# handles puppetmasterd service class puppetmasterd { # Configuration case $puppetmaster_servertype { 'mongrel': { $puppetmaster_servertype = 'mongrel' $puppetmaster_daemon_opts = '--ssl_client_header=HTTP_X_SSL_SUBJECT' } default: { $puppetmaster_servertype = 'passenger' $puppetmaster_daemon_opts = '' } } # Use this option if you want puppet to manage the certificates for all # master nodes, useful when using multiple masters as prevents issues such as # http://groups.google.com/group/puppet-users/browse_thread/thread/f24bd7500e9091bd # # The drawbacks are: # # - Such setup is more complete to manage when bootstrapping a fresh network. # - It doesn't refresh the proxy server (eg. nginx) upon key updates. # # A better approach is to keep certificates at /etc/puppet/ssl (and hence at your puppet repo). if $puppetmaster_manage_ca == true { include puppetmaster::ca } # warns that this node has a puppetmaster $puppetmasterd_present = true # then include puppet class include puppetd # needed packages package { "sqlite3": ensure => installed; "libmysql-ruby": ensure => installed; "ruby-hiera-puppet": ensure => $lsbdistcodename ? { 'squeeze' => absent, default => installed, } } case $puppetmaster_servertype { 'mongrel': { include puppet::master::mongrel } 'passenger': { include puppet::master::passenger } default: { service { "puppetmaster": enable => true, ensure => running, hasrestart => true, pattern => 'puppet master', require => Package['puppetmaster'], } } } file { "/etc/default/puppetmaster": ensure => present, owner => root, group => root, mode => 0644, content => template('puppet/puppetmaster.erb'), notify => Service['puppetmaster'], } file { "/etc/puppet/files": ensure => directory, owner => puppet, group => puppet, recurse => inf, require => User["puppet"], } file { "/etc/puppet/auth.conf": ensure => file, owner => puppet, group => puppet, require => User["puppet"], } file { "/etc/puppet/fileserver.conf": ensure => file, owner => puppet, group => puppet, require => User["puppet"], } # cron rule to restart puppetmaster before restarting the nodes cron { "puppetmaster-restart": command => "/etc/init.d/puppetmaster restart > /dev/null 2>&1", user => root, hour => "*/1", minute => "0", ensure => absent, } # cron rule to execute puppetlast once a week as a report # currently not working for puppet 2.6.x cron { "puppetlast": command => "/usr/local/sbin/puppetlast", user => root, hour => "0", minute => "0", weekday => "0", ensure => $puppetversion ? { "0.25.4" => present, default => absent, }, require => File["/usr/local/sbin/puppetlast"], } # update config class { 'puppet::master::update': } # custom puppetlast command, thanks to immerda module: # http://git.puppet.immerda.ch/?p=module-puppet.git;a=summary # # right now it's not working, see # https://labs.riseup.net/code/issues/2515 file { "/usr/local/sbin/puppetlast": source => "puppet:///modules/puppet/lastruncheck", ensure => absent, owner => root, group => root, mode => 0700, } # for storeconfigs include mysql::server # Database creation as suggested by # http://reductivelabs.com/trac/puppet/wiki/Recipes/MySQLStoredConfiguration #exec { "create-storeconfigs-db": # command => "/usr/bin/mysqladmin create puppet", # unless => "/usr/bin/mysqlcheck -s puppet", # notify => Exec["create-storeconfigs-user"], #} #exec { "create-storeconfigs-user": # command => "/usr/bin/mysql -e 'grant all privileges on puppet.* to puppet@localhost identified by \"puppet\"'", # refreshonly => true, #} } class puppetmasterd::disabled inherits puppetmasterd { Service["puppetmaster"] { ensure => stopped, } Cron["puppetlast", "puppetmaster-restart", "puppet-update"] { ensure => absent, } }