{"id":19543700,"url":"https://github.com/foolean/puppet-puppet","last_synced_at":"2025-07-15T21:33:40.153Z","repository":{"id":11747037,"uuid":"14276569","full_name":"foolean/puppet-puppet","owner":"foolean","description":"DEPRECATED: Puppet module to manage puppet master and clients","archived":false,"fork":false,"pushed_at":"2014-01-31T01:35:04.000Z","size":597,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-01-08T19:13:07.111Z","etag":null,"topics":["deprecated"],"latest_commit_sha":null,"homepage":"","language":"Puppet","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/foolean.png","metadata":{"files":{"readme":"README","changelog":"CHANGELOG","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-11-10T13:11:59.000Z","updated_at":"2023-01-18T21:49:02.000Z","dependencies_parsed_at":"2022-09-05T11:30:20.555Z","dependency_job_id":null,"html_url":"https://github.com/foolean/puppet-puppet","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foolean%2Fpuppet-puppet","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foolean%2Fpuppet-puppet/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foolean%2Fpuppet-puppet/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foolean%2Fpuppet-puppet/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/foolean","download_url":"https://codeload.github.com/foolean/puppet-puppet/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240798822,"owners_count":19859440,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["deprecated"],"created_at":"2024-11-11T03:20:52.560Z","updated_at":"2025-02-26T05:30:04.916Z","avatar_url":"https://github.com/foolean.png","language":"Puppet","funding_links":[],"categories":[],"sub_categories":[],"readme":"puppet\n\nThis module handles the management of puppet agents as well as the\npuppetmaster. Puppetmaster invocations have the option of running\nthe standard webrick (the default) or passenger. Multiple environ-\nments are created to provide for a three-tiered development archit-\necture. These environments create 'production', 'development', and\nindividual 'developer' areas. This module also provides for the\nmanagement of additional environments for the purposes of providing\npuppet services to multiple sites (see CAVEAT below).\n\n\nExample\n-------\n\n node myagent {\n class { 'puppet':\n mode =\u003e 'agent',\n }\n }\n\n # accomplishes the same thing done for 'myagent' above\n node myotheragent {\n class { 'puppet': }\n }\n\n # Agent with different tidying requirements\n node smallagent {\n class { 'puppet':\n tidy_age =\u003e '4w',\n }\n }\n\n node mymaster {\n class { 'puppet':\n mode =\u003e 'master',\n clients =\u003e [ 'host1', 'host2', etc ],\n modules =\u003e [\n 'foolean-ssh'\n ],\n }\n }\n\n # A puppetmaster with different tidying requirements (5yrs)\n node mylongtermmaster {\n class { 'puppet':\n mode =\u003e 'master',\n clients =\u003e [ 'host1', 'host2', etc ],\n tidy_age =\u003e '260w',\n modules =\u003e [\n 'foolean-ssh'\n ],\n }\n }\n\n # A puppetmaster running passenger\n node myothermaster {\n class { 'puppet':\n mode =\u003e 'passenger',\n workers =\u003e 5,\n clients =\u003e [ 'host1', 'host2', etc ],\n developers =\u003e [ 'user1', 'user2', etc ],\n modules =\u003e [\n 'foolean-ssh'\n ],\n }\n }\n\n # A puppetmaster running passenger and multiple sites\n node mysitemaster {\n class { 'puppet':\n mode =\u003e 'passenger',\n workers =\u003e 5,\n clients =\u003e [ 'host1', 'host2', etc ],\n developers =\u003e [ 'user1', 'user2', etc ],\n modules =\u003e [\n 'foolean-ssh'\n ],\n sites =\u003e {\n 'site1' =\u003e {\n 'clients' =\u003e [ 'host1', 'host2', etc ],\n 'developers' =\u003e [ 'user1', 'user2', etc ],\n },\n 'site2' =\u003e {\n 'clients' =\u003e [ 'host1', 'host2', etc ],\n 'developers' =\u003e [ 'user1', 'user2', etc ],\n },\n },\n }\n }\n\n\n\nCAVEAT EMPTOR!\n--------------\n\n******************************************************\n*** DO NOT USE MORE THAN ONE SITE PER PUPPETMASTER ***\n*** IF YOU NEED TO MAINTAIN PRIVACY BETWEEN SITES! ***\n******************************************************\n\nPuppet allows for the execution of arbitrary ruby code on the puppetmaster.\nThis can be accomplished in manifest files by using the inline_template\nfunction or in template files themselves. The arbitrary code will execute\nin the context of the puppet daemon, typically uid:puppet, gid:puppet. While\nit limits the scope of readable and writable files over the entire file system\nit does also mean that any file puppet can read so can anyone with the rights\nto upload manifests and templates. Because of this \"feature\" there is no way\nto ensure privacy between sites.