summaryrefslogtreecommitdiff
path: root/global/overlay/etc/puppet
diff options
context:
space:
mode:
authorLeif Johansson <leifj@sunet.se>2013-09-02 16:01:50 +0200
committerLeif Johansson <leifj@sunet.se>2013-09-02 16:01:50 +0200
commit7515782eb503152dfc3e84fee1260fb10d560df9 (patch)
treece0087dc774a156c6a74f11d3af92ef5686b4972 /global/overlay/etc/puppet
import
Diffstat (limited to 'global/overlay/etc/puppet')
-rw-r--r--global/overlay/etc/puppet/cosmos-modules.conf11
-rw-r--r--global/overlay/etc/puppet/cosmos-rules.yaml2
-rwxr-xr-xglobal/overlay/etc/puppet/cosmos_enc.py24
-rw-r--r--global/overlay/etc/puppet/hiera.yaml0
-rw-r--r--global/overlay/etc/puppet/manifests/cosmos-site.pp52
-rw-r--r--global/overlay/etc/puppet/puppet.conf14
6 files changed, 103 insertions, 0 deletions
diff --git a/global/overlay/etc/puppet/cosmos-modules.conf b/global/overlay/etc/puppet/cosmos-modules.conf
new file mode 100644
index 0000000..d8ad043
--- /dev/null
+++ b/global/overlay/etc/puppet/cosmos-modules.conf
@@ -0,0 +1,11 @@
+#
+# name source (puppetlabs fq name or git url) upgrade (yes/no)
+#
+concat puppetlabs/concat no
+stdlib puppetlabs/stdlib no
+ufw attachmentgenie/ufw no
+apt puppetlabs/apt no
+vcsrepo puppetlabs/vcsrepo no
+xinetd puppetlabs/xinetd no
+#golang elithrar/golang yes
+#python git://github.com/stankevich/puppet-python.git yes
diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
new file mode 100644
index 0000000..d9dc495
--- /dev/null
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -0,0 +1,2 @@
+'ns[0-9]?.mnt.se$':
+ nameserver:
diff --git a/global/overlay/etc/puppet/cosmos_enc.py b/global/overlay/etc/puppet/cosmos_enc.py
new file mode 100755
index 0000000..63c3a66
--- /dev/null
+++ b/global/overlay/etc/puppet/cosmos_enc.py
@@ -0,0 +1,24 @@
+#!/usr/bin/env python
+
+import sys
+import yaml
+import os
+import re
+
+rules_path = os.environ.get("COSMOS_RULES_PATH","/etc/puppet")
+
+node_name = sys.argv[1]
+
+rules = dict()
+for p in rules_path.split(":"):
+ rules_file = os.path.join(p,"cosmos-rules.yaml")
+ if os.path.exists(rules_file):
+ with open(rules_file) as fd:
+ rules.update(yaml.load(fd))
+
+classes = dict()
+for reg,cls in rules.iteritems():
+ if re.search(reg,node_name):
+ classes.update(cls)
+
+print yaml.dump(dict(classes=classes))
diff --git a/global/overlay/etc/puppet/hiera.yaml b/global/overlay/etc/puppet/hiera.yaml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/global/overlay/etc/puppet/hiera.yaml
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
new file mode 100644
index 0000000..c276f84
--- /dev/null
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -0,0 +1,52 @@
+# This manifest is managed using cosmos
+
+Exec {
+ path => "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+}
+
+# include some of this stuff for additional features
+
+#include cosmos::tools
+#include cosmos::motd
+#include cosmos::ntp
+#include cosmos::rngtools
+#include cosmos::preseed
+include ufw
+include apt
+include cosmos
+
+# you need a default node
+
+node default {
+
+}
+
+# edit and uncomment to manage ssh root keys in a simple way
+
+#class { 'cosmos::access':
+# keys => [
+# "ssh-rsa ..."
+# ]
+#}
+
+# example config for the nameserver class which is matched in cosmos-rules.yaml
+
+#class nameserver {
+# package {'bind9':
+# ensure => latest
+# }
+# service {'bind9':
+# ensure => running
+# }
+# ufw::allow { "allow-dns-udp":
+# ip => 'any',
+# port => 53,
+# proto => "udp"
+# }
+# ufw::allow { "allow-dns-tcp":
+# ip => 'any',
+# port => 53,
+# proto => "tcp"
+# }
+#}
+
diff --git a/global/overlay/etc/puppet/puppet.conf b/global/overlay/etc/puppet/puppet.conf
new file mode 100644
index 0000000..0ba85f4
--- /dev/null
+++ b/global/overlay/etc/puppet/puppet.conf
@@ -0,0 +1,14 @@
+[main]
+logdir=/var/log/puppet
+vardir=/var/lib/puppet
+ssldir=/var/lib/puppet/ssl
+rundir=/var/run/puppet
+factpath=$vardir/lib/facter
+templatedir=$confdir/templates
+node_terminus = exec
+external_nodes = /etc/puppet/cosmos_enc.py
+
+[master]
+# These are needed when the puppetmaster is run by passenger
+# and can safely be removed if webrick is used.
+ssl_client_header = SSL_CLIENT_S_DN