Mercurial > repos > other > Puppet

changeset 246:c3fa3d65aa83

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update configs for Puppet 6 This *should* all be backward compatible
author IBBoard <dev@ibboard.co.uk>
date Sat, 21 Dec 2019 14:19:47 -0500
parents b0f8b88fea5c
children 308f69ca988c
files manifests/templates.pp modules/postfix/manifests/init.pp modules/privat/manifests modules/privat/templates/apache modules/private/manifests modules/private/templates/apache modules/python/manifests/gunicorn/instance.pp modules/ssh/manifests/init.pp modules/sudo/manifests/init.pp modules/website/manifests/init.pp modules/website/manifests/php.pp modules/website/manifests/php/extra.pp
diffstat 12 files changed, 49 insertions(+), 48 deletions(-) [+]
line wrap: on
line diff
--- a/manifests/templates.pp	Sat Dec 21 14:12:10 2019 -0500
+++ b/manifests/templates.pp	Sat Dec 21 14:19:47 2019 -0500
@@ -2,12 +2,15 @@
 YumRepo<| |> -> Package<| |>
 
 # Make sure all files are in  place before starting services
-File<| |> -> Service<| |>
+File<| tag != 'post-service' |> -> Service<| |>
+
+# Set some shortcut variables
+#$os = $operatingsystem
+$osver = $operatingsystemrelease
+$server = ''
 
 
 class basenode {
-	$os = $operatingsystem
-	$osver = "v${operatingsystemrelease}"
 	include sudo
 
 	include defaultusers
@@ -45,7 +48,7 @@
 
 	require repos
 	include basenode
-	include private
+	include privat
 	include dnsresolver
 	include ssh::server
 	include vcs::server
@@ -183,7 +186,9 @@
 
 	file { '/etc/resolv.conf':
 		ensure => present,
-		content => "nameserver 127.0.0.1"
+		content => "nameserver 127.0.0.1",
+		require => Service['named'],
+		tag => 'post-service',
 	}
 }
 
@@ -442,7 +447,7 @@
 
 	#Setup MySQL, using (private) templates to make sure that we set non-std passwords and a default user
 
-	if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, 7) >= 0 {
+	if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, '7') >= 0 {
 		$mysqlpackage = 'mariadb'
 		$mysqlsuffix = ''
 
@@ -495,8 +500,8 @@
 	apache::mod {
 		$mods:;
 	}
-	if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, 7) >= 0 {
-		apache::mod { 
+	if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, '7') >= 0 {
+		apache::mod {
 			'authn_core':;
 		}
 	}
@@ -508,7 +513,7 @@
 	#Configure our sites, using templates for the custom fragments where the extra content is too long
 	include adminsite
 	website::https::multitld { 'www.ibboard':
-		custom_fragment => template("private/apache/ibboard.fragment"),
+		custom_fragment => template("privat/apache/ibboard.fragment"),
 		letsencrypt_name => 'ibboard.co.uk',
 		csp_override => {
 			"report-uri" => "https://ibboard.report-uri.com/r/d/csp/enforce",
@@ -537,7 +542,7 @@
 	website::https::multitld { 'admin.ibboard':
 		force_no_index => false,
 		ssl_ca_chain => '',
-		custom_fragment => template("private/apache/admin.fragment"),
+		custom_fragment => template("privat/apache/admin.fragment"),
 	}
 	cron { 'loadavg':
 		command => '/usr/local/bin/run-loadavg-logger',
@@ -556,15 +561,15 @@
 	website::https::multitld { 'www.hiveworldterra':
 		force_no_www => false,
 		letsencrypt_name => 'hiveworldterra.co.uk',
-		custom_fragment => template("private/apache/hwt.fragment"),
+		custom_fragment => template("privat/apache/hwt.fragment"),
 	}
 	website::https::multitld { 'forums.hiveworldterra': 
 		letsencrypt_name => 'hiveworldterra.co.uk',
-		custom_fragment => template("private/apache/forums.fragment"),
+		custom_fragment => template("privat/apache/forums.fragment"),
 	}
 	website::https::multitld { 'skins.hiveworldterra':
 		letsencrypt_name => 'hiveworldterra.co.uk',
-		custom_fragment => template("private/apache/skins.fragment"),
+		custom_fragment => template("privat/apache/skins.fragment"),
 	}
 	website::https::redir { 'hiveworldterra.ibboard.co.uk':
 		redir => 'https://www.hiveworldterra.co.uk/',
@@ -578,7 +583,7 @@
 		docroot_owner => $defaultusers::secondary_user,
 		docroot_group => 'editors',
 		letsencrypt_name => 'bdstrike.co.uk',
-		custom_fragment => template("private/apache/bdstrike.fragment"),
+		custom_fragment => template("privat/apache/bdstrike.fragment"),
 		csp_override => {"frame-ancestors" => "'self'"},
 		csp_report_override => {
 			"font-src" => "'self' https://fonts.gstatic.com/",
@@ -629,14 +634,14 @@
 
 	website::https::multitld { 'www.warfoundry':
 		letsencrypt_name => 'warfoundry.co.uk',
-		custom_fragment => template("private/apache/warfoundry.fragment"),
+		custom_fragment => template("privat/apache/warfoundry.fragment"),
 	}
 	website::https::multitld { 'dev.ibboard':
 		#Make sure we're the first one hit for the tiny fraction of "no support" cases we care about (potentially Python for Mercurial!)
 		# http://en.wikipedia.org/wiki/Server_Name_Indication#No_support
 		priority => 1,
 		letsencrypt_name => 'dev.ibboard.co.uk',
-		custom_fragment => template("private/apache/dev.fragment"),
+		custom_fragment => template("privat/apache/dev.fragment"),
 		force_no_index => false,
 	}
 }
@@ -646,7 +651,7 @@
 	website::https { 'webmail.ibboard.co.uk':
 		force_no_index => false,
 		ssl_ca_chain => '',
-		custom_fragment => template("private/apache/webmail.fragment"),
+		custom_fragment => template("privat/apache/webmail.fragment"),
 	}
 	website::https { 'pim.ibboard.co.uk':
 		docroot_owner => 'apache',
@@ -654,7 +659,7 @@
 		force_no_index => false,
 		lockdown_requests => false,
 		ssl_ca_chain => '',
-		custom_fragment => template("private/apache/pim.fragment"),
+		custom_fragment => template("privat/apache/pim.fragment"),
 	}
 	cron { 'owncloudcron':
 		command => "/usr/local/bin/owncloud-cron",
--- a/modules/postfix/manifests/init.pp	Sat Dec 21 14:12:10 2019 -0500
+++ b/modules/postfix/manifests/init.pp	Sat Dec 21 14:19:47 2019 -0500
@@ -93,13 +93,13 @@
     ensure => present,
     source => "puppet:///private/pki/custom/$mailserver.crt",
     owner  => 'postfix',
-    mode   => 600,
+    mode   => '0600',
   }
   file { "/etc/pki/custom/$mailserver.key":
     ensure => present,
     source => "puppet:///private/pki/custom/$mailserver.key",
     owner  => 'postfix',
-    mode   => 600,
+    mode   => '0600',
   }
 
   # Mail base dir
@@ -107,7 +107,7 @@
     ensure => directory,
     owner => 505,
     group => 505,
-    mode => 700,
+    mode => '0700',
   } 
 
   #SPF checking
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/modules/privat/manifests	Sat Dec 21 14:19:47 2019 -0500
@@ -0,0 +1,1 @@
+../../private/manifests/
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/modules/privat/templates/apache	Sat Dec 21 14:19:47 2019 -0500
@@ -0,0 +1,1 @@
+../../../private/apache/templates
\ No newline at end of file
--- a/modules/private/manifests	Sat Dec 21 14:12:10 2019 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-../../private/manifests/
\ No newline at end of file
--- a/modules/private/templates/apache	Sat Dec 21 14:12:10 2019 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-../../../private/apache/templates
\ No newline at end of file
--- a/modules/python/manifests/gunicorn/instance.pp	Sat Dec 21 14:12:10 2019 -0500
+++ b/modules/python/manifests/gunicorn/instance.pp	Sat Dec 21 14:19:47 2019 -0500
@@ -74,7 +74,7 @@
   file { $initscript:
     ensure => $ensure,
     content => template($init_template),
-    mode => 744,
+    mode => '0744',
     require => File["/etc/logrotate.d/gunicorn-${name}"],
   }
 
--- a/modules/ssh/manifests/init.pp	Sat Dec 21 14:12:10 2019 -0500
+++ b/modules/ssh/manifests/init.pp	Sat Dec 21 14:19:47 2019 -0500
@@ -40,7 +40,7 @@
 
     @file { "/etc/ssh/ssh_config":
         owner => "root",
-        mode => 644,
+        mode => '0644',
         require => Package["openssh-clients"],
         source => [
             #
@@ -68,7 +68,7 @@
 
