├── .fixtures.yml ├── .gitignore ├── CHANGELOG.md ├── CONTRIBUTING.md ├── Gemfile ├── LICENSE ├── README.md ├── Rakefile ├── manifests ├── firewall.pp ├── firewall │ ├── post.pp │ └── pre.pp └── init.pp ├── metadata.json ├── resources ├── createblock.tmpl ├── header.tmpl ├── parameters.tmpl └── typelist.txt ├── spec ├── classes │ └── init_spec.rb └── spec_helper.rb ├── src └── generate.py └── tests └── init.pp /.fixtures.yml: -------------------------------------------------------------------------------- 1 | fixtures: 2 | repositories: 3 | stdlib: 4 | repo: 'git://github.com/puppetlabs/puppetlabs-stdlib.git' 5 | ref: '4.1.0' 6 | symlinks: 7 | hieratic: "#{source_dir}" 8 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | ## MAC OS 2 | .DS_Store 3 | 4 | ## TEXTMATE 5 | *.tmproj 6 | tmtags 7 | 8 | ## EMACS 9 | *~ 10 | \#* 11 | .\#* 12 | 13 | ## VIM 14 | *.swp 15 | tags 16 | 17 | ## Puppet Module Build 18 | /pkg -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | ## 2015-04-01 - Release 0.6.1 2 | 3 | ### Summary 4 | 5 | This release changes the way classes are created to work around "defined" 6 | issues. 7 | 8 | 9 | ## 2015-03-29 - Release 0.6.0 10 | 11 | ### Summary 12 | 13 | ### Features 14 | 15 | * The new `prefix` option adds a string in front of all labels in hiera. This 16 | allows for overridable namespaces on hieratic. 17 | * Added ability to override default values on a per type basis. 18 | * This release adds support for twelve modules and has improved documentation. 19 | 20 | ### New Modules 21 | 22 | * [puppetlabs-acl](http://forge.puppetlabs.com/puppetlabs/acl) 23 | * [puppetlabs-apache](http://forge.puppetlabs.com/puppetlabs/apache) 24 | * [puppetlabs-apt](http://forge.puppetlabs.com/puppetlabs/apt) 25 | * [puppetlabs-concat](http://forge.puppetlabs.com/puppetlabs/concat) 26 | * [puppetlabs-git](http://forge.puppetlabs.com/puppetlabs/git) 27 | * [puppetlabs-inifile](http://forge.puppetlabs.com/puppetlabs/inifile) 28 | * [puppetlabs-java_ks](http://forge.puppetlabs.com/puppetlabs/java_ks) 29 | * [puppetlabs-mysql](http://forge.puppetlabs.com/puppetlabs/mysql) 30 | * [puppetlabs-postgresql](http://forge.puppetlabs.com/puppetlabs/postgresql) 31 | * [puppetlabs-registry](http://forge.puppetlabs.com/puppetlabs/registry) 32 | * [puppetlabs-rsync](http://forge.puppetlabs.com/puppetlabs/rsync) 33 | * [puppetlabs-vcsrepo](http://forge.puppetlabs.com/puppetlabs/vcsrepo) 34 | 35 | 36 | 37 | ## 2015-03-22 - Release 0.5.2 38 | 39 | ### Summary 40 | 41 | This release focuses on code quality improvements and service robustness. 42 | 43 | #### Bug Fixed 44 | 45 | - Corrected issue where the "class" resources was sometimes marked as undefined. 46 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributions Welcome! 2 | 3 | Pull Requests and Community Contributions are the bread and butter of open 4 | source software. Every contribution- from bug reports to feature requests, typos 5 | to full new features- are greatly appreciated. 6 | 7 | 8 | ## Important Guidelines 9 | 10 | * One Item Per Pull Request or Issue. This makes it much easier to review code 11 | and merge it back in, and prevents issues with one request from blocking 12 | another. 13 | 14 | * Read the LICENSE document and make sure you understand it, because your code 15 | is going to be released under it. 16 | 17 | * Be prepared to make revisions. Don't be discouraged if you're asked to make 18 | changes, as that is just another step towards refining the code and getting it 19 | merged back in. 20 | 21 | * Remember to add the relevant documentation, both inline and in the README. 22 | 23 | 24 | ## Code Styling 25 | 26 | This project follows the PSR standards set forth by 27 | [The Puppet Language Style Guide](https://docs.puppetlabs.com/guides/style_guide.html). 28 | 29 | All code most follow these standards to be accepted. The easiest way to confirm 30 | this is to run `puppet-lind` once the new changes are finished. 31 | 32 | gem install puppet-lint 33 | puppet-lint --fix ./ 34 | 35 | 36 | ## Getting Started Developing Hieratics 37 | 38 | ### Working with generate.py 39 | 40 | This module uses a generator to build the code to support all of the resource 41 | types. This is due to the large amount of duplicated code that exists to support 42 | each resource type. 43 | 44 | The generate.py script uses templates, which are located in the resource 45 | directory. These templates control the formatting of parameters, docblock, and 46 | the create_resources blocks. To make changes to how all of the resources are 47 | generated simply edit these templates and rerun the generator. 48 | 49 | ### Adding New Resource Types 50 | 51 | If you're only looking to add new resources then the process is simple. Just 52 | open a new Pull Request that adds that resource to [this file](https://github.com/tedivm/puppet-hieratic/blob/master/resources/typelist.txt) 53 | and updates the [supported resources list]((#supported-resources)). 54 | 55 | For resources that require customization (such as the firewall module) you 56 | should add the code into a separate class and then include it in the 57 | [generator](https://github.com/tedivm/puppet-hieratic/blob/master/src/generate.py#L48). 58 | 59 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | puppetversion = ENV.key?('PUPPET_VERSION') ? "= #{ENV['PUPPET_VERSION']}" : ['>= 3.3'] 4 | gem 'puppet', puppetversion 5 | gem 'puppetlabs_spec_helper', '>= 0.1.0' 6 | gem 'puppet-lint', '>= 0.3.2' 7 | gem 'facter', '>= 1.7.0' 8 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 Robert Hafner 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # hieratic 2 | 3 | #### Table of Contents 4 | 5 | 1. [Overview](#overview) 6 | 2. [Module Description - What the module does and why it is useful](#module-description) 7 | 2. [Supported Resources - What resources are supported by this module](#supported-resources) 8 | 3. [Setup - The basics of getting started with hieratic](#setup) 9 | * [What hieratic affects](#what-hieratic-affects) 10 | * [Setup requirements](#setup-requirements) 11 | * [Beginning with hieratic](#beginning-with-hieratic) 12 | 4. [Usage - Configuration options and additional functionality](#usage) 13 | * [Define Resources in Hiera](#define-resources-in-hiera) 14 | * [Using Hierarchies with Hiera and Hieratic](#using-hierarchies-with-hiera-and-hieratic) 15 | * [Differences Between Hieratic and Automatic Parameter Lookup](#differences-between-hieratic-and-automatic-parameter-lookup) 16 | * [Automatic Parameter Lookup Compatibility](#automatic-parameter-lookup-compatibility) 17 | * [Change the Labels (or names) of Hiera Resources](#change-the-labels-or-names-of-hiera-resources) 18 | * [Setting Default Values for Resources](#setting-default-values-for-resources) 19 | * [Enabling Some Resources and not Others](#enabling-some-resources-and-not-others) 20 | * [Defining Firewall Rules](#defining_firewall_rules) 21 | 5. [Reference - An under-the-hood peek at what the module is doing and how](#reference) 22 | * [Parameters](#parameters) 23 | 5. [Limitations - OS compatibility, etc.](#limitations) 24 | 6. [Development - Guide for contributing to the module](#development) 25 | 26 | ## Overview 27 | 28 | Hieratic allows Puppet Resources to be created directly in 29 | [Hiera](https://docs.puppetlabs.com/hiera/1/). 30 | 31 | ## Module Description 32 | 33 | This incredibly meta module allows for the direct creation of resources using 34 | Hiera. 35 | 36 | This module does not, by itself, add any resources or change your systems. What 37 | it does is add a new way to configure systems by defining resources inside of 38 | Hiera. This makes it possible to define all site configuration in Hiera. This 39 | means that all of the site data can be kept in Hiera, allowing both a separation 40 | of data and implementation as well as the ability to store all configurations in 41 | a consistant format (yaml, json, or a custom provider). 42 | 43 | ## Supported Resources 44 | 45 | * [Puppet Resource Types](https://docs.puppetlabs.com/references/latest/type.html) 46 | * [Puppet Classes](https://docs.puppetlabs.com/puppet/latest/reference/lang_classes.html) 47 | 48 | In addition to the build in resources, Hieratic supports the resource types from 49 | these modules: 50 | 51 | * [puppetlabs-acl](http://forge.puppetlabs.com/puppetlabs/acl) 52 | * [puppetlabs-apache](http://forge.puppetlabs.com/puppetlabs/apache) 53 | * [puppetlabs-apt](http://forge.puppetlabs.com/puppetlabs/apt) 54 | * [puppetlabs-concat](http://forge.puppetlabs.com/puppetlabs/concat) 55 | * [puppetlabs-firewall](https://forge.puppetlabs.com/puppetlabs/firewall), with 56 | the addition of `firewall_pre` and `firewall_post` for global defaults around 57 | the custom rules. 58 | * [puppetlabs-git](http://forge.puppetlabs.com/puppetlabs/git) 59 | * [puppetlabs-inifile](http://forge.puppetlabs.com/puppetlabs/inifile) 60 | * [puppetlabs-java_ks](http://forge.puppetlabs.com/puppetlabs/java_ks) 61 | * [puppetlabs-mysql](http://forge.puppetlabs.com/puppetlabs/mysql) 62 | * [puppetlabs-postgresql](http://forge.puppetlabs.com/puppetlabs/postgresql) 63 | * [puppetlabs-registry](http://forge.puppetlabs.com/puppetlabs/registry) 64 | * [puppetlabs-rsync](http://forge.puppetlabs.com/puppetlabs/rsync) 65 | * [puppetlabs-stdlib](http://forge.puppetlabs.com/puppetlabs/stdlib) 66 | * [puppetlabs-vcsrepo](http://forge.puppetlabs.com/puppetlabs/vcsrepo) 67 | 68 | 69 | ## Setup 70 | 71 | ### What hieratic affects 72 | 73 | * Any supported resource can be modified with this module. 