diff options
55 files changed, 826 insertions, 654 deletions
@@ -31,14 +31,14 @@ By default puppet runs as its own daemon. However, you might want to run puppet by cron. To do this, you have to include `puppet::cron` instead of `puppet`. If you include puppet::cron then by default puppet will run twice an hour, spread amongst the half an hour depending on the host's fqdn. If you wish to change -that interval, you can tweak $puppet_crontime (NOTE: this variable only operates +that interval, you can tweak $crontime (NOTE: this variable only operates on the minute cron field). Clientbucket cleanup: --------------------- The individual node client buckets aren't cleaned up automatically, unless you -specify $puppet_cleanup_clientbucket = 'X', where X is the number of days you +specify cleanup_clientbucket = 'X', where X is the number of days you want to keep clientbucket files for. Use http compression diff --git a/files/client/puppet.conf b/files/client/puppet.conf index 09b47b1..ab8c552 100644 --- a/files/client/puppet.conf +++ b/files/client/puppet.conf @@ -1,25 +1,22 @@ [main] - logdir=/var/log/puppet - vardir=/var/lib/puppet - rundir=/var/run/puppet - - ssldir=$vardir/ssl - - # Where 3rd party plugins and modules are installed - libdir = $vardir/lib - - templatedir=$vardir/templates - modulepath=/etc/puppet/modules - factpath = $libdir/facter + confdir = /etc/puppet + logdir = /var/log/puppet + vardir = /var/lib/puppet + ssldir = $vardir/ssl + rundir = /var/run/puppet + factpath = $vardir/lib/facter + templatedir = $confdir/templates + #certname = puppetmaster01.example.com + #server = puppet.example.com + #user = pe-puppet + #group = pe-puppet + #archive_files = true + #archive_file_server = puppet.example.com -[puppetd] - report=true - pluginsync=true - - # Default environment - environment = production - - # Development environment - [development] - modulepath = /etc/puppet/development/modules - manifest = /etc/puppet/development/manifests/site.pp +[agent] + report = true + classfile = $vardir/classes.txt + localconfig = $vardir/localconfig + graph = true + pluginsync = true + environment = production diff --git a/files/master/config.ru b/files/master/config.ru index b0fd250..984017e 100644 --- a/files/master/config.ru +++ b/files/master/config.ru @@ -2,7 +2,7 @@ # SSL needs to be handled outside this, though. # if puppet is not in your RUBYLIB: -# $:.unshift('/opt/puppet/lib') +# $LOAD_PATH.unshift('/opt/puppet/lib') $0 = "master" @@ -11,16 +11,21 @@ $0 = "master" ARGV << "--rack" +# Rack applications typically don't start as root. Set --confdir and --vardir +# to prevent reading configuration from ~puppet/.puppet/puppet.conf and writing +# to ~puppet/.puppet +ARGV << "--confdir" << "/etc/puppet" +ARGV << "--vardir" << "/var/lib/puppet" # NOTE: it's unfortunate that we have to use the "CommandLine" class -# here to launch the app, but it contains some initialization logic -# (such as triggering the parsing of the config file) that is very -# important. We should do something less nasty here when we've -# gotten our API and settings initialization logic cleaned up. +# here to launch the app, but it contains some initialization logic +# (such as triggering the parsing of the config file) that is very +# important. We should do something less nasty here when we've +# gotten our API and settings initialization logic cleaned up. # # Also note that the "$0 = master" line up near the top here is -# the magic that allows the CommandLine class to know that it's -# supposed to be running master. +# the magic that allows the CommandLine class to know that it's +# supposed to be running master. # # --cprice 2012-05-22 diff --git a/files/master/puppet.conf b/files/master/puppet.conf index f6471d7..893dfb6 100644 --- a/files/master/puppet.conf +++ b/files/master/puppet.conf @@ -1,72 +1,36 @@ [main] - confdir=/srv/puppet/etc - - # Where Puppet stores dynamic and growing data. - # The default value is '/var/puppet'. - vardir = /srv/puppet - - # The Puppet log directory. - # The default value is '$vardir/log'. - logdir = /var/log/puppet - - # Where Puppet PID files are kept. - # The default value is '$vardir/run'. - rundir = /var/run/puppet - - # Where SSL certificates are kept. - # The default value is '$confdir/ssl'. - ssldir = $vardir/ssl - - factpath = $vardir/lib/facter - plugindest = $vardir/lib/puppet - -[agent] - # The file in which puppetd stores a list of the classes - # associated with the retrieved configuratiion. Can be loaded in - # the separate ``puppet`` executable using the ``--loadclasses`` - # option. - # The default value is '$confdir/classes.txt'. - classfile = $vardir/classes.txt - - # Where puppetd caches the local configuration. An - # extension indicating the cache format is added automatically. - # The default value is '$confdir/localconfig'. - localconfig = $vardir/localconfig - - report=true - pluginsync = true - - logdest=/var/log/puppet/puppet.log + confdir = /etc/puppet + logdir = /var/log/puppet + vardir = /var/lib/puppet + ssldir = $vardir/ssl + rundir = /var/run/puppet + factpath = $vardir/lib/facter + templatedir = $confdir/templates + #certname = puppetmaster01.example.com + #server = puppet.example.com + #user = pe-puppet + #group = pe-puppet + #archive_files = true + #archive_file_server = puppet.example.com [master] - reportdir = $logdir/reports - autoflush = true - #storeconfigs=true - dbadapter=mysql - dbserver=localhost - dbuser=puppet - dbpassword=**************** - dbsocket=/var/lib/mysql/mysql.sock - - #usage for clusters - #ssl_client_header=HTTP_X_SSL_SUBJECT - - # apache2/passenger usage: http://github.com/reductivelabs/puppet/tree/master/ext/rack - ssl_client_header = SSL_CLIENT_S_DN - ssl_client_verify_header = SSL_CLIENT_VERIFY - - - # specify allowed environments - environments=production,development - - # configure environments - [development] - manifest=$vardir/development/etc/manifests/site.pp - modulepath=$vardir/development/modules/ - templatepath=$vardir/development/templates/ - - [production] - manifest=$vardir/production/etc/manifests/site.pp - modulepath=$vardir/production/modules/ - templatepath=$vardir/production/templates/ + #certname = puppetmaster01.example.com + #dns_alt_names = puppetmaster01,puppetmaster01.example.com,puppet,puppet.example.com + #ca_name = 'Puppet CA generated on puppetmaster01.example.com at 2013-08-09 19:11:11 +0000' + reports = http,puppetdb + reporturl = https://localhost:443/reports/upload + #node_terminus = exec + #external_nodes = /etc/puppetlabs/puppet-dashboard/external_node + ssl_client_header = SSL_CLIENT_S_DN + ssl_client_verify_header = SSL_CLIENT_VERIFY + #storeconfigs_backend = puppetdb + #storeconfigs = true + #autosign = true +[agent] + report = true + classfile = $vardir/classes.txt + localconfig = $vardir/localconfig + graph = true + pluginsync = true + environment = production diff --git a/files/munin/puppet_ b/files/munin/puppet_ index ed488be..0fc8e52 100644 --- a/files/munin/puppet_ +++ b/files/munin/puppet_ @@ -2,100 +2,107 @@ # returns the mem usage of a given process def plist(psname) - counter = 0 - %x{ps h -o rss,size,vsize,pcpu -u puppet}.each do |ps| - rss,size,vsize,cpu = ps.split - counter += 1 - puts "puppetmasterd_#{counter}.value #{rss}" - - end - return + counter = 0 + %x{ps h -o rss,size,vsize,pcpu -u puppet}.each do |ps| + rss,size,vsize,cpu = ps.split + counter += 1 + puts "puppetmasterd_#{counter}.value #{rss}" + + end + return end # reports how many clients compiled in the last 5 minutes # repotrs how many unique clients compiled since the begining of the day # report the average compilation time for all clients in the last 5 minutes. -def phaselog - logfile = ENV['puppet_logfile'] || '/var/log/daemon.log' - count,avg,day_count_unique,day_count = 0 ,0 ,0, 0 - t = Time.now +def phaselog(logfile) + count,avg,day_count_unique,day_count = 0 ,0 ,0, 0 + t = Time.now today = t.strftime("^%b ") + " ?" + t.day.to_s - hour = today + t.strftime(" %H:") - m = t.min.to_i - last5m = "" - 6.times do |i| - last5m += hour - last5m += "0" if (m-i) < 10 - last5m += (m-i).to_s - last5m += "|" unless i==5 - end - hosts = Array.new - regexp = ".