From: root Date: Sat, 18 Mar 2017 19:16:35 +0000 (+0000) Subject: Merge branch 'master' of file:///srv/puppet.debian.org/git/dsa-puppet X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=53c50548c5d4dd7121d364932d1c288fbc65632f;hp=51494ea16be0f51fb3fd8daccb5ba6e637135a0a;p=mirror%2Fdsa-puppet.git Merge branch 'master' of file:///srv/puppet.debian.org/git/dsa-puppet --- diff --git a/manifests/site.pp b/manifests/site.pp index 28a443c29..8e72e7d33 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -40,6 +40,9 @@ node default { include grub include multipath include popcon + include portforwarder + include postgres + if $::lsbdistcodename == squeeze { include roles::udldap::client } else { @@ -104,10 +107,6 @@ node default { include hosts } - if $::portforwarder_user_exists { - include portforwarder - } - if $::samhain { include samhain } @@ -116,10 +115,6 @@ node default { include debian_org::radvd } - if ($::postgres) { - include postgres - } - if $::spamd { munin::check { 'spamassassin': } } diff --git a/modules/hardware/manifests/raid.pp b/modules/hardware/manifests/raid.pp index 3affb8983..d682c30b2 100644 --- a/modules/hardware/manifests/raid.pp +++ b/modules/hardware/manifests/raid.pp @@ -7,8 +7,5 @@ class hardware::raid { include hardware::raid::megactl } - if $::mptraid { - include hardware::raid::raidmpt - } - + include hardware::raid::raidmpt } diff --git a/modules/hardware/manifests/raid/raidmpt.pp b/modules/hardware/manifests/raid/raidmpt.pp index c512913ec..f371c7227 100644 --- a/modules/hardware/manifests/raid/raidmpt.pp +++ b/modules/hardware/manifests/raid/raidmpt.pp @@ -7,18 +7,27 @@ # include hardware::raid::raidmpt # class hardware::raid::raidmpt { + if $::mptraid { + package { 'mpt-status': + ensure => installed + } - package { 'mpt-status': - ensure => installed - } + file { '/etc/default/mpt-statusd': + content => "# This file is under puppet control\nRUN_DAEMON=no\n", + notify => Exec['mpt-statusd-stop'], + } - file { '/etc/default/mpt-statusd': - content => "# This file is under puppet control\nRUN_DAEMON=no\n", - notify => Exec['mpt-statusd-stop'], - } + exec { 'mpt-statusd-stop': + command => 'pidfile=/var/run/mpt-statusd.pid; ! [ -e "$pidfile" ] || /sbin/start-stop-daemon --oknodo --stop --signal TERM --quiet --pidfile "$pidfile"; rm -f "$pidfile"; pkill -INT -P 1 -u 0 -f "/usr/bin/daemon /etc/init.d/mpt-statusd check_mpt"', + refreshonly => true, + } + } else { + package { 'mpt-status': + ensure => purged, + } - exec { 'mpt-statusd-stop': - command => 'pidfile=/var/run/mpt-statusd.pid; ! [ -e "$pidfile" ] || /sbin/start-stop-daemon --oknodo --stop --signal TERM --quiet --pidfile "$pidfile"; rm -f "$pidfile"; pkill -INT -P 1 -u 0 -f "/usr/bin/daemon /etc/init.d/mpt-statusd check_mpt"', - refreshonly => true, + file { '/etc/default/mpt-statusd': + ensure => absent, + } } } diff --git a/modules/portforwarder/manifests/init.pp b/modules/portforwarder/manifests/init.pp index e7009b22e..e5a59828f 100644 --- a/modules/portforwarder/manifests/init.pp +++ b/modules/portforwarder/manifests/init.pp @@ -2,28 +2,37 @@ class portforwarder { # do not depend on xinetd, yet. it might uninstall other inetds # for now this will have to be done manually - if ! $::portforwarder_key { - exec { 'create-portforwarder-key': - command => '/bin/su - portforwarder -c \'mkdir -p -m 02700 .ssh && ssh-keygen -C "`whoami`@`hostname` (`date +%Y-%m-%d`)" -P "" -f .ssh/id_rsa -q\'', - onlyif => '/usr/bin/getent passwd portforwarder > /dev/null && ! [ -e /home/portforwarder/.ssh/id_rsa ]' + if $::portforwarder_user_exists { + if ! $::portforwarder_key { + exec { 'create-portforwarder-key': + command => '/bin/su - portforwarder -c \'mkdir -p -m 02700 .ssh && ssh-keygen -C "`whoami`@`hostname` (`date +%Y-%m-%d`)" -P "" -f .ssh/id_rsa -q\'', + onlyif => '/usr/bin/getent passwd portforwarder > /dev/null && ! [ -e /home/portforwarder/.ssh/id_rsa ]' + } } - } - file { '/etc/ssh/userkeys/portforwarder': - content => template('portforwarder/authorized_keys.erb'), - } - file { '/etc/xinetd.d': - ensure => directory, - owner => root, - group => root, - mode => '0755', - } - file { '/etc/xinetd.d/dsa-portforwader': - content => template('portforwarder/xinetd.erb'), - notify => Exec['service xinetd reload'] - } + file { '/etc/ssh/userkeys/portforwarder': + content => template('portforwarder/authorized_keys.erb'), + } + file { '/etc/xinetd.d': + ensure => directory, + owner => root, + group => root, + mode => '0755', + } + file { '/etc/xinetd.d/dsa-portforwader': + content => template('portforwarder/xinetd.erb'), + notify => Exec['service xinetd reload'] + } - exec { 'service xinetd reload': - refreshonly => true, + exec { 'service xinetd reload': + refreshonly => true, + } + } else { + file { [ + '/etc/ssh/userkeys/portforwarder', + '/etc/xinetd.d/dsa-portforwader', + ]: + ensure => 'absent', + } } } diff --git a/modules/postgres/manifests/init.pp b/modules/postgres/manifests/init.pp index 4edc5c8a6..af2f206d5 100644 --- a/modules/postgres/manifests/init.pp +++ b/modules/postgres/manifests/init.pp @@ -1,17 +1,30 @@ class postgres { - munin::check { 'postgres_bgwriter': } - munin::check { 'postgres_connections_db': } + $ensure = ($::postgres) ? { + true => 'ensure', + default => 'absent' + } + + munin::check { 'postgres_bgwriter': + ensure => $ensure, + } + munin::check { 'postgres_connections_db': + ensure => $ensure, + } munin::check { 'postgres_cache_ALL': + ensure => $ensure, script => 'postgres_cache_' } munin::check { 'postgres_querylength_ALL': + ensure => $ensure, script => 'postgres_querylength_' } munin::check { 'postgres_size_ALL': + ensure => $ensure, script => 'postgres_size_' } file { '/etc/munin/plugin-conf.d/local-postgres': + ensure => $ensure, source => 'puppet:///modules/postgres/plugin.conf', } } diff --git a/modules/roles/templates/apache-www.debian.org.erb b/modules/roles/templates/apache-www.debian.org.erb index f505aaee1..11e0ae4e9 100644 --- a/modules/roles/templates/apache-www.debian.org.erb +++ b/modules/roles/templates/apache-www.debian.org.erb @@ -320,3 +320,4 @@ Use common-debian-service-ssl debian.org Use common-ssl-HSTS +# vim:set syn=apache: