7 files changed, 95 insertions, 20 deletions

diff --git a/global/overlay/etc/cosmos/apt/bootstrap-cosmos.sh b/global/overlay/etc/cosmos/apt/bootstrap-cosmos.sh
new file mode 100755
index 0000000..28cbde0
--- /dev/null
+++ b/global/overlay/etc/cosmos/apt/bootstrap-cosmos.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+cmd_hostname="$1"
+if test -z "$cmd_hostname"; then
+    echo "Usage: $0 HOSTNAME REPO TAGPATTERN"
+    exit 1
+fi
+
+cmd_repo="$2"
+if test -z "$cmd_repo"; then
+   echo "Usage $0 HOSTNAME REPO TAGPATTERN"
+   exit 2
+fi
+
+cmd_tags="$3"
+if test -z "$cmd_tags"; then
+   echo "Usage $0 HOSTNAME REPO TAGPATTERN"
+   exit 3
+fi
+
+set -x
+
+apt-get -y install rsync git-core wget
+dpkg -i cosmos_1.2-2_all.deb
+
+if ! test -d /var/cache/cosmos/repo; then
+    cosmos clone "$cmd_repo"
+fi
+
+hostname $cmd_hostname
+
+perl -pi -e "s,#COSMOS_REPO_MODELS=.*,COSMOS_REPO_MODELS=\"\\\$COSMOS_REPO/global/:\\\$COSMOS_REPO/$cmd_hostname/\"," /etc/cosmos/cosmos.conf
+perl -pi -e "s,#COSMOS_UPDATE_VERIFY_GIT_TAG_PATTERN=.*,COSMOS_UPDATE_VERIFY_GIT_TAG_PATTERN=\"${cmd_tags}*\"," /etc/cosmos/cosmos.conf
+
+env COSMOS_BASE=/var/cache/cosmos COSMOS_KEYS=/var/cache/cosmos/repo/global/overlay/etc/cosmos/keys /var/cache/cosmos/repo/global/post-tasks.d/015cosmos-trust
+
+(date; nohup cosmos -v update && nohup cosmos -v apply; date) 2>&1 | tee /var/log/cosmos.log
+
+
+exit 0
diff --git a/global/overlay/etc/cosmos/apt/cosmos_1.2-2_all.deb b/global/overlay/etc/cosmos/apt/cosmos_1.2-2_all.deb
new file mode 100644
index 0000000..9fe4434
--- /dev/null
+++ b/global/overlay/etc/cosmos/apt/cosmos_1.2-2_all.deb
diff --git a/global/overlay/etc/cron.d/cosmos b/global/overlay/etc/cron.d/cosmos
index 70af3a4..4eab8de 100644
--- a/global/overlay/etc/cron.d/cosmos
+++ b/global/overlay/etc/cron.d/cosmos
@@ -1,4 +1,4 @@
 SHELL=/bin/sh
 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 
-*/15 * * * *   root   test -f /etc/no-automatic-cosmos || (cosmos update ; cosmos apply)
+*/15 * * * *   root   test -f /etc/no-automatic-cosmos || /usr/local/bin/run-cosmos
diff --git a/global/overlay/etc/logrotate.d/docker-containers b/global/overlay/etc/logrotate.d/docker-containers
new file mode 100644
index 0000000..e9c90b8
--- /dev/null
+++ b/global/overlay/etc/logrotate.d/docker-containers
@@ -0,0 +1,7 @@
+/var/lib/docker/containers/*/*.log {                                                                                                                                     
+  rotate 7                                                                                                                                                               
+  daily
+  compress
+  delaycompress
+  copytruncate
+}
diff --git a/global/overlay/etc/puppet/cosmos-modules.conf b/global/overlay/etc/puppet/cosmos-modules.conf
index af786c4..e1ef0e5 100644
--- a/global/overlay/etc/puppet/cosmos-modules.conf
+++ b/global/overlay/etc/puppet/cosmos-modules.conf
@@ -1,13 +1,36 @@
 #
-# name source (puppetlabs fq name or git url) upgrade (yes/no)
-#
-concat puppetlabs/concat no
-stdlib puppetlabs/stdlib no
-cosmos git://github.com/leifj/puppet-cosmos.git yes
-ufw attachmentgenie/ufw no
-apt puppetlabs/apt no
-vcsrepo puppetlabs/vcsrepo no
-xinetd puppetlabs/xinetd no
-#golang elithrar/golang yes
-#python git://github.com/stankevich/puppet-python.git yes
