Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
# Configuration for a Puppet client. Handles the Puppet configuration and
# syslog filtering rules.
# Helper define to generate Puppet configuration files.
define base::puppetclient::config(
$ensure,
$template = 'base/puppetclient/puppet.conf.template.erb',
$runinterval = '',
$server = '',
$ca_server = '',
$in_noop = false,
$pm = false,
$start = true,
$replace = true,
$defaultfile = '/etc/default/puppet',
$is_master = false,
$diff_args = '-u'
) {
$ssldir = $::operatingsystem ? {
'debian' => '/etc/puppet/ssl',
'ubuntu' => '/etc/puppet/ssl',
'redhat' => '/var/lib/puppet/ssl',
}
case $ensure {
present: {
if ($is_master) {
# The file /etc/puppet/puppet.conf is constructed by first writing
# the ERB template file templates/puppet.conf.template.erb into
# /etc/puppet/puppet.conf.template.
#
# We then convert /etc/puppet/puppet.conf.template into
# /etc/puppet/puppet.conf using generate_conf.
#
# Note that for generate-conf to work we must have the database ini
# file in place.
# Puppet masters need the database credentials file, so download
# the wallet object.
include base::puppetclient::db_credentials
# These are some handy definitions
$template_file = '/etc/puppet/puppet.conf.template'
$db_config = $puppetclient::db_credentials::puppet_db_ini_file
$puppet_config = '/etc/puppet/puppet.conf'
# 1. Install the template file.
file { $template_file:
content => template('base/puppetclient/puppet.conf.template.erb'),
mode => '0644',
owner => 'root',
group => 'root',
}
# 2. Convert the template file into /etc/puppet/puppet.conf.
exec { 'generate-conf puppet.conf':
command =>
"generate-conf --template $template_file --config $db_config --newfile $puppet_config",
refreshonly => true,
subscribe =>
[
File[$template_file],
Base::Wallet[$puppetclient::db_credentials::credentials_wallet_name],
]
}
} else {
# not $is_master
file { $name:
content => template($template),
replace => $replace,
}
}
}
absent: { file { $name: ensure => absent } }
default: { crit "Invalid ensure value: $ensure" }
}
file { $defaultfile:
content => template('base/puppetclient/puppet.default.erb'),
}
}
class base::puppetclient {
file { '/etc/puppet':
ensure => directory,
}
base::puppetclient::config { '/etc/puppet/puppet.conf':
ensure => present,
}
package { 'puppet':
ensure => present,
require => Base::Puppetclient::Config['/etc/puppet/puppet.conf'],
}
# On squeeze systems, default to the backports version of Puppet. On wheezy
# systems, default to the backports version of facter for proper detection
# of Xen systems.
if $::lsbdistcodename == 'squeeze' {
file { '/etc/apt/preferences.d/puppet':
source => 'puppet:///modules/base/puppetclient/etc/apt/preferences.d/puppet',
}
}
if $::lsbdistcodename == 'wheezy' {
file { '/etc/apt/preferences.d/facter':
source => 'puppet:///modules/base/puppetclient/etc/apt/preferences.d/facter',
}
}
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
# Install an auth.conf as additional protection against a Puppet
# vulnerability that could unauthenticated Puppet nodes to manipulate
# its configuration.
file { '/etc/puppet/auth.conf':
source => 'puppet:///modules/base/puppetclient/etc/puppet/auth.conf',
}
# filter-syslog rules for the Puppet client.
file { '/etc/filter-syslog/puppet':
source => 'puppet:///modules/base/puppetclient/etc/filter-syslog/puppet';
}
# Check for a puppetd process on an hourly basis.
file { '/etc/cron.hourly/check-puppet':
source => 'puppet:///modules/base/puppetclient/etc/cron.hourly/check-puppet';
}
}
# Used by systems that want to run Puppet in no-op mode. This class
# probably only supports Debian right now.
class base::puppetclient::noop inherits base::puppetclient {
Base::Puppetclient::Config['/etc/puppet/puppet.conf'] { in_noop => true }
}
# This class setups up puppetclient with a run interval of once every two
# hours.
class base::puppetclient::infrequent inherits base::puppetclient {
Base::Puppetclient::Config['/etc/puppet/puppet.conf'] {
runinterval => 7200,
}
}
# Puppet client running in our dev environment for puppet testing and
# development (CA -> puppetca-dev).
class base::puppetclient::dev inherits base::puppetclient {
Base::Puppetclient::Config['/etc/puppet/puppet.conf'] {
server => 'jimhenson-dev.stanford.edu',
ca_server => 'puppetca-dev.stanford.edu',
}
}
# Puppet client that will only list changed lines without context in puppet log
class base::puppetclient::neat inherits base::puppetclient {
Base::Puppetclient::Config['/etc/puppet/puppet.conf'] {
diff_args => '--unified=0',
}