Project

General

Profile

« Previous | Next » 

Revision 6fb7b836

Added by Ohad Levy over 12 years ago

split out smart proxy to its own puppet module

View differences:

files/etc/foreman-proxy/settings.yml
---
# SSL Setup
# if enabled, all communication would be verfied via SSL
# NOTE that both certificates need to be signed by the same CA in order for this to work
# see http://theforeman.org/projects/smart-proxy/wiki/SSL for more information
#:ssl_certificate: ssl/certs/fqdn.pem
#:ssl_ca_file: ssl/certs/ca.pem
#:ssl_private_key: ssl/private_keys/fqdn.key
# the hosts which the proxy accepts connections from
# commenting the following lines would mean every verified SSL connection allowed
#:trusted_hosts:
#- foreman.prod.domain
#- foreman.dev.domain
# enable the daemon to run in the background
:daemon: true
:daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid
# port used by the proxy
:port: 8443
# Enable TFTP management
:tftp: true
:tftproot: /var/lib/tftpboot
# Enable DNS management
:dns: false
#:dns_key: /etc/rndc.key
# use this setting if you are managing a dns server which is not localhost though this proxy
#:dns_server: dns.domain.com
# Enable DHCP management
:dhcp: false
# The vendor can be either isc or native_ms
:dhcp_vendor: isc
# Settings for Ubuntu ISC
#:dhcp_config: /etc/dhcp3/dhcpd.conf
#:dhcp_leases: /var/lib/dhcp3/dhcpd.leases
# Settings for Redhat ISC
#:dhcp_config: /etc/dhcpd.conf
#:dhcp_leases: /var/lib/dhcpd/dhcpd.leases
# enable PuppetCA management
:puppetca: true
# enable Puppet management
:puppet: true
# Where our proxy log files are stored
# filename or STDOUT
:log_file: /tmp/proxy.log
# valid options are
# WARN, DEBUG, Error, Fatal, INFO, UNKNOWN
#:log_level: DEBUG
manifests/proxy.pp
class foreman::proxy {
# default variables
$proxy_dir = "/usr/share/foreman-proxy"
$foreman_proxy_user = "foreman-proxy"
include foreman::proxy::puppetca
include foreman::proxy::puppetrun
include foreman::proxy::tftp-deploy
package {"foreman-proxy": ensure => installed}
file{"/etc/foreman-proxy/settings.yml":
source => "puppet:///modules/foreman/etc/foreman-proxy/settings.yml",
owner => $foreman_proxy_user,
group => $foreman_proxy_user,
mode => 644,
require => Package["foreman-proxy"],
notify => Service["foreman-proxy"],
}
service {"foreman-proxy": ensure => running}
}
manifests/proxy/puppetca.pp
class foreman::proxy::puppetca {
file{"/etc/puppet/autosign.conf":
owner => $foreman_proxy_user,
group => "puppet",
mode => 644,
ensure => present,
require => Package["foreman-proxy"],
}
myline {
"allow_foreman_proxy_to_execute_puppetca":
file => "/etc/sudoers",
line => "${foreman_proxy_user} ALL = NOPASSWD: /usr/sbin/puppetca";
"foreman_proxy_user_does_not_require_tty_in_sudo":
file => "/etc/sudoers",
line => "Defaults:${foreman_proxy_user} !requiretty";
}
user {$foreman_proxy_user:
groups => ["puppet"],
notify => Service["foreman-proxy"],
}
}
manifests/proxy/puppetrun.pp
class foreman::proxy::puppetrun {
myline {
"allow_foreman_proxy_to_execute_puppetrun":
file => "/etc/sudoers",
line => "${foreman_proxy_user} ALL = NOPASSWD: /usr/bin/puppetrun"
}
}
manifests/proxy/tftp-deploy.pp
class foreman::proxy::tftp-deploy {
include tftp
$syslinux_root = "/usr/share/syslinux"
$syslinux_files = ["pxelinux.0","menu.c32","chain.c32"]
$tftproot = "/var/lib/tftpboot"
$tftp_dir = ["${tftproot}/pxelinux.cfg","${tftproot}/build"]
file{
$tftproot:
ensure => directory;
$tftp_dir:
owner => $foreman_proxy_user,
mode => 644,
require => Package["foreman-proxy"],
ensure => directory,
recurse => true;
}
link_file{$syslinux_files:
source_path => $syslinux_root,
target_path => $tftproot,
require => Class["tftp::install"];
}
}

Also available in: Unified diff