/concat/bin to do the concatenation. While this might
+seem more complex than some of the one-liner alternatives you might find on
+the net we do a lot of error checking and safety checks in the script to avoid
+problems that might be caused by complex escaping errors etc.
+
+=== License:
+
+Apache Version 2
+
+=== Latest:
+
+http://github.com/puppetlabs/puppetlabs-concat/
+
+=== Contact:
+
+Puppetlabs, via our puppet-users@ mailing list.
diff --git a/modules/concat/README.markdown b/modules/concat/README.markdown
new file mode 100644
index 0000000..9580c9d
--- /dev/null
+++ b/modules/concat/README.markdown
@@ -0,0 +1,154 @@
+What is it?
+===========
+
+A Puppet module that can construct files from fragments.
+
+Please see the comments in the various .pp files for details
+as well as posts on my blog at http://www.devco.net/
+
+Released under the Apache 2.0 licence
+
+Usage:
+------
+
+If you wanted a /etc/motd file that listed all the major modules
+on the machine. And that would be maintained automatically even
+if you just remove the include lines for other modules you could
+use code like below, a sample /etc/motd would be:
+
+
+Puppet modules on this server:
+
+ -- Apache
+ -- MySQL
+
+
+Local sysadmins can also append to the file by just editing /etc/motd.local
+their changes will be incorporated into the puppet managed motd.
+
+
+# class to setup basic motd, include on all nodes
+class motd {
+ $motd = "/etc/motd"
+
+ concat{$motd:
+ owner => root,
+ group => root,
+ mode => '0644',
+ }
+
+ concat::fragment{"motd_header":
+ target => $motd,
+ content => "\nPuppet modules on this server:\n\n",
+ order => 01,
+ }
+
+ # local users on the machine can append to motd by just creating
+ # /etc/motd.local
+ concat::fragment{"motd_local":
+ target => $motd,
+ ensure => "/etc/motd.local",
+ order => 15
+ }
+}
+
+# used by other modules to register themselves in the motd
+define motd::register($content="", $order=10) {
+ if $content == "" {
+ $body = $name
+ } else {
+ $body = $content
+ }
+
+ concat::fragment{"motd_fragment_$name":
+ target => "/etc/motd",
+ content => " -- $body\n"
+ }
+}
+
+# a sample apache module
+class apache {
+ include apache::install, apache::config, apache::service
+
+ motd::register{"Apache": }
+}
+
+
+Detailed documentation of the class options can be found in the
+manifest files.
+
+Known Issues:
+-------------
+* Since puppet-concat now relies on a fact for the concat directory,
+ you will need to set up pluginsync = true on both the master and client
+ node's '/etc/puppet/puppet.conf' for at least the first run.
+ You have this issue if puppet fails to run on the client and you have
+ a message similar to
+ "err: Failed to apply catalog: Parameter path failed: File
+ paths must be fully qualified, not 'undef' at [...]/concat/manifests/setup.pp:44".
+
+Contributors:
+-------------
+**Paul Elliot**
+
+ * Provided 0.24.8 support, shell warnings and empty file creation support.
+
+**Chad Netzer**
+
+ * Various patches to improve safety of file operations
+ * Symlink support
+
+**David Schmitt**
+
+ * Patch to remove hard coded paths relying on OS path
+ * Patch to use file{} to copy the resulting file to the final destination. This means Puppet client will show diffs and that hopefully we can change file ownerships now
+
+**Peter Meier**
+
+ * Basedir as a fact
+ * Unprivileged user support
+
+**Sharif Nassar**
+
+ * Solaris/Nexenta support
+ * Better error reporting
+
+**Christian G. Warden**
+
+ * Style improvements
+
+**Reid Vandewiele**
+
+ * Support non GNU systems by default
+
+**Erik Dalén**
+
+ * Style improvements
+
+**Gildas Le Nadan**
+
+ * Documentation improvements
+
+**Paul Belanger**
+
+ * Testing improvements and Travis support
+
+**Branan Purvine-Riley**
+
+ * Support Puppet Module Tool better
+
+**Dustin J. Mitchell**
+
+ * Always include setup when using the concat define
+
+**Andreas Jaggi**
+
+ * Puppet Lint support
+
+**Jan Vansteenkiste**
+
+ * Configurable paths
+
+Contact:
+--------
+puppet-users@ mailing list.
diff --git a/modules/concat/Rakefile b/modules/concat/Rakefile
new file mode 100644
index 0000000..23aea87
--- /dev/null
+++ b/modules/concat/Rakefile
@@ -0,0 +1,5 @@
+require 'puppetlabs_spec_helper/rake_tasks'
+require 'puppet-lint/tasks/puppet-lint'
+
+PuppetLint.configuration.send('disable_80chars')
+PuppetLint.configuration.send('disable_quoted_booleans')
diff --git a/modules/concat/data/common.yaml b/modules/concat/data/common.yaml
new file mode 100644
index 0000000..cd21505
--- /dev/null
+++ b/modules/concat/data/common.yaml
@@ -0,0 +1,2 @@
+---
+
diff --git a/modules/concat/data/freebsd/100release.yaml b/modules/concat/data/freebsd/100release.yaml
new file mode 100644
index 0000000..c3b635b
--- /dev/null
+++ b/modules/concat/data/freebsd/100release.yaml
@@ -0,0 +1,4 @@
+---
+
+
+
diff --git a/modules/concat/data/hiera.yaml b/modules/concat/data/hiera.yaml
new file mode 100644
index 0000000..3b64ea0
--- /dev/null
+++ b/modules/concat/data/hiera.yaml
@@ -0,0 +1,7 @@
+---
+:hierarchy:
+ - "%{operatingsystem}/%{asf_osrelease}"
+ - "common"
+
+:yaml:
+ :datadir: .
diff --git a/modules/concat/files/concatfragments.sh b/modules/concat/files/concatfragments.sh
new file mode 100755
index 0000000..88fe0e7
--- /dev/null
+++ b/modules/concat/files/concatfragments.sh
@@ -0,0 +1,140 @@
+#!/bin/sh
+
+# Script to concat files to a config file.
+#
+# Given a directory like this:
+# /path/to/conf.d
+# |-- fragments
+# | |-- 00_named.conf
+# | |-- 10_domain.net
+# | `-- zz_footer
+#
+# The script supports a test option that will build the concat file to a temp location and
+# use /usr/bin/cmp to verify if it should be run or not. This would result in the concat happening
+# twice on each run but gives you the option to have an unless option in your execs to inhibit rebuilds.
+#
+# Without the test option and the unless combo your services that depend on the final file would end up
+# restarting on each run, or in other manifest models some changes might get missed.
+#
+# OPTIONS:
+# -o The file to create from the sources
+# -d The directory where the fragments are kept
+# -t Test to find out if a build is needed, basically concats the files to a temp
+# location and compare with what's in the final location, return codes are designed
+# for use with unless on an exec resource
+# -w Add a shell style comment at the top of the created file to warn users that it
+# is generated by puppet
+# -f Enables the creation of empty output files when no fragments are found
+# -n Sort the output numerically rather than the default alpha sort
+#
+# the command:
+#
+# concatfragments.sh -o /path/to/conffile.cfg -d /path/to/conf.d
+#
+# creates /path/to/conf.d/fragments.concat and copies the resulting
+# file to /path/to/conffile.cfg. The files will be sorted alphabetically
+# pass the -n switch to sort numerically.
+#
+# The script does error checking on the various dirs and files to make
+# sure things don't fail.
+
+OUTFILE=""
+WORKDIR=""
+TEST=""
+FORCE=""
+WARN=""
+SORTARG=""
+ENSURE_NEWLINE=""
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+
+## Well, if there's ever a bad way to do things, Nexenta has it.
+## http://nexenta.org/projects/site/wiki/Personalities
+unset SUN_PERSONALITY
+
+while getopts "o:s:d:tnw:fl" options; do
+ case $options in
+ o ) OUTFILE=$OPTARG;;
+ d ) WORKDIR=$OPTARG;;
+ n ) SORTARG="-n";;
+ w ) WARNMSG="$OPTARG";;
+ f ) FORCE="true";;
+ t ) TEST="true";;
+ l ) ENSURE_NEWLINE="true";;
+ * ) echo "Specify output file with -o and fragments directory with -d"
+ exit 1;;
+ esac
+done
+
+# do we have -o?
+if [ x${OUTFILE} = "x" ]; then
+ echo "Please specify an output file with -o"
+ exit 1
+fi
+
+# do we have -d?
+if [ x${WORKDIR} = "x" ]; then
+ echo "Please fragments directory with -d"
+ exit 1
+fi
+
+# can we write to -o?
+if [ -f ${OUTFILE} ]; then
+ if [ ! -w ${OUTFILE} ]; then
+ echo "Cannot write to ${OUTFILE}"
+ exit 1
+ fi
+else
+ if [ ! -w `dirname ${OUTFILE}` ]; then
+ echo "Cannot write to `dirname ${OUTFILE}` to create ${OUTFILE}"
+ exit 1
+ fi
+fi
+
+# do we have a fragments subdir inside the work dir?
+if [ ! -d "${WORKDIR}/fragments" ] && [ ! -x "${WORKDIR}/fragments" ]; then
+ echo "Cannot access the fragments directory"
+ exit 1
+fi
+
+# are there actually any fragments?
+if [ ! "$(ls -A ${WORKDIR}/fragments)" ]; then
+ if [ x${FORCE} = "x" ]; then
+ echo "The fragments directory is empty, cowardly refusing to make empty config files"
+ exit 1
+ fi
+fi
+
+cd ${WORKDIR}
+
+if [ "x${WARNMSG}" = "x" ]; then
+ : > "fragments.concat"
+else
+ printf '%s\n' "$WARNMSG" > "fragments.concat"
+fi
+
+if [ x${ENSURE_NEWLINE} != x ]; then
+ find fragments/ -type f -follow -print0 | xargs -0 -I '{}' sh -c 'if [ -n "$(tail -c 1 < {} )" ]; then echo >> {} ; fi'
+fi
+
+# find all the files in the fragments directory, sort them numerically and concat to fragments.concat in the working dir
+IFS_BACKUP=$IFS
+IFS='
+'
+for fragfile in `find fragments/ -type f -follow | LC_ALL=C sort ${SORTARG}`
+do
+ cat $fragfile >> "fragments.concat"
+done
+IFS=$IFS_BACKUP
+
+if [ x${TEST} = "x" ]; then
+ # This is a real run, copy the file to outfile
+ cp fragments.concat ${OUTFILE}
+ RETVAL=$?
+else
+ # Just compare the result to outfile to help the exec decide
+ cmp ${OUTFILE} fragments.concat
+ RETVAL=$?
+fi
+
+exit $RETVAL
diff --git a/modules/concat/files/puppetwarn-hash.txt b/modules/concat/files/puppetwarn-hash.txt
new file mode 100644
index 0000000..699c891
--- /dev/null
+++ b/modules/concat/files/puppetwarn-hash.txt
@@ -0,0 +1,5 @@
+###
+## WARNING ::
+##
+## This file is managed by puppet. All local changes will be lost at the next puppet run.
+###
diff --git a/modules/concat/lib/facter/concat_basedir.rb b/modules/concat/lib/facter/concat_basedir.rb
new file mode 100644
index 0000000..ef5a689
--- /dev/null
+++ b/modules/concat/lib/facter/concat_basedir.rb
@@ -0,0 +1,11 @@
+# == Fact: concat_basedir
+#
+# A custom fact that sets the default location for fragments
+#
+# "${::vardir}/concat/"
+#
+Facter.add("concat_basedir") do
+ setcode do
+ File.join(Puppet[:vardir],"concat")
+ end
+end
diff --git a/modules/concat/manifests/fragment.pp b/modules/concat/manifests/fragment.pp
new file mode 100644
index 0000000..a6831f8
--- /dev/null
+++ b/modules/concat/manifests/fragment.pp
@@ -0,0 +1,67 @@
+# == Define: concat::fragment
+#
+# Puts a file fragment into a directory previous setup using concat
+#
+# === Options:
+#
+# [*target*]
+# The file that these fragments belong to
+# [*content*]
+# If present puts the content into the file
+# [*source*]
+# If content was not specified, use the source
+# [*order*]
+# By default all files gets a 10_ prefix in the directory you can set it to
+# anything else using this to influence the order of the content in the file
+# [*ensure*]
+# Present/Absent or destination to a file to include another file
+# [*mode*]
+# Mode for the file
+# [*owner*]
+# Owner of the file
+# [*group*]
+# Owner of the file
+# [*backup*]
+# Controls the filebucketing behavior of the final file and see File type
+# reference for its use. Defaults to 'puppet'
+#
+define concat::fragment(
+ $target,
+ $content=undef,
+ $source=undef,
+ $order=10,
+ $ensure = 'present',
+ $mode = '0644',
+ $owner = $::id,
+ $group = $concat::setup::root_group,
+ $backup = 'puppet') {
+ $safe_name = regsubst($name, '[/\n]', '_', 'GM')
+ $safe_target_name = regsubst($target, '[/\n]', '_', 'GM')
+ $concatdir = $concat::setup::concatdir
+ $fragdir = "${concatdir}/${safe_target_name}"
+
+ # if content is passed, use that, else if source is passed use that
+ # if neither passed, but $ensure is in symlink form, make a symlink
+ case $ensure {
+ '', 'absent', 'present', 'file', 'directory': {
+ if ! ($content or $source) {
+ crit('No content, source or symlink specified')
+ }
+ }
+ default: {
+ # do nothing, make puppet-lint happy
+ }
+ }
+
+ file{"${fragdir}/fragments/${order}_${safe_name}":
+ ensure => $ensure,
+ mode => $mode,
+ owner => $owner,
+ group => $group,
+ source => $source,
+ content => $content,
+ backup => $backup,
+ alias => "concat_fragment_${name}",
+ notify => Exec["concat_${target}"]
+ }
+}
diff --git a/modules/concat/manifests/fragment/puppetwarn/hash.pp b/modules/concat/manifests/fragment/puppetwarn/hash.pp
new file mode 100644
index 0000000..d0a1c81
--- /dev/null
+++ b/modules/concat/manifests/fragment/puppetwarn/hash.pp
@@ -0,0 +1,50 @@
+#
+define concat::fragment::puppetwarn::hash(
+ $target,
+ $content="
+###
+## ..:: WARNING ::..
+##
+## This file is managed by puppet.
+## All local changes will be lost during
+## the next puppet run.
+##
+###
+",
+ $source=undef,
+ $order=001,
+ $ensure = 'present',
+ $mode = '0644',
+ $owner = $::id,
+ $group = $concat::setup::root_group,
+ $backup = 'puppet') {
+ $safe_name = regsubst($name, '[/\n]', '_', 'GM')
+ $safe_target_name = regsubst($target, '[/\n]', '_', 'GM')
+ $concatdir = $concat::setup::concatdir
+ $fragdir = "${concatdir}/${safe_target_name}"
+
+ # if content is passed, use that, else if source is passed use that
+ # if neither passed, but $ensure is in symlink form, make a symlink
+ case $ensure {
+ '', 'absent', 'present', 'file', 'directory': {
+ if ! ($content or $source) {
+ crit('No content, source or symlink specified')
+ }
+ }
+ default: {
+ # do nothing, make puppet-lint happy
+ }
+ }
+
+ file{"${fragdir}/fragments/${order}_${safe_name}":
+ ensure => $ensure,
+ mode => $mode,
+ owner => $owner,
+ group => $group,
+ source => $source,
+ content => $content,
+ backup => $backup,
+ alias => "concat_fragment_${name}",
+ notify => Exec["concat_${target}"]
+ }
+}
diff --git a/modules/concat/manifests/init.pp b/modules/concat/manifests/init.pp
new file mode 100644
index 0000000..ed4068b
--- /dev/null
+++ b/modules/concat/manifests/init.pp
@@ -0,0 +1,190 @@
+# == Define: concat
+#
+# Sets up so that you can use fragments to build a final config file,
+#
+# === Options:
+#
+# [*path*]
+# The path to the final file. Use this in case you want to differentiate
+# between the name of a resource and the file path. Note: Use the name you
+# provided in the target of your fragments.
+# [*mode*]
+# The mode of the final file
+# [*owner*]
+# Who will own the file
+# [*group*]
+# Who will own the file
+# [*force*]
+# Enables creating empty files if no fragments are present
+# [*warn*]
+# Adds a normal shell style comment top of the file indicating that it is
+# built by puppet
+# [*backup*]
+# Controls the filebucketing behavior of the final file and see File type
+# reference for its use. Defaults to 'puppet'
+# [*replace*]
+# Whether to replace a file that already exists on the local system
+#
+# === Actions:
+# * Creates fragment directories if it didn't exist already
+# * Executes the concatfragments.sh script to build the final file, this
+# script will create directory/fragments.concat. Execution happens only
+# when:
+# * The directory changes
+# * fragments.concat != final destination, this means rebuilds will happen
+# whenever someone changes or deletes the final file. Checking is done
+# using /usr/bin/cmp.
+# * The Exec gets notified by something else - like the concat::fragment
+# define
+# * Copies the file over to the final destination using a file resource
+#
+# === Aliases:
+#
+# * The exec can notified using Exec["concat_/path/to/file"] or
+# Exec["concat_/path/to/directory"]
+# * The final file can be referened as File["/path/to/file"] or
+# File["concat_/path/to/file"]
+#
+define concat(
+ $path = $name,
+ $owner = $::id,
+ $group = $concat::setup::root_group,
+ $mode = '0644',
+ $warn = false,
+ $force = false,
+ $backup = 'puppet',
+ $replace = true,
+ $gnu = undef,
+ $order='alpha',
+ $ensure_newline = false
+) {
+ include concat::setup
+
+ $safe_name = regsubst($name, '/', '_', 'G')
+ $concatdir = $concat::setup::concatdir
+ $version = $concat::setup::majorversion
+ $fragdir = "${concatdir}/${safe_name}"
+ $concat_name = 'fragments.concat.out'
+ $default_warn_message = '# This file is managed by Puppet. DO NOT EDIT.'
+
+ case $warn {
+ 'true', true, yes, on: {
+ $warnmsg = $default_warn_message
+ }
+ 'false', false, no, off: {
+ $warnmsg = ''
+ }
+ default: {
+ $warnmsg = $warn
+ }
+ }
+
+ $warnmsg_escaped = regsubst($warnmsg, "'", "'\\\\''", 'G')
+ $warnflag = $warnmsg_escaped ? {
+ '' => '',
+ default => "-w '${warnmsg_escaped}'"
+ }
+
+ case $force {
+ 'true', true, yes, on: {
+ $forceflag = '-f'
+ }
+ 'false', false, no, off: {
+ $forceflag = ''
+ }
+ default: {
+ fail("Improper 'force' value given to concat: ${force}")
+ }
+ }
+
+ case $order {
+ numeric: {
+ $orderflag = '-n'
+ }
+ alpha: {
+ $orderflag = ''
+ }
+ default: {
+ fail("Improper 'order' value given to concat: ${order}")
+ }
+ }
+
+ case $ensure_newline {
+ 'true', true, yes, on: {
+ $newlineflag = '-l'
+ }
+ 'false', false, no, off: {
+ $newlineflag = ''
+ }
+ default: {
+ fail("Improper 'ensure_newline' value given to concat: ${ensure_newline}")
+ }
+ }
+
+ File {
+ owner => $::id,
+ group => $group,
+ mode => $mode,
+ backup => $backup,
+ replace => $replace
+ }
+
+ file { $fragdir:
+ ensure => directory,
+ }
+
+ $source_real = $version ? {
+ 24 => 'puppet:///concat/null',
+ default => undef,
+ }
+
+ file { "${fragdir}/fragments":
+ ensure => directory,
+ force => true,
+ ignore => ['.svn', '.git', '.gitignore'],
+ notify => Exec["concat_${name}"],
+ purge => true,
+ recurse => true,
+ source => $source_real,
+ }
+
+ file { "${fragdir}/fragments.concat":
+ ensure => present,
+ }
+
+ file { "${fragdir}/${concat_name}":
+ ensure => present,
+ }
+
+ file { $name:
+ ensure => present,
+ path => $path,
+ alias => "concat_${name}",
+ group => $group,
+ mode => $mode,
+ owner => $owner,
+ source => "${fragdir}/${concat_name}",
+ }
+
+ exec { "concat_${name}":
+ alias => "concat_${fragdir}",
+ command => "${concat::setup::concatdir}/bin/concatfragments.sh -o ${fragdir}/${concat_name} -d ${fragdir} ${warnflag} ${forceflag} ${orderflag} ${newlineflag}",
+ notify => File[$name],
+ require => [
+ File[$fragdir],
+ File["${fragdir}/fragments"],
+ File["${fragdir}/fragments.concat"],
+ ],
+ subscribe => File[$fragdir],
+ unless => "${concat::setup::concatdir}/bin/concatfragments.sh -o ${fragdir}/${concat_name} -d ${fragdir} -t ${warnflag} ${forceflag} ${orderflag} ${newlineflag}",
+ }
+
+ if $::id == 'root' {
+ Exec["concat_${name}"] {
+ user => root,
+ group => $group,
+ }
+ }
+}
+
+# vim:sw=2:ts=2:expandtab:textwidth=79
diff --git a/modules/concat/manifests/setup.pp b/modules/concat/manifests/setup.pp
new file mode 100644
index 0000000..5a985f6
--- /dev/null
+++ b/modules/concat/manifests/setup.pp
@@ -0,0 +1,67 @@
+# === Class: concat::setup
+#
+# Sets up the concat system.
+#
+# [$concatdir]
+# is where the fragments live and is set on the fact concat_basedir.
+# Since puppet should always manage files in $concatdir and they should
+# not be deleted ever, /tmp is not an option.
+#
+# [$puppetversion]
+# should be either 24 or 25 to enable a 24 compatible
+# mode, in 24 mode you might see phantom notifies this is a side effect
+# of the method we use to clear the fragments directory.
+#
+# The regular expression below will try to figure out your puppet version
+# but this code will only work in 0.24.8 and newer.
+#
+# It also copies out the concatfragments.sh file to ${concatdir}/bin
+#
+class concat::setup {
+ case $::osfamily {
+ 'windows': {
+ fail("Unsupported osfamily: ${osfamily}")
+ }
+ default: {
+ # Should work otherwise
+ }
+ }
+ $id = $::id
+ $root_group = $id ? {
+ root => 0,
+ default => $id
+ }
+
+ if $::concat_basedir {
+ $concatdir = $::concat_basedir
+ } else {
+ fail ("\$concat_basedir not defined. Try running again with pluginsync=true on the [master] and/or [main] section of your node's '/etc/puppet/puppet.conf'.")
+ }
+
+ $majorversion = regsubst($::puppetversion, '^[0-9]+[.]([0-9]+)[.][0-9]+$', '\1')
+ $fragments_source = $majorversion ? {
+ 24 => 'puppet:///concat/concatfragments.sh',
+ default => 'puppet:///modules/concat/concatfragments.sh'
+ }
+
+ file{"${concatdir}/bin/concatfragments.sh":
+ owner => $id,
+ group => $root_group,
+ mode => '0755',
+ source => $fragments_source;
+
+ [ $concatdir, "${concatdir}/bin" ]:
+ ensure => directory,
+ owner => $id,
+ group => $root_group,
+ mode => '0750';
+
+ ## Old versions of this module used a different path.
+ '/usr/local/bin/concatfragments.sh':
+ ensure => absent;
+ }
+
+ # Ensure we run setup first.
+ Class['concat::setup'] -> Concat::Fragment<| |>
+
+}
diff --git a/modules/concat/metadata.json b/modules/concat/metadata.json
new file mode 100644
index 0000000..adcad0e
--- /dev/null
+++ b/modules/concat/metadata.json
@@ -0,0 +1,134 @@
+{
+ "name": "puppetlabs-concat",
+ "version": "1.0.2",
+ "source": "git://github.com/puppetlabs/puppetlabs-concat.git",
+ "author": "Puppetlabs",
+ "license": "Apache 2.0",
+ "project_page": "http://github.com/puppetlabs/puppetlabs-concat",
+ "summary": "Concat module",
+ "operatingsystem_support": [
+ {
+ "operatingsystem": "RedHat",
+ "operatingsystemrelease": [
+ "5",
+ "6"
+ ]
+ },
+ {
+ "operatingsystem": "CentOS",
+ "operatingsystemrelease": [
+ "5",
+ "6"
+ ]
+ },
+ {
+ "operatingsystem": "OracleLinux",
+ "operatingsystemrelease": [
+ "5",
+ "6"
+ ]
+ },
+ {
+ "operatingsystem": "Scientific",
+ "operatingsystemrelease": [
+ "5",
+ "6"
+ ]
+ },
+ {
+ "operatingsystem": "SLES",
+ "operatingsystemrelease": [
+ "11 SP1"
+ ]
+ },
+ {
+ "operatingsystem": "Debian",
+ "operatingsystemrelease": [
+ "6",
+ "7"
+ ]
+ },
+ {
+ "operatingsystem": "Ubuntu",
+ "operatingsystemrelease": [
+ "10.04",
+ "12.04"
+ ]
+ },
+ {
+ "operatingsystem": "Solaris",
+ "operatingsystemrelease": [
+ "10",
+ "11"
+ ]
+ },
+ {
+ "operatingsystem": "AIX",
+ "operatingsystemrelease": [
+ "5.3",
+ "6.1",
+ "7.1"
+ ]
+ }
+ ],
+ "requirements": [
+ {
+ "name": "pe",
+ "version_requirement": "3.2.x"
+ },
+ {
+ "name": "puppet",
+ "version_requirement": "3.x"
+ }
+ ],
+ "dependencies": [
+
+ ],
+ "description": "Concat module",
+ "types": [
+
+ ],
+ "checksums": {
+ "CHANGELOG.md": "30cdc920990c64e637f7455abfaeaf3d",
+ "Gemfile": "3cadf91e1baf9c8b7d2b1c3036676ba9",
+ "LICENSE": "f5a76685d453424cd63dde1535811cf0",
+ "Modulefile": "b55bcc013ad1418a1c9baa11edd04289",
+ "README": "d15ec3400f628942dd7b7fa8c1a18da3",
+ "README.markdown": "a028e3752126d36288870225a83c6e6e",
+ "Rakefile": "e415d40cd8db238f02bf4575d5e1e693",
+ "files/concatfragments.sh": "e7aaa4c45316eb97d2d88b57334c4060",
+ "lib/facter/concat_basedir.rb": "e152593fafe27ef305fc473929c62ca6",
+ "manifests/fragment.pp": "196ee8e405b3a31b84ae618ed54377ed",
+ "manifests/init.pp": "8d0cc8e9cf145ca7a23db05a30252476",
+ "manifests/setup.pp": "b179589ac55f0f8d3108dd5fd460da4a",
+ "spec/acceptance/backup_spec.rb": "46e39d56d025a7343f11bf9a9fff9854",
+ "spec/acceptance/concat_spec.rb": "bdc52d4c3f8a28ece90970f649208080",
+ "spec/acceptance/empty_spec.rb": "533f77b85fc9a19d11a3966b507037ec",
+ "spec/acceptance/fragment_source_spec.rb": "5d8ff3de54a785bec58ed2c1e6383187",
+ "spec/acceptance/newline_spec.rb": "dc75805a2a57bd48cb210ba402e4a077",
+ "spec/acceptance/nodesets/centos-59-x64.yml": "57eb3e471b9042a8ea40978c467f8151",
+ "spec/acceptance/nodesets/centos-64-x64-pe.yml": "ec075d95760df3d4702abea1ce0a829b",
+ "spec/acceptance/nodesets/centos-64-x64.yml": "9cde7b5d2ab6a42366d2344c264d6bdc",
+ "spec/acceptance/nodesets/debian-607-x64.yml": "d566bf76f534e2af7c9a4605316d232c",
+ "spec/acceptance/nodesets/debian-70rc1-x64.yml": "31ccca73af7b74e1cc2fb0035c230b2c",
+ "spec/acceptance/nodesets/default.yml": "9cde7b5d2ab6a42366d2344c264d6bdc",
+ "spec/acceptance/nodesets/fedora-18-x64.yml": "acc126fa764c39a3b1df36e9224a21d9",
+ "spec/acceptance/nodesets/sles-11sp1-x64.yml": "fa0046bd89c1ab4ba9521ad79db234cd",
+ "spec/acceptance/nodesets/ubuntu-server-10044-x64.yml": "dc0da2d2449f66c8fdae16593811504f",
+ "spec/acceptance/nodesets/ubuntu-server-12042-x64.yml": "78a3ee42652e26119d90aa62586565b2",
+ "spec/acceptance/order_spec.rb": "8d919b8e14e8ae04b3254cd05eaff1d3",
+ "spec/acceptance/replace_spec.rb": "676cf26a8e59ee4be3510c9531d17ed2",
+ "spec/acceptance/symbolic_name_spec.rb": "51a40f87f1b68e3035f39d0681c374c1",
+ "spec/acceptance/unsupported_spec.rb": "9a060f1a1f19a4af725f96869a403354",
+ "spec/acceptance/warn_spec.rb": "c4a641849c18cf4b092a99eb66367549",
+ "spec/defines/init_spec.rb": "35e41d4abceba0dca090d3addd92bb4f",
+ "spec/spec_helper.rb": "0db89c9a486df193c0e40095422e19dc",
+ "spec/spec_helper_acceptance.rb": "9f2165faf3619160798a0a3b0a118705",
+ "spec/spec_helper_system.rb": "9c3742bf87d62027f080c6b9fa98b979",
+ "spec/system/basic_spec.rb": "9135d9af6a21f16980ab59b58e91ed9a",
+ "spec/system/concat_spec.rb": "5fe675ec42ca441d0c7e431c31bbc238",
+ "spec/system/empty_spec.rb": "51ab1fc7c86268f1ab1cda72dc5ff583",
+ "spec/system/replace_spec.rb": "275295e6b4f04fc840dc3f87faf56249",
+ "spec/system/warn_spec.rb": "0ea35b44e8f0ac5352256f95115995ce"
+ }
+}
\ No newline at end of file
diff --git a/modules/concat/spec/acceptance/backup_spec.rb b/modules/concat/spec/acceptance/backup_spec.rb
new file mode 100644
index 0000000..c09c178
--- /dev/null
+++ b/modules/concat/spec/acceptance/backup_spec.rb
@@ -0,0 +1,105 @@
+require 'spec_helper_acceptance'
+
+describe 'concat backup parameter', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ basedir = default.tmpdir('concat')
+ context '=> puppet' do
+ before :all do
+ shell("rm -rf #{basedir}")
+ shell("mkdir -p #{basedir}")
+ shell("echo 'old contents' > #{basedir}/file")
+ end
+
+ pp = <<-EOS
+ include concat::setup
+ concat { '#{basedir}/file':
+ backup => 'puppet',
+ }
+ concat::fragment { 'new file':
+ target => '#{basedir}/file',
+ content => 'new contents',
+ }
+ EOS
+
+ it 'applies the manifest twice with "Filebucketed" stdout and no stderr' do
+ apply_manifest(pp, :catch_failures => true) do |r|
+ expect(r.stderr).to eq("")
+ expect(r.stdout).to match(/Filebucketed #{basedir}\/file to puppet with sum 0140c31db86293a1a1e080ce9b91305f/) # sum is for file contents of 'old contents'
+ end
+ expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
+ end
+
+ describe file("#{basedir}/file") do
+ it { should be_file }
+ it { should contain 'new contents' }
+ end
+ end
+
+ context '=> .backup' do
+ before :all do
+ shell("rm -rf #{basedir}")
+ shell("mkdir -p #{basedir}")
+ shell("echo 'old contents' > #{basedir}/file")
+ end
+
+ pp = <<-EOS
+ include concat::setup
+ concat { '#{basedir}/file':
+ backup => '.backup',
+ }
+ concat::fragment { 'new file':
+ target => '#{basedir}/file',
+ content => 'new contents',
+ }
+ EOS
+
+ # XXX Puppet doesn't mention anything about filebucketing with a given
+ # extension like .backup
+ it 'applies the manifest twice no stderr' do
+ expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
+ expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
+ end
+
+ describe file("#{basedir}/file") do
+ it { should be_file }
+ it { should contain 'new contents' }
+ end
+ describe file("#{basedir}/file.backup") do
+ it { should be_file }
+ it { should contain 'old contents' }
+ end
+ end
+
+ # XXX The backup parameter uses validate_string() and thus can't be the
+ # boolean false value, but the string 'false' has the same effect in Puppet 3
+ context "=> 'false'" do
+ before :all do
+ shell("rm -rf #{basedir}")
+ shell("mkdir -p #{basedir}")
+ shell("echo 'old contents' > #{basedir}/file")
+ end
+
+ pp = <<-EOS
+ include concat::setup
+ concat { '#{basedir}/file':
+ backup => '.backup',
+ }
+ concat::fragment { 'new file':
+ target => '#{basedir}/file',
+ content => 'new contents',
+ }
+ EOS
+
+ it 'applies the manifest twice with no "Filebucketed" stdout and no stderr' do
+ apply_manifest(pp, :catch_failures => true) do |r|
+ expect(r.stderr).to eq("")
+ expect(r.stdout).to_not match(/Filebucketed/)
+ end
+ expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
+ end
+
+ describe file("#{basedir}/file") do
+ it { should be_file }
+ it { should contain 'new contents' }
+ end
+ end
+end
diff --git a/modules/concat/spec/acceptance/concat_spec.rb b/modules/concat/spec/acceptance/concat_spec.rb
new file mode 100644
index 0000000..b4f7352
--- /dev/null
+++ b/modules/concat/spec/acceptance/concat_spec.rb
@@ -0,0 +1,79 @@
+require 'spec_helper_acceptance'
+
+case fact('osfamily')
+when 'AIX'
+ username = 'root'
+ groupname = 'system'
+when 'windows'
+ username = 'Administrator'
+ groupname = 'Administrators'
+else
+ username = 'root'
+ groupname = 'root'
+end
+
+describe 'basic concat test', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ basedir = default.tmpdir('concat')
+
+ shared_examples 'successfully_applied' do |pp|
+ it 'applies the manifest twice with no stderr' do
+ expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
+ expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
+ end
+ end
+
+ context 'owner/group' do
+ pp = <<-EOS
+ include concat::setup
+ concat { '#{basedir}/file':
+ owner => '#{username}',
+ group => '#{groupname}',
+ mode => '0644',
+ }
+
+ concat::fragment { '1':
+ target => '#{basedir}/file',
+ content => '1',
+ order => '01',
+ }
+
+ concat::fragment { '2':
+ target => '#{basedir}/file',
+ content => '2',
+ order => '02',
+ }
+ EOS
+
+ it_behaves_like 'successfully_applied', pp
+
+ describe file("#{basedir}/file") do
+ it { should be_file }
+ it { should be_owned_by username }
+ it { should be_grouped_into groupname }
+ # XXX file be_mode isn't supported on AIX
+ it("should be mode 644", :unless => (fact('osfamily') == "AIX" or UNSUPPORTED_PLATFORMS.include?(fact('osfamily')))) {
+ should be_mode 644
+ }
+ it { should contain '1' }
+ it { should contain '2' }
+ end
+ describe file("#{default.puppet['vardir']}/concat/#{basedir.gsub('/','_')}_file/fragments/01_1") do
+ it { should be_file }
+ it { should be_owned_by username }
+ it { should be_grouped_into groupname }
+ # XXX file be_mode isn't supported on AIX
+ it("should be mode 644", :unless => (fact('osfamily') == "AIX" or UNSUPPORTED_PLATFORMS.include?(fact('osfamily')))) {
+ should be_mode 644
+ }
+ end
+ describe file("#{default.puppet['vardir']}/concat/#{basedir.gsub('/','_')}_file/fragments/02_2") do
+ it { should be_file }
+ it { should be_owned_by username }
+ it { should be_grouped_into groupname }
+ # XXX file be_mode isn't supported on AIX
+ it("should be mode 644", :unless => (fact('osfamily') == "AIX" or UNSUPPORTED_PLATFORMS.include?(fact('osfamily')))) {
+ should be_mode 644
+ }
+ end
+ end
+end
diff --git a/modules/concat/spec/acceptance/empty_spec.rb b/modules/concat/spec/acceptance/empty_spec.rb
new file mode 100644
index 0000000..8eb0a96
--- /dev/null
+++ b/modules/concat/spec/acceptance/empty_spec.rb
@@ -0,0 +1,24 @@
+require 'spec_helper_acceptance'
+
+describe 'concat force empty parameter', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ basedir = default.tmpdir('concat')
+ context 'should run successfully' do
+ pp = <<-EOS
+ include concat::setup
+ concat { '#{basedir}/file':
+ mode => '0644',
+ force => true,
+ }
+ EOS
+
+ it 'applies the manifest twice with no stderr' do
+ expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
+ expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
+ end
+
+ describe file("#{basedir}/file") do
+ it { should be_file }
+ it { should_not contain '1\n2' }
+ end
+ end
+end
diff --git a/modules/concat/spec/acceptance/fragment_source_spec.rb b/modules/concat/spec/acceptance/fragment_source_spec.rb
new file mode 100644
index 0000000..3f6eb49
--- /dev/null
+++ b/modules/concat/spec/acceptance/fragment_source_spec.rb
@@ -0,0 +1,150 @@
+require 'spec_helper_acceptance'
+
+case fact('osfamily')
+when 'AIX'
+ username = 'root'
+ groupname = 'system'
+when 'windows'
+ username = 'Administrator'
+ groupname = 'Administrators'
+else
+ username = 'root'
+ groupname = 'root'
+end
+
+describe 'concat::fragment source', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ basedir = default.tmpdir('concat')
+ context 'should read file fragments from local system' do
+ before(:all) do
+ shell("/bin/echo 'file1 contents' > #{basedir}/file1")
+ shell("/bin/echo 'file2 contents' > #{basedir}/file2")
+ end
+
+ pp = <<-EOS
+ include concat::setup
+ concat { '#{basedir}/foo': }
+
+ concat::fragment { '1':
+ target => '#{basedir}/foo',
+ source => '#{basedir}/file1',
+ }
+ concat::fragment { '2':
+ target => '#{basedir}/foo',
+ content => 'string1 contents',
+ }
+ concat::fragment { '3':
+ target => '#{basedir}/foo',
+ source => '#{basedir}/file2',
+ }
+ EOS
+
+ it 'applies the manifest twice with no stderr' do
+ expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
+ expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
+ end
+
+ describe file("#{basedir}/foo") do
+ it { should be_file }
+ it { should contain 'file1 contents' }
+ it { should contain 'string1 contents' }
+ it { should contain 'file2 contents' }
+ end
+ end # should read file fragments from local system
+
+ context 'should create files containing first match only.' do
+ before(:all) do
+ shell("rm -rf #{basedir} #{default.puppet['vardir']}/concat")
+ shell("mkdir -p #{basedir}")
+ shell("echo 'file1 contents' > #{basedir}/file1")
+ shell("echo 'file2 contents' > #{basedir}/file2")
+ end
+
+ pp = <<-EOS
+ include concat::setup
+ concat { '#{basedir}/result_file1':
+ owner => '#{username}',
+ group => '#{groupname}',
+ mode => '0644',
+ }
+ concat { '#{basedir}/result_file2':
+ owner => '#{username}',
+ group => '#{groupname}',
+ mode => '0644',
+ }
+ concat { '#{basedir}/result_file3':
+ owner => '#{username}',
+ group => '#{groupname}',
+ mode => '0644',
+ }
+
+ concat::fragment { '1':
+ target => '#{basedir}/result_file1',
+ source => [ '#{basedir}/file1', '#{basedir}/file2' ],
+ order => '01',
+ }
+ concat::fragment { '2':
+ target => '#{basedir}/result_file2',
+ source => [ '#{basedir}/file2', '#{basedir}/file1' ],
+ order => '01',
+ }
+ concat::fragment { '3':
+ target => '#{basedir}/result_file3',
+ source => [ '#{basedir}/file1', '#{basedir}/file2' ],
+ order => '01',
+ }
+ EOS
+
+ it 'applies the manifest twice with no stderr' do
+ expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
+ expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
+ end
+ describe file("#{basedir}/result_file1") do
+ it { should be_file }
+ it { should contain 'file1 contents' }
+ it { should_not contain 'file2 contents' }
+ end
+ describe file("#{basedir}/result_file2") do
+ it { should be_file }
+ it { should contain 'file2 contents' }
+ it { should_not contain 'file1 contents' }
+ end
+ describe file("#{basedir}/result_file3") do
+ it { should be_file }
+ it { should contain 'file1 contents' }
+ it { should_not contain 'file2 contents' }
+ end
+ end
+
+ context 'should fail if no match on source.' do
+ before(:all) do
+ shell("rm -rf #{basedir} #{default.puppet['vardir']}/concat")
+ shell("mkdir -p #{basedir}")
+ shell("rm -rf #{basedir}/fail_no_source #{basedir}/nofilehere #{basedir}/nothereeither")
+ end
+
+ pp = <<-EOS
+ include concat::setup
+ concat { '#{basedir}/fail_no_source':
+ owner => '#{username}',
+ group => '#{groupname}',
+ mode => '0644',
+ }
+
+ concat::fragment { '1':
+ target => '#{basedir}/fail_no_source',
+ source => [ '#{basedir}/nofilehere', '#{basedir}/nothereeither' ],
+ order => '01',
+ }
+ EOS
+
+ it 'applies the manifest with resource failures' do
+ apply_manifest(pp, :expect_failures => true)
+ end
+ describe file("#{basedir}/fail_no_source") do
+ #FIXME: Serverspec::Type::File doesn't support exists? for some reason. so... hack.
+ it { should_not be_file }
+ it { should_not be_directory }
+ end
+ end
+end
+
diff --git a/modules/concat/spec/acceptance/newline_spec.rb b/modules/concat/spec/acceptance/newline_spec.rb
new file mode 100644
index 0000000..fb3f17d
--- /dev/null
+++ b/modules/concat/spec/acceptance/newline_spec.rb
@@ -0,0 +1,60 @@
+require 'spec_helper_acceptance'
+
+describe 'concat ensure_newline parameter', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ basedir = default.tmpdir('concat')
+ context '=> false' do
+ pp = <<-EOS
+ include concat::setup
+ concat { '#{basedir}/file':
+ ensure_newline => false,
+ }
+ concat::fragment { '1':
+ target => '#{basedir}/file',
+ content => '1',
+ }
+ concat::fragment { '2':
+ target => '#{basedir}/file',
+ content => '2',
+ }
+ EOS
+
+ it 'applies the manifest twice with no stderr' do
+ expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
+ expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
+ end
+
+ describe file("#{basedir}/file") do
+ it { should be_file }
+ it { should contain '12' }
+ end
+ end
+
+ #context '=> true' do
+ # pp = <<-EOS
+ # include concat::setup
+ # concat { '#{basedir}/file':
+ # ensure_newline => true,
+ # }
+ # concat::fragment { '1':
+ # target => '#{basedir}/file',
+ # content => '1',
+ # }
+ # concat::fragment { '2':
+ # target => '#{basedir}/file',
+ # content => '2',
+ # }
+ # EOS
+
+ # it 'applies the manifest twice with no stderr' do
+ # expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
+ # expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
+ # #XXX ensure_newline => true causes changes on every run because the files
+ # #are modified in place.
+ # end
+
+ # describe file("#{basedir}/file") do
+ # it { should be_file }
+ # it { should contain "1\n2\n" }
+ # end
+ #end
+end
diff --git a/modules/concat/spec/acceptance/nodesets/centos-59-x64.yml b/modules/concat/spec/acceptance/nodesets/centos-59-x64.yml
new file mode 100644
index 0000000..2ad90b8
--- /dev/null
+++ b/modules/concat/spec/acceptance/nodesets/centos-59-x64.yml
@@ -0,0 +1,10 @@
+HOSTS:
+ centos-59-x64:
+ roles:
+ - master
+ platform: el-5-x86_64
+ box : centos-59-x64-vbox4210-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-59-x64-vbox4210-nocm.box
+ hypervisor : vagrant
+CONFIG:
+ type: git
diff --git a/modules/concat/spec/acceptance/nodesets/centos-64-x64-pe.yml b/modules/concat/spec/acceptance/nodesets/centos-64-x64-pe.yml
new file mode 100644
index 0000000..7d9242f
--- /dev/null
+++ b/modules/concat/spec/acceptance/nodesets/centos-64-x64-pe.yml
@@ -0,0 +1,12 @@
+HOSTS:
+ centos-64-x64:
+ roles:
+ - master
+ - database
+ - dashboard
+ platform: el-6-x86_64
+ box : centos-64-x64-vbox4210-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box
+ hypervisor : vagrant
+CONFIG:
+ type: pe
diff --git a/modules/concat/spec/acceptance/nodesets/centos-64-x64.yml b/modules/concat/spec/acceptance/nodesets/centos-64-x64.yml
new file mode 100644
index 0000000..0639835
--- /dev/null
+++ b/modules/concat/spec/acceptance/nodesets/centos-64-x64.yml
@@ -0,0 +1,10 @@
+HOSTS:
+ centos-64-x64:
+ roles:
+ - master
+ platform: el-6-x86_64
+ box : centos-64-x64-vbox4210-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box
+ hypervisor : vagrant
+CONFIG:
+ type: git
diff --git a/modules/concat/spec/acceptance/nodesets/debian-607-x64.yml b/modules/concat/spec/acceptance/nodesets/debian-607-x64.yml
new file mode 100644
index 0000000..4c8be42
--- /dev/null
+++ b/modules/concat/spec/acceptance/nodesets/debian-607-x64.yml
@@ -0,0 +1,10 @@
+HOSTS:
+ debian-607-x64:
+ roles:
+ - master
+ platform: debian-6-amd64
+ box : debian-607-x64-vbox4210-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/debian-607-x64-vbox4210-nocm.box
+ hypervisor : vagrant
+CONFIG:
+ type: git
diff --git a/modules/concat/spec/acceptance/nodesets/debian-70rc1-x64.yml b/modules/concat/spec/acceptance/nodesets/debian-70rc1-x64.yml
new file mode 100644
index 0000000..19181c1
--- /dev/null
+++ b/modules/concat/spec/acceptance/nodesets/debian-70rc1-x64.yml
@@ -0,0 +1,10 @@
+HOSTS:
+ debian-70rc1-x64:
+ roles:
+ - master
+ platform: debian-7-amd64
+ box : debian-70rc1-x64-vbox4210-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/debian-70rc1-x64-vbox4210-nocm.box
+ hypervisor : vagrant
+CONFIG:
+ type: git
diff --git a/modules/concat/spec/acceptance/nodesets/default.yml b/modules/concat/spec/acceptance/nodesets/default.yml
new file mode 100644
index 0000000..0639835
--- /dev/null
+++ b/modules/concat/spec/acceptance/nodesets/default.yml
@@ -0,0 +1,10 @@
+HOSTS:
+ centos-64-x64:
+ roles:
+ - master
+ platform: el-6-x86_64
+ box : centos-64-x64-vbox4210-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box
+ hypervisor : vagrant
+CONFIG:
+ type: git
diff --git a/modules/concat/spec/acceptance/nodesets/fedora-18-x64.yml b/modules/concat/spec/acceptance/nodesets/fedora-18-x64.yml
new file mode 100644
index 0000000..624b537
--- /dev/null
+++ b/modules/concat/spec/acceptance/nodesets/fedora-18-x64.yml
@@ -0,0 +1,10 @@
+HOSTS:
+ fedora-18-x64:
+ roles:
+ - master
+ platform: fedora-18-x86_64
+ box : fedora-18-x64-vbox4210-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/fedora-18-x64-vbox4210-nocm.box
+ hypervisor : vagrant
+CONFIG:
+ type: git
diff --git a/modules/concat/spec/acceptance/nodesets/sles-11sp1-x64.yml b/modules/concat/spec/acceptance/nodesets/sles-11sp1-x64.yml
new file mode 100644
index 0000000..554c37a
--- /dev/null
+++ b/modules/concat/spec/acceptance/nodesets/sles-11sp1-x64.yml
@@ -0,0 +1,10 @@
+HOSTS:
+ sles-11sp1-x64:
+ roles:
+ - master
+ platform: sles-11-x86_64
+ box : sles-11sp1-x64-vbox4210-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/sles-11sp1-x64-vbox4210-nocm.box
+ hypervisor : vagrant
+CONFIG:
+ type: git
diff --git a/modules/concat/spec/acceptance/nodesets/ubuntu-server-10044-x64.yml b/modules/concat/spec/acceptance/nodesets/ubuntu-server-10044-x64.yml
new file mode 100644
index 0000000..5047017
--- /dev/null
+++ b/modules/concat/spec/acceptance/nodesets/ubuntu-server-10044-x64.yml
@@ -0,0 +1,10 @@
+HOSTS:
+ ubuntu-server-10044-x64:
+ roles:
+ - master
+ platform: ubuntu-10.04-amd64
+ box : ubuntu-server-10044-x64-vbox4210-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-10044-x64-vbox4210-nocm.box
+ hypervisor : vagrant
+CONFIG:
+ type: git
diff --git a/modules/concat/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml b/modules/concat/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml
new file mode 100644
index 0000000..1c7a34c
--- /dev/null
+++ b/modules/concat/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml
@@ -0,0 +1,10 @@
+HOSTS:
+ ubuntu-server-12042-x64:
+ roles:
+ - master
+ platform: ubuntu-12.04-amd64
+ box : ubuntu-server-12042-x64-vbox4210-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-12042-x64-vbox4210-nocm.box
+ hypervisor : vagrant
+CONFIG:
+ type: git
diff --git a/modules/concat/spec/acceptance/order_spec.rb b/modules/concat/spec/acceptance/order_spec.rb
new file mode 100644
index 0000000..1c79ab4
--- /dev/null
+++ b/modules/concat/spec/acceptance/order_spec.rb
@@ -0,0 +1,155 @@
+require 'spec_helper_acceptance'
+
+describe 'concat order', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ basedir = default.tmpdir('concat')
+ before(:all) do
+ shell("rm -rf #{basedir} #{default.puppet['vardir']}/concat")
+ shell("mkdir -p #{basedir}")
+ end
+
+ context '=> alpha' do
+ pp = <<-EOS
+ include concat::setup
+ concat { '#{basedir}/foo':
+ order => 'alpha'
+ }
+ concat::fragment { '1':
+ target => '#{basedir}/foo',
+ content => 'string1',
+ }
+ concat::fragment { '2':
+ target => '#{basedir}/foo',
+ content => 'string2',
+ }
+ concat::fragment { '10':
+ target => '#{basedir}/foo',
+ content => 'string10',
+ }
+ EOS
+
+ it 'applies the manifest twice with no stderr' do
+ expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
+ expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
+ end
+
+ describe file("#{basedir}/foo") do
+ it { should be_file }
+ #XXX Solaris 10 doesn't support multi-line grep
+ it("should contain string10\nstring1\nsring2", :unless => (fact('osfamily') == 'Solaris' or UNSUPPORTED_PLATFORMS.include?(fact('osfamily')))) {
+ should contain "string10\nstring1\nsring2"
+ }
+ end
+ end
+
+ context '=> numeric' do
+ pp = <<-EOS
+ include concat::setup
+ concat { '#{basedir}/foo':
+ order => 'numeric'
+ }
+ concat::fragment { '1':
+ target => '#{basedir}/foo',
+ content => 'string1',
+ }
+ concat::fragment { '2':
+ target => '#{basedir}/foo',
+ content => 'string2',
+ }
+ concat::fragment { '10':
+ target => '#{basedir}/foo',
+ content => 'string10',
+ }
+ EOS
+
+ it 'applies the manifest twice with no stderr' do
+ expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
+ expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
+ end
+
+ describe file("#{basedir}/foo") do
+ it { should be_file }
+ #XXX Solaris 10 doesn't support multi-line grep
+ it("should contain string1\nstring2\nsring10", :unless => (fact('osfamily') == 'Solaris' or UNSUPPORTED_PLATFORMS.include?(fact('osfamily')))) {
+ should contain "string1\nstring2\nsring10"
+ }
+ end
+ end
+end # concat order
+
+describe 'concat::fragment order', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ basedir = default.tmpdir('concat')
+ before(:all) do
+ shell("rm -rf #{basedir} #{default.puppet['vardir']}/concat")
+ shell("mkdir -p #{basedir}")
+ end
+
+ context '=> reverse order' do
+ pp = <<-EOS
+ include concat::setup
+ concat { '#{basedir}/foo': }
+ concat::fragment { '1':
+ target => '#{basedir}/foo',
+ content => 'string1',
+ order => '15',
+ }
+ concat::fragment { '2':
+ target => '#{basedir}/foo',
+ content => 'string2',
+ # default order 10
+ }
+ concat::fragment { '3':
+ target => '#{basedir}/foo',
+ content => 'string3',
+ order => '1',
+ }
+ EOS
+
+ it 'applies the manifest twice with no stderr' do
+ expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
+ expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
+ end
+
+ describe file("#{basedir}/foo") do
+ it { should be_file }
+ #XXX Solaris 10 doesn't support multi-line grep
+ it("should contain string3\nstring2\nsring1", :unless => (fact('osfamily') == 'Solaris' or UNSUPPORTED_PLATFORMS.include?(fact('osfamily')))) {
+ should contain "string3\nstring2\nsring1"
+ }
+ end
+ end
+
+ context '=> normal order' do
+ pp = <<-EOS
+ include concat::setup
+ concat { '#{basedir}/foo': }
+ concat::fragment { '1':
+ target => '#{basedir}/foo',
+ content => 'string1',
+ order => '01',
+ }
+ concat::fragment { '2':
+ target => '#{basedir}/foo',
+ content => 'string2',
+ order => '02'
+ }
+ concat::fragment { '3':
+ target => '#{basedir}/foo',
+ content => 'string3',
+ order => '03',
+ }
+ EOS
+
+ it 'applies the manifest twice with no stderr' do
+ expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
+ expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
+ end
+
+ describe file("#{basedir}/foo") do
+ it { should be_file }
+ #XXX Solaris 10 doesn't support multi-line grep
+ it("should contain string1\nstring2\nsring3", :unless => (fact('osfamily') == 'Solaris' or UNSUPPORTED_PLATFORMS.include?(fact('osfamily')))) {
+ should contain "string1\nstring2\nsring3"
+ }
+ end
+ end
+end # concat::fragment order
diff --git a/modules/concat/spec/acceptance/replace_spec.rb b/modules/concat/spec/acceptance/replace_spec.rb
new file mode 100644
index 0000000..e84140f
--- /dev/null
+++ b/modules/concat/spec/acceptance/replace_spec.rb
@@ -0,0 +1,249 @@
+require 'spec_helper_acceptance'
+
+describe 'replacement of', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ basedir = default.tmpdir('concat')
+ context 'file' do
+ context 'should not succeed' do
+ before(:all) do
+ shell("mkdir -p #{basedir}")
+ shell("echo 'file exists' > #{basedir}/file")
+ end
+ after(:all) do
+ shell("rm -rf #{basedir} #{default.puppet['vardir']}/concat")
+ end
+
+ pp = <<-EOS
+ include concat::setup
+ concat { '#{basedir}/file':
+ replace => false,
+ }
+
+ concat::fragment { '1':
+ target => '#{basedir}/file',
+ content => '1',
+ }
+
+ concat::fragment { '2':
+ target => '#{basedir}/file',
+ content => '2',
+ }
+ EOS
+
+ it 'applies the manifest twice with no stderr' do
+ expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
+ expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
+ end
+
+ describe file("#{basedir}/file") do
+ it { should be_file }
+ it { should contain 'file exists' }
+ it { should_not contain '1' }
+ it { should_not contain '2' }
+ end
+ end
+
+ context 'should succeed' do
+ before(:all) do
+ shell("mkdir -p #{basedir}")
+ shell("echo 'file exists' > #{basedir}/file")
+ end
+ after(:all) do
+ shell("rm -rf #{basedir} #{default.puppet['vardir']}/concat")
+ end
+
+ pp = <<-EOS
+ include concat::setup
+ concat { '#{basedir}/file':
+ replace => true,
+ }
+
+ concat::fragment { '1':
+ target => '#{basedir}/file',
+ content => '1',
+ }
+
+ concat::fragment { '2':
+ target => '#{basedir}/file',
+ content => '2',
+ }
+ EOS
+
+ it 'applies the manifest twice with no stderr' do
+ expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
+ expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
+ end
+
+ describe file("#{basedir}/file") do
+ it { should be_file }
+ it { should_not contain 'file exists' }
+ it { should contain '1' }
+ it { should contain '2' }
+ end
+ end
+ end # file
+
+ context 'symlink' do
+ context 'should not succeed' do
+ # XXX the core puppet file type will replace a symlink with a plain file
+ # when using ensure => present and source => ... but it will not when using
+ # ensure => present and content => ...; this is somewhat confusing behavior
+ before(:all) do
+ shell("mkdir -p #{basedir}")
+ shell("ln -s #{basedir}/dangling #{basedir}/file")
+ end
+ after(:all) do
+ shell("rm -rf #{basedir} #{default.puppet['vardir']}/concat")
+ end
+
+ pp = <<-EOS
+ include concat::setup
+ concat { '#{basedir}/file':
+ replace => false,
+ }
+
+ concat::fragment { '1':
+ target => '#{basedir}/file',
+ content => '1',
+ }
+
+ concat::fragment { '2':
+ target => '#{basedir}/file',
+ content => '2',
+ }
+ EOS
+
+ it 'applies the manifest twice with no stderr' do
+ expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
+ expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
+ end
+
+ # XXX specinfra doesn't support be_linked_to on AIX
+ describe file("#{basedir}/file"), :unless => (fact("osfamily") == "AIX" or UNSUPPORTED_PLATFORMS.include?(fact('osfamily'))) do
+ it { should be_linked_to "#{basedir}/dangling" }
+ end
+
+ describe file("#{basedir}/dangling") do
+ # XXX serverspec does not have a matcher for 'exists'
+ it { should_not be_file }
+ it { should_not be_directory }
+ end
+ end
+
+ context 'should succeed' do
+ # XXX the core puppet file type will replace a symlink with a plain file
+ # when using ensure => present and source => ... but it will not when using
+ # ensure => present and content => ...; this is somewhat confusing behavior
+ before(:all) do
+ shell("mkdir -p #{basedir}")
+ shell("ln -s #{basedir}/dangling #{basedir}/file")
+ end
+ after(:all) do
+ shell("rm -rf #{basedir} #{default.puppet['vardir']}/concat")
+ end
+
+ pp = <<-EOS
+ include concat::setup
+ concat { '#{basedir}/file':
+ replace => true,
+ }
+
+ concat::fragment { '1':
+ target => '#{basedir}/file',
+ content => '1',
+ }
+
+ concat::fragment { '2':
+ target => '#{basedir}/file',
+ content => '2',
+ }
+ EOS
+
+ it 'applies the manifest twice with no stderr' do
+ expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
+ expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
+ end
+
+ describe file("#{basedir}/file") do
+ it { should be_file }
+ it { should contain '1' }
+ it { should contain '2' }
+ end
+ end
+ end # symlink
+
+ context 'directory' do
+ context 'should not succeed' do
+ before(:all) do
+ shell("mkdir -p #{basedir}/file")
+ end
+ after(:all) do
+ shell("rm -rf #{basedir} #{default.puppet['vardir']}/concat")
+ end
+
+ pp = <<-EOS
+ include concat::setup
+ concat { '#{basedir}/file': }
+
+ concat::fragment { '1':
+ target => '#{basedir}/file',
+ content => '1',
+ }
+
+ concat::fragment { '2':
+ target => '#{basedir}/file',
+ content => '2',
+ }
+ EOS
+
+ it 'applies the manifest twice with stderr for changing to file' do
+ expect(apply_manifest(pp, :expect_failures => true).stderr).to match(/change from directory to file failed/)
+ expect(apply_manifest(pp, :expect_failures => true).stderr).to match(/change from directory to file failed/)
+ end
+
+ describe file("#{basedir}/file") do
+ it { should be_directory }
+ end
+ end
+
+ # XXX concat's force param currently enables the creation of empty files
+ # when there are no fragments, and the replace param will only replace
+ # files and symlinks, not directories. The semantics either need to be
+ # changed, extended, or a new param introduced to control directory
+ # replacement.
