Mercurial > repos > other > Puppet

comparison manifests/templates.pp @ 35:1bb941522ebf puppet-3.6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables)
author IBBoard <dev@ibboard.co.uk>
date Sat, 14 Mar 2015 20:01:17 +0000
parents 6bbc86f6cee5
children a1960fb961c5
comparison
equal deleted inserted replaced
33:5c7fc7b7262c 35:1bb941522ebf
27 class basevpsnode ( 27 class basevpsnode (
28 $primary_ip, 28 $primary_ip,
29 $secondary_ip, 29 $secondary_ip,
30 $mailserver, 30 $mailserver,
31 $imapserver, 31 $imapserver,
32 $firewall_cmd = 'iptables',
32 ) { 33 ) {
33 #VPS is a self-mastered Puppet machine, so bodge a Hosts file 34 #VPS is a self-mastered Puppet machine, so bodge a Hosts file
34 file { '/etc/hosts': 35 file { '/etc/hosts':
35 ensure => present, 36 ensure => present,
36 content => "127.0.0.1 localhost puppet 37 content => "127.0.0.1 localhost puppet
46 primary_ip => $primary_ip, 47 primary_ip => $primary_ip,
47 secondary_ip => $secondary_ip, 48 secondary_ip => $secondary_ip,
48 } 49 }
49 include cronjobs 50 include cronjobs
50 include logrotate 51 include logrotate
51 include fail2ban 52 class { 'fail2ban':
53 firewall_cmd => $firewall_cmd,
54 }
52 include tools 55 include tools
53 class { 'email': 56 class { 'email':
54 mailserver => $mailserver, 57 mailserver => $mailserver,
55 imapserver => $imapserver, 58 imapserver => $imapserver,
56 } 59 }
177 file { '/etc/logwatch/conf/services/mysql.conf': 180 file { '/etc/logwatch/conf/services/mysql.conf':
178 source => 'puppet:///common/logwatch/services_mysql.conf', 181 source => 'puppet:///common/logwatch/services_mysql.conf',
179 } 182 }
180 } 183 }
181 184
182 class fail2ban { 185 class fail2ban (
186 $firewall_cmd,
187 ) {
183 package { 'fail2ban': 188 package { 'fail2ban':
184 ensure => latest, 189 ensure => latest,
185 } 190 }
186 service { 'fail2ban': 191 service { 'fail2ban':
187 ensure => running, 192 ensure => running,
195 file { '/etc/fail2ban/jail.local': 200 file { '/etc/fail2ban/jail.local':
196 source => 'puppet:///common/fail2ban/jail.local', 201 source => 'puppet:///common/fail2ban/jail.local',
197 } 202 }
198 file { '/etc/fail2ban/action.d/apf.conf': 203 file { '/etc/fail2ban/action.d/apf.conf':
199 source => 'puppet:///common/fail2ban/apf.conf', 204 source => 'puppet:///common/fail2ban/apf.conf',
205 }
206 file { '/etc/fail2ban/action.d/firewall-ban.conf':
207 ensure => link,
208 target => "/etc/fail2ban/action.d/${firewall_cmd}.conf",
200 } 209 }
201 file { '/etc/fail2ban/filter.d/ibb-apache-exploits-instaban.conf': 210 file { '/etc/fail2ban/filter.d/ibb-apache-exploits-instaban.conf':
202 source => 'puppet:///common/fail2ban/ibb-apache-exploits-instaban.conf', 211 source => 'puppet:///common/fail2ban/ibb-apache-exploits-instaban.conf',
203 } 212 }
204 file { '/etc/fail2ban/filter.d/ibb-apache-shellshock.conf': 213 file { '/etc/fail2ban/filter.d/ibb-apache-shellshock.conf':
273 class ibboardvpsnode ( 282 class ibboardvpsnode (
274 $primary_ip, 283 $primary_ip,
275 $secondary_ip, 284 $secondary_ip,
276 $mailserver, 285 $mailserver,
277 $imapserver, 286 $imapserver,
287 $firewall_cmd = 'iptables',
278 ){ 288 ){
279 class { 'basevpsnode': 289 class { 'basevpsnode':
280 primary_ip => $primary_ip, 290 primary_ip => $primary_ip,
281 secondary_ip => $secondary_ip, 291 secondary_ip => $secondary_ip,
282 mailserver => $mailserver, 292 mailserver => $mailserver,
283 imapserver => $imapserver, 293 imapserver => $imapserver,
294 firewall_cmd => $firewall_cmd,
284 } 295 }
285 296
286 # Common modules used by multiple sites (mod_auth_basic is safe because we HTTPS all the things) 297 # Common modules used by multiple sites (mod_auth_basic is safe because we HTTPS all the things)
287 apache::mod { 298 apache::mod {
288 'auth_basic':; 'authn_file':; 'authz_user':; 'auth_token':;'deflate':; 'version':; 299 'auth_basic':; 'authn_file':; 'authz_user':; 'auth_token':;'deflate':; 'version':;