# This manifest is managed using cosmos Exec { path => "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", } include sunet class nunoc { include sunet::tools include sunet::motd include sunet::ntp include ufw include apt include apparmor } node default { if $::hostname =~ /ct.nordu.net/ { # kvm hosts need relaxed net? class {'bastion': fstab_fix_shm => false, sysctl_net_hardening => false, } } else { class {'bastion': fstab_fix_shm => false, fixperms_paranoia => true, } } } class dockerhost { class { 'sunet::dockerhost': docker_version => "17.05.0~ce-0~ubuntu-${::lsbdistcodename}", } } class mailclient ($domain) { sunet::preseed_package {"postfix": ensure => present, options => {domain => $domain}} } class entropyclient { include sunet::simple_entropy sunet::ucrandom {'random.nordu.net': } sunet::nagios::nrpe_check_process { 'haveged': } } class ctops { class { 'sunet::server': unattended_upgrades => true, } ssh_authorized_key {'linus': ensure => present, name => 'linus@sunet.se', key => 'AAAAC3NzaC1lZDI1NTE5AAAAID4bv1RXziZSjHkKY5kDbxboNUGkHEpBivdX8fdvl7Zt', type => 'ssh-ed25519', user => 'root' } ssh_authorized_key {'berra+DA7C099B': ensure => present, name => 'berra+DA7C099B@nordu.net', key => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDoUEUPOtw5ZUBblnDlf03EfA8xmoOMVnoxV6nrAwPWsNOWCY39+OO5ckfv8B/n/i/JRIvokPp+YrPpOXi8fLkchiu5AFDBwN4cqS8NETLMwJhImfObIM6M1P9a4re4WuAZ4u2BQ2/Nin7WRewJfAfbvbSx6o5zRp95IotiQiXIH8LyYC7whDUjT7OKvESUwLRnK6wQ4kQRgxpgUbAZxAgPZxRzTL0jPKx5dW2pald5WWXcu9ki4uiPg5fDjHVwAJ3MFNzFfDUrJX0bKSln/ocAJFBuAKTCUHEMXo9arD6LBcj7JoXZP6ZiXlcIUG6hd93vAmL+1fxOWu3Adbtz31hxzfmTHGLwF5HyfBIpdygNBZILwICjKimocD0oevrNcJ0KmgBWnw6ZlZJjKIcxN77wEbmskQ19kj+nTHQIgDeocISfio3iJIKdAGsLo+L+d8x4vMoPgIhJUJf8vT2piTa532mumfH2buWt841Yq3fsP98AQJTPDdsXRUGkIVTIIRIqFN1thV9FaMX5wIErq3oEYNJNDhJ6g+5z6N3Zq4AivXzQnmUOeqIttP0jryO85BBGjAz6LIBTCnirKwdsKv7Bq3g3Y5QARUgL42DQ9ddMyMWud5OKrVSwhPf1tqeQEyhgctA0Ve007h9nfovKFhDyUA24HFfDHlIqIWxuOnk1sw==', type => 'ssh-rsa', user => 'root' } ssh_authorized_key {'mariah+CA747E57': ensure => present, name => 'mariah+CA747E57@nordu.net', key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDLQfL3uYsqjzkKOxn9nhjDHeWdWQ5SRwcPzq7gINcwJ7omA5c7wJ4RKDqBPihJ9tp2rgM6DKKGxtSyjO6LFhkGNa86uub2PLS0ar+aRobPZ6sOeASqHbO3S1mmvZZWTQ30AFjtY98jjlvfKEI5Xu1+UKyQJqK+/UBVKlPaW6GMSYLr9Z5Uu4XS/sBPdL/ZtR95zDO9OKY8OtTufQi8Zy3pl4Q3xcOsSLZrKiEKMYDCLPlxytHD8FDDYLsgiuPlbF8/uVYYrt/LHHMkD552xC+EjA7Qde1jDU6iHTpttn7j/3FKoxvM8BXUG+QpbqGUESjAlAz/PMNCUZ0kVYh9eeXr', type => 'ssh-rsa', user => 'root' } } class nrpe { require apt class {'sunet::nagios': } if ($::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '12.04') { class {'apt::backports': } } package {'nagios-plugins-contrib': ensure => latest} package {'nagios-plugins-extra': ensure => latest} sunet::nagios::nrpe_command {'check_memory': command_line => '/usr/lib/nagios/plugins/check_memory -w 10% -c 5%' } sunet::nagios::nrpe_command {'check_mem': command_line => '/usr/lib/nagios/plugins/check_memory -w 10% -c 5%' } sunet::nagios::nrpe_command {'check_boot_15_5': command_line => '/usr/lib/nagios/plugins/check_disk -w 15% -c 5% -p /boot' } sunet::nagios::nrpe_command {'check_entropy': command_line => '/usr/lib/nagios/plugins/check_entropy' } sunet::nagios::nrpe_command {'check_ntp_time': command_line => '/usr/lib/nagios/plugins/check_ntp_time -H localhost' } sunet::nagios::nrpe_command {'check_scriptherder': command_line => '/usr/local/bin/scriptherder --mode check' } sunet::nagios::nrpe_command {'check_apt': command_line => '/usr/lib/nagios/plugins/check_apt' } } node 'f1.ct.nordu.net' { sunet::cloudimage { 'frontend-1.urd.appendto.org': description => 