Classes
isp3node: Set up requirements for running as ISPConfig managed server roleisp3node::base: Provieds the base installation required for all ISPConfig server nodesisp3node::base::hosts: Manages a nodes hosts entriesisp3node::base::puppet: Configure base requirements for ispconfig node management with puppetisp3node::base::shell: Changes the systems default shellisp3node::base::software: Install software as required to be available on ispconfig nodesisp3node::base::ssl: Manage the servers local main ssl certificateisp3node::bind: Install and configure BIND DNS Serverisp3node::bind::setup: Install BIND DNS Serverisp3node::dovecot: Install and configure Dovecot Serverisp3node::dovecot::rspamd: Setup RSpamd service with web dashboardisp3node::dovecot::setup: Install Dovecot Mailbox Serverisp3node::dovecot::ssl: Configure Dovecot to use local managed SSL Certificatesisp3node::fail2ban: Install and manage fail2ban on the server nodeisp3node::fail2ban::setup: Setup fail2ban on the future ISPConfig server nodeisp3node::jailkit: Install and configure Jailkit on the hostisp3node::jailkit::setup: Install the current version of Jailkit on the hostisp3node::mailman: Setup mailman mailing list software on the hostisp3node::mailman::config::nginx: Configure nginx locations for mailman accessisp3node::mailman::configure: Configure mailman on the hostisp3node::mailman::setup: Install mailman on the hostisp3node::mariadb: Install and configure MariaDB on the hostisp3node::mariadb::configuration: Configure mariadb for ispconfigisp3node::mariadb::connect_master: Connects instances to the ISPConfig Master Databaseisp3node::mariadb::setup:isp3node::nginx: Setup and configure nginxisp3node::nginx::automail: A short summary of the purpose of this classisp3node::nginx::defaulthost: Set up a default page on hosts FQDNisp3node::nginx::ispproxyhost: Defaultpage location for ISPConfigisp3node::nginx::setup: Installs nginxisp3node::php: Install and configure PHPisp3node::php::setup: Install and configure PHP on the hostisp3node::phpmyadmin: Setup phpMyAdminisp3node::phpmyadmin::config::nginx: Add nginx locations to access phpMyAdminisp3node::phpmyadmin::setup: Setup phpMyAdminisp3node::postfix: Setup Postfix on the hostisp3node::postfix::satellite: Set up this host as postfix satelliteisp3node::postfix::setup: Setup postfix mail service on this hostisp3node::postfix::ssl: Configure Postfix SSL Scriptisp3node::postfix::standalone: Setup this host as standalone postfix MTAisp3node::profile::dns: Configuration profile for standalone ISP3 Bind DNS serverisp3node::profile::full: Setup this host with all packages for ISPConfig as single server nodeisp3node::profile::mail: Configuration profile for standalone ISP3 mail server feat. postfix and dovecot with rspamd optional with mailman ran under additional minimaisp3node::profile::master: ISPConfig Node Profile for running as multiserver master with panel Will manage minimum required nginx, php and mariadb along with SSL certifisp3node::profile::web: Configure node for usage as ISP3 Webserver Node with apache2 or nginx public listening mariadb multiple php installations with all suggestedisp3node::pureftpd: Install and configure pureftpd on this hostisp3node::pureftpd::config: Configure pureftpd on this host for SSL and ISPConfigisp3node::pureftpd::setup: Install pureftpdisp3node::quota: Setup Quota on this hostisp3node::quota::config: Configures quotaisp3node::quota::setup: Installs packages required for user quotaisp3node::redis: Install a local redis server on this hostisp3node::roundcube: Install and configure Roundcube webmail on this hostisp3node::roundcube::config: Configure Roundcube Webmailisp3node::roundcube::plugins: A short summary of the purpose of this classisp3node::roundcube::setup: Install Roundcube webmail from package managementisp3node::webstats: Install Webstat toolsisp3node::webstats::setup: Install webstat tools to the server
Defined types
isp3node::nginx::startpageentry:isp3node::phpmyadmin::pmanode: == Class: phpmyadmin::servernode Defines a server usable to phpmyadmin. Can either use exported resources or as a defined resource === Para
From a range of different predefined roles it installs and configures all required software regarding to latest howtoforge perfect server tutorials but does not install ISPConfig itself.
include isp3node # role is 'master' or taken from hiera isp3node::roleThe following parameters are available in the isp3node class.
Data type: Enum['full', 'master', 'dns', 'web', 'mail']
The role of the current server in your server setup
Default value: 'master'
Provieds the base installation required for all ISPConfig server nodes
include isp3node::baseThe following parameters are available in the isp3node::base class.
Data type: Optional[Array[String]]
If using Lets Encrypt, commands that need to be executed after deployment of renewed certificates. E.g. restarting a server service
Default value: undef
Adds the node itself, all other managed nodes and additional entries from hiera to the hosts file
include isp3node::base::hostnameclass{'isp3node::base::hostname': entries => {'my-host-name': {ensure => present, ip => '1.2.3.4'}}}The following parameters are available in the isp3node::base::hosts class.
Data type: String
The servers hostname, defaults to facter
Default value: lookup('isp3node::base::hostname', String, undef, $facts['networking']['hostname'])
Data type: String
The servers domain name, defaults to facter
Default value: lookup('isp3node::base::domain', String, undef, $facts['networking']['domain'])
Data type: String
The servers main IP address, defaults to facter
Default value: lookup('isp3node::base::ip', String, undef, $facts['ipaddress'])
Data type: Optional[Hash[String, Hash]]
Hash of additional entries to add to the hostsfile
Default value: {}
Creates a local folder to create lockfiles for certain configuration steps
Changes the default shell to bash, as required for ispconfig
include isp3node::base::shellBeside requirements for ISPC, can further install administrative stuff like default editors
include isp3node::base::softwareThe following parameters are available in the isp3node::base::software class.
Data type: Array[String]
Required packages as suggested by perfect server setup
Data type: Optional[Array[String]]
Additional packages to install on all systems, e.g. preferred editor
Default value: []
Place the certificate from hiera to a known location or obtain from Lets Encrypt and create symlinks. Further replace SSL key and cert of ISPConfig as soon as it is installed. For Lets Encrypt, a list of renewal jobs can be registered to execute e.g. service reloads after certificate renewals.
include isp3node::base::sslThe following parameters are available in the isp3node::base::ssl class.
Data type: Integer
Bitsize of the DH Params file
Default value: 2048
Data type: Optional[Boolean]
Obtain certificate from letsencrypt
Default value: true
Data type: Optional[Array[String]]
Commands to execute after each successful LE certificate deployment
Default value: ['systemctl restart postfix']
Data type: Optional[String]
Mail address for notifications from LE CA
Default value: lookup('isp3node::email', undef, undef, undef)
Data type: Optional[String]
Certificate, if LE is not used
Default value: undef
Data type: Optional[String]
CA Cert, if LE is not used
Default value: undef
Data type: Optional[String]
Private Key, if LE is not used
Default value: undef
Install and configure BIND DNS Server
include isp3node::bindInstalls the current BIND DNS Server from package repository and automatically adds a special daemon for enhanced system entropy (required for DNSSEC) on virtualized nodes.
include isp3node::bind::setupThe following parameters are available in the isp3node::bind::setup class.
Data type: Array[String]
Package list to install for BIND
Data type: Array[String]
Packages to install for enhanced system entropy
Data type: String
Name of the entropy daemon to ensure running
Data type: Optional[Boolean]
Boost entropy on physical server, too (irrelevant on VMs, entropy is forcibly installed there!)
Default value: false
Installs and configures a dovecot Mailbox server along with RSpamd
include isp3node::dovecotInstalls and configures RSpamd Further adds a nginx location at '/rspamd/' on the servers FQDN to access the dashboard The dashboards access password is not managed by puppet, as it should be set in ispconfig later
include isp3node::dovecot::rspamdThe following parameters are available in the isp3node::dovecot::rspamd class.
Data type: Hash
Configuration for rspamd
Data type: Optional[String]
Package to install as local nameserver. Set to undef if there is already another nameserver present on the system.
Default value: undef
Install Dovecot Mailbox Server
include isp3node::dovecot::setupThe following parameters are available in the isp3node::dovecot::setup class.
Data type: Array[String]
dovecot main packages for setting up with ISPConfig
Data type: Array[String]
Additional Required packages for setting up with ISPConfig
Configure Dovecot to use local managed SSL Certificates
include isp3node::dovecot::sslInstall and manage fail2ban on the server node
include isp3node::fail2banInstalls fail2ban on the host and enables jails as given in the parameters
include isp3node::fail2ban::setupThe following parameters are available in the isp3node::fail2ban::setup class.
Data type: Array[String]
Predefined jails to apply to f2b, see list: https://forge.puppet.com/puppet/fail2ban/readme#pre-defined-jails
Data type: Hash[String, Array[String]]
Jails to apply if the services are installed on the node (see fact isp3node::[servicename]::installed)
Data type: Optional[Hash[String, Hash]]
Custom jail definitions to apply to f2b
Default value: {}
Data type: Optional[Hash[String, Hash[String, Hash]]]
Custom jail definitions to apply if the service is installed (see fact isp3node::[servicename]::installed)
Default value: {}
Install and configure Jailkit on the host
include isp3node::jailkitDownloads the sourcecode archive, builds and installs the deb package
include isp3node::jailkit::setupThe following parameters are available in the isp3node::jailkit::setup class.
Data type: Array[String]
Packages required to build the software
Data type: String
source url to download the {file}
Data type: String
Filename to download from the {source}
Data type: String
Expected checksum of the file
Data type: String
Hash type of the checksum
Data type: String
Folder under /tmp/ that will be created by extracting the archive
Installs and configures mailman along with required nginx locations Further adds links to mailman and list archives to the servers default page
include isp3node::mailmanAdds locations /cgi-bin/mailman and /pipermail to the hosts FQDN host for access to the mailinglist software and public list archives
include isp3node::mailman::config::nginxCreate the admin list 'mailman' and add required system mail aliases
include isp3node::mailman::configureThe following parameters are available in the isp3node::mailman::configure class.
Data type: String
Email to authenticate as mail list admin
Data type: String
Password to authenticate as mail list admin
Install mailman on the host
include isp3node::mailman::setupThe following parameters are available in the isp3node::mailman::setup class.
Data type: Array[String]
Required packages to install
Install, configure and secure MariaDB on this host. Further exports a ISPROOT user from each non-master node to be collected on the master node, which automatically adds them with permission to dbispconfig.*
include isp3node::mariadbThe following parameters are available in the isp3node::mariadb class.
Data type: String
Password to set for user root
Data type: Boolean
Listen on public IP or bind to 127.0.0.1
Default value: false
Enable passwordless login for root user and system config scripts with ispconfig
include isp3node::mariadb::configurationThe following parameters are available in the isp3node::mariadb::configuration class.
Data type: Any
DB root user password in cleartext
If this instance is a slave node, this class exports a mariadb user to be created on the master and be used during ISPConfig install and update
If it is the master, it realizes all exported users for creation
include isp3node::mariadb::connect_masterThe following parameters are available in the isp3node::mariadb::connect_master class.
Data type: String
username to add to the master DB for access from this host DO NOT USE root, this resource is already defined in mysql core setup and will cause puppet to fail. Beside that, do you want a privileged user root with external access?
Data type: String
Password for authentication to master servers database
Data type: String
Default value: 'isp3node-masterdb-slave'
The isp3node::mariadb::setup class.
The following parameters are available in the isp3node::mariadb::setup class.
Data type: String
Data type: Boolean
Data type: Optional[Array[String]]
Default value: []
Installs nginx and configures required settings for ISPConfig along with a default page on the hosts FQDN having links to public interfaces like Webmail
include isp3node::nginxA description of what this class does
include isp3node::nginx::automailThe following parameters are available in the isp3node::nginx::automail class.
