diff options
Diffstat (limited to 'puppet/modules/site_config/manifests')
-rw-r--r-- | puppet/modules/site_config/manifests/base_packages.pp | 28 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/default.pp | 18 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/dhclient.pp | 30 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/hosts.pp | 30 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/params.pp | 25 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/resolvconf.pp | 11 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/ruby.pp | 14 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/shell.pp | 22 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/slow.pp | 2 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/sshd.pp | 2 |
10 files changed, 155 insertions, 27 deletions
diff --git a/puppet/modules/site_config/manifests/base_packages.pp b/puppet/modules/site_config/manifests/base_packages.pp new file mode 100644 index 00000000..3d40f7a2 --- /dev/null +++ b/puppet/modules/site_config/manifests/base_packages.pp @@ -0,0 +1,28 @@ +class site_config::base_packages { + + # base set of packages that we want to have installed everywhere + package { [ 'etckeeper', 'screen', 'less' ]: + ensure => installed, + } + + # base set of packages that we want to remove everywhere + package { [ 'acpi', 'acpid', 'acpi-support-base', 'eject', 'ftp', + 'laptop-detect', 'lpr', 'nfs-common', 'nfs-kernel-server', + 'portmap', 'pppconfig', 'pppoe', 'pump', 'qstat', 'rpcbind', + 'samba-common', 'samba-common-bin', 'smbclient', 'tcl8.5', + 'tk8.5', 'os-prober', 'unzip', 'xauth', 'x11-common', + 'x11-utils', 'xterm' ]: + ensure => absent; + } + + if $::virtual == 'virtualbox' { + $virtualbox_ensure = present + } else { + $virtualbox_ensure = absent + } + + package { [ 'build-essential', 'fontconfig-config', 'g++', 'g++-4.7', 'gcc', + 'gcc-4.6', 'gcc-4.7', 'cpp', 'cpp-4.6', 'cpp-4.7', 'libc6-dev' ]: + ensure => $virtualbox_ensure + } +} diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp index 2191e9a1..00eee9d0 100644 --- a/puppet/modules/site_config/manifests/default.pp +++ b/puppet/modules/site_config/manifests/default.pp @@ -12,10 +12,14 @@ class site_config::default { # configure apt include site_apt - # configure ssh and include ssh-keys include site_config::sshd + # fix dhclient from changing resolver information + if $::ec2_instance_id { + include site_config::dhclient + } + # configure /etc/resolv.conf include site_config::resolvconf @@ -24,13 +28,17 @@ class site_config::default { # configure /etc/hosts class { 'site_config::hosts': - stage => initial, + stage => setup, } - package { [ 'etckeeper' ]: - ensure => installed, - } + # install/remove base packages + include site_config::base_packages # include basic shorewall config include site_shorewall::defaults + + Class['git'] -> Vcsrepo<||> + + # include basic shell config + include site_config::shell } diff --git a/puppet/modules/site_config/manifests/dhclient.pp b/puppet/modules/site_config/manifests/dhclient.pp new file mode 100644 index 00000000..7ac0caf3 --- /dev/null +++ b/puppet/modules/site_config/manifests/dhclient.pp @@ -0,0 +1,30 @@ +class site_config::dhclient { + + # Unfortunately, there does not seem to be a way to reload the dhclient.conf + # config file, or a convenient way to disable the modifications to + # /etc/resolv.conf. So the following makes the functions involved noops and + # ships a script to kill and restart dhclient. See the debian bugs: + # #681698, #712796 + + include site_config::params + + file { '/usr/local/sbin/reload_dhclient': + owner => 0, + group => 0, + mode => '0755', + content => template('site_config/reload_dhclient.erb'); + } + + exec { 'reload_dhclient': + refreshonly => true, + command => '/usr/local/sbin/reload_dhclient'; + } + + file { '/etc/dhcp/dhclient-enter-hooks.d/disable_resolvconf': + content => 'make_resolv_conf() { : ; } ; set_hostname() { : ; }', + mode => '0644', + owner => 'root', + group => 'root', + notify => Exec['reload_dhclient']; + } +} diff --git a/puppet/modules/site_config/manifests/hosts.pp b/puppet/modules/site_config/manifests/hosts.pp index 6c00f3b6..ccedf036 100644 --- a/puppet/modules/site_config/manifests/hosts.pp +++ b/puppet/modules/site_config/manifests/hosts.pp @@ -1,22 +1,34 @@ class site_config::hosts() { + $hosts = hiera('hosts','') + $hostname = hiera('name') + $domain_hash = hiera('domain') + $domain_public = $domain_hash['full_suffix'] - $hosts = hiera('hosts','') - $hostname = hiera('name') - - $domain_public = $site_config::default::domain_hash['full_suffix'] - - file { "/etc/hostname": - ensure => present, + file { '/etc/hostname': + ensure => present, content => $hostname } - exec { "/bin/hostname $hostname": + exec { "/bin/hostname ${hostname}": subscribe => [ File['/etc/hostname'], File['/etc/hosts'] ], refreshonly => true; } + # we depend on reliable hostnames from /etc/hosts for the stunnel services + # so restart stunnel service when /etc/hosts is modified + # because this is done in an early stage, the stunnel module may not + # have been deployed and will not be available for overriding, so + # this is handled in an unorthodox manner + exec { '/etc/init.d/stunnel4 restart': + subscribe => File['/etc/hosts'], + refreshonly => true, + onlyif => 'test -f /etc/init.d/stunnel4'; + } + file { '/etc/hosts': content => template('site_config/hosts'), - mode => '0644', owner => root, group => root; + mode => '0644', + owner => root, + group => root; } } diff --git a/puppet/modules/site_config/manifests/params.pp b/puppet/modules/site_config/manifests/params.pp new file mode 100644 index 00000000..237ee454 --- /dev/null +++ b/puppet/modules/site_config/manifests/params.pp @@ -0,0 +1,25 @@ +class site_config::params { + + $ip_address = hiera('ip_address') + $ip_address_interface = getvar("interface_${ip_address}") + $ec2_local_ipv4_interface = getvar("interface_${::ec2_local_ipv4}") + + if $::virtual == 'virtualbox' { + $interface = [ 'eth0', 'eth1' ] + } + elsif hiera('interface','') != '' { + $interface = hiera('interface') + } + elsif $ip_address_interface != '' { + $interface = $ip_address_interface + } + elsif $ec2_local_ipv4_interface != '' { + $interface = $ec2_local_ipv4_interface + } + elsif $::interfaces =~ /eth0/ { + $interface = eth0 + } + else { + fail("unable to determine a valid interface, please set a valid interface for this node in nodes/${::hostname}.json") + } +} diff --git a/puppet/modules/site_config/manifests/resolvconf.pp b/puppet/modules/site_config/manifests/resolvconf.pp index d73f0b78..271c5043 100644 --- a/puppet/modules/site_config/manifests/resolvconf.pp +++ b/puppet/modules/site_config/manifests/resolvconf.pp @@ -1,16 +1,5 @@ class site_config::resolvconf { - # bind9 purging can be taken out after some time - package { 'bind9': - ensure => absent, - } - file { '/etc/default/bind9': - ensure => absent; - } - file { '/etc/bind/named.conf.options': - ensure => absent; - } - $domain_public = $site_config::default::domain_hash['full_suffix'] # 127.0.0.1: caching-only local bind diff --git a/puppet/modules/site_config/manifests/ruby.pp b/puppet/modules/site_config/manifests/ruby.pp new file mode 100644 index 00000000..2a720114 --- /dev/null +++ b/puppet/modules/site_config/manifests/ruby.pp @@ -0,0 +1,14 @@ +class site_config::ruby { + Class[Ruby] -> Class[rubygems] -> Class[bundler::install] + class { '::ruby': ruby_version => '1.9.3' } + class { 'bundler::install': install_method => 'package' } + include rubygems +} + + +# +# Ruby settings common to all servers +# +# Why this way? So that other classes can do 'include site_ruby' without creating redeclaration errors. +# See https://puppetlabs.com/blog/modeling-class-composition-with-parameterized-classes/ +# diff --git a/puppet/modules/site_config/manifests/shell.pp b/puppet/modules/site_config/manifests/shell.pp new file mode 100644 index 00000000..5b8c025d --- /dev/null +++ b/puppet/modules/site_config/manifests/shell.pp @@ -0,0 +1,22 @@ +class site_config::shell { + + file { + '/etc/profile.d/leap_path.sh': + content => 'PATH=$PATH:/srv/leap/bin', + mode => '0644', + owner => root, + group => root; + } + + ## + ## XTERM TITLE + ## + + file { '/etc/profile.d/xterm-title.sh': + source => 'puppet:///modules/site_config/xterm-title.sh', + owner => root, + group => 0, + mode => '0644'; + } + +} diff --git a/puppet/modules/site_config/manifests/slow.pp b/puppet/modules/site_config/manifests/slow.pp index 18b22a9c..94bac88d 100644 --- a/puppet/modules/site_config/manifests/slow.pp +++ b/puppet/modules/site_config/manifests/slow.pp @@ -1,6 +1,6 @@ class site_config::slow { tag 'leap_slow' class { 'site_apt::dist_upgrade': - stage => initial, + stage => setup, } } diff --git a/puppet/modules/site_config/manifests/sshd.pp b/puppet/modules/site_config/manifests/sshd.pp index 944dbce2..8ff337a0 100644 --- a/puppet/modules/site_config/manifests/sshd.pp +++ b/puppet/modules/site_config/manifests/sshd.pp @@ -2,7 +2,7 @@ class site_config::sshd { # configure sshd include sshd include site_sshd - # no need for configuring authorized_keys as leap_cli cares for that + # no need for configuring authorized_keys as leap_cli cares for that #$ssh_pubkeys=hiera_hash('ssh_pubkeys') #notice($ssh_pubkeys) #create_resources('site_sshd::ssh_key', $ssh_pubkeys) |