puppet-ff_gw/manifests/sysadmin.pp

139 lines
3.2 KiB
ObjectPascal
Raw Normal View History

2014-03-31 23:18:29 +02:00
# kitchen sink class for various small settings
2014-05-04 23:38:58 +02:00
class ff_gw::sysadmin($zabbixserver = '127.0.0.1', $muninserver = '127.0.0.1', $accounts = {}) {
2014-03-31 23:18:29 +02:00
# use Hiera as a Puppet data source
file {
'/etc/puppet/hiera.yaml':
# content from git repo, not from puppet
ensure => file;
'/etc/hiera.yaml':
ensure => link,
target => '/etc/puppet/hiera.yaml';
}
# use backports repo
apt::source { 'wheezy-backports':
location => 'http://ftp.de.debian.org/debian/',
release => 'wheezy-backports',
repos => 'main',
}
# some more packages
package {
['vim-nox', 'git', 'etckeeper', 'pv', 'curl', 'atop',
'screen', 'tcpdump', 'rsync', 'file']:
ensure => installed,
}
2014-05-04 23:38:58 +02:00
# user accounts
create_resources('account', $accounts)
2014-03-31 23:18:29 +02:00
# Sudo
include sudo
sudo::conf { 'admins':
priority => 10,
content => '%sudo ALL=(ALL) NOPASSWD: ALL',
}
# sshd
augeas { 'harden_sshd':
context => '/files/etc/ssh/sshd_config',
changes => [
'set PermitRootLogin no',
'set PasswordAuthentication no',
'set PubkeyAuthentication yes'
],
}
~>
service { 'ssh':
ensure => running,
enable => true,
}
# zabbix
apt::source { 'zabbix':
location => 'http://repo.zabbix.com/zabbix/2.2/debian',
release => 'wheezy',
repos => 'main',
key => '79EA5ED4',
key_server => 'pgpkeys.mit.edu',
}
->
package { 'zabbix-agent':
ensure => latest;
}
->
file { '/etc/zabbix/zabbix_agentd.d/argos_monitoring.conf':
ensure => file,
content => "# managed by puppet
2014-05-04 23:18:42 +02:00
Server=${zabbixserver}
ServerActive=${zabbixserver}
2014-03-31 23:18:29 +02:00
HostnameItem=${::hostname}
";
}
~>
service { 'zabbix-agent':
ensure => running,
enable => true,
}
# munin
package {
[ 'munin-node', 'vnstat' ]:
ensure => installed,
}
->
file {
'/etc/munin/munin-node.conf':
ensure => file,
# mostly Debin pkg default
content => inline_template('# managed by puppet
log_level 4
log_file /var/log/munin/munin-node.log
pid_file /var/run/munin/munin-node.pid
background 1
setsid 1
user root
group root
# Regexps for files to ignore
ignore_file [\#~]$
ignore_file DEADJOE$
ignore_file \.bak$
ignore_file %$
ignore_file \.dpkg-(tmp|new|old|dist)$
ignore_file \.rpm(save|new)$
ignore_file \.pod$
port 4949
host_name <%= @fqdn %>
2014-05-04 23:18:42 +02:00
cidr_allow <%= @muninserver %>/32
2014-03-31 23:18:29 +02:00
host <%= @ipaddress_eth0 %>
');
'/usr/share/munin/plugins/vnstat_':
ensure => file,
mode => '0755',
source => 'puppet:///modules/ff_gw/usr/share/munin/plugins/vnstat_';
'/etc/munin/plugins/vnstat_eth0_monthly_rxtx':
ensure => link,
target => '/usr/share/munin/plugins/vnstat_';
'/usr/share/munin/plugins/udp-statistics':
ensure => file,
mode => '0755',
source => 'puppet:///modules/ff_gw/usr/share/munin/plugins/udp-statistics';
'/etc/munin/plugins/udp-statistics':
ensure => link,
target => '/usr/share/munin/plugins/udp-statistics';
# TODO: delete not needed plugins
'/etc/munin/plugin-conf.d/vnstat':
ensure => file,
content => '[vnstat_eth0_monthly_rxtx]
env.estimate 1';
}
~>
service { 'munin-node':
ensure => running,
enable => true;
}
}