Created
March 20, 2012 21:52
-
-
Save toddb/2141681 to your computer and use it in GitHub Desktop.
Puppet Teamcity script - straightforward, non-modularised & procedural
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class teamcity { | |
| @package{ [ "java-1.6.0-openjdk", "wget", "tar", "gzip" ]: | |
| ensure => installed, | |
| } | |
| $src="http://download.jetbrains.com/teamcity/TeamCity-7.0.tar.gz" | |
| $username="teamcity" | |
| $installdir="/opt" | |
| $appdir="$installdir/TeamCity" | |
| $tmp="/var/tmp/teamcity.tar.gz" | |
| $run="$appdir/bin/runAll.sh" | |
| # Download, if needed (creates determines this) | |
| # proxy -- see https://github.com/liquidstate/puppet-wget/blob/master/manifests/init.pp | |
| exec { "wget-$name": | |
| command => "/usr/bin/wget --no-clobber --output-document=$tmp $src", | |
| creates => $tmp, | |
| user => $username, | |
| } | |
| # extract and move files, only if already not there (creates determines this) | |
| exec { "tar-$name": | |
| command => "/bin/tar xfz $tmp", | |
| cwd => $installdir, | |
| user => $username, | |
| creates => $run, | |
| } | |
| # setup user:group teamcity:teamcity on installation | |
| group { $username: | |
| ensure => present, | |
| } | |
| user { $username: | |
| membership => inclusive, | |
| groups => ["$username"], | |
| comment => "'Teamcity service account created by Puppet'", | |
| } | |
| file {"/opt/teamcity": | |
| ensure => directory, | |
| owner => $username, | |
| group => $username, | |
| # mode => 644, | |
| recurse => true, | |
| require => [ user[$username], group[$username]] | |
| } | |
| # setup the firewall on http ports for server and agent | |
| iptables::http { "8111": } # server | |
| iptables::http { "8090": } # default agent | |
| # start teamcity in a non-daemon mode under teamcity | |
| exec { $name: | |
| command => "$run start", | |
| user => $username | |
| } | |
| } | |
| class iptables { | |
| # Only add outgoing and incoming rule if it doesn't already exist | |
| # see Puppet Cookbook pp.222-231 for longer-term solution | |
| # see http://www.waltercedric.com/index.php/all-my-hobbies/352-linux/2007-restrictive-iptables-based-firewall-for-webserver-script | |
| define http($if="eth0"){ | |
| exec { "iptables $if incoming $name": | |
| command => "/sbin/iptables -A INPUT -i $if -p tcp --dport $name -m state --state NEW,ESTABLISHED -j ACCEPT", | |
| unless => "/sbin/iptables -L INPUT -v | grep $if | grep 'tcp dpt:$name state NEW,ESTABLISHED'", | |
| } | |
| exec { "iptables $if outgoing $name": | |
| command => "/sbin/iptables -A OUTPUT -o $if -p tcp --sport $name -m state --state ESTABLISHED -j ACCEPT", | |
| unless => "/sbin/iptables -L OUTPUT -v | grep $if | grep 'tcp spt:$name state ESTABLISHED'", | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment