Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Apress
committed
Oct 16, 2016
0 parents
commit ecae067
Showing
136 changed files
with
3,046 additions
and
0 deletions.
There are no files selected for viewing
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
Freeware License, some rights reserved | ||
|
||
Copyright (c) 2011 James Turnbull and Jeffrey McCune | ||
|
||
Permission is hereby granted, free of charge, to anyone obtaining a copy | ||
of this software and associated documentation files (the "Software"), | ||
to work with the Software within the limits of freeware distribution and fair use. | ||
This includes the rights to use, copy, and modify the Software for personal use. | ||
Users are also allowed and encouraged to submit corrections and modifications | ||
to the Software for the benefit of other users. | ||
|
||
It is not allowed to reuse, modify, or redistribute the Software for | ||
commercial use in any way, or for a user�s educational materials such as books | ||
or blog articles without prior permission from the copyright holder. | ||
|
||
The above copyright notice and this permission notice need to be included | ||
in all copies or substantial portions of the software. | ||
|
||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
AUTHORS OR COPYRIGHT HOLDERS OR APRESS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | ||
SOFTWARE. | ||
|
||
|
15 changes: 15 additions & 0 deletions
15
..._load_balanced_apache_configuration_with_centralized_ca/40_puppetmaster_worker_18140.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
Listen 18140 | ||
<VirtualHost 127.0.0.1:18140> | ||
SSLEngine off | ||
# Obtain Authentication Information from Client Request Headers | ||
SetEnvIf X-Client-Verify "(.*)" SSL_CLIENT_VERIFY=$1 | ||
SetEnvIf X-SSL-Client-DN "(.*)" SSL_CLIENT_S_DN=$1 | ||
RackAutoDetect On | ||
DocumentRoot /etc/puppet/rack/puppetmaster_18140/public/ | ||
<Directory /etc/puppet/rack/puppetmaster_18140/> | ||
Options None | ||
AllowOverride None | ||
Order allow,deny | ||
allow from all | ||
</Directory> | ||
</VirtualHost> |
15 changes: 15 additions & 0 deletions
15
..._load_balanced_apache_configuration_with_centralized_ca/41_puppetmaster_worker_18141.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
Listen 18141 | ||
<VirtualHost 127.0.0.1:18141> | ||
SSLEngine off | ||
# Obtain Authentication Information from Client Request Headers | ||
SetEnvIf X-Client-Verify "(.*)" SSL_CLIENT_VERIFY=$1 | ||
SetEnvIf X-SSL-Client-DN "(.*)" SSL_CLIENT_S_DN=$1 | ||
RackAutoDetect On | ||
DocumentRoot /etc/puppet/rack/puppetmaster_18141/public/ | ||
<Directory /etc/puppet/rack/puppetmaster_18141/> | ||
Options None | ||
AllowOverride None | ||
Order allow,deny | ||
allow from all | ||
</Directory> | ||
</VirtualHost> |
15 changes: 15 additions & 0 deletions
15
...ad_balanced_apache_configuration_with_centralized_ca/42_puppetmasterca_primary_18142.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
Listen 18142 | ||
<VirtualHost 127.0.0.1:18142> | ||
SSLEngine off | ||
# Obtain Authentication Information from Client Request Headers | ||
SetEnvIf X-Client-Verify "(.*)" SSL_CLIENT_VERIFY=$1 | ||
SetEnvIf X-SSL-Client-DN "(.*)" SSL_CLIENT_S_DN=$1 | ||
RackAutoDetect On | ||
DocumentRoot /etc/puppet/rack/puppetmaster_18142/public/ | ||
<Directory /etc/puppet/rack/puppetmaster_18142/> | ||
Options None | ||
AllowOverride None | ||
Order allow,deny | ||
allow from all | ||
</Directory> | ||
</VirtualHost> |
15 changes: 15 additions & 0 deletions
15
...ad_balanced_apache_configuration_with_centralized_ca/43_puppetmasterca_standby_18143.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
Listen 18143 | ||
<VirtualHost 127.0.0.1:18143> | ||
SSLEngine off | ||
# Obtain Authentication Information from Client Request Headers | ||
SetEnvIf X-Client-Verify "(.*)" SSL_CLIENT_VERIFY=$1 | ||
SetEnvIf X-SSL-Client-DN "(.*)" SSL_CLIENT_S_DN=$1 | ||
RackAutoDetect On | ||
DocumentRoot /etc/puppet/rack/puppetmaster_18143/public/ | ||
<Directory /etc/puppet/rack/puppetmaster_18143/> | ||
Options None | ||
AllowOverride None | ||
Order allow,deny | ||
allow from all | ||
</Directory> | ||
</VirtualHost> |
56 changes: 56 additions & 0 deletions
56
...4/03_load_balanced_apache_configuration_with_centralized_ca/30_puppetmaster_frontend.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
# Available back-end worker virtual hosts | ||
# NOTE the use of cleartext unencrypted HTTP. | ||
|
||
# vim 30_puppetmaster_frontend_8140.conf | ||
<Proxy balancer://puppetmaster> | ||
BalancerMember http://127.0.0.1:18140 | ||
BalancerMember http://127.0.0.1:18141 | ||
</Proxy> | ||
|
||
<Proxy balancer://puppetmasterca> | ||
# Puppet CA Active Worker | ||
BalancerMember http://127.0.0.1:18142 | ||
# Puppet CA Hot Standby | ||
BalancerMember http://127.0.0.1:18143 status=+H | ||
</Proxy> | ||
|
||
Listen 8140 | ||
