style edits to puppet config files
Change-Id: I4f7314bcb1cb58f94ff7a78aebe27ec4591fc11c Reviewed-on: https://review.openstack.org/14187 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
This commit is contained in:
parent
71e96df67f
commit
21dff1ba3d
@ -1,20 +1,20 @@
|
||||
#http://projects.puppetlabs.com/projects/1/wiki/Module_Iptables_Patterns
|
||||
|
||||
class iptables($rules='', $public_tcp_ports=[], $public_udp_ports=[]) {
|
||||
package {
|
||||
"iptables-persistent": ensure => present;
|
||||
package { 'iptables-persistent':
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
service { "iptables-persistent":
|
||||
require => Package["iptables-persistent"],
|
||||
service { 'iptables-persistent':
|
||||
require => Package['iptables-persistent'],
|
||||
|
||||
# Because there is no running process for this service, the normal status
|
||||
# checks fail. Because puppet then thinks the service has been manually
|
||||
# stopped, it won't restart it. This fake status command will trick puppet
|
||||
# into thinking the service is *always* running (which in a way it is, as
|
||||
# iptables is part of the kernel.)
|
||||
hasstatus => true,
|
||||
status => "true",
|
||||
hasstatus => true,
|
||||
status => true,
|
||||
|
||||
# Under Debian, the "restart" parameter does not reload the rules, so tell
|
||||
# Puppet to fall back to stop/start, which does work.
|
||||
@ -22,32 +22,29 @@ class iptables($rules='', $public_tcp_ports=[], $public_udp_ports=[]) {
|
||||
|
||||
}
|
||||
|
||||
file { "/etc/iptables":
|
||||
ensure => directory
|
||||
file { '/etc/iptables':
|
||||
ensure => directory,
|
||||
}
|
||||
|
||||
file {
|
||||
"/etc/iptables/rules":
|
||||
owner => "root",
|
||||
group => "root",
|
||||
mode => 640,
|
||||
file { '/etc/iptables/rules':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0640',
|
||||
content => template('iptables/rules.erb'),
|
||||
require => [Package["iptables-persistent"], File["/etc/iptables"]],
|
||||
require => [Package['iptables-persistent'], File['/etc/iptables']],
|
||||
|
||||
# When this file is updated, make sure the rules get reloaded.
|
||||
notify => Service["iptables-persistent"],
|
||||
;
|
||||
notify => Service['iptables-persistent'],
|
||||
}
|
||||
|
||||
file {
|
||||
"/etc/iptables/rules.v4":
|
||||
owner => "root",
|
||||
group => "root",
|
||||
mode => 640,
|
||||
ensure => link,
|
||||
target => "/etc/iptables/rules",
|
||||
require => File["/etc/iptables/rules"],
|
||||
notify => Service["iptables-persistent"]
|
||||
file { '/etc/iptables/rules.v4':
|
||||
ensure => link,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0640',
|
||||
target => '/etc/iptables/rules',
|
||||
require => File['/etc/iptables/rules'],
|
||||
notify => Service['iptables-persistent'],
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -1,10 +1,10 @@
|
||||
define logrotate::file($log,
|
||||
$options,
|
||||
$ensure=present,
|
||||
$prerotate='undef',
|
||||
$postrotate='undef',
|
||||
$firstaction='undef',
|
||||
$lastaction='undef') {
|
||||
define logrotate::file( $log,
|
||||
$options,
|
||||
$ensure=present,
|
||||
$prerotate='undef',
|
||||
$postrotate='undef',
|
||||
$firstaction='undef',
|
||||
$lastaction='undef') {
|
||||
|
||||
# $options should be an array containing 1 or more logrotate
|
||||
# directives (e.g. missingok, compress).
|
||||
@ -12,11 +12,11 @@ define logrotate::file($log,
|
||||
include logrotate
|
||||
|
||||
file { "/etc/logrotate.d/${name}":
|
||||
owner => root,
|
||||
group => root,
|
||||
mode => 644,
|
||||
ensure => $ensure,
|
||||
content => template("logrotate/config.erb"),
|
||||
require => File["/etc/logrotate.d"],
|
||||
ensure => $ensure,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => template('logrotate/config.erb'),
|
||||
require => File['/etc/logrotate.d'],
|
||||
}
|
||||
}
|
||||
|
@ -1,16 +1,15 @@
|
||||
# Adapted from http://projects.puppetlabs.com/projects/1/wiki/Logrotate_Patterns
|
||||
|
||||
class logrotate {
|
||||
|
||||
package { "logrotate":
|
||||
package { 'logrotate':
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
file { "/etc/logrotate.d":
|
||||
ensure => directory,
|
||||
owner => root,
|
||||
group => root,
|
||||
mode => 755,
|
||||
require => Package["logrotate"],
|
||||
file { '/etc/logrotate.d':
|
||||
ensure => directory,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0755',
|
||||
require => Package['logrotate'],
|
||||
}
|
||||
}
|
||||
|
@ -2,10 +2,10 @@ class remove_nginx {
|
||||
package { 'nginx':
|
||||
ensure => absent,
|
||||
}
|
||||
file { "/etc/nginx/sites-available/default":
|
||||
file { '/etc/nginx/sites-available/default':
|
||||
ensure => absent,
|
||||
}
|
||||
service { 'nginx':
|
||||
ensure => stopped
|
||||
ensure => stopped,
|
||||
}
|
||||
}
|
||||
|
@ -1,19 +1,19 @@
|
||||
class ssh {
|
||||
package { openssh-server: ensure => present }
|
||||
service { ssh:
|
||||
ensure => running,
|
||||
hasrestart => true,
|
||||
subscribe => File["/etc/ssh/sshd_config"],
|
||||
package { 'openssh-server':
|
||||
ensure => present,
|
||||
}
|
||||
file { "/etc/ssh/sshd_config":
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => 444,
|
||||
ensure => 'present',
|
||||
source => [
|
||||
"puppet:///modules/ssh/sshd_config.$operatingsystem",
|
||||
"puppet:///modules/ssh/sshd_config"
|
||||
],
|
||||
replace => 'true',
|
||||
service { 'ssh':
|
||||
ensure => running,
|
||||
hasrestart => true,
|
||||
subscribe => File['/etc/ssh/sshd_config'],
|
||||
}
|
||||
file { '/etc/ssh/sshd_config':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
source => [ "puppet:///modules/ssh/sshd_config.${::operatingsystem}",
|
||||
'puppet:///modules/ssh/sshd_config' ],
|
||||
replace => true,
|
||||
}
|
||||
}
|
||||
|
@ -1,17 +1,17 @@
|
||||
class sudoers {
|
||||
group { 'sudo':
|
||||
ensure => 'present'
|
||||
ensure => present,
|
||||
}
|
||||
group { 'admin':
|
||||
ensure => 'present'
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
file { '/etc/sudoers':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => 440,
|
||||
ensure => 'present',
|
||||
source => "puppet:///modules/sudoers/sudoers",
|
||||
replace => 'true',
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0440',
|
||||
source => 'puppet:///modules/sudoers/sudoers',
|
||||
replace => true,
|
||||
}
|
||||
}
|
||||
|
@ -1,28 +1,27 @@
|
||||
class unattended_upgrades($ensure = present) {
|
||||
package { 'unattended-upgrades':
|
||||
ensure => $ensure;
|
||||
ensure => $ensure,
|
||||
}
|
||||
|
||||
package { 'mailutils':
|
||||
ensure => $ensure;
|
||||
ensure => $ensure,
|
||||
}
|
||||
|
||||
file { '/etc/apt/apt.conf.d/10periodic':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => 444,
|
||||
ensure => $ensure,
|
||||
source => "puppet:///modules/unattended_upgrades/10periodic",
|
||||
replace => 'true',
|
||||
ensure => $ensure,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
source => 'puppet:///modules/unattended_upgrades/10periodic',
|
||||
replace => true,
|
||||
}
|
||||
|
||||
file { '/etc/apt/apt.conf.d/50unattended-upgrades':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => 444,
|
||||
ensure => $ensure,
|
||||
source => "puppet:///modules/unattended_upgrades/50unattended-upgrades",
|
||||
replace => 'true',
|
||||
ensure => $ensure,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
source => 'puppet:///modules/unattended_upgrades/50unattended-upgrades',
|
||||
replace => true,
|
||||
}
|
||||
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user