+++ /dev/null
-Facter.add(:architecture) do
- confine :kernel => 'GNU/kFreeBSD'
- setcode do
- model = Facter.value(:hardwaremodel)
- case model
- when 'x86_64': "amd64"
- when /(i[3456]86|pentium)/: "i386"
- else
- model
- end
- end
-end
-
-Facter.add(:debarchitecture) do
- setcode do
- %x{/usr/bin/dpkg --print-architecture}.chomp
- end
-end
-
+++ /dev/null
-Facter.add("brokenhosts") do
- brokenhosts = "true"
- if FileTest.exist?("/etc/hosts")
- IO.foreach("/etc/hosts") do |x|
- x.split.each do |y|
- if y == Facter.value("fqdn")
- brokenhosts = "false"
- break
- end
- end
- end
- end
- setcode do
- brokenhosts == "true"
- end
-end
-
-
+++ /dev/null
-Facter.add("v4ips") do
- confine :kernel => :linux
- addrs = []
- if FileTest.exist?("/bin/ip")
- %x{ip addr list}.each do |line|
- next unless line =~ /\s+inet/
- next if line =~ /scope (link|host)/
- if line =~ /\s+inet\s+(\S+)\/\d{1,2} .*/
- addrs << $1
- end
- end
- end
- ret = addrs.join(",")
- if ret.empty?
- ret = 'no'
- end
- setcode do
- ret
- end
-end
-
-Facter.add("v4ips") do
- confine :kernel => 'GNU/kFreeBSD'
- setcode do
- addrs = []
- output = %x{/sbin/ifconfig}
-
- output.split(/^\S/).each { |str|
- if str =~ /inet ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/
- tmp = $1
- unless tmp =~ /127\./
- addrs << tmp
- break
- end
- end
- }
-
- ret = addrs.join(",")
- if ret.empty?
- ret = 'no'
- end
- ret
- end
-end
-
-Facter.add("v6ips") do
- confine :kernel => :linux
- addrs = []
- if FileTest.exist?("/bin/ip")
- %x{ip addr list}.each do |line|
- next unless line =~ /\s+inet/
- next if line =~ /scope (link|host)/
- if line =~ /\s+inet6\s+(\S+)\/\d{1,3} .*/
- addrs << $1
- end
- end
- end
- ret = addrs.join(",")
- if ret.empty?
- ret = 'no'
- end
- setcode do
- ret
- end
-end
-
+++ /dev/null
-begin
- require 'filesystem'
-
- Facter.add("mounts") do
- ignorefs = ["NFS", "nfs", "nfs4", "nfsd", "afs", "binfmt_misc", "proc", "smbfs",
- "autofs", "iso9660", "ncpfs", "coda", "devpts", "ftpfs", "devfs",
- "mfs", "shfs", "sysfs", "cifs", "lustre_lite", "tmpfs", "usbfs", "udf",
- "fusectl", "fuse.snapshotfs", "rpc_pipefs"]
- mountpoints = []
- FileSystem.mounts.each do |m|
- if ((not ignorefs.include?(m.fstype)) && (m.options !~ /bind/))
- mountpoints << m.mount
- end
- end
- setcode do
- mountpoints.join(',')
- end
- end
-
-rescue Exception => e
-end
+++ /dev/null
-Facter.add("mta") do
- setcode do
- mta = "exim4"
- if FileTest.exist?("/usr/sbin/postfix")
- mta = "postfix"
- end
- mta
- end
-end
-
-Facter.add("exim_ssl_certs") do
- setcode do
- FileTest.exist?("/etc/exim4/ssl/") &&
- FileTest.exist?("/etc/exim4/ssl/ca.crl") &&
- FileTest.exist?("/etc/exim4/ssl/thishost.crt") &&
- FileTest.exist?("/etc/exim4/ssl/ca.crt") &&
- FileTest.exist?("/etc/exim4/ssl/thishost.key")
- end
-end
+++ /dev/null
-begin
- require 'etc'
-
- Facter.add("portforwarder_key") do
- setcode do
- key = nil
- keyfile = '/home/portforwarder/.ssh/id_rsa.pub'
- if FileTest.exist?(keyfile)
- key = File.open(keyfile).read.chomp
- end
- key
- end
- end
-
- Facter.add("portforwarder_user_exists") do
- setcode do
- result = false
- begin
- if Etc.getpwnam('portforwarder')
- result = true
- end
- rescue ArgumentError
- end
- result
- end
- end
-
-rescue Exception => e
-end
-# vim:set et:
-# vim:set ts=4:
-# vim:set shiftwidth=4:
+++ /dev/null
-Facter.add("smartarraycontroller") do
- confine :kernel => :linux
- setcode do
- FileTest.exist?("/dev/cciss/")
- end
-end
-
-Facter.add("ThreeWarecontroller") do
- confine :kernel => :linux
- setcode do
- is3w = "false"
- if FileTest.exist?("/proc/scsi/scsi")
- IO.foreach("/proc/scsi/scsi") { |x|
- is3w = "true" if x =~ /Vendor: 3ware/
- }
- end
- is3w == "true"
- end
-end
-
-Facter.add("megaraid") do
- confine :kernel => :linux
- setcode do
- FileTest.exist?("/dev/megadev0")
- end
-end
-
-Facter.add("mptraid") do
- setcode do
- FileTest.exist?("/dev/mptctl") or FileTest.exist?("/dev/mpt0") or FileTest.exist?("/proc/mpt/summary")
- end
-end
-
-Facter.add("aacraid") do
- confine :kernel => :linux
- setcode do
- FileTest.exist?("/dev/aac0")
- end
-end
-
-Facter.add("swraid") do
- confine :kernel => :linux
- setcode do
- swraid = "false"
- if FileTest.exist?("/proc/mdstat") && FileTest.exist?("/sbin/mdadm")
- IO.foreach("/proc/mdstat") { |x|
- swraid = "true" if x =~ /md[0-9]+ : active/
- }
- end
- swraid == "true"
- end
-end
-
+++ /dev/null
-Facter.add("kvmdomain") do
- setcode do
- if File.new('/proc/cpuinfo').read().index('QEMU Virtual CPU')
- result = true
- else
- result = false
- end
- end
-end
+++ /dev/null
-["bugs","qa"].each do |service|
- Facter.add(service + "_host") do
- confine :kernel => :linux
- service_name = "#{service}." + Facter.domain
- active = false
-
- setcode do
- if FileTest.exist?("/usr/bin/dig")
- %x{/usr/bin/dig +short -t a #{service_name}}.chomp.each do |service_ip|
- Facter.interfaces.split(',').each do |my_interface|
- my_ip = Facter.value("ipaddress_" + my_interface)
- if my_ip == service_ip
- active = "true"
- end
- end
- end
- end
- active
- end
- end
-end
+++ /dev/null
-Facter.add("apache2") do
- setcode do
- FileTest.exist?("/usr/sbin/apache2")
- end
-end
-Facter.add("clamd") do
- setcode do
- FileTest.exist?("/usr/sbin/clamd")
- end
-end
-Facter.add("exim4") do
- setcode do
- FileTest.exist?("/usr/sbin/exim4")
- end
-end
-Facter.add("postfix") do
- setcode do
- FileTest.exist?("/usr/sbin/postfix")
- end
-end
-Facter.add("postgres81") do
- setcode do
- FileTest.exist?("/usr/lib/postgresql/8.1/bin/postgres")
- end
-end
-Facter.add("postgres83") do
- setcode do
- FileTest.exist?("/usr/lib/postgresql/8.3/bin/postgres")
- end
-end
-Facter.add("postgrey") do
- setcode do
- FileTest.exist?("/usr/sbin/postgrey")
- end
-end
-Facter.add("greylistd") do
- setcode do
- FileTest.exist?("/usr/sbin/greylistd")
- end
-end
-Facter.add("policydweight") do
- setcode do
- FileTest.exist?("/usr/sbin/policyd-weight")
- end
-end
-Facter.add("vsftpd") do
- setcode do
- FileTest.exist?("/usr/sbin/vsftpd")
- end
-end
-Facter.add("spamd") do
- setcode do
- FileTest.exist?("/usr/sbin/spamd")
- end
-end
-Facter.add("php5") do
- setcode do
- FileTest.exist?("/usr/lib/apache2/modules/libphp5.so") or
- FileTest.exist?("/usr/bin/php5") or
- FileTest.exist?("/usr/bin/php5-cgi") or
- FileTest.exist?("/usr/lib/cgi-bin/php5")
- end
-end
-Facter.add("php5suhosin") do
- setcode do
- FileTest.exist?("/usr/lib/php5/20060613/suhosin.so") or
- FileTest.exist?("/usr/lib/php5/20060613+lfs/suhosin.so")
- end
-end
-Facter.add("syslogversion") do
- setcode do
- %x{dpkg-query -W -f='${Version}\n' syslog-ng | cut -b1}.chomp
- end
-end
-Facter.add("rsyncd") do
- setcode do
- FileTest.exist?("/etc/rsyncd.conf")
- end
-end
+++ /dev/null
-module Puppet::Parser::Functions
- newfunction(:allnodeinfo, :type => :rvalue) do |attributes|
- attributes.unshift('*')
- return (function_ldapinfo(attributes))
- end
-end
+++ /dev/null
-module Puppet::Parser::Functions
- newfunction(:extractnodeinfo, :type => :rvalue) do |args|
-
- nodeinfo = args.shift
-
- ni = nodeinfo
- keys_done = []
-
- args.each do |key|
- raise Puppet::ParseError, "nodeinfo is not a hash at #{keys_done.join('->')}" unless ni.kind_of?(Hash)
- unless ni.has_key?(key)
- ni = false
- break
- end
- ni = ni[key]
- keys_done << key
- end
- return ni
- end
-end
-# vim:set et:
-# vim:set sts=2 ts=2:
-# vim:set shiftwidth=2:
+++ /dev/null
-module Puppet::Parser::Functions
- newfunction(:ldapinfo, :type => :rvalue) do |attributes|
-
- host = attributes.shift
-
- unless attributes.include?("*") or attributes.include?('hostname')
