11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
# File 'modules/profile/manifests/base.pp', line 11
class profile::base(
Hash $wikimedia_clusters = lookup('wikimedia_clusters'),
String $cluster = lookup('cluster'),
String $remote_syslog_send_logs = lookup('profile::base::remote_syslog_send_logs'),
Boolean $overlayfs = lookup('profile::base::overlayfs'),
Boolean $enable_contacts = lookup('profile::base::enable_contacts'),
String $core_dump_pattern = lookup('profile::base::core_dump_pattern'),
Boolean $unprivileged_userns_clone = lookup('profile::base::unprivileged_userns_clone'),
Array $remote_syslog = lookup('profile::base::remote_syslog'),
Hash $remote_syslog_tls = lookup('profile::base::remote_syslog_tls'),
) {
# Sanity checks for cluster - T234232
if ! has_key($wikimedia_clusters, $cluster) {
fail("Cluster ${cluster} not defined in wikimedia_clusters")
}
if ! has_key($wikimedia_clusters[$cluster]['sites'], $::site) {
fail("Site ${::site} not found in cluster ${cluster}")
}
# create standard directories
# perform this here and early to avoid dependency cycles
file { ['/usr/local/sbin', '/usr/local/share/bash']:
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
contain profile::puppet::agent
contain profile::base::certificates
include profile::apt
include profile::systemd::timesyncd
class { 'adduser': }
class { 'grub::defaults': }
include passwords::root
include network::constants
include profile::resolving
include profile::mail::default_mail_relay
include profile::prometheus::node_exporter
class { 'rsyslog': }
include profile::prometheus::rsyslog_exporter
$remote_syslog_tls_servers = $remote_syslog_tls[$::site]
unless empty($remote_syslog) and empty($remote_syslog_tls_servers) {
class { 'base::remote_syslog':
enable => true,
central_hosts => $remote_syslog,
central_hosts_tls => $remote_syslog_tls_servers,
send_logs => $remote_syslog_send_logs,
}
}
# TODO: make base::sysctl a profile itself?
class { 'base::sysctl':
unprivileged_userns_clone => $unprivileged_userns_clone,
}
class { 'motd': }
class { 'base::standard_packages': }
Class['profile::apt'] -> Class['base::standard_packages']
include profile::environment
class { 'base::sysctl::core_dumps':
core_dump_pattern => $core_dump_pattern,
}
include profile::ssh::client
include profile::ssh::server
class { 'base::kernel':
overlayfs => $overlayfs,
}
include profile::debdeploy::client
class { 'base::initramfs': }
include profile::auto_restarts
class { 'prometheus::node_debian_version': }
if $facts['is_virtual'] and debian::codename::le('buster') {
class {'haveged': }
}
if $facts['has_ipmi'] and debian::codename::ge('bullseye') {
class { 'prometheus::ipmi_exporter': }
}
}
|