split ff_gw::sysadmin class

This commit is contained in:
Martin Schuette 2014-07-01 18:33:46 +02:00
parent ba5030ffce
commit b412e55cfa
3 changed files with 177 additions and 165 deletions

View file

@ -1,6 +1,5 @@
# kitchen sink class for various small settings
class ff_gw::sysadmin($zabbixserver = '127.0.0.1', $muninserver = '127.0.0.1', $sethostname = false, $setip = false, $accounts = {}) {
# first of all: fix my hostname
if $sethostname and $setip {
# set system hostname
@ -11,48 +10,7 @@ class ff_gw::sysadmin($zabbixserver = '127.0.0.1', $muninserver = '127.0.0.1', $
}
# next important thing: set up apt repositories
#
class { '::apt':
always_apt_update => true
}
# use backports repo
apt::source { 'wheezy-backports':
location => 'http://ftp.de.debian.org/debian/',
release => 'wheezy-backports',
repos => 'main',
}
# batman repo
apt::source { 'universe-factory':
location => 'http://repo.universe-factory.net/debian/',
release => 'sid',
repos => 'main',
key => '16EF3F64CB201D9C',
key_server => 'pool.sks-keyservers.net',
}
# bird repo // TODO: no PGP key
apt::source { 'bird-network':
location => 'http://bird.network.cz/debian/',
release => 'wheezy',
repos => 'main',
}
# then install some basic packages
package {
['vim-nox', 'git', 'etckeeper', 'pv', 'curl', 'atop',
'screen', 'tcpdump', 'rsync', 'file', 'psmisc', 'ntpdate']:
ensure => installed,
}
->
# remove atop cronjob
file { '/etc/cron.d/atop':
ensure => absent,
}
->
# stop atop daemon (cf. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506191)
service { 'atop':
ensure => stopped,
enable => false,
}
class { 'ff_gw::sysadmin::software': }
cron {
'ntpdate-debian':
@ -85,129 +43,11 @@ class ff_gw::sysadmin($zabbixserver = '127.0.0.1', $muninserver = '127.0.0.1', $
enable => true,
}
# zabbix
apt::source { 'zabbix':
location => 'http://repo.zabbix.com/zabbix/2.2/debian',
release => 'wheezy',
repos => 'main',
key => '79EA5ED4',
key_server => 'pgpkeys.mit.edu',
class { 'ff_gw::sysadmin::zabbix':
zabbixserver => $zabbixserver,
}
->
package { 'zabbix-agent':
ensure => latest;
}
->
file { '/etc/zabbix/zabbix_agentd.d/argos_monitoring.conf':
ensure => file,
content => "# managed by puppet
Server=${zabbixserver}
ServerActive=${zabbixserver}
HostnameItem=${::hostname}
";
}
~>
service { 'zabbix-agent':
ensure => running,
enable => true,
}
# munin
package {
[ 'munin-node', 'vnstat', 'bc' ]:
ensure => installed,
}
->
file {
'/etc/munin/munin-node.conf':
ensure => file,
# mostly Debin pkg default
content => inline_template('# managed by puppet
log_level 4
log_file /var/log/munin/munin-node.log
pid_file /var/run/munin/munin-node.pid
background 1
setsid 1
user root
group root
# Regexps for files to ignore
ignore_file [\#~]$
ignore_file DEADJOE$
ignore_file \.bak$
ignore_file %$
ignore_file \.dpkg-(tmp|new|old|dist)$
ignore_file \.rpm(save|new)$
ignore_file \.pod$
port 4949
host_name <%= @fqdn %>
cidr_allow <%= @muninserver %>/32
host <%= @ipaddress_eth0 %>
');
'/usr/share/munin/plugins/vnstat_':
ensure => file,
