Created
November 28, 2015 03:38
-
-
Save jtopjian/38a4f154d3f2828cac4e to your computer and use it in GitHub Desktop.
Completed files for http://terrarum.net/blog/puppet-infrastructure-2015.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
node 'puppet.example.com' { | |
contain site::roles::puppet_server | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# Firewall | |
trusted_networks: | |
- '192.168.1.0/24' | |
- '10.255.0.0/24' | |
# Puppet | |
site::puppet::puppet_package_ensure: 'latest' | |
site::puppet::server_package_ensure: 'latest' | |
site::puppet::settings::main: | |
server: 'puppet' | |
parser: 'future' | |
ordering: 'manifest' | |
pluginsync: true | |
logdir: '/var/log/puppet' | |
vardir: '/var/lib/puppet' | |
ssldir: '/var/lib/puppet/ssl' | |
rundir: '/var/run/puppet' | |
site::puppet::settings::agent: | |
certname: "%{::fqdn}" | |
show_diff: true | |
splay: false | |
configtimeout: 360 | |
usecacheonfailure: true | |
report: true | |
environment: "%{::environment}" | |
site::puppet::settings::server_default: | |
JAVA_ARGS: '-Xms1g -Xmx1g -XX:MaxPermSize=256m' | |
site::puppet::settings::master: | |
ca: true | |
ssldir: '/var/lib/puppet/ssl' | |
puppetdb::master::config::restart_puppet: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
:backends: | |
- yaml | |
:hierarchy: | |
- "node/%{::hostname}" | |
- "location/%{::location}" | |
- "role/%{::role}" | |
- common | |
:yaml: | |
:datadir: /etc/puppet/modules/site/data | |
:merge_behavior: deeper |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mod 'concat', | |
:git => 'https://github.com/puppetlabs/puppetlabs-concat', | |
:ref => '1.1.2' | |
mod 'firewall', | |
:git => 'https://github.com/puppetlabs/puppetlabs-firewall' | |
mod 'inifile', | |
:git => 'https://github.com/puppetlabs/puppetlabs-inifile', | |
:ref => '792d35cdb48fc2cba08ab578c1b7bc42ef3a0ace' | |
mod 'ntp', | |
:git => 'https://github.com/puppetlabs/puppetlabs-ntp' | |
mod 'postgresql', | |
:git => 'https://github.com/puppetlabs/puppetlabs-postgresql', | |
:ref => '4.1.0' | |
mod 'puppet', | |
:git => 'https://github.com/jtopjian/puppet-puppet', | |
:ref => 'puppetserver' | |
mod 'puppetdb', | |
:git => 'https://github.com/puppetlabs/puppetlabs-puppetdb', | |
:ref => '4.1.0' | |
mod 'stdlib', | |
:git => 'https://github.com/puppetlabs/puppetlabs-stdlib', | |
:ref => '4.4.x' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class site::firewall { | |
firewall { '000 accept all icmp': | |
proto => 'icmp', | |
action => 'accept', | |
} | |
firewall { '001 accept all to lo interface': | |
proto => 'all', | |
iniface => 'lo', | |
action => 'accept', | |
} | |
firewall { '002 accept related established rules': | |
proto => 'all', | |
ctstate => ['RELATED', 'ESTABLISHED'], | |
action => 'accept', | |
} | |
$trusted_networks = hiera_array('trusted_networks') | |
$trusted_networks.each |$network| { | |
firewall { "003 allow all traffic from ${network}": | |
proto => 'all', | |
source => $network, | |
action => 'accept', | |
} | |
} | |
firewall { '999 drop all': | |
proto => 'all', | |
action => 'drop', | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class site::profiles::base { | |
class { '::ntp': } | |
class { '::firewall': } | |
class { '::site::firewall': } | |
$packages = ['git', 'vim'] | |
package { $packages: ensure => latest } | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class site::profiles::puppet::server { | |
# Hiera | |
$main_settings = hiera('site::puppet::settings::main') | |
$agent_settings = hiera('site::puppet::settings::agent') | |
$master_settings = hiera('site::puppet::settings::master') | |
$server_default_settings = hiera('site::puppet::settings::server_default') | |
$puppet_package_ensure = hiera('site::puppet::puppet_package_ensure') | |
$server_package_ensure = hiera('site::puppet::server_package_ensure') | |
# Resources | |
class { '::puppet': | |
server => true, | |
main_settings => $main_settings, | |
agent_settings => $agent_settings, | |
master_settings => $master_settings, | |
server_default_settings => $server_default_settings, | |
puppet_package_ensure => $server_package_ensure, | |
} | |
class { 'puppetdb': } | |
class { 'puppetdb::master::config': } | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class site::profiles::puppet::agent { | |
# Hiera | |
$main_settings = hiera('site::puppet::settings::main') | |
$agent_settings = hiera('site::puppet::settings::agent') | |
$puppet_package_ensure = hiera('site::puppet::puppet_package_ensure') | |
# Resources | |
class { '::puppet': | |
main_settings => $main_settings, | |
agent_settings => $agent_settings, | |
puppet_package_ensure => $server_package_ensure, | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class site::roles::puppet_server { | |
contain site::profiles::base | |
contain site::profiles::puppet::server | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment