-
Adam Lewenberg authored
This is the (old) master branch along with the fixes to the cron file permissions that Russ made.
Adam Lewenberg authoredThis is the (old) master branch along with the fixes to the cron file permissions that Russ made.
puppetclient.pp 4.78 KiB
# Configuration for a Puppet client. Handles the Puppet configuration and
# syslog filtering rules.
# Helper define to generate Puppet configuration files.
define base::puppetclient::config(
$ensure,
$template = 'base/puppetclient/puppet.conf.template.erb',
$runinterval = '',
$server = '',
$ca_server = '',
$in_noop = false,
$pm = false,
$start = true,
$replace = true,
$defaultfile = '/etc/default/puppet',
$is_master = false,
$diff_args = '-u'
) {
$ssldir = $::operatingsystem ? {
'debian' => '/etc/puppet/ssl',
'ubuntu' => '/etc/puppet/ssl',
'redhat' => '/var/lib/puppet/ssl',
}
case $ensure {
present: {
if ($is_master) {
# The file /etc/puppet/puppet.conf is constructed by first writing
# the ERB template file templates/puppet.conf.template.erb into
# /etc/puppet/puppet.conf.template.
#
# We then convert /etc/puppet/puppet.conf.template into
# /etc/puppet/puppet.conf using generate_conf.
#
# Note that for generate-conf to work we must have the database ini
# file in place.
# Puppet masters need the database credentials file, so download
# the wallet object.
include base::puppetclient::db_credentials
# These are some handy definitions
$template_file = '/etc/puppet/puppet.conf.template'
$db_config = $puppetclient::db_credentials::puppet_db_ini_file
$puppet_config = '/etc/puppet/puppet.conf'
# 1. Install the template file.
file { $template_file:
content => template('base/puppetclient/puppet.conf.template.erb'),
mode => '0644',
owner => 'root',
group => 'root',
}
# 2. Convert the template file into /etc/puppet/puppet.conf.
exec { 'generate-conf puppet.conf':
command =>
"generate-conf --template $template_file --config $db_config --newfile $puppet_config",
refreshonly => true,
subscribe =>
[
File[$template_file],
Base::Wallet[$puppetclient::db_credentials::credentials_wallet_name],
]
}
} else {
# not $is_master
file { $name: content => template($template),
replace => $replace,
}
}
}
absent: { file { $name: ensure => absent } }
default: { crit "Invalid ensure value: $ensure" }
}
file { $defaultfile:
content => template('base/puppetclient/puppet.default.erb'),
}
}
class base::puppetclient {
file { '/etc/puppet':
ensure => directory,
}
base::puppetclient::config { '/etc/puppet/puppet.conf':
ensure => present,
}
package { 'puppet':
ensure => present,
require => Base::Puppetclient::Config['/etc/puppet/puppet.conf'],
}
# On squeeze systems, default to the backports version of Puppet.
# Backout the backports preference. This section can be removed
# once puppet has run everywhere.
if $::lsbdistcodename == 'squeeze' {
file { '/etc/apt/preferences.d/puppet':
source => 'puppet:///modules/base/puppetclient/etc/apt/preferences.d/puppet',
}
}
# Install an auth.conf as additional protection against a Puppet
# vulnerability that could unauthenticated Puppet nodes to manipulate
# its configuration.
file { '/etc/puppet/auth.conf':
source => 'puppet:///modules/base/puppetclient/etc/puppet/auth.conf',
}
# filter-syslog rules for the Puppet client.
file { '/etc/filter-syslog/puppet':
source => 'puppet:///modules/base/puppetclient/etc/filter-syslog/puppet';
}
# Check for a puppetd process on an hourly basis.
file { '/etc/cron.hourly/check-puppet':
source => 'puppet:///modules/base/puppetclient/etc/cron.hourly/check-puppet';
}
}
# Used by systems that want to run Puppet in no-op mode. This class
# probably only supports Debian right now.
class base::puppetclient::noop inherits base::puppetclient {
Base::Puppetclient::Config['/etc/puppet/puppet.conf'] { in_noop => true }
}
# This class setups up puppetclient with a run interval of once every two
# hours.
class base::puppetclient::infrequent inherits base::puppetclient {
Base::Puppetclient::Config['/etc/puppet/puppet.conf'] {
runinterval => 7200,
}
}
# Puppet client running in our dev environment for puppet testing and
# development.class base::puppetclient::dev inherits base::puppetclient {
Base::Puppetclient::Config['/etc/puppet/puppet.conf'] {
server => 'jimhenson-dev.stanford.edu',
ca_server => 'puppetca-dev.stanford.edu',
}
}
# Puppet client that will only list changed lines without context in puppet log
class base::puppetclient::neat inherits base::puppetclient {
Base::Puppetclient::Config['/etc/puppet/puppet.conf'] {
diff_args => '--unified=0',
}
}