From acc6639c37ce4f14b3ee1f9526c6017bc9b28601 Mon Sep 17 00:00:00 2001
From: Apress <gwenanspearing@apress.com>
Date: Tue, 11 Oct 2016 04:08:57 +0100
Subject: [PATCH] First commit

---
 9781590599785.jpg                             | Bin 0 -> 10585 bytes
 Chapter 4/.DS_Store                           | Bin 0 -> 6148 bytes
 Chapter 4/fileserver.conf                     |   0
 Chapter 4/manifests/.DS_Store                 | Bin 0 -> 6148 bytes
 Chapter 4/manifests/classes/.DS_Store         | Bin 0 -> 6148 bytes
 Chapter 4/manifests/classes/administrators.pp |   6 +
 Chapter 4/manifests/classes/baseapps.pp       |  29 +
 Chapter 4/manifests/classes/mail_team.pp      |   7 +
 Chapter 4/manifests/classes/staff.pp          |  10 +
 Chapter 4/manifests/groups/mysql_group.pp     |   7 +
 Chapter 4/manifests/groups/virt_groups.pp     |  16 +
 Chapter 4/manifests/nodes.pp                  |  16 +
 Chapter 4/manifests/os/debian.pp              |   9 +
 Chapter 4/manifests/os/fedora.pp              |   9 +
 Chapter 4/manifests/site.pp                   |  10 +
 Chapter 4/manifests/templates.pp              |  22 +
 Chapter 4/manifests/users/mysql_user.pp       |  10 +
 Chapter 4/manifests/users/virt_users.pp       |  19 +
 Chapter 4/modules/.DS_Store                   | Bin 0 -> 6148 bytes
 Chapter 4/modules/apache/.DS_Store            | Bin 0 -> 6148 bytes
 Chapter 4/modules/apache/files/httpd.conf     | 990 ++++++++++++++++++
 Chapter 4/modules/apache/manifests/.DS_Store  | Bin 0 -> 6148 bytes
 .../modules/apache/manifests/apache_files.pp  |  13 +
 Chapter 4/modules/apache/manifests/init.pp    |  21 +
 .../modules/apache/manifests/virtual_hosts.pp |  19 +
 .../modules/apache/templates/virtual_host.erb |   4 +
 Chapter 4/modules/mysql/.DS_Store             | Bin 0 -> 6148 bytes
 Chapter 4/modules/mysql/files/my.cnf          |  11 +
 Chapter 4/modules/mysql/manifests/init.pp     |  22 +
 Chapter 4/modules/postfix/.DS_Store           | Bin 0 -> 6148 bytes
 Chapter 4/modules/postfix/files/aliases.db    |   1 +
 Chapter 4/modules/postfix/files/main.cf       | 667 ++++++++++++
 Chapter 4/modules/postfix/files/master.cf     |  99 ++
 Chapter 4/modules/postfix/manifests/.DS_Store | Bin 0 -> 6148 bytes
 Chapter 4/modules/postfix/manifests/init.pp   |  36 +
 .../postfix/manifests/postfix_files.pp        |  13 +
 Chapter 4/my.cnf                              |  11 +
 Chapter 4/puppet.conf                         |   2 +
 Chapter 6/.DS_Store                           | Bin 0 -> 6148 bytes
 Chapter 6/apache_puppet.conf                  |  62 ++
 Chapter 6/ext_node_mysql.pl                   |  50 +
 Chapter 6/external_nodes.pl                   |  20 +
 Chapter 6/ldap_nodes.ldif                     |  42 +
 Chapter 6/mongrel_puppetmasterd.sh            |  20 +
 Chapter 6/puppet.conf                         |  56 +
 Chapter 7/.DS_Store                           | Bin 0 -> 6148 bytes
 Chapter 7/provider/parsed.rb                  |  18 +
 Chapter 7/type/.DS_Store                      | Bin 0 -> 6148 bytes
 Chapter 7/type/shells.rb                      |  29 +
 LICENSE.txt                                   |  27 +
 README.md                                     |  15 +
 README.txt                                    |  21 +
 contributing.md                               |  14 +
 53 files changed, 2453 insertions(+)
 create mode 100644 9781590599785.jpg
 create mode 100644 Chapter 4/.DS_Store
 create mode 100644 Chapter 4/fileserver.conf
 create mode 100644 Chapter 4/manifests/.DS_Store
 create mode 100644 Chapter 4/manifests/classes/.DS_Store
 create mode 100644 Chapter 4/manifests/classes/administrators.pp
 create mode 100644 Chapter 4/manifests/classes/baseapps.pp
 create mode 100644 Chapter 4/manifests/classes/mail_team.pp
 create mode 100644 Chapter 4/manifests/classes/staff.pp
 create mode 100644 Chapter 4/manifests/groups/mysql_group.pp
 create mode 100644 Chapter 4/manifests/groups/virt_groups.pp
 create mode 100644 Chapter 4/manifests/nodes.pp
 create mode 100644 Chapter 4/manifests/os/debian.pp
 create mode 100644 Chapter 4/manifests/os/fedora.pp
 create mode 100644 Chapter 4/manifests/site.pp
 create mode 100644 Chapter 4/manifests/templates.pp
 create mode 100644 Chapter 4/manifests/users/mysql_user.pp
 create mode 100644 Chapter 4/manifests/users/virt_users.pp
 create mode 100644 Chapter 4/modules/.DS_Store
 create mode 100644 Chapter 4/modules/apache/.DS_Store
 create mode 100644 Chapter 4/modules/apache/files/httpd.conf
 create mode 100644 Chapter 4/modules/apache/manifests/.DS_Store
 create mode 100644 Chapter 4/modules/apache/manifests/apache_files.pp
 create mode 100644 Chapter 4/modules/apache/manifests/init.pp
 create mode 100644 Chapter 4/modules/apache/manifests/virtual_hosts.pp
 create mode 100644 Chapter 4/modules/apache/templates/virtual_host.erb
 create mode 100644 Chapter 4/modules/mysql/.DS_Store
 create mode 100644 Chapter 4/modules/mysql/files/my.cnf
 create mode 100644 Chapter 4/modules/mysql/manifests/init.pp
 create mode 100644 Chapter 4/modules/postfix/.DS_Store
 create mode 100644 Chapter 4/modules/postfix/files/aliases.db
 create mode 100644 Chapter 4/modules/postfix/files/main.cf
 create mode 100644 Chapter 4/modules/postfix/files/master.cf
 create mode 100644 Chapter 4/modules/postfix/manifests/.DS_Store
 create mode 100644 Chapter 4/modules/postfix/manifests/init.pp
 create mode 100644 Chapter 4/modules/postfix/manifests/postfix_files.pp
 create mode 100644 Chapter 4/my.cnf
 create mode 100644 Chapter 4/puppet.conf
 create mode 100644 Chapter 6/.DS_Store
 create mode 100644 Chapter 6/apache_puppet.conf
 create mode 100644 Chapter 6/ext_node_mysql.pl
 create mode 100644 Chapter 6/external_nodes.pl
 create mode 100644 Chapter 6/ldap_nodes.ldif
 create mode 100644 Chapter 6/mongrel_puppetmasterd.sh
 create mode 100644 Chapter 6/puppet.conf
 create mode 100644 Chapter 7/.DS_Store
 create mode 100644 Chapter 7/provider/parsed.rb
 create mode 100644 Chapter 7/type/.DS_Store
 create mode 100644 Chapter 7/type/shells.rb
 create mode 100644 LICENSE.txt
 create mode 100644 README.md
 create mode 100644 README.txt
 create mode 100644 contributing.md

diff --git a/9781590599785.jpg b/9781590599785.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..0f03c20e67eaa1dcab0bd6c87cf03cde6b233dbe
GIT binary patch
literal 10585
zcmch7cT^PLlW!woP*4N`L85|!<eY=3WRN671__FQfaJ^w2<VU`D;b6yMZ%DCPD9Q)
z4MB2-VP?nQ?)SUj-E;PxeeaLgbL#Zzo?CVAr>eVdg~m)`7J<7;a*A>Q4h|0R2Kxgr
zGr$XgkbnS0fKLblfo|R;yhTiYo0y1*n40V!2|3*Z270;&w6u)OTr7-_IGAW@S%sf+
z@bC%<2r#gSN{aAFaPbT9{Skt5^X5%rB4VoBx2gCZ(mv$-zdkTc04X7G26W-#JOXZz
z;^30vVA=o%0Kmb=uJ+G@|Kq^9fs2Pv03y73iwHZQ;x2Fl2N(AS9xgsU9v*hI5B7fm
zj})KmA+HR<Jq=UPBL{LmzsPh#rst*26q-Z(%=~7K{x@$?-lw8|@c0P}>r*xXK_Oug
zQLz^<W#!}*6qU4IYlC%k_4Lgx-oCSZZ)NS|?BeR??%^5mIWQ>r%U5VrbWChq{P!OT
z8L-T(?3~=Z{9k3|6_xO+>YA3;w)T$BuI`@Uk<qd7iOH$yrR9~?wRPmi=GMXC(ecUY
z+4;rgA6z&9?!UwO8`*!uMT*6B0}l@u5A+8Y&J8y#;gaIvKjbAKlhFW~I^282=SN8X
zJTkqs`6d&;=01g)<IpWiW`U*02Y;ab3)%k;nE(G1vcG}-C$4FL7#9a?JX}&h8aQ~s
znvwP`1Imh9J?t&+W^UKkOY$Abm@U&x$FCz7A(r>r{TZYI1YEl#4-3O?t!P*OIwFSi
zeY#SQQfR{6M{U1`SX~5P`|hGsmo9X~*BjO{*mrJht#=oh$K9>79e752N`(P#Epa`x
zvH9`Fn=-72Ow58-$0|=bzcp)CnPxV->89^WsxO3X*=Snc(v_pnu}_V8JZAUl?F=aU
z^XE|3v>Sg>EhIP}@4;-H-4vdW`2Ba%mq78OTD9P^+n4Pn2a<J8tS6J_(y(!t#$YBm
zmz7!GLX8;eiliqrRp#P#-06{#$|HY%=Fep0p0|d|;iCdm)B~wiy<eVvJK^xW<C%&9
zj67}$OKrKlc5bLIervawM0_WQ+)gUsu;>WlMpI}h_sWYciprAlBQF%XdwA#^2O3u5
z_pUzdW)H8gZ&WIlo$WSzve0@CyXSV*_$>?Z6IEcpBg}8aUi_^Z4vvhb!guiZbQC!&
zO#Nl}*-hv$P_0gh6#7bNa+t!Sfm7;zm|CBh%W+1e@BZbG`oNbIQ61;>_h$tZV})l@
zR;2B;+!Y~Fz~!Yj+w^|Sp3QPUpK~>Il6h-bnLVF1LRy-$a}Lp%<yB&S#B8(mKqxt@
zoq0k`5P_XG6M891{uYV>h+Jkf8C1Y((<uH>4DfD#1zn2)PPW}==V$fZ(-aGIX@Y8?
z%9?gd)Gi<0SfpoXx{f>brxM$^yp8BWCmyJdB@*tY|Jc2oX-|vC7X-5Am-02^PokH#
z&<M^t_wSkSa4&T3ZG1FFe7H9HTeFGG(MN%z0uLVVFul-f`VhLL)FicV<0}a*K6kI9
z$QHk5CH&ExVCI9%W)G>@vg=2OEW8RV#KJ0#OhPTI&MN`^=5zfy8}roVyti3&g{H&W
zhNz1hK89-bIz8YSa9s@;p<T|2<(>6EYp+y+Qwn>!Os6J1g_+@Un~|g!npB)yqW$0t
zXBYqjlo&Cc!?glhDLq5a;)KikogD3K6D($jy3!aev})gr4~#U4AgrfqMg>A*3@m&k
ztQ-~JS4z2TDTD;8ECV>9ezhLv2#F+UW)vk7|Fq<`Ia((EKP10)p%&OAwp6RA`b4~U
zWa8?>dpVJ<ocBU1{jI>nc*puZ4-VI(t-Iaje5_iuJwQZi6%`p_@rw@q=!P7!=3IgH
z-{#?KDtYYeHx}5%yo)EBnazttcAtc6LRpJ$-eS%8^e-CUAJ0t?{=#Yh1Tpo?tO^(H
zAu_%2O%%oc1S(8xu{>e`n|Y{QV1x7rT_4=0KM}!K*dj@%MGjXy-*yxK8u!>nQRB00
ztgp9)*FC@JXv6yfE*Jnl)0~NTswy{WTlTF|VwH{waW--8BTx4XA&XS4ie^qMi;fc=
z;JsLZ9_GsodzYB+?2nBLCFIeV6emg_TFN|}h$MT;9B5`q_-TdqD9L4oItMf{zVULT
zCFKoQ@w4eB+hc0n*cH0%RADz3>Z+JUe?FwY*aN94mqy6+y9Gpl9WtdtYRDtu8f*kR
zqsitb&D;|W1DhpMp?-84r!+1pI-?&Nu&0*CC=gpH+*$Z;;a%tJ@`c;38P7<CaKpP*
zVZx0oG{T9W-DizUL0VsQtR~Df%f*GE>g%6Z=!K%ajqT%;-wmosRD6n|QC^S2cfCm3
z_HUD?KX=lBvQ?S~wf0687NU<j+2&Jom9qzi+iAJ_Y8B!nTk<vY%W5*7zBB&>bh8ZC
z2e143+G2nfZ7&QURmpIEhZO^S&Obx@e30I!)z(_t`EcV^SS~SEr*e?}!gVm1tw$RR
zmq#YoFlsWV4=#iOme}e$q<T#;z^CPibEOgpa=aA-;Ix~L?oS!b%5d!K_jB-s_CAu+
z)4E<3^A(sigHslc{bLpl3~*B$iMrHv!T_(9e<k$naEu=my)yudgPo`+)za*e!^HMp
zHH@^$9S(RwMBO^q(~Y*b_(z?T2J3_Ka<JU0SZ*r}aDIm^9G0(|_Z_uSv~qY9@r0)u
zQKXTPC(9Y=O0FTxi%((Ksx<1NM=fwg6OwIG_b{|_p(IP_3M-rC?!pwp<|#Fiz*|N7
zscq#1;k5?XnrpQ_)InaGxU1P9o$Z;lk}X!mJ5{k$8mf}a@?_4(BH^yjNf8pbgU8ab
z;B<jg8dZ>YIN>U(QA6ZPRwU(uu^#gq9{2%qcf{rU#!mEptLJ(Zl<h5HzrI{K`)In9
zr(NHv_=`IkiN`a!-0|q-1rDj)kF5t3Oa_JzTMhbh20LWkJLQN)Ob5d=O5}^I2eZ2>
z4314?Yd%URJNAO;Lr*sk@Lv{*upGfJQYtHTRI<<rwzRF?+Sk4;H%d=PNH=QKA1SB%
zd=xX7sxnPI&Afu`&)W2JaTVL&u`9Mr!T=*y)EMALu66on{{=0!ixZCmEhXs?bc0+r
zykx;<g78e%Jc#3qZ3b01qvxU<OD%1*?AswDMT3{_zoMh-k|(w6S<o-^A=f^#7$6;*
z2R<&jxQ(^M$;o|m5S!(Gsl2nNWt$q6%`{0^)PhQ*^Jf{F5TEqe$>>Ob{(j{Zdm{N|
zZn{mOQiV7jopCkhoiewlBTP&wFsU)=2yYwVU~lcy_X1%;%d&pV1|eU%BNbWF>Ax3y
zH6@Ip8xNG`F@Q#5U-D86F)>@NF+dmSE?}xj&SXrgu@*8>Frs!edThyB6Q1Z+Yr>Q|
zSjT#~5Mnt9J}`YB3LD_v1(|lLoLx?+EuO2E_<Ot9*Sf_NQJZ#rEabn`bSFY9U1NZ&
z36o1Y)uoaPiiU@fMwUa*&35gi5)ix!eL+3!54O2lh}6=QJ}?vLJCvGs#{hnc8t$-{
zW5p*XM4Oj!rF4iHv)6v@Rca4k%@Z<s!PhjcA&1We7A~))FUe!8m+dcT&<q%$n&C+4
zi)xD}L{P1nd^xjX=iVLZpg60-%4n};ulM$;iSA^ah({};OcHJ@qD}p#y6)`ijR#?!
z!FZ9Gm3{Nh=a01sq~3@lnQ-T8Bwu2H_KRS2<3kKEWL86WFZFAKpf(0Dv<>QW*^n+~
zb<f`q=8xUOJJlB&zJ8fI5>psAT-s;gEl@VP%XMGzK(b<1sORPHM;DQuGNFeg5)n#A
z)5rD!1uUmQ<sOq9pX|?mIb7QefRuJy2XZQtMSD<{I}?M*d{{TNtp1tgyR`~c;U)So
z?jY~c`Iqrg`k~zej_%04k3Kx?Nu%E8Bwy>eb2e&9z6(+n>$t*LHFK*Oqd?Nmp_j{X
z!$<8Yzz7F-MpeL-wEFd`I={yk$F$XOp(Of_%DU&y7~sCQNOU_$4T{jJjJF88+Z4Ti
zOTJ3nk9zgNawyX)tL`UB<x%r{FjRQZY{sywm36B9BV?FBkpxO|h_qtHMVXblC@H;t
z>1NX_cf?7d$+`BnT_s#B_zR~k$Ggu8?;@XnTfK4j#%z*Pf&|tXF(aC>k8&3V*eKQX
z);6<6@qA9sXiIV(xR;P5o*(nH#dY0jqsGwXHBC&Ct3uz{?-K>|gN+eHKJ&EAEQSBz
zGn~-1i-pl+>13noa~rE{Ys!7=d6tR_=#u<56?yM)HAXIX+;GJ`&F#iRISD}wU?M%P
zWD){76trSE*+{+Q8IRc-iy0HCH9}a_NZyQLgkk4^ohPA-77MP0JMOx>J|$bWNzT6M
zP);Gb8a~;K7=|}4>FKNHhp{2rDa))$om_A}2ZfsFQX@gsbRNZJ8mv;n8&?MdDKk#n
zU!^Zky3e(rV1U3e=Q}&wPR<sW-g6LM^-^u5+7G4v7m05RCQ#5*ffaWBv)IsN@urTg
zJ$;-0SL~9)3b7d}J1`ap(7BE@lBr0x#Qiy)xJ-cYaK-D<@@|X6&=ifZ$ol3ps$%GE
zM^z@R0}K7|5TW#??ZgYpwZS)XSEUm<qO=yS`BIF7<=qkwToA-tIyp*uE&Zk+k%Vo2
z-y~(2iak$?V8$gChKIjwoxz?TE^{D}i8*(4dMYL+&{T`L8PJnEJlN<S$g{P);#|Ft
z<L1FvnCKL`!?<#so10#+!SB?b!fa1r1DRH{uI%j5MOFCB@eh2Iw1x+t<e?;s4Xoof
zen~K|Q7wvLz0pj7UJTeehC<pRzShQ|tJuTIX+dicb{_lIyhtc3``mbZUJp(a&$q6q
zcr4NqdiYVakW;vQFUKn3`r9u(f}gr&KL`)YQUYjCPK&LfJtAUH_2+6D5;EpIBT9}3
z{E_V>4vRMS#MhD9jEVhM@;|!Q!i83@ON__dG!J^W#47!KosUB|ah}OMm9pa<T?tP)
zDZv1QIiH;uZdpBOsBp<=GU>>nT+_AdP@`G|TSC1V%(FLKJ<-9C$LsNq&C;Gc8?PKD
z-SC{d1QEBs>%E#S0iTRdcx|s+v5slfUvk%`KVNCLmk!rzTkqE%w}}6Zwgg!RcKr78
z1WyE=sG1v}hdC9z#{d?Ubw7y1Y@HrXJp$6QpLI*%?m!p!J@3jdsfDctX-7SY5>;Q*
zyGfigO4{#?xDBF_wXty<>=Cp`Uhqm;Sh`l${9@x)lM}pid|QZ+dX~dWWyH-45)w`z
zf^4v91<AC(pWmwKfPHARYiOv3YxyA+`aYp0-j!Whf^h5Q?%)1xn0Yy4&uyesq?7!3
z@^^VEo$MVy%HZPngInV~46}AV;VA(kJJA8nofIZ*#)7sc3c+$C$CJ+WY)?p5U(SR?
zj<AIDBgU)U!WFv6<Tez#W-~2(1(+R`+RegNO}h!RzM%5QDWR$5%0*|cjb0y=i!_Q2
zl5O1QX;MKi(o8nK8A;Z0Qq=b<2GGmkeCkw}ylB@rkcXPIb!Qh$6*W%2Ih13bYs`@(
z5CaRwHcp=qd4V|^K6Kx^D{A-?6wy&pXTG$7;$Ef}=qhHe3Nx2KqI(`)3#Z`CdQPFK
zJU>>1_BE12YO34rWH9(F$Jg(>CN8bK%dOPB@Q3g}MxRl2GI&i?(6b+Co#(tRZ}1YV
z6gnVm;Yfs=mL)BEPDsjH(MpQ+{@`>$xji0D1lwQATRAN&V?E>fky3rBg249b3^{?K
z@{>i~&?L73Ug$C1lkGOX^P#AtR##8w_l5QqRNo@S0xzC9idljt!aa2Y!JnshOPy>^
z^-c^nZ4UzO4YVs9cX$*lo#P9@h#uRxj2uj?+p67N-s9YJ$_nYIJk?MAVrx0FGJ0&Q
zw6n&0pVjw_IA<2;;#O9XdksxLz5pkaQiRF~Udo5B>p$q_&RF(QfsV&IDj#EFVv0%-
zF5@$X-Q$U1Z0uh{?EfeKEwY++883oRgvA)!_O*Q(`DoNed?MjY0WR5aLn=)iU+p`b
zdVT(OjYECSuO<ALa-~|MVyyEvk(Mo=q=G(tin;2FO|i;}TeWKYe0;1V02yohdzS+V
zJ>GgZ?13I)h{-3XROdfy>PEa6DRLVsPNr;_r?biR?X>=y7c?&vf1mRq^~q$D&QpSn
z_!OFvJ<C{J<>l0JsdZ}LlcP`lcE4^-g%B761eA{bHl@P=#j83}!29J1vrl#LU>yhf
z5Bko8W@b}XB(frOU7cBuV%hN?Fl#bhlh!pudH>#Ta)e!s;e>*7=P97_A(UOz_vY%+
z#T3S0?Dlf+7(*YlocnLHe1%!KIGhrh#)=|)DY7Xm6qSbE)KD<=2k0PFAEIAYIeN@`
zvJix(3{nO6z9M~DOuzG!VYLHP|JKGcB{Iw1UUok&9zqXeGnVIUJ2(tLB0xFJ$4Ec*
z^B&#QrHIewdQ6tuG%-BPzI#<WhWLdc_-l3jXXdfAD}#4!Xu0S{g9TEcnpPfj3EKG?
zzvDKoJsH|~K<z#f053XZ2A%L=(?8<egpZgQV(IC1D`$C+M5t)_TD)y&ONew6=Z$6Z
zI&$s9C)oMdu6F&Pm+>oQb#}##Q*+vWbRY*qF6-B3@k)+r6EA$h*?Z#(uqAE^MDh8r
ztJZke(@wd_CknQ4j5qM5i{+eBP-FJQeCLp6V;=h_qWxjp95!sbn!TSg!_P&e1NHVB
zgJAn-P(hM=M%F^|3SU&rV&8U)M=*xBIr2^j8nm=XdNtGY@D0Qjc)1TS$1JH=-rAK6
za!44?DXXhbZQeB*zeMd+!TNKA&}XZHg31vzDDLs~u{OsAt56H5%d?zMH1Jo#ci1jB
zQyveYDAJo3uikL6MC{xzEAH=WyMZ$|liCIL_$dWCw=C4((xF7Ek5Of+w=?<@5}hAJ
zsSQV~|EfJe1V~781v}g`)|Ef?DsU1Bi~qzwk<*)+o;}=H`&RA8Zv8^=S{7P|vT|Y>
zj&Q^P(Dk~(I@P7*cT}d8qb`K)6^9q5e&W$?l^#rjAqV#Q^*$cu&kwGH9*4Ua1-KrP
z9Jq8!vJ1CWCU6CoymyV$QI$CDr`fvavHp^z+9~vSLlJir9N!-HL~dLfzEWKgH{cRZ
zev_5E3U@$KWLtk}vqjKK)CN{&J?FePV*iLu>D4{u8dQWRwkS0%@^?k*ugVmZ-KqK1
z^$h*A9A52bcQ>=}n@Crj?AIys@QXJvx=VEeN&;R#s3GxsJ*oFY$~+sod00;64>t+f
zADo1`=~HAPR`(c~lp6zk7LP$9MXJIr`uIh&rH?bu2&`b0a<xxcVq_2C?{MwzET*l%
znd*5b4?o}x-csisuD^}KH@oDBR}YgZrkv>yo3ILB>M!g6jN^3p>oXHe`lgoJBHfc2
zO=zzjj6YH$3Z9TpCNig$_PlK^=p)IiWQ7}@35&Sj#D*sdAT30hbq-eBc>8>mP=joB
zV>5UJ12qGCthxyLFqHm6SnAfW*|0HE?6Vu$w5k)i+9M1Ai>VB^4Hxq7<dWY%2zaJ@
zgmMUPt#FpQd4S&-h>}Z)Z6oU^YdiQI0<5k~Y#Jc~>O|8`Hc}qc*NqfqxrZcHIA8#V
zM^-6RaL=8$6w%nd{7EtaRFJ)56cqd6sGm%M;P8>+{o7?k$*Ug?LM;L!H8hi~Wm*h)
z+p8*=KMF^4_Mh}^5$e73xREl&jP{<8g`KC&sP2O+(!1^X5xKOPAz=kgv}Zd;GUt{#
zH&?%AHOMM2J?PS9;A7(N0L`_)y8vb+%dTJOcw&>7rmkSCR2E*;^C*rx!jiRAn$MYA
z%<-xXqpCVQBs7z$2H5zf4EAZ?vev=|q_1B)i_$V^7$;(jn;77EbsgnTwcMt8-&W>d
zOt%YMZ4o%~%)}8dIt9Td`0pd96{U8RxygUY6*fyWa!pw>?mp|gqW~gm2GQ5tGe?Ly
zX99Qp>xDX7YhI!y59}hZzn2;m(#uAvIISu(M|RTWtuXM1deNWQXzfcy`>+aC{xWF4
zlftCOi69Z<SWAw1%AwmL`dAJdxUmw^Ysq?+orC0f<v;8%ysVtK$FA)EwvJ|Jkk9tT
zA&KC3fW-KfXdxYuN`(ordysb7eXSXjqB_mW#MA7Xzl^8ojg|ZjlFUNz!|9>Nd*|Rw
z&t7|);!Ng9V{UF=odKONkLccMKH8Oh3!FyU3HD_pf>!yF^4bEu^~ehHqZOUE;%0=O
zkhpsuL9&;Ram*7lpic=|GoZk~h*%?lo#Krnp$OxU!MJUiYQ=P3PbqUpW^~=zqnPBd
zrz1#LUe(#1b-U{C7nuS-Vo<BjoCs#GVV?{`BqF*PGR|O#t-$zJ48P=JVU{KQmfJmZ
zE6F$ZX=MYQEe*DwGJ#^FQ?|cIyw*PBeSAQWC6sDwW>+a=*9;?N4TA%($$I@2@Iq6y
zwqFO1_FT31r8hBs{DuUTi0&ClPnCS>DwjT6g0!T&#tE}-KwJHbZuv_qQ78wGnK-2g
zYyE7ljtSju{&sS*J>jP?!B@*K*%sQTXf{lyDCxAFupu#i9D%;(KG#@>XF|?4AuXxm
zzq#`pkP=TKpAqqgI=4oKV*o^gLrpS_H1P)%r~GNmB8iG+mi<N1Cd2im$v&*#UI7E_
z4P%oH+P$AXSPZr&;<b7!aqM}*a%i)H%9FXI!yLv#kcL{r*j@$ASC;A;vtc$SHoC7B
z1mw1~Z*bae{zqA&dr~jPt)%zLwo{Ra@z~vWkv~$F!S9$$t!^?$2BaE`6bJn0^z=5K
z@)*E39>t3E3D_#BMkIb!j_2>v{X}$Ml+hVEgL{}|P(64zUW-)(k0aBPHXMySD#8GQ
z^-LI`Q5j9{@fV`xQ<D6Kb;7!8;zBMYaY%(i?5~2*H%?8R)*p2EpHZ7uMKR9ugg;Na
zb{MZA`JdSD&)7904;Q^_Arr!L9lR6S0M%*E{Fcsx;3@RTBZ|tvH-V%#@)?;IaXK{>
zCA*(g*8O)&gu6{j<zFSu%jd$FMs*bbGEl_dGdeXipXki4A4<wn(`VGE{e8c-FS4(&
zG;&Q518_`S<xFD*(Nkx6CC!m*fE@$vW*}WcBiG{?U~u|pf$I!frZROGjt&~Tx8ZEs
zz%Q?A5a%IV(bJ^#sXZKr79E?uy2bj^^7UsC!$1%VgP|8#HMfjo;R7FjXKz`_#U}X6
z5U#D(M>+nw1H^E3cKzNtC@uJhy?LWT!iCxop0AlI^xH?yn_Zp5C9~%aYq6QpI`Fu6
z(N-cXZnQpXpu<AfE1>#I8?$>I21wR*H1As39<Qi8fBkA>$ml7H-Nfx!WU)9c$#}(Q
z?GiKQxwhyQto8+o-f62;(;jU!z-W;pPhhqCLzO{#@#=7AS&p>*e!nCicNCwbHJF|v
zPH>8%Oa1vpx&nQB#KoR^zPqugrCwImM;3PK&q*HMZ~Q&a+VzCrI8!}LkuJB^C@O0k
zzJS(+<&(U+_Ilmgd?sal<YSG4=kFAXJ0X?Kzd@K?;O=HSEJ2p3`sj=0Yx@{{!*CC5
zq;f${uwRodZeLdxtEt$0dfdHzu73ZWYhE_wog%H-63aVH-LxeIGhS4q7_9vA!5rt(
zjFq{&nHRP?-}g9t&1XCGlCHK<>D!AXUINvz-YSOH<jy4LPGbz9a-~T(;AM3zU@H|=
zY;CD#6NByt>*BqkyI`(Vlei4kmLSoPk-^Foik=+u+m-|6rs0AHhXOX<H=V$6$3GD>
zypS6ff50P&y(R~+Lc($ehy1o!|6C<M?LB*o4Se|^8w823OlrBW9k3hPGl7(rxIX0j
z4Cv&cKisx)mBtFa4cV~O)vm=>lo@B#&I~ZX3+u1PVmu4fkXIg>iV_8~)y%{N#49Ka
zpfq$;646)l(uSV5{E0Me>IblEO0;;_qZ$K8pqIA;f;cH6fY<Q9J^3<in`8=iKu~XP
z8&+`kV}LuJgayp-8>jbe1cGF1u$hM(s-*X~n6JyQp@}uxBCDM6@x!lHGP5Ky*fd(Q
z=E3?JRKw+lqAxSJdZtduHL2JnwKdgxBd|E#Q*TE?wq}k{x0jXp)ygQb8x^gmIWRto
zz9+h?12Xi>*2u&q-+df~8&G9C4H_h!sp=Fd&@?eo#Bck#A=KIv-Q!}G6%$LvXijT~
ziWnX9cvur|11Ud`%_QLq;{DmeMYWo0miFdOCYmczr8a7F4>plTll0R9c=K~6ylPha
zSttC1c68cg=J+_6JN<{gBE5?Eny-0uWD>m`pO?jJP&=6nN8DM0_nkLf`S~(9M*%yb
zC!PA$0&Z|pR%``5f%9sL24IWwBBqT!J6m)z9LTd3Ov!Vy7fAW=<-%<ytZflVUoCK(
z`AlG>U5(l{!R41fpq@kX43BiA!6V-@ywZin;bxgX1u+e8xD%Qd{S0j1KOaz=bcMVe
zW{<rYxp_I%nX|2Y<b)>oo=?rGz`e&basrD`8;@V#*_rmM4JA>5C;_h|rS(OQudRIT
z*W~*nj<%oO#4^d#rxrb(L(rGg%_0}1$3NY}a)thj69YVoNE|snO(PhI-|fYgCM~c|
z=C%N`F-z3<cjHNi+BGojb<2Q185@wA_uQJR!~oxHbFQ#XIK9FYyi>|Bg>^;3f4L&Q
zxsu5<;TgO@_nCh=8s&||%0f4MhqE8mh(T=|<&pP&J&_HI1hf{~uwo^HFPvizVbCfD
zlcP;tMa6n){y{Kf^p)iLmuD=uhL@VDrHtixw>-yZkK9fAqFn;lYCRHvxKi-mi}-dl
zNF2Ek;o0gVCtnlpQyQdLx0uf(>~QIzU$DF#bEm+@wjzY=jv8}x^mbS${VX_Al~W;h
zzQu088b4}!uNT}Z+~3tniwyTfQ|&3S4F1T`b>6h7;O)pdB{RL6NlG==8l<J4{nHHb
zK}MJTKAjqHd-G>MUfA4JO>E~E>`s^`Tq2=$=&65!&!KP%a-cfSf6^Bl@mU+^##$m%
zAP0%c<>>~5*sah<W@oJ-PTAu9(gzAT5R+dL@<6l*wnBY_RaI(~Z)ZD7WV>@M;+2|~
zuG>UE#C3u%kc>zDqx&KbDiAm9^4l9vbj%-0j7KF1bHkAe=^rH_N<3In?M187#1Hy9
z16A~mSyWhhvUZBvm~C7gys`K<*US;j@#-IAtS8T%G#dTvD4G4|(7)kiAHbKE(dV~H
zg+EsaJ|FZ+`0bY*cVq`?R=`73M3<<Fi!#Y7!6NuVN(242FEy~FKKZBX<i{A$3>uEc
z=1bA~KLY=LR7M;n8^s(+D~%y*p{bWRnWyBHmg2JH;LaFvb8Ji^i~$-{^`NI{!Z_B<
zSaai$G7(g}k6e>w+J?C18&8s+1{Y-ap4tJnd*xZcWn+bA*jM{5U49~cvBQ0R#jqrQ
znu6^xNoHX;e{&T3CW=JnLc?!En$2V;5(A`~M4)i4pPL}AeUN<&)1IlQ(|GiC#6Ijw
zO$!60V56OdQZ&Ue8kC00Z8~O%W%!E;xcuChdU=KT-^?Tp$3`AfjSS~FCpRI|CugZV
z5UVZ7(X`3csdP)kj-(pe3tRv3?L5~RIj0Xegy9bQzJ}PzqkVj(_i?w#(2(stsW<46
zQ4D}AZ#?@A3H--GOLF!lL2Gh<)`y;rKwY9Bi=ffRSnoVB@7;WzlZREH6=ZJ`n+W_v
zB_?W%SiOb*(ZqE%!^O!t252J5RldOXqU$aK{t2D@A1iH0{i6Y@KP$X)ls?-2qj3iH
z_#<r9+v5oIU$mUHZ{emNh&po{7}nQgG{2X2Lyu~S{9wdiZDhWF8;ei->+<(rtM@%3
ziZUO({8{yC3a=9aOR%xZ{_XuLk_Gt`9UXK{Qp~TqVd}?b1D?@nPc7Dr%8GKS3U+oT
zrVi3sL?*=AK%v*=Ll2zh^*xRcAE^$`{F)FS<+DDT{HGa99QF%8Ove<1dP?s?$asxh
zv3e?C`BBJ!YIh%twn@s8rzyv%N~!aow$HSc*L1e9%3^EEqXD`ky>v$Zh53(F8vn8+
zh~zIN=apj3f=#p*o<J{4pUsNU`LJeVRdVU}N2w3j#;;616;13j^hCwhpm8r=-v<xP
zHJQa!83qxDYsUn9lcBp~gN!Z7+j1W4gdeDuM>a9TzZ)u(iFJIUYlnv3aT=S5_L~@v
z_14Rw`0~r};kV*33+n0T-zE`i-#?0;7Vx@zsrXyOi5RI^@Ns{ik)iSEfNUoCzFtb(
z>@j~zl>RJVsH>F?z)_P3#p(3cF^GF`#m|l{U>ovnxQT^*X1q=nH3-KA_<VOi`b01#
zLETPKq~Ft{L@laaE!b~4RO`i-Mvt)0d1-$?4q@Hl;{0qkG>ZX>79N_-0t9Lj0KTBJ
zGDWRTDra9-Z)jKBQ}M4&0|d&vC~J>g>%va!K%C_Q*AyO3yO)oJYk!5NNg0nbNjrZ9
zRUPLjFY7i8+0xZLZfhpGf8iR;yRzN(1I0G9k4~@%L&f3WD8>s5(!K>SNkl}7U24iM
z?FdnVbq#;reO*`BW^M;!Nt>+m(snY1mr>-O31Tz2RiVGXNci(*g2iB`15qp6ZdeDE
z)<(LxczTX`NW=cxPWk7V^s10jlRBx4w1DTMcC_463A}Te7te}!p}Ts4vNU>hA#@t-
z<mLThl6(_AFRCZk78tOd!9b%7=yFU_D*x<iOj7cshAjD4ia)LV=hsUo8ClVcc8#CV
zuVen**12ha+8Y07;_<<b2xU<E*Ek%VJ(41F?s*1%Ha$Lq?Q@bfMWs0i4l0ig`d>i(
z^~uFQ&isM_90&3_O`)nIA0p9j3aHk8HF;-7#Q69W#JsBt8j<}u#+1};UO;3o!nC|h
z7g6E2)k+1r9x*xr*ZzbzM9m>}IBi)HNp;vO_T}8So28Ro)Z19Oz~w0WyfCF#uQrpM
zr@hl><!v1WkmKo5^MdjhrjvMuz?yocd)|mjqzn7DqVJepfeVqY#ND_yw)?lj-PH--
zG@Y^(+Y|^1U9gx^cYN%e5D3Yc&cl-(nH^s+1aDs(pemRq`J=Bm=eH+?X6x?XMI^@f
z#cfTNf7-Dd4zKDI*O{-ZlO%8E3hS?9-Q?9>_j@3atW?rR8qtdYRmwan?+>d6$VKR+
z%(oM~T@PL=%C4TUMC*;V<u!L+q8p1&*vOOKI=;PX-IgUf3m%6qz57M05iasuI+i7F
vK1M^fy|1;`UP+?zI0MQ>+lM{Fu$QbEOaI?)Ylp$_h!4q<CqB`%#7zAgB+(Xq

