap::server {
file { "/etc/sysconfig/ldap":
ensure => present,
source => "puppet:///modules/ldap/ldap.sysconfig",
mode => 0644,
mode => "0644",
owner => "root",
group => "root",
notify => Service["slapd"],
@ -418,22 +433,22 @@ class ldap::server {
}
if $ldap_datadir {
file { "${ldap_datadir}":
file { $ldap_datadir:
ensure => directory,
mode => 0700,
mode => "0700",
owner => $user,
group => $group,
require => Package["openldap-server"],
}
file { "/srv/ldap":
ensure => link,
target => "${ldap_datadir}",
require => File["${ldap_datadir}"],
target => $ldap_datadir,
require => File[$ldap_datadir],
}
} else {
file { "/srv/ldap":
ensure => directory,
mode => 0700,
mode => "0700",
owner => $user,
group => $group,
require => Package["openldap-server"],
@ -443,7 +458,7 @@ class ldap::server {
file { "${config}/schema":
ensure => directory,
source => "puppet:///modules/custom/empty",
mode => 0755,
mode => "0755",
owner => "root",
group => $operatingsystem ? {
"openbsd" => "wheel",
@ -456,7 +471,7 @@ class ldap::server {
}
file { "${config}/slapd.conf.d/schema.conf":
ensure => present,
mode => 0640,
mode => "0640",
owner => "root",
group => $group,
require => Exec["generate-slapd-schema-config"],
@ -473,7 +488,7 @@ class ldap::server {
file { "${config}/slapd.conf.d/database.conf":
ensure => present,
mode => 0640,
mode => "0640",
owner => "root",
group => $group,
require => Exec["generate-slapd-database-config"],
@ -509,7 +524,7 @@ define ldap::server::database($aclsource = "") {
file { "${ldap::server::config}/slapd.conf.d/db.${name}.conf":
ensure => present,
content => template("ldap/slapd-database.conf.erb"),
mode => 0640,
mode => "0640",
owner => "root",
group => $ldap::server::group,
notify => Exec["generate-slapd-database-config"],
@ -525,7 +540,7 @@ define ldap::server::database($aclsource = "") {
"" => template("ldap/slapd-acl.conf.erb"),
default => undef,
},
mode => 0640,
mode => "0640",
owner => "root",
group => $ldap::server::group,
notify => Service["slapd"],
@ -536,7 +551,7 @@ define ldap::server::database($aclsource = "") {
source => [ "puppet:///files/ldap/slapd-index.conf.${name}",
"puppet:///files/ldap/slapd-index.conf",
"puppet:///modules/ldap/slapd-index.conf", ],
mode => 0640,
mode => "0640",
owner => "root",
group => $ldap::server::group,
notify => Service["slapd"],
@ -544,7 +559,7 @@ define ldap::server::database($aclsource = "") {
file { "/srv/ldap/${name}":
ensure => directory,
mode => 0700,
mode => "0700",
owner => $ldap::server::user,
group => $ldap::server::group,
require => File["/srv/ldap"],
@ -555,7 +570,7 @@ define ldap::server::database($aclsource = "") {
source => [ "puppet:///files/ldap/DB_CONFIG.${name}",
"puppet:///files/ldap/DB_CONFIG",
"puppet:///modules/ldap/DB_CONFIG", ],
mode => 0644,
mode => "0644",
owner => "root",
group => $operatingsystem ? {
"openbsd" => "wheel",
@ -587,11 +602,11 @@ define ldap::server::schema($idx = 50) {
include ldap::server
file { "${name}.schema":
path => "${ldap::server::config}/schema/${idx}-${name}.schema",
ensure => present,
path => "${ldap::server::config}/schema/${idx}-${name}.schema",
source => [ "puppet:///files/ldap/${name}.schema",
"puppet:///modules/ldap/${name}.schema", ],
mode => 0644,
mode => "0644",
owner => "root",
group => $operatingsystem ? {
"openbsd" => "wheel",

2
libvirt/manifests/init.pp
View file

@ -41,7 +41,7 @@ class libvirt::kvm inherits libvirt::client {
file { "/etc/libvirt/libvirtd.conf":
ensure => present,
mode => 0644,
mode => "0644",
owner => "root",
group => "root",
content => template("libvirt/libvirtd.conf.erb"),

4
mercurial/manifests/init.pp
View file

@ -24,13 +24,13 @@ define mercurial::clone($source, $ensure="tip") {
exec { "hg-clone-${name}":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "hg -y clone -r ${ensure} ${source} ${name}",
creates => "${name}",
creates => $name,
require => Package["mercurial"],
}
exec { "hg-pull-${name}":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
cwd => "${name}",
cwd => $name,
command => "hg -y pull -u -r ${ensure}",
onlyif => $ensure ? {
"tip" => "hg -y in",

4
minecraft/manifests/init.pp
View file

@ -6,7 +6,7 @@ class minecraft {
file { "/usr/local/lib/minecraft.jar":
ensure => present,
source => "puppet:///files/packages/minecraft.jar",
mode => 0644,
mode => "0644",
owner => "root",
group => "root",
}
@ -14,7 +14,7 @@ class minecraft {
file { "/usr/local/bin/minecraft":
ensure => present,
source => "puppet:///modules/minecraft/minecraft",
mode => 0755,
mode => "0755",
owner => "root",
group => "root",
require => File["/usr/local/lib/minecraft.jar"],

256
munin/manifests/init.pp
View file

@ -4,59 +4,59 @@
class munin::node {
package { "munin-node":
ensure => installed,
ensure => installed,
}
service { "munin-node":
name => $operatingsystem ? {
name => $operatingsystem ? {
OpenBSD => $operatingsystemrelease ? {
/4\.[1-8]/ => "munin-node",
default => "munin_node",
},
default => "munin-node",
},
ensure => running,
enable => true,
require => Package["munin-node"],
start => $operatingsystem ? {
OpenBSD => $operatingsystemrelease ? {
ensure => running,
enable => true,
require => Package["munin-node"],
start => $operatingsystem ? {
OpenBSD => $operatingsystemrelease ? {
/4\.[1-8]/ => "/usr/bin/install -d -o _munin /var/run/munin; /usr/local/sbin/munin-node",
default => undef,
},
default => undef,
},
stop => $operatingsystem ? {
OpenBSD => "/usr/bin/pkill -f /usr/local/sbin/munin-node",
default => undef,
},
default => undef,
},
stop => $operatingsystem ? {
OpenBSD => "/usr/bin/pkill -f /usr/local/sbin/munin-node",
default => undef,
},
}
file { "/etc/munin/munin-node.conf":
ensure => present,
content => template("munin/munin-node.conf.erb"),
owner => root,
group => $operatingsystem ? {
OpenBSD => wheel,
default => root,
},
mode => 0644,
require => Package["munin-node"],
notify => Exec["munin-node-configure"],
ensure => present,
content => template("munin/munin-node.conf.erb"),
owner => "root",
group => $operatingsystem ? {
OpenBSD => "wheel",
default => "root",
},
mode => "0644",
require => Package["munin-node"],
notify => Exec["munin-node-configure"],
}
@@file { "/etc/munin/nodes.d/${homename}.conf":
content => "[${homename}]\n address ${ipaddress}\n use_node_name yes\n",
ensure => present,
tag => "munin",
notify => Exec["generate-munin-conf"],
ensure => present,
content => "[${homename}]\n address ${ipaddress}\n use_node_name yes\n",
tag => "munin",
notify => Exec["generate-munin-conf"],
}
exec { "munin-node-configure":
command => "munin-node-configure --shell --remove-also 2>/dev/null | /bin/sh",
path => "/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin",
user => root,
refreshonly => true,
notify => Service["munin-node"],
command => "munin-node-configure --shell --remove-also 2>/dev/null | /bin/sh",
path => "/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin",
user => root,
refreshonly => true,
notify => Service["munin-node"],
}
}
@ -82,20 +82,20 @@ class munin::node {
define munin::snmpnode($snmp_community="public", $snmp_version="2") {
file { "/etc/munin/plugin-conf.d/snmp_${name}":
content => "[snmp_${name}_*]\nenv.community ${snmp_community}\nenv.version ${snmp_version}\n",
ensure => present,
content => "[snmp_${name}_*]\nenv.community ${snmp_community}\nenv.version ${snmp_version}\n",
owner => root,
group => $operatingsystem ? {
OpenBSD => wheel,
default => root,
},
mode => 0600,
mode => "0600",
notify => Service["munin-node"],
}
@@file { "/etc/munin/nodes.d/${name}.conf":
content => "[${name}]\n address ${ipaddress}\n use_node_name no\n",
ensure => present,
content => "[${name}]\n address ${ipaddress}\n use_node_name no\n",
tag => "munin",
notify => Exec["generate-munin-conf"],
}
@ -108,7 +108,7 @@ define munin::snmpnode($snmp_community="public", $snmp_version="2") {
# === Parameters
#
# $name:
# Plugin name to install.
# Plugin name to install.
# $config:
# Configuration file name associated with plugin. Defaults to none.
#
@ -121,71 +121,71 @@ define munin::snmpnode($snmp_community="public", $snmp_version="2") {
define munin::plugin($config = "") {
case $operatingsystem {
OpenBSD: {
file { "/usr/local/libexec/munin/plugins/${name}":
ensure => present,
source => "puppet:///modules/munin/plugins/${name}",
owner => root,
group => wheel,
mode => 0755,
require => Package["munin-node"],
}
OpenBSD: {
file { "/usr/local/libexec/munin/plugins/${name}":
ensure => present,
source => "puppet:///modules/munin/plugins/${name}",
owner => "root",
group => "wheel",
mode => "0755",
require => Package["munin-node"],
}
}
default: {
file { "/usr/share/munin/plugins/${name}":
ensure => present,
source => "puppet:///modules/munin/plugins/${name}",
owner => "root",
group => "root",
mode => "0755",
require => Package["munin-node"],
}
}
default: {
file { "/usr/share/munin/plugins/${name}":
ensure => present,
source => "puppet:///modules/munin/plugins/${name}",
owner => root,
group => root,
mode => 0755,
require => Package["munin-node"],
}
}
}
if ($config) {
file { "/etc/munin/plugin-conf.d/${config}":
ensure => present,
source => [ "puppet:///files/munin/plugin-conf/${config}.${fqdn}",
"puppet:///files/munin/plugin-conf/${config}",
"puppet:///modules/munin/plugin-conf/${config}", ],
owner => root,
group => $operatingsystem ? {
OpenBSD => wheel,
default => root,
},
mode => 0644,
notify => Service["munin-node"],
require => $operatingsystem ? {
OpenBSD => File["/usr/local/libexec/munin/plugins/${name}"],
default => File["/usr/share/munin/plugins/${name}"],
file { "/etc/munin/plugin-conf.d/${config}":
ensure => present,
source => [ "puppet:///files/munin/plugin-conf/${config}.${fqdn}",
"puppet:///files/munin/plugin-conf/${config}",
"puppet:///modules/munin/plugin-conf/${config}", ],
owner => "root",
group => $operatingsystem ? {
OpenBSD => wheel,
default => root,
},
}
mode => "0644",
notify => Service["munin-node"],
require => $operatingsystem ? {
OpenBSD => File["/usr/local/libexec/munin/plugins/${name}"],
default => File["/usr/share/munin/plugins/${name}"],
},
}
}
case $operatingsystem {
OpenBSD: {
exec { "munin-enable-${name}":
command => "ln -s /usr/local/libexec/munin/plugins/${name} /etc/munin/plugins/${name}",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
user => root,
onlyif => [ "test ! -h /etc/munin/plugins/${name}",
"/usr/local/libexec/munin/plugins/${name} autoconf", ],
notify => Service["munin-node"],
require => File["/usr/local/libexec/munin/plugins/${name}"],
}
}
default: {
exec { "munin-enable-${name}":
command => "ln -s /usr/share/munin/plugins/${name} /etc/munin/plugins/${name}",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
user => root,
onlyif => [ "test ! -h /etc/munin/plugins/${name}",
"/usr/share/munin/plugins/${name} autoconf", ],
notify => Service["munin-node"],
require => File["/usr/share/munin/plugins/${name}"],
}
}
OpenBSD: {
exec { "munin-enable-${name}":
command => "ln -s /usr/local/libexec/munin/plugins/${name} /etc/munin/plugins/${name}",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
user => root,
onlyif => [ "test ! -h /etc/munin/plugins/${name}",
"/usr/local/libexec/munin/plugins/${name} autoconf", ],
notify => Service["munin-node"],
require => File["/usr/local/libexec/munin/plugins/${name}"],
}
}
default: {
exec { "munin-enable-${name}":
command => "ln -s /usr/share/munin/plugins/${name} /etc/munin/plugins/${name}",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
user => root,
onlyif => [ "test ! -h /etc/munin/plugins/${name}",
"/usr/share/munin/plugins/${name} autoconf", ],
notify => Service["munin-node"],
require => File["/usr/share/munin/plugins/${name}"],
}
}
}
}
@ -200,15 +200,15 @@ define munin::plugin($config = "") {
class munin::server {
package { "munin":
ensure => installed,
ensure => installed,
}
if $munin_datadir {
file { "${munin_datadir}":
file { $munin_datadir:
ensure => directory,
mode => 0755,
owner => munin,
group => munin,
mode => "0755",
owner => "munin",
group => "munin",
seltype => "munin_var_lib_t",
require => Package["munin"],
}
@ -220,19 +220,19 @@ class munin::server {
}
file { "/var/lib/munin":
ensure => "${munin_datadir}",
ensure => $munin_datadir,
force => true,
backup => ".orig",
require => File["${munin_datadir}"],
require => File[$munin_datadir],
}
}
if $munin_htmldir {
file { "${munin_htmldir}":
file { $munin_htmldir:
ensure => directory,
mode => 0755,
owner => munin,
group => munin,
mode => "0755",
owner => "munin",
group => "munin",
seltype => "httpd_munin_content_t",
require => Package["munin"],
}
@ -248,43 +248,43 @@ class munin::server {
}
file { "/var/www/html/munin":
ensure => "${munin_htmldir}",
ensure => $munin_htmldir,
force => true,
backup => ".orig",
seltype => "munin_var_lib_t",
require => File["${munin_htmldir}"],
require => File[$munin_htmldir],
}
}
file { "/etc/munin/nodes.d":
ensure => directory,
purge => true,
force => true,
recurse => true,
owner => root,
group => root,
mode => 0644,
source => "puppet:///modules/custom/empty",
require => Package["munin"],
ensure => directory,
purge => true,
force => true,
recurse => true,
owner => "root",
group => "root",
mode => "0644",
source => "puppet:///modules/custom/empty",
require => Package["munin"],
}
file { "/etc/munin/munin.conf.in":
ensure => present,
source => [ "puppet:///files/munin/munin.conf.in",
"puppet:///modules/munin/munin.conf.in", ],
owner => root,
group => root,
mode => 0644,
require => Package["munin"],
notify => Exec["generate-munin-conf"],
ensure => present,
source => [ "puppet:///files/munin/munin.conf.in",
"puppet:///modules/munin/munin.conf.in", ],
owner => "root",
group => "root",
mode => "0644",
require => Package["munin"],
notify => Exec["generate-munin-conf"],
}
exec { "generate-munin-conf":
command => "cat /etc/munin/munin.conf.in /etc/munin/nodes.d/*.conf > /etc/munin/munin.conf",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
user => root,
refreshonly => true,
require => File["/etc/munin/munin.conf.in"],
command => "cat /etc/munin/munin.conf.in /etc/munin/nodes.d/*.conf > /etc/munin/munin.conf",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
user => root,
refreshonly => true,
require => File["/etc/munin/munin.conf.in"],
}
File <<| tag == "munin" |>>

12
mutt/manifests/init.pp
View file

@ -9,7 +9,7 @@ class mutt {
$mail_server = "mail.${domain}"
}
if ! $mail_domain {
$mail_domain = "${domain}"
$mail_domain = $domain
}
case $operatingsystem {
@ -26,14 +26,14 @@ class mutt {
}
file { "Muttrc.local":
name => "${muttconfdir}/Muttrc.local",
ensure => present,
name => "${muttconfdir}/Muttrc.local",
content => template("mutt/Muttrc.local.erb"),
mode => 0644,
owner => root,
mode => "0644",
owner => "root",
group => $operatingsystem ? {
openbsd => wheel,
default => root,
openbsd => "wheel",
default => "root",
},
require => Exec["add-local-mutt-config"],
}

88
mysql/manifests/init.pp
View file

@ -20,30 +20,30 @@ class mysql::client {
class mysql::server {
package { "mysql-server":
ensure => installed,
ensure => installed,
}
if $mysql_datadir {
file { "${mysql_datadir}":
file { $mysql_datadir:
ensure => directory,
mode => 0755,
owner => mysql,
group => mysql,
mode => "0755",
owner => "mysql",
group => "mysql",
seltype => "mysqld_db_t",
require => Package["mysql-server"],
}
file { "/srv/mysql":
ensure => link,
target => "${mysql_datadir}",
target => $mysql_datadir,
seltype => "mysqld_db_t",
require => File["${mysql_datadir}"],
require => File[$mysql_datadir],
}
} else {
file { "/srv/mysql":
ensure => directory,
mode => 0755,
owner => mysql,
group => mysql,
mode => "0755",
owner => "mysql",
group => "mysql",
seltype => "mysqld_db_t",
require => Package["mysql-server"],
}
@ -57,7 +57,7 @@ class mysql::server {
if $mysql_datadir {
selinux::manage_fcontext { "${mysql_datadir}(/.*)?":
type => "mysqld_db_t",
before => File["${mysql_datadir}"],
before => File[$mysql_datadir],
}
}
}
@ -68,37 +68,37 @@ class mysql::server {
"debian" => "mysql",
default => "mysqld",
},
ensure => running,
enable => true,
require => File["/srv/mysql"],
ensure => running,
enable => true,
require => File["/srv/mysql"],
}
file { "/etc/my.cnf":
ensure => present,
source => [ "puppet:///files/mysql/my.cnf.${hostname}",
"puppet:///files/mysql/my.cnf",
"puppet:///modules/mysql/my.cnf", ],
mode => 0644,
owner => root,
group => root,
require => Package["mysql-server"],
notify => Service["mysqld"],
ensure => present,
source => [ "puppet:///files/mysql/my.cnf.${hostname}",
"puppet:///files/mysql/my.cnf",
"puppet:///modules/mysql/my.cnf", ],
mode => "0644",
owner => "root",
group => "root",
require => Package["mysql-server"],
notify => Service["mysqld"],
}
file { "/etc/logrotate.d/mysql":
ensure => present,
source => "puppet:///modules/mysql/mysql.logrotate",
mode => 0644,
owner => root,
group => root,
require => Package["mysql-server"],
ensure => present,
source => "puppet:///modules/mysql/mysql.logrotate",
mode => "0644",
owner => "root",
group => "root",
require => Package["mysql-server"],
}
file { "/var/lib/mysql":
ensure => directory,
mode => 0700,
owner => mysql,
group => mysql,
mode => "0700",
owner => "mysql",
group => "mysql",
require => Package["mysql-server"],
}
@ -128,17 +128,17 @@ class mysql::server::backup {
file { $mysql_backup_datadir:
ensure => directory,
mode => 0700,
owner => root,
group => root,
mode => "0700",
owner => "root",
group => "root",
}
file { "/etc/cron.daily/mysql-backup":
ensure => present,
content => template("mysql/mysql-backup.cron.erb"),
mode => 0755,
owner => root,
group => root,
mode => "0755",
owner => "root",
group => "root",
require => [ File[$mysql_backup_datadir],
Package["mysql"], ],
}
@ -156,18 +156,18 @@ class mysql::server::report {
file { "/var/log/mysql-report":
ensure => directory,
mode => 0644,
owner => root,
group => root,
mode => "0644",
owner => "root",
group => "root",
require => Package["mysql-server"],
}
file { "/etc/cron.daily/mysql-report":
ensure => present,
source => "puppet:///modules/mysql/mysql-report.cron",
mode => 0755,
owner => root,
group => root,
mode => "0755",
owner => "root",
group => "root",
require => File["/var/log/mysql-report"],
}

17
mythtv/manifests/init.pp
View file

@ -44,7 +44,7 @@ class mythtv::backend {
file { "/etc/mythtv/mysql.txt":
ensure => present,
content => template("mythtv/mysql.txt.erb"),
mode => 0640,
mode => "0640",
owner => root,
group => mythtv,
notify => Service["mythbackend"],
@ -54,7 +54,7 @@ class mythtv::backend {
file { "/etc/mythtv/config.xml":
ensure => present,
content => template("mythtv/config.xml.erb"),
mode => 0640,
mode => "0640",
owner => root,
group => mythtv,
notify => Service["mythbackend"],
@ -64,7 +64,7 @@ class mythtv::backend {
file { "/etc/sysconfig/mythbackend":
ensure => present,
source => "puppet:///modules/mythtv/mythbackend",
mode => 0644,
mode => "0644",
owner => root,
group => root,
notify => Service["mythbackend"],
@ -72,7 +72,8 @@ class mythtv::backend {
}
file { "/root/.mythtv":
ensure => "/etc/mythtv",
ensure => link,
target => "/etc/mythtv",
force => true,
require => Package["mythtv-backend"],
}
@ -87,7 +88,7 @@ class mythtv::backend {
file { "/etc/cron.daily/mythorphans":
ensure => present,
source => "puppet:///modules/mythtv/mythorphans",
mode => 0755,
mode => "0755",
owner => root,
group => root,
}
@ -108,7 +109,7 @@ class mythtv::cron inherits mythtv::backend {
file { "/etc/cron.daily/mythfilldatabase":
ensure => present,
source => "puppet:///modules/mythtv/mythfilldatabase",
mode => 0755,
mode => "0755",
owner => root,
group => root,
}
@ -116,7 +117,7 @@ class mythtv::cron inherits mythtv::backend {
file { "/etc/cron.daily/mythoptimize":
ensure => present,
source => "puppet:///modules/mythtv/mythoptimize",
mode => 0755,
mode => "0755",
owner => root,
group => root,
}
@ -158,7 +159,7 @@ class mythtv::mythweb {
file { "/usr/share/mythweb/data":
ensure => directory,
mode => 0770,
mode => "0770",
owner => root,
group => $apache::sslserver::group,
seltype => "httpd_sys_rw_content_t",

16
netcat/manifests/init.pp Normal file
View file

@ -0,0 +1,16 @@
# Install netcat
#
class netcat {
if $operatingsystem != "OpenBSD" {
package { "netcat":
name => $operatingsystem ? {
"ubuntu" => "netcat",
default => "nc",
},
ensure => present,
}
}
}