'catlfish frontend node', image_url => 'https://cloud-images.ubuntu.com/xenial/current/xenial-server-cloudimg-amd64-disk1.img', dhcp => false, repo => 'https://git.nordu.net/ct-ops.git', tagpattern => 'ct-ops', cpus => '16', memory => '16384', mac => '52:54:00:01:00:01', ip => '130.242.125.96', netmask => '255.255.255.192', gateway => '130.242.125.65', resolver => ['130.242.80.14','130.242.80.99'], ssh_keys => ['ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID4bv1RXziZSjHkKY5kDbxboNUGkHEpBivdX8fdvl7Zt linus@sunet.se'], } } node 'm1.ct.nordu.net' { sunet::cloudimage { 'frontend-2.urd.appendto.org': description => 'catlfish frontend node', image_url => 'https://cloud-images.ubuntu.com/xenial/current/xenial-server-cloudimg-amd64-disk1.img', dhcp => false, repo => 'https://git.nordu.net/ct-ops.git', tagpattern => 'ct-ops', cpus => '16', memory => '16384', mac => '52:54:00:02:00:01', ip => '130.242.125.137', netmask => '255.255.255.192', gateway => '130.242.125.129', resolver => ['130.242.80.14','130.242.80.99'], ssh_keys => ['ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID4bv1RXziZSjHkKY5kDbxboNUGkHEpBivdX8fdvl7Zt linus@sunet.se'], } sunet::cloudimage { 'sign-2.urd.appendto.org': description => 'catlfish signing node', image_url => 'https://cloud-images.ubuntu.com/xenial/current/xenial-server-cloudimg-amd64-disk1.img', dhcp => false, repo => 'https://git.nordu.net/ct-ops.git', tagpattern => 'ct-ops', cpus => '2', memory => '4096', mac => '52:54:00:02:00:02', ip => '193.10.80.178', bridge => 'br1', netmask => '255.255.255.248', gateway => '193.10.80.177', resolver => ['130.242.80.14','130.242.80.99'], ssh_keys => ['ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID4bv1RXziZSjHkKY5kDbxboNUGkHEpBivdX8fdvl7Zt linus@sunet.se'], } } node 'm0.ct.nordu.net' { sunet::cloudimage { 'merge-1.urd.appendto.org': description => 'catlfish merge node', image_url => 'https://cloud-images.ubuntu.com/xenial/current/xenial-server-cloudimg-amd64-disk1.img', dhcp => false, repo => 'https://git.nordu.net/ct-ops.git', tagpattern => 'ct-ops', cpus => '8', memory => '16384', mac => '52:54:00:03:00:01', ip => '130.242.125.95', netmask => '255.255.255.192', gateway => '130.242.125.65', resolver => ['130.242.80.14','130.242.80.99'], ssh_keys => ['ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID4bv1RXziZSjHkKY5kDbxboNUGkHEpBivdX8fdvl7Zt linus@sunet.se'], } sunet::cloudimage { 'sign-1.urd.appendto.org': description => 'catlfish signing node', image_url => 'https://cloud-images.ubuntu.com/xenial/current/xenial-server-cloudimg-amd64-disk1.img', dhcp => false, repo => 'https://git.nordu.net/ct-ops.git', tagpattern => 'ct-ops', cpus => '2', memory => '4096', mac => '52:54:00:03:00:02', ip => '193.10.80.146', bridge => 'br1', netmask => '255.255.255.248', gateway => '193.10.80.145', resolver => ['130.242.80.14','130.242.80.99'], ssh_keys => ['ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID4bv1RXziZSjHkKY5kDbxboNUGkHEpBivdX8fdvl7Zt linus@sunet.se'], } } node 'NOTYET_frontend-1.urd.appendto.org' { catlfish::frontend { 'frontend-1': logname => 'urd.appendto.org' } catlfish::storage { 'storage-1': logname => 'urd.appendto.org' } } node 'NOTYET_frontend-2.urd.appendto.org' { catlfish::frontend { 'frontend-2': logname => 'urd.appendto.org' } catlfish::storage { 'storage-2': logname => 'urd.appendto.org' } } node 'NOTYET_merge-1.urd.appendto.org' { catlfish::merge { 'merge-1': logname => 'urd.appendto.org' } } node 'NOTYET_sign-1.urd.appendto.org' { catlfish::signing {'signing-1': logname => 'urd.appendto.org' } } node 'NOTYET_sign-2.urd.appendto.org' { catlfish::signing {'signing-2': logname => 'urd.appendto.org' } }