\n\n Manifest Example:\n\n # Grab the puppet.conf file (extra vars to ease 80-char wrapping)\n $config_file = \"${settings::confdir}/${settings::config_file_name}\"\n $foo = inline_template( \"\u003c%= %x{ cat ${config_file} } %\u003e\" ) \n notify { 'show-foo': message =\u003e $foo }\n\n Template Example\n \u003c%=\n %x{\n hostname -f;\n id ;\n pwd;\n echo \"#\"\n echo \"# uid=puppet and writable\"\n find / -type f -user puppet -perm -u=w -ls\n echo \"#\"\n echo \"# gid=puppet and writable\"\n find / -type f -group puppet -perm -g=w -ls\n echo \"#\"\n echo \"# world writable\"\n find / -type f -perm -o=w -ls\n echo \"#\"\n echo \"# facter information\"\n facter\n }\n %\u003e\n\n\n\nAbout this module\n-----------------\n\nQ. Shouldn't the Apache2 controls be in an Apache module instead of here?\n\nThis is an experiment to see if it is posisble to have this class be\nindepedent of any other classes. Ordinarily functionality such as the\nApache2 controls would be handled by an Apache module so that enhancements\nwill be carried through to all classes who utilize it. The a2ensite,\na2dissite, and a2enmod defines are innocuous enough that their structure\nshould not need to change. It is also the hopes of this module that\nit will not conflict with other Apache modules. In the future, a Foolean\nApache module will be created. This module may depend on the Apache\nmodule only if conflicts can not be avoided. In the end, this is all\nan attempt to publish useful modules without having to foist additional\nmodules upon the adopter.\n\n\n\nRequirements\n------------\n\nThis module requires puppet version 2.7 or greater.\n\nFor CentOS and RedHat this can be found on the RepoForge site as the EPEL site\nis still publishing v2.6.18\n\nNote: Even as of SLES 11-SP3, Novell SUSE is still using v2.6.18.\n\n\n\nSupported Operating Systems\n---------------------------\n\nPrimary development is done on Debian and then validated against other\noperating systems. The current list of supported operating systems is:\n\n +----------+-----------+--------+--------------+-----------+\n | OS | Bootstrap | Puppet | Puppetmaster | Passenger |\n +----------+-----------+--------+--------------+-----------+\n | CentOS | yes | yes | yes | Yes |\n | Debian | yes | yes | yes | Yes |\n | Fedora | yes | yes | yes | Yes |\n | OpenSUSE | yes | yes | yes | Yes |\n | RedHat | yes | yes | yes | Yes |\n | Ubuntu | yes | yes | yes | Yes |\n +----------+-----------+--------+--------------+-----------+\n\nNotes:\n* General:\n Puppet doesn't seem to be able to both stop puppetmaster and start\n Apache in the same run. Just manually start Apache after the first\n puppet run when switching to passenger. This should get fixed in a\n future release.\n\n* OpenSUSE:\n OpenSUSE requires that the modules be added to the APACHE_MODULES\n variable in /etc/sysconfig/apache2.\n\n The following modules are required for Puppet's Passenger:\n + headers\n + lbmethod_byrequests\n + passenger\n + proxy\n + proxy_balancer\n + proxy_http\n + slotmem_shm\n + socache_shmcb\n + version\n\n* RedHat:\n There are a number of packages that are required to run passenger that\n are not in the EPEL or RepoForge repositories. They are however, in\n the RedHat subscription repository. If you are experimenting with the\n RedHat operating system and do not have a subscription, you can install\n the missing packages from a CentOS repository.\n\n The missing packages are:\n + rubygems\n + ruby-docs\n + ruby-rdoc\n + ruby-irb\n + rubygem-rake\n\n\n\nSELinux\n-------\n\nThe passenger configuration created by this module does not function properly\nunder SELinux at this time. This can be fixed by dropping back to permissive\nmode and running audit2allow after a client runs against the server. SELinux\nsupport will be addressed in a future release.\n\n\n\nDirectory Structure\n-------------------\n\nTo facilitate host multiple sites, this module creates and relies on the\nfollowing directory structure.\n\n ${settings::vardir}/sites\n `-- default\n |-- development\n | |-- manifests\n | | `-- site.pp\n | |-- modules\n | | |-- puppet\n | | `-- [ other modules ]\n | `-- private\n | `-- [ fqdn ]\n |-- developers\n | `-- [ developer ]\n | |-- manifests\n | | `-- site.pp\n | |-- modules\n | | |-- puppet\n | | `-- [ other modules ]\n | `-- private\n | `-- [ fqdn ]\n `-- production\n |-- manifests\n | `-- site.pp\n |-- modules\n | |-- puppet\n | `-- [ other modules ]\n |-- private\n `-- [ fqdn ]\n\n\n\nFile and Directory Permissions\n------------------------------\n\nPuppet, by default, will attempt to manage the permissions and ownership\nof the various files within the $vardir structure. In doing so a number\nof the objects will end up with world readable permissions and ownership\nother than the puppet user or group. In order to allow this module to\nmanage the permissions and ownership the 'manage_internal_file_permissions'\noptions is set to 'false' in the main configuration block of puppet.conf.