74 | * Most modules can be used by this module through the `class` resource. 75 | 76 | ### Setup Requirements 77 | 78 | It's recommended that you enable [`deeper merge`](https://docs.puppetlabs.com/hiera/1/hierarchy.html) 79 | in Hiera and define a proper [hierarchy](https://docs.puppetlabs.com/hiera/1/hierarchy.html). 80 | 81 | Although Hiera supports some non-native modules, such as Firewalls, it does not 82 | include them. Any modules that are used as part of a site should be added as 83 | dependencies of that site. 84 | 85 | ### Beginning with hieratic 86 | 87 | Make sure to include `hieratic` in your main manifest. 88 | 89 | ```puppet 90 | include hieratic 91 | ``` 92 | 93 | At this point you can move away manifests and over to Hiera. 94 | 95 | If you want to add custom options you can include Hieratic as a class. 96 | 97 | ```puppet 98 | class {'hieratic':} 99 | ``` 100 | 101 | ## Usage 102 | 103 | ### Define Resources in Hiera 104 | 105 | Without this module packages have to be defined in manifests- 106 | ```puppet 107 | $packages = [ "git", "subversion", "p7zip", "nmap", "ethstatus", "iptraf" ] 108 | package { $packages: ensure => "installed" } 109 | ``` 110 | 111 | With Hieratic packages are listed as data in Hiera- 112 | ```yaml 113 | --- 114 | package: 115 | git: {} 116 | subversion: {} 117 | p7zip: {} 118 | nmap: {} 119 | ethstatus: {} 120 | iptraf: {} 121 | ``` 122 | 123 | This also works for other types such as groups- 124 | ```puppet 125 | Group { "sudo": 126 | name => "sudo" 127 | ensure => "present" 128 | } 129 | 130 | Group { "admin": 131 | name => "admin" 132 | ensure => "present" 133 | } 134 | ``` 135 | 136 | The above gets replaced by- 137 | ```yaml 138 | --- 139 | group: 140 | sudo: 141 | name: 'sudo' 142 | ensure: 'present' 143 | admin: 144 | name: 'admin' 145 | ensure: 'present' 146 | ``` 147 | 148 | ### Using Hierarchies with Hiera and Hieratic 149 | 150 | > Hiera uses an [ordered hierarchy](https://docs.puppetlabs.com/hiera/1/hierarchy.html) 151 | > to look up data. This allows you to have a large amount of common data and 152 | > override smaller amounts of it wherever necessary. 153 | 154 | The beauty of Hiera is in how it allows for default behaviors while allowing 155 | small changes for machines that need it. For example, if you want to have a base 156 | ssh configuration with some additional options for running on VirtualBox with 157 | Vagrant. 158 | 159 | For this example make sure your `hiera.yaml` file has a hierarchy using the 160 | `virtual` fact- 161 | ```yaml 162 | --- 163 | - "%{::virtual}" 164 | - "common" 165 | ``` 166 | 167 | Then define the general definition in a `common.yaml` file: 168 | ```yaml 169 | --- 170 | class: 171 | 'ssh': 172 | 'server_options': 173 | Protocol: '2' 174 | PermitRootLogin: 'no' 175 | PubkeyAuthentication: 'yes' 176 | PasswordAuthentication: 'no' 177 | UsePAM: 'no' 178 | Port: 179 | - 5022 180 | AllowGroups: 181 | - admin 182 | ``` 183 | 184 | Finally add the custom information to `virtualbox.yaml`: 185 | 186 | ```yaml 187 | --- 188 | class: 189 | 'ssh': 190 | storeconfigs_enabled: false 191 | server_options: 192 | Port: 193 | - 22 194 | AllowGroups: 195 | - vagrant 196 | ``` 197 | 198 | ### Differences Between Hieratic and Automatic Parameter Lookup 199 | 200 | Hieratic allows for the full merging of hierarchies, which is what allows the 201 | behavior from the example above to take place. The Automatic Parameter Lookup 202 | system has a [severe limitation](https://docs.puppetlabs.com/hiera/1/puppet.html#limitations) 203 | in that it can not merge values from multiple hierarchy levels- you will only 204 | get the highest priority value and nothing else. 205 | 206 | 207 | ### Automatic Parameter Lookup Compatibility 208 | 209 | When using Hieratic there is no reason to use APL, and it can in the default 210 | configuration cause some potential issues. 211 | 212 | If APL is a requirement then use the `prefix` option in `hieratic` to namespace 213 | the hieratic objects. This will prevent any overlap in names between APL and 214 | Hieratic keys. 215 | 216 | ```puppet 217 | class { 'hieratic': 218 | prefix => 'hieratic_', 219 | } 220 | ``` 221 | 222 | Alternatively APL can be disabled in the puppet master's `puppet.conf` file. 223 | 224 | ```ini 225 | [master] 226 | data_binding_terminus = none 227 | ``` 228 | 229 | 230 | ### Change the Labels (or names) of Hiera Resources 231 | 232 | Each resource type has an associated label parameter that can be used to change 233 | how resources are grouped in Hiera. To refer to class resources as "classes" 234 | then change the "class_label" to "classes". 235 | 236 | ```puppet 237 | class { 'hieratic': 238 | class_label => 'classes', 239 | package_label => 'packages', 240 | } 241 | ``` 242 | 243 | ```yaml 244 | --- 245 | packages: 246 | git: {} 247 | subversion: {} 248 | p7zip: {} 249 | p7zip-full: {} 250 | nmap: {} 251 | ethstatus: {} 252 | iptraf: {} 253 | ``` 254 | 255 | 256 | ### Setting Default Values for Resources 257 | 258 | Hieratic allows you to override the default values of any resource on a global 259 | level. 260 | 261 | To set a default shell for all hieratic created users.- 262 | ```puppet 263 | class { 'hieratic': 264 | user_defaults => { 265 | 'shell' => '/bin/zsh' 266 | }, 267 | } 268 | ``` 269 | 270 | 271 | 272 | ### Enabling Some Resources and Not Others 273 | 274 | By default Hieratic enables all resource types. Turning off "global_enable" lets 275 | resources get enabled on an individual basis. They are all disabled by default, 276 | and can be turned on by their respective "type_enable" parameters. 277 | 278 | To turn off all resources types and enable class and files- 279 | ```puppet 280 | class { 'hieratic': 281 | global_enable => false, 282 | class_enable => true, 283 | file_enable => true, 284 | } 285 | ``` 286 | 287 | ### Defining Firewall Rules 288 | 289 | With Hieratics all of your `firewall` rules can easily be defined in your Hiera 290 | configuration. You can use the `firewall_pre` and `firewall_post` rules to 291 | enforce the order which rules are added by Puppet to the system to prevent 292 | accidental lockouts. 293 | 294 | ```yaml 295 | --- 296 | firewall_pre: 297 | '000 accept all icmp': 298 | proto: 'icmp' 299 | action: 'accept' 300 | '001 accept all to lo interface': 301 | proto: 'all' 302 | iniface: 'lo' 303 | action: 'accept' 304 | '002 accept established related rules': 305 | proto: 'all' 306 | state: 307 | - 'ESTABLISHED' 308 | - 'RELATED' 309 | action: 'accept' 310 | 311 | firewall: 312 | '022 accept ssh traffic': 313 | proto: 'tcp' 314 | dport: '22' 315 | action: 'accept' 316 | 317 | firewall_post: 318 | '910 drop remaining inputs': 319 | chain: 'INPUT' 320 | action: 'drop' 321 | proto: 'all' 322 | '910 drop remaining inputs ipv6': 323 | chain: 'INPUT' 324 | action: 'drop' 325 | proto: 'all' 326 | provider: 'ip6tables' 327 | '910 drop remaining forwards': 328 | chain: 'FORWARD' 329 | action: 'drop' 330 | proto: 'all' 331 | '910 drop remaining forwards ipv6': 332 | chain: 'FORWARD' 333 | action: 'drop' 334 | proto: 'all' 335 | provider: 'ip6tables' 336 | ``` 337 | 338 | ## Reference 339 | 340 | The only public facing class is "hieratic". 341 | 342 | ### Parameters 343 | 344 | * [*global_enable*] 345 | Defaults to true. With this on all resources are exposed through Hiera. 346 | For granular control set this to false and manually enable specific resource 347 | types. 348 | 349 | * [*prefix*] 350 | Defaults to ''. This string gets added to all of the various `TYPE_label` 351 | keys in hiera. 352 | 353 | * [*TYPE_enable*] 354 | Defaults to true. With this on all resources are exposed through Hiera. 355 | 356 | * [*TYPE_label*] 357 | Defaults to the name of the type. This defines the top level hiera variable 358 | name to use when defining values of this type. 359 | 360 | * [*TYPE_defaults*] 361 | Defaults to and empty array. This allows default values to be set for each 362 | resource type. 363 | 364 | 365 | ## Limitations 366 | 367 | This module works with any version of Puppet that has Hiera installed, on any 368 | operating system. 369 | 370 | ## Development 371 | 372 | Contributions are always welcome. Please read the [Contributing Guide](CONTRIBUTING.md) 373 | to get started. 374 | -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | require 'rubygems' 2 | require 'puppetlabs_spec_helper/rake_tasks' 3 | require 'puppet-lint/tasks/puppet-lint' 4 | PuppetLint.configuration.send('disable_80chars') 5 | PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"] 6 | 7 | desc "Validate manifests, templates, and ruby files" 8 | task :validate do 9 | Dir['manifests/**/*.pp'].each do |manifest| 10 | sh "puppet parser validate --noop #{manifest}" 11 | end 12 | Dir['spec/**/*.rb','lib/**/*.rb'].each do |ruby_file| 13 | sh "ruby -c #{ruby_file}" unless ruby_file =~ /spec\/fixtures/ 14 | end 15 | Dir['templates/**/*.erb'].each do |template| 16 | sh "erb -P -x -T '-' #{template} | ruby -c" 17 | end 18 | end 19 | -------------------------------------------------------------------------------- /manifests/firewall.pp: -------------------------------------------------------------------------------- 1 | # == Class: hieratic 2 | # 3 | # Internal class- this should be called through Hieratic, not directly. 4 | # 5 | # === Authors 6 | # 7 | # Robert Hafner 8 | # 9 | # === Copyright 10 | # 11 | # Copyright 2015 Robert Hafner 12 | # 13 | 14 | class hieratic::firewall ( 15 | $global_enable = true, 16 | $firewall_label = firewall, 17 | $firewall_enabled = false, 18 | $firewall_defaults = {}, 19 | $firewall_pre_label = firewall_pre, 20 | $firewall_pre_enabled = false, 21 | $firewall_pre_defaults = {}, 22 | $firewall_post_label = firewall_post, 23 | $firewall_post_enabled = false, 24 | $firewall_post_defaults = {}, 25 | ) { 26 | 27 | if(defined('firewall') 28 | and ($firewall_enabled or $global_enable)) { 29 | 30 | resources { 'firewall': 31 | purge => true 32 | } 33 | 34 | Firewall { 35 | before => Class['hieratic::firewall::post'], 36 | require => Class['hieratic::firewall::pre'], 37 | } 38 | 39 | $firewall_config = hiera_hash($firewall_label, {}) 40 | create_resources(firewall, $firewall_config, $firewall_defaults) 41 | 42 | class { ['hieratic::firewall::pre', 'hieratic::firewall::post']: } 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /manifests/firewall/post.pp: -------------------------------------------------------------------------------- 1 | # == Class: hieratic 2 | # 3 | # Internal class- this should be called through Hieratic, not directly. 4 | # 5 | # === Authors 6 | # 7 | # Robert Hafner 8 | # 9 | # === Copyright 10 | # 11 | # Copyright 2015 Robert Hafner 12 | # 13 | 14 | class hieratic::firewall::post { 15 | Firewall { 16 | before => undef, 17 | } 18 | if(defined('firewall') 19 | and ($hieratic::firewall::firewall_post_enabled 20 | or $hieratic::firewall::global_enable)) { 21 | create_resources(firewall, 22 | hiera_hash($hieratic::firewall::firewall_post_label, 23 | $hieratic::firewall::firewall_post_defaults)) 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /manifests/firewall/pre.pp: -------------------------------------------------------------------------------- 1 | # == Class: hieratic 2 | # 3 | # Internal class- this should be called through Hieratic, not directly. 4 | # 5 | # === Authors 6 | # 7 | # Robert Hafner 8 | # 9 | # === Copyright 10 | # 11 | # Copyright 2015 Robert Hafner 12 | # 13 | 14 | class hieratic::firewall::pre { 15 | Firewall { 16 | require => undef, 17 | } 18 | if(defined('firewall') 19 | and ($hieratic::firewall::firewall_pre_enabled 20 | or $hieratic::firewall::global_enable)) { 21 | create_resources(firewall, 22 | hiera_hash($hieratic::firewall::firewall_pre_label, 23 | $hieratic::firewall::firewall_pre_defaults)) 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /manifests/init.pp: -------------------------------------------------------------------------------- 1 | # == Class: hieratic 2 | # 3 | # Hieratic allows Puppet Resources to be created directly in Hiera. 4 | # 5 | # === Parameters 6 | # 7 | # [*global_enable*] 8 | # Defaults to true. With this on all resources are exposed through Hiera. 9 | # For granular control set this to false and manually enable specific 10 | # resource types. 11 | # 12 | # [*prefix*] 13 | # Defaults to ''. This string gets added to all of the various `TYPE_label` 14 | # keys in hiera. 15 | # 16 | # [*TYPE_enable*] 17 | # Defaults to true. With this on all resources are exposed through Hiera. 18 | # 19 | # [*TYPE_label*] 20 | # Defaults to the name of the type. This defines the top level hiera variable 21 | # name to use when defining values of this type. 22 | # 23 | # [*TYPE_defaults*] 24 | # Defaults to and empty array. This allows default values to be set for each 25 | # resource type. 26 | # 27 | # === Examples 28 | # 29 | # include hieratic 30 | # 31 | # class { 'hieratic': 32 | # global_enable => false, 33 | # class_enable => true, 34 | # class_label => 'classes', 35 | # file_enable => true, 36 | # } 37 | # 38 | # === Authors 39 | # 40 | # Robert Hafner 41 | # 42 | # === Copyright 43 | # 44 | # Copyright 2015 Robert Hafner 45 | # 46 | 47 | class hieratic ( 48 | $global_enable = true, 49 | $prefix = '', 50 | $firewall_label = 'firewall', 51 | $firewall_enabled = false, 52 | $firewall_defaults = {}, 53 | $firewall_pre_label = 'firewall_pre', 54 | $firewall_pre_enabled = false, 55 | $firewall_pre_defaults = {}, 56 | $firewall_post_label = 'firewall_post', 57 | $firewall_post_enabled = false, 58 | $firewall_post_defaults = {}, 59 | $class_label = 60 | 'class', 61 | $class_defaults = {}, 62 | $class_enabled = false, 63 | $acl_label = 64 | 'acl', 65 | $acl_defaults = {}, 66 | $acl_enabled = false, 67 | $apache_balancer_label = 68 | 'apache_balancer', 69 | $apache_balancer_defaults = {}, 70 | $apache_balancer_enabled = false, 71 | $apache_balancermember_label = 72 | 'apache_balancermember', 73 | $apache_balancermember_defaults = {}, 74 | $apache_balancermember_enabled = false, 75 | $apache_listen_label = 76 | 'apache_listen', 77 | $apache_listen_defaults = {}, 78 | $apache_listen_enabled = false, 79 | $apache_mod_label = 80 | 'apache_mod', 81 | $apache_mod_defaults = {}, 82 | $apache_mod_enabled = false, 83 | $apache_namevirtualhost_label = 84 | 'apache_namevirtualhost', 85 | $apache_namevirtualhost_defaults = {}, 86 | $apache_namevirtualhost_enabled = false, 87 | $apache_vhost_label = 88 | 'apache_vhost', 89 | $apache_vhost_defaults = {}, 90 | $apache_vhost_enabled = false, 91 | $apt_builddep_label = 92 | 'apt_builddep', 93 | $apt_builddep_defaults = {}, 94 | $apt_builddep_enabled = false, 95 | $apt_conf_label = 96 | 'apt_conf', 97 | $apt_conf_defaults = {}, 98 | $apt_conf_enabled = false, 99 | $apt_force_label = 100 | 'apt_force', 101 | $apt_force_defaults = {}, 102 | $apt_force_enabled = false, 103 | $apt_hold_label = 104 | 'apt_hold', 105 | $apt_hold_defaults = {}, 106 | $apt_hold_enabled = false, 107 | $apt_key_label = 108 | 'apt_key', 109 | $apt_key_defaults = {}, 110 | $apt_key_enabled = false, 111 | $apt_pin_label = 112 | 'apt_pin', 113 | $apt_pin_defaults = {}, 114 | $apt_pin_enabled = false, 115 | $apt_ppa_label = 116 | 'apt_ppa', 117 | $apt_ppa_defaults = {}, 118 | $apt_ppa_enabled = false, 119 | $apt_source_label = 120 | 'apt_source', 121 | $apt_source_defaults = {}, 122 | $apt_source_enabled = false, 123 | $augeas_label = 124 | 'augeas', 125 | $augeas_defaults = {}, 126 | $augeas_enabled = false, 127 | $computers_label = 128 | 'computers', 129 | $computers_defaults = {}, 130 | $computers_enabled = false, 131 | $concat_label = 132 | 'concat', 133 | $concat_defaults = {}, 134 | $concat_enabled = false, 135 | $concat_fragment_label = 136 | 'concat_fragment', 137 | $concat_fragment_defaults = {}, 138 | $concat_fragment_enabled = false, 139 | $cron_label = 140 | 'cron', 141 | $cron_defaults = {}, 142 | $cron_enabled = false, 143 | $exec_label = 144 | 'exec', 145 | $exec_defaults = {}, 146 | $exec_enabled = false, 147 | $file_label = 148 | 'file', 149 | $file_defaults = {}, 150 | $file_enabled = false, 151 | $file_line_label = 152 | 'file_line', 153 | $file_line_defaults = {}, 154 | $file_line_enabled = false, 155 | $filebucket_label = 156 | 'filebucket', 157 | $filebucket_defaults = {}, 158 | $filebucket_enabled = false, 159 | $git_config_label = 160 | 'git_config', 161 | $git_config_defaults = {}, 162 | $git_config_enabled = false, 163 | $group_label = 164 | 'group', 165 | $group_defaults = {}, 166 | $group_enabled = false, 167 | $host_label = 168 | 'host', 169 | $host_defaults = {}, 170 | $host_enabled = false, 171 | $ini_setting_label = 172 | 'ini_setting', 173 | $ini_setting_defaults = {}, 174 | $ini_setting_enabled = false, 175 | $ini_subsetting_label = 176 | 'ini_subsetting', 177 | $ini_subsetting_defaults = {}, 178 | $ini_subsetting_enabled = false, 179 | $interface_label = 180 | 'interface', 181 | $interface_defaults = {}, 182 | $interface_enabled = false, 183 | $java_ks_label = 184 | 'java_ks', 185 | $java_ks_defaults = {}, 186 | $java_ks_enabled = false, 187 | $k5login_label = 188 | 'k5login', 189 | $k5login_defaults = {}, 190 | $k5login_enabled = false, 191 | $macauthorization_label = 192 | 'macauthorization', 193 | $macauthorization_defaults = {}, 194 | $macauthorization_enabled = false, 195 | $mailalias_label = 196 | 'mailalias', 197 | $mailalias_defaults = {}, 198 | $mailalias_enabled = false, 199 | $maillist_label = 200 | 'maillist', 201 | $maillist_defaults = {}, 202 | $maillist_enabled = false, 203 | $mcx_label = 204 | 'mcx', 205 | $mcx_defaults = {}, 206 | $mcx_enabled = false, 207 | $mount_label = 208 | 'mount', 209 | $mount_defaults = {}, 210 | $mount_enabled = false, 211 | $mysql_database_label = 212 | 'mysql_database', 213 | $mysql_database_defaults = {}, 214 | $mysql_database_enabled = false, 215 | $mysql_grant_label = 216 | 'mysql_grant', 217 | $mysql_grant_defaults = {}, 218 | $mysql_grant_enabled = false, 219 | $mysql_plugin_label = 220 | 'mysql_plugin', 221 | $mysql_plugin_defaults = {}, 222 | $mysql_plugin_enabled = false, 223 | $mysql_user_label = 224 | 'mysql_user', 225 | $mysql_user_defaults = {}, 226 | $mysql_user_enabled = false, 227 | $nagios_command_label = 228 | 'nagios_command', 229 | $nagios_command_defaults = {}, 230 | $nagios_command_enabled = false, 231 | $nagios_contact_label = 232 | 'nagios_contact', 233 | $nagios_contact_defaults = {}, 234 | $nagios_contact_enabled = false, 235 | $nagios_contactgroup_label = 236 | 'nagios_contactgroup', 237 | $nagios_contactgroup_defaults = {}, 238 | $nagios_contactgroup_enabled = false, 239 | $nagios_host_label = 240 | 'nagios_host', 241 | $nagios_host_defaults = {}, 242 | $nagios_host_enabled = false, 243 | $nagios_hostdependency_label = 244 | 'nagios_hostdependency', 245 | $nagios_hostdependency_defaults = {}, 246 | $nagios_hostdependency_enabled = false, 247 | $nagios_hostescalation_label = 248 | 'nagios_hostescalation', 249 | $nagios_hostescalation_defaults = {}, 250 | $nagios_hostescalation_enabled = false, 251 | $nagios_hostextinfo_label = 252 | 'nagios_hostextinfo', 253 | $nagios_hostextinfo_defaults = {}, 254 | $nagios_hostextinfo_enabled = false, 255 | $nagios_hostgroup_label = 256 | 'nagios_hostgroup', 257 | $nagios_hostgroup_defaults = {}, 258 | $nagios_hostgroup_enabled = false, 259 | $nagios_service_label = 260 | 'nagios_service', 261 | $nagios_service_defaults = {}, 262 | $nagios_service_enabled = false, 263 | $nagios_servicedependency_label = 264 | 'nagios_servicedependency', 265 | $nagios_servicedependency_defaults = {}, 266 | $nagios_servicedependency_enabled = false, 267 | $nagios_serviceescalation_label = 268 | 'nagios_serviceescalation', 269 | $nagios_serviceescalation_defaults = {}, 270 | $nagios_serviceescalation_enabled = false, 271 | $nagios_serviceextinfo_label = 272 | 'nagios_serviceextinfo', 273 | $nagios_serviceextinfo_defaults = {}, 274 | $nagios_serviceextinfo_enabled = false, 275 | $nagios_servicegroup_label = 276 | 'nagios_servicegroup', 277 | $nagios_servicegroup_defaults = {}, 278 | $nagios_servicegroup_enabled = false, 279 | $nagios_timeperiod_label = 280 | 'nagios_timeperiod', 281 | $nagios_timeperiod_defaults = {}, 282 | $nagios_timeperiod_enabled = false, 283 | $notify_label = 284 | 'notify', 285 | $notify_defaults = {}, 286 | $notify_enabled = false, 287 | $package_label = 288 | 'package', 289 | $package_defaults = {}, 290 | $package_enabled = false, 291 | $postgresql_server_config_entry_label = 292 | 'postgresql_server_config_entry', 293 | $postgresql_server_config_entry_defaults = {}, 294 | $postgresql_server_config_entry_enabled = false, 295 | $postgresql_server_database_label = 296 | 'postgresql_server_database', 297 | $postgresql_server_database_defaults = {}, 298 | $postgresql_server_database_enabled = false, 299 | $postgresql_server_database_grant_label = 300 | 'postgresql_server_database_grant', 301 | $postgresql_server_database_grant_defaults = {}, 302 | $postgresql_server_database_grant_enabled = false, 303 | $postgresql_server_db_label = 304 | 'postgresql_server_db', 305 | $postgresql_server_db_defaults = {}, 306 | $postgresql_server_db_enabled = false, 307 | $postgresql_server_extension_label = 308 | 'postgresql_server_extension', 309 | $postgresql_server_extension_defaults = {}, 310 | $postgresql_server_extension_enabled = false, 311 | $postgresql_server_pg_hba_rule_label = 312 | 'postgresql_server_pg_hba_rule', 313 | $postgresql_server_pg_hba_rule_defaults = {}, 314 | $postgresql_server_pg_hba_rule_enabled = false, 315 | $postgresql_server_pg_ident_rule_label = 316 | 'postgresql_server_pg_ident_rule', 317 | $postgresql_server_pg_ident_rule_defaults = {}, 318 | $postgresql_server_pg_ident_rule_enabled = false, 319 | $postgresql_server_role_label = 320 | 'postgresql_server_role', 321 | $postgresql_server_role_defaults = {}, 322 | $postgresql_server_role_enabled = false, 323 | $postgresql_server_schema_label = 324 | 'postgresql_server_schema', 325 | $postgresql_server_schema_defaults = {}, 326 | $postgresql_server_schema_enabled = false, 327 | $postgresql_server_table_grant_label = 328 | 'postgresql_server_table_grant', 329 | $postgresql_server_table_grant_defaults = {}, 330 | $postgresql_server_table_grant_enabled = false, 331 | $postgresql_server_tablespace_label = 332 | 'postgresql_server_tablespace', 333 | $postgresql_server_tablespace_defaults = {}, 334 | $postgresql_server_tablespace_enabled = false, 335 | $postgresql_validate_db_connection_label = 336 | 'postgresql_validate_db_connection', 337 | $postgresql_validate_db_connection_defaults = {}, 338 | $postgresql_validate_db_connection_enabled = false, 339 | $postgresql_conf_label = 340 | 'postgresql_conf', 341 | $postgresql_conf_defaults = {}, 342 | $postgresql_conf_enabled = false, 343 | $postgresql_psql_label = 344 | 'postgresql_psql', 345 | $postgresql_psql_defaults = {}, 346 | $postgresql_psql_enabled = false, 347 | $postgresql_replication_slot_label = 348 | 'postgresql_replication_slot', 349 | $postgresql_replication_slot_defaults = {}, 350 | $postgresql_replication_slot_enabled = false, 351 | $registry_value_label = 352 | 'registry_value', 353 | $registry_value_defaults = {}, 354 | $registry_value_enabled = false, 355 | $resources_label = 356 | 'resources', 357 | $resources_defaults = {}, 358 | $resources_enabled = false, 359 | $router_label = 360 | 'router', 361 | $router_defaults = {}, 362 | $router_enabled = false, 363 | $rsync_get_label = 364 | 'rsync_get', 365 | $rsync_get_defaults = {}, 366 | $rsync_get_enabled = false, 367 | $rsync_put_label = 368 | 'rsync_put', 369 | $rsync_put_defaults = {}, 370 | $rsync_put_enabled = false, 371 | $rsync_server_module_label = 372 | 'rsync_server_module', 373 | $rsync_server_module_defaults = {}, 374 | $rsync_server_module_enabled = false, 375 | $schedule_label = 376 | 'schedule', 377 | $schedule_defaults = {}, 378 | $schedule_enabled = false, 379 | $scheduled_task_label = 380 | 'scheduled_task', 381 | $scheduled_task_defaults = {}, 382 | $scheduled_task_enabled = false, 383 | $selboolean_label = 384 | 'selboolean', 385 | $selboolean_defaults = {}, 386 | $selboolean_enabled = false, 387 | $selmodule_label = 388 | 'selmodule', 389 | $selmodule_defaults = {}, 390 | $selmodule_enabled = false, 391 | $service_label = 392 | 'service', 393 | $service_defaults = {}, 394 | $service_enabled = false, 395 | $ssh_authorized_key_label = 396 | 'ssh_authorized_key', 397 | $ssh_authorized_key_defaults = {}, 398 | $ssh_authorized_key_enabled = false, 399 | $ssh_key_label = 400 | 'ssh_key', 401 | $ssh_key_defaults = {}, 402 | $ssh_key_enabled = false, 403 | $stage_label = 404 | 'stage', 405 | $stage_defaults = {}, 406 | $stage_enabled = false, 407 | $tidy_label = 408 | 'tidy', 409 | $tidy_defaults = {}, 410 | $tidy_enabled = false, 411 | $user_label = 412 | 'user', 413 | $user_defaults = {}, 414 | $user_enabled = false, 415 | $vcsrepo_label = 416 | 'vcsrepo', 417 | $vcsrepo_defaults = {}, 418 | $vcsrepo_enabled = false, 419 | $vlan_label = 420 | 'vlan', 421 | $vlan_defaults = {}, 422 | $vlan_enabled = false, 423 | $yumrepo_label = 424 | 'yumrepo', 425 | $yumrepo_defaults = {}, 426 | $yumrepo_enabled = false, 427 | $zfs_label = 428 | 'zfs', 429 | $zfs_defaults = {}, 430 | $zfs_enabled = false, 431 | $zone_label = 432 | 'zone', 433 | $zone_defaults = {}, 434 | $zone_enabled = false, 435 | $zpool_label = 436 | 'zpool', 437 | $zpool_defaults = {}, 438 | $zpool_enabled = false, 439 | ) { 440 | 441 | if(defined('acl') 442 | and ($acl_enabled 443 | or $global_enable)) { 444 | 445 | $acl_config = 446 | hiera_hash("${prefix}${acl_label}", 447 | $acl_defaults) 448 | 449 | create_resources('acl', 450 | $acl_config) 451 | } 452 | 453 | if(defined('apache::balancer') 454 | and ($apache_balancer_enabled 455 | or $global_enable)) { 456 | 457 | $apache_balancer_config = 458 | hiera_hash("${prefix}${apache_balancer_label}", 459 | $apache_balancer_defaults) 460 | 461 | create_resources('apache::balancer', 462 | $apache_balancer_config) 463 | } 464 | 465 | if(defined('apache::balancermember') 466 | and ($apache_balancermember_enabled 467 | or $global_enable)) { 468 | 469 | $apache_balancermember_config = 470 | hiera_hash("${prefix}${apache_balancermember_label}", 471 | $apache_balancermember_defaults) 472 | 473 | create_resources('apache::balancermember', 474 | $apache_balancermember_config) 475 | } 476 | 477 | if(defined('apache::listen') 478 | and ($apache_listen_enabled 479 | or $global_enable)) { 480 | 481 | $apache_listen_config = 482 | hiera_hash("${prefix}${apache_listen_label}", 483 | $apache_listen_defaults) 484 | 485 | create_resources('apache::listen', 486 | $apache_listen_config) 487 | } 488 | 489 | if(defined('apache::mod') 490 | and ($apache_mod_enabled 491 | or $global_enable)) { 492 | 493 | $apache_mod_config = 494 | hiera_hash("${prefix}${apache_mod_label}", 495 | $apache_mod_defaults) 496 | 497 | create_resources('apache::mod', 498 | $apache_mod_config) 499 | } 500 | 501 | if(defined('apache::namevirtualhost') 502 | and ($apache_namevirtualhost_enabled 503 | or $global_enable)) { 504 | 505 | $apache_namevirtualhost_config = 506 | hiera_hash("${prefix}${apache_namevirtualhost_label}", 507 | $apache_namevirtualhost_defaults) 508 | 509 | create_resources('apache::namevirtualhost', 510 | $apache_namevirtualhost_config) 511 | } 512 | 513 | if(defined('apache::vhost') 514 | and ($apache_vhost_enabled 515 | or $global_enable)) { 516 | 517 | $apache_vhost_config = 518 | hiera_hash("${prefix}${apache_vhost_label}", 519 | $apache_vhost_defaults) 520 | 521 | create_resources('apache::vhost', 522 | $apache_vhost_config) 523 | } 524 | 525 | if(defined('apt::builddep') 526 | and ($apt_builddep_enabled 527 | or $global_enable)) { 528 | 529 | $apt_builddep_config = 530 | hiera_hash("${prefix}${apt_builddep_label}", 531 | $apt_builddep_defaults) 532 | 533 | create_resources('apt::builddep', 534 | $apt_builddep_config) 535 | } 536 | 537 | if(defined('apt::conf') 538 | and ($apt_conf_enabled 539 | or $global_enable)) { 540 | 541 | $apt_conf_config = 542 | hiera_hash("${prefix}${apt_conf_label}", 543 | $apt_conf_defaults) 544 | 545 | create_resources('apt::conf', 546 | $apt_conf_config) 547 | } 548 | 549 | if(defined('apt::force') 550 | and ($apt_force_enabled 551 | or $global_enable)) { 552 | 553 | $apt_force_config = 554 | hiera_hash("${prefix}${apt_force_label}", 555 | $apt_force_defaults) 556 | 557 | create_resources('apt::force', 558 | $apt_force_config) 559 | } 560 | 561 | if(defined('apt::hold') 562 | and ($apt_hold_enabled 563 | or $global_enable)) { 564 | 565 | $apt_hold_config = 566 | hiera_hash("${prefix}${apt_hold_label}", 567 | $apt_hold_defaults) 568 | 569 | create_resources('apt::hold', 570 | $apt_hold_config) 571 | } 572 | 573 | if(defined('apt::key') 574 | and ($apt_key_enabled 575 | or $global_enable)) { 576 | 577 | $apt_key_config = 578 | hiera_hash("${prefix}${apt_key_label}", 579 | $apt_key_defaults) 580 | 581 | create_resources('apt::key', 582 | $apt_key_config) 583 | } 584 | 585 | if(defined('apt::pin') 586 | and ($apt_pin_enabled 587 | or $global_enable)) { 588 | 589 | $apt_pin_config = 590 | hiera_hash("${prefix}${apt_pin_label}", 591 | $apt_pin_defaults) 592 | 593 | create_resources('apt::pin', 594 | $apt_pin_config) 595 | } 596 | 597 | if(defined('apt::ppa') 598 | and ($apt_ppa_enabled 599 | or $global_enable)) { 600 | 601 | $apt_ppa_config = 602 | hiera_hash("${prefix}${apt_ppa_label}", 603 | $apt_ppa_defaults) 604 | 605 | create_resources('apt::ppa', 606 | $apt_ppa_config) 607 | } 608 | 609 | if(defined('apt::source') 610 | and ($apt_source_enabled 611 | or $global_enable)) { 612 | 613 | $apt_source_config = 614 | hiera_hash("${prefix}${apt_source_label}", 615 | $apt_source_defaults) 616 | 617 | create_resources('apt::source', 618 | $apt_source_config) 619 | } 620 | 621 | if(defined('augeas') 622 | and ($augeas_enabled 623 | or $global_enable)) { 624 | 625 | $augeas_config = 626 | hiera_hash("${prefix}${augeas_label}", 627 | $augeas_defaults) 628 | 629 | create_resources('augeas', 630 | $augeas_config) 631 | } 632 | 633 | if(defined('computers') 634 | and ($computers_enabled 635 | or $global_enable)) { 636 | 637 | $computers_config = 638 | hiera_hash("${prefix}${computers_label}", 639 | $computers_defaults) 640 | 641 | create_resources('computers', 642 | $computers_config) 643 | } 644 | 645 | if(defined('concat') 646 | and ($concat_enabled 647 | or $global_enable)) { 648 | 649 | $concat_config = 650 | hiera_hash("${prefix}${concat_label}", 651 | $concat_defaults) 652 | 653 | create_resources('concat', 654 | $concat_config) 655 | } 656 | 657 | if(defined('concat::fragment') 658 | and ($concat_fragment_enabled 659 | or $global_enable)) { 660 | 661 | $concat_fragment_config = 662 | hiera_hash("${prefix}${concat_fragment_label}", 663 | $concat_fragment_defaults) 664 | 665 | create_resources('concat::fragment', 666 | $concat_fragment_config) 667 | } 668 | 669 | if(defined('cron') 670 | and ($cron_enabled 671 | or $global_enable)) { 672 | 673 | $cron_config = 674 | hiera_hash("${prefix}${cron_label}", 675 | $cron_defaults) 676 | 677 | create_resources('cron', 678 | $cron_config) 679 | } 680 | 681 | if(defined('exec') 682 | and ($exec_enabled 683 | or $global_enable)) { 684 | 685 | $exec_config = 686 | hiera_hash("${prefix}${exec_label}", 687 | $exec_defaults) 688 | 689 | create_resources('exec', 690 | $exec_config) 691 | } 692 | 693 | if(defined('file') 694 | and ($file_enabled 695 | or $global_enable)) { 696 | 697 | $file_config = 698 | hiera_hash("${prefix}${file_label}", 699 | $file_defaults) 700 | 701 | create_resources('file', 702 | $file_config) 703 | } 704 | 705 | if(defined('file_line') 706 | and ($file_line_enabled 707 | or $global_enable)) { 708 | 709 | $file_line_config = 710 | hiera_hash("${prefix}${file_line_label}", 711 | $file_line_defaults) 712 | 713 | create_resources('file_line', 714 | $file_line_config) 715 | } 716 | 717 | if(defined('filebucket') 718 | and ($filebucket_enabled 719 | or $global_enable)) { 720 | 721 | $filebucket_config = 722 | hiera_hash("${prefix}${filebucket_label}", 723 | $filebucket_defaults) 724 | 725 | create_resources('filebucket', 726 | $filebucket_config) 727 | } 728 | 729 | if(defined('git::config') 730 | and ($git_config_enabled 731 | or $global_enable)) { 732 | 733 | $git_config_config = 734 | hiera_hash("${prefix}${git_config_label}", 735 | $git_config_defaults) 736 | 737 | create_resources('git::config', 738 | $git_config_config) 739 | } 740 | 741 | if(defined('group') 742 | and ($group_enabled 743 | or $global_enable)) { 744 | 745 | $group_config = 746 | hiera_hash("${prefix}${group_label}", 747 | $group_defaults) 748 | 749 | create_resources('group', 750 | $group_config) 751 | } 752 | 753 | if(defined('host') 754 | and ($host_enabled 755 | or $global_enable)) { 756 | 757 | $host_config = 758 | hiera_hash("${prefix}${host_label}", 759 | $host_defaults) 760 | 761 | create_resources('host', 762 | $host_config) 763 | } 764 | 765 | if(defined('ini_setting') 766 | and ($ini_setting_enabled 767 | or $global_enable)) { 768 | 769 | $ini_setting_config = 770 | hiera_hash("${prefix}${ini_setting_label}", 771 | $ini_setting_defaults) 772 | 773 | create_resources('ini_setting', 774 | $ini_setting_config) 775 | } 776 | 777 | if(defined('ini_subsetting') 778 | and ($ini_subsetting_enabled 779 | or $global_enable)) { 780 | 781 | $ini_subsetting_config = 782 | hiera_hash("${prefix}${ini_subsetting_label}", 783 | $ini_subsetting_defaults) 784 | 785 | create_resources('ini_subsetting', 786 | $ini_subsetting_config) 787 | } 788 | 789 | if(defined('interface') 790 | and ($interface_enabled 791 | or $global_enable)) { 792 | 793 | $interface_config = 794 | hiera_hash("${prefix}${interface_label}", 795 | $interface_defaults) 796 | 797 | create_resources('interface', 798 | $interface_config) 799 | } 800 | 801 | if(defined('java_ks') 802 | and ($java_ks_enabled 803 | or $global_enable)) { 804 | 805 | $java_ks_config = 806 | hiera_hash("${prefix}${java_ks_label}", 807 | $java_ks_defaults) 808 | 809 | create_resources('java_ks', 810 | $java_ks_config) 811 | } 812 | 813 | if(defined('k5login') 814 | and ($k5login_enabled 815 | or $global_enable)) { 816 | 817 | $k5login_config = 818 | hiera_hash("${prefix}${k5login_label}", 819 | $k5login_defaults) 820 | 821 | create_resources('k5login', 822 | $k5login_config) 823 | } 824 | 825 | if(defined('macauthorization') 826 | and ($macauthorization_enabled 827 | or $global_enable)) { 828 | 829 | $macauthorization_config = 830 | hiera_hash("${prefix}${macauthorization_label}", 831 | $macauthorization_defaults) 832 | 833 | create_resources('macauthorization', 834 | $macauthorization_config) 835 | } 836 | 837 | if(defined('mailalias') 838 | and ($mailalias_enabled 839 | or $global_enable)) { 840 | 841 | $mailalias_config = 842 | hiera_hash("${prefix}${mailalias_label}", 843 | $mailalias_defaults) 844 | 845 | create_resources('mailalias', 846 | $mailalias_config) 847 | } 848 | 849 | if(defined('maillist') 850 | and ($maillist_enabled 851 | or $global_enable)) { 852 | 853 | $maillist_config = 854 | hiera_hash("${prefix}${maillist_label}", 855 | $maillist_defaults) 856 | 857 | create_resources('maillist', 858 | $maillist_config) 859 | } 860 | 861 | if(defined('mcx') 862 | and ($mcx_enabled 863 | or $global_enable)) { 864 | 865 | $mcx_config = 866 | hiera_hash("${prefix}${mcx_label}", 867 | $mcx_defaults) 868 | 869 | create_resources('mcx', 870 | $mcx_config) 871 | } 872 | 873 | if(defined('mount') 874 | and ($mount_enabled 875 | or $global_enable)) { 876 | 877 | $mount_config = 878 | hiera_hash("${prefix}${mount_label}", 879 | $mount_defaults) 880 | 881 | create_resources('mount', 882 | $mount_config) 883 | } 884 | 885 | if(defined('mysql_database') 886 | and ($mysql_database_enabled 887 | or $global_enable)) { 888 | 889 | $mysql_database_config = 890 | hiera_hash("${prefix}${mysql_database_label}", 891 | $mysql_database_defaults) 892 | 893 | create_resources('mysql_database', 894 | $mysql_database_config) 895 | } 896 | 897 | if(defined('mysql_grant') 898 | and ($mysql_grant_enabled 899 | or $global_enable)) { 900 | 901 | $mysql_grant_config = 902 | hiera_hash("${prefix}${mysql_grant_label}", 903 | $mysql_grant_defaults) 904 | 905 | create_resources('mysql_grant', 906 | $mysql_grant_config) 907 | } 908 | 909 | if(defined('mysql_plugin') 910 | and ($mysql_plugin_enabled 911 | or $global_enable)) { 912 | 913 | $mysql_plugin_config = 914 | hiera_hash("${prefix}${mysql_plugin_label}", 915 | $mysql_plugin_defaults) 916 | 917 | create_resources('mysql_plugin', 918 | $mysql_plugin_config) 919 | } 920 | 921 | if(defined('mysql_user') 922 | and ($mysql_user_enabled 923 | or $global_enable)) { 924 | 925 | $mysql_user_config = 926 | hiera_hash("${prefix}${mysql_user_label}", 927 | $mysql_user_defaults) 928 | 929 | create_resources('mysql_user', 930 | $mysql_user_config) 931 | } 932 | 933 | if(defined('nagios_command') 934 | and ($nagios_command_enabled 935 | or $global_enable)) { 936 | 937 | $nagios_command_config = 938 | hiera_hash("${prefix}${nagios_command_label}", 939 | $nagios_command_defaults) 940 | 941 | create_resources('nagios_command', 942 | $nagios_command_config) 943 | } 944 | 945 | if(defined('nagios_contact') 946 | and ($nagios_contact_enabled 947 | or $global_enable)) { 948 | 949 | $nagios_contact_config = 950 | hiera_hash("${prefix}${nagios_contact_label}", 951 | $nagios_contact_defaults) 952 | 953 | create_resources('nagios_contact', 954 | $nagios_contact_config) 955 | } 956 | 957 | if(defined('nagios_contactgroup') 958 | and ($nagios_contactgroup_enabled 959 | or $global_enable)) { 960 | 961 | $nagios_contactgroup_config = 962 | hiera_hash("${prefix}${nagios_contactgroup_label}", 963 | $nagios_contactgroup_defaults) 964 | 965 | create_resources('nagios_contactgroup', 966 | $nagios_contactgroup_config) 967 | } 968 | 969 | if(defined('nagios_host') 970 | and ($nagios_host_enabled 971 | or $global_enable)) { 972 | 973 | $nagios_host_config = 974 | hiera_hash("${prefix}${nagios_host_label}", 975 | $nagios_host_defaults) 976 | 977 | create_resources('nagios_host', 978 | $nagios_host_config) 979 | } 980 | 981 | if(defined('nagios_hostdependency') 982 | and ($nagios_hostdependency_enabled 983 | or $global_enable)) { 984 | 985 | $nagios_hostdependency_config = 986 | hiera_hash("${prefix}${nagios_hostdependency_label}", 987 | $nagios_hostdependency_defaults) 988 | 989 | create_resources('nagios_hostdependency', 990 | $nagios_hostdependency_config) 991 | } 992 | 993 | if(defined('nagios_hostescalation') 994 | and ($nagios_hostescalation_enabled 995 | or $global_enable)) { 996 | 997 | $nagios_hostescalation_config = 998 | hiera_hash("${prefix}${nagios_hostescalation_label}", 999 | $nagios_hostescalation_defaults) 1000 | 1001 | create_resources('nagios_hostescalation', 1002 | $nagios_hostescalation_config) 1003 | } 1004 | 1005 | if(defined('nagios_hostextinfo') 1006 | and ($nagios_hostextinfo_enabled 1007 | or $global_enable)) { 1008 | 1009 | $nagios_hostextinfo_config = 1010 | hiera_hash("${prefix}${nagios_hostextinfo_label}", 1011 | $nagios_hostextinfo_defaults) 1012 | 1013 | create_resources('nagios_hostextinfo', 1014 | $nagios_hostextinfo_config) 1015 | } 1016 | 1017 | if(defined('nagios_hostgroup') 1018 | and ($nagios_hostgroup_enabled 1019 | or $global_enable)) { 1020 | 1021 | $nagios_hostgroup_config = 1022 | hiera_hash("${prefix}${nagios_hostgroup_label}", 1023 | $nagios_hostgroup_defaults) 1024 | 1025 | create_resources('nagios_hostgroup', 1026 | $nagios_hostgroup_config) 1027 | } 1028 | 1029 | if(defined('nagios_service') 1030 | and ($nagios_service_enabled 1031 | or $global_enable)) { 1032 | 1033 | $nagios_service_config = 1034 | hiera_hash("${prefix}${nagios_service_label}", 1035 | $nagios_service_defaults) 1036 | 1037 | create_resources('nagios_service', 1038 | $nagios_service_config) 1039 | } 1040 | 1041 | if(defined('nagios_servicedependency') 1042 | and ($nagios_servicedependency_enabled 1043 | or $global_enable)) { 1044 | 1045 | $nagios_servicedependency_config = 1046 | hiera_hash("${prefix}${nagios_servicedependency_label}", 1047 | $nagios_servicedependency_defaults) 1048 | 1049 | create_resources('nagios_servicedependency', 1050 | $nagios_servicedependency_config) 1051 | } 1052 | 1053 | if(defined('nagios_serviceescalation') 1054 | and ($nagios_serviceescalation_enabled 1055 | or $global_enable)) { 1056 | 1057 | $nagios_serviceescalation_config = 1058 | hiera_hash("${prefix}${nagios_serviceescalation_label}", 1059 | $nagios_serviceescalation_defaults) 1060 | 1061 | create_resources('nagios_serviceescalation', 1062 | $nagios_serviceescalation_config) 1063 | } 1064 | 1065 | if(defined('nagios_serviceextinfo') 1066 | and ($nagios_serviceextinfo_enabled 1067 | or $global_enable)) { 1068 | 1069 | $nagios_serviceextinfo_config = 1070 | hiera_hash("${prefix}${nagios_serviceextinfo_label}", 1071 | $nagios_serviceextinfo_defaults) 1072 | 1073 | create_resources('nagios_serviceextinfo', 1074 | $nagios_serviceextinfo_config) 1075 | } 1076 | 1077 | if(defined('nagios_servicegroup') 1078 | and ($nagios_servicegroup_enabled 1079 | or $global_enable)) { 1080 | 1081 | $nagios_servicegroup_config = 1082 | hiera_hash("${prefix}${nagios_servicegroup_label}", 1083 | $nagios_servicegroup_defaults) 1084 | 1085 | create_resources('nagios_servicegroup', 1086 | $nagios_servicegroup_config) 1087 | } 1088 | 1089 | if(defined('nagios_timeperiod') 1090 | and ($nagios_timeperiod_enabled 1091 | or $global_enable)) { 1092 | 1093 | $nagios_timeperiod_config = 1094 | hiera_hash("${prefix}${nagios_timeperiod_label}", 1095 | $nagios_timeperiod_defaults) 1096 | 1097 | create_resources('nagios_timeperiod', 1098 | $nagios_timeperiod_config) 1099 | } 1100 | 1101 | if(defined('notify') 1102 | and ($notify_enabled 1103 | or $global_enable)) { 1104 | 1105 | $notify_config = 1106 | hiera_hash("${prefix}${notify_label}", 1107 | $notify_defaults) 1108 | 1109 | create_resources('notify', 1110 | $notify_config) 1111 | } 1112 | 1113 | if(defined('package') 1114 | and ($package_enabled 1115 | or $global_enable)) { 1116 | 1117 | $package_config = 1118 | hiera_hash("${prefix}${package_label}", 1119 | $package_defaults) 1120 | 1121 | create_resources('package', 1122 | $package_config) 1123 | } 1124 | 1125 | if(defined('postgresql::server::config_entry') 1126 | and ($postgresql_server_config_entry_enabled 1127 | or $global_enable)) { 1128 | 1129 | $postgresql_server_config_entry_config = 1130 | hiera_hash("${prefix}${postgresql_server_config_entry_label}", 1131 | $postgresql_server_config_entry_defaults) 1132 | 1133 | create_resources('postgresql::server::config_entry', 1134 | $postgresql_server_config_entry_config) 1135 | } 1136 | 1137 | if(defined('postgresql::server::database') 1138 | and ($postgresql_server_database_enabled 1139 | or $global_enable)) { 1140 | 1141 | $postgresql_server_database_config = 1142 | hiera_hash("${prefix}${postgresql_server_database_label}", 1143 | $postgresql_server_database_defaults) 1144 | 1145 | create_resources('postgresql::server::database', 1146 | $postgresql_server_database_config) 1147 | } 1148 | 1149 | if(defined('postgresql::server::database_grant') 1150 | and ($postgresql_server_database_grant_enabled 1151 | or $global_enable)) { 1152 | 1153 | $postgresql_server_database_grant_config = 1154 | hiera_hash("${prefix}${postgresql_server_database_grant_label}", 1155 | $postgresql_server_database_grant_defaults) 1156 | 1157 | create_resources('postgresql::server::database_grant', 1158 | $postgresql_server_database_grant_config) 1159 | } 1160 | 1161 | if(defined('postgresql::server::db') 1162 | and ($postgresql_server_db_enabled 1163 | or $global_enable)) { 1164 | 1165 | $postgresql_server_db_config = 1166 | hiera_hash("${prefix}${postgresql_server_db_label}", 1167 | $postgresql_server_db_defaults) 1168 | 1169 | create_resources('postgresql::server::db', 1170 | $postgresql_server_db_config) 1171 | } 1172 | 1173 | if(defined('postgresql::server::extension') 1174 | and ($postgresql_server_extension_enabled 1175 | or $global_enable)) { 1176 | 1177 | $postgresql_server_extension_config = 1178 | hiera_hash("${prefix}${postgresql_server_extension_label}", 1179 | $postgresql_server_extension_defaults) 1180 | 1181 | create_resources('postgresql::server::extension', 1182 | $postgresql_server_extension_config) 1183 | } 1184 | 1185 | if(defined('postgresql::server::pg_hba_rule') 1186 | and ($postgresql_server_pg_hba_rule_enabled 1187 | or $global_enable)) { 1188 | 1189 | $postgresql_server_pg_hba_rule_config = 1190 | hiera_hash("${prefix}${postgresql_server_pg_hba_rule_label}", 1191 | $postgresql_server_pg_hba_rule_defaults) 1192 | 1193 | create_resources('postgresql::server::pg_hba_rule', 1194 | $postgresql_server_pg_hba_rule_config) 1195 | } 1196 | 1197 | if(defined('postgresql::server::pg_ident_rule') 1198 | and ($postgresql_server_pg_ident_rule_enabled 1199 | or $global_enable)) { 1200 | 1201 | $postgresql_server_pg_ident_rule_config = 1202 | hiera_hash("${prefix}${postgresql_server_pg_ident_rule_label}", 1203 | $postgresql_server_pg_ident_rule_defaults) 1204 | 1205 | create_resources('postgresql::server::pg_ident_rule', 1206 | $postgresql_server_pg_ident_rule_config) 1207 | } 1208 | 1209 | if(defined('postgresql::server::role') 1210 | and ($postgresql_server_role_enabled 1211 | or $global_enable)) { 1212 | 1213 | $postgresql_server_role_config = 1214 | hiera_hash("${prefix}${postgresql_server_role_label}", 1215 | $postgresql_server_role_defaults) 1216 | 1217 | create_resources('postgresql::server::role', 1218 | $postgresql_server_role_config) 1219 | } 1220 | 1221 | if(defined('postgresql::server::schema') 1222 | and ($postgresql_server_schema_enabled 1223 | or $global_enable)) { 1224 | 1225 | $postgresql_server_schema_config = 1226 | hiera_hash("${prefix}${postgresql_server_schema_label}", 1227 | $postgresql_server_schema_defaults) 1228 | 1229 | create_resources('postgresql::server::schema', 1230 | $postgresql_server_schema_config) 1231 | } 1232 | 1233 | if(defined('postgresql::server::table_grant') 1234 | and ($postgresql_server_table_grant_enabled 1235 | or $global_enable)) { 1236 | 1237 | $postgresql_server_table_grant_config = 1238 | hiera_hash("${prefix}${postgresql_server_table_grant_label}", 1239 | $postgresql_server_table_grant_defaults) 1240 | 1241 | create_resources('postgresql::server::table_grant', 1242 | $postgresql_server_table_grant_config) 1243 | } 1244 | 1245 | if(defined('postgresql::server::tablespace') 