diff options
Diffstat (limited to 'manifests')
37 files changed, 126 insertions, 894 deletions
diff --git a/manifests/base.pp b/manifests/base.pp index 6426219..f0a05d7 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -7,7 +7,6 @@ class nodo::base( # Then include our subsystems include nodo::subsystem::sudo include nodo::subsystem::locales - include nodo::subsystem::profile include nodo::subsystem::screen include nodo::subsystem::screen::startup include nodo::subsystem::backup @@ -17,39 +16,25 @@ class nodo::base( include nodo::subsystem::local # Apt module - $apt = hiera('nodo::subsystem::apt', True) - if $apt == true { - include nodo::subsystem::apt - } + #$apt = hiera('nodo::subsystem::apt', True) + #if $apt == true { + # include nodo::subsystem::apt + #} # Declare subsystem classes - class { [ 'nodo::subsystem::hosts', 'nodo::subsystem::motd' ]: } + #class { 'nodo::subsystem::hosts': } + class { 'nodo::subsystem::motd': } # Common utilities include nodo::utils # Other modules - include tunnel::autossh - include domain_check include concat::setup include cron + include shellprompt # Require admin accounts' class if (defined(site_users::admin)) { include site_users::admin } - - # Puppet - case $puppet_mode { - 'standalone': { include puppet::standalone } - 'daemon': { - class { 'puppet::daemon': - master => hiera('nodo::role::master::main', false), - } - } - default: { } - } - - # Does not work well inside vservers - #class { 'runit': ensure => absent } } diff --git a/manifests/base/appliance.pp b/manifests/base/appliance.pp index 3032479..982e589 100644 --- a/manifests/base/appliance.pp +++ b/manifests/base/appliance.pp @@ -1,7 +1,3 @@ class nodo::base::appliance inherits nodo::base::physical { class { 'nodo::subsystem::sysctl::appliance': } - - class { [ 'nodo::subsystem::fstab', 'nodo::subsystem::crypttab' ]: - type => 'appliance', - } } diff --git a/manifests/base/desktop.pp b/manifests/base/desktop.pp index 7dd969c..8b03e6e 100644 --- a/manifests/base/desktop.pp +++ b/manifests/base/desktop.pp @@ -1,16 +1,3 @@ class nodo::base::desktop inherits nodo::base::personal { include nodo::utils::desktop - - class { [ 'nodo::subsystem::fstab', 'nodo::subsystem::crypttab' ]: - type => 'desktop', - } - - # Allow regular users to power off the machine (overrides policy kit default configuration) - file { '/usr/share/polkit-1/actions/org.freedesktop.consolekit.policy': - ensure => present, - owner => root, - group => root, - mode => 0644, - source => 'puppet:///modules/nodo/polkit/org.freedesktop.consolekit.policy', - } } diff --git a/manifests/base/host.pp b/manifests/base/host.pp index 8cbf9d2..80eb936 100644 --- a/manifests/base/host.pp +++ b/manifests/base/host.pp @@ -14,17 +14,6 @@ class nodo::base::host { # Firewall class { 'firewall': } - # Vserver - if $::lsbdistcodename == 'squeeze' { - $vserver = hiera('nodo::host::use_vserver', True) - - if $vserver == true { - class { 'virtual::vserver::host': - vdirbase => "/var/vservers", - } - } - } - # Time $ntpdate = hiera('nodo::host::ntpdate', True) case $ntpdate { @@ -40,17 +29,4 @@ class nodo::base::host { #dombr => $::is_virtual, #dobios => $::is_virtual, } - - # Monitoring - if !defined(Class['nodo::subsystem::monitor']) { - class { 'nodo::subsystem::monitor': } - } - - # Munin configuration - $munin = hiera('nodo::host::use_munin', True) - if $munin == true { - nodo::subsystem::monitor::munin { "$hostname": - port => '4900', - } - } } diff --git a/manifests/base/laptop.pp b/manifests/base/laptop.pp index 3885606..b984873 100644 --- a/manifests/base/laptop.pp +++ b/manifests/base/laptop.pp @@ -54,23 +54,4 @@ class nodo::base::laptop inherits nodo::base::personal { default => present, }, } - - # Avoid this annoying warning - # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673818 - file { '/etc/laptop-mode/conf.d/board-specific': - ensure => directory, - owner => root, - group => root, - mode => 0755, - require => Package['laptop-mode-tools'], - } - - file { '/etc/laptop-mode/conf.d/board-specific/bogus.conf' : - ensure => present, - owner => 'root', - group => 'root', - mode => '0644', - content => "# Placeholder file, see Debian bug #673818\n", - require => File['/etc/laptop-mode/conf.d/board-specific'], - } } diff --git a/manifests/base/personal.pp b/manifests/base/personal.pp index 14fa34f..55f4835 100644 --- a/manifests/base/personal.pp +++ b/manifests/base/personal.pp @@ -4,19 +4,8 @@ class nodo::base::personal { include nodo::utils::personal include autossh - class { 'nodo::subsystem::pam': } class { 'nodo::subsystem::xorg': } - - if $::lsbdistcodename == 'squeeze' { - include nodo::subsystem::gdm - } - elsif $::lsbdistcodename == 'wheezy' { - include nodo::subsystem::gdm3 - } - else { - include nodo::subsystem::gdm3::disabled - include nodo::subsystem::lightdm - } + class { 'nodo::subsystem::lightdm': } # Media folders and groups include nodo::subsystem::media diff --git a/manifests/base/physical.pp b/manifests/base/physical.pp index 45648ee..a00dd18 100644 --- a/manifests/base/physical.pp +++ b/manifests/base/physical.pp @@ -1,58 +1,7 @@ class nodo::base::physical inherits nodo::base::host { class { [ 'nodo::subsystem::ups', 'smartmontools' ]: } - # SMART and sensors monitoring - $munin = hiera('nodo::host::use_munin', True) - if $munin == true { - include munin::plugins::smart - - # TODO: use nodo::physical::disks instead - $sdb = hiera('nodo::physical::sdb', false) - $disks = $sdb ? { - true => 'sda sdb', - default => 'sda', - } - - munin::plugin { 'hddtemp_smartctl': - ensure => present, - config => "user root\ngroup disk\nenv.drives ${disks}", - } - - munin::plugin { 'smart_sda': - ensure => 'smart_', - config => "user root\ngroup disk", - } - - if $sdb == true { - munin::plugin { 'smart_sdb': - ensure => 'smart_', - config => "user root\ngroup disk", - } - } - - package { 'lm-sensors': - ensure => present, - } - - munin::plugin { [ 'sensors_fan', 'sensors_volt', 'sensors_temp' ]: - ensure => 'sensors_', - } - } - - # Entropy key - $ekey_masterkey = hiera('nodo::physical::ekey_masterkey', '') - if $ekey_masterkey != '' { - class { "ekeyd": - ekeyd_masterkey => $ekey_masterkey, - } - - # We can also use ekeyd::munin - munin::plugin { [ 'ekeyd_stat_KeyTemperatureC', 'ekeyd_stat_KeyTemperatureF', - 'ekeyd_stat_KeyTemperatureK', 'ekeyd_stat_TotalEntropy', - 'ekeyd_stat_KeyVoltage', 'ekeyd_stat_FipsFrameRate', - 'ekeyd_stat_EntropyRate', 'ekeyd_stat' ]: - ensure => 'ekeyd_stat_', - config => 'user root', - } + package { 'lm-sensors': + ensure => present, } } diff --git a/manifests/base/plug.pp b/manifests/base/plug.pp index 49d9f8d..756eb3c 100644 --- a/manifests/base/plug.pp +++ b/manifests/base/plug.pp @@ -13,14 +13,4 @@ class nodo::base::plug { backupninja::sys { "sys": ensure => present, } - - # Monitoring - if !defined(Class['nodo::subsystem::monitor']) { - class { 'nodo::subsystem::monitor': } - } - - # Munin configuration - nodo::subsystem::monitor::munin { "${::hostname}": - port => '4900', - } } diff --git a/manifests/base/removable.pp b/manifests/base/removable.pp index d13b5ee..e82700c 100644 --- a/manifests/base/removable.pp +++ b/manifests/base/removable.pp @@ -1,9 +1,2 @@ class nodo::base::removable inherits nodo::base::desktop { - File["/etc/fstab"] { - source => "puppet:///modules/nodo/etc/fstab/removable", - } - - File["/etc/crypttab"] { - source => "puppet:///modules/nodo/etc/crypttab/removable", - } } diff --git a/manifests/base/virtual.pp b/manifests/base/virtual.pp index f2c72f1..5e86e42 100644 --- a/manifests/base/virtual.pp +++ b/manifests/base/virtual.pp @@ -10,25 +10,8 @@ class nodo::base::virtual { dohwinfo => false, } - $hosting_type = hiera('nodo::vserver::hosting_type', 'direct') - - case $hosting_type { - "direct": { - # Apply munin and monkeysphere configuration for - # for directly hosted nodes. - Nodo::Subsystem::Monitor::Munin <<| title == $::hostname |>> - Nodo::Subsystem::Monkeysphere <<| title == $::hostname |>> - } - "third-party": { - # Apply munin and monkeysphere configuration for - # nodes hosted by third-parties. - nodo::subsystem::monitor::munin { "${::hostname}": } - monkeysphere_host { "${::hostname}": - port => hiera('nodo::vserver::ssh_port', '22'), - } - - # Nagios configuration - class { 'nodo::subsystem::monitor': } - } + nodo::subsystem::monitor::munin { "${::hostname}": } + monkeysphere_host { "${::hostname}": + port => hiera('nodo::vserver::ssh_port', '22'), } } diff --git a/manifests/role/mail.pp b/manifests/role/mail.pp index 2383ada..87a928b 100644 --- a/manifests/role/mail.pp +++ b/manifests/role/mail.pp @@ -1,29 +1,19 @@ class nodo::role::mail { class { [ 'nodo::role::virtual', 'mail::system' ]: } - # Config parameters - $delivery = hiera('nodo::subsystem::mail::delivery', 'exim') - $virtual = hiera('mail::virtual', false) - # Graph postfix munin::plugin { [ 'postfix_mailqueue', 'postfix_mailstats' ]: config => 'user root', - ensure => $delivery ? { - 'postfix' => present, - default => absent, - }, + ensure => present, } - # Graph mysql - package { 'libcache-cache-perl': # needed by munin mysql plugin + # Graph mysql, needed by munin mysql plugin + package { 