diff options
Diffstat (limited to 'puppet/modules/site_config')
-rw-r--r-- | puppet/modules/site_config/lib/facter/dhcp_enabled.rb | 22 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/default.pp | 17 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/dhclient.pp | 4 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/packages/base.pp | 2 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/remove_files.pp | 46 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/syslog.pp | 25 |
6 files changed, 108 insertions, 8 deletions
diff --git a/puppet/modules/site_config/lib/facter/dhcp_enabled.rb b/puppet/modules/site_config/lib/facter/dhcp_enabled.rb new file mode 100644 index 00000000..33220da3 --- /dev/null +++ b/puppet/modules/site_config/lib/facter/dhcp_enabled.rb @@ -0,0 +1,22 @@ +require 'facter' +def dhcp_enabled?(ifs, recurse=true) + dhcp = false + included_ifs = [] + if FileTest.exists?(ifs) + File.open(ifs) do |file| + dhcp = file.enum_for(:each_line).any? do |line| + if recurse && line =~ /^\s*source\s+([^\s]+)/ + included_ifs += Dir.glob($1) + end + line =~ /inet\s+dhcp/ + end + end + end + dhcp || included_ifs.any? { |ifs| dhcp_enabled?(ifs, false) } +end +Facter.add(:dhcp_enabled) do + confine :osfamily => 'Debian' + setcode do + dhcp_enabled?('/etc/network/interfaces') + end +end diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp index 790b5a16..e69e4b7b 100644 --- a/puppet/modules/site_config/manifests/default.pp +++ b/puppet/modules/site_config/manifests/default.pp @@ -1,6 +1,10 @@ class site_config::default { tag 'leap_base' + # the logoutput exec parameter defaults to "on_error" in puppet 3, + # but to "false" in puppet 2.7, so we need to set this globally here + Exec<||> { logoutput => on_failure } + $services = hiera('services', []) $domain_hash = hiera('domain') include site_config::params @@ -25,10 +29,7 @@ class site_config::default { # i.e. openstack/aws nodes, vagrant nodes # fix dhclient from changing resolver information - if $::ec2_instance_id { - include site_config::dhclient - } - if $::virtual == 'virtualbox' { + if $::dhcp_enabled == 'true' { include site_config::dhclient } @@ -38,22 +39,26 @@ class site_config::default { # configure caching, local resolver include site_config::caching_resolver - # install/configure syslog + # install/configure syslog and core log rotations include site_config::syslog + # provide a basic level of quality entropy + include haveged + # install/remove base packages include site_config::packages::base # include basic shorewall config include site_shorewall::defaults - Class['git'] -> Vcsrepo<||> + Package['git'] -> Vcsrepo<||> # include basic shell config include site_config::shell # set up core leap files and directories include site_config::files + include site_config::remove_files if ! member($services, 'mx') { include site_postfix::satellite diff --git a/puppet/modules/site_config/manifests/dhclient.pp b/puppet/modules/site_config/manifests/dhclient.pp index 7ac0caf3..dbe2ef1c 100644 --- a/puppet/modules/site_config/manifests/dhclient.pp +++ b/puppet/modules/site_config/manifests/dhclient.pp @@ -17,7 +17,9 @@ class site_config::dhclient { exec { 'reload_dhclient': refreshonly => true, - command => '/usr/local/sbin/reload_dhclient'; + command => '/usr/local/sbin/reload_dhclient', + before => Class['site_config::resolvconf'], + require => File['/usr/local/sbin/reload_dhclient'], } file { '/etc/dhcp/dhclient-enter-hooks.d/disable_resolvconf': diff --git a/puppet/modules/site_config/manifests/packages/base.pp b/puppet/modules/site_config/manifests/packages/base.pp index ae47963c..f20d04a4 100644 --- a/puppet/modules/site_config/manifests/packages/base.pp +++ b/puppet/modules/site_config/manifests/packages/base.pp @@ -7,7 +7,7 @@ class site_config::packages::base { } # base set of packages that we want to remove everywhere - package { [ 'acpi', 'acpid', 'acpi-support-base', 'eject', 'ftp', 'fontconfig-config', + package { [ 'acpi', 'acpid', 'acpi-support-base', 'eject', 'ftp', 'laptop-detect', 'lpr', 'nfs-common', 'nfs-kernel-server', 'portmap', 'pppconfig', 'pppoe', 'pump', 'qstat', 'rpcbind', 'samba-common', 'samba-common-bin', 'smbclient', 'tcl8.5', diff --git a/puppet/modules/site_config/manifests/remove_files.pp b/puppet/modules/site_config/manifests/remove_files.pp new file mode 100644 index 00000000..3f46659c --- /dev/null +++ b/puppet/modules/site_config/manifests/remove_files.pp @@ -0,0 +1,46 @@ +# +# Sometimes when we upgrade the platform, we need to ensure that files that +# the platform previously created will get removed. +# +# These file removals don't need to be kept forever: we only need to remove +# files that are present in the prior platform release. +# +# We can assume that the every node is upgraded from the previous platform +# release. +# + +class site_config::remove_files { + + # + # Platform 0.7 removals + # + + tidy { + '/etc/rsyslog.d/99-tapicero.conf':; + '/etc/rsyslog.d/99-leap-mx.conf':; + '/etc/rsyslog.d/01-webapp.conf':; + '/etc/rsyslog.d/50-stunnel.conf':; + '/etc/logrotate.d/mx':; + '/etc/logrotate.d/stunnel':; + '/var/log/stunnel4/stunnel.log':; + 'leap_mx': + path => '/var/log/', + recurse => true, + matches => 'leap_mx*'; + '/srv/leap/webapp/public/provider.json':; + '/srv/leap/couchdb/designs/tmp_users': + recurse => true, + rmdirs => true; + } + + # leax-mx logged to /var/log/leap_mx.log in the past + # we need to use a dumb exec here because file_line doesn't + # allow removing lines that match a regex in the current version + # of stdlib, see https://tickets.puppetlabs.com/browse/MODULES-1903 + exec { 'rm_old_leap_mx_log_destination': + command => "/bin/sed -i '/leap_mx.log/d' /etc/check_mk/logwatch.state", + onlyif => "/bin/grep -qe 'leap_mx.log' /etc/check_mk/logwatch.state" + } + + +} diff --git a/puppet/modules/site_config/manifests/syslog.pp b/puppet/modules/site_config/manifests/syslog.pp index 26c65f02..83b49c8e 100644 --- a/puppet/modules/site_config/manifests/syslog.pp +++ b/puppet/modules/site_config/manifests/syslog.pp @@ -11,4 +11,29 @@ class site_config::syslog { content => '$ModLoad mmanon action(type="mmanon" ipv4.bits="32" mode="rewrite")' } + + augeas { + 'logrotate_leap_deploy': + context => '/files/etc/logrotate.d/leap_deploy/rule', + changes => [ 'set file /var/log/leap/deploy.log', + 'set rotate 5', + 'set size 1M', + 'set compress compress', + 'set missingok missingok', + 'set copytruncate copytruncate' ]; + + # NOTE: + # the puppet_command script requires the option delaycompress + # be set on the summary log file. + + 'logrotate_leap_deploy_summary': + context => '/files/etc/logrotate.d/leap_deploy_summary/rule', + changes => [ 'set file /var/log/leap/deploy-summary.log', + 'set rotate 5', + 'set size 100k', + 'set delaycompress delaycompress', + 'set compress compress', + 'set missingok missingok', + 'set copytruncate copytruncate' ] + } } |