From jmeeuwen at puppetmanaged.org Wed Jun 2 23:30:48 2010 From: jmeeuwen at puppetmanaged.org (Jeroen van Meeuwen) Date: Wed, 2 Jun 2010 23:30:48 +0200 Subject: [Commits] Branch 'development' - manifests/init.pp Message-ID: <201006022130.o52LUm9E028389@master.puppetmanaged.org> manifests/init.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) New commits: commit 208782bd3b053628bb15a59762389bafc64bdee4 Author: Jeroen van Meeuwen (Ergo Project) Date: Wed Jun 2 23:27:57 2010 +0200 Fix $real_name issue in testing the zone before reloading the zone diff --git a/manifests/init.pp b/manifests/init.pp index dab641a..ddead61 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -61,11 +61,11 @@ class dns { onlyif => $view ? { false => $real_name ? { false => "named-checkzone $name /var/named/$name.zone", - default => "named-checkzone $name /var/named/$real_name.zone", + default => "named-checkzone $real_name /var/named/$real_name.zone", }, default => $real_name ? { false => "named-checkzone $name /var/named/$view/$name.zone", - default => "named-checkzone $name /var/named/$view/$real_name.zone", + default => "named-checkzone $real_name /var/named/$view/$real_name.zone", } }, refreshonly => true From jmeeuwen at puppetmanaged.org Wed Jun 2 23:42:35 2010 From: jmeeuwen at puppetmanaged.org (Jeroen van Meeuwen) Date: Wed, 2 Jun 2010 23:42:35 +0200 Subject: [Commits] Branch 'development' - files/iptables-functions Message-ID: <201006022142.o52LgZOY019103@master.puppetmanaged.org> files/iptables-functions | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) New commits: commit 1f3a94b7d1782ab7e66b40362689255cc6de947d Author: Jeroen van Meeuwen (Ergo Project) Date: Wed Jun 2 23:39:27 2010 +0200 If there is no openvpn configuration on this box, make assumptions (1194/tcp) diff --git a/files/iptables-functions b/files/iptables-functions index 69be86a..5943819 100644 --- a/files/iptables-functions +++ b/files/iptables-functions @@ -299,8 +299,15 @@ function allow_ntp() { } function allow_openvpn() { - port=`grep ^port /etc/openvpn/server.conf | awk '{print $2}'` - proto=`grep ^proto /etc/openvpn/server.conf | awk '{print $2}'` + if [ -f "/etc/openvpn/server.conf" ]; then + port=`grep ^port /etc/openvpn/server.conf | awk '{print $2}'` + proto=`grep ^proto /etc/openvpn/server.conf | awk '{print $2}'` + else + # Make assumptions + port="1194" + proto="tcp" + fi + [ -z "$port" ] && break [ -z "$proto" ] && break allow_standard_protocol $port $proto $@ From jmeeuwen at puppetmanaged.org Thu Jun 3 14:39:57 2010 From: jmeeuwen at puppetmanaged.org (Jeroen van Meeuwen) Date: Thu, 3 Jun 2010 14:39:57 +0200 Subject: [Commits] Branch 'development' - 2 commits - files/iptables-functions Message-ID: <201006031239.o53CdvNg015885@master.puppetmanaged.org> files/iptables-functions | 11 +++++++++++ 1 file changed, 11 insertions(+) New commits: commit c94ea3d4301db742e82fbb098b608def1b071dbc Author: Jeroen van Meeuwen (Ergo Project) Date: Thu Jun 3 14:37:19 2010 +0200 Add a function for cobbler diff --git a/files/iptables-functions b/files/iptables-functions index e0e329a..cf55c7d 100644 --- a/files/iptables-functions +++ b/files/iptables-functions @@ -182,6 +182,10 @@ function allow_certmaster() { allow_standard_protocol "51235" "tcp" $@ } +function allow_cobbler() { + allow_standard_protocol "25151" "tcp" $@ +} + function allow_cifs() { allow_standard_protocol "137" "udp" $@ allow_standard_protocol "138" "udp" $@ commit 1e25129263c32ba8880b2083b0b2844124ba0de3 Author: Jeroen van Meeuwen (Ergo Project) Date: Thu Jun 3 13:40:45 2010 +0200 Add function for dhcp and tftp (both server side) diff --git a/files/iptables-functions b/files/iptables-functions index 5943819..e0e329a 100644 --- a/files/iptables-functions +++ b/files/iptables-functions @@ -188,6 +188,10 @@ function allow_cifs() { allow_standard_protocol "139" "tcp" $@ } +function allow_dhcp() { + allow_standard_protocol "67" "udp" $@ +} + function allow_dns_queries() { allow_standard_protocol "53" "udp" $@ } @@ -398,3 +402,6 @@ function allow_syslog() { allow_standard_protocol "514" "tcp" $@ } +function allow_tftp() { + allow_standard_protocol "69" "udp" $@ +} \ No newline at end of file From jmeeuwen at puppetmanaged.org Fri Jun 4 15:24:47 2010 From: jmeeuwen at puppetmanaged.org (Jeroen van Meeuwen) Date: Fri, 4 Jun 2010 15:24:47 +0200 Subject: [Commits] Branch 'development' - files/CentOS Message-ID: <201006041324.o54DOlgg020761@master.puppetmanaged.org> files/CentOS/5/repos/custom-buildsys.repo | 1 + files/CentOS/5/repos/custom-buildsys.repo.disabled | 1 + 2 files changed, 2 insertions(+) New commits: commit 23d1793f627e6ba46bdb0d927c1b302acc894cdc Author: Jeroen van Meeuwen (Ergo Project) Date: Fri Jun 4 15:22:09 2010 +0200 Add custom buildsys repositories diff --git a/files/CentOS/5/repos/custom-buildsys.repo b/files/CentOS/5/repos/custom-buildsys.repo new file mode 120000 index 0000000..e5a67cd --- /dev/null +++ b/files/CentOS/5/repos/custom-buildsys.repo @@ -0,0 +1 @@ +../../../RedHat/5/repos/custom-buildsys.repo \ No newline at end of file diff --git a/files/CentOS/5/repos/custom-buildsys.repo.disabled