Data type: String
Data type: String
Default value: undef
Data type: String
Default value: undef
Data type: String
Default value: $facts['fqdn']
Data type: String
Default value: $facts['domain']
Places a default startpage on the hosts FQDN containing links to tools for the customers like mailman, webmail, phpmyadmin or ispconfig. RSpamd is not listed as link, because usually not ment for public access.
include isp3node::nginx::defaulthostAdds a location to the defaultpage to access ISPConfig at /cp/ Only on the master node, because all other hosts aren't allowed to reverse proxy to ISPConfig
include isp3node::nginx::ispproxyhostInstalls nginx Webserver with some required configuration for ISPConfig and ensures nginx is running while checking Apache to be stopped
include isp3node::nginx::setupThe following parameters are available in the isp3node::nginx::setup class.
Data type: Hash
Required settings to configure for ISPConfig
Install and configure the default PHP version on the host applying a defined set of extensions, modules and features
include isp3node::phpThe following parameters are available in the isp3node::php class.
Data type: Optional[String]
Defined config set to apply on the node
Default value: undef
Install PHP with a given set of packages, extensions, features and system settings
include isp3node::php::setupThe following parameters are available in the isp3node::php::setup class.
Data type: String
PHP Version to install and manage
Data type: Optional[String]
The configuration set to manage on this host
Default value: undef
Data type: Hash[String, Struct[{ Optional[packages] => Array[String], Optional[extensions] => Hash[String, Hash], Optional[features] => Array[Enum['fpm', 'dev', 'composer', 'pear', 'phpunit']], Optional[settings] => Hash[String, Any] }]]
Config sets defining system packages, extensions and features managed on all isp nodes and on special ones like webserver
Install phpMyAdmin and configure required nginx settings to access the database explorer on FQDN/phpmyadmin Also add the link to the default page on this host
include isp3node::phpmyadminThe following parameters are available in the isp3node::phpmyadmin class.
Data type: Boolean
Default value: false
Add nginx locations to access phpMyAdmin
include isp3node::phpmyadmin::config::nginxThe following parameters are available in the isp3node::phpmyadmin::config::nginx class.
Data type: Any
Socket to use for PHP-FPM connection
Default value: '127.0.0.1:9000'
A description of what this class does
include isp3node::phpmyadmin::setupThe following parameters are available in the isp3node::phpmyadmin::setup class.
Data type: Boolean
Set up a PMA web frontend or just list the server on other frontends
Data type: Hash
Source URL to download latest PMA release
Data type: String
Data type: String
Data type: String
Data type: String
Default value: '/usr/share/phpmyadmin/config.inc.php'
Install postfix either as standalone mail transfer agent or satellite system relaying to another postfix and manage its configured ssl certificates
include isp3node::postfixThe following parameters are available in the isp3node::postfix class.
Data type: Enum['standalone', 'satellite']
Run this postfix standalone or as satellite
Default value: 'standalone'
Set up this host as postfix satellite
include isp3node::postfix::satelliteThe following parameters are available in the isp3node::postfix::satellite class.
Data type: String
Hostname of Mail Relay server that will accept forwards from this host
Setup postfix mail service on this host
include isp3node::postfix::setupThe following parameters are available in the isp3node::postfix::setup class.
Data type: Hash
Options to apply to the postfix class in addition to hardcoded default options
Data type: Hash
Additional options beside optional configuration via $opions, that are required by ispconfigs server setup
Default value: {}
Data type: Optional[Hash]
Additional options that are required, if this host is set up with mailman
Default value: {}
Data type: Optional[Array[String]]
Additional software to install after installing and configuring postfix
Default value: []
Data type: Hash
Default value: {}
Data type: Hash
Default value: {}
Points postfix ssl configuration to the local installed ssl certificate If managed through hiera instead of obtained via LE, also adds a subscription to the certificate file for postfix service restart
include isp3node::postfix::sslSetup this host as standalone postfix MTA
include isp3node::postfix::standaloneThe following parameters are available in the isp3node::postfix::standalone class.
Data type: Hash
Additional options to add to the postifx setup
Data type: String
Textblock to write as subnission-block into master.cf
Data type: String
Textblock to write as smtps block into master.cf
Configuration profile for standalone ISP3 Bind DNS server
Setup this host with all packages for ISPConfig as single server node
Configuration profile for standalone ISP3 mail server feat. postfix and dovecot with rspamd optional with mailman ran under additional minimal nginx manages SSL certificates for services (optional obtained from LE)
ISPConfig Node Profile for running as multiserver master with panel Will manage minimum required nginx, php and mariadb along with SSL certificate (optional obtained from LE)
Configure node for usage as ISP3 Webserver Node with apache2 or nginx public listening mariadb multiple php installations with all suggested packages phpmyadmin webmail jailkit managed ssl certificate for hostname fqdn (optional from LE)
Install and configure pureftpd on this host
include isp3node::pureftpdConfigure pureftpd on this host for SSL and ISPConfig
include isp3node::pureftpd::configThe following parameters are available in the isp3node::pureftpd::config class.
Data type: Integer[0, 2]
Enable ftp daemon to offer tls connections: 0->off; 1->on; 2->tls only
Installs required packages and ensures, the pureftpd service is running
include isp3node::pureftpd::setupThe following parameters are available in the isp3node::pureftpd::setup class.
Data type: Array[String]
Setup Quota on this host
include isp3node::quotaAdds required quota options to fstab and initially enables user quota on the system
include isp3node::quota::configThe following parameters are available in the isp3node::quota::config class.
Data type: String
Mountpoint in fstab to set quota on
Data type: Array[String]
Mount options to apply to this mountpoint. Defaults to minimum options for system partition + required opts for quota
Installs packages required for user quota
include isp3node::quota::setupThe following parameters are available in the isp3node::quota::setup class.
Data type: Array[String]
Install a local redis server on this host
include isp3node::redisInstall and configure Roundcube webmail on this host
include isp3node::roundcubeConfiures basic settings in Roundcubes config file and adds required locations to nginx FQDN host to access Webmail at /roundcube and /webmail Further adds a Link to webmail to the default server startpage
include isp3node::roundcube::configA description of what this class does
include isp3node::roundcube::plugin::ispconfigThe following parameters are available in the isp3node::roundcube::plugins class.
Data type: Array
Data type: String
Data type: Array
Data type: Array[String]
Default value: []
Data type: String
Default value: Undef
Data type: String
Default value: Undef
Data type: String
Default value: lookup('isp3node::master')
Install Roundcube webmail from package management
include isp3node::roundcube::setupThe following parameters are available in the isp3node::roundcube::setup class.
Data type: Array[String]
List of required packages for Roundcube
Installs Webalizer and AWStats as required for ISPConfig webservers
include isp3node::webstatsInstalls common required packages along with packages required for Webstats and AWStats
include isp3node::webstats::setupThe following parameters are available in the isp3node::webstats::setup class.
Data type: Array[String]
Common required packages
Data type: Array[String]
Software required for webalizer
Data type: Array[String]
Software required for awstats
System path to awstats cronfile, will be cleared as ISPConfig triggers updates itself
Data type: Boolean
Install Webalizer or not
Default value: true
Data type: Boolean
Install AWStats or not
Default value: true
Data type: String
The isp3node::nginx::startpageentry class.
The following parameters are available in the isp3node::nginx::startpageentry defined type.
Data type: String
Data type: String
Data type: Optional[Integer[20, 40]]
Default value: 30
== Class: phpmyadmin::servernode
Defines a server usable to phpmyadmin. Can either use exported resources or as a defined resource
=== Parameters [myserver_name] What to name the server and use for accessing it in phpmyadmin. This can be set to an ip address, hostname or fqdn. It default to the defined resource name [server_group] If used as a defined resource, this will be used to select which servers to install for a specific phpmyadmin instance. [verbose_name] The name which will appear in the list of servers (default: $name) [hide_db] A regex describing the database names to hide (default: '')
=== Examples
phpmyadmin::servernode { "${::fqdn}": myserver_name => $::fqdn, server_group => 'default', }
@@phpmyadmin::servernode { "${::fqdn}": server_group => 'default', }
=== Authors
Justice London jlondon@syrussystems.com
=== Copyright
Copyright 2013 Justice London, unless otherwise noted.
The following parameters are available in the isp3node::phpmyadmin::pmanode defined type.
Data type: Any
Data type: Any
Data type: Any
Data type: Any
Data type: Any
Default value: $name
Data type: Any
Default value: $name
Data type: Any
Default value: ''