summaryrefslogtreecommitdiff
path: root/sitemodules
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2017-08-26 21:40:33 +0200
committerJan Dittberner <jandd@cacert.org>2017-08-26 21:40:33 +0200
commite2aec367415aec915c077360625e7aadb082d483 (patch)
tree6912581f07e33b41176f5a4709b8510afc62e1ea /sitemodules
parent094c6ff3231a9900c546cebdde146b5663c738e4 (diff)
downloadcacert-puppet-e2aec367415aec915c077360625e7aadb082d483.tar.gz
cacert-puppet-e2aec367415aec915c077360625e7aadb082d483.tar.xz
cacert-puppet-e2aec367415aec915c077360625e7aadb082d483.zip
Setup sniproxy and rsyslog
Diffstat (limited to 'sitemodules')
-rw-r--r--sitemodules/profiles/files/sniproxy/etc_default_sniproxy5
-rw-r--r--sitemodules/profiles/manifests/rsyslog.pp48
-rw-r--r--sitemodules/profiles/manifests/sniproxy.pp7
-rw-r--r--sitemodules/profiles/templates/rsyslog/rsyslog.conf.epp97
-rw-r--r--sitemodules/profiles/templates/sniproxy/sniproxy.conf.epp14
-rw-r--r--sitemodules/roles/manifests/proxyin.pp1
6 files changed, 163 insertions, 9 deletions
diff --git a/sitemodules/profiles/files/sniproxy/etc_default_sniproxy b/sitemodules/profiles/files/sniproxy/etc_default_sniproxy
index b37b083..a43f34d 100644
--- a/sitemodules/profiles/files/sniproxy/etc_default_sniproxy
+++ b/sitemodules/profiles/files/sniproxy/etc_default_sniproxy
@@ -1,4 +1,7 @@
# Defaults for sniproxy initscript
+#
+# THIS FILE IS MANAGED BY PUPPET, MANUAL CHANGES WILL BE OVERWRITTEN AT THE
+# NEXT PUPPET RUN.
# This file has two functions:
# 1) to completely disable starting sniproxy,
@@ -9,5 +12,5 @@
#DAEMON_ARGS="-c /etc/sniproxy.conf"
# Whether or not to run the sniproxy daemon; set to 0 to disable, 1 to enable.
-ENABLED=0
+ENABLED=1
diff --git a/sitemodules/profiles/manifests/rsyslog.pp b/sitemodules/profiles/manifests/rsyslog.pp
new file mode 100644
index 0000000..3a92d9d
--- /dev/null
+++ b/sitemodules/profiles/manifests/rsyslog.pp
@@ -0,0 +1,48 @@
+# Class: profiles::rsyslog.pp
+# =========================
+#
+# This class installs and configures rsyslog
+#
+# Parameters
+# ----------
+#
+# @param enable_klog whether to enable kernel logging
+#
+# Examples
+# --------
+#
+# @example
+# class roles::myhost {
+# include profiles::rsyslog
+# }
+#
+# Authors
+# -------
+#
+# Jan Dittberner <jandd@cacert.org>
+#
+# Copyright
+# ---------
+#
+# Copyright 2017 Jan Dittberner
+class profiles::rsyslog (
+ Boolean $enable_klog = false,
+) {
+ package { 'rsyslog':
+ ensure => present,
+ } ->
+ file { '/etc/rsyslog.conf':
+ ensure => file,
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ content => epp(
+ 'profiles/rsyslog/rsyslog.conf.epp',
+ {'enable_klog' => $enable_klog}
+ ),
+ } ->
+ service { 'rsyslog':
+ ensure => running,
+ enable => true,
+ }
+}
diff --git a/sitemodules/profiles/manifests/sniproxy.pp b/sitemodules/profiles/manifests/sniproxy.pp
index 7cba9b1..e34e93f 100644
--- a/sitemodules/profiles/manifests/sniproxy.pp
+++ b/sitemodules/profiles/manifests/sniproxy.pp
@@ -71,8 +71,9 @@ class profiles::sniproxy (
}
service { 'sniproxy':
- ensure => running,
- enable => true,
- require => [Package['sniproxy'], File['/etc/default/sniproxy'], File['/etc/sniproxy.conf']],
+ ensure => running,
+ enable => true,
+ require => [Package['sniproxy'], File['/etc/default/sniproxy'], File['/etc/sniproxy.conf']],
+ subscribe => [File['/etc/default/sniproxy'], File['/etc/sniproxy.conf']],
}
}
diff --git a/sitemodules/profiles/templates/rsyslog/rsyslog.conf.epp b/sitemodules/profiles/templates/rsyslog/rsyslog.conf.epp
new file mode 100644
index 0000000..43fe050
--- /dev/null
+++ b/sitemodules/profiles/templates/rsyslog/rsyslog.conf.epp
@@ -0,0 +1,97 @@
+<%- | Boolean $enable_klog = false | -%>
+# THIS FILE IS MANAGED BY PUPPET, MANUAL CHANGES WILL BE OVERWRITTEN AT THE
+# NEXT PUPPET RUN.
+# /etc/rsyslog.conf Configuration file for rsyslog.
+#
+# For more information see
+# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
+
+
+#################
+#### MODULES ####
+#################
+
+module(load="imuxsock") # provides support for local system logging
+<%- if $enable_klog == true { -%>
+module(load="imklog") # provides kernel logging support
+<% } -%>
+#module(load="immark") # provides --MARK-- message capability
+
+# provides UDP syslog reception
+#module(load="imudp")
+#input(type="imudp" port="514")
+
+# provides TCP syslog reception
+#module(load="imtcp")
+#input(type="imtcp" port="514")
+
+
+###########################
+#### GLOBAL DIRECTIVES ####
+###########################
+
+#
+# Use traditional timestamp format.
+# To enable high precision timestamps, comment out the following line.
+#
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+#
+# Set the default permissions for all log files.
+#
+$FileOwner root
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
+#
+# Where to place spool and state files
+#
+$WorkDirectory /var/spool/rsyslog
+
+#
+# Include all config files in /etc/rsyslog.d/
+#
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+
+###############
+#### RULES ####
+###############
+
+#
+# First some standard log files. Log by facility.
+#
+auth,authpriv.* /var/log/auth.log
+*.*;auth,authpriv.none -/var/log/syslog
+#cron.* /var/log/cron.log
+daemon.* -/var/log/daemon.log
+kern.* -/var/log/kern.log
+lpr.* -/var/log/lpr.log
+mail.* -/var/log/mail.log
+user.* -/var/log/user.log
+
+#
+# Logging for the mail system. Split it up so that
+# it is easy to write scripts to parse these files.
+#
+mail.info -/var/log/mail.info
+mail.warn -/var/log/mail.warn
+mail.err /var/log/mail.err
+
+#
+# Some "catch-all" log files.
+#
+*.=debug;\
+ auth,authpriv.none;\
+ news.none;mail.none -/var/log/debug
+*.=info;*.=notice;*.=warn;\
+ auth,authpriv.none;\
+ cron,daemon.none;\
+ mail,news.none -/var/log/messages
+
+#
+# Emergencies are sent to everybody logged in.
+#
+*.emerg :omusrmsg:*
diff --git a/sitemodules/profiles/templates/sniproxy/sniproxy.conf.epp b/sitemodules/profiles/templates/sniproxy/sniproxy.conf.epp
index f22c9e2..38d7138 100644
--- a/sitemodules/profiles/templates/sniproxy/sniproxy.conf.epp
+++ b/sitemodules/profiles/templates/sniproxy/sniproxy.conf.epp
@@ -1,5 +1,8 @@
<%- | Array[String] $https_forwards = [] | -%>
-# sniproxy example configuration file
+# THIS FILE IS MANAGED BY PUPPET, MANUAL CHANGES WILL BE OVERWRITTEN AT THE
+# NEXT PUPPET RUN.
+#
+# sniproxy configuration file
# lines that start with # are comments
# lines with only white space are ignored
@@ -70,11 +73,12 @@ table https_hosts {
<%- $https_forwards.each |$forward| { %>
<%= $forward -%>
<% } %>
+}
# if no table specified the default 'default' table is defined
#table {
- # if no port is specified default HTTP (80) and HTTPS (443) ports are
- # assumed based on the protocol of the listen block using this table
- #example.com 192.0.2.10
- #example.net 192.0.2.20
+# # if no port is specified default HTTP (80) and HTTPS (443) ports are
+# # assumed based on the protocol of the listen block using this table
+# example.com 192.0.2.10
+# example.net 192.0.2.20
#}
diff --git a/sitemodules/roles/manifests/proxyin.pp b/sitemodules/roles/manifests/proxyin.pp
index d495a41..62f421e 100644
--- a/sitemodules/roles/manifests/proxyin.pp
+++ b/sitemodules/roles/manifests/proxyin.pp
@@ -22,5 +22,6 @@
#
class roles::proxyin {
include profiles::base
+ include profiles::rsyslog
include profiles::sniproxy
}