b/files/CentOS/5/repos/custom-buildsys.repo.disabled new file mode 120000 index 0000000..058e425 --- /dev/null +++ b/files/CentOS/5/repos/custom-buildsys.repo.disabled @@ -0,0 +1 @@ +../../../RedHat/5/repos/custom-buildsys.repo.disabled \ No newline at end of file From jmeeuwen at puppetmanaged.org Fri Jun 4 16:49:08 2010 From: jmeeuwen at puppetmanaged.org (Jeroen van Meeuwen) Date: Fri, 4 Jun 2010 16:49:08 +0200 Subject: [Commits] Branch 'development' - mock/revisor-13-i386.cfg mock/revisor-13-x86_64.cfg Message-ID: <201006041449.o54En8kv015943@master.puppetmanaged.org> mock/revisor-13-i386.cfg | 42 ++++++++++++++++++++++++++++++++++++++++++ mock/revisor-13-x86_64.cfg | 44 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 86 insertions(+) New commits: commit 2c9132b5e9d92f83dab31d9c21ed23254e9111af Author: Jeroen van Meeuwen (Ergo Project) Date: Fri Jun 4 16:46:24 2010 +0200 Add revisor mock config for 13 diff --git a/mock/revisor-13-i386.cfg b/mock/revisor-13-i386.cfg new file mode 100644 index 0000000..364d83c --- /dev/null +++ b/mock/revisor-13-i386.cfg @@ -0,0 +1,42 @@ +config_opts['root'] = 'revisor-13-i386' +config_opts['target_arch'] = 'i386' +config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build' +config_opts['dist'] = 'fc13' # only useful for --resultdir variable subst +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/', '/dev/' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/data/revisor/', '/data/revisor/' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/var/tmp/revisor-yumcache/', '/var/tmp/revisor-yumcache/' )) + +config_opts['yum.conf'] = """ +[main] +cachedir=/var/cache/yum +debuglevel=3 +reposdir=/dev/null +logfile=/var/log/yum.log +retries=20 +obsoletes=1 +gpgcheck=0 +assumeyes=1 + +# repos + +[fedora] +name=fedora +baseurl=http://localrepo/fedora/releases/13/Everything/i386/os/ +mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-13&arch=i386 +failovermethod=priority + +[updates-released] +name=updates +baseurl=http://localrepo/fedora/updates/13/i386/ +mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f13&arch=i386 +failovermethod=priority + +[local] +name=local +baseurl=http://koji.fedoraproject.org/static-repos/dist-fc13-build-current/i386/ +cost=2000 +enabled=0 +""" + + + diff --git a/mock/revisor-13-x86_64.cfg b/mock/revisor-13-x86_64.cfg new file mode 100644 index 0000000..3194076 --- /dev/null +++ b/mock/revisor-13-x86_64.cfg @@ -0,0 +1,44 @@ +config_opts['root'] = 'revisor-13-x86_64' +config_opts['target_arch'] = 'x86_64' +config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build' +config_opts['dist'] = 'fc13' # only useful for --resultdir variable subst +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/', '/dev/' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/data/revisor/', '/data/revisor/' )) +config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/var/tmp/revisor-yumcache/', '/var/tmp/revisor-yumcache/' )) + +config_opts['yum.conf'] = """ +[main] +cachedir=/var/cache/yum +debuglevel=3 +reposdir=/dev/null +logfile=/var/log/yum.log +retries=20 +obsoletes=1 +gpgcheck=0 +assumeyes=1 +# grub/syslinux on x86_64 need glibc-devel.i386 which pulls in glibc.i386, need to exclude all +# .i?86 packages except these. +#exclude=[0-9A-Za-fh-z]*.i?86 g[0-9A-Za-km-z]*.i?86 gl[0-9A-Za-hj-z]*.i?86 gli[0-9A-Zac-z]*.i?86 glib[0-9A-Za-bd-z]*.i?86 +# The above is not needed anymore with yum multilib policy of "best" which is the default in Fedora. + +# repos + +[fedora] +name=fedora +mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-13&arch=x86_64 +failovermethod=priority + +[updates-released] +name=updates +mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f13&arch=x86_64 +failovermethod=priority + +[local] +name=local +baseurl=http://koji.fedoraproject.org/static-repos/dist-fc13-build-current/x86_64/ +cost=2000 +enabled=0 +""" + + + From jmeeuwen at puppetmanaged.org Sat Jun 5 18:41:35 2010 From: jmeeuwen at puppetmanaged.org (Jeroen van Meeuwen) Date: Sat, 5 Jun 2010 18:41:35 +0200 Subject: [Commits] Branch 'development' - manifests/init.pp Message-ID: <201006051641.o55GfZi7029822@master.puppetmanaged.org> manifests/init.pp | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) New commits: commit e86b8f388e7b00ee00e21c61cf4e4f551387ffb8 Author: Jeroen van Meeuwen (Ergo Project) Date: Sat Jun 5 18:38:50 2010 +0200 Make sure views with dynamic zones are not purged diff --git a/manifests/init.pp b/manifests/init.pp index ddead61..dd22734 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -107,7 +107,10 @@ class dns { # } } - define view($enable = true) { + define view( + $enable = true, + $dynamic = false + ) { file { "/var/named/$name/": owner => "named", group => "named", @@ -118,7 +121,10 @@ class dns { }, recurse => true, force => true, - purge => true + purge => $dynamic ? { + false => true, + default => false + } } } } \ No newline at end of file From jmeeuwen at puppetmanaged.org Thu Jun 10 11:24:24 2010 From: jmeeuwen at puppetmanaged.org (Jeroen van Meeuwen) Date: Thu, 10 Jun 2010 11:24:24 +0200 Subject: [Commits] Branch 'testing' - 8 commits - .gitignore Makefile manifests/init.pp puppet-module-ssh.spec Message-ID: <201006100924.o5A9OO6O024719@master.puppetmanaged.org> .gitignore | 2 ++ Makefile | 30 +++++++++++++++++++++++++++++- manifests/init.pp | 20 ++++++++++---------- puppet-module-ssh.spec | 41 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 82 insertions(+), 11 deletions(-) New commits: commit 4ba922493a88c31e60c1165ff5bba2b2dacc343b Author: Jeroen van Meeuwen (Fedora Unity) Date: Sat Oct 25 21:50:09 2008 +0200 Modifications diff --git a/manifests/init.pp b/manifests/init.pp index 9877006..f58c183 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -27,12 +27,12 @@ class ssh { mode => 600, replace => true, source => [ - "puppet://$server/private/$domain/ssh/$os/$osver/sshd_config.$hostname", - "puppet://$server/private/$domain/ssh/$os/$osver/sshd_config", - "puppet://$server/private/$domain/ssh/$os/sshd_config.$hostname", - "puppet://$server/private/$domain/ssh/$os/sshd_config", - "puppet://$server/private/$domain/ssh/sshd_config.$hostname", - "puppet://$server/private/$domain/ssh/sshd_config", + "puppet://$server/private/$environment/ssh/$os/$osver/sshd_config.$hostname", + "puppet://$server/private/$environment/ssh/$os/$osver/sshd_config", + "puppet://$server/private/$environment/ssh/$os/sshd_config.$hostname", + "puppet://$server/private/$environment/ssh/$os/sshd_config", + "puppet://$server/private/$environment/ssh/sshd_config.$hostname", + "puppet://$server/private/$environment/ssh/sshd_config", "puppet://$server/files/ssh/$os/$osver/sshd_config.$hostname", "puppet://$server/files/ssh/$os/$osver/sshd_config", "puppet://$server/files/ssh/$os/sshd_config.$hostname", @@ -55,7 +55,7 @@ class ssh { mode => 644, replace => true, source => [ - "puppet://$server/private/$domain/ssh/denyhosts.conf", + "puppet://$server/private/$environment/ssh/denyhosts.conf", "puppet://$server/files/ssh/denyhosts.conf", "puppet://$server/ssh/denyhosts.conf" ] commit aa44c4c5106fe87fd319ea110db2a27a9c73776c Author: Jeroen van Meeuwen (Fedora Unity) Date: Mon Oct 6 12:21:05 2008 +0200 Fix typo diff --git a/manifests/init.pp b/manifests/init.pp index 3cf36b8..9877006 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -83,7 +83,6 @@ class ssh { type => ssh-rsa, key => "$sshrsakey", ensure => present, - require => Package["openssh-clients"], tag => "ssh_key_$domain" } } commit 6a0df4d157f5b1af04845fd14ef6070642ff0117 Author: Jeroen van Meeuwen (Fedora Unity) Date: Mon Oct 6 12:16:10 2008 +0200 Fix typo diff --git a/manifests/init.pp b/manifests/init.pp index ebcaea7..3cf36b8 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -83,7 +83,7 @@ class ssh { type => ssh-rsa, key => "$sshrsakey", ensure => present, - require => Package["openssh-client"], + require => Package["openssh-clients"], tag => "ssh_key_$domain" } } commit da24763c3c98f5859cfb6f681a5d5cbb35b57070 Author: Jeroen van Meeuwen (Fedora Unity) Date: Sun Oct 5 02:01:12 2008 +0200 Modify rsakeys diff --git a/manifests/init.pp b/manifests/init.pp index 933b1e9..ebcaea7 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -73,7 +73,7 @@ class ssh { realize(Package["denyhosts"], Service["denyhosts"], File["/etc/denyhosts.conf"]) } - class rsakeys inherits server { + class rsakeys { case $sshrsakey { "": { err("No sshrsakey on $fqdn") @@ -84,10 +84,11 @@ class ssh { key => "$sshrsakey", ensure => present, require => Package["openssh-client"], + tag => "ssh_key_$domain" } } } - Sshkey <<||>> + Sshkey <<| tag == "ssh_key_$domain" |>> } } commit 13daab919361b7eda97d333cfdede06853fc1598 Author: Jeroen van Meeuwen (Fedora Unity) Date: Sun Sep 28 17:11:03 2008 +0200 revert changes diff --git a/manifests/init.pp b/manifests/init.pp index 213e03a..933b1e9 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -61,16 +61,6 @@ class ssh { ] } - if defined(File["/etc/hosts.allow"]) { - File["/etc/hosts.allow"] { - ensure => file - } - } else { - @file { "/etc/hosts.allow": - content => "# Managed by puppet\n\n" - } - } - class client inherits ssh { realize(Package["openssh-clients"]) } @@ -81,14 +71,6 @@ class ssh { class denyhosts inherits server { realize(Package["denyhosts"], Service["denyhosts"], File["/etc/denyhosts.conf"]) - - define whitelist($subnet) { - File["/etc/hosts.allow"] { - content +> "sshd: $subnet\n" - } - - realize(File["/etc/hosts.allow"]) - } } class rsakeys inherits server { commit a41984307f05b1e2de9aeda241763c51d87fbabe Author: Jeroen van Meeuwen (Fedora Unity) Date: Sun Sep 28 16:55:17 2008 +0200 Add denyhosts::whitelist defined type diff --git a/manifests/init.pp b/manifests/init.pp index 933b1e9..213e03a 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -61,6 +61,16 @@ class ssh { ] } + if defined(File["/etc/hosts.allow"]) { + File["/etc/hosts.allow"] { + ensure => file + } + } else { + @file { "/etc/hosts.allow": + content => "# Managed by puppet\n\n" + } + } + class client inherits ssh { realize(Package["openssh-clients"]) } @@ -71,6 +81,14 @@ class ssh { class denyhosts inherits server { realize(Package["denyhosts"], Service["denyhosts"], File["/etc/denyhosts.conf"]) + + define whitelist($subnet) { + File["/etc/hosts.allow"] { + content +> "sshd: $subnet\n" + } + + realize(File["/etc/hosts.allow"]) + } } class rsakeys inherits server { commit 34a289edadfec3ef49c5b3eef56eeacbbdc43407 Author: Jeroen van Meeuwen (Fedora Unity) Date: Thu Sep 25 12:12:32 2008 +0200 Add .