X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fgrub%2Fmanifests%2Finit.pp;h=37778d12279cd47b97f706408e00788dcb007a4f;hb=8a2ead3c6f7a440c891891571a0203c7f9b254f7;hp=1f0079f8fdd03cf8ca9083bed824638804674698;hpb=13a25f50b3c02c19412a0b735c655ca203645105;p=mirror%2Fdsa-puppet.git

diff --git a/modules/grub/manifests/init.pp b/modules/grub/manifests/init.pp
index 1f0079f8f..37778d122 100644
--- a/modules/grub/manifests/init.pp
+++ b/modules/grub/manifests/init.pp
@@ -1,29 +1,40 @@
 class grub {
+	$grub_do_ifnames = ($::kernel == 'Linux' and $::is_virtual and $::virtual == 'kvm')
+
 	if ($::kernel == 'Linux' and $::is_virtual and $::virtual == 'kvm') {
 		$grub_manage = true
-		$grub_do_kernel_serial = true
-		$grub_do_grub_serial = true
-		$grub_do_ifnames = true
-	} elsif $::hostname in [ubc-enc2bl01,ubc-enc2bl02,ubc-enc2bl09,ubc-enc2bl10,casulana,mirror-anu,sallinen,storace,mirror-accumu] {
+		if ($::debarchitecture != 'ppc64el') {
+			$grub_do_kernel_serial = true
+			$grub_do_grub_serial = true
+		}
+	} elsif $::hostname in [ubc-enc2bl01,ubc-enc2bl02,ubc-enc2bl09,ubc-enc2bl10,casulana,mirror-anu,sallinen,storace,mirror-accumu,bm-bl1,bm-bl2,bm-bl3,bm-bl4,bm-bl5,bm-bl6,bm-bl7,bm-bl8,bm-bl9,bm-bl10,bm-bl11,bm-bl12,bm-bl13,bm-bl14,grnet-node01,grnet-node02,csail-node01,csail-node02,byrd,mirror-isc,mirror-umn,lobos,villa,klecker,clementi,czerny,lw01,lw02,lw03,lw04,lw07,lw08,lw09,lw10] {
 		$grub_manage = true
 		$grub_do_kernel_serial = true
 		$grub_do_grub_serial = true
-	} elsif $::hostname in [mirror-skroutz,aagaard,acker,arm-arm-01,fasolo] {
+	} elsif $::hostname in [mirror-skroutz,conova-node01,conova-node02,arm-arm-01,fasolo,manda-node03,manda-node04,schmelzer,smit] {
 		$grub_manage = true
 		$grub_do_kernel_serial = true
 		$grub_do_grub_serial = true
-	} elsif $::hostname in [acker,arm-arm-03] {
+	} elsif $::hostname in [arm-arm-03] {
 		$grub_manage = true
 		$grub_do_kernel_serial = true
 		$grub_do_grub_serial = false
+	#} elsif $::hostname in [villa] {
+	#	$grub_manage = true
+	#	$grub_do_kernel_serial = false
+	#	$grub_do_grub_serial = false
 	} else {
 		$grub_manage = false
 	}
 
-	$grub_do_nopat = $::hostname in [ubc-enc2bl01,ubc-enc2bl02,ubc-enc2bl09,ubc-enc2bl10,casulana,mirror-anu,sallinen,storace,mirror-accumu]
-	$grub_do_extra = $::hostname in [fasolo]
+	if ($::update_grub and $grub_manage) {
+		# hp-health requires nopat on linux 4.9
+		$grub_do_nopat = ($::systemproductname and $::systemproductname =~ /^ProLiant/ and versioncmp($::kernelversion, '4.9') >= 0)
+
+		$grub_do_pti_on = ($::debarchitecture == 'amd64' and versioncmp($::lsbmajdistrelease, '9') >= 0)
+
+		$grub_do_extra = $::hostname in [fasolo,grnet-node01,grnet-node02]
 
-	if $grub_manage {
 		file { '/etc/default/grub':
 			# restore to default
 			source => 'puppet:///modules/grub/etc-default-grub',
@@ -31,7 +42,12 @@ class grub {
 		}
 
 		file { '/etc/default/grub.d':
-			ensure => directory
+			ensure => directory,
+			mode   => '0555',
+			purge   => true,
+			force   => true,
+			recurse => true,
+			source  => 'puppet:///files/empty/',
 		}
 
 		file { '/etc/default/grub.d/puppet-grub-serial.cfg':
@@ -63,6 +79,12 @@ class grub {
 			content  => template('grub/puppet-kernel-extra.cfg.erb'),
 			notify  => Exec['update-grub']
 		}
+
+		file { '/etc/default/grub.d/puppet-kernel-pti-on.cfg':
+			ensure => $grub_do_pti_on ? { true  => 'present', default => 'absent' },
+			content  => template('grub/puppet-kernel-pti-on.cfg.erb'),
+			notify  => Exec['update-grub']
+		}
 	}
 
 	exec { 'update-grub':