2013-11-05 21:21:00 +01:00
|
|
|
class zulip_internal::base {
|
2013-11-01 20:28:03 +01:00
|
|
|
include zulip::base
|
2013-10-29 23:53:04 +01:00
|
|
|
|
|
|
|
$org_base_packages = [ "nagios-plugins-basic", "munin-node", "munin-plugins-extra" ]
|
|
|
|
package { $org_base_packages: ensure => "installed" }
|
|
|
|
|
|
|
|
file { '/home/zulip/.ssh/authorized_keys':
|
|
|
|
ensure => file,
|
|
|
|
require => File['/home/zulip/.ssh'],
|
|
|
|
mode => 600,
|
|
|
|
owner => "zulip",
|
|
|
|
group => "zulip",
|
2013-11-05 21:21:00 +01:00
|
|
|
source => 'puppet:///modules/zulip_internal/authorized_keys',
|
2013-10-29 23:53:04 +01:00
|
|
|
}
|
|
|
|
file { '/home/zulip/.ssh':
|
|
|
|
ensure => directory,
|
|
|
|
require => User['zulip'],
|
|
|
|
owner => "zulip",
|
|
|
|
group => "zulip",
|
|
|
|
mode => 600,
|
|
|
|
}
|
|
|
|
|
2013-11-07 23:45:07 +01:00
|
|
|
file { '/etc/ssh/sshd_config':
|
|
|
|
require => Package['openssh-server'],
|
|
|
|
ensure => file,
|
|
|
|
source => 'puppet:///modules/zulip_internal/sshd_config',
|
|
|
|
owner => 'root',
|
|
|
|
group => 'root',
|
|
|
|
mode => 644,
|
|
|
|
}
|
|
|
|
|
|
|
|
service { 'ssh':
|
|
|
|
ensure => running,
|
|
|
|
subscribe => File['/etc/ssh/sshd_config'],
|
|
|
|
}
|
|
|
|
|
2013-10-29 23:53:04 +01:00
|
|
|
file { '/root/.ssh/authorized_keys':
|
|
|
|
ensure => file,
|
|
|
|
mode => 600,
|
|
|
|
owner => "root",
|
|
|
|
group => "root",
|
2013-11-05 21:21:00 +01:00
|
|
|
source => 'puppet:///modules/zulip_internal/root_authorized_keys',
|
2013-10-29 23:53:04 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
file { '/usr/local/sbin/zulip-ec2-configure-interfaces':
|
|
|
|
ensure => file,
|
|
|
|
mode => 755,
|
2013-11-05 21:21:00 +01:00
|
|
|
source => 'puppet:///modules/zulip_internal/zulip-ec2-configure-interfaces',
|
2013-10-29 23:53:04 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
file { '/etc/network/if-up.d/zulip-ec2-configure-interfaces_if-up.d.sh':
|
|
|
|
ensure => file,
|
|
|
|
mode => 755,
|
2013-11-05 21:21:00 +01:00
|
|
|
source => 'puppet:///modules/zulip_internal/zulip-ec2-configure-interfaces_if-up.d.sh',
|
2013-10-29 23:53:04 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
group { 'nagios':
|
|
|
|
ensure => present,
|
|
|
|
gid => '1050',
|
|
|
|
}
|
|
|
|
user { 'nagios':
|
|
|
|
ensure => present,
|
|
|
|
uid => '1050',
|
|
|
|
gid => '1050',
|
|
|
|
shell => '/bin/bash',
|
|
|
|
home => '/var/lib/nagios',
|
|
|
|
managehome => true,
|
|
|
|
}
|
|
|
|
file { '/var/lib/nagios/':
|
|
|
|
ensure => directory,
|
|
|
|
require => User['nagios'],
|
|
|
|
owner => "nagios",
|
|
|
|
group => "nagios",
|
|
|
|
mode => 600,
|
|
|
|
}
|
|
|
|
file { '/var/lib/nagios_state/':
|
|
|
|
ensure => directory,
|
|
|
|
require => User['nagios'],
|
|
|
|
owner => "nagios",
|
|
|
|
group => "nagios",
|
|
|
|
mode => 777,
|
|
|
|
}
|
|
|
|
file { '/var/lib/nagios/.ssh':
|
|
|
|
ensure => directory,
|
|
|
|
require => File['/var/lib/nagios/'],
|
|
|
|
owner => "nagios",
|
|
|
|
group => "nagios",
|
|
|
|
mode => 600,
|
|
|
|
}
|
|
|
|
file { '/var/lib/nagios/.ssh/authorized_keys':
|
|
|
|
ensure => file,
|
|
|
|
require => File['/var/lib/nagios/.ssh'],
|
|
|
|
mode => 600,
|
|
|
|
owner => "nagios",
|
|
|
|
group => "nagios",
|
2013-11-05 21:21:00 +01:00
|
|
|
source => 'puppet:///modules/zulip_internal/nagios_authorized_keys',
|
2013-10-29 23:53:04 +01:00
|
|
|
}
|
|
|
|
file { '/home/nagios':
|
|
|
|
ensure => absent,
|
|
|
|
force => true,
|
|
|
|
recurse => true,
|
|
|
|
}
|
|
|
|
file { "/usr/lib/nagios/plugins/":
|
|
|
|
require => Package[nagios-plugins-basic],
|
|
|
|
recurse => true,
|
|
|
|
purge => false,
|
|
|
|
owner => "root",
|
|
|
|
group => "root",
|
|
|
|
mode => 755,
|
2013-11-05 21:21:00 +01:00
|
|
|
source => "puppet:///modules/zulip_internal/nagios_plugins/",
|
2013-10-29 23:53:04 +01:00
|
|
|
}
|
2013-11-07 23:47:23 +01:00
|
|
|
|
|
|
|
file { '/etc/iptables/rules':
|
|
|
|
ensure => file,
|
|
|
|
mode => 600,
|
|
|
|
source => 'puppet:///modules/zulip_internal/iptables/rules',
|
|
|
|
require => Package['iptables-persistent'],
|
|
|
|
}
|
|
|
|
service { 'iptables-persistent':
|
|
|
|
ensure => running,
|
|
|
|
|
|
|
|
# Because there is no running process for this service, the normal status
|
|
|
|
# checks fail. Because puppet then thinks the service has been manually
|
|
|
|
# stopped, it won't restart it. This fake status command will trick puppet
|
|
|
|
# into thinking the service is *always* running (which in a way it is, as
|
|
|
|
# iptables is part of the kernel.)
|
|
|
|
hasstatus => true,
|
|
|
|
status => "/bin/true",
|
|
|
|
|
|
|
|
# Under Debian, the "restart" parameter does not reload the rules, so tell
|
|
|
|
# Puppet to fall back to stop/start, which does work.
|
|
|
|
hasrestart => false,
|
|
|
|
|
|
|
|
subscribe => File['/etc/iptables/rules'],
|
|
|
|
}
|
2013-10-29 23:53:04 +01:00
|
|
|
}
|