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f25746c --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +syntax: glob +*.tar.gz commit ba4acb705e640404610e75301ae758787d1772dc Author: Jeroen van Meeuwen (Fedora Unity) Date: Thu Sep 25 00:35:27 2008 +0200 new makefile and add spec diff --git a/Makefile b/Makefile index 4be2e45..f56f734 100644 --- a/Makefile +++ b/Makefile @@ -1,3 +1,31 @@ -test: +PKGNAME := puppet-module-ssh +SPECFILE := $(PKGNAME).spec +VERSION := $(shell rpm -q --qf "%{VERSION}\n" --specfile $(SPECFILE)| head -1) +RELEASE := $(shell rpm -q --qf "%{RELEASE}\n" --specfile $(SPECFILE)| head -1) + +clean: + @rm -rf documentation/tmp + @rm -rf $(PKGNAME)-$(VERSION)/ + @rm -rf $(PKGNAME)-$(VERSION).tar.gz + +test: clean @puppet --noop --parseonly manifests/init.pp @echo All OK + +archive: test + @rm -rf $(PKGNAME)-$(VERSION).tar.gz + @rm -rf /tmp/$(PKGNAME)-$(VERSION) /tmp/$(PKGNAME) + @dir=$$PWD; cd /tmp; cp -a $$dir $(PKGNAME) + @mv /tmp/$(PKGNAME) /tmp/$(PKGNAME)-$(VERSION) + @dir=$$PWD; cd /tmp; tar --exclude .git --gzip -cvf $$dir/$(PKGNAME)-$(VERSION).tar.gz $(PKGNAME)-$(VERSION) + @rm -rf /tmp/$(PKGNAME)-$(VERSION) + @echo "The archive is in $(PKGNAME)-$(VERSION).tar.gz" + +rpm: archive + @rpmbuild -ta $(PKGNAME)-$(VERSION).tar.gz + +install: + mkdir -p $(DESTDIR)/var/lib/puppet/modules/ssh + cp -r files $(DESTDIR)/var/lib/puppet/modules/ssh/ + cp -r manifests $(DESTDIR)/var/lib/puppet/modules/ssh/ + cp -r templates $(DESTDIR)/var/lib/puppet/modules/ssh/ diff --git a/puppet-module-ssh.spec b/puppet-module-ssh.spec new file mode 100644 index 0000000..4133fbc --- /dev/null +++ b/puppet-module-ssh.spec @@ -0,0 +1,41 @@ +Name: puppet-module-ssh +Summary: Puppet module for ssh +Group: Applications/System +Version: 0.0.1 +Release: 1%{?dist} +License: GPLv2+ +URL: http://puppetmanaged.org/ +Source0: http://puppetmanaged.org/releases/puppet-module-ssh-%{version}.tar.gz +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +BuildArch: noarch + +BuildRequires: publican +Requires: puppet-server + +%description +Puppet module for managing ssh + +%prep +%setup -q + +%build +cd documentation +make html-single-en-US + +%install +rm -rf %{buildroot} +mkdir -p %{buildroot} +make install DESTDIR=%{buildroot} + +%clean +rm -rf %{buildroot} + +%files +%defattr(-,root,root,-) +%doc README +%dir /var/lib/puppet/modules/ssh +/var/lib/puppet/modules/ssh/* + +%changelog +* Thu Sep 25 2008 Jeroen van Meeuwen - 0.0.1-1 +- First packaged version From jmeeuwen at puppetmanaged.org Thu Jun 10 11:25:14 2010 From: jmeeuwen at puppetmanaged.org (Jeroen van Meeuwen) Date: Thu, 10 Jun 2010 11:25:14 +0200 Subject: [Commits] Branch 'development' - manifests/init.pp Message-ID: <201006100925.o5A9PEl4025314@master.puppetmanaged.org> manifests/init.pp | 1 + 1 file changed, 1 insertion(+) New commits: commit 792f5feb6aba649fda1ebadab7c5724ee05f50f2 Author: Jeroen van Meeuwen (Ergo Project) Date: Thu Jun 10 11:21:19 2010 +0200 Add host_aliases to ssh::rsakeys diff --git a/manifests/init.pp b/manifests/init.pp index f58c183..54575ae 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -81,6 +81,7 @@ class ssh { default: { @@sshkey { "$fqdn": type => ssh-rsa, + host_aliases => "$hostname", key => "$sshrsakey", ensure => present, tag => "ssh_key_$domain" From jmeeuwen at puppetmanaged.org Thu Jun 10 11:25:14 2010 From: jmeeuwen at puppetmanaged.org (Jeroen van Meeuwen) Date: Thu, 10 Jun 2010 11:25:14 +0200 Subject: [Commits] Branch 'testing' - manifests/init.pp Message-ID: <201006100925.o5A9PEBn025349@master.puppetmanaged.org> manifests/init.pp | 1 + 1 file changed, 1 insertion(+) New commits: commit 792f5feb6aba649fda1ebadab7c5724ee05f50f2 Author: Jeroen van Meeuwen (Ergo Project) Date: Thu Jun 10 11:21:19 2010 +0200 Add host_aliases to ssh::rsakeys diff --git a/manifests/init.pp b/manifests/init.pp index f58c183..54575ae 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -81,6 +81,7 @@ class ssh { default: { @@sshkey { "$fqdn": type => ssh-rsa, + host_aliases => "$hostname", key => "$sshrsakey", ensure => present, tag => "ssh_key_$domain" From jmeeuwen at puppetmanaged.org Mon Jun 14 22:39:17 2010 From: jmeeuwen at puppetmanaged.org (Jeroen van Meeuwen) Date: Mon, 14 Jun 2010 22:39:17 +0200 Subject: [Commits] Changes to 'refs/tags/0.5.0-1' Message-ID: <201006142039.o5EKdHjd030201@master.puppetmanaged.org> Tag '0.5.0-1' created by Jeroen van Meeuwen (Ergo Project) at 2010-06-14 21:39 +0200 Release 0.5.0-1 Changes since the dawn of time: Jeroen van Meeuwen (1): Merge branch 'development' of ssh://puppet.ogd.nl/git/puppet/puppet into development Jeroen van Meeuwen (Ergo Project) (1): Add Modulefile Jeroen van Meeuwen (Fedora Unity) (201): Updated puppet.conf Update module cloning Update private/ location Add a default master.puppetmanaged.org site.pp Add a modules.pp Update init.pp for