From cd7acf3cd7e6a193791220e59a92b07b301dbdc3 Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Sat, 9 May 2015 17:08:26 +0200 Subject: drop old modules --- .../modules/sunet/manifests/add_user_to_group.pp | 7 - .../puppet/modules/sunet/manifests/cloudimage.pp | 38 -- .../puppet/modules/sunet/manifests/docker_run.pp | 46 -- .../puppet/modules/sunet/manifests/dockerhost.pp | 56 -- .../modules/sunet/manifests/encrypted_swap.pp | 12 - .../puppet/modules/sunet/manifests/etcd_node.pp | 44 -- .../modules/sunet/manifests/ethernet_bonding.pp | 19 - .../etc/puppet/modules/sunet/manifests/fail2ban.pp | 14 - .../etc/puppet/modules/sunet/manifests/flog.pp | 82 --- .../etc/puppet/modules/sunet/manifests/ici_ca.pp | 38 -- .../etc/puppet/modules/sunet/manifests/nagios.pp | 49 -- .../etc/puppet/modules/sunet/manifests/server.pp | 91 --- .../puppet/modules/sunet/manifests/system_user.pp | 22 - .../puppet/modules/sunet/manifests/wordpress.pp | 53 -- .../sunet/templates/cloudimage/mk_cloud_image.erb | 115 ---- .../sunet/templates/dockerhost/20unbound.erb | 98 --- .../dockerhost/logrotate_docker-containers.erb | 7 - .../templates/dockerhost/unbound_docker.conf.erb | 5 - .../puppet/modules/sunet/templates/flog/dotenv.erb | 18 - .../modules/sunet/templates/ici_ca/ca.config.erb | 8 - .../sunet/templates/nagioshost/check_reboot.erb | 37 -- .../sunet/templates/nagioshost/check_uptime.pl.erb | 721 --------------------- .../sunet/templates/nagioshost/nrpe.cfg.erb | 262 -------- 23 files changed, 1842 deletions(-) delete mode 100644 global/overlay/etc/puppet/modules/sunet/manifests/add_user_to_group.pp delete mode 100644 global/overlay/etc/puppet/modules/sunet/manifests/cloudimage.pp delete mode 100644 global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp delete mode 100644 global/overlay/etc/puppet/modules/sunet/manifests/dockerhost.pp delete mode 100644 global/overlay/etc/puppet/modules/sunet/manifests/encrypted_swap.pp delete mode 100644 global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp delete mode 100644 global/overlay/etc/puppet/modules/sunet/manifests/ethernet_bonding.pp delete mode 100644 global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp delete mode 100644 global/overlay/etc/puppet/modules/sunet/manifests/flog.pp delete mode 100644 global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp delete mode 100644 global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp delete mode 100644 global/overlay/etc/puppet/modules/sunet/manifests/server.pp delete mode 100644 global/overlay/etc/puppet/modules/sunet/manifests/system_user.pp delete mode 100644 global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp delete mode 100644 global/overlay/etc/puppet/modules/sunet/templates/cloudimage/mk_cloud_image.erb delete mode 100755 global/overlay/etc/puppet/modules/sunet/templates/dockerhost/20unbound.erb delete mode 100644 global/overlay/etc/puppet/modules/sunet/templates/dockerhost/logrotate_docker-containers.erb delete mode 100644 global/overlay/etc/puppet/modules/sunet/templates/dockerhost/unbound_docker.conf.erb delete mode 100644 global/overlay/etc/puppet/modules/sunet/templates/flog/dotenv.erb delete mode 100644 global/overlay/etc/puppet/modules/sunet/templates/ici_ca/ca.config.erb delete mode 100755 global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_reboot.erb delete mode 100755 global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb delete mode 100644 global/overlay/etc/puppet/modules/sunet/templates/nagioshost/nrpe.cfg.erb diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/add_user_to_group.pp b/global/overlay/etc/puppet/modules/sunet/manifests/add_user_to_group.pp deleted file mode 100644 index 348d9c5..0000000 --- a/global/overlay/etc/puppet/modules/sunet/manifests/add_user_to_group.pp +++ /dev/null @@ -1,7 +0,0 @@ -# Add a user to a group -define sunet::add_user_to_group($username, $group) { - exec {"add_user_${username}_to_group_${group}_exec": - command => "adduser --quiet $username $group", - path => ['/usr/local/sbin', '/usr/local/bin', '/usr/sbin', '/usr/bin', '/sbin', '/bin', ], - } -} diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/cloudimage.pp b/global/overlay/etc/puppet/modules/sunet/manifests/cloudimage.pp deleted file mode 100644 index d6400d7..0000000 --- a/global/overlay/etc/puppet/modules/sunet/manifests/cloudimage.pp +++ /dev/null @@ -1,38 +0,0 @@ -define sunet::cloudimage ( - $image_url = "https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img", - $dhcp = true, - $size = "1G", - $bridge = "br0", - $memory = "1024", - $cpus = "1", - $resolver = undef, - $ip = undef, - $netmask = undef, - $gateway = undef, - $ip6 = undef, - $netmask6 = "64", - $gateway6 = undef, - $tagpattern = undef, - $repo = undef -) -{ - package {'mtools': ensure => latest } - package {'libvirt-bin': ensure => latest } - package {'uuid-runtime': ensure => latest } - package {'virtinst': ensure => latest } - - $image_url_a = split($image_url,"/") - $image_name = $image_url_a[-1] - $image_src = "/var/lib/libvirt/images/${image_name}" - file { "/var/lib/libvirt/images/${name}": ensure => directory } -> - exec {"wget -O${image_src} ${image_url}": - onlyif => "test ! -f ${image_src}" - } - file { "/var/lib/libvirt/images/${name}/${name}-init.sh": - content => template("sunet/cloudimage/mk_cloud_image.erb"), - mode => "0755" - } -> - exec { "/var/lib/libvirt/images/${name}/${name}-init.sh": - onlyif => "test ! -f /var/lib/libvirt/images/${name}/${name}.img" - } -} diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp b/global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp deleted file mode 100644 index 4b56a03..0000000 --- a/global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp +++ /dev/null @@ -1,46 +0,0 @@ -# Common use of docker::run -define sunet::docker_run( - $image, - $imagetag = hiera('sunet_docker_default_tag', 'latest'), - $volumes = [], - $ports = [], - $env = [], - $net = 'bridge', - $extra_parameters = [], - $command = "", - $hostname = undef, -) { - - # Make container use unbound resolver on dockerhost - # If docker was just installed, facter will not know the IP of docker0. Thus the pick. - $dns = $net ? { - 'host' => [], # docker refuses --dns with --net host - default => [pick($::ipaddress_docker0, '172.17.42.1')], - } - - $image_tag = "${image}:${imagetag}" - docker::image { $image_tag : } -> - - docker::run {$name : - use_name => true, - image => $image_tag, - volumes => flatten([$volumes, - '/etc/passwd:/etc/passwd:ro', # uid consistency - '/etc/group:/etc/group:ro', # gid consistency - ]), - hostname => $hostname, - ports => $ports, - env => $env, - net => $net, - extra_parameters => flatten([$extra_parameters, - '--rm', - ]), - dns => $dns, - verify_checksum => false, # Rely on registry security for now. eduID risk #31. - command => $command, - pre_start => 'run-parts /usr/local/etc/docker.d', - post_start => 'run-parts /usr/local/etc/docker.d', - pre_stop => 'run-parts /usr/local/etc/docker.d', - } - -} diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/dockerhost.pp b/global/overlay/etc/puppet/modules/sunet/manifests/dockerhost.pp deleted file mode 100644 index 67f75f9..0000000 --- a/global/overlay/etc/puppet/modules/sunet/manifests/dockerhost.pp +++ /dev/null @@ -1,56 +0,0 @@ -# Install docker from https://get.docker.com/ubuntu -class sunet::dockerhost { - apt::source {'docker_official': - location => 'https://get.docker.com/ubuntu', - release => 'docker', - repos => 'main', - key => 'A88D21E9', - include_src => false - } - package {'lxc-docker': - ensure => latest, - } - - class {'docker': - manage_package => false, - } - - package { 'unbound': ensure => 'latest' } - service { 'unbound': ensure => 'running' } - - file { '/usr/local/etc/docker.d/20unbound': - ensure => file, - path => '/usr/local/etc/docker.d/20unbound', - mode => '0755', - content => template('sunet/dockerhost/20unbound.erb'), - } - - file { '/etc/logrotate.d/docker-containers': - ensure => file, - path => '/etc/logrotate.d/docker-containers', - mode => '0644', - content => template('sunet/dockerhost/logrotate_docker-containers.erb'), - } - - file { '/etc/unbound/unbound.conf.d/docker.conf': - ensure => file, - path => '/etc/unbound/unbound.conf.d/docker.conf', - mode => '0644', - content => template('sunet/dockerhost/unbound_docker.conf.erb'), - notify => Service['unbound'], - } - - ufw::allow { 'allow-docker-resolving_udp': - port => '53', - ip => $::ipaddress_docker0, # both IPv4 and IPv6 - from => '172.16.0.0/12', - proto => 'udp', - } - ufw::allow { 'allow-docker-resolving_tcp': - port => '53', - ip => $::ipaddress_docker0, # both IPv4 and IPv6 - from => '172.16.0.0/12', - proto => 'tcp', - } - -} diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/encrypted_swap.pp b/global/overlay/etc/puppet/modules/sunet/manifests/encrypted_swap.pp deleted file mode 100644 index 9956e00..0000000 --- a/global/overlay/etc/puppet/modules/sunet/manifests/encrypted_swap.pp +++ /dev/null @@ -1,12 +0,0 @@ -define sunet::encrypted_swap() { - - package { 'ecryptfs-utils': - ensure => 'installed' - } -> - - exec {'sunet_ecryptfs_setup_swap': - command => '/usr/bin/ecryptfs-setup-swap -f', - onlyif => 'grep swap /etc/fstab | grep -ve ^# -e cryptswap | grep -q swap', - } - -} diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp deleted file mode 100644 index a80d355..0000000 --- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp +++ /dev/null @@ -1,44 +0,0 @@ -define sunet::etcd_node( - $disco_url = undef, - $etcd_version = 'v2.0.8', - $proxy = true -) -{ - include stdlib - - file { ["/data/${name}","/data/${name}/${::hostname}"]: ensure => 'directory' } - $common_args = ["--discovery ${disco_url}", - "--name ${::hostname}", - "--data-dir /data", - "--key-file /etc/ssl/private/${::fqdn}_infra.key", - "--ca-file /etc/ssl/certs/infra.crt", - "--cert-file /etc/ssl/certs/${::fqdn}_infra.crt"] - if $proxy { - $args = concat($common_args,["--proxy on","--listen-client-urls http://0.0.0.0:4001,http://0.0.0.0:2379"]) - } else { - $args = concat($common_args,["--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380", - "--advertise-client-urls http://${::ipaddress_eth1}:2379", - "--listen-peer-urls http://0.0.0.0:2380", - "--listen-client-urls http://0.0.0.0:4001,http://0.0.0.0:2379", - "--peer-key-file /etc/ssl/private/${::fqdn}_infra.key", - "--peer-ca-file /etc/ssl/certs/infra.crt", - "--peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt"]) - } - sunet::docker_run { "etcd_${name}": - image => 'quay.io/coreos/etcd', - imagetag => $etcd_version, - volumes => ["/data/${name}:/data","/etc/ssl:/etc/ssl"], - command => join($args," "), - ports => ["${::ipaddress_eth1}:2380:2380","${::ipaddress_eth1}:2379:2379","${::ipaddress_docker0}:4001:2379"] - } - if !$proxy { - ufw::allow { "allow-etcd-peer": - ip => "${::ipaddress_eth1}", - port => 2380 - } - ufw::allow { "allow-etcd-client": - ip => "${::ipaddress_eth1}", - port => 2379 - } - } -} diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/ethernet_bonding.pp b/global/overlay/etc/puppet/modules/sunet/manifests/ethernet_bonding.pp deleted file mode 100644 index 8ff7325..0000000 --- a/global/overlay/etc/puppet/modules/sunet/manifests/ethernet_bonding.pp +++ /dev/null @@ -1,19 +0,0 @@ -define sunet::ethernet_bonding() { - # Set up prerequisites for Ethernet LACP bonding of eth0 and eth1, - # for all physical hosts that are running Ubuntu. - # - # Bonding requires setup in /etc/network/interfaces as well. - # - if $::is_virtual == 'false' and $::operatingsystem == 'Ubuntu' { - if $::operatingsystemrelease <= '12.04' { - package {'ifenslave': ensure => 'present' } - } else { - package {'ifenslave-2.6': ensure => 'present' } - } - - file_line { 'load_module_at_boot': - path => '/etc/modules', - line => 'bonding', - } - } -} diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp b/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp deleted file mode 100644 index 01a9662..0000000 --- a/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp +++ /dev/null @@ -1,14 +0,0 @@ -class sunet::fail2ban { - - package {'fail2ban': - ensure => 'latest' - } -> - service {'fail2ban': - ensure => 'running' - } - exec {"fail2ban_defaults": - refreshonly => true, - subscribe => Service['fail2ban'], - command => "sleep 5; /usr/bin/fail2ban-client set ssh bantime 600800" - } -} diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/flog.pp b/global/overlay/etc/puppet/modules/sunet/manifests/flog.pp deleted file mode 100644 index 553e83b..0000000 --- a/global/overlay/etc/puppet/modules/sunet/manifests/flog.pp +++ /dev/null @@ -1,82 +0,0 @@ -class sunet::flog { - - $postgres_password = hiera('flog_postgres_password', 'NOT_SET_IN_HIERA') - - file {'/var/docker': - ensure => 'directory', - } -> - sunet::system_user {'postgres-system-user': - username => 'postgres', - group => 'postgres', - } -> - sunet::add_user_to_group { 'postgres_ssl_cert_access': - username => 'postgres', - group => 'ssl-cert', - } -> - sunet::system_user {'www-data-system-user': - username => 'www-data', - group => 'www-data', - } -> - sunet::system_user {'memcache-system-user': - username => 'memcache', - group => 'memcache', - } -> - file {'/var/docker/postgresql_data': - ensure => 'directory', - owner => 'postgres', - group => 'root', - mode => '0770', - } -> - file {'/var/docker/postgresql_data/backup': - ensure => 'directory', - owner => 'postgres', - group => 'root', - mode => '0770', - } -> - file {'/var/log/flog_db': - ensure => 'directory', - owner => 'root', - group => 'postgres', - mode => '1775', - } -> - file {'/var/log/flog_app': - ensure => 'directory', - owner => 'root', - group => 'www-data', - mode => '1775', - } -> - file {'/var/log/flog_cron': - ensure => 'directory', - owner => 'root', - group => 'www-data', - mode => '1775', - } -> - file { "/opt/flog/nginx/certs/flog.sunet.se.key": - ensure => file, - path => "/opt/flog/nginx/certs/flog.sunet.se.key", - mode => '0640', - content => hiera('server_cert_key', 'NOT_SET_IN_HIERA'), - } -> - file { "/opt/flog/dotenv": - ensure => file, - path => "/opt/flog/dotenv", - mode => '0640', - content => template('sunet/flog/dotenv.erb'), - } -> - sunet::docker_run {'flog_db': - image => 'docker.sunet.se/flog/postgresql-9.3', - volumes => ['/etc/ssl:/etc/ssl', '/var/docker/postgresql_data/:/var/lib/postgresql/','/var/log/flog_db/:/var/log/postgresql/'], - } -> - sunet::docker_run {'flog_app': - image => 'docker.sunet.se/flog/flog_app', - volumes => ['/opt/flog/dotenv:/opt/flog/.env','/var/log/flog/:/opt/flog/logs/'], - } -> - sunet::docker_run {'memcached': - image => 'docker.sunet.se/library/memcached', - } -> - sunet::docker_run {'flog_nginx': - image => 'docker.sunet.se/flog/nginx', - ports => ['80:80', '443:443'], - volumes => ['/opt/flog/nginx/sites-enabled/:/etc/nginx/sites-enabled/','/opt/flog/nginx/certs/:/etc/nginx/certs', '/var/log/flog_nginx/:/var/log/nginx'], - } -} diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp b/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp deleted file mode 100644 index 3658142..0000000 --- a/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp +++ /dev/null @@ -1,38 +0,0 @@ -define sunet::ici_ca($pkcs11_module="/usr/lib/softhsm/libsofthsm.so", - $pkcs11_pin=undef, - $pkcs11_key_slot="0", - $pkcs11_key_id="abcd", - $autosign_dir=undef, - $autosign_type="peer", - $public_repo_url=undef, - $public_repo_dir=undef) -{ - apt::ppa {'ppa:leifj/ici': } -> - package { 'ici': ensure => latest } -> - exec { '${name}_setup_ca': - command => "/usr/bin/ici ${name} init", - creates => "/var/lib/ici/${name}" - } -> - file { '${name}_ca_config': - path => "/var/lib/ici/${name}/ca.config", - content => template("sunet/ici_ca/ca.config.erb") - } - if $public_repo_dir and $public_repo_url { - cron {'ici_publish': - command => "test -f /var/lib/ici/${name}/ca.crt && /usr/bin/ici ${name} gencrl && /usr/bin/ici ${name} publish ${public_repo_dir}", - user => "root", - minute => "*/5" - } - } -} - -define sunet::ici_ca::autosign($ca=undef, - $autosign_dir=undef, - $autosign_type="client") -{ - cron {"ici_autosign_${name}": - command => "test -f /var/lib/ici/${ca}/ca.crt && /usr/bin/ici ${ca} issue -t ${autosign_type} -d 365 --copy-extensions ${autosign_dir}", - user => "root", - minute => "*/5" - } -} diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp deleted file mode 100644 index 91ccf6c..0000000 --- a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp +++ /dev/null @@ -1,49 +0,0 @@ -class sunet::nagios { - - $nagios_ip_v4 = hiera('nagios_ip_v4', '109.105.111.111') - $nagios_ip_v6 = hiera('nagios_ip_v6', '2001:948:4:6::111') - $allowed_hosts = "${nagios_ip_v4},${nagios_ip_v6}" - - package {'nagios-nrpe-server': - ensure => 'installed', - } - service {'nagios-nrpe-server': - ensure => 'running', - enable => 'true', - require => Package['nagios-nrpe-server'], - } - file { "/etc/nagios/nrpe.cfg" : - notify => Service['nagios-nrpe-server'], - ensure => 'file', - mode => '0640', - group => 'nagios', - require => Package['nagios-nrpe-server'], - content => template('sunet/nagioshost/nrpe.cfg.erb'), - } - file { "/usr/lib/nagios/plugins/check_uptime.pl" : - ensure => 'file', - mode => '0751', - group => 'nagios', - require => Package['nagios-nrpe-server'], - content => template('sunet/nagioshost/check_uptime.pl.erb'), - } - file { "/usr/lib/nagios/plugins/check_reboot" : - ensure => 'file', - mode => '0751', - group => 'nagios', - require => Package['nagios-nrpe-server'], - content => template('sunet/nagioshost/check_reboot.erb'), - } - ufw::allow { "allow-nrpe-v4": - from => "${nagios_ip_v4}", - ip => 'any', - proto => 'tcp', - port => 5666 - } - ufw::allow { "allow-nrpe-v6": - from => "${nagios_ip_v6}", - ip => 'any', - proto => 'tcp', - port => 5666 - } -} diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp b/global/overlay/etc/puppet/modules/sunet/manifests/server.pp deleted file mode 100644 index d89302f..0000000 --- a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp +++ /dev/null @@ -1,91 +0,0 @@ -define sunet::server() { - - # fail2ban - class { 'sunet::fail2ban': } - - # Set up encrypted swap - sunet::encrypted_swap { 'sunet_encrypted_swap': } - - # Add prerequisites for ethernet bonding, if physical server - sunet::ethernet_bonding { 'sunet_ethernet_bonding': } - -# Removed until SWAMID hosts can have their ufw module updated / ft -# # Ignore IPv6 multicast -# ufw::deny { 'ignore_v6_multicast': -# ip => 'ff02::1', -# proto => 'any' # 'ufw' has a hard-coded list of protocols, which does not include 'ipv6-icmp' :( -# } - -# # Ignore IPv6 multicast PIM router talk -# ufw::deny { 'ignore_v6_multicast_PIM': -# ip => 'ff02::d', -# proto => 'any' # 'ufw' has a hard-coded list of protocols, which does not include 'ipv6-icmp' :( -# } - - include augeas - augeas { "sshd_config": - context => "/files/etc/ssh/sshd_config", - changes => [ - "set PasswordAuthentication no", - "set X11Forwarding no", - "set LogLevel VERBOSE", # log pubkey used for root login - ], - notify => Service['ssh'], - } -> - file_line { - 'no_sftp_subsystem': - path => '/etc/ssh/sshd_config', - match => 'Subsystem sftp /usr/lib/openssh/sftp-server', - line => '#Subsystem sftp /usr/lib/openssh/sftp-server', - notify => Service['ssh'], - } - - # already declared in puppet-cosmos/manifests/ntp.pp - #service { 'ntp': - # ensure => 'running', - #} - - # Don't use pool.ntp.org servers, but rather DHCP provided NTP servers - line { 'no_pool_ntp_org_servers': - file => '/etc/ntp.conf', - line => '^server .*\.pool\.ntp\.org', - ensure => 'comment', - notify => Service['ntp'], - } - - file { '/var/cache/scriptherder': - ensure => 'directory', - path => '/var/cache/scriptherder', - mode => '1777', # like /tmp, so user-cronjobs can also use scriptherder - } - - -} - -# from http://projects.puppetlabs.com/projects/puppet/wiki/Simple_Text_Patterns/5 -define line($file, $line, $ensure = 'present') { - case $ensure { - default : { err ( "unknown ensure value ${ensure}" ) } - present: { - exec { "/bin/echo '${line}' >> '${file}'": - unless => "/bin/grep -qFx '${line}' '${file}'" - } - } - absent: { - exec { "/usr/bin/perl -ni -e 'print unless /^\\Q${line}\\E\$/' '${file}'": - onlyif => "/bin/grep -qFx '${line}' '${file}'" - } - } - uncomment: { - exec { "/bin/sed -i -e'/${line}/s/^#\\+//' '${file}'": - onlyif => "/bin/grep '${line}' '${file}' | /bin/grep '^#' | /usr/bin/wc -l" - } - } - comment: { - exec { "/bin/sed -i -e'/${line}/s/^\\(.\\+\\)$/#\\1/' '${file}'": - onlyif => "/usr/bin/test `/bin/grep '${line}' '${file}' | /bin/grep -v '^#' | /usr/bin/wc -l` -ne 0" - } - } - } - -} diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/system_user.pp b/global/overlay/etc/puppet/modules/sunet/manifests/system_user.pp deleted file mode 100644 index 819ef4a..0000000 --- a/global/overlay/etc/puppet/modules/sunet/manifests/system_user.pp +++ /dev/null @@ -1,22 +0,0 @@ -define sunet::system_user( - $username, - $group, - $system = true, - $shell = '/bin/false' - ) { - - user { $username : - ensure => present, - name => $username, - membership => minimum, - system => $system, - require => Group[ $group ], - shell => $shell, - } - - group { $group : - ensure => present, - name => $group, - } - -} diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp deleted file mode 100644 index 6f6abed..0000000 --- a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp +++ /dev/null @@ -1,53 +0,0 @@ -# a basic wp setup using docker - -define sunet::wordpress ( -$db_host = undef, -$wordpress_version = "4.1.1", -$myqsl_version = "5.7") -{ - include augeas - $db_hostname = $db_host ? { - undef => "${name}_mysql.docker", - default => $db_host - } - $pwd = hiera("${name}_db_password",'NOT_SET_IN_HIERA') - file {"/data/${name}": ensure => directory } -> - file {"/data/${name}/html": ensure => directory } -> - sunet::docker_run { "${name}_wordpress": - image => "wordpress", - imagetag => $wordpress_version, - volumes => ["/data/${name}/html:/var/www/html"], - ports => ["8080:80"], - env => [ "SERVICE_NAME=${name}", - "WORDPRESS_DB_HOST=${db_hostname}", - "WORDPRESS_DB_USER=${name}", - "WORDPRESS_DB_NAME=${name}", - "WORDPRESS_DB_PASSWORD=${pwd}" ] - } - - if (!$db_host) { - file {"/data/${name}/db": ensure => directory } - group { 'mysql': ensure => 'present', system => true } -> - user { 'mysql': ensure => 'present', groups => 'mysql', system => true } -> - sunet::docker_run { "${name}_mysql": - image => "mysql", - imagetag => $mysql_version, - volumes => ["/data/${name}/db:/var/lib/mysql"], - env => ["MYSQL_USER=${name}", - "MYSQL_PASSWORD=${pwd}", - "MYSQL_ROOT_PASSWORD=${pwd}", - "MYSQL_DATABASE=${name}"] - } - package {'automysqlbackup': ensure => latest } -> - augeas { 'automysqlbackup_settings': - incl => "/etc/default/automysqlbackup", - lens => "Shellvars.lns", - changes => [ - "set USERNAME ${name}", - "set PASSWORD ${pwd}", - "set DBHOST ${db_hostname}", - "set DBNAMES ${name}" - ] - } - } -} diff --git a/global/overlay/etc/puppet/modules/sunet/templates/cloudimage/mk_cloud_image.erb b/global/overlay/etc/puppet/modules/sunet/templates/cloudimage/mk_cloud_image.erb deleted file mode 100644 index 3f139db..0000000 --- a/global/overlay/etc/puppet/modules/sunet/templates/cloudimage/mk_cloud_image.erb +++ /dev/null @@ -1,115 +0,0 @@ -#!/bin/bash - -# do not edit by hand - -src_image="<%= @image_src %>" -size="<%= @size %>" -dhcp="<%= @dhcp ? 