#
REPO = git://git.sarava.org/puppet-bootstrap.git
+CWD = $(shell pwd)
all: clean remote modules
git remote add bootstrap $(REPO)
config:
- @echo "TODO: not implemented :("
+ FACTER_BOOTSTRAP_PATH="$(CWD)" puppet apply --hiera-config=hiera.yaml --modulepath=modules manifests/classes/configurator.pp
+
+apply:
+ FACTER_BOOTSTRAP_PATH="$(CWD)" puppet apply --hiera-config=hiera.yaml --modulepath=modules manifests/$(stage).pp
clean:
rm -rf modules
* Make `config` target:
* Moving from `config.pp` to hiera.
* Refactoring and `default_conf.pp`.
- * Configuration should be generated directly into the repository.
+++ /dev/null
-# This is an example auth.conf file, it mimics the puppetmasterd defaults
-#
-# The ACL are checked in order of appearance in this file.
-#
-# Supported syntax:
-# This file supports two different syntax depending on how
-# you want to express the ACL.
-#
-# Path syntax (the one used below):
-# ---------------------------------
-# path /path/to/resource
-# [environment envlist]
-# [method methodlist]
-# [auth[enthicated] {yes|no|on|off|any}]
-# allow [host|ip|*]
-# deny [host|ip]
-#
-# The path is matched as a prefix. That is /file match at
-# the same time /file_metadat and /file_content.
-#
-# Regex syntax:
-# -------------
-# This one is differenciated from the path one by a '~'
-#
-# path ~ regex
-# [environment envlist]
-# [method methodlist]
-# [auth[enthicated] {yes|no|on|off|any}]
-# allow [host|ip|*]
-# deny [host|ip]
-#
-# The regex syntax is the same as ruby ones.
-#
-# Ex:
-# path ~ .pp$
-# will match every resource ending in .pp (manifests files for instance)
-#
-# path ~ ^/path/to/resource
-# is essentially equivalent to path /path/to/resource
-#
-# environment:: restrict an ACL to a specific set of environments
-# method:: restrict an ACL to a specific set of methods
-# auth:: restrict an ACL to an authenticated or unauthenticated request
-# the default when unspecified is to restrict the ACL to authenticated requests
-# (ie exactly as if auth yes was present).
-#
-
-### Authenticated ACL - those applies only when the client
-### has a valid certificate and is thus authenticated
-
-# allow nodes to retrieve their own catalog (ie their configuration)
-path ~ ^/catalog/([^/]+)$
-method find
-allow $1
-
-# allow nodes to retrieve their own node definition
-path ~ ^/node/([^/]+)$
-method find
-allow $1
-
-# allow all nodes to access the certificates services
-path /certificate_revocation_list/ca
-method find
-allow *
-
-# allow all nodes to store their own reports
-path ~ ^/report/([^/]+)$
-method save
-allow $1
-
-# inconditionnally allow access to all files services
-# which means in practice that fileserver.conf will
-# still be used
-path /file
-allow *
-
-### Unauthenticated ACL, for clients for which the current master doesn't
-### have a valid certificate; we allow authenticated users, too, because
-### there isn't a great harm in letting that request through.
-
-# allow access to the master CA
-path /certificate/ca
-auth any
-method find
-allow *
-
-path /certificate/
-auth any
-method find
-allow *
-
-path /certificate_request
-auth any
-method find, save
-allow *
-
-# this one is not stricly necessary, but it has the merit
-# to show the default policy which is deny everything else
-path /
-auth any
+++ /dev/null
-# This file consists of arbitrarily named sections/modules
-# defining where files are served from and to whom
-
-# Define a section 'files'
-# Adapt the allow/deny settings to your needs. Order
-# for allow/deny does not matter, allow always takes precedence
-# over deny
-[files]
- path /etc/puppet/files
-# allow *.example.com
-# deny *.evil.example.com
-# allow 192.168.0.0/24
-
-#[plugins]
-# allow *.example.com
-# deny *.evil.example.com
-# allow 192.168.0.0/24
--- /dev/null
+#
+# Puppet Bootstrap Configuration Manifest
+#
+# This file is responsible to set custom configuration in the bootstrap
+# repository for values set in the hiera configuration.
