diff options
Diffstat (limited to 'puppet/manifests')
-rw-r--r-- | puppet/manifests/bootstrap/configurator.pp | 208 | ||||
-rw-r--r-- | puppet/manifests/bootstrap/debian.pp | 10 | ||||
-rw-r--r-- | puppet/manifests/bootstrap/host.pp | 24 | ||||
-rw-r--r-- | puppet/manifests/bootstrap/master.pp | 12 | ||||
-rw-r--r-- | puppet/manifests/bootstrap/vagrant.pp | 49 | ||||
-rw-r--r-- | puppet/manifests/classes/users.pp | 33 | ||||
-rw-r--r-- | puppet/manifests/classes/websites.pp | 42 | ||||
l--------- | puppet/manifests/hiera | 1 | ||||
-rw-r--r-- | puppet/manifests/modules.pp | 6 | ||||
-rw-r--r-- | puppet/manifests/nodes.pp | 5 | ||||
-rw-r--r-- | puppet/manifests/nodes/.empty | 0 | ||||
-rw-r--r-- | puppet/manifests/site.pp | 8 |
12 files changed, 398 insertions, 0 deletions
diff --git a/puppet/manifests/bootstrap/configurator.pp b/puppet/manifests/bootstrap/configurator.pp new file mode 100644 index 0000000..d93a0ce --- /dev/null +++ b/puppet/manifests/bootstrap/configurator.pp @@ -0,0 +1,208 @@ +# +# Puppet Bootstrap Configuration Manifest. +# +# This file is responsible to set custom configuration in the bootstrap +# repository for values set in the hiera configuration. +# +# This manifest is useful mostly after you cloned the puppet-boostrap module +# and want to configure it to boostrap a whole puppetmaster infrastructure. +# + +# +# Basic variables +# +$templates = "$bootstrap_path/templates" +$base_domain = hiera('bootstrap::base_domain', "${::domain}") +$first_hostname = hiera('bootstrap::first_hostname', "${::hostname}") +$first_nodes = hiera('bootstrap::first_nodes', 'absent') +$db_password = hiera('nodo::role::master::db_password', '') +$mysql_rootpw = hiera('mysql::server::rootpw', '') +$root_password = hiera('bootstrap::root::password', '') +$first_user = hiera('bootstrap::first_user', 'user') +$first_user_password = hiera('bootstrap::first_user::password', '') +$first_user_sshkey = hiera('bootstrap::first_user::sshkey', '') +$first_user_email = hiera('bootstrap::first_user::email', 'user@example.org') +$resolvconf_nameservers = hiera('nodo::subsystem::resolver::nameservers', '201.6.2.152:201.6.2.32') +$global_munin_allow = hiera('nodo::munin_node::allow', '192.168.0.[0-9]*') + +# +# Check bootstrap configuration +# + +if ($mysql_rootpw == '') { + alert('You must set mysql::server::rootpw at your configuration') + fail() +} + +if ($db_password == '') { + alert('You must set nodo::role::master::db_password at your configuration') + fail() +} + +if ($root_password == '') { + alert('You must set bootstrap::root::password at your configuration') + fail() +} + +if ($first_user_password == '') { + alert('You must set bootstrap::first_user::password at your configuration') + fail() +} + +# +# Puppet configuration +# +file { "$bootstrap_path/puppet.conf": + ensure => present, + mode => 0644, + content => template("$templates/puppet/puppet.conf.erb"), +} + +# Fileserver configuration +file { "$bootstrap_path/fileserver.conf": + ensure => present, + mode => 0644, + content => template("$templates/puppet/fileserver.conf.erb"), +} + +file { "$bootstrap_path/auth.conf": + ensure => present, + mode => 0644, + content => template("$templates/puppet/auth.conf.erb"), +} + +# +# Basic users +# +file { "$bootstrap_path/manifests/classes/users.pp": + ensure => present, + mode => 0644, + content => template("$templates/puppet/users.pp.erb"), +} + +# +# Site files +# + +file { "$bootstrap_path/modules/site_apache/files/htdocs/images/README.html": + ensure => present, + mode => 0644, + content => template("$templates/apache/htdocs/images/README.html.erb"), +} + +file { "$bootstrap_path/modules/site_apache/files/htdocs/index.html": + ensure => present, + mode => 0644, + content => template("$templates/apache/htdocs/index.html.erb"), +} + +file { "$bootstrap_path/modules/site_apache/files/htdocs/missing.html": + ensure => present, + mode => 0644, + content => template("$templates/apache/htdocs/missing.html.erb"), +} + +file { "$bootstrap_path/modules/site_apache/files/vhosts/git": + ensure => present, + mode => 0644, + content => template("$templates/apache/vhosts/git.erb"), +} + +file { "$bootstrap_path/modules/site_apache/files/vhosts/lists": + ensure => present, + mode => 0644, + content => template("$templates/apache/vhosts/lists.erb"), +} + +file { "$bootstrap_path/modules/site_apache/files/vhosts/mail": + ensure => present, + mode => 0644, + content => template("$templates/apache/vhosts/mail.erb"), +} + +file { "$bootstrap_path/modules/site_apache/files/vhosts/nagios": + ensure => present, + mode => 0644, + content => template("$templates/apache/vhosts/nagios.erb"), +} + +file { "$bootstrap_path/modules/site_apache/files/vhosts/wiki": + ensure => present, + mode => 0644, + content => template("$templates/apache/vhosts/wiki.erb"), +} + +file { "$bootstrap_path/modules/site_mail/files/aliases": + ensure => present, + mode => 0644, + content => template("$templates/etc/aliases.erb"), +} + +file { "$bootstrap_path/modules/site_nagios/files/htpasswd.users": + ensure => present, + mode => 0644, + content => template("$templates/etc/nagios3/htpasswd.users.erb"), +} + +file { "$bootstrap_path/modules/site_nginx/files/$domain": + ensure => present, + mode => 0644, + content => template("$templates/etc/nginx/domain.erb"), +} + +file { "$bootstrap_path/modules/site_postfix/files/tls_policy": + ensure => present, + mode => 0644, + content => template("$templates/postfix/tls_policy.erb"), +} + +# +# Basic nodes +# +file { "$bootstrap_path/manifests/nodes.pp": + ensure => present, + mode => 0644, + content => template("$templates/puppet/nodes.pp.erb"), +} + +# First host +file { "$bootstrap_path/manifests/nodes/$first_hostname.pp": + ensure => $first_nodes, + mode => 0644, + content => template("$templates/puppet/server.pp.erb"), +} + +# Master node +file { "$bootstrap_path/manifests/nodes/$first_hostname-master.pp": + ensure => $first_nodes, + mode => 0644, + content => template("$templates/puppet/master.pp.erb"), +} + +# Proxy node +file { "$bootstrap_path/manifests/nodes/$first_hostname-proxy.pp": + ensure => $first_nodes, + mode => 0644, + content => template("$templates/puppet/proxy.pp.erb"), +} + +# Web node +file { "$bootstrap_path/manifests/nodes/$first_hostname-web.pp": + ensure => $first_nodes, + mode => 0644, + content => template("$templates/puppet/web.pp.erb"), +} + +# Storage node +file { "$bootstrap_path/manifests/nodes/$first_hostname-storage.pp": + ensure => $first_nodes, + mode => 0644, + content => template("$templates/puppet/storage.pp.erb"), +} + +# Test node +file { "$bootstrap_path/manifests/nodes/$first_hostname-test.pp": + ensure => $first_nodes, + mode => 0644, + content => template("$templates/puppet/test.pp.erb"), +} diff --git a/puppet/manifests/bootstrap/debian.pp b/puppet/manifests/bootstrap/debian.pp new file mode 100644 index 0000000..3038324 --- /dev/null +++ b/puppet/manifests/bootstrap/debian.pp @@ -0,0 +1,10 @@ +# +# This manifest is intended to configure a vagrant +# virtual machine for debian development. +# + +# Import vagrant configuration +import "vagrant.pp" + +# Debian utilities +include nodo::utils::development::debian diff --git a/puppet/manifests/bootstrap/host.pp b/puppet/manifests/bootstrap/host.pp new file mode 100644 index 0000000..c1aead8 --- /dev/null +++ b/puppet/manifests/bootstrap/host.pp @@ -0,0 +1,24 @@ +# +# This manifest is intended to configure the initial +# machine wich will host the first puppetmaster +# virtual machine. +# + +# Import site configuration +import "../site.pp" + +# The server role +include nodo::role::server + +# Creates vserver for administrative node +nodo::vserver::instance { "$hostname-master": + context => '2', + puppetmaster => true, +} + +# Create a host entry for this puppet node +host { "puppet": + ensure => present, + ip => "192.168.0.2", + host_aliases => [ "puppet.$domain", "admin" ], +} diff --git a/puppet/manifests/bootstrap/master.pp b/puppet/manifests/bootstrap/master.pp new file mode 100644 index 0000000..51167f3 --- /dev/null +++ b/puppet/manifests/bootstrap/master.pp @@ -0,0 +1,12 @@ +# +# This manifest is intended to configure the initial +# puppetmaster node. +# +# Once it's running it can setup all the other nodes. +# + +# Import site configuration +import "../site.pp" + +# Include the master node configuration +include nodo::role::master diff --git a/puppet/manifests/bootstrap/vagrant.pp b/puppet/manifests/bootstrap/vagrant.pp new file mode 100644 index 0000000..9206db6 --- /dev/null +++ b/puppet/manifests/bootstrap/vagrant.pp @@ -0,0 +1,49 @@ +# +# This manifest is intended to configure a vagrant +# virtual machine. +# + +# Import site configuration +import "../site.pp" + +# +# Stage definitions +# + +stage { 'first': + before => Stage['main'], +} + +stage { 'last': } +Stage['main'] -> Stage['last'] + +# +# Class definitions +# + +# Vagrant classes +include nodo::role::vagrant + +class vagrant_config { + # Symlink to the mounted module folder + file { '/etc/puppet/modules': + ensure => '/etc/puppet/modules-0', + force => true, + } + + # Ensure a custom hiera configuration + file { '/etc/puppet/hiera.yaml': + owner => root, + group => root, + mode => 0644, + force => true, + ensure => '/etc/puppet/hiera/hiera.yaml', + } +} + +# +# Class instantiations +# +class { 'vagrant_config': + stage => first, +} diff --git a/puppet/manifests/classes/users.pp b/puppet/manifests/classes/users.pp new file mode 100644 index 0000000..7ebc9a8 --- /dev/null +++ b/puppet/manifests/classes/users.pp @@ -0,0 +1,33 @@ +class users::virtual inherits user { + # define custom users here +} + +class users::backup inherits user { + # define third-party hosted backup users here +} + +class users::admin inherits user { + + # Reprepro group needed for web nodes + #if !defined(Group["reprepro"]) { + # group { "reprepro": + # ensure => present, + # } + #} + + # root user and password (default 'vagrant' passphrase) + user::manage { "root": + tag => "admin", + homedir => '/root', + password => '$5$aosRByu9U0$Cc7l2vpjV4sRLlao2JmG0lxOnD2crNLU7gZfn2eayu.', + } + + # first user config (default 'vagrant' passphrase and pubkey) + user::manage { "vagrant": + tag => "admin", + groups => [ "sudo", ], + password => '$5$NCuDu81a$iHr7tZiGX0tKooq6N0bEwE7QDhRqfI9/yyD7WU1GiFB', + sshkey => [ "AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ==" ], + } + +} diff --git a/puppet/manifests/classes/websites.pp b/puppet/manifests/classes/websites.pp new file mode 100644 index 0000000..35f27c6 --- /dev/null +++ b/puppet/manifests/classes/websites.pp @@ -0,0 +1,42 @@ +class websites::admin inherits websites::hosting::admin { + # An administrative Trac instance + #apache::site { "admin": + # docroot => "${apache::sites_folder}/admin/trac/htdocs", + # use => [ "Trac admin" ], + # redirect_match => "trac", + # mpm => false, + # tag => 'all', + #} + + apache::site { "munin": + docroot => '/var/www/munin', + owner => "munin", + group => "munin", + mpm => false, + tag => 'all', + } + + apache::site { "nagios": + source => true, + docroot => '/usr/share/nagios3/htdocs', + mpm => false, + tag => 'all', + } +} + +class websites inherits websites::hosting { + # Website definitions: always use tagged resources + + #apache::site { "site": + # source => true, + # ticket => '001', + # docroot => '/var/www/site', + # tag => 'all', + #} + + #database::instance { "site": + # password => 'xxx', + # tag => 'all', + #} + +} diff --git a/puppet/manifests/hiera b/puppet/manifests/hiera new file mode 120000 index 0000000..ba8aae1 --- /dev/null +++ b/puppet/manifests/hiera @@ -0,0 +1 @@ +../hiera
\ No newline at end of file diff --git a/puppet/manifests/modules.pp b/puppet/manifests/modules.pp new file mode 100644 index 0000000..3df3fe3 --- /dev/null +++ b/puppet/manifests/modules.pp @@ -0,0 +1,6 @@ +# +# Module definitions. +# + +# Nodo automatically import all modules we need. +import "nodo" diff --git a/puppet/manifests/nodes.pp b/puppet/manifests/nodes.pp new file mode 100644 index 0000000..b90f04e --- /dev/null +++ b/puppet/manifests/nodes.pp @@ -0,0 +1,5 @@ +# +# Node definitions. +# + +#import "nodes/example.pp" diff --git a/puppet/manifests/nodes/.empty b/puppet/manifests/nodes/.empty new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/puppet/manifests/nodes/.empty diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp new file mode 100644 index 0000000..6f3e5aa --- /dev/null +++ b/puppet/manifests/site.pp @@ -0,0 +1,8 @@ +# +# Puppet site configuration. +# + +import "classes/users.pp" +import "classes/websites.pp" +import "modules.pp" +import "nodes.pp" |