Changed policies organisation to use methods

author: Julien Dessaux 2017-08-25 17:21:05 +0200
committer: Julien Dessaux 2017-08-25 17:46:13 +0200
commit: 5239846956644f27d1619ce43b742034925d3ebc (patch)
tree: 59cc92daa324f03509b26de75587892b59b2f35c /services/applications
parent: Added bareos-fd policy (diff)
download: masterfiles-5239846956644f27d1619ce43b742034925d3ebc.tar.gz
masterfiles-5239846956644f27d1619ce43b742034925d3ebc.tar.bz2
masterfiles-5239846956644f27d1619ce43b742034925d3ebc.zip
4 files changed, 122 insertions, 0 deletions
diff --git a/services/applications/bareos_fd.cf b/services/applications/bareos_fd.cf
new file mode 100644
index 0000000..3b16a91
--- /dev/null
+++ b/services/applications/bareos_fd.cf
@@ -0,0 +1,38 @@
+bundle agent bareos_fd
+{
+    vars:
+        freebsd::
+            "packages" slist => {
+                "bareos-client",
+            };
+            "rc_conf_lines" slist => {
+                "bareos_fd_enable=\"YES\"",
+                "bareos_fd_config=\"/usr/local/etc/bareos/\"",
+            };
+        !freebsd::
+            "packages" slist => {};
+    classes:
+        freebsd::
+            "bareos_fd_service_running" expression => returnszero("/usr/sbin/service bareos-fd status", "noshell");
+    methods:
+        freebsd::
+            "any"  usebundle => install_package("$(bareos_fd.packages)");
+            "any"  usebundle => add_rc_conf_line("$(bareos_fd.rc_conf_lines)");
+    files:
+        freebsd::
+            "/usr/local/etc/bareos/bareos-fd.d/client/myself.conf"
+                edit_defaults => std_defs,
+                perms => system_owned("444"),
+                edit_line => replace_line_end("Name =", "$(sys.host)-fd"),
+                classes => if_repaired("bareos_client_file_repaired");
+    commands:
+        freebsd.!bareos_fd_service_running::
+            "/usr/sbin/service bareos-fd start" classes => if_repaired("bareos_fd_service_repaired");
+        freebsd.bareos_client_file_repaired::
+            "/usr/sbin/service bareos-fd restart" classes => if_repaired("bareos_fd_service_restarted");
+    reports:
+        any::
+            "$(this.bundle): /usr/local/etc/bareos/bareos-fd.d/client/myself.conf repaired" ifvarclass => "bareos_client_file_repaired";
+            "$(this.bundle): bareos-fd service repaired" ifvarclass => "bareos_fd_service_repaired";
+            "$(this.bundle): bareos-fd service restarted" ifvarclass => "bareos_fd_service_restarted";
+}
diff --git a/services/applications/check_mk.cf b/services/applications/check_mk.cf
new file mode 100644
index 0000000..0731eaa
--- /dev/null
+++ b/services/applications/check_mk.cf
@@ -0,0 +1,43 @@
+bundle agent check_mk
+{
+    vars:
+        freebsd::
+            "rc_conf_lines" slist => {
+                "inetd_enable=\"YES\"",
+                "inetd_flags=\"-wW\"",
+            };
+    files:
+        freebsd::
+            "/etc/services"
+                edit_defaults => std_defs,
+                perms => system_owned("444"),
+                edit_line => append_if_no_line("check_mk_agent  6556/tcp"),
+                classes => if_repaired("check_mk_services_file_repaired");
+            "/etc/inetd.conf"
+                edit_defaults => std_defs,
+                perms => system_owned("444"),
+                edit_line => append_if_no_line("check_mk_agent  stream  tcp nowait  root  /usr/local/bin/check_mk_agent check_mk_agent"),
+                classes => if_repaired("check_mk_inetd_conf_file_repaired");
+            "/usr/local/bin/check_mk_agent"
+                perms => system_owned("555"),
+                copy_from => local_cp("$(sys.inputdir)/templates/check_mk/check_mk_agent.freebsd"),
