Pastie now auto-senses if line-wrap is a bad or good idea. Feedback?
## mark a section (Learn more)
// node.pp node 'a.valid.hostname' { $admin = [ "jbooth", "haggin", "hougland" ] include local samba::client { "dres-kennel": description => "DRES Fedora 10 Test VM"; } localuser { ["nhoyt"]: ensure => present; } $faecustom = 'SNIP' apache::vhost { "test": host => "a.valid.hostname", serveralias => "a.valid.hostname", provider => "ip", https => true, group => "a.group", http_custom => "$faecustom", https_custom => "$faecustom"; } package { ["Django", "ocaml", "python-psycopg2", "python-docutils", "python-lxml"]: ensure => present; ["emacs"]: ensure => present; } file { "/services/test/reports": seltype => "httpd_sys_script_rw_t", ensure => directory, require => File["/services/test"]; "/services/test/sites": seltype => "httpd_sys_script_rw_t", ensure => directory, require => File["/services/test"]; } # had to enable # setsebool -P httpd_can_network_connect=1 # had to enable # setsebool -P httpd_can_network_connect_db=1 # do research on # setsebool -P httpd_unified=1 # and figure out if we can work around it correctly # or if we need to enable the above } // apache module class apache { package { "httpd": ensure => latest; } service { "httpd": hasstatus => true, hasrestart => true, enable => true, ensure => running, require => Package["httpd"], } File { require => Package["httpd"] } file { "/etc/httpd/conf.d/welcome.conf": ensure => absent; } } class apache::ssl inherits apache { package { "mod_ssl": ensure => latest, require => Package["httpd"]; } file { "/etc/httpd/conf.d/ssl.conf": ensure => present, source => "puppet://$servername/apache/ssl.conf"; } } define apache::vhost ( $ensure = "present", $host, $ip = $ipaddress, $provider = "named", $http = true, $http_port = "80", $http_custom = "", $https = false, $https_port = "443", $https_custom = "", $serveradmin = "generate_in_template", $serveralias = "", $owner = "apache", $group = "apache", $dirmode = "2775", $filemode = "664", $replace = false ) { if ($http == false) and ($https == false) { fail("apache::vhost: what's the point in a vhost with no http or https access?") } if ($provider != "named") and ($provider != "ip") { fail("apache::vhost: provider $provider unknown!") } # Make sure we have the package and service running include apache # We'll need a service directory include services services::add { "$title": owner => $owner, group => $group, mode => $dirmode, lib_seltype => "httpd_sys_content_rw_t", ensure => $ensure; } # Include ssl if they requested https if ($https == true) { include apache::ssl } # Grant sudo privs include sudo sudo::add { "vhost-$title": who => "%$group", host => "ALL", command => "/sbin/service httpd restart", runas_user => "ALL", ensure => $ensure; } # Open those ports in the firewall include iptables if ($http == true) and !defined(Iptables::Add["apache $ipaddress $http_port"]) { iptables::add { "apache $ipaddress $http_port": port => $http_port; } } if ($https == true) and !defined(Iptables::Add["apache $ipaddress $https_port"]) { iptables::add { "apache $ipaddress $https_port": port => $https_port; } } # Handy definitions $configroot = "/etc/httpd/conf.d" $configfile = "/services/$title/vhost.conf" $documentroot = "/services/$title/html" $logroot = "/services/$title/logs" File { owner => $owner, group => $group, require => Package["httpd"], ensure => $ensure, } file { "$configroot/vhost-$title.conf": content => template("apache/vhost-site.conf.erb"), seltype => "httpd_config_t", replace => $replace, notify => Service["httpd"]; "$configfile": require => File["/services/$title"], seltype => "httpd_config_t", ensure => $ensure ? { absent => "absent", default => "$configroot/vhost-$title.conf" }; "$documentroot": require => File["/services/$title"], seltype => "httpd_sys_content_t", mode => $dirmode, ensure => $ensure ? { absent => "absent", default => "directory" }; "$documentroot/index.html": require => File["$documentroot"], seltype => "httpd_sys_content_t", mode => $filemode, replace => $replace, content => template("apache/index.html.erb"); "$logroot": require => File["/services/$title"], seltype => "httpd_log_t", mode => $dirmode, ensure => $ensure ? { absent => "absent", default => "directory" }; } } // iptables module class iptables { package { "iptables": ensure => present; } # Don't hasrestart => true because it returns 1 even when it passes. service { "iptables": hasstatus => true, enable => true, ensure => running; } concat_file { "/etc/sysconfig/iptables": mode => 0400, notify => Service["iptables"]; } concat_file_chunk { "iptables-header": file => "/etc/sysconfig/iptables", priority => "00", content => template("iptables/iptables-header.erb"); "iptables-footer": file => "/etc/sysconfig/iptables", priority => "99", content => template("iptables/iptables-footer.erb"); } } define iptables::add ( $port ) { include iptables concat_file_chunk { "iptables-$title": file => "/etc/sysconfig/iptables", content => template("iptables/iptables-rule.erb"); } } // concat module ("custom") class custom { # This just does some prep work for the defines below file { "/tmp/puppet": ensure => directory, mode => 700, owner => root, group => root; } exec { "cleanup /tmp/puppet": path => "/bin/", cwd => "/tmp", command => "rm -rf puppet", require => File["/tmp/puppet"]; } } # This define is sick and wrong. # It is a recursive-to-/ file { ensure => directory } define mkdir ( $ensure = present ) { $parent = template("custom/mkdir.erb") if !defined(Mkdir["$parent"]) and $parent != "/tmp/puppet" { mkdir { "$parent": ensure => $ensure; } } file { "$name": ensure => directory, owner => root, group => root, mode => 400, require => File["$parent"]; } } define concat_file ( $ensure = present, $mode = 0644, $owner = root, $group = root ) { include custom $file = "/tmp/puppet/${name}" $dir = "/tmp/puppet/${name}.d" $parent = template("custom/mkdir.erb") mkdir { "$dir": ensure => present; } # Make sure there's something, even if empty file { "${dir}/__nonempty__": owner => root, group => root, mode => 400, ensure => present, content => '', require => File["${dir}"]; } exec { "concat_file_$title": path => ["/bin", "/usr/bin"], cwd => $parent, command => "cat $dir/* >| $file", require => File["${dir}/__nonempty__"]; } file { "${name}": ensure => $ensure, owner => $owner, group => $group, mode => $mode, source => $file, require => Exec["concat_file_${name}"], before => Exec["cleanup /tmp/puppet"]; } } define concat_file_chunk ( $file, $priority = "50", $content = "" ) { file { "/tmp/puppet/${file}.d/${priority}-${title}": owner => root, group => root, mode => 400, content => $content, before => Exec["concat_file_${file}"], require => File["/tmp/puppet/${file}.d"]; } }
This paste will be private.
From the Design Piracy series on my blog:
Pastie << self Blog