From e5244f7015de9ffd88c20e9b8136996bfbfe0f0d Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 4 Oct 2012 16:08:07 +0200 Subject: added site_config::eip --- puppet/modules/site_config/manifests/eip.pp | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 puppet/modules/site_config/manifests/eip.pp (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp new file mode 100644 index 00000000..56eb1452 --- /dev/null +++ b/puppet/modules/site_config/manifests/eip.pp @@ -0,0 +1,10 @@ +class site_config::eip { + include site_openvpn + + $tor=hiera('tor') + notice("Tor enabled: $tor") + + $openvpn_configs=hiera('openvpn_server_configs') + create_resources('site_openvpn::server_config', $openvpn_configs) + +} -- cgit v1.2.3 From 14305e553c4f71fbeec997d585383c4c6211c1a5 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 4 Oct 2012 17:29:26 +0200 Subject: don't pull openvpn config from hiera --- puppet/modules/site_config/manifests/eip.pp | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index 56eb1452..c8677696 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -4,7 +4,15 @@ class site_config::eip { $tor=hiera('tor') notice("Tor enabled: $tor") - $openvpn_configs=hiera('openvpn_server_configs') - create_resources('site_openvpn::server_config', $openvpn_configs) - + #$openvpn_configs=hiera('openvpn_server_configs') + #create_resources('site_openvpn::server_config', $openvpn_configs) + + site_openvpn::server_config { 'tcp_config': + port => '1194', + proto => 'tcp' + } + site_openvpn::server_config { 'udp_config': + port => '1194', + proto => 'udp' + } } -- cgit v1.2.3 From b7277a8c666248a2a134f1d5b84c994df9904b7c Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 4 Oct 2012 22:34:20 +0200 Subject: moved most includes to site_config --- puppet/modules/site_config/manifests/init.pp | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 puppet/modules/site_config/manifests/init.pp (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/init.pp b/puppet/modules/site_config/manifests/init.pp new file mode 100644 index 00000000..64eb06f4 --- /dev/null +++ b/puppet/modules/site_config/manifests/init.pp @@ -0,0 +1,7 @@ +class site_config { + include apt, lsb, git + + # configure ssh and inculde ssh-keys + include site_config::sshd + +} -- cgit v1.2.3 From fc72260f601fb77b90d9f2f2afd2a43c4d5916f6 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 4 Oct 2012 22:35:16 +0200 Subject: + site_openvpn::keys --- puppet/modules/site_config/manifests/eip.pp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index c8677696..6e866b1c 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -1,8 +1,9 @@ class site_config::eip { include site_openvpn + include site_openvpn::keys - $tor=hiera('tor') - notice("Tor enabled: $tor") + #$tor=hiera('tor') + #notice("Tor enabled: $tor") #$openvpn_configs=hiera('openvpn_server_configs') #create_resources('site_openvpn::server_config', $openvpn_configs) -- cgit v1.2.3 From 9fb0bcc2901bf5cf79d3ac0a46c610d302e0df7b Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 4 Oct 2012 22:38:15 +0200 Subject: + site_config::sshd --- puppet/modules/site_config/manifests/sshd.pp | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 puppet/modules/site_config/manifests/sshd.pp (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/sshd.pp b/puppet/modules/site_config/manifests/sshd.pp new file mode 100644 index 00000000..8e33ca7f --- /dev/null +++ b/puppet/modules/site_config/manifests/sshd.pp @@ -0,0 +1,8 @@ +class site_config::sshd { + # configure ssh and inculde ssh-keys + include sshd + $ssh_keys=hiera_hash('ssh_keys') + include site_sshd + notice($ssh_keys) + create_resources('site_sshd::ssh_key', $ssh_keys) +} -- cgit v1.2.3 From 1ec1b9b56bc821b81f3797ea158846b41cc03853 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 4 Oct 2012 23:38:57 +0200 Subject: finished site_openvpn::server_config --- puppet/modules/site_config/manifests/eip.pp | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index 6e866b1c..e6f80d25 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -7,13 +7,19 @@ class site_config::eip { #$openvpn_configs=hiera('openvpn_server_configs') #create_resources('site_openvpn::server_config', $openvpn_configs) - + site_openvpn::server_config { 'tcp_config': - port => '1194', - proto => 'tcp' + port => '1194', + proto => 'tcp', + local => $::ipaddress_eth0_1, + server => '10.42.0.0 255.255.248.0', + push => '"dhcp-option DNS 10.42.0.1"', } site_openvpn::server_config { 'udp_config': - port => '1194', - proto => 'udp' + port => '1194', + proto => 'udp', + local => $::ipaddress_eth0_1, + server => '10.43.0.0 255.255.248.0', + push => '"dhcp-option DNS 10.43.0.1"', } } -- cgit v1.2.3 From b49ab6a1a06bcc31984e09a5371510643eef3c87 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 4 Oct 2012 23:55:03 +0200 Subject: use different parameter for each config --- puppet/modules/site_config/manifests/eip.pp | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index e6f80d25..9f1c205c 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -9,17 +9,19 @@ class site_config::eip { #create_resources('site_openvpn::server_config', $openvpn_configs) site_openvpn::server_config { 'tcp_config': - port => '1194', - proto => 'tcp', - local => $::ipaddress_eth0_1, - server => '10.42.0.0 255.255.248.0', - push => '"dhcp-option DNS 10.42.0.1"', + port => '1194', + proto => 'tcp', + local => $::ipaddress_eth0_1, + server => '10.1.0.0 255.255.248.0', + push => '"dhcp-option DNS 10.1.0.1"', + management => 'management 127.0.0.1 1000' } site_openvpn::server_config { 'udp_config': - port => '1194', - proto => 'udp', - local => $::ipaddress_eth0_1, - server => '10.43.0.0 255.255.248.0', - push => '"dhcp-option DNS 10.43.0.1"', + port => '1194', + proto => 'udp', + local => $::ipaddress_eth0_1, + server => '10.2.0.0 255.255.248.0', + push => '"dhcp-option DNS 10.2.0.1"', + management => 'management 127.0.0.1 1001' } } -- cgit v1.2.3 From 76f15950d637a79604f6472ba19f662069e59dc8 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 4 Oct 2012 23:56:36 +0200 Subject: typo in eip.pp --- puppet/modules/site_config/manifests/eip.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index 9f1c205c..2c696d21 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -14,7 +14,7 @@ class site_config::eip { local => $::ipaddress_eth0_1, server => '10.1.0.0 255.255.248.0', push => '"dhcp-option DNS 10.1.0.1"', - management => 'management 127.0.0.1 1000' + management => '127.0.0.1 1000' } site_openvpn::server_config { 'udp_config': port => '1194', @@ -22,6 +22,6 @@ class site_config::eip { local => $::ipaddress_eth0_1, server => '10.2.0.0 255.255.248.0', push => '"dhcp-option DNS 10.2.0.1"', - management => 'management 127.0.0.1 1001' + management => '127.0.0.1 1001' } } -- cgit v1.2.3 From e373def213a4e55c37c7940195ea9cd33e604f2d Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 8 Oct 2012 21:54:34 +0200 Subject: + site_shorewall::eip --- puppet/modules/site_config/manifests/eip.pp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index 2c696d21..95f9dbf4 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -24,4 +24,6 @@ class site_config::eip { push => '"dhcp-option DNS 10.2.0.1"', management => '127.0.0.1 1001' } + + include site_shorewall::eip } -- cgit v1.2.3 From df1cb1b7445adcabbe355290d1e720040b916f6b Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 12 Oct 2012 14:01:11 +0200 Subject: + site_config::resolvconf --- puppet/modules/site_config/manifests/init.pp | 4 ++++ puppet/modules/site_config/manifests/resolvconf.pp | 13 +++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 puppet/modules/site_config/manifests/resolvconf.pp (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/init.pp b/puppet/modules/site_config/manifests/init.pp index 64eb06f4..8aa1b54d 100644 --- a/puppet/modules/site_config/manifests/init.pp +++ b/puppet/modules/site_config/manifests/init.pp @@ -1,7 +1,11 @@ class site_config { + # default class, use by all hosts + include apt, lsb, git # configure ssh and inculde ssh-keys include site_config::sshd + # configure /etc/resolv.conf + include site_config::resolvconf } diff --git a/puppet/modules/site_config/manifests/resolvconf.pp b/puppet/modules/site_config/manifests/resolvconf.pp new file mode 100644 index 00000000..ec3ce9e9 --- /dev/null +++ b/puppet/modules/site_config/manifests/resolvconf.pp @@ -0,0 +1,13 @@ +class site_config::resolvconf { + package { 'bind9': + ensure => installed, + } + + $domain_hash = hiera('domain') + $domain = $domain_hash['public'] + + $resolvconf_search = $domain + $resolvconf_domain = $domain + $resolvconf_nameservers = '127.0.0.1 # caching-only local bind:87.118.100.175 # http://server.privacyfoundation.de' + include resolvconf +} -- cgit v1.2.3 From 082efdddf4b5a4c741a655e6833b8d86bb717303 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 12 Oct 2012 14:44:05 +0200 Subject: ssh_keys -> ssh_pubkeys for clarity --- puppet/modules/site_config/manifests/sshd.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/sshd.pp b/puppet/modules/site_config/manifests/sshd.pp index 8e33ca7f..4834bb6f 100644 --- a/puppet/modules/site_config/manifests/sshd.pp +++ b/puppet/modules/site_config/manifests/sshd.pp @@ -1,8 +1,8 @@ class site_config::sshd { # configure ssh and inculde ssh-keys include sshd - $ssh_keys=hiera_hash('ssh_keys') + $ssh_pubkeys=hiera_hash('ssh_pubkeys') include site_sshd - notice($ssh_keys) - create_resources('site_sshd::ssh_key', $ssh_keys) + notice($ssh_pubkeys) + create_resources('site_sshd::ssh_key', $ssh_pubkeys) } -- cgit v1.2.3 From 18482bf1a47474771f72bb92e766bff2781ad3fd Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 12 Oct 2012 15:01:34 +0200 Subject: new resolvconf module uses parameterized class --- puppet/modules/site_config/manifests/resolvconf.pp | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/resolvconf.pp b/puppet/modules/site_config/manifests/resolvconf.pp index ec3ce9e9..6536969a 100644 --- a/puppet/modules/site_config/manifests/resolvconf.pp +++ b/puppet/modules/site_config/manifests/resolvconf.pp @@ -4,10 +4,13 @@ class site_config::resolvconf { } $domain_hash = hiera('domain') - $domain = $domain_hash['public'] + $domain_public = $domain_hash['public'] - $resolvconf_search = $domain - $resolvconf_domain = $domain - $resolvconf_nameservers = '127.0.0.1 # caching-only local bind:87.118.100.175 # http://server.privacyfoundation.de' - include resolvconf + # 127.0.0.1: caching-only local bind + # 87.118.100.175: http://server.privacyfoundation.de + class { 'resolvconf': + $domain = $domain_public, + $search = $domain_public, + $nameservers = [ '127.0.0.1', '87.118.100.175' ] + } } -- cgit v1.2.3 From dfe67e888d5ab6b74c0dd9cc7e3d738c07b0ae5d Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 12 Oct 2012 15:06:59 +0200 Subject: fixes resolvconf call --- puppet/modules/site_config/manifests/resolvconf.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/resolvconf.pp b/puppet/modules/site_config/manifests/resolvconf.pp index 6536969a..dca48b21 100644 --- a/puppet/modules/site_config/manifests/resolvconf.pp +++ b/puppet/modules/site_config/manifests/resolvconf.pp @@ -8,9 +8,9 @@ class site_config::resolvconf { # 127.0.0.1: caching-only local bind # 87.118.100.175: http://server.privacyfoundation.de - class { 'resolvconf': - $domain = $domain_public, - $search = $domain_public, - $nameservers = [ '127.0.0.1', '87.118.100.175' ] + class { '::resolvconf': + domain => $domain_public, + search => $domain_public, + nameservers => [ '127.0.0.1', '87.118.100.175' ] } } -- cgit v1.2.3 From b297dd3c47a9d23eaba6070555ecec47f3acbcc6 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 12 Oct 2012 15:09:40 +0200 Subject: add third dns server (swiss privacy found.) --- puppet/modules/site_config/manifests/resolvconf.pp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/resolvconf.pp b/puppet/modules/site_config/manifests/resolvconf.pp index dca48b21..bd0539b9 100644 --- a/puppet/modules/site_config/manifests/resolvconf.pp +++ b/puppet/modules/site_config/manifests/resolvconf.pp @@ -6,11 +6,12 @@ class site_config::resolvconf { $domain_hash = hiera('domain') $domain_public = $domain_hash['public'] - # 127.0.0.1: caching-only local bind + # 127.0.0.1: caching-only local bind # 87.118.100.175: http://server.privacyfoundation.de + # 62.141.58.13: http://www.privacyfoundation.ch/de/service/server.html class { '::resolvconf': domain => $domain_public, search => $domain_public, - nameservers => [ '127.0.0.1', '87.118.100.175' ] + nameservers => [ '127.0.0.1', '87.118.100.175', '62.141.58.13' ] } } -- cgit v1.2.3 From 76bbc01eae893206a8ed0d8d248ee565e3acdc61 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 25 Oct 2012 15:35:24 +0200 Subject: use hiera gateway_address and interface variables --- puppet/modules/site_config/manifests/eip.pp | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index 95f9dbf4..df17771a 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -5,13 +5,14 @@ class site_config::eip { #$tor=hiera('tor') #notice("Tor enabled: $tor") - #$openvpn_configs=hiera('openvpn_server_configs') - #create_resources('site_openvpn::server_config', $openvpn_configs) - + $openvpn_config = hiera('openvpn') + $interface = hiera('interface') + $gateway_address = $openvpn_config['gateway_address'] + site_openvpn::server_config { 'tcp_config': port => '1194', proto => 'tcp', - local => $::ipaddress_eth0_1, + local => $gateway_address, server => '10.1.0.0 255.255.248.0', push => '"dhcp-option DNS 10.1.0.1"', management => '127.0.0.1 1000' @@ -19,7 +20,7 @@ class site_config::eip { site_openvpn::server_config { 'udp_config': port => '1194', proto => 'udp', - local => $::ipaddress_eth0_1, + local => $gateway_address, server => '10.2.0.0 255.255.248.0', push => '"dhcp-option DNS 10.2.0.1"', management => '127.0.0.1 1001' -- cgit v1.2.3 From 8128fd27d9d3637654ebf924c860a701a4a08911 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 26 Oct 2012 13:14:37 +0200 Subject: beginning config of main interface --- puppet/modules/site_config/manifests/eip.pp | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index df17771a..0077137b 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -5,9 +5,25 @@ class site_config::eip { #$tor=hiera('tor') #notice("Tor enabled: $tor") - $openvpn_config = hiera('openvpn') - $interface = hiera('interface') - $gateway_address = $openvpn_config['gateway_address'] + $ip_address = hiera('ip_address') + $interface = hiera('interface') + $gateway_address = hiera('gateway_address') + $openvpn_config = hiera('openvpn') + $openvpn_gateway_address = $openvpn_config['gateway_address'] + + include interfaces + interfaces::iface { $interface: + family => 'inet', + method => 'static', + options => [ "address $ip_address", + 'netmask 255.255.255.0', + "gateway $gateway", + "up ip addr add $openvpn_gateway_address/24 dev eth0 label", + "down ip addr del $openvpn_gateway_address/24 dev eth0 label", + ], + auto => 1, + allow_hotplug => 1 } + site_openvpn::server_config { 'tcp_config': port => '1194', -- cgit v1.2.3 From 92368db363406ebf47419814e1ac1bfc9f17c44a Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 26 Oct 2012 15:08:15 +0200 Subject: linted, variable updated --- puppet/modules/site_config/manifests/eip.pp | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index 0077137b..57b6d831 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -12,16 +12,16 @@ class site_config::eip { $openvpn_gateway_address = $openvpn_config['gateway_address'] include interfaces - interfaces::iface { $interface: - family => 'inet', - method => 'static', - options => [ "address $ip_address", + interfaces::iface { $interface: + family => 'inet', + method => 'static', + options => [ "address $ip_address", 'netmask 255.255.255.0', - "gateway $gateway", + "gateway $gateway_address", "up ip addr add $openvpn_gateway_address/24 dev eth0 label", "down ip addr del $openvpn_gateway_address/24 dev eth0 label", - ], - auto => 1, + ], + auto => 1, allow_hotplug => 1 } -- cgit v1.2.3 From 8253e3ebeb88ba33131365a1b584878a12bbd225 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 26 Oct 2012 15:14:23 +0200 Subject: removed label for ip addr --- puppet/modules/site_config/manifests/eip.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index 57b6d831..1beea9ce 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -18,8 +18,8 @@ class site_config::eip { options => [ "address $ip_address", 'netmask 255.255.255.0', "gateway $gateway_address", - "up ip addr add $openvpn_gateway_address/24 dev eth0 label", - "down ip addr del $openvpn_gateway_address/24 dev eth0 label", + "up ip addr add $openvpn_gateway_address/24 dev eth0", + "down ip addr del $openvpn_gateway_address/24 dev eth0", ], auto => 1, allow_hotplug => 1 } -- cgit v1.2.3 From c40a1bce442aab4ba8baf062ffcb65e006ad13e0 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 29 Oct 2012 14:53:06 +0100 Subject: use script to add second ip --- puppet/modules/site_config/manifests/eip.pp | 47 +++++++++++++++++++---------- 1 file changed, 31 insertions(+), 16 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index 1beea9ce..c81ad33a 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -18,29 +18,44 @@ class site_config::eip { options => [ "address $ip_address", 'netmask 255.255.255.0', "gateway $gateway_address", - "up ip addr add $openvpn_gateway_address/24 dev eth0", - "down ip addr del $openvpn_gateway_address/24 dev eth0", + "up ip addr add $openvpn_gateway_address/24 dev $interface", + "down ip addr del $openvpn_gateway_address/24 dev $interface", ], auto => 1, allow_hotplug => 1 } - site_openvpn::server_config { 'tcp_config': - port => '1194', - proto => 'tcp', - local => $gateway_address, - server => '10.1.0.0 255.255.248.0', - push => '"dhcp-option DNS 10.1.0.1"', - management => '127.0.0.1 1000' + #site_openvpn::server_config { 'tcp_config': + # port => '1194', + # proto => 'tcp', + # local => $gateway_address, + # server => '10.1.0.0 255.255.248.0', + # push => '"dhcp-option DNS 10.1.0.1"', + # management => '127.0.0.1 1000' + #} + #site_openvpn::server_config { 'udp_config': + # port => '1194', + # proto => 'udp', + # local => $gateway_address, + # server => '10.2.0.0 255.255.248.0', + # push => '"dhcp-option DNS 10.2.0.1"', + # management => '127.0.0.1 1001' + #} + + file { '/usr/local/bin/leap_add_second_ip.sh': + content => '#!/bin/sh + ip addr show dev eth0 | grep -q "$openvpn_gateway_address/24" || ip addr add "$openvpn_gateway_address/24" dev eth0', + mode => '0755', } - site_openvpn::server_config { 'udp_config': - port => '1194', - proto => 'udp', - local => $gateway_address, - server => '10.2.0.0 255.255.248.0', - push => '"dhcp-option DNS 10.2.0.1"', - management => '127.0.0.1 1001' + + exec { '/usr/local/bin/leap_add_second_ip.sh': + subscribe => File['/usr/local/bin/leap_add_second_ip.sh'], } + #exec { "ip addr add $openvpn_gateway_address/24 dev $interface": + # path => '/usr/bin:/sbin', + # unless => "ip addr show dev $interface | grep -q '$interface/24'" + #} + include site_shorewall::eip } -- cgit v1.2.3 From 189e8957c23fb09ef8c130f64e53f58c9da7d3ec Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 29 Oct 2012 14:58:55 +0100 Subject: pass variable to leap_add_second_ip.sh --- puppet/modules/site_config/manifests/eip.pp | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index c81ad33a..ed1d395b 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -11,19 +11,18 @@ class site_config::eip { $openvpn_config = hiera('openvpn') $openvpn_gateway_address = $openvpn_config['gateway_address'] - include interfaces - interfaces::iface { $interface: - family => 'inet', - method => 'static', - options => [ "address $ip_address", - 'netmask 255.255.255.0', - "gateway $gateway_address", - "up ip addr add $openvpn_gateway_address/24 dev $interface", - "down ip addr del $openvpn_gateway_address/24 dev $interface", - ], - auto => 1, - allow_hotplug => 1 } - + #include interfaces + #interfaces::iface { $interface: + # family => 'inet', + # method => 'static', + # options => [ "address $ip_address", + # 'netmask 255.255.255.0', + # "gateway $gateway_address", + # "up ip addr add $openvpn_gateway_address/24 dev $interface", + # "down ip addr del $openvpn_gateway_address/24 dev $interface", + # ], + # auto => 1, + # allow_hotplug => 1 } #site_openvpn::server_config { 'tcp_config': # port => '1194', @@ -43,8 +42,8 @@ class site_config::eip { #} file { '/usr/local/bin/leap_add_second_ip.sh': - content => '#!/bin/sh - ip addr show dev eth0 | grep -q "$openvpn_gateway_address/24" || ip addr add "$openvpn_gateway_address/24" dev eth0', + content => "#!/bin/sh +ip addr show dev $interface | grep -q "$openvpn_gateway_address/24" || ip addr add "$openvpn_gateway_address/24" dev $interface", mode => '0755', } -- cgit v1.2.3 From 7c7c3f6ff9806febe903a9cfdef97c36e3743587 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 29 Oct 2012 18:34:51 +0100 Subject: double double quoting solved --- puppet/modules/site_config/manifests/eip.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index ed1d395b..59889a92 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -43,7 +43,7 @@ class site_config::eip { file { '/usr/local/bin/leap_add_second_ip.sh': content => "#!/bin/sh -ip addr show dev $interface | grep -q "$openvpn_gateway_address/24" || ip addr add "$openvpn_gateway_address/24" dev $interface", +ip addr show dev $interface | grep -q ${openvpn_gateway_address}/24 || ip addr add ${openvpn_gateway_address}/24 dev $interface", mode => '0755', } -- cgit v1.2.3 From 372797b1f0b2a65698e8f4cd52fdf5d93a274965 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 29 Oct 2012 20:04:23 +0100 Subject: reenabled site_openvpn::server_config, leap_add_second_ip.sh @reboot --- puppet/modules/site_config/manifests/eip.pp | 57 +++++++++++------------------ 1 file changed, 21 insertions(+), 36 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index 59889a92..498d7eed 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -2,44 +2,28 @@ class site_config::eip { include site_openvpn include site_openvpn::keys - #$tor=hiera('tor') - #notice("Tor enabled: $tor") - $ip_address = hiera('ip_address') $interface = hiera('interface') $gateway_address = hiera('gateway_address') $openvpn_config = hiera('openvpn') $openvpn_gateway_address = $openvpn_config['gateway_address'] - #include interfaces - #interfaces::iface { $interface: - # family => 'inet', - # method => 'static', - # options => [ "address $ip_address", - # 'netmask 255.255.255.0', - # "gateway $gateway_address", - # "up ip addr add $openvpn_gateway_address/24 dev $interface", - # "down ip addr del $openvpn_gateway_address/24 dev $interface", - # ], - # auto => 1, - # allow_hotplug => 1 } - - #site_openvpn::server_config { 'tcp_config': - # port => '1194', - # proto => 'tcp', - # local => $gateway_address, - # server => '10.1.0.0 255.255.248.0', - # push => '"dhcp-option DNS 10.1.0.1"', - # management => '127.0.0.1 1000' - #} - #site_openvpn::server_config { 'udp_config': - # port => '1194', - # proto => 'udp', - # local => $gateway_address, - # server => '10.2.0.0 255.255.248.0', - # push => '"dhcp-option DNS 10.2.0.1"', - # management => '127.0.0.1 1001' - #} + site_openvpn::server_config { 'tcp_config': + port => '1194', + proto => 'tcp', + local => $openvpn_gateway_address, + server => '10.1.0.0 255.255.248.0', + push => '"dhcp-option DNS 10.1.0.1"', + management => '127.0.0.1 1000' + } + site_openvpn::server_config { 'udp_config': + port => '1194', + proto => 'udp', + local => $openvpn_gateway_address, + server => '10.2.0.0 255.255.248.0', + push => '"dhcp-option DNS 10.2.0.1"', + management => '127.0.0.1 1001' + } file { '/usr/local/bin/leap_add_second_ip.sh': content => "#!/bin/sh @@ -51,10 +35,11 @@ ip addr show dev $interface | grep -q ${openvpn_gateway_address}/24 || ip addr a subscribe => File['/usr/local/bin/leap_add_second_ip.sh'], } - #exec { "ip addr add $openvpn_gateway_address/24 dev $interface": - # path => '/usr/bin:/sbin', - # unless => "ip addr show dev $interface | grep -q '$interface/24'" - #} + cron { 'leap_add_second_ip.sh': + command => "/usr/local/bin/leap_add_second_ip.sh", + user => 'root', + special => 'reboot', + } include site_shorewall::eip } -- cgit v1.2.3 From 7361c79e1e864c16450455a3ae374393a04f9eb7 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 29 Oct 2012 20:27:52 +0100 Subject: no need for gateway_address --- puppet/modules/site_config/manifests/eip.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index 498d7eed..15bf8be2 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -4,7 +4,7 @@ class site_config::eip { $ip_address = hiera('ip_address') $interface = hiera('interface') - $gateway_address = hiera('gateway_address') + #$gateway_address = hiera('gateway_address') $openvpn_config = hiera('openvpn') $openvpn_gateway_address = $openvpn_config['gateway_address'] -- cgit v1.2.3 From c26c2c18d0abb7dec76a748bf0c2c2f9000298da Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 29 Oct 2012 22:17:26 +0100 Subject: openvpn_tcp/udp_network_prefix and openvpn_tcp/udp_netmask variables --- puppet/modules/site_config/manifests/eip.pp | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index 15bf8be2..ecac446b 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -2,26 +2,30 @@ class site_config::eip { include site_openvpn include site_openvpn::keys - $ip_address = hiera('ip_address') - $interface = hiera('interface') - #$gateway_address = hiera('gateway_address') - $openvpn_config = hiera('openvpn') - $openvpn_gateway_address = $openvpn_config['gateway_address'] + $ip_address = hiera('ip_address') + $interface = hiera('interface') + #$gateway_address = hiera('gateway_address') + $openvpn_config = hiera('openvpn') + $openvpn_gateway_address = $openvpn_config['gateway_address'] + $openvpn_tcp_network_prefix = '10.1.0' + $openvpn_tcp_netmask = '255.255.248.0' + $openvpn_udp_network_prefix = '10.2.0' + $openvpn_udp_netmask = '255.255.248.0' site_openvpn::server_config { 'tcp_config': port => '1194', proto => 'tcp', local => $openvpn_gateway_address, - server => '10.1.0.0 255.255.248.0', - push => '"dhcp-option DNS 10.1.0.1"', + server => "$openvpn_tcp_network_prefix.0 $openvpn_tcp_netmask", + push => "\"dhcp-option DNS $openvpn_tcp_network_prefix.1\"", management => '127.0.0.1 1000' } site_openvpn::server_config { 'udp_config': port => '1194', proto => 'udp', + server => "$openvpn_udp_network_prefix.0 $openvpn_udp_netmask", + push => "\"dhcp-option DNS $openvpn_udp_network_prefix.1\"", local => $openvpn_gateway_address, - server => '10.2.0.0 255.255.248.0', - push => '"dhcp-option DNS 10.2.0.1"', management => '127.0.0.1 1001' } -- cgit v1.2.3 From 1e3e9658a2309569e73d6bef72d441a6851d2653 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 29 Oct 2012 22:22:37 +0100 Subject: also provide openvpn_tcp/udp_cidr variable --- puppet/modules/site_config/manifests/eip.pp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index ecac446b..d7a59157 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -9,8 +9,10 @@ class site_config::eip { $openvpn_gateway_address = $openvpn_config['gateway_address'] $openvpn_tcp_network_prefix = '10.1.0' $openvpn_tcp_netmask = '255.255.248.0' + $openvpn_tcp_cidr = '21' $openvpn_udp_network_prefix = '10.2.0' $openvpn_udp_netmask = '255.255.248.0' + $openvpn_udp_cidr = '21' site_openvpn::server_config { 'tcp_config': port => '1194', -- cgit v1.2.3 From 2f747b961a1fd5f7197e63dde58b64ab465ac39d Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 30 Oct 2012 12:16:49 +0100 Subject: commenting --- puppet/modules/site_config/manifests/eip.pp | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index d7a59157..4280fb67 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -1,7 +1,6 @@ class site_config::eip { - include site_openvpn - include site_openvpn::keys + # parse hiera config $ip_address = hiera('ip_address') $interface = hiera('interface') #$gateway_address = hiera('gateway_address') @@ -14,6 +13,12 @@ class site_config::eip { $openvpn_udp_netmask = '255.255.248.0' $openvpn_udp_cidr = '21' + include site_openvpn + + # deploy ca + server keys + include site_openvpn::keys + + # create 2 openvpn config files, one for tcp, one for udp site_openvpn::server_config { 'tcp_config': port => '1194', proto => 'tcp', @@ -31,6 +36,7 @@ class site_config::eip { management => '127.0.0.1 1001' } + # add second IP on given interface file { '/usr/local/bin/leap_add_second_ip.sh': content => "#!/bin/sh ip addr show dev $interface | grep -q ${openvpn_gateway_address}/24 || ip addr add ${openvpn_gateway_address}/24 dev $interface", -- cgit v1.2.3 From b4a32c98e5bd2184f6fc5fef1300e35ab36dbb99 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 30 Oct 2012 15:14:06 +0100 Subject: no need for configuring authorized_keys as leap_cli cares for that --- puppet/modules/site_config/manifests/sshd.pp | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/sshd.pp b/puppet/modules/site_config/manifests/sshd.pp index 4834bb6f..944dbce2 100644 --- a/puppet/modules/site_config/manifests/sshd.pp +++ b/puppet/modules/site_config/manifests/sshd.pp @@ -1,8 +1,9 @@ class site_config::sshd { - # configure ssh and inculde ssh-keys + # configure sshd include sshd - $ssh_pubkeys=hiera_hash('ssh_pubkeys') include site_sshd - notice($ssh_pubkeys) - create_resources('site_sshd::ssh_key', $ssh_pubkeys) + # no need for configuring authorized_keys as leap_cli cares for that + #$ssh_pubkeys=hiera_hash('ssh_pubkeys') + #notice($ssh_pubkeys) + #create_resources('site_sshd::ssh_key', $ssh_pubkeys) } -- cgit v1.2.3 From c2d57624c15dfaff038f9991f04ade46b5ad1d40 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 21 Nov 2012 17:45:44 +0100 Subject: move site_config::eip to site_openvpn (Feature #943) --- puppet/modules/site_config/manifests/eip.pp | 57 ----------------------------- 1 file changed, 57 deletions(-) delete mode 100644 puppet/modules/site_config/manifests/eip.pp (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp deleted file mode 100644 index 4280fb67..00000000 --- a/puppet/modules/site_config/manifests/eip.pp +++ /dev/null @@ -1,57 +0,0 @@ -class site_config::eip { - - # parse hiera config - $ip_address = hiera('ip_address') - $interface = hiera('interface') - #$gateway_address = hiera('gateway_address') - $openvpn_config = hiera('openvpn') - $openvpn_gateway_address = $openvpn_config['gateway_address'] - $openvpn_tcp_network_prefix = '10.1.0' - $openvpn_tcp_netmask = '255.255.248.0' - $openvpn_tcp_cidr = '21' - $openvpn_udp_network_prefix = '10.2.0' - $openvpn_udp_netmask = '255.255.248.0' - $openvpn_udp_cidr = '21' - - include site_openvpn - - # deploy ca + server keys - include site_openvpn::keys - - # create 2 openvpn config files, one for tcp, one for udp - site_openvpn::server_config { 'tcp_config': - port => '1194', - proto => 'tcp', - local => $openvpn_gateway_address, - server => "$openvpn_tcp_network_prefix.0 $openvpn_tcp_netmask", - push => "\"dhcp-option DNS $openvpn_tcp_network_prefix.1\"", - management => '127.0.0.1 1000' - } - site_openvpn::server_config { 'udp_config': - port => '1194', - proto => 'udp', - server => "$openvpn_udp_network_prefix.0 $openvpn_udp_netmask", - push => "\"dhcp-option DNS $openvpn_udp_network_prefix.1\"", - local => $openvpn_gateway_address, - management => '127.0.0.1 1001' - } - - # add second IP on given interface - file { '/usr/local/bin/leap_add_second_ip.sh': - content => "#!/bin/sh -ip addr show dev $interface | grep -q ${openvpn_gateway_address}/24 || ip addr add ${openvpn_gateway_address}/24 dev $interface", - mode => '0755', - } - - exec { '/usr/local/bin/leap_add_second_ip.sh': - subscribe => File['/usr/local/bin/leap_add_second_ip.sh'], - } - - cron { 'leap_add_second_ip.sh': - command => "/usr/local/bin/leap_add_second_ip.sh", - user => 'root', - special => 'reboot', - } - - include site_shorewall::eip -} -- cgit v1.2.3 From 2ac79162239266b6dd0038b54903852675e7c54f Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 29 Nov 2012 15:57:18 -0500 Subject: disable apt pdiffs, they are slow on fast links --- puppet/modules/site_config/manifests/apt.pp | 6 ++++++ puppet/modules/site_config/manifests/init.pp | 9 ++++++--- 2 files changed, 12 insertions(+), 3 deletions(-) create mode 100644 puppet/modules/site_config/manifests/apt.pp (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/apt.pp b/puppet/modules/site_config/manifests/apt.pp new file mode 100644 index 00000000..c7490337 --- /dev/null +++ b/puppet/modules/site_config/manifests/apt.pp @@ -0,0 +1,6 @@ +class site_config::apt { + + apt::apt_conf { '90disable-pdiffs': + content => 'Acquire::PDiffs "false";'; + } +} diff --git a/puppet/modules/site_config/manifests/init.pp b/puppet/modules/site_config/manifests/init.pp index 8aa1b54d..7f67ad4e 100644 --- a/puppet/modules/site_config/manifests/init.pp +++ b/puppet/modules/site_config/manifests/init.pp @@ -1,9 +1,12 @@ class site_config { - # default class, use by all hosts + # default class, used by all hosts - include apt, lsb, git + include lsb, git - # configure ssh and inculde ssh-keys + # configure apt + include site_config::apt + + # configure ssh and include ssh-keys include site_config::sshd # configure /etc/resolv.conf -- cgit v1.2.3 From 138dcd8cea024d79923e9ae89df975396ed6cac7 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 29 Nov 2012 17:13:36 -0500 Subject: include apt in the site_config/apt class --- puppet/modules/site_config/manifests/apt.pp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/apt.pp b/puppet/modules/site_config/manifests/apt.pp index c7490337..4f611ac8 100644 --- a/puppet/modules/site_config/manifests/apt.pp +++ b/puppet/modules/site_config/manifests/apt.pp @@ -1,5 +1,7 @@ class site_config::apt { + include ::apt + apt::apt_conf { '90disable-pdiffs': content => 'Acquire::PDiffs "false";'; } -- cgit v1.2.3 From 090dca27921efe22fdc39c8598356bfb74e5fe99 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 11 Dec 2012 13:10:30 -0500 Subject: setup /etc/hosts based on a template and the hiera value 'hosts' This will replace the existing /etc/hosts, so we will want to make this more smart later --- puppet/modules/site_config/manifests/hosts.pp | 7 +++++++ puppet/modules/site_config/manifests/init.pp | 3 +++ 2 files changed, 10 insertions(+) create mode 100644 puppet/modules/site_config/manifests/hosts.pp (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/hosts.pp b/puppet/modules/site_config/manifests/hosts.pp new file mode 100644 index 00000000..08890a5d --- /dev/null +++ b/puppet/modules/site_config/manifests/hosts.pp @@ -0,0 +1,7 @@ +class site_config::hosts { + + file { '/etc/hosts': + content => template('site_config/hosts'), + mode => '0644', owner => root, group => root; + } +} diff --git a/puppet/modules/site_config/manifests/init.pp b/puppet/modules/site_config/manifests/init.pp index 7f67ad4e..268ff2fc 100644 --- a/puppet/modules/site_config/manifests/init.pp +++ b/puppet/modules/site_config/manifests/init.pp @@ -11,4 +11,7 @@ class site_config { # configure /etc/resolv.conf include site_config::resolvconf + + # configure /etc/hosts + include site_config::hosts } -- cgit v1.2.3 From cbb834da5de7e2abe7399e34766492bfab48fa9c Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 11 Dec 2012 15:37:15 -0500 Subject: test to see if the hosts value is empty before trying to reference it in a template also set the hostname to what the hiera 'name' is set to --- puppet/modules/site_config/manifests/hosts.pp | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/hosts.pp b/puppet/modules/site_config/manifests/hosts.pp index 08890a5d..5269bf35 100644 --- a/puppet/modules/site_config/manifests/hosts.pp +++ b/puppet/modules/site_config/manifests/hosts.pp @@ -1,5 +1,15 @@ class site_config::hosts { + $hosts = hiera('hosts','') + $hostname = hiera('name') + + exec { "/bin/hostname $hostname ": } + + file { "/etc/hostname": + ensure => present, + content => $hostname + } + file { '/etc/hosts': content => template('site_config/hosts'), mode => '0644', owner => root, group => root; -- cgit v1.2.3 From 73de38e401dd5e1253d07d3419b74be2605016b1 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 11 Dec 2012 15:54:55 -0500 Subject: remove extra space in hostname exec --- puppet/modules/site_config/manifests/hosts.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/hosts.pp b/puppet/modules/site_config/manifests/hosts.pp index 5269bf35..dd8d7e47 100644 --- a/puppet/modules/site_config/manifests/hosts.pp +++ b/puppet/modules/site_config/manifests/hosts.pp @@ -3,7 +3,7 @@ class site_config::hosts { $hosts = hiera('hosts','') $hostname = hiera('name') - exec { "/bin/hostname $hostname ": } + exec { "/bin/hostname $hostname": } file { "/etc/hostname": ensure => present, -- cgit v1.2.3 From a3f11bff64069e61df895d8bb9d5d80fdde0e7eb Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 11 Dec 2012 16:25:11 -0500 Subject: set up an 'initial' run stage to happen before the 'main' run stage and put the site_config::hosts to be in the initial run stage to make sure the hostname is set before anything else. --- puppet/modules/site_config/manifests/hosts.pp | 2 +- puppet/modules/site_config/manifests/init.pp | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/hosts.pp b/puppet/modules/site_config/manifests/hosts.pp index dd8d7e47..1312f870 100644 --- a/puppet/modules/site_config/manifests/hosts.pp +++ b/puppet/modules/site_config/manifests/hosts.pp @@ -1,4 +1,4 @@ -class site_config::hosts { +class site_config::hosts() { $hosts = hiera('hosts','') $hostname = hiera('name') diff --git a/puppet/modules/site_config/manifests/init.pp b/puppet/modules/site_config/manifests/init.pp index 268ff2fc..bab186d0 100644 --- a/puppet/modules/site_config/manifests/init.pp +++ b/puppet/modules/site_config/manifests/init.pp @@ -13,5 +13,11 @@ class site_config { include site_config::resolvconf # configure /etc/hosts - include site_config::hosts + stage { 'initial': + before => Stage['main'], + } + + class { 'site_config::hosts': + stage => initial, + } } -- cgit v1.2.3 From 8d4e198fc0aa750128230659f6eb68d5a74f0f2a Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 11 Dec 2012 16:32:56 -0500 Subject: change hostname exec to only apply when either the /etc/hostname or /etc/hosts files are changed (otherwise it runs on every run) --- puppet/modules/site_config/manifests/hosts.pp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/hosts.pp b/puppet/modules/site_config/manifests/hosts.pp index 1312f870..e3408b27 100644 --- a/puppet/modules/site_config/manifests/hosts.pp +++ b/puppet/modules/site_config/manifests/hosts.pp @@ -3,13 +3,15 @@ class site_config::hosts() { $hosts = hiera('hosts','') $hostname = hiera('name') - exec { "/bin/hostname $hostname": } - file { "/etc/hostname": ensure => present, content => $hostname } + exec { "/bin/hostname $hostname": + subscribe => [ File['/etc/hostname'], File['/etc/hosts'] ] + } + file { '/etc/hosts': content => template('site_config/hosts'), mode => '0644', owner => root, group => root; -- cgit v1.2.3 From be2c1c97db09d8db7ebfdc4b6d8e0341f15bce8e Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 11 Dec 2012 16:41:01 -0500 Subject: neglected to add the 'refreshonly' parameter to the exec in previous commit --- puppet/modules/site_config/manifests/hosts.pp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/hosts.pp b/puppet/modules/site_config/manifests/hosts.pp index e3408b27..06cd5c01 100644 --- a/puppet/modules/site_config/manifests/hosts.pp +++ b/puppet/modules/site_config/manifests/hosts.pp @@ -9,9 +9,10 @@ class site_config::hosts() { } exec { "/bin/hostname $hostname": - subscribe => [ File['/etc/hostname'], File['/etc/hosts'] ] + subscribe => [ File['/etc/hostname'], File['/etc/hosts'] ], + refreshonly => true; } - + file { '/etc/hosts': content => template('site_config/hosts'), mode => '0644', owner => root, group => root; -- cgit v1.2.3 From 4639b19a10d0fc2e1562a2135fe1b33b70571155 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 14 Dec 2012 16:20:29 +0100 Subject: moved site_config::apt to site_apt --- puppet/modules/site_config/manifests/apt.pp | 8 -------- puppet/modules/site_config/manifests/init.pp | 2 +- 2 files changed, 1 insertion(+), 9 deletions(-) delete mode 100644 puppet/modules/site_config/manifests/apt.pp (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/apt.pp b/puppet/modules/site_config/manifests/apt.pp deleted file mode 100644 index 4f611ac8..00000000 --- a/puppet/modules/site_config/manifests/apt.pp +++ /dev/null @@ -1,8 +0,0 @@ -class site_config::apt { - - include ::apt - - apt::apt_conf { '90disable-pdiffs': - content => 'Acquire::PDiffs "false";'; - } -} diff --git a/puppet/modules/site_config/manifests/init.pp b/puppet/modules/site_config/manifests/init.pp index bab186d0..ef4ffbd3 100644 --- a/puppet/modules/site_config/manifests/init.pp +++ b/puppet/modules/site_config/manifests/init.pp @@ -4,7 +4,7 @@ class site_config { include lsb, git # configure apt - include site_config::apt + include site_apt # configure ssh and include ssh-keys include site_config::sshd -- cgit v1.2.3 From 98063e47889ad7a1b2fbb63513b428c2d53bd1f3 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 16 Dec 2012 14:45:28 +0100 Subject: bind: use local, ipv4 only name-caching resolver (fixes #1171) --- puppet/modules/site_config/manifests/resolvconf.pp | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/resolvconf.pp b/puppet/modules/site_config/manifests/resolvconf.pp index bd0539b9..b70dfa1c 100644 --- a/puppet/modules/site_config/manifests/resolvconf.pp +++ b/puppet/modules/site_config/manifests/resolvconf.pp @@ -1,8 +1,29 @@ class site_config::resolvconf { + + # bind9 package { 'bind9': ensure => installed, } + service { 'bind9': + ensure => running, + require => Package['bind9'], + } + + file { '/etc/default/bind9': + source => 'puppet:///modules/site_config/bind9', + require => Package['bind9'], + notify => Service['bind9'], + } + + file { '/etc/bind/named.options': + source => 'puppet:///modules/site_config/named.options', + require => Package['bind9'], + notify => Service['bind9'], + } + + + $domain_hash = hiera('domain') $domain_public = $domain_hash['public'] -- cgit v1.2.3 From 28745a2d4a0cdcf088af5240c67c77f0cde16bb4 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 16 Dec 2012 15:07:38 +0100 Subject: named.options -> named.conf.options --- puppet/modules/site_config/manifests/resolvconf.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/resolvconf.pp b/puppet/modules/site_config/manifests/resolvconf.pp index b70dfa1c..78f83a62 100644 --- a/puppet/modules/site_config/manifests/resolvconf.pp +++ b/puppet/modules/site_config/manifests/resolvconf.pp @@ -16,8 +16,8 @@ class site_config::resolvconf { notify => Service['bind9'], } - file { '/etc/bind/named.options': - source => 'puppet:///modules/site_config/named.options', + file { '/etc/bind/named.conf.options': + source => 'puppet:///modules/site_config/named.conf.options', require => Package['bind9'], notify => Service['bind9'], } -- cgit v1.2.3 From e97a022b52291a2593ee0efbab4c1b8f9d60be01 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 19 Dec 2012 10:56:06 +0100 Subject: move apt-get upgrade to inital stage --- puppet/modules/site_config/manifests/init.pp | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/init.pp b/puppet/modules/site_config/manifests/init.pp index ef4ffbd3..69ff2523 100644 --- a/puppet/modules/site_config/manifests/init.pp +++ b/puppet/modules/site_config/manifests/init.pp @@ -6,6 +6,7 @@ class site_config { # configure apt include site_apt + # configure ssh and include ssh-keys include site_config::sshd @@ -20,4 +21,8 @@ class site_config { class { 'site_config::hosts': stage => initial, } + + class { 'site_apt::dist_upgrade': + stage => initial, + } } -- cgit v1.2.3 From 4e0021dede8aae43760b3e9a4b2317c3ed4c1e0d Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 16 Jan 2013 13:08:24 -0500 Subject: Swtich from bind9 as the local caching resolver to unbound. This will enable us to do tor lookups over DNS on servers, if tor services are defined. To do this, we remove the bind9 configurations from site_config::resolvconf.pp and replace it with site_config::caching_resolver with a basic unbound configuration that can be used everywhere. The unbound configuration enables a /etc/unbound/conf.d directory for additional config snippits that can be dropped in from other places. This will be used for setting up different interfaces in the vpn gateway, for example. There will be a set of transition package/file absent blocks to clean up providers. --- .../site_config/manifests/caching_resolver.pp | 35 ++++++++++++++++++++++ puppet/modules/site_config/manifests/init.pp | 3 ++ puppet/modules/site_config/manifests/resolvconf.pp | 14 +++------ 3 files changed, 42 insertions(+), 10 deletions(-) create mode 100644 puppet/modules/site_config/manifests/caching_resolver.pp (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/caching_resolver.pp b/puppet/modules/site_config/manifests/caching_resolver.pp new file mode 100644 index 00000000..e4374d8f --- /dev/null +++ b/puppet/modules/site_config/manifests/caching_resolver.pp @@ -0,0 +1,35 @@ +class site_config::caching_resolver { + + # Setup a conf.d directory to place additional unbound configuration files + # there must be at least one file in the directory, or unbound will not + # start, so create an empty placeholder to ensure this + file { + '/etc/unbound/conf.d': + ensure => directory, + owner => root, group => root, mode => '0755'; + + '/etc/unbound/conf.d/placeholder': + ensure => present, + content => '', + owner => root, group => root, mode => '0644'; + } + + class { 'unbound': + root_hints => false, + anchor => false, + ssl => false, + require => File['/etc/unbound/conf.d/placeholder'], + settings => { + server => { + verbosity => '1', + interface => [ '127.0.0.1', '::1' ], + port => '53', + hide-identity => 'yes', + hide-version => 'yes', + harden-glue => 'yes', + access-control => [ '127.0.0.0/8 allow', '::1 allow' ], + include => '/etc/unbound/conf.d/*' + } + } + } +} diff --git a/puppet/modules/site_config/manifests/init.pp b/puppet/modules/site_config/manifests/init.pp index 69ff2523..f05bca1c 100644 --- a/puppet/modules/site_config/manifests/init.pp +++ b/puppet/modules/site_config/manifests/init.pp @@ -13,6 +13,9 @@ class site_config { # configure /etc/resolv.conf include site_config::resolvconf + # configure caching, local resolver + include site_config::caching_resolver + # configure /etc/hosts stage { 'initial': before => Stage['main'], diff --git a/puppet/modules/site_config/manifests/resolvconf.pp b/puppet/modules/site_config/manifests/resolvconf.pp index 78f83a62..3579aaf2 100644 --- a/puppet/modules/site_config/manifests/resolvconf.pp +++ b/puppet/modules/site_config/manifests/resolvconf.pp @@ -2,28 +2,22 @@ class site_config::resolvconf { # bind9 package { 'bind9': - ensure => installed, + ensure => absent, } service { 'bind9': - ensure => running, + ensure => stopped, require => Package['bind9'], } file { '/etc/default/bind9': - source => 'puppet:///modules/site_config/bind9', - require => Package['bind9'], - notify => Service['bind9'], + ensure => absent; } file { '/etc/bind/named.conf.options': - source => 'puppet:///modules/site_config/named.conf.options', - require => Package['bind9'], - notify => Service['bind9'], + ensure => absent; } - - $domain_hash = hiera('domain') $domain_public = $domain_hash['public'] -- cgit v1.2.3 From ad3da4a59aebb6b7facc2e6616d8b81039b29892 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 17 Jan 2013 14:17:18 -0500 Subject: unfortunately the version of unbound that is in wheezy does not support wildcard include directives, so this commit works around this by doing something less elegant than before. When we have the newer unbound available, we should switch to that method instead. --- puppet/modules/site_config/manifests/caching_resolver.pp | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/caching_resolver.pp b/puppet/modules/site_config/manifests/caching_resolver.pp index e4374d8f..ab2f52d1 100644 --- a/puppet/modules/site_config/manifests/caching_resolver.pp +++ b/puppet/modules/site_config/manifests/caching_resolver.pp @@ -1,8 +1,14 @@ class site_config::caching_resolver { - # Setup a conf.d directory to place additional unbound configuration files - # there must be at least one file in the directory, or unbound will not - # start, so create an empty placeholder to ensure this + # Setup a conf.d directory to place additional unbound configuration files. + # There must be at least one file in the directory, or unbound will not start, + # so create an empty placeholder to ensure this. + + # Note: the version of unbound we are working with does not accept a wildcard + # for an include directive, so we are not able to use this. When we can use + # the newer unbound, then we will add 'include: /etc/unbound.d/*' to the + # configuration file + file { '/etc/unbound/conf.d': ensure => directory, @@ -27,8 +33,7 @@ class site_config::caching_resolver { hide-identity => 'yes', hide-version => 'yes', harden-glue => 'yes', - access-control => [ '127.0.0.0/8 allow', '::1 allow' ], - include => '/etc/unbound/conf.d/*' + access-control => [ '127.0.0.0/8 allow', '::1 allow' ] } } } -- cgit v1.2.3 From 1d9f25303a58f15feec071d81ddf13291fdd6002 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 20 Jan 2013 15:07:33 +0100 Subject: remove bind9 service stop (#1421) --- puppet/modules/site_config/manifests/resolvconf.pp | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/resolvconf.pp b/puppet/modules/site_config/manifests/resolvconf.pp index 3579aaf2..a525d8c6 100644 --- a/puppet/modules/site_config/manifests/resolvconf.pp +++ b/puppet/modules/site_config/manifests/resolvconf.pp @@ -1,19 +1,12 @@ class site_config::resolvconf { - # bind9 + # bind9 purging can be taken out after some time package { 'bind9': ensure => absent, } - - service { 'bind9': - ensure => stopped, - require => Package['bind9'], - } - file { '/etc/default/bind9': ensure => absent; } - file { '/etc/bind/named.conf.options': ensure => absent; } -- cgit v1.2.3 From d7f7bad9b6d4a45aa06c74a1f630b38a534092e0 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 20 Jan 2013 15:26:26 +0100 Subject: configure fqdn for host --- puppet/modules/site_config/manifests/hosts.pp | 2 ++ puppet/modules/site_config/manifests/init.pp | 2 ++ puppet/modules/site_config/manifests/resolvconf.pp | 3 +-- 3 files changed, 5 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/hosts.pp b/puppet/modules/site_config/manifests/hosts.pp index 06cd5c01..80619e33 100644 --- a/puppet/modules/site_config/manifests/hosts.pp +++ b/puppet/modules/site_config/manifests/hosts.pp @@ -3,6 +3,8 @@ class site_config::hosts() { $hosts = hiera('hosts','') $hostname = hiera('name') + $domain_public = $domain_hash['full_suffix'] + file { "/etc/hostname": ensure => present, content => $hostname diff --git a/puppet/modules/site_config/manifests/init.pp b/puppet/modules/site_config/manifests/init.pp index f05bca1c..c27074ed 100644 --- a/puppet/modules/site_config/manifests/init.pp +++ b/puppet/modules/site_config/manifests/init.pp @@ -1,4 +1,6 @@ class site_config { + $domain_hash = hiera('domain') + # default class, used by all hosts include lsb, git diff --git a/puppet/modules/site_config/manifests/resolvconf.pp b/puppet/modules/site_config/manifests/resolvconf.pp index a525d8c6..adecb838 100644 --- a/puppet/modules/site_config/manifests/resolvconf.pp +++ b/puppet/modules/site_config/manifests/resolvconf.pp @@ -11,8 +11,7 @@ class site_config::resolvconf { ensure => absent; } - $domain_hash = hiera('domain') - $domain_public = $domain_hash['public'] + $domain_public = $domain_hash['full_suffix'] # 127.0.0.1: caching-only local bind # 87.118.100.175: http://server.privacyfoundation.de -- cgit v1.2.3 From cde779720059965b4caf968c132c315821dd9b66 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 23 Jan 2013 10:39:34 -0500 Subject: require that the unbound package is installed before attempting to make sub-directories under /etc/unbound (#1412) --- puppet/modules/site_config/manifests/caching_resolver.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/caching_resolver.pp b/puppet/modules/site_config/manifests/caching_resolver.pp index ab2f52d1..922c394f 100644 --- a/puppet/modules/site_config/manifests/caching_resolver.pp +++ b/puppet/modules/site_config/manifests/caching_resolver.pp @@ -12,7 +12,8 @@ class site_config::caching_resolver { file { '/etc/unbound/conf.d': ensure => directory, - owner => root, group => root, mode => '0755'; + owner => root, group => root, mode => '0755', + require => Package['unbound']; '/etc/unbound/conf.d/placeholder': ensure => present, -- cgit v1.2.3 From d0bec7ba086aadefba3655509db6c5b25b116bfb Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 29 Jan 2013 16:39:23 +0100 Subject: run stage declaration moved to site.pp --- puppet/modules/site_config/manifests/init.pp | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/init.pp b/puppet/modules/site_config/manifests/init.pp index c27074ed..f0ce9856 100644 --- a/puppet/modules/site_config/manifests/init.pp +++ b/puppet/modules/site_config/manifests/init.pp @@ -17,12 +17,8 @@ class site_config { # configure caching, local resolver include site_config::caching_resolver - - # configure /etc/hosts - stage { 'initial': - before => Stage['main'], - } + # configure /etc/hosts class { 'site_config::hosts': stage => initial, } -- cgit v1.2.3 From 4cc4237b1184b89b7c491267f8ddbc13067730b4 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 29 Jan 2013 17:02:13 +0100 Subject: fix deprecation warnings in site_config --- puppet/modules/site_config/manifests/hosts.pp | 2 +- puppet/modules/site_config/manifests/resolvconf.pp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/hosts.pp b/puppet/modules/site_config/manifests/hosts.pp index 80619e33..a5f1b105 100644 --- a/puppet/modules/site_config/manifests/hosts.pp +++ b/puppet/modules/site_config/manifests/hosts.pp @@ -3,7 +3,7 @@ class site_config::hosts() { $hosts = hiera('hosts','') $hostname = hiera('name') - $domain_public = $domain_hash['full_suffix'] + $domain_public = $site_config::domain_hash['full_suffix'] file { "/etc/hostname": ensure => present, diff --git a/puppet/modules/site_config/manifests/resolvconf.pp b/puppet/modules/site_config/manifests/resolvconf.pp index adecb838..b803f17e 100644 --- a/puppet/modules/site_config/manifests/resolvconf.pp +++ b/puppet/modules/site_config/manifests/resolvconf.pp @@ -11,7 +11,7 @@ class site_config::resolvconf { ensure => absent; } - $domain_public = $domain_hash['full_suffix'] + $domain_public = $site_config::domain_hash['full_suffix'] # 127.0.0.1: caching-only local bind # 87.118.100.175: http://server.privacyfoundation.de -- cgit v1.2.3 From ab9a292f41139c5c5e36de87e03236e29dd27e23 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 31 Jan 2013 11:09:20 +0100 Subject: puppet tags: site_config::default and site_config::slow --- puppet/modules/site_config/manifests/default.pp | 28 +++++++++++++++++++++ puppet/modules/site_config/manifests/hosts.pp | 2 +- puppet/modules/site_config/manifests/init.pp | 29 ---------------------- puppet/modules/site_config/manifests/resolvconf.pp | 2 +- puppet/modules/site_config/manifests/slow.pp | 6 +++++ 5 files changed, 36 insertions(+), 31 deletions(-) create mode 100644 puppet/modules/site_config/manifests/default.pp delete mode 100644 puppet/modules/site_config/manifests/init.pp create mode 100644 puppet/modules/site_config/manifests/slow.pp (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp new file mode 100644 index 00000000..0605604b --- /dev/null +++ b/puppet/modules/site_config/manifests/default.pp @@ -0,0 +1,28 @@ +class site_config::default { + tag 'default' + + $domain_hash = hiera('domain') + + # default class, used by all hosts + + include lsb, git + + # configure apt + include site_apt + + + # configure ssh and include ssh-keys + include site_config::sshd + + # configure /etc/resolv.conf + include site_config::resolvconf + + # configure caching, local resolver + include site_config::caching_resolver + + # configure /etc/hosts + class { 'site_config::hosts': + stage => initial, + } + +} diff --git a/puppet/modules/site_config/manifests/hosts.pp b/puppet/modules/site_config/manifests/hosts.pp index a5f1b105..6c00f3b6 100644 --- a/puppet/modules/site_config/manifests/hosts.pp +++ b/puppet/modules/site_config/manifests/hosts.pp @@ -3,7 +3,7 @@ class site_config::hosts() { $hosts = hiera('hosts','') $hostname = hiera('name') - $domain_public = $site_config::domain_hash['full_suffix'] + $domain_public = $site_config::default::domain_hash['full_suffix'] file { "/etc/hostname": ensure => present, diff --git a/puppet/modules/site_config/manifests/init.pp b/puppet/modules/site_config/manifests/init.pp deleted file mode 100644 index f0ce9856..00000000 --- a/puppet/modules/site_config/manifests/init.pp +++ /dev/null @@ -1,29 +0,0 @@ -class site_config { - $domain_hash = hiera('domain') - - # default class, used by all hosts - - include lsb, git - - # configure apt - include site_apt - - - # configure ssh and include ssh-keys - include site_config::sshd - - # configure /etc/resolv.conf - include site_config::resolvconf - - # configure caching, local resolver - include site_config::caching_resolver - - # configure /etc/hosts - class { 'site_config::hosts': - stage => initial, - } - - class { 'site_apt::dist_upgrade': - stage => initial, - } -} diff --git a/puppet/modules/site_config/manifests/resolvconf.pp b/puppet/modules/site_config/manifests/resolvconf.pp index b803f17e..d73f0b78 100644 --- a/puppet/modules/site_config/manifests/resolvconf.pp +++ b/puppet/modules/site_config/manifests/resolvconf.pp @@ -11,7 +11,7 @@ class site_config::resolvconf { ensure => absent; } - $domain_public = $site_config::domain_hash['full_suffix'] + $domain_public = $site_config::default::domain_hash['full_suffix'] # 127.0.0.1: caching-only local bind # 87.118.100.175: http://server.privacyfoundation.de diff --git a/puppet/modules/site_config/manifests/slow.pp b/puppet/modules/site_config/manifests/slow.pp new file mode 100644 index 00000000..a4a9f19f --- /dev/null +++ b/puppet/modules/site_config/manifests/slow.pp @@ -0,0 +1,6 @@ +class site_config::slow { + + class { 'site_apt::dist_upgrade': + stage => initial, + } +} -- cgit v1.2.3 From 42aef6df0091f8879d83860efd3c08a6d8e26bdf Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 31 Jan 2013 11:42:58 +0100 Subject: changed tag default to 'base' --- puppet/modules/site_config/manifests/default.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp index 0605604b..577970ca 100644 --- a/puppet/modules/site_config/manifests/default.pp +++ b/puppet/modules/site_config/manifests/default.pp @@ -1,5 +1,5 @@ class site_config::default { - tag 'default' + tag 'base' $domain_hash = hiera('domain') -- cgit v1.2.3 From 24829044b9726f5eb9a8a0ac09f94152b943f9e4 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 31 Jan 2013 14:54:05 +0100 Subject: install etckeeper on all nodes --- puppet/modules/site_config/manifests/default.pp | 3 +++ 1 file changed, 3 insertions(+) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp index 577970ca..699eb4dd 100644 --- a/puppet/modules/site_config/manifests/default.pp +++ b/puppet/modules/site_config/manifests/default.pp @@ -25,4 +25,7 @@ class site_config::default { stage => initial, } + package { [ 'etckeeper' ]: + ensure => installed, + } } -- cgit v1.2.3 From e6fe80f9460b8bc013068e1dda8be6230b8d60a4 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 31 Jan 2013 19:09:19 +0100 Subject: tag 'base' is a bad idea because it invokes apache::base as well --- puppet/modules/site_config/manifests/default.pp | 2 +- puppet/modules/site_config/manifests/slow.pp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp index 699eb4dd..14b389e8 100644 --- a/puppet/modules/site_config/manifests/default.pp +++ b/puppet/modules/site_config/manifests/default.pp @@ -1,5 +1,5 @@ class site_config::default { - tag 'base' + tag 'leap_base' $domain_hash = hiera('domain') diff --git a/puppet/modules/site_config/manifests/slow.pp b/puppet/modules/site_config/manifests/slow.pp index a4a9f19f..18b22a9c 100644 --- a/puppet/modules/site_config/manifests/slow.pp +++ b/puppet/modules/site_config/manifests/slow.pp @@ -1,5 +1,5 @@ class site_config::slow { - + tag 'leap_slow' class { 'site_apt::dist_upgrade': stage => initial, } -- cgit v1.2.3 From 0ab18bc91fa84df2c457ca1ea43ebebc65e5bb2b Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 1 Feb 2013 21:46:06 +0100 Subject: moved concat::setup to site_config::default Because in site.pp it didn't get the tag "leap_base" and would not be declared with leap cli's default puppet tags. Fixes: parent directory /var/lib/puppet/concat does not exist (Feature#1625) --- puppet/modules/site_config/manifests/default.pp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp index 14b389e8..c65c0799 100644 --- a/puppet/modules/site_config/manifests/default.pp +++ b/puppet/modules/site_config/manifests/default.pp @@ -3,6 +3,8 @@ class site_config::default { $domain_hash = hiera('domain') + include concat::setup + # default class, used by all hosts include lsb, git -- cgit v1.2.3 From 726a652b31ef6c1c2b4b93ec38398d70ba496f8c Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 6 Feb 2013 23:35:25 +0100 Subject: site_config::default : include site_shorewall::defaults --- puppet/modules/site_config/manifests/default.pp | 3 +++ 1 file changed, 3 insertions(+) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp index c65c0799..2191e9a1 100644 --- a/puppet/modules/site_config/manifests/default.pp +++ b/puppet/modules/site_config/manifests/default.pp @@ -30,4 +30,7 @@ class site_config::default { package { [ 'etckeeper' ]: ensure => installed, } + + # include basic shorewall config + include site_shorewall::defaults } -- cgit v1.2.3