From 5239846956644f27d1619ce43b742034925d3ebc Mon Sep 17 00:00:00 2001 From: Julien Dessaux Date: Fri, 25 Aug 2017 17:21:05 +0200 Subject: Changed policies organisation to use methods --- services/applications/bareos_fd.cf | 38 +++++++++++++++++++++++++++++++++ services/applications/check_mk.cf | 43 ++++++++++++++++++++++++++++++++++++++ services/applications/fcgiwrap.cf | 8 +++++++ services/applications/sshd.cf | 33 +++++++++++++++++++++++++++++ 4 files changed, 122 insertions(+) create mode 100644 services/applications/bareos_fd.cf create mode 100644 services/applications/check_mk.cf create mode 100644 services/applications/fcgiwrap.cf create mode 100644 services/applications/sshd.cf (limited to 'services/applications') diff --git a/services/applications/bareos_fd.cf b/services/applications/bareos_fd.cf new file mode 100644 index 0000000..3b16a91 --- /dev/null +++ b/services/applications/bareos_fd.cf @@ -0,0 +1,38 @@ +bundle agent bareos_fd +{ + vars: + freebsd:: + "packages" slist => { + "bareos-client", + }; + "rc_conf_lines" slist => { + "bareos_fd_enable=\"YES\"", + "bareos_fd_config=\"/usr/local/etc/bareos/\"", + }; + !freebsd:: + "packages" slist => {}; + classes: + freebsd:: + "bareos_fd_service_running" expression => returnszero("/usr/sbin/service bareos-fd status", "noshell"); + methods: + freebsd:: + "any" usebundle => install_package("$(bareos_fd.packages)"); + "any" usebundle => add_rc_conf_line("$(bareos_fd.rc_conf_lines)"); + files: + freebsd:: + "/usr/local/etc/bareos/bareos-fd.d/client/myself.conf" + edit_defaults => std_defs, + perms => system_owned("444"), + edit_line => replace_line_end("Name =", "$(sys.host)-fd"), + classes => if_repaired("bareos_client_file_repaired"); + commands: + freebsd.!bareos_fd_service_running:: + "/usr/sbin/service bareos-fd start" classes => if_repaired("bareos_fd_service_repaired"); + freebsd.bareos_client_file_repaired:: + "/usr/sbin/service bareos-fd restart" classes => if_repaired("bareos_fd_service_restarted"); + reports: + any:: + "$(this.bundle): /usr/local/etc/bareos/bareos-fd.d/client/myself.conf repaired" ifvarclass => "bareos_client_file_repaired"; + "$(this.bundle): bareos-fd service repaired" ifvarclass => "bareos_fd_service_repaired"; + "$(this.bundle): bareos-fd service restarted" ifvarclass => "bareos_fd_service_restarted"; +} diff --git a/services/applications/check_mk.cf b/services/applications/check_mk.cf new file mode 100644 index 0000000..0731eaa --- /dev/null +++ b/services/applications/check_mk.cf @@ -0,0 +1,43 @@ +bundle agent check_mk +{ + vars: + freebsd:: + "rc_conf_lines" slist => { + "inetd_enable=\"YES\"", + "inetd_flags=\"-wW\"", + }; + files: + freebsd:: + "/etc/services" + edit_defaults => std_defs, + perms => system_owned("444"), + edit_line => append_if_no_line("check_mk_agent 6556/tcp"), + classes => if_repaired("check_mk_services_file_repaired"); + "/etc/inetd.conf" + edit_defaults => std_defs, + perms => system_owned("444"), + edit_line => append_if_no_line("check_mk_agent stream tcp nowait root /usr/local/bin/check_mk_agent check_mk_agent"), + classes => if_repaired("check_mk_inetd_conf_file_repaired"); + "/usr/local/bin/check_mk_agent" + perms => system_owned("555"), + copy_from => local_cp("$(sys.inputdir)/templates/check_mk/check_mk_agent.freebsd"), + classes => if_repaired("check_mk_agent_repaired"); + classes: + freebsd:: + "inetd_service_running" expression => returnszero("/usr/sbin/service inetd status", "noshell"); + methods: + freebsd:: + "any" usebundle => add_rc_conf_line("$(check_mk.rc_conf_lines)"); + commands: + freebsd.!inetd_service_running:: + "/usr/sbin/service inetd start" classes => if_repaired("inet_service_repaired"); + freebsd.check_mk_inetd_conf_file_repaired:: + "/usr/sbin/service inetd restart" classes => if_repaired("inetd_service_restarted"); + reports: + any:: + "$(this.bundle): /etc/services repaired" ifvarclass => "check_mk_services_file_repaired"; + "$(this.bundle): /etc/inetd.conf repaired" ifvarclass => "check_mk_inetd_conf_file_repaired"; + "$(this.bundle): /usr/local/bin/check_mk_agent repaired" ifvarclass => "check_mk_agent_repaired"; + "$(this.bundle): inetd service repaired" ifvarclass => "inetd_service_repaired"; + "$(this.bundle): inetd service restarted" ifvarclass => "inetd_service_restarted"; +} diff --git a/services/applications/fcgiwrap.cf b/services/applications/fcgiwrap.cf new file mode 100644 index 0000000..af2e8f8 --- /dev/null +++ b/services/applications/fcgiwrap.cf @@ -0,0 +1,8 @@ +bundle common fcgiwrap +{ + vars: + use_fcgiwrap:: + "packages" slist => { + "fcgiwrap", + }; +} diff --git a/services/applications/sshd.cf b/services/applications/sshd.cf new file mode 100644 index 0000000..da602a1 --- /dev/null +++ b/services/applications/sshd.cf @@ -0,0 +1,33 @@ +bundle agent sshd +{ + files: + freebsd:: + "/etc/rc.conf" + create => "true", + edit_defaults => std_defs, + perms => system_owned("444"), + edit_line => append_if_no_line("sshd_enable=\"YES\""), + classes => if_repaired("sshd_rc_conf_file_repaired"); + "/root/.ssh/." + create => "true", + perms => system_owned("700"), + classes => if_repaired("sshd_ssh_dir_repaired"); + "/root/.ssh/authorized_keys" + create => "true", + edit_defaults => empty, + perms => system_owned("444"), + edit_template => "$(sys.inputdir)/templates/sshd/authorized_keys", + classes => if_repaired("sshd_authorized_keys_files_repaired"); + classes: + freebsd:: + "sshd_service_running" expression => returnszero("/usr/sbin/service sshd status", "noshell"); + commands: + freebsd.!sshd_service_running:: + "/usr/sbin/service sshd start" classes => if_repaired("sshd_service_repaired"); + reports: + any:: + "$(this.bundle): /etc/rc.conf repaired" ifvarclass => "sshd_rc_conf_file_repaired"; + "$(this.bundle): /root/.ssh directory repaired" ifvarclass => "sshd_ssh_dir_repaired"; + "$(this.bundle): /root/.ssh/authorized_keys repaired" ifvarclass => "sshd_rc_conf_file_repaired"; + "$(this.bundle): sshd service repaired" ifvarclass => "sshd_service_repaired"; +} -- cgit v1.2.3