From 5787a464504aca813c4063a712a4b3715ca156b6 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Fri, 25 Jan 2013 15:29:07 -0200 Subject: Refactoring for autoloading --- manifests/ca.pp | 2 +- manifests/daemon.pp | 123 ++++++++++++++++++++++++++ manifests/init.pp | 53 +++++++++-- manifests/master.pp | 166 +++++++++++++++++++++++++++++++++++ manifests/master/mongrel.pp | 17 ---- manifests/master/mongrel/disabled.pp | 16 ++++ manifests/master/passenger.pp | 2 +- manifests/puppet.pp | 48 ---------- manifests/puppetd.pp | 123 -------------------------- manifests/puppetmasterd.pp | 166 ----------------------------------- 10 files changed, 355 insertions(+), 361 deletions(-) create mode 100644 manifests/daemon.pp create mode 100644 manifests/master.pp create mode 100644 manifests/master/mongrel/disabled.pp delete mode 100644 manifests/puppet.pp delete mode 100644 manifests/puppetd.pp delete mode 100644 manifests/puppetmasterd.pp diff --git a/manifests/ca.pp b/manifests/ca.pp index 8ec6b2e..61e82b8 100644 --- a/manifests/ca.pp +++ b/manifests/ca.pp @@ -1,4 +1,4 @@ -class puppetmaster::ca { +class puppet::ca { file { '/var/lib/puppetmaster/ssl/ca': ensure => directory, diff --git a/manifests/daemon.pp b/manifests/daemon.pp new file mode 100644 index 0000000..27f3651 --- /dev/null +++ b/manifests/daemon.pp @@ -0,0 +1,123 @@ +# handles puppetd service +class puppet::daemon( + $master = false, + $main_master = false, +) { + include puppet + + case $puppetmaster_port { + '': { $puppetmaster_port = "8140" } + } + + case $puppetd_runinterval { + '': { $puppetd_runinterval = "7200" } + } + + case $puppetd_configtimeout { + '': { $puppetd_configtimeout = "120" } + } + + case $puppetd_server { + '': { $puppetd_server = "puppet.$domain" } + } + + case $puppetd_ensure { + '': { + $puppetd_ensure = $lsbdistcodename ? { + 'squeeze' => '2.7.18-1~bpo60+1', + default => installed, + } + } + } + + package { "puppet-common": + ensure => $puppetd_ensure, + } + + package { "puppet": + ensure => $puppetd_ensure, + require => Package["cron", "puppet-common"], + } + + file { "/etc/default/puppet": + source => "puppet://$server/modules/puppet/puppet", + owner => "root", + group => "root", + mode => 0644, + ensure => present, + notify => Service["puppet"], + } + + service { "puppet": + enable => true, + ensure => running, + hasrestart => true, + require => [ Package["puppet"], File["/etc/default/puppet"] ], + } + + # name of puppet agent section in config file + if $puppetversion <= "0.25.4" { + $puppet_agent_name = 'puppetd' + } else { + $puppet_agent_name = 'agent' + } + + # default config file for puppet nodes + if ($master != true) or ($main_master != true) { + file { "/etc/puppet/puppet.conf": + ensure => file, + owner => puppet, + group => puppet, + content => template("puppet/puppet-node.conf.erb"), + } + } else { + file { "/etc/puppet/puppet.conf": + ensure => file, + owner => puppet, + group => puppet, + } + } + + # cron rule to restart puppet minutes after puppetmaster is restarted + cron { "puppet-restart": + command => "/etc/init.d/puppet restart > /dev/null 2>&1", + user => root, + hour => "*/1", + minute => "10", + ensure => absent, + require => Service["puppet"], + } + + file { "/usr/local/sbin/check-puppetd.sh": + content => template("puppet/check-puppetd.sh.erb"), + owner => "puppet", + group => "puppet", + mode => 0755, + ensure => present, + } + + cron { "puppetd-check": + command => "/usr/local/sbin/check-puppetd.sh > /dev/null", + user => root, + hour => "*/1", + minute => "0", + require => File["/usr/local/sbin/check-puppetd.sh"], + ensure => present, + } + + # thanks to https://labs.riseup.net/code/projects/shared-puppet + file { "/etc/cron.d/puppetd": + source => "puppet://$server/modules/puppet/cron.d/puppetd", + owner => root, + group => root, + mode => 0644; + } + + # restore to original state after the following