diff --git a/files/config.ru b/files/config.ru new file mode 100644 index 000000000..f45126f8e --- /dev/null +++ b/files/config.ru @@ -0,0 +1,16 @@ +# a config.ru, for use with every rack-compatible webserver. +# SSL needs to be handled outside this, though. + +# if puppet is not in your RUBYLIB: +# $:.unshift('/opt/puppet/lib') + +$0 = "master" + +# if you want debugging: +# ARGV << "--debug" + +ARGV << "--rack" +require 'puppet/application/master' +# we're usually running inside a Rack::Builder.new {} block, +# therefore we need to call run *here*. +run Puppet::Application[:master].run \ No newline at end of file diff --git a/lib/facter/certname.rb b/lib/facter/certname.rb deleted file mode 100644 index d92c6f8d9..000000000 --- a/lib/facter/certname.rb +++ /dev/null @@ -1,7 +0,0 @@ -Facter.add("certname") do - path = '/usr/bin/puppet' - setcode do - %x{#{path} --configprint certname}.chomp if File.exists?(path) - end -end - diff --git a/manifests/agent.pp b/manifests/agent.pp index 55f9ebd44..095677c65 100644 --- a/manifests/agent.pp +++ b/manifests/agent.pp @@ -16,6 +16,7 @@ $puppet_agent_name, $puppet_conf, $puppet_server, + $package_provider = undef, $version ) inherits puppet::params { @@ -28,18 +29,54 @@ } } - package { 'puppet': - name => $puppet_agent_name, - ensure => $version, + if ! defined(Package[$puppet_agent_name]) { + package { $puppet_agent_name: + ensure => $version, + provider => $package_provider, + } + } + + if $package_provider == 'gem' { + $service_notify = Exec['puppet_agent_start'] + + exec { 'puppet_agent_start': + command => '/usr/bin/nohup puppet agent &', + refresh => '/usr/bin/pkill puppet && /usr/bin/nohup puppet agent &', + unless => "/bin/ps -ef | grep -v grep | /bin/grep 'puppet agent'", + require => File['/etc/puppet/puppet.conf'], + subscribe => Package[$puppet_agent_name], + } + } else { + $service_notify = Service[$puppet_agent_service] + + service { $puppet_agent_service: + ensure => running, + enable => true, + hasstatus => true, + require => File['/etc/puppet/puppet.conf'], + subscribe => Package[$puppet_agent_name], + #before => Service['httpd']; + } } - service { "puppet_agent": - name => "$puppet_agent_service", - ensure => running, - enable => true, - hasstatus => true, - hasrestart => true, - subscribe => Concat[$puppet_conf], + if defined(File['/etc/puppet']) { + File ['/etc/puppet'] { + require +> Package[$puppet_agent_name], + notify +> $service_notify + } + } + + if ! defined(Concat[$puppet_conf]) { + concat { $puppet_conf: + mode => '0644', + require => Package['puppet'], + notify => $puppet::agent::service_notify, + } + } else { + Concat<| title == $puppet_conf |> { + require => Package['puppet'], + notify +> $puppet::agent::service_notify, + } } concat::fragment { 'puppet.conf-common': @@ -47,11 +84,4 @@ target => $puppet_conf, content => template("puppet/puppet.conf-common.erb"), } - - concat { $puppet_conf: - mode => '0644', - require => Package['puppet'], - notify => Service['puppet_agent'], - } - -} \ No newline at end of file +} diff --git a/manifests/init.pp b/manifests/init.pp index 4e9de833d..a66364b63 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -4,6 +4,65 @@ # # Parameters: # +# [*version*] - The value of the ensure parameter for the +# puppet master and agent packages +# [*master*] - Boolean determining whether the the puppet +# master service should be setup +# [*agent*] - Boolean determining whether the puppet agent +# should be setup +# [*confdir*] - The confdir configuration value in puppet.conf +# [*manifest*] - The manifest configuration value in puppet.conf +# [*certname*] - The certname configuration value in puppet.conf +# [*autosign*] - The autosign configuration value in puppet.conf +# [*puppet_server*] - The server configuration value in puppet.conf +# [*modulepath*] - The modulepath configuration value used in +# puppet.conf +# [*puppet_conf*] - The path to the puppet.conf file +# [*puppet_logdir*] - The path to the puppet log +# [*puppet_vardir*] - The path to the puppet vardir +# [*puppet_defaults*] - The path to your distro's puppet defaults file +# [*puppet_master_service*] - The name of the puppet master service +# [*puppet_agent_service*] - The name of the puppet agent service +# [*puppet_passenger*] - Boolean value to determine whether puppet is +# to be run with Passenger +# [*puppet_site*] - The VirtualHost value used in the apache vhost +# configuration file when Passenger is enabled +# [*puppet_passenger_port*] - The port on which puppet is listening when +# Passenger is enabled +# [*puppet_docroot*] - The DocumentRoot value used in the apache vhost +# configuration file when Passenger is enabled +# [*storeconfigs*] - Boolean determining whether storeconfigs is +# to be enabled. +# [*storeconfigs_dbadapter*] - The database adapter to use with storeconfigs +# [*storeconfigs_dbuser*] - The database username used with storeconfigs +# [*storeconfigs_dbpassword*] - The database password used with storeconfigs +# [*storeconfigs_dbserver*] - Fqdn of the storeconfigs database server +# [*storeconfigs_dbsocket*] - The path to the mysql socket file +# [*install_mysql_pkgs*] - Boolean determining whether mysql and related +# devel packages should be installed. +# [*puppet_master_package*] - The name of the puppet master package +# [*package_provider*] - The provider used for package installation +# [*user_id*] - The UID of the puppet user +# [*group_id*] - The GID of the puppet group +# [*dashboard*] - Boolean determining whether the puppet +# dashboard is to be enabled +# [*dashboard_ensure*] - The value of the ensure parameter for the +# puppet dashboard package +# [*dashboard_user*] - Name of the puppet-dashboard database and +# system user +# [*dashboard_group*] - Name of the puppet-dashboard group +# [*dashbaord_password*] - Password for the puppet-dashboard database use +# [*dashboard_db*] - The puppet-dashboard database name +# [*dashboard_charset*] - Character set for the puppet-dashboard database +# [*dashboard_site*] - The ServerName setting for Apache +# [*dashboard_port*] - The port on which puppet-dashboard should run +# [*dashboard_passenger*] - Boolean to determine whether Dashboard is to be +# used with Passenger +# [*dashboard_mysql_provider*] - The package provider to use when installing +# the ruby-mysql package +# [*dashboard_mysql_pkg*] - The package name used for installing the +# ruby-mysql package +# # Actions: # # Requires: @@ -22,7 +81,9 @@ $version = 'present', $master = false, $agent = true, - $dashboard = false, + $confdir = $puppet::params::confdir, + $manifest = $puppet::params::manifest, + $modulepath = $puppet::params::modulepath, $puppet_conf = $puppet::params::puppet_conf, $puppet_logdir = $puppet::params::puppet_logdir, $puppet_vardir = $puppet::params::puppet_vardir, @@ -30,106 +91,112 @@ $puppet_defaults = $puppet::params::puppet_defaults, $puppet_master_service = $puppet::params::puppet_master_service, $puppet_agent_service = $puppet::params::puppet_agent_service, - $puppet_agent_name = $puppet::params::puppet_agent_name, $puppet_server = $puppet::params::puppet_server, - $storeconfigs = $puppet::params::storeconfigs, + $puppet_passenger = false, + $puppet_site = $puppet::params::puppet_site, + $puppet_passenger_port = $puppet::params::puppet_passenger_port, + $puppet_docroot = $puppet::params::puppet_docroot, + $storeconfigs = false, $storeconfigs_dbadapter = $puppet::params::storeconfigs_dbadapter, $storeconfigs_dbuser = $puppet::params::storeconfigs_dbuser, $storeconfigs_dbpassword = $puppet::params::storeconfigs_dbpassword, $storeconfigs_dbserver = $puppet::params::storeconfigs_dbserver, $storeconfigs_dbsocket = $puppet::params::storeconfigs_dbsocket, $certname = $puppet::params::certname, + $install_mysql_pkgs = false, + $autosign = false, $puppet_master_package = $puppet::params::puppet_master_package, - $modulepath = $puppet::params::modulepath, - $dashboard_version = undef, - $dashboard_site = undef, + $package_provider = undef, + $user_id = undef, + $group_id = undef, + $dashboard = false, + $dashboard_ensure = undef, $dashboard_user = undef, - $dashboard_password = undef + $dashboard_group = undef, + $dashboard_password = undef, + $dashboard_db = undef, + $dashboard_charset = undef, + $dashboard_site = undef, + $dashboard_port = undef, + $dashboard_passenger = undef, + $dashboard_mysql_provider = undef, + $dashboard_mysql_pkg = undef ) inherits puppet::params { - $v_bool = [ '^true$', '^false$' ] - $v_alphanum = '^[._0-9a-zA-Z:-]+$' - $v_path = '^/' - validate_re($version, $v_alphanum) - validate_re("$master", $v_bool) - validate_re("$agent", $v_bool) - validate_re("$dashboard", $v_bool) - validate_re("$storeconfigs", $v_bool) - validate_re($puppet_conf, $v_path) - validate_re($puppet_logdir, $v_path) - validate_re($puppet_vardir, $v_path) - validate_re($puppet_ssldir, $v_path) - validate_re($puppet_defaults, $v_path) - validate_re($puppet_master_service, $v_alphanum) - validate_re($puppet_agent_service, $v_alphanum) - validate_re($puppet_agent_name, $v_alphanum) - validate_re($puppet_server, $v_alphanum) - validate_re($storeconfigs_dbadapter,$v_alphanum) - validate_re($storeconfigs_dbuser, $v_alphanum) - validate_re($storeconfigs_dbpassword, $v_alphanum) - validate_re($storeconfigs_dbsocket, $v_path) - validate_re($storeconfigs_dbserver, $v_alphanum) - validate_re($certname, $v_alphanum) - validate_re($modulepath, $v_path) - - $version_real = $version - $master_real = $master - $agent_real = $agent - $dashboard_real = $dashboard - $puppet_conf_real = $puppet_conf - $puppet_logdir_real = $puppetlogdir - $puppet_vardir_real = $puppet_vardir - $puppet_ssldir_real = $puppet_ssldir - $puppet_defaults_real = $puppet_defaults - $puppet_master_service_real = $puppet_master_service - $puppet_agent_service_real = $puppet_agent_service - $puppet_agent_name_real = $puppet_agent_name - $puppet_server_real = $puppet_server - $storeconfigs_dbadapter_real = $storeconfigs_dbadapter - $storeconfigs_dbuser_real = $storeconfigs_dbuser - $storeconfigs_dbpassword_real = $storeconfigs_dbpassword - $storeconfigs_dbsocket_real = $storeconfigs_dbsocket - $storeconfigs_dbserver_real = $storeconfigs_dbserver - $storeconfigs_real = $storeconfigs - $certname_real = $certname - $puppet_master_package_real = $puppet_master_package - $modulepath_real = $modulepath - - if $dashboard_real { - + if $dashboard { class {'dashboard': - dashboard_version => $dashboard_version, - dashboard_site => $dashboard_site, - dashboard_user => $dashboard_user, - dashboard_password => $dashboard_password, + dashboard_ensure => $dashboard_version, + dashboard_group => $dashboard_group, + dashboard_db => $dashboard_db, + dashboard_charset => $dashboard_charset, + dashboard_site => $dashboard_site, + dashboard_port => $dashboard_port, + passenger => $dashboard_passenger, + mysql_package_provider => $dashboard_mysql_provider, + ruby_mysql_package => $dashboard_mysql_pkg, + dashboard_user => $dashboard_user, + dashboard_password => $dashboard_password, } } - if $master_real { + if $master { class {'puppet::master': - version => $version_real, - modulepath => $modulepath_real, - storeconfigs => $storeconfigs_real, - storeconfigs_dbadapter => $storeconfigs_dbadapter_real, - storeconfigs_dbuser => $storeconfigs_dbuser_real, - storeconfigs_dbpassword => $storeconfigs_dbpassword_real, - storeconfigs_dbserver => $storeconfigs_dbserver_real, - storeconfigs_dbsocket => $storeconfigs_dbsocket_real, - certname => $certname_real, - puppet_master_service => $puppet_master_service_real, - puppet_master_package => $puppet_master_package_real, + version => $version, + confdir => $confdir, + puppet_passenger => $puppet_passenger, + puppet_site => $puppet_site, + puppet_passenger_port => $puppet_passenger_port, + puppet_docroot => $puppet_docroot, + puppet_vardir => $puppet_vardir, + modulepath => $modulepath, + storeconfigs => $storeconfigs, + storeconfigs_dbadapter => $storeconfigs_dbadapter, + storeconfigs_dbuser => $storeconfigs_dbuser, + storeconfigs_dbpassword => $storeconfigs_dbpassword, + storeconfigs_dbserver => $storeconfigs_dbserver, + storeconfigs_dbsocket => $storeconfigs_dbsocket, + install_mysql_pkgs => $install_mysql_pkgs, + certname => $certname, + autosign => $autosign, + manifest => $manifest, + puppet_master_service => $puppet_master_service, + puppet_master_package => $puppet_master_package, + package_provider => $package_provider, + dashboard_port => $dashboard_port, } } - if $agent_real { + if $agent { class {'puppet::agent': - version => $version_real, - puppet_defaults => $puppet_defaults_real, - puppet_agent_service => $puppet_agent_service_real, - puppet_agent_name => $puppet_agent_name_real, - puppet_server => $puppet_server_real, - puppet_conf => $puppet_conf_real, + version => $version, + puppet_defaults => $puppet_defaults, + puppet_agent_service => $puppet_agent_service, + puppet_server => $puppet_server, + puppet_conf => $puppet_conf, + puppet_agent_name => $puppet_agent_name, + package_provider => $package_provider, + } + } + + user { 'puppet': + ensure => present, + uid => $user_id, + gid => 'puppet', + } + + group { 'puppet': + ensure => present, + gid => $group_id, + } + + if ! defined(File['/etc/puppet']) { + file { '/etc/puppet': + ensure => directory, + group => 'puppet', + owner => 'puppet', + recurse => true, + recurselimit => '1', } } diff --git a/manifests/master.pp b/manifests/master.pp index eed9a2d43..0a9e3dafa 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -3,19 +3,45 @@ # This class installs and configures a Puppet master # # Parameters: -# * modulepath -# * storeconfigs -# * dbadapter -# * dbuser -# * dbpassword -# * dbserver -# * dbsocket -# * certname +# [*modulepath*] - The modulepath configuration value used in +# puppet.conf +# [*confdir*] - The confdir configuration value in puppet.conf +# [*manifest*] - The manifest configuration value in puppet.conf +# [*storeconfigs*] - Boolean determining whether storeconfigs is +# to be enabled. +# [*storeconfigs_dbadapter*] - The database adapter to use with storeconfigs +# [*storeconfigs_dbuser*] - The database username used with storeconfigs +# [*storeconfigs_dbpassword*] - The database password used with storeconfigs +# [*storeconfigs_dbserver*] - Fqdn of the storeconfigs database server +# [*storeconfigs_dbsocket*] - The path to the mysql socket file +# [*install_mysql_pkgs*] - Boolean determining whether mysql and related +# devel packages should be installed. +# [*certname*] - The certname configuration value in puppet.conf +# [*autosign*] - The autosign configuration value in puppet.conf +# [*dashboard_port*] - The port on which puppet-dashboard should run +# [*puppet_passenger*] - Boolean value to determine whether puppet is +# to be run with Passenger +# [*puppet_site*] - The VirtualHost value used in the apache vhost +# configuration file when Passenger is enabled +# [*puppet_docroot*] - The DocumentRoot value used in the apache vhost +# configuration file when Passenger is enabled +# [*puppet_vardir*] - The path to the puppet vardir +# [*puppet_passenger_port*] - The port on which puppet is listening when +# Passenger is enabled +# [*puppet_master_package*] - The name of the puppet master package +# [*package_provider*] - The provider used for package installation +# [*version*] - The value of the ensure parameter for the +# puppet master and agent packages # # Actions: # # Requires: # +# Class['concat'] +# Class['stdlib'] +# Class['concat::setup'] +# Class['mysql'] (conditionally) +# # Sample Usage: # # $modulepath = [ @@ -33,54 +59,154 @@ # class puppet::master ( $modulepath, + $confdir, + $manifest, $storeconfigs, $storeconfigs_dbadapter, $storeconfigs_dbuser, $storeconfigs_dbpassword, $storeconfigs_dbserver, $storeconfigs_dbsocket, + $install_mysql_pkgs, $certname, + $autosign, + $dashboard_port = UNSET, + $puppet_passenger, + $puppet_site, + $puppet_docroot, + $puppet_vardir, + $puppet_passenger_port, $puppet_master_package, + $package_provider = undef, $puppet_master_service, $version -) { +) inherits puppet::params { + + include concat::setup + + File { + require => Package[$puppet_master_package], + owner => 'puppet', + group => 'puppet', + } if $storeconfigs { - class { 'puppet::storeconfigs': - storeconfigs_dbadapter => $storeconfigs_dbadapter, - storeconfigs_dbuser => $storeconfigs_dbuser, - storeconfigs_dbpassword => $storeconfigs_dbpassword, - storeconfigs_dbserver => $storeconfigs_dbserver, - storeconfigs_dbsocket => $storeconfigs_dbsocket, + dbadapter => $storeconfigs_dbadapter, + dbuser => $storeconfigs_dbuser, + dbpassword => $storeconfigs_dbpassword, + dbserver => $storeconfigs_dbserver, + dbsocket => $storeconfigs_dbsocket, + } + } + + if ! defined(Package[$puppet_master_package]) { + package { $puppet_master_package: + ensure => $version, + provider => $package_provider, + } + } + + if $puppet_passenger { + $service_notify = Service['httpd'] + $service_require = [Package[$puppet_master_package], Class['passenger']] + + Concat::Fragment['puppet.conf-master'] -> Service['httpd'] + + exec { "Certificate_Check": + command => "puppet cert --generate ${certname} --trace", + unless => "/bin/ls ${puppet_ssldir}/certs/${certname}.pem", + path => "/usr/bin:/usr/local/bin", + before => Class['::passenger'], + require => Package[$puppet_master_package], + logoutput => on_failure, + } + + if ! defined(Class['passenger']) { + class { '::passenger': } + } + + apache::vhost { "puppet-$puppet_site": + port => $puppet_passenger_port, + priority => '40', + docroot => $puppet_docroot, + template => 'puppet/apache2.conf.erb', + require => [ File['/etc/puppet/rack/config.ru'], File['/etc/puppet/puppet.conf'] ], + ssl => true, + } + + file { ["/etc/puppet/rack", "/etc/puppet/rack/public"]: + ensure => directory, + mode => '0755', + } + + file { "/etc/puppet/rack/config.ru": + ensure => present, + source => "puppet:///modules/puppet/config.ru", + mode => '0644', + } + + concat::fragment { 'puppet.conf-master': + order => '05', + target => "/etc/puppet/puppet.conf", + content => template("puppet/puppet.conf-master.erb"), + } + } else { + + $service_require = Package[$puppet_master_package] + $service_notify = Exec['puppet_master_start'] + + Concat::Fragment['puppet.conf-master'] -> Exec['puppet_master_start'] + + concat::fragment { 'puppet.conf-master': + order => '05', + target => "/etc/puppet/puppet.conf", + content => template("puppet/puppet.conf-master.erb"), + } + + exec { 'puppet_master_start': + command => '/usr/bin/nohup puppet master &', + refresh => '/usr/bin/pkill puppet && /usr/bin/nohup puppet master &', + unless => "/bin/ps -ef | grep -v grep | /bin/grep 'puppet master'", + require => File['/etc/puppet/puppet.conf'], + subscribe => Package[$puppet_master_package], } } - package { $puppet_master_package: - ensure => $version, + if ! defined(Concat[$puppet_conf]) { + concat { $puppet_conf: + mode => '0644', + require => $service_require, + notify => $service_notify, + } + } else { + Concat<| title == $puppet_conf |> { + require => $service_require, + notify +> $service_notify, + } } - file { '/etc/puppet/namespaceauth.conf': - owner => root, - group => root, - mode => 644, - source => 'puppet:///modules/puppet/namespaceauth.conf', + if ! defined(Concat::Fragment['puppet.conf-common']) { + concat::fragment { 'puppet.conf-common': + order => '00', + target => $puppet_conf, + content => template("puppet/puppet.conf-common.erb"), + } } - concat::fragment { 'puppet.conf-header': - order => '05', - target => "/etc/puppet/puppet.conf", - content => template("puppet/puppet.conf-master.erb"), - before => Service[$puppet_master_service], + file { $puppet_vardir: + ensure => directory, + recurse => true, + recurselimit => '1', + notify => $service_notify, } - service { $puppet_master_service: - ensure => running, - enable => true, - hasstatus => true, - require => File['/etc/puppet/puppet.conf'], - #before => Service['httpd']; + if defined(File['/etc/puppet']) { + File ['/etc/puppet'] { + require +> Package[$puppet_master_package], + notify +> $service_notify + } } } diff --git a/manifests/params.pp b/manifests/params.pp index c04603f7e..7ba801e66 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -12,20 +12,24 @@ # class puppet::params { - $puppet_server = 'baal.puppetlabs.com' + $puppet_server = 'aserver.puppetlabs.lan' $puppet_storeconfigs_password = 'password' $modulepath = "/etc/puppet/modules" - $storeconfigs = 'false' - $storeconfigs_dbadapter = 'sqlite3' + $storeconfigs_dbadapter = 'mysql' $storeconfigs_dbuser = 'puppet' $storeconfigs_dbpassword = 'password' $storeconfigs_dbserver = 'localhost' $storeconfigs_dbsocket = '/var/run/mysqld/mysqld.sock' $certname = $fqdn + $confdir = '/etc/puppet/puppet.conf' + $manifest = '/etc/puppet/manifests/site.pp' + $puppet_site = $fqdn + $puppet_docroot = '/etc/puppet/rack/public/' + $puppet_passenger_port = '8140' case $operatingsystem { 'centos', 'redhat', 'fedora': { - $puppet_master_package = 'puppet-server' + $puppet_master_package = 'puppet' $puppet_master_service = 'puppetmaster' $puppet_agent_service = 'puppet' $puppet_agent_name = 'puppet' @@ -38,7 +42,7 @@ $puppet_ssldir = '/var/lib/puppet/ssl' } 'ubuntu', 'debian': { - $puppet_master_package = 'puppetmaster' + $puppet_master_package = 'puppet' $puppet_master_service = 'puppetmaster' $puppet_agent_service = 'puppet' $puppet_agent_name = 'puppet' diff --git a/manifests/storeconfigs.pp b/manifests/storeconfigs.pp index e6561cd18..479f3163c 100644 --- a/manifests/storeconfigs.pp +++ b/manifests/storeconfigs.pp @@ -11,25 +11,32 @@ # Sample Usage: # class puppet::storeconfigs ( - $storeconfigs_dbadapter, - $storeconfigs_dbuser, - $storeconfigs_dbpassword, - $storeconfigs_dbserver, - $storeconfigs_dbsocket + $dbadapter, + $dbuser, + $dbpassword, + $dbserver, + $dbsocket ) { + # This version of activerecord works with Ruby 1.8.5 and Centos 5. + # This ensure should be fixed. + package {'activerecord': + ensure => '2.2.2', + provider => gem, + } + case $dbadapter { 'sqlite3': { - include puppet::storeconfig::sqlite + include puppet::storeconfigs::sqlite } 'mysql': { - class { - "puppet::storeconfigs::mysql": - dbuser => $storeconfigs_dbuser, - dbpassword => $storeconfigs_dbpassword, + class { + "puppet::storeconfigs::mysql": + dbuser => $dbuser, + dbpassword => $dbpassword, } } - default: { err("targer dbadapter $storeconfigs_dbadapter not implemented") } + default: { err("target dbadapter $dbadapter not implemented") } } concat::fragment { 'puppet.conf-master-storeconfig': diff --git a/manifests/storeconfigs/mysql.pp b/manifests/storeconfigs/mysql.pp index 951d35739..930a67a35 100644 --- a/manifests/storeconfigs/mysql.pp +++ b/manifests/storeconfigs/mysql.pp @@ -1,34 +1,27 @@ class puppet::storeconfigs::mysql ( - $storeconfigs_dbuser, - $storeconfigs_dbpassword + $dbuser, + $dbpassword, + $install_packages = false ){ include puppet::params - package { $puppet::params::puppet_storeconfigs_packages: - ensure => installed, - } - - package { 'mysql': - ensure => installed, - provider => 'gem', - } - - database{ 'puppet': - ensure => present, - charset => 'utf8', - } - - database_user{"$dbuser@localhost": - ensure => present, - password_hash => mysql_password($storeconfigs_dbpassword), - require => Database['puppet'], - } - - database_grant{ 'puppet@localhost/puppet': - privileges => [all], - require => [ Database['puppet'], Database_user['puppet@localhost'] ], - } + if $install_packages { + package { $puppet::params::puppet_storeconfigs_packages: + ensure => installed, + } + package { 'mysql': + ensure => installed, + provider => 'gem', + } + } + mysql::db { 'puppet': + user => $dbuser, + password => $dbpassword, + charset => 'utf8', + host => 'localhost', + grant => 'all', + } } diff --git a/templates/apache2.conf.erb b/templates/apache2.conf.erb new file mode 100644 index 000000000..bc1ef48e4 --- /dev/null +++ b/templates/apache2.conf.erb @@ -0,0 +1,30 @@ +LoadModule ssl_module modules/mod_ssl.so + +Listen <%= puppet_passenger_port %> + +> + ServerName <%= puppet_site %> + SSLEngine on + SSLProtocol -ALL +SSLv3 +TLSv1 + SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP + + SSLCertificateFile <%= puppet_ssldir %>/certs/<%= certname %>.pem + SSLCertificateKeyFile <%= puppet_ssldir %>/private_keys/<%= certname %>.pem + SSLCertificateChainFile <%= puppet_ssldir %>/ca/ca_crt.pem + SSLCACertificateFile <%= puppet_ssldir %>/ca/ca_crt.pem + # If Apache complains about invalid signatures on the CRL, you can try disabling + # CRL checking by commenting the next line, but this is not recommended. + SSLCARevocationFile <%= puppet_ssldir %>/ca/ca_crl.pem + SSLVerifyClient optional + SSLVerifyDepth 1 + SSLOptions +StdEnvVars + + DocumentRoot <%= puppet_docroot %> + RackBaseURI / + + Options None + AllowOverride None + Order allow,deny + allow from all + + diff --git a/templates/puppet-server.conf.erb b/templates/puppet-server.conf.erb index 3009837f6..63049b25c 100644 --- a/templates/puppet-server.conf.erb +++ b/templates/puppet-server.conf.erb @@ -25,6 +25,6 @@ reporturl = http://dashboard.puppetlabs.com/reports storeconfigs = true dbadapter = mysql dbuser = puppet -dbpassword = <%= puppet_storedconfig_password %> +dbpassword = <%= puppet_storedconfig_password %> dbserver = localhost dbsocket = /var/run/mysqld/mysqld.sock diff --git a/templates/puppet.conf-common.erb b/templates/puppet.conf-common.erb index 9528b0b4f..725f57e49 100644 --- a/templates/puppet.conf-common.erb +++ b/templates/puppet.conf-common.erb @@ -1,17 +1,17 @@ [main] -server = <%= puppet_server %> -logdir = <%= puppet_logdir %> -vardir = <%= puppet_vardir %> -ssldir = <%= puppet_ssldir %> -rundir = /var/run/puppet -factpath = $vardir/lib/facter -pluginsync = true -templatedir = $confdir/templates +server = <%= puppet_server %> +logdir = <%= puppet_logdir %> +vardir = <%= puppet_vardir %> +ssldir = <%= puppet_ssldir %> +rundir = /var/run/puppet +factpath = $vardir/lib/facter +pluginsync = true +templatedir = $confdir/templates <% if operatingsystem == "Ubuntu" %> -prerun_command = /etc/puppet/etckeeper-commit-pre -postrun_command = /etc/puppet/etckeeper-commit-post +prerun_command = /etc/puppet/etckeeper-commit-pre +postrun_command = /etc/puppet/etckeeper-commit-post <% end %> [agent] -report = true -environment = production +report = true +environment = production diff --git a/templates/puppet.conf-master-storeconfigs.erb b/templates/puppet.conf-master-storeconfigs.erb index 17582a070..2a719c520 100644 --- a/templates/puppet.conf-master-storeconfigs.erb +++ b/templates/puppet.conf-master-storeconfigs.erb @@ -1,7 +1,7 @@ -storeconfigs = <%= storeconfigs %> -dbadapter = <%= storeconfigs_dbadapter %> -dbuser = <%= storeconfigs_dbuser %> -dbpassword = <%= storeconfigs_dbpassword %> -dbserver = <%= storeconfigs_dbserver %> -dbsocket = <%= storeconfigs_dbsocket %> -dbmigrate = true +storeconfigs = <%= storeconfigs %> +dbadapter = <%= dbadapter %> +dbuser = <%= dbuser %> +dbpassword = <%= dbpassword %> +dbserver = <%= dbserver %> +dbsocket = <%= dbsocket %> +dbmigrate = true diff --git a/templates/puppet.conf-master.erb b/templates/puppet.conf-master.erb index 28f436843..925629413 100644 --- a/templates/puppet.conf-master.erb +++ b/templates/puppet.conf-master.erb @@ -1,6 +1,16 @@ + [master] -modulepath = <%= modulepath %> -environment = production -manifest = $confdir/manifests/site.pp -ssl_client_header = SSL_CLIENT_S_DN -ssl_client_verify_header = SSL_CLIENT_VERIFY +modulepath = <%= modulepath %> +manifest = <%= manifest %> +environment = production +autosign = <%= autosign %> +ssl_client_header = SSL_CLIENT_S_DN +ssl_client_verify_header = SSL_CLIENT_VERIFY +certname = <%= certname %> +report = true +reports = store, http +<% if dashboard_port != 'UNSET' -%> +reporturl = http://<%= puppet_site %>:<%= dashboard_port %>/reports +<% else -%> +reporturl = http://<%= puppet_site %>/reports +<% end -%> \ No newline at end of file