madduck's git repository

Every one of the projects in this repository is available at the canonical URL git://git.madduck.net/madduck/pub/<projectpath> — see each project's metadata for the exact URL.

All patches and comments are welcome. Please squash your changes to logical commits before using git-format-patch and git-send-email to patches@git.madduck.net. If you'd read over the Git project's submission guidelines and adhered to them, I'd be especially grateful.

SSH access, as well as push access can be individually arranged.

If you use my repositories frequently, consider adding the following snippet to ~/.gitconfig and using the third clone URL listed for each project:

[url "git://git.madduck.net/madduck/"]
  insteadOf = madduck:

projects / puppet/modules/puppet.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
rename puppetd section to agent
[puppet/modules/puppet.git] / manifests / server.pp
1 # puppet module: puppet
2 #         class: puppet::server
3 #
4 # Copyright © 2010 martin f. krafft <madduck@madduck.net>
5 # Released under the terms of the Artistic Licence 2.0
6 #
7 class puppet::server::install {
8
9     package { puppetmaster:
10         ensure => installed
11     }
12
13     if $puppet_server_enable_storeconfigs {
14
15         package { [ "rails"
16                   , "rake"
17                   , "libactiverecord-ruby1.8"
18                   , "libactivesupport-ruby1.8"
19                   , "libi18n-ruby1.8"
20                   , "libjs-jquery"
21                   , "libmemcache-client-ruby1.8"
22                   , "librack-ruby"
23                   , "librack-ruby1.8"
24                   , "libtext-format-ruby1.8"
25                   , "libtmail-ruby1.8"
26                   , "libtzinfo-ruby1.8"
27                   , "rails-ruby1.8"
28                   ]:
29             ensure => installed
30         }
31
32         case $puppet_server_dbadapter {
33             postgresql: {
34                 package { [ "postgresql", "libpgsql-ruby1.8" ]:
35                     ensure => installed
36                 }
37             }
38             sqlite: {
39                 package { "libsqlite3-ruby1.8": ensure => installed }
40             }
41         }
42     }
43 }
44
45 class puppet::server::service {
46
47     service { puppetmaster:
48         ensure  => $puppet_server_ensure_running ? { true => running, false => undef },
49         enable  => $puppet_server_enable_at_boot,
50         require => [ Class["puppet::server::install"]
51                    , File["/etc/default/puppetmaster"]
52                    ]
53     }
54 }
55
56 class puppet::server::cron {
57
58     cron { restart-puppetmaster:
59         command => "if /etc/init.d/puppetmaster status | grep -q failed; then /etc/init.d/puppetmaster restart; fi",
60         user    => root,
61         minute  => '*/5',
62         require => [ Class["puppet::server::install"], Package["cron"] ],
63         ensure  => $puppet_server_ensure_running ? { true => present, false => absent }
64     }
65 }
66
67 class puppet::server::group {
68
69     group { puppetmasters:
70         ensure => present
71     }
72 }
73
74 class puppet::server::files {
75
76     include puppet::server::group
77
78     case $operatingsystem {
79         debian,ubuntu: {
80             file { "/etc/default/puppetmaster":
81                 content => template("puppet/server/etc_default_puppetmaster"),
82                 owner   => root,
83                 group   => puppet,
84                 mode    => 444
85             }
86         }
87     }
88
89     file { "/etc/puppet/manifests/dev.pp":
90         ensure  => "site.pp",
91         replace => no
92     }
93
94     define puppet_directory($ensure = directory) {
95         file { $name:
96             ensure  => $ensure,
97             owner   => root,
98             group   => puppetmasters,
99             mode    => 664,
100             recurse => true,
101             require => Group[puppetmasters],
102             ignore  => [".gitignore", ".*.sw?"]
103         }
104     }
105     puppet_directory { "/etc/puppet/files": }
106     puppet_directory { "/etc/puppet/templates": }
107     puppet_directory { "/etc/puppet/modules/production": }
108     puppet_directory { "/etc/puppet/modules/development": }
109     puppet_directory { "/etc/puppet/modules/site-local": }
110     puppet_directory { "/etc/puppet/manifests": }
111
112     if puppet_server_extnodes_script != "" {
113         puppet_directory { "$puppet_server_extnodes_nodes_uri": }
114         puppet_directory { "$puppet_server_extnodes_roles_uri": }
115     }
116
117     file { "/etc/puppet/fileserver.conf":
118         content => template("puppet/server/fileserver.conf"),
119         owner   => root,
120         group   => puppet,
121         mode    => 444,
122         notify  => Service[puppetmaster]
123     }
124
125     file { "/etc/puppet/auth.conf":
126         source => "puppet:///modules/puppet/server/auth.conf",
127         owner  => root,
128         group  => puppet,
129         mode   => 444,
130         notify  => Service[puppetmaster]
131     }
132 }
133
134 class puppet::server::ferm {
135
136     @ferm::dport_rule { "incoming-puppetmaster":
137         ensure  => $puppet_server_servertype ? {
138                       # it's in everyone's interest if access to a webrick
139                       # machine is not enabled by default
140                       'webrick' => absent, default => present
141                    },
142         dport   => $puppet_server_publicport,
