X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fgrub%2Fmanifests%2Finit.pp;h=88079f4dcf0dec725e7c954c3889e1a70c1e7afd;hb=7d26559131d4900e63edae21954e5604ae1ff8d4;hp=8e0e097a1783fbb32325c16c26e78f0ae5ea212e;hpb=d88f042b4ba17fbb014eb0f11dbd1f8b12d78a41;p=mirror%2Fdsa-puppet.git

diff --git a/modules/grub/manifests/init.pp b/modules/grub/manifests/init.pp
index 8e0e097a1..88079f4dc 100644
--- a/modules/grub/manifests/init.pp
+++ b/modules/grub/manifests/init.pp
@@ -3,28 +3,38 @@ class grub {
 
 	if ($::kernel == 'Linux' and $::is_virtual and $::virtual == 'kvm') {
 		$grub_manage = true
-		$grub_do_kernel_serial = true
-		$grub_do_grub_serial = true
-	} elsif $::hostname in [ubc-enc2bl01,ubc-enc2bl02,ubc-enc2bl09,ubc-enc2bl10,casulana,mirror-anu,sallinen,storace,mirror-accumu,bm-bl1,bm-bl2,bm-bl3,bm-bl4,bm-bl5,bm-bl6,bm-bl7,bm-bl8,bm-bl9,bm-bl10,bm-bl11,bm-bl12,bm-bl13,bm-bl14] {
+		if ($::debarchitecture != 'ppc64el') {
+			$grub_do_kernel_serial = true
+			$grub_do_grub_serial = true
+		}
+	} elsif $::hostname in [ubc-enc2bl01,ubc-enc2bl02,ubc-enc2bl09,ubc-enc2bl10,casulana,mirror-anu,sallinen,storace,mirror-accumu,bm-bl1,bm-bl2,bm-bl3,bm-bl4,bm-bl5,bm-bl6,bm-bl7,bm-bl8,bm-bl9,bm-bl10,bm-bl11,bm-bl12,bm-bl13,bm-bl14,grnet-node01,grnet-node02,csail-node01,csail-node02,byrd,mirror-isc,mirror-umn,lobos,villa,klecker,clementi,czerny,lw01,lw02,lw03,lw04,lw07,lw08,lw09,lw10] {
 		$grub_manage = true
 		$grub_do_kernel_serial = true
 		$grub_do_grub_serial = true
-	} elsif $::hostname in [mirror-skroutz,aagaard,acker,arm-arm-01,fasolo] {
+	} elsif $::hostname in [mirror-skroutz,conova-node01,conova-node02,arm-arm-01,fasolo,manda-node03,manda-node04,schmelzer,smit,new-klecker] {
 		$grub_manage = true
 		$grub_do_kernel_serial = true
 		$grub_do_grub_serial = true
-	} elsif $::hostname in [acker,arm-arm-03] {
+	} elsif $::hostname in [arm-arm-03] {
 		$grub_manage = true
 		$grub_do_kernel_serial = true
 		$grub_do_grub_serial = false
+	#} elsif $::hostname in [villa] {
+	#	$grub_manage = true
+	#	$grub_do_kernel_serial = false
+	#	$grub_do_grub_serial = false
 	} else {
 		$grub_manage = false
 	}
 
-	$grub_do_nopat = $::hostname in [ubc-enc2bl01,ubc-enc2bl02,ubc-enc2bl09,ubc-enc2bl10,casulana,mirror-anu,sallinen,storace,mirror-accumu,bm-bl1,bm-bl2,bm-bl3,bm-bl4,bm-bl5,bm-bl6,bm-bl7,bm-bl8,bm-bl9,bm-bl10,bm-bl11,bm-bl12,bm-bl13,bm-bl14,villa]
-	$grub_do_extra = $::hostname in [fasolo]
+	if ($::update_grub and $grub_manage) {
+		# hp-health requires nopat on linux 4.9
+		$grub_do_nopat = ($::systemproductname and $::systemproductname =~ /^ProLiant/ and versioncmp($::kernelversion, '4.9') >= 0)
+
+		$grub_do_pti_on = ($::debarchitecture == 'amd64' and versioncmp($::lsbmajdistrelease, '9') >= 0)
+
+		$grub_do_extra = $::hostname in [fasolo,grnet-node01,grnet-node02]
 
-	if $grub_manage {
 		file { '/etc/default/grub':
 			# restore to default
 			source => 'puppet:///modules/grub/etc-default-grub',
@@ -69,6 +79,12 @@ class grub {
 			content  => template('grub/puppet-kernel-extra.cfg.erb'),
 			notify  => Exec['update-grub']
 		}
+
+		file { '/etc/default/grub.d/puppet-kernel-pti-on.cfg':
+			ensure => $grub_do_pti_on ? { true  => 'present', default => 'absent' },
+			content  => template('grub/puppet-kernel-pti-on.cfg.erb'),
+			notify  => Exec['update-grub']
+		}
 	}
 
 	exec { 'update-grub':