358
network/manifests/init.pp
View file

@ -5,20 +5,20 @@
#
class network::helper::restart {
case $operatingsystem {
centos,fedora: {
exec { "restart-network":
command => "/sbin/service network restart",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
refreshonly => true,
}
}
openbsd: {
exec { "restart-network":
command => "/sbin/route delete default ; /bin/sh /etc/netstart",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
refreshonly => true,
}
}
centos,fedora: {
exec { "restart-network":
command => "/sbin/service network restart",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
refreshonly => true,
}
}
openbsd: {
exec { "restart-network":
command => "/sbin/route delete default ; /bin/sh /etc/netstart",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
refreshonly => true,
}
}
debian,ubuntu: {
exec { "restart-network":
cwd => "/etc/network",
@ -37,7 +37,7 @@ class network::helper::debian {
file { "/etc/network/interfaces.in":
ensure => present,
mode => 0644,
mode => "0644",
owner => root,
group => root,
source => "puppet:///modules/network/interfaces.in",
@ -45,7 +45,7 @@ class network::helper::debian {
file { "/etc/network/interfaces.d":
ensure => directory,
mode => 0644,
mode => "0644",
owner => root,
group => root,
purge => true,
@ -66,7 +66,7 @@ class network::hostname {
file { "/etc/hostname":
ensure => present,
content => "${homename}\n",
mode => 0644,
mode => "0644",
owner => "root",
group => "root",
}
@ -81,7 +81,7 @@ class network::hostname {
file { "/etc/myname":
ensure => present,
content => "${homename}\n",
mode => 0644,
mode => "0644",
owner => "root",
group => "wheel",
}
@ -101,12 +101,12 @@ class network::hostname {
# $name:
# Network device name.
# $ipaddr:
# IP address for interface. Use dhcp for DHCP configuration and none
# if interface just needs to be brought up. Defaults to none.
# IP address for interface. Use dhcp for DHCP configuration and none
# if interface just needs to be brought up. Defaults to none.
# $eaddr:
# Ethernet address. Overrides udev configuration.
# $netmask:
# Netmask for interface. Required only when $ipaddr is used.
# Netmask for interface. Required only when $ipaddr is used.
# $ip6addr:
# IPv6 address for interface. Use auto for autoconfigured address.
# Defaults to none.
@ -115,7 +115,7 @@ class network::hostname {
# $bridge:
# Array of interfaces to add to bridge.
# $options:
# Custom options for interface (used only on OpenBSD).
# Custom options for interface (used only on OpenBSD).
# $postcmd:
# Custom commands to be executed after interface is up (used only on
# OpenBSD).
@ -135,14 +135,14 @@ define network::interface($ipaddr = "none", $eaddr = "none", $netmask = "none",
# try to determine boot protocol from ip address
case $ipaddr {
dhcp: { $proto = "dhcp" }
none: { $proto = "none" }
default: {
$proto = "static"
case $netmask {
none: { fail("Netmask must be defined with ip address") }
}
}
dhcp: { $proto = "dhcp" }
none: { $proto = "none" }
default: {
$proto = "static"
case $netmask {
none: { fail("Netmask must be defined with ip address") }
}
}
}
case $eaddr {
none: {
@ -155,45 +155,45 @@ define network::interface($ipaddr = "none", $eaddr = "none", $netmask = "none",
}
case $operatingsystem {
openbsd: {
file { "/etc/hostname.${name}":
ensure => present,
content => template("network/hostname.if.erb"),
mode => 0600,
owner => root,
group => wheel,
notify => Exec["restart-network"],
}
}
centos,fedora: {
openbsd: {
file { "/etc/hostname.${name}":
ensure => present,
content => template("network/hostname.if.erb"),
mode => "0600",
owner => root,
group => wheel,
notify => Exec["restart-network"],
}
}
centos,fedora: {
if $bridge {
network::interface { $bridge:
options => [ "BRIDGE=${name}", "LINKDELAY=10" ],
before => Exec["restart-interface-${name}"],
}
}
file { "/etc/sysconfig/network-scripts/ifcfg-${name}":
ensure => present,
content => template("network/ifcfg-if.erb"),
mode => 0644,
owner => root,
group => root,
notify => Exec["restart-interface-${name}"],
}
exec { "restart-interface-${name}":
command => "ifdown ${name} ; ifup ${name}",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
user => root,
refreshonly => true,
require => File["/etc/sysconfig/network-scripts/ifcfg-${name}"],
}
}
file { "/etc/sysconfig/network-scripts/ifcfg-${name}":
ensure => present,
content => template("network/ifcfg-if.erb"),
mode => "0644",
owner => root,
group => root,
notify => Exec["restart-interface-${name}"],
}
exec { "restart-interface-${name}":
command => "ifdown ${name} ; ifup ${name}",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
user => root,
refreshonly => true,
require => File["/etc/sysconfig/network-scripts/ifcfg-${name}"],
}
}
debian,ubuntu: {
include network::helper::debian
file { "/etc/network/interfaces.d/${name}-addr.conf":
ensure => present,
content => template("network/interfaces-if.erb"),
mode => 0644,
mode => "0644",
owner => root,
group => root,
notify => Exec["restart-network"],
@ -202,16 +202,16 @@ define network::interface($ipaddr = "none", $eaddr = "none", $netmask = "none",
if $eaddr_real {
file { "/etc/udev/rules.d/99-persistent-net-${name}.rules":
ensure => present,
mode => 0644,
mode => "0644",
owner => root,
group => root,
content => "SUBSYSTEM==\"net\", ACTION==\"add\", ATTR{address}==\"${eaddr_real}\", KERNEL==\"eth*\", NAME=\"${name}\"\n",
}
}
}
default: {
fail("Network module not supported in ${operatingsystem}")
}
default: {
fail("Network module not supported in ${operatingsystem}")
}
}
}
@ -233,17 +233,17 @@ define network::interface($ipaddr = "none", $eaddr = "none", $netmask = "none",
define network::route($gateway = "", $device, $ipv6gateway = "") {
case $name {
"default": {
case $operatingsystem {
centos,fedora: {
include network::helper::restart
"default": {
case $operatingsystem {
centos,fedora: {
include network::helper::restart
if "${gateway}" != "" {
augeas { "set-default-route":
context => "/files/etc/sysconfig/network",
changes => [ "set GATEWAY ${gateway}",
"set GATEWAYDEV ${device}", ],
notify => Exec["restart-network"],
}
augeas { "set-default-route":
context => "/files/etc/sysconfig/network",
changes => [ "set GATEWAY ${gateway}",
"set GATEWAYDEV ${device}", ],
notify => Exec["restart-network"],
}
}
if "${ipv6gateway}" != "" {
augeas { "set-default-ipv6-route":
@ -252,38 +252,38 @@ define network::route($gateway = "", $device, $ipv6gateway = "") {
notify => Exec["restart-network"],
}
}
}
openbsd: {
include network::helper::restart
file { "/etc/mygate":
ensure => present,
content => template("network/mygate.erb"),
mode => 644,
owner => root,
group => wheel,
notify => Exec["restart-network"],
}
}
}
openbsd: {
include network::helper::restart
file { "/etc/mygate":
ensure => present,
content => template("network/mygate.erb"),
mode => "0644",
owner => root,
group => wheel,
notify => Exec["restart-network"],
}
}
debian,ubuntu: {
include network::helper::restart
include network::helper::debian
file { "/etc/network/interfaces.d/${device}-gate.conf":
ensure => present,
content => template("network/interfaces-gateway.erb"),
mode => 0644,
mode => "0644",
owner => root,
group => root,
notify => Exec["restart-network"],
require => File["/etc/network/interfaces.d/${device}-addr.conf"],
}
}
default: {
fail("Network module not supported in ${operatingsystem}")
}
}
}
default: {
if ipv6gateway != "" {
default: {
fail("Network module not supported in ${operatingsystem}")
}
}
}
default: {
if $ipv6gateway != "" {
fail("Custom IPv6 routes not supported yet.")
}
case $operatingsystem {
@ -292,7 +292,7 @@ define network::route($gateway = "", $device, $ipv6gateway = "") {
file { "/etc/sysconfig/network-scripts/route-${device}":
ensure => present,
content => template("network/route-if.erb"),
mode => 0644,
mode => "0644",
owner => "root",
group => "root",
notify => Exec["restart-network"],
@ -333,29 +333,29 @@ define network::route($gateway = "", $device, $ipv6gateway = "") {
#
define network::carp($password, $ipaddr, $netmask, $options = []) {
case $operatingsystem {
openbsd: {
network::interface { "carp${name}":
ipaddr => "${ipaddr}",
netmask => "${netmask}",
options => [ "vhid ${name}", "pass ${password}", $options ],
openbsd: {
network::interface { "carp${name}":
ipaddr => $ipaddr,
netmask => $netmask,
options => [ "vhid ${name}", "pass ${password}", $options ],
postcmd => [ "/usr/sbin/ndp -i carp${name} -- -accept_rtadv" ],
}
}
centos,fedora: {
include network::ucarp
file { "/etc/ucarp/vip-${name}.conf":
ensure => present,
content => template("network/vip.conf.erb"),
mode => 0600,
owner => root,
group => root,
require => Package["ucarp"],
notify => Service["ucarp"],
}
}
default: {
fail("Network module not supported in ${operatingsystem}")
}
}
}
centos,fedora: {
include network::ucarp
file { "/etc/ucarp/vip-${name}.conf":
ensure => present,
content => template("network/vip.conf.erb"),
mode => "0600",
owner => root,
group => root,
require => Package["ucarp"],
notify => Service["ucarp"],
}
}
default: {
fail("Network module not supported in ${operatingsystem}")
}
}
}
@ -366,13 +366,13 @@ define network::carp($password, $ipaddr, $netmask, $options = []) {
#
class network::ucarp {
package { "ucarp":
ensure => installed,
ensure => installed,
}
service { "ucarp":
ensure => running,
enable => true,
hasstatus => true,
require => Package["ucarp"],
ensure => running,
enable => true,
hasstatus => true,
require => Package["ucarp"],
}
}
@ -397,19 +397,19 @@ define network::pppoe($username, $password, $device, $authtype = "pap") {
include network::helper::restart
case $operatingsystem {
openbsd: {
file { "/etc/hostname.${name}":
ensure => present,
content => template("network/hostname.pppoe.erb"),
mode => 0600,
owner => root,
group => wheel,
notify => Exec["restart-network"],
}
}
default: {
fail("Network module not supported in ${operatingsystem}")
}
openbsd: {
file { "/etc/hostname.${name}":
ensure => present,
content => template("network/hostname.pppoe.erb"),
mode => "0600",
owner => root,
group => wheel,
notify => Exec["restart-network"],
}
}
default: {
fail("Network module not supported in ${operatingsystem}")
}
}
}
@ -438,27 +438,27 @@ define network::pppoe($username, $password, $device, $authtype = "pap") {
#
define network::trunk($devices, $mode = 0, $ipaddr = "none", $netmask = "none") {
case $operatingsystem {
centos,fedora: {
file { "/etc/modprobe.d/${name}.conf":
ensure => present,
content => "alias ${name} bonding\noptions ${name} miimon=100 mode=${mode}\n",
mode => 0644,
owner => root,
group => root,
}
network::interface { $devices:
options => [ "MASTER=${name}", "SLAVE=yes", ],
require => File["/etc/modprobe.d/${name}.conf"],
before => Network::Interface["${name}"],
}
network::interface { $name:
ipaddr => "${ipaddr}",
netmask => "${netmask}",
}
}
default: {
fail("Network module not supported in ${operatingsystem}")
}
centos,fedora: {
file { "/etc/modprobe.d/${name}.conf":
ensure => present,
content => "alias ${name} bonding\noptions ${name} miimon=100 mode=${mode}\n",
mode => "0644",
owner => root,
group => root,
}
network::interface { $devices:
options => [ "MASTER=${name}", "SLAVE=yes", ],
require => File["/etc/modprobe.d/${name}.conf"],
before => Network::Interface[$name],
}
network::interface { $name:
ipaddr => $ipaddr,
netmask => $netmask,
}
}
default: {
fail("Network module not supported in ${operatingsystem}")
}
}
}
@ -469,12 +469,12 @@ define network::trunk($devices, $mode = 0, $ipaddr = "none", $netmask = "none")
#
class network::helper::vlan {
case $operatingsystem {
centos,fedora: {
augeas { "enable-vlan-support":
context => "/files/etc/sysconfig/network",
changes => "set VLAN yes",
}
}
centos,fedora: {
augeas { "enable-vlan-support":
context => "/files/etc/sysconfig/network",
changes => "set VLAN yes",
}
}
}
}
@ -505,25 +505,25 @@ class network::helper::vlan {
define network::vlan($device, $ipaddr = "none", $netmask = "none",
$options = []) {
case $operatingsystem {
openbsd: {
network::interface { "vlan${name}":
options => [ "vlandev ${device}" ],
ipaddr => $ipaddr,
netmask => $netmask,
}
}
centos,fedora: {
include network::helper::vlan
network::interface { "${device}.${name}":
ipaddr => $ipaddr,
netmask => $netmask,
openbsd: {
network::interface { "vlan${name}":
options => [ "vlandev ${device}" ],
ipaddr => $ipaddr,
netmask => $netmask,
}
}
centos,fedora: {
include network::helper::vlan
network::interface { "${device}.${name}":
ipaddr => $ipaddr,
netmask => $netmask,
options => $options,
require => Augeas["enable-vlan-support"],
}
}
default: {
fail("Network module not supported in ${operatingsystem}")
}
require => Augeas["enable-vlan-support"],
}
}
default: {
fail("Network module not supported in ${operatingsystem}")
}
}
}
@ -536,7 +536,7 @@ class network::manager::disable {
ubuntu: {
file { "/etc/init/network-manager.conf":
ensure => present,
mode => 0644,
mode => "0644",
owner => root,
group => root,
source => "puppet:///modules/network/network-manager.disabled.conf",

4
networker/manifests/init.pp
View file

@ -6,7 +6,7 @@ class networker::client {
file { [ "/nsr", "/nsr/res" ]:
ensure => directory,
mode => 0755,
mode => "0755",
owner => root,
group => root,
require => Package["lgtoclnt"],
@ -15,7 +15,7 @@ class networker::client {
file { "/nsr/res/servers":
ensure => present,
content => template("networker/servers.erb"),
mode => 0644,
mode => "0644",
owner => root,
group => root,
require => File["/nsr/res"],

54
nfs/manifests/init.pp
View file

@ -6,10 +6,14 @@ class nfs::client {
include portmap::server
package { "nfs-utils":
ensure => installed,
ensure => installed,
}
service { "nfslock":
name => $operatingsystem ? {
"fedora" => "nfs-lock",
default => "nfslock",
},
ensure => running,
enable => true,
hasstatus => true,
@ -27,37 +31,41 @@ class nfs::server inherits nfs::client {
include portmap::server
file { "/etc/exports":
ensure => present,
source => [ "puppet:///files/nfs/exports.${fqdn}",
"puppet:///modules/nfs/exports", ],
mode => 0644,
owner => root,
group => root,
require => Package["nfs-utils"],
notify => Exec["exportfs"],
ensure => present,
source => [ "puppet:///files/nfs/exports.${fqdn}",
"puppet:///modules/nfs/exports", ],
mode => "0644",
owner => root,
group => root,
require => Package["nfs-utils"],
notify => Exec["exportfs"],
}
file { "/etc/sysconfig/nfs":
ensure => present,
source => "puppet:///modules/nfs/nfs.sysconfig",
mode => 0644,
owner => root,
group => root,
notify => Service["nfs"],
ensure => present,
source => "puppet:///modules/nfs/nfs.sysconfig",
mode => "0644",
owner => root,
group => root,
notify => Service["nfs"],
}
service { "nfs":
ensure => running,
enable => true,
hasstatus => true,
require => Package["nfs-utils"],
name => $operatingsystem ? {
"fedora" => "nfs-server",
default => "nfs",
},
ensure => running,
enable => true,
hasstatus => true,
require => Package["nfs-utils"],
}
exec { "exportfs":
command => "exportfs -av",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
refreshonly => true,
require => Service["nfs"],
command => "exportfs -av",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
refreshonly => true,
require => Service["nfs"],
}
}

8
nginx/manifests/init.pp
View file

@ -18,14 +18,14 @@ class nginx {
}
service { "nginx":
enable => true,
ensure => running,
enable => true,
require => Package["nginx"],
}
file { "/etc/nginx/nginx.conf":
ensure => present,
mode => 0644,
mode => "0644",
owner => "root",
group => $operatingsystem ? {
"openbsd" => "wheel",
@ -38,7 +38,7 @@ class nginx {
file { "/etc/nginx/conf.d":
ensure => directory,
mode => 0644,
mode => "0644",
owner => "root",
group => $operatingsystem ? {
"openbsd" => "wheel",
@ -81,7 +81,7 @@ define nginx::configfile($source="", $content="") {
file { "/etc/nginx/conf.d/${name}":
ensure => present,
mode => 0644,
mode => "0644",
owner => "root",
group => $operatingsystem ? {
"openbsd" => "wheel",

15
ntpd/manifests/init.pp
View file

@ -34,6 +34,15 @@ class ntpd {
}
}
case $operatingsystem {
"centos","fedora": {
augeas { "disable-peerntp":
context => "/files/etc/sysconfig/network",
changes => "set PEERNTP no",
}
}
}
}
@ -47,7 +56,7 @@ class ntpd::chrony {
file { "/etc/chrony.conf":
ensure => present,
mode => 0644,
mode => "0644",
owner => "root",
group => "root",
content => template("ntpd/chrony.conf.erb"),
@ -73,7 +82,7 @@ class ntpd::isc-ntpd {
file { "/etc/ntp.conf":
ensure => present,
mode => 0644,
mode => "0644",
owner => root,
group => root,
content => template("ntpd/ntp.conf.erb"),
@ -100,7 +109,7 @@ class ntpd::openntpd {
file { "/etc/ntpd.conf":
ensure => present,
mode => 0644,
mode => "0644",
owner => root,
group => wheel,
content => template("ntpd/openntpd.conf.erb"),

12
openvpn/manifests/init.pp
View file

@ -9,7 +9,7 @@ class openvpn::client {
service { "openvpn":
ensure => running,
enable => true,
require => [ Package["openvpn"],
require => [ Package["openvpn"],
File["/etc/openvpn/openvpn.conf"],
File["/etc/openvpn/ta.key"],
File["/etc/openvpn/ca.crt"], ],
@ -30,17 +30,17 @@ class openvpn::client {
file { "/etc/openvpn/openvpn.conf":
ensure => present,
content => template("openvpn/openvpn.conf.erb"),
mode => 0640,
content => template("openvpn/openvpn.conf.erb"),
mode => "0640",
owner => "root",
group => "root",
notify => Service["openvpn"],
notify => Service["openvpn"],
require => Package["openvpn"],
}
file { "/etc/openvpn/ta.key":
ensure => present,
source => "puppet:///files/openvpn/ta.key",
mode => 0640,
mode => "0640",
owner => "root",
group => "root",
require => Package["openvpn"],
@ -48,7 +48,7 @@ class openvpn::client {
file { "/etc/openvpn/ca.crt":
ensure => present,
source => "puppet:///files/openvpn/ca.crt",
mode => 0640,
mode => "0640",
owner => "root",
group => "root",
require => Package["openvpn"],

2
pam/manifests/init.pp
View file

@ -35,7 +35,7 @@ class pam::mkhomedir {
"ubuntu": {
file { "/usr/share/pam-configs/pam_mkhomedir":
source => "puppet:///modules/pam/pam_mkhomedir",
mode => 0644,
mode => "0644",
owner => "root",
group => "root",
require => Package["libpam-runtime"],

6
procmail/manifests/init.pp
View file

@ -12,7 +12,7 @@ class procmail {
purge => true,
force => true,
recurse => true,
mode => 0755,
mode => "0755",
owner => "root",
group => "root",
source => "puppet:///modules/custom/empty",
@ -22,7 +22,7 @@ class procmail {
file { "/etc/procmailrc":
ensure => present,
mode => 0644,
mode => "0644",
owner => "root",
group => "root",
require => Package["procmail"],
@ -59,7 +59,7 @@ define procmail::rc($source = "AUTO") {
"AUTO" => "puppet:///files/procmail/${name}",
default => $source,
},
mode => 0644,
mode => "0644",
owner => root,
group => root,
notify => Exec["generate-procmailrc"],

8
psacct/manifests/init.pp
View file

@ -31,7 +31,7 @@ class psacct::linux {
}
service { "psacct":
name => $operatingsystem ? {
name => $operatingsystem ? {
ubuntu => "acct",
default => "psacct",
},
@ -50,9 +50,9 @@ class psacct::openbsd {
file { "/var/account/acct":
ensure => present,
mode => 0644,
owner => root,
group => wheel,
mode => "0644",
owner => "root",
group => "wheel",
notify => Exec["accton"],
}

6
pulseaudio/manifests/init.pp
View file

@ -21,14 +21,14 @@ class pulseaudio::server inherits pulseaudio::common {
file { "/etc/init.d/pulseaudio":
ensure => present,
source => "puppet:///modules/pulseaudio/pulseaudio.init",
mode => 0755,
mode => "0755",
owner => root,
group => root,
}
file { "/etc/sysconfig/pulseaudio":
ensure => present,
source => "puppet:///modules/pulseaudio/pulseaudio.sysconfig.${operatingsystem}",
mode => 0644,
mode => "0644",
owner => root,
group => root,
before => File["/etc/init.d/pulseaudio"],
@ -39,7 +39,7 @@ class pulseaudio::server inherits pulseaudio::common {
ensure => present,
source => [ "puppet:///files/pulseaudio/system.pa.${fqdn}",
"puppet:///files/pulseaudio/system.pa", ],
mode => 0644,
mode => "0644",
owner => root,
group => root,
require => Package["pulseaudio"],

