Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ./M0m0x01d
- ------------------------------------------------------------
- http://gitlab.smile.ci/
- ------------------------------------------------------------
- http://gitlab.smile.ci/dev/puppetmodules/commit/819b3a2b8355a01ede0998c730b267e2d7355c35.diff
- ------------------------------------------------------------
- diff --git a/hiera/common.yaml b/hiera/common.yaml
- index a7996a2..2a7e244 100644
- --- a/hiera/common.yaml
- +++ b/hiera/common.yaml
- @@ -6,7 +6,7 @@ basics_modules:
- - mcollective::agent
- base:
- - root_password:
- + root_password: 6d96270004515a0486bb7f76196a72b40c55a47f
- admins_group: adminsys
- dns:
- search: smileci.lan
- @@ -77,12 +77,53 @@ openssh_ldap:
- adminpw: smileci
- pam_ldap:
- - config_params:
- - uri: ldap://
- - server: ldap1.smileci.lan
- + settings:
- + server: ldap://10.100.0.20
- domain: dc=smileci,dc=lan
- - service: nslcd
- module:
- - "openssh_lpk"
- +
- +phpmyadmin:
- + servers:
- + admin:
- + secret: 'uZ|9l1dPVkEYwcmL0xlNYn+wr^@c0_3wG2xDv0urqF%'
- + auth_type: cookie
- + dbuser: pdns
- + dbpass: smilecidns
- + dbname: pdns
- + dbserver: 10.100.13.21
- + dbport: 3306
- + dbtype: mysql
- + # Access list
- + #acl: 192.168.1.0/24
- + acl: All
- +
- +#proftpd common variables
- +proftpd:
- + settings:
- + port: 21
- + # pam off or on
- + pam_authentication: Off
- + motd: "welcome %{::hostname} sftp server "
- + server_admin: smile@smile.ci
- + timeout_idle: 1200
- + enable_ftp: FALSE
- + enable_sftp: TRUE
- + user: proftpd
- + group: nobody
- + # sftp virtual hosts
- + sftp:
- + public:
- + motd: "Welcome %{::hostname} sftp server"
- + vhost_name: public
- + port: 22
- + ipaddress: 0.0.0.0
- + timeout_idle: 1200
- + authentication_methods: password publickey keyboard-interactive
- + max_login_attempts: 3
- + authorized_keys: file:~/.sftp/authorized_keys
- + umask: 066 022
- + max_clients: 100
- + server_admin: smile@smile.ci
- diff --git a/hiera/fqdn/foreman.smileci.lan.yaml b/hiera/fqdn/foreman.smileci.lan.yaml
- new file mode 100644
- index 0000000..0c35b31
- --- /dev/null
- +++ b/hiera/fqdn/foreman.smileci.lan.yaml
- @@ -0,0 +1,6 @@
- +
- +users:
- + jean:
- + name: jean
- + homedir: /home/jean
- + shell: sh
- diff --git a/hiera/os/Debian.yaml b/hiera/os/Debian.yaml
- index ff9fb62..2beb5a8 100644
- --- a/hiera/os/Debian.yaml
- +++ b/hiera/os/Debian.yaml
- @@ -44,3 +44,8 @@ mysql:
- dependencies:
- - 'mysql'
- - 'mysql-server'
- +
- +phpmyadmin:
- + httpd_config: /etc/apache2/conf.d/phpmyadmin.conf
- + # web server
- + web_server: apache2
- diff --git a/hiera/os/RedHat.yaml b/hiera/os/RedHat.yaml
- index eade1a6..7c9ad57 100644
- --- a/hiera/os/RedHat.yaml
- +++ b/hiera/os/RedHat.yaml
- @@ -43,3 +43,8 @@ mysql:
- dependencies:
- - 'mysql'
- - 'mysql-server'
- +
- +phpmyadmin:
- + httpd_config: '/etc/httpd/conf.d/phpMyAdmin.conf'
- + # web server
- + web_server: httpd
- diff --git a/modules/hiera.yaml b/modules/hiera.yaml
- deleted file mode 100644
- index ae9663f..0000000
- --- a/modules/hiera.yaml
- +++ /dev/null
- @@ -1,8 +0,0 @@
- -
- -:backends:
- - - yaml
- -:yaml:
- - :datadir: /etc/puppet/hiera/
- -:hierarchy:
- - - "%{osfamily}"
- - - common
- diff --git a/modules/hiera.yaml~ b/modules/hiera.yaml~
- deleted file mode 100644
- index 8c68468..0000000
- --- a/modules/hiera.yaml~
- +++ /dev/null
- @@ -1,9 +0,0 @@
- -
- -:backends:
- - - yaml
- -:yaml:
- - :datadir: /etc/puppet/hiera/
- -:hierarchy:
- - - "%{fdqn}"
- - - "%{osfamily}"
- - - common
- diff --git a/modules/hiera/Debian.yaml b/modules/hiera/Debian.yaml
- deleted file mode 100644
- index e69de29..0000000
- diff --git a/modules/hiera/Debian.yaml~ b/modules/hiera/Debian.yaml~
- deleted file mode 100644
- index 40424a1..0000000
- --- a/modules/hiera/Debian.yaml~
- +++ /dev/null
- @@ -1,6 +0,0 @@
- -
- -phpmyadmin:
- - # web server config
- - httpd_config: /etc/phpmyadmin/apache.conf
- - web_server: apache2
- -
- diff --git a/modules/hiera/RedHat.yaml b/modules/hiera/RedHat.yaml
- deleted file mode 100644
- index e69de29..0000000
- diff --git a/modules/hiera/RedHat.yaml~ b/modules/hiera/RedHat.yaml~
- deleted file mode 100644
- index 69f67e1..0000000
- --- a/modules/hiera/RedHat.yaml~
- +++ /dev/null
- @@ -1,4 +0,0 @@
- -phpmyadmin:
- - # web server config
- - httpd_conf: /etc/phpMyAdmin/phpMyAdmin.conf
- - web_server: httpd
- diff --git a/modules/hiera/common.yaml b/modules/hiera/common.yaml
- deleted file mode 100644
- index 56cc19d..0000000
- --- a/modules/hiera/common.yaml
- +++ /dev/null
- @@ -1,53 +0,0 @@
- -#proftpd common variables
- -proftpd:
- - settings:
- - port: 21
- - # pam off or on
- - pam_authentication: Off
- - motd: "welcome %{::hostname} sftp server "
- - server_admin: smile@smile.ci
- - # users home dir
- - timeout_idle: 1200
- - # sftp virtual hosts
- - sftp:
- - public:
- - motd: "Welcome %{::hostname} sftp server "
- - vhost_name: public
- - # listen ip address
- - ipaddress: 192.168.1.5
- - port: 22
- - timeout_idle: 1200
- - authentication_methods: publickey keyboard-interactive
- - max_login_attempts: 3
- - authorized_keys: file:~/.sftp/authorized_keys
- - umask: 066 022
- - server_admin: smile@smile.ci
- - max_clients: 20
- - admin:
- - motd: "Welcome %{::hostname} sftp server"
- - vhost_name: admin
- - # listen ip address
- - ipaddress: 0.0.0.0
- - port: 22
- - authentication_methods: publickey keyboard-interactive
- - max_login_attempts: 3
- - umask: 066 022
- - timeout_idle: 1200
- - server_admin: smile@smile.ci
- - max_clients: 100
- - authorized_keys: file:~/.sftp/authorized_keys
- -
- -# phpmyadmin commmon variables
- -phpmyadmin:
- - settings:
- - # blowfish secret
- - secret: 'uZ|9l1dPVkEYwcmL0xlNYn+wr^@c0_3wG2xDv0urqF%'
- - dbuser: root
- - dbpass: smile
- - dbname: mysql
- - dbserver: localhost
- - dbport: 3306
- - AllowRoot: FALSE
- - dbtype: mysql
- - auth_type: cookie
- -
- diff --git a/modules/hiera/common.yaml~ b/modules/hiera/common.yaml~
- deleted file mode 100644
- index 4fd3dcf..0000000
- --- a/modules/hiera/common.yaml~
- +++ /dev/null
- @@ -1,52 +0,0 @@
- -#proftpd common variables
- -proftpd:
- - settings:
- - port: 21
- - # pam off or on
- - pam_authentication: Off
- - motd: "welcome %{::hostname} sftp server "
- - server_admin: smile@smile.ci
- - # users home dir
- - timeout_idle: 1200
- - # sftp virtual hosts
- - sftp:
- - public:
- - motd: "Welcome %{::hostname} sftp server "
- - vhost_name: public
- - # listen ip address
- - ipaddress: 192.168.1.5
- - port: 22
- - timeout_idle: 1200
- - authentication_methods: publickey keyboard-interactive
- - max_login_attempts: 3
- - authorized_keys: file:~/.sftp/authorized_keys
- - umask: 066 022
- - server_admin: smile@smile.ci
- - max_clients: 20
- - admin:
- - motd: "Welcome %{::hostname} sftp server"
- - vhost_name: admin
- - # listen ip address
- - ipaddress: 0.0.0.0
- - port: 22
- - authentication_methods: publickey keyboard-interactive
- - max_login_attempts: 3
- - umask: 066 022
- - timeout_idle: 1200
- - server_admin: smile@smile.ci
- - max_clients: 100
- - authorized_keys: file:~/.sftp/authorized_keys
- -
- -# phpmyadmin commmon variables
- -phpmyadmin:
- - settings:
- - # blowfish secret
- - secret: 'uZ|9l1dPVkEYwcmL0xlNYn+wr^@c0_3wG2xDv0urqF%'
- - dbuser: root
- - dbpass: smile
- - dbname: mysql
- - dbserver: localhost
- - dbport: 3306
- - dbtype: mysql
- - auth_type: cookie
- -
- diff --git a/modules/openssh_ldap/manifests/init.pp b/modules/openssh_ldap/manifests/init.pp
- index 9551e90..71a2c66 100644
- --- a/modules/openssh_ldap/manifests/init.pp
- +++ b/modules/openssh_ldap/manifests/init.pp
- @@ -26,7 +26,7 @@ class openssh_ldap {
- ensure => latest
- }
- - service { $service:
- + service { 'ssh':
- ensure => running,
- enable => true
- }
- diff --git a/modules/pam_ldap/manifests/init.pp b/modules/pam_ldap/manifests/init.pp
- index a275df4..a8a7375 100644
- --- a/modules/pam_ldap/manifests/init.pp
- +++ b/modules/pam_ldap/manifests/init.pp
- @@ -1,21 +1,16 @@
- # pam-ldap
- #
- -
- class pam_ldap {
- -
- $pam_ldap = hiera_hash('pam_ldap')
- $dependencies = $pam_ldap['dependencies']
- - $service = $pam_ldap['service']
- - $config_file = $pam_ldap['config_file']
- - $config_template= $pam_ldap['config_template']
- - $config_params = $pam_ldap['config_params']
- + $settings = $pam_ldap['settings']
- #instal dep
- package { $dependencies :
- ensure => installed
- }
- - service { $service:
- + service { ['nslcd', 'nscd']:
- ensure => running,
- enable => true,
- require => Package[$dependencies]
- @@ -25,18 +20,22 @@ class pam_ldap {
- File {
- owner => nslcd,
- group => nslcd,
- - mode => '0600',
- + mode => '0644',
- require => Package[$dependencies],
- }
- -
- +
- # nsswitch ldap
- file { '/etc/nsswitch.conf' :
- content => template('pam_ldap/nsswitch.conf.erb')
- }
- - file { $config_file:
- - content => template($config_template),
- - notify => Service[$service]
- + file { '/etc/nscld.conf':
- + content => template('pam_ldap/nslcd.conf.erb'),
- + notify => Service['nslcd']
- }
- + file { '/etc/nscd.conf' :
- + content => template('pam_ldap/nscd.conf.erb'),
- + notify => Service['nscd']
- + }
- }
- diff --git a/modules/pam_ldap/templates/nscd.conf.erb b/modules/pam_ldap/templates/nscd.conf.erb
- new file mode 100644
- index 0000000..0d9e0ee
- --- /dev/null
- +++ b/modules/pam_ldap/templates/nscd.conf.erb
- @@ -0,0 +1,43 @@
- +# THIS FILE IS MANAGED BY PUPPET
- +# DO NOT EDIT IT BY HAND
- +
- + debug-level 2
- + reload-count unlimited
- + paranoia no
- +# restart-interval 3600
- +
- + enable-cache passwd yes
- + positive-time-to-live passwd 36000
- + negative-time-to-live passwd 20
- + suggested-size passwd 211
- + check-files passwd yes
- + persistent passwd yes
- + shared passwd yes
- + max-db-size passwd 33554432
- + auto-propagate passwd yes
- +
- + enable-cache group yes
- + positive-time-to-live group 36000
- + negative-time-to-live group 60
- + check-files group yes
- + persistent group yes
- + shared group yes
- + auto-propagate group yes
- +
- + enable-cache hosts yes
- + positive-time-to-live hosts 3600
- + negative-time-to-live hosts 20
- + suggested-size hosts 211
- + check-files hosts yes
- + persistent hosts yes
- + shared hosts yes
- + max-db-size hosts 33554432
- +
- + enable-cache services yes
- + positive-time-to-live services 28800
- + negative-time-to-live services 20
- + suggested-size services 211
- + check-files services yes
- + persistent services yes
- + shared services yes
- + max-db-size services 33554432
- diff --git a/modules/pam_ldap/templates/nslcd.conf.erb b/modules/pam_ldap/templates/nslcd.conf.erb
- index d69181c..67b9346 100644
- --- a/modules/pam_ldap/templates/nslcd.conf.erb
- +++ b/modules/pam_ldap/templates/nslcd.conf.erb
- @@ -3,10 +3,10 @@ uid nslcd
- gid nslcd
- # The location at which the LDAP server(s) should be reachable.
- -uri <%= @config_params['uri'] %><%= @config_params['server'] %>
- +uri <%= @settings['server'] %>
- # The search base that will be used for all queries.
- -base <%= @config_params['domain'] %>
- +base <%= @settings['domain'] %>
- # The LDAP protocol version to use.
- #ldap_version 3
- diff --git a/modules/phpmyadmin/manifests/.init.pp.swp b/modules/phpmyadmin/manifests/.init.pp.swp
- new file mode 100644
- index 0000000000000000000000000000000000000000..bda64d91f7eba7b919b82563086927922b8a3958
- GIT binary patch
- literal 12288
- zcmeI2O>Epm6vwB~(gH11aD!GFHY=PWyiVFus)%i=Xy^xx6k34<QHUn??5>;jN5|tN
- zO9;Jj<N~4x4jhUQA1B0t8)^}kUbvx32yx+n$^npy)Fb@I_QcNarYYR0#?nul^~}8Y
- z=07v<If>`TUOhEMpKTl<xONjVwfM%_YwzqQtz|+)6iIb^v#S*e9<Xq;Zp7izb>cLR
- z@fn3JCy2bX%M&N=#6gdFfgd_B<F|Ms6UPsI*@)v!jhYTd0i(bjDzJ+j*grltQhS0v
- z`p7GHIL34{3K#{90!9I&fKk9GU=%P47zOSY1!TO1{Ef-n1KMCq0Y1!S6fg=H1&jhl
- z0i%FXz$jo8FbWt2i~>dhqrhFF0P_g>4!`uvdodyW|6lzL;Ksv*{0gpvAHWsx4fq0l
- z4&DPEI0T*nd%!mE<3oge3^+Inwt{bW5z++<;52v&T;2(P;0&mPKOZFIB8Wf;&Vj>V
- zH@NWtY=95J^I!}(fPkOwC*%{b7u?)I$S>eJxB}h>vtTdyYdaxd0|8oK8tehP!49w;
- z{B|E9--9o~XW&!tE(pQP;1oCsM!`;Sa~mPoz*TSsd<8Cnw*d#I!3cO9JO*xUMZDl6
- za0z?>RsjQba0~kX0e%NRgR9^&xCoZOB2a6T0CWAn6<8&NX4h)*NvUL_&1H78d4$$G
- zQpVn#dP&A_ul3<!k_xW-SY1C{u%0ejTYi_*6+JNN1*&zTXdI!%jX}R*B>h%T+dRj`
- zqVMvV!heFVT+9|$C`CMyhgp;eQt}|~GRa4+%KJN6;0+acgNu1<-|+bIiIw3k@%h}B
- za-pVNxGeS2t~c_Vk8Aj$+dwqA@4|?dChsz*zLuUnCfPhoxN;nFSNc)7VGM#_NPR2-
- zVwh&`0&7F4c%eNPvVhO(iBgKUnzBVgH*4(B!GmjSL}^<@X$-N^q~5J6$3#mZ7sDF#
- znqx#PcmnnHpck_hA5>~sl=*h*UrrvfdF&b$jT9-@hAFK$6=@jyVOzH;6WAb?otAA8
- zIx!eW#fTp!l6AY>D^?`V)f-|365txq5nx}?JnH{yU#|}$%uK^}5e*HPAJQU}LGzTB
- zn=c>PVt#j&*6J%06H(G)f#2<|Qk)-};ElFONbc3>zQT(d;qewryOK`OmCD_ItNN(r
- zCzdv;mAxg$5Lk!rchshBc$GKgva@AX3@TUa@&y*OFj6^}xxL#BE)Jj?TsR-_QaM3z
- zI>bxfL7&2n#(Tcn>e=`-5l+%!f>&lZFl=oN)hIQroL9B4b)3)pEVMQeyng{G)h8yi
- zeuS!nHB)cL?OCGkRIfC|>xxN!2dAbc;(*#0DEiuQI={esc72q)oru;)agW-z?1*T|
- zMuYDq^f_8z!R^(3^eyV963s5A&Roew(i|VR#}A`H3Tn+9vtOUJ@X72qXRUoTefr8!
- z+$g}Cl3sRWEfCue)IKb{42<H-+{KZzie88WQjyZ8`U$5aw}FspF<aIZoOwO!MIqPc
- zM2{L26I(#nh%B+_B2g<B%{e<gWuKTnVZSu_nmsu^dB)Dq)Lg*M&!ONXNW!bN>QTzw
- z>BOqOVbcA{RmY^0tnQ{VZ6ycmZaU>|(oLtaqFY}Q*2Z*=fvAI$7A7F+=JI(wakJA=
- zSXPTWxhw_KB`2YH+m=p3WDyG=h3kwTrps7!m6g^hNbT${6K=<sC~bIlSgjEqvHnEF
- zYOU8U<uEIej+5`!fqjHB7Ppa{+yy;IEynl|iSq)J?^4xwqkby0Mp*cO%T9#usvjm7
- z319Yxm<@a(BGL7e{CP=ruc-<*;W&9y(r9rn5-b+cc}%<!iFVPV1|1bVj+#8?-C_Ig
- zNu^g)$+=#*{xjH117$}YC}qmpaM@KWQcN86FTP4KT0xc8YWeHY3%-N2Vx#fS&Iu`P
- zsGru?6P=^82Y^a3nd%)=uUp@)9^|>an&pc@PWg;iO}}f-=PH#X>pIYDT^-ROB0p#c
- z|E7$n;p?hMVPwGRx+;<vks)2Jv)nt$WVML6>hZ8%7JZa+q9zNi6D}p5j`E7or1dh#
- z%~-n4(q*L5im^@F@ws4g9hP*ePtcamdn0s_2|s&6%X$*xb{UFK=>vg`kn(w^Y{+gO
- XkK8oC^CDBvwAr0zvq@j*vqAm=!aTdF
- literal 0
- HcmV?d00001
- diff --git a/modules/phpmyadmin/manifests/init.pp b/modules/phpmyadmin/manifests/init.pp
- index 596a829..adf6c26 100755
- --- a/modules/phpmyadmin/manifests/init.pp
- +++ b/modules/phpmyadmin/manifests/init.pp
- @@ -1,37 +1,58 @@
- # === Class phpmyadmin
- #
- -# Documentationsdf
- +# Documentation
- #
- # install phpmyadmin
- #
- class phpmyadmin {
- # variable hiera
- - $phpmyadmin = hiera_hash('phpmyadmin')
- - $httpd_config = $phpmyadmin['httpd_config']
- - $web_server = $phpmyadmin['web_server']
- - $settings = $phpmyadmin['settings'];
- + $phpmyadmin = hiera_hash('phpmyadmin')
- + $settings = $phpmyadmin['settings']
- case $::osfamily {
- 'RedHat' : {
- $pkg_name = 'phpMyAdmin'
- $config_dir = '/usr/share/phpMyAdmin'
- $config_file = '/etc/phpMyAdmin/config.inc.php'
- + $http_server = 'httpd'
- + $httpd_config = '/etc/phpMyAdmin/httpd.conf'
- + $httpd_symlink= '/etc/httpd/conf.d/phpMyAdmin.conf'
- + $gpg = "/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-${::os_maj_version}"
- # ensure epel repo
- yumrepo { 'epel':
- - mirrorlist => "http://mirrors.fedoraproject.org/mirrorlist?repo=epel-${::os_maj_version}&arch=${::architecture}",
- - failovermethod => 'priority',
- - enabled => '1',
- - gpgcheck => '1',
- - gpgkey => "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-${::os_maj_version}",
- - descr => "Extra Packages for Enterprise Linux ${::os_maj_version} - ${::architecture}"
- + mirrorlist => "http://mirrors.fedoraproject.org/mirrorlist?repo=epel-${::os_maj_version}&arch=${::architecture}",
- + failovermethod => 'priority',
- + enabled => '1',
- + gpgcheck => '1',
- + gpgkey => "file://${gpg}",
- + descr => "Extra Packages for Enterprise Linux ${::os_maj_version} - ${::architecture}"
- + }
- +
- + # ensure key
- + file { $gpg:
- + ensure => present,
- + owner => 'root',
- + group => 'root',
- + mode => '0644',
- + content => template("phpmyadmin/RPM-GPG-KEY-EPEL-${::os_maj_version}")
- + }
- +
- + # import key unless already done
- + exec { 'import gpg' :
- + command => "rpm --import ${gpg}",
- + unless => "rpm -q gpg-pubkey-$(echo $(gpg --throw-keyids < ${gpg}) | cut --characters=11-18 | tr '[A-Z]' '[a-z]')",
- + require => File[$gpg]
- }
- }
- 'Debian' : {
- $pkg_name = 'phpmyadmin'
- $config_dir = '/usr/share/phpmyadmin'
- $config_file = '/etc/phpmyadmin/config.inc.php'
- + $httpd_server = 'apache2'
- + $httpd_config = '/etc/phpmyadmin/apache.conf'
- + $httpd_symlink = '/etc/apache2/conf.d/phpmyadmin.conf'
- }
- default : {
- fail( "${::osfamily} not supported" )
- @@ -44,14 +65,14 @@ class phpmyadmin {
- }
- # ensure web server
- - package { $web_server :
- - ensure => present
- + package { $httpd_server :
- + ensure => installed
- }
- - service { $web_server :
- + service { $httpd_server :
- ensure => running,
- enable => true,
- - require => Package[$web_server]
- + require => Package[$httpd_server]
- }
- File {
- @@ -70,7 +91,13 @@ class phpmyadmin {
- # webserver config
- file { $httpd_config:
- content => template('phpmyadmin/httpd.conf.erb'),
- - notify => Service[$web_server]
- + notify => Service[$httpd_server]
- + }
- +
- + # symlink
- + file { $httpd_symlink:
- + ensure => 'link',
- + target => $httpd_config
- }
- }
- diff --git a/modules/phpmyadmin/manifests/init.pp~ b/modules/phpmyadmin/manifests/init.pp~
- new file mode 100755
- index 0000000..fe683cd
- --- /dev/null
- +++ b/modules/phpmyadmin/manifests/init.pp~
- @@ -0,0 +1,102 @@
- +# === Class phpmyadmin
- +#
- +# Documentation
- +#
- +# install phpmyadmin
- +#
- +class phpmyadmin {
- +
- + # variable hiera
- + $phpmyadmin = hiera_hash('phpmyadmin')
- + $settings = $phpmyadmin['settings']
- +
- + case $::osfamily {
- + 'RedHat' : {
- + $pkg_name = 'phpMyAdmin'
- + $config_dir = '/usr/share/phpMyAdmin'
- + $config_file = '/etc/phpMyAdmin/config.inc.php'
- + $http_server = 'httpd'
- + $httpd_config = '/etc/phpMyAdmin/httpd.conf'
- + $httpd_symlink= '/etc/httpd/conf.d/phpMyAdmin.conf'
- + $gpg = "/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-${::os_maj_version}"
- + # ensure epel repo
- + yumrepo { 'epel':
- + mirrorlist => "http://mirrors.fedoraproject.org/mirrorlist?repo=epel-${::os_maj_version}&arch=${::architecture}",
- + failovermethod => 'priority',
- + enabled => '1',
- + gpgcheck => '1',
- + gpgkey => "file://${gpg}",
- + descr => "Extra Packages for Enterprise Linux ${::os_maj_version} - ${::architecture}"
- + }
- +
- + # ensure key
- + file { "${gpg}":
- + ensure => present,
- + owner => 'root',
- + group => 'root',
- + mode => '0644',
- + content => template("phpmyadmin/RPM-GPG-KEY-EPEL-${::os_maj_version}")
- + }
- +
- + # import key unless already done
