RubyGems - provizioning - Versions diffs - 0.1.2 → 0.4.0 - Mend

provizioning 0.1.2 → 0.4.0

Files changed (223) hide show

data/.gitignore +17 -0
data/Gemfile +4 -0
data/README.md +29 -0
data/Rakefile +2 -0
data/bootstrap/bootstrap.sh +71 -0
data/{lib/templates/sources.list → bootstrap/lucid.sources.list} +2 -1
data/bootstrap/natty.sources.list +14 -0
data/lib/provizioning/puppet.rb +94 -0
data/lib/provizioning/version.rb +3 -0
data/lib/provizioning.rb +1 -3
data/provizioning.gemspec +20 -0
data/puppet/classes/apache/centos.conf +978 -0
data/puppet/classes/apache/ssl.conf +75 -0
data/puppet/classes/apache.pp +152 -0
data/puppet/classes/apt.pp +5 -0
data/puppet/classes/base/ntp/ntpd-sysconfig +13 -0
data/puppet/classes/base.pp +79 -0
data/puppet/classes/freerange.pp +53 -0
data/puppet/classes/gemrc/gemrc +9 -0
data/puppet/classes/gemrc.pp +10 -0
data/puppet/classes/imagemagick.pp +19 -0
data/puppet/classes/iptables/load-iptables +3 -0
data/puppet/classes/iptables/post-iptables +2 -0
data/puppet/classes/iptables/pre-iptables +2 -0
data/puppet/classes/iptables.pp +59 -0
data/puppet/classes/logrotate/logrotate.erb +15 -0
data/puppet/classes/logrotate.pp +37 -0
data/puppet/classes/mongo/mongodb.conf +89 -0
data/puppet/classes/mongo.pp +86 -0
data/puppet/classes/monit/monit.conf +242 -0
data/puppet/classes/monit.pp +39 -0
data/puppet/classes/munin/plugins/passenger_memory_stats +123 -0
data/puppet/classes/munin/plugins/passenger_status +130 -0
data/puppet/classes/munin/plugins/rails_database_time +174 -0
data/puppet/classes/munin/plugins/rails_request_duration +173 -0
data/puppet/classes/munin/plugins/rails_request_error +169 -0
data/puppet/classes/munin/plugins/rails_requests +175 -0
data/puppet/classes/munin/plugins/rails_view_render_time +173 -0
data/puppet/classes/munin/rails-plugin-config +4 -0
data/puppet/classes/munin.pp +60 -0
data/puppet/classes/mysql/password.erb +1 -0
data/puppet/classes/mysql.pp +71 -0
data/puppet/classes/openswan/ipsec.conf +17 -0
data/puppet/classes/openswan/ipsec.secrets +1 -0
data/puppet/classes/openswan/patched_ipsec_initd_script +223 -0
data/puppet/classes/openswan/secret.erb +1 -0
data/puppet/classes/openswan.pp +71 -0
data/puppet/classes/post-flight.pp +17 -0
data/puppet/classes/postfix/main.cf +39 -0
data/puppet/classes/postfix.pp +16 -0
data/puppet/classes/rack/centos/passenger.load.erb +5 -0
data/puppet/classes/rack/ubuntu/passenger.conf.erb +6 -0
data/puppet/classes/rack.pp +66 -0
data/puppet/classes/redis/redis.conf.erb +187 -0
data/puppet/classes/redis.pp +20 -0
data/puppet/classes/sudo/sudoers +6 -0
data/puppet/classes/sudo.pp +24 -0
data/puppet/classes/syslogng/CentOS.cnf +61 -0
data/puppet/classes/syslogng/Ubuntu.cnf +347 -0
data/puppet/classes/syslogng.pp +146 -0
data/puppet/classes/xml.pp +23 -0
data/puppet/classes/yum.pp +6 -0
data/puppet/classes/zsh.pp +5 -0
data/puppet/modules/README +74 -0
data/puppet/modules/cron/README +4 -0
data/puppet/modules/cron/manifests/base.pp +26 -0
data/puppet/modules/cron/manifests/crontabs.pp +11 -0
data/puppet/modules/cron/manifests/init.pp +18 -0
data/puppet/modules/drupal/Modulefile +7 -0
data/puppet/modules/drupal/README +110 -0
data/puppet/modules/drupal/manifests/absent.pp +25 -0
data/puppet/modules/drupal/manifests/backup/absent.pp +23 -0
data/puppet/modules/drupal/manifests/backup.pp +49 -0
data/puppet/modules/drupal/manifests/conf.pp +23 -0
data/puppet/modules/drupal/manifests/debug.pp +26 -0
data/puppet/modules/drupal/manifests/disable.pp +22 -0
data/puppet/modules/drupal/manifests/disableboot.pp +13 -0