98
puppet/manifests/init.pp
View file

@ -19,15 +19,15 @@ class puppet::client {
}
case $operatingsystem {
centos,fedora: {
package { "ruby-shadow":
ensure => installed,
}
}
centos,fedora: {
package { "ruby-shadow":
ensure => installed,
}
}
ubuntu,debian: {
package { "libaugeas-ruby":
name => regsubst($rubyversion, '^([0-9]+\.[0-9]+)\..*', 'libaugeas-ruby\1'),
ensure => installed,
name => regsubst($rubyversion, '^([0-9]+\.[0-9]+)\..*', 'libaugeas-ruby\1'),
before => Service["puppet"],
}
}
@ -36,7 +36,7 @@ class puppet::client {
file { "/etc/rc.d/puppetd":
ensure => present,
source => "puppet:///modules/puppet/puppetd.rc",
mode => 0755,
mode => "0755",
owner => "root",
group => "wheel",
before => Service["puppet"],
@ -48,8 +48,8 @@ class puppet::client {
file { "/etc/puppet/puppet.conf":
ensure => present,
content => template("puppet/puppet.conf.erb"),
mode => 0640,
owner => root,
mode => "0640",
owner => "root",
group => $operatingsystem ? {
openbsd => "_puppet",
default => "puppet",
@ -82,9 +82,9 @@ class puppet::client {
file { "/etc/default/puppet":
ensure => present,
source => "puppet:///modules/puppet/puppet.enabled.default",
mode => 0644,
owner => root,
group => root,
mode => "0644",
owner => "root",
group => "root",
notify => Service["puppet"],
}
}
@ -101,11 +101,11 @@ class puppet::client {
file { "/usr/local/sbin/puppet-check":
ensure => present,
source => "puppet:///modules/puppet/puppet-check",
mode => 0755,
owner => root,
mode => "0755",
owner => "root",
group => $operatingsystem ? {
openbsd => wheel,
default => root,
openbsd => "wheel",
default => "root",
},
}
cron { "puppet-check":
@ -259,10 +259,10 @@ class puppet::server::common inherits puppet::client {
}
if $puppet_datadir {
file { "${puppet_datadir}":
file { $puppet_datadir:
ensure => directory,
mode => 0755,
owner => root,
mode => "0755",
owner => "root",
group => $operatingsystem ? {
"openbsd" => "wheel",
default => "root",
@ -272,15 +272,15 @@ class puppet::server::common inherits puppet::client {
}
file { "/srv/puppet":
ensure => link,
target => "${puppet_datadir}",
target => $puppet_datadir,
seltype => "var_lib_t",
require => File["${puppet_datadir}"],
require => File[$puppet_datadir],
}
} else {
file { "/srv/puppet":
ensure => directory,
mode => 0755,
owner => root,
mode => "0755",
owner => "root",
group => $operatingsystem ? {
"openbsd" => "wheel",
default => "root",
@ -299,14 +299,14 @@ class puppet::server::common inherits puppet::client {
selinux::manage_fcontext { "${puppet_datadir}(/.*)?":
type => "var_lib_t",
before => File[$puppet_datadir],
}
}
}
}
if $puppet_storeconfigs != "none" {
file { "/srv/puppet/storeconfigs":
ensure => directory,
mode => 0750,
mode => "0750",
owner => $user,
group => $group,
seltype => "var_lib_t",
@ -317,7 +317,7 @@ class puppet::server::common inherits puppet::client {
"/srv/puppet/reports",
"/srv/puppet/rrd", ]:
ensure => directory,
mode => 0750,
mode => "0750",
owner => $user,
group => $group,
seltype => "var_lib_t",
@ -326,8 +326,8 @@ class puppet::server::common inherits puppet::client {
file { [ "/srv/puppet/files",
"/srv/puppet/templates" ]:
ensure => directory,
mode => 0755,
owner => root,
mode => "0755",
owner => "root",
group => $operatingsystem ? {
"openbsd" => "wheel",
default => "root",
@ -337,8 +337,8 @@ class puppet::server::common inherits puppet::client {
}
file { "/srv/puppet/files/common":
ensure => directory,
mode => 0755,
owner => root,
mode => "0755",
owner => "root",
group => $operatingsystem ? {
"openbsd" => "wheel",
default => "root",
@ -348,8 +348,8 @@ class puppet::server::common inherits puppet::client {
}
file { "/srv/puppet/files/private":
ensure => directory,
mode => 0750,
owner => root,
mode => "0750",
owner => "root",
group => $group,
seltype => "var_lib_t",
require => File["/srv/puppet/files"],
@ -364,8 +364,8 @@ class puppet::server::common inherits puppet::client {
source => [ "puppet:///files/puppet/tagmail.conf.${fqdn}",
"puppet:///files/puppet/tagmail.conf",
"puppet:///modules/puppet/tagmail.conf", ],
mode => 0644,
owner => root,
mode => "0644",
owner => "root",
group => $operatingsystem ? {
"openbsd" => "wheel",
default => "root",
@ -378,8 +378,8 @@ class puppet::server::common inherits puppet::client {
source => [ "puppet:///files/puppet/fileserver.conf.${fqdn}",
"puppet:///files/puppet/fileserver.conf",
"puppet:///modules/puppet/fileserver.conf", ],
mode => 0644,
owner => root,
mode => "0644",
owner => "root",
group => $operatingsystem ? {
"openbsd" => "wheel",
default => "root",
@ -394,9 +394,9 @@ class puppet::server::common inherits puppet::client {
file { "/etc/cron.daily/puppet-report-cleanup":
ensure => present,
content => template("puppet/puppet-report-cleanup.erb"),
mode => 0755,
owner => root,
group => root,
mode => "0755",
owner => "root",
group => "root",
require => File["/srv/puppet/reports"],
}
}
@ -405,7 +405,7 @@ class puppet::server::common inherits puppet::client {
file { "/usr/local/sbin/puppet-clean-storeconfigs":
ensure => present,
source => "puppet:///modules/puppet/puppet-clean-storeconfigs",
mode => 0755,
mode => "0755",
owner => "root",
group => $operatingsystem ? {
openbsd => "wheel",
@ -459,9 +459,9 @@ class puppet::server::mongrel {
file { "/etc/default/puppetmaster":
ensure => present,
content => template("puppet/puppetmaster.default.erb"),
mode => 0644,
owner => root,
group => root,
mode => "0644",
owner => "root",
group => "root",
notify => Service["puppetmaster"],
}
}
@ -469,9 +469,9 @@ class puppet::server::mongrel {
file { "/etc/sysconfig/puppetmaster":
ensure => present,
content => template("puppet/puppetmaster.sysconfig.erb"),
mode => 0644,
owner => root,
group => root,
mode => "0644",
owner => "root",
group => "root",
notify => Service["puppetmaster"],
}
}
@ -559,9 +559,9 @@ class puppet::opencollab {
file { "/etc/puppet/opencollab.conf":
ensure => present,
mode => 0600,
owner => root,
group => root,
mode => "0600",
owner => "root",
group => "root",
content => "[creds]\nurl = ${puppet_opencollab_url}\nusername = ${puppet_opencollab_user}\npassword = ${puppet_opencollab_pass}\n",
}

2
rsync/manifests/init.pp
View file

@ -17,7 +17,7 @@ class rsync::run-rsync {
ensure => present,
source => [ "puppet:///files/run-rsync/${homename}-RunRsyncConfig.pm",
"/etc/run-rsync/RunRsyncConfig.pm", ],
mode => 0644,
mode => "0644",
owner => "root",
group => "root",
}

50
samba/manifests/init.pp
View file

@ -3,11 +3,7 @@
class samba::server {
package { "samba":
name => $operatingsystem ? {
"openbsd" => "samba-3.5.4p3",
default => "samba",
},
ensure => installed,
ensure => installed,
}
case $operatingsystem {
@ -62,30 +58,30 @@ class samba::server {
}
file { "/etc/samba/smb.conf":
ensure => present,
source => [ "puppet:///files/samba/smb.conf.${fqdn}",
"puppet:///files/samba/smb.conf", ],
mode => 0644,
owner => root,
group => $operatingsystem ? {
openbsd => wheel,
default => root,
ensure => present,
source => [ "puppet:///files/samba/smb.conf.${fqdn}",
"puppet:///files/samba/smb.conf", ],
mode => "0644",
owner => "root",
group => $operatingsystem ? {
openbsd => "wheel",
default => "root",
},
require => Package["samba"],
require => Package["samba"],
}
file { "/etc/samba/lmhosts":
ensure => present,
source => [ "puppet:///files/samba/lmhosts.${fqdn}",
"puppet:///files/samba/lmhosts",
"puppet:///modules/samba/lmhosts", ],
mode => 0644,
owner => root,
group => $operatingsystem ? {
openbsd => wheel,
default => root,
ensure => present,
source => [ "puppet:///files/samba/lmhosts.${fqdn}",
"puppet:///files/samba/lmhosts",
"puppet:///modules/samba/lmhosts", ],
mode => "0644",
owner => "root",
group => $operatingsystem ? {
openbsd => "wheel",
default => "root",
},
require => Package["samba"],
require => Package["samba"],
}
}
@ -100,9 +96,9 @@ class samba::bdc {
file { "/etc/cron.hourly/sync-netlogon.sh":
ensure => present,
source => "puppet:///modules/samba/sync-netlogon.sh",
mode => 0755,
owner => root,
group => root,
mode => "0755",
owner => "root",
group => "root",
}
}

17
saslauthd/manifests/init.pp
View file

@ -14,9 +14,9 @@ class saslauthd::server {
file { "/etc/sasldb2":
ensure => present,
mode => 0644,
owner => root,
group => root,
mode => "0644",
owner => "root",
group => "root",
require => Exec["generate-sasldb2"],
}
exec { "generate-sasldb2":
@ -43,8 +43,9 @@ class saslauthd::server {
define saslauthd::service() {
case $architecture {
i386: { $libdir = "/usr/lib/sasl2" }
x86_64: { $libdir = "/usr/lib64/sasl2" }
"i386": { $libdir = "/usr/lib/sasl2" }
"x86_64": { $libdir = "/usr/lib64/sasl2" }
default: { fail("Unknown architecture ${architecture}") }
}
file { "${libdir}/${name}.conf":
@ -53,9 +54,9 @@ define saslauthd::service() {
"puppet:///files/saslauthd/${name}.conf",
"puppet:///files/saslauthd/service.conf",
"puppet:///modules/saslauthd/service.conf", ],
mode => 0644,
owner => root,
group => root,
mode => "0644",
owner => "root",
group => "root",
require => Service["saslauthd"],
}

6
selinux/manifests/init.pp
View file

@ -30,9 +30,9 @@ class selinux {
file { "/etc/selinux/config":
ensure => present,
content => template("selinux/config.erb"),
mode => 0644,
owner => root,
group => root,
mode => "0644",
owner => "root",
group => "root",
require => Package["selinux-policy-targeted"],
notify => Exec["set-selinux-mode"],
}

38
sendmail/manifests/init.pp
View file

@ -8,8 +8,8 @@ class sendmail::common {
if $operatingsystem != "OpenBSD" {
package { "sendmail":
name => [ "sendmail", "sendmail-cf", ],
ensure => installed,
name => [ "sendmail", "sendmail-cf", ],
}
service { "sendmail":
ensure => running,
@ -25,7 +25,7 @@ class sendmail::common {
content => "DAEMON=no\nQUEUE=1h\n",
owner => "root",
group => "root",
mode => 0644,
mode => "0644",
notify => Service["sendmail"],
}
}
@ -59,7 +59,7 @@ class sendmail::client inherits sendmail::common {
"openbsd" => "bin",
default => "root",
},
mode => 0644,
mode => "0644",
notify => Exec["make submit.cf"],
require => $operatingsystem ? {
"openbsd" => undef,
@ -68,8 +68,8 @@ class sendmail::client inherits sendmail::common {
}
exec { "make submit.cf":
path => "/bin:/usr/bin:/sbin:/usr/sbin:/etc/mail",
cwd => $operatingsystem ? {
path => "/bin:/usr/bin:/sbin:/usr/sbin:/etc/mail",
cwd => $operatingsystem ? {
"openbsd" => "/usr/share/sendmail/cf",
default => "/etc/mail",
},
@ -88,7 +88,7 @@ class sendmail::client inherits sendmail::common {
"ubuntu" => "smmsp",
default => "root",
},
mode => 0644,
mode => "0644",
source => $operatingsystem ? {
"openbsd" => "/usr/share/sendmail/cf/submit.cf",
default => undef,
@ -133,31 +133,33 @@ class sendmail::server inherits sendmail::common {
}
}
file { "sendmail.mc": name => $operatingsystem ? {
"openbsd" => "/usr/share/sendmail/cf/sendmail.mc",
default => "/etc/mail/sendmail.mc", },
file { "sendmail.mc":
name => $operatingsystem ? {
"openbsd" => "/usr/share/sendmail/cf/sendmail.mc",
default => "/etc/mail/sendmail.mc",
},
content => template("sendmail/sendmail.mc.erb"),
owner => "root",
group => $group,
mode => 0644,
mode => "0644",
notify => Exec["make sendmail.cf"],
}
file { "/etc/aliases":
ensure => present,
notify => Exec["newaliases"],
notify => Exec["newaliases"],
owner => "root",
group => $group,
mode => 0644,
mode => "0644",
}
exec { "make sendmail.cf":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
cwd => $operatingsystem ? {
path => "/bin:/usr/bin:/sbin:/usr/sbin",
cwd => $operatingsystem ? {
openbsd => "/usr/share/sendmail/cf",
default => "/etc/mail",
},
require => $operatingsystem ? {
require => $operatingsystem ? {
openbsd => undef,
default => Package["sendmail"],
},
@ -168,17 +170,17 @@ class sendmail::server inherits sendmail::common {
ensure => present,
owner => "root",
group => $group,
mode => 0644,
mode => "0644",
source => $operatingsystem ? {
openbsd => "/usr/share/sendmail/cf/sendmail.cf",
default => undef,
},
require => Exec["make sendmail.cf"],
notify => Service["sendmail"],
notify => Service["sendmail"],
}
exec { "newaliases":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
refreshonly => true,
}
}