\n\nThis module will then to remove all 'world' permissions and set ownership\nto the puppet user and puppet group as there is really no reason for any\nother users to access the puppet files. The premis is that only an\nadministrator (e.g. someone with root) should be running puppet on a\nsystem. Likewise only an administrator or someone in the puppet group\nshould be looking at any of the puppet files.\n\nEven with all of this there are still a couple of areas where puppet\nitself still tries to enforce ownership.\n\n\n\nPrerun and Postrun commands\n---------------------------\n\nThis module uses a cron.d like format to handle prerun and postrun commands.\nScripts should be placed in either $confdir/pre-run.d or $confdir/post-run.d.\nThe 'rundir' script will execute any executable script found in the respective\ndirectory. This enables modules to add pre and post run processing much in\nthe same manner that cron.d is handled. Script precedence can be achieved by\nadding numerical prefixes such as pre-run.d/00_etckeeper.\n\n Example:\n prerun_command = /etc/puppet/rundir pre\n postrun_command = /etc/puppet/rundir post\n\nNOTE:\n The 'rundir' script utilizes the PUPPET_NOOP variable, which is set\n by the facter script isnoop.rb to skip the running of the prerun and\n postrun scripts when running with --noop turned on.\n\nCAUTION:\n This will run any executable script found in the pre and post run\n directories. It is for this reason that only root should be allowed\n to write into them. Allowing the puppet user to write into these\n directories will allow anyone with the ability to add recipees to\n the system to run arbitrary code on the agents. Like cron.d these\n will, more often than not, get run as root so care should be taken\n regarding the content that gets added.\n\n\n\nPackaging\n---------\n\nCreating the package (tarball) that can be installed using puppet's module\nfunction is simple. Run the following command while in the top of the module\ndirectory (e.g. /usr/src/puppet-puppet).\n\n puppet module build .\n\nThe resulting tarball will be named foolean-puppet-$VER.tar.gz and can be found\nin the \"pkg\" directory within the source tree.\n\n\nPuppetForge Installation\n------------------------\n\nFoolean Puppet is on PuppetLab's PuppetForge making installation as simple as:\n\n puppet module install foolean/puppet\n\n\nManual Installation\n-------------------\n\nWhen we're installing from a tarball the installation and upgrade process\nis the same. You'll need to set --modulepath if f you're installing the\nmodule in a path other than the location defined in puppet.conf.\n\n MODULEPATH=/var/lib/puppet/modules\n puppet module install \\\n --force \\\n --ignore-dependencies \\\n --module-path $MODULEPATH \\\n $PATHTO/foolean-puppet-$VER.tar.gz\n\n\nBootstrapping\n-------------\n\nWhen going for complete deterministic installations we will quickly find\nourselves in chicken/egg territory. We use puppet to ensure determinism\nin our systems but how do we get puppet onto a new puppetmaster when an\nexisting puppetmaster doesn't exist? That is the purpose of the \n\"bootstrap.pp\" file. The first time the operating system comes up after\ninstall the following steps can be run to bootstrap the puppetmaster.\n\n # install puppet\n apt-get install puppet\n\n # retrieve the bootstrap.pp file\n wget https://raw.github.com/foolean/puppet-puppet/master/manifests/master/bootstrap.pp\n\n # run the bootstrap process (add --noop if you want to review first)\n puppet apply --detailed-exitcodes --verbose ./bootstrap.pp\n\n # run puppet again to configure the system as a puppetmaster\n puppet agent --test\n\n\n\nTo Do\n-----\n\n* Add SELinux support\n\n\n\nLicense\n-------\n\nCopyright (c) 2013 Foolean.org\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\nhttp://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n\n\nContact\n-------\nbennett@foolean.org\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffoolean%2Fpuppet-puppet","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffoolean%2Fpuppet-puppet","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffoolean%2Fpuppet-puppet/lists"}