Puppet Class: profile::base
- Defined in:
- modules/profile/manifests/base.pp
Summary
profile to configure base configOverview
SPDX-License-Identifier: Apache-2.0
19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 |
# File 'modules/profile/manifests/base.pp', line 19
class profile::base (
Hash $wikimedia_clusters = lookup('wikimedia_clusters'),
String $cluster = lookup('cluster'),
Boolean $overlayfs = lookup('profile::base::overlayfs'),
Boolean $enable_contacts = lookup('profile::base::enable_contacts'),
String $core_dump_pattern = lookup('profile::base::core_dump_pattern'),
Boolean $unprivileged_userns_clone = lookup('profile::base::unprivileged_userns_clone'),
Boolean $use_linux510_on_buster = lookup('profile::base::use_linux510_on_buster', {'default_value' => false}),
Boolean $remove_python2_on_bullseye = lookup('profile::base::remove_python2_on_bullseye', {'default_value' => true}),
Boolean $manage_resolvconf = lookup('profile::base::manage_resolvconf', {'default_value' => true}),
Array[String[1]] $additional_purged_packages = lookup('profile::base::additional_purged_packages'),
Boolean $enable_rp_filter = lookup('profile::base::enable_rp_filter', {'default_value' => true}),
Boolean $no_cron = lookup('profile::base::no_cron', {'default_value' => false}),
) {
# Sanity checks for cluster - T234232
if ! has_key($wikimedia_clusters, $cluster) {
fail("Cluster ${cluster} not defined in wikimedia_clusters")
}
if ! has_key($wikimedia_clusters[$cluster]['sites'], $::site) {
fail("Site ${::site} not found in cluster ${cluster}")
}
# create standard directories
# perform this here and early to avoid dependency cycles
file { ['/usr/local/sbin', '/usr/local/share/bash']:
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
include profile::adduser
contain profile::puppet::agent
contain profile::base::certificates
include profile::apt
if !$facts['wmflib']['is_container'] and $manage_resolvconf {
include profile::systemd::timesyncd
}
unless $facts['wmflib']['is_container'] {
class { 'grub::defaults': }
}
if $use_linux510_on_buster {
include profile::base::linux510
}
include passwords::root
include network::constants
if $manage_resolvconf {
include profile::resolving
}
include profile::mail::default_mail_relay
include profile::logrotate
include profile::prometheus::node_exporter
include profile::rsyslog
include profile::syslog::remote
include profile::prometheus::rsyslog_exporter
include profile::prometheus::cadvisor
include profile::prometheus::ethtool_exporter
if !$facts['wmflib']['is_container'] {
# TODO: make base::sysctl a profile itself?
class { 'base::sysctl':
unprivileged_userns_clone => $unprivileged_userns_clone,
enable_rp_filter => $enable_rp_filter,
}
}
class { 'motd': }
# Indicate if any services need to be restarted
motd::script { 'Check for restarts':
priority => 99,
source => 'puppet:///modules/profile/motd/check_restarts.sh',
}
class { 'base::standard_packages':
remove_python2 => $remove_python2_on_bullseye,
additional_purged_packages => $additional_purged_packages,
no_cron => $no_cron,
}
include profile::environment
class { 'base::sysctl::core_dumps':
core_dump_pattern => $core_dump_pattern,
}
include profile::ssh::client
include profile::ssh::server
if !$facts['wmflib']['is_container'] {
class { 'base::kernel':
overlayfs => $overlayfs,
}
}
include profile::debdeploy::client
class { 'base::initramfs': }
include profile::auto_restarts
class { 'prometheus::node_debian_version': }
class { 'prometheus::node_dpkg_success': }
}
|