This repository has been archived by the owner on Oct 4, 2020. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adding puppet information in cfg/ location and bumping release
- Loading branch information
Showing
14 changed files
with
294 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,100 @@ | ||
# This is an example auth.conf file, it mimics the puppetmasterd defaults | ||
# | ||
# The ACL are checked in order of appearance in this file. | ||
# | ||
# Supported syntax: | ||
# This file supports two different syntax depending on how | ||
# you want to express the ACL. | ||
# | ||
# Path syntax (the one used below): | ||
# --------------------------------- | ||
# path /path/to/resource | ||
# [environment envlist] | ||
# [method methodlist] | ||
# [auth[enthicated] {yes|no|on|off|any}] | ||
# allow [host|ip|*] | ||
# deny [host|ip] | ||
# | ||
# The path is matched as a prefix. That is /file match at | ||
# the same time /file_metadat and /file_content. | ||
# | ||
# Regex syntax: | ||
# ------------- | ||
# This one is differenciated from the path one by a '~' | ||
# | ||
# path ~ regex | ||
# [environment envlist] | ||
# [method methodlist] | ||
# [auth[enthicated] {yes|no|on|off|any}] | ||
# allow [host|ip|*] | ||
# deny [host|ip] | ||
# | ||
# The regex syntax is the same as ruby ones. | ||
# | ||
# Ex: | ||
# path ~ .pp$ | ||
# will match every resource ending in .pp (manifests files for instance) | ||
# | ||
# path ~ ^/path/to/resource | ||
# is essentially equivalent to path /path/to/resource | ||
# | ||
# environment:: restrict an ACL to a specific set of environments | ||
# method:: restrict an ACL to a specific set of methods | ||
# auth:: restrict an ACL to an authenticated or unauthenticated request | ||
# the default when unspecified is to restrict the ACL to authenticated requests | ||
# (ie exactly as if auth yes was present). | ||
# | ||
|
||
### Authenticated ACL - those applies only when the client | ||
### has a valid certificate and is thus authenticated | ||
|
||
# allow nodes to retrieve their own catalog (ie their configuration) | ||
path ~ ^/catalog/([^/]+)$ | ||
method find | ||
allow $1 | ||
|
||
# allow nodes to retrieve their own node definition | ||
path ~ ^/node/([^/]+)$ | ||
method find | ||
allow $1 | ||
|
||
# allow all nodes to access the certificates services | ||
path /certificate_revocation_list/ca | ||
method find | ||
allow * | ||
|
||
# allow all nodes to store their reports | ||
path /report | ||
method save | ||
allow * | ||
|
||
# inconditionnally allow access to all files services | ||
# which means in practice that fileserver.conf will | ||
# still be used | ||
path /file | ||
allow * | ||
|
||
### Unauthenticated ACL, for clients for which the current master doesn't | ||
### have a valid certificate; we allow authenticated users, too, because | ||
### there isn't a great harm in letting that request through. | ||
|
||
# allow access to the master CA | ||
path /certificate/ca | ||
auth any | ||
method find | ||
allow * | ||
|
||
path /certificate/ | ||
auth any | ||
method find | ||
allow * | ||
|
||
path /certificate_request | ||
auth any | ||
method find, save | ||
allow * | ||
|
||
# this one is not stricly necessary, but it has the merit | ||
# to show the default policy which is deny everything else | ||
path / | ||
auth any |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
# This file consists of arbitrarily named sections/modules | ||
# defining where files are served from and to whom | ||
|
||
# Define a section 'files' | ||
# Adapt the allow/deny settings to your needs. Order | ||
# for allow/deny does not matter, allow always takes precedence | ||
# over deny | ||
# [files] | ||
# path /var/lib/puppet/files | ||
# allow *.example.com | ||
# deny *.evil.example.com | ||
# allow 192.168.0.0/24 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
# The 'basenode' node is a Puppet-default baseline node | ||
node basenode { | ||
###################################### | ||
# | ||
# General variables | ||
# | ||
|
||
# Network config | ||
$puppet_server = "puppet.internal.genfic.com" | ||
$dns_servers = [ "192.168.1.1", "8.8.8.8" ] | ||
$domain = "internal.genfic.com" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
## | ||
## puppet.internal.genfic.com | ||
## | ||
node 'puppet.internal.genfic.com' inherits basenode { | ||
include general | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
## | ||
## test.internal.genfic.com | ||
## | ||
node 'test.internal.genfic.com' inherits basenode { | ||
include general | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
class general { | ||
################################ | ||
# | ||
# General setup | ||
# | ||
|
||
# Start with minimal | ||
include minimal | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
class minimal { | ||
############################### | ||
# | ||
# Minimal setup | ||
# | ||
|
||
# Manage /etc/hosts | ||
include hosts | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
# This is the base setup of our architecture. | ||
# Anything that is global for all systems should | ||
# go in the basic-setup.pp file | ||
import "basic-setup.pp" | ||
|
||
# Import the patterns | ||
import "patterns/*.pp" | ||
|
||
# Import the definitions of the various systems | ||
import "nodes/*.pp" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
######################### | ||
# | ||
# Class hosts | ||
# | ||
# Manages /etc/hosts | ||
# | ||
class hosts { | ||
file { "hosts": | ||
ensure => present, | ||
path => "/etc/hosts", | ||
content => template("hosts/hosts.erb"), | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
# File managed by puppet | ||
127.0.0.1 local.virtdomain local | ||
192.168.100.1 gateway.virtdomain gateway | ||
|
||
::1 localhost.<%= domain %> localhost | ||
<%= ipaddress6 %> <%= hostname %>.<%= domain %> <%= hostname %> | ||
|
||
# Minimal requirements (case DNS is unavailable) | ||
2001:db8:81:e2::26b5:365b:5072 workstation.<%= domain %> workstation | ||
2001:db8:81:21::53:3a8a:71e0 puppet.<%= domain %> puppet |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
[main] | ||
# The Puppet log directory. | ||
# The default value is '$vardir/log'. | ||
logdir = /var/log/puppet | ||
|
||
# Where Puppet PID files are kept. | ||
# The default value is '$vardir/run'. | ||
rundir = /var/run/puppet | ||
|
||
# Where SSL certificates are kept. | ||
# The default value is '$confdir/ssl'. | ||
ssldir = $vardir/ssl | ||
|
||
[master] | ||
bindaddress="::" | ||
|
||
[agent] | ||
# The file in which puppetd stores a list of the classes | ||
# associated with the retrieved configuratiion. Can be loaded in | ||
# the separate ``puppet`` executable using the ``--loadclasses`` | ||
# option. | ||
# The default value is '$confdir/classes.txt'. | ||
classfile = $vardir/classes.txt | ||
|
||
# Where puppetd caches the local configuration. An | ||
# extension indicating the cache format is added automatically. | ||
# The default value is '$confdir/localconfig'. | ||
localconfig = $vardir/localconfig | ||
listen = true | ||
bindaddress="::" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters