summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFredrik Thulin <fredrik@thulin.net>2013-11-27 14:22:33 +0100
committerFredrik Thulin <fredrik@thulin.net>2013-11-27 14:22:33 +0100
commit60c413ad91ef734ec978ecf3ff658c17452b2282 (patch)
tree439bb6b4a59cdb630219016827c7326904654d59
parent9a51c9e38a7556934d4be8eaa663ce4a0482a39b (diff)
Add some goodies from the eduid-ops repo.sunet-ops-2013-11-27-v09
-rw-r--r--global/overlay/etc/puppet/cosmos-rules.yaml7
-rw-r--r--global/overlay/etc/puppet/manifests/cosmos-site.pp20
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/encrypted_swap.pp12
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/ethernet_bonding.pp19
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/server.pp9
5 files changed, 65 insertions, 2 deletions
diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index d9dc495..1131c26 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -1,2 +1,5 @@
-'ns[0-9]?.mnt.se$':
- nameserver:
+# Don't enable class sunet for all hosts until tested.
+#'\.sunet\.se$':
+# sunet:
+'^cdr\d+\.sunet\.se$':
+ sunet-cdr:
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index ad3251e..f551a5d 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -181,3 +181,23 @@ node 'sto-tug-kvm1.swamid.se' {
}
+class sunet {
+
+ # Until we have proper Puppet managing of SSH
+ ufw::allow { 'allow-ssh-sunet':
+ port => '22',
+ proto => 'tcp'
+ }
+
+ package { 'emacs23-nox':
+ ensure => 'installed'
+ }
+
+ sunet::server { 'sunet_server': }
+
+}
+
+class sunet-cdr {
+
+
+}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/encrypted_swap.pp b/global/overlay/etc/puppet/modules/sunet/manifests/encrypted_swap.pp
new file mode 100644
index 0000000..9956e00
--- /dev/null
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/encrypted_swap.pp
@@ -0,0 +1,12 @@
+define sunet::encrypted_swap() {
+
+ package { 'ecryptfs-utils':
+ ensure => 'installed'
+ } ->
+
+ exec {'sunet_ecryptfs_setup_swap':
+ command => '/usr/bin/ecryptfs-setup-swap -f',
+ onlyif => 'grep swap /etc/fstab | grep -ve ^# -e cryptswap | grep -q swap',
+ }
+
+}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/ethernet_bonding.pp b/global/overlay/etc/puppet/modules/sunet/manifests/ethernet_bonding.pp
new file mode 100644
index 0000000..8ff7325
--- /dev/null
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/ethernet_bonding.pp
@@ -0,0 +1,19 @@
+define sunet::ethernet_bonding() {
+ # Set up prerequisites for Ethernet LACP bonding of eth0 and eth1,
+ # for all physical hosts that are running Ubuntu.
+ #
+ # Bonding requires setup in /etc/network/interfaces as well.
+ #
+ if $::is_virtual == 'false' and $::operatingsystem == 'Ubuntu' {
+ if $::operatingsystemrelease <= '12.04' {
+ package {'ifenslave': ensure => 'present' }
+ } else {
+ package {'ifenslave-2.6': ensure => 'present' }
+ }
+
+ file_line { 'load_module_at_boot':
+ path => '/etc/modules',
+ line => 'bonding',
+ }
+ }
+}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp b/global/overlay/etc/puppet/modules/sunet/manifests/server.pp
new file mode 100644
index 0000000..9215c8f
--- /dev/null
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/server.pp
@@ -0,0 +1,9 @@
+define sunet::server() {
+
+ # Set up encrypted swap
+ sunet::encrypted_swap { 'sunet_encrypted_swap': }
+
+ # Add prerequisites for ethernet bonding, if physical server
+ sunet::ethernet_bonding { 'sunet_ethernet_bonding': }
+
+}