tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' of https://bitbucket.org/tmakinen/puppet

Browse source
This commit is contained in:
Ossi Herrala 2013-07-28 12:34:13 +00:00
commit f4bee85160
8 changed files with 88 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
firewall/manifests/init.pp
View file

@ -223,11 +223,18 @@ class firewall::iptables inherits firewall::common::iptables {
# #
class firewall::custom::iptables inherits firewall::common::iptables { class firewall::custom::iptables inherits firewall::common::iptables {
File["/etc/sysconfig/iptables"] { File[$firewall::common::iptables::iptables] {
source => [ "puppet:///files/firewall/iptables.${::homename}", source => [ "puppet:///files/firewall/iptables.${::homename}",
"puppet:///files/firewall/iptables", ], "puppet:///files/firewall/iptables", ],
} }
if $firewall::common::iptables::ip6tables and $::ipv6enabled == "true" {
File[$firewall::common::iptables::ip6tables] {
source => [ "puppet:///files/firewall/ip6tables.${::homename}",
"puppet:///files/firewall/ip6tables", ],
}
}
} }

12
network/manifests/init.pp
View file

@ -597,6 +597,7 @@ class network::manager::disable {
# prefix => "2001:db8:c0de:cafe::/64" # prefix => "2001:db8:c0de:cafe::/64"
# } # }
define network::routeradvertisement::ipv6prefix($prefix = "", $description = "") { define network::routeradvertisement::ipv6prefix($prefix = "", $description = "") {
case $::operatingsystem { case $::operatingsystem {
"centos","redhat": { "centos","redhat": {
file { "/etc/radvd.conf.d": file { "/etc/radvd.conf.d":
@ -618,20 +619,19 @@ define network::routeradvertisement::ipv6prefix($prefix = "", $description = "")
ensure => directory, ensure => directory,
} }
file { "/etc/rtadvd.conf.d/rtadvd-${name}.conf": file { "/etc/rtadvd.conf.d/${name}.conf":
ensure => present, ensure => present,
mode => "0644", mode => "0644",
owner => "root", owner => "root",
group => "wheel", group => "wheel",
content => template("network/rtadvd.conf.erb"), content => template("network/rtadvd.conf.erb"),
before => Service["rtadvd-${name}"], notify => Service["rtadvd_${name}"],
notify => Service["rtadvd-${name}"],
} }
service { "rtadvd-${name}": service { "rtadvd_${name}":
ensure => running, ensure => running,
enable => true, enable => true,
start => "/usr/sbin/rtadvd -c /etc/rtadvd.conf.d/rtadvd-${name}.conf ${name}", start => "/usr/sbin/rtadvd -c /etc/rtadvd.conf.d/${name}.conf ${name}",
stop => "/usr/bin/pkill -f \"^/usr/sbin/rtadvd -c [^ ]+ ${name}\$\"", stop => "/usr/bin/pkill -f \"^/usr/sbin/rtadvd -c [^ ]+ ${name}\$\"",
status => "/usr/bin/pgrep -f \"^/usr/sbin/rtadvd -c [^ ]+ ${name}\$\"", status => "/usr/bin/pgrep -f \"^/usr/sbin/rtadvd -c [^ ]+ ${name}\$\"",
} }
@ -640,8 +640,10 @@ define network::routeradvertisement::ipv6prefix($prefix = "", $description = "")
fail("Router advertisement not supported in $::operatingsystem.") fail("Router advertisement not supported in $::operatingsystem.")
} }
} }
} }
# Router Advertisement daemon # Router Advertisement daemon
# #
class network::routeradvertisement { class network::routeradvertisement {

17
sendmail/manifests/init.pp
View file

@ -29,15 +29,12 @@ class sendmail::common {
mode => "0644", mode => "0644",
notify => Service["sendmail"], notify => Service["sendmail"],
} }
$ostype = "linux"
$cabundle = "/etc/pki/tls/certs/ca-bundle.crt" $cabundle = "/etc/pki/tls/certs/ca-bundle.crt"
} }
"ubuntu","debian": { "ubuntu","debian": {
$ostype = "linux"
$cabundle = "/etc/ssl/certs/ca-certificates.crt" $cabundle = "/etc/ssl/certs/ca-certificates.crt"
} }
"openbsd": { "openbsd": {
$ostype = "openbsd"
$cabundle = "/etc/ssl/cert.pem" $cabundle = "/etc/ssl/cert.pem"
} }
default: { default: {
@ -249,29 +246,31 @@ class sendmail::server inherits sendmail::common {
$ssl_chain = basename($sendmail_ssl_chain) $ssl_chain = basename($sendmail_ssl_chain)
} }
file { "/etc/pki/tls/private/${ssl_key}": include ssl
file { "${ssl::private}/${ssl_key}":
ensure => present, ensure => present,
source => $sendmail_ssl_key,
mode => "0600", mode => "0600",
owner => "root", owner => "root",
group => "root", group => "root",
source => $sendmail_ssl_key,
notify => Service["sendmail"], notify => Service["sendmail"],
} }
file { "/etc/pki/tls/certs/${ssl_cert}": file { "${ssl::certs}/${ssl_cert}":
ensure => present, ensure => present,
source => $sendmail_ssl_cert,
mode => "0644", mode => "0644",
owner => "root", owner => "root",
group => "root", group => "root",
source => $sendmail_ssl_cert,
notify => Service["sendmail"], notify => Service["sendmail"],
} }
if $ssl_chain { if $ssl_chain {
file { "/etc/pki/tls/certs/${ssl_chain}": file { "${ssl::certs}/${ssl_chain}":
ensure => present, ensure => present,
source => $sendmail_ssl_chain,
mode => "0644", mode => "0644",
owner => "root", owner => "root",
group => "root", group => "root",
source => $sendmail_ssl_chain,
notify => Service["sendmail"], notify => Service["sendmail"],
} }
} }

12
sendmail/templates/sendmail.mc.erb
View file

@ -8,7 +8,7 @@ include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
include(`/usr/share/sendmail/cf/m4/cf.m4')dnl include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
<% end -%> <% end -%>
VERSIONID(`puppet sendmail::server')dnl VERSIONID(`puppet sendmail::server')dnl
OSTYPE(`<%= @ostype -%>')dnl OSTYPE(`<%= @kernel.downcase -%>')dnl
dnl # dnl #
<% if @mail_smart_host -%> <% if @mail_smart_host -%>
define(`SMART_HOST', `<%= @mail_smart_host -%>')dnl define(`SMART_HOST', `<%= @mail_smart_host -%>')dnl
@ -39,12 +39,12 @@ dnl #
define(`confCACERT_PATH', `/etc/mail/certs') define(`confCACERT_PATH', `/etc/mail/certs')
<% if @ssl_key and @ssl_cert -%> <% if @ssl_key and @ssl_cert -%>
<% if @ssl_chain -%> <% if @ssl_chain -%>
define(`confCACERT', `/etc/pki/tls/certs/<%= @ssl_chain %>') define(`confCACERT', `<%= scope.lookupvar('ssl::certs') %>/<%= @ssl_chain %>')
<% end -%> <% end -%>
define(`confSERVER_CERT', `/etc/pki/tls/certs/<%= @ssl_cert %>') define(`confSERVER_CERT', `<%= scope.lookupvar('ssl::certs') %>/<%= @ssl_cert %>')
define(`confSERVER_KEY', `/etc/pki/tls/private/<%= @ssl_key %>') define(`confSERVER_KEY', `<%= scope.lookupvar('ssl::private') %>/<%= @ssl_key %>')
define(`confCLIENT_CERT', `/etc/pki/tls/certs/<%= @ssl_cert %>') define(`confCLIENT_CERT', `<%= scope.lookupvar('ssl::certs') %>/<%= @ssl_cert %>')
define(`confCLIENT_KEY', `/etc/pki/tls/private/<%= @ssl_key %>') define(`confCLIENT_KEY', `<%= scope.lookupvar('ssl::private') %>/<%= @ssl_key %>')
<% end -%> <% end -%>
dnl # dnl #
FEATURE(`no_default_msa', `dnl')dnl FEATURE(`no_default_msa', `dnl')dnl

2
sendmail/templates/submit.mc.erb
View file

@ -22,7 +22,7 @@ include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
DOMAIN(`debian-msp')dnl DOMAIN(`debian-msp')dnl
<% end -%> <% end -%>
VERSIONID(`puppet setup')dnl VERSIONID(`puppet setup')dnl
OSTYPE(`<%= @ostype -%>')dnl OSTYPE(`<%= @kernel.downcase -%>')dnl
define(`confCF_VERSION', `Submit')dnl define(`confCF_VERSION', `Submit')dnl
define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet

5
smtpd/files/mailer.conf Normal file
View file

@ -0,0 +1,5 @@
sendmail /usr/sbin/smtpctl
send-mail /usr/sbin/smtpctl
mailq /usr/sbin/smtpctl
makemap /usr/libexec/smtpd/makemap
newaliases /usr/libexec/smtpd/makemap

43
smtpd/manifests/init.pp Normal file
View file

@ -0,0 +1,43 @@
# Configure smtpd for local delivery.
#
# === Global variables
#
# $mail_domain:
# Domain to masquerade as (envelope only).
#
# $smtpd_relay:
# URI of mail relay server.
#
class smtpd {
file { "/etc/mailer.conf":
ensure => present,
mode => "0644",
owner => "root",
group => "wheel",
source => "puppet:///modules/smtpd/mailer.conf",
before => Service["smtpd"],
}
file { "/etc/mail/smtpd.conf":
ensure => present,
mode => "0644",
owner => "root",
group => "wheel",
content => template("smtpd/client.conf.erb"),
notify => Service["smtpd"],
}
service { "sendmail":
ensure => stopped,
enable => false,
before => Service["smtpd"],
}
service { "smtpd":
ensure => running,
enable => true,
start => "/usr/sbin/smtpd",
}
}

10
smtpd/templates/client.conf.erb Normal file
View file

@ -0,0 +1,10 @@
listen on lo0
<% if @smtpd_relay -%>
accept from local for any relay via <%= @smtpd_relay %><% if @mail_domain %> as "@<%= @mail_domain %>"<% end %>
<% else -%>
table aliases db:/etc/mail/aliases.db
accept from local for local alias <aliases> deliver to mbox
accept from local for any relay<% if @mail_domain %> as "@<%= @mail_domain %>"<% end %>
<% end -%>