Hopefully this won't break anything.
resolvoptions: []
allow_dns_query: []
roles:
+ bugsmx:
+ - buxtehude.debian.org
+ bugs_mirror:
+ - beach.debian.org
+ buildd_master:
+ - wuiet.debian.org
+ contributors:
+ - nono.debian.org
+ dbmaster:
+ - draghi.debian.org
+ extranrpeclient:
+ - orff.debian.org
+ ftp.d.o:
+ - klecker.debian.org
+ ftp_master:
+ - franck.debian.org
+ ftp.upload.d.o:
+ - franck.debian.org
+ - ravel.debian.org
+ keyring:
+ - kaufmann.debian.org
+ lists:
+ - bendel.debian.org
+ mailrelay:
+ - mailly.debian.org
+ - muffat.debian.org
+ muninmaster:
+ - menotti.debian.org
+ nagiosmaster:
+ - tchaikovsky.debian.org
+ nm:
+ - nono.debian.org
+ packagesmaster:
+ - picconi.debian.org
+ packagesqamaster:
+ - quantz.debian.org
+ piuparts:
+ - pejacevic.debian.org
+ pubsub:
+ - rainier.debian.org
+ - rapoport.debian.org
puppetmaster:
- handel.debian.org
+ release:
+ - franck.debian.org
+ rtmaster:
+ - reger.debian.org
+ security_master:
+ - chopin.debian.org
+ security_tracker:
+ - soler.debian.org
+ sso:
+ - diabelli.debian.org
+ syncproxy:
+ - milanollo.debian.org
+ udd:
+ - ullmann.debian.org
+ vote:
+ - vento.debian.org
+ weblog_destination:
+ - ravel.debian.org
+ wiki:
+ - wilder.debian.org
+ www_master:
+ - wolkenstein.debian.org
ensure => absent,
}
+ if $::fqdn in $site::roles['buildd_master'] {
+ $memlimit = 192 * 1024**2
+ } elsif $::fqdn in $site::roles['nagiosmaster']{
+ $memlimit = 96 * 1024**2
+ } elsif $::fqdn in $site::roles['packagesqamaster']{
+ $memlimit = 192 * 1024**2
+ } else {
+ $memlimit = 32 * 1024**2
+ }
+
apache2::config { 'resource-limits':
content => template('apache2/resource-limits.erb'),
}
##
RLimitCPU 180
-<%=
-if scope.lookupvar('site::nodeinfo')['buildd_master'] then
- # buildd.debian.org
- "RLimitMEM "+(192 * 1024**2).to_s
-else
- case fqdn
- when "berlioz.debian.org" then
- ""
- when "tchaikovsky.debian.org" then
- "RLimitMEM "+(96 * 1024**2).to_s
- when "quantz.debian.org" then
- "RLimitMEM "+(192 * 1024**2).to_s
- else
- "RLimitMEM "+(32 * 1024**2).to_s
- end
-end
-%>
+RLimitMEM <%= @memlimit %>
RLimitNPROC 128
dummy: foo
#zandonai.debian.org: "Debian s390 buildd system kindly provided by Zentrum fuer Informationsverarbeitung und Informationstechnik [zivit]"
#zelenka.debian.org: "Debian s390 porter system kindly provided by Zentrum fuer Informationsverarbeitung und Informationstechnik [zivit]"
-services:
- bugsmaster:
- bugsmx:
- - buxtehude.debian.org
- bugs_mirror:
- - beach.debian.org
- dbmaster:
- - draghi.debian.org
- ftp_master:
- - franck.debian.org
- ftp.d.o:
- - klecker.debian.org
- ftp.upload.d.o:
- - franck.debian.org
- - ravel.debian.org
- mailrelay:
- - mailly.debian.org
- - muffat.debian.org
- muninmaster:
- - menotti.debian.org
- nagiosmaster: tchaikovsky.debian.org
- extranrpeclient:
- - orff.debian.org
- packagesmaster: picconi.debian.org
- packagesqamaster: quantz.debian.org
- rtmaster:
- - reger.debian.org
- security_master:
- - chopin.debian.org
- syncproxy:
- - milanollo.debian.org
- www_master:
- - wolkenstein.debian.org
- keyring:
