Merge branch 'master' of https://bitbucket.org/tmakinen/puppet

kerberos/templates/keytab.erb

@@ -7,8 +7,8 @@ require 'tempfile'
 
 config = {}
 config['cachedir'] = '/var/cache/puppet'
-config['kadmin'] = '/usr/kerberos/sbin/kadmin'
-config['klist'] = '/usr/kerberos/bin/klist'
+config['kadmin'] = '/usr/bin/kadmin'
+config['klist'] = '/usr/bin/klist'
 
 
 # set global vars

ldap/manifests/init.pp

@@ -486,7 +486,7 @@ class ldap::server {
     }
 
     exec { "slaptest":
-        command     => "slaptest",
+        command     => "slaptest -f ${config}/slapd.conf",
         path        => "/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin",
         refreshonly => true,
         require     => File["${config}/slapd.conf.d"],

logwatch/manifests/init.pp

@@ -1,5 +1,10 @@
 # Install logwatch.
 #
+# === Global variables
+#
+#   $logwatch_mailto
+#       Logwatch mail recipient.
+#
 class logwatch {
 
     case $::kernel {
@@ -13,4 +18,15 @@ class logwatch {
         }
     }
 
+    if $logwatch_mailto {
+        file { "/etc/logwatch/conf/logwatch.conf":
+            ensure  => present,
+            mode    => "0644",
+            owner   => "root",
+            group   => "root",
+            content => "MailTo = ${logwatch_mailto}\n",
+            require => Package["logwatch"],
+        }
+    }
+
 }

minidlna/manifests/init.pp

@@ -0,0 +1,24 @@
+
+class minidlna($name="", $audiodir="", $videodir="", $photodir="") {
+
+    package { "minidlna":
+        ensure => installed,
+    }
+
+    file { "minidlna.conf":
+        ensure  => present,
+        path    => "/etc/minidlna.conf",
+        content => template("minidlna/minidlna.conf.erb"),
+        mode    => "0644",
+        owner   => "root",
+        group   => "root",
+        require => Package["minidlna"],
+        notify  => Service["minidlna"],
+    }
+
+    service { "minidlna":
+        ensure => running,
+        enable => true,
+    }
+
+}

minidlna/templates/minidlna.conf.erb

@@ -0,0 +1,69 @@
+# port for HTTP (descriptions, SOAP, media transfer) traffic
+port=8200
+
+# network interfaces to serve, comma delimited
+#network_interface=eth0
+
+# set this to the directory you want scanned.
+# * if have multiple directories, you can have multiple media_dir= lines
+# * if you want to restrict a media_dir to a specific content type, you
+#   can prepend the type, followed by a comma, to the directory:
+#   + "A" for audio  (eg. media_dir=A,/home/jmaggard/Music)
+#   + "V" for video  (eg. media_dir=V,/home/jmaggard/Videos)
+#   + "P" for images (eg. media_dir=P,/home/jmaggard/Pictures)
+<% if audiodir != '' %>media_dir=A,<%= audiodir %><% end -%>
+<% if videodir != '' %>media_dir=V,<%= videodir %><% end -%>
+<% if photodir != '' %>media_dir=P,<%= photodir %><% end -%>
+
+# set this if you want to customize the name that shows up on your clients
+friendly_name=<% if name == '' %>MiniDLNA<% else %><%= name %><% end %>
+
+# set this if you would like to specify the directory where you want MiniDLNA to store its database and album art cache
+db_dir=/var/cache/minidlna
+
+# set this if you would like to specify the directory where you want MiniDLNA to store its log file
+log_dir=/var/log/minidlna
+
+# set this to change the verbosity of the information that is logged
+# each section can use a different level: off, fatal, error, warn, info, or debug
+#log_level=general,artwork,database,inotify,scanner,metadata,http,ssdp,tivo=warn
+
+# this should be a list of file names to check for when searching for album art
+# note: names should be delimited with a forward slash ("/")
+album_art_names=Cover.jpg/cover.jpg/AlbumArtSmall.jpg/albumartsmall.jpg/AlbumArt.jpg/albumart.jpg/Album.jpg/album.jpg/Folder.jpg/folder.jpg/Thumb.jpg/thumb.jpg
+
+# set this to no to disable inotify monitoring to automatically discover new files
+# note: the default is yes
+inotify=yes
+
+# set this to yes to enable support for streaming .jpg and .mp3 files to a TiVo supporting HMO
+enable_tivo=no
+
+# set this to strictly adhere to DLNA standards.
+# * This will allow server-side downscaling of very large JPEG images,
+#   which may hurt JPEG serving performance on (at least) Sony DLNA products.
+strict_dlna=no
+
+# default presentation url is http address on port 80
+#presentation_url=http://www.mylan/index.php
+
+# notify interval in seconds. default is 895 seconds.
+notify_interval=900
+
+# serial and model number the daemon will report to clients
+# in its XML description
+serial=<%= scope.function_fqdn_rand(['10000000', '99999999']) %>
+model_number=1
+
+# specify the path to the MiniSSDPd socket
+#minissdpdsocket=/var/run/minissdpd.sock
+
+# use different container as root of the tree
+# possible values:
+#   + "." - use standard container (this is the default)
+#   + "B" - "Browse Directory"
+#   + "M" - "Music"
+#   + "V" - "Video"
+#   + "P" - "Pictures"
+# if you specify "B" and client device is audio-only then "Music/Folders" will be used as root
+#root_container=.