+#
+# While this manifest can be run many times, it's useful mostly after you
+# cloned the puppet-boostrap module and want to configure it to boostrap a
+# whole puppetmaster infrastructure.
+#
+
+# Variables
+$templates = "$bootstrap_path/templates"
+
+# Puppet configuration
+file { "$bootstrap_path/puppet.conf":
+ ensure => present,
+ mode => 0644,
+ content => template("$templates/puppet/puppet.conf.erb"),
+}
+
+# Fileserver configuration
+file { "$bootstrap_path/fileserver.conf":
+ ensure => present,
+ mode => 0644,
+ content => template("$templates/puppet/fileserver.conf.erb"),
+}
+
+file { "$bootstrap_path/auth.conf":
+ ensure => present,
+ mode => 0644,
+ content => template("$templates/puppet/auth.conf.erb"),
+}
+
+## Basic nodes
+#file { "$bootstrap_path/manifests/nodes.pp":
+# ensure => present,
+# mode => 0644,
+# content => template("$templates/puppet/nodes.pp.erb"),
+#}
+#
+## Basic users
+#file { "$bootstrap_path/manifests/classes/users.pp":
+# ensure => present,
+# owner => "puppet",
+# group => "puppet",
+# mode => 0644,
+# require => [ Package["puppet"], File["$bootstrap_path/manifests/classes"] ],
+# content => template("$templates/puppet/users.pp.erb"),
+#}
+#
+## First host
+#file { "$bootstrap_path/manifests/nodes/$hostname.pp":
+# ensure => present,
+# mode => 0644,
+# content => template("$templates/puppet/server.pp.erb"),
+#}
+#
+## Master node
+#file { "$bootstrap_path/manifests/nodes/$hostname-master.pp":
+# ensure => present,
+# mode => 0644,
+# content => template("$templates/puppet/master.pp.erb"),
+#}
+#
+## Proxy node
+#file { "$bootstrap_path/manifests/nodes/$hostname-proxy.pp":
+# ensure => present,
+# mode => 0644,
+# content => template("$templates/puppet/proxy.pp.erb"),
+#}
+#
+## Web node
+#file { "$bootstrap_path/manifests/nodes/$hostname-web.pp":
+# ensure => present,
+# mode => 0644,
+# content => template("$templates/puppet/web.pp.erb"),
+#}
+#
+## Storage node
+#file { "$bootstrap_path/manifests/nodes/$hostname-storage.pp":
+# ensure => present,
+# mode => 0644,
+# content => template("$templates/puppet/storage.pp.erb"),
+#}
+#
+## Test node
+#file { "$bootstrap_path/manifests/nodes/$hostname-test.pp":
+# ensure => present,
+# mode => 0644,
+# content => template("$templates/puppet/test.pp.erb"),
+#}
+#
+## files in $bootstrap_path/files
+#file { [ "$bootstrap_path/files",
+# "$bootstrap_path/modules/site_nginx",
+# "$bootstrap_path/modules/site_nginx/files",
+# "$bootstrap_path/modules/site_nagios",
+# "$bootstrap_path/modules/site_nagios/files",
+# "$bootstrap_path/modules/site_postfix",
+# "$bootstrap_path/modules/site_postfix/files",
+# "$bootstrap_path/modules/site_mail",
+# "$bootstrap_path/modules/site_mail/files",
+# "$bootstrap_path/modules/site_apache",
+# "$bootstrap_path/modules/site_apache/files",
+# "$bootstrap_path/modules/site_apache/files/vhosts",
+# "$bootstrap_path/modules/site_apache/files/htdocs",
+# "$bootstrap_path/modules/site_apache/files/htdocs/images",
+# "$bootstrap_path/modules/site_keys",
+# "$bootstrap_path/modules/site_keys/files",
+# "$bootstrap_path/modules/site_keys/files/ssl", ]:
+# ensure => directory,
+# owner => "puppet",
+# group => "puppet",
+# mode => 0755,
+#}
+#
+#file { "$bootstrap_path/files/empty":
+# ensure => present,
+# owner => "puppet",
+# group => "puppet",
+# mode => 0644,
+# require => [ Package["puppet"], File["$bootstrap_path/files"] ],
+#}
+#
+#file { "$bootstrap_path/modules/site-apache/htdocs/images/README.html":
+# ensure => present,
+# owner => "puppet",
