rtyler
/
infrastructure-puppet
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Final import from SVN.

This commit is contained in:
Tony Stevenson 2014-07-08 12:05:17 +01:00
parent a7c0ac84a1
commit 87d366dcbe
128 changed files with 6955 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

116
auth.conf Normal file
View File

@ -0,0 +1,116 @@
# This is the default auth.conf file, which implements the default rules
# used by the puppet master. (That is, the rules below will still apply
# even if this file is deleted.)
#
# The ACLs are evaluated in top-down order. More specific stanzas should
# be towards the top of the file and more general ones at the bottom;
# otherwise, the general rules may "steal" requests that should be
# governed by the specific rules.
#
# See http://docs.puppetlabs.com/guides/rest_auth_conf.html for a more complete
# description of auth.conf's behavior.
#
# Supported syntax:
# Each stanza in auth.conf starts with a path to match, followed
# by optional modifiers, and finally, a series of allow or deny
# directives.
#
# Example Stanza
# ---------------------------------
# path /path/to/resource # simple prefix match
# # path ~ regex # alternately, regex match
# [environment envlist]
# [method methodlist]
# [auth[enthicated] {yes|no|on|off|any}]
# allow [host|backreference|*|regex]
# deny [host|backreference|*|regex]
# allow_ip [ip|cidr|ip_wildcard|*]
# deny_ip [ip|cidr|ip_wildcard|*]
#
# The path match can either be a simple prefix match or a regular
# expression. `path /file` would match both `/file_metadata` and
# `/file_content`. Regex matches allow the use of backreferences
# in the allow/deny directives.
#
# The regex syntax is the same as for Ruby regex, and captures backreferences
# for use in the `allow` and `deny` lines of that stanza
#
# Examples:
#
# path ~ ^/path/to/resource # Equivalent to `path /path/to/resource`.
# allow * # Allow all authenticated nodes (since auth
# # defaults to `yes`).
#
# path ~ ^/catalog/([^/]+)$ # Permit nodes to access their own catalog (by
# allow $1 # certname), but not any other node's catalog.
#
# path ~ ^/file_(metadata|content)/extra_files/ # Only allow certain nodes to
# auth yes # access the "extra_files"
# allow /^(.+)\.example\.com$/ # mount point; note this must
# allow_ip 192.168.100.0/24 # go ABOVE the "/file" rule,
# # since it is more specific.
#
# environment:: restrict an ACL to a comma-separated list of environments
# method:: restrict an ACL to a comma-separated list of HTTP methods
# auth:: restrict an ACL to an authenticated or unauthenticated request
# the default when unspecified is to restrict the ACL to authenticated requests
# (ie exactly as if auth yes was present).
#
### Authenticated ACLs - these rules apply only when the client
### has a valid certificate and is thus authenticated
# allow nodes to retrieve their own catalog
path ~ ^/catalog/([^/]+)$
method find
allow $1
# allow nodes to retrieve their own node definition
path ~ ^/node/([^/]+)$
method find
allow $1
# allow all nodes to access the certificates services
path /certificate_revocation_list/ca
method find
allow *
# allow all nodes to store their own reports
path ~ ^/report/([^/]+)$
method save
allow $1
# Allow all nodes to access all file services; this is necessary for
# pluginsync, file serving from modules, and file serving from custom
# mount points (see fileserver.conf). Note that the `/file` prefix matches
# requests to both the file_metadata and file_content paths. See "Examples"
# above if you need more granular access control for custom mount points.
path /file
allow *
### Unauthenticated ACLs, for clients without valid certificates; authenticated
### clients can also access these paths, though they rarely need to.
# allow access to the CA certificate; unauthenticated nodes need this
# in order to validate the puppet master's certificate
path /certificate/ca
auth any
method find
allow *
# allow nodes to retrieve the certificate they requested earlier
path /certificate/
auth any
method find
allow *
# allow nodes to request a new certificate
path /certificate_request
auth any
method find, save
allow *
# deny everything else; this ACL is not strictly necessary, but
# illustrates the default policy.
path /
auth any

5
data/colo/osuosl.yaml Normal file
View File

@ -0,0 +1,5 @@
---
dnsclient::nameservers:
- '140.211.166.130'
- '140.211.166.131'

6
data/colo/yahoo.yaml Normal file
View File

@ -0,0 +1,6 @@
---
dnsclient::searchorder: 'apache.org'
dnsclient::nameserver1: '8.8.8.8'
dnsclient::nameserver2: '8.8.4.4'

34
data/common.yaml Normal file
View File

@ -0,0 +1,34 @@
---
classes: ['']
ldapclient::ldapcert: |
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIJAKVPvcTSmTbFMA0GCSqGSIb3DQEBBQUAMIGqMQswCQYD
VQQGEwJVUzERMA8GA1UECBMITWFyeWxhbmQxFTATBgNVBAcTDEZvcnJlc3QgSGls
bDEjMCEGA1UEChMaQXBhY2hlIFNvZnR3YXJlIEZvdW5kYXRpb24xFzAVBgNVBAsT
DkluZnJhc3RydWN0dXJlMRMwEQYDVQQDEwphcGFjaGUub3JnMR4wHAYJKoZIhvcN
AQkBFg9yb290QGFwYWNoZS5vcmcwHhcNMTQwNDAzMTcwNzMxWhcNMjQwMzMxMTcw
NzMxWjCBqjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE1hcnlsYW5kMRUwEwYDVQQH
EwxGb3JyZXN0IEhpbGwxIzAhBgNVBAoTGkFwYWNoZSBTb2Z0d2FyZSBGb3VuZGF0
aW9uMRcwFQYDVQQLEw5JbmZyYXN0cnVjdHVyZTETMBEGA1UEAxMKYXBhY2hlLm9y
ZzEeMBwGCSqGSIb3DQEJARYPcm9vdEBhcGFjaGUub3JnMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAxb2CT2ZhJFYifDAloSpIV2vGoys280UsDvz77sTO
AcdAyuNHH7uwfVQMc68IXunB2KP0XL1r0Ur9Opm0E8RjFW2P9qquDDcgX8Noghv+
q5gxWeOePFqe9BsQov6Xr42SUT1YSQ3/2g3j1jTOCzNy7/XszLuI4BJLu6/R+VX+
e7YczTeednj4mU/KGJbzrTj+VdQW8ZPsPdlvCFp9NO9v00rKt3A/7XuyYBJwlgvD
3r6J8M7UkCuIuLwEQxKeINso853Ucpvd42xfuUiBV4ahEOyEblT5YPL7n1V5BxD/
qhAV7neq9pVz0to9HF1GjafK/k5tUiTFx3XbBzHgRa7z/wIDAQABo4IBEzCCAQ8w
HQYDVR0OBBYEFI669DBJxSoUJihXSlQK7VDUnsPKMIHfBgNVHSMEgdcwgdSAFI66
9DBJxSoUJihXSlQK7VDUnsPKoYGwpIGtMIGqMQswCQYDVQQGEwJVUzERMA8GA1UE
CBMITWFyeWxhbmQxFTATBgNVBAcTDEZvcnJlc3QgSGlsbDEjMCEGA1UEChMaQXBh
Y2hlIFNvZnR3YXJlIEZvdW5kYXRpb24xFzAVBgNVBAsTDkluZnJhc3RydWN0dXJl
MRMwEQYDVQQDEwphcGFjaGUub3JnMR4wHAYJKoZIhvcNAQkBFg9yb290QGFwYWNo
ZS5vcmeCCQClT73E0pk2xTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IB
AQAI7HP4tVEj8DZ1fiKH947RsRuC12H4mIeO6H9P15rFp9AkDgZxIGjoGW13yGhn
p/4jDNZWwitCoj4ztDCrMjb9v5xuHhOB/Ny5N4eByEPpiZ3z/626XDHSjfc36F0Y
ey2ghZN7EU0eG3q9GPjDDXjefEyieN8p6QjBCeTOGAF25pX/8AxNO/Znk2D4LGGm
S1GpVMgMmwfXR4lncdwpRnpu/k2z079SROSmuFnwsMtGOeBA/1tGXBF/5LuLpKyk
1BXsdDCBgYk+eXh4gG/GJaI/IvDyAp81cF2oFbqQY1fc8heMHhQ1667EOqRrqe/k
P6Hk8NQdShbeE0/nDvYchhV5
-----END CERTIFICATE-----

11
data/freebsd/100RELEASE.yaml Normal file
View File

@ -0,0 +1,11 @@
---
classes:
- base
- dnsclient
- ldapclient
- pam
- pkgng
- sudoers
pkgprovider: 'pkgng'

5
data/hiera-eyaml-gpg.recipients Normal file
View File

@ -0,0 +1,5 @@
pctony@apache.org
humbedooh@apache.org
gmcdonald@apache.org
joes@apache.org

1
data/production.yaml Normal file
View File

@ -0,0 +1 @@
---

13
data/ubuntu/1404.yaml Normal file
View File

@ -0,0 +1,13 @@
---
classes:
- base
- dnsclient
- ldapclient
- subversionclient
- sudoers
ldapclient::ldapclient_packages:
- ldap-auth-client
- ldap-utils
- libldap-2.4-2

23
hiera.yaml Normal file
View File

@ -0,0 +1,23 @@
---
## If you edit this file, you need to make sure that the webserver is restarted.
:backends:
- eyaml
- yaml
- module_data
:hierarchy:
- "%{clientcert}"
- "%{asf_osname}/%{asf_osrelease}"
- "colo/%{asf_colo}"
- "%{environment}"
- "common"
:yaml:
:datadir: '/usr/local/etc/puppet/data'
:eyaml:
:datadir: '/usr/local/etc/puppet/data'

7
manifests/site.pp Normal file
View File

@ -0,0 +1,7 @@
hiera_include("classes")
include customfact
node default {
}

2
modules/_TEMPLATE/data/common.yaml Normal file
View File

@ -0,0 +1,2 @@
---

4
modules/_TEMPLATE/data/freebsd/100release.yaml Normal file
View File

@ -0,0 +1,4 @@
---

4
modules/_TEMPLATE/data/hiera.yaml Normal file
View File

@ -0,0 +1,4 @@
---
:hierarchy:
- "%{asf_osname}/%{asf_osrelease}"
- "common"

4
modules/_TEMPLATE/manifests/init.pp Normal file
View File

@ -0,0 +1,4 @@
#/etc/puppet/modules/_TEMPLATE/manifests/init.pp
class _TEMPLATE {
}

7
modules/base/data/freebsd/100release.yaml Normal file
View File

@ -0,0 +1,7 @@
---
base::base_packages:
- 'bash-4.3.0_1'
- 'ca_root_nss-3.15.5'
- 'git-1.9.0_1'
- 'zsh-5.0.5'

4
modules/base/data/hiera.yaml Normal file
View File

@ -0,0 +1,4 @@
---
:hierarchy:
- "%{asf_osname}/%{asf_osrelease}"
- "common"

8
modules/base/data/ubuntu/1404.yaml Normal file
View File

@ -0,0 +1,8 @@
---
base::base_packages:
- 'bash'
- 'ca_root_nss-3.15.5'
- 'git'
- 'zsh-5.0.5'
- 'apt-file'

12
modules/base/manifests/init.pp Normal file
View File

@ -0,0 +1,12 @@
#/usr/local/etc/puppet/modules/base/manifests/init.pp
class base (
$base_packages = [],
$pkgprovider = '',
) {
package { $base_packages:
ensure => installed,
}
}

95
modules/concat/CHANGELOG.md Normal file
View File

@ -0,0 +1,95 @@
##2014-03-04 - Supported Release 1.0.2
###Summary
This is a supported release. No functional changes were made from 1.0.1.
####Features
- Huge amount of tests backported from 1.1.
- Documentation rewrite.
####Bugfixes
####Known Bugs
* Not supported on Windows.
##2014-02-12 - 1.0.1
###Summary
Minor bugfixes for sorting of fragments and ordering of resources.
####Bugfixes
- LANG => C replaced with LC_ALL => C to reduce spurious recreation of
fragments.
- Corrected pluginsync documentation.
- Ensure concat::setup always runs before fragments.
##2013-08-09 - 1.0.0
###Summary
Many new features and bugfixes in this release, and if you're a heavy concat
user you should test carefully before upgrading. The features should all be
backwards compatible but only light testing has been done from our side before
this release.
####Features
- New parameters in concat:
- `replace`: specify if concat should replace existing files.
- `ensure_newline`: controls if fragments should contain a newline at the end.
- Improved README documentation.
- Add rspec:system tests (rake spec:system to test concat)
####Bugfixes
- Gracefully handle \n in a fragment resource name.
- Adding more helpful message for 'pluginsync = true'
- Allow passing `source` and `content` directly to file resource, rather than
defining resource defaults.
- Added -r flag to read so that filenames with \ will be read correctly.
- sort always uses LANG=C.
- Allow WARNMSG to contain/start with '#'.
- Replace while-read pattern with for-do in order to support Solaris.
####CHANGELOG:
- 2010/02/19 - initial release
- 2010/03/12 - add support for 0.24.8 and newer
- make the location of sort configurable
- add the ability to add shell comment based warnings to
top of files
- add the ablity to create empty files
- 2010/04/05 - fix parsing of WARN and change code style to match rest
of the code
- Better and safer boolean handling for warn and force
- Don't use hard coded paths in the shell script, set PATH
top of the script
- Use file{} to copy the result and make all fragments owned
by root. This means we can chnage the ownership/group of the
resulting file at any time.
- You can specify ensure => "/some/other/file" in concat::fragment
to include the contents of a symlink into the final file.
- 2010/04/16 - Add more cleaning of the fragment name - removing / from the $name
- 2010/05/22 - Improve documentation and show the use of ensure =>
- 2010/07/14 - Add support for setting the filebucket behavior of files
- 2010/10/04 - Make the warning message configurable
- 2010/12/03 - Add flags to make concat work better on Solaris - thanks Jonathan Boyett
- 2011/02/03 - Make the shell script more portable and add a config option for root group
- 2011/06/21 - Make base dir root readable only for security
- 2011/06/23 - Set base directory using a fact instead of hardcoding it
- 2011/06/23 - Support operating as non privileged user
- 2011/06/23 - Support dash instead of bash or sh
- 2011/07/11 - Better solaris support
- 2011/12/05 - Use fully qualified variables
- 2011/12/13 - Improve Nexenta support
- 2012/04/11 - Do not use any GNU specific extensions in the shell script
- 2012/03/24 - Comply to community style guides
- 2012/05/23 - Better errors when basedir isnt set
- 2012/05/31 - Add spec tests
- 2012/07/11 - Include concat::setup in concat improving UX
- 2012/08/14 - Puppet Lint improvements
- 2012/08/30 - The target path can be different from the $name
- 2012/08/30 - More Puppet Lint cleanup
- 2012/09/04 - RELEASE 0.2.0
- 2012/12/12 - Added (file) $replace parameter to concat

20
modules/concat/Gemfile Normal file
View File

@ -0,0 +1,20 @@
source ENV['GEM_SOURCE'] || "https://rubygems.org"
group :development, :test do
gem 'rake', :require => false
gem 'rspec-puppet', :require => false
gem 'puppetlabs_spec_helper', :require => false
gem 'beaker', :require => false
gem 'beaker-rspec', :require => false
gem 'puppet-lint', :require => false
gem 'serverspec', :require => false
gem 'pry', :require => false
end
if puppetversion = ENV['PUPPET_GEM_VERSION']
gem 'puppet', puppetversion, :require => false
else
gem 'puppet', :require => false
end
# vim:ft=ruby

14
modules/concat/LICENSE Normal file
View File

@ -0,0 +1,14 @@
Copyright 2012 R.I.Pienaar
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

8
modules/concat/Modulefile Normal file
View File

@ -0,0 +1,8 @@
name 'puppetlabs-concat'
version '1.0.2'
source 'git://github.com/puppetlabs/puppetlabs-concat.git'
author 'Puppetlabs'
license 'Apache 2.0'
summary 'Concat module'
description 'Concat module'
project_page 'http://github.com/puppetlabs/puppetlabs-concat'

91
modules/concat/README Normal file
View File

@ -0,0 +1,91 @@
== Module: concat
A system to construct files using fragments from other files or templates.
This requires at least puppet 0.25 to work correctly as we use some
enhancements in recursive directory management and regular expressions
to do the work here.
=== Usage:
The basic use case is as below:
concat{"/etc/named.conf":
notify => Service["named"]
}
concat::fragment{"foo.com_config":
target => "/etc/named.conf",
order => 10,
content => template("named_conf_zone.erb")
}
# add a fragment not managed by puppet so local users
# can add content to managed file
concat::fragment{"foo.com_user_config":
target => "/etc/named.conf",
order => 12,
ensure => "/etc/named.conf.local"
}
This will use the template named_conf_zone.erb to build a single
bit of config up and put it into the fragments dir. The file
will have an number prefix of 10, you can use the order option
to control that and thus control the order the final file gets built in.
You can also specify a path and use a different name for your resources:
# You can make this something dynamic, based on whatever parameters your
# module/class for example.
$vhost_file = '/etc/httpd/vhosts/01-my-vhost.conf'
concat{'apache-vhost-myvhost':
path => $vhost_file,
}
# We don't care where the file is located, just what to put in it.
concat::fragment {'apache-vhost-myvhost-main':
target => 'apache-vhost-myvhost',
content => '<virtualhost *:80>',
order => 01,
}
concat::fragment {'apache-vhost-myvhost-close':
target => 'apache-vhost-myvhost',
content => '</virtualhost>',
order => 99,
}
=== Setup:
The class concat::setup uses the fact concat_basedir to define the variable
$concatdir, where all the temporary files and fragments will be
durably stored. The fact concat_basedir will be set up on the client to
<Puppet[:vardir]>/concat, so you will be able to run different setup/flavours
of puppet clients.
However, since this requires the file lib/facter/concat_basedir.rb to be
deployed on the clients, so you will have to set "pluginsync = true" on
both the master and client, at least for the first run.
There's some regular expression magic to figure out the puppet version but
if you're on an older 0.24 version just set $puppetversion = 24
=== Detail:
We use a helper shell script called concatfragments.sh that gets placed
in <Puppet[:vardir]>/concat/bin to do the concatenation. While this might
seem more complex than some of the one-liner alternatives you might find on
the net we do a lot of error checking and safety checks in the script to avoid
problems that might be caused by complex escaping errors etc.
=== License:
Apache Version 2
=== Latest:
http://github.com/puppetlabs/puppetlabs-concat/
=== Contact:
Puppetlabs, via our puppet-users@ mailing list.

154
modules/concat/README.markdown Normal file
View File

@ -0,0 +1,154 @@
What is it?
===========
A Puppet module that can construct files from fragments.
Please see the comments in the various .pp files for details
as well as posts on my blog at http://www.devco.net/
Released under the Apache 2.0 licence
Usage:
------
If you wanted a /etc/motd file that listed all the major modules
on the machine. And that would be maintained automatically even
if you just remove the include lines for other modules you could
use code like below, a sample /etc/motd would be:
<pre>
Puppet modules on this server:
-- Apache
-- MySQL
</pre>
Local sysadmins can also append to the file by just editing /etc/motd.local
their changes will be incorporated into the puppet managed motd.
<pre>
# class to setup basic motd, include on all nodes
class motd {
$motd = "/etc/motd"
concat{$motd:
owner => root,
group => root,
mode => '0644',
}
concat::fragment{"motd_header":
target => $motd,
content => "\nPuppet modules on this server:\n\n",
order => 01,
}
# local users on the machine can append to motd by just creating
# /etc/motd.local
concat::fragment{"motd_local":
target => $motd,
ensure => "/etc/motd.local",
order => 15
}
}
# used by other modules to register themselves in the motd
define motd::register($content="", $order=10) {
if $content == "" {
$body = $name
} else {
$body = $content
}
concat::fragment{"motd_fragment_$name":
target => "/etc/motd",
content => " -- $body\n"
}
}
# a sample apache module
class apache {
include apache::install, apache::config, apache::service
motd::register{"Apache": }
}
</pre>
Detailed documentation of the class options can be found in the
manifest files.
Known Issues:
-------------
* Since puppet-concat now relies on a fact for the concat directory,
you will need to set up pluginsync = true on both the master and client
node's '/etc/puppet/puppet.conf' for at least the first run.
You have this issue if puppet fails to run on the client and you have
a message similar to
"err: Failed to apply catalog: Parameter path failed: File
paths must be fully qualified, not 'undef' at [...]/concat/manifests/setup.pp:44".
Contributors:
-------------
**Paul Elliot**
* Provided 0.24.8 support, shell warnings and empty file creation support.
**Chad Netzer**
* Various patches to improve safety of file operations
* Symlink support
**David Schmitt**
* Patch to remove hard coded paths relying on OS path
* Patch to use file{} to copy the resulting file to the final destination. This means Puppet client will show diffs and that hopefully we can change file ownerships now
**Peter Meier**
* Basedir as a fact
* Unprivileged user support
**Sharif Nassar**
* Solaris/Nexenta support
* Better error reporting
**Christian G. Warden**
* Style improvements
**Reid Vandewiele**
* Support non GNU systems by default
**Erik Dalén**
* Style improvements
**Gildas Le Nadan**
* Documentation improvements
**Paul Belanger**
* Testing improvements and Travis support
**Branan Purvine-Riley**
* Support Puppet Module Tool better
**Dustin J. Mitchell**
* Always include setup when using the concat define
**Andreas Jaggi**
* Puppet Lint support
**Jan Vansteenkiste**
* Configurable paths
Contact:
--------
puppet-users@ mailing list.

5
modules/concat/Rakefile Normal file
View File

@ -0,0 +1,5 @@
require 'puppetlabs_spec_helper/rake_tasks'
require 'puppet-lint/tasks/puppet-lint'
PuppetLint.configuration.send('disable_80chars')
PuppetLint.configuration.send('disable_quoted_booleans')

2
modules/concat/data/common.yaml Normal file
View File

@ -0,0 +1,2 @@
---

4
modules/concat/data/freebsd/100release.yaml Normal file
View File

@ -0,0 +1,4 @@
---

7
modules/concat/data/hiera.yaml Normal file
View File

@ -0,0 +1,7 @@
---
:hierarchy:
- "%{operatingsystem}/%{asf_osrelease}"
- "common"
:yaml:
:datadir: .

140
modules/concat/files/concatfragments.sh Executable file
View File

@ -0,0 +1,140 @@
#!/bin/sh
# Script to concat files to a config file.
#
# Given a directory like this:
# /path/to/conf.d
# |-- fragments
# | |-- 00_named.conf
# | |-- 10_domain.net
# | `-- zz_footer
#
# The script supports a test option that will build the concat file to a temp location and
# use /usr/bin/cmp to verify if it should be run or not. This would result in the concat happening
# twice on each run but gives you the option to have an unless option in your execs to inhibit rebuilds.
#
# Without the test option and the unless combo your services that depend on the final file would end up
# restarting on each run, or in other manifest models some changes might get missed.
#
# OPTIONS:
# -o The file to create from the sources
# -d The directory where the fragments are kept
# -t Test to find out if a build is needed, basically concats the files to a temp
# location and compare with what's in the final location, return codes are designed
# for use with unless on an exec resource
# -w Add a shell style comment at the top of the created file to warn users that it
# is generated by puppet
# -f Enables the creation of empty output files when no fragments are found
# -n Sort the output numerically rather than the default alpha sort
#
# the command:
#
# concatfragments.sh -o /path/to/conffile.cfg -d /path/to/conf.d
#
# creates /path/to/conf.d/fragments.concat and copies the resulting
# file to /path/to/conffile.cfg. The files will be sorted alphabetically
# pass the -n switch to sort numerically.
#
# The script does error checking on the various dirs and files to make
# sure things don't fail.
OUTFILE=""
WORKDIR=""
TEST=""
FORCE=""
WARN=""
SORTARG=""
ENSURE_NEWLINE=""
PATH=/sbin:/usr/sbin:/bin:/usr/bin
## Well, if there's ever a bad way to do things, Nexenta has it.
## http://nexenta.org/projects/site/wiki/Personalities
unset SUN_PERSONALITY
while getopts "o:s:d:tnw:fl" options; do
case $options in
o ) OUTFILE=$OPTARG;;
d ) WORKDIR=$OPTARG;;
n ) SORTARG="-n";;
w ) WARNMSG="$OPTARG";;
f ) FORCE="true";;
t ) TEST="true";;
l ) ENSURE_NEWLINE="true";;
* ) echo "Specify output file with -o and fragments directory with -d"
exit 1;;
esac
done
# do we have -o?
if [ x${OUTFILE} = "x" ]; then
echo "Please specify an output file with -o"
exit 1
fi
# do we have -d?
if [ x${WORKDIR} = "x" ]; then
echo "Please fragments directory with -d"
exit 1
fi
# can we write to -o?
if [ -f ${OUTFILE} ]; then
if [ ! -w ${OUTFILE} ]; then
echo "Cannot write to ${OUTFILE}"
exit 1
fi
else
if [ ! -w `dirname ${OUTFILE}` ]; then
echo "Cannot write to `dirname ${OUTFILE}` to create ${OUTFILE}"
exit 1
fi
fi
# do we have a fragments subdir inside the work dir?
if [ ! -d "${WORKDIR}/fragments" ] && [ ! -x "${WORKDIR}/fragments" ]; then
echo "Cannot access the fragments directory"
exit 1
fi
# are there actually any fragments?
if [ ! "$(ls -A ${WORKDIR}/fragments)" ]; then
if [ x${FORCE} = "x" ]; then
echo "The fragments directory is empty, cowardly refusing to make empty config files"
exit 1
fi
fi
cd ${WORKDIR}
if [ "x${WARNMSG}" = "x" ]; then
: > "fragments.concat"
else
printf '%s\n' "$WARNMSG" > "fragments.concat"
fi
if [ x${ENSURE_NEWLINE} != x ]; then
find fragments/ -type f -follow -print0 | xargs -0 -I '{}' sh -c 'if [ -n "$(tail -c 1 < {} )" ]; then echo >> {} ; fi'
fi
# find all the files in the fragments directory, sort them numerically and concat to fragments.concat in the working dir
IFS_BACKUP=$IFS
IFS='
'
for fragfile in `find fragments/ -type f -follow | LC_ALL=C sort ${SORTARG}`
do
cat $fragfile >> "fragments.concat"
done
IFS=$IFS_BACKUP
if [ x${TEST} = "x" ]; then
# This is a real run, copy the file to outfile
cp fragments.concat ${OUTFILE}
RETVAL=$?
else
# Just compare the result to outfile to help the exec decide
cmp ${OUTFILE} fragments.concat
RETVAL=$?
fi
exit $RETVAL

5
modules/concat/files/puppetwarn-hash.txt Normal file
View File

@ -0,0 +1,5 @@
###
## WARNING ::
##
## This file is managed by puppet. All local changes will be lost at the next puppet run.
###

11
modules/concat/lib/facter/concat_basedir.rb Normal file
View File

@ -0,0 +1,11 @@
# == Fact: concat_basedir
#
# A custom fact that sets the default location for fragments
#
# "${::vardir}/concat/"
#
Facter.add("concat_basedir") do
setcode do
File.join(Puppet[:vardir],"concat")
end
end

67
modules/concat/manifests/fragment.pp Normal file
View File

@ -0,0 +1,67 @@
# == Define: concat::fragment
#
# Puts a file fragment into a directory previous setup using concat
#
# === Options:
#
# [*target*]
# The file that these fragments belong to
# [*content*]
# If present puts the content into the file
# [*source*]
# If content was not specified, use the source
# [*order*]
# By default all files gets a 10_ prefix in the directory you can set it to
# anything else using this to influence the order of the content in the file
# [*ensure*]
# Present/Absent or destination to a file to include another file
# [*mode*]
# Mode for the file
# [*owner*]
# Owner of the file
# [*group*]
# Owner of the file
# [*backup*]
# Controls the filebucketing behavior of the final file and see File type
# reference for its use. Defaults to 'puppet'
#
define concat::fragment(
$target,
$content=undef,
$source=undef,
$order=10,
$ensure = 'present',
$mode = '0644',
$owner = $::id,
$group = $concat::setup::root_group,
$backup = 'puppet') {
$safe_name = regsubst($name, '[/\n]', '_', 'GM')
$safe_target_name = regsubst($target, '[/\n]', '_', 'GM')
$concatdir = $concat::setup::concatdir
$fragdir = "${concatdir}/${safe_target_name}"
# if content is passed, use that, else if source is passed use that
# if neither passed, but $ensure is in symlink form, make a symlink
case $ensure {
'', 'absent', 'present', 'file', 'directory': {
if ! ($content or $source) {
crit('No content, source or symlink specified')
}
}
default: {
# do nothing, make puppet-lint happy
}
}
file{"${fragdir}/fragments/${order}_${safe_name}":
ensure => $ensure,
mode => $mode,
owner => $owner,
group => $group,
source => $source,
content => $content,
backup => $backup,
alias => "concat_fragment_${name}",
notify => Exec["concat_${target}"]
}
}

50
modules/concat/manifests/fragment/puppetwarn/hash.pp Normal file
View File

@ -0,0 +1,50 @@
#
define concat::fragment::puppetwarn::hash(
$target,
$content="
###
## ..:: WARNING ::..
##
## This file is managed by puppet.
## All local changes will be lost during
## the next puppet run.
##
###
",
$source=undef,
$order=001,
$ensure = 'present',
$mode = '0644',
$owner = $::id,
$group = $concat::setup::root_group,
$backup = 'puppet') {
$safe_name = regsubst($name, '[/\n]', '_', 'GM')
$safe_target_name = regsubst($target, '[/\n]', '_', 'GM')
$concatdir = $concat::setup::concatdir
$fragdir = "${concatdir}/${safe_target_name}"
# if content is passed, use that, else if source is passed use that
# if neither passed, but $ensure is in symlink form, make a symlink
case $ensure {
'', 'absent', 'present', 'file', 'directory': {
if ! ($content or $source) {
crit('No content, source or symlink specified')
}
}
default: {
# do nothing, make puppet-lint happy
}
}
file{"${fragdir}/fragments/${order}_${safe_name}":
ensure => $ensure,
mode => $mode,
owner => $owner,
group => $group,
source => $source,
content => $content,
backup => $backup,
alias => "concat_fragment_${name}",
notify => Exec["concat_${target}"]
}
}

190
modules/concat/manifests/init.pp Normal file
View File

@ -0,0 +1,190 @@
# == Define: concat
#
# Sets up so that you can use fragments to build a final config file,
#
# === Options:
#
# [*path*]
# The path to the final file. Use this in case you want to differentiate
# between the name of a resource and the file path. Note: Use the name you
# provided in the target of your fragments.
# [*mode*]
# The mode of the final file
# [*owner*]
# Who will own the file
# [*group*]
# Who will own the file
# [*force*]
# Enables creating empty files if no fragments are present
# [*warn*]
# Adds a normal shell style comment top of the file indicating that it is
# built by puppet
# [*backup*]
# Controls the filebucketing behavior of the final file and see File type
# reference for its use. Defaults to 'puppet'
# [*replace*]
# Whether to replace a file that already exists on the local system
#
# === Actions:
# * Creates fragment directories if it didn't exist already
# * Executes the concatfragments.sh script to build the final file, this
# script will create directory/fragments.concat. Execution happens only
# when:
# * The directory changes
# * fragments.concat != final destination, this means rebuilds will happen
# whenever someone changes or deletes the final file. Checking is done
# using /usr/bin/cmp.
# * The Exec gets notified by something else - like the concat::fragment
# define
# * Copies the file over to the final destination using a file resource
#
# === Aliases:
#
# * The exec can notified using Exec["concat_/path/to/file"] or
# Exec["concat_/path/to/directory"]
# * The final file can be referened as File["/path/to/file"] or
# File["concat_/path/to/file"]
#
define concat(
$path = $name,
$owner = $::id,
$group = $concat::setup::root_group,
$mode = '0644',
$warn = false,
$force = false,
$backup = 'puppet',
$replace = true,
$gnu = undef,
$order='alpha',
$ensure_newline = false
) {
include concat::setup
$safe_name = regsubst($name, '/', '_', 'G')
$concatdir = $concat::setup::concatdir
$version = $concat::setup::majorversion
$fragdir = "${concatdir}/${safe_name}"
$concat_name = 'fragments.concat.out'
$default_warn_message = '# This file is managed by Puppet. DO NOT EDIT.'
case $warn {
'true', true, yes, on: {
$warnmsg = $default_warn_message
}
'false', false, no, off: {
$warnmsg = ''
}
default: {
$warnmsg = $warn
}
}
$warnmsg_escaped = regsubst($warnmsg, "'", "'\\\\''", 'G')
$warnflag = $warnmsg_escaped ? {
'' => '',
default => "-w '${warnmsg_escaped}'"
}
case $force {
'true', true, yes, on: {
$forceflag = '-f'
}
'false', false, no, off: {
$forceflag = ''
}
default: {
fail("Improper 'force' value given to concat: ${force}")
}
}
case $order {
numeric: {
$orderflag = '-n'
}
alpha: {
$orderflag = ''
}
default: {
fail("Improper 'order' value given to concat: ${order}")
}
}
case $ensure_newline {
'true', true, yes, on: {
$newlineflag = '-l'
}
'false', false, no, off: {
$newlineflag = ''
}
default: {
fail("Improper 'ensure_newline' value given to concat: ${ensure_newline}")
}
}
File {
owner => $::id,
group => $group,
mode => $mode,
backup => $backup,
replace => $replace
}
file { $fragdir:
ensure => directory,
}
$source_real = $version ? {
24 => 'puppet:///concat/null',
default => undef,
}
file { "${fragdir}/fragments":
ensure => directory,
force => true,
ignore => ['.svn', '.git', '.gitignore'],
notify => Exec["concat_${name}"],
purge => true,
recurse => true,
source => $source_real,
}
file { "${fragdir}/fragments.concat":
ensure => present,
}
file { "${fragdir}/${concat_name}":
ensure => present,
}
file { $name:
ensure => present,
path => $path,
alias => "concat_${name}",
group => $group,
mode => $mode,
owner => $owner,
source => "${fragdir}/${concat_name}",
}
exec { "concat_${name}":
alias => "concat_${fragdir}",
command => "${concat::setup::concatdir}/bin/concatfragments.sh -o ${fragdir}/${concat_name} -d ${fragdir} ${warnflag} ${forceflag} ${orderflag} ${newlineflag}",
notify => File[$name],
require => [
File[$fragdir],
File["${fragdir}/fragments"],
File["${fragdir}/fragments.concat"],
],
subscribe => File[$fragdir],
unless => "${concat::setup::concatdir}/bin/concatfragments.sh -o ${fragdir}/${concat_name} -d ${fragdir} -t ${warnflag} ${forceflag} ${orderflag} ${newlineflag}",
}
if $::id == 'root' {
Exec["concat_${name}"] {
user => root,
group => $group,
}
}
}
# vim:sw=2:ts=2:expandtab:textwidth=79

67
modules/concat/manifests/setup.pp Normal file
View File

@ -0,0 +1,67 @@
# === Class: concat::setup
#
# Sets up the concat system.
#
# [$concatdir]
# is where the fragments live and is set on the fact concat_basedir.
# Since puppet should always manage files in $concatdir and they should
# not be deleted ever, /tmp is not an option.
#
# [$puppetversion]
# should be either 24 or 25 to enable a 24 compatible
# mode, in 24 mode you might see phantom notifies this is a side effect
# of the method we use to clear the fragments directory.
#
# The regular expression below will try to figure out your puppet version
# but this code will only work in 0.24.8 and newer.
#
# It also copies out the concatfragments.sh file to ${concatdir}/bin
#
class concat::setup {
case $::osfamily {
'windows': {
fail("Unsupported osfamily: ${osfamily}")
}
default: {
# Should work otherwise
}
}
$id = $::id
$root_group = $id ? {
root => 0,
default => $id
}
if $::concat_basedir {
$concatdir = $::concat_basedir
} else {
fail ("\$concat_basedir not defined. Try running again with pluginsync=true on the [master] and/or [main] section of your node's '/etc/puppet/puppet.conf'.")
}
$majorversion = regsubst($::puppetversion, '^[0-9]+[.]([0-9]+)[.][0-9]+$', '\1')
$fragments_source = $majorversion ? {
24 => 'puppet:///concat/concatfragments.sh',
default => 'puppet:///modules/concat/concatfragments.sh'
}
file{"${concatdir}/bin/concatfragments.sh":
owner => $id,
group => $root_group,
mode => '0755',
source => $fragments_source;
[ $concatdir, "${concatdir}/bin" ]:
ensure => directory,
owner => $id,
group => $root_group,
mode => '0750';
## Old versions of this module used a different path.
'/usr/local/bin/concatfragments.sh':
ensure => absent;
}
# Ensure we run setup first.
Class['concat::setup'] -> Concat::Fragment<| |>
}

134
modules/concat/metadata.json Normal file
View File

@ -0,0 +1,134 @@
{
"name": "puppetlabs-concat",
"version": "1.0.2",
"source": "git://github.com/puppetlabs/puppetlabs-concat.git",
"author": "Puppetlabs",
"license": "Apache 2.0",
"project_page": "http://github.com/puppetlabs/puppetlabs-concat",
"summary": "Concat module",
"operatingsystem_support": [
{
"operatingsystem": "RedHat",
"operatingsystemrelease": [
"5",
"6"
]
},
{
"operatingsystem": "CentOS",
"operatingsystemrelease": [
"5",
"6"
]
},
{
"operatingsystem": "OracleLinux",
"operatingsystemrelease": [
"5",
"6"
]
},
{
"operatingsystem": "Scientific",
"operatingsystemrelease": [
"5",
"6"
]
},
{
"operatingsystem": "SLES",
"operatingsystemrelease": [
"11 SP1"
]
},
{
"operatingsystem": "Debian",
"operatingsystemrelease": [
"6",
"7"
]
},
{
"operatingsystem": "Ubuntu",
"operatingsystemrelease": [
"10.04",
"12.04"
]
},
{
"operatingsystem": "Solaris",
"operatingsystemrelease": [
"10",
"11"
]
},
{
"operatingsystem": "AIX",
"operatingsystemrelease": [
"5.3",
"6.1",
"7.1"
]
}
],
"requirements": [
{
"name": "pe",
"version_requirement": "3.2.x"
},
{
"name": "puppet",
"version_requirement": "3.x"
}
],
"dependencies": [
],
"description": "Concat module",
"types": [
],
"checksums": {
"CHANGELOG.md": "30cdc920990c64e637f7455abfaeaf3d",
"Gemfile": "3cadf91e1baf9c8b7d2b1c3036676ba9",
"LICENSE": "f5a76685d453424cd63dde1535811cf0",
"Modulefile": "b55bcc013ad1418a1c9baa11edd04289",
"README": "d15ec3400f628942dd7b7fa8c1a18da3",
"README.markdown": "a028e3752126d36288870225a83c6e6e",
"Rakefile": "e415d40cd8db238f02bf4575d5e1e693",
"files/concatfragments.sh": "e7aaa4c45316eb97d2d88b57334c4060",
"lib/facter/concat_basedir.rb": "e152593fafe27ef305fc473929c62ca6",
"manifests/fragment.pp": "196ee8e405b3a31b84ae618ed54377ed",
"manifests/init.pp": "8d0cc8e9cf145ca7a23db05a30252476",
"manifests/setup.pp": "b179589ac55f0f8d3108dd5fd460da4a",
"spec/acceptance/backup_spec.rb": "46e39d56d025a7343f11bf9a9fff9854",
"spec/acceptance/concat_spec.rb": "bdc52d4c3f8a28ece90970f649208080",
"spec/acceptance/empty_spec.rb": "533f77b85fc9a19d11a3966b507037ec",
"spec/acceptance/fragment_source_spec.rb": "5d8ff3de54a785bec58ed2c1e6383187",
"spec/acceptance/newline_spec.rb": "dc75805a2a57bd48cb210ba402e4a077",
"spec/acceptance/nodesets/centos-59-x64.yml": "57eb3e471b9042a8ea40978c467f8151",
"spec/acceptance/nodesets/centos-64-x64-pe.yml": "ec075d95760df3d4702abea1ce0a829b",
"spec/acceptance/nodesets/centos-64-x64.yml": "9cde7b5d2ab6a42366d2344c264d6bdc",
"spec/acceptance/nodesets/debian-607-x64.yml": "d566bf76f534e2af7c9a4605316d232c",
"spec/acceptance/nodesets/debian-70rc1-x64.yml": "31ccca73af7b74e1cc2fb0035c230b2c",
"spec/acceptance/nodesets/default.yml": "9cde7b5d2ab6a42366d2344c264d6bdc",
"spec/acceptance/nodesets/fedora-18-x64.yml": "acc126fa764c39a3b1df36e9224a21d9",
"spec/acceptance/nodesets/sles-11sp1-x64.yml": "fa0046bd89c1ab4ba9521ad79db234cd",
"spec/acceptance/nodesets/ubuntu-server-10044-x64.yml": "dc0da2d2449f66c8fdae16593811504f",
"spec/acceptance/nodesets/ubuntu-server-12042-x64.yml": "78a3ee42652e26119d90aa62586565b2",
"spec/acceptance/order_spec.rb": "8d919b8e14e8ae04b3254cd05eaff1d3",
"spec/acceptance/replace_spec.rb": "676cf26a8e59ee4be3510c9531d17ed2",
"spec/acceptance/symbolic_name_spec.rb": "51a40f87f1b68e3035f39d0681c374c1",
"spec/acceptance/unsupported_spec.rb": "9a060f1a1f19a4af725f96869a403354",
"spec/acceptance/warn_spec.rb": "c4a641849c18cf4b092a99eb66367549",
"spec/defines/init_spec.rb": "35e41d4abceba0dca090d3addd92bb4f",
"spec/spec_helper.rb": "0db89c9a486df193c0e40095422e19dc",
"spec/spec_helper_acceptance.rb": "9f2165faf3619160798a0a3b0a118705",
"spec/spec_helper_system.rb": "9c3742bf87d62027f080c6b9fa98b979",
"spec/system/basic_spec.rb": "9135d9af6a21f16980ab59b58e91ed9a",
"spec/system/concat_spec.rb": "5fe675ec42ca441d0c7e431c31bbc238",
"spec/system/empty_spec.rb": "51ab1fc7c86268f1ab1cda72dc5ff583",
"spec/system/replace_spec.rb": "275295e6b4f04fc840dc3f87faf56249",
"spec/system/warn_spec.rb": "0ea35b44e8f0ac5352256f95115995ce"
}
}

105
modules/concat/spec/acceptance/backup_spec.rb Normal file
View File

@ -0,0 +1,105 @@
require 'spec_helper_acceptance'
describe 'concat backup parameter', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
basedir = default.tmpdir('concat')
context '=> puppet' do
before :all do
shell("rm -rf #{basedir}")
shell("mkdir -p #{basedir}")
shell("echo 'old contents' > #{basedir}/file")
end
pp = <<-EOS
include concat::setup
concat { '#{basedir}/file':
backup => 'puppet',
}
concat::fragment { 'new file':
target => '#{basedir}/file',
content => 'new contents',
}
EOS
it 'applies the manifest twice with "Filebucketed" stdout and no stderr' do
apply_manifest(pp, :catch_failures => true) do |r|
expect(r.stderr).to eq("")
expect(r.stdout).to match(/Filebucketed #{basedir}\/file to puppet with sum 0140c31db86293a1a1e080ce9b91305f/) # sum is for file contents of 'old contents'
end
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
end
describe file("#{basedir}/file") do
it { should be_file }
it { should contain 'new contents' }
end
end
context '=> .backup' do
before :all do
shell("rm -rf #{basedir}")
shell("mkdir -p #{basedir}")
shell("echo 'old contents' > #{basedir}/file")
end
pp = <<-EOS
include concat::setup
concat { '#{basedir}/file':
backup => '.backup',
}
concat::fragment { 'new file':
target => '#{basedir}/file',
content => 'new contents',
}
EOS
# XXX Puppet doesn't mention anything about filebucketing with a given
# extension like .backup
it 'applies the manifest twice no stderr' do
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
end
describe file("#{basedir}/file") do
it { should be_file }
it { should contain 'new contents' }
end
describe file("#{basedir}/file.backup") do
it { should be_file }
it { should contain 'old contents' }
end
end
# XXX The backup parameter uses validate_string() and thus can't be the
# boolean false value, but the string 'false' has the same effect in Puppet 3
context "=> 'false'" do
before :all do
shell("rm -rf #{basedir}")
shell("mkdir -p #{basedir}")
shell("echo 'old contents' > #{basedir}/file")
end
pp = <<-EOS
include concat::setup
concat { '#{basedir}/file':
backup => '.backup',
}
concat::fragment { 'new file':
target => '#{basedir}/file',
content => 'new contents',
}
EOS
it 'applies the manifest twice with no "Filebucketed" stdout and no stderr' do
apply_manifest(pp, :catch_failures => true) do |r|
expect(r.stderr).to eq("")
expect(r.stdout).to_not match(/Filebucketed/)
end
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
end
describe file("#{basedir}/file") do
it { should be_file }
it { should contain 'new contents' }
end
end
end

79
modules/concat/spec/acceptance/concat_spec.rb Normal file
View File

@ -0,0 +1,79 @@
require 'spec_helper_acceptance'
case fact('osfamily')
when 'AIX'
username = 'root'
groupname = 'system'
when 'windows'
username = 'Administrator'
groupname = 'Administrators'
else
username = 'root'
groupname = 'root'
end
describe 'basic concat test', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
basedir = default.tmpdir('concat')
shared_examples 'successfully_applied' do |pp|
it 'applies the manifest twice with no stderr' do
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
end
end
context 'owner/group' do
pp = <<-EOS
include concat::setup
concat { '#{basedir}/file':
owner => '#{username}',
group => '#{groupname}',
mode => '0644',
}
concat::fragment { '1':
target => '#{basedir}/file',
content => '1',
order => '01',
}
concat::fragment { '2':
target => '#{basedir}/file',
content => '2',
order => '02',
}
EOS
it_behaves_like 'successfully_applied', pp
describe file("#{basedir}/file") do
it { should be_file }
it { should be_owned_by username }
it { should be_grouped_into groupname }
# XXX file be_mode isn't supported on AIX
it("should be mode 644", :unless => (fact('osfamily') == "AIX" or UNSUPPORTED_PLATFORMS.include?(fact('osfamily')))) {
should be_mode 644
}
it { should contain '1' }
it { should contain '2' }
end
describe file("#{default.puppet['vardir']}/concat/#{basedir.gsub('/','_')}_file/fragments/01_1") do
it { should be_file }
it { should be_owned_by username }
it { should be_grouped_into groupname }
# XXX file be_mode isn't supported on AIX
it("should be mode 644", :unless => (fact('osfamily') == "AIX" or UNSUPPORTED_PLATFORMS.include?(fact('osfamily')))) {
should be_mode 644
}
end
describe file("#{default.puppet['vardir']}/concat/#{basedir.gsub('/','_')}_file/fragments/02_2") do
it { should be_file }
it { should be_owned_by username }
it { should be_grouped_into groupname }
# XXX file be_mode isn't supported on AIX
it("should be mode 644", :unless => (fact('osfamily') == "AIX" or UNSUPPORTED_PLATFORMS.include?(fact('osfamily')))) {
should be_mode 644
}
end
end
end

24
modules/concat/spec/acceptance/empty_spec.rb Normal file
View File

@ -0,0 +1,24 @@
require 'spec_helper_acceptance'
describe 'concat force empty parameter', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
basedir = default.tmpdir('concat')
context 'should run successfully' do
pp = <<-EOS
include concat::setup
concat { '#{basedir}/file':
mode => '0644',
force => true,
}
EOS
it 'applies the manifest twice with no stderr' do
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
end
describe file("#{basedir}/file") do
it { should be_file }
it { should_not contain '1\n2' }
end
end
end

150
modules/concat/spec/acceptance/fragment_source_spec.rb Normal file
View File

@ -0,0 +1,150 @@
require 'spec_helper_acceptance'
case fact('osfamily')
when 'AIX'
username = 'root'
groupname = 'system'
when 'windows'
username = 'Administrator'
groupname = 'Administrators'
else
username = 'root'
groupname = 'root'
end
describe 'concat::fragment source', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
basedir = default.tmpdir('concat')
context 'should read file fragments from local system' do
before(:all) do
shell("/bin/echo 'file1 contents' > #{basedir}/file1")
shell("/bin/echo 'file2 contents' > #{basedir}/file2")
end
pp = <<-EOS
include concat::setup
concat { '#{basedir}/foo': }
concat::fragment { '1':
target => '#{basedir}/foo',
source => '#{basedir}/file1',
}
concat::fragment { '2':
target => '#{basedir}/foo',
content => 'string1 contents',
}
concat::fragment { '3':
target => '#{basedir}/foo',
source => '#{basedir}/file2',
}
EOS
it 'applies the manifest twice with no stderr' do
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
end
describe file("#{basedir}/foo") do
it { should be_file }
it { should contain 'file1 contents' }
it { should contain 'string1 contents' }
it { should contain 'file2 contents' }
end
end # should read file fragments from local system
context 'should create files containing first match only.' do
before(:all) do
shell("rm -rf #{basedir} #{default.puppet['vardir']}/concat")
shell("mkdir -p #{basedir}")
shell("echo 'file1 contents' > #{basedir}/file1")
shell("echo 'file2 contents' > #{basedir}/file2")
end
pp = <<-EOS
include concat::setup
concat { '#{basedir}/result_file1':
owner => '#{username}',
group => '#{groupname}',
mode => '0644',
}
concat { '#{basedir}/result_file2':
owner => '#{username}',
group => '#{groupname}',
mode => '0644',
}
concat { '#{basedir}/result_file3':
owner => '#{username}',
group => '#{groupname}',
mode => '0644',
}
concat::fragment { '1':
target => '#{basedir}/result_file1',
source => [ '#{basedir}/file1', '#{basedir}/file2' ],
order => '01',
}
concat::fragment { '2':
target => '#{basedir}/result_file2',
source => [ '#{basedir}/file2', '#{basedir}/file1' ],
order => '01',
}
concat::fragment { '3':
target => '#{basedir}/result_file3',
source => [ '#{basedir}/file1', '#{basedir}/file2' ],
order => '01',
}
EOS
it 'applies the manifest twice with no stderr' do
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
end
describe file("#{basedir}/result_file1") do
it { should be_file }
it { should contain 'file1 contents' }
it { should_not contain 'file2 contents' }
end
describe file("#{basedir}/result_file2") do
it { should be_file }
it { should contain 'file2 contents' }
it { should_not contain 'file1 contents' }
end
describe file("#{basedir}/result_file3") do
it { should be_file }
it { should contain 'file1 contents' }
it { should_not contain 'file2 contents' }
end
end
context 'should fail if no match on source.' do
before(:all) do
shell("rm -rf #{basedir} #{default.puppet['vardir']}/concat")
shell("mkdir -p #{basedir}")
shell("rm -rf #{basedir}/fail_no_source #{basedir}/nofilehere #{basedir}/nothereeither")
end
pp = <<-EOS
include concat::setup
concat { '#{basedir}/fail_no_source':
owner => '#{username}',
group => '#{groupname}',
mode => '0644',
}
concat::fragment { '1':
target => '#{basedir}/fail_no_source',
source => [ '#{basedir}/nofilehere', '#{basedir}/nothereeither' ],
order => '01',
}
EOS
it 'applies the manifest with resource failures' do
apply_manifest(pp, :expect_failures => true)
end
describe file("#{basedir}/fail_no_source") do
#FIXME: Serverspec::Type::File doesn't support exists? for some reason. so... hack.
it { should_not be_file }
it { should_not be_directory }
end
end
end

60
modules/concat/spec/acceptance/newline_spec.rb Normal file
View File

@ -0,0 +1,60 @@
require 'spec_helper_acceptance'
describe 'concat ensure_newline parameter', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
basedir = default.tmpdir('concat')
context '=> false' do
pp = <<-EOS
include concat::setup
concat { '#{basedir}/file':
ensure_newline => false,
}
concat::fragment { '1':
target => '#{basedir}/file',
content => '1',
}
concat::fragment { '2':
target => '#{basedir}/file',
content => '2',
}
EOS
it 'applies the manifest twice with no stderr' do
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
end
describe file("#{basedir}/file") do
it { should be_file }
it { should contain '12' }
end
end
#context '=> true' do
# pp = <<-EOS
# include concat::setup
# concat { '#{basedir}/file':
# ensure_newline => true,
# }
# concat::fragment { '1':
# target => '#{basedir}/file',
# content => '1',
# }
# concat::fragment { '2':
# target => '#{basedir}/file',
# content => '2',
# }
# EOS
# it 'applies the manifest twice with no stderr' do
# expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
# expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
# #XXX ensure_newline => true causes changes on every run because the files
# #are modified in place.
# end
# describe file("#{basedir}/file") do
# it { should be_file }
# it { should contain "1\n2\n" }
# end
#end
end

10
modules/concat/spec/acceptance/nodesets/centos-59-x64.yml Normal file
View File

@ -0,0 +1,10 @@
HOSTS:
centos-59-x64:
roles:
- master
platform: el-5-x86_64
box : centos-59-x64-vbox4210-nocm
box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-59-x64-vbox4210-nocm.box
hypervisor : vagrant
CONFIG:
type: git

12
modules/concat/spec/acceptance/nodesets/centos-64-x64-pe.yml Normal file
View File

@ -0,0 +1,12 @@
HOSTS:
centos-64-x64:
roles:
- master
- database
- dashboard
platform: el-6-x86_64
box : centos-64-x64-vbox4210-nocm
box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box
hypervisor : vagrant
CONFIG:
type: pe

10
modules/concat/spec/acceptance/nodesets/centos-64-x64.yml Normal file
View File

@ -0,0 +1,10 @@
HOSTS:
centos-64-x64:
roles:
- master
platform: el-6-x86_64
box : centos-64-x64-vbox4210-nocm
box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box
hypervisor : vagrant
CONFIG:
type: git

10
modules/concat/spec/acceptance/nodesets/debian-607-x64.yml Normal file
View File

@ -0,0 +1,10 @@
HOSTS:
debian-607-x64:
roles:
- master
platform: debian-6-amd64
box : debian-607-x64-vbox4210-nocm
box_url : http://puppet-vagrant-boxes.puppetlabs.com/debian-607-x64-vbox4210-nocm.box
hypervisor : vagrant
CONFIG:
type: git

10
modules/concat/spec/acceptance/nodesets/debian-70rc1-x64.yml Normal file
View File

@ -0,0 +1,10 @@
HOSTS:
debian-70rc1-x64:
roles:
- master
platform: debian-7-amd64
box : debian-70rc1-x64-vbox4210-nocm
box_url : http://puppet-vagrant-boxes.puppetlabs.com/debian-70rc1-x64-vbox4210-nocm.box
hypervisor : vagrant
CONFIG:
type: git

10
modules/concat/spec/acceptance/nodesets/default.yml Normal file
View File

@ -0,0 +1,10 @@
HOSTS:
centos-64-x64:
roles:
- master
platform: el-6-x86_64
box : centos-64-x64-vbox4210-nocm
box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box
hypervisor : vagrant
CONFIG:
type: git

10
modules/concat/spec/acceptance/nodesets/fedora-18-x64.yml Normal file
View File

@ -0,0 +1,10 @@
HOSTS:
fedora-18-x64:
roles:
- master
platform: fedora-18-x86_64
box : fedora-18-x64-vbox4210-nocm
box_url : http://puppet-vagrant-boxes.puppetlabs.com/fedora-18-x64-vbox4210-nocm.box
hypervisor : vagrant
CONFIG:
type: git

10
modules/concat/spec/acceptance/nodesets/sles-11sp1-x64.yml Normal file
View File

@ -0,0 +1,10 @@
HOSTS:
sles-11sp1-x64:
roles:
- master
platform: sles-11-x86_64
box : sles-11sp1-x64-vbox4210-nocm
box_url : http://puppet-vagrant-boxes.puppetlabs.com/sles-11sp1-x64-vbox4210-nocm.box
hypervisor : vagrant
CONFIG:
type: git

10
modules/concat/spec/acceptance/nodesets/ubuntu-server-10044-x64.yml Normal file
View File

@ -0,0 +1,10 @@
HOSTS:
ubuntu-server-10044-x64:
roles:
- master
platform: ubuntu-10.04-amd64
box : ubuntu-server-10044-x64-vbox4210-nocm
box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-10044-x64-vbox4210-nocm.box
hypervisor : vagrant
CONFIG:
type: git

10
modules/concat/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml Normal file
View File

@ -0,0 +1,10 @@
HOSTS:
ubuntu-server-12042-x64:
roles:
- master
platform: ubuntu-12.04-amd64
box : ubuntu-server-12042-x64-vbox4210-nocm
box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-12042-x64-vbox4210-nocm.box
hypervisor : vagrant
CONFIG:
type: git

155
modules/concat/spec/acceptance/order_spec.rb Normal file
View File

@ -0,0 +1,155 @@
require 'spec_helper_acceptance'
describe 'concat order', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
basedir = default.tmpdir('concat')
before(:all) do
shell("rm -rf #{basedir} #{default.puppet['vardir']}/concat")
shell("mkdir -p #{basedir}")
end
context '=> alpha' do
pp = <<-EOS
include concat::setup
concat { '#{basedir}/foo':
order => 'alpha'
}
concat::fragment { '1':
target => '#{basedir}/foo',
content => 'string1',
}
concat::fragment { '2':
target => '#{basedir}/foo',
content => 'string2',
}
concat::fragment { '10':
target => '#{basedir}/foo',
content => 'string10',
}
EOS
it 'applies the manifest twice with no stderr' do
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
end
describe file("#{basedir}/foo") do
it { should be_file }
#XXX Solaris 10 doesn't support multi-line grep
it("should contain string10\nstring1\nsring2", :unless => (fact('osfamily') == 'Solaris' or UNSUPPORTED_PLATFORMS.include?(fact('osfamily')))) {
should contain "string10\nstring1\nsring2"
}
end
end
context '=> numeric' do
pp = <<-EOS
include concat::setup
concat { '#{basedir}/foo':
order => 'numeric'
}
concat::fragment { '1':
target => '#{basedir}/foo',
content => 'string1',
}
concat::fragment { '2':
target => '#{basedir}/foo',
content => 'string2',
}
concat::fragment { '10':
target => '#{basedir}/foo',
content => 'string10',
}
EOS
it 'applies the manifest twice with no stderr' do
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
end
describe file("#{basedir}/foo") do
it { should be_file }
#XXX Solaris 10 doesn't support multi-line grep
it("should contain string1\nstring2\nsring10", :unless => (fact('osfamily') == 'Solaris' or UNSUPPORTED_PLATFORMS.include?(fact('osfamily')))) {
should contain "string1\nstring2\nsring10"
}
end
end
end # concat order
describe 'concat::fragment order', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
basedir = default.tmpdir('concat')
before(:all) do
shell("rm -rf #{basedir} #{default.puppet['vardir']}/concat")
shell("mkdir -p #{basedir}")
end
context '=> reverse order' do
pp = <<-EOS
include concat::setup
concat { '#{basedir}/foo': }
concat::fragment { '1':
target => '#{basedir}/foo',
content => 'string1',
order => '15',
}
concat::fragment { '2':
target => '#{basedir}/foo',
content => 'string2',
# default order 10
}
concat::fragment { '3':
target => '#{basedir}/foo',
content => 'string3',
order => '1',
}
EOS
it 'applies the manifest twice with no stderr' do
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
end
describe file("#{basedir}/foo") do
it { should be_file }
#XXX Solaris 10 doesn't support multi-line grep
it("should contain string3\nstring2\nsring1", :unless => (fact('osfamily') == 'Solaris' or UNSUPPORTED_PLATFORMS.include?(fact('osfamily')))) {
should contain "string3\nstring2\nsring1"
}
end
end
context '=> normal order' do
pp = <<-EOS
include concat::setup
concat { '#{basedir}/foo': }
concat::fragment { '1':
target => '#{basedir}/foo',
content => 'string1',
order => '01',
}
concat::fragment { '2':
target => '#{basedir}/foo',
content => 'string2',
order => '02'
}
concat::fragment { '3':
target => '#{basedir}/foo',
content => 'string3',
order => '03',
}
EOS
it 'applies the manifest twice with no stderr' do
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
end
describe file("#{basedir}/foo") do
it { should be_file }
#XXX Solaris 10 doesn't support multi-line grep
it("should contain string1\nstring2\nsring3", :unless => (fact('osfamily') == 'Solaris' or UNSUPPORTED_PLATFORMS.include?(fact('osfamily')))) {
should contain "string1\nstring2\nsring3"
}
end
end
end # concat::fragment order

249
modules/concat/spec/acceptance/replace_spec.rb Normal file
View File

@ -0,0 +1,249 @@
require 'spec_helper_acceptance'
describe 'replacement of', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
basedir = default.tmpdir('concat')
context 'file' do
context 'should not succeed' do
before(:all) do
shell("mkdir -p #{basedir}")
shell("echo 'file exists' > #{basedir}/file")
end
after(:all) do
shell("rm -rf #{basedir} #{default.puppet['vardir']}/concat")
end
pp = <<-EOS
include concat::setup
concat { '#{basedir}/file':
replace => false,
}
concat::fragment { '1':
target => '#{basedir}/file',
content => '1',
}
concat::fragment { '2':
target => '#{basedir}/file',
content => '2',
}
EOS
it 'applies the manifest twice with no stderr' do
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
end
describe file("#{basedir}/file") do
it { should be_file }
it { should contain 'file exists' }
it { should_not contain '1' }
it { should_not contain '2' }
end
end
context 'should succeed' do
before(:all) do
shell("mkdir -p #{basedir}")
shell("echo 'file exists' > #{basedir}/file")
end
after(:all) do
shell("rm -rf #{basedir} #{default.puppet['vardir']}/concat")
end
pp = <<-EOS
include concat::setup
concat { '#{basedir}/file':
replace => true,
}
concat::fragment { '1':
target => '#{basedir}/file',
content => '1',
}
concat::fragment { '2':
target => '#{basedir}/file',
content => '2',
}
EOS
it 'applies the manifest twice with no stderr' do
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
end
describe file("#{basedir}/file") do
it { should be_file }
it { should_not contain 'file exists' }
it { should contain '1' }
it { should contain '2' }
end
end
end # file
context 'symlink' do
context 'should not succeed' do
# XXX the core puppet file type will replace a symlink with a plain file
# when using ensure => present and source => ... but it will not when using
# ensure => present and content => ...; this is somewhat confusing behavior
before(:all) do
shell("mkdir -p #{basedir}")
shell("ln -s #{basedir}/dangling #{basedir}/file")
end
after(:all) do
shell("rm -rf #{basedir} #{default.puppet['vardir']}/concat")
end
pp = <<-EOS
include concat::setup
concat { '#{basedir}/file':
replace => false,
}
concat::fragment { '1':
target => '#{basedir}/file',
content => '1',
}
concat::fragment { '2':
target => '#{basedir}/file',
content => '2',
}
EOS
it 'applies the manifest twice with no stderr' do
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
end
# XXX specinfra doesn't support be_linked_to on AIX
describe file("#{basedir}/file"), :unless => (fact("osfamily") == "AIX" or UNSUPPORTED_PLATFORMS.include?(fact('osfamily'))) do
it { should be_linked_to "#{basedir}/dangling" }
end
describe file("#{basedir}/dangling") do
# XXX serverspec does not have a matcher for 'exists'
it { should_not be_file }
it { should_not be_directory }
end
end
context 'should succeed' do
# XXX the core puppet file type will replace a symlink with a plain file
# when using ensure => present and source => ... but it will not when using
# ensure => present and content => ...; this is somewhat confusing behavior
before(:all) do
shell("mkdir -p #{basedir}")
shell("ln -s #{basedir}/dangling #{basedir}/file")
end
after(:all) do
shell("rm -rf #{basedir} #{default.puppet['vardir']}/concat")
end
pp = <<-EOS
include concat::setup
concat { '#{basedir}/file':
replace => true,
}
concat::fragment { '1':
target => '#{basedir}/file',
content => '1',
}
concat::fragment { '2':
target => '#{basedir}/file',
content => '2',
}
EOS
it 'applies the manifest twice with no stderr' do
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
end
describe file("#{basedir}/file") do
it { should be_file }
it { should contain '1' }
it { should contain '2' }
end
end
end # symlink
context 'directory' do
context 'should not succeed' do
before(:all) do
shell("mkdir -p #{basedir}/file")
end
after(:all) do
shell("rm -rf #{basedir} #{default.puppet['vardir']}/concat")
end
pp = <<-EOS
include concat::setup
concat { '#{basedir}/file': }
concat::fragment { '1':
target => '#{basedir}/file',
content => '1',
}
concat::fragment { '2':
target => '#{basedir}/file',
content => '2',
}
EOS
it 'applies the manifest twice with stderr for changing to file' do
expect(apply_manifest(pp, :expect_failures => true).stderr).to match(/change from directory to file failed/)
expect(apply_manifest(pp, :expect_failures => true).stderr).to match(/change from directory to file failed/)
end
describe file("#{basedir}/file") do
it { should be_directory }
end
end
# XXX concat's force param currently enables the creation of empty files
# when there are no fragments, and the replace param will only replace
# files and symlinks, not directories. The semantics either need to be
# changed, extended, or a new param introduced to control directory
# replacement.
context 'should succeed', :pending => 'not yet implemented' do
before(:all) do
shell("mkdir -p #{basedir}/file")
end
after(:all) do
shell("rm -rf #{basedir} #{default.puppet['vardir']}/concat")
end
pp = <<-EOS
include concat::setup
concat { '#{basedir}/file':
force => true,
}
concat::fragment { '1':
target => '#{basedir}/file',
content => '1',
}
concat::fragment { '2':
target => '#{basedir}/file',
content => '2',
}
EOS
it 'applies the manifest twice with no stderr' do
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
end
describe file("#{basedir}/file") do
it { should be_file }
it { should contain '1' }
end
end
end # directory
end

34
modules/concat/spec/acceptance/symbolic_name_spec.rb Normal file
View File

@ -0,0 +1,34 @@
require 'spec_helper_acceptance'
describe 'symbolic name', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
basedir = default.tmpdir('concat')
pp = <<-EOS
include concat::setup
concat { 'not_abs_path':
path => '#{basedir}/file',
}
concat::fragment { '1':
target => 'not_abs_path',
content => '1',
order => '01',
}
concat::fragment { '2':
target => 'not_abs_path',
content => '2',
order => '02',
}
EOS
it 'applies the manifest twice with no stderr' do
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
end
describe file("#{basedir}/file") do
it { should be_file }
it { should contain '1' }
it { should contain '2' }
end
end

18
modules/concat/spec/acceptance/unsupported_spec.rb Normal file
View File

@ -0,0 +1,18 @@
require 'spec_helper_acceptance'
describe 'unsupported distributions and OSes', :if => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
basedir = default.tmpdir('concat')
it 'should fail' do
pp = <<-EOS
include concat::setup
concat { '#{basedir}/file':
backup => 'puppet',
}
concat::fragment { 'new file':
target => '#{basedir}/file',
content => 'new contents',
}
EOS
expect(apply_manifest(pp, :expect_failures => true).stderr).to match(/unsupported/i)
end
end

101
modules/concat/spec/acceptance/warn_spec.rb Normal file
View File

@ -0,0 +1,101 @@
require 'spec_helper_acceptance'
describe 'concat warn =>', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
basedir = default.tmpdir('concat')
context 'true should enable default warning message' do
pp = <<-EOS
include concat::setup
concat { '#{basedir}/file':
warn => true,
}
concat::fragment { '1':
target => '#{basedir}/file',
content => '1',
order => '01',
}
concat::fragment { '2':
target => '#{basedir}/file',
content => '2',
order => '02',
}
EOS
it 'applies the manifest twice with no stderr' do
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
end
describe file("#{basedir}/file") do
it { should be_file }
it { should contain '# This file is managed by Puppet. DO NOT EDIT.' }
it { should contain '1' }
it { should contain '2' }
end
end
context 'false should not enable default warning message' do
pp = <<-EOS
include concat::setup
concat { '#{basedir}/file':
warn => false,
}
concat::fragment { '1':
target => '#{basedir}/file',
content => '1',
order => '01',
}
concat::fragment { '2':
target => '#{basedir}/file',
content => '2',
order => '02',
}
EOS
it 'applies the manifest twice with no stderr' do
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
end
describe file("#{basedir}/file") do
it { should be_file }
it { should_not contain '# This file is managed by Puppet. DO NOT EDIT.' }
it { should contain '1' }
it { should contain '2' }
end
end
context '# foo should overide default warning message' do
pp = <<-EOS
include concat::setup
concat { '#{basedir}/file':
warn => '# foo',
}
concat::fragment { '1':
target => '#{basedir}/file',
content => '1',
order => '01',
}
concat::fragment { '2':
target => '#{basedir}/file',
content => '2',
order => '02',
}
EOS
it 'applies the manifest twice with no stderr' do
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
end
describe file("#{basedir}/file") do
it { should be_file }
it { should contain '# foo' }
it { should contain '1' }
it { should contain '2' }
end
end
end

115
modules/concat/spec/defines/init_spec.rb Normal file
View File

@ -0,0 +1,115 @@
require 'spec_helper'
describe 'concat' do
basedir = '/var/lib/puppet/concat'
let(:title) { '/etc/foo.bar' }
let(:facts) { {
:concat_basedir => '/var/lib/puppet/concat',
:id => 'root',
} }
let :pre_condition do
'include concat::setup'
end
directories = [
"#{basedir}/_etc_foo.bar",
"#{basedir}/_etc_foo.bar/fragments",
]
directories.each do |dirs|
it do
should contain_file(dirs).with({
'ensure' => 'directory',
'backup' => 'puppet',
'group' => 0,
'mode' => '0644',
'owner' => 'root',
})
end
end
files = [
"/etc/foo.bar",
"#{basedir}/_etc_foo.bar/fragments.concat",
]
files.each do |file|
it do
should contain_file(file).with({
'ensure' => 'present',
'backup' => 'puppet',
'group' => 0,
'mode' => '0644',
'owner' => 'root',
})
end
end
it do
should contain_exec("concat_/etc/foo.bar").with_command(
"#{basedir}/bin/concatfragments.sh " +
"-o #{basedir}/_etc_foo.bar/fragments.concat.out " +
"-d #{basedir}/_etc_foo.bar "
)
end
end
describe 'concat' do
basedir = '/var/lib/puppet/concat'
let(:title) { 'foobar' }
let(:target) { '/etc/foo.bar' }
let(:facts) { {
:concat_basedir => '/var/lib/puppet/concat',
:id => 'root',
} }
let :pre_condition do
'include concat::setup'
end
directories = [
"#{basedir}/foobar",
"#{basedir}/foobar/fragments",
]
directories.each do |dirs|
it do
should contain_file(dirs).with({
'ensure' => 'directory',
'backup' => 'puppet',
'group' => 0,
'mode' => '0644',
'owner' => 'root',
})
end
end
files = [
"foobar",
"#{basedir}/foobar/fragments.concat",
]
files.each do |file|
it do
should contain_file(file).with({
'ensure' => 'present',
'backup' => 'puppet',
'group' => 0,
'mode' => '0644',
'owner' => 'root',
})
end
end
it do
should contain_exec("concat_foobar").with_command(
"#{basedir}/bin/concatfragments.sh " +
"-o #{basedir}/foobar/fragments.concat.out " +
"-d #{basedir}/foobar "
)
end
end
# vim:sw=2:ts=2:expandtab:textwidth=79

1
modules/concat/spec/spec_helper.rb Normal file
View File

@ -0,0 +1 @@
require 'puppetlabs_spec_helper/module_spec_helper'

46
modules/concat/spec/spec_helper_acceptance.rb Normal file
View File

@ -0,0 +1,46 @@
require 'beaker-rspec/spec_helper'
require 'beaker-rspec/helpers/serverspec'
unless ENV['RS_PROVISION'] == 'no'
hosts.each do |host|
if host['platform'] =~ /debian/
on host, 'echo \'export PATH=/var/lib/gems/1.8/bin/:${PATH}\' >> ~/.bashrc'
end
if host.is_pe?
install_pe
else
# Install Puppet
install_package host, 'rubygems'
on host, 'gem install puppet --no-ri --no-rdoc'
on host, "mkdir -p #{host['distmoduledir']}"
end
end
end
UNSUPPORTED_PLATFORMS = ['windows']
RSpec.configure do |c|
# Project root
proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..'))
# Readable test descriptions
c.formatter = :documentation
# Configure all nodes in nodeset
c.before :suite do
# Install module and dependencies
puppet_module_install(:source => proj_root, :module_name => 'concat')
hosts.each do |host|
on host, puppet('module','install','puppetlabs-stdlib'), { :acceptable_exit_codes => [0,1] }
end
end
c.before(:all) do
shell('mkdir -p /tmp/concat')
end
c.after(:all) do
shell("rm -rf /tmp/concat #{default.puppet['vardir']}/concat")
end
c.treat_symbols_as_metadata_keys_with_true_values = true
end

25
modules/concat/spec/spec_helper_system.rb Normal file
View File

@ -0,0 +1,25 @@
require 'rspec-system/spec_helper'
require 'rspec-system-puppet/helpers'
require 'rspec-system-serverspec/helpers'
include Serverspec::Helper::RSpecSystem
include Serverspec::Helper::DetectOS
include RSpecSystemPuppet::Helpers
RSpec.configure do |c|
# Project root
proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..'))
# Enable colour
c.tty = true
c.include RSpecSystemPuppet::Helpers
# This is where we 'setup' the nodes before running our tests
c.before :suite do
# Install puppet
puppet_install
# Install modules and dependencies
puppet_module_install(:source => proj_root, :module_name => 'concat')
end
end

13
modules/concat/spec/system/basic_spec.rb Normal file
View File

@ -0,0 +1,13 @@
require 'spec_helper_system'
# Here we put the more basic fundamental tests, ultra obvious stuff.
describe "basic tests:" do
context 'make sure we have copied the module across' do
# No point diagnosing any more if the module wasn't copied properly
context shell 'ls /etc/puppet/modules/concat' do
its(:stdout) { should =~ /Modulefile/ }
its(:stderr) { should be_empty }
its(:exit_code) { should be_zero }
end
end
end

55
modules/concat/spec/system/concat_spec.rb Normal file
View File

@ -0,0 +1,55 @@
require 'spec_helper_system'
describe 'basic concat test' do
context 'should run successfully' do
pp="
concat { '/tmp/file':
owner => root,
group => root,
mode => '0644',
}
concat::fragment { '1':
target => '/tmp/file',
content => '1',
order => '01',
}
concat::fragment { '2':
target => '/tmp/file',
content => '2',
order => '02',
}
"
context puppet_apply(pp) do
its(:stderr) { should be_empty }
its(:exit_code) { should_not == 1 }
its(:refresh) { should be_nil }
its(:stderr) { should be_empty }
its(:exit_code) { should be_zero }
end
describe file('/tmp/file') do
it { should be_file }
it { should contain '1' }
it { should contain '2' }
end
# Test that all the relevant bits exist on disk after it
# concats.
describe file('/var/lib/puppet/concat') do
it { should be_directory }
end
describe file('/var/lib/puppet/concat/_tmp_file') do
it { should be_directory }
end
describe file('/var/lib/puppet/concat/_tmp_file/fragments') do
it { should be_directory }
end
describe file('/var/lib/puppet/concat/_tmp_file/fragments.concat') do
it { should be_file }
end
end
end

27
modules/concat/spec/system/empty_spec.rb Normal file
View File

@ -0,0 +1,27 @@
require 'spec_helper_system'
describe 'basic concat test' do
context 'should run successfully' do
pp="
concat { '/tmp/file':
owner => root,
group => root,
mode => '0644',
force => true,
}
"
context puppet_apply(pp) do
its(:stderr) { should be_empty }
its(:exit_code) { should_not == 1 }
its(:refresh) { should be_nil }
its(:stderr) { should be_empty }
its(:exit_code) { should be_zero }
end
describe file('/tmp/file') do
it { should be_file }
it { should_not contain '1\n2' }
end
end
end

37
modules/concat/spec/system/replace_spec.rb Normal file
View File

@ -0,0 +1,37 @@
require 'spec_helper_system'
describe 'file should not replace' do
shell('echo "file exists" >> /tmp/file')
context 'should fail' do
pp="
concat { '/tmp/file':
owner => root,
group => root,
mode => '0644',
replace => false,
}
concat::fragment { '1':
target => '/tmp/file',
content => '1',
order => '01',
}
concat::fragment { '2':
target => '/tmp/file',
content => '2',
order => '02',
}
"
context puppet_apply(pp) do
its(:stderr) { should be_empty }
its(:exit_code) { should_not == 1 }
its(:refresh) { should be_nil }
its(:stderr) { should be_empty }
its(:exit_code) { should be_zero }
end
end
end

41
modules/concat/spec/system/warn_spec.rb Normal file
View File

@ -0,0 +1,41 @@
require 'spec_helper_system'
describe 'basic concat test' do
context 'should run successfully' do
pp="
concat { '/tmp/file':
owner => root,
group => root,
mode => '0644',
warn => true,
}
concat::fragment { '1':
target => '/tmp/file',
content => '1',
order => '01',
}
concat::fragment { '2':
target => '/tmp/file',
content => '2',
order => '02',
}
"
context puppet_apply(pp) do
its(:stderr) { should be_empty }
its(:exit_code) { should_not == 1 }
its(:refresh) { should be_nil }
its(:stderr) { should be_empty }
its(:exit_code) { should be_zero }
end
describe file('/tmp/file') do
it { should be_file }
it { should contain '# This file is managed by Puppet. DO NOT EDIT.' }
it { should contain '1' }
it { should contain '2' }
end
end
end

33
modules/customfact/lib/facter/customfact.rb Normal file
View File

@ -0,0 +1,33 @@
Facter.add("asf_osrelease") do
setcode do
Facter::Util::Resolution.exec('facter operatingsystemrelease | perl -pe s/[[:punct:]]//g | sed -e "s/\(.*\)/\L\1/"')
end
end
Facter.add("asf_osname") do
setcode do
Facter::Util::Resolution.exec('facter operatingsystem | sed -e "s/\(.*\)/\L\1/"')
end
end
Facter.add("asf_colo") do
setcode do
ipadd = Facter.value('ipaddress')
case ipadd
when /^140.211.11.([0-9]+)$/
"osuosl"
when /^192.87.106.([0-9]+)$/
"sara"
when /^160.45.251.([0-9]+)$/
"fub"
when /^9.9.9.([0-9]+)$/
"rackspace"
when /^67.195.81..([0-9]+)$/
"yahoo"
else
'No Colo could be automatically determined'
end
end
end

7
modules/customfact/manifests/init.pp Normal file
View File

@ -0,0 +1,7 @@
## This module uses some ruby, in modules/customfact/lib/facter/customfact.rb
## to create a custom fact, so can be used in our modules.
class customfact (
)
{}

9
modules/dnsclient/data/common.yaml Normal file
View File

@ -0,0 +1,9 @@
---
dnsclient::nameservers:
- '140.211.166.130'
- '140.211.166.131'
dnsclient::searchorder: 'apache.org'

4
modules/dnsclient/data/freebsd/100release.yaml Normal file
View File

@ -0,0 +1,4 @@
---
dnsclient::packages:
- 'bind-tools'

7
modules/dnsclient/data/hiera.yaml Normal file
View File

@ -0,0 +1,7 @@
---
:hierarchy:
- "%{asf_osname}/%{asf_osrelease}"
- "common"
:yaml:
:datadir: .

4
modules/dnsclient/data/ubuntu/1404.yaml Normal file
View File

@ -0,0 +1,4 @@
---
dnsclient::packages:
- 'dnsutils'

21
modules/dnsclient/manifests/init.pp Normal file
View File

@ -0,0 +1,21 @@
#/etc/puppet/modules/dnsclient/manifests/init.pp
class dnsclient (
$nameserver1 = '',
$nameserver2 = '',
$nameserver3 = '',
$packages = [],
$pkgprovider = '',
$resolvtemplate = '',
$searchorder = '',
) {
package { $packages:
ensure => installed,
}
file {
'/etc/resolv.conf':
content => template('dnsclient/resolv.conf.erb');
}
}

10
modules/dnsclient/templates/resolv.conf.erb Normal file
View File

@ -0,0 +1,10 @@
## This file is a puppet managed file. All local changes will be lost
## This file is dervied from a puppet template,
## modules/dnsclient/templates/etc/resolv.conf.erb
search <%= @searchorder %>
nameserver <%= @nameserver1 %>
nameserver <%= @nameserver2 %>
nameserver <%= @nameserver3 %>

3
modules/ldapclient/data/common.yaml Normal file
View File

@ -0,0 +1,3 @@
---
classes: ['']

11
modules/ldapclient/data/freebsd/100release.yaml Normal file
View File

@ -0,0 +1,11 @@
---
ldapclient::ldapclient_packages:
- 'openldap-client'
- 'nss_ldap'
- 'pam_ldap'
- 'pam_mkhomedir'
ldapclient:tlscertpath: '/usr/local/etc/openldap/cacerts/cacert.pem'
ldapclient:pamhostcheck: 'yes'
ldapclient:bashpath: '/usr/local/bin/bash'

8
modules/ldapclient/data/hiera.yaml Normal file
View File

@ -0,0 +1,8 @@
---
:hierarchy:
- "%{clientcert}"
- "%{asf_osname}/%{asf_osrelease}"
- "common"
:yaml:
:datadir: .

3
modules/ldapclient/data/minotaur.apache.org.yaml Normal file
View File

@ -0,0 +1,3 @@
---
ldapclient:pamhostcheck: 'no'

11
modules/ldapclient/data/ubuntu/1404.yaml Normal file
View File

@ -0,0 +1,11 @@
---
ldapclient::ldapclient_packages:
- 'ldap-utils'
- 'libnss-ldap'
- 'libpam-ldap'
ldapclient::install::ubuntu::1404::tlscertpath: '/etc/ldap/cacert.pem'
ldapclient::install::ubuntu::1404::pamhostcheck: 'yes'
ldapclient::install::ubuntu::1404:::bashpath: '/bin/bash'

20
modules/ldapclient/files/etc/nsswitch.conf Normal file
View File

@ -0,0 +1,20 @@
## This file is a puppet managed file. All local changes will be lost.
## This file is dervied from a puppet file,
## modules/ldapclient/files/etc/nsswitch.conf
#
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: release/10.0.0/etc/nsswitch.conf 224765 2011-08-10 20:52:02Z dougb $
group: cache files ldap
group_compat: nis
hosts: files dns
networks: files
passwd: cache files ldap
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files#

0
modules/ldapclient/files/ldap-client.pem Normal file
View File

23
modules/ldapclient/files/usr/local/etc/openldap/cert.pem Normal file
View File

@ -0,0 +1,23 @@
-----BEGIN CERTIFICATE-----
MIIDzzCCAregAwIBAgIQTPLMa4HX+rhAHrwBhA3CEDANBgkqhkiG9w0BAQUFADB6
MRIwEAYKCZImiZPyLGQBGRYCdWsxEjAQBgoJkiaJk/IsZAEZFgJhYzETMBEGCgmS
JomT8ixkARkWA2NhbTETMBEGCgmSJomT8ixkARkWA2xpYjESMBAGCgmSJomT8ixk
ARkWAmFkMRIwEAYDVQQDEwlBRERDMDEtQ0EwHhcNMTQwMTIxMTc1NDAyWhcNMTkw
MTIxMTgwNDAyWjB6MRIwEAYKCZImiZPyLGQBGRYCdWsxEjAQBgoJkiaJk/IsZAEZ
FgJhYzETMBEGCgmSJomT8ixkARkWA2NhbTETMBEGCgmSJomT8ixkARkWA2xpYjES
MBAGCgmSJomT8ixkARkWAmFkMRIwEAYDVQQDEwlBRERDMDEtQ0EwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqcxtQtSO0CVT9s+1dlalHtwU4lwjzI8+Z
qs0XYdccLUcvpBVfz+Fj5QUPSEoYM2VlyOMWQY53EGEI5c+HrgExVOE/0JGZ/2AN
UD1DyAMR1nSWGACPeAlYlG4bSdZxteXBKLrnGs2ohkxEcy7Zs2o05Bfd7wUbtAp+
GnYNYTiRqZNAkyQKIdQEkCAkByg5sL2qnJElSn7bHgIWecW0kmFoB8ijRsHJKidJ
EgTbOgAMDJsDMMYnF+jpmOnMlMYomMJyLjdrp5iDnfhSAAVkpVfCyy8CUPMVT7GS
k5+1OF79tIavYGdCiKvXLvr5IuoeGky08/w5HlX5HKSepSuLsnPbAgMBAAGjUTBP
MAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQiNqTglXb3
bQRcqwXYXJVOIPwY6TAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQUFAAOC
AQEABXj26bZec60rJ/0p/zVuWRIUTHtiSoU2itli90Sp9eoBS3ciY9nmxvZqw01t
+zQE7eePlT3yETWAsgwQJG04MF8gH/3PHUBPRVNawB4mokhLg57pfodVBMQtFqhb
8w/Nd5rp3Q9V9m2cuLKs8IGIs+3x/XI2nkKSXDMgbOTkNZDwxivNrbVO4adCR7Vi
3DAyGWZuLMkh0KudVYRfiQSOAce5oAZnhgAGBpqCsVVlPZpUcYnEALbR6C8kV01I
XGkxrZJEGQrr8G9yQaeOCqKbCEinauIZ95+W8gQHISp3wUzQY3wOWW80AmMQ8vb/
pkZYwN0v22WKtm89gwHEl+HFTA==
-----END CERTIFICATE-----

19
modules/ldapclient/manifests/init.pp Normal file
View File

@ -0,0 +1,19 @@
#/etc/puppet/modules/ldapclient/manifests/init.pp
class ldapclient (
$ldapclient_packages = [],
$pkgprovider = '',
$bashpath = '',
$ldapcert = '',
) {
package { $ldapclient_packages:
ensure => installed,
}
class { "ldapclient::install::${asf_osname}::${asf_osrelease}":
ldapcert => $ldapcert,
}
}

27
modules/ldapclient/manifests/install/freebsd/100release.pp Normal file
View File

@ -0,0 +1,27 @@
class ldapclient::FreeBSD::10.0-RELEASE (
) {
file {
'/usr/local/etc/openldap/ldap.conf':
content => template('/usr/local/etc/puppet/modules/ldapclient/templates/openldap_ldap.conf.erb');
'/usr/local/etc/ldap.conf':
content => template('/usr/local/etc/puppet/modules/ldapclient/templates/ldap.conf.erb');
'/usr/local/etc/nss_ldap.conf':
ensure => link,
target => '/usr/local/etc/ldap.conf',
require => File['/usr/local/etc/ldap.conf'];
'/etc/nsswitch.conf':
source => 'puppet:///modules/ldapclient/etc/nsswitch.conf',
require => File['/usr/local/etc/ldap.conf'];
'/usr/local/etc/openldap/cacerts':
ensure => directory,
mode => 755;
'/usr/local/etc/openldap/cacerts/ldap-client.pem':
source => 'puppet:///modules/ldapclient/etc/ldap-client.pem',
require => File['/etc/ldap/cacerts'];
}
}

27
modules/ldapclient/manifests/install/ubuntu/1404.pp Normal file
View File

@ -0,0 +1,27 @@
class ldapclient::install::ubuntu::1404 (
$ldapcert = '',
$pamhostcheck = '',
$tlscertpath = '',
) {
file {
'/etc/ldap.conf':
content => template('/usr/local/etc/puppet/modules/ldapclient/templates/ldap.conf.erb');
'/usr/local/etc/nss_ldap.conf':
ensure => link,
target => '/usr/local/etc/ldap.conf',
require => File['/etc/ldap.conf'];
'/etc/nsswitch.conf':
source => 'puppet:///modules/ldapclient/etc/nsswitch.conf',
require => File['/etc/ldap.conf'];
'/etc/ldap/cacerts':
ensure => directory,
mode => 755;
'/etc/ldap/cacerts/ldap-client.pem':
content => $ldapcert,
require => File['/etc/ldap/cacerts'];
}
}

293
modules/ldapclient/templates/ldap.conf.erb Normal file
View File

@ -0,0 +1,293 @@
## This file is a puppet managed file. All local changes will be lost
## This file is dervied from a puppet template,
## modules/ldapclient/templates/usr/local/etc/openldap/ldap.conf.erb
# The distinguished name of the search base.
base dc=apache,dc=org
# Another way to specify your LDAP server is to provide an
# uri with the server name. This allows to use
# Unix Domain Sockets to connect to a local LDAP Server.
uri ldaps://minotaur.apache.org:636 ldaps://eris.apache.org:636 ldaps://harmonia.apache.org:636
# The LDAP version to use (defaults to 3
# if supported by client library)
ldap_version 3
# Path to ASF wide LDAP certificate
TLS_CACERT <%= tlscertpath %>
# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
binddn cn=nss_ldap,ou=users,ou=services,dc=apache,dc=org
# The credentials to bind with.
# Optional: default is no credential.
bindpw b1t3m3
# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/ldap.secret (mode 600)
rootbinddn cn=root,dc=apache,dc=org
# The port.
# Optional: default is 389.
#port 389
# The search scope.
scope sub
#scope one
#scope base
# Search timelimit
timelimit 5
# Bind/connect timelimit
bind_timelimit 3
# Reconnect policy: hard (default) will retry connecting to
# the software with exponential backoff, soft will fail
# immediately.
bind_policy soft
## Check if the account has been banned. If so the filter will prevent them
## from being listed as a valid POSIX account.
pam_filter !(asf-banned=yes)
# The user ID attribute (defaults to uid)
pam_login_attribute uid
# Search the root DSE for the password policy (works
# with Netscape Directory Server)
#pam_lookup_policy yes
# Check the 'host' attribute for access control
# Default is no; if set to yes, and user has no
# value for the host attribute, and pam_ldap is
# configured for account management (authorization)
# then the user will not be allowed to login.
#pam_check_host_attr <%= pamhostcheck %>
# Check the 'authorizedService' attribute for access
# control
# Default is no; if set to yes, and the user has no
# value for the authorizedService attribute, and
# pam_ldap is configured for account management
# (authorization) then the user will not be allowed
# to login.
#pam_check_service_attr yes
# Group to enforce membership of
#pam_groupdn cn=PAM,ou=Groups,dc=padl,dc=com
# Group member attribute
#pam_member_attribute uniquemember
# Specify a minium or maximum UID number allowed
#pam_min_uid 0
#pam_max_uid 0
# Template login attribute, default template user
# (can be overriden by value of former attribute
# in user's entry)
#pam_login_attribute userPrincipalName
#pam_template_login_attribute uid
#pam_template_login nobody
# HEADS UP: the pam_crypt, pam_nds_passwd,
# and pam_ad_passwd options are no
# longer supported.
#
# Do not hash the password at all; presume
# the directory server will do it, if
# necessary. This is the default.
#pam_password clear
# Hash password locally; required for University of
# Michigan LDAP server, and works with Netscape
# Directory Server if you're using the UNIX-Crypt
# hash mechanism and not using the NT Synchronization
# service.
#pam_password crypt
# Remove old password first, then update in
# cleartext. Necessary for use with Novell
# Directory Services (NDS)
#pam_password clear_remove_old
#pam_password nds
# RACF is an alias for the above. For use with
# IBM RACF
#pam_password racf
# Update Active Directory password, by
# creating Unicode password and updating
# unicodePwd attribute.
#pam_password ad
# Use the OpenLDAP password change
# extended operation to update the password.
#pam_password exop
# Redirect users to a URL or somesuch on password
# changes.
#pam_password_prohibit_message Please visit http://internal to change your password.
# RFC2307bis naming contexts
# Syntax:
# nss_base_XXX base?scope?filter
# where scope is {base,one,sub}
# and filter is a filter to be &'d with the
# default filter.
# You can omit the suffix eg:
# nss_base_passwd ou=People,
# to append the default base DN but this
# may incur a small performance impact.
nss_base_passwd dc=apache,dc=org?sub
nss_base_shadow dc=apache,dc=org?sub
nss_base_group dc=apache,dc=org?sub
#nss_base_passwd ou=People,dc=padl,dc=com?one
#nss_base_shadow ou=People,dc=padl,dc=com?one
#nss_base_group ou=Group,dc=padl,dc=com?one
#nss_base_hosts ou=Hosts,dc=padl,dc=com?one
#nss_base_services ou=Services,dc=padl,dc=com?one
#nss_base_networks ou=Networks,dc=padl,dc=com?one
#nss_base_protocols ou=Protocols,dc=padl,dc=com?one
#nss_base_rpc ou=Rpc,dc=padl,dc=com?one
#nss_base_ethers ou=Ethers,dc=padl,dc=com?one
#nss_base_netmasks ou=Networks,dc=padl,dc=com?ne
#nss_base_bootparams ou=Ethers,dc=padl,dc=com?one
#nss_base_aliases ou=Aliases,dc=padl,dc=com?one
#nss_base_netgroup ou=Netgroup,dc=padl,dc=com?one
# attribute/objectclass mapping
# Syntax:
#nss_map_attribute rfc2307attribute mapped_attribute
#nss_map_objectclass rfc2307objectclass mapped_objectclass
# configure --enable-nds is no longer supported.
# NDS mappings
#nss_map_attribute uniqueMember member
# Services for UNIX 3.5 mappings
#nss_map_objectclass posixAccount User
#nss_map_objectclass shadowAccount User
#nss_map_attribute uid msSFU30Name
#nss_map_attribute uniqueMember msSFU30PosixMember
#nss_map_attribute userPassword msSFU30Password
#nss_map_attribute homeDirectory msSFU30HomeDirectory
#nss_map_attribute homeDirectory msSFUHomeDirectory
#nss_map_objectclass posixGroup Group
#pam_login_attribute msSFU30Name
#pam_filter objectclass=User
#pam_password ad
# configure --enable-mssfu-schema is no longer supported.
# Services for UNIX 2.0 mappings
#nss_map_objectclass posixAccount User
#nss_map_objectclass shadowAccount user
#nss_map_attribute uid msSFUName
#nss_map_attribute uniqueMember posixMember
#nss_map_attribute userPassword msSFUPassword
#nss_map_attribute homeDirectory msSFUHomeDirectory
#nss_map_attribute shadowLastChange pwdLastSet
#nss_map_objectclass posixGroup Group
#nss_map_attribute cn msSFUName
#pam_login_attribute msSFUName
#pam_filter objectclass=User
#pam_password ad
# RFC 2307 (AD) mappings
#nss_map_objectclass posixAccount user
#nss_map_objectclass shadowAccount user
#nss_map_attribute uid sAMAccountName
#nss_map_attribute homeDirectory unixHomeDirectory
#nss_map_attribute shadowLastChange pwdLastSet
#nss_map_objectclass posixGroup group
#nss_map_attribute uniqueMember member
#pam_login_attribute sAMAccountName
#pam_filter objectclass=User
#pam_password ad
#Uncomment the following line to override the default login shell
# nss_override_attribute_value loginShell /usr/local/bin/bash
# configure --enable-authpassword is no longer supported
# AuthPassword mappings
#nss_map_attribute userPassword authPassword
# AIX SecureWay mappings
#nss_map_objectclass posixAccount aixAccount
#nss_base_passwd ou=aixaccount,?one
#nss_map_attribute uid userName
#nss_map_attribute gidNumber gid
#nss_map_attribute uidNumber uid
#nss_map_attribute userPassword passwordChar
#nss_map_objectclass posixGroup aixAccessGroup
#nss_base_group ou=aixgroup,?one
#nss_map_attribute cn groupName
#nss_map_attribute uniqueMember member
#pam_login_attribute userName
#pam_filter objectclass=aixAccount
#pam_password clear
# Netscape SDK LDAPS
#ssl on
# Netscape SDK SSL options
#sslpath /etc/ssl/certs
# OpenLDAP SSL mechanism
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
#ssl start_tls
#ssl on
# OpenLDAP SSL options
# Require and verify server certificate (yes/no)
# Default is to use libldap's default behavior, which can be configured in
# /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for
# OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes".
#tls_checkpeer yes
#tls_cacert = /usr/local/etc/openldap/cert.pem
# CA certificates for server certificate verification
# At least one of these are required if tls_checkpeer is "yes"
#tls_cacertfile /etc/ssl/ca.cert
#tls_cacertdir /etc/ssl/certs
# Seed the PRNG if /dev/urandom is not provided
#tls_randfile /var/run/egd-pool
# SSL cipher suite
# See man ciphers for syntax
#tls_ciphers TLSv1
# Client certificate and key
# Use these, if your server requires client authentication.
#tls_cert
#tls_key
# Disable SASL security layers. This is needed for AD.
#sasl_secprops maxssf=0
# Override the default Kerberos ticket cache location.
#krb5_ccname FILE:/etc/.ldapcache
# SASL mechanism for PAM authentication - use is experimental
# at present and does not support password policy control
#pam_sasl_mech DIGEST-MD5

23
modules/ldapclient/templates/openldap_ldap.conf.erb Normal file
View File

@ -0,0 +1,23 @@
## This file is a puppet managed file. All local changes will be lost
## This file is dervied from a puppet template,
## modules/ldapclient/templates/usr/local/etc/openldap/ldap.conf.erb
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
base dc=apache,dc=org
uri ldaps://minotaur.apache.org:636 ldaps://eris.apache.org:636 ldaps://harmonia.apache.org:636
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
ssl start_tls
tls_cacert <%= tlscertpath %>

4
modules/pam/data/common.yaml Normal file
View File

@ -0,0 +1,4 @@
---
pam::sshd_90_modulepath: 'pam_permit.so'

266
modules/pam/data/freebsd/100release.yaml Normal file
View File

@ -0,0 +1,266 @@
---
# Files to manage
pam::pam_sshd: '/etc/pam.d/sshd'
pam::pam_su: '/etc/pam.d/su'
pam::pam_system: '/etc/pam.d/system'
pam::generic_header: |
#
# $FreeBSD: release/10.0.0/etc/pam.d/system 197769 2009-10-05 09:28:54Z des $
#
# System-wide defaults
#
## pam.d/sshd
pam::sshd_10_facility: 'auth'
pam::sshd_10_control: 'sufficient'
pam::sshd_10_modulepath: 'pam_opie.so'
pam::sshd_10_modopts: 'no_warn no_fake_prompts'
pam::sshd_15_facility: 'auth'
pam::sshd_15_control: 'sufficient'
pam::sshd_15_modulepath: '/usr/local/lib/pam_ldap.so'
pam::sshd_15_modopts: 'no_warn'
pam::sshd_20_facility: 'auth'
pam::sshd_20_control: 'requisite'
pam::sshd_20_modulepath: 'pam_opieaccess.so'
pam::sshd_20_modopts: 'no_warn allow_local'
pam::sshd_25_facility: '#auth'
pam::sshd_25_control: 'sufficient'
pam::sshd_25_modulepath: 'pam_krb5.so'
pam::sshd_25_modopts: 'no_warn try_first_pass'
pam::sshd_30_facility: '#auth'
pam::sshd_30_control: 'sufficient'
pam::sshd_30_modulepath: 'pam_ssh.so'
pam::sshd_30_modopts: 'no_warn try_first_pass'
pam::sshd_35_facility: 'auth'
pam::sshd_35_control: 'required'
pam::sshd_35_modulepath: 'pam_unix.so'
pam::sshd_35_modopts: 'no_warn try_first_pass'
pam::sshd_50_facility: 'account'
pam::sshd_50_control: 'required'
pam::sshd_50_modulepath: 'pam_nologin.so'
pam::sshd_50_modopts: ''
pam::sshd_55_facility: '#account'
pam::sshd_55_control: 'required'
pam::sshd_55_modulepath: 'pam_krb5.so'
pam::sshd_55_modopts: ''
pam::sshd_60_facility: 'account'
pam::sshd_60_control: 'required'
pam::sshd_60_modulepath: 'pam_login_access.so'
pam::sshd_60_modopts: ''
pam::sshd_65_facility: 'account'
pam::sshd_65_control: 'required'
pam::sshd_65_modulepath: '/usr/local/lib/pam_ldap.so'
pam::sshd_65_modopts: 'no_warn ignore_authinfo_unavail ignore_unknown_user'
pam::sshd_70_facility: 'account'
pam::sshd_70_control: 'required'
pam::sshd_70_modulepath: 'pam_unix.so'
pam::sshd_70_modopts: ''
pam::sshd_80_facility: '#session'
pam::sshd_80_control: 'optional'
pam::sshd_80_modulepath: 'pam_ssh.so'
pam::sshd_80_modopts: 'want_agent'
pam::sshd_85_facility: 'session'
pam::sshd_85_control: 'required'
pam::sshd_85_modulepath: '/usr/local/lib/pam_mkhomedir.so'
pam::sshd_85_modopts: 'umask=0077'
pam::sshd_90_facility: 'session'
pam::sshd_90_control: 'required'
pam::sshd_90_modulepath: 'pam_permit.so'
pam::sshd_90_modopts: ''
pam::sshd_95_facility: '#password'
pam::sshd_95_control: 'sufficient'
pam::sshd_95_modulepath: 'pam_krb5.so'
pam::sshd_95_modopts: 'no_warn try_first_pass'
pam::sshd_100_facility: 'password'
pam::sshd_100_control: 'required'
pam::sshd_100_modulepath: 'pam_unix.so'
pam::sshd_100_modopts: 'no_warn try_first_pass'
## pam.d/su
pam::su_10_facility: 'auth'
pam::su_10_control: 'sufficient'
pam::su_10_modulepath: 'pam_rootok.so'
pam::su_10_modopts: 'no_warn'
pam::su_15_facility: 'auth'
pam::su_15_control: 'sufficient'
pam::su_15_modulepath: 'pam_self.so'
pam::su_15_modopts: 'no_warn'
pam::su_20_facility: 'auth'
pam::su_20_control: 'requisite'
pam::su_20_modulepath: 'pam_group.so'
pam::su_20_modopts: 'no_warn group=wheel root_only fail_safe ruser'
pam::su_25_facility: 'auth'
pam::su_25_control: 'include'
pam::su_25_modulepath: 'system'
pam::su_25_modopts: ''
pam::su_30_facility: ''
pam::su_30_control: ''
pam::su_30_modulepath: ''
pam::su_30_modopts: ''
pam::su_35_facility: ''
pam::su_35_control: ''
pam::su_35_modulepath: ''
pam::su_35_modopts: ''
pam::su_50_facility: 'account'
pam::su_50_control: 'include'
pam::su_50_modulepath: 'system'
pam::su_50_modopts: ''
pam::su_55_facility: ''
pam::su_55_control: ''
pam::su_55_modulepath: ''
pam::su_55_modopts: ''
pam::su_60_facility: ''
pam::su_60_control: ''
pam::su_60_modulepath: ''
pam::su_60_modopts: ''
pam::su_65_facility: ''
pam::su_65_control: ''
pam::su_65_modulepath: ''
pam::su_65_modopts: ''
pam::su_70_facility: ''
pam::su_70_control: ''
pam::su_70_modulepath: ''
pam::su_70_modopts: ''
pam::su_80_facility: 'session'
pam::su_80_control: 'required'
pam::su_80_modulepath: 'pam_permit.so'
pam::su_80_modopts: ''
pam::su_85_facility: 'session'
pam::su_85_control: 'required'
pam::su_85_modulepath: '/usr/local/lib/pam_mkhomedir.so'
pam::su_85_modopts: 'umask=0077'
pam::su_90_facility: ''
pam::su_90_control: ''
pam::su_90_modulepath: ''
pam::su_90_modopts: ''
pam::su_95_facility: ''
pam::su_95_control: ''
pam::su_95_modulepath: ''
pam::su_95_modopts: ''
pam::su_100_facility: ''
pam::su_100_control: ''
pam::su_100_modulepath: ''
pam::su_100_modopts: ''
## pam.d/system
pam::system_10_facility: 'auth'
pam::system_10_control: 'sufficient'
pam::system_10_modulepath: 'pam_opie.so'
pam::system_10_modopts: 'no_warn no_fake_prompts'
pam::system_15_facility: 'auth'
pam::system_15_control: 'sufficient'
pam::system_15_modulepath: '/usr/local/lib/pam_ldap.so'
pam::system_15_modopts: 'no_warn'
pam::system_20_facility: 'auth'
pam::system_20_control: 'requisite'
pam::system_20_modulepath: 'pam_opieaccess.so'
pam::system_20_modopts: 'no_warn allow_local'
pam::system_25_facility: '#auth'
pam::system_25_control: 'systemfficient'
pam::system_25_modulepath: 'pam_krb5.so'
pam::system_25_modopts: 'no_warn try_first_pass'
pam::system_30_facility: '#auth'
pam::system_30_control: 'systemfficient'
pam::system_30_modulepath: 'pam_ssh.so'
pam::system_30_modopts: 'no_warn try_first_pass'
pam::system_35_facility: 'auth'
pam::system_35_control: 'required'
pam::system_35_modulepath: 'pam_unix.so'
pam::system_35_modopts: 'no_warn try_first_pass nullok'
pam::system_50_facility: ''
pam::system_50_control: ''
pam::system_50_modulepath: ''
pam::system_50_modopts: ''
pam::system_55_facility: '#account'
pam::system_55_control: 'required'
pam::system_55_modulepath: 'pam_krb5.so'
pam::system_55_modopts: ''
pam::system_60_facility: 'account'
pam::system_60_control: 'required'
pam::system_60_modulepath: 'pam_login_access.so'
pam::system_60_modopts: ''
pam::system_65_facility: 'account'
pam::system_65_control: 'required'
pam::system_65_modulepath: '/usr/local/lib/pam_ldap.so'
pam::system_65_modopts: 'no_warn ignore_authinfo_unavail ignore_unknown_user'
pam::system_70_facility: 'account'
pam::system_70_control: 'required'
pam::system_70_modulepath: 'pam_unix.so'
pam::system_70_modopts: ''
pam::system_80_facility: '#session'
pam::system_80_control: 'optional'
pam::system_80_modulepath: 'pam_ssh.so'
pam::system_80_modopts: 'want_agent'
pam::system_85_facility: 'session'
pam::system_85_control: 'required'
pam::system_85_modulepath: '/usr/local/lib/pam_mkhomedir.so'
pam::system_85_modopts: 'umask=0022'
pam::system_90_facility: 'session'
pam::system_90_control: 'required'
pam::system_90_modulepath: 'pam_lastlog.so'
pam::system_90_modopts: 'no_fail'
pam::system_95_facility: '#password'
pam::system_95_control: 'sufficient'
pam::system_95_modulepath: 'pam_krb5.so'
pam::system_95_modopts: 'no_warn try_first_pass'
pam::system_100_facility: 'password'
pam::system_100_control: 'required'
pam::system_100_modulepath: 'pam_unix.so'
pam::system_100_modopts: 'no_warn try_first_pass'

7
modules/pam/data/hiera.yaml Normal file
View File

@ -0,0 +1,7 @@
---
:hierarchy:
- "%{asf_osname}/%{asf_osrelease}"
- "common"
:yaml:
:datadir: .

265
modules/pam/data/ubuntu/1404.yaml Normal file
View File

@ -0,0 +1,265 @@
---
# Files to manage
pam::pam_sshd: '/etc/pam.d/sshd'
pam::pam_su: '/etc/pam.d/su'
pam::pam_system: '/etc/pam.d/system'
pam::generic_header: |
#
# # PAM configuration for the Secure Shell service
#
#
## pam.d/sshd
pam::sshd_10_facility: 'auth'
pam::sshd_10_control: 'required'
pam::sshd_10_modulepath: 'pam_env.so'
pam::sshd_10_modopts: ''
pam::sshd_15_facility: 'auth'
pam::sshd_15_control: 'required'
pam::sshd_15_modulepath: 'pam_env.so'
pam::sshd_15_modopts: 'envfile=/etc/default/locale'
pam::sshd_20_facility: '@include'
pam::sshd_20_control: 'common-auth'
pam::sshd_20_modulepath: ''
pam::sshd_20_modopts: ''
pam::sshd_25_facility: 'account'
pam::sshd_25_control: 'required'
pam::sshd_25_modulepath: 'pam_nologin.so'
pam::sshd_25_modopts: ''
pam::sshd_30_facility: '@include'
pam::sshd_30_control: 'common-account'
pam::sshd_30_modulepath: ''
pam::sshd_30_modopts: ''
pam::sshd_35_facility: '@include'
pam::sshd_35_control: 'common-session'
pam::sshd_35_modulepath: ''
pam::sshd_35_modopts: ''
pam::sshd_50_facility: 'session'
pam::sshd_50_control: 'optional'
pam::sshd_50_modulepath: 'pam_motd.so'
pam::sshd_50_modopts: ''
pam::sshd_55_facility: 'session'
pam::sshd_55_control: 'optional'
pam::sshd_55_modulepath: 'pam_mail.so'
pam::sshd_55_modopts: 'standard noenv'
pam::sshd_60_facility: 'session'
pam::sshd_60_control: 'required'
pam::sshd_60_modulepath: 'pam_limits.so'
pam::sshd_60_modopts: ''
pam::sshd_65_facility: 'session'
pam::sshd_65_control: 'required'
pam::sshd_65_modulepath: 'pam_limits.so'
pam::sshd_65_modopts: ''
pam::sshd_70_facility: '#session'
pam::sshd_70_control: 'required'
pam::sshd_70_modulepath: 'pam_selinux.so'
pam::sshd_70_modopts: 'multiple'
pam::sshd_80_facility: '@include'
pam::sshd_80_control: 'common-password'
pam::sshd_80_modulepath: ''
pam::sshd_80_modopts: ''
pam::sshd_85_facility: ''
pam::sshd_85_control: ''
pam::sshd_85_modulepath: ''
pam::sshd_85_modopts: ''
pam::sshd_90_facility: ''
pam::sshd_90_control: ''
pam::sshd_90_modulepath: ''
pam::sshd_90_modopts: ''
pam::sshd_95_facility: ''
pam::sshd_95_control: ''
pam::sshd_95_modulepath: ''
pam::sshd_95_modopts: ''
pam::sshd_100_facility: ''
pam::sshd_100_control: ''
pam::sshd_100_modulepath: ''
pam::sshd_100_modopts: ''
## pam.d/su
pam::su_10_facility: 'auth'
pam::su_10_control: 'sufficient'
pam::su_10_modulepath: 'pam_rootok.so'
pam::su_10_modopts: ''
pam::su_15_facility: '#auth'
pam::su_15_control: 'required'
pam::su_15_modulepath: 'pam_wheel.so'
pam::su_15_modopts: ''
pam::su_20_facility: '#auth'
pam::su_20_control: 'sufficient'
pam::su_20_modulepath: 'pam_wheel.so'
pam::su_20_modopts: 'trust'
pam::su_25_facility: '#auth'
pam::su_25_control: 'required'
pam::su_25_modulepath: 'pam_wheel.so'
pam::su_25_modopts: 'deny group=nosu'
pam::su_30_facility: '#account'
pam::su_30_control: 'requisite'
pam::su_30_modulepath: 'pam_time.so'
pam::su_30_modopts: ''
pam::su_35_facility: 'session'
pam::su_35_control: 'required'
pam::su_35_modulepath: 'pam_env.so'
pam::su_35_modopts: 'readenv=1'
pam::su_50_facility: 'session'
pam::su_50_control: 'required'
pam::su_50_modulepath: 'pam_env.so'
pam::su_50_modopts: 'readenv=1 envfile=/etc/default/locale'
pam::su_55_facility: 'session'
pam::su_55_control: 'optional'
pam::su_55_modulepath: 'pam_mail.so'
pam::su_55_modopts: 'nopen'
pam::su_60_facility: 'session'
pam::su_60_control: 'required'
pam::su_60_modulepath: 'pam_limits.so'
pam::su_60_modopts: ''
pam::su_65_facility: '@include'
pam::su_65_control: 'common-auth'
pam::su_65_modulepath: ''
pam::su_65_modopts: ''
pam::su_70_facility: '@include'
pam::su_70_control: 'common-account'
pam::su_70_modulepath: ''
pam::su_70_modopts: ''
pam::su_80_facility: '@include'
pam::su_80_control: 'common-session'
pam::su_80_modulepath: ''
pam::su_80_modopts: ''
pam::su_85_facility: ''
pam::su_85_control: ''
pam::su_85_modulepath: ''
pam::su_85_modopts: ''
pam::su_90_facility: ''
pam::su_90_control: ''
pam::su_90_modulepath: ''
pam::su_90_modopts: ''
pam::su_95_facility: ''
pam::su_95_control: ''
pam::su_95_modulepath: ''
pam::su_95_modopts: ''
pam::su_100_facility: ''
pam::su_100_control: ''
pam::su_100_modulepath: ''
pam::su_100_modopts: ''
## pam.d/system
pam::system_10_facility: 'auth'
pam::system_10_control: 'sufficient'
pam::system_10_modulepath: 'pam_opie.so'
pam::system_10_modopts: 'no_warn no_fake_prompts'
pam::system_15_facility: 'auth'
pam::system_15_control: 'sufficient'
pam::system_15_modulepath: '/usr/local/lib/pam_ldap.so'
pam::system_15_modopts: 'no_warn'
pam::system_20_facility: 'auth'
pam::system_20_control: 'requisite'
pam::system_20_modulepath: 'pam_opieaccess.so'
pam::system_20_modopts: 'no_warn allow_local'
pam::system_25_facility: '#auth'
pam::system_25_control: 'systemfficient'
pam::system_25_modulepath: 'pam_krb5.so'
pam::system_25_modopts: 'no_warn try_first_pass'
pam::system_30_facility: '#auth'
pam::system_30_control: 'systemfficient'
pam::system_30_modulepath: 'pam_ssh.so'
pam::system_30_modopts: 'no_warn try_first_pass'
pam::system_35_facility: 'auth'
pam::system_35_control: 'required'
pam::system_35_modulepath: 'pam_unix.so'
pam::system_35_modopts: 'no_warn try_first_pass nullok'
pam::system_50_facility: ''
pam::system_50_control: ''
pam::system_50_modulepath: ''
pam::system_50_modopts: ''
pam::system_55_facility: '#account'
pam::system_55_control: 'required'
pam::system_55_modulepath: 'pam_krb5.so'
pam::system_55_modopts: ''
pam::system_60_facility: 'account'
pam::system_60_control: 'required'
pam::system_60_modulepath: 'pam_login_access.so'
pam::system_60_modopts: ''
pam::system_65_facility: 'account'
pam::system_65_control: 'required'
pam::system_65_modulepath: '/usr/local/lib/pam_ldap.so'
pam::system_65_modopts: 'no_warn ignore_authinfo_unavail ignore_unknown_user'
pam::system_70_facility: 'account'
pam::system_70_control: 'required'
pam::system_70_modulepath: 'pam_unix.so'
pam::system_70_modopts: ''
pam::system_80_facility: '#session'
pam::system_80_control: 'optional'
pam::system_80_modulepath: 'pam_ssh.so'
pam::system_80_modopts: 'want_agent'
pam::system_85_facility: 'session'
pam::system_85_control: 'required'
pam::system_85_modulepath: '/usr/local/lib/pam_mkhomedir.so'
pam::system_85_modopts: 'umask=0022'
pam::system_90_facility: 'session'
pam::system_90_control: 'required'
pam::system_90_modulepath: 'pam_lastlog.so'
pam::system_90_modopts: 'no_fail'
pam::system_95_facility: '#password'
pam::system_95_control: 'sufficient'
pam::system_95_modulepath: 'pam_krb5.so'
pam::system_95_modopts: 'no_warn try_first_pass'
pam::system_100_facility: 'password'
pam::system_100_control: 'required'
pam::system_100_modulepath: 'pam_unix.so'
pam::system_100_modopts: 'no_warn try_first_pass'