mirror/files/sync-mirrors

@@ -0,0 +1,103 @@
+#!/bin/bash
+
+LOCKFILE=/var/run/sync-mirrors/lockfile
+LOGFILE=/var/log/sync-mirrors/sync-mirrors-`date +%Y%m%d%H%M%S`.log
+CONFDIR=/etc/sync-mirrors
+
+usage() {
+    echo "Usage: `basename $0` [-v] [mirror]" 1>&2
+    echo "       `basename $0` -l" 1>&2
+}
+
+if [ -d ${CONFDIR} ]; then
+    MIRRORLIST=`ls ${CONFDIR}/*.conf 2> /dev/null | while read f ; \
+        do basename $f | sed -e 's/\.conf$//' ; done`
+    if [ "${MIRRORLIST}" = "" ]; then
+        echo "ERR: No configured mirrors found" 1>&2
+        exit 1
+    fi
+else
+    echo "ERR: Config directory [${CONFDIR}] missing" 1>&2
+    exit 1
+fi
+
+VERBOSE=0
+EXTRA_OPTS=""
+while getopts "vhl" c ; do
+    case $c in
+	v)
+	    VERBOSE=1
+	    EXTRA_OPTS="-v --progress"
+	    ;;
+	h)
+	    usage
+	    exit 1
+	    ;;
+	l)
+	    echo "Available mirrors:"
+            for name in ${MIRRORLIST} ; do
+		echo "  ${name}"
+	    done
+	    exit 0
+	    ;;
+    esac
+done
+
+shift `expr $OPTIND - 1`
+
+if [ $# -gt 0 ]; then
+    for mirror in $* ; do
+        if [ ! -f ${CONFDIR}/$1.conf ]; then
+            echo "ERR: No mirror named [$1]" 1>&2
+            exit 1
+        fi
+        SYNC="${MIRRORS} $1"
+        shift
+    done
+else
+    SYNC=${MIRRORLIST}
+fi
+
+if [ `whoami` != mirror ]; then
+    echo "ERR: Script needs to be run as mirror user" 1>&2
+    exit 1
+fi
+
+umask 022
+
+if [ -f ${LOCKFILE} ]; then
+    kill -0 `cat ${LOCKFILE}`
+    if [ $? -ne 1 ]; then
+	which stat > /dev/null 2>&1
+	if [ $? -eq 0 ]; then
+	    STARTED=" (`stat ${LOCKFILE} | sed -n 's/^Modify: \(.*\)/\1/p'`)"
+	else
+	    STARTED=""
+	fi
+        echo "ERR: Lockfile exists${STARTED}, exiting" 1>&2
+        exit 1
+    else
+        echo "WARN: Removing stale lock file..." 1>&2
+        rm -f ${LOCKFILE}
+    fi
+fi
+trap "rm -f ${LOCKFILE}" INT TERM EXIT
+echo $$ > ${LOCKFILE}
+
+for mirror in ${SYNC} ; do
+    SRC=""
+    RSYNCOPTS=""
+    . ${CONFDIR}/${mirror}.conf
+    if [ "${SRC}" = "" ]; then
+        echo "ERR: No SRC set for mirror ${mirror} ..." 1>&2
+        exit 1
+    fi
+    [ ${VERBOSE} -eq 1 ] && echo "Starting ${mirror} sync ..."
+    echo "`date '+%Y/%m/%d %H:%M:%S'` [$$] Starting ${mirror} sync ..." \
+        >> ${LOGFILE}
+    rsync -aH -4 ${EXTRA_OPTS} --numeric-ids --delete --delete-after \
+        --delay-updates --no-motd ${RSYNCOPTS} --log-file=${LOGFILE} \
+        ${SRC} /srv/mirrors/${mirror}/
+done
+
+rm -f ${LOCKFILE}

mirror/manifests/init.pp

@@ -0,0 +1,185 @@
+
+# Install mirroring scripts
+#
+# === Parameters
+#
+#   $datadir:
+#       Directory for mirrored data. Defaults to /srv/mirrors
+#
+class mirror($datadir = "/srv/mirrors") {
+
+    include user::system
+    realize(User["mirror"], Group["mirror"])
+
+    if $datadir != "/srv/mirrors" {
+        file { "/srv/mirrors":
+            ensure  => link,
+            target  => $datadir,
+            owner   => "root",
+            group   => "root",
+            seltype => "httpd_sys_content_t",
+            before  => File[$datadir],
+        }
+        selinux::manage_fcontext { "/srv/mirrors(/.*)?":
+            type   => "httpd_sys_content_t",
+            before => File["/srv/mirrors"],
+        }
+    }
+    file { $datadir:
+        ensure  => directory,
+        mode    => "0755",
+        owner   => "root",
+        group   => "root",
+        seltype => "httpd_sys_content_t",
+    }
+    selinux::manage_fcontext { "${datadir}(/.*)?":
+        type   => "httpd_sys_content_t",
+        before => File[$datadir],
+    }
+
+    file { "/etc/sync-mirrors":
+        ensure  => directory,
+        mode    => "0755",
+        owner   => "root",
+        group   => "root",
+        recurse => true,
+        purge   => true,
+    }
+
+    file { [ "/var/run/sync-mirrors", "/var/log/sync-mirrors", ]:
+        ensure  => directory,
+        mode    => "0755",
+        owner   => "mirror",
+        group   => "mirror",
+        before  => Cron["sync-mirrors"],
+        require => User["mirror"],
+    }
+
+    file { "/usr/local/bin/sync-mirrors":
+        ensure => present,
+        source => "puppet:///modules/mirror/sync-mirrors",
+        mode   => "0755",
+        owner  => "root",
+        group  => "root",
+    }
+    cron { "sync-mirrors":
+        command => "/usr/local/bin/sync-mirrors",
+        user    => "mirror",
+        hour    => [ 0, 6, 12, 18, ],
+        minute  => 0,
+        require => [ File["/usr/local/bin/sync-mirrors"], User["mirror"], ],
+    }
+
+}
+
+
+# Create new mirror
+#
+# === Parameters:
+#
+#   $name:
+#       Mirror name
+#
+#   $source:
+#       Rsync path from where to sync mirror
+#
+#   $rsync_options:
+#       Extra options for rsync
+#
+# === Sample usage:
+#
+# mirrors::mirror { "centos":
+#     source => "rsync://rsync.nic.funet.fi/ftp/pub/mirrors/centos.org/",
+#     rsync_options => [
+#       "--exclude=SRPMS",
+#       "--exclude=debug",
+#       "--exclude=isos",
+#     ],
+# }
+#
+define mirror::mirror($source, $rsync_options=[]) {
+
+    require mirror
+
+    file { "/etc/sync-mirrors/${name}.conf":
+        ensure  => present,
+        content => template("mirror/mirror.conf.erb"),
+        mode    => "0644",
+        owner   => "root",
+        group   => "root",
+        require => File["/srv/mirrors/${name}"],
+    }
+
+    file { "/srv/mirrors/${name}":
+        ensure  => directory,
+        owner   => "mirror",
+        group   => "mirror",
+        seltype => "httpd_sys_content_t",
+    }
+
+}
+
+
+# Run weekly hardlinking for mirrored data
+#
+class mirror::hardlink {
+
+    require mirror
+
+    package { "hardlink":
+        ensure => installed,
+    }
+    cron { "hardlink-mirrors-weekly":
+        command => "/usr/sbin/hardlink /srv/mirrors/",
+        user    => "mirror",
+        hour    => 4,
+        minute  => 0,
+        weekday => 0,
+    }
+
+}
+
+
+# Install Fedora mirror reporting tool
+#
+# https://fedoraproject.org/wiki/Infrastructure/Mirroring
+#
+# === Parameters:
+#
+#   $sitename:
+#       Site name configured to mirrormanager
+#
+#   $password:
+#       Site password configured to mirrormanager
+#
+#   $hostname:
+#       Host name configured to mirrormanager
+#
+#   $mirrors:
+#       Components mirrored to this hosts
+#
+# === Sample usage:
+#
+# mirrors::reportmirror {
+#     sitename => "foo.sh"
+#     password => "secret",
+#     hostname => "mirrors.foo.sh",
+#     mirrors  => [ "fedora", "epel", ],
+# }
+#
+class mirror::reportmirror($sitename, $password, $hostname, $mirrors=[]) {
+
+    package { "mirrormanager-client":
+        ensure => installed,
+    }
+
+    file { "/etc/mirrormanager-client/report_mirror.conf":
+        ensure  => present,
+        content => template("mirror/report_mirror.conf.erb"),
+        mode    => "0640",
+        owner   => "root",
+        group   => "mirror",
+        require => [ Package["mirrormanager-client"], Group["mirror"], ],
+    }
+
+}

mirror/templates/mirror.conf.erb

@@ -0,0 +1,2 @@
+SRC="<%= source %>"
+RSYNCOPTS="<%= rsync_options.join(' ') %>"

mirror/templates/report_mirror.conf.erb

@@ -0,0 +1,96 @@
+[global]
+# if enabled=0, no data is sent to the database
+enabled=1
+# server= is the URL to the MirrorManager XML-RPC interface
+server=https://admin.fedoraproject.org/mirrormanager/xmlrpc
+
+
+[site]
+# if enabled=0, no data about this site is sent to the database
+enabled=1
+# Name and Password fields need to match the Site name and password
+# fields you entered for your Site in the MirrorManager database at
+# https://admin.fedoraproject.org/mirrormanager
+name=<%= sitename %>
+password=<%= password %>
+
+[host]
+# if enabled=0, no data about this host is sent to the database
+enabled=1
+# Name field need to match the Host name field you entered for your
+# Host in the MirrorManager database at
+# https://admin.fedoraproject.org/mirrormanager
+name=<%= hostname %>
+# if user_active=0, no data about this category is given to the public
+# This can be used to toggle between serving and not serving data,
+# such enabled during the nighttime (when you have more idle bandwidth
+# available) and disabled during the daytime.
+# By not specifying user_active, the database will not be updated.
+# user_active=1
+
+[stats]
+# Stats are only sent when run with the -s option
+# and when this section is enabled.
+# This feature is not presently implemented
+enabled=0
+apache=/var/log/httpd/access_log
+vsftpd=/var/log/vsftpd.log
+# remember to enable log file and transfer logging in rsyncd.conf
+rsyncd=/var/log/rsyncd.log
+
+
+# Content Categories
+# These sections match the Categories for content tracked by MirrorManager.
+#
+# enabled=1 means information about this category will be sent to the database.
+# enabled=0, no data about this host is sent to the database.  If the
+# database already has information for you for this Category, it will
+# remain unchanged.  This can be used to update the database after you
+# have manually synced some infrequently-updated content, such as
+# historical releases.
+#
+# path= is the path on your local disk to the top-level directory for this Category
+
+[Fedora Linux]
+<% if mirrors.include?('fedora') -%>
+enabled=1
+<% else -%>
+enabled=0
+<% end -%>
+path=/srv/mirrors/fedora
+
+[Fedora EPEL]
+<% if mirrors.include?('epel') -%>
+enabled=1
+<% else -%>
+enabled=0
+<% end -%>
+path=/srv/mirrors/fedora-epel
+
+# lesser used categories below
+
+[Fedora Web]
+enabled=0
+path=/var/www/html/pub/fedora/web
+
+[Fedora Secondary Arches]
+enabled=0
+path=/var/www/html/pub/fedora-secondary
+
+[Fedora Other]
+enabled=0
+path=/var/www/html/pub/alt
+
+# historical content
+
+[Fedora Core]
+enabled=0
+path=/var/www/html/pub/fedora/linux/core
+
+[Fedora Extras]
+enabled=0
+path=/var/www/html/pub/fedora/linux/extras
+
+[Fedora Archive]
+enabled=0
+path=/var/www/html/pub/fedora-archive

mythtv/templates/mythweb.conf.erb

@@ -199,7 +199,7 @@ Alias /mythweb/ "/usr/share/mythweb/"
 </Directory>
 
 <Directory "/usr/share/mythweb/data">
-    Options -All +FollowSymLinks +IncludesNoExec
+    Options FollowSymLinks IncludesNoExec
 </Directory>
 
 # You will probably also want to uncomment the following rules, which

resolver/manifests/init.pp

@@ -0,0 +1,31 @@
+# Class: resolver
+#
+# This class handles configuring /etc/resolv.conf
+#
+# Parameters:
+#       $domainname: The default domain
+#
+#       $searchpath: Array of domains to search
+#
+#       $nameservers: List of nameservers to search
+#
+# Actions:
+#       Configures the /etc/resolv.conf file according to parameters
+#
+# Requires:
+#
+# Sample Usage:
+#       class { 'resolver':
+#               domainname  => "mydomain",
+#               searchpath  => ['mydomain', 'test.mydomain'],
+#               nameservers => ['192.168.1.100', '192.168.1.101', '192.168.1.102'],
+#       }
+#
+class resolver($domainname = "", $searchpath = "", $nameservers ) {
+        file { "/etc/resolv.conf":
+                owner   => root,
+                group   => root,
+                mode    => 644,
+                content => template("resolver/resolv.conf.erb"),
+        }
+}

resolver/templates/resolv.conf.erb

@@ -0,0 +1,6 @@
+<% if !domainname.empty? %>domain <%= domainname %>
+<% end -%>
+<% if !searchpath.empty? %>search <%= searchpath.join(" ") %>
+<% end -%>
+<% nameservers.each do |ns| %>nameserver <%= ns %>
+<% end -%>

sendmail/manifests/init.pp

@@ -363,6 +363,7 @@ class sendmail::server inherits sendmail::common {
         mode   => "0644",
         owner  => "root",
         group  => "root",
+        notify => Service["sendmail"],
     }
 
 }

user/manifests/init.pp

@@ -290,6 +290,21 @@ class user::system {
         require => Group["murmur"],
     }
 
+    # Mirrors
+    @group { "mirror":
+        ensure => present,
+        gid    => 820,
+    }
+    @user { "mirror":
+        ensure  => present,
+        uid     => 820,
+        gid     => 820,
+        comment => "Service Mirror",
+        home    => "/var/empty",
+        shell   => "/sbin/nologin",
+        require => Group["mirror"],
+    }
+
 }
 
 

vsroom/manifests/init.pp

@@ -92,31 +92,6 @@ class vsroom::common {
     }
     python::setup::install { "/usr/local/src/vsroom": }
 
-    include user::system
-    realize(User["vsroom"], Group["vsroom"])
-
-    if $vsroom_datadir {
-        file { $vsroom_datadir:
-            ensure  => directory,
-            mode    => "2750",
-            owner   => "root",
-            group   => "vsroom",
-        }
-
-        file { "/var/lib/vsroom":
-            ensure  => link,
-            target  => $vsroom_datadir,
-            require => File[$vsroom_datadir],
-        }
-    } else {
-        file { "/var/lib/vsroom":
-            ensure  => directory,
-            mode    => "2750",
-            owner   => "root",
-            group   => "vsroom",
-        }
-    }
-
     $htdocs = $::operatingsystem ? {
         "ubuntu" => "/usr/local/share/vsroom/htdocs",
         default  => "/usr/share/vsroom/htdocs",