diff --git a/abusehelper/manifests/init.pp b/abusehelper/manifests/init.pp index 39333c8..f9bb072 100644 --- a/abusehelper/manifests/init.pp +++ b/abusehelper/manifests/init.pp @@ -2,14 +2,14 @@ # class abusehelper { - case $operatingsystem { - ubuntu: { + case $::operatingsystem { + "ubuntu": { package { [ "python-pyme", "python-tz" ]: ensure => installed, } } - centos: { - case $operatingsystemrelease { + "centos","redhat": { + case $::operatingsystemrelease { /^5/: { package { "python26": ensure => installed, @@ -44,7 +44,7 @@ class abusehelper { ensure => present, mode => "0644", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { "openbsd" => "wheel", default => "root", }, @@ -61,7 +61,7 @@ class abusehelper { ensure => present, mode => "0644", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { "openbsd" => "wheel", default => "root", }, diff --git a/adobe/manifests/init.pp b/adobe/manifests/init.pp index f1dcc78..4c1934e 100644 --- a/adobe/manifests/init.pp +++ b/adobe/manifests/init.pp @@ -2,15 +2,15 @@ # class adobe::common { - case $operatingsystem { - "centos","fedora": { + case $::operatingsystem { + "centos","redhat","fedora": { include yum::repo::adobe } "ubuntu": { include apt::repo::partner } default: { - fail("Adobe products via puppet not supported on ${operatingsystem}") + fail("Adobe products via puppet not supported on ${::operatingsystem}") } } @@ -36,7 +36,7 @@ class adobe::flash { include adobe::common package { "adobe-flash-plugin": - name => $operatingsystem ? { + name => $::operatingsystem ? { "ubuntu" => "adobe-flashplugin", default => "flash-plugin", }, @@ -53,7 +53,7 @@ class adobe::reader { include adobe::common package { "acroread": - name => $operatingsystem ? { + name => $::operatingsystem ? { "ubuntu" => "acroread", default => "AdobeReader_enu", }, diff --git a/apache/manifests/init.pp b/apache/manifests/init.pp index b51d29e..3b9d080 100644 --- a/apache/manifests/init.pp +++ b/apache/manifests/init.pp @@ -5,7 +5,7 @@ import "redhat.pp" # class apache::common { - case $operatingsystem { + case $::operatingsystem { debian,ubuntu: { if ! $httpd_user { $user = "www-data" @@ -65,7 +65,7 @@ class apache::common { } package { "httpd": - name => $operatingsystem ? { + name => $::operatingsystem ? { debian => "apache2", ubuntu => "apache2", default => "httpd", @@ -110,11 +110,11 @@ class apache::common { # class apache::server inherits apache::common { - case $operatingsystem { - debian,ubuntu: { + case $::operatingsystem { + "debian","ubuntu": { include apache::debian::server } - centos,fedora: { + "centos","redhat","fedora": { if ! $httpd_user { $user = "apache" } else { @@ -128,7 +128,7 @@ class apache::server inherits apache::common { include apache::redhat::server } default: { - fail("Apache module not supported in ${operatingsystem}.") + fail("Apache module not supported in ${::operatingsystem}.") } } @@ -159,15 +159,15 @@ class apache::server inherits apache::common { # define apache::site($aliases="", $root="", $redirect="") { - case $operatingsystem { - debian,ubuntu: { + case $::operatingsystem { + "debian","ubuntu": { apache::debian::site { $name: aliases => $aliases, root => $root, redirect => $redirect, } } - centos,fedora: { + "centos","redhat","fedora": { apache::redhat::site { $name: aliases => $aliases, root => $root, @@ -175,7 +175,7 @@ define apache::site($aliases="", $root="", $redirect="") { } } default: { - fail("Apache module not supported in ${operatingsystem}.") + fail("Apache module not supported in ${::operatingsystem}.") } } @@ -204,11 +204,11 @@ define apache::site($aliases="", $root="", $redirect="") { # class apache::sslserver inherits apache::common { - case $operatingsystem { - debian,ubuntu: { + case $::operatingsystem { + "debian","ubuntu": { include apache::debian::sslserver } - centos,fedora: { + "centos","redhat","fedora": { if ! $httpsd_user { $user = "httpsd" } else { @@ -222,7 +222,7 @@ class apache::sslserver inherits apache::common { include apache::redhat::sslserver } default: { - fail("Apache module not supported in ${operatingsystem}.") + fail("Apache module not supported in ${::operatingsystem}.") } } @@ -271,8 +271,8 @@ define apache::sslsite($ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="", include apache::sslserver::listen - case $operatingsystem { - debian,ubuntu: { + case $::operatingsystem { + "debian","ubuntu": { $apache_ssldir = "/etc/ssl" apache::debian::sslsite { $name: ipaddr => $ipaddr, @@ -283,7 +283,7 @@ define apache::sslsite($ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="", require => Class["apache::sslserver::listen"], } } - centos,fedora: { + "centos","redhat","fedora": { $apache_ssldir = "/etc/pki/tls" apache::redhat::sslsite { $name: ipaddr => $ipaddr, @@ -295,7 +295,7 @@ define apache::sslsite($ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="", } } default: { - fail("Apache module not supported in ${operatingsystem}.") + fail("Apache module not supported in ${::operatingsystem}.") } } @@ -339,8 +339,8 @@ define apache::sslsite($ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="", # define apache::configfile($source="", $content="", $http=true, $https=true) { - case $operatingsystem { - debian,ubuntu: { + case $::operatingsystem { + "debian","ubuntu": { apache::debian::configfile { $name: source => $source, content => $content, @@ -348,7 +348,7 @@ define apache::configfile($source="", $content="", $http=true, $https=true) { https => $https, } } - centos,fedora: { + "centos","redhat","fedora": { apache::redhat::configfile { $name: source => $source, content => $content, @@ -357,7 +357,7 @@ define apache::configfile($source="", $content="", $http=true, $https=true) { } } default: { - fail("Apache module not supported in ${operatingsystem}.") + fail("Apache module not supported in ${::operatingsystem}.") } } @@ -386,13 +386,13 @@ class apache::mod::auth_kerb { # class apache::mod::authnz_ldap { - case $operatingsystem { - debian,ubuntu: { + case $::operatingsystem { + "debian","ubuntu": { apache::debian::a2enmod { "authnz_ldap": } } - centos,fedora: { } + "centos","redhat","fedora": { } default: { - fail("Apache module not supported in ${operatingsystem}.") + fail("Apache module not supported in ${::operatingsystem}.") } } @@ -402,13 +402,13 @@ class apache::mod::authnz_ldap { # class apache::mod::include { - case $operatingsystem { - debian,ubuntu: { + case $::operatingsystem { + "debian","ubuntu": { apache::debian::a2enmod { "include": } } - centos,fedora: { } + "centos","redhat","fedora": { } default: { - fail("Apache module not supported in ${operatingsystem}.") + fail("Apache module not supported in ${::operatingsystem}.") } } @@ -419,7 +419,7 @@ class apache::mod::include { class apache::mod::fcgid { package { "mod_fcgid": - name => $operatingsystem ? { + name => $::operatingsystem ? { debian => "libapache2-mod-fcgid", ubuntu => "libapache2-mod-fcgid", default => "mod_fcgid", @@ -428,19 +428,19 @@ class apache::mod::fcgid { require => Package["httpd"], } - case $operatingsystem { - debian,ubuntu: { + case $::operatingsystem { + "debian","ubuntu": { apache::debian::a2enmod { "fcgid": require => Package ["libapache2-mod-fcgid"], } } - centos,fedora: { + "centos","redhat","fedora": { apache::configfile { "fcgid.conf": require => Package["mod_fcgid"], } } default: { - fail("Apache module not supported in ${operatingsystem}.") + fail("Apache module not supported in ${::operatingsystem}.") } } @@ -451,13 +451,13 @@ class apache::mod::fcgid { # class apache::mod::headers { - case $operatingsystem { - debian,ubuntu: { + case $::operatingsystem { + "debian","ubuntu": { apache::debian::a2enmod { "headers": } } - centos,fedora: { } + "centos","redhat","fedora": { } default: { - fail("Apache module not supported in ${operatingsystem}.") + fail("Apache module not supported in ${::operatingsystem}.") } } @@ -468,13 +468,13 @@ class apache::mod::headers { # class apache::mod::ldap { - case $operatingsystem { - debian,ubuntu: { + case $::operatingsystem { + "debian","ubuntu": { apache::debian::a2enmod { "ldap": } } - centos,fedora: { } + "centos","redhat","fedora": { } default: { - fail("Apache module not supported in ${operatingsystem}.") + fail("Apache module not supported in ${::operatingsystem}.") } } @@ -486,7 +486,7 @@ class apache::mod::ldap { class apache::mod::perl { package { "mod_perl": - name => $operatingsystem ? { + name => $::operatingsystem ? { debian => "libapache2-mod-perl2", ubuntu => "libapache2-mod-perl2", default => "mod_perl", @@ -495,19 +495,19 @@ class apache::mod::perl { require => Package["httpd"], } - case $operatingsystem { - debian,ubuntu: { + case $::operatingsystem { + "debian","ubuntu": { apache::debian::a2enmod { "perl2": require => Package ["libapache2-mod-perl2"], } } - centos,fedora: { + "centos","redhat","fedora": { apache::configfile { "perl.conf": require => Package["mod_perl"], } } default: { - fail("Apache module not supported in ${operatingsystem}.") + fail("Apache module not supported in ${::operatingsystem}.") } } @@ -519,7 +519,7 @@ class apache::mod::perl { class apache::mod::php { package { "php": - name => $operatingsystem ? { + name => $::operatingsystem ? { debian => "libapache2-mod-php5", ubuntu => "libapache2-mod-php5", default => "php", @@ -528,19 +528,19 @@ class apache::mod::php { require => Package["httpd"], } - case $operatingsystem { - debian,ubuntu: { + case $::operatingsystem { + "debian","ubuntu": { apache::debian::a2enmod { "php5": require => Package ["libapache2-mod-php5"], } } - centos,fedora: { + "centos","redhat","fedora": { apache::configfile { "php.conf": require => Package["php"], } } default: { - fail("Apache module not supported in ${operatingsystem}.") + fail("Apache module not supported in ${::operatingsystem}.") } } @@ -551,19 +551,19 @@ class apache::mod::php { # class apache::mod::proxy { - case $operatingsystem { - debian,ubuntu: { + case $::operatingsystem { + "debian","ubuntu": { apache::debian::a2enmod { "proxy": content => template("apache/proxy.conf.erb"), } } - centos,fedora: { + "centos","redhat","fedora": { apache::configfile { "proxy.conf": content => template("apache/proxy.conf.erb"), } } default: { - fail("Apache module not supported in ${operatingsystem}.") + fail("Apache module not supported in ${::operatingsystem}.") } } @@ -574,13 +574,13 @@ class apache::mod::proxy { # class apache::mod::proxy_http { - case $operatingsystem { - debian,ubuntu: { + case $::operatingsystem { + "debian","ubuntu": { apache::debian::a2enmod { "proxy_http": } } - centos,fedora: { } + "centos","redhat","fedora": { } default: { - fail("Apache module not supported in ${operatingsystem}.") + fail("Apache module not supported in ${::operatingsystem}.") } } @@ -591,13 +591,13 @@ class apache::mod::proxy_http { # class apache::mod::proxy_balancer { - case $operatingsystem { - debian,ubuntu: { + case $::operatingsystem { + "debian","ubuntu": { apache::debian::a2enmod { "proxy_balancer": } } - centos,fedora: { } + "centos","redhat","fedora": { } default: { - fail("Apache module not supported in ${operatingsystem}.") + fail("Apache module not supported in ${::operatingsystem}.") } } @@ -609,7 +609,7 @@ class apache::mod::proxy_balancer { class apache::mod::python { package { "mod_python": - name => $operatingsystem ? { + name => $::operatingsystem ? { debian => "libapache2-mod-python", ubuntu => "libapache2-mod-python", default => "mod_python", @@ -618,19 +618,19 @@ class apache::mod::python { require => Package["httpd"], } - case $operatingsystem { - debian,ubuntu: { + case $::operatingsystem { + "debian","ubuntu": { apache::debian::a2enmod { "python": require => Package ["libapache2-mod-python"], } } - centos,fedora: { + "centos","redhat","fedora": { apache::configfile { "python.conf": require => Package["mod_python"], } } default: { - fail("Apache module not supported in ${operatingsystem}.") + fail("Apache module not supported in ${::operatingsystem}.") } } @@ -641,13 +641,13 @@ class apache::mod::python { # class apache::mod::rewrite { - case $operatingsystem { - debian,ubuntu: { + case $::operatingsystem { + "debian","ubuntu": { apache::debian::a2enmod { "rewrite": } } - centos,fedora: { } + "centos","redhat","fedora": { } default: { - fail("Apache module not supported in ${operatingsystem}.") + fail("Apache module not supported in ${::operatingsystem}.") } } @@ -659,7 +659,7 @@ class apache::mod::rewrite { class apache::mod::wsgi { package { "mod_wsgi": - name => $operatingsystem ? { + name => $::operatingsystem ? { debian => "libapache2-mod-wsgi", ubuntu => "libapache2-mod-wsgi", default => "mod_wsgi", @@ -668,19 +668,19 @@ class apache::mod::wsgi { require => Package["httpd"], } - case $operatingsystem { - debian,ubuntu: { + case $::operatingsystem { + "debian","ubuntu": { apache::debian::a2enmod { "wsgi": require => Package ["libapache2-mod-wsgi"], } } - centos,fedora: { + "centos","redhat","fedora": { apache::configfile { "wsgi.conf": require => Package["mod_wsgi"], } } default: { - fail("Apache module not supported in ${operatingsystem}.") + fail("Apache module not supported in ${::operatingsystem}.") } } @@ -704,7 +704,7 @@ class apache::webalizer { "/srv/www/webalizer/html", ]: ensure => directory, mode => "0755", - owner => $operatingsystem ? { + owner => $::operatingsystem ? { debian => root, ubuntu => root, default => webalizer, @@ -729,7 +729,7 @@ class apache::webalizer { source => "puppet:///modules/custom/empty", } - case $operatingsystem { + case $::operatingsystem { debian,ubuntu: { file { "/etc/cron.daily/webalizer": ensure => absent, @@ -757,7 +757,7 @@ class apache::webalizer { ensure => present, environment => "MAILTO=root", command => "/usr/local/sbin/www-webalizer.sh", - user => $operatingsystem ? { + user => $::operatingsystem ? { debian => root, ubuntu => root, default => webalizer, @@ -788,7 +788,7 @@ define apache::webalizer::site($site_proto, $site_fqdn) { "/srv/www/webalizer/html/${name}", ]: ensure => directory, mode => "0755", - owner => $operatingsystem ? { + owner => $::operatingsystem ? { debian => root, ubuntu => root, default => webalizer, diff --git a/apache/manifests/redhat.pp b/apache/manifests/redhat.pp index c333903..7ec16f7 100644 --- a/apache/manifests/redhat.pp +++ b/apache/manifests/redhat.pp @@ -158,7 +158,7 @@ class apache::redhat::sslserver { notify => Service["httpsd"], } - case $operatingsystem { + case $::operatingsystem { "fedora": { file { "/lib/systemd/system/httpsd.service": ensure => present, diff --git a/apache/templates/httpd.conf.erb b/apache/templates/httpd.conf.erb index 13bd20e..13ac888 100644 --- a/apache/templates/httpd.conf.erb +++ b/apache/templates/httpd.conf.erb @@ -193,7 +193,7 @@ LoadModule proxy_connect_module modules/mod_proxy_connect.so LoadModule cache_module modules/mod_cache.so LoadModule suexec_module modules/mod_suexec.so LoadModule disk_cache_module modules/mod_disk_cache.so -<% if operatingsystem == 'CentOS' and operatingsystemrelease =~ /^[1-5]\./ -%> +<% if ['CentOS','RedHat'].index(operatingsystem) and operatingsystemrelease =~ /^[1-5]\./ -%> LoadModule file_cache_module modules/mod_file_cache.so LoadModule mem_cache_module modules/mod_mem_cache.so <% end -%> diff --git a/apache/templates/httpsd.conf.erb b/apache/templates/httpsd.conf.erb index e2f0512..1b9c659 100644 --- a/apache/templates/httpsd.conf.erb +++ b/apache/templates/httpsd.conf.erb @@ -193,7 +193,7 @@ LoadModule proxy_connect_module modules/mod_proxy_connect.so LoadModule cache_module modules/mod_cache.so LoadModule suexec_module modules/mod_suexec.so LoadModule disk_cache_module modules/mod_disk_cache.so -<% if operatingsystem == 'CentOS' and operatingsystemrelease =~ /^[1-5]\./ -%> +<% if ['CentOS','RedHat'].index(operatingsystem) and operatingsystemrelease =~ /^[1-5]\./ -%> LoadModule file_cache_module modules/mod_file_cache.so LoadModule mem_cache_module modules/mod_mem_cache.so <% end -%> diff --git a/apache/templates/ssl.conf.erb b/apache/templates/ssl.conf.erb index 9edec97..5e644f4 100644 --- a/apache/templates/ssl.conf.erb +++ b/apache/templates/ssl.conf.erb @@ -3,7 +3,7 @@ LoadModule ssl_module modules/mod_ssl.so Listen 443 -<% if operatingsystem == 'CentOS' or operatingsystem == 'Fedora' -%> +<% if ['CentOS','RedHat'].index(operatingsystem) or operatingsystem == 'Fedora' -%> ## ## SSL Global Context ## diff --git a/apt/manifests/init.pp b/apt/manifests/init.pp index ec9ab18..5e1af06 100644 --- a/apt/manifests/init.pp +++ b/apt/manifests/init.pp @@ -173,8 +173,9 @@ class apt::mirror { file { "/etc/apt/miror.list": ensure => present, - name => $operatingsystem ? { + name => $::operatingsystem ? { centos => "/etc/apt-mirror.list", + redhat => "/etc/apt-mirror.list", default => "/etc/apt/miror.list", }, content => template("apt/mirror.list.erb"), diff --git a/backuppc/manifests/init.pp b/backuppc/manifests/init.pp index 283a2e4..bd4f367 100644 --- a/backuppc/manifests/init.pp +++ b/backuppc/manifests/init.pp @@ -38,7 +38,7 @@ class backuppc::client { backuppc::manualclient { $homename: ensure => present, - operatingsystem => $operatingsystem, + operatingsystem => $::operatingsystem, } include rsync @@ -107,12 +107,25 @@ class backuppc::server { require => Package["BackupPC"], } - if $operatingsystem == "CentOS" and $operatingsystemrelease >= 6 { - if "${selinux}" == "true" { - selinux::manage_fcontext { "/etc/BackupPC(/.