* for (.*) in (.*) seconds" + hour = today + t.strftime(" %H:") + m = t.min.to_i + last5m = "" + 6.times do |i| + last5m += hour + last5m += "0" if (m-i) < 10 + last5m += (m-i).to_s + last5m += "|" unless i==5 + end + hosts = Array.new + regexp = ".* for (.*) in (.*) seconds" - File.open(logfile).grep(/#{today}/).grep(/Compiled configuration|Compiled catalog/).each do |line| - case line - when /#{last5m}/ then - if line =~ /#{regexp}/ - avg += $2.to_f - count += 1 - unless hosts.include?($1) - hosts << $1 - end - end - when /#{regexp}/ then - day_count += 1 - unless hosts.include?($1) - hosts << $1 - day_count_unique += 1 - end - end - end - puts "avg_compile.value #{(avg / count).to_s[0..3]}" unless count == 0 - puts "last5m_count.value #{count}" - puts "last24h_unique_count.value #{day_count_unique}" + File.open(logfile).grep(/#{today}/).grep(/Compiled configuration|Compiled catalog/).each do |line| + case line + when /#{last5m}/ then + if line =~ /#{regexp}/ + avg += $2.to_f + count += 1 + unless hosts.include?($1) + hosts << $1 + end + end + when /#{regexp}/ then + day_count += 1 + unless hosts.include?($1) + hosts << $1 + day_count_unique += 1 + end + end + end + puts "avg_compile.value #{count == 0 ? 0 : (avg / count).to_s[0..3]}" + puts "last5m_count.value #{count}" + puts "last24h_unique_count.value #{day_count_unique}" end +sys_file = '/etc/default/puppetmaster' +sys_file = '/etc/sysconfig/puppetmaster' if !File.exists?(sys_file) && File.exists?('/etc/sysconfig/puppetmaster') +logfile = ENV['puppet_logfile'] || '/var/log/daemon.log' +facts_dir = ENV['facts_dir'] || '/var/lib/puppet/yaml/facts/' case ARGV[0] - when 'config' - case $0 - when /puppetmaster_memory/ - puts "graph_title puppetmaster memory usage" - puts "graph_vlabel memory" - # find out how many mongrel process we have - if any - File.open('/etc/default/puppetmaster') do |line| - @pm_process = line.grep(/PUPPETMASTERS/).to_s.split('=')[1].to_i - end - if @pm_process > 0 - @pm_process.times do |i| - puts "puppetmasterd_#{i+1}.label puppetmasterd #{i+1}" - end - else - puts "puppetmaster.label puppetmasterd" - end - when /puppet_clients/ - puts "graph_title puppet clients usage" - puts "graph_vlabel clients" - puts "known_clients.label Known Clients" - puts "avg_compile.label Average configuration compile" - puts "last5m_count.label Clients in the last 5 minutes" - puts "last24h_unique_count.label unique clients in the last 24 hours" - end - puts "graph_category puppet" - exit 0 - when 'autoconf' - case $0 - when /puppet_mem/,/puppet_clients/ - puts "yes" - else - puts "no" - exit 0 - end - else - plist("'ruby /usr/sbin/puppetmasterd'") if $0 =~ /puppet_mem$/ - if $0 =~ /puppet_clients$/ - puts "known_clients.value #{Dir.entries('/var/lib/puppet/yaml/facts/').size-2}" - phaselog - end + when 'config' + case $0 + when /puppetmaster_memory/ + puts "graph_title puppetmaster memory usage" + puts "graph_vlabel memory" + # find out how many mongrel process we have - if any + File.open(sys_files) do |line| + @pm_process = line.grep(/(PUPPETMASTERS|PUPPETMASTER_PORTS)/).to_s.split('=')[1].to_i + end + if @pm_process > 0 + @pm_process.times do |i| + puts "puppetmasterd_#{i+1}.label puppetmasterd #{i+1}" + end + else + puts "puppetmaster.label puppetmasterd" + end + when /puppet_clients/ + puts "graph_title puppet clients usage" + puts "graph_vlabel clients" + puts "known_clients.label Known Clients" + puts "avg_compile.label Average configuration compile" + puts "last5m_count.label Clients in the last 5 minutes" + puts "last24h_unique_count.label unique clients in the last 24 hours" + end + puts "graph_category puppet" + exit 0 + when 'autoconf' + case $0 + when /puppet_mem/,/puppet_clients/ + if File.exists?(sys_file) && File.exists?(logfile) && File.directory?(facts_dir) + puts "yes" + else + puts "no" + end + else + puts "no" + exit 0 + end + else + plist("'ruby /usr/sbin/puppetmasterd'") if $0 =~ /puppet_mem$/ + if $0 =~ /puppet_clients$/ + puts "known_clients.value #{Dir.entries(facts_dir).size-2}" + phaselog(logfile) + end end diff --git a/manifests/base.pp b/manifests/base.pp index 6ff8fa5..5cb4c5d 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -1,42 +1,50 @@ +# configure general things of puppet class puppet::base { - if !$puppet_config { $puppet_config = '/etc/puppet/puppet.conf' } - - $puppet_majorversion = regsubst($puppetversion,'^(\d+\.\d+).*$','\1') - - case $puppet_cleanup_clientbucket { + $puppet_majorversion = regsubst($::puppetversion,'^(\d+\.\d+).*$','\1') + case $puppet::cleanup_clientbucket { # if not set, don't do anything - '',undef: {} - default: { - tidy { "/var/lib/puppet/clientbucket": - backup => false, + '',undef,false: {} + default: { + tidy { '/var/lib/puppet/clientbucket': + backup => false, recurse => true, - rmdirs => true, - type => mtime, - age => "$puppet_cleanup_clientbucket"; + rmdirs => true, + type => mtime, + age => $puppet::cleanup_clientbucket; } } } file { 'puppet_config': - path => "$puppet_config", - source => [ "puppet:///modules/site_puppet/client/${fqdn}/puppet.conf", - "puppet:///modules/site_puppet/client/puppet.conf.$operatingsystem", - "puppet:///modules/site_puppet/client/puppet.conf", - "puppet:///modules/puppet/client/${puppet_majorversion}/puppet.conf.$operatingsystem", - "puppet:///modules/puppet/client/${puppet_majorversion}/puppet.conf", - "puppet:///modules/puppet/client/puppet.conf.$operatingsystem", - "puppet:///modules/puppet/client/puppet.conf" ], - notify => Service[puppet], - # if puppetmasterd is deployed by apache2/passenger it needs to read puppet.conf - # therefore it must be readable by puppet - owner => puppet, group => 0, mode => 600; + path => $puppet::config, + notify => Service[puppet], + # if puppetmasterd is deployed by apache2/passenger it needs + # to read puppet.conf. therefore it must be readable by puppet + owner => puppet, + group => 0, + mode => '0600'; + } + if $puppet::config_content { + File['puppet_config'] { + content => $puppet::config_content + } + } else { + File['puppet_config'] { + source => [ "puppet:///modules/site_puppet/client/${::fqdn}/puppet.conf", + "puppet:///modules/site_puppet/client/puppet.conf.${::operatingsystem}", + 'puppet:///modules/site_puppet/client/puppet.conf', + "puppet:///modules/puppet/client/${puppet_majorversion}/puppet.conf.${::operatingsystem}", + "puppet:///modules/puppet/client/${puppet_majorversion}/puppet.conf", + "puppet:///modules/puppet/client/puppet.conf.${::operatingsystem}", + 'puppet:///modules/puppet/client/puppet.conf' ] + } } service { 'puppet': - ensure => running, - enable => true, - hasstatus => true, - hasrestart => true, + ensure => running, + enable => true, + hasstatus => true, + hasrestart => true, } } diff --git a/manifests/base/master.pp b/manifests/base/master.pp new file mode 100644 index 0000000..09c9b62 --- /dev/null +++ b/manifests/base/master.pp @@ -0,0 +1,6 @@ +class puppet::base::master inherits puppet::base { + File[puppet_config]{ + source => [ "puppet:///modules/site_puppet/master/puppet.conf", + "puppet:///modules/puppet/master/puppet.conf" ], + } +} diff --git a/manifests/centos.pp b/manifests/centos.pp index d98f422..547b064 100644 --- a/manifests/centos.pp +++ b/manifests/centos.pp @@ -1,8 +1,8 @@ class puppet::centos inherits puppet::linux { file { '/etc/sysconfig/puppet': - source => [ "puppet:///modules/site_puppet/sysconfig/${fqdn}/puppet", - "puppet:///modules/site_puppet/sysconfig/${domain}/puppet", + source => [ "puppet:///modules/site_puppet/sysconfig/${::fqdn}/puppet", + "puppet:///modules/site_puppet/sysconfig/${::domain}/puppet", "puppet:///modules/site_puppet/sysconfig/puppet", "puppet:///modules/puppet/sysconfig/puppet" ], notify => Service[puppet], diff --git a/manifests/cron.pp b/manifests/cron.pp index 8cb4644..9a8e777 100644 --- a/manifests/cron.pp +++ b/manifests/cron.pp @@ -1,10 +1,32 @@ -class puppet::cron inherits puppet { - case $operatingsystem { - debian,ubuntu: { include puppet::cron::linux } +# run puppet agent as cron +class puppet::cron( + $cron_time, + $stop_service = true, + $config = '/etc/puppet/puppet.conf', + $config_content = false, + $http_compression = 'puppet_http_compression', + $cleanup_clientbucket = false, + $ensure_version = 'installed', + $ensure_facter_version = 'installed', + $shorewall_puppetmaster = false, + $shorewall_puppetmaster_port = '8140', + $shorewall_puppetmaster_signport = '8141' +) { + class{'puppet': + config => $config, + config_content => $config_content, + http_compression => $http_compression, + cleanup_clientbucket => $cleanup_clientbucket, + ensure_version => $ensure_version, + ensure_facter_version => $ensure_facter_version, + shorewall_puppetmaster => $shorewall_puppetmaster, + shorewall_puppetmaster_port => $shorewall_puppetmaster_port, + shorewall_puppetmaster_signport => $shorewall_puppetmaster_signport, + } + case $::operatingsystem { openbsd: { include puppet::cron::openbsd } - freebsd: { include puppet::cron::freebsd } default: { - case $kernel { + case $::kernel { linux: { include puppet::cron::linux } default: { include puppet::cron::base } } diff --git a/manifests/cron/base.pp b/manifests/cron/base.pp index 5c7a708..82483df 100644 --- a/manifests/cron/base.pp +++ b/manifests/cron/base.pp @@ -1,32 +1,47 @@ # manifests/cron/base.pp class puppet::cron::base inherits puppet::base { - + + case $::operatingsystem { + openbsd: { $stop_service = false } + default: { $stop_service = true } + } + + if !$puppet::cron::cron_time { + $crontime_interval_minute = fqdn_rand(29) + $crontime_interval_minute2 = inline_template("<%= 30+scope.lookupvar('puppet::cron::cron_time').to_i %>") + $crontime = "${crontime_interval_minute},${crontime_interval_minute2} * * * *" + } else { + $crontime = $puppet::cron::cron_time + } + + if $puppet::http_compression { + $http_compression_str = '--http_compression' + } else { + $http_compression_str = '' + } + Service['puppet']{ enable => false, } - case $operatingsystem { - openbsd: { - #it's already disabled - } - default: { - $puppet_majorversion = regsubst($puppetversion,'^(\d+\.\d+).*$','\1') - if $puppet_majorversion >= '2.6' { - Service['puppet']{ - ensure => stopped, - } - } else { - Service['puppet']{ - hasstatus => false, - pattern => 'puppetd', - } - # this works only on < 2.6 - exec { 'stop_puppet': - command => 'kill `cat /var/run/puppet/puppetd.pid`', - onlyif => 'test -f /var/run/puppet/puppetd.pid', - require => Service['puppet'], - } + if $puppet::cron::stop_service == true { + $puppet_majorversion = regsubst($::puppetversion,'^(\d+\.\d+).*$','\1') + if $puppet_majorversion != '0.25' { + Service['puppet']{ + ensure => stopped, + } + } else { + Service['puppet']{ + hasstatus => false, + pattern => 'puppetd', + } + # this works only on < 2.6 + exec { 'stop_puppet': + command => 'kill `cat /var/run/puppet/puppetd.pid`', + onlyif => 'test -f /var/run/puppet/puppetd.pid', + require => Service['puppet'], } } } } + diff --git a/manifests/cron/linux.pp b/manifests/cron/linux.pp index d0d0e92..3742d48 100644 --- a/manifests/cron/linux.pp +++ b/manifests/cron/linux.pp @@ -1,25 +1,11 @@ +# manifests/cron/linux.pp class puppet::cron::linux inherits puppet::linux { include puppet::cron::base - if !$puppet_config { $puppet_config = '/etc/puppet/puppet.conf' } - if $::puppet_http_compression { - $puppet_http_compression_str = '--http_compression' - } - - - if !$puppet_crontime { - $puppet_crontime_interval_minute = fqdn_rand(29) - $puppet_crontime_interval_minute2 = inline_template('<%= 30+puppet_crontime_interval_minute.to_i %>') - $puppet_crontime = "${puppet_crontime_interval_minute},${puppet_crontime_interval_minute2} * * * *" - } - - include ::cron File['/etc/cron.d/puppetd']{ - source => undef, - content => "#run puppet\n${puppet_crontime} root output=\$(/usr/bin/puppet agent --onetime --no-daemonize --splay --config=/etc/puppet/puppet.conf --color false); ret=\$?; printf \"\\%s\" \"\$output\" | grep -E '(^err:|^alert:|^emerg:|^crit:)'; exit \$ret\n", - before => Service['puppet'], - ensure => present, - notify => Service['cron'] + source => undef, + content => "#run puppet\n${puppet::cron::base::crontime} root output=\$(/usr/bin/puppet agent --onetime --no-daemonize --splay --config=/etc/puppet/puppet.conf --color false ${puppet::cron::base::http_compression_str}); ret=\$?; printf \"\\%s\" \"\$output\" | grep -E '(^err:|^alert:|^emerg:|^crit:)'; exit \$ret\n", + before => Service['puppet'], } } diff --git a/manifests/cron/openbsd.pp b/manifests/cron/openbsd.pp index 084b022..0e4a813 100644 --- a/manifests/cron/openbsd.pp +++ b/manifests/cron/openbsd.pp @@ -1,32 +1,24 @@ class puppet::cron::openbsd inherits puppet::openbsd { - include puppet::cron::base - if !$puppet_config { $puppet_config = '/etc/puppet/puppet.conf' } - if $puppet_http_compression { $puppet_http_compression_str = '--http_compression' } - - if !$puppet_crontime { - $puppet_crontime_interval_minute = fqdn_rand(29) - $puppet_crontime_interval_minute2 = inline_template('<%= 30+puppet_crontime_interval_minute.to_i %>') - $puppet_crontime = "${puppet_crontime_interval_minute},${puppet_crontime_interval_minute2} * * * *" - } + include puppet::cron::base Openbsd::Rc_local['puppetd']{ ensure => 'absent', } Cron['puppetd_check']{ - ensure => absent, + ensure => absent, } Cron['puppetd_restart']{ - ensure => absent, + ensure => absent, } cron { 'puppetd_run': - command => "/usr/local/bin/puppet agent --onetime --no-daemonize --config=$puppet_config --color false $puppet_http_compression_str | grep -E '(^err:|^alert:|^emerg:|^crit:)'", + command => "/usr/local/bin/puppet agent --onetime --no-daemonize --config=$puppet::config --color false ${puppet::cron::base::http_compression_str} | grep -E '(^err:|^alert:|^emerg:|^crit:)'", user => 'root', - minute => split(regsubst($puppet_crontime,'^([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+)$','\1'),','), - hour => split(regsubst($puppet_crontime,'^([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+)$','\2'),','), - weekday => split(regsubst($puppet_crontime,'^([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+)$','\3'),','), - month => split(regsubst($puppet_crontime,'^([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+)$','\4'),','), - monthday => split(regsubst($puppet_crontime,'^([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+)$','\5'),',') + minute => split(regsubst($puppet::cron::base::crontime,'^([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+)$','\1'),','), + hour => split(regsubst($puppet::cron::base::crontime,'^([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+)$','\2'),','), + weekday => split(regsubst($puppet::cron::base::crontime,'^([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+)$','\3'),','), + month => split(regsubst($puppet::cron::base::crontime,'^([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+)$','\4'),','), + monthday => split(regsubst($puppet::cron::base::crontime,'^([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+) ([\d,\-,*,/,\,]+)$','\5'),',') } } diff --git a/manifests/debian.pp b/manifests/debian.pp index e24a1bc..2ad54ed 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -1,33 +1,24 @@ +# debian specific things class puppet::debian inherits puppet::linux { file { '/etc/default/puppet': - source => [ "puppet:///modules/site_puppet/client/debian/${fqdn}/puppet", - "puppet:///modules/site_puppet/client/debian/${domain}/puppet", - "puppet:///modules/site_puppet/client/debian/puppet", - "puppet:///modules/puppet/client/debian/puppet" ], - notify => Service[puppet], - owner => root, group => 0, mode => 0644; - } - - if versioncmp($puppetversion,'2.6') >= 0 { - $real_puppet_hasstatus = true - } - else { - $real_puppet_hasstatus = false - } - - Service[puppet]{ - hasstatus => $real_puppet_hasstatus, + source => ["puppet:///modules/site_puppet/client/debian/${::fqdn}/puppet", + "puppet:///modules/site_puppet/client/debian/${::domain}/puppet", + 'puppet:///modules/site_puppet/client/debian/puppet', + 'puppet:///modules/puppet/client/debian/puppet' ], + notify => Service[puppet], + owner => root, + group => 0, + mode => '0644'; } - if !$puppet_ensure_version { $puppet_ensure_version = 'installed' } package{ 'puppet-common': - ensure => $puppet_ensure_version, + ensure => $puppet::ensure_version, } Package['puppet']{ require => Package['puppet-common'] - } + } } diff --git a/manifests/init.pp b/manifests/init.pp index 1943400..0667ba6 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -12,25 +12,26 @@ # Marcel Haerry haerry+puppet(at)puzzle.ch # Simon Josi josi+puppet(at)puzzle.ch # -# This program is free software; you can redistribute -# it and/or modify it under the terms of the GNU -# General Public License version 3 as published by +# This program is free software; you can redistribute +# it and/or modify it under the terms of the GNU +# General Public License version 3 as published by # the Free Software Foundation. # - -class puppet { - $default_config_dir = $operatingsystem ? { - freebsd => "/usr/local/etc/puppet", - default => "/etc/puppet", - } - - $puppet_default_config = "$default_config_dir/puppet.conf" - - if $puppet_config == '' { $puppet_config = $puppet_default_config } - - case $kernel { +# Manage the puppet client +class puppet( + $config = '/etc/puppet/puppet.conf', + $config_content = false, + $http_compression = false, + $cleanup_clientbucket = false, + $ensure_version = 'installed', + $ensure_facter_version = 'installed', + $shorewall_puppetmaster = false, + $shorewall_puppetmaster_port = 8140, + $shorewall_puppetmaster_signport = 8141 +){ + case $::kernel { linux: { - case $operatingsystem { + case $::operatingsystem { gentoo: { include puppet::gentoo } centos: { include puppet::centos } debian,ubuntu: { include puppet::debian } @@ -38,11 +39,14 @@ class puppet { } } openbsd: { include puppet::openbsd } - freebsd: { include puppet::freebsd } default: { include puppet::base } } - if $use_shorewall { - include shorewall::rules::out::puppet + if $shorewall_puppetmaster { + class{'shorewall::rules::out::puppet': + puppetserver => $shorewall_puppetmaster, + puppetserver_port => $shorewall_puppetmaster_port, + puppetserver_signport => $shorewall_puppetmaster_signport, + } } } diff --git a/manifests/linux.pp b/manifests/linux.pp index e752788..7bf3331 100644 --- a/manifests/linux.pp +++ b/manifests/linux.pp @@ -1,13 +1,12 @@ +# puppet on linux class puppet::linux inherits puppet::base { - if !$puppet_ensure_version { $puppet_ensure_version = 'installed' } package { 'puppet': - ensure => $puppet_ensure_version, + ensure => $puppet::ensure_version, } - if !$facter_ensure_version { $facter_ensure_version = 'installed' } package { 'facter': - ensure => $facter_ensure_version, + ensure => $puppet::ensure_facter_version, } Service['puppet']{ @@ -15,10 +14,11 @@ class puppet::linux inherits puppet::base { } file { '/etc/cron.d/puppetd': - ensure => absent - } - # For backwards compatibility, remove this so that the cron is not duplicated - file { '/etc/cron.d/puppetd.cron': - ensure => absent + source => ['puppet:///modules/site_puppet/cron.d/puppetd', + "puppet:///modules/puppet/cron.d/puppetd.${::operatingsystem}", + 'puppet:///modules/puppet/cron.d/puppetd' ], + owner => root, + group => 0, + mode => '0644', } } diff --git a/manifests/master.pp b/manifests/master.pp new file mode 100644 index 0000000..efff8e9 --- /dev/null +++ b/manifests/master.pp @@ -0,0 +1,83 @@ +# manifests/puppetmaster.pp +class puppet::master( + $config = '/etc/puppet/puppet.conf', + $config_content = false, + $fileserver = '/etc/puppet/fileserver.conf', + $http_compression = false, + $cleanup_clientbucket = false, + $cron_time = false, + $ensure_version = 'installed', + $ensure_facter_version = 'installed', + $lastruncheck_cron = '40 10 * * *', + $lastruncheck_ignorehosts = '', + $lastruncheck_timeout = '', + $lastruncheck_additionaloptions = '', + $mode = 'webrick', + $cleanup_reports = '30', + $reports_dir = '/var/lib/puppet/reports', + $shorewall_puppetmaster = "domain.${::domain}", + $shorewall_puppetmaster_port = 8140, + $shorewall_puppetmaster_signport = 8141, + $manage_munin = false +) { + if $cron_time { + class{'puppet::cron': + config => $config, + config_content => $config_content, + http_compression => $http_compression, + cleanup_clientbucket => $cleanup_clientbucket, + cron_time => $cron_time, + ensure_version => $ensure_version, + ensure_facter_version => $ensure_facter_version, + shorewall_puppetmaster => $shorewall_puppetmaster, + shorewall_puppetmaster_port => $shorewall_puppetmaster_port, + shorewall_puppetmaster_signport => $shorewall_puppetmaster_signport, + } + } else { + class{'puppet': + config => $config, + http_compression => $http_compression, + cleanup_clientbucket => $cleanup_clientbucket, + ensure_version => $ensure_version, + ensure_facter_version => $ensure_facter_version, + } + } + case $::operatingsystem { + debian: { include puppet::master::debian } + centos: { include puppet::master::centos } + default: { + case $::kernel { + linux: { include puppet::master::linux } + } + } + } + + include puppet::master::base + + + if $puppet::master::lastruncheck_cron { + include puppet::master::checklastrun + } else { + include puppet::master::checklastrun::disable + } + + if $puppet::master::mode == 'passenger' { + include puppet::master::passenger + } elsif $puppet::master::mode == 'cluster' { + include puppet::master::cluster + } + + if $puppet::master::cleanup_reports { + include puppet::master::cleanup_reports + } else { + include puppet::master::cleanup_reports::disable + } + + if $shorewall_puppetmaster { + include shorewall::rules::puppet::master + } + + if $manage_munin { + include puppet::master::munin + } +} diff --git a/manifests/master/base.pp b/manifests/master/base.pp new file mode 100644 index 0000000..4931264 --- /dev/null +++ b/manifests/master/base.pp @@ -0,0 +1,42 @@ +# overwrite a few things for the master +class puppet::master::base inherits puppet::base { + + file { $puppet::master::fileserver: + source => ["puppet:///modules/site_puppet/master/${::fqdn}/fileserver.conf", + 'puppet:///modules/site_puppet/master/fileserver.conf', + 'puppet:///modules/puppet/master/fileserver.conf' ], + owner => root, + group => puppet, + mode => '0640'; + } + + if !