Final import from SVN.
This commit is contained in:
parent
a7c0ac84a1
commit
87d366dcbe
|
@ -0,0 +1,116 @@
|
|||
# This is the default auth.conf file, which implements the default rules
|
||||
# used by the puppet master. (That is, the rules below will still apply
|
||||
# even if this file is deleted.)
|
||||
#
|
||||
# The ACLs are evaluated in top-down order. More specific stanzas should
|
||||
# be towards the top of the file and more general ones at the bottom;
|
||||
# otherwise, the general rules may "steal" requests that should be
|
||||
# governed by the specific rules.
|
||||
#
|
||||
# See http://docs.puppetlabs.com/guides/rest_auth_conf.html for a more complete
|
||||
# description of auth.conf's behavior.
|
||||
#
|
||||
# Supported syntax:
|
||||
# Each stanza in auth.conf starts with a path to match, followed
|
||||
# by optional modifiers, and finally, a series of allow or deny
|
||||
# directives.
|
||||
#
|
||||
# Example Stanza
|
||||
# ---------------------------------
|
||||
# path /path/to/resource # simple prefix match
|
||||
# # path ~ regex # alternately, regex match
|
||||
# [environment envlist]
|
||||
# [method methodlist]
|
||||
# [auth[enthicated] {yes|no|on|off|any}]
|
||||
# allow [host|backreference|*|regex]
|
||||
# deny [host|backreference|*|regex]
|
||||
# allow_ip [ip|cidr|ip_wildcard|*]
|
||||
# deny_ip [ip|cidr|ip_wildcard|*]
|
||||
#
|
||||
# The path match can either be a simple prefix match or a regular
|
||||
# expression. `path /file` would match both `/file_metadata` and
|
||||
# `/file_content`. Regex matches allow the use of backreferences
|
||||
# in the allow/deny directives.
|
||||
#
|
||||
# The regex syntax is the same as for Ruby regex, and captures backreferences
|
||||
# for use in the `allow` and `deny` lines of that stanza
|
||||
#
|
||||
# Examples:
|
||||
#
|
||||
# path ~ ^/path/to/resource # Equivalent to `path /path/to/resource`.
|
||||
# allow * # Allow all authenticated nodes (since auth
|
||||
# # defaults to `yes`).
|
||||
#
|
||||
# path ~ ^/catalog/([^/]+)$ # Permit nodes to access their own catalog (by
|
||||
# allow $1 # certname), but not any other node's catalog.
|
||||
#
|
||||
# path ~ ^/file_(metadata|content)/extra_files/ # Only allow certain nodes to
|
||||
# auth yes # access the "extra_files"
|
||||
# allow /^(.+)\.example\.com$/ # mount point; note this must
|
||||
# allow_ip 192.168.100.0/24 # go ABOVE the "/file" rule,
|
||||
# # since it is more specific.
|
||||
#
|
||||
# environment:: restrict an ACL to a comma-separated list of environments
|
||||
# method:: restrict an ACL to a comma-separated list of HTTP methods
|
||||
# auth:: restrict an ACL to an authenticated or unauthenticated request
|
||||
# the default when unspecified is to restrict the ACL to authenticated requests
|
||||
# (ie exactly as if auth yes was present).
|
||||
#
|
||||
|
||||
### Authenticated ACLs - these rules apply only when the client
|
||||
### has a valid certificate and is thus authenticated
|
||||
|
||||
# allow nodes to retrieve their own catalog
|
||||
path ~ ^/catalog/([^/]+)$
|
||||
method find
|
||||
allow $1
|
||||
|
||||
# allow nodes to retrieve their own node definition
|
||||
path ~ ^/node/([^/]+)$
|
||||
method find
|
||||
allow $1
|
||||
|
||||
# allow all nodes to access the certificates services
|
||||
path /certificate_revocation_list/ca
|
||||
method find
|
||||
allow *
|
||||
|
||||
# allow all nodes to store their own reports
|
||||
path ~ ^/report/([^/]+)$
|
||||
method save
|
||||
allow $1
|
||||
|
||||
# Allow all nodes to access all file services; this is necessary for
|
||||
# pluginsync, file serving from modules, and file serving from custom
|
||||
# mount points (see fileserver.conf). Note that the `/file` prefix matches
|
||||
# requests to both the file_metadata and file_content paths. See "Examples"
|
||||
# above if you need more granular access control for custom mount points.
|
||||
path /file
|
||||
allow *
|
||||
|
||||
### Unauthenticated ACLs, for clients without valid certificates; authenticated
|
||||
### clients can also access these paths, though they rarely need to.
|
||||
|
||||
# allow access to the CA certificate; unauthenticated nodes need this
|
||||
# in order to validate the puppet master's certificate
|
||||
path /certificate/ca
|
||||
auth any
|
||||
method find
|
||||
allow *
|
||||
|
||||
# allow nodes to retrieve the certificate they requested earlier
|
||||
path /certificate/
|
||||
auth any
|
||||
method find
|
||||
allow *
|
||||
|
||||
# allow nodes to request a new certificate
|
||||
path /certificate_request
|
||||
auth any
|
||||
method find, save
|
||||
allow *
|
||||
|
||||
# deny everything else; this ACL is not strictly necessary, but
|
||||
# illustrates the default policy.
|
||||
path /
|
||||
auth any
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
|
||||
dnsclient::nameservers:
|
||||
- '140.211.166.130'
|
||||
- '140.211.166.131'
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
|
||||
dnsclient::searchorder: 'apache.org'
|
||||
|
||||
dnsclient::nameserver1: '8.8.8.8'
|
||||
dnsclient::nameserver2: '8.8.4.4'
|
|
@ -0,0 +1,34 @@
|
|||
---
|
||||
classes: ['']
|
||||
|
||||
ldapclient::ldapcert: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIE7jCCA9agAwIBAgIJAKVPvcTSmTbFMA0GCSqGSIb3DQEBBQUAMIGqMQswCQYD
|
||||
VQQGEwJVUzERMA8GA1UECBMITWFyeWxhbmQxFTATBgNVBAcTDEZvcnJlc3QgSGls
|
||||
bDEjMCEGA1UEChMaQXBhY2hlIFNvZnR3YXJlIEZvdW5kYXRpb24xFzAVBgNVBAsT
|
||||
DkluZnJhc3RydWN0dXJlMRMwEQYDVQQDEwphcGFjaGUub3JnMR4wHAYJKoZIhvcN
|
||||
AQkBFg9yb290QGFwYWNoZS5vcmcwHhcNMTQwNDAzMTcwNzMxWhcNMjQwMzMxMTcw
|
||||
NzMxWjCBqjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE1hcnlsYW5kMRUwEwYDVQQH
|
||||
EwxGb3JyZXN0IEhpbGwxIzAhBgNVBAoTGkFwYWNoZSBTb2Z0d2FyZSBGb3VuZGF0
|
||||
aW9uMRcwFQYDVQQLEw5JbmZyYXN0cnVjdHVyZTETMBEGA1UEAxMKYXBhY2hlLm9y
|
||||
ZzEeMBwGCSqGSIb3DQEJARYPcm9vdEBhcGFjaGUub3JnMIIBIjANBgkqhkiG9w0B
|
||||
AQEFAAOCAQ8AMIIBCgKCAQEAxb2CT2ZhJFYifDAloSpIV2vGoys280UsDvz77sTO
|
||||
AcdAyuNHH7uwfVQMc68IXunB2KP0XL1r0Ur9Opm0E8RjFW2P9qquDDcgX8Noghv+
|
||||
q5gxWeOePFqe9BsQov6Xr42SUT1YSQ3/2g3j1jTOCzNy7/XszLuI4BJLu6/R+VX+
|
||||
e7YczTeednj4mU/KGJbzrTj+VdQW8ZPsPdlvCFp9NO9v00rKt3A/7XuyYBJwlgvD
|
||||
3r6J8M7UkCuIuLwEQxKeINso853Ucpvd42xfuUiBV4ahEOyEblT5YPL7n1V5BxD/
|
||||
qhAV7neq9pVz0to9HF1GjafK/k5tUiTFx3XbBzHgRa7z/wIDAQABo4IBEzCCAQ8w
|
||||
HQYDVR0OBBYEFI669DBJxSoUJihXSlQK7VDUnsPKMIHfBgNVHSMEgdcwgdSAFI66
|
||||
9DBJxSoUJihXSlQK7VDUnsPKoYGwpIGtMIGqMQswCQYDVQQGEwJVUzERMA8GA1UE
|
||||
CBMITWFyeWxhbmQxFTATBgNVBAcTDEZvcnJlc3QgSGlsbDEjMCEGA1UEChMaQXBh
|
||||
Y2hlIFNvZnR3YXJlIEZvdW5kYXRpb24xFzAVBgNVBAsTDkluZnJhc3RydWN0dXJl
|
||||
MRMwEQYDVQQDEwphcGFjaGUub3JnMR4wHAYJKoZIhvcNAQkBFg9yb290QGFwYWNo
|
||||
ZS5vcmeCCQClT73E0pk2xTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IB
|
||||
AQAI7HP4tVEj8DZ1fiKH947RsRuC12H4mIeO6H9P15rFp9AkDgZxIGjoGW13yGhn
|
||||
p/4jDNZWwitCoj4ztDCrMjb9v5xuHhOB/Ny5N4eByEPpiZ3z/626XDHSjfc36F0Y
|
||||
ey2ghZN7EU0eG3q9GPjDDXjefEyieN8p6QjBCeTOGAF25pX/8AxNO/Znk2D4LGGm
|
||||
S1GpVMgMmwfXR4lncdwpRnpu/k2z079SROSmuFnwsMtGOeBA/1tGXBF/5LuLpKyk
|
||||
1BXsdDCBgYk+eXh4gG/GJaI/IvDyAp81cF2oFbqQY1fc8heMHhQ1667EOqRrqe/k
|
||||
P6Hk8NQdShbeE0/nDvYchhV5
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
|
||||
classes:
|
||||
- base
|
||||
- dnsclient
|
||||
- ldapclient
|
||||
- pam
|
||||
- pkgng
|
||||
- sudoers
|
||||
|
||||
pkgprovider: 'pkgng'
|
|
@ -0,0 +1,5 @@
|
|||
pctony@apache.org
|
||||
humbedooh@apache.org
|
||||
gmcdonald@apache.org
|
||||
joes@apache.org
|
||||
|
|
@ -0,0 +1 @@
|
|||
---
|
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
|
||||
classes:
|
||||
- base
|
||||
- dnsclient
|
||||
- ldapclient
|
||||
- subversionclient
|
||||
- sudoers
|
||||
|
||||
ldapclient::ldapclient_packages:
|
||||
- ldap-auth-client
|
||||
- ldap-utils
|
||||
- libldap-2.4-2
|
|
@ -0,0 +1,23 @@
|
|||
---
|
||||
|
||||
## If you edit this file, you need to make sure that the webserver is restarted.
|
||||
|
||||
|
||||
:backends:
|
||||
- eyaml
|
||||
- yaml
|
||||
- module_data
|
||||
|
||||
:hierarchy:
|
||||
- "%{clientcert}"
|
||||
- "%{asf_osname}/%{asf_osrelease}"
|
||||
- "colo/%{asf_colo}"
|
||||
- "%{environment}"
|
||||
- "common"
|
||||
|
||||
:yaml:
|
||||
:datadir: '/usr/local/etc/puppet/data'
|
||||
|
||||
:eyaml:
|
||||
:datadir: '/usr/local/etc/puppet/data'
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
hiera_include("classes")
|
||||
|
||||
include customfact
|
||||
|
||||
node default {
|
||||
}
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
---
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
:hierarchy:
|
||||
- "%{asf_osname}/%{asf_osrelease}"
|
||||
- "common"
|
|
@ -0,0 +1,4 @@
|
|||
#/etc/puppet/modules/_TEMPLATE/manifests/init.pp
|
||||
|
||||
class _TEMPLATE {
|
||||
}
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
|
||||
base::base_packages:
|
||||
- 'bash-4.3.0_1'
|
||||
- 'ca_root_nss-3.15.5'
|
||||
- 'git-1.9.0_1'
|
||||
- 'zsh-5.0.5'
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
:hierarchy:
|
||||
- "%{asf_osname}/%{asf_osrelease}"
|
||||
- "common"
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
|
||||
base::base_packages:
|
||||
- 'bash'
|
||||
- 'ca_root_nss-3.15.5'
|
||||
- 'git'
|
||||
- 'zsh-5.0.5'
|
||||
- 'apt-file'
|
|
@ -0,0 +1,12 @@
|
|||
#/usr/local/etc/puppet/modules/base/manifests/init.pp
|
||||
|
||||
class base (
|
||||
$base_packages = [],
|
||||
$pkgprovider = '',
|
||||
) {
|
||||
|
||||
|
||||
package { $base_packages:
|
||||
ensure => installed,
|
||||
}
|
||||
}
|
|
@ -0,0 +1,95 @@
|
|||
##2014-03-04 - Supported Release 1.0.2
|
||||
###Summary
|
||||
|
||||
This is a supported release. No functional changes were made from 1.0.1.
|
||||
|
||||
####Features
|
||||
- Huge amount of tests backported from 1.1.
|
||||
- Documentation rewrite.
|
||||
|
||||
####Bugfixes
|
||||
|
||||
####Known Bugs
|
||||
|
||||
* Not supported on Windows.
|
||||
|
||||
|
||||
##2014-02-12 - 1.0.1
|
||||
|
||||
###Summary
|
||||
|
||||
Minor bugfixes for sorting of fragments and ordering of resources.
|
||||
|
||||
####Bugfixes
|
||||
- LANG => C replaced with LC_ALL => C to reduce spurious recreation of
|
||||
fragments.
|
||||
- Corrected pluginsync documentation.
|
||||
- Ensure concat::setup always runs before fragments.
|
||||
|
||||
|
||||
##2013-08-09 - 1.0.0
|
||||
|
||||
###Summary
|
||||
|
||||
Many new features and bugfixes in this release, and if you're a heavy concat
|
||||
user you should test carefully before upgrading. The features should all be
|
||||
backwards compatible but only light testing has been done from our side before
|
||||
this release.
|
||||
|
||||
####Features
|
||||
- New parameters in concat:
|
||||
- `replace`: specify if concat should replace existing files.
|
||||
- `ensure_newline`: controls if fragments should contain a newline at the end.
|
||||
- Improved README documentation.
|
||||
- Add rspec:system tests (rake spec:system to test concat)
|
||||
|
||||
####Bugfixes
|
||||
- Gracefully handle \n in a fragment resource name.
|
||||
- Adding more helpful message for 'pluginsync = true'
|
||||
- Allow passing `source` and `content` directly to file resource, rather than
|
||||
defining resource defaults.
|
||||
- Added -r flag to read so that filenames with \ will be read correctly.
|
||||
- sort always uses LANG=C.
|
||||
- Allow WARNMSG to contain/start with '#'.
|
||||
- Replace while-read pattern with for-do in order to support Solaris.
|
||||
|
||||
####CHANGELOG:
|
||||
- 2010/02/19 - initial release
|
||||
- 2010/03/12 - add support for 0.24.8 and newer
|
||||
- make the location of sort configurable
|
||||
- add the ability to add shell comment based warnings to
|
||||
top of files
|
||||
- add the ablity to create empty files
|
||||
- 2010/04/05 - fix parsing of WARN and change code style to match rest
|
||||
of the code
|
||||
- Better and safer boolean handling for warn and force
|
||||
- Don't use hard coded paths in the shell script, set PATH
|
||||
top of the script
|
||||
- Use file{} to copy the result and make all fragments owned
|
||||
by root. This means we can chnage the ownership/group of the
|
||||
resulting file at any time.
|
||||
- You can specify ensure => "/some/other/file" in concat::fragment
|
||||
to include the contents of a symlink into the final file.
|
||||
- 2010/04/16 - Add more cleaning of the fragment name - removing / from the $name
|
||||
- 2010/05/22 - Improve documentation and show the use of ensure =>
|
||||
- 2010/07/14 - Add support for setting the filebucket behavior of files
|
||||
- 2010/10/04 - Make the warning message configurable
|
||||
- 2010/12/03 - Add flags to make concat work better on Solaris - thanks Jonathan Boyett
|
||||
- 2011/02/03 - Make the shell script more portable and add a config option for root group
|
||||
- 2011/06/21 - Make base dir root readable only for security
|
||||
- 2011/06/23 - Set base directory using a fact instead of hardcoding it
|
||||
- 2011/06/23 - Support operating as non privileged user
|
||||
- 2011/06/23 - Support dash instead of bash or sh
|
||||
- 2011/07/11 - Better solaris support
|
||||
- 2011/12/05 - Use fully qualified variables
|
||||
- 2011/12/13 - Improve Nexenta support
|
||||
- 2012/04/11 - Do not use any GNU specific extensions in the shell script
|
||||
- 2012/03/24 - Comply to community style guides
|
||||
- 2012/05/23 - Better errors when basedir isnt set
|
||||
- 2012/05/31 - Add spec tests
|
||||
- 2012/07/11 - Include concat::setup in concat improving UX
|
||||
- 2012/08/14 - Puppet Lint improvements
|
||||
- 2012/08/30 - The target path can be different from the $name
|
||||
- 2012/08/30 - More Puppet Lint cleanup
|
||||
- 2012/09/04 - RELEASE 0.2.0
|
||||
- 2012/12/12 - Added (file) $replace parameter to concat
|
|
@ -0,0 +1,20 @@
|
|||
source ENV['GEM_SOURCE'] || "https://rubygems.org"
|
||||
|
||||
group :development, :test do
|
||||
gem 'rake', :require => false
|
||||
gem 'rspec-puppet', :require => false
|
||||
gem 'puppetlabs_spec_helper', :require => false
|
||||
gem 'beaker', :require => false
|
||||
gem 'beaker-rspec', :require => false
|
||||
gem 'puppet-lint', :require => false
|
||||
gem 'serverspec', :require => false
|
||||
gem 'pry', :require => false
|
||||
end
|
||||
|
||||
if puppetversion = ENV['PUPPET_GEM_VERSION']
|
||||
gem 'puppet', puppetversion, :require => false
|
||||
else
|
||||
gem 'puppet', :require => false
|
||||
end
|
||||
|
||||
# vim:ft=ruby
|
|
@ -0,0 +1,14 @@
|
|||
Copyright 2012 R.I.Pienaar
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
name 'puppetlabs-concat'
|
||||
version '1.0.2'
|
||||
source 'git://github.com/puppetlabs/puppetlabs-concat.git'
|
||||
author 'Puppetlabs'
|
||||
license 'Apache 2.0'
|
||||
summary 'Concat module'
|
||||
description 'Concat module'
|
||||
project_page 'http://github.com/puppetlabs/puppetlabs-concat'
|
|
@ -0,0 +1,91 @@
|
|||
== Module: concat
|
||||
|
||||
A system to construct files using fragments from other files or templates.
|
||||
|
||||
This requires at least puppet 0.25 to work correctly as we use some
|
||||
enhancements in recursive directory management and regular expressions
|
||||
to do the work here.
|
||||
|
||||
=== Usage:
|
||||
|
||||
The basic use case is as below:
|
||||
|
||||
concat{"/etc/named.conf":
|
||||
notify => Service["named"]
|
||||
}
|
||||
|
||||
concat::fragment{"foo.com_config":
|
||||
target => "/etc/named.conf",
|
||||
order => 10,
|
||||
content => template("named_conf_zone.erb")
|
||||
}
|
||||
|
||||
# add a fragment not managed by puppet so local users
|
||||
# can add content to managed file
|
||||
concat::fragment{"foo.com_user_config":
|
||||
target => "/etc/named.conf",
|
||||
order => 12,
|
||||
ensure => "/etc/named.conf.local"
|
||||
}
|
||||
|
||||
This will use the template named_conf_zone.erb to build a single
|
||||
bit of config up and put it into the fragments dir. The file
|
||||
will have an number prefix of 10, you can use the order option
|
||||
to control that and thus control the order the final file gets built in.
|
||||
|
||||
You can also specify a path and use a different name for your resources:
|
||||
|
||||
# You can make this something dynamic, based on whatever parameters your
|
||||
# module/class for example.
|
||||
$vhost_file = '/etc/httpd/vhosts/01-my-vhost.conf'
|
||||
|
||||
concat{'apache-vhost-myvhost':
|
||||
path => $vhost_file,
|
||||
}
|
||||
|
||||
# We don't care where the file is located, just what to put in it.
|
||||
concat::fragment {'apache-vhost-myvhost-main':
|
||||
target => 'apache-vhost-myvhost',
|
||||
content => '<virtualhost *:80>',
|
||||
order => 01,
|
||||
}
|
||||
|
||||
concat::fragment {'apache-vhost-myvhost-close':
|
||||
target => 'apache-vhost-myvhost',
|
||||
content => '</virtualhost>',
|
||||
order => 99,
|
||||
}
|
||||
|
||||
=== Setup:
|
||||
|
||||
The class concat::setup uses the fact concat_basedir to define the variable
|
||||
$concatdir, where all the temporary files and fragments will be
|
||||
durably stored. The fact concat_basedir will be set up on the client to
|
||||
<Puppet[:vardir]>/concat, so you will be able to run different setup/flavours
|
||||
of puppet clients.
|
||||
However, since this requires the file lib/facter/concat_basedir.rb to be
|
||||
deployed on the clients, so you will have to set "pluginsync = true" on
|
||||
both the master and client, at least for the first run.
|
||||
|
||||
There's some regular expression magic to figure out the puppet version but
|
||||
if you're on an older 0.24 version just set $puppetversion = 24
|
||||
|
||||
=== Detail:
|
||||
|
||||
We use a helper shell script called concatfragments.sh that gets placed
|
||||
in <Puppet[:vardir]>/concat/bin to do the concatenation. While this might
|
||||
seem more complex than some of the one-liner alternatives you might find on
|
||||
the net we do a lot of error checking and safety checks in the script to avoid
|
||||
problems that might be caused by complex escaping errors etc.
|
||||
|
||||
=== License:
|
||||
|
||||
Apache Version 2
|
||||
|
||||
=== Latest:
|
||||
|
||||
http://github.com/puppetlabs/puppetlabs-concat/
|
||||
|
||||
=== Contact:
|
||||
|
||||
Puppetlabs, via our puppet-users@ mailing list.
|
|
@ -0,0 +1,154 @@
|
|||
What is it?
|
||||
===========
|
||||
|
||||
A Puppet module that can construct files from fragments.
|
||||
|
||||
Please see the comments in the various .pp files for details
|
||||
as well as posts on my blog at http://www.devco.net/
|
||||
|
||||
Released under the Apache 2.0 licence
|
||||
|
||||
Usage:
|
||||
------
|
||||
|
||||
If you wanted a /etc/motd file that listed all the major modules
|
||||
on the machine. And that would be maintained automatically even
|
||||
if you just remove the include lines for other modules you could
|
||||
use code like below, a sample /etc/motd would be:
|
||||
|
||||
<pre>
|
||||
Puppet modules on this server:
|
||||
|
||||
-- Apache
|
||||
-- MySQL
|
||||
</pre>
|
||||
|
||||
Local sysadmins can also append to the file by just editing /etc/motd.local
|
||||
their changes will be incorporated into the puppet managed motd.
|
||||
|
||||
<pre>
|
||||
# class to setup basic motd, include on all nodes
|
||||
class motd {
|
||||
$motd = "/etc/motd"
|
||||
|
||||
concat{$motd:
|
||||
owner => root,
|
||||
group => root,
|
||||
mode => '0644',
|
||||
}
|
||||
|
||||
concat::fragment{"motd_header":
|
||||
target => $motd,
|
||||
content => "\nPuppet modules on this server:\n\n",
|
||||
order => 01,
|
||||
}
|
||||
|
||||
# local users on the machine can append to motd by just creating
|
||||
# /etc/motd.local
|
||||
concat::fragment{"motd_local":
|
||||
target => $motd,
|
||||
ensure => "/etc/motd.local",
|
||||
order => 15
|
||||
}
|
||||
}
|
||||
|
||||
# used by other modules to register themselves in the motd
|
||||
define motd::register($content="", $order=10) {
|
||||
if $content == "" {
|
||||
$body = $name
|
||||
} else {
|
||||
$body = $content
|
||||
}
|
||||
|
||||
concat::fragment{"motd_fragment_$name":
|
||||
target => "/etc/motd",
|
||||
content => " -- $body\n"
|
||||
}
|
||||
}
|
||||
|
||||
# a sample apache module
|
||||
class apache {
|
||||
include apache::install, apache::config, apache::service
|
||||
|
||||
motd::register{"Apache": }
|
||||
}
|
||||
</pre>
|
||||
|
||||
Detailed documentation of the class options can be found in the
|
||||
manifest files.
