From e408957bad7aa46c61c195747ddb9253c8219631 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Wed, 28 Aug 2019 21:43:08 +0800 Subject: [PATCH 001/165] test Commit --- Puppetfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Puppetfile b/Puppetfile index cb744bb..3abda37 100644 --- a/Puppetfile +++ b/Puppetfile @@ -15,3 +15,4 @@ forge 'https://forge.puppet.com' #mod 'apache', # git: 'https://github.com/puppetlabs/puppetlabs-apache', # branch: 'docs_experiment' +# latest From afea0979ff2b053567a25f8fd5b24c764eb8c06b Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Wed, 28 Aug 2019 23:04:30 +0800 Subject: [PATCH 002/165] Put All Hiera Values for Tune Setting --- .../compilemaster-01.platform9.puppet.net.yaml | 6 ++++++ .../compilemaster-02.platform9.puppet.net.yaml | 6 ++++++ data/nodes/example-node.yaml | 1 - data/nodes/puppetmom.platform9.puppet.net.yaml | 17 +++++++++++++++++ 4 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 data/nodes/compilemaster-01.platform9.puppet.net.yaml create mode 100644 data/nodes/compilemaster-02.platform9.puppet.net.yaml delete mode 100644 data/nodes/example-node.yaml create mode 100644 data/nodes/puppetmom.platform9.puppet.net.yaml diff --git a/data/nodes/compilemaster-01.platform9.puppet.net.yaml b/data/nodes/compilemaster-01.platform9.puppet.net.yaml new file mode 100644 index 0000000..245436b --- /dev/null +++ b/data/nodes/compilemaster-01.platform9.puppet.net.yaml @@ -0,0 +1,6 @@ +--- +puppet_enterprise::master::puppetserver::jruby_max_active_instances: 3 +puppet_enterprise::profile::master::java_args: + Xms: 1536m + Xmx: 1536m +puppet_enterprise::master::puppetserver::reserved_code_cache: 512m diff --git a/data/nodes/compilemaster-02.platform9.puppet.net.yaml b/data/nodes/compilemaster-02.platform9.puppet.net.yaml new file mode 100644 index 0000000..245436b --- /dev/null +++ b/data/nodes/compilemaster-02.platform9.puppet.net.yaml @@ -0,0 +1,6 @@ +--- +puppet_enterprise::master::puppetserver::jruby_max_active_instances: 3 +puppet_enterprise::profile::master::java_args: + Xms: 1536m + Xmx: 1536m +puppet_enterprise::master::puppetserver::reserved_code_cache: 512m diff --git a/data/nodes/example-node.yaml b/data/nodes/example-node.yaml deleted file mode 100644 index ed97d53..0000000 --- a/data/nodes/example-node.yaml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/data/nodes/puppetmom.platform9.puppet.net.yaml b/data/nodes/puppetmom.platform9.puppet.net.yaml new file mode 100644 index 0000000..61398e6 --- /dev/null +++ b/data/nodes/puppetmom.platform9.puppet.net.yaml @@ -0,0 +1,17 @@ +--- +puppet_enterprise::profile::database::shared_buffers: 3715MB +puppet_enterprise::puppetdb::command_processing_threads: 4 +puppet_enterprise::profile::puppetdb::java_args: + Xms: 2229m + Xmx: 2229m +puppet_enterprise::master::puppetserver::jruby_max_active_instances: 2 +puppet_enterprise::profile::master::java_args: + Xms: 1536m + Xmx: 1536m +puppet_enterprise::master::puppetserver::reserved_code_cache: 512m +puppet_enterprise::profile::console::java_args: + Xms: 768m + Xmx: 768m +puppet_enterprise::profile::orchestrator::java_args: + Xms: 768m + Xmx: 768m From 002fe8258a5579fa422e38501b88263d15e9ddf6 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 29 Aug 2019 08:58:28 +0800 Subject: [PATCH 003/165] Add HaProxy Module with dependent modules --- Puppetfile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Puppetfile b/Puppetfile index 3abda37..aad677b 100644 --- a/Puppetfile +++ b/Puppetfile @@ -16,3 +16,8 @@ forge 'https://forge.puppet.com' # git: 'https://github.com/puppetlabs/puppetlabs-apache', # branch: 'docs_experiment' # latest + +mod 'puppetlabs/concat','6.1.0' +mod 'puppetlabs/stadlib','6.0.0' +mod 'puppetlabs/translate','2.0.0' +mod 'puppetlabs/haproxy','4.0.0' From 0980b482a4e5065ec5f4e74047af563c60bf3bbc Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 29 Aug 2019 08:59:35 +0800 Subject: [PATCH 004/165] Type Correction --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index aad677b..18f64e4 100644 --- a/Puppetfile +++ b/Puppetfile @@ -18,6 +18,6 @@ forge 'https://forge.puppet.com' # latest mod 'puppetlabs/concat','6.1.0' -mod 'puppetlabs/stadlib','6.0.0' +mod 'puppetlabs/stdlib','6.0.0' mod 'puppetlabs/translate','2.0.0' mod 'puppetlabs/haproxy','4.0.0' From 507d8798d85b5396b97710fe34dec6620835541d Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 29 Aug 2019 09:36:11 +0800 Subject: [PATCH 005/165] Add LoadBalancer Profile --- site-modules/role/manifests/loadbalancer.pp | 34 +++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 site-modules/role/manifests/loadbalancer.pp diff --git a/site-modules/role/manifests/loadbalancer.pp b/site-modules/role/manifests/loadbalancer.pp new file mode 100644 index 0000000..dcf30d4 --- /dev/null +++ b/site-modules/role/manifests/loadbalancer.pp @@ -0,0 +1,34 @@ +class role::loadbalancer ( + Integer $ports1 = '80', + Integer $ports2 = undef, + String $rule1 = 'Http', + String $rule2 = undef, + String $backendserver_name1 = '', + String $backendserver_name2 = '', + Integer $backendserver_ipaddress1 = undef, + Integer $backendserver_ipaddress2 = undef, + ) { + include ::haproxy + haproxy::listen { $rule1 : + collect_exported => false, + ipaddress => $::ipaddress, + ports => $ports1, + } + + haproxy::balancermember { $backendserver_name1 : + listening_service => 'puppetserver', + server_names => $backendserver_name1, + ipaddress => $backendserver_ipaddress1 + ports => $ports1, + options => 'check', + } + + haproxy::balancermember { $backendserver_name2 : + listening_service => 'puppetserver', + server_names => $backendserver_name2, + ipaddress => $backendserver_ipaddress2 + ports => $ports1, + options => 'check', + } + +} From 8859d51629afd0d1f0d7690eb4fa03db6158c49a Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 29 Aug 2019 09:41:29 +0800 Subject: [PATCH 006/165] Correctness --- site-modules/role/manifests/loadbalancer.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site-modules/role/manifests/loadbalancer.pp b/site-modules/role/manifests/loadbalancer.pp index dcf30d4..a8f658c 100644 --- a/site-modules/role/manifests/loadbalancer.pp +++ b/site-modules/role/manifests/loadbalancer.pp @@ -18,7 +18,7 @@ class role::loadbalancer ( haproxy::balancermember { $backendserver_name1 : listening_service => 'puppetserver', server_names => $backendserver_name1, - ipaddress => $backendserver_ipaddress1 + ipaddress => $backendserver_ipaddress1, ports => $ports1, options => 'check', } @@ -26,7 +26,7 @@ class role::loadbalancer ( haproxy::balancermember { $backendserver_name2 : listening_service => 'puppetserver', server_names => $backendserver_name2, - ipaddress => $backendserver_ipaddress2 + ipaddress => $backendserver_ipaddress2, ports => $ports1, options => 'check', } From 271d8f7c61d2688bf12d6706dd11ba8fa7236ca9 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 29 Aug 2019 09:48:16 +0800 Subject: [PATCH 007/165] Add Optional --- site-modules/role/manifests/loadbalancer.pp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/site-modules/role/manifests/loadbalancer.pp b/site-modules/role/manifests/loadbalancer.pp index a8f658c..eced20a 100644 --- a/site-modules/role/manifests/loadbalancer.pp +++ b/site-modules/role/manifests/loadbalancer.pp @@ -1,12 +1,12 @@ class role::loadbalancer ( Integer $ports1 = '80', - Integer $ports2 = undef, - String $rule1 = 'Http', - String $rule2 = undef, + Optional[Integer] $ports2 = undef, + String $rule1 = 'http', + Optional[String] $rule2 = undef, String $backendserver_name1 = '', String $backendserver_name2 = '', - Integer $backendserver_ipaddress1 = undef, - Integer $backendserver_ipaddress2 = undef, + Optional[String] $backendserver_ipaddress1 = undef, + Optional[String] $backendserver_ipaddress2 = undef, ) { include ::haproxy haproxy::listen { $rule1 : From 5187b1dbd51e963d48cd38d06db6923deee2c7a0 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 29 Aug 2019 09:55:53 +0800 Subject: [PATCH 008/165] correct --- site-modules/role/manifests/loadbalancer.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site-modules/role/manifests/loadbalancer.pp b/site-modules/role/manifests/loadbalancer.pp index eced20a..961dab0 100644 --- a/site-modules/role/manifests/loadbalancer.pp +++ b/site-modules/role/manifests/loadbalancer.pp @@ -1,6 +1,6 @@ class role::loadbalancer ( - Integer $ports1 = '80', - Optional[Integer] $ports2 = undef, + String $ports1 = '80', + Optional[String] $ports2 = undef, String $rule1 = 'http', Optional[String] $rule2 = undef, String $backendserver_name1 = '', From e5e9cefeabdcb9e26adf6f3f17b400b29e201160 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 29 Aug 2019 10:00:03 +0800 Subject: [PATCH 009/165] 1 --- site-modules/role/manifests/loadbalancer.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site-modules/role/manifests/loadbalancer.pp b/site-modules/role/manifests/loadbalancer.pp index 961dab0..0fb6f03 100644 --- a/site-modules/role/manifests/loadbalancer.pp +++ b/site-modules/role/manifests/loadbalancer.pp @@ -5,8 +5,8 @@ class role::loadbalancer ( Optional[String] $rule2 = undef, String $backendserver_name1 = '', String $backendserver_name2 = '', - Optional[String] $backendserver_ipaddress1 = undef, - Optional[String] $backendserver_ipaddress2 = undef, + String $backendserver_ipaddress1 = undef, + String $backendserver_ipaddress2 = undef, ) { include ::haproxy haproxy::listen { $rule1 : From 4e81d0f07d87734655594bb77900e268a6d19ab7 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 29 Aug 2019 10:04:07 +0800 Subject: [PATCH 010/165] test2 --- site-modules/role/manifests/loadbalancer.pp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/site-modules/role/manifests/loadbalancer.pp b/site-modules/role/manifests/loadbalancer.pp index 0fb6f03..ff444fc 100644 --- a/site-modules/role/manifests/loadbalancer.pp +++ b/site-modules/role/manifests/loadbalancer.pp @@ -3,10 +3,10 @@ class role::loadbalancer ( Optional[String] $ports2 = undef, String $rule1 = 'http', Optional[String] $rule2 = undef, - String $backendserver_name1 = '', - String $backendserver_name2 = '', - String $backendserver_ipaddress1 = undef, - String $backendserver_ipaddress2 = undef, + String $backendserver_name1 = '', + String $backendserver_name2 = '', + Optional[String] $backendserver_ipaddress1 = undef, + Optional[String] $backendserver_ipaddress2 = undef, ) { include ::haproxy haproxy::listen { $rule1 : @@ -18,7 +18,7 @@ class role::loadbalancer ( haproxy::balancermember { $backendserver_name1 : listening_service => 'puppetserver', server_names => $backendserver_name1, - ipaddress => $backendserver_ipaddress1, + ipaddress => '192.168.0.8', ports => $ports1, options => 'check', } @@ -26,7 +26,7 @@ class role::loadbalancer ( haproxy::balancermember { $backendserver_name2 : listening_service => 'puppetserver', server_names => $backendserver_name2, - ipaddress => $backendserver_ipaddress2, + ipaddress => '192.168.0.10', ports => $ports1, options => 'check', } From 4974eefc645692265d3222c24f343cb343476fb9 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 29 Aug 2019 10:05:46 +0800 Subject: [PATCH 011/165] correct IP addresses --- site-modules/role/manifests/loadbalancer.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site-modules/role/manifests/loadbalancer.pp b/site-modules/role/manifests/loadbalancer.pp index ff444fc..34ec6c7 100644 --- a/site-modules/role/manifests/loadbalancer.pp +++ b/site-modules/role/manifests/loadbalancer.pp @@ -18,7 +18,7 @@ class role::loadbalancer ( haproxy::balancermember { $backendserver_name1 : listening_service => 'puppetserver', server_names => $backendserver_name1, - ipaddress => '192.168.0.8', + ipaddresses => $backendserver_ipaddress1, ports => $ports1, options => 'check', } @@ -26,7 +26,7 @@ class role::loadbalancer ( haproxy::balancermember { $backendserver_name2 : listening_service => 'puppetserver', server_names => $backendserver_name2, - ipaddress => '192.168.0.10', + ipaddresses => $backendserver_ipaddress2, ports => $ports1, options => 'check', } From 8ca3c28c954c9df14a09d9f676537e09a625e371 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 29 Aug 2019 10:50:18 +0800 Subject: [PATCH 012/165] atstst --- site-modules/role/manifests/loadbalancer.pp | 41 ++++++++++----------- 1 file changed, 20 insertions(+), 21 deletions(-) diff --git a/site-modules/role/manifests/loadbalancer.pp b/site-modules/role/manifests/loadbalancer.pp index 34ec6c7..6f59073 100644 --- a/site-modules/role/manifests/loadbalancer.pp +++ b/site-modules/role/manifests/loadbalancer.pp @@ -1,34 +1,33 @@ class role::loadbalancer ( - String $ports1 = '80', + Optional[String] $ports1 = '80', Optional[String] $ports2 = undef, - String $rule1 = 'http', + Optional[String] $rule1 = 'http', Optional[String] $rule2 = undef, - String $backendserver_name1 = '', - String $backendserver_name2 = '', - Optional[String] $backendserver_ipaddress1 = undef, - Optional[String] $backendserver_ipaddress2 = undef, + # String $backendserver_name1 = '', + # String $backendserver_name2 = '', + # Optional[String] $backendserver_ipaddress1 = undef, + # Optional[String] $backendserver_ipaddress2 = undef, ) { include ::haproxy - haproxy::listen { $rule1 : + haproxy::listen { 'puppet00' : collect_exported => false, ipaddress => $::ipaddress, - ports => $ports1, + ports => '8140', } - haproxy::balancermember { $backendserver_name1 : - listening_service => 'puppetserver', - server_names => $backendserver_name1, - ipaddresses => $backendserver_ipaddress1, - ports => $ports1, - options => 'check', - } - - haproxy::balancermember { $backendserver_name2 : - listening_service => 'puppetserver', - server_names => $backendserver_name2, - ipaddresses => $backendserver_ipaddress2, - ports => $ports1, + haproxy::balancermember { 'haproxy' : + listening_service => 'puppet00', + server_names => ['compilemaster-01.platform9.puppet.net','compilemaster-02.platform9.puppet.net'], + ipaddresses => ['192.168.0.8','192.168.0.10'], + ports => '8140', options => 'check', } +# haproxy::balancermember { $backendserver_name2 : +# listening_service => 'puppetserver', +# server_names => $backendserver_name2, +# ipaddresses => $backendserver_ipaddress2, +# ports => $ports1, +# options => 'check', +# } } From cfa2dc95ea90dd44804c29d8d1a2b1d102350fb8 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 29 Aug 2019 11:00:51 +0800 Subject: [PATCH 013/165] change back --- site-modules/role/manifests/loadbalancer.pp | 44 ++++++++++++--------- 1 file changed, 26 insertions(+), 18 deletions(-) diff --git a/site-modules/role/manifests/loadbalancer.pp b/site-modules/role/manifests/loadbalancer.pp index 6f59073..39f4f26 100644 --- a/site-modules/role/manifests/loadbalancer.pp +++ b/site-modules/role/manifests/loadbalancer.pp @@ -1,33 +1,41 @@ class role::loadbalancer ( Optional[String] $ports1 = '80', Optional[String] $ports2 = undef, - Optional[String] $rule1 = 'http', + Optional[String] $rule1 = 'puppet00', Optional[String] $rule2 = undef, - # String $backendserver_name1 = '', - # String $backendserver_name2 = '', - # Optional[String] $backendserver_ipaddress1 = undef, - # Optional[String] $backendserver_ipaddress2 = undef, + Optional[String] $backendserver_name1 = '', + Optional[String] $backendserver_name2 = '', + Optional[String] $backendserver_ipaddress1 = undef, + Optional[String] $backendserver_ipaddress2 = undef, ) { include ::haproxy - haproxy::listen { 'puppet00' : + haproxy::listen { $rule1 : collect_exported => false, ipaddress => $::ipaddress, ports => '8140', } - haproxy::balancermember { 'haproxy' : - listening_service => 'puppet00', - server_names => ['compilemaster-01.platform9.puppet.net','compilemaster-02.platform9.puppet.net'], - ipaddresses => ['192.168.0.8','192.168.0.10'], - ports => '8140', + haproxy::balancermember { 'haproxy01' : + listening_service => $rule1, + # server_names => ['compilemaster-01.platform9.puppet.net','compilemaster-02.platform9.puppet.net'], + # ipaddresses => ['192.168.0.8','192.168.0.10'], + # ports => '8140', + # options => 'check', + + server_names => $backendserver_name1, + ipaddresses => $backendserver_ipaddress1, + ports => $ports1, options => 'check', + + } + + haproxy::balancermember { 'haproxy01' : + + listening_service => $rule1, + server_names => $backendserver_name2, + ipaddresses => $backendserver_ipaddress2, + ports => $ports1, + options => 'check', } -# haproxy::balancermember { $backendserver_name2 : -# listening_service => 'puppetserver', -# server_names => $backendserver_name2, -# ipaddresses => $backendserver_ipaddress2, -# ports => $ports1, -# options => 'check', -# } } From abd651558c6a199949cead83e5a25afcdbed8386 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 29 Aug 2019 11:04:19 +0800 Subject: [PATCH 014/165] w --- site-modules/role/manifests/loadbalancer.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site-modules/role/manifests/loadbalancer.pp b/site-modules/role/manifests/loadbalancer.pp index 39f4f26..60db495 100644 --- a/site-modules/role/manifests/loadbalancer.pp +++ b/site-modules/role/manifests/loadbalancer.pp @@ -29,8 +29,8 @@ class role::loadbalancer ( } - haproxy::balancermember { 'haproxy01' : - + haproxy::balancermember { 'haproxy02' : + listening_service => $rule1, server_names => $backendserver_name2, ipaddresses => $backendserver_ipaddress2, From 2d6c45ab9c49cc8e7a97fbd8135be5ed676fbd7f Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 29 Aug 2019 11:11:36 +0800 Subject: [PATCH 015/165] Correct A Code Change --- site-modules/role/manifests/loadbalancer.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-modules/role/manifests/loadbalancer.pp b/site-modules/role/manifests/loadbalancer.pp index 60db495..33e3bac 100644 --- a/site-modules/role/manifests/loadbalancer.pp +++ b/site-modules/role/manifests/loadbalancer.pp @@ -12,7 +12,7 @@ class role::loadbalancer ( haproxy::listen { $rule1 : collect_exported => false, ipaddress => $::ipaddress, - ports => '8140', + ports => $ports1, } haproxy::balancermember { 'haproxy01' : From af58e06b792c8325b7cfc99f47816bb6174a9e37 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 29 Aug 2019 21:04:13 +0800 Subject: [PATCH 016/165] test class --- site-modules/role/manifests/loadbalancer.pp | 28 ++++++++++++--------- 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/site-modules/role/manifests/loadbalancer.pp b/site-modules/role/manifests/loadbalancer.pp index 33e3bac..641311c 100644 --- a/site-modules/role/manifests/loadbalancer.pp +++ b/site-modules/role/manifests/loadbalancer.pp @@ -1,27 +1,26 @@ class role::loadbalancer ( Optional[String] $ports1 = '80', Optional[String] $ports2 = undef, - Optional[String] $rule1 = 'puppet00', - Optional[String] $rule2 = undef, + Optional[String] $rule1 = 'puppet00', + Optional[String] $rule2 = undef, Optional[String] $backendserver_name1 = '', Optional[String] $backendserver_name2 = '', Optional[String] $backendserver_ipaddress1 = undef, Optional[String] $backendserver_ipaddress2 = undef, ) { - include ::haproxy - haproxy::listen { $rule1 : + + # include ::haproxy + #haproxy::listen { $rule1 : + class { 'haproxy::listen' : collect_exported => false, ipaddress => $::ipaddress, ports => $ports1, } - haproxy::balancermember { 'haproxy01' : - listening_service => $rule1, - # server_names => ['compilemaster-01.platform9.puppet.net','compilemaster-02.platform9.puppet.net'], - # ipaddresses => ['192.168.0.8','192.168.0.10'], - # ports => '8140', - # options => 'check', + #haproxy::balancermember { 'member1' : + class { 'haproxy::balancermember' : + listening_service => $rule1, server_names => $backendserver_name1, ipaddresses => $backendserver_ipaddress1, ports => $ports1, @@ -29,8 +28,8 @@ class role::loadbalancer ( } - haproxy::balancermember { 'haproxy02' : - + #haproxy::balancermember { 'haproxy02' : + class { 'haproxy::balancermember' : listening_service => $rule1, server_names => $backendserver_name2, ipaddresses => $backendserver_ipaddress2, @@ -38,4 +37,9 @@ class role::loadbalancer ( options => 'check', } +#pending Improvement, possible areas: Array Input with multipal ports + + + + } From eea045a2e215bfc3a33f945c11b7f101dcdf2165 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 29 Aug 2019 21:11:53 +0800 Subject: [PATCH 017/165] 123 --- site-modules/role/manifests/loadbalancer.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-modules/role/manifests/loadbalancer.pp b/site-modules/role/manifests/loadbalancer.pp index 641311c..d0a90a9 100644 --- a/site-modules/role/manifests/loadbalancer.pp +++ b/site-modules/role/manifests/loadbalancer.pp @@ -9,7 +9,7 @@ class role::loadbalancer ( Optional[String] $backendserver_ipaddress2 = undef, ) { - # include ::haproxy + include ::haproxy #haproxy::listen { $rule1 : class { 'haproxy::listen' : collect_exported => false, From b9dab8d4a8e4b5fd327f4728a75f798e778b8ced Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 29 Aug 2019 21:14:48 +0800 Subject: [PATCH 018/165] 123 --- site-modules/role/manifests/loadbalancer.pp | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/site-modules/role/manifests/loadbalancer.pp b/site-modules/role/manifests/loadbalancer.pp index d0a90a9..1859d53 100644 --- a/site-modules/role/manifests/loadbalancer.pp +++ b/site-modules/role/manifests/loadbalancer.pp @@ -10,16 +10,14 @@ class role::loadbalancer ( ) { include ::haproxy - #haproxy::listen { $rule1 : - class { 'haproxy::listen' : + haproxy::listen { $rule1 : collect_exported => false, ipaddress => $::ipaddress, ports => $ports1, } - #haproxy::balancermember { 'member1' : - class { 'haproxy::balancermember' : + haproxy::balancermember { 'member1' : listening_service => $rule1, server_names => $backendserver_name1, ipaddresses => $backendserver_ipaddress1, @@ -28,8 +26,7 @@ class role::loadbalancer ( } - #haproxy::balancermember { 'haproxy02' : - class { 'haproxy::balancermember' : + haproxy::balancermember { 'member2' : listening_service => $rule1, server_names => $backendserver_name2, ipaddresses => $backendserver_ipaddress2, From 2a8473b2fd55966922f886ca12e940ed07aec501 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 3 Sep 2019 10:32:36 +0100 Subject: [PATCH 019/165] add rule 2 --- site-modules/role/manifests/loadbalancer.pp | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/site-modules/role/manifests/loadbalancer.pp b/site-modules/role/manifests/loadbalancer.pp index 1859d53..fa96e17 100644 --- a/site-modules/role/manifests/loadbalancer.pp +++ b/site-modules/role/manifests/loadbalancer.pp @@ -36,6 +36,22 @@ class role::loadbalancer ( #pending Improvement, possible areas: Array Input with multipal ports +haproxy::balancermember { 'member3' : + listening_service => $rule2, + server_names => $backendserver_name1, + ipaddresses => $backendserver_ipaddress1, + ports => $ports2, + options => 'check', + +} + +haproxy::balancermember { 'member4' : + listening_service => $rule2, + server_names => $backendserver_name2, + ipaddresses => $backendserver_ipaddress2, + ports => $ports2, + options => 'check', +} From c3c83c5f387f924f5ac5915bd0b53e089ac94795 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 3 Sep 2019 11:32:42 +0100 Subject: [PATCH 020/165] adfsfds --- site-modules/role/manifests/loadbalancer.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/site-modules/role/manifests/loadbalancer.pp b/site-modules/role/manifests/loadbalancer.pp index fa96e17..649b2c1 100644 --- a/site-modules/role/manifests/loadbalancer.pp +++ b/site-modules/role/manifests/loadbalancer.pp @@ -16,6 +16,13 @@ class role::loadbalancer ( ports => $ports1, } + haproxy::listen { $rule2 : + collect_exported => false, + ipaddress => $::ipaddress, + ports => $ports2, + + } + haproxy::balancermember { 'member1' : listening_service => $rule1, From c6458d3f91132e712b5e9b2af74955e6954d803d Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Wed, 4 Sep 2019 09:03:07 +0100 Subject: [PATCH 021/165] add puppet_agent module --- Puppetfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Puppetfile b/Puppetfile index 18f64e4..c0a1a82 100644 --- a/Puppetfile +++ b/Puppetfile @@ -21,3 +21,7 @@ mod 'puppetlabs/concat','6.1.0' mod 'puppetlabs/stdlib','6.0.0' mod 'puppetlabs/translate','2.0.0' mod 'puppetlabs/haproxy','4.0.0' +mod 'puppetlabs/puppet_agent','2.2.0' +mod 'puppetlabs/apt','7.1.0' +mod 'puppetlabs/facts','0.6.0' +mod 'puppetlabs/inifile','2.4.0' From 61e624c7b02490dc314b82e5f1ec2b127d88fbc9 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 9 Sep 2019 11:44:14 +0100 Subject: [PATCH 022/165] add autosign module --- Puppetfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Puppetfile b/Puppetfile index c0a1a82..9292c62 100644 --- a/Puppetfile +++ b/Puppetfile @@ -25,3 +25,4 @@ mod 'puppetlabs/puppet_agent','2.2.0' mod 'puppetlabs/apt','7.1.0' mod 'puppetlabs/facts','0.6.0' mod 'puppetlabs/inifile','2.4.0' +mod 'danieldreier-autosign','0.2.0' From ecd53b2dd0a7462e76f67d562a261cf61ac2bad2 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 9 Sep 2019 12:33:21 +0100 Subject: [PATCH 023/165] add user & grup --- site-modules/role/manifests/windowsnode.pp | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 site-modules/role/manifests/windowsnode.pp diff --git a/site-modules/role/manifests/windowsnode.pp b/site-modules/role/manifests/windowsnode.pp new file mode 100644 index 0000000..b226e78 --- /dev/null +++ b/site-modules/role/manifests/windowsnode.pp @@ -0,0 +1,14 @@ +class role::windowsnode { + + group { 'testgroup' : + ensure => present, + } + + + user { 'testuser1' : + ensure => present, + } + + + +} From 0c2e5c12dba0007af7241f82283725234c5f4bd8 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 9 Sep 2019 12:39:03 +0100 Subject: [PATCH 024/165] ff --- site-modules/role/manifests/example.pp | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/site-modules/role/manifests/example.pp b/site-modules/role/manifests/example.pp index 2c1d2d7..e67e0fe 100644 --- a/site-modules/role/manifests/example.pp +++ b/site-modules/role/manifests/example.pp @@ -1,3 +1,12 @@ class role::example { + group { 'testgroup' : + ensure => present, + } + + + user { 'testuser1' : + ensure => present, + } + } From b21c5e581650a43da580415a48c14584daf695fd Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 9 Sep 2019 12:50:02 +0100 Subject: [PATCH 025/165] s --- site-modules/role/manifests/example.pp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/site-modules/role/manifests/example.pp b/site-modules/role/manifests/example.pp index e67e0fe..66f2f7f 100644 --- a/site-modules/role/manifests/example.pp +++ b/site-modules/role/manifests/example.pp @@ -1,11 +1,13 @@ class role::example { group { 'testgroup' : + name => ""testgroup111. ensure => present, } user { 'testuser1' : + name => "testuser111", ensure => present, } From 22498ee3ff58cb5b02999c8b5a77d0048ba3e5fb Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 9 Sep 2019 12:51:24 +0100 Subject: [PATCH 026/165] rr --- site-modules/role/manifests/windowsnode.pp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/site-modules/role/manifests/windowsnode.pp b/site-modules/role/manifests/windowsnode.pp index b226e78..8eec21d 100644 --- a/site-modules/role/manifests/windowsnode.pp +++ b/site-modules/role/manifests/windowsnode.pp @@ -1,14 +1,16 @@ class role::windowsnode { - +### group { 'testgroup' : + name => "testgroup111", ensure => present, } user { 'testuser1' : + name => "testuser111", ensure => present, } - +### } From 979904ec5bd9d058237469686e9f9d3b07ccb323 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 9 Sep 2019 12:57:31 +0100 Subject: [PATCH 027/165] d --- site-modules/role/manifests/windowsnode.pp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/site-modules/role/manifests/windowsnode.pp b/site-modules/role/manifests/windowsnode.pp index 8eec21d..5ea55b7 100644 --- a/site-modules/role/manifests/windowsnode.pp +++ b/site-modules/role/manifests/windowsnode.pp @@ -1,14 +1,15 @@ class role::windowsnode { ### group { 'testgroup' : - name => "testgroup111", + name => 'testgroup111', ensure => present, } user { 'testuser1' : - name => "testuser111", + name => 'testuser111', ensure => present, + groups => 'testgroup111', } ### From 2eb4d8316908c66679d62418d2f9eb8394caa817 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 24 Sep 2019 11:23:38 +0800 Subject: [PATCH 028/165] ddd --- Puppetfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Puppetfile b/Puppetfile index 9292c62..847667d 100644 --- a/Puppetfile +++ b/Puppetfile @@ -26,3 +26,4 @@ mod 'puppetlabs/apt','7.1.0' mod 'puppetlabs/facts','0.6.0' mod 'puppetlabs/inifile','2.4.0' mod 'danieldreier-autosign','0.2.0' +mod 'tkishel-unlock_puppet', '2.0.5' From 5bcf6e73863c13a24c82a2a2c5677f722dabc4cf Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 8 Oct 2019 09:25:23 +0800 Subject: [PATCH 029/165] tests --- Puppetfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index 847667d..323ab5d 100644 --- a/Puppetfile +++ b/Puppetfile @@ -26,4 +26,6 @@ mod 'puppetlabs/apt','7.1.0' mod 'puppetlabs/facts','0.6.0' mod 'puppetlabs/inifile','2.4.0' mod 'danieldreier-autosign','0.2.0' -mod 'tkishel-unlock_puppet', '2.0.5' +mod 'tkishel-unlock_puppet', + :git => 'git@github.com:tkishel/unlock_puppet.git', + :branch => 'master' From 4a84756a73fabf6084faa4b9aac4cceb34c0a940 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 8 Oct 2019 09:31:44 +0800 Subject: [PATCH 030/165] wtstst --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index 323ab5d..7f0c67a 100644 --- a/Puppetfile +++ b/Puppetfile @@ -27,5 +27,5 @@ mod 'puppetlabs/facts','0.6.0' mod 'puppetlabs/inifile','2.4.0' mod 'danieldreier-autosign','0.2.0' mod 'tkishel-unlock_puppet', - :git => 'git@github.com:tkishel/unlock_puppet.git', + :git => '[git@github.com:9000]:tkishel/unlock_puppet.git', :branch => 'master' From e4cbe2613c640e1b822f6f7e6ca0b0c29950a034 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 8 Oct 2019 09:36:45 +0800 Subject: [PATCH 031/165] stststst --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index 7f0c67a..cee8d1c 100644 --- a/Puppetfile +++ b/Puppetfile @@ -27,5 +27,5 @@ mod 'puppetlabs/facts','0.6.0' mod 'puppetlabs/inifile','2.4.0' mod 'danieldreier-autosign','0.2.0' mod 'tkishel-unlock_puppet', - :git => '[git@github.com:9000]:tkishel/unlock_puppet.git', + :git => 'git@github.com:9000/tkishel/unlock_puppet.git', :branch => 'master' From fb0273d5e4353f57cbd15ea1001a0c4b95c829cc Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 8 Oct 2019 09:38:26 +0800 Subject: [PATCH 032/165] ststst --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index cee8d1c..bbcad64 100644 --- a/Puppetfile +++ b/Puppetfile @@ -27,5 +27,5 @@ mod 'puppetlabs/facts','0.6.0' mod 'puppetlabs/inifile','2.4.0' mod 'danieldreier-autosign','0.2.0' mod 'tkishel-unlock_puppet', - :git => 'git@github.com:9000/tkishel/unlock_puppet.git', + :git => 'git@github.com:22/tkishel/unlock_puppet.git', :branch => 'master' From 3b3c56ab24b149918cf23c95120d8440e47ef3e8 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 8 Oct 2019 09:39:59 +0800 Subject: [PATCH 033/165] tstst --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index bbcad64..2b1c5de 100644 --- a/Puppetfile +++ b/Puppetfile @@ -27,5 +27,5 @@ mod 'puppetlabs/facts','0.6.0' mod 'puppetlabs/inifile','2.4.0' mod 'danieldreier-autosign','0.2.0' mod 'tkishel-unlock_puppet', - :git => 'git@github.com:22/tkishel/unlock_puppet.git', + :git => '[git@github.com:22]:tkishel/unlock_puppet.git', :branch => 'master' From 65b11ac733a20524c268f9bd9e5656bf90b5cb0d Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 8 Oct 2019 09:46:09 +0800 Subject: [PATCH 034/165] ststs --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index 2b1c5de..a3827ad 100644 --- a/Puppetfile +++ b/Puppetfile @@ -27,5 +27,5 @@ mod 'puppetlabs/facts','0.6.0' mod 'puppetlabs/inifile','2.4.0' mod 'danieldreier-autosign','0.2.0' mod 'tkishel-unlock_puppet', - :git => '[git@github.com:22]:tkishel/unlock_puppet.git', + :git => 'git@github.com[:22]:tkishel/unlock_puppet.git', :branch => 'master' From 9a4fa99670c0df118277b1340b4219421c936f3e Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 8 Oct 2019 09:47:41 +0800 Subject: [PATCH 035/165] tsts --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index a3827ad..2b1c5de 100644 --- a/Puppetfile +++ b/Puppetfile @@ -27,5 +27,5 @@ mod 'puppetlabs/facts','0.6.0' mod 'puppetlabs/inifile','2.4.0' mod 'danieldreier-autosign','0.2.0' mod 'tkishel-unlock_puppet', - :git => 'git@github.com[:22]:tkishel/unlock_puppet.git', + :git => '[git@github.com:22]:tkishel/unlock_puppet.git', :branch => 'master' From 3c6806b0e21743bd361e11ff7c7df9b5d544e40a Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 8 Oct 2019 09:54:56 +0800 Subject: [PATCH 036/165] sfsfsdf --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index 2b1c5de..e068111 100644 --- a/Puppetfile +++ b/Puppetfile @@ -27,5 +27,5 @@ mod 'puppetlabs/facts','0.6.0' mod 'puppetlabs/inifile','2.4.0' mod 'danieldreier-autosign','0.2.0' mod 'tkishel-unlock_puppet', - :git => '[git@github.com:22]:tkishel/unlock_puppet.git', + :git => 'git@[github.com[:22]/tkishel/unlock_puppet.git', :branch => 'master' From 9fd4e7a9257931415b1394bcec0438dce3d6fe65 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 8 Oct 2019 09:55:29 +0800 Subject: [PATCH 037/165] tststs --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index e068111..f9b9a70 100644 --- a/Puppetfile +++ b/Puppetfile @@ -27,5 +27,5 @@ mod 'puppetlabs/facts','0.6.0' mod 'puppetlabs/inifile','2.4.0' mod 'danieldreier-autosign','0.2.0' mod 'tkishel-unlock_puppet', - :git => 'git@[github.com[:22]/tkishel/unlock_puppet.git', + :git => 'git@github.com[:22]/tkishel/unlock_puppet.git', :branch => 'master' From 64cb8f40a50005021a458046dd89cb7677bdb9fc Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 8 Oct 2019 09:57:07 +0800 Subject: [PATCH 038/165] ststs --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index f9b9a70..f7b5555 100644 --- a/Puppetfile +++ b/Puppetfile @@ -27,5 +27,5 @@ mod 'puppetlabs/facts','0.6.0' mod 'puppetlabs/inifile','2.4.0' mod 'danieldreier-autosign','0.2.0' mod 'tkishel-unlock_puppet', - :git => 'git@github.com[:22]/tkishel/unlock_puppet.git', + :git => 'ssh://git@github.com:22/tkishel/unlock_puppet.git', :branch => 'master' From 2ff2161fc7b58800feae9daa697f7829ff8e8ead Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 8 Oct 2019 09:57:40 +0800 Subject: [PATCH 039/165] tsttst --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index f7b5555..a190f68 100644 --- a/Puppetfile +++ b/Puppetfile @@ -27,5 +27,5 @@ mod 'puppetlabs/facts','0.6.0' mod 'puppetlabs/inifile','2.4.0' mod 'danieldreier-autosign','0.2.0' mod 'tkishel-unlock_puppet', - :git => 'ssh://git@github.com:22/tkishel/unlock_puppet.git', + :git => 'ssh://git@github.com:9000/tkishel/unlock_puppet.git', :branch => 'master' From 7a846ad2f527f0e618a1b33175ef6d7fb948096b Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 8 Oct 2019 10:07:42 +0800 Subject: [PATCH 040/165] tststs --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index a190f68..cee8d1c 100644 --- a/Puppetfile +++ b/Puppetfile @@ -27,5 +27,5 @@ mod 'puppetlabs/facts','0.6.0' mod 'puppetlabs/inifile','2.4.0' mod 'danieldreier-autosign','0.2.0' mod 'tkishel-unlock_puppet', - :git => 'ssh://git@github.com:9000/tkishel/unlock_puppet.git', + :git => 'git@github.com:9000/tkishel/unlock_puppet.git', :branch => 'master' From 27c6d89e8bea7fcae6044b678604228e319c172c Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 8 Oct 2019 10:08:44 +0800 Subject: [PATCH 041/165] ststs --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index cee8d1c..1104922 100644 --- a/Puppetfile +++ b/Puppetfile @@ -27,5 +27,5 @@ mod 'puppetlabs/facts','0.6.0' mod 'puppetlabs/inifile','2.4.0' mod 'danieldreier-autosign','0.2.0' mod 'tkishel-unlock_puppet', - :git => 'git@github.com:9000/tkishel/unlock_puppet.git', + :git => 'git@github.com:900/tkishel/unlock_puppet.git', :branch => 'master' From 917b85c8964c7598f123f4a951c7741d470b12f8 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 8 Oct 2019 10:09:32 +0800 Subject: [PATCH 042/165] tststs --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index 1104922..a582811 100644 --- a/Puppetfile +++ b/Puppetfile @@ -27,5 +27,5 @@ mod 'puppetlabs/facts','0.6.0' mod 'puppetlabs/inifile','2.4.0' mod 'danieldreier-autosign','0.2.0' mod 'tkishel-unlock_puppet', - :git => 'git@github.com:900/tkishel/unlock_puppet.git', + :git => 'git@github.com/tkishel/unlock_puppet.git', :branch => 'master' From 9afa1ce888ff4261769aec384415042c93398064 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 8 Oct 2019 10:10:24 +0800 Subject: [PATCH 043/165] stststs --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index a582811..323ab5d 100644 --- a/Puppetfile +++ b/Puppetfile @@ -27,5 +27,5 @@ mod 'puppetlabs/facts','0.6.0' mod 'puppetlabs/inifile','2.4.0' mod 'danieldreier-autosign','0.2.0' mod 'tkishel-unlock_puppet', - :git => 'git@github.com/tkishel/unlock_puppet.git', + :git => 'git@github.com:tkishel/unlock_puppet.git', :branch => 'master' From 998c96fe1907262f8a57c2c95bfc3046739db60a Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 8 Oct 2019 10:13:40 +0800 Subject: [PATCH 044/165] tststs --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index 323ab5d..cee8d1c 100644 --- a/Puppetfile +++ b/Puppetfile @@ -27,5 +27,5 @@ mod 'puppetlabs/facts','0.6.0' mod 'puppetlabs/inifile','2.4.0' mod 'danieldreier-autosign','0.2.0' mod 'tkishel-unlock_puppet', - :git => 'git@github.com:tkishel/unlock_puppet.git', + :git => 'git@github.com:9000/tkishel/unlock_puppet.git', :branch => 'master' From b2af8b3d8c1b53c7e6c714f850f6cfac6181608b Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 8 Oct 2019 10:21:46 +0800 Subject: [PATCH 045/165] tststs --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index cee8d1c..f7b5555 100644 --- a/Puppetfile +++ b/Puppetfile @@ -27,5 +27,5 @@ mod 'puppetlabs/facts','0.6.0' mod 'puppetlabs/inifile','2.4.0' mod 'danieldreier-autosign','0.2.0' mod 'tkishel-unlock_puppet', - :git => 'git@github.com:9000/tkishel/unlock_puppet.git', + :git => 'ssh://git@github.com:22/tkishel/unlock_puppet.git', :branch => 'master' From a9fccf2662d2ea494c085dc67408ff65d1dda3dd Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 8 Oct 2019 10:24:29 +0800 Subject: [PATCH 046/165] tstst --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index f7b5555..a190f68 100644 --- a/Puppetfile +++ b/Puppetfile @@ -27,5 +27,5 @@ mod 'puppetlabs/facts','0.6.0' mod 'puppetlabs/inifile','2.4.0' mod 'danieldreier-autosign','0.2.0' mod 'tkishel-unlock_puppet', - :git => 'ssh://git@github.com:22/tkishel/unlock_puppet.git', + :git => 'ssh://git@github.com:9000/tkishel/unlock_puppet.git', :branch => 'master' From 02a3ee74f357eb4893f5e4de00db58d54dfa7c01 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 8 Oct 2019 10:39:48 +0800 Subject: [PATCH 047/165] tststs --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index a190f68..a582811 100644 --- a/Puppetfile +++ b/Puppetfile @@ -27,5 +27,5 @@ mod 'puppetlabs/facts','0.6.0' mod 'puppetlabs/inifile','2.4.0' mod 'danieldreier-autosign','0.2.0' mod 'tkishel-unlock_puppet', - :git => 'ssh://git@github.com:9000/tkishel/unlock_puppet.git', + :git => 'git@github.com/tkishel/unlock_puppet.git', :branch => 'master' From 465cd1c2c94e4a43bff1c8dc0f851cd5e777a403 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 8 Oct 2019 10:45:28 +0800 Subject: [PATCH 048/165] tststst --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index a582811..bbcad64 100644 --- a/Puppetfile +++ b/Puppetfile @@ -27,5 +27,5 @@ mod 'puppetlabs/facts','0.6.0' mod 'puppetlabs/inifile','2.4.0' mod 'danieldreier-autosign','0.2.0' mod 'tkishel-unlock_puppet', - :git => 'git@github.com/tkishel/unlock_puppet.git', + :git => 'git@github.com:22/tkishel/unlock_puppet.git', :branch => 'master' From dedbe204e7fafa6b1b7f47aa0acb866ad5f0e40e Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 8 Oct 2019 10:52:05 +0800 Subject: [PATCH 049/165] tststs --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index bbcad64..34517e5 100644 --- a/Puppetfile +++ b/Puppetfile @@ -27,5 +27,5 @@ mod 'puppetlabs/facts','0.6.0' mod 'puppetlabs/inifile','2.4.0' mod 'danieldreier-autosign','0.2.0' mod 'tkishel-unlock_puppet', - :git => 'git@github.com:22/tkishel/unlock_puppet.git', + :git => 'ssh://git@github.com/tkishel/unlock_puppet.git', :branch => 'master' From 22f26c4ea2eafdce854317353c3c1e3325e1c29a Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 8 Oct 2019 13:48:44 +0800 Subject: [PATCH 050/165] sfss --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index 34517e5..b2838e1 100644 --- a/Puppetfile +++ b/Puppetfile @@ -24,7 +24,7 @@ mod 'puppetlabs/haproxy','4.0.0' mod 'puppetlabs/puppet_agent','2.2.0' mod 'puppetlabs/apt','7.1.0' mod 'puppetlabs/facts','0.6.0' -mod 'puppetlabs/inifile','2.4.0' +mod 'puppetlabs/inifile','3.0.0' mod 'danieldreier-autosign','0.2.0' mod 'tkishel-unlock_puppet', :git => 'ssh://git@github.com/tkishel/unlock_puppet.git', From e4cfae011c6419370c41d09488271ea03f087931 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 8 Oct 2019 14:47:44 +0800 Subject: [PATCH 051/165] set production 2.4.0 --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index b2838e1..34517e5 100644 --- a/Puppetfile +++ b/Puppetfile @@ -24,7 +24,7 @@ mod 'puppetlabs/haproxy','4.0.0' mod 'puppetlabs/puppet_agent','2.2.0' mod 'puppetlabs/apt','7.1.0' mod 'puppetlabs/facts','0.6.0' -mod 'puppetlabs/inifile','3.0.0' +mod 'puppetlabs/inifile','2.4.0' mod 'danieldreier-autosign','0.2.0' mod 'tkishel-unlock_puppet', :git => 'ssh://git@github.com/tkishel/unlock_puppet.git', From 4cd12bfdae5aaa712b3062250ec393d589fb0eb2 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 21 Oct 2019 10:54:55 +0800 Subject: [PATCH 052/165] add firewall --- Puppetfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Puppetfile b/Puppetfile index 34517e5..f206316 100644 --- a/Puppetfile +++ b/Puppetfile @@ -29,3 +29,4 @@ mod 'danieldreier-autosign','0.2.0' mod 'tkishel-unlock_puppet', :git => 'ssh://git@github.com/tkishel/unlock_puppet.git', :branch => 'master' +mod 'puppetlabs-firewall', '2.1.0' From ef9aead201aa4401470cc49fb1df92b9a1082987 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 21 Oct 2019 11:40:31 +0800 Subject: [PATCH 053/165] d --- manifests/site.pp | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/manifests/site.pp b/manifests/site.pp index 11663aa..d64a011 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -29,3 +29,12 @@ node default { # Example: # class { 'my_class': } } + + + +node linuxagent1forcmdeployment.platform9.puppet.net { + include firewall + resources { 'firewall': + purge => true, + } +} From e9e058fb2b1d4743b5c2994745957d66a78fd2a5 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 21 Oct 2019 12:14:31 +0800 Subject: [PATCH 054/165] ststs --- .DS_Store | Bin 0 -> 6148 bytes ...1forcmdeployment.platform9.puppet.net.yaml | 938 ++++++++++++++++++ manifests/site.pp | 9 - site-modules/.DS_Store | Bin 0 -> 6148 bytes site-modules/profile/.DS_Store | Bin 0 -> 6148 bytes site-modules/profile/manifests/.DS_Store | Bin 0 -> 6148 bytes site-modules/profile/manifests/base.pp | 5 - site-modules/profile/manifests/example.pp | 3 - site-modules/profile/manifests/firewall.pp | 36 + .../profile/manifests/firewall/app_rules.pp | 37 + .../profile/manifests/firewall/finish.pp | 41 + .../profile/manifests/firewall/start.pp | 60 ++ .../profile/manifests/firewall/stop.pp | 12 + 13 files changed, 1124 insertions(+), 17 deletions(-) create mode 100644 .DS_Store create mode 100644 data/nodes/linuxagent1forcmdeployment.platform9.puppet.net.yaml create mode 100644 site-modules/.DS_Store create mode 100644 site-modules/profile/.DS_Store create mode 100644 site-modules/profile/manifests/.DS_Store delete mode 100644 site-modules/profile/manifests/base.pp delete mode 100644 site-modules/profile/manifests/example.pp create mode 100644 site-modules/profile/manifests/firewall.pp create mode 100644 site-modules/profile/manifests/firewall/app_rules.pp create mode 100644 site-modules/profile/manifests/firewall/finish.pp create mode 100644 site-modules/profile/manifests/firewall/start.pp create mode 100644 site-modules/profile/manifests/firewall/stop.pp diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..7df7881a6d6f33293963952cc6ba9fc958868e58 GIT binary patch literal 6148 zcmeHKyH3L}6g{SupoO6uuw`VS5;H;y&mr2DKE4Eejum_!vHh4}f!R z4~+{F6GG_T$Uc7D!lYl)lCAibb)vCjba91qB)CLx z$y*y#0af6yDIni&6UXSH!|!(C`#s5v{!L!ouwR11KGV*JHI^7GFhGh2q=DZ{;MYQi z2_7-R6a`CTTYo?seOn(^`DQcVH*rU9Ms`Zh6Z0|hfb$%1R&k0G?kQm`>LCfd-vjRk zM@+f05r&*+#y!odjFmKCG;x7B?)hZ&9+H_O3pj59r@@$*;E*bx5!;+|P-WB(0>&!W z(&xTMoM&lGwb#IVgWeeqGRu%50zWr0)V{baii^(nh8QazVp#uKBu1O3~ zQw3B3RbWv8i4PHzVC=DUXhR1xdj%lY*=&tv`CSlB(rOnA%8!=roiHTq7&{CNB + # SELINUXTYPE= can take one of these two values: + # targeted - Targeted processes are protected, + # mls - Multi Level Security protection. + SELINUXTYPE=<%= $type %> + +# CIS 1.6.1.6 L2 Ensure no unconfined daemons exist + +# CIS 6.1.1 L2 Audit system file permissions diff --git a/manifests/site.pp b/manifests/site.pp index d64a011..11663aa 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -29,12 +29,3 @@ node default { # Example: # class { 'my_class': } } - - - -node linuxagent1forcmdeployment.platform9.puppet.net { - include firewall - resources { 'firewall': - purge => true, - } -} diff --git a/site-modules/.DS_Store b/site-modules/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..05b8c548c5cec8c7a987e951c10d055d6d3c3fb2 GIT binary patch literal 6148 zcmeHKyH3O~5S)cboJ4aarAu0B8tZfv)b|7EcnK-GoKAu|9pA!N!t8@6$k0;2jwL z@`o)~^jep+^LGPhP4vs=u}2i}CrflFVyDwzEF4mub4&$Nfv*Z^?@cVV{$J64=>Ih)kqV>&e^deK z)|>T;FBi47c}=agg?2;x1Y<3ngOy^km0~_IYmi9ogaYk5|Xhc0;%2c*)aP+isiVafL&>C?sj*4 z_7vVb0J8jexB?ac=5$4T>M%CVtB>p?B8pE<9PqpQ zZPRU;)mOWwUw)Z!c9gN-ytPf&J~PXANlOJ%fm9$BNCi@X2?e50&d(?E8BPUKf&Z(3 z{vQfmu?F^z_UquF$9K)o6xBGly9BYsx(4=+%+SQCM5jtzF~sSNm#C|Oy`$41wlkj- zJ4@V9#CB)ASUIFR=9mhk0z(B(eYw#7zot*z|A(Ypr2?tIpHe_(tIcZ3Pm10;`Z(>i sg?>x_G1gi+hruC$3vI<02X#f~tgC^&qtO{RIx!Cds!Lib@EZzz151%2J^%m! literal 0 HcmV?d00001 diff --git a/site-modules/profile/manifests/.DS_Store b/site-modules/profile/manifests/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..d16078c15d110552cb87a1ca856be4731efe0d88 GIT binary patch literal 6148 zcmeHKJxc>Y5PhR54$`Ew+|o+0wmCvlSmzID{6biAArNiv@8nnNn-ArpR|k<9n0<3Q zAA9%Uc6R{CeE)b2%m6f0MNwl!bb8cv7QyF4u^R8VM@7A@-NQ(szc{7u-ryOp*x?C- z_g~j;O`j5TL%sYkp*0f!w%ToKw|SwDJYf2>9F7 z2^i3`iqcFSb4&)3fn?yD0o@-8Rk0219c}C2U@ZV~!f6xQdS%v}64(azj`UE(Q;D7` z(PD_FbG}4e8`wK~IwYD8iIu;a7qQh@zgRe=b<8mtNCu7>(B79a)AN7HUuLw)w~!o? zfn?ynG9Z)1YBA^6#o7AnJN2wB)H|w*#`S7YXdhhy_@Mj9g*n|{)Mi{8*gI+!owsyi OUIdJg9Fl<(Fz^YEZ7-$( literal 0 HcmV?d00001 diff --git a/site-modules/profile/manifests/base.pp b/site-modules/profile/manifests/base.pp deleted file mode 100644 index ae85e65..0000000 --- a/site-modules/profile/manifests/base.pp +++ /dev/null @@ -1,5 +0,0 @@ -class profile::base { - - #the base profile should include component modules that will be on all nodes - -} diff --git a/site-modules/profile/manifests/example.pp b/site-modules/profile/manifests/example.pp deleted file mode 100644 index 0b48c3a..0000000 --- a/site-modules/profile/manifests/example.pp +++ /dev/null @@ -1,3 +0,0 @@ -class profile::example { - -} diff --git a/site-modules/profile/manifests/firewall.pp b/site-modules/profile/manifests/firewall.pp new file mode 100644 index 0000000..99c580b --- /dev/null +++ b/site-modules/profile/manifests/firewall.pp @@ -0,0 +1,36 @@ +# == Class: profile::firewall +# +# Class to configure the firewall on various platforms +# +class profile::firewall ( + # Class parameters are populated from External(hiera)/Defaults/Fail + Boolean $enable = false, + String $module = 'firewall', +){ + if $facts['os']['family'] == 'RedHat' { + # firewalld - do not use this for new config + if $module == 'firewalld' { + if $enable { + class { 'firewalld': } + } + else { + class { 'firewalld': + service_ensure => 'stopped', + service_enable => false, + } + } + } + else { + # Use this for new config + if $enable { + class { 'profile::firewall::start': } + -> class { 'profile::firewall::app_rules': } + -> class { 'profile::firewall::finish': } + } + else { + class { 'profile::firewall::stop': } + } + } + } + +} diff --git a/site-modules/profile/manifests/firewall/app_rules.pp b/site-modules/profile/manifests/firewall/app_rules.pp new file mode 100644 index 0000000..1ad8a3e --- /dev/null +++ b/site-modules/profile/manifests/firewall/app_rules.pp @@ -0,0 +1,37 @@ +# profile::firewall::app_rules +class profile::firewall::app_rules { + + # Custom Application Firewall rules found in Hiera + + ['inbound','outbound'].each | $direction | { + $firewalls= lookup("profile::firewall::${direction}", Data, 'deep', {}) + $firewalls.each | $name, $rule | { + $label = upcase( $direction ) + $chain = $direction ? { + 'inbound' => 'INPUT', + 'outbound' => 'OUTPUT', + default => '', + } + if has_key( $rule, 'jump') { + $default = {} + } else { + $default = { action => 'accept' } + } + if $rule['destination'] { + if is_array( $rule['destination'] ){ + $destinations = $rule['destination'] + } else { + $destinations = [ $rule['destination'] ] + } + $destinations.each | $dest | { + $mod_rule = $rule + { 'destination' => $dest } + create_resources( firewall, { "${name} ${label} ${dest}" => $mod_rule }, $default + { proto => 'tcp', chain => $chain } ) + } + } + else { + create_resources( firewall, { "${name} ${label}" => $rule }, $default + { proto => 'tcp', chain => $chain } ) + } + } + } + +} diff --git a/site-modules/profile/manifests/firewall/finish.pp b/site-modules/profile/manifests/firewall/finish.pp new file mode 100644 index 0000000..9c140e4 --- /dev/null +++ b/site-modules/profile/manifests/firewall/finish.pp @@ -0,0 +1,41 @@ +# == Class: profile::firewall::finish +# +# Post actions for firewall management. +# +class profile::firewall::finish { + + + ['INPUT','OUTPUT'].each | $chain | { + + # Drop the known noise from hitting the log + ['255.255.255.255',ip_address(ip_broadcast("${::network}/${::netmask}"))].each | $dest | { + firewall { "990 Broadcasts for $dest for ${chain}": + destination => $dest, + proto => 'all', + action => 'drop', + chain => $chain, + } + } + + # Log whatever hasn't been dealt with already + firewall { "998 Logging for ${chain}": + jump => 'LOG', + proto => 'all', + chain => $chain, + } + + # Drop everything else + firewall { "999 drop all for ${chain}": + proto => 'all', + action => 'drop', + chain => $chain, + } + firewall { "999 drop all for ${chain} for IPv6": + proto => 'all', + action => 'drop', + chain => $chain, + provider => 'ip6tables', + } + } + +} diff --git a/site-modules/profile/manifests/firewall/start.pp b/site-modules/profile/manifests/firewall/start.pp new file mode 100644 index 0000000..e18aaa1 --- /dev/null +++ b/site-modules/profile/manifests/firewall/start.pp @@ -0,0 +1,60 @@ +# == Class: profile::firewall::start +# +# Pre actions for firewall management. +# +class profile::firewall::start { + + class { 'firewall': } + + # Purge any unmanaged firewall rules + resources { 'firewall': + purge => true, + } + #resources { 'firewallchain': + #purge => true, + #} + + #Set up the chains (if specified) + $chains = lookup('profile::firewall::chains', Data , 'deep', {}) + create_resources( firewallchain, $chains, { policy => 'drop', before => undef, ensure => 'present' } ) + + + # Default pre rules + ['INPUT','OUTPUT'].each | $chain | { + firewall { "000 accept all icmp ${chain}": + proto => 'icmp', + action => 'accept', + chain => $chain, + } + if( $chain == 'INPUT' ){ + firewall { "001 accept all to lo interface ${chain}": + proto => 'all', + iniface => 'lo', + action => 'accept', + chain => $chain, + } + firewall { "002 reject local traffic not on loopback interface ${chain}": + iniface => '! lo', + proto => 'all', + destination => '127.0.0.1/8', + action => 'reject', + chain => $chain, + } + } + if( $chain == 'OUTPUT' ){ + firewall { "001 accept all localhost sourced ${chain}": + proto => 'all', + source => '127.0.0.1/8', + action => 'accept', + chain => $chain, + } + } + firewall { "003 accept related established rules ${chain}": + proto => 'all', + state => ['RELATED', 'ESTABLISHED'], + action => 'accept', + chain => $chain, + } + } + +} diff --git a/site-modules/profile/manifests/firewall/stop.pp b/site-modules/profile/manifests/firewall/stop.pp new file mode 100644 index 0000000..b4f0055 --- /dev/null +++ b/site-modules/profile/manifests/firewall/stop.pp @@ -0,0 +1,12 @@ +# == Class: profile::firewall::stop +# +# Turn off all firewall management. +# +class profile::firewall::stop { + + class { 'firewall': + ensure => 'stopped', + enable => false, + } + +} From 4f52054f7a9f88f7fe5b360e8029ae9d22215924 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 21 Oct 2019 14:56:32 +0800 Subject: [PATCH 055/165] sd --- .../LinuxAgent2CM.platform9.puppet.net.yaml | 938 ++++++++++++++++++ 1 file changed, 938 insertions(+) create mode 100644 data/nodes/LinuxAgent2CM.platform9.puppet.net.yaml diff --git a/data/nodes/LinuxAgent2CM.platform9.puppet.net.yaml b/data/nodes/LinuxAgent2CM.platform9.puppet.net.yaml new file mode 100644 index 0000000..78e52f9 --- /dev/null +++ b/data/nodes/LinuxAgent2CM.platform9.puppet.net.yaml @@ -0,0 +1,938 @@ +--- + +# Some standard permissions to use +root_0000: { owner: root, group: root, mode: '0000' } +root_0444: { owner: root, group: root, mode: '0444' } +root_0600: { owner: root, group: root, mode: '0600' } +root_0640: { owner: root, group: root, mode: '0640' } +root_0644: { owner: root, group: root, mode: '0644' } +root_0700: { owner: root, group: root, mode: '0700' } +root_4755: { owner: root, group: root, mode: '4755' } +root_2755: { owner: root, group: root, mode: '2755' } + + +filesystems: + # CIS 1.1.2 L2 Ensure separate partition exists for /tmp + # CIS 1.1.3 L1 Ensure nodev option set on /tmp partition + # CIS 1.1.4 L1 Ensure nosuid option set on /tmp partition + # CIS 1.1.5 L1 Ensure noexec option set on /tmp partition + /tmp: + options: nodev,nosuid,noexec + size: 512M + # CIS 1.1.6 L2 Ensure separate partition exists for /var + /var: + size: 2048M + # CIS 1.1.7 L2 Ensure separate partition exists for /var/tmp + # CIS 1.1.8 L1 Ensure nodev option set on /var/tmp partition + # CIS 1.1.9 L1 Ensure nosuid option set on /var/tmp partition + # CIS 1.1.10 L1 Ensure noexec option set on /var/tmp partition + /var/tmp: + options: nodev,nosuid,noexec + size: 512M + # CIS 1.1.11 L2 Ensure separate partition exists for /var/log + /var/log: + size: 512M + # CIS 1.1.12 L2 Ensure separate partition exists for /var/log/audit + /var/log/audit: + size: 512M + # CIS 1.1.13 L2 Ensure separate partition exists for /home + # CIS 1.1.14 L1 Ensure nodev option set on /home partition + /home: + size: 2048M + options: nodev + # CIS 1.1.15 L1 Ensure nodev option set on /dev/shm partition + # CIS 1.1.16 L1 Ensure nosuid option set on /dev/shm partition + # CIS 1.1.17 L1 Ensure noexec option set on /dev/shm partition + /dev/shm: + options: nodev,nosuid,noexec + fstype: tmpfs + device: tmpfs + + + +# CIS 1.1.18 L1 Ensure nodev option set on removable media partitions +# CIS 1.1.19 L1 Ensure nosuid option set on removable media partitions +# CIS 1.1.20 L1 Ensure noexec option set on removable media partitions + +# CIS 1.1.21 L1 Ensure sticky bit is set on all world-writable directories +# CIS 1.2.1 L1 Ensure package manager repositories are configured +# CIS 1.2.2 L1 Ensure gpgcheck is globally activated +# CIS 1.2.3 L1 Ensure GPG keys are configured +# CIS 1.2.4 L1 Ensure Red Hat Subscription Manager connection is configured +# CIS 1.3.1 L1 Ensure AIDE is installed + +# CIS 1.7.1.2 L1 Ensure local login warning banner is configured properly - banner text +profile::ssh::banner_content: |2+ + + Do not logon unless you have read and agree to the following. + + By continuing to logon you are representing that you are an authorised user + and you accept and agree that: + + 1. use of Australia Post (AP) computers, systems, software and facilities + including email and Internet Browsing is subject to policies and guidelines issued + by Australia Post from time to time; + + 2. the contents of all internal, incoming and outgoing emails are the property of + Australia Post; + + 3. Australia Post may take disciplinary action under the AP Employee Counselling + and Disciplinary Process, and/or legal action against anyone failing to comply + with relevant policy or misusing IT facilities including email and Internet; + + 4. misuse includes use, access or transmission of pornographic photos, animations, + cartoons, and images (including screensavers), sexually explicit, sexist, racist + material or material that offends, embarrasses or degrades a person because of + disability, sex, religion or ethnic background, or unacceptable behaviour or + harrassment as outlined in the Code of Ethics or Harrassment Policy; + + 5. Australia Post may monitor or audit the use of any of its IT facilities and + any information stored or passed through these facilities including email and + Internet browsing details; + + It is your responsibility to read and comply with the Group Technology Use Policy. + Should you have any questions about these conditions or the policies detailed here + please contact your line manager. For all information security related issues + contact the Information Security Office at secureatpost@auspost.com.au + + I agree to these terms and conditions. + +profile::file_ops::files: + # CIS 1.4.1 L1 Ensure permissions on bootloader config are configured - grub.cfg + /boot/grub2/grub.cfg: "%{alias('root_0640')}" + # CIS 1.4.1 L1 Ensure permissions on bootloader config are configured - user.cfg + /boot/grub2/user.cfg: "%{alias('root_0640')}" + # CIS 1.7.1.1 L1 Ensure message of the day is configured properly - banner text + # CIS 1.7.1.4 L1 Ensure permissions on /etc/motd are configured + /etc/motd: + content: '' + mode: '0644' + owner: root + group: root + # CIS 1.7.1.5 L1 Ensure permissions on /etc/issue are configured - already covered by SSH module + #/etc/issue: + #content: "%{hiera('profile::ssh::banner_content')}" + #mode: 644 + #owner: root + #group: root + # CIS 1.7.1.3 L1 Ensure remote login warning banner is configured properly - banner text + # CIS 1.7.1.6 L1 Ensure permissions on /etc/issue.net are configured - already covered by SSH module + #/etc/issue.net: + #content: "%{hiera('profile::ssh::banner_content')}" + #mode: 644 + #owner: root + #group: root + # CIS 3.4.2 L1 Ensure /etc/hosts.allow is configured + # CIS 3.4.4 L1 Ensure permissions on /etc/hosts.allow are configured + /etc/hosts.allow: + content: | + # File managed by Puppet + 'ALL: 10.0.0.0/255.0.0.0' + mode: '0644' + owner: root + group: root + # CIS 3.4.3 L1 Ensure /etc/hosts.deny is configured + # CIS 3.4.5 L1 Ensure permissions on /etc/hosts.deny are configured + /etc/hosts.deny: + content: | + # File managed by Puppet + 'ALL: ALL' + mode: '0644' + owner: root + group: root + /etc/modprobe.d/CIS.conf: + content: | + # File managed by Puppet + # CIS 1.1.1.1 L1 Ensure mounting of cramfs filesystems is disabled - modprobe + install cramfs /bin/true + # CIS 1.1.1.2 L1 Ensure mounting of freevxfs filesystems is disabled - lsmod + install freevxfs /bin/true + # CIS 1.1.1.3 L1 Ensure mounting of jffs2 filesystems is disabled - modprobe + install jffs2 /bin/true + # CIS 1.1.1.4 L1 Ensure mounting of hfs filesystems is disabled - modprobe + install hfs /bin/true + # CIS 1.1.1.5 L1 Ensure mounting of hfsplus filesystems is disabled - lsmod + install hfsplus /bin/true + # CIS 1.1.1.6 L1 Ensure mounting of squashfs filesystems is disabled - modprobe + install squashfs /bin/true + # CIS 1.1.1.7 L1 Ensure mounting of udf filesystems is disabled - lsmod + install udf /bin/true + # CIS 1.1.1.8 L2 Ensure mounting of FAT filesystems is disabled + install vfat /bin/true + + # CIS 3.5.1 L1 Ensure DCCP is disabled + install dccp /bin/true + # CIS 3.5.2 L1 Ensure SCTP is disabled + install sctp /bin/true + # CIS 3.5.3 L1 Ensure RDS is disabled + install rds /bin/true + # CIS 3.5.4 L1 Ensure TIPC is disabled + install tipc /bin/true + mode: '0644' + owner: root + group: root + # CIS 5.1.2 L1 Ensure permissions on /etc/crontab are configured + /etc/crontab: "%{alias('root_0600')}" + # CIS 5.1.8 L1 Ensure at/cron is restricted to authorized users - cron.allow + /etc/cron.allow: "%{alias('root_0600')}" + # CIS 5.1.8 L1 Ensure at/cron is restricted to authorized users - cron.deny + /etc/cron.deny: + ensure: absent + # CIS 5.1.8 L1 Ensure at/cron is restricted to authorized users - at.allow + /etc/at.allow: "%{alias('root_0600')}" + # CIS 5.1.8 L1 Ensure at/cron is restricted to authorized users - at.deny + /etc/at.deny: + ensure: absent + /etc/security/pwquality.conf: + content: | + # File managed by Puppet + difok = 5 + # CIS 5.3.1 L1 Ensure password creation requirements are configured - minlen + minlen = 9 + # CIS 5.3.1 L1 Ensure password creation requirements are configured - dcredit + dcredit = -1 + # CIS 5.3.1 L1 Ensure password creation requirements are configured - ucredit + ucredit = -1 + # CIS 5.3.1 L1 Ensure password creation requirements are configured - lcredit + lcredit = -1 + # CIS 5.3.1 L1 Ensure password creation requirements are configured - ocredit + ocredit = -1 + # minclass = 0 + # maxrepeat = 0 + # maxclassrepeat = 0 + # gecoscheck = 0 + # dictpath = + mode: '0644' + owner: root + group: root + # CIS 5.4.4 L1 Ensure default user umask is 027 or more restrictive - /etc/profile /etc/profile.d/*.sh + /etc/profile.d/umask.sh: + content: "umask 0027\n" + /etc/profile.d/umask.csh: + content: "umask 0027\n" + # CIS 5.4.5 L2 Ensure default user shell timeout is 900 seconds or less - /etc/profile + /etc/profile.d/autologout.sh: + content: "export TMOUT=36000\n" + /etc/profile.d/tmout.csh: + content: "TMOUT=36000\n" + # CIS 6.1.2 L1 Ensure permissions on /etc/passwd are configured + /etc/passwd: "%{alias('root_0644')}" + # CIS 6.1.3 L1 Ensure permissions on /etc/shadow are configured + /etc/shadow: "%{alias('root_0000')}" + # CIS 6.1.4 L1 Ensure permissions on /etc/group are configured + /etc/group: "%{alias('root_0644')}" + # CIS 6.1.5 L1 Ensure permissions on /etc/gshadow are configured + /etc/gshadow: "%{alias('root_0000')}" + # CIS 6.1.6 L1 Ensure permissions on /etc/passwd- are configured + /etc/passwd-: "%{alias('root_0644')}" + # CIS 6.1.7 L1 Ensure permissions on /etc/shadow- are configured + /etc/shadow-: "%{alias('root_0000')}" + # CIS 6.1.8 L1 Ensure permissions on /etc/group- are configured + /etc/group-: "%{alias('root_0644')}" + # CIS 6.1.9 L1 Ensure permissions on /etc/gshadow- are configured + /etc/gshadow-: "%{alias('root_0000')}" + # CIS 2.2.1.2 L1 Ensure ntp is configured - restrict -4 - not using NTP + # CIS 2.2.1.2 L1 Ensure ntp is configured - restrict -6 - not using NTP + # CIS 2.2.1.2 L1 Ensure ntp is configured - server - not using NTP + # CIS 2.2.1.3 L1 Ensure chrony is configured - NTP server - set elsewhere in hiera + # CIS 2.2.1.3 L1 Ensure chrony is configured - OPTIONS + /etc/sysconfig/chronyd: + content: | + # File managed by Puppet + OPTIONS='-u chrony' + # CIS 4.1.1.1 L2 Ensure audit log storage size is configured + # CIS 4.1.1.2 L2 Ensure system is disabled when audit logs are full - 'space_left_action = email' + # CIS 4.1.1.2 L2 Ensure system is disabled when audit logs are full - 'action_mail_acct = root' + # CIS 4.1.1.2 L2 Ensure system is disabled when audit logs are full - 'admin_space_left_action = halt' + # CIS 4.1.1.3 L2 Ensure audit logs are not automatically deleted + # CIS 4.1.2 L2 Ensure auditd service is enabled + # CIS 4.1.3 L2 Ensure auditing for processes that start prior to auditd is enabled + # CIS 4.1.4 L2 Ensure events that modify date and time information are collected - auditctl adjtimex (32-bit) + # CIS 4.1.4 L2 Ensure events that modify date and time information are collected - adjtimex (32-bit) + # CIS 4.1.4 L2 Ensure events that modify date and time information are collected - auditctl clock_settime (32-bit) + # CIS 4.1.4 L2 Ensure events that modify date and time information are collected - clock_settime (32-bit) + # CIS 4.1.4 L2 Ensure events that modify date and time information are collected - auditctl /etc/localtime + # CIS 4.1.4 L2 Ensure events that modify date and time information are collected - /etc/localtime + # CIS 4.1.4 L2 Ensure events that modify date and time information are collected - auditctl adjtimex (64-bit) + # CIS 4.1.4 L2 Ensure events that modify date and time information are collected - auditctl clock_settime (64-bit) + # CIS 4.1.4 L2 Ensure events that modify date and time information are collected - adjtimex (64-bit) + # CIS 4.1.4 L2 Ensure events that modify date and time information are collected - clock_settime (64-bit) + # CIS 4.1.5 L2 Ensure events that modify user/group information are collected - '/etc/group' + # CIS 4.1.5 L2 Ensure events that modify user/group information are collected - auditctl '/etc/group' + # CIS 4.1.5 L2 Ensure events that modify user/group information are collected - '/etc/passwd' + # CIS 4.1.5 L2 Ensure events that modify user/group information are collected - auditctl '/etc/passwd' + # CIS 4.1.5 L2 Ensure events that modify user/group information are collected - '/etc/gshadow' + # CIS 4.1.5 L2 Ensure events that modify user/group information are collected - auditctl '/etc/gshadow' + # CIS 4.1.5 L2 Ensure events that modify user/group information are collected - '/etc/shadow' + # CIS 4.1.5 L2 Ensure events that modify user/group information are collected - auditctl '/etc/shadow' + # CIS 4.1.5 L2 Ensure events that modify user/group information are collected - '/etc/security/opasswd' + # CIS 4.1.5 L2 Ensure events that modify user/group information are collected - auditctl '/etc/security/opasswd' + # CIS 4.1.6 L2 Ensure events that modify the system's network environment are collected - sethostname (32-bit) + # CIS 4.1.6 L2 Ensure events that modify the system's network environment are collected - auditctl sethostname (32-bit) + # CIS 4.1.6 L2 Ensure events that modify the system's network environment are collected - issue + # CIS 4.1.6 L2 Ensure events that modify the system's network environment are collected - auditctl issue + # CIS 4.1.6 L2 Ensure events that modify the system's network environment are collected - issue.net + # CIS 4.1.6 L2 Ensure events that modify the system's network environment are collected - auditctl issue.net + # CIS 4.1.6 L2 Ensure events that modify the system's network environment are collected - /etc/hosts + # CIS 4.1.6 L2 Ensure events that modify the system's network environment are collected - auditctl hosts + # CIS 4.1.6 L2 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network + # CIS 4.1.6 L2 Ensure events that modify the system's network environment are collected - auditctl network + # CIS 4.1.6 L2 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network-scripts + # CIS 4.1.6 L2 Ensure events that modify the system's network environment are collected - auditctl network-scripts + # CIS 4.1.6 L2 Ensure events that modify the system's network environment are collected - sethostname (64-bit) + # CIS 4.1.6 L2 Ensure events that modify the system's network environment are collected - auditctl sethostname (64-bit) + # CIS 4.1.7 L2 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/selinux/ + # CIS 4.1.7 L2 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/selinux/ + # CIS 4.1.7 L2 Ensure events that modify the system's Mandatory Access Controls are collected - /usr/share/selinux/ + # CIS 4.1.7 L2 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /usr/share/selinux/ + # CIS 4.1.8 L2 Ensure login and logout events are collected - /var/log/lastlog + # CIS 4.1.8 L2 Ensure login and logout events are collected - auditctl /var/log/lastlog + # CIS 4.1.8 L2 Ensure login and logout events are collected - /var/run/faillock/ + # CIS 4.1.8 L2 Ensure login and logout events are collected - auditctl /var/run/faillock/ + # CIS 4.1.9 L2 Ensure session initiation information is collected - utmp + # CIS 4.1.9 L2 Ensure session initiation information is collected - auditctl utmp + # CIS 4.1.9 L2 Ensure session initiation information is collected - wtmp + # CIS 4.1.9 L2 Ensure session initiation information is collected - auditctl wtmp + # CIS 4.1.9 L2 Ensure session initiation information is collected - btmp + # CIS 4.1.9 L2 Ensure session initiation information is collected - auditctl btmp + # CIS 4.1.10 L2 Ensure discretionary access control permission modification events are collected - chmod/fchmod/fchmodat + # CIS 4.1.10 L2 Ensure discretionary access control permission modification events are collected - auditctl chmod/fchmod/fchmodat + # CIS 4.1.10 L2 Ensure discretionary access control permission modification events are collected - chown/fchown/fchownat/lchown + # CIS 4.1.10 L2 Ensure discretionary access control permission modification events are collected - auditctl chown/fchown/fchownat/lchown + # CIS 4.1.10 L2 Ensure discretionary access control permission modification events are collected - setxattr/lsetxattr/fsetxattr/removexattr + # CIS 4.1.10 L2 Ensure discretionary access control permission modification events are collected - auditctl setxattr/lsetxattr/fsetxattr/removexattr + # CIS 4.1.10 L2 Ensure discretionary access control permission modification events are collected - chmod/fchmod/fchmodat (64-bit) + # CIS 4.1.10 L2 Ensure discretionary access control permission modification events are collected - auditctl chmod/fchmod/fchmodat (64-bit) + # CIS 4.1.10 L2 Ensure discretionary access control permission modification events are collected - chown/fchown/fchownat/lchown (64-bit) + # CIS 4.1.10 L2 Ensure discretionary access control permission modification events are collected - auditctl chown/fchown/fchownat/lchown (64-bit) + # CIS 4.1.10 L2 Ensure discretionary access control permission modification events are collected - xattr (64-bit) + # CIS 4.1.10 L2 Ensure discretionary access control permission modification events are collected - auditctl xattr (64-bit) + # CIS 4.1.11 L2 Ensure unsuccessful unauthorized file access attempts are collected - EACCES + # CIS 4.1.11 L2 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EACCES + # CIS 4.1.11 L2 Ensure unsuccessful unauthorized file access attempts are collected - EPERM + # CIS 4.1.11 L2 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM + # CIS 4.1.11 L2 Ensure unsuccessful unauthorized file access attempts are collected - EACCES (64-bit) + # CIS 4.1.11 L2 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EACCES (64-bit) + # CIS 4.1.11 L2 Ensure unsuccessful unauthorized file access attempts are collected - EPERM (64-bit) + # CIS 4.1.11 L2 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM (64-bit) + # CIS 4.1.12 L2 Ensure use of privileged commands is collected + # CIS 4.1.13 L2 Ensure successful file system mounts are collected + # CIS 4.1.13 L2 Ensure successful file system mounts are collected - auditctl + # CIS 4.1.13 L2 Ensure successful file system mounts are collected - b64 + # CIS 4.1.13 L2 Ensure successful file system mounts are collected - auditctl (64-bit) + # CIS 4.1.14 L2 Ensure file deletion events by users are collected + # CIS 4.1.14 L2 Ensure file deletion events by users are collected - auditctl + # CIS 4.1.14 L2 Ensure file deletion events by users are collected - b64 + # CIS 4.1.14 L2 Ensure file deletion events by users are collected - auditctl (64-bit) + # CIS 4.1.15 L2 Ensure changes to system administration scope (sudoers) is collected - sudoers + # CIS 4.1.15 L2 Ensure changes to system administration scope (sudoers) is collected - auditctl sudoers + # CIS 4.1.15 L2 Ensure changes to system administration scope (sudoers) is collected - sudoers.d + # CIS 4.1.15 L2 Ensure changes to system administration scope (sudoers) is collected - auditctl sudoers.d + # CIS 4.1.16 L2 Ensure system administrator actions (sudolog) are collected + # CIS 4.1.16 L2 Ensure system administrator actions (sudolog) are collected - auditctl + # CIS 4.1.17 L2 Ensure kernel module loading and unloading is collected - insmod + # CIS 4.1.17 L2 Ensure kernel module loading and unloading is collected - auditctl insmod + # CIS 4.1.17 L2 Ensure kernel module loading and unloading is collected - rmmod + # CIS 4.1.17 L2 Ensure kernel module loading and unloading is collected - auditctl rmmod + # CIS 4.1.17 L2 Ensure kernel module loading and unloading is collected - modprobe + # CIS 4.1.17 L2 Ensure kernel module loading and unloading is collected - auditctl modprobe + # CIS 4.1.17 L2 Ensure kernel module loading and unloading is collected - init_module/delete_module + # CIS 4.1.17 L2 Ensure kernel module loading and unloading is collected - auditctl init_module/delete_module + # CIS 4.1.17 L2 Ensure kernel module loading and unloading is collected - init_module/delete_module + # CIS 4.1.17 L2 Ensure kernel module loading and unloading is collected - auditctl init_module/delete_module + # CIS 4.1.18 L2 Ensure the audit configuration is immutable + /etc/audit/auditd.conf: + content: | + # File managed by Puppet + # + # This file controls the configuration of the audit daemon + # + local_events = yes + write_logs = yes + log_file = /var/log/audit/audit.log + log_group = root + log_format = RAW + flush = INCREMENTAL_ASYNC + freq = 50 + max_log_file = 8 + num_logs = 5 + priority_boost = 4 + disp_qos = lossy + dispatcher = /sbin/audispd + name_format = NONE + ##name = mydomain + max_log_file_action = ROTATE + space_left = 75 + space_left_action = SYSLOG + verify_email = yes + action_mail_acct = root + admin_space_left = 50 + admin_space_left_action = SUSPEND + disk_full_action = SUSPEND + disk_error_action = SUSPEND + use_libwrap = yes + ##tcp_listen_port = 60 + tcp_listen_queue = 5 + tcp_max_per_addr = 1 + ##tcp_client_ports = 1024-65535 + tcp_client_max_idle = 0 + enable_krb5 = no + krb5_principal = auditd + ##krb5_key_file = /etc/audit/audit.key + distribute_network = no + + +profile::file_ops::directories: + # CIS 5.1.3 L1 Ensure permissions on /etc/cron.hourly are configured + /etc/cron.hourly: "%{alias('root_0700')}" + # CIS 5.1.4 L1 Ensure permissions on /etc/cron.daily are configured + /etc/cron.daily: "%{alias('root_0700')}" + # CIS 5.1.5 L1 Ensure permissions on /etc/cron.weekly are configured + /etc/cron.weekly: "%{alias('root_0700')}" + # CIS 5.1.6 L1 Ensure permissions on /etc/cron.monthly are configured + /etc/cron.monthly: "%{alias('root_0700')}" + # CIS 5.1.7 L1 Ensure permissions on /etc/cron.d are configured + /etc/cron.d: "%{alias('root_0700')}" + +# CIS 5.3.1 L1 Ensure password creation requirements are configured - password-auth try_first_pass +# CIS 5.3.1 L1 Ensure password creation requirements are configured - system-auth try_first_pass +# CIS 5.3.1 L1 Ensure password creation requirements are configured - password-auth retry=3 +# CIS 5.3.1 L1 Ensure password creation requirements are configured - system-auth retry=3 +central_auth::pam::dfok: 5 +central_auth::pam::minlen: 9 +central_auth::pam::dcredit: -1 +central_auth::pam::ucredit: -1 +central_auth::pam::ocredit: -1 +central_auth::pam::lcredit: -1 + + +# CIS 1.4.2 L1 Ensure bootloader password is set +# CIS 1.4.3 L1 Ensure authentication required for single user mode - rescue.service +# CIS 1.4.3 L1 Ensure authentication required for single user mode - emergency.service + +# CIS 1.5.1 L1 Ensure core dumps are restricted - limits.conf limits.d +security::limits::limits_hash: + "*/hard/core": + value: '0' +# CIS 1.5.1 L1 Ensure core dumps are restricted - sysctl +# CIS 1.5.1 L1 Ensure core dumps are restricted - sysctl.conf sysctl.d +profile::kernel::sysctl: + fs.suid_dumpable: 0 + # CIS 1.5.3 L1 Ensure address space layout randomization (ASLR) is enabled - sysctl + # CIS 1.5.3 L1 Ensure address space layout randomization (ASLR) is enabled - sysctl.conf sysctl.d + kernel.randomize_va_space: 2 + # CIS 3.1.1 L1 Ensure IP forwarding is disabled - sysctl + # CIS 3.1.1 L1 Ensure IP forwarding is disabled - sysctlc.conf sysctl.d + net.ipv4.ip_forward: 0 + # CIS 3.1.2 L1 Ensure packet redirect sending is disabled - 'net.ipv4.conf.all.send_redirects = 0' + # CIS 3.1.2 L1 Ensure packet redirect sending is disabled - 'net.ipv4.conf.default.send_redirects = 0' + net.ipv4.conf.all.send_redirects: 0 + net.ipv4.conf.default.send_redirects: 0 + # CIS 3.2.1 L1 Ensure source routed packets are not accepted - 'net.ipv4.conf.default.accept_source_route = 0' + # CIS 3.2.1 L1 Ensure source routed packets are not accepted - 'net.ipv4.conf.all.accept_source_route = 0' + net.ipv4.conf.all.accept_source_route: 0 + net.ipv4.conf.default.accept_source_route: 0 + # CIS 3.2.2 L1 Ensure ICMP redirects are not accepted - 'net.ipv4.conf.all.accept_redirects = 0' + # CIS 3.2.2 L1 Ensure ICMP redirects are not accepted - 'net.ipv4.conf.default.accept_redirects = 0' + net.ipv4.conf.all.accept_redirects: 0 + net.ipv4.conf.default.accept_redirects: 0 + # CIS 3.2.3 L1 Ensure secure ICMP redirects are not accepted - 'net.ipv4.conf.default.secure_redirects = 0' + # CIS 3.2.3 L1 Ensure secure ICMP redirects are not accepted - 'net.ipv4.conf.all.secure_redirects = 0' + net.ipv4.conf.all.secure_redirects: 0 + net.ipv4.conf.default.secure_redirects: 0 + # CIS 3.2.4 L1 Ensure suspicious packets are logged - 'net.ipv4.conf.all.log_martians = 1' + # CIS 3.2.4 L1 Ensure suspicious packets are logged - 'net.ipv4.conf.default.log_martians = 1' + net.ipv4.conf.all.log_martians: 1 + net.ipv4.conf.default.log_martians: 1 + # CIS 3.2.5 L1 Ensure broadcast ICMP requests are ignored - sysctl + # CIS 3.2.5 L1 Ensure broadcast ICMP requests are ignored - sysctl.conf sysctl.d + net.ipv4.icmp_echo_ignore_broadcasts: 1 + # CIS 3.2.6 L1 Ensure bogus ICMP responses are ignored - sysctl + # CIS 3.2.6 L1 Ensure bogus ICMP responses are ignored - sysctl.conf sysctl.d + net.ipv4.icmp_ignore_bogus_error_responses: 1 + # CIS 3.2.7 L1 Ensure Reverse Path Filtering is enabled - 'net.ipv4.conf.default.rp_filter = 1' + # CIS 3.2.7 L1 Ensure Reverse Path Filtering is enabled - 'net.ipv4.conf.all.rp_filter = 1' + net.ipv4.conf.all.rp_filter: 1 + net.ipv4.conf.default.rp_filter: 1 + # CIS 3.2.8 L1 Ensure TCP SYN Cookies is enabled - sysctl + # CIS 3.2.8 L1 Ensure TCP SYN Cookies is enabled - sysctl.conf sysctl.d + net.ipv4.tcp_syncookies: 1 + # CIS 3.3.1 L1 Ensure IPv6 router advertisements are not accepted - 'net.ipv6.conf.all.accept_ra = 0' + # CIS 3.3.1 L1 Ensure IPv6 router advertisements are not accepted - 'net.ipv6.conf.default.accept_ra = 0' + # CIS 3.3.1 L1 Ensure IPv6 router advertisements are not accepted - files 'net.ipv6.conf.all.accept_ra = 0' + # CIS 3.3.1 L1 Ensure IPv6 router advertisements are not accepted - files 'net.ipv6.conf.default.accept_ra = 0' + net.ipv6.conf.all.accept_ra: 0 + net.ipv6.conf.default.accept_ra: 0 + # CIS 3.3.2 L1 Ensure IPv6 redirects are not accepted - 'net.ipv6.conf.default.accept_redirects = 0' + # CIS 3.3.2 L1 Ensure IPv6 redirects are not accepted - 'net.ipv6.conf.all.accept_redirects = 0' + # CIS 3.3.2 L1 Ensure IPv6 redirects are not accepted - files 'net.ipv6.conf.default.accept_redirects = 0' + # CIS 3.3.2 L1 Ensure IPv6 redirects are not accepted - files 'net.ipv6.conf.all.accept_redirects = 0' + net.ipv6.conf.all.accept_redirects: 0 + net.ipv6.conf.default.accept_redirects: 0 + +# CIS 1.5.2 L1 Ensure XD/NX support is enabled (32 bit only) +# CIS 1.8 L1 Ensure updates, patches, and additional security software are installed + +# CIS 2.2.15 L1 Ensure mail transfer agent is configured for local-only mode +networking::mailclient::inet_interfaces: 'localhost' + +packages::remove: + RedHat: + # CIS 1.1.22 L1 Disable Automounting + - autofs + # CIS 1.5.4 L1 Ensure prelink is disabled + - prelink + # CIS 1.6.1.4 L2 Ensure SETroubleshoot is not installed + - setroubleshoot + # CIS 1.6.1.5 L2 Ensure the MCS Translation Service (mcstrans) is not installed + - mcstrans + # CIS 1.7.2 L1 Ensure GDM login banner is configured - user-db + # CIS 1.7.2 L1 Ensure GDM login banner is configured - system-db + # CIS 1.7.2 L1 Ensure GDM login banner is configured - file-db + # CIS 1.7.2 L1 Ensure GDM login banner is configured - banner message enabled + # CIS 1.7.2 L1 Ensure GDM login banner is configured - banner message text + - gdm + # CIS 2.1.1 L1 Ensure chargen services are not enabled - dgram + # CIS 2.1.1 L1 Ensure chargen services are not enabled - stream + # CIS 2.1.2 L1 Ensure daytime services are not enabled - dgram + # CIS 2.1.2 L1 Ensure daytime services are not enabled - stream + # CIS 2.1.3 L1 Ensure discard services are not enabled - dgram + # CIS 2.1.3 L1 Ensure discard services are not enabled - stream + # CIS 2.1.4 L1 Ensure echo services are not enabled - dgram + # CIS 2.1.4 L1 Ensure echo services are not enabled - stream + # CIS 2.1.5 L1 Ensure time services are not enabled - dgram + # CIS 2.1.5 L1 Ensure time services are not enabled - stream + # CIS 2.1.7 L1 Ensure xinetd is not enabled + - xinetd + # CIS 2.1.6 L1 Ensure tftp server is not enabled + # CIS 2.2.20 L1 Ensure tftp server is not enabled + - tftp-server +# CIS 2.2.2 L1 Ensure X Window System is not installed + # CIS 2.2.3 L1 Ensure Avahi Server is not enabled + - avahi + # CIS 2.2.4 L1 Ensure CUPS is not enabled + - cups + # CIS 2.2.5 L1 Ensure DHCP Server is not enabled + - dhcp + - dnsmasq + # CIS 2.2.6 L1 Ensure LDAP server is not enabled + - openldap-servers +# CIS 2.2.7 L1 Ensure NFS and RPC are not enabled - nfs +# CIS 2.2.7 L1 Ensure NFS and RPC are not enabled - nfs-server +# CIS 2.2.7 L1 Ensure NFS and RPC are not enabled - rpcbind + # CIS 2.2.8 L1 Ensure DNS Server is not enabled + - bind + - pdns + # CIS 2.2.9 L1 Ensure FTP Server is not enabled + - vsftpd + - pure-ftpd + - perl-ftpd + - proftpd + # CIS 2.2.10 L1 Ensure HTTP server is not enabled + - caddy + - httpd + - lighttpd + - nginx + - nginx14-nginx + - nginx16-nginx + - nodejs-ws + - xbean + - rubygem-thin + # CIS 2.2.11 L1 Ensure IMAP and POP3 server is not enabled + - dovecot + - cyrus-imapd + # CIS 2.2.12 L1 Ensure Samba is not enabled + - samba + - samba-dc + # CIS 2.2.13 L1 Ensure HTTP Proxy Server is not enabled + - squid + # CIS 2.2.14 L1 Ensure SNMP Server is not enabled + - net-snmp + # CIS 2.2.16 L1 Ensure NIS Server is not enabled + # CIS 2.3.1 L1 Ensure NIS Client is not installed + - ypserv + - ypbind + # CIS 2.2.17 L1 Ensure rsh server is not enabled - rexec + # CIS 2.2.17 L1 Ensure rsh server is not enabled - rlogin + # CIS 2.2.17 L1 Ensure rsh server is not enabled - rsh + # CIS 2.3.2 L1 Ensure rsh client is not installed + - rsh-server + - rsh + # CIS 2.2.18 L1 Ensure talk server is not enabled + # CIS 2.3.3 L1 Ensure talk client is not installed + - ntalk + - talk + # CIS 2.2.19 L1 Ensure telnet server is not enabled + - telnet-server +profile::services: + # CIS 1.2.5 L2 Disable the rhnsd Daemon + rhnsd: + ensure: stopped + enable: false + # CIS 2.2.21 L1 Ensure rsync service is not enabled + rsyncd: + ensure: stopped + enable: false + # CIS 5.1.1 L1 Ensure cron daemon is enabled + crond: + ensure: running + enable: true + +# CIS 2.3.4 L1 Ensure telnet client is not installed - disputed +# CIS 2.3.5 L1 Ensure LDAP client is not installed - disputed + +packages::add: + RedHat: + # CIS 3.4.1 L1 Ensure TCP Wrappers is installed + - tcp_wrappers + # CIS 1.6.2 L2 Ensure SELinux is installed + - libselinux + +# CIS 3.6.1 L1 Ensure iptables is installed +profile::firewall::enable: true +profile::firewall::chains: + # CIS 3.6.2 L1 Ensure default deny firewall policy - Chain INPUT + INPUT:filter:IPv4: + policy: drop + INPUT:filter:IPv6: + policy: drop + # CIS 3.6.2 L1 Ensure default deny firewall policy - Chain FORWARD + FORWARD:filter:IPv4: + policy: drop + FORWARD:filter:IPv6: + policy: drop + # CIS 3.6.2 L1 Ensure default deny firewall policy - Chain OUTPUT + OUTPUT:filter:IPv4: + policy: drop + OUTPUT:filter:IPv6: + policy: drop +# CIS 3.6.3 L1 Ensure loopback traffic is configured +# Configured in code +# CIS 3.6.4 L1 Ensure outbound and established connections are configured +# Configured in code +# CIS 3.6.5 L1 Ensure firewall rules exist for all open ports +profile::firewall::inbound: + '101 DHCP Server': + sport: 67 + proto: udp + '110 SSH Access': + dport: 22 + '161 NetBackup Server': + dport: [ 1556, 13724 ] +profile::firewall::outbound: + '101 DHCP Client': + sport: 68 + proto: udp + '120 SSH Access': + sport: 22 + '130 Puppet Server Access': + dport: [8140,8142] + destination: 10.5.162.0/24 + '102 Network Time Protocol': + dport: 123 + proto: udp + '103 Name Resolution TCP': + dport: 53 + proto: tcp + '103 Name Resolution UDP': + dport: 53 + proto: udp + '104 AD Authentication TCP': + dport: [ 88, 389, 445, 464, 3268 ] + '104 AD Authentication UDP': + dport: [ 88, 137, 389 ] + proto: udp + '140 RightLink Agent': + # From here: https://docs.rightscale.com/faq/Firewall_Configuration_Ruleset.html + dport: 443 + destination: + - 54.225.248.128/27 + - 54.244.88.96/27 + - 54.86.63.128/26 + - 54.187.254.128/26 + - 54.246.247.16/28 + - 54.248.220.128/28 + - 54.255.255.208/28 + - 52.65.255.224/28 + '141 AWS Instance Data': + dport: 80 + destination: 169.254.169.254/32 + '145 Sumo Logic Monitoring': + # Unfortunately SUMO runs on AWS randomly, so we need to open up access to the whole of AWS EC2 for our region ap-southeast-2 + # https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security + dport: 443 + destination: + - 13.210.0.0/15 + - 13.236.0.0/14 + - 13.54.0.0/15 + - 15.193.3.0/24 + - 3.104.0.0/14 + - 3.24.0.0/14 + - 52.62.0.0/15 + - 52.64.0.0/17 + - 52.64.128.0/17 + - 52.65.0.0/16 + - 52.94.248.64/28 + - 52.95.241.0/24 + - 52.95.255.16/28 + - 54.153.128.0/17 + - 54.206.0.0/16 + - 54.252.0.0/16 + - 54.253.0.0/16 + - 54.66.0.0/16 + - 54.79.0.0/16 + - 99.77.144.0/24 + # Currently some sumo installations are trying to hit the US AWS site us-east-1, hopefully we can delete these after getting the + # sumo agent to just point to AU + - 100.24.0.0/13 + - 107.20.0.0/14 + - 15.193.6.0/24 + - 162.250.236.0/24 + - 162.250.237.0/24 + - 162.250.238.0/23 + - 174.129.0.0/16 + - 18.204.0.0/14 + - 18.208.0.0/13 + - 18.232.0.0/14 + - 184.72.128.0/17 + - 184.72.64.0/18 + - 184.73.0.0/16 + - 204.236.192.0/18 + - 208.86.88.0/23 + - 216.182.224.0/21 + - 216.182.232.0/22 + - 216.182.238.0/23 + - 23.20.0.0/14 + - 3.208.0.0/12 + - 3.224.0.0/12 + - 3.80.0.0/12 + - 34.192.0.0/12 + - 34.224.0.0/12 + - 35.153.0.0/16 + - 35.168.0.0/13 + - 44.192.0.0/11 + - 50.16.0.0/15 + - 50.19.0.0/16 + - 52.0.0.0/15 + - 52.2.0.0/15 + - 52.20.0.0/14 + - 52.200.0.0/13 + - 52.4.0.0/14 + - 52.44.0.0/15 + - 52.54.0.0/15 + - 52.70.0.0/15 + - 52.72.0.0/15 + - 52.86.0.0/15 + - 52.90.0.0/15 + - 52.94.201.0/26 + - 52.94.248.0/28 + - 52.95.245.0/24 + - 52.95.255.80/28 + - 54.144.0.0/14 + - 54.152.0.0/16 + - 54.156.0.0/14 + - 54.160.0.0/13 + - 54.172.0.0/15 + - 54.174.0.0/15 + - 54.196.0.0/15 + - 54.198.0.0/16 + - 54.204.0.0/15 + - 54.208.0.0/15 + - 54.210.0.0/15 + - 54.221.0.0/16 + - 54.224.0.0/15 + - 54.226.0.0/15 + - 54.234.0.0/15 + - 54.236.0.0/15 + - 54.242.0.0/15 + - 54.80.0.0/13 + - 54.88.0.0/14 + - 54.92.128.0/17 + - 67.202.0.0/18 + - 72.44.32.0/19 + - 75.101.128.0/17 + - 99.77.128.0/24 + - 99.77.129.0/24 + - 99.77.191.0/24 + - 99.77.254.0/24 + '150 Telegraf Monitoring': + dport: 80 + destination: [ 10.212.82.107/32, 10.212.85.6/32 ] + '160 YUM Server': + dport: [ 80, 443 ] + destination: "%{::yum_server}" + '161 NetBackup Server': + dport: [ 1556, 13724 ] + '162 Mail Server': + dport: 25 + destination: "%{hiera('networking::mailclient::relayhost')}" + '163 Log Server': + dport: [ 5514, 6514 ] + destination: + - "%{hiera('profile::nxlog_client::logserver1')}" + - "%{hiera('profile::nxlog_client::logserver2')}" +# CIS 3.7 L1 Ensure wireless interfaces are disabled + + +# CIS 4.2.1.1 L1 Ensure rsyslog Service is enabled +# CIS 4.2.1.3 L1 Ensure rsyslog default file permissions configured +# CIS 4.2.1.4 L1 Ensure rsyslog is configured to send logs to a remote log host +# CIS 4.2.1.5 L1 Ensure remote rsyslog messages are only accepted on designated log hosts. - imtcp.so +# CIS 4.2.1.5 L1 Ensure remote rsyslog messages are only accepted on designated log hosts. - InputTCPServerRun 514 +# CIS 4.2.2.1 L1 Ensure syslog-ng service is enabled +# CIS 4.2.2.3 L1 Ensure syslog-ng default file permissions configured +# CIS 4.2.2.4 L1 Ensure syslog-ng is configured to send logs to a remote log host - destination logserver +# CIS 4.2.2.4 L1 Ensure syslog-ng is configured to send logs to a remote log host - log src +# CIS 4.2.2.5 L1 Ensure remote syslog-ng messages are only accepted on designated log hosts +# CIS 4.2.4 L1 Ensure permissions on all logfiles are configured + + +# CIS 5.2.1 L1 Ensure permissions on /etc/ssh/sshd_config are configured +# Set to 600 by SSH server module +profile::ssh::options_hash: +# CIS 5.2.2 L1 Ensure SSH Protocol is set to 2 + Protocol: '2' +# CIS 5.2.3 L1 Ensure SSH LogLevel is set to INFO + LogLevel: INFO +# CIS 5.2.4 L1 Ensure SSH X11 forwarding is disabled + X11Forwarding: no +# CIS 5.2.5 L1 Ensure SSH MaxAuthTries is set to 4 or less + MaxAuthTries: '4' +# CIS 5.2.6 L1 Ensure SSH IgnoreRhosts is enabled + IgnoreRhosts: yes +# CIS 5.2.7 L1 Ensure SSH HostbasedAuthentication is disabled + HostbasedAuthentication: no +# CIS 5.2.8 L1 Ensure SSH root login is disabled + PermitRootLogin: no +# CIS 5.2.9 L1 Ensure SSH PermitEmptyPasswords is disabled + PermitEmptyPasswords: no +# CIS 5.2.10 L1 Ensure SSH PermitUserEnvironment is disabled + PermitUserEnvironment: no +# CIS 5.2.11 L1 Ensure only approved MAC algorithms are used + MACs: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com +# CIS 5.2.12 L1 Ensure SSH Idle Timeout Interval is configured - ClientAliveInterval - setting to an hour to balance productivity + ClientAliveInterval: '3600' +# CIS 5.2.12 L1 Ensure SSH Idle Timeout Interval is configured - ClientAliveCountMax + ClientAliveCountMax: '0' +# CIS 5.2.13 L1 Ensure SSH LoginGraceTime is set to one minute or less + LoginGraceTime: 60 +# CIS 5.2.15 L1 Ensure SSH warning banner is configured + Banner: /etc/issue +# CIS 5.2.14 L1 Ensure SSH access is limited +profile::ssh::allowed_groups: + - gg_linux_admins + +# CIS 5.3.2 L1 Ensure lockout for failed password attempts is configured - system-auth 'auth required pam_faillock.so' +# CIS 5.3.2 L1 Ensure lockout for failed password attempts is configured - system-auth 'auth [success=1 default=bad] pam_unix.so' +# CIS 5.3.2 L1 Ensure lockout for failed password attempts is configured - system-auth 'auth [default=die] pam_faillock.so' +# CIS 5.3.2 L1 Ensure lockout for failed password attempts is configured - system-auth 'auth sufficient pam_faillock.so' +# CIS 5.3.2 L1 Ensure lockout for failed password attempts is configured - password-auth 'auth required pam_faillock.so' +# CIS 5.3.2 L1 Ensure lockout for failed password attempts is configured - password-auth 'auth [success=1 default=bad] pam_unix.so' +# CIS 5.3.2 L1 Ensure lockout for failed password attempts is configured - password-auth 'auth [default=die] pam_faillock.so' +# CIS 5.3.2 L1 Ensure lockout for failed password attempts is configured - password-auth 'auth sufficient pam_faillock.so' + +# CIS 5.3.3 L1 Ensure password reuse is limited - system-auth +# CIS 5.3.3 L1 Ensure password reuse is limited - password-auth + +# CIS 5.3.4 L1 Ensure password hashing algorithm is SHA-512 - system-auth +# CIS 5.3.4 L1 Ensure password hashing algorithm is SHA-512 - password-auth +# Set via the central_auth module + +# CIS 5.4.1.1 L1 Ensure password expiration is 365 days or less +# CIS 5.4.1.2 L1 Ensure minimum days between password changes is 7 or more +# CIS 5.4.1.3 L1 Ensure password expiration warning days is 7 or more +# CIS 5.4.1.4 L1 Ensure inactive password lock is 30 days or less +# CIS 5.4.1.5 L1 Ensure all users last password change date is in the past + +# CIS 5.4.2 L1 Ensure system accounts are non-login + +local_users::add::users: + root: + uid: 0 + # CIS 5.4.3 L1 Ensure default group for the root account is GID 0 + gid: 0 + # CIS 5.6 L1 Ensure access to the su command is restricted - wheel group contains root + groups: [ wheel ] + +profile::file_ops::file_lines: + /etc/bashrc: + # CIS 5.4.5 L2 Ensure default user shell timeout is 900 seconds or less - /etc/bashrc - setting to an hour to balance productivity + - line : 'TMOUT=3600' + match : 'TMOUT=' + # CIS 5.4.4 L1 Ensure default user umask is 027 or more restrictive - /etc/bashrc + - line : ' umask 027' + match : ' umask 0\d\d' + multiple : true + # CIS 5.6 L1 Ensure access to the su command is restricted - pam_wheel.so + /etc/pam.d/su: + line : 'auth required pam_wheel.so use_uid' + match : '#auth required pam_wheel.so use_uid' + # CIS 3.3.3 L1 Ensure IPv6 is disabled + /etc/default/grub: + line: GRUB_CMDLINE_LINUX='ipv6.disable=1' + match: GRUB_CMDLINE_LINUX + # CIS 6.2.2 L1 Ensure no legacy '+' entries exist in /etc/passwd + /etc/passwd: + ensure: absent + line: '+' + # CIS 6.2.3 L1 Ensure no legacy '+' entries exist in /etc/shadow + /etc/shadow: + ensure: absent + line: '+' + # CIS 6.2.4 L1 Ensure no legacy '+' entries exist in /etc/group + /etc/group: + ensure: absent + line: '+' + +# CIS 5.5 L1 Ensure root login is restricted to system console - TBD +# CIS 6.1.10 L1 Ensure no world writable files exist +# CIS 6.1.11 L1 Ensure no unowned files or directories exist +# CIS 6.1.12 L1 Ensure no ungrouped files or directories exist +# CIS 6.1.13 L1 Audit SUID executables +# CIS 6.1.14 L1 Audit SGID executables +# CIS 6.2.1 L1 Ensure password fields are not empty + +# CIS 6.2.5 L1 Ensure root is the only UID 0 account +# CIS 6.2.6 L1 Ensure root PATH Integrity +# CIS 6.2.7 L1 Ensure all users' home directories exist +# CIS 6.2.8 L1 Ensure users' home directories permissions are 750 or more restrictive +# CIS 6.2.9 L1 Ensure users own their home directories +# CIS 6.2.10 L1 Ensure users' dot files are not group or world writable +# CIS 6.2.11 L1 Ensure no users have .forward files +# CIS 6.2.12 L1 Ensure no users have .netrc files +# CIS 6.2.13 L1 Ensure users' .netrc Files are not group or world accessible +# CIS 6.2.14 L1 Ensure no users have .rhosts files +# CIS 6.2.15 L1 Ensure all groups in /etc/passwd exist in /etc/group +# CIS 6.2.16 L1 Ensure no duplicate UIDs exist +# CIS 6.2.17 L1 Ensure no duplicate GIDs exist +# CIS 6.2.18 L1 Ensure no duplicate user names exist +# CIS 6.2.19 L1 Ensure no duplicate group names exist + +# CIS 1.6.1.1 L2 Ensure SELinux is not disabled in bootloader configuration - selinux = 0 +# CIS 1.6.1.1 L2 Ensure SELinux is not disabled in bootloader configuration - enforcing = 0 + +profile::file_ops::templates: + # CIS 1.6.1.2 L2 Ensure the SELinux state is enforcing + # CIS 1.6.1.3 L2 Ensure SELinux policy is configured + /etc/selinux/config: + data: + setting: permissive + type: targeted + owner: root + group: root + mode: '0644' + content: | + # This file controls the state of SELinux on the system. + # SELINUX= can take one of these three values: + # enforcing - SELinux security policy is enforced. + # permissive - SELinux prints warnings instead of enforcing. + # disabled - No SELinux policy is loaded. + SELINUX=<%= $setting %> + # SELINUXTYPE= can take one of these two values: + # targeted - Targeted processes are protected, + # mls - Multi Level Security protection. + SELINUXTYPE=<%= $type %> + +# CIS 1.6.1.6 L2 Ensure no unconfined daemons exist + +# CIS 6.1.1 L2 Audit system file permissions From 81807450743c200108d2ef043a48eb2625db75f6 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 21 Oct 2019 14:58:54 +0800 Subject: [PATCH 056/165] ts --- site-modules/profile/manifests/firewall/stop.