diff --git a/manifests/common/authorized_keys.pp b/manifests/common/authorized_keys.pp deleted file mode 100644 index 2de756a1..00000000 --- a/manifests/common/authorized_keys.pp +++ /dev/null @@ -1,48 +0,0 @@ -# -# Copyright (C) 2013 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SSH authorized_keys -# - -class authorized_keys ($keys, $account='root', $home = '') { - # This line allows default homedir based on $account variable. - # If $home is empty, the default is used. - $rhome = $account ? {'root' => '/root', default => $home} - $homedir = $rhome ? {'' => "/home/${account}", default => $rhome} - - file { "${homedir}/.ssh": - ensure => directory, - owner => $ensure ? {'present' => $account, default => undef }, - group => $ensure ? {'present' => $account, default => undef }, - mode => '0755', - } - - file { "${homedir}/.ssh/authorized_keys": - owner => $ensure ? {'present' => $account, default => undef }, - group => $ensure ? {'present' => $account, default => undef }, - mode => '0644', - require => File["${homedir}/.ssh"], - } - - define addkey{ - exec{"key-${name}": - command => "/bin/echo '${name}' >> ${homedir}/.ssh/authorized_keys", - unless => "/bin/grep -xFq '${name}' ${homedir}/.ssh/authorized_keys", - require => File["${homedir}/.ssh/authorized_keys"], - } - } - - addkey{$keys:;} -} diff --git a/manifests/common/packages_config.pp b/manifests/common/packages_config.pp deleted file mode 100644 index 809f7dc1..00000000 --- a/manifests/common/packages_config.pp +++ /dev/null @@ -1,143 +0,0 @@ -# -# Copyright (C) 2013 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# APT configuration -# - -class os_packages_config { - - case $::osfamily { - 'Debian': { - class{'apt': - always_apt_update => false, - purge_sources_list => true, - purge_sources_list_d => true, - purge_preferences_d => true, - } - - # Ensure apt is configured before every package installation - Class['os_packages_config'] -> Package <| |> - - # configure apt periodic updates - apt::conf { 'periodic': - priority => '10', - content => "APT::Periodic::Update-Package-Lists 1;\nAPT::Periodic::Download-Upgradeable-Packages 1;\n"; - } - - - # OS specific repositories - case $::operatingsystem { - 'Debian': { - # Official Debian repositories - apt::source {'debian_main': - location => 'http://ftp2.fr.debian.org/debian/', - release => 'wheezy', - repos => 'main contrib non-free', - include_src => false, - } - - apt::source {'debian_backports': - location => 'http://ftp2.fr.debian.org/debian/', - release => 'wheezy-backports', - include_src => false, - } - - apt::source {'debian_security': - location => 'http://security.debian.org/', - release => 'wheezy/updates', - repos => 'main', - include_src => false, - } - - apt::source {'mariadb': - location => 'http://ftp.igh.cnrs.fr/pub/mariadb/repo/5.5/debian', - release => 'wheezy', - include_src => false, - key_server => 'keyserver.ubuntu.com', - key => '1BB943DB', - } - } # Debian - - 'Ubuntu': { - apt::source { 'ubuntu_precise': - location => 'http://fr.archive.ubuntu.com/ubuntu', - release => 'precise', - repos => 'main universe multiverse', - include_src => false - } - - apt::source { 'ubuntu_precise_update': - location => 'http://fr.archive.ubuntu.com/ubuntu', - release => 'precise-updates', - repos => 'main universe multiverse', - include_src => false - } - - apt::source { 'ubuntu_precise_security': - location => 'http://security.ubuntu.com/ubuntu', - release => 'precise-security', - repos => 'main universe multiverse', - include_src => false - } - - apt::source {'mariadb': - location => 'http://ftp.igh.cnrs.fr/pub/mariadb/repo/5.5/ubuntu', - release => 'precise', - include_src => false, - key_server => 'keyserver.ubuntu.com', - key => '1BB943DB', - } - } # Ubuntu - default: { - fail("Operating system (${::operatingsystem}) not supported yet" ) - } - } - - # Common packages for Debian / Ubuntu - case $::operatingsystem { - /^(Debian|Ubuntu)$/: { - # OpenStack / Ceph / Specific Backports - apt::source {'cloud.pkgs.enovance.com': - location => "[trusted=1 arch=amd64] http://cloud.pkgs.enovance.com/${::lsbdistcodename}-${os_params::os_release}", - release => $os_params::os_release, - include_src => false, - key_server => 'keyserver.ubuntu.com', - key => '5D964F0B', - } - - # # Specific to eNovance (SSH keys, etc) - # apt::source {'enovance': - # location => 'http://***REMOVED***@repo.enovance.com/apt/', - # release => 'squeeze', - # repos => 'main contrib non-free', - # key => '3A964515', - # key_source => 'http://***REMOVED***@repo.enovance.com/apt/key/enovance.gpg', - # include_src => true, - # } - } - default: { - fail("Operating system (${::operatingsystem}) not supported yet" ) - } - } - } # os family Debian - 'RedHat': { - notice("${::osfamily} (${::operatingsystem})") - } - default: { - err "${::osfamily} not supported yet" - } - } # Case $::osfamily - # We don't include Ceph here, since APT is managed by Ceph Puppet module -} diff --git a/manifests/common/system.pp b/manifests/common/system.pp deleted file mode 100644 index c31714a7..00000000 --- a/manifests/common/system.pp +++ /dev/null @@ -1,73 +0,0 @@ -# -# Copyright (C) 2013 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Operating System -# - -class os_common_system{ - -# motd - file - { - '/etc/motd': - ensure => file, - mode => '0644', - content => " -############################################################################ -# eNovance IT Operations # -############################################################################ -# # -# *** RESTRICTED ACCESS *** # -# Only the authorized users may access this system. # -# Any attempted unauthorized access or any action affecting the computer # -# system of eNovance is punishable under articles 323-1 to 323-7 of # -# French criminal law. # -# # -############################################################################ -This node is under the control of Puppet ${::puppetversion}. -"; - } - -# APT repositories - class{ 'os_packages_config': } - -# DNS - $datacenter = 'ci' - class{ 'resolver': - dcinfo => { ci => $os_params::dns_ips, }, - domainname => $os_params::site_domain, - searchpath => $os_params::site_domain, - } - -# NTP - class { 'ntp': } - -# SSH Keys - #FIXME - #if $::osfamily == 'Debian' { - # package { 'enovance-config-sshkeys-dev': - # ensure => 'installed' - # } - #} - -# Strong root password for all servers - user { 'root': - ensure => 'present', - gid => '0', - password => $os_params::root_password, - uid => '0', - } - -} diff --git a/manifests/init.pp b/manifests/init.pp index e69de29b..f39a2483 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -0,0 +1,64 @@ +# +# Copyright (C) 2013 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Class: privatecloud +# +# Installs the private cloud system requirements +# + +class privatecloud { + +# motd + file + { + '/etc/motd': + ensure => file, + mode => '0644', + content => " +############################################################################ +# eNovance IT Operations # +############################################################################ +# # +# *** RESTRICTED ACCESS *** # +# Only the authorized users may access this system. # +# Any attempted unauthorized access or any action affecting the computer # +# system of eNovance is punishable under articles 323-1 to 323-7 of # +# French criminal law. # +# # +############################################################################ +This node is under the control of Puppet ${::puppetversion}. +"; + } + +# DNS + $datacenter = 'ci' + class{ 'resolver': + dcinfo => { ci => $os_params::dns_ips, }, + domainname => $os_params::site_domain, + searchpath => $os_params::site_domain, + } + +# NTP + class { 'ntp': } + +# Strong root password for all servers + user { 'root': + ensure => 'present', + gid => '0', + password => $os_params::root_password, + uid => '0', + } + +} diff --git a/site.pp b/site.pp index c3638f08..c1bc574e 100644 --- a/site.pp +++ b/site.pp @@ -41,7 +41,7 @@ node common { class { 'os_params': } # Common system configuration - class { 'os_common_system': } + class { 'privatecloud': } }