From 58bb91f094611e95ccda0b2a2ed5756225c41617 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Sep 2012 10:57:26 +0200 Subject: initial site.pp --- puppet/manifests/site.pp | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 puppet/manifests/site.pp (limited to 'puppet/manifests') diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp new file mode 100644 index 00000000..3a136015 --- /dev/null +++ b/puppet/manifests/site.pp @@ -0,0 +1,3 @@ +node "default" { + notify {'Hello World':} +} -- cgit v1.2.3 From 2c2e3608a251bdb8210767484e05c896f6803d6c Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Sep 2012 11:29:17 +0200 Subject: beginning of openvpn server config --- puppet/manifests/site.pp | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) (limited to 'puppet/manifests') diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index 3a136015..39173f95 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -1,3 +1,15 @@ -node "default" { - notify {'Hello World':} +node 'cougar.leap.se' { + openvpn::server { + 'cougar.leap.se': + country => 'TR', + province => 'Ankara', + city => 'Ankara', + organization => 'leap.se', + email => 'sysdev@leap.se'; +} + +} + +node 'default' { + notify {'Please specify a host in site.pp!':} } -- cgit v1.2.3 From caeac390b217849e8e57ac3afeb4061099e3fec5 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Sep 2012 12:10:21 +0200 Subject: use node default again, more openvpn config --- puppet/manifests/site.pp | 75 ++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 70 insertions(+), 5 deletions(-) (limited to 'puppet/manifests') diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index 39173f95..890d2623 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -1,4 +1,6 @@ -node 'cougar.leap.se' { +node 'default' { + notify {'Please specify a host in site.pp!':} + openvpn::server { 'cougar.leap.se': country => 'TR', @@ -6,10 +8,73 @@ node 'cougar.leap.se' { city => 'Ankara', organization => 'leap.se', email => 'sysdev@leap.se'; -} + } -} +# configure server + + + openvpn::option { + "dev server1": + key => "dev", + value => "tun0", + server => "server1"; + "script-security server1": + key => "script-security", + value => "3", + server => "server1"; + "daemon server1": + key => "daemon", + server => "server1"; + "keepalive server1": + key => "keepalive", + value => "10 60", + server => "server1"; + "ping-timer-rem server1": + key => "ping-timer-rem", + server => "server1"; + "persist-tun server1": + key => "persist-tun", + server => "server1"; + "persist-key server1": + key => "persist-key", + server => "server1"; + "proto server1": + key => "proto", + value => "tcp-server", + server => "server1"; + "cipher server1": + key => "cipher", + value => "BF-CBC", + server => "server1"; + "local server1": + key => "local", + value => $ipaddress, + server => "server1"; + "tls-server server1": + key => "tls-server", + server => "server1"; + "server server1": + key => "server", + value => "10.10.10.0 255.255.255.0", + server => "server1"; + "lport server1": + key => "lport", + value => "1194", + server => "server1"; + "management server1": + key => "management", + value => "/var/run/openvpn-server1.sock unix", + server => "server1"; + "comp-lzo server1": + key => "comp-lzo", + server => "server1"; + "topology server1": + key => "topology", + value => "subnet", + server => "server1"; + "client-to-client server1": + key => "client-to-client", + server => "server1"; + } -node 'default' { - notify {'Please specify a host in site.pp!':} } -- cgit v1.2.3 From 72987f7f86bd322e8ea68ff2633c76a29c6c2f95 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Sep 2012 12:14:06 +0200 Subject: more openvpn config testing --- puppet/manifests/site.pp | 74 +++++++++++++++++++++++++----------------------- 1 file changed, 38 insertions(+), 36 deletions(-) (limited to 'puppet/manifests') diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index 890d2623..de551aed 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -1,8 +1,10 @@ node 'default' { notify {'Please specify a host in site.pp!':} + $openvpn_server='cougar.leap.se' + openvpn::server { - 'cougar.leap.se': + "$openvpn_server": country => 'TR', province => 'Ankara', city => 'Ankara', @@ -14,67 +16,67 @@ node 'default' { openvpn::option { - "dev server1": + "dev $openvpn_server": key => "dev", value => "tun0", - server => "server1"; - "script-security server1": + server => "$openvpn_server"; + "script-security $openvpn_server": key => "script-security", value => "3", - server => "server1"; - "daemon server1": + server => "$openvpn_server"; + "daemon $openvpn_server": key => "daemon", - server => "server1"; - "keepalive server1": + server => "$openvpn_server"; + "keepalive $openvpn_server": key => "keepalive", value => "10 60", - server => "server1"; - "ping-timer-rem server1": + server => "$openvpn_server"; + "ping-timer-rem $openvpn_server": key => "ping-timer-rem", - server => "server1"; - "persist-tun server1": + server => "$openvpn_server"; + "persist-tun $openvpn_server": key => "persist-tun", - server => "server1"; - "persist-key server1": + server => "$openvpn_server"; + "persist-key $openvpn_server": key => "persist-key", - server => "server1"; - "proto server1": + server => "$openvpn_server"; + "proto $openvpn_server": key => "proto", value => "tcp-server", - server => "server1"; - "cipher server1": + server => "$openvpn_server"; + "cipher $openvpn_server": key => "cipher", value => "BF-CBC", - server => "server1"; - "local server1": + server => "$openvpn_server"; + "local $openvpn_server": key => "local", value => $ipaddress, - server => "server1"; - "tls-server server1": + server => "$openvpn_server"; + "tls-server $openvpn_server": key => "tls-server", - server => "server1"; - "server server1": + server => "$openvpn_server"; + "server $openvpn_server": key => "server", value => "10.10.10.0 255.255.255.0", - server => "server1"; - "lport server1": + server => "$openvpn_server"; + "lport $openvpn_server": key => "lport", value => "1194", - server => "server1"; - "management server1": + server => "$openvpn_server"; + "management $openvpn_server": key => "management", - value => "/var/run/openvpn-server1.sock unix", - server => "server1"; - "comp-lzo server1": + value => "/var/run/openvpn-$openvpn_server.sock unix", + server => "$openvpn_server"; + "comp-lzo $openvpn_server": key => "comp-lzo", - server => "server1"; - "topology server1": + server => "$openvpn_server"; + "topology $openvpn_server": key => "topology", value => "subnet", - server => "server1"; - "client-to-client server1": + server => "$openvpn_server"; + "client-to-client $openvpn_server": key => "client-to-client", - server => "server1"; + server => "$openvpn_server"; } } -- cgit v1.2.3 From bdfcfbb8702748ab013190b0116735fe56f7531e Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 7 Sep 2012 13:06:00 +0200 Subject: use hiere for openvpn CA --- puppet/manifests/site.pp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'puppet/manifests') diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index de551aed..0d1f426d 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -1,15 +1,15 @@ node 'default' { notify {'Please specify a host in site.pp!':} - $openvpn_server='cougar.leap.se' + $openvpn_server=$::fqdn openvpn::server { "$openvpn_server": - country => 'TR', - province => 'Ankara', - city => 'Ankara', - organization => 'leap.se', - email => 'sysdev@leap.se'; + country => hiera("country"), + province => hiera("province"), + city => hiera("city"), + organization => hiera("organization"), + email => hiera("email"); } # configure server -- cgit v1.2.3 From 429944efaac25766a5999966d8f52f74a0e0292b Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 20 Sep 2012 11:49:52 +0200 Subject: using class site_openvpn --- puppet/manifests/site.pp | 86 ++++-------------------------------------------- 1 file changed, 7 insertions(+), 79 deletions(-) (limited to 'puppet/manifests') diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index 0d1f426d..1bfc730e 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -1,82 +1,10 @@ node 'default' { - notify {'Please specify a host in site.pp!':} - - $openvpn_server=$::fqdn - - openvpn::server { - "$openvpn_server": - country => hiera("country"), - province => hiera("province"), - city => hiera("city"), - organization => hiera("organization"), - email => hiera("email"); - } - -# configure server - - - openvpn::option { - "dev $openvpn_server": - key => "dev", - value => "tun0", - server => "$openvpn_server"; - "script-security $openvpn_server": - key => "script-security", - value => "3", - server => "$openvpn_server"; - "daemon $openvpn_server": - key => "daemon", - server => "$openvpn_server"; - "keepalive $openvpn_server": - key => "keepalive", - value => "10 60", - server => "$openvpn_server"; - "ping-timer-rem $openvpn_server": - key => "ping-timer-rem", - server => "$openvpn_server"; - "persist-tun $openvpn_server": - key => "persist-tun", - server => "$openvpn_server"; - "persist-key $openvpn_server": - key => "persist-key", - server => "$openvpn_server"; - "proto $openvpn_server": - key => "proto", - value => "tcp-server", - server => "$openvpn_server"; - "cipher $openvpn_server": - key => "cipher", - value => "BF-CBC", - server => "$openvpn_server"; - "local $openvpn_server": - key => "local", - value => $ipaddress, - server => "$openvpn_server"; - "tls-server $openvpn_server": - key => "tls-server", - server => "$openvpn_server"; - "server $openvpn_server": - key => "server", - value => "10.10.10.0 255.255.255.0", - server => "$openvpn_server"; - "lport $openvpn_server": - key => "lport", - value => "1194", - server => "$openvpn_server"; - "management $openvpn_server": - key => "management", - value => "/var/run/openvpn-$openvpn_server.sock unix", - server => "$openvpn_server"; - "comp-lzo $openvpn_server": - key => "comp-lzo", - server => "$openvpn_server"; - "topology $openvpn_server": - key => "topology", - value => "subnet", - server => "$openvpn_server"; - "client-to-client $openvpn_server": - key => "client-to-client", - server => "$openvpn_server"; - } + $service='eip' + $password=hiera('testpw') + $openvpn_ports=hiera_array('openvpn_ports') + $tor=hiera('tor') + notify {"Password: $password":} + notify {"Openvpn Config for $fqdn: openvpn_ports=$openvpn_ports, tor=$tor":} + #include site_openvpn } -- cgit v1.2.3 From 764ae6f21a8a54af78b29fc14876af36e2dd4651 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 20 Sep 2012 13:39:23 +0200 Subject: parse new config layout --- puppet/manifests/site.pp | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) (limited to 'puppet/manifests') diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index 1bfc730e..bb29e393 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -1,10 +1,22 @@ +define print() { + notice("The value is: '${name}'") +} + + node 'default' { - $service='eip' - $password=hiera('testpw') - $openvpn_ports=hiera_array('openvpn_ports') - $tor=hiera('tor') - notify {"Password: $password":} - notify {"Openvpn Config for $fqdn: openvpn_ports=$openvpn_ports, tor=$tor":} - #include site_openvpn + #$password=hiera('testpw') + #notify {"Password: $password":} + + $services=hiera_array('services') + notice("Services for $fqdn: $services") + + if 'eip' in $services { + $openvpn_ports=hiera_array('openvpn_ports') + $tor=hiera('tor') + notice("Openvpn Config for $fqdn: openvpn_ports=$openvpn_ports, tor=$tor") + print{$openvpn_ports:} + #include site_openvpn + } + } -- cgit v1.2.3 From 75e57c74d5aa0595e02435ca4de15b9df1cc6002 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 21 Sep 2012 12:45:36 +0200 Subject: parsing of hiera config hash works --- puppet/manifests/site.pp | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) (limited to 'puppet/manifests') diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index bb29e393..abb81511 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -1,7 +1,15 @@ define print() { - notice("The value is: '${name}'") + notice("The value is: '${name}'") +} + +define create_openvpn_config($port, $protocol) { + $openvpn_configname=$name + notice("Creating OpenVPN $openvpn_configname: + Port: $port, Protocol: $protocol") + # ... + #include site_openvpn + } - node 'default' { #$password=hiera('testpw') @@ -11,12 +19,9 @@ node 'default' { notice("Services for $fqdn: $services") if 'eip' in $services { - $openvpn_ports=hiera_array('openvpn_ports') + $openvpn=hiera('openvpn') $tor=hiera('tor') - notice("Openvpn Config for $fqdn: openvpn_ports=$openvpn_ports, tor=$tor") - print{$openvpn_ports:} - #include site_openvpn + notice("Tor enabled: $tor") + create_resources('create_openvpn_config', $openvpn) } - - } -- cgit v1.2.3 From 1c5eb8a64426c93d8118acac52870a6a95f73010 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 21 Sep 2012 15:03:08 +0200 Subject: oved things around --- puppet/manifests/site.pp | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) (limited to 'puppet/manifests') diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index abb81511..98e683af 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -2,26 +2,18 @@ define print() { notice("The value is: '${name}'") } -define create_openvpn_config($port, $protocol) { - $openvpn_configname=$name - notice("Creating OpenVPN $openvpn_configname: - Port: $port, Protocol: $protocol") - # ... - #include site_openvpn - -} - node 'default' { - #$password=hiera('testpw') - #notify {"Password: $password":} + $concat_basedir = '/var/lib/puppet/modules/concat' + include concat::setup $services=hiera_array('services') notice("Services for $fqdn: $services") if 'eip' in $services { - $openvpn=hiera('openvpn') $tor=hiera('tor') notice("Tor enabled: $tor") - create_resources('create_openvpn_config', $openvpn) + + $openvpn_config=hiera('openvpn') + create_resources('site_openvpn::server_config', $openvpn_config) } } -- cgit v1.2.3 From 276de1e249b25e5e00c49229132215681aee6467 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 21 Sep 2012 20:26:20 +0200 Subject: basic configuration for openvpn server files --- puppet/manifests/site.pp | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'puppet/manifests') diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index 98e683af..f7b7303f 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -1,19 +1,18 @@ -define print() { - notice("The value is: '${name}'") -} - node 'default' { - $concat_basedir = '/var/lib/puppet/modules/concat' + # $concat_basedir = '/var/lib/puppet/modules/concat' # do we need this ? include concat::setup $services=hiera_array('services') notice("Services for $fqdn: $services") if 'eip' in $services { + include site_openvpn + $tor=hiera('tor') notice("Tor enabled: $tor") - $openvpn_config=hiera('openvpn') - create_resources('site_openvpn::server_config', $openvpn_config) + $openvpn_configs=hiera('openvpn_server_configs') + create_resources('site_openvpn::server_config', $openvpn_configs) + } } -- cgit v1.2.3 From 8320de2fd5bd8fcb429dfc1b68527a1c39a8341f Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 23 Sep 2012 19:02:28 +0200 Subject: reorderd config, include site_sshd --- puppet/manifests/site.pp | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'puppet/manifests') diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index f7b7303f..a897de11 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -5,6 +5,14 @@ node 'default' { $services=hiera_array('services') notice("Services for $fqdn: $services") + # configure ssh and inculde ssh-keys + #include sshd + $ssh_keys=hiera_hash('ssh_keys') + include site_sshd + notice($ssh_keys) + create_resources('site_sshd::ssh_key', $ssh_keys) + + if 'eip' in $services { include site_openvpn -- cgit v1.2.3 From b6f07a78502ecbe850c0b798dfdd0fdb60a78425 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 24 Sep 2012 18:32:40 +0200 Subject: include some basic mclasses --- puppet/manifests/site.pp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'puppet/manifests') diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index a897de11..f70c0673 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -1,6 +1,10 @@ node 'default' { + + # include some basic classes # $concat_basedir = '/var/lib/puppet/modules/concat' # do we need this ? include concat::setup + include apt,git,lsb + $services=hiera_array('services') notice("Services for $fqdn: $services") @@ -21,6 +25,6 @@ node 'default' { $openvpn_configs=hiera('openvpn_server_configs') create_resources('site_openvpn::server_config', $openvpn_configs) - } + } -- cgit v1.2.3 From e73a5e34742a63d82ee4b1a84a779403d9f71bd7 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 24 Sep 2012 18:41:37 +0200 Subject: include common --- puppet/manifests/site.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/manifests') diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index f70c0673..5f58a733 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -3,8 +3,8 @@ node 'default' { # include some basic classes # $concat_basedir = '/var/lib/puppet/modules/concat' # do we need this ? include concat::setup - include apt,git,lsb - + include apt, lsb, git + import "common" $services=hiera_array('services') notice("Services for $fqdn: $services") -- cgit v1.2.3