literal 0
HcmV?d00001

diff --git a/Chapter 4/.DS_Store b/Chapter 4/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..cdb36011b7e4f393b263d662848fee0fba3bb933
GIT binary patch
literal 6148
zcmeH~O-{o=427Se60O*D$#Sm14MtTt0T<vWARz^^NW0IDYxmh6P^%P{EYP#$c^QvA
zqkM}v1Hd->?iN@BSkhhb>BHQ7-F;>kE#hji$17eiVu!ICXW8ciUc16O9`S)U9MwPf
zPs7l2TU>E@K!-hg-@Y4j>HL0*ihu}+fCz|y2>edKn=5U3ovKj;L_h?-3HbM+&|PcO
zDK$PF9O4Q<T`(NR=eSEyiwCH+>6FR{&9ao5rPi((mgS6>mRFljsaXz-letej+1d@o
z;&jGKq{C{eMiCH!Qv#PcU3>q(qyKRKKP}Qs1VrFp5wOMfe!Jl-wca{=Iq$WF{y_gS
p=0-Y)XvNfM#hiF6zB$S({>=5-bV`kK#-p679|7kg6M?@VZ~%O;8$|#B

literal 0
HcmV?d00001

diff --git a/Chapter 4/fileserver.conf b/Chapter 4/fileserver.conf
new file mode 100644
index 0000000..e69de29
diff --git a/Chapter 4/manifests/.DS_Store b/Chapter 4/manifests/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..745f9a35f761a711131a595586e252467f12b87d
GIT binary patch
literal 6148
zcmeHKISv9b4733WBpOP}e1RWC2wuPkIJ=c7R`gr(E}q8tC_oDx6ri!>OyYPFWs3D$
zM09yME<|P`GJzY))rP*=zIo3E8Brh{XS8yX_Shbp{kfO@I$+$f9HfyQ*bn@3V_P&T
zKn17(6`%rC;KK@Jft^f0d@hfp0#xAl6|nC^fg9GuF3>+67`z1lju3Xk+<OUNu>i0p
zc7ce%G^oI!YPJ{}bi_;M)x<6^=%U$tXx^;Zp{U=E^NXj8)<BL_fC@Y-FpTBQ>i-)4
zrvHB?aYY5Fz+Wk#qt#}$#FMhN_8w=ow!pV=%eleLFn0<DFULSH$5>c7o_kW{6`Nzf
VCU${NN8IT^{tTEdG%E0I1@70_6_@}3

literal 0
HcmV?d00001

diff --git a/Chapter 4/manifests/classes/.DS_Store b/Chapter 4/manifests/classes/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..5008ddfcf53c02e82d7eee2e57c38e5672ef89f6
GIT binary patch
literal 6148
zcmeH~Jr2S!425mzP>H1@V-^m;4Wg<&0T*E43hX&L&p$$qDprKhvt+--jT7}7np#A3
zem<@ulZcFPQ@L2!n>{z**<q8>++&mCkOWA81W14cNZ<zv;LbK1Poaz?KmsK2CSc!(
z0ynLxE!0092;Krf2c+FF_Fe*7ECH>lEfg7;MkzE(HCqgga^y>{tEnwC%0;vJ&^%eQ
zLs35+`xjp>T0<F0fCPF1$Cyrb|F7^5{eNG?83~ZUUlGt@xh*qZDeu<Z%US-OSsOPv
j)R!Z4KLME7ReXlK;d!wEw5GODWMKRea10D2@KpjYNUI8I

literal 0
HcmV?d00001

diff --git a/Chapter 4/manifests/classes/administrators.pp b/Chapter 4/manifests/classes/administrators.pp
new file mode 100644
index 0000000..7ec649e
--- /dev/null
+++ b/Chapter 4/manifests/classes/administrators.pp	
@@ -0,0 +1,6 @@
+class administrators inherits virt_users {
+       realize(
+       Group["administration"]
+   )
+       User["jsmith"] { groups => "administration" }
+}
diff --git a/Chapter 4/manifests/classes/baseapps.pp b/Chapter 4/manifests/classes/baseapps.pp
new file mode 100644
index 0000000..e0b7888
--- /dev/null
+++ b/Chapter 4/manifests/classes/baseapps.pp	
@@ -0,0 +1,29 @@
+class baseapps {
+
+       $packagelist = ["joe", "perl", "rubygems"]
+
+       package { $packagelist:
+              ensure => installed }
+}
+
+class sshd {
+
+case $operatingsystem {
+       fedora: { $ssh_packages = ["openssh", "openssh-server", "openssh-clients"] }
+       debian: { $ssh_packages = ["openssh-server", "openssh-client"] }
+       default: { $ssh_packages = ["openssh", "openssh-server"] }
+}
+
+       package { $ssh_packages: ensure => installed }
+
+       service { sshd: 
+              name => $operatingsystem ? {
+                  fedora => "sshd",
+                  debian => "ssh",
+                  default => "sshd",
+                  },
+              enable => true,
+              ensure => running
+       }
+
+}
diff --git a/Chapter 4/manifests/classes/mail_team.pp b/Chapter 4/manifests/classes/mail_team.pp
new file mode 100644
index 0000000..ac15d03
--- /dev/null
+++ b/Chapter 4/manifests/classes/mail_team.pp	
@@ -0,0 +1,7 @@
+class mail_team inherits virt_users {
+     realize(
+       Group["mail_team"]
+  )
+    User["mjones"] { groups => "mail_team" }
+}
+
diff --git a/Chapter 4/manifests/classes/staff.pp b/Chapter 4/manifests/classes/staff.pp
new file mode 100644
index 0000000..13e997f
--- /dev/null
+++ b/Chapter 4/manifests/classes/staff.pp	
@@ -0,0 +1,10 @@
+class staff {
+       include virt_users, virt_groups
+       realize(
+              Group["staff"],
+	      Group["administration"],
+              User["jsmith"],
+              User["mjones"]
+       )
+}
+
diff --git a/Chapter 4/manifests/groups/mysql_group.pp b/Chapter 4/manifests/groups/mysql_group.pp
new file mode 100644
index 0000000..af3d6c8
--- /dev/null
+++ b/Chapter 4/manifests/groups/mysql_group.pp	
@@ -0,0 +1,7 @@
+class mysql_group {
+       group { "mysql":
+       gid    => "501",
+       ensure => present 
+  }
+}
+			    
diff --git a/Chapter 4/manifests/groups/virt_groups.pp b/Chapter 4/manifests/groups/virt_groups.pp
new file mode 100644
index 0000000..a14c64b
--- /dev/null
+++ b/Chapter 4/manifests/groups/virt_groups.pp	
@@ -0,0 +1,16 @@
+class virt_groups {
+       @group { "staff":
+              gid    => "1000",
+	      ensure => present,
+       }
+
+       @group { "administration":
+              gid    => "1501",
+              ensure => present, 
+       }
+
+       @group { "mail_team":
+              gid    => "1502",
+              ensure => present,
+       }
+}
diff --git a/Chapter 4/manifests/nodes.pp b/Chapter 4/manifests/nodes.pp
new file mode 100644
index 0000000..286f859
--- /dev/null
+++ b/Chapter 4/manifests/nodes.pp	
@@ -0,0 +1,16 @@
+
+node 'puppetmaster.testing.com' inherits basenode {}
+node 'www.testing.com' inherits webserver {
+   virtual_host { "test1.testing.com":
+          ip => "192.168.0.1"
+     }
+   virtual_host { "test2.testing.com":
+         ip => "192.168.0.2"
+     }
+}
+node 'db.testing.com' inherits dbserver {}
+node 'mail.testing.com' inherits mailserver {}
+
+
+node 'debian.lovedthanlost.net' inherits mailserver {}
+
diff --git a/Chapter 4/manifests/os/debian.pp b/Chapter 4/manifests/os/debian.pp
new file mode 100644
index 0000000..d37793b
--- /dev/null
+++ b/Chapter 4/manifests/os/debian.pp	
@@ -0,0 +1,9 @@
+class debian {
+
+       $disableservices = ["hplip", "avahi-daemon", "rsync", "spamassassin"]
+
+       service { $disableservices:
+               enable => false,
+               ensure => stopped,
+       }
+}
diff --git a/Chapter 4/manifests/os/fedora.pp b/Chapter 4/manifests/os/fedora.pp
new file mode 100644
index 0000000..6712b91
--- /dev/null
+++ b/Chapter 4/manifests/os/fedora.pp	
@@ -0,0 +1,9 @@
+class fedora {
+
+       yumrepo { "testing.com-repo":
+              baseurl => "http://repos.testing.com/fedora/$lsbdistrelease/",
+              descr => "Testing.com's YUM repository",
+              enabled => 1,
+              gpgcheck => 0,
+       }
+}
diff --git a/Chapter 4/manifests/site.pp b/Chapter 4/manifests/site.pp
new file mode 100644
index 0000000..d3001a0
--- /dev/null
+++ b/Chapter 4/manifests/site.pp	
@@ -0,0 +1,10 @@
+import "templates.pp"
+import "nodes.pp"
+import "groups/*"
+import "users/*"
+import "os/*"
+import "classes/*"
+
+
+filebucket { main: server => puppet }
+File { backup => main }
diff --git a/Chapter 4/manifests/templates.pp b/Chapter 4/manifests/templates.pp
new file mode 100644
index 0000000..cdd78f3
--- /dev/null
+++ b/Chapter 4/manifests/templates.pp	
@@ -0,0 +1,22 @@
+node basenode { 
+       case $operatingsystem {
+              fedora: { include fedora }
+              debian: { include debian }
+              default: { include fedora}
+       }
+#       include baseapps, sshd, 
+        include staff, administrators
+}
+
+node default inherits basenode {}
+
+node webserver inherits basenode {
+       include apache
+}
+node dbserver inherits basenode {
+       include mysql
+}
+node mailserver inherits basenode {
+#       include postfix
+       include mail_team
+}
diff --git a/Chapter 4/manifests/users/mysql_user.pp b/Chapter 4/manifests/users/mysql_user.pp
new file mode 100644
index 0000000..7e7d414
--- /dev/null
+++ b/Chapter 4/manifests/users/mysql_user.pp	
@@ -0,0 +1,10 @@
+class mysql_user {
+       user { "mysql":
+       ensure  => "present",
+       uid     => "501",
+       gid     => "501",
+       comment => "MySQL",
+       home    => "/var/lib/mysql",
+       shell   => "/sbin/nologin",
+       }
+}
diff --git a/Chapter 4/manifests/users/virt_users.pp b/Chapter 4/manifests/users/virt_users.pp
new file mode 100644
index 0000000..314dad3
--- /dev/null
+++ b/Chapter 4/manifests/users/virt_users.pp	
@@ -0,0 +1,19 @@
+class virt_users {
+       @user { "jsmith":
+              ensure  => "present",
+              uid     => "1001",
+              gid     => "1000",
+              comment => "Jane Smith",
+              home    => "/nfs/IT/home/jsmith",
+              shell   => "/bin/bash",
+       }
+
+       @user { "mjones":
+              ensure  => "present",
+              uid     => "1002",
+	      gid     => "1000",
+              comment => "Mary Jones",
+              home    => "/nfs/IT/home/mjones",
+              shell   => "/bin/bash",
+       }
+}
diff --git a/Chapter 4/modules/.DS_Store b/Chapter 4/modules/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..37afdd63786641940a739c631a23adf567025eec
GIT binary patch
literal 6148
zcmeH~F-`+P3`M^oKqQ)!lye1cFp9znxB!rVKw7k*fCSxkT$^u?6D``%QlM|i^EV!Q
zM*E6&48WG}n@eB;U`}_%moHQEefNnSW#pJ@amFL=H`{f0*Z18d`*6T(PjQPE`WmBp
z9*7e>;}cuFqT3zo;WK9U48P$4Pxu&b9lk_S5fA|p5CIVofjt55rL_5ZQ>`K(0wS;{
z;NOQrcde;I)A)37i4lN0V>pb@F-uU32dFi5Xvzr9S}C=aT8<dj${8=2S5t?ktsIua
zhvm(d6N<&{JikObtTxpu0wVB}fY08vh4=p}`Y-dp=g34r1pX-jo2{-_OTJw8*2!yn
vuPyW&`p%de>0F`}Q==90hqvO3QC{(9?$^|zX_PY_<y8F<a4s?t_zMExd;B1x

literal 0
HcmV?d00001

diff --git a/Chapter 4/modules/apache/.DS_Store b/Chapter 4/modules/apache/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..7dbe71729be721c54b219c2a6ac249116ac49339
GIT binary patch
literal 6148
zcmeHKF-`+P3>-s{f@o5v+%NEhRTN&p2MB~nNEd>Xq`!`DGxi#Z<P?#Lf{Z2a+}WO8
z?G)!T0GsWX_rL_enC^&AUxwy+_kmqy<eF%)$9B1W>7F;6j<4sLb8oQ18#=t=fPafM
z7I<fB<tglr(>sRO_#kt^<PrP4<5eXEq<|EV0#e}O6v!q$zPq@a>%vk%3jC&ke;*3n
zu_pEn<I}+<MgZc7;V?eOEI}+DAlAgbAtN+vRAQrAju_VHjF+sdiG9OHhvo2Ld9vk%
zVsSe6FHsJw4Yf)EDR8KO&)&3&_x}g_iTU4aWKuv1{8I&NG=H4Wc)9GYgKK)PE%Yb)
qx3M<LxkM`_Ml0rvx8muKy5i5w*TlYI&>0UpQ9lB%i%bgqg#urpEh1F_

literal 0
HcmV?d00001

diff --git a/Chapter 4/modules/apache/files/httpd.conf b/Chapter 4/modules/apache/files/httpd.conf
new file mode 100644
index 0000000..2ab3f8a
--- /dev/null
+++ b/Chapter 4/modules/apache/files/httpd.conf	
@@ -0,0 +1,990 @@
+#
+# This is the main Apache server configuration file.  It contains the
+# configuration directives that give the server its instructions.
+# See <URL:http://httpd.apache.org/docs/2.2/> for detailed information.
+# In particular, see
+# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
+# for a discussion of each configuration directive.
+#
+#
+# Do NOT simply read the instructions in here without understanding
+# what they do.  They're here only as hints or reminders.  If you are unsure
+# consult the online docs. You have been warned.  
+#
+# The configuration directives are grouped into three basic sections:
+#  1. Directives that control the operation of the Apache server process as a
+#     whole (the 'global environment').
+#  2. Directives that define the parameters of the 'main' or 'default' server,
+#     which responds to requests that aren't handled by a virtual host.
+#     These directives also provide default values for the settings
+#     of all virtual hosts.
+#  3. Settings for virtual hosts, which allow Web requests to be sent to
+#     different IP addresses or hostnames and have them handled by the
+#     same Apache server process.
+#
+# Configuration and logfile names: If the filenames you specify for many
+# of the server's control files begin with "/" (or "drive:/" for Win32), the
+# server will use that explicit path.  If the filenames do *not* begin
+# with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
+# with ServerRoot set to "/etc/httpd" will be interpreted by the
+# server as "/etc/httpd/logs/foo.log".
+#
+
+### Section 1: Global Environment
+#
+# The directives in this section affect the overall operation of Apache,
+# such as the number of concurrent requests it can handle or where it
+# can find its configuration files.
+#
+
+#
+# Don't give away too much information about all the subcomponents
+# we are running.  Comment out this line if you don't mind remote sites
+# finding out what major optional modules you are running
+ServerTokens OS
+
+#
+# ServerRoot: The top of the directory tree under which the server's
+# configuration, error, and log files are kept.
+#
+# NOTE!  If you intend to place this on an NFS (or otherwise network)
+# mounted filesystem then please read the LockFile documentation
+# (available at <URL:http://httpd.apache.org/docs/2.2/mod/mpm_common.html#lockfile>);
+# you will save yourself a lot of trouble.
+#
+# Do NOT add a slash at the end of the directory path.
+#
+ServerRoot "/etc/httpd"
+
+#
+# PidFile: The file in which the server should record its process
+# identification number when it starts.
+#
+PidFile run/httpd.pid
+
+#
+# Timeout: The number of seconds before receives and sends time out.
+#
+Timeout 120
+
+#
+# KeepAlive: Whether or not to allow persistent connections (more than
+# one request per connection). Set to "Off" to deactivate.
+#
+KeepAlive Off
+
+#
+# MaxKeepAliveRequests: The maximum number of requests to allow
+# during a persistent connection. Set to 0 to allow an unlimited amount.
+# We recommend you leave this number high, for maximum performance.
+#
+MaxKeepAliveRequests 100
+
+#
+# KeepAliveTimeout: Number of seconds to wait for the next request from the
+# same client on the same connection.
+#
+KeepAliveTimeout 15
+
+##
+## Server-Pool Size Regulation (MPM specific)
+## 
+
+# prefork MPM
+# StartServers: number of server processes to start
+# MinSpareServers: minimum number of server processes which are kept spare
+# MaxSpareServers: maximum number of server processes which are kept spare
+# ServerLimit: maximum value for MaxClients for the lifetime of the server
+# MaxClients: maximum number of server processes allowed to start
+# MaxRequestsPerChild: maximum number of requests a server process serves
+<IfModule prefork.c>
+StartServers       8
+MinSpareServers    5
+MaxSpareServers   20
+ServerLimit      256
+MaxClients       256
+MaxRequestsPerChild  4000
+</IfModule>
+
+# worker MPM
+# StartServers: initial number of server processes to start
+# MaxClients: maximum number of simultaneous client connections
+# MinSpareThreads: minimum number of worker threads which are kept spare
+# MaxSpareThreads: maximum number of worker threads which are kept spare
+# ThreadsPerChild: constant number of worker threads in each server process
+# MaxRequestsPerChild: maximum number of requests a server process serves
+<IfModule worker.c>
+StartServers         2
+MaxClients         150
+MinSpareThreads     25
+MaxSpareThreads     75 
+ThreadsPerChild     25
+MaxRequestsPerChild  0
+</IfModule>
+
+#
+# Listen: Allows you to bind Apache to specific IP addresses and/or
+# ports, in addition to the default. See also the <VirtualHost>
+# directive.
+#
+# Change this to Listen on specific IP addresses as shown below to 
+# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
+#
+#Listen 12.34.56.78:80
+Listen 80
+
+#
+# Dynamic Shared Object (DSO) Support
+#
+# To be able to use the functionality of a module which was built as a DSO you
+# have to place corresponding `LoadModule' lines at this location so the
+# directives contained in it are actually available _before_ they are used.
+# Statically compiled modules (those listed by `httpd -l') do not need
+# to be loaded here.
+#
+# Example:
+# LoadModule foo_module modules/mod_foo.so
+#
+LoadModule auth_basic_module modules/mod_auth_basic.so
+LoadModule auth_digest_module modules/mod_auth_digest.so
+LoadModule authn_file_module modules/mod_authn_file.so
+LoadModule authn_alias_module modules/mod_authn_alias.so
+LoadModule authn_anon_module modules/mod_authn_anon.so
+LoadModule authn_dbm_module modules/mod_authn_dbm.so
+LoadModule authn_default_module modules/mod_authn_default.so
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule authz_user_module modules/mod_authz_user.so
+LoadModule authz_owner_module modules/mod_authz_owner.so
+LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
+LoadModule authz_dbm_module modules/mod_authz_dbm.so
+LoadModule authz_default_module modules/mod_authz_default.so
+LoadModule ldap_module modules/mod_ldap.so
+LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
+LoadModule include_module modules/mod_include.so
+LoadModule log_config_module modules/mod_log_config.so
+LoadModule logio_module modules/mod_logio.so
+LoadModule env_module modules/mod_env.so
+LoadModule ext_filter_module modules/mod_ext_filter.so
+LoadModule mime_magic_module modules/mod_mime_magic.so
+LoadModule expires_module modules/mod_expires.so
+LoadModule deflate_module modules/mod_deflate.so
+LoadModule headers_module modules/mod_headers.so
+LoadModule usertrack_module modules/mod_usertrack.so
+LoadModule setenvif_module modules/mod_setenvif.so
+LoadModule mime_module modules/mod_mime.so
+LoadModule dav_module modules/mod_dav.so
+LoadModule status_module modules/mod_status.so
+LoadModule autoindex_module modules/mod_autoindex.so
+LoadModule info_module modules/mod_info.so
+LoadModule dav_fs_module modules/mod_dav_fs.so
+LoadModule vhost_alias_module modules/mod_vhost_alias.so
+LoadModule negotiation_module modules/mod_negotiation.so
+LoadModule dir_module modules/mod_dir.so
+LoadModule actions_module modules/mod_actions.so
+LoadModule speling_module modules/mod_speling.so
+LoadModule userdir_module modules/mod_userdir.so
+LoadModule alias_module modules/mod_alias.so
+LoadModule rewrite_module modules/mod_rewrite.so
+LoadModule proxy_module modules/mod_proxy.so
+LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
+LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
+LoadModule proxy_http_module modules/mod_proxy_http.so
+LoadModule proxy_connect_module modules/mod_proxy_connect.so
+LoadModule cache_module modules/mod_cache.so
+LoadModule suexec_module modules/mod_suexec.so
+LoadModule disk_cache_module modules/mod_disk_cache.so
+LoadModule file_cache_module modules/mod_file_cache.so
+LoadModule mem_cache_module modules/mod_mem_cache.so
+LoadModule cgi_module modules/mod_cgi.so
+
+#
+# The following modules are not loaded by default:
+#
+#LoadModule cern_meta_module modules/mod_cern_meta.so
+#LoadModule asis_module modules/mod_asis.so
+
+#
+# Load config files from the config directory "/etc/httpd/conf.d".
+#
+Include conf.d/*.conf
+
+#
+# ExtendedStatus controls whether Apache will generate "full" status
+# information (ExtendedStatus On) or just basic information (ExtendedStatus
+# Off) when the "server-status" handler is called. The default is Off.
+#
+#ExtendedStatus On
+
+#
+# If you wish httpd to run as a different user or group, you must run
+# httpd as root initially and it will switch.  
+#
+# User/Group: The name (or #number) of the user/group to run httpd as.
+#  . On SCO (ODT 3) use "User nouser" and "Group nogroup".
+#  . On HPUX you may not be able to use shared memory as nobody, and the
+#    suggested workaround is to create a user www and use that user.
+#  NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
+#  when the value of (unsigned)Group is above 60000; 
+#  don't use Group #-1 on these systems!
+#
+User apache
+Group apache
+
+### Section 2: 'Main' server configuration
+#
+# The directives in this section set up the values used by the 'main'
+# server, which responds to any requests that aren't handled by a
+# <VirtualHost> definition.  These values also provide defaults for
+# any <VirtualHost> containers you may define later in the file.
+#
+# All of these directives may appear inside <VirtualHost> containers,
+# in which case these default settings will be overridden for the
+# virtual host being defined.
+#
+
+#
+# ServerAdmin: Your address, where problems with the server should be
+# e-mailed.  This address appears on some server-generated pages, such
+# as error documents.  e.g. admin@your-domain.com
+#
+ServerAdmin root@localhost
+
+#
+# ServerName gives the name and port that the server uses to identify itself.
+# This can often be determined automatically, but we recommend you specify
+# it explicitly to prevent problems during startup.
+#
+# If this is not set to valid DNS name for your host, server-generated
+# redirections will not work.  See also the UseCanonicalName directive.
+#
+# If your host doesn't have a registered DNS name, enter its IP address here.
+# You will have to access it by its address anyway, and this will make 
+# redirections work in a sensible way.
+#
+#ServerName www.example.com:80
+
+#
+# UseCanonicalName: Determines how Apache constructs self-referencing 
+# URLs and the SERVER_NAME and SERVER_PORT variables.
+# When set "Off", Apache will use the Hostname and Port supplied
+# by the client.  When set "On", Apache will use the value of the
+# ServerName directive.
+#
+UseCanonicalName Off
+
+#
+# DocumentRoot: The directory out of which you will serve your
+# documents. By default, all requests are taken from this directory, but
+# symbolic links and aliases may be used to point to other locations.
+#
+DocumentRoot "/var/www/html"
+
+#
+# Each directory to which Apache has access can be configured with respect
+# to which services and features are allowed and/or disabled in that
+# directory (and its subdirectories). 
+#
+# First, we configure the "default" to be a very restrictive set of 
+# features.  
+#
+<Directory />
+    Options FollowSymLinks
+    AllowOverride None
+</Directory>
+
+#
+# Note that from this point forward you must specifically allow
+# particular features to be enabled - so if something's not working as
+# you might expect, make sure that you have specifically enabled it
+# below.
+#
+
+#
+# This should be changed to whatever you set DocumentRoot to.
+#
+<Directory "/var/www/html">
+
+#
+# Possible values for the Options directive are "None", "All",
+# or any combination of:
+#   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
+#
+# Note that "MultiViews" must be named *explicitly* --- "Options All"
+# doesn't give it to you.
+#
+# The Options directive is both complicated and important.  Please see
+# http://httpd.apache.org/docs/2.2/mod/core.html#options
+# for more information.
+#
+    Options Indexes FollowSymLinks
+
+#
+# AllowOverride controls what directives may be placed in .htaccess files.
+# It can be "All", "None", or any combination of the keywords:
+#   Options FileInfo AuthConfig Limit
+#
+    AllowOverride None
+
+#
+# Controls who can get stuff from this server.
+#
+    Order allow,deny
+    Allow from all
+
+</Directory>
+
+#
+# UserDir: The name of the directory that is appended onto a user's home
+# directory if a ~user request is received.
+#
+# The path to the end user account 'public_html' directory must be
+# accessible to the webserver userid.  This usually means that ~userid
+# must have permissions of 711, ~userid/public_html must have permissions
+# of 755, and documents contained therein must be world-readable.
+# Otherwise, the client will only receive a "403 Forbidden" message.
+#
+# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden
+#
+<IfModule mod_userdir.c>
+    #
+    # UserDir is disabled by default since it can confirm the presence
+    # of a username on the system (depending on home directory
+    # permissions).
+    #
+    UserDir disable
+
+    #
+    # To enable requests to /~user/ to serve the user's public_html
+    # directory, remove the "UserDir disable" line above, and uncomment
+    # the following line instead:
+    # 
+    #UserDir public_html
+
+</IfModule>
+
+#
+# Control access to UserDir directories.  The following is an example
+# for a site where these directories are restricted to read-only.
+#
+#<Directory /home/*/public_html>
+#    AllowOverride FileInfo AuthConfig Limit
+#    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+#    <Limit GET POST OPTIONS>
+#        Order allow,deny
+#        Allow from all
+#    </Limit>
+#    <LimitExcept GET POST OPTIONS>
+#        Order deny,allow
+#        Deny from all
+#    </LimitExcept>
+#</Directory>
+
+#
+# DirectoryIndex: sets the file that Apache will serve if a directory
+# is requested.
+#
+# The index.html.var file (a type-map) is used to deliver content-
+# negotiated documents.  The MultiViews Option can be used for the 
+# same purpose, but it is much slower.
+#
+DirectoryIndex index.html index.html.var
+
+#
+# AccessFileName: The name of the file to look for in each directory
+# for additional configuration directives.  See also the AllowOverride
+# directive.
+#
+AccessFileName .htaccess
+
+#
+# The following lines prevent .htaccess and .htpasswd files from being 
+# viewed by Web clients. 
+#
+<Files ~ "^\.ht">
+    Order allow,deny
+    Deny from all
+</Files>
+
+#
+# TypesConfig describes where the mime.types file (or equivalent) is
+# to be found.
+#
+TypesConfig /etc/mime.types
+
+#
+# DefaultType is the default MIME type the server will use for a document
+# if it cannot otherwise determine one, such as from filename extensions.
+# If your server contains mostly text or HTML documents, "text/plain" is
+# a good value.  If most of your content is binary, such as applications
+# or images, you may want to use "application/octet-stream" instead to
+# keep browsers from trying to display binary files as though they are
+# text.
+#
+DefaultType text/plain
+
+#
+# The mod_mime_magic module allows the server to use various hints from the
+# contents of the file itself to determine its type.  The MIMEMagicFile
+# directive tells the module where the hint definitions are located.
+#
+<IfModule mod_mime_magic.c>
+#   MIMEMagicFile /usr/share/magic.mime
+    MIMEMagicFile conf/magic
+</IfModule>
+
+#
+# HostnameLookups: Log the names of clients or just their IP addresses
+# e.g., www.apache.org (on) or 204.62.129.132 (off).
+# The default is off because it'd be overall better for the net if people
+# had to knowingly turn this feature on, since enabling it means that
+# each client request will result in AT LEAST one lookup request to the
+# nameserver.
+#
+HostnameLookups Off
+
+#
+# EnableMMAP: Control whether memory-mapping is used to deliver
+# files (assuming that the underlying OS supports it).
+# The default is on; turn this off if you serve from NFS-mounted 
+# filesystems.  On some systems, turning it off (regardless of
+# filesystem) can improve performance; for details, please see
+# http://httpd.apache.org/docs/2.2/mod/core.html#enablemmap
+#
+#EnableMMAP off
+
+#
+# EnableSendfile: Control whether the sendfile kernel support is 
+# used to deliver files (assuming that the OS supports it). 
+# The default is on; turn this off if you serve from NFS-mounted 
+# filesystems.  Please see
+# http://httpd.apache.org/docs/2.2/mod/core.html#enablesendfile
+#
+#EnableSendfile off
+
+#
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a <VirtualHost>
+# container, error messages relating to that virtual host will be
+# logged here.  If you *do* define an error logfile for a <VirtualHost>
+# container, that host's errors will be logged there and not here.
+#
+ErrorLog logs/error_log
+
+#
+# LogLevel: Control the number of messages logged to the error_log.
+# Possible values include: debug, info, notice, warn, error, crit,
+# alert, emerg.
+#
+LogLevel warn
+
+#
+# The following directives define some format nicknames for use with
+# a CustomLog directive (see below).
+#
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %b" common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
+
+# "combinedio" includes actual counts of actual bytes received (%I) and sent (%O); this
+# requires the mod_logio module to be loaded.
+#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+
+#
+# The location and format of the access logfile (Common Logfile Format).
+# If you do not define any access logfiles within a <VirtualHost>
+# container, they will be logged here.  Contrariwise, if you *do*
+# define per-<VirtualHost> access logfiles, transactions will be
+# logged therein and *not* in this file.
+#
+#CustomLog logs/access_log common
+
+#
+# If you would like to have separate agent and referer logfiles, uncomment
+# the following directives.
+#
+#CustomLog logs/referer_log referer
+#CustomLog logs/agent_log agent
+
+#
+# For a single logfile with access, agent, and referer information
+# (Combined Logfile Format), use the following directive:
+#
+CustomLog logs/access_log combined
+
+#
+# Optionally add a line containing the server version and virtual host
+# name to server-generated pages (internal error documents, FTP directory
+# listings, mod_status and mod_info output etc., but not CGI generated
+# documents or custom error documents).
+# Set to "EMail" to also include a mailto: link to the ServerAdmin.
+# Set to one of:  On | Off | EMail
+#
+ServerSignature On
+
+#
+# Aliases: Add here as many aliases as you need (with no limit). The format is 
+# Alias fakename realname
+#
+# Note that if you include a trailing / on fakename then the server will
+# require it to be present in the URL.  So "/icons" isn't aliased in this
+# example, only "/icons/".  If the fakename is slash-terminated, then the 
+# realname must also be slash terminated, and if the fakename omits the 
+# trailing slash, the realname must also omit it.
+#
+# We include the /icons/ alias for FancyIndexed directory listings.  If you
+# do not use FancyIndexing, you may comment this out.
+#
+Alias /icons/ "/var/www/icons/"
+
+<Directory "/var/www/icons">
+    Options Indexes MultiViews
+    AllowOverride None
+    Order allow,deny
+    Allow from all
+</Directory>
+
+#
+# WebDAV module configuration section.
+# 
+<IfModule mod_dav_fs.c>
+    # Location of the WebDAV lock database.
+    DAVLockDB /var/lib/dav/lockdb
+</IfModule>
+
+#
+# ScriptAlias: This controls which directories contain server scripts.
+# ScriptAliases are essentially the same as Aliases, except that
+# documents in the realname directory are treated as applications and
+# run by the server when requested rather than as documents sent to the client.
+# The same rules about trailing "/" apply to ScriptAlias directives as to
+# Alias.
+#
+ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
+
+#
+# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
+# CGI directory exists, if you have that configured.
+#
+<Directory "/var/www/cgi-bin">
+    AllowOverride None
+    Options None
+    Order allow,deny
+    Allow from all
+</Directory>
+
+#
+# Redirect allows you to tell clients about documents which used to exist in
+# your server's namespace, but do not anymore. This allows you to tell the
+# clients where to look for the relocated document.
+# Example:
+# Redirect permanent /foo http://www.example.com/bar
+
+#
+# Directives controlling the display of server-generated directory listings.
+#
+
+#
+# IndexOptions: Controls the appearance of server-generated directory
+# listings.
+#
+IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
+
+#
+# AddIcon* directives tell the server which icon to show for different
+# files or filename extensions.  These are only displayed for
+# FancyIndexed directories.
+#
+AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
+
+AddIconByType (TXT,/icons/text.gif) text/*
+AddIconByType (IMG,/icons/image2.gif) image/*
+AddIconByType (SND,/icons/sound2.gif) audio/*
+AddIconByType (VID,/icons/movie.gif) video/*
+
+AddIcon /icons/binary.gif .bin .exe
+AddIcon /icons/binhex.gif .hqx
+AddIcon /icons/tar.gif .tar
+AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
+AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
+AddIcon /icons/a.gif .ps .ai .eps
+AddIcon /icons/layout.gif .html .shtml .htm .pdf
+AddIcon /icons/text.gif .txt
+AddIcon /icons/c.gif .c
+AddIcon /icons/p.gif .pl .py
+AddIcon /icons/f.gif .for
+AddIcon /icons/dvi.gif .dvi
+AddIcon /icons/uuencoded.gif .uu
+AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
+AddIcon /icons/tex.gif .tex
+AddIcon /icons/bomb.gif core
+
+AddIcon /icons/back.gif ..
+AddIcon /icons/hand.right.gif README
+AddIcon /icons/folder.gif ^^DIRECTORY^^
+AddIcon /icons/blank.gif ^^BLANKICON^^
+
+#
+# DefaultIcon is which icon to show for files which do not have an icon
+# explicitly set.
+#
+DefaultIcon /icons/unknown.gif
+
+#
+# AddDescription allows you to place a short description after a file in
+# server-generated indexes.  These are only displayed for FancyIndexed
+# directories.
+# Format: AddDescription "description" filename
+#
+#AddDescription "GZIP compressed document" .gz
+#AddDescription "tar archive" .tar
+#AddDescription "GZIP compressed tar archive" .tgz
+
+#
+# ReadmeName is the name of the README file the server will look for by
+# default, and append to directory listings.
+#
+# HeaderName is the name of a file which should be prepended to
+# directory indexes. 
+ReadmeName README.html
+HeaderName HEADER.html
+
+#
+# IndexIgnore is a set of filenames which directory indexing should ignore
+# and not include in the listing.  Shell-style wildcarding is permitted.
+#
+IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
+
+#
+# DefaultLanguage and AddLanguage allows you to specify the language of 
+# a document. You can then use content negotiation to give a browser a 
+# file in a language the user can understand.
+#
+# Specify a default language. This means that all data
+# going out without a specific language tag (see below) will 
+# be marked with this one. You probably do NOT want to set
+# this unless you are sure it is correct for all cases.
+#
+# * It is generally better to not mark a page as 
+# * being a certain language than marking it with the wrong
+# * language!
+#
+# DefaultLanguage nl
+#
+# Note 1: The suffix does not have to be the same as the language
+# keyword --- those with documents in Polish (whose net-standard
+# language code is pl) may wish to use "AddLanguage pl .po" to
+# avoid the ambiguity with the common suffix for perl scripts.
+#
+# Note 2: The example entries below illustrate that in some cases 
+# the two character 'Language' abbreviation is not identical to 
+# the two character 'Country' code for its country,
+# E.g. 'Danmark/dk' versus 'Danish/da'.
+#
+# Note 3: In the case of 'ltz' we violate the RFC by using a three char
+# specifier. There is 'work in progress' to fix this and get
+# the reference data for rfc1766 cleaned up.
+#
+# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
+# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
+# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
+# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
+# Norwegian (no) - Polish (pl) - Portugese (pt)
+# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
+# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
+#
+AddLanguage ca .ca
+AddLanguage cs .cz .cs
+AddLanguage da .dk
+AddLanguage de .de
+AddLanguage el .el
+AddLanguage en .en
+AddLanguage eo .eo
+AddLanguage es .es
+AddLanguage et .et
+AddLanguage fr .fr
+AddLanguage he .he
+AddLanguage hr .hr
+AddLanguage it .it
+AddLanguage ja .ja
+AddLanguage ko .ko
+AddLanguage ltz .ltz
+AddLanguage nl .nl
+AddLanguage nn .nn
+AddLanguage no .no
+AddLanguage pl .po
+AddLanguage pt .pt
+AddLanguage pt-BR .pt-br
+AddLanguage ru .ru
+AddLanguage sv .sv
+AddLanguage zh-CN .zh-cn
+AddLanguage zh-TW .zh-tw
+
+#
+# LanguagePriority allows you to give precedence to some languages
+# in case of a tie during content negotiation.
+#
+# Just list the languages in decreasing order of preference. We have
+# more or less alphabetized them here. You probably want to change this.
+#
+LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
+
+#
+# ForceLanguagePriority allows you to serve a result page rather than
+# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
+# [in case no accepted languages matched the available variants]
+#
+ForceLanguagePriority Prefer Fallback
+
+#
+# Specify a default charset for all content served; this enables
+# interpretation of all content as UTF-8 by default.  To use the 
+# default browser choice (ISO-8859-1), or to allow the META tags
+# in HTML content to override this choice, comment out this
+# directive:
+#
+AddDefaultCharset UTF-8
+
+#
+# AddType allows you to add to or override the MIME configuration
+# file mime.types for specific file types.
+#
+#AddType application/x-tar .tgz
+
+#
+# AddEncoding allows you to have certain browsers uncompress
+# information on the fly. Note: Not all browsers support this.
+# Despite the name similarity, the following Add* directives have nothing
+# to do with the FancyIndexing customization directives above.
+#
+#AddEncoding x-compress .Z
+#AddEncoding x-gzip .gz .tgz
+
+# If the AddEncoding directives above are commented-out, then you
+# probably should define those extensions to indicate media types:
+#
+AddType application/x-compress .Z
+AddType application/x-gzip .gz .tgz
+
+#
+# AddHandler allows you to map certain file extensions to "handlers":
+# actions unrelated to filetype. These can be either built into the server
+# or added with the Action directive (see below)
+#
+# To use CGI scripts outside of ScriptAliased directories:
+# (You will also need to add "ExecCGI" to the "Options" directive.)
+#
+#AddHandler cgi-script .cgi
+
+#
+# For files that include their own HTTP headers:
+#
+#AddHandler send-as-is asis
+
+#
+# For type maps (negotiated resources):
+# (This is enabled by default to allow the Apache "It Worked" page
+#  to be distributed in multiple languages.)
+#
+AddHandler type-map var
+
+#
+# Filters allow you to process content before it is sent to the client.
+#
+# To parse .shtml files for server-side includes (SSI):
+# (You will also need to add "Includes" to the "Options" directive.)
+#
+AddType text/html .shtml
+AddOutputFilter INCLUDES .shtml
+
+#
+# Action lets you define media types that will execute a script whenever
+# a matching file is called. This eliminates the need for repeated URL
+# pathnames for oft-used CGI file processors.
+# Format: Action media/type /cgi-script/location
+# Format: Action handler-name /cgi-script/location
+#
+
+#
+# Customizable error responses come in three flavors:
+# 1) plain text 2) local redirects 3) external redirects
+#
+# Some examples:
+#ErrorDocument 500 "The server made a boo boo."
+#ErrorDocument 404 /missing.html
+#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
+#ErrorDocument 402 http://www.example.com/subscription_info.html
+#
+
+#
+# Putting this all together, we can internationalize error responses.
+#
+# We use Alias to redirect any /error/HTTP_<error>.html.var response to
+# our collection of by-error message multi-language collections.  We use 
+# includes to substitute the appropriate text.
+#
+# You can modify the messages' appearance without changing any of the
+# default HTTP_<error>.html.var files by adding the line:
+#
+#   Alias /error/include/ "/your/include/path/"
+#
+# which allows you to create your own set of files by starting with the
+# /var/www/error/include/ files and
+# copying them to /your/include/path/, even on a per-VirtualHost basis.
+#
+
+Alias /error/ "/var/www/error/"
+
+<IfModule mod_negotiation.c>
+<IfModule mod_include.c>
+    <Directory "/var/www/error">
+        AllowOverride None
+        Options IncludesNoExec
+        AddOutputFilter Includes html
+        AddHandler type-map var
+        Order allow,deny
+        Allow from all
+        LanguagePriority en es de fr
+        ForceLanguagePriority Prefer Fallback
+    </Directory>
+
+#    ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
+#    ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
+#    ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
+#    ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
+#    ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
+#    ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
+#    ErrorDocument 410 /error/HTTP_GONE.html.var
+#    ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
+#    ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
+#    ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
+#    ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
+#    ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
+#    ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
+#    ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
+#    ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
+#    ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
+#    ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
+
+</IfModule>
+</IfModule>
+
+#
+# The following directives modify normal HTTP response behavior to
+# handle known problems with browser implementations.
+#
+BrowserMatch "Mozilla/2" nokeepalive
+BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
+BrowserMatch "RealPlayer 4\.0" force-response-1.0
+BrowserMatch "Java/1\.0" force-response-1.0
+BrowserMatch "JDK/1\.0" force-response-1.0
+
+#
+# The following directive disables redirects on non-GET requests for
+# a directory that does not include the trailing slash.  This fixes a 
+# problem with Microsoft WebFolders which does not appropriately handle 
+# redirects for folders with DAV methods.
+# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
+#
+BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
+BrowserMatch "MS FrontPage" redirect-carefully
+BrowserMatch "^WebDrive" redirect-carefully
+BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
+BrowserMatch "^gnome-vfs/1.0" redirect-carefully
+BrowserMatch "^XML Spy" redirect-carefully
+BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
+
+#
+# Allow server status reports generated by mod_status,
+# with the URL of http://servername/server-status
+# Change the ".example.com" to match your domain to enable.
+#
+#<Location /server-status>
+#    SetHandler server-status
+#    Order deny,allow
+#    Deny from all
+#    Allow from .example.com
+#</Location>
+
+#
+# Allow remote server configuration reports, with the URL of
+#  http://servername/server-info (requires that mod_info.c be loaded).
+# Change the ".example.com" to match your domain to enable.
+#
+#<Location /server-info>
+#    SetHandler server-info
+#    Order deny,allow
+#    Deny from all
+#    Allow from .example.com
+#</Location>
+
+#
+# Proxy Server directives. Uncomment the following lines to
+# enable the proxy server:
+#
+#<IfModule mod_proxy.c>
+#ProxyRequests On
+#
+#<Proxy *>
+#    Order deny,allow
+#    Deny from all
+#    Allow from .example.com
+#</Proxy>
+
+#
+# Enable/disable the handling of HTTP/1.1 "Via:" headers.
+# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
+# Set to one of: Off | On | Full | Block
+#
+#ProxyVia On
+
+#
+# To enable a cache of proxied content, uncomment the following lines.
+# See http://httpd.apache.org/docs/2.2/mod/mod_cache.html for more details.
+#
+#<IfModule mod_disk_cache.c>
+#   CacheEnable disk /
+#   CacheRoot "/var/cache/mod_proxy"
+#</IfModule>
+#
+
+#</IfModule>
+# End of proxy directives.
+
+### Section 3: Virtual Hosts
+#
+# VirtualHost: If you want to maintain multiple domains/hostnames on your
+# machine you can setup VirtualHost containers for them. Most configurations
+# use only name-based virtual hosts so the server doesn't need to worry about
+# IP addresses. This is indicated by the asterisks in the directives below.
+#
+# Please see the documentation at 
+# <URL:http://httpd.apache.org/docs/2.2/vhosts/>
+# for further details before you try to setup virtual hosts.
+#
+# You may use the command line option '-S' to verify your virtual host
+# configuration.
+
+#
+# Use name-based virtual hosting.
+#
+#NameVirtualHost *:80
+#
+# NOTE: NameVirtualHost cannot be used without a port specifier 
+# (e.g. :80) if mod_ssl is being used, due to the nature of the
+# SSL protocol.
+#
+
+#
+# VirtualHost example:
+# Almost any Apache directive may go into a VirtualHost container.
+# The first VirtualHost section is used for requests without a known
+# server name.
+#
+#<VirtualHost *:80>
+#    ServerAdmin webmaster@dummy-host.example.com
+#    DocumentRoot /www/docs/dummy-host.example.com
+#    ServerName dummy-host.example.com
+#    ErrorLog logs/dummy-host.example.com-error_log
+#    CustomLog logs/dummy-host.example.com-access_log common
+#</VirtualHost>
diff --git a/Chapter 4/modules/apache/manifests/.DS_Store b/Chapter 4/modules/apache/manifests/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..ac94a9331d33df897332fb5b9c20c8f01c27ccb8
GIT binary patch
literal 6148
zcmeHKJ8r`;3?*9+0kUN5s4L_Kg5jPZ7YI@}Kmem2((aymt{$zApCN`(po6mnj{x-~
zicf;xV45PL?N`4S*@?&oZYbY2EY0@K7xt791;TO0hg{?nK4SJiGwxP;d6zSIxBP2=
zeH%{WI9Lje3Qz$mKn17(6<A4uEUcUDO6TzyDnJDuM*;gj6u4ncoC5vRfx%k<V1uw5
z=H5#Hiv@r+aSB8Pra=V;RkOv=pd(%~uO?1`K^M*DL-S_M4n_TToL@X$v<7md0#snG
zz;i5jR{vk&fAs%z5?54!3Otko+H{Am#gnqOE*@vKw!n{Y%lUzuVeS+RUXFoYj<K+E
e{NhQGS8R^`nm7eI9dV}v`7>a;(5S$@75D`=I2IWI

