diff --git a/clarified/manifests/init.pp b/clarified/manifests/init.pp new file mode 100644 index 0000000..2982348 --- /dev/null +++ b/clarified/manifests/init.pp @@ -0,0 +1,173 @@ +# Install Clarified Analyzer. +# +class clarified::analyzer { + + file { "/usr/local/src/clarified-analyzer-linux-i686.sh": + ensure => present, + mode => 0755, + owner => root, + group => root, + source => "puppet:///files/packages/clarified-analyzer-linux-i686.sh", + links => follow, + } + + exec { "/usr/local/src/clarified-analyzer-linux-i686.sh": + creates => "/usr/local/clarified-analyzer", + require => File["/usr/local/src/clarified-analyzer-linux-i686.sh"], + } + +} + + +# Install Clarified Recorder. +# +class clarified::recorder { + + if $recorder_datadir { + file { "${recorder_datadir}": + ensure => directory, + mode => 0700, + owner => root, + group => root, + } + + file { "/var/lib/recorder": + ensure => link, + target => "${recorder_datadir}", + require => File["${recorder_datadir}"], + } + } else { + file { "/var/lib/recorder": + ensure => directory, + mode => 0700, + owner => root, + group => root, + } + } + + file { [ "/etc/clarified", + "/etc/clarified/probe.d", + "/etc/clarified/remote.d", ]: + ensure => directory, + mode => 0644, + owner => root, + group => root, + before => Exec["/usr/local/src/probe-linux-i686.sh"], + } + + File["/etc/clarified/probe.d", "/etc/clarified/remote.d"] { + purge => true, + force => true, + recurse => true, + source => "puppet:///custom/empty", + } + + file { "/usr/local/src/probe-linux-i686.sh": + ensure => present, + mode => 0755, + owner => root, + group => root, + source => "puppet:///files/packages/probe-linux-i686.sh", + links => follow, + before => Exec["/usr/local/src/probe-linux-i686.sh"], + } + + exec { "/usr/local/src/probe-linux-i686.sh": + creates => "/usr/local/probe", + } + + exec { "clarified-functions": + path => "/bin:/usr/bin:/sbin:/usr/sbin", + cwd => "/usr/local/probe", + command => "sed s:@PREFIX@:/usr/local/probe: clarified-functions.in > /etc/clarified/clarified-functions", + creates => "/etc/clarified/clarified-functions", + require => Exec["/usr/local/src/probe-linux-i686.sh"], + before => Service["clarified-probe"], + } + + file { "/etc/init.d/clarified-probe": + ensure => present, + mode => 0755, + owner => root, + group => root, + source => "/usr/local/probe/probe-init.sh", + require => Exec["/usr/local/src/probe-linux-i686.sh"], + before => Service["clarified-probe"], + } + + service { "clarified-probe": + ensure => running, + enable => true, + status => "pgrep -f /usr/local/probe", + } + +} + + +# Configure probe. +# +# === Parameters +# +# $name: +# Probe name. +# $interface: +# Capture interface. Defaults to probe name. +# $snaplen: +# Snaplen. Defaults to 65535. +# $keeptime: +# Amount of data to keep. Defaults to 100GB. +# $blocksize: +# Storage block size. Defaults to 1GB. +# $filter: +# Optional filter expression. +# $remoteport: +# Remote port. Defaults to 10000. +# $collab: +# Use collab for authentication, format is ":". +# +define clarified::probe($interface="", $snaplen="65535", $keeptime="100GB", + $blocksize="1GB", $filter="", $remoteport="10000", + $collab="") { + + if $interface { + $interface_real = $interface + } else { + $interface_real = $name + } + + if $filter { + $miscopts = "-b ${blocksize} -f \"${filter}\"" + } else { + $miscopts = "-b ${blocksize}" + } + + file { "/etc/clarified/probe.d/${name}": + ensure => present, + mode => 0755, + owner => root, + group => root, + content => template("clarified/probe.erb"), + require => File["/etc/clarified/probe.d"], + notify => Service["clarified-probe"], + } + + file { "/etc/clarified/remote.d/${name}": + ensure => present, + mode => 0755, + owner => root, + group => root, + content => template("clarified/remote.erb"), + require => File["/etc/clarified/remote.d"], + notify => Service["clarified-probe"], + } + + file { "/var/lib/recorder/${name}": + ensure => directory, + mode => 0700, + owner => root, + group => root, + require => File["/var/lib/recorder"], + before => Service["clarified-probe"], + } + +} diff --git a/clarified/templates/probe.erb b/clarified/templates/probe.erb new file mode 100644 index 0000000..f4ad9fa --- /dev/null +++ b/clarified/templates/probe.erb @@ -0,0 +1,63 @@ +#!/bin/sh +# Copyright (c) 2007 Clarified Networks Oy. All rights reserved. +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. + +CAPTURE_DIR=/var/lib/recorder/<%= name %> +NETWORK_IFC=<%= interface_real %> +PROBE_IDENT=<%= name %> +SNAPLEN=<%= snaplen %> +KEEPTIME=<%= keeptime %> +MISC_OPTS='<%= miscopts %>' + +. /etc/clarified/clarified-functions + +start() { + if [ ! -z $SNAPLEN ]; then + PROBE_OPTIONS="-s $SNAPLEN" + fi + if [ ! -z $KEEPTIME ]; then + PROBE_OPTIONS="$PROBE_OPTIONS -k $KEEPTIME" + fi + eval start_probe ${PROBE_OPTIONS} ${MISC_OPTS} ${CAPTURE_DIR} ${NETWORK_IFC} + #LOG_SUCCESS "Probe" $PROBE_IDENT "up" +} + +stop() { + stop_probe $PROBE_IDENT + #LOG_SUCCESS "Probe" $PROBE_IDENT "down" +} + +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart|force-reload) + stop + sleep 2 + start + ;; + *) + echo "Usage: $0 {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac diff --git a/clarified/templates/remote.erb b/clarified/templates/remote.erb new file mode 100644 index 0000000..22f5225 --- /dev/null +++ b/clarified/templates/remote.erb @@ -0,0 +1,56 @@ +#!/bin/sh +# Copyright (c) 2007 Clarified Networks Oy. All rights reserved. +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. + +REMOTE_IDENT=<%= name %> +WORK_DIR=/var/lib/recorder/<%= name %> +PRIVATE_CERT=<%= puppet_ssldir %>/private_keys/<%= homename %>.pem +PUBLIC_CERT=<%= puppet_ssldir %>/certs/<%= homename %>.pem +PORT=<%= remoteport %> +. /etc/clarified/clarified-functions + +start() { + + start_remote -p $PORT -c '<%= collab %>' "$WORK_DIR" "$PRIVATE_CERT" "$PUBLIC_CERT" + #LOG_SUCCESS "Remote" $REMOTE_IDENT "up" +} + +stop() { + stop_remote $REMOTE_IDENT + #LOG_SUCCESS "Remote" $REMOTE_IDENT "down" +} + +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart|force-reload) + stop + sleep 2 + start + ;; + *) + echo "Usage: $0 {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac