diff options
Diffstat (limited to 'global/overlay/etc/puppet')
-rw-r--r-- | global/overlay/etc/puppet/cosmos-modules.conf | 1 | ||||
-rw-r--r-- | global/overlay/etc/puppet/facter/cosmos.rb | 22 | ||||
-rw-r--r-- | global/overlay/etc/puppet/hiera.yaml | 14 | ||||
-rw-r--r-- | global/overlay/etc/puppet/manifests/cosmos-site.pp | 150 | ||||
-rw-r--r-- | global/overlay/etc/puppet/modules/sunet/manifests/server.pp | 47 | ||||
-rw-r--r-- | global/overlay/etc/puppet/puppet.conf | 4 |
6 files changed, 207 insertions, 31 deletions
diff --git a/global/overlay/etc/puppet/cosmos-modules.conf b/global/overlay/etc/puppet/cosmos-modules.conf index 7a95b31..bde1b61 100644 --- a/global/overlay/etc/puppet/cosmos-modules.conf +++ b/global/overlay/etc/puppet/cosmos-modules.conf @@ -22,3 +22,4 @@ mysql puppetlabs/mysql no apache puppetlabs/apache no pyff git://github.com/samlbits/puppet-pyff.git yes sunet-* postgresql git://github.com/SUNET/puppetlabs-postgresql.git yes sunet-* +dhcp git://github.com/SUNET/puppetlabs-dhcp.git yes sunet-* diff --git a/global/overlay/etc/puppet/facter/cosmos.rb b/global/overlay/etc/puppet/facter/cosmos.rb new file mode 100644 index 0000000..d810082 --- /dev/null +++ b/global/overlay/etc/puppet/facter/cosmos.rb @@ -0,0 +1,22 @@ +# +# Extract local Cosmos configuration +# +require 'facter' +Facter.add(:cosmos_repo) do + setcode do + Facter::Util::Resolution.exec("sh -c '. /etc/cosmos/cosmos.conf && echo $COSMOS_REPO'") + end +end + +Facter.add(:cosmos_tag_pattern) do + setcode do + Facter::Util::Resolution.exec("sh -c '. /etc/cosmos/cosmos.conf && echo $COSMOS_UPDATE_VERIFY_GIT_TAG_PATTERN'") + end +end + +Facter.add(:cosmos_repo_origin_url) do + setcode do + Facter::Util::Resolution.exec("sh -c '. /etc/cosmos/cosmos.conf && cd $COSMOS_REPO && git remote show -n origin | grep \"Fetch URL\" | awk \"{print \\$NF }\"'") + end +end + diff --git a/global/overlay/etc/puppet/hiera.yaml b/global/overlay/etc/puppet/hiera.yaml index cd619bb..782fa7f 100644 --- a/global/overlay/etc/puppet/hiera.yaml +++ b/global/overlay/etc/puppet/hiera.yaml @@ -1,13 +1,15 @@ --- -:backends: - yaml - - gpg +:backends: + - yaml + - gpg :logger: console -:hierarchy: - %{env}/%{location}/%{calling_module} - - %{env}/%{calling_module} - - secrets.yaml - - common +:hierarchy: + - "%{env}/%{location}/%{calling_module}" + - "%{env}/%{calling_module}" + - secrets.yaml + - common :yaml: diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 34ff4cb..8835226 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -44,11 +44,11 @@ node default { node 'sto-tug-kvm1.swamid.se' { - + package {'python-vm-builder': ensure => 'installed', - } -> - + } -> + cosmos::dhcp_kvm { 'registry.swamid.se': mac => '52:54:00:52:53:0b', repo => 'git://git.nordu.net/sunet-ops.git', @@ -286,36 +286,100 @@ class sunet-dhcp-hosts { # eduID Development subnets - dhcp::pool {'eduid-tug-dev': - network => '194.68.13.128', - mask => '255.255.255.224', - gateway => '194.68.13.129', - range => '', - options => 'domain-name-servers 109.105.111.31, 109.105.110.31', - } + #dhcp::pool {'eduid-tug-dev': + # network => '194.68.13.128', + # mask => '255.255.255.224', + # gateway => '194.68.13.129', + # range => '', + # options => 'domain-name-servers 109.105.111.31, 109.105.110.31', + #} - dhcp::pool {'eduid-fre-dev': - network => '194.68.13.160', - mask => '255.255.255.224', - gateway => '194.68.13.161', - range => '', - options => 'domain-name-servers 109.105.111.31, 109.105.110.31', + #dhcp::pool {'eduid-fre-dev': + # network => '194.68.13.160', + # mask => '255.255.255.224', + # gateway => '194.68.13.161', + # range => '', + # options => 'domain-name-servers 109.105.111.31, 109.105.110.31', + #} + + dhcp::pool {'eduid-dev-tug': + network => '130.242.130.192', + mask => '255.255.255.224', + gateway => '130.242.130.193', + range => '' } + # One big subnet used for now + #dhcp::pool {'eduid-dev-tug-IdP': + # network => '130.242.130.192', + # mask => '255.255.255.248', + # gateway => '130.242.130.201', + # range => '' + #} + + # One big subnet used for now + #dhcp::pool {'eduid-dev-tug-auth': + # network => '130.242.130.200', + # mask => '255.255.255.248', + # gateway => '130.242.130.201', + # range => '' + #} + + # One big subnet used for now + #dhcp::pool {'eduid-dev-tug-other': + # network => '130.242.130.208', + # mask => '255.255.255.240', + # gateway => '130.242.130.209', + # range => '' + #} + # eduID TUG development hosts - dhcp::host { 'idp-tug-1': mac => "52:54:00:a0:00:92", ip => "194.68.13.146" } + dhcp::host { 'worker-fre-1': mac => "52:54:00:a0:01:c4", ip => "130.242.130.196" } + + dhcp::host { 'auth-fre-1_eth0': mac => "78:45:c4:f7:91:67", ip => "130.242.130.204", hostname => 'auth-fre-1'; } + dhcp::host { 'auth-fre-1_eth1': mac => "78:45:c4:f7:91:68", ip => "130.242.130.204", hostname => 'auth-fre-1'; } + + dhcp::host { 'auth-tug-1_eth0': mac => "78:45:c4:f8:43:c5", ip => "130.242.130.205", hostname => 'auth-tug-1'; } + dhcp::host { 'auth-tug-1_eth1': mac => "78:45:c4:f8:43:c6", ip => "130.242.130.205", hostname => 'auth-tug-1'; } + + dhcp::host { 'admin-tug-1': mac => "52:54:00:a0:01:d4", ip => "130.242.130.212" } + + dhcp::host { 'dash-fre-1': mac => "52:54:00:a0:01:d5", ip => "130.242.130.213" } + + dhcp::host { 'idp-fre-1': mac => "52:54:00:a0:01:d6", ip => "130.242.130.214" } + + dhcp::host { 'idp-tug-1': mac => "52:54:00:a0:01:d7", ip => "130.242.130.215" } + + dhcp::host { 'kvm-fre-1_eth0': mac => "78:45:c4:f8:45:15", ip => "130.242.130.216", hostname => 'kvm-fre-1'; } + dhcp::host { 'kvm-fre-1_eth1': mac => "78:45:c4:f8:45:16", ip => "130.242.130.216", hostname => 'kvm-fre-1'; } + + dhcp::host { 'kvm-tug-1_eth0': mac => "78:45:c4:f8:47:be", ip => "130.242.130.217", hostname => 'kvm-tug-1'; } + dhcp::host { 'kvm-tug-1_eth1': mac => "78:45:c4:f8:47:bf", ip => "130.242.130.217", hostname => 'kvm-tug-1'; } + + dhcp::host { 'monitor-fre-1': mac => "52:54:00:a0:01:da", ip => "130.242.130.218" } - dhcp::host { 'testvm-tug-1': mac => "52:54:00:11:22:33", ip => "194.68.13.136" } + dhcp::host { 'mq-fre-1': mac => "52:54:00:a0:01:db", ip => "130.242.130.219" } - dhcp::host { 'userdb-tug-1': mac => "52:54:00:93:22:29", ip => "194.68.13.132" } - dhcp::host { 'userdb-tug-2': mac => "52:54:00:17:13:ff", ip => "194.68.13.133" } + dhcp::host { 'userdb-fre-1': mac => "52:54:00:a0:01:dc", ip => "130.242.130.220" } + + dhcp::host { 'userdb-tug-1': mac => "52:54:00:a0:01:dd", ip => "130.242.130.221" } + + dhcp::host { 'userdb-tug-2': mac => "52:54:00:a0:01:de", ip => "130.242.130.222" } + + + #dhcp::host { 'idp-tug-1': mac => "52:54:00:a0:00:92", ip => "194.68.13.146" } + + #dhcp::host { 'testvm-tug-1': mac => "52:54:00:11:22:33", ip => "194.68.13.136" } + + #dhcp::host { 'userdb-tug-1': mac => "52:54:00:93:22:29", ip => "194.68.13.132" } + #dhcp::host { 'userdb-tug-2': mac => "52:54:00:17:13:ff", ip => "194.68.13.133" } # eduID FRE development hosts - dhcp::host { 'idp-fre-1': mac => "52:54:00:a1:00:b2", ip => "194.68.13.178" } + #dhcp::host { 'idp-fre-1': mac => "52:54:00:a1:00:b2", ip => "194.68.13.178" } - dhcp::host { 'dash-fre-1': mac => "52:54:00:a2:00:a7", ip => "194.68.13.167" } + #dhcp::host { 'dash-fre-1': mac => "52:54:00:a2:00:a7", ip => "194.68.13.167" } - dhcp::host { 'userdb-fre-1': mac => "52:54:00:17:13:f6", ip => "194.68.13.164" } + #dhcp::host { 'userdb-fre-1': mac => "52:54:00:17:13:f6", ip => "194.68.13.164" } # SUNET TUG hosts @@ -325,6 +389,10 @@ class sunet-dhcp-hosts { dhcp::host { 'md-master.reep': mac => "52:54:00:39:8d:ac", ip => "130.242.125.83" } dhcp::host { 'lobo2.lab': mac => "52:54:00:5e:72:91", ip => "130.242.125.86" } + # SUNET TUG eduID hosts (KVM host cdr1.sunet.se) + dhcp::host { 'backup-tug-3': mac => "52:54:00:f2:7d:54", ip => "130.242.125.84" } + dhcp::host { 'proxy-tug-3': mac => "52:54:00:f2:7d:55", ip => "130.242.125.85" } + # SWAMID production dhcp::host { 'registry.swamid': mac => "52:54:00:52:53:0b", ip => "130.242.125.90" } } @@ -481,13 +549,47 @@ node 'wp.sunet.se' { } } +node 'cdr1.sunet.se' { + + package {'python-vm-builder': + ensure => 'installed', + } -> + + cosmos::dhcp_kvm { 'backup-tug-3.eduid.se': + mac => '52:54:00:f2:7d:54', + repo => 'git://git.nordu.net/eduid-ops.git', + tagpattern => 'eduid-v3', + cpus => '1', + memory => '512', + suite => 'trusty', + extras => '--addpkg linux-image-generic --tmpfs -', + } + + cosmos::dhcp_kvm { 'proxy-tug-3.eduid.se': + mac => '52:54:00:f2:7d:55', + repo => 'git://git.nordu.net/eduid-ops.git', + tagpattern => 'eduid-v3', + cpus => '1', + memory => '512', + suite => 'trusty', + extras => '--addpkg linux-image-generic --tmpfs -', + } + +} + class sunet-cdr { + # Listen on br0 if it exists (cdr1), otherwise bond0 (cdr2). + $interface = $::ipaddress_br0 ? { + undef => 'bond0', + default => 'br0', + } + class { 'dhcp': dnsdomain => [ 'eduid.se','sunet.se','swamid.se' ], nameservers => ['130.242.80.14','130.242.80.99'], ntpservers => ['ntp1.nordu.net','ntp2.nordu.net','Time1.Stupi.SE'], - interfaces => ['bond0'], + interfaces => [$interface], #pxeserver => '130.242.125.5', #pxefilename => 'pxelinux.0' } diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp b/global/overlay/etc/puppet/modules/sunet/manifests/server.pp index 875dc69..14df323 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/server.pp @@ -37,4 +37,51 @@ define sunet::server() { notify => Service['ssh'], } + # already declared in puppet-cosmos/manifests/ntp.pp + #service { 'ntp': + # ensure => 'running', + #} + + # Don't use pool.ntp.org servers, but rather DHCP provided NTP servers + line { 'no_pool_ntp_org_servers': + file => '/etc/ntp.conf', + line => '^server .*\.pool\.ntp\.org', + ensure => 'comment', + notify => Service['ntp'], + } + + file { '/var/cache/scriptherder': + ensure => 'directory', + path => '/var/cache/scriptherder', + mode => '1777', # like /tmp, so user-cronjobs can also use scriptherder + } + + +} + +# from http://projects.puppetlabs.com/projects/puppet/wiki/Simple_Text_Patterns/5 +define line($file, $line, $ensure = 'present') { + case $ensure { + default : { err ( "unknown ensure value ${ensure}" ) } + present: { + exec { "/bin/echo '${line}' >> '${file}'": + unless => "/bin/grep -qFx '${line}' '${file}'" + } + } + absent: { + exec { "/usr/bin/perl -ni -e 'print unless /^\\Q${line}\\E\$/' '${file}'": + onlyif => "/bin/grep -qFx '${line}' '${file}'" + } + } + uncomment: { + exec { "/bin/sed -i -e'/${line}/s/^#\\+//' '${file}'": + onlyif => "/bin/grep '${line}' '${file}' | /bin/grep '^#' | /usr/bin/wc -l" + } + } + comment: { + exec { "/bin/sed -i -e'/${line}/s/^\\(.\\+\\)$/#\\1/' '${file}'": + onlyif => "/usr/bin/test `/bin/grep '${line}' '${file}' | /bin/grep -v '^#' | /usr/bin/wc -l` -ne 0" + } + } + } } diff --git a/global/overlay/etc/puppet/puppet.conf b/global/overlay/etc/puppet/puppet.conf index a269892..96f7b44 100644 --- a/global/overlay/etc/puppet/puppet.conf +++ b/global/overlay/etc/puppet/puppet.conf @@ -3,7 +3,9 @@ logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet -factpath=$vardir/lib/facter +# factpath is supposed to be colon-delimeted, but that does not appear to work +# (tested with 'strace -f facter --puppet something' - does not split on colon in Puppet 3.4.2). +factpath=/etc/puppet/facter templatedir=$confdir/templates node_terminus = exec external_nodes = /etc/puppet/cosmos_enc.py |