diff options
Diffstat (limited to 'genome-repo/genome-repo/genome_module')
16 files changed, 958 insertions, 0 deletions
diff --git a/genome-repo/genome-repo/genome_module/files/autosign.conf b/genome-repo/genome-repo/genome_module/files/autosign.conf new file mode 100644 index 0000000..72e8ffc --- /dev/null +++ b/genome-repo/genome-repo/genome_module/files/autosign.conf @@ -0,0 +1 @@ +* diff --git a/genome-repo/genome-repo/genome_module/files/fileserver.conf b/genome-repo/genome-repo/genome_module/files/fileserver.conf new file mode 100644 index 0000000..d9a77c7 --- /dev/null +++ b/genome-repo/genome-repo/genome_module/files/fileserver.conf @@ -0,0 +1,19 @@ +# This file consists of arbitrarily named sections/modules +# defining where files are served from and to whom + +# Define a section 'files' +# Adapt the allow/deny settings to your needs. Order +# for allow/deny does not matter, allow always takes precedence +# over deny +# [files] +# path /var/lib/puppet/files +# allow *.example.com +# deny *.evil.example.com +# allow 192.168.0.0/24 +[facts] + path /etc/puppet/facts + allow * + +[plugins] + path /etc/puppet/plugins + allow * diff --git a/genome-repo/genome-repo/genome_module/files/git-daemon b/genome-repo/genome-repo/genome_module/files/git-daemon new file mode 100644 index 0000000..744c2ce --- /dev/null +++ b/genome-repo/genome-repo/genome_module/files/git-daemon @@ -0,0 +1,14 @@ +# default: off +# description: The git server offers access to git repositories +service git +{ + disable = no + socket_type = stream + wait = no + user = nobody + server = /usr/bin/git-daemon + server_args = --export-all --user-path=public_git --syslog --inetd --verbose /pub/git + log_on_failure += USERID +# xinetd doesn't do this by default. bug #195265 + flags = IPv6 +} diff --git a/genome-repo/genome-repo/genome_module/files/machine_types.rb b/genome-repo/genome-repo/genome_module/files/machine_types.rb new file mode 100644 index 0000000..12fea32 --- /dev/null +++ b/genome-repo/genome-repo/genome_module/files/machine_types.rb @@ -0,0 +1,54 @@ +# Copyright (C) 2008 Red Hat, Inc + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# a long with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +################################################################################ +#Define new facts here. You can later map them to machine types in the # +#following section. # +# # +# One thing to note is the special syntax allowed when setting default values # +# for facts. In the default string you are allowed to use "%repo%" or # +# "%machine_name%" which will get substituted appropriately whenever this data # +# is used (eg, genome-bootstrap uses this for setting context aware default # +# values for facts). # +# # +# If a fact needs to be on all machines types set ":on_all_nodes" # +# appropriately. Otherwise in the machine declaration section you need to # +# specify what facts will be used for a particular machine. # +################################################################################ + +# newfact("puppetserver", :on_all_nodes => true) do +# set_desc "The puppetmaster used for all configuration. If you are " + +# "provisioning a Repo machine, this should be it's FQDN" +# set_default "%repo%-repo.usersys.redhat.com" +# end + +# newfact("logserver") do +# set_desc "The machine to send syslog output to" +# end + +############################################################################## +# Machines definitions go here. It is important that this happens after the # +# fact declarations. Aside from that, order does not matter. # +############################################################################## + +# classes_on_all_machine_types "puppet::client" + +# newmachine("jboss-dev") do +# include_facts "logserver" +# set_classes "jboss::dev", "java", "jboss::server::web", +# "mysql::standalone", "jboss::ds::messaging", "jboss::ds::esb", +# "apache::ssl", "apache::ajp_http","apache::ajp_devel", +# end diff --git a/genome-repo/genome-repo/genome_module/files/manifests/site.pp b/genome-repo/genome-repo/genome_module/files/manifests/site.pp new file mode 100644 index 0000000..43a9081 --- /dev/null +++ b/genome-repo/genome-repo/genome_module/files/manifests/site.pp @@ -0,0 +1,12 @@ +filebucket { main: server => puppet } + +Exec { + path => '/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin:/usr/local/bin' +} + + +File { + ignore => [ '.svn' ], + owner => root, + group => root, +} diff --git a/genome-repo/genome-repo/genome_module/files/modules.conf b/genome-repo/genome-repo/genome_module/files/modules.conf new file mode 100644 index 0000000..d188cda --- /dev/null +++ b/genome-repo/genome-repo/genome_module/files/modules.conf @@ -0,0 +1,18 @@ +[serializers] +settings = serializer_yaml +distro = serializer_yaml +profile = serializer_yaml +system = serializer_yaml +repo = serializer_yaml + +[authentication] +module = authn_configfile + +[authorization] +module = authz_allowall + +[dns] +module = manage_bind + +[dhcp] +module = manage_isc diff --git a/genome-repo/genome-repo/genome_module/files/post-receive.template b/genome-repo/genome-repo/genome_module/files/post-receive.template new file mode 100755 index 0000000..a7d9beb --- /dev/null +++ b/genome-repo/genome-repo/genome_module/files/post-receive.template @@ -0,0 +1,22 @@ +#!/bin/sh +# +# This file is laid down by puppet as part of the genomerepo::appliance class +# that ships with the genome-repo RPM. + +update_working_dir() { + GIT_DIR=`pwd` + GIT_WORK_TREE="/etc/puppet/modules/main/`/bin/basename $GIT_DIR`" + + pushd $GIT_WORK_TREE + git --git-dir=$GIT_DIR reset --hard $1 + echo "$GIT_WORK_TREE updated." + popd +} + +while read oldrev newrev ref; do + # We only care when master gets updated + if [[ $ref == 'refs/heads/master' ]] + then + update_working_dir $newrev + fi +done diff --git a/genome-repo/genome-repo/genome_module/files/puppet_node.sh b/genome-repo/genome-repo/genome_module/files/puppet_node.sh new file mode 100644 index 0000000..15de3af --- /dev/null +++ b/genome-repo/genome-repo/genome_module/files/puppet_node.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +# Repo machines keep their yaml in a "special" location. This is to keep +# people from being able to change repo configuration from genomed +if [ `hostname` == $1 ]; then + cat /etc/genome/repo.yaml +else + cat /etc/genome/nodes/$1/node.yaml +fi diff --git a/genome-repo/genome-repo/genome_module/files/puppetca.cgi b/genome-repo/genome-repo/genome_module/files/puppetca.cgi new file mode 100644 index 0000000..a72a40a --- /dev/null +++ b/genome-repo/genome-repo/genome_module/files/puppetca.cgi @@ -0,0 +1,10 @@ +#!/bin/env ruby +require 'cgi' +require 'erb' + +cgi = CGI.new +cgi.out("text/plain") do + hostname = cgi['clean'] + # Since ` only returns stdout we redirect stderr + `sudo /usr/sbin/puppetca --clean #{hostname} 2>&1` +end diff --git a/genome-repo/genome-repo/genome_module/files/users.digest b/genome-repo/genome-repo/genome_module/files/users.digest new file mode 100644 index 0000000..69ea10f --- /dev/null +++ b/genome-repo/genome-repo/genome_module/files/users.digest @@ -0,0 +1 @@ +cobbler:Cobbler:8e9c0aa3ae45bb39347866c41cb4d293 diff --git a/genome-repo/genome-repo/genome_module/manifests/init.pp b/genome-repo/genome-repo/genome_module/manifests/init.pp new file mode 100644 index 0000000..7352750 --- /dev/null +++ b/genome-repo/genome-repo/genome_module/manifests/init.pp @@ -0,0 +1,354 @@ +class genomerepo { + class base { + $user = 'genome' + + group { "$user": + ensure => present, + require => User[$user], + } + + user { "$user": + ensure => present, + membership => minimum, + shell => "/bin/bash", + home => "/var/lib/$user", + managehome => true, + } + + # This is a little heavy-handed. Basically it's a temporary solution + # until we decide whether or not the RPM should setup ownership on this + # directory. + # + # If this turns out to hurt performance we could also use a cronjob + exec { "Verify permissions are correct": + command => "/bin/chown -R ${user}:${user} /pub", + require => File["/pub"], + } + + file { "/pub": + ensure => directory, + owner => $user, + group => $user, + } + + file { "/pub/git": + ensure => directory, + owner => $user, + group => $user, + } + + file { "/pub/git/puppet": + ensure => directory, + owner => $user, + group => $user, + } + } + + class xinetd inherits base { + package { "xinetd": + ensure => installed, + } + + service { "xinetd": + ensure => running, + hasrestart => true, + hasstatus => true, + require => Package["xinetd"], + } + } + + # This definition requires that you have included the xinetd class + # http://groups.google.com/group/puppet-users/browse_thread/thread/3141cc38da909fe1 + define xinetd::dropfile($module) { + file { "/etc/xinetd.d/${name}": + owner => "root", + group => "root", + ensure => present, + mode => 0644, + source => "puppet:///${module}/${name}", + notify => Service["xinetd"], + } + } + + class httpd inherits base { + package { "httpd": + ensure => installed + } + + service { "httpd": + ensure => running, + hasstatus => true, + # There is a bug in the httpd service script + restart => "/bin/sleep 5 && /sbin/service httpd graceful", + require => Package["httpd"], + } + } + + class gitrepo inherits base { + include httpd + include xinetd + + package { "gitweb": + ensure => installed, + notify => Service["httpd"], + } + + package { "git-daemon": + ensure => installed, + } + + genomerepo::xinetd::dropfile { "git-daemon": + module => "genomerepo", + require => Package["git-daemon"], + } + } + + class puppet inherits base { + $puppetdir = "/etc/puppet" + + # Don't just change this value willy-nilly. The git hooks rely on + # this. + $third_party_module_dir = "/etc/puppet/modules/main" + + file { "$third_party_module_dir": + ensure => directory, + mode => 0755, + owner => $user, + group => $user, + } + + file { "${puppetdir}/puppet.conf": + mode => 0644, + content => template("genomerepo/puppet.conf.appliance.erb"), + require => Package["puppet"], + } + + package { ["puppet", "puppet-server"]: + ensure => installed, + } + + service { "puppet": + ensure => running, + enable => true, + hasrestart => true, + hasstatus => true, + require => File["${puppetdir}/puppet.conf"] + } + + service { "puppetmaster": + ensure => running, + enable => true, + hasrestart => true, + hasstatus => true, + require => [Package["puppet-server"], File["${puppetdir}/puppet.conf"]], + before => Service["puppet"], + } + + file { "external-nodes": + name => '/usr/local/bin/puppet_node.sh', + mode => 0755, + owner => puppet, + group => puppet, + source => "puppet:///genomerepo/puppet_node.sh", + notify => Service["puppetmaster"], + before => File["${puppetdir}/puppet.conf"], + } + + puppet::file { "fileserver.conf": } + puppet::file { "autosign.conf": } + puppet::file { "manifests/site.pp": } + + file { ["${puppetdir}/modules", "${puppetdir}/plugins"]: + ensure => directory, + mode => 0755, + before => Service["puppetmaster"], + } + + define puppet::file { + file {"${puppetdir}/${name}": + source => "puppet:///genomerepo/${name}", + before => [Service["puppetmaster"], File["${puppetdir}/puppet.conf"]], + require => Package["puppet-server"], + } + } + } + + class cobbler inherits base { + group { "apache": + ensure => present, + } + + user { "apache": + ensure => present, + require => Group["apache"], + } + + package { "cobbler": + ensure => installed, + notify => Service["httpd"], + } + + package { ["yum-utils", "syslinux"]: + ensure => installed, + } + + service { "cobblerd": + ensure => running, + hasrestart => true, + hasstatus => true, + require => Package["cobbler"], + } + + file { "/etc/cobbler/users.digest": + owner => "root", + group => "root", + ensure => present, + mode => 0660, + source => "puppet:///genomerepo/users.digest", + require => Package["cobbler"], + } + + file { "/etc/cobbler/settings": + owner => "root", + group => "root", + ensure => present, + mode => 0664, + content => template("genomerepo/settings.erb"), + require => Package["cobbler"], + notify => Service["cobblerd"], + } + + file { "/etc/cobbler/modules.conf": + owner => "root", + group => "root", + ensure => present, + mode => 0664, + source => "puppet:///genomerepo/modules.conf", + require => Package["cobbler"], + notify => Service["cobblerd"], + } + + cron { "reposync": + command => "/usr/bin/cobbler reposync", + user => root, + hour => 2, + minute => 0 + } + + if $cobbler_master { + $ks_mirror = "/var/www/cobbler/ks_mirror" + file { $ks_mirror: + ensure => directory, + owner => "apache", + group => "apache", + require => User["apache"], + } + + mount { $ks_mirror: + ensure => mounted, + device => "${cobbler_master}:${ks_mirror}", + fstype => "nfs", + options => "ro,nosuid,nodev,noatime,intr,hard,tcp", + require => [Package["cobbler"], File["$ks_mirror"]], + notify => Exec["cobbler-replicate"], + } + + exec { "cobbler-replicate": + command => "/usr/bin/cobbler replicate --master=${cobbler_master}", + refreshonly => true, + } + } + } + + # We need a least some way for custom machine types to configured puppetd + # out of the box. This class is available to any custom machine types. + # Note: This class is NOT compatible with the appliance class. + class client { + $puppetdir = "/etc/puppet" + + file { "${puppetdir}/puppet.conf": + mode => 0644, + content => template("genomerepo/puppet.conf.client.erb"), + require => Package["puppet"], + } + + package { "puppet": + ensure => installed, + } + + service { "puppet": + ensure => running, + enable => true, + hasrestart => true, + hasstatus => true, + require => File["${puppetdir}/puppet.conf"] + } + + } + + # This class needs to have some sort of auto backup support + # since it will be more 'mission critical' + class appliance inherits base { + include puppet + include gitrepo + include cobbler + + package { "rubygem-genomed": + ensure => installed, + } + + service { "genomed": + ensure => running, + hasrestart => true, + hasstatus => true, + require => Package["rubygem-genomed"], + } + + file { "/etc/genome": + ensure => directory, + } + + # This allows all users to run puppetca --clean + file { "/etc/sudoers": + ensure => present, + owner => "root", + group => "root", + mode => 0440, + content => template("genomerepo/sudoers.erb"), + require => User["$user"], + } + + file { "/etc/genome/post-receive.template": + ensure => present, + owner => "root", + group => "root", + mode => 0744, + source => "puppet:///genomerepo/post-receive.template", + require => User[$user], + } + + exec { "Setup post-recieve hooks for puppet modules": + user => $user, + group => $user, + path => "/usr/bin:/bin", + command => "find /pub/git/puppet -name hooks -type d -exec cp /etc/genome/post-receive.template '{}'/post-receive \\;", + require => [User[$user], File["/etc/genome"], File["/pub/git/puppet"], File["/etc/genome/post-receive.template"]], + } + + # Technically the erb files require the cgi + # Consider fixing that. + genome::cgi::file { "puppetca.cgi": } + + # These files are used for cloning + define genome::cgi::file { + file { "/var/www/cgi-bin/${name}": + owner => "root", + group => "root", + ensure => present, + mode => 0755, + require => Service["httpd"], + source => "puppet:///genomerepo/${name}", + } + } + } +} diff --git a/genome-repo/genome-repo/genome_module/templates/post-receive-docs.erb b/genome-repo/genome-repo/genome_module/templates/post-receive-docs.erb new file mode 100755 index 0000000..a732c87 --- /dev/null +++ b/genome-repo/genome-repo/genome_module/templates/post-receive-docs.erb @@ -0,0 +1,41 @@ +#!/bin/sh + +PUBLICAN_DIR="<%= pn %>" +HTTPD_DOCDIR="<%= docs_dir %>" + +update_working_dir() { + git push --force $HTTPD_DOCDIR > /dev/null + # This is the only way I could find to get the reset to work properly + # on the working repo + export GIT_DIR=$HTTPD_DOCDIR/.git + export GIT_WORK_TREE=$HTTPD_DOCDIR + pushd $HTTPD_DOCDIR > /dev/null + . git-sh-setup + git reset --hard $1 + popd > /dev/null +} + +gen_docs() { + # The /'s are needed here + projects=`git ls-tree --name-only HEAD ${PUBLICAN_DIR}/ | grep -v README | cut -f2 -d/ | xargs` + for project in $projects; do + # Determine if a project has been changed + LINES_CHANGED=`git diff $1..$2 -- $PUBLICAN_DIR/$project | wc -l` + if [ $LINES_CHANGED != "0" ]; then + pushd $HTTPD_DOCDIR/$PUBLICAN_DIR/$project > /dev/null + echo -n Building the $project docs... + make html-single > /dev/null + echo done + popd > /dev/null + fi + done +} + +while read oldrev newrev ref; do + # We only care when master gets updated + if [[ $ref == 'refs/heads/master' ]] + then + update_working_dir $newrev + gen_docs $oldrev $newrev + fi +done diff --git a/genome-repo/genome-repo/genome_module/templates/puppet.conf.appliance.erb b/genome-repo/genome-repo/genome_module/templates/puppet.conf.appliance.erb new file mode 100644 index 0000000..d52986e --- /dev/null +++ b/genome-repo/genome-repo/genome_module/templates/puppet.conf.appliance.erb @@ -0,0 +1,61 @@ +[main] + # Where Puppet stores dynamic and growing data. + # The default value is '/var/puppet'. + vardir = /var/lib/puppet + + # The Puppet log directory. + # The default value is '$vardir/log'. + logdir = /var/log/puppet + + # Where Puppet PID files are kept. + # The default value is '$vardir/run'. + rundir = /var/run/puppet + + # Where SSL certificates are kept. + # The default value is '$confdir/ssl'. + ssldir = $vardir/ssl + + # sync plugins + pluginsync = true + + # the plugin path + pluginsignore = .svn .git CVS + pluginpath = $confdir/plugins + + # main module path + modulepath = $confdir/modules:<%= third_party_module_dir %> + +[development] + modulepath = $confdir/modules/dev:$confdir/modules/main:$confdir/modules +[qa] + modulepath = $confdir/modules/qa:$confdir/modules/main:$confdir/modules +[stage] + modulepath = $confdir/modules/stage:$confdir/modules/main:$confdir/modules + +[puppetd] + # The file in which puppetd stores a list of the classes + # associated with the retrieved configuratiion. Can be loaded in + # the separate ``puppet`` executable using the ``--loadclasses`` + # option. + # The default value is '$confdir/classes.txt'. + classfile = $vardir/classes.txt + + # Where puppetd caches the local configuration. An + # extension indicating the cache format is added automatically. + # The default value is '$confdir/localconfig'. + localconfig = $vardir/localconfig + + # our puppet server + server = <%= fqdn %> + # run every... in seconds + runinterval = 600 + # graphing + graph = true + # turn on reporting + report = true + # Ignore cache and always recompile the configuration. + ignorecache = true + +[puppetmasterd] + node_terminus = exec + external_nodes = /usr/local/bin/puppet_node.sh diff --git a/genome-repo/genome-repo/genome_module/templates/puppet.conf.client.erb b/genome-repo/genome-repo/genome_module/templates/puppet.conf.client.erb new file mode 100644 index 0000000..ce60154 --- /dev/null +++ b/genome-repo/genome-repo/genome_module/templates/puppet.conf.client.erb @@ -0,0 +1,54 @@ +[main] + # Where Puppet stores dynamic and growing data. + # The default value is '/var/puppet'. + vardir = /var/lib/puppet + + # The Puppet log directory. + # The default value is '$vardir/log'. + logdir = /var/log/puppet + + # Where Puppet PID files are kept. + # The default value is '$vardir/run'. + rundir = /var/run/puppet + + # Where SSL certificates are kept. + # The default value is '$confdir/ssl'. + ssldir = $vardir/ssl + + # sync plugins + pluginsync = true + + # the plugin path + pluginsignore = .svn .git CVS + pluginpath = $confdir/plugins + +[development] + modulepath = $confdir/modules/dev:$confdir/modules/main:$confdir/modules +[qa] + modulepath = $confdir/modules/qa:$confdir/modules/main:$confdir/modules +[stage] + modulepath = $confdir/modules/stage:$confdir/modules/main:$confdir/modules + +[puppetd] + # The file in which puppetd stores a list of the classes + # associated with the retrieved configuratiion. Can be loaded in + # the separate ``puppet`` executable using the ``--loadclasses`` + # option. + # The default value is '$confdir/classes.txt'. + classfile = $vardir/classes.txt + + # Where puppetd caches the local configuration. An + # extension indicating the cache format is added automatically. + # The default value is '$confdir/localconfig'. + localconfig = $vardir/localconfig + + # our puppet server + server = <%= repoappliance %> + # run every... in seconds + runinterval = 600 + # graphing + graph = true + # turn on reporting + report = true + # Ignore cache and always recompile the configuration. + ignorecache = true diff --git a/genome-repo/genome-repo/genome_module/templates/settings.erb b/genome-repo/genome-repo/genome_module/templates/settings.erb new file mode 100644 index 0000000..5ecea9e --- /dev/null +++ b/genome-repo/genome-repo/genome_module/templates/settings.erb @@ -0,0 +1,189 @@ +--- +# cobbler settings file +# run "cobbler sync" after making changes +# (it's a good idea to make backups too) +# +# if 1, cobbler will allow insertions of system records that duplicate +# the mac address information of other system records. In general, +# this is undesirable. +allow_duplicate_macs: 0 + +# if 1, cobbler will allow insertions of system records that duplicate +# the ip address information of other system records. In general, +# this is undesirable. +allow_duplicate_ips: 0 + +# the path to BIND's executable for this distribution. +bind_bin: /usr/sbin/named + +# where to find various bootloaders on the filesystem +bootloaders: + ia64: /var/lib/cobbler/elilo-3.6-ia64.efi + standard: /usr/lib/syslinux/pxelinux.0 + +# if no kickstart is specified, use this template (FIXME) +default_kickstart: /etc/cobbler/default.ks + +# for libvirt based installs in koan, if no virt bridge +# is specified, which bridge do we try? +default_virt_bridge: xenbr0 + +# if koan is invoked without --virt-type and no virt-type +# is set on the profile/system, what virtualization type +# should be assumed? Values: xenpv, xenfv, qemu, vmware +default_virt_type: xenpv + +# use this as the default disk size for virt guests (GB) +default_virt_file_size: 5 + +# use this as the default memory size for virt guests (MB) +default_virt_ram: 512 + +# if using the authz_ownership module (see the Wiki), objects +# created without specifying an owner are assigned to this +# owner and/or group. Can be a comma seperated list. +default_ownership: "admin" + +# location for some important binaries and config files +# that can vary based on the distribution. +dhcpd_bin: /usr/sbin/dhcpd +dhcpd_conf: /etc/dhcpd.conf +dnsmasq_bin: /usr/sbin/dnsmasq +dnsmasq_conf: /etc/dnsmasq.conf +httpd_bin: /usr/sbin/httpd + +# change this port if Apache is not running plaintext on port +# 80. Most people can leave this alone. +http_port: 80 + +# kernel options that should be present in every cobbler installation. +# kernel options can also be applied at the distro/profile/system +# level. +kernel_options: + ksdevice: eth0 + lang: ' ' + text: ~ + +# configuration options if using the authn_ldap module. See the +# the Wiki for details. This can be ignored if you are not using +# LDAP for WebUI/XMLRPC authentication. +ldap_server: "ldap.example.com" +ldap_base_dn: "DC=example,DC=com" +ldap_port: 389 +ldap_tls: 1 +ldap_anonymous_bind: 1 +ldap_search_bind_dn: '' +ldap_search_passwd: '' +ldap_search_prefix: 'uid=' + +# set to 1 to enable Cobbler's DHCP management features. +# the choice of DHCP management engine is in /etc/cobbler/modules.conf +manage_dhcp: 0 + +# set to 1 to enable Cobbler's DNS management features. +# the choice of DNS mangement engine is in /etc/cobbler/modules.conf +manage_dns: 0 + +# if using BIND (named) for DNS management in /etc/cobbler/modules.conf +# and manage_dns is enabled (above), this lists which zones are managed +# See the Wiki (https://fedorahosted.org/cobbler/wiki/ManageDns) for more info +manage_forward_zones: [] +manage_reverse_zones: [] + +# if using cobbler with manage_dhcp, put the IP address +# of the cobbler server here so that PXE booting guests can find it +# if you do not set this correctly, this will be manifested in TFTP open timeouts. +next_server: '<%= ipaddress %>' + +# if using cobbler with manage_dhcp and ISC, omapi allows realtime DHCP +# updates without restarting ISC dhcpd. +omapi_enabled: 1 +omapi_port: 647 +omshell_bin: /usr/bin/omshell + +# if this setting is set to 1, cobbler systems that pxe boot +# will request at the end of their installation to toggle the +# --netboot-enabled record in the cobbler system record. This eliminates +# the potential for a PXE boot loop if the system is set to PXE +# first in it's BIOS order. Enable this if PXE is first in your BIOS +# boot order, otherwise leave this disabled. See the manpage +# for --netboot-enabled. +pxe_just_once: 0 + +# if set to 1, new systems doing profile based installations will +# contact cobbler to have system records created for them containing +# the mac address information that they have requested for install. +# this effectively allows for registration of new hardware via PXE +# without having to manually enter in all of the mac addresses for +# every machine on your network +register_new_installs: 0 + +# install triggers are scripts in /var/lib/cobbler/triggers/install +# that are triggered in kickstart pre and post sections. Any +# executable script in those directories is run. They can be used +# to send email or perform other actions. They are currently +# run as root so if you do not need this functionality you can +# disable it, though this will also disable "cobbler status" which +# uses a logging trigger to audit install progress. +run_install_triggers: 1 + +# this is the address of the cobbler server -- as it is used +# by systems during the install process, it must be the address +# or hostname of the system as those systems can see the server. +# if you have a server that appears differently to different subnets +# (dual homed, etc), you need to read the --server-override section +# of the manpage for how that works. +server: '<%= ipaddress %>' + +# this is a directory of files that cobbler uses to make +# templating easier. See the Wiki for more information. Changing +# this directory should not be required. +snippetsdir: /var/lib/cobbler/snippets + +# by default, installs are set to send syslog traffic on this port +# and cobblerd will listen on this port. syslog data (for installs +# that support it... RHEL 5 and later, etc) is logged in /var/log/cobbler +# and can be used to help debug problematic installations. Syslog +# is UDP and may not be available depending on network/firewall configuration. +syslog_port: 25150 + +# locations of the TFTP binary and config file +tftpd_bin: /usr/sbin/in.tftpd +tftpd_conf: /etc/xinetd.d/tftp + +# cobbler's web directory. Don't change this setting -- see the +# Wiki on "relocating your cobbler install" if your /var partition +# is not large enough. +webdir: /var/www/cobbler + +# cobbler's public XMLRPC listens on this port. Change this only +# if absolutely needed, as you'll have to start supplying a new +# port option to koan if it is not the default. +xmlrpc_port: 25151 + +# cobbler's read write XMLRPC is the version of XMLRPC +# used by the WebUI and some features like system registration. +# XMLRPC connections here require login information to access. +# this feature can be disabled to gain increased security but +# will disable the WebUI, registration, and potentially other +# cobbler features. Most users should leave XMLRPC RW +# enabled. The port can be relocated if needed. +xmlrpc_rw_enabled: 1 +xmlrpc_rw_port: 25152 + +# "cobbler repo add" commands set cobbler up with repository +# information that can be used during kickstart and is automatically +# set up in the cobbler kickstart templates. By default, these +# are only available at install time. To make these repositories +# usable on installed systems (since cobbler makes a very convient) +# mirror, set this to 1. Most users can safely set this to 1. Users +# who have a dual homed cobbler server, or are installing laptops that +# will not always have access to the cobbler server may wish to leave +# this as 0. In that case, the cobbler mirrored yum repos are still +# accessable at http://cobbler.example.org/cblr/repo_mirror and yum +# configuration can still be done manually. This is just a shortcut. +yum_post_install_mirror: 1 + +# additional flags to yum commands +yumreposync_flags: "-l" +yumdownloader_flags: "--resolve" diff --git a/genome-repo/genome-repo/genome_module/templates/sudoers.erb b/genome-repo/genome-repo/genome_module/templates/sudoers.erb new file mode 100644 index 0000000..4ea1a34 --- /dev/null +++ b/genome-repo/genome-repo/genome_module/templates/sudoers.erb @@ -0,0 +1,99 @@ +## This file is controlled by Puppet. +## +## Sudoers allows particular users to run various commands as +## the root user, without needing the root password. +## +## Examples are provided at the bottom of the file for collections +## of related commands, which can then be delegated out to particular +## users or groups. +## +## This file must be edited with the 'visudo' command. + +## Host Aliases +## Groups of machines. You may prefer to use hostnames (perhap using +## wildcards for entire domains) or IP addresses instead. +# Host_Alias FILESERVERS = fs1, fs2 +# Host_Alias MAILSERVERS = smtp, smtp2 + +## User Aliases +## These aren't often necessary, as you can use regular groups +## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname +## rather than USERALIAS +# User_Alias ADMINS = jsmith, mikem + + +## Command Aliases +## These are groups of related commands... + +## Networking +Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool + +## Installation and management of software +Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum + +## Services +Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig + +## Updating the locate database +Cmnd_Alias LOCATE = /usr/sbin/updatedb + +## Storage +Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount + +## Delegating permissions +Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp + +## Processes +Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall + +## Drivers +Cmnd_Alias DRIVERS = /sbin/modprobe + +# Defaults specification + +# +# Disable "ssh hostname sudo <cmd>", because it will show the password in clear. +# You have to run "ssh -t hostname sudo <cmd>". +# + +Defaults env_reset +Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \ + LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \ + LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \ + LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \ + LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \ + _XKB_CHARSET XAUTHORITY" + +## Next comes the main part: which users can run what software on +## which machines (the sudoers file can be shared between multiple +## systems). +## Syntax: +## +## user MACHINE=COMMANDS +## +## The COMMANDS section may have other options added to it. +## +## Allow root to run any commands anywhere +root ALL=(ALL) ALL + +## Allows members of the 'sys' group to run networking, software, +## service management apps and more. +# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS + +## Allows people in group wheel to run all commands +# %wheel ALL=(ALL) ALL + +## Same thing without a password +# %wheel ALL=(ALL) NOPASSWD: ALL + +## Allows members of the users group to mount and unmount the +## cdrom as root +# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom + +## Allows members of the users group to shutdown this system +# %users localhost=/sbin/shutdown -h now + +ALL ALL = NOPASSWD: /usr/sbin/cups-reset.sh + +# This is really only needed on the puppetmaster machines +ALL ALL = NOPASSWD: /usr/sbin/puppetca |