# handles puppetmasterd service
class puppet::master(
  $main       = false,
  $servertype = hiera('puppet::master::servertype', 'passenger'),
  $manager_ca = hiera('puppet::master::manage_ca',  false)
) {

  # Use this option if you want puppet to manage the certificates for all
  # master nodes, useful when using multiple masters as prevents issues such as
  # http://groups.google.com/group/puppet-users/browse_thread/thread/f24bd7500e9091bd
  #
  # The drawbacks are: 
  #
  #   - Such setup is more complete to manage when bootstrapping a fresh network.
  #   - It doesn't refresh the proxy server (eg. nginx) upon key updates.
  #
  # A better approach is to keep certificates at /etc/puppet/ssl (and hence at your puppet repo).
  if $manage_ca == true {
    include puppet::master::ca
  }

  # needed packages
  package {
    "sqlite3":           ensure => installed;
    "libmysql-ruby":     ensure => installed;
    "ruby-activerecord": ensure => installed;
    "ruby-hiera-puppet": ensure => $::lsbdistcodename ? {
        'squeeze' => absent,
        default   => installed,
      }
  }

  case $servertype {
    'mongrel': {
      $daemon_opts       = '--ssl_client_header=HTTP_X_SSL_SUBJECT'
      $worker_processes  = hiera('puppet::master::worker_processes', 4)
      $puppetmaster_port = hiera('puppet::master::port', '18140')

      include puppet::master::mongrel
    }
    'passenger': {
      $daemon_opts = ''
      include puppet::master::passenger
    }
    default: {
      service { "puppetmaster":
        enable     => true,
        ensure     => $main ? {
          true     => running,
          default  => stopped,
        },
        hasrestart => true,
        pattern    => 'puppet master',
        require    => Package['puppetmaster'],
      }
    }
  }

  file { "/etc/default/puppetmaster":
    ensure  => present,
    owner   => root,
    group   => root,
    mode    => 0644,
    content => template('puppet/puppetmaster.erb'),
    notify  => $servertype ? {
      'mongrel' => Service['puppetmaster'],
      default   => Package['puppetmaster-passenger'],
    },
  }

  file { "/etc/puppet/files":
    ensure  => directory,
    owner   => puppet,
    group   => puppet, 
    recurse => inf,
    require => User["puppet"],
  }

  file { "/etc/puppet/auth.conf":
    ensure  => file,
    owner   => puppet,
    group   => puppet, 
    require => User["puppet"],
  }

  file { "/etc/puppet/fileserver.conf":
    ensure  => file,
    owner   => puppet,
    group   => puppet, 
    require => User["puppet"],
  }

  # cron rule to restart puppetmaster before restarting the nodes
  cron { "puppetmaster-restart":
    command  => "/etc/init.d/puppetmaster restart > /dev/null 2>&1",
    user     => root,
    hour     => "*/1",
    minute   => "0",
    ensure   => absent,
  }

  # cron rule to execute puppetlast once a week as a report
  # currently not working for puppet 2.6+
  cron { "puppetlast":
    command  => "/usr/local/sbin/puppetlast",
    user     => root,
    hour     => "0",
    minute   => "0",
    weekday  => "0",
    ensure   => $::puppetversion ? {
      "0.25.4" => present,
      default  => absent,
    },
    require  => File["/usr/local/sbin/puppetlast"],
  }

  # update config
  class { 'puppet::repo':
    ensure => $main ? {
      true    => present,
      default => absent,
    },
  }
  
  # custom puppetlast command, thanks to immerda module:
  # http://git.puppet.immerda.ch/?p=module-puppet.git;a=summary
  #
  # right now it's not working, see
  # https://labs.riseup.net/code/issues/2515
  file { "/usr/local/sbin/puppetlast":
    source => "puppet:///modules/puppet/lastruncheck",
    ensure => $main ? {
      true    => absent,
      default => absent,
    },
    owner  => root,
    group  => root,
    mode   => 0700,
  }

}