tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merged in osalmi/puppet (pull request #18)

Browse source
This commit is contained in:
Timo Mäkinen 2012-11-17 11:17:53 +02:00
commit 681d302173
70 changed files with 1563 additions and 597 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
abusehelper/manifests/init.pp
View file

@ -2,14 +2,14 @@
#
class abusehelper {
case $operatingsystem {
ubuntu: {
case $::operatingsystem {
"ubuntu": {
package { [ "python-pyme", "python-tz" ]:
ensure => installed,
}
}
centos: {
case $operatingsystemrelease {
"centos","redhat": {
case $::operatingsystemrelease {
/^5/: {
package { "python26":
ensure => installed,
@ -44,7 +44,7 @@ class abusehelper {
ensure => present,
mode => "0644",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
@ -61,7 +61,7 @@ class abusehelper {
ensure => present,
mode => "0644",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},

10
adobe/manifests/init.pp
View file

@ -2,15 +2,15 @@
#
class adobe::common {
case $operatingsystem {
"centos","fedora": {
case $::operatingsystem {
"centos","redhat","fedora": {
include yum::repo::adobe
}
"ubuntu": {
include apt::repo::partner
}
default: {
fail("Adobe products via puppet not supported on ${operatingsystem}")
fail("Adobe products via puppet not supported on ${::operatingsystem}")
}
}
@ -36,7 +36,7 @@ class adobe::flash {
include adobe::common
package { "adobe-flash-plugin":
name => $operatingsystem ? {
name => $::operatingsystem ? {
"ubuntu" => "adobe-flashplugin",
default => "flash-plugin",
},
@ -53,7 +53,7 @@ class adobe::reader {
include adobe::common
package { "acroread":
name => $operatingsystem ? {
name => $::operatingsystem ? {
"ubuntu" => "acroread",
default => "AdobeReader_enu",
},

166
apache/manifests/init.pp
View file

@ -5,7 +5,7 @@ import "redhat.pp"
#
class apache::common {
case $operatingsystem {
case $::operatingsystem {
debian,ubuntu: {
if ! $httpd_user {
$user = "www-data"
@ -65,7 +65,7 @@ class apache::common {
}
package { "httpd":
name => $operatingsystem ? {
name => $::operatingsystem ? {
debian => "apache2",
ubuntu => "apache2",
default => "httpd",
@ -110,11 +110,11 @@ class apache::common {
#
class apache::server inherits apache::common {
case $operatingsystem {
debian,ubuntu: {
case $::operatingsystem {
"debian","ubuntu": {
include apache::debian::server
}
centos,fedora: {
"centos","redhat","fedora": {
if ! $httpd_user {
$user = "apache"
} else {
@ -128,7 +128,7 @@ class apache::server inherits apache::common {
include apache::redhat::server
}
default: {
fail("Apache module not supported in ${operatingsystem}.")
fail("Apache module not supported in ${::operatingsystem}.")
}
}
@ -159,15 +159,15 @@ class apache::server inherits apache::common {
#
define apache::site($aliases="", $root="", $redirect="") {
case $operatingsystem {
debian,ubuntu: {
case $::operatingsystem {
"debian","ubuntu": {
apache::debian::site { $name:
aliases => $aliases,
root => $root,
redirect => $redirect,
}
}
centos,fedora: {
"centos","redhat","fedora": {
apache::redhat::site { $name:
aliases => $aliases,
root => $root,
@ -175,7 +175,7 @@ define apache::site($aliases="", $root="", $redirect="") {
}
}
default: {
fail("Apache module not supported in ${operatingsystem}.")
fail("Apache module not supported in ${::operatingsystem}.")
}
}
@ -204,11 +204,11 @@ define apache::site($aliases="", $root="", $redirect="") {
#
class apache::sslserver inherits apache::common {
case $operatingsystem {
debian,ubuntu: {
case $::operatingsystem {
"debian","ubuntu": {
include apache::debian::sslserver
}
centos,fedora: {
"centos","redhat","fedora": {
if ! $httpsd_user {
$user = "httpsd"
} else {
@ -222,7 +222,7 @@ class apache::sslserver inherits apache::common {
include apache::redhat::sslserver
}
default: {
fail("Apache module not supported in ${operatingsystem}.")
fail("Apache module not supported in ${::operatingsystem}.")
}
}
@ -271,8 +271,8 @@ define apache::sslsite($ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="",
include apache::sslserver::listen
case $operatingsystem {
debian,ubuntu: {
case $::operatingsystem {
"debian","ubuntu": {
$apache_ssldir = "/etc/ssl"
apache::debian::sslsite { $name:
ipaddr => $ipaddr,
@ -283,7 +283,7 @@ define apache::sslsite($ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="",
require => Class["apache::sslserver::listen"],
}
}
centos,fedora: {
"centos","redhat","fedora": {
$apache_ssldir = "/etc/pki/tls"
apache::redhat::sslsite { $name:
ipaddr => $ipaddr,
@ -295,7 +295,7 @@ define apache::sslsite($ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="",
}
}
default: {
fail("Apache module not supported in ${operatingsystem}.")
fail("Apache module not supported in ${::operatingsystem}.")
}
}
@ -339,8 +339,8 @@ define apache::sslsite($ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="",
#
define apache::configfile($source="", $content="", $http=true, $https=true) {
case $operatingsystem {
debian,ubuntu: {
case $::operatingsystem {
"debian","ubuntu": {
apache::debian::configfile { $name:
source => $source,
content => $content,
@ -348,7 +348,7 @@ define apache::configfile($source="", $content="", $http=true, $https=true) {
https => $https,
}
}
centos,fedora: {
"centos","redhat","fedora": {
apache::redhat::configfile { $name:
source => $source,
content => $content,
@ -357,7 +357,7 @@ define apache::configfile($source="", $content="", $http=true, $https=true) {
}
}
default: {
fail("Apache module not supported in ${operatingsystem}.")
fail("Apache module not supported in ${::operatingsystem}.")
}
}
@ -386,13 +386,13 @@ class apache::mod::auth_kerb {
#
class apache::mod::authnz_ldap {
case $operatingsystem {
debian,ubuntu: {
case $::operatingsystem {
"debian","ubuntu": {
apache::debian::a2enmod { "authnz_ldap": }
}
centos,fedora: { }
"centos","redhat","fedora": { }
default: {
fail("Apache module not supported in ${operatingsystem}.")
fail("Apache module not supported in ${::operatingsystem}.")
}
}
@ -402,13 +402,13 @@ class apache::mod::authnz_ldap {
#
class apache::mod::include {
case $operatingsystem {
debian,ubuntu: {
case $::operatingsystem {
"debian","ubuntu": {
apache::debian::a2enmod { "include": }
}
centos,fedora: { }
"centos","redhat","fedora": { }
default: {
fail("Apache module not supported in ${operatingsystem}.")
fail("Apache module not supported in ${::operatingsystem}.")
}
}
@ -419,7 +419,7 @@ class apache::mod::include {
class apache::mod::fcgid {
package { "mod_fcgid":
name => $operatingsystem ? {
name => $::operatingsystem ? {
debian => "libapache2-mod-fcgid",
ubuntu => "libapache2-mod-fcgid",
default => "mod_fcgid",
@ -428,19 +428,19 @@ class apache::mod::fcgid {
require => Package["httpd"],
}
case $operatingsystem {
debian,ubuntu: {
case $::operatingsystem {
"debian","ubuntu": {
apache::debian::a2enmod { "fcgid":
require => Package ["libapache2-mod-fcgid"],
}
}
centos,fedora: {
"centos","redhat","fedora": {
apache::configfile { "fcgid.conf":
require => Package["mod_fcgid"],
}
}
default: {
fail("Apache module not supported in ${operatingsystem}.")
fail("Apache module not supported in ${::operatingsystem}.")
}
}
@ -451,13 +451,13 @@ class apache::mod::fcgid {
#
class apache::mod::headers {
case $operatingsystem {
debian,ubuntu: {
case $::operatingsystem {
"debian","ubuntu": {
apache::debian::a2enmod { "headers": }
}
centos,fedora: { }
"centos","redhat","fedora": { }
default: {
fail("Apache module not supported in ${operatingsystem}.")
fail("Apache module not supported in ${::operatingsystem}.")
}
}
@ -468,13 +468,13 @@ class apache::mod::headers {
#
class apache::mod::ldap {
case $operatingsystem {
debian,ubuntu: {
case $::operatingsystem {
"debian","ubuntu": {
apache::debian::a2enmod { "ldap": }
}
centos,fedora: { }
"centos","redhat","fedora": { }
default: {
fail("Apache module not supported in ${operatingsystem}.")
fail("Apache module not supported in ${::operatingsystem}.")
}
}
@ -486,7 +486,7 @@ class apache::mod::ldap {
class apache::mod::perl {
package { "mod_perl":
name => $operatingsystem ? {
name => $::operatingsystem ? {
debian => "libapache2-mod-perl2",
ubuntu => "libapache2-mod-perl2",
default => "mod_perl",
@ -495,19 +495,19 @@ class apache::mod::perl {
require => Package["httpd"],
}
case $operatingsystem {
debian,ubuntu: {
case $::operatingsystem {
"debian","ubuntu": {
apache::debian::a2enmod { "perl2":
require => Package ["libapache2-mod-perl2"],
}
}
centos,fedora: {
"centos","redhat","fedora": {
apache::configfile { "perl.conf":
require => Package["mod_perl"],
}
}
default: {
fail("Apache module not supported in ${operatingsystem}.")
fail("Apache module not supported in ${::operatingsystem}.")
}
}
@ -519,7 +519,7 @@ class apache::mod::perl {
class apache::mod::php {
package { "php":
name => $operatingsystem ? {
name => $::operatingsystem ? {
debian => "libapache2-mod-php5",
ubuntu => "libapache2-mod-php5",
default => "php",
@ -528,19 +528,19 @@ class apache::mod::php {
require => Package["httpd"],
}
case $operatingsystem {
debian,ubuntu: {
case $::operatingsystem {
"debian","ubuntu": {
apache::debian::a2enmod { "php5":
require => Package ["libapache2-mod-php5"],
}
}
centos,fedora: {
"centos","redhat","fedora": {
apache::configfile { "php.conf":
require => Package["php"],
}
}
default: {
fail("Apache module not supported in ${operatingsystem}.")
fail("Apache module not supported in ${::operatingsystem}.")
}
}
@ -551,19 +551,19 @@ class apache::mod::php {
#
class apache::mod::proxy {
case $operatingsystem {
debian,ubuntu: {
case $::operatingsystem {
"debian","ubuntu": {
apache::debian::a2enmod { "proxy":
content => template("apache/proxy.conf.erb"),
}
}
centos,fedora: {
"centos","redhat","fedora": {
apache::configfile { "proxy.conf":
content => template("apache/proxy.conf.erb"),
}
}
default: {
fail("Apache module not supported in ${operatingsystem}.")
fail("Apache module not supported in ${::operatingsystem}.")
}
}
@ -574,13 +574,13 @@ class apache::mod::proxy {
#
class apache::mod::proxy_http {
case $operatingsystem {
debian,ubuntu: {
case $::operatingsystem {
"debian","ubuntu": {
apache::debian::a2enmod { "proxy_http": }
}
centos,fedora: { }
"centos","redhat","fedora": { }
default: {
fail("Apache module not supported in ${operatingsystem}.")
fail("Apache module not supported in ${::operatingsystem}.")
}
}
@ -591,13 +591,13 @@ class apache::mod::proxy_http {
#
class apache::mod::proxy_balancer {
case $operatingsystem {
debian,ubuntu: {
case $::operatingsystem {
"debian","ubuntu": {
apache::debian::a2enmod { "proxy_balancer": }
}
centos,fedora: { }
"centos","redhat","fedora": { }
default: {
fail("Apache module not supported in ${operatingsystem}.")
fail("Apache module not supported in ${::operatingsystem}.")
}
}
@ -609,7 +609,7 @@ class apache::mod::proxy_balancer {
class apache::mod::python {
package { "mod_python":
name => $operatingsystem ? {
name => $::operatingsystem ? {
debian => "libapache2-mod-python",
ubuntu => "libapache2-mod-python",
default => "mod_python",
@ -618,19 +618,19 @@ class apache::mod::python {
require => Package["httpd"],
}
case $operatingsystem {
debian,ubuntu: {
case $::operatingsystem {
"debian","ubuntu": {
apache::debian::a2enmod { "python":
require => Package ["libapache2-mod-python"],
}
}
centos,fedora: {
"centos","redhat","fedora": {
apache::configfile { "python.conf":
require => Package["mod_python"],
}
}
default: {
fail("Apache module not supported in ${operatingsystem}.")
fail("Apache module not supported in ${::operatingsystem}.")
}
}
@ -641,13 +641,13 @@ class apache::mod::python {
#
class apache::mod::rewrite {
case $operatingsystem {
debian,ubuntu: {
case $::operatingsystem {
"debian","ubuntu": {
apache::debian::a2enmod { "rewrite": }
}
centos,fedora: { }
"centos","redhat","fedora": { }
default: {
fail("Apache module not supported in ${operatingsystem}.")
fail("Apache module not supported in ${::operatingsystem}.")
}
}
@ -659,7 +659,7 @@ class apache::mod::rewrite {
class apache::mod::wsgi {
package { "mod_wsgi":
name => $operatingsystem ? {
name => $::operatingsystem ? {
debian => "libapache2-mod-wsgi",
ubuntu => "libapache2-mod-wsgi",
default => "mod_wsgi",
@ -668,19 +668,19 @@ class apache::mod::wsgi {
require => Package["httpd"],
}
case $operatingsystem {
debian,ubuntu: {
case $::operatingsystem {
"debian","ubuntu": {
apache::debian::a2enmod { "wsgi":
require => Package ["libapache2-mod-wsgi"],
}
}
centos,fedora: {
"centos","redhat","fedora": {
apache::configfile { "wsgi.conf":
require => Package["mod_wsgi"],
}
}
default: {
fail("Apache module not supported in ${operatingsystem}.")
fail("Apache module not supported in ${::operatingsystem}.")
}
}
@ -704,7 +704,7 @@ class apache::webalizer {
"/srv/www/webalizer/html", ]:
ensure => directory,
mode => "0755",
owner => $operatingsystem ? {
owner => $::operatingsystem ? {
debian => root,
ubuntu => root,
default => webalizer,
@ -729,7 +729,7 @@ class apache::webalizer {
source => "puppet:///modules/custom/empty",
}
case $operatingsystem {
case $::operatingsystem {
debian,ubuntu: {
file { "/etc/cron.daily/webalizer":
ensure => absent,
@ -757,7 +757,7 @@ class apache::webalizer {
ensure => present,
environment => "MAILTO=root",
command => "/usr/local/sbin/www-webalizer.sh",
user => $operatingsystem ? {
user => $::operatingsystem ? {
debian => root,
ubuntu => root,
default => webalizer,
@ -788,7 +788,7 @@ define apache::webalizer::site($site_proto, $site_fqdn) {
"/srv/www/webalizer/html/${name}", ]:
ensure => directory,
mode => "0755",
owner => $operatingsystem ? {
owner => $::operatingsystem ? {
debian => root,
ubuntu => root,
default => webalizer,

2
apache/manifests/redhat.pp
View file

@ -158,7 +158,7 @@ class apache::redhat::sslserver {
notify => Service["httpsd"],
}
case $operatingsystem {
case $::operatingsystem {
"fedora": {
file { "/lib/systemd/system/httpsd.service":
ensure => present,

2
apache/templates/httpd.conf.erb
View file

@ -193,7 +193,7 @@ LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
<% if operatingsystem == 'CentOS' and operatingsystemrelease =~ /^[1-5]\./ -%>
<% if ['CentOS','RedHat'].index(operatingsystem) and operatingsystemrelease =~ /^[1-5]\./ -%>
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
<% end -%>

2
apache/templates/httpsd.conf.erb
View file

@ -193,7 +193,7 @@ LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
<% if operatingsystem == 'CentOS' and operatingsystemrelease =~ /^[1-5]\./ -%>
<% if ['CentOS','RedHat'].index(operatingsystem) and operatingsystemrelease =~ /^[1-5]\./ -%>
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
<% end -%>

2
apache/templates/ssl.conf.erb
View file

@ -3,7 +3,7 @@ LoadModule ssl_module modules/mod_ssl.so
</IfModule>
Listen 443
<% if operatingsystem == 'CentOS' or operatingsystem == 'Fedora' -%>
<% if ['CentOS','RedHat'].index(operatingsystem) or operatingsystem == 'Fedora' -%>
##
## SSL Global Context
##

3
apt/manifests/init.pp
View file

@ -173,8 +173,9 @@ class apt::mirror {
file { "/etc/apt/miror.list":
ensure => present,
name => $operatingsystem ? {
name => $::operatingsystem ? {
centos => "/etc/apt-mirror.list",
redhat => "/etc/apt-mirror.list",
default => "/etc/apt/miror.list",
},
content => template("apt/mirror.list.erb"),

63
backuppc/manifests/init.pp
View file

@ -38,7 +38,7 @@ class backuppc::client {
backuppc::manualclient { $homename:
ensure => present,
operatingsystem => $operatingsystem,
operatingsystem => $::operatingsystem,
}
include rsync
@ -107,12 +107,25 @@ class backuppc::server {
require => Package["BackupPC"],
}
if $operatingsystem == "CentOS" and $operatingsystemrelease >= 6 {
if "${selinux}" == "true" {
selinux::manage_fcontext { "/etc/BackupPC(/.*)?":
type => "httpd_sys_rw_content_t",
case $::operatingsystem {
"centos","redhat": {
case $::operatingsystemrelease {
/^[1-5]/: {
$backuppc_seltype = "httpd_sys_script_rw_t"
}
default: {
$backuppc_seltype = "httpd_sys_rw_content_t"
if $::selinux == "true" {
selinux::manage_fcontext { "/etc/BackupPC(/.*)?":
type => $backuppc_seltype,
}
}
}
}
}
default: {
$backuppc_seltype = "httpd_sys_rw_content_t"
}
}
file { "/etc/BackupPC/apache.users":
@ -120,13 +133,7 @@ class backuppc::server {
mode => "0640",
owner => "root",
group => $apache::sslserver::group,
seltype => $operatingsystem ? {
"centos" => $operatingsystemrelease ? {
/^5/ => "httpd_sys_script_rw_t",
default => "httpd_sys_rw_content_t",
},
default => "httpd_sys_rw_content_t",
},
seltype => $backuppc_seltype,
require => Package["BackupPC"],
}
@ -136,13 +143,7 @@ class backuppc::server {
mode => "0440",
owner => "backuppc",
group => "backuppc",
seltype => $operatingsystem ? {
"centos" => $operatingsystemrelease ? {
/^5/ => "httpd_sys_script_rw_t",
default => "httpd_sys_rw_content_t",
},
default => "httpd_sys_rw_content_t",
},
seltype => $backuppc_seltype,
require => Package["BackupPC"],
notify => Service["backuppc"],
}
@ -154,13 +155,7 @@ class backuppc::server {
mode => "0644",
owner => "root",
group => "backuppc",
seltype => $operatingsystem ? {
"centos" => $operatingsystemrelease ? {
/^5/ => "httpd_sys_script_rw_t",
default => "httpd_sys_rw_content_t",
},
default => "httpd_sys_rw_content_t",
},
seltype => $backuppc_seltype,
require => Package["BackupPC"],
notify => Exec["generate-backuppc-hosts"],
}
@ -173,13 +168,7 @@ class backuppc::server {
mode => "0640",
owner => "root",
group => "backuppc",
seltype => $operatingsystem ? {
"centos" => $operatingsystemrelease ? {
/^5/ => "httpd_sys_script_rw_t",
default => "httpd_sys_rw_content_t",
},
default => "httpd_sys_rw_content_t",
},
seltype => $backuppc_seltype,
source => "puppet:///modules/custom/empty",
require => Package["BackupPC"],
notify => Exec["generate-backuppc-hosts"],
@ -194,13 +183,7 @@ class backuppc::server {
}
File <<| tag == "backuppc" |>> {
seltype => $operatingsystem ? {
"centos" => $operatingsystemrelease ? {
/^5/ => "httpd_sys_script_rw_t",
default => "httpd_sys_rw_content_t",
},
default => "httpd_sys_rw_content_t",
},
seltype => $backuppc_seltype,
}
service { "backuppc":

4
cairo/manifests/init.pp
View file

@ -3,7 +3,7 @@
class cairo {
package { "cairo":
name => $operatingsystem ? {
name => $::operatingsystem ? {
debian => "libcairo2",
ubuntu => "libcairo2",
default => "cairo",
@ -19,7 +19,7 @@ class cairo {
class cairo::python inherits cairo {
package { "pycairo":
name => $operatingsystem ? {
name => $::operatingsystem ? {
debian => "python-cairo",
ubuntu => "python-cairo",
default => "pycairo",

6
cups/manifests/init.pp
View file

@ -12,17 +12,17 @@ class cups::client {
content => template("cups/client.conf.erb"),
mode => "0644",
owner => root,
group => $operatingsystem ? {
group => $::operatingsystem ? {
openbsd => wheel,
default => lp,
},
require => Package["cups"],
}
case $operatingsystem {
case $::operatingsystem {
openbsd: {
exec { "cups-enable":
command => $operatingsystemrelease ? {
command => $::operatingsystemrelease ? {
/4\.[1-8]/ => "echo y | cups-enable",
default => "sh -c '. /etc/rc.d/cupsd check ; rc_pre'",
},

4
custom/manifests/init.pp
View file

@ -5,7 +5,7 @@ class custom {
ensure => directory,
mode => "0755",
owner => root,
group => $operatingsystem ? {
group => $::operatingsystem ? {
OpenBSD => wheel,
default => root,
},
@ -121,7 +121,7 @@ class custom::rootpassword {
fail("Root password hash not defined.")
}
case $operatingsystem {
case $::operatingsystem {
openbsd: {
exec { "usermod -p \${SECRET} root":
environment => "SECRET=${root_password}",

28
dhcp/manifests/init.pp
View file

@ -4,7 +4,7 @@
class dhcp::server::common {
case $::operatingsystem {
"centos": {
"centos","redhat": {
case $::operatingsystemrelease {
/[45]\.[0-9]/: {
$confdir = "/etc"
@ -26,7 +26,7 @@ class dhcp::server::common {
}
package { "dhcp":
name => $operatingsystem ? {
name => $::operatingsystem ? {
Debian => "dhcp3-server",
OpenBSD => "isc-dhcp-server",
Ubuntu => "dhcp3-server",
@ -36,19 +36,19 @@ class dhcp::server::common {
}
file { "dhcpd.leases":
name => $operatingsystem ? {
name => $::operatingsystem ? {
Debian => "/var/lib/dhcp3/dhcpd.leases",
OpenBSD => "/var/db/dhcpd.leases",
Ubuntu => "/var/lib/dhcp3/dhcpd.leases",
default => "/var/lib/dhcpd/dhcpd.leases",
},
ensure => present,
owner => $operatingsystem ? {
owner => $::operatingsystem ? {
debian => dhcpd,
ubuntu => dhcpd,
default => root,
},
group => $operatingsystem ? {
group => $::operatingsystem ? {
Debian => dhcpd,
OpenBSD => wheel,
Ubuntu => dhcpd,
@ -58,7 +58,7 @@ class dhcp::server::common {
before => Service["dhcpd"],
}
if $operatingsystem == "OpenBSD" and $operatingsystemrelease !~ /4\.[1-8]/ {
if $::operatingsystem == "OpenBSD" and $::operatingsystemrelease !~ /4\.[1-8]/ {
file { "/etc/rc.d/isc_dhcpd":
ensure => present,
mode => "0555",
@ -70,9 +70,9 @@ class dhcp::server::common {
}
service { "dhcpd":
name => $operatingsystem ? {
name => $::operatingsystem ? {
Debian => "dhcp3-server",
OpenBSD => $operatingsystemrelease ? {
OpenBSD => $::operatingsystemrelease ? {
/4\.[1-8]/ => "isc-dhcpd",
default => "isc_dhcpd",
},
@ -81,7 +81,7 @@ class dhcp::server::common {
},
ensure => running,
enable => true,
binary => $operatingsystem ? {
binary => $::operatingsystem ? {
OpenBSD => "/usr/local/sbin/dhcpd",
default => undef,
},
@ -97,7 +97,7 @@ class dhcp::server::common {
if $dhcp_server_interface {
case $::operatingsystem {
"fedora","centos": {
"fedora","centos","redhat": {
file { "/etc/sysconfig/dhcpd":
ensure => present,
content => "DHCPDARGS=${dhcp_server_interface}\n",
@ -133,7 +133,7 @@ class dhcp::server inherits dhcp::server::common {
"puppet:///files/dhcp/dhcpd.conf", ],
mode => "0644",
owner => root,
group => $operatingsystem ? {
group => $::operatingsystem ? {
openbsd => wheel,
default => root,
},
@ -160,7 +160,7 @@ class dhcp::server::ldap inherits dhcp::server::common {
source => "puppet:///modules/dhcp/dhcpdump.py",
mode => "0755",
owner => root,
group => $operatingsystem ? {
group => $::operatingsystem ? {
OpenBSD => wheel,
default => root,
},
@ -173,7 +173,7 @@ class dhcp::server::ldap inherits dhcp::server::common {
"puppet:///files/dhcp/dhcpd.conf.in", ],
mode => "0644",
owner => root,
group => $operatingsystem ? {
group => $::operatingsystem ? {
OpenBSD => wheel,
default => root,
},
@ -219,7 +219,7 @@ define dhcp::relay ($interface, $server_addr) {
hasrestart => false,
hasstatus => false,
pattern => "/usr/sbin/dhcrelay -i ${interface} ${server_addr}",
start => $operatingsystem ? {
start => $::operatingsystem ? {
OpenBSD => "/usr/sbin/dhcrelay -i ${interface} ${server_addr}",
default => undef,
}

84
dns/manifests/init.pp
View file

@ -2,26 +2,42 @@
#
class dns::server {
if $operatingsystem != "OpenBSD" {
package { "bind":
name => $operatingsystem ? {
"ubuntu" => "bind9",
"centos" => $operatingsystemrelease ? {
/^5\..*/ => [ "bind-chroot", "caching-nameserver", ],
default => "bind-chroot",
},
default => "bind-chroot",
case $::operatingsystem {
"centos","redhat": {
case $::operatingsystemrelease {
/^[1-5]/: {
$bind_package = [ "bind-chroot", "caching-nameserver" ]
}
default: {
$bind_package = "bind-chroot"
}
}
}
"debian","ubuntu": {
$bind_package = "bind9"
}
"openbsd": {
$bind_package = undef
}
default: {
$bind_package = "bind-chroot"
}
}
if $bind_package {
package { "bind":
ensure => installed,
name => $bind_package,
}
}
# first set per os paths
case $operatingsystem {
case $::operatingsystem {
"fedora": {
$confdir = "/etc/named"
}
"centos": {
case $operatingsystemrelease {
"centos","redhat": {
case $::operatingsystemrelease {
/^5\..*/: {
$chroot = "/var/named/chroot"
}
@ -53,7 +69,7 @@ class dns::server {
$chroot = ""
}
case $operatingsystem {
case $::operatingsystem {
"ubuntu": {
$group = "bind"
}
@ -67,7 +83,7 @@ class dns::server {
mode => "0640",
owner => "root",
group => $group,
require => $operatingsystem ? {
require => $::operatingsystem ? {
"openbsd" => undef,
default => Package["bind"],
},
@ -92,18 +108,18 @@ class dns::server {
}
service { "named":
name => $operatingsystem ? {
name => $::operatingsystem ? {
"ubuntu" => "bind9",
default => "named",
},
ensure => running,
enable => true,
status => "/usr/sbin/rndc status",
stop => $operatingsystem ? {
stop => $::operatingsystem ? {
"openbsd" => "pkill -u named",
default => undef,
},
start => $operatingsystem ? {
start => $::operatingsystem ? {
"openbsd" => "/usr/sbin/named",
default => undef,
},
@ -116,7 +132,7 @@ class dns::server {
mode => "0640",
owner => "root",
group => $group,
require => $operatingsystem ? {
require => $::operatingsystem ? {
"openbsd" => undef,
default => Package["bind"],
},
@ -127,7 +143,7 @@ class dns::server {
content => template("dns/generate-named-conf.sh.erb"),
mode => "0755",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
@ -150,7 +166,7 @@ class dns::server {
mode => "0640",
owner => "root",
group => $group,
require => $operatingsystem ? {
require => $::operatingsystem ? {
"openbsd" => undef,
default => Package["bind"],
},
@ -165,7 +181,7 @@ class dns::server {
mode => "0640",
owner => "root",
group => $group,
require => $operatingsystem ? {
require => $::operatingsystem ? {
"openbsd" => undef,
default => Package["bind"],
},
@ -189,7 +205,7 @@ class dns::server::ldap inherits dns::server {
source => "puppet:///modules/dns/dnsdump.py",
mode => 0755,
owner => root,
group => $operatingsystem ? {
group => $::operatingsystem ? {
OpenBSD => wheel,
default => root,
},
@ -250,11 +266,11 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [],
case $role {
"master": {
case $operatingsystem {
case $::operatingsystem {
"openbsd": {
$zonedir = "/master/${view}"
}
"fedora","centos": {
"fedora","centos","redhat": {
$zonedir = "/var/named/${view}"
}
"ubuntu": {
@ -266,11 +282,11 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [],
if $key == "none" {
fail("No key defined for dns::zone '${name}'")
}
case $operatingsystem {
case $::operatingsystem {
"openbsd": {
$zonedir = "/dynamic/${view}"
}
"fedora","centos": {
"fedora","centos","redhat": {
$zonedir = "/var/named/dynamic/${view}"
}
"ubuntu": {
@ -282,11 +298,11 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [],
if $master == "" {
fail("No master defined for dns::zone '${name}'")
}
case $operatingsystem {
case $::operatingsystem {
"openbsd": {
$zonedir = "/slave/${view}"
}
"fedora","centos": {
"fedora","centos","redhat": {
$zonedir = "/var/named/slaves/${view}"
}
"ubuntu": {
@ -341,7 +357,7 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [],
mode => "0640",
owner => "root",
group => $dns::server::group,
require => $operatingsystem ? {
require => $::operatingsystem ? {
"openbsd" => undef,
default => Package["bind"],
},
@ -356,7 +372,7 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [],
mode => "0640",
owner => "root",
group => $dns::server::group,
require => $operatingsystem ? {
require => $::operatingsystem ? {
"openbsd" => undef,
default => Package["bind"],
},
@ -369,7 +385,7 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [],
mode => "0640",
owner => "root",
group => $dns::server::group,
require => $operatingsystem ? {
require => $::operatingsystem ? {
"openbsd" => undef,
default => Package["bind"],
},
@ -384,7 +400,7 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [],
mode => "0640",
owner => "root",
group => $dns::server::group,
require => $operatingsystem ? {
require => $::operatingsystem ? {
"openbsd" => undef,
default => Package["bind"],
},
@ -399,7 +415,7 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [],
mode => "0640",
owner => "root",
group => $dns::server::group,
require => $operatingsystem ? {
require => $::operatingsystem ? {
"openbsd" => undef,
default => Package["bind"],
},
@ -438,7 +454,7 @@ class dns::nsupdate {
content => template("dns/nsupdate.sh.erb"),
mode => "0700",
owner => root,
group => $operatingsystem ? {
group => $::operatingsystem ? {
openbsd => wheel,
default => root,
},

12
dovecot/manifests/init.pp
View file

@ -3,14 +3,14 @@ import "dovecot2.pp" # Dovecot v2.x
class dovecot::common {
case $operatingsystem {
centos,fedora: {
case $::operatingsystem {
"centos","redhat","fedora": {
package { ["dovecot"]:
ensure => installed,
}
}
default: {
fail("Dovecot module not supported in ${operatingsystem}.")
fail("Dovecot module not supported in ${::operatingsystem}.")
}
}
}
@ -37,8 +37,8 @@ class dovecot::server inherits dovecot::common {
$dovecot_mailbox_format = "mbox"
}
case $operatingsystem {
centos,fedora: {
case $::operatingsystem {
"centos","redhat","fedora": {
$dovecot_ssl_dir = "/etc/pki/tls"
case $operatingsystemrelease {
@ -51,7 +51,7 @@ class dovecot::server inherits dovecot::common {
}
}
default: {
fail("Dovecot module not supported in ${operatingsystem}.")
fail("Dovecot module not supported in ${::operatingsystem}.")
}
}