<VirtualHost *:8140> | ||
SSLEngine on | ||
# SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA | ||
SSLProtocol -ALL +SSLv3 +TLSv1 | ||
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP | ||
# Puppet master should generate initial CA certificate. | ||
# ensure certs are located in /var/lib/puppet/ssl | ||
SSLCertificateFile /var/lib/puppet/ssl/certs/puppet.example.com.pem | ||
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet.example.com.pem | ||
SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem | ||
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem | ||
# CRL checking should be enabled | ||
# disable next line if Apache complains about CRL | ||
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem | ||
# This is optional to allow CSR request, required if certificates distributed to client during provisioning. | ||
SSLVerifyClient optional | ||
SSLVerifyDepth 1 | ||
SSLOptions +StdEnvVars | ||
# The following client headers record authentication information for down stream workers. | ||
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e | ||
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e | ||
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e | ||
<Location /> | ||
SetHandler balancer-manager | ||
Order allow,deny | ||
Allow from all | ||
</Location> | ||
|
||
# Ordering of ProxyPass directives is important | ||
# Direct all Puppet agent CA requests to a specific set of workers. | ||
ProxyPassMatch ^(/.*?)/(certificate.*?)/(.*)$ balancer://puppetmasterca | ||
ProxyPassReverse ^(/.*?)/(certificate.*?)/(.*)$ balancer://puppetmasterca | ||
# Direct all other Puppet agent requests to the default set of workers. | ||
ProxyPass / balancer://puppetmaster/ | ||
ProxyPassReverse / balancer://puppetmaster/ | ||
ProxyPreserveHost On | ||
|
||
</VirtualHost> | ||
|
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
class apache { | ||
include apache::install, apache::service | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
class apache::install { | ||
package { [ "apache2" ]: | ||
ensure => present, | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
class apache::service { | ||
service { "apache2": | ||
ensure => running, | ||
hasstatus => true, | ||
hasrestart => true, | ||
enable => true, | ||
require => Class["apache::install"], | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
define apache::vhost( $port, $docroot, $ssl=true, $template='apache/vhost.conf.erb', $priority, $serveraliases = '' ) { | ||
|
||
include apache | ||
|
||
file {"/etc/apache2/sites-enabled/${priority}-${name}": | ||
content => template($template), | ||
owner => 'root', | ||
group => 'root', | ||
mode => '777', | ||
require => Class["apache::install"], | ||
notify => Class["apache::service"], | ||
} | ||
} |
20 changes: 20 additions & 0 deletions
20
Pro Puppet/source/chapter02/apache/templates/vhost.conf.erb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
NameVirtualHost *:<%= port %> | ||
<VirtualHost *:<%= port %>> | ||
ServerName <%= name %> | ||
<%if serveraliases.is_a? Array -%> | ||
<% serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%> | ||
<% elsif serveraliases != '' -%> | ||
<%= " ServerAlias #{serveraliases}" -%> | ||
<% end -%> | ||
DocumentRoot <%= docroot %> | ||
<Directory <%= docroot %>> | ||
Options Indexes FollowSymLinks MultiViews | ||
AllowOverride None | ||
Order allow,deny | ||
allow from all | ||
</Directory> | ||
ErrorLog /var/log/apache2/<%= name %>_error.log | ||
LogLevel warn | ||
CustomLog /var/log/apache2/<%= name %>_access.log combined | ||
ServerSignature On | ||
</VirtualHost> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
class mysql::config { | ||
file { "/opt/csw/mysql5/my.cnf": | ||
ensure = > present, | ||
source => "puppet:///modules/mysql/my.cnf", | ||
owner => "mysql", | ||
group => "mysql", | ||
require => Class["mysql::install"], | ||
notify => Class["mysql::service"], | ||
} | ||
|
||
file { "/opt/csw/mysql5/var": | ||
group => "mysql", | ||
owner => "mysql", | ||
recurse => true, | ||
require => File["/opt/csw/mysql5/my.cnf"], | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
class mysql { | ||
include mysql::install, mysql::config, mysql::service | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
class mysql::install { | ||
package { [ "mysql5", "mysql5client", "mysql5rt", "mysql5test", "mysql5devel" ]: | ||
ensure => present, | ||
require => User["mysql"], | ||
} | ||
|
||
user { "mysql": | ||
ensure => present, | ||
comment => "MySQL user", | ||
gid => "mysql", | ||
shell => "/bin/false", | ||
require => Group["mysql"], | ||
} | ||
|
||
group { "mysql": | ||
ensure => present, | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
class mysql::service { | ||
service { "cswmysql5": | ||
ensure => running, | ||
hasstatus => true, | ||
hasrestart => true, | ||
enabled => true, | ||
require => Class["mysql::config"], | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
class base { | ||
include sudo, ssh, puppet | ||
} | ||
|
||
node puppet.example.com { | ||
include base | ||
include puppet::master | ||
} | ||
|
||
node web.example.com { | ||
include base, apache | ||
|
||
apache::vhost { 'www.example.com': | ||
port => 80, | ||
docroot => '/var/www/www.example.com', | ||
ssl => false, | ||
priority => 10, | ||
serveraliases => 'home.example.com', | ||
} | ||
} | ||
|
||
node db.example.com { | ||
include base, mysql | ||
} | ||
|
||
node mail.example.com { | ||
include base, postfix | ||
} |
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
# | ||
# Postfix master process configuration file. For details on the format | ||
# of the file, see the master(5) manual page (command: "man 5 master"). | ||
# | ||
# ========================================================================== | ||
# service type private unpriv chroot wakeup maxproc command + args | ||
# (yes) (yes) (yes) (never) (100) | ||
# ========================================================================== | ||
smtp inet n - n - - smtpd | ||
submission inet n - n - - smtpd | ||
-o smtpd_enforce_tls=yes | ||
-o smtpd_sasl_auth_enable=yes | ||
-o smtpd_client_restrictions=permit_sasl_authenticated,reject | ||
smtps inet n - n - - smtpd | ||
-o smtpd_tls_wrappermode=yes | ||
-o smtpd_sasl_auth_enable=yes | ||
-o smtpd_client_restrictions=permit_sasl_authenticated,reject | ||
#628 inet n - n - - qmqpd | ||
pickup fifo n - n 60 1 pickup | ||
cleanup unix n - n - 0 cleanup | ||
qmgr fifo n - n 300 1 qmgr | ||
#qmgr fifo n - n 300 1 oqmgr | ||
tlsmgr unix - - n 1000? 1 tlsmgr | ||
rewrite unix - - n - - trivial-rewrite | ||
bounce unix - - n - 0 bounce | ||
defer unix - - n - 0 bounce | ||
trace unix - - n - 0 bounce | ||
verify unix - - n - 1 verify | ||
flush unix n - n 1000? 0 flush | ||
proxymap unix - - n - - proxymap | ||
smtp unix - - n - - smtp | ||
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops | ||
relay unix - - n - - smtp | ||
-o fallback_relay= | ||
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 | ||
showq unix n - n - - showq | ||
error unix - - n - - error | ||
retry unix - - n - - error | ||
discard unix - - n - - discard | ||
local unix - n n - - local | ||
virtual unix - n n - - virtual | ||
lmtp unix - - n - - lmtp | ||
anvil unix - - n - 1 anvil | ||
scache unix - - n - 1 scache | ||
# | ||
# ==================================================================== | ||
# Interfaces to non-Postfix software. Be sure to examine the manual | ||
# pages of the non-Postfix software to find out what options it wants. | ||
# | ||
# Many of the following services use the Postfix pipe(8) delivery | ||
# agent. See the pipe(8) man page for information about ${recipient} | ||
# and other message envelope options. | ||
# ==================================================================== | ||
# | ||
# maildrop. See the Postfix MAILDROP_README file for details. | ||
# Also specify in main.cf: maildrop_destination_recipient_limit=1 | ||
# | ||
#maildrop unix - n n - - pipe | ||
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} | ||
# | ||
# The Cyrus deliver program has changed incompatibly, multiple times. | ||
# | ||
#old-cyrus unix - n n - - pipe | ||
# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} | ||
# Cyrus 2.1.5 (Amos Gouaux) | ||
# Also specify in main.cf: cyrus_destination_recipient_limit=1 | ||
#cyrus unix - n n - - pipe | ||
# user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} | ||
# | ||
# See the Postfix UUCP_README file for configuration details. | ||
# | ||
#uucp unix - n n - - pipe | ||
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) | ||
# | ||
# Other external delivery methods. | ||
# | ||
#ifmail unix - n n - - pipe | ||
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) | ||
#bsmtp unix - n n - - pipe | ||
# flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient | ||
# | ||
#scalemail-backend unix - n n - 2 pipe | ||
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store | ||
# ${nexthop} ${user} ${extension} | ||
# | ||
#mailman unix - n n - - pipe | ||
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py | ||
# ${nexthop} ${user} | ||
proxywrite unix - - n - 1 proxymap |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
class postfix::config { | ||
File { | ||
owner => "postfix", | ||
group => "postfix", | ||
mode => 0644, | ||
} | ||
|
||
file { "/etc/postfix/master.cf": | ||
ensure = > present, | ||
source => "puppet:///modules/postfix/master.cf", | ||
require => Class["postfix::install"], | ||
notify => Class["postfix::service"], | ||
} | ||
|
||
file { "/etc/postfix/main.cf": | ||
ensure = > present, | ||
content => template("postfix/main.cf.erb"), | ||
require => Class["postfix::install"], | ||
notify => Class["postfix::service"], | ||
} | ||
} |
Oops, something went wrong.