- attributes << 'hostname'
- end
-
- require 'ldap'
- ldap = LDAP::SSLConn.new('db.debian.org', 636)
-
- results = {}
- filter = '(hostname=' + host + ')'
- begin
- ldap.search2('ou=hosts,dc=debian,dc=org', LDAP::LDAP_SCOPE_SUBTREE, filter, attrs=attributes, false, 0, 0, s_attr="hostname").each do |x|
- # If a returned value doesn't have all the attributes we're searching for, skip
- # We'll skip if the array is empty, but we also seem to get back a nil object for empty attributes sometimes
- unless attributes.include?("*")
- next if attributes.any?{ |a| not x[a] or x[a].empty? }
- end
- results[x['hostname'][0]] = x
- end
- rescue LDAP::ResultError
- raise Puppet::ParseError, "LDAP error"
- rescue RuntimeError
- raise Puppet::ParseError, "No data returned from search"
- ensure
- ldap.unbind
- end
- if host == '*'
- return(results)
- else
- return(results[host])
- end
- end
-end
+++ /dev/null
-module Puppet::Parser::Functions
- newfunction(:nodeinfo, :type => :rvalue) do |args|
-
- host = args[0]
- yamlfile = args[1]
-
- require '/etc/puppet/lib/puppet/parser/functions/ldapinfo.rb'
-
- results = function_yamlinfo(host, yamlfile)
- results['ldap'] = function_ldapinfo(host, '*')
-
- results['misc'] = {}
- fqdn = lookupvar('fqdn')
- if fqdn and fqdn == host
- v4ips = lookupvar('v4ips')
- if v4ips
- # find out if we are behind nat
- v4addrs = v4ips.split(',')
- intersection = v4addrs & results['ldap']['ipHostNumber']
- results['misc']['natted'] = intersection.empty?
- end
- end
-
- return(results)
- end
-end
-
-# vim: set fdm=marker ts=2 sw=2 et:
+++ /dev/null
-module Puppet::Parser::Functions
- newfunction(:whohosts, :type => :rvalue) do |args|
- require 'ipaddr'
- require 'yaml'
-
- nodeinfo = args[0]
- yamlfile = args[1]
- parser.watch_file(yamlfile)
-
- $KCODE = 'utf-8'
-
- ans = "unknown"
- yaml = YAML.load_file(yamlfile)
-
- if (nodeinfo['ldap'].has_key?('ipHostNumber'))
- nodeinfo['ldap']['ipHostNumber'].each do |addr|
- yaml.keys.each do |hoster|
- yaml[hoster].each do |net|
- if IPAddr.new(net).include?(addr)
- ans = hoster
- end
- end
- end
- end
- end
- return ans
- end
-end
+++ /dev/null
-module Puppet::Parser::Functions
- newfunction(:yamlinfo, :type => :rvalue) do |args|
-
- host = args[0]
- yamlfile = args[1]
- parser.watch_file(yamlfile)
-
- def read_yaml(yaml, host)
- results = {}
-
- ['nameinfo', 'footer'].each do |detail|
- if yaml.has_key?(detail)
- if yaml[detail].has_key?(host)
- results[detail] = yaml[detail][host]
- end
- end
- end
-
- if yaml.has_key?('services')
- yaml['services'].each_pair do |service, hostlist|
- hostlist=[hostlist] unless hostlist.kind_of?(Array)
- results[service] = hostlist.include?(host)
- end
- end
-
- results['mail_port'] = ''
- results['smarthost'] = ''
- results['heavy_exim'] = ''
- results['smarthost_port'] = 587
- results['reservedaddrs'] = '0.0.0.0/8 : 127.0.0.0/8 : 10.0.0.0/8 : 169.254.0.0/16 : 172.16.0.0/12 : 192.0.0.0/17 : 192.168.0.0/16 : 224.0.0.0/4 : 240.0.0.0/5 : 248.0.0.0/5'
-
- if yaml['host_settings'].kind_of?(Hash)
- yaml['host_settings'].each_pair do |property, values|
- if values.kind_of?(Hash)
- results[property] = values[host] if values.has_key?(host)
- elsif values.kind_of?(Array)
- results[property] = "true" if values.include?(host)
- end
- end
- end
- return(results)
- end
-
- require 'yaml'
- $KCODE = 'utf-8'
-
- yaml = YAML.load_file(yamlfile)
- ret = {}
-
- if host == '*'
- Dir.entries('/var/lib/puppet/yaml/node/').each do |fname|
- next unless fname =~ /(.*)\.yaml$/
- host_name = $1
- ret[host_name] = read_yaml(yaml, host_name)
- end
- else
- ret = read_yaml(yaml, host)
- end
-
- return(ret)
- end
-end
-
"true": {
package { acpid: ensure => installed }
case extractnodeinfo($nodeinfo, 'squeeze') {