bug is addressed: + # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625626 + if $lsbdistcodename == 'squeeze' { + file { "/etc/logrotate.d/puppetmaster": + ensure => absent, + } + } +} diff --git a/manifests/init.pp b/manifests/init.pp index b434cce..5dd5dd9 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,5 +1,48 @@ -# This file imports the files for puppet puppet module. -import "ca.pp" -import "puppet.pp" -import "puppetd.pp" -import "puppetmasterd.pp" +# This classes manage a puppet installation, and provide for a puppetd +# service and a puppetmasterd service, the latter constantly updated by a +# cron-job which git-pushes from '/var/git/repositories/puppet.git'. + +# guarantees puppet user, group and ownerships +class puppet { + user { "puppet": + ensure => present, + allowdupe => false, + } + + group { "puppet": + ensure => present, + allowdupe => false, + } + + file { "/etc/puppet": + ensure => directory, + owner => puppet, + group => puppet, + mode => 0640, + require => User["puppet"], + } + + file { "/etc/puppet/manifests": + ensure => directory, + owner => puppet, + group => puppet, + recurse => inf, + require => User["puppet"], + } + + file { "/etc/puppet/modules": + ensure => directory, + owner => puppet, + group => puppet, + recurse => inf, + require => User["puppet"], + } + + file { "/etc/puppet/templates": + ensure => directory, + owner => puppet, + group => puppet, + recurse => inf, + require => User["puppet"], + } +} diff --git a/manifests/master.pp b/manifests/master.pp new file mode 100644 index 0000000..d3f3e88 --- /dev/null +++ b/manifests/master.pp @@ -0,0 +1,166 @@ +# handles puppetmasterd service +class puppet::master( + $main = false +) { + + # Configuration + case $puppetmaster_servertype { + 'mongrel': { + $puppetmaster_servertype = 'mongrel' + $puppetmaster_daemon_opts = '--ssl_client_header=HTTP_X_SSL_SUBJECT' + } + default: { + $puppetmaster_servertype = 'passenger' + $puppetmaster_daemon_opts = '' + } + } + + # Use this option if you want puppet to manage the certificates for all + # master nodes, useful when using multiple masters as prevents issues such as + # http://groups.google.com/group/puppet-users/browse_thread/thread/f24bd7500e9091bd + # + # The drawbacks are: + # + # - Such setup is more complete to manage when bootstrapping a fresh network. + # - It doesn't refresh the proxy server (eg. nginx) upon key updates. + # + # A better approach is to keep certificates at /etc/puppet/ssl (and hence at your puppet repo). + if $puppetmaster_manage_ca == true { + include puppetmaster::ca + } + + # then include puppet class + class { 'puppetd': + master => true, + main_master => $main, + } + + # needed packages + package { + "sqlite3": ensure => installed; + "libmysql-ruby": ensure => installed; + "ruby-hiera-puppet": ensure => $lsbdistcodename ? { + 'squeeze' => absent, + default => installed, + } + } + + case $puppetmaster_servertype { + 'mongrel': { + $puppetmaster_puppetmasters = hiera('puppet::master::worker_processes', 4) + $puppetmaster_port = hiera('puppet::master::port', '18140') + + include puppet::master::mongrel + } + 'passenger': { + include puppet::master::passenger + } + default: { + service { "puppetmaster": + enable => true, + ensure => $main ? { + true => running, + default => stopped, + }, + hasrestart => true, + pattern => 'puppet master', + require => Package['puppetmaster'], + } + } + } + + file { "/etc/default/puppetmaster": + ensure => present, + owner => root, + group => root, + mode => 0644, + content => template('puppet/puppetmaster.erb'), + notify => Service['puppetmaster'], + } + + file { "/etc/puppet/files": + ensure => directory, + owner => puppet, + group => puppet, + recurse => inf, + require => User["puppet"], + } + + file { "/etc/puppet/auth.conf": + ensure => file, + owner => puppet, + group => puppet, + require => User["puppet"], + } + + file { "/etc/puppet/fileserver.conf": + ensure => file, + owner => puppet, + group => puppet, + require => User["puppet"], + } + + # cron rule to restart puppetmaster before restarting the nodes + cron { "puppetmaster-restart": + command => "/etc/init.d/puppetmaster restart > /dev/null 2>&1", + user => root, + hour => "*/1", + minute => "0", + ensure => absent, + } + + # cron rule to execute puppetlast once a week as a report + # currently not working for puppet 2.6.x + cron { "puppetlast": + command => "/usr/local/sbin/puppetlast", + user => root, + hour => "0", + minute => "0", + weekday => "0", + ensure => $puppetversion ? { + "0.25.4" => present, + default => absent, + }, + require => File["/usr/local/sbin/puppetlast"], + } + + # update config + class { 'puppet::master::update': + ensure => $main ? { + true => present, + default => absent, + }, + } + + # custom puppetlast command, thanks to immerda module: + # http://git.puppet.immerda.ch/?p=module-puppet.git;a=summary + # + # right now it's not working, see + # https://labs.riseup.net/code/issues/2515 + file { "/usr/local/sbin/puppetlast": + source => "puppet:///modules/puppet/lastruncheck", + ensure => $main ? { + true => absent, + default => absent, + }, + owner => root, + group => root, + mode => 0700, + } + + # for storeconfigs + include mysql::server + + # Database creation as suggested by + # http://reductivelabs.com/trac/puppet/wiki/Recipes/MySQLStoredConfiguration + #exec { "create-storeconfigs-db": + # command => "/usr/bin/mysqladmin create puppet", + # unless => "/usr/bin/mysqlcheck -s puppet", + # notify => Exec["create-storeconfigs-user"], + #} + #exec { "create-storeconfigs-user": + # command => "/usr/bin/mysql -e 'grant all privileges on puppet.* to puppet@localhost identified by \"puppet\"'", + # refreshonly => true, + #} + +} diff --git a/manifests/master/mongrel.pp b/manifests/master/mongrel.pp index 987c333..5cdf551 100644 --- a/manifests/master/mongrel.pp +++ b/manifests/master/mongrel.pp @@ -30,20 +30,3 @@ class puppet::master::mongrel { } } - -class puppet::master::mongrel::disabled inherits puppet::master::mongrel { - include nginx::puppetmaster::disabled - - Service['puppetmaster'] { - enable => false, - ensure => stopped, - } - - Package['puppetmaster', 'mongrel'] { - ensure => absent, - } - - File['/etc/cron.d/puppetmaster'] { - ensure => absent, - } -} diff --git a/manifests/master/mongrel/disabled.pp b/manifests/master/mongrel/disabled.pp new file mode 100644 index 0000000..84edfd3 --- /dev/null +++ b/manifests/master/mongrel/disabled.pp @@ -0,0 +1,16 @@ +class puppet::master::mongrel::disabled inherits puppet::master::mongrel { + include nginx::puppetmaster::disabled + + Service['puppetmaster'] { + enable => false, + ensure => stopped, + } + + Package['puppetmaster', 'mongrel'] { + ensure => absent, + } + + File['/etc/cron.d/puppetmaster'] { + ensure => absent, + } +} diff --git a/manifests/master/passenger.pp b/manifests/master/passenger.pp index 221a7a2..01f1dac 100644 --- a/manifests/master/passenger.pp +++ b/manifests/master/passenger.pp @@ -4,7 +4,7 @@ class puppet::master::passenger { include puppet::master::mongrel::disabled # then include puppet class - include puppetd + include puppet::daemon package { 'puppetmaster-passenger': ensure => installed, diff --git a/manifests/puppet.pp b/manifests/puppet.pp deleted file mode 100644 index 5dd5dd9..0000000 --- a/manifests/puppet.pp +++ /dev/null @@ -1,48 +0,0 @@ -# This classes manage a puppet installation, and provide for a puppetd -# service and a puppetmasterd service, the latter constantly updated by a -# cron-job which git-pushes from '/var/git/repositories/puppet.git'. - -# guarantees puppet user, group and ownerships -class puppet { - user { "puppet": - ensure => present, - allowdupe => false, - } - - group { "puppet": - ensure => present, - allowdupe => false, - } - - file { "/etc/puppet": - ensure => directory, - owner => puppet, - group => puppet, - mode => 0640, - require => User["puppet"], - } - - file { "/etc/puppet/manifests": - ensure => directory, - owner => puppet, - group => puppet, - recurse => inf, - require => User["puppet"], - } - - file { "/etc/puppet/modules": - ensure => directory, - owner => puppet, - group => puppet, - recurse => inf, - require => User["puppet"], - } - - file { "/etc/puppet/templates": - ensure => directory, - owner => puppet, - group => puppet, - recurse => inf, - require => User["puppet"], - } -} diff --git a/manifests/puppetd.pp b/manifests/puppetd.pp deleted file mode 100644 index 62aad13..0000000 --- a/manifests/puppetd.pp +++ /dev/null @@ -1,123 +0,0 @@ -# handles puppetd service -class puppetd( - $master = false, - $main_master = false, -) { - include puppet - - case $puppetmaster_port { - '': { $puppetmaster_port = "8140" } - } - - case $puppetd_runinterval { - '': { $puppetd_runinterval = "7200" } - } - - case $puppetd_configtimeout { - '': { $puppetd_configtimeout = "120" } - } - - case $puppetd_server { - '': { $puppetd_server = "puppet.$domain" } - } - - case $puppetd_ensure { - '': { - $puppetd_ensure = $lsbdistcodename ? { - 'squeeze' => '2.7.18-1~bpo60+1', - default => installed, - } - } - } - - package { "puppet-common": - ensure => $puppetd_ensure, - } - - package { "puppet": - ensure => $puppetd_ensure, - require => Package["cron", "puppet-common"], - } - - file { "/etc/default/puppet": - source => "puppet://$server/modules/puppet/puppet", - owner => "root", - group => "root", - mode => 0644, - ensure => present, - notify => Service["puppet"], - } - - service { "puppet": - enable => true, - ensure => running, - hasrestart => true, - require => [ Package["puppet"], File["/etc/default/puppet"] ], - } - - # name of puppet agent section in config file - if $puppetversion <= "0.25.4" { - $puppet_agent_name = 'puppetd' - } else { - $puppet_agent_name = 'agent' - } - - # default config file for puppet nodes - if ($master != true) or ($main_master != true) { - file { "/etc/puppet/puppet.conf": - ensure => file, - owner => puppet, - group => puppet, - content => template("puppet/puppet-node.conf.erb"), - } - } else { - file { "/etc/puppet/puppet.conf": - ensure => file, - owner => puppet, - group => puppet, - } - } - - # cron rule to restart puppet minutes after puppetmaster is restarted - cron { "puppet-restart": - command => "/etc/init.d/puppet restart > /dev/null 2>&1", - user => root, - hour => "*/1", - minute => "10", - ensure => absent, - require => Service["puppet"], - } - - file { "/usr/local/sbin/check-puppetd.sh": - content => template("puppet/check-puppetd.sh.erb"), - owner => "puppet", - group => "puppet", - mode => 0755, - ensure => present, - } - - cron { "puppetd-check": - command => "/usr/local/sbin/check-puppetd.sh > /dev/null", - user => root, - hour => "*/1", - minute => "0", - require => File["/usr/local/sbin/check-puppetd.sh"], - ensure => present, - } - - # thanks to https://labs.riseup.net/code/projects/shared-puppet - file { "/etc/cron.d/puppetd": - source => "puppet://$server/modules/puppet/cron.d/puppetd", - owner => root, - group => root, - mode => 0644; - } - - # restore to original state after the following bug is addressed: - # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625626 - if $lsbdistcodename == 'squeeze' { - file { "/etc/logrotate.d/puppetmaster": - ensure => absent, - } - } -} diff --git a/manifests/puppetmasterd.pp b/manifests/puppetmasterd.pp deleted file mode 100644 index 53e49bc..0000000 --- a/manifests/puppetmasterd.pp +++ /dev/null @@ -1,166 +0,0 @@ -# handles puppetmasterd service -class puppetmasterd( - $main = false -) { - - # Configuration - case $puppetmaster_servertype { - 'mongrel': { - $puppetmaster_servertype = 'mongrel' - $puppetmaster_daemon_opts = '--ssl_client_header=HTTP_X_SSL_SUBJECT' - } - default: { - $puppetmaster_servertype = 'passenger' - $puppetmaster_daemon_opts = '' - } - } - - # Use this option if you want puppet to manage the certificates for all - # master nodes, useful when using multiple masters as prevents issues such as - # http://groups.google.com/group/puppet-users/browse_thread/thread/f24bd7500e9091bd - # - # The drawbacks are: - # - # - Such setup is more complete to manage when bootstrapping a fresh network. - # - It doesn't refresh the proxy server (eg. nginx) upon key updates. - # - # A better approach is to keep certificates at /etc/puppet/ssl (and hence at your puppet repo). - if $puppetmaster_manage_ca == true { - include puppetmaster::ca - } - - # then include puppet class - class { 'puppetd': - master => true, - main_master => $main, - } - - # needed packages - package { - "sqlite3": ensure => installed; - "libmysql-ruby": ensure => installed; - "ruby-hiera-puppet": ensure => $lsbdistcodename ? { - 'squeeze' => absent, - default => installed, - } - } - - case $puppetmaster_servertype { - 'mongrel': { - $puppetmaster_puppetmasters = hiera('puppet::master::worker_processes', 4) - $puppetmaster_port = hiera('puppet::master::port', '18140') - - include puppet::master::mongrel - } - 'passenger': { - include puppet::master::passenger - } - default: { - service { "puppetmaster": - enable => true, - ensure => $main ? { - true => running, - default => stopped, - }, - hasrestart => true, - pattern => 'puppet master', - require => Package['puppetmaster'], - } - } - } - - file { "/etc/default/puppetmaster": - ensure => present, - owner => root, - group => root, - mode => 0644, - content => template('puppet/puppetmaster.erb'), - notify => Service['puppetmaster'], - } - - file { "/etc/puppet/files": - ensure => directory, - owner => puppet, - group => puppet, - recurse => inf, - require => User["puppet"], - } - - file { "/etc/puppet/auth.conf": - ensure => file, - owner => puppet, - group => puppet, - require => User["puppet"], - } - - file { "/etc/puppet/fileserver.conf": - ensure => file, - owner => puppet, - group => puppet, - require => User["puppet"], - } - - # cron rule to restart puppetmaster before restarting the nodes - cron { "puppetmaster-restart": - command => "/etc/init.d/puppetmaster restart > /dev/null 2>&1", - user => root, - hour => "*/1", - minute => "0", - ensure => absent, - } - - # cron rule to execute puppetlast once a week as a report - # currently not working for puppet 2.6.x - cron { "puppetlast": - command => "/usr/local/sbin/puppetlast", - user => root, - hour => "0", - minute => "0", - weekday => "0", - ensure => $puppetversion ? { - "0.25.4" => present, - default => absent, - }, - require => File["/usr/local/sbin/puppetlast"], - } - - # update config - class { 'puppet::master::update': - ensure => $main ? { - true => present, - default => absent, - }, - } - - # custom puppetlast command, thanks to immerda module: - # http://git.puppet.immerda.ch/?p=module-puppet.git;a=summary - # - # right now it's not working, see - # https://labs.riseup.net/code/issues/2515 - file { "/usr/local/sbin/puppetlast": - source => "puppet:///modules/puppet/lastruncheck", - ensure => $main ? { - true => absent, - default => absent, - }, - owner => root, - group => root, - mode => 0700, - } - - # for storeconfigs - include mysql::server - - # Database creation as suggested by - # http://reductivelabs.com/trac/puppet/wiki/Recipes/MySQLStoredConfiguration - #exec { "create-storeconfigs-db": - # command => "/usr/bin/mysqladmin create puppet", - # unless => "/usr/bin/mysqlcheck -s puppet", - # notify => Exec["create-storeconfigs-user"], - #} - #exec { "create-storeconfigs-user": - # command => "/usr/bin/mysql -e 'grant all privileges on puppet.* to puppet@localhost identified by \"puppet\"'", - # refreshonly => true, - #} - -} -- cgit v1.2.3