20
ssh/manifests/init.pp
View file

@ -4,7 +4,7 @@ class ssh::known_hosts {
file { "/etc/ssh/ssh_known_hosts":
ensure => present,
mode => 0644,
mode => "0644",
owner => root,
group => $operatingsystem ? {
OpenBSD => wheel,
@ -12,10 +12,10 @@ class ssh::known_hosts {
},
}
@@sshkey { "${homename}":
@@sshkey { $homename:
ensure => present,
type => rsa,
key => "${sshrsakey}",
key => $sshrsakey,
host_aliases => inline_template("<%= homename.split('.')[0] %>"),
require => File["/etc/ssh/ssh_known_hosts"],
}
@ -32,7 +32,7 @@ class ssh::hostkeys {
file { "/etc/ssh/ssh_host_dsa_key":
ensure => present,
source => "puppet:///private/ssh_host_dsa_key",
mode => 0600,
mode => "0600",
owner => root,
group => $operatingsystem ? {
openbsd => wheel,
@ -42,7 +42,7 @@ class ssh::hostkeys {
file { "/etc/ssh/ssh_host_dsa_key.pub":
ensure => present,
source => "puppet:///private/ssh_host_dsa_key.pub",
mode => 0644,
mode => "0644",
owner => root,
group => $operatingsystem ? {
openbsd => wheel,
@ -53,7 +53,7 @@ class ssh::hostkeys {
file { "/etc/ssh/ssh_host_rsa_key":
ensure => present,
source => "puppet:///private/ssh_host_rsa_key",
mode => 0600,
mode => "0600",
owner => root,
group => $operatingsystem ? {
openbsd => wheel,
@ -63,7 +63,7 @@ class ssh::hostkeys {
file { "/etc/ssh/ssh_host_rsa_key.pub":
ensure => present,
source => "puppet:///private/ssh_host_rsa_key.pub",
mode => 0644,
mode => "0644",
owner => root,
group => $operatingsystem ? {
openbsd => wheel,
@ -74,7 +74,7 @@ class ssh::hostkeys {
file { "/etc/ssh/ssh_host_key":
ensure => present,
source => "puppet:///private/ssh_host_key",
mode => 0600,
mode => "0600",
owner => root,
group => $operatingsystem ? {
openbsd => wheel,
@ -84,7 +84,7 @@ class ssh::hostkeys {
file { "/etc/ssh/ssh_host_key.pub":
ensure => present,
source => "puppet:///private/ssh_host_key.pub",
mode => 0644,
mode => "0644",
owner => root,
group => $operatingsystem ? {
openbsd => wheel,
@ -112,7 +112,7 @@ class ssh::disable {
}
file { "/etc/init/ssh.conf":
ensure => present,
mode => 0644,
mode => "0644",
owner => root,
group => root,
source => "puppet:///modules/ssh/ssh.disabled.conf",

10
ssl/manifests/init.pp
View file

@ -77,10 +77,10 @@ define ssl::certificate($cn, $mode, $owner, $group,
exec { "openssl-req-${name}":
path => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin",
command => "/bin/sh -c 'umask 077 ; openssl req -x509 -nodes -days ${days} -newkey rsa:${keysize} -subj \"${subject_real}\" -keyout ${keyout_real} -out ${name}'",
creates => [ "${name}", "${keyout_real}" ],
creates => [ $name, $keyout_real ],
}
file { "${name}":
file { $name:
ensure => present,
mode => $mode,
owner => $owner,
@ -89,7 +89,7 @@ define ssl::certificate($cn, $mode, $owner, $group,
}
if $keyout {
file { "${keyout}":
file { $keyout:
ensure => present,
mode => $keymode,
owner => $keyowner,
@ -117,10 +117,10 @@ define ssl::dhparam($mode, $owner, $group, $keysize="1024") {
exec { "openssl-dhparam-${name}":
path => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin",
command => "/bin/sh -c 'umask 077 ; openssl dhparam -out ${name} ${keysize}'",
creates => "${name}",
creates => $name,
}
file { "${name}":
file { $name:
ensure => present,
mode => $mode,
owner => $owner,

6
sudo/manifests/init.pp
View file

@ -11,7 +11,7 @@ class sudo {
file { "/etc/sudoers.d":
ensure => directory,
mode => 0440,
mode => "0440",
owner => "root",
group => $operatingsystem ? {
"openbsd" => "wheel",
@ -25,7 +25,7 @@ class sudo {
file { "/etc/sudoers":
ensure => present,
mode => 0440,
mode => "0440",
owner => "root",
group => $operatingsystem ? {
"openbsd" => "wheel",
@ -54,7 +54,7 @@ define sudo::sudoer($where="ALL", $as_whom="ALL", $what="ALL") {
file { "/etc/sudoers.d/${name}":
ensure => present,
mode => 0440,
mode => "0440",
owner => "root",
group => $operatingsystem ? {
"openbsd" => "wheel",

8
svn/manifests/init.pp
View file

@ -8,7 +8,7 @@ class svn::client {
file { "/etc/subversion/servers":
ensure => present,
mode => 0644,
mode => "0644",
owner => root,
group => root,
content => template("svn/servers.erb"),
@ -41,13 +41,13 @@ define svn::checkout($source, $ensure="HEAD") {
exec { "svn-co-${name}":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "svn checkout --non-interactive -r ${ensure} ${source} ${name}",
creates => "${name}",
creates => $name,
require => [ Package["subversion"], File["/etc/subversion/servers"], ],
}
exec { "svn-up-${name}":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
cwd => "${name}",
cwd => $name,
command => "svn update --non-interactive -r ${ensure}",
onlyif => $ensure ? {
"HEAD" => "svn status --non-interactive -q -u 2>&1 | egrep '^[[:space:]]+\\*'",
@ -92,7 +92,7 @@ define svn::export($source, $ensure="HEAD") {
exec { "svn-export-${name}":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "svn export --non-interactive -r ${ensure} ${source} ${name} && svn info --non-interactive -r ${ensure} ${source} 2>&1 | awk '/^Last Changed Rev:/ { print \$4 }' > ${name}/.svnrevision",
creates => "${name}",
creates => $name,
require => Exec["svn-export-clean-${name}"],
}

12
sysctl/manifests/init.pp
View file

@ -17,15 +17,15 @@
define sysctl::set($value) {
exec { "sysctl-${name}":
command => "sysctl -w ${name}='${value}'",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
unless => "test \"`sysctl -n ${name}`\" = \"${value}\"",
command => "sysctl -w ${name}='${value}'",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
unless => "test \"`sysctl -n ${name}`\" = \"${value}\"",
}
exec { "sysctl-${name}-save":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "echo '${name}=${value}' >> /etc/sysctl.conf",
unless => "egrep '^${name}=' /etc/sysctl.conf",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "echo '${name}=${value}' >> /etc/sysctl.conf",
unless => "egrep '^${name}=' /etc/sysctl.conf",
}
}

26
syslog/manifests/init.pp
View file

@ -40,7 +40,7 @@ class syslog::common {
"linux": {
file { "/etc/logrotate.d/syslog.all":
ensure => present,
mode => 0644,
mode => "0644",
owner => "root",
group => "root",
content => template("syslog/logrotate.erb"),
@ -84,17 +84,25 @@ class syslog::client::syslogd {
if $operatingsystem != "OpenBSD" {
package { "syslogd":
name => "sysklogd",
ensure => installed,
name => "sysklogd",
before => File["/etc/syslog.conf"],
}
}
file { "/var/log/all.log":
ensure => present,
mode => "0640",
owner => "root",
group => $group,
notify => Service["syslogd"],
}
file { "/etc/syslog.conf":
ensure => present,
content => template("syslog/syslog.conf.$operatingsystem.erb",
"syslog/syslog.conf.client.erb"),
mode => 0644,
mode => "0644",
owner => "root",
group => $operatingsystem ? {
"openbsd" => "wheel",
@ -143,7 +151,7 @@ class syslog::client::rsyslog {
content => template("syslog/rsyslog.conf.erb",
"syslog/syslog.conf.$operatingsystem.erb",
"syslog/syslog.conf.client.erb"),
mode => 0644,
mode => "0644",
owner => "root",
group => $operatingsystem ? {
"openbsd" => "wheel",
@ -168,7 +176,7 @@ class syslog::client::rsyslog {
if $operatingsystem == "OpenBSD" and $operatingsystemrelease !~ /4\.[1-8]/ {
file { "/etc/rc.d/syslogd":
ensure => present,
mode => 0555,
mode => "0555",
owner => "root",
group => "wheel",
source => "puppet:///modules/syslog/rsyslogd.rc",
@ -195,7 +203,7 @@ class syslog::common::standalone inherits syslog::common {
if $syslog_datadir {
file { $syslog_datadir:
ensure => directory,
mode => 2750,
mode => "2750",
owner => "root",
group => $group,
seltype => "var_log_t",
@ -211,7 +219,7 @@ class syslog::common::standalone inherits syslog::common {
} else {
file { "/srv/log":
ensure => directory,
mode => 2750,
mode => "2750",
owner => "root",
group => $group,
seltype => "var_log_t",
@ -220,7 +228,7 @@ class syslog::common::standalone inherits syslog::common {
file { "/srv/log/archive":
ensure => directory,
mode => 2750,
mode => "2750",
owner => "root",
group => $group,
require => File["/srv/log"],
@ -248,7 +256,7 @@ class syslog::common::standalone inherits syslog::common {
file { "/usr/local/sbin/logarchiver.sh":
ensure => present,
source => "puppet:///modules/syslog/logarchiver.sh",
mode => 0755,
mode => "0755",
owner => "root",
group => $operatingsystem ? {
"openbsd" => "wheel",

16
tftp/manifests/init.pp
View file

@ -9,10 +9,10 @@
class tftp::server {
if $tftp_datadir {
file { "${tftp_datadir}":
file { $tftp_datadir:
ensure => directory,
mode => 0755,
owner => root,
mode => "0755",
owner => "root",
group => $operatingsystem ? {
openbsd => "wheel",
default => "root",
@ -21,14 +21,14 @@ class tftp::server {
}
file { "/srv/tftpboot":
ensure => link,
target => "${tftp_datadir}",
target => $tftp_datadir,
seltype => "tftpdir_t",
require => File["${tftp_datadir}"],
require => File[$tftp_datadir],
}
} else {
file { "/srv/tftpboot":
ensure => directory,
mode => 0755,
mode => "0755",
owner => "root",
group => $operatingsystem ? {
"openbsd" => "wheel",
@ -64,8 +64,8 @@ class tftp::server {
}
if $tftp_datadir {
selinux::manage_fcontext { "${tftp_datadir}(/.*)?":
type => "tftpdir_t",
before => File["${tftp_datadir}"],
type => "tftpdir_t",
before => File[$tftp_datadir],
}
}
}