'yes' : 'no' %>" -hostname="<%= @name %>" -bridge="<%= @bridge %>" -cpus="<%= @cpus %>" -mem="<%= @memory %>" -repo="<%= @repo %>" -tag="<%= @tagpattern %>" -ip="<%= @ip %>" -gateway="<%= @gateway %>" -netmask="<%= @netmask %>" -resolver="<%= @resolver %>" -ip6="<%= @ip6 %>" -gateway6="<%= @gateway6 %>" -netmask6="<%= @netmask6 %>" -password="<%= @password %>" - - -cd "/var/lib/libvirt/cloud-init" - -id=$(uuidgen) - -seed=${hostname}_seed.img -disk=${hostname}.img - -rm -f ${seed} -truncate --size 2M ${seed} -mkfs.vfat -n cidata ${seed} 2>/dev/null - -if [ "x${password}" != "x" ]; then - pass="password: ${password}" -fi - -user_data=$(mktemp) -cat > ${user_data} < ${meta_data} <> ${meta_data} <> ${meta_data} <> ${meta_data} </dev/null -mcopy -i ${seed} ${meta_data} ::meta-data 2>/dev/null -mcopy -i ${seed} /etc/cosmos/apt/bootstrap-cosmos.sh /etc/cosmos/apt/cosmos_1.2-2_all.deb :: -mkdir -p "/var/lib/libvirt/images/${hostname}" -mv ${seed} "/var/lib/libvirt/images/${hostname}" -virsh pool-refresh default - -virsh vol-clone --pool default ${src_image} ${hostname}/${disk} - -virt-install -r ${mem} -n ${hostname} --vcpus=${cpus} --autostart --memballoon virtio --network bridge=${bridge} --boot hd --disk path=/var/lib/libvirt/images/${hostname}/${disk},format=qcow2,bus=virtio --disk path=/var/lib/libvirt/images/${hostname}/${seed},bus=virtio - -rm -f ${user_data} -rm -f ${meta_data} diff --git a/global/overlay/etc/puppet/modules/sunet/templates/dockerhost/20unbound.erb b/global/overlay/etc/puppet/modules/sunet/templates/dockerhost/20unbound.erb deleted file mode 100755 index 0374ac7..0000000 --- a/global/overlay/etc/puppet/modules/sunet/templates/dockerhost/20unbound.erb +++ /dev/null @@ -1,98 +0,0 @@ -#!/bin/bash -# -# This script registers/removes docker containers IP addresses -# from the local unbound resolver in the post-start / pre-stop actions. -# -# For action pre-start, it checks if there is a CID file that needs to be -# cleaned away to not prevent the new container from starting. -# - -# sunet_docker_pre-post: CID d05a0842ce1700ee3328d42ccf5c2f29cc3d71fa6dcc6a72f994f8d032453be7 -# sunet_docker_pre-post: ACTION pre-stop -# sunet_docker_pre-post: IMAGE docker.sunet.se/eduid/eduid-mm-service -# sunet_docker_pre-post: NAME eduid-mm-service -#for e in "CID" "ACTION" "IMAGE" "NAME"; do -# logger -t sunet_docker_pre-post "$e `printenv $e`" -#done - -logtag="sunet_docker_pre-post[$ACTION]" -logger -t "${logtag}" "$NAME ($IMAGE), CID: '$CID'" - -if [ "x$ACTION" = "xpre-start" ]; then - # Work-around: if unbound is not running when a container starts, it will get - # an incorrect /etc/resolv.conf (SUNET resolvers). It will then later on be - # unable to resolv .docker hostnames. - service unbound status > /dev/null - if [ $? -ne 0 ]; then - for retry in 1 2 3 4 5 6 7 8 9 10; do - sleep 3 - logger -t "${logtag}" "Waiting for service unbound" - service unbound status > /dev/null - if [ $? -eq 0 ]; then - break - fi - done - fi - - service unbound status > /dev/null - if [ $? -ne 0 ]; then - logger -t "${logtag}" "Service unbound not running! Aborting." - exit 0 - fi - if [ -f "${CIDFILE}" ]; then - # Clean away the CID file in pre-start if the container is in fact not running - docker inspect "${CID}" 2>/dev/null || ( - logger -t "${logtag}" "Removing left-over CID file '${CIDFILE}' (CID ${CID})"; - rm -f "${CIDFILE}" - ) - fi - - # Remove any stopped container with this name to prevent the docker start script - # from just restarting that one (instead of starting the currently tagged image, - # which might be newer than the one used by the old container) - docker inspect "${NAME}" && docker rm "${NAME}" - exit 0 -fi - -if [ "x${CID}" = "x" ]; then - CID=$(docker inspect --format '{{ .Id }}' "${NAME}" 2>/dev/null) - - if [ "x${CID}" = "x" ]; then - # sometimes containers start slow... - for retry in 1 2 3 4 5; do - sleep 1 - logger -t "${logtag}" "Retrying CID lookup for ${NAME}" - CID=$(docker inspect --format '{{ .Id }}' "${NAME}" 2>/dev/null) - if [ "x${CID}" != "x" ]; then - break - fi - done - fi - - if [ "x${CID}" = "x" ]; then - logger -t "${logtag}" "No CID provided or found! Aborting." - exit 0 - fi - - logger -t "${logtag}" "Found CID ${CID} using docker inspect on '${NAME}'" -fi - -# Remove registered name. -# XXX this does NOT handle multiple instances of the same image running on -# a single Docker host! -logger -t "${logtag}" "Un-registering ${NAME}.docker" -unbound-control local_data_remove "${NAME}.docker." > /dev/null - -# If it is a container starting up, register it's IP address -if [ "x$ACTION" = "xpost-start" ]; then - ip=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' "${CID}" 2>/dev/null) - if [ "x${ip}" = "x" ]; then - logger -t "${logtag}" "Failed to get IP from CID ${CID}. Aborting." - exit 0 - fi - unbound-control local_data "${NAME}.docker. 60 IN A ${ip}" > /dev/null - # Register reverse pointer - there is no local_data_ptr command unfortunately - ptr=$(echo "${ip}" | awk -F . '{print $4"."$3"."$2"."$1".in-addr.arpa."}') - unbound-control local_data "${ptr} 60 IN PTR ${NAME}.docker." - logger -t "${logtag}" "Registered ${NAME}.docker at ${ip}" -fi diff --git a/global/overlay/etc/puppet/modules/sunet/templates/dockerhost/logrotate_docker-containers.erb b/global/overlay/etc/puppet/modules/sunet/templates/dockerhost/logrotate_docker-containers.erb deleted file mode 100644 index 6cf5fe9..0000000 --- a/global/overlay/etc/puppet/modules/sunet/templates/dockerhost/logrotate_docker-containers.erb +++ /dev/null @@ -1,7 +0,0 @@ -/var/lib/docker/containers/*/*.log { - rotate 7 - daily - compress - delaycompress - copytruncate -} diff --git a/global/overlay/etc/puppet/modules/sunet/templates/dockerhost/unbound_docker.conf.erb b/global/overlay/etc/puppet/modules/sunet/templates/dockerhost/unbound_docker.conf.erb deleted file mode 100644 index f6bb382..0000000 --- a/global/overlay/etc/puppet/modules/sunet/templates/dockerhost/unbound_docker.conf.erb +++ /dev/null @@ -1,5 +0,0 @@ -server: - local-zone: docker. static - interface: 127.0.0.1 - interface: 172.17.42.1 - access-control: 172.16.0.0/12 allow diff --git a/global/overlay/etc/puppet/modules/sunet/templates/flog/dotenv.erb b/global/overlay/etc/puppet/modules/sunet/templates/flog/dotenv.erb deleted file mode 100644 index bcd167b..0000000 --- a/global/overlay/etc/puppet/modules/sunet/templates/flog/dotenv.erb +++ /dev/null @@ -1,18 +0,0 @@ -ALLOWED_HOSTS='flog.sunet.se flog_app.docker 192.36.125.10 2001:6b0:7::10' -EDUROAM_META_DATA='/opt/flog/institution.xml' -SENTRY_DSN='https://1ac5a19b73d04d91995055a81710e537:c31c3e5a162f477e8d6a9665aa134f8a@sentry.nordu.net/4' -EMAIL_HOST='localhost' -EMAIL_HOST_PASSWORD='' -EMAIL_HOST_USER='' -EMAIL_PORT='' -DB_ENGINE='django.db.backends.postgresql_psycopg2' -DB_NAME='flog' -DB_USER='flog' -DB_PASSWORD='<%= @postgres_password %>' -DB_HOST='flog_db.docker' -DB_PORT=5432 -#CACHE_BACKEND='django.core.cache.backends.db.DatabaseCache' -#CACHE_LOCATION='flog_cache_table' -CACHE_BACKEND='django.core.cache.backends.memcached.MemcachedCache' -CACHE_LOCATION='memcached.docker:11211' -STATIC_URL='/static/' diff --git a/global/overlay/etc/puppet/modules/sunet/templates/ici_ca/ca.config.erb b/global/overlay/etc/puppet/modules/sunet/templates/ici_ca/ca.config.erb deleted file mode 100644 index 86eb224..0000000 --- a/global/overlay/etc/puppet/modules/sunet/templates/ici_ca/ca.config.erb +++ /dev/null @@ -1,8 +0,0 @@ -ICI_CA_KEY_ID=<%= @pkcs11_key_id %> -ICI_CA_KEY_SLOT=<%= @pkcs11_key_slot %> -ICI_PKCS11=<%= @pkcs11_module %> -ICI_PKCS11_PIN=<%= @pkcs11_pin %> -ICI_MD=sha256 -ICI_PUBLIC_URL=<%= @public_repo_url %> -SOFTHSM_CONF=/var/lib/ici/<%= @name %>/softhsm.conf -export SOFTHSM_CONF diff --git a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_reboot.erb b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_reboot.erb deleted file mode 100755 index aa0bd5d..0000000 --- a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_reboot.erb +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash -declare -rx PROGNAME=${0##*/} -declare -rx PROGPATH=${0%/*}/ - -function cleanup { - #if [ -e "$TMPFILE" ] ; then - #rm "$TMPFILE" - #fi - exit $1 -} - -if [ -r "${PROGPATH}utils.sh" ] ; then - source "${PROGPATH}utils.sh" -else - echo "Can't find utils.sh." - printf "Currently being run from %s\n" "$PROGPATH" - # since we couldn't define STATE_UNKNOWN since reading utils.sh failed, we use 3 here but everywhere else after this use cleanup $STATE - cleanup 3 -fi - -STATE=$STATE_UNKNOWN - - -if [ -f /var/run/reboot-required.pkgs ] -then - pkg=`cat /var/run/reboot-required.pkgs` -fi - -if [ -f /var/run/reboot-required ] -then - echo "Reboot WARNING: System reboot required by package $pkg" - cleanup $STATE_WARNING; -fi - echo "Reboot OK: No reboot required" - cleanup $STATE_OK; -cleanup $STATE; - diff --git a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb deleted file mode 100755 index dda05e4..0000000 --- a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb +++ /dev/null @@ -1,721 +0,0 @@ -#!