X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fdebian_org%2Fmanifests%2Finit.pp;h=fd78eaf911dad8a6f24cfaff80a7b603a683006e;hb=63676c0e4a4ff14e69130cbc39880aaea679b845;hp=616be7522943c6405a7fac8aadd93e08854a5d38;hpb=2cabdcc6df70e88f47ed865207985578553b99d5;p=mirror%2Fdsa-puppet.git diff --git a/modules/debian_org/manifests/init.pp b/modules/debian_org/manifests/init.pp index 616be7522..fd78eaf91 100644 --- a/modules/debian_org/manifests/init.pp +++ b/modules/debian_org/manifests/init.pp @@ -6,7 +6,7 @@ class debian_org { include debian_org::apt if $systemd { - include systemd + include dsa_systemd $servicefiles = 'present' } else { $servicefiles = 'absent' @@ -41,25 +41,14 @@ class debian_org { ensure => installed, tag => extra_repo, } - file { '/etc/ssh/ssh_known_hosts': - ensure => present, - replace => false, - mode => '0644', - source => 'puppet:///modules/debian_org/basic-ssh_known_hosts' - } - if versioncmp($::lsbmajdistrelease, '8') >= 0 { - $rubyfs_package = 'ruby-filesystem' - } else { - $rubyfs_package = 'libfilesystem-ruby1.9' - } package { [ 'apt-utils', 'bash-completion', 'dnsutils', 'less', 'lsb-release', - $rubyfs_package, + 'ruby-filesystem', 'mtr-tiny', 'nload', 'pciutils', @@ -132,9 +121,16 @@ class debian_org { content => template('debian_org/debian_facts.yaml.erb') } file { '/etc/timezone': - source => 'puppet:///modules/debian_org/timezone', + content => "Etc/UTC\n", notify => Exec['dpkg-reconfigure tzdata -pcritical -fnoninteractive'], } + if versioncmp($::lsbmajdistrelease, '9') >= 0 { # jessie has a regular file there, for instance + file { '/etc/localtime': + ensure => 'link', + target => '/usr/share/zoneinfo/Etc/UTC', + notify => Exec['dpkg-reconfigure tzdata -pcritical -fnoninteractive'], + } + } if $::hostname == handel { include puppetmaster::db $dbpassword = $puppetmaster::db::password @@ -178,7 +174,20 @@ class debian_org { notify => Exec['systemctl daemon-reload'], } - file { '/etc/cron.d/dsa-puppet-stuff': + concat { '/etc/cron.d/dsa-puppet-stuff': } + concat::fragment { 'dsa-puppet-stuff---header': + target => '/etc/cron.d/dsa-puppet-stuff', + order => '000', + content => @(EOF) + ## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. + SHELL=/bin/bash + MAILTO=root + PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/lib/nagios/plugins + | EOF + } + concat::fragment { 'dsa-puppet-stuff---all': + target => '/etc/cron.d/dsa-puppet-stuff', + order => '010', content => template('debian_org/dsa-puppet-stuff.cron.erb'), require => Package['debian.org'], } @@ -208,7 +217,7 @@ class debian_org { require => Package['debian.org'] } file { '/etc/nsswitch.conf': - mode => '0755', + mode => '0444', source => 'puppet:///modules/debian_org/nsswitch.conf', } @@ -336,4 +345,29 @@ class debian_org { key => 'kernel.unprivileged_bpf_disabled', value => '1', } + + # Disable kpartx udev rules + file { '/etc/udev/rules.d/60-kpartx.rules': + ensure => $has_lib_udev_rules_d_60_kpartx_rules ? { true => 'present', default => 'absent' }, + content => "", + mode => '0444', + } + + # this is only to avoid warnings, else puppet will complain that we + # have a symlink there, even if we're not replacing it anyhow. + if ! $has_etc_ssh_ssh_known_hosts { + file { '/etc/ssh/ssh_known_hosts': + ensure => 'present', + replace => 'no', + content => inline_template('<%= open("/etc/ssh/ssh_known_hosts").read() %>'), + notify => Exec['ud-replicate'], + } + } + + exec { 'ud-replicate': + path => '/usr/bin:/usr/sbin:/bin:/sbin', + command => '/usr/bin/ud-replicate', + refreshonly => true, + require => Package['userdir-ldap'] + } }