15
time/manifests/init.pp
View file

@ -5,7 +5,7 @@ class time::server {
include inetd::server
inetd::service { "time-stream":
ensure => present,
ensure => present,
}
}
@ -17,24 +17,27 @@ class time::server {
class time::zone {
file { "/etc/localtime":
ensure => present,
mode => 0644,
mode => "0644",
source => "/usr/share/zoneinfo/$timezone_set"
}
case $operatingsystem {
centos,redhat: {
file { "/etc/sysconfig/clock":
ensure => present,
mode => 0644,
ensure => present,
mode => "0644",
content => template("time/sysconfig_clock.erb"),
}
}
ubuntu: {
file { "/etc/timezone":
ensure => present,
mode => 0644,
ensure => present,
mode => "0644",
content => "$timezone_set\n",
}
}
default: {
fail("time::zone not supported on ${operatingsystem}")
}
}
}

19
user/manifests/init.pp
View file

@ -4,14 +4,23 @@ class user::system {
file { "/var/empty":
ensure => directory,
mode => 0755,
mode => "0755",
owner => "root",
group => $operatingsystem ? {
openbsd => "wheel",
default => "root",
"openbsd" => "wheel",
default => "root",
},
}
if $operatingsystem == "ubuntu" {
file { "/sbin/nologin":
ensure => link,
target => "/usr/sbin/nologin",
owner => "root",
group => "root",
}
}
User {
require => File["/var/empty"],
}
@ -230,7 +239,7 @@ class user::system {
#
define user::newuser($uid, $gid, $comment, $home, $shell, $groups=undef, $requiregroups=undef) {
user { "${name}":
user { $name:
ensure => present,
uid => $uid,
gid => $gid,
@ -257,7 +266,7 @@ define user::newuser($uid, $gid, $comment, $home, $shell, $groups=undef, $requir
command => "/bin/sh -c 'umask 077; mkdir -p ${home} && tar cf - . | tar xf - -C ${home} && chown -R ${uid}:${gid} ${home}'",
cwd => "/etc/skel",
path => "/sbin:/usr/sbin:/bin:/usr/bin",
creates => "${home}",
creates => $home,
refreshonly => true,
}

22
util/manifests/init.pp
View file

@ -28,16 +28,16 @@ define util::extract::tar($source, $ensure=present, $strip=0, $preserve=false) {
exec { "tar-rmdir-${name}":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "rm -fr ${name}",
before => File["${name}"],
subscribe => File["${source}"],
before => File[$name],
subscribe => File[$source],
refreshonly => true,
}
}
}
file { "${name}":
file { $name:
ensure => directory,
mode => 0755,
mode => "0755",
owner => "root",
group => $operatingsystem ? {
"openbsd" => "wheel",
@ -65,7 +65,7 @@ define util::extract::tar($source, $ensure=present, $strip=0, $preserve=false) {
exec { "tar-extract-${name}":
path => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin",
command => $command,
require => File["${name}"],
require => File[$name],
unless => "test -n \"$(ls -A ${name})\"",
}
@ -95,8 +95,8 @@ define util::extract::zip($source, $ensure=present) {
exec { "zip-rmdir-${name}":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "rm -fr ${name}",
before => File["${name}"],
subscribe => File["${source}"],
before => File[$name],
subscribe => File[$source],
refreshonly => true,
}
}
@ -104,9 +104,9 @@ define util::extract::zip($source, $ensure=present) {
$command = "unzip ${source} -d ${name}"
file { "${name}":
file { $name:
ensure => directory,
mode => 0755,
mode => "0755",
owner => root,
group => root,
}
@ -114,7 +114,7 @@ define util::extract::zip($source, $ensure=present) {
exec { "zip-extract-${name}":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => $command,
require => File["${name}"],
require => File[$name],
unless => "test -n \"$(ls -A ${name})\"",
}
@ -158,7 +158,7 @@ define util::patch($source, $strip=0) {
exec { "patch-${name}-${source}":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
cwd => "${name}",
cwd => $name,
command => "patch -N -b -t -p${strip} < ${source}",
onlyif => "patch --dry-run -N -b -t -p${strip} < ${source}",
require => Class["util::patch::package"],

18
vmware/manifests/guest.pp
View file

@ -4,12 +4,12 @@
class vmware::guest {
case $virtual {
vmware: {
case $operatingsystem {
centos: { include vmware::guest::centos }
fedora: { include vmware::guest::fedora }
}
}
vmware: {
case $operatingsystem {
centos: { include vmware::guest::centos }
fedora: { include vmware::guest::fedora }
}
}
}
}
@ -46,11 +46,11 @@ class vmware::guest::centos {
class vmware::guest::fedora {
package { "VMwareTools":
ensure => absent,
ensure => absent,
}
package { "open-vm-tools":
ensure => installed,
require => Package["VMwareTools"],
ensure => installed,
require => Package["VMwareTools"],
}
}

2
vmware/manifests/init.pp
View file

@ -15,7 +15,7 @@ define vmware::bundle() {
ensure => present,
source => "puppet:///files/packages/${name}.${architecture}.bundle",
links => follow,
mode => 0755,
mode => "0755",
owner => root,
group => root,
}

212
vmware/manifests/server.pp
View file

@ -2,50 +2,50 @@
class vmware::server {
package { "VMware-server":
ensure => installed,
ensure => installed,
}
service { "vmware":
ensure => running,
enable => true,
hasstatus => true,
start => "pkill 'vmnet-' ; /sbin/service vmware stop ; rm -f /etc/vmware/not_configured ; /sbin/service vmware start && sleep 5",
stop => "pkill 'vmnet-' ; /sbin/service vmware stop",
require => [ Package["VMware-server"],
Exec["vmware-config.pl"], ],
ensure => running,
enable => true,
hasstatus => true,
start => "pkill 'vmnet-' ; /sbin/service vmware stop ; rm -f /etc/vmware/not_configured ; /sbin/service vmware start && sleep 5",
stop => "pkill 'vmnet-' ; /sbin/service vmware stop",
require => [ Package["VMware-server"],
Exec["vmware-config.pl"], ],
}
# seems that vmware init script fails if pid files are missing for vmnet
# processes, so kill them by force first
exec { "vmware-config.pl":
command => "pkill 'vmnet-' ; perl /usr/bin/vmware-config.pl --default EULA_AGREED=yes && rm -f /etc/vmware/not_configured",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "pkill 'vmnet-' ; perl /usr/bin/vmware-config.pl --default EULA_AGREED=yes && rm -f /etc/vmware/not_configured",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
environment => [ "PAGER=/bin/cat", ],
unless => "test ! -f /etc/vmware/not_configured -a -f /lib/modules/$kernelrelease/misc/vmci.ko",
unless => "test ! -f /etc/vmware/not_configured -a -f /lib/modules/$kernelrelease/misc/vmci.ko",
require => Package["VMware-server"],
notify => Service["vmware"],
notify => Service["vmware"],
}
if $vmware_serial {
exec { "vmware-set-serial":
command => "/usr/lib/vmware/bin/vmware-vmx --new-sn ${vmware_serial}",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
user => root,
creates => "/etc/vmware/license.vs.1.0-00",
require => Package["VMware-server"],
before => Exec["vmware-config.pl"],
}
exec { "vmware-set-serial":
command => "/usr/lib/vmware/bin/vmware-vmx --new-sn ${vmware_serial}",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
user => root,
creates => "/etc/vmware/license.vs.1.0-00",
require => Package["VMware-server"],
before => Exec["vmware-config.pl"],
}
}
if $vmware_admin_group {
file { "/etc/vmware/ssl/rui.key":
ensure => present,
mode => 0640,
owner => root,
group => $vmware_admin_group,
require => [ Service["vmware"],
ensure => present,
mode => "0640",
owner => root,
group => $vmware_admin_group,
require => [ Service["vmware"],
Class["puppet::client"], ],
notify => Exec["restart-vmware-mgmt"],
notify => Exec["restart-vmware-mgmt"],
}
exec { "restart-vmware-mgmt":
command => "/etc/init.d/vmware-mgmt restart && sleep 10",
@ -73,21 +73,21 @@ class vmware::server::scripts {
include socat::package
define vmware::server::scripts::file {
file { "/usr/local/sbin/${name}":
ensure => present,
source => "puppet:///modules/vmware/scripts/${name}",
mode => 0755,
owner => root,
group => root,
}
file { "/usr/local/sbin/${name}":
ensure => present,
source => "puppet:///modules/vmware/scripts/${name}",
mode => "0755",
owner => root,
group => root,
}
}
file { "/usr/local/lib/vmware.sh":
ensure => present,
source => "puppet:///modules/vmware/scripts/vmware.sh",
mode => 0644,
owner => root,
group => root,
ensure => present,
source => "puppet:///modules/vmware/scripts/vmware.sh",
mode => "0644",
owner => root,
group => root,
}
vmware::server::scripts::file { "vmware-console": }
@ -112,18 +112,18 @@ class vmware::server::vmfs {
include vmware::server
file { "/vmfs":
ensure => directory,
mode => 0755,
owner => root,
group => root,
require => Package["VMware-server"],
ensure => directory,
mode => "0755",
owner => root,
group => root,
require => Package["VMware-server"],
}
file { "/vmfs/volumes":
ensure => directory,
mode => 0755,
owner => root,
group => root,
require => File["/vmfs"],
ensure => directory,
mode => "0755",
owner => root,
group => root,
require => File["/vmfs"],
}
}
@ -158,61 +158,61 @@ define vmware::server::datastore($device, $type = "auto", $options = "defaults")
if $type == "auto" {
$server = regsubst($device, '^([a-zA-Z0-9\-]+):(/.+)$', '\1')
if $server == $device {
$fstype = $type
if $device == regsubst($device, '^(/dev/).+$', '\1') {
$mountopts = "bind"
}
} else {
$fstype = "nfs"
$path = regsubst($device, '^([a-zA-Z0-9\-]+):(/.+)$', '\2')
}
if $server == $device {
$fstype = $type
if $device == regsubst($device, '^(/dev/).+$', '\1') {
$mountopts = "bind"
}
} else {
$fstype = "nfs"
$path = regsubst($device, '^([a-zA-Z0-9\-]+):(/.+)$', '\2')
}
}
if !$mountopts {
$mountopts = $options
$mountopts = $options
}
file { "/vmfs/volumes/${name}":
ensure => directory,
mode => $fstype ? {
nfs => 0755,
default => 0775,
ensure => directory,
mode => $fstype ? {
nfs => "0755",
default => "0775",
},
owner => root,
group => $fstype ? {
owner => root,
group => $fstype ? {
nfs => "root",
default => $real_vmware_admin_group,
},
require => File["/vmfs/volumes"],
require => File["/vmfs/volumes"],
}
mount { "/vmfs/volumes/${name}":
ensure => mounted,
device => "${device}",
fstype => "${fstype}",
options => "${mountopts}",
require => File["/vmfs/volumes/${name}"],
ensure => mounted,
device => $device,
fstype => $fstype,
options => $mountopts,
require => File["/vmfs/volumes/${name}"],
}
exec { "vmware-create-datastore-${name}":
command => $fstype ? {
nfs => "vmware-vim-cmd hostsvc/datastore/nas_create ${name} ${server} ${path} 0",
default => "vmware-vim-cmd hostsvc/datastore/localds_create ${name} /vmfs/volumes/${name}",
},
path => "/bin:/usr/bin:/sbin:/usr/sbin",
user => root,
unless => "vmware-vim-cmd hostsvc/datastore/summary ${name}",
require => [ Mount["/vmfs/volumes/${name}"],
Service["vmware"], ],
notify => Exec["vmware-refresh-datastore-${name}"],
command => $fstype ? {
nfs => "vmware-vim-cmd hostsvc/datastore/nas_create ${name} ${server} ${path} 0",
default => "vmware-vim-cmd hostsvc/datastore/localds_create ${name} /vmfs/volumes/${name}",
},
path => "/bin:/usr/bin:/sbin:/usr/sbin",
user => root,
unless => "vmware-vim-cmd hostsvc/datastore/summary ${name}",
require => [ Mount["/vmfs/volumes/${name}"],
Service["vmware"], ],
notify => Exec["vmware-refresh-datastore-${name}"],
}
exec { "vmware-refresh-datastore-${name}":
command => "vmware-vim-cmd hostsvc/datastore/refresh ${name}",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
user => root,
refreshonly => true,
command => "vmware-vim-cmd hostsvc/datastore/refresh ${name}",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
user => root,
refreshonly => true,
}
}
@ -229,7 +229,7 @@ define vmware::server::datastore($device, $type = "auto", $options = "defaults")
# $device:
# Physical network device to bridge.
# $ensure:
# Set to present to enable bridge and absent to disable it.
# Set to present to enable bridge and absent to disable it.
#
# === Sample usage
#
@ -243,35 +243,35 @@ define vmware::server::bridge($description, $device, $ensure = "present") {
$vmnet = regsubst($name, '^vmnet([0-9]+)$', '\1')
if $vmnet == $name {
fail("Invalid vmnet device name.")
fail("Invalid vmnet device name.")
}
service { "${name}-bridge":
ensure => $ensure ? {
"present" => running,
"absent" => stopped,
},
pattern => "/usr/bin/vmnet-bridge -d .* -n ${vmnet}",
start => "/usr/bin/vmnet-bridge -d /var/run/vmnet-bridge-${vmnet}.pid -n ${vmnet} -i ${device}",
stop => "pkill -f '/usr/bin/vmnet-bridge -d .* -n ${vmnet}'",
provider => base,
require => Exec["vmware-config.pl"],
ensure => $ensure ? {
"present" => running,
"absent" => stopped,
},
pattern => "/usr/bin/vmnet-bridge -d .* -n ${vmnet}",
start => "/usr/bin/vmnet-bridge -d /var/run/vmnet-bridge-${vmnet}.pid -n ${vmnet} -i ${device}",
stop => "pkill -f '/usr/bin/vmnet-bridge -d .* -n ${vmnet}'",
provider => base,
require => Exec["vmware-config.pl"],
}
vmware_config { "VNET_${vmnet}_NAME":
ensure => $ensure ? {
absent => absent,
present => "${description}",
},
require => Exec["vmware-config.pl"],
ensure => $ensure ? {
absent => absent,
present => $description,
},
require => Exec["vmware-config.pl"],
}
vmware_config { "VNET_${vmnet}_INTERFACE":
ensure => $ensure ? {
absent => absent,
present => "${device}",
},
notify => Service["${name}-bridge"],
require => Exec["vmware-config.pl"],
ensure => $ensure ? {
absent => absent,
present => $device,
},
notify => Service["${name}-bridge"],
require => Exec["vmware-config.pl"],
}
}

14
vsroom/manifests/init.pp
View file

@ -25,7 +25,7 @@ class vsroom {
file { "/usr/local/src/vsroom.tar.gz":
ensure => present,
mode => 0644,
mode => "0644",
owner => "root",
group => "root",
source => "puppet:///files/packages/${vsroom_package}",
@ -44,22 +44,22 @@ class vsroom {
realize(User["vsroom"], Group["vsroom"])
if $vsroom_datadir {
file { "${vsroom_datadir}":
file { $vsroom_datadir:
ensure => directory,
mode => 0750,
mode => "0750",
owner => "root",
group => "vsroom",
}
file { "/var/lib/vsroom":
ensure => link,
target => "${vsroom_datadir}",
require => File["${vsroom_datadir}"],
target => $vsroom_datadir,
require => File[$vsroom_datadir],
}
} else {
file { "/var/lib/vsroom":
ensure => directory,
mode => 0750,
mode => "0750",
owner => "root",
group => "vsroom",
}
@ -72,7 +72,7 @@ class vsroom {
file { "${htdocs}/config.json":
ensure => present,
mode => 0644,
mode => "0644",
owner => "root",
group => "root",
source => [ "puppet:///files/vsroom/config.json.${fqdn}",

105
wiki/manifests/init.pp
View file

@ -14,17 +14,17 @@ class wiki::moin {
file { "/usr/local/src/moin.tar.gz":
ensure => present,
mode => 0644,
owner => root,
group => root,
mode => "0644",
owner => "root",
group => "root",
source => "puppet:///files/packages/${moin_package}",
links => follow,
}
file { "/usr/local/src/moin.patch":
ensure => present,
mode => 0644,
owner => root,
group => root,
mode => "0644",
owner => "root",
group => "root",
source => "puppet:///files/packages/${moin_patch}",
links => follow,
}
@ -49,7 +49,7 @@ class wiki::moin {
file { "${shared}/htdocs/.htaccess":
ensure => present,
mode => 0644,
mode => "0644",
owner => "root",
group => "root",
content => "SetHandler None\n",
@ -73,7 +73,7 @@ class wiki::graphingwiki::common {
file { "/usr/local/src/graphingwiki.tar.gz":
ensure => directory,
mode => 0644,
mode => "0644",
owner => "root",
group => $operatingsystem ? {
"openbsd" => "wheel",
@ -149,11 +149,13 @@ class wiki::collab::base {
include graphviz::python
include ldap::client::python
include apache::sslserver
include apache::mod::authnz_ldap
include apache::mod::ldap
include apache::mod::rewrite
include apache::mod::wsgi
include wiki::moin
include wiki::graphingwiki
include wiki::opencollab
include wiki::collab
@ -169,24 +171,24 @@ class wiki::collab::base {
}
if $wiki_datadir {
file { "${wiki_datadir}":
file { $wiki_datadir:
ensure => directory,
mode => 0755,
owner => root,
group => root,
mode => "0755",
owner => "root",
group => "root",
}
file { "/srv/wikis":
ensure => link,
target => "${wiki_datadir}",
require => File["${wiki_datadir}"],
target => $wiki_datadir,
require => File[$wiki_datadir],
}
} else {
file { "/srv/wikis":
ensure => directory,
mode => 0755,
owner => root,
group => root,
mode => "0755",
owner => "root",
group => "root",
}
}
@ -202,29 +204,28 @@ class wiki::collab::base {
"/srv/wikis/collab/wikis",
"/srv/wikis/collab/run", ]:
ensure => directory,
mode => 2660,
owner => collab,
group => collab,
mode => "2660",
owner => "collab",
group => "collab",
require => [ File["/srv/wikis"], User["collab"], Group["collab"],
Python::Setup::Install["/usr/local/src/graphingwiki/collab"],
Python::Setup::Install["/usr/local/src/moin"], ],
}
exec { "collab-copy-underlay":
user => collab,
group => collab,
user => "root",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
cwd => "${wiki::moin::shared}/underlay",
command => "cp -R pages /srv/wikis/collab/underlay && chmod -R g=u,o-rwx /srv/wikis/collab/underlay",
command => "cp -R pages /srv/wikis/collab/underlay && chmod -R g=u,o-rwx /srv/wikis/collab/underlay && chown -R collab:collab /srv/wikis/collab/underlay",
creates => "/srv/wikis/collab/underlay/pages",
require => File["/srv/wikis/collab/underlay"],
}
file { "/srv/wikis/collab/config/collabfarm.py":
ensure => present,
mode => 0660,
owner => collab,
group => collab,
mode => "0660",
owner => "collab",
group => "collab",
source => [ "puppet:///private/wiki/collabfarm.py",
"puppet:///files/wiki/collabfarm.py",
"/usr/local/src/graphingwiki/collab/config/collabfarm.py", ],
@ -234,9 +235,9 @@ class wiki::collab::base {
file { "/srv/wikis/collab/config/intermap.txt":
ensure => present,
mode => 0660,
owner => collab,
group => collab,
mode => "0660",
owner => "collab",
group => "collab",
source => "/usr/local/src/graphingwiki/collab/config/intermap.txt",
replace => false,
require => File["/srv/wikis/collab/config"],
@ -244,9 +245,9 @@ class wiki::collab::base {
file { "/srv/wikis/collab/config/logging.conf":
ensure => present,
mode => 0660,
owner => collab,
group => collab,
mode => "0660",
owner => "collab",
group => "collab",
source => "/usr/local/src/graphingwiki/collab/config/logging.conf",
replace => false,
require => File["/srv/wikis/collab/config"],
@ -254,9 +255,9 @@ class wiki::collab::base {
file { "/srv/wikis/collab/htdocs/.htaccess":
ensure => present,
mode => 0660,
owner => collab,
group => collab,
mode => "0660",
owner => "collab",
group => "collab",
source => "puppet:///modules/wiki/htaccess",
replace => false,
require => File["/srv/wikis/collab/htdocs"],
@ -264,9 +265,9 @@ class wiki::collab::base {
file { [ "/etc/local", "/etc/local/collab" ]:
ensure => directory,
mode => 0755,
owner => root,
group => root,
mode => "0755",
owner => "root",
group => "root",
}
if $collab_jabberdomain and !$collab_conferencedomain {
@ -275,9 +276,9 @@ class wiki::collab::base {
file { "/etc/local/collab/collab.ini":
ensure => present,
mode => 0644,
owner => root,
group => root,
mode => "0644",
owner => "root",
group => "root",
content => template("wiki/collab.ini.erb"),
require => File["/etc/local/collab"],
}
@ -291,6 +292,28 @@ class wiki::collab::base {
source => "puppet:///modules/wiki/collab-httpd.conf",
}
exec { "collab-create collab collab":
path => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin",
cwd => "/",
user => "collab",
group => "collab",
creates => "/srv/wikis/collab/wikis/collab",
require => [ File["/etc/local/collab/collab.ini"],
Class["wiki::collab"],
File["/srv/wikis/collab/wikis"],
File["/srv/wikis/collab/htdocs/.htaccess"],
Exec["collab-copy-underlay"], ],
}
exec { "collab-account-create -f -r collab":
path => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin",
cwd => "/",
user => "collab",
group => "collab",
unless => "egrep '^name=collab$' /srv/wikis/collab/user/*",
require => Exec["collab-create collab collab"],
before => Cron["collab-htaccess"],
}
cron { "collab-htaccess":
ensure => present,
command => $operatingsystem ? {

10
yum/manifests/init.pp
View file

@ -12,9 +12,9 @@ class yum::updatesd {
source => [ "puppet:///files/yum/yum-updatesd.conf.${fqdn}",
"puppet:///files/yum/yum-updatesd.conf",
"puppet:///modules/yum/yum-updatesd.conf", ],
mode => 0644,
owner => root,
group => root,
mode => "0644",
owner => "root",
group => "root",
notify => Service["yum-updatesd"],
}
@ -121,7 +121,7 @@ define yum::repo($baseurl="", $mirrorlist="", $descr="", $gpgkey="") {
file { "/etc/pki/rpm-gpg/RPM-GPG-KEY-${name}":
ensure => present,
source => $gpgkey,
mode => 0644,
mode => "0644",
owner => "root",
group => "root",
before => File["/etc/yum.repos.d/${name}.repo"],
@ -140,7 +140,7 @@ define yum::repo($baseurl="", $mirrorlist="", $descr="", $gpgkey="") {
file { "/etc/yum.repos.d/${name}.repo":
ensure => present,
content => template("yum/yum.repo.erb"),
mode => 0644,
mode => "0644",
owner => "root",
group => "root",
}