Friday, May 27, 2016

Puppet Module for installing Nvidia's Cuda on Ubuntu 14.04 LTS

https://github.com/OptivLabs/cuda


Posted by at No comments:

Tuesday, May 10, 2016

Puppet module to install PowerBroker open and join machines to domain

init.pp
class pbis (
  $domain = $pbis::params::domain,
  $ldapbindaccount = $pbis::params::ldapbindaccount,
  $ldapbindpassword = $pbis::params::ldapbindpassword,
  $sudogroup = $pbis::params::sudogroup,
) inherits pbis::params {
}

params.pp
class pbis::params {
  $domain = 'example.com'
  $ldapbindaccount = 'user'
  $ldapbindpassword = 'password'
  $sudogroup = 'domain^admins'
}

install.pp
class pbis::install inherits pbis {
  include apt

  apt::source { 'powerbroker':
    comment  => 'Powerbroker Identity Services',
    location => 'http://repo.pbis.beyondtrust.com/apt',
    release  => 'pbiso',
    repos    => 'main',
    pin      => '500',
    key      => {
      'source'     => 'http://repo.pbis.beyondtrust.com/yum/RPM-GPG-KEY-pbis',
      'id'         => 'BE7FF72A6B7C8A9FAE061F4F2E52CD89C9CEECEF',
    },
    include  => {     
      'deb' => true,
    },
  }

  exec { 'pbis-apt-get-update':
    command => '/usr/bin/apt-get update',
    refreshonly => true,
  }

  package { 'pbis-open' :
    ensure => installed,
    provider => apt,
#    source => '/root/pbis-open-8.3.0.3287.linux.x86_64.deb',
  }

  $joindomain = "#!/bin/bash
    domainjoin-cli join $domain \$1 \$2       
    cd /opt/pbis/bin/  
    ./config UserDomainPrefix $domain
    ./config AssumeDefaultDomain true
    ./config LoginShellTemplate /bin/bash
    ./config HomeDirTemplate %H/%U
    ./config RequireMembershipOf '$domain\domain^users'
    "

  file { '/usr/local/bin/join-domain.sh' :
    ensure => present,   
    owner => root,
    group => root,
    mode => '0544',
    content => "$joindomain"
  }
}

join.pp
class pbis::join inherits pbis {

$sudofile="#
# This file MUST be edited with the visudo command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root    ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL
#Domain Admins
%$domain\\\\$sudogroup        ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on #include directives:
#includedir /etc/sudoers.d
"
  file { '/etc/sudoers' :
    ensure => present,
    owner => root,
    group => root,
    mode => '0440',
    content => "$sudofile"
  }

  exec { 'join':
    command => "/usr/local/bin/join-domain.sh $ldapbindaccount $ldapbindpassword",
    require => Class['pbis::install'],
    unless => "/bin/echo $(/usr/bin/domainjoin-cli query)|/bin/grep $domain",
  }
}
Posted by at 1 comment:

Simple puppet class for a squid server with allow all in conf


install.pp

class squid::install inherits squid {
  include apt

  exec { 'squid-update-apt':
    command => '/usr/bin/apt-get update',
    refreshonly => true,
  }

  package { 'squid3' :
    require => Class['squid::setup'],  
    ensure => installed,
    provider => apt,
  }


}

setup.pp

class squid::setup inherits squid {

  $squidconf="acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow all
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localhost
http_access deny all
http_port 3128
coredump_dir /var/spool/squid3
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
refresh_pattern .               0       20%     4320
"

  file { '/etc/squid3/squid.conf' :
    notify => Service['squid3'],
    ensure => present,
    owner => root,
    group => root,
    mode => '0644',
    content => $squidconf
  }
}

init.pp
class squid (
  $example = $squid::params::example,
) inherits squid::params {
}

params.pp
class squid::params {
  $example = 'example1'
}
Posted by at No comments:
Subscribe to: Posts (Atom)