tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' of bitbucket.org:tmakinen/puppet

Browse source
This commit is contained in:
Ossi Salmi 2013-09-24 13:52:18 +03:00
commit 379ca62a5f
12 changed files with 237 additions and 111 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
apache/manifests/debian.pp
View file

@ -88,7 +88,7 @@ class apache::debian::server inherits apache::debian::common {
} }
define apache::debian::site($aliases, $root, $redirect) { define apache::debian::site($aliases, $root, $redirect, $proxy) {
if $name == "default" { if $name == "default" {
$site_fqdn = $homename $site_fqdn = $homename
@ -100,7 +100,7 @@ define apache::debian::site($aliases, $root, $redirect) {
$site_confdir = "/etc/apache2/sites-enabled/${site_fqdn}.d" $site_confdir = "/etc/apache2/sites-enabled/${site_fqdn}.d"
if !$redirect { if !$redirect {
if !$proxy { if $proxy == "" {
if $root { if $root {
file { "/srv/www/http/${site_fqdn}": file { "/srv/www/http/${site_fqdn}":
ensure => link, ensure => link,
@ -131,8 +131,8 @@ define apache::debian::site($aliases, $root, $redirect) {
file { $site_conf: file { $site_conf:
ensure => present, ensure => present,
mode => "0644", mode => "0644",
owner => root, owner => "root",
group => root, group => "root",
notify => Service["apache2"], notify => Service["apache2"],
} }
@ -140,19 +140,16 @@ define apache::debian::site($aliases, $root, $redirect) {
File[$site_conf] { File[$site_conf] {
content => "<VirtualHost *:80>\n ServerName ${site_fqdn}\n Redirect permanent / ${redirect}\n</VirtualHost>\n", content => "<VirtualHost *:80>\n ServerName ${site_fqdn}\n Redirect permanent / ${redirect}\n</VirtualHost>\n",
} }
} elsif $proxy {
File[$site_conf] {
content => template("apache/proxy.http.conf.erb"),
}
} else { } else {
File[$site_conf] { File[$site_conf] {
content => template("apache/site.http.conf.erb"), content => template("apache/site.http.conf.erb"),
} }
if $proxy == "" {
file { $site_confdir: file { $site_confdir:
ensure => directory, ensure => directory,
mode => "0644", mode => "0644",
owner => root, owner => "root",
group => root, group => "root",
purge => true, purge => true,
force => true, force => true,
recurse => true, recurse => true,
@ -162,6 +159,7 @@ define apache::debian::site($aliases, $root, $redirect) {
notify => Service["apache2"], notify => Service["apache2"],
} }
} }
}
} }
@ -187,13 +185,14 @@ class apache::debian::sslserver inherits apache::debian::common {
define apache::debian::sslsite($first, $hsts, $ipaddr, $root, define apache::debian::sslsite($first, $hsts, $ipaddr, $root,
$ssl_cert, $ssl_key, $ssl_chain) { $ssl_cert, $ssl_key, $ssl_chain, $proxy) {
if $name == "default" { if $name == "default" {
$site_fqdn = $homename $site_fqdn = $homename
} else { } else {
$site_fqdn = $name $site_fqdn = $name
if $proxy == "" {
if $root { if $root {
file { "/srv/www/https/${site_fqdn}": file { "/srv/www/https/${site_fqdn}":
ensure => link, ensure => link,
@ -204,11 +203,12 @@ define apache::debian::sslsite($first, $hsts, $ipaddr, $root,
file { "/srv/www/https/${site_fqdn}": file { "/srv/www/https/${site_fqdn}":
ensure => directory, ensure => directory,
mode => "0755", mode => "0755",
owner => root, owner => "root",
group => root, group => "root",
before => Service["apache2"], before => Service["apache2"],
} }
} }
}
file { "/srv/www/log/https/${site_fqdn}": file { "/srv/www/log/https/${site_fqdn}":
ensure => directory, ensure => directory,
@ -279,11 +279,12 @@ define apache::debian::sslsite($first, $hsts, $ipaddr, $root,
File["/etc/ssl/private/${site_fqdn}.key"], ], File["/etc/ssl/private/${site_fqdn}.key"], ],
} }
if $proxy == "" {
file { $site_confdir: file { $site_confdir:
ensure => directory, ensure => directory,
mode => "0644", mode => "0644",
owner => root, owner => "root",
group => root, group => "root",
purge => true, purge => true,
force => true, force => true,
recurse => true, recurse => true,
@ -292,6 +293,7 @@ define apache::debian::sslsite($first, $hsts, $ipaddr, $root,
before => File[$site_conf], before => File[$site_conf],
notify => Service["apache2"], notify => Service["apache2"],
} }
}
} }

12
apache/manifests/init.pp
View file

@ -279,6 +279,8 @@ class apache::sslserver::listen {
# Path to SSL private key. Defaults to puppet client certificate. # Path to SSL private key. Defaults to puppet client certificate.
# $ssl_chain: # $ssl_chain:
# Path to SSL certificate chain. Defaults to none. # Path to SSL certificate chain. Defaults to none.
# $proxy:
# Proxy site to given URL.
# #
# === Sample usage # === Sample usage
# #
@ -288,8 +290,14 @@ class apache::sslserver::listen {
# ssl_key => "puppet:///path/to/www.example.com.key", # ssl_key => "puppet:///path/to/www.example.com.key",
# } # }
# #
# apache::site { "proxy.example.com":
# ssl_cert => "puppet:///path/to/proxy.example.com.crt",
# ssl_key => "puppet:///path/to/proxy.example.com.key",
# proxy => "http://localhost:8080",
# }
#
define apache::sslsite($first=false, $hsts=false, $ipaddr="_default_", $root="", define apache::sslsite($first=false, $hsts=false, $ipaddr="_default_", $root="",
$ssl_cert="", $ssl_key="", $ssl_chain="") { $ssl_cert="", $ssl_key="", $ssl_chain="", $proxy="") {
include apache::sslserver::listen include apache::sslserver::listen
@ -308,6 +316,7 @@ define apache::sslsite($first=false, $hsts=false, $ipaddr="_default_", $root="",
ssl_cert => $ssl_cert, ssl_cert => $ssl_cert,
ssl_key => $ssl_key, ssl_key => $ssl_key,
ssl_chain => $ssl_chain, ssl_chain => $ssl_chain,
proxy => $proxy,
require => Class["apache::sslserver::listen"], require => Class["apache::sslserver::listen"],
} }
} }
@ -321,6 +330,7 @@ define apache::sslsite($first=false, $hsts=false, $ipaddr="_default_", $root="",
ssl_cert => $ssl_cert, ssl_cert => $ssl_cert,
ssl_key => $ssl_key, ssl_key => $ssl_key,
ssl_chain => $ssl_chain, ssl_chain => $ssl_chain,
proxy => $proxy,
require => Class["apache::sslserver::listen"], require => Class["apache::sslserver::listen"],
} }
} }

26
apache/manifests/redhat.pp
View file

@ -57,7 +57,7 @@ define apache::redhat::site($aliases, $root, $redirect, $proxy) {
$site_confdir = "/etc/httpd/site.http.d/${site_fqdn}.d" $site_confdir = "/etc/httpd/site.http.d/${site_fqdn}.d"
if !$redirect { if !$redirect {
if !$proxy { if $proxy == "" {
if $root { if $root {
file { "/srv/www/http/${site_fqdn}": file { "/srv/www/http/${site_fqdn}":
ensure => link, ensure => link,
@ -98,19 +98,16 @@ define apache::redhat::site($aliases, $root, $redirect, $proxy) {
File[$site_conf] { File[$site_conf] {
content => "<VirtualHost *:80>\n ServerName ${site_fqdn}\n Redirect permanent / ${redirect}\n</VirtualHost>\n", content => "<VirtualHost *:80>\n ServerName ${site_fqdn}\n Redirect permanent / ${redirect}\n</VirtualHost>\n",
} }
} elsif $proxy {
File[$site_conf] {
content => template("apache/proxy.http.conf.erb"),
}
} else { } else {
File[$site_conf] { File[$site_conf] {
content => template("apache/site.http.conf.erb"), content => template("apache/site.http.conf.erb"),
} }
if $proxy == "" {
file { $site_confdir: file { $site_confdir:
ensure => directory, ensure => directory,
mode => "0644", mode => "0644",
owner => root, owner => "root",
group => root, group => "root",
purge => true, purge => true,
force => true, force => true,
recurse => true, recurse => true,
@ -120,6 +117,7 @@ define apache::redhat::site($aliases, $root, $redirect, $proxy) {
notify => Service["httpd"], notify => Service["httpd"],
} }
} }
}
} }
@ -226,13 +224,14 @@ class apache::redhat::sslserver {
define apache::redhat::sslsite($first, $hsts, $ipaddr, $root, define apache::redhat::sslsite($first, $hsts, $ipaddr, $root,
$ssl_cert, $ssl_key, $ssl_chain) { $ssl_cert, $ssl_key, $ssl_chain, $proxy) {
if $name == "default" { if $name == "default" {
$site_fqdn = $homename $site_fqdn = $homename
} else { } else {
$site_fqdn = $name $site_fqdn = $name
if $proxy == "" {
if $root { if $root {
file { "/srv/www/https/${site_fqdn}": file { "/srv/www/https/${site_fqdn}":
ensure => link, ensure => link,
@ -243,11 +242,12 @@ define apache::redhat::sslsite($first, $hsts, $ipaddr, $root,
file { "/srv/www/https/${site_fqdn}": file { "/srv/www/https/${site_fqdn}":
ensure => directory, ensure => directory,
mode => "0755", mode => "0755",
owner => root, owner => "root",
group => root, group => "root",
before => Service["httpsd"], before => Service["httpsd"],
} }
} }
}
file { "/srv/www/log/https/${site_fqdn}": file { "/srv/www/log/https/${site_fqdn}":
ensure => directory, ensure => directory,
@ -319,11 +319,12 @@ define apache::redhat::sslsite($first, $hsts, $ipaddr, $root,
File["/etc/pki/tls/private/${site_fqdn}.key"], ], File["/etc/pki/tls/private/${site_fqdn}.key"], ],
} }
if $proxy == "" {
file { $site_confdir: file { $site_confdir:
ensure => directory, ensure => directory,
mode => "0644", mode => "0644",
owner => root, owner => "root",
group => root, group => "root",
purge => true, purge => true,
force => true, force => true,
recurse => true, recurse => true,
@ -332,6 +333,7 @@ define apache::redhat::sslsite($first, $hsts, $ipaddr, $root,
before => File[$site_conf], before => File[$site_conf],
notify => Service["httpsd"], notify => Service["httpsd"],
} }
}
} }

10
apache/templates/proxy.http.conf.erb
View file

@ -1,10 +0,0 @@
<VirtualHost *:80>
ServerName <%= @site_fqdn %>
<% if @aliases != "" -%>
ServerAlias <%= @aliases %>
<% end -%>
ErrorLog /srv/www/log/http/<%= @site_fqdn %>/error_log
CustomLog /srv/www/log/http/<%= @site_fqdn %>/access_log combined
ProxyPass / <%= @proxy %>/
ProxyPassReverse / <%= @proxy %>/
</VirtualHost>

5
apache/templates/site.http.conf.erb
View file

@ -5,6 +5,11 @@
<% end -%> <% end -%>
ErrorLog /srv/www/log/http/<%= @site_fqdn %>/error_log ErrorLog /srv/www/log/http/<%= @site_fqdn %>/error_log
CustomLog /srv/www/log/http/<%= @site_fqdn %>/access_log combined CustomLog /srv/www/log/http/<%= @site_fqdn %>/access_log combined
<% if @proxy != "" -%>
ProxyPass / <%= @proxy %>/
ProxyPassReverse / <%= @proxy %>/
<% else -%>
DocumentRoot /srv/www/http/<%= @site_fqdn %> DocumentRoot /srv/www/http/<%= @site_fqdn %>
Include <%= @site_confdir %>/*.conf Include <%= @site_confdir %>/*.conf
<% end -%>
</VirtualHost> </VirtualHost>