- - kaufmann.debian.org
- wiki:
- - wilder.debian.org
- pubsub:
- - rainier.debian.org
- - rapoport.debian.org
host_settings:
heavy_exim:
- buxtehude.debian.org
ensure => installed,
}
- if getfromhash($site::nodeinfo, 'mailrelay') {
+ if has_role('mailrelay') {
file { '/etc/cron.d/dsa-email-virtualdomains':
source => 'puppet:///modules/exim/dsa-email-virtualdomains.cron',
}
# flushing' operations, but should be populated with a list
# of trusted machines. Wildcards are not permitted
# bsmtp_domains - Domains that we deliver locally via bsmtp
-<%- if scope.lookupvar('site::nodeinfo')['mailrelay'] -%>
+<%- if scope.function_has_role('mailrelay') -%>
# mailhubdomains - Domains for which we are the MX, but the mail is relayed
# elsewhere. This is designed for use with small volume or
# restricted machines that need to use a smarthost for mail
hostlist reservedaddrs = 0.0.0.0/8 : 127.0.0.0/8 : 10.0.0.0/8 : 169.254.0.0/16 : 172.16.0.0/12 : 192.0.0.0/24 : 192.168.0.0/16 : 224.0.0.0/4 : 240.0.0.0/5 : 248.0.0.0/5
-<%- if scope.lookupvar('site::nodeinfo')['mailrelay'] -%>
+<%- if scope.function_has_role('mailrelay') -%>
# Domains we relay for; that is domains that aren't considered local but we
# accept mail for them.
domainlist mailhubdomains = lsearch;/etc/exim4/manualroute
out = "daemon_smtp_ports = "
ports << 25
-if scope.lookupvar('site::nodeinfo')['bugsmaster'] or scope.lookupvar('site::nodeinfo')['bugsmx']
+if scope.function_has_role('bugsmaster') or scope.function_has_role('bugsmx')
ports << 587
end
ports << scope.lookupvar('site::nodeinfo')['mail_port']
end
-if scope.lookupvar('site::nodeinfo')['mailrelay']
+if scope.function_has_role('mailrelay')
ports << scope.lookupvar('site::nodeinfo')['smarthost_port']
end
hosts = !+debianhosts
set acl_m_rprf = localonly
-<%- if scope.lookupvar('site::nodeinfo')['mailrelay'] -%>
+<%- if scope.function_has_role('mailrelay') -%>
warn local_parts = +local_only_users
domains = +mailhubdomains
hosts = !+debianhosts
<%- end -%>
accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}}
-<%- if scope.lookupvar('site::nodeinfo')['rtmaster'] -%>
+<%- if scope.function_has_role('rtmaster') -%>
warn domains = rt.debian.org
set acl_m_rprf = RTMail
accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}}
<%- end -%>
-<%- if scope.lookupvar('site::nodeinfo')['bugsmaster'] or scope.lookupvar('site::nodeinfo')['bugsmx'] -%>
+<%- if scope.function_has_role('bugsmaster') or scope.function_has_role('bugsmx') -%>
warn domains = bugs.debian.org
set acl_m_rprf = BugsMail
accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}}
<%- end -%>
-<%- if scope.lookupvar('site::nodeinfo')['packagesmaster'] -%>
+<%- if scope.function_has_role('packagesmaster') -%>
warn domains = packages.debian.org
set acl_m_rprf = PackagesMail
accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}}
<%- end -%>
-<%- if scope.lookupvar('site::nodeinfo')['packagesqamaster'] -%>
+<%- if scope.function_has_role('packagesqamaster') -%>
warn recipients = owner@packages.qa.debian.org : postmaster@packages.qa.debian.org
