Puppet Class: profile::base
- Defined in:
- modules/profile/manifests/base.pp
Summary
profile to configure base configOverview
SPDX-License-Identifier: Apache-2.0
13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 |
# File 'modules/profile/manifests/base.pp', line 13
class profile::base (
Hash $wikimedia_clusters = lookup('wikimedia_clusters'),
String $cluster = lookup('cluster'),
String $remote_syslog_send_logs = lookup('profile::base::remote_syslog_send_logs'),
Boolean $overlayfs = lookup('profile::base::overlayfs'),
Boolean $enable_contacts = lookup('profile::base::enable_contacts'),
String $core_dump_pattern = lookup('profile::base::core_dump_pattern'),
Boolean $unprivileged_userns_clone = lookup('profile::base::unprivileged_userns_clone'),
Array $remote_syslog = lookup('profile::base::remote_syslog'),
Hash $remote_syslog_tls = lookup('profile::base::remote_syslog_tls'),
Boolean $use_linux510_on_buster = lookup('profile::base::use_linux510_on_buster', {'default_value' => false}),
) {
# Sanity checks for cluster - T234232
if ! has_key($wikimedia_clusters, $cluster) {
fail("Cluster ${cluster} not defined in wikimedia_clusters")
}
if ! has_key($wikimedia_clusters[$cluster]['sites'], $::site) {
fail("Site ${::site} not found in cluster ${cluster}")
}
# create standard directories
# perform this here and early to avoid dependency cycles
file { ['/usr/local/sbin', '/usr/local/share/bash']:
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
include profile::adduser
contain profile::puppet::agent
contain profile::base::certificates
include profile::apt
include profile::systemd::timesyncd
if $use_linux510_on_buster {
include profile::base::linux510
}
class { 'grub::defaults': }
include passwords::root
include network::constants
include profile::resolving
include profile::mail::default_mail_relay
include profile::prometheus::node_exporter
class { 'rsyslog': }
include profile::prometheus::rsyslog_exporter
$remote_syslog_tls_servers = $remote_syslog_tls[$::site]
unless empty($remote_syslog) and empty($remote_syslog_tls_servers) {
class { 'base::remote_syslog':
enable => true,
central_hosts => $remote_syslog,
central_hosts_tls => $remote_syslog_tls_servers,
send_logs => $remote_syslog_send_logs,
}
}
# TODO: make base::sysctl a profile itself?
class { 'base::sysctl':
unprivileged_userns_clone => $unprivileged_userns_clone,
}
class { 'motd': }
class { 'base::standard_packages': }
Class['profile::apt'] -> Class['base::standard_packages']
include profile::environment
class { 'base::sysctl::core_dumps':
core_dump_pattern => $core_dump_pattern,
}
include profile::ssh::client
include profile::ssh::server
class { 'base::kernel':
overlayfs => $overlayfs,
}
include profile::debdeploy::client
class { 'base::initramfs': }
include profile::auto_restarts
class { 'prometheus::node_debian_version': }
if $facts['is_virtual'] and debian::codename::le('buster') and $facts['virtual'] != 'lxc' {
class { 'haveged': }
}
}
|