diff options
| -rw-r--r-- | manifests/admin.pp | 13 | ||||
| -rw-r--r-- | manifests/bootstrap.pp | 356 | ||||
| -rw-r--r-- | manifests/config.pp (renamed from manifests/init.pp) | 9 | ||||
| -rw-r--r-- | manifests/default-conf.pp | 314 | ||||
| -rw-r--r-- | manifests/firewall.pp | 12 | ||||
| -rw-r--r-- | manifests/gitosis.pp | 30 | ||||
| -rw-r--r-- | manifests/puppetmasterd.pp | 33 |
7 files changed, 360 insertions, 407 deletions
diff --git a/manifests/admin.pp b/manifests/admin.pp new file mode 100644 index 0000000..24da2d4 --- /dev/null +++ b/manifests/admin.pp @@ -0,0 +1,13 @@ +import "config.pp" +import "nodo" + +nodo::vserver::instance { "$host-master": + context => '2', + puppetmaster => true, +} + +host { "puppet": + ensure => present, + ip => "192.168.0.2", + host_aliases => [ "puppet.$domain", "admin" ], +} diff --git a/manifests/bootstrap.pp b/manifests/bootstrap.pp deleted file mode 100644 index d8bdbba..0000000 --- a/manifests/bootstrap.pp +++ /dev/null @@ -1,356 +0,0 @@ -class bootstrap { - - # puppet config - package { "puppet": ensure => installed, } - - service { "puppetmaster": - ensure => running, - require => [ File["$puppet_bootstrap_dir/modules/nodo"], - File["$puppet_bootstrap_dir/puppet.conf"], - File["$puppet_bootstrap_dir/fileserver.conf"], - File["$puppet_bootstrap_dir/auth.conf"], - - # some sample manifests - File["$puppet_bootstrap_dir/manifests/site.pp"], - File["$puppet_bootstrap_dir/manifests/modules.pp"], - File["$puppet_bootstrap_dir/manifests/nodes.pp"], - File["$puppet_bootstrap_dir/manifests/classes/users.pp"], - File["$puppet_bootstrap_dir/manifests/classes/websites.pp"], - File["$puppet_bootstrap_dir/manifests/nodes/$hostname-server.pp"], - File["$puppet_bootstrap_dir/manifests/nodes/$hostname-master.pp"], - File["$puppet_bootstrap_dir/manifests/nodes/$hostname-proxy.pp"], - File["$puppet_bootstrap_dir/manifests/nodes/$hostname-web.pp"], - File["$puppet_bootstrap_dir/manifests/nodes/$hostname-storage.pp"], - File["$puppet_bootstrap_dir/manifests/nodes/$hostname-test.pp"], - - # and some sample files - File["$puppet_bootstrap_dir/files/apache/htdocs/images/README.html"], - File["$puppet_bootstrap_dir/files/apache/htdocs/index.html"], - File["$puppet_bootstrap_dir/files/apache/htdocs/missing.html"], - File["$puppet_bootstrap_dir/files/apache/vhosts/git"], - File["$puppet_bootstrap_dir/files/apache/vhosts/lists"], - File["$puppet_bootstrap_dir/files/apache/vhosts/mail"], - File["$puppet_bootstrap_dir/files/apache/vhosts/nagios"], - File["$puppet_bootstrap_dir/files/apache/vhosts/wiki"], - File["$puppet_bootstrap_dir/files/etc/aliases"], - File["$puppet_bootstrap_dir/files/etc/nagios3/htpasswd.users"], - File["$puppet_bootstrap_dir/files/etc/nginx/$domain"], - File["$puppet_bootstrap_dir/files/etc/nginx/$domain"], - File["$puppet_bootstrap_dir/files/etc/keys/ssl"], - File["$puppet_bootstrap_dir/files/etc/postfix/tls_policy"], ], - } - - # reference to admin vserver - host { "$hostname": - ensure => present, - ip => "127.0.0.1", - host_aliases => [ "$hostname.$domain", "puppet.$domain", "puppet" ], - } - - # puppet submodules script - file { "/usr/local/sbin/puppet-add-sarava-submodules": - source => "files/puppet-add-sarava-submodules", - owner => "root", - group => "root", - mode => 0755, - ensure => present, - require => Package["puppet"], - } - - # execute the bootstrap script to download puppet modules - exec { "/usr/local/sbin/bootstrap get-modules": - creates => "$puppet_bootstrap_dir/modules/nodo", - user => root, - require => [ File["/usr/local/sbin/bootstrap"], File["$puppet_bootstrap_dir/modules"] ], - timeout => 600, - } - - # ensures puppet module nodo exists on system - file { "$puppet_bootstrap_dir/modules/nodo": - ensure => directory, - require => Exec["/usr/local/sbin/bootstrap get-modules"], - } - - # directories - file { "$puppet_bootstrap_dir": - ensure => directory, - owner => "puppet", - group => "puppet", - mode => 0755, - require => Package["puppet"], - } - - file { [ "$puppet_bootstrap_dir/files", - "$puppet_bootstrap_dir/manifests", - "$puppet_bootstrap_dir/modules", - "$puppet_bootstrap_dir/manifests/classes", - "$puppet_bootstrap_dir/manifests/nodes", ]: - ensure => directory, - owner => "puppet", - group => "puppet", - mode => 0755, - require => File["$puppet_bootstrap_dir"], - } - - - - # files in $puppet_bootstrap_dir - file { "$puppet_bootstrap_dir/puppet.conf": - ensure => present, - owner => "puppet", - group => "puppet", - mode => 0644, - require => Package["puppet"], - content => template("bootstrap/puppet/puppet.conf.erb"), - } - - file { "$puppet_bootstrap_dir/fileserver.conf": - ensure => present, - owner => "puppet", - group => "puppet", - mode => 0644, - require => Package["puppet"], - content => template("bootstrap/puppet/fileserver.conf.erb"), - } - - file { "$puppet_bootstrap_dir/auth.conf": - ensure => present, - owner => "puppet", - group => "puppet", - mode => 0644, - require => Package["puppet"], - content => template("bootstrap/puppet/auth.conf.erb"), - } - - # files in $puppet_bootstrap_dir/manifests - file { "$puppet_bootstrap_dir/manifests/site.pp": - ensure => present, - owner => "puppet", - group => "puppet", - mode => 0644, - require => [ Package["puppet"], File["$puppet_bootstrap_dir/manifests"] ], - content => template("bootstrap/puppet/site.pp.erb"), - } - - file { "$puppet_bootstrap_dir/manifests/modules.pp": - ensure => present, - owner => "puppet", - group => "puppet", - mode => 0644, - require => [ Package["puppet"], File["$puppet_bootstrap_dir/manifests"] ], - content => template("bootstrap/puppet/modules.pp.erb"), - } - - file { "$puppet_bootstrap_dir/manifests/nodes.pp": - ensure => present, - owner => "puppet", - group => "puppet", - mode => 0644, - require => [ Package["puppet"], File["$puppet_bootstrap_dir/manifests"] ], - content => template("bootstrap/puppet/nodes.pp.erb"), - } - - # files in $puppet_bootstrap_dir/manifests/classes - file { "$puppet_bootstrap_dir/manifests/classes/websites.pp": - ensure => present, - owner => "puppet", - group => "puppet", - mode => 0644, - require => [ Package["puppet"], File["$puppet_bootstrap_dir/manifests/classes"] ], - content => template("bootstrap/puppet/websites.pp.erb"), - } - - file { "$puppet_bootstrap_dir/manifests/classes/users.pp": - ensure => present, - owner => "puppet", - group => "puppet", - mode => 0644, - require => [ Package["puppet"], File["$puppet_bootstrap_dir/manifests/classes"] ], - content => template("bootstrap/puppet/users.pp.erb"), - } - - # files in $puppet_bootstrap_dir/manifests/nodes - file { "$puppet_bootstrap_dir/manifests/nodes/$hostname-server.pp": - ensure => present, - owner => "puppet", - group => "puppet", - mode => 0644, - require => [ Package["puppet"], File["$puppet_bootstrap_dir/manifests/nodes"] ], - content => template("bootstrap/puppet/server.pp.erb"), - } - - file { "$puppet_bootstrap_dir/manifests/nodes/$hostname-master.pp": - ensure => present, - owner => "puppet", - group => "puppet", - mode => 0644, - require => [ Package["puppet"], File["$puppet_bootstrap_dir/manifests/nodes"] ], - content => template("bootstrap/puppet/master.pp.erb"), - } - - file { "$puppet_bootstrap_dir/manifests/nodes/$hostname-proxy.pp": - ensure => present, - owner => "puppet", - group => "puppet", - mode => 0644, - require => [ Package["puppet"], File["$puppet_bootstrap_dir/manifests/nodes"] ], - content => template("bootstrap/puppet/proxy.pp.erb"), - } - - file { "$puppet_bootstrap_dir/manifests/nodes/$hostname-web.pp": - ensure => present, - owner => "puppet", - group => "puppet", - mode => 0644, - require => [ Package["puppet"], File["$puppet_bootstrap_dir/manifests/nodes"] ], - content => template("bootstrap/puppet/web.pp.erb"), - } - - file { "$puppet_bootstrap_dir/manifests/nodes/$hostname-storage.pp": - ensure => present, - owner => "puppet", - group => "puppet", - mode => 0644, - require => [ Package["puppet"], File["$puppet_bootstrap_dir/manifests/nodes"] ], - content => template("bootstrap/puppet/storage.pp.erb"), - } - - file { "$puppet_bootstrap_dir/manifests/nodes/$hostname-test.pp": - ensure => present, - owner => "puppet", - group => "puppet", - mode => 0644, - require => [ Package["puppet"], File["$puppet_bootstrap_dir/manifests/nodes"] ], - content => template("bootstrap/puppet/test.pp.erb"), - } - - - # files in $puppet_bootstrap_dir/files - file { [ "$puppet_bootstrap_dir/files", - "$puppet_bootstrap_dir/files/etc", - "$puppet_bootstrap_dir/files/etc/nginx", - "$puppet_bootstrap_dir/files/etc/nagios3", - "$puppet_bootstrap_dir/files/postfix", - "$puppet_bootstrap_dir/files/apache", - "$puppet_bootstrap_dir/files/apache/vhosts", - "$puppet_bootstrap_dir/files/apache/htdocs", - "$puppet_bootstrap_dir/files/apache/htdocs/images", - "$puppet_bootstrap_dir/files/keys", - "$puppet_bootstrap_dir/files/keys/ssl", - "$puppet_bootstrap_dir/files/shorewall", ]: - ensure => directory, - owner => "puppet", - group => "puppet", - mode => 0755, - } - - file { "$puppet_bootstrap_dir/files/apache/htdocs/images/README.html": - ensure => present, - owner => "puppet", - group => "puppet", - mode => 0644, - require => [ Package["puppet"], File["$puppet_bootstrap_dir/files/apache/htdocs/images"] ], - content => template("files/apache/htdocs/images/README.html"), - } - - file { "$puppet_bootstrap_dir/files/apache/htdocs/index.html": - ensure => present, - owner => "puppet", - group => "puppet", - mode => 0644, - require => [ Package["puppet"], File["$puppet_bootstrap_dir/files/apache/htdocs"] ], - content => template("files/apache/htdocs/index.html.erb"), - } - - file { "$puppet_bootstrap_dir/files/apache/htdocs/missing.html": - ensure => present, - owner => "puppet", - group => "puppet", - mode => 0644, - require => [ Package["puppet"], File["$puppet_bootstrap_dir/files/apache/htdocs"] ], - content => template("files/apache/htdocs/missing.html.erb"), - } - - file { "$puppet_bootstrap_dir/files/apache/vhosts/git": - ensure => present, - owner => "puppet", - group => "puppet", - mode => 0644, - require => [ Package["puppet"], File["$puppet_bootstrap_dir/files/apache/vhosts"] ], - content => template("files/apache/vhosts/git.erb"), - } - - file { "$puppet_bootstrap_dir/files/apache/vhosts/lists": - ensure => present, - owner => "puppet", - group => "puppet", - mode => 0644, - require => [ Package["puppet"], File["$puppet_bootstrap_dir/files/apache/vhosts"] ], - content => template("files/apache/vhosts/lists.erb"), - } - - file { "$puppet_bootstrap_dir/files/apache/vhosts/mail": - ensure => present, - owner => "puppet", - group => "puppet", - mode => 0644, - require => [ Package["puppet"], File["$puppet_bootstrap_dir/files/apache/vhosts"] ], - content => template("files/apache/vhosts/mail.erb"), - } - - file { "$puppet_bootstrap_dir/files/apache/vhosts/nagios": - ensure => present, - owner => "puppet", - group => "puppet", - mode => 0644, - require => [ Package["puppet"], File["$puppet_bootstrap_dir/files/apache/vhosts"] ], - content => template("files/apache/vhosts/nagios.erb"), - } - - file { "$puppet_bootstrap_dir/files/apache/vhosts/wiki": - ensure => present, - owner => "puppet", - group => "puppet", - mode => 0644, - require => [ Package["puppet"], File["$puppet_bootstrap_dir/files/apache/vhosts"] ], - content => template("files/apache/vhosts/wiki.erb"), - } - - file { "$puppet_bootstrap_dir/files/etc/aliases": - ensure => present, - owner => "puppet", - group => "puppet", - mode => 0644, - require => [ Package["puppet"], File["$puppet_bootstrap_dir/files/etc"] ], - content => template("files/etc/aliases.erb"), - } - - file { "$puppet_bootstrap_dir/files/etc/nagios3/htpasswd.users": - ensure => present, - owner => "puppet", - group => "puppet", - mode => 0644, - require => [ Package["puppet"], File["$puppet_bootstrap_dir/files/etc/nagios3.users"] ], - content => template("files/etc/nagios3/htpasswd.users.erb"), - } - - file { "$puppet_bootstrap_dir/files/etc/nginx/$domain": - ensure => present, - owner => "puppet", - group => "puppet", - mode => 0644, - require => [ Package["puppet"], File["$puppet_bootstrap_dir/files/etc/nginx"] ], - content => template("files/etc/nginx/domain.erb"), - } - - file { "$puppet_bootstrap_dir/files/postfix/tls_policy": - ensure => present, - owner => "puppet", - group => "puppet", - mode => 0644, - require => [ Package["puppet"], File["$puppet_bootstrap_dir/files/postfix"] ], - content => template("files/postfix/tls_policy.erb"), - } - -} - diff --git a/manifests/init.pp b/manifests/config.pp index 0204b57..52dcb50 100644 --- a/manifests/init.pp +++ b/manifests/config.pp @@ -1,5 +1,3 @@ -import "bootstrap.pp" - $mysql_rootpw = "mysqlpass" $puppetmaster_db_password = "puppetpass" $first_user = "user" @@ -7,8 +5,5 @@ $first_user_password = "userpass" $first_user_sshkey = "usersshkey" $first_user_email = "usermail" -$puppet_bootstrap_dir = "/var/local/puppet-bootstrap" - -include gitosis -include puppetmasterd -include bootstrap +$puppet_dir = "/var/local/puppet" +$default_puppet_conf_dir = "$puppet_dir/default-conf" diff --git a/manifests/default-conf.pp b/manifests/default-conf.pp new file mode 100644 index 0000000..b1453a3 --- /dev/null +++ b/manifests/default-conf.pp @@ -0,0 +1,314 @@ +import "config.pp" + +# puppet config +package { [ "puppet", "puppetmaster" ]: ensure => installed, } + +service { "puppetmaster": + ensure => stopped, + require => Package["puppetmaster"] +} + +# reference to admin vserver +host { "$hostname": + ensure => present, + ip => "127.0.0.1", + host_aliases => [ "$hostname.$domain", "puppet.$domain", "puppet", "admin" ], +} + +# puppet submodules script +file { "/usr/local/sbin/puppet-bootstrap": + source => "files/puppet-bootstrap", + owner => "root", + group => "root", + mode => 0755, + ensure => present, + require => Package["puppet"], +} + +# execute the bootstrap script to download puppet modules +exec { "/usr/local/sbin/puppet-bootstrap add-submodules": + user => root, + require => [ File["/usr/local/sbin/puppet-bootstrap"], File["$default_puppet_conf_dir/modules"] ], + timeout => 600, +} + +# directories +file { "$default_puppet_conf_dir": + ensure => directory, + owner => "puppet", + group => "puppet", + mode => 0755, + require => Package["puppet"], +} + +file { [ "$default_puppet_conf_dir/files", + "$default_puppet_conf_dir/manifests", + "$default_puppet_conf_dir/modules", + "$default_puppet_conf_dir/manifests/classes", + "$default_puppet_conf_dir/manifests/nodes", ]: + ensure => directory, + owner => "puppet", + group => "puppet", + mode => 0755, + require => File["$default_puppet_conf_dir"], +} + + + +# files in $default_puppet_conf_dir +file { "$default_puppet_conf_dir/puppet.conf": + ensure => present, + owner => "puppet", + group => "puppet", + mode => 0644, + require => Package["puppet"], + content => template("bootstrap/puppet/puppet.conf.erb"), +} + +file { "$default_puppet_conf_dir/fileserver.conf": + ensure => present, + owner => "puppet", + group => "puppet", + mode => 0644, + require => Package["puppet"], + content => template("bootstrap/puppet/fileserver.conf.erb"), +} + +file { "$default_puppet_conf_dir/auth.conf": + ensure => present, + owner => "puppet", + group => "puppet", + mode => 0644, + require => Package["puppet"], + content => template("bootstrap/puppet/auth.conf.erb"), +} + +# files in $default_puppet_conf_dir/manifests +file { "$default_puppet_conf_dir/manifests/site.pp": + ensure => present, + owner => "puppet", + group => "puppet", + mode => 0644, + require => [ Package["puppet"], File["$default_puppet_conf_dir/manifests"] ], + content => template("bootstrap/puppet/site.pp.erb"), +} + +file { "$default_puppet_conf_dir/manifests/modules.pp": + ensure => present, + owner => "puppet", + group => "puppet", + mode => 0644, + require => [ Package["puppet"], File["$default_puppet_conf_dir/manifests"] ], + content => template("bootstrap/puppet/modules.pp.erb"), +} + +file { "$default_puppet_conf_dir/manifests/nodes.pp": + ensure => present, + owner => "puppet", + group => "puppet", + mode => 0644, + require => [ Package["puppet"], File["$default_puppet_conf_dir/manifests"] ], + content => template("bootstrap/puppet/nodes.pp.erb"), +} + +# files in $default_puppet_conf_dir/manifests/classes +file { "$default_puppet_conf_dir/manifests/classes/websites.pp": + ensure => present, + owner => "puppet", + group => "puppet", + mode => 0644, + require => [ Package["puppet"], File["$default_puppet_conf_dir/manifests/classes"] ], + content => template("bootstrap/puppet/websites.pp.erb"), +} + +file { "$default_puppet_conf_dir/manifests/classes/users.pp": + ensure => present, + owner => "puppet", + group => "puppet", + mode => 0644, + require => [ Package["puppet"], File["$default_puppet_conf_dir/manifests/classes"] ], + content => template("bootstrap/puppet/users.pp.erb"), +} + +# files in $default_puppet_conf_dir/manifests/nodes +file { "$default_puppet_conf_dir/manifests/nodes/$hostname-server.pp": + ensure => present, + owner => "puppet", + group => "puppet", + mode => 0644, + require => [ Package["puppet"], File["$default_puppet_conf_dir/manifests/nodes"] ], + content => template("bootstrap/puppet/server.pp.erb"), +} + +file { "$default_puppet_conf_dir/manifests/nodes/$hostname-master.pp": + ensure => present, + owner => "puppet", + group => "puppet", + mode => 0644, + require => [ Package["puppet"], File["$default_puppet_conf_dir/manifests/nodes"] ], + content => template("bootstrap/puppet/master.pp.erb"), +} + +file { "$default_puppet_conf_dir/manifests/nodes/$hostname-proxy.pp": + ensure => present, + owner => "puppet", + group => "puppet", + mode => 0644, + require => [ Package["puppet"], File["$default_puppet_conf_dir/manifests/nodes"] ], + content => template("bootstrap/puppet/proxy.pp.erb"), +} + +file { "$default_puppet_conf_dir/manifests/nodes/$hostname-web.pp": + ensure => present, + owner => "puppet", + group => "puppet", + mode => 0644, + require => [ Package["puppet"], File["$default_puppet_conf_dir/manifests/nodes"] ], + content => template("bootstrap/puppet/web.pp.erb"), +} + +file { "$default_puppet_conf_dir/manifests/nodes/$hostname-storage.pp": + ensure => present, + owner => "puppet", + group => "puppet", + mode => 0644, + require => [ Package["puppet"], File["$default_puppet_conf_dir/manifests/nodes"] ], + content => template("bootstrap/puppet/storage.pp.erb"), +} + +file { "$default_puppet_conf_dir/manifests/nodes/$hostname-test.pp": + ensure => present, + owner => "puppet", + group => "puppet", + mode => 0644, + require => [ Package["puppet"], File["$default_puppet_conf_dir/manifests/nodes"] ], + content => template("bootstrap/puppet/test.pp.erb"), +} + + +# files in $default_puppet_conf_dir/files +file { [ "$default_puppet_conf_dir/files", + "$default_puppet_conf_dir/files/etc", + "$default_puppet_conf_dir/files/etc/nginx", + "$default_puppet_conf_dir/files/etc/nagios3", + "$default_puppet_conf_dir/files/postfix", + "$default_puppet_conf_dir/files/apache", + "$default_puppet_conf_dir/files/apache/vhosts", + "$default_puppet_conf_dir/files/apache/htdocs", + "$default_puppet_conf_dir/files/apache/htdocs/images", + "$default_puppet_conf_dir/files/keys", + "$default_puppet_conf_dir/files/keys/ssl", + "$default_puppet_conf_dir/files/shorewall", ]: + ensure => directory, + owner => "puppet", + group => "puppet", + mode => 0755, +} + +file { "$default_puppet_conf_dir/files/apache/htdocs/images/README.html": + ensure => present, + owner => "puppet", + group => "puppet", + mode => 0644, + require => [ Package["puppet"], File["$default_puppet_conf_dir/files/apache/htdocs/images"] ], + content => template("files/apache/htdocs/images/README.html"), +} + +file { "$default_puppet_conf_dir/files/apache/htdocs/index.html": + ensure => present, + owner => "puppet", + group => "puppet", + mode => 0644, + require => [ Package["puppet"], File["$default_puppet_conf_dir/files/apache/htdocs"] ], + content => template("files/apache/htdocs/index.html.erb"), +} + +file { "$default_puppet_conf_dir/files/apache/htdocs/missing.html": + ensure => present, + owner => "puppet", + group => "puppet", + mode => 0644, + require => [ Package["puppet"], File["$default_puppet_conf_dir/files/apache/htdocs"] ], + content => template("files/apache/htdocs/missing.html.erb"), +} + +file { "$default_puppet_conf_dir/files/apache/vhosts/git": + ensure => present, + owner => "puppet", + group => "puppet", + mode => 0644, + require => [ Package["puppet"], File["$default_puppet_conf_dir/files/apache/vhosts"] ], + content => template("files/apache/vhosts/git.erb"), +} + +file { "$default_puppet_conf_dir/files/apache/vhosts/lists": + ensure => present, + owner => "puppet", + group => "puppet", + mode => 0644, + require => [ Package["puppet"], File["$default_puppet_conf_dir/files/apache/vhosts"] ], + content => template("files/apache/vhosts/lists.erb"), +} + +file { "$default_puppet_conf_dir/files/apache/vhosts/mail": + ensure => present, + owner => "puppet", + group => "puppet", + mode => 0644, + require => [ Package["puppet"], File["$default_puppet_conf_dir/files/apache/vhosts"] ], + content => template("files/apache/vhosts/mail.erb"), +} + +file { "$default_puppet_conf_dir/files/apache/vhosts/nagios": + ensure => present, + owner => "puppet", + group => "puppet", + mode => 0644, + require => [ Package["puppet"], File["$default_puppet_conf_dir/files/apache/vhosts"] ], + content => template("files/apache/vhosts/nagios.erb"), +} + +file { "$default_puppet_conf_dir/files/apache/vhosts/wiki": + ensure => present, + owner => "puppet", + group => "puppet", + mode => 0644, + require => [ Package["puppet"], File["$default_puppet_conf_dir/files/apache/vhosts"] ], + content => template("files/apache/vhosts/wiki.erb"), +} + +file { "$default_puppet_conf_dir/files/etc/aliases": + ensure => present, + owner => "puppet", + group => "puppet", + mode => 0644, + require => [ Package["puppet"], File["$default_puppet_conf_dir/files/etc"] ], + content => template("files/etc/aliases.erb"), +} + +file { "$default_puppet_conf_dir/files/etc/nagios3/htpasswd.users": + ensure => present, + owner => "puppet", + group => "puppet", + mode => 0644, + require => [ Package["puppet"], File["$default_puppet_conf_dir/files/etc/nagios3.users"] ], + content => template("files/etc/nagios3/htpasswd.users.erb"), +} + +file { "$default_puppet_conf_dir/files/etc/nginx/$domain": + ensure => present, + owner => "puppet", + group => "puppet", + mode => 0644, + require => [ Package["puppet"], File["$default_puppet_conf_dir/files/etc/nginx"] ], + content => template("files/etc/nginx/domain.erb"), +} + +file { "$default_puppet_conf_dir/files/postfix/tls_policy": + ensure => present, + owner => "puppet", + group => "puppet", + mode => 0644, + require => [ Package["puppet"], File["$default_puppet_conf_dir/files/postfix"] ], + content => template("files/postfix/tls_policy.erb"), +} diff --git a/manifests/firewall.pp b/manifests/firewall.pp new file mode 100644 index 0000000..10f5988 --- /dev/null +++ b/manifests/firewall.pp @@ -0,0 +1,12 @@ +import "config.pp" +import "shorewall" + +shorewall::rule { "ssh-02": + action => 'DNAT', + source => 'net', + destination => "vm:192.168.0.$context:22", + proto => 'tcp', + destinationport => "22$id", + ratelimit => '-', + order => "202", +} diff --git a/manifests/gitosis.pp b/manifests/gitosis.pp index 45f63d3..14bd1dc 100644 --- a/manifests/gitosis.pp +++ b/manifests/gitosis.pp @@ -1,28 +1,4 @@ -class gitosis { - # directory for gitosis user and repositories - file { "/var/git": - ensure => directory, - mode => 0755, - owner => gitosis, - group => gitosis; - } +import "config.pp" +import "git" - # the needed packages - package { [ "gitosis", "sudo", "git"]: ensure => installed; } - - # alters the user's home dir - user { gitosis: - allowdupe => false, - comment => "git repository hosting,,,", - ensure => present, - home => "/var/git", - shell => "/bin/sh"; - } - - # tries to get rid of ugly directory structure - file { "/srv/gitosis": - ensure => absent, - force => true; - } - file { "/srv": ensure => absent; } -} +include gitosis diff --git a/manifests/puppetmasterd.pp b/manifests/puppetmasterd.pp index 44681fc..64aaa04 100644 --- a/manifests/puppetmasterd.pp +++ b/manifests/puppetmasterd.pp @@ -1,21 +1,20 @@ -class puppetmasterd { - package { "puppetmaster": ensure => installed, } +import "config.pp" - # updates the puppet configuration dir with git repositories - # every 5 minutes. - cron { puppet-conf: - command => "git --git-dir=/etc/puppet/.git/ pull /var/git/repositories/puppet.git master && \ - git --git-dir=/etc/puppet/.git/ --work-tree=/etc/puppet/ checkout -f", - user => root, - hour => '*', - minute => '*/5', - ensure => present, - } +package { "puppetmaster": ensure => installed, } - # runs the service - service { "puppetmasterd": - ensure => stopped, - depends => Package["puppetmaster"], - } +# updates the puppet configuration dir with git repositories +# every 5 minutes. +cron { puppet-conf: + command => "git --git-dir=/etc/puppet/.git/ pull /var/git/repositories/puppet.git master && \ + git --git-dir=/etc/puppet/.git/ --work-tree=/etc/puppet/ checkout -f", + user => root, + hour => '*', + minute => '*/5', + ensure => present, } +# runs the service +service { "puppetmasterd": + ensure => stopped, + depends => Package["puppetmaster"], +} |