From ad27f5dac1870369abe10e88fbb034ffa391f12c Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Thu, 24 Jan 2013 13:18:39 -0200 Subject: Lots of subsystem refactoring; minor node changes --- manifests/appliance.pp | 2 +- manifests/desktop.pp | 1 - manifests/host.pp | 2 +- manifests/laptop.pp | 1 - manifests/mail.pp | 1 + manifests/personal.pp | 15 +++++--- manifests/plug.pp | 3 +- manifests/subsystems/firewall.pp | 2 +- manifests/subsystems/firewall/local.pp | 8 ++--- manifests/subsystems/gdm.pp | 2 +- manifests/subsystems/initramfs.pp | 2 +- manifests/subsystems/monitor.pp | 8 ++--- manifests/subsystems/monkeysphere.pp | 17 +++------- manifests/subsystems/motd.pp | 6 ++-- manifests/subsystems/munin.pp | 22 ++++++------ manifests/subsystems/onion.pp | 6 ++-- manifests/subsystems/pam.pp | 4 +-- manifests/subsystems/profile.pp | 10 +++--- manifests/subsystems/resolver.pp | 8 ++--- manifests/subsystems/schroot.pp | 6 ++-- manifests/subsystems/sudo.pp | 2 +- manifests/subsystems/sysctl.pp | 18 ++++------ manifests/subsystems/tunnel.pp | 50 +++++++++++++-------------- manifests/subsystems/ups.pp | 62 +++++++++++----------------------- manifests/subsystems/xorg.pp | 6 ++-- 25 files changed, 119 insertions(+), 145 deletions(-) (limited to 'manifests') diff --git a/manifests/appliance.pp b/manifests/appliance.pp index c8e2cc7..dfc0116 100644 --- a/manifests/appliance.pp +++ b/manifests/appliance.pp @@ -1,5 +1,5 @@ class nodo::appliance inherits nodo::physical { - include sysctl::appliance + class { 'sysctl::appliance': } # fstab class { 'fstab': diff --git a/manifests/desktop.pp b/manifests/desktop.pp index 0a58830..6b3a724 100644 --- a/manifests/desktop.pp +++ b/manifests/desktop.pp @@ -19,7 +19,6 @@ class nodo::desktop inherits nodo::personal { class nodo::desktop::minimal { $fstab = false $crypttab = false - $xorg = false $pam = false # Backups should happen when the box is likely to be online diff --git a/manifests/host.pp b/manifests/host.pp index b31fbc4..ee6c18e 100644 --- a/manifests/host.pp +++ b/manifests/host.pp @@ -6,8 +6,8 @@ class nodo::host inherits nodo { include sysctl include utils::physical include resolver - include monkeysphere_nodo + class { 'monkeysphere_host': } class { 'syslog-ng': } # Firewall configuration diff --git a/manifests/laptop.pp b/manifests/laptop.pp index 18fedb5..93376d6 100644 --- a/manifests/laptop.pp +++ b/manifests/laptop.pp @@ -54,7 +54,6 @@ class nodo::laptop::webdev inherits nodo::laptop { class nodo::laptop::minimal { $fstab = false $crypttab = false - $xorg = false $pam = false # Backups should happen when the box is likely to be online diff --git a/manifests/mail.pp b/manifests/mail.pp index d58a505..dd9f670 100644 --- a/manifests/mail.pp +++ b/manifests/mail.pp @@ -1,5 +1,6 @@ class nodo::mail { # Class inclusion + $root_mail_recipient = hiera('nodo::root_mail_recipient', 'nobody') include nodo::vserver include mail::system } diff --git a/manifests/personal.pp b/manifests/personal.pp index 9b7272a..dc89d15 100644 --- a/manifests/personal.pp +++ b/manifests/personal.pp @@ -3,7 +3,8 @@ class nodo::personal { include nodo::physical include utils::personal include pam - include xorg + + class { 'xorg': } if $lsbdistcodename == 'squeeze' { include gdm @@ -27,9 +28,15 @@ class nodo::personal { mode => 0755, } - # Old torrent cache - file { "/var/cache/torrents": - ensure => absent, + # Hostname cache for general use + file { "/var/cache/${hostname}": + ensure => directory, mode => 0755, } + + # Link to the media cache, useful to have unique remotes + # for git-annex in removable media + file { "/var/cache/${hostname}/media": + ensure => "/var/cache/media", + } } diff --git a/manifests/plug.pp b/manifests/plug.pp index 74c7d78..630be3a 100644 --- a/manifests/plug.pp +++ b/manifests/plug.pp @@ -4,7 +4,8 @@ class nodo::plug inherits nodo { include utils::plug include sysctl include resolver - include monkeysphere_nodo + + class { 'monkeysphere_host': } class { 'firewall': } diff --git a/manifests/subsystems/firewall.pp b/manifests/subsystems/firewall.pp index 59bc1f1..0bde7ba 100644 --- a/manifests/subsystems/firewall.pp +++ b/manifests/subsystems/firewall.pp @@ -1,6 +1,6 @@ # firewall definitions for physical servers class firewall( - $local_net = hiera('firewall::local_net', false), + $local_net = hiera('nodo::firewall::local_net', false), ) { class { 'shorewall': } diff --git a/manifests/subsystems/firewall/local.pp b/manifests/subsystems/firewall/local.pp index c402e70..ee82563 100644 --- a/manifests/subsystems/firewall/local.pp +++ b/manifests/subsystems/firewall/local.pp @@ -1,8 +1,8 @@ class firewall::local( - $network = hiera('firewall::local::network', '192.168.1.0/24'), - $interface = hiera('firewall::local::interface', 'eth0'), - $manage_host = hiera('firewall::local::manage_host', True), - $manage_interface = hiera('firewall::local::manage_iface', false) + $network = hiera('nodo::firewall::local::network', '192.168.1.0/24'), + $interface = hiera('nodo::firewall::local::interface', 'eth0'), + $manage_host = hiera('nodo::firewall::local::manage_host', True), + $manage_interface = hiera('nodo::firewall::local::manage_iface', false) ) { if $manage_host { diff --git a/manifests/subsystems/gdm.pp b/manifests/subsystems/gdm.pp index c7cb0ac..7dbf129 100644 --- a/manifests/subsystems/gdm.pp +++ b/manifests/subsystems/gdm.pp @@ -21,7 +21,7 @@ class gdm { owner => root, group => root, mode => 0644, - source => [ "puppet:///modules/site_nodo/etc/gdm/$domain/gdm.conf", + source => [ "puppet:///modules/site_nodo/etc/gdm/${::domain}/gdm.conf", "puppet:///modules/nodo/etc/gdm/gdm.conf", ] } diff --git a/manifests/subsystems/initramfs.pp b/manifests/subsystems/initramfs.pp index 27029c3..ed92171 100644 --- a/manifests/subsystems/initramfs.pp +++ b/manifests/subsystems/initramfs.pp @@ -14,7 +14,7 @@ class initramfs { group => "root", mode => 0644, ensure => present, - source => "puppet://$server/modules/nodo/etc/initramfs-tools/modules", + source => "puppet:///modules/nodo/etc/initramfs-tools/modules", } # update initramfs when needed diff --git a/manifests/subsystems/monitor.pp b/manifests/subsystems/monitor.pp index 3712e79..45608a9 100644 --- a/manifests/subsystems/monitor.pp +++ b/manifests/subsystems/monitor.pp @@ -1,14 +1,14 @@ class monitor( - $type = 'vserver', + $type = 'vserver', $use_nagios = hiera('nodo::monitor::use_nagios', True), - $use_fqdn = hiera('nodo::monitor::use_nagios_fqdn', false) + $use_fqdn = hiera('nodo::monitor::use_nagios_fqdn', false) ) { if $use_nagios != false { if $type == 'vserver' { include nagios::target::fqdn - nagios::service::ping { "$fqdn": } + nagios::service::ping { "${::fqdn}": } } if $type == 'host' or $type == 'personal' { @@ -18,7 +18,7 @@ class monitor( else { include nagios::target } - nagios::service::ping { "$fqdn": } + nagios::service::ping { "${::fqdn}": } } } diff --git a/manifests/subsystems/monkeysphere.pp b/manifests/subsystems/monkeysphere.pp index 8c35d13..3b55d6f 100644 --- a/manifests/subsystems/monkeysphere.pp +++ b/manifests/subsystems/monkeysphere.pp @@ -1,5 +1,8 @@ # Define a monkeysphere host -define monkeysphere_host($port = '') { +define monkeysphere_host( + $port = hiera('nodo::monkeysphere_host::ssh_port', ''), + $mail_recipient = hiera('nodo::root_mail_recipient', 'nobody') +) { include monkeysphere # Ensure the server's ssh key is imported into your monkeysphere key ring @@ -14,15 +17,5 @@ define monkeysphere_host($port = '') { #monkeysphere::publish_server_keys { } # Email the server key - monkeysphere::email_server_keys { "$root_mail_recipient": } -} - -class monkeysphere_nodo { - # Monkeysphere configuration - monkeysphere_host { "$hostname": - port => $monkeysphere_ssh_port ? { - false => '', - default => $monkeysphere_ssh_port, - } - } + monkeysphere::email_server_keys { "$mail_recipient": } } diff --git a/manifests/subsystems/motd.pp b/manifests/subsystems/motd.pp index c8029bf..f9ece2d 100644 --- a/manifests/subsystems/motd.pp +++ b/manifests/subsystems/motd.pp @@ -1,11 +1,13 @@ -class motd { +class motd( + $network_name = hiera('nodo::motd::network_name', 'Nodo') +) { # http://projects.reductivelabs.com/issues/1915 file { "/var/run/motd": owner => "root", group => "root", mode => 0644, ensure => file, - content => "This is $fqdn from the $network_name.\n", + content => "This is ${::fqdn} from the ${network_name}.\n", } file { "/etc/motd": diff --git a/manifests/subsystems/munin.pp b/manifests/subsystems/munin.pp index f29afb8..a0a534e 100644 --- a/manifests/subsystems/munin.pp +++ b/manifests/subsystems/munin.pp @@ -1,19 +1,17 @@ # Define a munin node -define munin_node($port = '4949') { +define munin_node( + $port = hiera('nodo::munin_node::port', '4949'), + $allow = hiera('nodo::munin_node::allow', ''), + $host = hiera('nodo::munin_node::host', '') +) { - case $global_munin_allow { - '': { fail("Please set \$global_munin_allow in your site config") } + case $allow { + '': { fail("Please set nodo::munin_node::allow in your site config") } } - $munin_allow = $node_munin_allow ? { - '' => "$global_munin_allow", - default => "$node_munin_allow", - } - - $munin_port = $node_munin_port ? { - '' => "$port", - default => "$node_munin_port", - } + $munin_port = $port + $munin_allow = $allow + $munin_host = $host include munin::client munin::plugin { apt_all: ensure => present; } diff --git a/manifests/subsystems/onion.pp b/manifests/subsystems/onion.pp index ee4da16..2b03839 100644 --- a/manifests/subsystems/onion.pp +++ b/manifests/subsystems/onion.pp @@ -4,8 +4,8 @@ class onion { # It's important to use a subdir from the tor datadir # to ease backup/restore procedures as we don't mix # hidden service data with other tor files. - if !defined(File["$tor::daemon::data_dir/hidden"]) { - file { "$tor::daemon::data_dir/hidden": + if !defined(File["${tor::daemon::data_dir}/hidden"]) { + file { "${tor::daemon::data_dir}/hidden": ensure => directory, owner => 'debian-tor', group => 'debian-tor', @@ -37,7 +37,7 @@ class onion::freenode inherits onion::socks { class onion::full inherits onion::freenode { # Currently tor management just works for debian - case $operatingsystem { + case $::operatingsystem { debian: { include tor::polipo } diff --git a/manifests/subsystems/pam.pp b/manifests/subsystems/pam.pp index 2e75ddd..d2e1559 100644 --- a/manifests/subsystems/pam.pp +++ b/manifests/subsystems/pam.pp @@ -2,7 +2,7 @@ class pam { if $pam != false { # pam - login file { "/etc/pam.d/login": - source => [ "puppet:///modules/nodo/etc/pam.d/login.${lsbdistcodename}", + source => [ "puppet:///modules/nodo/etc/pam.d/login.${::lsbdistcodename}", "puppet:///modules/nodo/etc/pam.d/login", ], owner => "root", @@ -26,7 +26,7 @@ class pam { owner => root, group => root, mode => 0644, - source => [ "puppet:///modules/site_nodo/security/pam_mount.conf.xml.$lsbdistcodename", + source => [ "puppet:///modules/site_nodo/security/pam_mount.conf.xml.${::lsbdistcodename}", "puppet:///modules/site_nodo/security/pam_mount.conf.xml", ], } diff --git a/manifests/subsystems/profile.pp b/manifests/subsystems/profile.pp index e49e3b5..cc84ae0 100644 --- a/manifests/subsystems/profile.pp +++ b/manifests/subsystems/profile.pp @@ -1,7 +1,7 @@ # Custom configuration for user profiles class profile { file { "/etc/screenrc": - source => "puppet://$server/modules/nodo/etc/screenrc", + source => "puppet:///modules/nodo/etc/screenrc", owner => "root", group => "root", mode => 0644, @@ -12,8 +12,8 @@ class profile { # /etc/profile.d, so in the future this file won't need to be # managed by puppet anymore. file { "/etc/profile": - source => [ "puppet://$server/modules/nodo/etc/profile.$lsbdistcodename", - "puppet://$server/modules/nodo/etc/profile", + source => [ "puppet:///modules/nodo/etc/profile.${::lsbdistcodename}", + "puppet:///modules/nodo/etc/profile", ], owner => "root", group => "root", @@ -23,7 +23,7 @@ class profile { } file { "/etc/bash.bashrc": - source => "puppet://$server/modules/nodo/etc/bash.bashrc", + source => "puppet:///modules/nodo/etc/bash.bashrc", owner => "root", group => "root", mode => 0644, @@ -32,7 +32,7 @@ class profile { } file { "/usr/local/bin/prompt.sh": - source => "puppet://$server/modules/nodo/bin/prompt.sh", + source => "puppet:///modules/nodo/bin/prompt.sh", owner => "root", group => "root", mode => 0644, diff --git a/manifests/subsystems/resolver.pp b/manifests/subsystems/resolver.pp index 3e5c36b..2ad0cd4 100644 --- a/manifests/subsystems/resolver.pp +++ b/manifests/subsystems/resolver.pp @@ -1,20 +1,20 @@ -class resolver { +class resolver($nameservers = hiera('nodo::resolver::nameservers', '')) { # DNS resolver - case $resolvconf_nameservers { + case $nameservers { '': { package { 'resolvconf': ensure => present, } file { '/etc/resolv.conf': - ensure => '/etc/resolvconf/run/resolv.conf', + ensure => '/etc/resolvconf/run/resolv.conf', require => Package['resolvconf'], } } default: { class { 'resolvconf': search => $::fqdn, - nameservers => $resolvconf_nameservers, + nameservers => $nameservers, } } } diff --git a/manifests/subsystems/schroot.pp b/manifests/subsystems/schroot.pp index 950cc88..58d6dee 100644 --- a/manifests/subsystems/schroot.pp +++ b/manifests/subsystems/schroot.pp @@ -4,17 +4,17 @@ class schroot { } file { '/etc/schroot/default/fstab': - ensure => $ensure, + ensure => present, owner => root, group => root, mode => 0644, require => Package['schroot'], - source => [ "puppet:///modules/site_nodo/etc/schroot/default/$fqdn/fstab", + source => [ "puppet:///modules/site_nodo/etc/schroot/default/${::fqdn}/fstab", "puppet:///modules/nodo/etc/schroot/default/fstab" ] } define instance($instance_type = 'plain', $description, $directory, $users, $groups, $aliases, $ensure = present) { - file { "/etc/schroot/chroot.d/$name": + file { "/etc/schroot/chroot.d/${name}": ensure => $ensure, owner => root, group => root, diff --git a/manifests/subsystems/sudo.pp b/manifests/subsystems/sudo.pp index c3e18e7..4ec615c 100644 --- a/manifests/subsystems/sudo.pp +++ b/manifests/subsystems/sudo.pp @@ -5,7 +5,7 @@ class sudo { } file { "/etc/sudoers": - source => [ "puppet:///modules/site_nodo/etc/sudoers/$hostname", + source => [ "puppet:///modules/site_nodo/etc/sudoers/${::hostname}", "puppet:///modules/nodo/etc/sudoers" ], owner => "root", group => "root", diff --git a/manifests/subsystems/sysctl.pp b/manifests/subsystems/sysctl.pp index 5e6dec7..d78a0f7 100644 --- a/manifests/subsystems/sysctl.pp +++ b/manifests/subsystems/sysctl.pp @@ -30,10 +30,10 @@ class sysctl { group => "root", mode => 0644, ensure => present, - content => "kernel.printk = $printk_levels\n", + content => "kernel.printk = ${printk_levels}\n", } - exec { "/bin/echo '$printk_levels' > /proc/sys/kernel/printk": + exec { "/bin/echo '${printk_levels}' > /proc/sys/kernel/printk": subscribe => File["/etc/sysctl.d/kernel.printk.conf"], refreshonly => true, } @@ -44,28 +44,24 @@ class sysctl::laptop { owner => "root", group => "root", mode => 0644, - source => "puppet://$server/modules/nodo/etc/sysctl.d/madwifi.conf", - ensure => $lsbdistcodename ? { + source => "puppet:///modules/nodo/etc/sysctl.d/madwifi.conf", + ensure => $::lsbdistcodename ? { 'lenny' => present, default => absent, }, } } -class sysctl::appliance { - case $kernel_panic { - '': { $kernel_panic = "20" } - } - +class sysctl::appliance($kernel_panic = hiera('nodo::sysctl::appliance', '20') { file { "/etc/sysctl.d/kernel.panic.conf": owner => "root", group => "root", mode => 0644, ensure => present, - content => "kernel.panic = $kernel_panic\n", + content => "kernel.panic = ${kernel_panic}\n", } - exec { "/bin/echo '$kernel_panic' > /proc/sys/kernel/panic": + exec { "/bin/echo '${kernel_panic}' > /proc/sys/kernel/panic": subscribe => File["/etc/sysctl.d/kernel.panic.conf"], refreshonly => true, } diff --git a/manifests/subsystems/tunnel.pp b/manifests/subsystems/tunnel.pp index 3756df4..763383b 100644 --- a/manifests/subsystems/tunnel.pp +++ b/manifests/subsystems/tunnel.pp @@ -11,20 +11,20 @@ # this define realizes all needed resources for a hosted tunnel define tunnel_server_realize($host) { - User <<| tag == "backupninja-$host" |>> - File <<| tag == "backupninja-$host" |>> - Ssh_authorized_key <<| tag == "backupninja-$host" |>> + User <<| tag == "backupninja-${host}" |>> + File <<| tag == "backupninja-${host}" |>> + Ssh_authorized_key <<| tag == "backupninja-${host}" |>> } class tunnel { # collect all resources from hosted tunnels - Tunnel_server_realize <<| tag == "$fqdn" |>> + Tunnel_server_realize <<| tag == "${::fqdn}" |>> - define setup($ensure = present, $user = $hostname, $host, $localport, $hostport, $sshport = '22', $keytype = 'rsa') { - $dir = "/var/backups/remote/$user.$domain" - $tag = "backupninja-$fqdn" - $ssh_dir = "$dir/.ssh" + define setup($ensure = present, $user = $hostname, $host, $localport, $hostport, $sshport = '22', $keytype = 'rsa', $root_mail_recipient = hiera('nodo::root_mail_recipient', 'nobody')) { + $dir = "/var/backups/remote/${user}.${::domain}" + $tag = "backupninja-${::fqdn}" + $ssh_dir = "${dir}/.ssh" autossh::tunnel { $name: ensure => $ensure, @@ -37,7 +37,7 @@ class tunnel { sshport => $sshport, } - if !defined(Tunnel_server_realize["${fqdn}@${real_host}"]) { + if !defined(Tunnel_server_realize["${::fqdn}@${real_host}"]) { # this defines just maps that $host host an user environment for $fdqn @@tunnel_server_realize { "${fqdn}@${real_host}": host => $fqdn, @@ -45,24 +45,24 @@ class tunnel { } } - if !defined(File["$dir"]) { - @@file { "$dir": + if !defined(File["${dir}"]) { + @@file { "${dir}": ensure => directory, mode => 0750, owner => $user, group => 0, - tag => "$tag", + tag => "${tag}", } } - if !defined(File["$ssh_dir"]) { - @@file { "$ssh_dir": + if !defined(File["${ssh_dir}"]) { + @@file { "${ssh_dir}": ensure => directory, mode => 0700, owner => $user, group => 0, - require => [User[$user], File["$dir"]], - tag => "$tag", + require => [User[$user], File["${dir}"]], + tag => "${tag}", } } @@ -74,21 +74,21 @@ class tunnel { group => 0, source => "puppet:///modules/site_keys/${user}_id_${keytype}.pub", require => File["${ssh_dir}"], - tag => "$tag", + tag => "${tag}", } } - if !defined(User["$user"]) { - @@user { "$user": + if !defined(User["{$user}"]) { + @@user { "${user}": ensure => "present", - comment => "$user backup sandbox", - home => "$dir", + comment => "${user} backup sandbox", + home => "${dir}", gid => "backupninjas", managehome => true, shell => "/bin/sh", password => '*', require => Group['backupninjas'], - tag => "$tag" + tag => "${tag}" } } } @@ -108,7 +108,7 @@ class tunnel { owner => root, group => root, mode => 0644, - content => "$fqdn\n", + content => "${fqdn}\n", notify => Service["nullmailer"], } @@ -139,8 +139,8 @@ class tunnel { } tunnel::setup { "smtp": - host => "$name.$domain", - sshport => "$sshport", + host => "${name}.${domain}", + sshport => "${sshport}", localport => '2525', hostport => '25', } diff --git a/manifests/subsystems/ups.pp b/manifests/subsystems/ups.pp index cc6677e..47b9f13 100644 --- a/manifests/subsystems/ups.pp +++ b/manifests/subsystems/ups.pp @@ -1,47 +1,25 @@ -class ups { - case $ups_type { - '': { $ups_type = 'usb' } - } - - case $ups_cable { - '': { $ups_cable = 'usb' } - } - - case $ups_dev { - '': { $ups_dev = '/dev/usb/hiddev0' } - } - - case $ups_nisip { - '': { $ups_nisip = '127.0.0.1' } - } - - case $ups_polltime { - '': { $ups_polltime = '60' } - } - - case $ups_onbatterydelay { - '': { $ups_onbatterydelay = '6' } - } - - case $ups_batterylevel { - '': { $ups_batterylevel = '5' } - } - - case $ups_minutes { - '': { $ups_minutes = '3' } - } - - case $has_ups { +class ups( + $include = hiera('nodo::ups::include', false), + $type = hiera('nodo::ups::type', 'usb'), + $cable = hiera('nodo::ups::cable', 'usb'), + $dev = hiera('nodo::ups::dev', '/dev/usb/hiddev0'), + $nisip = hiera('nodo::ups::nisip', '127.0.0.1'), + $polltime = hiera('nodo::ups::polltime', '60'), + $onbatterydelay = hiera('nodo::ups::onbatterydelay', '6'), + $batterylevel = hiera('nodo::ups::batterylevel', '5'), + $minutes = hiera('nodo::ups::minutes', '3' +) { + case $include { true: { class { "apcupsd": - upstype => $ups_type, - cable => $ups_cable, - device => $ups_dev, - nisip => $ups_nisip, - polltime => $ups_polltime, - onbatterydelay => $ups_onbatterydelay, - batterylevel => $ups_batterylevel, - minutes => $ups_minutes, + upstype => $type, + cable => $cable, + device => $dev, + nisip => $nisip, + polltime => $polltime, + onbatterydelay => $onbatterydelay, + batterylevel => $batterylevel, + minutes => $minutes, } } } diff --git a/manifests/subsystems/xorg.pp b/manifests/subsystems/xorg.pp index 0d92cec..f90feff 100644 --- a/manifests/subsystems/xorg.pp +++ b/manifests/subsystems/xorg.pp @@ -1,12 +1,12 @@ -class xorg { - # xorg +class xorg($enable = hiera('nodo::xorg::enable', false)) { if $xorg != false { file { "/etc/X11/xorg.conf": ensure => present, owner => root, group => root, mode => 0644, - source => [ "puppet:///modules/site_nodo/X11/xorg.conf/$hostname", + source => [ "puppet:///modules/site_nodo/X11/xorg.conf/${hostname}.${lsbdistcodename}", + "puppet:///modules/site_nodo/X11/xorg.conf/${hostname}", "puppet:///modules/site_nodo/X11/xorg.conf.default" ], } } -- cgit v1.2.3