summaryrefslogtreecommitdiff
path: root/puppet/modules/site_config/manifests
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules/site_config/manifests')
-rw-r--r--puppet/modules/site_config/manifests/base_packages.pp28
-rw-r--r--puppet/modules/site_config/manifests/default.pp18
-rw-r--r--puppet/modules/site_config/manifests/dhclient.pp30
-rw-r--r--puppet/modules/site_config/manifests/hosts.pp30
-rw-r--r--puppet/modules/site_config/manifests/params.pp25
-rw-r--r--puppet/modules/site_config/manifests/resolvconf.pp11
-rw-r--r--puppet/modules/site_config/manifests/ruby.pp14
-rw-r--r--puppet/modules/site_config/manifests/shell.pp22
-rw-r--r--puppet/modules/site_config/manifests/slow.pp2
-rw-r--r--puppet/modules/site_config/manifests/sshd.pp2
10 files changed, 155 insertions, 27 deletions
diff --git a/puppet/modules/site_config/manifests/base_packages.pp b/puppet/modules/site_config/manifests/base_packages.pp
new file mode 100644
index 00000000..3d40f7a2
--- /dev/null
+++ b/puppet/modules/site_config/manifests/base_packages.pp
@@ -0,0 +1,28 @@
+class site_config::base_packages {
+
+ # base set of packages that we want to have installed everywhere
+ package { [ 'etckeeper', 'screen', 'less' ]:
+ ensure => installed,
+ }
+
+ # base set of packages that we want to remove everywhere
+ package { [ 'acpi', 'acpid', 'acpi-support-base', 'eject', 'ftp',
+ 'laptop-detect', 'lpr', 'nfs-common', 'nfs-kernel-server',
+ 'portmap', 'pppconfig', 'pppoe', 'pump', 'qstat', 'rpcbind',
+ 'samba-common', 'samba-common-bin', 'smbclient', 'tcl8.5',
+ 'tk8.5', 'os-prober', 'unzip', 'xauth', 'x11-common',
+ 'x11-utils', 'xterm' ]:
+ ensure => absent;
+ }
+
+ if $::virtual == 'virtualbox' {
+ $virtualbox_ensure = present
+ } else {
+ $virtualbox_ensure = absent
+ }
+
+ package { [ 'build-essential', 'fontconfig-config', 'g++', 'g++-4.7', 'gcc',
+ 'gcc-4.6', 'gcc-4.7', 'cpp', 'cpp-4.6', 'cpp-4.7', 'libc6-dev' ]:
+ ensure => $virtualbox_ensure
+ }
+}
diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp
index 2191e9a1..00eee9d0 100644
--- a/puppet/modules/site_config/manifests/default.pp
+++ b/puppet/modules/site_config/manifests/default.pp
@@ -12,10 +12,14 @@ class site_config::default {
# configure apt
include site_apt
-
# configure ssh and include ssh-keys
include site_config::sshd
+ # fix dhclient from changing resolver information
+ if $::ec2_instance_id {
+ include site_config::dhclient
+ }
+
# configure /etc/resolv.conf
include site_config::resolvconf
@@ -24,13 +28,17 @@ class site_config::default {
# configure /etc/hosts
class { 'site_config::hosts':
- stage => initial,
+ stage => setup,
}
- package { [ 'etckeeper' ]:
- ensure => installed,
- }
+ # install/remove base packages
+ include site_config::base_packages
# include basic shorewall config
include site_shorewall::defaults
+
+ Class['git'] -> Vcsrepo<||>
+
+ # include basic shell config
+ include site_config::shell
}
diff --git a/puppet/modules/site_config/manifests/dhclient.pp b/puppet/modules/site_config/manifests/dhclient.pp
new file mode 100644
index 00000000..7ac0caf3
--- /dev/null
+++ b/puppet/modules/site_config/manifests/dhclient.pp
@@ -0,0 +1,30 @@
+class site_config::dhclient {
+
+ # Unfortunately, there does not seem to be a way to reload the dhclient.conf
+ # config file, or a convenient way to disable the modifications to
+ # /etc/resolv.conf. So the following makes the functions involved noops and
+ # ships a script to kill and restart dhclient. See the debian bugs:
+ # #681698, #712796
+
+ include site_config::params
+
+ file { '/usr/local/sbin/reload_dhclient':
+ owner => 0,
+ group => 0,
+ mode => '0755',
+ content => template('site_config/reload_dhclient.erb');
+ }
+
+ exec { 'reload_dhclient':
+ refreshonly => true,
+ command => '/usr/local/sbin/reload_dhclient';
+ }
+
+ file { '/etc/dhcp/dhclient-enter-hooks.d/disable_resolvconf':
+ content => 'make_resolv_conf() { : ; } ; set_hostname() { : ; }',
+ mode => '0644',
+ owner => 'root',
+ group => 'root',
+ notify => Exec['reload_dhclient'];
+ }
+}
diff --git a/puppet/modules/site_config/manifests/hosts.pp b/puppet/modules/site_config/manifests/hosts.pp
index 6c00f3b6..ccedf036 100644
--- a/puppet/modules/site_config/manifests/hosts.pp
+++ b/puppet/modules/site_config/manifests/hosts.pp
@@ -1,22 +1,34 @@
class site_config::hosts() {
+ $hosts = hiera('hosts','')
+ $hostname = hiera('name')
+ $domain_hash = hiera('domain')
+ $domain_public = $domain_hash['full_suffix']
- $hosts = hiera('hosts','')
- $hostname = hiera('name')
-
- $domain_public = $site_config::default::domain_hash['full_suffix']
-
- file { "/etc/hostname":
- ensure => present,
+ file { '/etc/hostname':
+ ensure => present,
content => $hostname
}
- exec { "/bin/hostname $hostname":
+ exec { "/bin/hostname ${hostname}":
subscribe => [ File['/etc/hostname'], File['/etc/hosts'] ],
refreshonly => true;
}
+ # we depend on reliable hostnames from /etc/hosts for the stunnel services
+ # so restart stunnel service when /etc/hosts is modified
+ # because this is done in an early stage, the stunnel module may not
+ # have been deployed and will not be available for overriding, so
+ # this is handled in an unorthodox manner
+ exec { '/etc/init.d/stunnel4 restart':
+ subscribe => File['/etc/hosts'],
+ refreshonly => true,
+ onlyif => 'test -f /etc/init.d/stunnel4';
+ }
+
file { '/etc/hosts':
content => template('site_config/hosts'),
- mode => '0644', owner => root, group => root;
+ mode => '0644',
+ owner => root,
+ group => root;
}
}
diff --git a/puppet/modules/site_config/manifests/params.pp b/puppet/modules/site_config/manifests/params.pp
new file mode 100644
index 00000000..237ee454
--- /dev/null
+++ b/puppet/modules/site_config/manifests/params.pp
@@ -0,0 +1,25 @@
+class site_config::params {
+
+ $ip_address = hiera('ip_address')
+ $ip_address_interface = getvar("interface_${ip_address}")
+ $ec2_local_ipv4_interface = getvar("interface_${::ec2_local_ipv4}")
+
+ if $::virtual == 'virtualbox' {
+ $interface = [ 'eth0', 'eth1' ]
+ }
+ elsif hiera('interface','') != '' {
+ $interface = hiera('interface')
+ }
+ elsif $ip_address_interface != '' {
+ $interface = $ip_address_interface
+ }
+ elsif $ec2_local_ipv4_interface != '' {
+ $interface = $ec2_local_ipv4_interface
+ }
+ elsif $::interfaces =~ /eth0/ {
+ $interface = eth0
+ }
+ else {
+ fail("unable to determine a valid interface, please set a valid interface for this node in nodes/${::hostname}.json")
+ }
+}
diff --git a/puppet/modules/site_config/manifests/resolvconf.pp b/puppet/modules/site_config/manifests/resolvconf.pp
index d73f0b78..271c5043 100644
--- a/puppet/modules/site_config/manifests/resolvconf.pp
+++ b/puppet/modules/site_config/manifests/resolvconf.pp
@@ -1,16 +1,5 @@
class site_config::resolvconf {
- # bind9 purging can be taken out after some time
- package { 'bind9':
- ensure => absent,
- }
- file { '/etc/default/bind9':
- ensure => absent;
- }
- file { '/etc/bind/named.conf.options':
- ensure => absent;
- }
-
$domain_public = $site_config::default::domain_hash['full_suffix']
# 127.0.0.1: caching-only local bind
diff --git a/puppet/modules/site_config/manifests/ruby.pp b/puppet/modules/site_config/manifests/ruby.pp
new file mode 100644
index 00000000..2a720114
--- /dev/null
+++ b/puppet/modules/site_config/manifests/ruby.pp
@@ -0,0 +1,14 @@
+class site_config::ruby {
+ Class[Ruby] -> Class[rubygems] -> Class[bundler::install]
+ class { '::ruby': ruby_version => '1.9.3' }
+ class { 'bundler::install': install_method => 'package' }
+ include rubygems
+}
+
+
+#
+# Ruby settings common to all servers
+#
+# Why this way? So that other classes can do 'include site_ruby' without creating redeclaration errors.
+# See https://puppetlabs.com/blog/modeling-class-composition-with-parameterized-classes/
+#
diff --git a/puppet/modules/site_config/manifests/shell.pp b/puppet/modules/site_config/manifests/shell.pp
new file mode 100644
index 00000000..5b8c025d
--- /dev/null
+++ b/puppet/modules/site_config/manifests/shell.pp
@@ -0,0 +1,22 @@
+class site_config::shell {
+
+ file {
+ '/etc/profile.d/leap_path.sh':
+ content => 'PATH=$PATH:/srv/leap/bin',
+ mode => '0644',
+ owner => root,
+ group => root;
+ }
+
+ ##
+ ## XTERM TITLE
+ ##
+
+ file { '/etc/profile.d/xterm-title.sh':
+ source => 'puppet:///modules/site_config/xterm-title.sh',
+ owner => root,
+ group => 0,
+ mode => '0644';
+ }
+
+}
diff --git a/puppet/modules/site_config/manifests/slow.pp b/puppet/modules/site_config/manifests/slow.pp
index 18b22a9c..94bac88d 100644
--- a/puppet/modules/site_config/manifests/slow.pp
+++ b/puppet/modules/site_config/manifests/slow.pp
@@ -1,6 +1,6 @@
class site_config::slow {
tag 'leap_slow'
class { 'site_apt::dist_upgrade':
- stage => initial,
+ stage => setup,
}
}
diff --git a/puppet/modules/site_config/manifests/sshd.pp b/puppet/modules/site_config/manifests/sshd.pp
index 944dbce2..8ff337a0 100644
--- a/puppet/modules/site_config/manifests/sshd.pp
+++ b/puppet/modules/site_config/manifests/sshd.pp
@@ -2,7 +2,7 @@ class site_config::sshd {
# configure sshd
include sshd
include site_sshd
- # no need for configuring authorized_keys as leap_cli cares for that
+ # no need for configuring authorized_keys as leap_cli cares for that
#$ssh_pubkeys=hiera_hash('ssh_pubkeys')
#notice($ssh_pubkeys)
#create_resources('site_sshd::ssh_key', $ssh_pubkeys)