|
||||
|
||||
Known Issues:
|
||||
-------------
|
||||
* Since puppet-concat now relies on a fact for the concat directory,
|
||||
you will need to set up pluginsync = true on both the master and client
|
||||
node's '/etc/puppet/puppet.conf' for at least the first run.
|
||||
You have this issue if puppet fails to run on the client and you have
|
||||
a message similar to
|
||||
"err: Failed to apply catalog: Parameter path failed: File
|
||||
paths must be fully qualified, not 'undef' at [...]/concat/manifests/setup.pp:44".
|
||||
|
||||
Contributors:
|
||||
-------------
|
||||
**Paul Elliot**
|
||||
|
||||
* Provided 0.24.8 support, shell warnings and empty file creation support.
|
||||
|
||||
**Chad Netzer**
|
||||
|
||||
* Various patches to improve safety of file operations
|
||||
* Symlink support
|
||||
|
||||
**David Schmitt**
|
||||
|
||||
* Patch to remove hard coded paths relying on OS path
|
||||
* Patch to use file{} to copy the resulting file to the final destination. This means Puppet client will show diffs and that hopefully we can change file ownerships now
|
||||
|
||||
**Peter Meier**
|
||||
|
||||
* Basedir as a fact
|
||||
* Unprivileged user support
|
||||
|
||||
**Sharif Nassar**
|
||||
|
||||
* Solaris/Nexenta support
|
||||
* Better error reporting
|
||||
|
||||
**Christian G. Warden**
|
||||
|
||||
* Style improvements
|
||||
|
||||
**Reid Vandewiele**
|
||||
|
||||
* Support non GNU systems by default
|
||||
|
||||
**Erik Dalén**
|
||||
|
||||
* Style improvements
|
||||
|
||||
**Gildas Le Nadan**
|
||||
|
||||
* Documentation improvements
|
||||
|
||||
**Paul Belanger**
|
||||
|
||||
* Testing improvements and Travis support
|
||||
|
||||
**Branan Purvine-Riley**
|
||||
|
||||
* Support Puppet Module Tool better
|
||||
|
||||
**Dustin J. Mitchell**
|
||||
|
||||
* Always include setup when using the concat define
|
||||
|
||||
**Andreas Jaggi**
|
||||
|
||||
* Puppet Lint support
|
||||
|
||||
**Jan Vansteenkiste**
|
||||
|
||||
* Configurable paths
|
||||
|
||||
Contact:
|
||||
--------
|
||||
puppet-users@ mailing list.
|
|
@ -0,0 +1,5 @@
|
|||
require 'puppetlabs_spec_helper/rake_tasks'
|
||||
require 'puppet-lint/tasks/puppet-lint'
|
||||
|
||||
PuppetLint.configuration.send('disable_80chars')
|
||||
PuppetLint.configuration.send('disable_quoted_booleans')
|
|
@ -0,0 +1,2 @@
|
|||
---
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
:hierarchy:
|
||||
- "%{operatingsystem}/%{asf_osrelease}"
|
||||
- "common"
|
||||
|
||||
:yaml:
|
||||
:datadir: .
|
|
@ -0,0 +1,140 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Script to concat files to a config file.
|
||||
#
|
||||
# Given a directory like this:
|
||||
# /path/to/conf.d
|
||||
# |-- fragments
|
||||
# | |-- 00_named.conf
|
||||
# | |-- 10_domain.net
|
||||
# | `-- zz_footer
|
||||
#
|
||||
# The script supports a test option that will build the concat file to a temp location and
|
||||
# use /usr/bin/cmp to verify if it should be run or not. This would result in the concat happening
|
||||
# twice on each run but gives you the option to have an unless option in your execs to inhibit rebuilds.
|
||||
#
|
||||
# Without the test option and the unless combo your services that depend on the final file would end up
|
||||
# restarting on each run, or in other manifest models some changes might get missed.
|
||||
#
|
||||
# OPTIONS:
|
||||
# -o The file to create from the sources
|
||||
# -d The directory where the fragments are kept
|
||||
# -t Test to find out if a build is needed, basically concats the files to a temp
|
||||
# location and compare with what's in the final location, return codes are designed
|
||||
# for use with unless on an exec resource
|
||||
# -w Add a shell style comment at the top of the created file to warn users that it
|
||||
# is generated by puppet
|
||||
# -f Enables the creation of empty output files when no fragments are found
|
||||
# -n Sort the output numerically rather than the default alpha sort
|
||||
#
|
||||
# the command:
|
||||
#
|
||||
# concatfragments.sh -o /path/to/conffile.cfg -d /path/to/conf.d
|
||||
#
|
||||
# creates /path/to/conf.d/fragments.concat and copies the resulting
|
||||
# file to /path/to/conffile.cfg. The files will be sorted alphabetically
|
||||
# pass the -n switch to sort numerically.
|
||||
#
|
||||
# The script does error checking on the various dirs and files to make
|
||||
# sure things don't fail.
|
||||
|
||||
OUTFILE=""
|
||||
WORKDIR=""
|
||||
TEST=""
|
||||
FORCE=""
|
||||
WARN=""
|
||||
SORTARG=""
|
||||
ENSURE_NEWLINE=""
|
||||
|
||||
PATH=/sbin:/usr/sbin:/bin:/usr/bin
|
||||
|
||||
## Well, if there's ever a bad way to do things, Nexenta has it.
|
||||
## http://nexenta.org/projects/site/wiki/Personalities
|
||||
unset SUN_PERSONALITY
|
||||
|
||||
while getopts "o:s:d:tnw:fl" options; do
|
||||
case $options in
|
||||
o ) OUTFILE=$OPTARG;;
|
||||
d ) WORKDIR=$OPTARG;;
|
||||
n ) SORTARG="-n";;
|
||||
w ) WARNMSG="$OPTARG";;
|
||||
f ) FORCE="true";;
|
||||
t ) TEST="true";;
|
||||
l ) ENSURE_NEWLINE="true";;
|
||||
* ) echo "Specify output file with -o and fragments directory with -d"
|
||||
exit 1;;
|
||||
esac
|
||||
done
|
||||
|
||||
# do we have -o?
|
||||
if [ x${OUTFILE} = "x" ]; then
|
||||
echo "Please specify an output file with -o"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# do we have -d?
|
||||
if [ x${WORKDIR} = "x" ]; then
|
||||
echo "Please fragments directory with -d"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# can we write to -o?
|
||||
if [ -f ${OUTFILE} ]; then
|
||||
if [ ! -w ${OUTFILE} ]; then
|
||||
echo "Cannot write to ${OUTFILE}"
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
if [ ! -w `dirname ${OUTFILE}` ]; then
|
||||
echo "Cannot write to `dirname ${OUTFILE}` to create ${OUTFILE}"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# do we have a fragments subdir inside the work dir?
|
||||
if [ ! -d "${WORKDIR}/fragments" ] && [ ! -x "${WORKDIR}/fragments" ]; then
|
||||
echo "Cannot access the fragments directory"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# are there actually any fragments?
|
||||
if [ ! "$(ls -A ${WORKDIR}/fragments)" ]; then
|
||||
if [ x${FORCE} = "x" ]; then
|
||||
echo "The fragments directory is empty, cowardly refusing to make empty config files"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
cd ${WORKDIR}
|
||||
|
||||
if [ "x${WARNMSG}" = "x" ]; then
|
||||
: > "fragments.concat"
|
||||
else
|
||||
printf '%s\n' "$WARNMSG" > "fragments.concat"
|
||||
fi
|
||||
|
||||
if [ x${ENSURE_NEWLINE} != x ]; then
|
||||
find fragments/ -type f -follow -print0 | xargs -0 -I '{}' sh -c 'if [ -n "$(tail -c 1 < {} )" ]; then echo >> {} ; fi'
|
||||
fi
|
||||
|
||||
# find all the files in the fragments directory, sort them numerically and concat to fragments.concat in the working dir
|
||||
IFS_BACKUP=$IFS
|
||||
IFS='
|
||||
'
|
||||
for fragfile in `find fragments/ -type f -follow | LC_ALL=C sort ${SORTARG}`
|
||||
do
|
||||
cat $fragfile >> "fragments.concat"
|
||||
done
|
||||
IFS=$IFS_BACKUP
|
||||
|
||||
if [ x${TEST} = "x" ]; then
|
||||
# This is a real run, copy the file to outfile
|
||||
cp fragments.concat ${OUTFILE}
|
||||
RETVAL=$?
|
||||
else
|
||||
# Just compare the result to outfile to help the exec decide
|
||||
cmp ${OUTFILE} fragments.concat
|
||||
RETVAL=$?
|
||||
fi
|
||||
|
||||
exit $RETVAL
|
|
@ -0,0 +1,5 @@
|
|||
###
|
||||
## WARNING ::
|
||||
##
|
||||
## This file is managed by puppet. All local changes will be lost at the next puppet run.
|
||||
###
|
|
@ -0,0 +1,11 @@
|
|||
# == Fact: concat_basedir
|
||||
#
|
||||
# A custom fact that sets the default location for fragments
|
||||
#
|
||||
# "${::vardir}/concat/"
|
||||
#
|
||||
Facter.add("concat_basedir") do
|
||||
setcode do
|
||||
File.join(Puppet[:vardir],"concat")
|
||||
end
|
||||
end
|
|
@ -0,0 +1,67 @@
|
|||
# == Define: concat::fragment
|
||||
#
|
||||
# Puts a file fragment into a directory previous setup using concat
|
||||
#
|
||||
# === Options:
|
||||
#
|
||||
# [*target*]
|
||||
# The file that these fragments belong to
|
||||
# [*content*]
|
||||
# If present puts the content into the file
|
||||
# [*source*]
|
||||
# If content was not specified, use the source
|
||||
# [*order*]
|
||||
# By default all files gets a 10_ prefix in the directory you can set it to
|
||||
# anything else using this to influence the order of the content in the file
|
||||
# [*ensure*]
|
||||
# Present/Absent or destination to a file to include another file
|
||||
# [*mode*]
|
||||
# Mode for the file
|
||||
# [*owner*]
|
||||
# Owner of the file
|
||||
# [*group*]
|
||||
# Owner of the file
|
||||
# [*backup*]
|
||||
# Controls the filebucketing behavior of the final file and see File type
|
||||
# reference for its use. Defaults to 'puppet'
|
||||
#
|
||||
define concat::fragment(
|
||||
$target,
|
||||
$content=undef,
|
||||
$source=undef,
|
||||
$order=10,
|
||||
$ensure = 'present',
|
||||
$mode = '0644',
|
||||
$owner = $::id,
|
||||
$group = $concat::setup::root_group,
|
||||
$backup = 'puppet') {
|
||||
$safe_name = regsubst($name, '[/\n]', '_', 'GM')
|
||||
$safe_target_name = regsubst($target, '[/\n]', '_', 'GM')
|
||||
$concatdir = $concat::setup::concatdir
|
||||
$fragdir = "${concatdir}/${safe_target_name}"
|
||||
|
||||
# if content is passed, use that, else if source is passed use that
|
||||
# if neither passed, but $ensure is in symlink form, make a symlink
|
||||
case $ensure {
|
||||
'', 'absent', 'present', 'file', 'directory': {
|
||||
if ! ($content or $source) {
|
||||
crit('No content, source or symlink specified')
|
||||
}
|
||||
}
|
||||
default: {
|
||||
# do nothing, make puppet-lint happy
|
||||
}
|
||||
}
|
||||
|
||||
file{"${fragdir}/fragments/${order}_${safe_name}":
|
||||
ensure => $ensure,
|
||||
mode => $mode,
|
||||
owner => $owner,
|
||||
group => $group,
|
||||
source => $source,
|
||||
content => $content,
|
||||
backup => $backup,
|
||||
alias => "concat_fragment_${name}",
|
||||
notify => Exec["concat_${target}"]
|
||||
}
|
||||
}
|
|
@ -0,0 +1,50 @@
|
|||
#
|
||||
define concat::fragment::puppetwarn::hash(
|
||||
$target,
|
||||
$content="
|
||||
###
|
||||
## ..:: WARNING ::..
|
||||
##
|
||||
## This file is managed by puppet.
|
||||
## All local changes will be lost during
|
||||
## the next puppet run.
|
||||
##
|
||||
###
|
||||
",
|
||||
$source=undef,
|
||||
$order=001,
|
||||
$ensure = 'present',
|
||||
$mode = '0644',
|
||||
$owner = $::id,
|
||||
$group = $concat::setup::root_group,
|
||||
$backup = 'puppet') {
|
||||
$safe_name = regsubst($name, '[/\n]', '_', 'GM')
|
||||
$safe_target_name = regsubst($target, '[/\n]', '_', 'GM')
|
||||
$concatdir = $concat::setup::concatdir
|
||||
$fragdir = "${concatdir}/${safe_target_name}"
|
||||
|
||||
# if content is passed, use that, else if source is passed use that
|
||||
# if neither passed, but $ensure is in symlink form, make a symlink
|
||||
case $ensure {
|
||||
'', 'absent', 'present', 'file', 'directory': {
|
||||
if ! ($content or $source) {
|
||||
crit('No content, source or symlink specified')
|
||||
}
|
||||
}
|
||||
default: {
|
||||
# do nothing, make puppet-lint happy
|
||||
}
|
||||
}
|
||||
|
||||
file{"${fragdir}/fragments/${order}_${safe_name}":
|
||||
ensure => $ensure,
|
||||
mode => $mode,
|
||||
owner => $owner,
|
||||
group => $group,
|
||||
source => $source,
|
||||
content => $content,
|
||||
backup => $backup,
|
||||
alias => "concat_fragment_${name}",
|
||||
notify => Exec["concat_${target}"]
|
||||
}
|
||||
}
|
|
@ -0,0 +1,190 @@
|
|||
# == Define: concat
|
||||
#
|
||||
# Sets up so that you can use fragments to build a final config file,
|
||||
#
|
||||
# === Options:
|
||||
#
|
||||
# [*path*]
|
||||
# The path to the final file. Use this in case you want to differentiate
|
||||
# between the name of a resource and the file path. Note: Use the name you
|
||||
# provided in the target of your fragments.
|
||||
# [*mode*]
|
||||
# The mode of the final file
|
||||
# [*owner*]
|
||||
# Who will own the file
|
||||
# [*group*]
|
||||
# Who will own the file
|
||||
# [*force*]
|
||||
# Enables creating empty files if no fragments are present
|
||||
# [*warn*]
|
||||
# Adds a normal shell style comment top of the file indicating that it is
|
||||
# built by puppet
|
||||
# [*backup*]
|
||||
# Controls the filebucketing behavior of the final file and see File type
|
||||
# reference for its use. Defaults to 'puppet'
|
||||
# [*replace*]
|
||||
# Whether to replace a file that already exists on the local system
|
||||
#
|
||||
# === Actions:
|
||||
# * Creates fragment directories if it didn't exist already
|
||||
# * Executes the concatfragments.sh script to build the final file, this
|
||||
# script will create directory/fragments.concat. Execution happens only
|
||||
# when:
|
||||
# * The directory changes
|
||||
# * fragments.concat != final destination, this means rebuilds will happen
|
||||
# whenever someone changes or deletes the final file. Checking is done
|
||||
# using /usr/bin/cmp.
|
||||
# * The Exec gets notified by something else - like the concat::fragment
|
||||
# define
|
||||
# * Copies the file over to the final destination using a file resource
|
||||
#
|
||||
# === Aliases:
|
||||
#
|
||||
# * The exec can notified using Exec["concat_/path/to/file"] or
|
||||
# Exec["concat_/path/to/directory"]
|
||||
# * The final file can be referened as File["/path/to/file"] or
|
||||
# File["concat_/path/to/file"]
|
||||
#
|
||||
define concat(
|
||||
$path = $name,
|
||||
$owner = $::id,
|
||||
$group = $concat::setup::root_group,
|
||||
$mode = '0644',
|
||||
$warn = false,
|
||||
$force = false,
|
||||
$backup = 'puppet',
|
||||
$replace = true,
|
||||
$gnu = undef,
|
||||
$order='alpha',
|
||||
$ensure_newline = false
|
||||
) {
|
||||
include concat::setup
|
||||
|
||||
$safe_name = regsubst($name, '/', '_', 'G')
|
||||
$concatdir = $concat::setup::concatdir
|
||||
$version = $concat::setup::majorversion
|
||||
$fragdir = "${concatdir}/${safe_name}"
|
||||
$concat_name = 'fragments.concat.out'
|
||||
$default_warn_message = '# This file is managed by Puppet. DO NOT EDIT.'
|
||||
|
||||
case $warn {
|
||||
'true', true, yes, on: {
|
||||
$warnmsg = $default_warn_message
|
||||
}
|
||||
'false', false, no, off: {
|
||||
$warnmsg = ''
|
||||
}
|
||||
default: {
|
||||
$warnmsg = $warn
|
||||
}
|
||||
}
|
||||
|
||||
$warnmsg_escaped = regsubst($warnmsg, "'", "'\\\\''", 'G')
|
||||
$warnflag = $warnmsg_escaped ? {
|
||||
'' => '',
|
||||
default => "-w '${warnmsg_escaped}'"
|
||||
}
|
||||
|
||||
case $force {
|
||||
'true', true, yes, on: {
|
||||
$forceflag = '-f'
|
||||
}
|
||||
'false', false, no, off: {
|
||||
$forceflag = ''
|
||||
}
|
||||
default: {
|
||||
fail("Improper 'force' value given to concat: ${force}")
|
||||
}
|
||||
}
|
||||
|
||||
case $order {
|
||||
numeric: {
|
||||
$orderflag = '-n'
|
||||
}
|
||||
alpha: {
|
||||
$orderflag = ''
|
||||
}
|
||||
default: {
|
||||
fail("Improper 'order' value given to concat: ${order}")
|
||||
}
|
||||
}
|
||||
|
||||
case $ensure_newline {
|
||||
'true', true, yes, on: {
|
||||
$newlineflag = '-l'
|
||||
}
|
||||
'false', false, no, off: {
|
||||
$newlineflag = ''
|
||||
}
|
||||
default: {
|
||||
fail("Improper 'ensure_newline' value given to concat: ${ensure_newline}")
|
||||
}
|
||||
}
|
||||
|
||||
File {
|
||||
owner => $::id,
|
||||
group => $group,
|
||||
mode => $mode,
|
||||
backup => $backup,
|
||||
replace => $replace
|
||||
}
|
||||
|
||||
file { $fragdir:
|
||||
ensure => directory,
|
||||
}
|
||||
|
||||
$source_real = $version ? {
|
||||
24 => 'puppet:///concat/null',
|
||||
default => undef,
|
||||
}
|
||||
|
||||
file { "${fragdir}/fragments":
|
||||
ensure => directory,
|
||||
force => true,
|
||||
ignore => ['.svn', '.git', '.gitignore'],
|
||||
notify => Exec["concat_${name}"],
|
||||
purge => true,
|
||||
recurse => true,
|
||||
source => $source_real,
|
||||
}
|
||||
|
||||
file { "${fragdir}/fragments.concat":
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
file { "${fragdir}/${concat_name}":
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
file { $name:
|
||||
ensure => present,
|
||||
path => $path,
|
||||
alias => "concat_${name}",
|
||||
group => $group,
|
||||
mode => $mode,
|
||||
owner => $owner,
|
||||
source => "${fragdir}/${concat_name}",
|
||||
}
|
||||
|
||||
exec { "concat_${name}":
|
||||
alias => "concat_${fragdir}",
|
||||
command => "${concat::setup::concatdir}/bin/concatfragments.sh -o ${fragdir}/${concat_name} -d ${fragdir} ${warnflag} ${forceflag} ${orderflag} ${newlineflag}",
|
||||
notify => File[$name],
|
||||
require => [
|
||||
File[$fragdir],
|
||||
File["${fragdir}/fragments"],
|
||||
File["${fragdir}/fragments.concat"],
|
||||
],
|
||||
subscribe => File[$fragdir],
|
||||
unless => "${concat::setup::concatdir}/bin/concatfragments.sh -o ${fragdir}/${concat_name} -d ${fragdir} -t ${warnflag} ${forceflag} ${orderflag} ${newlineflag}",
|
||||
}
|
||||
|
||||
if $::id == 'root' {
|
||||
Exec["concat_${name}"] {
|
||||
user => root,
|
||||
group => $group,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# vim:sw=2:ts=2:expandtab:textwidth=79
|
|
@ -0,0 +1,67 @@
|
|||
# === Class: concat::setup
|
||||
#
|
||||
# Sets up the concat system.
|
||||
#
|
||||
# [$concatdir]
|
||||
# is where the fragments live and is set on the fact concat_basedir.
|
||||
# Since puppet should always manage files in $concatdir and they should
|
||||
# not be deleted ever, /tmp is not an option.
|
||||
#
|
||||
# [$puppetversion]
|
||||
# should be either 24 or 25 to enable a 24 compatible
|
||||
# mode, in 24 mode you might see phantom notifies this is a side effect
|
||||
# of the method we use to clear the fragments directory.
|
||||
#
|
||||
# The regular expression below will try to figure out your puppet version
|
||||
# but this code will only work in 0.24.8 and newer.
|
||||
#
|
||||
# It also copies out the concatfragments.sh file to ${concatdir}/bin
|
||||
#
|
||||
class concat::setup {
|
||||
case $::osfamily {
|
||||
'windows': {
|
||||
fail("Unsupported osfamily: ${osfamily}")
|
||||
}
|
||||
default: {
|
||||
# Should work otherwise
|
||||
}
|
||||
}
|
||||
$id = $::id
|
||||
$root_group = $id ? {
|
||||
root => 0,
|
||||
default => $id
|
||||
}
|
||||
|
||||
if $::concat_basedir {
|
||||
$concatdir = $::concat_basedir
|
||||
} else {
|
||||
fail ("\$concat_basedir not defined. Try running again with pluginsync=true on the [master] and/or [main] section of your node's '/etc/puppet/puppet.conf'.")
|
||||
}
|
||||
|
||||
$majorversion = regsubst($::puppetversion, '^[0-9]+[.]([0-9]+)[.][0-9]+$', '\1')
|
||||
$fragments_source = $majorversion ? {
|
||||
24 => 'puppet:///concat/concatfragments.sh',
|
||||
default => 'puppet:///modules/concat/concatfragments.sh'
|
||||
}
|
||||
|
||||
file{"${concatdir}/bin/concatfragments.sh":
|
||||
owner => $id,
|
||||
group => $root_group,
|
||||
mode => '0755',
|
||||
source => $fragments_source;
|
||||
|
||||
[ $concatdir, "${concatdir}/bin" ]:
|
||||
ensure => directory,
|
||||
owner => $id,
|
||||
group => $root_group,
|
||||
mode => '0750';
|
||||
|
||||
## Old versions of this module used a different path.
|
||||
'/usr/local/bin/concatfragments.sh':
|
||||
ensure => absent;
|
||||
}
|
||||
|
||||
# Ensure we run setup first.
|
||||
Class['concat::setup'] -> Concat::Fragment<| |>
|
||||
|
||||
}
|
|
@ -0,0 +1,134 @@
|
|||
{
|
||||
"name": "puppetlabs-concat",
|
||||
"version": "1.0.2",
|
||||
"source": "git://github.com/puppetlabs/puppetlabs-concat.git",
|
||||
"author": "Puppetlabs",
|
||||
"license": "Apache 2.0",
|
||||
"project_page": "http://github.com/puppetlabs/puppetlabs-concat",
|
||||
"summary": "Concat module",
|
||||
"operatingsystem_support": [
|
||||
{
|
||||
"operatingsystem": "RedHat",
|
||||
"operatingsystemrelease": [
|
||||
"5",
|
||||
"6"
|
||||
]
|
||||
},
|
||||
{
|
||||
"operatingsystem": "CentOS",
|
||||
"operatingsystemrelease": [
|
||||
"5",
|
||||
"6"
|
||||
]
|
||||
},
|
||||
{
|
||||
"operatingsystem": "OracleLinux",
|
||||
"operatingsystemrelease": [
|
||||
"5",
|
||||
"6"
|
||||
]
|
||||
},
|
||||
{
|
||||
"operatingsystem": "Scientific",
|
||||
"operatingsystemrelease": [
|
||||
"5",
|
||||
"6"
|
||||
]
|
||||
},
|
||||
{
|
||||
"operatingsystem": "SLES",
|
||||
"operatingsystemrelease": [
|
||||
"11 SP1"
|
||||
]
|
||||
},
|
||||
{
|
||||
"operatingsystem": "Debian",
|
||||
"operatingsystemrelease": [
|
||||
"6",
|
||||
"7"
|
||||
]
|
||||
},
|
||||
{
|
||||
"operatingsystem": "Ubuntu",
|
||||
"operatingsystemrelease": [
|
||||
"10.04",
|
||||
"12.04"
|
||||
]
|
||||
},
|
||||
{
|
||||
"operatingsystem": "Solaris",
|
||||
"operatingsystemrelease": [
|
||||
"10",
|
||||
"11"
|
||||
]
|
||||
},
|
||||
{
|
||||
"operatingsystem": "AIX",
|
||||
"operatingsystemrelease": [
|
||||
"5.3",
|
||||
"6.1",
|
||||
"7.1"
|
||||
]
|
||||
}
|
||||
],
|
||||
"requirements": [
|
||||
{
|
||||
"name": "pe",
|
||||
"version_requirement": "3.2.x"
|
||||
},
|
||||
{
|
||||
"name": "puppet",
|
||||
"version_requirement": "3.x"
|
||||
}
|
||||
],
|
||||
"dependencies": [
|
||||
|
||||
],
|
||||
"description": "Concat module",
|
||||
"types": [
|
||||
|
||||
],
|
||||
"checksums": {
|
||||
"CHANGELOG.md": "30cdc920990c64e637f7455abfaeaf3d",
|
||||
"Gemfile": "3cadf91e1baf9c8b7d2b1c3036676ba9",
|
||||
"LICENSE": "f5a76685d453424cd63dde1535811cf0",
|
||||
"Modulefile": "b55bcc013ad1418a1c9baa11edd04289",
|
||||
"README": "d15ec3400f628942dd7b7fa8c1a18da3",
|
||||
"README.markdown": "a028e3752126d36288870225a83c6e6e",
|
||||
"Rakefile": "e415d40cd8db238f02bf4575d5e1e693",
|
||||
"files/concatfragments.sh": "e7aaa4c45316eb97d2d88b57334c4060",
|
||||
"lib/facter/concat_basedir.rb": "e152593fafe27ef305fc473929c62ca6",
|
||||
"manifests/fragment.pp": "196ee8e405b3a31b84ae618ed54377ed",
|
||||
"manifests/init.pp": "8d0cc8e9cf145ca7a23db05a30252476",
|
||||
"manifests/setup.pp": "b179589ac55f0f8d3108dd5fd460da4a",
|
||||
"spec/acceptance/backup_spec.rb": "46e39d56d025a7343f11bf9a9fff9854",
|
||||
"spec/acceptance/concat_spec.rb": "bdc52d4c3f8a28ece90970f649208080",
|
||||
"spec/acceptance/empty_spec.rb": "533f77b85fc9a19d11a3966b507037ec",
|
||||
"spec/acceptance/fragment_source_spec.rb": "5d8ff3de54a785bec58ed2c1e6383187",
|
||||
"spec/acceptance/newline_spec.rb": "dc75805a2a57bd48cb210ba402e4a077",
|
||||
"spec/acceptance/nodesets/centos-59-x64.yml": "57eb3e471b9042a8ea40978c467f8151",
|
||||
"spec/acceptance/nodesets/centos-64-x64-pe.yml": "ec075d95760df3d4702abea1ce0a829b",
|
||||
"spec/acceptance/nodesets/centos-64-x64.yml": "9cde7b5d2ab6a42366d2344c264d6bdc",
|
||||
"spec/acceptance/nodesets/debian-607-x64.yml": "d566bf76f534e2af7c9a4605316d232c",
|
||||
"spec/acceptance/nodesets/debian-70rc1-x64.yml": "31ccca73af7b74e1cc2fb0035c230b2c",
|
||||
"spec/acceptance/nodesets/default.yml": "9cde7b5d2ab6a42366d2344c264d6bdc",
|
||||
"spec/acceptance/nodesets/fedora-18-x64.yml": "acc126fa764c39a3b1df36e9224a21d9",
|
||||
"spec/acceptance/nodesets/sles-11sp1-x64.yml": "fa0046bd89c1ab4ba9521ad79db234cd",
|
||||
"spec/acceptance/nodesets/ubuntu-server-10044-x64.yml": "dc0da2d2449f66c8fdae16593811504f",
|
||||
"spec/acceptance/nodesets/ubuntu-server-12042-x64.yml": "78a3ee42652e26119d90aa62586565b2",
|
||||
"spec/acceptance/order_spec.rb": "8d919b8e14e8ae04b3254cd05eaff1d3",
|
||||
"spec/acceptance/replace_spec.rb": "676cf26a8e59ee4be3510c9531d17ed2",
|
||||
"spec/acceptance/symbolic_name_spec.rb": "51a40f87f1b68e3035f39d0681c374c1",
|
||||
"spec/acceptance/unsupported_spec.rb": "9a060f1a1f19a4af725f96869a403354",
|
||||
"spec/acceptance/warn_spec.rb": "c4a641849c18cf4b092a99eb66367549",
|
||||
"spec/defines/init_spec.rb": "35e41d4abceba0dca090d3addd92bb4f",
|
||||
"spec/spec_helper.rb": "0db89c9a486df193c0e40095422e19dc",
|
||||
"spec/spec_helper_acceptance.rb": "9f2165faf3619160798a0a3b0a118705",
|
||||
"spec/spec_helper_system.rb": "9c3742bf87d62027f080c6b9fa98b979",
|
||||
"spec/system/basic_spec.rb": "9135d9af6a21f16980ab59b58e91ed9a",
|
||||
"spec/system/concat_spec.rb": "5fe675ec42ca441d0c7e431c31bbc238",
|
||||
"spec/system/empty_spec.rb": "51ab1fc7c86268f1ab1cda72dc5ff583",
|
||||
"spec/system/replace_spec.rb": "275295e6b4f04fc840dc3f87faf56249",
|
||||
"spec/system/warn_spec.rb": "0ea35b44e8f0ac5352256f95115995ce"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,105 @@
|
|||
require 'spec_helper_acceptance'
|
||||
|
||||
describe 'concat backup parameter', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
|
||||
basedir = default.tmpdir('concat')
|
||||
context '=> puppet' do
|
||||
before :all do
|
||||
shell("rm -rf #{basedir}")
|
||||
shell("mkdir -p #{basedir}")
|
||||
shell("echo 'old contents' > #{basedir}/file")
|
||||
end
|
||||
|
||||
pp = <<-EOS
|
||||
include concat::setup
|
||||
concat { '#{basedir}/file':
|
||||
backup => 'puppet',
|
||||
}
|
||||
concat::fragment { 'new file':
|
||||
target => '#{basedir}/file',
|
||||
content => 'new contents',
|
||||
}
|
||||
EOS
|
||||
|
||||
it 'applies the manifest twice with "Filebucketed" stdout and no stderr' do
|
||||
apply_manifest(pp, :catch_failures => true) do |r|
|
||||
expect(r.stderr).to eq("")
|
||||
expect(r.stdout).to match(/Filebucketed #{basedir}\/file to puppet with sum 0140c31db86293a1a1e080ce9b91305f/) # sum is for file contents of 'old contents'
|
||||
end
|
||||
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
|
||||
end
|
||||
|
||||
describe file("#{basedir}/file") do
|
||||
it { should be_file }
|
||||
it { should contain 'new contents' }
|
||||
end
|
||||
end
|
||||
|
||||
context '=> .backup' do
|
||||
before :all do
|
||||
shell("rm -rf #{basedir}")
|
||||
shell("mkdir -p #{basedir}")
|
||||
shell("echo 'old contents' > #{basedir}/file")
|
||||
end
|
||||
|
||||
pp = <<-EOS
|
||||
include concat::setup
|
||||
concat { '#{basedir}/file':
|
||||
backup => '.backup',
|
||||
}
|
||||
concat::fragment { 'new file':
|
||||
target => '#{basedir}/file',
|
||||
content => 'new contents',
|
||||
}
|
||||
EOS
|
||||
|
||||
# XXX Puppet doesn't mention anything about filebucketing with a given
|
||||
# extension like .backup
|
||||
it 'applies the manifest twice no stderr' do
|
||||
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
|
||||
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
|
||||
end
|
||||
|
||||
describe file("#{basedir}/file") do
|
||||
it { should be_file }
|
||||
it { should contain 'new contents' }
|
||||
end
|
||||
describe file("#{basedir}/file.backup") do
|
||||
it { should be_file }
|
||||
it { should contain 'old contents' }
|
||||
end
|
||||
end
|
||||
|
||||
# XXX The backup parameter uses validate_string() and thus can't be the
|
||||
# boolean false value, but the string 'false' has the same effect in Puppet 3
|
||||
context "=> 'false'" do
|
||||
before :all do
|
||||
shell("rm -rf #{basedir}")
|
||||
shell("mkdir -p #{basedir}")
|
||||
shell("echo 'old contents' > #{basedir}/file")
|
||||
end
|
||||
|
||||
pp = <<-EOS
|
||||
include concat::setup
|
||||
concat { '#{basedir}/file':
|
||||
backup => '.backup',
|
||||
}
|
||||
concat::fragment { 'new file':
|
||||
target => '#{basedir}/file',
|
||||
content => 'new contents',
|
||||
}
|
||||
EOS
|
||||
|
||||
it 'applies the manifest twice with no "Filebucketed" stdout and no stderr' do
|
||||
apply_manifest(pp, :catch_failures => true) do |r|
|
||||
expect(r.stderr).to eq("")
|
||||
expect(r.stdout).to_not match(/Filebucketed/)
|
||||
end
|
||||
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
|
||||
end
|
||||
|
||||
describe file("#{basedir}/file") do
|
||||
it { should be_file }
|
||||
it { should contain 'new contents' }
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,79 @@
|
|||
require 'spec_helper_acceptance'
|
||||
|
||||
case fact('osfamily')
|
||||
when 'AIX'
|
||||
username = 'root'
|
||||
groupname = 'system'
|
||||
when 'windows'
|
||||
username = 'Administrator'
|
||||
groupname = 'Administrators'
|
||||
else
|
||||
username = 'root'
|
||||
groupname = 'root'
|
||||
end
|
||||
|
||||
describe 'basic concat test', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
|
||||
basedir = default.tmpdir('concat')
|
||||
|
||||
shared_examples 'successfully_applied' do |pp|
|
||||
it 'applies the manifest twice with no stderr' do
|
||||
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
|
||||
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
|
||||
end
|
||||
end
|
||||
|
||||
context 'owner/group' do
|
||||
pp = <<-EOS
|
||||
include concat::setup
|
||||
concat { '#{basedir}/file':
|
||||
owner => '#{username}',
|
||||
group => '#{groupname}',
|
||||
mode => '0644',
|
||||
}
|
||||
|
||||
concat::fragment { '1':
|
||||
target => '#{basedir}/file',
|
||||
content => '1',
|
||||
order => '01',
|
||||
}
|
||||
|
||||
concat::fragment { '2':
|
||||
target => '#{basedir}/file',
|
||||
content => '2',
|
||||
order => '02',
|
||||
}
|
||||
EOS
|
||||
|
||||
it_behaves_like 'successfully_applied', pp
|
||||
|
||||
describe file("#{basedir}/file") do
|
||||
it { should be_file }
|
||||
it { should be_owned_by username }
|
||||
it { should be_grouped_into groupname }
|
||||
# XXX file be_mode isn't supported on AIX
|
||||
it("should be mode 644", :unless => (fact('osfamily') == "AIX" or UNSUPPORTED_PLATFORMS.include?(fact('osfamily')))) {
|
||||
should be_mode 644
|
||||
}
|
||||
it { should contain '1' }
|
||||
it { should contain '2' }
|
||||
end
|
||||
describe file("#{default.puppet['vardir']}/concat/#{basedir.gsub('/','_')}_file/fragments/01_1") do
|
||||
it { should be_file }
|
||||
it { should be_owned_by username }
|
||||
it { should be_grouped_into groupname }
|
||||
# XXX file be_mode isn't supported on AIX
|
||||
it("should be mode 644", :unless => (fact('osfamily') == "AIX" or UNSUPPORTED_PLATFORMS.include?(fact('osfamily')))) {
|
||||
should be_mode 644
|
||||
}
|
||||
end
|
||||
describe file("#{default.puppet['vardir']}/concat/#{basedir.gsub('/','_')}_file/fragments/02_2") do
|
||||
it { should be_file }
|
||||
it { should be_owned_by username }
|
||||
it { should be_grouped_into groupname }
|
||||
# XXX file be_mode isn't supported on AIX
|
||||
it("should be mode 644", :unless => (fact('osfamily') == "AIX" or UNSUPPORTED_PLATFORMS.include?(fact('osfamily')))) {
|
||||
should be_mode 644
|
||||
}
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,24 @@
|
|||
require 'spec_helper_acceptance'
|
||||
|
||||
describe 'concat force empty parameter', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
|
||||
basedir = default.tmpdir('concat')
|
||||
context 'should run successfully' do
|
||||
pp = <<-EOS
|
||||
include concat::setup
|
||||
concat { '#{basedir}/file':
|
||||
mode => '0644',
|
||||
force => true,
|
||||
}
|
||||
EOS
|
||||
|
||||
it 'applies the manifest twice with no stderr' do
|
||||
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
|
||||
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
|
||||
end
|
||||
|
||||
describe file("#{basedir}/file") do
|
||||
it { should be_file }
|
||||
it { should_not contain '1\n2' }
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,150 @@
|
|||
require 'spec_helper_acceptance'
|
||||
|
||||
case fact('osfamily')
|
||||
when 'AIX'
|
||||
username = 'root'
|
||||
groupname = 'system'
|
||||
when 'windows'
|
||||
username = 'Administrator'
|
||||
groupname = 'Administrators'
|
||||
else
|
||||
username = 'root'
|
||||
groupname = 'root'
|
||||
end
|
||||
|
||||
describe 'concat::fragment source', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
|
||||
basedir = default.tmpdir('concat')
|
||||
context 'should read file fragments from local system' do
|
||||
before(:all) do
|
||||
shell("/bin/echo 'file1 contents' > #{basedir}/file1")
|
||||
shell("/bin/echo 'file2 contents' > #{basedir}/file2")
|
||||
end
|
||||
|
||||
pp = <<-EOS
|
||||
include concat::setup
|
||||
concat { '#{basedir}/foo': }
|
||||
|
||||
concat::fragment { '1':
|
||||
target => '#{basedir}/foo',
|
||||
source => '#{basedir}/file1',
|
||||
}
|
||||
concat::fragment { '2':
|
||||
target => '#{basedir}/foo',
|
||||
content => 'string1 contents',
|
||||
}
|
||||
concat::fragment { '3':
|
||||
target => '#{basedir}/foo',
|
||||
source => '#{basedir}/file2',
|
||||
}
|
||||
EOS
|
||||
|
||||
it 'applies the manifest twice with no stderr' do
|
||||
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
|
||||
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
|
||||
end
|
||||
|
||||
describe file("#{basedir}/foo") do
|
||||
it { should be_file }
|
||||
it { should contain 'file1 contents' }
|
||||
it { should contain 'string1 contents' }
|
||||
it { should contain 'file2 contents' }
|
||||
end
|
||||
end # should read file fragments from local system
|
||||
|
||||
context 'should create files containing first match only.' do
|
||||
before(:all) do
|
||||
shell("rm -rf #{basedir} #{default.puppet['vardir']}/concat")
|
||||
shell("mkdir -p #{basedir}")
|
||||
shell("echo 'file1 contents' > #{basedir}/file1")
|
||||
shell("echo 'file2 contents' > #{basedir}/file2")
|
||||
end
|
||||
|
||||
pp = <<-EOS
|
||||
include concat::setup
|
||||
concat { '#{basedir}/result_file1':
|
||||
owner => '#{username}',
|
||||
group => '#{groupname}',
|
||||
mode => '0644',
|
||||
}
|
||||
concat { '#{basedir}/result_file2':
|
||||
owner => '#{username}',
|
||||
group => '#{groupname}',
|
||||
mode => '0644',
|
||||
}
|
||||
concat { '#{basedir}/result_file3':
|
||||
owner => '#{username}',
|
||||
group => '#{groupname}',
|
||||
mode => '0644',
|
||||
}
|
||||
|
||||
concat::fragment { '1':
|
||||
target => '#{basedir}/result_file1',
|
||||
source => [ '#{basedir}/file1', '#{basedir}/file2' ],
|
||||
order => '01',
|
||||
}
|
||||
concat::fragment { '2':
|
||||
target => '#{basedir}/result_file2',
|
||||
source => [ '#{basedir}/file2', '#{basedir}/file1' ],
|
||||
order => '01',
|
||||
}
|
||||
concat::fragment { '3':
|
||||
target => '#{basedir}/result_file3',
|
||||
source => [ '#{basedir}/file1', '#{basedir}/file2' ],
|
||||
order => '01',
|
||||
}
|
||||
EOS
|
||||
|
||||
it 'applies the manifest twice with no stderr' do
|
||||
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
|
||||
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
|
||||
end
|
||||
describe file("#{basedir}/result_file1") do
|
||||
it { should be_file }
|
||||
it { should contain 'file1 contents' }
|
||||
it { should_not contain 'file2 contents' }
|
||||
end
|
||||
describe file("#{basedir}/result_file2") do
|
||||
it { should be_file }
|
||||
it { should contain 'file2 contents' }
|
||||
it { should_not contain 'file1 contents' }
|
||||
end
|
||||
describe file("#{basedir}/result_file3") do
|
||||
it { should be_file }
|
||||
it { should contain 'file1 contents' }
|
||||
it { should_not contain 'file2 contents' }
|
||||
end
|
||||
end
|
||||
|
||||
context 'should fail if no match on source.' do
|
||||
before(:all) do
|
||||
shell("rm -rf #{basedir} #{default.puppet['vardir']}/concat")
|
||||
shell("mkdir -p #{basedir}")
|
||||
shell("rm -rf #{basedir}/fail_no_source #{basedir}/nofilehere #{basedir}/nothereeither")
|
||||
end
|
||||
|
||||
pp = <<-EOS
|
||||
include concat::setup
|
||||
concat { '#{basedir}/fail_no_source':
|
||||
owner => '#{username}',
|
||||
group => '#{groupname}',
|
||||
mode => '0644',
|
||||
}
|
||||
|
||||
concat::fragment { '1':
|
||||
target => '#{basedir}/fail_no_source',
|
||||
source => [ '#{basedir}/nofilehere', '#{basedir}/nothereeither' ],
|
||||
order => '01',
|
||||
}
|
||||
EOS
|
||||
|
||||
it 'applies the manifest with resource failures' do
|
||||
apply_manifest(pp, :expect_failures => true)
|
||||
end
|
||||
describe file("#{basedir}/fail_no_source") do
|
||||
#FIXME: Serverspec::Type::File doesn't support exists? for some reason. so... hack.
|
||||
it { should_not be_file }
|
||||
it { should_not be_directory }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -0,0 +1,60 @@
|
|||
require 'spec_helper_acceptance'
|
||||
|
||||
describe 'concat ensure_newline parameter', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
|
||||
basedir = default.tmpdir('concat')
|
||||
context '=> false' do
|
||||
pp = <<-EOS
|
||||
include concat::setup
|
||||
concat { '#{basedir}/file':
|
||||
ensure_newline => false,
|
||||
}
|
||||
concat::fragment { '1':
|
||||
target => '#{basedir}/file',
|
||||
content => '1',
|
||||
}
|
||||
concat::fragment { '2':
