Revision 6fb7b836
Added by Ohad Levy over 12 years ago
files/etc/foreman-proxy/settings.yml | ||
---|---|---|
---
|
||
# SSL Setup
|
||
|
||
# if enabled, all communication would be verfied via SSL
|
||
# NOTE that both certificates need to be signed by the same CA in order for this to work
|
||
# see http://theforeman.org/projects/smart-proxy/wiki/SSL for more information
|
||
#:ssl_certificate: ssl/certs/fqdn.pem
|
||
#:ssl_ca_file: ssl/certs/ca.pem
|
||
#:ssl_private_key: ssl/private_keys/fqdn.key
|
||
# the hosts which the proxy accepts connections from
|
||
# commenting the following lines would mean every verified SSL connection allowed
|
||
#:trusted_hosts:
|
||
#- foreman.prod.domain
|
||
#- foreman.dev.domain
|
||
|
||
# enable the daemon to run in the background
|
||
:daemon: true
|
||
:daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid
|
||
|
||
# port used by the proxy
|
||
:port: 8443
|
||
|
||
# Enable TFTP management
|
||
:tftp: true
|
||
:tftproot: /var/lib/tftpboot
|
||
|
||
|
||
# Enable DNS management
|
||
:dns: false
|
||
#:dns_key: /etc/rndc.key
|
||
# use this setting if you are managing a dns server which is not localhost though this proxy
|
||
#:dns_server: dns.domain.com
|
||
|
||
# Enable DHCP management
|
||
:dhcp: false
|
||
# The vendor can be either isc or native_ms
|
||
:dhcp_vendor: isc
|
||
# Settings for Ubuntu ISC
|
||
#:dhcp_config: /etc/dhcp3/dhcpd.conf
|
||
#:dhcp_leases: /var/lib/dhcp3/dhcpd.leases
|
||
# Settings for Redhat ISC
|
||
#:dhcp_config: /etc/dhcpd.conf
|
||
#:dhcp_leases: /var/lib/dhcpd/dhcpd.leases
|
||
|
||
# enable PuppetCA management
|
||
:puppetca: true
|
||
|
||
# enable Puppet management
|
||
:puppet: true
|
||
|
||
# Where our proxy log files are stored
|
||
# filename or STDOUT
|
||
:log_file: /tmp/proxy.log
|
||
# valid options are
|
||
# WARN, DEBUG, Error, Fatal, INFO, UNKNOWN
|
||
#:log_level: DEBUG
|
manifests/proxy.pp | ||
---|---|---|
class foreman::proxy {
|
||
|
||
# default variables
|
||
$proxy_dir = "/usr/share/foreman-proxy"
|
||
$foreman_proxy_user = "foreman-proxy"
|
||
|
||
include foreman::proxy::puppetca
|
||
include foreman::proxy::puppetrun
|
||
include foreman::proxy::tftp-deploy
|
||
|
||
package {"foreman-proxy": ensure => installed}
|
||
|
||
file{"/etc/foreman-proxy/settings.yml":
|
||
source => "puppet:///modules/foreman/etc/foreman-proxy/settings.yml",
|
||
owner => $foreman_proxy_user,
|
||
group => $foreman_proxy_user,
|
||
mode => 644,
|
||
require => Package["foreman-proxy"],
|
||
notify => Service["foreman-proxy"],
|
||
}
|
||
service {"foreman-proxy": ensure => running}
|
||
}
|
manifests/proxy/puppetca.pp | ||
---|---|---|
class foreman::proxy::puppetca {
|
||
|
||
file{"/etc/puppet/autosign.conf":
|
||
owner => $foreman_proxy_user,
|
||
group => "puppet",
|
||
mode => 644,
|
||
ensure => present,
|
||
require => Package["foreman-proxy"],
|
||
}
|
||
|
||
myline {
|
||
"allow_foreman_proxy_to_execute_puppetca":
|
||
file => "/etc/sudoers",
|
||
line => "${foreman_proxy_user} ALL = NOPASSWD: /usr/sbin/puppetca";
|
||
"foreman_proxy_user_does_not_require_tty_in_sudo":
|
||
file => "/etc/sudoers",
|
||
line => "Defaults:${foreman_proxy_user} !requiretty";
|
||
}
|
||
|
||
user {$foreman_proxy_user:
|
||
groups => ["puppet"],
|
||
notify => Service["foreman-proxy"],
|
||
}
|
||
|
||
}
|
manifests/proxy/puppetrun.pp | ||
---|---|---|
class foreman::proxy::puppetrun {
|
||
|
||
myline {
|
||
"allow_foreman_proxy_to_execute_puppetrun":
|
||
file => "/etc/sudoers",
|
||
line => "${foreman_proxy_user} ALL = NOPASSWD: /usr/bin/puppetrun"
|
||
}
|
||
|
||
}
|
manifests/proxy/tftp-deploy.pp | ||
---|---|---|
class foreman::proxy::tftp-deploy {
|
||
include tftp
|
||
|
||
$syslinux_root = "/usr/share/syslinux"
|
||
$syslinux_files = ["pxelinux.0","menu.c32","chain.c32"]
|
||
$tftproot = "/var/lib/tftpboot"
|
||
$tftp_dir = ["${tftproot}/pxelinux.cfg","${tftproot}/build"]
|
||
|
||
file{
|
||
$tftproot:
|
||
ensure => directory;
|
||
$tftp_dir:
|
||
owner => $foreman_proxy_user,
|
||
mode => 644,
|
||
require => Package["foreman-proxy"],
|
||
ensure => directory,
|
||
recurse => true;
|
||
}
|
||
|
||
link_file{$syslinux_files:
|
||
source_path => $syslinux_root,
|
||
target_path => $tftproot,
|
||
require => Class["tftp::install"];
|
||
}
|
||
}
|
Also available in: Unified diff
split out smart proxy to its own puppet module