$puppet::master::config_content { + File['puppet_config']{ + source => [ "puppet:///modules/site_puppet/master/${::fqdn}/puppet.conf", + 'puppet:///modules/site_puppet/master/puppet.conf', + 'puppet:///modules/puppet/master/puppet.conf' ] + } + } + + if $puppet::master::storeconfigs { + include puppet::master::storeconfigs + } + + + if $puppet::master::mode == 'passenger' { + include puppet::master::passenger + File[$puppet::master::fileserver]{ + notify => Exec['notify_passenger_puppetmaster'], + } + File[puppet_config]{ + notify => Exec['notify_passenger_puppetmaster'], + } + } else { + File[$puppet::master::fileserver]{ + notify => Service[puppetmaster], + } + File[puppet_config]{ + notify => Service[puppetmaster], + } + } +} diff --git a/manifests/master/centos.pp b/manifests/master/centos.pp new file mode 100644 index 0000000..b684174 --- /dev/null +++ b/manifests/master/centos.pp @@ -0,0 +1,17 @@ +# manifests/puppetmaster/centos.pp +class puppet::master::centos inherits puppet::master::package { + file { '/etc/sysconfig/puppetmaster': + source => [ "puppet:///modules/site_puppet/sysconfig/${::fqdn}/puppetmaster", + "puppet:///modules/site_puppet/sysconfig/${::domain}/puppetmaster", + 'puppet:///modules/site_puppet/sysconfig/puppetmaster', + 'puppet:///modules/puppet/sysconfig/puppetmaster' ], + owner => root, + group => 0, + mode => '0644'; + } + if $puppet::master::mode != 'passenger' { + File['/etc/sysconfig/puppetmaster']{ + notify => Service[puppetmaster], + } + } +} diff --git a/manifests/master/checklastrun.pp b/manifests/master/checklastrun.pp new file mode 100644 index 0000000..2544acc --- /dev/null +++ b/manifests/master/checklastrun.pp @@ -0,0 +1,29 @@ +# check for last run +class puppet::master::checklastrun { + + $puppet_lastruncheck_ignorehosts_str = $puppet::master::lastruncheck_ignorehosts ? { + '' => '', + undef => '', + default => "--ignore-hosts ${puppet::master::lastruncheck_ignorehosts}" + } + + $puppet_lastruncheck_timeout_str = $puppet::master::lastruncheck_timeout ? { + '' => '', + undef => '', + default => "--timeout ${puppet::master::lastruncheck_timeout}" + } + + file{ + '/usr/local/sbin/puppetlast': + source => 'puppet:///modules/puppet/master/lastruncheck', + owner => root, + group => 0, + mode => '0700'; + '/etc/cron.d/puppetlast': + content => "${puppet::master::lastruncheck_cron} root /usr/local/sbin/puppetlast ${puppet_lastruncheck_timeout_str} ${puppet_lastruncheck_ignorehosts_str} ${puppet::master::lastruncheck_additionaloptions} | grep -Ev '^OK: '\n", + require => File['/usr/local/sbin/puppetlast'], + owner => root, + group => 0, + mode => '0644'; + } +} diff --git a/manifests/puppetmaster/checklastrun/disable.pp b/manifests/master/checklastrun/disable.pp index 8559280..e5a7198 100644 --- a/manifests/puppetmaster/checklastrun/disable.pp +++ b/manifests/master/checklastrun/disable.pp @@ -1,4 +1,5 @@ -class puppet::puppetmaster::checklastrun::disable inherits puppet::puppetmaster::checklastrun { +# disable the check +class puppet::master::checklastrun::disable inherits puppet::master::checklastrun { File['/usr/local/sbin/puppetlast']{ source => undef, diff --git a/manifests/master/cleanup_reports.pp b/manifests/master/cleanup_reports.pp new file mode 100644 index 0000000..98cb81a --- /dev/null +++ b/manifests/master/cleanup_reports.pp @@ -0,0 +1,7 @@ +class puppet::master::cleanup_reports { + # clean up reports older than $puppetmaster_cleanup_reports days + file { '/etc/cron.daily/puppet_reports_cleanup.sh': + content => "#!/bin/bash\nfind ${puppet::master::reports_dir} -maxdepth 2 -type f -ctime +${puppet::master::cleanup_reports} -exec rm {} \\;\n", + owner => root, group => 0, mode => 0700; + } +} diff --git a/manifests/master/cleanup_reports/disable.pp b/manifests/master/cleanup_reports/disable.pp new file mode 100644 index 0000000..e93e72a --- /dev/null +++ b/manifests/master/cleanup_reports/disable.pp @@ -0,0 +1,6 @@ +class puppet::master::cleanup_reports::disable inherits puppet::master::cleanup_reports { + + File['/etc/cron.daily/puppet_reports_cleanup.sh']{ + ensure => absent, + } +} diff --git a/manifests/master/cluster.pp b/manifests/master/cluster.pp new file mode 100644 index 0000000..d6aa4fd --- /dev/null +++ b/manifests/master/cluster.pp @@ -0,0 +1,5 @@ +class puppet::master::cluster inherits puppet::master { + + include puppet::master::cluster::base + +} diff --git a/manifests/puppetmaster/cluster/base.pp b/manifests/master/cluster/base.pp index 8c90153..cad0d7d 100644 --- a/manifests/puppetmaster/cluster/base.pp +++ b/manifests/master/cluster/base.pp @@ -1,7 +1,7 @@ -class puppet::puppetmaster::cluster::base inherits puppet::puppetmaster::base { +class puppet::master::cluster::base inherits puppet::master::base { include mongrel, nginx - + File[puppet_config] { require +> [ Package[mongrel], Package[nginx], File[nginx_config] ], } diff --git a/manifests/master/dashboard.pp b/manifests/master/dashboard.pp new file mode 100644 index 0000000..4cbee12 --- /dev/null +++ b/manifests/master/dashboard.pp @@ -0,0 +1,72 @@ +# simple installation of a puppet dashboard +class puppet::master::dashboard( + $settings = {}, + $service = true, + $mysql_host = '127.0.0.1', + $mysql_password, +) { + + package{'puppet-dashboard': + ensure => installed, + } + + if $mysql_host == '127.0.0.1' { + mysql::default_database{ + 'dashboard': + password => mysql_password($mysql_password), + host => '127.0.0.1', + require => Package['puppet-dashboard'], + before => File['/usr/share/puppet-dashboard/config/database.yml'], + } + } + + file{ + '/usr/share/puppet-dashboard/config/database.yml': + content => template('puppet/master/dashboard/database.yml.erb'), + owner => root, + group => 'puppet-dashboard', + mode => '0640', + require => Package['puppet-dashboard']; + '/usr/share/puppet-dashboard/config/settings.yml': + content => template('puppet/master/dashboard/settings.yml.erb'), + owner => root, + group => 'puppet-dashboard', + mode => '0640'; + } ~> exec{ + 'rake RAILS_ENV=production db:migrate': + cwd => '/usr/share/puppet-dashboard', + user => 'puppet-dashboard', + refreshonly => true; + } -> service{ + 'puppet-dashboard-workers': + ensure => running, + enable => true; + } + + file{'/etc/cron.daily/puppet-dashboard_cleanup': + content => "#/bin/bash +cd /usr/share/puppet-dashboard +su - puppet-dashboard -s /bin/bash -c 'RAILS_ENV=production /usr/bin/rake reports:prune upto=1 unit=mon >> /usr/share/puppet-dashboard/log/cron.log' +su - puppet-dashboard -s /bin/bash -c 'RAILS_ENV=production /usr/bin/rake reports:prune:orphaned >> /usr/share/puppet-dashboard/log/cron.log' +su - puppet-dashboard -s /bin/bash -c 'RAILS_ENV=production /usr/bin/rake db:raw:optimize >> /usr/share/puppet-dashboard/log/cron.log'\n", + owner => 'root', + group => 0, + mode => '0755', + require => Service['puppet-dashboard-workers']; + } + + service{'puppet-dashboard': } + if $service { + Service['puppet-dashboard']{ + ensure => running, + enable => true, + subscribe => File['/usr/share/puppet-dashboard/config/database.yml', + '/usr/share/puppet-dashboard/config/settings.yml'], + } + } else { + Service['puppet-dashboard']{ + ensure => stopped, + enable => false, + } + } +} diff --git a/manifests/master/debian.pp b/manifests/master/debian.pp new file mode 100644 index 0000000..5748683 --- /dev/null +++ b/manifests/master/debian.pp @@ -0,0 +1,18 @@ +# debian master +class puppet::master::debian inherits puppet::master::package { + + if $puppet::master::mode != 'passenger' { + Service['puppetmaster'] { hasstatus => true, hasrestart => true } + } + + file { '/etc/default/puppetmaster': + source => ["puppet:///modules/site_puppet/master/debian/${::fqdn}/puppetmaster", + "puppet:///modules/site_puppet/master/debian/${::domain}/puppetmaster", + 'puppet:///modules/site_puppet/master/debian/puppetmaster', + 'puppet:///modules/puppet/master/debian/puppetmaster' ], + notify => Service[puppetmaster], + owner => root, + group => 0, + mode => '0644'; + } +} diff --git a/manifests/master/hasdb.pp b/manifests/master/hasdb.pp new file mode 100644 index 0000000..66aeb62 --- /dev/null +++ b/manifests/master/hasdb.pp @@ -0,0 +1,17 @@ +define puppet::master::hasdb ( + $dbtype = 'mysql', + $dbname = 'puppet', + $dbhost = 'localhost', + # this is needed due to the collection of the databases + $dbhostfqdn = $::fqdn, + $dbuser = 'puppet', + $dbpwd = false, + $dbconnectinghost = 'locahost' +) { + + if !$dbpwd { fail('No $puppet_master_storeconfig_password is set, please pass it the master class') } + + case $dbtype { + 'mysql': { puppet::master::hasdb::mysql{$name: dbname => $dbname, dbhost => $dbhost, dbuser => $dbuser, dbpwd => $dbpwd, } } + } +} diff --git a/manifests/puppetmaster/hasdb/mysql.pp b/manifests/master/hasdb/mysql.pp index 1ed122a..5f4985a 100644 --- a/manifests/puppetmaster/hasdb/mysql.pp +++ b/manifests/master/hasdb/mysql.pp @@ -1,8 +1,8 @@ # don't use this define use the general interface -define puppet::puppetmaster::hasdb::mysql ( +define puppet::master::hasdb::mysql ( $dbname = 'puppet', $dbhost = 'localhost', - $dbhostfqdn = "${fqdn}", + $dbhostfqdn = $::fqdn, $dbuser = 'puppet', $dbpwd, $dbconnectinghost = 'localhost' ) @@ -23,7 +23,7 @@ define puppet::puppetmaster::hasdb::mysql ( tag => "mysql_${dbhostfqdn}", } - if $use_munin { + if $puppet::master::manage_munin { munin::plugin::deploy { 'puppetresources': source => "puppet/munin/puppetresources.mysql", config => "env.mysqlopts --user=$dbuser --password=$dbpwd -h $dbhost\nenv.puppetdb $dbname", diff --git a/manifests/master/hiera.pp b/manifests/master/hiera.pp new file mode 100644 index 0000000..1fe5f24 --- /dev/null +++ b/manifests/master/hiera.pp @@ -0,0 +1,12 @@ +# manage hiera file +class puppet::master::hiera { + if versioncmp($::puppetversion,'3.0') < 0 { + require rubygems::hiera_puppet + } + file{"${settings::confdir}/hiera.yaml": + source => 'puppet:///modules/site_puppet/master/hiera.yaml', + owner => root, + group => puppet, + mode => '0640'; + } +} diff --git a/manifests/master/linux.pp b/manifests/master/linux.pp new file mode 100644 index 0000000..e52db63 --- /dev/null +++ b/manifests/master/linux.pp @@ -0,0 +1,18 @@ +class puppet::master::linux inherits puppet::linux { + + if $puppet::master::mode == 'passenger' { + exec { 'notify_passenger_puppetmaster': + refreshonly => true, + command => 'touch /etc/puppet/rack/tmp/restart.txt && sleep 1 && rm /etc/puppet/rack/tmp/restart.txt', + } + } else { + service { 'puppetmaster': + ensure => running, + enable => true, + require => [ Package[puppet] ], + } + Service[puppet]{ + require +> Service[puppetmaster], + } + } +} diff --git a/manifests/master/munin.pp b/manifests/master/munin.pp new file mode 100644 index 0000000..ca6fddc --- /dev/null +++ b/manifests/master/munin.pp @@ -0,0 +1,13 @@ +# deploy puppet munin plugin +class puppet::master::munin { + munin::plugin::deploy{'puppet_': + ensure => absent, + source => 'puppet/munin/puppet_'; + } + munin::plugin{ + ['puppet_clients','puppet_mem']: + ensure => 'puppet_', + require => Munin::Plugin::Deploy['puppet_'], + config => 'user root'; + } +} diff --git a/manifests/master/package.pp b/manifests/master/package.pp new file mode 100644 index 0000000..03d8de6 --- /dev/null +++ b/manifests/master/package.pp @@ -0,0 +1,9 @@ +# manifests/puppetmaster/package.pp + +class puppet::master::package inherits puppet::master::linux { + case $::operatingsystem { + centos: { include puppet::master::package::centos } + debian: { include puppet::master::package::debian } + default: { include puppet::master::package::base } + } +} diff --git a/manifests/master/package/base.pp b/manifests/master/package/base.pp new file mode 100644 index 0000000..2851747 --- /dev/null +++ b/manifests/master/package/base.pp @@ -0,0 +1,12 @@ +class puppet::master::package::base inherits puppet::master::package { + + package { 'puppetmaster': + ensure => $puppet::ensure_version, + } + + if $puppet::master::mode != 'passenger' { + Service['puppetmaster']{ + require +> Package['puppetmaster'], + } + } +} diff --git a/manifests/puppetmaster/package/centos.pp b/manifests/master/package/centos.pp index 43361fd..63adc64 100644 --- a/manifests/puppetmaster/package/centos.pp +++ b/manifests/master/package/centos.pp @@ -1,4 +1,4 @@ -class puppet::puppetmaster::package::centos inherits puppet::puppetmaster::package::base { +class puppet::master::package::centos inherits puppet::master::package::base { Package['puppetmaster']{ name => 'puppet-server', diff --git a/manifests/master/package/debian.pp b/manifests/master/package/debian.pp new file mode 100644 index 0000000..0cb351c --- /dev/null +++ b/manifests/master/package/debian.pp @@ -0,0 +1,10 @@ +class puppet::master::package::debian inherits puppet::master::package::base { + + package { 'puppetmaster-common': + ensure => present, + } + + Package['puppetmaster']{ + require => Package['puppetmaster-common'] + } +} diff --git a/manifests/master/passenger.pp b/manifests/master/passenger.pp new file mode 100644 index 0000000..cf90b1d --- /dev/null +++ b/manifests/master/passenger.pp @@ -0,0 +1,26 @@ +# class to use passenger for serving puppetmaster +class puppet::master::passenger inherits puppet::master { + + include ::passenger + + # A reference configuration is available at : + # http://github.com/reductivelabs/puppet/tree/master/ext/rack + file { + ['/etc/puppet/rack', '/etc/puppet/rack/public' ]: + ensure => directory, + owner => root, + group => 0, + mode => '0755'; + '/etc/puppet/rack/tmp': + ensure => directory, + owner => puppet, + group => 0, + mode => '0750'; + '/etc/puppet/rack/config.ru': + source => ['puppet:///modules/site_puppet/master/config.ru', + 'puppet:///modules/puppet/master/config.ru' ], + owner => puppet, + group => 0, + mode => '0644'; + } +} diff --git a/manifests/puppetmaster/storeconfigs.pp b/manifests/master/storeconfigs.pp index 63c1191..e3ba6fb 100644 --- a/manifests/puppetmaster/storeconfigs.pp +++ b/manifests/master/storeconfigs.pp @@ -1,7 +1,7 @@ # This class sets up the necessary ActiveRecord bits # so storeconfigs works. -class puppet::puppetmaster::storeconfigs { +class puppet::master::storeconfigs { include rails include mysql::server include mysql::client::ruby diff --git a/manifests/openbsd.pp b/manifests/openbsd.pp index 1df5a9e..7ef6d28 100644 --- a/manifests/openbsd.pp +++ b/manifests/openbsd.pp @@ -8,9 +8,9 @@ class puppet::openbsd inherits puppet::base { restart => '/bin/kill -HUP `/bin/cat /var/run/puppet/agent.pid`', stop => '/bin/kill `/bin/cat /var/run/puppet/agent.pid`', start => '/usr/local/bin/puppet agent', - hasstatus => false, + status => '/bin/test -f /var/run/puppet/agent.pid && /bin/ps aux -p `/bin/cat /var/run/puppet/agent.pid` > /dev/null', + hasstatus => true, hasrestart => false, - pattern => 'puppet agent', } openbsd::rc_local { 'puppetd': diff --git a/manifests/puppetmaster.pp b/manifests/puppetmaster.pp deleted file mode 100644 index 3e8711c..0000000 --- a/manifests/puppetmaster.pp +++ /dev/null @@ -1,49 +0,0 @@ -# manifests/puppetmaster.pp -class puppet::puppetmaster inherits puppet { - case $operatingsystem { - debian: { include puppet::puppetmaster::debian } - centos: { include puppet::puppetmaster::centos } - default: { - case $kernel { - linux: { include puppet::puppetmaster::linux } - } - } - } - - include puppet::puppetmaster::base - - - case $puppetmaster_lastruncheck_cron { - '',undef: { $puppetmaster_lastruncheck_cron = '40 10 * * *' } - } - - if $puppetmaster_lastruncheck_cron { - include puppet::puppetmaster::checklastrun - } else { - include puppet::puppetmaster::checklastrun::disable - } - - if $puppetmaster_mode == 'passenger' { - include puppet::puppetmaster::passenger - } elsif $puppetmaster_mode == 'cluster' { - include puppet::puppetmaster::cluster - } - - case $puppetmaster_cleanup_reports { - '': { $puppetmaster_cleanup_reports = '30' } - } - - if $puppetmaster_cleanup_reports { - include puppet::puppetmaster::cleanup_reports - } else { - include puppet::puppetmaster::cleanup_reports::disable - } - - if $use_shorewall { - include shorewall::rules::puppet::master - } - - if $use_munin { - include puppet::puppetmaster::munin - } -} diff --git a/manifests/puppetmaster/base.pp b/manifests/puppetmaster/base.pp deleted file mode 100644 index a313ff2..0000000 --- a/manifests/puppetmaster/base.pp +++ /dev/null @@ -1,41 +0,0 @@ -class puppet::puppetmaster::base inherits puppet::base { - - File[puppet_config]{ - source => [ - "puppet:///modules/site_puppet/master/${fqdn}/puppet.conf", - "puppet:///modules/site_puppet/master/puppet.conf", - "puppet:///modules/puppet/master/puppet.conf", - ], - } - - if !