summaryrefslogtreecommitdiff
path: root/puppet/modules/site_config
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules/site_config')
-rw-r--r--puppet/modules/site_config/lib/facter/dhcp_enabled.rb22
-rw-r--r--puppet/modules/site_config/manifests/default.pp17
-rw-r--r--puppet/modules/site_config/manifests/dhclient.pp4
-rw-r--r--puppet/modules/site_config/manifests/packages/base.pp2
-rw-r--r--puppet/modules/site_config/manifests/remove_files.pp46
-rw-r--r--puppet/modules/site_config/manifests/syslog.pp25
6 files changed, 108 insertions, 8 deletions
diff --git a/puppet/modules/site_config/lib/facter/dhcp_enabled.rb b/puppet/modules/site_config/lib/facter/dhcp_enabled.rb
new file mode 100644
index 00000000..33220da3
--- /dev/null
+++ b/puppet/modules/site_config/lib/facter/dhcp_enabled.rb
@@ -0,0 +1,22 @@
+require 'facter'
+def dhcp_enabled?(ifs, recurse=true)
+ dhcp = false
+ included_ifs = []
+ if FileTest.exists?(ifs)
+ File.open(ifs) do |file|
+ dhcp = file.enum_for(:each_line).any? do |line|
+ if recurse && line =~ /^\s*source\s+([^\s]+)/
+ included_ifs += Dir.glob($1)
+ end
+ line =~ /inet\s+dhcp/
+ end
+ end
+ end
+ dhcp || included_ifs.any? { |ifs| dhcp_enabled?(ifs, false) }
+end
+Facter.add(:dhcp_enabled) do
+ confine :osfamily => 'Debian'
+ setcode do
+ dhcp_enabled?('/etc/network/interfaces')
+ end
+end
diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp
index 790b5a16..e69e4b7b 100644
--- a/puppet/modules/site_config/manifests/default.pp
+++ b/puppet/modules/site_config/manifests/default.pp
@@ -1,6 +1,10 @@
class site_config::default {
tag 'leap_base'
+ # the logoutput exec parameter defaults to "on_error" in puppet 3,
+ # but to "false" in puppet 2.7, so we need to set this globally here
+ Exec<||> { logoutput => on_failure }
+
$services = hiera('services', [])
$domain_hash = hiera('domain')
include site_config::params
@@ -25,10 +29,7 @@ class site_config::default {
# i.e. openstack/aws nodes, vagrant nodes
# fix dhclient from changing resolver information
- if $::ec2_instance_id {
- include site_config::dhclient
- }
- if $::virtual == 'virtualbox' {
+ if $::dhcp_enabled == 'true' {
include site_config::dhclient
}
@@ -38,22 +39,26 @@ class site_config::default {
# configure caching, local resolver
include site_config::caching_resolver
- # install/configure syslog
+ # install/configure syslog and core log rotations
include site_config::syslog
+ # provide a basic level of quality entropy
+ include haveged
+
# install/remove base packages
include site_config::packages::base
# include basic shorewall config
include site_shorewall::defaults
- Class['git'] -> Vcsrepo<||>
+ Package['git'] -> Vcsrepo<||>
# include basic shell config
include site_config::shell
# set up core leap files and directories
include site_config::files
+ include site_config::remove_files
if ! member($services, 'mx') {
include site_postfix::satellite
diff --git a/puppet/modules/site_config/manifests/dhclient.pp b/puppet/modules/site_config/manifests/dhclient.pp
index 7ac0caf3..dbe2ef1c 100644
--- a/puppet/modules/site_config/manifests/dhclient.pp
+++ b/puppet/modules/site_config/manifests/dhclient.pp
@@ -17,7 +17,9 @@ class site_config::dhclient {
exec { 'reload_dhclient':
refreshonly => true,
- command => '/usr/local/sbin/reload_dhclient';
+ command => '/usr/local/sbin/reload_dhclient',
+ before => Class['site_config::resolvconf'],
+ require => File['/usr/local/sbin/reload_dhclient'],
}
file { '/etc/dhcp/dhclient-enter-hooks.d/disable_resolvconf':
diff --git a/puppet/modules/site_config/manifests/packages/base.pp b/puppet/modules/site_config/manifests/packages/base.pp
index ae47963c..f20d04a4 100644
--- a/puppet/modules/site_config/manifests/packages/base.pp
+++ b/puppet/modules/site_config/manifests/packages/base.pp
@@ -7,7 +7,7 @@ class site_config::packages::base {
}
# base set of packages that we want to remove everywhere
- package { [ 'acpi', 'acpid', 'acpi-support-base', 'eject', 'ftp', 'fontconfig-config',
+ package { [ 'acpi', 'acpid', 'acpi-support-base', 'eject', 'ftp',
'laptop-detect', 'lpr', 'nfs-common', 'nfs-kernel-server',
'portmap', 'pppconfig', 'pppoe', 'pump', 'qstat', 'rpcbind',
'samba-common', 'samba-common-bin', 'smbclient', 'tcl8.5',
diff --git a/puppet/modules/site_config/manifests/remove_files.pp b/puppet/modules/site_config/manifests/remove_files.pp
new file mode 100644
index 00000000..3f46659c
--- /dev/null
+++ b/puppet/modules/site_config/manifests/remove_files.pp
@@ -0,0 +1,46 @@
+#
+# Sometimes when we upgrade the platform, we need to ensure that files that
+# the platform previously created will get removed.
+#
+# These file removals don't need to be kept forever: we only need to remove
+# files that are present in the prior platform release.
+#
+# We can assume that the every node is upgraded from the previous platform
+# release.
+#
+
+class site_config::remove_files {
+
+ #
+ # Platform 0.7 removals
+ #
+
+ tidy {
+ '/etc/rsyslog.d/99-tapicero.conf':;
+ '/etc/rsyslog.d/99-leap-mx.conf':;
+ '/etc/rsyslog.d/01-webapp.conf':;
+ '/etc/rsyslog.d/50-stunnel.conf':;
+ '/etc/logrotate.d/mx':;
+ '/etc/logrotate.d/stunnel':;
+ '/var/log/stunnel4/stunnel.log':;
+ 'leap_mx':
+ path => '/var/log/',
+ recurse => true,
+ matches => 'leap_mx*';
+ '/srv/leap/webapp/public/provider.json':;
+ '/srv/leap/couchdb/designs/tmp_users':
+ recurse => true,
+ rmdirs => true;
+ }
+
+ # leax-mx logged to /var/log/leap_mx.log in the past
+ # we need to use a dumb exec here because file_line doesn't
+ # allow removing lines that match a regex in the current version
+ # of stdlib, see https://tickets.puppetlabs.com/browse/MODULES-1903
+ exec { 'rm_old_leap_mx_log_destination':
+ command => "/bin/sed -i '/leap_mx.log/d' /etc/check_mk/logwatch.state",
+ onlyif => "/bin/grep -qe 'leap_mx.log' /etc/check_mk/logwatch.state"
+ }
+
+
+}
diff --git a/puppet/modules/site_config/manifests/syslog.pp b/puppet/modules/site_config/manifests/syslog.pp
index 26c65f02..83b49c8e 100644
--- a/puppet/modules/site_config/manifests/syslog.pp
+++ b/puppet/modules/site_config/manifests/syslog.pp
@@ -11,4 +11,29 @@ class site_config::syslog {
content => '$ModLoad mmanon
action(type="mmanon" ipv4.bits="32" mode="rewrite")'
}
+
+ augeas {
+ 'logrotate_leap_deploy':
+ context => '/files/etc/logrotate.d/leap_deploy/rule',
+ changes => [ 'set file /var/log/leap/deploy.log',
+ 'set rotate 5',
+ 'set size 1M',
+ 'set compress compress',
+ 'set missingok missingok',
+ 'set copytruncate copytruncate' ];
+
+ # NOTE:
+ # the puppet_command script requires the option delaycompress
+ # be set on the summary log file.
+
+ 'logrotate_leap_deploy_summary':
+ context => '/files/etc/logrotate.d/leap_deploy_summary/rule',
+ changes => [ 'set file /var/log/leap/deploy-summary.log',
+ 'set rotate 5',
+ 'set size 100k',
+ 'set delaycompress delaycompress',
+ 'set compress compress',
+ 'set missingok missingok',
+ 'set copytruncate copytruncate' ]
+ }
}