788
modules/pam/manifests/init.pp Normal file
View File

@ -0,0 +1,788 @@
class pam (
## Files being managed. These are the default
## values. As these seem like generic sane defaults.
## However you should note that hiera should be populating them.
$pam_sshd = "",
$pam_su = "",
$pam_system = "",
## Content variables, as found in hiera data
$generic_header = "",
## Data variables
## pam.d/sshd
$sshd_10_facility = "",
$sshd_10_control = "",
$sshd_10_modulepath = "",
$sshd_10_modopts = "",
$sshd_15_facility = "",
$sshd_15_control = "",
$sshd_15_modulepath = "",
$sshd_15_modopts = "",
$sshd_20_facility = "",
$sshd_20_control = "",
$sshd_20_modulepath = "",
$sshd_20_modopts = "",
$sshd_25_facility = "",
$sshd_25_control = "",
$sshd_25_modulepath = "",
$sshd_25_modopts = "",
$sshd_30_facility = "",
$sshd_30_control = "",
$sshd_30_modulepath = "",
$sshd_30_modopts = "",
$sshd_35_facility = "",
$sshd_35_control = "",
$sshd_35_modulepath = "",
$sshd_35_modopts = "",
$sshd_40_facility = "",
$sshd_40_control = "",
$sshd_40_modulepath = "",
$sshd_40_modopts = "",
$sshd_45_facility = "",
$sshd_45_control = "",
$sshd_45_modulepath = "",
$sshd_45_modopts = "",
$sshd_50_facility = "",
$sshd_50_control = "",
$sshd_50_modulepath = "",
$sshd_50_modopts = "",
$sshd_55_facility = "",
$sshd_55_control = "",
$sshd_55_modulepath = "",
$sshd_55_modopts = "",
$sshd_60_facility = "",
$sshd_60_control = "",
$sshd_60_modulepath = "",
$sshd_60_modopts = "",
$sshd_65_facility = "",
$sshd_65_control = "",
$sshd_65_modulepath = "",
$sshd_65_modopts = "",
$sshd_70_facility = "",
$sshd_70_control = "",
$sshd_70_modulepath = "",
$sshd_70_modopts = "",
$sshd_75_facility = "",
$sshd_75_control = "",
$sshd_75_modulepath = "",
$sshd_75_modopts = "",
$sshd_80_facility = "",
$sshd_80_control = "",
$sshd_80_modulepath = "",
$sshd_80_modopts = "",
$sshd_85_facility = "",
$sshd_85_control = "",
$sshd_85_modulepath = "",
$sshd_85_modopts = "",
$sshd_90_facility = "",
$sshd_90_control = "",
$sshd_90_modulepath = "",
$sshd_90_modopts = "",
$sshd_95_facility = "",
$sshd_95_control = "",
$sshd_95_modulepath = "",
$sshd_95_modopts = "",
$sshd_100_facility = "",
$sshd_100_control = "",
$sshd_100_modulepath = "",
$sshd_100_modopts = "",
## pam.d/su
$su_10_facility = "",
$su_10_control = "",
$su_10_modulepath = "",
$su_10_modopts = "",
$su_15_facility = "",
$su_15_control = "",
$su_15_modulepath = "",
$su_15_modopts = "",
$su_20_facility = "",
$su_20_control = "",
$su_20_modulepath = "",
$su_20_modopts = "",
$su_25_facility = "",
$su_25_control = "",
$su_25_modulepath = "",
$su_25_modopts = "",
$su_30_facility = "",
$su_30_control = "",
$su_30_modulepath = "",
$su_30_modopts = "",
$su_35_facility = "",
$su_35_control = "",
$su_35_modulepath = "",
$su_35_modopts = "",
$su_40_facility = "",
$su_40_control = "",
$su_40_modulepath = "",
$su_40_modopts = "",
$su_45_facility = "",
$su_45_control = "",
$su_45_modulepath = "",
$su_45_modopts = "",
$su_50_facility = "",
$su_50_control = "",
$su_50_modulepath = "",
$su_50_modopts = "",
$su_55_facility = "",
$su_55_control = "",
$su_55_modulepath = "",
$su_55_modopts = "",
$su_60_facility = "",
$su_60_control = "",
$su_60_modulepath = "",
$su_60_modopts = "",
$su_65_facility = "",
$su_65_control = "",
$su_65_modulepath = "",
$su_65_modopts = "",
$su_70_facility = "",
$su_70_control = "",
$su_70_modulepath = "",
$su_70_modopts = "",
$su_75_facility = "",
$su_75_control = "",
$su_75_modulepath = "",
$su_75_modopts = "",
$su_80_facility = "",
$su_80_control = "",
$su_80_modulepath = "",
$su_80_modopts = "",
$su_85_facility = "",
$su_85_control = "",
$su_85_modulepath = "",
$su_85_modopts = "",
$su_90_facility = "",
$su_90_control = "",
$su_90_modulepath = "",
$su_90_modopts = "",
$su_95_facility = "",
$su_95_control = "",
$su_95_modulepath = "",
$su_95_modopts = "",
$su_100_facility = "",
$su_100_control = "",
$su_100_modulepath = "",
$su_100_modopts = "",
## pam.d/system
$system_10_facility = "",
$system_10_control = "",
$system_10_modulepath = "",
$system_10_modopts = "",
$system_15_facility = "",
$system_15_control = "",
$system_15_modulepath = "",
$system_15_modopts = "",
$system_20_facility = "",
$system_20_control = "",
$system_20_modulepath = "",
$system_20_modopts = "",
$system_25_facility = "",
$system_25_control = "",
$system_25_modulepath = "",
$system_25_modopts = "",
$system_30_facility = "",
$system_30_control = "",
$system_30_modulepath = "",
$system_30_modopts = "",
$system_35_facility = "",
$system_35_control = "",
$system_35_modulepath = "",
$system_35_modopts = "",
$system_40_facility = "",
$system_40_control = "",
$system_40_modulepath = "",
$system_40_modopts = "",
$system_45_facility = "",
$system_45_control = "",
$system_45_modulepath = "",
$system_45_modopts = "",
$system_50_facility = "",
$system_50_control = "",
$system_50_modulepath = "",
$system_50_modopts = "",
$system_55_facility = "",
$system_55_control = "",
$system_55_modulepath = "",
$system_55_modopts = "",
$system_60_facility = "",
$system_60_control = "",
$system_60_modulepath = "",
$system_60_modopts = "",
$system_65_facility = "",
$system_65_control = "",
$system_65_modulepath = "",
$system_65_modopts = "",
$system_70_facility = "",
$system_70_control = "",
$system_70_modulepath = "",
$system_70_modopts = "",
$system_75_facility = "",
$system_75_control = "",
$system_75_modulepath = "",
$system_75_modopts = "",
$system_80_facility = "",
$system_80_control = "",
$system_80_modulepath = "",
$system_80_modopts = "",
$system_85_facility = "",
$system_85_control = "",
$system_85_modulepath = "",
$system_85_modopts = "",
$system_90_facility = "",
$system_90_control = "",
$system_90_modulepath = "",
$system_90_modopts = "",
$system_95_facility = "",
$system_95_control = "",
$system_95_modulepath = "",
$system_95_modopts = "",
$system_100_facility = "",
$system_100_control = "",
$system_100_modulepath = "",
$system_100_modopts = "",
) {
## Add our puppet warning at the top of the file.
concat::fragment::puppetwarn::hash{"pam-sshd-puppetwarn":
target => $pam_sshd,
}
concat::fragment::puppetwarn::hash{"pam-su-puppetwarn":
target => $pam_su,
}
concat::fragment::puppetwarn::hash{"pam-system-puppetwarn":
target => $pam_system,
}
## Add the OS generic header,
## so we can track the origins of the file.
concat::fragment{"pam-sshd-header":
target => $pam_sshd,
content => $generic_header,
order => 005,
}
concat::fragment{"pam-su-header":
target => $pam_su,
content => $generic_header,
order => 005,
}
concat::fragment{"pam-system-header":
target => $pam_system,
content => $generic_header,
order => 005,
}
## Generate the fragments, by calling the
## custom pam::insertline module.
## pam.d/sshd
pam::insertline{"pam-sshd-10":
target => $pam_sshd,
order => "010",
pam_facility => $sshd_10_facility,
pam_control => $sshd_10_control,
pam_modulepath => $sshd_10_modulepath,
pam_modopts => $sshd_10_modopts,
}
pam::insertline{"pam-sshd-15":
target => $pam_sshd,
order => "015",
pam_facility => $sshd_15_facility,
pam_control => $sshd_15_control,
pam_modulepath => $sshd_15_modulepath,
pam_modopts => $sshd_15_modopts,
}
pam::insertline{"pam-sshd-20":
target => $pam_sshd,
order => "020",
pam_facility => $sshd_20_facility,
pam_control => $sshd_20_control,
pam_modulepath => $sshd_20_modulepath,
pam_modopts => $sshd_20_modopts,
}
pam::insertline{"pam-sshd-25":
target => $pam_sshd,
order => "025",
pam_facility => $sshd_25_facility,
pam_control => $sshd_25_control,
pam_modulepath => $sshd_25_modulepath,
pam_modopts => $sshd_25_modopts,
}
pam::insertline{"pam-sshd-30":
target => $pam_sshd,
order => "030",
pam_facility => $sshd_30_facility,
pam_control => $sshd_30_control,
pam_modulepath => $sshd_30_modulepath,
pam_modopts => $sshd_30_modopts,
}
pam::insertline{"pam-sshd-35":
target => $pam_sshd,
order => "035",
pam_facility => $sshd_35_facility,
pam_control => $sshd_35_control,
pam_modulepath => $sshd_35_modulepath,
pam_modopts => $sshd_35_modopts,
}
pam::insertline{"pam-sshd-50":
target => $pam_sshd,
order => "050",
pam_facility => $sshd_50_facility,
pam_control => $sshd_50_control,
pam_modulepath => $sshd_50_modulepath,
pam_modopts => $sshd_50_modopts,
}
pam::insertline{"pam-sshd-55":
target => $pam_sshd,
order => "055",
pam_facility => $sshd_55_facility,
pam_control => $sshd_55_control,
pam_modulepath => $sshd_55_modulepath,
pam_modopts => $sshd_55_modopts,
}
pam::insertline{"pam-sshd-60":
target => $pam_sshd,
order => "060",
pam_facility => $sshd_60_facility,
pam_control => $sshd_60_control,
pam_modulepath => $sshd_60_modulepath,
pam_modopts => $sshd_60_modopts,
}
pam::insertline{"pam-sshd-65":
target => $pam_sshd,
order => "065",
pam_facility => $sshd_65_facility,
pam_control => $sshd_65_control,
pam_modulepath => $sshd_65_modulepath,
pam_modopts => $sshd_65_modopts,
}
pam::insertline{"pam-sshd-70":
target => $pam_sshd,
order => "070",
pam_facility => $sshd_70_facility,
pam_control => $sshd_70_control,
pam_modulepath => $sshd_70_modulepath,
pam_modopts => $sshd_70_modopts,
}
pam::insertline{"pam-sshd-80":
target => $pam_sshd,
order => "080",
pam_facility => $sshd_80_facility,
pam_control => $sshd_80_control,
pam_modulepath => $sshd_80_modulepath,
pam_modopts => $sshd_80_modopts,
}
pam::insertline{"pam-sshd-85":
target => $pam_sshd,
order => "085",
pam_facility => $sshd_85_facility,
pam_control => $sshd_85_control,
pam_modulepath => $sshd_85_modulepath,
pam_modopts => $sshd_85_modopts,
}
pam::insertline{"pam-sshd-90":
target => $pam_sshd,
order => "090",
pam_facility => $sshd_90_facility,
pam_control => $sshd_90_control,
pam_modulepath => $sshd_90_modulepath,
pam_modopts => $sshd_90_modopts,
}
pam::insertline{"pam-sshd-95":
target => $pam_sshd,
order => "095",
pam_facility => $sshd_95_facility,
pam_control => $sshd_95_control,
pam_modulepath => $sshd_95_modulepath,
pam_modopts => $sshd_95_modopts,
}
pam::insertline{"pam-sshd-100":
target => $pam_sshd,
order => "100",
pam_facility => $sshd_100_facility,
pam_control => $sshd_100_control,
pam_modulepath => $sshd_100_modulepath,
pam_modopts => $sshd_100_modopts,
}
## pam.d/su
pam::insertline{"pam-su-10":
target => $pam_su,
order => "010",
pam_facility => $su_10_facility,
pam_control => $su_10_control,
pam_modulepath => $su_10_modulepath,
pam_modopts => $su_10_modopts,
}
pam::insertline{"pam-su-15":
target => $pam_su,
order => "015",
pam_facility => $su_15_facility,
pam_control => $su_15_control,
pam_modulepath => $su_15_modulepath,
pam_modopts => $su_15_modopts,
}
pam::insertline{"pam-su-20":
target => $pam_su,
order => "020",
pam_facility => $su_20_facility,
pam_control => $su_20_control,
pam_modulepath => $su_20_modulepath,
pam_modopts => $su_20_modopts,
}
pam::insertline{"pam-su-25":
target => $pam_su,
order => "025",
pam_facility => $su_25_facility,
pam_control => $su_25_control,
pam_modulepath => $su_25_modulepath,
pam_modopts => $su_25_modopts,
}
pam::insertline{"pam-su-30":
target => $pam_su,
order => "030",
pam_facility => $su_30_facility,
pam_control => $su_30_control,
pam_modulepath => $su_30_modulepath,
pam_modopts => $su_30_modopts,
}
pam::insertline{"pam-su-35":
target => $pam_su,
order => "035",
pam_facility => $su_35_facility,
pam_control => $su_35_control,
pam_modulepath => $su_35_modulepath,
pam_modopts => $su_35_modopts,
}
pam::insertline{"pam-su-50":
target => $pam_su,
order => "050",
pam_facility => $su_50_facility,
pam_control => $su_50_control,
pam_modulepath => $su_50_modulepath,
pam_modopts => $su_50_modopts,
}
pam::insertline{"pam-su-55":
target => $pam_su,
order => "055",
pam_facility => $su_55_facility,
pam_control => $su_55_control,
pam_modulepath => $su_55_modulepath,
pam_modopts => $su_55_modopts,
}
pam::insertline{"pam-su-60":
target => $pam_su,
order => "060",
pam_facility => $su_60_facility,
pam_control => $su_60_control,
pam_modulepath => $su_60_modulepath,
pam_modopts => $su_60_modopts,
}
pam::insertline{"pam-su-65":
target => $pam_su,
order => "065",
pam_facility => $su_65_facility,
pam_control => $su_65_control,
pam_modulepath => $su_65_modulepath,
pam_modopts => $su_65_modopts,
}
pam::insertline{"pam-su-70":
target => $pam_su,
order => "070",
pam_facility => $su_70_facility,
pam_control => $su_70_control,
pam_modulepath => $su_70_modulepath,
pam_modopts => $su_70_modopts,
}
pam::insertline{"pam-su-80":
target => $pam_su,
order => "080",
pam_facility => $su_80_facility,
pam_control => $su_80_control,
pam_modulepath => $su_80_modulepath,
pam_modopts => $su_80_modopts,
}
pam::insertline{"pam-su-85":
target => $pam_su,
order => "085",
pam_facility => $su_85_facility,
pam_control => $su_85_control,
pam_modulepath => $su_85_modulepath,
pam_modopts => $su_85_modopts,
}
pam::insertline{"pam-su-90":
target => $pam_su,
order => "090",
pam_facility => $su_90_facility,
pam_control => $su_90_control,
pam_modulepath => $su_90_modulepath,
pam_modopts => $su_90_modopts,
}
pam::insertline{"pam-su-95":
target => $pam_su,
order => "095",
pam_facility => $su_95_facility,
pam_control => $su_95_control,
pam_modulepath => $su_95_modulepath,
pam_modopts => $su_95_modopts,
}
pam::insertline{"pam-su-100":
target => $pam_su,
order => "100",
pam_facility => $su_100_facility,
pam_control => $su_100_control,
pam_modulepath => $su_100_modulepath,
pam_modopts => $su_100_modopts,
}
## pam.d/system
pam::insertline{"pam-system-10":
target => $pam_system,
order => "010",
pam_facility => $system_10_facility,
pam_control => $system_10_control,
pam_modulepath => $system_10_modulepath,
pam_modopts => $system_10_modopts,
}
pam::insertline{"pam-system-15":
target => $pam_system,
order => "015",
pam_facility => $system_15_facility,
pam_control => $system_15_control,
pam_modulepath => $system_15_modulepath,
pam_modopts => $system_15_modopts,
}
pam::insertline{"pam-system-20":
target => $pam_system,
order => "020",
pam_facility => $system_20_facility,
pam_control => $system_20_control,
pam_modulepath => $system_20_modulepath,
pam_modopts => $system_20_modopts,
}
pam::insertline{"pam-system-25":
target => $pam_system,
order => "025",
pam_facility => $system_25_facility,
pam_control => $system_25_control,
pam_modulepath => $system_25_modulepath,
pam_modopts => $system_25_modopts,
}
pam::insertline{"pam-system-30":
target => $pam_system,
order => "030",
pam_facility => $system_30_facility,
pam_control => $system_30_control,
pam_modulepath => $system_30_modulepath,
pam_modopts => $system_30_modopts,
}
pam::insertline{"pam-system-35":
target => $pam_system,
order => "035",
pam_facility => $system_35_facility,
pam_control => $system_35_control,
pam_modulepath => $system_35_modulepath,
pam_modopts => $system_35_modopts,
}
pam::insertline{"pam-system-50":
target => $pam_system,
order => "050",
pam_facility => $system_50_facility,
pam_control => $system_50_control,
pam_modulepath => $system_50_modulepath,
pam_modopts => $system_50_modopts,
}
pam::insertline{"pam-system-55":
target => $pam_system,
order => "055",
pam_facility => $system_55_facility,
pam_control => $system_55_control,
pam_modulepath => $system_55_modulepath,
pam_modopts => $system_55_modopts,
}
pam::insertline{"pam-system-60":
target => $pam_system,
order => "060",
pam_facility => $system_60_facility,
pam_control => $system_60_control,
pam_modulepath => $system_60_modulepath,
pam_modopts => $system_60_modopts,
}
pam::insertline{"pam-system-65":
target => $pam_system,
order => "065",
pam_facility => $system_65_facility,
pam_control => $system_65_control,
pam_modulepath => $system_65_modulepath,
pam_modopts => $system_65_modopts,
}
pam::insertline{"pam-system-70":
target => $pam_system,
order => "070",
pam_facility => $system_70_facility,
pam_control => $system_70_control,
pam_modulepath => $system_70_modulepath,
pam_modopts => $system_70_modopts,
}
pam::insertline{"pam-system-80":
target => $pam_system,
order => "080",
pam_facility => $system_80_facility,
pam_control => $system_80_control,
pam_modulepath => $system_80_modulepath,
pam_modopts => $system_80_modopts,
}
pam::insertline{"pam-system-85":
target => $pam_system,
order => "085",
pam_facility => $system_85_facility,
pam_control => $system_85_control,
pam_modulepath => $system_85_modulepath,
pam_modopts => $system_85_modopts,
}
pam::insertline{"pam-system-90":
target => $pam_system,
order => "090",
pam_facility => $system_90_facility,
pam_control => $system_90_control,
pam_modulepath => $system_90_modulepath,
pam_modopts => $system_90_modopts,
}
pam::insertline{"pam-system-95":
target => $pam_system,
order => "095",
pam_facility => $system_95_facility,
pam_control => $system_95_control,
pam_modulepath => $system_95_modulepath,
pam_modopts => $system_95_modopts,
}
pam::insertline{"pam-system-100":
target => $pam_system,
order => "100",
pam_facility => $system_100_facility,
pam_control => $system_100_control,
pam_modulepath => $system_100_modulepath,
pam_modopts => $system_100_modopts,
}
}

33
modules/pam/manifests/insertline.pp Normal file
View File

@ -0,0 +1,33 @@
#/etc/puppet/modules/pam/manifests/insertline.pp
#
# insertline is used by other modules to insert lines in pam config files
#
define pam::insertline(
$pam_facility="",
$pam_control="",
$pam_modulepath="",
$pam_modopts="",
$target = "",
$order=40,
$commentmarker="#",
) {
if $target != "" {
$body = "$pam_facility\t\t\t$pam_control\t\t\t$pam_modulepath\t\t\t$pam_modopts"
if $body == "" {
$body = "$commentmarker Empty line inserted by $name. Check your puppet config."
}
concat::fragment{"insertline_$name":
target => $target,
order => $order,
content => "\n$commentmarker Line inserted by puppet ($name), at order $order.\n$body\n"
}
}
}

32
modules/pam/templates/pam_sshd.erb Normal file
View File

@ -0,0 +1,32 @@
#
# $FreeBSD: release/10.0.0/etc/pam.d/sshd 197769 2009-10-05 09:28:54Z des $
#
# PAM configuration for the "sshd" service
#
# auth
auth sufficient pam_opie.so no_warn no_fake_prompts
auth sufficient /usr/local/lib/pam_ldap.so no_warn
auth requisite pam_opieaccess.so no_warn allow_local
#auth sufficient pam_krb5.so no_warn try_first_pass
#auth sufficient pam_ssh.so no_warn try_first_pass
auth required pam_unix.so no_warn try_first_pass
# account
account required pam_nologin.so
#account required pam_krb5.so
account required pam_login_access.so
account required /usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user
account required pam_unix.so
# session
#session optional pam_ssh.so want_agent
session required /usr/local/lib/pam_mkhomedir.so umask=0077
session required pam_permit.so
# password
#password sufficient pam_krb5.so no_warn try_first_pass
password required pam_unix.so no_warn try_first_pass

19
modules/pam/templates/pam_su.erb Normal file
View File

@ -0,0 +1,19 @@
#
# $FreeBSD: release/10.0.0/etc/pam.d/su 219663 2011-03-15 10:13:35Z des $
#
# PAM configuration for the "su" service
#
# auth
auth sufficient pam_rootok.so no_warn
auth sufficient pam_self.so no_warn
auth requisite pam_group.so no_warn group=wheel root_only fail_safe ruser
auth include system
# account
account include system
# session
session required pam_permit.so
session required /usr/local/lib/pam_mkhomedir.so umask=0077

28
modules/pam/templates/pam_system.erb Normal file
View File

@ -0,0 +1,28 @@
#
# $FreeBSD: release/10.0.0/etc/pam.d/system 197769 2009-10-05 09:28:54Z des $
#
# System-wide defaults
#
# auth
auth sufficient pam_opie.so no_warn no_fake_prompts
auth sufficient /usr/local/lib/pam_ldap.so no_warn
auth requisite pam_opieaccess.so no_warn allow_local
#auth sufficient pam_krb5.so no_warn try_first_pass
#auth sufficient pam_ssh.so no_warn try_first_pass
auth required pam_unix.so no_warn try_first_pass nullok
# account
#account required pam_krb5.so
account required pam_login_access.so
account required /usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user
account required pam_unix.so
# session
#session optional pam_ssh.so want_agent
session required /usr/local/lib/pam_mkhomedir.so umask=0022
session required pam_lastlog.so no_fail
# password
#password sufficient pam_krb5.so no_warn try_first_pass
password required pam_unix.so no_warn try_first_pass

6
modules/pkgng/Gemfile Normal file
View File

@ -0,0 +1,6 @@
source 'https://rubygems.org'
gem 'rspec'
gem 'rspec-mocks'
gem 'rspec-expectations'
gem 'puppet'
gem 'puppet-lint'

60
modules/pkgng/Gemfile.lock Normal file
View File

@ -0,0 +1,60 @@
PATH
remote: ./puppet
specs:
puppet (3.4.2)
facter (~> 1.5)
hiera (~> 1.0)
GEM
remote: https://rubygems.org/
specs:
binding_of_caller (0.7.2)
debug_inspector (>= 0.0.1)
coderay (1.1.0)
columnize (0.3.6)
debug_inspector (0.0.2)
debugger (1.6.5)
columnize (>= 0.3.1)
debugger-linecache (~> 1.2.0)
debugger-ruby_core_source (~> 1.3.1)
debugger-linecache (1.2.0)
debugger-ruby_core_source (1.3.1)
diff-lcs (1.2.4)
facter (1.7.4)
hiera (1.3.0)
json_pure
json_pure (1.8.1)
method_source (0.8.2)
pry (0.9.12.4)
coderay (~> 1.0)
method_source (~> 0.8)
slop (~> 3.4)
pry-debugger (0.2.2)
debugger (~> 1.3)
pry (~> 0.9.10)
pry-stack_explorer (0.4.9.1)
binding_of_caller (>= 0.7)
pry (>= 0.9.11)
puppet-lint (0.3.2)
rspec (2.13.0)
rspec-core (~> 2.13.0)
rspec-expectations (~> 2.13.0)
rspec-mocks (~> 2.13.0)
rspec-core (2.13.1)
rspec-expectations (2.13.0)
diff-lcs (>= 1.1.3, < 2.0)
rspec-mocks (2.13.1)
slop (3.4.7)
PLATFORMS
ruby
DEPENDENCIES
pry
pry-debugger
pry-stack_explorer
puppet!
puppet-lint
rspec
rspec-expectations
rspec-mocks

191
modules/pkgng/LICENSE Normal file
View File

@ -0,0 +1,191 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
Copyright 2013 Puppet Labs
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

9
modules/pkgng/Modulefile Normal file
View File

@ -0,0 +1,9 @@
name 'zleslie-pkgng'
version '0.2.0'
source 'git://github.com/xaque208/puppet-pkgng.git'
author 'zleslie'
license 'Apache License Version 2.0'
summary 'PkgNG package provider for FreeBSD'
description 'Includes facts and management class.'
project_page 'https://github.com/xaque208/puppet-pkgng'
dependency 'puppetlabs/stdlib'

52
modules/pkgng/README.md Normal file
View File

@ -0,0 +1,52 @@
Puppet-pkgng
===
[![Build Status](https://travis-ci.org/xaque208/puppet-pkgng.png)](https://travis-ci.org/xaque208/puppet-pkgng)
A package provider for FreeBSD's PkgNG package manager.
This module contains the provider as well as some implementation around
configuring the pkg.conf file. If you are building your own PkgNG packages,
you may also want to look at my [poudriere
module](https://github.com/xaque208/puppet-poudriere).
## Installation
The easiest way to install is to install from the forge.
puppet module install zleslie/pkgng
Then to configure your system to use a PkgNG, a simple include will do.
include pkgng
### Installation via r10K
You can also clone this repo to somewhere in your modulepath, or use something
like [r10k](https://github.com/adrienthebo/r10k) to deploy your modules. R10k
is sweet. For those not familiar, check out [Finch's blog
post](http://somethingsinistral.net/blog/rethinking-puppet-deployment/) about
it.
### Installation via [Librarian-Puppet](http://librarian-puppet.com/)
Installation via Librarian-Puppet is straight forward, simply add the
following to your `Puppetfile`
```
mod 'zleslie/pkgng'
```
## Usage
Once you have the module installed, you can use it by simply adding a site
default in site.pp that looks like this.
Package {
provider => pkgng
}
Now every package that you install will use the PkgNG provider.

Some files were not shown because too many files have changed in this diff Show More