     @file { "/etc/ssh/sshd_config":
         owner => "root",
-        mode => 644,
+        mode => '0644',
         notify => Service["openssh-server"],
         require => Package["openssh-server"],
         source => [
@@ -108,7 +108,7 @@
 
     # Include operatingsystem specific subclass
     case $::osfamily {
-        Redhat: {
+        'Redhat': {
             include ssh::centos
         }
         default:{fail("Invalid OS type for SSH - $osfamily")}
--- a/modules/sudo/manifests/init.pp	Sat Dec 21 14:12:10 2019 -0500
+++ b/modules/sudo/manifests/init.pp	Sat Dec 21 14:19:47 2019 -0500
@@ -4,21 +4,21 @@
 	file { "/etc/sudoers.d/enable-wheel":
 		owner   => root,
 		group   => root,
-		mode    => 440,
+		mode    => '0440',
 		source  => "puppet:///modules/sudo/enable-wheel",
 		require => Package["sudo"],
 	}
 	file { "/etc/sudoers.d/use-root-pwd":
 		owner   => root,
 		group   => root,
-		mode    => 440,
+		mode    => '0440',
 		source  => "puppet:///modules/sudo/use-root-pwd",
 		require => Package["sudo"],
 	}
 	file { "/etc/sudoers.d/keep-editor":
 		owner   => root,
 		group   => root,
-		mode    => 440,
+		mode    => '0440',
 		source  => "puppet:///modules/sudo/keep-editor",
 		require => Package["sudo"],
 	}
--- a/modules/website/manifests/init.pp	Sat Dec 21 14:12:10 2019 -0500
+++ b/modules/website/manifests/init.pp	Sat Dec 21 14:19:47 2019 -0500
@@ -112,7 +112,7 @@
   file { $cert_dir:
     ensure => directory;
   }
-  if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, 7) >= 0 {
+  if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, '7') >= 0 {
     exec { 'set_apache_defaults':
       command => 'semanage fcontext -a -t httpd_sys_content_t "/srv/sites(/.*)?"',
       path    => '/bin:/usr/bin/:/sbin:/usr/sbin',
--- a/modules/website/manifests/php.pp	Sat Dec 21 14:12:10 2019 -0500
+++ b/modules/website/manifests/php.pp	Sat Dec 21 14:19:47 2019 -0500
@@ -3,22 +3,7 @@
     $opcache = undef,
     $extras = [],
     ) {
-  File {
-      notify => Service['httpd'],
-      tag => 'website',
-  }
-  Package {
-      notify => Service['httpd'],
-      tag => 'website',
-  }
-  Package <| tag == 'website' |> -> File <| tag == 'website' |>
-  define website::php::extra_php ($pkg = $title) {
-    package { "php${website::php::suffix}-${pkg}":
-      ensure => installed,
-    }
-  }
-
-  website::php::extra_php { $extras: }
+  Package <| tag == 'php-package' |> -> File <| tag == 'php-file' |> ~> Service['httpd']
 
   if $suffix =~ /^7[1-9]w$/ {
     $php_core = "mod_php${suffix}"
@@ -29,22 +14,26 @@
   $packages = [ $php_core, "php${suffix}-mbstring", "php${suffix}-xml", "php${suffix}-gd" ]
   package { $packages:
     ensure => installed,
+    tag => 'php-package',
   }
+
   file { '/etc/php.d/custom-lockdown.ini':
     ensure => present,
     content => 'allow_url_fopen = \'off\'
     expose_php = Off',
+    tag => 'php-file',
   }
   file { '/etc/php.d/custom-php.ini':
     ensure => present,
     source => 'puppet:///modules/website/custom-php.ini',
+    tag => 'php-file',
   }
 
   if $opcache {
     package { "php${suffix}-${opcache}":
       ensure => installed,
-      notify => Service['httpd'],
       require => Package[$php_core],
+      tag => 'php-package',
     }
     # Use Remi's (and the OS's) naming convention
     file { '/etc/php.d/opcache.ini':
@@ -53,6 +42,7 @@
     file { '/etc/php.d/10-opcache.ini':
       ensure => present,
       source => 'puppet:///modules/website/opcache.ini',
+      tag => 'php-file',
     }
   }
 }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/modules/website/manifests/php/extra.pp	Sat Dec 21 14:19:47 2019 -0500
@@ -0,0 +1,6 @@
+define website::php::extra ($pkg = $title) {
+  package { "php${website::php::suffix}-${pkg}":
+    ensure => installed,
+    tag => 'php-package',
+  }
+}