- 'true': { package { acpi-support-base: ensure => installed } }
+ true: { package { acpi-support-base: ensure => installed } }
}
}
}
case $mta {
"exim4": {
case extractnodeinfo($nodeinfo, 'heavy_exim') {
- 'true': { include exim::mx }
+ true: { include exim::mx }
default: { include exim }
}
}
}
+ case extractnodeinfo($nodeinfo, 'puppetmaster') {
+ true: { include puppetmaster }
+ }
+
case extractnodeinfo($nodeinfo, 'muninmaster') {
- "true": { include munin-node::master }
+ true: { include munin-node::master }
}
case extractnodeinfo($nodeinfo, 'nagiosmaster') {
- "true": { include nagios::server }
+ true: { include nagios::server }
default: { include nagios::client }
}
case $apache2 {
"true": {
case extractnodeinfo($nodeinfo, 'apache2_security_mirror') {
- "true": { include apache2::security_mirror }
+ true: { include apache2::security_mirror }
}
case extractnodeinfo($nodeinfo, 'apache2_www_mirror') {
- "true": { include apache2::www_mirror }
+ true: { include apache2::www_mirror }
}
include apache2
}
case extractnodeinfo($nodeinfo, 'buildd') {
- 'true': {
+ true: {
include buildd
}
}
SHELL=/bin/bash
@hourly root [ ! -d /var/cache/dsa ] || touch /var/cache/dsa/cron.alive
-34 */4 * * * root if [ -x /usr/sbin/puppetd ]; then sleep $(( $RANDOM \% 3600 )); if [ -x /usr/bin/timeout ]; then TO="timeout 3600"; else TO=""; fi; $TO /usr/sbin/puppetd --factsync -o --no-daemonize 2>&1 | grep -v 'v6: error fetching interface information: Device not found' ; fi
+34 */4 * * * root if [ -x /usr/sbin/puppetd ]; then sleep $(( $RANDOM \% 3600 )); if [ -x /usr/bin/timeout ]; then TO="timeout 3600"; else TO=""; fi; $TO /usr/sbin/puppetd -o --no-daemonize 2>&1 | grep -v 'v6: error fetching interface information: Device not found' ; fi
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/facts
-pluginsync=false
+pluginsync=true
# This is the default environment for all clients
environment=production
[puppetmasterd]
templatedir=/etc/puppet/templates
-libdir=/etc/puppet/lib
+#libdir=/etc/puppet/lib
environments = development,testing,production,staging
[puppetd]
--- /dev/null
+Facter.add(:architecture) do
+ confine :kernel => 'GNU/kFreeBSD'
+ setcode do
+ model = Facter.value(:hardwaremodel)
+ case model
+ when 'x86_64': "amd64"
+ when /(i[3456]86|pentium)/: "i386"
+ else
+ model
+ end
+ end
+end
+
+Facter.add(:debarchitecture) do
+ setcode do
+ %x{/usr/bin/dpkg --print-architecture}.chomp
+ end
+end
+
--- /dev/null
+Facter.add("brokenhosts") do
+ brokenhosts = "true"
+ if FileTest.exist?("/etc/hosts")
+ IO.foreach("/etc/hosts") do |x|
+ x.split.each do |y|
+ if y == Facter.value("fqdn")
+ brokenhosts = "false"
+ break
+ end
+ end
+ end
+ end
+ setcode do
+ brokenhosts == "true"
+ end
+end
+
+
--- /dev/null
+Facter.add("v4ips") do
+ confine :kernel => :linux
+ addrs = []
+ if FileTest.exist?("/bin/ip")
+ %x{ip addr list}.each do |line|
+ next unless line =~ /\s+inet/
+ next if line =~ /scope (link|host)/
+ if line =~ /\s+inet\s+(\S+)\/\d{1,2} .*/
+ addrs << $1
+ end
+ end
+ end
+ ret = addrs.join(",")
+ if ret.empty?
+ ret = 'no'
+ end
+ setcode do
+ ret
+ end
+end
+
+Facter.add("v4ips") do
+ confine :kernel => 'GNU/kFreeBSD'
+ setcode do
+ addrs = []
+ output = %x{/sbin/ifconfig}
+
+ output.split(/^\S/).each { |str|
+ if str =~ /inet ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/
+ tmp = $1
+ unless tmp =~ /127\./
+ addrs << tmp
+ break
+ end
+ end
+ }
+
+ ret = addrs.join(",")
+ if ret.empty?
+ ret = 'no'
+ end
+ ret
+ end
+end
+
+Facter.add("v6ips") do
+ confine :kernel => :linux
+ addrs = []
+ if FileTest.exist?("/bin/ip")
+ %x{ip addr list}.each do |line|
+ next unless line =~ /\s+inet/
+ next if line =~ /scope (link|host)/
+ if line =~ /\s+inet6\s+(\S+)\/\d{1,3} .*/
+ addrs << $1
+ end
+ end
+ end
+ ret = addrs.join(",")
+ if ret.empty?
