bebox 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +78 -0
- data/Gemfile +3 -0
- data/Gemfile.lock +163 -0
- data/LICENSE +21 -0
- data/README.md +372 -0
- data/Rakefile +8 -0
- data/bebox.gemspec +40 -0
- data/bin/bebox +5 -0
- data/lib/bebox/cli.rb +42 -0
- data/lib/bebox/commands/commands_helper.rb +33 -0
- data/lib/bebox/commands/environment_commands.rb +46 -0
- data/lib/bebox/commands/general_commands.rb +24 -0
- data/lib/bebox/commands/node_commands.rb +68 -0
- data/lib/bebox/commands/prepare_commands.rb +59 -0
- data/lib/bebox/commands/project_commands.rb +44 -0
- data/lib/bebox/commands/provision_commands.rb +145 -0
- data/lib/bebox/environment.rb +114 -0
- data/lib/bebox/logger.rb +51 -0
- data/lib/bebox/node.rb +308 -0
- data/lib/bebox/profile.rb +102 -0
- data/lib/bebox/project.rb +259 -0
- data/lib/bebox/provision.rb +257 -0
- data/lib/bebox/role.rb +103 -0
- data/lib/bebox/version.rb +3 -0
- data/lib/bebox/wizards/environment_wizard.rb +45 -0
- data/lib/bebox/wizards/node_wizard.rb +163 -0
- data/lib/bebox/wizards/profile_wizard.rb +91 -0
- data/lib/bebox/wizards/project_wizard.rb +175 -0
- data/lib/bebox/wizards/provision_wizard.rb +80 -0
- data/lib/bebox/wizards/role_wizard.rb +97 -0
- data/lib/bebox.rb +2 -0
- data/lib/deb/puppet_3.6.0/augeas-lenses_0.10.0-0ubuntu4_all.deb +0 -0
- data/lib/deb/puppet_3.6.0/debconf-utils_1.5.42ubuntu1_all.deb +0 -0
- data/lib/deb/puppet_3.6.0/facter_2.0.1-1puppetlabs1_amd64.deb +0 -0
- data/lib/deb/puppet_3.6.0/hiera_1.3.2-1puppetlabs1_all.deb +0 -0
- data/lib/deb/puppet_3.6.0/libaugeas-ruby1.8_0.3.0-1.1ubuntu4_amd64.deb +0 -0
- data/lib/deb/puppet_3.6.0/libaugeas-ruby_0.3.0-1.1ubuntu4_all.deb +0 -0
- data/lib/deb/puppet_3.6.0/libaugeas0_0.10.0-0ubuntu4_amd64.deb +0 -0
- data/lib/deb/puppet_3.6.0/libjson-ruby_1.6.3-1_all.deb +0 -0
- data/lib/deb/puppet_3.6.0/libruby1.8_1.8.7.352-2ubuntu1.4_amd64.deb +0 -0
- data/lib/deb/puppet_3.6.0/libruby_4.8_all.deb +0 -0
- data/lib/deb/puppet_3.6.0/libshadow-ruby1.8_1.4.1-8build1_amd64.deb +0 -0
- data/lib/deb/puppet_3.6.0/puppet-common_3.6.0-1puppetlabs1_all.deb +0 -0
- data/lib/deb/puppet_3.6.0/puppet_3.6.0-1puppetlabs1_all.deb +0 -0
- data/lib/deb/puppet_3.6.0/ruby-json_1.6.3-1_amd64.deb +0 -0
- data/lib/deb/puppet_3.6.0/ruby-rgen_0.6.5-1puppetlabs1_all.deb +0 -0
- data/lib/deb/puppet_3.6.0/ruby1.8_1.8.7.352-2ubuntu1.4_amd64.deb +0 -0
- data/lib/deb/puppet_3.6.0/ruby_4.8_all.deb +0 -0
- data/lib/deb/puppet_3.6.0/virt-what_1.11-1_amd64.deb +0 -0
- data/lib/templates/node/Vagrantfile.erb +18 -0
- data/lib/templates/node/deploy_vagrant_node.erb +3 -0
- data/lib/templates/node/node.yml.erb +3 -0
- data/lib/templates/node/prepared_node.yml.erb +4 -0
- data/lib/templates/node/provisioned_node.yml.erb +4 -0
- data/lib/templates/project/Capfile.erb +2 -0
- data/lib/templates/project/Gemfile.erb +5 -0
- data/lib/templates/project/config/deploy/environment.erb +40 -0
- data/lib/templates/project/config/deploy/vagrant.erb +42 -0
- data/lib/templates/project/config/deploy.erb +120 -0
- data/lib/templates/project/dot_bebox.erb +4 -0
- data/lib/templates/project/gitignore.erb +7 -0
- data/lib/templates/project/ubuntu_dependencies +10 -0
- data/lib/templates/puppet/default_profiles/base/fundamental/ruby/Puppetfile +0 -0
- data/lib/templates/puppet/default_profiles/base/fundamental/ruby/manifests/init.pp +24 -0
- data/lib/templates/puppet/default_profiles/base/fundamental/sudo/Puppetfile +0 -0
- data/lib/templates/puppet/default_profiles/base/fundamental/sudo/manifests/init.pp +22 -0
- data/lib/templates/puppet/default_profiles/base/fundamental/users/Puppetfile +0 -0
- data/lib/templates/puppet/default_profiles/base/fundamental/users/manifests/init.pp +18 -0
- data/lib/templates/puppet/default_profiles/base/security/fail2ban/Puppetfile +2 -0
- data/lib/templates/puppet/default_profiles/base/security/fail2ban/manifests/init.pp +28 -0
- data/lib/templates/puppet/default_profiles/base/security/iptables/Puppetfile +2 -0
- data/lib/templates/puppet/default_profiles/base/security/iptables/manifests/init.pp +27 -0
- data/lib/templates/puppet/default_profiles/base/security/ssh/Puppetfile +2 -0
- data/lib/templates/puppet/default_profiles/base/security/ssh/manifests/init.pp +30 -0
- data/lib/templates/puppet/default_profiles/base/security/sysctl/Puppetfile +2 -0
- data/lib/templates/puppet/default_profiles/base/security/sysctl/manifests/init.pp +20 -0
- data/lib/templates/puppet/default_profiles/base/users/ssh/Puppetfile +2 -0
- data/lib/templates/puppet/default_profiles/base/users/ssh/manifests/init.pp +47 -0
- data/lib/templates/puppet/default_profiles/base/users/users/Puppetfile +0 -0
- data/lib/templates/puppet/default_profiles/base/users/users/manifests/init.pp +18 -0
- data/lib/templates/puppet/default_roles/fundamental/manifests/init.pp +16 -0
- data/lib/templates/puppet/default_roles/security/manifests/init.pp +17 -0
- data/lib/templates/puppet/default_roles/users/manifests/init.pp +15 -0
- data/lib/templates/puppet/profiles/Puppetfile.erb +24 -0
- data/lib/templates/puppet/profiles/manifests/init.pp.erb +17 -0
- data/lib/templates/puppet/roles/manifests/init.pp.erb +14 -0
- data/lib/templates/puppet/step-0/Puppetfile.erb +5 -0
- data/lib/templates/puppet/step-0/hiera/data/common.yaml.erb +26 -0
- data/lib/templates/puppet/step-0/hiera/data/environment.yaml.erb +26 -0
- data/lib/templates/puppet/step-0/hiera/data/node.yaml.erb +26 -0
- data/lib/templates/puppet/step-0/hiera/hiera.yaml.erb +11 -0
- data/lib/templates/puppet/step-0/manifests/node.erb +5 -0
- data/lib/templates/puppet/step-0/manifests/site.pp.erb +15 -0
- data/lib/templates/puppet/step-0/modules/rbenv/AUTHORS +11 -0
- data/lib/templates/puppet/step-0/modules/rbenv/CHANGELOG.md +70 -0
- data/lib/templates/puppet/step-0/modules/rbenv/Gemfile +8 -0
- data/lib/templates/puppet/step-0/modules/rbenv/Gemfile.lock +28 -0
- data/lib/templates/puppet/step-0/modules/rbenv/Modulefile +7 -0
- data/lib/templates/puppet/step-0/modules/rbenv/README.md +173 -0
- data/lib/templates/puppet/step-0/modules/rbenv/Rakefile +22 -0
- data/lib/templates/puppet/step-0/modules/rbenv/TODO +10 -0
- data/lib/templates/puppet/step-0/modules/rbenv/bin/autospec +16 -0
- data/lib/templates/puppet/step-0/modules/rbenv/bin/facter +16 -0
- data/lib/templates/puppet/step-0/modules/rbenv/bin/filebucket +16 -0
- data/lib/templates/puppet/step-0/modules/rbenv/bin/hiera +16 -0
- data/lib/templates/puppet/step-0/modules/rbenv/bin/htmldiff +16 -0
- data/lib/templates/puppet/step-0/modules/rbenv/bin/ldiff +16 -0
- data/lib/templates/puppet/step-0/modules/rbenv/bin/pi +16 -0
- data/lib/templates/puppet/step-0/modules/rbenv/bin/puppet +16 -0
- data/lib/templates/puppet/step-0/modules/rbenv/bin/puppet-lint +16 -0
- data/lib/templates/puppet/step-0/modules/rbenv/bin/puppet-module +16 -0
- data/lib/templates/puppet/step-0/modules/rbenv/bin/puppetca +16 -0
- data/lib/templates/puppet/step-0/modules/rbenv/bin/puppetd +16 -0
- data/lib/templates/puppet/step-0/modules/rbenv/bin/puppetdoc +16 -0
