diff options
| -rw-r--r-- | global/overlay/etc/cron.d/cosmos | 2 | ||||
| -rw-r--r-- | global/overlay/etc/puppet/cosmos-modules.conf | 47 | ||||
| -rw-r--r-- | global/overlay/etc/puppet/hiera.yaml | 15 | ||||
| -rwxr-xr-x | global/overlay/usr/local/bin/run-cosmos | 22 |
4 files changed, 67 insertions, 19 deletions
diff --git a/global/overlay/etc/cron.d/cosmos b/global/overlay/etc/cron.d/cosmos index 70af3a4..4eab8de 100644 --- a/global/overlay/etc/cron.d/cosmos +++ b/global/overlay/etc/cron.d/cosmos @@ -1,4 +1,4 @@ SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin -*/15 * * * * root test -f /etc/no-automatic-cosmos || (cosmos update ; cosmos apply) +*/15 * * * * root test -f /etc/no-automatic-cosmos || /usr/local/bin/run-cosmos diff --git a/global/overlay/etc/puppet/cosmos-modules.conf b/global/overlay/etc/puppet/cosmos-modules.conf index af786c4..e1ef0e5 100644 --- a/global/overlay/etc/puppet/cosmos-modules.conf +++ b/global/overlay/etc/puppet/cosmos-modules.conf @@ -1,13 +1,36 @@ # -# name source (puppetlabs fq name or git url) upgrade (yes/no) -# -concat puppetlabs/concat no -stdlib puppetlabs/stdlib no -cosmos git://github.com/leifj/puppet-cosmos.git yes -ufw attachmentgenie/ufw no -apt puppetlabs/apt no -vcsrepo puppetlabs/vcsrepo no -xinetd puppetlabs/xinetd no -#golang elithrar/golang yes -#python git://github.com/stankevich/puppet-python.git yes -hiera-gpg git://github.com/SUNET/hiera-gpg.git no +# name source (puppetlabs fq name or git url) upgrade (yes/no) tag-pattern +# +# NOTE that Git packages MUST be tagged with signatures by someone +# in the Cosmos trust list. That is why all the URLs point to forked +# versions in the SUNET github organization. +# +concat git://github.com/SUNET/puppetlabs-concat.git yes sunet-* +stdlib git://github.com/SUNET/puppetlabs-stdlib.git yes sunet-* +cosmos git://github.com/SUNET/puppet-cosmos.git yes sunet-* +ufw git://github.com/SUNET/puppet-module-ufw.git yes sunet_dev-* +apt git://github.com/SUNET/puppetlabs-apt.git yes sunet_dev-* +vcsrepo git://github.com/SUNET/puppetlabs-vcsrepo.git yes sunet-* +xinetd git://github.com/SUNET/puppetlabs-xinetd.git yes sunet-* +hiera-gpg git://github.com/SUNET/hiera-gpg.git yes sunet-* +# +# Alternate sources you might or might not want to use: +#concat puppetlabs/concat no +#stdlib puppetlabs/stdlib no +#ufw attachmentgenie/ufw no +#apt puppetlabs/apt no +#vcsrepo puppetlabs/vcsrepo no +#xinetd puppetlabs/xinetd no +#cosmos git://github.com/leifj/puppet-cosmos.git yes +#python git://github.com/SUNET/puppet-python.git yes sunet-* +#erlang git://github.com/SUNET/garethr-erlang.git yes sunet-* +#rabbitmq git://github.com/SUNET/puppetlabs-rabbitmq.git yes sunet_dev-* +#pound git://github.com/SUNET/puppet-pound.git yes sunet_dev-* +#augeas git://github.com/SUNET/puppet-augeas.git yes sunet-* +#bastion git://github.com/SUNET/puppet-bastion.git yes sunet-* +#postgresql git://github.com/SUNET/puppetlabs-postgresql.git yes sunet_dev-* +#munin git://github.com/SUNET/ssm-munin.git yes sunet-* +#nagios git://github.com/SUNET/puppet-nagios.git yes sunet-* +#staging git://github.com/SUNET/puppet-staging.git yes sunet-* +#apparmor git://github.com/SUNET/puppet-apparmor.git yes sunet-* +#docker git://github.com/SUNET/garethr-docker.git yes sunet_dev-* diff --git a/global/overlay/etc/puppet/hiera.yaml b/global/overlay/etc/puppet/hiera.yaml index cd619bb..3663305 100644 --- a/global/overlay/etc/puppet/hiera.yaml +++ b/global/overlay/etc/puppet/hiera.yaml @@ -1,13 +1,16 @@ --- -:backends: - yaml - - gpg +:backends: + - yaml + - gpg :logger: console -:hierarchy: - %{env}/%{location}/%{calling_module} - - %{env}/%{calling_module} - - secrets.yaml - - common +:hierarchy: + - "%{env}/%{location}/%{calling_module}" + - "%{env}/%{calling_module}" + - local + - secrets.yaml + - common :yaml: diff --git a/global/overlay/usr/local/bin/run-cosmos b/global/overlay/usr/local/bin/run-cosmos new file mode 100755 index 0000000..a37d49f --- /dev/null +++ b/global/overlay/usr/local/bin/run-cosmos @@ -0,0 +1,22 @@ +#!/bin/sh +# +# Simplify running cosmos, with serialization if flock is available. +# + +set -e + +FLOCK=`which flock` + +if [ -x "$FLOCK" ]; then + ($FLOCK --exclusive --wait 60 9 || exit 1 + cosmos $* update + cosmos $* apply + )9>/var/lock/run-cosmos +else + cosmos $* update + cosmos $* apply +fi + +touch /var/run/last-cosmos-ok.stamp + +find /var/lib/puppet/reports/ -type f -mtime +10 | xargs rm -f |