$puppet_fileserverconfig { $puppet_fileserverconfig = "${puppet::default_config_dir}/fileserver.conf" } - - file { "$puppet_fileserverconfig": - source => [ "puppet:///modules/site_puppet/master/${fqdn}/fileserver.conf", - "puppet:///modules/site_puppet/master/fileserver.conf", - "puppet:///modules/puppet/master/fileserver.conf" ], - owner => root, group => puppet, mode => 640; - } - - if $puppetmaster_storeconfigs { - include puppet::puppetmaster::storeconfigs - } - - - if $puppetmaster_mode == 'passenger' { - include puppet::puppetmaster::passenger - File[$puppet_fileserverconfig]{ - notify => Exec['notify_passenger_puppetmaster'], - } - File[puppet_config]{ - notify => Exec['notify_passenger_puppetmaster'], - } - } else { - File[$puppet_fileserverconfig]{ - notify => Service[puppetmaster], - } - File[puppet_config]{ - notify => Service[puppetmaster], - } - } -} diff --git a/manifests/puppetmaster/centos.pp b/manifests/puppetmaster/centos.pp deleted file mode 100644 index a6f5e23..0000000 --- a/manifests/puppetmaster/centos.pp +++ /dev/null @@ -1,12 +0,0 @@ -# manifests/puppetmaster/centos.pp -class puppet::puppetmaster::centos inherits puppet::puppetmaster::package { - - file { '/etc/sysconfig/puppetmaster': - source => [ "puppet:///modules/site_puppet/sysconfig/${fqdn}/puppetmaster", - "puppet:///modules/site_puppet/sysconfig/${domain}/puppetmaster", - "puppet:///modules/site_puppet/sysconfig/puppetmaster", - "puppet:///modules/puppet/sysconfig/puppetmaster" ], - notify => Service[puppetmaster], - owner => root, group => 0, mode => 0644; - } -} diff --git a/manifests/puppetmaster/checklastrun.pp b/manifests/puppetmaster/checklastrun.pp deleted file mode 100644 index e4278c7..0000000 --- a/manifests/puppetmaster/checklastrun.pp +++ /dev/null @@ -1,36 +0,0 @@ -class puppet::puppetmaster::checklastrun { - - $puppet_lastruncheck_ignorehosts_str = $::puppet_lastruncheck_ignorehosts ? { - '' => '', - undef => '', - default => "--ignore-hosts ${::puppet_lastruncheck_ignorehosts}" - } - - $puppet_lastruncheck_timeout_str = $::puppet_lastruncheck_timeout ? { - '' => '', - undef => '', - default => "--timeout ${::puppet_lastruncheck_timeout}" - } - - include ::cron - - file{ - '/usr/local/sbin/puppetlast': - source => [ 'puppet:///modules/puppet/master/lastruncheck' ], - owner => root, - group => 0, - mode => '0700'; - - '/etc/cron.d/puppetlast': - content => "${puppetmaster_lastruncheck_cron} root output=\$(/usr/local/sbin/puppetlast ${puppet_lastruncheck_timeout_str} ${puppet_lastruncheck_ignorehosts_str} ${$puppet_lastruncheck_additionaloptions} 2>&1) || echo \"\$output\"\n", - require => File['/usr/local/sbin/puppetlast'], - owner => root, - group => 0, - mode => '0644', - notify => Service['cron']; - - # Cleanup cronjob previously installed under a buggy name. - '/etc/cron.d/puppetlast.cron': - ensure => absent; - } -} diff --git a/manifests/puppetmaster/cleanup_reports.pp b/manifests/puppetmaster/cleanup_reports.pp deleted file mode 100644 index 1f8c021..0000000 --- a/manifests/puppetmaster/cleanup_reports.pp +++ /dev/null @@ -1,8 +0,0 @@ -class puppet::puppetmaster::cleanup_reports { - case $puppetmaster_reports_dir { '',undef: { $puppetmaster_reports_dir = '/var/lib/puppet/reports' } } - # clean up reports older than $puppetmaster_cleanup_reports days - file { '/etc/cron.daily/puppet_reports_cleanup': - content => "#!/bin/bash\nfind ${puppetmaster_reports_dir} -maxdepth 2 -type f -ctime +${puppetmaster_cleanup_reports} -exec rm {} \\;\n", - owner => root, group => 0, mode => 0700; - } -} diff --git a/manifests/puppetmaster/cleanup_reports/disable.pp b/manifests/puppetmaster/cleanup_reports/disable.pp deleted file mode 100644 index 0b6da05..0000000 --- a/manifests/puppetmaster/cleanup_reports/disable.pp +++ /dev/null @@ -1,6 +0,0 @@ -class puppet::puppetmaster::cleanup_reports::disable inherits puppet::puppetmaster::cleanup_reports { - - File['/etc/cron.daily/puppet_reports_cleanup']{ - ensure => absent, - } -} diff --git a/manifests/puppetmaster/cluster.pp b/manifests/puppetmaster/cluster.pp deleted file mode 100644 index 8d635ab..0000000 --- a/manifests/puppetmaster/cluster.pp +++ /dev/null @@ -1,5 +0,0 @@ -class puppet::puppetmaster::cluster inherits puppet::puppetmaster { - - include puppet::puppetmaster::cluster::base - -} diff --git a/manifests/puppetmaster/debian.pp b/manifests/puppetmaster/debian.pp deleted file mode 100644 index 7d1626b..0000000 --- a/manifests/puppetmaster/debian.pp +++ /dev/null @@ -1,26 +0,0 @@ -class puppet::puppetmaster::debian inherits puppet::puppetmaster::linux { - - include puppet::puppetmaster::package - - if $puppetmaster_mode != 'passenger' { - if $puppet::base::puppet_majorversion >= '2.6' { - Service['puppetmaster'] { hasstatus => true, hasrestart => true } - } - } - - if $puppetmaster_mode == 'passenger' { - $puppetmaster_default_notify = 'Exec[notify_passenger_puppetmaster]' - } - - file { '/etc/default/puppetmaster': - source => [ "puppet:///modules/site_puppet/master/debian/${fqdn}/puppetmaster", - "puppet:///modules/site_puppet/master/debian/${domain}/puppetmaster", - "puppet:///modules/site_puppet/master/debian/puppetmaster", - "puppet:///modules/puppet/master/debian/puppetmaster" ], - notify => $puppetmaster_default_notify ? { - '' => Service[puppetmaster], - default => Exec['notify_passenger_puppetmaster'] - }, - owner => root, group => 0, mode => 0644; - } -} diff --git a/manifests/puppetmaster/hasdb.pp b/manifests/puppetmaster/hasdb.pp deleted file mode 100644 index 2aca0e6..0000000 --- a/manifests/puppetmaster/hasdb.pp +++ /dev/null @@ -1,17 +0,0 @@ -define puppet::puppetmaster::hasdb ( - $dbtype = 'mysql', - $dbname = 'puppet', - $dbhost = 'localhost', - # this is needed due to the collection of the databases - $dbhostfqdn = "${fqdn}", - $dbuser = 'puppet', - $dbpwd = $puppet_storeconfig_password, - $dbconnectinghost = 'locahost' ) -{ - - if !