commit
4ca49979c0
7 changed files with 233 additions and 17 deletions
|
@ -1,9 +1,10 @@
|
||||||
forge "http://forge.puppetlabs.com"
|
forge "http://forge.puppetlabs.com"
|
||||||
|
|
||||||
mod 'camptocamp/augeas', '0.0.1'
|
|
||||||
mod 'hunner/wordpress', '0.6.0'
|
mod 'hunner/wordpress', '0.6.0'
|
||||||
|
mod 'jfryman/nginx', '0.0.9'
|
||||||
mod 'puppetlabs/apache', '0.10.0'
|
mod 'puppetlabs/apache', '0.10.0'
|
||||||
|
mod 'puppetlabs/firewall', '1.0.2'
|
||||||
mod 'puppetlabs/mysql', '2.2.3'
|
mod 'puppetlabs/mysql', '2.2.3'
|
||||||
mod 'saz/ssh', '1.2.0'
|
mod 'saz/ssh', '2.3.3'
|
||||||
mod 'saz/sudo', '2.4.3'
|
mod 'saz/sudo', '2.4.3'
|
||||||
|
|
||||||
|
|
|
@ -1,28 +1,35 @@
|
||||||
FORGE
|
FORGE
|
||||||
remote: http://forge.puppetlabs.com
|
remote: http://forge.puppetlabs.com
|
||||||
specs:
|
specs:
|
||||||
camptocamp/augeas (0.0.1)
|
|
||||||
hunner/wordpress (0.6.0)
|
hunner/wordpress (0.6.0)
|
||||||
puppetlabs/concat (>= 1.0.0)
|
puppetlabs/concat (>= 1.0.0)
|
||||||
puppetlabs/mysql (>= 2.1.0)
|
puppetlabs/mysql (>= 2.1.0)
|
||||||
puppetlabs/stdlib (>= 2.3.1)
|
puppetlabs/stdlib (>= 2.3.1)
|
||||||
|
jfryman/nginx (0.0.9)
|
||||||
|
puppetlabs/apt (>= 1.0.0)
|
||||||
|
puppetlabs/concat (>= 1.0.0)
|
||||||
|
puppetlabs/stdlib (>= 0.1.6)
|
||||||
puppetlabs/apache (0.10.0)
|
puppetlabs/apache (0.10.0)
|
||||||
puppetlabs/concat (>= 1.0.0)
|
puppetlabs/concat (>= 1.0.0)
|
||||||
puppetlabs/stdlib (>= 2.4.0)
|
puppetlabs/stdlib (>= 2.4.0)
|
||||||
|
puppetlabs/apt (1.4.2)
|
||||||
|
puppetlabs/stdlib (>= 2.2.1)
|
||||||
puppetlabs/concat (1.1.0-rc1)
|
puppetlabs/concat (1.1.0-rc1)
|
||||||
puppetlabs/stdlib (>= 3.0.0)
|
puppetlabs/stdlib (>= 3.0.0)
|
||||||
|
puppetlabs/firewall (1.0.2)
|
||||||
puppetlabs/mysql (2.2.3)
|
puppetlabs/mysql (2.2.3)
|
||||||
puppetlabs/stdlib (>= 3.2.0)
|
puppetlabs/stdlib (>= 3.2.0)
|
||||||
puppetlabs/stdlib (4.1.0)
|
puppetlabs/stdlib (4.1.0)
|
||||||
saz/ssh (1.2.0)
|
saz/ssh (2.3.3)
|
||||||
puppetlabs/stdlib (>= 2.2.1)
|
puppetlabs/stdlib (>= 2.2.1)
|
||||||
saz/sudo (2.4.3)
|
saz/sudo (2.4.3)
|
||||||
|
|
||||||
DEPENDENCIES
|
DEPENDENCIES
|
||||||
camptocamp/augeas (= 0.0.1)
|
|
||||||
hunner/wordpress (= 0.6.0)
|
hunner/wordpress (= 0.6.0)
|
||||||
|
jfryman/nginx (= 0.0.9)
|
||||||
puppetlabs/apache (= 0.10.0)
|
puppetlabs/apache (= 0.10.0)
|
||||||
|
puppetlabs/firewall (= 1.0.2)
|
||||||
puppetlabs/mysql (= 2.2.3)
|
puppetlabs/mysql (= 2.2.3)
|
||||||
saz/ssh (= 1.2.0)
|
saz/ssh (= 2.3.3)
|
||||||
saz/sudo (= 2.4.3)
|
saz/sudo (= 2.4.3)
|
||||||
|
|
||||||
|
|
30
README.md
30
README.md
|
@ -1,2 +1,32 @@
|
||||||
# TC362 - Web Administration
|
# TC362 - Web Administration
|
||||||
|
|
||||||
|
## Installation
|
||||||
|
|
||||||
|
Download the bootstrap script, set as executable, and run as root.
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
|
||||||
|
```
|
||||||
|
./bootstrap -s
|
||||||
|
```
|
||||||
|
|
||||||
|
Setup a server using the site.pp manifest and the master branch.
|
||||||
|
|
||||||
|
```
|
||||||
|
./bootstrap -s -m final.pp
|
||||||
|
```
|
||||||
|
|
||||||
|
Setup the server from the final project manifest
|
||||||
|
|
||||||
|
```
|
||||||
|
./bootstrap
|
||||||
|
```
|
||||||
|
|
||||||
|
Run the site.pp manifest file without the initial setup configurations.
|
||||||
|
|
||||||
|
```
|
||||||
|
./bootstrap -m final.pp atomaka/feature/final
|
||||||
|
```
|
||||||
|
|
||||||
|
Run the final.pp manifest file on the ```atomaka/feature/final``` branch of the
|
||||||
|
project.
|
||||||
|
|
16
bootstrap.sh
16
bootstrap.sh
|
@ -3,13 +3,16 @@
|
||||||
# BOOSTRAP SCRIPT
|
# BOOSTRAP SCRIPT
|
||||||
# Can take a single param to allow a specific branch to be installed
|
# Can take a single param to allow a specific branch to be installed
|
||||||
|
|
||||||
usage() { echo "Usage: $0 [-s] [branch]" 1>&2; exit 1; }
|
usage() { echo "Usage: $0 [-s] [-m MANIFEST_FILE] [BRANCH]" 1>&2; exit 1; }
|
||||||
|
|
||||||
while getopts "s" o; do
|
while getopts "sm:" o; do
|
||||||
case "${o}" in
|
case "${o}" in
|
||||||
s)
|
s)
|
||||||
SETUP=true
|
SETUP=true
|
||||||
;;
|
;;
|
||||||
|
m)
|
||||||
|
MANIFEST=${OPTARG}
|
||||||
|
;;
|
||||||
*)
|
*)
|
||||||
usage
|
usage
|
||||||
;;
|
;;
|
||||||
|
@ -36,11 +39,16 @@ if [ "$SETUP" = true ] ; then
|
||||||
dpkg-reconfigure --frontend noninteractive tzdata
|
dpkg-reconfigure --frontend noninteractive tzdata
|
||||||
|
|
||||||
# UPGRADE ALL CURRENT PACKAGES
|
# UPGRADE ALL CURRENT PACKAGES
|
||||||
apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y
|
apt-get update && apt-get upgrade -y
|
||||||
|
|
||||||
# INSTALL GIT
|
# INSTALL GIT
|
||||||
apt-get install git -y
|
apt-get install git -y
|
||||||
|
|
||||||
|
# INSTALL RUBY 1.9.3 (for rails)
|
||||||
|
apt-get install ruby1.9.3 -y
|
||||||
|
update-alternatives --set ruby /usr/bin/ruby1.9.1
|
||||||
|
update-alternatives --set gem /usr/bin/gem1.9.1
|
||||||
|
|
||||||
# INSTALL RUBYGEMS
|
# INSTALL RUBYGEMS
|
||||||
apt-get install rubygems -y
|
apt-get install rubygems -y
|
||||||
|
|
||||||
|
@ -68,4 +76,4 @@ fi
|
||||||
librarian-puppet install
|
librarian-puppet install
|
||||||
|
|
||||||
# RUN MANIFEST
|
# RUN MANIFEST
|
||||||
puppet apply manifests/site.pp --modulepath=modules/
|
puppet apply manifests/$MANIFEST --modulepath=modules/
|
||||||
|
|
1
final/server.txt
Normal file
1
final/server.txt
Normal file
|
@ -0,0 +1 @@
|
||||||
|
final.atomaka.com (162.243.53.120)
|
162
manifests/final.pp
Normal file
162
manifests/final.pp
Normal file
|
@ -0,0 +1,162 @@
|
||||||
|
# Create a non root user with sudo permissions
|
||||||
|
# jeff, with password
|
||||||
|
user { 'jeff':
|
||||||
|
ensure => present,
|
||||||
|
groups => ['sudo'],
|
||||||
|
managehome => true,
|
||||||
|
shell => '/bin/bash',
|
||||||
|
password => '$6$.AURF9sE09Q$..S10CFY7G.AVXzSW//w6GoV6yPzBzdvyUl8a7oyYbW/XzBU.o6AdHxTgTkCSWb64zmN3QoKovoUyLJhE/MFP/',
|
||||||
|
}
|
||||||
|
|
||||||
|
class { '::ssh::server':
|
||||||
|
storeconfigs_enabled => false,
|
||||||
|
options => {
|
||||||
|
# Logging in with the root user must be disabled
|
||||||
|
'PermitRootLogin' => 'no',
|
||||||
|
# SSH must be enabled on a non-standard port
|
||||||
|
'Port' => [22984],
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
# Install a working MySQL server
|
||||||
|
class { '::mysql::server': }
|
||||||
|
|
||||||
|
# A fully functioning Ruby on Rails installation must be present at your domain
|
||||||
|
# name or IP address using the Nginx web server (must show the Rails welcome
|
||||||
|
# page)
|
||||||
|
# You may use any Rails deployment that works with Nginx
|
||||||
|
|
||||||
|
# install nginx
|
||||||
|
class { 'nginx': }
|
||||||
|
|
||||||
|
# configure nginx proxy
|
||||||
|
nginx::resource::upstream { 'welcome_app':
|
||||||
|
members => ['localhost:3000'],
|
||||||
|
}
|
||||||
|
nginx::resource::vhost { 'final.atomaka.com':
|
||||||
|
proxy => 'http://welcome_app',
|
||||||
|
}
|
||||||
|
|
||||||
|
# install rails
|
||||||
|
package { 'rails':
|
||||||
|
provider => 'gem',
|
||||||
|
}
|
||||||
|
|
||||||
|
# add rails depends
|
||||||
|
package { ['libsqlite3-dev', 'build-essential', 'nodejs']:
|
||||||
|
before => Exec['install rails app']
|
||||||
|
}
|
||||||
|
|
||||||
|
# add rails user and application
|
||||||
|
user { 'rails':
|
||||||
|
ensure => present,
|
||||||
|
groups => ['sudo'],
|
||||||
|
managehome => true,
|
||||||
|
shell => '/bin/bash',
|
||||||
|
}
|
||||||
|
exec { 'create rails app':
|
||||||
|
command => 'rails new welcome',
|
||||||
|
user => 'rails',
|
||||||
|
environment => ['HOME=/home/rails'],
|
||||||
|
path => '/usr/bin:/usr/local/bin',
|
||||||
|
cwd => '/home/rails',
|
||||||
|
creates => '/home/rails/welcome',
|
||||||
|
require => [
|
||||||
|
Package['rails'],
|
||||||
|
User['rails'],
|
||||||
|
],
|
||||||
|
}
|
||||||
|
exec { 'install rails app':
|
||||||
|
command => 'bundle install --path vendor/bundle',
|
||||||
|
user => 'rails',
|
||||||
|
environment => ['HOME=/home/rails'],
|
||||||
|
path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
|
||||||
|
cwd => '/home/rails/welcome',
|
||||||
|
unless => 'bundle check',
|
||||||
|
require => Exec['create rails app'],
|
||||||
|
notify => Exec['start rails app'],
|
||||||
|
}
|
||||||
|
exec { 'start rails app':
|
||||||
|
command => 'rails server -d',
|
||||||
|
user => 'rails',
|
||||||
|
environment => ['HOME=/home/rails'],
|
||||||
|
path => '/usr/bin:/usr/local/bin',
|
||||||
|
cwd => '/home/rails/welcome',
|
||||||
|
refreshonly => true,
|
||||||
|
}
|
||||||
|
|
||||||
|
# A working firewall using iptables or another Linux firewall
|
||||||
|
resources { 'firewall':
|
||||||
|
purge => true,
|
||||||
|
}
|
||||||
|
class { '::firewall':
|
||||||
|
require => Class['::ssh::server'],
|
||||||
|
}
|
||||||
|
firewall { '000 accept all icmp':
|
||||||
|
proto => 'icmp',
|
||||||
|
action => 'accept',
|
||||||
|
} ->
|
||||||
|
firewall { '001 accept all to lo interface':
|
||||||
|
proto => 'all',
|
||||||
|
iniface => 'lo',
|
||||||
|
action => 'accept',
|
||||||
|
}->
|
||||||
|
firewall { '002 accept related established rules':
|
||||||
|
proto => 'all',
|
||||||
|
state => ['RELATED', 'ESTABLISHED'],
|
||||||
|
action => 'accept',
|
||||||
|
}->
|
||||||
|