-hiera-gpg git://github.com/SUNET/hiera-gpg.git no
+# name source (puppetlabs fq name or git url) upgrade (yes/no) tag-pattern
+#
+# NOTE that Git packages MUST be tagged with signatures by someone
+# in the Cosmos trust list. That is why all the URLs point to forked
+# versions in the SUNET github organization.
+#
+concat          git://github.com/SUNET/puppetlabs-concat.git yes sunet-*
+stdlib          git://github.com/SUNET/puppetlabs-stdlib.git yes sunet-*
+cosmos          git://github.com/SUNET/puppet-cosmos.git yes sunet-*
+ufw             git://github.com/SUNET/puppet-module-ufw.git yes sunet_dev-*
+apt             git://github.com/SUNET/puppetlabs-apt.git yes sunet_dev-*
+vcsrepo         git://github.com/SUNET/puppetlabs-vcsrepo.git yes sunet-*
+xinetd          git://github.com/SUNET/puppetlabs-xinetd.git yes sunet-*
+hiera-gpg       git://github.com/SUNET/hiera-gpg.git yes sunet-*
+#
+# Alternate sources you might or might not want to use:
+#concat          puppetlabs/concat no
+#stdlib          puppetlabs/stdlib no
+#ufw             attachmentgenie/ufw no
+#apt             puppetlabs/apt no
+#vcsrepo         puppetlabs/vcsrepo no
+#xinetd          puppetlabs/xinetd no
+#cosmos          git://github.com/leifj/puppet-cosmos.git yes
+#python          git://github.com/SUNET/puppet-python.git yes sunet-*
+#erlang          git://github.com/SUNET/garethr-erlang.git yes sunet-*
+#rabbitmq        git://github.com/SUNET/puppetlabs-rabbitmq.git yes sunet_dev-*
+#pound           git://github.com/SUNET/puppet-pound.git yes sunet_dev-*
+#augeas          git://github.com/SUNET/puppet-augeas.git yes sunet-*
+#bastion         git://github.com/SUNET/puppet-bastion.git yes sunet-*
+#postgresql      git://github.com/SUNET/puppetlabs-postgresql.git yes sunet_dev-*
+#munin           git://github.com/SUNET/ssm-munin.git yes sunet-*
+#nagios          git://github.com/SUNET/puppet-nagios.git yes sunet-*
+#staging         git://github.com/SUNET/puppet-staging.git yes sunet-*
+#apparmor        git://github.com/SUNET/puppet-apparmor.git yes sunet-*
+#docker          git://github.com/SUNET/garethr-docker.git yes sunet_dev-*
diff --git a/global/overlay/etc/puppet/hiera.yaml b/global/overlay/etc/puppet/hiera.yaml
index cd619bb..3663305 100644
--- a/global/overlay/etc/puppet/hiera.yaml
+++ b/global/overlay/etc/puppet/hiera.yaml
@@ -1,13 +1,16 @@
 ---
-:backends: - yaml
-           - gpg
+:backends:
+  - yaml
+  - gpg
 
 :logger: console
 
-:hierarchy: - %{env}/%{location}/%{calling_module}
-            - %{env}/%{calling_module}
-            - secrets.yaml
-            - common
+:hierarchy:
+  - "%{env}/%{location}/%{calling_module}"
+  - "%{env}/%{calling_module}"
+  - local
+  - secrets.yaml
+  - common
 
 
 :yaml:
diff --git a/global/overlay/etc/puppet/puppet.conf b/global/overlay/etc/puppet/puppet.conf
index a269892..88871f0 100644
--- a/global/overlay/etc/puppet/puppet.conf
+++ b/global/overlay/etc/puppet/puppet.conf
@@ -7,7 +7,7 @@ factpath=$vardir/lib/facter
 templatedir=$confdir/templates
 node_terminus = exec
 external_nodes = /etc/puppet/cosmos_enc.py
-modulepath = /etc/puppet/modules:/etc/puppet/cosmos-modules:/usr/share/puppet/modules
+basemodulepath = /etc/puppet/modules:/etc/puppet/cosmos-modules:/usr/share/puppet/modules
 
 [master]
 # These are needed when the puppetmaster is run by passenger