mode => '0755',
source => 'puppet:///modules/ff_gw/usr/share/munin/plugins/vnstat_';
'/etc/munin/plugins/vnstat_eth0_monthly_rxtx':
ensure => link,
target => '/usr/share/munin/plugins/vnstat_';
'/usr/share/munin/plugins/udp-statistics':
ensure => file,
mode => '0755',
source => 'puppet:///modules/ff_gw/usr/share/munin/plugins/udp-statistics';
'/etc/munin/plugins/udp-statistics':
ensure => link,
target => '/usr/share/munin/plugins/udp-statistics';
'/usr/share/munin/plugins/dhcp-pool':
ensure => file,
mode => '0755',
source => 'puppet:///modules/ff_gw/usr/share/munin/plugins/dhcp-pool';
'/etc/munin/plugins/dhcp-pool':
ensure => link,
target => '/usr/share/munin/plugins/dhcp-pool';
'/etc/munin/plugin-conf.d/dhcp-pool':
ensure => file,
content => '[dhcp-pool]
env.leasefile /var/lib/dhcp/dhcpd.leases
env.conffile /etc/dhcp/dhcpd.conf';
'/etc/munin/plugins/if_mullvad':
ensure => link,
target => '/usr/share/munin/plugins/if_';
'/etc/munin/plugins/if_err_mullvad':
ensure => link,
target => '/usr/share/munin/plugins/if_err_';
'/etc/munin/plugins/if_bat0':
ensure => link,
target => '/usr/share/munin/plugins/if_';
'/etc/munin/plugins/if_err_bat0':
ensure => link,
target => '/usr/share/munin/plugins/if_err_';
'/etc/munin/plugins/if_br-ffhh':
ensure => link,
target => '/usr/share/munin/plugins/if_';
'/etc/munin/plugins/if_err_br-ffhh':
ensure => link,
target => '/usr/share/munin/plugins/if_err_';
'/etc/munin/plugins/if_ffhh-mesh-vpn':
ensure => link,
target => '/usr/share/munin/plugins/if_';
'/etc/munin/plugins/if_err_ffhh-mesh-vpn':
ensure => link,
target => '/usr/share/munin/plugins/if_err_';
# TODO: delete not needed plugins
'/etc/munin/plugin-conf.d/vnstat':
ensure => file,
content => '[vnstat_eth0_monthly_rxtx]
env.estimate 1';
}
~>
service { 'munin-node':
ensure => running,
enable => true;
class { 'ff_gw::sysadmin::munin':
muninserver => $muninserver,
}
}
@ -256,3 +96,48 @@ class ff_gw::sysadmin::hostname($newname, $newip) {
refreshonly => true,
}
}
# everything related to apt-repos and default tools
class ff_gw::sysadmin::software() {
class { '::apt':
always_apt_update => true
}
# use backports repo
apt::source { 'wheezy-backports':
location => 'http://ftp.de.debian.org/debian/',
release => 'wheezy-backports',
repos => 'main',
}
# batman repo
apt::source { 'universe-factory':
location => 'http://repo.universe-factory.net/debian/',
release => 'sid',
repos => 'main',
key => '16EF3F64CB201D9C',
key_server => 'pool.sks-keyservers.net',
}
# bird repo // TODO: no PGP key
apt::source { 'bird-network':
location => 'http://bird.network.cz/debian/',
release => 'wheezy',
repos => 'main',
}
# then install some basic packages
package {
['vim-nox', 'git', 'etckeeper', 'pv', 'curl', 'atop',
'screen', 'tcpdump', 'rsync', 'file', 'psmisc', 'ntpdate']:
ensure => installed,
}
->
# remove atop cronjob
file { '/etc/cron.d/atop':
ensure => absent,
}
->
# stop atop daemon (cf. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506191)
service { 'atop':
ensure => stopped,
enable => false,
}
}

