summaryrefslogtreecommitdiff
path: root/global/overlay/etc/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'global/overlay/etc/puppet')
-rw-r--r--global/overlay/etc/puppet/cosmos-modules.conf1
-rw-r--r--global/overlay/etc/puppet/facter/cosmos.rb22
-rw-r--r--global/overlay/etc/puppet/hiera.yaml14
-rw-r--r--global/overlay/etc/puppet/manifests/cosmos-site.pp150
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/server.pp47
-rw-r--r--global/overlay/etc/puppet/puppet.conf4
6 files changed, 207 insertions, 31 deletions
diff --git a/global/overlay/etc/puppet/cosmos-modules.conf b/global/overlay/etc/puppet/cosmos-modules.conf
index 7a95b31..bde1b61 100644
--- a/global/overlay/etc/puppet/cosmos-modules.conf
+++ b/global/overlay/etc/puppet/cosmos-modules.conf
@@ -22,3 +22,4 @@ mysql puppetlabs/mysql no
apache puppetlabs/apache no
pyff git://github.com/samlbits/puppet-pyff.git yes sunet-*
postgresql git://github.com/SUNET/puppetlabs-postgresql.git yes sunet-*
+dhcp git://github.com/SUNET/puppetlabs-dhcp.git yes sunet-*
diff --git a/global/overlay/etc/puppet/facter/cosmos.rb b/global/overlay/etc/puppet/facter/cosmos.rb
new file mode 100644
index 0000000..d810082
--- /dev/null
+++ b/global/overlay/etc/puppet/facter/cosmos.rb
@@ -0,0 +1,22 @@
+#
+# Extract local Cosmos configuration
+#
+require 'facter'
+Facter.add(:cosmos_repo) do
+ setcode do
+ Facter::Util::Resolution.exec("sh -c '. /etc/cosmos/cosmos.conf && echo $COSMOS_REPO'")
+ end
+end
+
+Facter.add(:cosmos_tag_pattern) do
+ setcode do
+ Facter::Util::Resolution.exec("sh -c '. /etc/cosmos/cosmos.conf && echo $COSMOS_UPDATE_VERIFY_GIT_TAG_PATTERN'")
+ end
+end
+
+Facter.add(:cosmos_repo_origin_url) do
+ setcode do
+ Facter::Util::Resolution.exec("sh -c '. /etc/cosmos/cosmos.conf && cd $COSMOS_REPO && git remote show -n origin | grep \"Fetch URL\" | awk \"{print \\$NF }\"'")
+ end
+end
+
diff --git a/global/overlay/etc/puppet/hiera.yaml b/global/overlay/etc/puppet/hiera.yaml
index cd619bb..782fa7f 100644
--- a/global/overlay/etc/puppet/hiera.yaml
+++ b/global/overlay/etc/puppet/hiera.yaml
@@ -1,13 +1,15 @@
---
-:backends: - yaml
- - gpg
+:backends:
+ - yaml
+ - gpg
:logger: console
-:hierarchy: - %{env}/%{location}/%{calling_module}
- - %{env}/%{calling_module}
- - secrets.yaml
- - common
+:hierarchy:
+ - "%{env}/%{location}/%{calling_module}"
+ - "%{env}/%{calling_module}"
+ - secrets.yaml
+ - common
:yaml:
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 34ff4cb..8835226 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -44,11 +44,11 @@ node default {
node 'sto-tug-kvm1.swamid.se' {
-
+
package {'python-vm-builder':
ensure => 'installed',
- } ->
-
+ } ->
+
cosmos::dhcp_kvm { 'registry.swamid.se':
mac => '52:54:00:52:53:0b',
repo => 'git://git.nordu.net/sunet-ops.git',
@@ -286,36 +286,100 @@ class sunet-dhcp-hosts {
# eduID Development subnets
- dhcp::pool {'eduid-tug-dev':
- network => '194.68.13.128',
- mask => '255.255.255.224',
- gateway => '194.68.13.129',
- range => '',
- options => 'domain-name-servers 109.105.111.31, 109.105.110.31',
- }
+ #dhcp::pool {'eduid-tug-dev':
+ # network => '194.68.13.128',
+ # mask => '255.255.255.224',
+ # gateway => '194.68.13.129',
+ # range => '',
+ # options => 'domain-name-servers 109.105.111.31, 109.105.110.31',
+ #}
- dhcp::pool {'eduid-fre-dev':
- network => '194.68.13.160',
- mask => '255.255.255.224',
- gateway => '194.68.13.161',
- range => '',
- options => 'domain-name-servers 109.105.111.31, 109.105.110.31',
+ #dhcp::pool {'eduid-fre-dev':
+ # network => '194.68.13.160',
+ # mask => '255.255.255.224',
+ # gateway => '194.68.13.161',
+ # range => '',
+ # options => 'domain-name-servers 109.105.111.31, 109.105.110.31',
+ #}
+
+ dhcp::pool {'eduid-dev-tug':
+ network => '130.242.130.192',
+ mask => '255.255.255.224',
+ gateway => '130.242.130.193',
+ range => ''
}
+ # One big subnet used for now
+ #dhcp::pool {'eduid-dev-tug-IdP':
+ # network => '130.242.130.192',
+ # mask => '255.255.255.248',
+ # gateway => '130.242.130.201',
+ # range => ''
+ #}
+
+ # One big subnet used for now
+ #dhcp::pool {'eduid-dev-tug-auth':
+ # network => '130.242.130.200',
+ # mask => '255.255.255.248',
+ # gateway => '130.242.130.201',
+ # range => ''
+ #}
+
+ # One big subnet used for now
+ #dhcp::pool {'eduid-dev-tug-other':
+ # network => '130.242.130.208',
+ # mask => '255.255.255.240',
+ # gateway => '130.242.130.209',
+ # range => ''
+ #}
+
# eduID TUG development hosts
- dhcp::host { 'idp-tug-1': mac => "52:54:00:a0:00:92", ip => "194.68.13.146" }
+ dhcp::host { 'worker-fre-1': mac => "52:54:00:a0:01:c4", ip => "130.242.130.196" }
+
+ dhcp::host { 'auth-fre-1_eth0': mac => "78:45:c4:f7:91:67", ip => "130.242.130.204", hostname => 'auth-fre-1'; }
+ dhcp::host { 'auth-fre-1_eth1': mac => "78:45:c4:f7:91:68", ip => "130.242.130.204", hostname => 'auth-fre-1'; }
+
+ dhcp::host { 'auth-tug-1_eth0': mac => "78:45:c4:f8:43:c5", ip => "130.242.130.205", hostname => 'auth-tug-1'; }
+ dhcp::host { 'auth-tug-1_eth1': mac => "78:45:c4:f8:43:c6", ip => "130.242.130.205", hostname => 'auth-tug-1'; }
+
+ dhcp::host { 'admin-tug-1': mac => "52:54:00:a0:01:d4", ip => "130.242.130.212" }
+
+ dhcp::host { 'dash-fre-1': mac => "52:54:00:a0:01:d5", ip => "130.242.130.213" }
+
+ dhcp::host { 'idp-fre-1': mac => "52:54:00:a0:01:d6", ip => "130.242.130.214" }
+
+ dhcp::host { 'idp-tug-1': mac => "52:54:00:a0:01:d7", ip => "130.242.130.215" }
+
+ dhcp::host { 'kvm-fre-1_eth0': mac => "78:45:c4:f8:45:15", ip => "130.242.130.216", hostname => 'kvm-fre-1'; }
+ dhcp::host { 'kvm-fre-1_eth1': mac => "78:45:c4:f8:45:16", ip => "130.242.130.216", hostname => 'kvm-fre-1'; }
+
+ dhcp::host { 'kvm-tug-1_eth0': mac => "78:45:c4:f8:47:be", ip => "130.242.130.217", hostname => 'kvm-tug-1'; }
+ dhcp::host { 'kvm-tug-1_eth1': mac => "78:45:c4:f8:47:bf", ip => "130.242.130.217", hostname => 'kvm-tug-1'; }