'libcache-cache-perl': ensure => present, } munin::plugin { [ 'mysql_queries', 'mysql_slowqueries', 'mysql_bytes', 'mysql_threads' ]: config => "user root\nenv.mysqlopts --defaults-extra-file=/etc/mysql/debian.cnf", - ensure => $virtual ? { - true => present, - default => absent, - }, + ensure => present, } } diff --git a/manifests/role/web.pp b/manifests/role/web.pp index a497108..2d25c9c 100644 --- a/manifests/role/web.pp +++ b/manifests/role/web.pp @@ -6,53 +6,53 @@ class nodo::role::web inherits nodo::base::virtual { } # Munin - $munin = hiera('nodo::munin_node::manage', True) - if $munin == true { - munin::plugin { [ 'apache_accesses', 'apache_processes', 'apache_volume' ]: - ensure => present, - } - - package { 'libcache-cache-perl': # needed by munin mysql plugin - ensure => present, - } - - munin::plugin { [ 'mysql_queries', 'mysql_slowqueries', 'mysql_bytes', 'mysql_threads' ]: - ensure => present, - config => "user root\nenv.mysqlopts --defaults-extra-file=/etc/mysql/debian.cnf", - } - } + #$munin = hiera('nodo::munin_node::manage', True) + #if $munin == true { + # munin::plugin { [ 'apache_accesses', 'apache_processes', 'apache_volume' ]: + # ensure => present, + # } + # + # # Needed by munin mysql plugin + # package { 'libcache-cache-perl': + # ensure => present, + # } + # + # munin::plugin { [ 'mysql_queries', 'mysql_slowqueries', 'mysql_bytes', 'mysql_threads' ]: + # ensure => present, + # config => "user root\nenv.mysqlopts --defaults-extra-file=/etc/mysql/debian.cnf", + # } + #} # Classes for web nodes include database - - # Put your custom sites and users here include websites - - # Reprepro configuration - $reprepro = hiera('nodo::web::reprepro', false) - $reprepro_basedir = '/var/reprepro' - - case $reprepro { - true,'enabled': { - class { 'reprepro': - basedir => '/var/reprepro', - uploaders => hiera('nodo::web::reprepro_uploaders', [ ]), - } - - include reprepro::cron - } - 'disabled': { - class { 'reprepro::disabled': - basedir => '/var/reprepro', - } - } - 'purged': { - class { 'reprepro::purged': - basedir => '/var/reprepro', - } - } - false,default: { } - } + include domain_check + + ## Reprepro configuration + #$reprepro = hiera('nodo::web::reprepro', false) + #$reprepro_basedir = '/var/reprepro' + # + #case $reprepro { + # true,'enabled': { + # class { 'reprepro': + # basedir => '/var/reprepro', + # uploaders => hiera('nodo::web::reprepro_uploaders', [ ]), + # } + # + # include reprepro::cron + # } + # 'disabled': { + # class { 'reprepro::disabled': + # basedir => '/var/reprepro', + # } + # } + # 'purged': { + # class { 'reprepro::purged': + # basedir => '/var/reprepro', + # } + # } + # false,default: { } + #} backupninja::svn { "svn": src => "/var/svn", diff --git a/manifests/subsystem/apt.pp b/manifests/subsystem/apt.pp index c927062..2c463b6 100644 --- a/manifests/subsystem/apt.pp +++ b/manifests/subsystem/apt.pp @@ -61,27 +61,27 @@ class nodo::subsystem::apt { }, } - $squeeze_lts = 'http://http.debian.net/debian/ squeeze-lts main contrib non-free' - - # See https://wiki.debian.org/LTS/Using - ::apt::sources_list { 'squeeze-lts.list': - content => "deb ${squeeze_lts}\ndeb-src ${squeeze_lts}", - ensure => $::lsbdistcodename ? { - 'squeeze' => present, - default => absent, - } - } - - file { '/etc/apt/apt.conf.d/80default-release': - owner => root, - group => root, - mode => 0644, - content => "APT::Default-Release \"squeeze-lts\";\n", - ensure => $::lsbdistcodename ? { - 'squeeze' => present, - default => absent, - } - } + #$squeeze_lts = 'http://http.debian.net/debian/ squeeze-lts main contrib non-free' + # + ## See https://wiki.debian.org/LTS/Using + #::apt::sources_list { 'squeeze-lts.list': + # content => "deb ${squeeze_lts}\ndeb-src ${squeeze_lts}", + # ensure => $::lsbdistcodename ? { + # 'squeeze' => present, + # default => absent, + # } + #} + # + #file { '/etc/apt/apt.conf.d/80default-release': + # owner => root, + # group => root, + # mode => 0644, + # content => "APT::Default-Release \"squeeze-lts\";\n", + # ensure => $::lsbdistcodename ? { + # 'squeeze' => present, + # default => absent, + # } + #} package { 'apt-transport-https': ensure => present, diff --git a/manifests/subsystem/crypttab.pp b/manifests/subsystem/crypttab.pp deleted file mode 100644 index 749569c..0000000 --- a/manifests/subsystem/crypttab.pp +++ /dev/null @@ -1,15 +0,0 @@ -class nodo::subsystem::crypttab( - $type, - $manage = hiera('nodo::crypttab::manage', false) -) { - if $manage == true { - file { "/etc/crypttab": - source => "puppet:///modules/nodo/etc/crypttab/${type}", - owner => "root", - group => "root", - mode => 0644, - ensure => present, - notify => Exec['update-initramfs'], - } - } -} diff --git a/manifests/subsystem/fstab.pp b/manifests/subsystem/fstab.pp deleted file mode 100644 index 9538f66..0000000 --- a/manifests/subsystem/fstab.pp +++ /dev/null @@ -1,15 +0,0 @@ -class nodo::subsystem::fstab( - $type, - $manage = hiera('nodo::subsystem::fstab::manage', false) -) { - if $manage == true { - file { "/etc/fstab": - source => "puppet:///modules/nodo/etc/fstab/${type}", - owner => "root", - group => "root", - mode => 0644, - ensure => present, - notify => Exec['update-initramfs'], - } - } -} diff --git a/manifests/subsystem/gdm.pp b/manifests/subsystem/gdm.pp deleted file mode 100644 index fd36e99..0000000 --- a/manifests/subsystem/gdm.pp +++ /dev/null @@ -1,66 +0,0 @@ -class nodo::subsystem::gdm { - package { 'gdm': - ensure => installed, - } - - service { 'gdm': - ensure => running, - require => Package['gdm'], - } - - exec { '/usr/sbin/dpkg-reconfigure gdm': - subscribe => File['/etc/gdm/gdm.conf'], - user => root, - group => root, - refreshonly => true, - require => Service['gdm'], - } - - file { '/etc/gdm/gdm.conf': - ensure => present, - owner => root, - group => root, - mode => 0644, - source => [ "puppet:///modules/site_nodo/etc/gdm/${::domain}/gdm.conf", - "puppet:///modules/nodo/etc/gdm/gdm.conf", ] - } - - file { '/usr/share/gdm/themes/crunchbang': - ensure => directory, - recurse => true, - purge => true, - force => true, - owner => "root", - group => "root", - # This mode will also apply to files from the source directory - mode => 0644, - # Puppet will automatically set +x for directories - source => 'puppet:///modules/nodo/etc/gdm/themes/crunchbang', - } - - file { '/usr/share/gdm/themes/Tuxtastic': - ensure => directory, - recurse => true, - purge => true, - force => true, - owner => "root", - group => "root", - # This mode will also apply to files from the source directory - mode => 0644, - # Puppet will automatically set +x for directories - source => 'puppet:///modules/nodo/etc/gdm/themes/Tuxtastic', - } - - file { '/usr/share/gdm/themes/dasUberMini': - ensure => directory, - recurse => true, - purge => true, - force => true, - owner => "root", - group => "root", - # This mode will also apply to files from the source directory - mode => 0644, - # Puppet will automatically set +x for directories - source => 'puppet:///modules/nodo/etc/gdm/themes/dasUberMini', - } -} diff --git a/manifests/subsystem/gdm/disabled.pp b/manifests/subsystem/gdm/disabled.pp deleted file mode 100644 index d2565ef..0000000 --- a/manifests/subsystem/gdm/disabled.pp +++ /dev/null @@ -1,18 +0,0 @@ -class nodo::subsystem::gdm::disabled inherits nodo::subsystem::gdm { - File['/usr/share/gdm/themes/dasUberMini', '/usr/share/gdm/themes/Tuxtastic', - '/usr/share/gdm/themes/crunchbang', '/etc/gdm/gdm.conf' ] { - ensure => absent, - } - - Exec['/usr/sbin/dpkg-reconfigure gdm'] { - command => '/bin/true', - } - - Service['gdm'] { - ensure => stopped, - } - - Package['gdm'] { - ensure => absent, - } -} diff --git a/manifests/subsystem/gdm3.pp b/manifests/subsystem/gdm3.pp deleted file mode 100644 index d708f6a..0000000 --- a/manifests/subsystem/gdm3.pp +++ /dev/null @@ -1,20 +0,0 @@ -class nodo::subsystem::gdm3 { - package { 'gdm3': - ensure => installed, - } - - service { 'gdm3': - ensure => running, - require => Package['gdm3'], - } - - file { '/etc/gdm3/greeter.gsettings': - ensure => present, - owner => root, - group => root, - mode => 0644, - notify => Service['gdm3'], - source => [ "puppet:///modules/site_nodo/etc/gdm3/${::domain}/greeter.gseetings", - "puppet:///modules/nodo/etc/gdm3/greeter.gsettings", ] - } -} diff --git a/manifests/subsystem/gdm3/disabled.pp b/manifests/subsystem/gdm3/disabled.pp deleted file mode 100644 index 3e108f3..0000000 --- a/manifests/subsystem/gdm3/disabled.pp +++ /dev/null @@ -1,13 +0,0 @@ -class nodo::subsystem::gdm3::disabled inherits nodo::subsystem::gdm3 { - Package['gdm3'] { - ensure => absent, - } - - Service['gdm3'] { - ensure => stopped, - } - - File['/etc/gdm3/greeter.gsettings'] { - ensure => absent, - } -} diff --git a/manifests/subsystem/hosts.pp b/manifests/subsystem/hosts.pp index 464bc0c..d3b0d56 100644 --- a/manifests/subsystem/hosts.pp +++ b/manifests/subsystem/hosts.pp @@ -20,41 +20,41 @@ class nodo::subsystem::hosts( host_aliases => [ "${::fqdn}" ], } - host { "localhost": - ensure => present, - ip => "127.0.0.1", - } + #host { "localhost": + # ensure => present, + # ip => "127.0.0.1", + #} - host { "ip6-localhost": - ensure => present, - ip => "::1", - host_aliases => [ "ip6-loopback" ], - } + #host { "ip6-localhost": + # ensure => present, + # ip => "::1", + # host_aliases => [ "ip6-loopback" ], + #} - host { "ip6-localnet": - ensure => present, - ip => "fe00::0", - } + #host { "ip6-localnet": + # ensure => present, + # ip => "fe00::0", + #} - host { "ip6-mcastprefix": - ensure => present, - ip => "ff00::0", - } + #host { "ip6-mcastprefix": + # ensure => present, + # ip => "ff00::0", + #} - host { "ip6-allnodes": - ensure => present, - ip => "ff02::1", - } + #host { "ip6-allnodes": + # ensure => present, + # ip => "ff02::1", + #} - host { "ip6-allrouters": - ensure => present, - ip => "ff02::2", - } + #host { "ip6-allrouters": + # ensure => present, + # ip => "ff02::2", + #} - host { "ip6-allhosts": - ensure => present, - ip => "ff02::3", - } + #host { "ip6-allhosts": + # ensure => present, + # ip => "ff02::3", + #} } } } diff --git a/manifests/subsystem/modprobe.pp b/manifests/subsystem/modprobe.pp index be6ec42..e5e5498 100644 --- a/manifests/subsystem/modprobe.pp +++ b/manifests/subsystem/modprobe.pp @@ -1,28 +1,9 @@ class nodo::subsystem::modprobe { - # Keep firewire disabled among other things - case $lsbdistcodename { - 'lenny': { - file { "/etc/modprobe.d/blacklist": - owner => "root", - group => "root", - mode => 0644, - ensure => present, - source => "puppet:///modules/nodo/etc/modprobe.d/blacklist.conf", - } - } - default: { - # Upgrade from lenny - file { "/etc/modprobe.d/blacklist": - ensure => absent, - } - - file { "/etc/modprobe.d/blacklist.conf": - owner => "root", - group => "root", - mode => 0644, - ensure => present, - source => "puppet:///modules/nodo/etc/modprobe.d/blacklist.conf", - } - } + file { "/etc/modprobe.d/blacklist.conf": + owner => "root", + group => "root", + mode => 0644, + ensure => present, + source => "puppet:///modules/nodo/etc/modprobe.d/blacklist.conf", } } diff --git a/manifests/subsystem/modprobe/gnokii.pp b/manifests/subsystem/modprobe/gnokii.pp deleted file mode 100644 index decd1ed..0000000 --- a/manifests/subsystem/modprobe/gnokii.pp +++ /dev/null @@ -1,10 +0,0 @@ -# See http://wiki.gnokii.org/index.php/DKU2 -class nodo::subsystem::modprobe::gnokii { - file { '/etc/modprobe.d/phonet.conf': - ensure => present, - owner => root, - group => root, - mode => 0644, - content => "blacklist cdc_phonet\nblacklist phonet\n", - } -} diff --git a/manifests/subsystem/monitor.pp b/manifests/subsystem/monitor.pp deleted file mode 100644 index ebb99e5..0000000 --- a/manifests/subsystem/monitor.pp +++ /dev/null @@ -1,39 +0,0 @@ -class nodo::subsystem::monitor( - $use_nagios = hiera('nodo::subsystem::monitor::use_nagios', True), - $address = hiera('nodo::subsystem::monitor::address', $::ipaddress), - $check_command = hiera('nodo::subsystem::monitor::check_command', 'check_ping'), - $check_ping = hiera('nodo::subsystem::monitor::check_ping', present), - $check_ssh = hiera('nodo::subsystem::monitor::check_ssh', absent), - $ping_rate = hiera('nodo::subsystem::monitor::ping_rate', '!100.0,20%!500.0,60%') -) { - file { '/usr/local/sbin/ifcheck' : - ensure => present, - owner => 'root', - group => 'root', - mode => '0755', - source => 'puppet:///modules/nodo/bin/ifcheck', - } - - if $use_nagios != false { - - $command = $check_command ? { - 'check_ping' => "check_ping${ping_rate}", - default => $check_command, - } - - class { 'nagios::target': - address => $address, - check_command => $command, - } - - nagios::service::ping { "${::fqdn}": - ensure => $check_ping, - ping_rate => $ping_rate, - } - - nagios::service { "check_ssh4": - ensure => $check_ssh, - check_command => "check_ssh_4", - } - } -} diff --git a/manifests/subsystem/monitor/interface.pp b/manifests/subsystem/monitor/interface.pp deleted file mode 100644 index be630aa..0000000 --- a/manifests/subsystem/monitor/interface.pp +++ /dev/null @@ -1,14 +0,0 @@ -define nodo::subsystem::monitor::interface( - $ensure = 'present', - $hour = "*", - $minute = "*", -) -{ - cron { "ifcheck-${name}": - command => "/usr/local/sbin/ifcheck ${name} &> /dev/null", - user => 'root', - hour => $hour, - minute => $minute, - ensure => $ensure, - } -} diff --git a/manifests/subsystem/monitor/mail.pp b/manifests/subsystem/monitor/mail.pp deleted file mode 100644 index 913991b..0000000 --- a/manifests/subsystem/monitor/mail.pp +++ /dev/null @@ -1,6 +0,0 @@ -class nodo::subsystem::monitor::mail { - nagios::service { "check_rbl": - ensure => present, - check_command => "check_rbl", - } -} diff --git a/manifests/subsystem/monitor/master.pp b/manifests/subsystem/monitor/master.pp deleted