diff options
author | Micah Anderson <micah@riseup.net> | 2017-11-28 11:35:01 -0500 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2017-11-28 11:35:01 -0500 |
commit | 0d251e2ceddd3e02ed8bba8725830689dbdd1397 (patch) | |
tree | 37d7096d9e458ca1e6431dff8a2f571553011c44 /puppet/modules/site_config | |
parent | 93a181d44e2d8163ae44945aac1b6477e268170d (diff) | |
parent | bf6c56d86c7ba45e7ca766d990a9e9162025e5ac (diff) |
Merge tag 'refs/tags/0.10.0' into stable
Release 0.10.0
Diffstat (limited to 'puppet/modules/site_config')
10 files changed, 64 insertions, 40 deletions
diff --git a/puppet/modules/site_config/lib/facter/vagrant.rb b/puppet/modules/site_config/lib/facter/vagrant.rb new file mode 100644 index 00000000..29a218dd --- /dev/null +++ b/puppet/modules/site_config/lib/facter/vagrant.rb @@ -0,0 +1,8 @@ +# Checks if systems runs inside vagrant +require 'facter' + +Facter.add(:vagrant) do + setcode do + FileTest.exists?('/vagrant') + end +end diff --git a/puppet/modules/site_config/manifests/files.pp b/puppet/modules/site_config/manifests/files.pp index d2ef8a98..e74ad567 100644 --- a/puppet/modules/site_config/manifests/files.pp +++ b/puppet/modules/site_config/manifests/files.pp @@ -3,10 +3,10 @@ class site_config::files { file { '/srv/leap': - ensure => directory, - owner => 'root', - group => 'root', - mode => '0711'; + ensure => directory, + owner => 'root', + group => 'root', + mode => '0711'; [ '/etc/leap', '/var/lib/leap']: ensure => directory, diff --git a/puppet/modules/site_config/manifests/packages/build_essential.pp b/puppet/modules/site_config/manifests/packages/build_essential.pp index 2b3e13b9..5b9a2602 100644 --- a/puppet/modules/site_config/manifests/packages/build_essential.pp +++ b/puppet/modules/site_config/manifests/packages/build_essential.pp @@ -16,12 +16,6 @@ class site_config::packages::build_essential inherits ::site_config::packages { } } - /^7.*/: { - Package[ 'gcc-4.7','g++-4.7', 'cpp-4.7' ] { - ensure => present - } - } - default: { } } diff --git a/puppet/modules/site_config/manifests/params.pp b/puppet/modules/site_config/manifests/params.pp index 012b3ce0..2c9687a3 100644 --- a/puppet/modules/site_config/manifests/params.pp +++ b/puppet/modules/site_config/manifests/params.pp @@ -1,3 +1,4 @@ +# Default parameters class site_config::params { $ip_address = hiera('ip_address') @@ -5,9 +6,16 @@ class site_config::params { $ec2_local_ipv4_interface = getvar("interface_${::ec2_local_ipv4}") $environment = hiera('environment', undef) - - if $environment == 'local' { - $interface = 'eth1' + if str2bool("$::vagrant") { + # Depending on the backend hypervisor networking is setup differently. + if $::interfaces =~ /eth1/ { + # Virtualbox: Private networking creates a second interface eth1 + $interface = 'eth1' + } + else { + # KVM/Libvirt: Private networking is done by defauly on first interface + $interface = 'eth0' + } include site_config::packages::build_essential } elsif hiera('interface','') != '' { diff --git a/puppet/modules/site_config/manifests/remove.pp b/puppet/modules/site_config/manifests/remove.pp index 443df9c2..be6cdfd8 100644 --- a/puppet/modules/site_config/manifests/remove.pp +++ b/puppet/modules/site_config/manifests/remove.pp @@ -2,6 +2,11 @@ class site_config::remove { include site_config::remove::files + package { 'leap-keyring': + ensure => purged, + } + + case $::operatingsystemrelease { /^8.*/: { include site_config::remove::jessie diff --git a/puppet/modules/site_config/manifests/remove/jessie.pp b/puppet/modules/site_config/manifests/remove/jessie.pp index e9497baf..2fdc4794 100644 --- a/puppet/modules/site_config/manifests/remove/jessie.pp +++ b/puppet/modules/site_config/manifests/remove/jessie.pp @@ -7,8 +7,9 @@ class site_config::remove::jessie { } apt::preferences_snippet { - [ 'facter', 'obfsproxy', 'python-twisted', 'unbound' ]: - ensure => absent; + [ 'facter', 'obfsproxy', 'python-twisted', 'unbound', 'passenger', + 'rsyslog_anon_depends' ]: + ensure => absent; } } diff --git a/puppet/modules/site_config/manifests/remove/webapp.pp b/puppet/modules/site_config/manifests/remove/webapp.pp index 58f59815..963eb705 100644 --- a/puppet/modules/site_config/manifests/remove/webapp.pp +++ b/puppet/modules/site_config/manifests/remove/webapp.pp @@ -4,4 +4,16 @@ class site_config::remove::webapp { '/etc/apache/sites-enabled/leap_webapp.conf': notify => Service['apache']; } + + # Ensure haproxy is removed + package { 'haproxy': + ensure => purged, + } + augeas { 'haproxy': + incl => '/etc/check_mk/mrpe.cfg', + lens => 'Spacevars.lns', + changes => [ 'rm /files/etc/check_mk/mrpe.cfg/Haproxy' ], + require => File['/etc/check_mk/mrpe.cfg']; + } + } diff --git a/puppet/modules/site_config/manifests/setup.pp b/puppet/modules/site_config/manifests/setup.pp index 82dfe76d..ce0f91d4 100644 --- a/puppet/modules/site_config/manifests/setup.pp +++ b/puppet/modules/site_config/manifests/setup.pp @@ -37,7 +37,7 @@ class site_config::setup { # we need to include shorewall::interface{eth0} in setup.pp so # packages can be installed during main puppetrun, even before shorewall # is configured completly - if ( $::site_config::params::environment == 'local' ) { + if str2bool($::vagrant) { include site_config::vagrant } diff --git a/puppet/modules/site_config/manifests/syslog.pp b/puppet/modules/site_config/manifests/syslog.pp index 591e0601..096d5d77 100644 --- a/puppet/modules/site_config/manifests/syslog.pp +++ b/puppet/modules/site_config/manifests/syslog.pp @@ -1,25 +1,17 @@ # configure rsyslog on all nodes class site_config::syslog { - # only pin rsyslog packages to backports on wheezy - case $::operatingsystemrelease { - /^7.*/: { - include ::site_apt::preferences::rsyslog - } - # on jessie+ systems, systemd and journald are enabled, - # and journald logs IP addresses, so we need to disable - # it until a solution is found, (#7863): - # https://github.com/systemd/systemd/issues/2447 - default: { - include ::journald - augeas { - 'disable_journald': - incl => '/etc/systemd/journald.conf', - lens => 'Puppet.lns', - changes => 'set /files/etc/systemd/journald.conf/Journal/Storage \'none\'', - notify => Service['systemd-journald']; - } - } + # on jessie+ systems, systemd and journald are enabled, + # and journald logs IP addresses, so we need to disable + # it until a solution is found, (#7863): + # https://github.com/systemd/systemd/issues/2447 + include ::journald + augeas { + 'disable_journald': + incl => '/etc/systemd/journald.conf', + lens => 'Puppet.lns', + changes => 'set /files/etc/systemd/journald.conf/Journal/Storage \'none\'', + notify => Service['systemd-journald']; } class { '::rsyslog::client': diff --git a/puppet/modules/site_config/manifests/vagrant.pp b/puppet/modules/site_config/manifests/vagrant.pp index 8f50b305..1682de8b 100644 --- a/puppet/modules/site_config/manifests/vagrant.pp +++ b/puppet/modules/site_config/manifests/vagrant.pp @@ -1,11 +1,15 @@ +# Gets included on vagrant nodes class site_config::vagrant { - # class for vagrant nodes include site_shorewall::defaults - # eth0 on vagrant nodes is the uplink if - shorewall::interface { 'eth0': - zone => 'net', - options => 'tcpflags,blacklist,nosmurfs'; + + if ( $::site_config::params::interface == 'eth1' ) { + # Don't block eth0 even if eth1 is configured, because + # it's vagrant's main interface to access the box + shorewall::interface { 'eth0': + zone => 'net', + options => 'tcpflags,blacklist,nosmurfs'; + } } } |