summaryrefslogtreecommitdiff
path: root/puppet/modules/site_config
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules/site_config')
-rw-r--r--puppet/modules/site_config/manifests/default.pp6
-rw-r--r--puppet/modules/site_config/manifests/packages/base.pp4
-rw-r--r--puppet/modules/site_config/manifests/params.pp4
-rw-r--r--puppet/modules/site_config/manifests/resolvconf.pp9
-rw-r--r--puppet/modules/site_config/manifests/syslog.pp28
5 files changed, 44 insertions, 7 deletions
diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp
index a645cb1a..2380066a 100644
--- a/puppet/modules/site_config/manifests/default.pp
+++ b/puppet/modules/site_config/manifests/default.pp
@@ -2,6 +2,7 @@ class site_config::default {
tag 'leap_base'
$domain_hash = hiera('domain')
+ include site_config::params
# make sure apt is updated before any packages are installed
include apt::update
@@ -32,7 +33,7 @@ class site_config::default {
include site_config::dhclient
}
- if ( $::virtual == 'virtualbox' ) {
+ if ( $::site_config::params::environment == 'local' ) {
include site_config::vagrant
}
@@ -47,6 +48,9 @@ class site_config::default {
stage => setup,
}
+ # install/configure syslog
+ include site_config::syslog
+
# install/remove base packages
include site_config::packages::base
diff --git a/puppet/modules/site_config/manifests/packages/base.pp b/puppet/modules/site_config/manifests/packages/base.pp
index 94ff679b..3e1d4a67 100644
--- a/puppet/modules/site_config/manifests/packages/base.pp
+++ b/puppet/modules/site_config/manifests/packages/base.pp
@@ -1,5 +1,7 @@
class site_config::packages::base {
+ include site_config::params
+
# base set of packages that we want to have installed everywhere
package { [ 'etckeeper', 'screen', 'less' ]:
ensure => installed,
@@ -15,7 +17,7 @@ class site_config::packages::base {
ensure => absent;
}
- if $::virtual == 'virtualbox' or $::services =~ /\bwebapp\b/ {
+ if $::site_config::params::environment == 'local' or $::services =~ /\bwebapp\b/ {
$dev_packages_ensure = present
} else {
$dev_packages_ensure = absent
diff --git a/puppet/modules/site_config/manifests/params.pp b/puppet/modules/site_config/manifests/params.pp
index 59a161e8..2ef391db 100644
--- a/puppet/modules/site_config/manifests/params.pp
+++ b/puppet/modules/site_config/manifests/params.pp
@@ -3,8 +3,10 @@ class site_config::params {
$ip_address = hiera('ip_address')
$ip_address_interface = getvar("interface_${ip_address}")
$ec2_local_ipv4_interface = getvar("interface_${::ec2_local_ipv4}")
+ $environment = hiera('environment')
- if $::virtual == 'virtualbox' {
+
+ if $environment == 'local' {
$interface = 'eth1'
}
elsif hiera('interface','') != '' {
diff --git a/puppet/modules/site_config/manifests/resolvconf.pp b/puppet/modules/site_config/manifests/resolvconf.pp
index 271c5043..b307f18b 100644
--- a/puppet/modules/site_config/manifests/resolvconf.pp
+++ b/puppet/modules/site_config/manifests/resolvconf.pp
@@ -2,12 +2,13 @@ class site_config::resolvconf {
$domain_public = $site_config::default::domain_hash['full_suffix']
- # 127.0.0.1: caching-only local bind
- # 87.118.100.175: http://server.privacyfoundation.de
- # 62.141.58.13: http://www.privacyfoundation.ch/de/service/server.html
class { '::resolvconf':
domain => $domain_public,
search => $domain_public,
- nameservers => [ '127.0.0.1', '87.118.100.175', '62.141.58.13' ]
+ nameservers => [
+ '127.0.0.1 # local caching-only, unbound',
+ '85.214.20.141 # Digitalcourage, a german privacy organisation: (https://en.wikipedia.org/wiki/Digitalcourage)',
+ '62.141.58.13 # Swiss privacy Foundation (http://www.privacyfoundation.ch/de/service/server.html)'
+ ]
}
}
diff --git a/puppet/modules/site_config/manifests/syslog.pp b/puppet/modules/site_config/manifests/syslog.pp
new file mode 100644
index 00000000..73d4f58f
--- /dev/null
+++ b/puppet/modules/site_config/manifests/syslog.pp
@@ -0,0 +1,28 @@
+class site_config::syslog {
+
+ # we need to pull in rsyslog from the leap repository until it is availbale in
+ # wheezy-backports
+ apt::preferences_snippet { 'fixed_rsyslog_anon_package':
+ package => 'rsyslog-*',
+ priority => '999',
+ pin => 'release o=leap.se',
+ before => Class['rsyslog::install']
+ }
+
+ apt::preferences_snippet { 'rsyslog_anon_depends':
+ package => 'libestr0 librelp0',
+ priority => '999',
+ pin => 'release a=wheezy-backports',
+ before => Class['rsyslog::install']
+ }
+
+ class { 'rsyslog::client':
+ log_remote => false,
+ log_local => true
+ }
+
+ rsyslog::snippet { '00-anonymize_logs':
+ content => '$ModLoad mmanon
+action(type="mmanon" ipv4.bits="32" mode="rewrite")'
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-01 04:02:31 +0000