file mode 100644 index dd6defa..0000000 --- a/manifests/subsystem/monitor/master.pp +++ /dev/null @@ -1,118 +0,0 @@ -class nodo::subsystem::monitor::master { - file { '/etc/nagios-plugins/check_rbl.ini': - ensure => present, - owner => root, - group => root, - source => 'puppet:///modules/nodo/etc/nagios-plugins/check_rbl.ini', - require => Package['nagios'], - } - - $main = hiera('nodo::role::master::main', false) - $ensure = $main ? { - true => 'present', - default => 'absent', - } - - # Legacy configuration - file { '/etc/apache2/conf.d/munin': - ensure => absent, - } - - # Munin configuration for apache - file { '/etc/apache2/conf.d/munin.conf': - ensure => present, - owner => root, - group => root, - mode => 0644, - source => 'puppet:///modules/nodo/munin/apache.conf', - require => Package["apache"], - notify => Service["apache"], - } - - # See http://www.jethrocarr.com/2012/05/26/munin-performance/ - file { "munin_graph_performance": - ensure => $ensure, - path => "/var/lib/puppet/modules/munin/nodes/00-performance", - content => "max_graph_jobs 1\nmax_cgi_graph_jobs 1\n", - require => $main ? { - true => Concatenated_file['/etc/munin/munin.conf'], - default => undef, - }, - } - - # See https://raymii.org/s/tutorials/Munin_optimalization_on_Debian.html - file { '/usr/local/bin/munin-graph': - ensure => $ensure, - owner => root, - group => root, - mode => 0755, - source => 'puppet:///modules/nodo/bin/munin-graph', - } - - file { '/etc/cron.d/munin-graph': - ensure => $ensure, - owner => root, - group => root, - mode => 0644, - content => "10 * * * * munin if [ -x /usr/local/bin/munin-graph ]; then /usr/bin/ionice -c 3 /usr/bin/nice -n 19 /usr/local/bin/munin-graph; fi\n", - require => File['/usr/local/bin/munin-graph'], - } - - # We won't mess with the package, so we distribute our own munin-cron - file { '/usr/local/bin/munin-cron': - ensure => $ensure, - owner => root, - group => root, - mode => 0755, - source => 'puppet:///modules/nodo/bin/munin-cron', - } - - file { '/etc/cron.d/munin': - ensure => $ensure, - owner => root, - group => root, - mode => 0644, - source => 'puppet:///modules/nodo/etc/cron.d/munin', - require => File['/usr/local/bin/munin-cron'], - } - - # - # See https://raymii.org/s/tutorials/Munin_optimalization_on_Debian.html - # https://munin.readthedocs.org/en/latest/master/rrdcached.html - # http://kuszelas.eu/~eyck/log/Howto/Munin.Rrdcached.html - # http://munin-monitoring.org/wiki/rrdcached - # - package { 'rrdcached': - ensure => $ensure, - } - - file { '/etc/default/rrdcached': - ensure => $ensure, - owner => root, - group => root, - source => 'puppet:///modules/nodo/etc/default/rrdcached', - require => Package['rrdcached'], - notify => $main ? { - true => Service['rrdcached'], - default => undef, - }, - } - - # Munin configuration for rrdcache - file { "munin_rrdcache": - ensure => $ensure, - path => "/var/lib/puppet/modules/munin/nodes/00-rrdcache", - content => "rrdcached_socket /var/run/rrdcached.sock\n", - require => $main ? { - true => Concatenated_file['/etc/munin/munin.conf'], - default => undef, - }, - } - - if $main == true { - service { 'rrdcached': - ensure => running, - require => Package['rrdcached'], - } - } -} diff --git a/manifests/subsystem/monitor/munin.pp b/manifests/subsystem/monitor/munin.pp deleted file mode 100644 index c2f461a..0000000 --- a/manifests/subsystem/monitor/munin.pp +++ /dev/null @@ -1,30 +0,0 @@ -# Define a munin node -define nodo::subsystem::monitor::munin( - $manage = hiera('nodo::munin_node::manage', True), - $port = hiera('nodo::munin_node::port', '4949'), - $allow = hiera('nodo::munin_node::allow', ''), - $host = hiera('nodo::munin_node::host', $::fqdn), - $listen = hiera('nodo::munin_node::listen', '*'), - $config = hiera('nodo::munin_node::config', [ 'use_node_name yes', 'load.load.warning 5', 'load.load.critical 10' ]) -) { - - if $manage == true { - case $allow { - '': { fail("Please set nodo::munin_node::allow in your config") } - } - - package { "munin-plugins-extra": - ensure => "present", - } - - class { 'munin::client': - port => $port, - allow => $allow, - host => $host, - listen => $listen, - config => $config, - } - - munin::plugin { apt_all: ensure => present; } - } -} diff --git a/manifests/subsystem/mount.pp b/manifests/subsystem/mount.pp deleted file mode 100644 index 05adaa7..0000000 --- a/manifests/subsystem/mount.pp +++ /dev/null @@ -1,15 +0,0 @@ -class nodo::subsystem::mount { - class { autofs: } - - file { '/etc/auto.removable': - source => [ "puppet:///modules/site_nodo/etc/${::fqdn}/auto.removable", - "puppet:///modules/site_nodo/etc/${::domain}/auto.removable", - "puppet:///modules/site_nodo/etc/auto.removable", - "puppet:///modules/nodo/etc/auto.removable.