firewall { '100 accept ssh (non-default port)':
|
||||||
|
proto => 'tcp',
|
||||||
|
dport => '22984',
|
||||||
|
action => 'accept',
|
||||||
|
} ->
|
||||||
|
firewall { '200 accept http':
|
||||||
|
proto => 'tcp',
|
||||||
|
dport => '80',
|
||||||
|
action => 'accept',
|
||||||
|
}
|
||||||
|
|
||||||
|
firewall { '999 drop all':
|
||||||
|
proto => 'all',
|
||||||
|
action => 'drop',
|
||||||
|
before => undef,
|
||||||
|
}
|
||||||
|
|
||||||
|
# STUFF OUTSIDE SCOPE OF ASSIGNMENT
|
||||||
|
# convenience stuff
|
||||||
|
package { 'mosh': }
|
||||||
|
package { 'zsh': }
|
||||||
|
|
||||||
|
# atomaka, with SSH key
|
||||||
|
user { 'atomaka':
|
||||||
|
ensure => present,
|
||||||
|
groups => ['sudo'],
|
||||||
|
managehome => true,
|
||||||
|
shell => '/bin/zsh',
|
||||||
|
require => [
|
||||||
|
Package['zsh'],
|
||||||
|
],
|
||||||
|
}
|
||||||
|
file { '/home/atomaka/.ssh':
|
||||||
|
ensure => directory,
|
||||||
|
owner => 'atomaka',
|
||||||
|
group => 'atomaka',
|
||||||
|
mode => '0700',
|
||||||
|
require => User['atomaka'],
|
||||||
|
}
|
||||||
|
file { '/home/atomaka/.ssh/authorized_keys':
|
||||||
|
ensure => present,
|
||||||
|
owner => 'atomaka',
|
||||||
|
group => 'atomaka',
|
||||||
|
mode => '0600',
|
||||||
|
content => file('/tmp/puppet/files/keys/atomaka'),
|
||||||
|
require => File['/home/atomaka/.ssh'],
|
||||||
|
}
|
||||||
|
|
||||||
|
# sudo no password
|
||||||
|
include sudo
|
||||||
|
sudo::conf { 'sudo':
|
||||||
|
priority => 10,
|
||||||
|
content => "%sudo ALL=(ALL) NOPASSWD: ALL\n",
|
||||||
|
}
|
|
@ -65,8 +65,21 @@ package { 'mailutils': }
|
||||||
include augeas
|
include augeas
|
||||||
include sudo
|
include sudo
|
||||||
|
|
||||||
|
ssh::server::configline { 'Port': value => '22984' }
|
||||||
|
ssh::server::configline { 'PermitRootLogin': value => 'no' }
|
||||||
|
ssh::server::configline { 'PasswordAuthentication': value => 'yes' }
|
||||||
|
ssh::server::configline { 'AllowUsers/1': value => 'atomaka' }
|
||||||
|
ssh::server::configline { 'AllowUsers/2': value => 'jeff' }
|
||||||
|
|
||||||
class { '::ssh::server':
|
class { '::ssh::server':
|
||||||
require => Class['augeas'],
|
storeconfigs_enabled => false,
|
||||||
|
options => {
|
||||||
|
'Port' => [22984],
|
||||||
|
'PermitRootLogin' => 'no',
|
||||||
|
'PasswordAuthentication' => 'yes',
|
||||||
|
'AllowUsers/1' => 'atomaka',
|
||||||
|
'AllowUsers/2' => 'jeff',
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
class { '::apache':
|
class { '::apache':
|
||||||
|
@ -87,12 +100,6 @@ class { '::wordpress':
|
||||||
}
|
}
|
||||||
|
|
||||||
# CONFIGURATIONS
|
# CONFIGURATIONS
|
||||||
ssh::server::configline { 'Port': value => '22984' }
|
|
||||||
ssh::server::configline { 'PermitRootLogin': value => 'no' }
|
|
||||||
ssh::server::configline { 'PasswordAuthentication': value => 'yes' }
|
|
||||||
ssh::server::configline { 'AllowUsers/1': value => 'atomaka' }
|
|
||||||
ssh::server::configline { 'AllowUsers/2': value => 'jeff' }
|
|
||||||
|
|
||||||
sudo::conf { 'sudo':
|
sudo::conf { 'sudo':
|
||||||
priority => 10,
|
priority => 10,
|
||||||
content => "%sudo ALL=(ALL) NOPASSWD: ALL\n",
|
content => "%sudo ALL=(ALL) NOPASSWD: ALL\n",
|
||||||
|
|
Loading…
Reference in a new issue