+ ret = 'no'
+ end
+ setcode do
+ ret
+ end
+end
+
--- /dev/null
+begin
+ require 'filesystem'
+
+ Facter.add("mounts") do
+ ignorefs = ["NFS", "nfs", "nfs4", "nfsd", "afs", "binfmt_misc", "proc", "smbfs",
+ "autofs", "iso9660", "ncpfs", "coda", "devpts", "ftpfs", "devfs",
+ "mfs", "shfs", "sysfs", "cifs", "lustre_lite", "tmpfs", "usbfs", "udf",
+ "fusectl", "fuse.snapshotfs", "rpc_pipefs"]
+ mountpoints = []
+ FileSystem.mounts.each do |m|
+ if ((not ignorefs.include?(m.fstype)) && (m.options !~ /bind/))
+ mountpoints << m.mount
+ end
+ end
+ setcode do
+ mountpoints.join(',')
+ end
+ end
+
+rescue Exception => e
+end
--- /dev/null
+Facter.add("mta") do
+ setcode do
+ mta = "exim4"
+ if FileTest.exist?("/usr/sbin/postfix")
+ mta = "postfix"
+ end
+ mta
+ end
+end
+
+Facter.add("exim_ssl_certs") do
+ setcode do
+ FileTest.exist?("/etc/exim4/ssl/") &&
+ FileTest.exist?("/etc/exim4/ssl/ca.crl") &&
+ FileTest.exist?("/etc/exim4/ssl/thishost.crt") &&
+ FileTest.exist?("/etc/exim4/ssl/ca.crt") &&
+ FileTest.exist?("/etc/exim4/ssl/thishost.key")
+ end
+end
--- /dev/null
+begin
+ require 'etc'
+
+ Facter.add("portforwarder_key") do
+ setcode do
+ key = nil
+ keyfile = '/home/portforwarder/.ssh/id_rsa.pub'
+ if FileTest.exist?(keyfile)
+ key = File.open(keyfile).read.chomp
+ end
+ key
+ end
+ end
+
+ Facter.add("portforwarder_user_exists") do
+ setcode do
+ result = false
+ begin
+ if Etc.getpwnam('portforwarder')
+ result = true
+ end
+ rescue ArgumentError
+ end
+ result
+ end
+ end
+
+rescue Exception => e
+end
+# vim:set et:
+# vim:set ts=4:
+# vim:set shiftwidth=4:
--- /dev/null
+Facter.add("smartarraycontroller") do
+ confine :kernel => :linux
+ setcode do
+ FileTest.exist?("/dev/cciss/")
+ end
+end
+
+Facter.add("ThreeWarecontroller") do
+ confine :kernel => :linux
+ setcode do
+ is3w = "false"
+ if FileTest.exist?("/proc/scsi/scsi")
+ IO.foreach("/proc/scsi/scsi") { |x|
+ is3w = "true" if x =~ /Vendor: 3ware/
+ }
+ end
+ is3w == "true"
+ end
+end
+
+Facter.add("megaraid") do
+ confine :kernel => :linux
+ setcode do
+ FileTest.exist?("/dev/megadev0")
+ end
+end
+
+Facter.add("mptraid") do
+ setcode do
+ FileTest.exist?("/dev/mptctl") or FileTest.exist?("/dev/mpt0") or FileTest.exist?("/proc/mpt/summary")
+ end
+end
+
+Facter.add("aacraid") do
+ confine :kernel => :linux
+ setcode do
+ FileTest.exist?("/dev/aac0")
+ end
+end
+
+Facter.add("swraid") do
+ confine :kernel => :linux
+ setcode do
+ swraid = "false"
+ if FileTest.exist?("/proc/mdstat") && FileTest.exist?("/sbin/mdadm")
+ IO.foreach("/proc/mdstat") { |x|
+ swraid = "true" if x =~ /md[0-9]+ : active/
+ }
+ end
+ swraid == "true"
+ end
+end
+
--- /dev/null
+Facter.add("kvmdomain") do
+ setcode do
+ if File.new('/proc/cpuinfo').read().index('QEMU Virtual CPU')
+ result = true
+ else
+ result = false
+ end
+ end
+end
--- /dev/null
+["bugs","qa"].each do |service|
+ Facter.add(service + "_host") do
+ confine :kernel => :linux
+ service_name = "#{service}." + Facter.domain
+ active = false
+
+ setcode do
+ if FileTest.exist?("/usr/bin/dig")
+ %x{/usr/bin/dig +short -t a #{service_name}}.chomp.each do |service_ip|
+ Facter.interfaces.split(',').each do |my_interface|
+ my_ip = Facter.value("ipaddress_" + my_interface)
+ if my_ip == service_ip
+ active = "true"
+ end
+ end
+ end
+ end
+ active
+ end
+ end
+end
--- /dev/null
+Facter.add("apache2") do
+ setcode do
+ FileTest.exist?("/usr/sbin/apache2")
+ end
+end
+Facter.add("clamd") do
+ setcode do
+ FileTest.exist?("/usr/sbin/clamd")
+ end
+end
+Facter.add("exim4") do
+ setcode do
+ FileTest.exist?("/usr/sbin/exim4")
+ end
+end
+Facter.add("postfix") do
+ setcode do
+ FileTest.exist?("/usr/sbin/postfix")
+ end
+end
+Facter.add("postgres81") do
+ setcode do
+ FileTest.exist?("/usr/lib/postgresql/8.1/bin/postgres")
+ end
+end
+Facter.add("postgres83") do
+ setcode do
+ FileTest.exist?("/usr/lib/postgresql/8.3/bin/postgres")
+ end
+end
+Facter.add("postgrey") do
+ setcode do
+ FileTest.exist?("/usr/sbin/postgrey")
+ end
+end
+Facter.add("greylistd") do
+ setcode do
+ FileTest.exist?("/usr/sbin/greylistd")
+ end
+end
+Facter.add("policydweight") do
+ setcode do
+ FileTest.exist?("/usr/sbin/policyd-weight")
+ end
+end
+Facter.add("vsftpd") do
+ setcode do
+ FileTest.exist?("/usr/sbin/vsftpd")
+ end
+end
+Facter.add("spamd") do