/usr/bin/perl -w -# -# ============================== SUMMARY ===================================== -# -# Program : check_uptime.pl -# Version : 0.52 -# Date : June 19, 2012 -# Authors : William Leibzon - william@leibzon.org -# Licence : GPL - summary below, full text at http://www.fsf.org/licenses/gpl.txt -# -# =========================== PROGRAM LICENSE ================================= -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -# -# ===================== INFORMATION ABOUT THIS PLUGIN ========================= -# -# This plugin returns uptime of the system returning data in text (readable) -# format as well as in minutes for performance graphing. The plugin can either -# run on local system unix system (that supports standard 'uptime' command -# or check remote system by SNMP. The plugin can report one CRITICAL or -# WARNING alert if system has been rebooted since last check. -# -# ====================== SETUP AND PLUGIN USE NOTES ========================= -# -# The plugin can either retrieve information from local system (when you -# run it through check_nrpe for example) or by SNMP from remote system. -# -# On local system it will execute standard unix 'uptime' and 'uname -a'. -# -# On a remote system it'll retrieve data from sysSystem for system type -# and use that to decide if further data should be retrieved from -# sysUptime (OID 1.3.6.1.2.1.1.3.0) for windows or -# hostUptime (OID 1.3.6.1.2.1.25.1.1.0) for unix system or -# snmpEngineTime (OID 1.3.6.1.6.3.10.2.1.3) for cisco switches -# -# For information on available options please execute it with --help i.e: -# check_uptime.pl --help -# -# As I dont have time for extensive documentation below is all very brief: -# -# 1. You can also specify warning and critical thresholds which will -# give warning or critical alert if system has been up for lees then -# specified number of minutes. Example: -# check_uptime.pl -w 5 -# Will give warning alert if system has been up for less then 5 minutes -# -# 2. For performance data results you can use '-f' option which will give -# total number of minutes the system has been up. -# -# 3. A special case is use of performance to feed data from previous run -# back into the plugin. This is used to cache results about what type -# of system it is (you can also directly specify this with -T option) -# and also means -w and -c threshold values are ignored and instead -# plugin will issue ONE alert (warning or critical) if system uptime -# changes from highier value to lower -# -# ============================ EXAMPLES ======================================= -# -# 1. Local server (use with NRPE or on nagios host), warning on < 5 minutes: -# -# define command { -# command_name check_uptime -# command_line $USER1$/check_uptime.pl -f -w 5 -# } -# -# 2. Local server (use with NRPE or on nagios host), -# one critical alert on reboot: -# -# define command { -# command_name check_uptime -# command_line $USER1$/check_uptime.pl -f -c -P "SERVICEPERFDATA$" -# } -# -# 3. Remote server SNMP v2, one warning alert on reboot, -# autodetect and cache type of server: -# -# define command { -# command_name check_snmp_uptime_v2 -# command_line $USER1$/check_uptime.pl -2 -f -w -H $HOSTADDRESS$ -C $_HOSTSNMP_COMMUNITY$ -P "$SERVICEPERFDATA$" -# } -# -# 4. Remote server SNMP v3, rest as above -# -#define command { -# command_name check_snmp_uptime_v3 -# command_line $USER1$/check_uptime.pl -f -w -H $HOSTADDRESS$ -l $_HOSTSNMP_V3_USER$ -x $_HOSTSNMP_V3_AUTH$ -X $_HOSTSNMP_V3_PRIV$ -L sha,aes -P "$SERVICEPERFDATA$" -# } -# -# 5. Example of service definition using above -# -# define service{ -# use std-service -# hostgroup_name all_snmp_hosts -# service_description SNMP Uptime -# max_check_attempts 1 -# check_command check_snmp_uptime -# } -# -# 6. And this is optional dependency definition for above which makes -# every SNMP service (service beloning to SNMP servicegroup) on -# same host dependent on this SNMP Uptime check. Then if SNMP -# daemon goes down you only receive one alert -# -# define servicedependency{ -# service_description SNMP Uptime -# dependent_servicegroup_name snmp -# } -# -# ============================= VERSION HISTORY ============================== -# -# 0.1 - sometime 2006 : Simple script for tracking local system uptime -# 0.2 - sometime 2008 : Update to get uptime by SNMP, its now alike my other plugins -# 0.3 - Nov 14, 2009 : Added getting system info line and using that to decide -# format of uptime line and how to process it. Added support -# for getting uptime with SNMP from windows systems. -# Added documentation header alike my other plugins. -# Planned to release it to public, but forgot. -# 0.4 - Dec 19, 2011 : Update to support SNMP v3, released to public -# 0.41 - Jan 13, 2012 : Added bug fix by Rom_UA posted as comment on Nagios Exchange -# Added version history you're reading right now. -# 0.42 - Feb 13, 2012 : Bug fix to not report WARNING if uptime is not correct output -# 0.5 - Feb 29, 2012 : Added support for "netswitch" engine type that retrieves -# snmpEngineTime. Added proper support for sysUpTime interpreting -# it as 1/100s of a second and converting to days,hours,minutes -# Changed internal processing structure, now reported uptime -# info text is based on uptime_minutes and not separate. -# 0.51 - Jun 05, 2012 : Bug fixed for case when when snmp system info is < 3 words. -# 0.52 - Jun 19, 2012 : For switches if snmpEngineTime OID is not available, -# the plugin will revert back to checking hostUptime and -# then sysUptime. Entire logic has in fact been changed -# to support trying more than just two OIDs. Also added -# support to specify filename to '-v' option for debug -# output to go to instead of console and for '--debug' -# option as an alias to '--verbose'. -# -# TODO: -# 0) Add '--extra-opts' to allow to read options from a file as specified -# at http://nagiosplugins.org/extra-opts. This is TODO for all my plugins -# 1) Add support for ">", "<" and other threshold qualifiers -# as done in check_snmp_temperature.pl or check_mysqld.pl -# 2) Support for more types, in particular network equipment such as cisco: [DONE] -# sysUpTime is a 32-bit counter in 1/100 of a second, it rolls over after 496 days -# snmpEngineTime (.1.3.6.1.6.3.10.2.1.3) returns the uptime in seconds and will not -# roll over, however some cisco switches (29xx) are buggy and it gets reset too. -# Routers running 12.0(3)T or higher can use the snmpEngineTime object from -# the SNMP-FRAMEWORK-MIB. This keeps track of seconds since SNMP engine started. -# 3) Add threshold into perfout as ';warn;crit' -# -# ========================== START OF PROGRAM CODE =========================== - -use strict; -use Getopt::Long; - -# Nagios specific -our $TIMEOUT; -our %ERRORS; -eval 'use utils qw(%ERRORS $TIMEOUT)'; -if ($@) { - $TIMEOUT = 10; - %ERRORS = ('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4); -} - -our $no_snmp=0; -eval 'use Net::SNMP'; -if ($@) { - $no_snmp=1; -} - -# Version -my $Version='0.52'; - -# SNMP OID -my $oid_sysSystem = '1.3.6.1.2.1.1.1.0'; # windows and some unix -my $oid_hostUptime = '1.3.6.1.2.1.25.1.1.0'; # hostUptime, usually unix systems -my $oid_sysUptime = '1.3.6.1.2.1.1.3.0'; # sysUpTime, windows -my $oid_engineTime = '1.3.6.1.6.3.10.2.1.3'; # SNMP-FRAMEWORK-MIB - -my @oid_uptime_types = ( ['', '', ''], # type 0 is reserved - [ 'local', '', ''], # type 1 is local - [ 'win', 'sysUpTime', $oid_sysUptime ], # type 2 is windows - [ 'unix-host', 'hostUpTime', $oid_hostUptime ], # type 3 is unix-host - [ 'unix-sys', 'sysUpTime', $oid_sysUptime ], # type 4 is unix-sys - [ 'net', 'engineTime', $oid_engineTime ]); # type 5 is netswitch - -# Not used, but perhaps later -my $oid_hrLoad = '1.3.6.1.2.1.25.3.3.1.2.1'; -my $oid_sysLoadInt1 = '1.3.6.1.4.1.2021.10.1.5.1'; -my $oid_sysLoadInt5 = '1.3.6.1.4.1.2021.10.1.5.2'; -my $oid_sysLoadInt15 = '1.3.6.1.4.1.2021.10.1.5.3'; - -# Standard options -my $o_host = undef; # hostname -my $o_timeout= undef; # Timeout (Default 10) -my $o_help= undef; # wan't some help ? -my $o_verb= undef; # verbose mode -my $o_version= undef; # print version -my $o_label= undef; # change label instead of printing uptime -my $o_perf= undef; # Output performance data (uptime in minutes) -my $o_prevperf= undef; # performance data given with $SERVICEPERFDATA$ macro -my $o_warn= undef; # WARNING alert if system has been up for < specified number of minutes -my $o_crit= undef; # CRITICAL alert if system has been up for < specified number of minutes -my $o_type= undef; # type of check (local, auto, unix, win) - -# Login and other options specific to SNMP -my $o_port = 161; # SNMP port -my $o_community = undef; # community -my $o_version2 = undef; # use snmp v2c -my $o_login= undef; # Login for snmpv3 -my $o_passwd= undef; # Pass for snmpv3 -my $v3protocols= undef; # V3 protocol list. -my $o_authproto= 'md5'; # Auth protocol -my $o_privproto= 'des'; # Priv protocol -my $o_privpass= undef; # priv password - -## Additional global variables -my %prev_perf= (); # array that is populated with previous performance data -my $check_type = 0; - -sub p_version { print "check_uptime version : $Version\n"; } - -sub print_usage { - print "Usage: $0 [-v [debugfilename]] [-T local|unix-host|unix-sys|win|net] [-H (-C ) [-2] | (-l login -x passwd [-X pass -L ,) [-p ]] [-w -s ] [-f] [-P ] [-t ] | [-V] [--label ]\n"; -} - -sub isnnum { # Return true if arg is not a number - my $num = shift; - if ( $num =~ /^(\d+\.?\d*)|(^\.\d+)$/ ) { return 0 ;} - return 1; -} - -sub div_mod { return int( $_[0]/$_[1]) , ($_[0] % $_[1]); } - -sub help { - print "\nUptime Plugin for Nagios (check_uptime) v. ",$Version,"\n"; - print "GPL licence, (c) 2008-2012 William Leibzon\n\n"; - print_usage(); - print <, - : Authentication protocol (md5|sha : default md5) - : Priv protocols (des|aes : default des) - -p, --port=PORT - SNMP port (Default 161) -EOT -} - -# For verbose output (updated 06/06/12 to write to debug file if specified) -sub verb { - my $t=shift; - if (defined($o_verb)) { - if ($o_verb eq "") { - print $t,"\n"; - } - else { - if (!open(DEBUGFILE, ">>$o_verb")) { - print $t, "\n"; - } - else { - print DEBUGFILE $t,"\n"; - close DEBUGFILE; - } - } - } -} - -# load previous performance data -sub process_perf { - my %pdh; - my ($nm,$dt); - foreach (split(' ',$_[0])) { - if (/(.*)=(.*)/) { - ($nm,$dt)=($1,$2); - verb("prev_perf: $nm = $dt"); - # in some of my plugins time_ is to profile how long execution takes for some part of plugin - # $pdh{$nm}=$dt if $nm !~ /^time_/; - $pdh{$nm}=$dt; - } - } - return %pdh; -} - -sub type_from_name { - my $type=shift; - for(my $i=1; $i \$o_verb, 'verbose:s' => \$o_verb, "debug:s" => \$o_verb, - 'h' => \$o_help, 'help' => \$o_help, - 'H:s' => \$o_host, 'hostname:s' => \$o_host, - 'p:i' => \$o_port, 'port:i' => \$o_port, - 'C:s' => \$o_community, 'community:s' => \$o_community, - '2' => \$o_version2, 'v2c' => \$o_version2, - 'l:s' => \$o_login, 'login:s' => \$o_login, - 'x:s' => \$o_passwd, 'passwd:s' => \$o_passwd, - 'X:s' => \$o_privpass, 'privpass:s' => \$o_privpass, - 'L:s' => \$v3protocols, 'protocols:s' => \$v3protocols, - 't:i' => \$o_timeout, 'timeout:i' => \$o_timeout, - 'V' => \$o_version, 'version' => \$o_version, - 'f' => \$o_perf, 'perfparse' => \$o_perf, - 'w:i' => \$o_warn, 'warning:i' => \$o_warn, - 'c:i' => \$o_crit, 'critical:i' => \$o_crit, - 'label:s' => \$o_label, - 'P:s' => \$o_prevperf, 'prev_perfdata:s' => \$o_prevperf, - 'T:s' => \$o_type, 'type:s' => \$o_type, - ); - if (defined ($o_help) ) { help(); exit $ERRORS{"UNKNOWN"}}; - if (defined($o_version)) { p_version(); exit $ERRORS{"UNKNOWN"}}; - - $o_type = "win" if defined($o_type) && $o_type eq 'windows'; - $o_type = "net" if defined($o_type) && $o_type eq 'netswitch'; - if (defined($o_type) && $o_type ne 'auto' && type_from_name($o_type)==-1) { - print "Invalid system type specified\n"; print_usage(); exit $ERRORS{"UNNKNOWN"}; - } - - if (!defined($o_community) && (!defined($o_login) || !defined($o_passwd)) ) { - $o_type='local' if !defined($o_type) || $o_type eq 'auto'; - if ($o_type ne 'local') { - print "Put snmp login info!\n"; print_usage(); exit $ERRORS{"UNKNOWN"} - } - if (defined($o_host)) { - print "Why are you specifying hostname without SNMP parameters?\n"; print_usage(); exit $ERRORS{"UNKNOWN"}; - } - } - else { - $o_type='auto' if !defined($o_type); - if ($o_type eq 'local' ) { - print "Why are you specifying SNMP login for local system???\n"; print_usage(); exit $ERRORS{"UNKNOWN"} - } - if (!defined($o_host)) { - print "Hostname required for SNMP check.\n"; print_usage(); exit $ERRORS{"UNKNOWN"}; - } - if ($no_snmp) { - print "Can't locate Net/SNMP.pm\n"; print_usage(); exit $ERRORS{"UNKNOWN"}; - } - } - - # check snmp information - if ((defined($o_login) || defined($o_passwd)) && (defined($o_community) || defined($o_version2)) ) - { print "Can't mix snmp v1,2c,3 protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}} - if (defined ($v3protocols)) { - if (!defined($o_login)) { print "Put snmp V3 login info with protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}} - my @v3proto=split(/,/,$v3protocols); - if ((defined ($v3proto[0])) && ($v3proto[0] ne "")) {$o_authproto=$v3proto[0]; } # Auth protocol - if (defined ($v3proto[1])) {$o_privproto=$v3proto[1]; } # Priv protocol - if ((defined ($v3proto[1])) && (!defined($o_privpass))) - { print "Put snmp V3 priv login info with priv protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}} - } - - if (defined($o_timeout) && (isnnum($o_timeout) || ($o_timeout < 2) || ($o_timeout > 60))) - { print "Timeout must be >1 and <60 !\n"; print_usage(); exit $ERRORS{"UNKNOWN"}} - if (!defined($o_timeout)) {$o_timeout=$TIMEOUT+5;} - - if (defined($o_prevperf)) { - if (defined($o_perf)) { - %prev_perf=process_perf($o_prevperf); - $check_type = $prev_perf{type} if $o_type eq 'auto' && exists($prev_perf{tye}) && exists($oid_uptime_types[$prev_perf{type}][0]); - } - else { - print "need -f option first \n"; print_usage(); exit $ERRORS{"UNKNOWN"}; - } - } - - if ($o_type eq 'auto') { - $check_type=0; - } - else { - $check_type = type_from_name($o_type); - } -} - -sub create_snmp_session { - my ($session,$error); - - if ( defined($o_login) && defined($o_passwd)) { - # SNMPv3 login - if (!defined ($o_privpass)) { - verb("SNMPv3 AuthNoPriv login : $o_login, $o_authproto"); - ($session, $error) = Net::SNMP->session( - -hostname => $o_host, - -version => '3', - -port => $o_port, - -username => $o_login, - -authpassword => $o_passwd, - -authprotocol => $o_authproto, - -timeout => $o_timeout - ); - } else { - verb("SNMPv3 AuthPriv login : $o_login, $o_authproto, $o_privproto"); - ($session, $error) = Net::SNMP->session( - -hostname => $o_host, - -version => '3', - -username => $o_login, - -port => $o_port, - -authpassword => $o_passwd, - -authprotocol => $o_authproto, - -privpassword => $o_privpass, - -privprotocol => $o_privproto, - -timeout => $o_timeout - ); - } - } else { - if (defined ($o_version2)) { - # SNMPv2c Login - verb("SNMP v2c login"); - ($session, $error) = Net::SNMP->session( - -hostname => $o_host, - -version => 2, - -community => $o_community, - -port => $o_port, - -timeout => $o_timeout - ); - } else { - # SNMPV1 login - verb("SNMP v1 login"); - ($session, $error) = Net::SNMP->session( - -hostname => $o_host, - -community => $o_community, - -port => $o_port, - -timeout => $o_timeout - ); - } - } - if (!defined($session)) { - printf("ERROR opening session: %s.