$puppet_storeconfig_password { fail("No \$puppet_storeconfig_password is set, please set it in your manifests or site.pp to add a password") } - - case $dbtype { - 'mysql': { puppet::puppetmaster::hasdb::mysql{$name: dbname => $dbname, dbhost => $dbhost, dbuser => $dbuser, dbpwd => $dbpwd, } } - } -} diff --git a/manifests/puppetmaster/linux.pp b/manifests/puppetmaster/linux.pp deleted file mode 100644 index 39ca544..0000000 --- a/manifests/puppetmaster/linux.pp +++ /dev/null @@ -1,23 +0,0 @@ -class puppet::puppetmaster::linux inherits puppet::linux { - - if $puppetmaster_mode == 'passenger' { - - require('apache::base') - - exec { 'notify_passenger_puppetmaster': - refreshonly => true, - # command => '/usr/bin/touch /etc/puppet/rack/tmp/restart.txt && sleep 1 && /bin/rm /etc/puppet/rack/tmp/restart.txt', - command => '/etc/init.d/apache2 reload', - } - - } else { - service { 'puppetmaster': - ensure => running, - enable => true, - require => [ Package[puppet] ], - } - Service[puppet]{ - require +> Service[puppetmaster], - } - } -} diff --git a/manifests/puppetmaster/munin.pp b/manifests/puppetmaster/munin.pp deleted file mode 100644 index 4500b74..0000000 --- a/manifests/puppetmaster/munin.pp +++ /dev/null @@ -1,9 +0,0 @@ -class puppet::puppetmaster::munin { - - munin::plugin::deploy { - [ 'puppetmaster_memory', 'puppet_clients' ]: - source => "puppet/munin/puppet_", - config => "user root" - } - -} diff --git a/manifests/puppetmaster/package.pp b/manifests/puppetmaster/package.pp deleted file mode 100644 index aef3121..0000000 --- a/manifests/puppetmaster/package.pp +++ /dev/null @@ -1,17 +0,0 @@ -# manifests/puppetmaster/package.pp - -class puppet::puppetmaster::package { - case $operatingsystem { - centos: { - if $puppetmaster_ensure_version { - warn('$puppetmaster_ensure_version is not supported for this operatingsystem') - } - include puppet::puppetmaster::package::centos } - debian: { include puppet::puppetmaster::package::debian } - default: { - if $puppetmaster_ensure_version { - warn('$puppetmaster_ensure_version is not supported for this operatingsystem') - } - include puppet::puppetmaster::package::base } - } -} diff --git a/manifests/puppetmaster/package/base.pp b/manifests/puppetmaster/package/base.pp deleted file mode 100644 index ba557c4..0000000 --- a/manifests/puppetmaster/package/base.pp +++ /dev/null @@ -1,14 +0,0 @@ -class puppet::puppetmaster::package::base inherits puppet::puppetmaster::linux { - - include puppet::puppetmaster::package - - package { 'puppetmaster': - ensure => present, - } - - if $puppetmaster_mode != 'passenger' { - Service['puppetmaster']{ - require +> Package['puppetmaster'], - } - } -} diff --git a/manifests/puppetmaster/package/debian.pp b/manifests/puppetmaster/package/debian.pp deleted file mode 100644 index 629d57b..0000000 --- a/manifests/puppetmaster/package/debian.pp +++ /dev/null @@ -1,5 +0,0 @@ -class puppet::puppetmaster::package::debian { - - include puppet::puppetmaster::package::base - -} diff --git a/manifests/puppetmaster/passenger.pp b/manifests/puppetmaster/passenger.pp deleted file mode 100644 index 4361412..0000000 --- a/manifests/puppetmaster/passenger.pp +++ /dev/null @@ -1,52 +0,0 @@ -# class to use passenger for serving puppetmaster - -class puppet::puppetmaster::passenger inherits puppet::puppetmaster::base { - - include ::passenger - - # A reference configuration is available at : - # http://github.com/reductivelabs/puppet/tree/master/ext/rack - - case $::operatingsystem { - debian: { - package { 'puppetmaster-passenger': ensure => installed } - file { - '/usr/share/puppet/rack/puppetmasterd/config.ru': - source => [ 'puppet:///modules/site_puppet/master/config.ru', - 'puppet:///modules/puppet/master/config.ru' ], - owner => puppet, group => 0, mode => '0644'; - } - - if !defined('apt') { - include apt - } - - $puppet_passenger_snippet = $puppetmaster_ensure_version ? { - undef => absent, - default => present, - } - - apt::preferences_snippet { - 'puppet_passenger': - ensure => $puppet_passenger_snippet, - package => 'puppet*', - pin => "version $puppetmaster_ensure_version", - priority => 2000, - notify => Exec['refresh_apt'], - before => Package['puppetmaster']; - } - } - default: { - file { - ['/etc/puppet/rack', '/etc/puppet/rack/public', '/etc/puppet/rack/tmp']: - ensure => directory, - owner => root, group => 0, mode => '0755'; - - '/etc/puppet/rack/config.ru': - source => [ 'puppet:///modules/site_puppet/master/config.ru', - 'puppet:///modules/puppet/master/config.ru' ], - owner => puppet, group => 0, mode => '0644'; - } - } - } -} diff --git a/templates/master/dashboard/database.yml.erb b/templates/master/dashboard/database.yml.erb new file mode 100644 index 0000000..5c39db5 --- /dev/null +++ b/templates/master/dashboard/database.yml.erb @@ -0,0 +1,8 @@ +production: + adapter: mysql + database: 'dashboard' + host: '<%= @mysql_host %>' + username: 'dashboard' + password: '<%= @mysql_password %>' + encoding: utf8 + diff --git a/templates/master/dashboard/settings.yml.erb b/templates/master/dashboard/settings.yml.erb new file mode 100644 index 0000000..95b79c9 --- /dev/null +++ b/templates/master/dashboard/settings.yml.erb @@ -0,0 +1,90 @@ +#===[ Settings ]========================================================= +# +# This file is meant for storing setting information that is never +# published or committed to a revision control system. +# +# Do not modify this "config/settings.yml.example" file directly -- you +# should copy it to "config/settings.yml" and customize it there. +# +#---[ Values ]---------------------------------------------------------- + +# Node name to use when contacting the puppet master. This is the +# CN that is used in Dashboard's certificate. +cn_name: 'dashboard' + +ca_crl_path: 'certs/dashboard.ca_crl.pem' + +ca_certificate_path: 'certs/dashboard.ca_cert.pem' + +certificate_path: 'certs/dashboard.cert.pem' + +private_key_path: 'certs/dashboard.private_key.pem' + +public_key_path: 'certs/dashboard.public_key.pem' + +# Hostname of the certificate authority. +ca_server: 'puppet' + +# Port for the certificate authority. +ca_port: 8140 + +# Key length for SSL certificates +key_length: 1024 + +# The "inventory service" allows you to connect to a puppet master to retrieve and node facts +enable_inventory_service: false + +# Hostname of the inventory server. +inventory_server: 'puppet' + +# Port for the inventory server. +inventory_port: 8140 + +# Set this to true to allow Dashboard to display diffs on files that +# are archived in the file bucket. +use_file_bucket_diffs: false + +# Hostname of the file bucket server. +file_bucket_server: 'puppet' + +# Port for the file bucket server. +file_bucket_port: 8140 + +# Amount of time in seconds since last report before a node is considered no longer reporting +no_longer_reporting_cutoff: <%= @settings['no_longer_reporting_cutoff'] || 3600 %> + +# How many days of history to display on the "Daily Run Status" graph +daily_run_history_length: 30 + +use_external_node_classification: true + +# Uncomment the following line to set a local time zone. Run +# "rake time:zones:local" for the name of your local time zone. +#time_zone: 'Pacific Time (US & Canada)' + +# Look at http://ruby-doc.org/core/classes/Time.html#M000298 for the strftime formatting +datetime_format: '%Y-%m-%d %H:%M %Z' +date_format: '%A, %B %e, %Y' + +# Set this to the URL of an image. The image will be scaled to the specified dimensions. +custom_logo_url: '/images/dashboard_logo.png' +custom_logo_width: 155px +custom_logo_height: 23px +custom_logo_alt_text: 'Puppet Dashboard' + +# We will be deprecating using "http://dashboard_servername/reports" as the puppet master's reporturl. +# Set this to 'true' once you have changed all your puppet masters to send reports to +# "http://dashboard_servername/reports/upload" +disable_legacy_report_upload_url: false + +# Disables the UI and controller actions for editing nodes, classes, groups and reports. Report submission is still allowed +enable_read_only_mode: <%= @settings['enable_read_only_mode'] || 'false' %> + +# Default number of items of each kind to display per page +nodes_per_page: 20 +classes_per_page: 50 +groups_per_page: 50 +reports_per_page: 20 + +#===[ fin ]============================================================= + |