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-modules/profile/manifests/firewall/stop.pp b/site-modules/profile/manifests/firewall/stop.pp index b4f0055..4cf2e7d 100644 --- a/site-modules/profile/manifests/firewall/stop.pp +++ b/site-modules/profile/manifests/firewall/stop.pp @@ -6,7 +6,7 @@ class profile::firewall::stop { class { 'firewall': ensure => 'stopped', - enable => false, + #enable => false, } } From a763c80bccd1447e85f9e33f1b466423521832c1 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 21 Oct 2019 15:04:53 +0800 Subject: [PATCH 057/165] dd --- site-modules/profile/manifests/firewall/stop.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-modules/profile/manifests/firewall/stop.pp b/site-modules/profile/manifests/firewall/stop.pp index 4cf2e7d..b4f0055 100644 --- a/site-modules/profile/manifests/firewall/stop.pp +++ b/site-modules/profile/manifests/firewall/stop.pp @@ -6,7 +6,7 @@ class profile::firewall::stop { class { 'firewall': ensure => 'stopped', - #enable => false, + enable => false, } } From 44b861b69f884d719fe444083886dbf34cde9c17 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 21 Oct 2019 15:15:48 +0800 Subject: [PATCH 058/165] ststs --- site-modules/profile/manifests/firewall/stop.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-modules/profile/manifests/firewall/stop.pp b/site-modules/profile/manifests/firewall/stop.pp index b4f0055..134b7c9 100644 --- a/site-modules/profile/manifests/firewall/stop.pp +++ b/site-modules/profile/manifests/firewall/stop.pp @@ -6,7 +6,7 @@ class profile::firewall::stop { class { 'firewall': ensure => 'stopped', - enable => false, + # enable => false, } } From 2610a47c2785ce0079f2ddae676389a3427ded22 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 21 Oct 2019 15:25:33 +0800 Subject: [PATCH 059/165] dd --- data/nodes/LinuxAgent2CM.platform9.puppet.net.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/nodes/LinuxAgent2CM.platform9.puppet.net.yaml b/data/nodes/LinuxAgent2CM.platform9.puppet.net.yaml index 78e52f9..1876462 100644 --- a/data/nodes/LinuxAgent2CM.platform9.puppet.net.yaml +++ b/data/nodes/LinuxAgent2CM.platform9.puppet.net.yaml @@ -9,7 +9,7 @@ root_0644: { owner: root, group: root, mode: '0644' } root_0700: { owner: root, group: root, mode: '0700' } root_4755: { owner: root, group: root, mode: '4755' } root_2755: { owner: root, group: root, mode: '2755' } - +# filesystems: # CIS 1.1.2 L2 Ensure separate partition exists for /tmp From 82d7a51dfd8c4801b53b6a6130dabbb2a9e291c7 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 21 Oct 2019 15:38:40 +0800 Subject: [PATCH 060/165] tst --- site-modules/profile/manifests/firewall/stop.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-modules/profile/manifests/firewall/stop.pp b/site-modules/profile/manifests/firewall/stop.pp index 134b7c9..b4f0055 100644 --- a/site-modules/profile/manifests/firewall/stop.pp +++ b/site-modules/profile/manifests/firewall/stop.pp @@ -6,7 +6,7 @@ class profile::firewall::stop { class { 'firewall': ensure => 'stopped', - # enable => false, + enable => false, } } From 70384a4cf21132dae9640c278f537a5ec5b58128 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 22 Oct 2019 14:41:06 +0800 Subject: [PATCH 061/165] sfd --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index f206316..197c3de 100644 --- a/Puppetfile +++ b/Puppetfile @@ -29,4 +29,4 @@ mod 'danieldreier-autosign','0.2.0' mod 'tkishel-unlock_puppet', :git => 'ssh://git@github.com/tkishel/unlock_puppet.git', :branch => 'master' -mod 'puppetlabs-firewall', '2.1.0' +mod 'puppetlabs-firewall', '2.0.0' From 0aaa178f2005b6a7ec856debeb136dc14d53e826 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 22 Oct 2019 15:44:56 +0800 Subject: [PATCH 062/165] tsts --- .../profile/manifests/firewall/finish.pp | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/site-modules/profile/manifests/firewall/finish.pp b/site-modules/profile/manifests/firewall/finish.pp index 9c140e4..19f5bdb 100644 --- a/site-modules/profile/manifests/firewall/finish.pp +++ b/site-modules/profile/manifests/firewall/finish.pp @@ -5,17 +5,17 @@ class profile::firewall::finish { - ['INPUT','OUTPUT'].each | $chain | { - - # Drop the known noise from hitting the log - ['255.255.255.255',ip_address(ip_broadcast("${::network}/${::netmask}"))].each | $dest | { - firewall { "990 Broadcasts for $dest for ${chain}": - destination => $dest, - proto => 'all', - action => 'drop', - chain => $chain, - } - } + # ['INPUT','OUTPUT'].each | $chain | { + # + # # Drop the known noise from hitting the log + # ['255.255.255.255',ip_address(ip_broadcast("${::network}/${::netmask}"))].each | $dest | { + # firewall { "990 Broadcasts for $dest for ${chain}": + # destination => $dest, + # proto => 'all', + # action => 'drop', + # chain => $chain, + # } + # } # Log whatever hasn't been dealt with already firewall { "998 Logging for ${chain}": From 9cacb8aba8f25873dc0a82c89a342329d67d9f4c Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 22 Oct 2019 15:47:52 +0800 Subject: [PATCH 063/165] tst --- .../profile/manifests/firewall/finish.pp | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/site-modules/profile/manifests/firewall/finish.pp b/site-modules/profile/manifests/firewall/finish.pp index 19f5bdb..973e02c 100644 --- a/site-modules/profile/manifests/firewall/finish.pp +++ b/site-modules/profile/manifests/firewall/finish.pp @@ -5,17 +5,17 @@ class profile::firewall::finish { - # ['INPUT','OUTPUT'].each | $chain | { - # - # # Drop the known noise from hitting the log - # ['255.255.255.255',ip_address(ip_broadcast("${::network}/${::netmask}"))].each | $dest | { - # firewall { "990 Broadcasts for $dest for ${chain}": - # destination => $dest, - # proto => 'all', - # action => 'drop', - # chain => $chain, - # } - # } + ['INPUT','OUTPUT'].each | $chain | { + + # Drop the known noise from hitting the log + # ['255.255.255.255',ip_address(ip_broadcast("${::network}/${::netmask}"))].each | $dest | { + # firewall { "990 Broadcasts for $dest for ${chain}": + # destination => $dest, + # proto => 'all', + # action => 'drop', + # chain => $chain, + # } + # } # Log whatever hasn't been dealt with already firewall { "998 Logging for ${chain}": From 22253d5888febbb0b8f2aa424a848ea29949767b Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Fri, 25 Oct 2019 13:39:33 +0800 Subject: [PATCH 064/165] tst --- Puppetfile | 1 + site-modules/profile/.DS_Store | Bin 6148 -> 6148 bytes .../profile/manifests/firewall/finish.pp | 18 +++++++++--------- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/Puppetfile b/Puppetfile index 197c3de..e5a0288 100644 --- a/Puppetfile +++ b/Puppetfile @@ -30,3 +30,4 @@ mod 'tkishel-unlock_puppet', :git => 'ssh://git@github.com/tkishel/unlock_puppet.git', :branch => 'master' mod 'puppetlabs-firewall', '2.0.0' +mod 'puppetlabs-satellite_pe_tools', '3.0.0' diff --git a/site-modules/profile/.DS_Store b/site-modules/profile/.DS_Store index f0d1119fb8e83e93fa37263c9c9e1ba2457c4892..2c8d2940c2b1702b7d2704c63ca8b60419b72418 100644 GIT binary patch delta 289 zcmZoMXfc=|#>B)qu~2NHo+2aj!~pA!9~u~ejD2Dg7a7$jl@}Kz<>V(ZFfg1zR;SSyf$ATQ?KvS|DI#gwPE9P#Q+f+PLo? j%Vu^Ceh#3|H$ME%Jegm_PynR50f>P#SmWjZkuA&svkFgt delta 70 zcmZoMXfc=|#>CJ*u~2NHo+2aD!~pBb1|lqz9hrnDD=`^uwr4)UvN?e{n`tvU2R{c; a;pRZ*@640=MGP4kCfo2xZ;laJ!3+SXBNDFw diff --git a/site-modules/profile/manifests/firewall/finish.pp b/site-modules/profile/manifests/firewall/finish.pp index 973e02c..658911a 100644 --- a/site-modules/profile/manifests/firewall/finish.pp +++ b/site-modules/profile/manifests/firewall/finish.pp @@ -7,15 +7,15 @@ class profile::firewall::finish { ['INPUT','OUTPUT'].each | $chain | { - # Drop the known noise from hitting the log - # ['255.255.255.255',ip_address(ip_broadcast("${::network}/${::netmask}"))].each | $dest | { - # firewall { "990 Broadcasts for $dest for ${chain}": - # destination => $dest, - # proto => 'all', - # action => 'drop', - # chain => $chain, - # } - # } + #Drop the known noise from hitting the log + ['255.255.255.255',ip_address(ip_broadcast("${::network}/${::netmask}"))].each | $dest | { + firewall { "990 Broadcasts for $dest for ${chain}": + destination => $dest, + proto => 'all', + action => 'drop', + chain => $chain, + } + } # Log whatever hasn't been dealt with already firewall { "998 Logging for ${chain}": From b9f2a7eb8bdd0b9237a210045bce6755e4701b0a Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Fri, 25 Oct 2019 16:50:14 +0800 Subject: [PATCH 065/165] dsfds --- site-modules/ggtest/manifests/selva.pp | 36 ++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 site-modules/ggtest/manifests/selva.pp diff --git a/site-modules/ggtest/manifests/selva.pp b/site-modules/ggtest/manifests/selva.pp new file mode 100644 index 0000000..e1af6a4 --- /dev/null +++ b/site-modules/ggtest/manifests/selva.pp @@ -0,0 +1,36 @@ +# == Class: profile::firewall +# +# Class to configure the firewall on various platforms +# +class ggtest::selva ( + # Class parameters are populated from External(hiera)/Defaults/Fail + Boolean $enable = false, + String $module = 'firewall', +){ + if $facts['os']['family'] == 'RedHat' { + # firewalld - do not use this for new config + if $module == 'firewalld' { + if $enable { + class { 'firewalld': } + } + else { + class { 'firewalld': + service_ensure => 'stopped', + service_enable => false, + } + } + } + else { + # Use this for new config + if $enable { + class { 'profile::firewall::start': } + -> class { 'profile::firewall::app_rules': } + -> class { 'profile::firewall::finish': } + } + else { + class { 'profile::firewall::stop': } + } + } + } + +} From 639ec298981452e50fff948485cf850239725011 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 29 Oct 2019 12:05:48 +0800 Subject: [PATCH 066/165] sd --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index e5a0288..a24bced 100644 --- a/Puppetfile +++ b/Puppetfile @@ -30,4 +30,4 @@ mod 'tkishel-unlock_puppet', :git => 'ssh://git@github.com/tkishel/unlock_puppet.git', :branch => 'master' mod 'puppetlabs-firewall', '2.0.0' -mod 'puppetlabs-satellite_pe_tools', '3.0.0' +mod 'puppetlabs-satellite_pe_tools', '2.0.0' From f1f869670de319f76ff3a37158b9c3450c6f601d Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 18 Nov 2019 16:58:50 +0800 Subject: [PATCH 067/165] add tune script --- ...e201811ha-master.platform9.puppet.net.yaml | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 data/nodes/pe201811ha-master.platform9.puppet.net.yaml diff --git a/data/nodes/pe201811ha-master.platform9.puppet.net.yaml b/data/nodes/pe201811ha-master.platform9.puppet.net.yaml new file mode 100644 index 0000000..9ec1ecd --- /dev/null +++ b/data/nodes/pe201811ha-master.platform9.puppet.net.yaml @@ -0,0 +1,28 @@ +puppet_enterprise::master::puppetserver::jruby_max_active_instances: 1 +puppet_enterprise::master::puppetserver:reserved_code_cache: '96m' +puppet_enterprise::profile::master::java_args: + Xmx: '384m' + Xms: '128m' + 'XX:MaxPermSize': '=96m' + 'XX:PermSize': '=64m' + 'XX:+UseG1GC': '' +puppet_enterprise::profile::puppetdb::java_args: + Xmx: '128m' + Xms: '64m' + 'XX:MaxPermSize': '=96m' + 'XX:PermSize': '=64m' + 'XX:+UseG1GC': '' +puppet_enterprise::profile::console::java_args: + Xmx: '64m' + Xms: '64m' + 'XX:MaxPermSize': '=96m' + 'XX:PermSize': '=64m' + 'XX:+UseG1GC': '' +puppet_enterprise::profile::console::delayed_job_workers: 1 +#shared_buffers takes affect during install but is not managed after +puppet_enterprise::profile::database::shared_buffers: '4MB' +#2015.3.2 and above +puppet_enterprise::profile::orchestrator::java_args: + Xmx: '64m' + Xms: '64m' + 'XX:+UseG1GC': '' From 9840ad8bcb2372b8f57001ddb7edeabc75455bfd Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 18 Nov 2019 17:27:22 +0800 Subject: [PATCH 068/165] sfsfsf --- ...201811ha-replica.platform9.puppet.net.yaml | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 data/nodes/pe201811ha-replica.platform9.puppet.net.yaml diff --git a/data/nodes/pe201811ha-replica.platform9.puppet.net.yaml b/data/nodes/pe201811ha-replica.platform9.puppet.net.yaml new file mode 100644 index 0000000..9ec1ecd --- /dev/null +++ b/data/nodes/pe201811ha-replica.platform9.puppet.net.yaml @@ -0,0 +1,28 @@ +puppet_enterprise::master::puppetserver::jruby_max_active_instances: 1 +puppet_enterprise::master::puppetserver:reserved_code_cache: '96m' +puppet_enterprise::profile::master::java_args: + Xmx: '384m' + Xms: '128m' + 'XX:MaxPermSize': '=96m' + 'XX:PermSize': '=64m' + 'XX:+UseG1GC': '' +puppet_enterprise::profile::puppetdb::java_args: + Xmx: '128m' + Xms: '64m' + 'XX:MaxPermSize': '=96m' + 'XX:PermSize': '=64m' + 'XX:+UseG1GC': '' +puppet_enterprise::profile::console::java_args: + Xmx: '64m' + Xms: '64m' + 'XX:MaxPermSize': '=96m' + 'XX:PermSize': '=64m' + 'XX:+UseG1GC': '' +puppet_enterprise::profile::console::delayed_job_workers: 1 +#shared_buffers takes affect during install but is not managed after +puppet_enterprise::profile::database::shared_buffers: '4MB' +#2015.3.2 and above +puppet_enterprise::profile::orchestrator::java_args: + Xmx: '64m' + Xms: '64m' + 'XX:+UseG1GC': '' From 98c036a999639b8958ccf884dfe1d1061001c3f6 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Wed, 20 Nov 2019 14:44:10 +0800 Subject: [PATCH 069/165] sfs --- site-modules/profile/manifests/base.pp | 5 +++++ site-modules/profile/manifests/goldload/config.pp | 5 +++++ site-modules/profile/manifests/goldload/software.pp | 5 +++++ site-modules/role/manifests/goldload_server.pp | 6 ++++++ 4 files changed, 21 insertions(+) create mode 100644 site-modules/profile/manifests/base.pp create mode 100644 site-modules/profile/manifests/goldload/config.pp create mode 100644 site-modules/profile/manifests/goldload/software.pp create mode 100644 site-modules/role/manifests/goldload_server.pp diff --git a/site-modules/profile/manifests/base.pp b/site-modules/profile/manifests/base.pp new file mode 100644 index 0000000..6188d93 --- /dev/null +++ b/site-modules/profile/manifests/base.pp @@ -0,0 +1,5 @@ +class profile::base { + notify {'This is from profile::base': } + + +} diff --git a/site-modules/profile/manifests/goldload/config.pp b/site-modules/profile/manifests/goldload/config.pp new file mode 100644 index 0000000..0067a22 --- /dev/null +++ b/site-modules/profile/manifests/goldload/config.pp @@ -0,0 +1,5 @@ +class profile::goldload::config { + notify {'This is from profile::goldload::config': } + + +} diff --git a/site-modules/profile/manifests/goldload/software.pp b/site-modules/profile/manifests/goldload/software.pp new file mode 100644 index 0000000..9db0347 --- /dev/null +++ b/site-modules/profile/manifests/goldload/software.pp @@ -0,0 +1,5 @@ +class profile::goldload::software { + notify {'This is from profile::goldload::software': } + + +} diff --git a/site-modules/role/manifests/goldload_server.pp b/site-modules/role/manifests/goldload_server.pp new file mode 100644 index 0000000..c5b51d5 --- /dev/null +++ b/site-modules/role/manifests/goldload_server.pp @@ -0,0 +1,6 @@ +class role::goldload_server{ + include profile::base +# include profile::base::ciphers + include profile::goldload::config + Class['profile::goldload::config'] -> Class['profile::base'] +} From d2fbb9ce7c66c48c711ebfb7e953d16c4fc1bf58 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Wed, 20 Nov 2019 14:47:03 +0800 Subject: [PATCH 070/165] l --- site-modules/profile/manifests/goldload/config.pp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/site-modules/profile/manifests/goldload/config.pp b/site-modules/profile/manifests/goldload/config.pp index 0067a22..843e051 100644 --- a/site-modules/profile/manifests/goldload/config.pp +++ b/site-modules/profile/manifests/goldload/config.pp @@ -1,4 +1,7 @@ class profile::goldload::config { + + contain profile::goldload::software + notify {'This is from profile::goldload::config': } From 1fc6e4bf741c4535c7b390f85ff341f7cc87b451 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Wed, 20 Nov 2019 14:53:14 +0800 Subject: [PATCH 071/165] tsts --- site-modules/profile/manifests/goldload/software.pp | 3 +++ site-modules/profile/manifests/goldload/testlayer.pp | 6 ++++++ 2 files changed, 9 insertions(+) create mode 100644 site-modules/profile/manifests/goldload/testlayer.pp diff --git a/site-modules/profile/manifests/goldload/software.pp b/site-modules/profile/manifests/goldload/software.pp index 9db0347..a311a63 100644 --- a/site-modules/profile/manifests/goldload/software.pp +++ b/site-modules/profile/manifests/goldload/software.pp @@ -1,4 +1,7 @@ class profile::goldload::software { + + include profile::goldload::testlayer + notify {'This is from profile::goldload::software': } diff --git a/site-modules/profile/manifests/goldload/testlayer.pp b/site-modules/profile/manifests/goldload/testlayer.pp new file mode 100644 index 0000000..a59a8cc --- /dev/null +++ b/site-modules/profile/manifests/goldload/testlayer.pp @@ -0,0 +1,6 @@ +class profile::goldload::testlayer { + + notify {'This is from profile::goldload::testlayer': } + + +} From 6f8040a221b5c67ead8b51342b2cae357d21cec7 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Wed, 20 Nov 2019 14:54:56 +0800 Subject: [PATCH 072/165] sfsd --- site-modules/profile/manifests/goldload/config.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-modules/profile/manifests/goldload/config.pp b/site-modules/profile/manifests/goldload/config.pp index 843e051..cffb1b0 100644 --- a/site-modules/profile/manifests/goldload/config.pp +++ b/site-modules/profile/manifests/goldload/config.pp @@ -1,6 +1,6 @@ class profile::goldload::config { - contain profile::goldload::software + include profile::goldload::software notify {'This is from profile::goldload::config': } From 1fc40546959b3ea17af8ad4006b30f988885e94e Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Wed, 20 Nov 2019 14:56:31 +0800 Subject: [PATCH 073/165] s --- site-modules/role/manifests/goldload_server.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-modules/role/manifests/goldload_server.pp b/site-modules/role/manifests/goldload_server.pp index c5b51d5..b1c580e 100644 --- a/site-modules/role/manifests/goldload_server.pp +++ b/site-modules/role/manifests/goldload_server.pp @@ -2,5 +2,5 @@ class role::goldload_server{ include profile::base # include profile::base::ciphers include profile::goldload::config - Class['profile::goldload::config'] -> Class['profile::base'] +# Class['profile::goldload::config'] -> Class['profile::base'] } From eb9ddc644bc5531dc4208186445b0d64dcb9d8c4 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Wed, 20 Nov 2019 14:58:24 +0800 Subject: [PATCH 074/165] stst --- site-modules/profile/manifests/goldload/config.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-modules/profile/manifests/goldload/config.pp b/site-modules/profile/manifests/goldload/config.pp index cffb1b0..9d894d8 100644 --- a/site-modules/profile/manifests/goldload/config.pp +++ b/site-modules/profile/manifests/goldload/config.pp @@ -1,8 +1,8 @@ class profile::goldload::config { - include profile::goldload::software notify {'This is from profile::goldload::config': } + include profile::goldload::software } From 180cc2c06e6fa8e341e349b6c389296c313be86e Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Wed, 20 Nov 2019 15:00:12 +0800 Subject: [PATCH 075/165] ststst --- site-modules/profile/manifests/goldload/software.pp | 2 +- site-modules/role/manifests/goldload_server.pp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/site-modules/profile/manifests/goldload/software.pp b/site-modules/profile/manifests/goldload/software.pp index a311a63..eac467e 100644 --- a/site-modules/profile/manifests/goldload/software.pp +++ b/site-modules/profile/manifests/goldload/software.pp @@ -1,8 +1,8 @@ class profile::goldload::software { - include profile::goldload::testlayer notify {'This is from profile::goldload::software': } + include profile::goldload::testlayer } diff --git a/site-modules/role/manifests/goldload_server.pp b/site-modules/role/manifests/goldload_server.pp index b1c580e..c5b51d5 100644 --- a/site-modules/role/manifests/goldload_server.pp +++ b/site-modules/role/manifests/goldload_server.pp @@ -2,5 +2,5 @@ class role::goldload_server{ include profile::base # include profile::base::ciphers include profile::goldload::config -# Class['profile::goldload::config'] -> Class['profile::base'] + Class['profile::goldload::config'] -> Class['profile::base'] } From 9bde02d293cab88dbf5a457343cd4d77ba79ada9 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Wed, 20 Nov 2019 15:01:35 +0800 Subject: [PATCH 076/165] tstst --- site-modules/profile/manifests/goldload/software.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-modules/profile/manifests/goldload/software.pp b/site-modules/profile/manifests/goldload/software.pp index eac467e..30a5c84 100644 --- a/site-modules/profile/manifests/goldload/software.pp +++ b/site-modules/profile/manifests/goldload/software.pp @@ -3,6 +3,6 @@ class profile::goldload::software { notify {'This is from profile::goldload::software': } - include profile::goldload::testlayer + contain profile::goldload::testlayer } From 97b0d858a066a75586222d4fbf89e963368d813c Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Wed, 20 Nov 2019 15:03:36 +0800 Subject: [PATCH 077/165] sfsdf --- site-modules/profile/manifests/goldload/config.pp | 2 +- site-modules/profile/manifests/goldload/software.pp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/site-modules/profile/manifests/goldload/config.pp b/site-modules/profile/manifests/goldload/config.pp index 9d894d8..49a7c3c 100644 --- a/site-modules/profile/manifests/goldload/config.pp +++ b/site-modules/profile/manifests/goldload/config.pp @@ -3,6 +3,6 @@ class profile::goldload::config { notify {'This is from profile::goldload::config': } - include profile::goldload::software + contain profile::goldload::software } diff --git a/site-modules/profile/manifests/goldload/software.pp b/site-modules/profile/manifests/goldload/software.pp index 30a5c84..eac467e 100644 --- a/site-modules/profile/manifests/goldload/software.pp +++ b/site-modules/profile/manifests/goldload/software.pp @@ -3,6 +3,6 @@ class profile::goldload::software { notify {'This is from profile::goldload::software': } - contain profile::goldload::testlayer + include profile::goldload::testlayer } From a869f0c8d9a105f0c9e26ebce1c52c5623950938 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Wed, 20 Nov 2019 15:05:03 +0800 Subject: [PATCH 078/165] sfsfd --- site-modules/profile/manifests/goldload/software.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-modules/profile/manifests/goldload/software.pp b/site-modules/profile/manifests/goldload/software.pp index eac467e..30a5c84 100644 --- a/site-modules/profile/manifests/goldload/software.pp +++ b/site-modules/profile/manifests/goldload/software.pp @@ -3,6 +3,6 @@ class profile::goldload::software { notify {'This is from profile::goldload::software': } - include profile::goldload::testlayer + contain profile::goldload::testlayer } From 4bc30620bcc300284f759a988a69329b9090f4de Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 21 Nov 2019 09:04:56 +0800 Subject: [PATCH 079/165] fdf --- site-modules/profile/manifests/goldload/config.pp | 2 +- site-modules/profile/manifests/goldload/software.pp | 2 +- site-modules/role/manifests/goldload_server.pp | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/site-modules/profile/manifests/goldload/config.pp b/site-modules/profile/manifests/goldload/config.pp index 49a7c3c..9d894d8 100644 --- a/site-modules/profile/manifests/goldload/config.pp +++ b/site-modules/profile/manifests/goldload/config.pp @@ -3,6 +3,6 @@ class profile::goldload::config { notify {'This is from profile::goldload::config': } - contain profile::goldload::software + include profile::goldload::software } diff --git a/site-modules/profile/manifests/goldload/software.pp b/site-modules/profile/manifests/goldload/software.pp index 30a5c84..eac467e 100644 --- a/site-modules/profile/manifests/goldload/software.pp +++ b/site-modules/profile/manifests/goldload/software.pp @@ -3,6 +3,6 @@ class profile::goldload::software { notify {'This is from profile::goldload::software': } - contain profile::goldload::testlayer + include profile::goldload::testlayer } diff --git a/site-modules/role/manifests/goldload_server.pp b/site-modules/role/manifests/goldload_server.pp index c5b51d5..34a2344 100644 --- a/site-modules/role/manifests/goldload_server.pp +++ b/site-modules/role/manifests/goldload_server.pp @@ -1,6 +1,6 @@ class role::goldload_server{ - include profile::base + contain profile::base # include profile::base::ciphers - include profile::goldload::config + contain profile::goldload::config Class['profile::goldload::config'] -> Class['profile::base'] } From cd6c73a9954182630b0d8a57e7c8eb06d4ff7f3d Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 21 Nov 2019 09:07:55 +0800 Subject: [PATCH 080/165] sss --- site-modules/profile/manifests/goldload/config.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-modules/profile/manifests/goldload/config.pp b/site-modules/profile/manifests/goldload/config.pp index 9d894d8..49a7c3c 100644 --- a/site-modules/profile/manifests/goldload/config.pp +++ b/site-modules/profile/manifests/goldload/config.pp @@ -3,6 +3,6 @@ class profile::goldload::config { notify {'This is from profile::goldload::config': } - include profile::goldload::software + contain profile::goldload::software } From 3caadd227df992e0258dcf29d209bf09d17d0868 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 21 Nov 2019 10:33:26 +0800 Subject: [PATCH 081/165] ddd --- site-modules/role/manifests/goldload_server.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site-modules/role/manifests/goldload_server.pp b/site-modules/role/manifests/goldload_server.pp index 34a2344..c5b51d5 100644 --- a/site-modules/role/manifests/goldload_server.pp +++ b/site-modules/role/manifests/goldload_server.pp @@ -1,6 +1,6 @@ class role::goldload_server{ - contain profile::base + include profile::base # include profile::base::ciphers - contain profile::goldload::config + include profile::goldload::config Class['profile::goldload::config'] -> Class['profile::base'] } From b00c85321d059f7e2d23561f9a17b7458f87bf57 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 21 Nov 2019 11:00:38 +0800 Subject: [PATCH 082/165] d --- site-modules/profile/manifests/goldload/chocolatey.pp | 6 ++++++ site-modules/profile/manifests/goldload/software.pp | 2 +- site-modules/profile/manifests/goldload/testlayer.pp | 6 ------ 3 files changed, 7 insertions(+), 7 deletions(-) create mode 100644 site-modules/profile/manifests/goldload/chocolatey.pp delete mode 100644 site-modules/profile/manifests/goldload/testlayer.pp diff --git a/site-modules/profile/manifests/goldload/chocolatey.pp b/site-modules/profile/manifests/goldload/chocolatey.pp new file mode 100644 index 0000000..51f5b1c --- /dev/null +++ b/site-modules/profile/manifests/goldload/chocolatey.pp @@ -0,0 +1,6 @@ +class profile::goldload::chocolatey { + + notify {'This is from profile::goldload::chocolatey': } + + +} diff --git a/site-modules/profile/manifests/goldload/software.pp b/site-modules/profile/manifests/goldload/software.pp index eac467e..3ddd0d7 100644 --- a/site-modules/profile/manifests/goldload/software.pp +++ b/site-modules/profile/manifests/goldload/software.pp @@ -3,6 +3,6 @@ class profile::goldload::software { notify {'This is from profile::goldload::software': } - include profile::goldload::testlayer + contain profile::goldload::chocolatey } diff --git a/site-modules/profile/manifests/goldload/testlayer.pp b/site-modules/profile/manifests/goldload/testlayer.pp deleted file mode 100644 index a59a8cc..0000000 --- a/site-modules/profile/manifests/goldload/testlayer.pp +++ /dev/null @@ -1,6 +0,0 @@ -class profile::goldload::testlayer { - - notify {'This is from profile::goldload::testlayer': } - - -} From aab8110c9d55b6af7a2ec70f7f5b9bfed111ec48 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 21 Nov 2019 11:01:03 +0800 Subject: [PATCH 083/165] tst --- site-modules/profile/manifests/goldload/software.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-modules/profile/manifests/goldload/software.pp b/site-modules/profile/manifests/goldload/software.pp index 3ddd0d7..3adda43 100644 --- a/site-modules/profile/manifests/goldload/software.pp +++ b/site-modules/profile/manifests/goldload/software.pp @@ -3,6 +3,6 @@ class profile::goldload::software { notify {'This is from profile::goldload::software': } - contain profile::goldload::chocolatey + include profile::goldload::chocolatey } From 5f47e7bbfd4d2c0406e09a9853cad425a11c310f Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 21 Nov 2019 11:36:23 +0800 Subject: [PATCH 084/165] dff --- site-modules/profile/manifests/base.pp | 3 +-- site-modules/profile/manifests/test.pp | 3 +++ 2 files changed, 4 insertions(+), 2 deletions(-) create mode 100644 site-modules/profile/manifests/test.pp diff --git a/site-modules/profile/manifests/base.pp b/site-modules/profile/manifests/base.pp index 6188d93..bbbfdcf 100644 --- a/site-modules/profile/manifests/base.pp +++ b/site-modules/profile/manifests/base.pp @@ -1,5 +1,4 @@ class profile::base { + include profile::test notify {'This is from profile::base': } - - } diff --git a/site-modules/profile/manifests/test.pp b/site-modules/profile/manifests/test.pp new file mode 100644 index 0000000..7ec3a08 --- /dev/null +++ b/site-modules/profile/manifests/test.pp @@ -0,0 +1,3 @@ +class profile::test { + notify {'This is from profile::test': } +} From 196dd1b2c39c2aabe138eeace22c630f319da098 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 21 Nov 2019 11:37:41 +0800 Subject: [PATCH 085/165] ttst --- site-modules/profile/manifests/base.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-modules/profile/manifests/base.pp b/site-modules/profile/manifests/base.pp index bbbfdcf..7eeab0c 100644 --- a/site-modules/profile/manifests/base.pp +++ b/site-modules/profile/manifests/base.pp @@ -1,4 +1,4 @@ class profile::base { - include profile::test + contain profile::test notify {'This is from profile::base': } } From 9e5f950dfc5cc7661ea9504bdf009213776680f8 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 21 Nov 2019 12:08:57 +0800 Subject: [PATCH 086/165] dfd --- site-modules/profile/manifests/base.pp | 3 ++- site-modules/profile/manifests/goldload/config.pp | 2 +- site-modules/role/manifests/goldload_server.pp | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/site-modules/profile/manifests/base.pp b/site-modules/profile/manifests/base.pp index 7eeab0c..dda5840 100644 --- a/site-modules/profile/manifests/base.pp +++ b/site-modules/profile/manifests/base.pp @@ -1,4 +1,5 @@ class profile::base { - contain profile::test + require profile::goldload::config + include profile::test notify {'This is from profile::base': } } diff --git a/site-modules/profile/manifests/goldload/config.pp b/site-modules/profile/manifests/goldload/config.pp index 49a7c3c..9d894d8 100644 --- a/site-modules/profile/manifests/goldload/config.pp +++ b/site-modules/profile/manifests/goldload/config.pp @@ -3,6 +3,6 @@ class profile::goldload::config { notify {'This is from profile::goldload::config': } - contain profile::goldload::software + include profile::goldload::software } diff --git a/site-modules/role/manifests/goldload_server.pp b/site-modules/role/manifests/goldload_server.pp index c5b51d5..75ae8be 100644 --- a/site-modules/role/manifests/goldload_server.pp +++ b/site-modules/role/manifests/goldload_server.pp @@ -2,5 +2,5 @@ class role::goldload_server{ include profile::base # include profile::base::ciphers include profile::goldload::config - Class['profile::goldload::config'] -> Class['profile::base'] + } From 0f944a78dba58c4b54cf630c8e76017b9ff10272 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 21 Nov 2019 12:16:07 +0800 Subject: [PATCH 087/165] sss --- site-modules/role/manifests/goldload_server.pp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/site-modules/role/manifests/goldload_server.pp b/site-modules/role/manifests/goldload_server.pp index 75ae8be..b5c19e8 100644 --- a/site-modules/role/manifests/goldload_server.pp +++ b/site-modules/role/manifests/goldload_server.pp @@ -1,6 +1,7 @@ class role::goldload_server{ - include profile::base +# include profile::base # include profile::base::ciphers include profile::goldload::config - +# Class['profile::goldload::config'] -> Class['profile::base'] + } From a8d7aaa3fe8d87c5fa55099d30f847403804bc7f Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 21 Nov 2019 12:17:35 +0800 Subject: [PATCH 088/165] sttst --- site-modules/role/manifests/goldload_server.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site-modules/role/manifests/goldload_server.pp b/site-modules/role/manifests/goldload_server.pp index b5c19e8..acc7262 100644 --- a/site-modules/role/manifests/goldload_server.pp +++ b/site-modules/role/manifests/goldload_server.pp @@ -1,7 +1,7 @@ class role::goldload_server{ -# include profile::base + include profile::base # include profile::base::ciphers - include profile::goldload::config +# include profile::goldload::config # Class['profile::goldload::config'] -> Class['profile::base'] } From 64e07595fdc41a7ab21a039db4dcd77596f45a1f Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 21 Nov 2019 12:19:33 +0800 Subject: [PATCH 089/165] sfsdf --- site-modules/role/manifests/goldload_server.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-modules/role/manifests/goldload_server.pp b/site-modules/role/manifests/goldload_server.pp index acc7262..a5cebb3 100644 --- a/site-modules/role/manifests/goldload_server.pp +++ b/site-modules/role/manifests/goldload_server.pp @@ -1,7 +1,7 @@ class role::goldload_server{ include profile::base # include profile::base::ciphers -# include profile::goldload::config + include profile::goldload::config # Class['profile::goldload::config'] -> Class['profile::base'] } From 5a566b9d6d3fe0ad68b61b91ebd7bfc029f94619 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Fri, 22 Nov 2019 08:28:09 +0800 Subject: [PATCH 090/165] sss --- site-modules/profile/manifests/base.pp | 2 +- site-modules/profile/manifests/goldload/config.pp | 2 +- site-modules/profile/manifests/goldload/software.pp | 2 +- site-modules/role/manifests/goldload_server.pp | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/site-modules/profile/manifests/base.pp b/site-modules/profile/manifests/base.pp index dda5840..c619a24 100644 --- a/site-modules/profile/manifests/base.pp +++ b/site-modules/profile/manifests/base.pp @@ -1,5 +1,5 @@ class profile::base { - require profile::goldload::config +# require profile::goldload::config include profile::test notify {'This is from profile::base': } } diff --git a/site-modules/profile/manifests/goldload/config.pp b/site-modules/profile/manifests/goldload/config.pp index 9d894d8..49a7c3c 100644 --- a/site-modules/profile/manifests/goldload/config.pp +++ b/site-modules/profile/manifests/goldload/config.pp @@ -3,6 +3,6 @@ class profile::goldload::config { notify {'This is from profile::goldload::config': } - include profile::goldload::software + contain profile::goldload::software } diff --git a/site-modules/profile/manifests/goldload/software.pp b/site-modules/profile/manifests/goldload/software.pp index 3adda43..3ddd0d7 100644 --- a/site-modules/profile/manifests/goldload/software.pp +++ b/site-modules/profile/manifests/goldload/software.pp @@ -3,6 +3,6 @@ class profile::goldload::software { notify {'This is from profile::goldload::software': } - include profile::goldload::chocolatey + contain profile::goldload::chocolatey } diff --git a/site-modules/role/manifests/goldload_server.pp b/site-modules/role/manifests/goldload_server.pp index a5cebb3..edef605 100644 --- a/site-modules/role/manifests/goldload_server.pp +++ b/site-modules/role/manifests/goldload_server.pp @@ -2,6 +2,6 @@ class role::goldload_server{ include profile::base # include profile::base::ciphers include profile::goldload::config -# Class['profile::goldload::config'] -> Class['profile::base'] + Class['profile::goldload::config'] -> Class['profile::base'] } From 3b0b467dfae9961c6ad704d39659ab0968212f18 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Fri, 22 Nov 2019 08:42:09 +0800 Subject: [PATCH 091/165] 111 --- site-modules/profile/manifests/base.pp | 2 +- site-modules/profile/manifests/test.pp | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/site-modules/profile/manifests/base.pp b/site-modules/profile/manifests/base.pp index c619a24..ffb2cc2 100644 --- a/site-modules/profile/manifests/base.pp +++ b/site-modules/profile/manifests/base.pp @@ -1,5 +1,5 @@ class profile::base { # require profile::goldload::config - include profile::test + include profile::winlogbeat notify {'This is from profile::base': } } diff --git a/site-modules/profile/manifests/test.pp b/site-modules/profile/manifests/test.pp index 7ec3a08..bea19aa 100644 --- a/site-modules/profile/manifests/test.pp +++ b/site-modules/profile/manifests/test.pp @@ -1,3 +1,3 @@ -class profile::test { - notify {'This is from profile::test': } +class profile::winlogbeat { + notify {'This is from profile::winlogbeat': } } From 3c6a5b48671dc7b43f1e4b3f33d15afe3eafb513 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Fri, 22 Nov 2019 08:43:15 +0800 Subject: [PATCH 092/165] dd --- site-modules/profile/manifests/{test.pp => winlogbeat.pp} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename site-modules/profile/manifests/{test.pp => winlogbeat.pp} (100%) diff --git a/site-modules/profile/manifests/test.pp b/site-modules/profile/manifests/winlogbeat.pp similarity index 100% rename from site-modules/profile/manifests/test.pp rename to site-modules/profile/manifests/winlogbeat.pp From 4e14b2aa3142b743efd3855187a08f3796a4cbf8 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Fri, 22 Nov 2019 08:53:40 +0800 Subject: [PATCH 093/165] sss --- site-modules/profile/manifests/base.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-modules/profile/manifests/base.pp b/site-modules/profile/manifests/base.pp index ffb2cc2..509dd1c 100644 --- a/site-modules/profile/manifests/base.pp +++ b/site-modules/profile/manifests/base.pp @@ -1,5 +1,5 @@ class profile::base { # require profile::goldload::config - include profile::winlogbeat + contain profile::winlogbeat notify {'This is from profile::base': } } From 274170c804067ad23a79a359a9f2f180c6a710a2 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Fri, 22 Nov 2019 13:55:52 +0800 Subject: [PATCH 094/165] ddd --- Puppetfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Puppetfile b/Puppetfile index a24bced..1b7a2ac 100644 --- a/Puppetfile +++ b/Puppetfile @@ -31,3 +31,4 @@ mod 'tkishel-unlock_puppet', :branch => 'master' mod 'puppetlabs-firewall', '2.0.0' mod 'puppetlabs-satellite_pe_tools', '2.0.0' +mod 'puppetlabs-puppet_metrics_collector', '5.2.0' From 4cac68d38902be5b3b9761b02fb9716ad8579983 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Fri, 22 Nov 2019 14:08:10 +0800 Subject: [PATCH 095/165] sfdsdf --- Puppetfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Puppetfile b/Puppetfile index 1b7a2ac..25245ce 100644 --- a/Puppetfile +++ b/Puppetfile @@ -32,3 +32,6 @@ mod 'tkishel-unlock_puppet', mod 'puppetlabs-firewall', '2.0.0' mod 'puppetlabs-satellite_pe_tools', '2.0.0' mod 'puppetlabs-puppet_metrics_collector', '5.2.0' +mod 'puppet-grafana', '6.1.0' +mod 'puppet-telegraf', '2.1.0' +mod 'puppetlabs-puppet_metrics_dashboard', '2.0.1' From dfa1b73be68b169ee430eff8934d0a36ebbe62cf Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Fri, 22 Nov 2019 14:23:33 +0800 Subject: [PATCH 096/165] stst --- Puppetfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Puppetfile b/Puppetfile index 25245ce..5c1ff94 100644 --- a/Puppetfile +++ b/Puppetfile @@ -35,3 +35,4 @@ mod 'puppetlabs-puppet_metrics_collector', '5.2.0' mod 'puppet-grafana', '6.1.0' mod 'puppet-telegraf', '2.1.0' mod 'puppetlabs-puppet_metrics_dashboard', '2.0.1' +mod 'puppetlabs-puppetserver_gem', '1.1.1' From 53a07df363099f27ddc115fb6c80ccbe85ad8168 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Fri, 22 Nov 2019 14:26:45 +0800 Subject: [PATCH 097/165] tstst --- site-modules/profile/manifests/toml-rbed.pp | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 site-modules/profile/manifests/toml-rbed.pp diff --git a/site-modules/profile/manifests/toml-rbed.pp b/site-modules/profile/manifests/toml-rbed.pp new file mode 100644 index 0000000..f639494 --- /dev/null +++ b/site-modules/profile/manifests/toml-rbed.pp @@ -0,0 +1,9 @@ +class profile::toml-lb { + package {'toml-rb': + ensure => present, + provider => 'puppetserver_gem', + notify => Service['pe-puppetserver'] + } + + +} From cc7a353d57f874938cb42a1f0438c3c08af300a3 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Fri, 22 Nov 2019 14:30:58 +0800 Subject: [PATCH 098/165] tsts --- site-modules/profile/manifests/toml-rbed.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site-modules/profile/manifests/toml-rbed.pp b/site-modules/profile/manifests/toml-rbed.pp index f639494..4bd7a72 100644 --- a/site-modules/profile/manifests/toml-rbed.pp +++ b/site-modules/profile/manifests/toml-rbed.pp @@ -1,9 +1,9 @@ -class profile::toml-lb { +class profile::toml-rbed { package {'toml-rb': ensure => present, provider => 'puppetserver_gem', notify => Service['pe-puppetserver'] - } + } } From 1431f1d42dd45921fd184174026c30ce49ea47d7 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Fri, 22 Nov 2019 14:33:12 +0800 Subject: [PATCH 099/165] torml-rb --- site-modules/profile/manifests/{toml-rbed.pp => tomlrb.pp} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename site-modules/profile/manifests/{toml-rbed.pp => tomlrb.pp} (82%) diff --git a/site-modules/profile/manifests/toml-rbed.pp b/site-modules/profile/manifests/tomlrb.pp similarity index 82% rename from site-modules/profile/manifests/toml-rbed.pp rename to site-modules/profile/manifests/tomlrb.pp index 4bd7a72..10acb34 100644 --- a/site-modules/profile/manifests/toml-rbed.pp +++ b/site-modules/profile/manifests/tomlrb.pp @@ -1,4 +1,4 @@ -class profile::toml-rbed { +class profile::tomlrb { package {'toml-rb': ensure => present, provider => 'puppetserver_gem', From 7d9d351e5d1af8ed7374e76b197b89f118de7a6f Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 17 Dec 2019 15:50:04 +0800 Subject: [PATCH 100/165] coorect --- site-modules/role/manifests/example.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-modules/role/manifests/example.pp b/site-modules/role/manifests/example.pp index 66f2f7f..3c5dc81 100644 --- a/site-modules/role/manifests/example.pp +++ b/site-modules/role/manifests/example.pp @@ -1,7 +1,7 @@ class role::example { group { 'testgroup' : - name => ""testgroup111. + name => "testgroup111", ensure => present, } From 022d6aa4f811163a320a0da35cfc0b0853a94999 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Wed, 18 Dec 2019 12:30:13 +0800 Subject: [PATCH 101/165] Add 1112345 --- site-modules/role/manifests/example.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-modules/role/manifests/example.pp b/site-modules/role/manifests/example.pp index 3c5dc81..bbee636 100644 --- a/site-modules/role/manifests/example.pp +++ b/site-modules/role/manifests/example.pp @@ -1,7 +1,7 @@ class role::example { group { 'testgroup' : - name => "testgroup111", + name => "testgroup1112345", ensure => present, } From 4e06b1eb56eac94676f7de85abcfbbf76cb9b442 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 10:17:49 +0800 Subject: [PATCH 102/165] E37467 --- .DS_Store | Bin 6148 -> 8196 bytes data/common.yaml | 5 + site-modules/.DS_Store | Bin 6148 -> 6148 bytes site-modules/controlm/.DS_Store | Bin 0 -> 6148 bytes site-modules/controlm/README.md | 96 +++++++++++ site-modules/controlm/files/controlm.csh | 4 + site-modules/controlm/files/controlm.sh | 7 + .../controlm/files/controlm_agent_install.sh | 11 ++ site-modules/controlm/files/ctm.sh | 49 ++++++ site-modules/controlm/files/setup_patch.sh | 39 +++++ site-modules/controlm/files/sleep.sh | 48 ++++++ site-modules/controlm/files/ztest | 0 site-modules/controlm/manifests/.DS_Store | Bin 0 -> 6148 bytes .../controlm/manifests/controlm_agent.pp | 56 +++++++ .../manifests/controlm_agent/files.pp | 153 ++++++++++++++++++ .../manifests/controlm_agent/firewall.pp | 16 ++ .../manifests/controlm_agent/install.pp | 59 +++++++ .../manifests/controlm_agent/packages.pp | 16 ++ .../manifests/controlm_agent/users.pp | 38 +++++ .../controlm/manifests/controlm_agent/z1 | 10 ++ .../controlm/templates/agent_install.erb | 13 ++ .../templates/controlm_agent_install.erb | 71 ++++++++ .../controlm/templates/rc.agent_user.erb | 71 ++++++++ site-modules/controlm/templates/ztest | 0 site-modules/role/manifests/callaugeas.pp | 5 + 25 files changed, 767 insertions(+) create mode 100644 site-modules/controlm/.DS_Store create mode 100644 site-modules/controlm/README.md create mode 100644 site-modules/controlm/files/controlm.csh create mode 100644 site-modules/controlm/files/controlm.sh create mode 100644 site-modules/controlm/files/controlm_agent_install.sh create mode 100644 site-modules/controlm/files/ctm.sh create mode 100755 site-modules/controlm/files/setup_patch.sh create mode 100644 site-modules/controlm/files/sleep.sh create mode 100644 site-modules/controlm/files/ztest create mode 100644 site-modules/controlm/manifests/.DS_Store create mode 100644 site-modules/controlm/manifests/controlm_agent.pp create mode 100644 site-modules/controlm/manifests/controlm_agent/files.pp create mode 100644 site-modules/controlm/manifests/controlm_agent/firewall.pp create mode 100644 site-modules/controlm/manifests/controlm_agent/install.pp create mode 100644 site-modules/controlm/manifests/controlm_agent/packages.pp create mode 100644 site-modules/controlm/manifests/controlm_agent/users.pp create mode 100644 site-modules/controlm/manifests/controlm_agent/z1 create mode 100644 site-modules/controlm/templates/agent_install.erb create mode 100644 site-modules/controlm/templates/controlm_agent_install.erb create mode 100755 site-modules/controlm/templates/rc.agent_user.erb create mode 100644 site-modules/controlm/templates/ztest create mode 100644 site-modules/role/manifests/callaugeas.pp diff --git a/.DS_Store b/.DS_Store index 7df7881a6d6f33293963952cc6ba9fc958868e58..4e6741594879fa2f773326d61f99c03475aa6d6d 100644 GIT binary patch delta 596 zcmZoMXmOBWU|?W$DortDU;r^WfEYvza8E20o2aMA$hR?IH}hr%jz7$c**Q2SHn1@A zZRTMyW}M8+DqNpbUR;orlb;0Ca4M-FC$qT3z~DL~6Eh1d8&EM92Ny3_Y;ZMkZ!D3MM9owY8ia;;M$W zo(Z{?Rn;}Mb+drZ1p-D!2+hC`rD4=;AcK=3mm!fMk0FyGjUknxn4yHBxGcCRFDE}Q z9ViRZ$;A*b*@^YhK!-s%dKeg+80jb&S(sB829qza%5cEEyjh3m5i^$rH_+RzptP}B ckmEb^WPTCP$^JYX9Kg^3B^!p#@jP>w0XY_%l>h($ delta 121 zcmZp1XfcprU|?W$DortDU=RQ@Ie-{Mvv5r;6q~50$jH4hU^g=(_hudeW5&t8LQi?h zf{XHU^7GO``Zg9`XI#wA!6C>DE2lQoq009j3>w}1}2EPAgdTQ$Mei# F1^`?a6>9(h diff --git a/data/common.yaml b/data/common.yaml index 2baa62b..63da93f 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -1,2 +1,7 @@ --- message: "This node is using common data" +controlm::controlm_agent::agent2server_port: 17005 +controlm::controlm_agent::server2agent_port: 17006 +controlm::controlm_agent::tracker_port: 17035 +controlm::controlm_agent::server_host: ctmgnpappla013 +controlm::controlm_agent::primary_server_host: ctmgnpappla013.optus.com.au diff --git a/site-modules/.DS_Store b/site-modules/.DS_Store index 05b8c548c5cec8c7a987e951c10d055d6d3c3fb2..77db6da21a0779189aa064acdf105b587fbc20bc 100644 GIT binary patch delta 438 zcmZoMXfc=|#>B)qu~2NHo}wr_0|Nsi1A_nqLlHwhLk>f(XHI_dW=6*4jP)QX4u)i) za2`VmvUE~TeiBd)sE1J;NNfBD10V~F`lRyW0;u{^Nd-BX#U%y?*BP0ZSy&{F`1uBUN&&*57FL%l>%}Xf;8x#zY;Nalo;EWfLtgbdTG15^mvM{gJQK&XFGBMLp zFflQ#t>xqpS2eWtOvtUQs;;T6n+5brED$pSg9Z%vp)`z|4P;=1O<8bJUQT{qI#3Rz zkBuQ62um1J8HyQ7K*5R>Zmkp7$!(n1%(9uCgP#K!8^93%&ODi4#83dFvjJiP*z(N* HB3qaNYo}~@ delta 79 zcmZoMXfc=|#>CJ*u~2NHo}wr-0|Nsi1A_nqLncEGL#k&^esWUI#6opO=FLUSQ&~2# jJY(9-&cV+C)Uo*^^LOUS{33>o43lkmq<itY8KJ3{Mn; diff --git a/site-modules/controlm/.DS_Store b/site-modules/controlm/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..8d96ecc3262f375d150528a2c647f0570ceaeb7f GIT binary patch literal 6148 zcmeH~&u-H|5XNWQ6gEMK9FR(Hz94akP!l3RLP#b}4?Q5E8o>cjYvYt!a=cOO5J8&C z7hVFMfLGxKcpUo8?t)w#q@EBeJJRg8e`cKQPu^WG5sASp?h>_$NWxhgEfgz^$JuMP zW_x&0=x5}6sd^iwDyqf04oAQd`1c6#+TEZdN+_ifRo5?X36J1+erVHwy%HJC^NC&Q z-=ayHt7LzNf=U_(omn2si@g39OrD zo6rB /apps/bmc/ctm/controlm_agent_install.hasrun + echo "exit status $RESULT" >> /apps/bmc/ctm/controlm_agent_install.hasrun + echo "do not remove this file unless you want to rerun the install" >> /apps/bmc/ctm/controlm_agent_install.hasrun + chmod 444 /apps/bmc/ctm/controlm_agent_install.hasrun + exit $RESULT + diff --git a/site-modules/controlm/files/ctm.sh b/site-modules/controlm/files/ctm.sh new file mode 100644 index 0000000..7f8dd3c --- /dev/null +++ b/site-modules/controlm/files/ctm.sh @@ -0,0 +1,49 @@ +#!/bin/bash +# Startup Script for Control-M Agent Daemons +# Creation Date: 2016-09-09 +# Created By: David Stephenson +# Version: 1.0 + +# chkconfig: 2345 99 05 +# description: Controlm agent + + +CTM_Dir=/apps/bmc/ctm +CTM_OWNER=ctmagent +CTM_GROUP=controlm + +chown $CTM_OWNER:$CTM_GROUP $CTM_Dir/proclog/*.log + +case "$1" in +'start') + cd $CTM_Dir/scripts + ./start-ag -u $CTM_OWNER -p ALL -s + if [ "$?" = 0 ] ; then + touch /var/lock/subsys/ctm + echo "Control-M Agent Started" + fi + ;; +'stop') + cd $CTM_Dir/scripts + echo "Stopping Control-M Agent" + ./shut-ag -u $CTM_OWNER -p ALL + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/ctm; + ;; +'mode_user') + cd $CTM_Dir/scripts + ./set_agent_mode -u $CTM_OWNER -o 1 + ;; +'mode_full') + cd $CTM_Dir/scripts + ./set_agent_mode -u $CTM_OWNER -o 2 + ;; +*) + echo "Usage: //ctm.sh { start | stop }" + echo "or, if using sudo...." + echo "Usage: sudo -u root ./ctm.sh { start | stop | mode_user | mode_full }" + ;; +esac +exit 0 + diff --git a/site-modules/controlm/files/setup_patch.sh b/site-modules/controlm/files/setup_patch.sh new file mode 100755 index 0000000..f572214 --- /dev/null +++ b/site-modules/controlm/files/setup_patch.sh @@ -0,0 +1,39 @@ +#!/bin/sh + +# Description: +# This setup.sh find and run the install-bin that is compatible to the installing environment + +# Find this script's directory +utl_dir=`dirname $0` + +# set the INSTALL_BINs directory +bin_dir=$utl_dir + +# get all the INSTALL_BINs +install_bin_list=`ls $bin_dir | grep INSTALL.BIN` + +#get shell to be used to run "BIN" files + __machine=`uname` +shellInterpriter="/bin/ksh" +if [ $__machine = "Linux" ] ; then + shellInterpriter="/bin/sh" +fi + + +# loop on the install_bin_list and find the first one that is compatible with the environment +for install_bin in $install_bin_list +do + ${shellInterpriter} $bin_dir/$install_bin -m + if [ $? -eq 0 ];then + # Current install_bin is compatible with the environment was found, run it to install the FP + $bin_dir/$install_bin $@ + exit $? + fi +done + +echo ERROR: There is no available installation file for this platform: `uname -a` +echo Installation files were found for the following platforms: +echo ${install_bin_list}| tr " " "\n" | cut -f 2 -d_ | cut -f 1 -d. + +exit 1 + diff --git a/site-modules/controlm/files/sleep.sh b/site-modules/controlm/files/sleep.sh new file mode 100644 index 0000000..9d5fad7 --- /dev/null +++ b/site-modules/controlm/files/sleep.sh @@ -0,0 +1,48 @@ +#!/bin/bash +# Sleep Script for Control-M +# Use to Test Control-M Scheduling +# Creation Date: 2016-09-09 +# Created By: David Stephenson +# Version: 1.0 +exec 2> /dev/null +echo "********************************" +echo "** CONTROL-M Environment **" +echo "********************************" +echo PATH := $PATH +echo LD_LIBRARY_PATH:= $LD_LIBRARY_PATH +echo CONTROLM := $CONTROLM +echo "" +echo "********************************" +echo "** Arguments passed to script **" +echo "********************************" +echo Number of ARGS: = $# +echo ARGS := $* +echo "" +echo "********************************" +echo "** Script Run times **" +echo "********************************" +echo START := $(date) + +# Default RC to 0 +RC=0 + +# Search ARGS for RC=xxx If found Return an Error Code +while (( "$#" )); do + arg=$(echo $1 | awk '{ print $1 }') + if [ "$arg" -eq "$arg" ] 2>/dev/null; then + echo SLEEP := $arg SECONDS + sleep $1 > /dev/null + fi + echo $arg | grep -qi "rc=" + if [ "$?" -eq "0" ]; then + RC=$(echo $arg | grep -i "rc=" | awk -F= '{ print $2 }') + echo "RETURN CODE ARGUMENT: 'RC=$RC' FOUND. RETURN CODE '$RC' SENT TO CONTROL_M" + fi + shift +done + +echo END := $(date) +echo "" + +exit $RC + diff --git a/site-modules/controlm/files/ztest b/site-modules/controlm/files/ztest new file mode 100644 index 0000000..e69de29 diff --git a/site-modules/controlm/manifests/.DS_Store b/site-modules/controlm/manifests/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..133ed3656e394ea6bfc27642f0bc5e3c340f8830 GIT binary patch literal 6148 zcmeHKUrQT75T8xbc9YUJg@Sq97oiWKBr*6R!jbAj-h>l<&=T*GkQ|)1A-NdZH08dA zegi*>pP(P7&g`y1O{*^=MP^|3H#<8s$Nu)%KL8+F(_S5*3;+_9FjvIpFGAy_E0S}b z0-`WA#-JgFQ|Lgj63vePkpWt}_t3?4OCW{Y>obsH%Cr z(cG-6X0yIn6y@4_eY<^f`u)fJ=i=A7nHC8Ap^bcScmo$`JV@A?KTcwu3^0yre0+#p z_yQvs-J|#tvu;z2T^4458DIvUmI1fL$+u5ima8!X%)kp^fc6K4O6WPvESjwY8}kG} zq-&%RwCS2iIm)5uFtdmwD8i;9+En457{aEbU%5EXVP?^$gK&=z;l3=~3q_c(V|``9 zL3kFqWd@jmyA0%Qw@l~%?!Vvvcayls3@`&PiUCpB@poD{C3m*2OpeZ4g?fTYLUEbJ lWeOVRD8^ViiYur_(67iq^c-du(SyPl0Yd{f%)qlUa1DG|cj*8C literal 0 HcmV?d00001 diff --git a/site-modules/controlm/manifests/controlm_agent.pp b/site-modules/controlm/manifests/controlm_agent.pp new file mode 100644 index 0000000..378fbe6 --- /dev/null +++ b/site-modules/controlm/manifests/controlm_agent.pp @@ -0,0 +1,56 @@ +class controlm::controlm_agent { + + #used for the automated install file and firewall. + + #MUST HAVE THESE TWO IN HIERA, use fqdn for primary if host in diff domain. + #controlm::controlm_agent::primary_server_host: ctmgnpappla012.optus.com.au + #controlm::controlm_agent::server_host: ctmgnpappla012 + $server_host = hiera('controlm::controlm_agent::server_host','ctmgnpappla012') + $primary_server_host = hiera('controlm::controlm_agent::primary_server_host','ctmgnpappla012.optus.com.au') + + $tracker_port = hiera('controlm::controlm_agent::tracker_port','7035') + $a2s_port = hiera('controlm::controlm_agent::agent2server_port','7005') + $s2a_port = hiera('controlm::controlm_agent::server2agent_port','7006') + $tcp_timeout = hiera('controlm::controlm_agent::tcp_timeout','60') + $ignore_fail = hiera('controlm::controlm_agent::ignore_fail',false) + $force_upgrade = hiera('controlm::controlm_agent::force_upgrade',false) + + $software_version = hiera('controlm::controlm_agent::version','9.0.00-2') + + $patch_files = hiera('controlm::controlm_agent::patch_files',['PAKAI.9.0.00.100_Linux-x86_64_INSTALL.BIN','PAKAI.9.0.00.200_Linux-x86_64_INSTALL.BIN']) + # array of patch files so + # controlm::controlm_agent::patch_files: + # - file1 + # - file2 + # patch files are not installed separately from main install as timing that was + # not working. So if we get new patches probably best to install by hand or see + # if you can get a separate script happening. + +# also in hiera you need these, subbing PRD for GNP where needed +# isnd_linux::profiles::soe::login_accounts::groups: +# - 'ocaus01\ACL-GNP-CTRLM-rwx-SMT-ADMIN': +# additional_groups: +# - controlm +# - 'ocaus01\ACL-GNP-CTRLM-rx-SMT-SCHED': +# additional_groups: +# - controlm +# +# tpiam::profiles::sudoers: +# ocaus01aclgnpctrlmrwxsmtadmin: +# runas_users: +# - ctmagent +# commands: all_commands +# ocaus01aclgnpctrlmrxsmtsched: +# runas_users: +# - ctmagent +# commands: all_commands include controlm::controlm_agent::users + + include controlm::controlm_agent::users + include controlm::controlm_agent::packages + include controlm::controlm_agent::files + include controlm::controlm_agent::firewall + include controlm::controlm_agent::install + +} + + diff --git a/site-modules/controlm/manifests/controlm_agent/files.pp b/site-modules/controlm/manifests/controlm_agent/files.pp new file mode 100644 index 0000000..5d43a92 --- /dev/null +++ b/site-modules/controlm/manifests/controlm_agent/files.pp @@ -0,0 +1,153 @@ +class controlm::controlm_agent::files inherits controlm::controlm_agent { + +# Directories + unless defined(File['/apps']) { + file { [ '/apps', ]: + ensure => 'directory', + owner => 'root', + group => 'root', + mode => '0755', + } + } + + file { [ '/apps/bmc',]: + ensure => 'directory', + owner => 'root', + group => 'root', + mode => '0755', + require => File['/apps'], + } + file { [ '/apps/bmc/software','/apps/bmc/software/version_9/','/apps/bmc/software/version_9/fixes' ]: + ensure => 'directory', + owner => 'ctmagent', + group => 'controlm', + mode => '0755', + require => File['/apps/bmc'], + } + +# scripts_optus + + file { ['/apps/bmc/ctm/scripts_optus']: + ensure => directory, + owner => 'ctmagent', + group => 'controlm', + mode => '0775', + require => User['ctmagent'], + } + + file { '/apps/bmc/ctm/scripts_optus/sleep.sh': + ensure => file, + owner => 'ctmagent', + group => 'controlm', + mode => '0755', + source => 'puppet:///modules/controlm/sleep.sh', + require => [File['/apps/bmc/ctm/scripts_optus'],User['ctmagent'],], + } + + file { '/apps/bmc/ctm/scripts_optus/ctm.sh': + ensure => file, + owner => 'root', + group => 'root', + mode => '0755', + source => 'puppet:///modules/controlm/ctm.sh', + require => File['/apps/bmc/ctm/scripts_optus'], + } + + case $::os['release']['major']{ + '6': { + file { '/etc/rc.d/init.d/ctm.sh': + ensure => link, + target => '/apps/bmc/ctm/scripts_optus/ctm.sh', + owner => 'root', + group => 'root', + require => File['/apps/bmc/ctm/scripts_optus/ctm.sh'], + } + } + '7': { + + file { '/etc/rc.d/init.d/ctm.sh': + ensure => absent, + } + + file { '/etc/rc.d/init.d/ctm': + ensure => file, + owner => 'root', + group => 'root', + mode => '0755', + source => 'puppet:///modules/controlm/ctm.sh', + notify => Exec['systemctl reload daemon for Control-M agent'] + } + + exec{'systemctl reload daemon for Control-M agent': + path => $::path, + command => 'systemctl daemon-reload', + refreshonly => true, + } + + } + default: {fail "Unsupported Major version ${::os['release']['major']} detected"} + } + +#ctm/scripts + +# file { '/apps/bmc/ctm/scripts': +# ensure => link, +# target => '/apps/bmc/software/version_9/ctm/scripts', +# owner => 'root', +# group => 'root', +# require => Package['ctmagent_core_clean'], +# } + +# install scripts + + file { '/apps/bmc/ctm/ctm_silentinstall_optus.xml': + ensure => file, + owner => 'root', + group => 'root', + mode => '0755', + content => template('controlm/agent_install.erb'), + require => User['ctmagent'], + } + + file { '/apps/bmc/ctm/controlm_agent_install.sh': + ensure => file, + owner => 'root', + group => 'root', + mode => '0755', + content => template('controlm/controlm_agent_install.erb'), + require => User['ctmagent'], + } + + +# need to check status method and also if we need restart check. +# this should be in the install Iguess +# service { 'ctm.sh': +# ensure => running, +# enable => true, +# hasstatus => false, +# status => '', +# start => '', +# stop => '', +# subscribe => [ +# ], +# require => '/etc/rc.d/init.d/ctm.sh', +# } + +# profile scripts + file { '/etc/profile.d/controlm.csh': + ensure => file, + owner => 'root', + group => 'root', + mode => '0755', + source => 'puppet:///modules/controlm/controlm.csh', + } + + file { '/etc/profile.d/controlm.sh': + ensure => file, + owner => 'root', + group => 'root', + mode => '0755', + source => 'puppet:///modules/controlm/controlm.sh', + } + +} diff --git a/site-modules/controlm/manifests/controlm_agent/firewall.pp b/site-modules/controlm/manifests/controlm_agent/firewall.pp new file mode 100644 index 0000000..cddccd2 --- /dev/null +++ b/site-modules/controlm/manifests/controlm_agent/firewall.pp @@ -0,0 +1,16 @@ +class controlm::controlm_agent::firewall inherits controlm::controlm_agent { + + + firewall { '200 controlm tracker port hiera controlm_tracker_port': + action => 'accept', + proto => 'tcp', + dport => [$tracker_port], + } + + firewall { '210 controlm server to agent hiera controlm_server2agent_port': + action => 'accept', + proto => 'tcp', + dport => [$s2a_port], + } + +} diff --git a/site-modules/controlm/manifests/controlm_agent/install.pp b/site-modules/controlm/manifests/controlm_agent/install.pp new file mode 100644 index 0000000..4265669 --- /dev/null +++ b/site-modules/controlm/manifests/controlm_agent/install.pp @@ -0,0 +1,59 @@ +class controlm::controlm_agent::install inherits controlm::controlm_agent { + + +# set up /etc/services + + augeas { 'controlm': + context => '/files/etc/services', + changes => [ + "set service-name[port = '${s2a_port}'][protocol = 'udp'] ctmagent", + "set service-name[port = '${s2a_port}'][protocol = 'udp']/#comment 'Control-M server2agent'", + "set service-name[port = '${s2a_port}'][protocol = 'tcp'] ctmagent", + "set service-name[port = '${s2a_port}'][protocol = 'tcp']/#comment 'Control-M server2age nt'", + "set service-name[port = '${a2s_port}'][protocol = 'udp'] ctmagent", + "set service-name[port = '${a2s_port}'][protocol = 'udp']/#comment 'Control-M agent2servr'", + "set service-name[port = '${a2s_port}'][protocol = 'tcp'] ctmagent", + "set service-name[port = '${a2s_port}'][protocol = 'tcp']/#comment 'Control-M agent2server'", + ], + } + + + # use shellscript and sudo as running the install direct as user ctmagent gives HOME errors plus we get errors in the log file + # also does patches as can't get the patch script running after it for some reason + # patch names need to be in hiera see controlm_agent.pp + exec { 'controlm_agent_install': + command => '/apps/bmc/ctm/controlm_agent_install.sh > /apps/bmc/ctm/controlm_agent_install.log', + creates => '/apps/bmc/ctm/controlm_agent_install.hasrun', + require => [User['ctmagent'],Package['ctmagent_core_clean'],File['/apps/bmc/ctm/ctm_silentinstall_optus.xml','/apps/bmc/ctm/controlm_agent_install.sh'],Exec['chown_/apps/bmc'],], + timeout => 1800, + } + + case $::os['release']['major']{ + '6': { + service { 'ctm.sh': + ensure => running, + enable => true, + hasstatus => false, + status => '/bin/ps -ef | /bin/grep /apps/bmc/ctm/exe/p_ctm | /bin/grep -v grep', + require => [File['/etc/rc.d/init.d/ctm.sh'],Exec['controlm_agent_install'],] + } + } + '7': { + + service { 'ctm.sh': + enable => false, + } + + service { 'ctm': + ensure => running, + enable => true, + hasstatus => false, + status => '/bin/ps -ef | /bin/grep /apps/bmc/ctm/exe/p_ctm | /bin/grep -v grep', + require => [File['/etc/rc.d/init.d/ctm'],Exec['controlm_agent_install']] + } + + } + default: {fail "Unsupported Major version ${::os['release']['major']} detected"} + } +} + diff --git a/site-modules/controlm/manifests/controlm_agent/packages.pp b/site-modules/controlm/manifests/controlm_agent/packages.pp new file mode 100644 index 0000000..c907b8c --- /dev/null +++ b/site-modules/controlm/manifests/controlm_agent/packages.pp @@ -0,0 +1,16 @@ +class controlm::controlm_agent::packages inherits controlm::controlm_agent { + + package { 'ctmagent_core_clean' : + ensure => "$software_version", + require => User['ctmagent'], + } + + # the RPM does permissions, this is a backup + exec {'software permissions' : + command => '/bin/chown -R ctmagent:controlm /apps/bmc/software/version_9', + onlyif => '/usr/bin/test $(/bin/find /apps/bmc/software/version_9/CheckReq -uid 0 | w +c -l) -gt 0', + require => Package['ctmagent_core_clean'], + } + +} diff --git a/site-modules/controlm/manifests/controlm_agent/users.pp b/site-modules/controlm/manifests/controlm_agent/users.pp new file mode 100644 index 0000000..058f7e7 --- /dev/null +++ b/site-modules/controlm/manifests/controlm_agent/users.pp @@ -0,0 +1,38 @@ +class controlm::controlm_agent::users { + + unless defined(Group['controlm']) { + group { 'controlm': + ensure => present, + } + } + + user { 'ctmagent': + gid => [ 'controlm'], + home => '/apps/bmc/ctm', + comment => 'ControlM Agent', + shell => '/bin/bash', + password => '*', + managehome => true, + require => [Group['controlm'],File['/apps/bmc'],], + } + # set ownerships for /apps/bmc/ctm as needs sticky on group and install needs ctmagent to own /apps/bmc + exec { 'set permissions on /apps/bmc/ctm': + command => '/bin/chmod 2775 /apps/bmc/ctm', + onlyif => '/usr/bin/test $(/bin/find /apps/bmc/ctm -perm 2775 | wc -l) -eq 0', + require => User['ctmagent'], + } + + exec { 'chown_/apps/bmc': + command => '/bin/chown ctmagent.controlm /apps/bmc', + unless => '/usr/bin/test -e /apps/bmc/ctm/controlm_agent_install.hasrun', + require => User['ctmagent'], + } + + sudo::rule { 'controlm': + type => 'group', + runas_users => 'root', + commands => [ + '/apps/bmc/ctm/scripts_optus/ctm.sh', + ], + } +} diff --git a/site-modules/controlm/manifests/controlm_agent/z1 b/site-modules/controlm/manifests/controlm_agent/z1 new file mode 100644 index 0000000..0e64886 --- /dev/null +++ b/site-modules/controlm/manifests/controlm_agent/z1 @@ -0,0 +1,10 @@ + + file { '/apps/bmc/ctm/ctm_silentinstall_optus.xml': + ensure => file, + owner => 'root', + group => 'root', + mode => '0755', + content => template('controlm/agent_install.erb'), + require => User['ctmagent'], + } + diff --git a/site-modules/controlm/templates/agent_install.erb b/site-modules/controlm/templates/agent_install.erb new file mode 100644 index 0000000..b263ccd --- /dev/null +++ b/site-modules/controlm/templates/agent_install.erb @@ -0,0 +1,13 @@ + + Control-M/Agent 9.0.00 + + + + + + + + + + + diff --git a/site-modules/controlm/templates/controlm_agent_install.erb b/site-modules/controlm/templates/controlm_agent_install.erb new file mode 100644 index 0000000..52bf793 --- /dev/null +++ b/site-modules/controlm/templates/controlm_agent_install.erb @@ -0,0 +1,71 @@ +#!/bin/bash +# +#Does install and patches if any + +cd /apps/bmc/ +sudo -u ctmagent /apps/bmc/software/version_9/setup.sh -silent /apps/bmc/ctm/ctm_silentinstall_optus.xml +RESULT=$? +echo "exit status $RESULT" +if [ $RESULT -ne 0 ] ; then exit $RESULT; fi +/bin/date > /apps/bmc/ctm/controlm_agent_install.hasrun +echo "exit status $RESULT" >> /apps/bmc/ctm/controlm_agent_install.hasrun +echo "do not remove this file unless you want to rerun the install" >> /apps/bmc/ctm/controlm_agent_install.hasrun +chmod 444 /apps/bmc/ctm/controlm_agent_install.hasrun + + +<% if @patch_files -%> +/bin/date > /apps/bmc/ctm/controlm_agent_patch_install.hasrun +# remove any old patches +rm -rf /apps/bmc/software/version_9/fixes/*INSTALL.BIN + +. /etc/profile.d/controlm.sh + +<% @patch_files.each do | file | -%> + +echo "====================" +PATCH_RESULT=1 +cd /apps/bmc/software/version_9/fixes +wget http://<%= scope.lookupvar('::razor_metadata_repo_server') -%>/files/bcc_source/controlm/<%= file %> +chmod 755 /apps/bmc/software/version_9/fixes/<%= file %> +sudo -u ctmagent /bin/bash - < +EOF +PATCH_RESULT=$? + if [ $PATCH_RESULT -ne 0 ] + then + echo "patch <%= file -%> bad $PATCH_RESULT" >> controlm_agent_patch_install.hasrun + mv /apps/bmc/ctm/controlm_agent_patch_install.hasrun /apps/bmc/ctm/controlm_agent_patch_install.bad + exit $RESULT + fi + +echo "patch exit status <%= file -%> $PATCH_RESULT" +# sleep to see if patches properly install +echo "sleeping for 10 " +sleep 10 +<% end -%> +<% end -%> + +# set correct hostnames +SHORT=`/bin/hostname -s` +LONG=`/bin/hostname -f` + +echo "Changing short hostnames in CONFIG.dat" +cp -f /apps/bmc/ctm/data/CONFIG.dat /apps/bmc/ctm/data/CONFIG.dat.bak +/bin/sed -i "s/$SHORT$/$LONG/" /apps/bmc/ctm/data/CONFIG.dat +grep $SHORT /apps/bmc/ctm/data/CONFIG.dat + + +#change mode +/usr/bin/yes y | /apps/bmc/ctm/scripts/set_agent_mode -u ctmagent -o 1 + +# stop agent +sudo -u ctmagent /bin/bash - < for backward compatibility +ARG1=`echo $1 | tr '[A-Z]' '[a-z]'` +if [ "$ARG1" = "start" ] || [ "$ARG1" = "stop" ] ; then + if [ "$ARG1" = "start" ] ; then + STATE_ACTION="start" + elif [ "$ARG1" = "stop" ] ; then + STATE_ACTION="stop" + fi +else + STATE_ACTION="start" +fi + + + if [ "$agent_status" = "STOPPED" ] ; then # AGENT_STATUS is set to 'STOPPED', exit without starting the Agent + echo "Control-M/Agent (account $account_name) status is set to 'STOPPED'. Control-M/Agent will not start." + exit 0 + fi + + # get the value for config parameter AGENT_OWNER to determine which owner should start the agent + # in case the parameter is missing or empty, start as root. + # This script is executed as root user by the OS during machine startup. + # If the agent should run as agent owner, use 'su' to run start-ag + agent_owner=`grep AGENT_OWNER $config_file | awk '{print $2}'` + +if [ "$STATE_ACTION" = "start" ] ; then + + if [ "$agent_owner" != "root" ] ; then + /bin/su - $agent_owner -c "$install_path/ctm/scripts/start-ag -u $account_name -p ALL" + else + $install_path/ctm/scripts/start-ag -u $account_name -p ALL + fi + +else + + # backup ctm_agent_status.dat to keep origional status + TMP_FILE_NAME="ctm_agent_status_dat-`date +'%Y-%m-%d_%H-%M-%S'`.tar" + cd $install_path/ctm/data ; tar -cf $TMP_FILE_NAME ctm_agent_status.dat + + if [ "$agent_owner" != "root" ] ; then + /bin/su - $agent_owner -c "$install_path/ctm/scripts/shut-ag -u $account_name -p ALL" + else + $install_path/ctm/scripts/shut-ag -u $account_name -p ALL + fi + + # restore ctm_agent_status.dat to origional + cd $install_path/ctm/data ; tar -xf $TMP_FILE_NAME ; rm -f $TMP_FILE_NAME + +fi +exit 0 + + diff --git a/site-modules/controlm/templates/ztest b/site-modules/controlm/templates/ztest new file mode 100644 index 0000000..e69de29 diff --git a/site-modules/role/manifests/callaugeas.pp b/site-modules/role/manifests/callaugeas.pp new file mode 100644 index 0000000..3429116 --- /dev/null +++ b/site-modules/role/manifests/callaugeas.pp @@ -0,0 +1,5 @@ +class role::callaugeas { + + include controlm::controlm_agent + +} From 9838d2f40bd9bdd317ae26b75a625496091f8e86 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 10:18:28 +0800 Subject: [PATCH 103/165] add modules --- Puppetfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Puppetfile b/Puppetfile index 5c1ff94..2ebdbd9 100644 --- a/Puppetfile +++ b/Puppetfile @@ -36,3 +36,6 @@ mod 'puppet-grafana', '6.1.0' mod 'puppet-telegraf', '2.1.0' mod 'puppetlabs-puppet_metrics_dashboard', '2.0.1' mod 'puppetlabs-puppetserver_gem', '1.1.1' +mod 'herculesteam/augeasproviders_core', '2.1.2' +mod 'herculesteam/augeasproviders_mounttab', '2.0.2' +mod 'herculesteam/augeasproviders_pam', '2.1.0' From 2763de89b8a144117e443b11e73325dbd307d4fd Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 10:53:03 +0800 Subject: [PATCH 104/165] sdfsd --- .../controlm/manifests/controlm_agent/users.pp | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/site-modules/controlm/manifests/controlm_agent/users.pp b/site-modules/controlm/manifests/controlm_agent/users.pp index 058f7e7..4ce7351 100644 --- a/site-modules/controlm/manifests/controlm_agent/users.pp +++ b/site-modules/controlm/manifests/controlm_agent/users.pp @@ -28,11 +28,11 @@ class controlm::controlm_agent::users { require => User['ctmagent'], } - sudo::rule { 'controlm': - type => 'group', - runas_users => 'root', - commands => [ - '/apps/bmc/ctm/scripts_optus/ctm.sh', - ], - } + #sudo::rule { 'controlm': + # type => 'group', + # runas_users => 'root', + # commands => [ + # '/apps/bmc/ctm/scripts_optus/ctm.sh', + # ], + #} } From bc94a69361aa0cae65211fc08361804ef66cb63e Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 10:56:15 +0800 Subject: [PATCH 105/165] ststst --- data/common.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/data/common.yaml b/data/common.yaml index 63da93f..78a581a 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -1,7 +1,7 @@ --- message: "This node is using common data" -controlm::controlm_agent::agent2server_port: 17005 -controlm::controlm_agent::server2agent_port: 17006 -controlm::controlm_agent::tracker_port: 17035 +controlm::controlm_agent::agent2server_port: 7005 +controlm::controlm_agent::server2agent_port: 7006 +controlm::controlm_agent::tracker_port: 7035 controlm::controlm_agent::server_host: ctmgnpappla013 controlm::controlm_agent::primary_server_host: ctmgnpappla013.optus.com.au From c9d53a901088b6ec616ea5c17d79be69bbc119bd Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 11:03:48 +0800 Subject: [PATCH 106/165] sss --- data/common.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/data/common.yaml b/data/common.yaml index 78a581a..63da93f 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -1,7 +1,7 @@ --- message: "This node is using common data" -controlm::controlm_agent::agent2server_port: 7005 -controlm::controlm_agent::server2agent_port: 7006 -controlm::controlm_agent::tracker_port: 7035 +controlm::controlm_agent::agent2server_port: 17005 +controlm::controlm_agent::server2agent_port: 17006 +controlm::controlm_agent::tracker_port: 17035 controlm::controlm_agent::server_host: ctmgnpappla013 controlm::controlm_agent::primary_server_host: ctmgnpappla013.optus.com.au From 9813792de7fecc2305c622742758174d13b114bd Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 11:22:52 +0800 Subject: [PATCH 107/165] sss --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index 2ebdbd9..e452ed0 100644 --- a/Puppetfile +++ b/Puppetfile @@ -36,6 +36,6 @@ mod 'puppet-grafana', '6.1.0' mod 'puppet-telegraf', '2.1.0' mod 'puppetlabs-puppet_metrics_dashboard', '2.0.1' mod 'puppetlabs-puppetserver_gem', '1.1.1' -mod 'herculesteam/augeasproviders_core', '2.1.2' +mod 'herculesteam/augeasproviders_core', '2.5.0' mod 'herculesteam/augeasproviders_mounttab', '2.0.2' mod 'herculesteam/augeasproviders_pam', '2.1.0' From 0bec4103e4caf0b72e9cac9e1e623365b2b5c080 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 11:24:25 +0800 Subject: [PATCH 108/165] ts --- data/common.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/common.yaml b/data/common.yaml index 63da93f..4da2b1c 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -2,6 +2,6 @@ message: "This node is using common data" controlm::controlm_agent::agent2server_port: 17005 controlm::controlm_agent::server2agent_port: 17006 -controlm::controlm_agent::tracker_port: 17035 +controlm::controlm_agent::tracker_port: 7035 controlm::controlm_agent::server_host: ctmgnpappla013 controlm::controlm_agent::primary_server_host: ctmgnpappla013.optus.com.au From f7e6786b7978b96c3dea8d13b2cfe77c68bcb166 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 11:26:18 +0800 Subject: [PATCH 109/165] tts --- data/common.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/common.yaml b/data/common.yaml index 4da2b1c..41478a5 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -1,6 +1,6 @@ --- message: "This node is using common data" -controlm::controlm_agent::agent2server_port: 17005 +controlm::controlm_agent::agent2server_port: 7005 controlm::controlm_agent::server2agent_port: 17006 controlm::controlm_agent::tracker_port: 7035 controlm::controlm_agent::server_host: ctmgnpappla013 From 11c907c887f71d0d2895ecfe092ee1cbdc953b1a Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 11:27:28 +0800 Subject: [PATCH 110/165] tssts --- data/common.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/common.yaml b/data/common.yaml index 41478a5..78a581a 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -1,7 +1,7 @@ --- message: "This node is using common data" controlm::controlm_agent::agent2server_port: 7005 -controlm::controlm_agent::server2agent_port: 17006 +controlm::controlm_agent::server2agent_port: 7006 controlm::controlm_agent::tracker_port: 7035 controlm::controlm_agent::server_host: ctmgnpappla013 controlm::controlm_agent::primary_server_host: ctmgnpappla013.optus.com.au From 7e029af7b7f0b2abe8baf624745c72bc594ce2ba Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 11:28:47 +0800 Subject: [PATCH 111/165] adsdad --- data/common.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/data/common.yaml b/data/common.yaml index 78a581a..8c213d4 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -1,7 +1,7 @@ --- message: "This node is using common data" -controlm::controlm_agent::agent2server_port: 7005 -controlm::controlm_agent::server2agent_port: 7006 -controlm::controlm_agent::tracker_port: 7035 +controlm::controlm_agent::agent2server_port: 700 +controlm::controlm_agent::server2agent_port: 700 +controlm::controlm_agent::tracker_port: 705 controlm::controlm_agent::server_host: ctmgnpappla013 controlm::controlm_agent::primary_server_host: ctmgnpappla013.optus.com.au From 204a25abf4a97153e31528773bb88202730c9777 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 12:19:38 +0800 Subject: [PATCH 112/165] ss --- data/common.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/data/common.yaml b/data/common.yaml index 8c213d4..b0a344b 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -1,7 +1,7 @@ --- message: "This node is using common data" -controlm::controlm_agent::agent2server_port: 700 -controlm::controlm_agent::server2agent_port: 700 -controlm::controlm_agent::tracker_port: 705 +controlm::controlm_agent::agent2server_port: 10700 +controlm::controlm_agent::server2agent_port: 10700 +controlm::controlm_agent::tracker_port: 10705 controlm::controlm_agent::server_host: ctmgnpappla013 controlm::controlm_agent::primary_server_host: ctmgnpappla013.optus.com.au From f263d59e08bb1c9fdcb7e309ab2a0cc843ad6af1 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 12:36:24 +0800 Subject: [PATCH 113/165] sss --- .../controlm/manifests/controlm_agent/install.pp | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/site-modules/controlm/manifests/controlm_agent/install.pp b/site-modules/controlm/manifests/controlm_agent/install.pp index 4265669..1e2a672 100644 --- a/site-modules/controlm/manifests/controlm_agent/install.pp +++ b/site-modules/controlm/manifests/controlm_agent/install.pp @@ -7,18 +7,18 @@ class controlm::controlm_agent::install inherits controlm::controlm_agent { context => '/files/etc/services', changes => [ "set service-name[port = '${s2a_port}'][protocol = 'udp'] ctmagent", - "set service-name[port = '${s2a_port}'][protocol = 'udp']/#comment 'Control-M server2agent'", +# "set service-name[port = '${s2a_port}'][protocol = 'udp'][#comment 'Control-M server2agent']", "set service-name[port = '${s2a_port}'][protocol = 'tcp'] ctmagent", - "set service-name[port = '${s2a_port}'][protocol = 'tcp']/#comment 'Control-M server2age nt'", +# "set service-name[port = '${s2a_port}'][protocol = 'tcp'][#comment 'Control-M server2agent']", "set service-name[port = '${a2s_port}'][protocol = 'udp'] ctmagent", - "set service-name[port = '${a2s_port}'][protocol = 'udp']/#comment 'Control-M agent2servr'", +# "set service-name[port = '${a2s_port}'][protocol = 'udp']/ #comment 'Control-M agent2servr'", "set service-name[port = '${a2s_port}'][protocol = 'tcp'] ctmagent", - "set service-name[port = '${a2s_port}'][protocol = 'tcp']/#comment 'Control-M agent2server'", +# "set service-name[port = '${a2s_port}'][protocol = 'tcp']/ #comment 'Control-M agent2server'", ], } - # use shellscript and sudo as running the install direct as user ctmagent gives HOME errors plus we get errors in the log file + # use shellscript and sudo as running the install direct as user ctmagent gives HOME errors plus we get errors in the log file # also does patches as can't get the patch script running after it for some reason # patch names need to be in hiera see controlm_agent.pp exec { 'controlm_agent_install': @@ -51,9 +51,8 @@ class controlm::controlm_agent::install inherits controlm::controlm_agent { status => '/bin/ps -ef | /bin/grep /apps/bmc/ctm/exe/p_ctm | /bin/grep -v grep', require => [File['/etc/rc.d/init.d/ctm'],Exec['controlm_agent_install']] } - + } default: {fail "Unsupported Major version ${::os['release']['major']} detected"} } } - From 2a7f8cf95958d02ce1c12949b231e97e2d281849 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 12:46:37 +0800 Subject: [PATCH 114/165] ss --- data/common.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/data/common.yaml b/data/common.yaml index b0a344b..78a581a 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -1,7 +1,7 @@ --- message: "This node is using common data" -controlm::controlm_agent::agent2server_port: 10700 -controlm::controlm_agent::server2agent_port: 10700 -controlm::controlm_agent::tracker_port: 10705 +controlm::controlm_agent::agent2server_port: 7005 +controlm::controlm_agent::server2agent_port: 7006 +controlm::controlm_agent::tracker_port: 7035 controlm::controlm_agent::server_host: ctmgnpappla013 controlm::controlm_agent::primary_server_host: ctmgnpappla013.optus.com.au From 7b401555317e4584a5e11257e38cf0ffba8514c9 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 12:49:38 +0800 Subject: [PATCH 115/165] sdfsdf --- site-modules/controlm/manifests/controlm_agent/install.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/site-modules/controlm/manifests/controlm_agent/install.pp b/site-modules/controlm/manifests/controlm_agent/install.pp index 1e2a672..4ca96be 100644 --- a/site-modules/controlm/manifests/controlm_agent/install.pp +++ b/site-modules/controlm/manifests/controlm_agent/install.pp @@ -7,13 +7,13 @@ class controlm::controlm_agent::install inherits controlm::controlm_agent { context => '/files/etc/services', changes => [ "set service-name[port = '${s2a_port}'][protocol = 'udp'] ctmagent", -# "set service-name[port = '${s2a_port}'][protocol = 'udp'][#comment 'Control-M server2agent']", + "set service-name[port = '${s2a_port}'][protocol = 'udp'][#comment 'Control-M server2agent']", "set service-name[port = '${s2a_port}'][protocol = 'tcp'] ctmagent", -# "set service-name[port = '${s2a_port}'][protocol = 'tcp'][#comment 'Control-M server2agent']", + "set service-name[port = '${s2a_port}'][protocol = 'tcp'][#comment 'Control-M server2agent']", "set service-name[port = '${a2s_port}'][protocol = 'udp'] ctmagent", -# "set service-name[port = '${a2s_port}'][protocol = 'udp']/ #comment 'Control-M agent2servr'", + "set service-name[port = '${a2s_port}'][protocol = 'udp']/ #comment 'Control-M agent2server'", "set service-name[port = '${a2s_port}'][protocol = 'tcp'] ctmagent", -# "set service-name[port = '${a2s_port}'][protocol = 'tcp']/ #comment 'Control-M agent2server'", + "set service-name[port = '${a2s_port}'][protocol = 'tcp']/ #comment 'Control-M agent2server'", ], } From 91218e89f6850a3a825e36cfc1cd57f023a738cc Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 12:52:13 +0800 Subject: [PATCH 116/165] gg --- data/common.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/data/common.yaml b/data/common.yaml index 78a581a..63da93f 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -1,7 +1,7 @@ --- message: "This node is using common data" -controlm::controlm_agent::agent2server_port: 7005 -controlm::controlm_agent::server2agent_port: 7006 -controlm::controlm_agent::tracker_port: 7035 +controlm::controlm_agent::agent2server_port: 17005 +controlm::controlm_agent::server2agent_port: 17006 +controlm::controlm_agent::tracker_port: 17035 controlm::controlm_agent::server_host: ctmgnpappla013 controlm::controlm_agent::primary_server_host: ctmgnpappla013.optus.com.au From 0be6e37fcd08c4cf98f687debf972e035ed98662 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 13:03:58 +0800 Subject: [PATCH 117/165] sfsds --- site-modules/controlm/manifests/controlm_agent/install.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/site-modules/controlm/manifests/controlm_agent/install.pp b/site-modules/controlm/manifests/controlm_agent/install.pp index 4ca96be..9baf982 100644 --- a/site-modules/controlm/manifests/controlm_agent/install.pp +++ b/site-modules/controlm/manifests/controlm_agent/install.pp @@ -7,13 +7,13 @@ class controlm::controlm_agent::install inherits controlm::controlm_agent { context => '/files/etc/services', changes => [ "set service-name[port = '${s2a_port}'][protocol = 'udp'] ctmagent", - "set service-name[port = '${s2a_port}'][protocol = 'udp'][#comment 'Control-M server2agent']", + "set service-name[port = '${s2a_port}'][protocol = 'udp']/ #comment 'Henry123']", "set service-name[port = '${s2a_port}'][protocol = 'tcp'] ctmagent", - "set service-name[port = '${s2a_port}'][protocol = 'tcp'][#comment 'Control-M server2agent']", + "set service-name[port = '${s2a_port}'][protocol = 'tcp']/ #comment 'Henry234']", "set service-name[port = '${a2s_port}'][protocol = 'udp'] ctmagent", - "set service-name[port = '${a2s_port}'][protocol = 'udp']/ #comment 'Control-M agent2server'", + "set service-name[port = '${a2s_port}'][protocol = 'udp']/ #comment 'Henry345'", "set service-name[port = '${a2s_port}'][protocol = 'tcp'] ctmagent", - "set service-name[port = '${a2s_port}'][protocol = 'tcp']/ #comment 'Control-M agent2server'", + "set service-name[port = '${a2s_port}'][protocol = 'tcp']/ #comment 'Henry456'", ], } From 96de22172126ce810989610780ba06190f0a4b3b Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 13:11:53 +0800 Subject: [PATCH 118/165] sdfsfd --- .../controlm/manifests/controlm_agent/install.pp | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/site-modules/controlm/manifests/controlm_agent/install.pp b/site-modules/controlm/manifests/controlm_agent/install.pp index 9baf982..659ac8b 100644 --- a/site-modules/controlm/manifests/controlm_agent/install.pp +++ b/site-modules/controlm/manifests/controlm_agent/install.pp @@ -6,14 +6,14 @@ class controlm::controlm_agent::install inherits controlm::controlm_agent { augeas { 'controlm': context => '/files/etc/services', changes => [ - "set service-name[port = '${s2a_port}'][protocol = 'udp'] ctmagent", - "set service-name[port = '${s2a_port}'][protocol = 'udp']/ #comment 'Henry123']", - "set service-name[port = '${s2a_port}'][protocol = 'tcp'] ctmagent", - "set service-name[port = '${s2a_port}'][protocol = 'tcp']/ #comment 'Henry234']", - "set service-name[port = '${a2s_port}'][protocol = 'udp'] ctmagent", - "set service-name[port = '${a2s_port}'][protocol = 'udp']/ #comment 'Henry345'", - "set service-name[port = '${a2s_port}'][protocol = 'tcp'] ctmagent", - "set service-name[port = '${a2s_port}'][protocol = 'tcp']/ #comment 'Henry456'", + "set service-name[port = '${s2a_port}'][protocol = 'udp'][alias = 'test'][#comment = "test123"] ctmagent", + # "set service-name[port = '${s2a_port}'][protocol = 'udp']/ #comment 'Henry123']", + "set service-name[port = '${s2a_port}'][protocol = 'tcp'][alias = 'test'][#comment = "test123"] ctmagent", + # "set service-name[port = '${s2a_port}'][protocol = 'tcp']/ #comment 'Henry234']", + "set service-name[port = '${a2s_port}'][protocol = 'udp'][alias = 'test'][#comment = "test123"] ctmagent", + # "set service-name[port = '${a2s_port}'][protocol = 'udp']/ #comment 'Henry345'", + "set service-name[port = '${a2s_port}'][protocol = 'tcp'][alias = 'test'][#comment = "test123"] ctmagent", + # "set service-name[port = '${a2s_port}'][protocol = 'tcp']/ #comment 'Henry456'", ], } From ad997e64fb5d1be25e419d089724ab9c88dafce9 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 13:13:51 +0800 Subject: [PATCH 119/165] ststs --- site-modules/controlm/manifests/controlm_agent/install.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/site-modules/controlm/manifests/controlm_agent/install.pp b/site-modules/controlm/manifests/controlm_agent/install.pp index 659ac8b..b34046f 100644 --- a/site-modules/controlm/manifests/controlm_agent/install.pp +++ b/site-modules/controlm/manifests/controlm_agent/install.pp @@ -6,13 +6,13 @@ class controlm::controlm_agent::install inherits controlm::controlm_agent { augeas { 'controlm': context => '/files/etc/services', changes => [ - "set service-name[port = '${s2a_port}'][protocol = 'udp'][alias = 'test'][#comment = "test123"] ctmagent", + "set service-name[port = '${s2a_port}'][protocol = 'udp'][alias = 'test']ctmagent", # "set service-name[port = '${s2a_port}'][protocol = 'udp']/ #comment 'Henry123']", - "set service-name[port = '${s2a_port}'][protocol = 'tcp'][alias = 'test'][#comment = "test123"] ctmagent", + "set service-name[port = '${s2a_port}'][protocol = 'tcp'][alias = 'test'] ctmagent", # "set service-name[port = '${s2a_port}'][protocol = 'tcp']/ #comment 'Henry234']", - "set service-name[port = '${a2s_port}'][protocol = 'udp'][alias = 'test'][#comment = "test123"] ctmagent", + "set service-name[port = '${a2s_port}'][protocol = 'udp'][alias = 'test'] ctmagent", # "set service-name[port = '${a2s_port}'][protocol = 'udp']/ #comment 'Henry345'", - "set service-name[port = '${a2s_port}'][protocol = 'tcp'][alias = 'test'][#comment = "test123"] ctmagent", + "set service-name[port = '${a2s_port}'][protocol = 'tcp'][alias = 'test'] ctmagent", # "set service-name[port = '${a2s_port}'][protocol = 'tcp']/ #comment 'Henry456'", ], } From ad647d408bffd8b716fb44b57db480f0a46942a0 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 13:15:27 +0800 Subject: [PATCH 120/165] sdfs --- site-modules/controlm/manifests/controlm_agent/install.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-modules/controlm/manifests/controlm_agent/install.pp b/site-modules/controlm/manifests/controlm_agent/install.pp index b34046f..94be995 100644 --- a/site-modules/controlm/manifests/controlm_agent/install.pp +++ b/site-modules/controlm/manifests/controlm_agent/install.pp @@ -6,7 +6,7 @@ class controlm::controlm_agent::install inherits controlm::controlm_agent { augeas { 'controlm': context => '/files/etc/services', changes => [ - "set service-name[port = '${s2a_port}'][protocol = 'udp'][alias = 'test']ctmagent", + "set service-name[port = '${s2a_port}'][protocol = 'udp'][alias = 'test'] ctmagent", # "set service-name[port = '${s2a_port}'][protocol = 'udp']/ #comment 'Henry123']", "set service-name[port = '${s2a_port}'][protocol = 'tcp'][alias = 'test'] ctmagent", # "set service-name[port = '${s2a_port}'][protocol = 'tcp']/ #comment 'Henry234']", From 02a585c701d4b8ecd1929dcd15c4f6db9562ab15 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 13:25:29 +0800 Subject: [PATCH 121/165] sfsd --- .../controlm/manifests/controlm_agent/install.pp | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/site-modules/controlm/manifests/controlm_agent/install.pp b/site-modules/controlm/manifests/controlm_agent/install.pp index 94be995..fb7de46 100644 --- a/site-modules/controlm/manifests/controlm_agent/install.pp +++ b/site-modules/controlm/manifests/controlm_agent/install.pp @@ -6,15 +6,16 @@ class controlm::controlm_agent::install inherits controlm::controlm_agent { augeas { 'controlm': context => '/files/etc/services', changes => [ - "set service-name[port = '${s2a_port}'][protocol = 'udp'][alias = 'test'] ctmagent", + "set service-name[port = '${s2a_port}'][protocol = 'udp'] ctmagent", # "set service-name[port = '${s2a_port}'][protocol = 'udp']/ #comment 'Henry123']", - "set service-name[port = '${s2a_port}'][protocol = 'tcp'][alias = 'test'] ctmagent", + "set service-name[port = '${s2a_port}'][protocol = 'tcp'] ctmagent", # "set service-name[port = '${s2a_port}'][protocol = 'tcp']/ #comment 'Henry234']", - "set service-name[port = '${a2s_port}'][protocol = 'udp'][alias = 'test'] ctmagent", + "set service-name[port = '${a2s_port}'][protocol = 'udp'] ctmagent", # "set service-name[port = '${a2s_port}'][protocol = 'udp']/ #comment 'Henry345'", - "set service-name[port = '${a2s_port}'][protocol = 'tcp'][alias = 'test'] ctmagent", + "set service-name[port = '${a2s_port}'][protocol = 'tcp'] ctmagent", # "set service-name[port = '${a2s_port}'][protocol = 'tcp']/ #comment 'Henry456'", - ], + + force => true, } From 2b96d662dbeda749c75f109a67490e39d5e02826 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 13:26:47 +0800 Subject: [PATCH 122/165] sds --- site-modules/controlm/manifests/controlm_agent/install.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-modules/controlm/manifests/controlm_agent/install.pp b/site-modules/controlm/manifests/controlm_agent/install.pp index fb7de46..d6045ab 100644 --- a/site-modules/controlm/manifests/controlm_agent/install.pp +++ b/site-modules/controlm/manifests/controlm_agent/install.pp @@ -14,7 +14,7 @@ class controlm::controlm_agent::install inherits controlm::controlm_agent { # "set service-name[port = '${a2s_port}'][protocol = 'udp']/ #comment 'Henry345'", "set service-name[port = '${a2s_port}'][protocol = 'tcp'] ctmagent", # "set service-name[port = '${a2s_port}'][protocol = 'tcp']/ #comment 'Henry456'", - + ], force => true, } From 0152417f7137e7c0f5366791e34c9a644a03a02b Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 13:31:45 +0800 Subject: [PATCH 123/165] tstst --- Puppetfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Puppetfile b/Puppetfile index e452ed0..e6f82f2 100644 --- a/Puppetfile +++ b/Puppetfile @@ -36,6 +36,6 @@ mod 'puppet-grafana', '6.1.0' mod 'puppet-telegraf', '2.1.0' mod 'puppetlabs-puppet_metrics_dashboard', '2.0.1' mod 'puppetlabs-puppetserver_gem', '1.1.1' -mod 'herculesteam/augeasproviders_core', '2.5.0' -mod 'herculesteam/augeasproviders_mounttab', '2.0.2' -mod 'herculesteam/augeasproviders_pam', '2.1.0' +#mod 'herculesteam/augeasproviders_core', '2.5.0' +#mod 'herculesteam/augeasproviders_mounttab', '2.0.2' +#mod 'herculesteam/augeasproviders_pam', '2.1.0' From 36c075d432d1238a39151059beec3cbf67b07075 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 13:32:10 +0800 Subject: [PATCH 124/165] sfsd --- site-modules/controlm/manifests/controlm_agent/install.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-modules/controlm/manifests/controlm_agent/install.pp b/site-modules/controlm/manifests/controlm_agent/install.pp index d6045ab..e72560f 100644 --- a/site-modules/controlm/manifests/controlm_agent/install.pp +++ b/site-modules/controlm/manifests/controlm_agent/install.pp @@ -15,7 +15,7 @@ class controlm::controlm_agent::install inherits controlm::controlm_agent { "set service-name[port = '${a2s_port}'][protocol = 'tcp'] ctmagent", # "set service-name[port = '${a2s_port}'][protocol = 'tcp']/ #comment 'Henry456'", ], - force => true, + } From a58e891467ceb9656bfeb5aadf3ef674140e988f Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 13:38:37 +0800 Subject: [PATCH 125/165] dfd --- Puppetfile | 6 +++--- site-modules/controlm/manifests/controlm_agent/install.pp | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Puppetfile b/Puppetfile index e6f82f2..e452ed0 100644 --- a/Puppetfile +++ b/Puppetfile @@ -36,6 +36,6 @@ mod 'puppet-grafana', '6.1.0' mod 'puppet-telegraf', '2.1.0' mod 'puppetlabs-puppet_metrics_dashboard', '2.0.1' mod 'puppetlabs-puppetserver_gem', '1.1.1' -#mod 'herculesteam/augeasproviders_core', '2.5.0' -#mod 'herculesteam/augeasproviders_mounttab', '2.0.2' -#mod 'herculesteam/augeasproviders_pam', '2.1.0' +mod 'herculesteam/augeasproviders_core', '2.5.0' +mod 'herculesteam/augeasproviders_mounttab', '2.0.2' +mod 'herculesteam/augeasproviders_pam', '2.1.0' diff --git a/site-modules/controlm/manifests/controlm_agent/install.pp b/site-modules/controlm/manifests/controlm_agent/install.pp index e72560f..bb146aa 100644 --- a/site-modules/controlm/manifests/controlm_agent/install.pp +++ b/site-modules/controlm/manifests/controlm_agent/install.pp @@ -15,7 +15,7 @@ class controlm::controlm_agent::install inherits controlm::controlm_agent { "set service-name[port = '${a2s_port}'][protocol = 'tcp'] ctmagent", # "set service-name[port = '${a2s_port}'][protocol = 'tcp']/ #comment 'Henry456'", ], - + provider=> 'augeasproviders_core', } From 66a6a0fc30bdac5111b7a71679c5401f6a88b9b1 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 13:49:48 +0800 Subject: [PATCH 126/165] sss --- .../controlm/manifests/controlm_agent/install.pp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/site-modules/controlm/manifests/controlm_agent/install.pp b/site-modules/controlm/manifests/controlm_agent/install.pp index bb146aa..256c655 100644 --- a/site-modules/controlm/manifests/controlm_agent/install.pp +++ b/site-modules/controlm/manifests/controlm_agent/install.pp @@ -6,16 +6,16 @@ class controlm::controlm_agent::install inherits controlm::controlm_agent { augeas { 'controlm': context => '/files/etc/services', changes => [ - "set service-name[port = '${s2a_port}'][protocol = 'udp'] ctmagent", + "set service-name [. = 'ctmagent']/port ${s2a_port} ", + "set service-name [. = 'ctmagent']/protocol tcp ", # "set service-name[port = '${s2a_port}'][protocol = 'udp']/ #comment 'Henry123']", - "set service-name[port = '${s2a_port}'][protocol = 'tcp'] ctmagent", + # "set service-name[port = '${s2a_port}'][protocol = 'tcp'] ctmagent", # "set service-name[port = '${s2a_port}'][protocol = 'tcp']/ #comment 'Henry234']", - "set service-name[port = '${a2s_port}'][protocol = 'udp'] ctmagent", + # "set service-name[port = '${a2s_port}'][protocol = 'udp'] ctmagent", # "set service-name[port = '${a2s_port}'][protocol = 'udp']/ #comment 'Henry345'", - "set service-name[port = '${a2s_port}'][protocol = 'tcp'] ctmagent", + # "set service-name[port = '${a2s_port}'][protocol = 'tcp'] ctmagent", # "set service-name[port = '${a2s_port}'][protocol = 'tcp']/ #comment 'Henry456'", ], - provider=> 'augeasproviders_core', } From 29f31ed57b1212e5e12a919ac985e1eefabef5a5 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 13:56:13 +0800 Subject: [PATCH 127/165] sss --- site-modules/controlm/manifests/controlm_agent/install.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/site-modules/controlm/manifests/controlm_agent/install.pp b/site-modules/controlm/manifests/controlm_agent/install.pp index 256c655..92549d3 100644 --- a/site-modules/controlm/manifests/controlm_agent/install.pp +++ b/site-modules/controlm/manifests/controlm_agent/install.pp @@ -6,6 +6,7 @@ class controlm::controlm_agent::install inherits controlm::controlm_agent { augeas { 'controlm': context => '/files/etc/services', changes => [ + "set service-name ctmagent" "set service-name [. = 'ctmagent']/port ${s2a_port} ", "set service-name [. = 'ctmagent']/protocol tcp ", # "set service-name[port = '${s2a_port}'][protocol = 'udp']/ #comment 'Henry123']", From 167691cdd23b62cd560ca47c800b9c94a7eae909 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 13:57:43 +0800 Subject: [PATCH 128/165] tststs --- site-modules/controlm/manifests/controlm_agent/install.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/site-modules/controlm/manifests/controlm_agent/install.pp b/site-modules/controlm/manifests/controlm_agent/install.pp index 92549d3..5f0d6b9 100644 --- a/site-modules/controlm/manifests/controlm_agent/install.pp +++ b/site-modules/controlm/manifests/controlm_agent/install.pp @@ -6,7 +6,8 @@ class controlm::controlm_agent::install inherits controlm::controlm_agent { augeas { 'controlm': context => '/files/etc/services', changes => [ - "set service-name ctmagent" + "ins service-name after service-name[last()]", + "set service-name[last()] ctmagent" "set service-name [. = 'ctmagent']/port ${s2a_port} ", "set service-name [. = 'ctmagent']/protocol tcp ", # "set service-name[port = '${s2a_port}'][protocol = 'udp']/ #comment 'Henry123']", From 25f98cbfd97f0cdfb99dad8b9fdd5d3129aee2fd Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 14:00:19 +0800 Subject: [PATCH 129/165] sttt --- site-modules/controlm/manifests/controlm_agent/install.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/site-modules/controlm/manifests/controlm_agent/install.pp b/site-modules/controlm/manifests/controlm_agent/install.pp index 5f0d6b9..8683dc2 100644 --- a/site-modules/controlm/manifests/controlm_agent/install.pp +++ b/site-modules/controlm/manifests/controlm_agent/install.pp @@ -7,9 +7,9 @@ class controlm::controlm_agent::install inherits controlm::controlm_agent { context => '/files/etc/services', changes => [ "ins service-name after service-name[last()]", - "set service-name[last()] ctmagent" - "set service-name [. = 'ctmagent']/port ${s2a_port} ", - "set service-name [. = 'ctmagent']/protocol tcp ", + "set service-name[last()] ctmagent", + "set service-name[. = 'ctmagent']/port ${s2a_port}", + "set service-name[. = 'ctmagent']/protocol tcp", # "set service-name[port = '${s2a_port}'][protocol = 'udp']/ #comment 'Henry123']", # "set service-name[port = '${s2a_port}'][protocol = 'tcp'] ctmagent", # "set service-name[port = '${s2a_port}'][protocol = 'tcp']/ #comment 'Henry234']", From 1381f065c0892ce80dc5bd6a88945b73b87d4c8c Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 14:06:57 +0800 Subject: [PATCH 130/165] tst --- site-modules/controlm/manifests/controlm_agent/install.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site-modules/controlm/manifests/controlm_agent/install.pp b/site-modules/controlm/manifests/controlm_agent/install.pp index 8683dc2..03edbcc 100644 --- a/site-modules/controlm/manifests/controlm_agent/install.pp +++ b/site-modules/controlm/manifests/controlm_agent/install.pp @@ -7,8 +7,8 @@ class controlm::controlm_agent::install inherits controlm::controlm_agent { context => '/files/etc/services', changes => [ "ins service-name after service-name[last()]", - "set service-name[last()] ctmagent", - "set service-name[. = 'ctmagent']/port ${s2a_port}", + "set service-name[last()] 'ctmagent'", + "set service-name[. = 'ctmagent']/port 17005", "set service-name[. = 'ctmagent']/protocol tcp", # "set service-name[port = '${s2a_port}'][protocol = 'udp']/ #comment 'Henry123']", # "set service-name[port = '${s2a_port}'][protocol = 'tcp'] ctmagent", From 6899455e998c15b1c69fc831a26dcc575ca4a24a Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 14:12:25 +0800 Subject: [PATCH 131/165] sttst --- site-modules/controlm/manifests/controlm_agent/install.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-modules/controlm/manifests/controlm_agent/install.pp b/site-modules/controlm/manifests/controlm_agent/install.pp index 03edbcc..3f5c12c 100644 --- a/site-modules/controlm/manifests/controlm_agent/install.pp +++ b/site-modules/controlm/manifests/controlm_agent/install.pp @@ -4,7 +4,7 @@ class controlm::controlm_agent::install inherits controlm::controlm_agent { # set up /etc/services augeas { 'controlm': - context => '/files/etc/services', + incl => '/etc/services', changes => [ "ins service-name after service-name[last()]", "set service-name[last()] 'ctmagent'", From 332695e7501a00f2c3df463332ea56293954cbc3 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 14:14:19 +0800 Subject: [PATCH 132/165] sfsd --- site-modules/controlm/manifests/controlm_agent/install.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/site-modules/controlm/manifests/controlm_agent/install.pp b/site-modules/controlm/manifests/controlm_agent/install.pp index 3f5c12c..6ad1a72 100644 --- a/site-modules/controlm/manifests/controlm_agent/install.pp +++ b/site-modules/controlm/manifests/controlm_agent/install.pp @@ -5,6 +5,7 @@ class controlm::controlm_agent::install inherits controlm::controlm_agent { augeas { 'controlm': incl => '/etc/services', + lens => 'Services.lns', changes => [ "ins service-name after service-name[last()]", "set service-name[last()] 'ctmagent'", From fb165b92056a016e2335e68d81df6ad511359b59 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 14:17:18 +0800 Subject: [PATCH 133/165] sfdsfds --- site-modules/controlm/manifests/controlm_agent/install.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-modules/controlm/manifests/controlm_agent/install.pp b/site-modules/controlm/manifests/controlm_agent/install.pp index 6ad1a72..096dde9 100644 --- a/site-modules/controlm/manifests/controlm_agent/install.pp +++ b/site-modules/controlm/manifests/controlm_agent/install.pp @@ -4,7 +4,7 @@ class controlm::controlm_agent::install inherits controlm::controlm_agent { # set up /etc/services augeas { 'controlm': - incl => '/etc/services', + incl => '/etc/services', lens => 'Services.lns', changes => [ "ins service-name after service-name[last()]", From aea47071b03cd6308a0b77484916e21817fbc40b Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 14:33:54 +0800 Subject: [PATCH 134/165] tsts --- data/common.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/data/common.yaml b/data/common.yaml index 63da93f..78a581a 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -1,7 +1,7 @@ --- message: "This node is using common data" -controlm::controlm_agent::agent2server_port: 17005 -controlm::controlm_agent::server2agent_port: 17006 -controlm::controlm_agent::tracker_port: 17035 +controlm::controlm_agent::agent2server_port: 7005 +controlm::controlm_agent::server2agent_port: 7006 +controlm::controlm_agent::tracker_port: 7035 controlm::controlm_agent::server_host: ctmgnpappla013 controlm::controlm_agent::primary_server_host: ctmgnpappla013.optus.com.au From e8f310649e9999241e30fb604ad5bae5cfdef6d7 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 19 Dec 2019 14:35:43 +0800 Subject: [PATCH 135/165] tstst --- .../manifests/controlm_agent/install.pp | 29 ++++++++----------- 1 file changed, 12 insertions(+), 17 deletions(-) diff --git a/site-modules/controlm/manifests/controlm_agent/install.pp b/site-modules/controlm/manifests/controlm_agent/install.pp index 096dde9..4113706 100644 --- a/site-modules/controlm/manifests/controlm_agent/install.pp +++ b/site-modules/controlm/manifests/controlm_agent/install.pp @@ -3,24 +3,19 @@ class controlm::controlm_agent::install inherits controlm::controlm_agent { # set up /etc/services - augeas { 'controlm': - incl => '/etc/services', - lens => 'Services.lns', - changes => [ - "ins service-name after service-name[last()]", - "set service-name[last()] 'ctmagent'", - "set service-name[. = 'ctmagent']/port 17005", - "set service-name[. = 'ctmagent']/protocol tcp", - # "set service-name[port = '${s2a_port}'][protocol = 'udp']/ #comment 'Henry123']", - # "set service-name[port = '${s2a_port}'][protocol = 'tcp'] ctmagent", - # "set service-name[port = '${s2a_port}'][protocol = 'tcp']/ #comment 'Henry234']", - # "set service-name[port = '${a2s_port}'][protocol = 'udp'] ctmagent", - # "set service-name[port = '${a2s_port}'][protocol = 'udp']/ #comment 'Henry345'", - # "set service-name[port = '${a2s_port}'][protocol = 'tcp'] ctmagent", - # "set service-name[port = '${a2s_port}'][protocol = 'tcp']/ #comment 'Henry456'", +augeas { 'controlm': +context => '/files/etc/services', +changes => [ + "set service-name[port = '${s2a_port}'][protocol = 'udp'] ctmagent", + "set service-name[port = '${s2a_port}'][protocol = 'udp']/#comment 'Control-M server2agent'", + "set service-name[port = '${s2a_port}'][protocol = 'tcp'] ctmagent", + "set service-name[port = '${s2a_port}'][protocol = 'tcp']/#comment 'Control-M server2agent'", + "set service-name[port = '${a2s_port}'][protocol = 'udp'] ctmagent", + "set service-name[port = '${a2s_port}'][protocol = 'udp']/#comment 'Control-M agent2server'", + "set service-name[port = '${a2s_port}'][protocol = 'tcp'] ctmagent", + "set service-name[port = '${a2s_port}'][protocol = 'tcp']/#comment 'Control-M agent2server'", ], - } - +} # use shellscript and sudo as running the install direct as user ctmagent gives HOME errors plus we get errors in the log file # also does patches as can't get the patch script running after it for some reason From 56d5c7feba3a5f46cdd3e030be27b5fe853d993f Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 16 Jan 2020 14:57:32 +0800 Subject: [PATCH 136/165] ddd --- Puppetfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Puppetfile b/Puppetfile index e452ed0..8d46e15 100644 --- a/Puppetfile +++ b/Puppetfile @@ -39,3 +39,4 @@ mod 'puppetlabs-puppetserver_gem', '1.1.1' mod 'herculesteam/augeasproviders_core', '2.5.0' mod 'herculesteam/augeasproviders_mounttab', '2.0.2' mod 'herculesteam/augeasproviders_pam', '2.1.0' +mod 'puppetlabs-support_tasks', '1.1.0' From d5d3e5e6c132bb1b5fc927af230bc3aebe4fcec7 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 30 Jan 2020 17:45:31 +0800 Subject: [PATCH 137/165] sss --- site-modules/role/manifests/loadbalancer.pp | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/site-modules/role/manifests/loadbalancer.pp b/site-modules/role/manifests/loadbalancer.pp index 649b2c1..5e50051 100644 --- a/site-modules/role/manifests/loadbalancer.pp +++ b/site-modules/role/manifests/loadbalancer.pp @@ -7,9 +7,21 @@ class role::loadbalancer ( Optional[String] $backendserver_name2 = '', Optional[String] $backendserver_ipaddress1 = undef, Optional[String] $backendserver_ipaddress2 = undef, + Optional[String] $connetc_timeout = '60s', ) { include ::haproxy + haproxy { 'default_timeout' : + default_options => { + 'timeout' => [ + 'http-request 60s', + 'queue 1m', + 'connect 60s', + 'client 1m', + 'server 1m', + 'check 60s', + }, + } haproxy::listen { $rule1 : collect_exported => false, ipaddress => $::ipaddress, From 5ac3a8bf1eeb0db86dd90f5f0697a0ad8af4cce2 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 30 Jan 2020 17:50:34 +0800 Subject: [PATCH 138/165] sfs --- site-modules/role/manifests/loadbalancer.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/site-modules/role/manifests/loadbalancer.pp b/site-modules/role/manifests/loadbalancer.pp index 5e50051..33e43d1 100644 --- a/site-modules/role/manifests/loadbalancer.pp +++ b/site-modules/role/manifests/loadbalancer.pp @@ -20,6 +20,7 @@ class role::loadbalancer ( 'client 1m', 'server 1m', 'check 60s', + ], }, } haproxy::listen { $rule1 : From 0f6376efbc8cda8adf2589291a849f483da768da Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 30 Jan 2020 18:00:00 +0800 Subject: [PATCH 139/165] sfsdf --- site-modules/role/manifests/loadbalancer.pp | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/site-modules/role/manifests/loadbalancer.pp b/site-modules/role/manifests/loadbalancer.pp index 33e43d1..d2a93b7 100644 --- a/site-modules/role/manifests/loadbalancer.pp +++ b/site-modules/role/manifests/loadbalancer.pp @@ -11,18 +11,6 @@ class role::loadbalancer ( ) { include ::haproxy - haproxy { 'default_timeout' : - default_options => { - 'timeout' => [ - 'http-request 60s', - 'queue 1m', - 'connect 60s', - 'client 1m', - 'server 1m', - 'check 60s', - ], - }, - } haproxy::listen { $rule1 : collect_exported => false, ipaddress => $::ipaddress, From b28c0773f66149742ccd347412112217c8aa0ef5 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 30 Jan 2020 19:13:51 +0800 Subject: [PATCH 140/165] ss --- site-modules/role/manifests/loadbalancer.pp | 31 +++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/site-modules/role/manifests/loadbalancer.pp b/site-modules/role/manifests/loadbalancer.pp index d2a93b7..0c213de 100644 --- a/site-modules/role/manifests/loadbalancer.pp +++ b/site-modules/role/manifests/loadbalancer.pp @@ -10,7 +10,38 @@ class role::loadbalancer ( Optional[String] $connetc_timeout = '60s', ) { + class { 'haproxy': + global_options => { + 'log' => "${::ipaddress} local0", + 'chroot' => '/var/lib/haproxy', + 'pidfile' => '/var/run/haproxy.pid', + 'maxconn' => '4000', + 'user' => 'haproxy', + 'group' => 'haproxy', + 'daemon' => '', + 'stats' => 'socket /var/lib/haproxy/stats', + }, + defaults_options => { + 'log' => 'global', + 'stats' => 'enable', + 'option' => [ + 'redispatch', + ], + 'retries' => '3', + 'timeout' => [ + 'http-request 10s', + 'queue 1m', + 'connect 1m', + 'client 1m', + 'server 1m', + 'check 1m', + ], + 'maxconn' => '8000', + }, + } + include ::haproxy + haproxy::listen { $rule1 : collect_exported => false, ipaddress => $::ipaddress, From 38a6bb05b959e46d765681462971444d0d420c8b Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 30 Jan 2020 19:14:30 +0800 Subject: [PATCH 141/165] d --- site-modules/role/manifests/loadbalancer.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/site-modules/role/manifests/loadbalancer.pp b/site-modules/role/manifests/loadbalancer.pp index 0c213de..23bbf32 100644 --- a/site-modules/role/manifests/loadbalancer.pp +++ b/site-modules/role/manifests/loadbalancer.pp @@ -11,6 +11,7 @@ class role::loadbalancer ( ) { class { 'haproxy': + merge_options => true, global_options => { 'log' => "${::ipaddress} local0", 'chroot' => '/var/lib/haproxy', From d3729335466b8103288b535067db03a6c2f0aa15 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 30 Jan 2020 20:10:48 +0800 Subject: [PATCH 142/165] ssss --- site-modules/role/manifests/loadbalancer.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/site-modules/role/manifests/loadbalancer.pp b/site-modules/role/manifests/loadbalancer.pp index 23bbf32..200c38c 100644 --- a/site-modules/role/manifests/loadbalancer.pp +++ b/site-modules/role/manifests/loadbalancer.pp @@ -32,9 +32,9 @@ class role::loadbalancer ( 'timeout' => [ 'http-request 10s', 'queue 1m', - 'connect 1m', - 'client 1m', - 'server 1m', + 'connect 0ms', + 'client 0ms', + 'server 0ms', 'check 1m', ], 'maxconn' => '8000', From 667945a1433c5701746651fc4ebdad4771965efa Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 30 Jan 2020 20:23:04 +0800 Subject: [PATCH 143/165] sss --- site-modules/role/manifests/loadbalancer.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/site-modules/role/manifests/loadbalancer.pp b/site-modules/role/manifests/loadbalancer.pp index 200c38c..86dbd2b 100644 --- a/site-modules/role/manifests/loadbalancer.pp +++ b/site-modules/role/manifests/loadbalancer.pp @@ -32,9 +32,9 @@ class role::loadbalancer ( 'timeout' => [ 'http-request 10s', 'queue 1m', - 'connect 0ms', - 'client 0ms', - 'server 0ms', + 'connect 300s', + 'client 600s', + 'server 600s', 'check 1m', ], 'maxconn' => '8000', From efc3fd09b60a7879c41990e55e136083a5a5707a Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 3 Feb 2020 12:00:05 +0800 Subject: [PATCH 144/165] add sqlserver module --- Puppetfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Puppetfile b/Puppetfile index 8d46e15..2e7928a 100644 --- a/Puppetfile +++ b/Puppetfile @@ -40,3 +40,4 @@ mod 'herculesteam/augeasproviders_core', '2.5.0' mod 'herculesteam/augeasproviders_mounttab', '2.0.2' mod 'herculesteam/augeasproviders_pam', '2.1.0' mod 'puppetlabs-support_tasks', '1.1.0' +mod 'puppetlabs-sqlserver', '2.6.2' From e38368f59999e65b0927f96903e013f81775c643 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 3 Feb 2020 12:13:14 +0800 Subject: [PATCH 145/165] add new class --- .../sqlserver/manifests/win_sqlserver.pp | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 site-modules/sqlserver/manifests/win_sqlserver.pp diff --git a/site-modules/sqlserver/manifests/win_sqlserver.pp b/site-modules/sqlserver/manifests/win_sqlserver.pp new file mode 100644 index 0000000..ec9f24b --- /dev/null +++ b/site-modules/sqlserver/manifests/win_sqlserver.pp @@ -0,0 +1,23 @@ +class sqlserver::win_sqlserver { + sqlserver_instance{ 'MSSQLSERVER': + source => 'C:/', + features => ['SQL'], + security_mode => 'SQL', + sa_pwd => 'p@ssw0rd!!', + sql_sysadmin_accounts => ['administrator'], + install_switches => { + 'TCPENABLED' => 1, + 'SQLBACKUPDIR' => 'C:\\MSSQLSERVER\\backupdir', + 'SQLTEMPDBDIR' => 'C:\\MSSQLSERVER\\tempdbdir', + 'INSTALLSQLDATADIR' => 'C:\\MSSQLSERVER\\datadir', + 'INSTANCEDIR' => 'C:\\Program Files\\Microsoft SQL Server', + 'INSTALLSHAREDDIR' => 'C:\\Program Files\\Microsoft SQL Server', + 'INSTALLSHAREDWOWDIR' => 'C:\\Program Files (x86)\\Microsoft SQL Server', + } +} + + + + + +} From bc3e6df176dd7909560353a4a30617915476849b Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 3 Feb 2020 12:25:00 +0800 Subject: [PATCH 146/165] ststs --- site-modules/sqlserver/manifests/win_sqlserver.pp | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/site-modules/sqlserver/manifests/win_sqlserver.pp b/site-modules/sqlserver/manifests/win_sqlserver.pp index ec9f24b..f5f63de 100644 --- a/site-modules/sqlserver/manifests/win_sqlserver.pp +++ b/site-modules/sqlserver/manifests/win_sqlserver.pp @@ -1,4 +1,5 @@ -class sqlserver::win_sqlserver { +class sqlserver::win_sqlserver + include sqlserver sqlserver_instance{ 'MSSQLSERVER': source => 'C:/', features => ['SQL'], @@ -16,8 +17,4 @@ class sqlserver::win_sqlserver { } } - - - - } From bb2870c302468633ef3fae0c13290d0e3f1f7320 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 3 Feb 2020 12:26:19 +0800 Subject: [PATCH 147/165] ss --- site-modules/sqlserver/manifests/win_sqlserver.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-modules/sqlserver/manifests/win_sqlserver.pp b/site-modules/sqlserver/manifests/win_sqlserver.pp index f5f63de..4134c44 100644 --- a/site-modules/sqlserver/manifests/win_sqlserver.pp +++ b/site-modules/sqlserver/manifests/win_sqlserver.pp @@ -1,4 +1,4 @@ -class sqlserver::win_sqlserver +class sqlserver::win_sqlserver { include sqlserver sqlserver_instance{ 'MSSQLSERVER': source => 'C:/', From 90d5751fb4fbb4730b2a38c1cae4ddbea3d31b1d Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 3 Feb 2020 12:27:27 +0800 Subject: [PATCH 148/165] sss --- site-modules/sqlserver/manifests/win_sqlserver.pp | 1 - 1 file changed, 1 deletion(-) diff --git a/site-modules/sqlserver/manifests/win_sqlserver.pp b/site-modules/sqlserver/manifests/win_sqlserver.pp index 4134c44..47e9b75 100644 --- a/site-modules/sqlserver/manifests/win_sqlserver.pp +++ b/site-modules/sqlserver/manifests/win_sqlserver.pp @@ -1,5 +1,4 @@ class sqlserver::win_sqlserver { - include sqlserver sqlserver_instance{ 'MSSQLSERVER': source => 'C:/', features => ['SQL'], From 99bd0521315e2bfc99e74f95723b65866de6024d Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 3 Feb 2020 12:39:09 +0800 Subject: [PATCH 149/165] dd --- site-modules/sqlserver/manifests/win_sqlserver.pp | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/site-modules/sqlserver/manifests/win_sqlserver.pp b/site-modules/sqlserver/manifests/win_sqlserver.pp index 47e9b75..aa5f2bc 100644 --- a/site-modules/sqlserver/manifests/win_sqlserver.pp +++ b/site-modules/sqlserver/manifests/win_sqlserver.pp @@ -1,5 +1,6 @@ class sqlserver::win_sqlserver { - sqlserver_instance{ 'MSSQLSERVER': + + ::sqlserver_instance{ 'MSSQLSERVER': source => 'C:/', features => ['SQL'], security_mode => 'SQL', @@ -16,4 +17,10 @@ class sqlserver::win_sqlserver { } } + ::sqlserver::sp_configure{'Turn On Advanced': + config_name => 'show advanced option', + value => 1, + reconfigure => true, + } + } From fbe1ab709983215768d2b6f04e10f2e3e096d2d5 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 3 Feb 2020 12:46:05 +0800 Subject: [PATCH 150/165] ffff --- .../manifests/win_sqlserver.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) rename site-modules/{sqlserver => sqlserverhenry}/manifests/win_sqlserver.pp (86%) diff --git a/site-modules/sqlserver/manifests/win_sqlserver.pp b/site-modules/sqlserverhenry/manifests/win_sqlserver.pp similarity index 86% rename from site-modules/sqlserver/manifests/win_sqlserver.pp rename to site-modules/sqlserverhenry/manifests/win_sqlserver.pp index aa5f2bc..75b9b17 100644 --- a/site-modules/sqlserver/manifests/win_sqlserver.pp +++ b/site-modules/sqlserverhenry/manifests/win_sqlserver.pp @@ -1,6 +1,6 @@ -class sqlserver::win_sqlserver { +class sqlserverhenry::win_sqlserver { - ::sqlserver_instance{ 'MSSQLSERVER': + sqlserver_instance{ 'MSSQLSERVER': source => 'C:/', features => ['SQL'], security_mode => 'SQL', @@ -17,7 +17,7 @@ class sqlserver::win_sqlserver { } } - ::sqlserver::sp_configure{'Turn On Advanced': + sqlserver::sp_configure{'Turn On Advanced': config_name => 'show advanced option', value => 1, reconfigure => true, From aa4fbfb0071aa866635542aeec6631b1f6653b8a Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 3 Feb 2020 12:49:55 +0800 Subject: [PATCH 151/165] ss --- .../sqlserverhenry/manifests/win_sqlserver.pp | 21 +++++-------------- 1 file changed, 5 insertions(+), 16 deletions(-) diff --git a/site-modules/sqlserverhenry/manifests/win_sqlserver.pp b/site-modules/sqlserverhenry/manifests/win_sqlserver.pp index 75b9b17..264b007 100644 --- a/site-modules/sqlserverhenry/manifests/win_sqlserver.pp +++ b/site-modules/sqlserverhenry/manifests/win_sqlserver.pp @@ -1,21 +1,10 @@ class sqlserverhenry::win_sqlserver { - sqlserver_instance{ 'MSSQLSERVER': - source => 'C:/', - features => ['SQL'], - security_mode => 'SQL', - sa_pwd => 'p@ssw0rd!!', - sql_sysadmin_accounts => ['administrator'], - install_switches => { - 'TCPENABLED' => 1, - 'SQLBACKUPDIR' => 'C:\\MSSQLSERVER\\backupdir', - 'SQLTEMPDBDIR' => 'C:\\MSSQLSERVER\\tempdbdir', - 'INSTALLSQLDATADIR' => 'C:\\MSSQLSERVER\\datadir', - 'INSTANCEDIR' => 'C:\\Program Files\\Microsoft SQL Server', - 'INSTALLSHAREDDIR' => 'C:\\Program Files\\Microsoft SQL Server', - 'INSTALLSHAREDWOWDIR' => 'C:\\Program Files (x86)\\Microsoft SQL Server', - } -} + sqlserver_instance{ 'MSSQLSERVER': + features => ['SQL'], + source => 'E:/', + sql_sysadmin_accounts => ['myuser'], + } sqlserver::sp_configure{'Turn On Advanced': config_name => 'show advanced option', From 38a031a77a8ce5c19f530cfb1c16363273e6494c Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 3 Feb 2020 12:52:08 +0800 Subject: [PATCH 152/165] tsts --- site-modules/sqlserverhenry/manifests/win_sqlserver.pp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/site-modules/sqlserverhenry/manifests/win_sqlserver.pp b/site-modules/sqlserverhenry/manifests/win_sqlserver.pp index 264b007..03e677f 100644 --- a/site-modules/sqlserverhenry/manifests/win_sqlserver.pp +++ b/site-modules/sqlserverhenry/manifests/win_sqlserver.pp @@ -6,6 +6,11 @@ class sqlserverhenry::win_sqlserver { sql_sysadmin_accounts => ['myuser'], } + sqlserver::config { 'MSSQLSERVER': + admin_login_type => 'WINDOWS_LOGIN' + } + + sqlserver::sp_configure{'Turn On Advanced': config_name => 'show advanced option', value => 1, From 694b9f85e4be21a788c67219904398420e9f0cdf Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 3 Feb 2020 12:53:59 +0800 Subject: [PATCH 153/165] sfsdf --- .../sqlserverhenry/manifests/win_sqlserver.pp | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/site-modules/sqlserverhenry/manifests/win_sqlserver.pp b/site-modules/sqlserverhenry/manifests/win_sqlserver.pp index 03e677f..292fd79 100644 --- a/site-modules/sqlserverhenry/manifests/win_sqlserver.pp +++ b/site-modules/sqlserverhenry/manifests/win_sqlserver.pp @@ -1,20 +1,20 @@ class sqlserverhenry::win_sqlserver { sqlserver_instance{ 'MSSQLSERVER': - features => ['SQL'], - source => 'E:/', - sql_sysadmin_accounts => ['myuser'], - } - - sqlserver::config { 'MSSQLSERVER': - admin_login_type => 'WINDOWS_LOGIN' - } - - - sqlserver::sp_configure{'Turn On Advanced': - config_name => 'show advanced option', - value => 1, - reconfigure => true, + source => 'E:/', + features => ['SQL'], + security_mode => 'SQL', + sa_pwd => 'p@ssw0rd!!', + sql_sysadmin_accounts => ['myuser'], + install_switches => { + 'TCPENABLED' => 1, + 'SQLBACKUPDIR' => 'C:\\MSSQLSERVER\\backupdir', + 'SQLTEMPDBDIR' => 'C:\\MSSQLSERVER\\tempdbdir', + 'INSTALLSQLDATADIR' => 'C:\\MSSQLSERVER\\datadir', + 'INSTANCEDIR' => 'C:\\Program Files\\Microsoft SQL Server', + 'INSTALLSHAREDDIR' => 'C:\\Program Files\\Microsoft SQL Server', + 'INSTALLSHAREDWOWDIR' => 'C:\\Program Files (x86)\\Microsoft SQL Server', } +} } From 872951144c87af88bebe98346353ccbd3a617407 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 3 Feb 2020 12:56:10 +0800 Subject: [PATCH 154/165] sfdsf --- site-modules/sqlserverhenry/manifests/win_sqlserver.pp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/site-modules/sqlserverhenry/manifests/win_sqlserver.pp b/site-modules/sqlserverhenry/manifests/win_sqlserver.pp index 292fd79..6a37baa 100644 --- a/site-modules/sqlserverhenry/manifests/win_sqlserver.pp +++ b/site-modules/sqlserverhenry/manifests/win_sqlserver.pp @@ -1,7 +1,6 @@ class sqlserverhenry::win_sqlserver { - sqlserver_instance{ 'MSSQLSERVER': - source => 'E:/', + source => 'C:/', features => ['SQL'], security_mode => 'SQL', sa_pwd => 'p@ssw0rd!!', From 0d8393f906a774fe3447f0b54b2614932f77a178 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 3 Feb 2020 13:02:45 +0800 Subject: [PATCH 155/165] sfsd --- .../sqlserverhenry/manifests/win_sqlserver.pp | 17 +++-------------- 1 file changed, 3 insertions(+), 14 deletions(-) diff --git a/site-modules/sqlserverhenry/manifests/win_sqlserver.pp b/site-modules/sqlserverhenry/manifests/win_sqlserver.pp index 6a37baa..0bf24c6 100644 --- a/site-modules/sqlserverhenry/manifests/win_sqlserver.pp +++ b/site-modules/sqlserverhenry/manifests/win_sqlserver.pp @@ -1,19 +1,8 @@ class sqlserverhenry::win_sqlserver { sqlserver_instance{ 'MSSQLSERVER': - source => 'C:/', - features => ['SQL'], - security_mode => 'SQL', - sa_pwd => 'p@ssw0rd!!', - sql_sysadmin_accounts => ['myuser'], - install_switches => { - 'TCPENABLED' => 1, - 'SQLBACKUPDIR' => 'C:\\MSSQLSERVER\\backupdir', - 'SQLTEMPDBDIR' => 'C:\\MSSQLSERVER\\tempdbdir', - 'INSTALLSQLDATADIR' => 'C:\\MSSQLSERVER\\datadir', - 'INSTANCEDIR' => 'C:\\Program Files\\Microsoft SQL Server', - 'INSTALLSHAREDDIR' => 'C:\\Program Files\\Microsoft SQL Server', - 'INSTALLSHAREDWOWDIR' => 'C:\\Program Files (x86)\\Microsoft SQL Server', + features => ['SQL'], + source => 'C:/SQLEXPR_x64_ENU.exe', + sql_sysadmin_accounts => ['myuser'], } -} } From 0759e57bff7844bc3c24a44d2e6e3a8ce9b256cd Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 3 Feb 2020 13:05:39 +0800 Subject: [PATCH 156/165] sfdsf --- site-modules/sqlserverhenry/manifests/win_sqlserver.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-modules/sqlserverhenry/manifests/win_sqlserver.pp b/site-modules/sqlserverhenry/manifests/win_sqlserver.pp index 0bf24c6..451c935 100644 --- a/site-modules/sqlserverhenry/manifests/win_sqlserver.pp +++ b/site-modules/sqlserverhenry/manifests/win_sqlserver.pp @@ -1,7 +1,7 @@ class sqlserverhenry::win_sqlserver { sqlserver_instance{ 'MSSQLSERVER': features => ['SQL'], - source => 'C:/SQLEXPR_x64_ENU.exe', + source => 'C:\\SQLEXPR_x64_ENU', sql_sysadmin_accounts => ['myuser'], } From bbf15cc2f32ef9f5853e80e115bd8837d71702f4 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 3 Feb 2020 13:07:28 +0800 Subject: [PATCH 157/165] tstst --- site-modules/sqlserverhenry/manifests/win_sqlserver.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-modules/sqlserverhenry/manifests/win_sqlserver.pp b/site-modules/sqlserverhenry/manifests/win_sqlserver.pp index 451c935..554a0f2 100644 --- a/site-modules/sqlserverhenry/manifests/win_sqlserver.pp +++ b/site-modules/sqlserverhenry/manifests/win_sqlserver.pp @@ -2,7 +2,7 @@ class sqlserverhenry::win_sqlserver { sqlserver_instance{ 'MSSQLSERVER': features => ['SQL'], source => 'C:\\SQLEXPR_x64_ENU', - sql_sysadmin_accounts => ['myuser'], + sql_sysadmin_accounts => ['administrator'], } } From a83b490d8b4c32df8ee3b975d2dd1aa0d52827d2 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Tue, 24 Mar 2020 15:26:50 +0800 Subject: [PATCH 158/165] push --- site-modules/role/manifests/example.pp | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/site-modules/role/manifests/example.pp b/site-modules/role/manifests/example.pp index bbee636..d5e74a0 100644 --- a/site-modules/role/manifests/example.pp +++ b/site-modules/role/manifests/example.pp @@ -1,14 +1,10 @@ class role::example { - group { 'testgroup' : - name => "testgroup1112345", - ensure => present, - } - - - user { 'testuser1' : - name => "testuser111", - ensure => present, - } + package { 'hiera-eyaml-server': + ensure => installed, + name => 'hiera-eyaml', + provider => 'puppetserver_gem', +# require => File['gemrc'], +} } From a41d947878d1529804ecdd6b6119cf67afe512b0 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Thu, 2 Apr 2020 11:11:02 +0800 Subject: [PATCH 159/165] add dashboard 2.2.0 --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index 2e7928a..300ddf1 100644 --- a/Puppetfile +++ b/Puppetfile @@ -34,7 +34,7 @@ mod 'puppetlabs-satellite_pe_tools', '2.0.0' mod 'puppetlabs-puppet_metrics_collector', '5.2.0' mod 'puppet-grafana', '6.1.0' mod 'puppet-telegraf', '2.1.0' -mod 'puppetlabs-puppet_metrics_dashboard', '2.0.1' +mod 'puppetlabs-puppet_metrics_dashboard', '2.2.0' mod 'puppetlabs-puppetserver_gem', '1.1.1' mod 'herculesteam/augeasproviders_core', '2.5.0' mod 'herculesteam/augeasproviders_mounttab', '2.0.2' From 73005f3953099d3b862b8a0695990ad1ca63886c Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Mon, 6 Apr 2020 13:11:51 +0800 Subject: [PATCH 160/165] abc --- .gitignore | 1 + Gemfile | 8 ++ Gemfile.lock | 133 ++++++++++++++++++ Puppetfile | 3 - Rakefile | 1 + .../manifests/controlm_agent/install.pp | 18 +-- site-modules/role/manifests/windowsnode.pp | 1 + spec/factsets/README.md | 7 + spec/onceover.yaml | 78 ++++++++++ spec/pre_conditions/README.md | 24 ++++ 10 files changed, 262 insertions(+), 12 deletions(-) create mode 100644 Gemfile create mode 100644 Gemfile.lock create mode 100644 Rakefile create mode 100644 spec/factsets/README.md create mode 100644 spec/onceover.yaml create mode 100644 spec/pre_conditions/README.md diff --git a/.gitignore b/.gitignore index 52146d6..39781c2 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ modules/ +.onceover diff --git a/Gemfile b/Gemfile new file mode 100644 index 0000000..df9f1c7 --- /dev/null +++ b/Gemfile @@ -0,0 +1,8 @@ +# frozen_string_literal: true + +source "https://rubygems.org" + +git_source(:github) {|repo_name| "https://github.com/#{repo_name}" } + +# gem "rails" +gem "onceover" diff --git a/Gemfile.lock b/Gemfile.lock new file mode 100644 index 0000000..973766e --- /dev/null +++ b/Gemfile.lock @@ -0,0 +1,133 @@ +GEM + remote: https://rubygems.org/ + specs: + backticks (1.0.2) + blockenspiel (0.5.0) + colored (1.2) + colored2 (3.1.2) + concurrent-ruby (1.1.6) + cri (2.15.10) + deep_merge (1.2.1) + diff-lcs (1.3) + facter (2.5.7) + faraday (0.17.3) + multipart-post (>= 1.2, < 3) + faraday_middleware (0.14.0) + faraday (>= 0.7.4, < 1.0) + fast_gettext (1.1.2) + gettext (3.2.9) + locale (>= 2.0.5) + text (>= 1.3.0) + gettext-setup (0.34) + fast_gettext (~> 1.1.0) + gettext (>= 3.0.2, < 3.3.0) + locale + git (1.6.0) + rchardet (~> 1.8) + hiera (3.6.0) + hocon (1.3.0) + httpclient (2.8.3) + little-plugger (1.1.4) + locale (2.1.3) + log4r (1.1.10) + logging (2.2.2) + little-plugger (~> 1.1) + multi_json (~> 1.10) + minitar (0.9) + mocha (1.11.2) + multi_json (1.14.1) + multipart-post (2.1.1) + onceover (3.15.2) + backticks (>= 1.0.2) + colored (~> 1.2) + cri (>= 2.6) + deep_merge (>= 1.0.0) + facter (< 4.0.0) + git + logging (>= 2.0.0) + multi_json (~> 1.10) + parallel_tests (>= 2.0.0) + puppet (>= 3.4.0) + puppetlabs_spec_helper (>= 0.4.0) + r10k (>= 2.1.0) + rake (>= 10.0.0) + rspec (>= 3.0.0) + rspec-puppet (>= 2.4.0) + rspec_junit_formatter (>= 0.2.0) + table_print (>= 1.0.0) + versionomy (>= 0.5.0) + parallel (1.19.1) + parallel_tests (2.32.0) + parallel + pathspec (0.2.1) + puppet (6.14.0) + concurrent-ruby (~> 1.0) + deep_merge (~> 1.0) + facter (> 2.0.1, < 5) + fast_gettext (~> 1.1) + hiera (>= 3.2.1, < 4) + httpclient (~> 2.8) + locale (~> 2.1) + multi_json (~> 1.10) + puppet-resource_api (~> 1.5) + semantic_puppet (~> 1.0) + puppet-lint (2.4.2) + puppet-resource_api (1.8.12) + hocon (>= 1.0) + puppet-syntax (2.6.1) + puppet (>= 5) + rake + puppet_forge (2.3.4) + faraday (>= 0.9.0, < 0.18.0, != 0.13.1) + faraday_middleware (>= 0.9.0, < 0.15.0) + gettext-setup (~> 0.11) + minitar + semantic_puppet (~> 1.0) + puppetlabs_spec_helper (2.14.1) + mocha (~> 1.0) + pathspec (~> 0.2.1) + puppet-lint (~> 2.0) + puppet-syntax (~> 2.0) + rspec-puppet (~> 2.0) + r10k (3.4.1) + colored2 (= 3.1.2) + cri (>= 2.15.10, < 3.0.0) + fast_gettext (~> 1.1.0) + gettext (>= 3.0.2, < 3.3.0) + gettext-setup (~> 0.24) + log4r (= 1.1.10) + multi_json (~> 1.10) + puppet_forge (~> 2.3.0) + rake (13.0.1) + rchardet (1.8.0) + rspec (3.9.0) + rspec-core (~> 3.9.0) + rspec-expectations (~> 3.9.0) + rspec-mocks (~> 3.9.0) + rspec-core (3.9.1) + rspec-support (~> 3.9.1) + rspec-expectations (3.9.1) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.9.0) + rspec-mocks (3.9.1) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.9.0) + rspec-puppet (2.7.8) + rspec + rspec-support (3.9.2) + rspec_junit_formatter (0.4.1) + rspec-core (>= 2, < 4, != 2.12.0) + semantic_puppet (1.0.2) + table_print (1.5.6) + text (1.3.1) + versionomy (0.5.0) + blockenspiel (~> 0.5) + +PLATFORMS + ruby + +DEPENDENCIES + onceover + +BUNDLED WITH + 2.1.4 diff --git a/Puppetfile b/Puppetfile index 300ddf1..bb3ad3d 100644 --- a/Puppetfile +++ b/Puppetfile @@ -26,9 +26,6 @@ mod 'puppetlabs/apt','7.1.0' mod 'puppetlabs/facts','0.6.0' mod 'puppetlabs/inifile','2.4.0' mod 'danieldreier-autosign','0.2.0' -mod 'tkishel-unlock_puppet', - :git => 'ssh://git@github.com/tkishel/unlock_puppet.git', - :branch => 'master' mod 'puppetlabs-firewall', '2.0.0' mod 'puppetlabs-satellite_pe_tools', '2.0.0' mod 'puppetlabs-puppet_metrics_collector', '5.2.0' diff --git a/Rakefile b/Rakefile new file mode 100644 index 0000000..d0372d4 --- /dev/null +++ b/Rakefile @@ -0,0 +1 @@ +require 'onceover/rake_tasks' diff --git a/site-modules/controlm/manifests/controlm_agent/install.pp b/site-modules/controlm/manifests/controlm_agent/install.pp index 4113706..bf954ca 100644 --- a/site-modules/controlm/manifests/controlm_agent/install.pp +++ b/site-modules/controlm/manifests/controlm_agent/install.pp @@ -6,15 +6,15 @@ class controlm::controlm_agent::install inherits controlm::controlm_agent { augeas { 'controlm': context => '/files/etc/services', changes => [ - "set service-name[port = '${s2a_port}'][protocol = 'udp'] ctmagent", - "set service-name[port = '${s2a_port}'][protocol = 'udp']/#comment 'Control-M server2agent'", - "set service-name[port = '${s2a_port}'][protocol = 'tcp'] ctmagent", - "set service-name[port = '${s2a_port}'][protocol = 'tcp']/#comment 'Control-M server2agent'", - "set service-name[port = '${a2s_port}'][protocol = 'udp'] ctmagent", - "set service-name[port = '${a2s_port}'][protocol = 'udp']/#comment 'Control-M agent2server'", - "set service-name[port = '${a2s_port}'][protocol = 'tcp'] ctmagent", - "set service-name[port = '${a2s_port}'][protocol = 'tcp']/#comment 'Control-M agent2server'", - ], + "set service-name[port = '${s2a_port}'][protocol = 'udp'] ctmagent", + "set service-name[port = '${s2a_port}'][protocol = 'udp']/#comment 'Control-M server2agent'", + "set service-name[port = '${s2a_port}'][protocol = 'tcp'] ctmagent", + "set service-name[port = '${s2a_port}'][protocol = 'tcp']/#comment 'Control-M server2agent'", + "set service-name[port = '${a2s_port}'][protocol = 'udp'] ctmagent", + "set service-name[port = '${a2s_port}'][protocol = 'udp']/#comment 'Control-M agent2server'", + "set service-name[port = '${a2s_port}'][protocol = 'tcp'] ctmagent", + "set service-name[port = '${a2s_port}'][protocol = 'tcp']/#comment 'Control-M agent2server'", + ], } # use shellscript and sudo as running the install direct as user ctmagent gives HOME errors plus we get errors in the log file diff --git a/site-modules/role/manifests/windowsnode.pp b/site-modules/role/manifests/windowsnode.pp index 5ea55b7..427152f 100644 --- a/site-modules/role/manifests/windowsnode.pp +++ b/site-modules/role/manifests/windowsnode.pp @@ -10,6 +10,7 @@ class role::windowsnode { name => 'testuser111', ensure => present, groups => 'testgroup111', +# require => Group['testgroup'], } ### diff --git a/spec/factsets/README.md b/spec/factsets/README.md new file mode 100644 index 0000000..dd72566 --- /dev/null +++ b/spec/factsets/README.md @@ -0,0 +1,7 @@ +# Factsets + +This directory is where we put any custom factsets that we want to use. They can be generated by running `puppet facts` on the target system. + +**Hot tip:** If you already have factsets in here when you run `onceover init` they will be picked up and added to the config file Automatically + +More info: https://github.com/dylanratcliffe/onceover#factsets diff --git a/spec/onceover.yaml b/spec/onceover.yaml new file mode 100644 index 0000000..d574efa --- /dev/null +++ b/spec/onceover.yaml @@ -0,0 +1,78 @@ +# Classes to be tested +classes: + - role::database_server + - role::windowsnode + - role::webserver + - role::goldload_server + - role::loadbalancer + - role::example + - role::callaugeas + +# Nodes to tests classes on, this refers to a 'factset' or 'nodeset' +# depending on whether you are running 'spec' or 'acceptance' tests +nodes: +# - AIX-7.1-powerpc + - SLES-12.1-64 + - Debian-6.0.10-32 + - CentOS-6.6-64 + - Ubuntu-12.04-32 + - Amazon-2018.03 + - Ubuntu-12.04-64 + - CentOS-6.6-32 + - Debian-6.0.10-64 +# - AIX-6.1-powerpc + - Windows_Server-2012r2-64 + - RHEL-7.4 + - Debian-7.8-32 + - windows-10-64 + - Windows_Server-2008r2-64 + - SLES-11.3-64 +# - Debian-7.8-64 + - solaris-10_u9-sparc-64 + - solaris-11.2-sparc-64 + - Ubuntu-14.04-32 + - CentOS-5.11-64 + - CentOS-5.11-32 + - RHEL-6.7 + - CentOS-7.0-64 + - Ubuntu-14.04-64 + +# You can group classes here to save typing +class_groups: + special_classes: + - 'role::callaugeas' + - 'role::loadbalancer' + + general_classes: + include: 'all_classes' + exclude: 'special_classes' + non_windows_classes: + include: 'all_classes' + exclude: 'role::callaugeas' + +# You can group nodes here to save typing +# We have created a 'non_windows_nodes' group because we can't +# give you Windows vagrant boxes to test with because licensing, +# we can give you fact sets though so go crazy with spec testing! +node_groups: + windows_nodes: + - Windows_Server-2012r2-64 + - windows-10-64 + - Windows_Server-2008r2-64 + non_windows_nodes: + include: 'all_nodes' + exclude: 'windows_nodes' + test_callaugeas_nodes: + - RHEL-7.4 + - RHEL-6.7 +test_matrix: + - all_nodes: + classes: 'general_classes' + tests: 'spec' + - non_windows_nodes: + classes: 'non_windows_classes' + tests: 'spec' + - test_callaugeas_nodes: + classes: 'role::callaugeas' + tests: 'spec' + diff --git a/spec/pre_conditions/README.md b/spec/pre_conditions/README.md new file mode 100644 index 0000000..f0a81bf --- /dev/null +++ b/spec/pre_conditions/README.md @@ -0,0 +1,24 @@ +# Pre Conditions + +This folder should contain any \*.pp files that you want to be included in every test. + +A common use of this is defining resources that may not exist in the catalog when you are running tests. For example, if we are using a resource that tries to restart the `pe-puppetserver` service, unless it is compiled on a Puppet Maser the `pe-puppetserver` service will not exist and the catalog will fail to compile. To get around this we can create a .pp file and define the resource like so: + +``` puppet +# We are not going to actually have this service anywhere on our servers but +# our code needs to refresh it. This is to trick puppet into doing nothing +service { 'pe-puppetserver': + ensure => 'running', + enable => false, + hasrestart => false, # Force Puppet to use start and stop to restart + start => 'echo "Start"', # This will always exit 0 + stop => 'echo "Stop"', # This will also always exit 0 + hasstatus => false, # Force puppet to use our command for status + status => 'echo "Status"', # This will always exit 0 and therefore Puppet will think the service is running + provider => 'base', +} +``` + +This will mean that the `pe-puppetserver` service is in the catalog for spec testing and will even allow you to try to restart it during acceptance tests without the service actually being present. + +More info: https://github.com/dylanratcliffe/onceover#using-workarounds From 4a055b9fde7dce4ee00849b27461ebd6e559f25e Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Fri, 10 Apr 2020 16:15:13 +0800 Subject: [PATCH 161/165] recover --- spec/factsets/README.md | 7 ---- spec/onceover.yaml | 78 ----------------------------------- spec/pre_conditions/README.md | 24 ----------- 3 files changed, 109 deletions(-) delete mode 100644 spec/factsets/README.md delete mode 100644 spec/onceover.yaml delete mode 100644 spec/pre_conditions/README.md diff --git a/spec/factsets/README.md b/spec/factsets/README.md deleted file mode 100644 index dd72566..0000000 --- a/spec/factsets/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# Factsets - -This directory is where we put any custom factsets that we want to use. They can be generated by running `puppet facts` on the target system. - -**Hot tip:** If you already have factsets in here when you run `onceover init` they will be picked up and added to the config file Automatically - -More info: https://github.com/dylanratcliffe/onceover#factsets diff --git a/spec/onceover.yaml b/spec/onceover.yaml deleted file mode 100644 index d574efa..0000000 --- a/spec/onceover.yaml +++ /dev/null @@ -1,78 +0,0 @@ -# Classes to be tested -classes: - - role::database_server - - role::windowsnode - - role::webserver - - role::goldload_server - - role::loadbalancer - - role::example - - role::callaugeas - -# Nodes to tests classes on, this refers to a 'factset' or 'nodeset' -# depending on whether you are running 'spec' or 'acceptance' tests -nodes: -# - AIX-7.1-powerpc - - SLES-12.1-64 - - Debian-6.0.10-32 - - CentOS-6.6-64 - - Ubuntu-12.04-32 - - Amazon-2018.03 - - Ubuntu-12.04-64 - - CentOS-6.6-32 - - Debian-6.0.10-64 -# - AIX-6.1-powerpc - - Windows_Server-2012r2-64 - - RHEL-7.4 - - Debian-7.8-32 - - windows-10-64 - - Windows_Server-2008r2-64 - - SLES-11.3-64 -# - Debian-7.8-64 - - solaris-10_u9-sparc-64 - - solaris-11.2-sparc-64 - - Ubuntu-14.04-32 - - CentOS-5.11-64 - - CentOS-5.11-32 - - RHEL-6.7 - - CentOS-7.0-64 - - Ubuntu-14.04-64 - -# You can group classes here to save typing -class_groups: - special_classes: - - 'role::callaugeas' - - 'role::loadbalancer' - - general_classes: - include: 'all_classes' - exclude: 'special_classes' - non_windows_classes: - include: 'all_classes' - exclude: 'role::callaugeas' - -# You can group nodes here to save typing -# We have created a 'non_windows_nodes' group because we can't -# give you Windows vagrant boxes to test with because licensing, -# we can give you fact sets though so go crazy with spec testing! -node_groups: - windows_nodes: - - Windows_Server-2012r2-64 - - windows-10-64 - - Windows_Server-2008r2-64 - non_windows_nodes: - include: 'all_nodes' - exclude: 'windows_nodes' - test_callaugeas_nodes: - - RHEL-7.4 - - RHEL-6.7 -test_matrix: - - all_nodes: - classes: 'general_classes' - tests: 'spec' - - non_windows_nodes: - classes: 'non_windows_classes' - tests: 'spec' - - test_callaugeas_nodes: - classes: 'role::callaugeas' - tests: 'spec' - diff --git a/spec/pre_conditions/README.md b/spec/pre_conditions/README.md deleted file mode 100644 index f0a81bf..0000000 --- a/spec/pre_conditions/README.md +++ /dev/null @@ -1,24 +0,0 @@ -# Pre Conditions - -This folder should contain any \*.pp files that you want to be included in every test. - -A common use of this is defining resources that may not exist in the catalog when you are running tests. For example, if we are using a resource that tries to restart the `pe-puppetserver` service, unless it is compiled on a Puppet Maser the `pe-puppetserver` service will not exist and the catalog will fail to compile. To get around this we can create a .pp file and define the resource like so: - -``` puppet -# We are not going to actually have this service anywhere on our servers but -# our code needs to refresh it. This is to trick puppet into doing nothing -service { 'pe-puppetserver': - ensure => 'running', - enable => false, - hasrestart => false, # Force Puppet to use start and stop to restart - start => 'echo "Start"', # This will always exit 0 - stop => 'echo "Stop"', # This will also always exit 0 - hasstatus => false, # Force puppet to use our command for status - status => 'echo "Status"', # This will always exit 0 and therefore Puppet will think the service is running - provider => 'base', -} -``` - -This will mean that the `pe-puppetserver` service is in the catalog for spec testing and will even allow you to try to restart it during acceptance tests without the service actually being present. - -More info: https://github.com/dylanratcliffe/onceover#using-workarounds From 750f514c7ea9102d9257ca9c7178264bc2ccdc93 Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Fri, 10 Apr 2020 17:24:10 +0800 Subject: [PATCH 162/165] add onceover-example.yaml --- onceover-example.yaml | 93 ++++++++++++++++++++++ site-modules/role/manifests/windowsnode.pp | 18 ----- 2 files changed, 93 insertions(+), 18 deletions(-) create mode 100644 onceover-example.yaml delete mode 100644 site-modules/role/manifests/windowsnode.pp diff --git a/onceover-example.yaml b/onceover-example.yaml new file mode 100644 index 0000000..bb71230 --- /dev/null +++ b/onceover-example.yaml @@ -0,0 +1,93 @@ +# Classes to be tested +classes: + - role::database_server + - role::webserver + - role::goldload_server + - role::loadbalancer + - role::example + - role::callaugeas + +# Nodes to tests classes on, this refers to a 'factset' or 'nodeset' +# depending on whether you are running 'spec' or 'acceptance' tests +nodes: + - AIX-7.1-powerpc + - SLES-12.1-64 + - Debian-6.0.10-32 + - CentOS-6.6-64 + - Ubuntu-12.04-32 + - Amazon-2018.03 + - Ubuntu-12.04-64 + - CentOS-6.6-32 + - Debian-6.0.10-64 + - AIX-6.1-powerpc + - Windows_Server-2012r2-64 + - RHEL-7.4 + - Debian-7.8-32 + - windows-10-64 + - Windows_Server-2008r2-64 + - SLES-11.3-64 + - Debian-7.8-64 + - solaris-10_u9-sparc-64 + - solaris-11.2-sparc-64 + - Ubuntu-14.04-32 + - CentOS-5.11-64 + - CentOS-5.11-32 + - RHEL-6.7 + - CentOS-7.0-64 + - Ubuntu-14.04-64 + +# You can group classes here to save typing +class_groups: + general_class: + - role::database_server + - role::webserver + - role::goldload_server + - role::example + +# You can group nodes here to save typing +# We have created a 'non_windows_nodes' group because we can't +# give you Windows vagrant boxes to test with because licensing, +# we can give you fact sets though so go crazy with spec testing! +node_groups: + windows_nodes: + - Windows_Server-2012r2-64 + - windows-10-64 + - Windows_Server-2008r2-64 + non_windows_nodes: + include: 'all_nodes' + exclude: 'windows_nodes' + callaugeas_nodes: + - RHEL-7.4 + - RHEL-6.7 + haproxy_nodes: + - SLES-12.1-64 + - Debian-6.0.10-32 + - CentOS-6.6-64 + - Ubuntu-12.04-32 + - Amazon-2018.03 + - Ubuntu-12.04-64 + - CentOS-6.6-32 + - Debian-6.0.10-64 + - RHEL-7.4 + - Debian-7.8-32 + - SLES-11.3-64 + - Debian-7.8-64 + - Ubuntu-14.04-32 + - CentOS-5.11-64 + - CentOS-5.11-32 + - RHEL-6.7 + - CentOS-7.0-64 + - Ubuntu-14.04-64 + +test_matrix: + - all_nodes: + classes: 'general_class' + tests: 'spec' + - callaugeas_nodes: + classes: 'role::callaugeas' + tests: 'spec' + - haproxy_nodes: + classes: 'role::loadbalancer' + tests: 'spec' + + diff --git a/site-modules/role/manifests/windowsnode.pp b/site-modules/role/manifests/windowsnode.pp deleted file mode 100644 index 427152f..0000000 --- a/site-modules/role/manifests/windowsnode.pp +++ /dev/null @@ -1,18 +0,0 @@ -class role::windowsnode { -### - group { 'testgroup' : - name => 'testgroup111', - ensure => present, - } - - - user { 'testuser1' : - name => 'testuser111', - ensure => present, - groups => 'testgroup111', -# require => Group['testgroup'], - } - -### - -} From a4d25d3a0af11abd775743ef272004701b813d4a Mon Sep 17 00:00:00 2001 From: henrywangpuppet <53325547+henrywangpuppet@users.noreply.github.com> Date: Fri, 10 Apr 2020 17:43:30 +0800 Subject: [PATCH 163/165] Delete Gemfile --- Gemfile | 8 -------- 1 file changed, 8 deletions(-) delete mode 100644 Gemfile diff --git a/Gemfile b/Gemfile deleted file mode 100644 index df9f1c7..0000000 --- a/Gemfile +++ /dev/null @@ -1,8 +0,0 @@ -# frozen_string_literal: true - -source "https://rubygems.org" - -git_source(:github) {|repo_name| "https://github.com/#{repo_name}" } - -# gem "rails" -gem "onceover" From cec9f36c2efbafeb4292e339d4407ebe76e48f25 Mon Sep 17 00:00:00 2001 From: henrywangpuppet <53325547+henrywangpuppet@users.noreply.github.com> Date: Fri, 10 Apr 2020 17:43:42 +0800 Subject: [PATCH 164/165] Delete Gemfile.lock --- Gemfile.lock | 133 --------------------------------------------------- 1 file changed, 133 deletions(-) delete mode 100644 Gemfile.lock diff --git a/Gemfile.lock b/Gemfile.lock deleted file mode 100644 index 973766e..0000000 --- a/Gemfile.lock +++ /dev/null @@ -1,133 +0,0 @@ -GEM - remote: https://rubygems.org/ - specs: - backticks (1.0.2) - blockenspiel (0.5.0) - colored (1.2) - colored2 (3.1.2) - concurrent-ruby (1.1.6) - cri (2.15.10) - deep_merge (1.2.1) - diff-lcs (1.3) - facter (2.5.7) - faraday (0.17.3) - multipart-post (>= 1.2, < 3) - faraday_middleware (0.14.0) - faraday (>= 0.7.4, < 1.0) - fast_gettext (1.1.2) - gettext (3.2.9) - locale (>= 2.0.5) - text (>= 1.3.0) - gettext-setup (0.34) - fast_gettext (~> 1.1.0) - gettext (>= 3.0.2, < 3.3.0) - locale - git (1.6.0) - rchardet (~> 1.8) - hiera (3.6.0) - hocon (1.3.0) - httpclient (2.8.3) - little-plugger (1.1.4) - locale (2.1.3) - log4r (1.1.10) - logging (2.2.2) - little-plugger (~> 1.1) - multi_json (~> 1.10) - minitar (0.9) - mocha (1.11.2) - multi_json (1.14.1) - multipart-post (2.1.1) - onceover (3.15.2) - backticks (>= 1.0.2) - colored (~> 1.2) - cri (>= 2.6) - deep_merge (>= 1.0.0) - facter (< 4.0.0) - git - logging (>= 2.0.0) - multi_json (~> 1.10) - parallel_tests (>= 2.0.0) - puppet (>= 3.4.0) - puppetlabs_spec_helper (>= 0.4.0) - r10k (>= 2.1.0) - rake (>= 10.0.0) - rspec (>= 3.0.0) - rspec-puppet (>= 2.4.0) - rspec_junit_formatter (>= 0.2.0) - table_print (>= 1.0.0) - versionomy (>= 0.5.0) - parallel (1.19.1) - parallel_tests (2.32.0) - parallel - pathspec (0.2.1) - puppet (6.14.0) - concurrent-ruby (~> 1.0) - deep_merge (~> 1.0) - facter (> 2.0.1, < 5) - fast_gettext (~> 1.1) - hiera (>= 3.2.1, < 4) - httpclient (~> 2.8) - locale (~> 2.1) - multi_json (~> 1.10) - puppet-resource_api (~> 1.5) - semantic_puppet (~> 1.0) - puppet-lint (2.4.2) - puppet-resource_api (1.8.12) - hocon (>= 1.0) - puppet-syntax (2.6.1) - puppet (>= 5) - rake - puppet_forge (2.3.4) - faraday (>= 0.9.0, < 0.18.0, != 0.13.1) - faraday_middleware (>= 0.9.0, < 0.15.0) - gettext-setup (~> 0.11) - minitar - semantic_puppet (~> 1.0) - puppetlabs_spec_helper (2.14.1) - mocha (~> 1.0) - pathspec (~> 0.2.1) - puppet-lint (~> 2.0) - puppet-syntax (~> 2.0) - rspec-puppet (~> 2.0) - r10k (3.4.1) - colored2 (= 3.1.2) - cri (>= 2.15.10, < 3.0.0) - fast_gettext (~> 1.1.0) - gettext (>= 3.0.2, < 3.3.0) - gettext-setup (~> 0.24) - log4r (= 1.1.10) - multi_json (~> 1.10) - puppet_forge (~> 2.3.0) - rake (13.0.1) - rchardet (1.8.0) - rspec (3.9.0) - rspec-core (~> 3.9.0) - rspec-expectations (~> 3.9.0) - rspec-mocks (~> 3.9.0) - rspec-core (3.9.1) - rspec-support (~> 3.9.1) - rspec-expectations (3.9.1) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.9.0) - rspec-mocks (3.9.1) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.9.0) - rspec-puppet (2.7.8) - rspec - rspec-support (3.9.2) - rspec_junit_formatter (0.4.1) - rspec-core (>= 2, < 4, != 2.12.0) - semantic_puppet (1.0.2) - table_print (1.5.6) - text (1.3.1) - versionomy (0.5.0) - blockenspiel (~> 0.5) - -PLATFORMS - ruby - -DEPENDENCIES - onceover - -BUNDLED WITH - 2.1.4 From 12a6d15981b4913a2e3ed370fdeb098f8744968a Mon Sep 17 00:00:00 2001 From: Henry Wang Date: Fri, 10 Apr 2020 19:24:21 +0800 Subject: [PATCH 165/165] add laodbalancer-improved.pp --- loadbalancer-improved.pp | 102 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 102 insertions(+) create mode 100644 loadbalancer-improved.pp diff --git a/loadbalancer-improved.pp b/loadbalancer-improved.pp new file mode 100644 index 0000000..79e9632 --- /dev/null +++ b/loadbalancer-improved.pp @@ -0,0 +1,102 @@ +class role::loadbalancer ( + Optional[String] $ports1 = '80', + Optional[String] $ports2 = undef, + Optional[String] $rule1 = 'puppet00', + Optional[String] $rule2 = undef, + Optional[String] $backendserver_name1 = '', + Optional[String] $backendserver_name2 = '', + Optional[String] $backendserver_ipaddress1 = undef, + Optional[String] $backendserver_ipaddress2 = undef, + Optional[String] $connetc_timeout = '60s', + ) { + + class { 'haproxy': + merge_options => true, + global_options => { + 'log' => "${::ipaddress} local0", + 'chroot' => '/var/lib/haproxy', + 'pidfile' => '/var/run/haproxy.pid', + 'maxconn' => '4000', + 'user' => 'haproxy', + 'group' => 'haproxy', + 'daemon' => '', + 'stats' => 'socket /var/lib/haproxy/stats', + }, + defaults_options => { + 'log' => 'global', + 'stats' => 'enable', + 'option' => [ + 'redispatch', + ], + 'retries' => '3', + 'timeout' => [ + 'http-request 10s', + 'queue 1m', + 'connect 300s', + 'client 600s', + 'server 600s', + 'check 1m', + ], + 'maxconn' => '8000', + }, + } + + include ::haproxy + + haproxy::listen { $rule1 : + collect_exported => false, + ipaddress => $::ipaddress, + ports => $ports1, + } + + if $rule2 != undef + { + haproxy::listen { $rule2 : + collect_exported => false, + ipaddress => $::ipaddress, + ports => $ports2, + } + + haproxy::balancermember { 'member3' : + listening_service => $rule2, + server_names => $backendserver_name1, + ipaddresses => $backendserver_ipaddress1, + ports => $ports2, + options => 'check', + + } + + haproxy::balancermember { 'member4' : + listening_service => $rule2, + server_names => $backendserver_name2, + ipaddresses => $backendserver_ipaddress2, + ports => $ports2, + options => 'check', + } + + } + + + + + haproxy::balancermember { 'member1' : + listening_service => $rule1, + server_names => $backendserver_name1, + ipaddresses => $backendserver_ipaddress1, + ports => $ports1, + options => 'check', + + } + + haproxy::balancermember { 'member2' : + listening_service => $rule1, + server_names => $backendserver_name2, + ipaddresses => $backendserver_ipaddress2, + ports => $ports1, + options => 'check', + } + +#pending Improvement, possible areas: Array Input with multipal ports + + +}