- data/lib/templates/puppet/step-0/modules/rbenv/bin/puppetmasterd +16 -0
- data/lib/templates/puppet/step-0/modules/rbenv/bin/puppetqd +16 -0
- data/lib/templates/puppet/step-0/modules/rbenv/bin/puppetrun +16 -0
- data/lib/templates/puppet/step-0/modules/rbenv/bin/rake +16 -0
- data/lib/templates/puppet/step-0/modules/rbenv/bin/ralsh +16 -0
- data/lib/templates/puppet/step-0/modules/rbenv/bin/rspec +16 -0
- data/lib/templates/puppet/step-0/modules/rbenv/bin/rspec-puppet-init +16 -0
- data/lib/templates/puppet/step-0/modules/rbenv/lib/puppet/provider/rbenvgem/default.rb +50 -0
- data/lib/templates/puppet/step-0/modules/rbenv/lib/puppet/type/rbenvgem.rb +62 -0
- data/lib/templates/puppet/step-0/modules/rbenv/manifests/bundle.pp +36 -0
- data/lib/templates/puppet/step-0/modules/rbenv/manifests/client.pp +48 -0
- data/lib/templates/puppet/step-0/modules/rbenv/manifests/compile.pp +102 -0
- data/lib/templates/puppet/step-0/modules/rbenv/manifests/definition.pp +31 -0
- data/lib/templates/puppet/step-0/modules/rbenv/manifests/dependencies/centos.pp +25 -0
- data/lib/templates/puppet/step-0/modules/rbenv/manifests/dependencies/suse.pp +28 -0
- data/lib/templates/puppet/step-0/modules/rbenv/manifests/dependencies/ubuntu.pp +17 -0
- data/lib/templates/puppet/step-0/modules/rbenv/manifests/dependencies.pp +8 -0
- data/lib/templates/puppet/step-0/modules/rbenv/manifests/gem.pp +29 -0
- data/lib/templates/puppet/step-0/modules/rbenv/manifests/install.pp +55 -0
- data/lib/templates/puppet/step-0/modules/rbenv/manifests/plugin/rbenvvars.pp +16 -0
- data/lib/templates/puppet/step-0/modules/rbenv/manifests/plugin/rubybuild.pp +16 -0
- data/lib/templates/puppet/step-0/modules/rbenv/manifests/plugin.pp +40 -0
- data/lib/templates/puppet/step-0/modules/rbenv/metadata.json +109 -0
- data/lib/templates/puppet/step-0/modules/rbenv/templates/Gemfile.erb +5 -0
- data/lib/templates/puppet/step-0/modules/rbenv/templates/dot.rbenvrc.erb +8 -0
- data/lib/templates/puppet/step-0/modules/stdlib/CHANGELOG.md +418 -0
- data/lib/templates/puppet/step-0/modules/stdlib/CONTRIBUTING.md +65 -0
- data/lib/templates/puppet/step-0/modules/stdlib/Gemfile +33 -0
- data/lib/templates/puppet/step-0/modules/stdlib/Gemfile.lock +166 -0
- data/lib/templates/puppet/step-0/modules/stdlib/LICENSE +19 -0
- data/lib/templates/puppet/step-0/modules/stdlib/Modulefile +11 -0
- data/lib/templates/puppet/step-0/modules/stdlib/README.markdown +1304 -0
- data/lib/templates/puppet/step-0/modules/stdlib/README_DEVELOPER.markdown +35 -0
- data/lib/templates/puppet/step-0/modules/stdlib/README_SPECS.markdown +7 -0
- data/lib/templates/puppet/step-0/modules/stdlib/RELEASE_PROCESS.markdown +24 -0
- data/lib/templates/puppet/step-0/modules/stdlib/Rakefile +18 -0
- data/lib/templates/puppet/step-0/modules/stdlib/checksums.json +349 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/facter/facter_dot_d.rb +202 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/facter/pe_version.rb +53 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/facter/puppet_vardir.rb +26 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/facter/root_home.rb +32 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/facter/util/puppet_settings.rb +21 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/abs.rb +36 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/any2array.rb +33 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/base64.rb +37 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/bool2num.rb +49 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/capitalize.rb +34 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/chomp.rb +35 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/chop.rb +37 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/concat.rb +41 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/count.rb +22 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/deep_merge.rb +44 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/defined_with_params.rb +35 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/delete.rb +46 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/delete_at.rb +49 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/delete_undef_values.rb +34 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/delete_values.rb +26 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/difference.rb +36 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/dirname.rb +15 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/downcase.rb +33 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/empty.rb +28 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/ensure_packages.rb +35 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/ensure_resource.rb +45 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/flatten.rb +33 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/floor.rb +25 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/fqdn_rotate.rb +46 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/get_module_path.rb +17 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/getparam.rb +35 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/getvar.rb +26 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/grep.rb +33 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/has_interface_with.rb +52 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/has_ip_address.rb +25 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/has_ip_network.rb +25 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/has_key.rb +28 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/hash.rb +41 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/intersection.rb +34 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/is_array.rb +22 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/is_bool.rb +22 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/is_domain_name.rb +50 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/is_float.rb +30 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/is_function_available.rb +26 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/is_hash.rb +22 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/is_integer.rb +45 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/is_ip_address.rb +32 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/is_mac_address.rb +27 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/is_numeric.rb +75 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/is_string.rb +26 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/join.rb +41 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/join_keys_to_values.rb +47 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/keys.rb +26 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/loadyaml.rb +20 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/lstrip.rb +33 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/max.rb +21 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/member.rb +44 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/merge.rb +34 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/min.rb +21 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/num2bool.rb +43 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/parsejson.rb +24 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/parseyaml.rb +24 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/pick.rb +29 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/pick_default.rb +35 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/prefix.rb +45 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/range.rb +88 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/reject.rb +31 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/reverse.rb +28 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/rstrip.rb +32 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/shuffle.rb +46 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/size.rb +48 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/sort.rb +27 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/squeeze.rb +36 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/str2bool.rb +46 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/str2saltedsha512.rb +32 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/strftime.rb +107 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/strip.rb +39 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/suffix.rb +45 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/swapcase.rb +39 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/time.rb +49 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/to_bytes.rb +28 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/type.rb +50 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/union.rb +34 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/unique.rb +51 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/upcase.rb +41 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/uriescape.rb +35 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/validate_absolute_path.rb +56 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/validate_array.rb +33 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/validate_augeas.rb +81 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/validate_bool.rb +34 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/validate_cmd.rb +48 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/validate_hash.rb +33 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/validate_ipv4_address.rb +48 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/validate_ipv6_address.rb +49 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/validate_re.rb +40 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/validate_slength.rb +71 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/validate_string.rb +33 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/values.rb +39 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/values_at.rb +98 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/parser/functions/zip.rb +65 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/provider/file_line/ruby.rb +83 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/type/anchor.rb +46 -0
- data/lib/templates/puppet/step-0/modules/stdlib/lib/puppet/type/file_line.rb +79 -0
- data/lib/templates/puppet/step-0/modules/stdlib/manifests/init.pp +20 -0
- data/lib/templates/puppet/step-0/modules/stdlib/manifests/stages.pp +43 -0
- data/lib/templates/puppet/step-0/modules/stdlib/metadata.json +111 -0
- data/lib/templates/puppet/step-0/modules/sudo/.fixtures.yml +5 -0
- data/lib/templates/puppet/step-0/modules/sudo/.gemfile +14 -0
- data/lib/templates/puppet/step-0/modules/sudo/.gemfile.lock +43 -0
- data/lib/templates/puppet/step-0/modules/sudo/.travis.yml +34 -0
- data/lib/templates/puppet/step-0/modules/sudo/LICENSE +13 -0
- data/lib/templates/puppet/step-0/modules/sudo/Modulefile +9 -0
- data/lib/templates/puppet/step-0/modules/sudo/README.md +171 -0
- data/lib/templates/puppet/step-0/modules/sudo/Rakefile +1 -0
- data/lib/templates/puppet/step-0/modules/sudo/files/sudoers.aix +90 -0
- data/lib/templates/puppet/step-0/modules/sudo/files/sudoers.archlinux +90 -0
- data/lib/templates/puppet/step-0/modules/sudo/files/sudoers.deb +90 -0
- data/lib/templates/puppet/step-0/modules/sudo/files/sudoers.freebsd +98 -0
- data/lib/templates/puppet/step-0/modules/sudo/files/sudoers.omnios +90 -0
- data/lib/templates/puppet/step-0/modules/sudo/files/sudoers.rhel5 +97 -0
- data/lib/templates/puppet/step-0/modules/sudo/files/sudoers.rhel6 +115 -0
- data/lib/templates/puppet/step-0/modules/sudo/files/sudoers.solaris +90 -0
- data/lib/templates/puppet/step-0/modules/sudo/files/sudoers.suse +81 -0
- data/lib/templates/puppet/step-0/modules/sudo/files/sudoers.ubuntu +30 -0
- data/lib/templates/puppet/step-0/modules/sudo/files/sudoers.wheezy +17 -0
- data/lib/templates/puppet/step-0/modules/sudo/lib/augeas/lenses/fixedsudoers.aug +520 -0
- data/lib/templates/puppet/step-0/modules/sudo/manifests/allow.pp +76 -0
- data/lib/templates/puppet/step-0/modules/sudo/manifests/conf.pp +105 -0
- data/lib/templates/puppet/step-0/modules/sudo/manifests/configs.pp +24 -0
- data/lib/templates/puppet/step-0/modules/sudo/manifests/init.pp +151 -0
- data/lib/templates/puppet/step-0/modules/sudo/manifests/package/aix.pp +46 -0
- data/lib/templates/puppet/step-0/modules/sudo/manifests/package/solaris.pp +60 -0
- data/lib/templates/puppet/step-0/modules/sudo/manifests/package.pp +61 -0
- data/lib/templates/puppet/step-0/modules/sudo/manifests/params.pp +127 -0
- data/lib/templates/puppet/step-0/modules/sudo/metadata.json +59 -0
- data/lib/templates/puppet/step-0/modules/sudo/templates/users_groups.erb +9 -0
- data/lib/templates/puppet/step-0/modules/users/manifests/init.pp +15 -0
- data/lib/templates/puppet/step-0/modules/users/manifests/user.pp +50 -0
- data/lib/templates/puppet/step-1/Puppetfile.erb +5 -0
- data/lib/templates/puppet/step-1/hiera/data/common.yaml.erb +11 -0
- data/lib/templates/puppet/step-1/hiera/data/environment.yaml.erb +11 -0
- data/lib/templates/puppet/step-1/hiera/data/node.yaml.erb +11 -0
- data/lib/templates/puppet/step-1/hiera/hiera.yaml.erb +11 -0
- data/lib/templates/puppet/step-1/manifests/node.erb +5 -0
- data/lib/templates/puppet/step-1/manifests/site.pp.erb +15 -0
- data/lib/templates/puppet/step-1/modules/users/manifests/init.pp +15 -0
- data/lib/templates/puppet/step-1/modules/users/manifests/user.pp +49 -0
- data/lib/templates/puppet/step-2/Puppetfile.erb +5 -0
- data/lib/templates/puppet/step-2/hiera/data/common.yaml.erb +1 -0
- data/lib/templates/puppet/step-2/hiera/data/environment.yaml.erb +1 -0
- data/lib/templates/puppet/step-2/hiera/data/node.yaml.erb +1 -0
- data/lib/templates/puppet/step-2/hiera/hiera.yaml.erb +11 -0
- data/lib/templates/puppet/step-2/manifests/node.erb +3 -0
- data/lib/templates/puppet/step-2/manifests/site.pp.erb +10 -0
- data/lib/templates/puppet/step-3/Puppetfile.erb +5 -0
- data/lib/templates/puppet/step-3/hiera/data/common.yaml.erb +99 -0
- data/lib/templates/puppet/step-3/hiera/data/environment.yaml.erb +99 -0
- data/lib/templates/puppet/step-3/hiera/data/node.yaml.erb +99 -0
- data/lib/templates/puppet/step-3/hiera/hiera.yaml.erb +11 -0
- data/lib/templates/puppet/step-3/manifests/node.erb +5 -0
- data/lib/templates/puppet/step-3/manifests/site.pp.erb +15 -0
- data/spec/environment_spec.rb +82 -0
- data/spec/factories/environment.rb +20 -0
- data/spec/factories/node.rb +22 -0
- data/spec/factories/profile.rb +10 -0
- data/spec/factories/project.rb +17 -0
- data/spec/factories/provision.rb +13 -0
- data/spec/factories/role.rb +9 -0
- data/spec/fixtures/Capfile.test +2 -0
- data/spec/fixtures/Gemfile.test +5 -0
- data/spec/fixtures/config/deploy/environment.test +35 -0
- data/spec/fixtures/config/deploy/production.test +35 -0
- data/spec/fixtures/config/deploy/staging.test +35 -0
- data/spec/fixtures/config/deploy/vagrant.test +37 -0
- data/spec/fixtures/config/deploy.test +120 -0
- data/spec/fixtures/dot_bebox.test.erb +4 -0
- data/spec/fixtures/dot_gitignore.test +8 -0
- data/spec/fixtures/node/Vagrantfile.test.erb +18 -0
- data/spec/fixtures/node/node_0.test.erb +3 -0
- data/spec/fixtures/node/prepared_node_0.test.erb +4 -0
- data/spec/fixtures/node/provisioned_node_0.test.erb +4 -0
- data/spec/fixtures/node/vagrant_deploy.test +38 -0
- data/spec/fixtures/puppet/hiera/data/node0.server1.test.yaml.test +4 -0
- data/spec/fixtures/puppet/profiles/test/profile_0/Puppetfile.test +24 -0
- data/spec/fixtures/puppet/profiles/test/profile_0/Puppetfile_with_modules.test +20 -0
- data/spec/fixtures/puppet/profiles/test/profile_0/manifests/init.pp.test +17 -0
- data/spec/fixtures/puppet/profiles/test/profile_0/manifests/init_with_content.pp.test +22 -0
- data/spec/fixtures/puppet/roles/manifests/init.pp.test +14 -0
- data/spec/fixtures/puppet/steps/step-0/hiera/data/common.yaml.test +26 -0
- data/spec/fixtures/puppet/steps/step-0/hiera/data/node0.server1.test.yaml.test +0 -0
- data/spec/fixtures/puppet/steps/step-0/hiera/data/pname_env.yaml.test +26 -0
- data/spec/fixtures/puppet/steps/step-0/hiera/data/production.yaml.test +0 -0
- data/spec/fixtures/puppet/steps/step-0/hiera/data/staging.yaml.test +0 -0
- data/spec/fixtures/puppet/steps/step-0/hiera/data/vagrant.yaml.test +0 -0
- data/spec/fixtures/puppet/steps/step-0/hiera/hiera.yaml.test +11 -0
- data/spec/fixtures/puppet/steps/step-0/manifests/site.pp.test +10 -0
- data/spec/fixtures/puppet/steps/step-0/manifests/site_with_node.pp.test +15 -0
- data/spec/fixtures/puppet/steps/step-1/hiera/data/common.yaml.test +11 -0
- data/spec/fixtures/puppet/steps/step-1/hiera/data/node0.server1.test.yaml.test +0 -0
- data/spec/fixtures/puppet/steps/step-1/hiera/data/pname_env.yaml.test +11 -0
- data/spec/fixtures/puppet/steps/step-1/hiera/data/production.yaml.test +0 -0
- data/spec/fixtures/puppet/steps/step-1/hiera/data/staging.yaml.test +0 -0
- data/spec/fixtures/puppet/steps/step-1/hiera/data/vagrant.yaml.test +0 -0
- data/spec/fixtures/puppet/steps/step-1/hiera/hiera.yaml.test +11 -0
- data/spec/fixtures/puppet/steps/step-1/manifests/site.pp.test +10 -0
- data/spec/fixtures/puppet/steps/step-1/manifests/site_with_node.pp.test +15 -0
- data/spec/fixtures/puppet/steps/step-2/Puppetfile.test +6 -0
- data/spec/fixtures/puppet/steps/step-2/hiera/data/common.yaml.test +1 -0
- data/spec/fixtures/puppet/steps/step-2/hiera/data/node0.server1.test.yaml.test +1 -0
- data/spec/fixtures/puppet/steps/step-2/hiera/data/pname_env.yaml.test +1 -0
- data/spec/fixtures/puppet/steps/step-2/hiera/data/production.yaml.test +1 -0
- data/spec/fixtures/puppet/steps/step-2/hiera/data/staging.yaml.test +1 -0
- data/spec/fixtures/puppet/steps/step-2/hiera/data/vagrant.yaml.test +1 -0
- data/spec/fixtures/puppet/steps/step-2/hiera/hiera.yaml.test +11 -0
- data/spec/fixtures/puppet/steps/step-2/manifests/site.pp.test +10 -0
- data/spec/fixtures/puppet/steps/step-2/manifests/site_with_node.pp.test +13 -0
- data/spec/fixtures/puppet/steps/step-2/manifests/site_with_node_role_association.pp.test +16 -0
- data/spec/fixtures/puppet/steps/step-2/modules/profiles/manifests/test/profile_0.pp.test +17 -0
- data/spec/fixtures/puppet/steps/step-2/modules/roles/manifests/role_0.pp.test +16 -0
- data/spec/fixtures/puppet/steps/step-3/hiera/data/common.yaml.test +99 -0
- data/spec/fixtures/puppet/steps/step-3/hiera/data/node0.server1.test.yaml.test +1 -0
- data/spec/fixtures/puppet/steps/step-3/hiera/data/pname_env.yaml.test +99 -0
- data/spec/fixtures/puppet/steps/step-3/hiera/data/production.yaml.test +1 -0
- data/spec/fixtures/puppet/steps/step-3/hiera/data/staging.yaml.test +1 -0
- data/spec/fixtures/puppet/steps/step-3/hiera/data/vagrant.yaml.test +1 -0
- data/spec/fixtures/puppet/steps/step-3/hiera/hiera.yaml.test +11 -0
- data/spec/fixtures/puppet/steps/step-3/manifests/site.pp.test +10 -0
- data/spec/fixtures/puppet/steps/step-3/manifests/site_with_node.pp.test +15 -0
- data/spec/fixtures/puppet/ubuntu_dependencies.test +10 -0
- data/spec/node0.server1.test/prepare_phase_spec.rb +53 -0
- data/spec/node0.server1.test/provision_step_0_spec.rb +46 -0
- data/spec/node0.server1.test/provision_step_1_spec.rb +41 -0
- data/spec/node0.server1.test/provision_step_2_spec.rb +79 -0
- data/spec/node0.server1.test/provision_step_3_spec.rb +76 -0
- data/spec/node_role_spec.rb +20 -0
- data/spec/node_spec.rb +71 -0
- data/spec/node_wizard_spec.rb +22 -0
- data/spec/ordered_phases_spec.rb +55 -0
- data/spec/pre_prepare_spec.rb +78 -0
- data/spec/pre_provision_steps_spec.rb +40 -0
- data/spec/profile_spec.rb +70 -0
- data/spec/project_spec.rb +195 -0
- data/spec/project_wizard_spec.rb +51 -0
- data/spec/puppet_spec_helper.rb +15 -0
- data/spec/role_profiles_spec.rb +40 -0
- data/spec/role_spec.rb +56 -0
- data/spec/spec_helper.rb +37 -0
- data/spec/support/config_specs.yaml.example +2 -0
- data/spec/vagrant_spec_helper.rb +15 -0
- metadata +625 -0
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
class users {
|
|
2
|
+
|
|
3
|
+
$hiera_users = hiera("user_accounts")
|
|
4
|
+
each($hiera_users) |$value| {
|
|
5
|
+
$name = $value[name]
|
|
6
|
+
$email = $value[email]
|
|
7
|
+
$uid = $value[uid]
|
|
8
|
+
$key = $value[key]
|
|
9
|
+
users::user { $name:
|
|
10
|
+
uid => $uid,
|
|
11
|
+
email => $email,
|
|
12
|
+
key => $key,
|
|
13
|
+
}
|
|
14
|
+
}
|
|
15
|
+
}
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
|
|
2
|
+
define users::user($email, $uid, $key) {
|
|
3
|
+
$username = $title
|
|
4
|
+
|
|
5
|
+
$groups = ["root", "sudo"]
|
|
6
|
+
|
|
7
|
+
user { $username:
|
|
8
|
+
ensure => present,
|
|
9
|
+
comment => "${email}",
|
|
10
|
+
home => "/home/${username}",
|
|
11
|
+
shell => "/bin/bash",
|
|
12
|
+
groups => $groups,
|
|
13
|
+
membership => "inclusive",
|
|
14
|
+
uid => $uid,
|
|
15
|
+
managehome => true,
|
|
16
|
+
# Generated from openssl passwd -1 in the server
|
|
17
|
+
password => '$1$XBHr9b2v$vBpq1zI2wXljP3209xR/d.'
|
|
18
|
+
}
|
|
19
|
+
|
|
20
|
+
group { $username:
|
|
21
|
+
gid => $uid,
|
|
22
|
+
require => User[$username],
|
|
23
|
+
}
|
|
24
|
+
|
|
25
|
+
file { "/home/${username}/":
|
|
26
|
+
ensure => directory,
|
|
27
|
+
owner => $username,
|
|
28
|
+
group => $username,
|
|
29
|
+
mode => 0644,
|
|
30
|
+
require => [ User[$username], Group[$username] ]
|
|
31
|
+
}
|
|
32
|
+
|
|
33
|
+
file { "/home/${username}/.ssh":
|
|
34
|
+
ensure => directory,
|
|
35
|
+
owner => $username,
|
|
36
|
+
group => $username,
|
|
37
|
+
mode => 0600,
|
|
38
|
+
require => File["/home/${username}/"],
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
file { "/home/${username}/.ssh/authorized_keys":
|
|
42
|
+
ensure => present,
|
|
43
|
+
owner => $username,
|
|
44
|
+
group => $username,
|
|
45
|
+
mode => 0600,
|
|
46
|
+
require => File["/home/${username}/.ssh"],
|
|
47
|
+
content => $key,
|
|
48
|
+
}
|
|
49
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
# Here you can set the hiera data to be used for your profiles
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
# Here you can set the hiera data to be used for your profiles
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
# Here you can set the hiera data to be used for your profiles
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
# Important note: This file is empty.
|
|
2
|
+
# /etc/puppet/hiera.yml is used by default.
|
|
3
|
+
# deploy_user and deploy_environment is set in the puppet apply command executed by capistrano
|
|
4
|
+
:backends: yaml
|
|
5
|
+
:yaml:
|
|
6
|
+
:datadir: %{::deploy_to}/current/steps/<%=step_dir%>/hiera/data
|
|
7
|
+
:hierarchy:
|
|
8
|
+
- %{::fqdn}
|
|
9
|
+
- %{::deploy_environment}
|
|
10
|
+
- common
|
|
11
|
+
:logger: console
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
# This file associates nodes with roles
|
|
2
|
+
# Example:
|
|
3
|
+
# node node0.server1.test {
|
|
4
|
+
# include roles::role_1
|
|
5
|
+
# }
|
|
6
|
+
# The roles and profiles pattern recommends to associate one node with
|
|
7
|
+
# one and only one role.
|
|
8
|
+
# The role can be set to the node manually or through the
|
|
9
|
+
# 'bebox node set_role' command.
|
|
10
|
+
|
|
@@ -0,0 +1,99 @@
|
|
|
1
|
+
fail2ban:
|
|
2
|
+
bantime: 60
|
|
3
|
+
maxretry: 3
|
|
4
|
+
mailto: 'root@localhost'
|
|
5
|
+
ssh::server:
|
|
6
|
+
password_authentication: 'no'
|
|
7
|
+
pubkey_authentication: 'yes'
|
|
8
|
+
permit_root_login: 'no'
|
|
9
|
+
sysctl:
|
|
10
|
+
# IP Spoofing protection
|
|
11
|
+
'net.ipv4.conf.all.rp_filter':
|
|
12
|
+
value: '1'
|
|
13
|
+
'net.ipv4.conf.default.rp_filter':
|
|
14
|
+
value: '1'
|
|
15
|
+
# Ignore ICMP broadcast requests
|
|
16
|
+
'net.ipv4.icmp_echo_ignore_broadcasts':
|
|
17
|
+
value: '1'
|
|
18
|
+
# Disable source packet routing
|
|
19
|
+
'net.ipv4.conf.all.accept_source_route':
|
|
20
|
+
value: '0'
|
|
21
|
+
'net.ipv6.conf.all.accept_source_route':
|
|
22
|
+
value: '0'
|
|
23
|
+
'net.ipv4.conf.default.accept_source_route':
|
|
24
|
+
value: '0'
|
|
25
|
+
'net.ipv6.conf.default.accept_source_route':
|
|
26
|
+
value: '0'
|
|
27
|
+
# Ignore send redirects
|
|
28
|
+
'net.ipv4.conf.all.send_redirects':
|
|
29
|
+
value: '0'
|
|
30
|
+
'net.ipv4.conf.default.send_redirects':
|
|
31
|
+
value: '0'
|
|
32
|
+
# Block SYN attacks
|
|
33
|
+
'net.ipv4.tcp_syncookies':
|
|
34
|
+
value: '1'
|
|
35
|
+
'net.ipv4.tcp_max_syn_backlog':
|
|
36
|
+
value: '2048'
|
|
37
|
+
'net.ipv4.tcp_synack_retries':
|
|
38
|
+
value: '2'
|
|
39
|
+
'net.ipv4.tcp_syn_retries':
|
|
40
|
+
value: '5'
|
|
41
|
+
# Log Martians
|
|
42
|
+
'net.ipv4.conf.all.log_martians':
|
|
43
|
+
value: '1'
|
|
44
|
+
'net.ipv4.icmp_ignore_bogus_error_responses':
|
|
45
|
+
value: '1'
|
|
46
|
+
# Ignore ICMP redirects
|
|
47
|
+
'net.ipv4.conf.all.accept_redirects':
|
|
48
|
+
value: '0'
|
|
49
|
+
'net.ipv6.conf.all.accept_redirects':
|
|
50
|
+
value: '0'
|
|
51
|
+
'net.ipv4.conf.default.accept_redirects':
|
|
52
|
+
value: '0'
|
|
53
|
+
'net.ipv6.conf.default.accept_redirects':
|
|
54
|
+
value: '0'
