linux

Puppet: PHP5 module

create module structure
mkdir -p /etc/puppet/modules/php5/manifests
mkdir -p /etc/puppet/modules/php5/files

download module definiction
<?php
$URL="https://raw.githubusercontent.com/panticz/puppet/master/modules/php5/init.pp";
echo "wget -q $URL -O /etc/puppet/modules/php5/manifests/init.pp";
echo "

";
$c = curl_init();
curl_setopt($c, CURLOPT_URL, $URL);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
echo htmlspecialchars(curl_exec($c));
curl_close($c);
echo "

";
?>

add include to your client in /etc/puppet/manifests/site.pp
node "client1.local" inherits default {
...
include php5
...
}

Example: index.html

Links

Puppet: Apache module

create module structure
mkdir -p /etc/puppet/modules/apache/manifests
mkdir -p /etc/puppet/modules/apache/files

download module definiction
<?php
$URL="https://raw.githubusercontent.com/panticz/puppet/master/modules/apache/init.pp";
echo "wget -q $URL -O /etc/puppet/modules/apache/manifests/init.pp";
echo "

";
$c = curl_init();
curl_setopt($c, CURLOPT_URL, $URL);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
echo htmlspecialchars(curl_exec($c));
curl_close($c);
echo "

";
?>

add include to your client in /etc/puppet/manifests/site.pp
node "client1.local" inherits default {
...
include apache
...
}

Example: index.html
echo "Hello puppet" > /etc/puppet/modules/apache/files/index.html

Links
http://www.panticz.de/install_webserver
http://github.com/example42/puppet-apache

Puppet: Xen module

create module structure
mkdir -p /etc/puppet/modules/xen/manifests
mkdir -p /etc/puppet/modules/xen/files

download module definiction
<?php
$URL="https://raw.githubusercontent.com/panticz/puppet/master/modules/xen/init.pp";
echo "wget -q $URL -O /etc/puppet/modules/xen/manifests/init.pp";
echo "

";
$c = curl_init();
curl_setopt($c, CURLOPT_URL, $URL);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
echo htmlspecialchars(curl_exec($c));
curl_close($c);
echo "

";
?>

add include to your client in /etc/puppet/manifests/site.pp
node "client1.local" inherits default {
...
include nullmailer
include xen
...
}

Links
http://www.panticz.de/install-xen

Puppet: Nullmailer module

create module structure
mkdir -p /etc/puppet/modules/nullmailer/manifests
mkdir -p /etc/puppet/modules/nullmailer/files

download module definiction
<?php
$URL="https://raw.githubusercontent.com/panticz/puppet/master/modules/nullmailer/init.pp";
echo "wget -q $URL -O /etc/puppet/modules/nullmailer/manifests/init.pp";
echo "

";
$c = curl_init();
curl_setopt($c, CURLOPT_URL, $URL);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
echo htmlspecialchars(curl_exec($c));
curl_close($c);
echo "

";
?>

add include to your client in /etc/puppet/manifests/site.pp
node "client1.local" inherits default {
...
include nullmailer
...
}

Example: /etc/mailname
example.com

Example: /etc/nullmailer/remotes
smtp.example.com smtp --auth-login --user=YOUR_SMTP_ID --pass=YOUR_SMTP_PASS

Links
http://www.panticz.de/install-nullmailer

Puppet: Icinga SSH client module

Enable Pluginsync on client
sed -i '/\[main\]/a\pluginsync=true\' /etc/puppet/puppet.conf

create Nullmailer module
http://www.panticz.de/Puppet-Nullmailer-module

create module structure
mkdir -p /etc/puppet/modules/icinga_ssh_client/manifests
mkdir -p /etc/puppet/modules/icinga_ssh_client/files

download module definiction
<?php
$URL="https://raw.githubusercontent.com/panticz/puppet/master/modules/icinga_ssh_client/init.pp";
echo "wget -q $URL -O /etc/puppet/modules/icinga_ssh_client/manifests/init.pp";
echo "

";
$c = curl_init();
curl_setopt($c, CURLOPT_URL, $URL);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
echo htmlspecialchars(curl_exec($c));
curl_close($c);
echo "

";
?>

add include to your client in /etc/puppet/manifests/site.pp
node "client1.local" inherits default {
...
include icinga_ssh_client
include nullmailer
...
}

Example: /etc/puppet/modules/icinga_ssh_client/files/id_rsa.pub
ssh-rsa ADAAB3NzaC3yc2EAAAADAEulgMUFyT9y2DaZYXHUdLWvkE9TKE+OVO8jYhmGG2BMmL5Ad3D+flpTMQfpp7EVJg2vTBSiVG4kCVicvb nagios@icinga

# (auto) create new host / object on icinga
cat /etc/icinga/objects/puppet.cfg
define host {
host_name puppet
address 192.168.1.173
use generic-host
hostgroups debian
}

TODO
# (auto) remove old hosts from /var/lib/nagios/.ssh/known_hosts on icinga
# (auto) import new host to /var/lib/nagios/.ssh/known_hosts on icinga

# add raid check
#apt-get install -y hddtemp
#wget -q "http://exchange.nagios.org/components/com_mtree/attachment.php?link_id=341&cf_id=24" -O /usr/lib/nagios/plugins/check_hddtemp
#chmod go+x /usr/lib/nagios/plugins/check_hddtemp

Links
http://serverfault.com/questions/411245/puppetlabs-file-line-type-not-working
http://serverfault.com/questions/238708/adding-lines-to-etc-profile-with-puppet

Debian: Install Puppet on client

Install Puppet client (agent)
<?php
$URL="https://raw.githubusercontent.com/panticz/installit/master/install.puppet-client.sh";
echo "wget $URL -O - | bash -";
echo "

";
$c = curl_init();
curl_setopt($c, CURLOPT_URL, $URL);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
echo htmlspecialchars(curl_exec($c));
curl_close($c);
echo "

";
?>

enabling pluginsync
sed -i '/\[main\]/a\pluginsync=true\' /etc/puppet/puppet.conf
sed -i '/\[main\]/a\runinterval=10\' /etc/puppet/puppet.conf

test connection to pupet server
puppet agent --test
OR
puppet agent --test --server puppet.lab --waitforcert 60 --verbose
#--no-daemonize

change update interwal in seconds (default 30min.)
vi /etc/puppet/puppet.conf
[main]
runinterval=300

puppet version
puppet --version

Links
http://docs.puppetlabs.com/learning/agent_master_basic.html

Puppet

Installation
1. Install and configure Puppet on server (/etc/puppet/fileserver.conf)
http://www.panticz.de/install-puppet-server-puppetmaster
2. On client: Install Puppet client
http://www.panticz.de/install-puppet-client
3. On client: apply for certificate (puppet agent --test)
4. On server: confirm certificate (puppet cert sign dev2.lab)
5. On server: configure modules (/etc/puppet/modules/MODULE_NAME/manifests/init.pp)
6. On server: prepare files (/etc/puppet/modules/MODULE_NAME/files)
7. Configure clients (/etc/puppet/manifests/site.pp)

SSH server enable / disable password authentication

Enable
sed -i 's|[#]*PasswordAuthentication no|PasswordAuthentication yes|g' /etc/ssh/sshd_config
sed -i 's|UsePAM no|UsePAM yes|g' /etc/ssh/sshd_config
service ssh restart

Disable (don´t forget to install pre-shared-key first: http://www.panticz.de/ssh_pre-shared-key_authentication)
<?php
$URL="https://raw.githubusercontent.com/panticz/scripts/master/disable_ssh_password_authentication.sh";
echo "wget -q --no-check-certificate $URL -O - | bash -";
echo "

";
$c = curl_init();
curl_setopt($c, CURLOPT_URL, $URL);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
echo htmlspecialchars(curl_exec($c));
curl_close($c);
echo "

";
?>

# LXC
# disable login without password
lxc-attach -n ${CONTAINER} -- sed -i 's|[#]*PasswordAuthentication yes|PasswordAuthentication no|g' /etc/ssh/sshd_config
lxc-attach -n ${CONTAINER} -- sed -i 's|UsePAM yes|UsePAM no|g' /etc/ssh/sshd_config
lxc-attach -n ${CONTAINER} -- service ssh restart

# generate SSH key for root
lxc-attach -n ${CONTAINER} -- ssh-keygen -q -f /root/.ssh/id_rsa -N ''