+# group => "puppet",
+# mode => 0644,
+# require => [ Package["puppet"], File["$bootstrap_path/modules/site-apache/files/htdocs/images"] ],
+# content => template("$templates/apache/htdocs/images/README.html.erb"),
+#}
+#
+#file { "$bootstrap_path/modules/site-apache/files/htdocs/index.html":
+# ensure => present,
+# owner => "puppet",
+# group => "puppet",
+# mode => 0644,
+# require => [ Package["puppet"], File["$bootstrap_path/modules/site-apache/files/htdocs"] ],
+# content => template("$templates/apache/htdocs/index.html.erb"),
+#}
+#
+#file { "$bootstrap_path/modules/site-apache/files/htdocs/missing.html":
+# ensure => present,
+# owner => "puppet",
+# group => "puppet",
+# mode => 0644,
+# require => [ Package["puppet"], File["$bootstrap_path/modules/site-apache/files/htdocs"] ],
+# content => template("$templates/apache/htdocs/missing.html.erb"),
+#}
+#
+#file { "$bootstrap_path/modules/site-apache/files/vhosts/git":
+# ensure => present,
+# owner => "puppet",
+# group => "puppet",
+# mode => 0644,
+# require => [ Package["puppet"], File["$bootstrap_path/modules/site-apache/files/vhosts"] ],
+# content => template("$templates/apache/vhosts/git.erb"),
+#}
+#
+#file { "$bootstrap_path/modules/site-apache/files/vhosts/lists":
+# ensure => present,
+# owner => "puppet",
+# group => "puppet",
+# mode => 0644,
+# require => [ Package["puppet"], File["$bootstrap_path/modules/site-apache/files/vhosts"] ],
+# content => template("$templates/apache/vhosts/lists.erb"),
+#}
+#
+#file { "$bootstrap_path/modules/site-apache/files/vhosts/mail":
+# ensure => present,
+# owner => "puppet",
+# group => "puppet",
+# mode => 0644,
+# require => [ Package["puppet"], File["$bootstrap_path/modules/site-apache/files/vhosts"] ],
+# content => template("$templates/apache/vhosts/mail.erb"),
+#}
+#
+#file { "$bootstrap_path/modules/site-apache/files/vhosts/nagios":
+# ensure => present,
+# owner => "puppet",
+# group => "puppet",
+# mode => 0644,
+# require => [ Package["puppet"], File["$bootstrap_path/modules/site-apache/files/vhosts"] ],
+# content => template("$templates/apache/vhosts/nagios.erb"),
+#}
+#
+#file { "$bootstrap_path/modules/site-apache/files/vhosts/wiki":
+# ensure => present,
+# owner => "puppet",
+# group => "puppet",
+# mode => 0644,
+# require => [ Package["puppet"], File["$bootstrap_path/modules/site-apache/files/vhosts"] ],
+# content => template("$templates/apache/vhosts/wiki.erb"),
+#}
+#
+#file { "$bootstrap_path/modules/site-mail/files/aliases":
+# ensure => present,
+# owner => "puppet",
+# group => "puppet",
+# mode => 0644,
+# require => [ Package["puppet"], File["$bootstrap_path/modules/site-mail/files"] ],
+# content => template("$templates/etc/aliases.erb"),
+#}
+#
+#file { "$bootstrap_path/modules/site-nagios/files/htpasswd.users":
+# ensure => present,
+# owner => "puppet",
+# group => "puppet",
+# mode => 0644,
+# require => [ Package["puppet"], File["$bootstrap_path/modules/site-nagios/files"] ],
+# content => template("$templates/etc/nagios3/htpasswd.users.erb"),
+#}
+#
+#file { "$bootstrap_path/modules/site-nginx/files/$domain":
+# ensure => present,
+# owner => "puppet",
+# group => "puppet",
+# mode => 0644,
+# require => [ Package["puppet"], File["$bootstrap_path/modules/site-nginx/files"] ],
+# content => template("$templates/etc/nginx/domain.erb"),
+#}
+#
+#file { "$bootstrap_path/modules/site-postfix/files/tls_policy":
+# ensure => present,
+# owner => "puppet",
+# group => "puppet",
+# mode => 0644,
+# require => [ Package["puppet"], File["$bootstrap_path/modules/site-postfix/files"] ],
+# content => template("$templates/postfix/tls_policy.erb"),
+#}
+++ /dev/null
-class default_conf {
-
- $templates_dir = "$puppet_bootstrap_tmpdir/templates"
- $default_puppet_conf_dir = "$puppet_dir/default-conf"
-
- # directories
- file { ["$puppet_dir", "$default_puppet_conf_dir"]:
- ensure => directory,
- owner => "puppet",
- group => "puppet",
- mode => 0755,
- require => Package["puppet"],
- }
-
- file { [ "$default_puppet_conf_dir/files",
- "$default_puppet_conf_dir/manifests",
- "$default_puppet_conf_dir/modules",
- "$default_puppet_conf_dir/manifests/classes",
- "$default_puppet_conf_dir/manifests/nodes" ]:
- ensure => directory,
- owner => "puppet",
- group => "puppet",
- mode => 0755,
- require => File["$default_puppet_conf_dir"],
- }
-
- # files in $default_puppet_conf_dir
- file { "$default_puppet_conf_dir/puppet.conf":
- ensure => present,
- owner => "puppet",
- group => "puppet",
- mode => 0644,
- require => Package["puppet"],
- content => template("$templates_dir/puppet/puppet.conf.erb"),
- }
-
- file { "$default_puppet_conf_dir/fileserver.conf":
- ensure => present,
- owner => "puppet",
- group => "puppet",
- mode => 0644,
- require => Package["puppet"],
- content => template("$templates_dir/puppet/fileserver.conf.erb"),
- }
-
- file { "$default_puppet_conf_dir/auth.conf":
- ensure => present,
- owner => "puppet",
- group => "puppet",
- mode => 0644,
- require => Package["puppet"],
- content => template("$templates_dir/puppet/auth.conf.erb"),
- }
-
- # files in $default_puppet_conf_dir/manifests
- file { "$default_puppet_conf_dir/manifests/site.pp":
- ensure => present,
- owner => "puppet",
- group => "puppet",
- mode => 0644,
- require => [ Package["puppet"], File["$default_puppet_conf_dir/manifests"] ],
- content => template("$templates_dir/puppet/site.pp.erb"),
- }
-
- file { "$default_puppet_conf_dir/manifests/modules.pp":
- ensure => present,
- owner => "puppet",
- group => "puppet",
- mode => 0644,
- require => [ Package["puppet"], File["$default_puppet_conf_dir/manifests"] ],
- content => template("$templates_dir/puppet/modules.pp.erb"),
- }
-
- file { "$default_puppet_conf_dir/manifests/nodes.pp":
- ensure => present,
- owner => "puppet",
- group => "puppet",
- mode => 0644,
- require => [ Package["puppet"], File["$default_puppet_conf_dir/manifests"] ],
- content => template("$templates_dir/puppet/nodes.pp.erb"),
- }
-
- # files in $default_puppet_conf_dir/manifests/classes
- file { "$default_puppet_conf_dir/manifests/classes/websites.pp":
- ensure => present,
- owner => "puppet",
- group => "puppet",
- mode => 0644,
- require => [ Package["puppet"], File["$default_puppet_conf_dir/manifests/classes"] ],
- content => template("$templates_dir/puppet/websites.pp.erb"),
- }
-
- file { "$default_puppet_conf_dir/manifests/classes/users.pp":
- ensure => present,
- owner => "puppet",
- group => "puppet",
- mode => 0644,
- require => [ Package["puppet"], File["$default_puppet_conf_dir/manifests/classes"] ],
- content => template("$templates_dir/puppet/users.pp.erb"),
- }
-
- # files in $default_puppet_conf_dir/manifests/nodes
- file { "$default_puppet_conf_dir/manifests/nodes/$hostname.pp":
- ensure => present,
- owner => "puppet",
- group => "puppet",
- mode => 0644,
- require => [ Package["puppet"], File["$default_puppet_conf_dir/manifests/nodes"] ],
- content => template("$templates_dir/puppet/server.pp.erb"),
- }
-
- file { "$default_puppet_conf_dir/manifests/nodes/$hostname-master.pp":
- ensure => present,
- owner => "puppet",
- group => "puppet",
- mode => 0644,
- require => [ Package["puppet"], File["$default_puppet_conf_dir/manifests/nodes"] ],
- content => template("$templates_dir/puppet/master.pp.erb"),
- }
-
- file { "$default_puppet_conf_dir/manifests/nodes/$hostname-proxy.pp":
- ensure => present,
- owner => "puppet",
- group => "puppet",
- mode => 0644,
- require => [ Package["puppet"], File["$default_puppet_conf_dir/manifests/nodes"] ],
- content => template("$templates_dir/puppet/proxy.pp.erb"),
- }
-
- file { "$default_puppet_conf_dir/manifests/nodes/$hostname-web.pp":
- ensure => present,
- owner => "puppet",
- group => "puppet",
- mode => 0644,
- require => [ Package["puppet"], File["$default_puppet_conf_dir/manifests/nodes"] ],
- content => template("$templates_dir/puppet/web.pp.erb"),
- }
-
- file { "$default_puppet_conf_dir/manifests/nodes/$hostname-storage.pp":
- ensure => present,
- owner => "puppet",
- group => "puppet",
- mode => 0644,
- require => [ Package["puppet"], File["$default_puppet_conf_dir/manifests/nodes"] ],
- content => template("$templates_dir/puppet/storage.pp.erb"),
- }
-
- file { "$default_puppet_conf_dir/manifests/nodes/$hostname-test.pp":
- ensure => present,
- owner => "puppet",
- group => "puppet",
- mode => 0644,
- require => [ Package["puppet"], File["$default_puppet_conf_dir/manifests/nodes"] ],
- content => template("$templates_dir/puppet/test.pp.erb"),
- }
-
- # files in $default_puppet_conf_dir/files
- file { [ "$default_puppet_conf_dir/files",
- "$default_puppet_conf_dir/modules/site_nginx",
- "$default_puppet_conf_dir/modules/site_nginx/files",
- "$default_puppet_conf_dir/modules/site_nagios",
- "$default_puppet_conf_dir/modules/site_nagios/files",
- "$default_puppet_conf_dir/modules/site_postfix",
- "$default_puppet_conf_dir/modules/site_postfix/files",
- "$default_puppet_conf_dir/modules/site_mail",
- "$default_puppet_conf_dir/modules/site_mail/files",
- "$default_puppet_conf_dir/modules/site_apache",
- "$default_puppet_conf_dir/modules/site_apache/files",
- "$default_puppet_conf_dir/modules/site_apache/files/vhosts",
- "$default_puppet_conf_dir/modules/site_apache/files/htdocs",
- "$default_puppet_conf_dir/modules/site_apache/files/htdocs/images",
- "$default_puppet_conf_dir/modules/site_keys",
- "$default_puppet_conf_dir/modules/site_keys/files",
- "$default_puppet_conf_dir/modules/site_keys/files/ssl", ]:
- ensure => directory,
- owner => "puppet",
- group => "puppet",
- mode => 0755,
- }
-
- file { "$default_puppet_conf_dir/files/empty":
- ensure => present,
- owner => "puppet",
- group => "puppet",
- mode => 0644,
- require => [ Package["puppet"], File["$default_puppet_conf_dir/files"] ],
- }
-
- file { "$default_puppet_conf_dir/modules/site-apache/htdocs/images/README.html":
- ensure => present,
- owner => "puppet",
- group => "puppet",
- mode => 0644,
- require => [ Package["puppet"], File["$default_puppet_conf_dir/modules/site-apache/files/htdocs/images"] ],
- content => template("$templates_dir/apache/htdocs/images/README.html.erb"),
- }
-
- file { "$default_puppet_conf_dir/modules/site-apache/files/htdocs/index.html":
- ensure => present,
- owner => "puppet",
- group => "puppet",
- mode => 0644,
- require => [ Package["puppet"], File["$default_puppet_conf_dir/modules/site-apache/files/htdocs"] ],
- content => template("$templates_dir/apache/htdocs/index.html.erb"),
- }
-
- file { "$default_puppet_conf_dir/modules/site-apache/files/htdocs/missing.html":
- ensure => present,
