Skip to content

Commit

Permalink
added files
Browse files Browse the repository at this point in the history
  • Loading branch information
@rwf14f
rwf14f committed Jan 17, 2014
1 parent 1ade4b1 commit 0347d1d
Show file tree
Hide file tree
Showing 8 changed files with 493 additions and 0 deletions.
111 changes: 111 additions & 0 deletions manifests/apache.pp
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,111 @@
class perfsonar::apache(
$hostcert = $perfsonar::params::hostcert,
$hostkey = $perfsonar::params::hostkey,
$capath = $perfsonar::params::capath,
$clientauth = $perfsonar::params::clientauth,
$verifydepth = $perfsonar::params::verifydepth,
$authdn = [],
) inherits perfsonar::params {
augeas { 'set mod_ssl params':
incl => "${perfsonar::params::mod_dir}/ssl.conf",
lens => 'Httpd.lns',
context => "/files/${perfsonar::params::mod_dir}/ssl.conf/VirtualHost",
changes => [
"set *[.='SSLCertificateFile']/arg ${hostcert}",
"set *[.='SSLCertificateKeyFile']/arg ${hostkey}",
"set directive[.='SSLCACertificatePath'] 'SSLCACertificatePath'", # create node if not exist
"set *[.='SSLCACertificatePath']/arg ${capath}", # set value for node
"set directive[.='SSLVerifyClient'] 'SSLVerifyClient'",
"set *[.='SSLVerifyClient']/arg ${clientauth}",
"set directive[.='SSLVerifyDepth'] 'SSLVerifyDepth'",
"set *[.='SSLVerifyDepth']/arg ${verifydepth}",
],
}
$have_auth = $authdn ? {
undef => 0,
default => size($authdn),
}
if $have_auth > 0 {
augeas { 'set mod_ssl auth':
incl => "${perfsonar::params::conf_dir}/apache-toolkit_web_gui.conf",
lens => 'Httpd.lns',
context => "/files/${perfsonar::params::conf_dir}/apache-toolkit_web_gui.conf",
changes => [
"rm Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin\"']/directive[.='AuthShadow']",
"rm Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin\"']/directive[.='AuthType']",
"rm Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin\"']/directive[.='AuthName']",
"rm Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin\"']/directive[.='Require']",
"set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin\"']/directive[.='Include'] 'Include'",
"set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin\"']/*[.='Include']/arg '${perfsonar::params::httpd_dir}/ssl_auth.conf'",
"rm Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin/logs\"']/directive[.='AuthShadow']",
"rm Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin/logs\"']/directive[.='AuthType']",
"rm Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin/logs\"']/directive[.='AuthName']",
"rm Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin/logs\"']/directive[.='Require']",
"set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin/logs\"']/directive[.='Include'] 'Include'",
"set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin/logs\"']/*[.='Include']/arg '${perfsonar::params::httpd_dir}/ssl_auth.conf'",
# instead of the set commands above, the setm regex versions below should work as well (they do in augtool),
# but for some reason they produce an error when run by puppet ('Could not evaluate: missing string argument 2 for setm', no useful debug output either)
# the rm commands below work, but we shouldn't use them with the single set commands above because they can cause security problems
# e.g., if the original auth section is removed without from an unexpected directory entry without adding the include
#"rm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')]/directive[.='AuthShadow']",
#"rm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')]/directive[.='AuthType']",
#"rm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')]/directive[.='AuthName']",
#"rm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')]/directive[.='Require']",
#"setm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')] directive[.='Include'] 'Include'",
#"setm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')] *[.='Include']/arg '${perfsonar::params::httpd_dir}/ssl_auth.conf'",
]
}
file { "${perfsonar::params::httpd_dir}/ssl_auth.conf":
ensure => 'present',
owner => 'root',
group => 'root',
mode => '0644',
content => template("${module_name}/ssl_auth.conf.erb"),
}
} else {
augeas { 'restore mod_ssl auth':
incl => "${perfsonar::params::conf_dir}/apache-toolkit_web_gui.conf",
lens => 'Httpd.lns',
context => "/files/${perfsonar::params::conf_dir}/apache-toolkit_web_gui.conf",
changes => [
"rm Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin\"']/*[.='Include']",
"set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin\"']/directive[.='AuthShadow'] 'AuthShadow'",
"set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin\"']/*[.='AuthShadow']/arg 'on'",
"set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin\"']/directive[.='AuthType'] 'AuthType'",
"set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin\"']/*[.='AuthType']/arg 'Basic'",
"set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin\"']/directive[.='AuthName'] 'AuthName'",
"set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin\"']/*[.='AuthName']/arg '\"Password Required\"'",
"set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin\"']/directive[.='Require'] 'Require'",
"set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin\"']/*[.='Require']/arg[1] 'group'",
"set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin\"']/*[.='Require']/arg[2] 'wheel'",
"set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin\"']/*[.='Require']/arg[3] 'admin'",
"rm Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin/logs\"']/*[.='Include']",
"set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin/logs\"']/directive[.='AuthShadow'] 'AuthShadow'",
"set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin/logs\"']/*[.='AuthShadow']/arg 'on'",
"set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin/logs\"']/directive[.='AuthType'] 'AuthType'",
"set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin/logs\"']/*[.='AuthType']/arg 'Basic'",
"set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin/logs\"']/directive[.='AuthName'] 'AuthName'",
"set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin/logs\"']/*[.='AuthName']/arg '\"Password Required\"'",
"set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin/logs\"']/directive[.='Require'] 'Require'",
"set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin/logs\"']/*[.='Require']/arg[1] 'group'",
"set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin/logs\"']/*[.='Require']/arg[2] 'wheel'",
"set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin/logs\"']/*[.='Require']/arg[3] 'admin'",
# below should work, but the setm command suffers the same problem as the ones in the "if $have_auth > 0" block
#"rm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')]/*[.='Include']",
#"setm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')] directive[.='AuthShadow'] 'AuthShadow'",
#"setm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')] *[.='AuthShadow']/arg 'on'",
#"setm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')] directive[.='AuthType'] 'AuthType'",
#"setm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')] *[.='AuthType']/arg 'Basic'",
#"setm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')] directive[.='AuthName'] 'AuthName'",
#"setm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')] *[.='AuthName']/arg '\"Password Required\"'",
#"setm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')] directive[.='Require'] 'Require'",
#"setm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')] *[.='Require']/arg[1] 'group'",
#"setm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')] *[.='Require']/arg[2] 'wheel'",
#"setm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')] *[.='Require']/arg[3] 'admin'",
]
}
file { "${perfsonar::params::httpd_dir}/ssl_auth.conf":
ensure => 'absent',
}
}
}
85 changes: 85 additions & 0 deletions manifests/config.pp
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
class perfsonar::config(
$admininfo = {},
$agentconfig = {},
) inherits perfsonar::params {
exec { 'ps_initdb_cacti':
environment => [ "HOME=/root" ],
command => $perfsonar::params::ps_initdb_cmd_cacti,
logoutput => 'on_failure',
require => Service['mysqld'],
unless => '/bin/echo "show databases" | /usr/bin/mysql | /bin/grep -q "^cacti$"',
}
exec { 'ps_initdb_psb_bwctl':
environment => [ "HOME=/root" ],
command => $perfsonar::params::ps_initdb_cmd_psb_bwctl,
logoutput => 'on_failure',
require => Service['mysqld'],
unless => '/bin/echo "show databases" | /usr/bin/mysql | /bin/grep -q "^bwctl$"',
}
exec { 'ps_initdb_psb_owamp':
environment => [ "HOME=/root" ],
command => $perfsonar::params::ps_initdb_cmd_psb_owamp,
logoutput => 'on_failure',
require => Service['mysqld'],
unless => '/bin/echo "show databases" | /usr/bin/mysql | /bin/grep -q "^owamp$"',
}
exec { 'ps_initdb_tr_ma':
environment => [ "HOME=/root" ],
command => $perfsonar::params::ps_initdb_cmd_tr_ma,
logoutput => 'on_failure',
require => Service['mysqld'],
unless => '/bin/echo "show databases" | /usr/bin/mysql | /bin/grep -q "^traceroute_ma$"',
}
exec { 'ps_initdb_pinger':
environment => [ "HOME=/root" ],
command => $perfsonar::params::ps_initdb_cmd_pinger,
logoutput => 'on_failure',
require => Service['mysqld'],
unless => '/bin/echo "show databases" | /usr/bin/mysql | /bin/grep -q "^pingerMA$"',
}
# the perfsonar kickstart post script replaces all 'yes' values in /etc/sysconfig/readahead to 'no'
# we do the same here with augeas, it replaces all '"yes"' and 'yes' values to 'no'
# let's hope they don't start using single quotes in that file,
# my attempts to update single quoted values as well failed miserably
# (maybe I should have gone for a simple 'sed -i' exec)
augeas { 'disable readahead':
incl => '/etc/sysconfig/readahead',
lens => 'Shellvars.lns',
context => '/files/etc/sysconfig',
changes => 'setm readahead *[label()!=\'#comment\'][.=~regexp(\'"?yes"?\')] "no"',
# we need the onlyif because the above command produces an error if the regex can't find any values
onlyif => 'match readahead/*[label()!=\'#comment\'][.=~regexp(\'"?yes"?\')] size > 0',
}
# ensure ssh is enabled by default, otherwise saving the configuration in the webinterface (or boot can disable it)
augeas { 'enable ssh':
context => '/files/opt/perfsonar_ps/toolkit/etc/enabled_services',
incl => '/opt/perfsonar_ps/toolkit/etc/enabled_services',
lens => 'Shellvars.lns',
changes => 'set ssh_enabled "enabled"'
}
$site_project = 'pS-NPToolkit-3.3.1'
file { '/opt/perfsonar_ps/toolkit/etc/administrative_info':
ensure => 'present',
owner => 'root',
group => 'root',
mode => '0644',
content => template("${module_name}/administrative_info.erb"),
}
# file { '/opt/perfsonar_ps/toolkit/etc/external_addresses':
# ensure => 'present',
# owner => 'root',
# group => 'root',
# mode => '0644',
# content => template("${module_name}/administrative_info.erb"),
# }
$agent_options = merge($perfsonar::params::agentconfig, $agentconfig)
file { '/opt/perfsonar_ps/mesh_config/etc/agent_configuration.conf':
ensure => 'present',
owner => 'perfsonar',
group => 'perfsonar',
mode => '0644',
content => template("${module_name}/agent_configuration.conf.erb"),
}
# ??? run "sudo -u perfsonar /opt/perfsonar_ps/mesh_config/bin/generate_configuration" when agent_configuration.conf is changed
# it takes a long time to complete, so it's probably not a good idea, it's being run by a cron job every night any way
}
5 changes: 5 additions & 0 deletions manifests/install.pp
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
class perfsonar::install (
$packages = $perfsonar::params::install_packages,
) inherits perfsonar::params {
package { $packages: }
}
65 changes: 65 additions & 0 deletions manifests/params.pp
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
class perfsonar::params {
# package list taken from centos6-netinstall.cfg (from the perfsonar netinstall cd)
# system packages (already installed on standard installation) and
# packages that are dependencies of packages in this list have been removed from the original list
$install_packages = [
'perl-perfSONAR_PS-Toolkit',
'perl-perfSONAR_PS-Toolkit-SystemEnvironment',
'perl-perfSONAR_PS-MeshConfig-Agent',
'kmod-sk98lin',
'iperf3',
'gcc',
'mysql-devel',
'device-mapper-multipath',
'nuttcp',
'php-gd',
'php-xml',
'syslinux',
'tcptrace',
'xplot-tcptrace',
]
# other packages in the original kickstart, but left out
# 'perl-DBD-mysql' doesn't exist, it's called perl-DBD-MySQL
# 'xkeyboard-config' do we need it, we don't run X ??
# 'comps-extras' contains images only, do we need it ??

