diff --git a/Files/Makefile b/Files/Makefile new file mode 100644 index 0000000000000000000000000000000000000000..466d472e6738ada771ea8b6f372508b0dd37fbc2 --- /dev/null +++ b/Files/Makefile @@ -0,0 +1,6 @@ +default: + @true + +.PHONY: clean +clean: + @true diff --git a/Files/auto.master.erb b/Files/auto.master.erb new file mode 100644 index 0000000000000000000000000000000000000000..703d5bc4d9013cd1103043956dd92eeea8cf1e72 --- /dev/null +++ b/Files/auto.master.erb @@ -0,0 +1,3 @@ +/home yp:auto_home nosuid,nodev +/mp yp:auto_lysator nosuid,nodev +/pkg yp:auto_pkg nosuid,nodev diff --git a/Files/common-account b/Files/common-account new file mode 100644 index 0000000000000000000000000000000000000000..cc9518ad5712d3099f73445309e16dff77e1241c --- /dev/null +++ b/Files/common-account @@ -0,0 +1,10 @@ +# +# /etc/pam.d/common-account - authorization settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authorization modules that define +# the central access policy for use on the system. The default is to +# only deny service to users whose accounts are expired in /etc/shadow. + +account sufficient pam_krb5.so minimum_uid=100 +account sufficient pam_unix.so diff --git a/Files/common-auth b/Files/common-auth new file mode 100644 index 0000000000000000000000000000000000000000..cc30d3fb63e99f791418c6155288560f38ded396 --- /dev/null +++ b/Files/common-auth @@ -0,0 +1,14 @@ +# +# /etc/pam.d/common-auth - authentication settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authentication modules that define +# the central authentication scheme for use on the system +# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the +# traditional Unix authentication mechanisms. + +auth required pam_env.so +auth required pam_group.so +auth sufficient pam_unix.so likeauth nullok +auth sufficient pam_krb5.so use_first_pass minimum_uid=100 +auth required pam_deny.so diff --git a/Files/common-password b/Files/common-password new file mode 100644 index 0000000000000000000000000000000000000000..63ded773882df4a14259cd6cf98de5863f74b792 --- /dev/null +++ b/Files/common-password @@ -0,0 +1,10 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +password sufficient pam_krb5.so minimum_uid=100 +password sufficient pam_unix.so nullok md5 shadow use_authtok +password required pam_deny.so diff --git a/Files/common-session b/Files/common-session new file mode 100644 index 0000000000000000000000000000000000000000..e4f1ee341d14a1192398f4f89c1ffee2ad5df859 --- /dev/null +++ b/Files/common-session @@ -0,0 +1,11 @@ +# +# /etc/pam.d/common-session - session-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of sessions of *any* kind (both interactive and +# non-interactive). + +session required pam_limits.so +session required pam_krb5.so minimum_uid=100 +session sufficient pam_unix.so diff --git a/Files/cups-printers.conf-client b/Files/cups-printers.conf-client new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/Files/hosts.erb b/Files/hosts.erb new file mode 100644 index 0000000000000000000000000000000000000000..027267af640f5a51a094096334c6610518b49dbd --- /dev/null +++ b/Files/hosts.erb @@ -0,0 +1,17 @@ +# +# /etc/hosts: static lookup table for host names +# + +#<ip-address> <hostname.domain.org> <hostname> +127.0.0.1 localhost.localdomain localhost +<%= ipaddress %> <%= fqdn %> <%= hostname %> +2001:6b0:17:f0a0::<%= ipaddress.split('.')[3].to_i().to_s(16) %> <%= fqdn %> <%= hostname %> + +130.236.254.1 liunet-gw.lysator.liu.se liunet-gw +130.236.254.2 ns-master.lysator.liu.se ns-master +130.236.254.4 ns-slave.lysator.liu.se ns-slave +130.236.254.25 hoover.lysator.liu.se hoover loghost +130.236.254.125 as-master.lysator.liu.se as-master +130.236.254.126 as-slave.lysator.liu.se as-slave + +# End of file diff --git a/Files/interfaces-Debian.erb b/Files/interfaces-Debian.erb new file mode 100644 index 0000000000000000000000000000000000000000..eb21f4965f874993984ae748479f12e8766e252f --- /dev/null +++ b/Files/interfaces-Debian.erb @@ -0,0 +1,14 @@ +auto lo +iface lo inet loopback + +auto eth0 +iface eth0 inet static + address <%= ipaddress %> + netmask 255.255.255.0 + network 130.236.254.0 + broadcast 130.236.254.255 + gateway 130.236.254.1 + +iface eth0 inet6 static + address 2001:6b0:17:f0a0::<%= ipaddress.split('.')[3].to_i().to_s(16) %> + netmask 64 diff --git a/Files/krb5.conf b/Files/krb5.conf new file mode 100644 index 0000000000000000000000000000000000000000..4acf5a9164d8341ac17de9bc75daeffa3593e24b --- /dev/null +++ b/Files/krb5.conf @@ -0,0 +1,24 @@ +# $HeadURL: file:///lysator/root/cfengine2/trunk/files/linux/krb5.conf $ +# $Id: krb5.conf 47 2008-09-02 13:48:31Z creideiki $ +# +# /etc/krb5.conf, configuration file for MIT Kerberos. +# + +[libdefaults] + default_realm = LYSATOR.LIU.SE + +[realms] + LYSATOR.LIU.SE = { + kdc = as-master.lysator.liu.se + kdc = as-slave.lysator.liu.se + admin_server = as-master.lysator.liu.se + } + +[domain_realm] + .lysator.liu.se = LYSATOR.LIU.SE + +[appdefaults] + kinit = { + renewable = true + forwardable = true + } diff --git a/Files/nrpe.cfg b/Files/nrpe.cfg new file mode 100644 index 0000000000000000000000000000000000000000..75e049a93a22d7f01fecc96a44b6d345b8d4add8 --- /dev/null +++ b/Files/nrpe.cfg @@ -0,0 +1,28 @@ +# This file is centrally managed. Do not edit. Source: +# svn+ssh://lsvn.lysator.liu.se/svnroot/nagios-plugins/trunk/nagios-plugins + +pid_file=/var/run/nrpe.pid +server_port=5666 +nrpe_user=nagios +nrpe_group=nagios +dont_blame_nrpe=0 +debug=0 +command_timeout=60 +connection_timeout=300 + +# OS-specific commands added by the lysator-nagios-plugins framework. +include=/opt/nrpe/etc/nrpe-os.cfg + +# OS-and-site-specific commands, also from the lysator-nagios-plugins +# framework. +include=/opt/nrpe/etc/nrpe-os-site.cfg + +# Commands derived automatically from the current host configuration +# the the lysator-nagios-plugins framework. +include=/opt/nrpe/etc/nrpe-host-auto.cfg + +# Extra commands added manually by the host administrator. This file +# will not be overwritten by the next install of +# lysator-nagios-plugins, so this is the proper place to adde +# host-specific check commands. +include=/opt/nrpe/etc/nrpe-host-manual.cfg diff --git a/Files/nsswitch.conf-limited b/Files/nsswitch.conf-limited new file mode 100644 index 0000000000000000000000000000000000000000..d53fdfa4d099abe73f409867768496c4c1a9920b --- /dev/null +++ b/Files/nsswitch.conf-limited @@ -0,0 +1,20 @@ +# /etc/nsswitch.conf +# +# Example configuration of GNU Name Service Switch functionality. +# If you have the `glibc-doc-reference' and `info' packages installed, try: +# `info libc "Name Service Switch"' for information about this file. + +passwd: compat +group: compat +shadow: compat + +hosts: files dns +networks: files + +protocols: db files +services: db files +ethers: db files +rpc: db files + +automount: files nis +netgroup: nis diff --git a/Files/nsswitch.conf-user b/Files/nsswitch.conf-user new file mode 100644 index 0000000000000000000000000000000000000000..9583c424b96521f8c95706a3037df1e89c11f14f --- /dev/null +++ b/Files/nsswitch.conf-user @@ -0,0 +1,20 @@ +# /etc/nsswitch.conf +# +# Example configuration of GNU Name Service Switch functionality. +# If you have the `glibc-doc-reference' and `info' packages installed, try: +# `info libc "Name Service Switch"' for information about this file. + +passwd: nis files +group: nis files +shadow: files + +hosts: files dns +networks: files + +protocols: db files +services: db files +ethers: db files +rpc: db files + +automount: files nis +netgroup: nis diff --git a/Files/ntp.conf-client b/Files/ntp.conf-client new file mode 100644 index 0000000000000000000000000000000000000000..09a6ef85e5d7bf9272e65ec5323e0f1dbdfbabd7 --- /dev/null +++ b/Files/ntp.conf-client @@ -0,0 +1,18 @@ +# NOTES: +# - you should only have to update the server line below +# - if you start getting lines like 'restrict' and 'fudge' +# and you didnt add them, AND you run dhcpcd on your +# network interfaces, be sure to add '-Y -N' to the +# dhcpcd_ethX variables in /etc/conf.d/net + +# Name of the servers ntpd should sync with +# Please respect the access policy as stated by the responsible person. +#server ntp.example.tld iburst + +server ntp1.lysator.liu.se iburst +server ntp2.lysator.liu.se iburst +server ntp3.lysator.liu.se iburst + +# you should not need to modify the following paths +logfile /var/log/ntp.log +driftfile /var/lib/ntp/ntp.drift diff --git a/Files/puppet-Makefile.erb b/Files/puppet-Makefile.erb new file mode 100644 index 0000000000000000000000000000000000000000..d395bf408eb4009e7bdcc5b468f8054bf4735af1 --- /dev/null +++ b/Files/puppet-Makefile.erb @@ -0,0 +1,67 @@ +CVSUSER = bellman +CVSHOST = kjell.nsc.liu.se +CVSDIR = /net/storage/home/bellman/CvsRoot +CVSROOT = :ext:${CVSUSER}@${CVSHOST}:${CVSDIR} +export CVS_RSH = ssh +CVSMODULE = playpuppet + +CONFIGHOME = /home/bellman/puppet +PKGTREE = /sw/packages/extra +DISTHOSTS = calle.nsc.liu.se +PDISTHOSTS :=$(shell echo ${DISTHOSTS} | tr ' ' ,) +SKARP = SKARP + +RM_R = ${RM} -r +MV = mv -vi +COPY_R = cp -a +MAKEFLAGS = --no-print-directory + + +default: + @echo "" + @echo "There is no default target!" >&2 + @echo "You might want to do \`\`${MAKE} skarp''" >&2 + @echo "" + @exit 64 + + +skarp: ${SKARP}/CVS + cd ${SKARP} && chmod -R +w . + [ "x${NOCLEAN}" = "xtrue" ] || { cd ${SKARP} && ${MAKE} clean; } + cd ${SKARP} && cvs -q update -C -d . + cd ${SKARP} && ${MAKE} + cd ${SKARP} && find . -name '.#*.*.*' -exec ${RM} '{}' \; + cd ${SKARP} && chmod -R a-w . + +xskarp: + ${MAKE} skarp NOCLEAN=true + +%/CVS: + @${MAKE} checkout TARGET=$(@D) + +checkout: + @[ -n "${TARGET}" ] || (echo "Variable TARGET not set" >&2; exit 64) + (cvs -q -d"${CVSROOT}" checkout -d "${TARGET}" "${CVSMODULE}") + +pdist: + @echo + @echo -e '\tNOTE! This does not remove old files from target hosts!' + @echo + pdsh -w root@${PDISTHOSTS} mkdir -pv "${CONFIGHOME}" #"${PKGTREE}" + pdcp -w root@${PDISTHOSTS} -rp "${CONFIGHOME}/" "${CONFIGHOME}" + @#pdcp -w root@${PDISTHOSTS} -rp "${PKGTREE}" "${PKGTREE}" + +rdist: + @for host in ${DISTHOSTS}; do \ + echo; echo "----- $$host -----"; echo; \ + ( \ + set -x; \ + rsync -essh -avR --delete --delete-excluded \ + --exclude CVS/ --exclude src/ \ + "${CONFIGHOME}"/[A-Z][A-Z0-9]* \ + "${CFEBINTREE}" \ + "${PKGTREE}" \ + "root@$$host:/"; \ + ); \ + echo; \ + done diff --git a/Files/puppetrun-rcinit.erb b/Files/puppetrun-rcinit.erb new file mode 100644 index 0000000000000000000000000000000000000000..210d9b4eac999a8664987d7a72cc708431f5584e --- /dev/null +++ b/Files/puppetrun-rcinit.erb @@ -0,0 +1,39 @@ +#!/bin/bash +# chkconfig: 345 65 0 +# description: Run Puppet at boot. + +# Check that we're a priviledged user +[ `id -u` = 0 ] || exit 0 + +PUPPETDIR='<%= puphome %>' + +. /etc/init.d/functions + +set -u -e + + +function start() +{ + echo "Configuring machine using Puppet from $PUPPETDIR" + action "" make -C "$PUPPETDIR" -s install +} + + +# See how we were called. +case "$1" in + start|restart|reload|force-reload) + start + ;; + stop) + exit 0 + ;; + status) + exit 3 + ;; + try-restart|condrestart) + exit 3 + ;; + *) + echo $"Usage: $0 {start|stop}" + exit 2 +esac diff --git a/Files/resolv.conf b/Files/resolv.conf new file mode 100644 index 0000000000000000000000000000000000000000..2441531152a26b15359f2bbd1ae97e024df0f8d2 --- /dev/null +++ b/Files/resolv.conf @@ -0,0 +1,3 @@ +nameserver 130.236.254.2 +nameserver 130.236.254.4 +search lysator.liu.se diff --git a/Files/root-.bash_logout b/Files/root-.bash_logout new file mode 100644 index 0000000000000000000000000000000000000000..af7c6fd8fd1d77b1081711bd0e497161446cc7d0 --- /dev/null +++ b/Files/root-.bash_logout @@ -0,0 +1,2 @@ +# ~/.bash_logout + diff --git a/Files/root-.bash_profile b/Files/root-.bash_profile new file mode 100644 index 0000000000000000000000000000000000000000..a99681bb652c9e00d55d5ad23891baa35a571309 --- /dev/null +++ b/Files/root-.bash_profile @@ -0,0 +1,28 @@ +# .bash_profile + +stty sane + +if [ -r ~/.bashrc ]; then + . ~/.bashrc +fi + +# User specific environment and startup programs + +case $TERM in + linux) + case $(tty) in + # RedHat 8 default uses a font without bold, so hold off on bold + /dev/tty[1]) bg=black fg=green bold=off ;; + /dev/tty[2]) bg=black fg=red bold=off ;; + /dev/tty[3]) bg=black fg=blue bold=off ;; + /dev/tty[4]) bg=black fg=yellow bold=off ;; + /dev/tty[56]) bg=black fg=white bold=off ;; + esac + if [ -n "${fg:-}" ]; then + setterm -background $bg -foreground $fg -bold $bold -store + fi + ;; +esac + +export LESS="-i -X -z-2" +export EDITOR="vi" diff --git a/Files/root-.bashrc b/Files/root-.bashrc new file mode 100644 index 0000000000000000000000000000000000000000..264cd738d5ec7488708fbc99fdf28e473d08d5f2 --- /dev/null +++ b/Files/root-.bashrc @@ -0,0 +1,48 @@ +# .bashrc + +# Ugly hack +if [ "${LOGNAME:-}" != "root" -a -n "${DISPLAY:-}" -a -z "${XAUTHORITY}" ]; +then + export XAUTHORITY=`eval "echo ~$LOGNAME"`/.Xauthority +fi + +alias ls='ls -F' +alias ty=less +alias psg='ps waux | egrep' +alias j='jobs -l' +alias hi=history + +alias rm='rm -i' +alias cp='cp -i' +alias mv='mv -i' + +set +o interactive-comments +set -o notify +auto_resume= +no_exit_on_failed_exec= +HISTCONTROL=ignoredups; history_control=$HISTCONTROL + +PS1='[\u@\h \W]\$ ' +if [ "$TERM" = "linux" ]; then + _k='\[\033[00;30m\]' # blacK + _e='\[\033[01;30m\]' # grEy + _r='\[\033[00;31m\]' # Red + _r1='\[\033[01;31m\]' # Light Red + _g='\[\033[00;32m\]' # Green + _g1='\[\033[01;32m\]' # Light Green + _o='\[\033[00;33m\]' # Orange + _y='\[\033[01;33m\]' # Yellow + _b='\[\033[00;34m\]' # Blue + _b1='\[\033[01;34m\]' # Light Blue + _m='\[\033[00;35m\]' # Magenta + _m1='\[\033[01;35m\]' # Light Magenta + _c='\[\033[00;36m\]' # Cyan + _c1='\[\033[01;36m\]' # Light Cyan + _w0='\[\033[00;37m\]' # Off-white + _w='\[\033[01;37m\]' # White + _n='\[\033[00m\]' # Normal + _B='\[\033[01m\]' # Bold + +# PS1="$_r[$_y\\u$_r@$_y\\h$_r $_w\\W$_r]$_c\\\$$_n " + unset _k _e _r _r1 _g _g1 _o _y _b _b1 _m _m1 _c _c1 _w0 _w _n _B +fi diff --git a/Files/root-.cvsrc b/Files/root-.cvsrc new file mode 100644 index 0000000000000000000000000000000000000000..72e713cbe0be4577465449bc4d4de4921df8bc19 --- /dev/null +++ b/Files/root-.cvsrc @@ -0,0 +1,4 @@ +cvs -q +#diff -U5 +update -d -P +checkout -P diff --git a/Files/root-.emacs b/Files/root-.emacs new file mode 100644 index 0000000000000000000000000000000000000000..c36b059fb685184f513ddf2278ebfa2839d70734 --- /dev/null +++ b/Files/root-.emacs @@ -0,0 +1,86 @@ +;;; ================================================================== +;;; Mina alldeles egna inst�llningar f�r Emacs + +(require 'iso-transl) +;;(require 'jka-compr) +(require 'complete) +(if (>= emacs-major-version 20) + (partial-completion-mode +1) + (setq PC-meta-flag t)) +(define-key minibuffer-local-completion-map + "\M-?" 'minibuffer-completion-help) +(define-key minibuffer-local-must-match-map + "\M-?" 'minibuffer-completion-help) +(define-key emacs-lisp-mode-map + "\M-\t" 'PC-lisp-complete-symbol) +(define-key lisp-interaction-mode-map + "\M-\t" 'PC-lisp-complete-symbol) + +(load "uniquify" 'noerr 'nomsg) +(setq uniquify-buffer-name-style 'post-forward-angle-brackets) + + +;;; ================================================================== +;;; Lite diverse saker som jag vill ha inst�llt. + +(let ((mode (current-input-mode))) + (rplaca (cdr (cdr mode)) '8bit) + (apply 'set-input-mode mode)) +(setq next-line-add-newlines nil) +(setq inhibit-startup-message t) ; Inget dumt startupmeddelande +(put 'eval-expression 'disabled nil) ; Jo, jag *vill* k�ra elisp +(put 'narrow-to-region 'disabled nil) ; Klart att jag vet vad jag g�r! +(put 'narrow-to-page 'disabled nil) +(setq enable-recursive-minibuffers t) ; Varf�r inte? +(setq visible-bell nil) +(setq window-min-height 1) ; Inga dumma begr�nsningar +(setq backup-by-copying-when-linked t) +(setq search-slow-speed 2400) +(setq diff-switches "-u") + +(setq Man-notify-method 'friendly) + +(menu-bar-mode -1) ; Menyer h�r hemma i restauranger! +(mapcar (function (lambda (mode) ; Bort med blinkande mark�r och + (if (fboundp mode) ; eventuella knappar. + (apply mode '(-1))))) + '(blink-cursor-mode tool-bar-mode)) + +;;; Dessutom vill jag se vilken maskin jag k�r p�. En del moder f�rst�r +;;; tyv�rr den informationen. Info och Dired �r ett par syndare... +(setq-default mode-line-buffer-identification + (list (concat (if (= (user-uid) 0) "Root (@) " "") + (capitalize ((lambda (x) + (substring x 0 + (string-match "\\." x))) + (or (getenv "HOSTNAME") + (system-name)))) + ": %17b"))) + +(setq auto-save-list-file-prefix nil) ; Inga .saves-filer, tack. + +(setq Info-mode-hook + (lambda () + (define-key Info-mode-map " " 'scroll-up) + (define-key Info-mode-map "\C-?" 'scroll-down))) + + + +;;; ================================================================== +;;; Lite diverse tangentbindningar + +(global-set-key "\C-x\C-o" ; Jag skriver j�mt fel... + (lambda (arg) (interactive "p") (other-window (- arg)))) +(global-set-key "\r" 'newline-and-indent) ; S� h�r ska RET och +(global-set-key "\n" 'newline) ; LFD sitta... +(global-set-key "\C-cg" 'goto-line) +(global-set-key "\C-xv" 'scroll-other-window-down) +(global-set-key "\M-&" 'query-replace-regexp) +(global-set-key "\M- " 'fixup-whitespace) +(global-set-key "\C-x\C-q" 'toggle-read-only) +(global-set-key "\C-xV" vc-prefix-map) +(global-set-key [home] 'beginning-of-line) +(global-set-key [end] 'end-of-line) +(global-set-key [insert] 'yank) +(global-set-key [f18] 'yank) +(setq mouse-yank-at-point t) diff --git a/Files/ssmtp.conf.erb b/Files/ssmtp.conf.erb new file mode 100644 index 0000000000000000000000000000000000000000..2527ac6fd79ee4ccf23d2c92880c9874b3b92704 --- /dev/null +++ b/Files/ssmtp.conf.erb @@ -0,0 +1,21 @@ +# +# Config file for sSMTP sendmail +# +# The person who gets all mail for userids < 1000 +# Make this empty to disable rewriting. +root=root+<%= hostname %> + +# The place where the mail goes. The actual machine name is required no +# MX records are consulted. Commonly mailhosts are named mail.domain.com +mailhub=mail + +# Where will the mail seem to come from? +rewriteDomain=lysator.liu.se + +# The full hostname +hostname=<%= fqdn %> + +# Are users allowed to set their own From: address? +# YES - Allow the user to specify their own From: address +# NO - Use the system generated From: address +FromLineOverride=YES diff --git a/Files/syslogd.conf b/Files/syslogd.conf new file mode 100644 index 0000000000000000000000000000000000000000..44d51ebceb9a229918cf1b3ac80a7f645bbc8e49 --- /dev/null +++ b/Files/syslogd.conf @@ -0,0 +1,72 @@ +# /etc/syslog.conf Configuration file for syslogd. +# +# For more information see syslog.conf(5) +# manpage. + +# +# First some standard logfiles. Log by facility. +# + +auth,authpriv.* /var/log/auth.log +*.*;auth,authpriv.none -/var/log/syslog +#cron.* /var/log/cron.log +daemon.* -/var/log/daemon.log +kern.* -/var/log/kern.log +lpr.* -/var/log/lpr.log +mail.* -/var/log/mail.log +user.* -/var/log/user.log + +# +# Logging for the mail system. Split it up so that +# it is easy to write scripts to parse these files. +# +mail.info -/var/log/mail.info +mail.warning -/var/log/mail.warn +mail.err /var/log/mail.err + +# Logging for INN news system +# +news.crit /var/log/news/news.crit +news.err /var/log/news/news.err +news.notice -/var/log/news/news.notice + +# +# Some `catch-all' logfiles. +# +*.=debug;\ + auth,authpriv.none;\ + news.none;mail.none -/var/log/debug +*.=info;*.=notice;*.=warning;\ + auth,authpriv.none;\ + cron,daemon.none;\ + mail,news.none -/var/log/messages + +# +# Emergencies are sent to everybody logged in. +# +*.emerg * + +# +# I like to have messages displayed on the console, but only on a virtual +# console I usually leave idle. +# +#daemon,mail.*;\ +# news.=crit;news.=err;news.=notice;\ +# *.=debug;*.=info;\ +# *.=notice;*.=warning /dev/tty8 + +# The named pipe /dev/xconsole is for the `xconsole' utility. To use it, +# you must invoke `xconsole' with the `-file' option: +# +# $ xconsole -file /dev/xconsole [...] +# +# NOTE: adjust the list below, or you'll go crazy if you have a reasonably +# busy site.. +# +daemon.*;mail.*;\ + news.err;\ + *.=debug;*.=info;\ + *.=notice;*.=warning |/dev/xconsole + +*.