From 2e03ec8c02a54c407c12964d243ba4ac5de15b99 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 12 Feb 2013 13:45:20 -0500 Subject: switch to using stdlib's standard stages --- puppet/modules/site_config/manifests/default.pp | 2 +- puppet/modules/site_config/manifests/slow.pp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp index 2191e9a1..77241df5 100644 --- a/puppet/modules/site_config/manifests/default.pp +++ b/puppet/modules/site_config/manifests/default.pp @@ -24,7 +24,7 @@ class site_config::default { # configure /etc/hosts class { 'site_config::hosts': - stage => initial, + stage => setup, } package { [ 'etckeeper' ]: diff --git a/puppet/modules/site_config/manifests/slow.pp b/puppet/modules/site_config/manifests/slow.pp index 18b22a9c..94bac88d 100644 --- a/puppet/modules/site_config/manifests/slow.pp +++ b/puppet/modules/site_config/manifests/slow.pp @@ -1,6 +1,6 @@ class site_config::slow { tag 'leap_slow' class { 'site_apt::dist_upgrade': - stage => initial, + stage => setup, } } -- cgit v1.2.3 From 3c41a81f1a3e1757ea6b9bda7e1a98dce624ec1d Mon Sep 17 00:00:00 2001 From: elijah Date: Mon, 1 Apr 2013 00:05:42 -0700 Subject: added setup.pp --- puppet/modules/site_config/manifests/hosts.pp | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/hosts.pp b/puppet/modules/site_config/manifests/hosts.pp index 6c00f3b6..81795f7d 100644 --- a/puppet/modules/site_config/manifests/hosts.pp +++ b/puppet/modules/site_config/manifests/hosts.pp @@ -1,9 +1,8 @@ class site_config::hosts() { - $hosts = hiera('hosts','') $hostname = hiera('name') - - $domain_public = $site_config::default::domain_hash['full_suffix'] + $domain_hash = hiera('domain') + $domain_public = $domain_hash['full_suffix'] file { "/etc/hostname": ensure => present, -- cgit v1.2.3 From c849ef699d6426b3161f901eea625247cdefbef5 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 2 Apr 2013 16:41:06 -0400 Subject: fix variable curly braces --- puppet/modules/site_config/manifests/hosts.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/hosts.pp b/puppet/modules/site_config/manifests/hosts.pp index 81795f7d..1e1590f5 100644 --- a/puppet/modules/site_config/manifests/hosts.pp +++ b/puppet/modules/site_config/manifests/hosts.pp @@ -9,7 +9,7 @@ class site_config::hosts() { content => $hostname } - exec { "/bin/hostname $hostname": + exec { "/bin/hostname ${hostname}": subscribe => [ File['/etc/hostname'], File['/etc/hosts'] ], refreshonly => true; } -- cgit v1.2.3 From 8e5716518b361aceac5c2cc5433148edf8785d89 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 30 Apr 2013 17:17:54 -0400 Subject: setup a site_config::params class that can be used to set some common variables that are used in different places to start with we setup the $interface variable, based on logic as defined in #2213 change the various places that were looking up this value to use site_config::params::interface instead --- puppet/modules/site_config/manifests/params.pp | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 puppet/modules/site_config/manifests/params.pp (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/params.pp b/puppet/modules/site_config/manifests/params.pp new file mode 100644 index 00000000..237ee454 --- /dev/null +++ b/puppet/modules/site_config/manifests/params.pp @@ -0,0 +1,25 @@ +class site_config::params { + + $ip_address = hiera('ip_address') + $ip_address_interface = getvar("interface_${ip_address}") + $ec2_local_ipv4_interface = getvar("interface_${::ec2_local_ipv4}") + + if $::virtual == 'virtualbox' { + $interface = [ 'eth0', 'eth1' ] + } + elsif hiera('interface','') != '' { + $interface = hiera('interface') + } + elsif $ip_address_interface != '' { + $interface = $ip_address_interface + } + elsif $ec2_local_ipv4_interface != '' { + $interface = $ec2_local_ipv4_interface + } + elsif $::interfaces =~ /eth0/ { + $interface = eth0 + } + else { + fail("unable to determine a valid interface, please set a valid interface for this node in nodes/${::hostname}.json") + } +} -- cgit v1.2.3 From 450fb19a4df8f4740dcf077b585dbd77c096d133 Mon Sep 17 00:00:00 2001 From: elijah Date: Sat, 18 May 2013 17:13:05 -0700 Subject: added module site_nickserver --- puppet/modules/site_config/manifests/ruby.pp | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 puppet/modules/site_config/manifests/ruby.pp (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/ruby.pp b/puppet/modules/site_config/manifests/ruby.pp new file mode 100644 index 00000000..2a720114 --- /dev/null +++ b/puppet/modules/site_config/manifests/ruby.pp @@ -0,0 +1,14 @@ +class site_config::ruby { + Class[Ruby] -> Class[rubygems] -> Class[bundler::install] + class { '::ruby': ruby_version => '1.9.3' } + class { 'bundler::install': install_method => 'package' } + include rubygems +} + + +# +# Ruby settings common to all servers +# +# Why this way? So that other classes can do 'include site_ruby' without creating redeclaration errors. +# See https://puppetlabs.com/blog/modeling-class-composition-with-parameterized-classes/ +# -- cgit v1.2.3 From f96d049c407110fb471199ee73c47db8b7cd474a Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 23 May 2013 22:42:56 +0200 Subject: Install git before vcsrepo call (Feature #2510) --- puppet/modules/site_config/manifests/default.pp | 3 +++ 1 file changed, 3 insertions(+) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp index 77241df5..7758a69d 100644 --- a/puppet/modules/site_config/manifests/default.pp +++ b/puppet/modules/site_config/manifests/default.pp @@ -33,4 +33,7 @@ class site_config::default { # include basic shorewall config include site_shorewall::defaults + + Class['git'] -> Vcsrepo<||> + } -- cgit v1.2.3 From c92d3ac0780e813a5440c5e475bfdba5de5a0447 Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 30 May 2013 17:06:14 -0700 Subject: site_sshd -- added xterm title, optional support for mosh --- puppet/modules/site_config/manifests/sshd.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/sshd.pp b/puppet/modules/site_config/manifests/sshd.pp index 944dbce2..8ff337a0 100644 --- a/puppet/modules/site_config/manifests/sshd.pp +++ b/puppet/modules/site_config/manifests/sshd.pp @@ -2,7 +2,7 @@ class site_config::sshd { # configure sshd include sshd include site_sshd - # no need for configuring authorized_keys as leap_cli cares for that + # no need for configuring authorized_keys as leap_cli cares for that #$ssh_pubkeys=hiera_hash('ssh_pubkeys') #notice($ssh_pubkeys) #create_resources('site_sshd::ssh_key', $ssh_pubkeys) -- cgit v1.2.3 From 14bd8cf734fec65d4f1e16bfe64710008bdac174 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Sun, 2 Jun 2013 17:44:35 -0400 Subject: lint hosts.pp Change-Id: If10470978ee31a398e0b88d8d98552c93d4706a2 --- puppet/modules/site_config/manifests/hosts.pp | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/hosts.pp b/puppet/modules/site_config/manifests/hosts.pp index 1e1590f5..83a1040d 100644 --- a/puppet/modules/site_config/manifests/hosts.pp +++ b/puppet/modules/site_config/manifests/hosts.pp @@ -1,11 +1,11 @@ class site_config::hosts() { - $hosts = hiera('hosts','') - $hostname = hiera('name') - $domain_hash = hiera('domain') + $hosts = hiera('hosts','') + $hostname = hiera('name') + $domain_hash = hiera('domain') $domain_public = $domain_hash['full_suffix'] - file { "/etc/hostname": - ensure => present, + file { '/etc/hostname': + ensure => present, content => $hostname } @@ -16,6 +16,8 @@ class site_config::hosts() { file { '/etc/hosts': content => template('site_config/hosts'), - mode => '0644', owner => root, group => root; + mode => '0644', + owner => root, + group => root; } } -- cgit v1.2.3 From 400dde54f3950ad01d716b664d2ed1a236b8ca42 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 11 Jun 2013 15:00:36 -0400 Subject: add a class site_config::shell for shell-related configurations setup a /etc/profile.d configuration snippet to put /srv/leap/bin in the $PATH (#2122) Change-Id: I0afb5232375e6c6d9f692a97243023c710265d54 --- puppet/modules/site_config/manifests/default.pp | 2 ++ puppet/modules/site_config/manifests/shell.pp | 10 ++++++++++ 2 files changed, 12 insertions(+) create mode 100644 puppet/modules/site_config/manifests/shell.pp (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp index 7758a69d..cfb46130 100644 --- a/puppet/modules/site_config/manifests/default.pp +++ b/puppet/modules/site_config/manifests/default.pp @@ -36,4 +36,6 @@ class site_config::default { Class['git'] -> Vcsrepo<||> + # include basic shell config + include site_config::shell } diff --git a/puppet/modules/site_config/manifests/shell.pp b/puppet/modules/site_config/manifests/shell.pp new file mode 100644 index 00000000..b1a65389 --- /dev/null +++ b/puppet/modules/site_config/manifests/shell.pp @@ -0,0 +1,10 @@ +class site_config::shell { + + file { + '/etc/profile.d/leap_path.sh': + content => 'PATH=$PATH:/srv/leap/bin', + mode => '0644', + owner => root, + group => root; + } +} -- cgit v1.2.3 From d9614163ed327fc17d27ac623dfd639ce00a43ce Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 19 Jun 2013 13:41:23 -0400 Subject: disable dhclient from modifying the /etc/resolv.conf file on openstack/amazon instances The dhclient in these environments is quite aggressive and overwrites the nameservers we've deliberately chosen to use with google's nameservers. This commit attempts to fix that. The dhclient methodology for altering these things is particularly unpleasant. We effectively redefine the functions that mess with this file to be noops in the /etc/dhcp/dhclient-enter-hooks.d directory and then we are forced to restart dhclient by shipping a script that tries to determine the correct PID and arguments that it was running as before killing and restarting it with the same arguments. See debian bugs #681698, #712796 for further discussion about how to make this less difficult Change-Id: I51cf40cf98eaddcefd8180e157b6e3ca824173f0 --- puppet/modules/site_config/manifests/default.pp | 6 ++++- puppet/modules/site_config/manifests/dhclient.pp | 30 ++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 puppet/modules/site_config/manifests/dhclient.pp (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp index cfb46130..5518ea56 100644 --- a/puppet/modules/site_config/manifests/default.pp +++ b/puppet/modules/site_config/manifests/default.pp @@ -12,10 +12,14 @@ class site_config::default { # configure apt include site_apt - # configure ssh and include ssh-keys include site_config::sshd + # fix dhclient from changing resolver information + if $::ec2_instance_id { + include site_config::dhclient + } + # configure /etc/resolv.conf include site_config::resolvconf diff --git a/puppet/modules/site_config/manifests/dhclient.pp b/puppet/modules/site_config/manifests/dhclient.pp new file mode 100644 index 00000000..7ac0caf3 --- /dev/null +++ b/puppet/modules/site_config/manifests/dhclient.pp @@ -0,0 +1,30 @@ +class site_config::dhclient { + + # Unfortunately, there does not seem to be a way to reload the dhclient.conf + # config file, or a convenient way to disable the modifications to + # /etc/resolv.conf. So the following makes the functions involved noops and + # ships a script to kill and restart dhclient. See the debian bugs: + # #681698, #712796 + + include site_config::params + + file { '/usr/local/sbin/reload_dhclient': + owner => 0, + group => 0, + mode => '0755', + content => template('site_config/reload_dhclient.erb'); + } + + exec { 'reload_dhclient': + refreshonly => true, + command => '/usr/local/sbin/reload_dhclient'; + } + + file { '/etc/dhcp/dhclient-enter-hooks.d/disable_resolvconf': + content => 'make_resolv_conf() { : ; } ; set_hostname() { : ; }', + mode => '0644', + owner => 'root', + group => 'root', + notify => Exec['reload_dhclient']; + } +} -- cgit v1.2.3 From 3b6f11a60778d5cb3ae265980e4e4870bf065de2 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Fri, 28 Jun 2013 12:11:32 -0400 Subject: modularize and standardize site_sshd: . move the setting of the xterm title to site_config::shell . change the xterm file resource to use standard source lines, switch to single quotes, quote mode, and line up parameters . move the mosh pieces into a site_ssh::mosh class and only include it if the right mosh variable is enabled, passing into the class the necessary hiera parameters . lint the site_ssh::mosh resources . change the authorized_keys class to accept the key parameter which is passed in from the main ssh class (but allow for out of scope variable lookup when the tag is passed) Change-Id: Ieec5a3932de9bad1b98633032b28f88e91e46604 --- puppet/modules/site_config/manifests/shell.pp | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/shell.pp b/puppet/modules/site_config/manifests/shell.pp index b1a65389..5b8c025d 100644 --- a/puppet/modules/site_config/manifests/shell.pp +++ b/puppet/modules/site_config/manifests/shell.pp @@ -7,4 +7,16 @@ class site_config::shell { owner => root, group => root; } + + ## + ## XTERM TITLE + ## + + file { '/etc/profile.d/xterm-title.sh': + source => 'puppet:///modules/site_config/xterm-title.sh', + owner => root, + group => 0, + mode => '0644'; + } + } -- cgit v1.2.3 From 9a522267068a1bcede55ba388d526ddc263d155f Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Fri, 28 Jun 2013 11:28:13 -0400 Subject: restart stunnels if /etc/hosts is changed (#3031) Due to the fact that /etc/hosts is modified in the early stage setup.pp run and the stunnel service is not deployed on an initial puppet run, we cannot simply override the Service['stunnel'] but instead need to trigger a restart through an exec calling the init script that first tests to see if it is present. Change-Id: I6bf5dfece9ecbdb8319747774185dec50d5a55f6 --- puppet/modules/site_config/manifests/hosts.pp | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/hosts.pp b/puppet/modules/site_config/manifests/hosts.pp index 83a1040d..ccedf036 100644 --- a/puppet/modules/site_config/manifests/hosts.pp +++ b/puppet/modules/site_config/manifests/hosts.pp @@ -14,6 +14,17 @@ class site_config::hosts() { refreshonly => true; } + # we depend on reliable hostnames from /etc/hosts for the stunnel services + # so restart stunnel service when /etc/hosts is modified + # because this is done in an early stage, the stunnel module may not + # have been deployed and will not be available for overriding, so + # this is handled in an unorthodox manner + exec { '/etc/init.d/stunnel4 restart': + subscribe => File['/etc/hosts'], + refreshonly => true, + onlyif => 'test -f /etc/init.d/stunnel4'; + } + file { '/etc/hosts': content => template('site_config/hosts'), mode => '0644', -- cgit v1.2.3 From 57b2c01c42cc47901bc39504bd5e776a7e3a9c6d Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 2 Jul 2013 16:44:56 +0200 Subject: deleted bind9 purging, it was only needed for the transition from bind to unbound --- puppet/modules/site_config/manifests/resolvconf.pp | 11 ----------- 1 file changed, 11 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/resolvconf.pp b/puppet/modules/site_config/manifests/resolvconf.pp index d73f0b78..271c5043 100644 --- a/puppet/modules/site_config/manifests/resolvconf.pp +++ b/puppet/modules/site_config/manifests/resolvconf.pp @@ -1,16 +1,5 @@ class site_config::resolvconf { - # bind9 purging can be taken out after some time - package { 'bind9': - ensure => absent, - } - file { '/etc/default/bind9': - ensure => absent; - } - file { '/etc/bind/named.conf.options': - ensure => absent; - } - $domain_public = $site_config::default::domain_hash['full_suffix'] # 127.0.0.1: caching-only local bind -- cgit v1.2.3 From 0d6694a0ee00be0f35b18025d86883cf3d4e4a7d Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 2 Jul 2013 12:44:44 -0400 Subject: create a site_config subclass for package installation and removal add packages that we want to make sure are installed remove packages that were found on vagrant and PC installations that have no business being there Change-Id: I4887a327ca89eb60945ad817a75ff199859824d3 --- .../modules/site_config/manifests/base_packages.pp | 28 ++++++++++++++++++++++ puppet/modules/site_config/manifests/default.pp | 5 ++-- 2 files changed, 30 insertions(+), 3 deletions(-) create mode 100644 puppet/modules/site_config/manifests/base_packages.pp (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/base_packages.pp b/puppet/modules/site_config/manifests/base_packages.pp new file mode 100644 index 00000000..3d40f7a2 --- /dev/null +++ b/puppet/modules/site_config/manifests/base_packages.pp @@ -0,0 +1,28 @@ +class site_config::base_packages { + + # base set of packages that we want to have installed everywhere + package { [ 'etckeeper', 'screen', 'less' ]: + ensure => installed, + } + + # base set of packages that we want to remove everywhere + package { [ 'acpi', 'acpid', 'acpi-support-base', 'eject', 'ftp', + 'laptop-detect', 'lpr', 'nfs-common', 'nfs-kernel-server', + 'portmap', 'pppconfig', 'pppoe', 'pump', 'qstat', 'rpcbind', + 'samba-common', 'samba-common-bin', 'smbclient', 'tcl8.5', + 'tk8.5', 'os-prober', 'unzip', 'xauth', 'x11-common', + 'x11-utils', 'xterm' ]: + ensure => absent; + } + + if $::virtual == 'virtualbox' { + $virtualbox_ensure = present + } else { + $virtualbox_ensure = absent + } + + package { [ 'build-essential', 'fontconfig-config', 'g++', 'g++-4.7', 'gcc', + 'gcc-4.6', 'gcc-4.7', 'cpp', 'cpp-4.6', 'cpp-4.7', 'libc6-dev' ]: + ensure => $virtualbox_ensure + } +} diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp index 5518ea56..00eee9d0 100644 --- a/puppet/modules/site_config/manifests/default.pp +++ b/puppet/modules/site_config/manifests/default.pp @@ -31,9 +31,8 @@ class site_config::default { stage => setup, } - package { [ 'etckeeper' ]: - ensure => installed, - } + # install/remove base packages + include site_config::base_packages # include basic shorewall config include site_shorewall::defaults -- cgit v1.2.3