literal 0
HcmV?d00001

diff --git a/Chapter 4/modules/apache/manifests/apache_files.pp b/Chapter 4/modules/apache/manifests/apache_files.pp
new file mode 100644
index 0000000..5c1f3d0
--- /dev/null
+++ b/Chapter 4/modules/apache/manifests/apache_files.pp	
@@ -0,0 +1,13 @@
+define apache::apache_files($owner = root, $group = root, $mode = 644, $source, $backup = false, $recurse = false, $ensure = file) {
+
+    file { $name:
+       mode    => $mode,
+       owner   => $owner,
+       group   => $group,
+       backup  => $backup,
+       recurse => $recurse,
+       ensure  => $ensure,
+       require => Package["httpd"],
+       source  => "puppet:///apache/$source"
+    }
+}
diff --git a/Chapter 4/modules/apache/manifests/init.pp b/Chapter 4/modules/apache/manifests/init.pp
new file mode 100644
index 0000000..c0085df
--- /dev/null
+++ b/Chapter 4/modules/apache/manifests/init.pp	
@@ -0,0 +1,21 @@
+class apache {
+
+$packagelist = ["httpd", "webalizer", "mod_ssl"]
+
+package { $packagelist:
+       ensure => "installed"
+}
+
+apache::apache_files {
+
+"/etc/httpd/conf/httpd.conf":
+   source => "puppet:///apache/httpd.conf"      
+}
+
+service { "httpd":
+       enable     => "true",
+       ensure     => "running",
+       hasrestart => "true",
+       require    => Package["httpd"]
+}
+}
diff --git a/Chapter 4/modules/apache/manifests/virtual_hosts.pp b/Chapter 4/modules/apache/manifests/virtual_hosts.pp
new file mode 100644
index 0000000..a705b96
--- /dev/null
+++ b/Chapter 4/modules/apache/manifests/virtual_hosts.pp	
@@ -0,0 +1,19 @@
+define apache::virtual_host($ip, $ensure = "enabled") {
+   $file = "/etc/httpd/conf.d/$name.conf"
+   $document_root = "/var/www/html/$name"
+
+   file { $file:
+       ensure  => $ensure ? {
+           enabled  => present,
+           disabled => absent },
+       content => template("apache/virtual_host.erb"),
+       notify  => Service["httpd"]
+   }
+ 
+   file { $document_root:
+       ensure  => $ensure ? {
+           enabled  => directory,
+           disabled => absent },
+       require => File["$file"]   
+   }
+}
diff --git a/Chapter 4/modules/apache/templates/virtual_host.erb b/Chapter 4/modules/apache/templates/virtual_host.erb
new file mode 100644
index 0000000..f61f82a
--- /dev/null
+++ b/Chapter 4/modules/apache/templates/virtual_host.erb	
@@ -0,0 +1,4 @@
+<VirtualHost <%= ip %>>
+DocumentRoot <%= document_root %>
+ServerName <%= name %>
+</VirtualHost>
diff --git a/Chapter 4/modules/mysql/.DS_Store b/Chapter 4/modules/mysql/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..45c854f59e204f37874cc364b324218b74afe759
GIT binary patch
literal 6148
zcmeHKIZgvX5Ud6x*&=aBIA7ogE6aWXAK);SkQN-+<QwrWo<{YNj8;faNKm!ZQ`6Us
zwu0?x0Jizu-ves^OR6Kje3^^KU1xGt9!HBaPW#i#_<TH$G%pjcy}<!*81ag(euZ~D
z;e(-rhj8x0mz}RHF(3xSfEW-1VxVWBn)LFvcgqq3Vn7V|n;wnoI22Ba@$29cBLHzh
zcL?_}OAwnoh(qC&NDsxbl$fPfBZg%;{jKtb!YMJ!VR19hshh1P6pP#GZ;=ig619o}
zG0-z`o#xv6|Bm|0{NESJ5(8r3Uol{d?ZbA%PpaNJ`#A5ljrvISoNuZN_ff(n+A%TO
iF%56WcafBN&G(ECg;Qdb(;wwTJqDZ?i5U2627UnLM;qq=

literal 0
HcmV?d00001

diff --git a/Chapter 4/modules/mysql/files/my.cnf b/Chapter 4/modules/mysql/files/my.cnf
new file mode 100644
index 0000000..2e035c8
--- /dev/null
+++ b/Chapter 4/modules/mysql/files/my.cnf	
@@ -0,0 +1,11 @@
+[mysqld]
+datadir=/var/lib/mysql
+socket=/var/lib/mysql/mysql.sock
+user=mysql
+# Default to using old password format for compatibility with mysql 3.x
+# clients (those using the mysqlclient10 compatibility package).
+old_passwords=1
+
+[mysqld_safe]
+log-error=/var/log/mysqld.log
+pid-file=/var/run/mysqld/mysqld.pid
diff --git a/Chapter 4/modules/mysql/manifests/init.pp b/Chapter 4/modules/mysql/manifests/init.pp
new file mode 100644
index 0000000..4380373
--- /dev/null
+++ b/Chapter 4/modules/mysql/manifests/init.pp	
@@ -0,0 +1,22 @@
+class mysql {
+
+$packagelist = ["mysql", "mysql-server", "mysql-libs"]
+
+package { $packagelist: 
+       ensure => installed }
+
+file { "/etc/my.cnf":
+       owner   => "root",
+       group   => "root",
+       mode    => "0644",
+       replace => true,
+       source  => "puppet:///mysql/my.cnf",
+       require => Package["mysql-libs"]
+}
+
+service { mysqld:
+       enable  => "true",
+       ensure  => "running",
+       require => File["/etc/my.cnf"]
+}
+}
diff --git a/Chapter 4/modules/postfix/.DS_Store b/Chapter 4/modules/postfix/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..28dc88e61c8dd8c8e903ceab720c37aa1f6c5e1e
GIT binary patch
literal 6148
zcmeHKOHRWu5S@V{6|w1(rH=qNu&QzbE&yo>ie!>S3fcM$oR~Ks77>wH6{%=OvftSA
zvGb&OY$D?A`{ABwLquydK^A2}WO~tb;m#`{YmV_S?n^Ta1;g_Y+4~i>)KQ@qn(hCZ
z-sqWnm|8K>@mF&@b$3k}8srp0Rl0ruA?!dF61LMgm7#xy^;3PK3kHILU?3O>22Ra@
z7wPrQsTYd;!9Xx@b_~e*kkACPV>Q&H1D!qrfO3sifv#6yV3G-7cC3b&fv|-FEtLI<
z!G3dQ3x_?se>JplVqF<|eC6-Q3;V^Jle!aU!{~#7U|`O`r42Vy{~z!xEk5$+Au$RD
zf`Na=0IznByDdJ-YwM5ClUke5p3p?ZuZjYJuB8~Lr5FP_M{d<<_9Qy&*|8c*7Ma&@
PU|a;0km!PeKVaYskd7-f

literal 0
HcmV?d00001

diff --git a/Chapter 4/modules/postfix/files/aliases.db b/Chapter 4/modules/postfix/files/aliases.db
new file mode 100644
index 0000000..b6d3de6
--- /dev/null
+++ b/Chapter 4/modules/postfix/files/aliases.db	
@@ -0,0 +1 @@
+root  dennis
diff --git a/Chapter 4/modules/postfix/files/main.cf b/Chapter 4/modules/postfix/files/main.cf
new file mode 100644
index 0000000..d88d18c
--- /dev/null
+++ b/Chapter 4/modules/postfix/files/main.cf	
@@ -0,0 +1,667 @@
+# Global Postfix configuration file. This file lists only a subset
+# of all parameters. For the syntax, and for a complete parameter
+# list, see the postconf(5) manual page (command: "man 5 postconf").
+#
+# For common configuration examples, see BASIC_CONFIGURATION_README
+# and STANDARD_CONFIGURATION_README. To find these documents, use
+# the command "postconf html_directory readme_directory", or go to
+# http://www.postfix.org/.
+#
+# For best results, change no more than 2-3 parameters at a time,
+# and test if Postfix still works after every change.
+
+# SOFT BOUNCE
+#
+# The soft_bounce parameter provides a limited safety net for
+# testing.  When soft_bounce is enabled, mail will remain queued that
+# would otherwise bounce. This parameter disables locally-generated
+# bounces, and prevents the SMTP server from rejecting mail permanently
+# (by changing 5xx replies into 4xx replies). However, soft_bounce
+# is no cure for address rewriting mistakes or mail routing mistakes.
+#
+#soft_bounce = no
+
+# LOCAL PATHNAME INFORMATION
+#
+# The queue_directory specifies the location of the Postfix queue.
+# This is also the root directory of Postfix daemons that run chrooted.
+# See the files in examples/chroot-setup for setting up Postfix chroot
+# environments on different UNIX systems.
+#
+queue_directory = /var/spool/postfix
+
+# The command_directory parameter specifies the location of all
+# postXXX commands.
+#
+command_directory = /usr/sbin
+
+# The daemon_directory parameter specifies the location of all Postfix
+# daemon programs (i.e. programs listed in the master.cf file). This
+# directory must be owned by root.
+#
+daemon_directory = /usr/libexec/postfix
+
+# QUEUE AND PROCESS OWNERSHIP
+#
+# The mail_owner parameter specifies the owner of the Postfix queue
+# and of most Postfix daemon processes.  Specify the name of a user
+# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
+# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.  In
+# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
+# USER.
+#
+mail_owner = postfix
+
+# The default_privs parameter specifies the default rights used by
+# the local delivery agent for delivery to external file or command.
+# These rights are used in the absence of a recipient user context.
+# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
+#
+#default_privs = nobody
+
+# INTERNET HOST AND DOMAIN NAMES
+# 
+# The myhostname parameter specifies the internet hostname of this
+# mail system. The default is to use the fully-qualified domain name
+# from gethostname(). $myhostname is used as a default value for many
+# other configuration parameters.
+#
+#myhostname = host.domain.tld
+#myhostname = virtual.domain.tld
+
+# The mydomain parameter specifies the local internet domain name.
+# The default is to use $myhostname minus the first component.
+# $mydomain is used as a default value for many other configuration
+# parameters.
+#
+#mydomain = domain.tld
+
+# SENDING MAIL
+# 
+# The myorigin parameter specifies the domain that locally-posted
+# mail appears to come from. The default is to append $myhostname,
+# which is fine for small sites.  If you run a domain with multiple
+# machines, you should (1) change this to $mydomain and (2) set up
+# a domain-wide alias database that aliases each user to
+# user@that.users.mailhost.
+#
+# For the sake of consistency between sender and recipient addresses,
+# myorigin also specifies the default domain name that is appended
+# to recipient addresses that have no @domain part.
+#
+#myorigin = $myhostname
+#myorigin = $mydomain
+
+# RECEIVING MAIL
+
+# The inet_interfaces parameter specifies the network interface
+# addresses that this mail system receives mail on.  By default,
+# the software claims all active interfaces on the machine. The
+# parameter also controls delivery of mail to user@[ip.address].
+#
+# See also the proxy_interfaces parameter, for network addresses that
+# are forwarded to us via a proxy or network address translator.
+#
+# Note: you need to stop/start Postfix when this parameter changes.
+#
+#inet_interfaces = all
+#inet_interfaces = $myhostname
+#inet_interfaces = $myhostname, localhost
+inet_interfaces = localhost
+
+# The proxy_interfaces parameter specifies the network interface
+# addresses that this mail system receives mail on by way of a
+# proxy or network address translation unit. This setting extends
+# the address list specified with the inet_interfaces parameter.
+#
+# You must specify your proxy/NAT addresses when your system is a
+# backup MX host for other domains, otherwise mail delivery loops
+# will happen when the primary MX host is down.
+#
+#proxy_interfaces =
+#proxy_interfaces = 1.2.3.4
+
+# The mydestination parameter specifies the list of domains that this
+# machine considers itself the final destination for.
+#
+# These domains are routed to the delivery agent specified with the
+# local_transport parameter setting. By default, that is the UNIX
+# compatible delivery agent that lookups all recipients in /etc/passwd
+# and /etc/aliases or their equivalent.
+#
+# The default is $myhostname + localhost.$mydomain.  On a mail domain
+# gateway, you should also include $mydomain.
+#
+# Do not specify the names of virtual domains - those domains are
+# specified elsewhere (see VIRTUAL_README).
+#
+# Do not specify the names of domains that this machine is backup MX
+# host for. Specify those names via the relay_domains settings for
+# the SMTP server, or use permit_mx_backup if you are lazy (see
+# STANDARD_CONFIGURATION_README).
+#
+# The local machine is always the final destination for mail addressed
+# to user@[the.net.work.address] of an interface that the mail system
+# receives mail on (see the inet_interfaces parameter).
+#
+# Specify a list of host or domain names, /file/name or type:table
+# patterns, separated by commas and/or whitespace. A /file/name
+# pattern is replaced by its contents; a type:table is matched when
+# a name matches a lookup key (the right-hand side is ignored).
+# Continue long lines by starting the next line with whitespace.
+#
+# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
+#
+mydestination = $myhostname, localhost.$mydomain, localhost
+#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
+#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
+#	mail.$mydomain, www.$mydomain, ftp.$mydomain
+
+# REJECTING MAIL FOR UNKNOWN LOCAL USERS
+#
+# The local_recipient_maps parameter specifies optional lookup tables
+# with all names or addresses of users that are local with respect
+# to $mydestination, $inet_interfaces or $proxy_interfaces.
+#
+# If this parameter is defined, then the SMTP server will reject
+# mail for unknown local users. This parameter is defined by default.
+#
+# To turn off local recipient checking in the SMTP server, specify
+# local_recipient_maps = (i.e. empty).
+#
+# The default setting assumes that you use the default Postfix local
+# delivery agent for local delivery. You need to update the
+# local_recipient_maps setting if:
+#
+# - You define $mydestination domain recipients in files other than
+#   /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
+#   For example, you define $mydestination domain recipients in    
+#   the $virtual_mailbox_maps files.
+#
+# - You redefine the local delivery agent in master.cf.
+#
+# - You redefine the "local_transport" setting in main.cf.
+#
+# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
+#   feature of the Postfix local delivery agent (see local(8)).
+#
+# Details are described in the LOCAL_RECIPIENT_README file.
+#
+# Beware: if the Postfix SMTP server runs chrooted, you probably have
+# to access the passwd file via the proxymap service, in order to
+# overcome chroot restrictions. The alternative, having a copy of
+# the system passwd file in the chroot jail is just not practical.
+#
+# The right-hand side of the lookup tables is conveniently ignored.
+# In the left-hand side, specify a bare username, an @domain.tld
+# wild-card, or specify a user@domain.tld address.
+# 
+#local_recipient_maps = unix:passwd.byname $alias_maps
+#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
+#local_recipient_maps =
+
+# The unknown_local_recipient_reject_code specifies the SMTP server
+# response code when a recipient domain matches $mydestination or
+# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
+# and the recipient address or address local-part is not found.
+#
+# The default setting is 550 (reject mail) but it is safer to start
+# with 450 (try again later) until you are certain that your
+# local_recipient_maps settings are OK.
+#
+unknown_local_recipient_reject_code = 550
+
+# TRUST AND RELAY CONTROL
+
+# The mynetworks parameter specifies the list of "trusted" SMTP
+# clients that have more privileges than "strangers".
+#
+# In particular, "trusted" SMTP clients are allowed to relay mail
+# through Postfix.  See the smtpd_recipient_restrictions parameter
+# in postconf(5).
+#
+# You can specify the list of "trusted" network addresses by hand
+# or you can let Postfix do it for you (which is the default).
+#
+# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
+# clients in the same IP subnetworks as the local machine.
+# On Linux, this does works correctly only with interfaces specified
+# with the "ifconfig" command.
+# 
+# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
+# clients in the same IP class A/B/C networks as the local machine.
+# Don't do this with a dialup site - it would cause Postfix to "trust"
+# your entire provider's network.  Instead, specify an explicit
+# mynetworks list by hand, as described below.
+#  
+# Specify "mynetworks_style = host" when Postfix should "trust"
+# only the local machine.
+# 
+#mynetworks_style = class
+#mynetworks_style = subnet
+#mynetworks_style = host
+
+# Alternatively, you can specify the mynetworks list by hand, in
+# which case Postfix ignores the mynetworks_style setting.
+#
+# Specify an explicit list of network/netmask patterns, where the
+# mask specifies the number of bits in the network part of a host
+# address.
+#
+# You can also specify the absolute pathname of a pattern file instead
+# of listing the patterns here. Specify type:table for table-based lookups
+# (the value on the table right-hand side is not used).
+#
+#mynetworks = 168.100.189.0/28, 127.0.0.0/8
+#mynetworks = $config_directory/mynetworks
+#mynetworks = hash:/etc/postfix/network_table
+
+# The relay_domains parameter restricts what destinations this system will
+# relay mail to.  See the smtpd_recipient_restrictions description in
+# postconf(5) for detailed information.
+#
+# By default, Postfix relays mail
+# - from "trusted" clients (IP address matches $mynetworks) to any destination,
+# - from "untrusted" clients to destinations that match $relay_domains or
+#   subdomains thereof, except addresses with sender-specified routing.
+# The default relay_domains value is $mydestination.
+# 
+# In addition to the above, the Postfix SMTP server by default accepts mail
+# that Postfix is final destination for:
+# - destinations that match $inet_interfaces or $proxy_interfaces,
+# - destinations that match $mydestination
+# - destinations that match $virtual_alias_domains,
+# - destinations that match $virtual_mailbox_domains.
+# These destinations do not need to be listed in $relay_domains.
+# 
+# Specify a list of hosts or domains, /file/name patterns or type:name
+# lookup tables, separated by commas and/or whitespace.  Continue
+# long lines by starting the next line with whitespace. A file name
+# is replaced by its contents; a type:name table is matched when a
+# (parent) domain appears as lookup key.
+#
+# NOTE: Postfix will not automatically forward mail for domains that
+# list this system as their primary or backup MX host. See the
+# permit_mx_backup restriction description in postconf(5).
+#
+#relay_domains = $mydestination
+
+# INTERNET OR INTRANET
+
+# The relayhost parameter specifies the default host to send mail to
+# when no entry is matched in the optional transport(5) table. When
+# no relayhost is given, mail is routed directly to the destination.
+#
+# On an intranet, specify the organizational domain name. If your
+# internal DNS uses no MX records, specify the name of the intranet
+# gateway host instead.
+#
+# In the case of SMTP, specify a domain, host, host:port, [host]:port,
+# [address] or [address]:port; the form [host] turns off MX lookups.
+#
+# If you're connected via UUCP, see also the default_transport parameter.
+#
+#relayhost = $mydomain
+#relayhost = [gateway.my.domain]
+#relayhost = [mailserver.isp.tld]
+#relayhost = uucphost
+#relayhost = [an.ip.add.ress]
+
+# REJECTING UNKNOWN RELAY USERS
+#
+# The relay_recipient_maps parameter specifies optional lookup tables
+# with all addresses in the domains that match $relay_domains.
+#
+# If this parameter is defined, then the SMTP server will reject
+# mail for unknown relay users. This feature is off by default.
+#
+# The right-hand side of the lookup tables is conveniently ignored.
+# In the left-hand side, specify an @domain.tld wild-card, or specify
+# a user@domain.tld address.
+# 
+#relay_recipient_maps = hash:/etc/postfix/relay_recipients
+
+# INPUT RATE CONTROL
+#
+# The in_flow_delay configuration parameter implements mail input
+# flow control. This feature is turned on by default, although it
+# still needs further development (it's disabled on SCO UNIX due
+# to an SCO bug).
+# 
+# A Postfix process will pause for $in_flow_delay seconds before
+# accepting a new message, when the message arrival rate exceeds the
+# message delivery rate. With the default 100 SMTP server process
+# limit, this limits the mail inflow to 100 messages a second more
+# than the number of messages delivered per second.
+# 
+# Specify 0 to disable the feature. Valid delays are 0..10.
+# 
+#in_flow_delay = 1s
+
+# ADDRESS REWRITING
+#
+# The ADDRESS_REWRITING_README document gives information about
+# address masquerading or other forms of address rewriting including
+# username->Firstname.Lastname mapping.
+
+# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
+#
+# The VIRTUAL_README document gives information about the many forms
+# of domain hosting that Postfix supports.
+
+# "USER HAS MOVED" BOUNCE MESSAGES
+#
+# See the discussion in the ADDRESS_REWRITING_README document.
+
+# TRANSPORT MAP
+#
+# See the discussion in the ADDRESS_REWRITING_README document.
+
+# ALIAS DATABASE
+#
+# The alias_maps parameter specifies the list of alias databases used
+# by the local delivery agent. The default list is system dependent.
+#
+# On systems with NIS, the default is to search the local alias
+# database, then the NIS alias database. See aliases(5) for syntax
+# details.
+# 
+# If you change the alias database, run "postalias /etc/aliases" (or
+# wherever your system stores the mail alias file), or simply run
+# "newaliases" to build the necessary DBM or DB file.
+#
+# It will take a minute or so before changes become visible.  Use
+# "postfix reload" to eliminate the delay.
+#
+#alias_maps = dbm:/etc/aliases
+alias_maps = hash:/etc/aliases
+#alias_maps = hash:/etc/aliases, nis:mail.aliases
+#alias_maps = netinfo:/aliases
+
+# The alias_database parameter specifies the alias database(s) that
+# are built with "newaliases" or "sendmail -bi".  This is a separate
+# configuration parameter, because alias_maps (see above) may specify
+# tables that are not necessarily all under control by Postfix.
+#
+#alias_database = dbm:/etc/aliases
+#alias_database = dbm:/etc/mail/aliases
+alias_database = hash:/etc/aliases
+#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
+
+# ADDRESS EXTENSIONS (e.g., user+foo)
+#
+# The recipient_delimiter parameter specifies the separator between
+# user names and address extensions (user+foo). See canonical(5),
+# local(8), relocated(5) and virtual(5) for the effects this has on
+# aliases, canonical, virtual, relocated and .forward file lookups.
+# Basically, the software tries user+foo and .forward+foo before
+# trying user and .forward.
+#
+#recipient_delimiter = +
+
+# DELIVERY TO MAILBOX
+#
+# The home_mailbox parameter specifies the optional pathname of a
+# mailbox file relative to a user's home directory. The default
+# mailbox file is /var/spool/mail/user or /var/mail/user.  Specify
+# "Maildir/" for qmail-style delivery (the / is required).
+#
+#home_mailbox = Mailbox
+#home_mailbox = Maildir/
+ 
+# The mail_spool_directory parameter specifies the directory where
+# UNIX-style mailboxes are kept. The default setting depends on the
+# system type.
+#
+#mail_spool_directory = /var/mail
+#mail_spool_directory = /var/spool/mail
+
+# The mailbox_command parameter specifies the optional external
+# command to use instead of mailbox delivery. The command is run as
+# the recipient with proper HOME, SHELL and LOGNAME environment settings.
+# Exception:  delivery for root is done as $default_user.
+#
+# Other environment variables of interest: USER (recipient username),
+# EXTENSION (address extension), DOMAIN (domain part of address),
+# and LOCAL (the address localpart).
+#
+# Unlike other Postfix configuration parameters, the mailbox_command
+# parameter is not subjected to $parameter substitutions. This is to
+# make it easier to specify shell syntax (see example below).
+#
+# Avoid shell meta characters because they will force Postfix to run
+# an expensive shell process. Procmail alone is expensive enough.
+#
+# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
+# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
+#
+#mailbox_command = /some/where/procmail
+#mailbox_command = /some/where/procmail -a "$EXTENSION"
+
+# The mailbox_transport specifies the optional transport in master.cf
+# to use after processing aliases and .forward files. This parameter
+# has precedence over the mailbox_command, fallback_transport and
+# luser_relay parameters.
+#
+# Specify a string of the form transport:nexthop, where transport is
+# the name of a mail delivery transport defined in master.cf.  The
+# :nexthop part is optional. For more details see the sample transport
+# configuration file.
+#
+# NOTE: if you use this feature for accounts not in the UNIX password
+# file, then you must update the "local_recipient_maps" setting in
+# the main.cf file, otherwise the SMTP server will reject mail for    
+# non-UNIX accounts with "User unknown in local recipient table".
+#
+#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
+
+# If using the cyrus-imapd IMAP server deliver local mail to the IMAP
+# server using LMTP (Local Mail Transport Protocol), this is prefered
+# over the older cyrus deliver program by setting the
+# mailbox_transport as below:
+#
+# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
+#
+# The efficiency of LMTP delivery for cyrus-imapd can be enhanced via
+# these settings.
+#
+# local_destination_recipient_limit = 300
+# local_destination_concurrency_limit = 5
+#
+# Of course you should adjust these settings as appropriate for the
+# capacity of the hardware you are using. The recipient limit setting
+# can be used to take advantage of the single instance message store
+# capability of Cyrus. The concurrency limit can be used to control
+# how many simultaneous LMTP sessions will be permitted to the Cyrus
+# message store. 
+#
+# To use the old cyrus deliver program you have to set:
+#mailbox_transport = cyrus
+
+# The fallback_transport specifies the optional transport in master.cf
+# to use for recipients that are not found in the UNIX passwd database.
+# This parameter has precedence over the luser_relay parameter.
+#
+# Specify a string of the form transport:nexthop, where transport is
+# the name of a mail delivery transport defined in master.cf.  The
+# :nexthop part is optional. For more details see the sample transport
+# configuration file.
+#
+# NOTE: if you use this feature for accounts not in the UNIX password
+# file, then you must update the "local_recipient_maps" setting in
+# the main.cf file, otherwise the SMTP server will reject mail for    
+# non-UNIX accounts with "User unknown in local recipient table".
+#
+#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp
+#fallback_transport =
+
+# The luser_relay parameter specifies an optional destination address
+# for unknown recipients.  By default, mail for unknown@$mydestination,
+# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
+# as undeliverable.
+#
+# The following expansions are done on luser_relay: $user (recipient
+# username), $shell (recipient shell), $home (recipient home directory),
+# $recipient (full recipient address), $extension (recipient address
+# extension), $domain (recipient domain), $local (entire recipient
+# localpart), $recipient_delimiter. Specify ${name?value} or
+# ${name:value} to expand value only when $name does (does not) exist.
+#
+# luser_relay works only for the default Postfix local delivery agent.
+#
+# NOTE: if you use this feature for accounts not in the UNIX password
+# file, then you must specify "local_recipient_maps =" (i.e. empty) in
+# the main.cf file, otherwise the SMTP server will reject mail for    
+# non-UNIX accounts with "User unknown in local recipient table".
+#
+#luser_relay = $user@other.host
+#luser_relay = $local@other.host
+#luser_relay = admin+$local
+  
+# JUNK MAIL CONTROLS
+# 
+# The controls listed here are only a very small subset. The file
+# SMTPD_ACCESS_README provides an overview.
+
+# The header_checks parameter specifies an optional table with patterns
+# that each logical message header is matched against, including
+# headers that span multiple physical lines.
+#
+# By default, these patterns also apply to MIME headers and to the
+# headers of attached messages. With older Postfix versions, MIME and
+# attached message headers were treated as body text.
+#
+# For details, see "man header_checks".
+#
+#header_checks = regexp:/etc/postfix/header_checks
+
+# FAST ETRN SERVICE
+#
+# Postfix maintains per-destination logfiles with information about
+# deferred mail, so that mail can be flushed quickly with the SMTP
+# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
+# See the ETRN_README document for a detailed description.
+# 
+# The fast_flush_domains parameter controls what destinations are
+# eligible for this service. By default, they are all domains that
+# this server is willing to relay mail to.
+# 
+#fast_flush_domains = $relay_domains
+
+# SHOW SOFTWARE VERSION OR NOT
+#
+# The smtpd_banner parameter specifies the text that follows the 220
+# code in the SMTP server's greeting banner. Some people like to see
+# the mail version advertised. By default, Postfix shows no version.
+#
+# You MUST specify $myhostname at the start of the text. That is an
+# RFC requirement. Postfix itself does not care.
+#
+#smtpd_banner = $myhostname ESMTP $mail_name
+#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
+
+# PARALLEL DELIVERY TO THE SAME DESTINATION
+#
+# How many parallel deliveries to the same user or domain? With local
+# delivery, it does not make sense to do massively parallel delivery
+# to the same user, because mailbox updates must happen sequentially,
+# and expensive pipelines in .forward files can cause disasters when
+# too many are run at the same time. With SMTP deliveries, 10
+# simultaneous connections to the same domain could be sufficient to
+# raise eyebrows.
+# 
+# Each message delivery transport has its XXX_destination_concurrency_limit
+# parameter.  The default is $default_destination_concurrency_limit for
+# most delivery transports. For the local delivery agent the default is 2.
+
+#local_destination_concurrency_limit = 2
+#default_destination_concurrency_limit = 20
+
+# DEBUGGING CONTROL
+#
+# The debug_peer_level parameter specifies the increment in verbose
+# logging level when an SMTP client or server host name or address
+# matches a pattern in the debug_peer_list parameter.
+#
+debug_peer_level = 2
+
+# The debug_peer_list parameter specifies an optional list of domain
+# or network patterns, /file/name patterns or type:name tables. When
+# an SMTP client or server host name or address matches a pattern,
+# increase the verbose logging level by the amount specified in the
+# debug_peer_level parameter.
+#
+#debug_peer_list = 127.0.0.1
+#debug_peer_list = some.domain
+
+# The debugger_command specifies the external command that is executed
+# when a Postfix daemon program is run with the -D option.
+#
+# Use "command .. & sleep 5" so that the debugger can attach before
+# the process marches on. If you use an X-based debugger, be sure to
+# set up your XAUTHORITY environment variable before starting Postfix.
+#
+debugger_command =
+	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
+	 xxgdb $daemon_directory/$process_name $process_id & sleep 5
+
+# If you can't use X, use this to capture the call stack when a
+# daemon crashes. The result is in a file in the configuration
+# directory, and is named after the process name and the process ID.
+#
+# debugger_command =
+#	PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
+#	echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
+#	>$config_directory/$process_name.$process_id.log & sleep 5
+#
+# Another possibility is to run gdb under a detached screen session.
+# To attach to the screen sesssion, su root and run "screen -r
+# <id_string>" where <id_string> uniquely matches one of the detached
+# sessions (from "screen -list").
+#
+# debugger_command =
+#	PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
+#	-dmS $process_name gdb $daemon_directory/$process_name
+#	$process_id & sleep 1
+
+# INSTALL-TIME CONFIGURATION INFORMATION
+#
+# The following parameters are used when installing a new Postfix version.
+# 
+# sendmail_path: The full pathname of the Postfix sendmail command.
+# This is the Sendmail-compatible mail posting interface.
+# 
+sendmail_path = /usr/sbin/sendmail.postfix
+
+# newaliases_path: The full pathname of the Postfix newaliases command.
+# This is the Sendmail-compatible command to build alias databases.
+#
+newaliases_path = /usr/bin/newaliases.postfix
+
+# mailq_path: The full pathname of the Postfix mailq command.  This
+# is the Sendmail-compatible mail queue listing command.
+# 
+mailq_path = /usr/bin/mailq.postfix
+
+# setgid_group: The group for mail submission and queue management
+# commands.  This must be a group name with a numerical group ID that
+# is not shared with other accounts, not even with the Postfix account.
+#
+setgid_group = postdrop
+
+# html_directory: The location of the Postfix HTML documentation.
+#
+html_directory = no
+
+# manpage_directory: The location of the Postfix on-line manual pages.
+#
+manpage_directory = /usr/share/man
+
+# sample_directory: The location of the Postfix sample configuration files.
+# This parameter is obsolete as of Postfix 2.1.
+#
+sample_directory = /usr/share/doc/postfix-2.4.3/samples
+
+# readme_directory: The location of the Postfix README files.
+#
+readme_directory = /usr/share/doc/postfix-2.4.3/README_FILES
diff --git a/Chapter 4/modules/postfix/files/master.cf b/Chapter 4/modules/postfix/files/master.cf
new file mode 100644
index 0000000..df0c4f2
--- /dev/null
+++ b/Chapter 4/modules/postfix/files/master.cf	
@@ -0,0 +1,99 @@
+#
+# Postfix master process configuration file.  For details on the format
+# of the file, see the master(5) manual page (command: "man 5 master").
+#
+# ==========================================================================
+# service type  private unpriv  chroot  wakeup  maxproc command + args
+#               (yes)   (yes)   (yes)   (never) (100)
+# ==========================================================================
+smtp      inet  n       -       n       -       -       smtpd
+#submission inet n       -       n       -       -       smtpd
+#  -o smtpd_enforce_tls=yes
+#  -o smtpd_sasl_auth_enable=yes
+#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+#smtps     inet  n       -       n       -       -       smtpd
+#  -o smtpd_tls_wrappermode=yes
+#  -o smtpd_sasl_auth_enable=yes
+#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+#628      inet  n       -       n       -       -       qmqpd
+pickup    fifo  n       -       n       60      1       pickup
+cleanup   unix  n       -       n       -       0       cleanup
+qmgr      fifo  n       -       n       300     1       qmgr
+#qmgr     fifo  n       -       n       300     1       oqmgr
+tlsmgr    unix  -       -       n       1000?   1       tlsmgr
+rewrite   unix  -       -       n       -       -       trivial-rewrite
+bounce    unix  -       -       n       -       0       bounce
+defer     unix  -       -       n       -       0       bounce
+trace     unix  -       -       n       -       0       bounce
+verify    unix  -       -       n       -       1       verify
+flush     unix  n       -       n       1000?   0       flush
+proxymap  unix  -       -       n       -       -       proxymap
+smtp      unix  -       -       n       -       -       smtp
+# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
+relay     unix  -       -       n       -       -       smtp
+	-o fallback_relay=
+#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+showq     unix  n       -       n       -       -       showq
+error     unix  -       -       n       -       -       error
+retry     unix  -       -       n       -       -       error
+discard   unix  -       -       n       -       -       discard
+local     unix  -       n       n       -       -       local
+virtual   unix  -       n       n       -       -       virtual
+lmtp      unix  -       -       n       -       -       lmtp
+anvil     unix  -       -       n       -       1       anvil
+scache	  unix	-	-	n	-	1	scache
+#
+# ====================================================================
+# Interfaces to non-Postfix software. Be sure to examine the manual
+# pages of the non-Postfix software to find out what options it wants.
+#
+# Many of the following services use the Postfix pipe(8) delivery
+# agent.  See the pipe(8) man page for information about ${recipient}
+# and other message envelope options.
+# ====================================================================
+#
+# maildrop. See the Postfix MAILDROP_README file for details.
+# Also specify in main.cf: maildrop_destination_recipient_limit=1
+#
+#maildrop  unix  -       n       n       -       -       pipe
+#  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
+#
+# ====================================================================
+#
+# The Cyrus deliver program has changed incompatibly, multiple times.
+#
+#old-cyrus unix  -       n       n       -       -       pipe
+#  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
+#
+# ====================================================================
+#
+# Cyrus 2.1.5 (Amos Gouaux)
+# Also specify in main.cf: cyrus_destination_recipient_limit=1
+#
+#cyrus     unix  -       n       n       -       -       pipe
+#  user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
+#
+# ====================================================================
+#
+# See the Postfix UUCP_README file for configuration details.
+#
+#uucp      unix  -       n       n       -       -       pipe
+#  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+#
+# ====================================================================
+#
+# Other external delivery methods.
+#
+#ifmail    unix  -       n       n       -       -       pipe
+#  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
+#
+#bsmtp     unix  -       n       n       -       -       pipe
+#  flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
+#
+#scalemail-backend unix -       n       n       -       2       pipe
+#  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
+#  ${nexthop} ${user} ${extension}
+#
+#mailman   unix  -       n       n       -       -       pipe
+#  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
+#  ${nexthop} ${user}
diff --git a/Chapter 4/modules/postfix/manifests/.DS_Store b/Chapter 4/modules/postfix/manifests/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..ac94a9331d33df897332fb5b9c20c8f01c27ccb8
GIT binary patch
literal 6148
zcmeHKJ8r`;3?*9+0kUN5s4L_Kg5jPZ7YI@}Kmem2((aymt{$zApCN`(po6mnj{x-~
zicf;xV45PL?N`4S*@?&oZYbY2EY0@K7xt791;TO0hg{?nK4SJiGwxP;d6zSIxBP2=
zeH%{WI9Lje3Qz$mKn17(6<A4uEUcUDO6TzyDnJDuM*;gj6u4ncoC5vRfx%k<V1uw5
z=H5#Hiv@r+aSB8Pra=V;RkOv=pd(%~uO?1`K^M*DL-S_M4n_TToL@X$v<7md0#snG
zz;i5jR{vk&fAs%z5?54!3Otko+H{Am#gnqOE*@vKw!n{Y%lUzuVeS+RUXFoYj<K+E
e{NhQGS8R^`nm7eI9dV}v`7>a;(5S$@75D`=I2IWI

literal 0
HcmV?d00001

diff --git a/Chapter 4/modules/postfix/manifests/init.pp b/Chapter 4/modules/postfix/manifests/init.pp
new file mode 100644
index 0000000..d19d0d5
--- /dev/null
+++ b/Chapter 4/modules/postfix/manifests/init.pp	
@@ -0,0 +1,36 @@
+class postfix {
+
+$mailadmin = "postmaster@$domain"
+
+$packagelist = ["postfix.$architecture", "postfix-pflogsumm.$architecture"]
+
+package { $packagelist:
+       ensure => "installed"
+}
+
+postfix::postfix_files { 
+
+"/etc/aliases.db":
+       mode   => "0640",
+       source => "aliases.db";
+
+"/etc/postfix/main.cf":
+       source  => "main.cf";
+
+"/etc/postfix/master.cf":
+       source  => "master.cf"
+}
+service { "postfix":
+       enable  => "true",
+       ensure  => "running",
+       require => Package["postfix.$architecture"]
+}
+
+cron { pflogsumm:
+       hour    => 2,
+       minute  => 15,
+       user    => mail,
+       command => "/usr/sbin/pflogsumm -d yesterday /var/log/maillog | mail -s 'pflogsumm from $fqdn' $mailadmin",
+       require => Package["postfix-pflogsumm.$architecture"]
+}
+}
diff --git a/Chapter 4/modules/postfix/manifests/postfix_files.pp b/Chapter 4/modules/postfix/manifests/postfix_files.pp
new file mode 100644
index 0000000..bf2ed6d
--- /dev/null
+++ b/Chapter 4/modules/postfix/manifests/postfix_files.pp	
@@ -0,0 +1,13 @@
+define postfix::postfix_files($owner = root, $group = root, $mode = 644, $source, $backup = false, $recurse = false, $ensure = file) {
+
+    file { $name:
+       mode    => $mode,
+       owner   => $owner,
+       group   => $group,
+       backup  => $backup,
+       recurse => $recurse,
+       ensure  => $ensure,
+       require => Package["postfix.$architecture"],
+       source  => "puppet:///postfix/$source"
+    }
+}
diff --git a/Chapter 4/my.cnf b/Chapter 4/my.cnf
new file mode 100644
index 0000000..2e035c8
--- /dev/null
+++ b/Chapter 4/my.cnf	
@@ -0,0 +1,11 @@
+[mysqld]
+datadir=/var/lib/mysql
+socket=/var/lib/mysql/mysql.sock
+user=mysql
+# Default to using old password format for compatibility with mysql 3.x
+# clients (those using the mysqlclient10 compatibility package).
+old_passwords=1
+
+[mysqld_safe]
+log-error=/var/log/mysqld.log
+pid-file=/var/run/mysqld/mysqld.pid
diff --git a/Chapter 4/puppet.conf b/Chapter 4/puppet.conf
new file mode 100644
index 0000000..400ee35
--- /dev/null
+++ b/Chapter 4/puppet.conf	
@@ -0,0 +1,2 @@
+[puppetmasterd]
+modulepath = /etc/puppet/modules
diff --git a/Chapter 6/.DS_Store b/Chapter 6/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..369284ae2404e7b0106997f5444a4bd1a2e6bac6
GIT binary patch
literal 6148
zcmeHKK~BRk5FD2x74<;4^_Uk#;s;Sx4xD)av`wH$frK`d;Fh1m?Ao-16onJ2(5|!|
zXYJXI$5mVdaMNve2}A%!biu(Hn*%1};vE}=$SKijj%Sp}kmD9lo!J&RMg?T=F1TZ_
zsJUxj_wNlGyr4jW3dMC%E*C|);OywVWxA-(3^~@!F(+%EYxAoN=j3E$R^ONseZ+lF
z{Rw|>B`ZI$ey-IkY?-U#Q_ZnC*HW{;X10X=RZqS#nR|YMrDpGYi(}khdnZ%C6fgx2
zDZn#ZY&7<0ttns%m;yTm<ogiQ1=E0yNBwlL(JKIP$gmpwa+eTJ954;oc;pDpc`DIU
zUASU6PiH(1^U{EgM^A?fmk$>zyKqBsTAlf0oer0JwAK_b1=<Rn_{T`j|Er(x|80^z
znF6N3zf!;rXE(DcmlV#{&f?^(jp=uEF`3tR+)>!kqnLB$D4x*O7>}hxOanF^8KK!9
N0hPfTQ{Yb(_y9RDg$Dot

