diff options
-rw-r--r-- | .gitignore | 3 | ||||
-rw-r--r-- | .gitmodules | 4 | ||||
l---------[-rw-r--r--] | .mrconfig | 259 | ||||
-rw-r--r-- | README.md | 137 | ||||
-rw-r--r-- | TODO.md | 44 | ||||
-rw-r--r-- | Vagrantfile | 39 | ||||
-rw-r--r-- | basics.md | 181 | ||||
l--------- | index.md | 1 | ||||
m--------- | keyring | 0 | ||||
-rw-r--r-- | puppet/.gitignore | 2 | ||||
-rw-r--r-- | puppet/.mrconfig | 258 | ||||
-rw-r--r-- | puppet/LICENSE | 661 | ||||
-rw-r--r-- | puppet/Makefile (renamed from Makefile) | 0 | ||||
-rw-r--r-- | puppet/README.md | 38 | ||||
-rw-r--r-- | puppet/TODO.md | 6 | ||||
-rw-r--r-- | puppet/Vagrantfile | 60 | ||||
-rw-r--r-- | puppet/auth.conf | 99 | ||||
-rwxr-xr-x | puppet/bin/dependencies (renamed from bin/dependencies) | 0 | ||||
-rwxr-xr-x | puppet/bin/mrconfig (renamed from bin/mrconfig) | 0 | ||||
-rwxr-xr-x | puppet/bin/provision (renamed from bin/provision) | 0 | ||||
-rwxr-xr-x | puppet/bin/submodules (renamed from bin/submodules) | 0 | ||||
-rwxr-xr-x | puppet/bin/subtrees (renamed from bin/subtrees) | 0 | ||||
-rwxr-xr-x | puppet/bin/symlinks (renamed from bin/symlinks) | 0 | ||||
-rw-r--r-- | puppet/files/.empty (renamed from files/.empty) | 0 | ||||
-rw-r--r-- | puppet/fileserver.conf | 7 | ||||
l--------- | puppet/hiera.yaml (renamed from hiera.yaml) | 0 | ||||
-rw-r--r-- | puppet/hiera/bootstrap.yaml (renamed from hiera/bootstrap.yaml) | 12 | ||||
-rw-r--r-- | puppet/hiera/common.yaml (renamed from hiera/common.yaml) | 0 | ||||
-rw-r--r-- | puppet/hiera/hiera.yaml (renamed from hiera/hiera.yaml) | 0 | ||||
-rw-r--r-- | puppet/keys/public/.empty (renamed from keys/public/.empty) | 0 | ||||
-rw-r--r-- | puppet/keys/ssh/.empty (renamed from keys/ssh/.empty) | 0 | ||||
-rw-r--r-- | puppet/keys/ssl/.empty (renamed from keys/ssl/.empty) | 0 | ||||
-rw-r--r-- | puppet/manifests/bootstrap/configurator.pp (renamed from manifests/bootstrap/configurator.pp) | 0 | ||||
-rw-r--r-- | puppet/manifests/bootstrap/host.pp (renamed from manifests/bootstrap/host.pp) | 0 | ||||
-rw-r--r-- | puppet/manifests/bootstrap/master.pp (renamed from manifests/bootstrap/master.pp) | 0 | ||||
-rw-r--r-- | puppet/manifests/bootstrap/vagrant.pp (renamed from manifests/bootstrap/vagrant.pp) | 0 | ||||
-rw-r--r-- | puppet/manifests/classes/users.pp | 33 | ||||
-rw-r--r-- | puppet/manifests/classes/websites.pp (renamed from manifests/classes/websites.pp) | 0 | ||||
l--------- | puppet/manifests/hiera (renamed from manifests/hiera) | 0 | ||||
-rw-r--r-- | puppet/manifests/modules.pp (renamed from manifests/modules.pp) | 0 | ||||
-rw-r--r-- | puppet/manifests/nodes.pp (renamed from manifests/nodes.pp) | 0 | ||||
-rw-r--r-- | puppet/manifests/nodes/.empty (renamed from manifests/nodes/.empty) | 0 | ||||
-rw-r--r-- | puppet/manifests/site.pp (renamed from manifests/site.pp) | 0 | ||||
l--------- | puppet/modules/bootstrap (renamed from modules/bootstrap) | 0 | ||||
-rw-r--r-- | puppet/modules/site_apache/files/htdocs/images/.empty (renamed from modules/site_apache/files/htdocs/images/.empty) | 0 | ||||
-rw-r--r-- | puppet/modules/site_apache/files/vhosts/.empty (renamed from modules/site_apache/files/vhosts/.empty) | 0 | ||||
-rw-r--r-- | puppet/modules/site_keys/files/ssl/.empty (renamed from modules/site_keys/files/ssl/.empty) | 0 | ||||
-rw-r--r-- | puppet/modules/site_mail/files/.empty (renamed from modules/site_mail/files/.empty) | 0 | ||||
-rw-r--r-- | puppet/modules/site_nagios/files/.empty (renamed from modules/site_nagios/files/.empty) | 0 | ||||
-rw-r--r-- | puppet/modules/site_nginx/files/.empty (renamed from modules/site_nginx/files/.empty) | 0 | ||||
-rw-r--r-- | puppet/modules/site_postfix/files/.empty (renamed from modules/site_postfix/files/.empty) | 0 | ||||
l--------- | puppet/puppet (renamed from puppet) | 0 | ||||
-rw-r--r-- | puppet/puppet.conf | 30 | ||||
-rw-r--r-- | puppet/templates/apache/htdocs/images/README.html.erb (renamed from templates/apache/htdocs/images/README.html.erb) | 0 | ||||
-rw-r--r-- | puppet/templates/apache/htdocs/index.html.erb (renamed from templates/apache/htdocs/index.html.erb) | 0 | ||||
-rw-r--r-- | puppet/templates/apache/htdocs/missing.html.erb (renamed from templates/apache/htdocs/missing.html.erb) | 0 | ||||
-rw-r--r-- | puppet/templates/apache/vhosts/git.erb (renamed from templates/apache/vhosts/git.erb) | 0 | ||||
-rw-r--r-- | puppet/templates/apache/vhosts/lists.erb (renamed from templates/apache/vhosts/lists.erb) | 0 | ||||
-rw-r--r-- | puppet/templates/apache/vhosts/mail.erb (renamed from templates/apache/vhosts/mail.erb) | 0 | ||||
-rw-r--r-- | puppet/templates/apache/vhosts/nagios.erb (renamed from templates/apache/vhosts/nagios.erb) | 0 | ||||
-rw-r--r-- | puppet/templates/apache/vhosts/wiki.erb (renamed from templates/apache/vhosts/wiki.erb) | 0 | ||||
-rw-r--r-- | puppet/templates/etc/aliases.erb (renamed from templates/etc/aliases.erb) | 0 | ||||
-rw-r--r-- | puppet/templates/etc/nagios3/htpasswd.users.erb (renamed from templates/etc/nagios3/htpasswd.users.erb) | 0 | ||||
-rw-r--r-- | puppet/templates/etc/nginx/domain.erb (renamed from templates/etc/nginx/domain.erb) | 0 | ||||
-rw-r--r-- | puppet/templates/postfix/tls_policy.erb (renamed from templates/postfix/tls_policy.erb) | 0 | ||||
-rw-r--r-- | puppet/templates/puppet/auth.conf.erb (renamed from templates/puppet/auth.conf.erb) | 0 | ||||
-rw-r--r-- | puppet/templates/puppet/fileserver.conf.erb (renamed from templates/puppet/fileserver.conf.erb) | 0 | ||||
-rw-r--r-- | puppet/templates/puppet/master.pp.erb (renamed from templates/puppet/master.pp.erb) | 0 | ||||
-rw-r--r-- | puppet/templates/puppet/nodes.pp.erb (renamed from templates/puppet/nodes.pp.erb) | 0 | ||||
-rw-r--r-- | puppet/templates/puppet/proxy.pp.erb (renamed from templates/puppet/proxy.pp.erb) | 0 | ||||
-rw-r--r-- | puppet/templates/puppet/puppet.conf.erb (renamed from templates/puppet/puppet.conf.erb) | 0 | ||||
-rw-r--r-- | puppet/templates/puppet/server.pp.erb (renamed from templates/puppet/server.pp.erb) | 0 | ||||
-rw-r--r-- | puppet/templates/puppet/storage.pp.erb (renamed from templates/puppet/storage.pp.erb) | 0 | ||||
-rw-r--r-- | puppet/templates/puppet/test.pp.erb (renamed from templates/puppet/test.pp.erb) | 0 | ||||
-rw-r--r-- | puppet/templates/puppet/users.pp.erb (renamed from templates/puppet/users.pp.erb) | 0 | ||||
-rw-r--r-- | puppet/templates/puppet/web.pp.erb (renamed from templates/puppet/web.pp.erb) | 0 | ||||
-rw-r--r-- | python.md | 31 | ||||
-rw-r--r-- | references.md | 27 | ||||
-rw-r--r-- | repositories.md | 21 | ||||
-rw-r--r-- | ruby.md | 4 |
80 files changed, 1623 insertions, 334 deletions
@@ -1,2 +1,3 @@ -modules/* +*.upload .vagrant +packages diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..9575ce9 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,4 @@ +[submodule "keyring"] + path = keyring + url = git://anonscm.debian.org/keyring/keyring.git + ignore = dirty diff --git a/.mrconfig b/.mrconfig index 8731bee..952e7d0 100644..120000 --- a/.mrconfig +++ b/.mrconfig @@ -1,258 +1 @@ - -[puppet/modules/apache] -checkout = git clone git://git.sarava.org/puppet-apache.git apache - -[puppet/modules/apcupsd] -checkout = git clone git://git.sarava.org/puppet-apcupsd.git apcupsd - -[puppet/modules/apparmor] -checkout = git clone git://git.sarava.org/puppet-apparmor.git apparmor - -[puppet/modules/apt] -checkout = git clone git://git.sarava.org/puppet-apt.git apt - -[puppet/modules/autofs] -checkout = git clone git://git.sarava.org/puppet-autofs.git autofs - -[puppet/modules/autossh] -checkout = git clone git://git.sarava.org/puppet-autossh.git autossh - -[puppet/modules/avahi] -checkout = git clone git://git.sarava.org/puppet-avahi.git avahi - -[puppet/modules/backup] -checkout = git clone git://git.sarava.org/puppet-backup.git backup - -[puppet/modules/backupninja] -checkout = git clone git://git.sarava.org/puppet-backupninja.git backupninja - -[puppet/modules/bind] -checkout = git clone git://git.sarava.org/puppet-bind.git bind - -[puppet/modules/bitcoind] -checkout = git clone git://git.sarava.org/puppet-bitcoind.git bitcoind - -[puppet/modules/bootstrap] -checkout = git clone git://git.sarava.org/puppet-bootstrap.git bootstrap - -[puppet/modules/common] -checkout = git clone git://git.sarava.org/puppet-common.git common - -[puppet/modules/concat] -checkout = git clone git://git.sarava.org/puppet-concat.git concat - -[puppet/modules/cron] -checkout = git clone git://git.sarava.org/puppet-cron.git cron - -[puppet/modules/daap_server] -checkout = git clone git://git.sarava.org/puppet-daap_server.git daap_server - -[puppet/modules/darkice] -checkout = git clone git://git.sarava.org/puppet-darkice.git darkice - -[puppet/modules/database] -checkout = git clone git://git.sarava.org/puppet-database.git database - -[puppet/modules/dhcp] -checkout = git clone git://git.sarava.org/puppet-dhcp.git dhcp - -[puppet/modules/domain_check] -checkout = git clone git://git.sarava.org/puppet-domain_check.git domain_check - -[puppet/modules/drupal] -checkout = git clone git://git.sarava.org/puppet-drupal.git drupal - -[puppet/modules/dyndns] -checkout = git clone git://git.sarava.org/puppet-dyndns.git dyndns - -[puppet/modules/ejabberd] -checkout = git clone git://git.sarava.org/puppet-ejabberd.git ejabberd - -[puppet/modules/ekeyd] -checkout = git clone git://git.sarava.org/puppet-ekeyd.git ekeyd - -[puppet/modules/etherpad] -checkout = git clone git://git.sarava.org/puppet-etherpad.git etherpad - -[puppet/modules/exim] -checkout = git clone git://git.sarava.org/puppet-exim.git exim - -[puppet/modules/firewall] -checkout = git clone git://git.sarava.org/puppet-firewall.git firewall - -[puppet/modules/git] -checkout = git clone git://git.sarava.org/puppet-git.git git - -[puppet/modules/hotglue] -checkout = git clone git://git.sarava.org/puppet-hotglue.git hotglue - -[puppet/modules/hydra] -checkout = git clone git://git.sarava.org/puppet-hydra.git hydra - -[puppet/modules/icecast] -checkout = git clone git://git.sarava.org/puppet-icecast.git icecast - -[puppet/modules/ikiwiki] -checkout = git clone git://git.sarava.org/puppet-ikiwiki.git ikiwiki - -[puppet/modules/inetd] -checkout = git clone git://git.sarava.org/puppet-inetd.git inetd - -[puppet/modules/infinoted] -checkout = git clone git://git.sarava.org/puppet-infinoted.git infinoted - -[puppet/modules/inifile] -checkout = git clone git://git.sarava.org/puppet-inifile.git inifile - -[puppet/modules/lighttpd] -checkout = git clone git://git.sarava.org/puppet-lighttpd.git lighttpd - -[puppet/modules/lsb] -checkout = git clone git://git.sarava.org/puppet-lsb.git lsb - -[puppet/modules/mail] -checkout = git clone git://git.sarava.org/puppet-mail.git mail - -[puppet/modules/minidlna] -checkout = git clone git://git.sarava.org/puppet-minidlna.git minidlna - -[puppet/modules/moin] -checkout = git clone git://git.sarava.org/puppet-moin.git moin - -[puppet/modules/monkeysphere] -checkout = git clone git://git.sarava.org/puppet-monkeysphere.git monkeysphere - -[puppet/modules/motion] -checkout = git clone git://git.sarava.org/puppet-motion.git motion - -[puppet/modules/mpd] -checkout = git clone git://git.sarava.org/puppet-mpd.git mpd - -[puppet/modules/mumble] -checkout = git clone git://git.sarava.org/puppet-mumble.git mumble - -[puppet/modules/munin] -checkout = git clone git://git.sarava.org/puppet-munin.git munin - -[puppet/modules/mysql] -checkout = git clone git://git.sarava.org/puppet-mysql.git mysql - -[puppet/modules/nagios] -checkout = git clone git://git.sarava.org/puppet-nagios.git nagios - -[puppet/modules/nfs] -checkout = git clone git://git.sarava.org/puppet-nfs.git nfs - -[puppet/modules/nginx] -checkout = git clone git://git.sarava.org/puppet-nginx.git nginx - -[puppet/modules/nodo] -checkout = git clone git://git.sarava.org/puppet-nodo.git nodo - -[puppet/modules/ntp] -checkout = git clone git://git.sarava.org/puppet-ntp.git ntp - -[puppet/modules/onion] -checkout = git clone git://git.sarava.org/puppet-onion.git onion - -[puppet/modules/pear] -checkout = git clone git://git.sarava.org/puppet-pear.git pear - -[puppet/modules/php] -checkout = git clone git://git.sarava.org/puppet-php.git php - -[puppet/modules/pmwiki] -checkout = git clone git://git.sarava.org/puppet-pmwiki.git pmwiki - -[puppet/modules/postfix] -checkout = git clone git://git.sarava.org/puppet-postfix.git postfix - -[puppet/modules/puppet] -checkout = git clone git://git.sarava.org/puppet-puppet.git puppet - -[puppet/modules/pureftpd] -checkout = git clone git://git.sarava.org/puppet-pureftpd.git pureftpd - -[puppet/modules/pyroscope] -checkout = git clone git://git.sarava.org/puppet-pyroscope.git pyroscope - -[puppet/modules/qwebirc] -checkout = git clone git://git.sarava.org/puppet-qwebirc.git qwebirc - -[puppet/modules/reprepro] -checkout = git clone git://git.sarava.org/puppet-reprepro.git reprepro - -[puppet/modules/resolvconf] -checkout = git clone git://git.sarava.org/puppet-resolvconf.git resolvconf - -[puppet/modules/rng-tools] -checkout = git clone git://git.sarava.org/puppet-rng-tools.git rng-tools - -[puppet/modules/rsync] -checkout = git clone git://git.sarava.org/puppet-rsync.git rsync - -[puppet/modules/runit] -checkout = git clone git://git.sarava.org/puppet-runit.git runit - -[puppet/modules/samba] -checkout = git clone git://git.sarava.org/puppet-samba.git samba - -[puppet/modules/schroot] -checkout = git clone git://git.sarava.org/puppet-schroot.git schroot - -[puppet/modules/shorewall] -checkout = git clone git://git.sarava.org/puppet-shorewall.git shorewall - -[puppet/modules/smartmonster] -checkout = git clone git://git.sarava.org/puppet-smartmonster.git smartmonster - -[puppet/modules/smartmontools] -checkout = git clone git://git.sarava.org/puppet-smartmontools.git smartmontools - -[puppet/modules/sshd] -checkout = git clone git://git.sarava.org/puppet-sshd.git sshd - -[puppet/modules/ssl] -checkout = git clone git://git.sarava.org/puppet-ssl.git ssl - -[puppet/modules/supervisor] -checkout = git clone git://git.sarava.org/puppet-supervisor.git supervisor - -[puppet/modules/supybot] -checkout = git clone git://git.sarava.org/puppet-supybot.git supybot - -[puppet/modules/syslog-ng] -checkout = git clone git://git.sarava.org/puppet-syslog-ng.git syslog-ng - -[puppet/modules/tftp] -checkout = git clone git://git.sarava.org/puppet-tftp.git tftp - -[puppet/modules/tor] -checkout = git clone git://git.sarava.org/puppet-tor.git tor - -[puppet/modules/trac] -checkout = git clone git://git.sarava.org/puppet-trac.git trac - -[puppet/modules/tunnel] -checkout = git clone git://git.sarava.org/puppet-tunnel.git tunnel - -[puppet/modules/user] -checkout = git clone git://git.sarava.org/puppet-user.git user - -[puppet/modules/vcsrepo] -checkout = git clone git://git.sarava.org/puppet-vcsrepo.git vcsrepo - -[puppet/modules/viewvc] -checkout = git clone git://git.sarava.org/puppet-viewvc.git viewvc - -[puppet/modules/virtual] -checkout = git clone git://git.sarava.org/puppet-virtual.git virtual - -[puppet/modules/websites] -checkout = git clone git://git.sarava.org/puppet-websites.git websites - -[puppet/modules/websvn] -checkout = git clone git://git.sarava.org/puppet-websvn.git websvn - -[puppet/modules/wordpress] -checkout = git clone git://git.sarava.org/puppet-wordpress.git wordpress +puppet/.mrconfig
\ No newline at end of file @@ -1,38 +1,121 @@ -Puppet Boostrap Module -====================== +Debian packaging effort! +======================== -This is a multi-purpose but very specific puppet module which can be used: +In the past, we used to be [heavy slackware users](https://simplepkg.sarava.org) when we just +had a few boxes to manage. Then we had to change our whole packaging paradigm when we switched +to Debian. -* As the base repository for a puppet infrastructure. -* As a standalone provisioner for boxes, with Vagrant support. -* It can be optionally used together with the Hydra Suite from https://git.sarava.org/?p=hydra.git +These notes are mainly references to the detailed Debian/Ubuntu documentations we're using in +the course of learning the intricacies of Debian packaging. -Setting up a new puppetmaster repository ----------------------------------------- +Grab this repository using -You'll basically use the `bootstrap` repository as your `puppet` repository: + git clone --recursive git://git.sarava.org/debian.git - git clone git://git.sarava.org/puppet-bootstrap.git puppet - cd puppet && git tag -v # check integrity - make deps # install dependencies - make submodules # add all needed puppet module as as git submodules - make config # basic configuration +Configuration files +------------------- -Using as a standalone provisioner ---------------------------------- +All the commands in this guide assumes that you're using [these configuration +files](https://git.sarava.org/?p=rhatto/dotfiles/debian.git;a=summary). -This will be a `Vagrant` example: +Starting a new package +---------------------- - cd your-project - git clone git://git.sarava.org/puppet-bootstrap.git puppet # use submodule or subtree as you please - ln -s puppet/Vagrantfile # or copy if you want to customize - ( cd puppet && make modules ) # need the mr binary to download the submodules - vagrant up web # with no arguments, all defined VMs are started +We use the `packages/` folder from this repo to store sources: -Using subtrees or symlinks for modules --------------------------------------- + mkdir package/$package + cd package/$package -You might use `make subtrees` instead of `make submodules`. Also, if you already have -all the modules in a different subtree, use +Build environment creation +-------------------------- - make symlinks MODULES=/path/to/puppet/modules +The following steps needs to be run just once for each arch and distro version. + +### Setup cowbuilder chroots + +This is the recommended method: + + sudo mkdir /var/cache/pbuilder/sid-amd64 + sudo -E cowbuilder --create + + sudo mkdir /var/cache/pbuilder/wheezy-amd64 + sudo -E DIST=wheezy cowbuilder --create + +### Setup pbuilder chroots + +If you want to setup directly using `pbuilder`: + + git-pbuilder create + DIST=wheezy git-pbuilder + +### Compatibility with git-buildpackage + +This is a workaround while we don't find a cleaner way to fix +[this issue](http://ramblingfoo.blogspot.com.br/2012/10/howto-sudo-cowbuilder-git-buildpackage.html) +with `git-buildpackage` not getting `~/.pbuilderrc` from the local user: + + ( cd /var/cache/pbuilder/ && sudo ln -s sid-amd64/base.cow ) + +External repo integration +------------------------- + +If your package storage lives elsewhere, make a symlink like this: + + ( + cd /var/cache/pbuilder/wheezy-amd64 && \ + sudo rm -rf result && \ + sudo ln -s /var/data/apps/distros/debian/packages/build-area/wheezy-amd64 result + ) + +Environment maintenance +----------------------- + +These steps should be run once in a while to ensure we have an up to date packaging environment. + +### Pbuilder + + DIST=sid git-pbuilder update + DIST=wheezy git-pbuilder update --override-config + +### Cowbuilder + + DIST=sid sudo -E cowbuilder --update + DIST=wheezy sudo -E cowbuilder --update --override-config + +Building +-------- + + DIST=wheezy sudo -E cowbuilder --build $package*.dsc + +Signing +------- + +To sign both the `.dsc` and the `.changes` files: + + debsign $package*.changes + +Uploading +--------- + +Simply run + + dupload *changes + +This assumes a `~/.dupload.conf` like the following: + + package config; + $default_host = "myremote"; + + $cfg{'myremote'} = { + fqdn => "myremote.example.org", + login => "user", + method => "scpb", + incoming => "/var/reprepro/incoming/", + # The dinstall on ftp-master sends emails itself + #dinstall_runs => 1, + }; + +It's also important that: + + 1. The host remote port is correctly defined at your `~/.ssh/config`. + 2. The user is in the `reprepro` group in the server. @@ -1,6 +1,44 @@ TODO ==== -* Update to new nodo style (hiera and nodo::role). -* Support for recursive clones in `bin/mrconfig`. -* Test! +Organization +------------ + +* Scripts: + * `debian-keyring-setup`. + * `debian-dev-setup`. + * `debian-build`. +* Merge all `build-area` folders. +* Deploy as a ikiwiki + git-annex instance, perhaps replacing reprepro. +* Try an [AutomateBackports](https://wiki.debian.org/AutomateBackports) setup. + +Upstream +-------- + +* Fill a Debian bug report: `dpkg-source` doesn't honour `GNUPGHOME`. + +Backport +-------- + +* jekyll +* docker +* newsbeuter +* compton +* grub-pc + +Port +---- + +* leap-cli +* pond +* [x2go-server](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465821) +* [Blingbling](http://awesome.naquadah.org/wiki/Blingbling) +* [Terminology](https://www.enlightenment.org/p.php?p=about/terminology) + +WNPP +---- + +Before packaging anything, have a look at: + +* [WNPP](http://wnpp.debian.net). +* [Debian Git](http://anonscm.debian.org/gitweb/). diff --git a/Vagrantfile b/Vagrantfile index e7404a9..0ebd36e 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -16,45 +16,6 @@ Vagrant::Config.run do |config| puppet.temp_dir = "/etc/puppet" end - # Define a Host VM - config.vm.define :host do |host_config| - db_config.vm.box = "host" - web_config.vm.network :hostonly, "192.168.50.101" - end - - # Define a Puppetmaster VM - config.vm.define :master do |master_config| - master_config.vm.box = "master" - master_config.vm.forward_port 8139, 8140 - web_config.vm.network :hostonly, "192.168.50.102" - end - - # Define a Proxy VM - config.vm.define :proxy do |proxy_config| - proxy_config.vm.box = "proxy" - proxy_config.vm.forward_port 8139, 8140 - web_config.vm.network :hostonly, "192.168.50.103" - end - - # Define a Web VM - config.vm.define :web do |web_config| - web_config.vm.box = "web" - web_config.vm.forward_port 80, 8080 - web_config.vm.network :hostonly, "192.168.50.104" - end - - # Define a Storage VM - config.vm.define :storage do |storage_config| - storage_config.vm.box = "storage" - storage_config.vm.network :hostonly, "192.168.50.105" - end - - # Define a Test VM - config.vm.define :test do |test_config| - test_config.vm.box = "test" - test_config.vm.network :hostonly, "192.168.50.106" - end - # Share hiera configuration. config.vm.share_folder "hiera", "/etc/puppet/hiera", "puppet/hiera", create: true end diff --git a/basics.md b/basics.md new file mode 100644 index 0000000..32cabf0 --- /dev/null +++ b/basics.md @@ -0,0 +1,181 @@ +Basic packaging +=============== + +Getting the debianized source +----------------------------- + +Using `dget`: + + dget $remote_dsc + cd $package* + +Using `apt-get`: + + apt-get source package + +Checking the source +------------------- + +This is the trick part. In theory, you could run just + + dscverify *.dsc + +Which would check if the signature was made for a key included in the `debian-keyring` package. + +In practice, it should always work for sources you download from the **same** Debian version you're running. +But sources you download from newer versions might not work, depending basically if the maintainer's key is +already on the `debian-keyring` you installed. + +### Using a newer debian-keyring package + +You might want to try a newer `debian-keyring` package (for testing or unstable), which we haven't tested +yet but can reduce a lot of complexity that follows. + +### Install manually debian-keyring somewhere + +If not, you might try to have a newer copy of the `debian-keyring` somewhere. We already provide one in the +form of git://anonscm.debian.org/keyring/keyring.git available as a git submodule in the `keyring` folder: + + gpg --no-default-keyring --keyring /path/to/debian/keyring/output/keyrings/debian-keyring.gpg --verify *.dsc + +You might also want to have the following on your `~/.devscripts` (line break just to keep formatting here): + + DSCVERIFY_KEYRINGS="/usr/share/keyrings/debian-keyring.gpg:/usr/share/keyrings/debian-maintainers.gpg: + /path/to/debian/keyring/output/keyrings/debian-keyring.gpg" + +Or you can use the following alias: + + alias dscverify='dscverify --keyring /path/to/debian/keyring/output/keyrings/debian-keyring.gpg' + +This assumes that you initialized the `keyring` submodule and compiled the keyrings: + + ( cd keyring && make ) + +We use `--no-default-keyring` to make sure `gpg` just looks for the key in the `debian-maintainers` keyring. + +Another option is to get the specific key: + + gpg --recv-keys 12345678 + +Either way, you have to have a criteria about how much trust you should give to the keyring or the pubkey +you just downloaded. The same goes for software you're porting to Debian and that you can't actually check +it's signature against `debian-keyring`. + +Things get even trickier when you try to use `dpkg-source`. + +Even if you symlink `keyring/output/keyrings/debian-keyring.gpg` as `keyring/output/keyrings/debian-keyring.gpg/trustedkeys.gpg` +and point `GNUPGHOME` to this folder you'll still get a weird behavior: + + 0 $ dget http://ftp.de.debian.org/debian/pool/main/r/ruby-childprocess/ruby-childprocess_0.5.2-1.dsc + dget: retrieving http://ftp.de.debian.org/debian/pool/main/r/ruby-childprocess/ruby-childprocess_0.5.2-1.dsc + % Total % Received % Xferd Average Speed Time Time Time Current + Dload Upload Total Spent Left Speed + 100 1827 100 1827 0 0 2626 0 --:--:-- --:--:-- --:--:-- 4911 + dget: retrieving http://ftp.de.debian.org/debian/pool/main/r/ruby-childprocess/ruby-childprocess_0.5.2.orig.tar.gz + % Total % Received % Xferd Average Speed Time Time Time Current + Dload Upload Total Spent Left Speed + 100 26055 100 26055 0 0 20738 0 0:00:01 0:00:01 --:--:-- 27455 + dget: retrieving http://ftp.de.debian.org/debian/pool/main/r/ruby-childprocess/ruby-childprocess_0.5.2-1.debian.tar.xz + % Total % Received % Xferd Average Speed Time Time Time Current + Dload Upload Total Spent Left Speed + 100 2892 100 2892 0 0 4183 0 --:--:-- --:--:-- --:--:-- 8078 + ruby-childprocess_0.5.2-1.dsc: + Good signature found + validating ruby-childprocess_0.5.2.orig.tar.gz + validating ruby-childprocess_0.5.2-1.debian.tar.xz + All files validated successfully. + gpgv: Signature made Seg 28 Abr 2014 18:03:27 BRT using RSA key ID 39CD217A + gpgv: Impossível verificar assinatura: chave pública não encontrada + dpkg-source: warning: failed to verify signature on ./ruby-childprocess_0.5.2-1.dsc + dpkg-source: info: extracting ruby-childprocess in ruby-childprocess-0.5.2 + dpkg-source: info: unpacking ruby-childprocess_0.5.2.orig.tar.gz + dpkg-source: info: unpacking ruby-childprocess_0.5.2-1.debian.tar.xz + 0 $ + +What happened here is that `dscverify` honoured our custom configuration above while `dpkg-source` is still relying on +the one available in the `debian-keyring` package. + +Even if you remove the `debian-keyring` package, it will still fallback to your `$HOME/.gnupg/trustedkeys.gpg` which +you don't really want to fill with keys you actually haven't stablished a proper trust relationship. + +As currently `dpkg-source` doesn't honour `GNUPGHOME` (see TODO for bugreport), all we can do currently is call `dget` +and `dpkg-source` with + + HOME=/path/to/debian/keyring/output/ dpkg-source -x $package*dsc + HOME=/path/to/debian/keyring/output/ dget <remote-dsc> + +For this trick to work, you'll need to + + ( cd /path/to/debian/keyring/output/ && ln -s keyrings .gnupg && cd .gnupg && ln -s debian-keyring.gpg trustedkeys.gpg ) + +And also set the `/path/to/debian/keyring/output/.devscripts` to the following content: + + DSCVERIFY_KEYRINGS="/usr/share/keyrings/debian-keyring.gpg:/usr/share/keyrings/debian-maintainers.gpg: + ~/keyrings/debian-keyring.gpg" + +Again, you might set two handy aliases: + + alias dpkg-source='HOME=/path/to/debian/keyring/output/ dpkg-source' + alias dget='HOME=/path/to/debian/keyring/output/ dget' + +Then you might be happy... for a while :P + +See also: + +* `dscverify(1)` manpage. +* [Debian Public Key Server](http://keyring.debian.org/). +* [apt get - How to get apt-get source verification working? - Super User](https://superuser.com/questions/626810/how-to-get-apt-get-source-verification-working). +* [Debian. How can I securely get debian-archive-keyring, so that I can do an apt-get update? NO_PUBKEY - Server Fault](http://serverfault.com/questions/337278/debian-how-can-i-securely-get-debian-archive-keyring-so-that-i-can-do-an-apt-g/337283#337283). + +Extracting the source +--------------------- + +If needed, do this after your successfully verified the sources: + + dpkg-source -x *.dsc + +Getting dependencies +-------------------- + +To get: + + apt-get build-dep package + +To remove: + + hydractl remove-dep package + +Creating the `debian/` structure +-------------------------------- + +If the package wasn't debianized, proceed with + + if [ ! -d "debian" ]; then + dh_make -p ${package}_${version} --createorig + fi + +Simple build +------------ + + dch -i + dpkg-buildpackage -rfakeroot -sa -k$KEY_ID + +Creating a new debian source +---------------------------- + + cd .. + dpkg-source -b $package* + debsign $package*.dsc + +Building and signing +-------------------- + +To generate signatures, remove `-uc` and `-us` from `dpkg-buildpackage` (see +[Complete build](http://www.debian.org/doc/maint-guide/ch-build.pt-br.html#s-completebuild)): + + dpkg-buildpackage -rfakeroot + +To sign using an specific key: + + dpkg-buildpackage -rfakeroot -kKEY_ID + diff --git a/index.md b/index.md new file mode 120000 index 0000000..42061c0 --- /dev/null +++ b/index.md @@ -0,0 +1 @@ +README.md
\ No newline at end of file diff --git a/keyring b/keyring new file mode 160000 +Subproject 44cbc7c7455532c70641d8829acb9544d83402e diff --git a/puppet/.gitignore b/puppet/.gitignore new file mode 100644 index 0000000..ce9693b --- /dev/null +++ b/puppet/.gitignore @@ -0,0 +1,2 @@ +modules/* +.vagrant diff --git a/puppet/.mrconfig b/puppet/.mrconfig new file mode 100644 index 0000000..8731bee --- /dev/null +++ b/puppet/.mrconfig @@ -0,0 +1,258 @@ + +[puppet/modules/apache] +checkout = git clone git://git.sarava.org/puppet-apache.git apache + +[puppet/modules/apcupsd] +checkout = git clone git://git.sarava.org/puppet-apcupsd.git apcupsd + +[puppet/modules/apparmor] +checkout = git clone git://git.sarava.org/puppet-apparmor.git apparmor + +[puppet/modules/apt] +checkout = git clone git://git.sarava.org/puppet-apt.git apt + +[puppet/modules/autofs] +checkout = git clone git://git.sarava.org/puppet-autofs.git autofs + +[puppet/modules/autossh] +checkout = git clone git://git.sarava.org/puppet-autossh.git autossh + +[puppet/modules/avahi] +checkout = git clone git://git.sarava.org/puppet-avahi.git avahi + +[puppet/modules/backup] +checkout = git clone git://git.sarava.org/puppet-backup.git backup + +[puppet/modules/backupninja] +checkout = git clone git://git.sarava.org/puppet-backupninja.git backupninja + +[puppet/modules/bind] +checkout = git clone git://git.sarava.org/puppet-bind.git bind + +[puppet/modules/bitcoind] +checkout = git clone git://git.sarava.org/puppet-bitcoind.git bitcoind + +[puppet/modules/bootstrap] +checkout = git clone git://git.sarava.org/puppet-bootstrap.git bootstrap + +[puppet/modules/common] +checkout = git clone git://git.sarava.org/puppet-common.git common + +[puppet/modules/concat] +checkout = git clone git://git.sarava.org/puppet-concat.git concat + +[puppet/modules/cron] +checkout = git clone git://git.sarava.org/puppet-cron.git cron + +[puppet/modules/daap_server] +checkout = git clone git://git.sarava.org/puppet-daap_server.git daap_server + +[puppet/modules/darkice] +checkout = git clone git://git.sarava.org/puppet-darkice.git darkice + +[puppet/modules/database] +checkout = git clone git://git.sarava.org/puppet-database.git database + +[puppet/modules/dhcp] +checkout = git clone git://git.sarava.org/puppet-dhcp.git dhcp + +[puppet/modules/domain_check] +checkout = git clone git://git.sarava.org/puppet-domain_check.git domain_check + +[puppet/modules/drupal] +checkout = git clone git://git.sarava.org/puppet-drupal.git drupal + +[puppet/modules/dyndns] +checkout = git clone git://git.sarava.org/puppet-dyndns.git dyndns + +[puppet/modules/ejabberd] +checkout = git clone git://git.sarava.org/puppet-ejabberd.git ejabberd + +[puppet/modules/ekeyd] +checkout = git clone git://git.sarava.org/puppet-ekeyd.git ekeyd + +[puppet/modules/etherpad] +checkout = git clone git://git.sarava.org/puppet-etherpad.git etherpad + +[puppet/modules/exim] +checkout = git clone git://git.sarava.org/puppet-exim.git exim + +[puppet/modules/firewall] +checkout = git clone git://git.sarava.org/puppet-firewall.git firewall + +[puppet/modules/git] +checkout = git clone git://git.sarava.org/puppet-git.git git + +[puppet/modules/hotglue] +checkout = git clone git://git.sarava.org/puppet-hotglue.git hotglue + +[puppet/modules/hydra] +checkout = git clone git://git.sarava.org/puppet-hydra.git hydra + +[puppet/modules/icecast] +checkout = git clone git://git.sarava.org/puppet-icecast.git icecast + +[puppet/modules/ikiwiki] +checkout = git clone git://git.sarava.org/puppet-ikiwiki.git ikiwiki + +[puppet/modules/inetd] +checkout = git clone git://git.sarava.org/puppet-inetd.git inetd + +[puppet/modules/infinoted] +checkout = git clone git://git.sarava.org/puppet-infinoted.git infinoted + +[puppet/modules/inifile] +checkout = git clone git://git.sarava.org/puppet-inifile.git inifile + +[puppet/modules/lighttpd] +checkout = git clone git://git.sarava.org/puppet-lighttpd.git lighttpd + +[puppet/modules/lsb] +checkout = git clone git://git.sarava.org/puppet-lsb.git lsb + +[puppet/modules/mail] +checkout = git clone git://git.sarava.org/puppet-mail.git mail + +[puppet/modules/minidlna] +checkout = git clone git://git.sarava.org/puppet-minidlna.git minidlna + +[puppet/modules/moin] +checkout = git clone git://git.sarava.org/puppet-moin.git moin + +[puppet/modules/monkeysphere] +checkout = git clone git://git.sarava.org/puppet-monkeysphere.git monkeysphere + +[puppet/modules/motion] +checkout = git clone git://git.sarava.org/puppet-motion.git motion + +[puppet/modules/mpd] +checkout = git clone git://git.sarava.org/puppet-mpd.git mpd + +[puppet/modules/mumble] +checkout = git clone git://git.sarava.org/puppet-mumble.git mumble + +[puppet/modules/munin] +checkout = git clone git://git.sarava.org/puppet-munin.git munin + +[puppet/modules/mysql] +checkout = git clone git://git.sarava.org/puppet-mysql.git mysql + +[puppet/modules/nagios] +checkout = git clone git://git.sarava.org/puppet-nagios.git nagios + +[puppet/modules/nfs] +checkout = git clone git://git.sarava.org/puppet-nfs.git nfs + +[puppet/modules/nginx] +checkout = git clone git://git.sarava.org/puppet-nginx.git nginx + +[puppet/modules/nodo] +checkout = git clone git://git.sarava.org/puppet-nodo.git nodo + +[puppet/modules/ntp] +checkout = git clone git://git.sarava.org/puppet-ntp.git ntp + +[puppet/modules/onion] +checkout = git clone git://git.sarava.org/puppet-onion.git onion + +[puppet/modules/pear] +checkout = git clone git://git.sarava.org/puppet-pear.git pear + +[puppet/modules/php] +checkout = git clone git://git.sarava.org/puppet-php.git php + +[puppet/modules/pmwiki] +checkout = git clone git://git.sarava.org/puppet-pmwiki.git pmwiki + +[puppet/modules/postfix] +checkout = git clone git://git.sarava.org/puppet-postfix.git postfix + +[puppet/modules/puppet] +checkout = git clone git://git.sarava.org/puppet-puppet.git puppet + +[puppet/modules/pureftpd] +checkout = git clone git://git.sarava.org/puppet-pureftpd.git pureftpd + +[puppet/modules/pyroscope] +checkout = git clone git://git.sarava.org/puppet-pyroscope.git pyroscope + +[puppet/modules/qwebirc] +checkout = git clone git://git.sarava.org/puppet-qwebirc.git qwebirc + +[puppet/modules/reprepro] +checkout = git clone git://git.sarava.org/puppet-reprepro.git reprepro + +[puppet/modules/resolvconf] +checkout = git clone git://git.sarava.org/puppet-resolvconf.git resolvconf + +[puppet/modules/rng-tools] +checkout = git clone git://git.sarava.org/puppet-rng-tools.git rng-tools + +[puppet/modules/rsync] +checkout = git clone git://git.sarava.org/puppet-rsync.git rsync + +[puppet/modules/runit] +checkout = git clone git://git.sarava.org/puppet-runit.git runit + +[puppet/modules/samba] +checkout = git clone git://git.sarava.org/puppet-samba.git samba + +[puppet/modules/schroot] +checkout = git clone git://git.sarava.org/puppet-schroot.git schroot + +[puppet/modules/shorewall] +checkout = git clone git://git.sarava.org/puppet-shorewall.git shorewall + +[puppet/modules/smartmonster] +checkout = git clone git://git.sarava.org/puppet-smartmonster.git smartmonster + +[puppet/modules/smartmontools] +checkout = git clone git://git.sarava.org/puppet-smartmontools.git smartmontools + +[puppet/modules/sshd] +checkout = git clone git://git.sarava.org/puppet-sshd.git sshd + +[puppet/modules/ssl] +checkout = git clone git://git.sarava.org/puppet-ssl.git ssl + +[puppet/modules/supervisor] +checkout = git clone git://git.sarava.org/puppet-supervisor.git supervisor + +[puppet/modules/supybot] +checkout = git clone git://git.sarava.org/puppet-supybot.git supybot + +[puppet/modules/syslog-ng] +checkout = git clone git://git.sarava.org/puppet-syslog-ng.git syslog-ng + +[puppet/modules/tftp] +checkout = git clone git://git.sarava.org/puppet-tftp.git tftp + +[puppet/modules/tor] +checkout = git clone git://git.sarava.org/puppet-tor.git tor + +[puppet/modules/trac] +checkout = git clone git://git.sarava.org/puppet-trac.git trac + +[puppet/modules/tunnel] +checkout = git clone git://git.sarava.org/puppet-tunnel.git tunnel + +[puppet/modules/user] +checkout = git clone git://git.sarava.org/puppet-user.git user + +[puppet/modules/vcsrepo] +checkout = git clone git://git.sarava.org/puppet-vcsrepo.git vcsrepo + +[puppet/modules/viewvc] +checkout = git clone git://git.sarava.org/puppet-viewvc.git viewvc + +[puppet/modules/virtual] +checkout = git clone git://git.sarava.org/puppet-virtual.git virtual + +[puppet/modules/websites] +checkout = git clone git://git.sarava.org/puppet-websites.git websites + +[puppet/modules/websvn] +checkout = git clone git://git.sarava.org/puppet-websvn.git websvn + +[puppet/modules/wordpress] +checkout = git clone git://git.sarava.org/puppet-wordpress.git wordpress diff --git a/puppet/LICENSE b/puppet/LICENSE new file mode 100644 index 0000000..dba13ed --- /dev/null +++ b/puppet/LICENSE @@ -0,0 +1,661 @@ + GNU AFFERO GENERAL PUBLIC LICENSE + Version 3, 19 November 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/> + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU Affero General Public License is a free, copyleft license for +software and other kinds of works, specifically designed to ensure +cooperation with the community in the case of network server software. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +our General Public Licenses are intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + Developers that use our General Public Licenses protect your rights +with two steps: (1) assert copyright on the software, and (2) offer +you this License which gives you legal permission to copy, distribute +and/or modify the software. + + A secondary benefit of defending all users' freedom is that +improvements made in alternate versions of the program, if they +receive widespread use, become available for other developers to +incorporate. Many developers of free software are heartened and +encouraged by the resulting cooperation. However, in the case of +software used on network servers, this result may fail to come about. +The GNU General Public License permits making a modified version and +letting the public access it on a server without ever releasing its +source code to the public. + + The GNU Affero General Public License is designed specifically to +ensure that, in such cases, the modified source code becomes available +to the community. It requires the operator of a network server to +provide the source code of the modified version running there to the +users of that server. Therefore, public use of a modified version, on +a publicly accessible server, gives the public access to the source +code of the modified version. + + An older license, called the Affero General Public License and +published by Affero, was designed to accomplish similar goals. This is +a different license, not a version of the Affero GPL, but Affero has +released a new version of the Affero GPL which permits relicensing under +this license. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU Affero General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Remote Network Interaction; Use with the GNU General Public License. + + Notwithstanding any other provision of this License, if you modify the +Program, your modified version must prominently offer all users +interacting with it remotely through a computer network (if your version +supports such interaction) an opportunity to receive the Corresponding +Source of your version by providing access to the Corresponding Source +from a network server at no charge, through some standard or customary +means of facilitating copying of software. This Corresponding Source +shall include the Corresponding Source for any work covered by version 3 +of the GNU General Public License that is incorporated pursuant to the +following paragraph. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the work with which it is combined will remain governed by version +3 of the GNU General Public License. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU Affero General Public License from time to time. Such new versions +will be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU Affero General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU Affero General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU Affero General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + <one line to give the program's name and a brief idea of what it does.> + Copyright (C) <year> <name of author> + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. + +Also add information on how to contact you by electronic and paper mail. + + If your software can interact with users remotely through a computer +network, you should also make sure that it provides a way for users to +get its source. For example, if your program is a web application, its +interface could display a "Source" link that leads users to an archive +of the code. There are many ways you could offer source, and different +solutions will be better for different programs; see section 13 for the +specific requirements. + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU AGPL, see +<http://www.gnu.org/licenses/>. diff --git a/Makefile b/puppet/Makefile index 2209271..2209271 100644 --- a/Makefile +++ b/puppet/Makefile diff --git a/puppet/README.md b/puppet/README.md new file mode 100644 index 0000000..67dad5f --- /dev/null +++ b/puppet/README.md @@ -0,0 +1,38 @@ +Puppet Boostrap Module +====================== + +This is a multi-purpose but very specific puppet module which can be used: + +* As the base repository for a puppet infrastructure. +* As a standalone provisioner for boxes, with Vagrant support. +* It can be optionally used together with the Hydra Suite from https://git.sarava.org/?p=hydra.git + +Setting up a new puppetmaster repository +---------------------------------------- + +You'll basically use the `bootstrap` repository as your `puppet` repository: + + git clone git://git.sarava.org/puppet-bootstrap.git puppet + cd puppet && git tag -v # check integrity + make deps # install dependencies + make submodules # add all needed puppet module as as git submodules + make config # basic configuration + +Using as a standalone provisioner +--------------------------------- + +This will be a `Vagrant` example: + + cd your-project + git clone git://git.sarava.org/puppet-bootstrap.git puppet # use submodule or subtree as you please + ln -s puppet/Vagrantfile # or copy if you want to customize + ( cd puppet && make modules ) # need the mr binary to download the submodules + vagrant up web # with no arguments, all defined VMs are started + +Using subtrees or symlinks for modules +-------------------------------------- + +You might use `make subtrees` instead of `make submodules`. Also, if you already have +all the modules in a different subtree, use + + make symlinks MODULES=/path/to/puppet/modules diff --git a/puppet/TODO.md b/puppet/TODO.md new file mode 100644 index 0000000..1cb987f --- /dev/null +++ b/puppet/TODO.md @@ -0,0 +1,6 @@ +TODO +==== + +* Update to new nodo style (hiera and nodo::role). +* Support for recursive clones in `bin/mrconfig`. +* Test! diff --git a/puppet/Vagrantfile b/puppet/Vagrantfile new file mode 100644 index 0000000..e7404a9 --- /dev/null +++ b/puppet/Vagrantfile @@ -0,0 +1,60 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +Vagrant::Config.run do |config| + # Every Vagrant virtual environment requires a box to build off of. + config.vm.box = "wheezy" + + # Shell provisioner to setup basic environment. + config.vm.provision :shell, :inline => "/vagrant/puppet/bin/provision" + + # Enable provisioning with Puppet stand alone. + config.vm.provision :puppet do |puppet| + puppet.manifest_file = "bootstrap/vagrant.pp" + puppet.manifests_path = "puppet/manifests" + puppet.module_path = "puppet/modules" + puppet.temp_dir = "/etc/puppet" + end + + # Define a Host VM + config.vm.define :host do |host_config| + db_config.vm.box = "host" + web_config.vm.network :hostonly, "192.168.50.101" + end + + # Define a Puppetmaster VM + config.vm.define :master do |master_config| + master_config.vm.box = "master" + master_config.vm.forward_port 8139, 8140 + web_config.vm.network :hostonly, "192.168.50.102" + end + + # Define a Proxy VM + config.vm.define :proxy do |proxy_config| + proxy_config.vm.box = "proxy" + proxy_config.vm.forward_port 8139, 8140 + web_config.vm.network :hostonly, "192.168.50.103" + end + + # Define a Web VM + config.vm.define :web do |web_config| + web_config.vm.box = "web" + web_config.vm.forward_port 80, 8080 + web_config.vm.network :hostonly, "192.168.50.104" + end + + # Define a Storage VM + config.vm.define :storage do |storage_config| + storage_config.vm.box = "storage" + storage_config.vm.network :hostonly, "192.168.50.105" + end + + # Define a Test VM + config.vm.define :test do |test_config| + test_config.vm.box = "test" + test_config.vm.network :hostonly, "192.168.50.106" + end + + # Share hiera configuration. + config.vm.share_folder "hiera", "/etc/puppet/hiera", "puppet/hiera", create: true +end diff --git a/puppet/auth.conf b/puppet/auth.conf new file mode 100644 index 0000000..47740dc --- /dev/null +++ b/puppet/auth.conf @@ -0,0 +1,99 @@ +# This is an example auth.conf file, it mimics the puppetmasterd defaults +# +# The ACL are checked in order of appearance in this file. +# +# Supported syntax: +# This file supports two different syntax depending on how +# you want to express the ACL. +# +# Path syntax (the one used below): +# --------------------------------- +# path /path/to/resource +# [environment envlist] +# [method methodlist] +# [auth[enthicated] {yes|no|on|off|any}] +# allow [host|ip|*] +# deny [host|ip] +# +# The path is matched as a prefix. That is /file match at +# the same time /file_metadat and /file_content. +# +# Regex syntax: +# ------------- +# This one is differenciated from the path one by a '~' +# +# path ~ regex +# [environment envlist] +# [method methodlist] +# [auth[enthicated] {yes|no|on|off|any}] +# allow [host|ip|*] +# deny [host|ip] +# +# The regex syntax is the same as ruby ones. +# +# Ex: +# path ~ .pp$ +# will match every resource ending in .pp (manifests files for instance) +# +# path ~ ^/path/to/resource +# is essentially equivalent to path /path/to/resource +# +# environment:: restrict an ACL to a specific set of environments +# method:: restrict an ACL to a specific set of methods +# auth:: restrict an ACL to an authenticated or unauthenticated request +# the default when unspecified is to restrict the ACL to authenticated requests +# (ie exactly as if auth yes was present). +# + +# Allow authenticated nodes to retrieve their own catalogs: + +path ~ ^/catalog/([^/]+)$ +method find +allow $1 + +# allow nodes to retrieve their own node definition + +path ~ ^/node/([^/]+)$ +method find +allow $1 + +# Allow authenticated nodes to access any file services --- in practice, this results in fileserver.conf being consulted: + +path /file +allow * + +# Allow authenticated nodes to access the certificate revocation list: + +path /certificate_revocation_list/ca +method find +allow * + +# Allow authenticated nodes to send reports: + +path /report +method save +allow * + +# Allow unauthenticated access to certificates: + +path /certificate/ca +auth no +method find +allow * + +path /certificate/ +auth no +method find +allow * + +# Allow unauthenticated nodes to submit certificate signing requests: + +path /certificate_request +auth no +method find, save +allow * + +# Deny all other requests: + +path / +auth any diff --git a/bin/dependencies b/puppet/bin/dependencies index 78ca659..78ca659 100755 --- a/bin/dependencies +++ b/puppet/bin/dependencies diff --git a/bin/mrconfig b/puppet/bin/mrconfig index f525db3..f525db3 100755 --- a/bin/mrconfig +++ b/puppet/bin/mrconfig diff --git a/bin/provision b/puppet/bin/provision index 7fa056b..7fa056b 100755 --- a/bin/provision +++ b/puppet/bin/provision diff --git a/bin/submodules b/puppet/bin/submodules index f79b635..f79b635 100755 --- a/bin/submodules +++ b/puppet/bin/submodules diff --git a/bin/subtrees b/puppet/bin/subtrees index 1858a48..1858a48 100755 --- a/bin/subtrees +++ b/puppet/bin/subtrees diff --git a/bin/symlinks b/puppet/bin/symlinks index 0a221c4..0a221c4 100755 --- a/bin/symlinks +++ b/puppet/bin/symlinks diff --git a/files/.empty b/puppet/files/.empty index e69de29..e69de29 100644 --- a/files/.empty +++ b/puppet/files/.empty diff --git a/puppet/fileserver.conf b/puppet/fileserver.conf new file mode 100644 index 0000000..e777078 --- /dev/null +++ b/puppet/fileserver.conf @@ -0,0 +1,7 @@ +# This file consists of arbitrarily named sections/modules +# defining where files are served from and to whom + +# Files +[files] + path /etc/puppet/files + allow *.vagrantup.com diff --git a/hiera.yaml b/puppet/hiera.yaml index 5230565..5230565 120000 --- a/hiera.yaml +++ b/puppet/hiera.yaml diff --git a/hiera/bootstrap.yaml b/puppet/hiera/bootstrap.yaml index ce72bfb..c4f6bca 100644 --- a/hiera/bootstrap.yaml +++ b/puppet/hiera/bootstrap.yaml @@ -16,15 +16,15 @@ bootstrap::base_domain: 'vagrantup.com' # Root password. # # Use "mkpasswd -m sha-512" to generate root and first user's passwords. -bootstrap::root::password: '' +bootstrap::root::password: '$5$aosRByu9U0$Cc7l2vpjV4sRLlao2JmG0lxOnD2crNLU7gZfn2eayu.' # # First user account # # Do not include "ssh-rsa " into the sshkey definition. -bootstrap::first_user: '' -bootstrap::first_user::password: '' -bootstrap::first_user::sshkey: '' +bootstrap::first_user: 'vagrant' +bootstrap::first_user::password: '$5$NCuDu81a$iHr7tZiGX0tKooq6N0bEwE7QDhRqfI9/yyD7WU1GiFB' +bootstrap::first_user::sshkey: 'AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ==' bootstrap::first_user::email: '' # @@ -38,7 +38,7 @@ bootstrap:first_hostname: '' bootstrap::first_nodes: false # MySQL password -mysql::server::rootpw: '' +mysql::server::rootpw: 'hackme' # Puppet master db password -nodo::role::master::db_password: '' +nodo::role::master::db_password: 'hackme' diff --git a/hiera/common.yaml b/puppet/hiera/common.yaml index d7e35a1..d7e35a1 100644 --- a/hiera/common.yaml +++ b/puppet/hiera/common.yaml diff --git a/hiera/hiera.yaml b/puppet/hiera/hiera.yaml index 0a23dec..0a23dec 100644 --- a/hiera/hiera.yaml +++ b/puppet/hiera/hiera.yaml diff --git a/keys/public/.empty b/puppet/keys/public/.empty index e69de29..e69de29 100644 --- a/keys/public/.empty +++ b/puppet/keys/public/.empty diff --git a/keys/ssh/.empty b/puppet/keys/ssh/.empty index e69de29..e69de29 100644 --- a/keys/ssh/.empty +++ b/puppet/keys/ssh/.empty diff --git a/keys/ssl/.empty b/puppet/keys/ssl/.empty index e69de29..e69de29 100644 --- a/keys/ssl/.empty +++ b/puppet/keys/ssl/.empty diff --git a/manifests/bootstrap/configurator.pp b/puppet/manifests/bootstrap/configurator.pp index d93a0ce..d93a0ce 100644 --- a/manifests/bootstrap/configurator.pp +++ b/puppet/manifests/bootstrap/configurator.pp diff --git a/manifests/bootstrap/host.pp b/puppet/manifests/bootstrap/host.pp index c1aead8..c1aead8 100644 --- a/manifests/bootstrap/host.pp +++ b/puppet/manifests/bootstrap/host.pp diff --git a/manifests/bootstrap/master.pp b/puppet/manifests/bootstrap/master.pp index 51167f3..51167f3 100644 --- a/manifests/bootstrap/master.pp +++ b/puppet/manifests/bootstrap/master.pp diff --git a/manifests/bootstrap/vagrant.pp b/puppet/manifests/bootstrap/vagrant.pp index 9206db6..9206db6 100644 --- a/manifests/bootstrap/vagrant.pp +++ b/puppet/manifests/bootstrap/vagrant.pp diff --git a/puppet/manifests/classes/users.pp b/puppet/manifests/classes/users.pp new file mode 100644 index 0000000..7ebc9a8 --- /dev/null +++ b/puppet/manifests/classes/users.pp @@ -0,0 +1,33 @@ +class users::virtual inherits user { + # define custom users here +} + +class users::backup inherits user { + # define third-party hosted backup users here +} + +class users::admin inherits user { + + # Reprepro group needed for web nodes + #if !defined(Group["reprepro"]) { + # group { "reprepro": + # ensure => present, + # } + #} + + # root user and password (default 'vagrant' passphrase) + user::manage { "root": + tag => "admin", + homedir => '/root', + password => '$5$aosRByu9U0$Cc7l2vpjV4sRLlao2JmG0lxOnD2crNLU7gZfn2eayu.', + } + + # first user config (default 'vagrant' passphrase and pubkey) + user::manage { "vagrant": + tag => "admin", + groups => [ "sudo", ], + password => '$5$NCuDu81a$iHr7tZiGX0tKooq6N0bEwE7QDhRqfI9/yyD7WU1GiFB', + sshkey => [ "AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ==" ], + } + +} diff --git a/manifests/classes/websites.pp b/puppet/manifests/classes/websites.pp index 35f27c6..35f27c6 100644 --- a/manifests/classes/websites.pp +++ b/puppet/manifests/classes/websites.pp diff --git a/manifests/hiera b/puppet/manifests/hiera index ba8aae1..ba8aae1 120000 --- a/manifests/hiera +++ b/puppet/manifests/hiera diff --git a/manifests/modules.pp b/puppet/manifests/modules.pp index 3df3fe3..3df3fe3 100644 --- a/manifests/modules.pp +++ b/puppet/manifests/modules.pp diff --git a/manifests/nodes.pp b/puppet/manifests/nodes.pp index b90f04e..b90f04e 100644 --- a/manifests/nodes.pp +++ b/puppet/manifests/nodes.pp diff --git a/manifests/nodes/.empty b/puppet/manifests/nodes/.empty index e69de29..e69de29 100644 --- a/manifests/nodes/.empty +++ b/puppet/manifests/nodes/.empty diff --git a/manifests/site.pp b/puppet/manifests/site.pp index 6f3e5aa..6f3e5aa 100644 --- a/manifests/site.pp +++ b/puppet/manifests/site.pp diff --git a/modules/bootstrap b/puppet/modules/bootstrap index a96aa0e..a96aa0e 120000 --- a/modules/bootstrap +++ b/puppet/modules/bootstrap diff --git a/modules/site_apache/files/htdocs/images/.empty b/puppet/modules/site_apache/files/htdocs/images/.empty index e69de29..e69de29 100644 --- a/modules/site_apache/files/htdocs/images/.empty +++ b/puppet/modules/site_apache/files/htdocs/images/.empty diff --git a/modules/site_apache/files/vhosts/.empty b/puppet/modules/site_apache/files/vhosts/.empty index e69de29..e69de29 100644 --- a/modules/site_apache/files/vhosts/.empty +++ b/puppet/modules/site_apache/files/vhosts/.empty diff --git a/modules/site_keys/files/ssl/.empty b/puppet/modules/site_keys/files/ssl/.empty index e69de29..e69de29 100644 --- a/modules/site_keys/files/ssl/.empty +++ b/puppet/modules/site_keys/files/ssl/.empty diff --git a/modules/site_mail/files/.empty b/puppet/modules/site_mail/files/.empty index e69de29..e69de29 100644 --- a/modules/site_mail/files/.empty +++ b/puppet/modules/site_mail/files/.empty diff --git a/modules/site_nagios/files/.empty b/puppet/modules/site_nagios/files/.empty index e69de29..e69de29 100644 --- a/modules/site_nagios/files/.empty +++ b/puppet/modules/site_nagios/files/.empty diff --git a/modules/site_nginx/files/.empty b/puppet/modules/site_nginx/files/.empty index e69de29..e69de29 100644 --- a/modules/site_nginx/files/.empty +++ b/puppet/modules/site_nginx/files/.empty diff --git a/modules/site_postfix/files/.empty b/puppet/modules/site_postfix/files/.empty index e69de29..e69de29 100644 --- a/modules/site_postfix/files/.empty +++ b/puppet/modules/site_postfix/files/.empty diff --git a/puppet/puppet.conf b/puppet/puppet.conf new file mode 100644 index 0000000..81c47ed --- /dev/null +++ b/puppet/puppet.conf @@ -0,0 +1,30 @@ +[main] +logdir = /var/log/puppet +vardir = /var/lib/puppetmaster +ssldir = $vardir/ssl +rundir = /var/run/puppet +factpath = $vardir/lib/facter +pluginsync = true + +[master] +templatedir = $vardir/templates +masterport = 8140 +autosign = false +storeconfigs = true +dbadapter = sqlite3 +#dbadapter = mysql +#dbserver = localhost +#dbuser = puppet +#dbpassword = hackme +dbconnections = 15 +certname = puppet.vagrantup.com +ssl_client_header = SSL_CLIENT_S_DN +ssl_client_verify_header = SSL_CLIENT_VERIFY + +[agent] +server = puppet.vagrantup.com +vardir = /var/lib/puppet +ssldir = $vardir/ssl +runinterval = 7200 +puppetport = 8139 +configtimeout = 300 diff --git a/templates/apache/htdocs/images/README.html.erb b/puppet/templates/apache/htdocs/images/README.html.erb index 4d0f929..4d0f929 100644 --- a/templates/apache/htdocs/images/README.html.erb +++ b/puppet/templates/apache/htdocs/images/README.html.erb diff --git a/templates/apache/htdocs/index.html.erb b/puppet/templates/apache/htdocs/index.html.erb index 6d2d7ea..6d2d7ea 100644 --- a/templates/apache/htdocs/index.html.erb +++ b/puppet/templates/apache/htdocs/index.html.erb diff --git a/templates/apache/htdocs/missing.html.erb b/puppet/templates/apache/htdocs/missing.html.erb index 0c95ef3..0c95ef3 100644 --- a/templates/apache/htdocs/missing.html.erb +++ b/puppet/templates/apache/htdocs/missing.html.erb diff --git a/templates/apache/vhosts/git.erb b/puppet/templates/apache/vhosts/git.erb index 25aecd1..25aecd1 100644 --- a/templates/apache/vhosts/git.erb +++ b/puppet/templates/apache/vhosts/git.erb diff --git a/templates/apache/vhosts/lists.erb b/puppet/templates/apache/vhosts/lists.erb index 158dfd4..158dfd4 100644 --- a/templates/apache/vhosts/lists.erb +++ b/puppet/templates/apache/vhosts/lists.erb diff --git a/templates/apache/vhosts/mail.erb b/puppet/templates/apache/vhosts/mail.erb index 3badcf0..3badcf0 100644 --- a/templates/apache/vhosts/mail.erb +++ b/puppet/templates/apache/vhosts/mail.erb diff --git a/templates/apache/vhosts/nagios.erb b/puppet/templates/apache/vhosts/nagios.erb index 8b3d252..8b3d252 100644 --- a/templates/apache/vhosts/nagios.erb +++ b/puppet/templates/apache/vhosts/nagios.erb diff --git a/templates/apache/vhosts/wiki.erb b/puppet/templates/apache/vhosts/wiki.erb index 56e395b..56e395b 100644 --- a/templates/apache/vhosts/wiki.erb +++ b/puppet/templates/apache/vhosts/wiki.erb diff --git a/templates/etc/aliases.erb b/puppet/templates/etc/aliases.erb index f520f68..f520f68 100644 --- a/templates/etc/aliases.erb +++ b/puppet/templates/etc/aliases.erb diff --git a/templates/etc/nagios3/htpasswd.users.erb b/puppet/templates/etc/nagios3/htpasswd.users.erb index c21d493..c21d493 100644 --- a/templates/etc/nagios3/htpasswd.users.erb +++ b/puppet/templates/etc/nagios3/htpasswd.users.erb diff --git a/templates/etc/nginx/domain.erb b/puppet/templates/etc/nginx/domain.erb index 4e9fa7d..4e9fa7d 100644 --- a/templates/etc/nginx/domain.erb +++ b/puppet/templates/etc/nginx/domain.erb diff --git a/templates/postfix/tls_policy.erb b/puppet/templates/postfix/tls_policy.erb index e69de29..e69de29 100644 --- a/templates/postfix/tls_policy.erb +++ b/puppet/templates/postfix/tls_policy.erb diff --git a/templates/puppet/auth.conf.erb b/puppet/templates/puppet/auth.conf.erb index 96f078c..96f078c 100644 --- a/templates/puppet/auth.conf.erb +++ b/puppet/templates/puppet/auth.conf.erb diff --git a/templates/puppet/fileserver.conf.erb b/puppet/templates/puppet/fileserver.conf.erb index e4d6e0a..e4d6e0a 100644 --- a/templates/puppet/fileserver.conf.erb +++ b/puppet/templates/puppet/fileserver.conf.erb diff --git a/templates/puppet/master.pp.erb b/puppet/templates/puppet/master.pp.erb index 5865723..5865723 100644 --- a/templates/puppet/master.pp.erb +++ b/puppet/templates/puppet/master.pp.erb diff --git a/templates/puppet/nodes.pp.erb b/puppet/templates/puppet/nodes.pp.erb index 4acddc6..4acddc6 100644 --- a/templates/puppet/nodes.pp.erb +++ b/puppet/templates/puppet/nodes.pp.erb diff --git a/templates/puppet/proxy.pp.erb b/puppet/templates/puppet/proxy.pp.erb index 908c2ec..908c2ec 100644 --- a/templates/puppet/proxy.pp.erb +++ b/puppet/templates/puppet/proxy.pp.erb diff --git a/templates/puppet/puppet.conf.erb b/puppet/templates/puppet/puppet.conf.erb index e2751ca..e2751ca 100644 --- a/templates/puppet/puppet.conf.erb +++ b/puppet/templates/puppet/puppet.conf.erb diff --git a/templates/puppet/server.pp.erb b/puppet/templates/puppet/server.pp.erb index fcd21e0..fcd21e0 100644 --- a/templates/puppet/server.pp.erb +++ b/puppet/templates/puppet/server.pp.erb diff --git a/templates/puppet/storage.pp.erb b/puppet/templates/puppet/storage.pp.erb index be93335..be93335 100644 --- a/templates/puppet/storage.pp.erb +++ b/puppet/templates/puppet/storage.pp.erb diff --git a/templates/puppet/test.pp.erb b/puppet/templates/puppet/test.pp.erb index 816eca9..816eca9 100644 --- a/templates/puppet/test.pp.erb +++ b/puppet/templates/puppet/test.pp.erb diff --git a/templates/puppet/users.pp.erb b/puppet/templates/puppet/users.pp.erb index 55a2706..55a2706 100644 --- a/templates/puppet/users.pp.erb +++ b/puppet/templates/puppet/users.pp.erb diff --git a/templates/puppet/web.pp.erb b/puppet/templates/puppet/web.pp.erb index afc328b..afc328b 100644 --- a/templates/puppet/web.pp.erb +++ b/puppet/templates/puppet/web.pp.erb diff --git a/python.md b/python.md new file mode 100644 index 0000000..42eabd6 --- /dev/null +++ b/python.md @@ -0,0 +1,31 @@ +Python packaging +================ + +Example: using [stdeb](http://github.com/astraw/stdeb) to build [http://kedpm.sf.net]. + + sudo apt-get install stdeb fakeroot + sudo apt-get install python-crypto libglade2-0 python-gtk2 python-glade2 + +File `~/.pydistutils.cfg`: + + [sdist_dsc] + force-buildsystem: False + +File `kedpm.cfg`: + + [DEFAULT] + Package: kedpm + Maintainer: User Name <user@example.org> + Depends: python-crypto + +Getting the code: + + wget http://downloads.sourceforge.net/project/kedpm/kedpm/0.4.0/kedpm-0.4.0.tar.gz + +Packaging: + + py2dsc --extra-cfg-file kedpm.cfg kedpm-0.4.0.tar.gz + cd deb_dist/kedpm-0.4.0 + dpkg-buildpackage -rfakeroot -uc -us + cd .. + sudo dpkg -i kedpm_0.4.0-1_all.deb diff --git a/references.md b/references.md new file mode 100644 index 0000000..8deebdf --- /dev/null +++ b/references.md @@ -0,0 +1,27 @@ +References +========== + +General +------- + +* [Overview — Ubuntu Packaging Guide](http://packaging.ubuntu.com/html/). +* [Debian New Maintainers' Guide](https://www.debian.org/doc/manuals/maint-guide/). +* [Debugging Debian package installations](http://mdcc.cx/debian/debugging_debian_package_installations.html). + +Pbuilder and cowbuilder +----------------------- + +* [PbuilderTricks](https://wiki.debian.org/PbuilderTricks). +* [cowbuilder](https://wiki.debian.org/cowbuilder). + +Backporting +----------- + +* [Backporting Debian packages with pbuilder](http://www.tolaris.com/2009/03/31/backporting-debian-packages-with-pbuilder/). +* [Using pbuilder to backport Debian packages](http://edseek.com/~jasonb/articles/pbuilder_backports/). +* [BuildingFormalBackports - Debian Wiki](https://wiki.debian.org/BuildingFormalBackports#Building_multi-dependencies_packages). + +Packaging with git +------------------ + +* [Co-maintaining a Debian package with Git and git-buildpackage | workaround.org](https://workaround.org/debian-git-comaintenance). diff --git a/repositories.md b/repositories.md new file mode 100644 index 0000000..8f66d72 --- /dev/null +++ b/repositories.md @@ -0,0 +1,21 @@ +Repositories +============ + +General: + +* [HowToSetupADebianRepository](https://wiki.debian.org/HowToSetupADebianRepository). +* [Setting up your own APT repository with upload support](http://www.debian-administration.org/article/286/Setting_up_your_own_APT_repository_with_upload_support). + +Reprepro: + +* [puppet-reprepro](https://git.sarava.org/?p=puppet-reprepro.git;a=summary). +Alguns links sobre como instalar e usar o reprepro: +* [reprepro](http://mirrorer.alioth.debian.org/). +* [HowToSetupADebianRepository](http://wiki.debian.org/HowToSetupADebianRepository?highlight=(reprepro)). +* [Setting up your own APT repository with upload support](http://www.debian-administration.org/article/Setting_up_your_own_APT_repository_with_upload_support). +* [Setting up a basic Debian repository with reprepro](https://noc.sidux.com/fll/wiki/reprepro). +* [Setting up and managing an APT repository with reprepro](http://www.jejik.com/articles/2006/09/setting_up_and_managing_an_apt_repository_with_reprepro/). + +Removing a package from the repository: + + su reprepro -c "reprepro -b /var/reprepro remove squeeze kedpm" @@ -0,0 +1,4 @@ +Ruby packaging +============== + +See [this](https://wiki.debian.org/Teams/Ruby/Packaging). |