RubyGems - provizioning - Versions diffs - 0.1.2 → 0.4.0 - Mend

provizioning 0.1.2 → 0.4.0

Files changed (223) hide show

data/.gitignore +17 -0
data/Gemfile +4 -0
data/README.md +29 -0
data/Rakefile +2 -0
data/bootstrap/bootstrap.sh +71 -0
data/{lib/templates/sources.list → bootstrap/lucid.sources.list} +2 -1
data/bootstrap/natty.sources.list +14 -0
data/lib/provizioning/puppet.rb +94 -0
data/lib/provizioning/version.rb +3 -0
data/lib/provizioning.rb +1 -3
data/provizioning.gemspec +20 -0
data/puppet/classes/apache/centos.conf +978 -0
data/puppet/classes/apache/ssl.conf +75 -0
data/puppet/classes/apache.pp +152 -0
data/puppet/classes/apt.pp +5 -0
data/puppet/classes/base/ntp/ntpd-sysconfig +13 -0
data/puppet/classes/base.pp +79 -0
data/puppet/classes/freerange.pp +53 -0
data/puppet/classes/gemrc/gemrc +9 -0
data/puppet/classes/gemrc.pp +10 -0
data/puppet/classes/imagemagick.pp +19 -0
data/puppet/classes/iptables/load-iptables +3 -0
data/puppet/classes/iptables/post-iptables +2 -0
data/puppet/classes/iptables/pre-iptables +2 -0
data/puppet/classes/iptables.pp +59 -0
data/puppet/classes/logrotate/logrotate.erb +15 -0
data/puppet/classes/logrotate.pp +37 -0
data/puppet/classes/mongo/mongodb.conf +89 -0
data/puppet/classes/mongo.pp +86 -0
data/puppet/classes/monit/monit.conf +242 -0
data/puppet/classes/monit.pp +39 -0
data/puppet/classes/munin/plugins/passenger_memory_stats +123 -0
data/puppet/classes/munin/plugins/passenger_status +130 -0
data/puppet/classes/munin/plugins/rails_database_time +174 -0
data/puppet/classes/munin/plugins/rails_request_duration +173 -0
data/puppet/classes/munin/plugins/rails_request_error +169 -0
data/puppet/classes/munin/plugins/rails_requests +175 -0
data/puppet/classes/munin/plugins/rails_view_render_time +173 -0
data/puppet/classes/munin/rails-plugin-config +4 -0
data/puppet/classes/munin.pp +60 -0
data/puppet/classes/mysql/password.erb +1 -0
data/puppet/classes/mysql.pp +71 -0
data/puppet/classes/openswan/ipsec.conf +17 -0
data/puppet/classes/openswan/ipsec.secrets +1 -0
data/puppet/classes/openswan/patched_ipsec_initd_script +223 -0
data/puppet/classes/openswan/secret.erb +1 -0
data/puppet/classes/openswan.pp +71 -0
data/puppet/classes/post-flight.pp +17 -0
data/puppet/classes/postfix/main.cf +39 -0
data/puppet/classes/postfix.pp +16 -0
data/puppet/classes/rack/centos/passenger.load.erb +5 -0
data/puppet/classes/rack/ubuntu/passenger.conf.erb +6 -0
data/puppet/classes/rack.pp +66 -0
data/puppet/classes/redis/redis.conf.erb +187 -0
data/puppet/classes/redis.pp +20 -0
data/puppet/classes/sudo/sudoers +6 -0
data/puppet/classes/sudo.pp +24 -0
data/puppet/classes/syslogng/CentOS.cnf +61 -0
data/puppet/classes/syslogng/Ubuntu.cnf +347 -0
data/puppet/classes/syslogng.pp +146 -0
data/puppet/classes/xml.pp +23 -0
data/puppet/classes/yum.pp +6 -0
data/puppet/classes/zsh.pp +5 -0
data/puppet/modules/README +74 -0
data/puppet/modules/cron/README +4 -0
data/puppet/modules/cron/manifests/base.pp +26 -0
data/puppet/modules/cron/manifests/crontabs.pp +11 -0
data/puppet/modules/cron/manifests/init.pp +18 -0
data/puppet/modules/drupal/Modulefile +7 -0
data/puppet/modules/drupal/README +110 -0
data/puppet/modules/drupal/manifests/absent.pp +25 -0
data/puppet/modules/drupal/manifests/backup/absent.pp +23 -0
data/puppet/modules/drupal/manifests/backup.pp +49 -0
data/puppet/modules/drupal/manifests/conf.pp +23 -0
data/puppet/modules/drupal/manifests/debug.pp +26 -0
data/puppet/modules/drupal/manifests/disable.pp +22 -0
data/puppet/modules/drupal/manifests/disableboot.pp +13 -0