*)?": - type => "httpd_sys_rw_content_t", + case $::operatingsystem { + "centos","redhat": { + case $::operatingsystemrelease { + /^[1-5]/: { + $backuppc_seltype = "httpd_sys_script_rw_t" + } + default: { + $backuppc_seltype = "httpd_sys_rw_content_t" + if $::selinux == "true" { + selinux::manage_fcontext { "/etc/BackupPC(/.*)?": + type => $backuppc_seltype, + } + } + } } } + default: { + $backuppc_seltype = "httpd_sys_rw_content_t" + } } file { "/etc/BackupPC/apache.users": @@ -120,13 +133,7 @@ class backuppc::server { mode => "0640", owner => "root", group => $apache::sslserver::group, - seltype => $operatingsystem ? { - "centos" => $operatingsystemrelease ? { - /^5/ => "httpd_sys_script_rw_t", - default => "httpd_sys_rw_content_t", - }, - default => "httpd_sys_rw_content_t", - }, + seltype => $backuppc_seltype, require => Package["BackupPC"], } @@ -136,13 +143,7 @@ class backuppc::server { mode => "0440", owner => "backuppc", group => "backuppc", - seltype => $operatingsystem ? { - "centos" => $operatingsystemrelease ? { - /^5/ => "httpd_sys_script_rw_t", - default => "httpd_sys_rw_content_t", - }, - default => "httpd_sys_rw_content_t", - }, + seltype => $backuppc_seltype, require => Package["BackupPC"], notify => Service["backuppc"], } @@ -154,13 +155,7 @@ class backuppc::server { mode => "0644", owner => "root", group => "backuppc", - seltype => $operatingsystem ? { - "centos" => $operatingsystemrelease ? { - /^5/ => "httpd_sys_script_rw_t", - default => "httpd_sys_rw_content_t", - }, - default => "httpd_sys_rw_content_t", - }, + seltype => $backuppc_seltype, require => Package["BackupPC"], notify => Exec["generate-backuppc-hosts"], } @@ -173,13 +168,7 @@ class backuppc::server { mode => "0640", owner => "root", group => "backuppc", - seltype => $operatingsystem ? { - "centos" => $operatingsystemrelease ? { - /^5/ => "httpd_sys_script_rw_t", - default => "httpd_sys_rw_content_t", - }, - default => "httpd_sys_rw_content_t", - }, + seltype => $backuppc_seltype, source => "puppet:///modules/custom/empty", require => Package["BackupPC"], notify => Exec["generate-backuppc-hosts"], @@ -194,13 +183,7 @@ class backuppc::server { } File <<| tag == "backuppc" |>> { - seltype => $operatingsystem ? { - "centos" => $operatingsystemrelease ? { - /^5/ => "httpd_sys_script_rw_t", - default => "httpd_sys_rw_content_t", - }, - default => "httpd_sys_rw_content_t", - }, + seltype => $backuppc_seltype, } service { "backuppc": diff --git a/cairo/manifests/init.pp b/cairo/manifests/init.pp index 4fbf854..a8f96a2 100644 --- a/cairo/manifests/init.pp +++ b/cairo/manifests/init.pp @@ -3,7 +3,7 @@ class cairo { package { "cairo": - name => $operatingsystem ? { + name => $::operatingsystem ? { debian => "libcairo2", ubuntu => "libcairo2", default => "cairo", @@ -19,7 +19,7 @@ class cairo { class cairo::python inherits cairo { package { "pycairo": - name => $operatingsystem ? { + name => $::operatingsystem ? { debian => "python-cairo", ubuntu => "python-cairo", default => "pycairo", diff --git a/cups/manifests/init.pp b/cups/manifests/init.pp index 7d1b66b..7cdd606 100644 --- a/cups/manifests/init.pp +++ b/cups/manifests/init.pp @@ -12,17 +12,17 @@ class cups::client { content => template("cups/client.conf.erb"), mode => "0644", owner => root, - group => $operatingsystem ? { + group => $::operatingsystem ? { openbsd => wheel, default => lp, }, require => Package["cups"], } - case $operatingsystem { + case $::operatingsystem { openbsd: { exec { "cups-enable": - command => $operatingsystemrelease ? { + command => $::operatingsystemrelease ? { /4\.[1-8]/ => "echo y | cups-enable", default => "sh -c '. /etc/rc.d/cupsd check ; rc_pre'", }, diff --git a/custom/manifests/init.pp b/custom/manifests/init.pp index 3124de1..d95ec8c 100644 --- a/custom/manifests/init.pp +++ b/custom/manifests/init.pp @@ -5,7 +5,7 @@ class custom { ensure => directory, mode => "0755", owner => root, - group => $operatingsystem ? { + group => $::operatingsystem ? { OpenBSD => wheel, default => root, }, @@ -121,7 +121,7 @@ class custom::rootpassword { fail("Root password hash not defined.") } - case $operatingsystem { + case $::operatingsystem { openbsd: { exec { "usermod -p \${SECRET} root": environment => "SECRET=${root_password}", diff --git a/dhcp/manifests/init.pp b/dhcp/manifests/init.pp index 1e65604..bee5cc8 100644 --- a/dhcp/manifests/init.pp +++ b/dhcp/manifests/init.pp @@ -4,7 +4,7 @@ class dhcp::server::common { case $::operatingsystem { - "centos": { + "centos","redhat": { case $::operatingsystemrelease { /[45]\.[0-9]/: { $confdir = "/etc" @@ -26,7 +26,7 @@ class dhcp::server::common { } package { "dhcp": - name => $operatingsystem ? { + name => $::operatingsystem ? { Debian => "dhcp3-server", OpenBSD => "isc-dhcp-server", Ubuntu => "dhcp3-server", @@ -36,19 +36,19 @@ class dhcp::server::common { } file { "dhcpd.leases": - name => $operatingsystem ? { + name => $::operatingsystem ? { Debian => "/var/lib/dhcp3/dhcpd.leases", OpenBSD => "/var/db/dhcpd.leases", Ubuntu => "/var/lib/dhcp3/dhcpd.leases", default => "/var/lib/dhcpd/dhcpd.leases", }, ensure => present, - owner => $operatingsystem ? { + owner => $::operatingsystem ? { debian => dhcpd, ubuntu => dhcpd, default => root, }, - group => $operatingsystem ? { + group => $::operatingsystem ? { Debian => dhcpd, OpenBSD => wheel, Ubuntu => dhcpd, @@ -58,7 +58,7 @@ class dhcp::server::common { before => Service["dhcpd"], } - if $operatingsystem == "OpenBSD" and $operatingsystemrelease !~ /4\.[1-8]/ { + if $::operatingsystem == "OpenBSD" and $::operatingsystemrelease !~ /4\.[1-8]/ { file { "/etc/rc.d/isc_dhcpd": ensure => present, mode => "0555", @@ -70,9 +70,9 @@ class dhcp::server::common { } service { "dhcpd": - name => $operatingsystem ? { + name => $::operatingsystem ? { Debian => "dhcp3-server", - OpenBSD => $operatingsystemrelease ? { + OpenBSD => $::operatingsystemrelease ? { /4\.[1-8]/ => "isc-dhcpd", default => "isc_dhcpd", }, @@ -81,7 +81,7 @@ class dhcp::server::common { }, ensure => running, enable => true, - binary => $operatingsystem ? { + binary => $::operatingsystem ? { OpenBSD => "/usr/local/sbin/dhcpd", default => undef, }, @@ -97,7 +97,7 @@ class dhcp::server::common { if $dhcp_server_interface { case $::operatingsystem { - "fedora","centos": { + "fedora","centos","redhat": { file { "/etc/sysconfig/dhcpd": ensure => present, content => "DHCPDARGS=${dhcp_server_interface}\n", @@ -133,7 +133,7 @@ class dhcp::server inherits dhcp::server::common { "puppet:///files/dhcp/dhcpd.conf", ], mode => "0644", owner => root, - group => $operatingsystem ? { + group => $::operatingsystem ? { openbsd => wheel, default => root, }, @@ -160,7 +160,7 @@ class dhcp::server::ldap inherits dhcp::server::common { source => "puppet:///modules/dhcp/dhcpdump.py", mode => "0755", owner => root, - group => $operatingsystem ? { + group => $::operatingsystem ? { OpenBSD => wheel, default => root, }, @@ -173,7 +173,7 @@ class dhcp::server::ldap inherits dhcp::server::common { "puppet:///files/dhcp/dhcpd.conf.in", ], mode => "0644", owner => root, - group => $operatingsystem ? { + group => $::operatingsystem ? { OpenBSD => wheel, default => root, }, @@ -219,7 +219,7 @@ define dhcp::relay ($interface, $server_addr) { hasrestart => false, hasstatus => false, pattern => "/usr/sbin/dhcrelay -i ${interface} ${server_addr}", - start => $operatingsystem ? { + start => $::operatingsystem ? { OpenBSD => "/usr/sbin/dhcrelay -i ${interface} ${server_addr}", default => undef, } diff --git a/dns/manifests/init.pp b/dns/manifests/init.pp index ca9aa61..fda2a08 100644 --- a/dns/manifests/init.pp +++ b/dns/manifests/init.pp @@ -2,26 +2,42 @@ # class dns::server { - if $operatingsystem != "OpenBSD" { - package { "bind": - name => $operatingsystem ? { - "ubuntu" => "bind9", - "centos" => $operatingsystemrelease ? { - /^5\..*/ => [ "bind-chroot", "caching-nameserver", ], - default => "bind-chroot", - }, - default => "bind-chroot", + case $::operatingsystem { + "centos","redhat": { + case $::operatingsystemrelease { + /^[1-5]/: { + $bind_package = [ "bind-chroot", "caching-nameserver" ] + } + default: { + $bind_package = "bind-chroot" + } } } + "debian","ubuntu": { + $bind_package = "bind9" + } + "openbsd": { + $bind_package = undef + } + default: { + $bind_package = "bind-chroot" + } + } + + if $bind_package { + package { "bind": + ensure => installed, + name => $bind_package, + } } # first set per os paths - case $operatingsystem { + case $::operatingsystem { "fedora": { $confdir = "/etc/named" } - "centos": { - case $operatingsystemrelease { + "centos","redhat": { + case $::operatingsystemrelease { /^5\..*/: { $chroot = "/var/named/chroot" } @@ -53,7 +69,7 @@ class dns::server { $chroot = "" } - case $operatingsystem { + case $::operatingsystem { "ubuntu": { $group = "bind" } @@ -67,7 +83,7 @@ class dns::server { mode => "0640", owner => "root", group => $group, - require => $operatingsystem ? { + require => $::operatingsystem ? { "openbsd" => undef, default => Package["bind"], }, @@ -92,18 +108,18 @@ class dns::server { } service { "named": - name => $operatingsystem ? { + name => $::operatingsystem ? { "ubuntu" => "bind9", default => "named", }, ensure => running, enable => true, status => "/usr/sbin/rndc status", - stop => $operatingsystem ? { + stop => $::operatingsystem ? { "openbsd" => "pkill -u named", default => undef, }, - start => $operatingsystem ? { + start => $::operatingsystem ? { "openbsd" => "/usr/sbin/named", default => undef, }, @@ -116,7 +132,7 @@ class dns::server { mode => "0640", owner => "root", group => $group, - require => $operatingsystem ? { + require => $::operatingsystem ? { "openbsd" => undef, default => Package["bind"], }, @@ -127,7 +143,7 @@ class dns::server { content => template("dns/generate-named-conf.sh.erb"), mode => "0755", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { "openbsd" => "wheel", default => "root", }, @@ -150,7 +166,7 @@ class dns::server { mode => "0640", owner => "root", group => $group, - require => $operatingsystem ? { + require => $::operatingsystem ? { "openbsd" => undef, default => Package["bind"], }, @@ -165,7 +181,7 @@ class dns::server { mode => "0640", owner => "root", group => $group, - require => $operatingsystem ? { + require => $::operatingsystem ? { "openbsd" => undef, default => Package["bind"], }, @@ -189,7 +205,7 @@ class dns::server::ldap inherits dns::server { source => "puppet:///modules/dns/dnsdump.py", mode => 0755, owner => root, - group => $operatingsystem ? { + group => $::operatingsystem ? { OpenBSD => wheel, default => root, }, @@ -250,11 +266,11 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [], case $role { "master": { - case $operatingsystem { + case $::operatingsystem { "openbsd": { $zonedir = "/master/${view}" } - "fedora","centos": { + "fedora","centos","redhat": { $zonedir = "/var/named/${view}" } "ubuntu": { @@ -266,11 +282,11 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [], if $key == "none" { fail("No key defined for dns::zone '${name}'") } - case $operatingsystem { + case $::operatingsystem { "openbsd": { $zonedir = "/dynamic/${view}" } - "fedora","centos": { + "fedora","centos","redhat": { $zonedir = "/var/named/dynamic/${view}" } "ubuntu": { @@ -282,11 +298,11 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [], if $master == "" { fail("No master defined for dns::zone '${name}'") } - case $operatingsystem { + case $::operatingsystem { "openbsd": { $zonedir = "/slave/${view}" } - "fedora","centos": { + "fedora","centos","redhat": { $zonedir = "/var/named/slaves/${view}" } "ubuntu": { @@ -341,7 +357,7 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [], mode => "0640", owner => "root", group => $dns::server::group, - require => $operatingsystem ? { + require => $::operatingsystem ? { "openbsd" => undef, default => Package["bind"], }, @@ -356,7 +372,7 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [], mode => "0640", owner => "root", group => $dns::server::group, - require => $operatingsystem ? { + require => $::operatingsystem ? { "openbsd" => undef, default => Package["bind"], }, @@ -369,7 +385,7 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [], mode => "0640", owner => "root", group => $dns::server::group, - require => $operatingsystem ? { + require => $::operatingsystem ? { "openbsd" => undef, default => Package["bind"], }, @@ -384,7 +400,7 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [], mode => "0640", owner => "root", group => $dns::server::group, - require => $operatingsystem ? { + require => $::operatingsystem ? { "openbsd" => undef, default => Package["bind"], }, @@ -399,7 +415,7 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [], mode => "0640", owner => "root", group => $dns::server::group, - require => $operatingsystem ? { + require => $::operatingsystem ? { "openbsd" => undef, default => Package["bind"], }, @@ -438,7 +454,7 @@ class dns::nsupdate { content => template("dns/nsupdate.sh.erb"), mode => "0700", owner => root, - group => $operatingsystem ? { + group => $::operatingsystem ? { openbsd => wheel, default => root, }, diff --git a/dovecot/manifests/init.pp b/dovecot/manifests/init.pp index fa1f369..ac45904 100644 --- a/dovecot/manifests/init.pp +++ b/dovecot/manifests/init.pp @@ -3,14 +3,14 @@ import "dovecot2.pp" # Dovecot v2.x class dovecot::common { - case $operatingsystem { - centos,fedora: { + case $::operatingsystem { + "centos","redhat","fedora": { package { ["dovecot"]: ensure => installed, } } default: { - fail("Dovecot module not supported in ${operatingsystem}.") + fail("Dovecot module not supported in ${::operatingsystem}.") } } } @@ -37,8 +37,8 @@ class dovecot::server inherits dovecot::common { $dovecot_mailbox_format = "mbox" } - case $operatingsystem { - centos,fedora: { + case $::operatingsystem { + "centos","redhat","fedora": { $dovecot_ssl_dir = "/etc/pki/tls" case $operatingsystemrelease { @@ -51,7 +51,7 @@ class dovecot::server inherits dovecot::common { } } default: { - fail("Dovecot module not supported in ${operatingsystem}.") + fail("Dovecot module not supported in ${::operatingsystem}.") } } diff --git a/ejabberd/manifests/init.pp b/ejabberd/manifests/init.pp index 7df3d82..f9d0642 100644 --- a/ejabberd/manifests/init.pp +++ b/ejabberd/manifests/init.pp @@ -69,11 +69,11 @@ class ejabberd { status => "ejabberdctl status >/dev/null", } - case $operatingsystem { - "debian", "ubuntu": { + case $::operatingsystem { + "debian","ubuntu": { $cert_prefix = "/etc/ssl" } - "centos", "fedora": { + "centos","redhat","fedora": { $cert_prefix = "/etc/pki/tls" } } @@ -137,7 +137,7 @@ class ejabberd { notify => Service["ejabberd"], } - case $operatingsystem { + case $::operatingsystem { "debian", "ubuntu": { augeas { "set-ejabberd-default": context => "/files/etc/default/ejabberd", @@ -206,14 +206,14 @@ class ejabberd::collab inherits ejabberd { require => [ User["ejabberd"], Group["collab"] ], } - case $operatingsystem { - "centos", "fedora": { + case $::operatingsystem { + "centos","redhat","fedora": { package { ["erlang", "erlang-esasl"]: ensure => installed, before => Package["ejabberd"], } } - "debian", "ubuntu": { + "debian","ubuntu": { package { ["erlang", "erlang-base"]: ensure => installed, before => Package["ejabberd"], @@ -229,8 +229,9 @@ class ejabberd::collab inherits ejabberd { before => Package["ejabberd"], } Package["ejabberd"] { - provider => $operatingsystem ? { + provider => $::operatingsystem ? { "centos" => "rpm", + "redhat" => "rpm", "fedora" => "rpm", "debian" => "dpkg", "ubuntu" => "dpkg", diff --git a/firewall/manifests/init.pp b/firewall/manifests/init.pp index 866465d..367e1f1 100644 --- a/firewall/manifests/init.pp +++ b/firewall/manifests/init.pp @@ -30,19 +30,16 @@ class firewall { if ! $firewall_rules { $firewall_rules = [] } - if ! $firewall_modules { - $firewall_modules = [] - } - case $operatingsystem { - centos,debian,fedora,ubuntu: { + case $::operatingsystem { + "centos","redhat","debian","fedora","ubuntu": { include firewall::iptables } - openbsd: { + "openbsd": { include firewall::pf } default: { - fail("Firewall module not supported in ${operatingsystem}") + fail("Firewall module not supported in ${::operatingsystem}") } } @@ -61,15 +58,15 @@ class firewall { # class firewall::custom { - case $operatingsystem { - centos,debian,fedora,ubuntu: { + case $::operatingsystem { + "centos","redhat","debian","fedora","ubuntu": { include firewall::custom::iptables } openbsd: { include firewall::custom::pf } default: { - fail("Firewall module not supported in ${operatingsystem}") + fail("Firewall module not supported in ${::operatingsystem}") } } @@ -81,10 +78,11 @@ class firewall::custom { class firewall::common::iptables { package { "iptables": - name => $operatingsystem ? { + name => $::operatingsystem ? { centos => [ "iptables", "iptables-ipv6" ], + redhat => [ "iptables", "iptables-ipv6" ], debian => [ "iptables", "iptables-persistent" ], - fedora => $operatingsystemrelease ? { + fedora => $::operatingsystemrelease ? { /^1[0-5]/ => [ "iptables", "iptables-ipv6" ], default => "iptables", }, @@ -93,7 +91,7 @@ class firewall::common::iptables { } file { "/etc/sysconfig/iptables": - name => $operatingsystem ? { + name => $::operatingsystem ? { debian => "/etc/iptables/rules", ubuntu => "/etc/iptables/rules", default => "/etc/sysconfig/iptables", @@ -106,8 +104,8 @@ class firewall::common::iptables { notify => Service["iptables"], } - case $operatingsystem { - centos,fedora: { + case $::operatingsystem { + "centos","redhat","fedora": { $ip6states = versioncmp($kernelversion, "2.6.20") file { "/etc/sysconfig/ip6tables": ensure => present, @@ -125,10 +123,10 @@ class firewall::common::iptables { require => Package["iptables"], } if $firewall_modules { - $firewall_modules_str = inline_template('\'"<%= @firewall_modules.join(" ") -%>"\'') + $firewall_modules_str = inline_template('<%= @firewall_modules.join(" ") -%>') augeas { "iptables-config": context => "/files/etc/sysconfig/iptables-config", - changes => [ "set IPTABLES_MODULES ${firewall_modules_str}" ], + changes => [ "set IPTABLES_MODULES '${firewall_modules_str}'" ], notify => Service["iptables"], } } @@ -136,15 +134,16 @@ class firewall::common::iptables { } service { "iptables": - name => $operatingsystem ? { + name => $::operatingsystem ? { debian => "iptables-persistent", ubuntu => "iptables-persistent", default => "iptables", }, ensure => running, enable => true, - hasrestart => $operatingsystem ? { + hasrestart => $::operatingsystem ? { centos => true, + redhat => true, debian => false, fedora => true, ubuntu => false, @@ -164,8 +163,8 @@ class firewall::iptables inherits firewall::common::iptables { content => template("firewall/iptables.erb"), } - case $operatingsystem { - centos,fedora: { + case $::operatingsystem { + "centos","redhat","fedora": { File["/etc/sysconfig/ip6tables"] { content => template("firewall/ip6tables.erb"), } diff --git a/git/manifests/init.pp b/git/manifests/init.pp index 13b6910..afa5e93 100644 --- a/git/manifests/init.pp +++ b/git/manifests/init.pp @@ -4,7 +4,7 @@ class git::client { package { "git": - name => $operatingsystem ? { + name => $::operatingsystem ? { "ubuntu" => "git-core", default => "git", }, @@ -79,8 +79,8 @@ class git::daemon inherits git::server { Package["git-daemon"] ], } - case $operatingsystem { - "centos","fedora": { + case $::operatingsystem { + "centos","redhat","fedora": { file { "/var/lib/git": ensure => link, force => true, diff --git a/gnu/manifests/init.pp b/gnu/manifests/init.pp index 2174f80..541297a 100644 --- a/gnu/manifests/init.pp +++ b/gnu/manifests/init.pp @@ -4,7 +4,7 @@ class gnu::make { package { "make": ensure => installed, - name => $operatingsystem ? { + name => $::operatingsystem ? { "openbsd" => "gmake", default => "make", }, @@ -19,7 +19,7 @@ class gnu::tar { package { "tar": ensure => installed, - name => $operatingsystem ? { + name => $::operatingsystem ? { "openbsd" => "gtar", default => "tar", }, diff --git a/google/manifests/init.pp b/google/manifests/init.pp index 7744d5f..81cd9e1 100644 --- a/google/manifests/init.pp +++ b/google/manifests/init.pp @@ -2,12 +2,12 @@ # class google::common { - case $operatingsystem { - "centos","fedora": { + case $::operatingsystem { + "centos","redhat","fedora": { include yum::repo::google } default: { - fail("Google products via puppet not supported on ${operatingsystem}") + fail("Google products via puppet not supported on ${::operatingsystem}") } } diff --git a/graphviz/manifests/init.pp b/graphviz/manifests/init.pp index cc4ce48..462f916 100644 --- a/graphviz/manifests/init.pp +++ b/graphviz/manifests/init.pp @@ -13,7 +13,7 @@ class graphviz { class graphviz::python inherits graphviz { package { "graphviz-python": - name => $operatingsystem ? { + name => $::operatingsystem ? { debian => "libgv-python", ubuntu => "libgv-python", default => "graphviz-python", diff --git a/ia32libs/manifests/init.pp b/ia32libs/manifests/init.pp index d639728..40d9c5c 100644 --- a/ia32libs/manifests/init.pp +++ b/ia32libs/manifests/init.pp @@ -3,7 +3,7 @@ class ia32libs { if $architecture == "x86_64" { - case $operatingsystem { + case $::operatingsystem { ubuntu: { package { "ia32-libs": ensure => installed, diff --git a/igraph/manifests/init.pp b/igraph/manifests/init.pp index 6775382..f30a508 100644 --- a/igraph/manifests/init.pp +++ b/igraph/manifests/init.pp @@ -2,7 +2,7 @@ # class igraph::python { - case $operatingsystem { + case $::operatingsystem { ubuntu: { package { "python-igraph": ensure => installed, diff --git a/inetd/manifests/init.pp b/inetd/manifests/init.pp index 45e57c5..24fe6d2 100644 --- a/inetd/manifests/init.pp +++ b/inetd/manifests/init.pp @@ -6,7 +6,7 @@ class inetd::server { case $::operatingsystem { - "centos","fedora","ubuntu","debian": { + "centos","redhat","fedora","ubuntu","debian": { include inetd::server::xinetd } "openbsd": { @@ -77,7 +77,7 @@ define inetd::service($ensure = present) { include inetd::server case $::operatingsystem { - "centos","ubuntu","debian": { + "centos","redhat","ubuntu","debian": { service { $name: enable => $ensure ? { present => true, diff --git a/kerberos/manifests/init.pp b/kerberos/manifests/init.pp index f1ca309..eb876a1 100644 --- a/kerberos/manifests/init.pp +++ b/kerberos/manifests/init.pp @@ -19,7 +19,7 @@ class kerberos::client { case $::operatingsystem { - "centos","fedora": { + "centos","redhat","fedora": { package { "krb5-workstation": ensure => installed, } @@ -71,7 +71,7 @@ class kerberos::auth { $kdclist = inline_template('<%= kerberos_kdc.join(" ") -%>') case $::operatingsystem { - "centos","fedora": { + "centos","redhat","fedora": { package { "pam_krb5": ensure => installed, } diff --git a/ldap/manifests/init.pp b/ldap/manifests/init.pp index eb7610f..814fbe0 100644 --- a/ldap/manifests/init.pp +++ b/ldap/manifests/init.pp @@ -18,9 +18,9 @@ class ldap::auth inherits ldap::client { $ldap_uri = inline_template('<%= ldap_server.join(" ") -%>') - case $operatingsystem { - CentOS: { - case $operatingsystemrelease { + case $::operatingsystem { + "centos","redhat": { + case $::operatingsystemrelease { /^6/: { package { "nss-pam-ldapd": ensure => installed, @@ -220,7 +220,7 @@ class ldap::auth inherits ldap::client { } } default: { - fail("ldap::auth not supported on ${operatingsystem}") + fail("ldap::auth not supported on ${::operatingsystem}") } } @@ -239,13 +239,13 @@ class ldap::auth inherits ldap::client { class ldap::client { package { "openldap-client": - name => $operatingsystem ? { + name => $::operatingsystem ? { "debian" => "ldap-utils", "ubuntu" => "ldap-utils", "openbsd" => "openldap-client", default => "openldap-clients", }, - ensure => $operatingsystem ? { + ensure => $::operatingsystem ? { darwin => absent, default => installed, }, @@ -254,14 +254,14 @@ class ldap::client { file { "/etc/openldap/ldap.conf": ensure => present, content => template("ldap/ldap.conf.erb"), - path => $operatingsystem ? { + path => $::operatingsystem ? { "debian" => "/etc/ldap/ldap.conf", "ubuntu" => "/etc/ldap/ldap.conf", default => "/etc/openldap/ldap.conf", }, mode => "0644", owner => root, - group => $operatingsystem ? { + group => $::operatingsystem ? { "darwin" => wheel, "openbsd" => wheel, default => root, @@ -277,7 +277,7 @@ class ldap::client { class ldap::client::python { package { "python-ldap": - name => $operatingsystem ? { + name => $::operatingsystem ? { openbsd => "py-ldap", default => "python-ldap", }, @@ -304,7 +304,7 @@ class ldap::client::python { # class ldap::client::ruby { - case $operatingsystem { + case $::operatingsystem { "ubuntu","debian": { $pkgname = regsubst($rubyversion, '^([0-9]+\.[0-9]+)\..*', 'libldap-ruby\1') } @@ -349,7 +349,7 @@ class ldap::server { $ldap_server_cert = "${puppet_ssldir}/certs/${homename}.pem" } - case $operatingsystem { + case $::operatingsystem { "debian","ubuntu": { $user = "openldap" $group = "openldap" @@ -369,14 +369,14 @@ class ldap::server { default => "/usr/lib/openldap", } } - "centos": { + "centos","redhat": { $user = "ldap" $group = "ldap" - $package_name = $operatingsystemrelease ? { + $package_name = $::operatingsystemrelease ? { /^5/ => [ "openldap-servers", "openldap-servers-overlays" ], /^6/ => "openldap-servers", } - $service_name = $operatingsystemrelease ? { + $service_name = $::operatingsystemrelease ? { /^5/ => "ldap", /^6/ => "slapd", } @@ -406,7 +406,7 @@ class ldap::server { source => $ldap_server_cert, mode => "0644", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { "openbsd" => "wheel", default => "root", }, @@ -446,7 +446,7 @@ class ldap::server { notify => Exec["generate-slapd-database-config"], } - if $operatingsystem == "CentOS" and $operatinsystemrelease !~ /^5\./ { + if $::operatingsystem in ["CentOS","RedHat"] and $operatinsystemrelease !~ /^5\./ { file { "/etc/sysconfig/ldap": ensure => present, source => "puppet:///modules/ldap/ldap.sysconfig", @@ -460,7 +460,7 @@ class ldap::server { service { "slapd": name => $service_name, - start => $operatingsystem ? { + start => $::operatingsystem ? { "openbsd" => "/usr/local/libexec/slapd -u _openldap -h ldap:///\\ ldaps:///\\ ldapi:///", default => undef, }, @@ -513,7 +513,7 @@ class ldap::server { source => "puppet:///modules/custom/empty", mode => "0644", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { "openbsd" => "wheel", default => "root", }, @@ -641,7 +641,7 @@ define ldap::server::database($aclsource = "", $master = "", $syncpw = "", $modu "puppet:///modules/ldap/DB_CONFIG", ], mode => "0644", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { "openbsd" => "wheel", default => "root", }, @@ -678,7 +678,7 @@ define ldap::server::schema($idx = 50) { "puppet:///modules/ldap/${name}.schema", ], mode => "0644", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { "openbsd" => "wheel", default => "root", }, diff --git a/libvirt/manifests/init.pp b/libvirt/manifests/init.pp index c7407b3..8c83869 100644 --- a/libvirt/manifests/init.pp +++ b/libvirt/manifests/init.pp @@ -13,15 +13,15 @@ class libvirt::client { require => [ User["qemu"], Group["qemu"], ], } - case $operatingsystem { - centos,fedora: { + case $::operatingsystem { + "centos","redhat","fedora": { package { [ "libvirt", "virt-manager", "virt-viewer", ]: ensure => installed, require => File["/var/lib/qemu"], } } default: { - fail("Not supported on ${operatingsystem}.") + fail("Not supported on ${::operatingsystem}.") } } @@ -62,10 +62,10 @@ class libvirt::kvm inherits libvirt::client { $libvirt_parallel_shutdown = 0 } - case $operatingsystem { - centos,fedora: { - case $operatingsystemrelease { - /5\..*/: { + case $::operatingsystem { + "centos","redhat": { + case $::operatingsystemrelease { + /^5\./: { package { ["kvm", "kmod-kvm"]: ensure => installed, before => Service["libvirtd"], @@ -92,6 +92,16 @@ class libvirt::kvm inherits libvirt::client { require => Package["libvirt"], } } + "fedora": { + package { "qemu-kvm": + ensure => installed, + before => Service["libvirtd"], + require => [ User["qemu"], Group["qemu"] ], + } + package { "ruby-libvirt": + ensure => installed, + } + } default: { fail("Operating system not supported") } diff --git a/lynx/manifests/init.pp b/lynx/manifests/init.pp index 3f7d5a2..f0b8fb2 100644 --- a/lynx/manifests/init.pp +++ b/lynx/manifests/init.pp @@ -12,9 +12,9 @@ class lynx { $www_default_url = "http://www.${domain}" } - if $operatingsystem != "OpenBSD" { + if $::operatingsystem != "OpenBSD" { package { "lynx": - name => $operatingsystem ? { + name => $::operatingsystem ? { "ubuntu" => "lynx-cur", default => "lynx", }, @@ -22,7 +22,7 @@ class lynx { } } - if $operatingsystem == "OpenBSD" { + if $::operatingsystem == "OpenBSD" { exec { "add-local-lynx-config": command => "echo 'INCLUDE:/etc/lynx-site.cfg' >> /etc/lynx.cfg", path => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin", @@ -32,7 +32,7 @@ class lynx { } file { "lynx-site.cfg": - name => $operatingsystem ? { + name => $::operatingsystem ? { "ubuntu" => "/etc/lynx-cur/local.cfg", default => "/etc/lynx-site.cfg", }, @@ -40,11 +40,11 @@ class lynx { content => template("lynx/lynx-site.cfg.erb"), mode => 0644, owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { "openbsd" => "wheel", default => "root", }, - require => $operatingsystem ? { + require => $::operatingsystem ? { "openbsd" => undef, default => Package["lynx"], }, diff --git a/mongrel/manifests/init.pp b/mongrel/manifests/init.pp index f65dfc4..dbfecfd 100644 --- a/mongrel/manifests/init.pp +++ b/mongrel/manifests/init.pp @@ -1,29 +1,40 @@ - # Install Ruby Mongrel packages. # class mongrel { require ruby::rubygems + case $::operatingsystem { + "centos","redhat": { + case $::operatingsystemrelease { + /^[1-5]/: { + $mongrel_package = "rubygem-mongrel" + $mongrel_provider = undef + } + default: { + $mongrel_package = "mongrel" + $mongrel_provider = "gem" + } + } + } + "debian","ubuntu": { + $mongrel_package = "mongrel" + $mongrel_provider = undef + } + "openbsd": { + $mongrel_package = "ruby-mongrel" + $mongrel_provider = undef + } + default: { + $mongrel_package = "rubygem-mongrel" + $mongrel_provider = undef + } + } + package { "mongrel": ensure => installed, - name => $::operatingsystem ? { - openbsd => "ruby-mongrel", - debian => "mongrel", - ubuntu => "mongrel", - centos => $::operatingsystemrelease ? { - /^[1-5]/ => "rubygem-mongrel", - default => "mongrel", - }, - default => "rubygem-mongrel", - }, - provider => $::operatingsystem ? { - centos => $::operatingsystemrelease ? { - /^[1-5]/ => undef, - default => "gem", - }, - default => undef, - }, + name => $mongrel_package, + provider => $mongrel_provider, } } diff --git a/munin/manifests/init.pp b/munin/manifests/init.pp index 2fff011..84523ba 100644 --- a/munin/manifests/init.pp +++ b/munin/manifests/init.pp @@ -8,8 +8,8 @@ class munin::node { } service { "munin-node": - name => $operatingsystem ? { - OpenBSD => $operatingsystemrelease ? { + name => $::operatingsystem ? { + OpenBSD => $::operatingsystemrelease ? { /4\.[1-8]/ => "munin-node", default => "munin_node", }, @@ -18,14 +18,14 @@ class munin::node { ensure => running, enable => true, require => Package["munin-node"], - start => $operatingsystem ? { - OpenBSD => $operatingsystemrelease ? { + start => $::operatingsystem ? { + OpenBSD => $::operatingsystemrelease ? { /4\.[1-8]/ => "/usr/bin/install -d -o _munin /var/run/munin; /usr/local/sbin/munin-node", default => undef, }, default => undef, }, - stop => $operatingsystem ? { + stop => $::operatingsystem ? { OpenBSD => "/usr/bin/pkill -f /usr/local/sbin/munin-node", default => undef, }, @@ -35,7 +35,7 @@ class munin::node { ensure => present, content => template("munin/munin-node.conf.erb"), owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { OpenBSD => "wheel", default => "root", }, @@ -95,7 +95,7 @@ define munin::snmpnode($snmp_community="public", $snmp_version="2") { ensure => present, content => "[snmp_${name}_*]\nenv.community ${snmp_community}\nenv.version ${snmp_version}\n", owner => root, - group => $operatingsystem ? { + group => $::operatingsystem ? { OpenBSD => wheel, default => root, }, @@ -129,7 +129,7 @@ define munin::snmpnode($snmp_community="public", $snmp_version="2") { # define munin::plugin($config = "") { - case $operatingsystem { + case $::operatingsystem { OpenBSD: { file { "/usr/local/libexec/munin/plugins/${name}": ensure => present, @@ -159,20 +159,20 @@ define munin::plugin($config = "") { "puppet:///files/munin/plugin-conf/${config}", "puppet:///modules/munin/plugin-conf/${config}", ], owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { OpenBSD => wheel, default => root, }, mode => "0644", notify => Service["munin-node"], - require => $operatingsystem ? { + require => $::operatingsystem ? { OpenBSD => File["/usr/local/libexec/munin/plugins/${name}"], default => File["/usr/share/munin/plugins/${name}"], }, } } - case $operatingsystem { + case $::operatingsystem { OpenBSD: { exec { "munin-enable-${name}": command => "ln -s /usr/local/libexec/munin/plugins/${name} /etc/munin/plugins/${name}", diff --git a/mutt/manifests/init.pp b/mutt/manifests/init.pp index 6e9cf26..8fe08a1 100644 --- a/mutt/manifests/init.pp +++ b/mutt/manifests/init.pp @@ -12,7 +12,7 @@ class mutt { $mail_domain = $domain } - case $operatingsystem { + case $::operatingsystem { openbsd: { $muttconfdir = "/etc/mutt/Muttrc" } default: { $muttconfdir = "/etc" } } @@ -31,7 +31,7 @@ class mutt { content => template("mutt/Muttrc.local.erb"), mode => "0644", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { openbsd => "wheel", default => "root", }, diff --git a/mutt/templates/Muttrc.local.erb b/mutt/templates/Muttrc.local.erb index 6b70c35..aa8210e 100644 --- a/mutt/templates/Muttrc.local.erb +++ b/mutt/templates/Muttrc.local.erb @@ -4,7 +4,7 @@ set use_8bitmime set hostname=<%= mail_domain %> set imap_authenticators="gssapi:plain" -<% if operatingsystem = "CentOS" and operatingsystemrelease =~ /^6\./-%> +<% if ['CentOS','RedHat'].index(operatingsystem) and operatingsystemrelease =~ /^6\./-%> set ssl_ca_certificates_file="/etc/pki/tls/certs/ca-bundle.crt" <% end -%> diff --git a/mysql/manifests/init.pp b/mysql/manifests/init.pp index 683917c..d35a6e9 100644 --- a/mysql/manifests/init.pp +++ b/mysql/manifests/init.pp @@ -66,7 +66,7 @@ class mysql::server { } service { "mysqld": - name => $operatingsystem ? { + name => $::operatingsystem ? { "ubuntu" => "mysql", "debian" => "mysql", default => "mysqld", @@ -113,7 +113,7 @@ class mysql::server { content => "[client]\nuser=\"root\"\npassword=\"${mysql_root_password}\"\n", mode => "0600", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { "openbsd" => "wheel", default => "root", }, diff --git a/nagios/files/commands.cfg b/nagios/files/commands.cfg index 1bccc61..50b9f6e 100644 --- a/nagios/files/commands.cfg +++ b/nagios/files/commands.cfg @@ -247,10 +247,10 @@ define command{ define command{ command_name notify-host-by-prowl - command_line /usr/bin/curl -s -o /dev/null -F apikey="$CONTACTADDRESS1$" -F application="Nagios" -F event="Host Alert" -F description="$HOSTNAME$ $HOSTDESC$ '$HOSTOUTPUT$'" "https://prowl.weks.net/publicapi/add" + command_line /usr/bin/curl -s -o /dev/null -F apikey="$CONTACTADDRESS1$" -F application="Nagios" -F event="$NOTIFICATIONTYPE$ Host Alert" -F description="$HOSTNAME$ is $HOSTSTATE$ '$HOSTOUTPUT$'" "https://prowl.weks.net/publicapi/add" } - + define command{ command_name notify-service-by-prowl - command_line /usr/bin/curl -s -o /dev/null -F apikey="$CONTACTADDRESS1$" -F application="Nagios" -F event="Service Alert" -F description="$HOSTNAME$ $SERVICEDESC$ '$SERVICEOUTPUT$'" "https://prowl.weks.net/publicapi/add" + command_line /usr/bin/curl -s -o /dev/null -F apikey="$CONTACTADDRESS1$" -F application="Nagios" -F event="$NOTIFICATIONTYPE$ Service Alert" -F description="$HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ '$SERVICEOUTPUT$'" "https://prowl.weks.net/publicapi/add" } diff --git a/nagios/manifests/init.pp b/nagios/manifests/init.pp index 01740c7..bab0403 100644 --- a/nagios/manifests/init.pp +++ b/nagios/manifests/init.pp @@ -103,23 +103,23 @@ class nagios::server { file { "/etc/nagios/conf.d": name => $confdir, ensure => directory, + mode => "0640", + owner => "root", + group => "nagios", purge => true, force => true, recurse => true, - owner => "root", - group => "root", - mode => "0644", source => "puppet:///modules/custom/empty", require => Package["nagios"], - notify => Service["nagios"], } file { "${confdir}/contactgroup_all.cfg": - ensure => present, - mode => "0644", - owner => "root", - group => "root", - before => Nagios_Contactgroup["all"], + ensure => present, + mode => "0640", + owner => "root", + group => "nagios", + before => Nagios_Contactgroup["all"], + require => File["/etc/nagios/conf.d"], } nagios_contactgroup { "all": target => "${confdir}/contactgroup_all.cfg", @@ -128,11 +128,12 @@ class nagios::server { } file { "${confdir}/host_default.cfg": - ensure => present, - mode => "0644", - owner => "root", - group => "root", - before => Nagios_Host["default"], + ensure => present, + mode => "0640", + owner => "root", + group => "nagios", + before => Nagios_Host["default"], + require => File["/etc/nagios/conf.d"], } nagios_host { "default": target => "${confdir}/host_default.cfg", @@ -154,11 +155,12 @@ class nagios::server { } file { "${confdir}/service_default.cfg": - ensure => present, - mode => "0644", - owner => "root", - group => "root", - before => Nagios_Service["default"], + ensure => present, + mode => "0640", + owner => "root", + group => "nagios", + before => Nagios_Service["default"], + require => File["/etc/nagios/conf.d"], } nagios_service { "default": target => "${confdir}/service_default.cfg", @@ -188,11 +190,12 @@ class nagios::server { } file { "${confdir}/timeperiod_24x7.cfg": - ensure => present, - mode => "0644", - owner => "root", - group => "root", - before => Nagios_Timeperiod["24x7"], + ensure => present, + mode => "0640", + owner => "root", + group => "nagios", + before => Nagios_Timeperiod["24x7"], + require => File["/etc/nagios/conf.d"], } nagios_timeperiod { "24x7": target => "${confdir}/timeperiod_24x7.cfg", @@ -222,11 +225,12 @@ class nagios::server { define nagios::contact::email($confdir=$nagios::server::confdir) { file { "${confdir}/contact_${name}.cfg": - ensure => present, - mode => "0644", - owner => "root", - group => "root", - before => Nagios_Contact[$name], + ensure => present, + mode => "0640", + owner => "root", + group => "nagios", + before => Nagios_Contact[$name], + require => File["/etc/nagios/conf.d"], } nagios_contact { $name: target => "${confdir}/contact_${name}.cfg", @@ -246,11 +250,12 @@ define nagios::contact::email($confdir=$nagios::server::confdir) { define nagios::contact::prowl($confdir=$nagios::server::confdir) { file { "${confdir}/contact_${name}.cfg": - ensure => present, - mode => "0644", - owner => "root", - group => "root", - before => Nagios_Contact[$name], + ensure => present, + mode => "0640", + owner => "root", + group => "nagios", + before => Nagios_Contact[$name], + require => File["/etc/nagios/conf.d"], } nagios_contact { $name: target => "${confdir}/contact_${name}.cfg", @@ -270,11 +275,12 @@ define nagios::contact::prowl($confdir=$nagios::server::confdir) { define nagios::host($confdir, $operatingsystem) { file { "${confdir}/host_${name}.cfg": - ensure => present, - mode => "0644", - owner => "root", - group => "root", - before => Nagios_Host[$name], + ensure => present, + mode => "0640", + owner => "root", + group => "nagios", + before => Nagios_Host[$name], + require => File["/etc/nagios/conf.d"], } nagios_host { $name: ensure => present, @@ -283,11 +289,12 @@ define nagios::host($confdir, $operatingsystem) { } # file { "${confdir}/hostextinfo_${name}.cfg": -# ensure => present, -# mode => "0644", -# owner => "root", -# group => "root", -# before => Nagios_Hostextinfo[$name], +# ensure => present, +# mode => "0640", +# owner => "root", +# group => "nagios", +# before => Nagios_Hostextinfo[$name], +# require => File["/etc/nagios/conf.d"], # } # nagios_hostextinfo { $name: # ensure => present, @@ -303,11 +310,12 @@ define nagios::host($confdir, $operatingsystem) { define nagios::service($confdir, $host, $command, $description) { file { "${confdir}/service_${name}.cfg": - ensure => present, - mode => "0644", - owner => "root", - group => "root", - before => Nagios_Service[$name], + ensure => present, + mode => "0640", + owner => "root", + group => "nagios", + before => Nagios_Service[$name], + require => File["/etc/nagios/conf.d"], } nagios_service { $name: host_name => $host, @@ -417,3 +425,16 @@ class nagios::target::https { } } + + +class nagios::target::smtp { + + include nagios::target + + @@nagios::service { "${fqdn}_smtp": + host => $fqdn, + command => "check_smtp", + description => "SMTP", + } + +} diff --git a/network/manifests/init.pp b/network/manifests/init.pp index a23eb18..cccd67a 100644 --- a/network/manifests/init.pp +++ b/network/manifests/init.pp @@ -4,22 +4,22 @@ # This class is automatically included when needed. # class network::helper::restart { - case $operatingsystem { - centos,fedora: { + case $::operatingsystem { + "centos","redhat","fedora": { exec { "restart-network": command => "/sbin/service network restart", path => "/bin:/usr/bin:/sbin:/usr/sbin", refreshonly => true, } } - openbsd: { + "openbsd": { exec { "restart-network": command => "/sbin/route delete default ; /bin/sh /etc/netstart", path => "/bin:/usr/bin:/sbin:/usr/sbin", refreshonly => true, } } - debian,ubuntu: { + "debian","ubuntu": { exec { "restart-network": cwd => "/etc/network", command => "cat interfaces.in interfaces.d/*.conf > interfaces && /etc/init.d/networking restart", @@ -63,7 +63,7 @@ class network::hostname { tag("bootstrap") - case $operatingsystem { + case $::operatingsystem { "debian","ubuntu": { file { "/etc/hostname": ensure => present, @@ -73,7 +73,7 @@ class network::hostname { group => "root", } } - "centos","fedora": { + "centos","redhat","fedora": { augeas { "set-hostname": context => "/files/etc/sysconfig/network", changes => "set HOSTNAME ${homename}", @@ -89,7 +89,7 @@ class network::hostname { } } default: { - fail("network::hostname not supported on ${operatingsystem}") + fail("network::hostname not supported on ${::operatingsystem}") } } @@ -156,8 +156,8 @@ define network::interface($ipaddr = "none", $eaddr = "none", $netmask = "none", } } - case $operatingsystem { - openbsd: { + case $::operatingsystem { + "openbsd": { file { "/etc/hostname.${name}": ensure => present, content => template("network/hostname.if.erb"), @@ -167,7 +167,7 @@ define network::interface($ipaddr = "none", $eaddr = "none", $netmask = "none", notify => Exec["restart-network"], } } - centos,fedora: { + "centos","redhat","fedora": { if $bridge { network::interface { $bridge: options => [ "BRIDGE=${name}", "LINKDELAY=10" ], @@ -190,7 +190,7 @@ define network::interface($ipaddr = "none", $eaddr = "none", $netmask = "none", require => File["/etc/sysconfig/network-scripts/ifcfg-${name}"], } } - debian,ubuntu: { + "debian","ubuntu": { include network::helper::debian file { "/etc/network/interfaces.d/${name}-addr.conf": ensure => present, @@ -212,7 +212,7 @@ define network::interface($ipaddr = "none", $eaddr = "none", $netmask = "none", } } default: { - fail("Network module not supported in ${operatingsystem}") + fail("Network module not supported in ${::operatingsystem}") } } @@ -236,8 +236,8 @@ define network::route($gateway = "", $device, $ipv6gateway = "") { case $name { "default": { - case $operatingsystem { - centos,fedora: { + case $::operatingsystem { + "centos","redhat","fedora": { include network::helper::restart if "${gateway}" != "" { augeas { "set-default-route": @@ -284,7 +284,7 @@ define network::route($gateway = "", $device, $ipv6gateway = "") { } } default: { - fail("Network module not supported in ${operatingsystem}") + fail("Network module not supported in ${::operatingsystem}") } } } @@ -292,8 +292,8 @@ define network::route($gateway = "", $device, $ipv6gateway = "") { if $ipv6gateway != "" { fail("Custom IPv6 routes not supported yet.") } - case $operatingsystem { - "fedora","centos": { + case $::operatingsystem { + "fedora","centos","redhat": { include network::helper::restart file { "/etc/sysconfig/network-scripts/route-${device}": ensure => present, @@ -305,7 +305,7 @@ define network::route($gateway = "", $device, $ipv6gateway = "") { } } default: { - fail("Custom routes not supported in ${operatingsystem}") + fail("Custom routes not supported in ${::operatingsystem}") } } } @@ -338,8 +338,8 @@ define network::route($gateway = "", $device, $ipv6gateway = "") { # } # define network::carp($password, $ipaddr, $netmask, $options = []) { - case $operatingsystem { - openbsd: { + case $::operatingsystem { + "openbsd": { network::interface { "carp${name}": ipaddr => $ipaddr, netmask => $netmask, @@ -347,7 +347,7 @@ define network::carp($password, $ipaddr, $netmask, $options = []) { postcmd => [ "/usr/sbin/ndp -i carp${name} -- -accept_rtadv" ], } } - centos,fedora: { + "centos","redhat","fedora": { include network::ucarp file { "/etc/ucarp/vip-${name}.conf": ensure => present, @@ -360,7 +360,7 @@ define network::carp($password, $ipaddr, $netmask, $options = []) { } } default: { - fail("Network module not supported in ${operatingsystem}") + fail("Network module not supported in ${::operatingsystem}") } } } @@ -402,7 +402,7 @@ define network::pppoe($username, $password, $device, $authtype = "pap") { include network::helper::restart - case $operatingsystem { + case $::operatingsystem { openbsd: { file { "/etc/hostname.${name}": ensure => present, @@ -414,7 +414,7 @@ define network::pppoe($username, $password, $device, $authtype = "pap") { } } default: { - fail("Network module not supported in ${operatingsystem}") + fail("Network module not supported in ${::operatingsystem}") } } @@ -445,8 +445,8 @@ define network::pppoe($username, $password, $device, $authtype = "pap") { # } # define network::trunk($devices, $mode = 0, $ipaddr = "none", $netmask = "none", $options = []) { - case $operatingsystem { - centos,fedora: { + case $::operatingsystem { + "centos","redhat","fedora": { file { "/etc/modprobe.d/${name}.conf": ensure => present, content => "alias ${name} bonding\noptions ${name} miimon=100 mode=${mode}\n", @@ -466,7 +466,7 @@ define network::trunk($devices, $mode = 0, $ipaddr = "none", $netmask = "none", } } default: { - fail("Network module not supported in ${operatingsystem}") + fail("Network module not supported in ${::operatingsystem}") } } } @@ -477,8 +477,8 @@ define network::trunk($devices, $mode = 0, $ipaddr = "none", $netmask = "none", # This class is automatically included when needed. # class network::helper::vlan { - case $operatingsystem { - centos,fedora: { + case $::operatingsystem { + "centos","redhat","fedora": { augeas { "enable-vlan-support": context => "/files/etc/sysconfig/network", changes => "set VLAN yes", @@ -513,15 +513,15 @@ class network::helper::vlan { # define network::vlan($device, $ipaddr = "none", $netmask = "none", $options = []) { - case $operatingsystem { - openbsd: { + case $::operatingsystem { + "openbsd": { network::interface { "vlan${name}": options => [ "vlandev ${device}" ], ipaddr => $ipaddr, netmask => $netmask, } } - centos,fedora: { + "centos","redhat","fedora": { include network::helper::vlan network::interface { "${device}.${name}": ipaddr => $ipaddr, @@ -531,7 +531,7 @@ define network::vlan($device, $ipaddr = "none", $netmask = "none", } } default: { - fail("Network module not supported in ${operatingsystem}") + fail("Network module not supported in ${::operatingsystem}") } } } @@ -541,7 +541,7 @@ define network::vlan($device, $ipaddr = "none", $netmask = "none", # class network::manager::disable { - case $operatingsystem { + case $::operatingsystem { ubuntu: { file { "/etc/init/network-manager.conf": ensure => present, @@ -557,7 +557,7 @@ class network::manager::disable { } service { "network-manager": - name => $operatingsystem ? { + name => $::operatingsystem ? { ubuntu => "network-manager", default => "NetworkManager", }, diff --git a/nginx/manifests/init.pp b/nginx/manifests/init.pp index eac0587..adeb33a 100644 --- a/nginx/manifests/init.pp +++ b/nginx/manifests/init.pp @@ -2,7 +2,7 @@ # class nginx { - case $operatingsystem { + case $::operatingsystem { "openbsd": { $user = "_nginx" $group = "_nginx" @@ -27,7 +27,7 @@ class nginx { ensure => present, mode => "0644", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { "openbsd" => "wheel", default => "root", }, @@ -40,7 +40,7 @@ class nginx { ensure => directory, mode => "0644", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { "openbsd" => "wheel", default => "root", }, @@ -58,7 +58,7 @@ class nginx { # class nginx::passenger inherits nginx { - case $operatingsystem { + case $::operatingsystem { "openbsd": { Package["nginx"] { flavor => "passenger", @@ -68,7 +68,7 @@ class nginx::passenger inherits nginx { } } default: { - fail("Not supported on ${operatingsystem}") + fail("Not supported on ${::operatingsystem}") } } @@ -83,7 +83,7 @@ define nginx::configfile($source="", $content="") { ensure => present, mode => "0644", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { "openbsd" => "wheel", default => "root", }, diff --git a/nodejs/manifests/init.pp b/nodejs/manifests/init.pp index dac9bca..8383586 100644 --- a/nodejs/manifests/init.pp +++ b/nodejs/manifests/init.pp @@ -3,7 +3,7 @@ class nodejs { case $::operatingsystem { - "centos": { + "centos","redhat": { yum::repo { "nodejs": mirrorlist => "http://nodejs.tchol.org/mirrors/nodejs-stable-el\$releasever", gpgkey => "http://nodejs.tchol.org/stable/RPM-GPG-KEY-tchol", diff --git a/ntpd/manifests/init.pp b/ntpd/manifests/init.pp index 74ac2f0..a5b8096 100644 --- a/ntpd/manifests/init.pp +++ b/ntpd/manifests/init.pp @@ -15,9 +15,9 @@ class ntpd { $ntp_server = ["pool.ntp.org"] } - case $operatingsystem { + case $::operatingsystem { "fedora": { - case $operatingsystemrelease { + case $::operatingsystemrelease { /^1[0-5]/: { include ntpd::isc-ntpd } @@ -34,8 +34,8 @@ class ntpd { } } - case $operatingsystem { - "centos","fedora": { + case $::operatingsystem { + "centos","redhat","fedora": { augeas { "disable-peerntp": context => "/files/etc/sysconfig/network", changes => "set PEERNTP no", @@ -93,7 +93,7 @@ class ntpd::isc-ntpd { service { "ntpd": ensure => running, enable => true, - name => $operatingsystem ? { + name => $::operatingsystem ? { ubuntu => "ntp", debian => "ntp", default => "ntpd", diff --git a/pam/manifests/init.pp b/pam/manifests/init.pp index 02f839b..6fd7ee7 100644 --- a/pam/manifests/init.pp +++ b/pam/manifests/init.pp @@ -3,7 +3,7 @@ # class pam::common { - case $operatingsystem { + case $::operatingsystem { "ubuntu": { package { "libpam-runtime": ensure => installed, @@ -25,8 +25,8 @@ class pam::mkhomedir { include pam::common - case $operatingsystem { - "centos","fedora": { + case $::operatingsystem { + "centos","redhat","fedora": { exec { "authconfig --enablemkhomedir --update": path => "/bin:/usr/bin:/sbin:/usr/sbin", unless => "egrep '^USEMKHOMEDIR=yes\$' /etc/sysconfig/authconfig", diff --git a/portmap/manifests/init.pp b/portmap/manifests/init.pp index 67252b9..8473471 100644 --- a/portmap/manifests/init.pp +++ b/portmap/manifests/init.pp @@ -7,7 +7,7 @@ class portmap::server { $package = "" $service = "portmap" } - "centos": { + "centos","redhat": { case $::operatingsystemrelease { /^[1-5]\./: { $package = "portmap" diff --git a/postfix/files/aliases b/postfix/files/aliases new file mode 100644 index 0000000..42a6b60 --- /dev/null +++ b/postfix/files/aliases @@ -0,0 +1,19 @@ +# +# Aliases in this file will NOT be expanded in the header from +# Mail, but WILL be visible over networks or from /bin/mail. +# +# >>>>>>>>>> The program "newaliases" must be run after +# >> NOTE >> this file is updated for any changes to +# >>>>>>>>>> show through to sendmail. +# + +# Basic system aliases -- these MUST be present. +mailer-daemon: postmaster +postmaster: root + +# General redirections for important pseudo accounts +daemon: root + +# RFC 2142: NETWORK OPERATIONS MAILBOX NAMES +abuse: root +security: root diff --git a/postfix/files/empty b/postfix/files/empty new file mode 100644 index 0000000..e69de29 diff --git a/postfix/manifests/init.pp b/postfix/manifests/init.pp new file mode 100644 index 0000000..8643ebf --- /dev/null +++ b/postfix/manifests/init.pp @@ -0,0 +1,105 @@ +# Install Postfix packages. +# +class postfix { + + include ssl + + if !$postfix_key { + $postfix_key = "${puppet_ssldir}/private_keys/${homename}.pem" + } + if !$postfix_cert { + $postfix_cert = "${puppet_ssldir}/certs/${homename}.pem" + } + + if !$mail_domain { + if $domain { + $mail_domain = $domain + } else { + fail("Failed to set \$mail_domain, missing \$domain") + } + } + + if !$postfix_hostname { + if $fqdn { + $postfix_hostname = $fqdn + } else { + fail("Failed to set \$postfix_hostname, missing \$fqdn") + } + } + + if !$postfix_interfaces { + $postfix_interfaces = "localhost" + } + + package { "postfix": + ensure => installed, + } + + service { "postfix": + ensure => running, + enable => true, + require => Package["postfix"], + } + + file { "${ssl::certs}/postfix.crt": + ensure => present, + source => $postfix_cert, + mode => "0644", + owner => "root", + group => "root", + notify => Service["postfix"], + } + file { "${ssl::private}/postfix.key": + ensure => present, + source => $postfix_key, + mode => "0600", + owner => "root", + group => "root", + notify => Service["postfix"], + } + + file { "/etc/postfix/main.cf": + ensure => present, + mode => "0644", + owner => "root", + group => "root", + content => template("postfix/main.cf.erb"), + notify => Service["postfix"], + require => Package["postfix"], + } + + file { "/etc/aliases": + ensure => present, + source => [ + "puppet:///files/mail/aliases.${homename}", + "puppet:///files/mail/aliases", + "puppet:///modules/postfix/aliases", + ], + mode => "0644", + owner => "root", + group => "root", + notify => Exec["newaliases"], + } + exec { "newaliases": + path => "/bin:/usr/bin:/sbin:/usr/sbin", + refreshonly => true, + } + + file { "/etc/postfix/virtual": + ensure => present, + source => [ + "puppet:///files/mail/virtual.${homename}", + "puppet:///files/mail/virtual", + "puppet:///modules/postfix/empty", + ], + mode => "0644", + owner => "root", + group => "root", + notify => Exec["postmap /etc/postfix/virtual"], + } + exec { "postmap /etc/postfix/virtual": + path => "/bin:/usr/bin:/sbin:/usr/sbin", + refreshonly => true, + } + +} diff --git a/postfix/templates/main.cf.erb b/postfix/templates/main.cf.erb new file mode 100644 index 0000000..8310ae6 --- /dev/null +++ b/postfix/templates/main.cf.erb @@ -0,0 +1,727 @@ +# Global Postfix configuration file. This file lists only a subset +# of all parameters. For the syntax, and for a complete parameter +# list, see the postconf(5) manual page (command: "man 5 postconf"). +# +# For common configuration examples, see BASIC_CONFIGURATION_README +# and STANDARD_CONFIGURATION_README. To find these documents, use +# the command "postconf html_directory readme_directory", or go to +# http://www.postfix.org/. +# +# For best results, change no more than 2-3 parameters at a time, +# and test if Postfix still works after every change. + +# SOFT BOUNCE +# +# The soft_bounce parameter provides a limited safety net for +# testing. When soft_bounce is enabled, mail will remain queued that +# would otherwise bounce. This parameter disables locally-generated +# bounces, and prevents the SMTP server from rejecting mail permanently +# (by changing 5xx replies into 4xx replies). However, soft_bounce +# is no cure for address rewriting mistakes or mail routing mistakes. +# +#soft_bounce = no + +# LOCAL PATHNAME INFORMATION +# +# The queue_directory specifies the location of the Postfix queue. +# This is also the root directory of Postfix daemons that run chrooted. +# See the files in examples/chroot-setup for setting up Postfix chroot +# environments on different UNIX systems. +# +queue_directory = /var/spool/postfix + +# The command_directory parameter specifies the location of all +# postXXX commands. +# +command_directory = /usr/sbin + +# The daemon_directory parameter specifies the location of all Postfix +# daemon programs (i.e. programs listed in the master.cf file). This +# directory must be owned by root. +# +<% if ['Debian','Ubuntu'].index(operatingsystem) -%> +daemon_directory = /usr/lib/postfix +<% else -%> +daemon_directory = /usr/libexec/postfix +<% end -%> + +# The data_directory parameter specifies the location of Postfix-writable +# data files (caches, random numbers). This directory must be owned +# by the mail_owner account (see below). +# +data_directory = /var/lib/postfix + +# QUEUE AND PROCESS OWNERSHIP +# +# The mail_owner parameter specifies the owner of the Postfix queue +# and of most Postfix daemon processes. Specify the name of a user +# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS +# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In +# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED +# USER. +# +mail_owner = postfix + +# The default_privs parameter specifies the default rights used by +# the local delivery agent for delivery to external file or command. +# These rights are used in the absence of a recipient user context. +# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER. +# +#default_privs = nobody + +# INTERNET HOST AND DOMAIN NAMES +# +# The myhostname parameter specifies the internet hostname of this +# mail system. The default is to use the fully-qualified domain name +# from gethostname(). $myhostname is used as a default value for many +# other configuration parameters. +# +#myhostname = host.domain.tld +#myhostname = virtual.domain.tld +myhostname = <%= postfix_hostname %> + +# The mydomain parameter specifies the local internet domain name. +# The default is to use $myhostname minus the first component. +# $mydomain is used as a default value for many other configuration +# parameters. +# +#mydomain = domain.tld +mydomain = <%= mail_domain %> + +# SENDING MAIL +# +# The myorigin parameter specifies the domain that locally-posted +# mail appears to come from. The default is to append $myhostname, +# which is fine for small sites. If you run a domain with multiple +# machines, you should (1) change this to $mydomain and (2) set up +# a domain-wide alias database that aliases each user to +# user@that.users.mailhost. +# +# For the sake of consistency between sender and recipient addresses, +# myorigin also specifies the default domain name that is appended +# to recipient addresses that have no @domain part. +# +#myorigin = $myhostname +myorigin = $mydomain + +# RECEIVING MAIL + +# The inet_interfaces parameter specifies the network interface +# addresses that this mail system receives mail on. By default, +# the software claims all active interfaces on the machine. The +# parameter also controls delivery of mail to user@[ip.address]. +# +# See also the proxy_interfaces parameter, for network addresses that +# are forwarded to us via a proxy or network address translator. +# +# Note: you need to stop/start Postfix when this parameter changes. +# +#inet_interfaces = all +#inet_interfaces = $myhostname +#inet_interfaces = $myhostname, localhost +inet_interfaces = <%= postfix_interfaces %> + +# Enable IPv4, and IPv6 if supported +inet_protocols = all + +# The proxy_interfaces parameter specifies the network interface +# addresses that this mail system receives mail on by way of a +# proxy or network address translation unit. This setting extends +# the address list specified with the inet_interfaces parameter. +# +# You must specify your proxy/NAT addresses when your system is a +# backup MX host for other domains, otherwise mail delivery loops +# will happen when the primary MX host is down. +# +#proxy_interfaces = +#proxy_interfaces = 1.2.3.4 + +# The mydestination parameter specifies the list of domains that this +# machine considers itself the final destination for. +# +# These domains are routed to the delivery agent specified with the +# local_transport parameter setting. By default, that is the UNIX +# compatible delivery agent that lookups all recipients in /etc/passwd +# and /etc/aliases or their equivalent. +# +# The default is $myhostname + localhost.$mydomain. On a mail domain +# gateway, you should also include $mydomain. +# +# Do not specify the names of virtual domains - those domains are +# specified elsewhere (see VIRTUAL_README). +# +# Do not specify the names of domains that this machine is backup MX +# host for. Specify those names via the relay_domains settings for +# the SMTP server, or use permit_mx_backup if you are lazy (see +# STANDARD_CONFIGURATION_README). +# +# The local machine is always the final destination for mail addressed +# to user@[the.net.work.address] of an interface that the mail system +# receives mail on (see the inet_interfaces parameter). +# +# Specify a list of host or domain names, /file/name or type:table +# patterns, separated by commas and/or whitespace. A /file/name +# pattern is replaced by its contents; a type:table is matched when +# a name matches a lookup key (the right-hand side is ignored). +# Continue long lines by starting the next line with whitespace. +# +# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS". +# +mydestination = $myhostname, localhost.$mydomain, localhost +#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain +#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, +# mail.$mydomain, www.$mydomain, ftp.$mydomain + +# REJECTING MAIL FOR UNKNOWN LOCAL USERS +# +# The local_recipient_maps parameter specifies optional lookup tables +# with all names or addresses of users that are local with respect +# to $mydestination, $inet_interfaces or $proxy_interfaces. +# +# If this parameter is defined, then the SMTP server will reject +# mail for unknown local users. This parameter is defined by default. +# +# To turn off local recipient checking in the SMTP server, specify +# local_recipient_maps = (i.e. empty). +# +# The default setting assumes that you use the default Postfix local +# delivery agent for local delivery. You need to update the +# local_recipient_maps setting if: +# +# - You define $mydestination domain recipients in files other than +# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files. +# For example, you define $mydestination domain recipients in +# the $virtual_mailbox_maps files. +# +# - You redefine the local delivery agent in master.cf. +# +# - You redefine the "local_transport" setting in main.cf. +# +# - You use the "luser_relay", "mailbox_transport", or "fallback_transport" +# feature of the Postfix local delivery agent (see local(8)). +# +# Details are described in the LOCAL_RECIPIENT_README file. +# +# Beware: if the Postfix SMTP server runs chrooted, you probably have +# to access the passwd file via the proxymap service, in order to +# overcome chroot restrictions. The alternative, having a copy of +# the system passwd file in the chroot jail is just not practical. +# +# The right-hand side of the lookup tables is conveniently ignored. +# In the left-hand side, specify a bare username, an @domain.tld +# wild-card, or specify a user@domain.tld address. +# +#local_recipient_maps = unix:passwd.byname $alias_maps +#local_recipient_maps = proxy:unix:passwd.byname $alias_maps +#local_recipient_maps = + +# The unknown_local_recipient_reject_code specifies the SMTP server +# response code when a recipient domain matches $mydestination or +# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty +# and the recipient address or address local-part is not found. +# +# The default setting is 550 (reject mail) but it is safer to start +# with 450 (try again later) until you are certain that your +# local_recipient_maps settings are OK. +# +unknown_local_recipient_reject_code = 550 + +# TRUST AND RELAY CONTROL + +# The mynetworks parameter specifies the list of "trusted" SMTP +# clients that have more privileges than "strangers". +# +# In particular, "trusted" SMTP clients are allowed to relay mail +# through Postfix. See the smtpd_recipient_restrictions parameter +# in postconf(5). +# +# You can specify the list of "trusted" network addresses by hand +# or you can let Postfix do it for you (which is the default). +# +# By default (mynetworks_style = subnet), Postfix "trusts" SMTP +# clients in the same IP subnetworks as the local machine. +# On Linux, this does works correctly only with interfaces specified +# with the "ifconfig" command. +# +# Specify "mynetworks_style = class" when Postfix should "trust" SMTP +# clients in the same IP class A/B/C networks as the local machine. +# Don't do this with a dialup site - it would cause Postfix to "trust" +# your entire provider's network. Instead, specify an explicit +# mynetworks list by hand, as described below. +# +# Specify "mynetworks_style = host" when Postfix should "trust" +# only the local machine. +# +#mynetworks_style = class +mynetworks_style = subnet +#mynetworks_style = host + +# Alternatively, you can specify the mynetworks list by hand, in +# which case Postfix ignores the mynetworks_style setting. +# +# Specify an explicit list of network/netmask patterns, where the +# mask specifies the number of bits in the network part of a host +# address. +# +# You can also specify the absolute pathname of a pattern file instead +# of listing the patterns here. Specify type:table for table-based lookups +# (the value on the table right-hand side is not used). +# +#mynetworks = 168.100.189.0/28, 127.0.0.0/8 +#mynetworks = $config_directory/mynetworks +#mynetworks = hash:/etc/postfix/network_table + +# The relay_domains parameter restricts what destinations this system will +# relay mail to. See the smtpd_recipient_restrictions description in +# postconf(5) for detailed information. +# +# By default, Postfix relays mail +# - from "trusted" clients (IP address matches $mynetworks) to any destination, +# - from "untrusted" clients to destinations that match $relay_domains or +# subdomains thereof, except addresses with sender-specified routing. +# The default relay_domains value is $mydestination. +# +# In addition to the above, the Postfix SMTP server by default accepts mail +# that Postfix is final destination for: +# - destinations that match $inet_interfaces or $proxy_interfaces, +# - destinations that match $mydestination +# - destinations that match $virtual_alias_domains, +# - destinations that match $virtual_mailbox_domains. +# These destinations do not need to be listed in $relay_domains. +# +# Specify a list of hosts or domains, /file/name patterns or type:name +# lookup tables, separated by commas and/or whitespace. Continue +# long lines by starting the next line with whitespace. A file name +# is replaced by its contents; a type:name table is matched when a +# (parent) domain appears as lookup key. +# +# NOTE: Postfix will not automatically forward mail for domains that +# list this system as their primary or backup MX host. See the +# permit_mx_backup restriction description in postconf(5). +# +relay_domains = $mydestination + +# INTERNET OR INTRANET + +# The relayhost parameter specifies the default host to send mail to +# when no entry is matched in the optional transport(5) table. When +# no relayhost is given, mail is routed directly to the destination. +# +# On an intranet, specify the organizational domain name. If your +# internal DNS uses no MX records, specify the name of the intranet +# gateway host instead. +# +# In the case of SMTP, specify a domain, host, host:port, [host]:port, +# [address] or [address]:port; the form [host] turns off MX lookups. +# +# If you're connected via UUCP, see also the default_transport parameter. +# +#relayhost = $mydomain +#relayhost = [gateway.my.domain] +#relayhost = [mailserver.isp.tld] +#relayhost = uucphost +#relayhost = [an.ip.add.ress] +<% if postfix_interfaces == "localhost" and has_variable?("mail_server") -%> +relayhost = [<%= mail_server %>] +<% end -%> + +# REJECTING UNKNOWN RELAY USERS +# +# The relay_recipient_maps parameter specifies optional lookup tables +# with all addresses in the domains that match $relay_domains. +# +# If this parameter is defined, then the SMTP server will reject +# mail for unknown relay users. This feature is off by default. +# +# The right-hand side of the lookup tables is conveniently ignored. +# In the left-hand side, specify an @domain.tld wild-card, or specify +# a user@domain.tld address. +# +#relay_recipient_maps = hash:/etc/postfix/relay_recipients + +# INPUT RATE CONTROL +# +# The in_flow_delay configuration parameter implements mail input +# flow control. This feature is turned on by default, although it +# still needs further development (it's disabled on SCO UNIX due +# to an SCO bug). +# +# A Postfix process will pause for $in_flow_delay seconds before +# accepting a new message, when the message arrival rate exceeds the +# message delivery rate. With the default 100 SMTP server process +# limit, this limits the mail inflow to 100 messages a second more +# than the number of messages delivered per second. +# +# Specify 0 to disable the feature. Valid delays are 0..10. +# +in_flow_delay = 1s + +# ADDRESS REWRITING +# +# The ADDRESS_REWRITING_README document gives information about +# address masquerading or other forms of address rewriting including +# username->Firstname.Lastname mapping. + +# ADDRESS REDIRECTION (VIRTUAL DOMAIN) +# +# The VIRTUAL_README document gives information about the many forms +# of domain hosting that Postfix supports. +# +virtual_alias_maps = hash:/etc/postfix/virtual + +# "USER HAS MOVED" BOUNCE MESSAGES +# +# See the discussion in the ADDRESS_REWRITING_README document. + +# TRANSPORT MAP +# +# See the discussion in the ADDRESS_REWRITING_README document. + +# ALIAS DATABASE +# +# The alias_maps parameter specifies the list of alias databases used +# by the local delivery agent. The default list is system dependent. +# +# On systems with NIS, the default is to search the local alias +# database, then the NIS alias database. See aliases(5) for syntax +# details. +# +# If you change the alias database, run "postalias /etc/aliases" (or +# wherever your system stores the mail alias file), or simply run +# "newaliases" to build the necessary DBM or DB file. +# +# It will take a minute or so before changes become visible. Use +# "postfix reload" to eliminate the delay. +# +#alias_maps = dbm:/etc/aliases +alias_maps = hash:/etc/aliases +#alias_maps = hash:/etc/aliases, nis:mail.aliases +#alias_maps = netinfo:/aliases + +# The alias_database parameter specifies the alias database(s) that +# are built with "newaliases" or "sendmail -bi". This is a separate +# configuration parameter, because alias_maps (see above) may specify +# tables that are not necessarily all under control by Postfix. +# +#alias_database = dbm:/etc/aliases +#alias_database = dbm:/etc/mail/aliases +alias_database = hash:/etc/aliases +#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases + +# ADDRESS EXTENSIONS (e.g., user+foo) +# +# The recipient_delimiter parameter specifies the separator between +# user names and address extensions (user+foo). See canonical(5), +# local(8), relocated(5) and virtual(5) for the effects this has on +# aliases, canonical, virtual, relocated and .forward file lookups. +# Basically, the software tries user+foo and .forward+foo before +# trying user and .forward. +# +#recipient_delimiter = + + +# DELIVERY TO MAILBOX +# +# The home_mailbox parameter specifies the optional pathname of a +# mailbox file relative to a user's home directory. The default +# mailbox file is /var/spool/mail/user or /var/mail/user. Specify +# "Maildir/" for qmail-style delivery (the / is required). +# +#home_mailbox = Mailbox +#home_mailbox = Maildir/ +<% if has_variable?("postfix_home_mailbox") -%> +home_mailbox <%= postfix_home_mailbox %> +<% end -%> + +# The mail_spool_directory parameter specifies the directory where +# UNIX-style mailboxes are kept. The default setting depends on the +# system type. +# +mail_spool_directory = /var/mail +#mail_spool_directory = /var/spool/mail + +# The mailbox_command parameter specifies the optional external +# command to use instead of mailbox delivery. The command is run as +# the recipient with proper HOME, SHELL and LOGNAME environment settings. +# Exception: delivery for root is done as $default_user. +# +# Other environment variables of interest: USER (recipient username), +# EXTENSION (address extension), DOMAIN (domain part of address), +# and LOCAL (the address localpart). +# +# Unlike other Postfix configuration parameters, the mailbox_command +# parameter is not subjected to $parameter substitutions. This is to +# make it easier to specify shell syntax (see example below). +# +# Avoid shell meta characters because they will force Postfix to run +# an expensive shell process. Procmail alone is expensive enough. +# +# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN +# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER. +# +#mailbox_command = /some/where/procmail +#mailbox_command = /some/where/procmail -a "$EXTENSION" + +# The mailbox_transport specifies the optional transport in master.cf +# to use after processing aliases and .forward files. This parameter +# has precedence over the mailbox_command, fallback_transport and +# luser_relay parameters. +# +# Specify a string of the form transport:nexthop, where transport is +# the name of a mail delivery transport defined in master.cf. The +# :nexthop part is optional. For more details see the sample transport +# configuration file. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must update the "local_recipient_maps" setting in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp + +# If using the cyrus-imapd IMAP server deliver local mail to the IMAP +# server using LMTP (Local Mail Transport Protocol), this is prefered +# over the older cyrus deliver program by setting the +# mailbox_transport as below: +# +# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp +# +# The efficiency of LMTP delivery for cyrus-imapd can be enhanced via +# these settings. +# +# local_destination_recipient_limit = 300 +# local_destination_concurrency_limit = 5 +# +# Of course you should adjust these settings as appropriate for the +# capacity of the hardware you are using. The recipient limit setting +# can be used to take advantage of the single instance message store +# capability of Cyrus. The concurrency limit can be used to control +# how many simultaneous LMTP sessions will be permitted to the Cyrus +# message store. +# +# To use the old cyrus deliver program you have to set: +#mailbox_transport = cyrus + +# The fallback_transport specifies the optional transport in master.cf +# to use for recipients that are not found in the UNIX passwd database. +# This parameter has precedence over the luser_relay parameter. +# +# Specify a string of the form transport:nexthop, where transport is +# the name of a mail delivery transport defined in master.cf. The +# :nexthop part is optional. For more details see the sample transport +# configuration file. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must update the "local_recipient_maps" setting in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp +#fallback_transport = + +# The luser_relay parameter specifies an optional destination address +# for unknown recipients. By default, mail for unknown@$mydestination, +# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned +# as undeliverable. +# +# The following expansions are done on luser_relay: $user (recipient +# username), $shell (recipient shell), $home (recipient home directory), +# $recipient (full recipient address), $extension (recipient address +# extension), $domain (recipient domain), $local (entire recipient +# localpart), $recipient_delimiter. Specify ${name?value} or +# ${name:value} to expand value only when $name does (does not) exist. +# +# luser_relay works only for the default Postfix local delivery agent. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must specify "local_recipient_maps =" (i.e. empty) in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +#luser_relay = $user@other.host +#luser_relay = $local@other.host +#luser_relay = admin+$local + +# JUNK MAIL CONTROLS +# +# The controls listed here are only a very small subset. The file +# SMTPD_ACCESS_README provides an overview. +# +smtpd_helo_required = yes +smtpd_client_restrictions = + permit_mynetworks, + permit_sasl_authenticated, + reject_unknown_client, +<% if has_variable?("postfix_rbl") -%> + <% postfix_rbl.each do |rbl| -%> + reject_rbl_client <%= rbl %>, + <% end -%> +<% end -%> + permit +smtpd_recipient_restrictions = + permit_sasl_authenticated, + permit_mynetworks, + reject_unauth_destination, + check_relay_domains + +# The header_checks parameter specifies an optional table with patterns +# that each logical message header is matched against, including +# headers that span multiple physical lines. +# +# By default, these patterns also apply to MIME headers and to the +# headers of attached messages. With older Postfix versions, MIME and +# attached message headers were treated as body text. +# +# For details, see "man header_checks". +# +#header_checks = regexp:/etc/postfix/header_checks + +# FAST ETRN SERVICE +# +# Postfix maintains per-destination logfiles with information about +# deferred mail, so that mail can be flushed quickly with the SMTP +# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld". +# See the ETRN_README document for a detailed description. +# +# The fast_flush_domains parameter controls what destinations are +# eligible for this service. By default, they are all domains that +# this server is willing to relay mail to. +# +#fast_flush_domains = $relay_domains + +# SHOW SOFTWARE VERSION OR NOT +# +# The smtpd_banner parameter specifies the text that follows the 220 +# code in the SMTP server's greeting banner. Some people like to see +# the mail version advertised. By default, Postfix shows no version. +# +# You MUST specify $myhostname at the start of the text. That is an +# RFC requirement. Postfix itself does not care. +# +#smtpd_banner = $myhostname ESMTP $mail_name +#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) + +# PARALLEL DELIVERY TO THE SAME DESTINATION +# +# How many parallel deliveries to the same user or domain? With local +# delivery, it does not make sense to do massively parallel delivery +# to the same user, because mailbox updates must happen sequentially, +# and expensive pipelines in .forward files can cause disasters when +# too many are run at the same time. With SMTP deliveries, 10 +# simultaneous connections to the same domain could be sufficient to +# raise eyebrows. +# +# Each message delivery transport has its XXX_destination_concurrency_limit +# parameter. The default is $default_destination_concurrency_limit for +# most delivery transports. For the local delivery agent the default is 2. + +#local_destination_concurrency_limit = 2 +#default_destination_concurrency_limit = 20 + +# DEBUGGING CONTROL +# +# The debug_peer_level parameter specifies the increment in verbose +# logging level when an SMTP client or server host name or address +# matches a pattern in the debug_peer_list parameter. +# +debug_peer_level = 2 + +# The debug_peer_list parameter specifies an optional list of domain +# or network patterns, /file/name patterns or type:name tables. When +# an SMTP client or server host name or address matches a pattern, +# increase the verbose logging level by the amount specified in the +# debug_peer_level parameter. +# +#debug_peer_list = 127.0.0.1 +#debug_peer_list = some.domain + +# The debugger_command specifies the external command that is executed +# when a Postfix daemon program is run with the -D option. +# +# Use "command .. & sleep 5" so that the debugger can attach before +# the process marches on. If you use an X-based debugger, be sure to +# set up your XAUTHORITY environment variable before starting Postfix. +# +debugger_command = + PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin + ddd $daemon_directory/$process_name $process_id & sleep 5 + +# If you can't use X, use this to capture the call stack when a +# daemon crashes. The result is in a file in the configuration +# directory, and is named after the process name and the process ID. +# +# debugger_command = +# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; +# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1 +# >$config_directory/$process_name.$process_id.log & sleep 5 +# +# Another possibility is to run gdb under a detached screen session. +# To attach to the screen sesssion, su root and run "screen -r +# " where uniquely matches one of the detached +# sessions (from "screen -list"). +# +# debugger_command = +# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen +# -dmS $process_name gdb $daemon_directory/$process_name +# $process_id & sleep 1 + +# INSTALL-TIME CONFIGURATION INFORMATION +# +# The following parameters are used when installing a new Postfix version. +# +# sendmail_path: The full pathname of the Postfix sendmail command. +# This is the Sendmail-compatible mail posting interface. +# +sendmail_path = /usr/sbin/sendmail.postfix + +# newaliases_path: The full pathname of the Postfix newaliases command. +# This is the Sendmail-compatible command to build alias databases. +# +newaliases_path = /usr/bin/newaliases.postfix + +# mailq_path: The full pathname of the Postfix mailq command. This +# is the Sendmail-compatible mail queue listing command. +# +mailq_path = /usr/bin/mailq.postfix + +# setgid_group: The group for mail submission and queue management +# commands. This must be a group name with a numerical group ID that +# is not shared with other accounts, not even with the Postfix account. +# +setgid_group = postdrop + +# html_directory: The location of the Postfix HTML documentation. +# +html_directory = no + +# manpage_directory: The location of the Postfix on-line manual pages. +# +manpage_directory = /usr/share/man + +# sample_directory: The location of the Postfix sample configuration files. +# This parameter is obsolete as of Postfix 2.1. +# +#sample_directory = /usr/share/doc/postfix-2.6.6/samples + +# readme_directory: The location of the Postfix README files. +# +#readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES +<% if postfix_interfaces != "localhost" -%> + +# SASL +# +smtpd_sasl_auth_enable = yes +smtpd_sasl_local_domain = $myhostname +smtpd_sasl_path = smtpd +smtpd_sasl_security_options = noanonymous + +# TLS +# +smtpd_use_tls=yes +smtpd_tls_cert_file=<%= scope.lookupvar('ssl::certs') %>/postfix.crt +smtpd_tls_key_file=<%= scope.lookupvar('ssl::private') %>/postfix.key +smtpd_tls_received_header = yes +smtpd_tls_security_level = may +smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache +smtp_tls_security_level = may +smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache +<% end -%> diff --git a/pulseaudio/manifests/init.pp b/pulseaudio/manifests/init.pp index 4a63035..c63a5be 100644 --- a/pulseaudio/manifests/init.pp +++ b/pulseaudio/manifests/init.pp @@ -27,7 +27,7 @@ class pulseaudio::server inherits pulseaudio::common { } file { "/etc/sysconfig/pulseaudio": ensure => present, - source => "puppet:///modules/pulseaudio/pulseaudio.sysconfig.${operatingsystem}", + source => "puppet:///modules/pulseaudio/pulseaudio.sysconfig.${::operatingsystem}", mode => "0644", owner => root, group => root, diff --git a/puppet/manifests/init.pp b/puppet/manifests/init.pp index 9b5d32e..b362722 100644 --- a/puppet/manifests/init.pp +++ b/puppet/manifests/init.pp @@ -24,13 +24,13 @@ class puppet::client { $puppet_keylength = "2048" } - case $operatingsystem { + case $::operatingsystem { openbsd: { $vardir = "/var/puppet" } default: { $vardir = "/var/lib/puppet" } } - case $operatingsystem { - centos,fedora: { + case $::operatingsystem { + "centos","redhat","fedora": { package { "ruby-shadow": ensure => installed, } @@ -43,7 +43,7 @@ class puppet::client { } } openbsd: { - if $operatingsystemrelease == "4.9" { + if $::operatingsystemrelease == "4.9" { file { "/etc/rc.d/puppetd": ensure => present, source => "puppet:///modules/puppet/puppetd.rc", @@ -61,16 +61,16 @@ class puppet::client { content => template("puppet/puppet.conf.erb"), mode => "0640", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { openbsd => "_puppet", default => "puppet", }, } - case $operatingsystem { + case $::operatingsystem { openbsd: { service { "puppet": - name => $operatingsystemrelease ? { + name => $::operatingsystemrelease ? { /4\.[1-8]/ => "puppet", default => "puppetd", }, @@ -114,14 +114,14 @@ class puppet::client { source => "puppet:///modules/puppet/puppet-check", mode => "0755", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { openbsd => "wheel", default => "root", }, } cron { "puppet-check": ensure => present, - environment => $operatingsystem ? { + environment => $::operatingsystem ? { openbsd => "PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin", default => undef, }, @@ -149,7 +149,7 @@ class puppet::manual inherits puppet::client { ensure => absent, } - case $operatingsystem { + case $::operatingsystem { debian,ubuntu: { File["/etc/default/puppet"] { source => "puppet:///modules/puppet/puppet.disabled.default", @@ -193,7 +193,7 @@ class puppet::server { # class puppet::server::common inherits puppet::client { - if $::operatingsystem == "CentOS" and $::operatingsystemrelease =~ /^[1-5]\..*/ { + if $::operatingsystem in ["CentOS","RedHat"] and $::operatingsystemrelease =~ /^[1-5]\..*/ { $seltype_readonly = "var_lib_t" $seltype_writable = "var_lib_t" } else { @@ -201,7 +201,7 @@ class puppet::server::common inherits puppet::client { $seltype_writable = "puppet_var_lib_t" } - case $operatingsystem { + case $::operatingsystem { "openbsd": { $user = "_puppet" $group = "_puppet" @@ -239,14 +239,14 @@ class puppet::server::common inherits puppet::client { } package { "puppetmaster": - name => $operatingsystem ? { + name => $::operatingsystem ? { debian => "puppetmaster", ubuntu => "puppetmaster", openbsd => "ruby-puppet", default => "puppet-server", }, ensure => installed, - notify => $operatingsystem ? { + notify => $::operatingsystem ? { debian => Exec["stop-puppetmaster"], ubuntu => Exec["stop-puppetmaster"], default => undef, @@ -254,7 +254,7 @@ class puppet::server::common inherits puppet::client { before => File["/etc/puppet/puppet.conf"], } - case $operatingsystem { + case $::operatingsystem { "debian","ubuntu": { exec { "stop-puppetmaster": command => "pkill -u puppet ; true", @@ -273,7 +273,7 @@ class puppet::server::common inherits puppet::client { } "mysql": { require ruby::mysql - if $::operatingsystem == "CentOS" and $::operatingsystemrelease !~ /^[1-5]\..*/ { + if $::operatingsystem in ["CentOS","RedHat"] and $::operatingsystemrelease !~ /^[1-5]\..*/ { selinux::boolean { "puppetmaster_use_db": value => "on", } @@ -292,7 +292,7 @@ class puppet::server::common inherits puppet::client { ensure => directory, mode => "0755", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { "openbsd" => "wheel", default => "root", }, @@ -322,7 +322,7 @@ class puppet::server::common inherits puppet::client { ensure => directory, mode => "0755", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { "openbsd" => "wheel", default => "root", }, @@ -368,7 +368,7 @@ class puppet::server::common inherits puppet::client { ensure => directory, mode => "0755", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { "openbsd" => "wheel", default => "root", }, @@ -379,7 +379,7 @@ class puppet::server::common inherits puppet::client { ensure => directory, mode => "0755", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { "openbsd" => "wheel", default => "root", }, @@ -406,7 +406,7 @@ class puppet::server::common inherits puppet::client { "puppet:///modules/puppet/tagmail.conf", ], mode => "0644", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { "openbsd" => "wheel", default => "root", }, @@ -420,14 +420,14 @@ class puppet::server::common inherits puppet::client { "puppet:///modules/puppet/fileserver.conf", ], mode => "0644", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { "openbsd" => "wheel", default => "root", }, require => Package["puppetmaster"], } - if $operatingsystem != "OpenBSD" { + if $::operatingsystem != "OpenBSD" { if !$puppet_report_maxage { $puppet_report_maxage = "720" } @@ -447,7 +447,7 @@ class puppet::server::common inherits puppet::client { source => "puppet:///modules/puppet/puppet-clean-storeconfigs", mode => "0755", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { openbsd => "wheel", default => "root", }, @@ -482,7 +482,7 @@ class puppet::server::webrick { require => Package["puppetmaster"], } - case $operatingsystem { + case $::operatingsystem { debian,ubuntu: { file { "/etc/default/puppetmaster": ensure => present, @@ -524,7 +524,7 @@ class puppet::server::mongrel { $puppet_listenports = [ "18140", "18141", "18142", "18143", ] } - if $::operatingsystem == "CentOS" and $::operatingsystemrelease =~ /^[1-5]\..*/ { + if $::operatingsystem in ["CentOS","RedHat"] and $::operatingsystemrelease =~ /^[1-5]\..*/ { $seltype = "http_port_t" } else { $seltype = "puppet_port_t" @@ -547,7 +547,7 @@ class puppet::server::mongrel { require => Package["puppetmaster", "mongrel"], } - case $operatingsystem { + case $::operatingsystem { debian,ubuntu: { file { "/etc/default/puppetmaster": ensure => present, @@ -584,7 +584,7 @@ class puppet::server::apache { content => template("puppet/puppet-httpd.conf.erb"), http => false, } - case $operatingsystem { + case $::operatingsystem { debian,ubuntu: { include apache::mod::headers include apache::mod::proxy @@ -641,7 +641,7 @@ class puppet::opencollab { include wiki::opencollab package { "PyYAML": - name => $operatingsystem ? { + name => $::operatingsystem ? { debian => "python-yaml", ubuntu => "python-yaml", default => "PyYAML", @@ -658,7 +658,7 @@ class puppet::opencollab { content => "[creds]\nurl = ${puppet_opencollab_url}\nusername = ${puppet_opencollab_user}\npassword = ${puppet_opencollab_pass}\n", } - case $operatingsystem { + case $::operatingsystem { ubuntu: { $script = "/usr/local/bin/opencollab-puppet-uploader" } default: { $script = "/usr/bin/opencollab-puppet-uploader" } } diff --git a/puppet/templates/puppet-httpd.conf.erb b/puppet/templates/puppet-httpd.conf.erb index f75c9a0..ec03354 100644 --- a/puppet/templates/puppet-httpd.conf.erb +++ b/puppet/templates/puppet-httpd.conf.erb @@ -50,12 +50,7 @@ Listen 8140 # Proxy settings - - ForceType application/x-raw - RewriteEngine On - RewriteRule ^/production/file_content/files/(.+)$ /srv/puppet/files/common/$1 [L] - RewriteRule ^/production/file_content/modules/([^/]+)/files/(.+)$ /etc/puppet/modules/$1/files/$2 [L] RewriteRule ^/(.*)$ balancer://puppetmaster%{REQUEST_URI} [P,QSA,L] @@ -67,4 +62,3 @@ Listen 8140 SetEnv proxy-nokeepalive 1 - diff --git a/rsync/manifests/init.pp b/rsync/manifests/init.pp index 32fc6c1..aab2626 100644 --- a/rsync/manifests/init.pp +++ b/rsync/manifests/init.pp @@ -10,7 +10,7 @@ class rsync { } class rsync::run-rsync { - case $operatingsystem { + case $::operatingsystem { ubuntu: { package { "run-rsync": ensure => installed, } file { "/etc/run-rsync/RunRsyncConfig.pm": diff --git a/ruby/manifests/init.pp b/ruby/manifests/init.pp index e767508..0675811 100644 --- a/ruby/manifests/init.pp +++ b/ruby/manifests/init.pp @@ -44,7 +44,7 @@ class ruby::mysql { class ruby::rails { case $::operatingsystem { - "centos": { + "centos","redhat": { if $::operatingsystemrelease =~ /^[1-5]/ { package { "rubygem-rails": ensure => installed, @@ -78,18 +78,27 @@ class ruby::rails { # class ruby::rrd { - package { "ruby-rrd": - ensure => installed, - name => $::operatingsystem ? { - centos => $::operatingsystemrelease ? { + case $::operatingsystem { + "centos","redhat": { + $package = $::operatingsystemrelease ? { /^[1-5]/ => "ruby-RRDtool", default => "rrdtool-ruby", - }, - debian => regsubst($::rubyversion, '^([0-9]+\.[0-9]+)\..*', 'librrd-ruby\1'), - ubuntu => regsubst($::rubyversion, '^([0-9]+\.[0-9]+)\..*', 'librrd-ruby\1'), - openbsd => "ruby-rrd", - default => "ruby-RRDtool", - }, + } + } + "debian","ubuntu": { + $package = regsubst($::rubyversion, '^([0-9]+\.[0-9]+)\..*', 'librrd-ruby\1') + } + "openbsd": { + $package = "ruby-rrd" + } + default: { + $packaage = "ruby-RRDtool" + } + } + + package { "ruby-rrd": + ensure => installed, + name => $package, } } @@ -100,7 +109,7 @@ class ruby::rrd { class ruby::sqlite3 { case $::operatingsystem { - "centos": { + "centos","redhat": { if $::operatingsystemrelease =~ /^[1-5]/ { package { "rubygem-sqlite3-ruby": ensure => installed, diff --git a/samba/manifests/init.pp b/samba/manifests/init.pp index 06fb6ac..e1b42df 100644 --- a/samba/manifests/init.pp +++ b/samba/manifests/init.pp @@ -6,8 +6,8 @@ class samba::server { ensure => installed, } - case $operatingsystem { - openbsd: { + case $::operatingsystem { + "openbsd": { service { "nmbd": ensure => running, enable => true, @@ -25,8 +25,8 @@ class samba::server { subscribe => File["/etc/samba/smb.conf"], } } - centos: { - case $operatingsystemrelease { + "centos","redhat": { + case $::operatingsystemrelease { /^[1-5]\./: { service { "smb": ensure => running, @@ -49,7 +49,7 @@ class samba::server { } } } - fedora: { + "fedora": { service { [ "smb", "nmb" ]: ensure => running, enable => true, @@ -59,7 +59,7 @@ class samba::server { subscribe => File["/etc/samba/smb.conf"], } } - ubuntu: { + "ubuntu": { service { [ "smbd", "nmbd" ]: ensure => running, enable => true, @@ -70,7 +70,7 @@ class samba::server { } } default: { - fail("samba::server not supported in '${operatingsystem}'") + fail("samba::server not supported in '${::operatingsystem}'") } } @@ -80,7 +80,7 @@ class samba::server { "puppet:///files/samba/smb.conf", ], mode => "0644", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { openbsd => "wheel", default => "root", }, @@ -94,7 +94,7 @@ class samba::server { "puppet:///modules/samba/lmhosts", ], mode => "0644", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { openbsd => "wheel", default => "root", }, diff --git a/selinux/manifests/init.pp b/selinux/manifests/init.pp index 6671162..76e57f2 100644 --- a/selinux/manifests/init.pp +++ b/selinux/manifests/init.pp @@ -37,7 +37,7 @@ class selinux { notify => Exec["set-selinux-mode"], } - if $operatingsystem == "CentOS" and $operatingsystemrelease =~ /^[1-5]\./ { + if $::operatingsystem in ["CentOS","RedHat"] and $::operatingsystemrelease =~ /^[1-5]\./ { service { "setroubleshoot": ensure => $selinux_type ? { disabled => stopped, @@ -72,16 +72,16 @@ class selinux { # class selinux::tools { - case $operatingsystem { + case $::operatingsystem { "fedora": { $package = "policycoreutils-python" } - "centos": { - case $operatingsystemrelease { + "centos","redhat": { + case $::operatingsystemrelease { /^6/: { $package = "policycoreutils-python" } default: { $package = "policycoreutils" } } } default: { - fail("selinux::tools not supported on ${operatingsystem}") + fail("selinux::tools not supported on ${::operatingsystem}") } } @@ -272,7 +272,7 @@ class selinux::module::devel { include selinux::tools - if $::operatingsystem == "CentOS" { + if $::operatingsystem in ["CentOS","RedHat"] { if $::operatingsystemrelease =~ /^5\.[0-9]/ { package { "selinux-policy-devel": ensure => installed, diff --git a/sendmail/manifests/init.pp b/sendmail/manifests/init.pp index 59d9789..83f5046 100644 --- a/sendmail/manifests/init.pp +++ b/sendmail/manifests/init.pp @@ -6,7 +6,7 @@ class sendmail::common { $mail_domain = $domain } - if $operatingsystem != "OpenBSD" { + if $::operatingsystem != "OpenBSD" { package { "sendmail": ensure => installed, name => [ "sendmail", "sendmail-cf", ], @@ -18,8 +18,8 @@ class sendmail::common { } } - case $operatingsystem { - "centos","fedora": { + case $::operatingsystem { + "centos","redhat","fedora": { file { "/etc/sysconfig/sendmail": ensure => present, content => "DAEMON=no\nQUEUE=1h\n", @@ -48,20 +48,20 @@ class sendmail::client inherits sendmail::common { } file { "/etc/mail/submit.mc": - path => $operatingsystem ? { + path => $::operatingsystem ? { "openbsd" => "/usr/share/sendmail/cf/submit.mc", default => "/etc/mail/submit.mc", }, ensure => present, content => template("sendmail/submit.mc.erb", "sendmail/submit.mc.msp.erb"), owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { "openbsd" => "bin", default => "root", }, mode => "0644", notify => Exec["make submit.cf"], - require => $operatingsystem ? { + require => $::operatingsystem ? { "openbsd" => undef, default => Package["sendmail"], }, @@ -69,12 +69,12 @@ class sendmail::client inherits sendmail::common { exec { "make submit.cf": path => "/bin:/usr/bin:/sbin:/usr/sbin:/etc/mail", - cwd => $operatingsystem ? { + cwd => $::operatingsystem ? { "openbsd" => "/usr/share/sendmail/cf", default => "/etc/mail", }, refreshonly => true, - notify => $operatingsystem ? { + notify => $::operatingsystem ? { "openbsd" => undef, default => Service["sendmail"], }, @@ -83,13 +83,13 @@ class sendmail::client inherits sendmail::common { file { "/etc/mail/submit.cf": ensure => present, owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { "openbsd" => "wheel", "ubuntu" => "smmsp", default => "root", }, mode => "0644", - source => $operatingsystem ? { + source => $::operatingsystem ? { "openbsd" => "/usr/share/sendmail/cf/submit.cf", default => undef, }, @@ -140,8 +140,8 @@ class sendmail::server inherits sendmail::common { type => "sendmail_exec_t", } - case $operatingsystem { - "centos","fedora": { + case $::operatingsystem { + "centos","redhat","fedora": { File["/etc/sysconfig/sendmail"] { content => "DAEMON=yes\nQUEUE=1h\n", } @@ -179,7 +179,7 @@ class sendmail::server inherits sendmail::common { } file { "sendmail.mc": - name => $operatingsystem ? { + name => $::operatingsystem ? { "openbsd" => "/usr/share/sendmail/cf/sendmail.mc", default => "/etc/mail/sendmail.mc", }, @@ -191,11 +191,11 @@ class sendmail::server inherits sendmail::common { } exec { "make sendmail.cf": path => "/bin:/usr/bin:/sbin:/usr/sbin:/etc/mail", - cwd => $operatingsystem ? { + cwd => $::operatingsystem ? { "openbsd" => "/usr/share/sendmail/cf", default => "/etc/mail", }, - require => $operatingsystem ? { + require => $::operatingsystem ? { "openbsd" => undef, default => Package["sendmail"], }, @@ -206,7 +206,7 @@ class sendmail::server inherits sendmail::common { mode => "0644", owner => "root", group => "root", - source => $operatingsystem ? { + source => $::operatingsystem ? { "openbsd" => "/usr/share/sendmail/cf/sendmail.cf", default => undef, }, @@ -231,7 +231,7 @@ class sendmail::server inherits sendmail::common { file { "/etc/aliases": ensure => present, - name => $operatingsystem ? { + name => $::operatingsystem ? { "openbsd" => "/etc/mail/aliases", default => "/etc/aliases", }, diff --git a/sendmail/templates/sendmail.mc.erb b/sendmail/templates/sendmail.mc.erb index 05ec740..953485a 100644 --- a/sendmail/templates/sendmail.mc.erb +++ b/sendmail/templates/sendmail.mc.erb @@ -2,7 +2,7 @@ divert(-1)dnl dnl # dnl # This file is managed by puppet so hand editing is not recommended. dnl # -<% if ['CentOS','Fedora'].index(operatingsystem) -%> +<% if ['CentOS','RedHat','Fedora'].index(operatingsystem) -%> include(`/usr/share/sendmail-cf/m4/cf.m4')dnl <% elsif operatingsystem == 'Ubuntu' -%> include(`/usr/share/sendmail/cf/m4/cf.m4')dnl diff --git a/sendmail/templates/submit.mc.erb b/sendmail/templates/submit.mc.erb index b5409e4..4036ff0 100644 --- a/sendmail/templates/submit.mc.erb +++ b/sendmail/templates/submit.mc.erb @@ -15,7 +15,7 @@ divert(-1) # divert(0)dnl -<% if ['CentOS','Fedora'].index(operatingsystem) -%> +<% if ['CentOS','RedHat','Fedora'].index(operatingsystem) -%> include(`/usr/share/sendmail-cf/m4/cf.m4')dnl <% elsif operatingsystem == 'Ubuntu' -%> include(`/usr/share/sendmail/cf/m4/cf.m4')dnl @@ -31,7 +31,7 @@ define(`confDIRECT_SUBMISSION_MODIFIERS',`C')dnl <% if has_variable?('mail_domain') -%> define(`confDOMAIN_NAME', `<%= mail_domain %>')dnl <% end -%> -<% if ['CentOS','Fedora'].index(operatingsystem) -%> +<% if ['CentOS','RedHat','Fedora'].index(operatingsystem) -%> define(`confPID_FILE', `/var/run/sm-client.pid')dnl <% end -%> FEATURE(`use_ct_file')dnl diff --git a/ssh/manifests/init.pp b/ssh/manifests/init.pp index 84daeb8..68cfab0 100644 --- a/ssh/manifests/init.pp +++ b/ssh/manifests/init.pp @@ -6,7 +6,7 @@ class ssh::known_hosts { ensure => present, mode => "0644", owner => root, - group => $operatingsystem ? { + group => $::operatingsystem ? { OpenBSD => wheel, default => root, }, @@ -36,7 +36,7 @@ class ssh::hostkeys { source => "puppet:///private/ssh_host_dsa_key", mode => "0600", owner => root, - group => $operatingsystem ? { + group => $::operatingsystem ? { openbsd => wheel, default => root, }, @@ -46,7 +46,7 @@ class ssh::hostkeys { source => "puppet:///private/ssh_host_dsa_key.pub", mode => "0644", owner => root, - group => $operatingsystem ? { + group => $::operatingsystem ? { openbsd => wheel, default => root, }, @@ -57,7 +57,7 @@ class ssh::hostkeys { source => "puppet:///private/ssh_host_rsa_key", mode => "0600", owner => root, - group => $operatingsystem ? { + group => $::operatingsystem ? { openbsd => wheel, default => root, }, @@ -67,7 +67,7 @@ class ssh::hostkeys { source => "puppet:///private/ssh_host_rsa_key.pub", mode => "0644", owner => root, - group => $operatingsystem ? { + group => $::operatingsystem ? { openbsd => wheel, default => root, }, @@ -78,7 +78,7 @@ class ssh::hostkeys { source => "puppet:///private/ssh_host_key", mode => "0600", owner => root, - group => $operatingsystem ? { + group => $::operatingsystem ? { openbsd => wheel, default => root, }, @@ -88,7 +88,7 @@ class ssh::hostkeys { source => "puppet:///private/ssh_host_key.pub", mode => "0644", owner => root, - group => $operatingsystem ? { + group => $::operatingsystem ? { openbsd => wheel, default => root, }, @@ -124,7 +124,7 @@ class ssh::server { # class ssh::disable inherits ssh::server { - case $operatingsystem { + case $::operatingsystem { "ubuntu": { file { "/etc/init/ssh.conf": ensure => present, diff --git a/ssl/manifests/init.pp b/ssl/manifests/init.pp index 8f66843..53f42ed 100644 --- a/ssl/manifests/init.pp +++ b/ssl/manifests/init.pp @@ -4,7 +4,7 @@ class ssl { case $::operatingsystem { - "centos","fedora": { + "centos","redhat","fedora": { $certs = "/etc/pki/tls/certs" $private = "/etc/pki/tls/private" } diff --git a/sudo/manifests/init.pp b/sudo/manifests/init.pp index 3c3b322..8ff64f5 100644 --- a/sudo/manifests/init.pp +++ b/sudo/manifests/init.pp @@ -2,7 +2,7 @@ # class sudo { - if $operatingsystem != "OpenBSD" { + if $::operatingsystem != "OpenBSD" { package { "sudo": ensure => installed, before => File["/etc/sudoers.d"], @@ -13,7 +13,7 @@ class sudo { ensure => directory, mode => "0440", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { "openbsd" => "wheel", default => "root", }, @@ -27,7 +27,7 @@ class sudo { ensure => present, mode => "0440", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { "openbsd" => "wheel", default => "root", }, @@ -56,7 +56,7 @@ define sudo::sudoer($where="ALL", $as_whom="ALL", $what="ALL") { ensure => present, mode => "0440", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { "openbsd" => "wheel", default => "root", }, diff --git a/syslog/files/logarchiver.sh b/syslog/files/logarchiver.sh index 34aa9c8..84e3558 100755 --- a/syslog/files/logarchiver.sh +++ b/syslog/files/logarchiver.sh @@ -1,18 +1,21 @@ #!/bin/sh -ARCHIVEFILES="all.log" + LOGDIR="/srv/log" -DATE=`date +%Y-%m-%d` -YEAR=`date +%Y` -ARCHIVEDIR="/srv/log/archive/" #archivedlogs will be in this - #directory + $YEAR +ARCHIVE="${LOGDIR}/archive" + +DATE="`date +%Y-%m-%d`" +YEAR="`date +%Y`" + umask 027 -myerror(){ +myerror() +{ echo "Error: $*" 1>&2 exit 1 } -archive_log(){ +archive_log() +{ FILE="${1}" DEST="${2}" @@ -21,44 +24,54 @@ archive_log(){ else echo "Archiving file ${FILE} to ${DEST}" mv "${FILE}" "${DEST}" - touch ${FILE} + touch "${FILE}" LOGS="${LOGS} ${DEST}" fi } -restart_syslog(){ +restart_syslog() +{ for i in syslog.pid rsyslogd.pid syslogd.pid ; do - if [ -f "/var/run/$i" ]; then - PIDFILE="/var/run/$i" - break - fi + if [ -f "/var/run/$i" ]; then + PIDFILE="/var/run/$i" + break + fi done if [ "blah${PIDFILE}" = "blah" ]; then - myerror "Cannot find syslog pid file" 1>&2 + myerror "Cannot find syslog pid file" fi kill -HUP `cat ${PIDFILE}` } -archive(){ - [ -d ${LOGDIR} ] || myerror "No such direcroty: ${LOGDIR}" - [ -d "${ARCHIVEDIR}" ] || myerror "No such archive directory: ${ARCHIVEDIR}" - [ -d "${ARCHIVEDIR}/${YEAR}" ] || mkdir ${ARCHIVEDIR}/${YEAR} - ARCHIVEDIR="${ARCHIVEDIR}/${YEAR}" - - for logfile in ${ARCHIVEFILES} ; do - [ -f "${LOGDIR}/${logfile}" ] || myerror "File not found: ${logfile}" - archive_log "${LOGDIR}/${logfile}" "${ARCHIVEDIR}/${logfile}.${DATE}" - done - restart_syslog - for zipfile in ${ARCHIVEFILES} ; do - gzip -f "${ARCHIVEDIR}/${zipfile}.${DATE}" || myerror "Error while gzipping ${ARCHIVEDIR}/${zipfile}" - done -} -case "x$1" in - "x-v"|"x--verbose") - archive - ;; - *) - archive >> /dev/null - ;; -esac +[ $# -gt 0 ] || myerror "Usage: `basename $0` [file|dir] ..." + +[ -d ${LOGDIR} ] || myerror "Not a directory: ${LOGDIR}" + +while [ "$*" ]; do + if [ -f "${LOGDIR}/${1}" ]; then + dstdir=${ARCHIVE}/${YEAR} + dstfile=${dstdir}/`basename ${1}`.${DATE} + [ -d "${dstdir}" ] || mkdir -p ${dstdir} + archive_log ${LOGDIR}/${1} ${dstfile} + elif [ -d "${LOGDIR}/${1}" ]; then + for f in ${LOGDIR}/${1}/*.log; do + if [ -f "${f}" ]; then + dstdir=${ARCHIVE}/${1}/${YEAR} + dstfile=${dstdir}/`basename ${f}`.${DATE} + [ -d "${dstdir}" ] || mkdir -p ${dstdir} + archive_log ${f} ${dstfile} + else + echo "Skipping ${f}: not a file" 1>&2 + fi + done + else + echo "Skipping ${1}: not a file or directory" 1>&2 + fi + shift +done + +restart_syslog + +for log in ${LOGS}; do + gzip -f ${log} || myerror "Error while gzipping ${log}" +done diff --git a/syslog/manifests/init.pp b/syslog/manifests/init.pp index eef1e9f..635c989 100644 --- a/syslog/manifests/init.pp +++ b/syslog/manifests/init.pp @@ -14,7 +14,7 @@ class syslog::common { if !$syslog_type { case $::operatingsystem { - "centos": { + "centos","redhat": { $syslog_type = $::operatingsystemrelease ? { /^6/ => "rsyslog", default => "syslogd", @@ -212,8 +212,15 @@ class syslog::client::rsyslog { # $syslog_datadir: # Directory where to store logs. Defaults to /srv/log. # +# $syslog_rotate: +# Array of log files to rotate. Defaults to 'all.log'. +# class syslog::common::standalone inherits syslog::common { + if !$syslog_rotate { + $syslog_rotate = [ "all.log" ] + } + if $syslog_datadir { file { $syslog_datadir: ensure => directory, @@ -277,8 +284,9 @@ class syslog::common::standalone inherits syslog::common { default => "root", }, } + $syslog_rotate_files = inline_template('<%= syslog_rotate.join(" ") -%>') cron { "logarchiver.sh": - command => "/usr/local/sbin/logarchiver.sh", + command => "/usr/local/sbin/logarchiver.sh ${syslog_rotate_files} >/dev/null", user => "root", hour => 0, minute => 0, @@ -370,3 +378,31 @@ class syslog::server::rsyslog inherits syslog::client::rsyslog { } } + + +# Install syslog server with custom configuration. +# +class syslog::custom inherits syslog::common::standalone { + + case $syslog_type { + "syslogd": { fail("Server for \$syslog_type '$syslog_type' not yet supported.") } + "rsyslog": { include syslog::custom::rsyslog } + default: { fail("Unknown \$syslog_type '$syslog_type'") } + } + +} + + +# Install syslog server using rsyslog with custom configuration. +# +class syslog::custom::rsyslog inherits syslog::client::rsyslog { + + File["/etc/rsyslog.conf"] { + content => undef, + source => [ "puppet:///files/syslog/rsyslog.conf.${homename}", + "puppet:///files/syslog/rsyslog.conf", ], + require => [ File["/srv/log"], + File["/var/log/all.log"], ], + } + +} diff --git a/sysstat/manifests/init.pp b/sysstat/manifests/init.pp index 31faeb8..ab92399 100644 --- a/sysstat/manifests/init.pp +++ b/sysstat/manifests/init.pp @@ -6,14 +6,14 @@ class sysstat { } case $::operatingsystem { - ubuntu: { + "ubuntu": { file { "/etc/default/sysstat": ensure => present, source => "puppet:///modules/sysstat/sysstat.default", notify => Service["sysstat"], } } - centos,fedora: { + "centos","redhat","fedora": { } default: { fail("sysstat not supported on ${::operatingsystem}") diff --git a/tftp/manifests/init.pp b/tftp/manifests/init.pp index 808890d..ef5ad52 100644 --- a/tftp/manifests/init.pp +++ b/tftp/manifests/init.pp @@ -13,7 +13,7 @@ class tftp::server { ensure => directory, mode => "0755", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { openbsd => "wheel", default => "root", }, @@ -30,7 +30,7 @@ class tftp::server { ensure => directory, mode => "0755", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { "openbsd" => "wheel", default => "root", }, @@ -38,7 +38,7 @@ class tftp::server { } } - case $operatingsystem { + case $::operatingsystem { debian,fedora,ubuntu: { file { "/var/lib/tftpboot": ensure => link, @@ -70,9 +70,9 @@ class tftp::server { } } - if $operatingsystem != "OpenBSD" { + if $::operatingsystem != "OpenBSD" { package { "tftp-server": - name => $operatingsystem ? { + name => $::operatingsystem ? { ubuntu => "tftpd-hpa", debian => "tftpd-hpa", default => "tftp-server", @@ -81,7 +81,7 @@ class tftp::server { } } - case $operatingsystem { + case $::operatingsystem { "debian","ubuntu": { service { "tftpd-hpa": ensure => running, @@ -112,7 +112,14 @@ class tftp::server { include inetd::server inetd::service { "tftp": ensure => present, +<<<<<<< HEAD + require => $::operatingsystem ? { + "openbsd" => undef, + default => Package["tftp-server"], + }, +======= require => Package["tftp-server"], +>>>>>>> 7c4f9e6b94793caf3c9369cc0519eefddc54f7d0 } } } diff --git a/time/manifests/init.pp b/time/manifests/init.pp index 040291d..ba2c395 100644 --- a/time/manifests/init.pp +++ b/time/manifests/init.pp @@ -25,7 +25,7 @@ class time::zone { }, } - case $operatingsystem { + case $::operatingsystem { "centos","redhat": { file { "/etc/sysconfig/clock": ensure => present, diff --git a/user/manifests/init.pp b/user/manifests/init.pp index 6ec6e94..65e1880 100644 --- a/user/manifests/init.pp +++ b/user/manifests/init.pp @@ -6,13 +6,13 @@ class user::system { ensure => directory, mode => "0755", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { "openbsd" => "wheel", default => "root", }, } - if $operatingsystem == "ubuntu" { + if $::operatingsystem == "ubuntu" { file { "/sbin/nologin": ensure => link, target => "/usr/sbin/nologin", @@ -64,7 +64,7 @@ class user::system { gid => 802, comment => "Service Jabber", home => "/var/lib/ejabberd", - shell => $operatingsystem ? { + shell => $::operatingsystem ? { "ubuntu" => "/bin/sh", default => "/sbin/nologin", }, @@ -261,7 +261,7 @@ define user::newuser($uid, $gid, $comment, $home, $shell, $groups=undef, $requir shell => $shell, groups => $groups, require => $requiregroups, - notify => $operatingsystem ? { + notify => $::operatingsystem ? { OpenBSD => [ Exec["user-mod-${name}"], Exec["user-home-${name}"], ], default => undef, diff --git a/util/manifests/init.pp b/util/manifests/init.pp index f332321..84d7995 100644 --- a/util/manifests/init.pp +++ b/util/manifests/init.pp @@ -41,7 +41,7 @@ define util::extract::tar($source, $ensure=present, $strip=0, $preserve=false) { ensure => directory, mode => "0755", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { "openbsd" => "wheel", default => "root", }, @@ -53,7 +53,7 @@ define util::extract::tar($source, $ensure=present, $strip=0, $preserve=false) { bz2, tbz: { $cat = "bzcat" } } - $tar = $operatingsystem ? { + $tar = $::operatingsystem ? { "openbsd" => "gtar", default => "tar", } diff --git a/vim/manifests/init.pp b/vim/manifests/init.pp index bcd4022..54c9e64 100644 --- a/vim/manifests/init.pp +++ b/vim/manifests/init.pp @@ -6,6 +6,7 @@ class vim { package { "vim": name => $::operatingsystem ? { "centos" => "vim-enhanced", + "redhat" => "vim-enhanced", "fedora" => "vim-enhanced", default => "vim", }, diff --git a/vmware/manifests/guest.pp b/vmware/manifests/guest.pp index ed5d256..18ec4af 100644 --- a/vmware/manifests/guest.pp +++ b/vmware/manifests/guest.pp @@ -5,7 +5,7 @@ class vmware::guest { case $virtual { vmware: { - case $operatingsystem { + case $::operatingsystem { centos: { include vmware::guest::centos } } } diff --git a/vsroom/manifests/init.pp b/vsroom/manifests/init.pp index 229b607..8fec5c2 100644 --- a/vsroom/manifests/init.pp +++ b/vsroom/manifests/init.pp @@ -54,9 +54,9 @@ class vsroom::collab { # class vsroom::common { - case $operatingsystem { - centos: { - case $operatingsystemrelease { + case $::operatingsystem { + "centos","redhat": { + case $::operatingsystemrelease { /^5/: { Python::Setup::Install["/usr/local/src/vsroom"] { python => "python2.6", @@ -116,7 +116,7 @@ class vsroom::common { } } - $htdocs = $operatingsystem ? { + $htdocs = $::operatingsystem ? { "ubuntu" => "/usr/local/share/vsroom/htdocs", default => "/usr/share/vsroom/htdocs", } diff --git a/wiki/manifests/init.pp b/wiki/manifests/init.pp index 8a23cf6..e021e56 100644 --- a/wiki/manifests/init.pp +++ b/wiki/manifests/init.pp @@ -50,7 +50,7 @@ class wiki::moin { require => Util::Patch["/usr/local/src/moin"], } - $shared = $operatingsystem ? { + $shared = $::operatingsystem ? { "ubuntu" => "/usr/local/share/moin", default => "/usr/share/moin", } @@ -83,7 +83,7 @@ class wiki::graphingwiki::common { ensure => directory, mode => "0644", owner => "root", - group => $operatingsystem ? { + group => $::operatingsystem ? { "openbsd" => "wheel", default => "root", }, @@ -364,7 +364,7 @@ class wiki::collab::base { cron { "collab-htaccess": ensure => present, - command => $operatingsystem ? { + command => $::operatingsystem ? { ubuntu => "/usr/local/bin/collab-htaccess", default => "/usr/bin/collab-htaccess", }, @@ -415,7 +415,7 @@ class wiki::collab::ramcache { dump => "0", pass => "0", require => File["/srv/wikis/collab/cache"], - before => $operatingsystem ? { + before => $::operatingsystem ? { "ubuntu" => Service["apache2"], default => Service["httpsd"], }, @@ -451,7 +451,7 @@ define wiki::collab::package($source, $config="/srv/wikis/collab/wikis/collab/co user => "collab", path => "/bin:/usr/bin:/sbin:/usr/sbin", environment => "PYTHONPATH=${config}", - command => "/bin/sh -c 'umask 007; python ${::pythonsitedir}/MoinMoin/packages.py i /usr/local/src/${name}'", + command => "/bin/sh -c 'umask 007; python ${::pythonsitedir}/MoinMoin/packages.py -u collab i /usr/local/src/${name}'", refreshonly => true, require => Exec["collab-account-create -f -r collab"] } diff --git a/yum/manifests/init.pp b/yum/manifests/init.pp index ed8bff5..995bc96 100644 --- a/yum/manifests/init.pp +++ b/yum/manifests/init.pp @@ -45,19 +45,26 @@ class yum::cron::download { } + # Install changelog plugin # class yum::plugin::changelog { - package { "yum-plugin-changelog": - ensure => installed, - name => $operatingsystem ? { - "centos" => $operatingsystemrelease ? { + case $::operatingsystem { + "centos","redhat": { + $package = $::operatingsystemrelease ? { /^[1-5]/ => "yum-changelog", default => "yum-plugin-changelog", - }, - default => "yum-plugin-changelog", - }, + } + } + default: { + $package = "yum-plugin-changelog" + } + } + + package { "yum-plugin-changelog": + ensure => installed, + name => $package, } } @@ -67,15 +74,21 @@ class yum::plugin::changelog { # class yum::plugin::downloadonly { - package { "yum-plugin-downloadonly": - ensure => installed, - name => $operatingsystem ? { - "centos" => $operatingsystemrelease ? { + case $::operatingsystem { + "centos","redhat": { + $package = $::operatingsystemrelease ? { /^[1-5]/ => "yum-downloadonly", default => "yum-plugin-downloadonly", - }, - default => "yum-plugin-downloadonly", - }, + } + } + default: { + $package = "yum-plugin-downloadonly" + } + } + + package { "yum-plugin-downloadonly": + ensure => installed, + name => $package, } } @@ -85,14 +98,14 @@ class yum::plugin::downloadonly { # class yum::common { - case $operatingsystem { + case $::operatingsystem { "fedora": { $osname = "fedora" - $osver = $operatingsystemrelease + $osver = $::operatingsystemrelease } - "centos": { + "centos","redhat": { $osname = "el" - $osver = regsubst($operatingsystemrelease, '^(\d+)\..*$', '\1') + $osver = regsubst($::operatingsystemrelease, '^(\d+)\..*$', '\1') } } @@ -234,8 +247,8 @@ class yum::repo::centos-cr { tag("bootstrap") - if $operatingsystem != "CentOS" { - fail("CentOS CR repository not supported in ${operatingsystem}") + if $::operatingsystem != "CentOS" { + fail("CentOS CR repository not supported in ${::operatingsystem}") } package { "centos-release-cr": @@ -442,7 +455,7 @@ class yum::repo::puppetlabs { "fedora": { $dir = "fedora/f\$releasever/products/\$basearch" } - "centos": { + "centos","redhat": { $dir = "el/\$releasever/products/\$basearch" } default: {