- owner => "puppet",
- group => "puppet",
- mode => 0644,
- require => [ Package["puppet"], File["$default_puppet_conf_dir/modules/site-apache/files/htdocs"] ],
- content => template("$templates_dir/apache/htdocs/missing.html.erb"),
- }
-
- file { "$default_puppet_conf_dir/modules/site-apache/files/vhosts/git":
- ensure => present,
- owner => "puppet",
- group => "puppet",
- mode => 0644,
- require => [ Package["puppet"], File["$default_puppet_conf_dir/modules/site-apache/files/vhosts"] ],
- content => template("$templates_dir/apache/vhosts/git.erb"),
- }
-
- file { "$default_puppet_conf_dir/modules/site-apache/files/vhosts/lists":
- ensure => present,
- owner => "puppet",
- group => "puppet",
- mode => 0644,
- require => [ Package["puppet"], File["$default_puppet_conf_dir/modules/site-apache/files/vhosts"] ],
- content => template("$templates_dir/apache/vhosts/lists.erb"),
- }
-
- file { "$default_puppet_conf_dir/modules/site-apache/files/vhosts/mail":
- ensure => present,
- owner => "puppet",
- group => "puppet",
- mode => 0644,
- require => [ Package["puppet"], File["$default_puppet_conf_dir/modules/site-apache/files/vhosts"] ],
- content => template("$templates_dir/apache/vhosts/mail.erb"),
- }
-
- file { "$default_puppet_conf_dir/modules/site-apache/files/vhosts/nagios":
- ensure => present,
- owner => "puppet",
- group => "puppet",
- mode => 0644,
- require => [ Package["puppet"], File["$default_puppet_conf_dir/modules/site-apache/files/vhosts"] ],
- content => template("$templates_dir/apache/vhosts/nagios.erb"),
- }
-
- file { "$default_puppet_conf_dir/modules/site-apache/files/vhosts/wiki":
- ensure => present,
- owner => "puppet",
- group => "puppet",
- mode => 0644,
- require => [ Package["puppet"], File["$default_puppet_conf_dir/modules/site-apache/files/vhosts"] ],
- content => template("$templates_dir/apache/vhosts/wiki.erb"),
- }
-
- file { "$default_puppet_conf_dir/modules/site-mail/files/aliases":
- ensure => present,
- owner => "puppet",
- group => "puppet",
- mode => 0644,
- require => [ Package["puppet"], File["$default_puppet_conf_dir/modules/site-mail/files"] ],
- content => template("$templates_dir/etc/aliases.erb"),
- }
-
- file { "$default_puppet_conf_dir/modules/site-nagios/files/htpasswd.users":
- ensure => present,
- owner => "puppet",
- group => "puppet",
- mode => 0644,
- require => [ Package["puppet"], File["$default_puppet_conf_dir/modules/site-nagios/files"] ],
- content => template("$templates_dir/etc/nagios3/htpasswd.users.erb"),
- }
-
- file { "$default_puppet_conf_dir/modules/site-nginx/files/$domain":
- ensure => present,
- owner => "puppet",
- group => "puppet",
- mode => 0644,
- require => [ Package["puppet"], File["$default_puppet_conf_dir/modules/site-nginx/files"] ],
- content => template("$templates_dir/etc/nginx/domain.erb"),
- }
-
- file { "$default_puppet_conf_dir/modules/site-postfix/files/tls_policy":
- ensure => present,
- owner => "puppet",
- group => "puppet",
- mode => 0644,
- require => [ Package["puppet"], File["$default_puppet_conf_dir/modules/site-postfix/files"] ],
- content => template("$templates_dir/postfix/tls_policy.erb"),
- }
-}
+++ /dev/null
-[main]
-logdir = /var/log/puppet
-vardir = /var/lib/puppetmaster
-ssldir = $vardir/ssl
-rundir = /var/run/puppet
-factpath = $vardir/lib/facter
-pluginsync = true
-
-[master]
-templatedir = $vardir/templates
-masterport = 8140
-autosign = false
-storeconfigs = true
-dbadapter = mysql
-dbserver = localhost
-dbuser = puppet
-dbpassword = CHANGEME!
