provizioning 0.1.2 → 0.4.0

data/puppet/classes/syslogng/Ubuntu.cnf

@@ -0,0 +1,347 @@
+#
+# Configuration file for syslog-ng under Debian
+#
+# attempts at reproducing default syslog behavior
+
+# the standard syslog levels are (in descending order of priority):
+# emerg alert crit err warning notice info debug
+# the aliases "error", "panic", and "warn" are deprecated
+# the "none" priority found in the original syslogd configuration is
+# only used in internal messages created by syslogd
+
+
+######
+# options
+
+options {
+        # disable the chained hostname format in logs
+        # (default is enabled)
+        chain_hostnames(0);
+
+        # the time to wait before a died connection is re-established
+        # (default is 60)
+        time_reopen(10);
+
+        # the time to wait before an idle destination file is closed
+        # (default is 60)
+        time_reap(360);
+
+        # the number of lines buffered before written to file
+        # you might want to increase this if your disk isn't catching with
+        # all the log messages you get or if you want less disk activity
+        # (say on a laptop)
+        # (default is 0)
+        #sync(0);
+
+        # the number of lines fitting in the output queue
+        log_fifo_size(2048);
+
+        # enable or disable directory creation for destination files
+        create_dirs(yes);
+
+        # default owner, group, and permissions for log files
+        # (defaults are 0, 0, 0600)
+        #owner(root);
+        group(adm);
+        perm(0640);
+
+        # default owner, group, and permissions for created directories
+        # (defaults are 0, 0, 0700)
+        #dir_owner(root);
+        #dir_group(root);
+        dir_perm(0755);
+
+        # enable or disable DNS usage
+        # syslog-ng blocks on DNS queries, so enabling DNS may lead to
+        # a Denial of Service attack
+        # (default is yes)
+        use_dns(no);
+
+        # maximum length of message in bytes
+        # this is only limited by the program listening on the /dev/log Unix
+        # socket, glibc can handle arbitrary length log messages, but -- for
+        # example -- syslogd accepts only 1024 bytes
+        # (default is 2048)
+        #log_msg_size(2048);
+
+	#Disable statistic log messages.
+	stats_freq(0);
+
+	# Some program send log messages through a private implementation.
+	# and sometimes that implementation is bad. If this happen syslog-ng
+	# may recognise the program name as hostname. Whit this option
+	# we tell the syslog-ng that if a hostname match this regexp than that
+	# is not a real hostname.
+	bad_hostname("^gconfd$");
+};
+
+
+######
+# sources
+
+# all known message sources
+source s_all {
+        # message generated by Syslog-NG
+        internal();
+        # standard Linux log source (this is the default place for the syslog()
+        # function to send logs to)
+        unix-stream("/dev/log");
+        # messages from the kernel
+        file("/proc/kmsg" log_prefix("kernel: "));
+        # use the following line if you want to receive remote UDP logging messages
+        # (this is equivalent to the "-r" syslogd flag)
+        # udp();
+};
+
+
+######
+# destinations
+
+# some standard log files
+destination df_auth { file("/var/log/auth.log"); };
+destination df_syslog { file("/var/log/syslog"); };
+destination df_cron { file("/var/log/cron.log"); };
+destination df_daemon { file("/var/log/daemon.log"); };
+destination df_kern { file("/var/log/kern.log"); };
+destination df_lpr { file("/var/log/lpr.log"); };
+destination df_mail { file("/var/log/mail.log"); };
+destination df_user { file("/var/log/user.log"); };
+destination df_uucp { file("/var/log/uucp.log"); };
+
+# these files are meant for the mail system log files
+# and provide re-usable destinations for {mail,cron,...}.info,
+# {mail,cron,...}.notice, etc.
+destination df_facility_dot_info { file("/var/log/$FACILITY.info"); };
+destination df_facility_dot_notice { file("/var/log/$FACILITY.notice"); };
+destination df_facility_dot_warn { file("/var/log/$FACILITY.warn"); };
+destination df_facility_dot_err { file("/var/log/$FACILITY.err"); };
+destination df_facility_dot_crit { file("/var/log/$FACILITY.crit"); };
+
+# these files are meant for the news system, and are kept separated
+# because they should be owned by "news" instead of "root"
+destination df_news_dot_notice { file("/var/log/news/news.notice" owner("news")); };
+destination df_news_dot_err { file("/var/log/news/news.err" owner("news")); };
+destination df_news_dot_crit { file("/var/log/news/news.crit" owner("news")); };
+
+# some more classical and useful files found in standard syslog configurations
+destination df_debug { file("/var/log/debug"); };
+destination df_messages { file("/var/log/messages"); };
+
+# pipes
+# a console to view log messages under X
+destination dp_xconsole { pipe("/dev/xconsole"); };
+
+# consoles
+# this will send messages to everyone logged in
+destination du_all { usertty("*"); };
+
+
+######
+# filters
+
+# all messages from the auth and authpriv facilities
+filter f_auth { facility(auth, authpriv); };
+
