«
Previous
|
Next
»
Revision 4a5b8e8e
Added by Ohad Levy over 12 years ago
- ID 4a5b8e8e2cbc8b5628c1c31e0a3fd8eb7862e733
- Child ef4b2968
| manifests/config.pp | ||
|---|---|---|
|
class foreman_proxy::config {
|
||
|
user { $foreman_proxy::params::user:
|
||
|
shell => "/sbin/nologin",
|
||
|
comment => "Foreman Proxy account",
|
||
|
ensure => "present",
|
||
|
groups => $foreman_proxy::params::puppet_group,
|
||
|
home => $foreman_proxy::params::dir,
|
||
|
require => Class["foreman_proxy::install"],
|
||
|
notify => Class["foreman_proxy::service"],
|
||
|
}
|
||
|
|
||
|
file{"/etc/foreman-proxy/settings.yml":
|
||
|
content => template("foreman_proxy/settings.yml.erb"),
|
||
|
owner => $foreman_proxy::params::user,
|
||
|
group => $foreman_proxy::params::user,
|
||
|
mode => 644,
|
||
|
require => Class["foreman_proxy::install"],
|
||
|
notify => Class["foreman_proxy::service"],
|
||
|
}
|
||
|
|
||
|
augeas { "sudo-foreman-proxy":
|
||
|
context => "/files/etc/sudoers",
|
||
|
changes => [
|
||
|
"set spec[user = '${foreman_proxy::params::user}']/user ${foreman_proxy::params::user}",
|
||
|
"set spec[user = '${foreman_proxy::params::user}']/host_group/host ALL",
|
||
|
"set spec[user = '${foreman_proxy::params::user}']/host_group/command[1] ${foreman_proxy::params::puppetca_cmd}",
|
||
|
"set spec[user = '${foreman_proxy::params::user}']/host_group/command[2] ${foreman_proxy::params::puppetrun_cmd}",
|
||
|
"set spec[user = '${foreman_proxy::params::user}']/host_group/command[1]/tag NOPASSWD",
|
||
|
"set Defaults[type = ':${foreman_proxy::params::user}']/type :${foreman_proxy::params::user}",
|
||
|
"set Defaults[type = ':${foreman_proxy::params::user}']/requiretty/negate ''",
|
||
|
],
|
||
|
}
|
||
|
|
||
|
if $foreman_proxy::params::puppetca { include foreman_proxy::puppetca }
|
||
|
if $foreman_proxy::params::tftp { include foreman_proxy::tftp }
|
||
|
#if $foreman_proxy::params::dhcp { include foreman_proxy::dhcp }
|
||
|
#if $foreman_proxy::params::dns { include foreman_proxy::dns }
|
||
|
|
||
|
}
|
||
| manifests/init.pp | ||
|---|---|---|
|
class foreman_proxy {
|
||
|
|
||
|
include foreman_proxy::params
|
||
|
include foreman_proxy::install
|
||
|
include foreman_proxy::config
|
||
|
include foreman_proxy::service
|
||
|
}
|
||
| manifests/install.pp | ||
|---|---|---|
|
class foreman_proxy::install {
|
||
|
require "foreman::params"
|
||
|
include foreman::install::repos
|
||
|
package {"foreman-proxy":
|
||
|
ensure => latest,
|
||
|
require => Class["foreman::install::repos"],
|
||
|
}
|
||
|
}
|
||
| manifests/params.pp | ||
|---|---|---|
|
class foreman_proxy::params {
|
||
|
# variables
|
||
|
$dir = "/usr/share/foreman-proxy"
|
||
|
$user = "foreman-proxy"
|
||
|
$log = "/var/log/foreman-proxy/proxy.log"
|
||
|
|
||
|
# puppetca settings
|
||
|
$puppetca = true
|
||
|
$autosign_location = "/etc/puppet/autosign.conf"
|
||
|
$puppetca_cmd = "/usr/sbin/puppetca"
|
||
|
$puppet_group = "puppet"
|
||
|
|
||
|
# puppetrun settings
|
||
|
$puppetrun = true
|
||
|
$puppetrun_cmd = "/usr/sbin/puppetrun"
|
||
|
|
||
|
# TFTP settings
|
||
|
require "tftp" # ensures we can access tftp module parameters
|
||
|
$tftp = true
|
||
|
$syslinux_root = "/usr/share/syslinux"
|
||
|
$syslinux_files = ["pxelinux.0","menu.c32","chain.c32"]
|
||
|
$tftproot = $tftp::params::root
|
||
|
$tftp_dir = ["${tftproot}/pxelinux.cfg","${tftproot}/build"]
|
||
|
|
||
|
$dhcp = false
|
||
|
$dns = false
|
||
|
|
||
|
}
|
||
| manifests/puppetca.pp | ||
|---|---|---|
|
class foreman_proxy::puppetca {
|
||
|
|
||
|
file { $foreman_proxy::params::autosign_location:
|
||
|
owner => $foreman_proxy::params::user,
|
||
|
group => $foreman_proxy::params::puppet_group,
|
||
|
mode => 644,
|
||
|
ensure => present,
|
||
|
require => Class["foreman_proxy::install"],
|
||
|
}
|
||
|
|
||
|
}
|
||
| manifests/service.pp | ||
|---|---|---|
|
class foreman_proxy::service {
|
||
|
service {"foreman-proxy":
|
||
|
ensure => running,
|
||
|
require => Class["foreman_proxy::config"]
|
||
|
}
|
||
|
}
|
||
| manifests/tftp.pp | ||
|---|---|---|
|
class foreman_proxy::tftp {
|
||
|
include ::tftp
|
||
|
|
||
|
file{ $foreman_proxy::params::tftp_dir:
|
||
|
owner => $foreman_proxy::params::user,
|
||
|
mode => 644,
|
||
|
require => Class["foreman_proxy::install"],
|
||
|
ensure => directory,
|
||
|
recurse => true;
|
||
|
}
|
||
|
|
||
|
link_file{$foreman_proxy::params::syslinux_files:
|
||
|
source_path => $foreman_proxy::params::syslinux_root,
|
||
|
target_path => $foreman_proxy::params::tftproot,
|
||
|
require => Class["tftp::install"];
|
||
|
}
|
||
|
}
|
||
|
define link_file($source_path, $target_path) {
|
||
|
file{"$target_path/$name":
|
||
|
ensure => link,
|
||
|
target => "$source_path/$name"
|
||
|
}
|
||
|
}
|
||
| templates/settings.yml.erb | ||
|---|---|---|
|
---
|
||
|
# SSL Setup
|
||
|
|
||
|
# if enabled, all communication would be verfied via SSL
|
||
|
# NOTE that both certificates need to be signed by the same CA in order for this to work
|
||
|
# see http://theforeman.org/projects/smart-proxy/wiki/SSL for more information
|
||
|
#:ssl_certificate: ssl/certs/fqdn.pem
|
||
|
#:ssl_ca_file: ssl/certs/ca.pem
|
||
|
#:ssl_private_key: ssl/private_keys/fqdn.key
|
||
|
# the hosts which the proxy accepts connections from
|
||
|
# commenting the following lines would mean every verified SSL connection allowed
|
||
|
#:trusted_hosts:
|
||
|
#- foreman.prod.domain
|
||
|
#- foreman.dev.domain
|
||
|
|
||
|
# enable the daemon to run in the background
|
||
|
:daemon: true
|
||
|
:daemon_pid: /var/run/foreman-proxy/foreman-proxy.pid
|
||
|
|
||
|
# port used by the proxy
|
||
|
:port: 8443
|
||
|
|
||
|
# Enable TFTP management
|
||
|
:tftp: <%= scope.lookupvar("foreman_proxy::params::tftp") %>
|
||
|
:tftproot: <%= scope.lookupvar("foreman_proxy::params::tftproot") %>
|
||
|
# Defines the TFTP Servername to use, overrides the name in the subnet declaration
|
||
|
#:tftp_servername: tftp.domain.com
|
||
|
|
||
|
# Enable DNS management
|
||
|
:dns: <%= scope.lookupvar("foreman_proxy::params::dns") %>
|
||
|
#:dns_key: /etc/rndc.key
|
||
|
# use this setting if you are managing a dns server which is not localhost though this proxy
|
||
|
#:dns_server: dns.domain.com
|
||
|
|
||
|
# Enable DHCP management
|
||
|
:dhcp: <%= scope.lookupvar("foreman_proxy::params::dhcp") %>
|
||
|
# The vendor can be either isc or native_ms
|
||
|
:dhcp_vendor: isc
|
||
|
# dhcp_subnets is a Native MS implementation setting. It restricts the subnets queried to a
|
||
|
# subset, so as to reduce the query time.
|
||
|
#:dhcp_subnets: [192.168.205.0/255.255.255.128, 192.168.205.128/255.255.255.128]
|
||
|
# Settings for Ubuntu ISC
|
||
|
#:dhcp_config: /etc/dhcp3/dhcpd.conf
|
||
|
#:dhcp_leases: /var/lib/dhcp3/dhcpd.leases
|
||
|
# Settings for Redhat ISC
|
||
|
#:dhcp_config: /etc/dhcpd.conf
|
||
|
#:dhcp_leases: /var/lib/dhcpd/dhcpd.leases
|
||
|
#:dhcp_key_name: secret_key_name
|
||
|
#:dhcp_key_secret: secret_key
|
||
|
|
||
|
# enable PuppetCA management
|
||
|
:puppetca: <%= scope.lookupvar("foreman_proxy::params::puppetca") %>
|
||
|
|
||
|
# enable Puppet management
|
||
|
:puppet: <%= scope.lookupvar("foreman_proxy::params::puppetrun") %>
|
||
|
|
||
|
# Where our proxy log files are stored
|
||
|
# filename or STDOUT
|
||
|
:log_file: <%= scope.lookupvar("foreman_proxy::params::log") %>
|
||
|
# valid options are
|
||
|
# WARN, DEBUG, Error, Fatal, INFO, UNKNOWN
|
||
|
#:log_level: DEBUG
|
||
Also available in: Unified diff
split out smart proxy to its own puppet module