9
apache/templates/site.https.conf.erb
View file

@ -1,7 +1,6 @@
<VirtualHost <%= @ipaddr %>:443> <VirtualHost <%= @ipaddr %>:443>
# General setup for the virtual host, inherited from global configuration # General setup for the virtual host, inherited from global configuration
DocumentRoot "/srv/www/https/<%= @site_fqdn %>"
ServerName <%= @site_fqdn %>:443 ServerName <%= @site_fqdn %>:443
# Use separate log files for the SSL virtual host; note that LogLevel # Use separate log files for the SSL virtual host; note that LogLevel
@ -156,6 +155,12 @@ BrowserMatch "MSIE [2-5]" \
</IfModule> </IfModule>
<% end -%> <% end -%>
Include <%= @site_confdir %>/*.conf <% if @proxy != "" -%>
ProxyPass / <%= @proxy %>/
ProxyPassReverse / <%= @proxy %>/
<% else -%>
DocumentRoot /srv/www/https/<%= @site_fqdn %>
Include <%= @site_confdir %>/*.conf
<% end -%>
</VirtualHost> </VirtualHost>

2
firewall/manifests/init.pp
View file

@ -111,7 +111,7 @@ class firewall::common::iptables {
} }
$ip6states = versioncmp($::kernelversion, "2.6.20") $ip6states = versioncmp($::kernelversion, "2.6.20")
if $::operatingsystem == "Fedora" and $::operatingsystemrelease > 17 { if $::operatingsystem == "Fedora" and versioncmp($::operatingsystemrelease, "17") == 1 {
package { "firewall-config": package { "firewall-config":
ensure => absent, ensure => absent,
before => Package["firewalld"], before => Package["firewalld"],

24
ldap/manifests/init.pp
View file

@ -95,14 +95,32 @@ class ldap::auth inherits ldap::client {
} }
} }
Fedora: { Fedora: {
package { [ "sssd", "pam_ldap", ]: package { "sssd":
ensure => installed, ensure => installed,
} }
if versioncmp($::operatingsystemrelease, "18") == 1 {
exec { "authconfig --enableldap --enableldapauth --ldapserver='${ldap_uri}' --ldapbasedn='${ldap_basedn}' --krb5realm='' --update":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
creates => "/etc/sssd/sssd.conf",
require => [ Package["authconfig"], Package["sssd"], ],
notify => Exec["authconfig --enablesssd --update"],
}
exec { "authconfig --enablesssd --update":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
refreshonly => true,
before => Augeas["sssd-conf"],
}
} else {
package { "pam_ldap":
ensure => installed,
before => Package["sssd"],
}
exec { "authconfig --enableldap --enableldapauth --ldapserver='${ldap_uri}' --ldapbasedn='${ldap_basedn}' --enablesssd --krb5realm='' --update": exec { "authconfig --enableldap --enableldapauth --ldapserver='${ldap_uri}' --ldapbasedn='${ldap_basedn}' --enablesssd --krb5realm='' --update":
path => "/bin:/usr/bin:/sbin:/usr/sbin", path => "/bin:/usr/bin:/sbin:/usr/sbin",
unless => 'cat /etc/sysconfig/authconfig | egrep "^USELDAPAUTH=yes$|^USELDAP=yes$" | wc -l | egrep "^2$"', unless => 'cat /etc/sysconfig/authconfig | egrep "^USELDAPAUTH=yes$|^USELDAP=yes$" | wc -l | egrep "^2$"',
before => Augeas["sssd-conf"], before => Augeas["sssd-conf"],
require => Package["authconfig", "sssd", "pam_ldap"], require => [ Package["authconfig"], Package["sssd"], ],
}
} }
augeas { "sssd-conf": augeas { "sssd-conf":
changes => [ changes => [
@ -113,7 +131,7 @@ class ldap::auth inherits ldap::client {
], ],
incl => "/etc/sssd/sssd.conf", incl => "/etc/sssd/sssd.conf",
lens => "MySQL.lns", lens => "MySQL.lns",
before => Service["sssd"], notify => Service["sssd"],
} }
service { "sssd": service { "sssd":
ensure => running, ensure => running,

24
nagios/manifests/target.pp
View file

@ -111,6 +111,18 @@ class nagios::target::imaps inherits nagios::target {
} }
# Configure ipp service target.
#
class nagios::target::ipp inherits nagios::target {
@@nagios::service { "${::homename}_ipp":
command => "check_http!-p 631",
description => "IPP",
}
}
# Configure ldap service target. # Configure ldap service target.
# #
class nagios::target::ldap inherits nagios::target { class nagios::target::ldap inherits nagios::target {
@ -135,6 +147,18 @@ class nagios::target::ldaps inherits nagios::target {
} }
# Configure lpd service target.
#
class nagios::target::lpd inherits nagios::target {
@@nagios::service { "${::homename}_lpd":
command => "check_tcp!515",
description => "LPD",
}
}
# Configure pop3 service target. # Configure pop3 service target.
# #
class nagios::target::pop3s inherits nagios::target { class nagios::target::pop3s inherits nagios::target {

2
network/manifests/init.pp
View file

@ -74,7 +74,7 @@ class network::hostname {
} }
} }
"fedora": { "fedora": {
if $::operatingsystemrelease > 17 { if versioncmp($::operatingsystemrelease, "17") == 1 {
file { "/etc/hostname": file { "/etc/hostname":
ensure => present, ensure => present,
content => "${homename}\n", content => "${homename}\n",

64
sendmail/manifests/init.pp
View file

@ -141,8 +141,72 @@ class sendmail::client inherits sendmail::common {
# Configure Sendmail submission using port 587. # Configure Sendmail submission using port 587.
# #
# === Global variables:
#
# $mail_server:
# Hostname of mail server.
#
# $sendmail_ssl_key:
# Path to SSL key file used for authentication. If not set
# certificate authentication will be disabled.
#
# $sendmail_ssl_cert:
# Path to SSL certificate file used for authentication. If not set
# certificate authentication will be disabled.
#
class sendmail::client::msa inherits sendmail::client { class sendmail::client::msa inherits sendmail::client {
if $sendmail_ssl_key and $sendmail_ssl_cert {
include ssl
$ssl_key = basename($sendmail_ssl_key)
$ssl_cert = basename($sendmail_ssl_cert)
file { "${ssl::private}/${ssl_key}":
ensure => present,
mode => "0640",
owner => "root",
group => "smmsp",
source => $sendmail_ssl_key,
notify => Service["sendmail"],
}
file { "${ssl::certs}/${ssl_cert}":
ensure => present,
mode => "0644",
owner => "root",
group => "root",
source => $sendmail_ssl_cert,
notify => Service["sendmail"],
}
file { "/etc/mail/authinfo":
ensure => present,
content => "AuthInfo:${mail_server} \"U: \" \"P: \" \"M:EXTERNAL\"\n",
mode => "0640",
owner => "root",
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
notify => Exec["make authinfo.db"],
}
exec { "make authinfo.db":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "makemap hash /etc/mail/authinfo < /etc/mail/authinfo",
refreshonly => true,
notify => Service["sendmail"],
}
file { "/etc/mail/authinfo.db":
ensure => present,
mode => "0640",
owner => "root",
group => "smmsp",
require => Exec["make authinfo.db"],
before => Service["sendmail"],
}
}
File["/etc/mail/submit.mc"] { File["/etc/mail/submit.mc"] {
content => template("sendmail/submit.mc.erb", "sendmail/submit.mc.msa.erb"), content => template("sendmail/submit.mc.erb", "sendmail/submit.mc.msa.erb"),
} }

6
sendmail/templates/submit.mc.msa.erb
View file

@ -1 +1,7 @@
<% if @ssl_key and @ssl_cert -%>
define(`confCLIENT_CERT', `<%= scope.lookupvar('ssl::certs') %>/<%= @ssl_cert %>')
define(`confCLIENT_KEY', `<%= scope.lookupvar('ssl::private') %>/<%= @ssl_key %>')
define(`confDONT_BLAME_SENDMAIL', `GroupReadableKeyFile')
FEATURE(`authinfo', `DATABASE_MAP_TYPE /etc/mail/authinfo')dnl
<% end -%>
FEATURE(`msp', `[<%= @mail_server %>]', `MSA')dnl FEATURE(`msp', `[<%= @mail_server %>]', `MSA')dnl