- + exec { 'import gpg' :
- + command => "rpm --import ${gpg}",
- + unless => "rpm -q gpg-pubkey-$(echo $(gpg --throw-keyids < ${gpg}) | cut --characters=11-18 | tr '[A-Z]' '[a-z]')",
- + require => File[$gpg]
- + }
- + }
- + 'Debian' : {
- + $pkg_name = 'phpmyadmin'
- + $config_dir = '/usr/share/phpmyadmin'
- + $config_file = '/etc/phpmyadmin/config.inc.php'
- + $httpd_server = 'apache2'
- + $httpd_config = '/etc/phpmyadmin/apache.conf'
- + $httpd_symlink = '/etc/apache2/conf.d/phpmyadmin.conf'
- + }
- + default : {
- + fail( "${::osfamily} not supported" )
- + }
- + }
- +
- + # install main package
- + package { $pkg_name :
- + ensure => installed
- + }
- +
- + # ensure web server
- + package { $httpd_server :
- + ensure => installed
- + }
- +
- + service { $httpd_server :
- + ensure => running,
- + enable => true,
- + require => Package[$httpd_server]
- + }
- +
- + File {
- + ensure => present,
- + owner => root,
- + group => root,
- + mode => '0644',
- + require => Package[$pkg_name],
- + }
- +
- + # database connection config
- + file { $config_file:
- + content => template('phpmyadmin/config.inc.php.erb')
- + }
- +
- + # webserver config
- + file { $httpd_config:
- + content => template('phpmyadmin/httpd.conf.erb'),
- + notify => Service[$httpd_server]
- + }
- +
- + # symlink
- + file { $httpd_symlink:
- + ensure => 'link',
- + target => $httpd_config
- + }
- +
- +}
- diff --git a/modules/phpmyadmin/templates/RPM-GPG-KEY-EPEL-5 b/modules/phpmyadmin/templates/RPM-GPG-KEY-EPEL-5
- new file mode 100644
- index 0000000..5a13bb4
- --- /dev/null
- +++ b/modules/phpmyadmin/templates/RPM-GPG-KEY-EPEL-5
- @@ -0,0 +1,30 @@
- +-----BEGIN PGP PUBLIC KEY BLOCK-----
- +Version: GnuPG v1.2.6 (GNU/Linux)
- +
- +mQGiBEXopTIRBACZDBMOoFOakAjaxw1LXjeSvh/kmE35fU1rXfM7T0AV31NATCLF
- +l5CQiNDA4oWreDThg2Bf6+LIVTsGQb1V+XXuLak4Em5yTYwMTVB//4/nMxQEbpl/
- +QB2XwlJ7EQ0vW+kiPDz/7pHJz1p1jADzd9sQQicMtzysS4qT2i5A23j0VwCg1PB/
- +lpYqo0ZhWTrevxKMa1n34FcD/REavj0hSLQFTaKNLHRotRTF8V0BajjSaTkUT4uk
- +/RTaZ8Kr1mTosVtosqmdIAA2XHxi8ZLiVPPSezJjfElsSqOAxEKPL0djfpp2wrTm
- +l/1iVnX+PZH5DRKCbjdCMLDJhYap7YUhcPsMGSeUKrwmBCBJUPc6DhjFvyhA9IMl
- +1T0+A/9SKTv94ToP/JYoCTHTgnG5MoVNafisfe0wojP2mWU4gRk8X4dNGKMj6lic
- +vM6gne3hESyjcqZSmr7yELPPGhI9MNauJ6Ob8cTR2T12Fmv9w03DD3MnBstR6vhP
- +QcqZKhc5SJYYY7oVfxlSOfF4xfwcHQKoD5TOKwIAQ6T8jyFpKbQkRmVkb3JhIEVQ
- +RUwgPGVwZWxAZmVkb3JhcHJvamVjdC5vcmc+iGQEExECACQFAkXopTICGwMFCRLM
- +AwAGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQEZzANiF1IfabmQCgzvE60MnHSOBa
- +ZXXF7uU2Vzu8EOkAoKg9h+j0NuNom6WUYZyJQt4zc5seuQINBEXopTYQCADapnR/
- +blrJ8FhlgNPl0X9S3JE/kygPbNXIqne4XBVYisVp0uzNCRUxNZq30MpY027JCs2J
- +nL2fMpwvx33f0phU029vrIZKA3CmnnwVsjcWfMJOVPBmVN7m5bGU68F+PdRIcDsl
- +PMOWRLkTBZOGolLgIbM4719fqA8etewILrX6uPvRDwywV7/sPCFpRcfNNBUY+Zx3
- +5bf4fnkaCKxgXgQS3AT+hGYhlzIqQVTkGNveHTnt4SSzgAqR9sSwQwqvEfVtYNeS
- +w5rDguLG41HQm1Hojv59HNYjH6F/S1rClZi21bLgZbKpCFX76qPt8CTw+iQLBPPd
- +yoOGHfzyp7nsfhUrAAMFB/9/H9Gpk822ZpBexQW4y3LGFo9ZSnmu+ueOZPU3SqDA
- +DW1ovZdYzGuJTGGM9oMl6bL8eZrcUBBOFaWge5wZczIE3hx2exEOkDdvq+MUDVD1
- +axmN45q/7h1NYRp5GQL2ZsoV4g9U2gMdzHOFtZCER6PP9ErVlfJpgBUCdSL93V4H
- +Sgpkk7znmTOklbCM6l/G/A6q4sCRqfzHwVSTiruyTBiU9lfROsAl8fjIq2OzWJ2T
- +P9sadBe1llUYaow7txYSUxssW+89avct35gIyrBbof5M+CBXyAOUaSWmpM2eub24
- +0qbqiSr/Y6Om0t6vSzR8gRk7g+1H6IE0Tt1IJCvCAMimiE8EGBECAA8FAkXopTYC
- +GwwFCRLMAwAACgkQEZzANiF1IfZQYgCgiZHCv4xb+sTHCn/otc1Ovvi/OgMAnRXY
- +bbsLFWOfmzAnNIGvFRWy+YHi
- +=MMNL
- +-----END PGP PUBLIC KEY BLOCK-----
- diff --git a/modules/phpmyadmin/templates/RPM-GPG-KEY-EPEL-6 b/modules/phpmyadmin/templates/RPM-GPG-KEY-EPEL-6
- new file mode 100644
- index 0000000..7a20304
- --- /dev/null
- +++ b/modules/phpmyadmin/templates/RPM-GPG-KEY-EPEL-6
- @@ -0,0 +1,29 @@
- +-----BEGIN PGP PUBLIC KEY BLOCK-----
- +Version: GnuPG v1.4.5 (GNU/Linux)
- +
- +mQINBEvSKUIBEADLGnUj24ZVKW7liFN/JA5CgtzlNnKs7sBg7fVbNWryiE3URbn1
- +JXvrdwHtkKyY96/ifZ1Ld3lE2gOF61bGZ2CWwJNee76Sp9Z+isP8RQXbG5jwj/4B
- +M9HK7phktqFVJ8VbY2jfTjcfxRvGM8YBwXF8hx0CDZURAjvf1xRSQJ7iAo58qcHn
- +XtxOAvQmAbR9z6Q/h/D+Y/PhoIJp1OV4VNHCbCs9M7HUVBpgC53PDcTUQuwcgeY6
- +pQgo9eT1eLNSZVrJ5Bctivl1UcD6P6CIGkkeT2gNhqindRPngUXGXW7Qzoefe+fV
- +QqJSm7Tq2q9oqVZ46J964waCRItRySpuW5dxZO34WM6wsw2BP2MlACbH4l3luqtp
- +Xo3Bvfnk+HAFH3HcMuwdaulxv7zYKXCfNoSfgrpEfo2Ex4Im/I3WdtwME/Gbnwdq
- +3VJzgAxLVFhczDHwNkjmIdPAlNJ9/ixRjip4dgZtW8VcBCrNoL+LhDrIfjvnLdRu
- +vBHy9P3sCF7FZycaHlMWP6RiLtHnEMGcbZ8QpQHi2dReU1wyr9QgguGU+jqSXYar
- +1yEcsdRGasppNIZ8+Qawbm/a4doT10TEtPArhSoHlwbvqTDYjtfV92lC/2iwgO6g
- +YgG9XrO4V8dV39Ffm7oLFfvTbg5mv4Q/E6AWo/gkjmtxkculbyAvjFtYAQARAQAB
- +tCFFUEVMICg2KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAjYEEwECACAFAkvS
- +KUICGw8GCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRA7Sd8qBgi4lR/GD/wLGPv9
- +qO39eyb9NlrwfKdUEo1tHxKdrhNz+XYrO4yVDTBZRPSuvL2yaoeSIhQOKhNPfEgT
- +9mdsbsgcfmoHxmGVcn+lbheWsSvcgrXuz0gLt8TGGKGGROAoLXpuUsb1HNtKEOwP
- +Q4z1uQ2nOz5hLRyDOV0I2LwYV8BjGIjBKUMFEUxFTsL7XOZkrAg/WbTH2PW3hrfS
- +WtcRA7EYonI3B80d39ffws7SmyKbS5PmZjqOPuTvV2F0tMhKIhncBwoojWZPExft
- +HpKhzKVh8fdDO/3P1y1Fk3Cin8UbCO9MWMFNR27fVzCANlEPljsHA+3Ez4F7uboF
- +p0OOEov4Yyi4BEbgqZnthTG4ub9nyiupIZ3ckPHr3nVcDUGcL6lQD/nkmNVIeLYP
- +x1uHPOSlWfuojAYgzRH6LL7Idg4FHHBA0to7FW8dQXFIOyNiJFAOT2j8P5+tVdq8
- +wB0PDSH8yRpn4HdJ9RYquau4OkjluxOWf0uRaS//SUcCZh+1/KBEOmcvBHYRZA5J
- +l/nakCgxGb2paQOzqqpOcHKvlyLuzO5uybMXaipLExTGJXBlXrbbASfXa/yGYSAG
- +iVrGz9CE6676dMlm8F+s3XXE13QZrXmjloc6jwOljnfAkjTGXjiB7OULESed96MR
- +XtfLk0W5Ab9pd7tKDR6QHI7rgHXfCopRnZ2VVQ==
- +=V/6I
- +-----END PGP PUBLIC KEY BLOCK-----
- diff --git a/modules/phpmyadmin/templates/config.inc.php.erb b/modules/phpmyadmin/templates/config.inc.php.erb
- index a757580..65ee7d0 100755
- --- a/modules/phpmyadmin/templates/config.inc.php.erb
- +++ b/modules/phpmyadmin/templates/config.inc.php.erb
- @@ -1,98 +1,30 @@
- <?php
- -/**
- - * phpMyAdmin configuration file, you can use it as base for the manual
- - * configuration. For easier setup you can use "setup/".
- - *
- - * All directives are explained in Documentation.html and on phpMyAdmin
- - * wiki <http://wiki.phpmyadmin.net>.
- - */
- +#############################################
- +# This is file is managed by puppet
- +# DO NOT EDIT IT BY HAND
- -/*
- - * This is needed for cookie based authentication to encrypt password in
- - * cookie
- - */
- -$cfg['blowfish_secret'] = "<%= @settings['secret'] %>"; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
- +$cfg['blowfish_secret'] = "<%= @settings['secret'] %>";
- /**
- * Server(s) configuration
- */
- $i = 0;
- -
- -// The $cfg['Servers'] array starts with $cfg['Servers'][1]. Do not use
- -// $cfg['Servers'][0]. You can disable a server config entry by setting host
- -// to ''. If you want more than one server, just copy following section
- -// (including $i incrementation) serveral times. There is no need to define
- -// full server array, just define values you need to change.
- +<% @servers.each do | server | -%>
- $i++;
- -$cfg['Servers'][$i]['host'] = "<%= @settings['dbserver'] %>"; // MySQL hostname or IP address
- -$cfg['Servers'][$i]['port'] = "<%= @settings['dbport'] %>"; // MySQL port - leave blank for default port
- -$cfg['Servers'][$i]['socket'] = ''; // Path to the socket - leave blank for default socket
- +$cfg['Servers'][$i]['host'] = "<%= @server['dbserver'] %>";
- +$cfg['Servers'][$i]['port'] = "<%= @server['dbport'] %>";
- +$cfg['Servers'][$i]['socket'] = '';
- $cfg['Servers'][$i]['connect_type'] = 'tcp'; // How to connect to MySQL server ('tcp' or 'socket')
- $cfg['Servers'][$i]['extension'] = 'mysqli'; // The php MySQL extension to use ('mysql' or 'mysqli')
- $cfg['Servers'][$i]['compress'] = FALSE; // Use compressed protocol for the MySQL connection
- - // (requires PHP >= 4.3.0)
- -$cfg['Servers'][$i]['controluser'] = ''; // MySQL control user settings
- - // (this user must have read-only
- -$cfg['Servers'][$i]['controlpass'] = ''; // access to the "mysql/user"
- - // and "mysql/db" tables).
- - // The controluser is also
- - // used for all relational
- - // features (pmadb)
- -$cfg['Servers'][$i]['auth_type'] = "<%= @settings['auth_type'] %>"; // Authentication method (config, http or cookie based)?
- -$cfg['Servers'][$i]['user'] = "<%= @settings['dbuser'] %>"; // MySQL user
- -$cfg['Servers'][$i]['password'] = "<%= @settings['dbpass'] %>"; // MySQL password (only needed
- - // with 'config' auth_type)
- -$cfg['Servers'][$i]['only_db'] = ''; // If set to a db-name, only
- - // this db is displayed in left frame
- - // It may also be an array of db-names, where sorting order is relevant.
- -$cfg['Servers'][$i]['hide_db'] = ''; // Database name to be hidden from listings
- -$cfg['Servers'][$i]['verbose'] = ''; // Verbose name for this host - leave blank to show the hostname
- +$cfg['Servers'][$i]['controluser'] = '';
- +$cfg['Servers'][$i]['controlpass'] = '';
- +$cfg['Servers'][$i]['auth_type'] = "<%= @server['auth_type'] %>"; // Authentication method (config, http or cookie based)?
- +$cfg['Servers'][$i]['user'] = "<%= @server['dbuser'] %>"; // MySQL user
- +$cfg['Servers'][$i]['password'] = "<%= @server['dbpass'] %>"; // MySQL password (only needed
- +$cfg['Servers'][$i]['AllowRoot'] = <%= @server['AllowRoot'] %>; // whether to allow root login
- -$cfg['Servers'][$i]['pmadb'] = ''; // Database used for Relation, Bookmark and PDF Features
- - // (see scripts/create_tables.sql)
- - // - leave blank for no support
- - // DEFAULT: 'phpmyadmin'
- -$cfg['Servers'][$i]['bookmarktable'] = ''; // Bookmark table
- - // - leave blank for no bookmark support
- - // DEFAULT: 'pma_bookmark'
- -$cfg['Servers'][$i]['relation'] = ''; // table to describe the relation between links (see doc)
- - // - leave blank for no relation-links support
- - // DEFAULT: 'pma_relation'
- -$cfg['Servers'][$i]['table_info'] = ''; // table to describe the display fields
- - // - leave blank for no display fields support
- - // DEFAULT: 'pma_table_info'
- -$cfg['Servers'][$i]['table_coords'] = ''; // table to describe the tables position for the PDF schema
- - // - leave blank for no PDF schema support
- - // DEFAULT: 'pma_table_coords'
- -$cfg['Servers'][$i]['pdf_pages'] = ''; // table to describe pages of relationpdf
- - // - leave blank if you don't want to use this
- - // DEFAULT: 'pma_pdf_pages'
- -$cfg['Servers'][$i]['column_info'] = ''; // table to store column information
- - // - leave blank for no column comments/mime types
- - // DEFAULT: 'pma_column_info'
- -$cfg['Servers'][$i]['history'] = ''; // table to store SQL history
- - // - leave blank for no SQL query history
- - // DEFAULT: 'pma_history'
- -$cfg['Servers'][$i]['verbose_check'] = TRUE; // set to FALSE if you know that your pma_* tables
- - // are up to date. This prevents compatibility
- - // checks and thereby increases performance.
- -$cfg['Servers'][$i]['AllowRoot'] = TRUE; // whether to allow root login
- -$cfg['Servers'][$i]['AllowDeny']['order'] // Host authentication order, leave blank to not use
- - = '';
- -$cfg['Servers'][$i]['AllowDeny']['rules'] // Host authentication rules, leave blank for defaults
- - = array();
- -$cfg['Servers'][$i]['AllowNoPassword'] // Allow logins without a password. Do not change the FALSE
- - = FALSE; // default unless you're running a passwordless MySQL server
- -$cfg['Servers'][$i]['designer_coords'] // Leave blank (default) for no Designer support, otherwise
- - = ''; // set to suggested 'pma_designer_coords' if really needed
- -$cfg['Servers'][$i]['bs_garbage_threshold'] // Blobstreaming: Recommented default value from upstream
- - = 50; // DEFAULT: '50'
- -$cfg['Servers'][$i]['bs_repository_threshold'] // Blobstreaming: Recommented default value from upstream
- - = '32M'; // DEFAULT: '32M'
- -$cfg['Servers'][$i]['bs_temp_blob_timeout'] // Blobstreaming: Recommented default value from upstream
- - = 600; // DEFAULT: '600'
- -$cfg['Servers'][$i]['bs_temp_log_threshold'] // Blobstreaming: Recommented default value from upstream
- - = '32M'; // DEFAULT: '32M'
- +<% end -%>
- /*
- * End of servers configuration
- */
- diff --git a/modules/phpmyadmin/templates/config.inc.php.erb~ b/modules/phpmyadmin/templates/config.inc.php.erb~
- new file mode 100755
- index 0000000..93214ac
- --- /dev/null
- +++ b/modules/phpmyadmin/templates/config.inc.php.erb~
- @@ -0,0 +1,80 @@
- +<?php
- +#############################################
- +# This is file is managed by puppet
- +# DO NOT EDIT IT BY HAND
- +
- +$cfg['blowfish_secret'] = "<%= @settings['secret'] %>";
- +/**
- + * Server(s) configuration
- + */
- +$i = 0;
- +$i++;
- +$cfg['Servers'][$i]['host'] = "<%= @settings['dbserver'] %>"; // MySQL hostname or IP address
- +$cfg['Servers'][$i]['port'] = "<%= @settings['dbport'] %>"; // MySQL port - leave blank for default port
- +$cfg['Servers'][$i]['socket'] = ''; // Path to the socket - leave blank for default socket
- +$cfg['Servers'][$i]['connect_type'] = 'tcp'; // How to connect to MySQL server ('tcp' or 'socket')
- +$cfg['Servers'][$i]['extension'] = 'mysqli'; // The php MySQL extension to use ('mysql' or 'mysqli')
- +$cfg['Servers'][$i]['compress'] = FALSE; // Use compressed protocol for the MySQL connection
- + // (requires PHP >= 4.3.0)
- +$cfg['Servers'][$i]['controluser'] = ''; // MySQL control user settings
- + // (this user must have read-only
- +$cfg['Servers'][$i]['controlpass'] = ''; // access to the "mysql/user"
- + // and "mysql/db" tables).
- + // The controluser is also
- + // used for all relational
- + // features (pmadb)
- +$cfg['Servers'][$i]['auth_type'] = "<%= @settings['auth_type'] %>"; // Authentication method (config, http or cookie based)?
- +$cfg['Servers'][$i]['user'] = "<%= @settings['dbuser'] %>"; // MySQL user
- +$cfg['Servers'][$i]['password'] = "<%= @settings['dbpass'] %>"; // MySQL password (only needed
- + // with 'config' auth_type)
- +$cfg['Servers'][$i]['only_db'] = ''; // If set to a db-name, only
- + // this db is displayed in left frame
- + // It may also be an array of db-names, where sorting order is relevant.
- +$cfg['Servers'][$i]['hide_db'] = ''; // Database name to be hidden from listings
- +$cfg['Servers'][$i]['verbose'] = ''; // Verbose name for this host - leave blank to show the hostname
- +
- +$cfg['Servers'][$i]['pmadb'] = ''; // Database used for Relation, Bookmark and PDF Features
- + // (see scripts/create_tables.sql)
- + // - leave blank for no support
- + // DEFAULT: 'phpmyadmin'
- +$cfg['Servers'][$i]['bookmarktable'] = ''; // Bookmark table
- + // - leave blank for no bookmark support
- + // DEFAULT: 'pma_bookmark'
- +$cfg['Servers'][$i]['relation'] = ''; // table to describe the relation between links (see doc)
- + // - leave blank for no relation-links support
- + // DEFAULT: 'pma_relation'
- +$cfg['Servers'][$i]['table_info'] = ''; // table to describe the display fields
- + // - leave blank for no display fields support
- + // DEFAULT: 'pma_table_info'
- +$cfg['Servers'][$i]['table_coords'] = ''; // table to describe the tables position for the PDF schema
- + // - leave blank for no PDF schema support
- + // DEFAULT: 'pma_table_coords'
- +$cfg['Servers'][$i]['pdf_pages'] = ''; // table to describe pages of relationpdf
- + // - leave blank if you don't want to use this
- + // DEFAULT: 'pma_pdf_pages'
- +$cfg['Servers'][$i]['column_info'] = ''; // table to store column information
- + // - leave blank for no column comments/mime types
- + // DEFAULT: 'pma_column_info'
- +$cfg['Servers'][$i]['history'] = ''; // table to store SQL history
- + // - leave blank for no SQL query history
- + // DEFAULT: 'pma_history'
- +$cfg['Servers'][$i]['verbose_check'] = TRUE; // set to FALSE if you know that your pma_* tables
- + // are up to date. This prevents compatibility
- + // checks and thereby increases performance.
- +$cfg['Servers'][$i]['AllowRoot'] = <%= @settings['AllowRoot'] %>; // whether to allow root login
- +/*
- + * End of servers configuration
- + */
- +
- +/*
- + * Directories for saving/loading files from server
- + */
- +$cfg['UploadDir'] = '/var/lib/phpMyAdmin/upload';
- +$cfg['SaveDir'] = '/var/lib/phpMyAdmin/save';
- +
- +/*
- + * Disable the default warning that is displayed on the DB Details Structure
- + * page if any of the required Tables for the relation features is not found
- + */
- +$cfg['PmaNoRelation_DisableWarning'] = TRUE;
- +?>
- diff --git a/modules/phpmyadmin/templates/httpd.conf.erb b/modules/phpmyadmin/templates/httpd.conf.erb
- index 97fb85b..4d8be53 100755
- --- a/modules/phpmyadmin/templates/httpd.conf.erb
- +++ b/modules/phpmyadmin/templates/httpd.conf.erb
- @@ -1,14 +1,11 @@
- -# phpMyAdmin - Web based MySQL browser written in php
- -#
- -# Allows only localhost by default
- -#
- -# But allowing phpMyAdmin to anyone other than localhost should be considered
- -# dangerous unless properly secured by SSL
- +#############################################
- +# This is file is managed by puppet
- +# DO NOT EDIT IT BY HAND
- Alias /phpMyAdmin <%= @config_dir %>
- Alias /phpmyadmin <%= @config_dir %>
- -<Directory /usr/share/phpMyAdmin/>
- +<Directory <%= @config_dir %>>
- # Access list
- Order Deny,Allow
- Deny from All
- @@ -16,30 +13,31 @@ Alias /phpmyadmin <%= @config_dir %>
- Allow from ::1
- </Directory>
- -<Directory /usr/share/phpMyAdmin/setup/>
- - # Apache 2.2
- - Order Deny,Allow
- - Deny from All
- - Allow from <%= @settings['acl'] %>
- - Allow from ::1
- +<Directory <%= @config_dir %>/setup/>
- + <IfModule mod_authn_file.c>
- + AuthType Basic
- + AuthName "phpMyAdmin Setup"
- + AuthUserFile /etc/phpmyadmin/htpasswd.setup
- + </IfModule>
- + Require valid-user
- </Directory>
- # These directories do not require access over HTTP - taken from the original
- # phpMyAdmin upstream tarball
- #
- -<Directory /usr/share/phpMyAdmin/libraries/>
- +<Directory <%= @config_dir %>/libraries/>
- Order Deny,Allow
- Deny from All
- Allow from None
- </Directory>
- -<Directory /usr/share/phpMyAdmin/setup/lib/>
- +<Directory <%= @config_dir %>/setup/lib/>
- Order Deny,Allow
- Deny from All
- Allow from None
- </Directory>
- -<Directory /usr/share/phpMyAdmin/setup/frames/>
- +<Directory <%= @config_dir %>/setup/frames/>
- Order Deny,Allow
- Deny from All
- Allow from None
- @@ -49,7 +47,7 @@ Alias /phpmyadmin <%= @config_dir %>
- # filtering SQL etc. This may break your mod_security implementation.
- #
- #<IfModule mod_security.c>
- -# <Directory /usr/share/phpMyAdmin/>
- +# <Directory <%= @config_dir %>/>
- # SecRuleInheritance Off
- # </Directory>
- #</IfModule>
- diff --git a/modules/phpmyadmin/templates/httpd.conf.erb~ b/modules/phpmyadmin/templates/httpd.conf.erb~
- new file mode 100755
- index 0000000..c75244c
- --- /dev/null
- +++ b/modules/phpmyadmin/templates/httpd.conf.erb~
- @@ -0,0 +1,52 @@
- +#############################################
- +# This is file is managed by puppet
- +# DO NOT EDIT IT BY HAND
- +
- +Alias /phpMyAdmin <%= @config_dir %>
- +Alias /phpmyadmin <%= @config_dir %>
- +
- +<Directory /usr/share/phpMyAdmin/>
- + # Access list
- + Order Deny,Allow
- + Deny from All
- + Allow from <%= @settings['acl'] %>
- + Allow from ::1
- +</Directory>
- +
- +<Directory /usr/share/phpMyAdmin/setup/>
- + # Apache 2.2
- + Order Deny,Allow
- + Deny from All
- + Allow from <%= @settings['acl'] %>
- + Allow from ::1
- +</Directory>
- +
- +# These directories do not require access over HTTP - taken from the original
- +# phpMyAdmin upstream tarball
- +#
- +<Directory /usr/share/phpMyAdmin/libraries/>
- + Order Deny,Allow
- + Deny from All
- + Allow from None
- +</Directory>
- +
- +<Directory /usr/share/phpMyAdmin/setup/lib/>
- + Order Deny,Allow
- + Deny from All
- + Allow from None
- +</Directory>
- +
- +<Directory /usr/share/phpMyAdmin/setup/frames/>
- + Order Deny,Allow
- + Deny from All
- + Allow from None
- +</Directory>
- +
- +# This configuration prevents mod_security at phpMyAdmin directories from
- +# filtering SQL etc. This may break your mod_security implementation.
- +#
- +#<IfModule mod_security.c>
- +# <Directory /usr/share/phpMyAdmin/>
- +# SecRuleInheritance Off
- +# </Directory>
- +#</IfModule>
- diff --git a/modules/proftpd/manifests/init.pp b/modules/proftpd/manifests/init.pp
- index c717ecb..f82cac1 100755
- --- a/modules/proftpd/manifests/init.pp
- +++ b/modules/proftpd/manifests/init.pp
- @@ -11,6 +11,13 @@ class proftpd {
- default => fail( "${::osfamily} not supported ")
- }
- + $config_file = $::osfamily ? {
- + 'Debian' => '/etc/proftpd/proftpd.conf',
- + 'RedHat' => '/etc/proftpd.conf',
- + default => fail( "${::osfamily} not supported ")
- +
- + }
- +
- # install packages
- package { $pkgs_name :
- ensure => installed
- @@ -25,6 +32,17 @@ class proftpd {
- enable => true
- }
- + group { $settings['group'] :
- + ensure => present
- + } ->
- +
- + user { $settings['user'] :
- + ensure => present,
- + home => '/var/run/proftpd',
- + gid => $settings['group'],
- + shell => '/bin/false'
- + }
- +
- File {
- ensure => present,
- owner => root,
- @@ -33,17 +51,23 @@ class proftpd {
- require => Package[$pkgs_name]
- }
- - file { '/etc/proftpd/proftpd.conf' :
- + file { $config_file :
- content => template('proftpd/proftpd.conf.erb'),
- notify => Service['proftpd']
- }
- - file { [ '/etc/proftpd/sftp.d' , '/etc/proftpd/messages.d' ] :
- +
- + file { [ '/etc/proftpd', '/etc/proftpd/sftp.d' , '/etc/proftpd/messages.d' ] :
- ensure => directory,
- mode => '0755'
- }
- +
- + # modules conf
- + file { '/etc/proftpd/modules.conf' :
- + content => template('proftpd/modules.conf.erb')
- + }
- - # script pour creer de nouveau utilisateur ftp
- - file { '/usr/bin/new_ftp_account.sh' :
- + # script pour creer de nouveau utilisateur ftp/sftp
- + file { '/usr/local/sbin/new_ftp_account' :
- mode => '0755',
- content => template('proftpd/new_ftp_account.sh')
- }
- diff --git a/modules/proftpd/manifests/init.pp~ b/modules/proftpd/manifests/init.pp~
- new file mode 100755
- index 0000000..cd3f579
- --- /dev/null
- +++ b/modules/proftpd/manifests/init.pp~
- @@ -0,0 +1,59 @@
- +# === Class proftpd
- +class proftpd {
- +
- + $proftpd = hiera_hash('proftpd')
- + $settings = $proftpd['settings']
- + $sftp = $proftpd['sftp']
- +
- + $pkgs_name = $::osfamily ? {
- + 'Debian' => [ 'proftpd-basic', 'proftpd-mod-vroot' ],
- + 'RedHat' => 'proftpd',
- + default => fail( "${::osfamily} not supported ")
- + }
- +
- + # install packages
- + package { $pkgs_name :
- + ensure => installed
- + }
- +
- + package { 'pwgen' :
- + ensure => installed
- + }
- +
- + service { 'proftpd' :
- + ensure => 'running',
- + enable => true
- + }
- +
- + File {
- + ensure => present,
- + owner => root,
- + group => root,
- + mode => '0644',
- + require => Package[$pkgs_name]
- + }
- +
- + file { '/etc/proftpd/proftpd.conf' :
- + content => template('proftpd/proftpd.conf.erb'),
- + notify => Service['proftpd']
- + }
- +
- + file { [ '/etc/proftpd/sftp.d' , '/etc/proftpd/messages.d' ] :
- + ensure => directory,
- + mode => '0755'
- + }
- +
- + # script pour creer de nouveau utilisateur ftp
- + file { '/usr/bin/new_ftp_account.sh' :
- + mode => '0755',
- + content => template('proftpd/new_ftp_account.sh')
- + }
- +
- + # create sftp instances
- + each($sftp) { | $index, $value |
- + File['/etc/proftpd/sftp.d'] ->
- + proftpd::sftp { "install sftp vhost - ${value} ":
- + settings => $sftp[$index]
- + }
- + }
- +}
- diff --git a/modules/proftpd/manifests/sftp.pp b/modules/proftpd/manifests/sftp.pp
- index 5950315..2b60b86 100644
- --- a/modules/proftpd/manifests/sftp.pp
- +++ b/modules/proftpd/manifests/sftp.pp
- @@ -9,7 +9,7 @@ define proftpd::sftp(
- # create login motd
- file { "/etc/proftpd/messages.d/login-${vhost_name}.msg" :
- ensure => present,
- - content => inline_template($settings['motd'])
- + content => template('proftpd/banner.msg.erb')
- }
- # config file
- diff --git a/modules/proftpd/templates/banner.msg.erb b/modules/proftpd/templates/banner.msg.erb
- new file mode 100644
- index 0000000..b5e5079
- --- /dev/null
- +++ b/modules/proftpd/templates/banner.msg.erb
- @@ -0,0 +1,2 @@
- +<%= @settings['motd'] %>
- +
- diff --git a/modules/proftpd/templates/modules.conf.erb b/modules/proftpd/templates/modules.conf.erb
- new file mode 100644
- index 0000000..7f6ca2f
- --- /dev/null
- +++ b/modules/proftpd/templates/modules.conf.erb
- @@ -0,0 +1,18 @@
- +###########################
- +# THIS FILE IS MANAGED BY PUPPET
- +# DO NOT EDIT IT BY HAND
- +#ModulePath /usr/lib/proftpd