17
ejabberd/manifests/init.pp
View file

@ -69,11 +69,11 @@ class ejabberd {
status => "ejabberdctl status >/dev/null",
}
case $operatingsystem {
"debian", "ubuntu": {
case $::operatingsystem {
"debian","ubuntu": {
$cert_prefix = "/etc/ssl"
}
"centos", "fedora": {
"centos","redhat","fedora": {
$cert_prefix = "/etc/pki/tls"
}
}
@ -137,7 +137,7 @@ class ejabberd {
notify => Service["ejabberd"],
}
case $operatingsystem {
case $::operatingsystem {
"debian", "ubuntu": {
augeas { "set-ejabberd-default":
context => "/files/etc/default/ejabberd",
@ -206,14 +206,14 @@ class ejabberd::collab inherits ejabberd {
require => [ User["ejabberd"], Group["collab"] ],
}
case $operatingsystem {
"centos", "fedora": {
case $::operatingsystem {
"centos","redhat","fedora": {
package { ["erlang", "erlang-esasl"]:
ensure => installed,
before => Package["ejabberd"],
}
}
"debian", "ubuntu": {
"debian","ubuntu": {
package { ["erlang", "erlang-base"]:
ensure => installed,
before => Package["ejabberd"],
@ -229,8 +229,9 @@ class ejabberd::collab inherits ejabberd {
before => Package["ejabberd"],
}
Package["ejabberd"] {
provider => $operatingsystem ? {
provider => $::operatingsystem ? {
"centos" => "rpm",
"redhat" => "rpm",
"fedora" => "rpm",
"debian" => "dpkg",
"ubuntu" => "dpkg",

41
firewall/manifests/init.pp
View file

@ -30,19 +30,16 @@ class firewall {
if ! $firewall_rules {
$firewall_rules = []
}
if ! $firewall_modules {
$firewall_modules = []
}
case $operatingsystem {
centos,debian,fedora,ubuntu: {
case $::operatingsystem {
"centos","redhat","debian","fedora","ubuntu": {
include firewall::iptables
}
openbsd: {
"openbsd": {
include firewall::pf
}
default: {
fail("Firewall module not supported in ${operatingsystem}")
fail("Firewall module not supported in ${::operatingsystem}")
}
}
@ -61,15 +58,15 @@ class firewall {
#
class firewall::custom {
case $operatingsystem {
centos,debian,fedora,ubuntu: {
case $::operatingsystem {
"centos","redhat","debian","fedora","ubuntu": {
include firewall::custom::iptables
}
openbsd: {
include firewall::custom::pf
}
default: {
fail("Firewall module not supported in ${operatingsystem}")
fail("Firewall module not supported in ${::operatingsystem}")
}
}
@ -81,10 +78,11 @@ class firewall::custom {
class firewall::common::iptables {
package { "iptables":
name => $operatingsystem ? {
name => $::operatingsystem ? {
centos => [ "iptables", "iptables-ipv6" ],
redhat => [ "iptables", "iptables-ipv6" ],
debian => [ "iptables", "iptables-persistent" ],
fedora => $operatingsystemrelease ? {
fedora => $::operatingsystemrelease ? {
/^1[0-5]/ => [ "iptables", "iptables-ipv6" ],
default => "iptables",
},
@ -93,7 +91,7 @@ class firewall::common::iptables {
}
file { "/etc/sysconfig/iptables":
name => $operatingsystem ? {
name => $::operatingsystem ? {
debian => "/etc/iptables/rules",
ubuntu => "/etc/iptables/rules",
default => "/etc/sysconfig/iptables",
@ -106,8 +104,8 @@ class firewall::common::iptables {
notify => Service["iptables"],
}
case $operatingsystem {
centos,fedora: {
case $::operatingsystem {
"centos","redhat","fedora": {
$ip6states = versioncmp($kernelversion, "2.6.20")
file { "/etc/sysconfig/ip6tables":
ensure => present,
@ -125,10 +123,10 @@ class firewall::common::iptables {
require => Package["iptables"],
}
if $firewall_modules {
$firewall_modules_str = inline_template('\'"<%= @firewall_modules.join(" ") -%>"\'')
$firewall_modules_str = inline_template('<%= @firewall_modules.join(" ") -%>')
augeas { "iptables-config":
context => "/files/etc/sysconfig/iptables-config",
changes => [ "set IPTABLES_MODULES ${firewall_modules_str}" ],
changes => [ "set IPTABLES_MODULES '${firewall_modules_str}'" ],
notify => Service["iptables"],
}
}
@ -136,15 +134,16 @@ class firewall::common::iptables {
}
service { "iptables":
name => $operatingsystem ? {
name => $::operatingsystem ? {
debian => "iptables-persistent",
ubuntu => "iptables-persistent",
default => "iptables",
},
ensure => running,
enable => true,
hasrestart => $operatingsystem ? {
hasrestart => $::operatingsystem ? {
centos => true,
redhat => true,
debian => false,
fedora => true,
ubuntu => false,
@ -164,8 +163,8 @@ class firewall::iptables inherits firewall::common::iptables {
content => template("firewall/iptables.erb"),
}
case $operatingsystem {
centos,fedora: {
case $::operatingsystem {
"centos","redhat","fedora": {
File["/etc/sysconfig/ip6tables"] {
content => template("firewall/ip6tables.erb"),
}

6
git/manifests/init.pp
View file

@ -4,7 +4,7 @@
class git::client {
package { "git":
name => $operatingsystem ? {
name => $::operatingsystem ? {
"ubuntu" => "git-core",
default => "git",
},
@ -79,8 +79,8 @@ class git::daemon inherits git::server {
Package["git-daemon"] ],
}
case $operatingsystem {
"centos","fedora": {
case $::operatingsystem {
"centos","redhat","fedora": {
file { "/var/lib/git":
ensure => link,
force => true,

4
gnu/manifests/init.pp
View file

@ -4,7 +4,7 @@ class gnu::make {
package { "make":
ensure => installed,
name => $operatingsystem ? {
name => $::operatingsystem ? {
"openbsd" => "gmake",
default => "make",
},
@ -19,7 +19,7 @@ class gnu::tar {
package { "tar":
ensure => installed,
name => $operatingsystem ? {
name => $::operatingsystem ? {
"openbsd" => "gtar",
default => "tar",
},

6
google/manifests/init.pp
View file

@ -2,12 +2,12 @@
#
class google::common {
case $operatingsystem {
"centos","fedora": {
case $::operatingsystem {
"centos","redhat","fedora": {
include yum::repo::google
}
default: {
fail("Google products via puppet not supported on ${operatingsystem}")
fail("Google products via puppet not supported on ${::operatingsystem}")
}
}

2
graphviz/manifests/init.pp
View file

@ -13,7 +13,7 @@ class graphviz {
class graphviz::python inherits graphviz {
package { "graphviz-python":
name => $operatingsystem ? {
name => $::operatingsystem ? {
debian => "libgv-python",
ubuntu => "libgv-python",
default => "graphviz-python",

2
ia32libs/manifests/init.pp
View file

@ -3,7 +3,7 @@
class ia32libs {
if $architecture == "x86_64" {
case $operatingsystem {
case $::operatingsystem {
ubuntu: {
package { "ia32-libs":
ensure => installed,

2
igraph/manifests/init.pp
View file

@ -2,7 +2,7 @@
#
class igraph::python {
case $operatingsystem {
case $::operatingsystem {
ubuntu: {
package { "python-igraph":
ensure => installed,

4
inetd/manifests/init.pp
View file

@ -6,7 +6,7 @@
class inetd::server {
case $::operatingsystem {
"centos","fedora","ubuntu","debian": {
"centos","redhat","fedora","ubuntu","debian": {
include inetd::server::xinetd
}
"openbsd": {
@ -77,7 +77,7 @@ define inetd::service($ensure = present) {
include inetd::server
case $::operatingsystem {
"centos","ubuntu","debian": {
"centos","redhat","ubuntu","debian": {
service { $name:
enable => $ensure ? {
present => true,

4
kerberos/manifests/init.pp
View file

@ -19,7 +19,7 @@
class kerberos::client {
case $::operatingsystem {
"centos","fedora": {
"centos","redhat","fedora": {
package { "krb5-workstation":
ensure => installed,
}
@ -71,7 +71,7 @@ class kerberos::auth {
$kdclist = inline_template('<%= kerberos_kdc.join(" ") -%>')
case $::operatingsystem {
"centos","fedora": {
"centos","redhat","fedora": {
package { "pam_krb5":
ensure => installed,
}

40
ldap/manifests/init.pp
View file

@ -18,9 +18,9 @@ class ldap::auth inherits ldap::client {
$ldap_uri = inline_template('<%= ldap_server.join(" ") -%>')
case $operatingsystem {
CentOS: {
case $operatingsystemrelease {
case $::operatingsystem {
"centos","redhat": {
case $::operatingsystemrelease {
/^6/: {
package { "nss-pam-ldapd":
ensure => installed,
@ -220,7 +220,7 @@ class ldap::auth inherits ldap::client {
}
}
default: {
fail("ldap::auth not supported on ${operatingsystem}")
fail("ldap::auth not supported on ${::operatingsystem}")
}
}
@ -239,13 +239,13 @@ class ldap::auth inherits ldap::client {
class ldap::client {
package { "openldap-client":
name => $operatingsystem ? {
name => $::operatingsystem ? {
"debian" => "ldap-utils",
"ubuntu" => "ldap-utils",
"openbsd" => "openldap-client",
default => "openldap-clients",
},
ensure => $operatingsystem ? {
ensure => $::operatingsystem ? {
darwin => absent,
default => installed,
},
@ -254,14 +254,14 @@ class ldap::client {
file { "/etc/openldap/ldap.conf":
ensure => present,
content => template("ldap/ldap.conf.erb"),
path => $operatingsystem ? {
path => $::operatingsystem ? {
"debian" => "/etc/ldap/ldap.conf",
"ubuntu" => "/etc/ldap/ldap.conf",
default => "/etc/openldap/ldap.conf",
},
mode => "0644",
owner => root,
group => $operatingsystem ? {
group => $::operatingsystem ? {
"darwin" => wheel,
"openbsd" => wheel,
default => root,
@ -277,7 +277,7 @@ class ldap::client {
class ldap::client::python {
package { "python-ldap":
name => $operatingsystem ? {
name => $::operatingsystem ? {
openbsd => "py-ldap",
default => "python-ldap",
},
@ -304,7 +304,7 @@ class ldap::client::python {
#
class ldap::client::ruby {
case $operatingsystem {
case $::operatingsystem {
"ubuntu","debian": {
$pkgname = regsubst($rubyversion, '^([0-9]+\.[0-9]+)\..*', 'libldap-ruby\1')
}
@ -349,7 +349,7 @@ class ldap::server {
$ldap_server_cert = "${puppet_ssldir}/certs/${homename}.pem"
}
case $operatingsystem {
case $::operatingsystem {
"debian","ubuntu": {
$user = "openldap"
$group = "openldap"
@ -369,14 +369,14 @@ class ldap::server {
default => "/usr/lib/openldap",
}
}
"centos": {
"centos","redhat": {
$user = "ldap"
$group = "ldap"
$package_name = $operatingsystemrelease ? {
$package_name = $::operatingsystemrelease ? {
/^5/ => [ "openldap-servers", "openldap-servers-overlays" ],
/^6/ => "openldap-servers",
}
$service_name = $operatingsystemrelease ? {
$service_name = $::operatingsystemrelease ? {
/^5/ => "ldap",
/^6/ => "slapd",
}
@ -406,7 +406,7 @@ class ldap::server {
source => $ldap_server_cert,
mode => "0644",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
@ -446,7 +446,7 @@ class ldap::server {
notify => Exec["generate-slapd-database-config"],
}
if $operatingsystem == "CentOS" and $operatinsystemrelease !~ /^5\./ {
if $::operatingsystem in ["CentOS","RedHat"] and $operatinsystemrelease !~ /^5\./ {
file { "/etc/sysconfig/ldap":
ensure => present,
source => "puppet:///modules/ldap/ldap.sysconfig",
@ -460,7 +460,7 @@ class ldap::server {
service { "slapd":
name => $service_name,
start => $operatingsystem ? {
start => $::operatingsystem ? {
"openbsd" => "/usr/local/libexec/slapd -u _openldap -h ldap:///\\ ldaps:///\\ ldapi:///",
default => undef,
},
@ -513,7 +513,7 @@ class ldap::server {
source => "puppet:///modules/custom/empty",
mode => "0644",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
@ -641,7 +641,7 @@ define ldap::server::database($aclsource = "", $master = "", $syncpw = "", $modu
"puppet:///modules/ldap/DB_CONFIG", ],
mode => "0644",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
@ -678,7 +678,7 @@ define ldap::server::schema($idx = 50) {
"puppet:///modules/ldap/${name}.schema", ],
mode => "0644",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},

24
libvirt/manifests/init.pp
View file

@ -13,15 +13,15 @@ class libvirt::client {
require => [ User["qemu"], Group["qemu"], ],
}
case $operatingsystem {
centos,fedora: {
case $::operatingsystem {
"centos","redhat","fedora": {
package { [ "libvirt", "virt-manager", "virt-viewer", ]:
ensure => installed,
require => File["/var/lib/qemu"],
}
}
default: {
fail("Not supported on ${operatingsystem}.")
fail("Not supported on ${::operatingsystem}.")
}
}
@ -62,10 +62,10 @@ class libvirt::kvm inherits libvirt::client {
$libvirt_parallel_shutdown = 0
}
case $operatingsystem {
centos,fedora: {
case $operatingsystemrelease {
/5\..*/: {
case $::operatingsystem {
"centos","redhat": {
case $::operatingsystemrelease {
/^5\./: {
package { ["kvm", "kmod-kvm"]:
ensure => installed,
before => Service["libvirtd"],
@ -92,6 +92,16 @@ class libvirt::kvm inherits libvirt::client {
require => Package["libvirt"],
}
}
"fedora": {
package { "qemu-kvm":
ensure => installed,
before => Service["libvirtd"],
require => [ User["qemu"], Group["qemu"] ],
}
package { "ruby-libvirt":
ensure => installed,
}
}
default: {
fail("Operating system not supported")
}

12
lynx/manifests/init.pp
View file

@ -12,9 +12,9 @@ class lynx {
$www_default_url = "http://www.${domain}"
}
if $operatingsystem != "OpenBSD" {
if $::operatingsystem != "OpenBSD" {
package { "lynx":
name => $operatingsystem ? {
name => $::operatingsystem ? {
"ubuntu" => "lynx-cur",
default => "lynx",
},
@ -22,7 +22,7 @@ class lynx {
}
}
if $operatingsystem == "OpenBSD" {
if $::operatingsystem == "OpenBSD" {
exec { "add-local-lynx-config":
command => "echo 'INCLUDE:/etc/lynx-site.cfg' >> /etc/lynx.cfg",
path => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin",
@ -32,7 +32,7 @@ class lynx {
}
file { "lynx-site.cfg":
name => $operatingsystem ? {
name => $::operatingsystem ? {
"ubuntu" => "/etc/lynx-cur/local.cfg",
default => "/etc/lynx-site.cfg",
},
@ -40,11 +40,11 @@ class lynx {
content => template("lynx/lynx-site.cfg.erb"),
mode => 0644,
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
require => $operatingsystem ? {
require => $::operatingsystem ? {
"openbsd" => undef,
default => Package["lynx"],
},

47
mongrel/manifests/init.pp
View file

@ -1,29 +1,40 @@
# Install Ruby Mongrel packages.
#
class mongrel {
require ruby::rubygems
case $::operatingsystem {
"centos","redhat": {
case $::operatingsystemrelease {
/^[1-5]/: {
$mongrel_package = "rubygem-mongrel"
$mongrel_provider = undef
}
default: {
$mongrel_package = "mongrel"
$mongrel_provider = "gem"
}
}
}
"debian","ubuntu": {
$mongrel_package = "mongrel"
$mongrel_provider = undef
}
"openbsd": {
$mongrel_package = "ruby-mongrel"
$mongrel_provider = undef
}
default: {
$mongrel_package = "rubygem-mongrel"
$mongrel_provider = undef
}
}
package { "mongrel":
ensure => installed,
name => $::operatingsystem ? {
openbsd => "ruby-mongrel",
debian => "mongrel",
ubuntu => "mongrel",
centos => $::operatingsystemrelease ? {
/^[1-5]/ => "rubygem-mongrel",
default => "mongrel",
},
default => "rubygem-mongrel",
},
provider => $::operatingsystem ? {
centos => $::operatingsystemrelease ? {
/^[1-5]/ => undef,
default => "gem",
},
default => undef,
},
name => $mongrel_package,
provider => $mongrel_provider,
}
}

22
munin/manifests/init.pp
View file

@ -8,8 +8,8 @@ class munin::node {
}
service { "munin-node":
name => $operatingsystem ? {
OpenBSD => $operatingsystemrelease ? {
name => $::operatingsystem ? {
OpenBSD => $::operatingsystemrelease ? {
/4\.[1-8]/ => "munin-node",
default => "munin_node",
},
@ -18,14 +18,14 @@ class munin::node {
ensure => running,
enable => true,
require => Package["munin-node"],
start => $operatingsystem ? {
OpenBSD => $operatingsystemrelease ? {
start => $::operatingsystem ? {
OpenBSD => $::operatingsystemrelease ? {
/4\.[1-8]/ => "/usr/bin/install -d -o _munin /var/run/munin; /usr/local/sbin/munin-node",
default => undef,
},
default => undef,
},
stop => $operatingsystem ? {
stop => $::operatingsystem ? {
OpenBSD => "/usr/bin/pkill -f /usr/local/sbin/munin-node",
default => undef,
},
@ -35,7 +35,7 @@ class munin::node {
ensure => present,
content => template("munin/munin-node.conf.erb"),
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
OpenBSD => "wheel",
default => "root",
},
@ -95,7 +95,7 @@ define munin::snmpnode($snmp_community="public", $snmp_version="2") {
ensure => present,
content => "[snmp_${name}_*]\nenv.community ${snmp_community}\nenv.version ${snmp_version}\n",
owner => root,
group => $operatingsystem ? {
group => $::operatingsystem ? {
OpenBSD => wheel,
default => root,
},
@ -129,7 +129,7 @@ define munin::snmpnode($snmp_community="public", $snmp_version="2") {
#
define munin::plugin($config = "") {
case $operatingsystem {
case $::operatingsystem {
OpenBSD: {
file { "/usr/local/libexec/munin/plugins/${name}":
ensure => present,
@ -159,20 +159,20 @@ define munin::plugin($config = "") {
"puppet:///files/munin/plugin-conf/${config}",
"puppet:///modules/munin/plugin-conf/${config}", ],
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
OpenBSD => wheel,
default => root,
},
mode => "0644",
notify => Service["munin-node"],
require => $operatingsystem ? {
require => $::operatingsystem ? {
OpenBSD => File["/usr/local/libexec/munin/plugins/${name}"],
default => File["/usr/share/munin/plugins/${name}"],
},
}
}
case $operatingsystem {
case $::operatingsystem {
OpenBSD: {
exec { "munin-enable-${name}":
command => "ln -s /usr/local/libexec/munin/plugins/${name} /etc/munin/plugins/${name}",

4
mutt/manifests/init.pp
View file

@ -12,7 +12,7 @@ class mutt {
$mail_domain = $domain
}
case $operatingsystem {
case $::operatingsystem {
openbsd: { $muttconfdir = "/etc/mutt/Muttrc" }
default: { $muttconfdir = "/etc" }
}
@ -31,7 +31,7 @@ class mutt {
content => template("mutt/Muttrc.local.erb"),
mode => "0644",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
openbsd => "wheel",
default => "root",
},

2
mutt/templates/Muttrc.local.erb
View file

@ -4,7 +4,7 @@ set use_8bitmime
set hostname=<%= mail_domain %>
set imap_authenticators="gssapi:plain"
<% if operatingsystem = "CentOS" and operatingsystemrelease =~ /^6\./-%>
<% if ['CentOS','RedHat'].index(operatingsystem) and operatingsystemrelease =~ /^6\./-%>
set ssl_ca_certificates_file="/etc/pki/tls/certs/ca-bundle.crt"
<% end -%>

4
mysql/manifests/init.pp
View file

@ -66,7 +66,7 @@ class mysql::server {
}
service { "mysqld":
name => $operatingsystem ? {
name => $::operatingsystem ? {
"ubuntu" => "mysql",
"debian" => "mysql",
default => "mysqld",
@ -113,7 +113,7 @@ class mysql::server {
content => "[client]\nuser=\"root\"\npassword=\"${mysql_root_password}\"\n",
mode => "0600",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},

6
nagios/files/commands.cfg
View file

@ -247,10 +247,10 @@ define command{
define command{
command_name notify-host-by-prowl
command_line /usr/bin/curl -s -o /dev/null -F apikey="$CONTACTADDRESS1$" -F application="Nagios" -F event="Host Alert" -F description="$HOSTNAME$ $HOSTDESC$ '$HOSTOUTPUT$'" "https://prowl.weks.net/publicapi/add"
command_line /usr/bin/curl -s -o /dev/null -F apikey="$CONTACTADDRESS1$" -F application="Nagios" -F event="$NOTIFICATIONTYPE$ Host Alert" -F description="$HOSTNAME$ is $HOSTSTATE$ '$HOSTOUTPUT$'" "https://prowl.weks.net/publicapi/add"
}
define command{
command_name notify-service-by-prowl
command_line /usr/bin/curl -s -o /dev/null -F apikey="$CONTACTADDRESS1$" -F application="Nagios" -F event="Service Alert" -F description="$HOSTNAME$ $SERVICEDESC$ '$SERVICEOUTPUT$'" "https://prowl.weks.net/publicapi/add"
command_line /usr/bin/curl -s -o /dev/null -F apikey="$CONTACTADDRESS1$" -F application="Nagios" -F event="$NOTIFICATIONTYPE$ Service Alert" -F description="$HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ '$SERVICEOUTPUT$'" "https://prowl.weks.net/publicapi/add"
}

119
nagios/manifests/init.pp
View file

@ -103,23 +103,23 @@ class nagios::server {
file { "/etc/nagios/conf.d":
name => $confdir,
ensure => directory,
mode => "0640",
owner => "root",
group => "nagios",
purge => true,
force => true,
recurse => true,
owner => "root",
group => "root",
mode => "0644",
source => "puppet:///modules/custom/empty",
require => Package["nagios"],
notify => Service["nagios"],
}
file { "${confdir}/contactgroup_all.cfg":
ensure => present,
mode => "0644",
owner => "root",
group => "root",
before => Nagios_Contactgroup["all"],
ensure => present,
mode => "0640",
owner => "root",
group => "nagios",
before => Nagios_Contactgroup["all"],
require => File["/etc/nagios/conf.d"],
}
nagios_contactgroup { "all":
target => "${confdir}/contactgroup_all.cfg",
@ -128,11 +128,12 @@ class nagios::server {
}
file { "${confdir}/host_default.cfg":
ensure => present,
mode => "0644",
owner => "root",
group => "root",
before => Nagios_Host["default"],
ensure => present,
mode => "0640",
owner => "root",
group => "nagios",
before => Nagios_Host["default"],
require => File["/etc/nagios/conf.d"],
}
nagios_host { "default":
target => "${confdir}/host_default.cfg",
@ -154,11 +155,12 @@ class nagios::server {
}
file { "${confdir}/service_default.cfg":
ensure => present,
mode => "0644",
owner => "root",
group => "root",
before => Nagios_Service["default"],
ensure => present,
mode => "0640",
owner => "root",
group => "nagios",
before => Nagios_Service["default"],
require => File["/etc/nagios/conf.d"],
}
nagios_service { "default":
target => "${confdir}/service_default.cfg",
@ -188,11 +190,12 @@ class nagios::server {
}
file { "${confdir}/timeperiod_24x7.cfg":
ensure => present,
mode => "0644",
owner => "root",
group => "root",
before => Nagios_Timeperiod["24x7"],
ensure => present,
mode => "0640",
owner => "root",
group => "nagios",
before => Nagios_Timeperiod["24x7"],
require => File["/etc/nagios/conf.d"],
}
nagios_timeperiod { "24x7":
target => "${confdir}/timeperiod_24x7.cfg",
@ -222,11 +225,12 @@ class nagios::server {
define nagios::contact::email($confdir=$nagios::server::confdir) {
file { "${confdir}/contact_${name}.cfg":
ensure => present,
mode => "0644",
owner => "root",
group => "root",
before => Nagios_Contact[$name],
ensure => present,
mode => "0640",
owner => "root",
group => "nagios",
before => Nagios_Contact[$name],
require => File["/etc/nagios/conf.d"],
}
nagios_contact { $name:
target => "${confdir}/contact_${name}.cfg",
@ -246,11 +250,12 @@ define nagios::contact::email($confdir=$nagios::server::confdir) {
define nagios::contact::prowl($confdir=$nagios::server::confdir) {
file { "${confdir}/contact_${name}.cfg":
ensure => present,
mode => "0644",
owner => "root",
group => "root",
before => Nagios_Contact[$name],
ensure => present,
mode => "0640",
owner => "root",
group => "nagios",
before => Nagios_Contact[$name],
require => File["/etc/nagios/conf.d"],
}
nagios_contact { $name:
target => "${confdir}/contact_${name}.cfg",
@ -270,11 +275,12 @@ define nagios::contact::prowl($confdir=$nagios::server::confdir) {
define nagios::host($confdir, $operatingsystem) {
file { "${confdir}/host_${name}.cfg":
ensure => present,
mode => "0644",
owner => "root",
group => "root",
before => Nagios_Host[$name],
ensure => present,
mode => "0640",
owner => "root",
group => "nagios",
before => Nagios_Host[$name],
require => File["/etc/nagios/conf.d"],
}
nagios_host { $name:
ensure => present,
@ -283,11 +289,12 @@ define nagios::host($confdir, $operatingsystem) {
}
# file { "${confdir}/hostextinfo_${name}.cfg":
# ensure => present,
# mode => "0644",
# owner => "root",
# group => "root",
# before => Nagios_Hostextinfo[$name],
# ensure => present,
# mode => "0640",
# owner => "root",
# group => "nagios",
# before => Nagios_Hostextinfo[$name],
# require => File["/etc/nagios/conf.d"],
# }
# nagios_hostextinfo { $name:
# ensure => present,
@ -303,11 +310,12 @@ define nagios::host($confdir, $operatingsystem) {
define nagios::service($confdir, $host, $command, $description) {
file { "${confdir}/service_${name}.cfg":
ensure => present,
mode => "0644",
owner => "root",
group => "root",
before => Nagios_Service[$name],
ensure => present,
mode => "0640",
owner => "root",
group => "nagios",
before => Nagios_Service[$name],
require => File["/etc/nagios/conf.d"],
}
nagios_service { $name:
host_name => $host,
@ -417,3 +425,16 @@ class nagios::target::https {
}
}
class nagios::target::smtp {
include nagios::target
@@nagios::service { "${fqdn}_smtp":
host => $fqdn,
command => "check_smtp",
description => "SMTP",
}
}

70
network/manifests/init.pp
View file

@ -4,22 +4,22 @@
# This class is automatically included when needed.
#
class network::helper::restart {
case $operatingsystem {
centos,fedora: {
case $::operatingsystem {
"centos","redhat","fedora": {
exec { "restart-network":
command => "/sbin/service network restart",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
refreshonly => true,
}
}
openbsd: {
"openbsd": {
exec { "restart-network":
command => "/sbin/route delete default ; /bin/sh /etc/netstart",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
refreshonly => true,
}
}
debian,ubuntu: {
"debian","ubuntu": {
exec { "restart-network":
cwd => "/etc/network",
command => "cat interfaces.in interfaces.d/*.conf > interfaces && /etc/init.d/networking restart",
@ -63,7 +63,7 @@ class network::hostname {
tag("bootstrap")
case $operatingsystem {
case $::operatingsystem {
"debian","ubuntu": {
file { "/etc/hostname":
ensure => present,
@ -73,7 +73,7 @@ class network::hostname {
group => "root",
}
}
"centos","fedora": {
"centos","redhat","fedora": {
augeas { "set-hostname":
context => "/files/etc/sysconfig/network",
changes => "set HOSTNAME ${homename}",
@ -89,7 +89,7 @@ class network::hostname {
}
}
default: {
fail("network::hostname not supported on ${operatingsystem}")
fail("network::hostname not supported on ${::operatingsystem}")
}
}
@ -156,8 +156,8 @@ define network::interface($ipaddr = "none", $eaddr = "none", $netmask = "none",
}
}
case $operatingsystem {
openbsd: {
case $::operatingsystem {
"openbsd": {
file { "/etc/hostname.${name}":
ensure => present,
content => template("network/hostname.if.erb"),
@ -167,7 +167,7 @@ define network::interface($ipaddr = "none", $eaddr = "none", $netmask = "none",
notify => Exec["restart-network"],
}
}
centos,fedora: {
"centos","redhat","fedora": {
if $bridge {
network::interface { $bridge:
options => [ "BRIDGE=${name}", "LINKDELAY=10" ],
@ -190,7 +190,7 @@ define network::interface($ipaddr = "none", $eaddr = "none", $netmask = "none",
require => File["/etc/sysconfig/network-scripts/ifcfg-${name}"],
}
}
debian,ubuntu: {
"debian","ubuntu": {
include network::helper::debian
file { "/etc/network/interfaces.d/${name}-addr.conf":
ensure => present,
@ -212,7 +212,7 @@ define network::interface($ipaddr = "none", $eaddr = "none", $netmask = "none",
}
}
default: {
fail("Network module not supported in ${operatingsystem}")
fail("Network module not supported in ${::operatingsystem}")
}
}
@ -236,8 +236,8 @@ define network::route($gateway = "", $device, $ipv6gateway = "") {
case $name {
"default": {
case $operatingsystem {
centos,fedora: {
case $::operatingsystem {
"centos","redhat","fedora": {
include network::helper::restart
if "${gateway}" != "" {
augeas { "set-default-route":
@ -284,7 +284,7 @@ define network::route($gateway = "", $device, $ipv6gateway = "") {
}
}
default: {
fail("Network module not supported in ${operatingsystem}")
fail("Network module not supported in ${::operatingsystem}")
}
}
}
@ -292,8 +292,8 @@ define network::route($gateway = "", $device, $ipv6gateway = "") {
if $ipv6gateway != "" {
fail("Custom IPv6 routes not supported yet.")
}
case $operatingsystem {
"fedora","centos": {
case $::operatingsystem {
"fedora","centos","redhat": {
include network::helper::restart
file { "/etc/sysconfig/network-scripts/route-${device}":
ensure => present,
@ -305,7 +305,7 @@ define network::route($gateway = "", $device, $ipv6gateway = "") {
}
}
default: {
fail("Custom routes not supported in ${operatingsystem}")
fail("Custom routes not supported in ${::operatingsystem}")
}
}
}
@ -338,8 +338,8 @@ define network::route($gateway = "", $device, $ipv6gateway = "") {
# }
#
define network::carp($password, $ipaddr, $netmask, $options = []) {
case $operatingsystem {
openbsd: {
case $::operatingsystem {
"openbsd": {
network::interface { "carp${name}":
ipaddr => $ipaddr,
netmask => $netmask,
@ -347,7 +347,7 @@ define network::carp($password, $ipaddr, $netmask, $options = []) {
postcmd => [ "/usr/sbin/ndp -i carp${name} -- -accept_rtadv" ],
}
}
centos,fedora: {
"centos","redhat","fedora": {
include network::ucarp
file { "/etc/ucarp/vip-${name}.conf":
ensure => present,
@ -360,7 +360,7 @@ define network::carp($password, $ipaddr, $netmask, $options = []) {
}
}
default: {
fail("Network module not supported in ${operatingsystem}")
fail("Network module not supported in ${::operatingsystem}")
}
}
}
@ -402,7 +402,7 @@ define network::pppoe($username, $password, $device, $authtype = "pap") {
include network::helper::restart
case $operatingsystem {
case $::operatingsystem {
openbsd: {
file { "/etc/hostname.${name}":
ensure => present,
@ -414,7 +414,7 @@ define network::pppoe($username, $password, $device, $authtype = "pap") {
}
}
default: {
fail("Network module not supported in ${operatingsystem}")
fail("Network module not supported in ${::operatingsystem}")
}
}
@ -445,8 +445,8 @@ define network::pppoe($username, $password, $device, $authtype = "pap") {
# }
#
define network::trunk($devices, $mode = 0, $ipaddr = "none", $netmask = "none", $options = []) {
case $operatingsystem {
centos,fedora: {
case $::operatingsystem {
"centos","redhat","fedora": {
file { "/etc/modprobe.d/${name}.conf":
ensure => present,
content => "alias ${name} bonding\noptions ${name} miimon=100 mode=${mode}\n",
@ -466,7 +466,7 @@ define network::trunk($devices, $mode = 0, $ipaddr = "none", $netmask = "none",
}
}
default: {
fail("Network module not supported in ${operatingsystem}")
fail("Network module not supported in ${::operatingsystem}")
}
}
}
@ -477,8 +477,8 @@ define network::trunk($devices, $mode = 0, $ipaddr = "none", $netmask = "none",
# This class is automatically included when needed.
#
class network::helper::vlan {
case $operatingsystem {
centos,fedora: {
case $::operatingsystem {
"centos","redhat","fedora": {
augeas { "enable-vlan-support":
context => "/files/etc/sysconfig/network",
changes => "set VLAN yes",
@ -513,15 +513,15 @@ class network::helper::vlan {
#
define network::vlan($device, $ipaddr = "none", $netmask = "none",
$options = []) {
case $operatingsystem {
openbsd: {
case $::operatingsystem {
"openbsd": {
network::interface { "vlan${name}":
options => [ "vlandev ${device}" ],
ipaddr => $ipaddr,
netmask => $netmask,
}
}
centos,fedora: {
"centos","redhat","fedora": {
include network::helper::vlan
network::interface { "${device}.${name}":
ipaddr => $ipaddr,
@ -531,7 +531,7 @@ define network::vlan($device, $ipaddr = "none", $netmask = "none",
}
}
default: {
fail("Network module not supported in ${operatingsystem}")
fail("Network module not supported in ${::operatingsystem}")
}
}
}
@ -541,7 +541,7 @@ define network::vlan($device, $ipaddr = "none", $netmask = "none",
#
class network::manager::disable {
case $operatingsystem {
case $::operatingsystem {
ubuntu: {
file { "/etc/init/network-manager.conf":
ensure => present,
@ -557,7 +557,7 @@ class network::manager::disable {
}
service { "network-manager":
name => $operatingsystem ? {
name => $::operatingsystem ? {
ubuntu => "network-manager",
default => "NetworkManager",
},

