diff options
| -rw-r--r-- | manifests/host-stage1.pp | 3 | ||||
| -rw-r--r-- | manifests/users.pp | 64 | ||||
| -rw-r--r-- | templates/bin/puppet-bootstrap | 63 |
3 files changed, 71 insertions, 59 deletions
diff --git a/manifests/host-stage1.pp b/manifests/host-stage1.pp index 2360b20..e026255 100644 --- a/manifests/host-stage1.pp +++ b/manifests/host-stage1.pp @@ -2,6 +2,9 @@ import "config.pp" import "nodo" import "admin_node.pp" import "firewall.pp" +import "users.pp" + +include nodo::server # creates vserver for administrative node include admin_node diff --git a/manifests/users.pp b/manifests/users.pp new file mode 100644 index 0000000..05bd1d8 --- /dev/null +++ b/manifests/users.pp @@ -0,0 +1,64 @@ +class users::virtual inherits user { + # define custom users here + + # groups + #group { [ "group1", "group2" ]: + # ensure => present, + #} + + #user::manage { "": + # tag => "virtual", + # password => '', + # comment => 'user@host.com', + # groups => [ 'group1' ], + # sshkey => absent, + #} + +} + +class users::backup inherits user { + # define third-party hosted backup users here +} + +class users::email inherits user { + # define third-party hosted email tunnels here + #user::manage { "mailuser": + # password => '*', + # groups => [ "group2" ], + # sshkey => "", + # sshkey_type => "ssh-rsa", + # homedir => '', + #} +} + +class users::admin inherits user { + + # reprepro group needed for web nodes + if !defined(Group["reprepro"]) { + group { "reprepro": + ensure => present, + } + } + + # senha escangalhada para o root + user::manage { "root": + tag => "admin", + homedir => '/root', + password => '$6$rwKJZHuG1D6v82So$oP60nSPInB408TKQjObBVN5LZyCxcPECz5SfboBnwrVLJOrbSMkd0vUjqqEZHKiBdhyETW/qpbFAer8a4XGFS.', + } + + # TODO: temporary cleanup; remove after all nodes have applied it + file { '/home/root': + ensure => absent, + recurse => true, + force => true, + } + + #user::manage { "user1": + # tag => "admin", + # groups => [ "sudo", "reprepro", "backupninjas" ], + # password => '$5$96ewxsYOOi7XbhDV$hDOleZ1B2A6dUc1ukDHhx4dmYhyAWvqYAf1xczAHmI8', + # sshkey => "", + #} + +} diff --git a/templates/bin/puppet-bootstrap b/templates/bin/puppet-bootstrap index 2f82da3..dc24910 100644 --- a/templates/bin/puppet-bootstrap +++ b/templates/bin/puppet-bootstrap @@ -13,70 +13,15 @@ function add_submodules { repos="`lynx -dump http://git.sarava.org/?a=project_index | awk '{ print $1 }' | grep ^puppet-`" for repo in $repos; do - module="`basename $repo .git | sed -e s/puppet-//`" + module="`basename $repo .git | sed -e s/^puppet-//`" if [ ! -d "modules/$module" ]; then git submodule add git://git.sarava.org/puppet-$module.git modules/$module fi done - git submodule update --init - - # checks out the desired commit for each module - cd ./modules - for i in *; do - cd $i - git checkout `get_module_stable_commit $i` - cd .. - done -} - -# got this list with the following command; -# for i in *; do -# cd $i; id=`git-log --raw | head -n 1 | cut -d" " -f2`; -# echo $i $id; cd ..; -# done -function get_module_stable_commit { -echo "apache 8c70c95a59b4d5d8ad7f09a76b2495bd7c94fb75 - apcupsd f6d5286638d722965f424bb5a15b620d3ecfbbaa - apt 98b043bdab72b66276cb3bba0784579d6bfbd4a6 - autossh cae6404e88cf20820cbaeb010d39b3905ee2aaf9 - backup 32cab55e6ceac259dd5e369d0f89e45ff7c0e3bc - backupninja acb2e81dce10fc755601bbd0c3e09cd13f1b1fec - common e0080adb1ca115ee98bf97c9cfb91fccbfeddaac - cron 124f2db6ab5c47d4c72499b86f0ed6b9363da025 - drupal 691254e94e51a046ab1f7fc636d2d632a9a325b9 - ekeyd 374d403d3417b72bd54edfed73ee193d21b5d5bb - exim 6a80d7b13af9775dc848b8011fd225928fe6b408 - git 3134368c41cc0279499e2112e9ee4334b0f63d3d - ikiwiki 94094310b4575592b9af8d81c2b8577e88b86c83 - inetd 002ce89db3bcce3c28ae3ddc0e4a153dbd23697d - mail 2cac2459245a94aa06adc2f48a8da38893eb6b5d - moin ce492cbbcf55f597f4e0145e887aaa67f281b594 - monkeysphere cfe9ef09911bace2287c21a4fb2449139e40df64 - munin 54e20452bfe6a5247881327b21db58439650c6e5 - mysql 14dbafc286141d62ed70d4e171f7a5aeac62482b - nagios 3673e3872846a5d1d99d875091204e33d844e046 - nginx f55b8471ed50cb464a7d33041063e325bc263626 - nodo 94f4e9aac8eed4265109b4ff6b542ddac2fbeaa3 - ntp 1bfd8e314c03c89ec87cebf70339bbda16ad3afb - pear 98293647e94734f796d404e206fe9425c32eddda - php ee9a5c97c4cc5c8d841fc72e050fc7ab72d1732f - pmwiki 589373257c1d7fd8e864bbdad2c2085ea91f768c - postfix 328c20af92a410bba35457c61a4882c489e0d9dd - puppet 23b1c54cf46de587d9857299fbf508bace4dceb4 - reprepro ca415e24dfabf239d792016b5522558c7a9f9828 - resolvconf c1af334f136fe24ad1a544142dfa8ffed1325657 - shorewall c49625a4cd14a53d91b7d12aea88201a211a26a2 - smartmontools edd53ae0e92e728c646faed80ce4eec46d92b588 - sshd 2c9e690d90e8fda3ad9b9ed7dc755c198127df7d - ssl 7f3d04f5657b2fb1bd3a6e9e7a437f418d5d5285 - syslog-ng d4d85663133f8ceee92e444f6ff323c068b92b93 - tor e7b56cc8b6b28d44103f8a36fe56e2f913d21f8d - trac 6d5771c3b9f604d71c1770a7f5707f4cd0aa83c1 - user 143fb7a0ff118058c831bf9b2959b7f05a10d55d - virtual 53137321e6af841159d4f40f1311befee586f36f - websvn cf31e5584c90fcb609322500596168e496d44dd7" \ - | grep $1 | sed -e s/^\ *// | cut -d" " -f 2 + do + git submodule update --init + while [ $? -ne 0 ]; } if [ $# -ne 2 ]; then |