«
Previous
|
Next
»
Revision 4a5b8e8e
Added by Ohad Levy over 12 years ago
- ID 4a5b8e8e2cbc8b5628c1c31e0a3fd8eb7862e733
- Child ef4b2968
manifests/config.pp | ||
---|---|---|
class foreman_proxy::config {
|
||
user { $foreman_proxy::params::user:
|
||
shell => "/sbin/nologin",
|
||
comment => "Foreman Proxy account",
|
||
ensure => "present",
|
||
groups => $foreman_proxy::params::puppet_group,
|
||
home => $foreman_proxy::params::dir,
|
||
require => Class["foreman_proxy::install"],
|
||
notify => Class["foreman_proxy::service"],
|
||
}
|
||
|
||
file{"/etc/foreman-proxy/settings.yml":
|
||
content => template("foreman_proxy/settings.yml.erb"),
|
||
owner => $foreman_proxy::params::user,
|
||
group => $foreman_proxy::params::user,
|
||
mode => 644,
|
||
require => Class["foreman_proxy::install"],
|
||
notify => Class["foreman_proxy::service"],
|
||
}
|
||
|
||
augeas { "sudo-foreman-proxy":
|
||
context => "/files/etc/sudoers",
|
||
changes => [
|
||
"set spec[user = '${foreman_proxy::params::user}']/user ${foreman_proxy::params::user}",
|
||
"set spec[user = '${foreman_proxy::params::user}']/host_group/host ALL",
|
||
"set spec[user = '${foreman_proxy::params::user}']/host_group/command[1] ${foreman_proxy::params::puppetca_cmd}",
|
||
"set spec[user = '${foreman_proxy::params::user}']/host_group/command[2] ${foreman_proxy::params::puppetrun_cmd}",
|
||
"set spec[user = '${foreman_proxy::params::user}']/host_group/command[1]/tag NOPASSWD",
|
||
"set Defaults[type = ':${foreman_proxy::params::user}']/type :${foreman_proxy::params::user}",
|
||
"set Defaults[type = ':${foreman_proxy::params::user}']/requiretty/negate ''",
|
||
],
|
||
}
|
||
|
||
if $foreman_proxy::params::puppetca { include foreman_proxy::puppetca }
|
||
if $foreman_proxy::params::tftp { include foreman_proxy::tftp }
|
||
#if $foreman_proxy::params::dhcp { include foreman_proxy::dhcp }
|
||
#if $foreman_proxy::params::dns { include foreman_proxy::dns }
|
||
|
||
}
|
manifests/init.pp | ||
---|---|---|
class foreman_proxy {
|
||
|
||
include foreman_proxy::params
|
||
include foreman_proxy::install
|
||
include foreman_proxy::config
|
||
include foreman_proxy::service
|
||
}
|
manifests/install.pp | ||
---|---|---|
class foreman_proxy::install {
|
||
require "foreman::params"
|
||
include foreman::install::repos
|
||
package {"foreman-proxy":
|
||
ensure => latest,
|
||
require => Class["foreman::install::repos"],
|
||
}
|
||
}
|
manifests/params.pp | ||
---|---|---|
class foreman_proxy::params {
|
||
# variables
|
||
$dir = "/usr/share/foreman-proxy"
|
||
$user = "foreman-proxy"
|
||
$log = "/var/log/foreman-proxy/proxy.log"
|
||
|
||
# puppetca settings
|
||
$puppetca = true
|
||
$autosign_location = "/etc/puppet/autosign.conf"
|
||
$puppetca_cmd = "/usr/sbin/puppetca"
|
||
$puppet_group = "puppet"
|
||
|
||
# puppetrun settings
|
||
$puppetrun = true
|
||
$puppetrun_cmd = "/usr/sbin/puppetrun"
|
||
|
||
# TFTP settings
|
||
require "tftp" # ensures we can access tftp module parameters
|
||
$tftp = true
|
||
$syslinux_root = "/usr/share/syslinux"
|
||
$syslinux_files = ["pxelinux.0","menu.c32","chain.c32"]
|
||
$tftproot = $tftp::params::root
|
||
$tftp_dir = ["${tftproot}/pxelinux.cfg","${tftproot}/build"]
|
||
|
||
$dhcp = false
|
||
$dns = false
|
||
|
||
}
|
manifests/puppetca.pp | ||
---|---|---|
class foreman_proxy::puppetca {
|
||
|
||
file { $foreman_proxy::params::autosign_location:
|
||
owner => $foreman_proxy::params::user,
|
||
group => $foreman_proxy::params::puppet_group,
|
||
mode => 644,
|
||
ensure => present,
|
||
require => Class["foreman_proxy::install"],
|
||
}
|
||
|
||
}
|
manifests/service.pp | ||
---|---|---|
class foreman_proxy::service {
|
||
service {"foreman-proxy":
|
||
ensure => running,
|
||
require => Class["foreman_proxy::config"]
|
||
}
|
||
}
|
manifests/tftp.pp | ||
---|---|---|
class foreman_proxy::tftp {
|
||
include ::tftp
|
||
|
||
file{ $foreman_proxy::params::tftp_dir:
|
||
owner => $foreman_proxy::params::user,
|
||
mode => 644,
|
||
require => Class["foreman_proxy::install"],
|
||
ensure => directory,
|
||
recurse => true;
|
||
}
|
||
|
||
link_file{$foreman_proxy::params::syslinux_files:
|
||
source_path => $foreman_proxy::params::syslinux_root,
|
||
target_path => $foreman_proxy::params::tftproot,
|
||
require => Class["tftp::install"];
|
||
}
|
||
}
|
||
define link_file($source_path, $target_path) {
|
||
file{"$target_path/$name":
|
||
ensure => link,
|
||
target => "$source_path/$name"
|
||
}
|
||
}
|
templates/settings.yml.erb | ||
---|---|---|
---
|
||
# SSL Setup
|
||
|
||
# if enabled, all communication would be verfied via SSL
|
||
# NOTE that both certificates need to be signed by the same CA in order for this to work
|
||
# see http://theforeman.org/projects/smart-proxy/wiki/SSL for more information
|
||
#:ssl_certificate: ssl/certs/fqdn.pem
|
||
#:ssl_ca_file: ssl/certs/ca.pem
|
||
#:ssl_private_key: ssl/private_keys/fqdn.key
|
||
# the hosts which the proxy accepts connections from
|
||
# commenting the following lines would mean every verified SSL connection allowed
|
||
#:trusted_hosts:
|
||
#- foreman.prod.domain
|
||
#- foreman.dev.domain
|
||
|
||
# enable the daemon to run in the background
|
||
:daemon: true
|
||
:daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid
|
||
|
||
# port used by the proxy
|
||
:port: 8443
|
||
|
||
# Enable TFTP management
|
||
:tftp: <%= scope.lookupvar("foreman_proxy::params::tftp") %>
|
||
:tftproot: <%= scope.lookupvar("foreman_proxy::params::tftproot") %>
|
||
# Defines the TFTP Servername to use, overrides the name in the subnet declaration
|
||
#:tftp_servername: tftp.domain.com
|
||
|
||
# Enable DNS management
|
||
:dns: <%= scope.lookupvar("foreman_proxy::params::dns") %>
|
||
#:dns_key: /etc/rndc.key
|
||
# use this setting if you are managing a dns server which is not localhost though this proxy
|
||
#:dns_server: dns.domain.com
|
||
|
||
# Enable DHCP management
|
||
:dhcp: <%= scope.lookupvar("foreman_proxy::params::dhcp") %>
|
||
# The vendor can be either isc or native_ms
|
||
:dhcp_vendor: isc
|
||
# dhcp_subnets is a Native MS implementation setting. It restricts the subnets queried to a
|
||
# subset, so as to reduce the query time.
|
||
#:dhcp_subnets: [192.168.205.0/255.255.255.128, 192.168.205.128/255.255.255.128]
|
||
# Settings for Ubuntu ISC
|
||
#:dhcp_config: /etc/dhcp3/dhcpd.conf
|
||
#:dhcp_leases: /var/lib/dhcp3/dhcpd.leases
|
||
# Settings for Redhat ISC
|
||
#:dhcp_config: /etc/dhcpd.conf
|
||
#:dhcp_leases: /var/lib/dhcpd/dhcpd.leases
|
||
#:dhcp_key_name: secret_key_name
|
||
#:dhcp_key_secret: secret_key
|
||
|
||
# enable PuppetCA management
|
||
:puppetca: <%= scope.lookupvar("foreman_proxy::params::puppetca") %>
|
||
|
||
# enable Puppet management
|
||
:puppet: <%= scope.lookupvar("foreman_proxy::params::puppetrun") %>
|
||
|
||
# Where our proxy log files are stored
|
||
# filename or STDOUT
|
||
:log_file: <%= scope.lookupvar("foreman_proxy::params::log") %>
|
||
# valid options are
|
||
# WARN, DEBUG, Error, Fatal, INFO, UNKNOWN
|
||
#:log_level: DEBUG
|
Also available in: Unified diff
split out smart proxy to its own puppet module