- +ModuleControlsACLs insmod,rmmod allow user root
- +ModuleControlsACLs lsmod allow user *
- +LoadModule mod_ctrls_admin.c
- +#LoadModule mod_tls.c
- +LoadModule mod_radius.c
- +LoadModule mod_quotatab.c
- +LoadModule mod_quotatab_file.c
- +LoadModule mod_quotatab_radius.c
- +LoadModule mod_wrap.c
- +LoadModule mod_rewrite.c
- +LoadModule mod_load.c
- +LoadModule mod_ban.c
- +LoadModule mod_wrap2.c
- +LoadModule mod_wrap2_file.c
- diff --git a/modules/proftpd/templates/new_ftp_account.sh b/modules/proftpd/templates/new_ftp_account.sh
- index 5048b40..7da03f0 100755
- --- a/modules/proftpd/templates/new_ftp_account.sh
- +++ b/modules/proftpd/templates/new_ftp_account.sh
- @@ -18,47 +18,37 @@ SETCOLOR_SUCCESS="\\033[1;32m"
- SETCOLOR_FAILURE="\\033[1;31m"
- SETCOLOR_NORMAL="\\033[0;39m"
- -
- +if [ ! -e /usr/sbin/ftpasswd ]; then
- + wget http://www.castaglia.org/proftpd/contrib/ftpasswd -O /usr/sbin/ftpasswd
- + chmod 755 /usr/sbin/ftpasswd
- +fi
- if [ $# -ne 1 ]; then
- echo "Usage: ${0##*/} <site_name>"
- exit 1
- fi
- +
- user_name=$1
- passwd=`/usr/bin/pwgen -cn -N 1`
- USER_FTP_HOMEDIR=$FTP_HOMEDIR/$user_name
- echo -n "Creating SFTP defaut configuration: "
- if [ ! -d $FTP_HOMEDIR/$user_name ]; then
- - mkdir $USER_FTP_HOMEDIR fi
- + mkdir $USER_FTP_HOMEDIR;
- +fi
- # root directory chown $USR_ID:$GRP_ID $USER_FTP_HOMEDIR chmod 550 $USER_FTP_HOMEDIR
- # create dir
- - mkdir $USER_FTP_HOMEDIR{conf,logs,bin,htdocs}
- -
- - chown $USR_ID:$GRP_ID $USER_FTP_HOMEDIR/conf
- - chmod 550 $USER_FTP_HOMEDIR/conf
- -
- - # logs directory
- - chown $USR_ID:$GRP_ID $USER_FTP_HOMEDIR/logs
- - chmod 550 $USER_FTP_HOMEDIR/logs
- -
- - # bin directory
- - chown $USR_ID:$GRP_ID $USER_FTP_HOMEDIR/bin
- - chmod 550 $USER_FTP_HOMEDIR/bin
- -
- - # htdocs
- - chown $USR_ID:$GRP_ID $USER_FTP_HOMEDIR/htdocs
- - chmod 750 $USER_FTP_HOMEDIR/htdocs
- + mkdir -p $USER_FTP_HOMEDIR/{conf,logs,bin,htdocs}
- + chmod -R 550 $USER_FTP_HOMEDIR/conf
- + chown -R $USR_ID:$GRP_ID $USER_FTP_HOMEDIR
- echo -e "${MOVE_TO_COL}${SETCOLOR_SUCCESS}OK${SETCOLOR_NORMAL}"
- # FTP user creation
- echo -n "Creating SFTP account: "
- -ftpasswd --passwd --file=$FTP_PASSWDFILE --home=$USER_FTP_HOMEDIR --name=$user_name --uid=$USR_ID --gid=$GRP_ID --shell=/bin/false --stdin <<< "$passwd" > /dev/null
- +ftpasswd --passwd --file=$FTP_PASSWDFILE --home=$USER_FTP_HOMEDIR --name=$user_name --uid=$USR_ID --gid=$GRP_ID --shell=/bin/bash --stdin <<< "$passwd" > /dev/null
- [ $? -eq 0 ] && echo -e "${MOVE_TO_COL}${SETCOLOR_SUCCESS}OK${SETCOLOR_NORMAL}" || echo -e "${MOVE_TO_COL}${SETCOLOR_FAILURE}KO${SETCOLOR_NORMAL}"
- -echo
- echo -e "Credential : ${MOVE_TO_COL_INFO}${SETCOLOR_INFO}$user_name/$passwd${SETCOLOR_NORMAL}"
- -
- diff --git a/modules/proftpd/templates/proftpd.conf.erb b/modules/proftpd/templates/proftpd.conf.erb
- index 894a4ca..e11dcee 100644
- --- a/modules/proftpd/templates/proftpd.conf.erb
- +++ b/modules/proftpd/templates/proftpd.conf.erb
- @@ -4,7 +4,7 @@
- #
- # Includes DSO modules
- -Include /etc/proftpd/modules.conf
- +#Include /etc/proftpd/modules.conf
- # Set off to disable IPv6 support which is annoying on IPv4 only boxes.
- # If set on you can experience a longer connection delay in many cases.
- @@ -36,10 +36,14 @@ RequireValidShell off
- TimesGMT off
- # Port 21 is the standard FTP port.
- +<% if @settings['enable_ftp'] == TRUE %>
- Port <%= @settings['port'] %>
- +<% else %>
- +Port 0
- +<% end %>
- -User proftpd
- -Group nogroup
- +User <%= @settings['user'] %>
- +Group <%= @settings['group'] %>
- # Normally, we want files to be overwriteable.
- AllowOverwrite on
- @@ -51,5 +55,10 @@ PathDenyFilter "(\\.ftpaccess|\\.htaccess|\\.svn)$"
- # Config
- AuthPAM <%= @settings['pam_authentication'] %>
- DefaultRoot ~
- -Include /etc/proftpd/sftp.d/*
- AuthUserFile /etc/proftpd/ftpd.passwd
- +
- +<% if @settings['enable_sftp'] == TRUE %>
- +LoadModule mod_sftp.c
- +LoadModule mod_sftp_pam.c
- +Include /etc/proftpd/sftp.d/*
- +<% end %>
- diff --git a/modules/proftpd/templates/sftp.conf.erb b/modules/proftpd/templates/sftp.conf.erb
- index 01a6d17..91d6893 100755
- --- a/modules/proftpd/templates/sftp.conf.erb
- +++ b/modules/proftpd/templates/sftp.conf.erb
- @@ -3,7 +3,7 @@
- <VirtualHost <%= @settings['ipaddress'] %> >
- SFTPEngine On
- - SFTPLog /var/log/proftpd/settings.log
- + SFTPLog /var/log/proftpd/<%= @settings['vhost_name'] %>.log
- ServerName <%= @hostname %>
- ServerAdmin <%= @settings['server_admin'] %>
- diff --git a/modules/puppet.conf b/modules/puppet.conf
- deleted file mode 100644
- index 0b74180..0000000
- --- a/modules/puppet.conf
- +++ /dev/null
- @@ -1,18 +0,0 @@
- -[main]
- -logdir=/var/log/puppet
- -vardir=/var/lib/puppet
- -ssldir=/var/lib/puppet/ssl
- -rundir=/var/run/puppet
- -factpath=$vardir/lib/facter
- -templatedir=$confdir/templates
- -server = srv-1.puppet.deb
- -certname = srv-1.puppet.deb
- -
- -[master]
- -# These are needed when the puppetmaster is run by passenger
- -# and can safely be removed if webrick is used.
- -ssl_client_header = SSL_CLIENT_S_DN
- -ssl_client_verify_header = SSL_CLIENT_VERIFY
- -
- -[agent]
- - server = srv-1.puppet.deb
- diff --git a/modules/tmux.conf b/modules/tmux.conf
- deleted file mode 100644
- index fe46eb4..0000000
- --- a/modules/tmux.conf
- +++ /dev/null
- @@ -1,36 +0,0 @@
- -# Set the prefix to ^a
- -unbind C-b
- -set -g prefix ^a
- -
- -#set vertical split
- -unbind %
- -bind | split-window -h
- -bind h split-window -h
- -
- -# set horizontal split
- -unbind -
- -unbind '"'
- -bind - split-window
- -bind v split-window
- -
- -# set kill window
- -unbind &
- -bind k confirm-before -p "kill-window #W? (y/n)" kill-window
- -
- -# set rename window
- -unbind r
- -bind r command-prompt "rename-window %%"
- -
- -# select pane
- -bind P command-prompt "select-pane -t %% "
- -
- -# list-clients
- -unbind *
- -bind * list-clients
- -
- -# lock-server
- -unbind X
- -bind X lock-server
- -
- -# tab select next pane
- -#bind Tab select-pane -t :.+
- #Done
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement