move deltacloud recipe to the recipes directory
---
Rakefile | 2 +-
contrib/deltacloud_recipe.spec | 9 +-
deltacloud_recipe/deltacloud_recipe.pp | 55 ---
deltacloud_recipe/deltacloud_stop_services.pp | 32 --
deltacloud_recipe/deltacloud_uninstall.pp | 41 --
deltacloud_recipe/files/condor_config.local | 26 --
deltacloud_recipe/files/deltacloud-core | 76 ----
deltacloud_recipe/files/imagefactory.yml | 12 -
deltacloud_recipe/files/iwhd-conf.js | 7 -
deltacloud_recipe/files/iwhd.init | 73 ----
deltacloud_recipe/files/pg_hba.conf | 2 -
deltacloud_recipe/files/qpidd.conf | 25 --
.../files/root-boxgrinder-plugins-local | 3 -
deltacloud_recipe/manifests/deltacloud.pp | 382 --------------------
deltacloud_recipe/manifests/postgres.pp | 38 --
deltacloud_recipe/manifests/rails.pp | 24 --
deltacloud_recipe/manifests/selinux.pp | 11 -
deltacloud_recipe/manifests/time.pp | 8 -
recipes/deltacloud_recipe/deltacloud_recipe.pp | 55 +++
.../deltacloud_recipe/deltacloud_stop_services.pp | 32 ++
recipes/deltacloud_recipe/deltacloud_uninstall.pp | 41 ++
.../deltacloud_recipe/files/condor_config.local | 26 ++
recipes/deltacloud_recipe/files/deltacloud-core | 76 ++++
recipes/deltacloud_recipe/files/imagefactory.yml | 12 +
recipes/deltacloud_recipe/files/iwhd-conf.js | 7 +
recipes/deltacloud_recipe/files/iwhd.init | 73 ++++
recipes/deltacloud_recipe/files/pg_hba.conf | 2 +
recipes/deltacloud_recipe/files/qpidd.conf | 25 ++
.../files/root-boxgrinder-plugins-local | 3 +
recipes/deltacloud_recipe/manifests/deltacloud.pp | 382 ++++++++++++++++++++
recipes/deltacloud_recipe/manifests/postgres.pp | 38 ++
recipes/deltacloud_recipe/manifests/rails.pp | 24 ++
recipes/deltacloud_recipe/manifests/selinux.pp | 11 +
recipes/deltacloud_recipe/manifests/time.pp | 8 +
recipes/firewall/README | 1 +
.../firewall/files/chain_rules/filter/FORWARD.head | 1 +
.../firewall/files/chain_rules/filter/FORWARD.tail | 1 +
.../firewall/files/chain_rules/filter/INPUT.head | 8 +
.../firewall/files/chain_rules/filter/INPUT.tail | 3 +
.../firewall/files/chain_rules/filter/OUTPUT.head | 1 +
.../firewall/files/chain_rules/filter/OUTPUT.tail | 1 +
.../firewall/files/chain_rules/mangle/FORWARD.head | 1 +
.../firewall/files/chain_rules/mangle/FORWARD.tail | 1 +
.../firewall/files/chain_rules/mangle/INPUT.head | 1 +
.../firewall/files/chain_rules/mangle/INPUT.tail | 1 +
.../files/chain_rules/mangle/POSTROUTING.head | 1 +
.../files/chain_rules/mangle/POSTROUTING.tail | 1 +
recipes/firewall/files/chain_rules/nat/OUTPUT.head | 1 +
recipes/firewall/files/chain_rules/nat/OUTPUT.tail | 1 +
.../files/chain_rules/nat/POSTROUTING.head | 1 +
.../files/chain_rules/nat/POSTROUTING.tail | 1 +
.../firewall/files/chain_rules/nat/PREROUTING.head | 1 +
.../firewall/files/chain_rules/nat/PREROUTING.tail | 1 +
recipes/firewall/files/chain_rules/raw/OUTPUT.head | 1 +
recipes/firewall/files/chain_rules/raw/OUTPUT.tail | 1 +
.../firewall/files/chain_rules/raw/PREROUTING.head | 1 +
.../firewall/files/chain_rules/raw/PREROUTING.tail | 1 +
recipes/firewall/files/iptables-update.sh | 200 ++++++++++
recipes/firewall/manifests/defines.pp | 77 ++++
recipes/firewall/manifests/init.pp | 102 ++++++
recipes/firewall/templates/rule.erb | 70 ++++
recipes/ntp/manifests/init.pp | 45 +++
recipes/ntp/templates/ntp.conf | 5 +
recipes/ntp/templates/step-tickers | 4 +
recipes/postgres/files/pg_hba.conf | 8 +
recipes/postgres/manifests/init.pp | 70 ++++
.../puppet/provider/pgsql_database/pgsql.rb | 64 ++++
.../plugins/puppet/provider/pgsql_grant/pgsql.rb | 155 ++++++++
.../plugins/puppet/provider/pgsql_user/pgsql.rb | 127 +++++++
.../postgres/plugins/puppet/type/pgsql_database.rb | 14 +
.../postgres/plugins/puppet/type/pgsql_grant.rb | 77 ++++
recipes/postgres/plugins/puppet/type/pgsql_user.rb | 48 +++
72 files changed, 1920 insertions(+), 819 deletions(-)
delete mode 100644 deltacloud_recipe/deltacloud_recipe.pp
delete mode 100644 deltacloud_recipe/deltacloud_stop_services.pp
delete mode 100644 deltacloud_recipe/deltacloud_uninstall.pp
delete mode 100644 deltacloud_recipe/files/condor_config.local
delete mode 100755 deltacloud_recipe/files/deltacloud-core
delete mode 100644 deltacloud_recipe/files/imagefactory.yml
delete mode 100644 deltacloud_recipe/files/iwhd-conf.js
delete mode 100755 deltacloud_recipe/files/iwhd.init
delete mode 100644 deltacloud_recipe/files/pg_hba.conf
delete mode 100644 deltacloud_recipe/files/qpidd.conf
delete mode 100644 deltacloud_recipe/files/root-boxgrinder-plugins-local
delete mode 100644 deltacloud_recipe/manifests/deltacloud.pp
delete mode 100644 deltacloud_recipe/manifests/postgres.pp
delete mode 100644 deltacloud_recipe/manifests/rails.pp
delete mode 100644 deltacloud_recipe/manifests/selinux.pp
delete mode 100644 deltacloud_recipe/manifests/time.pp
create mode 100644 recipes/deltacloud_recipe/deltacloud_recipe.pp
create mode 100644 recipes/deltacloud_recipe/deltacloud_stop_services.pp
create mode 100644 recipes/deltacloud_recipe/deltacloud_uninstall.pp
create mode 100644 recipes/deltacloud_recipe/files/condor_config.local
create mode 100755 recipes/deltacloud_recipe/files/deltacloud-core
create mode 100644 recipes/deltacloud_recipe/files/imagefactory.yml
create mode 100644 recipes/deltacloud_recipe/files/iwhd-conf.js
create mode 100755 recipes/deltacloud_recipe/files/iwhd.init
create mode 100644 recipes/deltacloud_recipe/files/pg_hba.conf
create mode 100644 recipes/deltacloud_recipe/files/qpidd.conf
create mode 100644 recipes/deltacloud_recipe/files/root-boxgrinder-plugins-local
create mode 100644 recipes/deltacloud_recipe/manifests/deltacloud.pp
create mode 100644 recipes/deltacloud_recipe/manifests/postgres.pp
create mode 100644 recipes/deltacloud_recipe/manifests/rails.pp
create mode 100644 recipes/deltacloud_recipe/manifests/selinux.pp
create mode 100644 recipes/deltacloud_recipe/manifests/time.pp
create mode 100644 recipes/firewall/README
create mode 100644 recipes/firewall/files/chain_rules/filter/FORWARD.head
create mode 100644 recipes/firewall/files/chain_rules/filter/FORWARD.tail
create mode 100644 recipes/firewall/files/chain_rules/filter/INPUT.head
create mode 100644 recipes/firewall/files/chain_rules/filter/INPUT.tail
create mode 100644 recipes/firewall/files/chain_rules/filter/OUTPUT.head
create mode 100644 recipes/firewall/files/chain_rules/filter/OUTPUT.tail
create mode 100644 recipes/firewall/files/chain_rules/mangle/FORWARD.head
create mode 100644 recipes/firewall/files/chain_rules/mangle/FORWARD.tail
create mode 100644 recipes/firewall/files/chain_rules/mangle/INPUT.head
create mode 100644 recipes/firewall/files/chain_rules/mangle/INPUT.tail
create mode 100644 recipes/firewall/files/chain_rules/mangle/POSTROUTING.head
create mode 100644 recipes/firewall/files/chain_rules/mangle/POSTROUTING.tail
create mode 100644 recipes/firewall/files/chain_rules/nat/OUTPUT.head
create mode 100644 recipes/firewall/files/chain_rules/nat/OUTPUT.tail
create mode 100644 recipes/firewall/files/chain_rules/nat/POSTROUTING.head
create mode 100644 recipes/firewall/files/chain_rules/nat/POSTROUTING.tail
create mode 100644 recipes/firewall/files/chain_rules/nat/PREROUTING.head
create mode 100644 recipes/firewall/files/chain_rules/nat/PREROUTING.tail
create mode 100644 recipes/firewall/files/chain_rules/raw/OUTPUT.head
create mode 100644 recipes/firewall/files/chain_rules/raw/OUTPUT.tail
create mode 100644 recipes/firewall/files/chain_rules/raw/PREROUTING.head
create mode 100644 recipes/firewall/files/chain_rules/raw/PREROUTING.tail
create mode 100644 recipes/firewall/files/iptables-update.sh
create mode 100644 recipes/firewall/manifests/defines.pp
create mode 100644 recipes/firewall/manifests/init.pp
create mode 100644 recipes/firewall/templates/rule.erb
create mode 100644 recipes/ntp/README
create mode 100644 recipes/ntp/manifests/init.pp
create mode 100644 recipes/ntp/templates/ntp.conf
create mode 100644 recipes/ntp/templates/step-tickers
create mode 100644 recipes/postgres/README
create mode 100644 recipes/postgres/files/pg_hba.conf
create mode 100644 recipes/postgres/manifests/init.pp
create mode 100644 recipes/postgres/plugins/puppet/provider/pgsql_database/pgsql.rb
create mode 100644 recipes/postgres/plugins/puppet/provider/pgsql_grant/pgsql.rb
create mode 100644 recipes/postgres/plugins/puppet/provider/pgsql_user/pgsql.rb
create mode 100644 recipes/postgres/plugins/puppet/type/pgsql_database.rb
create mode 100644 recipes/postgres/plugins/puppet/type/pgsql_grant.rb
create mode 100644 recipes/postgres/plugins/puppet/type/pgsql_user.rb
diff --git a/Rakefile b/Rakefile
index cd96a85..18ba513 100644
--- a/Rakefile
+++ b/Rakefile
@@ -17,7 +17,7 @@ RPM_SPEC = "contrib/deltacloud_recipe.spec"
rpm_task =
Rake::RpmTask.new(RPM_SPEC) do |rpm|
rpm.need_tar = true
- rpm.package_files.include("bin/*", "#{PKG_NAME}/**/*")
+ rpm.package_files.include("bin/*", "recipes/**/*")
rpm.topdir = "#{RPMBUILD_DIR}"
end
diff --git a/contrib/deltacloud_recipe.spec b/contrib/deltacloud_recipe.spec
index 365d802..882013a 100644
--- a/contrib/deltacloud_recipe.spec
+++ b/contrib/deltacloud_recipe.spec
@@ -35,9 +35,12 @@ Deltacloud Puppet Recipe
%install
rm -rf %{buildroot}
%{__mkdir} -p %{buildroot}/%{dchome}/modules/%{name} %{buildroot}/%{_sbindir}
-%{__cp} -R %{pbuild}/%{name}/deltacloud_recipe.pp %{buildroot}/%{dchome}
-%{__cp} -R %{pbuild}/%{name}/deltacloud_uninstall.pp %{buildroot}/%{dchome}
-%{__cp} -R %{pbuild}/%{name}/*/ %{buildroot}/%{dchome}/modules/%{name}
+%{__cp} -R %{pbuild}/recipes/%{name}/deltacloud_recipe.pp %{buildroot}/%{dchome}
+%{__cp} -R %{pbuild}/recipes/%{name}/deltacloud_uninstall.pp %{buildroot}/%{dchome}
+%{__cp} -R %{pbuild}/recipes/%{name}/*/ %{buildroot}/%{dchome}/modules/%{name}
+%{__cp} -R %{pbuild}/recipes/firewall/ %{buildroot}/%{dchome}/modules/firewall
+%{__cp} -R %{pbuild}/recipes/ntp/ %{buildroot}/%{dchome}/modules/ntp
+%{__cp} -R %{pbuild}/recipes/postgres/ %{buildroot}/%{dchome}/modules/postgres
%{__cp} -R %{pbuild}/bin/dc-install %{buildroot}/%{_sbindir}/
%{__cp} -R %{pbuild}/bin/dc-uninstall %{buildroot}/%{_sbindir}/
diff --git a/deltacloud_recipe/deltacloud_recipe.pp
b/deltacloud_recipe/deltacloud_recipe.pp
deleted file mode 100644
index d7e8765..0000000
--- a/deltacloud_recipe/deltacloud_recipe.pp
+++ /dev/null
@@ -1,55 +0,0 @@
-#--
-# Copyright (C) 2010 Red Hat Inc.
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-#
-# Author: Mohammed Morsi <mmorsi(a)redhat.com>
-#--
-
-#
-# deltacloud installation recipe
-#
-
-# Modules used by the recipe
-import "deltacloud_recipe/deltacloud"
-
-# setup the deltacloud repositories
-dc::repos{"deltacloud":}
-
-# install deltacloud components
-dc::package::install{["aggregator", "core"]:
- require => Dc::Repos["deltacloud"]}
-
-# setup selinux
-dc::selinux{'deltacloud':}
-
-# setup the firewall
-dc::firewall{'deltacloud':}
-
-# setup deltacloud db
-dc::db{"postgres":}
-
-# start deltacloud services
-dc::service::start{["aggregator", "core", 'iwhd',
'image-factory']:}
-
-# create bucket in image warehouse
-dc::create_bucket{"deltacloud":}
-
-# Create dcuser aggregator web user
-dc::site_admin{"admin":
- email => 'dcuser(a)deltacloud.org',
- password => 'password',
- first_name => 'deltacloud',
- last_name => 'user'}
diff --git a/deltacloud_recipe/deltacloud_stop_services.pp
b/deltacloud_recipe/deltacloud_stop_services.pp
deleted file mode 100644
index 71cb1bf..0000000
--- a/deltacloud_recipe/deltacloud_stop_services.pp
+++ /dev/null
@@ -1,32 +0,0 @@
-#--
-# Copyright (C) 2010 Red Hat Inc.
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-#
-# Author: Mohammed Morsi <mmorsi(a)redhat.com>
-#--
-
-#
-# deltacloud uninstallation recipe
-#
-
-# Modules used by the recipe
-import "deltacloud_recipe/deltacloud"
-
-$services = ["aggregator", "core", 'iwhd',
'image-factory']
-
-# stop deltacloud services
-dc::service{$services:
- ensure => 'stopped', enable => false}
diff --git a/deltacloud_recipe/deltacloud_uninstall.pp
b/deltacloud_recipe/deltacloud_uninstall.pp
deleted file mode 100644
index b39d423..0000000
--- a/deltacloud_recipe/deltacloud_uninstall.pp
+++ /dev/null
@@ -1,41 +0,0 @@
-#--
-# Copyright (C) 2010 Red Hat Inc.
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-#
-# Author: Mohammed Morsi <mmorsi(a)redhat.com>
-#--
-
-#
-# deltacloud uninstallation recipe
-#
-
-# Modules used by the recipe
-import "deltacloud_recipe/deltacloud"
-
-$packages = ["aggregator", "core"]
-
-# stop deltacloud services
-dc::service::stop{["aggregator", "core", 'iwhd',
'image-factory']:}
-
-# destroy deltacloud db
-dc::db::destroy{"postgres":
- require => Dc::Service::Stop['aggregator']}
-
-# install deltacloud components
-dc::package::uninstall{$packages:
- require => Dc::Db::Destroy['postgres']}
-
-dc::cleanup{"deltacloud": require => Dc::Package::Uninstall[$packages]}
diff --git a/deltacloud_recipe/files/condor_config.local
b/deltacloud_recipe/files/condor_config.local
deleted file mode 100644
index d9d50c5..0000000
--- a/deltacloud_recipe/files/condor_config.local
+++ /dev/null
@@ -1,26 +0,0 @@
-CONDOR_HOST = $(FULL_HOSTNAME)
-ALLOW_WRITE = *
-
-DAEMON_LIST = MASTER, SCHEDD, COLLECTOR, NEGOTIATOR, STARTD
-
-MAX_GRIDMANAGER_LOG = 500000000
-GRIDMANAGER_JOB_PROBE_INTERVAL = 30
-
-GRIDMANAGER_DEBUG = D_FULLDEBUG
-NEGOTIATOR_DEBUG = D_FULLDEBUG
-COLLECTOR_DEBUG = D_FULLDEBUG
-
-DCLOUD_GAHP = $(SBIN)/dcloud_gahp
-
-CLASSAD_LIFETIME = 0
-
-# for re-advertising classads (i.e. condor_refreshd)
-CONDOR_DEVELOPERS_COLLECTOR = localhost:7890
-COLLECTOR_UPDATE_INTERVAL = 900
-
-# for the event log parsing (i.e. dbomatic)
-EVENT_LOG=$(LOG)/EventLog
-EVENT_LOG_USE_XML=True
-EVENT_LOG_JOB_AD_INFORMATION_ATTRS=Owner,GlobalJobId,Cmd,JobStartDate,JobCurrentStartDate,JobFinishedHookDone
-
-CLASSAD_USER_LIBS =
/usr/share/deltacloud-aggregator/classad_plugin/deltacloud_classad_plugin.so
diff --git a/deltacloud_recipe/files/deltacloud-core
b/deltacloud_recipe/files/deltacloud-core
deleted file mode 100755
index 3eb0afa..0000000
--- a/deltacloud_recipe/files/deltacloud-core
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/bin/bash
-#
-#
-# deltacloud-core startup script for deltacloud-core server
-#
-# chkconfig: - 97 03
-# description: deltacloud-core is primary server process for the \
-# Deltacloud Core component.
-#
-
-[ -r /etc/sysconfig/deltacloud-core ] && . /etc/sysconfig/deltacloud-core
-
-ENV="${ENV:-production}"
-DRIVER="${DRIVER:-ec2}"
-PORT="${PORT:-3002}"
-LOCKFILE="${LOCKFILE:-/var/lock/subsys/deltacloud-core }"
-LOGFILE="${LOGFILE:-/var/log/deltacloud-core/$DRIVER.log}"
-
-PROG=/usr/bin/deltacloudd
-
-. /etc/init.d/functions
-
-start() {
- echo -n "Starting deltacloud-core: "
-
- $PROG -i $DRIVER -e $ENV -p $PORT >> $LOGFILE 2>&1 &
- RETVAL=$?
- if [ $RETVAL -eq 0 ] && touch $LOCKFILE ; then
- echo_success
- echo
- else
- echo_failure
- echo
- fi
-}
-
-stop() {
- echo -n "Shutting down deltacloud-core: "
- RETVAL=$?
- killall deltacloudd
- if [ $RETVAL -eq 0 ] && rm -f $LOCKFILE ; then
- echo_success
- echo
- else
- echo_failure
- echo
- fi
-}
-
-case "$1" in
- start)
- start
- ;;
- stop)
- stop
- ;;
- restart)
- stop
- start
- ;;
- reload)
- ;;
- force-reload)
- restart
- ;;
- status)
- status $PROG
- RETVAL=$?
- ;;
- *)
- echo "Usage: deltacloud-core {start|stop|restart|status}"
- exit 1
- ;;
-esac
-
-exit $RETVAL
diff --git a/deltacloud_recipe/files/imagefactory.yml
b/deltacloud_recipe/files/imagefactory.yml
deleted file mode 100644
index 7f3abe7..0000000
--- a/deltacloud_recipe/files/imagefactory.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-bg_command: /usr/bin/boxgrinder-build
-bg_working_dir: /boxgrinder/appliances
-bg_local_delivery: /boxgrinder/packaged_builds
-warehouse_active: true # if false Factory will not attempt any warehouse actions at all
-warehouse_host: localhost
-warehouse_port: 9090
-warehouse_bucket: templates
-# Which entity should actually bundle and upload the EC2 AMI
-ami_delivery: boxgrinder # Valid values are boxgrinder or warehouse
-ami_s3_bucket: deltacloud # S3 bucket to use when uploading bundle
-# Note that directory must exist
-mock_dir: /var/tmp/clalance-mock # Directory to use when building mock target
diff --git a/deltacloud_recipe/files/iwhd-conf.js b/deltacloud_recipe/files/iwhd-conf.js
deleted file mode 100644
index 44516e0..0000000
--- a/deltacloud_recipe/files/iwhd-conf.js
+++ /dev/null
@@ -1,7 +0,0 @@
-[
- {
- "name": "primary",
- "type": "fs",
- "path": "."
- }
-]
diff --git a/deltacloud_recipe/files/iwhd.init b/deltacloud_recipe/files/iwhd.init
deleted file mode 100755
index e5745e9..0000000
--- a/deltacloud_recipe/files/iwhd.init
+++ /dev/null
@@ -1,73 +0,0 @@
-#!/bin/bash
-#
-#
-# iwhd startup script for iwhd server
-#
-# chkconfig: - 97 03
-# description: iwhd is primary server process for the \
-# IWHD component.
-#
-
-[ -r /etc/sysconfig/iwhd ] && . /etc/sysconfig/iwhd
-
-LOCKFILE="${LOCKFILE:-/var/lock/subsys/iwhd }"
-
-PROG=/usr/sbin/iwhd
-CONF=/etc/iwhd/conf.js
-
-. /etc/init.d/functions
-
-start() {
- echo -n "Starting iwhd: "
-
- $PROG -c $CONF&
- RETVAL=$?
- if [ $RETVAL -eq 0 ] && touch $LOCKFILE ; then
- echo_success
- echo
- else
- echo_failure
- echo
- fi
-}
-
-stop() {
- echo -n "Shutting down iwhd: "
- RETVAL=$?
- killall iwhd
- if [ $RETVAL -eq 0 ] && rm -f $LOCKFILE ; then
- echo_success
- echo
- else
- echo_failure
- echo
- fi
-}
-
-case "$1" in
- start)
- start
- ;;
- stop)
- stop
- ;;
- restart)
- stop
- start
- ;;
- reload)
- ;;
- force-reload)
- restart
- ;;
- status)
- status $PROG
- RETVAL=$?
- ;;
- *)
- echo "Usage: iwhd {start|stop|restart|status}"
- exit 1
- ;;
-esac
-
-exit $RETVAL
diff --git a/deltacloud_recipe/files/pg_hba.conf b/deltacloud_recipe/files/pg_hba.conf
deleted file mode 100644
index 70d83bb..0000000
--- a/deltacloud_recipe/files/pg_hba.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-local all all trust
-host all all 127.0.0.1 255.255.255.255 trust
diff --git a/deltacloud_recipe/files/qpidd.conf b/deltacloud_recipe/files/qpidd.conf
deleted file mode 100644
index da050c0..0000000
--- a/deltacloud_recipe/files/qpidd.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-#
http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# Configuration file for qpidd. Entries are of the form:
-# name=value
-#
-# (Note: no spaces on either side of '='). Using default settings:
-# "qpidd --help" or "man qpidd" for more details.
-cluster-mechanism=ANONYMOUS
-auth=no
diff --git a/deltacloud_recipe/files/root-boxgrinder-plugins-local
b/deltacloud_recipe/files/root-boxgrinder-plugins-local
deleted file mode 100644
index 32ada19..0000000
--- a/deltacloud_recipe/files/root-boxgrinder-plugins-local
+++ /dev/null
@@ -1,3 +0,0 @@
-path: /boxgrinder/packaged_builds
-overwrite: false
-package: false
diff --git a/deltacloud_recipe/manifests/deltacloud.pp
b/deltacloud_recipe/manifests/deltacloud.pp
deleted file mode 100644
index 0924075..0000000
--- a/deltacloud_recipe/manifests/deltacloud.pp
+++ /dev/null
@@ -1,382 +0,0 @@
-# Deltacloud puppet definitions
-
-import "firewall"
-
-import "postgres"
-import "rails"
-import "selinux"
-import "time"
-
-# Setup repos which to pull deltacloud components
-define dc::repos(){
- yumrepo{"${name}_arch":
- name => "${name}_arch",
- baseurl =>
'http://repos.fedorapeople.org/repos/deltacloud/appliance/fedora-$releasever/$basearch',
- enabled => 1, gpgcheck => 0}
- yumrepo{"${name}_noarch":
- name => "${name}_noarch",
- baseurl =>
'http://repos.fedorapeople.org/repos/deltacloud/appliance/fedora-$releasever/noarch',
- enabled => 1, gpgcheck => 0}
- yumrepo{"${name}_pulp":
- name => "${name}_pulp",
- baseurl =>
'http://repos.fedorapeople.org/repos/pulp/pulp/fedora-13/$basearch/',
- enabled => 1, gpgcheck => 0}
-}
-
-# Install the deltacloud components
-define dc::package::install(){
- case $name {
- 'aggregator': {
- # specific versions of these two packages are needed and we need to pull the third
in
- package { 'python-imgcreate':
- provider => 'rpm', ensure => installed,
- source =>
'http://repos.fedorapeople.org/repos/deltacloud/appliance/fedora-13/x86_64/python-imgcreate-031-1.fc12.1.x86_64.rpm'}
- package { 'livecd-tools':
- provider => 'rpm', ensure => installed,
- source =>
'http://repos.fedorapeople.org/repos/deltacloud/appliance/fedora-13/x86_64/livecd-tools-031-1.fc12.1.x86_64.rpm',
- require => Package['python-imgcreate']}
- package { 'appliance-tools':
- provider => 'yum', ensure => installed,
- require => Package["livecd-tools",
"python-imgcreate"] }
-
- # TODO: Fix me, find a better way to do this...
- # We need to also install this rpm from amazon
- package{"ec2-ami-tools":
- provider => "rpm",
- source =>
"http://s3.amazonaws.com/ec2-downloads/ec2-ami-tools.noarch.rpm",
- ensure => 'installed' }
-
- package { 'rubygem-deltacloud-client':
- provider => 'yum', ensure => 'installed' }
- package { 'rubygem-deltacloud-image-builder-agent':
- provider => 'yum', ensure => 'installed',
- require => Package['appliance-tools',
'livecd-tools', 'python-imgcreate', 'ec2-ami-tools']}
- package { 'iwhd':
- provider => 'yum', ensure => 'installed' }
-
-
- package {['deltacloud-aggregator',
- 'deltacloud-aggregator-daemons',
- 'deltacloud-aggregator-doc']:
- provider => 'yum', ensure => 'installed',
- require => Package['rubygem-deltacloud-client',
- 'rubygem-deltacloud-image-builder-agent',
- 'iwhd']}
- }
-
- 'core': {
- package { 'rubygem-deltacloud-core':
- provider => 'yum', ensure => 'installed'}
- file { "/var/log/deltacloud-core": ensure => 'directory' }
- }
- }
-}
-
-# Uninstall the deltacloud components
-define dc::package::uninstall(){
- case $name {
- 'aggregator': {
- package {['deltacloud-aggregator-daemons',
- 'deltacloud-aggregator-doc']:
- provider => 'yum', ensure => 'absent',
- require => Service['deltacloud-aggregator',
- 'deltacloud-condor_refreshd',
- 'deltacloud-dbomatic',
- 'imagefactoryd',
- 'deltacloud-image_builder_service']}
-
- package {'deltacloud-aggregator':
- provider => 'yum', ensure => 'absent',
- require => Package['deltacloud-aggregator-daemons',
- 'deltacloud-aggregator-doc'] }
- package { 'rubygem-deltacloud-client':
- provider => 'yum', ensure => 'absent',
- require => Package['deltacloud-aggregator']}
- package { 'rubygem-deltacloud-image-builder-agent':
- provider => 'yum', ensure => 'absent',
- require => Package['deltacloud-aggregator']}
- package { 'iwhd':
- provider => 'yum', ensure => 'absent',
- require => [Package['deltacloud-aggregator'],
Service['iwhd']]}
-
- # FIXME these lingering dependencies, pulled in for
- # rubygem-deltacloud-image-builder-agent, need to be removed as
- # ec2-ami-tools and appliance-tools depend on them and using
- # 'absent' in the context of the 'yum' provider dispatches
- # to 'rpm -e' instead of 'yum erase'
- package { ['rubygem-boxgrinder-build-ec2-platform-plugin',
- 'rubygem-boxgrinder-build-centos-os-plugin',
- 'rubygem-boxgrinder-build-fedora-os-plugin']:
- provider => "yum", ensure => 'absent',
- require =>
Package['rubygem-deltacloud-image-builder-agent']}
- package { 'rubygem-boxgrinder-build-rhel-os-plugin':
- provider => "yum", ensure => 'absent',
- require =>
Package['rubygem-boxgrinder-build-centos-os-plugin']}
- package { 'rubygem-boxgrinder-build-rpm-based-os-plugin':
- provider => "yum", ensure => 'absent',
- require =>
Package['rubygem-boxgrinder-build-rhel-os-plugin',
-
'rubygem-boxgrinder-build-fedora-os-plugin']}
-
- package { 'ec2-ami-tools':
- provider => "yum", ensure => 'absent',
- require =>
Package['rubygem-boxgrinder-build-ec2-platform-plugin']}
- package { 'appliance-tools':
- provider => 'yum', ensure => 'absent',
- require =>
Package['rubygem-boxgrinder-build-rpm-based-os-plugin']}
- package { 'livecd-tools':
- provider => 'yum', ensure => 'absent',
- require => Package['appliance-tools']}
- package { 'python-imgcreate':
- provider => 'yum', ensure => 'absent',
- require => Package['appliance-tools',
'livecd-tools']}
-
- }
-
- 'core': {
- package { 'rubygem-deltacloud-core':
- provider => 'yum', ensure => 'absent',
- require => Service['deltacloud-core']}
- }
- }
-}
-
-# Setup selinux for deltacloud
-define dc::selinux(){
- selinux::mode{"permissive":}
-}
-
-# Setup firewall for deltacloud
-define dc::firewall(){
- firewall::setup{'deltacloud': status=>"enabled"}
- firewall_open_port{"httpd": port => "80", policy =>
"tcp"}
-}
-
-# TODO disable selinux until we're sure everything works w/ it enabled
-
-# Start the deltacloud services
-define dc::service::start(){
- case $name {
- 'aggregator': {
- file {"/var/lib/condor/condor_config.local":
- source => "puppet:///deltacloud_recipe/condor_config.local",
- require => Package['deltacloud-aggregator-daemons'] }
- service { ['condor', 'httpd']:
- ensure => 'running',
- enable => true,
- require => File['/var/lib/condor/condor_config.local'] }
- service { ['deltacloud-aggregator',
- 'deltacloud-condor_refreshd',
- 'deltacloud-dbomatic']:
- ensure => 'running',
- enable => true,
- hasstatus => true,
- require => [Package['deltacloud-aggregator-daemons'],
- Rails::Migrate::Db[migrate_deltacloud_database],
- Service[condor]] }
- }
-
- 'core': {
- time::sync{"deltacloud":} # we need to sync time to communicate w/ cloud
providers
- file {"/etc/init.d/deltacloud-core":
- source => "puppet:///deltacloud_recipe/deltacloud-core",
- mode => 755 }
- service { 'deltacloud-core':
- ensure => 'running',
- enable => true,
- require => [Package['rubygem-deltacloud-core'],
- File['/etc/init.d/deltacloud-core']] }
- }
-
- 'iwhd': {
- file { "/data": ensure => 'directory' }
- file { "/data/db": ensure => 'directory' }
- service { 'mongod':
- ensure => 'running',
- enable => true,
- require => [Package['iwhd'], File["/data/db"]]}
- service { 'iwhd':
- ensure => 'running',
- enable => true,
- require => [Package['iwhd'],
- Service[mongod]]}
- }
-
- 'image-factory': {
- dc::configure_boxgrinder{'conf_bxg':}
- file { "/etc/qpidd.conf":
- source => "puppet:///deltacloud_recipe/qpidd.conf",
- mode => 644 }
- service {'qpidd':
- ensure => 'running',
- enable => true,
- require => [File['/etc/qpidd.conf'],
- Package['deltacloud-aggregator-daemons']]}
- file { "/etc/imagefactory.yml":
- source => "puppet:///deltacloud_recipe/imagefactory.yml",
- mode => 644 }
- $requires = [Package['rubygem-deltacloud-image-builder-agent'],
- Package['deltacloud-aggregator-daemons'],
- File['/etc/imagefactory.yml'],
- Service[qpidd],
- Rails::Migrate::Db[migrate_deltacloud_database],
- Dc::Configure_boxgrinder['conf_bxg']]
- service { 'imagefactoryd':
- ensure => 'running',
- enable => true,
- require => $requires}
- service { 'deltacloud-image_builder_service':
- ensure => 'running',
- enable => true,
- hasstatus => true,
- require => $requires}
- }
- }
-}
-
-# Stop the deltacloud services
-define dc::service::stop(){
- case $name {
- 'aggregator': {
- service { ['condor', 'httpd']:
- ensure => 'stopped',
- enable => false,
- require => Service['deltacloud-aggregator',
- 'deltacloud-condor_refreshd',
- 'deltacloud-dbomatic'] }
- service { ['deltacloud-aggregator',
- 'deltacloud-condor_refreshd',
- 'deltacloud-dbomatic']:
- ensure => 'stopped',
- enable => false,
- hasstatus => true }
- }
-
- 'core': {
- service { 'deltacloud-core':
- ensure => 'stopped',
- enable => false}
- }
-
- 'iwhd': {
- service { 'mongod':
- ensure => 'stopped',
- enable => false,
- require => Service[iwhd]}
- service { 'iwhd':
- ensure => 'stopped',
- enable => false}
- }
-
- 'image-factory': {
- service {'qpidd':
- ensure => 'stopped',
- enable => false,
- require => Service['imagefactoryd',
'deltacloud-image_builder_service']}
-
- service { 'imagefactoryd':
- ensure => 'stopped',
- enable => false}
-
- service { 'deltacloud-image_builder_service':
- ensure => 'stopped',
- hasstatus => true,
- enable => false}
- }
- }
-}
-
-# Configure boxgrinder, this should go into the boxgrinder rpms eventually
-define dc::configure_boxgrinder(){
- file { "/boxgrinder": ensure => "directory"}
- file { "/boxgrinder/appliances":
- ensure => "directory",
- require => File["/boxgrinder"]}
- file { "/boxgrinder/packaged_builders":
- ensure => "directory",
- require => File["/boxgrinder"]}
- file { "/root/.boxgrinder": ensure => "directory"}
- file { "/root/.boxgrinder/plugins":
- ensure => "directory",
- require => File["/root/.boxgrinder"]}
- file { "/root/.boxgrinder/plugins/local":
- source =>
"puppet:///deltacloud_recipe/root-boxgrinder-plugins-local",
- mode => 644 }
-}
-
-# Configure pulp to fetch from Fedora
-# TODO uncomment when factory/warehouse uses pulp
-#exec{"pulp_fedora_config":
-# command => "/usr/bin/pulp-admin -u admin -p admin repo create
--id=fedora-repo --feed
yum:http://download.fedora.redhat.com/pub/fedora/linux/updates/13/x86_64/...
-#}
-
-# Create a named bucket in iwhd
-define dc::create_bucket(){
- package{'curl': ensure => 'installed'}
- # XXX ugly hack but iwhd might take some time to come up
- exec{"iwhd_startup_pause":
- command => "/bin/sleep 2",
- require => Service[iwhd]}
- exec{"create-bucket-${name}":
- command => "/usr/bin/curl -X PUT
http://localhost:9090/templates",
- require => [Exec['iwhd_startup_pause'], Package[curl]] }
-}
-
-# Initialize and start the deltacloud database
-define dc::db(){
- # Right now we configure and start postgres, at some point I want
- # to make the db that gets setup configurable
- file { "/var/lib/pgsql/data/pg_hba.conf":
- source => "puppet:///deltacloud_recipe/pg_hba.conf",
- require => Postgres::Initialize[init_db] }
- postgres::initialize{'init_db':}
- postgres::start{'start_db': require =>
File["/var/lib/pgsql/data/pg_hba.conf"]}
- postgres::user{"dcloud":
- password => "v23zj59an",
- roles => "CREATEDB",
- require => Postgres::Start[start_db]}
-
-
- # Create deltacloud database
- rails::create::db{"create_deltacloud_database":
- cwd => "/usr/share/deltacloud-aggregator",
- rails_env => "production",
- require => [Postgres::User[dcloud],
Package['deltacloud-aggregator']]}
- rails::migrate::db{"migrate_deltacloud_database":
- cwd => "/usr/share/deltacloud-aggregator",
- rails_env => "production",
- require => Rails::Create::Db[create_deltacloud_database]}
-}
-
-# Destroy the deltacloud database
-define dc::db::destroy(){
- rails::drop::db{"drop_deltacloud_database":
- cwd => "/usr/share/deltacloud-aggregator",
- rails_env => "production",
- require => Service["deltacloud-aggregator",
- "deltacloud-condor_refreshd",
- "deltacloud-dbomatic",
- "deltacloud-image_builder_service"]}
- postgres::user::remove{"dcloud": require =>
Rails::Drop::Db["drop_deltacloud_database"]}
-}
-
-# Create a new site admin aggregator web user
-define dc::site_admin($email="", $password="",
$first_name="", $last_name=""){
- exec{"create_site_admin_user":
- cwd => '/usr/share/deltacloud-aggregator',
- environment => "RAILS_ENV=production",
- command => "/usr/bin/rake dc:create_user[${name}] email=${email}
password=${password} first_name=${first_name} last_name=${last_name}",
- unless => "/usr/bin/test `psql dcloud dcloud -P tuples_only -c
\"select count(*) from users where login = '${name}';\"` =
\"1\"",
- require => Rails::Migrate::Db["migrate_deltacloud_database"]}
- exec{"grant_site_admin_privs":
- cwd => '/usr/share/deltacloud-aggregator',
- environment => "RAILS_ENV=production",
- command => "/usr/bin/rake dc:site_admin[${name}]",
- unless => "/usr/bin/test `psql dcloud dcloud -P tuples_only -c
\"select count(*) FROM roles INNER JOIN permissions ON (roles.id =
permissions.role_id) INNER JOIN users ON (permissions.user_id = users.id) where roles.name
= 'Administrator' AND users.login = '${name}';\"` =
\"1\"",
- require => Exec[create_site_admin_user]}
-}
-
-# Destroy and cleanup deltacloud artifacts
-define dc::cleanup(){
- exec{"remove_deltacloud_templates": command => "/bin/rm -rf
/templates"}
- exec{"remove_boxgrinder_dir": command => "/bin/rm -rf
/boxgrinder"}
-}
diff --git a/deltacloud_recipe/manifests/postgres.pp
b/deltacloud_recipe/manifests/postgres.pp
deleted file mode 100644
index 6a639b4..0000000
--- a/deltacloud_recipe/manifests/postgres.pp
+++ /dev/null
@@ -1,38 +0,0 @@
-# Some convenience routines for postgres
-
-package { ["postgresql", "postgresql-server"]:
- ensure => "installed", provider => "yum" }
-
-define postgres::initialize(){
- exec{"initialize_postgres":
- command => "/sbin/service postgresql initdb",
- unless => "/usr/bin/test -d /var/lib/pgsql/data/pg_log",
- require => Package["postgresql-server"]}
-}
-
-define postgres::start{
- service {"postgresql" :
- ensure => running,
- enable => true,
- require => Exec['initialize_postgres']}
- # XXX ugly hack, postgres takes sometime to startup even though reporting as running
- # need to pause for a bit to ensure it is running before we try to access the db
- exec{"postgresql_startup_pause":
- command => "/bin/sleep 2",
- require => Service[postgresql]
- }
-}
-
-define postgres::user($password="", $roles=""){
- exec{"create_dcloud_postgres_user":
- unless => "/usr/bin/test `psql postgres postgres -P tuples_only -c
\"select count(*) from pg_user where usename='${name}';\"` =
\"1\"",
- command => "/usr/bin/psql postgres postgres -c \
- \"CREATE USER ${name} WITH PASSWORD '${password}'
${roles}\""}
-}
-
-define postgres::user::remove($password="", $roles=""){
- exec{"remove_dcloud_postgres_user":
- onlyif => "/usr/bin/test `psql postgres postgres -P tuples_only -c
\"select count(*) from pg_user where usename='${name}';\"` =
\"1\"",
- command => "/usr/bin/psql postgres postgres -c \
- \"DROP USER ${name}\""}
-}
diff --git a/deltacloud_recipe/manifests/rails.pp b/deltacloud_recipe/manifests/rails.pp
deleted file mode 100644
index 438a209..0000000
--- a/deltacloud_recipe/manifests/rails.pp
+++ /dev/null
@@ -1,24 +0,0 @@
-# Some convenience routines for rails
-
-define rails::create::db($cwd="", $rails_env=""){
- exec{"create_rails_database":
- cwd => $cwd,
- environment => "RAILS_ENV=${rails_env}",
- command => "/usr/bin/rake db:create:all"}
-
-}
-
-define rails::migrate::db($cwd="", $rails_env=""){
- exec{"migrate_rails_database":
- cwd => $cwd,
- environment => "RAILS_ENV=${rails_env}",
- command => "/usr/bin/rake db:migrate"}
-}
-
-define rails::drop::db($cwd="", $rails_env=""){
- exec{"drop_rails_database":
- cwd => $cwd,
- onlyif => "/usr/bin/test -f ${cwd}/Rakefile",
- environment => "RAILS_ENV=${rails_env}",
- command => "/usr/bin/rake db:drop:all"}
-}
diff --git a/deltacloud_recipe/manifests/selinux.pp
b/deltacloud_recipe/manifests/selinux.pp
deleted file mode 100644
index 05a3174..0000000
--- a/deltacloud_recipe/manifests/selinux.pp
+++ /dev/null
@@ -1,11 +0,0 @@
-# Some convenience routines for selinux
-
-define selinux::mode(){
- $mode = $name ? {
- 'permissive' => '0',
- 'enforcing' => '1'
- }
- exec{"set_selinux_${name}":
- command => "/usr/sbin/setenforce ${mode}"
- }
-}
diff --git a/deltacloud_recipe/manifests/time.pp b/deltacloud_recipe/manifests/time.pp
deleted file mode 100644
index c3db854..0000000
--- a/deltacloud_recipe/manifests/time.pp
+++ /dev/null
@@ -1,8 +0,0 @@
-# Some convenience routines for system time manipulation
-
-# Sync system time via ntp
-define time::sync(){
- exec{"sync_time":
- command => "/usr/sbin/ntpdate pool.ntp.org"
- }
-}
diff --git a/recipes/deltacloud_recipe/deltacloud_recipe.pp
b/recipes/deltacloud_recipe/deltacloud_recipe.pp
new file mode 100644
index 0000000..d7e8765
--- /dev/null
+++ b/recipes/deltacloud_recipe/deltacloud_recipe.pp
@@ -0,0 +1,55 @@
+#--
+# Copyright (C) 2010 Red Hat Inc.
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+# Author: Mohammed Morsi <mmorsi(a)redhat.com>
+#--
+
+#
+# deltacloud installation recipe
+#
+
+# Modules used by the recipe
+import "deltacloud_recipe/deltacloud"
+
+# setup the deltacloud repositories
+dc::repos{"deltacloud":}
+
+# install deltacloud components
+dc::package::install{["aggregator", "core"]:
+ require => Dc::Repos["deltacloud"]}
+
+# setup selinux
+dc::selinux{'deltacloud':}
+
+# setup the firewall
+dc::firewall{'deltacloud':}
+
+# setup deltacloud db
+dc::db{"postgres":}
+
+# start deltacloud services
+dc::service::start{["aggregator", "core", 'iwhd',
'image-factory']:}
+
+# create bucket in image warehouse
+dc::create_bucket{"deltacloud":}
+
+# Create dcuser aggregator web user
+dc::site_admin{"admin":
+ email => 'dcuser(a)deltacloud.org',
+ password => 'password',
+ first_name => 'deltacloud',
+ last_name => 'user'}
diff --git a/recipes/deltacloud_recipe/deltacloud_stop_services.pp
b/recipes/deltacloud_recipe/deltacloud_stop_services.pp
new file mode 100644
index 0000000..71cb1bf
--- /dev/null
+++ b/recipes/deltacloud_recipe/deltacloud_stop_services.pp
@@ -0,0 +1,32 @@
+#--
+# Copyright (C) 2010 Red Hat Inc.
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+# Author: Mohammed Morsi <mmorsi(a)redhat.com>
+#--
+
+#
+# deltacloud uninstallation recipe
+#
+
+# Modules used by the recipe
+import "deltacloud_recipe/deltacloud"
+
+$services = ["aggregator", "core", 'iwhd',
'image-factory']
+
+# stop deltacloud services
+dc::service{$services:
+ ensure => 'stopped', enable => false}
diff --git a/recipes/deltacloud_recipe/deltacloud_uninstall.pp
b/recipes/deltacloud_recipe/deltacloud_uninstall.pp
new file mode 100644
index 0000000..b39d423
--- /dev/null
+++ b/recipes/deltacloud_recipe/deltacloud_uninstall.pp
@@ -0,0 +1,41 @@
+#--
+# Copyright (C) 2010 Red Hat Inc.