\n", $error); - exit $ERRORS{"UNKNOWN"}; - } - - return $session; -} - -$SIG{'ALRM'} = sub { - print "Alarm timeout\n"; - exit $ERRORS{"UNKNOWN"}; -}; - -########## MAIN ####### -my $system_info=""; -my $uptime_info=undef; -my $uptime_minutes=undef; -my $perf_out=""; -my $status=0; -my $uptime_output; -my ($days, $hrs, $mins); - -check_options(); - -# Check gobal timeout if snmp screws up -if (defined($o_timeout)) { - verb("Alarm at $o_timeout + 5"); - alarm($o_timeout+5); -} - -if ($check_type==1) { # local - # Process unix uptime command output - $uptime_output=`uptime`; - verb("Local Uptime Result is: $uptime_output"); - if ($uptime_output =~ /(\d+)\s+days?,\s+(\d+)\:(\d+)/) { - ($days, $hrs, $mins) = ($1, $2, $3); - } - elsif ($uptime_output =~ /up\s+(\d+)\shours?\s+(\d+)/) { - ($days, $hrs, $mins) = (0, $1, $2); - } - elsif ($uptime_output =~ /up\s+(\d+)\:(\d+)/) { - ($days, $hrs, $mins) = (0, $1, $2); - } - elsif ($uptime_output =~ /up\s+(\d+)\s+min/) { - ($days, $hrs, $mins) = (0,0,$1); - } - elsif ($uptime_output =~ /up\s+(d+)s+days?,s+(d+)s+min/) { - ($days, $hrs, $mins) = ($1,0,$2); - } - else { - $uptime_info = "up ".$uptime_output; - } - if (defined($days) && defined($hrs) && defined($mins)) { - $uptime_minutes = $days*24*60+$hrs*60+$mins; - } - my @temp=split(' ',`uname -a`); - if (scalar(@temp)<3) { - $system_info=`uname -a`; - } - else { - $system_info=join(' ',$temp[0],$temp[1],$temp[2]); - } -} -else { - # SNMP connection - my $session=create_snmp_session(); - my $result=undef; - my $oid=""; - my $guessed_check_type=0; - - if ($check_type==0){ - $result = $session->get_request(-varbindlist=>[$oid_sysSystem]); - if (!defined($result)) { - printf("ERROR: Can not retrieve $oid_sysSystem table: %s.\n", $session->error); - $session->close; - exit $ERRORS{"UNKNOWN"}; - } - verb("$o_host SysInfo Result from OID $oid_sysSystem: $result->{$oid_sysSystem}"); - if ($result->{$oid_sysSystem} =~ /Windows/) { - $guessed_check_type=2; - verb('Guessing Type: 2 = windows'); - } - if ($result->{$oid_sysSystem} =~ /Cisco/) { - $guessed_check_type=5; - verb('Guessing Type: 5 = netswitch'); - } - if ($guessed_check_type==0) { - $guessed_check_type=3; # will try hostUptime first - } - $oid=$oid_uptime_types[$guessed_check_type][2]; - } - else { - $oid=$oid_uptime_types[$check_type][2]; - } - - do { - $result = $session->get_request(-varbindlist=>[$oid,$oid_sysSystem]); - if (!defined($result)) { - if ($check_type!=0) { - printf("ERROR: Can not retrieve uptime OID table $oid: %s.\n", $session->error); - $session->close; - exit $ERRORS{"UNKNOWN"}; - } - else { - if ($session->error =~ /noSuchName/) { - if ($guessed_check_type==4) { - verb("Received noSuchName error for sysUpTime OID $oid. Giving up."); - $guessed_check_type=0; - } - if ($guessed_check_type==3) { - verb("Received noSuchName error for hostUpTime OID $oid, will now try sysUpTime"); - $guessed_check_type=4; - } - else { - verb("Received noSuchName error for OID $oid, will now try hostUpTime"); - $guessed_check_type=3; - } - if ($guessed_check_type!=0) { - $oid=$oid_uptime_types[$guessed_check_type][2]; - } - } - else { - printf("ERROR: Can not retrieve uptime OID table $oid: %s.\n", $session->error); - $session->close; - exit $ERRORS{"UNKNOWN"}; - } - } - } - else { - if ($check_type==0) { - $check_type=$guessed_check_type; - } - } - } - while (!defined($result) && $guessed_check_type!=0); - - $session->close; - if ($check_type==0 && $guessed_check_type==0) { - printf("ERROR: Can not autodetermine proper uptime OID table. Giving up.\n"); - exit $ERRORS{"UNKNOWN"}; - } - - my ($days, $hrs, $mins); - $uptime_output=$result->{$oid}; - verb("$o_host Uptime Result from OID $oid: $uptime_output"); - - if ($uptime_output =~ /(\d+)\s+days?,\s+(\d+)\:(\d+)/) { - ($days, $hrs, $mins) = ($1, $2, $3); - } - elsif ($uptime_output =~ /(\d+)\s+hours?,\s+(\d+)\:(\d+)/) { - ($days, $hrs, $mins) = (0, $1, $2); - } - elsif ($uptime_output =~ /(\d+)\s+min/) { - ($days, $hrs, $mins) = (0, 0, $1); - } - if (defined($days) && defined($hrs) && defined($mins)) { - $uptime_minutes = $days*24*60+$hrs*60+$mins; - } - elsif ($uptime_output =~ /^(\d+)$/) { - my $upnum = $1; - if ($oid eq $oid_sysUptime) { - $uptime_minutes = $upnum/100/60; - } - elsif ($oid eq $oid_engineTime) { - $uptime_minutes = $upnum/60; - } - } - else { - $uptime_info = "up ".$uptime_output; - } - my @temp=split(' ',$result->{$oid_sysSystem}); - if (scalar(@temp)<3) { - $system_info=$result->{$oid_sysSystem}; - } - else { - $system_info=join(' ',$temp[0],$temp[1],$temp[2]); - } -} - -if (defined($uptime_minutes) && !defined($uptime_info)) { - ($hrs,$mins) = div_mod($uptime_minutes,60); - ($days,$hrs) = div_mod($hrs,24); - $uptime_info = "up "; - $uptime_info .= "$days days " if $days>0; - $uptime_info .= "$hrs hours " if $hrs>0; - $uptime_info .= "$mins minutes"; -} - -verb("System Type: $check_type (".$oid_uptime_types[$check_type][0].")"); -verb("System Info: $system_info") if $system_info; -verb("Uptime Text: $uptime_info") if defined($uptime_info); -verb("Uptime Minutes: $uptime_minutes") if defined($uptime_minutes); - -if (!defined($uptime_info)) { - $uptime_info = "Can not determine uptime"; - $status = 3; -} - -if (defined($o_perf)) { - $perf_out = "type=$check_type"; - $perf_out .= " uptime_minutes=$uptime_minutes" if defined($uptime_minutes); -} - -if (defined($uptime_minutes)) { - if (defined($o_prevperf)) { - $status = 1 if defined($o_warn) && exists($prev_perf{uptime_minutes}) && $prev_perf{uptime_minutes} > $uptime_minutes; - $status = 2 if defined($o_crit) && exists($prev_perf{uptime_minutes}) && $prev_perf{uptime_minutes} > $uptime_minutes; - } - else { - $status = 1 if defined($o_warn) && !isnnum($o_warn) && $o_warn >= $uptime_minutes; - $status = 2 if defined($o_crit) && !isnnum($o_crit) && $o_crit >= $uptime_minutes; - } -} -alarm(0); - -my $exit_status="UNKNOWN"; -$exit_status="OK" if $status==0; -$exit_status="WARNING" if $status==1; -$exit_status="CRITICAL" if $status==2; -$exit_status="UNKNOWN" if $status==3; -$exit_status="$o_label $exit_status" if defined($o_label); -print "$exit_status: $system_info"; -print " - $uptime_info"; -print " | ",$perf_out if $perf_out; -print "\n"; -exit $status; diff --git a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/nrpe.cfg.erb b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/nrpe.cfg.erb deleted file mode 100644 index 960dd61..0000000 --- a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/nrpe.cfg.erb +++ /dev/null @@ -1,262 +0,0 @@ -<%# nrpe.cfg %> - -# ################################################### -# # # -# # # This file is managed with -# # # -# # # ##### # # ##### ##### ###### ##### -# # # # # # # # # # # # # -# # # # # # # # # # # ##### # -# # # ##### # # ##### ##### # # -# # # # # # # # # # -# # # # #### # # ###### # -# # # -# # # ... so you can't just change it locally. -# # # -# # ################################################### - -############################################################################# -# Sample NRPE Config File -# Written by: Ethan Galstad (nagios@nagios.org) -# -# Last Modified: 11-23-2007 -# -# NOTES: -# This is a sample configuration file for the NRPE daemon. It needs to be -# located on the remote host that is running the NRPE daemon, not the host -# from which the check_nrpe client is being