+ context 'should succeed', :pending => 'not yet implemented' do
+ before(:all) do
+ shell("mkdir -p #{basedir}/file")
+ end
+ after(:all) do
+ shell("rm -rf #{basedir} #{default.puppet['vardir']}/concat")
+ end
+
+ pp = <<-EOS
+ include concat::setup
+ concat { '#{basedir}/file':
+ force => true,
+ }
+
+ concat::fragment { '1':
+ target => '#{basedir}/file',
+ content => '1',
+ }
+
+ concat::fragment { '2':
+ target => '#{basedir}/file',
+ content => '2',
+ }
+ EOS
+
+ it 'applies the manifest twice with no stderr' do
+ expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
+ expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
+ end
+
+ describe file("#{basedir}/file") do
+ it { should be_file }
+ it { should contain '1' }
+ end
+ end
+ end # directory
+end
diff --git a/modules/concat/spec/acceptance/symbolic_name_spec.rb b/modules/concat/spec/acceptance/symbolic_name_spec.rb
new file mode 100644
index 0000000..57a9e95
--- /dev/null
+++ b/modules/concat/spec/acceptance/symbolic_name_spec.rb
@@ -0,0 +1,34 @@
+require 'spec_helper_acceptance'
+
+describe 'symbolic name', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ basedir = default.tmpdir('concat')
+ pp = <<-EOS
+ include concat::setup
+ concat { 'not_abs_path':
+ path => '#{basedir}/file',
+ }
+
+ concat::fragment { '1':
+ target => 'not_abs_path',
+ content => '1',
+ order => '01',
+ }
+
+ concat::fragment { '2':
+ target => 'not_abs_path',
+ content => '2',
+ order => '02',
+ }
+ EOS
+
+ it 'applies the manifest twice with no stderr' do
+ expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
+ expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
+ end
+
+ describe file("#{basedir}/file") do
+ it { should be_file }
+ it { should contain '1' }
+ it { should contain '2' }
+ end
+end
diff --git a/modules/concat/spec/acceptance/unsupported_spec.rb b/modules/concat/spec/acceptance/unsupported_spec.rb
new file mode 100644
index 0000000..9df7d88
--- /dev/null
+++ b/modules/concat/spec/acceptance/unsupported_spec.rb
@@ -0,0 +1,18 @@
+require 'spec_helper_acceptance'
+
+describe 'unsupported distributions and OSes', :if => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ basedir = default.tmpdir('concat')
+ it 'should fail' do
+ pp = <<-EOS
+ include concat::setup
+ concat { '#{basedir}/file':
+ backup => 'puppet',
+ }
+ concat::fragment { 'new file':
+ target => '#{basedir}/file',
+ content => 'new contents',
+ }
+ EOS
+ expect(apply_manifest(pp, :expect_failures => true).stderr).to match(/unsupported/i)
+ end
+end
diff --git a/modules/concat/spec/acceptance/warn_spec.rb b/modules/concat/spec/acceptance/warn_spec.rb
new file mode 100644
index 0000000..b036884
--- /dev/null
+++ b/modules/concat/spec/acceptance/warn_spec.rb
@@ -0,0 +1,101 @@
+require 'spec_helper_acceptance'
+
+describe 'concat warn =>', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+ basedir = default.tmpdir('concat')
+ context 'true should enable default warning message' do
+ pp = <<-EOS
+ include concat::setup
+ concat { '#{basedir}/file':
+ warn => true,
+ }
+
+ concat::fragment { '1':
+ target => '#{basedir}/file',
+ content => '1',
+ order => '01',
+ }
+
+ concat::fragment { '2':
+ target => '#{basedir}/file',
+ content => '2',
+ order => '02',
+ }
+ EOS
+
+ it 'applies the manifest twice with no stderr' do
+ expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
+ expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
+ end
+
+ describe file("#{basedir}/file") do
+ it { should be_file }
+ it { should contain '# This file is managed by Puppet. DO NOT EDIT.' }
+ it { should contain '1' }
+ it { should contain '2' }
+ end
+ end
+ context 'false should not enable default warning message' do
+ pp = <<-EOS
+ include concat::setup
+ concat { '#{basedir}/file':
+ warn => false,
+ }
+
+ concat::fragment { '1':
+ target => '#{basedir}/file',
+ content => '1',
+ order => '01',
+ }
+
+ concat::fragment { '2':
+ target => '#{basedir}/file',
+ content => '2',
+ order => '02',
+ }
+ EOS
+
+ it 'applies the manifest twice with no stderr' do
+ expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
+ expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
+ end
+
+ describe file("#{basedir}/file") do
+ it { should be_file }
+ it { should_not contain '# This file is managed by Puppet. DO NOT EDIT.' }
+ it { should contain '1' }
+ it { should contain '2' }
+ end
+ end
+ context '# foo should overide default warning message' do
+ pp = <<-EOS
+ include concat::setup
+ concat { '#{basedir}/file':
+ warn => '# foo',
+ }
+
+ concat::fragment { '1':
+ target => '#{basedir}/file',
+ content => '1',
+ order => '01',
+ }
+
+ concat::fragment { '2':
+ target => '#{basedir}/file',
+ content => '2',
+ order => '02',
+ }
+ EOS
+
+ it 'applies the manifest twice with no stderr' do
+ expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
+ expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
+ end
+
+ describe file("#{basedir}/file") do
+ it { should be_file }
+ it { should contain '# foo' }
+ it { should contain '1' }
+ it { should contain '2' }
+ end
+ end
+end
diff --git a/modules/concat/spec/defines/init_spec.rb b/modules/concat/spec/defines/init_spec.rb
new file mode 100644
index 0000000..ace50f0
--- /dev/null
+++ b/modules/concat/spec/defines/init_spec.rb
@@ -0,0 +1,115 @@
+require 'spec_helper'
+
+describe 'concat' do
+ basedir = '/var/lib/puppet/concat'
+ let(:title) { '/etc/foo.bar' }
+ let(:facts) { {
+ :concat_basedir => '/var/lib/puppet/concat',
+ :id => 'root',
+ } }
+ let :pre_condition do
+ 'include concat::setup'
+ end
+
+ directories = [
+ "#{basedir}/_etc_foo.bar",
+ "#{basedir}/_etc_foo.bar/fragments",
+ ]
+
+ directories.each do |dirs|
+ it do
+ should contain_file(dirs).with({
+ 'ensure' => 'directory',
+ 'backup' => 'puppet',
+ 'group' => 0,
+ 'mode' => '0644',
+ 'owner' => 'root',
+ })
+ end
+ end
+
+ files = [
+ "/etc/foo.bar",
+ "#{basedir}/_etc_foo.bar/fragments.concat",
+ ]
+
+ files.each do |file|
+ it do
+ should contain_file(file).with({
+ 'ensure' => 'present',
+ 'backup' => 'puppet',
+ 'group' => 0,
+ 'mode' => '0644',
+ 'owner' => 'root',
+ })
+ end
+ end
+
+ it do
+ should contain_exec("concat_/etc/foo.bar").with_command(
+ "#{basedir}/bin/concatfragments.sh " +
+ "-o #{basedir}/_etc_foo.bar/fragments.concat.out " +
+ "-d #{basedir}/_etc_foo.bar "
+ )
+ end
+end
+
+describe 'concat' do
+
+ basedir = '/var/lib/puppet/concat'
+ let(:title) { 'foobar' }
+ let(:target) { '/etc/foo.bar' }
+ let(:facts) { {
+ :concat_basedir => '/var/lib/puppet/concat',
+ :id => 'root',
+ } }
+ let :pre_condition do
+ 'include concat::setup'
+ end
+
+ directories = [
+ "#{basedir}/foobar",
+ "#{basedir}/foobar/fragments",
+ ]
+
+ directories.each do |dirs|
+ it do
+ should contain_file(dirs).with({
+ 'ensure' => 'directory',
+ 'backup' => 'puppet',
+ 'group' => 0,
+ 'mode' => '0644',
+ 'owner' => 'root',
+ })
+ end
+ end
+
+ files = [
+ "foobar",
+ "#{basedir}/foobar/fragments.concat",
+ ]
+
+ files.each do |file|
+ it do
+ should contain_file(file).with({
+ 'ensure' => 'present',
+ 'backup' => 'puppet',
+ 'group' => 0,
+ 'mode' => '0644',
+ 'owner' => 'root',
+ })
+ end
+ end
+
+ it do
+ should contain_exec("concat_foobar").with_command(
+ "#{basedir}/bin/concatfragments.sh " +
+ "-o #{basedir}/foobar/fragments.concat.out " +
+ "-d #{basedir}/foobar "
+ )
+ end
+
+
+end
+
+# vim:sw=2:ts=2:expandtab:textwidth=79
diff --git a/modules/concat/spec/spec_helper.rb b/modules/concat/spec/spec_helper.rb
new file mode 100644
index 0000000..2c6f566
--- /dev/null
+++ b/modules/concat/spec/spec_helper.rb
@@ -0,0 +1 @@
+require 'puppetlabs_spec_helper/module_spec_helper'
diff --git a/modules/concat/spec/spec_helper_acceptance.rb b/modules/concat/spec/spec_helper_acceptance.rb
new file mode 100644
index 0000000..c75a7fb
--- /dev/null
+++ b/modules/concat/spec/spec_helper_acceptance.rb
@@ -0,0 +1,46 @@
+require 'beaker-rspec/spec_helper'
+require 'beaker-rspec/helpers/serverspec'
+
+unless ENV['RS_PROVISION'] == 'no'
+ hosts.each do |host|
+ if host['platform'] =~ /debian/
+ on host, 'echo \'export PATH=/var/lib/gems/1.8/bin/:${PATH}\' >> ~/.bashrc'
+ end
+ if host.is_pe?
+ install_pe
+ else
+ # Install Puppet
+ install_package host, 'rubygems'
+ on host, 'gem install puppet --no-ri --no-rdoc'
+ on host, "mkdir -p #{host['distmoduledir']}"
+ end
+ end
+end
+
+UNSUPPORTED_PLATFORMS = ['windows']
+
+RSpec.configure do |c|
+ # Project root
+ proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..'))
+
+ # Readable test descriptions
+ c.formatter = :documentation
+
+ # Configure all nodes in nodeset
+ c.before :suite do
+ # Install module and dependencies
+ puppet_module_install(:source => proj_root, :module_name => 'concat')
+ hosts.each do |host|
+ on host, puppet('module','install','puppetlabs-stdlib'), { :acceptable_exit_codes => [0,1] }
+ end
+ end
+
+ c.before(:all) do
+ shell('mkdir -p /tmp/concat')
+ end
+ c.after(:all) do
+ shell("rm -rf /tmp/concat #{default.puppet['vardir']}/concat")
+ end
+
+ c.treat_symbols_as_metadata_keys_with_true_values = true
+end
diff --git a/modules/concat/spec/spec_helper_system.rb b/modules/concat/spec/spec_helper_system.rb
new file mode 100644
index 0000000..bf66a53
--- /dev/null
+++ b/modules/concat/spec/spec_helper_system.rb
@@ -0,0 +1,25 @@
+require 'rspec-system/spec_helper'
+require 'rspec-system-puppet/helpers'
+require 'rspec-system-serverspec/helpers'
+include Serverspec::Helper::RSpecSystem
+include Serverspec::Helper::DetectOS
+include RSpecSystemPuppet::Helpers
+
+RSpec.configure do |c|
+ # Project root
+ proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..'))
+
+ # Enable colour
+ c.tty = true
+
+ c.include RSpecSystemPuppet::Helpers
+
+ # This is where we 'setup' the nodes before running our tests
+ c.before :suite do
+ # Install puppet
+ puppet_install
+
+ # Install modules and dependencies
+ puppet_module_install(:source => proj_root, :module_name => 'concat')
+ end
+end
diff --git a/modules/concat/spec/system/basic_spec.rb b/modules/concat/spec/system/basic_spec.rb
new file mode 100644
index 0000000..39ac746
--- /dev/null
+++ b/modules/concat/spec/system/basic_spec.rb
@@ -0,0 +1,13 @@
+require 'spec_helper_system'
+
+# Here we put the more basic fundamental tests, ultra obvious stuff.
+describe "basic tests:" do
+ context 'make sure we have copied the module across' do
+ # No point diagnosing any more if the module wasn't copied properly
+ context shell 'ls /etc/puppet/modules/concat' do
+ its(:stdout) { should =~ /Modulefile/ }
+ its(:stderr) { should be_empty }
+ its(:exit_code) { should be_zero }
+ end
+ end
+end
diff --git a/modules/concat/spec/system/concat_spec.rb b/modules/concat/spec/system/concat_spec.rb
new file mode 100644
index 0000000..af360d6
--- /dev/null
+++ b/modules/concat/spec/system/concat_spec.rb
@@ -0,0 +1,55 @@
+require 'spec_helper_system'
+
+describe 'basic concat test' do
+ context 'should run successfully' do
+ pp="
+ concat { '/tmp/file':
+ owner => root,
+ group => root,
+ mode => '0644',
+ }
+
+ concat::fragment { '1':
+ target => '/tmp/file',
+ content => '1',
+ order => '01',
+ }
+
+ concat::fragment { '2':
+ target => '/tmp/file',
+ content => '2',
+ order => '02',
+ }
+ "
+
+ context puppet_apply(pp) do
+ its(:stderr) { should be_empty }
+ its(:exit_code) { should_not == 1 }
+ its(:refresh) { should be_nil }
+ its(:stderr) { should be_empty }
+ its(:exit_code) { should be_zero }
+ end
+
+ describe file('/tmp/file') do
+ it { should be_file }
+ it { should contain '1' }
+ it { should contain '2' }
+ end
+
+ # Test that all the relevant bits exist on disk after it
+ # concats.
+ describe file('/var/lib/puppet/concat') do
+ it { should be_directory }
+ end
+ describe file('/var/lib/puppet/concat/_tmp_file') do
+ it { should be_directory }
+ end
+ describe file('/var/lib/puppet/concat/_tmp_file/fragments') do
+ it { should be_directory }
+ end
+ describe file('/var/lib/puppet/concat/_tmp_file/fragments.concat') do
+ it { should be_file }
+ end
+
+ end
+end
diff --git a/modules/concat/spec/system/empty_spec.rb b/modules/concat/spec/system/empty_spec.rb
new file mode 100644
index 0000000..83dae01
--- /dev/null
+++ b/modules/concat/spec/system/empty_spec.rb
@@ -0,0 +1,27 @@
+require 'spec_helper_system'
+
+describe 'basic concat test' do
+ context 'should run successfully' do
+ pp="
+ concat { '/tmp/file':
+ owner => root,
+ group => root,
+ mode => '0644',
+ force => true,
+ }
+ "
+
+ context puppet_apply(pp) do
+ its(:stderr) { should be_empty }
+ its(:exit_code) { should_not == 1 }
+ its(:refresh) { should be_nil }
+ its(:stderr) { should be_empty }
+ its(:exit_code) { should be_zero }
+ end
+
+ describe file('/tmp/file') do
+ it { should be_file }
+ it { should_not contain '1\n2' }
+ end
+ end
+end
diff --git a/modules/concat/spec/system/replace_spec.rb b/modules/concat/spec/system/replace_spec.rb
new file mode 100644
index 0000000..7f11e5f
--- /dev/null
+++ b/modules/concat/spec/system/replace_spec.rb
@@ -0,0 +1,37 @@
+require 'spec_helper_system'
+
+
+describe 'file should not replace' do
+ shell('echo "file exists" >> /tmp/file')
+ context 'should fail' do
+ pp="
+ concat { '/tmp/file':
+ owner => root,
+ group => root,
+ mode => '0644',
+ replace => false,
+ }
+
+ concat::fragment { '1':
+ target => '/tmp/file',
+ content => '1',
+ order => '01',
+ }
+
+ concat::fragment { '2':
+ target => '/tmp/file',
+ content => '2',
+ order => '02',
+ }
+ "
+
+ context puppet_apply(pp) do
+ its(:stderr) { should be_empty }
+ its(:exit_code) { should_not == 1 }
+ its(:refresh) { should be_nil }
+ its(:stderr) { should be_empty }
+ its(:exit_code) { should be_zero }
+ end
+
+ end
+end
diff --git a/modules/concat/spec/system/warn_spec.rb b/modules/concat/spec/system/warn_spec.rb
new file mode 100644
index 0000000..872058b
--- /dev/null
+++ b/modules/concat/spec/system/warn_spec.rb
@@ -0,0 +1,41 @@
+require 'spec_helper_system'
+
+describe 'basic concat test' do
+ context 'should run successfully' do
+ pp="
+ concat { '/tmp/file':
+ owner => root,
+ group => root,
+ mode => '0644',
+ warn => true,
+ }
+
+ concat::fragment { '1':
+ target => '/tmp/file',
+ content => '1',
+ order => '01',
+ }
+
+ concat::fragment { '2':
+ target => '/tmp/file',
+ content => '2',
+ order => '02',
+ }
+ "
+
+ context puppet_apply(pp) do
+ its(:stderr) { should be_empty }
+ its(:exit_code) { should_not == 1 }
+ its(:refresh) { should be_nil }
+ its(:stderr) { should be_empty }
+ its(:exit_code) { should be_zero }
+ end
+
+ describe file('/tmp/file') do
+ it { should be_file }
+ it { should contain '# This file is managed by Puppet. DO NOT EDIT.' }
+ it { should contain '1' }
+ it { should contain '2' }
+ end
+ end
+end
diff --git a/modules/customfact/lib/facter/customfact.rb b/modules/customfact/lib/facter/customfact.rb
new file mode 100644
index 0000000..cd99705
--- /dev/null
+++ b/modules/customfact/lib/facter/customfact.rb
@@ -0,0 +1,33 @@
+Facter.add("asf_osrelease") do
+ setcode do
+ Facter::Util::Resolution.exec('facter operatingsystemrelease | perl -pe s/[[:punct:]]//g | sed -e "s/\(.*\)/\L\1/"')
+ end
+end
+
+
+Facter.add("asf_osname") do
+ setcode do
+ Facter::Util::Resolution.exec('facter operatingsystem | sed -e "s/\(.*\)/\L\1/"')
+ end
+end
+
+Facter.add("asf_colo") do
+ setcode do
+ ipadd = Facter.value('ipaddress')
+ case ipadd
+ when /^140.211.11.([0-9]+)$/
+ "osuosl"
+ when /^192.87.106.([0-9]+)$/
+ "sara"
+ when /^160.45.251.([0-9]+)$/
+ "fub"
+ when /^9.9.9.([0-9]+)$/
+ "rackspace"
+ when /^67.195.81..([0-9]+)$/
+ "yahoo"
+ else
+ 'No Colo could be automatically determined'
+ end
+ end
+end
+
diff --git a/modules/customfact/manifests/init.pp b/modules/customfact/manifests/init.pp
new file mode 100644
index 0000000..0c38485
--- /dev/null
+++ b/modules/customfact/manifests/init.pp
@@ -0,0 +1,7 @@
+## This module uses some ruby, in modules/customfact/lib/facter/customfact.rb
+## to create a custom fact, so can be used in our modules.
+
+class customfact (
+
+)
+{}
diff --git a/modules/dnsclient/data/common.yaml b/modules/dnsclient/data/common.yaml
new file mode 100644
index 0000000..bb9f73d
--- /dev/null
+++ b/modules/dnsclient/data/common.yaml
@@ -0,0 +1,9 @@
+---
+
+
+dnsclient::nameservers:
+ - '140.211.166.130'
+ - '140.211.166.131'
+
+dnsclient::searchorder: 'apache.org'
+
diff --git a/modules/dnsclient/data/freebsd/100release.yaml b/modules/dnsclient/data/freebsd/100release.yaml
new file mode 100644
index 0000000..b3711f8
--- /dev/null
+++ b/modules/dnsclient/data/freebsd/100release.yaml
@@ -0,0 +1,4 @@
+---
+
+dnsclient::packages:
+ - 'bind-tools'
diff --git a/modules/dnsclient/data/hiera.yaml b/modules/dnsclient/data/hiera.yaml
new file mode 100644
index 0000000..042f44e
--- /dev/null
+++ b/modules/dnsclient/data/hiera.yaml
@@ -0,0 +1,7 @@
+---
+:hierarchy:
+ - "%{asf_osname}/%{asf_osrelease}"
+ - "common"
+
+:yaml:
+ :datadir: .
diff --git a/modules/dnsclient/data/ubuntu/1404.yaml b/modules/dnsclient/data/ubuntu/1404.yaml
new file mode 100644
index 0000000..b25aa01
--- /dev/null
+++ b/modules/dnsclient/data/ubuntu/1404.yaml
@@ -0,0 +1,4 @@
+---
+
+dnsclient::packages:
+ - 'dnsutils'
diff --git a/modules/dnsclient/manifests/init.pp b/modules/dnsclient/manifests/init.pp
new file mode 100644
index 0000000..f9183a0
--- /dev/null
+++ b/modules/dnsclient/manifests/init.pp
@@ -0,0 +1,21 @@
+#/etc/puppet/modules/dnsclient/manifests/init.pp
+
+class dnsclient (
+ $nameserver1 = '',
+ $nameserver2 = '',
+ $nameserver3 = '',
+ $packages = [],
+ $pkgprovider = '',
+ $resolvtemplate = '',
+ $searchorder = '',
+) {
+
+ package { $packages:
+ ensure => installed,
+ }
+
+ file {
+ '/etc/resolv.conf':
+ content => template('dnsclient/resolv.conf.erb');
+ }
+}
diff --git a/modules/dnsclient/templates/resolv.conf.erb b/modules/dnsclient/templates/resolv.conf.erb
new file mode 100644
index 0000000..1c0bea7
--- /dev/null
+++ b/modules/dnsclient/templates/resolv.conf.erb
@@ -0,0 +1,10 @@
+## This file is a puppet managed file. All local changes will be lost
+
+## This file is dervied from a puppet template,
+## modules/dnsclient/templates/etc/resolv.conf.erb
+
+search <%= @searchorder %>
+
+nameserver <%= @nameserver1 %>
+nameserver <%= @nameserver2 %>
+nameserver <%= @nameserver3 %>
diff --git a/modules/ldapclient/data/common.yaml b/modules/ldapclient/data/common.yaml
new file mode 100644
index 0000000..9630018
--- /dev/null
+++ b/modules/ldapclient/data/common.yaml
@@ -0,0 +1,3 @@
+---
+classes: ['']
+
diff --git a/modules/ldapclient/data/freebsd/100release.yaml b/modules/ldapclient/data/freebsd/100release.yaml
new file mode 100644
index 0000000..568f901
--- /dev/null
+++ b/modules/ldapclient/data/freebsd/100release.yaml
@@ -0,0 +1,11 @@
+---
+
+ldapclient::ldapclient_packages:
+ - 'openldap-client'
+ - 'nss_ldap'
+ - 'pam_ldap'
+ - 'pam_mkhomedir'
+
+ldapclient:tlscertpath: '/usr/local/etc/openldap/cacerts/cacert.pem'
+ldapclient:pamhostcheck: 'yes'
+ldapclient:bashpath: '/usr/local/bin/bash'
diff --git a/modules/ldapclient/data/hiera.yaml b/modules/ldapclient/data/hiera.yaml
new file mode 100644
index 0000000..1d5ed77
--- /dev/null
+++ b/modules/ldapclient/data/hiera.yaml
@@ -0,0 +1,8 @@
+---
+:hierarchy:
+ - "%{clientcert}"
+ - "%{asf_osname}/%{asf_osrelease}"
+ - "common"
+
+:yaml:
+ :datadir: .
diff --git a/modules/ldapclient/data/minotaur.apache.org.yaml b/modules/ldapclient/data/minotaur.apache.org.yaml
new file mode 100644
index 0000000..61e1e93
--- /dev/null
+++ b/modules/ldapclient/data/minotaur.apache.org.yaml
@@ -0,0 +1,3 @@
+---
+
+ldapclient:pamhostcheck: 'no'
diff --git a/modules/ldapclient/data/ubuntu/1404.yaml b/modules/ldapclient/data/ubuntu/1404.yaml
new file mode 100644
index 0000000..0394159
--- /dev/null
+++ b/modules/ldapclient/data/ubuntu/1404.yaml
@@ -0,0 +1,11 @@
+---
+
+ldapclient::ldapclient_packages:
+ - 'ldap-utils'
+ - 'libnss-ldap'
+ - 'libpam-ldap'
+
+ldapclient::install::ubuntu::1404::tlscertpath: '/etc/ldap/cacert.pem'
+ldapclient::install::ubuntu::1404::pamhostcheck: 'yes'
+ldapclient::install::ubuntu::1404:::bashpath: '/bin/bash'
+
diff --git a/modules/ldapclient/files/etc/nsswitch.conf b/modules/ldapclient/files/etc/nsswitch.conf
new file mode 100644
index 0000000..0b37a36
--- /dev/null
+++ b/modules/ldapclient/files/etc/nsswitch.conf
@@ -0,0 +1,20 @@
+## This file is a puppet managed file. All local changes will be lost.
+
+## This file is dervied from a puppet file,
+## modules/ldapclient/files/etc/nsswitch.conf
+
+#
+# nsswitch.conf(5) - name service switch configuration file
+# $FreeBSD: release/10.0.0/etc/nsswitch.conf 224765 2011-08-10 20:52:02Z dougb $
+
+group: cache files ldap
+group_compat: nis
+hosts: files dns
+networks: files
+passwd: cache files ldap
+passwd_compat: nis
+shells: files
+services: compat
+services_compat: nis
+protocols: files
+rpc: files#
diff --git a/modules/ldapclient/files/ldap-client.pem b/modules/ldapclient/files/ldap-client.pem
new file mode 100644
index 0000000..e69de29
diff --git a/modules/ldapclient/files/usr/local/etc/openldap/cert.pem b/modules/ldapclient/files/usr/local/etc/openldap/cert.pem
new file mode 100644
index 0000000..68cc331
--- /dev/null
+++ b/modules/ldapclient/files/usr/local/etc/openldap/cert.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDzzCCAregAwIBAgIQTPLMa4HX+rhAHrwBhA3CEDANBgkqhkiG9w0BAQUFADB6
+MRIwEAYKCZImiZPyLGQBGRYCdWsxEjAQBgoJkiaJk/IsZAEZFgJhYzETMBEGCgmS
+JomT8ixkARkWA2NhbTETMBEGCgmSJomT8ixkARkWA2xpYjESMBAGCgmSJomT8ixk
+ARkWAmFkMRIwEAYDVQQDEwlBRERDMDEtQ0EwHhcNMTQwMTIxMTc1NDAyWhcNMTkw
+MTIxMTgwNDAyWjB6MRIwEAYKCZImiZPyLGQBGRYCdWsxEjAQBgoJkiaJk/IsZAEZ
+FgJhYzETMBEGCgmSJomT8ixkARkWA2NhbTETMBEGCgmSJomT8ixkARkWA2xpYjES
+MBAGCgmSJomT8ixkARkWAmFkMRIwEAYDVQQDEwlBRERDMDEtQ0EwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqcxtQtSO0CVT9s+1dlalHtwU4lwjzI8+Z
+qs0XYdccLUcvpBVfz+Fj5QUPSEoYM2VlyOMWQY53EGEI5c+HrgExVOE/0JGZ/2AN
+UD1DyAMR1nSWGACPeAlYlG4bSdZxteXBKLrnGs2ohkxEcy7Zs2o05Bfd7wUbtAp+
+GnYNYTiRqZNAkyQKIdQEkCAkByg5sL2qnJElSn7bHgIWecW0kmFoB8ijRsHJKidJ
+EgTbOgAMDJsDMMYnF+jpmOnMlMYomMJyLjdrp5iDnfhSAAVkpVfCyy8CUPMVT7GS
+k5+1OF79tIavYGdCiKvXLvr5IuoeGky08/w5HlX5HKSepSuLsnPbAgMBAAGjUTBP
+MAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQiNqTglXb3
+bQRcqwXYXJVOIPwY6TAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQUFAAOC
+AQEABXj26bZec60rJ/0p/zVuWRIUTHtiSoU2itli90Sp9eoBS3ciY9nmxvZqw01t
++zQE7eePlT3yETWAsgwQJG04MF8gH/3PHUBPRVNawB4mokhLg57pfodVBMQtFqhb
+8w/Nd5rp3Q9V9m2cuLKs8IGIs+3x/XI2nkKSXDMgbOTkNZDwxivNrbVO4adCR7Vi
+3DAyGWZuLMkh0KudVYRfiQSOAce5oAZnhgAGBpqCsVVlPZpUcYnEALbR6C8kV01I
+XGkxrZJEGQrr8G9yQaeOCqKbCEinauIZ95+W8gQHISp3wUzQY3wOWW80AmMQ8vb/
+pkZYwN0v22WKtm89gwHEl+HFTA==
+-----END CERTIFICATE-----
diff --git a/modules/ldapclient/manifests/init.pp b/modules/ldapclient/manifests/init.pp
new file mode 100644
index 0000000..d466b2d
--- /dev/null
+++ b/modules/ldapclient/manifests/init.pp
@@ -0,0 +1,19 @@
+#/etc/puppet/modules/ldapclient/manifests/init.pp
+
+class ldapclient (
+ $ldapclient_packages = [],
+ $pkgprovider = '',
+ $bashpath = '',
+ $ldapcert = '',
+) {
+
+ package { $ldapclient_packages:
+ ensure => installed,
+ }
+
+
+ class { "ldapclient::install::${asf_osname}::${asf_osrelease}":
+ ldapcert => $ldapcert,
+ }
+
+}
diff --git a/modules/ldapclient/manifests/install/freebsd/100release.pp b/modules/ldapclient/manifests/install/freebsd/100release.pp
new file mode 100644
index 0000000..29d0847
--- /dev/null
+++ b/modules/ldapclient/manifests/install/freebsd/100release.pp
@@ -0,0 +1,27 @@
+class ldapclient::FreeBSD::10.0-RELEASE (
+
+
+) {
+
+ file {
+ '/usr/local/etc/openldap/ldap.conf':
+ content => template('/usr/local/etc/puppet/modules/ldapclient/templates/openldap_ldap.conf.erb');
+ '/usr/local/etc/ldap.conf':
+ content => template('/usr/local/etc/puppet/modules/ldapclient/templates/ldap.conf.erb');
+ '/usr/local/etc/nss_ldap.conf':
+ ensure => link,
+ target => '/usr/local/etc/ldap.conf',
+ require => File['/usr/local/etc/ldap.conf'];
+ '/etc/nsswitch.conf':
+ source => 'puppet:///modules/ldapclient/etc/nsswitch.conf',
+ require => File['/usr/local/etc/ldap.conf'];
+ '/usr/local/etc/openldap/cacerts':
+ ensure => directory,
+ mode => 755;
+ '/usr/local/etc/openldap/cacerts/ldap-client.pem':
+ source => 'puppet:///modules/ldapclient/etc/ldap-client.pem',
+ require => File['/etc/ldap/cacerts'];
+ }
+
+}
+
diff --git a/modules/ldapclient/manifests/install/ubuntu/1404.pp b/modules/ldapclient/manifests/install/ubuntu/1404.pp
new file mode 100644
index 0000000..029835f
--- /dev/null
+++ b/modules/ldapclient/manifests/install/ubuntu/1404.pp
@@ -0,0 +1,27 @@
+class ldapclient::install::ubuntu::1404 (
+
+ $ldapcert = '',
+ $pamhostcheck = '',
+ $tlscertpath = '',
+
+) {
+
+ file {
+ '/etc/ldap.conf':
+ content => template('/usr/local/etc/puppet/modules/ldapclient/templates/ldap.conf.erb');
+ '/usr/local/etc/nss_ldap.conf':
+ ensure => link,
+ target => '/usr/local/etc/ldap.conf',
+ require => File['/etc/ldap.conf'];
+ '/etc/nsswitch.conf':
+ source => 'puppet:///modules/ldapclient/etc/nsswitch.conf',
+ require => File['/etc/ldap.conf'];
+ '/etc/ldap/cacerts':
+ ensure => directory,
+ mode => 755;
+ '/etc/ldap/cacerts/ldap-client.pem':
+ content => $ldapcert,
+ require => File['/etc/ldap/cacerts'];
+ }
+
+}
diff --git a/modules/ldapclient/templates/ldap.conf.erb b/modules/ldapclient/templates/ldap.conf.erb
new file mode 100644
index 0000000..116d7b4
--- /dev/null
+++ b/modules/ldapclient/templates/ldap.conf.erb
@@ -0,0 +1,293 @@
+## This file is a puppet managed file. All local changes will be lost
+
+## This file is dervied from a puppet template,
+## modules/ldapclient/templates/usr/local/etc/openldap/ldap.conf.erb
+
+
+
+# The distinguished name of the search base.
+base dc=apache,dc=org
+
+# Another way to specify your LDAP server is to provide an
+# uri with the server name. This allows to use
+# Unix Domain Sockets to connect to a local LDAP Server.
+uri ldaps://minotaur.apache.org:636 ldaps://eris.apache.org:636 ldaps://harmonia.apache.org:636
+
+
+# The LDAP version to use (defaults to 3
+# if supported by client library)
+ldap_version 3
+
+
+# Path to ASF wide LDAP certificate
+TLS_CACERT <%= tlscertpath %>
+
+
+# The distinguished name to bind to the server with.
+# Optional: default is to bind anonymously.
+binddn cn=nss_ldap,ou=users,ou=services,dc=apache,dc=org
+
+# The credentials to bind with.
+# Optional: default is no credential.
+bindpw b1t3m3
+
+# The distinguished name to bind to the server with
+# if the effective user ID is root. Password is
+# stored in /etc/ldap.secret (mode 600)
+rootbinddn cn=root,dc=apache,dc=org
+
+# The port.
+# Optional: default is 389.
+#port 389
+
+# The search scope.
+scope sub
+#scope one
+#scope base
+
+# Search timelimit
+timelimit 5
+
+# Bind/connect timelimit
+bind_timelimit 3
+
+# Reconnect policy: hard (default) will retry connecting to
+# the software with exponential backoff, soft will fail
+# immediately.
+bind_policy soft
+
+
+## Check if the account has been banned. If so the filter will prevent them
+## from being listed as a valid POSIX account.
+pam_filter !(asf-banned=yes)
+
+
+
+# The user ID attribute (defaults to uid)
+pam_login_attribute uid
+
+# Search the root DSE for the password policy (works
+# with Netscape Directory Server)
+#pam_lookup_policy yes
+
+# Check the 'host' attribute for access control
+# Default is no; if set to yes, and user has no
+# value for the host attribute, and pam_ldap is
+# configured for account management (authorization)
+# then the user will not be allowed to login.
+
+#pam_check_host_attr <%= pamhostcheck %>
+
+
+
+# Check the 'authorizedService' attribute for access
+# control
+# Default is no; if set to yes, and the user has no
+# value for the authorizedService attribute, and
+# pam_ldap is configured for account management
+# (authorization) then the user will not be allowed
+# to login.
+#pam_check_service_attr yes
+
+# Group to enforce membership of
+#pam_groupdn cn=PAM,ou=Groups,dc=padl,dc=com
+
+# Group member attribute
+#pam_member_attribute uniquemember
+
+# Specify a minium or maximum UID number allowed
+#pam_min_uid 0
+#pam_max_uid 0
+
+# Template login attribute, default template user
+# (can be overriden by value of former attribute
+# in user's entry)
+#pam_login_attribute userPrincipalName
+#pam_template_login_attribute uid
+#pam_template_login nobody
+
+# HEADS UP: the pam_crypt, pam_nds_passwd,
+# and pam_ad_passwd options are no
+# longer supported.
+#
+# Do not hash the password at all; presume
+# the directory server will do it, if
+# necessary. This is the default.
+#pam_password clear
+
+# Hash password locally; required for University of
+# Michigan LDAP server, and works with Netscape
+# Directory Server if you're using the UNIX-Crypt
+# hash mechanism and not using the NT Synchronization
+# service.
+#pam_password crypt
+
+# Remove old password first, then update in
+# cleartext. Necessary for use with Novell
+# Directory Services (NDS)
+#pam_password clear_remove_old
+#pam_password nds
+
+# RACF is an alias for the above. For use with
+# IBM RACF
+#pam_password racf
+
+# Update Active Directory password, by
+# creating Unicode password and updating
+# unicodePwd attribute.
+#pam_password ad
+
+# Use the OpenLDAP password change
+# extended operation to update the password.
+#pam_password exop
+
+# Redirect users to a URL or somesuch on password
+# changes.
+#pam_password_prohibit_message Please visit http://internal to change your password.
+
+# RFC2307bis naming contexts
+# Syntax:
+# nss_base_XXX base?scope?filter
+# where scope is {base,one,sub}
+# and filter is a filter to be &'d with the
+# default filter.
+# You can omit the suffix eg:
+# nss_base_passwd ou=People,
+# to append the default base DN but this
+# may incur a small performance impact.
+
+nss_base_passwd dc=apache,dc=org?sub
+nss_base_shadow dc=apache,dc=org?sub
+nss_base_group dc=apache,dc=org?sub
+
+#nss_base_passwd ou=People,dc=padl,dc=com?one
+#nss_base_shadow ou=People,dc=padl,dc=com?one
+#nss_base_group ou=Group,dc=padl,dc=com?one
+#nss_base_hosts ou=Hosts,dc=padl,dc=com?one
+#nss_base_services ou=Services,dc=padl,dc=com?one
+#nss_base_networks ou=Networks,dc=padl,dc=com?one
+#nss_base_protocols ou=Protocols,dc=padl,dc=com?one
+#nss_base_rpc ou=Rpc,dc=padl,dc=com?one
+#nss_base_ethers ou=Ethers,dc=padl,dc=com?one
+#nss_base_netmasks ou=Networks,dc=padl,dc=com?ne
+#nss_base_bootparams ou=Ethers,dc=padl,dc=com?one
+#nss_base_aliases ou=Aliases,dc=padl,dc=com?one
+#nss_base_netgroup ou=Netgroup,dc=padl,dc=com?one
+
+# attribute/objectclass mapping
+# Syntax:
+#nss_map_attribute rfc2307attribute mapped_attribute
+#nss_map_objectclass rfc2307objectclass mapped_objectclass
+
+# configure --enable-nds is no longer supported.
+# NDS mappings
+#nss_map_attribute uniqueMember member
+
+# Services for UNIX 3.5 mappings
+#nss_map_objectclass posixAccount User
+#nss_map_objectclass shadowAccount User
+#nss_map_attribute uid msSFU30Name
+#nss_map_attribute uniqueMember msSFU30PosixMember
+#nss_map_attribute userPassword msSFU30Password
+#nss_map_attribute homeDirectory msSFU30HomeDirectory
+#nss_map_attribute homeDirectory msSFUHomeDirectory
+#nss_map_objectclass posixGroup Group
+#pam_login_attribute msSFU30Name
+#pam_filter objectclass=User
+#pam_password ad
+
+# configure --enable-mssfu-schema is no longer supported.
+# Services for UNIX 2.0 mappings
+#nss_map_objectclass posixAccount User
+#nss_map_objectclass shadowAccount user
+#nss_map_attribute uid msSFUName
+#nss_map_attribute uniqueMember posixMember
+#nss_map_attribute userPassword msSFUPassword
+#nss_map_attribute homeDirectory msSFUHomeDirectory
+#nss_map_attribute shadowLastChange pwdLastSet
+#nss_map_objectclass posixGroup Group
+#nss_map_attribute cn msSFUName
+#pam_login_attribute msSFUName
+#pam_filter objectclass=User
+#pam_password ad
+
+# RFC 2307 (AD) mappings
+#nss_map_objectclass posixAccount user
+#nss_map_objectclass shadowAccount user
+#nss_map_attribute uid sAMAccountName
+#nss_map_attribute homeDirectory unixHomeDirectory
+#nss_map_attribute shadowLastChange pwdLastSet
+#nss_map_objectclass posixGroup group
+#nss_map_attribute uniqueMember member
+#pam_login_attribute sAMAccountName
+#pam_filter objectclass=User
+#pam_password ad
+#Uncomment the following line to override the default login shell
+# nss_override_attribute_value loginShell /usr/local/bin/bash
+
+# configure --enable-authpassword is no longer supported
+# AuthPassword mappings
+#nss_map_attribute userPassword authPassword
+
+# AIX SecureWay mappings
+#nss_map_objectclass posixAccount aixAccount
+#nss_base_passwd ou=aixaccount,?one
+#nss_map_attribute uid userName
+#nss_map_attribute gidNumber gid
+#nss_map_attribute uidNumber uid
+#nss_map_attribute userPassword passwordChar
+#nss_map_objectclass posixGroup aixAccessGroup
+#nss_base_group ou=aixgroup,?one
+#nss_map_attribute cn groupName
+#nss_map_attribute uniqueMember member
+#pam_login_attribute userName
+#pam_filter objectclass=aixAccount
+#pam_password clear
+
+# Netscape SDK LDAPS
+#ssl on
+
+# Netscape SDK SSL options
+#sslpath /etc/ssl/certs
+
+# OpenLDAP SSL mechanism
+# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
+#ssl start_tls
+#ssl on
+
+# OpenLDAP SSL options
+# Require and verify server certificate (yes/no)
+# Default is to use libldap's default behavior, which can be configured in
+# /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for
+# OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes".
+#tls_checkpeer yes
+
+#tls_cacert = /usr/local/etc/openldap/cert.pem
+
+# CA certificates for server certificate verification
+# At least one of these are required if tls_checkpeer is "yes"
+#tls_cacertfile /etc/ssl/ca.cert
+#tls_cacertdir /etc/ssl/certs
+
+# Seed the PRNG if /dev/urandom is not provided
+#tls_randfile /var/run/egd-pool
+
+# SSL cipher suite
+# See man ciphers for syntax
+#tls_ciphers TLSv1
+
+# Client certificate and key
+# Use these, if your server requires client authentication.
+#tls_cert
+#tls_key
+
+# Disable SASL security layers. This is needed for AD.
+#sasl_secprops maxssf=0
+
+# Override the default Kerberos ticket cache location.
+#krb5_ccname FILE:/etc/.ldapcache
+
+# SASL mechanism for PAM authentication - use is experimental
+# at present and does not support password policy control
+#pam_sasl_mech DIGEST-MD5
+
diff --git a/modules/ldapclient/templates/openldap_ldap.conf.erb b/modules/ldapclient/templates/openldap_ldap.conf.erb
new file mode 100644
index 0000000..46112c1
--- /dev/null
+++ b/modules/ldapclient/templates/openldap_ldap.conf.erb
@@ -0,0 +1,23 @@
+## This file is a puppet managed file. All local changes will be lost
+
+## This file is dervied from a puppet template,
+## modules/ldapclient/templates/usr/local/etc/openldap/ldap.conf.erb
+
+
+
+# LDAP Defaults
+#
+
+# See ldap.conf(5) for details
+# This file should be world readable but not world writable.
+
+base dc=apache,dc=org
+uri ldaps://minotaur.apache.org:636 ldaps://eris.apache.org:636 ldaps://harmonia.apache.org:636
+
+
+#SIZELIMIT 12
+#TIMELIMIT 15
+#DEREF never
+
+ssl start_tls
+tls_cacert <%= tlscertpath %>
diff --git a/modules/pam/data/common.yaml b/modules/pam/data/common.yaml
new file mode 100644
index 0000000..b51b36a
--- /dev/null
+++ b/modules/pam/data/common.yaml
@@ -0,0 +1,4 @@
+---
+
+pam::sshd_90_modulepath: 'pam_permit.so'
+
diff --git a/modules/pam/data/freebsd/100release.yaml b/modules/pam/data/freebsd/100release.yaml
new file mode 100644
index 0000000..42b3407
--- /dev/null
+++ b/modules/pam/data/freebsd/100release.yaml
@@ -0,0 +1,266 @@
+---
+# Files to manage
+pam::pam_sshd: '/etc/pam.d/sshd'
+pam::pam_su: '/etc/pam.d/su'
+pam::pam_system: '/etc/pam.d/system'
+
+
+pam::generic_header: |
+ #
+ # $FreeBSD: release/10.0.0/etc/pam.d/system 197769 2009-10-05 09:28:54Z des $
+ #
+ # System-wide defaults
+ #
+
+
+## pam.d/sshd
+pam::sshd_10_facility: 'auth'
+pam::sshd_10_control: 'sufficient'
+pam::sshd_10_modulepath: 'pam_opie.so'
+pam::sshd_10_modopts: 'no_warn no_fake_prompts'
+
+pam::sshd_15_facility: 'auth'
+pam::sshd_15_control: 'sufficient'
+pam::sshd_15_modulepath: '/usr/local/lib/pam_ldap.so'
+pam::sshd_15_modopts: 'no_warn'
+
+pam::sshd_20_facility: 'auth'
+pam::sshd_20_control: 'requisite'
+pam::sshd_20_modulepath: 'pam_opieaccess.so'
+pam::sshd_20_modopts: 'no_warn allow_local'
+
+pam::sshd_25_facility: '#auth'
+pam::sshd_25_control: 'sufficient'
+pam::sshd_25_modulepath: 'pam_krb5.so'
+pam::sshd_25_modopts: 'no_warn try_first_pass'
+
+pam::sshd_30_facility: '#auth'
+pam::sshd_30_control: 'sufficient'
+pam::sshd_30_modulepath: 'pam_ssh.so'
+pam::sshd_30_modopts: 'no_warn try_first_pass'
+
+pam::sshd_35_facility: 'auth'
+pam::sshd_35_control: 'required'
+pam::sshd_35_modulepath: 'pam_unix.so'
+pam::sshd_35_modopts: 'no_warn try_first_pass'
+
+pam::sshd_50_facility: 'account'
+pam::sshd_50_control: 'required'
+pam::sshd_50_modulepath: 'pam_nologin.so'
+pam::sshd_50_modopts: ''
+
+pam::sshd_55_facility: '#account'
+pam::sshd_55_control: 'required'
+pam::sshd_55_modulepath: 'pam_krb5.so'
+pam::sshd_55_modopts: ''
+
+pam::sshd_60_facility: 'account'
+pam::sshd_60_control: 'required'
+pam::sshd_60_modulepath: 'pam_login_access.so'
+pam::sshd_60_modopts: ''
+
+pam::sshd_65_facility: 'account'
+pam::sshd_65_control: 'required'
+pam::sshd_65_modulepath: '/usr/local/lib/pam_ldap.so'
+pam::sshd_65_modopts: 'no_warn ignore_authinfo_unavail ignore_unknown_user'
+
+pam::sshd_70_facility: 'account'
+pam::sshd_70_control: 'required'
+pam::sshd_70_modulepath: 'pam_unix.so'
+pam::sshd_70_modopts: ''
+
+pam::sshd_80_facility: '#session'
+pam::sshd_80_control: 'optional'
+pam::sshd_80_modulepath: 'pam_ssh.so'
+pam::sshd_80_modopts: 'want_agent'
+
+pam::sshd_85_facility: 'session'
+pam::sshd_85_control: 'required'
+pam::sshd_85_modulepath: '/usr/local/lib/pam_mkhomedir.so'
+pam::sshd_85_modopts: 'umask=0077'
+
+pam::sshd_90_facility: 'session'
+pam::sshd_90_control: 'required'
+pam::sshd_90_modulepath: 'pam_permit.so'
+pam::sshd_90_modopts: ''
+
+pam::sshd_95_facility: '#password'
+pam::sshd_95_control: 'sufficient'
+pam::sshd_95_modulepath: 'pam_krb5.so'
+pam::sshd_95_modopts: 'no_warn try_first_pass'
+
+pam::sshd_100_facility: 'password'
+pam::sshd_100_control: 'required'
+pam::sshd_100_modulepath: 'pam_unix.so'
+pam::sshd_100_modopts: 'no_warn try_first_pass'
+
+
+## pam.d/su
+pam::su_10_facility: 'auth'
+pam::su_10_control: 'sufficient'
+pam::su_10_modulepath: 'pam_rootok.so'
+pam::su_10_modopts: 'no_warn'
+
+pam::su_15_facility: 'auth'
+pam::su_15_control: 'sufficient'
+pam::su_15_modulepath: 'pam_self.so'
+pam::su_15_modopts: 'no_warn'
+
+pam::su_20_facility: 'auth'
+pam::su_20_control: 'requisite'
+pam::su_20_modulepath: 'pam_group.so'
+pam::su_20_modopts: 'no_warn group=wheel root_only fail_safe ruser'
+
+pam::su_25_facility: 'auth'
+pam::su_25_control: 'include'
+pam::su_25_modulepath: 'system'
+pam::su_25_modopts: ''
+
+pam::su_30_facility: ''
+pam::su_30_control: ''
+pam::su_30_modulepath: ''
+pam::su_30_modopts: ''
+
+pam::su_35_facility: ''
+pam::su_35_control: ''
+pam::su_35_modulepath: ''
+pam::su_35_modopts: ''
+
+pam::su_50_facility: 'account'
+pam::su_50_control: 'include'
+pam::su_50_modulepath: 'system'
+pam::su_50_modopts: ''
+
+pam::su_55_facility: ''
+pam::su_55_control: ''
+pam::su_55_modulepath: ''
+pam::su_55_modopts: ''
+
+pam::su_60_facility: ''
+pam::su_60_control: ''
+pam::su_60_modulepath: ''
+pam::su_60_modopts: ''
+
+pam::su_65_facility: ''
+pam::su_65_control: ''
+pam::su_65_modulepath: ''
+pam::su_65_modopts: ''
+
+pam::su_70_facility: ''
+pam::su_70_control: ''
+pam::su_70_modulepath: ''
+pam::su_70_modopts: ''
+
+pam::su_80_facility: 'session'
+pam::su_80_control: 'required'
+pam::su_80_modulepath: 'pam_permit.so'
+pam::su_80_modopts: ''
+
+pam::su_85_facility: 'session'
+pam::su_85_control: 'required'
+pam::su_85_modulepath: '/usr/local/lib/pam_mkhomedir.so'
+pam::su_85_modopts: 'umask=0077'
+
+pam::su_90_facility: ''
+pam::su_90_control: ''
+pam::su_90_modulepath: ''
+pam::su_90_modopts: ''
+
+pam::su_95_facility: ''
+pam::su_95_control: ''
+pam::su_95_modulepath: ''
+pam::su_95_modopts: ''
+
+pam::su_100_facility: ''
+pam::su_100_control: ''
+pam::su_100_modulepath: ''
+pam::su_100_modopts: ''
+
+
+## pam.d/system
+pam::system_10_facility: 'auth'
+pam::system_10_control: 'sufficient'
+pam::system_10_modulepath: 'pam_opie.so'
+pam::system_10_modopts: 'no_warn no_fake_prompts'
+
+pam::system_15_facility: 'auth'
+pam::system_15_control: 'sufficient'
+pam::system_15_modulepath: '/usr/local/lib/pam_ldap.so'
+pam::system_15_modopts: 'no_warn'
+
+pam::system_20_facility: 'auth'
+pam::system_20_control: 'requisite'
+pam::system_20_modulepath: 'pam_opieaccess.so'
+pam::system_20_modopts: 'no_warn allow_local'
+
+pam::system_25_facility: '#auth'
+pam::system_25_control: 'systemfficient'
+pam::system_25_modulepath: 'pam_krb5.so'
+pam::system_25_modopts: 'no_warn try_first_pass'
+
+pam::system_30_facility: '#auth'
+pam::system_30_control: 'systemfficient'
+pam::system_30_modulepath: 'pam_ssh.so'
+pam::system_30_modopts: 'no_warn try_first_pass'
+
+pam::system_35_facility: 'auth'
+pam::system_35_control: 'required'
+pam::system_35_modulepath: 'pam_unix.so'
+pam::system_35_modopts: 'no_warn try_first_pass nullok'
+
+pam::system_50_facility: ''
+pam::system_50_control: ''
+pam::system_50_modulepath: ''
+pam::system_50_modopts: ''
+
+pam::system_55_facility: '#account'
+pam::system_55_control: 'required'
+pam::system_55_modulepath: 'pam_krb5.so'
+pam::system_55_modopts: ''
+
+pam::system_60_facility: 'account'
+pam::system_60_control: 'required'
+pam::system_60_modulepath: 'pam_login_access.so'
+pam::system_60_modopts: ''
+
+pam::system_65_facility: 'account'
+pam::system_65_control: 'required'
+pam::system_65_modulepath: '/usr/local/lib/pam_ldap.so'
+pam::system_65_modopts: 'no_warn ignore_authinfo_unavail ignore_unknown_user'
+
+pam::system_70_facility: 'account'
+pam::system_70_control: 'required'
+pam::system_70_modulepath: 'pam_unix.so'
+pam::system_70_modopts: ''
+
+pam::system_80_facility: '#session'
+pam::system_80_control: 'optional'
+pam::system_80_modulepath: 'pam_ssh.so'
+pam::system_80_modopts: 'want_agent'
+
+pam::system_85_facility: 'session'
+pam::system_85_control: 'required'
+pam::system_85_modulepath: '/usr/local/lib/pam_mkhomedir.so'
+pam::system_85_modopts: 'umask=0022'
+
+pam::system_90_facility: 'session'
+pam::system_90_control: 'required'
+pam::system_90_modulepath: 'pam_lastlog.so'
+pam::system_90_modopts: 'no_fail'
+
+pam::system_95_facility: '#password'
+pam::system_95_control: 'sufficient'
+pam::system_95_modulepath: 'pam_krb5.so'
+pam::system_95_modopts: 'no_warn try_first_pass'
+
+pam::system_100_facility: 'password'
+pam::system_100_control: 'required'
+pam::system_100_modulepath: 'pam_unix.so'
+pam::system_100_modopts: 'no_warn try_first_pass'
+
+
+
+
+
+
+
diff --git a/modules/pam/data/hiera.yaml b/modules/pam/data/hiera.yaml
new file mode 100644
index 0000000..042f44e
--- /dev/null
+++ b/modules/pam/data/hiera.yaml
@@ -0,0 +1,7 @@
+---
+:hierarchy:
+ - "%{asf_osname}/%{asf_osrelease}"
+ - "common"
+
+:yaml:
+ :datadir: .
diff --git a/modules/pam/data/ubuntu/1404.yaml b/modules/pam/data/ubuntu/1404.yaml
new file mode 100644
index 0000000..bd68fb5
--- /dev/null
+++ b/modules/pam/data/ubuntu/1404.yaml
@@ -0,0 +1,265 @@
+---
+# Files to manage
+pam::pam_sshd: '/etc/pam.d/sshd'
+pam::pam_su: '/etc/pam.d/su'
+pam::pam_system: '/etc/pam.d/system'
+
+
+pam::generic_header: |
+ #
+ # # PAM configuration for the Secure Shell service
+ #
+ #
+
+
+## pam.d/sshd
+pam::sshd_10_facility: 'auth'
+pam::sshd_10_control: 'required'
+pam::sshd_10_modulepath: 'pam_env.so'
+pam::sshd_10_modopts: ''
+
+pam::sshd_15_facility: 'auth'
+pam::sshd_15_control: 'required'
+pam::sshd_15_modulepath: 'pam_env.so'
+pam::sshd_15_modopts: 'envfile=/etc/default/locale'
+
+pam::sshd_20_facility: '@include'
+pam::sshd_20_control: 'common-auth'
+pam::sshd_20_modulepath: ''
+pam::sshd_20_modopts: ''
+
+pam::sshd_25_facility: 'account'
+pam::sshd_25_control: 'required'
+pam::sshd_25_modulepath: 'pam_nologin.so'
+pam::sshd_25_modopts: ''
+
+pam::sshd_30_facility: '@include'
+pam::sshd_30_control: 'common-account'
+pam::sshd_30_modulepath: ''
+pam::sshd_30_modopts: ''
+
+pam::sshd_35_facility: '@include'
+pam::sshd_35_control: 'common-session'
+pam::sshd_35_modulepath: ''
+pam::sshd_35_modopts: ''
+
+pam::sshd_50_facility: 'session'
+pam::sshd_50_control: 'optional'
+pam::sshd_50_modulepath: 'pam_motd.so'
+pam::sshd_50_modopts: ''
+
+pam::sshd_55_facility: 'session'
+pam::sshd_55_control: 'optional'
+pam::sshd_55_modulepath: 'pam_mail.so'
+pam::sshd_55_modopts: 'standard noenv'
+
+pam::sshd_60_facility: 'session'
+pam::sshd_60_control: 'required'
+pam::sshd_60_modulepath: 'pam_limits.so'
+pam::sshd_60_modopts: ''
+
+pam::sshd_65_facility: 'session'
+pam::sshd_65_control: 'required'
+pam::sshd_65_modulepath: 'pam_limits.so'
+pam::sshd_65_modopts: ''
+
+pam::sshd_70_facility: '#session'
+pam::sshd_70_control: 'required'
+pam::sshd_70_modulepath: 'pam_selinux.so'
+pam::sshd_70_modopts: 'multiple'
+
+pam::sshd_80_facility: '@include'
+pam::sshd_80_control: 'common-password'
+pam::sshd_80_modulepath: ''
+pam::sshd_80_modopts: ''
+
+pam::sshd_85_facility: ''
+pam::sshd_85_control: ''
+pam::sshd_85_modulepath: ''
+pam::sshd_85_modopts: ''
+
+pam::sshd_90_facility: ''
+pam::sshd_90_control: ''
+pam::sshd_90_modulepath: ''
+pam::sshd_90_modopts: ''
+
+pam::sshd_95_facility: ''
+pam::sshd_95_control: ''
+pam::sshd_95_modulepath: ''
+pam::sshd_95_modopts: ''
+
+pam::sshd_100_facility: ''
+pam::sshd_100_control: ''
+pam::sshd_100_modulepath: ''
+pam::sshd_100_modopts: ''
+
+
+## pam.d/su
+pam::su_10_facility: 'auth'
+pam::su_10_control: 'sufficient'
+pam::su_10_modulepath: 'pam_rootok.so'
+pam::su_10_modopts: ''
+
+pam::su_15_facility: '#auth'
+pam::su_15_control: 'required'
+pam::su_15_modulepath: 'pam_wheel.so'
+pam::su_15_modopts: ''
+
+pam::su_20_facility: '#auth'
+pam::su_20_control: 'sufficient'
+pam::su_20_modulepath: 'pam_wheel.so'
+pam::su_20_modopts: 'trust'
+
+pam::su_25_facility: '#auth'
+pam::su_25_control: 'required'
+pam::su_25_modulepath: 'pam_wheel.so'
+pam::su_25_modopts: 'deny group=nosu'
+
+pam::su_30_facility: '#account'
+pam::su_30_control: 'requisite'
+pam::su_30_modulepath: 'pam_time.so'
+pam::su_30_modopts: ''
+
+pam::su_35_facility: 'session'
+pam::su_35_control: 'required'
+pam::su_35_modulepath: 'pam_env.so'
+pam::su_35_modopts: 'readenv=1'
+
+pam::su_50_facility: 'session'
+pam::su_50_control: 'required'
+pam::su_50_modulepath: 'pam_env.so'
+pam::su_50_modopts: 'readenv=1 envfile=/etc/default/locale'
+
+pam::su_55_facility: 'session'
+pam::su_55_control: 'optional'
+pam::su_55_modulepath: 'pam_mail.so'
+pam::su_55_modopts: 'nopen'
+
+pam::su_60_facility: 'session'
+pam::su_60_control: 'required'
+pam::su_60_modulepath: 'pam_limits.so'
+pam::su_60_modopts: ''
+
+pam::su_65_facility: '@include'
+pam::su_65_control: 'common-auth'
+pam::su_65_modulepath: ''
+pam::su_65_modopts: ''
+
+pam::su_70_facility: '@include'
+pam::su_70_control: 'common-account'
+pam::su_70_modulepath: ''
+pam::su_70_modopts: ''
+
+pam::su_80_facility: '@include'
+pam::su_80_control: 'common-session'
+pam::su_80_modulepath: ''
+pam::su_80_modopts: ''
+
+pam::su_85_facility: ''
+pam::su_85_control: ''
+pam::su_85_modulepath: ''
+pam::su_85_modopts: ''
+
+pam::su_90_facility: ''
+pam::su_90_control: ''
+pam::su_90_modulepath: ''
+pam::su_90_modopts: ''
+
+pam::su_95_facility: ''
+pam::su_95_control: ''
+pam::su_95_modulepath: ''
+pam::su_95_modopts: ''
+
+pam::su_100_facility: ''
+pam::su_100_control: ''
+pam::su_100_modulepath: ''
+pam::su_100_modopts: ''
+
+
+## pam.d/system
+pam::system_10_facility: 'auth'
+pam::system_10_control: 'sufficient'
+pam::system_10_modulepath: 'pam_opie.so'
+pam::system_10_modopts: 'no_warn no_fake_prompts'
+
+pam::system_15_facility: 'auth'
+pam::system_15_control: 'sufficient'
+pam::system_15_modulepath: '/usr/local/lib/pam_ldap.so'
+pam::system_15_modopts: 'no_warn'
+
+pam::system_20_facility: 'auth'
+pam::system_20_control: 'requisite'
+pam::system_20_modulepath: 'pam_opieaccess.so'
+pam::system_20_modopts: 'no_warn allow_local'
+
+pam::system_25_facility: '#auth'
+pam::system_25_control: 'systemfficient'
+pam::system_25_modulepath: 'pam_krb5.so'
+pam::system_25_modopts: 'no_warn try_first_pass'
+
+pam::system_30_facility: '#auth'
+pam::system_30_control: 'systemfficient'
+pam::system_30_modulepath: 'pam_ssh.so'
+pam::system_30_modopts: 'no_warn try_first_pass'
+
+pam::system_35_facility: 'auth'
+pam::system_35_control: 'required'
+pam::system_35_modulepath: 'pam_unix.so'
+pam::system_35_modopts: 'no_warn try_first_pass nullok'
+
+pam::system_50_facility: ''
+pam::system_50_control: ''
+pam::system_50_modulepath: ''
+pam::system_50_modopts: ''
+
+pam::system_55_facility: '#account'
+pam::system_55_control: 'required'
+pam::system_55_modulepath: 'pam_krb5.so'
+pam::system_55_modopts: ''
+
+pam::system_60_facility: 'account'
+pam::system_60_control: 'required'
+pam::system_60_modulepath: 'pam_login_access.so'
+pam::system_60_modopts: ''
+
+pam::system_65_facility: 'account'
+pam::system_65_control: 'required'
+pam::system_65_modulepath: '/usr/local/lib/pam_ldap.so'
+pam::system_65_modopts: 'no_warn ignore_authinfo_unavail ignore_unknown_user'
+
+pam::system_70_facility: 'account'
+pam::system_70_control: 'required'
+pam::system_70_modulepath: 'pam_unix.so'
+pam::system_70_modopts: ''
+
+pam::system_80_facility: '#session'
+pam::system_80_control: 'optional'
+pam::system_80_modulepath: 'pam_ssh.so'
+pam::system_80_modopts: 'want_agent'
+
+pam::system_85_facility: 'session'
+pam::system_85_control: 'required'
+pam::system_85_modulepath: '/usr/local/lib/pam_mkhomedir.so'
+pam::system_85_modopts: 'umask=0022'
+
+pam::system_90_facility: 'session'
+pam::system_90_control: 'required'
+pam::system_90_modulepath: 'pam_lastlog.so'
+pam::system_90_modopts: 'no_fail'
+
+pam::system_95_facility: '#password'
+pam::system_95_control: 'sufficient'
+pam::system_95_modulepath: 'pam_krb5.so'
+pam::system_95_modopts: 'no_warn try_first_pass'
+
+pam::system_100_facility: 'password'
+pam::system_100_control: 'required'
+pam::system_100_modulepath: 'pam_unix.so'
+pam::system_100_modopts: 'no_warn try_first_pass'
+
+
+
+
+
+
+
diff --git a/modules/pam/manifests/init.pp b/modules/pam/manifests/init.pp
new file mode 100644
index 0000000..7d0b46d
--- /dev/null
+++ b/modules/pam/manifests/init.pp
@@ -0,0 +1,788 @@
+class pam (
+
+ ## Files being managed. These are the default
+ ## values. As these seem like generic sane defaults.
+ ## However you should note that hiera should be populating them.
+ $pam_sshd = "",
+ $pam_su = "",
+ $pam_system = "",
+
+
+ ## Content variables, as found in hiera data
+ $generic_header = "",
+
+
+ ## Data variables
+
+ ## pam.d/sshd
+ $sshd_10_facility = "",
+ $sshd_10_control = "",
+ $sshd_10_modulepath = "",
+ $sshd_10_modopts = "",
+
+ $sshd_15_facility = "",
+ $sshd_15_control = "",
+ $sshd_15_modulepath = "",
+ $sshd_15_modopts = "",
+
+ $sshd_20_facility = "",
+ $sshd_20_control = "",
+ $sshd_20_modulepath = "",
+ $sshd_20_modopts = "",
+
+ $sshd_25_facility = "",
+ $sshd_25_control = "",
+ $sshd_25_modulepath = "",
+ $sshd_25_modopts = "",
+
+ $sshd_30_facility = "",
+ $sshd_30_control = "",
+ $sshd_30_modulepath = "",
+ $sshd_30_modopts = "",
+
+ $sshd_35_facility = "",
+ $sshd_35_control = "",
+ $sshd_35_modulepath = "",
+ $sshd_35_modopts = "",
+
+ $sshd_40_facility = "",
+ $sshd_40_control = "",
+ $sshd_40_modulepath = "",
+ $sshd_40_modopts = "",
+
+ $sshd_45_facility = "",
+ $sshd_45_control = "",
+ $sshd_45_modulepath = "",
+ $sshd_45_modopts = "",
+
+ $sshd_50_facility = "",
+ $sshd_50_control = "",
+ $sshd_50_modulepath = "",
+ $sshd_50_modopts = "",
+
+ $sshd_55_facility = "",
+ $sshd_55_control = "",
+ $sshd_55_modulepath = "",
+ $sshd_55_modopts = "",
+
+ $sshd_60_facility = "",
+ $sshd_60_control = "",
+ $sshd_60_modulepath = "",
+ $sshd_60_modopts = "",
+
+ $sshd_65_facility = "",
+ $sshd_65_control = "",
+ $sshd_65_modulepath = "",
+ $sshd_65_modopts = "",
+
+ $sshd_70_facility = "",
+ $sshd_70_control = "",
+ $sshd_70_modulepath = "",
+ $sshd_70_modopts = "",
+
+ $sshd_75_facility = "",
+ $sshd_75_control = "",
+ $sshd_75_modulepath = "",
+ $sshd_75_modopts = "",
+
+ $sshd_80_facility = "",
+ $sshd_80_control = "",
+ $sshd_80_modulepath = "",
+ $sshd_80_modopts = "",
+
+ $sshd_85_facility = "",
+ $sshd_85_control = "",
+ $sshd_85_modulepath = "",
+ $sshd_85_modopts = "",
+
+ $sshd_90_facility = "",
+ $sshd_90_control = "",
+ $sshd_90_modulepath = "",
+ $sshd_90_modopts = "",
+
+ $sshd_95_facility = "",
+ $sshd_95_control = "",
+ $sshd_95_modulepath = "",
+ $sshd_95_modopts = "",
+
+ $sshd_100_facility = "",
+ $sshd_100_control = "",
+ $sshd_100_modulepath = "",
+ $sshd_100_modopts = "",
+
+
+ ## pam.d/su
+ $su_10_facility = "",
+ $su_10_control = "",
+ $su_10_modulepath = "",
+ $su_10_modopts = "",
+
+ $su_15_facility = "",
+ $su_15_control = "",
+ $su_15_modulepath = "",
+ $su_15_modopts = "",
+
+ $su_20_facility = "",
+ $su_20_control = "",
+ $su_20_modulepath = "",
+ $su_20_modopts = "",
+
+ $su_25_facility = "",
+ $su_25_control = "",
+ $su_25_modulepath = "",
+ $su_25_modopts = "",
+
+ $su_30_facility = "",
+ $su_30_control = "",
+ $su_30_modulepath = "",
+ $su_30_modopts = "",
+
+ $su_35_facility = "",
+ $su_35_control = "",
+ $su_35_modulepath = "",
+ $su_35_modopts = "",
+
+ $su_40_facility = "",
+ $su_40_control = "",
+ $su_40_modulepath = "",
+ $su_40_modopts = "",
+
+ $su_45_facility = "",
+ $su_45_control = "",
+ $su_45_modulepath = "",
+ $su_45_modopts = "",
+
+ $su_50_facility = "",
+ $su_50_control = "",
+ $su_50_modulepath = "",
+ $su_50_modopts = "",
+
+ $su_55_facility = "",
+ $su_55_control = "",
+ $su_55_modulepath = "",
+ $su_55_modopts = "",
+
+ $su_60_facility = "",
+ $su_60_control = "",
+ $su_60_modulepath = "",
+ $su_60_modopts = "",
+
+ $su_65_facility = "",
+ $su_65_control = "",
+ $su_65_modulepath = "",
+ $su_65_modopts = "",
+
+ $su_70_facility = "",
+ $su_70_control = "",
+ $su_70_modulepath = "",
+ $su_70_modopts = "",
+
+ $su_75_facility = "",
+ $su_75_control = "",
+ $su_75_modulepath = "",
+ $su_75_modopts = "",
+
+ $su_80_facility = "",
+ $su_80_control = "",
+ $su_80_modulepath = "",
+ $su_80_modopts = "",
+
+ $su_85_facility = "",
+ $su_85_control = "",
+ $su_85_modulepath = "",
+ $su_85_modopts = "",
+
+ $su_90_facility = "",
+ $su_90_control = "",
+ $su_90_modulepath = "",
+ $su_90_modopts = "",
+
+ $su_95_facility = "",
+ $su_95_control = "",
+ $su_95_modulepath = "",
+ $su_95_modopts = "",
+
+ $su_100_facility = "",
+ $su_100_control = "",
+ $su_100_modulepath = "",
+ $su_100_modopts = "",
+
+
+ ## pam.d/system
+ $system_10_facility = "",
+ $system_10_control = "",
+ $system_10_modulepath = "",
+ $system_10_modopts = "",
+
+ $system_15_facility = "",
+ $system_15_control = "",
+ $system_15_modulepath = "",
+ $system_15_modopts = "",
+
+ $system_20_facility = "",
+ $system_20_control = "",
+ $system_20_modulepath = "",
+ $system_20_modopts = "",
+
+ $system_25_facility = "",
+ $system_25_control = "",
+ $system_25_modulepath = "",
+ $system_25_modopts = "",
+
+ $system_30_facility = "",
+ $system_30_control = "",
+ $system_30_modulepath = "",
+ $system_30_modopts = "",
+
+ $system_35_facility = "",
+ $system_35_control = "",
+ $system_35_modulepath = "",
+ $system_35_modopts = "",
+
+ $system_40_facility = "",
+ $system_40_control = "",
+ $system_40_modulepath = "",
+ $system_40_modopts = "",
+
+ $system_45_facility = "",
+ $system_45_control = "",
+ $system_45_modulepath = "",
+ $system_45_modopts = "",
+
+ $system_50_facility = "",
+ $system_50_control = "",
+ $system_50_modulepath = "",
+ $system_50_modopts = "",
+
+ $system_55_facility = "",
+ $system_55_control = "",
+ $system_55_modulepath = "",
+ $system_55_modopts = "",
+
+ $system_60_facility = "",
+ $system_60_control = "",
+ $system_60_modulepath = "",
+ $system_60_modopts = "",
+
+ $system_65_facility = "",
+ $system_65_control = "",
+ $system_65_modulepath = "",
+ $system_65_modopts = "",
+
+ $system_70_facility = "",
+ $system_70_control = "",
+ $system_70_modulepath = "",
+ $system_70_modopts = "",
+
+ $system_75_facility = "",
+ $system_75_control = "",
+ $system_75_modulepath = "",
+ $system_75_modopts = "",
+
+ $system_80_facility = "",
+ $system_80_control = "",
+ $system_80_modulepath = "",
+ $system_80_modopts = "",
+
+ $system_85_facility = "",
+ $system_85_control = "",
+ $system_85_modulepath = "",
+ $system_85_modopts = "",
+
+ $system_90_facility = "",
+ $system_90_control = "",
+ $system_90_modulepath = "",
+ $system_90_modopts = "",
+
+ $system_95_facility = "",
+ $system_95_control = "",
+ $system_95_modulepath = "",
+ $system_95_modopts = "",
+
+ $system_100_facility = "",
+ $system_100_control = "",
+ $system_100_modulepath = "",
+ $system_100_modopts = "",
+
+ ) {
+
+
+ ## Add our puppet warning at the top of the file.
+
+ concat::fragment::puppetwarn::hash{"pam-sshd-puppetwarn":
+ target => $pam_sshd,
+ }
+
+ concat::fragment::puppetwarn::hash{"pam-su-puppetwarn":
+ target => $pam_su,
+ }
+
+ concat::fragment::puppetwarn::hash{"pam-system-puppetwarn":
+ target => $pam_system,
+ }
+
+
+ ## Add the OS generic header,
+ ## so we can track the origins of the file.
+
+ concat::fragment{"pam-sshd-header":
+ target => $pam_sshd,
+ content => $generic_header,
+ order => 005,
+ }
+
+ concat::fragment{"pam-su-header":
+ target => $pam_su,
+ content => $generic_header,
+ order => 005,
+ }
+
+ concat::fragment{"pam-system-header":
+ target => $pam_system,
+ content => $generic_header,
+ order => 005,
+ }
+
+
+ ## Generate the fragments, by calling the
+ ## custom pam::insertline module.
+
+ ## pam.d/sshd
+
+ pam::insertline{"pam-sshd-10":
+ target => $pam_sshd,
+ order => "010",
+ pam_facility => $sshd_10_facility,
+ pam_control => $sshd_10_control,
+ pam_modulepath => $sshd_10_modulepath,
+ pam_modopts => $sshd_10_modopts,
+ }
+
+ pam::insertline{"pam-sshd-15":
+ target => $pam_sshd,
+ order => "015",
+ pam_facility => $sshd_15_facility,
+ pam_control => $sshd_15_control,
+ pam_modulepath => $sshd_15_modulepath,
+ pam_modopts => $sshd_15_modopts,
+ }
+
+ pam::insertline{"pam-sshd-20":
+ target => $pam_sshd,
+ order => "020",
+ pam_facility => $sshd_20_facility,
+ pam_control => $sshd_20_control,
+ pam_modulepath => $sshd_20_modulepath,
+ pam_modopts => $sshd_20_modopts,
+ }
+
+ pam::insertline{"pam-sshd-25":
+ target => $pam_sshd,
+ order => "025",
+ pam_facility => $sshd_25_facility,
+ pam_control => $sshd_25_control,
+ pam_modulepath => $sshd_25_modulepath,
+ pam_modopts => $sshd_25_modopts,
+ }
+
+ pam::insertline{"pam-sshd-30":
+ target => $pam_sshd,
+ order => "030",
+ pam_facility => $sshd_30_facility,
+ pam_control => $sshd_30_control,
+ pam_modulepath => $sshd_30_modulepath,
+ pam_modopts => $sshd_30_modopts,
+ }
+
+ pam::insertline{"pam-sshd-35":
+ target => $pam_sshd,
+ order => "035",
+ pam_facility => $sshd_35_facility,
+ pam_control => $sshd_35_control,
+ pam_modulepath => $sshd_35_modulepath,
+ pam_modopts => $sshd_35_modopts,
+ }
+
+ pam::insertline{"pam-sshd-50":
+ target => $pam_sshd,
+ order => "050",
+ pam_facility => $sshd_50_facility,
+ pam_control => $sshd_50_control,
+ pam_modulepath => $sshd_50_modulepath,
+ pam_modopts => $sshd_50_modopts,
+ }
+
+ pam::insertline{"pam-sshd-55":
+ target => $pam_sshd,
+ order => "055",
+ pam_facility => $sshd_55_facility,
+ pam_control => $sshd_55_control,
+ pam_modulepath => $sshd_55_modulepath,
+ pam_modopts => $sshd_55_modopts,
+ }
+
+ pam::insertline{"pam-sshd-60":
+ target => $pam_sshd,
+ order => "060",
+ pam_facility => $sshd_60_facility,
+ pam_control => $sshd_60_control,
+ pam_modulepath => $sshd_60_modulepath,
+ pam_modopts => $sshd_60_modopts,
+ }
+
+ pam::insertline{"pam-sshd-65":
+ target => $pam_sshd,
+ order => "065",
+ pam_facility => $sshd_65_facility,
+ pam_control => $sshd_65_control,
+ pam_modulepath => $sshd_65_modulepath,
+ pam_modopts => $sshd_65_modopts,
+ }
+
+ pam::insertline{"pam-sshd-70":
+ target => $pam_sshd,
+ order => "070",
+ pam_facility => $sshd_70_facility,
+ pam_control => $sshd_70_control,
+ pam_modulepath => $sshd_70_modulepath,
+ pam_modopts => $sshd_70_modopts,
+ }
+
+ pam::insertline{"pam-sshd-80":
+ target => $pam_sshd,
+ order => "080",
+ pam_facility => $sshd_80_facility,
+ pam_control => $sshd_80_control,
+ pam_modulepath => $sshd_80_modulepath,
+ pam_modopts => $sshd_80_modopts,
+ }
+
+ pam::insertline{"pam-sshd-85":
+ target => $pam_sshd,
+ order => "085",
+ pam_facility => $sshd_85_facility,
+ pam_control => $sshd_85_control,
+ pam_modulepath => $sshd_85_modulepath,
+ pam_modopts => $sshd_85_modopts,
+ }
+
+ pam::insertline{"pam-sshd-90":
+ target => $pam_sshd,
+ order => "090",
+ pam_facility => $sshd_90_facility,
+ pam_control => $sshd_90_control,
+ pam_modulepath => $sshd_90_modulepath,
+ pam_modopts => $sshd_90_modopts,
+ }
+
+ pam::insertline{"pam-sshd-95":
+ target => $pam_sshd,
+ order => "095",
+ pam_facility => $sshd_95_facility,
+ pam_control => $sshd_95_control,
+ pam_modulepath => $sshd_95_modulepath,
+ pam_modopts => $sshd_95_modopts,
+ }
+
+ pam::insertline{"pam-sshd-100":
+ target => $pam_sshd,
+ order => "100",
+ pam_facility => $sshd_100_facility,
+ pam_control => $sshd_100_control,
+ pam_modulepath => $sshd_100_modulepath,
+ pam_modopts => $sshd_100_modopts,
+ }
+
+
+ ## pam.d/su
+ pam::insertline{"pam-su-10":
+ target => $pam_su,
+ order => "010",
+ pam_facility => $su_10_facility,
+ pam_control => $su_10_control,
+ pam_modulepath => $su_10_modulepath,
+ pam_modopts => $su_10_modopts,
+ }
+
+ pam::insertline{"pam-su-15":
+ target => $pam_su,
+ order => "015",
+ pam_facility => $su_15_facility,
+ pam_control => $su_15_control,
+ pam_modulepath => $su_15_modulepath,
+ pam_modopts => $su_15_modopts,
+ }
+
+ pam::insertline{"pam-su-20":
+ target => $pam_su,
+ order => "020",
+ pam_facility => $su_20_facility,
+ pam_control => $su_20_control,
+ pam_modulepath => $su_20_modulepath,
+ pam_modopts => $su_20_modopts,
+ }
+
+ pam::insertline{"pam-su-25":
+ target => $pam_su,
+ order => "025",
+ pam_facility => $su_25_facility,
+ pam_control => $su_25_control,
+ pam_modulepath => $su_25_modulepath,
+ pam_modopts => $su_25_modopts,
+ }
+
+ pam::insertline{"pam-su-30":
+ target => $pam_su,
+ order => "030",
+ pam_facility => $su_30_facility,
+ pam_control => $su_30_control,
+ pam_modulepath => $su_30_modulepath,
+ pam_modopts => $su_30_modopts,
+ }
+
+ pam::insertline{"pam-su-35":
+ target => $pam_su,
+ order => "035",
+ pam_facility => $su_35_facility,
+ pam_control => $su_35_control,
+ pam_modulepath => $su_35_modulepath,
+ pam_modopts => $su_35_modopts,
+ }
+
+ pam::insertline{"pam-su-50":
+ target => $pam_su,
+ order => "050",
+ pam_facility => $su_50_facility,
+ pam_control => $su_50_control,
+ pam_modulepath => $su_50_modulepath,
+ pam_modopts => $su_50_modopts,
+ }
+
+ pam::insertline{"pam-su-55":
+ target => $pam_su,
+ order => "055",
+ pam_facility => $su_55_facility,
+ pam_control => $su_55_control,
+ pam_modulepath => $su_55_modulepath,
+ pam_modopts => $su_55_modopts,
+ }
+
+ pam::insertline{"pam-su-60":
+ target => $pam_su,
+ order => "060",
+ pam_facility => $su_60_facility,
+ pam_control => $su_60_control,
+ pam_modulepath => $su_60_modulepath,
+ pam_modopts => $su_60_modopts,
+ }
+
+ pam::insertline{"pam-su-65":
+ target => $pam_su,
+ order => "065",
+ pam_facility => $su_65_facility,
+ pam_control => $su_65_control,
+ pam_modulepath => $su_65_modulepath,
+ pam_modopts => $su_65_modopts,
+ }
+
+ pam::insertline{"pam-su-70":
+ target => $pam_su,
+ order => "070",
+ pam_facility => $su_70_facility,
+ pam_control => $su_70_control,
+ pam_modulepath => $su_70_modulepath,
+ pam_modopts => $su_70_modopts,
+ }
+
+ pam::insertline{"pam-su-80":
+ target => $pam_su,
+ order => "080",
+ pam_facility => $su_80_facility,
+ pam_control => $su_80_control,
+ pam_modulepath => $su_80_modulepath,
+ pam_modopts => $su_80_modopts,
+ }
+
+ pam::insertline{"pam-su-85":
+ target => $pam_su,
+ order => "085",
+ pam_facility => $su_85_facility,
+ pam_control => $su_85_control,
+ pam_modulepath => $su_85_modulepath,
+ pam_modopts => $su_85_modopts,
+ }
+
+ pam::insertline{"pam-su-90":
+ target => $pam_su,
+ order => "090",
+ pam_facility => $su_90_facility,
+ pam_control => $su_90_control,
+ pam_modulepath => $su_90_modulepath,
+ pam_modopts => $su_90_modopts,
+ }
+
+ pam::insertline{"pam-su-95":
+ target => $pam_su,
+ order => "095",
+ pam_facility => $su_95_facility,
+ pam_control => $su_95_control,
+ pam_modulepath => $su_95_modulepath,
+ pam_modopts => $su_95_modopts,
+ }
+
+ pam::insertline{"pam-su-100":
+ target => $pam_su,
+ order => "100",
+ pam_facility => $su_100_facility,
+ pam_control => $su_100_control,
+ pam_modulepath => $su_100_modulepath,
+ pam_modopts => $su_100_modopts,
+ }
+
+
+ ## pam.d/system
+ pam::insertline{"pam-system-10":
+ target => $pam_system,
+ order => "010",
+ pam_facility => $system_10_facility,
+ pam_control => $system_10_control,
+ pam_modulepath => $system_10_modulepath,
+ pam_modopts => $system_10_modopts,
+ }
+
+ pam::insertline{"pam-system-15":
+ target => $pam_system,
+ order => "015",
+ pam_facility => $system_15_facility,
+ pam_control => $system_15_control,
+ pam_modulepath => $system_15_modulepath,
+ pam_modopts => $system_15_modopts,
+ }
+
+ pam::insertline{"pam-system-20":
+ target => $pam_system,
+ order => "020",
+ pam_facility => $system_20_facility,
+ pam_control => $system_20_control,
+ pam_modulepath => $system_20_modulepath,
+ pam_modopts => $system_20_modopts,
+ }
+
+ pam::insertline{"pam-system-25":
+ target => $pam_system,
+ order => "025",
+ pam_facility => $system_25_facility,
+ pam_control => $system_25_control,
+ pam_modulepath => $system_25_modulepath,
+ pam_modopts => $system_25_modopts,
+ }
+
+ pam::insertline{"pam-system-30":
+ target => $pam_system,
+ order => "030",
+ pam_facility => $system_30_facility,
+ pam_control => $system_30_control,
+ pam_modulepath => $system_30_modulepath,
+ pam_modopts => $system_30_modopts,
+ }
+
+ pam::insertline{"pam-system-35":
+ target => $pam_system,
+ order => "035",
+ pam_facility => $system_35_facility,
+ pam_control => $system_35_control,
+ pam_modulepath => $system_35_modulepath,
+ pam_modopts => $system_35_modopts,
+ }
+
+ pam::insertline{"pam-system-50":
+ target => $pam_system,
+ order => "050",
+ pam_facility => $system_50_facility,
+ pam_control => $system_50_control,
+ pam_modulepath => $system_50_modulepath,
+ pam_modopts => $system_50_modopts,
+ }
+
+ pam::insertline{"pam-system-55":
+ target => $pam_system,
+ order => "055",
+ pam_facility => $system_55_facility,
+ pam_control => $system_55_control,
+ pam_modulepath => $system_55_modulepath,
+ pam_modopts => $system_55_modopts,
+ }
+
+ pam::insertline{"pam-system-60":
+ target => $pam_system,
+ order => "060",
+ pam_facility => $system_60_facility,
+ pam_control => $system_60_control,
+ pam_modulepath => $system_60_modulepath,
+ pam_modopts => $system_60_modopts,
+ }
+
+ pam::insertline{"pam-system-65":
+ target => $pam_system,
+ order => "065",
+ pam_facility => $system_65_facility,
+ pam_control => $system_65_control,
+ pam_modulepath => $system_65_modulepath,
+ pam_modopts => $system_65_modopts,
+ }
+
+ pam::insertline{"pam-system-70":
+ target => $pam_system,
+ order => "070",
+ pam_facility => $system_70_facility,
+ pam_control => $system_70_control,
+ pam_modulepath => $system_70_modulepath,
+ pam_modopts => $system_70_modopts,
+ }
+
+ pam::insertline{"pam-system-80":
+ target => $pam_system,
+ order => "080",
+ pam_facility => $system_80_facility,
+ pam_control => $system_80_control,
+ pam_modulepath => $system_80_modulepath,
+ pam_modopts => $system_80_modopts,
+ }
+
+ pam::insertline{"pam-system-85":
+ target => $pam_system,
+ order => "085",
+ pam_facility => $system_85_facility,
+ pam_control => $system_85_control,
+ pam_modulepath => $system_85_modulepath,
+ pam_modopts => $system_85_modopts,
+ }
+
+ pam::insertline{"pam-system-90":
+ target => $pam_system,
+ order => "090",
+ pam_facility => $system_90_facility,
+ pam_control => $system_90_control,
+ pam_modulepath => $system_90_modulepath,
+ pam_modopts => $system_90_modopts,
+ }
+
+ pam::insertline{"pam-system-95":
+ target => $pam_system,
+ order => "095",
+ pam_facility => $system_95_facility,
+ pam_control => $system_95_control,
+ pam_modulepath => $system_95_modulepath,
+ pam_modopts => $system_95_modopts,
+ }
+
+ pam::insertline{"pam-system-100":
+ target => $pam_system,
+ order => "100",
+ pam_facility => $system_100_facility,
+ pam_control => $system_100_control,
+ pam_modulepath => $system_100_modulepath,
+ pam_modopts => $system_100_modopts,
+ }
+
+}
diff --git a/modules/pam/manifests/insertline.pp b/modules/pam/manifests/insertline.pp
new file mode 100644
index 0000000..98623b8
--- /dev/null
+++ b/modules/pam/manifests/insertline.pp
@@ -0,0 +1,33 @@
+#/etc/puppet/modules/pam/manifests/insertline.pp
+
+#
+# insertline is used by other modules to insert lines in pam config files
+#
+ define pam::insertline(
+ $pam_facility="",
+ $pam_control="",
+ $pam_modulepath="",
+ $pam_modopts="",
+ $target = "",
+
+
+ $order=40,
+ $commentmarker="#",
+
+
+ ) {
+
+ if $target != "" {
+ $body = "$pam_facility\t\t\t$pam_control\t\t\t$pam_modulepath\t\t\t$pam_modopts"
+ if $body == "" {
+ $body = "$commentmarker Empty line inserted by $name. Check your puppet config."
