Initial Commit..

.gitignore

@@ -0,0 +1 @@
+/nbproject/private/

auth.conf

@@ -0,0 +1,94 @@
+# This is an example auth.conf file, it mimics the puppetmasterd defaults
+#
+# The ACL are checked in order of appearance in this file.
+#
+# Supported syntax:
+# This file supports two different syntax depending on how
+# you want to express the ACL.
+#
+# Path syntax (the one used below):
+# ---------------------------------
+# path /path/to/resource
+# [environment envlist]
+# [method methodlist]
+# [auth[enthicated] {yes|no|on|off|any}]
+# allow [host|ip|*]
+# deny [host|ip]
+#
+# The path is matched as a prefix. That is /file match at
+# the same time /file_metadat and /file_content.
+#
+# Regex syntax:
+# -------------
+# This one is differenciated from the path one by a '~'
+#
+# path ~ regex
+# [environment envlist]
+# [method methodlist]
+# [auth[enthicated] {yes|no|on|off|any}]
+# allow [host|ip|*]
+# deny [host|ip]
+#
+# The regex syntax is the same as ruby ones.
+#
+# Ex:
+# path ~ .pp$
+# will match every resource ending in .pp (manifests files for instance)
+#
+# path ~ ^/path/to/resource
+# is essentially equivalent to path /path/to/resource
+#
+# environment:: restrict an ACL to a specific set of environments
+# method:: restrict an ACL to a specific set of methods
+# auth:: restrict an ACL to an authenticated or unauthenticated request
+# the default when unspecified is to restrict the ACL to authenticated requests
+# (ie exactly as if auth yes was present).
+#
+
+### Authenticated ACL - those applies only when the client
+### has a valid certificate and is thus authenticated
+
+# allow nodes to retrieve their own catalog (ie their configuration)
+path ~ ^/catalog/([^/]+)$
+method find
+allow $1
+
+# allow all nodes to access the certificates services
+path /certificate_revocation_list/ca
+method find
+allow *
+
+# allow all nodes to store their reports
+path /report
+method save
+allow *
+
+# inconditionnally allow access to all files services
+# which means in practice that fileserver.conf will
+# still be used
+path /file
+allow *
+
+### Unauthenticated ACL, for clients for which the current master doesn't
+### have a valid certificate
+
+# allow access to the master CA
+path /certificate/ca
+auth no
+method find
+allow *
+
+path /certificate/
+auth no
+method find
+allow *
+
+path /certificate_request
+auth no
+method find, save
+allow *
+
+# this one is not stricly necessary, but it has the merit
+# to show the default policy which is deny everything else
+path /
+auth any

autosign.conf

@@ -0,0 +1 @@
+*.kohanaframework.org

etckeeper-commit-post

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+which etckeeper > /dev/null 2>&1 || exit 0
+
+etckeeper commit "committing changes in /etc after puppet catalog run"
+
+# Failure of etckeeper should not be fatal.
+exit 0

etckeeper-commit-pre

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+which etckeeper > /dev/null 2>&1 || exit 0
+
+etckeeper commit "saving uncommitted changes in /etc prior to puppet catalog run"
+
+# Failure of etckeeper should not be fatal.
+exit 0

files/etc/profile

@@ -0,0 +1,30 @@
+# /etc/profile: system-wide .profile file for the Bourne shell (sh(1))
+# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...).
+
+if [ -d /etc/profile.d ]; then
+  for i in /etc/profile.d/*.sh; do
+    if [ -r $i ]; then
+      . $i
+    fi
+  done
+  unset i
+fi
+
+if [ "$PS1" ]; then
+  if [ "$BASH" ]; then
+    PS1='\u@\h:\w\$ '
+    if [ -f /etc/bash.bashrc ]; then
+	. /etc/bash.bashrc
+    fi
+  else
+    if [ "`id -u`" -eq 0 ]; then
+      PS1='# '
+    else
+      PS1='$ '
+    fi
+  fi
+fi
+
+#umask 022
+umask 007
+export PATH=/var/lib/gems/1.8/bin:$PATH

fileserver.conf

@@ -0,0 +1,16 @@
+# This file consists of arbitrarily named sections/modules
+# defining where files are served from and to whom
+
+# Define a section 'files'
+# Adapt the allow/deny settings to your needs. Order
+# for allow/deny does not matter, allow always takes precedence
+# over deny
+[files]
+  path /etc/puppet/files
+  allow *.kohanaframework.org
+  allow 127.0.0.0/8
+
+[plugins]
+#  allow *.example.com
+#  deny *.evil.example.com
+#  allow 192.168.0.0/24

manifests/custom.pp

@@ -0,0 +1,35 @@
+# "Extensions" to built in types
+class custom {
+	define user($ensure = 'present', $groups = []) {
+		user {
+			$name:
+				ensure  => $ensure,
+				home    => "/home/$name",
+				shell   => "/bin/bash",
+				groups  => $groups;
+		}
+
+		group {
+			$name:
+				ensure  => $ensure,
+				require => User[$name]
+		}
+
+		$home_ensure = $ensure ? {
+			'present' => directory,
+			default => $ensure
+		}
+
+		file {
+			"/home/${name}":
+				ensure  => $home_ensure,
+				owner   => $name,
+				group   => $name,
+				mode    => 770,
+				require => [
+					User[$name],
+					Group[$name]
+				];
+		}
+	}
+}

manifests/nagios.pp

@@ -0,0 +1,40 @@
+nagios_timeperiod {
+	"24x7":
+		ensure    => present,
+		alias     => "24 Hours A Day, 7 Days A Week",
+		sunday    => "00:00-24:00",
+		monday    => "00:00-24:00",
+		tuesday   => "00:00-24:00",
+		wednesday => "00:00-24:00",
+		thursday  => "00:00-24:00",
+		friday    => "00:00-24:00",
+		saturday  => "00:00-24:00",
+		target    => "/etc/nagios3/conf.puppet.d/timeperiod.cfg",
+		require   => File["/etc/nagios3/conf.puppet.d/timeperiod.cfg"],
+		notify    => Service["nagios3"];
+}
+
+nagios_contactgroup {
+	"admins":
+		ensure  => present,
+		alias   => "Nagios Administrators",
+		members => "kiall",
+		target  => "/etc/nagios3/conf.puppet.d/contactgroup.cfg",
+		require => File["/etc/nagios3/conf.puppet.d/contactgroup.cfg"],
+		notify  => Service["nagios3"];
+}
+
+nagios_contact {
+	"kiall":
+		ensure                        => present,
+		email                         => "kiall.macinnes@kohanaframework.org",
+        service_notification_period   => "24x7",
+        host_notification_period      => "24x7",
+        service_notification_options  => "w,u,c,r",
+        host_notification_options     => "d,r",
+        service_notification_commands => "notify-service-by-email",
+        host_notification_commands    => "notify-host-by-email",
+		target                        => "/etc/nagios3/conf.puppet.d/contact.cfg",
+		require                       => File["/etc/nagios3/conf.puppet.d/contact.cfg"],
+		notify                        => Service["nagios3"];
+}

manifests/nodes.pp

@@ -0,0 +1,31 @@
+# Define Nodes
+node "puppet.kohanaframework.org" {
+	include role::puppet
+	include role::web
+	include role::mysql
+	#include role::ci
+	include role::monitor
+
+	include website::www
+	include website::forum
+	include website::dev
+	#include website::ci
+}
+
+node "vm01.kohanaframework.org" {
+	include role::web
+	include role::mysql
+
+	include website::www
+	include website::forum
+}
+
+node "vm02.kohanaframework.org" {
+	include role::ci
+}
+
+node "vm03.kohanaframework.org" {
+	include role::web
+
+	include website::dev
+}