summaryrefslogtreecommitdiffstats
path: root/puppet-infracloud/modules/opnfv/manifests/server.pp
diff options
context:
space:
mode:
Diffstat (limited to 'puppet-infracloud/modules/opnfv/manifests/server.pp')
-rw-r--r--puppet-infracloud/modules/opnfv/manifests/server.pp222
1 files changed, 222 insertions, 0 deletions
diff --git a/puppet-infracloud/modules/opnfv/manifests/server.pp b/puppet-infracloud/modules/opnfv/manifests/server.pp
new file mode 100644
index 00000000..5bbcd750
--- /dev/null
+++ b/puppet-infracloud/modules/opnfv/manifests/server.pp
@@ -0,0 +1,222 @@
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2016 RedHat and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+class opnfv::server (
+ $iptables_public_tcp_ports = [],
+ $iptables_public_udp_ports = [],
+ $iptables_rules4 = [],
+ $iptables_rules6 = [],
+ $sysadmins = [],
+ $enable_unbound = true,
+ $purge_apt_sources = true,
+) {
+ ###########################################################
+ # Classes for all hosts
+
+ include snmpd
+ include sudoers
+
+ class { 'iptables':
+ public_tcp_ports => $iptables_public_tcp_ports,
+ public_udp_ports => $all_udp,
+ rules4 => $iptables_rules4,
+ rules6 => $iptables_rules6,
+ }
+
+ class { 'timezone':
+ timezone => 'Etc/UTC',
+ }
+
+ if ($enable_unbound) {
+ class { 'unbound':
+ install_resolv_conf => $install_resolv_conf
+ }
+ }
+
+ if ($::in_chroot) {
+ notify { 'rsyslog in chroot':
+ message => 'rsyslog not refreshed, running in chroot',
+ }
+ $rsyslog_notify = []
+ } else {
+ service { 'rsyslog':
+ ensure => running,
+ enable => true,
+ hasrestart => true,
+ require => Package['rsyslog'],
+ }
+ $rsyslog_notify = [ Service['rsyslog'] ]
+ }
+
+ ###########################################################
+ # System tweaks
+
+ # Increase syslog message size in order to capture
+ # python tracebacks with syslog.
+ file { '/etc/rsyslog.d/99-maxsize.conf':
+ ensure => present,
+ # Note MaxMessageSize is not a puppet variable.
+ content => '$MaxMessageSize 6k',
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ notify => $rsyslog_notify,
+ require => Package['rsyslog'],
+ }
+
+ # We don't like byobu
+ file { '/etc/profile.d/Z98-byobu.sh':
+ ensure => absent,
+ }
+
+ if $::osfamily == 'Debian' {
+
+ # Ubuntu installs their whoopsie package by default, but it eats through
+ # memory and we don't need it on servers
+ package { 'whoopsie':
+ ensure => absent,
+ }
+
+ package { 'popularity-contest':
+ ensure => absent,
+ }
+ }
+
+ ###########################################################
+ # Package resources for all operating systems
+
+ package { 'at':
+ ensure => present,
+ }
+
+ package { 'lvm2':
+ ensure => present,
+ }
+
+ package { 'strace':
+ ensure => present,
+ }
+
+ package { 'tcpdump':
+ ensure => present,
+ }
+
+ package { 'rsyslog':
+ ensure => present,
+ }
+
+ package { 'git':
+ ensure => present,
+ }
+
+ package { 'rsync':
+ ensure => present,
+ }
+
+ case $::osfamily {
+ 'RedHat': {
+ $packages = ['parted', 'puppet', 'wget', 'iputils']
+ $user_packages = ['emacs-nox', 'vim-enhanced']
+ $update_pkg_list_cmd = ''
+ }
+ 'Debian': {
+ $packages = ['parted', 'puppet', 'wget', 'iputils-ping']
+ case $::operatingsystemrelease {
+ /^(12|14)\.(04|10)$/: {
+ $user_packages = ['emacs23-nox', 'vim-nox', 'iftop',
+ 'sysstat', 'iotop']
+ }
+ default: {
+ $user_packages = ['emacs-nox', 'vim-nox']
+ }
+ }
+ $update_pkg_list_cmd = 'apt-get update >/dev/null 2>&1;'
+ }
+ default: {
+ fail("Unsupported osfamily: ${::osfamily} The 'openstack_project' module only supports osfamily Debian or RedHat (slaves only).")
+ }
+ }
+ package { $packages:
+ ensure => present
+ }
+
+ ###########################################################
+ # Package resources for specific operating systems
+
+ case $::osfamily {
+ 'Debian': {
+ # Purge and augment existing /etc/apt/sources.list if requested, and make
+ # sure apt-get update is run before any packages are installed
+ class { '::apt':
+ purge => { 'sources.list' => $purge_apt_sources }
+ }
+
+ # Make sure dig is installed
+ package { 'dnsutils':
+ ensure => present,
+ }
+ }
+ 'RedHat': {
+ # Make sure dig is installed
+ package { 'bind-utils':
+ ensure => present,
+ }
+ }
+ }
+
+ ###########################################################
+ # Manage ntp
+
+ include '::ntp'
+
+ if ($::osfamily == "RedHat") {
+ # Utils in ntp-perl are included in Debian's ntp package; we
+ # add it here for consistency. See also
+ # https://tickets.puppetlabs.com/browse/MODULES-3660
+ package { 'ntp-perl':
+ ensure => present
+ }
+ # NOTE(pabelanger): We need to ensure ntpdate service starts on boot for
+ # centos-7. Currently, ntpd explicitly require ntpdate to be running before
+ # the sync process can happen in ntpd. As a result, if ntpdate is not
+ # running, ntpd will start but fail to sync because of DNS is not properly
+ # setup.
+ package { 'ntpdate':
+ ensure => present,
+ }
+ service { 'ntpdate':
+ enable => true,
+ require => Package['ntpdate'],
+ }
+ }
+
+ ###########################################################
+ # Manage python/pip
+
+ $desired_virtualenv = '13.1.0'
+ class { '::pip':
+ optional_settings => {
+ 'extra-index-url' => '',
+ },
+ manage_pip_conf => true,
+ }
+
+ if (( versioncmp($::virtualenv_version, $desired_virtualenv) < 0 )) {
+ $virtualenv_ensure = $desired_virtualenv
+ } else {
+ $virtualenv_ensure = present
+ }
+ package { 'virtualenv':
+ ensure => $virtualenv_ensure,
+ provider => openstack_pip,
+ require => Class['pip'],
+ }
+
+ # add hosts entries
+ create_resources('host', hiera_hash('hosts'))
+}