+
+ dhcp::host { 'monitor-fre-1': mac => "52:54:00:a0:01:da", ip => "130.242.130.218" }
- dhcp::host { 'testvm-tug-1': mac => "52:54:00:11:22:33", ip => "194.68.13.136" }
+ dhcp::host { 'mq-fre-1': mac => "52:54:00:a0:01:db", ip => "130.242.130.219" }
- dhcp::host { 'userdb-tug-1': mac => "52:54:00:93:22:29", ip => "194.68.13.132" }
- dhcp::host { 'userdb-tug-2': mac => "52:54:00:17:13:ff", ip => "194.68.13.133" }
+ dhcp::host { 'userdb-fre-1': mac => "52:54:00:a0:01:dc", ip => "130.242.130.220" }
+
+ dhcp::host { 'userdb-tug-1': mac => "52:54:00:a0:01:dd", ip => "130.242.130.221" }
+
+ dhcp::host { 'userdb-tug-2': mac => "52:54:00:a0:01:de", ip => "130.242.130.222" }
+
+
+ #dhcp::host { 'idp-tug-1': mac => "52:54:00:a0:00:92", ip => "194.68.13.146" }
+
+ #dhcp::host { 'testvm-tug-1': mac => "52:54:00:11:22:33", ip => "194.68.13.136" }
+
+ #dhcp::host { 'userdb-tug-1': mac => "52:54:00:93:22:29", ip => "194.68.13.132" }
+ #dhcp::host { 'userdb-tug-2': mac => "52:54:00:17:13:ff", ip => "194.68.13.133" }
# eduID FRE development hosts
- dhcp::host { 'idp-fre-1': mac => "52:54:00:a1:00:b2", ip => "194.68.13.178" }
+ #dhcp::host { 'idp-fre-1': mac => "52:54:00:a1:00:b2", ip => "194.68.13.178" }
- dhcp::host { 'dash-fre-1': mac => "52:54:00:a2:00:a7", ip => "194.68.13.167" }
+ #dhcp::host { 'dash-fre-1': mac => "52:54:00:a2:00:a7", ip => "194.68.13.167" }
- dhcp::host { 'userdb-fre-1': mac => "52:54:00:17:13:f6", ip => "194.68.13.164" }
+ #dhcp::host { 'userdb-fre-1': mac => "52:54:00:17:13:f6", ip => "194.68.13.164" }
# SUNET TUG hosts
@@ -325,6 +389,10 @@ class sunet-dhcp-hosts {
dhcp::host { 'md-master.reep': mac => "52:54:00:39:8d:ac", ip => "130.242.125.83" }
dhcp::host { 'lobo2.lab': mac => "52:54:00:5e:72:91", ip => "130.242.125.86" }
+ # SUNET TUG eduID hosts (KVM host cdr1.sunet.se)
+ dhcp::host { 'backup-tug-3': mac => "52:54:00:f2:7d:54", ip => "130.242.125.84" }
+ dhcp::host { 'proxy-tug-3': mac => "52:54:00:f2:7d:55", ip => "130.242.125.85" }
+
# SWAMID production
dhcp::host { 'registry.swamid': mac => "52:54:00:52:53:0b", ip => "130.242.125.90" }
}
@@ -481,13 +549,47 @@ node 'wp.sunet.se' {
}
}
+node 'cdr1.sunet.se' {
+
+ package {'python-vm-builder':
+ ensure => 'installed',
+ } ->
+
+ cosmos::dhcp_kvm { 'backup-tug-3.eduid.se':
+ mac => '52:54:00:f2:7d:54',
+ repo => 'git://git.nordu.net/eduid-ops.git',
+ tagpattern => 'eduid-v3',
+ cpus => '1',
+ memory => '512',
+ suite => 'trusty',
+ extras => '--addpkg linux-image-generic --tmpfs -',
+ }
+
+ cosmos::dhcp_kvm { 'proxy-tug-3.eduid.se':
+ mac => '52:54:00:f2:7d:55',
+ repo => 'git://git.nordu.net/eduid-ops.git',
+ tagpattern => 'eduid-v3',
+ cpus => '1',
+ memory => '512',
+ suite => 'trusty',
+ extras => '--addpkg linux-image-generic --tmpfs -',
+ }
+
+}
+
class sunet-cdr {
+ # Listen on br0 if it exists (cdr1), otherwise bond0 (cdr2).
+ $interface = $::ipaddress_br0 ? {
+ undef => 'bond0',
+ default => 'br0',
+ }
+
class { 'dhcp':
dnsdomain => [ 'eduid.se','sunet.se','swamid.se' ],
nameservers => ['130.242.80.14','130.242.80.99'],
ntpservers => ['ntp1.nordu.net','ntp2.nordu.net','Time1.Stupi.SE'],
- interfaces => ['bond0'],
+ interfaces => [$interface],
#pxeserver => '130.242.125.5',
#pxefilename => 'pxelinux.0'
}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp b/global/overlay/etc/puppet/modules/sunet/manifests/server.pp
index 875dc69..14df323 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/server.pp
@@ -37,4 +37,51 @@ define sunet::server() {
notify => Service['ssh'],
}
+ # already declared in puppet-cosmos/manifests/ntp.pp
+ #service { 'ntp':
+ # ensure => 'running',
+ #}
+
+ # Don't use pool.ntp.org servers, but rather DHCP provided NTP servers
+ line { 'no_pool_ntp_org_servers':
+ file => '/etc/ntp.conf',
+ line => '^server .*\.pool\.ntp\.org',
+ ensure => 'comment',
+ notify => Service['ntp'],
+ }
+
+ file { '/var/cache/scriptherder':
+ ensure => 'directory',
+ path => '/var/cache/scriptherder',
+ mode => '1777', # like /tmp, so user-cronjobs can also use scriptherder
+ }
+
+
+}
+
+# from http://projects.puppetlabs.com/projects/puppet/wiki/Simple_Text_Patterns/5
+define line($file, $line, $ensure = 'present') {
+ case $ensure {
+ default : { err ( "unknown ensure value ${ensure}" ) }
+ present: {
+ exec { "/bin/echo '${line}' >> '${file}'":
+ unless => "/bin/grep -qFx '${line}' '${file}'"
+ }
+ }
+ absent: {
+ exec { "/usr/bin/perl -ni -e 'print unless /^\\Q${line}\\E\$/' '${file}'":
+ onlyif => "/bin/grep -qFx '${line}' '${file}'"
+ }
+ }
+ uncomment: {
+ exec { "/bin/sed -i -e'/${line}/s/^#\\+//' '${file}'":
+ onlyif => "/bin/grep '${line}' '${file}' | /bin/grep '^#' | /usr/bin/wc -l"
+ }
+ }
+ comment: {
+ exec { "/bin/sed -i -e'/${line}/s/^\\(.\\+\\)$/#\\1/' '${file}'":
+ onlyif => "/usr/bin/test `/bin/grep '${line}' '${file}' | /bin/grep -v '^#' | /usr/bin/wc -l` -ne 0"
+ }
+ }
+ }
}
diff --git a/global/overlay/etc/puppet/puppet.conf b/global/overlay/etc/puppet/puppet.conf
index a269892..96f7b44 100644
--- a/global/overlay/etc/puppet/puppet.conf
+++ b/global/overlay/etc/puppet/puppet.conf
@@ -3,7 +3,9 @@ logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
-factpath=$vardir/lib/facter
+# factpath is supposed to be colon-delimeted, but that does not appear to work
+# (tested with 'strace -f facter --puppet something' - does not split on colon in Puppet 3.4.2).
+factpath=/etc/puppet/facter
templatedir=$confdir/templates
node_terminus = exec
external_nodes = /etc/puppet/cosmos_enc.py