diff options
Diffstat (limited to 'puppet/modules/site_config/manifests')
4 files changed, 19 insertions, 22 deletions
diff --git a/puppet/modules/site_config/manifests/caching_resolver.pp b/puppet/modules/site_config/manifests/caching_resolver.pp index 3d7b9206..1b8bd1a2 100644 --- a/puppet/modules/site_config/manifests/caching_resolver.pp +++ b/puppet/modules/site_config/manifests/caching_resolver.pp @@ -10,16 +10,16 @@ class site_config::caching_resolver { # the newer unbound, then we will add 'include: /etc/unbound.d/*' to the # configuration file + include site_apt::preferences::unbound + file { + # cleanup from how we used to do it '/etc/unbound/conf.d': - ensure => directory, - owner => root, group => root, mode => '0755', - require => Package['unbound']; + force => true, + ensure => absent; '/etc/unbound/conf.d/placeholder': - ensure => present, - content => '', - owner => root, group => root, mode => '0644'; + ensure => absent; } class { 'unbound': @@ -39,4 +39,10 @@ class site_config::caching_resolver { } } } + + concat::fragment { 'unbound glob include': + target => $unbound::params::config, + content => "include: /etc/unbound/unbound.conf.d/*.conf\n\n", + order => 10 + } } diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp index 7e421a21..c7352857 100644 --- a/puppet/modules/site_config/manifests/default.pp +++ b/puppet/modules/site_config/manifests/default.pp @@ -27,6 +27,9 @@ class site_config::default { if $::ec2_instance_id { include site_config::dhclient } + if $::virtual == 'virtualbox' { + include site_config::dhclient + } # configure /etc/resolv.conf include site_config::resolvconf diff --git a/puppet/modules/site_config/manifests/initial_firewall.pp b/puppet/modules/site_config/manifests/initial_firewall.pp index 51cceb31..93cfb847 100644 --- a/puppet/modules/site_config/manifests/initial_firewall.pp +++ b/puppet/modules/site_config/manifests/initial_firewall.pp @@ -51,12 +51,14 @@ class site_config::initial_firewall { command => '/sbin/iptables-restore < /etc/network/ipv4firewall_up.rules', logoutput => true, unless => 'test -x /etc/init.d/shorewall && /etc/init.d/shorewall status', + subscribe => File['/etc/network/ipv4firewall_up.rules'], require => File['/etc/network/ipv4firewall_up.rules']; 'default_ipv6_firewall': command => '/sbin/ip6tables-restore < /etc/network/ipv6firewall_up.rules', logoutput => true, - unless => 'test -x /etc/init.d/shorewall && /etc/init.d/shorewall status', + unless => 'test -x /etc/init.d/shorewall6 && /etc/init.d/shorewall6 status', + subscribe => File['/etc/network/ipv6firewall_up.rules'], require => File['/etc/network/ipv6firewall_up.rules']; } } diff --git a/puppet/modules/site_config/manifests/syslog.pp b/puppet/modules/site_config/manifests/syslog.pp index d3abeca1..26c65f02 100644 --- a/puppet/modules/site_config/manifests/syslog.pp +++ b/puppet/modules/site_config/manifests/syslog.pp @@ -1,20 +1,6 @@ class site_config::syslog { - # we need to pull in rsyslog from the leap repository until it is availbale in - # wheezy-backports - apt::preferences_snippet { 'fixed_rsyslog_anon_package': - package => 'rsyslog*', - priority => '999', - pin => 'release o=leap.se', - before => Class['rsyslog::install'] - } - - apt::preferences_snippet { 'rsyslog_anon_depends': - package => 'libestr0 librelp0', - priority => '999', - pin => 'release a=wheezy-backports', - before => Class['rsyslog::install'] - } + include site_apt::preferences::rsyslog class { 'rsyslog::client': log_remote => false, |