12
nginx/manifests/init.pp
View file

@ -2,7 +2,7 @@
#
class nginx {
case $operatingsystem {
case $::operatingsystem {
"openbsd": {
$user = "_nginx"
$group = "_nginx"
@ -27,7 +27,7 @@ class nginx {
ensure => present,
mode => "0644",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
@ -40,7 +40,7 @@ class nginx {
ensure => directory,
mode => "0644",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
@ -58,7 +58,7 @@ class nginx {
#
class nginx::passenger inherits nginx {
case $operatingsystem {
case $::operatingsystem {
"openbsd": {
Package["nginx"] {
flavor => "passenger",
@ -68,7 +68,7 @@ class nginx::passenger inherits nginx {
}
}
default: {
fail("Not supported on ${operatingsystem}")
fail("Not supported on ${::operatingsystem}")
}
}
@ -83,7 +83,7 @@ define nginx::configfile($source="", $content="") {
ensure => present,
mode => "0644",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},

2
nodejs/manifests/init.pp
View file

@ -3,7 +3,7 @@
class nodejs {
case $::operatingsystem {
"centos": {
"centos","redhat": {
yum::repo { "nodejs":
mirrorlist => "http://nodejs.tchol.org/mirrors/nodejs-stable-el\$releasever",
gpgkey => "http://nodejs.tchol.org/stable/RPM-GPG-KEY-tchol",

10
ntpd/manifests/init.pp
View file

@ -15,9 +15,9 @@ class ntpd {
$ntp_server = ["pool.ntp.org"]
}
case $operatingsystem {
case $::operatingsystem {
"fedora": {
case $operatingsystemrelease {
case $::operatingsystemrelease {
/^1[0-5]/: {
include ntpd::isc-ntpd
}
@ -34,8 +34,8 @@ class ntpd {
}
}
case $operatingsystem {
"centos","fedora": {
case $::operatingsystem {
"centos","redhat","fedora": {
augeas { "disable-peerntp":
context => "/files/etc/sysconfig/network",
changes => "set PEERNTP no",
@ -93,7 +93,7 @@ class ntpd::isc-ntpd {
service { "ntpd":
ensure => running,
enable => true,
name => $operatingsystem ? {
name => $::operatingsystem ? {
ubuntu => "ntp",
debian => "ntp",
default => "ntpd",

6
pam/manifests/init.pp
View file

@ -3,7 +3,7 @@
#
class pam::common {
case $operatingsystem {
case $::operatingsystem {
"ubuntu": {
package { "libpam-runtime":
ensure => installed,
@ -25,8 +25,8 @@ class pam::mkhomedir {
include pam::common
case $operatingsystem {
"centos","fedora": {
case $::operatingsystem {
"centos","redhat","fedora": {
exec { "authconfig --enablemkhomedir --update":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
unless => "egrep '^USEMKHOMEDIR=yes\$' /etc/sysconfig/authconfig",

2
portmap/manifests/init.pp
View file

@ -7,7 +7,7 @@ class portmap::server {
$package = ""
$service = "portmap"
}
"centos": {
"centos","redhat": {
case $::operatingsystemrelease {
/^[1-5]\./: {
$package = "portmap"

19
postfix/files/aliases Normal file
View file

@ -0,0 +1,19 @@
#
# Aliases in this file will NOT be expanded in the header from
# Mail, but WILL be visible over networks or from /bin/mail.
#
# >>>>>>>>>> The program "newaliases" must be run after
# >> NOTE >> this file is updated for any changes to
# >>>>>>>>>> show through to sendmail.
#
# Basic system aliases -- these MUST be present.
mailer-daemon: postmaster
postmaster: root
# General redirections for important pseudo accounts
daemon: root
# RFC 2142: NETWORK OPERATIONS MAILBOX NAMES
abuse: root
security: root

0
postfix/files/empty Normal file
View file

105
postfix/manifests/init.pp Normal file
View file

@ -0,0 +1,105 @@
# Install Postfix packages.
#
class postfix {
include ssl
if !$postfix_key {
$postfix_key = "${puppet_ssldir}/private_keys/${homename}.pem"
}
if !$postfix_cert {
$postfix_cert = "${puppet_ssldir}/certs/${homename}.pem"
}
if !$mail_domain {
if $domain {
$mail_domain = $domain
} else {
fail("Failed to set \$mail_domain, missing \$domain")
}
}
if !$postfix_hostname {
if $fqdn {
$postfix_hostname = $fqdn
} else {
fail("Failed to set \$postfix_hostname, missing \$fqdn")
}
}
if !$postfix_interfaces {
$postfix_interfaces = "localhost"
}
package { "postfix":
ensure => installed,
}
service { "postfix":
ensure => running,
enable => true,
require => Package["postfix"],
}
file { "${ssl::certs}/postfix.crt":
ensure => present,
source => $postfix_cert,
mode => "0644",
owner => "root",
group => "root",
notify => Service["postfix"],
}
file { "${ssl::private}/postfix.key":
ensure => present,
source => $postfix_key,
mode => "0600",
owner => "root",
group => "root",
notify => Service["postfix"],
}
file { "/etc/postfix/main.cf":
ensure => present,
mode => "0644",
owner => "root",
group => "root",
content => template("postfix/main.cf.erb"),
notify => Service["postfix"],
require => Package["postfix"],
}
file { "/etc/aliases":
ensure => present,
source => [
"puppet:///files/mail/aliases.${homename}",
"puppet:///files/mail/aliases",
"puppet:///modules/postfix/aliases",
],
mode => "0644",
owner => "root",
group => "root",
notify => Exec["newaliases"],
}
exec { "newaliases":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
refreshonly => true,
}
file { "/etc/postfix/virtual":
ensure => present,
source => [
"puppet:///files/mail/virtual.${homename}",
"puppet:///files/mail/virtual",
"puppet:///modules/postfix/empty",
],
mode => "0644",
owner => "root",
group => "root",
notify => Exec["postmap /etc/postfix/virtual"],
}
exec { "postmap /etc/postfix/virtual":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
refreshonly => true,
}
}

727
postfix/templates/main.cf.erb Normal file
View file

@ -0,0 +1,727 @@
# Global Postfix configuration file. This file lists only a subset
# of all parameters. For the syntax, and for a complete parameter
# list, see the postconf(5) manual page (command: "man 5 postconf").
#
# For common configuration examples, see BASIC_CONFIGURATION_README
# and STANDARD_CONFIGURATION_README. To find these documents, use
# the command "postconf html_directory readme_directory", or go to
# http://www.postfix.org/.
#
# For best results, change no more than 2-3 parameters at a time,
# and test if Postfix still works after every change.
# SOFT BOUNCE
#
# The soft_bounce parameter provides a limited safety net for
# testing. When soft_bounce is enabled, mail will remain queued that
# would otherwise bounce. This parameter disables locally-generated
# bounces, and prevents the SMTP server from rejecting mail permanently
# (by changing 5xx replies into 4xx replies). However, soft_bounce
# is no cure for address rewriting mistakes or mail routing mistakes.
#
#soft_bounce = no
# LOCAL PATHNAME INFORMATION
#
# The queue_directory specifies the location of the Postfix queue.
# This is also the root directory of Postfix daemons that run chrooted.
# See the files in examples/chroot-setup for setting up Postfix chroot
# environments on different UNIX systems.
#
queue_directory = /var/spool/postfix
# The command_directory parameter specifies the location of all
# postXXX commands.
#
command_directory = /usr/sbin
# The daemon_directory parameter specifies the location of all Postfix
# daemon programs (i.e. programs listed in the master.cf file). This
# directory must be owned by root.
#
<% if ['Debian','Ubuntu'].index(operatingsystem) -%>
daemon_directory = /usr/lib/postfix
<% else -%>
daemon_directory = /usr/libexec/postfix
<% end -%>
# The data_directory parameter specifies the location of Postfix-writable
# data files (caches, random numbers). This directory must be owned
# by the mail_owner account (see below).
#
data_directory = /var/lib/postfix
# QUEUE AND PROCESS OWNERSHIP
#
# The mail_owner parameter specifies the owner of the Postfix queue
# and of most Postfix daemon processes. Specify the name of a user
# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In
# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
# USER.
#
mail_owner = postfix
# The default_privs parameter specifies the default rights used by
# the local delivery agent for delivery to external file or command.
# These rights are used in the absence of a recipient user context.
# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
#
#default_privs = nobody
# INTERNET HOST AND DOMAIN NAMES
#
# The myhostname parameter specifies the internet hostname of this
# mail system. The default is to use the fully-qualified domain name
# from gethostname(). $myhostname is used as a default value for many
# other configuration parameters.
#
#myhostname = host.domain.tld
#myhostname = virtual.domain.tld
myhostname = <%= postfix_hostname %>
# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
#
#mydomain = domain.tld
mydomain = <%= mail_domain %>
# SENDING MAIL
#
# The myorigin parameter specifies the domain that locally-posted
# mail appears to come from. The default is to append $myhostname,
# which is fine for small sites. If you run a domain with multiple
# machines, you should (1) change this to $mydomain and (2) set up
# a domain-wide alias database that aliases each user to
# user@that.users.mailhost.
#
# For the sake of consistency between sender and recipient addresses,
# myorigin also specifies the default domain name that is appended
# to recipient addresses that have no @domain part.
#
#myorigin = $myhostname
myorigin = $mydomain
# RECEIVING MAIL
# The inet_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on. By default,
# the software claims all active interfaces on the machine. The
# parameter also controls delivery of mail to user@[ip.address].
#
# See also the proxy_interfaces parameter, for network addresses that
# are forwarded to us via a proxy or network address translator.
#
# Note: you need to stop/start Postfix when this parameter changes.
#
#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
inet_interfaces = <%= postfix_interfaces %>
# Enable IPv4, and IPv6 if supported
inet_protocols = all
# The proxy_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on by way of a
# proxy or network address translation unit. This setting extends
# the address list specified with the inet_interfaces parameter.
#
# You must specify your proxy/NAT addresses when your system is a
# backup MX host for other domains, otherwise mail delivery loops
# will happen when the primary MX host is down.
#
#proxy_interfaces =
#proxy_interfaces = 1.2.3.4
# The mydestination parameter specifies the list of domains that this
# machine considers itself the final destination for.
#
# These domains are routed to the delivery agent specified with the
# local_transport parameter setting. By default, that is the UNIX
# compatible delivery agent that lookups all recipients in /etc/passwd
# and /etc/aliases or their equivalent.
#
# The default is $myhostname + localhost.$mydomain. On a mail domain
# gateway, you should also include $mydomain.
#
# Do not specify the names of virtual domains - those domains are
# specified elsewhere (see VIRTUAL_README).
#
# Do not specify the names of domains that this machine is backup MX
# host for. Specify those names via the relay_domains settings for
# the SMTP server, or use permit_mx_backup if you are lazy (see
# STANDARD_CONFIGURATION_README).
#
# The local machine is always the final destination for mail addressed
# to user@[the.net.work.address] of an interface that the mail system
# receives mail on (see the inet_interfaces parameter).
#
# Specify a list of host or domain names, /file/name or type:table
# patterns, separated by commas and/or whitespace. A /file/name
# pattern is replaced by its contents; a type:table is matched when
# a name matches a lookup key (the right-hand side is ignored).
# Continue long lines by starting the next line with whitespace.
#
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
#
mydestination = $myhostname, localhost.$mydomain, localhost
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
# mail.$mydomain, www.$mydomain, ftp.$mydomain
# REJECTING MAIL FOR UNKNOWN LOCAL USERS
#
# The local_recipient_maps parameter specifies optional lookup tables
# with all names or addresses of users that are local with respect
# to $mydestination, $inet_interfaces or $proxy_interfaces.
#
# If this parameter is defined, then the SMTP server will reject
# mail for unknown local users. This parameter is defined by default.
#
# To turn off local recipient checking in the SMTP server, specify
# local_recipient_maps = (i.e. empty).
#
# The default setting assumes that you use the default Postfix local
# delivery agent for local delivery. You need to update the
# local_recipient_maps setting if:
#
# - You define $mydestination domain recipients in files other than
# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
# For example, you define $mydestination domain recipients in
# the $virtual_mailbox_maps files.
#
# - You redefine the local delivery agent in master.cf.
#
# - You redefine the "local_transport" setting in main.cf.
#
# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
# feature of the Postfix local delivery agent (see local(8)).
#
# Details are described in the LOCAL_RECIPIENT_README file.
#
# Beware: if the Postfix SMTP server runs chrooted, you probably have
# to access the passwd file via the proxymap service, in order to
# overcome chroot restrictions. The alternative, having a copy of
# the system passwd file in the chroot jail is just not practical.
#
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify a bare username, an @domain.tld
# wild-card, or specify a user@domain.tld address.
#
#local_recipient_maps = unix:passwd.byname $alias_maps
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
#local_recipient_maps =
# The unknown_local_recipient_reject_code specifies the SMTP server
# response code when a recipient domain matches $mydestination or
# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
# and the recipient address or address local-part is not found.
#
# The default setting is 550 (reject mail) but it is safer to start
# with 450 (try again later) until you are certain that your
# local_recipient_maps settings are OK.
#
unknown_local_recipient_reject_code = 550
# TRUST AND RELAY CONTROL
# The mynetworks parameter specifies the list of "trusted" SMTP
# clients that have more privileges than "strangers".
#
# In particular, "trusted" SMTP clients are allowed to relay mail
# through Postfix. See the smtpd_recipient_restrictions parameter
# in postconf(5).
#
# You can specify the list of "trusted" network addresses by hand
# or you can let Postfix do it for you (which is the default).
#
# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
# clients in the same IP subnetworks as the local machine.
# On Linux, this does works correctly only with interfaces specified
# with the "ifconfig" command.
#
# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
# clients in the same IP class A/B/C networks as the local machine.
# Don't do this with a dialup site - it would cause Postfix to "trust"
# your entire provider's network. Instead, specify an explicit
# mynetworks list by hand, as described below.
#
# Specify "mynetworks_style = host" when Postfix should "trust"
# only the local machine.
#
#mynetworks_style = class
mynetworks_style = subnet
#mynetworks_style = host
# Alternatively, you can specify the mynetworks list by hand, in
# which case Postfix ignores the mynetworks_style setting.
#
# Specify an explicit list of network/netmask patterns, where the
# mask specifies the number of bits in the network part of a host
# address.
#
# You can also specify the absolute pathname of a pattern file instead
# of listing the patterns here. Specify type:table for table-based lookups
# (the value on the table right-hand side is not used).
#
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
# The relay_domains parameter restricts what destinations this system will
# relay mail to. See the smtpd_recipient_restrictions description in
# postconf(5) for detailed information.
#
# By default, Postfix relays mail
# - from "trusted" clients (IP address matches $mynetworks) to any destination,
# - from "untrusted" clients to destinations that match $relay_domains or
# subdomains thereof, except addresses with sender-specified routing.
# The default relay_domains value is $mydestination.
#
# In addition to the above, the Postfix SMTP server by default accepts mail
# that Postfix is final destination for:
# - destinations that match $inet_interfaces or $proxy_interfaces,
# - destinations that match $mydestination
# - destinations that match $virtual_alias_domains,
# - destinations that match $virtual_mailbox_domains.
# These destinations do not need to be listed in $relay_domains.
#
# Specify a list of hosts or domains, /file/name patterns or type:name
# lookup tables, separated by commas and/or whitespace. Continue
# long lines by starting the next line with whitespace. A file name
# is replaced by its contents; a type:name table is matched when a
# (parent) domain appears as lookup key.
#
# NOTE: Postfix will not automatically forward mail for domains that
# list this system as their primary or backup MX host. See the
# permit_mx_backup restriction description in postconf(5).
#
relay_domains = $mydestination
# INTERNET OR INTRANET
# The relayhost parameter specifies the default host to send mail to
# when no entry is matched in the optional transport(5) table. When
# no relayhost is given, mail is routed directly to the destination.
#
# On an intranet, specify the organizational domain name. If your
# internal DNS uses no MX records, specify the name of the intranet
# gateway host instead.
#
# In the case of SMTP, specify a domain, host, host:port, [host]:port,
# [address] or [address]:port; the form [host] turns off MX lookups.
#
# If you're connected via UUCP, see also the default_transport parameter.
#
#relayhost = $mydomain
#relayhost = [gateway.my.domain]
#relayhost = [mailserver.isp.tld]
#relayhost = uucphost
#relayhost = [an.ip.add.ress]
<% if postfix_interfaces == "localhost" and has_variable?("mail_server") -%>
relayhost = [<%= mail_server %>]
<% end -%>
# REJECTING UNKNOWN RELAY USERS
#
# The relay_recipient_maps parameter specifies optional lookup tables
# with all addresses in the domains that match $relay_domains.
#
# If this parameter is defined, then the SMTP server will reject
# mail for unknown relay users. This feature is off by default.
#
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify an @domain.tld wild-card, or specify
# a user@domain.tld address.
#
#relay_recipient_maps = hash:/etc/postfix/relay_recipients
# INPUT RATE CONTROL
#
# The in_flow_delay configuration parameter implements mail input
# flow control. This feature is turned on by default, although it
# still needs further development (it's disabled on SCO UNIX due
# to an SCO bug).
#
# A Postfix process will pause for $in_flow_delay seconds before
# accepting a new message, when the message arrival rate exceeds the
# message delivery rate. With the default 100 SMTP server process
# limit, this limits the mail inflow to 100 messages a second more
# than the number of messages delivered per second.
#
# Specify 0 to disable the feature. Valid delays are 0..10.
#
in_flow_delay = 1s
# ADDRESS REWRITING
#
# The ADDRESS_REWRITING_README document gives information about
# address masquerading or other forms of address rewriting including
# username->Firstname.Lastname mapping.
# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
#
# The VIRTUAL_README document gives information about the many forms
# of domain hosting that Postfix supports.
#
virtual_alias_maps = hash:/etc/postfix/virtual
# "USER HAS MOVED" BOUNCE MESSAGES
#
# See the discussion in the ADDRESS_REWRITING_README document.
# TRANSPORT MAP
#
# See the discussion in the ADDRESS_REWRITING_README document.
# ALIAS DATABASE
#
# The alias_maps parameter specifies the list of alias databases used
# by the local delivery agent. The default list is system dependent.
#
# On systems with NIS, the default is to search the local alias
# database, then the NIS alias database. See aliases(5) for syntax
# details.
#
# If you change the alias database, run "postalias /etc/aliases" (or
# wherever your system stores the mail alias file), or simply run
# "newaliases" to build the necessary DBM or DB file.
#
# It will take a minute or so before changes become visible. Use
# "postfix reload" to eliminate the delay.
#
#alias_maps = dbm:/etc/aliases
alias_maps = hash:/etc/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases
# The alias_database parameter specifies the alias database(s) that
# are built with "newaliases" or "sendmail -bi". This is a separate
# configuration parameter, because alias_maps (see above) may specify
# tables that are not necessarily all under control by Postfix.
#
#alias_database = dbm:/etc/aliases
#alias_database = dbm:/etc/mail/aliases
alias_database = hash:/etc/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
# ADDRESS EXTENSIONS (e.g., user+foo)
#
# The recipient_delimiter parameter specifies the separator between
# user names and address extensions (user+foo). See canonical(5),
# local(8), relocated(5) and virtual(5) for the effects this has on
# aliases, canonical, virtual, relocated and .forward file lookups.
# Basically, the software tries user+foo and .forward+foo before
# trying user and .forward.
#
#recipient_delimiter = +
# DELIVERY TO MAILBOX
#
# The home_mailbox parameter specifies the optional pathname of a
# mailbox file relative to a user's home directory. The default
# mailbox file is /var/spool/mail/user or /var/mail/user. Specify
# "Maildir/" for qmail-style delivery (the / is required).
#
#home_mailbox = Mailbox
#home_mailbox = Maildir/
<% if has_variable?("postfix_home_mailbox") -%>
home_mailbox <%= postfix_home_mailbox %>
<% end -%>
# The mail_spool_directory parameter specifies the directory where
# UNIX-style mailboxes are kept. The default setting depends on the
# system type.
#
mail_spool_directory = /var/mail
#mail_spool_directory = /var/spool/mail
# The mailbox_command parameter specifies the optional external
# command to use instead of mailbox delivery. The command is run as
# the recipient with proper HOME, SHELL and LOGNAME environment settings.
# Exception: delivery for root is done as $default_user.
#
# Other environment variables of interest: USER (recipient username),
# EXTENSION (address extension), DOMAIN (domain part of address),
# and LOCAL (the address localpart).
#
# Unlike other Postfix configuration parameters, the mailbox_command
# parameter is not subjected to $parameter substitutions. This is to
# make it easier to specify shell syntax (see example below).
#
# Avoid shell meta characters because they will force Postfix to run
# an expensive shell process. Procmail alone is expensive enough.
#
# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
#
#mailbox_command = /some/where/procmail
#mailbox_command = /some/where/procmail -a "$EXTENSION"
# The mailbox_transport specifies the optional transport in master.cf
# to use after processing aliases and .forward files. This parameter
# has precedence over the mailbox_command, fallback_transport and
# luser_relay parameters.
#
# Specify a string of the form transport:nexthop, where transport is
# the name of a mail delivery transport defined in master.cf. The
# :nexthop part is optional. For more details see the sample transport
# configuration file.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
# If using the cyrus-imapd IMAP server deliver local mail to the IMAP
# server using LMTP (Local Mail Transport Protocol), this is prefered
# over the older cyrus deliver program by setting the
# mailbox_transport as below:
#
# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
#
# The efficiency of LMTP delivery for cyrus-imapd can be enhanced via
# these settings.
#
# local_destination_recipient_limit = 300
# local_destination_concurrency_limit = 5
#
# Of course you should adjust these settings as appropriate for the
# capacity of the hardware you are using. The recipient limit setting
# can be used to take advantage of the single instance message store
# capability of Cyrus. The concurrency limit can be used to control
# how many simultaneous LMTP sessions will be permitted to the Cyrus
# message store.
#
# To use the old cyrus deliver program you have to set:
#mailbox_transport = cyrus
# The fallback_transport specifies the optional transport in master.cf
# to use for recipients that are not found in the UNIX passwd database.
# This parameter has precedence over the luser_relay parameter.
#
# Specify a string of the form transport:nexthop, where transport is
# the name of a mail delivery transport defined in master.cf. The
# :nexthop part is optional. For more details see the sample transport
# configuration file.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp
#fallback_transport =
# The luser_relay parameter specifies an optional destination address
# for unknown recipients. By default, mail for unknown@$mydestination,
# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
# as undeliverable.
#
# The following expansions are done on luser_relay: $user (recipient
# username), $shell (recipient shell), $home (recipient home directory),
# $recipient (full recipient address), $extension (recipient address
# extension), $domain (recipient domain), $local (entire recipient
# localpart), $recipient_delimiter. Specify ${name?value} or
# ${name:value} to expand value only when $name does (does not) exist.
#
# luser_relay works only for the default Postfix local delivery agent.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must specify "local_recipient_maps =" (i.e. empty) in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
#luser_relay = $user@other.host
#luser_relay = $local@other.host
#luser_relay = admin+$local
# JUNK MAIL CONTROLS
#
# The controls listed here are only a very small subset. The file
# SMTPD_ACCESS_README provides an overview.
#
smtpd_helo_required = yes
smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_client,
<% if has_variable?("postfix_rbl") -%>
<% postfix_rbl.each do |rbl| -%>
reject_rbl_client <%= rbl %>,
<% end -%>
<% end -%>
permit
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
check_relay_domains
# The header_checks parameter specifies an optional table with patterns
# that each logical message header is matched against, including
# headers that span multiple physical lines.
#
# By default, these patterns also apply to MIME headers and to the
# headers of attached messages. With older Postfix versions, MIME and
# attached message headers were treated as body text.
#
# For details, see "man header_checks".
#
#header_checks = regexp:/etc/postfix/header_checks
# FAST ETRN SERVICE
#
# Postfix maintains per-destination logfiles with information about
# deferred mail, so that mail can be flushed quickly with the SMTP
# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
# See the ETRN_README document for a detailed description.
#
# The fast_flush_domains parameter controls what destinations are
# eligible for this service. By default, they are all domains that
# this server is willing to relay mail to.
#
#fast_flush_domains = $relay_domains
# SHOW SOFTWARE VERSION OR NOT
#
# The smtpd_banner parameter specifies the text that follows the 220
# code in the SMTP server's greeting banner. Some people like to see
# the mail version advertised. By default, Postfix shows no version.
#
# You MUST specify $myhostname at the start of the text. That is an
# RFC requirement. Postfix itself does not care.
#
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
# PARALLEL DELIVERY TO THE SAME DESTINATION
#
# How many parallel deliveries to the same user or domain? With local
# delivery, it does not make sense to do massively parallel delivery
# to the same user, because mailbox updates must happen sequentially,
# and expensive pipelines in .forward files can cause disasters when
# too many are run at the same time. With SMTP deliveries, 10
# simultaneous connections to the same domain could be sufficient to
# raise eyebrows.
#
# Each message delivery transport has its XXX_destination_concurrency_limit
# parameter. The default is $default_destination_concurrency_limit for
# most delivery transports. For the local delivery agent the default is 2.
#local_destination_concurrency_limit = 2
#default_destination_concurrency_limit = 20
# DEBUGGING CONTROL
#
# The debug_peer_level parameter specifies the increment in verbose
# logging level when an SMTP client or server host name or address
# matches a pattern in the debug_peer_list parameter.
#
debug_peer_level = 2
# The debug_peer_list parameter specifies an optional list of domain
# or network patterns, /file/name patterns or type:name tables. When
# an SMTP client or server host name or address matches a pattern,
# increase the verbose logging level by the amount specified in the
# debug_peer_level parameter.
#
#debug_peer_list = 127.0.0.1
#debug_peer_list = some.domain
# The debugger_command specifies the external command that is executed
# when a Postfix daemon program is run with the -D option.
#
# Use "command .. & sleep 5" so that the debugger can attach before
# the process marches on. If you use an X-based debugger, be sure to
# set up your XAUTHORITY environment variable before starting Postfix.
#
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
# If you can't use X, use this to capture the call stack when a
# daemon crashes. The result is in a file in the configuration
# directory, and is named after the process name and the process ID.
#
# debugger_command =
# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
# >$config_directory/$process_name.$process_id.log & sleep 5
#
# Another possibility is to run gdb under a detached screen session.
# To attach to the screen sesssion, su root and run "screen -r
# <id_string>" where <id_string> uniquely matches one of the detached
# sessions (from "screen -list").
#
# debugger_command =
# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
# -dmS $process_name gdb $daemon_directory/$process_name
# $process_id & sleep 1
# INSTALL-TIME CONFIGURATION INFORMATION
#
# The following parameters are used when installing a new Postfix version.
#
# sendmail_path: The full pathname of the Postfix sendmail command.
# This is the Sendmail-compatible mail posting interface.
#
sendmail_path = /usr/sbin/sendmail.postfix
# newaliases_path: The full pathname of the Postfix newaliases command.
# This is the Sendmail-compatible command to build alias databases.
#
newaliases_path = /usr/bin/newaliases.postfix
# mailq_path: The full pathname of the Postfix mailq command. This
# is the Sendmail-compatible mail queue listing command.
#
mailq_path = /usr/bin/mailq.postfix
# setgid_group: The group for mail submission and queue management
# commands. This must be a group name with a numerical group ID that
# is not shared with other accounts, not even with the Postfix account.
#
setgid_group = postdrop
# html_directory: The location of the Postfix HTML documentation.
#
html_directory = no
# manpage_directory: The location of the Postfix on-line manual pages.
#
manpage_directory = /usr/share/man
# sample_directory: The location of the Postfix sample configuration files.
# This parameter is obsolete as of Postfix 2.1.
#
#sample_directory = /usr/share/doc/postfix-2.6.6/samples
# readme_directory: The location of the Postfix README files.
#
#readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
<% if postfix_interfaces != "localhost" -%>
# SASL
#
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
# TLS
#
smtpd_use_tls=yes
smtpd_tls_cert_file=<%= scope.lookupvar('ssl::certs') %>/postfix.crt
smtpd_tls_key_file=<%= scope.lookupvar('ssl::private') %>/postfix.key
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
<% end -%>

2
pulseaudio/manifests/init.pp
View file

@ -27,7 +27,7 @@ class pulseaudio::server inherits pulseaudio::common {
}
file { "/etc/sysconfig/pulseaudio":
ensure => present,
source => "puppet:///modules/pulseaudio/pulseaudio.sysconfig.${operatingsystem}",
source => "puppet:///modules/pulseaudio/pulseaudio.sysconfig.${::operatingsystem}",
mode => "0644",
owner => root,
group => root,

60
puppet/manifests/init.pp
View file

@ -24,13 +24,13 @@ class puppet::client {
$puppet_keylength = "2048"
}
case $operatingsystem {
case $::operatingsystem {
openbsd: { $vardir = "/var/puppet" }
default: { $vardir = "/var/lib/puppet" }
}
case $operatingsystem {
centos,fedora: {
case $::operatingsystem {
"centos","redhat","fedora": {
package { "ruby-shadow":
ensure => installed,
}
@ -43,7 +43,7 @@ class puppet::client {
}
}
openbsd: {
if $operatingsystemrelease == "4.9" {
if $::operatingsystemrelease == "4.9" {
file { "/etc/rc.d/puppetd":
ensure => present,
source => "puppet:///modules/puppet/puppetd.rc",
@ -61,16 +61,16 @@ class puppet::client {
content => template("puppet/puppet.conf.erb"),
mode => "0640",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
openbsd => "_puppet",
default => "puppet",
},
}
case $operatingsystem {
case $::operatingsystem {
openbsd: {
service { "puppet":
name => $operatingsystemrelease ? {
name => $::operatingsystemrelease ? {
/4\.[1-8]/ => "puppet",
default => "puppetd",
},
@ -114,14 +114,14 @@ class puppet::client {
source => "puppet:///modules/puppet/puppet-check",
mode => "0755",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
openbsd => "wheel",
default => "root",
},
}
cron { "puppet-check":
ensure => present,
environment => $operatingsystem ? {
environment => $::operatingsystem ? {
openbsd => "PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin",
default => undef,
},
@ -149,7 +149,7 @@ class puppet::manual inherits puppet::client {
ensure => absent,
}
case $operatingsystem {
case $::operatingsystem {
debian,ubuntu: {
File["/etc/default/puppet"] {
source => "puppet:///modules/puppet/puppet.disabled.default",
@ -193,7 +193,7 @@ class puppet::server {
#
class puppet::server::common inherits puppet::client {
if $::operatingsystem == "CentOS" and $::operatingsystemrelease =~ /^[1-5]\..*/ {
if $::operatingsystem in ["CentOS","RedHat"] and $::operatingsystemrelease =~ /^[1-5]\..*/ {
$seltype_readonly = "var_lib_t"
$seltype_writable = "var_lib_t"
} else {
@ -201,7 +201,7 @@ class puppet::server::common inherits puppet::client {
$seltype_writable = "puppet_var_lib_t"
}
case $operatingsystem {
case $::operatingsystem {
"openbsd": {
$user = "_puppet"
$group = "_puppet"
@ -239,14 +239,14 @@ class puppet::server::common inherits puppet::client {
}
package { "puppetmaster":
name => $operatingsystem ? {
name => $::operatingsystem ? {
debian => "puppetmaster",
ubuntu => "puppetmaster",
openbsd => "ruby-puppet",
default => "puppet-server",
},
ensure => installed,
notify => $operatingsystem ? {
notify => $::operatingsystem ? {
debian => Exec["stop-puppetmaster"],
ubuntu => Exec["stop-puppetmaster"],
default => undef,
@ -254,7 +254,7 @@ class puppet::server::common inherits puppet::client {
before => File["/etc/puppet/puppet.conf"],
}
case $operatingsystem {
case $::operatingsystem {
"debian","ubuntu": {
exec { "stop-puppetmaster":
command => "pkill -u puppet ; true",
@ -273,7 +273,7 @@ class puppet::server::common inherits puppet::client {
}
"mysql": {
require ruby::mysql
if $::operatingsystem == "CentOS" and $::operatingsystemrelease !~ /^[1-5]\..*/ {
if $::operatingsystem in ["CentOS","RedHat"] and $::operatingsystemrelease !~ /^[1-5]\..*/ {
selinux::boolean { "puppetmaster_use_db":
value => "on",
}
@ -292,7 +292,7 @@ class puppet::server::common inherits puppet::client {
ensure => directory,
mode => "0755",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
@ -322,7 +322,7 @@ class puppet::server::common inherits puppet::client {
ensure => directory,
mode => "0755",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
@ -368,7 +368,7 @@ class puppet::server::common inherits puppet::client {
ensure => directory,
mode => "0755",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
@ -379,7 +379,7 @@ class puppet::server::common inherits puppet::client {
ensure => directory,
mode => "0755",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
@ -406,7 +406,7 @@ class puppet::server::common inherits puppet::client {
"puppet:///modules/puppet/tagmail.conf", ],
mode => "0644",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
@ -420,14 +420,14 @@ class puppet::server::common inherits puppet::client {
"puppet:///modules/puppet/fileserver.conf", ],
mode => "0644",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
require => Package["puppetmaster"],
}
if $operatingsystem != "OpenBSD" {
if $::operatingsystem != "OpenBSD" {
if !$puppet_report_maxage {
$puppet_report_maxage = "720"
}
@ -447,7 +447,7 @@ class puppet::server::common inherits puppet::client {
source => "puppet:///modules/puppet/puppet-clean-storeconfigs",
mode => "0755",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
openbsd => "wheel",
default => "root",
},
@ -482,7 +482,7 @@ class puppet::server::webrick {
require => Package["puppetmaster"],
}
case $operatingsystem {
case $::operatingsystem {
debian,ubuntu: {
file { "/etc/default/puppetmaster":
ensure => present,
@ -524,7 +524,7 @@ class puppet::server::mongrel {
$puppet_listenports = [ "18140", "18141", "18142", "18143", ]
}
if $::operatingsystem == "CentOS" and $::operatingsystemrelease =~ /^[1-5]\..*/ {
if $::operatingsystem in ["CentOS","RedHat"] and $::operatingsystemrelease =~ /^[1-5]\..*/ {
$seltype = "http_port_t"
} else {
$seltype = "puppet_port_t"
@ -547,7 +547,7 @@ class puppet::server::mongrel {
require => Package["puppetmaster", "mongrel"],
}
case $operatingsystem {
case $::operatingsystem {
debian,ubuntu: {
file { "/etc/default/puppetmaster":
ensure => present,
@ -584,7 +584,7 @@ class puppet::server::apache {
content => template("puppet/puppet-httpd.conf.erb"),
http => false,
}
case $operatingsystem {
case $::operatingsystem {
debian,ubuntu: {
include apache::mod::headers
include apache::mod::proxy
@ -641,7 +641,7 @@ class puppet::opencollab {
include wiki::opencollab
package { "PyYAML":
name => $operatingsystem ? {
name => $::operatingsystem ? {
debian => "python-yaml",
ubuntu => "python-yaml",
default => "PyYAML",
@ -658,7 +658,7 @@ class puppet::opencollab {
content => "[creds]\nurl = ${puppet_opencollab_url}\nusername = ${puppet_opencollab_user}\npassword = ${puppet_opencollab_pass}\n",
}
case $operatingsystem {
case $::operatingsystem {
ubuntu: { $script = "/usr/local/bin/opencollab-puppet-uploader" }
default: { $script = "/usr/bin/opencollab-puppet-uploader" }
}

6
puppet/templates/puppet-httpd.conf.erb
View file

@ -50,12 +50,7 @@ Listen 8140
# Proxy settings
<IfModule mod_rewrite.c>
<LocationMatch ^/production/file_content/.*>
ForceType application/x-raw
</LocationMatch>
RewriteEngine On
RewriteRule ^/production/file_content/files/(.+)$ /srv/puppet/files/common/$1 [L]
RewriteRule ^/production/file_content/modules/([^/]+)/files/(.+)$ /etc/puppet/modules/$1/files/$2 [L]
RewriteRule ^/(.*)$ balancer://puppetmaster%{REQUEST_URI} [P,QSA,L]
</Ifmodule>
<IfModule !mod_rewrite.c>
@ -67,4 +62,3 @@ Listen 8140
SetEnv proxy-nokeepalive 1
</VirtualHost>

2
rsync/manifests/init.pp
View file

@ -10,7 +10,7 @@ class rsync {
}
class rsync::run-rsync {
case $operatingsystem {
case $::operatingsystem {
ubuntu: {
package { "run-rsync": ensure => installed, }
file { "/etc/run-rsync/RunRsyncConfig.pm":

33
ruby/manifests/init.pp
View file

@ -44,7 +44,7 @@ class ruby::mysql {
class ruby::rails {
case $::operatingsystem {
"centos": {
"centos","redhat": {
if $::operatingsystemrelease =~ /^[1-5]/ {
package { "rubygem-rails":
ensure => installed,
@ -78,18 +78,27 @@ class ruby::rails {
#
class ruby::rrd {
package { "ruby-rrd":
ensure => installed,
name => $::operatingsystem ? {
centos => $::operatingsystemrelease ? {
case $::operatingsystem {
"centos","redhat": {
$package = $::operatingsystemrelease ? {
/^[1-5]/ => "ruby-RRDtool",
default => "rrdtool-ruby",
},
debian => regsubst($::rubyversion, '^([0-9]+\.[0-9]+)\..*', 'librrd-ruby\1'),
ubuntu => regsubst($::rubyversion, '^([0-9]+\.[0-9]+)\..*', 'librrd-ruby\1'),
openbsd => "ruby-rrd",
default => "ruby-RRDtool",
},
}
}
"debian","ubuntu": {
$package = regsubst($::rubyversion, '^([0-9]+\.[0-9]+)\..*', 'librrd-ruby\1')
}
"openbsd": {
$package = "ruby-rrd"
}
default: {
$packaage = "ruby-RRDtool"
}
}
package { "ruby-rrd":
ensure => installed,
name => $package,
}
}
@ -100,7 +109,7 @@ class ruby::rrd {
class ruby::sqlite3 {
case $::operatingsystem {
"centos": {
"centos","redhat": {
if $::operatingsystemrelease =~ /^[1-5]/ {
package { "rubygem-sqlite3-ruby":
ensure => installed,

18
samba/manifests/init.pp
View file

@ -6,8 +6,8 @@ class samba::server {
ensure => installed,
}
case $operatingsystem {
openbsd: {
case $::operatingsystem {
"openbsd": {
service { "nmbd":
ensure => running,
enable => true,
@ -25,8 +25,8 @@ class samba::server {
subscribe => File["/etc/samba/smb.conf"],
}
}
centos: {
case $operatingsystemrelease {
"centos","redhat": {
case $::operatingsystemrelease {
/^[1-5]\./: {
service { "smb":
ensure => running,
@ -49,7 +49,7 @@ class samba::server {
}
}
}
fedora: {
"fedora": {
service { [ "smb", "nmb" ]:
ensure => running,
enable => true,
@ -59,7 +59,7 @@ class samba::server {
subscribe => File["/etc/samba/smb.conf"],
}
}
ubuntu: {
"ubuntu": {
service { [ "smbd", "nmbd" ]:
ensure => running,
enable => true,
@ -70,7 +70,7 @@ class samba::server {
}
}
default: {
fail("samba::server not supported in '${operatingsystem}'")
fail("samba::server not supported in '${::operatingsystem}'")
}
}
@ -80,7 +80,7 @@ class samba::server {
"puppet:///files/samba/smb.conf", ],
mode => "0644",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
openbsd => "wheel",
default => "root",
},
@ -94,7 +94,7 @@ class samba::server {
"puppet:///modules/samba/lmhosts", ],
mode => "0644",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
openbsd => "wheel",
default => "root",
},

12
selinux/manifests/init.pp
View file

@ -37,7 +37,7 @@ class selinux {
notify => Exec["set-selinux-mode"],
}
if $operatingsystem == "CentOS" and $operatingsystemrelease =~ /^[1-5]\./ {
if $::operatingsystem in ["CentOS","RedHat"] and $::operatingsystemrelease =~ /^[1-5]\./ {
service { "setroubleshoot":
ensure => $selinux_type ? {
disabled => stopped,
@ -72,16 +72,16 @@ class selinux {
#
class selinux::tools {
case $operatingsystem {
case $::operatingsystem {
"fedora": { $package = "policycoreutils-python" }
"centos": {
case $operatingsystemrelease {
"centos","redhat": {
case $::operatingsystemrelease {
/^6/: { $package = "policycoreutils-python" }
default: { $package = "policycoreutils" }
}
}
default: {
fail("selinux::tools not supported on ${operatingsystem}")
fail("selinux::tools not supported on ${::operatingsystem}")
}
}
@ -272,7 +272,7 @@ class selinux::module::devel {
include selinux::tools
if $::operatingsystem == "CentOS" {
if $::operatingsystem in ["CentOS","RedHat"] {
if $::operatingsystemrelease =~ /^5\.[0-9]/ {
package { "selinux-policy-devel":
ensure => installed,

34
sendmail/manifests/init.pp
View file

@ -6,7 +6,7 @@ class sendmail::common {
$mail_domain = $domain
}
if $operatingsystem != "OpenBSD" {
if $::operatingsystem != "OpenBSD" {
package { "sendmail":
ensure => installed,
name => [ "sendmail", "sendmail-cf", ],
@ -18,8 +18,8 @@ class sendmail::common {
}
}
case $operatingsystem {
"centos","fedora": {
case $::operatingsystem {
"centos","redhat","fedora": {
file { "/etc/sysconfig/sendmail":
ensure => present,
content => "DAEMON=no\nQUEUE=1h\n",
@ -48,20 +48,20 @@ class sendmail::client inherits sendmail::common {
}
file { "/etc/mail/submit.mc":
path => $operatingsystem ? {
path => $::operatingsystem ? {
"openbsd" => "/usr/share/sendmail/cf/submit.mc",
default => "/etc/mail/submit.mc",
},
ensure => present,
content => template("sendmail/submit.mc.erb", "sendmail/submit.mc.msp.erb"),
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
"openbsd" => "bin",
default => "root",
},
mode => "0644",
notify => Exec["make submit.cf"],
require => $operatingsystem ? {
require => $::operatingsystem ? {
"openbsd" => undef,
default => Package["sendmail"],
},
@ -69,12 +69,12 @@ class sendmail::client inherits sendmail::common {
exec { "make submit.cf":
path => "/bin:/usr/bin:/sbin:/usr/sbin:/etc/mail",
cwd => $operatingsystem ? {
cwd => $::operatingsystem ? {
"openbsd" => "/usr/share/sendmail/cf",
default => "/etc/mail",
},
refreshonly => true,
notify => $operatingsystem ? {
notify => $::operatingsystem ? {
"openbsd" => undef,
default => Service["sendmail"],
},
@ -83,13 +83,13 @@ class sendmail::client inherits sendmail::common {
file { "/etc/mail/submit.cf":
ensure => present,
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
"openbsd" => "wheel",
"ubuntu" => "smmsp",
default => "root",
},
mode => "0644",
source => $operatingsystem ? {
source => $::operatingsystem ? {
"openbsd" => "/usr/share/sendmail/cf/submit.cf",
default => undef,
},
@ -140,8 +140,8 @@ class sendmail::server inherits sendmail::common {
type => "sendmail_exec_t",
}
case $operatingsystem {
"centos","fedora": {
case $::operatingsystem {
"centos","redhat","fedora": {
File["/etc/sysconfig/sendmail"] {
content => "DAEMON=yes\nQUEUE=1h\n",
}
@ -179,7 +179,7 @@ class sendmail::server inherits sendmail::common {
}
file { "sendmail.mc":
name => $operatingsystem ? {
name => $::operatingsystem ? {
"openbsd" => "/usr/share/sendmail/cf/sendmail.mc",
default => "/etc/mail/sendmail.mc",
},
@ -191,11 +191,11 @@ class sendmail::server inherits sendmail::common {
}
exec { "make sendmail.cf":
path => "/bin:/usr/bin:/sbin:/usr/sbin:/etc/mail",
cwd => $operatingsystem ? {
cwd => $::operatingsystem ? {
"openbsd" => "/usr/share/sendmail/cf",
default => "/etc/mail",
},
require => $operatingsystem ? {
require => $::operatingsystem ? {
"openbsd" => undef,
default => Package["sendmail"],
},
@ -206,7 +206,7 @@ class sendmail::server inherits sendmail::common {
mode => "0644",
owner => "root",
group => "root",
source => $operatingsystem ? {
source => $::operatingsystem ? {
"openbsd" => "/usr/share/sendmail/cf/sendmail.cf",
default => undef,
},
@ -231,7 +231,7 @@ class sendmail::server inherits sendmail::common {
file { "/etc/aliases":
ensure => present,
name => $operatingsystem ? {
name => $::operatingsystem ? {
"openbsd" => "/etc/mail/aliases",
default => "/etc/aliases",
},

2
sendmail/templates/sendmail.mc.erb
View file

@ -2,7 +2,7 @@ divert(-1)dnl
dnl #
dnl # This file is managed by puppet so hand editing is not recommended.
dnl #
<% if ['CentOS','Fedora'].index(operatingsystem) -%>
<% if ['CentOS','RedHat','Fedora'].index(operatingsystem) -%>
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
<% elsif operatingsystem == 'Ubuntu' -%>
include(`/usr/share/sendmail/cf/m4/cf.m4')dnl

4
sendmail/templates/submit.mc.erb
View file

@ -15,7 +15,7 @@ divert(-1)
#
divert(0)dnl
<% if ['CentOS','Fedora'].index(operatingsystem) -%>
<% if ['CentOS','RedHat','Fedora'].index(operatingsystem) -%>
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
<% elsif operatingsystem == 'Ubuntu' -%>
include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
@ -31,7 +31,7 @@ define(`confDIRECT_SUBMISSION_MODIFIERS',`C')dnl
<% if has_variable?('mail_domain') -%>
define(`confDOMAIN_NAME', `<%= mail_domain %>')dnl
<% end -%>
<% if ['CentOS','Fedora'].index(operatingsystem) -%>
<% if ['CentOS','RedHat','Fedora'].index(operatingsystem) -%>
define(`confPID_FILE', `/var/run/sm-client.pid')dnl
<% end -%>
FEATURE(`use_ct_file')dnl

16
ssh/manifests/init.pp
View file

@ -6,7 +6,7 @@ class ssh::known_hosts {
ensure => present,
mode => "0644",
owner => root,
group => $operatingsystem ? {
group => $::operatingsystem ? {
OpenBSD => wheel,
default => root,
},
@ -36,7 +36,7 @@ class ssh::hostkeys {
source => "puppet:///private/ssh_host_dsa_key",
mode => "0600",
owner => root,
group => $operatingsystem ? {
group => $::operatingsystem ? {
openbsd => wheel,
default => root,
},
@ -46,7 +46,7 @@ class ssh::hostkeys {
source => "puppet:///private/ssh_host_dsa_key.pub",
mode => "0644",
owner => root,
group => $operatingsystem ? {
group => $::operatingsystem ? {
openbsd => wheel,
default => root,
},
@ -57,7 +57,7 @@ class ssh::hostkeys {
source => "puppet:///private/ssh_host_rsa_key",
mode => "0600",
owner => root,
group => $operatingsystem ? {
group => $::operatingsystem ? {
openbsd => wheel,
default => root,
},
@ -67,7 +67,7 @@ class ssh::hostkeys {
source => "puppet:///private/ssh_host_rsa_key.pub",
mode => "0644",
owner => root,
group => $operatingsystem ? {
group => $::operatingsystem ? {
openbsd => wheel,
default => root,
},
@ -78,7 +78,7 @@ class ssh::hostkeys {
source => "puppet:///private/ssh_host_key",
mode => "0600",
owner => root,
group => $operatingsystem ? {
group => $::operatingsystem ? {
openbsd => wheel,
default => root,
},
@ -88,7 +88,7 @@ class ssh::hostkeys {
source => "puppet:///private/ssh_host_key.pub",
mode => "0644",
owner => root,
group => $operatingsystem ? {
group => $::operatingsystem ? {
openbsd => wheel,
default => root,
},
@ -124,7 +124,7 @@ class ssh::server {
#
class ssh::disable inherits ssh::server {
case $operatingsystem {
case $::operatingsystem {
"ubuntu": {
file { "/etc/init/ssh.conf":
ensure => present,