+                classes => if_repaired("check_mk_agent_repaired");
+    classes:
+        freebsd::
+            "inetd_service_running" expression => returnszero("/usr/sbin/service inetd status", "noshell");
+    methods:
+        freebsd::
+            "any"  usebundle => add_rc_conf_line("$(check_mk.rc_conf_lines)");
+    commands:
+        freebsd.!inetd_service_running::
+            "/usr/sbin/service inetd start" classes => if_repaired("inet_service_repaired");
+        freebsd.check_mk_inetd_conf_file_repaired::
+            "/usr/sbin/service inetd restart" classes => if_repaired("inetd_service_restarted");
+    reports:
+        any::
+            "$(this.bundle): /etc/services repaired" ifvarclass => "check_mk_services_file_repaired";
+            "$(this.bundle): /etc/inetd.conf repaired" ifvarclass => "check_mk_inetd_conf_file_repaired";
+            "$(this.bundle): /usr/local/bin/check_mk_agent repaired" ifvarclass => "check_mk_agent_repaired";
+            "$(this.bundle): inetd service repaired" ifvarclass => "inetd_service_repaired";
+            "$(this.bundle): inetd service restarted" ifvarclass => "inetd_service_restarted";
+}
diff --git a/services/applications/fcgiwrap.cf b/services/applications/fcgiwrap.cf
new file mode 100644
index 0000000..af2e8f8
--- /dev/null
+++ b/services/applications/fcgiwrap.cf
@@ -0,0 +1,8 @@
+bundle common fcgiwrap
+{
+    vars:
+        use_fcgiwrap::
+            "packages" slist => {
+                "fcgiwrap",
+            };
+}
diff --git a/services/applications/sshd.cf b/services/applications/sshd.cf
new file mode 100644
index 0000000..da602a1
--- /dev/null
+++ b/services/applications/sshd.cf
@@ -0,0 +1,33 @@
+bundle agent sshd
+{
+    files:
+        freebsd::
+            "/etc/rc.conf"
+                create => "true",
+                edit_defaults => std_defs,
+                perms => system_owned("444"),
+                edit_line => append_if_no_line("sshd_enable=\"YES\""),
+                classes => if_repaired("sshd_rc_conf_file_repaired");
+            "/root/.ssh/."
+                create => "true",
+                perms => system_owned("700"),
+                classes => if_repaired("sshd_ssh_dir_repaired");
+            "/root/.ssh/authorized_keys"
+                create => "true",
+                edit_defaults => empty,
+                perms => system_owned("444"),
+                edit_template => "$(sys.inputdir)/templates/sshd/authorized_keys",
+                classes => if_repaired("sshd_authorized_keys_files_repaired");
+    classes:
+        freebsd::
+            "sshd_service_running" expression => returnszero("/usr/sbin/service sshd status", "noshell");
+    commands:
+        freebsd.!sshd_service_running::
+            "/usr/sbin/service sshd start" classes => if_repaired("sshd_service_repaired");
+    reports:
+        any::
+            "$(this.bundle): /etc/rc.conf repaired" ifvarclass => "sshd_rc_conf_file_repaired";
+            "$(this.bundle): /root/.ssh directory repaired" ifvarclass => "sshd_ssh_dir_repaired";
+            "$(this.bundle): /root/.ssh/authorized_keys repaired" ifvarclass => "sshd_rc_conf_file_repaired";
+            "$(this.bundle): sshd service repaired" ifvarclass => "sshd_service_repaired";
+}
author	Julien Dessaux	2017-08-25 17:21:05 +0200
committer	Julien Dessaux	2017-08-25 17:46:13 +0200
commit	5239846956644f27d1619ce43b742034925d3ebc (patch)
tree	59cc92daa324f03509b26de75587892b59b2f35c /services/applications
parent	Added bareos-fd policy (diff)
download	masterfiles-5239846956644f27d1619ce43b742034925d3ebc.tar.gz masterfiles-5239846956644f27d1619ce43b742034925d3ebc.tar.bz2 masterfiles-5239846956644f27d1619ce43b742034925d3ebc.zip