diff options
| author | Leif Johansson <leifj@sunet.se> | 2013-09-02 16:01:50 +0200 |
|---|---|---|
| committer | Leif Johansson <leifj@sunet.se> | 2013-09-02 16:01:50 +0200 |
| commit | 7515782eb503152dfc3e84fee1260fb10d560df9 (patch) | |
| tree | ce0087dc774a156c6a74f11d3af92ef5686b4972 /global/overlay | |
import
Diffstat (limited to 'global/overlay')
| -rw-r--r-- | global/overlay/etc/cosmos/keys/.placeholder | 0 | ||||
| -rw-r--r-- | global/overlay/etc/cron.d/cosmos | 4 | ||||
| -rw-r--r-- | global/overlay/etc/puppet/cosmos-modules.conf | 11 | ||||
| -rw-r--r-- | global/overlay/etc/puppet/cosmos-rules.yaml | 2 | ||||
| -rwxr-xr-x | global/overlay/etc/puppet/cosmos_enc.py | 24 | ||||
| -rw-r--r-- | global/overlay/etc/puppet/hiera.yaml | 0 | ||||
| -rw-r--r-- | global/overlay/etc/puppet/manifests/cosmos-site.pp | 52 | ||||
| -rw-r--r-- | global/overlay/etc/puppet/puppet.conf | 14 |
8 files changed, 107 insertions, 0 deletions
diff --git a/global/overlay/etc/cosmos/keys/.placeholder b/global/overlay/etc/cosmos/keys/.placeholder new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/global/overlay/etc/cosmos/keys/.placeholder diff --git a/global/overlay/etc/cron.d/cosmos b/global/overlay/etc/cron.d/cosmos new file mode 100644 index 0000000..b157bde --- /dev/null +++ b/global/overlay/etc/cron.d/cosmos @@ -0,0 +1,4 @@ +SHELL=/bin/sh +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin + +*/15 * * * * root test -f /etc/no-automatic-cosmos || (cosmos update && cosmos apply) diff --git a/global/overlay/etc/puppet/cosmos-modules.conf b/global/overlay/etc/puppet/cosmos-modules.conf new file mode 100644 index 0000000..d8ad043 --- /dev/null +++ b/global/overlay/etc/puppet/cosmos-modules.conf @@ -0,0 +1,11 @@ +# +# name source (puppetlabs fq name or git url) upgrade (yes/no) +# +concat puppetlabs/concat no +stdlib puppetlabs/stdlib no +ufw attachmentgenie/ufw no +apt puppetlabs/apt no +vcsrepo puppetlabs/vcsrepo no +xinetd puppetlabs/xinetd no +#golang elithrar/golang yes +#python git://github.com/stankevich/puppet-python.git yes diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml new file mode 100644 index 0000000..d9dc495 --- /dev/null +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -0,0 +1,2 @@ +'ns[0-9]?.mnt.se$': + nameserver: diff --git a/global/overlay/etc/puppet/cosmos_enc.py b/global/overlay/etc/puppet/cosmos_enc.py new file mode 100755 index 0000000..63c3a66 --- /dev/null +++ b/global/overlay/etc/puppet/cosmos_enc.py @@ -0,0 +1,24 @@ +#!/usr/bin/env python + +import sys +import yaml +import os +import re + +rules_path = os.environ.get("COSMOS_RULES_PATH","/etc/puppet") + +node_name = sys.argv[1] + +rules = dict() +for p in rules_path.split(":"): + rules_file = os.path.join(p,"cosmos-rules.yaml") + if os.path.exists(rules_file): + with open(rules_file) as fd: + rules.update(yaml.load(fd)) + +classes = dict() +for reg,cls in rules.iteritems(): + if re.search(reg,node_name): + classes.update(cls) + +print yaml.dump(dict(classes=classes)) diff --git a/global/overlay/etc/puppet/hiera.yaml b/global/overlay/etc/puppet/hiera.yaml new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/global/overlay/etc/puppet/hiera.yaml diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp new file mode 100644 index 0000000..c276f84 --- /dev/null +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -0,0 +1,52 @@ +# This manifest is managed using cosmos + +Exec { + path => "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", +} + +# include some of this stuff for additional features + +#include cosmos::tools +#include cosmos::motd +#include cosmos::ntp +#include cosmos::rngtools +#include cosmos::preseed +include ufw +include apt +include cosmos + +# you need a default node + +node default { + +} + +# edit and uncomment to manage ssh root keys in a simple way + +#class { 'cosmos::access': +# keys => [ +# "ssh-rsa ..." +# ] +#} + +# example config for the nameserver class which is matched in cosmos-rules.yaml + +#class nameserver { +# package {'bind9': +# ensure => latest +# } +# service {'bind9': +# ensure => running +# } +# ufw::allow { "allow-dns-udp": +# ip => 'any', +# port => 53, +# proto => "udp" +# } +# ufw::allow { "allow-dns-tcp": +# ip => 'any', +# port => 53, +# proto => "tcp" +# } +#} + diff --git a/global/overlay/etc/puppet/puppet.conf b/global/overlay/etc/puppet/puppet.conf new file mode 100644 index 0000000..0ba85f4 --- /dev/null +++ b/global/overlay/etc/puppet/puppet.conf @@ -0,0 +1,14 @@ +[main] +logdir=/var/log/puppet +vardir=/var/lib/puppet +ssldir=/var/lib/puppet/ssl +rundir=/var/run/puppet +factpath=$vardir/lib/facter +templatedir=$confdir/templates +node_terminus = exec +external_nodes = /etc/puppet/cosmos_enc.py + +[master] +# These are needed when the puppetmaster is run by passenger +# and can safely be removed if webrick is used. +ssl_client_header = SSL_CLIENT_S_DN |