executed. -############################################################################# - - -# LOG FACILITY -# The syslog facility that should be used for logging purposes. - -log_facility=daemon - - - -# PID FILE -# The name of the file in which the NRPE daemon should write it's process ID -# number. The file is only written if the NRPE daemon is started by the root -# user and is running in standalone mode. - -pid_file=/var/run/nagios/nrpe.pid - - - -# PORT NUMBER -# Port number we should wait for connections on. -# NOTE: This must be a non-priviledged port (i.e. > 1024). -# NOTE: This option is ignored if NRPE is running under either inetd or xinetd - -server_port=5666 - - - -# SERVER ADDRESS -# Address that nrpe should bind to in case there are more than one interface -# and you do not want nrpe to bind on all interfaces. -# NOTE: This option is ignored if NRPE is running under either inetd or xinetd - -#server_address=127.0.0.1 - - - -# NRPE USER -# This determines the effective user that the NRPE daemon should run as. -# You can either supply a username or a UID. -# -# NOTE: This option is ignored if NRPE is running under either inetd or xinetd - -nrpe_user=nagios - - - -# NRPE GROUP -# This determines the effective group that the NRPE daemon should run as. -# You can either supply a group name or a GID. -# -# NOTE: This option is ignored if NRPE is running under either inetd or xinetd - -nrpe_group=nagios - - - -# ALLOWED HOST ADDRESSES -# This is an optional comma-delimited list of IP address or hostnames -# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask -# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently -# supported. -# -# Note: The daemon only does rudimentary checking of the client's IP -# address. I would highly recommend adding entries in your /etc/hosts.allow -# file to allow only the specified host to connect to the port -# you are running this daemon on. -# -# NOTE: This option is ignored if NRPE is running under either inetd or xinetd - -allowed_hosts= <%= @allowed_hosts %> - -# COMMAND ARGUMENT PROCESSING -# This option determines whether or not the NRPE daemon will allow clients -# to specify arguments to commands that are executed. This option only works -# if the daemon was configured with the --enable-command-args configure script -# option. -# -# *** ENABLING THIS OPTION IS A SECURITY RISK! *** -# Read the SECURITY file for information on some of the security implications -# of enabling this variable. -# -# Values: 0=do not allow arguments, 1=allow command arguments - -dont_blame_nrpe=0 - - - -# BASH COMMAND SUBTITUTION -# This option determines whether or not the NRPE daemon will allow clients -# to specify arguments that contain bash command substitutions of the form -# $(...). This option only works if the daemon was configured with both -# the --enable-command-args and --enable-bash-command-substitution configure -# script options. -# -# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! *** -# Read the SECURITY file for information on some of the security implications -# of enabling this variable. -# -# Values: 0=do not allow bash command substitutions, -# 1=allow bash command substitutions - -allow_bash_command_substitution=0 - - - -# COMMAND PREFIX -# This option allows you to prefix all commands with a user-defined string. -# A space is automatically added between the specified prefix string and the -# command line from the command definition. -# -# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! *** -# Usage scenario: -# Execute restricted commmands using sudo. For this to work, you need to add -# the nagios user to your /etc/sudoers. An example entry for alllowing -# execution of the plugins from might be: -# -# nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/ -# -# This lets the nagios user run all commands in that directory (and only them) -# without asking for a password. If you do this, make sure you don't give -# random users write access to that directory or its contents! - -# command_prefix=/usr/bin/sudo - - - -# DEBUGGING OPTION -# This option determines whether or not debugging messages are logged to the -# syslog facility. -# Values: 0=debugging off, 1=debugging on - -debug=0 - - - -# COMMAND TIMEOUT -# This specifies the maximum number of seconds that the NRPE daemon will -# allow plugins to finish executing before killing them off. - -command_timeout=60 - - - -# CONNECTION TIMEOUT -# This specifies the maximum number of seconds that the NRPE daemon will -# wait for a connection to be established before exiting. This is sometimes -# seen where a network problem stops the SSL being established even though -# all network sessions are connected. This causes the nrpe daemons to -# accumulate, eating system resources. Do not set this too low. - -connection_timeout=300 - - - -# WEEK RANDOM SEED OPTION -# This directive allows you to use SSL even if your system does not have -# a /dev/random or /dev/urandom (on purpose or because the necessary patches -# were not applied). The random number generator will be seeded from a file -# which is either a file pointed to by the environment valiable $RANDFILE -# or $HOME/.rnd. If neither exists, the pseudo random number generator will -# be initialized and a warning will be issued. -# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness - -#allow_weak_random_seed=1 - - - -# INCLUDE CONFIG FILE -# This directive allows you to include definitions from an external config file. - -#include= - - - -# INCLUDE CONFIG DIRECTORY -# This directive allows you to include definitions from config files (with a -# .cfg extension) in one or more directories (with recursion). - -#include_dir= -#include_dir= - - - -# COMMAND DEFINITIONS -# Command definitions that this daemon will run. Definitions -# are in the following format: -# -# command[]= -# -# When the daemon receives a request to return the results of -# it will execute the command specified by the argument. -# -# Unlike Nagios, the command line cannot contain macros - it must be -# typed exactly as it should be executed. -# -# Note: Any plugins that are used in the command lines must reside -# on the machine that this daemon is running on! The examples below -# assume that you have plugins installed in a /usr/local/nagios/libexec -# directory. Also note that you will have to modify the definitions below -# to match the argument format the plugins expect. Remember, these are -# examples only! - - -# The following examples use hardcoded command arguments... - -command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10 -command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20 -command[check_root]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p / -command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z -command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200 -command[check_uptime]=/usr/lib/nagios/plugins/check_uptime.pl -f -command[check_reboot]=/usr/lib/nagios/plugins/check_reboot - -# The following examples allow user-supplied arguments and can -# only be used if the NRPE daemon was compiled with support for -# command arguments *AND* the dont_blame_nrpe directive in this -# config file is set to '1'. This poses a potential security risk, so -# make sure you read the SECURITY file before doing this. - -#command[check_users]=/usr/lib/nagios/plugins/check_users -w $ARG1$ -c $ARG2$ -#command[check_load]=/usr/lib/nagios/plugins/check_load -w $ARG1$ -c $ARG2$ -#command[check_disk]=/usr/lib/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ -#command[check_procs]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ - -# -# local configuration: -# if you'd prefer, you can instead place directives here -include=/etc/nagios/nrpe_local.cfg - -# -# you can place your config snipplets into nrpe.d/ -# only snipplets ending in .cfg will get included -include_dir=/etc/nagios/nrpe.d/ - -- cgit v1.1