tscopp

tscopp

8,192 downloads

6,047 latest version

3.9 quality score

Version information

  • 0.2.2 (latest)
  • 0.2.1
  • 0.2.0
  • 0.1.9
  • 0.1.8
  • 0.1.7
  • 0.1.6
  • 0.1.5
  • 0.1.3
  • 0.1.2
  • 0.1.1
  • 0.1.0
released Apr 7th 2016
This version is compatible with:
  • Puppet Enterprise >= 3.0.0 < 2015.4.0
  • Puppet >= 3.0.0 < 5.0.0
  • Ubuntu

Start using this module

Documentation

tscopp/jss — version 0.2.2 Apr 7th 2016

JSS

This module will install an configure the JAMF Software JSS web application and supporting database services. See www.github.com/tscopp/puppet-jss for vagrant environments and further documentation.

Before the module will function you must download the JSSInstaller.zip from JAMFNation, extract it, and place the ROOT.war in the ${puppet}/modules/jss/files/ directory.

At present clustering is limited to a maximum of two nodes.

TL;DR

puppet module install tscopp-jss cp ROOT.war modules/jss/files/

Single Context

node default{ jss::context{'production': ensure => present, firewall => true, } jss::db{'production': ensure => present, firewall => true, } }

http://${ip}:8080/production

Multi-Context

node default{ jss::context{'production': ensure => present, firewall => true, } jss::db{'production': ensure => present, firewall => true, } jss::context{'development': ensure => present, firewall => true, } jss::db{'development': ensure => present, firewall => true, } }

http://${ip}:8080/production, http://${ip}/development

Clustered

node jss01{ jss::context{'jssprod01': ensure => present, context => 'production', db_user => 'jamfsoftware', db_passwd => 'jamfsw03', } } node jss02 { jss::context{'jssprod02': ensure => present, context => 'production', db_user => 'jamfsoftware', db_passwd => 'jamfsw03', } } node db { jss::db{'production': ensure => present, db_user => 'jamfsoftware', db_passwd => 'jamfsw03', jss_addr => '192.168.56.101', } }

SSL

Currently SSL and NonSSL hosts can NOT exist on the same tomcat instance. If you'd like SSL certs you should create a keystore:

keytool -genkeypair -alias tomcat -keyalg RSA -keysize 2048 -validity 365 -keystore ~/keystore.jks

Create a CSR:

keytool -certreq -keyalg RSA -alias tomcat -keystore ~/keystore.jks

Sign the CSR in the JSS web interface. Download the ca.pem, and the signed webcert. Add them to the keystore:

keytool -import -alias root -keystore ~/keystore.jks trustcacerts -file ~/Downloads/ca.pem

keytool -import -alias tomcat -keystore ~/keystore.jks trustcacerts -file ~/Downloads/webcert.pem

Move keystore.jks to the modules/jss/files/ and add the following to the desired node: node default { jss::context{'production': ensure => present, api => false, firewall => true, db_user => 'produser', db_passwd => 'prodpw', keystoreFile => '/var/lib/tomcat7/keystore.jks', keystorePass => 'keystorepass', https => true, } jss::db{'production': ensure => present, context => 'production', firewall => true, } File{'keystore': ensure => present, path => '/var/lib/tomcat7/keystore.jks', source => 'puppet:///modules/jss/keystore.jks', owner => 'tomcat7', group => 'tomcat7', mode => '0600', } }

All parameters

Don't specify all the paramters at once, this section is merely for reference.

node default{ jss::context{'super_mega_broken' ensure='present', api=true, context = $title, db_addr='localhost', db_port='3306', db_user="${title}user", db_passwd="${title}pw", db_min_pool='5', db_max_pool='90', firewall=true, http=true, http_port='8080', http_proxy_port='8443', https=false, https_port='8443', keystore_path='/var/lib/tomcat7/keystore.jks', keystore_pass='', loadbalanced=false, log_path='/var/lib/tomcat7/logs', tomcat_dir='/var/lib/tomcat7', tomcat_max_threads='450', user_enrollment=true, war='ROOT.war' } jss::db{'super_mega_broken': ensure='present' context=$title, db_addr='localhost', db_name='jamfsoftware', db_user="${title}user", db_passwd="${title}pw", db_port='3306', db_root_passwd='supersecure', firewall=true, jss_addr='localhost', tomcat_dir='/var/lib/tomcat7', } }

Firewall

By default the firewall will allow:

  • 22 on all nodes
  • 3306 on the database nodes -- to only the $jss_addr address or % if not specified
  • 8080 and 8443 on the JSS nodes.

License

Apache 2.0

Contact

tscopp@berkeley.edu