+ setcode do
+ FileTest.exist?("/usr/sbin/spamd")
+ end
+end
+Facter.add("php5") do
+ setcode do
+ FileTest.exist?("/usr/lib/apache2/modules/libphp5.so") or
+ FileTest.exist?("/usr/bin/php5") or
+ FileTest.exist?("/usr/bin/php5-cgi") or
+ FileTest.exist?("/usr/lib/cgi-bin/php5")
+ end
+end
+Facter.add("php5suhosin") do
+ setcode do
+ FileTest.exist?("/usr/lib/php5/20060613/suhosin.so") or
+ FileTest.exist?("/usr/lib/php5/20060613+lfs/suhosin.so")
+ end
+end
+Facter.add("syslogversion") do
+ setcode do
+ %x{dpkg-query -W -f='${Version}\n' syslog-ng | cut -b1}.chomp
+ end
+end
+Facter.add("rsyncd") do
+ setcode do
+ FileTest.exist?("/etc/rsyncd.conf")
+ end
+end
notify => Exec["rc.local start"],
;
}
- case $hostname {
- handel: {
- file {
- "/etc/puppet/lib":
- ensure => directory,
- source => "puppet:///files/etc/puppet/lib",
- recurse => true,
- notify => Exec["puppetmaster restart"];
- }
- }
- }
# set mmap_min_addr to 4096 to mitigate
# Linux NULL-pointer dereference exploits
package {
"hpacucli": ensure => installed;
"hp-health": ensure => installed;
- "cpqarrayd": ensure => installed;
"arrayprobe": ensure => installed;
}
+ case extractnodeinfo($nodeinfo, 'squeeze') {
+ true: {}
+ default: {
+ package {
+ "cpqarrayd": ensure => installed;
+ }
+ }
+ }
case $debarchitecture {
"amd64": {
package { "lib32gcc1": ensure => installed; }
## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
##
-<% if nodeinfo.has_key?('squeeze') and not nodeinfo['squeeze'].empty? %>
+<% if nodeinfo.has_key?('squeeze') and nodeinfo['squeeze'] %>
<% else %>
deb http://mirror.netcologne.de/debian-backports/ lenny-backports main contrib non-free
<% end %>
## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
##
-<% if nodeinfo.has_key?('squeeze') and not nodeinfo['squeeze'].empty? %>
+<% if nodeinfo.has_key?('squeeze') and nodeinfo['squeeze'] %>
deb http://security.debian.org/ squeeze/updates main contrib non-free
<% else %>
deb http://security.debian.org/ lenny/updates main contrib non-free
## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
##
-<% if nodeinfo.has_key?('squeeze') and not nodeinfo['squeeze'].empty? %>
+<% if nodeinfo.has_key?('squeeze') and nodeinfo['squeeze'] %>
<% else %>
deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free
<% end %>
# MAIN CONFIGURATION SETTINGS #
######################################################################
-<%- if nodeinfo.has_key?('heavy_exim') and not nodeinfo['heavy_exim'].empty? -%>
+<%- if nodeinfo.has_key?('heavy_exim') and nodeinfo['heavy_exim'] -%>
perl_startup = do '/etc/exim4/exim_surbl.pl'
<%- end -%>
acl_smtp_helo = check_helo
acl_smtp_rcpt = ${if ={$interface_port}{587} {check_submission}{check_recipient}}
acl_smtp_data = check_message
-<%- if nodeinfo.has_key?('heavy_exim') and not nodeinfo['heavy_exim'].empty? -%>
+<%- if nodeinfo.has_key?('heavy_exim') and nodeinfo['heavy_exim'] -%>
acl_smtp_mime = acl_check_mime
<%- end -%>
acl_smtp_predata = acl_check_predata
message_size_limit = 100M
message_logs = false
smtp_accept_max_per_host = ${if match_ip {$sender_host_address}{+debianhosts}{0}{7}}
-<%- if nodeinfo.has_key?('heavy_exim') and not nodeinfo['heavy_exim'].empty? -%>
+<%- if nodeinfo.has_key?('heavy_exim') and nodeinfo['heavy_exim'] -%>
smtp_accept_max = 300
smtp_accept_queue = 200
smtp_accept_queue_per_connection = 50
delay_warning =
-<%- if nodeinfo.has_key?('heavy_exim') and not nodeinfo['heavy_exim'].empty? -%>
+<%- if nodeinfo.has_key?('heavy_exim') and nodeinfo['heavy_exim'] -%>
message_body_visible = 5000
queue_run_max = 50
deliver_queue_load_max = 50
deny message = relay not permitted
-<%- if nodeinfo.has_key?('heavy_exim') and not nodeinfo['heavy_exim'].empty? -%>
+<%- if nodeinfo.has_key?('heavy_exim') and nodeinfo['heavy_exim'] -%>
acl_check_mime:
discard condition = ${if <{$message_size}{256000}}
message = X-malware detected: $malware_name
<%- end -%>
-<%- if nodeinfo.has_key?('heavy_exim') and not nodeinfo['heavy_exim'].empty? -%>
+<%- if nodeinfo.has_key?('heavy_exim') and nodeinfo['heavy_exim'] -%>
discard condition = ${if <{$message_size}{256000}}
condition = ${if eq {$acl_m_prf}{blackhole}}
set acl_m_srb = ${perl{surblspamcheck}}
}
case extractnodeinfo($nodeinfo, 'buildd') {
- 'true': {
+ true: {
file {
"/etc/ferm/conf.d/load_ftp_conntrack.conf":