* @loghost + diff --git a/Files/xorg.conf-furfur.erb b/Files/xorg.conf-furfur.erb new file mode 120000 index 0000000000000000000000000000000000000000..3eb48301ebffb32fd0bf53e77049d543ec02e6e5 --- /dev/null +++ b/Files/xorg.conf-furfur.erb @@ -0,0 +1 @@ +xorg.conf-ubuntu.erb \ No newline at end of file diff --git a/Files/xorg.conf-ubuntu.erb b/Files/xorg.conf-ubuntu.erb new file mode 100644 index 0000000000000000000000000000000000000000..07efa5a291ff5b62d6237d03b517b2c68fbbd825 --- /dev/null +++ b/Files/xorg.conf-ubuntu.erb @@ -0,0 +1,33 @@ +# xorg.conf (X.Org X Window System server configuration file) +# +# This file was generated by dexconf, the Debian X Configuration tool, using +# values from the debconf database. +# +# Edit this file with caution, and see the xorg.conf manual page. +# (Type "man xorg.conf" at the shell prompt.) +# +# This file is automatically updated on xserver-xorg package upgrades *only* +# if it has not been modified since the last upgrade of the xserver-xorg +# package. +# +# Note that some configuration settings that could be done previously +# in this file, now are automatically configured by the server and settings +# here are ignored. +# +# If you have edited this file but would like it to be automatically updated +# again, run the following command: +# sudo dpkg-reconfigure -phigh xserver-xorg + +Section "Device" + Identifier "Configured Video Device" +EndSection + +Section "Monitor" + Identifier "Configured Monitor" +EndSection + +Section "Screen" + Identifier "Default Screen" + Monitor "Configured Monitor" + Device "Configured Video Device" +EndSection diff --git a/Files/yp.conf b/Files/yp.conf new file mode 100644 index 0000000000000000000000000000000000000000..ccaeb49af0e00157bed29fb737caebbdc401f4ab --- /dev/null +++ b/Files/yp.conf @@ -0,0 +1,2 @@ +domain lysator server ns-master.lysator.liu.se +domain lysator server ns-slave.lysator.liu.se diff --git a/Lib/facter/environ.rb b/Lib/facter/environ.rb new file mode 100644 index 0000000000000000000000000000000000000000..bb188cb72a720befbbc2f130353213bf10f15b4e --- /dev/null +++ b/Lib/facter/environ.rb @@ -0,0 +1,9 @@ +# Note! The variable names will be turned into lowercase by Puppet... + +ENV.each_pair do |var,value| + Facter.add("env_"+var) do + setcode do + value + end + end +end diff --git a/Lib/puppet/parser/functions/regexp_quote.rb b/Lib/puppet/parser/functions/regexp_quote.rb new file mode 100644 index 0000000000000000000000000000000000000000..5614ef93fd7c65f71c10adbfcf0ba22fe8f05e76 --- /dev/null +++ b/Lib/puppet/parser/functions/regexp_quote.rb @@ -0,0 +1,9 @@ +module Puppet::Parser::Functions + newfunction(:regexp_quote, :type => :rvalue) do |args| + if args.length != 1 + self.fail("regexp_quote(): wrong number of arguments" + + " (#{args.length} for 1)") + end + return Regexp.quote(args[0]) + end +end diff --git a/Lib/puppet/parser/functions/sprintf.rb b/Lib/puppet/parser/functions/sprintf.rb new file mode 100644 index 0000000000000000000000000000000000000000..0a50761f55c1a47b9da8d073c6b050991c5ce4d5 --- /dev/null +++ b/Lib/puppet/parser/functions/sprintf.rb @@ -0,0 +1,9 @@ +module Puppet::Parser::Functions + newfunction(:sprintf, :type => :rvalue) do |args| + if args.length < 1 + self.fail('sprintf(): Too few arguments (missing format string)') + end + fmt = args.shift() + return sprintf(fmt, *args) + end +end diff --git a/Lib/puppet/parser/functions/strftime.rb b/Lib/puppet/parser/functions/strftime.rb new file mode 100644 index 0000000000000000000000000000000000000000..f576e5948c28d2c3e9c63b1bc85450455d815a69 --- /dev/null +++ b/Lib/puppet/parser/functions/strftime.rb @@ -0,0 +1,12 @@ +module Puppet::Parser::Functions + newfunction(:strftime, :type => :rvalue) do |args| + if args.length < 1 + self.fail("strftime(): Missing format string parameter") + end + fmt = args.shift() + if args.length == 0 + return Time.now().strftime(fmt) + end + self.fail("strftime(): Too many arguments") + end +end diff --git a/Lib/puppet/type/delete_lines.rb b/Lib/puppet/type/delete_lines.rb new file mode 100644 index 0000000000000000000000000000000000000000..3b3888c1321b08690a5d35904d20bfc281108bd3 --- /dev/null +++ b/Lib/puppet/type/delete_lines.rb @@ -0,0 +1,125 @@ +require 'nsc_utils' + + +Puppet::Type.newtype(:delete_lines) do + + @doc = "Delete lines matching regexp :pattern in the file :file. + + Parameters are the same as for the regexp_replace_lines type + (except, of course, that there is no :replacement parameter). + " + + newparam(:name) do + desc "Name/title" + end + + newparam(:file) do + desc "The file to edit" + end + + newparam(:group_start) do + desc "Regexp specifying lines that start groups. + " + defaultto false + + munge do |value| + return (value == "") ? false : value + end + end + + newparam(:group_end) do + desc "Regexp specifying lines that ends groups. + " + defaultto false + + munge do |value| + return (value == "") ? false : value + end + end + + newparam(:start) do + desc "Only delete lines after ones matching this regexp. + " + defaultto false + + munge do |value| + return (value == "") ? false : value + end + end + + newparam(:end) do + desc "Stop deleting when reaching a line matching this regexp. + " + defaultto false + + munge do |value| + return (value == "") ? false : value + end + end + + newparam(:pattern) do + desc "Delete lines looking like this regexp (implicitly anchored at + the beginning and end of the line). + " + + validate do |value| + if not value or value == "" + self.fail "Parameter 'pattern' must not be the empty string" + end + end + end + + newparam(:skip) do + desc "Don't delete lines looking like this regexp (implicitly + anchored at the beginning and end of the line). + " + defaultto false + + munge do |value| + return (value == "") ? false : value + end + end + + newproperty(:ensure) do + desc " + " + newvalue(:deleted) + defaultto :deleted + + def retrieve + @to_kill = [] + @saves = {} + NSC_Utils::on_section_lines(self.resource, @saves) do |l,i| + @to_kill.push(i) + end + + if @to_kill.length > 0 + patsource = @saves[:pattern].source + return self.value == patsource ? false : patsource + else + @saves = nil + return self.value + end + end + + def sync + lines = @saves[:lines] + for i in @to_kill + ##puts "--DEBUG: #{i+1}: <#{lines[i].chomp}>" + lines[i] = nil + end + lines.delete(nil) + fp = File.new(self.resource[:file], 'w') + fp.write(lines.join("")) + fp.close() + @saves = nil + # FIXME: I have no idea what we *should* return here, but at + # least this makes Puppet report that something has been done. + # FIXME: It would be nice if we could convince Puppet to save + # the old version of the file in the filebucket. + return :true + end + end + +end + diff --git a/Lib/puppet/type/ensure_line.rb b/Lib/puppet/type/ensure_line.rb new file mode 100644 index 0000000000000000000000000000000000000000..8b9dcdc1a15b5ed0629f8c61e03f584be64ce64e --- /dev/null +++ b/Lib/puppet/type/ensure_line.rb @@ -0,0 +1,233 @@ +require 'nsc_utils' + + +Puppet::Type.newtype(:ensure_line) do + + @doc = "Make sure the line :line exists in the file :file. + + If it does not already exist, the first line matching the + regexp :pattern will be replace by :line. + + If no match against :pattern can be found either, :line is + inserted after or before the first line matching :where, + depending on if :addhow is set to 'append' (default) or + 'prepend'. + + If no line matches :where either, or if :where is not set, + :line is placed first or last in the file, depending on the + value of :addhow. + + FIXME! + There are more parameters, but I don't have the energy to + document them right now. + + All regexps (:pattern, :sufficient, :start, :end and :where) + are implicitly anchored at the beginning of the line, i.e, as + if they always began with ^. + + NOTE: the parameter names are not very pretty, and may change + in the future when I can think of better names. + " + + newparam(:name) do + desc "Name/title" + end + + newparam(:file) do + desc "The file to edit" + end + + newparam(:start) do + desc "Ensure line exist whithin section(s) beginning with this regexp. + " + defaultto false + + munge do |value| + return (value == "") ? false : value + end + end + + newparam(:end) do + desc "Ensure line exist whithin section(s) ended with this regexp. + " + defaultto false + + munge do |value| + return (value == "") ? false : value + end + end + + newproperty(:line) do + desc "How the wanted line should look" + + validate do |value| + if value == "" + self.fail "Parameter 'line' must not be the empty string" + end + end + + def retrieve + resources = self.resource + section_start, include_section_start = + NSC_Utils::boundary(resources, :start) + section_end, include_section_end = + NSC_Utils::boundary(resources, :end) + + wanted_line = self.value + searchpattern = self.resource[:pattern] + if searchpattern + searchpattern = Regexp.new('^' + self.resource[:pattern]) + end + sufficient = self.resource[:sufficient] + if sufficient + sufficient = Regexp.new('^' + sufficient) + end + wherepattern = self.resource[:where] + if wherepattern + wherepattern = Regexp.new('^' + wherepattern) + end + addhow = self.resource[:addhow] + + @lines = File.readlines(self.resource[:file]) + sections = NSC_Utils::extract_sections( + NSC_Utils::enumerate(@lines), + section_start, true, + section_end, true, + true) + + + case self.resource[:section] + when :first + sections = sections[0,1] + when :last + sections = sections[-1,1] or [] + when :all + sections = sections + end + + if @lines.length == 0 + sections = [["", 0]] + include_section_start = include_section_end = false + end + + @to_replace = [] + @to_add = [] + for sect in sections + found = rpos = ipos = false + firstline = sect[0][1] + lastline = sect[-1][1] + if not include_section_start + sect = sect[1..-1] or [] + end + if not include_section_end + sect = sect[0..-2] + end + for l,i in sect + l = l.chomp + if l == wanted_line + found = i + elsif sufficient and sufficient.match(l) + found = i + elsif searchpattern and searchpattern.match(l) + rpos = i + elsif not ipos and wherepattern and wherepattern.match(l) + ipos = i + end + end + + if found + 0 + elsif rpos + @to_replace.push(rpos) + elsif ipos + if addhow == :prepend + @to_add.push(ipos) + else + @to_add.push(ipos + 1) + end + elsif addhow == :prepend + @to_add.push(firstline + (include_section_start ? 0 : 1)) + elsif addhow == :append + @to_add.push(lastline + (include_section_end ? 1 : 0)) + else + self.fail('Internal error') + end + end + + ##puts "--DEBUG: to_add = [#{@to_add.join(', ')}]" + ##puts "--DEBUG: to_replace = [#{@to_replace.join(', ')}]" + if @to_replace.length > 0 + return @lines[@to_replace[0]].chomp + elsif @to_add.length > 0 + return wanted_line == "" ? false : "" + else + @lines = nil + return wanted_line + end + end + + def sync + line = self.value + "\n" + for i in @to_replace + @lines[i] = line + end + for i in @to_add.reverse + @lines.insert(i, line) + end + fp = File.new(self.resource[:file], "w") + fp.write(@lines.join("")) + fp.close() + @lines = nil + + # FIXME: I have no idea what we *should* return here, but at + # least this makes Puppet report that something has been done. + # FIXME: It would be nice if we could convince Puppet to save + # the old version of the file in the filebucket. + return :true + end + end + + newparam(:pattern) do + desc "Replace lines looking like this regexp. + If not set, an exact match against :line is done. + " + defaultto false + end + + newparam(:sufficient) do + desc "Lines matching this regexp are sufficiently close to the target, + and thus the line will be deemed to exist. + + If not set, an exact match against :line is required. + " + defaultto false + end + + newparam(:section) do + desc "Which section(s) to ensure the line's presence in. + Allowed values are 'first', 'last', and 'all'. Other + sections are not touched. + + This parameter is meaningless if :start or :end is not set, + as there will then only be one section. + " + newvalues(:first, :last, :all) + defaultto :first + end + + newparam(:where) do + desc "If set, and no existing line matches :pattern, place the new + line after or before (according to :addhow) the first line + matching this regexp. If not set, or if no line matches + :where, :line is added at the end of the file if :addhow is + append, or at the beginning of the file if :addhow is prepend. + " + defaultto false + end + + newparam(:addhow) do + desc "Whether to append or prepend a new line." + newvalues(:append, :prepend) + defaultto :append + end +end diff --git a/Lib/puppet/type/regexp_replace_lines.rb b/Lib/puppet/type/regexp_replace_lines.rb new file mode 100644 index 0000000000000000000000000000000000000000..4103ee46cf289964199c04372c1334a14b02c860 --- /dev/null +++ b/Lib/puppet/type/regexp_replace_lines.rb @@ -0,0 +1,157 @@ +require 'nsc_utils' + + +Puppet::Type.newtype(:regexp_replace_lines) do + + @doc = "Replace lines in the file :file matching regexp :pattern with + :replacement, unless they also match the regexp :skip. The + pattern is implicitly anchored at the start and end of the line. + The replacement text can use the standard Ruby regexp replacement + back-references. + + Only lines within sections delimited by the patterns :start + and :end are eligible for replacement. Sections must in turn + lie within \"groups\" that are delimited by the patterns + :group_start and :group_end. These patterns are anchored at + the start of the line. + + An open section will be canceled if the surrounding group ends, + and similarly an open group will be canceled if end of file is + reached. However, if the end patterns are not set, the sections + and groups extend to the end of the group and file, respectively. + Similarly, if the start patterns are not set, sections and + groups begin at the start of the group and file, respectively. + + By default, the lines that mark the start and end of sections + are not part of the sections themselves, and the lines that + mark the start and end of groups are not part of the groups + themselves. However, if the delimiter patterns start with a + plus sign (+), the corresponding lines will be counted as being + part of the sections or groups. + + Note that the replacement must be idempotent. It is an error + if the result of the replacement still matches :pattern. + " + + newparam(:name) do + desc "Name/title of action." + end + + newparam(:file) do + desc "The file to edit" + end + + newparam(:group_start) do + desc "Regexp specifying lines that start groups. + " + defaultto false + + munge do |value| + return (value == "") ? false : value + end + end + + newparam(:group_end) do + desc "Regexp specifying lines that ends groups. + " + defaultto false + + munge do |value| + return (value == "") ? false : value + end + end + + newparam(:start) do + desc "Only do replacements on lines after ones matching this regexp. + " + defaultto false + + munge do |value| + return (value == "") ? false : value + end + end + + newparam(:end) do + desc "Stop replacing after reaching a line matching this regexp. + " + defaultto false + + munge do |value| + return (value == "") ? false : value + end + end + + newparam(:pattern) do + desc "Replace lines looking like this regexp (implicitly anchored at + the beginning and end of the line). + " + + validate do |value| + if value == "" + self.fail "Parameter 'pattern' must not be the empty string" + end + end + end + + newparam(:skip) do + desc "Don't replace lines looking like this regexp (implicitly + anchored at the beginning and end of the line). + " + defaultto false + + munge do |value| + return (value == "") ? false : value + end + end + + newproperty(:replacement) do + desc "What to replace the lines with. + Standard Ruby backreferences can be used. + " + + def retrieve + @to_replace = [] + @saves = {} + NSC_Utils::on_section_lines(self.resource, @saves) do |l,i| + @to_replace.push(i) + end + + if @to_replace.length > 0 + patsource = @saves[:pattern].source + return self.value == patsource ? false : patsource + else + @saves = nil + return self.value + end + end + + def sync + lines = @saves[:lines] + pattern = @saves[:pattern] + skip = @saves[:skip] + replacement = self.value + for i in @to_replace + l = lines[i] + l2 = l.chomp + r = l2.sub(pattern, replacement) + ##puts "--DEBUG: #{i+1}: <#{l2}> => <#{r}>" + if pattern.match(r) and not (skip and skip.match(r)) + msg = "Result of replacement still matches on line #{i+1}" + self.fail(msg) + end + if l[-1,1] == "\n" + r += "\n" + end + lines[i] = r + end + fp = File.new(self.resource[:file], 'w') + fp.write(lines.join("")) + fp.close() + # FIXME: I have no idea what we *should* return here, but at + # least this makes Puppet report that something has been done. + # FIXME: It would be nice if we could convince Puppet to save + # the old version of the file in the filebucket. + return :true + end + end +end diff --git a/Lib/puppet/type/replace_sections.rb b/Lib/puppet/type/replace_sections.rb new file mode 100644 index 0000000000000000000000000000000000000000..d94c2d83950474167f96af7274b57fec3570778b --- /dev/null +++ b/Lib/puppet/type/replace_sections.rb @@ -0,0 +1,127 @@ +require 'nsc_utils' + + +Puppet::Type.newtype(:replace_sections) do + + @doc = "Replace sections of lines in the file :file with :replacement. + All the lines of the sections are replaced by the lines in + :replacement; the old and the new section contents does not + have to be the same number of lines. + + Sections are delimited by lines matching the regexps :start + and :end. By default, the delimiting lines are not part of + the sections, but if the regexps start with a plus sign (+), + they will be. + + Sections must be contained within groups that are delimited + by lines matching the regexps :group_start and :group_end. + See the documentation for regexp_replace_lines for further + details about sections and groups. + + It is up to the caller to ensure that the replacements are + idempotent. + " + + newparam(:name) do + desc "Name/title of action." + end + + newparam(:file) do + desc "The file to edit" + end + + newparam(:group_start) do + desc "Regexp specifying lines that start groups. + " + defaultto false + + munge do |value| + return (value == "") ? false : value + end + end + + newparam(:group_end) do + desc "Regexp specifying lines that ends groups. + " + defaultto false + + munge do |value| + return (value == "") ? false : value + end + end + + newparam(:start) do + desc "Only do replacements on lines after ones matching this regexp. + " + defaultto false + + munge do |value| + return (value == "") ? false : value + end + end + + newparam(:end) do + desc "Stop replacing after reaching a line matching this regexp. + " + defaultto false + + munge do |value| + return (value == "") ? false : value + end + end + + newproperty(:replacement) do + desc "What to replace the lines with. + " + + def retrieve + resources = self.resource + @replacement = self.value + if @replacement[-1,1] != "\n" + @replacement = @replacement + "\n" + end + + @saves = {} + @to_replace = [] + NSC_Utils::on_sections(resource, @saves) do |first, sect, last| + current = (sect.map {|l,i| l}).join('') + if current[-1,1] != "\n" + current += "\n" + end + if current != @replacement + @to_replace.push([first, last, current]) + end + end + + if @to_replace.length > 0 + return @to_replace[0][2].chomp + else + @saves = @replacement = @to_replace = nil + return self.value + end + end + + def sync + lines = @saves[:lines] + for s,e,old in @to_replace.reverse + ##puts "--DEBUG: About to replace #{s}..#{e}" + if s == 0 and e == -1 + lines.insert(0, @replacement) + else + lines[s..e] = @replacement + end + end + + fp = File.new(self.resource[:file], 'w') + fp.write(lines.join("")) + fp.close() + + @saves = @replacement = @to_replace = nil + # FIXME: I have no idea what we *should* return here, but at + # least this makes Puppet report that something has been done. + # FIXME: It would be nice if we could convince Puppet to save + # the old version of the file in the filebucket. + return :true + end + end +end diff --git a/Lib/ruby/nsc_utils.rb b/Lib/ruby/nsc_utils.rb new file mode 100644 index 0000000000000000000000000000000000000000..cf5b81b0d9d882cc572bde8287a154d3ef586bf5 --- /dev/null +++ b/Lib/ruby/nsc_utils.rb @@ -0,0 +1,185 @@ +module NSC_Utils + + def boundary(resources, name) + include_boundary = 0 + boundary = resources[name] + if boundary + if boundary[0,1] == "+" + include_boundary = true + boundary = boundary[1..boundary.length] + else + include_boundary = false + end + boundary = Regexp.new('^' + boundary) + end + return [boundary, include_boundary] + end + module_function :boundary + + + def enumerate(lines) + result = [] + lines.each_with_index do |l,i| + result.push([l,i]) + end + return result + end + module_function :enumerate + + + def extract_sections(lines, startp, include_start, endp, include_end, + cancel_unclosed) + include_start = (include_start ? 0 : 1) + extracted = [[]] + inside = startp ? false : -1 + for l,i in lines + cl = l.chomp + if not inside and startp and startp.match(cl) + inside = i + extracted.push([]) + end + if inside and i >= inside + include_start + extracted[-1].push([l,i]) + end + if inside and endp and endp.match(cl) + if not include_end + extracted[-1].pop() + end + inside = false + end + end + if inside and endp and cancel_unclosed + extracted.pop() + end + extracted.delete([]) + return extracted + end + module_function :extract_sections + + + def on_sections(resources, saves) + group_start, include_group_start = + NSC_Utils::boundary(resources, :group_start) + group_end, include_group_end = + NSC_Utils::boundary(resources, :group_end) + section_start, include_section_start = + NSC_Utils::boundary(resources, :start) + section_end, include_section_end = + NSC_Utils::boundary(resources, :end) + + saves[:lines] = File.readlines(resources[:file]) + groups = NSC_Utils::extract_sections( + NSC_Utils::enumerate(saves[:lines]), + group_start, include_group_start, + group_end, include_group_end, + true) + for grp in groups + sections = NSC_Utils::extract_sections( + grp, + section_start, true, + section_end, true, + true) + for sect in sections + firstline = sect[0][1] + lastline = sect[-1][1] + if not include_section_start + sect = sect[1..-1] or [] + firstline += 1 + end + if not include_section_end + sect = sect[0..-2] + lastline -= 1 + end + yield [firstline, sect, lastline] + end + end + end + module_function :on_sections + + + # FIXME! + # This function is supposed to replace the on_section_lines() function + # below. However, it is as of yet untested, so for the time being, + # the old implementation is the one we use. + def on_section_lines_2(resources, saves) + saves[:pattern] = Regexp.new('^' + resources[:pattern] + '$') + saves[:skip] = resources[:skip] + if saves[:skip] + saves[:skip] = Regexp.new('^' + saves[:skip] + '$') + end + NSC_Utils::on_sections do |firstline, sect, lastline| + for l,i in sect + cl = l.chomp + if saves[:pattern].match(cl) + unless saves[:skip] and saves[:skip].match(cl) + yield [l,i] + end + end + end + end + end + module_function :on_section_lines_2 + + + def on_section_lines(resources, saves) + group_start, include_group_start = + NSC_Utils::boundary(resources, :group_start) + group_end, include_group_end = + NSC_Utils::boundary(resources, :group_end) + section_start, include_section_start = + NSC_Utils::boundary(resources, :start) + section_end, include_section_end = + NSC_Utils::boundary(resources, :end) + saves[:pattern] = Regexp.new('^' + resources[:pattern] + '$') + saves[:skip] = resources[:skip] + if saves[:skip] + saves[:skip] = Regexp.new('^' + saves[:skip] + '$') + end + + saves[:lines] = File.readlines(resources[:file]) + groups = NSC_Utils::extract_sections( + NSC_Utils::enumerate(saves[:lines]), + group_start, include_group_start, + group_end, include_group_end, + true) + for grp in groups + sections = NSC_Utils::extract_sections( + grp, + section_start, include_section_start, + section_end, include_section_end, + true) + for sect in sections + for l,i in sect + cl = l.chomp + if saves[:pattern].match(cl) + unless saves[:skip] and saves[:skip].match(cl) + yield [l,i] + end + end + end + end + end + end + module_function :on_section_lines + + if false + _l1 = [ 'foo', 'bar', 'gazonk', 'del', + 'apelsin', 'citron', 'fromage', + 'choklad', 'pudding', + ] + _l2 = File.readlines('/tmp/trh/grub.conf') + _nl1 = enumerate(_l1) + _nl2 = enumerate(_l2) + _sp1 = /^bar|^citron/ + _ep1 = /^del|^pudding/ + _ep2 = /^del|^choklad/ + _ep3 = /^del|^fromage/ + _ep4 = /^del|^gurksallad/ + _ep5 = /^gurksallad/ + end + + X = 17 + Y = 23 + Z = 69 + +end diff --git a/Makefile b/Makefile new file mode 100644 index 0000000000000000000000000000000000000000..4c9d2a39105d67db1cf38c3aa186bc025846bdc6 --- /dev/null +++ b/Makefile @@ -0,0 +1,85 @@ +RM = rm -vf + +export PUPHOME = $(shell pwd) +export RUBYLIB = ${PUPHOME}/Lib/ruby +# We can't rely on $PATH when Puppet is run from cron. Specifically, +# /sbin and /usr/sbin are missing. +export PATH = /bin:/usr/bin:/sbin:/usr/sbin + +LOGDIR := /var/log/puppet +export LOGDIR # Needed by the log-puppetrun class +NOW := $(shell /bin/date +'%Y %m %d--%H.%M.%S') +MONTHDIR := $(word 1,${NOW})-$(word 2,${NOW}) +TIMESTAMP := $(word 1,${NOW})-$(word 2,${NOW})-$(word 3,${NOW}) +SHORTHOST := $(shell /bin/uname -n | /bin/sed 's/[.].*//') +LOGSUBDIR := ${LOGDIR}/${SHORTHOST}/${MONTHDIR} +LOGFILE := ${LOGSUBDIR}/${TIMESTAMP} + +# Extra flags to give to Puppet +PUPFLAGS= +# Extra environment variables to give to Puppet +PUPENV = + +# Command to strip "uninteresting" messages from cron runs +#STRIPMSG= egrep -v '^notice:|^info:|^debug:' +STRIPMSG= cat +PUPPET = ${PUPENV} puppet --color=false ${PUPFLAGS} --libdir="${PUPHOME}/Lib" --factpath="${PUPHOME}/Lib/facter" + + +default: + cd Files && ${MAKE} + @#cd sendmail && ${MAKE} + +# Note that this target does not install, or change, the cron job that +# runs Puppet. +run: + mkdir -p "${LOGSUBDIR}" + @echo "Source: ${PUPHOME}" >"${LOGFILE}" + @echo "Command: ${PUPPET}" >>"${LOGFILE}" + @echo "" >>"${LOGFILE}" + ${PUPPET} --tags pkgrepo SITE.pp 2>&1 | tee -a "${LOGFILE}" + ${PUPPET} SITE.pp 2>&1 | tee -a "${LOGFILE}" + @if [ `wc -l <"${LOGFILE}"` -le 3 ]; then \ + /bin/rm -f "${LOGFILE}" ; true ; \ + else \ + fin=`date +'%Y-%m-%d %H:%M:%S'`; \ + echo "" >>"${LOGFILE}" ; \ + echo "Finished: $$fin" >>"${LOGFILE}" ; \ + fi + +# This target, however, does install the cron job. +install: + @${MAKE} run PUPENV="PUP_DOINSTALL=true ${PUPENV}" + +# Run from cron +# This target also installs the cron job, but it only logs problems +# to the "terminal". +# Note: egrep will return 1 if nothing matches, which is perfectly normal +# in this case, thus the "; true". Unfortunately we lose the exit status +# of the make command, but it shouldn't matter much here. +cron: + @${MAKE} run PUPENV="PUP_DOINSTALL=true ${PUPENV}" | \ + (${STRIPMSG}; true) + +# The 'kickstart' target is used when we run Puppet from the %post kickstart +# script, since we don't want to actually start the services then. +kickstart: + @${MAKE} run PUPENV="PUP_DOINSTALL=true PUP_RUNDAEMONS=false ${PUPENV}" + +# Perform a "dryrun", i.e run without actually making any changes. +dry: + @${MAKE} run PUPFLAGS="--noop ${PUPFLAGS}" + +test: + ${PUPPET} test.pp + + +clean: + ${RM} .puppethome + cd Files && ${MAKE} clean + @#cd sendmail && ${MAKE} clean + ${RM} *..tmp *.BAK *~ \#.* + + + +.PHONY: default run install cron kickstart test clean diff --git a/README b/README new file mode 100644 index 0000000000000000000000000000000000000000..f9ed36f9eea24de5feb31131dc9ed7724c2c2580 --- /dev/null +++ b/README @@ -0,0 +1,134 @@ +This README file documents how these Puppet manifests are used. + + + +Unlike the "traditional" way of deploying Puppet, this doesn't +use a central puppetmasterd with clients connecting to it using +puppetd. Instead, the manifests are supposed to be directly +accessible in the file system on the clients, and the stand-alone +puppet program is used. + + +The manifests are under CVS revision control, in a central CVS +repository. To apply them on a machine, you check them out +using something like: + + [~]$ cd /config + [/config]$ cvs -d :ext:user@cvshost:repopath co -d TEST puppet + [/config]$ cd TEST + +and then run them using: + + [/config/TEST]$ su + [/config/TEST]# make install + +This will run Puppet (twice, actually; more on that later). The +manifests will also install a cron job that runs Puppet from this +directory (/config/TEST in this example) regularly. + +Other interesting targets in the Makefile are: + +- run 'make run' runs Puppet without installing the cron job + that runs Puppet. + +- dry Similar to 'make run', but it also passes the --noop flag + to Puppet, so you can see what Puppet wants to do without + actually doing anything. Useful when you aren't 100% sure + that your changes are correct. :-) + +- cron This is the target that the cron job uses. The difference + from 'make install' is that it can be configured to filter + out informational messages, so only error messages are + mailed to root. + +- kickstart + Similar to 'make install', but it will make sure all services + are stopped instead of running. This is supposed to be used + when Puppet is run from inside RedHat kickstart, Solaris + jumpstart, or other similar situations. It is not used by these + manifests, but it is used on some NSC clusters. + + +Usually, you have the manifests checked out at least twice on +every client, in different directories. One such directory is +slightly special; it is named SKARP (Swedish for "live", as in a +live grenade), and is usually located under /config. This is +from where clients run normally, and you are not supposed to edit +files directly there; it is kept read-only. + +When you want to change the manifests, you check them out in +another directory (e.g, /config/TEST), and edit and test them +there. When you are satisfied, you check in your changes to CVS, +and check them out under SKARP, using: + + [/config]# make skarp + [/config]# cd SKARP + [/config/SKARP]# make install + +The Makefile in /config is installed automatically by the Puppet +manifests. The "skarp" target will check out the manifests from +CVS into the SKARP subdirectory; it knows that SKARP is read-only, +so you don't need to change permissions manually before or after +checking out to SKARP. + +Note that it is important to run 'make install' from the SKARP +subdirectory after checking out updated manifests there. +Otherwise, the client might have its cron job pointing to a +directory with broken or unmaintained manifests. By running +'make install', the cron job will be updated to point to the +/config/SKARP directory. + + + +LOGGING +======= + +The Makefile and Puppet manifests maintain logs of the Puppet +runs, by default under /var/log/puppet/$HOSTNAME. There will be +one file named "puppetrun", which contain one line for each time +Puppet is run, specifying: + + - timestamp (date and time of day) + - operating system and OS version + - Puppet version + - directory from where the manifests where taken + +By doing a 'tail -n1' on this file, you can quickly see if Puppet +is being run properly, and is running from the correct directory +(i.e, SKARP). + +Logs of what Puppet actually did, including any error messages, +are written in a separate file for each Puppet run. They are +kept in a subdirectory per month, and named after the date and +time when Puppet ran. Log files when nothing happened (no +messages at all from Puppet, neither informational nor error +messages) are however immediately deleted, so you only have the +interesting logs around. + + + +THE PKGREPO TAG +=============== + +As mentioned above, the make targets will actually run Puppet +twice, once with --tags pkgrepo, and once without. In the +manifests, resources that set up package repositories, set +package build flags and so on, are tagged with the tag +'pkgrepo'. This is done because package repositories must be +configured before we try to install any packages, and it is +currently (as of Puppet 0.24.6) not possible to say that some +resources must be implemented before *all* package resources. + + + +PUPPET EXTENSIONS +================= + +There are a few custom resource types for editing lines in text +files included here. You can find them in the Lib/puppet/type +subdirectory. There are documentation strings in the source code +for these that hopefully make their purpose understandable. + +There are also a couple of custom functions (which you can find +in Lib/puppet/parser/functions), and a number of definitions (in +util.pp) which makes use of the custom types. diff --git a/SITE.pp b/SITE.pp new file mode 100644 index 0000000000000000000000000000000000000000..7d4c86b7ed11a780a835b34864e706c4fdcb9f59 --- /dev/null +++ b/SITE.pp @@ -0,0 +1,60 @@ +$puphome = $env_puphome +$pupfiles = "$puphome/Files" + +# The normal location where we check out Puppet, and especially where +# SKARP is located: +$puptree = "/config" +# Where we log Puppet runs: +$pup_logdir = $env_logdir + +$osdist = "${operatingsystem}-${lsbdistrelease}" + +# We set $running to stopped when Puppet is run during kickstart, and +# use $running in every service definition when we would normally have +# specified 'ensure => running', so services aren't started while the +# machine is installing. +$running = $env_pup_rundaemons ? { "false" => stopped, default => running, } + + +import "util.pp" +import "rootuser.pp" +import "osfixes.pp" +import "autofs.pp" +import "printing.pp" +import "time.pp" +import "puppet.pp" +import "environment.pp" +import "nis.pp" +import "network.pp" +import "kerberos.pp" +import "syslog.pp" +import "mail.pp" +import "nrpe.pp" + + +node "furfur" +{ + $puptree = "/root/puppet" + + include user-environment + include development-environment + include sysadm-environment + include workstation + include network + include kerberos + include syslog + include mail + include nrpe + + include root-home + include osfixes + include log-puppetrun + include puppetmaster + # include puppetify + include nis-client-user + include autofs + include printclient + include timeclient-static + include multimedia-station + +} diff --git a/autofs.pp b/autofs.pp new file mode 100644 index 0000000000000000000000000000000000000000..36ed5fa013237d7a6f95debbf4e6c2862a6812ac --- /dev/null +++ b/autofs.pp @@ -0,0 +1,24 @@ +class autofs +{ + package { + "autofs": + ensure => installed, + name => $operatingsystem? { + "Debian" => "autofs", + }; + } + + file { + "/etc/auto.master": + ensure => file, + owner => "root", group => "root", mode => 644, + require => Package["autofs"], + content => template("$pupfiles/auto.master.erb"); + } + + service { + "autofs": + enable => true, ensure => $running, + require => Package["autofs"], subscribe => File["/etc/auto.master"]; + } +} diff --git a/environment.pp b/environment.pp new file mode 100644 index 0000000000000000000000000000000000000000..220e7b9630646f337e4dab0f37bfe91e4e194d33 --- /dev/null +++ b/environment.pp @@ -0,0 +1,142 @@ +class user-environment::debian +{ + package { + [ + "emacs", "screen", "telnet" + ]: + ensure => installed; + } +} + +class user-environment +{ + include "user-environment::$operatingsystem" +} + + + +class development-environment::debian +{ + package { + [ + "build-essential", "subversion", "cvs", "git" + ]: + ensure => installed; + } +} + +class development-environment +{ + include "development-environment::$operatingsystem" +} + + + +class sysadm-environment::debian +{ + package { + [ + "pciutils", "usbutils", + "sysstat", "strace", "lsof", "lshw", + "traceroute" + ]: + ensure => installed; + } +} + +class sysadm-environment +{ + include "sysadm-environment::$operatingsystem" +} + + + +class x11-client::debian +{ + package { + [ + "xterm", + "gv", "xpdf" + ]: + ensure => installed; + } +} + +# X11 programs that are of "generic" use, and can be of use remotely +# as well. Very graphically intensive applications that will almost +# certainly be used on machines with a local display do not belong +# here. +class x11-client +{ + include "x11-client::$operatingsystem" +} + + + +class x11-server::debian +{ + package { + [ + ]: + ensure => installed; + } +} + +class x11-server +{ + include "x11-server::$operatingsystem" + + file { + "/etc/X11/xorg.conf": + content => template("$pupfiles/xorg.conf-${hostname}.erb"), + owner => "root", group => "root", mode => 0444, + require => Class["x11-server::$operatingsystem"]; + } +} + + + +class workstation::debian +{ + package { + [ + ]: + ensure => installed; + } +} + +class workstation +{ + include x11-server + include x11-client + include "workstation::$operatingsystem" +} + + + +class audio-station::debian +{ +# package { +# [ +# ]: +# ensure => installed; +# } +} + +class audio-station +{ + include "audio-station::$operatingsystem" +} + + + +class multimedia-station::debian +{ +} + +class multimedia-station +{ + include workstation + include audio-station + include "multimedia-station::$operatingsystem" +} diff --git a/kerberos.pp b/kerberos.pp new file mode 100644 index 0000000000000000000000000000000000000000..303e0df8364d9ffccf557a56f5a502c2bffa1fb4 --- /dev/null +++ b/kerberos.pp @@ -0,0 +1,55 @@ +class pam +{ + file { + "/etc/pam.d/common-auth": + ensure => file, + owner => "root", group => "root", mode => 644, + source => "$pupfiles/common-auth"; + "/etc/pam.d/common-account": + ensure => file, + owner => "root", group => "root", mode => 644, + source => "$pupfiles/common-account"; + "/etc/pam.d/common-session": + ensure => file, + owner => "root", group => "root", mode => 644, + source => "$pupfiles/common-session"; + "/etc/pam.d/common-password": + ensure => file, + owner => "root", group => "root", mode => 644, + source => "$pupfiles/common-password"; + + } +} + +class kerberos +{ + $krb5 = $operatingsystem ? { + "Debian" => "krb5-user", + } + + $pam_krb5 = $operatingsystem ? { + "Debian" => "libpam-krb5" + } + + $krb5_conf = $operatingsystem ? { + "Debian" => "/etc/krb5.conf", + default => "/etc/krb5/krb5.conf" + } + + package { + [ $krb5, $pam_krb5 ]: + ensure => installed, + } + + file { + "/etc/krb5.conf": + name => $krb5_conf, + ensure => file, + owner => "root", group => "root", mode => 644, + require => Package[$krb5], + source => "$pupfiles/krb5.conf"; + } + + include pam +} + diff --git a/mail.pp b/mail.pp new file mode 100644 index 0000000000000000000000000000000000000000..0536470d75dc0ffd718be1d33b74ad378ef49847 --- /dev/null +++ b/mail.pp @@ -0,0 +1,15 @@ +class mail +{ + package { + "ssmtp": + ensure => installed; + } + + file { + "/etc/ssmtp/ssmtp.conf": + ensure => file, + owner => "root", group => "root", mode => 644, + require => Package["ssmtp"], + content => template("$pupfiles/ssmtp.conf.erb"); + } +} diff --git a/network.pp b/network.pp new file mode 100644 index 0000000000000000000000000000000000000000..de78da6768bcdfa1c8ea7fb512e110943dc59556 --- /dev/null +++ b/network.pp @@ -0,0 +1,60 @@ +class dns +{ + file { + "/etc/resolv.conf": + ensure => file, + owner => "root", group => "root", mode => 644, + source => "$pupfiles/resolv.conf"; + } +} + +class hosts +{ + file { + "/etc/hosts": + ensure => file, + owner => "root", group => "root", mode => 644, + content => template("$pupfiles/hosts.erb"); + } +} + +class interfaces +{ + file { + "interfaces": + name => $operatingsystem? { + "Debian" => "/etc/network/interfaces" + }, + ensure => file, + owner => "root", group => "root", mode => 644, + content => template("$pupfiles/interfaces-${operatingsystem}.erb"); + } +} + +class ssh +{ + package { + "ssh": + ensure => installed + } + + service { + "ssh": + enable => true, ensure => $running, + require => Package["ssh"], subscribe => File["/etc/ssh/sshd_config"]; + } + + file { + "/etc/ssh/sshd_config": + ensure => file, + owner => "root", group => "root", mode => 600; + } +} + +class network +{ + include interfaces + include hosts + include dns + include ssh +} diff --git a/nis.pp b/nis.pp new file mode 100644 index 0000000000000000000000000000000000000000..76348fd12daf20b8a52fcffe84f06809fa5b129e --- /dev/null +++ b/nis.pp @@ -0,0 +1,73 @@ +class nis-generic +{ + package { + "nis": + ensure => installed, + name => $operatingsystem? { + "Debian" => "nis", + }; + } + + file { + "/etc/defaultdomain": + name => $operatingsystem? { + "Debian" => "/etc/defaultdomain", + }, + ensure => file, + owner => "root", group => "root", mode => 644, + require => Package["nis"], + content => "lysator" + } + + service { + "nis": + enable => true, ensure => $running, + pattern => "ypbind", + require => Package["nis"], subscribe => File["/etc/defaultdomain"], subscribe => File["/etc/yp.conf"]; + } +} + +class nis-client-generic inherits nis-generic +{ + file { + "/etc/yp.conf": + name => $operatingsystem? { + "Debian" => "/etc/yp.conf", + }, + ensure => file, + owner => "root", group => "root", mode => 644, + require => Package["nis"], + source => "$pupfiles/yp.conf"; + } +} + +class nis-client-limited inherits nis-client-generic +{ + file { + "/etc/nsswitch.conf": + ensure => file, + owner => "root", group => "root", mode => 644, + source => "$pupfiles/nsswitch.conf-limited", + require => Package["nis"]; + } + + ensure_line { + passwd_root: + file => "/etc/passwd", + line => "+@root:x::::/roots:"; + passwd_nouser: + file => "/etc/passwd", + line => "+:x:::::/bin/nologin"; + } +} + +class nis-client-user inherits nis-client-generic +{ + file { + "/etc/nsswitch.conf": + ensure => file, + owner => "root", group => "root", mode => 644, + source => "$pupfiles/nsswitch.conf-user", + require => Package["nis"]; + } +} diff --git a/nrpe.pp b/nrpe.pp new file mode 100644 index 0000000000000000000000000000000000000000..ceedc1f26f4010fbed6011417b3f74d5f4fab2a8 --- /dev/null +++ b/nrpe.pp @@ -0,0 +1,36 @@ +class nrpe +{ + package { + "nagios-nrpe-plugin": + ensure => installed, + name => $operatingsystem? { + "Debian" => "nagios-nrpe-plugin", + }; + "nagios-nrpe-server": + ensure => installed, + name => $operatingsystem? { + "Debian" => "nagios-nrpe-server", + }; + } + + file { + "/etc/nagios/nrpe.cfg": + ensure => file, + owner => "root", group => "root", mode => 644, + require => Package["nagios-nrpe-server"], + source => "$pupfiles/nrp.cfg"; + "/opt/nrpe": + ensure => directory, + owner => "root", group => "root", mode => 644, + require => Package["subversion"]; + } + + service { + "nrpe": + name => "nagios-nrpe-server", + enable => true, ensure => $running, + pattern => "nrpe", + require => Package["nagios-nrpe-plugin"], + require => Package["nagios-nrpe-server"]; + } +} diff --git a/osfixes-debian.pp b/osfixes-debian.pp new file mode 100644 index 0000000000000000000000000000000000000000..c6d48ea82ea195eb74fe9540a7cdb4afcef4dec6 --- /dev/null +++ b/osfixes-debian.pp @@ -0,0 +1,18 @@ +class debian-keep-os-updated +{ +} + +class debian-no-networkmanager +{ + package { + [ + "network-manager", "gnome-network-manager" + ]: + ensure => absent; + } +} + +class debian-fixes +{ + include debian-no-networkmanager +} diff --git a/osfixes-fedora.pp b/osfixes-fedora.pp new file mode 100644 index 0000000000000000000000000000000000000000..d1d97c93d53fc69cd6ac0805df9846583f348f23 --- /dev/null +++ b/osfixes-fedora.pp @@ -0,0 +1,182 @@ +class fedora-package-repositories +{ + yumrepo { + "nsc": + descr => "NSC - Internal repository", + baseurl => "http://spocto.nsc.liu.se/repo/el5/\$basearch/", + enabled => 0; + } +} + +class fedora-extra-packages +{ + package { + [ ]: + ensure => installed; + } +} + +class fedora-keep-os-updated +{ + service { + "yum-updatesd": + enable => false, ensure => stopped; + } + if "" { + exec { + "/usr/bin/yum -d 1 -e 0 -y update": + logoutput => true, + schedule => updates; + } + } else { + cron { + update-os: + command => "sleep \$[\$RANDOM\\%1200]; yum -d 1 -e 0 -y update", + user => "root", + month => "1-12", monthday => "1-31", weekday => "0-7", + hour => "3", minute => "33"; + } + } +} + +class fedora-no-wtmp-rotation +{ + comment_lines { + wtmp-logrotate: + file => "/etc/logrotate.conf", + start => "+/var/log/[wb]tmp", end => "+\\}", + comment => "## "; + } +} + +class fedora-verbose-text-boot +{ + regexp_replace_lines { + no_rhgb_boot: + file => "/boot/grub/grub.conf", + pattern => "([ \t]*kernel[ \t].*)[ \t]rhgb(|[ \t].*)", + replacement => "\\1\\2"; + no_quiet_boot: + file => "/boot/grub/grub.conf", + pattern => "([ \t]*kernel[ \t].*)[ \t]quiet(|[ \t].*)", + replacement => "\\1\\2"; + no_hidden_menu: + file => "/boot/grub/grub.conf", + pattern => "hiddenmenu", + replacement => "#\\&"; + } + ensure_line { + grub_timeout: + file => "/boot/grub/grub.conf", + line => "timeout=5", + pattern => "timeout[ \t]*=", + where => "title", + addhow => prepend; + } +} + +class fedora-thunderbird-junk +{ + tidy { + "/tmp/tmprules.dat": + backup => false, age => "5m"; + # Wildcards doesn't seem to be supported. + ##--"/tmp/tmprules-*.dat": + ##-- backup => false, age => "5m"; + } + exec { + "/bin/rm -vf /tmp/tmprules-*.dat": + logoutput => false, onlyif => "/bin/ls /tmp/tmprules-*.dat"; + } +} + +class fedora-profile-aliases +{ + tidy { + "/etc/profile.d/colorls.sh": age => "0"; + "/etc/profile.d/colorls.csh": age => "0"; + "/etc/profile.d/vim.sh": age => "0"; + "/etc/profile.d/vim.csh": age => "0"; + "/etc/profile.d/which-2.sh": age => "0"; + # We can't kill lang.sh, since other parts of Fedora + # explicitly source it. But the i18n-settings class + # at least makes it less harmful... + ##--"/etc/profile.d/lang.sh": age => "0"; + ##--"/etc/profile.d/lang.csh": age => "0"; + "/etc/profile.d/ccache.sh": age => "0"; + "/etc/profile.d/ccache.csh": age => "0"; + "/etc/profile.d/gnome-ssh-askpass.sh": age => "0"; + "/etc/profile.d/gnome-ssh-askpass.csh": age => "0"; + } +} + +class fedora-i18n-settings +{ + comment_lines { + sysconfig_no_lang: + file => "/etc/sysconfig/i18n", + pattern => "LANG=.*"; + } + ensure_line { + sysconfig_lc_ctype: + file => "/etc/sysconfig/i18n", + line => "LC_CTYPE=sv_SE.UTF-8", + pattern => "LC_CTYPE=", + where => ".*LANG=", addhow => append; + } +} + +class fedora-selinux +{ + rh_sysconfig { + selinux-selinux: + subsystem => "selinux", + setting => "SELINUX", value => "disabled"; + selinux-selinuxtype: + subsystem => "selinux", + setting => "SELINUXTYPE", value => "targeted"; + } +} + +class fedora-lvm +{ + ensure_line { + lvm_filter_devices: + file => "/etc/lvm/lvm.conf", + line => " filter = [ \"r|/dev/cdrom|\", \"r|/dev/fd.*|\" ]", + pattern => "[ \t]*filter[ \t]*=.*", + where => "^devices"; + lvm_filter_devices_comment: + file => "/etc/lvm/lvm.conf", + line => " # Trying to do LVM on CDs or floppies is foolish.", + where => "[ \t]*filter[ \t]*=.*", + addhow => prepend, + require => Ensure_line[lvm_filter_devices]; + } +} + + +class fedora8-fixes +{ + include fedora-package-repositories + include fedora-extra-packages + include fedora-no-wtmp-rotation + include fedora-verbose-text-boot + include fedora-thunderbird-junk + include fedora-profile-aliases + include fedora-i18n-settings + include fedora-selinux + include fedora-lvm + + file { "/dev/shm": + ensure => "directory", + owner => "root", group => "root", mode => 1777; + } + ensure_line { + boot_runlevel: + file => "/etc/inittab", + line => "id:3:initdefault:", + pattern => "^id:.*", + where => "^$|^[^#].*$", addhow => prepend; + } +} diff --git a/osfixes.pp b/osfixes.pp new file mode 100644 index 0000000000000000000000000000000000000000..21d2465b1a76bd251e8a0eb558a1a299f25595d4 --- /dev/null +++ b/osfixes.pp @@ -0,0 +1,27 @@ +import "osfixes-debian.pp" + +schedule { + updates: + range => "3:00-5:00", period => daily, repeat => 1; +} + + +class keep-os-updated +{ + case $operatingsystem { + "Debian": { + include debian-keep-os-updated + } + } +} + + +class osfixes +{ + case $operatingsystem { + "Debian": { + include debian-fixes + } + } + include keep-os-updated +} diff --git a/printing.pp b/printing.pp new file mode 100644 index 0000000000000000000000000000000000000000..1d3c9ab554a40f414bec0ea22138e9b3dfbee831 --- /dev/null +++ b/printing.pp @@ -0,0 +1,46 @@ +class cups-printclient +{ + file { + "/etc/cups/printers.conf": + source => "$pupfiles/cups-printers.conf-client", + owner => root, group => lp, mode => 0600; + } +} + +class cups-printserver +{ + file { + "/etc/cups/printers.conf": + source => "$pupfiles/cups-printers.conf-server", + owner => root, group => lp, mode => 0600; + } +} + +class cups +{ + service { + cups: + subscribe => File["/etc/cups/printers.conf"] + } +} + + +class printclient +{ + case $operatingsystem { + "Fedora": { + include cups + include cups-printclient + } + } +} + +class printserver +{ + case $operatingsystem { + "Fedora": { + include cups + include cups-printserver + } + } +} diff --git a/puppet.pp b/puppet.pp new file mode 100644 index 0000000000000000000000000000000000000000..856cd0159c613ae73d9bfaf116ae144d7747f75b --- /dev/null +++ b/puppet.pp @@ -0,0 +1,78 @@ +class puppetify +{ + $puppetpkg = $operatingsystem ? { + "Debian" => "puppet", + "Fedora" => "puppet", + "CentOS" => "puppet", + "Gentoo" => "app-admin/puppet" + } + package { + $puppetpkg: + ensure => present; + } + + if $env_pup_doinstall { + cron { + run-puppet: + command => "sleep \$[\$RANDOM\\%300]; cd '$puphome' && make -s --no-print-directory cron", + user => "root", + month => "1-12", monthday => "1-31", weekday => "0-7", + hour => "*/4", minute => "7", + ensure => present; + } + file { + "/etc/init.d/puppetrun": + ensure => file, + content => template("$pupfiles/puppetrun-rcinit.erb"), + owner => "root", group => "root", mode => 0555; + } + service { + "puppetrun": + # We don't run this at boot, since it takes too long when + # don't have network (not uncommon on a portable). + # FIXME: This should be configurable per node. + enable => false, + ensure => stopped, hasstatus => true, + require => [ File["/etc/init.d/puppetrun"], + Package[$puppetpkg] ]; + "puppet": + enable => false, ensure => stopped, hasstatus => true, + require => Package[$puppetpkg]; + } + } +} + + +class puppetmaster +{ + file { + "$puptree/Makefile": + ensure => file, + content => template("$pupfiles/puppet-Makefile.erb"), + owner => "root", group => "root", mode => 0444; + } +} + + +class log-puppetrun +{ + $runlogdir = "$pup_logdir/${hostname}" + $runlogfile = "$runlogdir/puppetrun" + $timestamp = strftime("%Y-%m-%d %H:%M:%S") + + file { + $runlogdir: + ensure => directory, owner => root, group => root, mode => 0755; + $runlogfile: + ensure => file, owner => root, group => root, mode => 0644, + require => File[$runlogdir]; + } + ensure_line { + log_puppetrun: + file => $runlogfile, + line => sprintf("%s\t%s\t%s\t%s", + $timestamp, $osdist, $puppetversion, $puphome), + require => File[$runlogfile], + loglevel => info; + } +} diff --git a/rootuser.pp b/rootuser.pp new file mode 100644 index 0000000000000000000000000000000000000000..a52c66fa431b66706bf73c4a2d7be110d522d24d --- /dev/null +++ b/rootuser.pp @@ -0,0 +1,25 @@ +$root_home = $operatingsystem ? { + solaris => "/", + default => "/root", +} + +class root-home +{ + file { + "$root_home/.emacs": + source => "$pupfiles/root-.emacs", + owner => "root", group => "root", mode => 0644; + "$root_home/.bashrc": + source => "$pupfiles/root-.bashrc", + owner => "root", group => "root", mode => 0644; + "$root_home/.bash_profile": + source => "$pupfiles/root-.bash_profile", + owner => "root", group => "root", mode => 0644; + "$root_home/.bash_logout": + source => "$pupfiles/root-.bash_logout", + owner => "root", group => "root", mode => 0644; + "$root_home/.cvsrc": + source => "$pupfiles/root-.cvsrc", + owner => "root", group => "root", mode => 0644; + } +} diff --git a/syslog.pp b/syslog.pp new file mode 100644 index 0000000000000000000000000000000000000000..05bd1fb084ab18a6e74b27c29db5c16616149fdd --- /dev/null +++ b/syslog.pp @@ -0,0 +1,33 @@ +class syslog +{ + $syslog_conf = $operatingsystem ? { + default => "/etc/syslog.conf" + } + + $syslog = $operatingsystem ? { + "Debian" => "sysklogd", + default => "syslogd" + } + + file { + "/etc/syslog.conf": + name => $syslog_conf, + ensure => file, + owner => "root", group => "root", mode => 644, + source => "$pupfiles/syslogd.conf"; + } + + service { + "$syslog": + enable => true, ensure => $running, + pattern => "syslog", + subscribe => File["/etc/syslog.conf"]; + } + + cron { + "syslog_mark": + command => "/usr/bin/logger mark", + user => root, + minute => 43 + } +} diff --git a/time.pp b/time.pp new file mode 100644 index 0000000000000000000000000000000000000000..dd75860d54f6ed98d869b52e16003374a1e95094 --- /dev/null +++ b/time.pp @@ -0,0 +1,58 @@ +class ntp-generic +{ + package { + "ntp": + ensure => installed, + name => $operatingsystem ? { + "Debian" => "ntp", + }; + } + file { + "/var/lib/ntp": + # Ntpd needs to be able to store /var/lib/ntp/drift. + ensure => directory, + owner => "ntp", group => "ntp", mode => 0755, + require => Package["ntp"]; + } + case $operatingsystem { + "Fedora", "CentOS": { + rh_sysconfig { + ntpd_options: + subsystem => "ntpd", setting => "OPTIONS", + value => '"-g -u ntp:ntp -p /var/run/ntpd.pid"', + require => Package["ntp"], + notify => Service["ntp"]; + } + } + #"Ubuntu": { + #} + } + file { + "/etc/ntp.conf": + name => "/etc/ntp.conf", + owner => "root", group => "root", mode => 0444, + require => Package["ntp"]; + } + service { + "ntp": + enable => true, ensure => $running, + require => Package["ntp"], subscribe => File["/etc/ntp.conf"]; + } +} + + +class timeserver inherits ntp-generic +{ + File["/etc/ntp.conf"] { + source => "$pupfiles/ntp.conf-server" + } +} + + +class timeclient-static inherits ntp-generic +{ + File["/etc/ntp.conf"] { + source => "$pupfiles/ntp.conf-client" + } +} + diff --git a/util.pp b/util.pp new file mode 100644 index 0000000000000000000000000000000000000000..d5ef71ea4e502738e11a8cccf4dd6d07e65c84d1 --- /dev/null +++ b/util.pp @@ -0,0 +1,510 @@ +# Comment out lines in the file $file matching the regexp $pattern. +# The regexp is implicitly anchored at both ends of the line. +# This is only done on matching lines within sections within groups; +# see the regexp_replace_lines type for how sections and groups work. +# +# Commenting out is done by adding $comment (default "#") to the start +# of the lines, and $comment_end to the end of the lines. + +define comment_lines($file, $pattern=".*", $comment="#", $comment_end="", + $group_start="", $group_end="", $start="", $end="") +{ + $quoted_comment = regexp_quote($comment) + $quoted_comment_end = regexp_quote($comment_end) + + regexp_replace_lines { + "comment--$title--$file--$start--$end": + file => $file, + group_start => $group_start, group_end => $group_end, + start => $start, end => $end, + pattern => "${pattern}", + skip => "${quoted_comment}${pattern}(${quoted_comment_end})?", + replacement => "${comment}\\&${comment_end}"; + } +} + + + +define config_option($file, $option, $value, $ensure="present") +{ + case $ensure { + "present": { + ensure_line { + "config_option--$file--$option": + file => $file, + line => "${option}=${value}", + pattern => "^(#)?${option}[ \t]*=.*$"; + } + } + "absent": { + # FIXME: This will create an out-commented line if none exists. + ensure_line { + "config_option--$file--$option": + file => $file, + line => "#${option}=${value}", + pattern => "^(#)?${option}[ \t]*=.*$"; + } + } + "purged": { + delete_lines { + "config_option--$file--$option": + file => $file, + pattern => "^(#)?${option}[ \t]*=.*$"; + } + } + default: { + fail("Bad config_option parameter ensure: $ensure") + } + } +} + + +# Ensure that the variable $setting is set to $value for subsystem $subsystem. +# If $service is set, that service is notified when the file is changed. +# +# Note that if you need spaces or other shell metacharacters in $value, +# you need to quote it yourself. +# +# This definition is RedHat-specific, as it does its duty by editing +# the /etc/sysconfig/$subsystem file. + +define rh_sysconfig($subsystem, $setting, $value, $ensure="present", + $service="") +{ + config_option { + "rh_sysconfig--${subsystem}--${setting}": + file => "/etc/sysconfig/${subsystem}", + option => $setting, + value => $value, + ensure => $ensure, + notify => $service ? { "" => [], default => Service[$service] }; + } +} + + + +# Configure settings in /etc/make.conf in Gentoo/Portage. +# Parameters: +# - $name The name of the setting, e.g. CFLAGS, FEATURES or VIDEO_CARDS +# - $value The value of the setting. The value will be surrounded +# by double quotes, but no other quoting of the value will +# be done. Be careful to not have newlines in the value, +# since portage_makeconf won't be able to handle what it +# will write in the file. +# - $ensure 'present' (default), 'absent' or 'purged' + +define portage_makeconf($value="", $ensure="present") +{ + config_option { + "portage_makeconf--$name": + file => "/etc/make.conf", + option => $name, + value => "\"${value}\"", + ensure => $ensure, + tag => "pkgrepo"; + } +} + + + +# Internal helper class for Gentoo/Portage. +class portage_files__ +{ + file { + "/etc/portage": + ensure => directory, + owner => "root", group => "root", mode => "0755"; + [ "/etc/portage/package.use", + "/etc/portage/package.keywords", + "/etc/portage/package.mask", + "/etc/portage/package.unmask" + ]: + ensure => file, + owner => "root", group => "root", mode => "0444"; + } +} + +# Declare Portage USE flags for packages. +# Parameters: +# - $name The package for which USE flags are set. +# The special name "GLOBAL" means set global use flags, +# i.e. set the USE variable in /etc/make.conf. +# - $use The USE flags to set. When set to the empty string, +# the entire line for the package will be removed from +# /etc/portage/package.use. + +# Note: It might be tempting to add an automatic before => Package[$name], +# but that would be a mistake. Sometimes you want to set use flags for +# packages that are only installed as dependencies for other packages, +# not because you want that package for itself. Having to add that +# package to the Puppet manifests would be a nuisance, and wrong (it +# would then appear in the Portage world file). +# Instead we tag the changes with 'pkgrepo', so it will be done in +# the first run of Puppet from Make. + +define portage_useflags($use) +{ + case $name { + "GLOBAL": { + portage_makeconf { + "USE": value => $use; + } + } + default: { + include portage_files__ + $quoted_package = regexp_quote($name) + $quoted_use = regexp_quote($use) + if $use { + ensure_line { + "portage-useflags--$name": + file => "/etc/portage/package.use", + line => sprintf("%-24s\t%s", $name, $use), + pattern => "$quoted_package[ \t]+.*", + sufficient => "$quoted_package[ \t]+$quoted_use", + require => File["/etc/portage/package.use"], + tag => 'pkgrepo'; + } + } else { + delete_lines { + "portage-useflags--$name": + file => "/etc/portage/package.use", + pattern => "$quoted_package[ \t]+.*", + require => File["/etc/portage/package.use"], + tag => 'pkgrepo'; + } + } + } + } +} + + + +# Declare Portage keyword for packages. +# Parameters: +# - $name The package for which keyword is set. +# The special name "GLOBAL" means set global keyword, +# i.e. set the ACCEPT_KEYWORDS variable in /etc/make.conf. +# - $keyword The keyword to set. When set to the empty string, +# the entire line for the package will be removed from +# /etc/portage/package.keywords. + +# Note: Don't add a before => Package[$name]; see the note for +# portage_useflags for further explanation. + +define portage_keyword($keyword) +{ + case $name { + "GLOBAL": { + portage_makeconf { + "ACCEPT_KEYWORDS": value => $keyword; + } + } + default: { + include portage_files__ + $quoted_package = regexp_quote($name) + $quoted_keyword = regexp_quote($keyword) + if $keyword { + ensure_line { + "portage-keyword--$name": + file => "/etc/portage/package.keywords", + line => sprintf("%-24s\t%s", $name, $keyword), + pattern => "$quoted_package[ \t]+.*", + sufficient => "$quoted_package[ \t]+$quoted_keyword", + require => File["/etc/portage/package.keywords"], + tag => 'pkgrepo'; + } + } else { + delete_lines { + "portage-keyword--$name": + file => "/etc/portage/package.keywords", + pattern => "$quoted_package[ \t]+.*", + require => File["/etc/portage/package.keywords"], + tag => 'pkgrepo'; + } + } + } + } +} + + + +# Set Gentoo config options, in /etc/conf.d. +# Parameters: +# - $subsystem The subsystem for which an option is defined. The option +# will be written to /etc/conf.d/$subsystem. +# - $option The name of the option to set. +# - $value The value of the option. The value will be surrounded +# by double quotes, but no other quoting will be performed. +# - $ensure 'present' (default), 'absent' or 'purged'. + +define gentoo_conf($subsystem, $option, $value, $ensure="present") +{ + config_option { + "gentoo--${subsystem}--${option}": + file => "/etc/conf.d/${subsystem}", + option => $option, + value => "\"${value}\"", + ensure => $ensure; + } +} + + + +# Set options for a Xinetd service. +# Assumes that the service definition is in a file in /etc/xinetd.d +# with the same name as the service. + +define xinetd_srv_option($service, $option, $value) +{ + $qopt = regexp_quote($option) + $qval = regexp_quote($value) + + ensure_line { + "xinetd--$service--$option": + file => "/etc/xinetd.d/$service", + line => sprintf("\t%-23s = %s", $option, $value), + pattern => sprintf("[ \t]*%s[ \t]*=", $qopt), + sufficient => sprintf("[ \t]*%s[ \t]*=[ \t]*%s[ \t]*$", + $qopt, $qval), + start => ".*\\{", + end => "[ \t]*\\}", + } +} + + + +# Create (or remove) a system accont, i.e one with a "low" uid. +# The normal user type can't be instructed to create a system +# account without hardcoding a uid, which we don't want to do. +# +# A group with the same name as the user will be created at the +# same time. +# +# This implementation is RedHat specific. + +define rh_sysuser($comment="", $home="/", $shell="/sbin/nologin", + $ensure="present") +{ + rh_sysgroup { + $name: + ensure => $ensure; + } + case $ensure { + "present": { + exec { + "sysuser--$name": + command => "useradd -r -c '$comment' -M -d '$home' -s '$shell' -g '$name' '$name'", + unless => "getent passwd '$name'", + path => "/sbin:/usr/sbin:/bin:/usr/bin", + require => Rh_sysgroup[$name]; + } + } + "absent": { + exec { + "sysuser--$name": + command => "userdel -f '$name'", + onlyif => "getent passwd '$name'", + path => "/sbin:/usr/sbin:/bin:/usr/bin", + before => Rh_sysgroup[$name]; + } + } + default: { + fail("Bad rh_sysuser parameter ensure: $ensure") + } + } + # These are here so we get auto-require from things that want + # user and/or group names, like the file type. + user { + "$name": + ensure => $ensure, + gid => $name, comment => $comment, home => $home, shell => $shell, + require => Exec["sysuser--$name"] + } +} + + +define rh_sysgroup($ensure="present") +{ + case $ensure { + "present": { + exec { + "sysgroup--$name": + command => "groupadd -r '$name'", + unless => "getent group '$name'", + path => "/sbin:/usr/sbin:/bin:/usr/bin"; + } + } + "absent": { + exec { + "sysgroup--$name": + command => "groupdel '$name'", + onlyif => "getent group '$name'", + path => "/sbin:/usr/sbin:/bin:/usr/bin"; + } + } + default: { + fail("Bad rh_sysgroup parameter ensure: $ensure") + } + } + # This is here so we get auto-require from things that want + # group names, like the file type. + group { + "$name": + ensure => $ensure, require => Exec["sysgroup--$name"] + } +} + + + +# Mirror a directory tree using rsync. +# +# The key in the file $sshkey must not be encrypted. +# +# For security, the remote host should have something like this as flags +# in its .ssh/authorized_keys file for the key: +# +# command="/usr/bin/rsync --server -vlogDtprR --delete --delete-excluded . $dir" +# no-pty +# no-port-forwarding +# no-agent-forwarding +# no-X11-forwarding + +define rsync_mirror($source, $target, + $sshkey="", + $unless="", $onlyif="", $creates="", + $month="1-12", $monthday="1-31", $weekday="0-7", + $hour="", $minute="", + $ensure="present" + ) +{ + if $sshkey { + $sshcmd = "ssh -i$sshkey" + } else { + $sshcmd = "ssh" + } + $rsynccmd = "rsync -aRqv --no-implied-dirs --delete --delete-excluded" + $command = "RSYNC_RSH=\"$sshcmd\" $rsynccmd '$source' '$target'" + + case $ensure { + "present": { + exec { + "$rsynccmd '$source' '$target'": + path => "/bin:/usr/bin", + unless => $unless ? { "" => undef, default => $unless }, + onlyif => $onlyif ? { "" => undef, default => $onlyif }, + creates => $creates ? { "" => undef, default => $creates }; + } + + if $hour { + cron { + "mirror--$title": + command => "PATH=/bin:/usr/bin; $command", + user => "root", + month => $month, monthday => $monthday, + weekday => $weekday, + hour => $hour, minute => $minute; + } + } + } + "absent": { + tidy { + $target: + recurse => true, rmdirs => true, + size => 0, + backup => false + ; + } + cron { + "mirror--$title": + command => "PATH=/bin:/usr/bin; $command", + ensure => absent; + } + } + default: { + fail("Bad rsync_mirror parameter ensure: $ensure") + } + } +} + + + +# The interface type in Puppet 0.24.x is broken. We thus define +# our own version, although with a somewhat different API. + +define rh_interface($bootproto="static", + $ipaddress="", + $netmask="", + $gateway="", + $onboot="yes", + $ensure="up", + $persistent_dhcp="yes") +{ + file { + "/etc/sysconfig/network-scripts/ifcfg-$name": + content => template("$pupfiles/rh-ifcfg.erb"), + owner => "root", group => "root", mode => 0444, + notify => Exec["rh_interface--ifconfig--$name/$ensure"]; + } + case $ensure { + "up": { + exec { + "rh_interface--ifconfig--$name/up": + command => "/sbin/ifdown '$name' && /sbin/ifup '$name'", + refreshonly => true, + path => "/bin:/usr/bin:/sbin:/usr/sbin"; + } + } + "down": { + exec { + "rh_interface--ifconfig--$name/down": + command => "/sbin/ifdown '$name'", + refreshonly => true, + path => "/bin:/usr/bin:/sbin:/usr/sbin"; + } + } + default: { + fail("Bad ensure parameter to rh_interface $title: $ensure") + } + } +} + + + +# Define a sysctl setting. +# +# This sets the kernel's current value, as well as adding it to +# /etc/sysctl.conf so it gets loaded immediately when booting. +# +# Setting $value to the empty string ("") will remove the setting +# from /etc/sysctl.conf. However, since there is no way to make +# the running kernel revert to its default value, it will not take +# effect until next boot. +# +# Note also that some sysctl parameters may require a restart of +# the kernel subsystem to take effect (e.g, the NFS lock daemon). + +define sysctl($value) +{ + $qname = regexp_quote($name) + + if $value { + ensure_line { + "sysctl--$name": + file => "/etc/sysctl.conf", + line => "$name = $value", + pattern => "${qname}[ \t]*=.*"; + } + exec { + "sysctl-w-$name": + command => "sysctl -w $name=$value", + unless => "[ \"`sysctl -n $name`\" = '$value' ]", + path => "/sbin:/bin:/usr/bin"; + } + } else { + delete_lines { + "sysctl--$name": + file => "/etc/sysctl.conf", + pattern => "${qname}[ \t]*=.*"; + } + } +}