tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ejabberd: Lint fixes

Browse source
This commit is contained in:
Ossi Salmi 2015-06-23 17:30:01 +03:00
parent 4a4c5fe9b2
commit ea49680a0f
1 changed files with 268 additions and 266 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

534
ejabberd/manifests/init.pp
View file

@ -2,286 +2,286 @@
# #
# === Parameters # === Parameters
# #
# $collab: # $collab:
# Boolean for enabling collab integration. Defaults to false. # Boolean for enabling collab integration. Defaults to false.
# #
# $package: # $package:
# Ejabberd package source. Required for collab integration. # Ejabberd package source. Required for collab integration.
# #
# $hosts: # $hosts:
# Array of domains serverd by ejabberd. Defaults to [ "$homename" ]. # Array of domains serverd by ejabberd. Defaults to [ "$homename" ].
# #
# $admins: # $admins:
# Array of users with admin privileges. # Array of users with admin privileges.
# #
# $webhosts: # $webhosts:
# Array of BOSH virtual hosts. # Array of BOSH virtual hosts.
# #
# $auth: # $auth:
# Authentication method or array of multiple methods. # Authentication method or array of multiple methods.
# Valid values internal, external or ldap. Defaults to internal. # Valid values internal, external or ldap. Defaults to internal.
# #
# $extauth: # $extauth:
# Path to external authentication command. # Path to external authentication command.
# #
# $muclog_datadir: # $muclog_datadir:
# Path where to store chatroom logs. Disabled by default. # Path where to store chatroom logs. Disabled by default.
# #
# $muclog_format: # $muclog_format:
# Chatroom log format. Valid values html or plaintext. # Chatroom log format. Valid values html or plaintext.
# #
# $ssl_key: # $ssl_key:
# Path to SSL private key. # Path to SSL private key.
# #
# $ssl_cert: # $ssl_cert:
# Path to SSL certificate. # Path to SSL certificate.
# #
# $ssl_chain: # $ssl_chain:
# Path to SSL certificate chain. # Path to SSL certificate chain.
# #
# $ldap_server: # $ldap_server:
# Array of LDAP authentication servers. # Array of LDAP authentication servers.
# #
# $ldap_basedn: # $ldap_basedn:
# LDAP base dn. # LDAP base dn.
# #
# $ldap_encrypt: # $ldap_encrypt:
# LDAP encryption. Defaults to "tls". # LDAP encryption. Defaults to "tls".
# #
# $ldap_port: # $ldap_port:
# LDAP port. Defaults to 636. # LDAP port. Defaults to 636.
# #
# $ldap_uid: # $ldap_uid:
# LDAP UID attribute. Defaults to "uid". # LDAP UID attribute. Defaults to "uid".
# #
# $ldap_rootdn: # $ldap_rootdn:
# Optional bind DN. # Optional bind DN.
# #
# $ldap_password: # $ldap_password:
# Bind DN password. # Bind DN password.
# #
class ejabberd( class ejabberd(
$collab=false, $collab=false,
$package=undef, $package=undef,
$hosts=[$::homename], $hosts=[$::homename],
$admins=[], $admins=[],
$webhosts=undef, $webhosts=undef,
$auth="internal", $auth='internal',
$extauth=undef, $extauth=undef,
$muclog_datadir=undef, $muclog_datadir=undef,
$muclog_format="plaintext", $muclog_format='plaintext',
$ssl_key="${::puppet_ssldir}/private_keys/${::homename}.pem", $ssl_key="${::puppet_ssldir}/private_keys/${::homename}.pem",
$ssl_cert="${::puppet_ssldir}/certs/${::homename}.pem", $ssl_cert="${::puppet_ssldir}/certs/${::homename}.pem",
$ssl_chain=undef, $ssl_chain=undef,
$ldap_server=undef, $ldap_server=undef,
$ldap_basedn=undef, $ldap_basedn=undef,
$ldap_encrypt="tls", $ldap_encrypt='tls',
$ldap_port="636", $ldap_port='636',
$ldap_uid="uid", $ldap_uid='uid',
$ldap_rootdn=undef, $ldap_rootdn=undef,
$ldap_password=undef $ldap_password=undef
) { ) {
include user::system include user::system
realize(User["ejabberd"], Group["ejabberd"]) realize(User['ejabberd'], Group['ejabberd'])
if ! ($muclog_format in [ "html", "plaintext" ]) { if ! ($muclog_format in [ 'html', 'plaintext' ]) {
fail("Invalid value ${muclog_format} for muclog_format") fail("Invalid value ${muclog_format} for muclog_format")
}
case $::operatingsystem {
'centos','redhat','fedora': {
$package_provider = 'rpm'
}
'debian','ubuntu': {
$package_provider = 'dpkg'
}
default: {
fail("ejabberd not supported on ${::operatingsystem}.")
}
}
if $package and versioncmp($package, 'ejabberd-13.10') >= 0 {
if $::operatingsystem != 'CentOS' {
fail("ejabberd ${package} not supported on ${::operatingsystem}")
}
$config = 'ejabberd.yml'
$erlang_solutions = true
} else {
$config = 'ejabberd.cfg'
$erlang_solutions = false
}
class { 'erlang':
erlang_solutions => $erlang_solutions,
before => Package['ejabberd'],
}
if $collab == true {
if ! $package {
fail('Must define package for collab integration')
} }
case $::operatingsystem { file { "/usr/local/src/${package}":
"centos","redhat","fedora": { ensure => present,
$package_provider = "rpm" mode => '0644',
} owner => 'root',
"debian","ubuntu": { group => 'root',
$package_provider = "dpkg" source => "puppet:///files/packages/${package}",
} before => Package['ejabberd'],
default: {
fail("ejabberd not supported on ${::operatingsystem}.")
}
} }
if $package and versioncmp($package, "ejabberd-13.10") >= 0 { Package['ejabberd'] {
if $::operatingsystem != 'CentOS' { provider => $package_provider,
fail("ejabberd ${package} not supported on ${::operatingsystem}") source => "/usr/local/src/${package}",
}
$config = "ejabberd.yml"
$erlang_solutions = true
} else {
$config = "ejabberd.cfg"
$erlang_solutions = false
} }
class { "erlang": exec { 'usermod-ejabberd':
erlang_solutions => $erlang_solutions, path => '/bin:/usr/bin:/sbin:/usr/sbin',
before => Package["ejabberd"], command => 'usermod -a -G collab ejabberd',
unless => "id -n -G ejabberd | grep '\\bcollab\\b'",
require => [ User['ejabberd'], Group['collab'] ],
notify => Service['ejabberd'],
} }
if $collab == true { Service['ejabberd'] {
if ! $package { require => Class['wiki::collab'],
fail("Must define package for collab integration")
}
file { "/usr/local/src/${package}":
ensure => present,
mode => "0644",
owner => "root",
group => "root",
source => "puppet:///files/packages/${package}",
before => Package["ejabberd"],
}
Package["ejabberd"] {
provider => $package_provider,
source => "/usr/local/src/${package}",
}
exec { "usermod-ejabberd":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "usermod -a -G collab ejabberd",
unless => "id -n -G ejabberd | grep '\\bcollab\\b'",
require => [ User["ejabberd"], Group["collab"] ],
notify => Service["ejabberd"],
}
Service["ejabberd"] {
require => Class["wiki::collab"],
}
if $muclog_datadir {
file { $muclog_datadir:
ensure => directory,
mode => "2770",
owner => "collab",
group => "collab",
require => User["collab"],
before => Service["ejabberd"],
}
}
} }
package { "ejabberd": if $muclog_datadir {
ensure => $collab ? { file { $muclog_datadir:
true => latest, ensure => directory,
default => installed, mode => '2770',
}, owner => 'collab',
require => [ User["ejabberd"], Group["ejabberd"] ], group => 'collab',
require => User['collab'],
before => Service['ejabberd'],
}
}
}
package { 'ejabberd':
ensure => $collab ? {
true => latest,
default => installed,
},
require => [ User['ejabberd'], Group['ejabberd'] ],
}
service { 'ejabberd':
ensure => running,
enable => true,
status => 'ejabberdctl status >/dev/null',
}
include ssl
file { "${ssl::private}/ejabberd.key":
ensure => present,
source => $ssl_key,
mode => '0600',
owner => 'root',
group => 'root',
notify => Exec['generate-ejabberd-pem'],
}
file { "${ssl::certs}/ejabberd.crt":
ensure => present,
source => $ssl_cert,
mode => '0644',
owner => 'root',
group => 'root',
notify => Exec['generate-ejabberd-pem'],
}
if $ssl_chain {
file { "${ssl::certs}/ejabberd.chain.crt":
ensure => present,
source => $ssl_chain,
mode => '0644',
owner => 'root',
group => 'root',
notify => Exec['generate-ejabberd-pem'],
}
$cert_files = "${ssl::private}/ejabberd.key ${ssl::certs}/ejabberd.crt ${ssl::certs}/ejabberd.chain.crt"
} else {
$cert_files = "${ssl::private}/ejabberd.key ${ssl::certs}/ejabberd.crt"
}
exec { 'generate-ejabberd-pem':
path => '/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin',
command => "/bin/sh -c 'umask 077 ; cat ${cert_files} > /etc/ejabberd/ejabberd.pem'",
refreshonly => true,
before => File['/etc/ejabberd/ejabberd.pem'],
require => Package['ejabberd'],
notify => Service['ejabberd'],
}
file { '/etc/ejabberd/ejabberd.pem':
ensure => present,
mode => '0640',
owner => 'root',
group => 'ejabberd',
require => Package['ejabberd'],
}
file { "/etc/ejabberd/${config}":
ensure => present,
mode => '0640',
owner => 'root',
group => 'ejabberd',
content => template("ejabberd/${config}.erb"),
require => Package['ejabberd'],
notify => Service['ejabberd'],
}
case $::operatingsystem {
'debian', 'ubuntu': {
augeas { 'set-ejabberd-default':
context => '/files/etc/default/ejabberd',
changes => [ 'set POLL true', 'set SMP auto' ],
require => Package['ejabberd'],
notify => Service['ejabberd'],
}
}
default: { }
}
$htdocs = '/usr/share/ejabberd/htdocs'
if $webhosts {
include apache::mod::proxy
include apache::mod::proxy_http
include apache::mod::rewrite
file { $htdocs:
ensure => directory,
mode => '0755',
owner => 'root',
group => 'root',
require => Package['ejabberd'],
} }
service { "ejabberd": file { "${htdocs}/.htaccess":
ensure => running, ensure => present,
enable => true, mode => '0644',
status => "ejabberdctl status >/dev/null", owner => 'root',
group => 'root',
content => template('ejabberd/htaccess.erb'),
} }
include ssl apache::configfile { 'ejabberd.conf':
http => false,
file { "${ssl::private}/ejabberd.key": source => 'puppet:///modules/ejabberd/ejabberd-httpd.conf',
ensure => present,
source => $ssl_key,
mode => "0600",
owner => "root",
group => "root",
notify => Exec["generate-ejabberd-pem"],
}
file { "${ssl::certs}/ejabberd.crt":
ensure => present,
source => $ssl_cert,
mode => "0644",
owner => "root",
group => "root",
notify => Exec["generate-ejabberd-pem"],
}
if $ssl_chain {
file { "${ssl::certs}/ejabberd.chain.crt":
ensure => present,
source => $ssl_chain,
mode => "0644",
owner => "root",
group => "root",
notify => Exec["generate-ejabberd-pem"],
}
$cert_files = "${ssl::private}/ejabberd.key ${ssl::certs}/ejabberd.crt ${ssl::certs}/ejabberd.chain.crt"
} else {
$cert_files = "${ssl::private}/ejabberd.key ${ssl::certs}/ejabberd.crt"
} }
exec { "generate-ejabberd-pem": selinux::manage_port { '5280':
path => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin", type => 'http_port_t',
command => "/bin/sh -c 'umask 077 ; cat ${cert_files} > /etc/ejabberd/ejabberd.pem'", proto => 'tcp',
refreshonly => true,
before => File["/etc/ejabberd/ejabberd.pem"],
require => Package["ejabberd"],
notify => Service["ejabberd"],
} }
file { "/etc/ejabberd/ejabberd.pem": ejabberd::configwebhost { $webhosts:
ensure => present, htdocs => $htdocs,
mode => "0640",
owner => "root",
group => "ejabberd",
require => Package["ejabberd"],
}
file { "/etc/ejabberd/${config}":
ensure => present,
mode => "0640",
owner => "root",
group => "ejabberd",
content => template("ejabberd/${config}.erb"),
require => Package["ejabberd"],
notify => Service["ejabberd"],
}
case $::operatingsystem {
"debian", "ubuntu": {
augeas { "set-ejabberd-default":
context => "/files/etc/default/ejabberd",
changes => [ "set POLL true", "set SMP auto" ],
require => Package["ejabberd"],
notify => Service["ejabberd"],
}
}
default: { }
}
$htdocs = "/usr/share/ejabberd/htdocs"
if $webhosts {
include apache::mod::proxy
include apache::mod::proxy_http
include apache::mod::rewrite
file { $htdocs:
ensure => directory,
mode => "0755",
owner => "root",
group => "root",
require => Package["ejabberd"],
}
file { "${htdocs}/.htaccess":
ensure => present,
mode => "0644",
owner => "root",
group => "root",
content => template("ejabberd/htaccess.erb"),
}
apache::configfile { "ejabberd.conf":
http => false,
source => "puppet:///modules/ejabberd/ejabberd-httpd.conf",
}
selinux::manage_port { "5280":
type => "http_port_t",
proto => "tcp",
}
ejabberd::configwebhost { $webhosts:
htdocs => $htdocs,
}
} }
}
} }
@ -290,10 +290,10 @@ class ejabberd(
# #
define ejabberd::configwebhost($htdocs) { define ejabberd::configwebhost($htdocs) {
file { "/srv/www/https/${name}/bosh": file { "/srv/www/https/${name}/bosh":
ensure => link, ensure => link,
target => $htdocs, target => $htdocs,
} }
} }
@ -302,33 +302,35 @@ define ejabberd::configwebhost($htdocs) {
# #
# === Parameters # === Parameters
# #
# $datadir: # $datadir:
# Path where to store the backups. Defaults to "/srv/ejabberd-backup". # Path where to store the backups. Defaults to "/srv/ejabberd-backup".
# #
class ejabberd::backup($datadir="/srv/ejabberd-backup") { class ejabberd::backup(
$datadir='/srv/ejabberd-backup',
) {
file { $datadir: file { $datadir:
ensure => directory, ensure => directory,
mode => "0700", mode => '0700',
owner => "root", owner => 'root',
group => "root", group => 'root',
} }
file { "/usr/local/sbin/ejabberd-backup": file { '/usr/local/sbin/ejabberd-backup':
ensure => present, ensure => present,
mode => "0755", mode => '0755',
owner => "root", owner => 'root',
group => "root", group => 'root',
content => template("ejabberd/ejabberd-backup.erb"), content => template('ejabberd/ejabberd-backup.erb'),
} }
cron { "ejabberd-backup": cron { 'ejabberd-backup':
ensure => present, ensure => present,
command => "/usr/local/sbin/ejabberd-backup", command => '/usr/local/sbin/ejabberd-backup',
user => "root", user => 'root',
minute => "15", minute => '15',
hour => "21", hour => '21',
require => File[$datadir, "/usr/local/sbin/ejabberd-backup"], require => File[$datadir, '/usr/local/sbin/ejabberd-backup'],
} }
} }