From 4f31063a753a75338c5cbbd7e62f717d715d66f3 Mon Sep 17 00:00:00 2001 From: Andrew DeFaria Date: Wed, 26 Sep 2018 20:38:57 -0700 Subject: [PATCH] Added puppet files --- puppet/client.pp | 23 ++++ puppet/dns.pp | 125 +++++++++++++++++++++ puppet/gd/client.pp | 23 ++++ puppet/gd/dns.pp | 125 +++++++++++++++++++++ puppet/gd/init.pp | 248 +++++++++++++++++++++++++++++++++++++++++ puppet/gd/server.pp | 23 ++++ puppet/gd/wincbc.pp | 46 ++++++++ puppet/gd/winclient.pp | 7 ++ puppet/gd/windc.pp | 25 +++++ puppet/gd/winserver.pp | 7 ++ puppet/gd/wints.pp | 188 +++++++++++++++++++++++++++++++ puppet/init.pp | 248 +++++++++++++++++++++++++++++++++++++++++ puppet/server.pp | 23 ++++ puppet/wincbc.pp | 46 ++++++++ puppet/winclient.pp | 7 ++ puppet/windc.pp | 25 +++++ puppet/winserver.pp | 7 ++ puppet/wints.pp | 188 +++++++++++++++++++++++++++++++ 18 files changed, 1384 insertions(+) create mode 100644 puppet/client.pp create mode 100644 puppet/dns.pp create mode 100644 puppet/gd/client.pp create mode 100644 puppet/gd/dns.pp create mode 100644 puppet/gd/init.pp create mode 100644 puppet/gd/server.pp create mode 100644 puppet/gd/wincbc.pp create mode 100644 puppet/gd/winclient.pp create mode 100644 puppet/gd/windc.pp create mode 100644 puppet/gd/winserver.pp create mode 100644 puppet/gd/wints.pp create mode 100644 puppet/init.pp create mode 100644 puppet/server.pp create mode 100644 puppet/wincbc.pp create mode 100644 puppet/winclient.pp create mode 100644 puppet/windc.pp create mode 100644 puppet/winserver.pp create mode 100644 puppet/wints.pp diff --git a/puppet/client.pp b/puppet/client.pp new file mode 100644 index 0000000..e56c141 --- /dev/null +++ b/puppet/client.pp @@ -0,0 +1,23 @@ +# RDE Puppet Client config + +# This subclass defines the configuration for RDE Clients +class rde::client { + # Remove any NIS groups + file_line { 'no_NIS_groups': + ensure => 'absent', + path => '/etc/passwd', + line => '# Remove +', + match => '^\+@.*', + multiple => 'true', + match_for_absence => 'true', + replace => 'false', + tag => 'nis', + } + + file_line { 'all_users': + path => '/etc/passwd', + ensure => 'present', + line => '+', + tag => 'nis', + } +} diff --git a/puppet/dns.pp b/puppet/dns.pp new file mode 100644 index 0000000..4926660 --- /dev/null +++ b/puppet/dns.pp @@ -0,0 +1,125 @@ +# RDE Puppet DNS config +# +# This subclass defines the configuration for DNS servers +class rde::dns { + if ($hostname == 'rdeadm1') or ($hostname == 'rdeadm2') { + package { 'service/network/dns/bind': ensure => present, } + + service { 'dns/server': ensure => 'running', } + + file { '/var/named': + ensure => 'directory', + owner => 'root', + group => 'sys', + mode => '0755', + notify => Service['dns/server'], + } + } + + if $hostname == 'rdeadm1' { + file { '/etc/named.conf': + owner => 'root', + group => 'sys', + mode => '0644', + source => 'puppet:///modules/rde/named.conf.slave', + notify => Service['dns/server'], + } + } elsif $hostname == 'rdeadm2' { + file { '/etc/named.conf': + owner => 'root', + group => 'sys', + mode => '0644', + source => 'puppet:///modules/rde/named.conf.master', + notify => Service['dns/server'], + } + + file { '/var/named/named.ca': + owner => 'root', + group => 'sys', + mode => '0644', + source => 'puppet:///modules/rde/named.ca', + notify => Service['dns/server'], + } + + file { '/var/named/gddsi.com': + owner => 'root', + group => 'sys', + mode => '0644', + source => 'puppet:///modules/rde/gddsi.com', + require => File["/var/named"], + notify => Service['dns/server'], + } + + file { '/var/named/gd-ms.us': + owner => 'root', + group => 'sys', + mode => '0644', + source => 'puppet:///modules/rde/gd-ms.us', + require => File["/var/named"], + notify => Service['dns/server'], + } + + file { '/var/named/localhost': + owner => 'root', + group => 'sys', + mode => '0644', + source => 'puppet:///modules/rde/localhost', + require => File["/var/named"], + notify => Service['dns/server'], + } + + file { '/var/named/localhost.in-addr.arpa': + owner => 'root', + group => 'sys', + mode => '0644', + source => 'puppet:///modules/rde/localhost.in-addr.arpa', + require => File["/var/named"], + notify => Service['dns/server'], + } + + file { '/var/named/11.240.10.in-addr.arpa': + owner => 'root', + group => 'sys', + mode => '0644', + source => 'puppet:///modules/rde/11.240.10.in-addr.arpa', + require => File["/var/namedb"], + notify => Service['dns/server'], + } + + file { '/var/named/12.100.10.in-addr.arpa': + owner => 'root', + group => 'sys', + mode => '0644', + source => 'puppet:///modules/rde/12.100.10.in-addr.arpa', + require => File["/etc/namedb/master"], + notify => Service['dns/server'], + } + + file { '/var/named/12.240.10.in-addr.arpa': + owner => 'root', + group => 'sys', + mode => '0644', + source => 'puppet:///modules/rde/12.240.10.in-addr.arpa', + require => File["/etc/namedb/master"], + notify => Service['dns/server'], + } + + file { '/var/named/13.100.10.in-addr.arpa': + owner => 'root', + group => 'sys', + mode => '0644', + source => 'puppet:///modules/rde/13.100.10.in-addr.arpa', + require => File["/etc/namedb/master"], + notify => Service['dns/server'], + } + + file { '/var/named/14.100.10.in-addr.arpa': + owner => 'root', + group => 'sys', + mode => '0644', + source => 'puppet:///modules/rde/14.100.10.in-addr.arpa', + require => File["/etc/namedb/master"], + notify => Service['dns/server'], + } + } +} diff --git a/puppet/gd/client.pp b/puppet/gd/client.pp new file mode 100644 index 0000000..e56c141 --- /dev/null +++ b/puppet/gd/client.pp @@ -0,0 +1,23 @@ +# RDE Puppet Client config + +# This subclass defines the configuration for RDE Clients +class rde::client { + # Remove any NIS groups + file_line { 'no_NIS_groups': + ensure => 'absent', + path => '/etc/passwd', + line => '# Remove +', + match => '^\+@.*', + multiple => 'true', + match_for_absence => 'true', + replace => 'false', + tag => 'nis', + } + + file_line { 'all_users': + path => '/etc/passwd', + ensure => 'present', + line => '+', + tag => 'nis', + } +} diff --git a/puppet/gd/dns.pp b/puppet/gd/dns.pp new file mode 100644 index 0000000..4926660 --- /dev/null +++ b/puppet/gd/dns.pp @@ -0,0 +1,125 @@ +# RDE Puppet DNS config +# +# This subclass defines the configuration for DNS servers +class rde::dns { + if ($hostname == 'rdeadm1') or ($hostname == 'rdeadm2') { + package { 'service/network/dns/bind': ensure => present, } + + service { 'dns/server': ensure => 'running', } + + file { '/var/named': + ensure => 'directory', + owner => 'root', + group => 'sys', + mode => '0755', + notify => Service['dns/server'], + } + } + + if $hostname == 'rdeadm1' { + file { '/etc/named.conf': + owner => 'root', + group => 'sys', + mode => '0644', + source => 'puppet:///modules/rde/named.conf.slave', + notify => Service['dns/server'], + } + } elsif $hostname == 'rdeadm2' { + file { '/etc/named.conf': + owner => 'root', + group => 'sys', + mode => '0644', + source => 'puppet:///modules/rde/named.conf.master', + notify => Service['dns/server'], + } + + file { '/var/named/named.ca': + owner => 'root', + group => 'sys', + mode => '0644', + source => 'puppet:///modules/rde/named.ca', + notify => Service['dns/server'], + } + + file { '/var/named/gddsi.com': + owner => 'root', + group => 'sys', + mode => '0644', + source => 'puppet:///modules/rde/gddsi.com', + require => File["/var/named"], + notify => Service['dns/server'], + } + + file { '/var/named/gd-ms.us': + owner => 'root', + group => 'sys', + mode => '0644', + source => 'puppet:///modules/rde/gd-ms.us', + require => File["/var/named"], + notify => Service['dns/server'], + } + + file { '/var/named/localhost': + owner => 'root', + group => 'sys', + mode => '0644', + source => 'puppet:///modules/rde/localhost', + require => File["/var/named"], + notify => Service['dns/server'], + } + + file { '/var/named/localhost.in-addr.arpa': + owner => 'root', + group => 'sys', + mode => '0644', + source => 'puppet:///modules/rde/localhost.in-addr.arpa', + require => File["/var/named"], + notify => Service['dns/server'], + } + + file { '/var/named/11.240.10.in-addr.arpa': + owner => 'root', + group => 'sys', + mode => '0644', + source => 'puppet:///modules/rde/11.240.10.in-addr.arpa', + require => File["/var/namedb"], + notify => Service['dns/server'], + } + + file { '/var/named/12.100.10.in-addr.arpa': + owner => 'root', + group => 'sys', + mode => '0644', + source => 'puppet:///modules/rde/12.100.10.in-addr.arpa', + require => File["/etc/namedb/master"], + notify => Service['dns/server'], + } + + file { '/var/named/12.240.10.in-addr.arpa': + owner => 'root', + group => 'sys', + mode => '0644', + source => 'puppet:///modules/rde/12.240.10.in-addr.arpa', + require => File["/etc/namedb/master"], + notify => Service['dns/server'], + } + + file { '/var/named/13.100.10.in-addr.arpa': + owner => 'root', + group => 'sys', + mode => '0644', + source => 'puppet:///modules/rde/13.100.10.in-addr.arpa', + require => File["/etc/namedb/master"], + notify => Service['dns/server'], + } + + file { '/var/named/14.100.10.in-addr.arpa': + owner => 'root', + group => 'sys', + mode => '0644', + source => 'puppet:///modules/rde/14.100.10.in-addr.arpa', + require => File["/etc/namedb/master"], + notify => Service['dns/server'], + } + } +} diff --git a/puppet/gd/init.pp b/puppet/gd/init.pp new file mode 100644 index 0000000..3346210 --- /dev/null +++ b/puppet/gd/init.pp @@ -0,0 +1,248 @@ +# RDE Puppet Base config +# +# This is the base class for all machines. +class rde { + package { 'nis': + ensure => 'present', + } + + nis { 'domainname': + domainname => 'rde', + } + + file { '/etc/defaultdomain': + path => '/etc/defaultdomain', + owner => 'root', + group => 'sys', + mode => '0644', + content => 'rde', + notify => Service['nis/client'], + } + + service { 'nis/domain': + ensure => 'running', + enable => 'true', + provider => 'smf', + notify => Service['nis/client'], + } + + nsswitch { 'nsswitch': + alias => 'files nis', + automount => 'files nis', + default => 'files', + group => 'files nis', + host => 'files dns nis', + netgroup => 'files nis', + password => 'files nis', + notify => [Service['nis/client'], Service['autofs']], + } + + service { 'nis/client': + ensure => 'running', + enable => 'true', + provider => 'smf', + notify => Service['autofs'], + } + + service { 'dns/client': + ensure => 'running', + enable => 'true', + provider => 'smf', + } + + dns { 'dns/client': + #nameserver => ['10.100.13.21', '10.100.13.22'], + nameserver => ['10.100.0.10', '10.100.0.30'], + domain => 'gddsi.com', + search => ['gddsi.com'], + notify => [Service['dns/client'], Service['autofs']], + } + + package { 'ntp': + ensure => 'present', + } + + file { 'ntp.conf': + path => '/etc/inet/ntp.conf', + owner => 'root', + group => 'sys', + mode => '0444', + source => 'puppet:///modules/rde/ntp.conf', + notify => Service['ntp'] + } + + service { 'ntp': + ensure => 'running', + enable => 'true', + provider => 'smf', + } + + service { 'rpc/bind': ensure => 'running', } + + service { 'zones-proxy-client': + ensure => 'running', + enable => 'true', + provider => 'smf', + } + + # I'm not sure if this is needed on clients. It was needed for + # the NIS server and slave. + svccfg { 'binding': + fmri => 'svc:/network/rpc/bind', + property => 'config/local_only', + type => 'boolean', + value => 'false', + } + + service { 'autofs': + ensure => 'running', + enable => 'true', + provider => 'smf', + notify => Service['rpc/bind'], + } + + service { 'sendmail': + ensure => 'running', + enable => 'true', + provider => 'smf', + } + + if ($hostname = 'rdeadm1') { + file_line { 'sendmail_relay': + ensure => 'present', + path => '/etc/mail/sendmail.cf', + line => 'DSsmtp-west.gd-ms.us.', + notify => Service['sendmail'], + } + } else { + file_line { 'sendmail_relay': + ensure => 'present', + path => '/etc/mail/sendmail.cf', + line => 'DSrdeadm1.gddsi.com', + notify => Service['sendmail'], + } + } + + svccfg { 'sendmail': + fmri => 'svc:/network/smtp:sendmail', + property => 'config/local_only', + type => 'boolean', + value => 'false', + notify => Service['sendmail'], + } + + file { '/etc/passwd': + owner => 'root', + group => 'sys', + mode => '0644', + } + + file { '/etc/group': + owner => 'root', + group => 'sys', + mode => '0644', + } + + file { '/etc/shadow': + owner => 'root', + group => 'sys', + mode => '0400', + } + + host { 'rdeadm1': + ensure => 'present', + comment => 'NIS Master', + ip => '10.100.13.21', + } + + host { 'rdeadm2': + ensure => 'present', + comment => 'NIS Slave', + ip => '10.100.13.22', + } + + file { 'motd': + path => '/etc/motd', + owner => 'root', + group => 'sys', + mode => '0444', + source => 'puppet:///modules/rde/motd', + } + + file { 'issue': + path => '/etc/issue', + owner => 'root', + group => 'sys', + mode => '0444', + source => 'puppet:///modules/rde/issue', + } + + file { 'sudoers': + path => '/etc/sudoers.d/admins', + owner => 'root', + group => 'sys', + mode => '0444', + content => "+ccadms ALL=(ALL) ALL\np2282c ALL=(ALL) NOPASSWD:ALL\nhn06511 ALL=(ALL) NOPASSWD:ALL\n", + } + + # Add "+" to /etc/group + file_line { 'groups': + path => '/etc/group', + ensure => 'present', + line => '+', + } + + # Add "+" to /etc/shadow + file_line { 'shadow': + path => '/etc/shadow', + ensure => 'present', + line => '+', + } + + # Everybody mounts these + file_line { 'vob_storage', + ensure => 'present', + path => '/etc/vfstab', + line => 'muosrdenas1:/rdevob1 - /rdevob1 nfs - yes -', + } + file_line { 'view_storage', + ensure => 'present', + path => '/etc/vfstab', + line => 'muosrdenas1:/rdeview1 - /rdeview1 nfs - yes -', + } + + if ($hostname == 'rdevob1' || $hostname == 'rdevob2') { + file_line { 'transfer': + ensure => 'present', + path => '/etc/vfstab', + line => 'muosrdenas1:/transfer - /transfer nfs - yes -', + } + file_line { 'rdevob2', + ensure => 'present', + path => '/etc/vfstab', + line => 'muosrdenas1:/rdevob2 - /rdevob2 nfs - yes -', + } + } + + if ($hostname == 'rdevob1') { + file_line { 'export', + ensure => 'present', + path => '/etc/vfstab', + line => 'muosrdenas1:/export - /export nfs - yes -', + } + } + + if ($hostname == 'rdevob1') { + file_line { 'rdeview2', + ensure => 'present', + path => '/etc/vfstab', + line => 'muosrdenas1:/rdeview2 - /rdeview2 nfs - yes -', + } + } + + $std_packages = ['vim', 'gvim', 'tcsh', 'xauth', 'xclock', 'xterm', 'top', 'rdesktop', 'firefox', 'telnet', 'git', 'expect', 'make', 'gcc', 'motif', 'libxp'] + + package { $std_packages: + ensure => 'present', + } +} diff --git a/puppet/gd/server.pp b/puppet/gd/server.pp new file mode 100644 index 0000000..66f629a --- /dev/null +++ b/puppet/gd/server.pp @@ -0,0 +1,23 @@ +# RDE Puppet Server config + +# This subclass defines the configuration for RDE Servers +class rde::server { + # Remove any naked '+''s + file_line { 'all_users': + ensure => 'absent', + path => '/etc/passwd', + line => '# Remove +', + match => '^\+$', + match_for_absence => 'true', + replace => 'false', + tag => 'nis', + } + + # Make sure only members of the ccadms netgroup can log in + file_line { 'server_users': + path => '/etc/passwd', + ensure => 'present', + line => '+@ccadms', + tag => 'nis', + } +} diff --git a/puppet/gd/wincbc.pp b/puppet/gd/wincbc.pp new file mode 100644 index 0000000..734e96a --- /dev/null +++ b/puppet/gd/wincbc.pp @@ -0,0 +1,46 @@ +# RDE Puppet Windows config + +# This subclass defines the configuration for RDE Windows machines +class rde::windows { + tag 'cbc' + + #$win_software_repo = '\\az251dp2ch2d\Software' # A software repo. Currently on the machine under test but can be on any share + + # Install Cygwin + $cyg_setup = "$win_software_repo\\Cygwin-2.9-Win64\\setup-x86_64.exe" + $cyg_repo = "-L -l $win_software_repo\\Cygwin-2.9-Win64" + $cyg_categories = "-C Base" + $cyg_root = 'C:\Cygwin' + $cyg_install_to = "-R $cyg_root" + $cyg_pkgs = "-P openssh,cygrunsrv,bzip2,unzip,zip,gcc-core,gcc-G++,git,git-gui,make,vim,vim-common,perl,perl_base,perl-Term-ReadLine-Gnu,perl-Term-ReadKey,php,python2,python3,dos2unix,rlwrap,wget,xorg-server,xorg-server-common,xorg-x11-fonts-dpi100,xauth,xclock,xload,xterm,gnome-terminal,dbus-x11" + + exec { 'Install Cygwin': + command => "$cyg_setup -q $cyg_repo $cyg_install_to $cyg_categories $cyg_pkgs", + creates => $cyg_root, + timeout => 600, # Cygwin takes some time to install + } + + exec { 'Setup sshd': + path => "$cyg_root\\bin", + command => "bash /usr/bin/ssh-host-config2 -y -u cyg_server -w 'Ranroot!'", + creates => "$cyg_root/etc/sshd_config", + logoutput => 'on_failure', + } + + windows::path { "$cyg_root\\bin": } + + windows::unzip { "$win_software_repo\\ProcessExplorer.zip": + destination => 'C:\Windows\System32', + creates => 'C:\Windows\System32\Procexp.exe', + } + + exec { 'Install Firefox': + command => "$win_software_repo\\FirefoxInstaller.exe -ms", + creates => 'C:\Program Files\Mozilla Firefox\firefox.exe', + } + + exec { 'Install Adobe Reader': + command => "$win_software_repo\\AcroRdrDC1801120040_en_US.exe /sAll", + creates => 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe', + } +} diff --git a/puppet/gd/winclient.pp b/puppet/gd/winclient.pp new file mode 100644 index 0000000..3073f55 --- /dev/null +++ b/puppet/gd/winclient.pp @@ -0,0 +1,7 @@ +# RDE Puppet Windows Client config + +# This subclass defines the configuration for RDE Windows client machines +class rde::windows::client { + # Not sure what additional software is needed for a Windows Server to be a Domain + # Controller (DC) nor what added software might make it more useful. +} diff --git a/puppet/gd/windc.pp b/puppet/gd/windc.pp new file mode 100644 index 0000000..18f6df6 --- /dev/null +++ b/puppet/gd/windc.pp @@ -0,0 +1,25 @@ +# RDE Puppet Windows Domain Controller config + +# This subclass defines the configuration for RDE Windows domain controller +class rde::windows::domain_controller { + tag 'dc' + + install => 'present', + installmanagementtools => true, + restart => true, + installflag => true, + configure => 'present', + configureflag => true, + domain => 'forest', + domainname => 'gddsi.com', + netbiosdomainname => 'rde', + domainlevel => '6', + forestlevel => '6', + databasepath => 'c:\windows\ntds', + logpath => 'c:\windows\ntds', + sysvolpath => 'c:\windows\sysvol', + installtype => 'domain', + dsrmpassword => '', + installdns => 'yes', + localadminpassword => '', +} \ No newline at end of file diff --git a/puppet/gd/winserver.pp b/puppet/gd/winserver.pp new file mode 100644 index 0000000..abf43c4 --- /dev/null +++ b/puppet/gd/winserver.pp @@ -0,0 +1,7 @@ +# RDE Puppet Windows Server config + +# This subclass defines the configuration for RDE Windows server machines + +class rde::windows::server { + +} \ No newline at end of file diff --git a/puppet/gd/wints.pp b/puppet/gd/wints.pp new file mode 100644 index 0000000..6963e74 --- /dev/null +++ b/puppet/gd/wints.pp @@ -0,0 +1,188 @@ +# RDE Puppet Windows Terminal config + +# This subclass defines the configuration for RDE Windows terminal server. Note that +# this server will have a lot of development tools installed on it as RDE developers +# use these machines to run Windows tools. +# +# Seems like there are a few ways to install Windows packages. One is just using exec. +# The other is just to unzip a file. Finally there's .msi files. I think we can use +# the package resource for .msi's and .exe's. Not as sure about being able to unsip +# applications that are just delivered as a zip file. I need a Windows machine to test +# things on. + +class rde::wints { + $win_software_repo = '\\az251dp2ch2d\Software' # A software repo. Currently on the machine under test but can be on any share + tag 'ts' + + # ActivePerl: Installs OK + windows::unzip { "$win_software_repo\\ActivePerl-5.24.3.2404-MSWin32-x64-404865.zip": + destination => "C:\\", + creates => 'C:\Perl', + tag => ['activeperl'], + } + + # PHP + file { 'C:\PHP': + ensure => 'directory', + tag => ['php'], + } + + # PHP: Installs OK + windows::unzip { "$win_software_repo\\PHP-5.6.31\\php-5.6.31-Win32-VC11-x86.zip": + destination => "C:\\PHP", + creates => "C:\\PHP\\bin", + require => File['C:\PHP'], + tag => ['php'], + } + + # Ghostscript: Installs OK + package { 'Ghostscript': + source => "$win_software_repo\\Ghostscript-9.0.9\\gs909w64.exe", + install_options => '/S /NCRC', + tag => ['ghostscript'], + } + + # BeyondCompare: Installs OK + exec { 'Beyond Compare': + command => "$win_software_repo\\TPS1166_Beyond_Compare\\beycomp_081407.exe /verysilent /sp-", + tag => ['beyondcompare'] + } + + # SecureCRT: Installs OK + package { 'SecureCRT': + source => "$win_software_repo\\TPS1284_SecureCRT_v6.63\\scrt663-x64.exe", + install_options => '/s /v"/qn"', + tag => ['securecrt'], + } + + # Apache Tomcat: Installs OK + windows::unzip { "$win_software_repo\\Apache-Tomcat-8.5.11\\apache-tomcat-8.5.11-windows-x64.zip": + destination => 'C:\Program Files', + creates => 'C:\Program Files\apache-tomcat-8.5.11', + tag => ['apachetomcat'], + } + + # DeepBurner: Installs OK + package { 'DeepBurner': + source => "$win_software_repo\\DeepBurner-1.9\\DeepBurner1.exe", + install_options => '/s', + tag => ['deepburner'], + } + + # GnuWin32: This "install" requires considerable hand configuration and also + # reaches out to the Internet to download packages. This will not fly behind + # a firewall and most of the functionality here is already provided in Cygwin. + # exec { 'GnuWin32': + # command => "$win_software_repo\\GnuWin32-0.6.21\\GetGnuWin32\\install.bat", + # creates => "???", + #} + + # Notepad++: Installs OK + package { 'Notepad++': + source => "$win_software_repo\\Notepad++7.5.6\\npp.7.5.6.Installer.exe", + install_options => '/S', + tag => ['notepadplusplus'], + } + + # Console2: Installs OK + windows::unzip { "$win_software_repo\\Console-2.00b148-Beta_64bit.zip": + destination => 'C:\Program Files', + creates => 'C:\Program Files\Console2', + tag => 'console2', + } + + # JDK: Installs OK + package { 'JDK': + source => "$win_software_repo\\jdk-8u172-windows-x64.exe", + install_options => '/s', + tag => 'jdk', + } + + # Eclipse: Installs OK + windows::unzip { "$win_software_repo\\Eclipse.zip": + destination => "C:\\", + creates => 'C:\Eclipse', + tag => ['eclipse'], + } + + windows::shortcut { 'C:\Users\All Users\Desktop\Eclipse.lnk': + target => 'C:\Eclipse\Eclipse.exe', + description => 'Eclipse IDE', + tag => ['eclipse'], + } + + # Microsoft SQL Server: I tried installing this but it was too old to run on + # 2012 R2 + # exec { 'Microsoft SQL Server': + # command => "$win_software_repo\\Microsoft-SQL-Server-2005-SP3-Express-Edition\\SQLEXPR64-SP3.exe", + # #creates => "???", + #} + + # Microsoft Visual Studio: Thought this was working. Turns out it doesn't work. + # Works by hand though :-( + exec { 'Microsoft Visual Studio': + command => "$win_software_repo\\TPS0004_Visual_studio_Pro_2010\\Setup\Setup.exe /q /full", + creates => 'C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe', + tag => ['visualstudio'], + timeout => 600, # Visual Studio takes some time to install + } + + exec { 'Console Emulator': + command => "$win_software_repo\\ConEmu-150813\\ConEmuSetup.150813g.exe /p:x64 /qr", + creates => 'C:\Program Files\ConEmu', + tag => ['conemu'], + } + + # Putty: Installs OK + exec { 'Putty': + command => "$win_software_repo\\TPS1288_PuTTY\\putty-0.63-installer.exe /verysilent /sp-", + tag => ['putty'], + } + + # Python 2.7.13: Installs OK + package { 'Python 2.7.13': + source => "$win_software_repo\\Python-2.7.13\\Windows\\python-2.7.13.amd64.msi", + install_options => '/qn', + tag => ['python2713'], + } + + # Pythong 3.6.4: Installs OK + exec { 'Python 3.6.4': + command => "$win_software_repo\\Python-3.6.4\\python-3.6.4-amd64.exe /quiet InstallAllUsers=1 PrependPath=1", + tag => ['python364'], + } + + # TeraTerm: Installs OK + package { 'TeraTerm': + source => "$win_software_repo\\TeraTerm-4.7.3\\teraterm-4.73.exe", + install_options => '/verysilent', + tag => ['teraterm'], + } + + # VIM 7.3: Installs OK + windows::unzip { "$win_software_repo\\VIM-7.3\\MSDOS\\vim73w32.zip": + destination => 'C:\Program Files', + creates => 'C:\Program Files\vim', + tag => ['vim'], + } + + # VNC: Installs OK + package { 'VNC': + source => "$win_software_repo\\VNC-Open-4.1.3\\vnc-4_1_3-x86_win32.exe", + install_options => '/verysilent', + tag => ['vnc'], + } + + # Microsoft Office: Installs OK + exec { 'Microsoft Office': + command => "$win_software_repo\\TPS1293_Office_Standard\\setup.exe /config Standard.WW\config.xml", + tag => ['office'], + } + + # Microsoft Visio: Installs OK + exec { 'Microsoft Visio': + command => "$win_software_repo\\TPS0003_Visio_Standard\\x86\\setup.exe /config Visio.WW\config.xml", + timeout => 600, # Microsoft Visio takes some time to install + tag => ['visio'], + } +} diff --git a/puppet/init.pp b/puppet/init.pp new file mode 100644 index 0000000..3346210 --- /dev/null +++ b/puppet/init.pp @@ -0,0 +1,248 @@ +# RDE Puppet Base config +# +# This is the base class for all machines. +class rde { + package { 'nis': + ensure => 'present', + } + + nis { 'domainname': + domainname => 'rde', + } + + file { '/etc/defaultdomain': + path => '/etc/defaultdomain', + owner => 'root', + group => 'sys', + mode => '0644', + content => 'rde', + notify => Service['nis/client'], + } + + service { 'nis/domain': + ensure => 'running', + enable => 'true', + provider => 'smf', + notify => Service['nis/client'], + } + + nsswitch { 'nsswitch': + alias => 'files nis', + automount => 'files nis', + default => 'files', + group => 'files nis', + host => 'files dns nis', + netgroup => 'files nis', + password => 'files nis', + notify => [Service['nis/client'], Service['autofs']], + } + + service { 'nis/client': + ensure => 'running', + enable => 'true', + provider => 'smf', + notify => Service['autofs'], + } + + service { 'dns/client': + ensure => 'running', + enable => 'true', + provider => 'smf', + } + + dns { 'dns/client': + #nameserver => ['10.100.13.21', '10.100.13.22'], + nameserver => ['10.100.0.10', '10.100.0.30'], + domain => 'gddsi.com', + search => ['gddsi.com'], + notify => [Service['dns/client'], Service['autofs']], + } + + package { 'ntp': + ensure => 'present', + } + + file { 'ntp.conf': + path => '/etc/inet/ntp.conf', + owner => 'root', + group => 'sys', + mode => '0444', + source => 'puppet:///modules/rde/ntp.conf', + notify => Service['ntp'] + } + + service { 'ntp': + ensure => 'running', + enable => 'true', + provider => 'smf', + } + + service { 'rpc/bind': ensure => 'running', } + + service { 'zones-proxy-client': + ensure => 'running', + enable => 'true', + provider => 'smf', + } + + # I'm not sure if this is needed on clients. It was needed for + # the NIS server and slave. + svccfg { 'binding': + fmri => 'svc:/network/rpc/bind', + property => 'config/local_only', + type => 'boolean', + value => 'false', + } + + service { 'autofs': + ensure => 'running', + enable => 'true', + provider => 'smf', + notify => Service['rpc/bind'], + } + + service { 'sendmail': + ensure => 'running', + enable => 'true', + provider => 'smf', + } + + if ($hostname = 'rdeadm1') { + file_line { 'sendmail_relay': + ensure => 'present', + path => '/etc/mail/sendmail.cf', + line => 'DSsmtp-west.gd-ms.us.', + notify => Service['sendmail'], + } + } else { + file_line { 'sendmail_relay': + ensure => 'present', + path => '/etc/mail/sendmail.cf', + line => 'DSrdeadm1.gddsi.com', + notify => Service['sendmail'], + } + } + + svccfg { 'sendmail': + fmri => 'svc:/network/smtp:sendmail', + property => 'config/local_only', + type => 'boolean', + value => 'false', + notify => Service['sendmail'], + } + + file { '/etc/passwd': + owner => 'root', + group => 'sys', + mode => '0644', + } + + file { '/etc/group': + owner => 'root', + group => 'sys', + mode => '0644', + } + + file { '/etc/shadow': + owner => 'root', + group => 'sys', + mode => '0400', + } + + host { 'rdeadm1': + ensure => 'present', + comment => 'NIS Master', + ip => '10.100.13.21', + } + + host { 'rdeadm2': + ensure => 'present', + comment => 'NIS Slave', + ip => '10.100.13.22', + } + + file { 'motd': + path => '/etc/motd', + owner => 'root', + group => 'sys', + mode => '0444', + source => 'puppet:///modules/rde/motd', + } + + file { 'issue': + path => '/etc/issue', + owner => 'root', + group => 'sys', + mode => '0444', + source => 'puppet:///modules/rde/issue', + } + + file { 'sudoers': + path => '/etc/sudoers.d/admins', + owner => 'root', + group => 'sys', + mode => '0444', + content => "+ccadms ALL=(ALL) ALL\np2282c ALL=(ALL) NOPASSWD:ALL\nhn06511 ALL=(ALL) NOPASSWD:ALL\n", + } + + # Add "+" to /etc/group + file_line { 'groups': + path => '/etc/group', + ensure => 'present', + line => '+', + } + + # Add "+" to /etc/shadow + file_line { 'shadow': + path => '/etc/shadow', + ensure => 'present', + line => '+', + } + + # Everybody mounts these + file_line { 'vob_storage', + ensure => 'present', + path => '/etc/vfstab', + line => 'muosrdenas1:/rdevob1 - /rdevob1 nfs - yes -', + } + file_line { 'view_storage', + ensure => 'present', + path => '/etc/vfstab', + line => 'muosrdenas1:/rdeview1 - /rdeview1 nfs - yes -', + } + + if ($hostname == 'rdevob1' || $hostname == 'rdevob2') { + file_line { 'transfer': + ensure => 'present', + path => '/etc/vfstab', + line => 'muosrdenas1:/transfer - /transfer nfs - yes -', + } + file_line { 'rdevob2', + ensure => 'present', + path => '/etc/vfstab', + line => 'muosrdenas1:/rdevob2 - /rdevob2 nfs - yes -', + } + } + + if ($hostname == 'rdevob1') { + file_line { 'export', + ensure => 'present', + path => '/etc/vfstab', + line => 'muosrdenas1:/export - /export nfs - yes -', + } + } + + if ($hostname == 'rdevob1') { + file_line { 'rdeview2', + ensure => 'present', + path => '/etc/vfstab', + line => 'muosrdenas1:/rdeview2 - /rdeview2 nfs - yes -', + } + } + + $std_packages = ['vim', 'gvim', 'tcsh', 'xauth', 'xclock', 'xterm', 'top', 'rdesktop', 'firefox', 'telnet', 'git', 'expect', 'make', 'gcc', 'motif', 'libxp'] + + package { $std_packages: + ensure => 'present', + } +} diff --git a/puppet/server.pp b/puppet/server.pp new file mode 100644 index 0000000..66f629a --- /dev/null +++ b/puppet/server.pp @@ -0,0 +1,23 @@ +# RDE Puppet Server