literal 0
HcmV?d00001

diff --git a/Chapter 6/apache_puppet.conf b/Chapter 6/apache_puppet.conf
new file mode 100644
index 0000000..e0d5fd9
--- /dev/null
+++ b/Chapter 6/apache_puppet.conf	
@@ -0,0 +1,62 @@
+Listen 8140
+PidFile /var/www/puppet/run/balancer.pid
+User puppet
+Group puppet
+
+LoadModule proxy_module modules/mod_proxy.so
+LoadModule proxy_http_module modules/mod_proxy_http.so
+LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
+LoadModule headers_module modules/mod_headers.so
+LoadModule ssl_module modules/mod_ssl.so
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule log_config_module modules/mod_log_config.so
+
+<Directory />
+    Options FollowSymLinks
+    AllowOverride None
+    Order deny,allow
+    Deny from all
+</Directory>
+
+<Proxy balancer://puppetmaster.testing.com>
+  BalancerMember http://127.0.0.1:18140 keepalive=on max=2 retry=30
+
+  BalancerMember http://127.0.0.1:18141 keepalive=on max=2 retry=30
+
+</Proxy>
+
+<VirtualHost *:8140>
+    SSLEngine on
+    SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA
+    SSLCertificateFile      /var/www/puppet/ssl/certs/puppetmaster.testing.com.pem
+    SSLCertificateKeyFile   /var/www/puppet/ssl/private_keys/puppetmaster.testing.com.pem
+    SSLCertificateChainFile /var/www/puppet/ssl/ca/ca_crt.pem
+    SSLCACertificateFile    /var/www/puppet/ssl/ca/ca_crt.pem
+    SSLCARevocationFile     /var/www/puppet/ssl/ca/ca_crl.pem
+    SSLVerifyClient optional
+    SSLVerifyDepth  1
+    SSLOptions +StdEnvVars
+
+    RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
+    # Store the client DN in a header
+    RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
+    # And store whether the cert verification was a success
+    RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
+
+<Location />
+        SetHandler balancer-manager
+        Order allow,deny
+        Allow from all
+    </Location>
+
+    ProxyPass / balancer://puppetmaster.testing.com:8140/ timeout=180
+    ProxyPassReverse / balancer://puppetmaster.testing.com:8140/
+    ProxyPreserveHost on
+    SetEnv force-proxy-request-1.0 1
+    SetEnv proxy-nokeepalive 1
+
+    ErrorLog  /var/www/puppet/balancer_error.log
+    CustomLog /var/www/puppet/balancer_access.log combined
+    CustomLog /var/www/puppet/balancer_ssl_request.log \
+                  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+</VirtualHost>
diff --git a/Chapter 6/ext_node_mysql.pl b/Chapter 6/ext_node_mysql.pl
new file mode 100644
index 0000000..0f75423
--- /dev/null
+++ b/Chapter 6/ext_node_mysql.pl	
@@ -0,0 +1,50 @@
+#!/usr/bin/perl -w
+use strict;
+use YAML qw( Dump );
+use DBI;
+
+my $hostname = shift || die "No hostname passed";
+
+$hostname =~ /^(\w+)\.(\w+)\.(\w{3})$/
+    or die "Invalid hostname: $hostname";
+
+my ( $host, $domain, $net ) = ( $1, $2, $3 );
+
+# MySQL Configuration
+my $data_source = "dbi:mysql:database=puppet;host=localhost";
+my $username = "puppet";
+my $password = "password";
+
+# Connect to the server
+my $dbh = DBI->connect($data_source, $username, $password)
+    or die $DBI::errstr;
+
+# Build the query
+my $sth = $dbh->prepare( qq{SELECT class FROM nodes WHERE node = '$hostname'})
+    or die "Can't prepare statement: $DBI::errstr";
+
+# Execute the query
+my $rc = $sth->execute
+    or die "Can't execute statement: $DBI::errstr";
+
+# Set parameters
+my %parameters = (
+    puppet_server   => "puppet.$domain.$net"
+    );
+
+# Set classes
+my @class;
+while (my @row=$sth->fetchrow_array)
+ { push(@class,@row) }
+
+# Check for problems
+die $sth->errstr if $sth->err;
+
+# Disconnect from database
+$dbh->disconnect;
+
+# Print the YAML
+print Dump( {
+    classes     => \@class,
+    parameters  => \%parameters,
+} );
diff --git a/Chapter 6/external_nodes.pl b/Chapter 6/external_nodes.pl
new file mode 100644
index 0000000..f7a000d
--- /dev/null
+++ b/Chapter 6/external_nodes.pl	
@@ -0,0 +1,20 @@
+#!/usr/bin/perl -w
+use strict;
+use YAML qw( Dump );
+
+my $hostname = shift || die "No hostname passed";
+
+$hostname =~ /^(\w+)\.(\w+)\.(\w{3})$/
+    or die "Invalid hostname: $hostname";
+
+my ( $host, $domain, $net ) = ( $1, $2, $3 );
+
+my @classes = ( 'baseapps', $domain,  );
+my %parameters = (
+    puppet_server   => "puppet.$domain.$net"
+    );
+
+print Dump( {
+    classes     => \@classes,
+    parameters  => \%parameters,
+} );
diff --git a/Chapter 6/ldap_nodes.ldif b/Chapter 6/ldap_nodes.ldif
new file mode 100644
index 0000000..52cba3b
--- /dev/null
+++ b/Chapter 6/ldap_nodes.ldif	
@@ -0,0 +1,42 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+<head>
+  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+  <meta http-equiv="Content-Style-Type" content="text/css">
+  <title></title>
+  <meta name="Generator" content="Cocoa HTML Writer">
+  <meta name="CocoaVersion" content="824.44">
+  <style type="text/css">
+    p.p1 {margin: 8.0px 0.0px 0.0px 0.0px; line-height: 12.0px; font: 10.0px Helvetica}
+    p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; line-height: 12.0px; font: 10.0px Helvetica}
+    p.p3 {margin: 0.0px 0.0px 0.0px 0.0px; line-height: 12.0px; font: 10.0px Helvetica; min-height: 12.0px}
+    p.p4 {margin: 0.0px 0.0px 8.0px 0.0px; line-height: 12.0px; font: 10.0px Helvetica}
+  </style>
+</head>
+<body>
+<p class="p1"># LDIF Export for: ou=Hosts,dc=testing,dc=com</p>
+<p class="p2">dn: ou=Hosts,dc=testing,dc=com</p>
+<p class="p2">objectClass: organizationalUnit</p>
+<p class="p2">objectClass: top</p>
+<p class="p2">ou: Hosts</p>
+<p class="p3"><br></p>
+<p class="p2">dn: cn=basenode,ou=Hosts,dc=testing,dc=com</p>
+<p class="p2">cn: basenode</p>
+<p class="p2">description: Basenode</p>
+<p class="p2">objectClass: device</p>
+<p class="p2">objectClass: top</p>
+<p class="p2">objectClass: puppetClient</p>
+<p class="p2">puppetclass: baseapps</p>
+<p class="p3"><br></p>
+<p class="p2">dn: cn=webserver,ou=Hosts,dc=testing,dc=com</p>
+<p class="p2">cn: webserver</p>
+<p class="p2">description: Basenode</p>
+<p class="p2">objectClass: device</p>
+<p class="p2">objectClass: top</p>
+<p class="p2">objectClass: puppetClient</p>
+<p class="p2">parentnode: basenode</p>
+<p class="p2">puppetclass: apache</p>
+<p class="p2">puppetclass: squid</p>
+<p class="p4">puppetclass: named</p>
+</body>
+</html>
diff --git a/Chapter 6/mongrel_puppetmasterd.sh b/Chapter 6/mongrel_puppetmasterd.sh
new file mode 100644
index 0000000..6761ac6
--- /dev/null
+++ b/Chapter 6/mongrel_puppetmasterd.sh	
@@ -0,0 +1,20 @@
+#!/bin/bash
+# name: mongrel_puppetmasterd
+# Start a Puppet Master Server instance.
+
+if ! [[ "$1" -gt 0 ]]; then
+echo "ERROR: You must provide a port to run this puppet master on."
+echo "Ensure your apache load balancer is configured to talk to these servers"
+exit 1
+fi
+
+MASTERPORT="$1"
+shift
+
+puppetmasterd \
+--pidfile=/var/www/puppet/run/puppetmasterd."${MASTERPORT}".pid \
+--servertype=mongrel \
+--masterport="${MASTERPORT}" \
+$*
+
+
diff --git a/Chapter 6/puppet.conf b/Chapter 6/puppet.conf
new file mode 100644
index 0000000..e76987d
--- /dev/null
+++ b/Chapter 6/puppet.conf	
@@ -0,0 +1,56 @@
+Listen 8140
+PidFile /var/www/puppet/run/balancer.pid
+User puppet
+Group puppet
+
+#LoadModule proxy_module modules/mod_proxy.so
+#LoadModule proxy_http_module modules/mod_proxy_http.so
+#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
+#LoadModule headers_module modules/mod_headers.so
+#LoadModule ssl_module modules/mod_ssl.so
+#LoadModule authz_host_module modules/mod_authz_host.so
+#LoadModule log_config_module modules/mod_log_config.so
+
+<Directory />
+    Options FollowSymLinks
+    AllowOverride None
+    Order deny,allow
+    Deny from all
+</Directory>
+
+<Proxy balancer://puppetmaster.testing.com>
+  BalancerMember http://127.0.0.1:18140
+  BalancerMember http://127.0.0.1:18141
+</Proxy>
+
+<VirtualHost *:8140>
+    SSLEngine on
+    SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA
+    SSLCertificateFile      /var/www/puppet/ssl/certs/puppetmaster.testing.com.pem
+    SSLCertificateKeyFile   /var/www/puppet/ssl/private_keys/puppetmaster.testing.com.pem
+    SSLCertificateChainFile /var/www/puppet/ssl/ca/ca_crt.pem
+    SSLCACertificateFile    /var/www/puppet/ssl/ca/ca_crt.pem
+    SSLCARevocationFile     /var/www/puppet/ssl/ca/ca_crl.pem
+    SSLVerifyClient optional
+    SSLVerifyDepth  1
+    SSLOptions +StdEnvVars
+
+    # Store the client DN in a header
+    RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
+    # And store whether the cert verification was a success
+    RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
+    <Location />
+        SetHandler balancer-manager
+        Order allow,deny
+        Allow from all
+    </Location>
+
+    ProxyPass / balancer://puppetmaster.testing.com:8140/
+    ProxyPassReverse / balancer://puppetmaster.testing.com:8140/
+    ProxyPreserveHost on
+
+    ErrorLog  /var/www/puppet/balancer_error.log
+    CustomLog /var/www/puppet/balancer_access.log combined
+    CustomLog /var/www/puppet/balancer_ssl_request.log \
+                  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+</VirtualHost>
diff --git a/Chapter 7/.DS_Store b/Chapter 7/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..32d491115c8e16ee901a3036a70272d5e0608245
GIT binary patch
literal 6148
zcmeHKJ5Iw;5S#@UmS|E^zAJD8D+(vz0tlP}DUwn6NOZ1pE{?|R2Snr`DjGB^?VI=3
zJNx7*yj}pdei^TT6@Z@Zh=VUn^XKjhJFAGJMU4lH*kV6E-R~CJrvuLI@rXSpyy6@G
zZkl#1iVn|sW5U*peg;q1Qd9~^0VyB_q<|FoT>)>ewEiMds}zs|Qs7Gg|2{Oj<4`y!
z#;1czi~z)r;V|xFmLN6{5QoA!krA3Dm6%kk5yO(sc&ogja867*EN*6<y4h+%vACV_
z7U{4dQL7Y?0>=uR=W*rz|C;{8{C`Z+NeW1Tf2DwRo14v=uT;Ht@p9g48~v8<Iq!5g
q?t{W5+A%TOF%RC3FC!`Qn(z61D4Y|6&Uny?`WbLtWK!U-75D%{sT#Qe

literal 0
HcmV?d00001

diff --git a/Chapter 7/provider/parsed.rb b/Chapter 7/provider/parsed.rb
new file mode 100644
index 0000000..989cb3b
--- /dev/null
+++ b/Chapter 7/provider/parsed.rb	
@@ -0,0 +1,18 @@
+require 'puppet/provider/parsedfile'
+
+shells = "/etc/shells"
+
+Puppet::Type.type(:shells).provide(:parsed,
+                  :parent => Puppet::Provider::ParsedFile,
+                  :default_target => shells,
+                  :filetype => :flat
+                  ) do
+
+                  desc "The shells provider that uses the ParsedFile class"      
+    
+                  confine :exists => shells
+                  text_line :comment, :match => /^#/;
+                  text_line :blank, :match => /^\s*$/;
+
+                  record_line :parsed, :fields => %w{name}
+end
diff --git a/Chapter 7/type/.DS_Store b/Chapter 7/type/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..5008ddfcf53c02e82d7eee2e57c38e5672ef89f6
GIT binary patch
literal 6148
zcmeH~Jr2S!425mzP>H1@V-^m;4Wg<&0T*E43hX&L&p$$qDprKhvt+--jT7}7np#A3
zem<@ulZcFPQ@L2!n>{z**<q8>++&mCkOWA81W14cNZ<zv;LbK1Poaz?KmsK2CSc!(
z0ynLxE!0092;Krf2c+FF_Fe*7ECH>lEfg7;MkzE(HCqgga^y>{tEnwC%0;vJ&^%eQ
zLs35+`xjp>T0<F0fCPF1$Cyrb|F7^5{eNG?83~ZUUlGt@xh*qZDeu<Z%US-OSsOPv
j)R!Z4KLME7ReXlK;d!wEw5GODWMKRea10D2@KpjYNUI8I

literal 0
HcmV?d00001

diff --git a/Chapter 7/type/shells.rb b/Chapter 7/type/shells.rb
new file mode 100644
index 0000000..7616318
--- /dev/null
+++ b/Chapter 7/type/shells.rb	
@@ -0,0 +1,29 @@
+module Puppet
+       newtype(:shells) do
+
+       @doc = "Manages shells in /etc/shells. For example::
+
+       shells { \"/bin/bash\":
+          ensure => present,
+       }
+       There is also an optional target attribute if your
+       shells file is located elsewhere."
+
+       ensurable
+
+       newparam(:shell, :namevar => true) do
+          desc "The shell to manage"
+          isnamevar
+       end
+        
+       newproperty(:target) do
+          desc "Location of shells file"
+          defaultto { if @resource.class.defaultprovider.ancestors.include?(Puppet::Provider::ParsedFile)
+                            @resource.class.defaultprovider.default_target
+                      else
+                            nil
+                      end
+          }
+       end
+    end
+end
diff --git a/LICENSE.txt b/LICENSE.txt
new file mode 100644
index 0000000..e3353a4
--- /dev/null
+++ b/LICENSE.txt
@@ -0,0 +1,27 @@
+Freeware License, some rights reserved
+
+Copyright (c) 2007 James Turnbull
+
+Permission is hereby granted, free of charge, to anyone obtaining a copy 
+of this software and associated documentation files (the "Software"), 
+to work with the Software within the limits of freeware distribution and fair use. 
+This includes the rights to use, copy, and modify the Software for personal use. 
+Users are also allowed and encouraged to submit corrections and modifications 
+to the Software for the benefit of other users.
+
+It is not allowed to reuse,  modify, or redistribute the Software for 
+commercial use in any way, or for a user’s educational materials such as books 
+or blog articles without prior permission from the copyright holder. 
+
+The above copyright notice and this permission notice need to be included 
+in all copies or substantial portions of the software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS OR APRESS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..ee1f971
--- /dev/null
+++ b/README.md
@@ -0,0 +1,15 @@
+#Apress Source Code
+
+This repository accompanies [*Pulling Strings with Puppet*](http://www.apress.com/9781590599785) by James Turnbull (Apress, 2007).
+
+![Cover image](9781590599785.jpg)
+
+Download the files as a zip using the green button, or clone the repository to your machine using Git.
+
+##Releases
+
+Release v1.0 corresponds to the code in the published book, without corrections or updates.
+
+##Contributions
+
+See the file Contributing.md for more information on how you can contribute to this repository.
diff --git a/README.txt b/README.txt
new file mode 100644
index 0000000..2489e64
--- /dev/null
+++ b/README.txt
@@ -0,0 +1,21 @@
+Pulling Strings with Puppet: System Administration Made Easy
+============================================================
+
+This source code package contains source code from three chapters:
+
+Chapter 4
+---------
+
+This directory contains all of the example manifests and modules demonstrated in Chapter 4.
+
+Chapter 6
+---------
+
+This directory contains the example External Node scripts, LDAP directory configuraton, and 
+Mongrel with Apache as a load balancer configurations.
+
+Chapter 7
+---------
+
+This directory contains the example type, shells, and the associated provider we demonstrated 
+in Chapter 7.
diff --git a/contributing.md b/contributing.md
new file mode 100644
index 0000000..f6005ad
--- /dev/null
+++ b/contributing.md
@@ -0,0 +1,14 @@
+# Contributing to Apress Source Code
+
+Copyright for Apress source code belongs to the author(s). However, under fair use you are encouraged to fork and contribute minor corrections and updates for the benefit of the author(s) and other readers.
+
+## How to Contribute
+
+1. Make sure you have a GitHub account.
+2. Fork the repository for the relevant book.
+3. Create a new branch on which to make your change, e.g. 
+`git checkout -b my_code_contribution`
+4. Commit your change. Include a commit message describing the correction. Please note that if your commit message is not clear, the correction will not be accepted.
+5. Submit a pull request.
+
+Thank you for your contribution!
\ No newline at end of file