diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2016-02-08 03:36:43 -0200 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2016-02-08 03:36:43 -0200 |
| commit | a9c544369f3999b868cfc1eb0dcb10e050defcc1 (patch) | |
| tree | 2f06ad6d179f2677368b2ec7d0932d5aaa0ad2ea /manifests | |
| parent | 6097bca6f5302765007f65a52f87999dbaefcff9 (diff) | |
| download | puppet-nodo-a9c544369f3999b868cfc1eb0dcb10e050defcc1.tar.gz puppet-nodo-a9c544369f3999b868cfc1eb0dcb10e050defcc1.tar.bz2 | |
Initial cleanup
Remove munin, fstab, crypttab, gdm and old subsystems.
This major change is motivated by the fact that the configuration has
grown too much along the years and is difficult to maintain.
Simplification is then necessary to keep going.
Diffstat (limited to 'manifests')
37 files changed, 126 insertions, 894 deletions
diff --git a/manifests/base.pp b/manifests/base.pp index 6426219..f0a05d7 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -7,7 +7,6 @@ class nodo::base( # Then include our subsystems include nodo::subsystem::sudo include nodo::subsystem::locales - include nodo::subsystem::profile include nodo::subsystem::screen include nodo::subsystem::screen::startup include nodo::subsystem::backup @@ -17,39 +16,25 @@ class nodo::base( include nodo::subsystem::local # Apt module - $apt = hiera('nodo::subsystem::apt', True) - if $apt == true { - include nodo::subsystem::apt - } + #$apt = hiera('nodo::subsystem::apt', True) + #if $apt == true { + # include nodo::subsystem::apt + #} # Declare subsystem classes - class { [ 'nodo::subsystem::hosts', 'nodo::subsystem::motd' ]: } + #class { 'nodo::subsystem::hosts': } + class { 'nodo::subsystem::motd': } # Common utilities include nodo::utils # Other modules - include tunnel::autossh - include domain_check include concat::setup include cron + include shellprompt # Require admin accounts' class if (defined(site_users::admin)) { include site_users::admin } - - # Puppet - case $puppet_mode { - 'standalone': { include puppet::standalone } - 'daemon': { - class { 'puppet::daemon': - master => hiera('nodo::role::master::main', false), - } - } - default: { } - } - - # Does not work well inside vservers - #class { 'runit': ensure => absent } } diff --git a/manifests/base/appliance.pp b/manifests/base/appliance.pp index 3032479..982e589 100644 --- a/manifests/base/appliance.pp +++ b/manifests/base/appliance.pp @@ -1,7 +1,3 @@ class nodo::base::appliance inherits nodo::base::physical { class { 'nodo::subsystem::sysctl::appliance': } - - class { [ 'nodo::subsystem::fstab', 'nodo::subsystem::crypttab' ]: - type => 'appliance', - } } diff --git a/manifests/base/desktop.pp b/manifests/base/desktop.pp index 7dd969c..8b03e6e 100644 --- a/manifests/base/desktop.pp +++ b/manifests/base/desktop.pp @@ -1,16 +1,3 @@ class nodo::base::desktop inherits nodo::base::personal { include nodo::utils::desktop - - class { [ 'nodo::subsystem::fstab', 'nodo::subsystem::crypttab' ]: - type => 'desktop', - } - - # Allow regular users to power off the machine (overrides policy kit default configuration) - file { '/usr/share/polkit-1/actions/org.freedesktop.consolekit.policy': - ensure => present, - owner => root, - group => root, - mode => 0644, - source => 'puppet:///modules/nodo/polkit/org.freedesktop.consolekit.policy', - } } diff --git a/manifests/base/host.pp b/manifests/base/host.pp index 8cbf9d2..80eb936 100644 --- a/manifests/base/host.pp +++ b/manifests/base/host.pp @@ -14,17 +14,6 @@ class nodo::base::host { # Firewall class { 'firewall': } - # Vserver - if $::lsbdistcodename == 'squeeze' { - $vserver = hiera('nodo::host::use_vserver', True) - - if $vserver == true { - class { 'virtual::vserver::host': - vdirbase => "/var/vservers", - } - } - } - # Time $ntpdate = hiera('nodo::host::ntpdate', True) case $ntpdate { @@ -40,17 +29,4 @@ class nodo::base::host { #dombr => $::is_virtual, #dobios => $::is_virtual, } - - # Monitoring - if !defined(Class['nodo::subsystem::monitor']) { - class { 'nodo::subsystem::monitor': } - } - - # Munin configuration - $munin = hiera('nodo::host::use_munin', True) - if $munin == true { - nodo::subsystem::monitor::munin { "$hostname": - port => '4900', - } - } } diff --git a/manifests/base/laptop.pp b/manifests/base/laptop.pp index 3885606..b984873 100644 --- a/manifests/base/laptop.pp +++ b/manifests/base/laptop.pp @@ -54,23 +54,4 @@ class nodo::base::laptop inherits nodo::base::personal { default => present, }, } - - # Avoid this annoying warning - # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673818 - file { '/etc/laptop-mode/conf.d/board-specific': - ensure => directory, - owner => root, - group => root, - mode => 0755, - require => Package['laptop-mode-tools'], - } - - file { '/etc/laptop-mode/conf.d/board-specific/bogus.conf' : - ensure => present, - owner => 'root', - group => 'root', - mode => '0644', - content => "# Placeholder file, see Debian bug #673818\n", - require => File['/etc/laptop-mode/conf.d/board-specific'], - } } diff --git a/manifests/base/personal.pp b/manifests/base/personal.pp index 14fa34f..55f4835 100644 --- a/manifests/base/personal.pp +++ b/manifests/base/personal.pp @@ -4,19 +4,8 @@ class nodo::base::personal { include nodo::utils::personal include autossh - class { 'nodo::subsystem::pam': } class { 'nodo::subsystem::xorg': } - - if $::lsbdistcodename == 'squeeze' { - include nodo::subsystem::gdm - } - elsif $::lsbdistcodename == 'wheezy' { - include nodo::subsystem::gdm3 - } - else { - include nodo::subsystem::gdm3::disabled - include nodo::subsystem::lightdm - } + class { 'nodo::subsystem::lightdm': } # Media folders and groups include nodo::subsystem::media diff --git a/manifests/base/physical.pp b/manifests/base/physical.pp index 45648ee..a00dd18 100644 --- a/manifests/base/physical.pp +++ b/manifests/base/physical.pp @@ -1,58 +1,7 @@ class nodo::base::physical inherits nodo::base::host { class { [ 'nodo::subsystem::ups', 'smartmontools' ]: } - # SMART and sensors monitoring - $munin = hiera('nodo::host::use_munin', True) - if $munin == true { - include munin::plugins::smart - - # TODO: use nodo::physical::disks instead - $sdb = hiera('nodo::physical::sdb', false) - $disks = $sdb ? { - true => 'sda sdb', - default => 'sda', - } - - munin::plugin { 'hddtemp_smartctl': - ensure => present, - config => "user root\ngroup disk\nenv.drives ${disks}", - } - - munin::plugin { 'smart_sda': - ensure => 'smart_', - config => "user root\ngroup disk", - } - - if $sdb == true { - munin::plugin { 'smart_sdb': - ensure => 'smart_', - config => "user root\ngroup disk", - } - } - - package { 'lm-sensors': - ensure => present, - } - - munin::plugin { [ 'sensors_fan', 'sensors_volt', 'sensors_temp' ]: - ensure => 'sensors_', - } - } - - # Entropy key - $ekey_masterkey = hiera('nodo::physical::ekey_masterkey', '') - if $ekey_masterkey != '' { - class { "ekeyd": - ekeyd_masterkey => $ekey_masterkey, - } - - # We can also use ekeyd::munin - munin::plugin { [ 'ekeyd_stat_KeyTemperatureC', 'ekeyd_stat_KeyTemperatureF', - 'ekeyd_stat_KeyTemperatureK', 'ekeyd_stat_TotalEntropy', - 'ekeyd_stat_KeyVoltage', 'ekeyd_stat_FipsFrameRate', - 'ekeyd_stat_EntropyRate', 'ekeyd_stat' ]: - ensure => 'ekeyd_stat_', - config => 'user root', - } + package { 'lm-sensors': + ensure => present, } } diff --git a/manifests/base/plug.pp b/manifests/base/plug.pp index 49d9f8d..756eb3c 100644 --- a/manifests/base/plug.pp +++ b/manifests/base/plug.pp @@ -13,14 +13,4 @@ class nodo::base::plug { backupninja::sys { "sys": ensure => present, } - - # Monitoring - if !defined(Class['nodo::subsystem::monitor']) { - class { 'nodo::subsystem::monitor': } - } - - # Munin configuration - nodo::subsystem::monitor::munin { "${::hostname}": - port => '4900', - } } diff --git a/manifests/base/removable.pp b/manifests/base/removable.pp index d13b5ee..e82700c 100644 --- a/manifests/base/removable.pp +++ b/manifests/base/removable.pp @@ -1,9 +1,2 @@ class nodo::base::removable inherits nodo::base::desktop { - File["/etc/fstab"] { - source => "puppet:///modules/nodo/etc/fstab/removable", - } - - File["/etc/crypttab"] { - source => "puppet:///modules/nodo/etc/crypttab/removable", - } } diff --git a/manifests/base/virtual.pp b/manifests/base/virtual.pp index f2c72f1..5e86e42 100644 --- a/manifests/base/virtual.pp +++ b/manifests/base/virtual.pp @@ -10,25 +10,8 @@ class nodo::base::virtual { dohwinfo => false, } - $hosting_type = hiera('nodo::vserver::hosting_type', 'direct') - - case $hosting_type { - "direct": { - # Apply munin and monkeysphere configuration for - # for directly hosted nodes. - Nodo::Subsystem::Monitor::Munin <<| title == $::hostname |>> - Nodo::Subsystem::Monkeysphere <<| title == $::hostname |>> - } - "third-party": { - # Apply munin and monkeysphere configuration for - # nodes hosted by third-parties. - nodo::subsystem::monitor::munin { "${::hostname}": } - monkeysphere_host { "${::hostname}": - port => hiera('nodo::vserver::ssh_port', '22'), - } - - # Nagios configuration - class { 'nodo::subsystem::monitor': } - } + nodo::subsystem::monitor::munin { "${::hostname}": } + monkeysphere_host { "${::hostname}": + port => hiera('nodo::vserver::ssh_port', '22'), } } diff --git a/manifests/role/mail.pp b/manifests/role/mail.pp index 2383ada..87a928b 100644 --- a/manifests/role/mail.pp +++ b/manifests/role/mail.pp @@ -1,29 +1,19 @@ class nodo::role::mail { class { [ 'nodo::role::virtual', 'mail::system' ]: } - # Config parameters - $delivery = hiera('nodo::subsystem::mail::delivery', 'exim') - $virtual = hiera('mail::virtual', false) - # Graph postfix munin::plugin { [ 'postfix_mailqueue', 'postfix_mailstats' ]: config => 'user root', - ensure => $delivery ? { - 'postfix' => present, - default => absent, - }, + ensure => present, } - # Graph mysql - package { 'libcache-cache-perl': # needed by munin mysql plugin + # Graph mysql, needed by munin mysql plugin + package { 'libcache-cache-perl': ensure => present, } munin::plugin { [ 'mysql_queries', 'mysql_slowqueries', 'mysql_bytes', 'mysql_threads' ]: config => "user root\nenv.mysqlopts --defaults-extra-file=/etc/mysql/debian.cnf", - ensure => $virtual ? { - true => present, - default => absent, - }, + ensure => present, } } diff --git a/manifests/role/web.pp b/manifests/role/web.pp index a497108..2d25c9c 100644 --- a/manifests/role/web.pp +++ b/manifests/role/web.pp @@ -6,53 +6,53 @@ class nodo::role::web inherits nodo::base::virtual { } # Munin - $munin = hiera('nodo::munin_node::manage', True) - if $munin == true { - munin::plugin { [ 'apache_accesses', 'apache_processes', 'apache_volume' ]: - ensure => present, - } - - package { 'libcache-cache-perl': # needed by munin mysql plugin - ensure => present, - } - - munin::plugin { [ 'mysql_queries', 'mysql_slowqueries', 'mysql_bytes', 'mysql_threads' ]: - ensure => present, - config => "user root\nenv.mysqlopts --defaults-extra-file=/etc/mysql/debian.cnf", - } - } + #$munin = hiera('nodo::munin_node::manage', True) + #if $munin == true { + # munin::plugin { [ 'apache_accesses', 'apache_processes', 'apache_volume' ]: + # ensure => present, + # } + # + # # Needed by munin mysql plugin + # package { 'libcache-cache-perl': + # ensure => present, + # } + # + # munin::plugin { [ 'mysql_queries', 'mysql_slowqueries', 'mysql_bytes', 'mysql_threads' ]: + # ensure => present, + # config => "user root\nenv.mysqlopts --defaults-extra-file=/etc/mysql/debian.cnf", + # } + #} # Classes for web nodes include database - - # Put your custom sites and users here include websites - - # Reprepro configuration - $reprepro = hiera('nodo::web::reprepro', false) - $reprepro_basedir = '/var/reprepro' - - case $reprepro { - true,'enabled': { - class { 'reprepro': - basedir => '/var/reprepro', - uploaders => hiera('nodo::web::reprepro_uploaders', [ ]), - } - - include reprepro::cron - } - 'disabled': { - class { 'reprepro::disabled': - basedir => '/var/reprepro', - } - } - 'purged': { - class { 'reprepro::purged': - basedir => '/var/reprepro', - } - } - false,default: { } - } + include domain_check + + ## Reprepro configuration + #$reprepro = hiera('nodo::web::reprepro', false) + #$reprepro_basedir = '/var/reprepro' + # + #case $reprepro { + # true,'enabled': { + # class { 'reprepro': + # basedir => '/var/reprepro', + # uploaders => hiera('nodo::web::reprepro_uploaders', [ ]), + # } + # + # include reprepro::cron + # } + # 'disabled': { + # class { 'reprepro::disabled': + # basedir => '/var/reprepro', + # } + # } + # 'purged': { + # class { 'reprepro::purged': + # basedir => '/var/reprepro', + # } + # } + # false,default: { } + #} backupninja::svn { "svn": src => "/var/svn", diff --git a/manifests/subsystem/apt.pp b/manifests/subsystem/apt.pp index c927062..2c463b6 100644 --- a/manifests/subsystem/apt.pp +++ b/manifests/subsystem/apt.pp @@ -61,27 +61,27 @@ class nodo::subsystem::apt { }, } - $squeeze_lts = 'http://http.debian.net/debian/ squeeze-lts main contrib non-free' - - # See https://wiki.debian.org/LTS/Using - ::apt::sources_list { 'squeeze-lts.list': - content => "deb ${squeeze_lts}\ndeb-src ${squeeze_lts}", - ensure => $::lsbdistcodename ? { - 'squeeze' => present, - default => absent, - } - } - - file { '/etc/apt/apt.conf.d/80default-release': - owner => root, - group => root, - mode => 0644, - content => "APT::Default-Release \"squeeze-lts\";\n", - ensure => $::lsbdistcodename ? { - 'squeeze' => present, - default => absent, - } - } + #$squeeze_lts = 'http://http.debian.net/debian/ squeeze-lts main contrib non-free' + # + ## See https://wiki.debian.org/LTS/Using + #::apt::sources_list { 'squeeze-lts.list': + # content => "deb ${squeeze_lts}\ndeb-src ${squeeze_lts}", + # ensure => $::lsbdistcodename ? { + # 'squeeze' => present, + # default => absent, + # } + #} + # + #file { '/etc/apt/apt.conf.d/80default-release': + # owner => root, + # group => root, + # mode => 0644, + # content => "APT::Default-Release \"squeeze-lts\";\n", + # ensure => $::lsbdistcodename ? { + # 'squeeze' => present, + # default => absent, + # } + #} package { 'apt-transport-https': ensure => present, diff --git a/manifests/subsystem/crypttab.pp b/manifests/subsystem/crypttab.pp deleted file mode 100644 index 749569c..0000000 --- a/manifests/subsystem/crypttab.pp +++ /dev/null @@ -1,15 +0,0 @@ -class nodo::subsystem::crypttab( - $type, - $manage = hiera('nodo::crypttab::manage', false) -) { - if $manage == true { - file { "/etc/crypttab": - source => "puppet:///modules/nodo/etc/crypttab/${type}", - owner => "root", - group => "root", - mode => 0644, - ensure => present, - notify => Exec['update-initramfs'], - } - } -} diff --git a/manifests/subsystem/fstab.pp b/manifests/subsystem/fstab.pp deleted file mode 100644 index 9538f66..0000000 --- a/manifests/subsystem/fstab.pp +++ /dev/null @@ -1,15 +0,0 @@ -class nodo::subsystem::fstab( - $type, - $manage = hiera('nodo::subsystem::fstab::manage', false) -) { - if $manage == true { - file { "/etc/fstab": - source => "puppet:///modules/nodo/etc/fstab/${type}", - owner => "root", - group => "root", - mode => 0644, - ensure => present, - notify => Exec['update-initramfs'], - } - } -} diff --git a/manifests/subsystem/gdm.pp b/manifests/subsystem/gdm.pp deleted file mode 100644 index fd36e99..0000000 --- a/manifests/subsystem/gdm.pp +++ /dev/null @@ -1,66 +0,0 @@ -class nodo::subsystem::gdm { - package { 'gdm': - ensure => installed, - } - - service { 'gdm': - ensure => running, - require => Package['gdm'], - } - - exec { '/usr/sbin/dpkg-reconfigure gdm': - subscribe => File['/etc/gdm/gdm.conf'], - user => root, - group => root, - refreshonly => true, - require => Service['gdm'], - } - - file { '/etc/gdm/gdm.conf': - ensure => present, - owner => root, - group => root, - mode => 0644, - source => [ "puppet:///modules/site_nodo/etc/gdm/${::domain}/gdm.conf", - "puppet:///modules/nodo/etc/gdm/gdm.conf", ] - } - - file { '/usr/share/gdm/themes/crunchbang': - ensure => directory, - recurse => true, - purge => true, - force => true, - owner => "root", - group => "root", - # This mode will also apply to files from the source directory - mode => 0644, - # Puppet will automatically set +x for directories - source => 'puppet:///modules/nodo/etc/gdm/themes/crunchbang', - } - - file { '/usr/share/gdm/themes/Tuxtastic': - ensure => directory, - recurse => true, - purge => true, - force => true, - owner => "root", - group => "root", - # This mode will also apply to files from the source directory - mode => 0644, - # Puppet will automatically set +x for directories - source => 'puppet:///modules/nodo/etc/gdm/themes/Tuxtastic', - } - - file { '/usr/share/gdm/themes/dasUberMini': - ensure => directory, - recurse => true, - purge => true, - force => true, - owner => "root", - group => "root", - # This mode will also apply to files from the source directory - mode => 0644, - # Puppet will automatically set +x for directories - source => 'puppet:///modules/nodo/etc/gdm/themes/dasUberMini', - } -} diff --git a/manifests/subsystem/gdm/disabled.pp b/manifests/subsystem/gdm/disabled.pp deleted file mode 100644 index d2565ef..0000000 --- a/manifests/subsystem/gdm/disabled.pp +++ /dev/null @@ -1,18 +0,0 @@ -class nodo::subsystem::gdm::disabled inherits nodo::subsystem::gdm { - File['/usr/share/gdm/themes/dasUberMini', '/usr/share/gdm/themes/Tuxtastic', - '/usr/share/gdm/themes/crunchbang', '/etc/gdm/gdm.conf' ] { - ensure => absent, - } - - Exec['/usr/sbin/dpkg-reconfigure gdm'] { - command => '/bin/true', - } - - Service['gdm'] { - ensure => stopped, - } - - Package['gdm'] { - ensure => absent, - } -} diff --git a/manifests/subsystem/gdm3.pp b/manifests/subsystem/gdm3.pp deleted file mode 100644 index d708f6a..0000000 --- a/manifests/subsystem/gdm3.pp +++ /dev/null @@ -1,20 +0,0 @@ -class nodo::subsystem::gdm3 { - package { 'gdm3': - ensure => installed, - } - - service { 'gdm3': - ensure => running, - require => Package['gdm3'], - } - - file { '/etc/gdm3/greeter.gsettings': - ensure => present, - owner => root, - group => root, - mode => 0644, - notify => Service['gdm3'], - source => [ "puppet:///modules/site_nodo/etc/gdm3/${::domain}/greeter.gseetings", - "puppet:///modules/nodo/etc/gdm3/greeter.gsettings", ] - } -} diff --git a/manifests/subsystem/gdm3/disabled.pp b/manifests/subsystem/gdm3/disabled.pp deleted file mode 100644 index 3e108f3..0000000 --- a/manifests/subsystem/gdm3/disabled.pp +++ /dev/null @@ -1,13 +0,0 @@ -class nodo::subsystem::gdm3::disabled inherits nodo::subsystem::gdm3 { - Package['gdm3'] { - ensure => absent, - } - - Service['gdm3'] { - ensure => stopped, - } - - File['/etc/gdm3/greeter.gsettings'] { - ensure => absent, - } -} diff --git a/manifests/subsystem/hosts.pp b/manifests/subsystem/hosts.pp index 464bc0c..d3b0d56 100644 --- a/manifests/subsystem/hosts.pp +++ b/manifests/subsystem/hosts.pp @@ -20,41 +20,41 @@ class nodo::subsystem::hosts( host_aliases => [ "${::fqdn}" ], } - host { "localhost": - ensure => present, - ip => "127.0.0.1", - } + #host { "localhost": + # ensure => present, + # ip => "127.0.0.1", + #} - host { "ip6-localhost": - ensure => present, - ip => "::1", - host_aliases => [ "ip6-loopback" ], - } + #host { "ip6-localhost": + # ensure => present, + # ip => "::1", + # host_aliases => [ "ip6-loopback" ], + #} - host { "ip6-localnet": - ensure => present, - ip => "fe00::0", - } + #host { "ip6-localnet": + # ensure => present, + # ip => "fe00::0", + #} - host { "ip6-mcastprefix": - ensure => present, - ip => "ff00::0", - } + #host { "ip6-mcastprefix": + # ensure => present, + # ip => "ff00::0", + #} - host { "ip6-allnodes": - ensure => present, - ip => "ff02::1", - } + #host { "ip6-allnodes": + # ensure => present, + # ip => "ff02::1", + #} - host { "ip6-allrouters": - ensure => present, - ip => "ff02::2", - } + #host { "ip6-allrouters": + # ensure => present, + # ip => "ff02::2", + #} - host { "ip6-allhosts": - ensure => present, - ip => "ff02::3", - } + #host { "ip6-allhosts": + # ensure => present, + # ip => "ff02::3", + #} } } } diff --git a/manifests/subsystem/modprobe.pp b/manifests/subsystem/modprobe.pp index be6ec42..e5e5498 100644 --- a/manifests/subsystem/modprobe.pp +++ b/manifests/subsystem/modprobe.pp @@ -1,28 +1,9 @@ class nodo::subsystem::modprobe { - # Keep firewire disabled among other things - case $lsbdistcodename { - 'lenny': { - file { "/etc/modprobe.d/blacklist": - owner => "root", - group => "root", - mode => 0644, - ensure => present, - source => "puppet:///modules/nodo/etc/modprobe.d/blacklist.conf", - } - } - default: { - # Upgrade from lenny - file { "/etc/modprobe.d/blacklist": - ensure => absent, - } - - file { "/etc/modprobe.d/blacklist.conf": - owner => "root", - group => "root", - mode => 0644, - ensure => present, - source => "puppet:///modules/nodo/etc/modprobe.d/blacklist.conf", - } - } + file { "/etc/modprobe.d/blacklist.conf": + owner => "root", + group => "root", + mode => 0644, + ensure => present, + source => "puppet:///modules/nodo/etc/modprobe.d/blacklist.conf", } } diff --git a/manifests/subsystem/modprobe/gnokii.pp b/manifests/subsystem/modprobe/gnokii.pp deleted file mode 100644 index decd1ed..0000000 --- a/manifests/subsystem/modprobe/gnokii.pp +++ /dev/null @@ -1,10 +0,0 @@ -# See http://wiki.gnokii.org/index.php/DKU2 -class nodo::subsystem::modprobe::gnokii { - file { '/etc/modprobe.d/phonet.conf': - ensure => present, - owner => root, - group => root, - mode => 0644, - content => "blacklist cdc_phonet\nblacklist phonet\n", - } -} diff --git a/manifests/subsystem/monitor.pp b/manifests/subsystem/monitor.pp deleted file mode 100644 index ebb99e5..0000000 --- a/manifests/subsystem/monitor.pp +++ /dev/null @@ -1,39 +0,0 @@ -class nodo::subsystem::monitor( - $use_nagios = hiera('nodo::subsystem::monitor::use_nagios', True), - $address = hiera('nodo::subsystem::monitor::address', $::ipaddress), - $check_command = hiera('nodo::subsystem::monitor::check_command', 'check_ping'), - $check_ping = hiera('nodo::subsystem::monitor::check_ping', present), - $check_ssh = hiera('nodo::subsystem::monitor::check_ssh', absent), - $ping_rate = hiera('nodo::subsystem::monitor::ping_rate', '!100.0,20%!500.0,60%') -) { - file { '/usr/local/sbin/ifcheck' : - ensure => present, - owner => 'root', - group => 'root', - mode => '0755', - source => 'puppet:///modules/nodo/bin/ifcheck', - } - - if $use_nagios != false { - - $command = $check_command ? { - 'check_ping' => "check_ping${ping_rate}", - default => $check_command, - } - - class { 'nagios::target': - address => $address, - check_command => $command, - } - - nagios::service::ping { "${::fqdn}": - ensure => $check_ping, - ping_rate => $ping_rate, - } - - nagios::service { "check_ssh4": - ensure => $check_ssh, - check_command => "check_ssh_4", - } - } -} diff --git a/manifests/subsystem/monitor/interface.pp b/manifests/subsystem/monitor/interface.pp deleted file mode 100644 index be630aa..0000000 --- a/manifests/subsystem/monitor/interface.pp +++ /dev/null @@ -1,14 +0,0 @@ -define nodo::subsystem::monitor::interface( - $ensure = 'present', - $hour = "*", - $minute = "*", -) -{ - cron { "ifcheck-${name}": - command => "/usr/local/sbin/ifcheck ${name} &> /dev/null", - user => 'root', - hour => $hour, - minute => $minute, - ensure => $ensure, - } -} diff --git a/manifests/subsystem/monitor/mail.pp b/manifests/subsystem/monitor/mail.pp deleted file mode 100644 index 913991b..0000000 --- a/manifests/subsystem/monitor/mail.pp +++ /dev/null @@ -1,6 +0,0 @@ -class nodo::subsystem::monitor::mail { - nagios::service { "check_rbl": - ensure => present, - check_command => "check_rbl", - } -} diff --git a/manifests/subsystem/monitor/master.pp b/manifests/subsystem/monitor/master.pp deleted file mode 100644 index dd6defa..0000000 --- a/manifests/subsystem/monitor/master.pp +++ /dev/null @@ -1,118 +0,0 @@ -class nodo::subsystem::monitor::master { - file { '/etc/nagios-plugins/check_rbl.ini': - ensure => present, - owner => root, - group => root, - source => 'puppet:///modules/nodo/etc/nagios-plugins/check_rbl.ini', - require => Package['nagios'], - } - - $main = hiera('nodo::role::master::main', false) - $ensure = $main ? { - true => 'present', - default => 'absent', - } - - # Legacy configuration - file { '/etc/apache2/conf.d/munin': - ensure => absent, - } - - # Munin configuration for apache - file { '/etc/apache2/conf.d/munin.conf': - ensure => present, - owner => root, - group => root, - mode => 0644, - source => 'puppet:///modules/nodo/munin/apache.conf', - require => Package["apache"], - notify => Service["apache"], - } - - # See http://www.jethrocarr.com/2012/05/26/munin-performance/ - file { "munin_graph_performance": - ensure => $ensure, - path => "/var/lib/puppet/modules/munin/nodes/00-performance", - content => "max_graph_jobs 1\nmax_cgi_graph_jobs 1\n", - require => $main ? { - true => Concatenated_file['/etc/munin/munin.conf'], - default => undef, - }, - } - - # See https://raymii.org/s/tutorials/Munin_optimalization_on_Debian.html - file { '/usr/local/bin/munin-graph': - ensure => $ensure, - owner => root, - group => root, - mode => 0755, - source => 'puppet:///modules/nodo/bin/munin-graph', - } - - file { '/etc/cron.d/munin-graph': - ensure => $ensure, - owner => root, - group => root, - mode => 0644, - content => "10 * * * * munin if [ -x /usr/local/bin/munin-graph ]; then /usr/bin/ionice -c 3 /usr/bin/nice -n 19 /usr/local/bin/munin-graph; fi\n", - require => File['/usr/local/bin/munin-graph'], - } - - # We won't mess with the package, so we distribute our own munin-cron - file { '/usr/local/bin/munin-cron': - ensure => $ensure, - owner => root, - group => root, - mode => 0755, - source => 'puppet:///modules/nodo/bin/munin-cron', - } - - file { '/etc/cron.d/munin': - ensure => $ensure, - owner => root, - group => root, - mode => 0644, - source => 'puppet:///modules/nodo/etc/cron.d/munin', - require => File['/usr/local/bin/munin-cron'], - } - - # - # See https://raymii.org/s/tutorials/Munin_optimalization_on_Debian.html - # https://munin.readthedocs.org/en/latest/master/rrdcached.html - # http://kuszelas.eu/~eyck/log/Howto/Munin.Rrdcached.html - # http://munin-monitoring.org/wiki/rrdcached - # - package { 'rrdcached': - ensure => $ensure, - } - - file { '/etc/default/rrdcached': - ensure => $ensure, - owner => root, - group => root, - source => 'puppet:///modules/nodo/etc/default/rrdcached', - require => Package['rrdcached'], - notify => $main ? { - true => Service['rrdcached'], - default => undef, - }, - } - - # Munin configuration for rrdcache - file { "munin_rrdcache": - ensure => $ensure, - path => "/var/lib/puppet/modules/munin/nodes/00-rrdcache", - content => "rrdcached_socket /var/run/rrdcached.sock\n", - require => $main ? { - true => Concatenated_file['/etc/munin/munin.conf'], - default => undef, - }, - } - - if $main == true { - service { 'rrdcached': - ensure => running, - require => Package['rrdcached'], - } - } -} diff --git a/manifests/subsystem/monitor/munin.pp b/manifests/subsystem/monitor/munin.pp deleted file mode 100644 index c2f461a..0000000 --- a/manifests/subsystem/monitor/munin.pp +++ /dev/null @@ -1,30 +0,0 @@ -# Define a munin node -define nodo::subsystem::monitor::munin( - $manage = hiera('nodo::munin_node::manage', True), - $port = hiera('nodo::munin_node::port', '4949'), - $allow = hiera('nodo::munin_node::allow', ''), - $host = hiera('nodo::munin_node::host', $::fqdn), - $listen = hiera('nodo::munin_node::listen', '*'), - $config = hiera('nodo::munin_node::config', [ 'use_node_name yes', 'load.load.warning 5', 'load.load.critical 10' ]) -) { - - if $manage == true { - case $allow { - '': { fail("Please set nodo::munin_node::allow in your config") } - } - - package { "munin-plugins-extra": - ensure => "present", - } - - class { 'munin::client': - port => $port, - allow => $allow, - host => $host, - listen => $listen, - config => $config, - } - - munin::plugin { apt_all: ensure => present; } - } -} diff --git a/manifests/subsystem/mount.pp b/manifests/subsystem/mount.pp deleted file mode 100644 index 05adaa7..0000000 --- a/manifests/subsystem/mount.pp +++ /dev/null @@ -1,15 +0,0 @@ -class nodo::subsystem::mount { - class { autofs: } - - file { '/etc/auto.removable': - source => [ "puppet:///modules/site_nodo/etc/${::fqdn}/auto.removable", - "puppet:///modules/site_nodo/etc/${::domain}/auto.removable", - "puppet:///modules/site_nodo/etc/auto.removable", - "puppet:///modules/nodo/etc/auto.removable.${::operatingssystem}", - "puppet:///modules/nodo/etc/auto.removable" ], - notify => Service[autofs], - owner => root, - group => root, - mode => 0644; - } -} diff --git a/manifests/subsystem/pam.pp b/manifests/subsystem/pam.pp deleted file mode 100644 index 7186d0b..0000000 --- a/manifests/subsystem/pam.pp +++ /dev/null @@ -1,40 +0,0 @@ -class nodo::subsystem::pam( - $enable = hiera('nodo::pam::enable', false) -) { - if $enable != false { - - # Squeeze only - if $::lsbdistcodename == 'squeeze' { - # pam - login - file { "/etc/pam.d/login": - source => [ "puppet:///modules/nodo/etc/pam.d/login.${::lsbdistcodename}", - "puppet:///modules/nodo/etc/pam.d/login", - ], - owner => "root", - group => "root", - mode => 0644, - ensure => present, - } - - # pam - gdm - file { "/etc/pam.d/gdm": - source => "puppet:///modules/nodo/etc/pam.d/gdm", - owner => "root", - group => "root", - mode => 0644, - ensure => present, - } - } - - # pam - mountpoints - file { "/etc/security/pam_mount.conf.xml": - ensure => present, - owner => root, - group => root, - mode => 0644, - source => [ "puppet:///modules/site_nodo/security/pam_mount.conf.xml.${::lsbdistcodename}", - "puppet:///modules/site_nodo/security/pam_mount.conf.xml", - ], - } - } -} diff --git a/manifests/subsystem/profile.pp b/manifests/subsystem/profile.pp index d1e343e..dac2f02 100644 --- a/manifests/subsystem/profile.pp +++ b/manifests/subsystem/profile.pp @@ -1,35 +1,4 @@ # Custom configuration for user profiles class nodo::subsystem::profile { - file { "/etc/profile.d/prompt.sh": - source => "puppet:///modules/nodo/etc/profile.d/prompt.sh", - owner => "root", - group => "root", - mode => 0644, - ensure => present, - } - - # Ideally we should not manage this file, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675008 - file { "/etc/bash.bashrc": - source => "puppet:///modules/nodo/etc/bash.bashrc", - owner => "root", - group => "root", - mode => 0644, - ensure => present, - require => File['/etc/profile.d/prompt.sh'], - } - - # See http://linuxforcynics.com/how-to/using-rxvt-unicode-with-screen - # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=630976 - # https://bbs.archlinux.org/viewtopic.php?id=50647 - # https://stackoverflow.com/questions/12345675/screen-cannot-find-terminfo-entry-for-xterm-256color - file { '/lib/terminfo/r/rxvt-256color': - source => "puppet:///modules/nodo/terminfo/rxvt-256color", - owner => root, - group => root, - mode => 0644, - ensure => $::lsbdistcodename ? { - 'squeeze' => present, - default => absent, - }, - } + include shellprompt } diff --git a/manifests/subsystem/profile/vagrant.pp b/manifests/subsystem/profile/vagrant.pp deleted file mode 100644 index 6306b58..0000000 --- a/manifests/subsystem/profile/vagrant.pp +++ /dev/null @@ -1,9 +0,0 @@ -class nodo::subsystem::profile::vagrant inherits nodo::subsystem::profile { - file { "/root/.profile": - source => "puppet:///modules/nodo/root/profile", - owner => "root", - group => "root", - mode => 0644, - ensure => present, - } -} diff --git a/manifests/subsystem/sudo.pp b/manifests/subsystem/sudo.pp index 9249379..d8c7099 100644 --- a/manifests/subsystem/sudo.pp +++ b/manifests/subsystem/sudo.pp @@ -3,7 +3,7 @@ class nodo::subsystem::sudo { ensure => "present", } - file { "/etc/sudoers": + file { "/etc/sudoers.d/local": source => [ "puppet:///modules/site_nodo/etc/sudoers/hostname/${::hostname}", "puppet:///modules/site_nodo/etc/sudoers/domain/${::domain}", "puppet:///modules/nodo/etc/sudoers" ], diff --git a/manifests/subsystem/virtual/instance.pp b/manifests/subsystem/virtual/instance.pp index 151058e..a7fead0 100644 --- a/manifests/subsystem/virtual/instance.pp +++ b/manifests/subsystem/virtual/instance.pp @@ -1,7 +1,6 @@ # Define a virtual server instance define nodo::subsystem::virtual::instance( $context, - $distro = 'jessie', $ensure = 'running', $proxy = false, $puppetmaster = false, @@ -47,66 +46,7 @@ define nodo::subsystem::virtual::instance( $dev = hiera('nodo::subsystem::vm::interface', 'eth0') - if $implementation == 'vserver' { - virtual::vserver { $name: - ensure => $ensure, - context => "$context", - mark => 'default', - distro => $distro, - interface => "${dev}:192.168.0.${context}/24", - hostname => "$name.$domain", - memory_limit => $memory_limit, - } - - # Some nodes need a lot of space at /tmp otherwise some admin - # tasks like backups might not run. - file { "/etc/vservers/${name}/fstab": - source => [ "puppet:///modules/site_nodo/etc/fstab/vserver/$name", - "puppet:///modules/nodo/etc/fstab/vserver" ], - owner => "root", - group => "root", - mode => 0644, - ensure => present, - notify => Exec["vs_restart_${name}"], - require => Exec["vserver_instance_${name}"], - } - - # Sound support - if $sound { - if !defined(File["/usr/local/sbin/create-sound-devices"]) { - file { "/usr/local/sbin/create-sound-devices": - ensure => present, - source => "puppet:///modules/nodo/sound/devices.sh", - owner => root, - group => root, - mode => 755, - } - } - exec { "/usr/local/sbin/create-sound-devices ${name}": - unless => "/usr/local/sbin/create-sound-devices ${name} --check", - user => root, - require => [ Exec["vs_create_${name}"], File["/usr/local/sbin/create-sound-devices"] ], - } - } - } - - # Create a munin virtual resource to be realized in the node - @@nodo::subsystem::monitor::munin { "${name}": - port => $munin_port ? { - false => "49$id", - default => $munin_port, - } - } - - # Create a monkeysphere virtual resource to be realized in the node - @@nodo::subsystem::monkeysphere { "$name": - port => $monkeysphere_ssh_port ? { - false => "22$id", - default => $monkeysphere_ssh_port, - } - } - - # Apply firewall rules just for running vservers + # Apply firewall rules just for running virtual machines case $ensure { 'running': { firewall::virtual::ssh { "$name": diff --git a/manifests/subsystem/xorg.pp b/manifests/subsystem/xorg.pp deleted file mode 100644 index da8a069..0000000 --- a/manifests/subsystem/xorg.pp +++ /dev/null @@ -1,15 +0,0 @@ -class nodo::subsystem::xorg( - $enable = hiera('nodo::subsystem::xorg::enable', false) -) { - if $enable != false { - file { "/etc/X11/xorg.conf": - ensure => present, - owner => root, - group => root, - mode => 0644, - source => [ "puppet:///modules/site_nodo/X11/xorg.conf/${::hostname}.${::lsbdistcodename}", - "puppet:///modules/site_nodo/X11/xorg.conf/${::hostname}", - "puppet:///modules/site_nodo/X11/xorg.conf.default" ], - } - } -} diff --git a/manifests/utils.pp b/manifests/utils.pp index 8f572b6..0335bf3 100644 --- a/manifests/utils.pp +++ b/manifests/utils.pp @@ -1,9 +1,6 @@ # Common utilities -class nodo::utils { - package { [ 'screen', 'less', 'bzip2', 'openssl', 'lynx', 'unzip', - 'nmap', 'telnet', 'tree', 'whois', 'dosfstools', 'dnsutils', 'secure-delete', - 'bc', 'lsof', 'wipe', 'vrms', 'nsca-client', 'uuid-runtime', 'vim-nox', - 'multitail', 'bash-completion', 'zsh' ]: +class nodo::utils inherits nodo::utils::base { + package { [ 'vim-nox' ]: ensure => installed, } @@ -14,33 +11,11 @@ class nodo::utils { } } - # Not using right now - package { [ 'logcheck', 'logcheck-database' ]: - ensure => absent, - } - - # We'll probably use https://github.com/puppetlabs/puppetlabs-denyhosts in the future - package { 'denyhosts': - ensure => purged, - } - - # Maybe we use logwatch in the future - #package { 'logwatch': - # ensure => installed, - #} - # To be considered #package { 'needrestart': # ensure => present, #} - # Obsolete - if !defined(Package['git-core']) { - package { 'git-core': - ensure => absent, - } - } - if !defined(Package['git']) { package { 'git': ensure => latest, @@ -55,17 +30,7 @@ class nodo::utils { } # Ensure we have the minimum augeas version required by shorewall module - package { - 'libaugeas0': - ensure => $::lsbdistcodename ? { - 'squeeze' => '0.10.0-1~bpo60+3', - default => installed, - }; - 'augeas-tools': - ensure => $::lsbdistcodename ? { - 'squeeze' => '0.10.0-1~bpo60+3', - default => installed, - }, - require => Package['libaugeas0']; + package { [ 'libaugeas0', 'augeas-tools' ]: + ensure => present, } } diff --git a/manifests/utils/laptop/debian.pp b/manifests/utils/laptop/debian.pp index af9cefb..948a34c 100644 --- a/manifests/utils/laptop/debian.pp +++ b/manifests/utils/laptop/debian.pp @@ -10,7 +10,7 @@ class nodo::utils::laptop::debian { 'tftp', 'sharutils', 'wireshark', 'macchanger', 'weplab', 'wpagui', 'gnokii', 'sslstrip', 'uswsusp', - 'tcpdump', 'tshark', 'powertop' ]: + 'tcpdump', 'tshark' ]: ensure => installed, } diff --git a/manifests/utils/physical.pp b/manifests/utils/physical.pp index a6806c5..071c9a9 100644 --- a/manifests/utils/physical.pp +++ b/manifests/utils/physical.pp @@ -2,7 +2,8 @@ class nodo::utils::physical { package { [ 'nload', 'acpid', 'slurm', 'ethtool', 'parted', 'iftop', 'iptraf', 'htop', 'sdparm', 'iotop', 'sysstat', 'saidar', - 'lshw', 'sg3-utils', 'nmon', 'atop', 'dcfldd', 'gdisk' ]: + 'lshw', 'sg3-utils', 'nmon', 'atop', 'dcfldd', 'gdisk', + 'powertop' ]: ensure => installed, } |