1246 | and ($postgresql_server_tablespace_enabled 1247 | or $global_enable)) { 1248 | 1249 | $postgresql_server_tablespace_config = 1250 | hiera_hash("${prefix}${postgresql_server_tablespace_label}", 1251 | $postgresql_server_tablespace_defaults) 1252 | 1253 | create_resources('postgresql::server::tablespace', 1254 | $postgresql_server_tablespace_config) 1255 | } 1256 | 1257 | if(defined('postgresql::validate_db_connection') 1258 | and ($postgresql_validate_db_connection_enabled 1259 | or $global_enable)) { 1260 | 1261 | $postgresql_validate_db_connection_config = 1262 | hiera_hash("${prefix}${postgresql_validate_db_connection_label}", 1263 | $postgresql_validate_db_connection_defaults) 1264 | 1265 | create_resources('postgresql::validate_db_connection', 1266 | $postgresql_validate_db_connection_config) 1267 | } 1268 | 1269 | if(defined('postgresql_conf') 1270 | and ($postgresql_conf_enabled 1271 | or $global_enable)) { 1272 | 1273 | $postgresql_conf_config = 1274 | hiera_hash("${prefix}${postgresql_conf_label}", 1275 | $postgresql_conf_defaults) 1276 | 1277 | create_resources('postgresql_conf', 1278 | $postgresql_conf_config) 1279 | } 1280 | 1281 | if(defined('postgresql_psql') 1282 | and ($postgresql_psql_enabled 1283 | or $global_enable)) { 1284 | 1285 | $postgresql_psql_config = 1286 | hiera_hash("${prefix}${postgresql_psql_label}", 1287 | $postgresql_psql_defaults) 1288 | 1289 | create_resources('postgresql_psql', 1290 | $postgresql_psql_config) 1291 | } 1292 | 1293 | if(defined('postgresql_replication_slot') 1294 | and ($postgresql_replication_slot_enabled 1295 | or $global_enable)) { 1296 | 1297 | $postgresql_replication_slot_config = 1298 | hiera_hash("${prefix}${postgresql_replication_slot_label}", 1299 | $postgresql_replication_slot_defaults) 1300 | 1301 | create_resources('postgresql_replication_slot', 1302 | $postgresql_replication_slot_config) 1303 | } 1304 | 1305 | if(defined('registry::value') 1306 | and ($registry_value_enabled 1307 | or $global_enable)) { 1308 | 1309 | $registry_value_config = 1310 | hiera_hash("${prefix}${registry_value_label}", 1311 | $registry_value_defaults) 1312 | 1313 | create_resources('registry::value', 1314 | $registry_value_config) 1315 | } 1316 | 1317 | if(defined('resources') 1318 | and ($resources_enabled 1319 | or $global_enable)) { 1320 | 1321 | $resources_config = 1322 | hiera_hash("${prefix}${resources_label}", 1323 | $resources_defaults) 1324 | 1325 | create_resources('resources', 1326 | $resources_config) 1327 | } 1328 | 1329 | if(defined('router') 1330 | and ($router_enabled 1331 | or $global_enable)) { 1332 | 1333 | $router_config = 1334 | hiera_hash("${prefix}${router_label}", 1335 | $router_defaults) 1336 | 1337 | create_resources('router', 1338 | $router_config) 1339 | } 1340 | 1341 | if(defined('rsync::get') 1342 | and ($rsync_get_enabled 1343 | or $global_enable)) { 1344 | 1345 | $rsync_get_config = 1346 | hiera_hash("${prefix}${rsync_get_label}", 1347 | $rsync_get_defaults) 1348 | 1349 | create_resources('rsync::get', 1350 | $rsync_get_config) 1351 | } 1352 | 1353 | if(defined('rsync::put') 1354 | and ($rsync_put_enabled 1355 | or $global_enable)) { 1356 | 1357 | $rsync_put_config = 1358 | hiera_hash("${prefix}${rsync_put_label}", 1359 | $rsync_put_defaults) 1360 | 1361 | create_resources('rsync::put', 1362 | $rsync_put_config) 1363 | } 1364 | 1365 | if(defined('rsync::server::module') 1366 | and ($rsync_server_module_enabled 1367 | or $global_enable)) { 1368 | 1369 | $rsync_server_module_config = 1370 | hiera_hash("${prefix}${rsync_server_module_label}", 1371 | $rsync_server_module_defaults) 1372 | 1373 | create_resources('rsync::server::module', 1374 | $rsync_server_module_config) 1375 | } 1376 | 1377 | if(defined('schedule') 1378 | and ($schedule_enabled 1379 | or $global_enable)) { 1380 | 1381 | $schedule_config = 1382 | hiera_hash("${prefix}${schedule_label}", 1383 | $schedule_defaults) 1384 | 1385 | create_resources('schedule', 1386 | $schedule_config) 1387 | } 1388 | 1389 | if(defined('scheduled_task') 1390 | and ($scheduled_task_enabled 1391 | or $global_enable)) { 1392 | 1393 | $scheduled_task_config = 1394 | hiera_hash("${prefix}${scheduled_task_label}", 1395 | $scheduled_task_defaults) 1396 | 1397 | create_resources('scheduled_task', 1398 | $scheduled_task_config) 1399 | } 1400 | 1401 | if(defined('selboolean') 1402 | and ($selboolean_enabled 1403 | or $global_enable)) { 1404 | 1405 | $selboolean_config = 1406 | hiera_hash("${prefix}${selboolean_label}", 1407 | $selboolean_defaults) 1408 | 1409 | create_resources('selboolean', 1410 | $selboolean_config) 1411 | } 1412 | 1413 | if(defined('selmodule') 1414 | and ($selmodule_enabled 1415 | or $global_enable)) { 1416 | 1417 | $selmodule_config = 1418 | hiera_hash("${prefix}${selmodule_label}", 1419 | $selmodule_defaults) 1420 | 1421 | create_resources('selmodule', 1422 | $selmodule_config) 1423 | } 1424 | 1425 | if(defined('service') 1426 | and ($service_enabled 1427 | or $global_enable)) { 1428 | 1429 | $service_config = 1430 | hiera_hash("${prefix}${service_label}", 1431 | $service_defaults) 1432 | 1433 | create_resources('service', 1434 | $service_config) 1435 | } 1436 | 1437 | if(defined('ssh_authorized_key') 1438 | and ($ssh_authorized_key_enabled 1439 | or $global_enable)) { 1440 | 1441 | $ssh_authorized_key_config = 1442 | hiera_hash("${prefix}${ssh_authorized_key_label}", 1443 | $ssh_authorized_key_defaults) 1444 | 1445 | create_resources('ssh_authorized_key', 1446 | $ssh_authorized_key_config) 1447 | } 1448 | 1449 | if(defined('ssh_key') 1450 | and ($ssh_key_enabled 1451 | or $global_enable)) { 1452 | 1453 | $ssh_key_config = 1454 | hiera_hash("${prefix}${ssh_key_label}", 1455 | $ssh_key_defaults) 1456 | 1457 | create_resources('ssh_key', 1458 | $ssh_key_config) 1459 | } 1460 | 1461 | if(defined('stage') 1462 | and ($stage_enabled 1463 | or $global_enable)) { 1464 | 1465 | $stage_config = 1466 | hiera_hash("${prefix}${stage_label}", 1467 | $stage_defaults) 1468 | 1469 | create_resources('stage', 1470 | $stage_config) 1471 | } 1472 | 1473 | if(defined('tidy') 1474 | and ($tidy_enabled 1475 | or $global_enable)) { 1476 | 1477 | $tidy_config = 1478 | hiera_hash("${prefix}${tidy_label}", 1479 | $tidy_defaults) 1480 | 1481 | create_resources('tidy', 1482 | $tidy_config) 1483 | } 1484 | 1485 | if(defined('user') 1486 | and ($user_enabled 1487 | or $global_enable)) { 1488 | 1489 | $user_config = 1490 | hiera_hash("${prefix}${user_label}", 1491 | $user_defaults) 1492 | 1493 | create_resources('user', 1494 | $user_config) 1495 | } 1496 | 1497 | if(defined('vcsrepo') 1498 | and ($vcsrepo_enabled 1499 | or $global_enable)) { 1500 | 1501 | $vcsrepo_config = 1502 | hiera_hash("${prefix}${vcsrepo_label}", 1503 | $vcsrepo_defaults) 1504 | 1505 | create_resources('vcsrepo', 1506 | $vcsrepo_config) 1507 | } 1508 | 1509 | if(defined('vlan') 1510 | and ($vlan_enabled 1511 | or $global_enable)) { 1512 | 1513 | $vlan_config = 1514 | hiera_hash("${prefix}${vlan_label}", 1515 | $vlan_defaults) 1516 | 1517 | create_resources('vlan', 1518 | $vlan_config) 1519 | } 1520 | 1521 | if(defined('yumrepo') 1522 | and ($yumrepo_enabled 1523 | or $global_enable)) { 1524 | 1525 | $yumrepo_config = 1526 | hiera_hash("${prefix}${yumrepo_label}", 1527 | $yumrepo_defaults) 1528 | 1529 | create_resources('yumrepo', 1530 | $yumrepo_config) 1531 | } 1532 | 1533 | if(defined('zfs') 1534 | and ($zfs_enabled 1535 | or $global_enable)) { 1536 | 1537 | $zfs_config = 1538 | hiera_hash("${prefix}${zfs_label}", 1539 | $zfs_defaults) 1540 | 1541 | create_resources('zfs', 1542 | $zfs_config) 1543 | } 1544 | 1545 | if(defined('zone') 1546 | and ($zone_enabled 1547 | or $global_enable)) { 1548 | 1549 | $zone_config = 1550 | hiera_hash("${prefix}${zone_label}", 1551 | $zone_defaults) 1552 | 1553 | create_resources('zone', 1554 | $zone_config) 1555 | } 1556 | 1557 | if(defined('zpool') 1558 | and ($zpool_enabled 1559 | or $global_enable)) { 1560 | 1561 | $zpool_config = 1562 | hiera_hash("${prefix}${zpool_label}", 1563 | $zpool_defaults) 1564 | 1565 | create_resources('zpool', 1566 | $zpool_config) 1567 | } 1568 | 1569 | 1570 | 1571 | if($class_enabled or $global_enable) { 1572 | $class_config = 1573 | hiera_hash("${prefix}${class_label}", 1574 | $class_defaults) 1575 | 1576 | create_resources('class', 1577 | $class_config) 1578 | } 1579 | 1580 | class { 'hieratic::firewall': 1581 | global_enable => $global_enable, 1582 | firewall_label => "${prefix}${firewall_label}", 1583 | firewall_enabled => $firewall_enabled, 1584 | firewall_defaults => $firewall_defaults, 1585 | firewall_pre_label => "${prefix}${firewall_pre_label}", 1586 | firewall_pre_enabled => $firewall_pre_enabled, 1587 | firewall_pre_defaults => $firewall_pre_defaults, 1588 | firewall_post_label => "${prefix}${firewall_post_label}", 1589 | firewall_post_enabled => $firewall_post_enabled, 1590 | firewall_post_defaults => $firewall_post_defaults, 1591 | } 1592 | 1593 | } 1594 | -------------------------------------------------------------------------------- /metadata.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "tedivm-hieratic", 3 | "version": "0.6.1", 4 | "author": "tedivm", 5 | "summary": "Hieratic allows Puppet Resources to be created directly in Hiera.", 6 | "license": "MIT", 7 | "source": "https://github.com/tedivm/puppet-hieratic", 8 | "project_page": "https://github.com/tedivm/puppet-hieratic", 9 | "issues_url": "https://github.com/tedivm/puppet-hieratic/issues", 10 | "tags": ["hiera", "meta"], 11 | "dependencies": [], 12 | "operatingsystem_support": [ 13 | { 14 | "operatingsystem": "RedHat" 15 | }, 16 | { 17 | "operatingsystem": "CentOS" 18 | }, 19 | { 20 | "operatingsystem": "OracleLinux" 21 | }, 22 | { 23 | "operatingsystem": "Scientific" 24 | }, 25 | { 26 | "operatingsystem": "SLES" 27 | }, 28 | { 29 | "operatingsystem": "Debian" 30 | }, 31 | { 32 | "operatingsystem": "Ubuntu" 33 | }, 34 | { 35 | "operatingsystem": "AIX" 36 | }, 37 | { 38 | "operatingsystem": "Mac" 39 | }, 40 | { 41 | "operatingsystem": "Windows" 42 | } 43 | ], 44 | "requirements": [ 45 | { 46 | "name": "pe", 47 | "version_requirement": "3.x" 48 | }, 49 | { 50 | "name": "puppet", 51 | "version_requirement": "3.x" 52 | } 53 | ] 54 | } -------------------------------------------------------------------------------- /resources/createblock.tmpl: -------------------------------------------------------------------------------- 1 | if(defined('$type') 2 | and ($$${type_delimited}_enabled 3 | or $$global_enable)) { 4 | 5 | $$${type_delimited}_config = 6 | hiera_hash("$${prefix}$${${type_delimited}_label}", 7 | $$${type_delimited}_defaults) 8 | 9 | create_resources('$type', 10 | $$${type_delimited}_config) 11 | } 12 | -------------------------------------------------------------------------------- /resources/header.tmpl: -------------------------------------------------------------------------------- 1 | # == Class: hieratic 2 | # 3 | # Hieratic allows Puppet Resources to be created directly in Hiera. 4 | # 5 | # === Parameters 6 | # 7 | # [*global_enable*] 8 | # Defaults to true. With this on all resources are exposed through Hiera. 9 | # For granular control set this to false and manually enable specific 10 | # resource types. 11 | # 12 | # [*prefix*] 13 | # Defaults to ''. This string gets added to all of the various `TYPE_label` 14 | # keys in hiera. 15 | # 16 | # [*TYPE_enable*] 17 | # Defaults to true. With this on all resources are exposed through Hiera. 18 | # 19 | # [*TYPE_label*] 20 | # Defaults to the name of the type. This defines the top level hiera variable 21 | # name to use when defining values of this type. 22 | # 23 | # [*TYPE_defaults*] 24 | # Defaults to and empty array. This allows default values to be set for each 25 | # resource type. 26 | # 27 | # === Examples 28 | # 29 | # include hieratic 30 | # 31 | # class { 'hieratic': 32 | # global_enable => false, 33 | # class_enable => true, 34 | # class_label => 'classes', 35 | # file_enable => true, 36 | # } 37 | # 38 | # === Authors 39 | # 40 | # Robert Hafner 41 | # 42 | # === Copyright 43 | # 44 | # Copyright 2015 Robert Hafner 45 | # 46 | -------------------------------------------------------------------------------- /resources/parameters.tmpl: -------------------------------------------------------------------------------- 1 | $$${type_delimited}_label = 2 | '${type_delimited}', 3 | $$${type_delimited}_defaults = {}, 4 | $$${type_delimited}_enabled = false, 5 | -------------------------------------------------------------------------------- /resources/typelist.txt: -------------------------------------------------------------------------------- 1 | augeas 2 | computers 3 | cron 4 | exec 5 | file 6 | file_line 7 | filebucket 8 | group 9 | host 10 | interface 11 | k5login 12 | macauthorization 13 | mailalias 14 | maillist 15 | mcx 16 | mount 17 | nagios_command 18 | nagios_contact 19 | nagios_contactgroup 20 | nagios_host 21 | nagios_hostdependency 22 | nagios_hostescalation 23 | nagios_hostextinfo 24 | nagios_hostgroup 25 | nagios_service 26 | nagios_servicedependency 27 | nagios_serviceescalation 28 | nagios_serviceextinfo 29 | nagios_servicegroup 30 | nagios_timeperiod 31 | notify 32 | package 33 | resources 34 | router 35 | schedule 36 | scheduled_task 37 | selboolean 38 | selmodule 39 | service 40 | ssh_authorized_key 41 | ssh_key 42 | stage 43 | tidy 44 | user 45 | vlan 46 | yumrepo 47 | zfs 48 | zone 49 | zpool 50 | acl 51 | apache::balancer 52 | apache::balancermember 53 | apache::listen 54 | apache::mod 55 | apache::namevirtualhost 56 | apache::vhost 57 | apt::builddep 58 | apt::conf 59 | apt::hold 60 | apt::force 61 | apt::key 62 | apt::pin 63 | apt::ppa 64 | apt::source 65 | git::config 66 | ini_setting 67 | ini_subsetting 68 | java_ks 69 | concat 70 | concat::fragment 71 | mysql_database 72 | mysql_user 73 | mysql_grant 74 | mysql_plugin 75 | postgresql::server::config_entry 76 | postgresql::server::db 77 | postgresql::server::database 78 | postgresql::server::database_grant 79 | postgresql::server::extension 80 | postgresql::server::pg_hba_rule 81 | postgresql::server::pg_ident_rule 82 | postgresql::server::role 83 | postgresql::server::schema 84 | postgresql::server::table_grant 85 | postgresql::server::tablespace 86 | postgresql::validate_db_connection 87 | postgresql_psql 88 | postgresql_replication_slot 89 | postgresql_conf 90 | registry::value 91 | rsync::get 92 | rsync::put 93 | rsync::server::module 94 | vcsrepo -------------------------------------------------------------------------------- /spec/classes/init_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | describe 'hieratic' do 3 | 4 | context 'with defaults for all parameters' do 5 | it { should contain_class('hieratic') } 6 | end 7 | end 8 | -------------------------------------------------------------------------------- /spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | require 'puppetlabs_spec_helper/module_spec_helper' 2 | -------------------------------------------------------------------------------- /src/generate.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import os 4 | import string 5 | import subprocess 6 | import sys 7 | import tempfile 8 | 9 | current_dir = os.path.dirname(os.path.realpath(__file__)) 10 | resource_dir = os.path.normpath(current_dir + '/../resources/') + '/' 11 | 12 | puppet_types = [line.strip() for line in open(resource_dir + 'typelist.txt')] 13 | puppet_types.sort() 14 | 15 | f = open(resource_dir + 'parameters.tmpl') 16 | parameter_tmpl = string.Template(f.read()) 17 | f.close() 18 | 19 | f = open(resource_dir + 'createblock.tmpl') 20 | typedef_tmpl = string.Template(f.read()) 21 | f.close() 22 | 23 | f = open(resource_dir + 'header.tmpl') 24 | hieratic_class = f.read() 25 | f.close() 26 | 27 | hieratic_class += """\nclass hieratic ( 28 | $global_enable = true, 29 | $prefix = '', 30 | $firewall_label = 'firewall', 31 | $firewall_enabled = false, 32 | $firewall_defaults = {}, 33 | $firewall_pre_label = 'firewall_pre', 34 | $firewall_pre_enabled = false, 35 | $firewall_pre_defaults = {}, 36 | $firewall_post_label = 'firewall_post', 37 | $firewall_post_enabled = false, 38 | $firewall_post_defaults = {}, 39 | $class_label = 40 | 'class', 41 | $class_defaults = {}, 42 | $class_enabled = false, 43 | """ 44 | 45 | for puppet_type in puppet_types: 46 | hieratic_class += parameter_tmpl.substitute(type=puppet_type, type_delimited=puppet_type.replace('::', '_')) 47 | 48 | hieratic_class += ") {\n\n" 49 | 50 | for puppet_type in puppet_types: 51 | hieratic_class += typedef_tmpl.substitute(type=puppet_type, type_delimited=puppet_type.replace('::', '_')) + "\n" 52 | 53 | hieratic_class += """ 54 | 55 | if($class_enabled or $global_enable) { 56 | $class_config = 57 | hiera_hash("${prefix}${class_label}", 58 | $class_defaults) 59 | 60 | create_resources('class', 61 | $class_config) 62 | } 63 | 64 | class { 'hieratic::firewall': 65 | global_enable => $global_enable, 66 | firewall_label => "${prefix}${firewall_label}", 67 | firewall_enabled => $firewall_enabled, 68 | firewall_defaults => $firewall_defaults, 69 | firewall_pre_label => "${prefix}${firewall_pre_label}", 70 | firewall_pre_enabled => $firewall_pre_enabled, 71 | firewall_pre_defaults => $firewall_pre_defaults, 72 | firewall_post_label => "${prefix}${firewall_post_label}", 73 | firewall_post_enabled => $firewall_post_enabled, 74 | firewall_post_defaults => $firewall_post_defaults, 75 | } 76 | 77 | }""" 78 | 79 | 80 | # puppet-lint only works on files, so we write it to temp and return the result. 81 | #f = tempfile.NamedTemporaryFile() 82 | #f.write(hieratic_class) 83 | #devnull = open(os.devnull, 'w') 84 | #subprocess.call(['puppet-lint',f.name,'--fix'], stdout=devnull, stderr=devnull ) 85 | #f.seek(0) 86 | #hieratic_class = f.read() 87 | #f.close() 88 | 89 | 90 | print hieratic_class 91 | -------------------------------------------------------------------------------- /tests/init.pp: -------------------------------------------------------------------------------- 1 | # The baseline for module testing used by Puppet Labs is that each manifest 2 | # should have a corresponding test manifest that declares that class or defined 3 | # type. 4 | # 5 | # Tests are then run by using puppet apply --noop (to check for compilation 6 | # errors and view a log of events) or by fully applying the test in a virtual 7 | # environment (to compare the resulting system state to the desired state). 8 | # 9 | # Learn more about module testing here: 10 | # http://docs.puppetlabs.com/guides/tests_smoke.html 11 | # 12 | include hieratic 13 | --------------------------------------------------------------------------------