source => "puppet:///modules/ferm/conntrack_ftp.conf",
# You must set this variable to for monit to start
startup=0
-<% if nodeinfo.has_key?('squeeze') and not nodeinfo['squeeze'].empty? %>
+<% if nodeinfo.has_key?('squeeze') and nodeinfo['squeeze'] %>
<% else %>
# To change the intervals which monit should run uncomment
## Start monit in the background (run as a daemon) and check services at
## 2-minute intervals.
#
-<% if nodeinfo.has_key?('squeeze') and not nodeinfo['squeeze'].empty? %>
+<% if nodeinfo.has_key?('squeeze') and nodeinfo['squeeze'] %>
set daemon 300
<% else %>
<% end %>
;
}
case extractnodeinfo($nodeinfo, 'timeserver') {
- 'true': { }
+ true: { }
default: {
file {
"/etc/default/ntp":
owner => root,
group => root,
mode => 444,
- source => [ "puppet:///ntp/etc-default-ntp" ],
+ source => [ "puppet:///modules/ntp/etc-default-ntp" ],
require => Package["ntp"],
notify => Exec["ntp restart"],
;
owner => root,
group => root,
mode => 444,
- source => [ "puppet:///ntp/ntpkey_iff_merikanto.pub" ],
+ source => [ "puppet:///modules/ntp/ntpkey_iff_merikanto.pub" ],
require => Package["ntp"],
notify => Exec["ntp restart"],
;
owner => root,
group => root,
mode => 444,
- source => [ "puppet:///ntp/ntpkey_iff_orff.pub" ],
+ source => [ "puppet:///modules/ntp/ntpkey_iff_orff.pub" ],
require => Package["ntp"],
notify => Exec["ntp restart"],
;
owner => root,
group => root,
mode => 444,
- source => [ "puppet:///ntp/ntpkey_iff_ravel.pub" ],
+ source => [ "puppet:///modules/ntp/ntpkey_iff_ravel.pub" ],
require => Package["ntp"],
notify => Exec["ntp restart"],
;
owner => root,
group => root,
mode => 444,
- source => [ "puppet:///ntp/ntpkey_iff_busoni.pub" ],
+ source => [ "puppet:///modules/ntp/ntpkey_iff_busoni.pub" ],
require => Package["ntp"],
notify => Exec["ntp restart"],
;
--- /dev/null
+module Puppet::Parser::Functions
+ newfunction(:allnodeinfo, :type => :rvalue) do |attributes|
+ attributes.unshift('*')
+ return (function_ldapinfo(attributes))
+ end
+end
--- /dev/null
+module Puppet::Parser::Functions
+ newfunction(:extractnodeinfo, :type => :rvalue) do |args|
+
+ nodeinfo = args.shift
+
+ ni = nodeinfo
+ keys_done = []
+
+ args.each do |key|
+ raise Puppet::ParseError, "nodeinfo is not a hash at #{keys_done.join('->')}" unless ni.kind_of?(Hash)
+ unless ni.has_key?(key)
+ ni = false
+ break
+ end
+ ni = ni[key]
+ keys_done << key
+ end
+ return ni
+ end
+end
+# vim:set et:
+# vim:set sts=2 ts=2:
+# vim:set shiftwidth=2:
--- /dev/null
+module Puppet::Parser::Functions
+ newfunction(:ldapinfo, :type => :rvalue) do |attributes|
+
+ host = attributes.shift
+
+ unless attributes.include?("*") or attributes.include?('hostname')
+ attributes << 'hostname'
+ end
+
+ require 'ldap'
+ ldap = LDAP::SSLConn.new('db.debian.org', 636)
+
+ results = {}
+ filter = '(hostname=' + host + ')'
+ begin
+ ldap.search2('ou=hosts,dc=debian,dc=org', LDAP::LDAP_SCOPE_SUBTREE, filter, attrs=attributes, false, 0, 0, s_attr="hostname").each do |x|
+ # If a returned value doesn't have all the attributes we're searching for, skip
+ # We'll skip if the array is empty, but we also seem to get back a nil object for empty attributes sometimes
+ unless attributes.include?("*")
+ next if attributes.any?{ |a| not x[a] or x[a].empty? }
+ end
+ results[x['hostname'][0]] = x
+ end
+ rescue LDAP::ResultError
+ raise Puppet::ParseError, "LDAP error"
+ rescue RuntimeError
+ raise Puppet::ParseError, "No data returned from search"
+ ensure
+ ldap.unbind
+ end
+ if host == '*'
+ return(results)
+ else
+ return(results[host])
+ end
+ end
+end
--- /dev/null
+module Puppet::Parser::Functions
+ newfunction(:nodeinfo, :type => :rvalue) do |args|
+
+ host = args[0]
+ yamlfile = args[1]
+
+ require '/var/lib/puppet/lib/puppet/parser/functions/ldapinfo.rb'
+
+ results = function_yamlinfo(host, yamlfile)
+ results['ldap'] = function_ldapinfo(host, '*')
+
+ results['misc'] = {}
+ fqdn = lookupvar('fqdn')
+ if fqdn and fqdn == host
+ v4ips = lookupvar('v4ips')
+ if v4ips
+ # find out if we are behind nat
+ v4addrs = v4ips.split(',')
+ intersection = v4addrs & results['ldap']['ipHostNumber']
+ results['misc']['natted'] = intersection.empty?
+ end
+ end
+
+ return(results)
+ end
+end
+
+# vim: set fdm=marker ts=2 sw=2 et:
--- /dev/null
+module Puppet::Parser::Functions
+ newfunction(:whohosts, :type => :rvalue) do |args|
+ require 'ipaddr'
+ require 'yaml'
+
+ nodeinfo = args[0]
+ yamlfile = args[1]
+ parser.watch_file(yamlfile)
+
+ $KCODE = 'utf-8'
+
+ ans = "unknown"
+ yaml = YAML.load_file(yamlfile)
+
+ if (nodeinfo['ldap'].has_key?('ipHostNumber'))
+ nodeinfo['ldap']['ipHostNumber'].each do |addr|
+ yaml.keys.each do |hoster|
+ yaml[hoster].each do |net|
+ if IPAddr.new(net).include?(addr)
+ ans = hoster
+ end
+ end
+ end
+ end
+ end
+ return ans
+ end
+end
--- /dev/null
+module Puppet::Parser::Functions
+ newfunction(:yamlinfo, :type => :rvalue) do |args|
+
+ host = args[0]
+ yamlfile = args[1]
+ parser.watch_file(yamlfile)
+
+ def read_yaml(yaml, host)
+ results = {}
+
+ ['nameinfo', 'footer'].each do |detail|
+ if yaml.has_key?(detail)
+ if yaml[detail].has_key?(host)
+ results[detail] = yaml[detail][host]
+ end
+ end
+ end
+
+ if yaml.has_key?('services')
+ yaml['services'].each_pair do |service, hostlist|
+ hostlist=[hostlist] unless hostlist.kind_of?(Array)
+ results[service] = hostlist.include?(host)
+ end
+ end
+
+ results['mail_port'] = ''
+ results['smarthost'] = ''
+ results['heavy_exim'] = ''
+ results['smarthost_port'] = 587
+ results['reservedaddrs'] = '0.0.0.0/8 : 127.0.0.0/8 : 10.0.0.0/8 : 169.254.0.0/16 : 172.16.0.0/12 : 192.0.0.0/17 : 192.168.0.0/16 : 224.0.0.0/4 : 240.0.0.0/5 : 248.0.0.0/5'
+
+ if yaml['host_settings'].kind_of?(Hash)
+ yaml['host_settings'].each_pair do |property, values|
+ if values.kind_of?(Hash)
+ results[property] = values[host] if values.has_key?(host)
+ elsif values.kind_of?(Array)
+ results[property] = values.include?(host)
+ end
+ end
+ end
+ return(results)
+ end
+
+ require 'yaml'
+ $KCODE = 'utf-8'
+
+ yaml = YAML.load_file(yamlfile)
+ ret = {}
+
+ if host == '*'
+ Dir.entries('/var/lib/puppet/yaml/node/').each do |fname|
+ next unless fname =~ /(.*)\.yaml$/
+ host_name = $1
+ ret[host_name] = read_yaml(yaml, host_name)
+ end
+ else
+ ret = read_yaml(yaml, host)
+ end
+
+ return(ret)
+ end
+end
+
--- /dev/null
+class puppetmaster {
+}
+# vim:set et:
+# vim:set sts=4 ts=4:
+# vim:set shiftwidth=4:
file=/etc/ssh/sshd_config
<%=
out=""
-if not nodeinfo['heavy_exim'].empty?
+if nodeinfo['heavy_exim']
out = '
file=/etc/exim4/surbl_whitelist.txt
file=/etc/exim4/exim_surbl.pl
file=/etc/nagios3/puppetconf.d/auto-dependencies.cfg
file=/etc/nagios3/puppetconf.d/auto-hostextinfo.cfg
file=/etc/nagios3/puppetconf.d/auto-serviceextinfo.cfg
+file=/etc/nagios3/puppetconf.d/auto-servicegroups.cfg
<% end -%>
<% if nodeinfo['muninmaster'] -%>
file=/etc/munin/munin.conf