2
ssl/manifests/init.pp
View file

@ -4,7 +4,7 @@
class ssl {
case $::operatingsystem {
"centos","fedora": {
"centos","redhat","fedora": {
$certs = "/etc/pki/tls/certs"
$private = "/etc/pki/tls/private"
}

8
sudo/manifests/init.pp
View file

@ -2,7 +2,7 @@
#
class sudo {
if $operatingsystem != "OpenBSD" {
if $::operatingsystem != "OpenBSD" {
package { "sudo":
ensure => installed,
before => File["/etc/sudoers.d"],
@ -13,7 +13,7 @@ class sudo {
ensure => directory,
mode => "0440",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
@ -27,7 +27,7 @@ class sudo {
ensure => present,
mode => "0440",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
@ -56,7 +56,7 @@ define sudo::sudoer($where="ALL", $as_whom="ALL", $what="ALL") {
ensure => present,
mode => "0440",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},

87
syslog/files/logarchiver.sh
View file

@ -1,18 +1,21 @@
#!/bin/sh
ARCHIVEFILES="all.log"
LOGDIR="/srv/log"
DATE=`date +%Y-%m-%d`
YEAR=`date +%Y`
ARCHIVEDIR="/srv/log/archive/" #archivedlogs will be in this
#directory + $YEAR
ARCHIVE="${LOGDIR}/archive"
DATE="`date +%Y-%m-%d`"
YEAR="`date +%Y`"
umask 027
myerror(){
myerror()
{
echo "Error: $*" 1>&2
exit 1
}
archive_log(){
archive_log()
{
FILE="${1}"
DEST="${2}"
@ -21,44 +24,54 @@ archive_log(){
else
echo "Archiving file ${FILE} to ${DEST}"
mv "${FILE}" "${DEST}"
touch ${FILE}
touch "${FILE}"
LOGS="${LOGS} ${DEST}"
fi
}
restart_syslog(){
restart_syslog()
{
for i in syslog.pid rsyslogd.pid syslogd.pid ; do
if [ -f "/var/run/$i" ]; then
PIDFILE="/var/run/$i"
break
fi
if [ -f "/var/run/$i" ]; then
PIDFILE="/var/run/$i"
break
fi
done
if [ "blah${PIDFILE}" = "blah" ]; then
myerror "Cannot find syslog pid file" 1>&2
myerror "Cannot find syslog pid file"
fi
kill -HUP `cat ${PIDFILE}`
}
archive(){
[ -d ${LOGDIR} ] || myerror "No such direcroty: ${LOGDIR}"
[ -d "${ARCHIVEDIR}" ] || myerror "No such archive directory: ${ARCHIVEDIR}"
[ -d "${ARCHIVEDIR}/${YEAR}" ] || mkdir ${ARCHIVEDIR}/${YEAR}
ARCHIVEDIR="${ARCHIVEDIR}/${YEAR}"
for logfile in ${ARCHIVEFILES} ; do
[ -f "${LOGDIR}/${logfile}" ] || myerror "File not found: ${logfile}"
archive_log "${LOGDIR}/${logfile}" "${ARCHIVEDIR}/${logfile}.${DATE}"
done
restart_syslog
for zipfile in ${ARCHIVEFILES} ; do
gzip -f "${ARCHIVEDIR}/${zipfile}.${DATE}" || myerror "Error while gzipping ${ARCHIVEDIR}/${zipfile}"
done
}
case "x$1" in
"x-v"|"x--verbose")
archive
;;
*)
archive >> /dev/null
;;
esac
[ $# -gt 0 ] || myerror "Usage: `basename $0` <file|dir> [file|dir] ..."
[ -d ${LOGDIR} ] || myerror "Not a directory: ${LOGDIR}"
while [ "$*" ]; do
if [ -f "${LOGDIR}/${1}" ]; then
dstdir=${ARCHIVE}/${YEAR}
dstfile=${dstdir}/`basename ${1}`.${DATE}
[ -d "${dstdir}" ] || mkdir -p ${dstdir}
archive_log ${LOGDIR}/${1} ${dstfile}
elif [ -d "${LOGDIR}/${1}" ]; then
for f in ${LOGDIR}/${1}/*.log; do
if [ -f "${f}" ]; then
dstdir=${ARCHIVE}/${1}/${YEAR}
dstfile=${dstdir}/`basename ${f}`.${DATE}
[ -d "${dstdir}" ] || mkdir -p ${dstdir}
archive_log ${f} ${dstfile}
else
echo "Skipping ${f}: not a file" 1>&2
fi
done
else
echo "Skipping ${1}: not a file or directory" 1>&2
fi
shift
done
restart_syslog
for log in ${LOGS}; do
gzip -f ${log} || myerror "Error while gzipping ${log}"
done

40
syslog/manifests/init.pp
View file

@ -14,7 +14,7 @@ class syslog::common {
if !$syslog_type {
case $::operatingsystem {
"centos": {
"centos","redhat": {
$syslog_type = $::operatingsystemrelease ? {
/^6/ => "rsyslog",
default => "syslogd",
@ -212,8 +212,15 @@ class syslog::client::rsyslog {
# $syslog_datadir:
# Directory where to store logs. Defaults to /srv/log.
#
# $syslog_rotate:
# Array of log files to rotate. Defaults to 'all.log'.
#
class syslog::common::standalone inherits syslog::common {
if !$syslog_rotate {
$syslog_rotate = [ "all.log" ]
}
if $syslog_datadir {
file { $syslog_datadir:
ensure => directory,
@ -277,8 +284,9 @@ class syslog::common::standalone inherits syslog::common {
default => "root",
},
}
$syslog_rotate_files = inline_template('<%= syslog_rotate.join(" ") -%>')
cron { "logarchiver.sh":
command => "/usr/local/sbin/logarchiver.sh",
command => "/usr/local/sbin/logarchiver.sh ${syslog_rotate_files} >/dev/null",
user => "root",
hour => 0,
minute => 0,
@ -370,3 +378,31 @@ class syslog::server::rsyslog inherits syslog::client::rsyslog {
}
}
# Install syslog server with custom configuration.
#
class syslog::custom inherits syslog::common::standalone {
case $syslog_type {
"syslogd": { fail("Server for \$syslog_type '$syslog_type' not yet supported.") }
"rsyslog": { include syslog::custom::rsyslog }
default: { fail("Unknown \$syslog_type '$syslog_type'") }
}
}
# Install syslog server using rsyslog with custom configuration.
#
class syslog::custom::rsyslog inherits syslog::client::rsyslog {
File["/etc/rsyslog.conf"] {
content => undef,
source => [ "puppet:///files/syslog/rsyslog.conf.${homename}",
"puppet:///files/syslog/rsyslog.conf", ],
require => [ File["/srv/log"],
File["/var/log/all.log"], ],
}
}

4
sysstat/manifests/init.pp
View file

@ -6,14 +6,14 @@ class sysstat {
}
case $::operatingsystem {
ubuntu: {
"ubuntu": {
file { "/etc/default/sysstat":
ensure => present,
source => "puppet:///modules/sysstat/sysstat.default",
notify => Service["sysstat"],
}
}
centos,fedora: {
"centos","redhat","fedora": {
}
default: {
fail("sysstat not supported on ${::operatingsystem}")

19
tftp/manifests/init.pp
View file

@ -13,7 +13,7 @@ class tftp::server {
ensure => directory,
mode => "0755",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
openbsd => "wheel",
default => "root",
},
@ -30,7 +30,7 @@ class tftp::server {
ensure => directory,
mode => "0755",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
@ -38,7 +38,7 @@ class tftp::server {
}
}
case $operatingsystem {
case $::operatingsystem {
debian,fedora,ubuntu: {
file { "/var/lib/tftpboot":
ensure => link,
@ -70,9 +70,9 @@ class tftp::server {
}
}
if $operatingsystem != "OpenBSD" {
if $::operatingsystem != "OpenBSD" {
package { "tftp-server":
name => $operatingsystem ? {
name => $::operatingsystem ? {
ubuntu => "tftpd-hpa",
debian => "tftpd-hpa",
default => "tftp-server",
@ -81,7 +81,7 @@ class tftp::server {
}
}
case $operatingsystem {
case $::operatingsystem {
"debian","ubuntu": {
service { "tftpd-hpa":
ensure => running,
@ -112,7 +112,14 @@ class tftp::server {
include inetd::server
inetd::service { "tftp":
ensure => present,
<<<<<<< HEAD
require => $::operatingsystem ? {
"openbsd" => undef,
default => Package["tftp-server"],
},
=======
require => Package["tftp-server"],
>>>>>>> 7c4f9e6b94793caf3c9369cc0519eefddc54f7d0
}
}
}

2
time/manifests/init.pp
View file

@ -25,7 +25,7 @@ class time::zone {
},
}
case $operatingsystem {
case $::operatingsystem {
"centos","redhat": {
file { "/etc/sysconfig/clock":
ensure => present,

8
user/manifests/init.pp
View file

@ -6,13 +6,13 @@ class user::system {
ensure => directory,
mode => "0755",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
}
if $operatingsystem == "ubuntu" {
if $::operatingsystem == "ubuntu" {
file { "/sbin/nologin":
ensure => link,
target => "/usr/sbin/nologin",
@ -64,7 +64,7 @@ class user::system {
gid => 802,
comment => "Service Jabber",
home => "/var/lib/ejabberd",
shell => $operatingsystem ? {
shell => $::operatingsystem ? {
"ubuntu" => "/bin/sh",
default => "/sbin/nologin",
},
@ -261,7 +261,7 @@ define user::newuser($uid, $gid, $comment, $home, $shell, $groups=undef, $requir
shell => $shell,
groups => $groups,
require => $requiregroups,
notify => $operatingsystem ? {
notify => $::operatingsystem ? {
OpenBSD => [ Exec["user-mod-${name}"],
Exec["user-home-${name}"], ],
default => undef,

4
util/manifests/init.pp
View file

@ -41,7 +41,7 @@ define util::extract::tar($source, $ensure=present, $strip=0, $preserve=false) {
ensure => directory,
mode => "0755",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
@ -53,7 +53,7 @@ define util::extract::tar($source, $ensure=present, $strip=0, $preserve=false) {
bz2, tbz: { $cat = "bzcat" }
}
$tar = $operatingsystem ? {
$tar = $::operatingsystem ? {
"openbsd" => "gtar",
default => "tar",
}

1
vim/manifests/init.pp
View file

@ -6,6 +6,7 @@ class vim {
package { "vim":
name => $::operatingsystem ? {
"centos" => "vim-enhanced",
"redhat" => "vim-enhanced",
"fedora" => "vim-enhanced",
default => "vim",
},

2
vmware/manifests/guest.pp
View file

@ -5,7 +5,7 @@ class vmware::guest {
case $virtual {
vmware: {
case $operatingsystem {
case $::operatingsystem {
centos: { include vmware::guest::centos }
}
}

8
vsroom/manifests/init.pp
View file

@ -54,9 +54,9 @@ class vsroom::collab {
#
class vsroom::common {
case $operatingsystem {
centos: {
case $operatingsystemrelease {
case $::operatingsystem {
"centos","redhat": {
case $::operatingsystemrelease {
/^5/: {
Python::Setup::Install["/usr/local/src/vsroom"] {
python => "python2.6",
@ -116,7 +116,7 @@ class vsroom::common {
}
}
$htdocs = $operatingsystem ? {
$htdocs = $::operatingsystem ? {
"ubuntu" => "/usr/local/share/vsroom/htdocs",
default => "/usr/share/vsroom/htdocs",
}

10
wiki/manifests/init.pp
View file

@ -50,7 +50,7 @@ class wiki::moin {
require => Util::Patch["/usr/local/src/moin"],
}
$shared = $operatingsystem ? {
$shared = $::operatingsystem ? {
"ubuntu" => "/usr/local/share/moin",
default => "/usr/share/moin",
}
@ -83,7 +83,7 @@ class wiki::graphingwiki::common {
ensure => directory,
mode => "0644",
owner => "root",
group => $operatingsystem ? {
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
@ -364,7 +364,7 @@ class wiki::collab::base {
cron { "collab-htaccess":
ensure => present,
command => $operatingsystem ? {
command => $::operatingsystem ? {
ubuntu => "/usr/local/bin/collab-htaccess",
default => "/usr/bin/collab-htaccess",
},
@ -415,7 +415,7 @@ class wiki::collab::ramcache {
dump => "0",
pass => "0",
require => File["/srv/wikis/collab/cache"],
before => $operatingsystem ? {
before => $::operatingsystem ? {
"ubuntu" => Service["apache2"],
default => Service["httpsd"],
},
@ -451,7 +451,7 @@ define wiki::collab::package($source, $config="/srv/wikis/collab/wikis/collab/co
user => "collab",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
environment => "PYTHONPATH=${config}",
command => "/bin/sh -c 'umask 007; python ${::pythonsitedir}/MoinMoin/packages.py i /usr/local/src/${name}'",
command => "/bin/sh -c 'umask 007; python ${::pythonsitedir}/MoinMoin/packages.py -u collab i /usr/local/src/${name}'",
refreshonly => true,
require => Exec["collab-account-create -f -r collab"]
}

55
yum/manifests/init.pp
View file

@ -45,19 +45,26 @@ class yum::cron::download {
}
# Install changelog plugin
#
class yum::plugin::changelog {
package { "yum-plugin-changelog":
ensure => installed,
name => $operatingsystem ? {
"centos" => $operatingsystemrelease ? {
case $::operatingsystem {
"centos","redhat": {
$package = $::operatingsystemrelease ? {
/^[1-5]/ => "yum-changelog",
default => "yum-plugin-changelog",
},
default => "yum-plugin-changelog",
},
}
}
default: {
$package = "yum-plugin-changelog"
}
}
package { "yum-plugin-changelog":
ensure => installed,
name => $package,
}
}
@ -67,15 +74,21 @@ class yum::plugin::changelog {
#
class yum::plugin::downloadonly {
package { "yum-plugin-downloadonly":
ensure => installed,
name => $operatingsystem ? {
"centos" => $operatingsystemrelease ? {
case $::operatingsystem {
"centos","redhat": {
$package = $::operatingsystemrelease ? {
/^[1-5]/ => "yum-downloadonly",
default => "yum-plugin-downloadonly",
},
default => "yum-plugin-downloadonly",
},
}
}
default: {
$package = "yum-plugin-downloadonly"
}
}
package { "yum-plugin-downloadonly":
ensure => installed,
name => $package,
}
}
@ -85,14 +98,14 @@ class yum::plugin::downloadonly {
#
class yum::common {
case $operatingsystem {
case $::operatingsystem {
"fedora": {
$osname = "fedora"
$osver = $operatingsystemrelease
$osver = $::operatingsystemrelease
}
"centos": {
"centos","redhat": {
$osname = "el"
$osver = regsubst($operatingsystemrelease, '^(\d+)\..*$', '\1')
$osver = regsubst($::operatingsystemrelease, '^(\d+)\..*$', '\1')
}
}
@ -234,8 +247,8 @@ class yum::repo::centos-cr {
tag("bootstrap")
if $operatingsystem != "CentOS" {
fail("CentOS CR repository not supported in ${operatingsystem}")
if $::operatingsystem != "CentOS" {
fail("CentOS CR repository not supported in ${::operatingsystem}")
}
package { "centos-release-cr":
@ -442,7 +455,7 @@ class yum::repo::puppetlabs {
"fedora": {
$dir = "fedora/f\$releasever/products/\$basearch"
}
"centos": {
"centos","redhat": {
$dir = "el/\$releasever/products/\$basearch"
}
default: {