# HG changeset patch # User IBBoard # Date 1576955987 18000 # Node ID c3fa3d65aa83eb4979c96740f19eca548d9e6088 # Parent b0f8b88fea5c3dcede7675bf98983605f8596577 Update configs for Puppet 6 This *should* all be backward compatible diff -r b0f8b88fea5c -r c3fa3d65aa83 manifests/templates.pp --- a/manifests/templates.pp Sat Dec 21 14:12:10 2019 -0500 +++ b/manifests/templates.pp Sat Dec 21 14:19:47 2019 -0500 @@ -2,12 +2,15 @@ YumRepo<| |> -> Package<| |> # Make sure all files are in place before starting services -File<| |> -> Service<| |> +File<| tag != 'post-service' |> -> Service<| |> + +# Set some shortcut variables +#$os = $operatingsystem +$osver = $operatingsystemrelease +$server = '' class basenode { - $os = $operatingsystem - $osver = "v${operatingsystemrelease}" include sudo include defaultusers @@ -45,7 +48,7 @@ require repos include basenode - include private + include privat include dnsresolver include ssh::server include vcs::server @@ -183,7 +186,9 @@ file { '/etc/resolv.conf': ensure => present, - content => "nameserver 127.0.0.1" + content => "nameserver 127.0.0.1", + require => Service['named'], + tag => 'post-service', } } @@ -442,7 +447,7 @@ #Setup MySQL, using (private) templates to make sure that we set non-std passwords and a default user - if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, 7) >= 0 { + if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, '7') >= 0 { $mysqlpackage = 'mariadb' $mysqlsuffix = '' @@ -495,8 +500,8 @@ apache::mod { $mods:; } - if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, 7) >= 0 { - apache::mod { + if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, '7') >= 0 { + apache::mod { 'authn_core':; } } @@ -508,7 +513,7 @@ #Configure our sites, using templates for the custom fragments where the extra content is too long include adminsite website::https::multitld { 'www.ibboard': - custom_fragment => template("private/apache/ibboard.fragment"), + custom_fragment => template("privat/apache/ibboard.fragment"), letsencrypt_name => 'ibboard.co.uk', csp_override => { "report-uri" => "https://ibboard.report-uri.com/r/d/csp/enforce", @@ -537,7 +542,7 @@ website::https::multitld { 'admin.ibboard': force_no_index => false, ssl_ca_chain => '', - custom_fragment => template("private/apache/admin.fragment"), + custom_fragment => template("privat/apache/admin.fragment"), } cron { 'loadavg': command => '/usr/local/bin/run-loadavg-logger', @@ -556,15 +561,15 @@ website::https::multitld { 'www.hiveworldterra': force_no_www => false, letsencrypt_name => 'hiveworldterra.co.uk', - custom_fragment => template("private/apache/hwt.fragment"), + custom_fragment => template("privat/apache/hwt.fragment"), } website::https::multitld { 'forums.hiveworldterra': letsencrypt_name => 'hiveworldterra.co.uk', - custom_fragment => template("private/apache/forums.fragment"), + custom_fragment => template("privat/apache/forums.fragment"), } website::https::multitld { 'skins.hiveworldterra': letsencrypt_name => 'hiveworldterra.co.uk', - custom_fragment => template("private/apache/skins.fragment"), + custom_fragment => template("privat/apache/skins.fragment"), } website::https::redir { 'hiveworldterra.ibboard.co.uk': redir => 'https://www.hiveworldterra.co.uk/', @@ -578,7 +583,7 @@ docroot_owner => $defaultusers::secondary_user, docroot_group => 'editors', letsencrypt_name => 'bdstrike.co.uk', - custom_fragment => template("private/apache/bdstrike.fragment"), + custom_fragment => template("privat/apache/bdstrike.fragment"), csp_override => {"frame-ancestors" => "'self'"}, csp_report_override => { "font-src" => "'self' https://fonts.gstatic.com/", @@ -629,14 +634,14 @@ website::https::multitld { 'www.warfoundry': letsencrypt_name => 'warfoundry.co.uk', - custom_fragment => template("private/apache/warfoundry.fragment"), + custom_fragment => template("privat/apache/warfoundry.fragment"), } website::https::multitld { 'dev.ibboard': #Make sure we're the first one hit for the tiny fraction of "no support" cases we care about (potentially Python for Mercurial!) # http://en.wikipedia.org/wiki/Server_Name_Indication#No_support priority => 1, letsencrypt_name => 'dev.ibboard.co.uk', - custom_fragment => template("private/apache/dev.fragment"), + custom_fragment => template("privat/apache/dev.fragment"), force_no_index => false, } } @@ -646,7 +651,7 @@ website::https { 'webmail.ibboard.co.uk': force_no_index => false, ssl_ca_chain => '', - custom_fragment => template("private/apache/webmail.fragment"), + custom_fragment => template("privat/apache/webmail.fragment"), } website::https { 'pim.ibboard.co.uk': docroot_owner => 'apache', @@ -654,7 +659,7 @@ force_no_index => false, lockdown_requests => false, ssl_ca_chain => '', - custom_fragment => template("private/apache/pim.fragment"), + custom_fragment => template("privat/apache/pim.fragment"), } cron { 'owncloudcron': command => "/usr/local/bin/owncloud-cron", diff -r b0f8b88fea5c -r c3fa3d65aa83 modules/postfix/manifests/init.pp --- a/modules/postfix/manifests/init.pp Sat Dec 21 14:12:10 2019 -0500 +++ b/modules/postfix/manifests/init.pp Sat Dec 21 14:19:47 2019 -0500 @@ -93,13 +93,13 @@ ensure => present, source => "puppet:///private/pki/custom/$mailserver.crt", owner => 'postfix', - mode => 600, + mode => '0600', } file { "/etc/pki/custom/$mailserver.key": ensure => present, source => "puppet:///private/pki/custom/$mailserver.key", owner => 'postfix', - mode => 600, + mode => '0600', } # Mail base dir @@ -107,7 +107,7 @@ ensure => directory, owner => 505, group => 505, - mode => 700, + mode => '0700', } #SPF checking diff -r b0f8b88fea5c -r c3fa3d65aa83 modules/privat/manifests --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/privat/manifests Sat Dec 21 14:19:47 2019 -0500 @@ -0,0 +1,1 @@ +../../private/manifests/ \ No newline at end of file diff -r b0f8b88fea5c -r c3fa3d65aa83 modules/privat/templates/apache --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/privat/templates/apache Sat Dec 21 14:19:47 2019 -0500 @@ -0,0 +1,1 @@ +../../../private/apache/templates \ No newline at end of file diff -r b0f8b88fea5c -r c3fa3d65aa83 modules/private/manifests --- a/modules/private/manifests Sat Dec 21 14:12:10 2019 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1 +0,0 @@ -../../private/manifests/ \ No newline at end of file diff -r b0f8b88fea5c -r c3fa3d65aa83 modules/private/templates/apache --- a/modules/private/templates/apache Sat Dec 21 14:12:10 2019 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1 +0,0 @@ -../../../private/apache/templates \ No newline at end of file diff -r b0f8b88fea5c -r c3fa3d65aa83 modules/python/manifests/gunicorn/instance.pp --- a/modules/python/manifests/gunicorn/instance.pp Sat Dec 21 14:12:10 2019 -0500 +++ b/modules/python/manifests/gunicorn/instance.pp Sat Dec 21 14:19:47 2019 -0500 @@ -74,7 +74,7 @@ file { $initscript: ensure => $ensure, content => template($init_template), - mode => 744, + mode => '0744', require => File["/etc/logrotate.d/gunicorn-${name}"], } diff -r b0f8b88fea5c -r c3fa3d65aa83 modules/ssh/manifests/init.pp --- a/modules/ssh/manifests/init.pp Sat Dec 21 14:12:10 2019 -0500 +++ b/modules/ssh/manifests/init.pp Sat Dec 21 14:19:47 2019 -0500 @@ -40,7 +40,7 @@ @file { "/etc/ssh/ssh_config": owner => "root", - mode => 644, + mode => '0644', require => Package["openssh-clients"], source => [ # @@ -68,7 +68,7 @@ @file { "/etc/ssh/sshd_config": owner => "root", - mode => 644, + mode => '0644', notify => Service["openssh-server"], require => Package["openssh-server"], source => [ @@ -108,7 +108,7 @@ # Include operatingsystem specific subclass case $::osfamily { - Redhat: { + 'Redhat': { include ssh::centos } default:{fail("Invalid OS type for SSH - $osfamily")} diff -r b0f8b88fea5c -r c3fa3d65aa83 modules/sudo/manifests/init.pp --- a/modules/sudo/manifests/init.pp Sat Dec 21 14:12:10 2019 -0500 +++ b/modules/sudo/manifests/init.pp Sat Dec 21 14:19:47 2019 -0500 @@ -4,21 +4,21 @@ file { "/etc/sudoers.d/enable-wheel": owner => root, group => root, - mode => 440, + mode => '0440', source => "puppet:///modules/sudo/enable-wheel", require => Package["sudo"], } file { "/etc/sudoers.d/use-root-pwd": owner => root, group => root, - mode => 440, + mode => '0440', source => "puppet:///modules/sudo/use-root-pwd", require => Package["sudo"], } file { "/etc/sudoers.d/keep-editor": owner => root, group => root, - mode => 440, + mode => '0440', source => "puppet:///modules/sudo/keep-editor", require => Package["sudo"], } diff -r b0f8b88fea5c -r c3fa3d65aa83 modules/website/manifests/init.pp --- a/modules/website/manifests/init.pp Sat Dec 21 14:12:10 2019 -0500 +++ b/modules/website/manifests/init.pp Sat Dec 21 14:19:47 2019 -0500 @@ -112,7 +112,7 @@ file { $cert_dir: ensure => directory; } - if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, 7) >= 0 { + if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, '7') >= 0 { exec { 'set_apache_defaults': command => 'semanage fcontext -a -t httpd_sys_content_t "/srv/sites(/.*)?"', path => '/bin:/usr/bin/:/sbin:/usr/sbin', diff -r b0f8b88fea5c -r c3fa3d65aa83 modules/website/manifests/php.pp --- a/modules/website/manifests/php.pp Sat Dec 21 14:12:10 2019 -0500 +++ b/modules/website/manifests/php.pp Sat Dec 21 14:19:47 2019 -0500 @@ -3,22 +3,7 @@ $opcache = undef, $extras = [], ) { - File { - notify => Service['httpd'], - tag => 'website', - } - Package { - notify => Service['httpd'], - tag => 'website', - } - Package <| tag == 'website' |> -> File <| tag == 'website' |> - define website::php::extra_php ($pkg = $title) { - package { "php${website::php::suffix}-${pkg}": - ensure => installed, - } - } - - website::php::extra_php { $extras: } + Package <| tag == 'php-package' |> -> File <| tag == 'php-file' |> ~> Service['httpd'] if $suffix =~ /^7[1-9]w$/ { $php_core = "mod_php${suffix}" @@ -29,22 +14,26 @@ $packages = [ $php_core, "php${suffix}-mbstring", "php${suffix}-xml", "php${suffix}-gd" ] package { $packages: ensure => installed, + tag => 'php-package', } + file { '/etc/php.d/custom-lockdown.ini': ensure => present, content => 'allow_url_fopen = \'off\' expose_php = Off', + tag => 'php-file', } file { '/etc/php.d/custom-php.ini': ensure => present, source => 'puppet:///modules/website/custom-php.ini', + tag => 'php-file', } if $opcache { package { "php${suffix}-${opcache}": ensure => installed, - notify => Service['httpd'], require => Package[$php_core], + tag => 'php-package', } # Use Remi's (and the OS's) naming convention file { '/etc/php.d/opcache.ini': @@ -53,6 +42,7 @@ file { '/etc/php.d/10-opcache.ini': ensure => present, source => 'puppet:///modules/website/opcache.ini', + tag => 'php-file', } } } diff -r b0f8b88fea5c -r c3fa3d65aa83 modules/website/manifests/php/extra.pp --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/website/manifests/php/extra.pp Sat Dec 21 14:19:47 2019 -0500 @@ -0,0 +1,6 @@ +define website::php::extra ($pkg = $title) { + package { "php${website::php::suffix}-${pkg}": + ensure => installed, + tag => 'php-package', + } +}