node default {
# we really should rename this one
- include site
+ include deprecated
include base
# this is magic: it will include whatever classes says we should
ensure => absent
}
- if getfromhash($site::nodeinfo, 'ganeti') {
+ if getfromhash($deprecated::nodeinfo, 'ganeti') {
include ganeti2
}
}
if $::mta == 'exim4' {
- if getfromhash($site::nodeinfo, 'heavy_exim') {
+ if getfromhash($deprecated::nodeinfo, 'heavy_exim') {
include exim::mx
} else {
include exim
# bacula, on Debian 9 (stretch), does not resolve a single name
# to both v4 and v6 addresses. Se we can't just say
# ip = { addr = <hostname> }. Boo.
- <%- if scope.lookupvar('site::nodeinfo')['misc']['has_v4_ldap'] -%>
+ <%- if scope.lookupvar('deprecated::nodeinfo')['misc']['has_v4_ldap'] -%>
ipv4 = {
# use the hostname rather than the IP address from LDAP,
# as /etc/hosts might have a better answer in case of natted hosts.
port = <%= @bacula_client_port %>
}
<%- end -%>
- <%- scope.lookupvar('site::nodeinfo')['misc']['v6_ldap'].each do |addr| -%>
+ <%- scope.lookupvar('deprecated::nodeinfo')['misc']['v6_ldap'].each do |addr| -%>
ipv6 = {
addr = <%= addr %>
port = <%= @bacula_client_port %>
TLS Certificate = "<%= @bacula_ssl_client_cert %>"
TLS Key = "<%= @bacula_ssl_client_key %>"
-<%- if scope.lookupvar('site::nodeinfo')['hoster']['name'] == "brown" -%>
+<%- if scope.lookupvar('deprecated::nodeinfo')['hoster']['name'] == "brown" -%>
# broken firewall
Heartbeat Interval = 60
<%- end -%>
# bacula, on Debian 9 (stretch), does not resolve a single name
# to both v4 and v6 addresses. Se we can't just say
# ip = { addr = <hostname> }. Boo.
- <%- if scope.lookupvar('site::nodeinfo')['misc']['has_v4_ldap'] -%>
+ <%- if scope.lookupvar('deprecated::nodeinfo')['misc']['has_v4_ldap'] -%>
ipv4 = {
# use the hostname rather than the IP address from LDAP,
# as /etc/hosts might have a better answer in case of natted hosts.
port = <%= @bacula_storage_port %>
}
<%- end -%>
- <%- if scope.lookupvar('site::nodeinfo')['misc']['has_v6_ldap'] -%>
+ <%- if scope.lookupvar('deprecated::nodeinfo')['misc']['has_v6_ldap'] -%>
ipv6 = {
addr = <%= @bacula_storage_address %>
port = <%= @bacula_storage_port %>
class base(
- Stdlib::IP::Address $public_address = filter_ipv4(getfromhash($site::nodeinfo, 'ldap', 'ipHostNumber'))[0],
- Optional[Stdlib::IP::Address] $public_address6 = filter_ipv6(getfromhash($site::nodeinfo, 'ldap', 'ipHostNumber'))[0],
+ Stdlib::IP::Address $public_address = filter_ipv4(getfromhash($deprecated::nodeinfo, 'ldap', 'ipHostNumber'))[0],
+ Optional[Stdlib::IP::Address] $public_address6 = filter_ipv6(getfromhash($deprecated::nodeinfo, 'ldap', 'ipHostNumber'))[0],
) {
$public_addresses = [ $public_address, $public_address6 ].filter |$addr| { $addr != undef }
}
class debian_org::mail_incoming_port {
- case getfromhash($site::nodeinfo, 'mail_port') {
- Numeric: { $mail_port = sprintf("%d", getfromhash($site::nodeinfo, 'mail_port')) }
+ case getfromhash($deprecated::nodeinfo, 'mail_port') {
+ Numeric: { $mail_port = sprintf("%d", getfromhash($deprecated::nodeinfo, 'mail_port')) }
/^(\d+)$/: { $mail_port = $1 }
default: { $mail_port = '25' }
}
---
-hoster: <%= scope.lookupvar('site::nodeinfo')['hoster']['name'] %>
+hoster: <%= scope.lookupvar('deprecated::nodeinfo')['hoster']['name'] %>
--- /dev/null
+class deprecated {
+
+ $localinfo = yamlinfo('*')
+ $nodeinfo = nodeinfo($::fqdn)
+ $allnodeinfo = allnodeinfo('sshRSAHostKey ipHostNumber', 'purpose mXRecord physicalHost purpose')
+ $roles = hiera('roles')
+}
class entropykey {
- if getfromhash($site::nodeinfo, 'entropy_key') {
+ if getfromhash($deprecated::nodeinfo, 'entropy_key') {
include entropykey::provider
}
- $entropy_provider = entropy_provider($::fqdn, $site::nodeinfo)
+ $entropy_provider = entropy_provider($::fqdn, $deprecated::nodeinfo)
case $entropy_provider {
false: {}
local: { include entropykey::local_consumer }
# MAIN CONFIGURATION SETTINGS #
######################################################################
-<%- if scope.lookupvar('site::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('site::nodeinfo')['heavy_exim'] -%>
+<%- if scope.lookupvar('deprecated::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('deprecated::nodeinfo')['heavy_exim'] -%>
perl_startup = do '/etc/exim4/exim_surbl.pl'
<%- end -%>
acl_smtp_helo = check_helo
acl_smtp_rcpt = ${if ={$interface_port}{587} {check_submission}{check_recipient}}
acl_smtp_data = check_message
-<%- if scope.lookupvar('site::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('site::nodeinfo')['heavy_exim'] -%>
+<%- if scope.lookupvar('deprecated::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('deprecated::nodeinfo')['heavy_exim'] -%>
acl_smtp_mime = acl_check_mime
<%- end -%>
acl_smtp_predata = acl_check_predata
message_size_limit = 100M
message_logs = false
smtp_accept_max_per_host = ${if match_ip {$sender_host_address}{+debianhosts}{0}{7}}
-<%- if scope.lookupvar('site::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('site::nodeinfo')['heavy_exim'] -%>
+<%- if scope.lookupvar('deprecated::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('deprecated::nodeinfo')['heavy_exim'] -%>
smtp_accept_max = 300
smtp_accept_queue = 200
smtp_accept_queue_per_connection = 50
delay_warning =
-<%- if scope.lookupvar('site::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('site::nodeinfo')['heavy_exim'] -%>
+<%- if scope.lookupvar('deprecated::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('deprecated::nodeinfo')['heavy_exim'] -%>
message_body_visible = 5000
queue_run_max = 50
deliver_queue_load_max = 50
ports << 587
end
-if not scope.lookupvar('site::nodeinfo')['mail_port'].to_s.empty?
- ports << scope.lookupvar('site::nodeinfo')['mail_port']
+if not scope.lookupvar('deprecated::nodeinfo')['mail_port'].to_s.empty?
+ ports << scope.lookupvar('deprecated::nodeinfo')['mail_port']
end
if @is_mailrelay
- ports << scope.lookupvar('site::nodeinfo')['smarthost_port']
+ ports << scope.lookupvar('deprecated::nodeinfo')['smarthost_port']
end
out += ports.uniq.sort.join(" : ")
accept verify = certificate
<%- end -%>
-<%- if scope.lookupvar('site::nodeinfo')['smarthost'].empty? -%>
+<%- if scope.lookupvar('deprecated::nodeinfo')['smarthost'].empty? -%>
# These are in HELO acl so that they are only run once. They increment a counter,
# so we don't want it to increment per rcpt to.
accept local_parts = +postmasterish
domains = +virtual_domains : +bsmtp_domains
-<%- if scope.lookupvar('site::nodeinfo')['smarthost'].empty? -%>
+<%- if scope.lookupvar('deprecated::nodeinfo')['smarthost'].empty? -%>
deny message = host $sender_host_address is listed in $dnslist_domain; see $dnslist_text
dnslists = ${if match_domain{$domain}{+virtual_domains}\
{${if exists {${extract{directory}{VDOMAINDATA}{${value}/rbllist}}}\
domains = +handled_domains
!hosts = +debianhosts : WHITELIST
-<%- if scope.lookupvar('site::nodeinfo')['smarthost'].empty? -%>
+<%- if scope.lookupvar('deprecated::nodeinfo')['smarthost'].empty? -%>
deny domains = +handled_domains
local_parts = ${if match_domain{$domain}{+virtual_domains}\
{${if exists {${extract{directory}{VDOMAINDATA}{${value}/callout_users}}}\
deny message = relay not permitted
-<%- if scope.lookupvar('site::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('site::nodeinfo')['heavy_exim'] -%>
+<%- if scope.lookupvar('deprecated::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('deprecated::nodeinfo')['heavy_exim'] -%>
acl_check_mime:
accept verify = certificate
message = X-malware detected: $malware_name
<%- end -%>
-<%- if scope.lookupvar('site::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('site::nodeinfo')['heavy_exim'] -%>
+<%- if scope.lookupvar('deprecated::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('deprecated::nodeinfo')['heavy_exim'] -%>
discard condition = ${if <{$message_size}{256000}}
condition = ${if eq {$acl_m_prf}{blackhole}}
set acl_m_srb = ${perl{surblspamcheck}}
<%=
out = ""
-if not scope.lookupvar('site::nodeinfo')['smarthost'].empty?
+if not scope.lookupvar('deprecated::nodeinfo')['smarthost'].empty?
out = "
smarthost:
debug_print = \"R: smarthost for $local_part@$domain\"
driver = manualroute
domains = !+handled_domains
transport = remote_smtp_smarthost
- route_list = * #{scope.lookupvar('site::nodeinfo')['smarthost']}
+ route_list = * #{scope.lookupvar('deprecated::nodeinfo')['smarthost']}
host_find_failed = defer
same_domain_copy_routing = yes
no_more
<%=
out = ""
-if not scope.lookupvar('site::nodeinfo')['smarthost'].empty?
+if not scope.lookupvar('deprecated::nodeinfo')['smarthost'].empty?
out = '
remote_smtp_smarthost:
debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
driver = smtp
delay_after_cutoff = false
port = '
- out += scope.lookupvar('site::nodeinfo')['smarthost_port'].to_s + "\n"
+ out += scope.lookupvar('deprecated::nodeinfo')['smarthost_port'].to_s + "\n"
out += ' tls_tempfail_tryclear = false
- hosts_require_tls = ' + scope.lookupvar('site::nodeinfo')['smarthost'] + '
+ hosts_require_tls = ' + scope.lookupvar('deprecated::nodeinfo')['smarthost'] + '
tls_certificate = /etc/exim4/ssl/thishost.crt
tls_privatekey = /etc/exim4/ssl/thishost.key
'
end
mxregex = Regexp.new('^\d+\s+(.*?)\.?$')
-scope.lookupvar('site::allnodeinfo').keys.sort.each do |host|
- next unless scope.lookupvar('site::allnodeinfo')[host]['mXRecord']
- scope.lookupvar('site::allnodeinfo')[host]['mXRecord'].each do |mx|
+scope.lookupvar('deprecated::allnodeinfo').keys.sort.each do |host|
+ next unless scope.lookupvar('deprecated::allnodeinfo')[host]['mXRecord']
+ scope.lookupvar('deprecated::allnodeinfo')[host]['mXRecord'].each do |mx|
mxmatch = mxregex.match(mx)
if mxmatches.include?(mxmatch[1])
route = host + ":\t\t" + host
- if scope.lookupvar('site::localinfo').has_key?(host) and scope.lookupvar('site::localinfo')[host].has_key?('mail_port') and scope.lookupvar('site::localinfo')[host]['mail_port'].to_s != ''
- route += "::" + scope.lookupvar('site::localinfo')[host]['mail_port'].to_s
+ if scope.lookupvar('deprecated::localinfo').has_key?(host) and scope.lookupvar('site::localinfo')[host].has_key?('mail_port') and scope.lookupvar('site::localinfo')[host]['mail_port'].to_s != ''
+ route += "::" + scope.lookupvar('deprecated::localinfo')[host]['mail_port'].to_s
end
routes << route
end
}
- $munin_ips = getfromhash($site::nodeinfo, 'misc', 'v4addrs')
+ $munin_ips = getfromhash($deprecated::nodeinfo, 'misc', 'v4addrs')
.map |$addr| { "ip_${addr}" }
munin::check { $munin_ips: script => 'ip_', }
- $munin6_ips = getfromhash($site::nodeinfo, 'misc', 'v6addrs')
+ $munin6_ips = getfromhash($deprecated::nodeinfo, 'misc', 'v6addrs')
.map |$addr| { "ip_${addr}" }
munin::ipv6check { $munin6_ips: }
include ferm::zivit
}
- if (getfromhash($site::nodeinfo, 'hoster', 'name') == "aql") {
+ if (getfromhash($deprecated::nodeinfo, 'hoster', 'name') == "aql") {
include ferm::aql
}
# quantz, master, coccia
rule => @("EOF")
&SERVICE_RANGE(tcp, 5452, (
- ${ join(getfromhash($site::allnodeinfo, 'quantz.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($site::allnodeinfo, 'master.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($site::allnodeinfo, 'coccia.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($site::allnodeinfo, 'respighi.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($site::allnodeinfo, 'wuiet.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($deprecated::allnodeinfo, 'quantz.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($deprecated::allnodeinfo, 'master.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($deprecated::allnodeinfo, 'coccia.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($deprecated::allnodeinfo, 'respighi.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($deprecated::allnodeinfo, 'wuiet.debian.org', 'ipHostNumber'), " ") }
))
| EOF
}
domain => '(ip ip6)',
rule => @("EOF"/$)
&SERVICE_RANGE(tcp, 5433, (
- ${ join(getfromhash($site::allnodeinfo, 'bmdb1.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($deprecated::allnodeinfo, 'bmdb1.debian.org', 'ipHostNumber'), " ") }
\$HOST_PGBACKUPHOST
))
| EOF
domain => '(ip ip6)',
rule => @("EOF"/$)
&SERVICE_RANGE(tcp, 5435, (
- ${ join(getfromhash($site::allnodeinfo, 'ticharich.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($site::allnodeinfo, 'petrova.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($site::allnodeinfo, 'ullmann.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($site::allnodeinfo, 'wuiet.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($site::allnodeinfo, 'quantz.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($site::allnodeinfo, 'respighi.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($site::allnodeinfo, 'rusca.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($site::allnodeinfo, 'tate.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($deprecated::allnodeinfo, 'ticharich.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($deprecated::allnodeinfo, 'petrova.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($deprecated::allnodeinfo, 'ullmann.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($deprecated::allnodeinfo, 'wuiet.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($deprecated::allnodeinfo, 'quantz.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($deprecated::allnodeinfo, 'respighi.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($deprecated::allnodeinfo, 'rusca.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($deprecated::allnodeinfo, 'tate.debian.org', 'ipHostNumber'), " ") }
\$HOST_PGBACKUPHOST
))
| EOF
domain => '(ip ip6)',
rule => @("EOF"/$)
&SERVICE_RANGE(tcp, 5434, (
- ${ join(getfromhash($site::allnodeinfo, 'coccia.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($site::allnodeinfo, 'quantz.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($site::allnodeinfo, 'nono.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($site::allnodeinfo, 'wuiet.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($site::allnodeinfo, 'respighi.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($site::allnodeinfo, 'usper.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($site::allnodeinfo, 'ullmann.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($deprecated::allnodeinfo, 'coccia.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($deprecated::allnodeinfo, 'quantz.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($deprecated::allnodeinfo, 'nono.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($deprecated::allnodeinfo, 'wuiet.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($deprecated::allnodeinfo, 'respighi.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($deprecated::allnodeinfo, 'usper.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($deprecated::allnodeinfo, 'ullmann.debian.org', 'ipHostNumber'), " ") }
))
| EOF
}
domain => '(ip ip6)',
rule => @("EOF"/$)
&SERVICE_RANGE(tcp, 5436, (
- ${ join(getfromhash($site::allnodeinfo, 'respighi.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($site::allnodeinfo, 'wuiet.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($site::allnodeinfo, 'ullmann.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($deprecated::allnodeinfo, 'respighi.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($deprecated::allnodeinfo, 'wuiet.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($deprecated::allnodeinfo, 'ullmann.debian.org', 'ipHostNumber'), " ") }
\$HOST_PGBACKUPHOST
))
| EOF
domain => '(ip ip6)',
rule => @("EOF"/$)
&SERVICE_RANGE(tcp, 5437, (
- ${ join(getfromhash($site::allnodeinfo, 'dinis.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($site::allnodeinfo, 'storace.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($deprecated::allnodeinfo, 'dinis.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($deprecated::allnodeinfo, 'storace.debian.org', 'ipHostNumber'), " ") }
\$HOST_PGBACKUPHOST
))
| EOF
domain => '(ip ip6)',
rule => @("EOF"/$)
&SERVICE_RANGE(tcp, 5439, (
- ${ join(getfromhash($site::allnodeinfo, 'delfin.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($deprecated::allnodeinfo, 'delfin.debian.org', 'ipHostNumber'), " ") }
))
| EOF
}
domain => '(ip ip6)',
rule => @("EOF"/$)
&SERVICE_RANGE(tcp, 5440, (
- ${ join(getfromhash($site::allnodeinfo, 'sor.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($deprecated::allnodeinfo, 'sor.debian.org', 'ipHostNumber'), " ") }
\$HOST_PGBACKUPHOST
))
| EOF
domain => '(ip ip6)',
rule => @("EOF"/$)
&SERVICE_RANGE(tcp, 5473, (
- ${ join(getfromhash($site::allnodeinfo, 'lw07.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($site::allnodeinfo, 'snapshotdb-manda-01.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($deprecated::allnodeinfo, 'lw07.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($deprecated::allnodeinfo, 'snapshotdb-manda-01.debian.org', 'ipHostNumber'), " ") }
\$HOST_PGBACKUPHOST
))
| EOF
def $MUNIN_IPS = (<%=
begin
- scope.lookupvar('site::nodeinfo')['misc']['v4addrs'].join(' ')
+ scope.lookupvar('deprecated::nodeinfo')['misc']['v4addrs'].join(' ')
rescue
''
end
%>);
def $MUNIN_IPS = ($MUNIN_IPS <%=
begin
- scope.lookupvar('site::nodeinfo')['misc']['v6addrs'].join(' ')
+ scope.lookupvar('deprecated::nodeinfo')['misc']['v6addrs'].join(' ')
rescue
''
end
<%
rolehost={}
- allnodeinfo = scope.lookupvar('site::allnodeinfo')
- roles = scope.lookupvar('site::roles')
+ allnodeinfo = scope.lookupvar('deprecated::allnodeinfo')
+ roles = scope.lookupvar('deprecated::roles')
%w{mailrelay nagiosmaster extranrpeclient muninmaster dbmaster dns_geo postgres_backup_server syncproxy security_master ftp_master historical_master ports_master mirrormaster dns_primary}.each do |role|
rolehost[role] = []
##
<%=
-nodeinfo = scope.lookupvar('site::nodeinfo')
+nodeinfo = scope.lookupvar('deprecated::nodeinfo')
out = []
restricted_purposes = ['kvm host', 'ganeti/kvm host', 'central syslog server', 'puppet master', 'jumphost', 'buildd', 'static-mirror', 'anycast mirror']
$drbd = false
}
'ganeti2-osuosl.debian.org': {
- $ganeti_hosts = getfromhash($site::allnodeinfo, 'pijper.debian.org', 'ipHostNumber') +
- getfromhash($site::allnodeinfo, 'pieta.debian.org', 'ipHostNumber')
- $ganeti_priv = getfromhash($site::allnodeinfo, 'pijper.debian.org', 'ipHostNumber') +
- getfromhash($site::allnodeinfo, 'pieta.debian.org', 'ipHostNumber')
+ $ganeti_hosts = getfromhash($deprecated::allnodeinfo, 'pijper.debian.org', 'ipHostNumber') +
+ getfromhash($deprecated::allnodeinfo, 'pieta.debian.org', 'ipHostNumber')
+ $ganeti_priv = getfromhash($deprecated::allnodeinfo, 'pijper.debian.org', 'ipHostNumber') +
+ getfromhash($deprecated::allnodeinfo, 'pieta.debian.org', 'ipHostNumber')
$drbd = true
}
'ganeti.manda.debian.org': {
- $ganeti_hosts = getfromhash($site::allnodeinfo, 'manda-node03.debian.org', 'ipHostNumber') +
- getfromhash($site::allnodeinfo, 'manda-node04.debian.org', 'ipHostNumber')
+ $ganeti_hosts = getfromhash($deprecated::allnodeinfo, 'manda-node03.debian.org', 'ipHostNumber') +
+ getfromhash($deprecated::allnodeinfo, 'manda-node04.debian.org', 'ipHostNumber')
$ganeti_priv = ['172.29.182.13', '172.29.182.14']
$drbd = true
}
$drbd = true
}
'ganeti3.ubc.debian.org': {
- $ganeti_hosts = getfromhash($site::allnodeinfo, 'ubc-node-arm01.debian.org', 'ipHostNumber') +
- getfromhash($site::allnodeinfo, 'ubc-node-arm02.debian.org', 'ipHostNumber') +
- getfromhash($site::allnodeinfo, 'ubc-node-arm03.debian.org', 'ipHostNumber')
+ $ganeti_hosts = getfromhash($deprecated::allnodeinfo, 'ubc-node-arm01.debian.org', 'ipHostNumber') +
+ getfromhash($deprecated::allnodeinfo, 'ubc-node-arm02.debian.org', 'ipHostNumber') +
+ getfromhash($deprecated::allnodeinfo, 'ubc-node-arm03.debian.org', 'ipHostNumber')
$ganeti_priv = ['172.29.42.51', '172.29.42.52', '172.29.42.53']
$drbd = true
}
return l
end
-if scope.lookupvar('site::nodeinfo')['ldap'].has_key?('architecture')
- arch = scope.lookupvar('site::nodeinfo')['ldap']['architecture'][0]
+if scope.lookupvar('deprecated::nodeinfo')['ldap'].has_key?('architecture')
+ arch = scope.lookupvar('deprecated::nodeinfo')['ldap']['architecture'][0]
else
arch = 'unknown'
end
purp = ''
-if scope.lookupvar('site::nodeinfo').has_key?('nameinfo')
- purp += " " + wrap(scope.lookupvar('site::nodeinfo')['nameinfo']) + "\n"
+if scope.lookupvar('deprecated::nodeinfo').has_key?('nameinfo')
+ purp += " " + wrap(scope.lookupvar('deprecated::nodeinfo')['nameinfo']) + "\n"
end
-ninfo = scope.lookupvar('site::nodeinfo')
+ninfo = scope.lookupvar('deprecated::nodeinfo')
extra = 'Welcome to ' + @fqdn
-if (scope.lookupvar('site::nodeinfo')['ldap'].has_key?('purpose'))
- p = scope.lookupvar('site::nodeinfo')['ldap']['purpose'].clone()
+if (scope.lookupvar('deprecated::nodeinfo')['ldap'].has_key?('purpose'))
+ p = scope.lookupvar('deprecated::nodeinfo')['ldap']['purpose'].clone()
entries = ""
if classes.include?("roles::buildd")
if p.size() > 0
entries += (entries == "") ? ", " : ". Also "
entries +="used for the following services:\n"
- scope.lookupvar('site::nodeinfo')['ldap']['purpose'].sort.each do |l|
+ scope.lookupvar('deprecated::nodeinfo')['ldap']['purpose'].sort.each do |l|
l = markup(l)
entries += "\t#{l}\n"
end
end
purp += " " + wrap(extra) + "\n"
-if (scope.lookupvar('site::nodeinfo')['ldap'].has_key?('physicalHost'))
+if (scope.lookupvar('deprecated::nodeinfo')['ldap'].has_key?('physicalHost'))
if ninfo['ldap']['physicalHost'][0] =~ /ganeti/
phys_host = 'cluster'
else
purp += wrap(" This virtual server runs on the #{phys_host} #{ninfo['ldap']['physicalHost'][0]}, " +
"which is hosted at #{ninfo['hoster']['longname']}."
)
-elsif scope.lookupvar('site::nodeinfo')['hoster']['name']
+elsif scope.lookupvar('deprecated::nodeinfo')['hoster']['name']
purp += wrap(" This server is hosted at #{ninfo['hoster']['longname']}.")
end
vms = []
-scope.lookupvar('site::allnodeinfo').keys.sort.each do |node|
- if scope.lookupvar('site::allnodeinfo')[node]['physicalHost'] and scope.lookupvar('site::allnodeinfo')[node]['physicalHost'].include?(@fqdn)
+scope.lookupvar('deprecated::allnodeinfo').keys.sort.each do |node|
+ if scope.lookupvar('deprecated::allnodeinfo')[node]['physicalHost'] and scope.lookupvar('site::allnodeinfo')[node]['physicalHost'].include?(@fqdn)
vms << node
end
end
purp += "\nThe following virtual machines run on this system:\n"
vms.each do |node|
purp += "\t- #{node}"
- if scope.lookupvar('site::allnodeinfo')[node]['purpose']
+ if scope.lookupvar('deprecated::allnodeinfo')[node]['purpose']
purp += ":\n"
- scope.lookupvar('site::allnodeinfo')[node]['purpose'].sort.each do |l|
+ scope.lookupvar('deprecated::allnodeinfo')[node]['purpose'].sort.each do |l|
l = markup(l)
purp += "\t " + l + "\n"
end
#end
#nodes.reject{|node| node.eql?(fqdn)}.each do |node|
# purp += "\t" + node + "\n"
- # scope.lookupvar('site::allnodeinfo')[node]['ipHostNumber'].each do |ip|
+ # scope.lookupvar('deprecated::allnodeinfo')[node]['ipHostNumber'].each do |ip|
# purp += "\t\t" + ip + "\n"
# end
#end
purp += "\n " + wrap("Note that this host is _NOT_ being backed up. If you care about your data, run your own backups.")
end
-if scope.lookupvar('site::nodeinfo').has_key?('footer')
- purp += "\n" + wrap(scope.lookupvar('site::nodeinfo')['footer'])
+if scope.lookupvar('deprecated::nodeinfo').has_key?('footer')
+ purp += "\n" + wrap(scope.lookupvar('deprecated::nodeinfo')['footer'])
end
purp
allow ^127\.0\.0\.1$
<%=
str = ''
-roles = scope.lookupvar('site::roles')
+roles = scope.lookupvar('deprecated::roles')
roles['muninmaster'].each do |node|
- scope.lookupvar('site::allnodeinfo')[node]['ipHostNumber'].each do |ip|
+ scope.lookupvar('deprecated::allnodeinfo')[node]['ipHostNumber'].each do |ip|
str += "allow ^" + ip.split('.').join('\.') + "$\n"
end
end
<%=
nagii = []
-roles = scope.lookupvar('site::roles')
+roles = scope.lookupvar('deprecated::roles')
roles['nagiosmaster'].each do |nag|
- nagii << scope.lookupvar('site::allnodeinfo')[nag]['ipHostNumber']
+ nagii << scope.lookupvar('deprecated::allnodeinfo')[nag]['ipHostNumber']
end
roles['extranrpeclient'].each do |nag|
- nagii << scope.lookupvar('site::allnodeinfo')[nag]['ipHostNumber']
+ nagii << scope.lookupvar('deprecated::allnodeinfo')[nag]['ipHostNumber']
end
out = "allowed_hosts=" + nagii.flatten.sort.uniq.join(',')
file "db._openpgpkey.debian.org";
allow-query { any; };
masters {
- ${ join(getfromhash($site::allnodeinfo, 'kaufmann.debian.org', 'ipHostNumber'), ";") } ;
+ ${ join(getfromhash($deprecated::allnodeinfo, 'kaufmann.debian.org', 'ipHostNumber'), ";") } ;
};
allow-transfer {
127.0.0.1;
acl Nagios {
<%=
- roles = scope.lookupvar('site::roles')
+ roles = scope.lookupvar('deprecated::roles')
str = ''
roles['nagiosmaster'].each do |node|
- str += scope.lookupvar('site::allnodeinfo')[node]['ipHostNumber'].collect do |ip|
+ str += scope.lookupvar('deprecated::allnodeinfo')[node]['ipHostNumber'].collect do |ip|
if ip =~ /:/
"\t#{ip}/128;\n"
else
lines << "key #{keyname} { algorithm hmac-sha256; secret \"#{key}\"; };"
- remote_ip = scope.lookupvar('site::allnodeinfo')[other]['ipHostNumber']
+ remote_ip = scope.lookupvar('deprecated::allnodeinfo')[other]['ipHostNumber']
remote_ip.each do |r|
lines << "server #{r} { keys { #{keyname}; }; };"
end
]:
}
- if getfromhash($site::nodeinfo, 'timeserver') {
+ if getfromhash($deprecated::nodeinfo, 'timeserver') {
include ntp::timeserver
} else {
include ntp::client
crypto randfile /dev/urandom
keysdir /etc/ntp.keys.d
-<% if scope.lookupvar('site::nodeinfo')['timeserver'] -%>
+<% if scope.lookupvar('deprecated::nodeinfo')['timeserver'] -%>
server 0.debian.pool.ntp.org iburst dynamic
server 1.debian.pool.ntp.org iburst dynamic
server 2.debian.pool.ntp.org iburst dynamic
server 3.debian.pool.ntp.org iburst dynamic
leapfile /usr/share/zoneinfo/leap-seconds.list
-<% elsif scope.lookupvar('site::nodeinfo')['misc']['natted'] -%>
+<% elsif scope.lookupvar('deprecated::nodeinfo')['misc']['natted'] -%>
# autokey doesn't work behind nat
# manda-node03's, and bm-bl2's ipv4 IP, hard coded for the benefit of
if allowed_ports.length > 0
sshkey = getportforwarderkey(sourcehost)
- remote_ip = scope.lookupvar('site::allnodeinfo')[sourcehost]['ipHostNumber'].join(',')
+ remote_ip = scope.lookupvar('deprecated::allnodeinfo')[sourcehost]['ipHostNumber'].join(',')
local_bind = get_local_ip_addr(sourcehost)
lines << "# from #{sourcehost}"
compatibility_level = 2
smtp_dns_support_level = dnssec
-<%- if scope.lookupvar('site::nodeinfo')['smarthost'].empty? -%>
+<%- if scope.lookupvar('deprecated::nodeinfo')['smarthost'].empty? -%>
smtp_tls_security_level = dane
<%- else -%>
smtp_tls_security_level = dane-only
# yes, do MX lookups on the relayhost, since those have TLSA records
-relayhost = <%= scope.lookupvar('site::nodeinfo')['smarthost'] %>:submission
+relayhost = <%= scope.lookupvar('deprecated::nodeinfo')['smarthost'] %>:submission
<%- end -%>
# tls stuff
$pg_version,
$pg_cluster = 'main',
$pg_port = 5432,
- $backup_servers = getfromhash($site::roles, 'postgres_backup_server'),
+ $backup_servers = getfromhash($deprecated::roles, 'postgres_backup_server'),
$db_backup_role = 'debian-backup',
$db_backup_role_password = hkdf('/etc/puppet/secret', "postgresql-${::hostname}-${$pg_cluster}-${pg_port}-backup_role}"),
$do_role = false,
#
define postgres::backup_server::register_backup_clienthost (
$sshpubkey = $::postgres_key,
- $ipaddrlist = join(getfromhash($site::nodeinfo, 'ldap', 'ipHostNumber'), ","),
+ $ipaddrlist = join(getfromhash($deprecated::nodeinfo, 'ldap', 'ipHostNumber'), ","),
$hostname = $::hostname,
) {
include postgres::backup_server::globals
# Use the first ipv4 address from LDAP, since the puppet fact is not always
# the IP address we want to use. For instance, for storace $::facts['ipaddress']
# is 172.29.170.1 (from bond1) instead of 93.94.130.161 from eth0.
- $public_ipaddress = getfromhash($site::nodeinfo, 'misc', 'v4_ldap')[0]
+ $public_ipaddress = getfromhash($deprecated::nodeinfo, 'misc', 'v4_ldap')[0]
# we do ipsec on the backend since it traveres over other people's switching infra
ipsec::network { "fasolo_storace":
fqdn = args[0]
nodeinfo = args[1]
- localinfo = lookupvar('site::localinfo')
- allnodeinfo = lookupvar('site::allnodeinfo')
+ localinfo = lookupvar('deprecated::localinfo')
+ allnodeinfo = lookupvar('deprecated::allnodeinfo')
raise Puppet::ParseError, "entropy_provider: Cannot learn fqdn" unless fqdn
raise Puppet::ParseError, "entropy_provider: Cannot learn nodeinfo" unless nodeinfo
module Puppet::Parser::Functions
newfunction(:has_role, :type => :rvalue) do |args|
role = args[0]
- roles = lookupvar('site::roles')
+ roles = lookupvar('deprecated::roles')
fqdn = lookupvar('fqdn')
if not roles.include?(role)
err "Failed to look up missing role #{role}"
include named::authoritative
- $notify_address_bind = join(getfromhash($site::allnodeinfo, 'denis.debian.org', 'ipHostNumber'), "; ")
+ $notify_address_bind = join(getfromhash($deprecated::allnodeinfo, 'denis.debian.org', 'ipHostNumber'), "; ")
ferm::rule { '01-dsa-bind':
domain => '(ip ip6)',
password => $pet_password,
}
- $do_hosts = keys($site::localinfo)
+ $do_hosts = keys($deprecated::localinfo)
pubsub::autouser { $do_hosts: }
<%=
lines = []
- scope.lookupvar('site::allnodeinfo').keys.sort.each do |node|
- lines << " # #{scope.lookupvar('site::allnodeinfo')[node]['hostname'][0]}"
- scope.lookupvar('site::allnodeinfo')[node]['ipHostNumber'].each do |addr|
+ scope.lookupvar('deprecated::allnodeinfo').keys.sort.each do |node|
+ lines << " # #{scope.lookupvar('deprecated::allnodeinfo')[node]['hostname'][0]}"
+ scope.lookupvar('deprecated::allnodeinfo')[node]['ipHostNumber'].each do |addr|
lines << " Require ip #{addr}"
end
end
<%=
lines = []
- scope.lookupvar('site::allnodeinfo').keys.sort.each do |node|
- next unless scope.lookupvar('site::allnodeinfo')[node]['purpose']
- if scope.lookupvar('site::allnodeinfo')[node]['purpose'].include?('buildd')
- lines << " # #{scope.lookupvar('site::allnodeinfo')[node]['hostname'][0]}"
- scope.lookupvar('site::allnodeinfo')[node]['ipHostNumber'].each do |addr|
+ scope.lookupvar('deprecated::allnodeinfo').keys.sort.each do |node|
+ next unless scope.lookupvar('deprecated::allnodeinfo')[node]['purpose']
+ if scope.lookupvar('deprecated::allnodeinfo')[node]['purpose'].include?('buildd')
+ lines << " # #{scope.lookupvar('deprecated::allnodeinfo')[node]['hostname'][0]}"
+ scope.lookupvar('deprecated::allnodeinfo')[node]['ipHostNumber'].each do |addr|
lines << " Require ip #{addr}"
end
end
Require ip 127.0.0.1
<%=
lines = []
- roles = scope.lookupvar('site::roles')
+ roles = scope.lookupvar('deprecated::roles')
roles['planet_master'].each do |node|
- lines << "\t\t# #{scope.lookupvar('site::allnodeinfo')[node]['hostname'][0]}"
- scope.lookupvar('site::allnodeinfo')[node]['ipHostNumber'].each do |addr|
+ lines << "\t\t# #{scope.lookupvar('deprecated::allnodeinfo')[node]['hostname'][0]}"
+ scope.lookupvar('deprecated::allnodeinfo')[node]['ipHostNumber'].each do |addr|
lines << "\t\tRequire ip #{addr}"
end
end
crl = []
-roles = scope.lookupvar('site::roles')
+roles = scope.lookupvar('deprecated::roles')
roles['sso'].each do |node|
c = getcrl(node)
next if c.nil?
<%=
# do not include mirrors in static_mirror_nopush
-static_mirror_nopush = scope.lookupvar('site::roles')['static_mirror_nopush']
+static_mirror_nopush = scope.lookupvar('deprecated::roles')['static_mirror_nopush']
-scope.lookupvar('site::roles')['static_mirror'].reject{ |x| static_mirror_nopush.include?(x) }.join("\n")
+scope.lookupvar('deprecated::roles')['static_mirror'].reject{ |x| static_mirror_nopush.include?(x) }.join("\n")
# vim:set et:
# vim:set sts=4 ts=4:
dir=/etc/bacula/conf.d
<%=
out=""
-if scope.lookupvar('site::nodeinfo')['heavy_exim']
+if scope.lookupvar('deprecated::nodeinfo')['heavy_exim']
out = '
file=/etc/exim4/surbl_whitelist.txt
file=/etc/exim4/exim_surbl.pl
+++ /dev/null
-class site {
-
- $localinfo = yamlinfo('*')
- $nodeinfo = nodeinfo($::fqdn)
- $allnodeinfo = allnodeinfo('sshRSAHostKey ipHostNumber', 'purpose mXRecord physicalHost purpose')
- $roles = hiera('roles')
-}
<%
- allnodeinfo = scope.lookupvar('site::allnodeinfo')
- roles = scope.lookupvar('site::roles')
+ allnodeinfo = scope.lookupvar('deprecated::allnodeinfo')
+ roles = scope.lookupvar('deprecated::roles')
%>
# local admin
PasswordAuthentication no
<%=
- allnodeinfo = scope.lookupvar('site::allnodeinfo')
+ allnodeinfo = scope.lookupvar('deprecated::allnodeinfo')
out = ''
settings = '# Banner "You are coming from a debian.org host."'
allnodeinfo.keys.sort.each do |node|
<%=
servers = []
@localtimeservers.each do |node|
- scope.lookupvar('site::allnodeinfo')[node]['ipHostNumber'].each do |addr|
+ scope.lookupvar('deprecated::allnodeinfo')[node]['ipHostNumber'].each do |addr|
servers << addr
end
end
class time {
include stdlib
$localtimeservers = hiera('local-timeservers', [])
- $physicalHost = $site::allnodeinfo[$fqdn]['physicalHost']
+ $physicalHost = $deprecated::allnodeinfo[$fqdn]['physicalHost']
#if ($systemd and $physicalHost and size($localtimeservers) > 0) {
if ($systemd and size($localtimeservers) > 0 and $::is_virtual and $::virtual == 'kvm') {
class unbound {
include stdlib
- $is_recursor = getfromhash($site::nodeinfo, 'misc', 'resolver-recursive')
+ $is_recursor = getfromhash($deprecated::nodeinfo, 'misc', 'resolver-recursive')
$client_ranges = hiera('allow_dns_query')
$firewall_blocks_dns = hiera('firewall_blocks_dns', false)
$empty_client_range = empty($client_ranges)
projects / mirror / dsa-puppet.git / commitdiff