X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fgrub%2Fmanifests%2Finit.pp;h=51f3f877bac247891fe82393185b12d8c08beaf4;hb=1eb059797393099ff8bbfd961718a0fd46f18379;hp=2cc092fc3fd0c8dc17d9c77145eb6c6f558e03a2;hpb=c790002ad0294b39624c17dcd55854362aa6307d;p=mirror%2Fdsa-puppet.git

diff --git a/modules/grub/manifests/init.pp b/modules/grub/manifests/init.pp
index 2cc092fc3..51f3f877b 100644
--- a/modules/grub/manifests/init.pp
+++ b/modules/grub/manifests/init.pp
@@ -1,35 +1,38 @@
 class grub {
+	$grub_do_ifnames = ($::kernel == 'Linux' and $::is_virtual and $::virtual == 'kvm')
+
 	if ($::kernel == 'Linux' and $::is_virtual and $::virtual == 'kvm') {
 		$grub_manage = true
 		$grub_do_kernel_serial = true
 		$grub_do_grub_serial = true
-		$grub_do_ifnames = true
-	} elsif $::hostname in [ubc-enc2bl01,ubc-enc2bl02,ubc-enc2bl09,ubc-enc2bl10,casulana,mirror-anu,sallinen,storace,mirror-accumu] {
+	} elsif $::hostname in [ubc-enc2bl01,ubc-enc2bl02,ubc-enc2bl09,ubc-enc2bl10,casulana,mirror-anu,sallinen,storace,mirror-accumu,bm-bl1,bm-bl2,bm-bl3,bm-bl4,bm-bl5,bm-bl6,bm-bl7,bm-bl8,bm-bl9,bm-bl10,bm-bl11,bm-bl12,bm-bl13,bm-bl14,grnet-node01,grnet-node02,csail-node01,csail-node02,byrd,mirror-isc,mirror-umn,lobos,villa,klecker,clementi,czerny] {
 		$grub_manage = true
 		$grub_do_kernel_serial = true
 		$grub_do_grub_serial = true
-		$grub_do_nopat = true
-	} elsif $::hostname in [mirror-skroutz,aagard,acker,arm-arm-01,fasolo] {
+	} elsif $::hostname in [mirror-skroutz,conova-node01,conova-node02,arm-arm-01,fasolo] {
 		$grub_manage = true
 		$grub_do_kernel_serial = true
 		$grub_do_grub_serial = true
-		$grub_do_nopat = false
-	} elsif $::hostname in [acker,arm-arm-03] {
+	} elsif $::hostname in [arm-arm-03] {
 		$grub_manage = true
 		$grub_do_kernel_serial = true
 		$grub_do_grub_serial = false
-		$grub_do_nopat = false
+	#} elsif $::hostname in [villa] {
+	#	$grub_manage = true
+	#	$grub_do_kernel_serial = false
+	#	$grub_do_grub_serial = false
 	} else {
 		$grub_manage = false
 	}
 
-	if $::hostname in [fasolo] {
-		$grub_do_extra = true
-	} else {
-		$grub_do_extra = false
-	}
-
 	if $grub_manage {
+		# hp-health requires nopat on linux 4.9
+		$grub_do_nopat = ($::systemproductname and $::systemproductname =~ /^ProLiant/ and versioncmp($::kernelversion, '4.9') >= 0)
+
+		$grub_do_pti_on = ($::debarchitecture == 'amd64' and versioncmp($::lsbmajdistrelease, '9') >= 0)
+
+		$grub_do_extra = $::hostname in [fasolo,grnet-node01,grnet-node02]
+
 		file { '/etc/default/grub':
 			# restore to default
 			source => 'puppet:///modules/grub/etc-default-grub',
@@ -37,7 +40,12 @@ class grub {
 		}
 
 		file { '/etc/default/grub.d':
-			ensure => directory
+			ensure => directory,
+			mode   => '0555',
+			purge   => true,
+			force   => true,
+			recurse => true,
+			source  => 'puppet:///files/empty/',
 		}
 
 		file { '/etc/default/grub.d/puppet-grub-serial.cfg':
@@ -69,6 +77,12 @@ class grub {
 			content  => template('grub/puppet-kernel-extra.cfg.erb'),
 			notify  => Exec['update-grub']
 		}
+
+		file { '/etc/default/grub.d/puppet-kernel-pti-on.cfg':
+			ensure => $grub_do_pti_on ? { true  => 'present', default => 'absent' },
+			content  => template('grub/puppet-kernel-pti-on.cfg.erb'),
+			notify  => Exec['update-grub']
+		}
 	}
 
 	exec { 'update-grub':