Merge branch 'master' of https://github.com/stephenrjohnson/puppetmodule

Conflicts:
	Modulefile
	manifests/master.pp
	manifests/passenger.pp

Author: Tim Meusel

.gitignore

@@ -5,3 +5,4 @@ Gemfile.lock
 .bundle/
 .rspec_system/
 vendor/
+.vagrant

CHANGELOG

@@ -61,3 +61,20 @@
 2014-10-10 Stephen Johnson <[email protected]> - 1.1.0
   * Add new templatedir paramter to agent
   * Add external_nodes and node_terminus <Jesi Major>
+2014-12-09 Stephen Johnson <[email protected]> - 1.2.0
+  * move cron command to class parameter <g.chernyshev>
+  * Use double-quotes to allow variable expansion in environmentpath <Robin Bowes>
+  * Allow passenger tempdir to be configurable <Robin Bowes>
+  * Fix for future parse <Tim Meusel>
+  * Fix sections settings for various configuration params <Benjamin Krein>
+  * templatedir is deprecated, so do not add by default <Michael Arnold>
+  * Let Puppet deal with setting it's own permissions <Michael Arnold>
+  * Added configtimeout setting to puppet::agent to allow override of this default setting <Jesi Major>
+  * Add new flag to make ssl cert generation optional <Robin Bowes>
+2014-12-31 Stephen Johnson <[email protected]> - 1.3.0
+  * missing @ in the variable <primeministerp>
+  * Remove RackAutoDetect and RailsAutoDetest <Stephen Johnson>
+  * Add acceptance tests for redhat <Stephen Johnson>
+  * Add new metadata file for puppetforge  <Stephen Johnson>
+2014-12-31 Stephen Johnson <[email protected]> - 1.3.1
+  * Cleanup some lint items <Stephen Johnson>

Modulefile

@@ -10,6 +10,7 @@
 #   ['version']               - The version of the puppet agent to install
 #   ['puppet_run_style']      - The run style of the agent either 'service', 'cron', 'external' or 'manual'
 #   ['puppet_run_interval']   - The run interval of the puppet agent in minutes, default is 30 minutes
+#   ['puppet_run_command']    - The command that will be executed for puppet agent run
 #   ['user_id']               - The userid of the puppet user
 #   ['group_id']              - The groupid of the puppet group
 #   ['splay']                 - If splay should be enable defaults to false
@@ -48,6 +49,7 @@
   $version                = 'present',
   $puppet_run_style       = 'service',
   $puppet_run_interval    = 30,
+  $puppet_run_command     = '/usr/bin/puppet agent --no-daemonize --onetime --logdest syslog > /dev/null 2>&1',
   $user_id                = undef,
   $group_id               = undef,
   $splay                  = false,
@@ -128,7 +130,7 @@
       $time2  =  fqdn_rand($puppet_run_interval) + 30
 
       cron { 'puppet-client':
-        command => '/usr/bin/puppet agent --no-daemonize --onetime --logdest syslog > /dev/null 2>&1',
+        command => $puppet_run_command,
         user    => 'root',
         # run twice an hour, at a random minute in order not to collectively stress the puppetmaster
         hour    => '*',
@@ -237,9 +239,9 @@
   }
 
   ini_setting {'puppetagentmaster':
-    ensure   => present,
-    setting  => 'server',
-    value    => $puppet_server,
+    ensure  => present,
+    setting => 'server',
+    value   => $puppet_server,
   }
 
   ini_setting {'puppetagentuse_srv_records':

manifests/agent.pp

@@ -38,6 +38,7 @@
 #  ['backup_upstream']          - specify another puppet master as fallback. currently only supported by nginx
 #  ['unicorn_package']          - package name of a unicorn rpm. if provided we install it, otherwise we built it via gem/gcc
 #  ['unicorn_path']             - custom path to the unicorn binary
+#  ['generate_ssl_certs']       - Generate ssl certs (false to disable)
 #
 # Requires:
 #
@@ -78,7 +79,12 @@
   $puppet_ssldir              = $::puppet::params::puppet_ssldir,
   $puppet_docroot             = $::puppet::params::puppet_docroot,
   $puppet_vardir              = $::puppet::params::puppet_vardir,
+<<<<<<< HEAD
   $puppet_proxy_port          = $::puppet::params::puppet_proxy_port,
+=======
+  $puppet_passenger_port      = $::puppet::params::puppet_passenger_port,
+  $puppet_passenger_tempdir   = false,
+>>>>>>> fc66d308fddf8bc4cb351e5e5bdf540d432c2aaf
   $puppet_master_package      = $::puppet::params::puppet_master_package,
   $puppet_master_service      = $::puppet::params::puppet_master_service,
   $version                    = 'present',
@@ -89,12 +95,17 @@
   $puppetdb_strict_validation = $::puppet::params::puppetdb_strict_validation,
   $dns_alt_names              = ['puppet'],
   $digest_algorithm           = $::puppet::params::digest_algorithm,
+<<<<<<< HEAD
   $webserver                  = $::puppet::params::default_webserver,
   $listen_address             = $::puppet::params::listen_address,
   $disable_ssl                = $::puppet::params::disable_ssl,
   $backup_upstream            = $::puppet::params::backup_upstream,
   $unicorn_path               = $::puppet::params::unicorn_path,
   $unicorn_package            = $::puppet::params::unicorn_package,
+=======
+  $generate_ssl_certs         = true,
+  $puppetdb_version           = 'present',
+>>>>>>> fc66d308fddf8bc4cb351e5e5bdf540d432c2aaf
 ) inherits puppet::params {
 
   anchor { 'puppet::master::begin': }
@@ -146,23 +157,25 @@
     default: {
       Anchor['puppet::master::begin'] ->
       class {'puppet::passenger':
-        puppet_proxy_port   => $puppet_proxy_port,
-        puppet_docroot      => $puppet_docroot,
-        apache_serveradmin  => $apache_serveradmin,
-        puppet_conf         => $::puppet::params::puppet_conf,
-        puppet_ssldir       => $puppet_ssldir,
-        certname            => $certname,
-        conf_dir            => $::puppet::params::confdir,
-        dns_alt_names       => join($dns_alt_names,','),
+      puppet_proxy_port         => $puppet_passenger_port,
+      puppet_docroot            => $puppet_docroot,
+      apache_serveradmin        => $apache_serveradmin,
+      puppet_conf               => $::puppet::params::puppet_conf,
+      puppet_ssldir             => $puppet_ssldir,
+      certname                  => $certname,
+      conf_dir                  => $::puppet::params::confdir,
+      dns_alt_names             => join($dns_alt_names,','),
+      generate_ssl_certs        => $generate_ssl_certs,
+      puppet_passenger_tempdir  => $puppet_passenger_tempdir,
       } ->
       Anchor['puppet::master::end']
     }
 
   }
   service { $puppet_master_service:
-    ensure    => stopped,
-    enable    => false,
-    require   => File[$::puppet::params::puppet_conf],
+    ensure  => stopped,
+    enable  => false,
+    require => File[$::puppet::params::puppet_conf],
   }
 
   if ! defined(File[$::puppet::params::puppet_conf]){
@@ -212,11 +225,12 @@
       dbserver                   => $storeconfigs_dbserver,
       dbport                     => $storeconfigs_dbport,
       puppet_service             => Service[$webserver],
-      puppet_confdir             => $::puppet::params::puppet_confdir,
+      puppet_confdir             => $::puppet::params::confdir,
       puppet_conf                => $::puppet::params::puppet_conf,
       puppet_master_package      => $puppet_master_package,
       puppetdb_startup_timeout   => $puppetdb_startup_timeout,
       puppetdb_strict_validation => $puppetdb_strict_validation,
+      puppetdb_version           => $puppetdb_version,
     } ->
     Anchor['puppet::master::end']
   }

manifests/master.pp

@@ -32,6 +32,7 @@
       $section = ''
       file { "${environmentpath}/${name}":
         ensure => directory,
+        before => [Ini_setting["masterenvmodule${name}"],Ini_setting["masterenvmanifest${name}"]],
       }
     }
     default: {

manifests/masterenv.pp

@@ -39,7 +39,7 @@
   $unicorn_path                     = '/usr/local/bin/unicorn'
 
   # Only used when environments == directory
-  $environmentpath                  = '$confdir/environments'
+  $environmentpath                  = "${confdir}/environments"
 
   case $::osfamily {
     'RedHat': {

manifests/params.pp

@@ -4,6 +4,7 @@
 #
 # Parameters:
 #   ['puppet_proxy_port']    - The port for the virtual host
+#   ['generate_ssl_certs']       - Generate ssl certs (false to disable)
 #   ['puppet_docroot']           - Apache documnet root
 #   ['apache_serveradmin']       - The apache server admin
 #   ['puppet_conf']              - The puppet config dir
@@ -32,6 +33,8 @@
 #
 class puppet::passenger(
   $puppet_proxy_port,
+  $generate_ssl_certs = true,
+  $puppet_passenger_tempdir = false,
   $puppet_docroot,
   $apache_serveradmin,
   $puppet_conf,
@@ -46,49 +49,47 @@
   include apache::mod::ssl
 
   if $::osfamily == 'redhat' {
-    file{'/var/lib/puppet/reports':
+    file { '/var/lib/puppet/reports':
       ensure => directory,
       owner  => $::puppet::params::puppet_user,
       group  => $::puppet::params::puppet_group,
-      mode   => '0750',
     }
+  }
 
+  if str2bool($generate_ssl_certs) == true {
     file{"${puppet_ssldir}/ca":
       ensure => directory,
       owner  => $::puppet::params::puppet_user,
       group  => $::puppet::params::puppet_group,
-      mode   => '0770',
       before => Exec['Certificate_Check'],
     }
 
     file{"${puppet_ssldir}/ca/requests":
       ensure => directory,
       owner  => $::puppet::params::puppet_user,
       group  => $::puppet::params::puppet_group,
-      mode   => '0750',
       before => Exec['Certificate_Check'],
     }
-  }
+    # first we need to generate the cert
+    # Clean the installed certs out ifrst
+    $crt_clean_cmd  = "puppet cert clean ${certname}"
+    # I would have preferred to use puppet cert generate, but it does not
+    # return the corret exit code on some versions of puppet
+    $crt_gen_cmd   = "puppet certificate --ca-location=local --dns_alt_names=${dns_alt_names} generate ${certname}"
+    # I am using the sign command here b/c AFAICT, the sign command for certificate
+    # does not work
+    $crt_sign_cmd  = "puppet cert sign --allow-dns-alt-names ${certname}"
+    # find is required to move the cert into the certs directory which is
+    # where it needs to be for puppetdb to find it
+    $cert_find_cmd = "puppet certificate --ca-location=local find ${certname}"
 
-  # first we need to generate the cert
-  # Clean the installed certs out ifrst
-  $crt_clean_cmd  = "puppet cert clean ${certname}"
-  # I would have preferred to use puppet cert generate, but it does not
-  # return the corret exit code on some versions of puppet
-  $crt_gen_cmd   = "puppet certificate --ca-location=local --dns_alt_names=$dns_alt_names generate ${certname}"
-  # I am using the sign command here b/c AFAICT, the sign command for certificate
-  # does not work
-  $crt_sign_cmd  = "puppet cert sign --allow-dns-alt-names ${certname}"
-  # find is required to move the cert into the certs directory which is
-  # where it needs to be for puppetdb to find it
-  $cert_find_cmd = "puppet certificate --ca-location=local find ${certname}"
-
-  exec { 'Certificate_Check':
-    command   => "${crt_clean_cmd} ; ${crt_gen_cmd} && ${crt_sign_cmd} && ${cert_find_cmd}",
-    unless    => "/bin/ls ${puppet_ssldir}/certs/${certname}.pem",
-    path      => '/usr/bin:/usr/local/bin',
-    logoutput => on_failure,
-    require   => File[$puppet_conf]
+    exec { 'Certificate_Check':
+      command   => "${crt_clean_cmd} ; ${crt_gen_cmd} && ${crt_sign_cmd} && ${cert_find_cmd}",
+      unless    => "/bin/ls ${puppet_ssldir}/certs/${certname}.pem",
+      path      => '/usr/bin:/usr/local/bin',
+      logoutput => on_failure,
+      require   => File[$puppet_conf]
+    }
   }
 
   file { $puppet_docroot:
@@ -100,24 +101,24 @@
 
   apache::vhost { "puppet-${certname}":
     port              => $puppet_proxy_port,
-    priority          => '40',
-    docroot           => $puppet_docroot,
-    serveradmin       => $apache_serveradmin,
-    servername        => $certname,
-    ssl               => true,
-    ssl_cert          => "${puppet_ssldir}/certs/${certname}.pem",
-    ssl_key           => "${puppet_ssldir}/private_keys/${certname}.pem",
-    ssl_chain         => "${puppet_ssldir}/ca/ca_crt.pem",
-    ssl_ca            => "${puppet_ssldir}/ca/ca_crt.pem",
-    ssl_crl           => "${puppet_ssldir}/ca/ca_crl.pem",
-    ssl_protocol      => 'ALL -SSLv2 -SSLv3',
-    ssl_cipher        => 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK',
+    priority             => '40',
+    docroot              => $puppet_docroot,
+    serveradmin          => $apache_serveradmin,
+    servername           => $certname,
+    ssl                  => true,
+    ssl_cert             => "${puppet_ssldir}/certs/${certname}.pem",
+    ssl_key              => "${puppet_ssldir}/private_keys/${certname}.pem",
+    ssl_chain            => "${puppet_ssldir}/ca/ca_crt.pem",
+    ssl_ca               => "${puppet_ssldir}/ca/ca_crt.pem",
+    ssl_crl              => "${puppet_ssldir}/ca/ca_crl.pem",
+    ssl_protocol         => 'ALL -SSLv2 -SSLv3',
+    ssl_cipher           => 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK',
     ssl_honorcipherorder => 'On',
-    ssl_verify_client => 'optional',
-    ssl_verify_depth  => '1',
-    ssl_options       => ['+StdEnvVars', '+ExportCertData'],
-    rack_base_uris    => '/',
-    directories       => [
+    ssl_verify_client    => 'optional',
+    ssl_verify_depth     => '1',
+    ssl_options          => ['+StdEnvVars', '+ExportCertData'],
+    rack_base_uris       => '/',
+    directories          => [
       {
         path => $puppet_docroot,
       },
@@ -126,7 +127,7 @@
         options => 'None',
       },
     ],
-    require         => [ File['/etc/puppet/rack/config.ru'], File[$puppet_conf] ],
+    require              => [ File['/etc/puppet/rack/config.ru'], File[$puppet_conf] ],
   }
 
   #Hack to add extra passenger configurations for puppetmaster

manifests/passenger.pp

@@ -27,14 +27,15 @@
 #   }
 #
 class puppet::storeconfigs(
-    $dbserver,
     $dbport,
-    $puppet_service,
+    $dbserver,
     $puppet_master_package,
+    $puppet_service,
     $puppetdb_startup_timeout,
     $puppetdb_strict_validation,
+    $puppetdb_version,
+    $puppet_conf    =  $::puppet::params::puppet_conf,
     $puppet_confdir =  $::puppet::params::confdir,
-    $puppet_conf    =  $::puppet::params::puppet_conf
 )inherits puppet::params {
 
   ##If we point at a puppetdb on this machine
@@ -57,6 +58,7 @@
       puppetdb_startup_timeout => $puppetdb_startup_timeout,
       strict_validation        => $puppetdb_strict_validation,
       require                  => $require,
+      puppetdb_version         => $puppetdb_version,
     }
   }
 }