opendev/system-config
Code Issues Proposed changes
system-config/modules/openstack_project/manifests/template.pp
Clark Boylan 8ebf38cd29 Allow puppet to be automatically upgraded 
Since the puppet 3 release puppet versions are semver and we should be
able to rely on minor version releases not breaking the world. To get
security updates and the like allow puppet to be automatically upgraded.
Do this by setting an additional origin for the puppetlabs apt repo in
our unattended upgrades template.

Change-Id: I6224ef68aeb891431661f3afc553c4c3433e583a
2014-09-12 12:55:31 -07:00

118 lines
2.8 KiB
Puppet
Raw Blame History

# == Class: openstack_project::template
#
# A template host with no running services
#
class openstack_project::template (
$iptables_public_tcp_ports = [],
$iptables_public_udp_ports = [],
$iptables_rules4 = [],
$iptables_rules6 = [],
$pin_puppet = '2.7.',
$install_users = true,
$install_resolv_conf = true,
$automatic_upgrades = true,
$certname = $::fqdn,
$ca_server = undef,
$enable_unbound = true,
) {
include ssh
include snmpd
if $automatic_upgrades == true {
class { 'openstack_project::automatic_upgrades':
origins => "Puppetlabs:${lsbdistcodename}",
}
}
class { 'iptables':
public_tcp_ports => $iptables_public_tcp_ports,
public_udp_ports => $iptables_public_udp_ports,
rules4 => $iptables_rules4,
rules6 => $iptables_rules6,
}
class { 'ntp': }
class { 'openstack_project::base':
install_users => $install_users,
certname => $certname,
pin_puppet => $pin_puppet,
ca_server => $ca_server,
}
package { 'lvm2':
ensure => present,
}
package { 'strace':
ensure => present,
}
package { 'tcpdump':
ensure => present,
}
if ($enable_unbound) {
class { 'unbound':
install_resolv_conf => $install_resolv_conf
}
}
if $::osfamily == 'Debian' {
# Make sure dig is installed
package { 'dnsutils':
ensure => present,
}
# Custom rsyslog config to disable /dev/xconsole noise on Debuntu servers
file { '/etc/rsyslog.d/50-default.conf':
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
source =>
'puppet:///modules/openstack_project/rsyslog.d_50-default.conf',
replace => true,
notify => $rsyslog_notify,
}
# Ubuntu installs their whoopsie package by default, but it eats through
# memory and we don't need it on servers
package { 'whoopsie':
ensure => absent,
}
}
if ($::in_chroot) {
notify { 'rsyslog in chroot':
message => 'rsyslog not refreshed, running in chroot',
}
$rsyslog_notify = []
} else {
service { 'rsyslog':
ensure => running,
enable => true,
hasrestart => true,
}
$rsyslog_notify = [ Service['rsyslog'] ]
}
# Increase syslog message size in order to capture
# python tracebacks with syslog.
file { '/etc/rsyslog.d/99-maxsize.conf':
ensure => present,
# Note MaxMessageSize is not a puppet variable.
content => '$MaxMessageSize 6k',
owner => 'root',
group => 'root',
mode => '0644',
notify => $rsyslog_notify,
}
if ($::osfamily == 'RedHat') {
# Make sure dig is installed
package { 'bind-utils':
ensure => present,
}
}
}
View Git Blame Copy Permalink