+ }
+
+ concat::fragment{"insertline_$name":
+ target => $target,
+ order => $order,
+ content => "\n$commentmarker Line inserted by puppet ($name), at order $order.\n$body\n"
+ }
+ }
+}
+
diff --git a/modules/pam/templates/pam_sshd.erb b/modules/pam/templates/pam_sshd.erb
new file mode 100644
index 0000000..fe8e612
--- /dev/null
+++ b/modules/pam/templates/pam_sshd.erb
@@ -0,0 +1,32 @@
+#
+# $FreeBSD: release/10.0.0/etc/pam.d/sshd 197769 2009-10-05 09:28:54Z des $
+#
+# PAM configuration for the "sshd" service
+#
+
+# auth
+auth sufficient pam_opie.so no_warn no_fake_prompts
+auth sufficient /usr/local/lib/pam_ldap.so no_warn
+auth requisite pam_opieaccess.so no_warn allow_local
+#auth sufficient pam_krb5.so no_warn try_first_pass
+#auth sufficient pam_ssh.so no_warn try_first_pass
+auth required pam_unix.so no_warn try_first_pass
+
+# account
+account required pam_nologin.so
+#account required pam_krb5.so
+account required pam_login_access.so
+
+account required /usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user
+
+account required pam_unix.so
+
+# session
+#session optional pam_ssh.so want_agent
+session required /usr/local/lib/pam_mkhomedir.so umask=0077
+session required pam_permit.so
+
+# password
+#password sufficient pam_krb5.so no_warn try_first_pass
+password required pam_unix.so no_warn try_first_pass
+
diff --git a/modules/pam/templates/pam_su.erb b/modules/pam/templates/pam_su.erb
new file mode 100644
index 0000000..0a42448
--- /dev/null
+++ b/modules/pam/templates/pam_su.erb
@@ -0,0 +1,19 @@
+#
+# $FreeBSD: release/10.0.0/etc/pam.d/su 219663 2011-03-15 10:13:35Z des $
+#
+# PAM configuration for the "su" service
+#
+
+# auth
+auth sufficient pam_rootok.so no_warn
+auth sufficient pam_self.so no_warn
+auth requisite pam_group.so no_warn group=wheel root_only fail_safe ruser
+auth include system
+
+# account
+account include system
+
+# session
+session required pam_permit.so
+session required /usr/local/lib/pam_mkhomedir.so umask=0077
+
diff --git a/modules/pam/templates/pam_system.erb b/modules/pam/templates/pam_system.erb
new file mode 100644
index 0000000..d3627f2
--- /dev/null
+++ b/modules/pam/templates/pam_system.erb
@@ -0,0 +1,28 @@
+#
+# $FreeBSD: release/10.0.0/etc/pam.d/system 197769 2009-10-05 09:28:54Z des $
+#
+# System-wide defaults
+#
+
+# auth
+auth sufficient pam_opie.so no_warn no_fake_prompts
+auth sufficient /usr/local/lib/pam_ldap.so no_warn
+auth requisite pam_opieaccess.so no_warn allow_local
+#auth sufficient pam_krb5.so no_warn try_first_pass
+#auth sufficient pam_ssh.so no_warn try_first_pass
+auth required pam_unix.so no_warn try_first_pass nullok
+
+# account
+#account required pam_krb5.so
+account required pam_login_access.so
+account required /usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user
+account required pam_unix.so
+
+# session
+#session optional pam_ssh.so want_agent
+session required /usr/local/lib/pam_mkhomedir.so umask=0022
+session required pam_lastlog.so no_fail
+
+# password
+#password sufficient pam_krb5.so no_warn try_first_pass
+password required pam_unix.so no_warn try_first_pass
diff --git a/modules/pkgng/Gemfile b/modules/pkgng/Gemfile
new file mode 100644
index 0000000..e979a60
--- /dev/null
+++ b/modules/pkgng/Gemfile
@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+gem 'rspec'
+gem 'rspec-mocks'
+gem 'rspec-expectations'
+gem 'puppet'
+gem 'puppet-lint'
diff --git a/modules/pkgng/Gemfile.lock b/modules/pkgng/Gemfile.lock
new file mode 100644
index 0000000..5bb54a0
--- /dev/null
+++ b/modules/pkgng/Gemfile.lock
@@ -0,0 +1,60 @@
+PATH
+ remote: ./puppet
+ specs:
+ puppet (3.4.2)
+ facter (~> 1.5)
+ hiera (~> 1.0)
+
+GEM
+ remote: https://rubygems.org/
+ specs:
+ binding_of_caller (0.7.2)
+ debug_inspector (>= 0.0.1)
+ coderay (1.1.0)
+ columnize (0.3.6)
+ debug_inspector (0.0.2)
+ debugger (1.6.5)
+ columnize (>= 0.3.1)
+ debugger-linecache (~> 1.2.0)
+ debugger-ruby_core_source (~> 1.3.1)
+ debugger-linecache (1.2.0)
+ debugger-ruby_core_source (1.3.1)
+ diff-lcs (1.2.4)
+ facter (1.7.4)
+ hiera (1.3.0)
+ json_pure
+ json_pure (1.8.1)
+ method_source (0.8.2)
+ pry (0.9.12.4)
+ coderay (~> 1.0)
+ method_source (~> 0.8)
+ slop (~> 3.4)
+ pry-debugger (0.2.2)
+ debugger (~> 1.3)
+ pry (~> 0.9.10)
+ pry-stack_explorer (0.4.9.1)
+ binding_of_caller (>= 0.7)
+ pry (>= 0.9.11)
+ puppet-lint (0.3.2)
+ rspec (2.13.0)
+ rspec-core (~> 2.13.0)
+ rspec-expectations (~> 2.13.0)
+ rspec-mocks (~> 2.13.0)
+ rspec-core (2.13.1)
+ rspec-expectations (2.13.0)
+ diff-lcs (>= 1.1.3, < 2.0)
+ rspec-mocks (2.13.1)
+ slop (3.4.7)
+
+PLATFORMS
+ ruby
+
+DEPENDENCIES
+ pry
+ pry-debugger
+ pry-stack_explorer
+ puppet!
+ puppet-lint
+ rspec
+ rspec-expectations
+ rspec-mocks
diff --git a/modules/pkgng/LICENSE b/modules/pkgng/LICENSE
new file mode 100644
index 0000000..c920e01
--- /dev/null
+++ b/modules/pkgng/LICENSE
@@ -0,0 +1,191 @@
+Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ Copyright 2013 Puppet Labs
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
diff --git a/modules/pkgng/Modulefile b/modules/pkgng/Modulefile
new file mode 100644
index 0000000..f525d6c
--- /dev/null
+++ b/modules/pkgng/Modulefile
@@ -0,0 +1,9 @@
+name 'zleslie-pkgng'
+version '0.2.0'
+source 'git://github.com/xaque208/puppet-pkgng.git'
+author 'zleslie'
+license 'Apache License Version 2.0'
+summary 'PkgNG package provider for FreeBSD'
+description 'Includes facts and management class.'
+project_page 'https://github.com/xaque208/puppet-pkgng'
+dependency 'puppetlabs/stdlib'
diff --git a/modules/pkgng/README.md b/modules/pkgng/README.md
new file mode 100644
index 0000000..d078773
--- /dev/null
+++ b/modules/pkgng/README.md
@@ -0,0 +1,52 @@
+Puppet-pkgng
+===
+
+[![Build Status](https://travis-ci.org/xaque208/puppet-pkgng.png)](https://travis-ci.org/xaque208/puppet-pkgng)
+
+
+A package provider for FreeBSD's PkgNG package manager.
+
+This module contains the provider as well as some implementation around
+configuring the pkg.conf file. If you are building your own PkgNG packages,
+you may also want to look at my [poudriere
+module](https://github.com/xaque208/puppet-poudriere).
+
+## Installation
+
+The easiest way to install is to install from the forge.
+
+ puppet module install zleslie/pkgng
+
+Then to configure your system to use a PkgNG, a simple include will do.
+
+ include pkgng
+
+### Installation via r10K
+
+You can also clone this repo to somewhere in your modulepath, or use something
+like [r10k](https://github.com/adrienthebo/r10k) to deploy your modules. R10k
+is sweet. For those not familiar, check out [Finch's blog
+post](http://somethingsinistral.net/blog/rethinking-puppet-deployment/) about
+it.
+
+### Installation via [Librarian-Puppet](http://librarian-puppet.com/)
+
+Installation via Librarian-Puppet is straight forward, simply add the
+following to your `Puppetfile`
+
+```
+mod 'zleslie/pkgng'
+```
+
+## Usage
+
+Once you have the module installed, you can use it by simply adding a site
+default in site.pp that looks like this.
+
+ Package {
+ provider => pkgng
+ }
+
+Now every package that you install will use the PkgNG provider.
+
+
diff --git a/modules/pkgng/Rakefile b/modules/pkgng/Rakefile
new file mode 100644
index 0000000..fea939b
--- /dev/null
+++ b/modules/pkgng/Rakefile
@@ -0,0 +1,66 @@
+# Thank rtyler for donating some code.
+#
+# https://gist.github.com/rtyler/3041462
+#
+LINT_IGNORES = ['rvm']
+
+namespace :ci do
+ task :all do
+ Rake::Task['ci:validate'].invoke
+ Rake::Task['ci:spec'].invoke
+ Rake::Task['ci:lint'].invoke
+ end
+
+ desc "Validate the manifests"
+ task :validate do
+ FileList['**/*.pp'].each do |puppet_file|
+ puts "Validating code parsing for #{puppet_file}"
+ %x{puppet parser validate #{puppet_file}}
+ end
+ end
+
+ desc "Run spec tests"
+ task :spec do
+ puts "Executing spec tests"
+ %x{bundle exec rspec}
+ end
+
+ desc "Check puppet module code style."
+ task :lint do
+ begin
+ require 'puppet-lint'
+ rescue LoadError
+ fail 'Cannot load puppet-lint, did you install it?'
+ end
+
+ success = true
+
+ linter = PuppetLint.new
+ linter.configuration.log_format =
+ '%{path}:%{linenumber}:%{check}:%{KIND}:%{message}'
+
+ lintrc = ".puppet-lintrc"
+ if File.file?(lintrc)
+ File.read(lintrc).each_line do |line|
+ check = line.sub(/--no-([a-zA-Z0-9_]*)-check/, '\1').chomp
+ linter.configuration.send("disable_#{check}")
+ end
+ end
+
+ FileList['**/*.pp'].each do |puppet_file|
+ if puppet_file.start_with? 'modules'
+ parts = puppet_file.split('/')
+ module_name = parts[1]
+ next if LINT_IGNORES.include? module_name
+ end
+
+ puts "Evaluating code style for #{puppet_file}"
+ linter.file = puppet_file
+ linter.run
+ success = false if linter.errors?
+ end
+
+ abort "Checking puppet module code style FAILED" if success.is_a?(FalseClass)
+ end
+end
+
diff --git a/modules/pkgng/lib/facter/pkgng.rb b/modules/pkgng/lib/facter/pkgng.rb
new file mode 100644
index 0000000..35eea97
--- /dev/null
+++ b/modules/pkgng/lib/facter/pkgng.rb
@@ -0,0 +1,32 @@
+
+Facter.add("pkgng_supported") do
+ confine :kernel => "FreeBSD"
+
+ setcode do
+ kernel = Facter.value('kernelversion')
+ if kernel =~ /^(8|9|10|11)(\.[0-9])?/
+ "true"
+ end
+ end
+
+end
+
+Facter.add("pkgng_enabled") do
+ confine :kernel => "FreeBSD"
+
+ setcode do
+ if system("TMPDIR=/dev/null ASSUME_ALWAYS_YES=1 PACKAGESITE=file:///nonexistent pkg info pkg >/dev/null 2>&1")
+ "true"
+ end
+ end
+
+end
+
+Facter.add("pkgng_version") do
+ confine :kernel => "FreeBSD"
+
+ setcode do
+ Facter::Util::Resolution.exec("pkg query %v pkg 2>/dev/null")
+ end
+
+end
diff --git a/modules/pkgng/lib/puppet/provider/package/pkgng.rb b/modules/pkgng/lib/puppet/provider/package/pkgng.rb
new file mode 100644
index 0000000..00584be
--- /dev/null
+++ b/modules/pkgng/lib/puppet/provider/package/pkgng.rb
@@ -0,0 +1,127 @@
+require 'puppet/provider/package'
+
+Puppet::Type.type(:package).provide :pkgng, :parent => Puppet::Provider::Package do
+ desc "A PkgNG provider for FreeBSD."
+
+ commands :pkg => "/usr/local/sbin/pkg"
+
+ confine :operatingsystem => :freebsd
+ defaultfor :operatingsystem => :freebsd if $pkgng_enabled
+
+ has_feature :versionable
+ has_feature :upgradeable
+
+ def self.get_info
+ @pkg_info = @pkg_info || pkg(['info','-ao'])
+ @pkg_info
+ end
+
+ def self.get_version_list
+ @version_list = @version_list || pkg(['version', '-voRL='])
+ @version_list
+ end
+
+ def self.get_latest_version(origin)
+ if latest_version = self.get_version_list.lines.find { |l| l =~ /^#{origin}/ }
+ latest_version = latest_version.split(' ').last.split(')').first
+ return latest_version
+ end
+ nil
+ end
+
+ def self.instances
+ packages = []
+ begin
+ info = self.get_info
+
+ unless info
+ return packages
+ end
+
+ info.lines.each do |line|
+ unless line =~ /\w+-\d.*\s*\w\/\w.*/
+ debug "skipping line: #{line}"
+ next
+ end
+
+ package, origin = line.split
+ pkg_info = package.split('-')
+ version = pkg_info.pop
+ name = pkg_info.join('-')
+ latest_version = get_latest_version(origin) || version
+
+ pkg = {
+ :ensure => version,
+ :name => name,
+ :provider => self.name,
+ :origin => origin,
+ :version => version,
+ :latest => latest_version
+ }
+ packages << new(pkg)
+ end
+
+ return packages
+ rescue Puppet::ExecutionFailure
+ nil
+ end
+ end
+
+ def self.prefetch(resources)
+ packages = instances
+ resources.keys.each do |name|
+ if provider = packages.find{|p| p.name == name or p.origin == name }
+ resources[name].provider = provider
+ end
+ end
+ end
+
+ def install
+ if File.exists?('/usr/local/etc/pkg.conf')
+ pkg(['install', '-qy', resource[:name]])
+ else
+ raise Puppet::Error.new("/usr/local/etc/pkg.conf does not exist")
+ end
+ end
+
+ def uninstall
+ pkg(['remove', '-qy', resource[:name]])
+ end
+
+ def query
+ debug @property_hash
+ if @property_hash[:ensure] == nil
+ return nil
+ else
+ version = @property_hash[:version]
+ return { :version => version }
+ end
+ end
+
+ def version
+ debug @property_hash[:version].inspect
+ @property_hash[:version]
+ end
+
+ def version=
+ pkg(['install', '-qy', "#{resource[:name]}-#{resource[:version]}"])
+ end
+
+ def origin
+ debug @property_hash[:origin].inspect
+ @property_hash[:origin]
+ end
+
+ # Upgrade to the latest version
+ def update
+ debug 'pkgng: update called'
+ install
+ end
+
+ # Returnthe latest version of the package
+ def latest
+ debug "returning the latest #{@property_hash[:name].inspect} version #{@property_hash[:latest].inspect}"
+ @property_hash[:latest]
+ end
+
+end
diff --git a/modules/pkgng/manifests/init.pp b/modules/pkgng/manifests/init.pp
new file mode 100644
index 0000000..d2f6a3e
--- /dev/null
+++ b/modules/pkgng/manifests/init.pp
@@ -0,0 +1,87 @@
+# This configures the PkgNG Package manager on FreeBSD systems, and adds
+# support for managing packages with Puppet. This will eventually be in
+# mainline FreeBSD, but for now, we are leaving the installation up to the
+# adminstrator, since there is no going back.
+# To install PkgNG, one can simply run the following:
+# make -C /usr/ports/ports-mgmg/pkg install clean
+
+class pkgng (
+ $packagesite = $pkgng::params::packagesite,
+ $repo_name = $pkgng::params::repo_name,
+ $srv_mirrors = $pkgng::params::srv_mirrors,
+ $pkg_dbdir = $pkgng::params::pkg_dbdir,
+ $pkg_cachedir = $pkgng::params::pkg_cachedir,
+ $portsdir = $pkgng::params::portsdir,
+) inherits pkgng::params {
+
+ # At the time of this writing, only FreeBSD 9 and 10 are supported by pkgng
+ if $pkgng_supported {
+ $config_content = "PKG_DBDIR: ${pkg_dbdir}\nPKG_CACHEDIR: ${pkg_cachedir}\n"
+
+ if $srv_mirrors == "YES" or $packagesite =~ /^pkg\+http/ {
+ $mirror_type = "SRV"
+ } else {
+ $mirror_type = "HTTP"
+ }
+
+ file { "/usr/local/etc/pkg.conf":
+ notify => Exec['pkg update'],
+ }
+
+ # from pkgng 1.1.4 and up, a different repo format is used
+ if versioncmp($pkgng_version, "1.1.4") >= 0 {
+ # make sure repo config dir is present
+ file { "/usr/local/etc/pkg":
+ ensure => directory,
+ }
+
+ file { "/usr/local/etc/pkg/repos/":
+ ensure => directory,
+ }
+
+ File["/usr/local/etc/pkg.conf"] {
+ content => "${config_content}"
+ }
+
+ file { "/usr/local/etc/pkg/repos/${repo_name}.conf":
+ content => "${repo_name}: {\n url: ${$packagesite},\n mirror_type: ${mirror_type},\n enabled: true,\n}",
+ notify => Exec['pkg update'],
+ }
+ } else {
+ File["/usr/local/etc/pkg.conf"] {
+ content => "PACKAGESITE: ${packagesite}\n${config_content}",
+ }
+ }
+
+ file { "/etc/make.conf":
+ ensure => present,
+ }
+
+ file_line { "WITH_PKGNG":
+ path => '/etc/make.conf',
+ line => "WITH_PKGNG=yes\n",
+ require => File['/etc/make.conf'],
+ }
+
+ # Triggered on config changes
+ exec { "pkg update":
+ path => '/usr/local/sbin',
+ refreshonly => true,
+ command => "pkg -q update -f",
+ }
+
+ # This exec should really on ever be run once, and only upon converting to
+ # pkgng. If you are building up a new system where the only software that
+ # has been installed form ports is the pkgng itself, then the pkg database
+ # is already up to date, and this is not required. As you will see,
+ # refreshonly, but nothing notifies this. I am uncertain at this time how
+ # to proceed, other than manually.
+ exec { "convert pkg database to pkgng":
+ path => '/usr/local/sbin',
+ refreshonly => true,
+ command => "pkg2ng",
+ }
+ } else {
+ notice("pkgng is not supported on this release")
+ }
+}
diff --git a/modules/pkgng/manifests/params.pp b/modules/pkgng/manifests/params.pp
new file mode 100644
index 0000000..d847839
--- /dev/null
+++ b/modules/pkgng/manifests/params.pp
@@ -0,0 +1,8 @@
+class pkgng::params {
+ $repo_name = "FreeBSD"
+ $packagesite = 'pkg+http://pkg.FreeBSD.org/${ABI}/latest'
+ $srv_mirrors = 'NO'
+ $pkg_dbdir = '/var/db/pkg'
+ $pkg_cachedir = '/var/cache/pkg'
+ $portsdir = '/usr/ports'
+}
diff --git a/modules/pkgng/metadata.json b/modules/pkgng/metadata.json
new file mode 100644
index 0000000..0855003
--- /dev/null
+++ b/modules/pkgng/metadata.json
@@ -0,0 +1,36 @@
+{
+ "name": "zleslie-pkgng",
+ "version": "0.2.0",
+ "source": "git://github.com/xaque208/puppet-pkgng.git",
+ "author": "zleslie",
+ "license": "Apache License Version 2.0",
+ "summary": "PkgNG package provider for FreeBSD",
+ "description": "Includes facts and management class.",
+ "project_page": "https://github.com/xaque208/puppet-pkgng",
+ "dependencies": [
+ {
+ "name": "puppetlabs/stdlib"
+ }
+ ],
+ "types": [
+
+ ],
+ "checksums": {
+ "Gemfile": "177fcc8fefcba41f3f99c4f8b27252cc",
+ "Gemfile.lock": "183832f371d794300597a4db43e9a74e",
+ "LICENSE": "974ba50a88ee58f288764b2c22d9acfc",
+ "Modulefile": "6989f894ceb3d651e30f105ad20b2602",
+ "README.md": "48efdf1fa8841278d9a821a399fef9d0",
+ "Rakefile": "4b094da49cc9fb042f171245046bd0ed",
+ "lib/facter/pkgng.rb": "c04577e865e01eeb1cc2c428f54e2c85",
+ "lib/puppet/provider/package/pkgng.rb": "11e3b20ca6888a6c51bfab062994e2b8",
+ "manifests/init.pp": "737ce7bff0ad543516e689340337c692",
+ "manifests/params.pp": "6a93af8f77993fdf4ea42b061e23ee91",
+ "spec/fixtures/pkg.info": "fc23a2d6192aed58620b3404769f32d9",
+ "spec/fixtures/pkg.query": "5ccc366aca3dd348433d63de2df84a65",
+ "spec/fixtures/pkg.query_absent": "99a35ce836720a94297ae65653b501da",
+ "spec/fixtures/pkg.version": "b999cb380debb4573809d6d122e57c94",
+ "spec/spec_helper.rb": "9cd8b7c674491c0f9b7220e1dd986e04",
+ "spec/unit/puppet/provider/pkgng_spec.rb": "a4f90889d5335983a09eb1abc19c1d5d"
+ }
+}
\ No newline at end of file
diff --git a/modules/pkgng/spec/fixtures/pkg.info b/modules/pkgng/spec/fixtures/pkg.info
new file mode 100644
index 0000000..49cdc9c
--- /dev/null
+++ b/modules/pkgng/spec/fixtures/pkg.info
@@ -0,0 +1,12 @@
+====== BEGIN pkg.conf ======
+"PACKAGESITE": "http://pkgbeta.freebsd.org/freebsd:9:amd64/latest/"
+
+====== END pkg.conf ======
+pkg: PACKAGESITE in pkg.conf is deprecated. Please create a repository configuration file
+ca_root_nss-3.15.3.1 security/ca_root_nss
+curl-7.33.0 ftp/curl
+gnupg-2.0.22 security/gnupg
+mcollective-2.2.4 sysutils/mcollective
+nmap-6.40 security/nmap
+pkg-1.2.4_1 ports-mgmt/pkg
+zsh-5.0.2_1 shells/zsh
diff --git a/modules/pkgng/spec/fixtures/pkg.query b/modules/pkgng/spec/fixtures/pkg.query
new file mode 100644
index 0000000..1907e19
--- /dev/null
+++ b/modules/pkgng/spec/fixtures/pkg.query
@@ -0,0 +1 @@
+zsh-5.0.2 The Z shell
diff --git a/modules/pkgng/spec/fixtures/pkg.query_absent b/modules/pkgng/spec/fixtures/pkg.query_absent
new file mode 100644
index 0000000..77c851d
--- /dev/null
+++ b/modules/pkgng/spec/fixtures/pkg.query_absent
@@ -0,0 +1 @@
+pkg: No package(s) matching bash
diff --git a/modules/pkgng/spec/fixtures/pkg.version b/modules/pkgng/spec/fixtures/pkg.version
new file mode 100644
index 0000000..84d082d
--- /dev/null
+++ b/modules/pkgng/spec/fixtures/pkg.version
@@ -0,0 +1,2 @@
+ftp/curl < needs updating (index has 7.33.0_2)
+shells/zsh < needs updating (index has 5.0.4)
diff --git a/modules/pkgng/spec/spec_helper.rb b/modules/pkgng/spec/spec_helper.rb
new file mode 100644
index 0000000..6ac34db
--- /dev/null
+++ b/modules/pkgng/spec/spec_helper.rb
@@ -0,0 +1,6 @@
+dir = File.expand_path(File.dirname(__FILE__))
+$LOAD_PATH.unshift File.join(dir, 'lib')
+
+require 'puppet'
+
+gem 'rspec'
diff --git a/modules/pkgng/spec/unit/puppet/provider/pkgng_spec.rb b/modules/pkgng/spec/unit/puppet/provider/pkgng_spec.rb
new file mode 100644
index 0000000..ebc495b
--- /dev/null
+++ b/modules/pkgng/spec/unit/puppet/provider/pkgng_spec.rb
@@ -0,0 +1,132 @@
+#! /usr/bin/env ruby
+require 'spec_helper'
+require 'puppet/provider/package/pkgng'
+
+provider_class = Puppet::Type.type(:package).provider(:pkgng)
+
+describe provider_class do
+ let(:name) { 'bash' }
+ let(:pkgng) { 'pkgng' }
+
+ let(:resource) do
+ # When bash is not present
+ Puppet::Type.type(:package).new(:name => name, :provider => pkgng)
+ end
+
+ let(:installed_resource) do
+ # When zsh is present
+ Puppet::Type.type(:package).new(:name => 'zsh', :provider => pkgng)
+ end
+
+ let(:latest_resource) do
+ # When curl is installed but not the latest
+ Puppet::Type.type(:package).new(:name => 'ftp/curl', :provider => pkgng, :ensure => latest)
+ end
+
+ let (:provider) { resource.provider }
+
+ def run_in_catalog(*resources)
+ catalog = Puppet::Resource::Catalog.new
+ catalog.host_config = false
+ resources.each do |resource|
+ #resource.expects(:err).never
+ catalog.add_resource(resource)
+ end
+ catalog.apply
+ end
+
+ before do
+ provider_class.stub(:command).with(:pkg) {'/usr/local/sbin/pkg'}
+ provider.stub(:command).with(:pkg) {'/usr/local/sbin/pkg'}
+
+ info = File.read('spec/fixtures/pkg.info')
+ provider_class.stub(:get_info) { info }
+
+ version_list = File.read('spec/fixtures/pkg.version')
+ provider_class.stub(:get_version_list) { version_list }
+ end
+
+ context "::instances" do
+ it "should return the empty set if no packages are listed" do
+ provider_class.stub(:get_info) { '' }
+ provider_class.stub(:get_version_list) { '' }
+ provider_class.instances.should be_empty
+ end
+
+ it "should return all packages when invoked" do
+ provider_class.instances.map(&:name).sort.should ==
+ %w{ca_root_nss curl nmap pkg gnupg mcollective zsh}.sort
+ end
+
+ it "should set latest to current version when no upgrade available" do
+ nmap = provider_class.instances.find {|i| i.properties[:origin] == 'security/nmap' }
+
+ nmap.properties[:version].should == nmap.properties[:latest]
+ end
+
+ describe "version" do
+ it "should retrieve the correct version of the current package" do
+ zsh = provider_class.instances.find {|i| i.properties[:origin] == 'shells/zsh' }
+ zsh.properties[:version].should == '5.0.2_1'
+ end
+ end
+ end
+
+ context "#install" do
+ it "should fail if pkg.conf does not exist" do
+ File.stub(:exist?).with('/usr/local/etc/pkg.conf') { false }
+ expect{ provider.install }.to raise_error(Puppet::Error, /pkg.conf does not exist/)
+ end
+ end
+
+ context "#query" do
+ # This is being commented out as I am not sure how to test the code when
+ # using prefetching. I somehow need to pass a fake resources object into
+ # #prefetch so that it can build the @property_hash, but I am not sure how.
+ #
+ #it "should return the installed version if present" do
+ # fixture = File.read('spec/fixtures/pkg.query')
+ # provider_class.stub(:get_resource_info) { fixture }
+ # resource[:name] = 'zsh'
+ # expect(provider.query).to eq({:version=>'5.0.2'})
+ #end
+
+ it "should return nil if not present" do
+ fixture = File.read('spec/fixtures/pkg.query_absent')
+ provider_class.stub(:get_resource_info).with('bash') { fixture }
+ expect(provider.query).to equal(nil)
+ end
+ end
+
+ describe "latest" do
+ it "should retrieve the correct version of the latest package" do
+ provider.latest.should_not nil
+ end
+
+ it "should set latest to newer package version when available" do
+ instances = provider_class.instances
+ curl = instances.find {|i| i.properties[:origin] == 'ftp/curl' }
+ curl.properties[:latest].should == "7.33.0_2"
+ end
+
+ it "should call update to upgrade the version" do
+ resource = Puppet::Type.type(:package).new(
+ :name => 'ftp/curl',
+ :provider => pkgng,
+ :ensure => :latest
+ )
+
+
+ resource.provider.should_receive(:update)
+
+ resource.property(:ensure).sync
+ end
+ end
+
+ describe "get_latest_version" do
+ it "should rereturn nil when the current package is the latest" do
+ nmap_latest_version = provider_class.get_latest_version('security/nmap')
+ nmap_latest_version.should be_nil
+ end
+ end
+end
diff --git a/modules/subversionclient/data/common.yaml b/modules/subversionclient/data/common.yaml
new file mode 100644
index 0000000..cd21505
--- /dev/null
+++ b/modules/subversionclient/data/common.yaml
@@ -0,0 +1,2 @@
+---
+
diff --git a/modules/subversionclient/data/freebsd/100release.yaml b/modules/subversionclient/data/freebsd/100release.yaml
new file mode 100644
index 0000000..c3b635b
--- /dev/null
+++ b/modules/subversionclient/data/freebsd/100release.yaml
@@ -0,0 +1,4 @@
+---
+
+
+
diff --git a/modules/subversionclient/data/hiera.yaml b/modules/subversionclient/data/hiera.yaml
new file mode 100644
index 0000000..3b1cda3
--- /dev/null
+++ b/modules/subversionclient/data/hiera.yaml
@@ -0,0 +1,4 @@
+---
+:hierarchy:
+ - "%{asf_osname}/%{asf_osrelease}"
+ - "common"
diff --git a/modules/subversionclient/data/ubuntu/1404.yaml b/modules/subversionclient/data/ubuntu/1404.yaml
new file mode 100644
index 0000000..27c3b65
--- /dev/null
+++ b/modules/subversionclient/data/ubuntu/1404.yaml
@@ -0,0 +1,8 @@
+---
+
+subversionclient::packages:
+ - subversion
+
+subversionclient::svn_conf_config: '/etc/subversion/config'
+subversionclient::svn_conf_servers: '/etc/subversion/servers'
+
diff --git a/modules/subversionclient/files/config b/modules/subversionclient/files/config
new file mode 100644
index 0000000..11500bb
--- /dev/null
+++ b/modules/subversionclient/files/config
@@ -0,0 +1,132 @@
+[auth]
+store-passwords = no
+
+[auto-props]
+INSTALL = svn:eol-style=native
+KEYS = svn:eol-style=native
+Makefile = svn:eol-style=native
+LICENSE = svn:eol-style=native
+NOTICE = svn:eol-style=native
+README = svn:eol-style=native
+abs-linkmap = svn:eol-style=native
+abs-menulinks = svn:eol-style=native
+*.aart = svn:eol-style=native
+*.ac = svn:eol-style=native
+*.am = svn:eol-style=native
+*.apt = svn:eol-style=native
+*.bat = svn:eol-style=native
+*.bsh = svn:eol-style=native
+*.c = svn:eol-style=native
+*.cat = svn:eol-style=native
+*.cgi = svn:eol-style=native
+*.classpath = svn:eol-style=native
+*.cmd = svn:eol-style=native
+*.cnd = svn:eol-style=native
+*.conf = svn:eol-style=native
+*.config = svn:eol-style=native
+*.cpp = svn:eol-style=native
+*.css = svn:eol-style=native
+*.cwiki = svn:eol-style=native
+*.data = svn:eol-style=native
+*.dcl = svn:eol-style=native
+*.doc = svn:mime-type=application/msword
+*.dsp = svn:eol-style=CRLF
+*.dsw = svn:eol-style=CRLF
+*.dtd = svn:eol-style=native
+*.egrm = svn:eol-style=native
+*.ent = svn:eol-style=native
+*.ft = svn:eol-style=native
+*.fn = svn:eol-style=native
+*.fv = svn:eol-style=native
+*.g = svn:eol-style=native
+*.gif = svn:mime-type=image/gif
+*.grm = svn:eol-style=native
+*.gz = svn:mime-type=application/x-gzip
+*.h = svn:eol-style=native
+*.htc = svn:eol-style=native
+.htaccess = svn:eol-style=native
+*.handlers = svn:eol-style=native
+*.html = svn:eol-style=native
+*.ico = svn:mime-type=image/x-icon
+*.ihtml = svn:eol-style=native
+*.in = svn:eol-style=native
+*.java = svn:eol-style=native
+*.jmx = svn:eol-style=LF
+*.jpg = svn:mime-type=image/jpeg
+*.jsp = svn:eol-style=native
+*.js = svn:eol-style=native
+*.junit = svn:eol-style=native
+*.jx = svn:eol-style=native
+*.m = svn:eol-style=native
+*.m4 = svn:eol-style=native
+*.manifest = svn:eol-style=native
+*.mdo = svn:eol-style=native
+# markdown (CMS)
+*.mdtext = svn:eol-style=native
+*.md = svn:eol-style=native
+*.meta = svn:eol-style=native
+*.mf = svn:eol-style=native
+*.MF = svn:eol-style=native
+*.mod = svn:eol-style=native
+*.ms = svn:eol-style=native
+*.n3 = svn:eol-style=native
+*.nroff = svn:eol-style=native
+*.patch = svn:eol-style=native
+*.pdf = svn:mime-type=application/pdf
+*.pen = svn:eol-style=native
+*.php = svn:eol-style=native
+*.pl = svn:eol-style=native
+*.pm = svn:eol-style=native
+*.png = svn:mime-type=image/png
+*.pod = svn:eol-style=native
+*.pom = svn:eol-style=native
+*.project = svn:eol-style=native
+*.properties = svn:eol-style=native
+*.py = svn:eol-style=native
+*.rb = svn:eol-style=native
+*.rdf = svn:eol-style=native
+*.rnc = svn:eol-style=native
+*.rng = svn:eol-style=native
+*.rnx = svn:eol-style=native
+*.roles = svn:eol-style=native
+*.rss = svn:eol-style=native
+# Restructured text (CMS)
+*.rst = svn:eol-style=native
+*.scala = svn:eol-style=native
+*.schemas = svn:eol-style=native
+*.sh = svn:eol-style=native
+*.sql = svn:eol-style=native
+*.svg = svn:eol-style=native
+*.tar = svn:mime-type=application/octet-stream
+*.tgz = svn:mime-type=application/octet-stream
+*.tif = svn:mime-type=image/tiff
+*.tiff = svn:mime-type=image/tiff
+*.tld = svn:eol-style=native
+*.txt = svn:eol-style=native
+*.types = svn:eol-style=native
+*.vm = svn:eol-style=native
+*.vsl = svn:eol-style=native
+*.wsdd = svn:eol-style=native
+*.wsdl = svn:eol-style=native
+*.xargs = svn:eol-style=native
+*.xcat = svn:eol-style=native
+*.xconf = svn:eol-style=native
+*.xegrm = svn:eol-style=native
+*.xgrm = svn:eol-style=native
+*.xhtml = svn:eol-style=native
+*.xhtml2 = svn:eol-style=native
+*.xlex = svn:eol-style=native
+*.xlog = svn:eol-style=native
+*.xmap = svn:eol-style=native
+*.xml = svn:eol-style=native
+*.xroles = svn:eol-style=native
+*.xsamples = svn:eol-style=native
+*.xsd = svn:eol-style=native
+*.xsl = svn:eol-style=native
+*.xslt = svn:eol-style=native
+*.xsp = svn:eol-style=native
+*.xtest = svn:eol-style=native
+*.xul = svn:eol-style=native
+*.xweb = svn:eol-style=native
+*.xwelcome = svn:eol-style=native
+
diff --git a/modules/subversionclient/files/servers b/modules/subversionclient/files/servers
new file mode 100644
index 0000000..1c6c02c
--- /dev/null
+++ b/modules/subversionclient/files/servers
@@ -0,0 +1,4 @@
+[global]
+store-passwords = no
+store-ssl-client-cert-pp = no
+
diff --git a/modules/subversionclient/manifests/init.pp b/modules/subversionclient/manifests/init.pp
new file mode 100644
index 0000000..9ebc24d
--- /dev/null
+++ b/modules/subversionclient/manifests/init.pp
@@ -0,0 +1,24 @@
+#/etc/puppet/modules/subversionclient/manifests/init.pp
+
+class subversionclient (
+ $packages = [],
+ $svn_conf_config = '',
+ $svn_conf_servers = '',
+
+) {
+
+ package { $packages:
+ ensure => installed,
+ }
+
+ file {
+ "$svn_conf_config":
+ source => 'puppet:///modules/subversionclient/config',
+ owner => 'root',
+ mode => '640';
+ "$svn_conf_servers":
+ source => 'puppet:///modules/subversionclient/servers',
+ owner => 'root',
+ mode => '640';
+ }
+}
diff --git a/modules/sudoers/data/freebsd/100release.yaml b/modules/sudoers/data/freebsd/100release.yaml
new file mode 100644
index 0000000..5e79337
--- /dev/null
+++ b/modules/sudoers/data/freebsd/100release.yaml
@@ -0,0 +1,8 @@
+---
+
+sudoers::sudoers_packages:
+ - 'sudo-1.8.10.p2'
+
+sudoers::sudoers_file: '/usr/local/etc/sudoers'
+sudoers::sudoers_template: '/usr/local/etc/puppet/modules/sudoers/templates/%{operatingsystem}-%{asf_osrelease}_sudoers.erb'
+
diff --git a/modules/sudoers/data/hiera.yaml b/modules/sudoers/data/hiera.yaml
new file mode 100644
index 0000000..3b1cda3
--- /dev/null
+++ b/modules/sudoers/data/hiera.yaml
@@ -0,0 +1,4 @@
+---
+:hierarchy:
+ - "%{asf_osname}/%{asf_osrelease}"
+ - "common"
diff --git a/modules/sudoers/data/ubuntu/1404.yaml b/modules/sudoers/data/ubuntu/1404.yaml
new file mode 100644
index 0000000..a93b5e7
--- /dev/null
+++ b/modules/sudoers/data/ubuntu/1404.yaml
@@ -0,0 +1,8 @@
+---
+
+sudoers::sudoers_packages:
+ - 'sudo'
+
+sudoers::sudoers_file: '/etc/sudoers'
+sudoers::sudoers_template: '/usr/local/etc/puppet/modules/sudoers/templates/ubuntu_1404_sudoers.erb'
+
diff --git a/modules/sudoers/manifests/init.pp b/modules/sudoers/manifests/init.pp
new file mode 100644
index 0000000..5314e89
--- /dev/null
+++ b/modules/sudoers/manifests/init.pp
@@ -0,0 +1,18 @@
+#/etc/puppet/modules/sudoers/manifests/init.pp
+
+class sudoers (
+ $sudoers_packages = [],
+ $pkgprovider = '',
+ $sudoers_file = '',
+ $sudoers_template = '',
+) {
+
+ package { $sudoers_packages:
+ ensure => installed,
+ }
+
+ class { "sudoers::install::${asf_osname}::${asf_osrelease}":
+ }
+
+
+}
diff --git a/modules/sudoers/manifests/install/freebsd/100release.pp b/modules/sudoers/manifests/install/freebsd/100release.pp
new file mode 100644
index 0000000..4564f4a
--- /dev/null
+++ b/modules/sudoers/manifests/install/freebsd/100release.pp
@@ -0,0 +1,7 @@
+class sudoers::install::freebsd::100release (
+) {
+
+ file {'/etc/sudoers':
+ content => template('/usr/local/etc/puppet/modules/sudoers/templates/freebsd_100release_sudoers.erb');
+ }
+}
diff --git a/modules/sudoers/manifests/install/ubuntu/1404.pp b/modules/sudoers/manifests/install/ubuntu/1404.pp
new file mode 100644
index 0000000..4411b47
--- /dev/null
+++ b/modules/sudoers/manifests/install/ubuntu/1404.pp
@@ -0,0 +1,7 @@
+class sudoers::install::ubuntu::1404 (
+) {
+
+ file {'/etc/sudoers':
+ content => template('/usr/local/etc/puppet/modules/sudoers/templates/ubuntu_1404_sudoers.erb');
+ }
+}
diff --git a/modules/sudoers/templates/freebsd_100release_sudoers.erb b/modules/sudoers/templates/freebsd_100release_sudoers.erb
new file mode 100644
index 0000000..e69de29
diff --git a/modules/sudoers/templates/ubuntu_1404_sudoers.erb b/modules/sudoers/templates/ubuntu_1404_sudoers.erb
new file mode 100644
index 0000000..e69de29
diff --git a/puppet.conf b/puppet.conf
new file mode 100644
index 0000000..da87e63
--- /dev/null
+++ b/puppet.conf
@@ -0,0 +1,1125 @@
+# The configuration file for master. Note that this file
+# is likely to have unused configuration parameters in it; any parameter that's
+# valid anywhere in Puppet can be in any config file, even if it's not used.
+#
+# Every section can specify three special parameters: owner, group, and mode.
+# These parameters affect the required permissions of any files specified after
+# their specification. Puppet will sometimes use these parameters to check its
+# own configured state, so they can be used to make Puppet a bit more self-managing.
+#
+# The file format supports octothorpe-commented lines, but not partial-line comments.
+#
+# Generated on 2014-04-03 11:23:47 +0000.
+#
+[master]
+ # The main Puppet configuration directory. The default for this setting is calculated based on the user. If the process
+ # is running as root or the user that Puppet is supposed to run as, it defaults to a system directory, but if it's running as any other user,
+ # it defaults to being in the user's home directory.
+ # The default value is '/usr/local/etc/puppet'.
+ confdir = /usr/local/etc/puppet
+
+ # Where Puppet stores dynamic and growing data. The default for this setting is calculated specially, like `confdir`_.
+ # The default value is '/var/lib/puppet'.
+ vardir = /var/puppet
+
+ # The name of the application, if we are running as one. The
+ # default is essentially $0 without the path or `.rb`.
+ # The default value is 'master'.
+ name = master
+
+ # The directory in which to store log files
+ # The default value is '/var/log/puppet'.
+ logdir = /var/log/puppet
+
+ # Whether to print stack traces on some errors
+ trace = false
+
+ # Whether to enable experimental performance profiling
+ # profile = false
+
+ # Whether log files should always flush to disk.
+ # The default value is 'true'.
+ # autoflush = true
+
+ # What syslog facility to use when logging to
+ # syslog. Syslog has a fixed list of valid facilities, and you must
+ # choose one of those; you cannot just make one up.
+ # The default value is 'daemon'.
+ syslogfacility = daemon
+
+ # The directory where Puppet state is stored. Generally,
+ # this directory can be removed without causing harm (although it
+ # might result in spurious service restarts).
+ # The default value is '$vardir/state'.
+ #statedir = /var/puppet/lib/state
+
+ # Where Puppet PID files are kept.
+ # The default value is '/var/run/puppet'.
+ rundir = /var/run/puppet
+
+ # Whether to just print a manifest to stdout and exit. Only makes
+ # sense when used interactively. Takes into account arguments specified
+ # on the CLI.
+ # genmanifest = false
+
+ # Print the value of a specific configuration setting. If the name of a
+ # setting is provided for this, then the value is printed and puppet
+ # exits. Comma-separate multiple values. For a list of all values,
+ # specify 'all'.
+ # The default value is ''.
+ # configprint =
+
+ # Whether to use colors when logging to the console. Valid values are
+ # `ansi` (equivalent to `true`), `html`, and `false`, which produces no color.
+ # Defaults to false on Windows, as its console does not support ansi colors.
+ # The default value is 'ansi'.
+ # color = ansi
+
+ # Whether to create the necessary user and group that puppet agent will run as.
+ # mkusers = false
+
+ # Whether Puppet should manage the owner, group, and mode of files it uses internally
+ # The default value is 'true'.
+ # manage_internal_file_permissions = true
+
+ # Run the configuration once, rather than as a long-running
+ # daemon. This is useful for interactively running puppetd.
+ # onetime = false
+
+ # The shell search path. Defaults to whatever is inherited
+ # from the parent process.
+ # The default value is 'none'.
+ # path = none
+
+ # An extra search path for Puppet. This is only useful
+ # for those files that Puppet will load on demand, and is only
+ # guaranteed to work for those cases. In fact, the autoload
+ # mechanism is responsible for making sure this directory
+ # is in Ruby's search path
+
+ # The default value is '$vardir/lib'.
+ #libdir = /var/puppet/lib
+
+ # If true, allows the parser to continue without requiring
+ # all files referenced with `import` statements to exist. This setting was primarily
+ # designed for use with commit hooks for parse-checking.
+ # ignoreimport = false
+
+ # The environment Puppet is running in. For clients
+ # (e.g., `puppet agent`) this determines the environment itself, which
+ # is used to find modules and much more. For servers (i.e., `puppet master`)
+ # this provides the default environment for nodes we know nothing about.
+ # The default value is 'production'.
+ # environment = production
+
+ # Which arguments to pass to the diff command when printing differences between
+ # files. The command to use can be chosen with the `diff` setting.
+ # The default value is '-u'.
+ # diff_args = -u
+
+ # Which diff command to use when printing differences between files. This setting
+ # has no default value on Windows, as standard `diff` is not available, but Puppet can use many
+ # third-party diff tools.
+ # The default value is 'diff'.
+ # diff = diff
+
+ # Whether to log and report a contextual diff when files are being replaced. This causes
+ # partial file contents to pass through Puppet's normal logging and reporting system, so this setting
+ # should be used with caution if you are sending Puppet's reports to an insecure destination.
+ # This feature currently requires the `diff/lcs` Ruby library.
+ # show_diff = false
+
+ # Whether to send the process into the background. This defaults to true on POSIX systems,
+ # and to false on Windows (where Puppet currently cannot daemonize).
+ # The default value is 'true'.
+ # daemonize = true
+
+ # The maximum allowed UID. Some platforms use negative UIDs
+ # but then ship with tools that do not know how to handle signed ints, so the UIDs show up as
+ # huge numbers that can then not be fed back into the system. This is a hackish way to fail in a
+ # slightly more useful way when that happens.
+ # The default value is '4294967290'.
+ # maximum_uid = 4294967290
+
+ # The YAML file containing indirector route configuration.
+ # The default value is '$confdir/routes.yaml'.
+ route_file = /usr/local/etc/puppet/routes.yaml
+
+ # Where to find information about nodes.
+ # The default value is 'plain'.
+ node_terminus = plain
+
+ # How to store cached nodes.
+ # Valid values are (none), 'json', 'yaml' or write only yaml ('write_only_yaml').
+ # The master application defaults to 'write_only_yaml', all others to none.
+ # The default value is 'write_only_yaml'.
+ node_cache_terminus = write_only_yaml
+
+ # Where to retrive information about data.
+ # The default value is 'hiera'.
+ data_binding_terminus = hiera
+
+ # The hiera configuration file. Puppet only reads this file on startup, so you must restart the puppet master every time you edit it.
+ # The default value is '$confdir/hiera.yaml'.
+ hiera_config = /usr/local/etc/puppet/hiera.yaml
+
+ # Turns the binding system on or off. This includes hiera-2 and data in modules. The binding system aggregates data from
+ # modules and other locations and makes them available for lookup. The binding system is experimental and any or all of it may change.
+ # binder = false
+
+ # The binder configuration file. Puppet reads this file on each request to configure the bindings system.
+ # If set to nil (the default), a $confdir/binder_config.yaml is optionally loaded. If it does not exists, a default configuration
+ # is used. If the setting :binding_config is specified, it must reference a valid and existing yaml file.
+ # binder_config =
+
+ # Where to get node catalogs. This is useful to change if, for instance,
+ # you'd like to pre-compile catalogs and store them in memcached or some other easily-accessed store.
+ # The default value is 'compiler'.
+ catalog_terminus = compiler
+
+ # How to store cached catalogs. Valid values are 'json' and 'yaml'. The agent application defaults to 'json'.
+ # catalog_cache_terminus =
+
+ # The node facts terminus.
+ # The default value is 'yaml'.
+ facts_terminus = yaml
+
+ # Should usually be the same as the facts terminus
+ # The default value is '$facts_terminus'.
+ inventory_terminus = yaml
+
+ # The default source for files if no server is given in a
+ # uri, e.g. puppet:///file. The default of `rest` causes the file to be
+ # retrieved using the `server` setting. When running `apply` the default
+ # is `file_server`, causing requests to be filled locally.
+ # The default value is 'rest'.
+ default_file_terminus = rest
+
+ # Where the puppet agent web server logs.
+ # The default value is '$logdir/http.log'.
+ httplog = /var/log/puppet/http.log
+
+ # The HTTP proxy host to use for outgoing connections. Note: You
+ # may need to use a FQDN for the server hostname when using a proxy.
+ # The default value is 'none'.
+ # http_proxy_host = none
+
+ # The HTTP proxy port to use for outgoing connections
+ # The default value is '3128'.
+ # http_proxy_port = 3128
+
+ # The minimum time to wait between checking for updates in
+ # configuration files. This timeout determines how quickly Puppet checks whether
+ # a file (such as manifests or templates) has changed on disk. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y).
+ # The default value is '15s'.
+ filetimeout = 15
+
+ # Which type of queue to use for asynchronous processing.
+ # The default value is 'stomp'.
+ # queue_type = stomp
+
+ # Which type of queue to use for asynchronous processing. If your stomp server requires
+ # authentication, you can include it in the URI as long as your stomp client library is at least 1.1.1
+ # The default value is 'stomp://localhost:61613/'.
+ # queue_source = stomp://localhost:61613/
+
+ # Whether to use a queueing system to provide asynchronous database integration.
+ # Requires that `puppet queue` be running.
+ # async_storeconfigs = false
+
+ # Boolean; whether Puppet should store only facts and exported resources in the storeconfigs
+ # database. This will improve the performance of exported resources with the older
+ # `active_record` backend, but will disable external tools that search the storeconfigs database.
+ # Thinning catalogs is generally unnecessary when using PuppetDB to store catalogs.
+ # thin_storeconfigs = false
+
+ # How to determine the configuration version. By default, it will be the
+ # time that the configuration is parsed, but you can provide a shell script to override how the
+ # version is determined. The output of this script will be added to every log message in the
+ # reports, allowing you to correlate changes on your hosts to the source version on the server.
+ # The default value is ''.
+ # config_version =
+
+ # Boolean; whether to use the zlib library
+ # The default value is 'true'.
+ # zlib = true
+
+ # A command to run before every agent run. If this command returns a non-zero
+ # return code, the entire Puppet run will fail.
+ # The default value is ''.
+ # prerun_command =
+
+ # A command to run after every agent run. If this command returns a non-zero
+ # return code, the entire Puppet run will be considered to have failed, even though it might have
+ # performed work during the normal run.
+ # The default value is ''.
+ # postrun_command =
+
+ # Freezes the 'main' class, disallowing any code to be added to it. This
+ # essentially means that you can't have any code outside of a node, class, or definition other
+ # than in the site manifest.
+ # freeze_main = false
+
+ # Flatten fact values to strings using #to_s. Means you can't have arrays or hashes as fact values.
+ # The default value is 'true'.
+ # stringify_facts = true
+
+ # The name to use when handling certificates. Defaults
+ # to the fully qualified domain name.
+ # The default value is 'puppet3.apache.org'.
+ certname = devops.apache.org
+
+ # The `certdnsnames` setting is no longer functional,
+ # after CVE-2011-3872. We ignore the value completely.
+ # For your own certificate request you can set `dns_alt_names` in the
+ # configuration and it will apply locally. There is no configuration option to
+ # set DNS alt names, or any other `subjectAltName` value, for another nodes
+ # certificate.
+ # Alternately you can use the `--dns_alt_names` command line option to set the
+ # labels added while generating your own CSR.
+
+ # The default value is ''.
+ # certdnsnames =
+
+ # The comma-separated list of alternative DNS names to use for the local host.
+ # When the node generates a CSR for itself, these are added to the request
+ # as the desired `subjectAltName` in the certificate: additional DNS labels
+ # that the certificate is also valid answering as.
+ # This is generally required if you use a non-hostname `certname`, or if you
+ # want to use `puppet kick` or `puppet resource -H` and the primary certname
+ # does not match the DNS name you use to communicate with the host.
+ # This is unnecessary for agents, unless you intend to use them as a server for
+ # `puppet kick` or remote `puppet resource` management.
+ # It is rarely necessary for servers; it is usually helpful only if you need to
+ # have a pool of multiple load balanced masters, or for the same master to
+ # respond on two physically separate networks under different names.
+
+ # The default value is ''.
+ # dns_alt_names = 'puppet.jails.apache.org,puppet.apache.org,puppet3.apache.org'
+
+ # The certificate directory.
+ # The default value is '$ssldir/certs'.
+ certdir = /var/puppet/ssl/certs
+
+ # Where SSL certificates are kept.
+ # The default value is '/var/puppet/ssl'.
+ # ssldir = /var/puppet/ssl
+
+ # The public key directory.
+ # The default value is '$ssldir/public_keys'.
+ publickeydir = /var/puppet/ssl/public_keys
+
+ # Where host certificate requests are stored.
+ # The default value is '$ssldir/certificate_requests'.
+ requestdir = /var/puppet/ssl/certificate_requests
+
+ # The private key directory.
+ # The default value is '$ssldir/private_keys'.
+ privatekeydir = /var/puppet/ssl/private_keys
+
+ # Where the client stores private certificate information.
+ # The default value is '$ssldir/private'.
+ privatedir = /var/puppet/ssl/private
+
+ # Where puppet agent stores the password for its private key.
+ # Generally unused.
+ # The default value is '$privatedir/password'.
+ passfile = /var/puppet/ssl/private/password
+
+ # Where individual hosts store and look for their certificate requests.
+ # The default value is '$ssldir/csr_$certname.pem'.
+ hostcsr = /var/puppet/ssl/csr_puppet3.apache.org.pem
+
+ # Where individual hosts store and look for their certificates.
+ # The default value is '$certdir/$certname.pem'.
+ hostcert = /var/puppet/ssl/certs/puppet3.apache.org.pem
+
+ # Where individual hosts store and look for their private key.
+ # The default value is '$privatekeydir/$certname.pem'.
+ hostprivkey = /var/puppet/ssl/private_keys/puppet3.apache.org.pem
+
+ # Where individual hosts store and look for their public key.
+ # The default value is '$publickeydir/$certname.pem'.
+ hostpubkey = /var/puppet/ssl/public_keys/puppet3.apache.org.pem
+
+ # Where each client stores the CA certificate.
+ # The default value is '$certdir/ca.pem'.
+ localcacert = /var/puppet/ssl/certs/ca.pem
+
+ # Certificate authorities who issue server certificates. SSL servers will not be
+ # considered authentic unless they posses a certificate issued by an authority
+ # listed in this file. If this setting has no value then the Puppet master's CA
+ # certificate (localcacert) will be used.
+ # ssl_client_ca_auth =
+
+ # Certificate authorities who issue client certificates. SSL clients will not be
+ # considered authentic unless they posses a certificate issued by an authority
+ # listed in this file. If this setting has no value then the Puppet master's CA
+ # certificate (localcacert) will be used.
+ # ssl_server_ca_auth =
+
+ # Where the host's certificate revocation list can be found.
+ # This is distinct from the certificate authority's CRL.
+ # The default value is '$ssldir/crl.pem'.
+ hostcrl = /var/puppet/ssl/crl.pem
+
+ # Whether certificate revocation should be supported by downloading a Certificate Revocation List (CRL)
+ # to all clients. If enabled, CA chaining will almost definitely not work.
+ # The default value is 'true'.
+ # certificate_revocation = true
+
+ # The window of time leading up to a certificate's expiration that a notification
+ # will be logged. This applies to CA, master, and agent certificates. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y).
+ # The default value is '60d'.
+ certificate_expire_warning = 5184000
+
+ # Where Puppet should store plugins that it pulls down from the central
+ # server.
+ # The default value is '$libdir'.
+ #plugindest = /var/lib/puppet/lib
+
+ # From where to retrieve plugins. The standard Puppet `file` type
+ # is used for retrieval, so anything that is a valid file source can
+ # be used here.
+ # The default value is 'puppet://$server/plugins'.
+ pluginsource = puppet://puppet/plugins
+
+ # Whether plugins should be synced with the central server.
+ # The default value is 'true'.
+ pluginsync = true
+
+ # What files to ignore when pulling down plugins.
+ # The default value is '.svn CVS .git'.
+ # pluginsignore = .svn CVS .git
+
+ # Where Puppet should look for facts. Multiple directories should
+ # be separated by the system path separator character. (The POSIX path separator is ':', and the Windows path separator is ';'.)
+ # The default value is '$vardir/lib/facter:$vardir/facts'.
+ #factpath = /var/lib/puppet/lib/facter:/var/lib/puppet/facts
+
+ # An external command that can produce node information. The command's output
+ # must be a YAML dump of a hash, and that hash must have a `classes` key and/or
+ # a `parameters` key, where `classes` is an array or hash and
+ # `parameters` is a hash. For unknown nodes, the command should
+ # exit with a non-zero exit code.
+ # This command makes it straightforward to store your node mapping
+ # information in other data sources like databases.
+ # The default value is 'none'.
+ # external_nodes = none
+
+ # The module repository
+ # The default value is 'https://forge.puppetlabs.com'.
+ # module_repository = https://forge.puppetlabs.com
+
+ # The directory into which module tool data is stored
+ # The default value is '$vardir/puppet-module'.
+ #module_working_dir = /var/lib/puppet/puppet-module
+
+ # The directory which the skeleton for module tool generate is stored.
+ # The default value is '$module_working_dir/skeleton'.
+ module_skeleton_dir = /var/lib/puppet/puppet-module/skeleton
+
+ # The name to use the Certificate Authority certificate.
+ # The default value is 'Puppet CA: $certname'.
+ ca_name = Puppet CA: puppet3.apache.org
+
+ # The root directory for the certificate authority.
+ # The default value is '$ssldir/ca'.
+ cadir = /var/puppet/ssl/ca
+
+ # The CA certificate.
+ # The default value is '$cadir/ca_crt.pem'.
+ cacert = /var/puppet/ssl/ca/ca_crt.pem
+
+ # The CA private key.
+ # The default value is '$cadir/ca_key.pem'.
+ cakey = /var/puppet/ssl/ca/ca_key.pem
+
+ # The CA public key.
+ # The default value is '$cadir/ca_pub.pem'.
+ capub = /var/puppet/ssl/ca/ca_pub.pem
+
+ # The certificate revocation list (CRL) for the CA. Will be used if present but otherwise ignored.
+ # The default value is '$cadir/ca_crl.pem'.
+ cacrl = /var/puppet/ssl/ca/ca_crl.pem
+
+ # Where the CA stores private certificate information.
+ # The default value is '$cadir/private'.
+ caprivatedir = /var/puppet/ssl/ca/private
+
+ # Where the CA stores certificate requests
+ # The default value is '$cadir/requests'.
+ csrdir = /var/puppet/ssl/ca/requests
+
+ # Where the CA stores signed certificates.
+ # The default value is '$cadir/signed'.
+ signeddir = /var/puppet/ssl/ca/signed
+
+ # Where the CA stores the password for the private key
+ # The default value is '$caprivatedir/ca.pass'.
+ capass = /var/puppet/ssl/ca/private/ca.pass
+
+ # Where the serial number for certificates is stored.
+ # The default value is '$cadir/serial'.
+ serial = /var/puppet/ssl/ca/serial
+
+ # Whether to enable autosign. Valid values are true (which
+ # autosigns any key request, and is a very bad idea), false (which
+ # never autosigns any key request), and the path to a file, which
+ # uses that configuration file to determine which keys to sign.
+ # The default value is '$confdir/autosign.conf'.
+ autosign = /usr/local/etc/puppet/autosign.conf
+
+ # Whether to allow a new certificate
+ # request to overwrite an existing certificate.
+ # allow_duplicate_certs = false
+
+ # The default TTL for new certificates. If this setting is set, ca_days is ignored.
+ # This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y).
+ # The default value is '5y'.
+ ca_ttl = 157680000
+
+ # The bit length of the certificates.
+ # The default value is '4096'.
+ # req_bits = 4096
+
+ # The bit length of keys.
+ # The default value is '4096'.
+ # keylength = 4096
+
+ # A Complete listing of all certificates
+ # The default value is '$cadir/inventory.txt'.
+ cert_inventory = /var/puppet/ssl/ca/inventory.txt
+
+ # The name of the puppet config file.
+ # The default value is 'puppet.conf'.
+ # config_file_name = puppet.conf
+
+ # The configuration file for the current puppet application
+ # The default value is '$confdir/${config_file_name}'.
+ config = /usr/local/etc/puppet/puppet.conf
+
+ # The file containing the PID of a running process. This file is intended to be used by service management frameworks and monitoring systems to determine if a puppet process is still in the process table.
+ # The default value is '$rundir/${run_mode}.pid'.
+ pidfile = /var/run/puppet/master.pid
+
+ # The address a listening server should bind to.
+ # The default value is '0.0.0.0'.
+ # bindaddress = 0.0.0.0
+
+ # The user puppet master should run as.
+ # The default value is 'puppet'.
+ # user = puppet
+
+ # The group puppet master should run as.
+ # The default value is 'puppet'.
+ # group = puppet
+
+ # Code to parse directly. This is essentially only used
+ # by `puppet`, and should only be set if you're writing your own Puppet
+ # executable
+ # The default value is ''.
+ # code =
+
+ # Where puppet master logs. This is generally not used,
+ # since syslog is the default log destination.
+ # The default value is '$logdir/puppetmaster.log'.
+ masterlog = /var/log/puppet/puppetmaster.log
+
+ # Where the puppet master web server logs.
+ # The default value is '$logdir/masterhttp.log'.
+ masterhttplog = /var/log/puppet/masterhttp.log
+
+ # The port for puppet master traffic. For puppet master,
+ # this is the port to listen on; for puppet agent, this is the port
+ # to make requests on. Both applications use this setting to get the port.
+ # The default value is '8140'.
+ # masterport = 8140
+
+ # How the puppet master determines the client's identity
+ # and sets the 'hostname', 'fqdn' and 'domain' facts for use in the manifest,
+ # in particular for determining which 'node' statement applies to the client.
+ # Possible values are 'cert' (use the subject's CN in the client's
+ # certificate) and 'facter' (use the hostname that the client
+ # reported in its facts)
+ # The default value is 'cert'.
+ # node_name = cert
+
+ # Where FileBucket files are stored.
+ # The default value is '$vardir/bucket'.
+ # bucketdir = /var/lib/puppet/bucket
+
+ # The configuration file that defines the rights to the different
+ # rest indirections. This can be used as a fine-grained
+ # authorization system for `puppet master`.
+ # The default value is '$confdir/auth.conf'.
+ rest_authconfig = /usr/local/etc/puppet/auth.conf
+
+ # Whether the master should function as a certificate authority.
+ # The default value is 'true'.
+ # ca = true
+
+ # The header containing an authenticated client's SSL DN.
+ # This header must be set by the proxy to the authenticated client's SSL
+ # DN (e.g., `/CN=puppet.puppetlabs.com`). Puppet will parse out the Common
+ # Name (CN) from the Distinguished Name (DN) and use the value of the CN
+ # field for authorization.
+ # Note that the name of the HTTP header gets munged by the web server
+ # common gateway inteface: an `HTTP_` prefix is added, dashes are converted
+ # to underscores, and all letters are uppercased. Thus, to use the
+ # `X-Client-DN` header, this setting should be `HTTP_X_CLIENT_DN`.
+ # The default value is 'HTTP_X_CLIENT_DN'.
+ # ssl_client_header = HTTP_X_CLIENT_DN
+
+ # The header containing the status message of the client
+ # verification. This header must be set by the proxy to 'SUCCESS' if the
+ # client successfully authenticated, and anything else otherwise.
+ # Note that the name of the HTTP header gets munged by the web server
+ # common gateway inteface: an `HTTP_` prefix is added, dashes are converted
+ # to underscores, and all letters are uppercased. Thus, to use the
+ # `X-Client-Verify` header, this setting should be
+ # `HTTP_X_CLIENT_VERIFY`.
+ # The default value is 'HTTP_X_CLIENT_VERIFY'.
+ # ssl_client_verify_header = HTTP_X_CLIENT_VERIFY
+
+ # The directory in which YAML data is stored, usually in a subdirectory.
+ # The default value is '$vardir/yaml'.
+ #yamldir = /var/lib/puppet/yaml
+
+ # The directory in which serialized data is stored, usually in a subdirectory.
+ # The default value is '$vardir/server_data'.
+ #server_datadir = /var/lib/puppet/server_data
+
+ # The list of reports to generate. All reports are looked for
+ # in `puppet/reports/name.rb`, and multiple report names should be
+ # comma-separated (whitespace is okay).
+ # The default value is 'store'.
+ reports = store,puppetdb
+
+ # The directory in which to store reports
+ # received from the client. Each client gets a separate
+ # subdirectory.
+ # The default value is '$vardir/reports'.
+ #reportdir = /var/lib/puppet/reports
+
+ # The URL used by the http reports processor to send reports
+ # The default value is 'http://localhost:3000/reports/upload'.
+ # reporturl = http://localhost:3000/reports/upload
+
+ # Where the fileserver configuration is stored.
+ # The default value is '$confdir/fileserver.conf'.
+ fileserverconfig = /usr/local/etc/puppet/fileserver.conf
+
+ # Whether to only search for the complete
+ # hostname as it is in the certificate when searching for node information
+ # in the catalogs.
+ # strict_hostname_checking = false
+
+ # Whether to store each client's configuration, including catalogs, facts,
+ # and related data. This also enables the import and export of resources in
+ # the Puppet language - a mechanism for exchange resources between nodes.
+ # By default this uses ActiveRecord and an SQL database to store and query
+ # the data; this, in turn, will depend on Rails being available.
+ # You can adjust the backend using the storeconfigs_backend setting.
+ storeconfigs = true
+
+ # Configure the backend terminus used for StoreConfigs.
+ # By default, this uses the ActiveRecord store, which directly talks to the
+ # database from within the Puppet Master process.
+ # The default value is 'active_record'.
+ storeconfigs_backend = puppetdb
+
+ # The directory where RRD database files are stored.
+ # Directories for each reporting host will be created under
+ # this directory.
+ # The default value is '$vardir/rrd'.
+ #rrddir = /var/lib/puppet/rrd
+
+ # How often RRD should expect data.
+ # This should match how often the hosts report back to the server. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y).
+ # The default value is '$runinterval'.
+ rrdinterval = 1800
+
+ # The root directory of devices' $vardir
+ # The default value is '$vardir/devices'.
+ #devicedir = /var/lib/puppet/devices
+
+ # Path to the device config file for puppet device
+ # The default value is '$confdir/device.conf'.
+ deviceconfig = /usr/local/etc/puppet/device.conf
+
+ # The explicit value used for the node name for all requests the agent
+ # makes to the master. WARNING: This setting is mutually exclusive with
+ # node_name_fact. Changing this setting also requires changes to the default
+ # auth.conf configuration on the Puppet Master. Please see
+ # http://links.puppetlabs.com/node_name_value for more information.
+ # The default value is '$certname'.
+ node_name_value = puppet3.apache.org
+
+ # The fact name used to determine the node name used for all requests the agent
+ # makes to the master. WARNING: This setting is mutually exclusive with
+ # node_name_value. Changing this setting also requires changes to the default
+ # auth.conf configuration on the Puppet Master. Please see
+ # http://links.puppetlabs.com/node_name_fact for more information.
+ # The default value is ''.
+ # node_name_fact =
+
+ # Where puppet agent caches the local configuration. An
+ # extension indicating the cache format is added automatically.
+ # The default value is '$statedir/localconfig'.
+ localconfig = /var/lib/puppet/state/localconfig
+
+ # Where puppet agent and puppet master store state associated
+ # with the running configuration. In the case of puppet master,
+ # this file reflects the state discovered through interacting
+ # with clients.
+ # The default value is '$statedir/state.yaml'.
+ statefile = /var/lib/puppet/state/state.yaml
+
+ # The directory in which client-side YAML data is stored.
+ # The default value is '$vardir/client_yaml'.
+ #clientyamldir = /var/lib/puppet/client_yaml
+
+ # The directory in which serialized data is stored on the client.
+ # The default value is '$vardir/client_data'.
+ #client_datadir = /var/lib/puppet/client_data
+
+ # The file in which puppet agent stores a list of the classes
+ # associated with the retrieved configuration. Can be loaded in
+ # the separate `puppet` executable using the `--loadclasses`
+ # option.
+ # The default value is '$statedir/classes.txt'.
+ classfile = /var/lib/puppet/state/classes.txt
+
+ # The file in which puppet agent stores a list of the resources
+ # associated with the retrieved configuration.
+ # The default value is '$statedir/resources.txt'.
+ resourcefile = /var/lib/puppet/state/resources.txt
+
+ # The log file for puppet agent. This is generally not used.
+ # The default value is '$logdir/puppetd.log'.
+ puppetdlog = /var/log/puppet/puppetd.log
+
+ # The server to which the puppet agent should connect
+ # The default value is 'puppet'.
+ # server = devops.apache.org
+
+ # Whether the server will search for SRV records in DNS for the current domain.
+ # use_srv_records = false
+
+ # The domain which will be queried to find the SRV records of servers to use.
+ # The default value is 'apache.org'.
+ # srv_domain = apache.org
+
+ # Boolean; whether puppet agent should ignore schedules. This is useful
+ # for initial puppet agent runs.
+ # ignoreschedules = false
+
+ # Which port puppet agent listens on.
+ # The default value is '8139'.
+ # puppetport = 8139
+
+ # Whether puppet agent should be run in noop mode.
+ # noop = false
+
+ # How often puppet agent applies the catalog.
+ # Note that a runinterval of 0 means "run continuously" rather than
+ # "never run." If you want puppet agent to never run, you should start
+ # it with the `--no-client` option. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y).
+ # The default value is '30m'.
+ runinterval = 1800
+
+ # Whether puppet agent should listen for
+ # connections. If this is true, then puppet agent will accept incoming
+ # REST API requests, subject to the default ACLs and the ACLs set in
+ # the `rest_authconfig` file. Puppet agent can respond usefully to
+ # requests on the `run`, `facts`, `certificate`, and `resource` endpoints.
+ # listen = false
+
+ # The server to use for certificate
+ # authority requests. It's a separate server because it cannot
+ # and does not need to horizontally scale.
+ # The default value is '$server'.
+ ca_server = puppet
+
+ # The port to use for the certificate authority.
+ # The default value is '$masterport'.
+ ca_port = 8140
+
+ # (Deprecated for 'preferred_serialization_format') What format to
+ # use to dump the catalog. Only supports 'marshal' and 'yaml'. Only
+ # matters on the client, since it asks the server for a specific format.
+ # The default value is ''.
+ # catalog_format =
+
+ # The preferred means of serializing
+ # ruby instances for passing over the wire. This won't guarantee that all
+ # instances will be serialized using this method, since not all classes
+ # can be guaranteed to support this format, but it will be used for all
+ # classes that support it.
+ # The default value is 'pson'.
+ # preferred_serialization_format = pson
+
+ # The serialization format to use when sending reports to the
+ # `report_server`. Possible values are `pson` and `yaml`. This setting
+ # affects puppet agent, but not puppet apply (which processes its own
+ # reports).
+ # This should almost always be set to `pson`. It can be temporarily set to
+ # `yaml` to let agents using this Puppet version connect to a puppet master
+ # running Puppet 3.0.0 through 3.2.x.
+ # Note that this is set to 'yaml' automatically if the agent detects an
+ # older master, so should never need to be set explicitly.
+ # The default value is 'pson'.
+ # report_serialization_format = pson
+
+ # The serialization format to use when sending file_metadata
+ # query parameters. Older versions of puppet master expect certain query
+ # parameters to be serialized as yaml, which is deprecated.
+ # This should almost always be false. It can be temporarily set to true
+ # to let agents using this Puppet version connect to a puppet master
+ # running Puppet 3.0.0 through 3.2.x.
+ # Note that this is set to true automatically if the agent detects an
+ # older master, so should never need to be set explicitly.
+ # legacy_query_parameter_serialization = false
+
+ # A lock file to indicate that a puppet agent catalog run is currently in progress. The file contains the pid of the process that holds the lock on the catalog run.
+ # The default value is '$statedir/agent_catalog_run.lock'.
+ agent_catalog_run_lockfile = /var/lib/puppet/state/agent_catalog_run.lock
+
+ # A lock file to indicate that puppet agent runs have been administratively disabled. File contains a JSON object with state information.
+ # The default value is '$statedir/agent_disabled.lock'.
+ agent_disabled_lockfile = /var/lib/puppet/state/agent_disabled.lock
+
+ # Whether to use the cached configuration when the remote
+ # configuration will not compile. This option is useful for testing
+ # new configurations, where you want to fix the broken configuration
+ # rather than reverting to a known-good one.
+ # The default value is 'true'.
+ # usecacheonfailure = true
+
+ # Whether to only use the cached catalog rather than compiling a new catalog
+ # on every run. Puppet can be run with this enabled by default and then selectively
+ # disabled when a recompile is desired.
+ # use_cached_catalog = false
+
+ # Skip searching for classes and definitions that were missing during a
+ # prior compilation. The list of missing objects is maintained per-environment and
+ # persists until the environment is cleared or the master is restarted.
+ # ignoremissingtypes = false
+
+ # Ignore cache and always recompile the configuration. This is
+ # useful for testing new configurations, where the local cache may in
+ # fact be stale even if the timestamps are up to date - if the facts
+ # change or if the server changes.
+ # ignorecache = false
+
+ # (Deprecated) Facts that are dynamic; these facts will be ignored when deciding whether
+ # changed facts should result in a recompile. Multiple facts should be
+ # comma-separated.
+ # The default value is 'memorysize,memoryfree,swapsize,swapfree'.
+ # dynamicfacts = memorysize,memoryfree,swapsize,swapfree
+
+ # The maximum time to delay before runs. Defaults to being the same as the
+ # run interval. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y).
+ # The default value is '$runinterval'.
+ splaylimit = 1800
+
+ # Whether to sleep for a pseudo-random (but consistent) amount of time before
+ # a run.
+ # splay = false
+
+ # Where FileBucket files are stored locally.
+ # The default value is '$vardir/clientbucket'.
+ #clientbucketdir = /var/lib/puppet/clientbucket
+
+ # How long the client should wait for the configuration to be retrieved
+ # before considering it a failure. This can help reduce flapping if too
+ # many clients contact the server at one time. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y).
+ # The default value is '2m'.
+ configtimeout = 120
+
+ # The server to send transaction reports to.
+ # The default value is '$server'.
+ report_server = puppet
+
+ # The port to communicate with the report_server.
+ # The default value is '$masterport'.
+ report_port = 8140
+
+ # The server to send facts to.
+ # The default value is '$server'.
+ inventory_server = puppet
+
+ # The port to communicate with the inventory_server.
+ # The default value is '$masterport'.
+ inventory_port = 8140
+
+ # Whether to send reports after every transaction.
+ # The default value is 'true'.
+ # report = true
+
+ # Where puppet agent stores the last run report summary in yaml format.
+ # The default value is '$statedir/last_run_summary.yaml'.
+ lastrunfile = /var/lib/puppet/state/last_run_summary.yaml
+
+ # Where puppet agent stores the last run report in yaml format.
+ # The default value is '$statedir/last_run_report.yaml'.
+ lastrunreport = /var/lib/puppet/state/last_run_report.yaml
+
+ # Whether to create dot graph files for the different
+ # configuration graphs. These dot files can be interpreted by tools
+ # like OmniGraffle or dot (which is part of ImageMagick).
+ # graph = false
+
+ # Where to store dot-outputted graphs.
+ # The default value is '$statedir/graphs'.
+ graphdir = /var/lib/puppet/state/graphs
+
+ # Allow http compression in REST communication with the master.
+ # This setting might improve performance for agent -> master communications over slow WANs.
+ # Your puppet master needs to support compression (usually by activating some settings in a reverse-proxy
+ # in front of the puppet master, which rules out webrick).
+ # It is harmless to activate this settings if your master doesn't support
+ # compression, but if it supports it, this setting might reduce performance on high-speed LANs.
+ # http_compression = false
+
+ # How frequently puppet agent should ask for a signed certificate.
+ # When starting for the first time, puppet agent will submit a certificate
+ # signing request (CSR) to the server named in the `ca_server` setting
+ # (usually the puppet master); this may be autosigned, or may need to be
+ # approved by a human, depending on the CA server's configuration.
+ # Puppet agent cannot apply configurations until its approved certificate is
+ # available. Since the certificate may or may not be available immediately,
+ # puppet agent will repeatedly try to fetch it at this interval. You can
+ # turn off waiting for certificates by specifying a time of 0, in which case
+ # puppet agent will exit if it cannot get a cert.
+ # This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y).
+ # The default value is '2m'.
+ waitforcert = 120
+
+ # How unrelated resources should be ordered when applying a catalog.
+ # Allowed values are `title-hash`, `manifest`, and `random`. This
+ # setting affects puppet agent and puppet apply, but not puppet master.
+ # * `title-hash` (the default) will order resources randomly, but will use
+ # the same order across runs and across nodes.
+ # * `manifest` will use the order in which the resources were declared in
+ # their manifest files.
+ # * `random` will order resources randomly and change their order with each
+ # run. This can work like a fuzzer for shaking out undeclared dependencies.
+ # Regardless of this setting's value, Puppet will always obey explicit
+ # dependencies set with the before/require/notify/subscribe metaparameters
+ # and the `->`/`~>` chaining arrows; this setting only affects the relative
+ # ordering of _unrelated_ resources.
+ # The default value is 'title-hash'.
+ # ordering = title-hash
+
+ # During an inspect run, whether to archive files whose contents are audited to a file bucket.
+ # archive_files = false
+
+ # During an inspect run, the file bucket server to archive files to if archive_files is set.
+ # The default value is '$server'.
+ archive_file_server = puppet
+
+ # The mapping between reporting tags and email addresses.
+ # The default value is '$confdir/tagmail.conf'.
+ tagmap = /usr/local/etc/puppet/tagmail.conf
+
+ # Where to find the sendmail binary with which to send email.
+ # The default value is '/usr/sbin/sendmail'.
+ # sendmail = /usr/sbin/sendmail
+
+ # The 'from' email address for the reports.
+ # The default value is 'report@puppet3.apache.org'.
+ # reportfrom = report@puppet3.apache.org
+
+ # The server through which to send email reports.
+ # The default value is 'none'.
+ # smtpserver = none
+
+ # The TCP port through which to send email reports.
+ # The default value is '25'.
+ # smtpport = 25
+
+ # The name by which we identify ourselves in SMTP HELO for reports.
+ # If you send to a smtpserver which does strict HELO checking (as with Postfix's
+ # `smtpd_helo_restrictions` access controls), you may need to ensure this resolves.
+ # The default value is 'puppet3.apache.org'.
+ # smtphelo = puppet3.apache.org
+
+ # The sqlite database file. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated.
+ # The default value is '$statedir/clientconfigs.sqlite3'.
+ dblocation = /var/lib/puppet/state/clientconfigs.sqlite3
+
+ # The type of database to use. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated.
+ # The default value is 'sqlite3'.
+ # dbadapter = sqlite3
+
+ # Whether to automatically migrate the database. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated.
+ # dbmigrate = false
+
+ # The name of the database to use. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated.
+ # The default value is 'puppet'.
+ # dbname = puppet
+
+ # The database server for caching. Only
+ # used when networked databases are used.
+ # The default value is 'localhost'.
+ # dbserver = localhost
+
+ # The database password for caching. Only
+ # used when networked databases are used. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated.
+ # The default value is ''.
+ # dbport =
+
+ # The database user for caching. Only
+ # used when networked databases are used. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated.
+ # The default value is 'puppet'.
+ # dbuser = puppet
+
+ # The database password for caching. Only
+ # used when networked databases are used. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated.
+ # The default value is 'puppet'.
+ # dbpassword = puppet
+
+ # The number of database connections for networked
+ # databases. Will be ignored unless the value is a positive integer. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated.
+ # The default value is ''.
+ # dbconnections =
+
+ # The database socket location. Only used when networked
+ # databases are used. Will be ignored if the value is an empty string. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated.
+ # The default value is ''.
+ # dbsocket =
+
+ # Where Rails-specific logs are sent. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated.
+ # The default value is '$logdir/rails.log'.
+ railslog = /var/log/puppet/rails.log
+
+ # The log level for Rails connections. The value must be
+ # a valid log level within Rails. Production environments normally use `info`
+ # and other environments normally use `debug`. This setting is only used by the ActiveRecord storeconfigs and inventory backends, which are deprecated.
+ # The default value is 'info'.
+ # rails_loglevel = info
+
+ # The url where the puppet couchdb database will be created.
+ # Only used when `facts_terminus` is set to `couch`.
+ # The default value is 'http://127.0.0.1:5984/puppet'.
+ # couchdb_url = http://127.0.0.1:5984/puppet
+
+ # Tags to use to find resources. If this is set, then
+ # only resources tagged with the specified tags will be applied.
+ # Values must be comma-separated.
+ # The default value is ''.
+ # tags =
+
+ # Whether each resource should log when it is
+ # being evaluated. This allows you to interactively see exactly
+ # what is being done.
+ # evaltrace = false
+
+ # Whether to print a transaction summary.
+ # summarize = false
+
+ # Whether SSL should be used when searching for nodes.
+ # Defaults to false because SSL usually requires certificates
+ # to be set up on the client side.
+ # ldapssl = false
+
+ # Whether TLS should be used when searching for nodes.
+ # Defaults to false because TLS usually requires certificates
+ # to be set up on the client side.
+ # ldaptls = false
+
+ # The LDAP server. Only used if `node_terminus` is set to `ldap`.
+ # The default value is 'ldap'.
+ # ldapserver = ldap
+
+ # The LDAP port. Only used if `node_terminus` is set to `ldap`.
+ # The default value is '389'.
+ # ldapport = 389
+
+ # The search string used to find an LDAP node.
+ # The default value is '(&(objectclass=puppetClient)(cn=%s))'.
+ # ldapstring = (&(objectclass=puppetClient)(cn=%s))
+
+ # The LDAP attributes to use to define Puppet classes. Values
+ # should be comma-separated.
+ # The default value is 'puppetclass'.
+ # ldapclassattrs = puppetclass
+
+ # The LDAP attributes that should be stacked to arrays by adding
+ # the values in all hierarchy elements of the tree. Values
+ # should be comma-separated.
+ # The default value is 'puppetvar'.
+ # ldapstackedattrs = puppetvar
+
+ # The LDAP attributes to include when querying LDAP for nodes. All
+ # returned attributes are set as variables in the top-level scope.
+ # Multiple values should be comma-separated. The value 'all' returns
+ # all attributes.
+ # The default value is 'all'.
+ # ldapattrs = all
+
+ # The attribute to use to define the parent node.
+ # The default value is 'parentnode'.
+ # ldapparentattr = parentnode
+
+ # The user to use to connect to LDAP. Must be specified as a
+ # full DN.
+ # The default value is ''.
+ # ldapuser =
+
+ # The password to use to connect to LDAP.
+ # The default value is ''.
+ # ldappassword =
+
+ # The search base for LDAP searches. It's impossible to provide
+ # a meaningful default here, although the LDAP libraries might
+ # have one already set. Generally, it should be the 'ou=Hosts'
+ # branch under your main directory.
+ # The default value is ''.
+ # ldapbase =
+
+ # Permit hyphens (`-`) in variable names and issue deprecation warnings about
+ # them. This setting **should always be `false`;** setting it to `true`
+ # will cause subtle and wide-ranging bugs. It will be removed in a future version.
+ # Hyphenated variables caused major problems in the language, but were allowed
+ # between Puppet 2.7.3 and 2.7.14. If you used them during this window, we
+ # apologize for the inconvenience --- you can temporarily set this to `true`
+ # in order to upgrade, and can rename your variables at your leisure. Please
+ # revert it to `false` after you have renamed all affected variables.
+
+ # allow_variables_with_dashes = false
+
+ # Selects the parser to use for parsing puppet manifests (in puppet DSL language/'.pp' files).
+ # Available choices are 'current' (the default), and 'future'.
+ # The 'curent' parser means that the released version of the parser should be used.
+ # The 'future' parser is a "time travel to the future" allowing early exposure to new language features.
+ # What these fatures are will vary from release to release and they may be invididually configurable.
+ # Available Since Puppet 3.2.
+
+ # The default value is 'current'.
+ # parser = current
+
+ # Sets the max number of logged/displayed parser validation errors in case multiple errors have been detected.
+ # A value of 0 is the same as value 1. The count is per manifest.
+
+ # The default value is '10'.
+ # max_errors = 10
+
+ # Sets the max number of logged/displayed parser validation warnings in case multiple errors have been detected.
+ # A value of 0 is the same as value 1. The count is per manifest.
+
+ # The default value is '10'.
+ # max_warnings = 10
+
+ # Sets the max number of logged/displayed parser validation deprecation warnings in case multiple errors have been detected.
+ # A value of 0 is the same as value 1. The count is per manifest.
+
+ # The default value is '10'.
+ # max_deprecations = 10
+
+ # Whether to document all resources when using `puppet doc` to
+ # generate manifest documentation.
+ # document_all = false
+