data/puppet/modules/drupal/manifests/drush.pp +20 -0
data/puppet/modules/drupal/manifests/example42/backup.pp +8 -0
data/puppet/modules/drupal/manifests/example42/monitor.pp +8 -0
data/puppet/modules/drupal/manifests/example42.pp +25 -0
data/puppet/modules/drupal/manifests/extra.pp +30 -0
data/puppet/modules/drupal/manifests/firewall/absent.pp +19 -0
data/puppet/modules/drupal/manifests/firewall.pp +24 -0
data/puppet/modules/drupal/manifests/init.pp +54 -0
data/puppet/modules/drupal/manifests/install.pp +20 -0
data/puppet/modules/drupal/manifests/module.pp +37 -0
data/puppet/modules/drupal/manifests/monitor/absent.pp +42 -0
data/puppet/modules/drupal/manifests/monitor.pp +77 -0
data/puppet/modules/drupal/manifests/package.pp +20 -0
data/puppet/modules/drupal/manifests/params.pp +277 -0
data/puppet/modules/drupal/manifests/site.pp +63 -0
data/puppet/modules/drupal/manifests/theme.pp +33 -0
data/puppet/modules/drupal/templates/variables_drupal.erb +62 -0
data/puppet/modules/drupal/tests/absent.pp +1 -0
data/puppet/modules/drupal/tests/backup.pp +1 -0
data/puppet/modules/drupal/tests/debug.pp +1 -0
data/puppet/modules/drupal/tests/disable.pp +1 -0
data/puppet/modules/drupal/tests/disableboot.pp +1 -0
data/puppet/modules/drupal/tests/firewall.pp +1 -0
data/puppet/modules/drupal/tests/init.pp +1 -0
data/puppet/modules/drupal/tests/monitor.pp +1 -0
data/puppet/modules/hosts/README +0 -0
data/puppet/modules/hosts/manifests/example42.pp +5 -0
data/puppet/modules/hosts/manifests/init.pp +16 -0
data/puppet/modules/hosts/templates/hosts.erb +11 -0
data/puppet/modules/iptables/README +4 -0
data/puppet/modules/iptables/files/iptables +19 -0
data/puppet/modules/iptables/manifests/disable.pp +15 -0
data/puppet/modules/iptables/manifests/init.pp +9 -0
data/puppet/modules/iptables/manifests/redhat.pp +24 -0
data/puppet/modules/mysql/Modulefile +7 -0
data/puppet/modules/mysql/README +56 -0
data/puppet/modules/mysql/manifests/absent.pp +12 -0
data/puppet/modules/mysql/manifests/backup/example42.pp +8 -0
data/puppet/modules/mysql/manifests/backup.pp +49 -0
data/puppet/modules/mysql/manifests/client.pp +18 -0
data/puppet/modules/mysql/manifests/conf.pp +23 -0
data/puppet/modules/mysql/manifests/debug.pp +25 -0
data/puppet/modules/mysql/manifests/disable.pp +13 -0
data/puppet/modules/mysql/manifests/disableboot.pp +13 -0
data/puppet/modules/mysql/manifests/example42.pp +25 -0
data/puppet/modules/mysql/manifests/firewall.pp +23 -0
data/puppet/modules/mysql/manifests/grant.pp +29 -0
data/puppet/modules/mysql/manifests/init.pp +67 -0
data/puppet/modules/mysql/manifests/monitor/example42.pp +8 -0
data/puppet/modules/mysql/manifests/monitor.pp +77 -0
data/puppet/modules/mysql/manifests/params.pp +240 -0
data/puppet/modules/mysql/manifests/query.pp +30 -0
data/puppet/modules/mysql/templates/grant.erb +6 -0
data/puppet/modules/mysql/templates/query.erb +5 -0
data/puppet/modules/mysql/templates/variables_mysql.erb +42 -0
data/puppet/modules/network/README +4 -0
data/puppet/modules/network/manifests/init.pp +13 -0
data/puppet/modules/nginx/manifests/fcgi.pp +87 -0
data/puppet/modules/nginx/manifests/init.pp +205 -0
data/puppet/modules/nginx/templates/fcgi_site.erb +38 -0
data/puppet/modules/nginx/templates/includes/fastcgi_params.erb +23 -0
data/puppet/modules/nginx/templates/nginx.conf.erb +31 -0
data/puppet/modules/passenger/manifests/init.pp +12 -0
data/puppet/modules/passenger/templates/myapp +39 -0
data/puppet/modules/php/README +26 -0
data/puppet/modules/php/manifests/init.pp +42 -0
data/puppet/modules/php/manifests/module.pp +22 -0
data/puppet/modules/php/manifests/pear/module.pp +21 -0
data/puppet/modules/php/manifests/pear.pp +20 -0
data/puppet/modules/php/manifests/pecl/config.pp +19 -0
data/puppet/modules/php/manifests/pecl/module.pp +44 -0
data/puppet/modules/php/manifests/pecl.pp +8 -0
data/puppet/modules/php/manifests/soap.pp +20 -0
data/puppet/modules/postgres/Copyright +13 -0
data/puppet/modules/postgres/manifests/database.pp +40 -0
data/puppet/modules/postgres/manifests/init.pp +25 -0
data/puppet/modules/postgres/manifests/role.pp +40 -0
data/puppet/modules/ruby/files/install-ruby-stow +43 -0
data/puppet/modules/ruby/manifests/init.pp +18 -0
data/puppet/modules/rvm/files/install-system-rvm +2 -0
data/puppet/modules/rvm/manifests/classes/dependencies.pp +24 -0
data/puppet/modules/rvm/manifests/classes/passenger.pp +166 -0
data/puppet/modules/rvm/manifests/classes/system.pp +33 -0
data/puppet/modules/rvm/manifests/definitions/system_user.pp +13 -0
data/puppet/modules/rvm/manifests/init.pp +2 -0
data/puppet/modules/rvm/templates/passenger-apache.conf.erb +9 -0
data/puppet/modules/ssh/README +4 -0
data/puppet/modules/ssh/manifests/auth.pp +39 -0
data/puppet/modules/ssh/manifests/auth.pp.good +340 -0
data/puppet/modules/ssh/manifests/eal4.pp +69 -0
data/puppet/modules/ssh/manifests/init.pp +74 -0
data/puppet/modules/stow/manifests/init.pp +5 -0
data/puppet/modules/sudo/files/sudoers +25 -0
data/puppet/modules/sudo/manifests/init.pp +1 -0
data/puppet/modules/sudo/manifests/install.pp +5 -0
data/puppet/modules/sudo/manifests/sudoers.pp +14 -0
data/puppet/modules/ufw/manifests/init.pp +12 -0
data/puppet/modules/users/README +28 -0
data/puppet/modules/users/manifests/adduser.pp +16 -0
data/puppet/modules/users/manifests/admin.pp +11 -0
data/puppet/modules/users/manifests/automount.pp +34 -0
data/puppet/modules/users/manifests/deluser.pp +8 -0
data/puppet/modules/users/manifests/example42.pp +16 -0
data/puppet/modules/users/manifests/init.pp +31 -0
data/puppet/modules/users/manifests/ldap.pp +114 -0
data/puppet/modules/users/manifests/params.pp +84 -0
data/puppet/modules/users/templates/ldap/ldap.conf.erb +13 -0
data/puppet/modules/users/templates/ldap/nsswitch.conf.erb +23 -0
data/puppet/modules/users/templates/ldap/openldap-ldap.conf.erb +8 -0
data/puppet/modules/webmin/manifests/init.pp +31 -0
data/puppet/roles/blank.pp +1 -0
data/puppet/site.pp +8 -0
metadata +235 -81
data/README +0 -3
data/bin/provizion +0 -52
data/lib/policies/chef-client.rb +0 -37
data/lib/policies/lamp.rb +0 -42
data/lib/policies/passenger.rb +0 -44
data/lib/recipes/apache.rb +0 -70
data/lib/recipes/apache_conf.rb +0 -3
data/lib/recipes/bundler.rb +0 -4
data/lib/recipes/chef_client.rb +0 -11
data/lib/recipes/curl.rb +0 -8
data/lib/recipes/essential.rb +0 -4
data/lib/recipes/git.rb +0 -15
data/lib/recipes/imagemagick.rb +0 -8
data/lib/recipes/mailserver.rb +0 -9
data/lib/recipes/memcached.rb +0 -16
data/lib/recipes/mysql.rb +0 -21
data/lib/recipes/nginx/init.d +0 -63
data/lib/recipes/nginx.rb +0 -25
data/lib/recipes/passenger.rb +0 -67
data/lib/recipes/php.rb +0 -8
data/lib/recipes/postgresql.rb +0 -21
data/lib/recipes/ruby_enterprise.rb +0 -24
data/lib/recipes/rvm.rb +0 -25
data/lib/recipes/sources.rb +0 -5
data/lib/recipes/subversion.rb +0 -8
data/lib/recipes/syslog.rb +0 -7
data/lib/recipes/ufw.rb +0 -12
data/lib/recipes/vim.rb +0 -8
data/lib/recipes/webmin.rb +0 -17
data/lib/templates/apache.conf.erb +0 -12
data/lib/templates/my.cnf +0 -132
data/lib/templates/passenger.conf +0 -11
data/lib/templates/passenger.load +0 -1

data/puppet/modules/ssh/manifests/init.pp ADDED Viewed

@@ -0,0 +1,74 @@
+import "*.pp"
+class ssh {
+    package { ssh:
+        name   => $operatingsystem ? {
+            default    => "openssh",
+            },
+        ensure => present,
+    }
+    package { ssh-client:
+        name   => $operatingsystem ? {
+            default    => "openssh-clients",
+            },
+        ensure => present,
+    }
+}
+class ssh::server {
+    include ssh
+    package { sshd:
+        name   => $operatingsystem ? {
+            default    => "openssh-server",
+            },
+        ensure => present,
+    }
+    service { sshd:
+        name => $operatingsystem ? {
+            default => "sshd",
+            },
+        ensure => running,
+        enable => true,
+        hasrestart => true,
+        hasstatus => true,
+        require => Package["sshd"],
+        subscribe => File["sshd.conf"],
+    }
+    file {
+             "sshd_config":
+            mode => 600, owner => root, group => root,
+            require => Package[ssh-server],
+            ensure => present,
+            path => $operatingsystem ?{
+                default => "/etc/ssh/sshd_config",
+            },
+    }
+}
+define ssh::config ($value) {
+    # Augeas version.
+    augeas {
+        "sshd_config_$name":
+        context =>  "/files/etc/ssh/sshd_config",
+        changes =>  "set $name $value",
+        onlyif  =>  "get $name != $value",
+        # onlyif  =>  "match $name/*[.='$value'] size == 0",
+    }
+    # Davids' replaceline version (to fix)
+    # replaceline {
+    #    "sshd_config_$name":
+    #    file => "/etc/ssh/sshd_config",
+    #    pattern => "$name",
+    #    replacement => "^$name $value",
+    # }
+}

data/puppet/modules/stow/manifests/init.pp ADDED Viewed

@@ -0,0 +1,5 @@
+class stow {
+  package{ "stow":
+    ensure => installed,
+  }
+}

data/puppet/modules/sudo/files/sudoers ADDED Viewed

@@ -0,0 +1,25 @@
+# /etc/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the man page for details on how to write a sudoers file.
+#
+Defaults	env_reset
+# Host alias specification
+# User alias specification
+# Cmnd alias specification
+# User privilege specification
+root	ALL=(ALL) ALL
+# Uncomment to allow members of group sudo to not need a password
+# (Note that later entries override this, so you might need to move
+# it further down)
+# %sudo ALL=NOPASSWD: ALL
+# Members of the admin group may gain root privileges
+%admin ALL=(ALL) ALL

data/puppet/modules/sudo/manifests/init.pp ADDED Viewed

	@@ -0,0 +1 @@
1	+ import "*"

data/puppet/modules/sudo/manifests/install.pp ADDED Viewed

@@ -0,0 +1,5 @@
+class sudo::install {
+  package{ "sudo":
+    ensure => installed,
+  }
+}

data/puppet/modules/sudo/manifests/sudoers.pp ADDED Viewed

@@ -0,0 +1,14 @@
+class sudo::sudoers {
+  file { "/tmp/sudoers":
+    mode => 440,
+    source => "puppet:///modules/sudo/sudoers",
+    notify => Exec["check-sudoers"],
+  }
+  exec { "check-sudoers":
+    command => "/usr/sbin/visudo -cf /tmp/sudoers && cp /tmp/sudoers /etc/sudoers",
+    refreshonly => true,
+  }
+}

data/puppet/modules/ufw/manifests/init.pp ADDED Viewed

@@ -0,0 +1,12 @@
+class ufw {
+  package{ "ufw":
+    ensure => installed,
+  }
+  exec { "Set default rules":
+    user => "root",
+    path => "/usr/bin:/usr/sbin:/bin",
+    command => "ufw allow to 0.0.0.0/0 port 80 && ufw allow to 0.0.0.0/0 port 443 && ufw allow to 0.0.0.0/0 port 3000 && ufw allow 10000:10020/tcp && ufw allow to 0.0.0.0/0 port 22",
+    require => Package["ufw"],
+  }
+}

data/puppet/modules/users/README ADDED Viewed

@@ -0,0 +1,28 @@
+Puppet module: users
+# Written by Lab42 #
+# http://www.example42.com
+Licence: GPLv3
+DESCRIPTION:
+This module provides users management on the system.
+It manages both local users (you have obviously to add them according to custom needs) and external authentication sources, such as ldap. It provides automount features.
+USER VARIABLES:
+In order to customize the behaviour of the module you can set the following variables:
+$users_auth  (default: "local") - Defines the authentication method to be used. Default uses only local authentication, set to "ldap" to ADD ldap authentication.
+$users_ldap_servers  (default: ["ldapm.example42.com","ldaps.example42.com"]) - Defines the ldap backend server(s) you want to use for ldap authentication
+$users_ldap_basedn (default: "dc=example42,dc=com") - Defines the ldap base dn for ldap authentication
+$users_ldap_ssl (default: "no") - Defines if you want to use SSL for ldap authentication
+$users_automount (default: "no") - Set to "yes" if you want to enable homes automount
+USAGE:
+# Standard Classes
+include users # Manages users via Puppet. Set the above variables to manage ldap authentication.
+              # If $my_project is set, it autoloads users::$my_project where you can define custom local users and custom configurations
+DEPENDENCIES:

data/puppet/modules/users/manifests/adduser.pp ADDED Viewed

@@ -0,0 +1,16 @@
+define adduser ( $uid='', $gid='', $shell='/bin/bash', $home='', $comment='', $password='', $groups='' ) {
+    user {
+        "$name":
+# Temp fix for err: //Node[test.example42.com]/general/hardening::eal4/users::admins/Adduser[admin]/User[admin]/uid: change from 500 to  failed: Could not set uid on user[admin]: Execution of '/usr/sbin/usermod -u  admin' returned 4: usermod: uid 0 is not unique
+# Uncomment and fix when necessary
+#            uid      => $uid,
+#            gid      => $gid,
+            shell    => $shell,
+            comment  => $comment,
+            home     => $home,
+            password => $password,
+            groups   => $groups,
+            ensure   => present,
+       }
+}

data/puppet/modules/users/manifests/admin.pp ADDED Viewed

@@ -0,0 +1,11 @@
+class users::admin {
+# Creates user: admin with wheel privileges
+# Default password = 'example'  CHANGE IT
+    user {
+        "admin":
+        ensure   => present,
+        groups   => 'wheel',
+# Default password = 'example'  CHANGE IT before uncommenting
+#        password => '$1$xd/jf97n$ZAhAz.CIGJ0gUECBohz/..',
+    }
+}

data/puppet/modules/users/manifests/automount.pp ADDED Viewed

@@ -0,0 +1,34 @@
+# Class: users::automount
+#
+# Manages users' home directory automount
+#
+# Usage:
+# Set $users_auth = "ldap" and $users_automount = "yes" and
+# include users
+# NOTE/TODO: This class is made for automounter based on ldap. When and if other auth methods will be supported this class will be refactored.
+#
+# Variables:
+# $users_automount (default: "no") - Set to "yes" if you want to enable homes automount
+#
+class users::automount {
+# Load the variables used in this module. Check the params.pp file
+    include users::params
+    $users_ldap_servers = $users::params::ldap_servers
+    $users_ldap_basedn = $users::params::ldap_basedn
+    $users_ldap_ssl = $users::params::ldap_ssl
+    $users_automount = $users::params::automount
+# Required packages
+    case $operatingsystem {
+        ubuntu,debian: {
+             package { "autofs": ensure => present }
+             package { "autofs-ldap": ensure => present }
+        }
+        redhat,centos: {
+        }
+    }
+}

data/puppet/modules/users/manifests/deluser.pp ADDED Viewed

@@ -0,0 +1,8 @@
+define deluser {
+    user {
+        "$name":
+            ensure   => absent,
+       }
+}

data/puppet/modules/users/manifests/example42.pp ADDED Viewed

@@ -0,0 +1,16 @@
+class users::example42 {
+# Adds a local "example42" user, With password "example42".
+       user {
+        "example42":
+            comment  => "Example 42 default user",
+            password => '$1$xd/jf97n$ZAhAz.CIGJ0gUECBohz/..',
+            ensure   => present,
+       }
+# Uncomment below to remove example42 user
+#       user {
+#        "example42":
+#            ensure   => absent,
+#       }
+}

data/puppet/modules/users/manifests/init.pp ADDED Viewed

@@ -0,0 +1,31 @@
+# Class: users
+#
+# Manages local users and external authentication methods
+#
+# Usage:
+# include users
+#
+# Variables:
+# $users_auth  (default: "local") - Defines the authentication method to be used. Default uses only local authentication, set to "ldap" to ADD ldap authentication.
+# $users_ldap_servers  (default: ["ldapm.example42.com","ldaps.example42.com"]) - Defines the ldap backend server(s) you want to use for ldap authentication
+# $users_ldap_basedn (default: "dc=example42,dc=com") - Defines the ldap base dn for ldap authentication
+# $users_ldap_ssl (default: "no") - Defines if you want to use SSL for ldap authentication
+# $users_automount (default: "no") - Set to "yes" if you want to enable homes automount
+#
+class users {
+# Load the variables used in this module. Check the params.pp file
+    include users::params
+# Include the relevant subclass according to $users_auth settings
+    case $users::params::auth {
+        ldap: { include users::ldap }
+# TODO  ads: { include users::ads }
+# TODO  nis: { include users::nis }
+    }
+# Autoloads users::$my_project if $my_project is defined
+# Place in users::$my_project your customizatios
+    if $my_project { include "users::${my_project}" }
+}

data/puppet/modules/users/manifests/ldap.pp ADDED Viewed

@@ -0,0 +1,114 @@
+# Class: users::ldap
+#
+# Manages ldap authentication
+#
+# Usage:
+# Set $users_auth = "ldap" and
+# include users
+#
+# Variables:
+# $users_ldap_servers  (default: ["ldapm.example42.com","ldaps.example42.com"]) - Defines the ldap backend server(s) you want to use for ldap authentication
+# $users_ldap_basedn (default: "dc=example42,dc=com") - Defines the ldap base dn for ldap authentication
+# $users_ldap_ssl (default: "no") - Defines if you want to use SSL for ldap authentication
+# $users_automount (default: "no") - Set to "yes" if you want to enable homes automount
+#
+class users::ldap {
+# Load the variables used in this module. Check the params.pp file
+    include users::params
+    $users_ldap_servers = $users::params::ldap_servers
+    $users_ldap_basedn = $users::params::ldap_basedn
+    $users_ldap_ssl = $users::params::ldap_ssl
+    $users_ldap_cacert = $users::params::ldap_cacert
+    $users_automount = $users::params::automount
+# PAM's configurations for ldap are managed in the dedicated pam::ldap class
+    include pam::ldap
+# Include autofs::ldap if $users_automount = "yes"
+    if $users::params::automount == "yes" { include "autofs::ldap" }
+# Systems' config files for LDAP
+    file { "nsswitch.conf":
+        path    => "/etc/nsswitch.conf",
+        mode    => "644",
+        owner   => "root",
+        group   => "root",
+        require => [ File["ldap.conf"] ],
+        ensure  => present,
+        content => template("users/ldap/nsswitch.conf.erb"),
+    }
+    file { "ldap.conf":
+        path    => $users::params::configfile_ldap ,
+        mode    => "644",
+        owner   => "root",
+        group   => "root",
+        ensure  => present,
+        content => template("users/ldap/ldap.conf.erb"),
+    }
+# Openldap client config
+    file { "openldap-ldap.conf":
+        path    => $operatingsystem ? {
+            debian => "/etc/ldap/ldap.conf",
+            ubuntu => "/etc/ldap/ldap.conf",
+            redhat => "/etc/openldap/ldap.conf",
+            centos => "/etc/openldap/ldap.conf",
+        },
+        mode    => "644",
+        owner   => "root",
+        group   => "root",
+        ensure  => present,
+        content => template("users/ldap/openldap-ldap.conf.erb"),
+    # TOTO - Breaks on ubuntu804 - Verify
+    #    notify  => $users_automount ? {
+    #        "yes"   => "Service[autofs]",
+    #        default => undef,
+    #    },
+    }
+    case $users_ldap_ssl {
+        yes: {
+            file { "ldap_cacert":
+                path    => "${users::params::ldap_cacert}",
+                mode    => "644",
+                owner   => "root",
+                group   => "root",
+                ensure  => present,
+                source => "${users::params::users_source}/ldap/cacert.pem",
+            }
+        }
+    }
+# Required packages
+    case $operatingsystem {
+        Ubuntu,Debian: {
+             package { "libpam-ldap": ensure => present }
+             package { "libnss-ldap": ensure => present }
+             package { "ldap-utils": ensure => present }
+             case $lsbdistcodename {
+                 lenny: {
+                     # Debian 5, by default, uses a separated file for pam ldap settings
+                     file { "pam_ldap.conf":
+                         path    => "/etc/pam_ldap.conf",
+                         mode    => "644",
+                         owner   => "root",
+                         group   => "root",
+                         ensure  => present,
+                         content => template("users/ldap/ldap.conf.erb"),
+                     }
+                 }
+             }
+        }
+        redhat,centos: {
+             package { "nss_ldap": ensure => present }
+        }
+    }
+}

data/puppet/modules/users/manifests/params.pp ADDED Viewed

@@ -0,0 +1,84 @@
+# Class: users::params
+#
+# Defines users parameters
+# In this class are defined as variables values that are used in other users classes
+# This class should be included, where necessary, and eventually be enhanced with support for more OS
+# You don't have generally to modify this file.
+#
+class users::params  {
+## DEFAULTS FOR VARIABLES USERS CAN SET
+# (Here are set the defaults, provide your custom variables externally)
+# Define the authentication method to be used
+    $auth = $users_auth ? {
+        ''      => "local",
+        default => $users_auth,
+    }
+# Define the ldap server(s) to use (If $users_auth=ldap)
+    $ldap_servers = $users_ldap_servers ? {
+        ''      => [ "ldapm.example42.com" , "ldaps.example42.com" ],
+        default => $users_ldap_servers,
+    }
+# Define the ldap basdn to use (If $users_auth=ldap)
+    $ldap_basedn = $users_ldap_basedn ? {
+        ''      => "dc=example42,dc=com",
+        default => $users_ldap_basedn,
+    }
+# Define if you want to use SSL for ldap authentication (If $users_auth=ldap)
+    $ldap_ssl = $users_ldap_ssl ? {
+        ''      => "no",
+        default => $users_ldap_ssl,
+    }
+# Define if you want to use automount (If $users_auth=ldap)
+    $automount = $users_automount ? {
+        ''      => "no",
+        default => $users_automount,
+    }
+## MODULES INTERNAL VARIABLES
+# (Modify only to adapt to unsupported OSes)
+    $ldap_cacert = $operatingsystem ? {
+        'debian' => "/etc/ldap/cacert.pem",
+        'ubuntu' => "/etc/ldap/cacert.pem",
+        default  => "/etc/openldap/cacert.pem",
+    }
+    $configfile_ldap = $operatingsystem ? {
+            debian => $lsbdistid ? {
+                 debian => "/etc/libnss-ldap.conf",
+                 ubuntu => "/etc/ldap.conf",
+            },
+            ubuntu => "/etc/ldap.conf",
+            redhat => "/etc/ldap.conf",
+            centos => "/etc/ldap.conf",
+    }
+## FILE SERVING SOURCE
+# Sets the correct source for static files
+# In order to provide files from different sources without modifying the module
+# you can override the default source path setting the variable $base_source
+# Ex: $base_source="puppet://ip.of.fileserver" or $base_source="puppet://$servername/myprojectmodule"
+# What follows automatically manages the new source standard (with /modules/) from 0.25
+    case $base_source {
+        '': { $general_base_source="puppet://$servername" }
+        default: { $general_base_source=$base_source }
+    }
+    $users_source = $puppetversion ? {
+        /(^0.25)/ => "$general_base_source/modules/users",
+        /(^0.)/   => "$general_base_source/users",
+        default   => "$general_base_source/modules/users",
+    }
+}

data/puppet/modules/users/templates/ldap/ldap.conf.erb ADDED Viewed

@@ -0,0 +1,13 @@
+# File managed by Puppet
+host <% users_ldap_servers.each do |ldap| %><%= ldap %> <% end %>
+base <%= users_ldap_basedn %>
+pam_password exop
+pam_lookup_policy yes
+<% if users_ldap_ssl == "yes" && operatingsystem != "Ubuntu" -%>
+ssl start_tls
+tls_cacertfile <%= users_ldap_cacert %>
+tls_checkpeer yes
+<% end -%>
+nss_initgroups_ignoreusers Debian-exim,backup,bin,daemon,dhcp,games,gnats,irc,klog,libuuid,list,lp,mail,man,news,ntpd,proxy,root,snmp,sshd,statd,sync,sys,syslog,uucp,www-data

data/puppet/modules/users/templates/ldap/nsswitch.conf.erb ADDED Viewed

@@ -0,0 +1,23 @@
+# /etc/nsswitch.conf
+#
+# File managed by Puppet
+passwd:         files ldap
+group:          files
+shadow:         files ldap
+<% if users_automount == "yes" -%>
+automount:	ldap
+<% else -%>
+automount:	files
+<% end -%>
+hosts:          files dns
+networks:       files
+protocols:      db files
+services:       db files
+ethers:         db files
+rpc:            db files
+# netgroup:       nis

data/puppet/modules/users/templates/ldap/openldap-ldap.conf.erb ADDED Viewed

@@ -0,0 +1,8 @@
+# File Managed by Puppet
+HOST <% users_ldap_servers.each do |ldap| -%><%= ldap -%> <% end %>
+URI ldap://<%= users_ldap_servers.first %>
+BASE <%= users_ldap_basedn %>
+<% if users_ldap_ssl == "yes" -%>
+TLS_CACERT <%= users_ldap_cacert %>
+TLS_REQCERT demand
+<% end -%>

data/puppet/modules/webmin/manifests/init.pp ADDED Viewed

@@ -0,0 +1,31 @@
+class webmin {
+    $base = "webmin_1.480_all.deb"
+    $url = "http://prdownloads.sourceforge.net/webadmin/"
+    $archive = "/root/$base"
+    $installed = "/etc/webmin/version"
+    package { "libnet-ssleay-perl": ensure => installed }
+    package { "libauthen-pam-perl": ensure => installed }
+    package { "libio-pty-perl": ensure => installed }
+    package { "libmd5-perl": ensure => installed }
+    service { webmin:
+        ensure => running,
+        require => Exec["InstallWebmin"],
+        provider => init;
+    }
+    exec { "DownloadWebmin":
+        cwd => "/root",
+        command => "wget $url$base",
+        creates => $archive,
+    }
+    exec { "InstallWebmin":
+        cwd => "/root",
+        command => "dpkg -i $archive",
+        creates => $installed,
+        require => Exec["DownloadWebmin"],
+        notify => Service[webmin],
+    }
+}

data/puppet/roles/blank.pp ADDED Viewed

	@@ -0,0 +1 @@
1	+ # This role intentionally left blank

data/puppet/site.pp ADDED Viewed

@@ -0,0 +1,8 @@
+Exec {
+  path => "/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
+}
+import "classes/*"
+include base, gemrc, postfix, logrotate, ufw, imagemagick
+import "roles/*"