puppet::server to include a manifest/classes/modules.pp Add node 'master.puppetmanaged.org' Add the exec.pp for Exec resource's PATH setting Add importing the utils/*.pp Add a proper puppetmaster.sysconfig Add a fileserver.conf for master.puppetmanaged.org Fix typo Remove master.puppetmanaged.org from pulling it's own domain Remove the obsolete fileserver.conf configuration Add virtual package requirement for httpd Add package requirement for rubygem-mongrel Add apply for package httpd Add some text to README Add webserver::virtualhost[$fqdn] for puppet::master Add a run_puppet script for use on clients Make git::pull mandatory Make sure the directories in /etc/puppet/manifests exist Make sure we also grab PUPPET_EXTRA_OPTS Remove duplicate File['/etc/puppet/manifests/utils'] definition Improve run_puppet script a little further Catch case where PUPPET_SERVER is set Failsafe for site.pp imports Update manifest and remove obsolete exec.pp and modules.pp Add puppet::domain resource Remove the git pulls for modules Fake every repository not to be public for a change Undo the faking Attempt to remove the source More changes to puppet module Make /etc/puppet/manifests/*/ come from one single source More changes to puppet module Fix mixup between $domain and $name Change pulling from /srv/git/puppet-$name for private domain specific repositories to pulling from /srv/git/domains/$name pull from master branch Argh, just git pull then Correct branch Make client, server, server::module and server::domain sub-classes instead of full classes with weird names Fix typo Correct the name for Git::Pull Make puppet::server::module use a default source Make pulling in module repository and domain specific tree changes notify the puppetmaster Some better description for puppet::server::module Someone told me the puppetmaster should pick up on these files automagically (e.g. without reload) include, not import webserver Remove the notifies to Service["puppetmaster"] Make pull require clone Modify realizations Keep including webserver Since including webserver doesn't require to realize the virtual httpd resource anymore` Define module config for mod_ssl Modify puppet::server::storeconfigs_mysql to just do that Add requirement for git::client Euh, doh, no ssl => false anymore, just certificate => false Add puppet::server::satelite to the manifest Provide reverse proxy balancer template for puppetmaster Make these executes only execute once Enhance storeconfigs_mysql Modify to enable the satelite concept Set puppet module to have different environments Provide shortcuts to Puppet::Server::Module for different branches in the SCM Reverse the !defined Fix defined for real Inherit puppet Try another variable name Rename to mastertype see if that works OK Try supplying the master type in the File resource... :/ Let's try this Move to storeconfigs' puppet.conf Add $puppet_server_storeconfigs_type as well And in the client class as well Changes Refactor the puppet module somewhat Fix missing comma Remove the server_type param from call Updates. Doesn't work with error: Attempt to redefine another way Realize Service["puppetmaster"] Fix require for service puppetmaster No spaces between environments No spaces between environments Make clone localtree branch dependent No different puppetmaster for satellite or client Correct typo Supply real_name as well Make different branches go into subdirectories of /var/lib/puppet/modules/ Make module subdirectories for each environment Fix another typo Try to improve the module cloning/pulling Fix typo Do the same for server::domain Correct requirements Trivial commit Another trivial commit Add back the storeconfigs_mysql sub-classes for server and satellite Remove obsolete parameter source Ensure the modules/* directories exist Fix typos Add a default fileserver.conf Only set these variables if no other value has been set Don't forget the puppet::client class (see last commit) Seems it's not called "nil", but "none" Try and set the source differently Set source directly in the resource using it Fix source Add Makefile with make test target Add another source for a domain's site.pp Fix syntax error Cosmetic change in localtree Let's see if these variables are propagated properly Don't forget to add storeconfigs = true Add sqlite configuration Add branch parameter Update puppet.conf Update puppet.conf.erb Add the start of documentation Updates to documentation Update reassigning variables Release needs to make html as well Add production, testing and development classes Make the environment setting do something useful $environment is already declared, use $use_environment Add documentation Update environment assignment Fix typo Remove environment specific classes Amend localtrees Fix mysql.sock location Add in server::module::testing Add in classes/ Does not include mysql::server, should include mysql::client Use correct variables Add these capabilities for server types as well Will the other default work maybe? Fix module_config fix more Fix mod_ssl fix error Let's see if this updated site.pp works Doesn't help Make the server