+# all messages except from the auth and authpriv facilities
+filter f_syslog { not facility(auth, authpriv); };
+
+# respectively: messages from the cron, daemon, kern, lpr, mail, news, user,
+# and uucp facilities
+filter f_cron { facility(cron); };
+filter f_daemon { facility(daemon); };
+filter f_kern { facility(kern); };
+filter f_lpr { facility(lpr); };
+filter f_mail { facility(mail); };
+filter f_news { facility(news); };
+filter f_user { facility(user); };
+filter f_uucp { facility(uucp); };
+
+# some filters to select messages of priority greater or equal to info, warn,
+# and err
+# (equivalents of syslogd's *.info, *.warn, and *.err)
+filter f_at_least_info { level(info..emerg); };
+filter f_at_least_notice { level(notice..emerg); };
+filter f_at_least_warn { level(warn..emerg); };
+filter f_at_least_err { level(err..emerg); };
+filter f_at_least_crit { level(crit..emerg); };
+
+# all messages of priority debug not coming from the auth, authpriv, news, and
+# mail facilities
+filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); };
+
+# all messages of info, notice, or warn priority not coming form the auth,
+# authpriv, cron, daemon, mail, and news facilities
+filter f_messages {
+        level(info,notice,warn)
+            and not facility(auth,authpriv,cron,daemon,mail,news);
+};
+
+# messages with priority emerg
+filter f_emerg { level(emerg); };
+
+# complex filter for messages usually sent to the xconsole
+filter f_xconsole {
+    facility(daemon,mail)
+        or level(debug,info,notice,warn)
+        or (facility(news)
+                and level(crit,err,notice));
+};
+
+
+######
+# logs
+# order matters if you use "flags(final);" to mark the end of processing in a
+# "log" statement
+
+# these rules provide the same behavior as the commented original syslogd rules
+
+# auth,authpriv.*                 /var/log/auth.log
+log {
+        source(s_all);
+        filter(f_auth);
+        destination(df_auth);
+};
+
+# *.*;auth,authpriv.none          -/var/log/syslog
+log {
+        source(s_all);
+        filter(f_syslog);
+        destination(df_syslog);
+};
+
+# this is commented out in the default syslog.conf
+# cron.*                         /var/log/cron.log
+#log {
+#        source(s_all);
+#        filter(f_cron);
+#        destination(df_cron);
+#};
+
+# daemon.*                        -/var/log/daemon.log
+log {
+        source(s_all);
+        filter(f_daemon);
+        destination(df_daemon);
+};
+
+# kern.*                          -/var/log/kern.log
+log {
+        source(s_all);
+        filter(f_kern);
+        destination(df_kern);
+};
+
+# lpr.*                           -/var/log/lpr.log
+log {
+        source(s_all);
+        filter(f_lpr);
+        destination(df_lpr);
+};
+
+# mail.*                          -/var/log/mail.log
+log {
+        source(s_all);
+        filter(f_mail);
+        destination(df_mail);
+};
+
+# user.*                          -/var/log/user.log
+log {
+        source(s_all);
+        filter(f_user);
+        destination(df_user);
+};
+
+# uucp.*                          /var/log/uucp.log
+log {
+        source(s_all);
+        filter(f_uucp);
+        destination(df_uucp);
+};
+
+# mail.info                       -/var/log/mail.info
+log {
+        source(s_all);
+        filter(f_mail);
+        filter(f_at_least_info);
+        destination(df_facility_dot_info);
+};
+
+# mail.warn                       -/var/log/mail.warn
+log {
+        source(s_all);
+        filter(f_mail);
+        filter(f_at_least_warn);
+        destination(df_facility_dot_warn);
+};
+
+# mail.err                        /var/log/mail.err
+log {
+        source(s_all);
+        filter(f_mail);
+        filter(f_at_least_err);
+        destination(df_facility_dot_err);
+};
+
+# news.crit                       /var/log/news/news.crit
+log {
+        source(s_all);
+        filter(f_news);
+        filter(f_at_least_crit);
+        destination(df_news_dot_crit);
+};
+
+# news.err                        /var/log/news/news.err
+log {
+        source(s_all);
+        filter(f_news);
+        filter(f_at_least_err);
+        destination(df_news_dot_err);
+};
+
+# news.notice                     /var/log/news/news.notice
+log {
+        source(s_all);
+        filter(f_news);
+        filter(f_at_least_notice);
+        destination(df_news_dot_notice);
+};
+
+
+# *.=debug;\
+#         auth,authpriv.none;\
+#         news.none;mail.none     -/var/log/debug
+log {
+        source(s_all);
+        filter(f_debug);
+        destination(df_debug);
+};
+
+
+# *.=info;*.=notice;*.=warn;\
+#         auth,authpriv.none;\
+#         cron,daemon.none;\
+#         mail,news.none          -/var/log/messages
+log {
+        source(s_all);
+        filter(f_messages);
+        destination(df_messages);
+};
+
+# *.emerg                         *
+log {
+        source(s_all);
+        filter(f_emerg);
+        destination(du_all);
+};
+
+
+# daemon.*;mail.*;\
+#         news.crit;news.err;news.notice;\
+#         *.=debug;*.=info;\
+#         *.=notice;*.=warn       |/dev/xconsole
+log {
+        source(s_all);
+        filter(f_xconsole);
+        destination(dp_xconsole);
+};

data/puppet/classes/syslogng.pp

@@ -0,0 +1,146 @@
+# # common/manifests/defines/concatenated_file.pp -- create a file from snippets
+# # stored in a directory
+# #
+# # Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at>
+# # See LICENSE for the full license granted to you.
+#
+# module_dir { "common/cf": }
+#
+# # TODO:
+# # * create the directory in _part too
+#
+# # This resource collects file snippets from a directory ($dir) and concatenates
+# # them in lexical order of their names into a new file ($name). This can be
+# # used to collect information from disparate sources, when the target file
+# # format doesn't allow includes.
+# #
+# # concatenated_file_part can be used to easily configure content for this.
+# #
+# # If no $dir is specified, the target name with '.d' appended will be used.
+# #
+# # The $dir is purged by puppet and will only contain explicitely configured
+# # files. This can be overridden by defining the directory before the
+# # concatenated_file.
+# #
+# # Depend on File[$name] to change if and only if its contents change. Notify
+# # Exec["concat_${name}"] if you want to force an update.
+# #
+# # Usage:
+# #  concatenated_file { "/etc/some.conf":
+# #    dir => "/etc/some.conf.d",
+# #  }
+define concatenated_file (
+  # where the snippets are located
+  $dir = '',
+  # a file with content to prepend
+  $header = '',
+  # a file with content to append
+  $footer = '',
+  # default permissions for the target file
+  $mode = 0644, $owner = root, $group = 0
+  )
+{
+
+  $dir_real = $dir ? { '' => "${name}.d", default => $dir }
+
+  $tmp_file_name = regsubst($dir_real, '/', '_', 'G')
+  $tmp_file = "${module_dir_path}/${tmp_file_name}"
+
+  if defined(File[$dir_real]) {
+    debug("${dir_real} already defined")
+  } else {
+    file {
+      $dir_real:
+        #source => "puppet:///modules/common/empty",
+        checksum => mtime,
+        ignore => '.ignore',
+        recurse => true, purge => true, force => true,
+        mode => $mode, owner => $owner, group => $group,
+        notify => Exec["concat_${name}"];
+    }
+  }
+
+  file {
+    $tmp_file:
+      ensure => present, checksum => md5,
+      mode => $mode, owner => $owner, group => $group;
+    # decouple the actual file from the generation process by using a
+    # temporary file and puppet's source mechanism. This ensures that events
+    # for notify/subscribe will only be generated when there is an actual
+    # change.
+    $name:
+      ensure => present, checksum => md5,
+      source => $tmp_file,
+      mode => $mode, owner => $owner, group => $group,
+      require => File[$tmp_file];
+  }
+
+  # if there is a header or footer file, add it
+  $additional_cmd = $header ? {
+    '' => $footer ? {
+      '' => '',
+      default => "| cat - '${footer}' "
+    },
+    default => $footer ? {
+      '' => "| cat '${header}' - ",
+      default => "| cat '${header}' - '${footer}' "
+    }
+  }
+
+  # use >| to force clobbering the target file
+  exec { "concat_${name}":
+    command => "/usr/bin/find ${dir_real} -maxdepth 1 -type f ! -name '*puppettmp' -print0 | sort -z | xargs -0 cat ${additional_cmd} >| ${tmp_file}",
+    subscribe => [ File[$dir_real] ],
+    before => File[$tmp_file],
+    alias => [ "concat_${dir_real}"],
+    loglevel => info
+  }
+
+}
+
+# Add a snippet called $name to the concatenated_file at $dir.
+# The file can be referenced as File["cf_part_${name}"]
+define concatenated_file_part (
+  $dir, $content = '', $ensure = present,
+  $mode = 0644, $owner = root, $group = 0
+  )
+{
+
+  file { "${dir}/${name}":
+    ensure => $ensure, content => $content,
+    mode => $mode, owner => $owner, group => $group,
+    alias => "cf_part_${name}",
+    notify => Exec["concat_${dir}"],
+  }
+}
+
+class syslogng {
+  package {"syslog-ng":
+    ensure => present
+  }
+
+  file {"/etc/syslog-ng/puppet-conf.d":
+    ensure => directory
+  }
+  
+  file {"/etc/syslog-ng/puppet-conf.d/00base.cnf":
+    content => template("syslogng/$operatingsystem.cnf")
+  }
+
+  define config($content) {
+    include syslogng
+    
+    file {"/etc/syslog-ng/puppet-conf.d/$name.cnf":
+      content => $content
+    }
+  }
+
+  concatenated_file {"/etc/syslog-ng/syslog-ng.conf":
+    dir => "/etc/syslog-ng/puppet-conf.d"
+  }
+  
+  service {"syslog-ng":
+    ensure => running,
+    subscribe => File["/etc/syslog-ng/syslog-ng.conf"]
+  }
+}

data/puppet/classes/xml.pp

@@ -0,0 +1,23 @@
+class xml {
+  include "xml::$operatingsystem"
+
+  class ubuntu {
+    package { "libxml2-dev":
+      ensure => present
+    }
+
+    package { "libxslt1-dev":
+      ensure => present
+    }
+  }
+
+  class centos {
+    package { "libxml2-devel":
+      ensure => present
+    }
+
+    package { "libxslt-devel":
+      ensure => present
+    }
+  }
+}

data/puppet/classes/yum.pp

@@ -0,0 +1,6 @@
+class yum {
+  exec {"yum update":
+    command => "/usr/bin/yum -y update",
+    refreshonly => true
+  }
+}

data/puppet/classes/zsh.pp

@@ -0,0 +1,5 @@
+class zsh {
+  package {"zsh":
+    ensure => present
+  }
+}

data/puppet/modules/README

@@ -0,0 +1,74 @@
+EXAMPLE42 PUPPET MODULES
+Released under the terms of GPL 3
+
+Official website:
+http://www.example42.com
+
+A collection of modules for Puppet with the following targets:
+- Multi OS support and easy integration of new OS
+- Sysadmin oriented approach (for easier integration and customization)
+- Support for a growing number of applications
+- Adherence to Puppet modules standards
+- No enforcing of a specific logic for files management.
+- Separation of project's custom settings from application general management
+- Plug & Play approach: define variables (defaults are provided) and include the main class
+
+Some research and experimentation is done on:
+- Definition and use of enhanced abstraction classes such as backup, monitor, firewall
+- Definition of a standard and pluggable define for inline modifications
+- Setup of Puppet toasters and baselines
+
+NOTE: The whole project is a work in progress, the modules have been made in different 
+times and have different levels of coherency and integration.
+
+
+MODULES STANDARD STRUCTURE
+Newer modules are based on the standard template defined in the "foo" module.
+Use the script "example42_module_clone.sh" to clone a new module based on the foo template.
+Use the script "example42_project_rename.sh" in a module to change all the references
+to example42 to your custom project
+
+This template provides the following files:
+# Documentation and metadata
+foo/README - The module's general documentation
+foo/Modulefile - Metadata for the Puppet Forge
+# Main classes
+foo/manifests/init.pp - Contains the base module class 
+foo/manifests/params.pp - Contains all the module variables
+# Additional classes
+foo/manifests/absent.pp - foo::absent class that removes foo package
+foo/manifests/disable.pp - foo::disable class that disables foo service (boot and runtime)
+foo/manifests/disableboot.pp - foo::disableboot class that disables foo service at boot
+# Extended classes (experimental)
+foo/manifests/monitor.pp - Extended class to abstract monitoring logic
+foo/manifests/backup.pp - Extended class to abstract backup logic
+foo/manifests/firewall.pp - Extended class to abstract firewalling logic
+# Custom project related classes 
+foo/manifest/example42.pp - Sample project related class for general customizations
+foo/manifest/monitor/example42.pp - Sample project related class for monitor customizations
+foo/manifest/backup/example42.pp - Sample project related class for backup customizations
+# Generic configuration inline define (experimental)
+foo/manifests/conf.pp - Define for inline replacements in foo's main config file
+# Debug 
+foo/manifests/debug.pp - Debug class. Activated if ($debug == yes)
+foo/templates/variables_foo.erb - Debug template with all the modules parameters 
+
+
+# GENERAL VARIABLES
+Example42 modules can be used with whatever nodes infrastructure you may define: you can use
+nodes definitions in Puppet manifests or an external node tool such as the Dashboard or Foreman.
+To use the modules you just have to include them and provide the eventual variables they need
+(defaults are set if none is provided).
+There are some general site-wide variables that can be used to fully use these modules:
+$my_project - Defines the name of your project and cab be used to automatically load custom
+              project related classes
+$debug - If set to "yes" it enables some useful (not resource intensive) stuff for debugging
+         (check in /var/lib/puppet/debug/). 
+$monitor - If set to "yes" you enable autoloading of monitor extended classes.
+           Check Example42 monitor module for more info
+$monitor_tool - An array that defines the monitor tools to use (ie: monit, munin, nagios...)
+$backup - If set to "yes" you enable autoloading of backup extended classes.
+          Check Example42 backup module for more info
+$firewall - If set to "yes" you enable autoloading of firewall extended classes.
+            Check Example42 firewall module for more info
+Please note that currently the monitor, backup and firewall functions are experimental.

data/puppet/modules/cron/README

@@ -0,0 +1,4 @@
+# Lab42 Puppet Infrastructure #
+# PROVIDED 'AS IS'
+
+

data/puppet/modules/cron/manifests/base.pp

@@ -0,0 +1,26 @@
+class cron::base {
+
+    package { cron:
+        name => $operatingsystem ? {
+            ubuntu    => "cron",
+            debian    => "cron",
+            redhat    => "vixie-cron",
+            centos    => "vixie-cron",
+            },
+        ensure => present,
+    }
+
+    service { crond:
+        name => $operatingsystem ? {
+            ubuntu  => "cron",
+            debian  => "cron",
+            redhat  => "crond",
+            centos  => "crond",
+            },
+        ensure => running,
+        enable => true,
+        pattern => cron,
+        require => Package["cron"],
+    }
+
+}

data/puppet/modules/cron/manifests/crontabs.pp

@@ -0,0 +1,11 @@
+class cron::crontabs {
+
+    package { crontabs:
+        name => $operatingsystem ? {
+            redhat  => "crontabs",
+            centos  => "crontabs",
+            },
+        ensure => present,
+    }
+
+}

data/puppet/modules/cron/manifests/init.pp

@@ -0,0 +1,18 @@
+class cron {
+
+    case $operatingsystem {
+        centos: {
+            include cron::base
+            include cron::crontabs
+        }
+        redhat: {
+            include cron::base
+            include cron::crontabs
+        }
+
+        debian: { include cron::base }
+        ubuntu: { include cron::base }
+        freebsd: { }
+    }
+
+}

data/puppet/modules/drupal/Modulefile

@@ -0,0 +1,7 @@
+name    'lab42-drupal'
+version '0.1.5'
+
+# dependency 'lab42/common', '>= 0.1.0'
+# dependency 'lab42/monitor', '>= 0.1.0'
+# dependency 'lab42/backup', '>= 0.1.0'
+# dependency 'lab42/firewall', '>= 0.1.0'