diff options
Diffstat (limited to 'global/overlay/etc/puppet')
6 files changed, 262 insertions, 7 deletions
diff --git a/global/overlay/etc/puppet/cosmos-modules.conf b/global/overlay/etc/puppet/cosmos-modules.conf index af786c4..b0a91f4 100644 --- a/global/overlay/etc/puppet/cosmos-modules.conf +++ b/global/overlay/etc/puppet/cosmos-modules.conf @@ -8,6 +8,7 @@ ufw attachmentgenie/ufw no apt puppetlabs/apt no vcsrepo puppetlabs/vcsrepo no xinetd puppetlabs/xinetd no -#golang elithrar/golang yes -#python git://github.com/stankevich/puppet-python.git yes +golang elithrar/golang yes +python git://github.com/stankevich/puppet-python.git yes +dhcp git://github.com/SUNET/puppetlabs-dhcp yes hiera-gpg git://github.com/SUNET/hiera-gpg.git no diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index d9dc495..2244c7a 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -1,2 +1,6 @@ -'ns[0-9]?.mnt.se$': - nameserver: +# Don't enable class sunet for all hosts until tested. +#'\.sunet\.se$': +# sunet: +'^cdr\d+\.sunet\.se$': + sunet-cdr: + sunet: diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index c276f84..4fec421 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -17,7 +17,7 @@ include cosmos # you need a default node -node default { +node default { } @@ -33,8 +33,8 @@ node default { #class nameserver { # package {'bind9': -# ensure => latest -# } +# ensure => latest +# } # service {'bind9': # ensure => running # } @@ -50,3 +50,213 @@ node default { # } #} + +ufw::allow {"allow-ssh-tcp": + ip => 'any', + port => 22, + proto => 'tcp' +} + +node 'sto-tug-kvm1.swamid.se' { + + class { 'dhcp': + dnsdomain => [ 'eduid.se','sunet.se' ], + nameservers => ['130.242.80.14','130.242.80.99'], + ntpservers => ['pool.ntp.org'], + interfaces => ['eth0'], + #pxeserver => '130.242.125.5', + #pxefilename => 'pxelinux.0' + } + + class { 'sunet-dhcp-hosts': } + +} + +class sunet-dhcp-hosts { + + dhcp::pool {'sunet-servernet-tug-130.242.125.64/26': + network => '130.242.125.64', + mask => '255.255.255.192', + gateway => '130.242.125.65', + range => '' + } + + dhcp::pool {'sunet-servernet-fre-130.242.125.128/26': + network => '130.242.125.128', + mask => '255.255.255.192', + gateway => '130.242.125.129', + range => '' + } + + dhcp::pool {'install': + network => '130.242.125.0', + mask => '255.255.255.192', + gateway => '130.242.125.1', + range => '' + } + + dhcp::pool {'eduid-tug-IdP': + network => '130.242.130.0', + mask => '255.255.255.248', + gateway => '130.242.130.1', + range => '' + } + + dhcp::pool {'eduid-tug-auth': + network => '130.242.130.8', + mask => '255.255.255.248', + gateway => '130.242.130.9', + range => '' + } + + dhcp::pool {'eduid-tug-other': + network => '130.242.130.16', + mask => '255.255.255.240', + gateway => '130.242.130.17', + range => '' + } + + dhcp::pool {'eduid-fre-IdP': + network => '130.242.130.64', + mask => '255.255.255.248', + gateway => '130.242.130.65', + range => '' + } + + dhcp::pool {'eduid-fre-auth': + network => '130.242.130.72', + mask => '255.255.255.248', + gateway => '130.242.130.73', + range => '' + } + + dhcp::pool {'eduid-fre-other': + network => '130.242.130.80', + mask => '255.255.255.240', + gateway => '130.242.130.81', + range => '' + } + + dhcp::pool {'eduid-lla-other': + network => '130.242.130.144', + mask => '255.255.255.240', + gateway => '130.242.130.145', + range => '' + } + + + # eduID TUG hosts + + dhcp::host { 'kvmidp-tug-2_eth0': mac => "24:b6:fd:fe:fa:51", ip => "130.242.130.4", hostname => 'kvmidp-tug-2'; } + dhcp::host { 'kvmidp-tug-2_eth1': mac => "24:b6:fd:fe:fa:52", ip => "130.242.130.4", hostname => 'kvmidp-tug-2'; } + + dhcp::host { 'idp-tug-2a': mac => "52:54:00:01:00:01", ip => "130.242.130.5"; } + + dhcp::host { 'idp-tug-2b': mac => "52:54:00:01:00:02", ip => "130.242.130.6"; } + + dhcp::host { 'auth-tug-2_eth0': mac => "f0:4d:a2:73:4e:9b", ip => "130.242.130.12", hostname => 'auth-tug-2'; } + dhcp::host { 'auth-tug-2_eth1': mac => "f0:4d:a2:73:4e:9c", ip => "130.242.130.12", hostname => 'auth-tug-2'; } + + dhcp::host { 'kvm-tug-2_eth0': mac => "f0:4d:a2:73:4f:82", ip => "130.242.130.20", hostname => 'kvm-tug-2'; } + dhcp::host { 'kvm-tug-2_eth1': mac => "f0:4d:a2:73:4f:83", ip => "130.242.130.20", hostname => 'kvm-tug-2'; } + + dhcp::host { 'db-tug-2_eth0': mac => "24:b6:fd:fe:fa:f0", ip => "130.242.130.21", hostname => 'db-tug-2'; } + dhcp::host { 'db-tug-2_eth1': mac => "24:b6:fd:fe:fa:f1", ip => "130.242.130.21", hostname => 'db-tug-2'; } + + dhcp::host { 'mq-tug-2': mac => "52:54:00:03:00:22", ip => "130.242.130.22"; } + + dhcp::host { 'worker-tug-2': mac => "52:54:00:03:00:23", ip => "130.242.130.23"; } + + dhcp::host { 'signup-tug-2': mac => "52:54:00:03:00:24", ip => "130.242.130.24"; } + + dhcp::host { 'helpdesk-tug-2': mac => "52:54:00:03:00:25", ip => "130.242.130.25"; } + + dhcp::host { 'www-tug-2': mac => "52:54:00:03:00:26", ip => "130.242.130.26"; } + + dhcp::host { 'dashboard-tug-2_eth0': mac => "f0:4d:a2:73:4f:0d", ip => "130.242.130.30", hostname => 'dashboard-tug-2'; } + dhcp::host { 'dashboard-tug-2_eth1': mac => "f0:4d:a2:73:4f:0e", ip => "130.242.130.30", hostname => 'dashboard-tug-2'; } + + + # eduID FRE hosts + + dhcp::host { 'kvmidp-fre-2_eth0': mac => "18:03:73:41:f3:e8", ip => "130.242.130.68", hostname => 'kvmidp-fre-2'; } + dhcp::host { 'kvmidp-fre-2_eth1': mac => "18:03:73:41:f3:e9", ip => "130.242.130.68", hostname => 'kvmidp-fre-2'; } + + dhcp::host { 'idp-fre-2a': mac => "52:54:00:04:00:01", ip => "130.242.130.69"; } + + dhcp::host { 'idp-fre-2b': mac => "52:54:00:04:00:02", ip => "130.242.130.70"; } + + dhcp::host { 'auth-fre-2_eth0': mac => "18:03:73:0f:41:3c", ip => "130.242.130.76", hostname => 'auth-fre-2'; } + dhcp::host { 'auth-fre-2_eth1': mac => "18:03:73:0f:41:3d", ip => "130.242.130.76", hostname => 'auth-fre-2'; } + + dhcp::host { 'kvm-fre-2_eth0': mac => "f0:4d:a2:73:4b:e3", ip => "130.242.130.84", hostname => 'kvm-fre-2'; } + dhcp::host { 'kvm-fre-2_eth1': mac => "f0:4d:a2:73:4b:e4", ip => "130.242.130.84", hostname => 'kvm-fre-2'; } + + dhcp::host { 'www-fre-2': mac => "52:54:00:06:00:01", ip => "130.242.130.86"; } + + dhcp::host { 'db-fre-2_eth0': mac => "f0:4d:a2:73:4f:19", ip => "130.242.130.85", hostname => 'db-fre-2'; } + dhcp::host { 'db-fre-2_eth1': mac => "f0:4d:a2:73:4f:1a", ip => "130.242.130.85", hostname => 'db-fre-2'; } + + + # eduID LLA hosts + + dhcp::host { 'db-lla-2_eth0': mac => "f0:4d:a2:73:4e:08", ip => "130.242.130.148", hostname => 'db-lla-2'; } + dhcp::host { 'db-lla-2_eth1': mac => "f0:4d:a2:73:4e:09", ip => "130.242.130.148", hostname => 'db-lla-2'; } + + + + # eduID Development subnets + dhcp::pool {'eduid-tug-dev': + network => '194.68.13.128', + mask => '255.255.255.224', + gateway => '194.68.13.129', + range => '' + } + + dhcp::pool {'eduid-fre-dev': + network => '194.68.13.160', + mask => '255.255.255.224', + gateway => '194.68.13.161', + range => '' + } + + # eduID TUG development hosts + dhcp::host { 'idp-tug-1': mac => "52:54:00:a0:00:92", ip => "194.68.13.146" } + + dhcp::host { 'testvm-tug-1': mac => "52:54:00:11:22:33", ip => "194.68.13.136" } + + # eduID FRE development hosts + dhcp::host { 'idp-fre-1': mac => "52:54:00:a1:00:b2", ip => "194.68.13.178" } + +} + +class sunet { + + # Until we have proper Puppet managing of SSH + #ufw::allow { 'allow-ssh-sunet': + # port => '22', + # proto => 'tcp' + #} + + package { 'emacs23-nox': + ensure => 'installed' + } + + sunet::server { 'sunet_server': } + +} + +class sunet-cdr { + + class { 'dhcp': + dnsdomain => [ 'eduid.se','sunet.se' ], + nameservers => ['130.242.80.14','130.242.80.99'], + ntpservers => ['pool.ntp.org'], + interfaces => ['bond0'], + #pxeserver => '130.242.125.5', + #pxefilename => 'pxelinux.0' + } + + class { 'sunet-dhcp-hosts': } + +} diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/encrypted_swap.pp b/global/overlay/etc/puppet/modules/sunet/manifests/encrypted_swap.pp new file mode 100644 index 0000000..9956e00 --- /dev/null +++ b/global/overlay/etc/puppet/modules/sunet/manifests/encrypted_swap.pp @@ -0,0 +1,12 @@ +define sunet::encrypted_swap() { + + package { 'ecryptfs-utils': + ensure => 'installed' + } -> + + exec {'sunet_ecryptfs_setup_swap': + command => '/usr/bin/ecryptfs-setup-swap -f', + onlyif => 'grep swap /etc/fstab | grep -ve ^# -e cryptswap | grep -q swap', + } + +} diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/ethernet_bonding.pp b/global/overlay/etc/puppet/modules/sunet/manifests/ethernet_bonding.pp new file mode 100644 index 0000000..8ff7325 --- /dev/null +++ b/global/overlay/etc/puppet/modules/sunet/manifests/ethernet_bonding.pp @@ -0,0 +1,19 @@ +define sunet::ethernet_bonding() { + # Set up prerequisites for Ethernet LACP bonding of eth0 and eth1, + # for all physical hosts that are running Ubuntu. + # + # Bonding requires setup in /etc/network/interfaces as well. + # + if $::is_virtual == 'false' and $::operatingsystem == 'Ubuntu' { + if $::operatingsystemrelease <= '12.04' { + package {'ifenslave': ensure => 'present' } + } else { + package {'ifenslave-2.6': ensure => 'present' } + } + + file_line { 'load_module_at_boot': + path => '/etc/modules', + line => 'bonding', + } + } +} diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp b/global/overlay/etc/puppet/modules/sunet/manifests/server.pp new file mode 100644 index 0000000..9215c8f --- /dev/null +++ b/global/overlay/etc/puppet/modules/sunet/manifests/server.pp @@ -0,0 +1,9 @@ +define sunet::server() { + + # Set up encrypted swap + sunet::encrypted_swap { 'sunet_encrypted_swap': } + + # Add prerequisites for ethernet bonding, if physical server + sunet::ethernet_bonding { 'sunet_ethernet_bonding': } + +} |