# init database commands
# names of db init scripts to run can be found in /opt/perfsonar_ps/toolkit/scripts/initialize_databases
# we can just run two of them directly, the others call perl scripts which we have run directly
$ps_initdb_cmd_cacti = '/opt/perfsonar_ps/toolkit/scripts/initialize_cacti_database'
$ps_initdb_cmd_pinger = '/opt/perfsonar_ps/toolkit/scripts/initialize_pinger_database'
# the following perl commands ask for the mysql root password on stdin, so we extract it from /root/.my.cnf
# the original shell scripts (/opt/perfsonar_ps/toolkit/scripts/initialize_* scripts just pipe echo into the
# perl script and would require a mysql server without a root password
$ps_initdb_cmd_psb_bwctl = '/bin/sed -n "s/^password=//p" /root/.my.cnf | tr -d "\n\'" | /opt/perfsonar_ps/perfsonarbuoy_ma/bin/bwdb.pl -i root'
$ps_initdb_cmd_psb_owamp = '/bin/sed -n "s/^password=//p" /root/.my.cnf | tr -d "\n\'" | /opt/perfsonar_ps/perfsonarbuoy_ma/bin/owdb.pl -i root'
$ps_initdb_cmd_tr_ma = '/bin/sed -n "s/^password=//p" /root/.my.cnf | tr -d "\n\'" | /opt/perfsonar_ps/traceroute_ma/bin/tracedb.pl -i root -c /opt/perfsonar_ps/perfsonarbuoy_ma/etc'

# apache options
$hostcert = '/etc/grid-security/hostcert.pem'
$hostkey = '/etc/grid-security/hostkey.pem'
$capath = '/etc/grid-security/certificates'
$clientauth = 'optional'
$verifydepth = '5'

# default mesh config
$agentconfig = {
mesh => [],
traceroute_master_conf => '/opt/perfsonar_ps/traceroute_ma/etc/traceroute-master.conf',
owmesh_conf => '/opt/perfsonar_ps/perfsonarbuoy_ma/etc/owmesh.conf',
pinger_landmarks => '/opt/perfsonar_ps/PingER/etc/pinger-landmarks.xml',
restart_services => 0,
use_toolkit => 1,
send_error_emails => 1,
skip_redundant_tests => 1,
}
# paths
case $::osfamily {
'RedHat': {
$httpd_dir = '/etc/httpd'
$mod_dir = "${httpd_dir}/conf.d"
$conf_dir = "${httpd_dir}/conf.d"
}
default: {}
}
}
114 changes: 114 additions & 0 deletions manifests/service.pp
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,114 @@
class perfsonar::service(
) {
# start stop restart
service { 'bwctld':
ensure => 'running',
enable => true,
hasstatus => false,
hasrestart => true,
}
# start stop restart
service { 'config_daemon':
}
# start
service { 'configure_nic_parameters':
}
# start stop(nil) restart(start)
service { 'dicover_external_address':
}
# start stop(nil) restart
service { 'generate_motd':
}
# start stop status restart condrestart|try-restart(stop start) force-reload|reload(nil)
service { 'htcacheclean':
}
service { 'httpd':
}
# start stop restart
service { 'ls_cache_daemon':
}
# start stop restart
service { 'ls_registration_daemon':
}
# start stop status restart condrestart|try-restart(restart) force-reload|reload
service { 'multipathd':
}
# start stop status restart|reload
service { 'ndt':
}
# start stop restart
service { 'npad':
}
# start stop status restart condrestart|try-restart(restart) force-reload|reload
service { 'nscd':
}
# start stop status restart condrestart|try-restart(restart) force-reload(restart) reload(restart)
service { 'openct':
}
# start stop restart
service { 'owamp':
}
# start stop restart status condrestart|try-restart
service { 'pcscd':
}
# start stop restart
service { 'perfsonarbuoy_bw_collector':
}
# start stop restart
service { 'perfsonarbuoy_bw_master':
}
# start stop restart
service { 'perfsonarbuoy_ma':
}
# start stop restart
service { 'perfsonarbuoy_owp_collector':
}
# start stop restart configure
service { 'perfsonarbuoy_owp_master':
}
# start stop restart
service { 'PingER':
}
# start stop restart condrestart|try-restart(restart) reload(nil) force-reload(restart) status
service { 'portreserve':
}
# start stop status restart|reload|force-reload condrestart|try-restart
service { 'rpcbind':
}
# start stop restart
service { 'services_init_script':
}
# start stop restart
service { 'simple_ls_bootstrap_client':
}
# start stop restart
service { 'snmp_ma':
}
# start stop restart
service { 'topology_service':
}
# start stop restart
service { 'traceroute_ma':
}
# start stop restart
service { 'traceroute_master':
}
# start stop restart
service { 'traceroute_ondemand_mp':
}
# start stop restart
service { 'tracerouet_scheduler':
}

# the following services are installed by perfsonar, but not enabled
# avahi daemon
# bluetooth
# cups
# nfs
# nfslock
# rpcgssd (nfs gss)
# rpcidmapd
# rpcsvcgssd
# snmpd
# snmptrapd
}
8 changes: 8 additions & 0 deletions templates/administrative_info.erb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
<% unless @admininfo && @admininfo.has_key?('site_project') -%>
site_project=<%= @site_project %>
<% end
if @admininfo
@admininfo.keys.sort.each do |k| -%>
<%= k %>=<%= @admininfo[k] %>
<% end
end -%>
Loading

0 comments on commit 0347d1d

Please sign in to comment.