diff options
author | Fredrik Thulin <fredrik@thulin.net> | 2013-11-27 14:22:33 +0100 |
---|---|---|
committer | Fredrik Thulin <fredrik@thulin.net> | 2013-11-27 14:22:33 +0100 |
commit | 60c413ad91ef734ec978ecf3ff658c17452b2282 (patch) | |
tree | 439bb6b4a59cdb630219016827c7326904654d59 | |
parent | 9a51c9e38a7556934d4be8eaa663ce4a0482a39b (diff) |
Add some goodies from the eduid-ops repo.sunet-ops-2013-11-27-v09
5 files changed, 65 insertions, 2 deletions
diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index d9dc495..1131c26 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -1,2 +1,5 @@ -'ns[0-9]?.mnt.se$': - nameserver: +# Don't enable class sunet for all hosts until tested. +#'\.sunet\.se$': +# sunet: +'^cdr\d+\.sunet\.se$': + sunet-cdr: diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index ad3251e..f551a5d 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -181,3 +181,23 @@ node 'sto-tug-kvm1.swamid.se' { } +class sunet { + + # Until we have proper Puppet managing of SSH + ufw::allow { 'allow-ssh-sunet': + port => '22', + proto => 'tcp' + } + + package { 'emacs23-nox': + ensure => 'installed' + } + + sunet::server { 'sunet_server': } + +} + +class sunet-cdr { + + +} diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/encrypted_swap.pp b/global/overlay/etc/puppet/modules/sunet/manifests/encrypted_swap.pp new file mode 100644 index 0000000..9956e00 --- /dev/null +++ b/global/overlay/etc/puppet/modules/sunet/manifests/encrypted_swap.pp @@ -0,0 +1,12 @@ +define sunet::encrypted_swap() { + + package { 'ecryptfs-utils': + ensure => 'installed' + } -> + + exec {'sunet_ecryptfs_setup_swap': + command => '/usr/bin/ecryptfs-setup-swap -f', + onlyif => 'grep swap /etc/fstab | grep -ve ^# -e cryptswap | grep -q swap', + } + +} diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/ethernet_bonding.pp b/global/overlay/etc/puppet/modules/sunet/manifests/ethernet_bonding.pp new file mode 100644 index 0000000..8ff7325 --- /dev/null +++ b/global/overlay/etc/puppet/modules/sunet/manifests/ethernet_bonding.pp @@ -0,0 +1,19 @@ +define sunet::ethernet_bonding() { + # Set up prerequisites for Ethernet LACP bonding of eth0 and eth1, + # for all physical hosts that are running Ubuntu. + # + # Bonding requires setup in /etc/network/interfaces as well. + # + if $::is_virtual == 'false' and $::operatingsystem == 'Ubuntu' { + if $::operatingsystemrelease <= '12.04' { + package {'ifenslave': ensure => 'present' } + } else { + package {'ifenslave-2.6': ensure => 'present' } + } + + file_line { 'load_module_at_boot': + path => '/etc/modules', + line => 'bonding', + } + } +} diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp b/global/overlay/etc/puppet/modules/sunet/manifests/server.pp new file mode 100644 index 0000000..9215c8f --- /dev/null +++ b/global/overlay/etc/puppet/modules/sunet/manifests/server.pp @@ -0,0 +1,9 @@ +define sunet::server() { + + # Set up encrypted swap + sunet::encrypted_swap { 'sunet_encrypted_swap': } + + # Add prerequisites for ethernet bonding, if physical server + sunet::ethernet_bonding { 'sunet_ethernet_bonding': } + +} |