|
||||
target => '#{basedir}/file',
|
||||
content => '2',
|
||||
}
|
||||
EOS
|
||||
|
||||
it 'applies the manifest twice with no stderr' do
|
||||
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
|
||||
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
|
||||
end
|
||||
|
||||
describe file("#{basedir}/file") do
|
||||
it { should be_file }
|
||||
it { should contain '12' }
|
||||
end
|
||||
end
|
||||
|
||||
#context '=> true' do
|
||||
# pp = <<-EOS
|
||||
# include concat::setup
|
||||
# concat { '#{basedir}/file':
|
||||
# ensure_newline => true,
|
||||
# }
|
||||
# concat::fragment { '1':
|
||||
# target => '#{basedir}/file',
|
||||
# content => '1',
|
||||
# }
|
||||
# concat::fragment { '2':
|
||||
# target => '#{basedir}/file',
|
||||
# content => '2',
|
||||
# }
|
||||
# EOS
|
||||
|
||||
# it 'applies the manifest twice with no stderr' do
|
||||
# expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
|
||||
# expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
|
||||
# #XXX ensure_newline => true causes changes on every run because the files
|
||||
# #are modified in place.
|
||||
# end
|
||||
|
||||
# describe file("#{basedir}/file") do
|
||||
# it { should be_file }
|
||||
# it { should contain "1\n2\n" }
|
||||
# end
|
||||
#end
|
||||
end
|
|
@ -0,0 +1,10 @@
|
|||
HOSTS:
|
||||
centos-59-x64:
|
||||
roles:
|
||||
- master
|
||||
platform: el-5-x86_64
|
||||
box : centos-59-x64-vbox4210-nocm
|
||||
box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-59-x64-vbox4210-nocm.box
|
||||
hypervisor : vagrant
|
||||
CONFIG:
|
||||
type: git
|
|
@ -0,0 +1,12 @@
|
|||
HOSTS:
|
||||
centos-64-x64:
|
||||
roles:
|
||||
- master
|
||||
- database
|
||||
- dashboard
|
||||
platform: el-6-x86_64
|
||||
box : centos-64-x64-vbox4210-nocm
|
||||
box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box
|
||||
hypervisor : vagrant
|
||||
CONFIG:
|
||||
type: pe
|
|
@ -0,0 +1,10 @@
|
|||
HOSTS:
|
||||
centos-64-x64:
|
||||
roles:
|
||||
- master
|
||||
platform: el-6-x86_64
|
||||
box : centos-64-x64-vbox4210-nocm
|
||||
box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box
|
||||
hypervisor : vagrant
|
||||
CONFIG:
|
||||
type: git
|
|
@ -0,0 +1,10 @@
|
|||
HOSTS:
|
||||
debian-607-x64:
|
||||
roles:
|
||||
- master
|
||||
platform: debian-6-amd64
|
||||
box : debian-607-x64-vbox4210-nocm
|
||||
box_url : http://puppet-vagrant-boxes.puppetlabs.com/debian-607-x64-vbox4210-nocm.box
|
||||
hypervisor : vagrant
|
||||
CONFIG:
|
||||
type: git
|
|
@ -0,0 +1,10 @@
|
|||
HOSTS:
|
||||
debian-70rc1-x64:
|
||||
roles:
|
||||
- master
|
||||
platform: debian-7-amd64
|
||||
box : debian-70rc1-x64-vbox4210-nocm
|
||||
box_url : http://puppet-vagrant-boxes.puppetlabs.com/debian-70rc1-x64-vbox4210-nocm.box
|
||||
hypervisor : vagrant
|
||||
CONFIG:
|
||||
type: git
|
|
@ -0,0 +1,10 @@
|
|||
HOSTS:
|
||||
centos-64-x64:
|
||||
roles:
|
||||
- master
|
||||
platform: el-6-x86_64
|
||||
box : centos-64-x64-vbox4210-nocm
|
||||
box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box
|
||||
hypervisor : vagrant
|
||||
CONFIG:
|
||||
type: git
|
|
@ -0,0 +1,10 @@
|
|||
HOSTS:
|
||||
fedora-18-x64:
|
||||
roles:
|
||||
- master
|
||||
platform: fedora-18-x86_64
|
||||
box : fedora-18-x64-vbox4210-nocm
|
||||
box_url : http://puppet-vagrant-boxes.puppetlabs.com/fedora-18-x64-vbox4210-nocm.box
|
||||
hypervisor : vagrant
|
||||
CONFIG:
|
||||
type: git
|
|
@ -0,0 +1,10 @@
|
|||
HOSTS:
|
||||
sles-11sp1-x64:
|
||||
roles:
|
||||
- master
|
||||
platform: sles-11-x86_64
|
||||
box : sles-11sp1-x64-vbox4210-nocm
|
||||
box_url : http://puppet-vagrant-boxes.puppetlabs.com/sles-11sp1-x64-vbox4210-nocm.box
|
||||
hypervisor : vagrant
|
||||
CONFIG:
|
||||
type: git
|
|
@ -0,0 +1,10 @@
|
|||
HOSTS:
|
||||
ubuntu-server-10044-x64:
|
||||
roles:
|
||||
- master
|
||||
platform: ubuntu-10.04-amd64
|
||||
box : ubuntu-server-10044-x64-vbox4210-nocm
|
||||
box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-10044-x64-vbox4210-nocm.box
|
||||
hypervisor : vagrant
|
||||
CONFIG:
|
||||
type: git
|
|
@ -0,0 +1,10 @@
|
|||
HOSTS:
|
||||
ubuntu-server-12042-x64:
|
||||
roles:
|
||||
- master
|
||||
platform: ubuntu-12.04-amd64
|
||||
box : ubuntu-server-12042-x64-vbox4210-nocm
|
||||
box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-12042-x64-vbox4210-nocm.box
|
||||
hypervisor : vagrant
|
||||
CONFIG:
|
||||
type: git
|
|
@ -0,0 +1,155 @@
|
|||
require 'spec_helper_acceptance'
|
||||
|
||||
describe 'concat order', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
|
||||
basedir = default.tmpdir('concat')
|
||||
before(:all) do
|
||||
shell("rm -rf #{basedir} #{default.puppet['vardir']}/concat")
|
||||
shell("mkdir -p #{basedir}")
|
||||
end
|
||||
|
||||
context '=> alpha' do
|
||||
pp = <<-EOS
|
||||
include concat::setup
|
||||
concat { '#{basedir}/foo':
|
||||
order => 'alpha'
|
||||
}
|
||||
concat::fragment { '1':
|
||||
target => '#{basedir}/foo',
|
||||
content => 'string1',
|
||||
}
|
||||
concat::fragment { '2':
|
||||
target => '#{basedir}/foo',
|
||||
content => 'string2',
|
||||
}
|
||||
concat::fragment { '10':
|
||||
target => '#{basedir}/foo',
|
||||
content => 'string10',
|
||||
}
|
||||
EOS
|
||||
|
||||
it 'applies the manifest twice with no stderr' do
|
||||
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
|
||||
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
|
||||
end
|
||||
|
||||
describe file("#{basedir}/foo") do
|
||||
it { should be_file }
|
||||
#XXX Solaris 10 doesn't support multi-line grep
|
||||
it("should contain string10\nstring1\nsring2", :unless => (fact('osfamily') == 'Solaris' or UNSUPPORTED_PLATFORMS.include?(fact('osfamily')))) {
|
||||
should contain "string10\nstring1\nsring2"
|
||||
}
|
||||
end
|
||||
end
|
||||
|
||||
context '=> numeric' do
|
||||
pp = <<-EOS
|
||||
include concat::setup
|
||||
concat { '#{basedir}/foo':
|
||||
order => 'numeric'
|
||||
}
|
||||
concat::fragment { '1':
|
||||
target => '#{basedir}/foo',
|
||||
content => 'string1',
|
||||
}
|
||||
concat::fragment { '2':
|
||||
target => '#{basedir}/foo',
|
||||
content => 'string2',
|
||||
}
|
||||
concat::fragment { '10':
|
||||
target => '#{basedir}/foo',
|
||||
content => 'string10',
|
||||
}
|
||||
EOS
|
||||
|
||||
it 'applies the manifest twice with no stderr' do
|
||||
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
|
||||
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
|
||||
end
|
||||
|
||||
describe file("#{basedir}/foo") do
|
||||
it { should be_file }
|
||||
#XXX Solaris 10 doesn't support multi-line grep
|
||||
it("should contain string1\nstring2\nsring10", :unless => (fact('osfamily') == 'Solaris' or UNSUPPORTED_PLATFORMS.include?(fact('osfamily')))) {
|
||||
should contain "string1\nstring2\nsring10"
|
||||
}
|
||||
end
|
||||
end
|
||||
end # concat order
|
||||
|
||||
describe 'concat::fragment order', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
|
||||
basedir = default.tmpdir('concat')
|
||||
before(:all) do
|
||||
shell("rm -rf #{basedir} #{default.puppet['vardir']}/concat")
|
||||
shell("mkdir -p #{basedir}")
|
||||
end
|
||||
|
||||
context '=> reverse order' do
|
||||
pp = <<-EOS
|
||||
include concat::setup
|
||||
concat { '#{basedir}/foo': }
|
||||
concat::fragment { '1':
|
||||
target => '#{basedir}/foo',
|
||||
content => 'string1',
|
||||
order => '15',
|
||||
}
|
||||
concat::fragment { '2':
|
||||
target => '#{basedir}/foo',
|
||||
content => 'string2',
|
||||
# default order 10
|
||||
}
|
||||
concat::fragment { '3':
|
||||
target => '#{basedir}/foo',
|
||||
content => 'string3',
|
||||
order => '1',
|
||||
}
|
||||
EOS
|
||||
|
||||
it 'applies the manifest twice with no stderr' do
|
||||
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
|
||||
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
|
||||
end
|
||||
|
||||
describe file("#{basedir}/foo") do
|
||||
it { should be_file }
|
||||
#XXX Solaris 10 doesn't support multi-line grep
|
||||
it("should contain string3\nstring2\nsring1", :unless => (fact('osfamily') == 'Solaris' or UNSUPPORTED_PLATFORMS.include?(fact('osfamily')))) {
|
||||
should contain "string3\nstring2\nsring1"
|
||||
}
|
||||
end
|
||||
end
|
||||
|
||||
context '=> normal order' do
|
||||
pp = <<-EOS
|
||||
include concat::setup
|
||||
concat { '#{basedir}/foo': }
|
||||
concat::fragment { '1':
|
||||
target => '#{basedir}/foo',
|
||||
content => 'string1',
|
||||
order => '01',
|
||||
}
|
||||
concat::fragment { '2':
|
||||
target => '#{basedir}/foo',
|
||||
content => 'string2',
|
||||
order => '02'
|
||||
}
|
||||
concat::fragment { '3':
|
||||
target => '#{basedir}/foo',
|
||||
content => 'string3',
|
||||
order => '03',
|
||||
}
|
||||
EOS
|
||||
|
||||
it 'applies the manifest twice with no stderr' do
|
||||
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
|
||||
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
|
||||
end
|
||||
|
||||
describe file("#{basedir}/foo") do
|
||||
it { should be_file }
|
||||
#XXX Solaris 10 doesn't support multi-line grep
|
||||
it("should contain string1\nstring2\nsring3", :unless => (fact('osfamily') == 'Solaris' or UNSUPPORTED_PLATFORMS.include?(fact('osfamily')))) {
|
||||
should contain "string1\nstring2\nsring3"
|
||||
}
|
||||
end
|
||||
end
|
||||
end # concat::fragment order
|
|
@ -0,0 +1,249 @@
|
|||
require 'spec_helper_acceptance'
|
||||
|
||||
describe 'replacement of', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
|
||||
basedir = default.tmpdir('concat')
|
||||
context 'file' do
|
||||
context 'should not succeed' do
|
||||
before(:all) do
|
||||
shell("mkdir -p #{basedir}")
|
||||
shell("echo 'file exists' > #{basedir}/file")
|
||||
end
|
||||
after(:all) do
|
||||
shell("rm -rf #{basedir} #{default.puppet['vardir']}/concat")
|
||||
end
|
||||
|
||||
pp = <<-EOS
|
||||
include concat::setup
|
||||
concat { '#{basedir}/file':
|
||||
replace => false,
|
||||
}
|
||||
|
||||
concat::fragment { '1':
|
||||
target => '#{basedir}/file',
|
||||
content => '1',
|
||||
}
|
||||
|
||||
concat::fragment { '2':
|
||||
target => '#{basedir}/file',
|
||||
content => '2',
|
||||
}
|
||||
EOS
|
||||
|
||||
it 'applies the manifest twice with no stderr' do
|
||||
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
|
||||
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
|
||||
end
|
||||
|
||||
describe file("#{basedir}/file") do
|
||||
it { should be_file }
|
||||
it { should contain 'file exists' }
|
||||
it { should_not contain '1' }
|
||||
it { should_not contain '2' }
|
||||
end
|
||||
end
|
||||
|
||||
context 'should succeed' do
|
||||
before(:all) do
|
||||
shell("mkdir -p #{basedir}")
|
||||
shell("echo 'file exists' > #{basedir}/file")
|
||||
end
|
||||
after(:all) do
|
||||
shell("rm -rf #{basedir} #{default.puppet['vardir']}/concat")
|
||||
end
|
||||
|
||||
pp = <<-EOS
|
||||
include concat::setup
|
||||
concat { '#{basedir}/file':
|
||||
replace => true,
|
||||
}
|
||||
|
||||
concat::fragment { '1':
|
||||
target => '#{basedir}/file',
|
||||
content => '1',
|
||||
}
|
||||
|
||||
concat::fragment { '2':
|
||||
target => '#{basedir}/file',
|
||||
content => '2',
|
||||
}
|
||||
EOS
|
||||
|
||||
it 'applies the manifest twice with no stderr' do
|
||||
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
|
||||
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
|
||||
end
|
||||
|
||||
describe file("#{basedir}/file") do
|
||||
it { should be_file }
|
||||
it { should_not contain 'file exists' }
|
||||
it { should contain '1' }
|
||||
it { should contain '2' }
|
||||
end
|
||||
end
|
||||
end # file
|
||||
|
||||
context 'symlink' do
|
||||
context 'should not succeed' do
|
||||
# XXX the core puppet file type will replace a symlink with a plain file
|
||||
# when using ensure => present and source => ... but it will not when using
|
||||
# ensure => present and content => ...; this is somewhat confusing behavior
|
||||
before(:all) do
|
||||
shell("mkdir -p #{basedir}")
|
||||
shell("ln -s #{basedir}/dangling #{basedir}/file")
|
||||
end
|
||||
after(:all) do
|
||||
shell("rm -rf #{basedir} #{default.puppet['vardir']}/concat")
|
||||
end
|
||||
|
||||
pp = <<-EOS
|
||||
include concat::setup
|
||||
concat { '#{basedir}/file':
|
||||
replace => false,
|
||||
}
|
||||
|
||||
concat::fragment { '1':
|
||||
target => '#{basedir}/file',
|
||||
content => '1',
|
||||
}
|
||||
|
||||
concat::fragment { '2':
|
||||
target => '#{basedir}/file',
|
||||
content => '2',
|
||||
}
|
||||
EOS
|
||||
|
||||
it 'applies the manifest twice with no stderr' do
|
||||
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
|
||||
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
|
||||
end
|
||||
|
||||
# XXX specinfra doesn't support be_linked_to on AIX
|
||||
describe file("#{basedir}/file"), :unless => (fact("osfamily") == "AIX" or UNSUPPORTED_PLATFORMS.include?(fact('osfamily'))) do
|
||||
it { should be_linked_to "#{basedir}/dangling" }
|
||||
end
|
||||
|
||||
describe file("#{basedir}/dangling") do
|
||||
# XXX serverspec does not have a matcher for 'exists'
|
||||
it { should_not be_file }
|
||||
it { should_not be_directory }
|
||||
end
|
||||
end
|
||||
|
||||
context 'should succeed' do
|
||||
# XXX the core puppet file type will replace a symlink with a plain file
|
||||
# when using ensure => present and source => ... but it will not when using
|
||||
# ensure => present and content => ...; this is somewhat confusing behavior
|
||||
before(:all) do
|
||||
shell("mkdir -p #{basedir}")
|
||||
shell("ln -s #{basedir}/dangling #{basedir}/file")
|
||||
end
|
||||
after(:all) do
|
||||
shell("rm -rf #{basedir} #{default.puppet['vardir']}/concat")
|
||||
end
|
||||
|
||||
pp = <<-EOS
|
||||
include concat::setup
|
||||
concat { '#{basedir}/file':
|
||||
replace => true,
|
||||
}
|
||||
|
||||
concat::fragment { '1':
|
||||
target => '#{basedir}/file',
|
||||
content => '1',
|
||||
}
|
||||
|
||||
concat::fragment { '2':
|
||||
target => '#{basedir}/file',
|
||||
content => '2',
|
||||
}
|
||||
EOS
|
||||
|
||||
it 'applies the manifest twice with no stderr' do
|
||||
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
|
||||
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
|
||||
end
|
||||
|
||||
describe file("#{basedir}/file") do
|
||||
it { should be_file }
|
||||
it { should contain '1' }
|
||||
it { should contain '2' }
|
||||
end
|
||||
end
|
||||
end # symlink
|
||||
|
||||
context 'directory' do
|
||||
context 'should not succeed' do
|
||||
before(:all) do
|
||||
shell("mkdir -p #{basedir}/file")
|
||||
end
|
||||
after(:all) do
|
||||
shell("rm -rf #{basedir} #{default.puppet['vardir']}/concat")
|
||||
end
|
||||
|
||||
pp = <<-EOS
|
||||
include concat::setup
|
||||
concat { '#{basedir}/file': }
|
||||
|
||||
concat::fragment { '1':
|
||||
target => '#{basedir}/file',
|
||||
content => '1',
|
||||
}
|
||||
|
||||
concat::fragment { '2':
|
||||
target => '#{basedir}/file',
|
||||
content => '2',
|
||||
}
|
||||
EOS
|
||||
|
||||
it 'applies the manifest twice with stderr for changing to file' do
|
||||
expect(apply_manifest(pp, :expect_failures => true).stderr).to match(/change from directory to file failed/)
|
||||
expect(apply_manifest(pp, :expect_failures => true).stderr).to match(/change from directory to file failed/)
|
||||
end
|
||||
|
||||
describe file("#{basedir}/file") do
|
||||
it { should be_directory }
|
||||
end
|
||||
end
|
||||
|
||||
# XXX concat's force param currently enables the creation of empty files
|
||||
# when there are no fragments, and the replace param will only replace
|
||||
# files and symlinks, not directories. The semantics either need to be
|
||||
# changed, extended, or a new param introduced to control directory
|
||||
# replacement.
|
||||
context 'should succeed', :pending => 'not yet implemented' do
|
||||
before(:all) do
|
||||
shell("mkdir -p #{basedir}/file")
|
||||
end
|
||||
after(:all) do
|
||||
shell("rm -rf #{basedir} #{default.puppet['vardir']}/concat")
|
||||
end
|
||||
|
||||
pp = <<-EOS
|
||||
include concat::setup
|
||||
concat { '#{basedir}/file':
|
||||
force => true,
|
||||
}
|
||||
|
||||
concat::fragment { '1':
|
||||
target => '#{basedir}/file',
|
||||
content => '1',
|
||||
}
|
||||
|
||||
concat::fragment { '2':
|
||||
target => '#{basedir}/file',
|
||||
content => '2',
|
||||
}
|
||||
EOS
|
||||
|
||||
it 'applies the manifest twice with no stderr' do
|
||||
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
|
||||
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
|
||||
end
|
||||
|
||||
describe file("#{basedir}/file") do
|
||||
it { should be_file }
|
||||
it { should contain '1' }
|
||||
end
|
||||
end
|
||||
end # directory
|
||||
end
|
|
@ -0,0 +1,34 @@
|
|||
require 'spec_helper_acceptance'
|
||||
|
||||
describe 'symbolic name', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
|
||||
basedir = default.tmpdir('concat')
|
||||
pp = <<-EOS
|
||||
include concat::setup
|
||||
concat { 'not_abs_path':
|
||||
path => '#{basedir}/file',
|
||||
}
|
||||
|
||||
concat::fragment { '1':
|
||||
target => 'not_abs_path',
|
||||
content => '1',
|
||||
order => '01',
|
||||
}
|
||||
|
||||
concat::fragment { '2':
|
||||
target => 'not_abs_path',
|
||||
content => '2',
|
||||
order => '02',
|
||||
}
|
||||
EOS
|
||||
|
||||
it 'applies the manifest twice with no stderr' do
|
||||
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
|
||||
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
|
||||
end
|
||||
|
||||
describe file("#{basedir}/file") do
|
||||
it { should be_file }
|
||||
it { should contain '1' }
|
||||
it { should contain '2' }
|
||||
end
|
||||
end
|
|
@ -0,0 +1,18 @@
|
|||
require 'spec_helper_acceptance'
|
||||
|
||||
describe 'unsupported distributions and OSes', :if => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
|
||||
basedir = default.tmpdir('concat')
|
||||
it 'should fail' do
|
||||
pp = <<-EOS
|
||||
include concat::setup
|
||||
concat { '#{basedir}/file':
|
||||
backup => 'puppet',
|
||||
}
|
||||
concat::fragment { 'new file':
|
||||
target => '#{basedir}/file',
|
||||
content => 'new contents',
|
||||
}
|
||||
EOS
|
||||
expect(apply_manifest(pp, :expect_failures => true).stderr).to match(/unsupported/i)
|
||||
end
|
||||
end
|
|
@ -0,0 +1,101 @@
|
|||
require 'spec_helper_acceptance'
|
||||
|
||||
describe 'concat warn =>', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
|
||||
basedir = default.tmpdir('concat')
|
||||
context 'true should enable default warning message' do
|
||||
pp = <<-EOS
|
||||
include concat::setup
|
||||
concat { '#{basedir}/file':
|
||||
warn => true,
|
||||
}
|
||||
|
||||
concat::fragment { '1':
|
||||
target => '#{basedir}/file',
|
||||
content => '1',
|
||||
order => '01',
|
||||
}
|
||||
|
||||
concat::fragment { '2':
|
||||
target => '#{basedir}/file',
|
||||
content => '2',
|
||||
order => '02',
|
||||
}
|
||||
EOS
|
||||
|
||||
it 'applies the manifest twice with no stderr' do
|
||||
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
|
||||
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
|
||||
end
|
||||
|
||||
describe file("#{basedir}/file") do
|
||||
it { should be_file }
|
||||
it { should contain '# This file is managed by Puppet. DO NOT EDIT.' }
|
||||
it { should contain '1' }
|
||||
it { should contain '2' }
|
||||
end
|
||||
end
|
||||
context 'false should not enable default warning message' do
|
||||
pp = <<-EOS
|
||||
include concat::setup
|
||||
concat { '#{basedir}/file':
|
||||
warn => false,
|
||||
}
|
||||
|
||||
concat::fragment { '1':
|
||||
target => '#{basedir}/file',
|
||||
content => '1',
|
||||
order => '01',
|
||||
}
|
||||
|
||||
concat::fragment { '2':
|
||||
target => '#{basedir}/file',
|
||||
content => '2',
|
||||
order => '02',
|
||||
}
|
||||
EOS
|
||||
|
||||
it 'applies the manifest twice with no stderr' do
|
||||
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
|
||||
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
|
||||
end
|
||||
|
||||
describe file("#{basedir}/file") do
|
||||
it { should be_file }
|
||||
it { should_not contain '# This file is managed by Puppet. DO NOT EDIT.' }
|
||||
it { should contain '1' }
|
||||
it { should contain '2' }
|
||||
end
|
||||
end
|
||||
context '# foo should overide default warning message' do
|
||||
pp = <<-EOS
|
||||
include concat::setup
|
||||
concat { '#{basedir}/file':
|
||||
warn => '# foo',
|
||||
}
|
||||
|
||||
concat::fragment { '1':
|
||||
target => '#{basedir}/file',
|
||||
content => '1',
|
||||
order => '01',
|
||||
}
|
||||
|
||||
concat::fragment { '2':
|
||||
target => '#{basedir}/file',
|
||||
content => '2',
|
||||
order => '02',
|
||||
}
|
||||
EOS
|
||||
|
||||
it 'applies the manifest twice with no stderr' do
|
||||
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
|
||||
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
|
||||
end
|
||||
|
||||
describe file("#{basedir}/file") do
|
||||
it { should be_file }
|
||||
it { should contain '# foo' }
|
||||
it { should contain '1' }
|
||||
it { should contain '2' }
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,115 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe 'concat' do
|
||||
basedir = '/var/lib/puppet/concat'
|
||||
let(:title) { '/etc/foo.bar' }
|
||||
let(:facts) { {
|
||||
:concat_basedir => '/var/lib/puppet/concat',
|
||||
:id => 'root',
|
||||
} }
|
||||
let :pre_condition do
|
||||
'include concat::setup'
|
||||
end
|
||||
|
||||
directories = [
|
||||
"#{basedir}/_etc_foo.bar",
|
||||
"#{basedir}/_etc_foo.bar/fragments",
|
||||
]
|
||||
|
||||
directories.each do |dirs|
|
||||
it do
|
||||
should contain_file(dirs).with({
|
||||
'ensure' => 'directory',
|
||||
'backup' => 'puppet',
|
||||
'group' => 0,
|
||||
'mode' => '0644',
|
||||
'owner' => 'root',
|
||||
})
|
||||
end
|
||||
end
|
||||
|
||||
files = [
|
||||
"/etc/foo.bar",
|
||||
"#{basedir}/_etc_foo.bar/fragments.concat",
|
||||
]
|
||||
|
||||
files.each do |file|
|
||||
it do
|
||||
should contain_file(file).with({
|
||||
'ensure' => 'present',
|
||||
'backup' => 'puppet',
|
||||
'group' => 0,
|
||||
'mode' => '0644',
|
||||
'owner' => 'root',
|
||||
})
|
||||
end
|
||||
end
|
||||
|
||||
it do
|
||||
should contain_exec("concat_/etc/foo.bar").with_command(
|
||||
"#{basedir}/bin/concatfragments.sh " +
|
||||
"-o #{basedir}/_etc_foo.bar/fragments.concat.out " +
|
||||
"-d #{basedir}/_etc_foo.bar "
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
describe 'concat' do
|
||||
|
||||
basedir = '/var/lib/puppet/concat'
|
||||
let(:title) { 'foobar' }
|
||||
let(:target) { '/etc/foo.bar' }
|
||||
let(:facts) { {
|
||||
:concat_basedir => '/var/lib/puppet/concat',
|
||||
:id => 'root',
|
||||
} }
|
||||
let :pre_condition do
|
||||
'include concat::setup'
|
||||
end
|
||||
|
||||
directories = [
|
||||
"#{basedir}/foobar",
|
||||
"#{basedir}/foobar/fragments",
|
||||
]
|
||||
|
||||
directories.each do |dirs|
|
||||
it do
|
||||
should contain_file(dirs).with({
|
||||
'ensure' => 'directory',
|
||||
'backup' => 'puppet',
|
||||
'group' => 0,
|
||||
'mode' => '0644',
|
||||
'owner' => 'root',
|
||||
})
|
||||
end
|
||||
end
|
||||
|
||||
files = [
|
||||
"foobar",
|
||||
"#{basedir}/foobar/fragments.concat",
|
||||
]
|
||||
|
||||
files.each do |file|
|
||||
it do
|
||||
should contain_file(file).with({
|
||||
'ensure' => 'present',
|
||||
'backup' => 'puppet',
|
||||
'group' => 0,
|
||||
'mode' => '0644',
|
||||
'owner' => 'root',
|
||||
})
|
||||
end
|
||||
end
|
||||
|
||||
it do
|
||||
should contain_exec("concat_foobar").with_command(
|
||||
"#{basedir}/bin/concatfragments.sh " +
|
||||
"-o #{basedir}/foobar/fragments.concat.out " +
|
||||
"-d #{basedir}/foobar "
|
||||
)
|
||||
end
|
||||
|
||||
|
||||
end
|
||||
|
||||
# vim:sw=2:ts=2:expandtab:textwidth=79
|
|
@ -0,0 +1 @@
|
|||
require 'puppetlabs_spec_helper/module_spec_helper'
|
|
@ -0,0 +1,46 @@
|
|||
require 'beaker-rspec/spec_helper'
|
||||
require 'beaker-rspec/helpers/serverspec'
|
||||
|
||||
unless ENV['RS_PROVISION'] == 'no'
|
||||
hosts.each do |host|
|
||||
if host['platform'] =~ /debian/
|
||||
on host, 'echo \'export PATH=/var/lib/gems/1.8/bin/:${PATH}\' >> ~/.bashrc'
|
||||
end
|
||||
if host.is_pe?
|
||||
install_pe
|
||||
else
|
||||
# Install Puppet
|
||||
install_package host, 'rubygems'
|
||||
on host, 'gem install puppet --no-ri --no-rdoc'
|
||||
on host, "mkdir -p #{host['distmoduledir']}"
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
UNSUPPORTED_PLATFORMS = ['windows']
|
||||
|
||||
RSpec.configure do |c|
|
||||
# Project root
|
||||
proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..'))
|
||||
|
||||
# Readable test descriptions
|
||||
c.formatter = :documentation
|
||||
|
||||
# Configure all nodes in nodeset
|
||||
c.before :suite do
|
||||
# Install module and dependencies
|
||||
puppet_module_install(:source => proj_root, :module_name => 'concat')
|
||||
hosts.each do |host|
|
||||
on host, puppet('module','install','puppetlabs-stdlib'), { :acceptable_exit_codes => [0,1] }
|
||||
end
|
||||
end
|
||||
|
||||
c.before(:all) do
|
||||
shell('mkdir -p /tmp/concat')
|
||||
end
|
||||
c.after(:all) do
|
||||
shell("rm -rf /tmp/concat #{default.puppet['vardir']}/concat")
|
||||
end
|
||||
|
||||
c.treat_symbols_as_metadata_keys_with_true_values = true
|
||||
end
|
|
@ -0,0 +1,25 @@
|
|||
require 'rspec-system/spec_helper'
|
||||
require 'rspec-system-puppet/helpers'
|
||||
require 'rspec-system-serverspec/helpers'
|
||||
include Serverspec::Helper::RSpecSystem
|
||||
include Serverspec::Helper::DetectOS
|
||||
include RSpecSystemPuppet::Helpers
|
||||
|
||||
RSpec.configure do |c|
|
||||
# Project root
|
||||
proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..'))
|
||||
|
||||
# Enable colour
|
||||
c.tty = true
|
||||
|
||||
c.include RSpecSystemPuppet::Helpers
|
||||
|
||||
# This is where we 'setup' the nodes before running our tests
|
||||
c.before :suite do
|
||||
# Install puppet
|
||||
puppet_install
|
||||
|
||||
# Install modules and dependencies
|
||||
puppet_module_install(:source => proj_root, :module_name => 'concat')
|
||||
end
|
||||
end
|
|
@ -0,0 +1,13 @@
|
|||
require 'spec_helper_system'
|
||||
|
||||
# Here we put the more basic fundamental tests, ultra obvious stuff.
|
||||
describe "basic tests:" do
|
||||
context 'make sure we have copied the module across' do
|
||||
# No point diagnosing any more if the module wasn't copied properly
|
||||
context shell 'ls /etc/puppet/modules/concat' do
|
||||
its(:stdout) { should =~ /Modulefile/ }
|
||||
its(:stderr) { should be_empty }
|
||||
its(:exit_code) { should be_zero }
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,55 @@
|
|||
require 'spec_helper_system'
|
||||
|
||||
describe 'basic concat test' do
|
||||
context 'should run successfully' do
|
||||
pp="
|
||||
concat { '/tmp/file':
|
||||
owner => root,
|
||||
group => root,
|
||||
mode => '0644',
|
||||
}
|
||||
|
||||
concat::fragment { '1':
|
||||
target => '/tmp/file',
|
||||
content => '1',
|
||||
order => '01',
|
||||
}
|
||||
|
||||
concat::fragment { '2':
|
||||
target => '/tmp/file',
|
||||
content => '2',
|
||||
order => '02',
|
||||
}
|
||||
"
|
||||
|
||||
context puppet_apply(pp) do
|
||||
its(:stderr) { should be_empty }
|
||||
its(:exit_code) { should_not == 1 }
|
||||
its(:refresh) { should be_nil }
|
||||
its(:stderr) { should be_empty }
|
||||
its(:exit_code) { should be_zero }
|
||||
end
|
||||
|
||||
describe file('/tmp/file') do
|
||||
it { should be_file }
|
||||
it { should contain '1' }
|
||||
it { should contain '2' }
|
||||
end
|
||||
|
||||
# Test that all the relevant bits exist on disk after it
|
||||
# concats.
|
||||
describe file('/var/lib/puppet/concat') do
|
||||
it { should be_directory }
|
||||
end
|
||||
describe file('/var/lib/puppet/concat/_tmp_file') do
|
||||
it { should be_directory }
|
||||
end
|
||||
describe file('/var/lib/puppet/concat/_tmp_file/fragments') do
|
||||
it { should be_directory }
|
||||
end
|
||||
describe file('/var/lib/puppet/concat/_tmp_file/fragments.concat') do
|
||||
it { should be_file }
|
||||
end
|
||||
|
||||
end
|
||||
end
|
|
@ -0,0 +1,27 @@
|
|||
require 'spec_helper_system'
|
||||
|
||||
describe 'basic concat test' do
|
||||
context 'should run successfully' do
|
||||
pp="
|
||||
concat { '/tmp/file':
|
||||
owner => root,
|
||||
group => root,
|
||||
mode => '0644',
|
||||
force => true,
|
||||
}
|
||||
"
|
||||
|
||||
context puppet_apply(pp) do
|
||||
its(:stderr) { should be_empty }
|
||||
its(:exit_code) { should_not == 1 }
|
||||
its(:refresh) { should be_nil }
|
||||
its(:stderr) { should be_empty }
|
||||
its(:exit_code) { should be_zero }
|
||||
end
|
||||
|
||||
describe file('/tmp/file') do
|
||||
it { should be_file }
|
||||
it { should_not contain '1\n2' }
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,37 @@
|
|||
require 'spec_helper_system'
|
||||
|
||||
|
||||
describe 'file should not replace' do
|
||||
shell('echo "file exists" >> /tmp/file')
|
||||
context 'should fail' do
|
||||
pp="
|
||||
concat { '/tmp/file':
|
||||
owner => root,
|
||||
group => root,
|
||||
mode => '0644',
|
||||
replace => false,
|
||||
}
|
||||
|
||||
concat::fragment { '1':
|
||||
target => '/tmp/file',
|
||||
content => '1',
|
||||
order => '01',
|
||||
}
|
||||
|
||||
concat::fragment { '2':
|
||||
target => '/tmp/file',
|
||||
content => '2',
|
||||
order => '02',
|
||||
}
|
||||
"
|
||||
|
||||
context puppet_apply(pp) do
|
||||
its(:stderr) { should be_empty }
|
||||
its(:exit_code) { should_not == 1 }
|
||||
its(:refresh) { should be_nil }
|
||||
its(:stderr) { should be_empty }
|
||||
its(:exit_code) { should be_zero }
|
||||
end
|
||||
|
||||
end
|
||||
end
|
|
@ -0,0 +1,41 @@
|
|||
require 'spec_helper_system'
|
||||
|
||||
describe 'basic concat test' do
|
||||
context 'should run successfully' do
|
||||
pp="
|
||||
concat { '/tmp/file':
|
||||
owner => root,
|
||||
group => root,
|
||||
mode => '0644',
|
||||
warn => true,
|
||||
}
|
||||
|
||||
concat::fragment { '1':
|
||||
target => '/tmp/file',
|
||||
content => '1',
|
||||
order => '01',
|
||||
}
|
||||
|
||||
concat::fragment { '2':
|
||||
target => '/tmp/file',
|
||||
content => '2',
|
||||
order => '02',
|
||||
}
|
||||
"
|
||||
|
||||
context puppet_apply(pp) do
|
||||
its(:stderr) { should be_empty }
|
||||
its(:exit_code) { should_not == 1 }
|
||||
its(:refresh) { should be_nil }
|
||||
its(:stderr) { should be_empty }
|
||||
its(:exit_code) { should be_zero }
|
||||
end
|
||||
|
||||
describe file('/tmp/file') do
|
||||
it { should be_file }
|
||||
it { should contain '# This file is managed by Puppet. DO NOT EDIT.' }
|
||||
it { should contain '1' }
|
||||
it { should contain '2' }
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,33 @@
|
|||
Facter.add("asf_osrelease") do
|
||||
setcode do
|
||||
Facter::Util::Resolution.exec('facter operatingsystemrelease | perl -pe s/[[:punct:]]//g | sed -e "s/\(.*\)/\L\1/"')
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
Facter.add("asf_osname") do
|
||||
setcode do
|
||||
Facter::Util::Resolution.exec('facter operatingsystem | sed -e "s/\(.*\)/\L\1/"')
|
||||
end
|
||||
end
|
||||
|
||||
Facter.add("asf_colo") do
|
||||
setcode do
|
||||
ipadd = Facter.value('ipaddress')
|
||||
case ipadd
|
||||
when /^140.211.11.([0-9]+)$/
|
||||
"osuosl"
|
||||
when /^192.87.106.([0-9]+)$/
|
||||
"sara"
|
||||
when /^160.45.251.([0-9]+)$/
|
||||
"fub"
|
||||
when /^9.9.9.([0-9]+)$/
|
||||
"rackspace"
|
||||
when /^67.195.81..([0-9]+)$/
|
||||
"yahoo"
|
||||
else
|
||||
'No Colo could be automatically determined'
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
## This module uses some ruby, in modules/customfact/lib/facter/customfact.rb
|
||||
## to create a custom fact, so can be used in our modules.
|
||||
|
||||
class customfact (
|
||||
|
||||
)
|
||||
{}
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
|
||||
|
||||
dnsclient::nameservers:
|
||||
- '140.211.166.130'
|
||||
- '140.211.166.131'
|
||||
|
||||
dnsclient::searchorder: 'apache.org'
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
|
||||
dnsclient::packages:
|
||||
- 'bind-tools'
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
:hierarchy:
|
||||
- "%{asf_osname}/%{asf_osrelease}"
|
||||
- "common"
|
||||
|
||||
:yaml:
|
||||
:datadir: .
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
|
||||
dnsclient::packages:
|
||||
- 'dnsutils'
|
|
@ -0,0 +1,21 @@
|
|||
#/etc/puppet/modules/dnsclient/manifests/init.pp
|
||||
|
||||
class dnsclient (
|
||||
$nameserver1 = '',
|
||||
$nameserver2 = '',
|
||||
$nameserver3 = '',
|
||||
$packages = [],
|
||||
$pkgprovider = '',
|
||||
$resolvtemplate = '',
|
||||
$searchorder = '',
|
||||
) {
|
||||
|
||||
package { $packages:
|
||||
ensure => installed,
|
||||
}
|
||||
|
||||
file {
|
||||
'/etc/resolv.conf':
|
||||
content => template('dnsclient/resolv.conf.erb');
|
||||
}
|
||||
}
|
|
@ -0,0 +1,10 @@
|
|||
## This file is a puppet managed file. All local changes will be lost
|
||||
|
||||
## This file is dervied from a puppet template,
|
||||
## modules/dnsclient/templates/etc/resolv.conf.erb
|
||||
|
||||
search <%= @searchorder %>
|
||||
|
||||
nameserver <%= @nameserver1 %>
|
||||
nameserver <%= @nameserver2 %>
|
||||
nameserver <%= @nameserver3 %>
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
classes: ['']
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
|
||||
ldapclient::ldapclient_packages:
|
||||
- 'openldap-client'
|
||||
- 'nss_ldap'
|
||||
- 'pam_ldap'
|
||||
- 'pam_mkhomedir'
|
||||
|
||||
ldapclient:tlscertpath: '/usr/local/etc/openldap/cacerts/cacert.pem'
|
||||
ldapclient:pamhostcheck: 'yes'
|
||||
ldapclient:bashpath: '/usr/local/bin/bash'
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
:hierarchy:
|
||||
- "%{clientcert}"
|
||||
- "%{asf_osname}/%{asf_osrelease}"
|
||||
- "common"
|
||||
|
||||
:yaml:
|
||||
:datadir: .
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
|
||||
ldapclient:pamhostcheck: 'no'
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
|
||||
ldapclient::ldapclient_packages:
|
||||
- 'ldap-utils'
|
||||
- 'libnss-ldap'
|
||||
- 'libpam-ldap'
|
||||
|
||||
ldapclient::install::ubuntu::1404::tlscertpath: '/etc/ldap/cacert.pem'
|
||||
ldapclient::install::ubuntu::1404::pamhostcheck: 'yes'
|
||||
ldapclient::install::ubuntu::1404:::bashpath: '/bin/bash'
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
## This file is a puppet managed file. All local changes will be lost.
|
||||
|
||||
## This file is dervied from a puppet file,
|
||||
## modules/ldapclient/files/etc/nsswitch.conf
|
||||
|
||||
#
|
||||
# nsswitch.conf(5) - name service switch configuration file
|
||||
# $FreeBSD: release/10.0.0/etc/nsswitch.conf 224765 2011-08-10 20:52:02Z dougb $
|
||||
|
||||
group: cache files ldap
|
||||
group_compat: nis
|
||||
hosts: files dns
|
||||
networks: files
|
||||
passwd: cache files ldap
|
||||
passwd_compat: nis
|
||||
shells: files
|
||||
services: compat
|
||||
services_compat: nis
|
||||
protocols: files
|
||||
rpc: files#
|
|
@ -0,0 +1,23 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDzzCCAregAwIBAgIQTPLMa4HX+rhAHrwBhA3CEDANBgkqhkiG9w0BAQUFADB6
|
||||
MRIwEAYKCZImiZPyLGQBGRYCdWsxEjAQBgoJkiaJk/IsZAEZFgJhYzETMBEGCgmS
|
||||
JomT8ixkARkWA2NhbTETMBEGCgmSJomT8ixkARkWA2xpYjESMBAGCgmSJomT8ixk
|
||||
ARkWAmFkMRIwEAYDVQQDEwlBRERDMDEtQ0EwHhcNMTQwMTIxMTc1NDAyWhcNMTkw
|
||||
MTIxMTgwNDAyWjB6MRIwEAYKCZImiZPyLGQBGRYCdWsxEjAQBgoJkiaJk/IsZAEZ
|
||||
FgJhYzETMBEGCgmSJomT8ixkARkWA2NhbTETMBEGCgmSJomT8ixkARkWA2xpYjES
|
||||
MBAGCgmSJomT8ixkARkWAmFkMRIwEAYDVQQDEwlBRERDMDEtQ0EwggEiMA0GCSqG
|
||||
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqcxtQtSO0CVT9s+1dlalHtwU4lwjzI8+Z
|
||||
qs0XYdccLUcvpBVfz+Fj5QUPSEoYM2VlyOMWQY53EGEI5c+HrgExVOE/0JGZ/2AN
|
||||
UD1DyAMR1nSWGACPeAlYlG4bSdZxteXBKLrnGs2ohkxEcy7Zs2o05Bfd7wUbtAp+
|
||||
GnYNYTiRqZNAkyQKIdQEkCAkByg5sL2qnJElSn7bHgIWecW0kmFoB8ijRsHJKidJ
|
||||
EgTbOgAMDJsDMMYnF+jpmOnMlMYomMJyLjdrp5iDnfhSAAVkpVfCyy8CUPMVT7GS
|
||||
k5+1OF79tIavYGdCiKvXLvr5IuoeGky08/w5HlX5HKSepSuLsnPbAgMBAAGjUTBP
|
||||
MAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQiNqTglXb3
|
||||
bQRcqwXYXJVOIPwY6TAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQUFAAOC
|
||||
AQEABXj26bZec60rJ/0p/zVuWRIUTHtiSoU2itli90Sp9eoBS3ciY9nmxvZqw01t
|
||||
+zQE7eePlT3yETWAsgwQJG04MF8gH/3PHUBPRVNawB4mokhLg57pfodVBMQtFqhb
|
||||
8w/Nd5rp3Q9V9m2cuLKs8IGIs+3x/XI2nkKSXDMgbOTkNZDwxivNrbVO4adCR7Vi
|
||||
3DAyGWZuLMkh0KudVYRfiQSOAce5oAZnhgAGBpqCsVVlPZpUcYnEALbR6C8kV01I
|
||||
XGkxrZJEGQrr8G9yQaeOCqKbCEinauIZ95+W8gQHISp3wUzQY3wOWW80AmMQ8vb/
|
||||
pkZYwN0v22WKtm89gwHEl+HFTA==
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,19 @@
|
|||
#/etc/puppet/modules/ldapclient/manifests/init.pp
|
||||
|
||||
class ldapclient (
|
||||
$ldapclient_packages = [],
|
||||
$pkgprovider = '',
|
||||
$bashpath = '',
|
||||
$ldapcert = '',
|
||||
) {
|
||||
|
||||
package { $ldapclient_packages:
|
||||
ensure => installed,
|
||||
}
|
||||
|
||||
|
||||
class { "ldapclient::install::${asf_osname}::${asf_osrelease}":
|
||||
ldapcert => $ldapcert,
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,27 @@
|
|||
class ldapclient::FreeBSD::10.0-RELEASE (
|
||||
|
||||
|
||||
) {
|
||||
|
||||
file {
|
||||
'/usr/local/etc/openldap/ldap.conf':
|
||||
content => template('/usr/local/etc/puppet/modules/ldapclient/templates/openldap_ldap.conf.erb');
|
||||
'/usr/local/etc/ldap.conf':
|
||||
content => template('/usr/local/etc/puppet/modules/ldapclient/templates/ldap.conf.erb');
|
||||
'/usr/local/etc/nss_ldap.conf':
|
||||
ensure => link,
|
||||
target => '/usr/local/etc/ldap.conf',
|
||||
require => File['/usr/local/etc/ldap.conf'];
|
||||
'/etc/nsswitch.conf':
|
||||
source => 'puppet:///modules/ldapclient/etc/nsswitch.conf',
|
||||
require => File['/usr/local/etc/ldap.conf'];
|
||||
'/usr/local/etc/openldap/cacerts':
|
||||
ensure => directory,
|
||||
mode => 755;
|
||||
'/usr/local/etc/openldap/cacerts/ldap-client.pem':
|
||||
source => 'puppet:///modules/ldapclient/etc/ldap-client.pem',
|
||||
require => File['/etc/ldap/cacerts'];
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
class ldapclient::install::ubuntu::1404 (
|
||||
|
||||
$ldapcert = '',
|
||||
$pamhostcheck = '',
|
||||
$tlscertpath = '',
|
||||
|
||||
) {
|
||||
|
||||
file {
|
||||
'/etc/ldap.conf':
|
||||
content => template('/usr/local/etc/puppet/modules/ldapclient/templates/ldap.conf.erb');
|
||||
'/usr/local/etc/nss_ldap.conf':
|
||||
ensure => link,
|
||||
target => '/usr/local/etc/ldap.conf',
|
||||
require => File['/etc/ldap.conf'];
|
||||
'/etc/nsswitch.conf':
|
||||
source => 'puppet:///modules/ldapclient/etc/nsswitch.conf',
|
||||
require => File['/etc/ldap.conf'];
|
||||
'/etc/ldap/cacerts':
|
||||
ensure => directory,
|
||||
mode => 755;
|
||||
'/etc/ldap/cacerts/ldap-client.pem':
|
||||
content => $ldapcert,
|
||||
require => File['/etc/ldap/cacerts'];
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,293 @@
|
|||
## This file is a puppet managed file. All local changes will be lost
|
||||
|
||||
## This file is dervied from a puppet template,
|
||||
## modules/ldapclient/templates/usr/local/etc/openldap/ldap.conf.erb
|
||||
|
||||
|
||||
|
||||
# The distinguished name of the search base.
|
||||
base dc=apache,dc=org
|
||||
|
||||
# Another way to specify your LDAP server is to provide an
|
||||
# uri with the server name. This allows to use
|
||||
# Unix Domain Sockets to connect to a local LDAP Server.
|
||||
uri ldaps://minotaur.apache.org:636 ldaps://eris.apache.org:636 ldaps://harmonia.apache.org:636
|
||||
|
||||
|
||||
# The LDAP version to use (defaults to 3
|
||||
# if supported by client library)
|
||||
ldap_version 3
|
||||
|
||||
|
||||
# Path to ASF wide LDAP certificate
|
||||
TLS_CACERT <%= tlscertpath %>
|
||||
|
||||
|
||||
# The distinguished name to bind to the server with.
|
||||
# Optional: default is to bind anonymously.
|
||||
binddn cn=nss_ldap,ou=users,ou=services,dc=apache,dc=org
|
||||
|
||||
# The credentials to bind with.
|
||||
# Optional: default is no credential.
|
||||
bindpw b1t3m3
|
||||
|
||||
# The distinguished name to bind to the server with
|
||||
# if the effective user ID is root. Password is
|
||||
# stored in /etc/ldap.secret (mode 600)
|
||||
rootbinddn cn=root,dc=apache,dc=org
|
||||
|
||||
# The port.
|
||||
# Optional: default is 389.
|
||||
#port 389
|
||||
|
||||
# The search scope.
|
||||
scope sub
|
||||
#scope one
|
||||
#scope base
|
||||
|
||||
# Search timelimit
|
||||
timelimit 5
|
||||
|
||||
# Bind/connect timelimit
|
||||
bind_timelimit 3
|
||||
|
||||
# Reconnect policy: hard (default) will retry connecting to
|
||||
# the software with exponential backoff, soft will fail
|
||||
# immediately.
|
||||
bind_policy soft
|
||||
|
||||
|
||||
## Check if the account has been banned. If so the filter will prevent them
|
||||
## from being listed as a valid POSIX account.
|
||||
pam_filter !(asf-banned=yes)
|
||||
|
||||
|
||||
|
||||
# The user ID attribute (defaults to uid)
|
||||
pam_login_attribute uid
|
||||
|
||||
# Search the root DSE for the password policy (works
|
||||
# with Netscape Directory Server)
|
||||
#pam_lookup_policy yes
|
||||
|
||||
# Check the 'host' attribute for access control
|
||||
# Default is no; if set to yes, and user has no
|
||||
# value for the host attribute, and pam_ldap is
|
||||
# configured for account management (authorization)
|
||||
# then the user will not be allowed to login.
|
||||
|
||||
#pam_check_host_attr <%= pamhostcheck %>
|
||||
|
||||
|
||||
|
||||
# Check the 'authorizedService' attribute for access
|
||||
# control
|
||||
# Default is no; if set to yes, and the user has no
|
||||
# value for the authorizedService attribute, and
|
||||
# pam_ldap is configured for account management
|
||||
# (authorization) then the user will not be allowed
|
||||
# to login.
|
||||
#pam_check_service_attr yes
|
||||
|
||||
# Group to enforce membership of
|
||||
#pam_groupdn cn=PAM,ou=Groups,dc=padl,dc=com
|
||||
|
||||
# Group member attribute
|
||||
#pam_member_attribute uniquemember
|
||||
|
||||
# Specify a minium or maximum UID number allowed
|
||||
#pam_min_uid 0
|
||||
#pam_max_uid 0
|
||||
|
||||
# Template login attribute, default template user
|
||||
# (can be overriden by value of former attribute
|
||||
# in user's entry)
|
||||
#pam_login_attribute userPrincipalName
|
||||
#pam_template_login_attribute uid
|
||||
#pam_template_login nobody
|
||||
|
||||
# HEADS UP: the pam_crypt, pam_nds_passwd,
|
||||
# and pam_ad_passwd options are no
|
||||
# longer supported.
|
||||
#
|
||||
# Do not hash the password at all; presume
|
||||
# the directory server will do it, if
|
||||
# necessary. This is the default.
|
||||
#pam_password clear
|
||||
|
||||
# Hash password locally; required for University of
|
||||
# Michigan LDAP server, and works with Netscape
|
||||
# Directory Server if you're using the UNIX-Crypt
|
||||
# hash mechanism and not using the NT Synchronization
|
||||
# service.
|
||||
#pam_password crypt
|
||||
|
||||
# Remove old password first, then update in
|
||||
# cleartext. Necessary for use with Novell
|
||||
# Directory Services (NDS)
|
||||
#pam_password clear_remove_old
|
||||
#pam_password nds
|
||||
|
||||
# RACF is an alias for the above. For use with
|
||||
# IBM RACF
|
||||
#pam_password racf
|
||||
|
||||
# Update Active Directory password, by
|
||||
# creating Unicode password and updating
|
||||
# unicodePwd attribute.
|
||||
#pam_password ad
|
||||
|
||||
# Use the OpenLDAP password change
|
||||
# extended operation to update the password.
|
||||
#pam_password exop
|
||||
|
||||
# Redirect users to a URL or somesuch on password
|
||||
# changes.
|
||||
#pam_password_prohibit_message Please visit http://internal to change your password.
|
||||
|
||||
# RFC2307bis naming contexts
|
||||
# Syntax:
|
||||
# nss_base_XXX base?scope?filter
|
||||
# where scope is {base,one,sub}
|
||||
# and filter is a filter to be &'d with the
|
||||
# default filter.
|
||||
# You can omit the suffix eg:
|
||||
# nss_base_passwd ou=People,
|
||||
# to append the default base DN but this
|
||||
# may incur a small performance impact.
|
||||
|
||||
nss_base_passwd dc=apache,dc=org?sub
|
||||
nss_base_shadow dc=apache,dc=org?sub
|
||||
nss_base_group dc=apache,dc=org?sub
|
||||
|
||||
#nss_base_passwd ou=People,dc=padl,dc=com?one
|
||||
#nss_base_shadow ou=People,dc=padl,dc=com?one
|
||||
#nss_base_group ou=Group,dc=padl,dc=com?one
|
||||
#nss_base_hosts ou=Hosts,dc=padl,dc=com?one
|
||||
#nss_base_services ou=Services,dc=padl,dc=com?one
|
||||
#nss_base_networks ou=Networks,dc=padl,dc=com?one
|
||||
#nss_base_protocols ou=Protocols,dc=padl,dc=com?one
|
||||
#nss_base_rpc ou=Rpc,dc=padl,dc=com?one
|
||||
#nss_base_ethers ou=Ethers,dc=padl,dc=com?one
|
||||
#nss_base_netmasks ou=Networks,dc=padl,dc=com?ne
|
||||
#nss_base_bootparams ou=Ethers,dc=padl,dc=com?one
|
||||
#nss_base_aliases ou=Aliases,dc=padl,dc=com?one
|
||||
#nss_base_netgroup ou=Netgroup,dc=padl,dc=com?one
|
||||
|
||||
# attribute/objectclass mapping
|
||||
# Syntax:
|
||||
#nss_map_attribute rfc2307attribute mapped_attribute
|
||||
#nss_map_objectclass rfc2307objectclass mapped_objectclass
|
||||
|
||||
# configure --enable-nds is no longer supported.
|
||||
# NDS mappings
|
||||
#nss_map_attribute uniqueMember member
|
||||
|
||||
# Services for UNIX 3.5 mappings
|
||||
#nss_map_objectclass posixAccount User
|
||||
#nss_map_objectclass shadowAccount User
|
||||
#nss_map_attribute uid msSFU30Name
|
||||
#nss_map_attribute uniqueMember msSFU30PosixMember
|
||||
#nss_map_attribute userPassword msSFU30Password
|
||||
#nss_map_attribute homeDirectory msSFU30HomeDirectory
|
||||
#nss_map_attribute homeDirectory msSFUHomeDirectory
|
||||
#nss_map_objectclass posixGroup Group
|
||||
#pam_login_attribute msSFU30Name
|
||||
#pam_filter objectclass=User
|
||||
#pam_password ad
|
||||
|
||||
# configure --enable-mssfu-schema is no longer supported.
|
||||
# Services for UNIX 2.0 mappings
|
||||
#nss_map_objectclass posixAccount User
|
||||
#nss_map_objectclass shadowAccount user
|
||||
#nss_map_attribute uid msSFUName
|
||||
#nss_map_attribute uniqueMember posixMember
|
||||
#nss_map_attribute userPassword msSFUPassword
|
||||
#nss_map_attribute homeDirectory msSFUHomeDirectory
|
||||
#nss_map_attribute shadowLastChange pwdLastSet
|
||||
#nss_map_objectclass posixGroup Group
|
||||
#nss_map_attribute cn msSFUName
|
||||
#pam_login_attribute msSFUName
|
||||
#pam_filter objectclass=User
|
||||
#pam_password ad
|
||||
|
||||
# RFC 2307 (AD) mappings
|
||||
#nss_map_objectclass posixAccount user
|
||||
#nss_map_objectclass shadowAccount user
|
||||
#nss_map_attribute uid sAMAccountName
|
||||
#nss_map_attribute homeDirectory unixHomeDirectory
|
||||
#nss_map_attribute shadowLastChange pwdLastSet
|
||||
#nss_map_objectclass posixGroup group
|
||||
#nss_map_attribute uniqueMember member
|
||||
#pam_login_attribute sAMAccountName
|
||||
#pam_filter objectclass=User
|
||||
#pam_password ad
|
||||
#Uncomment the following line to override the default login shell
|
||||
# nss_override_attribute_value loginShell /usr/local/bin/bash
|
||||
|
||||
# configure --enable-authpassword is no longer supported
|
||||
# AuthPassword mappings
|
||||
#nss_map_attribute userPassword authPassword
|
||||
|
||||
# AIX SecureWay mappings
|
||||
#nss_map_objectclass posixAccount aixAccount
|
||||
#nss_base_passwd ou=aixaccount,?one
|
||||
#nss_map_attribute uid userName
|
||||
#nss_map_attribute gidNumber gid
|
||||
#nss_map_attribute uidNumber uid
|
||||
#nss_map_attribute userPassword passwordChar
|
||||
#nss_map_objectclass posixGroup aixAccessGroup
|
||||
#nss_base_group ou=aixgroup,?one
|
||||
#nss_map_attribute cn groupName
|
||||
#nss_map_attribute uniqueMember member
|
||||
#pam_login_attribute userName
|
||||
#pam_filter objectclass=aixAccount
|
||||
#pam_password clear
|
||||
|
||||
# Netscape SDK LDAPS
|
||||
#ssl on
|
||||
|
||||
# Netscape SDK SSL options
|
||||
#sslpath /etc/ssl/certs
|
||||
|
||||
# OpenLDAP SSL mechanism
|
||||
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
|
||||
#ssl start_tls
|
||||
#ssl on
|
||||
|
||||
# OpenLDAP SSL options
|
||||
# Require and verify server certificate (yes/no)
|
||||
# Default is to use libldap's default behavior, which can be configured in
|
||||
# /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for
|
||||
# OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes".
|
||||
#tls_checkpeer yes
|
||||
|
||||
#tls_cacert = /usr/local/etc/openldap/cert.pem
|
||||
|
||||
# CA certificates for server certificate verification
|
||||
# At least one of these are required if tls_checkpeer is "yes"
|
||||
#tls_cacertfile /etc/ssl/ca.cert
|
||||
#tls_cacertdir /etc/ssl/certs
|
||||
|
||||
# Seed the PRNG if /dev/urandom is not provided
|
||||
#tls_randfile /var/run/egd-pool
|
||||
|
||||
# SSL cipher suite
|
||||
# See man ciphers for syntax
|
||||
#tls_ciphers TLSv1
|
||||
|
||||
# Client certificate and key
|
||||
# Use these, if your server requires client authentication.
|
||||
#tls_cert
|
||||
#tls_key
|
||||
|
||||
# Disable SASL security layers. This is needed for AD.
|
||||
#sasl_secprops maxssf=0
|
||||
|
||||
# Override the default Kerberos ticket cache location.
|
||||
#krb5_ccname FILE:/etc/.ldapcache
|
||||
|
||||
# SASL mechanism for PAM authentication - use is experimental
|
||||
# at present and does not support password policy control
|
||||
#pam_sasl_mech DIGEST-MD5
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
## This file is a puppet managed file. All local changes will be lost
|
||||
|
||||
## This file is dervied from a puppet template,
|
||||
## modules/ldapclient/templates/usr/local/etc/openldap/ldap.conf.erb
|
||||
|
||||
|
||||
|
||||
# LDAP Defaults
|
||||
#
|
||||
|
||||
# See ldap.conf(5) for details
|
||||
# This file should be world readable but not world writable.
|
||||
|
||||
base dc=apache,dc=org
|
||||
uri ldaps://minotaur.apache.org:636 ldaps://eris.apache.org:636 ldaps://harmonia.apache.org:636
|
||||
|
||||
|
||||
#SIZELIMIT 12
|
||||
#TIMELIMIT 15
|
||||
#DEREF never
|
||||
|
||||
ssl start_tls
|
||||
tls_cacert <%= tlscertpath %>
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
|
||||
pam::sshd_90_modulepath: 'pam_permit.so'
|
||||
|
|
@ -0,0 +1,266 @@
|
|||
---
|
||||
# Files to manage
|
||||
pam::pam_sshd: '/etc/pam.d/sshd'
|
||||
pam::pam_su: '/etc/pam.d/su'
|
||||
pam::pam_system: '/etc/pam.d/system'
|
||||
|
||||
|
||||
pam::generic_header: |
|
||||
#
|
||||
# $FreeBSD: release/10.0.0/etc/pam.d/system 197769 2009-10-05 09:28:54Z des $
|
||||
#
|
||||
# System-wide defaults
|
||||
#
|
||||
|
||||
|
||||
## pam.d/sshd
|
||||
pam::sshd_10_facility: 'auth'
|
||||
pam::sshd_10_control: 'sufficient'
|
||||
pam::sshd_10_modulepath: 'pam_opie.so'
|
||||
pam::sshd_10_modopts: 'no_warn no_fake_prompts'
|
||||
|
||||
pam::sshd_15_facility: 'auth'
|
||||
pam::sshd_15_control: 'sufficient'
|
||||
pam::sshd_15_modulepath: '/usr/local/lib/pam_ldap.so'
|
||||
pam::sshd_15_modopts: 'no_warn'
|
||||
|
||||
pam::sshd_20_facility: 'auth'
|
||||
pam::sshd_20_control: 'requisite'
|
||||
pam::sshd_20_modulepath: 'pam_opieaccess.so'
|
||||
pam::sshd_20_modopts: 'no_warn allow_local'
|
||||
|
||||
pam::sshd_25_facility: '#auth'
|
||||
pam::sshd_25_control: 'sufficient'
|
||||
pam::sshd_25_modulepath: 'pam_krb5.so'
|
||||
pam::sshd_25_modopts: 'no_warn try_first_pass'
|
||||
|
||||
pam::sshd_30_facility: '#auth'
|
||||
pam::sshd_30_control: 'sufficient'
|
||||
pam::sshd_30_modulepath: 'pam_ssh.so'
|
||||
pam::sshd_30_modopts: 'no_warn try_first_pass'
|
||||
|
||||
pam::sshd_35_facility: 'auth'
|
||||
pam::sshd_35_control: 'required'
|
||||
pam::sshd_35_modulepath: 'pam_unix.so'
|
||||
pam::sshd_35_modopts: 'no_warn try_first_pass'
|
||||
|
||||
pam::sshd_50_facility: 'account'
|
||||
pam::sshd_50_control: 'required'
|
||||
pam::sshd_50_modulepath: 'pam_nologin.so'
|
||||
pam::sshd_50_modopts: ''
|
||||
|
||||
pam::sshd_55_facility: '#account'
|
||||
pam::sshd_55_control: 'required'
|
||||
pam::sshd_55_modulepath: 'pam_krb5.so'
|
||||
pam::sshd_55_modopts: ''
|
||||
|
||||
pam::sshd_60_facility: 'account'
|
||||
pam::sshd_60_control: 'required'
|
||||
pam::sshd_60_modulepath: 'pam_login_access.so'
|
||||
pam::sshd_60_modopts: ''
|
||||
|
||||
pam::sshd_65_facility: 'account'
|
||||
pam::sshd_65_control: 'required'
|
||||
pam::sshd_65_modulepath: '/usr/local/lib/pam_ldap.so'
|
||||
pam::sshd_65_modopts: 'no_warn ignore_authinfo_unavail ignore_unknown_user'
|
||||
|
||||
pam::sshd_70_facility: 'account'
|
||||
pam::sshd_70_control: 'required'
|
||||
pam::sshd_70_modulepath: 'pam_unix.so'
|
||||
pam::sshd_70_modopts: ''
|
||||
|
||||
pam::sshd_80_facility: '#session'
|
||||
pam::sshd_80_control: 'optional'
|
||||
pam::sshd_80_modulepath: 'pam_ssh.so'
|
||||
pam::sshd_80_modopts: 'want_agent'
|
||||
|
||||
pam::sshd_85_facility: 'session'
|
||||
pam::sshd_85_control: 'required'
|
||||
pam::sshd_85_modulepath: '/usr/local/lib/pam_mkhomedir.so'
|
||||
pam::sshd_85_modopts: 'umask=0077'
|
||||
|
||||
pam::sshd_90_facility: 'session'
|
||||
pam::sshd_90_control: 'required'
|
||||
pam::sshd_90_modulepath: 'pam_permit.so'
|
||||
pam::sshd_90_modopts: ''
|
||||
|
||||
pam::sshd_95_facility: '#password'
|
||||
pam::sshd_95_control: 'sufficient'
|
||||
pam::sshd_95_modulepath: 'pam_krb5.so'
|
||||
pam::sshd_95_modopts: 'no_warn try_first_pass'
|
||||
|
||||
pam::sshd_100_facility: 'password'
|
||||
pam::sshd_100_control: 'required'
|
||||
pam::sshd_100_modulepath: 'pam_unix.so'
|
||||
pam::sshd_100_modopts: 'no_warn try_first_pass'
|
||||
|
||||
|
||||
## pam.d/su
|
||||
pam::su_10_facility: 'auth'
|
||||
pam::su_10_control: 'sufficient'
|
||||
pam::su_10_modulepath: 'pam_rootok.so'
|
||||
pam::su_10_modopts: 'no_warn'
|
||||
|
||||
pam::su_15_facility: 'auth'
|
||||
pam::su_15_control: 'sufficient'
|
||||
pam::su_15_modulepath: 'pam_self.so'
|
||||
pam::su_15_modopts: 'no_warn'
|
||||
|
||||
pam::su_20_facility: 'auth'
|
||||
pam::su_20_control: 'requisite'
|
||||
pam::su_20_modulepath: 'pam_group.so'
|
||||
pam::su_20_modopts: 'no_warn group=wheel root_only fail_safe ruser'
|
||||
|
||||
pam::su_25_facility: 'auth'
|
||||
pam::su_25_control: 'include'
|
||||
pam::su_25_modulepath: 'system'
|
||||
pam::su_25_modopts: ''
|
||||
|
||||
pam::su_30_facility: ''
|
||||
pam::su_30_control: ''
|
||||
pam::su_30_modulepath: ''
|
||||
pam::su_30_modopts: ''
|
||||
|
||||
pam::su_35_facility: ''
|
||||
pam::su_35_control: ''
|
||||
pam::su_35_modulepath: ''
|
||||
pam::su_35_modopts: ''
|
||||
|
||||
pam::su_50_facility: 'account'
|
||||
pam::su_50_control: 'include'
|
||||
pam::su_50_modulepath: 'system'
|
||||
pam::su_50_modopts: ''
|
||||
|
||||
pam::su_55_facility: ''
|
||||
pam::su_55_control: ''
|
||||
pam::su_55_modulepath: ''
|
||||
pam::su_55_modopts: ''
|
||||
|
||||
pam::su_60_facility: ''
|
||||
pam::su_60_control: ''
|
||||
pam::su_60_modulepath: ''
|
||||
pam::su_60_modopts: ''
|
||||
|
||||
pam::su_65_facility: ''
|
||||
pam::su_65_control: ''
|
||||
pam::su_65_modulepath: ''
|
||||
pam::su_65_modopts: ''
|
||||
|
||||
pam::su_70_facility: ''
|
||||
pam::su_70_control: ''
|
||||
pam::su_70_modulepath: ''
|
||||
pam::su_70_modopts: ''
|
||||
|
||||
pam::su_80_facility: 'session'
|
||||
pam::su_80_control: 'required'
|
||||
pam::su_80_modulepath: 'pam_permit.so'
|
||||
pam::su_80_modopts: ''
|
||||
|
||||
pam::su_85_facility: 'session'
|
||||
pam::su_85_control: 'required'
|
||||
pam::su_85_modulepath: '/usr/local/lib/pam_mkhomedir.so'
|
||||
pam::su_85_modopts: 'umask=0077'
|
||||
|
||||
pam::su_90_facility: ''
|
||||
pam::su_90_control: ''
|
||||
pam::su_90_modulepath: ''
|
||||
pam::su_90_modopts: ''
|
||||
|
||||
pam::su_95_facility: ''
|
||||
pam::su_95_control: ''
|
||||
pam::su_95_modulepath: ''
|
||||
pam::su_95_modopts: ''
|
||||
|
||||
pam::su_100_facility: ''
|
||||
pam::su_100_control: ''
|
||||
pam::su_100_modulepath: ''
|
||||
pam::su_100_modopts: ''
|
||||
|
||||
|
||||
## pam.d/system
|
||||
pam::system_10_facility: 'auth'
|
||||
pam::system_10_control: 'sufficient'
|
||||
pam::system_10_modulepath: 'pam_opie.so'
|
||||
pam::system_10_modopts: 'no_warn no_fake_prompts'
|
||||
|
||||
pam::system_15_facility: 'auth'
|
||||
pam::system_15_control: 'sufficient'
|
||||
pam::system_15_modulepath: '/usr/local/lib/pam_ldap.so'
|
||||
pam::system_15_modopts: 'no_warn'
|
||||
|
||||
pam::system_20_facility: 'auth'
|
||||
pam::system_20_control: 'requisite'
|
||||
pam::system_20_modulepath: 'pam_opieaccess.so'
|
||||
pam::system_20_modopts: 'no_warn allow_local'
|
||||
|
||||
pam::system_25_facility: '#auth'
|
||||
pam::system_25_control: 'systemfficient'
|
||||
pam::system_25_modulepath: 'pam_krb5.so'
|
||||
pam::system_25_modopts: 'no_warn try_first_pass'
|
||||
|
||||
pam::system_30_facility: '#auth'
|
||||
pam::system_30_control: 'systemfficient'
|
||||
pam::system_30_modulepath: 'pam_ssh.so'
|
||||
pam::system_30_modopts: 'no_warn try_first_pass'
|
||||
|
||||
pam::system_35_facility: 'auth'
|
||||
pam::system_35_control: 'required'
|
||||
pam::system_35_modulepath: 'pam_unix.so'
|
||||
pam::system_35_modopts: 'no_warn try_first_pass nullok'
|
||||
|
||||
pam::system_50_facility: ''
|
||||
pam::system_50_control: ''
|
||||
pam::system_50_modulepath: ''
|
||||
pam::system_50_modopts: ''
|
||||
|
||||
pam::system_55_facility: '#account'
|
||||
pam::system_55_control: 'required'
|
||||
pam::system_55_modulepath: 'pam_krb5.so'
|
||||
pam::system_55_modopts: ''
|
||||
|
||||
pam::system_60_facility: 'account'
|
||||
pam::system_60_control: 'required'
|
||||
pam::system_60_modulepath: 'pam_login_access.so'
|
||||
pam::system_60_modopts: ''
|
||||
|
||||
pam::system_65_facility: 'account'
|
||||
pam::system_65_control: 'required'
|
||||
pam::system_65_modulepath: '/usr/local/lib/pam_ldap.so'
|
||||
pam::system_65_modopts: 'no_warn ignore_authinfo_unavail ignore_unknown_user'
|
||||
|
||||
pam::system_70_facility: 'account'
|
||||
pam::system_70_control: 'required'
|
||||
pam::system_70_modulepath: 'pam_unix.so'
|
||||
pam::system_70_modopts: ''
|
||||
|
||||
pam::system_80_facility: '#session'
|
||||
pam::system_80_control: 'optional'
|
||||
pam::system_80_modulepath: 'pam_ssh.so'
|
||||
pam::system_80_modopts: 'want_agent'
|
||||
|
||||
pam::system_85_facility: 'session'
|
||||
pam::system_85_control: 'required'
|
||||
pam::system_85_modulepath: '/usr/local/lib/pam_mkhomedir.so'
|
||||
pam::system_85_modopts: 'umask=0022'
|
||||
|
||||
pam::system_90_facility: 'session'
|
||||
pam::system_90_control: 'required'
|
||||
pam::system_90_modulepath: 'pam_lastlog.so'
|
||||
pam::system_90_modopts: 'no_fail'
|
||||
|
||||
pam::system_95_facility: '#password'
|
||||
pam::system_95_control: 'sufficient'
|
||||
pam::system_95_modulepath: 'pam_krb5.so'
|
||||
pam::system_95_modopts: 'no_warn try_first_pass'
|
||||
|
||||
pam::system_100_facility: 'password'
|
||||
pam::system_100_control: 'required'
|
||||
pam::system_100_modulepath: 'pam_unix.so'
|
||||
pam::system_100_modopts: 'no_warn try_first_pass'
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
:hierarchy:
|
||||
- "%{asf_osname}/%{asf_osrelease}"
|
||||
- "common"
|
||||
|
||||
:yaml:
|
||||
:datadir: .
|
|
@ -0,0 +1,265 @@
|
|||
---
|
||||
# Files to manage
|
||||
pam::pam_sshd: '/etc/pam.d/sshd'
|
||||
pam::pam_su: '/etc/pam.d/su'
|
||||
pam::pam_system: '/etc/pam.d/system'
|
||||
|
||||
|
||||
pam::generic_header: |
|
||||
#
|
||||
# # PAM configuration for the Secure Shell service
|
||||
#
|
||||
#
|
||||
|
||||
|
||||
## pam.d/sshd
|
||||
pam::sshd_10_facility: 'auth'
|
||||
pam::sshd_10_control: 'required'
|
||||
pam::sshd_10_modulepath: 'pam_env.so'
|
||||
pam::sshd_10_modopts: ''
|
||||
|
||||
pam::sshd_15_facility: 'auth'
|
||||
pam::sshd_15_control: 'required'
|
||||
pam::sshd_15_modulepath: 'pam_env.so'
|
||||
pam::sshd_15_modopts: 'envfile=/etc/default/locale'
|
||||
|
||||
pam::sshd_20_facility: '@include'
|
||||
pam::sshd_20_control: 'common-auth'
|
||||
pam::sshd_20_modulepath: ''
|
||||
pam::sshd_20_modopts: ''
|
||||
|
||||
pam::sshd_25_facility: 'account'
|
||||
pam::sshd_25_control: 'required'
|
||||
pam::sshd_25_modulepath: 'pam_nologin.so'
|
||||
pam::sshd_25_modopts: ''
|
||||
|
||||
pam::sshd_30_facility: '@include'
|
||||
pam::sshd_30_control: 'common-account'
|
||||
pam::sshd_30_modulepath: ''
|
||||
pam::sshd_30_modopts: ''
|
||||
|
||||
pam::sshd_35_facility: '@include'
|
||||
pam::sshd_35_control: 'common-session'
|
||||
pam::sshd_35_modulepath: ''
|
||||
pam::sshd_35_modopts: ''
|
||||
|
||||
pam::sshd_50_facility: 'session'
|
||||
pam::sshd_50_control: 'optional'
|
||||
pam::sshd_50_modulepath: 'pam_motd.so'
|
||||
pam::sshd_50_modopts: ''
|
||||
|
||||
pam::sshd_55_facility: 'session'
|
||||
pam::sshd_55_control: 'optional'
|
||||
pam::sshd_55_modulepath: 'pam_mail.so'
|
||||
pam::sshd_55_modopts: 'standard noenv'
|
||||
|
||||
pam::sshd_60_facility: 'session'
|
||||
pam::sshd_60_control: 'required'
|
||||
pam::sshd_60_modulepath: 'pam_limits.so'
|
||||
pam::sshd_60_modopts: ''
|
||||
|
||||
pam::sshd_65_facility: 'session'
|
||||
pam::sshd_65_control: 'required'
|
||||
pam::sshd_65_modulepath: 'pam_limits.so'
|
||||
pam::sshd_65_modopts: ''
|
||||
|
||||
pam::sshd_70_facility: '#session'
|
||||
pam::sshd_70_control: 'required'
|
||||
pam::sshd_70_modulepath: 'pam_selinux.so'
|
||||
pam::sshd_70_modopts: 'multiple'
|
||||
|
||||
pam::sshd_80_facility: '@include'
|
||||
pam::sshd_80_control: 'common-password'
|
||||
pam::sshd_80_modulepath: ''
|
||||
pam::sshd_80_modopts: ''
|
||||
|
||||
pam::sshd_85_facility: ''
|
||||
pam::sshd_85_control: ''
|
||||
pam::sshd_85_modulepath: ''
|
||||
pam::sshd_85_modopts: ''
|
||||
|
||||
pam::sshd_90_facility: ''
|
||||
pam::sshd_90_control: ''
|
||||
pam::sshd_90_modulepath: ''
|
||||
pam::sshd_90_modopts: ''
|
||||
|
||||
pam::sshd_95_facility: ''
|
||||
pam::sshd_95_control: ''
|
||||
pam::sshd_95_modulepath: ''
|
||||
pam::sshd_95_modopts: ''
|
||||
|
||||
pam::sshd_100_facility: ''
|
||||
pam::sshd_100_control: ''
|
||||
pam::sshd_100_modulepath: ''
|
||||
pam::sshd_100_modopts: ''
|
||||
|
||||
|
||||
## pam.d/su
|
||||
pam::su_10_facility: 'auth'
|
||||
pam::su_10_control: 'sufficient'
|
||||
pam::su_10_modulepath: 'pam_rootok.so'
|
||||
pam::su_10_modopts: ''
|
||||
|
||||
pam::su_15_facility: '#auth'
|
||||
pam::su_15_control: 'required'
|
||||
pam::su_15_modulepath: 'pam_wheel.so'
|
||||
pam::su_15_modopts: ''
|
||||
|
||||
pam::su_20_facility: '#auth'
|
||||
pam::su_20_control: 'sufficient'
|
||||
pam::su_20_modulepath: 'pam_wheel.so'
|
||||
pam::su_20_modopts: 'trust'
|
||||
|
||||
pam::su_25_facility: '#auth'
|
||||
pam::su_25_control: 'required'
|
||||
pam::su_25_modulepath: 'pam_wheel.so'
|
||||
pam::su_25_modopts: 'deny group=nosu'
|
||||
|
||||
pam::su_30_facility: '#account'
|
||||
pam::su_30_control: 'requisite'
|
||||
pam::su_30_modulepath: 'pam_time.so'
|
||||
pam::su_30_modopts: ''
|
||||
|
||||
pam::su_35_facility: 'session'
|
||||
pam::su_35_control: 'required'
|
||||
pam::su_35_modulepath: 'pam_env.so'
|
||||
pam::su_35_modopts: 'readenv=1'
|
||||
|
||||
pam::su_50_facility: 'session'
|
||||
pam::su_50_control: 'required'
|
||||
pam::su_50_modulepath: 'pam_env.so'
|
||||
pam::su_50_modopts: 'readenv=1 envfile=/etc/default/locale'
|
||||
|
||||
pam::su_55_facility: 'session'
|
||||
pam::su_55_control: 'optional'
|
||||
pam::su_55_modulepath: 'pam_mail.so'
|
||||
pam::su_55_modopts: 'nopen'
|
||||
|
||||
pam::su_60_facility: 'session'
|
||||
pam::su_60_control: 'required'
|
||||
pam::su_60_modulepath: 'pam_limits.so'
|
||||
pam::su_60_modopts: ''
|
||||
|
||||
pam::su_65_facility: '@include'
|
||||
pam::su_65_control: 'common-auth'
|
||||
pam::su_65_modulepath: ''
|
||||
pam::su_65_modopts: ''
|
||||
|
||||
pam::su_70_facility: '@include'
|
||||
pam::su_70_control: 'common-account'
|
||||
pam::su_70_modulepath: ''
|
||||
pam::su_70_modopts: ''
|
||||
|
||||
pam::su_80_facility: '@include'
|
||||
pam::su_80_control: 'common-session'
|
||||
pam::su_80_modulepath: ''
|
||||
pam::su_80_modopts: ''
|
||||
|
||||
pam::su_85_facility: ''
|
||||
pam::su_85_control: ''
|
||||
pam::su_85_modulepath: ''
|
||||
pam::su_85_modopts: ''
|
||||
|
||||
pam::su_90_facility: ''
|
||||
pam::su_90_control: ''
|
||||
pam::su_90_modulepath: ''
|
||||
pam::su_90_modopts: ''
|
||||
|
||||
pam::su_95_facility: ''
|
||||
pam::su_95_control: ''
|
||||
pam::su_95_modulepath: ''
|
||||
pam::su_95_modopts: ''
|
||||
|
||||
pam::su_100_facility: ''
|
||||
pam::su_100_control: ''
|
||||
pam::su_100_modulepath: ''
|
||||
pam::su_100_modopts: ''
|
||||
|
||||
|
||||
## pam.d/system
|
||||
pam::system_10_facility: 'auth'
|
||||
pam::system_10_control: 'sufficient'
|
||||
pam::system_10_modulepath: 'pam_opie.so'
|
||||
pam::system_10_modopts: 'no_warn no_fake_prompts'
|
||||
|
||||
pam::system_15_facility: 'auth'
|
||||
pam::system_15_control: 'sufficient'
|
||||
pam::system_15_modulepath: '/usr/local/lib/pam_ldap.so'
|
||||
pam::system_15_modopts: 'no_warn'
|
||||
|
||||
pam::system_20_facility: 'auth'
|
||||
pam::system_20_control: 'requisite'
|
||||
pam::system_20_modulepath: 'pam_opieaccess.so'
|
||||
pam::system_20_modopts: 'no_warn allow_local'
|
||||
|
||||
pam::system_25_facility: '#auth'
|
||||
pam::system_25_control: 'systemfficient'
|
||||
pam::system_25_modulepath: 'pam_krb5.so'
|
||||
pam::system_25_modopts: 'no_warn try_first_pass'
|
||||
|
||||
pam::system_30_facility: '#auth'
|
||||
pam::system_30_control: 'systemfficient'
|
||||
pam::system_30_modulepath: 'pam_ssh.so'
|
||||
pam::system_30_modopts: 'no_warn try_first_pass'
|
||||
|
||||
pam::system_35_facility: 'auth'
|
||||
pam::system_35_control: 'required'
|
||||
pam::system_35_modulepath: 'pam_unix.so'
|
||||
pam::system_35_modopts: 'no_warn try_first_pass nullok'
|
||||
|
||||
pam::system_50_facility: ''
|
||||
pam::system_50_control: ''
|
||||
pam::system_50_modulepath: ''
|
||||
pam::system_50_modopts: ''
|
||||
|
||||
pam::system_55_facility: '#account'
|
||||
pam::system_55_control: 'required'
|
||||
pam::system_55_modulepath: 'pam_krb5.so'
|
||||
pam::system_55_modopts: ''
|
||||
|
||||
pam::system_60_facility: 'account'
|
||||
pam::system_60_control: 'required'
|
||||
pam::system_60_modulepath: 'pam_login_access.so'
|
||||
pam::system_60_modopts: ''
|
||||
|
||||
pam::system_65_facility: 'account'
|
||||
pam::system_65_control: 'required'
|
||||
pam::system_65_modulepath: '/usr/local/lib/pam_ldap.so'
|
||||
pam::system_65_modopts: 'no_warn ignore_authinfo_unavail ignore_unknown_user'
|
||||
|
||||
pam::system_70_facility: 'account'
|
||||
pam::system_70_control: 'required'
|
||||
pam::system_70_modulepath: 'pam_unix.so'
|
||||
pam::system_70_modopts: ''
|
||||
|
||||
pam::system_80_facility: '#session'
|
||||
pam::system_80_control: 'optional'
|
||||
pam::system_80_modulepath: 'pam_ssh.so'
|
||||
pam::system_80_modopts: 'want_agent'
|
||||
|
||||
pam::system_85_facility: 'session'
|
||||
pam::system_85_control: 'required'
|
||||
pam::system_85_modulepath: '/usr/local/lib/pam_mkhomedir.so'
|
||||
pam::system_85_modopts: 'umask=0022'
|
||||
|
||||
pam::system_90_facility: 'session'
|
||||
pam::system_90_control: 'required'
|
||||
pam::system_90_modulepath: 'pam_lastlog.so'
|
||||
pam::system_90_modopts: 'no_fail'
|
||||
|
||||
pam::system_95_facility: '#password'
|
||||
pam::system_95_control: 'sufficient'
|
||||
pam::system_95_modulepath: 'pam_krb5.so'
|
||||
pam::system_95_modopts: 'no_warn try_first_pass'
|
||||
|
||||
pam::system_100_facility: 'password'
|
||||
pam::system_100_control: 'required'
|
||||
pam::system_100_modulepath: 'pam_unix.so'
|
||||
pam::system_100_modopts: 'no_warn try_first_pass'
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,788 @@
|
|||
class pam (
|
||||
|
||||
## Files being managed. These are the default
|
||||
## values. As these seem like generic sane defaults.
|
||||
## However you should note that hiera should be populating them.
|
||||
$pam_sshd = "",
|
||||
$pam_su = "",
|
||||
$pam_system = "",
|
||||
|
||||
|
||||
## Content variables, as found in hiera data
|
||||
$generic_header = "",
|
||||
|
||||
|
||||
## Data variables
|
||||
|
||||
## pam.d/sshd
|
||||
$sshd_10_facility = "",
|
||||
$sshd_10_control = "",
|
||||
$sshd_10_modulepath = "",
|
||||
$sshd_10_modopts = "",
|
||||
|
||||
$sshd_15_facility = "",
|
||||
$sshd_15_control = "",
|
||||
$sshd_15_modulepath = "",
|
||||
$sshd_15_modopts = "",
|
||||
|
||||
$sshd_20_facility = "",
|
||||
$sshd_20_control = "",
|
||||
$sshd_20_modulepath = "",
|
||||
$sshd_20_modopts = "",
|
||||
|
||||
$sshd_25_facility = "",
|
||||
$sshd_25_control = "",
|
||||
$sshd_25_modulepath = "",
|
||||
$sshd_25_modopts = "",
|
||||
|
||||
$sshd_30_facility = "",
|
||||
$sshd_30_control = "",
|
||||
$sshd_30_modulepath = "",
|
||||
$sshd_30_modopts = "",
|
||||
|
||||
$sshd_35_facility = "",
|
||||
$sshd_35_control = "",
|
||||
$sshd_35_modulepath = "",
|
||||
$sshd_35_modopts = "",
|
||||
|
||||
$sshd_40_facility = "",
|
||||
$sshd_40_control = "",
|
||||
$sshd_40_modulepath = "",
|
||||
$sshd_40_modopts = "",
|
||||
|
||||
$sshd_45_facility = "",
|
||||
$sshd_45_control = "",
|
||||
$sshd_45_modulepath = "",
|
||||
$sshd_45_modopts = "",
|
||||
|
||||
$sshd_50_facility = "",
|
||||
$sshd_50_control = "",
|
||||
$sshd_50_modulepath = "",
|
||||
$sshd_50_modopts = "",
|
||||
|
||||
$sshd_55_facility = "",
|
||||
$sshd_55_control = "",
|
||||
$sshd_55_modulepath = "",
|
||||
$sshd_55_modopts = "",
|
||||
|
||||
$sshd_60_facility = "",
|
||||
$sshd_60_control = "",
|
||||
$sshd_60_modulepath = "",
|
||||
$sshd_60_modopts = "",
|
||||
|
||||
$sshd_65_facility = "",
|
||||
$sshd_65_control = "",
|
||||
$sshd_65_modulepath = "",
|
||||
$sshd_65_modopts = "",
|
||||
|
||||
$sshd_70_facility = "",
|
||||
$sshd_70_control = "",
|
||||
$sshd_70_modulepath = "",
|
||||
$sshd_70_modopts = "",
|
||||
|
||||
$sshd_75_facility = "",
|
||||
$sshd_75_control = "",
|
||||
$sshd_75_modulepath = "",
|
||||
$sshd_75_modopts = "",
|
||||
|
||||
$sshd_80_facility = "",
|
||||
$sshd_80_control = "",
|
||||
$sshd_80_modulepath = "",
|
||||
$sshd_80_modopts = "",
|
||||
|
||||
$sshd_85_facility = "",
|
||||
$sshd_85_control = "",
|
||||
$sshd_85_modulepath = "",
|
||||
$sshd_85_modopts = "",
|
||||
|
||||
$sshd_90_facility = "",
|
||||
$sshd_90_control = "",
|
||||
$sshd_90_modulepath = "",
|
||||
$sshd_90_modopts = "",
|
||||
|
||||
$sshd_95_facility = "",
|
||||
$sshd_95_control = "",
|
||||
$sshd_95_modulepath = "",
|
||||
$sshd_95_modopts = "",
|
||||
|
||||
$sshd_100_facility = "",
|
||||
$sshd_100_control = "",
|
||||
$sshd_100_modulepath = "",
|
||||
$sshd_100_modopts = "",
|
||||
|
||||
|
||||
## pam.d/su
|
||||
$su_10_facility = "",
|
||||
$su_10_control = "",
|
||||
$su_10_modulepath = "",
|
||||
$su_10_modopts = "",
|
||||
|
||||
$su_15_facility = "",
|
||||
$su_15_control = "",
|
||||
$su_15_modulepath = "",
|
||||
$su_15_modopts = "",
|
||||
|
||||
$su_20_facility = "",
|
||||
$su_20_control = "",
|
||||
$su_20_modulepath = "",
|
||||
$su_20_modopts = "",
|
||||
|
||||
$su_25_facility = "",
|
||||
$su_25_control = "",
|
||||
$su_25_modulepath = "",
|
||||
$su_25_modopts = "",
|
||||
|
||||
$su_30_facility = "",
|
||||
$su_30_control = "",
|
||||
$su_30_modulepath = "",
|
||||
$su_30_modopts = "",
|
||||
|
||||
$su_35_facility = "",
|
||||
$su_35_control = "",
|
||||
$su_35_modulepath = "",
|
||||
$su_35_modopts = "",
|
||||
|
||||
$su_40_facility = "",
|
||||
$su_40_control = "",
|
||||
$su_40_modulepath = "",
|
||||
$su_40_modopts = "",
|
||||
|
||||
$su_45_facility = "",
|
||||
$su_45_control = "",
|
||||
$su_45_modulepath = "",
|
||||
$su_45_modopts = "",
|
||||
|
||||
$su_50_facility = "",
|
||||
$su_50_control = "",
|
||||
$su_50_modulepath = "",
|
||||
$su_50_modopts = "",
|
||||
|
||||
$su_55_facility = "",
|
||||
$su_55_control = "",
|
||||
$su_55_modulepath = "",
|
||||
$su_55_modopts = "",
|
||||
|
||||
$su_60_facility = "",
|
||||
$su_60_control = "",
|
||||
$su_60_modulepath = "",
|
||||
$su_60_modopts = "",
|
||||
|
||||
$su_65_facility = "",
|
||||
$su_65_control = "",
|
||||
$su_65_modulepath = "",
|
||||
$su_65_modopts = "",
|
||||
|
||||
$su_70_facility = "",
|
||||
$su_70_control = "",
|
||||
$su_70_modulepath = "",
|
||||
$su_70_modopts = "",
|
||||
|
||||
$su_75_facility = "",
|
||||
$su_75_control = "",
|
||||
$su_75_modulepath = "",
|
||||
$su_75_modopts = "",
|
||||
|
||||
$su_80_facility = "",
|
||||
$su_80_control = "",
|
||||
$su_80_modulepath = "",
|
||||
$su_80_modopts = "",
|
||||
|
||||
$su_85_facility = "",
|
||||
$su_85_control = "",
|
||||
$su_85_modulepath = "",
|
||||
$su_85_modopts = "",
|
||||
|
||||
$su_90_facility = "",
|
||||
$su_90_control = "",
|
||||
$su_90_modulepath = "",
|
||||
$su_90_modopts = "",
|
||||
|
||||
$su_95_facility = "",
|
||||
$su_95_control = "",
|
||||
$su_95_modulepath = "",
|
||||
$su_95_modopts = "",
|
||||
|
||||
$su_100_facility = "",
|
||||
$su_100_control = "",
|
||||
$su_100_modulepath = "",
|
||||
$su_100_modopts = "",
|
||||
|
||||
|
||||
## pam.d/system
|
||||
$system_10_facility = "",
|
||||
$system_10_control = "",
|
||||
$system_10_modulepath = "",
|
||||
$system_10_modopts = "",
|
||||
|
||||
$system_15_facility = "",
|
||||
$system_15_control = "",
|
||||
$system_15_modulepath = "",
|
||||
$system_15_modopts = "",
|
||||
|
||||
$system_20_facility = "",
|
||||
$system_20_control = "",
|
||||
$system_20_modulepath = "",
|
||||
$system_20_modopts = "",
|
||||
|
||||
$system_25_facility = "",
|
||||
$system_25_control = "",
|
||||
$system_25_modulepath = "",
|
||||
$system_25_modopts = "",
|
||||
|
||||
$system_30_facility = "",
|
||||
$system_30_control = "",
|
||||
$system_30_modulepath = "",
|
||||
$system_30_modopts = "",
|
||||
|
||||
$system_35_facility = "",
|
||||
$system_35_control = "",
|
||||
$system_35_modulepath = "",
|
||||
$system_35_modopts = "",
|
||||
|
||||
$system_40_facility = "",
|
||||
$system_40_control = "",
|
||||
$system_40_modulepath = "",
|
||||
$system_40_modopts = "",
|
||||
|
||||
$system_45_facility = "",
|
||||
$system_45_control = "",
|
||||
$system_45_modulepath = "",
|
||||
$system_45_modopts = "",
|
||||
|
||||
$system_50_facility = "",
|
||||
$system_50_control = "",
|
||||
$system_50_modulepath = "",
|
||||
$system_50_modopts = "",
|
||||
|
||||
$system_55_facility = "",
|
||||
$system_55_control = "",
|
||||
$system_55_modulepath = "",
|
||||
$system_55_modopts = "",
|
||||
|
||||
$system_60_facility = "",
|
||||
$system_60_control = "",
|
||||
$system_60_modulepath = "",
|
||||
$system_60_modopts = "",
|
||||
|
||||
$system_65_facility = "",
|
||||
$system_65_control = "",
|
||||
$system_65_modulepath = "",
|
||||
$system_65_modopts = "",
|
||||
|
||||
$system_70_facility = "",
|
||||
$system_70_control = "",
|
||||
$system_70_modulepath = "",
|
||||
$system_70_modopts = "",
|
||||
|
||||
$system_75_facility = "",
|
||||
$system_75_control = "",
|
||||
$system_75_modulepath = "",
|
||||
$system_75_modopts = "",
|
||||
|
||||
$system_80_facility = "",
|
||||
$system_80_control = "",
|
||||
$system_80_modulepath = "",
|
||||
$system_80_modopts = "",
|
||||
|
||||
$system_85_facility = "",
|
||||
$system_85_control = "",
|
||||
$system_85_modulepath = "",
|
||||
$system_85_modopts = "",
|
||||
|
||||
$system_90_facility = "",
|
||||
$system_90_control = "",
|
||||
$system_90_modulepath = "",
|
||||
$system_90_modopts = "",
|
||||
|
||||
$system_95_facility = "",
|
||||
$system_95_control = "",
|
||||
$system_95_modulepath = "",
|
||||
$system_95_modopts = "",
|
||||
|
||||
$system_100_facility = "",
|
||||
$system_100_control = "",
|
||||
$system_100_modulepath = "",
|
||||
$system_100_modopts = "",
|
||||
|
||||
) {
|
||||
|
||||
|
||||
## Add our puppet warning at the top of the file.
|
||||
|
||||
concat::fragment::puppetwarn::hash{"pam-sshd-puppetwarn":
|
||||
target => $pam_sshd,
|
||||
}
|
||||
|
||||
concat::fragment::puppetwarn::hash{"pam-su-puppetwarn":
|
||||
target => $pam_su,
|
||||
}
|
||||
|
||||
concat::fragment::puppetwarn::hash{"pam-system-puppetwarn":
|
||||
target => $pam_system,
|
||||
}
|
||||
|
||||
|
||||
## Add the OS generic header,
|
||||
## so we can track the origins of the file.
|
||||
|
||||
concat::fragment{"pam-sshd-header":
|
||||
target => $pam_sshd,
|
||||
content => $generic_header,
|
||||
order => 005,
|
||||
}
|
||||
|
||||
concat::fragment{"pam-su-header":
|
||||
target => $pam_su,
|
||||
content => $generic_header,
|
||||
order => 005,
|
||||
}
|
||||
|
||||
concat::fragment{"pam-system-header":
|
||||
target => $pam_system,
|
||||
content => $generic_header,
|
||||
order => 005,
|
||||
}
|
||||
|
||||
|
||||
## Generate the fragments, by calling the
|
||||
## custom pam::insertline module.
|
||||
|
||||
## pam.d/sshd
|
||||
|
||||
pam::insertline{"pam-sshd-10":
|
||||
target => $pam_sshd,
|
||||
order => "010",
|
||||
pam_facility => $sshd_10_facility,
|
||||
pam_control => $sshd_10_control,
|
||||
pam_modulepath => $sshd_10_modulepath,
|
||||
pam_modopts => $sshd_10_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-sshd-15":
|
||||
target => $pam_sshd,
|
||||
order => "015",
|
||||
pam_facility => $sshd_15_facility,
|
||||
pam_control => $sshd_15_control,
|
||||
pam_modulepath => $sshd_15_modulepath,
|
||||
pam_modopts => $sshd_15_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-sshd-20":
|
||||
target => $pam_sshd,
|
||||
order => "020",
|
||||
pam_facility => $sshd_20_facility,
|
||||
pam_control => $sshd_20_control,
|
||||
pam_modulepath => $sshd_20_modulepath,
|
||||
pam_modopts => $sshd_20_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-sshd-25":
|
||||
target => $pam_sshd,
|
||||
order => "025",
|
||||
pam_facility => $sshd_25_facility,
|
||||
pam_control => $sshd_25_control,
|
||||
pam_modulepath => $sshd_25_modulepath,
|
||||
pam_modopts => $sshd_25_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-sshd-30":
|
||||
target => $pam_sshd,
|
||||
order => "030",
|
||||
pam_facility => $sshd_30_facility,
|
||||
pam_control => $sshd_30_control,
|
||||
pam_modulepath => $sshd_30_modulepath,
|
||||
pam_modopts => $sshd_30_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-sshd-35":
|
||||
target => $pam_sshd,
|
||||
order => "035",
|
||||
pam_facility => $sshd_35_facility,
|
||||
pam_control => $sshd_35_control,
|
||||
pam_modulepath => $sshd_35_modulepath,
|
||||
pam_modopts => $sshd_35_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-sshd-50":
|
||||
target => $pam_sshd,
|
||||
order => "050",
|
||||
pam_facility => $sshd_50_facility,
|
||||
pam_control => $sshd_50_control,
|
||||
pam_modulepath => $sshd_50_modulepath,
|
||||
pam_modopts => $sshd_50_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-sshd-55":
|
||||
target => $pam_sshd,
|
||||
order => "055",
|
||||
pam_facility => $sshd_55_facility,
|
||||
pam_control => $sshd_55_control,
|
||||
pam_modulepath => $sshd_55_modulepath,
|
||||
pam_modopts => $sshd_55_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-sshd-60":
|
||||
target => $pam_sshd,
|
||||
order => "060",
|
||||
pam_facility => $sshd_60_facility,
|
||||
pam_control => $sshd_60_control,
|
||||
pam_modulepath => $sshd_60_modulepath,
|
||||
pam_modopts => $sshd_60_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-sshd-65":
|
||||
target => $pam_sshd,
|
||||
order => "065",
|
||||
pam_facility => $sshd_65_facility,
|
||||
pam_control => $sshd_65_control,
|
||||
pam_modulepath => $sshd_65_modulepath,
|
||||
pam_modopts => $sshd_65_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-sshd-70":
|
||||
target => $pam_sshd,
|
||||
order => "070",
|
||||
pam_facility => $sshd_70_facility,
|
||||
pam_control => $sshd_70_control,
|
||||
pam_modulepath => $sshd_70_modulepath,
|
||||
pam_modopts => $sshd_70_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-sshd-80":
|
||||
target => $pam_sshd,
|
||||
order => "080",
|
||||
pam_facility => $sshd_80_facility,
|
||||
pam_control => $sshd_80_control,
|
||||
pam_modulepath => $sshd_80_modulepath,
|
||||
pam_modopts => $sshd_80_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-sshd-85":
|
||||
target => $pam_sshd,
|
||||
order => "085",
|
||||
pam_facility => $sshd_85_facility,
|
||||
pam_control => $sshd_85_control,
|
||||
pam_modulepath => $sshd_85_modulepath,
|
||||
pam_modopts => $sshd_85_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-sshd-90":
|
||||
target => $pam_sshd,
|
||||
order => "090",
|
||||
pam_facility => $sshd_90_facility,
|
||||
pam_control => $sshd_90_control,
|
||||
pam_modulepath => $sshd_90_modulepath,
|
||||
pam_modopts => $sshd_90_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-sshd-95":
|
||||
target => $pam_sshd,
|
||||
order => "095",
|
||||
pam_facility => $sshd_95_facility,
|
||||
pam_control => $sshd_95_control,
|
||||
pam_modulepath => $sshd_95_modulepath,
|
||||
pam_modopts => $sshd_95_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-sshd-100":
|
||||
target => $pam_sshd,
|
||||
order => "100",
|
||||
pam_facility => $sshd_100_facility,
|
||||
pam_control => $sshd_100_control,
|
||||
pam_modulepath => $sshd_100_modulepath,
|
||||
pam_modopts => $sshd_100_modopts,
|
||||
}
|
||||
|
||||
|
||||
## pam.d/su
|
||||
pam::insertline{"pam-su-10":
|
||||
target => $pam_su,
|
||||
order => "010",
|
||||
pam_facility => $su_10_facility,
|
||||
pam_control => $su_10_control,
|
||||
pam_modulepath => $su_10_modulepath,
|
||||
pam_modopts => $su_10_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-su-15":
|
||||
target => $pam_su,
|
||||
order => "015",
|
||||
pam_facility => $su_15_facility,
|
||||
pam_control => $su_15_control,
|
||||
pam_modulepath => $su_15_modulepath,
|
||||
pam_modopts => $su_15_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-su-20":
|
||||
target => $pam_su,
|
||||
order => "020",
|
||||
pam_facility => $su_20_facility,
|
||||
pam_control => $su_20_control,
|
||||
pam_modulepath => $su_20_modulepath,
|
||||
pam_modopts => $su_20_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-su-25":
|
||||
target => $pam_su,
|
||||
order => "025",
|
||||
pam_facility => $su_25_facility,
|
||||
pam_control => $su_25_control,
|
||||
pam_modulepath => $su_25_modulepath,
|
||||
pam_modopts => $su_25_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-su-30":
|
||||
target => $pam_su,
|
||||
order => "030",
|
||||
pam_facility => $su_30_facility,
|
||||
pam_control => $su_30_control,
|
||||
pam_modulepath => $su_30_modulepath,
|
||||
pam_modopts => $su_30_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-su-35":
|
||||
target => $pam_su,
|
||||
order => "035",
|
||||
pam_facility => $su_35_facility,
|
||||
pam_control => $su_35_control,
|
||||
pam_modulepath => $su_35_modulepath,
|
||||
pam_modopts => $su_35_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-su-50":
|
||||
target => $pam_su,
|
||||
order => "050",
|
||||
pam_facility => $su_50_facility,
|
||||
pam_control => $su_50_control,
|
||||
pam_modulepath => $su_50_modulepath,
|
||||
pam_modopts => $su_50_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-su-55":
|
||||
target => $pam_su,
|
||||
order => "055",
|
||||
pam_facility => $su_55_facility,
|
||||
pam_control => $su_55_control,
|
||||
pam_modulepath => $su_55_modulepath,
|
||||
pam_modopts => $su_55_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-su-60":
|
||||
target => $pam_su,
|
||||
order => "060",
|
||||
pam_facility => $su_60_facility,
|
||||
pam_control => $su_60_control,
|
||||
pam_modulepath => $su_60_modulepath,
|
||||
pam_modopts => $su_60_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-su-65":
|
||||
target => $pam_su,
|
||||
order => "065",
|
||||
pam_facility => $su_65_facility,
|
||||
pam_control => $su_65_control,
|
||||
pam_modulepath => $su_65_modulepath,
|
||||
pam_modopts => $su_65_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-su-70":
|
||||
target => $pam_su,
|
||||
order => "070",
|
||||
pam_facility => $su_70_facility,
|
||||
pam_control => $su_70_control,
|
||||
pam_modulepath => $su_70_modulepath,
|
||||
pam_modopts => $su_70_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-su-80":
|
||||
target => $pam_su,
|
||||
order => "080",
|
||||
pam_facility => $su_80_facility,
|
||||
pam_control => $su_80_control,
|
||||
pam_modulepath => $su_80_modulepath,
|
||||
pam_modopts => $su_80_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-su-85":
|
||||
target => $pam_su,
|
||||
order => "085",
|
||||
pam_facility => $su_85_facility,
|
||||
pam_control => $su_85_control,
|
||||
pam_modulepath => $su_85_modulepath,
|
||||
pam_modopts => $su_85_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-su-90":
|
||||
target => $pam_su,
|
||||
order => "090",
|
||||
pam_facility => $su_90_facility,
|
||||
pam_control => $su_90_control,
|
||||
pam_modulepath => $su_90_modulepath,
|
||||
pam_modopts => $su_90_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-su-95":
|
||||
target => $pam_su,
|
||||
order => "095",
|
||||
pam_facility => $su_95_facility,
|
||||
pam_control => $su_95_control,
|
||||
pam_modulepath => $su_95_modulepath,
|
||||
pam_modopts => $su_95_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-su-100":
|
||||
target => $pam_su,
|
||||
order => "100",
|
||||
pam_facility => $su_100_facility,
|
||||
pam_control => $su_100_control,
|
||||
pam_modulepath => $su_100_modulepath,
|
||||
pam_modopts => $su_100_modopts,
|
||||
}
|
||||
|
||||
|
||||
## pam.d/system
|
||||
pam::insertline{"pam-system-10":
|
||||
target => $pam_system,
|
||||
order => "010",
|
||||
pam_facility => $system_10_facility,
|
||||
pam_control => $system_10_control,
|
||||
pam_modulepath => $system_10_modulepath,
|
||||
pam_modopts => $system_10_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-system-15":
|
||||
target => $pam_system,
|
||||
order => "015",
|
||||
pam_facility => $system_15_facility,
|
||||
pam_control => $system_15_control,
|
||||
pam_modulepath => $system_15_modulepath,
|
||||
pam_modopts => $system_15_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-system-20":
|
||||
target => $pam_system,
|
||||
order => "020",
|
||||
pam_facility => $system_20_facility,
|
||||
pam_control => $system_20_control,
|
||||
pam_modulepath => $system_20_modulepath,
|
||||
pam_modopts => $system_20_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-system-25":
|
||||
target => $pam_system,
|
||||
order => "025",
|
||||
pam_facility => $system_25_facility,
|
||||
pam_control => $system_25_control,
|
||||
pam_modulepath => $system_25_modulepath,
|
||||
pam_modopts => $system_25_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-system-30":
|
||||
target => $pam_system,
|
||||
order => "030",
|
||||
pam_facility => $system_30_facility,
|
||||
pam_control => $system_30_control,
|
||||
pam_modulepath => $system_30_modulepath,
|
||||
pam_modopts => $system_30_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-system-35":
|
||||
target => $pam_system,
|
||||
order => "035",
|
||||
pam_facility => $system_35_facility,
|
||||
pam_control => $system_35_control,
|
||||
pam_modulepath => $system_35_modulepath,
|
||||
pam_modopts => $system_35_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-system-50":
|
||||
target => $pam_system,
|
||||
order => "050",
|
||||
pam_facility => $system_50_facility,
|
||||
pam_control => $system_50_control,
|
||||
pam_modulepath => $system_50_modulepath,
|
||||
pam_modopts => $system_50_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-system-55":
|
||||
target => $pam_system,
|
||||
order => "055",
|
||||
pam_facility => $system_55_facility,
|
||||
pam_control => $system_55_control,
|
||||
pam_modulepath => $system_55_modulepath,
|
||||
pam_modopts => $system_55_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-system-60":
|
||||
target => $pam_system,
|
||||
order => "060",
|
||||
pam_facility => $system_60_facility,
|
||||
pam_control => $system_60_control,
|
||||
pam_modulepath => $system_60_modulepath,
|
||||
pam_modopts => $system_60_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-system-65":
|
||||
target => $pam_system,
|
||||
order => "065",
|
||||
pam_facility => $system_65_facility,
|
||||
pam_control => $system_65_control,
|
||||
pam_modulepath => $system_65_modulepath,
|
||||
pam_modopts => $system_65_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-system-70":
|
||||
target => $pam_system,
|
||||
order => "070",
|
||||
pam_facility => $system_70_facility,
|
||||
pam_control => $system_70_control,
|
||||
pam_modulepath => $system_70_modulepath,
|
||||
pam_modopts => $system_70_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-system-80":
|
||||
target => $pam_system,
|
||||
order => "080",
|
||||
pam_facility => $system_80_facility,
|
||||
pam_control => $system_80_control,
|
||||
pam_modulepath => $system_80_modulepath,
|
||||
pam_modopts => $system_80_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-system-85":
|
||||
target => $pam_system,
|
||||
order => "085",
|
||||
pam_facility => $system_85_facility,
|
||||
pam_control => $system_85_control,
|
||||
pam_modulepath => $system_85_modulepath,
|
||||
pam_modopts => $system_85_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-system-90":
|
||||
target => $pam_system,
|
||||
order => "090",
|
||||
pam_facility => $system_90_facility,
|
||||
pam_control => $system_90_control,
|
||||
pam_modulepath => $system_90_modulepath,
|
||||
pam_modopts => $system_90_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-system-95":
|
||||
target => $pam_system,
|
||||
order => "095",
|
||||
pam_facility => $system_95_facility,
|
||||
pam_control => $system_95_control,
|
||||
pam_modulepath => $system_95_modulepath,
|
||||
pam_modopts => $system_95_modopts,
|
||||
}
|
||||
|
||||
pam::insertline{"pam-system-100":
|
||||
target => $pam_system,
|
||||
order => "100",
|
||||
pam_facility => $system_100_facility,
|
||||
pam_control => $system_100_control,
|
||||
pam_modulepath => $system_100_modulepath,
|
||||
pam_modopts => $system_100_modopts,
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,33 @@
|
|||
#/etc/puppet/modules/pam/manifests/insertline.pp
|
||||
|
||||
#
|
||||
# insertline is used by other modules to insert lines in pam config files
|
||||
#
|
||||
define pam::insertline(
|
||||
$pam_facility="",
|
||||
$pam_control="",
|
||||
$pam_modulepath="",
|
||||
$pam_modopts="",
|
||||
$target = "",
|
||||
|
||||
|
||||
$order=40,
|
||||
$commentmarker="#",
|
||||
|
||||
|
||||
) {
|
||||
|
||||
if $target != "" {
|
||||
$body = "$pam_facility\t\t\t$pam_control\t\t\t$pam_modulepath\t\t\t$pam_modopts"
|
||||
if $body == "" {
|
||||
$body = "$commentmarker Empty line inserted by $name. Check your puppet config."
|
||||
}
|
||||
|
||||
concat::fragment{"insertline_$name":
|
||||
target => $target,
|
||||
order => $order,
|
||||
content => "\n$commentmarker Line inserted by puppet ($name), at order $order.\n$body\n"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
#
|
||||
# $FreeBSD: release/10.0.0/etc/pam.d/sshd 197769 2009-10-05 09:28:54Z des $
|
||||
#
|
||||
# PAM configuration for the "sshd" service
|
||||
#
|
||||
|
||||
# auth
|
||||
auth sufficient pam_opie.so no_warn no_fake_prompts
|
||||
auth sufficient /usr/local/lib/pam_ldap.so no_warn
|
||||
auth requisite pam_opieaccess.so no_warn allow_local
|
||||
#auth sufficient pam_krb5.so no_warn try_first_pass
|
||||
#auth sufficient pam_ssh.so no_warn try_first_pass
|
||||
auth required pam_unix.so no_warn try_first_pass
|
||||
|
||||
# account
|
||||
account required pam_nologin.so
|
||||
#account required pam_krb5.so
|
||||
account required pam_login_access.so
|
||||
|
||||
account required /usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user
|
||||
|
||||
account required pam_unix.so
|
||||
|
||||
# session
|
||||
#session optional pam_ssh.so want_agent
|
||||
session required /usr/local/lib/pam_mkhomedir.so umask=0077
|
||||
session required pam_permit.so
|
||||
|
||||
# password
|
||||
#password sufficient pam_krb5.so no_warn try_first_pass
|
||||
password required pam_unix.so no_warn try_first_pass
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
#
|
||||
# $FreeBSD: release/10.0.0/etc/pam.d/su 219663 2011-03-15 10:13:35Z des $
|
||||
#
|
||||
# PAM configuration for the "su" service
|
||||
#
|
||||
|
||||
# auth
|
||||
auth sufficient pam_rootok.so no_warn
|
||||
auth sufficient pam_self.so no_warn
|
||||
auth requisite pam_group.so no_warn group=wheel root_only fail_safe ruser
|
||||
auth include system
|
||||
|
||||
# account
|
||||
account include system
|
||||
|
||||
# session
|
||||
session required pam_permit.so
|
||||
session required /usr/local/lib/pam_mkhomedir.so umask=0077
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
#
|
||||
# $FreeBSD: release/10.0.0/etc/pam.d/system 197769 2009-10-05 09:28:54Z des $
|
||||
#
|
||||
# System-wide defaults
|
||||
#
|
||||
|
||||
# auth
|
||||
auth sufficient pam_opie.so no_warn no_fake_prompts
|
||||
auth sufficient /usr/local/lib/pam_ldap.so no_warn
|
||||
auth requisite pam_opieaccess.so no_warn allow_local
|
||||
#auth sufficient pam_krb5.so no_warn try_first_pass
|
||||
#auth sufficient pam_ssh.so no_warn try_first_pass
|
||||
auth required pam_unix.so no_warn try_first_pass nullok
|
||||
|
||||
# account
|
||||
#account required pam_krb5.so
|
||||
account required pam_login_access.so
|
||||
account required /usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user
|
||||
account required pam_unix.so
|
||||
|
||||
# session
|
||||
#session optional pam_ssh.so want_agent
|
||||
session required /usr/local/lib/pam_mkhomedir.so umask=0022
|
||||
session required pam_lastlog.so no_fail
|
||||
|
||||
# password
|
||||
#password sufficient pam_krb5.so no_warn try_first_pass
|
||||
password required pam_unix.so no_warn try_first_pass
|
|
@ -0,0 +1,6 @@
|
|||
source 'https://rubygems.org'
|
||||
gem 'rspec'
|
||||
gem 'rspec-mocks'
|
||||
gem 'rspec-expectations'
|
||||
gem 'puppet'
|
||||
gem 'puppet-lint'
|
|
@ -0,0 +1,60 @@
|
|||
PATH
|
||||
remote: ./puppet
|
||||
specs:
|
||||
puppet (3.4.2)
|
||||
facter (~> 1.5)
|
||||
hiera (~> 1.0)
|
||||
|
||||
GEM
|
||||
remote: https://rubygems.org/
|
||||
specs:
|
||||
binding_of_caller (0.7.2)
|
||||
debug_inspector (>= 0.0.1)
|
||||
coderay (1.1.0)
|
||||
columnize (0.3.6)
|
||||
debug_inspector (0.0.2)
|
||||
debugger (1.6.5)
|
||||
columnize (>= 0.3.1)
|
||||
debugger-linecache (~> 1.2.0)
|
||||
debugger-ruby_core_source (~> 1.3.1)
|
||||
debugger-linecache (1.2.0)
|
||||
debugger-ruby_core_source (1.3.1)
|
||||
diff-lcs (1.2.4)
|
||||
facter (1.7.4)
|
||||
hiera (1.3.0)
|
||||
json_pure
|
||||
json_pure (1.8.1)
|
||||
method_source (0.8.2)
|
||||
pry (0.9.12.4)
|
||||
coderay (~> 1.0)
|
||||
method_source (~> 0.8)
|
||||
slop (~> 3.4)
|
||||
pry-debugger (0.2.2)
|
||||
debugger (~> 1.3)
|
||||
pry (~> 0.9.10)
|
||||
pry-stack_explorer (0.4.9.1)
|
||||
binding_of_caller (>= 0.7)
|
||||
pry (>= 0.9.11)
|
||||
puppet-lint (0.3.2)
|
||||
rspec (2.13.0)
|
||||
rspec-core (~> 2.13.0)
|
||||
rspec-expectations (~> 2.13.0)
|
||||
rspec-mocks (~> 2.13.0)
|
||||
rspec-core (2.13.1)
|
||||
rspec-expectations (2.13.0)
|
||||
diff-lcs (>= 1.1.3, < 2.0)
|
||||
rspec-mocks (2.13.1)
|
||||
slop (3.4.7)
|
||||
|
||||
PLATFORMS
|
||||
ruby
|
||||
|
||||
DEPENDENCIES
|
||||
pry
|
||||
pry-debugger
|
||||
pry-stack_explorer
|
||||
puppet!
|
||||
puppet-lint
|
||||
rspec
|
||||
rspec-expectations
|
||||
rspec-mocks
|
|
@ -0,0 +1,191 @@
|
|||
Apache License
|
||||
Version 2.0, January 2004
|
||||
http://www.apache.org/licenses/
|
||||
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||
|
||||
1. Definitions.
|
||||
|
||||
"License" shall mean the terms and conditions for use, reproduction,
|
||||
and distribution as defined by Sections 1 through 9 of this document.
|
||||
|
||||
"Licensor" shall mean the copyright owner or entity authorized by
|
||||
the copyright owner that is granting the License.
|
||||
|
||||
"Legal Entity" shall mean the union of the acting entity and all
|
||||
other entities that control, are controlled by, or are under common
|
||||
control with that entity. For the purposes of this definition,
|
||||
"control" means (i) the power, direct or indirect, to cause the
|
||||
direction or management of such entity, whether by contract or
|
||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity
|
||||
exercising permissions granted by this License.
|
||||
|
||||
"Source" form shall mean the preferred form for making modifications,
|
||||
including but not limited to software source code, documentation
|
||||
source, and configuration files.
|
||||
|
||||
"Object" form shall mean any form resulting from mechanical
|
||||
transformation or translation of a Source form, including but
|
||||
not limited to compiled object code, generated documentation,
|
||||
and conversions to other media types.
|
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or
|
||||
Object form, made available under the License, as indicated by a
|
||||
copyright notice that is included in or attached to the work
|
||||
(an example is provided in the Appendix below).
|
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object
|
||||
form, that is based on (or derived from) the Work and for which the
|
||||
editorial revisions, annotations, elaborations, or other modifications
|
||||
represent, as a whole, an original work of authorship. For the purposes
|
||||
of this License, Derivative Works shall not include works that remain
|
||||
separable from, or merely link (or bind by name) to the interfaces of,
|
||||
the Work and Derivative Works thereof.
|
||||
|
||||
"Contribution" shall mean any work of authorship, including
|
||||
the original version of the Work and any modifications or additions
|
||||
to that Work or Derivative Works thereof, that is intentionally
|
||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||
or by an individual or Legal Entity authorized to submit on behalf of
|
||||
the copyright owner. For the purposes of this definition, "submitted"
|
||||
means any form of electronic, verbal, or written communication sent
|
||||
to the Licensor or its representatives, including but not limited to
|
||||
communication on electronic mailing lists, source code control systems,
|
||||
and issue tracking systems that are managed by, or on behalf of, the
|
||||
Licensor for the purpose of discussing and improving the Work, but
|
||||
excluding communication that is conspicuously marked or otherwise
|
||||
designated in writing by the copyright owner as "Not a Contribution."
|
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||
on behalf of whom a Contribution has been received by Licensor and
|
||||
subsequently incorporated within the Work.
|
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
copyright license to reproduce, prepare Derivative Works of,
|
||||
publicly display, publicly perform, sublicense, and distribute the
|
||||
Work and such Derivative Works in Source or Object form.
|
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
(except as stated in this section) patent license to make, have made,
|
||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||
where such license applies only to those patent claims licensable
|
||||
by such Contributor that are necessarily infringed by their
|
||||
Contribution(s) alone or by combination of their Contribution(s)
|
||||
with the Work to which such Contribution(s) was submitted. If You
|
||||
institute patent litigation against any entity (including a
|
||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||
or a Contribution incorporated within the Work constitutes direct
|
||||
or contributory patent infringement, then any patent licenses
|
||||
granted to You under this License for that Work shall terminate
|
||||
as of the date such litigation is filed.
|
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the
|
||||
Work or Derivative Works thereof in any medium, with or without
|
||||
modifications, and in Source or Object form, provided that You
|
||||
meet the following conditions:
|
||||
|
||||
(a) You must give any other recipients of the Work or
|
||||
Derivative Works a copy of this License; and
|
||||
|
||||
(b) You must cause any modified files to carry prominent notices
|
||||
stating that You changed the files; and
|
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works
|
||||
that You distribute, all copyright, patent, trademark, and
|
||||
attribution notices from the Source form of the Work,
|
||||
excluding those notices that do not pertain to any part of
|
||||
the Derivative Works; and
|
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its
|
||||
distribution, then any Derivative Works that You distribute must
|
||||
include a readable copy of the attribution notices contained
|
||||
within such NOTICE file, excluding those notices that do not
|
||||
pertain to any part of the Derivative Works, in at least one
|
||||
of the following places: within a NOTICE text file distributed
|
||||
as part of the Derivative Works; within the Source form or
|
||||
documentation, if provided along with the Derivative Works; or,
|
||||
within a display generated by the Derivative Works, if and
|
||||
wherever such third-party notices normally appear. The contents
|
||||
of the NOTICE file are for informational purposes only and
|
||||
do not modify the License. You may add Your own attribution
|
||||
notices within Derivative Works that You distribute, alongside
|
||||
or as an addendum to the NOTICE text from the Work, provided
|
||||
that such additional attribution notices cannot be construed
|
||||
as modifying the License.
|
||||
|
||||
You may add Your own copyright statement to Your modifications and
|
||||
may provide additional or different license terms and conditions
|
||||
for use, reproduction, or distribution of Your modifications, or
|
||||
for any such Derivative Works as a whole, provided Your use,
|
||||
reproduction, and distribution of the Work otherwise complies with
|
||||
the conditions stated in this License.
|
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||
any Contribution intentionally submitted for inclusion in the Work
|
||||
by You to the Licensor shall be under the terms and conditions of
|
||||
this License, without any additional terms or conditions.
|
||||
Notwithstanding the above, nothing herein shall supersede or modify
|
||||
the terms of any separate license agreement you may have executed
|
||||
with Licensor regarding such Contributions.
|
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade
|
||||
names, trademarks, service marks, or product names of the Licensor,
|
||||
except as required for reasonable and customary use in describing the
|
||||
origin of the Work and reproducing the content of the NOTICE file.
|
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||
agreed to in writing, Licensor provides the Work (and each
|
||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
implied, including, without limitation, any warranties or conditions
|
||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||
appropriateness of using or redistributing the Work and assume any
|
||||
risks associated with Your exercise of permissions under this License.
|
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory,
|
||||
whether in tort (including negligence), contract, or otherwise,
|
||||
unless required by applicable law (such as deliberate and grossly
|
||||
negligent acts) or agreed to in writing, shall any Contributor be
|
||||
liable to You for damages, including any direct, indirect, special,
|
||||
incidental, or consequential damages of any character arising as a
|
||||
result of this License or out of the use or inability to use the
|
||||
Work (including but not limited to damages for loss of goodwill,
|
||||
work stoppage, computer failure or malfunction, or any and all
|
||||
other commercial damages or losses), even if such Contributor
|
||||
has been advised of the possibility of such damages.
|
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing
|
||||
the Work or Derivative Works thereof, You may choose to offer,
|
||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||
or other liability obligations and/or rights consistent with this
|
||||
License. However, in accepting such obligations, You may act only
|
||||
on Your own behalf and on Your sole responsibility, not on behalf
|
||||
of any other Contributor, and only if You agree to indemnify,
|
||||
defend, and hold each Contributor harmless for any liability
|
||||
incurred by, or claims asserted against, such Contributor by reason
|
||||
of your accepting any such warranty or additional liability.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
Copyright 2013 Puppet Labs
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
name 'zleslie-pkgng'
|
||||
version '0.2.0'
|
||||
source 'git://github.com/xaque208/puppet-pkgng.git'
|
||||
author 'zleslie'
|
||||
license 'Apache License Version 2.0'
|
||||
summary 'PkgNG package provider for FreeBSD'
|
||||
description 'Includes facts and management class.'
|
||||
project_page 'https://github.com/xaque208/puppet-pkgng'
|
||||
dependency 'puppetlabs/stdlib'
|
|
@ -0,0 +1,52 @@
|
|||
Puppet-pkgng
|
||||
===
|
||||
|
||||
[![Build Status](https://travis-ci.org/xaque208/puppet-pkgng.png)](https://travis-ci.org/xaque208/puppet-pkgng)
|
||||
|
||||
|
||||
A package provider for FreeBSD's PkgNG package manager.
|
||||
|
||||
This module contains the provider as well as some implementation around
|
||||
configuring the pkg.conf file. If you are building your own PkgNG packages,
|
||||
you may also want to look at my [poudriere
|
||||
module](https://github.com/xaque208/puppet-poudriere).
|
||||
|
||||
## Installation
|
||||
|
||||
The easiest way to install is to install from the forge.
|
||||
|
||||
puppet module install zleslie/pkgng
|
||||
|
||||
Then to configure your system to use a PkgNG, a simple include will do.
|
||||
|
||||
include pkgng
|
||||
|
||||
### Installation via r10K
|
||||
|
||||
You can also clone this repo to somewhere in your modulepath, or use something
|
||||
like [r10k](https://github.com/adrienthebo/r10k) to deploy your modules. R10k
|
||||
is sweet. For those not familiar, check out [Finch's blog
|
||||
post](http://somethingsinistral.net/blog/rethinking-puppet-deployment/) about
|
||||
it.
|
||||
|
||||
### Installation via [Librarian-Puppet](http://librarian-puppet.com/)
|
||||
|
||||
Installation via Librarian-Puppet is straight forward, simply add the
|
||||
following to your `Puppetfile`
|
||||
|
||||
```
|
||||
mod 'zleslie/pkgng'
|
||||
```
|
||||
|
||||
## Usage
|
||||
|
||||
Once you have the module installed, you can use it by simply adding a site
|
||||
default in site.pp that looks like this.
|
||||
|
||||
Package {
|
||||
provider => pkgng
|
||||
}
|
||||
|
||||
Now every package that you install will use the PkgNG provider.
|
||||
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue