-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathsample.pp
219 lines (175 loc) · 5.46 KB
/
sample.pp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
# Just some sample code used in presentations on Example42 modules
# This sample class is not intended to be used 'as is', it provides
# some code usage samples
class sample {
### Data Separation alternatives
# Set (Top Scope/ENC) variables and include classes:
$::openssh_template = 'site/openssh/openssh.conf.erb'
include openssh
# Use Hiera:
hiera('openssh_template')
include openssh
# Use Parametrized Classes:
class { 'openssh':
template => 'site/openssh/openssh.conf.erb',
}
# Happily mix different patterns:
$::monitor = true
$::monitor_tool = [ 'nagios' , 'munin' , 'puppi' ]
class { 'openssh':
template => 'site/openssh/openssh.conf.erb',
}
### Customize: How to provide configuration files
# Provide Main Configuration as a static file ...
class { 'openssh':
source => 'puppet:///modules/site/ssh/sshd.conf'
}
# an array of files looked up on a first match logic ...
class { 'openssh':
source => [ "puppet:///modules/site/ssh/sshd.conf-${fqdn}",
"puppet:///modules/site/ssh/openssh.conf"],
}
# As an erb template:
class { 'openssh':
template => 'site/ssh/sshd.conf.erb',
}
# Config File Path is defined in params.pp (can be overriden):
class { 'openssh':
config_file => '/etc/ssh/sshd_config',
}
#### Customize: Configuration Dir
# You can manage the whole Configuration Directory:
class { 'openssh':
source_dir => 'puppet:///modules/site/ssh/sshd/',
}
# This copies all the files in lab42/files/ssh/sshd/* to local config_dir
# You can purge any existing file on the destination config_dir which are not present on the source_dir path:
class { 'openssh':
source_dir => 'puppet:///modules/site/ssh/sshd/',
source_dir_purge => true, # default is false
}
# WARNING: Use with care
# Config Dir Path is defined in params.pp (can be overriden):
class { 'openssh':
config_dir => '/etc/ssh',
}
### Customize Application Parameters.
# An example: Use the puppet module to manage pe-puppet!
class { 'puppet':
template => 'lab42/pe-puppet/puppet.conf.erb',
package => 'pe-puppet',
service => 'pe-puppet',
service_status => true,
config_file => '/etc/puppetlabs/puppet/puppet.conf',
config_file_owner => 'root',
config_file_group => 'root',
config_file_init => '/etc/sysconfig/pe-puppet',
process => 'ruby',
process_args => 'puppet',
process_user => 'root',
config_dir => '/etc/puppetlabs/puppet/',
pid_file => '/var/run/pe-puppet/agent.pid',
log_file => '/var/log/pe-puppet/puppet.log',
log_dir => '/var/log/pe-puppet',
}
### Managed Behaviour
# Enable Auditing:
class { 'openssh':
audit_only => true, # Default: false
}
## Manage Service Autorestart:
class { 'openssh':
service_autorestart => false, # Default: true
}
# No automatic service restart when a configuration file / dir changes
# Manage Software Version:
class { 'foo':
version => '1.2.0', # Default: unset
}
# Specify the package version you want to be installed.
# Set => 'latest' to force installation of latest version
### Custom Options
# With templates you can provide an hash of custom options:
class { 'openssh':
template => 'site/ssh/sshd.conf.erb',
options => {
'LogLevel' => 'INFO',
'UsePAM' => 'yes',
},
}
### Custom Classes
# Provide added resources in a Custom Class:
class { 'openssh':
my_class => 'site/my_openssh',
}
# This autoloads: site/manifests/my_openssh.pp
# Custom class can stay in your site module:
class site::my_openssh {
file { 'motd':
path => '/etc/motd',
content => template('site/openssh/motd.erb'),
}
}
### Decommisioning
# Disable openssh service:
class { 'openssh':
disable => true
}
# Deactivate openssh service only at boot time:
class { 'openssh':
disableboot => true
}
# Useful when a service is managed by another tool (ie: a cluster suite)
# Remove openssh (package and files):
class { 'openssh':
absent => true
}
### Cross-module integrations
# Integration with other modules sets and conflicts management is not easy.
# Strategy 1: Provide the option to use the module's prerequisite resources:
class { 'logstash':
install_prerequisites => false, # Default true
}
# Strategy 2: Use if ! defined when defining common resources
if ! defined(Package['git']) {
package { 'git': ensure => installed }
}
# Strategy 3: Always define in Modulefile the module's dependencies
dependency 'example42/puppi', '>= 2.0.0'
# Strategy 4: Never assume your resource defaults are set for others
Exec { path => '/bin:/sbin:/usr/bin:/usr/sbin' }
### Extend: Monitor
# Manage Abstract Automatic Monitoring:
class { 'openssh':
monitor => true,
monitor_tool => [ 'nagios','puppi','monit' ],
monitor_target => $::ip_addess # Default
}
# Monitoring is based on these parameters defined in params.pp:
class { 'openssh':
port => '22',
protocol => 'tcp',
service => 'ssh[d]', # According to OS
process => 'sshd',
process_args => '',
process_user => 'root',
pid_file => '/var/run/sshd.pid',
}
# Manage Automatic Firewalling (host based):
class { 'openssh':
firewall => true,
firewall_tool => 'iptables',
firewall_src => '10.0.0.0/8',
firewall_dst => $::ipaddress_eth1, # Default is $::ipaddress
}
# Firewalling is based on these parameters defined in params.pp:
class { 'openssh':
port => '22',
protocol => 'tcp',
}
### Manage Puppi Integration:
class { 'openssh':
puppi => true, # Default: false
puppi_helper => 'standard', # Default
}
}