set acl_m_rprf = PTSOwner
warn set acl_c_scr = 0
-<%- if scope.lookupvar('site::nodeinfo')['mailrelay'] -%>
+<%- if scope.function_has_role('mailrelay') -%>
accept verify = certificate
<%- end -%>
# We do this by testing for an empty sending host field.
accept hosts = +debianhosts
-<%- if scope.lookupvar('site::nodeinfo')['mailrelay'] -%>
+<%- if scope.function_has_role('mailrelay') -%>
accept verify = certificate
<%- end -%>
endpass
verify = recipient
-<%- if scope.lookupvar('site::nodeinfo')['mailrelay'] -%>
+<%- if scope.function_has_role('mailrelay') -%>
accept domains = +mailhubdomains
endpass
verify = recipient/callout=30s,defer_ok,use_sender,no_cache
#!!# ACL that is used after the RCPT command
check_recipient:
-<%- if scope.lookupvar('site::nodeinfo')['mailrelay'] -%>
+<%- if scope.function_has_role('mailrelay') -%>
accept verify = certificate
<%- end -%>
warn condition = ${if eq{$acl_m_prf}{localonly}}
set acl_m_lrc = ${if eq{$acl_m_lrc}{}{$local_part@$domain}{$acl_m_lrc, $local_part@$domain}}
-<%- if scope.lookupvar('site::nodeinfo')['packagesmaster'] -%>
+<%- if scope.function_has_role('packagesmaster') -%>
warn condition = ${if eq {$acl_m_prf}{PackagesMail}}
condition = ${if eq {$sender_address}{$local_part@$domain}}
message = X-Packages-FromTo-Same: yes
condition = ${if eq{$acl_m_act}{450}{yes}{no}}
<%- end -%>
-<%- if scope.lookupvar('site::nodeinfo')['rtmaster'] -%>
+<%- if scope.function_has_role('rtmaster') -%>
warn condition = ${if eq{$acl_m_prf}{RTMail}}
set acl_m12 = ${if def:acl_m12 {$acl_m12} {${if or{{match{$local_part}{\N[^+]+\+\d+\N}}{match{$local_part}{\N[^+]+\+new\N}}{match{$local_part}{3520}}{match{$local_part}{3645}}} {RTMailRecipientHasSubaddress}}}}
# temporary hack because weasel screwed up and gave people an rt-3520@ address, which doesn't really work normally. and rt-3645
message = "Sender verification failed: $acl_verify_message"
<%- end -%>
-<%- if scope.lookupvar('site::nodeinfo')['mailrelay'] -%>
+<%- if scope.function_has_role('mailrelay') -%>
accept domains = +mailhubdomains
endpass
verify = recipient/callout=30s,defer_ok,use_sender,no_cache
# header. Take their crack pipe away.
drop condition = ${if match{${lc:$h_From:}}{\Npostmaster@([^.]+\.)?debian\.org\N}}
-<%- if scope.lookupvar('site::nodeinfo')['rtmaster'] -%>
+<%- if scope.function_has_role('rtmaster') -%>
deny condition = ${if eq {$acl_m_prf}{RTMail}}
condition = ${if and{{!match {${lc:$rh_Subject:}} {debian rt}} \
{!match {${lc:$rh_Subject:]}} {\N\[rt.debian.org \N}} \
message = messages to the Request Tracker system require a subject tag or a subaddress
<%- end -%>
-<%- if scope.lookupvar('site::nodeinfo')['packagesqamaster'] -%>
+<%- if scope.function_has_role('packagesqamaster') -%>
deny !hosts = +debianhosts : 5.153.231.21
condition = ${if eq {$acl_m_prf}{PTSMail}}
condition = ${if def:h_X-PTS-Approved:{false}{true}}
!verify = header_sender
message = No valid sender found in the From:, Sender: and Reply-to: headers
-<%- if scope.lookupvar('site::nodeinfo')['packagesmaster'] -%>
+<%- if scope.function_has_role('packagesmaster') -%>
deny message = Congratulations, you scored $spam_score points.
log_message = spam: $spam_score points.
condition = ${if eq {$acl_m_prf}{PackagesMail}}
# An address is passed to each in turn until it is accepted. #
######################################################################
-<%- if scope.lookupvar('site::nodeinfo')['mailrelay'] -%>
+<%- if scope.function_has_role('mailrelay') -%>
relay_manualroute:
driver = manualroute
domains = +mailhubdomains
# Everything before here should apply only to the local domains with a
# domains= rule
-<%- if scope.lookupvar('site::nodeinfo')['packagesmaster'] -%>
+<%- if scope.function_has_role('packagesmaster') -%>
# This router delivers for packages.d.o
packages:
debug_print = "R: packages for $local_part@$domain"
no_more
<%- end -%>
-<%- if scope.lookupvar('site::nodeinfo')['rtmaster'] -%>
+<%- if scope.function_has_role('rtmaster') -%>
# This router delivers for rt.d.o
rt_force_new_verbose:
debug_print = "R: rt for $local_part+new@$domain"
<%=
out = ""
-if scope.lookupvar('site::nodeinfo')['bugsmaster'] or scope.lookupvar('site::nodeinfo')['bugsmx']
+if scope.function_has_role('bugsmaster') or scope.function_has_role('bugsmx')
domain = 'bugs.debian.org'
- if scope.lookupvar('site::nodeinfo')['bugsmaster']
+ if scope.function_has_role('bugsmaster')
domain = 'bugs-master.debian.org'
end
out = '
{$value}fail}\
}}
-<%- if scope.lookupvar('site::nodeinfo')['bugsmaster'] or scope.lookupvar('site::nodeinfo')['bugsmx'] -%>
+<%- if scope.function_has_role('bugsmaster') or scope.function_has_role('bugsmx') -%>
bugs_pipe:
driver = pipe
command = /org/bugs.debian.org/mail/run-procmail
user = debbugs
<%- end -%>
-<%- if scope.lookupvar('site::nodeinfo')['rtmaster'] -%>
+<%- if scope.function_has_role('rtmaster') -%>
rt_pipe:
debug_print = "T: rt_pipe for $local_part${local_part_suffix}@$domain"
driver = pipe
routes = []
extraroutes = []
-if scope.lookupvar('site::nodeinfo')['mailrelay']
+if scope.function_has_role('mailrelay')
mxmatches << 'mailout.debian.org'
mxmatches << 'INCOMING-MX'
extraroutes = [ "keyring.debian.org:\t\tkaufmann.debian.org" ]
<%=
nodeinfo = scope.lookupvar('site::nodeinfo')
-
+has_role = scope.function_has_role
out = []
restricted_purposes = ['kvm host', 'central syslog server', 'puppet master', 'jumphost']
ssh6allowed << "2001:41c8:1000:21::21:5" # adayevskaya
end
- if nodeinfo['static_master'] then
+ if has_role('static_master') then
ssh4allowed << '$HOST_STATIC_V4'
ssh6allowed << '$HOST_STATIC_V6'
- elsif nodeinfo['static_source'] or nodeinfo['static_mirror'] then
+ elsif has_role('static_source') or has_role('static_mirror') then
ssh4allowed << '$HOST_STATICMASTER_V4'
ssh6allowed << '$HOST_STATICMASTER_V6'
end
--- /dev/null
+module Puppet::Parser::Functions
+ newfunction(:has_role, :type => :rvalue) do |args|
+ begin
+ role = args.shift
+ roles = lookupvar('site::roles')
+ fqdn = lookupvar('fqdn')
+ return fqdn in roles[role]
+ end
+ end
+end
--- /dev/null
+class roles::buildd_master {
+ ssl::service { 'buildd.debian.org':
+ notify => Service['apache2'],
+ }
+}
--- /dev/null
+class roles::contributors {
+ ssl::service { 'contributors.debian.org':
+ notify => Service['apache2'],
+ }
+}
--- /dev/null
+class roles::dbmaster {
+ ssl::service { 'db.debian.org':
+ notify => Service['apache2'],
+ }
+}
class roles {
- $roles = hiera('roles')
-
- if $::fqdn in $roles['puppetmaster'] {
+ if has_role('puppetmaster') {
include puppetmaster
}
- if getfromhash($site::nodeinfo, 'muninmaster') {
+ if has_role('muninmaster') {
include munin::master
}
}
}
- if getfromhash($site::nodeinfo, 'buildd') {
+ if has_role('buildd') {
include buildd
}
- if getfromhash($site::nodeinfo, 'porterbox') {
+ if has_role('porterbox') {
include porterbox
}
- if getfromhash($site::nodeinfo, 'bugs_mirror') {
+ if has_role('bugs_mirror') {
include roles::bugs_mirror
}
- if getfromhash($site::nodeinfo, 'ftp_master') {
+ if has_role('ftp_master') {
include roles::ftp_master
include roles::dakmaster
}
- if getfromhash($site::nodeinfo, 'apache2_security_mirror') {
+ if has_role('apache2_security_mirror') {
include roles::security_mirror
}
- if getfromhash($site::nodeinfo, 'apache2_www_mirror') {
+ if has_role('apache2_www_mirror') {
include roles::www_mirror
}
- if getfromhash($site::nodeinfo, 'ftp.d.o') {
+ if has_role('ftp.d.o') {
include roles::ftp
}
- if getfromhash($site::nodeinfo, 'ftp.upload.d.o') {
+ if has_role('ftp.upload.d.o') {
include roles::ftp_upload
}
- if getfromhash($site::nodeinfo, 'security_master') {
+ if has_role('security_master') {
include roles::security_master
include roles::dakmaster
}
- if getfromhash($site::nodeinfo, 'www_master') {
+ if has_role('www_master') {
include roles::www_master
}
- if getfromhash($site::nodeinfo, 'keyring') {
+ if has_role('keyring') {
include roles::keyring
}
- if getfromhash($site::nodeinfo, 'wiki') {
+ if has_role('wiki') {
include roles::wiki
}
- if getfromhash($site::nodeinfo, 'syncproxy') {
+ if has_role('syncproxy') {
include roles::syncproxy
}
- if getfromhash($site::nodeinfo, 'static_master') {
+ if has_role('static_master') {
include roles::static_master
}
- if getfromhash($site::nodeinfo, 'static_mirror') {
+ if has_role('static_mirror') {
include roles::static_mirror
- } elsif getfromhash($site::nodeinfo, 'static_source') {
+ } elsif has_role('static_source') {
include roles::static_source
}
- if getfromhash($site::nodeinfo, 'weblog_provider') {
+ if has_role('weblog_provider') {
include roles::weblog_provider
}
- if getfromhash($site::nodeinfo, 'mailrelay') {
+ if has_role('mailrelay') {
include roles::mailrelay
}
- if getfromhash($site::nodeinfo, 'pubsub') {
+ if has_role('pubsub') {
include roles::pubsub
}
- if getfromhash($site::nodeinfo, 'dbmaster') {
- ssl::service { 'db.debian.org':
- notify => Service['apache2'],
- }
+ if has_role('dbmaster') {
+ include roles::dbmaster
}
- if getfromhash($site::nodeinfo, 'dns_primary') {
+ if has_role('dns_primary') {
include named::primary
}
- if getfromhash($site::nodeinfo, 'dns_secondary') {
+ if has_role('dns_secondary') {
include named::authoritative
}
- if $::hostname in [ravel] {
+ if has_role('weblog_destination') {
include roles::weblog_destination
}
- if $::hostname in [vento] {
- ssl::service { 'vote.debian.org':
- notify => Service['apache2'],
- }
+ if has_role('vote') {
+ include roles::vote
}
- if $::hostname in [soler] {
- ssl::service { 'security-tracker.debian.org':
- notify => Service['apache2'],
- }
+ if has_role('security_tracker') {
+ include roles::security_tracker
}
- if $::hostname in [bendel] {
- ssl::service { 'lists.debian.org':
- notify => Service['apache2'],
- }
+ if has_role('lists') {
+ include roles::lists
}
- if $::hostname in [reger] {
- ssl::service { 'rt.debian.org':
- notify => Service['apache2'],
- }
+ if has_role('rtmaster') {
+ include roles::rtmaster
}
- if $::hostname in [diabelli] {
- ssl::service { 'sso.debian.org':
- notify => Service['apache2'],
- }
+ if has_role('udd') {
+ include roles::udd
}
- if $::hostname in [ullmann] {
- ssl::service { 'udd.debian.org':
- notify => Service['apache2'],
- }
+ if has_role('buildd_master') {
+ include roles::buildd_master
}
-
- if $::hostname in [wuiet] {
- ssl::service { 'buildd.debian.org':
- notify => Service['apache2'],
- }
+
+ if has_role('piuparts') {
+ include roles::piuparts
}
- if $::hostname in [pejacevic] {
- ssl::service { 'piuparts.debian.org':
- notify => Service['apache2'],
- }
+ if has_role('contributors') {
+ include roles::contributors
}
- if $::hostname in [nono] {
- ssl::service { 'nm.debian.org':
- notify => Service['apache2'],
- }
- ssl::service { 'contributors.debian.org':
- notify => Service['apache2'],
- }
+ if has_role('nm') {
+ include roles::nm
}
- if $::hostname in [franck] {
- ssl::service { 'release.debian.org':
- notify => Service['apache2'],
- }
+ if has_role('release') {
+ include roles::release
}
}
--- /dev/null
+class roles::lists {
+ ssl::service { 'lists.debian.org':
+ notify => Service['apache2'],
+ }
+}
--- /dev/null
+class roles::nm {
+ ssl::service { 'nm.debian.org':
+ notify => Service['apache2'],
+ }
+}
--- /dev/null
+class roles::piuparts {
+ ssl::service { 'piuparts.debian.org':
+ notify => Service['apache2'],
+ }
+}
--- /dev/null
+class roles::release {
+ ssl::service { 'release.debian.org':
+ notify => Service['apache2'],
+ }
+}
--- /dev/null
+class roles::rtmaster {
+ ssl::service { 'rt.debian.org':
+ notify => Service['apache2'],
+ }
+}
--- /dev/null
+class roles::security_tracker {
+ ssl::service { 'security-tracker.debian.org':
+ notify => Service['apache2'],
+ }
+}
--- /dev/null
+class roles::sso {
+ ssl::service { 'sso.debian.org':
+ notify => Service['apache2'],
+ }
+}
--- /dev/null
+class roles::udd {
+ ssl::service { 'udd.debian.org':
+ notify => Service['apache2'],
+ }
+}
--- /dev/null
+class roles::vote {
+ ssl::service { 'vote.debian.org':
+ notify => Service['apache2'],
+ }
+}
file=/etc/nagios/nrpe.d
file=/etc/nagios/obsolete-packages-ignore.d
file=/etc/bind/geodns
-<% if scope.lookupvar('site::nodeinfo')['nagiosmaster'] -%>
+<% if scope.function_has_role('nagiosmaster') -%>
file=/etc/nagios3/puppetconf.d
<% end -%>
file=/etc/puppet
file=/etc/unbound
file=/etc/dsa
file=/etc/rabbitmq
-<% if scope.lookupvar('site::nodeinfo')['static_mirror'] or scope.lookupvar('site::nodeinfo')['static_source'] or scope.lookupvar('site::nodeinfo')['static_master'] -%>
+<% if scope.function_has_role('static_mirror') or scope.function_has_role('static_source') or scope.function_has_role('static_master') -%>
file=/etc/ssh/userkeys
file=/etc/ssh/userkeys/staticsync
<% end -%>
## This file might be created or removed by the system sometimes.
##
file=/etc/resolv.conf
-<% if scope.lookupvar('site::nodeinfo')['buildd'] -%>
+<% if scope.function_has_role('buildd') -%>
file=/etc/dupload.conf
<% end -%>
file=/etc/resolv.conf.pcmcia.save
file=/etc/default/schroot
file=/etc/schroot/default/nssdatabases
-<% if scope.lookupvar('site::nodeinfo')['nagiosmaster'] -%>
+<% if scope.function_has_role('nagiosmaster') -%>
file=/etc/nagios3/puppetconf.d/auto-hostgroups.cfg
file=/etc/nagios3/puppetconf.d/auto-hosts.cfg
file=/etc/nagios3/puppetconf.d/auto-services.cfg
file=/etc/nagios3/puppetconf.d/auto-servicegroups.cfg
file=/etc/nagios3/puppetconf.d/contacts.cfg
<% end -%>
-<% if scope.lookupvar('site::nodeinfo')['muninmaster'] -%>
+<% if scope.function_has_role('muninmaster') -%>
file=/etc/munin/munin.conf
<% end -%>
-<% if scope.lookupvar('site::nodeinfo')['puppetmaster'] -%>
+<% if scope.function_has_role('puppetmaster') -%>
dir=8/etc/puppet
<% end -%>
<% if classes.include?('named::geodns') -%>
<% end -%>
-<% if scope.lookupvar('site::nodeinfo')['puppetmaster'] %>
+<% if scope.function_has_role('puppetmaster') %>
# Damn you rails apps and your shoddy packaging
file=/usr/share/puppet-dashboard/public/stylesheets
$localinfo = yamlinfo('*', '/etc/puppet/modules/debian-org/misc/local.yaml')
$nodeinfo = nodeinfo($::fqdn, '/etc/puppet/modules/debian-org/misc/local.yaml')
$allnodeinfo = allnodeinfo('sshRSAHostKey ipHostNumber', 'purpose mXRecord physicalHost purpose')
+ $roles = hiera('roles')
service { 'procps':
hasstatus => false,
projects / mirror / dsa-puppet.git / commitdiff