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+# Author: Mohammed Morsi <mmorsi(a)redhat.com>
+#--
+
+#
+# deltacloud uninstallation recipe
+#
+
+# Modules used by the recipe
+import "deltacloud_recipe/deltacloud"
+
+$packages = ["aggregator", "core"]
+
+# stop deltacloud services
+dc::service::stop{["aggregator", "core", 'iwhd',
'image-factory']:}
+
+# destroy deltacloud db
+dc::db::destroy{"postgres":
+ require => Dc::Service::Stop['aggregator']}
+
+# install deltacloud components
+dc::package::uninstall{$packages:
+ require => Dc::Db::Destroy['postgres']}
+
+dc::cleanup{"deltacloud": require => Dc::Package::Uninstall[$packages]}
diff --git a/recipes/deltacloud_recipe/files/condor_config.local
b/recipes/deltacloud_recipe/files/condor_config.local
new file mode 100644
index 0000000..d9d50c5
--- /dev/null
+++ b/recipes/deltacloud_recipe/files/condor_config.local
@@ -0,0 +1,26 @@
+CONDOR_HOST = $(FULL_HOSTNAME)
+ALLOW_WRITE = *
+
+DAEMON_LIST = MASTER, SCHEDD, COLLECTOR, NEGOTIATOR, STARTD
+
+MAX_GRIDMANAGER_LOG = 500000000
+GRIDMANAGER_JOB_PROBE_INTERVAL = 30
+
+GRIDMANAGER_DEBUG = D_FULLDEBUG
+NEGOTIATOR_DEBUG = D_FULLDEBUG
+COLLECTOR_DEBUG = D_FULLDEBUG
+
+DCLOUD_GAHP = $(SBIN)/dcloud_gahp
+
+CLASSAD_LIFETIME = 0
+
+# for re-advertising classads (i.e. condor_refreshd)
+CONDOR_DEVELOPERS_COLLECTOR = localhost:7890
+COLLECTOR_UPDATE_INTERVAL = 900
+
+# for the event log parsing (i.e. dbomatic)
+EVENT_LOG=$(LOG)/EventLog
+EVENT_LOG_USE_XML=True
+EVENT_LOG_JOB_AD_INFORMATION_ATTRS=Owner,GlobalJobId,Cmd,JobStartDate,JobCurrentStartDate,JobFinishedHookDone
+
+CLASSAD_USER_LIBS =
/usr/share/deltacloud-aggregator/classad_plugin/deltacloud_classad_plugin.so
diff --git a/recipes/deltacloud_recipe/files/deltacloud-core
b/recipes/deltacloud_recipe/files/deltacloud-core
new file mode 100755
index 0000000..3eb0afa
--- /dev/null
+++ b/recipes/deltacloud_recipe/files/deltacloud-core
@@ -0,0 +1,76 @@
+#!/bin/bash
+#
+#
+# deltacloud-core startup script for deltacloud-core server
+#
+# chkconfig: - 97 03
+# description: deltacloud-core is primary server process for the \
+# Deltacloud Core component.
+#
+
+[ -r /etc/sysconfig/deltacloud-core ] && . /etc/sysconfig/deltacloud-core
+
+ENV="${ENV:-production}"
+DRIVER="${DRIVER:-ec2}"
+PORT="${PORT:-3002}"
+LOCKFILE="${LOCKFILE:-/var/lock/subsys/deltacloud-core }"
+LOGFILE="${LOGFILE:-/var/log/deltacloud-core/$DRIVER.log}"
+
+PROG=/usr/bin/deltacloudd
+
+. /etc/init.d/functions
+
+start() {
+ echo -n "Starting deltacloud-core: "
+
+ $PROG -i $DRIVER -e $ENV -p $PORT >> $LOGFILE 2>&1 &
+ RETVAL=$?
+ if [ $RETVAL -eq 0 ] && touch $LOCKFILE ; then
+ echo_success
+ echo
+ else
+ echo_failure
+ echo
+ fi
+}
+
+stop() {
+ echo -n "Shutting down deltacloud-core: "
+ RETVAL=$?
+ killall deltacloudd
+ if [ $RETVAL -eq 0 ] && rm -f $LOCKFILE ; then
+ echo_success
+ echo
+ else
+ echo_failure
+ echo
+ fi
+}
+
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ restart)
+ stop
+ start
+ ;;
+ reload)
+ ;;
+ force-reload)
+ restart
+ ;;
+ status)
+ status $PROG
+ RETVAL=$?
+ ;;
+ *)
+ echo "Usage: deltacloud-core {start|stop|restart|status}"
+ exit 1
+ ;;
+esac
+
+exit $RETVAL
diff --git a/recipes/deltacloud_recipe/files/imagefactory.yml
b/recipes/deltacloud_recipe/files/imagefactory.yml
new file mode 100644
index 0000000..7f3abe7
--- /dev/null
+++ b/recipes/deltacloud_recipe/files/imagefactory.yml
@@ -0,0 +1,12 @@
+bg_command: /usr/bin/boxgrinder-build
+bg_working_dir: /boxgrinder/appliances
+bg_local_delivery: /boxgrinder/packaged_builds
+warehouse_active: true # if false Factory will not attempt any warehouse actions at all
+warehouse_host: localhost
+warehouse_port: 9090
+warehouse_bucket: templates
+# Which entity should actually bundle and upload the EC2 AMI
+ami_delivery: boxgrinder # Valid values are boxgrinder or warehouse
+ami_s3_bucket: deltacloud # S3 bucket to use when uploading bundle
+# Note that directory must exist
+mock_dir: /var/tmp/clalance-mock # Directory to use when building mock target
diff --git a/recipes/deltacloud_recipe/files/iwhd-conf.js
b/recipes/deltacloud_recipe/files/iwhd-conf.js
new file mode 100644
index 0000000..44516e0
--- /dev/null
+++ b/recipes/deltacloud_recipe/files/iwhd-conf.js
@@ -0,0 +1,7 @@
+[
+ {
+ "name": "primary",
+ "type": "fs",
+ "path": "."
+ }
+]
diff --git a/recipes/deltacloud_recipe/files/iwhd.init
b/recipes/deltacloud_recipe/files/iwhd.init
new file mode 100755
index 0000000..e5745e9
--- /dev/null
+++ b/recipes/deltacloud_recipe/files/iwhd.init
@@ -0,0 +1,73 @@
+#!/bin/bash
+#
+#
+# iwhd startup script for iwhd server
+#
+# chkconfig: - 97 03
+# description: iwhd is primary server process for the \
+# IWHD component.
+#
+
+[ -r /etc/sysconfig/iwhd ] && . /etc/sysconfig/iwhd
+
+LOCKFILE="${LOCKFILE:-/var/lock/subsys/iwhd }"
+
+PROG=/usr/sbin/iwhd
+CONF=/etc/iwhd/conf.js
+
+. /etc/init.d/functions
+
+start() {
+ echo -n "Starting iwhd: "
+
+ $PROG -c $CONF&
+ RETVAL=$?
+ if [ $RETVAL -eq 0 ] && touch $LOCKFILE ; then
+ echo_success
+ echo
+ else
+ echo_failure
+ echo
+ fi
+}
+
+stop() {
+ echo -n "Shutting down iwhd: "
+ RETVAL=$?
+ killall iwhd
+ if [ $RETVAL -eq 0 ] && rm -f $LOCKFILE ; then
+ echo_success
+ echo
+ else
+ echo_failure
+ echo
+ fi
+}
+
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ restart)
+ stop
+ start
+ ;;
+ reload)
+ ;;
+ force-reload)
+ restart
+ ;;
+ status)
+ status $PROG
+ RETVAL=$?
+ ;;
+ *)
+ echo "Usage: iwhd {start|stop|restart|status}"
+ exit 1
+ ;;
+esac
+
+exit $RETVAL
diff --git a/recipes/deltacloud_recipe/files/pg_hba.conf
b/recipes/deltacloud_recipe/files/pg_hba.conf
new file mode 100644
index 0000000..70d83bb
--- /dev/null
+++ b/recipes/deltacloud_recipe/files/pg_hba.conf
@@ -0,0 +1,2 @@
+local all all trust
+host all all 127.0.0.1 255.255.255.255 trust
diff --git a/recipes/deltacloud_recipe/files/qpidd.conf
b/recipes/deltacloud_recipe/files/qpidd.conf
new file mode 100644
index 0000000..da050c0
--- /dev/null
+++ b/recipes/deltacloud_recipe/files/qpidd.conf
@@ -0,0 +1,25 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+#
http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# Configuration file for qpidd. Entries are of the form:
+# name=value
+#
+# (Note: no spaces on either side of '='). Using default settings:
+# "qpidd --help" or "man qpidd" for more details.
+cluster-mechanism=ANONYMOUS
+auth=no
diff --git a/recipes/deltacloud_recipe/files/root-boxgrinder-plugins-local
b/recipes/deltacloud_recipe/files/root-boxgrinder-plugins-local
new file mode 100644
index 0000000..32ada19
--- /dev/null
+++ b/recipes/deltacloud_recipe/files/root-boxgrinder-plugins-local
@@ -0,0 +1,3 @@
+path: /boxgrinder/packaged_builds
+overwrite: false
+package: false
diff --git a/recipes/deltacloud_recipe/manifests/deltacloud.pp
b/recipes/deltacloud_recipe/manifests/deltacloud.pp
new file mode 100644
index 0000000..0924075
--- /dev/null
+++ b/recipes/deltacloud_recipe/manifests/deltacloud.pp
@@ -0,0 +1,382 @@
+# Deltacloud puppet definitions
+
+import "firewall"
+
+import "postgres"
+import "rails"
+import "selinux"
+import "time"
+
+# Setup repos which to pull deltacloud components
+define dc::repos(){
+ yumrepo{"${name}_arch":
+ name => "${name}_arch",
+ baseurl =>
'http://repos.fedorapeople.org/repos/deltacloud/appliance/fedora-$releasever/$basearch',
+ enabled => 1, gpgcheck => 0}
+ yumrepo{"${name}_noarch":
+ name => "${name}_noarch",
+ baseurl =>
'http://repos.fedorapeople.org/repos/deltacloud/appliance/fedora-$releasever/noarch',
+ enabled => 1, gpgcheck => 0}
+ yumrepo{"${name}_pulp":
+ name => "${name}_pulp",
+ baseurl =>
'http://repos.fedorapeople.org/repos/pulp/pulp/fedora-13/$basearch/',
+ enabled => 1, gpgcheck => 0}
+}
+
+# Install the deltacloud components
+define dc::package::install(){
+ case $name {
+ 'aggregator': {
+ # specific versions of these two packages are needed and we need to pull the third
in
+ package { 'python-imgcreate':
+ provider => 'rpm', ensure => installed,
+ source =>
'http://repos.fedorapeople.org/repos/deltacloud/appliance/fedora-13/x86_64/python-imgcreate-031-1.fc12.1.x86_64.rpm'}
+ package { 'livecd-tools':
+ provider => 'rpm', ensure => installed,
+ source =>
'http://repos.fedorapeople.org/repos/deltacloud/appliance/fedora-13/x86_64/livecd-tools-031-1.fc12.1.x86_64.rpm',
+ require => Package['python-imgcreate']}
+ package { 'appliance-tools':
+ provider => 'yum', ensure => installed,
+ require => Package["livecd-tools",
"python-imgcreate"] }
+
+ # TODO: Fix me, find a better way to do this...
+ # We need to also install this rpm from amazon
+ package{"ec2-ami-tools":
+ provider => "rpm",
+ source =>
"http://s3.amazonaws.com/ec2-downloads/ec2-ami-tools.noarch.rpm",
+ ensure => 'installed' }
+
+ package { 'rubygem-deltacloud-client':
+ provider => 'yum', ensure => 'installed' }
+ package { 'rubygem-deltacloud-image-builder-agent':
+ provider => 'yum', ensure => 'installed',
+ require => Package['appliance-tools',
'livecd-tools', 'python-imgcreate', 'ec2-ami-tools']}
+ package { 'iwhd':
+ provider => 'yum', ensure => 'installed' }
+
+
+ package {['deltacloud-aggregator',
+ 'deltacloud-aggregator-daemons',
+ 'deltacloud-aggregator-doc']:
+ provider => 'yum', ensure => 'installed',
+ require => Package['rubygem-deltacloud-client',
+ 'rubygem-deltacloud-image-builder-agent',
+ 'iwhd']}
+ }
+
+ 'core': {
+ package { 'rubygem-deltacloud-core':
+ provider => 'yum', ensure => 'installed'}
+ file { "/var/log/deltacloud-core": ensure => 'directory' }
+ }
+ }
+}
+
+# Uninstall the deltacloud components
+define dc::package::uninstall(){
+ case $name {
+ 'aggregator': {
+ package {['deltacloud-aggregator-daemons',
+ 'deltacloud-aggregator-doc']:
+ provider => 'yum', ensure => 'absent',
+ require => Service['deltacloud-aggregator',
+ 'deltacloud-condor_refreshd',
+ 'deltacloud-dbomatic',
+ 'imagefactoryd',
+ 'deltacloud-image_builder_service']}
+
+ package {'deltacloud-aggregator':
+ provider => 'yum', ensure => 'absent',
+ require => Package['deltacloud-aggregator-daemons',
+ 'deltacloud-aggregator-doc'] }
+ package { 'rubygem-deltacloud-client':
+ provider => 'yum', ensure => 'absent',
+ require => Package['deltacloud-aggregator']}
+ package { 'rubygem-deltacloud-image-builder-agent':
+ provider => 'yum', ensure => 'absent',
+ require => Package['deltacloud-aggregator']}
+ package { 'iwhd':
+ provider => 'yum', ensure => 'absent',
+ require => [Package['deltacloud-aggregator'],
Service['iwhd']]}
+
+ # FIXME these lingering dependencies, pulled in for
+ # rubygem-deltacloud-image-builder-agent, need to be removed as
+ # ec2-ami-tools and appliance-tools depend on them and using
+ # 'absent' in the context of the 'yum' provider dispatches
+ # to 'rpm -e' instead of 'yum erase'
+ package { ['rubygem-boxgrinder-build-ec2-platform-plugin',
+ 'rubygem-boxgrinder-build-centos-os-plugin',
+ 'rubygem-boxgrinder-build-fedora-os-plugin']:
+ provider => "yum", ensure => 'absent',
+ require =>
Package['rubygem-deltacloud-image-builder-agent']}
+ package { 'rubygem-boxgrinder-build-rhel-os-plugin':
+ provider => "yum", ensure => 'absent',
+ require =>
Package['rubygem-boxgrinder-build-centos-os-plugin']}
+ package { 'rubygem-boxgrinder-build-rpm-based-os-plugin':
+ provider => "yum", ensure => 'absent',
+ require =>
Package['rubygem-boxgrinder-build-rhel-os-plugin',
+
'rubygem-boxgrinder-build-fedora-os-plugin']}
+
+ package { 'ec2-ami-tools':
+ provider => "yum", ensure => 'absent',
+ require =>
Package['rubygem-boxgrinder-build-ec2-platform-plugin']}
+ package { 'appliance-tools':
+ provider => 'yum', ensure => 'absent',
+ require =>
Package['rubygem-boxgrinder-build-rpm-based-os-plugin']}
+ package { 'livecd-tools':
+ provider => 'yum', ensure => 'absent',
+ require => Package['appliance-tools']}
+ package { 'python-imgcreate':
+ provider => 'yum', ensure => 'absent',
+ require => Package['appliance-tools',
'livecd-tools']}
+
+ }
+
+ 'core': {
+ package { 'rubygem-deltacloud-core':
+ provider => 'yum', ensure => 'absent',
+ require => Service['deltacloud-core']}
+ }
+ }
+}
+
+# Setup selinux for deltacloud
+define dc::selinux(){
+ selinux::mode{"permissive":}
+}
+
+# Setup firewall for deltacloud
+define dc::firewall(){
+ firewall::setup{'deltacloud': status=>"enabled"}
+ firewall_open_port{"httpd": port => "80", policy =>
"tcp"}
+}
+
+# TODO disable selinux until we're sure everything works w/ it enabled
+
+# Start the deltacloud services
+define dc::service::start(){
+ case $name {
+ 'aggregator': {
+ file {"/var/lib/condor/condor_config.local":
+ source => "puppet:///deltacloud_recipe/condor_config.local",
+ require => Package['deltacloud-aggregator-daemons'] }
+ service { ['condor', 'httpd']:
+ ensure => 'running',
+ enable => true,
+ require => File['/var/lib/condor/condor_config.local'] }
+ service { ['deltacloud-aggregator',
+ 'deltacloud-condor_refreshd',
+ 'deltacloud-dbomatic']:
+ ensure => 'running',
+ enable => true,
+ hasstatus => true,
+ require => [Package['deltacloud-aggregator-daemons'],
+ Rails::Migrate::Db[migrate_deltacloud_database],
+ Service[condor]] }
+ }
+
+ 'core': {
+ time::sync{"deltacloud":} # we need to sync time to communicate w/ cloud
providers
+ file {"/etc/init.d/deltacloud-core":
+ source => "puppet:///deltacloud_recipe/deltacloud-core",
+ mode => 755 }
+ service { 'deltacloud-core':
+ ensure => 'running',
+ enable => true,
+ require => [Package['rubygem-deltacloud-core'],
+ File['/etc/init.d/deltacloud-core']] }
+ }
+
+ 'iwhd': {
+ file { "/data": ensure => 'directory' }
+ file { "/data/db": ensure => 'directory' }
+ service { 'mongod':
+ ensure => 'running',
+ enable => true,
+ require => [Package['iwhd'], File["/data/db"]]}
+ service { 'iwhd':
+ ensure => 'running',
+ enable => true,
+ require => [Package['iwhd'],
+ Service[mongod]]}
+ }
+
+ 'image-factory': {
+ dc::configure_boxgrinder{'conf_bxg':}
+ file { "/etc/qpidd.conf":
+ source => "puppet:///deltacloud_recipe/qpidd.conf",
+ mode => 644 }
+ service {'qpidd':
+ ensure => 'running',
+ enable => true,
+ require => [File['/etc/qpidd.conf'],
+ Package['deltacloud-aggregator-daemons']]}
+ file { "/etc/imagefactory.yml":
+ source => "puppet:///deltacloud_recipe/imagefactory.yml",
+ mode => 644 }
+ $requires = [Package['rubygem-deltacloud-image-builder-agent'],
+ Package['deltacloud-aggregator-daemons'],
+ File['/etc/imagefactory.yml'],
+ Service[qpidd],
+ Rails::Migrate::Db[migrate_deltacloud_database],
+ Dc::Configure_boxgrinder['conf_bxg']]
+ service { 'imagefactoryd':
+ ensure => 'running',
+ enable => true,
+ require => $requires}
+ service { 'deltacloud-image_builder_service':
+ ensure => 'running',
+ enable => true,
+ hasstatus => true,
+ require => $requires}
+ }
+ }
+}
+
+# Stop the deltacloud services
+define dc::service::stop(){
+ case $name {
+ 'aggregator': {
+ service { ['condor', 'httpd']:
+ ensure => 'stopped',
+ enable => false,
+ require => Service['deltacloud-aggregator',
+ 'deltacloud-condor_refreshd',
+ 'deltacloud-dbomatic'] }
+ service { ['deltacloud-aggregator',
+ 'deltacloud-condor_refreshd',
+ 'deltacloud-dbomatic']:
+ ensure => 'stopped',
+ enable => false,
+ hasstatus => true }
+ }
+
+ 'core': {
+ service { 'deltacloud-core':
+ ensure => 'stopped',
+ enable => false}
+ }
+
+ 'iwhd': {
+ service { 'mongod':
+ ensure => 'stopped',
+ enable => false,
+ require => Service[iwhd]}
+ service { 'iwhd':
+ ensure => 'stopped',
+ enable => false}
+ }
+
+ 'image-factory': {
+ service {'qpidd':
+ ensure => 'stopped',
+ enable => false,
+ require => Service['imagefactoryd',
'deltacloud-image_builder_service']}
+
+ service { 'imagefactoryd':
+ ensure => 'stopped',
+ enable => false}
+
+ service { 'deltacloud-image_builder_service':
+ ensure => 'stopped',
+ hasstatus => true,
+ enable => false}
+ }
+ }
+}
+
+# Configure boxgrinder, this should go into the boxgrinder rpms eventually
+define dc::configure_boxgrinder(){
+ file { "/boxgrinder": ensure => "directory"}
+ file { "/boxgrinder/appliances":
+ ensure => "directory",
+ require => File["/boxgrinder"]}
+ file { "/boxgrinder/packaged_builders":
+ ensure => "directory",
+ require => File["/boxgrinder"]}
+ file { "/root/.boxgrinder": ensure => "directory"}
+ file { "/root/.boxgrinder/plugins":
+ ensure => "directory",
+ require => File["/root/.boxgrinder"]}
+ file { "/root/.boxgrinder/plugins/local":
+ source =>
"puppet:///deltacloud_recipe/root-boxgrinder-plugins-local",
+ mode => 644 }
+}
+
+# Configure pulp to fetch from Fedora
+# TODO uncomment when factory/warehouse uses pulp
+#exec{"pulp_fedora_config":
+# command => "/usr/bin/pulp-admin -u admin -p admin repo create
--id=fedora-repo --feed
yum:http://download.fedora.redhat.com/pub/fedora/linux/updates/13/x86_64/...
+#}
+
+# Create a named bucket in iwhd
+define dc::create_bucket(){
+ package{'curl': ensure => 'installed'}
+ # XXX ugly hack but iwhd might take some time to come up
+ exec{"iwhd_startup_pause":
+ command => "/bin/sleep 2",
+ require => Service[iwhd]}
+ exec{"create-bucket-${name}":
+ command => "/usr/bin/curl -X PUT
http://localhost:9090/templates",
+ require => [Exec['iwhd_startup_pause'], Package[curl]] }
+}
+
+# Initialize and start the deltacloud database
+define dc::db(){
+ # Right now we configure and start postgres, at some point I want
+ # to make the db that gets setup configurable
+ file { "/var/lib/pgsql/data/pg_hba.conf":
+ source => "puppet:///deltacloud_recipe/pg_hba.conf",
+ require => Postgres::Initialize[init_db] }
+ postgres::initialize{'init_db':}
+ postgres::start{'start_db': require =>
File["/var/lib/pgsql/data/pg_hba.conf"]}
+ postgres::user{"dcloud":
+ password => "v23zj59an",
+ roles => "CREATEDB",
+ require => Postgres::Start[start_db]}
+
+
+ # Create deltacloud database
+ rails::create::db{"create_deltacloud_database":
+ cwd => "/usr/share/deltacloud-aggregator",
+ rails_env => "production",
+ require => [Postgres::User[dcloud],
Package['deltacloud-aggregator']]}
+ rails::migrate::db{"migrate_deltacloud_database":
+ cwd => "/usr/share/deltacloud-aggregator",
+ rails_env => "production",
+ require => Rails::Create::Db[create_deltacloud_database]}
+}
+
+# Destroy the deltacloud database
+define dc::db::destroy(){
+ rails::drop::db{"drop_deltacloud_database":
+ cwd => "/usr/share/deltacloud-aggregator",
+ rails_env => "production",
+ require => Service["deltacloud-aggregator",
+ "deltacloud-condor_refreshd",
+ "deltacloud-dbomatic",
+ "deltacloud-image_builder_service"]}
+ postgres::user::remove{"dcloud": require =>
Rails::Drop::Db["drop_deltacloud_database"]}
+}
+
+# Create a new site admin aggregator web user
+define dc::site_admin($email="", $password="",
$first_name="", $last_name=""){
+ exec{"create_site_admin_user":
+ cwd => '/usr/share/deltacloud-aggregator',
+ environment => "RAILS_ENV=production",
+ command => "/usr/bin/rake dc:create_user[${name}] email=${email}
password=${password} first_name=${first_name} last_name=${last_name}",
+ unless => "/usr/bin/test `psql dcloud dcloud -P tuples_only -c
\"select count(*) from users where login = '${name}';\"` =
\"1\"",
+ require => Rails::Migrate::Db["migrate_deltacloud_database"]}
+ exec{"grant_site_admin_privs":
+ cwd => '/usr/share/deltacloud-aggregator',
+ environment => "RAILS_ENV=production",
+ command => "/usr/bin/rake dc:site_admin[${name}]",
+ unless => "/usr/bin/test `psql dcloud dcloud -P tuples_only -c
\"select count(*) FROM roles INNER JOIN permissions ON (roles.id =
permissions.role_id) INNER JOIN users ON (permissions.user_id = users.id) where roles.name
= 'Administrator' AND users.login = '${name}';\"` =
\"1\"",
+ require => Exec[create_site_admin_user]}
+}
+
+# Destroy and cleanup deltacloud artifacts
+define dc::cleanup(){
+ exec{"remove_deltacloud_templates": command => "/bin/rm -rf
/templates"}
+ exec{"remove_boxgrinder_dir": command => "/bin/rm -rf
/boxgrinder"}
+}
diff --git a/recipes/deltacloud_recipe/manifests/postgres.pp
b/recipes/deltacloud_recipe/manifests/postgres.pp
new file mode 100644
index 0000000..6a639b4
--- /dev/null
+++ b/recipes/deltacloud_recipe/manifests/postgres.pp
@@ -0,0 +1,38 @@
+# Some convenience routines for postgres
+
+package { ["postgresql", "postgresql-server"]:
+ ensure => "installed", provider => "yum" }
+
+define postgres::initialize(){
+ exec{"initialize_postgres":
+ command => "/sbin/service postgresql initdb",
+ unless => "/usr/bin/test -d /var/lib/pgsql/data/pg_log",
+ require => Package["postgresql-server"]}
+}
+
+define postgres::start{
+ service {"postgresql" :
+ ensure => running,
+ enable => true,
+ require => Exec['initialize_postgres']}
+ # XXX ugly hack, postgres takes sometime to startup even though reporting as running
+ # need to pause for a bit to ensure it is running before we try to access the db
+ exec{"postgresql_startup_pause":
+ command => "/bin/sleep 2",
+ require => Service[postgresql]
+ }
+}
+
+define postgres::user($password="", $roles=""){
+ exec{"create_dcloud_postgres_user":
+ unless => "/usr/bin/test `psql postgres postgres -P tuples_only -c
\"select count(*) from pg_user where usename='${name}';\"` =
\"1\"",
+ command => "/usr/bin/psql postgres postgres -c \
+ \"CREATE USER ${name} WITH PASSWORD '${password}'
${roles}\""}
+}
+
+define postgres::user::remove($password="", $roles=""){
+ exec{"remove_dcloud_postgres_user":
+ onlyif => "/usr/bin/test `psql postgres postgres -P tuples_only -c
\"select count(*) from pg_user where usename='${name}';\"` =
\"1\"",
+ command => "/usr/bin/psql postgres postgres -c \
+ \"DROP USER ${name}\""}
+}
diff --git a/recipes/deltacloud_recipe/manifests/rails.pp
b/recipes/deltacloud_recipe/manifests/rails.pp
new file mode 100644
index 0000000..438a209
--- /dev/null
+++ b/recipes/deltacloud_recipe/manifests/rails.pp
@@ -0,0 +1,24 @@
+# Some convenience routines for rails
+
+define rails::create::db($cwd="", $rails_env=""){
+ exec{"create_rails_database":
+ cwd => $cwd,
+ environment => "RAILS_ENV=${rails_env}",
+ command => "/usr/bin/rake db:create:all"}
+
+}
+
+define rails::migrate::db($cwd="", $rails_env=""){
+ exec{"migrate_rails_database":
+ cwd => $cwd,
+ environment => "RAILS_ENV=${rails_env}",
+ command => "/usr/bin/rake db:migrate"}
+}
+
+define rails::drop::db($cwd="", $rails_env=""){
+ exec{"drop_rails_database":
+ cwd => $cwd,
+ onlyif => "/usr/bin/test -f ${cwd}/Rakefile",
+ environment => "RAILS_ENV=${rails_env}",
+ command => "/usr/bin/rake db:drop:all"}
+}
diff --git a/recipes/deltacloud_recipe/manifests/selinux.pp
b/recipes/deltacloud_recipe/manifests/selinux.pp
new file mode 100644
index 0000000..05a3174
--- /dev/null
+++ b/recipes/deltacloud_recipe/manifests/selinux.pp
@@ -0,0 +1,11 @@
+# Some convenience routines for selinux
+
+define selinux::mode(){
+ $mode = $name ? {
+ 'permissive' => '0',
+ 'enforcing' => '1'
+ }
+ exec{"set_selinux_${name}":
+ command => "/usr/sbin/setenforce ${mode}"
+ }
+}
diff --git a/recipes/deltacloud_recipe/manifests/time.pp
b/recipes/deltacloud_recipe/manifests/time.pp
new file mode 100644
index 0000000..c3db854
--- /dev/null
+++ b/recipes/deltacloud_recipe/manifests/time.pp
@@ -0,0 +1,8 @@
+# Some convenience routines for system time manipulation
+
+# Sync system time via ntp
+define time::sync(){
+ exec{"sync_time":
+ command => "/usr/sbin/ntpdate pool.ntp.org"
+ }
+}
diff --git a/recipes/firewall/README b/recipes/firewall/README
new file mode 100644
index 0000000..5fb3acc
--- /dev/null
+++ b/recipes/firewall/README
@@ -0,0 +1 @@
+Module documentation for firewall
diff --git a/recipes/firewall/files/chain_rules/filter/FORWARD.head
b/recipes/firewall/files/chain_rules/filter/FORWARD.head
new file mode 100644
index 0000000..1bb8bf6
--- /dev/null
+++ b/recipes/firewall/files/chain_rules/filter/FORWARD.head
@@ -0,0 +1 @@
+# empty
diff --git a/recipes/firewall/files/chain_rules/filter/FORWARD.tail
b/recipes/firewall/files/chain_rules/filter/FORWARD.tail
new file mode 100644
index 0000000..1bb8bf6
--- /dev/null
+++ b/recipes/firewall/files/chain_rules/filter/FORWARD.tail
@@ -0,0 +1 @@
+# empty
diff --git a/recipes/firewall/files/chain_rules/filter/INPUT.head
b/recipes/firewall/files/chain_rules/filter/INPUT.head
new file mode 100644
index 0000000..e12264a
--- /dev/null
+++ b/recipes/firewall/files/chain_rules/filter/INPUT.head
@@ -0,0 +1,8 @@
+# INPUT.head
+-P INPUT DROP
+#-i lo -m comment --comment "localhost access" -j ACCEPT
+-i lo -j ACCEPT
+#-m state --state RELATED,ESTABLISHED -m comment --comment "All
established/related" -j ACCEPT
+-m state --state RELATED,ESTABLISHED -j ACCEPT
+# -p icmp -m comment --comment "allow icmp/ping traffic" -j ACCEPT
+-p icmp -j ACCEPT
diff --git a/recipes/firewall/files/chain_rules/filter/INPUT.tail
b/recipes/firewall/files/chain_rules/filter/INPUT.tail
new file mode 100644
index 0000000..d1c2492
--- /dev/null
+++ b/recipes/firewall/files/chain_rules/filter/INPUT.tail
@@ -0,0 +1,3 @@
+# INPUT.tail
+# -m comment --comment "Logging" -m limit --limit 3/minute -j LOG --log-prefix
"[IPTABLES] INPUT : "
+-m limit --limit 3/minute -j LOG --log-prefix "[IPTABLES] INPUT : "
diff --git a/recipes/firewall/files/chain_rules/filter/OUTPUT.head
b/recipes/firewall/files/chain_rules/filter/OUTPUT.head
new file mode 100644
index 0000000..4c40843
--- /dev/null
+++ b/recipes/firewall/files/chain_rules/filter/OUTPUT.head
@@ -0,0 +1 @@
+# OUTPUT.head
diff --git a/recipes/firewall/files/chain_rules/filter/OUTPUT.tail
b/recipes/firewall/files/chain_rules/filter/OUTPUT.tail
new file mode 100644
index 0000000..9effd41
--- /dev/null
+++ b/recipes/firewall/files/chain_rules/filter/OUTPUT.tail
@@ -0,0 +1 @@
+# OUTPUT.tail
diff --git a/recipes/firewall/files/chain_rules/mangle/FORWARD.head
b/recipes/firewall/files/chain_rules/mangle/FORWARD.head
new file mode 100644
index 0000000..1bb8bf6
--- /dev/null
+++ b/recipes/firewall/files/chain_rules/mangle/FORWARD.head
@@ -0,0 +1 @@
+# empty
diff --git a/recipes/firewall/files/chain_rules/mangle/FORWARD.tail
b/recipes/firewall/files/chain_rules/mangle/FORWARD.tail
new file mode 100644
index 0000000..1bb8bf6
--- /dev/null
+++ b/recipes/firewall/files/chain_rules/mangle/FORWARD.tail
@@ -0,0 +1 @@
+# empty
diff --git a/recipes/firewall/files/chain_rules/mangle/INPUT.head
b/recipes/firewall/files/chain_rules/mangle/INPUT.head
new file mode 100644
index 0000000..1bb8bf6
--- /dev/null
+++ b/recipes/firewall/files/chain_rules/mangle/INPUT.head
@@ -0,0 +1 @@
+# empty
diff --git a/recipes/firewall/files/chain_rules/mangle/INPUT.tail
b/recipes/firewall/files/chain_rules/mangle/INPUT.tail
new file mode 100644
index 0000000..1bb8bf6
--- /dev/null
+++ b/recipes/firewall/files/chain_rules/mangle/INPUT.tail
@@ -0,0 +1 @@
+# empty
diff --git a/recipes/firewall/files/chain_rules/mangle/POSTROUTING.head
b/recipes/firewall/files/chain_rules/mangle/POSTROUTING.head
new file mode 100644
index 0000000..1bb8bf6
--- /dev/null
+++ b/recipes/firewall/files/chain_rules/mangle/POSTROUTING.head
@@ -0,0 +1 @@
+# empty
diff --git a/recipes/firewall/files/chain_rules/mangle/POSTROUTING.tail
b/recipes/firewall/files/chain_rules/mangle/POSTROUTING.tail
new file mode 100644
index 0000000..1bb8bf6
--- /dev/null
+++ b/recipes/firewall/files/chain_rules/mangle/POSTROUTING.tail
@@ -0,0 +1 @@
+# empty
diff --git a/recipes/firewall/files/chain_rules/nat/OUTPUT.head
b/recipes/firewall/files/chain_rules/nat/OUTPUT.head
new file mode 100644
index 0000000..1bb8bf6
--- /dev/null
+++ b/recipes/firewall/files/chain_rules/nat/OUTPUT.head
@@ -0,0 +1 @@
+# empty
diff --git a/recipes/firewall/files/chain_rules/nat/OUTPUT.tail
b/recipes/firewall/files/chain_rules/nat/OUTPUT.tail
new file mode 100644
index 0000000..1bb8bf6
--- /dev/null
+++ b/recipes/firewall/files/chain_rules/nat/OUTPUT.tail
@@ -0,0 +1 @@
+# empty
diff --git a/recipes/firewall/files/chain_rules/nat/POSTROUTING.head
b/recipes/firewall/files/chain_rules/nat/POSTROUTING.head
new file mode 100644
index 0000000..1bb8bf6
--- /dev/null
+++ b/recipes/firewall/files/chain_rules/nat/POSTROUTING.head
@@ -0,0 +1 @@
+# empty
diff --git a/recipes/firewall/files/chain_rules/nat/POSTROUTING.tail
b/recipes/firewall/files/chain_rules/nat/POSTROUTING.tail
new file mode 100644
index 0000000..1bb8bf6
--- /dev/null
+++ b/recipes/firewall/files/chain_rules/nat/POSTROUTING.tail
@@ -0,0 +1 @@
+# empty
diff --git a/recipes/firewall/files/chain_rules/nat/PREROUTING.head
b/recipes/firewall/files/chain_rules/nat/PREROUTING.head
new file mode 100644
index 0000000..1bb8bf6
--- /dev/null
+++ b/recipes/firewall/files/chain_rules/nat/PREROUTING.head
@@ -0,0 +1 @@
+# empty
diff --git a/recipes/firewall/files/chain_rules/nat/PREROUTING.tail
b/recipes/firewall/files/chain_rules/nat/PREROUTING.tail
new file mode 100644
index 0000000..1bb8bf6
--- /dev/null
+++ b/recipes/firewall/files/chain_rules/nat/PREROUTING.tail
@@ -0,0 +1 @@
+# empty
diff --git a/recipes/firewall/files/chain_rules/raw/OUTPUT.head
b/recipes/firewall/files/chain_rules/raw/OUTPUT.head
new file mode 100644
index 0000000..1bb8bf6
--- /dev/null
+++ b/recipes/firewall/files/chain_rules/raw/OUTPUT.head
@@ -0,0 +1 @@
+# empty
diff --git a/recipes/firewall/files/chain_rules/raw/OUTPUT.tail
b/recipes/firewall/files/chain_rules/raw/OUTPUT.tail
new file mode 100644
index 0000000..1bb8bf6
--- /dev/null
+++ b/recipes/firewall/files/chain_rules/raw/OUTPUT.tail
@@ -0,0 +1 @@
+# empty
diff --git a/recipes/firewall/files/chain_rules/raw/PREROUTING.head
b/recipes/firewall/files/chain_rules/raw/PREROUTING.head
new file mode 100644
index 0000000..1bb8bf6
--- /dev/null
+++ b/recipes/firewall/files/chain_rules/raw/PREROUTING.head
@@ -0,0 +1 @@
+# empty
diff --git a/recipes/firewall/files/chain_rules/raw/PREROUTING.tail
b/recipes/firewall/files/chain_rules/raw/PREROUTING.tail
new file mode 100644
index 0000000..1bb8bf6
--- /dev/null
+++ b/recipes/firewall/files/chain_rules/raw/PREROUTING.tail
@@ -0,0 +1 @@
+# empty
diff --git a/recipes/firewall/files/iptables-update.sh
b/recipes/firewall/files/iptables-update.sh
new file mode 100644
index 0000000..e7e6e04
--- /dev/null
+++ b/recipes/firewall/files/iptables-update.sh
@@ -0,0 +1,200 @@
+#!/bin/bash
+
+firewallDir="/usr/share/firewall"
+
+# firewallDir contains a directory for each table (filter, nat, mangle)
+# - each table dir contains a dir for each chain in that table
+# - each chain dir has link files that are iptables snippets
+# - each table dir can contain a CHAIN.head file, which goes in front of the chain
+# - each table dir can contain a CHAIN.tail file, which goes in back of the chain
+# and should set default policy
+#
+# Example firewallDir layout
+# filter
+# INPUT
+# ftp
+# http
+# smb
+# INPUT.head
+# INPUT.tail
+# OUTPUT
+# OUTPUT.head
+# FORWARD
+# nat
+# PREROUTING
+#
+# Any chains not in this tree will be removed from the running config
+
+#oldTable=$(mktemp oldTable.XXXXXX)
+#currentTable=$(mktemp currTable.XXXXXX)
+if [ "$1" == 'DEBUG' ]; then
+ DEBUG=1
+else
+ DEBUG=0
+fi
+IPTABLES="/sbin/iptables"
+
+# iptables wrapper
+function ipt {
+
+ if [ "$DEBUG" -eq 1 ]; then
+ echo "DEBUG: running $IPTABLES $@"
+ eval $IPTABLES $@
+ else
+ eval $IPTABLES $@ 2>/dev/null
+ fi
+
+ retVal="$?"
+ return $retVal
+}
+
+function insertEntry {
+ table="$1"
+ chain="$2"
+ entryNum="$3"
+ shift; shift; shift
+ ENTRY="$@"
+
+ # Remove the -A if it's there, we already know the table and chain
+ # This will make it easier to create the files, as you can just copy/paste
+ # from an iptables-save
+ ENTRY=$(echo $ENTRY | sed 's/^-A [0-9a-zA-Z-]* //')
+
+ # Insert at the enegrep -v '^([[:space:]]*#|[[:space:]]*$)'d of the new section
+ if echo "$ENTRY" | grep -q '^-P'; then
+ ipt -t $table $ENTRY
+ else
+ ipt -t $table -I $chain $entryNum $ENTRY
+ fi
+}
+
+function removeComments {
+ filename="$1"
+ egrep -v '^([[:space:]]*#|[[:space:]]*$)' $filename 2>/dev/null
+}
+
+
+# write out the current firewall
+#iptables-save > $oldTable
+
+# Set up all the tables in advance.
+pushd ${firewallDir} > /dev/null
+for table in *; do
+ # A particular table
+ if [ -d "$table" ]; then
+ pushd "$table" > /dev/null
+ for chain in *; do
+ if [ ! -d "$chain" ]; then
+ # Only directories are valid chains
+ continue
+ fi
+
+ #create the table
+ ipt -t $table -N $chain 2> /dev/null
+ done
+ popd > /dev/null
+ fi
+done
+popd > /dev/null
+
+# Put the iptables pieces into the full layout of the table
+pushd ${firewallDir} > /dev/null
+for table in *; do
+ if [ -d "$table" ]; then
+ pushd "$table" > /dev/null
+ for chain in *; do
+ if [ ! -d "$chain" ]; then
+ # Only directories are valid chains
+ continue
+ fi
+
+ echo "Working on chain $chain in table $table"
+ numEntries=0
+
+ echo "Adding rules to chain $chain in table $table"
+ if [ -f "${chain}.head" ]; then
+ # The head of the firewall goes in first.
+ while read ENTRY; do
+ if echo "$ENTRY" | grep -qv '^-P'; then
+ let numEntries="$numEntries + 1"
+ fi
+ insertEntry $table $chain $numEntries $ENTRY
+ done < <( removeComments "${chain}.head" )
+ fi
+
+ # go into the chain, add all the link files to the firewall
+ pushd $chain > /dev/null
+ for link in *; do
+ while read ENTRY; do
+ if echo "$ENTRY" | grep -qv '^-P'; then
+ let numEntries="$numEntries + 1"
+ fi
+ insertEntry $table $chain $numEntries $ENTRY
+ done < <( removeComments "$link" )
+ done
+ popd > /dev/null
+
+ if [ -f "$chain.tail" ]; then
+ # The tail of the firewall goes in last.
+ while read ENTRY; do
+ if echo "$ENTRY" | grep -qv '^-P'; then
+ let numEntries="$numEntries + 1"
+ fi
+
+ insertEntry $table $chain $numEntries $ENTRY
+ done < <( removeComments "${chain}.tail" )
+ fi
+
+ # flush out the old rules from this chain
+ echo "Cleaning chain $chain in table $table..."
+ let oldEntry="$numEntries + 1"
+ while ipt -t $table -D $chain $oldEntry; do
+ echo -en "."
+ done
+ echo -en "\n"
+ done
+ popd > /dev/null
+ fi
+done
+popd > /dev/null
+
+# Delete all rules from the chains that shouldn't be there
+pushd ${firewallDir} > /dev/null
+for table in *; do
+ pushd "$table" > /dev/null > /dev/null
+ for chain in $(iptables-save | sed -n '/^\*'$table'/,/^\*/p' | grep
'^:' | cut -d' ' -f1 | sed 's/://'); do
+ if [ ! -d "$chain" ]; then
+ # Flush the chain
+ echo "Flushing rules from chain $chain in table $table"
+ ipt -t $table -F $chain
+ fi
+ done
+ popd > /dev/null
+done
+popd > /dev/null
+
+# delete the chains that shouldn't be there
+pushd ${firewallDir} > /dev/null
+for table in filter nat mangle; do
+ if [ ! -d "$table" ]; then
+ # This table isn't used, clear it
+ ipt -t $table -F
+ ipt -t $table -X
+ else
+
+ pushd "$table" > /dev/null
+ for chain in $(iptables-save | sed -n '/^\*'$table'/,/^\*/p' | grep
'^:' | cut -d' ' -f1 | sed 's/://'); do
+ if [ "$chain" == "FORWARD" ]; then
+ continue
+ fi
+ if [ ! -d "$chain" ]; then
+ # Delete the chain
+ echo "Deleting chain $chain from table $table"
+ ipt -t $table -P $chain ACCEPT
+ ipt -t $table -X $chain
+ fi
+ done
+ popd > /dev/null
+ fi
+done
+popd > /dev/null
diff --git a/recipes/firewall/manifests/defines.pp
b/recipes/firewall/manifests/defines.pp
new file mode 100644
index 0000000..871f357
--- /dev/null
+++ b/recipes/firewall/manifests/defines.pp
@@ -0,0 +1,77 @@
+# usage
+# firewall::rule { 'rulename':
+# chain => "INPUT",
+# table => "filter",
+# source_port => 123423,
+# destination_port => 22,
+# destination =>
foo.com,
+# source =>
bar.com,
+# to_ports => "443"
+# action => ACCEPT
+# }
+define firewall::rule (
+ $chain = 'INPUT',
+ $table = 'filter',
+ $comment = '',
+ $protocol = 'tcp',
+ $source_port = '',
+ $destination_port = '',
+ $source = '',
+ $destination = '',
+ $to_ports = '',
+ $to_destination = '',
+ $modules = [],
+ $destination_range = '',
+ $not_physdev_bridged = '',
+ $source_range = '',
+ $out_interface = '',
+ $in_interface = '',
+ $uid_owner = '',
+ $reject_with = '',
+ $log_prefix = '',
+ $state = '',
+ $every = '',
+ $mode = '',
+ $action = 'ACCEPT'
+ ) {
+
+ include firewall
+
+ $table_path = "${firewall::firewall_dir}/${table}"
+ $chain_path = "${firewall::firewall_dir}/${table}/${chain}"
+
+ if defined(File["${chain_path}"]) {
+ # do nothing
+ $trash = ''
+ } else {
+ file { "${chain_path}":
+ ensure => directory,
+ purge => true,
+ recurse => true,
+ require => File["${table_path}"],
+ }
+ }
+
+ $link_path = "$firewall::firewall_dir/${table}/${chain}/${name}"
+
+ file { "${link_path}":
+ content => template("firewall/rule.erb"),
+ notify => Service["firewall"],
+ }
+}
+
+define firewall::rule::stub () {
+ file {
+ "${name}.head":
+ name => "${firewall_dir}/${name}.head",
+ mode => 0700,
+ source => "puppet:///modules/firewall/chain_rules/${name}.head",
+ ;
+ "${name}.tail":
+ name => "${firewall_dir}/${name}.tail",
+ mode => 0700,
+ source => "puppet:///modules/firewall/chain_rules/${name}.tail",
+ ;
+ }
+}
+
diff --git a/recipes/firewall/manifests/init.pp b/recipes/firewall/manifests/init.pp
new file mode 100644
index 0000000..c38abc3
--- /dev/null
+++ b/recipes/firewall/manifests/init.pp
@@ -0,0 +1,102 @@
+import "defines.pp"
+
+class firewall {
+
+ $firewall_dir = "/usr/share/firewall"
+ package { "iptables":
+ ensure => installed,
+ }
+
+ service { "firewall":
+ name => "iptables",
+ enable => true,
+ hasstatus => true,
+ require => [ Package["iptables"],
File["iptables-update"] ],
+ restart => "/usr/local/bin/iptables-update.sh",
+ }
+
+ # the reload script (thanks rmonk)
+ file { "iptables-update":
+ name => "/usr/local/bin/iptables-update.sh",
+ mode => 0755,
+ source => "puppet:///modules/firewall/iptables-update.sh",
+ }
+
+ file { "${firewall_dir}":
+ ensure => directory,
+ mode => 0755,
+ }
+
+ # create the table directories
+ file {
+ [
+ "${firewall_dir}/filter",
+ "${firewall_dir}/filter/INPUT",
+ "${firewall_dir}/filter/OUTPUT",
+ "${firewall_dir}/filter/FORWARD",
+ "${firewall_dir}/nat",
+ "${firewall_dir}/nat/PREROUTING",
+ "${firewall_dir}/nat/OUTPUT",
+ "${firewall_dir}/nat/POSTROUTING",
+ "${firewall_dir}/mangle",
+ "${firewall_dir}/mangle/FORWARD",
+ "${firewall_dir}/mangle/POSTROUTING",
+ "${firewall_dir}/mangle/INPUT",
+ "${firewall_dir}/raw",
+ "${firewall_dir}/raw/PREROUTING",
+ "${firewall_dir}/raw/OUTPUT"
+ ]:
+ ensure => directory,
+ notify => Service["firewall"],
+ require => File["${firewall_dir}"],
+ mode => 0755,
+ }
+
+ # create the head/tail files -- we tried a recursive resource here but it failed.
+ $wrapper_rules = [
+ 'filter/INPUT',
+ 'filter/OUTPUT',
+ 'filter/FORWARD',
+ 'nat/PREROUTING',
+ 'nat/POSTROUTING',
+ 'nat/OUTPUT',
+ 'mangle/FORWARD',
+ 'mangle/INPUT',
+ 'mangle/POSTROUTING',
+ 'raw/PREROUTING',
+ 'raw/OUTPUT'
+ ]
+
+ firewall::rule::stub { $wrapper_rules:
+ notify => Service["firewall"],
+ require => File["${firewall_dir}"],
+ }
+
+ # relevent execs
+ exec { "reload-firewall":
+ command => "/usr/local/bin/iptables-update.sh",
+ require => File["iptables-update"],
+ refreshonly => true,
+ }
+}
+
+class firewall::disabled inherits firewall {
+ Service["firewall"] {
+ ensure => stopped,
+ enable => false,
+ }
+}
+
+class firewall::ckmtest inherits firewall {
+
+ firewall::rule { "NAT":
+ table => 'nat',
+ chain => 'PREROUTING',
+ protocol => 'tcp',
+ destination_port => '8443',
+ action => 'REDIRECT',
+ to_ports => "443",
+ comment => "nat rule",
+ }
+}
+
diff --git a/recipes/firewall/templates/rule.erb b/recipes/firewall/templates/rule.erb
new file mode 100644
index 0000000..c3ae3f8
--- /dev/null
+++ b/recipes/firewall/templates/rule.erb
@@ -0,0 +1,70 @@
+<% unless protocol.empty? -%>
+-p <%= protocol + " " -%>
+<% end -%>
+<% for m in modules -%>
+-m <%= m + " " -%>
+<% end -%>
+<% unless destination_range.empty? -%>
+--dst-range <%= destination_range + " " -%>
+<% end -%>
+<% unless source_range.empty? -%>
+--src-range <%= source_range + " " -%>
+<% end -%>
+<% unless out_interface.empty? -%>
+--out-interface <%= out_interface + " " -%>
+<% end -%>
+<% unless in_interface.empty? -%>
+--in-interface <%= in_interface + " " -%>
+<% end -%>
+<% unless source.empty? -%>
+--source <%= source + " " -%>
+<% end -%>
+<% unless uid_owner.empty? -%>
+--uid-owner <%= uid_owner + " " -%>
+<% end -%>
+<% unless state.empty? -%>
+--state <%= state + " " -%>
+<% end -%>
+<% unless mode.empty? -%>
+--mode <%= mode + " " -%>
+<% end -%>
+<% unless not_physdev_bridged.empty? -%>
+! --physdev-is-bridged
+<% end -%>
+<% unless every.empty? -%>
+--every <%= every + " " -%>
+<% end -%>
+<% unless destination.empty? -%>
+--destination <%= destination + " " -%>
+<% end -%>
+<% unless destination_port.empty? -%>
+<% if destination_port =~ /:|,/ -%>
+-m multiport --destination-ports <%= destination_port + " " -%>
+<% else -%>
+--destination-port <%= destination_port + " " -%>
+<% end -%>
+<% end -%>
+<% unless source_port.empty? -%>
+<% if source_port =~ /:|,/ -%>
+-m multiport --source-ports <%= source_port + " " -%>
+<% else -%>
+--source-port <%= source_port + " " -%>
+<% end -%>
+<% end -%>
+<% if operatingsystemrelease == '5' -%>
+-m comment --comment "<%= comment -%>"<%= " " -%>
+<% end -%>
+-j <%= action -%>
+<% unless to_ports.empty? -%>
+ --to-ports <%= to_ports + " " -%>
+<% end -%>
+<% unless to_destination.empty? -%>
+ --to-destination <%= to_destination + " " -%>
+<% end -%>
+<% unless log_prefix.empty? -%>
+--log-prefix <%= log_prefix + " " -%>
+<% end -%>
+<% unless reject_with.empty? -%>
+--reject-with <%= reject_with + " " -%>
+<% end -%>
+<%# keep at end %>
diff --git a/recipes/ntp/README b/recipes/ntp/README
new file mode 100644
index 0000000..e69de29
diff --git a/recipes/ntp/manifests/init.pp b/recipes/ntp/manifests/init.pp
new file mode 100644
index 0000000..00897cd
--- /dev/null
+++ b/recipes/ntp/manifests/init.pp
@@ -0,0 +1,45 @@
+class ntp {
+ package { "ntp":
+ ensure => installed,
+ }
+ File {
+ owner => root,
+ group => root,
+ mode => 0644,
+ }
+}
+class ntp::client inherits ntp {
+ service { "ntpd":
+ ensure => running,
+ enable => true,
+ hasrestart => true,
+ hasstatus => true,
+ require => Package["ntp"],
+ }
+
+ # default ntp servers if none-specified
+ # for different environments this should be changed in the branch
+ # only setup an override here in case there is an odd host or two
+ # that needs to be different from others in the same env
+ $default_ntpservers = [ "pool.ntp.org" ]
+ $ntpservers = $ntpservers ? {
+ '' => $default_ntpservers,
+ default => $ntpservers,
+ }
+
+ file { "/etc/ntp.conf":
+ content => template("ntp/ntp.conf"),
+ notify => Service["ntpd"],
+ require => Package["ntp"],
+ }
+ file { "/etc/ntp/":
+ require => Package["ntp"],
+ }
+ file { "/etc/ntp/step-tickers":
+ content => template("ntp/ntp.conf"),
+ notify => Service["ntpd"],
+ require => Package["ntp"],
+ }
+}
+class ntp::server inherits ntp {
+}
diff --git a/recipes/ntp/templates/ntp.conf b/recipes/ntp/templates/ntp.conf
new file mode 100644
index 0000000..8bfd2d0
--- /dev/null
+++ b/recipes/ntp/templates/ntp.conf
@@ -0,0 +1,5 @@
+# /etc/ntp.conf generated by puppet
+driftfile /var/lib/ntp/drift
+<% for ntpserver in ntpservers -%>
+server <%= ntpserver %>
+<% end -%>
diff --git a/recipes/ntp/templates/step-tickers b/recipes/ntp/templates/step-tickers
new file mode 100644
index 0000000..57cd8bb
--- /dev/null
+++ b/recipes/ntp/templates/step-tickers
@@ -0,0 +1,4 @@
+# /etc/ntp/step-tickerts generated by puppet
+<% for ntpserver in ntpservers -%>
+server <%= ntpserver %>
+<% end -%>
diff --git a/recipes/postgres/README b/recipes/postgres/README
new file mode 100644
index 0000000..e69de29
diff --git a/recipes/postgres/files/pg_hba.conf b/recipes/postgres/files/pg_hba.conf
new file mode 100644
index 0000000..f7d3b8d
--- /dev/null
+++ b/recipes/postgres/files/pg_hba.conf
@@ -0,0 +1,8 @@
+# TYPE DATABASE USER CIDR-ADDRESS METHOD
+
+# "local" is for Unix domain socket connections only
+local all all password sameuser
+# IPv4 local connections:
+host all all 127.0.0.1/32 password sameuser
+# IPv6 local connections:
+host all all ::1/128 password sameuser
diff --git a/recipes/postgres/manifests/init.pp b/recipes/postgres/manifests/init.pp
new file mode 100644
index 0000000..4a4fb5e
--- /dev/null
+++ b/recipes/postgres/manifests/init.pp
@@ -0,0 +1,70 @@
+import "firewall"
+
+class postgres {
+ package { "postgresql":
+ ensure => installed,
+ }
+}
+
+class postgres::client inherits postgres {
+}
+
+class postgres::server inherits postgres {
+ firewall::rule { "Postgres":
+ destination_port => "5432",
+ comment => "postgresql tcp/5432",
+ }
+
+ package { [ "postgresql-server" ]:
+ ensure => installed,
+ }
+
+ group { "postgres":
+ gid => 26,
+ }
+
+ service { "postgresql":
+ ensure => running,
+ enable => true,
+ hasrestart => true,
+ hasstatus => true,
+ require => [ Package["postgresql-server"],
Exec["pginitdb"] ],
+ }
+
+ file { "/var/lib/pgsql/data":
+ ensure => directory,
+ owner => "postgres",
+ group => "postgres",
+ require => Package["postgresql-server"],
+ }
+
+ exec { "pginitdb":
+ command => "/usr/bin/initdb
--pgdata='/var/lib/pgsql/data'",
+ user => "postgres",
+ group => "postgres",
+ creates => "/var/lib/pgsql/data/PG_VERSION",
+ require => Package["postgresql-server"],
+ notify => Service["postgresql"],
+ }
+
+ firewall::rule { "POSTGRES-SERVER":
+ destination_port => "5432",
+ comment => "Postresql inbound 5432/tcp"
+ }
+
+}
+
+define postgres::user($ensure='created', $password="",
$roles=""){
+ case $ensure {
+ 'created': {
+ exec{"create_${name}_postgres_user":
+ unless => "/usr/bin/test `psql postgres postgres -P tuples_only -c
\"select count(*) from pg_user where usename='${name}';\"` =
\"1\"",
+ command => "/usr/bin/psql postgres postgres -c \
+ \"CREATE USER ${name} WITH PASSWORD '${password}'
${roles}\""}}
+ 'dropped': {
+ exec{"drop_${name}_postgres_user":
+ onlyif => "/usr/bin/test `psql postgres postgres -P tuples_only -c
\"select count(*) from pg_user where usename='${name}';\"` =
\"1\"",
+ command => "/usr/bin/psql postgres postgres -c \
+ \"DROP USER ${name}\""}}
+ }
+}
diff --git a/recipes/postgres/plugins/puppet/provider/pgsql_database/pgsql.rb
b/recipes/postgres/plugins/puppet/provider/pgsql_database/pgsql.rb
new file mode 100644
index 0000000..994e22f
--- /dev/null
+++ b/recipes/postgres/plugins/puppet/provider/pgsql_database/pgsql.rb
@@ -0,0 +1,64 @@
+require 'puppet/provider/package'
+
+Puppet::Type.type(:pgsql_database).provide(:pgsql,
+ :parent => Puppet::Provider::Package) do
+
+ desc "Use pgsql as database."
+
+ # retrieve the current set of pgsql users
+ def self.instances
+ dbs = []
+
+ output = execute(['psql', '-Aqtl'], :failonfail => true, :uid
=> "postgres")
+ output.each do |line|
+ dbs << new( query_line_to_hash(line) )
+ end
+ return dbs
+ end
+
+ def self.query_line_to_hash(line)
+ fields = line.chomp.split('|')
+ {
+ :name => fields[0],
+ :owner => fields[1],
+ :ensure => :present
+ }
+ end
+
+ def query
+ result = {
+ :name => @resource[:name],
+ :owner => @resource[:owner],
+ :ensure => :absent
+ }
+
+ output = execute(['psql', '-Aqtc', "SELECT pg_database.datname,
pg_user.usename FROM pg_database, pg_user WHERE
pg_database.datname='#{resource[:name]} AND pg_user.usesysid = ( SELECT datdba FROM
pg_database WHERE pg_database.datname='#{@resource[:name]}')" ], :failonfail
=> true, :uid => "postgres")
+ output.each do |line|
+ result = query_line_to_hash(line)
+ end
+ result
+ end
+
+ def create
+ execute(['createdb', '-q', '-O',
"#{@resource.should(:owner)}", "#{@resource[:name]}"], :failonfail
=> true, :uid => "postgres")
+ end
+
+ def destroy
+ execute(['dropdb', '-q', "#{@resource[:name]}"],
:failonfail => true, :uid => "postgres")
+ end
+
+ def exists?
+ output = execute(['psql', '-Aqtc', "SELECT datname FROM
pg_database WHERE datname='#{@resource[:name]}'"], :failonfail => true,
:uid => "postgres")
+ output.chomp.match(/^#{@resource[:name]}$/)
+ end
+
+ def owner
+ @property_hash[:owner]
+ end
+
+ def owner=(string)
+ execute(['psql', '-Aqtc', "UPDATE pg_database SET datdba=(SELECT
oid FROM pg_roles WHERE rolname='#{string}') where
datname='#{@resource[:name]}'"], :failonfail => true, :uid =>
"postgres")
+ end
+
+end
+
diff --git a/recipes/postgres/plugins/puppet/provider/pgsql_grant/pgsql.rb
b/recipes/postgres/plugins/puppet/provider/pgsql_grant/pgsql.rb
new file mode 100644
index 0000000..61c32d9
--- /dev/null
+++ b/recipes/postgres/plugins/puppet/provider/pgsql_grant/pgsql.rb
@@ -0,0 +1,155 @@
+# A grant is either global or per-db. This can be distinguished by the syntax
+# of the name:
+# user@host => global
+# user@host/db => per-db
+
+require 'puppet/provider/package'
+
+MYSQL_USER_PRIVS = [ :select_priv, :insert_priv, :update_priv, :delete_priv,
+ :create_priv, :drop_priv, :reload_priv, :shutdown_priv, :process_priv,
+ :file_priv, :grant_priv, :references_priv, :index_priv, :alter_priv,
+ :show_db_priv, :super_priv, :create_tmp_table_priv, :lock_tables_priv,
+ :execute_priv, :repl_slave_priv, :repl_client_priv, :create_view_priv,
+ :show_view_priv, :create_routine_priv, :alter_routine_priv,
+ :create_user_priv
+]
+
+MYSQL_DB_PRIVS = [ :select_priv, :insert_priv, :update_priv, :delete_priv,
+ :create_priv, :drop_priv, :grant_priv, :references_priv, :index_priv,
+ :alter_priv, :create_tmp_table_priv, :lock_tables_priv, :create_view_priv,
+ :show_view_priv, :create_routine_priv, :alter_routine_priv, :execute_priv
+]
+
+Puppet::Type.type(:mysql_grant).provide(:mysql) do
+
+ desc "Uses mysql as database."
+
+ commands :mysql => '/usr/bin/mysql'
+ commands :mysqladmin => '/usr/bin/mysqladmin'
+
+ def mysql_flush
+ mysqladmin "flush-privileges"
+ end
+
+ # this parses the
+ def split_name(string)
+ matches = /^([^@]*)(a)([^\/]*)(\/(.*))?$/.match(string).captures.compact
+ case matches.length
+ when 2
+ {
+ :type => :user,
+ :user => matches[0],
+ :host => matches[1]
+ }
+ when 4
+ {
+ :type => :db,
+ :user => matches[0],
+ :host => matches[1],
+ :db => matches[3]
+ }
+ end
+ end
+
+ def create_row
+ unless @resource.should(:privileges).empty?
+ name = split_name(@resource[:name])
+ case name[:type]
+ when :user
+ mysql "mysql", "-e", "INSERT INTO user (host, user) VALUES
('%s', '%s')" % [
+ name[:host], name[:user],
+ ]
+ when :db
+ mysql "mysql", "-e", "INSERT INTO db (host, user, db) VALUES
('%s', '%s', '%s')" % [
+ name[:host], name[:user], name[:db],
+ ]
+ end
+ mysql_flush
+ end
+ end
+
+ def destroy
+ mysql "mysql", "-e", "REVOKE ALL ON '%s'.* FROM
'%s@%s'" % [ @resource[:privileges], @resource[:database], @resource[:name],
@resource[:host] ]
+ end
+
+ def row_exists?
+ name = split_name(@resource[:name])
+ fields = [:user, :host]
+ if name[:type] == :db
+ fields << :db
+ end
+ not mysql( "mysql", "-NBe", 'SELECT "1" FROM %s WHERE
%s' % [ name[:type], fields.map do |f| "%s = '%s'" % [f, name[f]]
end.join(' AND ')]).empty?
+ end
+
+ def all_privs_set?
+ all_privs = case split_name(@resource[:name])[:type]
+ when :user
+ MYSQL_USER_PRIVS
+ when :db
+ MYSQL_DB_PRIVS
+ end
+ all_privs = all_privs.collect do |p| p.to_s end.sort.join("|")
+ privs = privileges.collect do |p| p.to_s end.sort.join("|")
+
+ all_privs == privs
+ end
+
+ def privileges
+ name = split_name(@resource[:name])
+ privs = ""
+
+ case name[:type]
+ when :user
+ privs = mysql "mysql", "-Be", 'select * from user where
user="%s" and host="%s"' % [ name[:user], name[:host] ]
+ when :db
+ privs = mysql "mysql", "-Be", 'select * from db where
user="%s" and host="%s" and db="%s"' % [ name[:user],
name[:host], name[:db] ]
+ end
+
+ if privs.match(/^$/)
+ privs = [] # no result, no privs
+ else
+ # returns a line with field names and a line with values, each tab-separated
+ privs = privs.split(/\n/).map! do |l| l.chomp.split(/\t/) end
+ # transpose the lines, so we have key/value pairs
+ privs = privs[0].zip(privs[1])
+ privs = privs.select do |p| p[0].match(/_priv$/) and p[1] == 'Y' end
+ end
+
+ privs.collect do |p| symbolize(p[0].downcase) end
+ end
+
+ def privileges=(privs)
+ unless row_exists?
+ create_row
+ end
+
+ # puts "Setting privs: ", privs.join(", ")
+ name = split_name(@resource[:name])
+ stmt = ''
+ where = ''
+ all_privs = []
+ case name[:type]
+ when :user
+ stmt = 'update user set '
+ where = ' where user="%s" and host="%s"' % [ name[:user],
name[:host] ]
+ all_privs = MYSQL_USER_PRIVS
+ when :db
+ stmt = 'update db set '
+ where = ' where user="%s" and host="%s"' % [ name[:user],
name[:host] ]
+ all_privs = MYSQL_DB_PRIVS
+ end
+
+ if privs[0] == :all
+ privs = all_privs
+ end
+
+ # puts "stmt:", stmt
+ set = all_privs.collect do |p| "%s = '%s'" % [p, privs.include?(p) ?
'Y' : 'N'] end.join(', ')
+ # puts "set:", set
+ stmt = stmt << set << where
+
+ mysql "mysql", "-Be", stmt
+ mysql_flush
+ end
+end
+
diff --git a/recipes/postgres/plugins/puppet/provider/pgsql_user/pgsql.rb
b/recipes/postgres/plugins/puppet/provider/pgsql_user/pgsql.rb
new file mode 100644
index 0000000..073c62c
--- /dev/null
+++ b/recipes/postgres/plugins/puppet/provider/pgsql_user/pgsql.rb
@@ -0,0 +1,127 @@
+require 'puppet/provider/package'
+
+Puppet::Type.type(:pgsql_user).provide(:pgsql,
+ # T'is funny business, this code is quite
generic
+ :parent => Puppet::Provider::Package) do
+
+ desc "Use pgsql as database."
+
+ # retrieve the current set of pgsql users
+ def self.instances
+ users = []
+
+ output = execute(['psql', '-Aqtc', "SELECT * FROM
pg_authid"], :failonfail => true, :uid => "postgres")
+ output.each do |line|
+ users << new( query_line_to_hash(line) )
+ end
+ return users
+ end
+
+ def self.query_line_to_hash(line)
+ fields = line.chomp.split('|')
+ {
+ :name => fields[0],
+ :superuser => fields[1],
+ :createrole => fields[3],
+ :createdb => fields[4],
+ :password => fields[8],
+ :ensure => :present
+ }
+ end
+
+ def query
+ result = {}
+
+ output = execute(['psql', '-Aqtc', "SELECT * FROM pg_authid
WHERE rolname='#{@resource[:name]}'"], :failonfail => true, :uid =>
"postgres")
+ output.each do |line|
+ unless result.empty?
+ raise Puppet::Error,
+ "Got multiple results for user '%s'" % @resource[:name]
+ end
+ result = query_line_to_hash(line)
+ end
+ result
+ end
+
+ def create
+ options = ""
+ if @resource.should(:superuser) == :true
+ options << " SUPERUSER"
+ end
+ if @resource.should(:createrole) == :true
+ options << " CREATEROLE"
+ end
+ if @resource.should(:createdb) == :true
+ options << " CREATEDB"
+ end
+
+ execute(['psql', '-Aqtc', "CREATE USER #{@resource[:name]} WITH
PASSWORD '#{@resource.should(:password)}' #{options}"], :failonfail =>
true, :uid => "postgres")
+ end
+
+ def destroy
+ execute(['dropuser', '-q', "#{@resource[:name]}"],
:failonfail => true, :uid => "postgres")
+ end
+
+ def exists?
+ output = execute(['psql', '-Aqtc', "SELECT rolname FROM
pg_authid WHERE rolname='#{@resource[:name]}'"], :failonfail => true, :uid
=> "postgres")
+ output.match(/^#{@resource[:name]}$/)
+ end
+
+ def password
+ @property_hash[:password]
+ end
+
+ def password=(string)
+ execute(['psql', '-Aqtc', "ALTER ROLE #{@resource[:name]} WITH
ENCRYPTED PASSWORD '#{string}'"], :failonfail => true, :uid =>
"postgres")
+ end
+
+ def superuser
+ if @property_hash[:superuser] == "t"
+ :true
+ else
+ :false
+ end
+ end
+
+ def superuser=(string)
+ if string == :true
+ execute(['psql', '-Aqtc', "ALTER ROLE #{@resource[:name]}
SUPERUSER"], :failonfail => true, :uid => "postgres")
+ else
+ execute(['psql', '-Aqtc', "ALTER ROLE #{@resource[:name]}
NOSUPERUSER"], :failonfail => true, :uid => "postgres")
+ end
+ end
+
+ def createrole
+ if @property_hash[:createrole] == "t"
+ :true
+ else
+ :false
+ end
+ end
+
+ def createrole=(string)
+ if string == :true
+ execute(['psql', '-Aqtc', "ALTER ROLE #{@resource[:name]}
CREATEROLE"], :failonfail => true, :uid => "postgres")
+ else
+ execute(['psql', '-Aqtc', "ALTER ROLE #{@resource[:name]}
NOCREATEROLE"], :failonfail => true, :uid => "postgres")
+ end
+ end
+
+ def createdb
+ if @property_hash[:createdb] == "t"
+ :true
+ else
+ :false
+ end
+ end
+
+ def createdb=(string)
+ if string == :true
+ execute(['psql', '-Aqtc', "ALTER ROLE #{@resource[:name]}
CREATEDB"], :failonfail => true, :uid => "postgres")
+ else
+ execute(['psql', '-Aqtc', "ALTER ROLE #{@resource[:name]}
NOCREATEDB"], :failonfail => true, :uid => "postgres")
+ end
+ end
+
+end
+
diff --git a/recipes/postgres/plugins/puppet/type/pgsql_database.rb
b/recipes/postgres/plugins/puppet/type/pgsql_database.rb
new file mode 100644
index 0000000..6c77924
--- /dev/null
+++ b/recipes/postgres/plugins/puppet/type/pgsql_database.rb
@@ -0,0 +1,14 @@
+# This has to be a separate type to enable collecting
+Puppet::Type.newtype(:pgsql_database) do
+ @doc = "Manage a database."
+ ensurable
+ newparam(:name) do
+ desc "The name of the database."
+ end
+ newproperty(:owner) do
+ desc "The owner of the database."
+
+ defaultto "postgres"
+ end
+end
+
diff --git a/recipes/postgres/plugins/puppet/type/pgsql_grant.rb
b/recipes/postgres/plugins/puppet/type/pgsql_grant.rb
new file mode 100644
index 0000000..b0bbaf7
--- /dev/null
+++ b/recipes/postgres/plugins/puppet/type/pgsql_grant.rb
@@ -0,0 +1,77 @@
+# This has to be a separate type to enable collecting
+Puppet::Type.newtype(:pgsql_grant) do
+ @doc = "Manage a database user's rights."
+ #ensurable
+
+ autorequire :pgsql_db do
+ # puts "Starting db autoreq for %s" % self[:name]
+ reqs = []
+ matches = self[:name].match(/^([^@]+)@([^\/]+)\/(.+)$/)
+ unless matches.nil?
+ reqs << matches[3]
+ end
+ # puts "Autoreq: '%s'" % reqs.join(" ")
+ reqs
+ end
+
+ autorequire :pgsql_user do
+ # puts "Starting user autoreq for %s" % self[:name]
+ reqs = []
+ matches = self[:name].match(/^([^@]+)@([^\/]+).*$/)
+ unless matches.nil?
+ reqs << "%s@%s" % [ matches[1], matches[2] ]
+ end
+ # puts "Autoreq: '%s'" % reqs.join(" ")
+ reqs
+ end
+
+ newparam(:name) do
+ desc "The primary key: either user@host for global privilges or
user@host/database for database specific privileges"
+ end
+ newproperty(:privileges, :array_matching => :all) do
+ desc "The privileges the user should have. The possible values are
implementation dependent."
+ munge do |v|
+ symbolize(v)
+ end
+
+ def should_to_s(newvalue = @should)
+ if newvalue
+ unless newvalue.is_a?(Array)
+ newvalue = [ newvalue ]
+ end
+ newvalue.collect do |v| v.to_s end.sort.join ", "
+ else
+ nil
+ end
+ end
+
+ def is_to_s(currentvalue = @is)
+ if currentvalue
+ unless currentvalue.is_a?(Array)
+ currentvalue = [ currentvalue ]
+ end
+ currentvalue.collect do |v| v.to_s end.sort.join ", "
+ else
+ nil
+ end
+ end
+
+ # use the sorted outputs for comparison
+ def insync?(is)
+ if defined? @should and @should
+ case self.should_to_s
+ when "all"
+ self.provider.all_privs_set?
+ when self.is_to_s(is)
+ true
+ else
+ false
+ end
+ else
+ true
+ end
+ end
+
+ end
+end
+
diff --git a/recipes/postgres/plugins/puppet/type/pgsql_user.rb
b/recipes/postgres/plugins/puppet/type/pgsql_user.rb
new file mode 100644
index 0000000..7803b13
--- /dev/null
+++ b/recipes/postgres/plugins/puppet/type/pgsql_user.rb
@@ -0,0 +1,48 @@
+# This has to be a separate type to enable collecting
+
+require 'digest/md5'
+
+Puppet::Type.newtype(:pgsql_user) do
+ @doc = "Manage a database user."
+ ensurable
+
+ newparam(:name) do
+ desc "The name of the user"
+ end
+
+ newproperty(:password) do
+ desc "The unencrypted password of the user."
+ munge do |password|
+ return 'md5' + Digest::MD5.hexdigest(password + @resource[:name])
+ end
+ end
+
+ newproperty(:superuser) do
+ desc "Is the user a superuser"
+
+ newvalue(:true)
+ newvalue(:false)
+
+ defaultto :false
+ end
+
+ newproperty(:createdb) do
+ desc "Is the user a allowed to create new databases"
+
+ newvalue(:true)
+ newvalue(:false)
+
+ defaultto :false
+ end
+
+ newproperty(:createrole) do
+ desc "Is the user a allowed to create new roles"
+
+ newvalue(:true)
+ newvalue(:false)
+
+ defaultto :false
+ end
+
+end
+
--
1.7.2.3