${::operatingssystem}", - "puppet:///modules/nodo/etc/auto.removable" ], - notify => Service[autofs], - owner => root, - group => root, - mode => 0644; - } -} diff --git a/manifests/subsystem/pam.pp b/manifests/subsystem/pam.pp deleted file mode 100644 index 7186d0b..0000000 --- a/manifests/subsystem/pam.pp +++ /dev/null @@ -1,40 +0,0 @@ -class nodo::subsystem::pam( - $enable = hiera('nodo::pam::enable', false) -) { - if $enable != false { - - # Squeeze only - if $::lsbdistcodename == 'squeeze' { - # pam - login - file { "/etc/pam.d/login": - source => [ "puppet:///modules/nodo/etc/pam.d/login.${::lsbdistcodename}", - "puppet:///modules/nodo/etc/pam.d/login", - ], - owner => "root", - group => "root", - mode => 0644, - ensure => present, - } - - # pam - gdm - file { "/etc/pam.d/gdm": - source => "puppet:///modules/nodo/etc/pam.d/gdm", - owner => "root", - group => "root", - mode => 0644, - ensure => present, - } - } - - # pam - mountpoints - file { "/etc/security/pam_mount.conf.xml": - ensure => present, - owner => root, - group => root, - mode => 0644, - source => [ "puppet:///modules/site_nodo/security/pam_mount.conf.xml.${::lsbdistcodename}", - "puppet:///modules/site_nodo/security/pam_mount.conf.xml", - ], - } - } -} diff --git a/manifests/subsystem/profile.pp b/manifests/subsystem/profile.pp index d1e343e..dac2f02 100644 --- a/manifests/subsystem/profile.pp +++ b/manifests/subsystem/profile.pp @@ -1,35 +1,4 @@ # Custom configuration for user profiles class nodo::subsystem::profile { - file { "/etc/profile.d/prompt.sh": - source => "puppet:///modules/nodo/etc/profile.d/prompt.sh", - owner => "root", - group => "root", - mode => 0644, - ensure => present, - } - - # Ideally we should not manage this file, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675008 - file { "/etc/bash.bashrc": - source => "puppet:///modules/nodo/etc/bash.bashrc", - owner => "root", - group => "root", - mode => 0644, - ensure => present, - require => File['/etc/profile.d/prompt.sh'], - } - - # See http://linuxforcynics.com/how-to/using-rxvt-unicode-with-screen - # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=630976 - # https://bbs.archlinux.org/viewtopic.php?id=50647 - # https://stackoverflow.com/questions/12345675/screen-cannot-find-terminfo-entry-for-xterm-256color - file { '/lib/terminfo/r/rxvt-256color': - source => "puppet:///modules/nodo/terminfo/rxvt-256color", - owner => root, - group => root, - mode => 0644, - ensure => $::lsbdistcodename ? { - 'squeeze' => present, - default => absent, - }, - } + include shellprompt } diff --git a/manifests/subsystem/profile/vagrant.pp b/manifests/subsystem/profile/vagrant.pp deleted file mode 100644 index 6306b58..0000000 --- a/manifests/subsystem/profile/vagrant.pp +++ /dev/null @@ -1,9 +0,0 @@ -class nodo::subsystem::profile::vagrant inherits nodo::subsystem::profile { - file { "/root/.profile": - source => "puppet:///modules/nodo/root/profile", - owner => "root", - group => "root", - mode => 0644, - ensure => present, - } -} diff --git a/manifests/subsystem/sudo.pp b/manifests/subsystem/sudo.pp index 9249379..d8c7099 100644 --- a/manifests/subsystem/sudo.pp +++ b/manifests/subsystem/sudo.pp @@ -3,7 +3,7 @@ class nodo::subsystem::sudo { ensure => "present", } - file { "/etc/sudoers": + file { "/etc/sudoers.d/local": source => [ "puppet:///modules/site_nodo/etc/sudoers/hostname/${::hostname}", "puppet:///modules/site_nodo/etc/sudoers/domain/${::domain}", "puppet:///modules/nodo/etc/sudoers" ], diff --git a/manifests/subsystem/virtual/instance.pp b/manifests/subsystem/virtual/instance.pp index 151058e..a7fead0 100644 --- a/manifests/subsystem/virtual/instance.pp +++ b/manifests/subsystem/virtual/instance.pp @@ -1,7 +1,6 @@ # Define a virtual server instance define nodo::subsystem::virtual::instance( $context, - $distro = 'jessie', $ensure = 'running', $proxy = false, $puppetmaster = false, @@ -47,66 +46,7 @@ define nodo::subsystem::virtual::instance( $dev = hiera('nodo::subsystem::vm::interface', 'eth0') - if $implementation == 'vserver' { - virtual::vserver { $name: - ensure => $ensure, - context => "$context", - mark => 'default', - distro => $distro, - interface => "${dev}:192.168.0.${context}/24", - hostname => "$name.