diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2013-01-25 15:29:07 -0200 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2013-01-25 15:29:07 -0200 |
| commit | 5787a464504aca813c4063a712a4b3715ca156b6 (patch) | |
| tree | 83a1b922a7de458b5b393aa38a7dc89be324983b /manifests/master.pp | |
| parent | 0d8f86de91ee8bed32cd86075e98fa40cd8a6141 (diff) | |
| download | puppet-puppet-5787a464504aca813c4063a712a4b3715ca156b6.tar.gz puppet-puppet-5787a464504aca813c4063a712a4b3715ca156b6.tar.bz2 | |
Refactoring for autoloading
Diffstat (limited to 'manifests/master.pp')
| -rw-r--r-- | manifests/master.pp | 166 |
1 files changed, 166 insertions, 0 deletions
diff --git a/manifests/master.pp b/manifests/master.pp new file mode 100644 index 0000000..d3f3e88 --- /dev/null +++ b/manifests/master.pp @@ -0,0 +1,166 @@ +# handles puppetmasterd service +class puppet::master( + $main = false +) { + + # Configuration + case $puppetmaster_servertype { + 'mongrel': { + $puppetmaster_servertype = 'mongrel' + $puppetmaster_daemon_opts = '--ssl_client_header=HTTP_X_SSL_SUBJECT' + } + default: { + $puppetmaster_servertype = 'passenger' + $puppetmaster_daemon_opts = '' + } + } + + # Use this option if you want puppet to manage the certificates for all + # master nodes, useful when using multiple masters as prevents issues such as + # http://groups.google.com/group/puppet-users/browse_thread/thread/f24bd7500e9091bd + # + # The drawbacks are: + # + # - Such setup is more complete to manage when bootstrapping a fresh network. + # - It doesn't refresh the proxy server (eg. nginx) upon key updates. + # + # A better approach is to keep certificates at /etc/puppet/ssl (and hence at your puppet repo). + if $puppetmaster_manage_ca == true { + include puppetmaster::ca + } + + # then include puppet class + class { 'puppetd': + master => true, + main_master => $main, + } + + # needed packages + package { + "sqlite3": ensure => installed; + "libmysql-ruby": ensure => installed; + "ruby-hiera-puppet": ensure => $lsbdistcodename ? { + 'squeeze' => absent, + default => installed, + } + } + + case $puppetmaster_servertype { + 'mongrel': { + $puppetmaster_puppetmasters = hiera('puppet::master::worker_processes', 4) + $puppetmaster_port = hiera('puppet::master::port', '18140') + + include puppet::master::mongrel + } + 'passenger': { + include puppet::master::passenger + } + default: { + service { "puppetmaster": + enable => true, + ensure => $main ? { + true => running, + default => stopped, + }, + hasrestart => true, + pattern => 'puppet master', + require => Package['puppetmaster'], + } + } + } + + file { "/etc/default/puppetmaster": + ensure => present, + owner => root, + group => root, + mode => 0644, + content => template('puppet/puppetmaster.erb'), + notify => Service['puppetmaster'], + } + + file { "/etc/puppet/files": + ensure => directory, + owner => puppet, + group => puppet, + recurse => inf, + require => User["puppet"], + } + + file { "/etc/puppet/auth.conf": + ensure => file, + owner => puppet, + group => puppet, + require => User["puppet"], + } + + file { "/etc/puppet/fileserver.conf": + ensure => file, + owner => puppet, + group => puppet, + require => User["puppet"], + } + + # cron rule to restart puppetmaster before restarting the nodes + cron { "puppetmaster-restart": + command => "/etc/init.d/puppetmaster restart > /dev/null 2>&1", + user => root, + hour => "*/1", + minute => "0", + ensure => absent, + } + + # cron rule to execute puppetlast once a week as a report + # currently not working for puppet 2.6.x + cron { "puppetlast": + command => "/usr/local/sbin/puppetlast", + user => root, + hour => "0", + minute => "0", + weekday => "0", + ensure => $puppetversion ? { + "0.25.4" => present, + default => absent, + }, + require => File["/usr/local/sbin/puppetlast"], + } + + # update config + class { 'puppet::master::update': + ensure => $main ? { + true => present, + default => absent, + }, + } + + # custom puppetlast command, thanks to immerda module: + # http://git.puppet.immerda.ch/?p=module-puppet.git;a=summary + # + # right now it's not working, see + # https://labs.riseup.net/code/issues/2515 + file { "/usr/local/sbin/puppetlast": + source => "puppet:///modules/puppet/lastruncheck", + ensure => $main ? { + true => absent, + default => absent, + }, + owner => root, + group => root, + mode => 0700, + } + + # for storeconfigs + include mysql::server + + # Database creation as suggested by + # http://reductivelabs.com/trac/puppet/wiki/Recipes/MySQLStoredConfiguration + #exec { "create-storeconfigs-db": + # command => "/usr/bin/mysqladmin create puppet", + # unless => "/usr/bin/mysqlcheck -s puppet", + # notify => Exec["create-storeconfigs-user"], + #} + #exec { "create-storeconfigs-user": + # command => "/usr/bin/mysql -e 'grant all privileges on puppet.* to puppet@localhost identified by \"puppet\"'", + # refreshonly => true, + #} + +} |