|
|
55
|
+
# Ignore Directed pings
|
|
56
|
+
'net.ipv4.icmp_echo_ignore_all':
|
|
57
|
+
value: '1'
|
|
58
|
+
iptables::allow_icmp: 'yes'
|
|
59
|
+
iptables::allow_localhost: 'yes'
|
|
60
|
+
iptables::log_failures: 'yes'
|
|
61
|
+
iptables::ports:
|
|
62
|
+
22:
|
|
63
|
+
tcp: 'allow'
|
|
64
|
+
80:
|
|
65
|
+
tcp: 'allow'
|
|
66
|
+
23:
|
|
67
|
+
tcp: 'drop'
|
|
68
|
+
udp: 'drop'
|
|
69
|
+
firewall:
|
|
70
|
+
'001 accept all icmp requests':
|
|
71
|
+
proto: 'icmp'
|
|
72
|
+
action: 'accept'
|
|
73
|
+
'002 allow loopback':
|
|
74
|
+
iniface: 'lo'
|
|
75
|
+
chain: 'INPUT'
|
|
76
|
+
action: 'accept'
|
|
77
|
+
'000 INPUT allow related and established':
|
|
78
|
+
state: ['RELATED', 'ESTABLISHED']
|
|
79
|
+
action: 'accept'
|
|
80
|
+
proto: 'all'
|
|
81
|
+
'100 allow ssh':
|
|
82
|
+
state: ['NEW']
|
|
83
|
+
dport: '22'
|
|
84
|
+
proto: 'tcp'
|
|
85
|
+
action: 'accept'
|
|
86
|
+
'100 allow httpd:80':
|
|
87
|
+
state: ['NEW']
|
|
88
|
+
dport: '80'
|
|
89
|
+
proto: 'tcp'
|
|
90
|
+
action: 'accept'
|
|
91
|
+
'998 deny all other requests':
|
|
92
|
+
action: 'reject'
|
|
93
|
+
proto: 'all'
|
|
94
|
+
reject: 'icmp-host-prohibited'
|
|
95
|
+
'999 deny all other requests':
|
|
96
|
+
chain: 'FORWARD'
|
|
97
|
+
action: 'reject'
|
|
98
|
+
proto: 'all'
|
|
99
|
+
reject: 'icmp-host-prohibited'
|
|
@@ -0,0 +1,99 @@
|
|
|
1
|
+
fail2ban:
|
|
2
|
+
bantime: 60
|
|
3
|
+
maxretry: 3
|
|
4
|
+
mailto: 'root@localhost'
|
|
5
|
+
ssh::server:
|
|
6
|
+
password_authentication: 'no'
|
|
7
|
+
pubkey_authentication: 'yes'
|
|
8
|
+
permit_root_login: 'no'
|
|
9
|
+
sysctl:
|
|
10
|
+
# IP Spoofing protection
|
|
11
|
+
'net.ipv4.conf.all.rp_filter':
|
|
12
|
+
value: '1'
|
|
13
|
+
'net.ipv4.conf.default.rp_filter':
|
|
14
|
+
value: '1'
|
|
15
|
+
# Ignore ICMP broadcast requests
|
|
16
|
+
'net.ipv4.icmp_echo_ignore_broadcasts':
|
|
17
|
+
value: '1'
|
|
18
|
+
# Disable source packet routing
|
|
19
|
+
'net.ipv4.conf.all.accept_source_route':
|
|
20
|
+
value: '0'
|
|
21
|
+
'net.ipv6.conf.all.accept_source_route':
|
|
22
|
+
value: '0'
|
|
23
|
+
'net.ipv4.conf.default.accept_source_route':
|
|
24
|
+
value: '0'
|
|
25
|
+
'net.ipv6.conf.default.accept_source_route':
|
|
26
|
+
value: '0'
|
|
27
|
+
# Ignore send redirects
|
|
28
|
+
'net.ipv4.conf.all.send_redirects':
|
|
29
|
+
value: '0'
|
|
30
|
+
'net.ipv4.conf.default.send_redirects':
|
|
31
|
+
value: '0'
|
|
32
|
+
# Block SYN attacks
|
|
33
|
+
'net.ipv4.tcp_syncookies':
|
|
34
|
+
value: '1'
|
|
35
|
+
'net.ipv4.tcp_max_syn_backlog':
|
|
36
|
+
value: '2048'
|
|
37
|
+
'net.ipv4.tcp_synack_retries':
|
|
38
|
+
value: '2'
|
|
39
|
+
'net.ipv4.tcp_syn_retries':
|
|
40
|
+
value: '5'
|
|
41
|
+
# Log Martians
|
|
42
|
+
'net.ipv4.conf.all.log_martians':
|
|
43
|
+
value: '1'
|
|
44
|
+
'net.ipv4.icmp_ignore_bogus_error_responses':
|
|
45
|
+
value: '1'
|
|
46
|
+
# Ignore ICMP redirects
|
|
47
|
+
'net.ipv4.conf.all.accept_redirects':
|
|
48
|
+
value: '0'
|
|
49
|
+
'net.ipv6.conf.all.accept_redirects':
|
|
50
|
+
value: '0'
|
|
51
|
+
'net.ipv4.conf.default.accept_redirects':
|
|
52
|
+
value: '0'
|
|
53
|
+
'net.ipv6.conf.default.accept_redirects':
|
|
54
|
+
value: '0'
|
|
55
|
+
# Ignore Directed pings
|
|
56
|
+
'net.ipv4.icmp_echo_ignore_all':
|
|
57
|
+
value: '1'
|
|
58
|
+
iptables::allow_icmp: 'yes'
|
|
59
|
+
iptables::allow_localhost: 'yes'
|
|
60
|
+
iptables::log_failures: 'yes'
|
|
61
|
+
iptables::ports:
|
|
62
|
+
22:
|
|
63
|
+
tcp: 'allow'
|
|
64
|
+
80:
|
|
65
|
+
tcp: 'allow'
|
|
66
|
+
23:
|
|
67
|
+
tcp: 'drop'
|
|
68
|
+
udp: 'drop'
|
|
69
|
+
firewall:
|
|
70
|
+
'001 accept all icmp requests':
|
|
71
|
+
proto: 'icmp'
|
|
72
|
+
action: 'accept'
|
|
73
|
+
'002 allow loopback':
|
|
74
|
+
iniface: 'lo'
|
|
75
|
+
chain: 'INPUT'
|
|
76
|
+
action: 'accept'
|
|
77
|
+
'000 INPUT allow related and established':
|
|
78
|
+
state: ['RELATED', 'ESTABLISHED']
|
|
79
|
+
action: 'accept'
|
|
80
|
+
proto: 'all'
|
|
81
|
+
'100 allow ssh':
|
|
82
|
+
state: ['NEW']
|
|
83
|
+
dport: '22'
|
|
84
|
+
proto: 'tcp'
|
|
85
|
+
action: 'accept'
|
|
86
|
+
'100 allow httpd:80':
|
|
87
|
+
state: ['NEW']
|
|
88
|
+
dport: '80'
|
|
89
|
+
proto: 'tcp'
|
|
90
|
+
action: 'accept'
|
|
91
|
+
'998 deny all other requests':
|
|
92
|
+
action: 'reject'
|
|
93
|
+
proto: 'all'
|
|
94
|
+
reject: 'icmp-host-prohibited'
|
|
95
|
+
'999 deny all other requests':
|
|
96
|
+
chain: 'FORWARD'
|
|
97
|
+
action: 'reject'
|
|
98
|
+
proto: 'all'
|
|
99
|
+
reject: 'icmp-host-prohibited'
|
|
@@ -0,0 +1,99 @@
|
|
|
1
|
+
fail2ban:
|
|
2
|
+
bantime: 60
|
|
3
|
+
maxretry: 3
|
|
4
|
+
mailto: 'root@localhost'
|
|
5
|
+
ssh::server:
|
|
6
|
+
password_authentication: 'no'
|
|
7
|
+
pubkey_authentication: 'yes'
|
|
8
|
+
permit_root_login: 'no'
|
|
9
|
+
sysctl:
|
|
10
|
+
# IP Spoofing protection
|
|
11
|
+
'net.ipv4.conf.all.rp_filter':
|
|
12
|
+
value: '1'
|
|
13
|
+
'net.ipv4.conf.default.rp_filter':
|
|
14
|
+
value: '1'
|
|
15
|
+
# Ignore ICMP broadcast requests
|
|
16
|
+
'net.ipv4.icmp_echo_ignore_broadcasts':
|
|
17
|
+
value: '1'
|
|
18
|
+
# Disable source packet routing
|
|
19
|
+
'net.ipv4.conf.all.accept_source_route':
|
|
20
|
+
value: '0'
|
|
21
|
+
'net.ipv6.conf.all.accept_source_route':
|
|
22
|
+
value: '0'
|
|
23
|
+
'net.ipv4.conf.default.accept_source_route':
|
|
24
|
+
value: '0'
|
|
25
|
+
'net.ipv6.conf.default.accept_source_route':
|
|
26
|
+
value: '0'
|
|
27
|
+
# Ignore send redirects
|
|
28
|
+
'net.ipv4.conf.all.send_redirects':
|
|
29
|
+
value: '0'
|
|
30
|
+
'net.ipv4.conf.default.send_redirects':
|
|
31
|
+
value: '0'
|
|
32
|
+
# Block SYN attacks
|
|
33
|
+
'net.ipv4.tcp_syncookies':
|
|
34
|
+
value: '1'
|
|
35
|
+
'net.ipv4.tcp_max_syn_backlog':
|
|
36
|
+
value: '2048'
|
|
37
|
+
'net.ipv4.tcp_synack_retries':
|
|
38
|
+
value: '2'
|
|
39
|
+
'net.ipv4.tcp_syn_retries':
|
|
40
|
+
value: '5'
|
|
41
|
+
# Log Martians
|
|
42
|
+
'net.ipv4.conf.all.log_martians':
|
|
43
|
+
value: '1'
|
|
44
|
+
'net.ipv4.icmp_ignore_bogus_error_responses':
|
|
45
|
+
value: '1'
|
|
46
|
+
# Ignore ICMP redirects
|
|
47
|
+
'net.ipv4.conf.all.accept_redirects':
|
|
48
|
+
value: '0'
|
|
49
|
+
'net.ipv6.conf.all.accept_redirects':
|
|
50
|
+
value: '0'
|
|
51
|
+
'net.ipv4.conf.default.accept_redirects':
|
|
52
|
+
value: '0'
|
|
53
|
+
'net.ipv6.conf.default.accept_redirects':
|
|
54
|
+
value: '0'
|
|
55
|
+
# Ignore Directed pings
|
|
56
|
+
'net.ipv4.icmp_echo_ignore_all':
|
|
57
|
+
value: '1'
|
|
58
|
+
iptables::allow_icmp: 'yes'
|
|
59
|
+
iptables::allow_localhost: 'yes'
|
|
60
|
+
iptables::log_failures: 'yes'
|
|
61
|
+
iptables::ports:
|
|
62
|
+
22:
|
|
63
|
+
tcp: 'allow'
|
|
64
|
+
80:
|
|
65
|
+
tcp: 'allow'
|
|
66
|
+
23:
|
|
67
|
+
tcp: 'drop'
|
|
68
|
+
udp: 'drop'
|
|
69
|
+
firewall:
|
|
70
|
+
'001 accept all icmp requests':
|
|
71
|
+
proto: 'icmp'
|
|
72
|
+
action: 'accept'
|
|
73
|
+
'002 allow loopback':
|
|
74
|
+
iniface: 'lo'
|
|
75
|
+
chain: 'INPUT'
|
|
76
|
+
action: 'accept'
|
|
77
|
+
'000 INPUT allow related and established':
|
|
78
|
+
state: ['RELATED', 'ESTABLISHED']
|
|
79
|
+
action: 'accept'
|
|
80
|
+
proto: 'all'
|
|
81
|
+
'100 allow ssh':
|
|
82
|
+
state: ['NEW']
|
|
83
|
+
dport: '22'
|
|
84
|
+
proto: 'tcp'
|
|
85
|
+
action: 'accept'
|
|
86
|
+
'100 allow httpd:80':
|
|
87
|
+
state: ['NEW']
|
|
88
|
+
dport: '80'
|
|
89
|
+
proto: 'tcp'
|
|
90
|
+
action: 'accept'
|
|
91
|
+
'998 deny all other requests':
|
|
92
|
+
action: 'reject'
|
|
93
|
+
proto: 'all'
|
|
94
|
+
reject: 'icmp-host-prohibited'
|
|
95
|
+
'999 deny all other requests':
|
|
96
|
+
chain: 'FORWARD'
|
|
97
|
+
action: 'reject'
|
|
98
|
+
proto: 'all'
|
|
99
|
+
reject: 'icmp-host-prohibited'
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
# Important note: This file is empty.
|
|
2
|
+
# /etc/puppet/hiera.yml is used by default.
|
|
3
|
+
# deploy_user and deploy_environment is set in the puppet apply command executed by capistrano
|
|
4
|
+
:backends: yaml
|
|
5
|
+
:yaml:
|
|
6
|
+
:datadir: %{::deploy_to}/current/steps/<%=step_dir%>/hiera/data
|
|
7
|
+
:hierarchy:
|
|
8
|
+
- %{::fqdn}
|
|
9
|
+
- %{::deploy_environment}
|
|
10
|
+
- common
|
|
11
|
+
:logger: console
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
# This file associates nodes with roles
|
|
2
|
+
# Example:
|
|
3
|
+
# node node0.server1.test {
|
|
4
|
+
# include roles::role_1
|
|
5
|
+
# }
|
|
6
|
+
# The roles and profiles pattern recommends to associate one node with
|
|
7
|
+
# one and only one role.
|
|
8
|
+
# The role can be set to the node manually or through the
|
|
9
|
+
# 'bebox node set_role' command.
|
|
10
|
+
|
|
11
|
+
<% nodes.each do |node| %>
|
|
12
|
+
node <%= node.hostname %> {
|
|
13
|
+
include roles::security
|
|
14
|
+
}
|
|
15
|
+
<% end %>
|
|
@@ -0,0 +1,82 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
require_relative '../spec/factories/environment.rb'
|
|
3
|
+
|
|
4
|
+
describe 'Test 02: Bebox::Environment' do
|
|
5
|
+
|
|
6
|
+
describe 'Environment management' do
|
|
7
|
+
|
|
8
|
+
subject { build(:environment) }
|
|
9
|
+
|
|
10
|
+
it 'should list the current environments' do
|
|
11
|
+
current_environments = %w{vagrant staging production}
|
|
12
|
+
environments = Bebox::Environment.list(subject.project_root)
|
|
13
|
+
expect(environments).to include(*current_environments)
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
context 'environment creation' do
|
|
17
|
+
|
|
18
|
+
it 'should create checkpoints' do
|
|
19
|
+
expected_directories = [subject.name, 'nodes', 'prepared_nodes',
|
|
20
|
+
'steps', 'step-0', 'step-1', 'step-2', 'step-3']
|
|
21
|
+
subject.create_checkpoints
|
|
22
|
+
directories = []
|
|
23
|
+
directories << Dir["#{subject.project_root}/.checkpoints/environments/#{subject.name}/"].map { |f| File.basename(f) }
|
|
24
|
+
directories << Dir["#{subject.project_root}/.checkpoints/environments/#{subject.name}/*/"].map { |f| File.basename(f) }
|
|
25
|
+
directories << Dir["#{subject.project_root}/.checkpoints/environments/#{subject.name}/*/*/"].map { |f| File.basename(f) }
|
|
26
|
+
expect(directories.flatten).to include(*expected_directories)
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
it 'should generate capistrano base' do
|
|
30
|
+
subject.create_capistrano_base
|
|
31
|
+
expect(Dir.exist?("#{subject.project_root}/config/keys/environments/#{subject.name}")).to be (true)
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
it 'should generate deploy file' do
|
|
35
|
+
subject.generate_deploy_file
|
|
36
|
+
deploy_content = File.read("#{subject.project_root}/config/deploy/#{subject.name}.rb").gsub(/\s+/, ' ').strip
|
|
37
|
+
deploy_output_content = File.read("spec/fixtures/config/deploy/environment.test").gsub(/\s+/, ' ').strip
|
|
38
|
+
expect(deploy_content).to eq(deploy_output_content)
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
it 'should generate hiera data file' do
|
|
42
|
+
subject.generate_hiera_template
|
|
43
|
+
Bebox::PROVISION_STEPS.each do |step|
|
|
44
|
+
content = File.read("spec/fixtures/puppet/steps/#{step}/hiera/data/#{subject.name}.yaml.test")
|
|
45
|
+
output = File.read("#{subject.project_root}/puppet/steps/#{Bebox::Provision.step_name(step)}/hiera/data/#{subject.name}.yaml")
|
|
46
|
+
expect(output).to eq(content)
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
context 'environment deletion' do
|
|
52
|
+
|
|
53
|
+
it 'should remove checkpoints' do
|
|
54
|
+
environment_directories = [subject.name, 'nodes', 'prepared_nodes',
|
|
55
|
+
'steps', 'step-0', 'step-1', 'step-2', 'step-3']
|
|
56
|
+
subject.remove_checkpoints
|
|
57
|
+
directories = []
|
|
58
|
+
directories << Dir["#{subject.project_root}/.checkpoints/environments/#{subject.name}/"].map { |f| File.basename(f) }
|
|
59
|
+
directories << Dir["#{subject.project_root}/.checkpoints/environments/#{subject.name}/*/"].map { |f| File.basename(f) }
|
|
60
|
+
directories << Dir["#{subject.project_root}/.checkpoints/environments/#{subject.name}/*/*/"].map { |f| File.basename(f) }
|
|
61
|
+
expect(directories.flatten).to_not include(*environment_directories)
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
it 'should remove capistrano base' do
|
|
65
|
+
subject.remove_capistrano_base
|
|
66
|
+
expect(Dir.exist?("#{subject.project_root}/config/keys/environments/#{subject.name}")).to be (false)
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
it 'should remove deploy file' do
|
|
70
|
+
subject.remove_deploy_file
|
|
71
|
+
expect(File.exist?("#{subject.project_root}/config/deploy/#{subject.name}.rb")).to be (false)
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
it 'should remove deploy file' do
|
|
75
|
+
subject.remove_hiera_template
|
|
76
|
+
Bebox::PROVISION_STEPS.each do |step|
|
|
77
|
+
expect(File.exist?("#{subject.project_root}/puppet/steps/#{Bebox::Provision.step_name(step)}/hiera/data/#{subject.name}.yaml")).to be (false)
|
|
78
|
+
end
|
|
79
|
+
end
|
|
80
|
+
end
|
|
81
|
+
end
|
|
82
|
+
end
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
FactoryGirl.define do
|
|
2
|
+
factory :environment, :class => Bebox::Environment do
|
|
3
|
+
name "pname_env"
|
|
4
|
+
project_root "#{Dir.pwd}/tmp/bebox-pname"
|
|
5
|
+
|
|
6
|
+
initialize_with { new(name, project_root) }
|
|
7
|
+
|
|
8
|
+
trait :created do
|
|
9
|
+
after(:build) do |environment|
|
|
10
|
+
environment.create
|
|
11
|
+
end
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
trait :removed do
|
|
15
|
+
after(:build) do |environment|
|
|
16
|
+
environment.remove
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
FactoryGirl.define do
|
|
2
|
+
factory :node, :class => Bebox::Node do
|
|
3
|
+
environment 'vagrant'
|
|
4
|
+
project_root "#{Dir.pwd}/tmp/bebox-pname"
|
|
5
|
+
hostname 'node0.server1.test'
|
|
6
|
+
ip YAML.load_file('spec/support/config_specs.yaml')['test_ip']
|
|
7
|
+
|
|
8
|
+
initialize_with { new(environment, project_root, hostname, ip) }
|
|
9
|
+
|
|
10
|
+
trait :created do
|
|
11
|
+
after(:build) do |node|
|
|
12
|
+
node.create
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
trait :removed do
|
|
17
|
+
after(:build) do |node|
|
|
18
|
+
node.remove
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
FactoryGirl.define do
|
|
2
|
+
factory :project, :class => Bebox::Project do
|
|
3
|
+
name "bebox-pname"
|
|
4
|
+
vagrant_box_base "ubuntu-server-12042-x64-vbox4210-nocm.box"
|
|
5
|
+
parent_path "#{Dir.pwd}/tmp"
|
|
6
|
+
vagrant_box_provider 'virtualbox'
|
|
7
|
+
default_environments ['vagrant', 'staging', 'production']
|
|
8
|
+
|
|
9
|
+
initialize_with { new(name, vagrant_box_base, parent_path, vagrant_box_provider, default_environments) }
|
|
10
|
+
|
|
11
|
+
trait :created do
|
|
12
|
+
after(:build) do |project|
|
|
13
|
+
project.create
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
require_relative '../factories/node.rb'
|
|
2
|
+
|
|
3
|
+
FactoryGirl.define do
|
|
4
|
+
factory :provision, :class => Bebox::Provision do
|
|
5
|
+
project_root "#{Dir.pwd}/tmp/bebox-pname"
|
|
6
|
+
environment 'vagrant'
|
|
7
|
+
node FactoryGirl.build(:node)
|
|
8
|
+
step 'step-0'
|
|
9
|
+
|
|
10
|
+
initialize_with { new(project_root, environment, node, step) }
|
|
11
|
+
|
|
12
|
+
end
|
|
13
|
+
end
|