143         proto   => "tcp",
144         comment => "allow connections to the puppetmaster",
145     }
146 }
147
148 class puppet::server::sudo {
149
150     if defined(Class["sudo"]) {
151         @sudo::permission { "puppetca":
152             ensure   => present,
153             who      => "%puppetmasters",
154             runas    => 'root',
155             command  => '/usr/sbin/puppetca'
156         }
157     }
158 }
159
160 class puppet::server inherits puppet::sharedconfvars {
161
162 #    if defined(Class["puppet::client"]) {
163 #        fail("You must not include the puppet::client class before puppet::server.")
164 #    }
165
166     # since client and server use the same configuration file (NARF!!!), we
167     # have to insist (see above), so that we can use a different template.
168     #$_puppet_template_file = "puppetmaster.conf"
169     #include puppet::client
170
171     $puppet_server_varlib = $puppet_server_varlib ? {
172         ""      => $puppet_client_varlib,
173         default => $puppet_server_varlib
174     }
175
176     $puppet_server_servertype = $puppet_server_servertype ? {
177         ""      => "mongrel",
178         default => $puppet_server_servertype
179     }
180
181     $puppet_server_servercount = $puppet_server_servercount ? {
182         ""      => "3",
183         default => $puppet_server_servercount
184     }
185
186     $puppet_server_baseport = $puppet_server_baseport ? {
187         ""      => "18140",
188         default => $puppet_server_baseport
189     }
190
191     $puppet_server_publicport = $puppet_server_publicport ? {
192         ""      => "8140",
193         default => $puppet_server_publicport
194     }
195
196     $puppet_server_ensure_running = $puppet_server_ensure_running ? {
197         ""      => true,
198         default => $puppet_server_ensure_running
199     }
200
201     $puppet_server_enable_at_boot = $puppet_server_enable_at_boot ? {
202         ""      => true,
203         default => $puppet_server_enable_at_boot
204     }
205
206     $puppet_server_extnodes_nodes_uri = $puppet_server_extnodes_nodes_uri ? {
207         ""      => "/etc/puppet/nodes",
208         default => $puppet_server_extnodes_nodes_uri
209     }
210
211     $puppet_server_extnodes_roles_uri = $puppet_server_extnodes_roles_uri ? {
212         ""      => "/etc/puppet/roles",
213         default => $puppet_server_extnodes_roles_uri
214     }
215
216     $puppet_server_certname = $puppet_server_certname ? {
217         ""      => $puppet_puppetmaster,
218         default => $puppet_server_certname
219     }
220
221     $puppet_server_acl_fileserver = $puppet_server_acl_fileserver ? {
222         ""      => "allow *.$puppet_default_domain",
223         default => $puppet_server_acl_fileserver
224     }
225
226     $puppet_server_acl_plugins = $puppet_server_acl_plugins ? {
227         ""      => "allow *.$puppet_default_domain",
228         default => $puppet_server_acl_plugins
229     }
230
231     $puppet_server_acl_puppetbucket = $puppet_server_acl_puppetbucket ? {
232         ""      => "allow *.$puppet_default_domain",
233         default => $puppet_server_acl_puppetbucket
234     }
235
236     $puppet_server_acl_puppetreports = $puppet_server_acl_puppetreports ? {
237         ""      => "allow *.$puppet_default_domain",
238         default => $puppet_server_acl_puppetreports
239     }
240
241     $puppet_server_acl_resource = $puppet_server_acl_resource ? {
242         ""      => "allow 127.0.0.1",
243         default => $puppet_server_acl_resource
244     }
245
246     $puppet_server_enable_storeconfigs = $puppet_server_enable_storeconfigs ? {
247         ""      => false,
248         default => $puppet_server_enable_storeconfigs
249     }
250
251     $puppet_server_thin_storeconfigs = $puppet_server_thin_storeconfigs ? {
252         ""      => false,
253         default => $puppet_server_thin_storeconfigs
254     }
255
256     $puppet_server_dbadapter = $puppet_server_dbadapter ? {
257         ""      => "postgresql",
258         default => $puppet_server_dbadapter
259     }
260
261     $puppet_server_dbuser = $puppet_server_dbuser ? {
262         ""      => "puppet",
263         default => $puppet_server_dbuser
264     }
265
266     $puppet_server_dbpassword = $puppet_server_dbpassword
267
268     $puppet_server_dbserver = $puppet_server_dbserver ? {
269         ""      => "localhost",
270         default => $puppet_server_dbserver
271     }
272
273     $puppet_server_dbname = $puppet_server_dbname ? {
274         ""      => "puppet",
275         default => $puppet_server_dbname
276     }
277
278     $puppet_server_dblocation = $puppet_server_dblocation ? {
279         ""      => "/var/lib/puppet/storeconfigs.sqlite",
280         default => $puppet_server_dbname
281     }
282
283     include puppet::server::install, puppet::server::service,
284             puppet::server::cron, puppet::server::files,
285             puppet::server::ferm, puppet::server::sudo
286
287     $_puppet_role = "server"
288     include puppet::sharedconffiles
289 }
290
291 # vim:ft=puppet
basic puppet file management

Legalese

All content available in this repository is copyright © martin f. krafft, unless otherwise noted.

All files and their content are released under the terms of the Artistic Licence 2.0, unless otherwise noted.

The operator of this repository shall not be held liable for offending content in pages linking to or linked from these page, nor does he endorse their content unless stated otherwise.