include the mysql::server class if storeconfigs_mysql_hostname points to localhost (or equivalents) Take prefix Major changes to the puppet module Test this Revert "Test this" Revert "Major changes to the puppet module" Revert "Take prefix" Take Prefix new makefile and add spec Add .gitignore Updates to puppet.conf.erb (server related) Update puppet.conf template Add a cronjob to start puppet at noon and midnight Merge branch 'development' of ssh://kanarip at git.puppetmanaged.org/git/puppet-module-puppet into development Updates to puppet::server::domain Modifications Shorthands for different domain trees Fix typos Fix misreference Update puppet.conf Not set the default site.pp Update cronjob Update puppet.sysconfig Make /etc/sysconfig/puppet reflect the FQDN Add the environment specific manifests Fix duplicate definition Remove circular dependency Fix location Make sure Debian has the correct $osver set Add correct $osver variable for Ubuntu Fix location for domain specific site.pp Fix the source location of a git::clone in server::domain Prepend the prefix here too Including mysql::server only goes to nodes that include storeconfigs_mysql Make these if statements complete Fix call to webserver::module Update webserver::module call Update site.pp to also set $osmajorver Ensure /etc/puppet/manifests/ directory exists Require the correct directory for a git::clone in puppet::server::domain Update puppet.conf.erb to reflect our dual-domain setup Remove the $domain.pp source for /var/lib/puppet/manifests/$branch/site.pp; Merge branch 'development' of git://git.puppetmanaged.org/puppet/puppet into development Manifests for environment production have already been defined Merge branch 'development' of git://git.puppetmanaged.org/puppet/puppet into development Another location where production manifests where duplicated Merge branch 'development' of ssh://puppet.ogd.nl/git/puppet/puppet into development Update puppet.conf.erb to have some more flexibility and added functionality Update Makefile and spec to reflect updates to packaging Add ruby-RRDtool as a required package for a server since our managed config has rrdtool-graphing enabled by default Merge branch 'development' into development-ogd Merge branch 'development' of ssh://puppet.ogd.nl/git/puppet/puppet into development-ogd Take into account a different host if configured Make /var/lib/puppet/private/ not show $environment_$domain anymore Merge branch 'development' of ssh://puppet.ogd.nl/git/puppet/puppet into development Add [plugins] mount Disable mount facts (and get it from modules) Jeroen van Meeuwen (OGD) (1): Update documentation OGD User (1): Hele grote verbeteringen, haha root (2): Initial commit Initial checkin From jmeeuwen at puppetmanaged.org Mon Jun 14 22:39:29 2010 From: jmeeuwen at puppetmanaged.org (Jeroen van Meeuwen) Date: Mon, 14 Jun 2010 22:39:29 +0200 Subject: [Commits] Changes to 'refs/tags/0.5.0-1' Message-ID: <201006142039.o5EKdT2e030256@master.puppetmanaged.org> Tag '0.5.0-1' created by Jeroen van Meeuwen (Ergo Project) at 2010-06-14 21:39 +0200 Release 0.5.0-1 Changes since the dawn of time: Jeroen van Meeuwen (Ergo Project) (3): Goodbye documentation Add Modulefile Apparently this is case sensitive Jeroen van Meeuwen (Fedora Unity) (83): Update git::pull Add another case sensitive False Add a git::repository::domain resource for domain specific private repositories Correct syntax error Fix git module Add documentation to the defined classes and resources Ensure ownership of directory trees is OK Further improve the git::repository init script Make init script exit afterwards Add --public for git_init_script Make use of the new --public Make git::pull require git::reset Add branch setting (default == false) Change git-core to git Make subclasses instead of full classes with sub names Make git::pull depend on git::clone Remove requirement for non-existent resource Make GIT send notifications on changes if we want to Apply file /usr/local/bin/send-unicode-email.py Fix typo Remove @file { "/usr/local/bin/send-unicode-email.py": } Move from template to files Use the correct path Make git_init_script only run if there is not ./.git directory already Make post commit hook go in the right place Attempt #X to see the commmits submitted to mailing lists or whatever Make the commit-list template take all recipients Add the right requirements for hooks Make Clean and Reset require Clone as well Attempt to depend on that one Git::Pull Another attempt Revert "Another attempt" No more clone in pull Remove the clone requirement Add the capability to provide the repository description in the manifest Add description field to Git::Repository as well Fix typo Try and ensure the $localtree exists before git::clone execs localtree already exists Provide real_name parameter Fix typo Make the name of the reset resource less dependent on real_name being set Cannot reassign variable real_name at /var/lib/puppet/modules/development/git/manifests/init.pp:249 Try to base more off localtree/name combi Make use of in clean and reset as well oops Make git pull a lot simpler Don't forget to realize stuff Remove from Git::Pull commit-list should go into the correct location - Move the repository::domain resource just below the Make the commit-list template have whitelines Rename files Adjust source for git_init_script to match new location and make it overridable Add Makefile with make test target Edit commit-list template Modify commit-list.erb a little more Enable the branch checkout that we want to do Add documentation Adjust Makefile Enforce the requirement of a trailing slash Modifications to the git module Further changes Description is a string, set it in quotes Update Makefile and spec Add .gitignore Fix missing .git/ Modifications Correct the update symlink, it's pointing nowhere now Make git::clone require the correct directories Fix typo Add COPYING file Make sure the owner and group are present for a repository Add a $real_name parameter for git::repository Update documentation Update .gitignore to ignore documentation/tmp Updates to documentation Bump release Update Makefile so that upon release, the source tarball is copied onto the webserver Update potential duplicate resources being defined Another area with duplicate definitions Make git clone a little more robust Include diffstat in the package list (for servers) Jeroen van Meeuwen (OGD) (8): Fix prefix thing Merge branch 'development' of ssh://puppet.ogd.nl/git/puppet/git into development Make sure git::repository does not include git::server Update git::repository to also ship git_init_script Add a setting $symbolic_prefix to indicate whether an attempt to create any prefix needs to be performed Make sure we manage links on git_repository_hook_update_$name Add the installation of package xinetd Fix git init when prefix not null (slords) Sandro Janke (5): Produce the recipient list in a format that send-unicode-email.py can handle Fix composition of 'To: ' since format of commit-list has changed Merge branch 'development' of ssh://puppet.ogd.nl/git/git into development Fix \n in template Fix off by one \n (+1 this time) Stefan Hartsuiker (1): escape the backreferences root (2): Initial commit Initial checkin From jmeeuwen at puppetmanaged.org Sat Jun 19 22:32:34 2010 From: jmeeuwen at puppetmanaged.org (Jeroen van Meeuwen) Date: Sat, 19 Jun 2010 22:32:34 +0200 Subject: [Commits] Branch 'development' - files/mash Message-ID: <201006192032.o5JKWYPw031891@master.puppetmanaged.org> files/mash/custom-el5-kolabsys.com.mash | 15 +++++++++++++++ 1 file changed, 15 insertions(+) New commits: commit 2cdd4d30c7339f43e8567c2c43d1208a2b11281a Author: Jeroen van Meeuwen (Ergo Project) Date: Sat Jun 19 22:32:21 2010 +0200 Add mashing for kolabsys.com diff --git a/files/mash/custom-el5-kolabsys.com.mash b/files/mash/custom-el5-kolabsys.com.mash new file mode 100644 index 0000000..0a2ce3e --- /dev/null +++ b/files/mash/custom-el5-kolabsys.com.mash @@ -0,0 +1,15 @@ +# mash config file +[custom-el5-kolabsys.com] +rpm_path = %(arch)s/ +repodata_path = %(arch)s/ +source_path = SRPMS +debuginfo = True +multilib = True +multilib_method = devel +tag = custom-el5-kolabsys.com +repoviewurl = http://mirror.nl.kolabsys.com/custom/custom-el5-kolabsys.com/%(arch)s/ +repoviewtitle = "Enterprise Linux 5 Custom Packages for kolabsys.com - %(arch)s" +use_repoview = True +inherit = True +latest = False +arches = i386 x86_64 From jmeeuwen at puppetmanaged.org Sun Jun 20 18:54:21 2010 From: jmeeuwen at puppetmanaged.org (Jeroen van Meeuwen) Date: Sun, 20 Jun 2010 18:54:21 +0200 Subject: [Commits] Branch 'testing' - 3 commits - .gitignore Makefile puppet-module-mysql.spec Message-ID: <201006201654.o5KGsL8A005809@master.puppetmanaged.org> .gitignore | 2 ++ Makefile | 30 +++++++++++++++++++++++++++++- puppet-module-mysql.spec | 41 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 72 insertions(+), 1 deletion(-) New commits: commit e11e9fc2db2433f7642a94b9988cf4908c3f81fc Author: Jeroen van Meeuwen (Fedora Unity) Date: Thu Sep 25 12:12:07 2008 +0200 Add .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f25746c --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +syntax: glob +*.tar.gz commit 361280f65cc855dc9271f53c9ed0cc78d8db7d36 Author: Jeroen van Meeuwen (Fedora Unity) Date: Thu Sep 25 12:09:07 2008 +0200 Update Makefile and spec diff --git a/Makefile b/Makefile index 6429bdd..aa7947f 100644 --- a/Makefile +++ b/Makefile @@ -26,6 +26,6 @@ rpm: archive install: mkdir -p $(DESTDIR)/var/lib/puppet/modules/mysql - cp -r files $(DESTDIR)/var/lib/puppet/modules/mysql/ +# cp -r files $(DESTDIR)/var/lib/puppet/modules/mysql/ cp -r manifests $(DESTDIR)/var/lib/puppet/modules/mysql/ - cp -r templates $(DESTDIR)/var/lib/puppet/modules/mysql/ +# cp -r templates $(DESTDIR)/var/lib/puppet/modules/mysql/ commit 20c181725ae946e9e93ac3cdf8a10e4c1978b038 Author: Jeroen van Meeuwen (Fedora Unity) Date: Thu Sep 25 00:34:49 2008 +0200 new makefile and add spec diff --git a/Makefile b/Makefile index 4be2e45..6429bdd 100644 --- a/Makefile +++ b/Makefile @@ -1,3 +1,31 @@ -test: +PKGNAME := puppet-module-mysql +SPECFILE := $(PKGNAME).spec +VERSION := $(shell rpm -q --qf "%{VERSION}\n" --specfile $(SPECFILE)| head -1) +RELEASE := $(shell rpm -q --qf "%{RELEASE}\n" --specfile $(SPECFILE)| head -1) + +clean: + @rm -rf documentation/tmp + @rm -rf $(PKGNAME)-$(VERSION)/ + @rm -rf $(PKGNAME)-$(VERSION).tar.gz + +test: clean @puppet --noop --parseonly manifests/init.pp @echo All OK + +archive: test + @rm -rf $(PKGNAME)-$(VERSION).tar.gz + @rm -rf /tmp/$(PKGNAME)-$(VERSION) /tmp/$(PKGNAME) + @dir=$$PWD; cd /tmp; cp -a $$dir $(PKGNAME) + @mv /tmp/$(PKGNAME) /tmp/$(PKGNAME)-$(VERSION) + @dir=$$PWD; cd /tmp; tar --exclude .git --gzip -cvf $$dir/$(PKGNAME)-$(VERSION).tar.gz $(PKGNAME)-$(VERSION) + @rm -rf /tmp/$(PKGNAME)-$(VERSION) + @echo "The archive is in $(PKGNAME)-$(VERSION).tar.gz" + +rpm: archive + @rpmbuild -ta $(PKGNAME)-$(VERSION).tar.gz + +install: + mkdir -p $(DESTDIR)/var/lib/puppet/modules/mysql + cp -r files $(DESTDIR)/var/lib/puppet/modules/mysql/ + cp -r manifests $(DESTDIR)/var/lib/puppet/modules/mysql/ + cp -r templates $(DESTDIR)/var/lib/puppet/modules/mysql/ diff --git a/puppet-module-mysql.spec b/puppet-module-mysql.spec new file mode 100644 index 0000000..6580bd4 --- /dev/null +++ b/puppet-module-mysql.spec @@ -0,0 +1,41 @@ +Name: puppet-module-mysql +Summary: Puppet module for mysql +Group: Applications/System +Version: 0.0.1 +Release: 1%{?dist} +License: GPLv2+ +URL: http://puppetmanaged.org/ +Source0: http://puppetmanaged.org/releases/puppet-module-mysql-%{version}.tar.gz +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +BuildArch: noarch + +BuildRequires: publican +Requires: puppet-server + +%description +Puppet module for managing mysql + +%prep +%setup -q + +%build +cd documentation +make html-single-en-US + +%install +rm -rf %{buildroot} +mkdir -p %{buildroot} +make install DESTDIR=%{buildroot} + +%clean +rm -rf %{buildroot} + +%files +%defattr(-,root,root,-) +%doc README +%dir /var/lib/puppet/modules/mysql +/var/lib/puppet/modules/mysql/* + +%changelog +* Thu Sep 25 2008 Jeroen van Meeuwen - 0.0.1-1 +- First packaged version From jmeeuwen at puppetmanaged.org Sun Jun 27 19:06:52 2010 From: jmeeuwen at puppetmanaged.org (Jeroen van Meeuwen) Date: Sun, 27 Jun 2010 19:06:52 +0200 Subject: [Commits] Branch 'development' - puppet/manifests webserver/sites Message-ID: <201006271706.o5RH6quq013306@master.puppetmanaged.org> puppet/manifests/nodes/master.puppetmanaged.org.pp | 13 +++++++++++++ webserver/sites/spinner.fedoraunity.org.conf | 14 ++++++++++++++ 2 files changed, 27 insertions(+) New commits: commit 241b99c748638fb86b0e567baa3ac6ed3807da11 Author: Jeroen van Meeuwen (Ergo Project) Date: Sun Jun 27 19:03:30 2010 +0200 Add spinner.fedoraunity.org virtualhost diff --git a/puppet/manifests/nodes/master.puppetmanaged.org.pp b/puppet/manifests/nodes/master.puppetmanaged.org.pp index aa75afa..59f0323 100644 --- a/puppet/manifests/nodes/master.puppetmanaged.org.pp +++ b/puppet/manifests/nodes/master.puppetmanaged.org.pp @@ -53,6 +53,18 @@ node 'master.puppetmanaged.org' { ## GIT Configuration ## + git::clone { "kolabsys.com-sensitive": + localtree => "/var/lib/puppet/sensitive/", + source => "/git/puppet/domain-kolabsys.com-sensitive/", + real_name => "kolabsys.com" + } + + git::clone { "puppetmanaged.org-sensitive": + localtree => "/var/lib/puppet/sensitive/", + source => "/git/puppet/domain-puppetmanaged.org-sensitive/", + real_name => "puppetmanaged.org" + } + # Git repositories for puppetmanaged.org modules git::repository { [ "authconfig", @@ -681,6 +693,7 @@ node 'master.puppetmanaged.org' { "git.orangesombrero.org", "git.puppetmanaged.org", "mirror.nl.kanarip.com", + "spinner.fedoraunity.org", "webmail.ergo-project.org", "www.orangesombrero.org" ]: diff --git a/webserver/sites/spinner.fedoraunity.org.conf b/webserver/sites/spinner.fedoraunity.org.conf new file mode 100644 index 0000000..9f2e256 --- /dev/null +++ b/webserver/sites/spinner.fedoraunity.org.conf @@ -0,0 +1,14 @@ +# Managed with Puppet + + + ServerAdmin kanarip at fedoraunity.org + ServerName spinner.fedoraunity.org + DocumentRoot /var/www/fedoraunity.org/jigdo/public_html/ + + + Options +Indexes + Order Allow,Deny + Allow from All + + + From jmeeuwen at puppetmanaged.org Sun Jun 27 19:33:02 2010 From: jmeeuwen at puppetmanaged.org (Jeroen van Meeuwen) Date: Sun, 27 Jun 2010 19:33:02 +0200 Subject: [Commits] Branch 'development' - webserver/sites Message-ID: <201006271733.o5RHX2AM032248@master.puppetmanaged.org> webserver/sites/spinner.fedoraunity.org.conf | 8 ++++++++ 1 file changed, 8 insertions(+) New commits: commit 1fabeb882b14a2fa93ae077bf2021406d94e5e20 Author: Jeroen van Meeuwen (Ergo Project) Date: Sun Jun 27 19:29:13 2010 +0200 Add alias for torrents diff --git a/webserver/sites/spinner.fedoraunity.org.conf b/webserver/sites/spinner.fedoraunity.org.conf index 9f2e256..0cb503e 100644 --- a/webserver/sites/spinner.fedoraunity.org.conf +++ b/webserver/sites/spinner.fedoraunity.org.conf @@ -5,6 +5,14 @@ ServerName spinner.fedoraunity.org DocumentRoot /var/www/fedoraunity.org/jigdo/public_html/ + Alias /torrents /var/lib/bittorrent/data/ + + + Options +Indexes + Order Allow,Deny + Allow from All + + Options +Indexes Order Allow,Deny