X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fgrub%2Fmanifests%2Finit.pp;h=51f3f877bac247891fe82393185b12d8c08beaf4;hb=1eb059797393099ff8bbfd961718a0fd46f18379;hp=2c0ee0049c30886171c9fdaaca7d6d690513f21e;hpb=0e95fbdd080c4c7156bf2c4f938c0b85629a3981;p=mirror%2Fdsa-puppet.git

diff --git a/modules/grub/manifests/init.pp b/modules/grub/manifests/init.pp
index 2c0ee0049..51f3f877b 100644
--- a/modules/grub/manifests/init.pp
+++ b/modules/grub/manifests/init.pp
@@ -5,11 +5,11 @@ class grub {
 		$grub_manage = true
 		$grub_do_kernel_serial = true
 		$grub_do_grub_serial = true
-	} elsif $::hostname in [ubc-enc2bl01,ubc-enc2bl02,ubc-enc2bl09,ubc-enc2bl10,casulana,mirror-anu,sallinen,storace,mirror-accumu,bm-bl1,bm-bl2,bm-bl3,bm-bl4,bm-bl5,bm-bl6,bm-bl7,bm-bl8,bm-bl9,bm-bl10,bm-bl11,bm-bl12,bm-bl13,bm-bl14] {
+	} elsif $::hostname in [ubc-enc2bl01,ubc-enc2bl02,ubc-enc2bl09,ubc-enc2bl10,casulana,mirror-anu,sallinen,storace,mirror-accumu,bm-bl1,bm-bl2,bm-bl3,bm-bl4,bm-bl5,bm-bl6,bm-bl7,bm-bl8,bm-bl9,bm-bl10,bm-bl11,bm-bl12,bm-bl13,bm-bl14,grnet-node01,grnet-node02,csail-node01,csail-node02,byrd,mirror-isc,mirror-umn,lobos,villa,klecker,clementi,czerny] {
 		$grub_manage = true
 		$grub_do_kernel_serial = true
 		$grub_do_grub_serial = true
-	} elsif $::hostname in [mirror-skroutz,aagaard,conova-node02,arm-arm-01,fasolo] {
+	} elsif $::hostname in [mirror-skroutz,conova-node01,conova-node02,arm-arm-01,fasolo] {
 		$grub_manage = true
 		$grub_do_kernel_serial = true
 		$grub_do_grub_serial = true
@@ -17,10 +17,10 @@ class grub {
 		$grub_manage = true
 		$grub_do_kernel_serial = true
 		$grub_do_grub_serial = false
-	} elsif $::hostname in [villa,mirror-isc] {
-		$grub_manage = true
-		$grub_do_kernel_serial = false
-		$grub_do_grub_serial = false
+	#} elsif $::hostname in [villa] {
+	#	$grub_manage = true
+	#	$grub_do_kernel_serial = false
+	#	$grub_do_grub_serial = false
 	} else {
 		$grub_manage = false
 	}
@@ -29,7 +29,9 @@ class grub {
 		# hp-health requires nopat on linux 4.9
 		$grub_do_nopat = ($::systemproductname and $::systemproductname =~ /^ProLiant/ and versioncmp($::kernelversion, '4.9') >= 0)
 
-		$grub_do_extra = $::hostname in [fasolo]
+		$grub_do_pti_on = ($::debarchitecture == 'amd64' and versioncmp($::lsbmajdistrelease, '9') >= 0)
+
+		$grub_do_extra = $::hostname in [fasolo,grnet-node01,grnet-node02]
 
 		file { '/etc/default/grub':
 			# restore to default
@@ -75,6 +77,12 @@ class grub {
 			content  => template('grub/puppet-kernel-extra.cfg.erb'),
 			notify  => Exec['update-grub']
 		}
+
+		file { '/etc/default/grub.d/puppet-kernel-pti-on.cfg':
+			ensure => $grub_do_pti_on ? { true  => 'present', default => 'absent' },
+			content  => template('grub/puppet-kernel-pti-on.cfg.erb'),
+			notify  => Exec['update-grub']
+		}
 	}
 
 	exec { 'update-grub':