$domain", - memory_limit => $memory_limit, - } - - # Some nodes need a lot of space at /tmp otherwise some admin - # tasks like backups might not run. - file { "/etc/vservers/${name}/fstab": - source => [ "puppet:///modules/site_nodo/etc/fstab/vserver/$name", - "puppet:///modules/nodo/etc/fstab/vserver" ], - owner => "root", - group => "root", - mode => 0644, - ensure => present, - notify => Exec["vs_restart_${name}"], - require => Exec["vserver_instance_${name}"], - } - - # Sound support - if $sound { - if !defined(File["/usr/local/sbin/create-sound-devices"]) { - file { "/usr/local/sbin/create-sound-devices": - ensure => present, - source => "puppet:///modules/nodo/sound/devices.sh", - owner => root, - group => root, - mode => 755, - } - } - exec { "/usr/local/sbin/create-sound-devices ${name}": - unless => "/usr/local/sbin/create-sound-devices ${name} --check", - user => root, - require => [ Exec["vs_create_${name}"], File["/usr/local/sbin/create-sound-devices"] ], - } - } - } - - # Create a munin virtual resource to be realized in the node - @@nodo::subsystem::monitor::munin { "${name}": - port => $munin_port ? { - false => "49$id", - default => $munin_port, - } - } - - # Create a monkeysphere virtual resource to be realized in the node - @@nodo::subsystem::monkeysphere { "$name": - port => $monkeysphere_ssh_port ? { - false => "22$id", - default => $monkeysphere_ssh_port, - } - } - - # Apply firewall rules just for running vservers + # Apply firewall rules just for running virtual machines case $ensure { 'running': { firewall::virtual::ssh { "$name": diff --git a/manifests/subsystem/xorg.pp b/manifests/subsystem/xorg.pp deleted file mode 100644 index da8a069..0000000 --- a/manifests/subsystem/xorg.pp +++ /dev/null @@ -1,15 +0,0 @@ -class nodo::subsystem::xorg( - $enable = hiera('nodo::subsystem::xorg::enable', false) -) { - if $enable != false { - file { "/etc/X11/xorg.conf": - ensure => present, - owner => root, - group => root, - mode => 0644, - source => [ "puppet:///modules/site_nodo/X11/xorg.conf/${::hostname}.${::lsbdistcodename}", - "puppet:///modules/site_nodo/X11/xorg.conf/${::hostname}", - "puppet:///modules/site_nodo/X11/xorg.conf.default" ], - } - } -} diff --git a/manifests/utils.pp b/manifests/utils.pp index 8f572b6..0335bf3 100644 --- a/manifests/utils.pp +++ b/manifests/utils.pp @@ -1,9 +1,6 @@ # Common utilities -class nodo::utils { - package { [ 'screen', 'less', 'bzip2', 'openssl', 'lynx', 'unzip', - 'nmap', 'telnet', 'tree', 'whois', 'dosfstools', 'dnsutils', 'secure-delete', - 'bc', 'lsof', 'wipe', 'vrms', 'nsca-client', 'uuid-runtime', 'vim-nox', - 'multitail', 'bash-completion', 'zsh' ]: +class nodo::utils inherits nodo::utils::base { + package { [ 'vim-nox' ]: ensure => installed, } @@ -14,33 +11,11 @@ class nodo::utils { } } - # Not using right now - package { [ 'logcheck', 'logcheck-database' ]: - ensure => absent, - } - - # We'll probably use https://github.com/puppetlabs/puppetlabs-denyhosts in the future - package { 'denyhosts': - ensure => purged, - } - - # Maybe we use logwatch in the future - #package { 'logwatch': - # ensure => installed, - #} - # To be considered #package { 'needrestart': # ensure => present, #} - # Obsolete - if !defined(Package['git-core']) { - package { 'git-core': - ensure => absent, - } - } - if !defined(Package['git']) { package { 'git': ensure => latest, @@ -55,17 +30,7 @@ class nodo::utils { } # Ensure we have the minimum augeas version required by shorewall module - package { - 'libaugeas0': - ensure => $::lsbdistcodename ? { - 'squeeze' => '0.10.0-1~bpo60+3', - default => installed, - }; - 'augeas-tools': - ensure => $::lsbdistcodename ? { - 'squeeze' => '0.10.0-1~bpo60+3', - default => installed, - }, - require => Package['libaugeas0']; + package { [ 'libaugeas0', 'augeas-tools' ]: + ensure => present, } } diff --git a/manifests/utils/laptop/debian.pp b/manifests/utils/laptop/debian.pp index af9cefb..948a34c 100644 --- a/manifests/utils/laptop/debian.pp +++ b/manifests/utils/laptop/debian.pp @@ -10,7 +10,7 @@ class nodo::utils::laptop::debian { 'tftp', 'sharutils', 'wireshark', 'macchanger', 'weplab', 'wpagui', 'gnokii', 'sslstrip', 'uswsusp', - 'tcpdump', 'tshark', 'powertop' ]: + 'tcpdump', 'tshark' ]: ensure => installed, } diff --git a/manifests/utils/physical.pp b/manifests/utils/physical.pp index a6806c5..071c9a9 100644 --- a/manifests/utils/physical.pp +++ b/manifests/utils/physical.pp @@ -2,7 +2,8 @@ class nodo::utils::physical { package { [ 'nload', 'acpid', 'slurm', 'ethtool', 'parted', 'iftop', 'iptraf', 'htop', 'sdparm', 'iotop', 'sysstat', 'saidar', - 'lshw', 'sg3-utils', 'nmon', 'atop', 'dcfldd', 'gdisk' ]: + 'lshw', 'sg3-utils', 'nmon', 'atop', 'dcfldd', 'gdisk', + 'powertop' ]: ensure => installed, } |