-ssl_client_header = SSL_CLIENT_S_DN
-ssl_client_verify_header = SSL_CLIENT_VERIFY
-
-[agent]
-server = puppet
-vardir = /var/lib/puppet
-ssldir = $vardir/ssl
-runinterval = 7200
-puppetport = 8139
# (ie exactly as if auth yes was present).
#
-### Authenticated ACL - those applies only when the client
-### has a valid certificate and is thus authenticated
+# Allow authenticated nodes to retrieve their own catalogs:
-# allow nodes to retrieve their own catalog (ie their configuration)
path ~ ^/catalog/([^/]+)$
method find
allow $1
-# allow all nodes to access the certificates services
+# allow nodes to retrieve their own node definition
+
+path ~ ^/node/([^/]+)$
+method find
+allow $1
+
+# Allow authenticated nodes to access any file services --- in practice, this results in fileserver.conf being consulted:
+
+path /file
+allow *
+
+# Allow authenticated nodes to access the certificate revocation list:
+
path /certificate_revocation_list/ca
method find
allow *
-# allow all nodes to store their reports
+# Allow authenticated nodes to send reports:
+
path /report
method save
allow *
-# inconditionnally allow access to all files services
-# which means in practice that fileserver.conf will
-# still be used
-path /file
-allow *
+# Allow unauthenticated access to certificates:
-### Unauthenticated ACL, for clients for which the current master doesn't
-### have a valid certificate
-
-# allow access to the master CA
path /certificate/ca
auth no
method find
method find
allow *
+# Allow unauthenticated nodes to submit certificate signing requests:
+
path /certificate_request
auth no
method find, save
allow *
-# this one is not stricly necessary, but it has the merit
-# to show the default policy which is deny everything else
+# Deny all other requests:
+
path /
auth any
-# top-level
+# This file consists of arbitrarily named sections/modules
+# defining where files are served from and to whom
+
+# Files
[files]
path /etc/puppet/files
- allow *.<%= domain %>
-
-[keys]
- path /etc/puppet/files/keys
- allow *.<%= domain %>
-
-# modules
-[common]
- path /etc/puppet/modules/common/files
- allow *.<%= domain %>
-
-[puppet]
- path /etc/puppet/modules/puppet/files
- allow *.<%= domain %>
+ allow *.<%= base_domain %>
+++ /dev/null
-#
-# Module definitions.
-#
-
-# Nodo automatically import all modules we need.
-import "nodo"
[main]
-rundir = /var/run/puppet
-logdir = /var/log/puppet
-vardir = /var/lib/puppetmaster
-ssldir = $vardir/ssl
-factpath = $vardir/lib/facter
-pluginsync = true
+logdir = /var/log/puppet
+vardir = /var/lib/puppetmaster
+ssldir = $vardir/ssl
+rundir = /var/run/puppet
+factpath = $vardir/lib/facter
+pluginsync = true
[master]
-vardir = /var/lib/puppet
-templatedir = $vardir/templates
-autosign = false
-certname = puppet.<%= domain%>
-#storeconfigs = true
-#dbadapter = mysql
-#dbserver = localhost
-#dbuser = puppet
-#dbpassword =
-#dbconnections = 15
-
-# Needed by mongrel
-ssl_client_header = HTTP_X_SSL_SUBJECT
+templatedir = $vardir/templates
+masterport = 8140
+autosign = false
+storeconfigs = true
+dbadapter = mysql
+dbserver = localhost
+dbuser = puppet
+dbpassword = <%= storeconfigs_pw %>
+dbconnections = 15
+certname = puppet.<%= base_domain %>
+ssl_client_header = SSL_CLIENT_S_DN
+ssl_client_verify_header = SSL_CLIENT_VERIFY
[agent]
-server = puppet.<%= domain%>
-vardir = /var/lib/puppet
-ssldir = $vardir/ssl
-runinterval = 1800
-puppetport = 8139
+server = puppet.<%= base_domain %>
+vardir = /var/lib/puppet
+ssldir = $vardir/ssl
+runinterval = 7200
+puppetport = 8139
+configtimeout = 300
+++ /dev/null
-#
-# Puppet site configuration.
-#
-
-import "classes/users.pp"
-import "classes/websites.pp"
-import "modules.pp"
-import "nodes.pp"
projects / puppet-bootstrap.git / commitdiff