data/puppet/modules/drupal/manifests/drush.pp +20 -0
data/puppet/modules/drupal/manifests/example42/backup.pp +8 -0
data/puppet/modules/drupal/manifests/example42/monitor.pp +8 -0
data/puppet/modules/drupal/manifests/example42.pp +25 -0
data/puppet/modules/drupal/manifests/extra.pp +30 -0
data/puppet/modules/drupal/manifests/firewall/absent.pp +19 -0
data/puppet/modules/drupal/manifests/firewall.pp +24 -0
data/puppet/modules/drupal/manifests/init.pp +54 -0
data/puppet/modules/drupal/manifests/install.pp +20 -0
data/puppet/modules/drupal/manifests/module.pp +37 -0
data/puppet/modules/drupal/manifests/monitor/absent.pp +42 -0
data/puppet/modules/drupal/manifests/monitor.pp +77 -0
data/puppet/modules/drupal/manifests/package.pp +20 -0
data/puppet/modules/drupal/manifests/params.pp +277 -0
data/puppet/modules/drupal/manifests/site.pp +63 -0
data/puppet/modules/drupal/manifests/theme.pp +33 -0
data/puppet/modules/drupal/templates/variables_drupal.erb +62 -0
data/puppet/modules/drupal/tests/absent.pp +1 -0
data/puppet/modules/drupal/tests/backup.pp +1 -0
data/puppet/modules/drupal/tests/debug.pp +1 -0
data/puppet/modules/drupal/tests/disable.pp +1 -0
data/puppet/modules/drupal/tests/disableboot.pp +1 -0
data/puppet/modules/drupal/tests/firewall.pp +1 -0
data/puppet/modules/drupal/tests/init.pp +1 -0
data/puppet/modules/drupal/tests/monitor.pp +1 -0
data/puppet/modules/hosts/README +0 -0
data/puppet/modules/hosts/manifests/example42.pp +5 -0
data/puppet/modules/hosts/manifests/init.pp +16 -0
data/puppet/modules/hosts/templates/hosts.erb +11 -0
data/puppet/modules/iptables/README +4 -0
data/puppet/modules/iptables/files/iptables +19 -0
data/puppet/modules/iptables/manifests/disable.pp +15 -0
data/puppet/modules/iptables/manifests/init.pp +9 -0
data/puppet/modules/iptables/manifests/redhat.pp +24 -0
data/puppet/modules/mysql/Modulefile +7 -0
data/puppet/modules/mysql/README +56 -0
data/puppet/modules/mysql/manifests/absent.pp +12 -0
data/puppet/modules/mysql/manifests/backup/example42.pp +8 -0
data/puppet/modules/mysql/manifests/backup.pp +49 -0
data/puppet/modules/mysql/manifests/client.pp +18 -0
data/puppet/modules/mysql/manifests/conf.pp +23 -0
data/puppet/modules/mysql/manifests/debug.pp +25 -0
data/puppet/modules/mysql/manifests/disable.pp +13 -0
data/puppet/modules/mysql/manifests/disableboot.pp +13 -0
data/puppet/modules/mysql/manifests/example42.pp +25 -0
data/puppet/modules/mysql/manifests/firewall.pp +23 -0
data/puppet/modules/mysql/manifests/grant.pp +29 -0
data/puppet/modules/mysql/manifests/init.pp +67 -0
data/puppet/modules/mysql/manifests/monitor/example42.pp +8 -0
data/puppet/modules/mysql/manifests/monitor.pp +77 -0
data/puppet/modules/mysql/manifests/params.pp +240 -0
data/puppet/modules/mysql/manifests/query.pp +30 -0
data/puppet/modules/mysql/templates/grant.erb +6 -0
data/puppet/modules/mysql/templates/query.erb +5 -0
data/puppet/modules/mysql/templates/variables_mysql.erb +42 -0
data/puppet/modules/network/README +4 -0
data/puppet/modules/network/manifests/init.pp +13 -0
data/puppet/modules/nginx/manifests/fcgi.pp +87 -0
data/puppet/modules/nginx/manifests/init.pp +205 -0
data/puppet/modules/nginx/templates/fcgi_site.erb +38 -0
data/puppet/modules/nginx/templates/includes/fastcgi_params.erb +23 -0
data/puppet/modules/nginx/templates/nginx.conf.erb +31 -0
data/puppet/modules/passenger/manifests/init.pp +12 -0
data/puppet/modules/passenger/templates/myapp +39 -0
data/puppet/modules/php/README +26 -0
data/puppet/modules/php/manifests/init.pp +42 -0
data/puppet/modules/php/manifests/module.pp +22 -0
data/puppet/modules/php/manifests/pear/module.pp +21 -0
data/puppet/modules/php/manifests/pear.pp +20 -0
data/puppet/modules/php/manifests/pecl/config.pp +19 -0
data/puppet/modules/php/manifests/pecl/module.pp +44 -0
data/puppet/modules/php/manifests/pecl.pp +8 -0
data/puppet/modules/php/manifests/soap.pp +20 -0
data/puppet/modules/postgres/Copyright +13 -0
data/puppet/modules/postgres/manifests/database.pp +40 -0
data/puppet/modules/postgres/manifests/init.pp +25 -0
data/puppet/modules/postgres/manifests/role.pp +40 -0
data/puppet/modules/ruby/files/install-ruby-stow +43 -0
data/puppet/modules/ruby/manifests/init.pp +18 -0
data/puppet/modules/rvm/files/install-system-rvm +2 -0
data/puppet/modules/rvm/manifests/classes/dependencies.pp +24 -0
data/puppet/modules/rvm/manifests/classes/passenger.pp +166 -0
data/puppet/modules/rvm/manifests/classes/system.pp +33 -0
data/puppet/modules/rvm/manifests/definitions/system_user.pp +13 -0
data/puppet/modules/rvm/manifests/init.pp +2 -0
data/puppet/modules/rvm/templates/passenger-apache.conf.erb +9 -0
data/puppet/modules/ssh/README +4 -0
data/puppet/modules/ssh/manifests/auth.pp +39 -0
data/puppet/modules/ssh/manifests/auth.pp.good +340 -0
data/puppet/modules/ssh/manifests/eal4.pp +69 -0
data/puppet/modules/ssh/manifests/init.pp +74 -0
data/puppet/modules/stow/manifests/init.pp +5 -0
data/puppet/modules/sudo/files/sudoers +25 -0
data/puppet/modules/sudo/manifests/init.pp +1 -0
data/puppet/modules/sudo/manifests/install.pp +5 -0
data/puppet/modules/sudo/manifests/sudoers.pp +14 -0
data/puppet/modules/ufw/manifests/init.pp +12 -0
data/puppet/modules/users/README +28 -0
data/puppet/modules/users/manifests/adduser.pp +16 -0
data/puppet/modules/users/manifests/admin.pp +11 -0
data/puppet/modules/users/manifests/automount.pp +34 -0
data/puppet/modules/users/manifests/deluser.pp +8 -0
data/puppet/modules/users/manifests/example42.pp +16 -0
data/puppet/modules/users/manifests/init.pp +31 -0
data/puppet/modules/users/manifests/ldap.pp +114 -0
data/puppet/modules/users/manifests/params.pp +84 -0
data/puppet/modules/users/templates/ldap/ldap.conf.erb +13 -0
data/puppet/modules/users/templates/ldap/nsswitch.conf.erb +23 -0
data/puppet/modules/users/templates/ldap/openldap-ldap.conf.erb +8 -0
data/puppet/modules/webmin/manifests/init.pp +31 -0
data/puppet/roles/blank.pp +1 -0
data/puppet/site.pp +8 -0
metadata +235 -81
data/README +0 -3
data/bin/provizion +0 -52
data/lib/policies/chef-client.rb +0 -37
data/lib/policies/lamp.rb +0 -42
data/lib/policies/passenger.rb +0 -44
data/lib/recipes/apache.rb +0 -70
data/lib/recipes/apache_conf.rb +0 -3
data/lib/recipes/bundler.rb +0 -4
data/lib/recipes/chef_client.rb +0 -11
data/lib/recipes/curl.rb +0 -8
data/lib/recipes/essential.rb +0 -4
data/lib/recipes/git.rb +0 -15
data/lib/recipes/imagemagick.rb +0 -8
data/lib/recipes/mailserver.rb +0 -9
data/lib/recipes/memcached.rb +0 -16
data/lib/recipes/mysql.rb +0 -21
data/lib/recipes/nginx/init.d +0 -63
data/lib/recipes/nginx.rb +0 -25
data/lib/recipes/passenger.rb +0 -67
data/lib/recipes/php.rb +0 -8
data/lib/recipes/postgresql.rb +0 -21
data/lib/recipes/ruby_enterprise.rb +0 -24
data/lib/recipes/rvm.rb +0 -25
data/lib/recipes/sources.rb +0 -5
data/lib/recipes/subversion.rb +0 -8
data/lib/recipes/syslog.rb +0 -7
data/lib/recipes/ufw.rb +0 -12
data/lib/recipes/vim.rb +0 -8
data/lib/recipes/webmin.rb +0 -17
data/lib/templates/apache.conf.erb +0 -12
data/lib/templates/my.cnf +0 -132
data/lib/templates/passenger.conf +0 -11
data/lib/templates/passenger.load +0 -1

data/puppet/classes/apache/ssl.conf ADDED Viewed

@@ -0,0 +1,75 @@
+#
+# This is the Apache server configuration file providing SSL support.
+# It contains the configuration directives to instruct the server how to
+# serve pages over an https connection. For detailing information about these
+# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html>
+#
+# Do NOT simply read the instructions in here without understanding
+# what they do.  They're here only as hints or reminders.  If you are unsure
+# consult the online docs. You have been warned.
+#
+LoadModule ssl_module modules/mod_ssl.so
+#
+# When we also provide SSL we have to listen to the
+# the HTTPS port in addition.
+#
+Listen 443
+##
+##  SSL Global Context
+##
+##  All SSL configuration in this context applies both to
+##  the main server and all SSL-enabled virtual hosts.
+##
+#
+#   Some MIME-types for downloading Certificates and CRLs
+#
+AddType application/x-x509-ca-cert .crt
+AddType application/x-pkcs7-crl    .crl
+#   Pass Phrase Dialog:
+#   Configure the pass phrase gathering process.
+#   The filtering dialog program (`builtin' is a internal
+#   terminal dialog) has to provide the pass phrase on stdout.
+SSLPassPhraseDialog  builtin
+#   Inter-Process Session Cache:
+#   Configure the SSL Session Cache: First the mechanism
+#   to use and second the expiring timeout (in seconds).
+#SSLSessionCache        dc:UNIX:/var/cache/mod_ssl/distcache
+SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
+SSLSessionCacheTimeout  300
+#   Semaphore:
+#   Configure the path to the mutual exclusion semaphore the
+#   SSL engine uses internally for inter-process synchronization.
+SSLMutex default
+#   Pseudo Random Number Generator (PRNG):
+#   Configure one or more sources to seed the PRNG of the
+#   SSL library. The seed data should be of good random quality.
+#   WARNING! On some platforms /dev/random blocks if not enough entropy
+#   is available. This means you then cannot use the /dev/random device
+#   because it would lead to very long connection times (as long as
+#   it requires to make more entropy available). But usually those
+#   platforms additionally provide a /dev/urandom device which doesn't
+#   block. So, if available, use this one instead. Read the mod_ssl User
+#   Manual for more details.
+SSLRandomSeed startup file:/dev/urandom  256
+SSLRandomSeed connect builtin
+#SSLRandomSeed startup file:/dev/random  512
+#SSLRandomSeed connect file:/dev/random  512
+#SSLRandomSeed connect file:/dev/urandom 512
+#
+# Use "SSLCryptoDevice" to enable any supported hardware
+# accelerators. Use "openssl engine -v" to list supported
+# engine names.  NOTE: If you enable an accelerator and the
+# server does not start, consult the error logs and ensure
+# your accelerator is functioning properly.
+#
+SSLCryptoDevice builtin
+#SSLCryptoDevice ubsec

data/puppet/classes/apache.pp ADDED Viewed

@@ -0,0 +1,152 @@
+class apache {
+  include "apache::$operatingsystem"
+  $package_name = $operatingsystem ? {
+    centos => httpd,
+    default => apache2
+  }
+  $development_package_name = $operatingsystem ? {
+    centos => httpd-devel,
+    default => apache2-threaded-dev
+  }
+  $apache_user = $operatingsystem ? {
+    centos => "apache",
+    default => "www-data"
+  }
+  user { $apache_user:
+    groups => application,
+    require => [Package[httpd], Class["base::application"]],
+    notify => Service[httpd]
+  }
+  define host($content, $ensure = enabled) {
+    include apache
+    file { $name:
+      path => "/etc/$apache::package_name/sites-available/$name",
+      owner => root,
+      group => root,
+      mode => 644,
+      content => $content,
+      require => Package[httpd],
+      notify => Service[httpd]
+    }
+    case $ensure {
+      default : { err ( "unknown ensure value '${ensure}', should be either enabled or disabled" ) }
+      enabled: {
+        file { "/etc/$apache::package_name/sites-enabled/$name":
+          require => File[$name],
+          ensure => "/etc/$apache::package_name/sites-available/$name",
+          notify => Service[httpd]
+        }
+      }
+      disabled: {
+        file { "/etc/$apache::package_name/sites-enabled/$name":
+          require => File[$name],
+          ensure => absent,
+          notify => Service[httpd]
+        }
+      }
+    }
+  }
+  package { $package_name :
+    ensure => present,
+    alias => httpd
+  }
+  package { $development_package_name:
+    ensure => present,
+    alias => httpd-devel,
+    require => Package[$package_name]
+  }
+  service { $package_name:
+    ensure => running,
+    alias => httpd,
+    require => [Package[$package_name]]
+  }
+  class base {
+    # common stuff
+  }
+  class ubuntu inherits apache::base {
+    define module($ensure = 'present') {
+      case $ensure {
+        present,installed : {
+          exec { "/usr/sbin/a2enmod $name":
+            creates => "/etc/apache2/mods-enabled/${name}.load",
+            require => Package[apache2],
+            notify  => Service[apache2]
+          }
+        }
+        absent,purged: {
+          exec { "/usr/sbin/a2dismod $name":
+            onlyif => "/usr/bin/test -L /etc/apache2/mods-enabled/${name}.load",
+            require => Package[apache2],
+            notify  => Service[apache2]
+          }
+        }
+        default: { err ( "apache::ubuntu::module Unknown ensure value: '$ensure'" ) }
+      }
+    }
+    module { "rewrite": ensure => present }
+    module { "ssl":     ensure => present }
+    module { "expires": ensure => present }
+    module { "deflate": ensure => present }
+    module { "headers": ensure => present }
+  }
+  class centos inherits apache::base {
+    package { "mod_ssl":
+      ensure => present
+    }
+    file { "/etc/httpd/conf.d/ssl.conf":
+      content => template("apache/ssl.conf"),
+      ensure => present,
+      require => Package["mod_ssl"],
+      owner => root,
+      group => root
+    }
+    service { "httpd":
+      ensure => running,
+      require => [Package[httpd], File["/etc/httpd/sites-enabled"]],
+      subscribe => [File["/etc/httpd/conf/httpd.conf"], File["/etc/httpd/conf.d/ssl.conf"]],
+    }
+    file { "/etc/httpd/conf/httpd.conf":
+      content => template("apache/centos.conf"),
+      owner => root,
+      group => root,
+      require => Package[httpd]
+    }
+    file { "/etc/httpd/sites-available":
+      ensure => directory,
+      owner => root,
+      group => root,
+      require => Package[httpd]
+    }
+    file { "/etc/httpd/sites-enabled":
+      ensure => directory,
+      owner => root,
+      group => root,
+      require => Package[httpd]
+    }
+  }
+}

data/puppet/classes/apt.pp ADDED Viewed

@@ -0,0 +1,5 @@
+class apt {
+  exec {"apt-get update":
+    command => "/usr/bin/apt-get -y update"
+  }
+}

data/puppet/classes/base/ntp/ntpd-sysconfig ADDED Viewed

@@ -0,0 +1,13 @@
+# Have had to remove dropping to ntp user, as Kernel supplied by O2 doesn't support it.
+# See: http://www.linuxquestions.org/questions/linux-software-2/ntp-error-failed-to-drop-root-privileges-812256/
+# # Drop root to id 'ntp:ntp' by default.
+# OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid"
+OPTIONS="-p /var/run/ntpd.pid"
+# Set to 'yes' to sync hw clock after successful ntpdate
+SYNC_HWCLOCK=no
+# Additional options for ntpdate
+NTPDATE_OPTIONS=""

data/puppet/classes/base.pp ADDED Viewed

@@ -0,0 +1,79 @@
+stage { "pre-flight": before => Stage[main] }
+class { "base": stage => "pre-flight" }
+class base {
+  include base::time
+  include base::application
+  $packagelist = ['git-core', 'vim', 'screen']
+  package { $packagelist:
+    ensure => installed
+  }
+  host { "$hostname.lan" :
+    ensure => present,
+    host_aliases => $hostname,
+    ip => "127.0.0.1"
+  }
+  host { "localhost" :
+    ensure => present,
+    ip => "127.0.0.1"
+  }
+  package {"tcpdump":
+    ensure => present
+  }
+  class time {
+    file { "/etc/localtime":
+      source => "/usr/share/zoneinfo/Europe/London"
+    }
+    package { "ntp":
+      ensure => present
+    }
+    service { "ntp":
+      ensure => running,
+      require => Package["ntp"]
+    }
+    case  $operatingsystem {
+      "CentOS":  {
+        file {"/etc/sysconfig/ntpd":
+          content => template("base/ntp/ntpd-sysconfig")
+        }
+      }
+      "Debian": {
+        # todo
+      }
+    }
+  }
+  class application {
+    user { "application":
+      shell => "/bin/false"
+    }
+    file { "/var/apps":
+      ensure => directory,
+      owner => root,
+      group => application,
+      require => [User[application]],
+      mode => 771
+    }
+  }
+  define set_hostname($hostname) {
+    exec { "hostname":
+      command => "hostname ${hostname}",
+      unless => "test `hostname` = '$hostname'"
+    }
+    file { "/etc/hostname":
+      content => $hostname
+    }
+  }
+}

data/puppet/classes/freerange.pp ADDED Viewed

@@ -0,0 +1,53 @@
+class freerange {
+  include zsh
+  user_without_ssh_key {"freerange":
+    user => "freerange"
+  }
+  define user($user, $key, $key_type="ssh-rsa", $shell="/bin/bash") {
+    user_without_ssh_key { $name:
+      user => $user,
+      shell => $shell
+    }
+    append_ssh_key_to_user { $name:
+      user => $user,
+      key => $key,
+      key_type => $key_type
+    }
+    append_ssh_key_to_user { "freerange-$name":
+      user => "freerange",
+      key => $key,
+      key_type => $key_type,
+      require => User["freerange"]
+    }
+  }
+  define user_without_ssh_key($user, $shell="/bin/bash") {
+    include base::application
+    user {$user:
+      gid => "application",
+      require => User[application],
+      shell => $shell
+    }
+    file { "/home/$user":
+      ensure => directory,
+      owner => $user,
+      group => application,
+      require => User[$user]
+    }
+  }
+  define append_ssh_key_to_user($user, $key, $key_type="ssh-rsa") {
+    ssh_authorized_key { $name:
+      ensure => present,
+      user => $user,
+      key => $key,
+      name => $name,
+      type => $key_type,
+      require => File["/home/$user"]
+    }
+  }
+}

data/puppet/classes/gemrc/gemrc ADDED Viewed

@@ -0,0 +1,9 @@
+---
+:bulk_threshold: 1000
+:verbose: true
+:benchmark: false
+:update_sources: true
+:backtrace: false
+:sources:
+- http://gemcutter.org/
+gem: --no-ri --no-rdoc

data/puppet/classes/gemrc.pp ADDED Viewed

@@ -0,0 +1,10 @@
+# Ruby should already be installed, so this class just adds to the ruby environment]
+# by adding bundler, etc.
+class gemrc {
+  file { "/root/.gemrc":
+    content => template("gemrc/gemrc"),
+    owner => root,
+    group => root
+  }
+}

data/puppet/classes/imagemagick.pp ADDED Viewed

@@ -0,0 +1,19 @@
+#
+# Class: imagemagick
+#
+# Include it to install and imagemagick
+# It defines package.
+#
+# Usage:
+# include imagemagick
+#
+class imagemagick {
+  package{ "imagemagick":
+    ensure => installed,
+  }
+  package{ "libmagickwand-dev":
+    ensure => installed,
+  }
+}

data/puppet/classes/iptables/load-iptables ADDED Viewed

@@ -0,0 +1,3 @@
+#!/bin/sh
+iptables-restore < /etc/iptables.rules
+exit 0

data/puppet/classes/iptables/post-iptables ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
2	+ -A INPUT -j DROP

data/puppet/classes/iptables/pre-iptables ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ -A INPUT -i lo -j ACCEPT
2	+ -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

data/puppet/classes/iptables.pp ADDED Viewed

@@ -0,0 +1,59 @@
+import "iptables"
+class config_iptables {
+  iptables { "http":
+    proto => "tcp",
+    dport => "80",
+    jump => "ACCEPT",
+    require => [File["/etc/puppet/iptables/pre.iptables"], File["/etc/puppet/iptables/post.iptables"]],
+    notify => Exec["save iptables rules"]
+  }
+  iptables { "https":
+    proto => "tcp",
+    dport => "443",
+    jump => "ACCEPT",
+    require => [File["/etc/puppet/iptables/pre.iptables"], File["/etc/puppet/iptables/post.iptables"]],
+    notify => Exec["save iptables rules"]
+  }
+  iptables { "ssh":
+    proto => "tcp",
+    dport => "22",
+    jump => "ACCEPT",
+    require => [File["/etc/puppet/iptables/pre.iptables"], File["/etc/puppet/iptables/post.iptables"]],
+    notify => Exec["save iptables rules"]
+  }
+  exec { "save iptables rules":
+    command => "iptables-save > /etc/iptables.rules",
+    refreshonly => true,
+    require => File["/etc/network/if-pre-up.d/load-iptables"]
+  }
+  file { "/etc/network/if-pre-up.d/load-iptables":
+    content => template("iptables/load-iptables"),
+    owner => root,
+    group => root,
+    mode => 700
+  }
+  file { "/etc/puppet/iptables/pre.iptables":
+    content => template("iptables/pre-iptables"),
+    owner => root,
+    group => root,
+    require => File["/etc/puppet/iptables"]
+  }
+  file { "/etc/puppet/iptables/post.iptables":
+    content => template("iptables/post-iptables"),
+    owner => root,
+    group => root,
+    require => File["/etc/puppet/iptables"]
+  }
+  file { "/etc/puppet/iptables":
+    ensure => directory
+  }
+}

data/puppet/classes/logrotate/logrotate.erb ADDED Viewed

@@ -0,0 +1,15 @@
+<%= log %> {
+<% options.each do |opt| -%>
+	<%= opt %>
+<% end -%>
+<% if prerotate != "NONE" -%>
+	prerotate
+		<%= prerotate %>
+	endscript
+<% end -%>
+<% if postrotate != "NONE" -%>
+	postrotate
+		<%= postrotate %>
+	endscript
+<% end -%>
+}

data/puppet/classes/logrotate.pp ADDED Viewed

@@ -0,0 +1,37 @@
+class logrotate {
+  package { "logrotate":
+    ensure => installed
+  }
+  file { "/etc/logrotate.d":
+    ensure  => directory,
+    owner   => root,
+    group   => root,
+    mode    => 755,
+    require => Package["logrotate"]
+  }
+  define rotate_file($source = false, $log = false, $options = false, $prerotate="NONE", $postrotate="NONE") {
+    # $options should be an array containing 1 or more logrotate directives (e.g. missingok, compress)
+    include logrotate
+    if $source {
+      file { "/etc/logrotate.d/${name}":
+        owner   => root,
+        group   => root,
+        mode    => 644,
+        source  => $source,
+        require => File["/etc/logrotate.d"]
+      }
+    } else {
+      file { "/etc/logrotate.d/${name}":
+        owner   => root,
+        group   => root,
+        mode    => 644,
+        content => template("logrotate/logrotate.erb"),
+        require => File["/etc/logrotate.d"]
+      }
+    }
+  }
+}

data/puppet/classes/mongo/mongodb.conf ADDED Viewed

@@ -0,0 +1,89 @@
+# mongodb.conf
+# Where to store the data.
+# Note: if you run mongodb as a non-root user (recommended) you may
+# need to create and set permissions for this directory manually,
+# e.g., if the parent directory isn't mutable by the mongodb user.
+dbpath=/var/lib/mongodb
+#where to log
+logpath=/var/log/mongodb/mongodb.log
+logappend=true
+#port = 27017
+# enable Journaling
+journal = true
+# Enables periodic logging of CPU utilization and I/O wait
+#cpu = true
+# Turn on/off security.  Off is currently the default
+#noauth = true
+#auth = true
+# Verbose logging output.
+#verbose = true
+# Inspect all client data for validity on receipt (useful for
+# developing drivers)
+#objcheck = true
+# Enable db quota management
+#quota = true
+# Set oplogging level where n is
+#   0=off (default)
+#   1=W
+#   2=R
+#   3=both
+#   7=W+some reads
+#diaglog = 0
+# Diagnostic/debugging option
+#nocursors = true
+# Ignore query hints
+#nohints = true
+# Disable the HTTP interface (Defaults to localhost:27018).
+#nohttpinterface = true
+# Turns off server-side scripting.  This will result in greatly limited
+# functionality
+#noscripting = true
+# Turns off table scans.  Any query that would do a table scan fails.
+#notablescan = true
+# Disable data file preallocation.
+#noprealloc = true
+# Specify .ns file size for new databases.
+# nssize = <size>
+# Accout token for Mongo monitoring server.
+#mms-token = <token>
+# Server name for Mongo monitoring server.
+#mms-name = <server-name>
+# Ping interval for Mongo monitoring server.
+#mms-interval = <seconds>
+# Replication Options
+# in master/slave replicated mongo databases, specify here whether
+# this is a slave or master
+#slave = true
+#source = master.example.com
+# Slave only: specify a single database to replicate
+#only = master.example.com
+# or
+#master = true
+#source = slave.example.com
+# in replica set configuration, specify the name of the replica set
+# replSet = setname