View file

@ -0,0 +1,99 @@
# munin config
class ff_gw::sysadmin::munin($muninserver) {
package {
[ 'munin-node', 'vnstat', 'bc' ]:
ensure => installed,
}
->
file {
'/etc/munin/munin-node.conf':
ensure => file,
# mostly Debin pkg default
content => inline_template('# managed by puppet
log_level 4
log_file /var/log/munin/munin-node.log
pid_file /var/run/munin/munin-node.pid
background 1
setsid 1
user root
group root
# Regexps for files to ignore
ignore_file [\#~]$
ignore_file DEADJOE$
ignore_file \.bak$
ignore_file %$
ignore_file \.dpkg-(tmp|new|old|dist)$
ignore_file \.rpm(save|new)$
ignore_file \.pod$
port 4949
host_name <%= @fqdn %>
cidr_allow <%= @muninserver %>/32
host <%= @ipaddress_eth0 %>
');
'/usr/share/munin/plugins/vnstat_':
ensure => file,
mode => '0755',
source => 'puppet:///modules/ff_gw/usr/share/munin/plugins/vnstat_';
'/etc/munin/plugins/vnstat_eth0_monthly_rxtx':
ensure => link,
target => '/usr/share/munin/plugins/vnstat_';
'/usr/share/munin/plugins/udp-statistics':
ensure => file,
mode => '0755',
source => 'puppet:///modules/ff_gw/usr/share/munin/plugins/udp-statistics';
'/etc/munin/plugins/udp-statistics':
ensure => link,
target => '/usr/share/munin/plugins/udp-statistics';
'/usr/share/munin/plugins/dhcp-pool':
ensure => file,
mode => '0755',
source => 'puppet:///modules/ff_gw/usr/share/munin/plugins/dhcp-pool';
'/etc/munin/plugins/dhcp-pool':
ensure => link,
target => '/usr/share/munin/plugins/dhcp-pool';
'/etc/munin/plugin-conf.d/dhcp-pool':
ensure => file,
content => '[dhcp-pool]
env.leasefile /var/lib/dhcp/dhcpd.leases
env.conffile /etc/dhcp/dhcpd.conf';
'/etc/munin/plugins/if_mullvad':
ensure => link,
target => '/usr/share/munin/plugins/if_';
'/etc/munin/plugins/if_err_mullvad':
ensure => link,
target => '/usr/share/munin/plugins/if_err_';
'/etc/munin/plugins/if_bat0':
ensure => link,
target => '/usr/share/munin/plugins/if_';
'/etc/munin/plugins/if_err_bat0':
ensure => link,
target => '/usr/share/munin/plugins/if_err_';
'/etc/munin/plugins/if_br-ffhh':
ensure => link,
target => '/usr/share/munin/plugins/if_';
'/etc/munin/plugins/if_err_br-ffhh':
ensure => link,
target => '/usr/share/munin/plugins/if_err_';
'/etc/munin/plugins/if_ffhh-mesh-vpn':
ensure => link,
target => '/usr/share/munin/plugins/if_';
'/etc/munin/plugins/if_err_ffhh-mesh-vpn':
ensure => link,
target => '/usr/share/munin/plugins/if_err_';
# TODO: delete not needed plugins
'/etc/munin/plugin-conf.d/vnstat':
ensure => file,
content => '[vnstat_eth0_monthly_rxtx]
env.estimate 1';
}
~>
service { 'munin-node':
ensure => running,
enable => true;
}
}

View file

@ -0,0 +1,28 @@
# zabbix agent config
class ff_gw::sysadmin::zabbix($zabbixserver) {
apt::source { 'zabbix':
location => 'http://repo.zabbix.com/zabbix/2.2/debian',
release => 'wheezy',
repos => 'main',
key => '79EA5ED4',
key_server => 'pgpkeys.mit.edu',
}
->
package { 'zabbix-agent':
ensure => latest;
}
->
file { '/etc/zabbix/zabbix_agentd.d/argos_monitoring.conf':
ensure => file,
content => "# managed by puppet
Server=${zabbixserver}
ServerActive=${zabbixserver}
HostnameItem=${::hostname}
";
}
~>
service { 'zabbix-agent':
ensure => running,
enable => true,
}
}