config + +# This subclass defines the configuration for RDE Servers +class rde::server { + # Remove any naked '+''s + file_line { 'all_users': + ensure => 'absent', + path => '/etc/passwd', + line => '# Remove +', + match => '^\+$', + match_for_absence => 'true', + replace => 'false', + tag => 'nis', + } + + # Make sure only members of the ccadms netgroup can log in + file_line { 'server_users': + path => '/etc/passwd', + ensure => 'present', + line => '+@ccadms', + tag => 'nis', + } +} diff --git a/puppet/wincbc.pp b/puppet/wincbc.pp new file mode 100644 index 0000000..734e96a --- /dev/null +++ b/puppet/wincbc.pp @@ -0,0 +1,46 @@ +# RDE Puppet Windows config + +# This subclass defines the configuration for RDE Windows machines +class rde::windows { + tag 'cbc' + + #$win_software_repo = '\\az251dp2ch2d\Software' # A software repo. Currently on the machine under test but can be on any share + + # Install Cygwin + $cyg_setup = "$win_software_repo\\Cygwin-2.9-Win64\\setup-x86_64.exe" + $cyg_repo = "-L -l $win_software_repo\\Cygwin-2.9-Win64" + $cyg_categories = "-C Base" + $cyg_root = 'C:\Cygwin' + $cyg_install_to = "-R $cyg_root" + $cyg_pkgs = "-P openssh,cygrunsrv,bzip2,unzip,zip,gcc-core,gcc-G++,git,git-gui,make,vim,vim-common,perl,perl_base,perl-Term-ReadLine-Gnu,perl-Term-ReadKey,php,python2,python3,dos2unix,rlwrap,wget,xorg-server,xorg-server-common,xorg-x11-fonts-dpi100,xauth,xclock,xload,xterm,gnome-terminal,dbus-x11" + + exec { 'Install Cygwin': + command => "$cyg_setup -q $cyg_repo $cyg_install_to $cyg_categories $cyg_pkgs", + creates => $cyg_root, + timeout => 600, # Cygwin takes some time to install + } + + exec { 'Setup sshd': + path => "$cyg_root\\bin", + command => "bash /usr/bin/ssh-host-config2 -y -u cyg_server -w 'Ranroot!'", + creates => "$cyg_root/etc/sshd_config", + logoutput => 'on_failure', + } + + windows::path { "$cyg_root\\bin": } + + windows::unzip { "$win_software_repo\\ProcessExplorer.zip": + destination => 'C:\Windows\System32', + creates => 'C:\Windows\System32\Procexp.exe', + } + + exec { 'Install Firefox': + command => "$win_software_repo\\FirefoxInstaller.exe -ms", + creates => 'C:\Program Files\Mozilla Firefox\firefox.exe', + } + + exec { 'Install Adobe Reader': + command => "$win_software_repo\\AcroRdrDC1801120040_en_US.exe /sAll", + creates => 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe', + } +} diff --git a/puppet/winclient.pp b/puppet/winclient.pp new file mode 100644 index 0000000..3073f55 --- /dev/null +++ b/puppet/winclient.pp @@ -0,0 +1,7 @@ +# RDE Puppet Windows Client config + +# This subclass defines the configuration for RDE Windows client machines +class rde::windows::client { + # Not sure what additional software is needed for a Windows Server to be a Domain + # Controller (DC) nor what added software might make it more useful. +} diff --git a/puppet/windc.pp b/puppet/windc.pp new file mode 100644 index 0000000..18f6df6 --- /dev/null +++ b/puppet/windc.pp @@ -0,0 +1,25 @@ +# RDE Puppet Windows Domain Controller config + +# This subclass defines the configuration for RDE Windows domain controller +class rde::windows::domain_controller { + tag 'dc' + + install => 'present', + installmanagementtools => true, + restart => true, + installflag => true, + configure => 'present', + configureflag => true, + domain => 'forest', + domainname => 'gddsi.com', + netbiosdomainname => 'rde', + domainlevel => '6', + forestlevel => '6', + databasepath => 'c:\windows\ntds', + logpath => 'c:\windows\ntds', + sysvolpath => 'c:\windows\sysvol', + installtype => 'domain', + dsrmpassword => '', + installdns => 'yes', + localadminpassword => '', +} \ No newline at end of file diff --git a/puppet/winserver.pp b/puppet/winserver.pp new file mode 100644 index 0000000..abf43c4 --- /dev/null +++ b/puppet/winserver.pp @@ -0,0 +1,7 @@ +# RDE Puppet Windows Server config + +# This subclass defines the configuration for RDE Windows server machines + +class rde::windows::server { + +} \ No newline at end of file diff --git a/puppet/wints.pp b/puppet/wints.pp new file mode 100644 index 0000000..6963e74 --- /dev/null +++ b/puppet/wints.pp @@ -0,0 +1,188 @@ +# RDE Puppet Windows Terminal config + +# This subclass defines the configuration for RDE Windows terminal server. Note that +# this server will have a lot of development tools installed on it as RDE developers +# use these machines to run Windows tools. +# +# Seems like there are a few ways to install Windows packages. One is just using exec. +# The other is just to unzip a file. Finally there's .msi files. I think we can use +# the package resource for .msi's and .exe's. Not as sure about being able to unsip +# applications that are just delivered as a zip file. I need a Windows machine to test +# things on. + +class rde::wints { + $win_software_repo = '\\az251dp2ch2d\Software' # A software repo. Currently on the machine under test but can be on any share + tag 'ts' + + # ActivePerl: Installs OK + windows::unzip { "$win_software_repo\\ActivePerl-5.24.3.2404-MSWin32-x64-404865.zip": + destination => "C:\\", + creates => 'C:\Perl', + tag => ['activeperl'], + } + + # PHP + file { 'C:\PHP': + ensure => 'directory', + tag => ['php'], + } + + # PHP: Installs OK + windows::unzip { "$win_software_repo\\PHP-5.6.31\\php-5.6.31-Win32-VC11-x86.zip": + destination => "C:\\PHP", + creates => "C:\\PHP\\bin", + require => File['C:\PHP'], + tag => ['php'], + } + + # Ghostscript: Installs OK + package { 'Ghostscript': + source => "$win_software_repo\\Ghostscript-9.0.9\\gs909w64.exe", + install_options => '/S /NCRC', + tag => ['ghostscript'], + } + + # BeyondCompare: Installs OK + exec { 'Beyond Compare': + command => "$win_software_repo\\TPS1166_Beyond_Compare\\beycomp_081407.exe /verysilent /sp-", + tag => ['beyondcompare'] + } + + # SecureCRT: Installs OK + package { 'SecureCRT': + source => "$win_software_repo\\TPS1284_SecureCRT_v6.63\\scrt663-x64.exe", + install_options => '/s /v"/qn"', + tag => ['securecrt'], + } + + # Apache Tomcat: Installs OK + windows::unzip { "$win_software_repo\\Apache-Tomcat-8.5.11\\apache-tomcat-8.5.11-windows-x64.zip": + destination => 'C:\Program Files', + creates => 'C:\Program Files\apache-tomcat-8.5.11', + tag => ['apachetomcat'], + } + + # DeepBurner: Installs OK + package { 'DeepBurner': + source => "$win_software_repo\\DeepBurner-1.9\\DeepBurner1.exe", + install_options => '/s', + tag => ['deepburner'], + } + + # GnuWin32: This "install" requires considerable hand configuration and also + # reaches out to the Internet to download packages. This will not fly behind + # a firewall and most of the functionality here is already provided in Cygwin. + # exec { 'GnuWin32': + # command => "$win_software_repo\\GnuWin32-0.6.21\\GetGnuWin32\\install.bat", + # creates => "???", + #} + + # Notepad++: Installs OK + package { 'Notepad++': + source => "$win_software_repo\\Notepad++7.5.6\\npp.7.5.6.Installer.exe", + install_options => '/S', + tag => ['notepadplusplus'], + } + + # Console2: Installs OK + windows::unzip { "$win_software_repo\\Console-2.00b148-Beta_64bit.zip": + destination => 'C:\Program Files', + creates => 'C:\Program Files\Console2', + tag => 'console2', + } + + # JDK: Installs OK + package { 'JDK': + source => "$win_software_repo\\jdk-8u172-windows-x64.exe", + install_options => '/s', + tag => 'jdk', + } + + # Eclipse: Installs OK + windows::unzip { "$win_software_repo\\Eclipse.zip": + destination => "C:\\", + creates => 'C:\Eclipse', + tag => ['eclipse'], + } + + windows::shortcut { 'C:\Users\All Users\Desktop\Eclipse.lnk': + target => 'C:\Eclipse\Eclipse.exe', + description => 'Eclipse IDE', + tag => ['eclipse'], + } + + # Microsoft SQL Server: I tried installing this but it was too old to run on + # 2012 R2 + # exec { 'Microsoft SQL Server': + # command => "$win_software_repo\\Microsoft-SQL-Server-2005-SP3-Express-Edition\\SQLEXPR64-SP3.exe", + # #creates => "???", + #} + + # Microsoft Visual Studio: Thought this was working. Turns out it doesn't work. + # Works by hand though :-( + exec { 'Microsoft Visual Studio': + command => "$win_software_repo\\TPS0004_Visual_studio_Pro_2010\\Setup\Setup.exe /q /full", + creates => 'C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe', + tag => ['visualstudio'], + timeout => 600, # Visual Studio takes some time to install + } + + exec { 'Console Emulator': + command => "$win_software_repo\\ConEmu-150813\\ConEmuSetup.150813g.exe /p:x64 /qr", + creates => 'C:\Program Files\ConEmu', + tag => ['conemu'], + } + + # Putty: Installs OK + exec { 'Putty': + command => "$win_software_repo\\TPS1288_PuTTY\\putty-0.63-installer.exe /verysilent /sp-", + tag => ['putty'], + } + + # Python 2.7.13: Installs OK + package { 'Python 2.7.13': + source => "$win_software_repo\\Python-2.7.13\\Windows\\python-2.7.13.amd64.msi", + install_options => '/qn', + tag => ['python2713'], + } + + # Pythong 3.6.4: Installs OK + exec { 'Python 3.6.4': + command => "$win_software_repo\\Python-3.6.4\\python-3.6.4-amd64.exe /quiet InstallAllUsers=1 PrependPath=1", + tag => ['python364'], + } + + # TeraTerm: Installs OK + package { 'TeraTerm': + source => "$win_software_repo\\TeraTerm-4.7.3\\teraterm-4.73.exe", + install_options => '/verysilent', + tag => ['teraterm'], + } + + # VIM 7.3: Installs OK + windows::unzip { "$win_software_repo\\VIM-7.3\\MSDOS\\vim73w32.zip": + destination => 'C:\Program Files', + creates => 'C:\Program Files\vim', + tag => ['vim'], + } + + # VNC: Installs OK + package { 'VNC': + source => "$win_software_repo\\VNC-Open-4.1.3\\vnc-4_1_3-x86_win32.exe", + install_options => '/verysilent', + tag => ['vnc'], + } + + # Microsoft Office: Installs OK + exec { 'Microsoft Office': + command => "$win_software_repo\\TPS1293_Office_Standard\\setup.exe /config Standard.WW\config.xml", + tag => ['office'], + } + + # Microsoft Visio: Installs OK + exec { 'Microsoft Visio': + command => "$win_software_repo\\TPS0003_Visio_Standard\\x86\\setup.exe /config Visio.WW\config.xml", + timeout => 600, # Microsoft Visio takes some time to install + tag => ['visio'], + } +} -- 2.17.1