From d0c098685b92334a611a0c596a35f538b95ead47 Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Fri, 13 Sep 2019 12:55:23 +0200 Subject: [PATCH] Try to avoid reserved site keyword --- manifests/site.pp | 6 +- modules/bacula/templates/bacula-fd.conf.erb | 6 +- modules/bacula/templates/bacula-sd.conf.erb | 4 +- modules/base/manifests/init.pp | 4 +- .../manifests/mail_incoming_port.pp | 4 +- .../templates/debian_facts.yaml.erb | 2 +- .../{site => deprecated}/manifests/init.pp | 2 +- modules/entropykey/manifests/init.pp | 4 +- modules/exim/templates/eximconf.erb | 34 +++++----- modules/exim/templates/manualroute.erb | 10 +-- modules/ferm/manifests/init.pp | 4 +- modules/ferm/manifests/per_host.pp | 62 +++++++++---------- .../conf.d-munin-interfaces.conf.erb | 4 +- modules/ferm/templates/defs.conf.erb | 4 +- modules/ferm/templates/me.conf.erb | 2 +- modules/ganeti2/manifests/params.pp | 18 +++--- modules/motd/templates/motd.erb | 34 +++++----- modules/munin/templates/munin-node.conf.erb | 4 +- modules/nagios/templates/inc-debian.org.erb | 6 +- modules/named/manifests/primary.pp | 2 +- .../named/templates/named.conf.options.erb | 4 +- .../named.conf.puppet-shared-keys.erb | 2 +- modules/ntp/manifests/init.pp | 2 +- modules/ntp/templates/ntp.conf | 4 +- .../templates/authorized_keys.erb | 2 +- modules/postfix/templates/main.cf-header.erb | 4 +- modules/postgres/manifests/backup_cluster.pp | 2 +- .../register_backup_clienthost.pp | 2 +- .../profile/manifests/ipsec/fasolo_storace.pp | 2 +- .../parser/functions/entropy_provider.rb | 4 +- .../lib/puppet/parser/functions/has_role.rb | 2 +- modules/roles/manifests/keyring.pp | 2 +- modules/roles/manifests/pubsub/entities.pp | 2 +- .../roles/templates/conf-debianhostlist.erb | 6 +- .../templates/dakmaster/conf-builddlist.erb | 10 +-- .../planet-master.debian.org.erb | 6 +- modules/roles/templates/sso_rp/ca.crl.erb | 2 +- .../static-mirroring/static-clients.conf.erb | 4 +- modules/samhain/templates/samhainrc.erb | 2 +- modules/ssh/templates/authorized_keys.erb | 4 +- modules/ssh/templates/sshd_config.erb | 2 +- .../templates/timesyncd.conf.erb | 2 +- modules/time/manifests/init.pp | 2 +- modules/unbound/manifests/init.pp | 2 +- 44 files changed, 146 insertions(+), 146 deletions(-) rename modules/{site => deprecated}/manifests/init.pp (91%) diff --git a/manifests/site.pp b/manifests/site.pp index 3e4e39d67..6ff112d29 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -20,7 +20,7 @@ Service { node default { # we really should rename this one - include site + include deprecated include base # this is magic: it will include whatever classes says we should @@ -32,7 +32,7 @@ node default { ensure => absent } - if getfromhash($site::nodeinfo, 'ganeti') { + if getfromhash($deprecated::nodeinfo, 'ganeti') { include ganeti2 } @@ -42,7 +42,7 @@ node default { } if $::mta == 'exim4' { - if getfromhash($site::nodeinfo, 'heavy_exim') { + if getfromhash($deprecated::nodeinfo, 'heavy_exim') { include exim::mx } else { include exim diff --git a/modules/bacula/templates/bacula-fd.conf.erb b/modules/bacula/templates/bacula-fd.conf.erb index c5478eb2b..29521958d 100644 --- a/modules/bacula/templates/bacula-fd.conf.erb +++ b/modules/bacula/templates/bacula-fd.conf.erb @@ -26,7 +26,7 @@ FileDaemon { # bacula, on Debian 9 (stretch), does not resolve a single name # to both v4 and v6 addresses. Se we can't just say # ip = { addr = }. Boo. - <%- if scope.lookupvar('site::nodeinfo')['misc']['has_v4_ldap'] -%> + <%- if scope.lookupvar('deprecated::nodeinfo')['misc']['has_v4_ldap'] -%> ipv4 = { # use the hostname rather than the IP address from LDAP, # as /etc/hosts might have a better answer in case of natted hosts. @@ -34,7 +34,7 @@ FileDaemon { port = <%= @bacula_client_port %> } <%- end -%> - <%- scope.lookupvar('site::nodeinfo')['misc']['v6_ldap'].each do |addr| -%> + <%- scope.lookupvar('deprecated::nodeinfo')['misc']['v6_ldap'].each do |addr| -%> ipv6 = { addr = <%= addr %> port = <%= @bacula_client_port %> @@ -58,7 +58,7 @@ FileDaemon { TLS Certificate = "<%= @bacula_ssl_client_cert %>" TLS Key = "<%= @bacula_ssl_client_key %>" -<%- if scope.lookupvar('site::nodeinfo')['hoster']['name'] == "brown" -%> +<%- if scope.lookupvar('deprecated::nodeinfo')['hoster']['name'] == "brown" -%> # broken firewall Heartbeat Interval = 60 <%- end -%> diff --git a/modules/bacula/templates/bacula-sd.conf.erb b/modules/bacula/templates/bacula-sd.conf.erb index 07b839302..7e7176f24 100644 --- a/modules/bacula/templates/bacula-sd.conf.erb +++ b/modules/bacula/templates/bacula-sd.conf.erb @@ -10,7 +10,7 @@ Storage { # bacula, on Debian 9 (stretch), does not resolve a single name # to both v4 and v6 addresses. Se we can't just say # ip = { addr = }. Boo. - <%- if scope.lookupvar('site::nodeinfo')['misc']['has_v4_ldap'] -%> + <%- if scope.lookupvar('deprecated::nodeinfo')['misc']['has_v4_ldap'] -%> ipv4 = { # use the hostname rather than the IP address from LDAP, # as /etc/hosts might have a better answer in case of natted hosts. @@ -18,7 +18,7 @@ Storage { port = <%= @bacula_storage_port %> } <%- end -%> - <%- if scope.lookupvar('site::nodeinfo')['misc']['has_v6_ldap'] -%> + <%- if scope.lookupvar('deprecated::nodeinfo')['misc']['has_v6_ldap'] -%> ipv6 = { addr = <%= @bacula_storage_address %> port = <%= @bacula_storage_port %> diff --git a/modules/base/manifests/init.pp b/modules/base/manifests/init.pp index 5f3b31802..867584a58 100644 --- a/modules/base/manifests/init.pp +++ b/modules/base/manifests/init.pp @@ -1,6 +1,6 @@ class base( - Stdlib::IP::Address $public_address = filter_ipv4(getfromhash($site::nodeinfo, 'ldap', 'ipHostNumber'))[0], - Optional[Stdlib::IP::Address] $public_address6 = filter_ipv6(getfromhash($site::nodeinfo, 'ldap', 'ipHostNumber'))[0], + Stdlib::IP::Address $public_address = filter_ipv4(getfromhash($deprecated::nodeinfo, 'ldap', 'ipHostNumber'))[0], + Optional[Stdlib::IP::Address] $public_address6 = filter_ipv6(getfromhash($deprecated::nodeinfo, 'ldap', 'ipHostNumber'))[0], ) { $public_addresses = [ $public_address, $public_address6 ].filter |$addr| { $addr != undef } } diff --git a/modules/debian_org/manifests/mail_incoming_port.pp b/modules/debian_org/manifests/mail_incoming_port.pp index f74231fa3..e8db01d41 100644 --- a/modules/debian_org/manifests/mail_incoming_port.pp +++ b/modules/debian_org/manifests/mail_incoming_port.pp @@ -1,6 +1,6 @@ class debian_org::mail_incoming_port { - case getfromhash($site::nodeinfo, 'mail_port') { - Numeric: { $mail_port = sprintf("%d", getfromhash($site::nodeinfo, 'mail_port')) } + case getfromhash($deprecated::nodeinfo, 'mail_port') { + Numeric: { $mail_port = sprintf("%d", getfromhash($deprecated::nodeinfo, 'mail_port')) } /^(\d+)$/: { $mail_port = $1 } default: { $mail_port = '25' } } diff --git a/modules/debian_org/templates/debian_facts.yaml.erb b/modules/debian_org/templates/debian_facts.yaml.erb index 2dcf7961f..4cd21ec6d 100644 --- a/modules/debian_org/templates/debian_facts.yaml.erb +++ b/modules/debian_org/templates/debian_facts.yaml.erb @@ -1,2 +1,2 @@ --- -hoster: <%= scope.lookupvar('site::nodeinfo')['hoster']['name'] %> +hoster: <%= scope.lookupvar('deprecated::nodeinfo')['hoster']['name'] %> diff --git a/modules/site/manifests/init.pp b/modules/deprecated/manifests/init.pp similarity index 91% rename from modules/site/manifests/init.pp rename to modules/deprecated/manifests/init.pp index dc9b9479b..f3a8afe9c 100644 --- a/modules/site/manifests/init.pp +++ b/modules/deprecated/manifests/init.pp @@ -1,4 +1,4 @@ -class site { +class deprecated { $localinfo = yamlinfo('*') $nodeinfo = nodeinfo($::fqdn) diff --git a/modules/entropykey/manifests/init.pp b/modules/entropykey/manifests/init.pp index 6d327fc6d..e435da663 100644 --- a/modules/entropykey/manifests/init.pp +++ b/modules/entropykey/manifests/init.pp @@ -1,10 +1,10 @@ class entropykey { - if getfromhash($site::nodeinfo, 'entropy_key') { + if getfromhash($deprecated::nodeinfo, 'entropy_key') { include entropykey::provider } - $entropy_provider = entropy_provider($::fqdn, $site::nodeinfo) + $entropy_provider = entropy_provider($::fqdn, $deprecated::nodeinfo) case $entropy_provider { false: {} local: { include entropykey::local_consumer } diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb index cdd7f9bae..bea1faaab 100644 --- a/modules/exim/templates/eximconf.erb +++ b/modules/exim/templates/eximconf.erb @@ -76,7 +76,7 @@ # MAIN CONFIGURATION SETTINGS # ###################################################################### -<%- if scope.lookupvar('site::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('site::nodeinfo')['heavy_exim'] -%> +<%- if scope.lookupvar('deprecated::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('deprecated::nodeinfo')['heavy_exim'] -%> perl_startup = do '/etc/exim4/exim_surbl.pl' <%- end -%> @@ -87,7 +87,7 @@ acl_smtp_helo = check_helo acl_smtp_rcpt = ${if ={$interface_port}{587} {check_submission}{check_recipient}} acl_smtp_data = check_message -<%- if scope.lookupvar('site::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('site::nodeinfo')['heavy_exim'] -%> +<%- if scope.lookupvar('deprecated::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('deprecated::nodeinfo')['heavy_exim'] -%> acl_smtp_mime = acl_check_mime <%- end -%> acl_smtp_predata = acl_check_predata @@ -174,7 +174,7 @@ timeout_frozen_after=14d message_size_limit = 100M message_logs = false smtp_accept_max_per_host = ${if match_ip {$sender_host_address}{+debianhosts}{0}{7}} -<%- if scope.lookupvar('site::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('site::nodeinfo')['heavy_exim'] -%> +<%- if scope.lookupvar('deprecated::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('deprecated::nodeinfo')['heavy_exim'] -%> smtp_accept_max = 300 smtp_accept_queue = 200 smtp_accept_queue_per_connection = 50 @@ -193,7 +193,7 @@ check_spool_space = 20M delay_warning = -<%- if scope.lookupvar('site::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('site::nodeinfo')['heavy_exim'] -%> +<%- if scope.lookupvar('deprecated::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('deprecated::nodeinfo')['heavy_exim'] -%> message_body_visible = 5000 queue_run_max = 50 deliver_queue_load_max = 50 @@ -224,12 +224,12 @@ if @is_bugsmx ports << 587 end -if not scope.lookupvar('site::nodeinfo')['mail_port'].to_s.empty? - ports << scope.lookupvar('site::nodeinfo')['mail_port'] +if not scope.lookupvar('deprecated::nodeinfo')['mail_port'].to_s.empty? + ports << scope.lookupvar('deprecated::nodeinfo')['mail_port'] end if @is_mailrelay - ports << scope.lookupvar('site::nodeinfo')['smarthost_port'] + ports << scope.lookupvar('deprecated::nodeinfo')['smarthost_port'] end out += ports.uniq.sort.join(" : ") @@ -409,7 +409,7 @@ check_helo: accept verify = certificate <%- end -%> -<%- if scope.lookupvar('site::nodeinfo')['smarthost'].empty? -%> +<%- if scope.lookupvar('deprecated::nodeinfo')['smarthost'].empty? -%> # These are in HELO acl so that they are only run once. They increment a counter, # so we don't want it to increment per rcpt to. @@ -817,7 +817,7 @@ check_recipient: accept local_parts = +postmasterish domains = +virtual_domains : +bsmtp_domains -<%- if scope.lookupvar('site::nodeinfo')['smarthost'].empty? -%> +<%- if scope.lookupvar('deprecated::nodeinfo')['smarthost'].empty? -%> deny message = host $sender_host_address is listed in $dnslist_domain; see $dnslist_text dnslists = ${if match_domain{$domain}{+virtual_domains}\ {${if exists {${extract{directory}{VDOMAINDATA}{${value}/rbllist}}}\ @@ -837,7 +837,7 @@ check_recipient: domains = +handled_domains !hosts = +debianhosts : WHITELIST -<%- if scope.lookupvar('site::nodeinfo')['smarthost'].empty? -%> +<%- if scope.lookupvar('deprecated::nodeinfo')['smarthost'].empty? -%> deny domains = +handled_domains local_parts = ${if match_domain{$domain}{+virtual_domains}\ {${if exists {${extract{directory}{VDOMAINDATA}{${value}/callout_users}}}\ @@ -865,7 +865,7 @@ check_recipient: deny message = relay not permitted -<%- if scope.lookupvar('site::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('site::nodeinfo')['heavy_exim'] -%> +<%- if scope.lookupvar('deprecated::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('deprecated::nodeinfo')['heavy_exim'] -%> acl_check_mime: accept verify = certificate @@ -980,7 +980,7 @@ check_message: message = X-malware detected: $malware_name <%- end -%> -<%- if scope.lookupvar('site::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('site::nodeinfo')['heavy_exim'] -%> +<%- if scope.lookupvar('deprecated::nodeinfo').has_key?('heavy_exim') and scope.lookupvar('deprecated::nodeinfo')['heavy_exim'] -%> discard condition = ${if <{$message_size}{256000}} condition = ${if eq {$acl_m_prf}{blackhole}} set acl_m_srb = ${perl{surblspamcheck}} @@ -1085,14 +1085,14 @@ ipliteral: <%= out = "" -if not scope.lookupvar('site::nodeinfo')['smarthost'].empty? +if not scope.lookupvar('deprecated::nodeinfo')['smarthost'].empty? out = " smarthost: debug_print = \"R: smarthost for $local_part@$domain\" driver = manualroute domains = !+handled_domains transport = remote_smtp_smarthost - route_list = * #{scope.lookupvar('site::nodeinfo')['smarthost']} + route_list = * #{scope.lookupvar('deprecated::nodeinfo')['smarthost']} host_find_failed = defer same_domain_copy_routing = yes no_more @@ -1579,16 +1579,16 @@ remote_smtp: <%= out = "" -if not scope.lookupvar('site::nodeinfo')['smarthost'].empty? +if not scope.lookupvar('deprecated::nodeinfo')['smarthost'].empty? out = ' remote_smtp_smarthost: debug_print = "T: remote_smtp_smarthost for $local_part@$domain" driver = smtp delay_after_cutoff = false port = ' - out += scope.lookupvar('site::nodeinfo')['smarthost_port'].to_s + "\n" + out += scope.lookupvar('deprecated::nodeinfo')['smarthost_port'].to_s + "\n" out += ' tls_tempfail_tryclear = false - hosts_require_tls = ' + scope.lookupvar('site::nodeinfo')['smarthost'] + ' + hosts_require_tls = ' + scope.lookupvar('deprecated::nodeinfo')['smarthost'] + ' tls_certificate = /etc/exim4/ssl/thishost.crt tls_privatekey = /etc/exim4/ssl/thishost.key ' diff --git a/modules/exim/templates/manualroute.erb b/modules/exim/templates/manualroute.erb index 70cefe91a..2965913f3 100644 --- a/modules/exim/templates/manualroute.erb +++ b/modules/exim/templates/manualroute.erb @@ -22,14 +22,14 @@ if scope.function_has_role(['mailrelay']) end mxregex = Regexp.new('^\d+\s+(.*?)\.?$') -scope.lookupvar('site::allnodeinfo').keys.sort.each do |host| - next unless scope.lookupvar('site::allnodeinfo')[host]['mXRecord'] - scope.lookupvar('site::allnodeinfo')[host]['mXRecord'].each do |mx| +scope.lookupvar('deprecated::allnodeinfo').keys.sort.each do |host| + next unless scope.lookupvar('deprecated::allnodeinfo')[host]['mXRecord'] + scope.lookupvar('deprecated::allnodeinfo')[host]['mXRecord'].each do |mx| mxmatch = mxregex.match(mx) if mxmatches.include?(mxmatch[1]) route = host + ":\t\t" + host - if scope.lookupvar('site::localinfo').has_key?(host) and scope.lookupvar('site::localinfo')[host].has_key?('mail_port') and scope.lookupvar('site::localinfo')[host]['mail_port'].to_s != '' - route += "::" + scope.lookupvar('site::localinfo')[host]['mail_port'].to_s + if scope.lookupvar('deprecated::localinfo').has_key?(host) and scope.lookupvar('site::localinfo')[host].has_key?('mail_port') and scope.lookupvar('site::localinfo')[host]['mail_port'].to_s != '' + route += "::" + scope.lookupvar('deprecated::localinfo')[host]['mail_port'].to_s end routes << route end diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp index 781a4a16b..daab55fd3 100644 --- a/modules/ferm/manifests/init.pp +++ b/modules/ferm/manifests/init.pp @@ -31,12 +31,12 @@ class ferm { } - $munin_ips = getfromhash($site::nodeinfo, 'misc', 'v4addrs') + $munin_ips = getfromhash($deprecated::nodeinfo, 'misc', 'v4addrs') .map |$addr| { "ip_${addr}" } munin::check { $munin_ips: script => 'ip_', } - $munin6_ips = getfromhash($site::nodeinfo, 'misc', 'v6addrs') + $munin6_ips = getfromhash($deprecated::nodeinfo, 'misc', 'v6addrs') .map |$addr| { "ip_${addr}" } munin::ipv6check { $munin6_ips: } diff --git a/modules/ferm/manifests/per_host.pp b/modules/ferm/manifests/per_host.pp index 79dce405c..fb38cb3fd 100644 --- a/modules/ferm/manifests/per_host.pp +++ b/modules/ferm/manifests/per_host.pp @@ -3,7 +3,7 @@ class ferm::per_host { include ferm::zivit } - if (getfromhash($site::nodeinfo, 'hoster', 'name') == "aql") { + if (getfromhash($deprecated::nodeinfo, 'hoster', 'name') == "aql") { include ferm::aql } @@ -97,11 +97,11 @@ class ferm::per_host { # quantz, master, coccia rule => @("EOF") &SERVICE_RANGE(tcp, 5452, ( - ${ join(getfromhash($site::allnodeinfo, 'quantz.debian.org', 'ipHostNumber'), " ") } - ${ join(getfromhash($site::allnodeinfo, 'master.debian.org', 'ipHostNumber'), " ") } - ${ join(getfromhash($site::allnodeinfo, 'coccia.debian.org', 'ipHostNumber'), " ") } - ${ join(getfromhash($site::allnodeinfo, 'respighi.debian.org', 'ipHostNumber'), " ") } - ${ join(getfromhash($site::allnodeinfo, 'wuiet.debian.org', 'ipHostNumber'), " ") } + ${ join(getfromhash($deprecated::allnodeinfo, 'quantz.debian.org', 'ipHostNumber'), " ") } + ${ join(getfromhash($deprecated::allnodeinfo, 'master.debian.org', 'ipHostNumber'), " ") } + ${ join(getfromhash($deprecated::allnodeinfo, 'coccia.debian.org', 'ipHostNumber'), " ") } + ${ join(getfromhash($deprecated::allnodeinfo, 'respighi.debian.org', 'ipHostNumber'), " ") } + ${ join(getfromhash($deprecated::allnodeinfo, 'wuiet.debian.org', 'ipHostNumber'), " ") } )) | EOF } @@ -112,7 +112,7 @@ class ferm::per_host { domain => '(ip ip6)', rule => @("EOF"/$) &SERVICE_RANGE(tcp, 5433, ( - ${ join(getfromhash($site::allnodeinfo, 'bmdb1.debian.org', 'ipHostNumber'), " ") } + ${ join(getfromhash($deprecated::allnodeinfo, 'bmdb1.debian.org', 'ipHostNumber'), " ") } \$HOST_PGBACKUPHOST )) | EOF @@ -124,14 +124,14 @@ class ferm::per_host { domain => '(ip ip6)', rule => @("EOF"/$) &SERVICE_RANGE(tcp, 5435, ( - ${ join(getfromhash($site::allnodeinfo, 'ticharich.debian.org', 'ipHostNumber'), " ") } - ${ join(getfromhash($site::allnodeinfo, 'petrova.debian.org', 'ipHostNumber'), " ") } - ${ join(getfromhash($site::allnodeinfo, 'ullmann.debian.org', 'ipHostNumber'), " ") } - ${ join(getfromhash($site::allnodeinfo, 'wuiet.debian.org', 'ipHostNumber'), " ") } - ${ join(getfromhash($site::allnodeinfo, 'quantz.debian.org', 'ipHostNumber'), " ") } - ${ join(getfromhash($site::allnodeinfo, 'respighi.debian.org', 'ipHostNumber'), " ") } - ${ join(getfromhash($site::allnodeinfo, 'rusca.debian.org', 'ipHostNumber'), " ") } - ${ join(getfromhash($site::allnodeinfo, 'tate.debian.org', 'ipHostNumber'), " ") } + ${ join(getfromhash($deprecated::allnodeinfo, 'ticharich.debian.org', 'ipHostNumber'), " ") } + ${ join(getfromhash($deprecated::allnodeinfo, 'petrova.debian.org', 'ipHostNumber'), " ") } + ${ join(getfromhash($deprecated::allnodeinfo, 'ullmann.debian.org', 'ipHostNumber'), " ") } + ${ join(getfromhash($deprecated::allnodeinfo, 'wuiet.debian.org', 'ipHostNumber'), " ") } + ${ join(getfromhash($deprecated::allnodeinfo, 'quantz.debian.org', 'ipHostNumber'), " ") } + ${ join(getfromhash($deprecated::allnodeinfo, 'respighi.debian.org', 'ipHostNumber'), " ") } + ${ join(getfromhash($deprecated::allnodeinfo, 'rusca.debian.org', 'ipHostNumber'), " ") } + ${ join(getfromhash($deprecated::allnodeinfo, 'tate.debian.org', 'ipHostNumber'), " ") } \$HOST_PGBACKUPHOST )) | EOF @@ -141,13 +141,13 @@ class ferm::per_host { domain => '(ip ip6)', rule => @("EOF"/$) &SERVICE_RANGE(tcp, 5434, ( - ${ join(getfromhash($site::allnodeinfo, 'coccia.debian.org', 'ipHostNumber'), " ") } - ${ join(getfromhash($site::allnodeinfo, 'quantz.debian.org', 'ipHostNumber'), " ") } - ${ join(getfromhash($site::allnodeinfo, 'nono.debian.org', 'ipHostNumber'), " ") } - ${ join(getfromhash($site::allnodeinfo, 'wuiet.debian.org', 'ipHostNumber'), " ") } - ${ join(getfromhash($site::allnodeinfo, 'respighi.debian.org', 'ipHostNumber'), " ") } - ${ join(getfromhash($site::allnodeinfo, 'usper.debian.org', 'ipHostNumber'), " ") } - ${ join(getfromhash($site::allnodeinfo, 'ullmann.debian.org', 'ipHostNumber'), " ") } + ${ join(getfromhash($deprecated::allnodeinfo, 'coccia.debian.org', 'ipHostNumber'), " ") } + ${ join(getfromhash($deprecated::allnodeinfo, 'quantz.debian.org', 'ipHostNumber'), " ") } + ${ join(getfromhash($deprecated::allnodeinfo, 'nono.debian.org', 'ipHostNumber'), " ") } + ${ join(getfromhash($deprecated::allnodeinfo, 'wuiet.debian.org', 'ipHostNumber'), " ") } + ${ join(getfromhash($deprecated::allnodeinfo, 'respighi.debian.org', 'ipHostNumber'), " ") } + ${ join(getfromhash($deprecated::allnodeinfo, 'usper.debian.org', 'ipHostNumber'), " ") } + ${ join(getfromhash($deprecated::allnodeinfo, 'ullmann.debian.org', 'ipHostNumber'), " ") } )) | EOF } @@ -156,9 +156,9 @@ class ferm::per_host { domain => '(ip ip6)', rule => @("EOF"/$) &SERVICE_RANGE(tcp, 5436, ( - ${ join(getfromhash($site::allnodeinfo, 'respighi.debian.org', 'ipHostNumber'), " ") } - ${ join(getfromhash($site::allnodeinfo, 'wuiet.debian.org', 'ipHostNumber'), " ") } - ${ join(getfromhash($site::allnodeinfo, 'ullmann.debian.org', 'ipHostNumber'), " ") } + ${ join(getfromhash($deprecated::allnodeinfo, 'respighi.debian.org', 'ipHostNumber'), " ") } + ${ join(getfromhash($deprecated::allnodeinfo, 'wuiet.debian.org', 'ipHostNumber'), " ") } + ${ join(getfromhash($deprecated::allnodeinfo, 'ullmann.debian.org', 'ipHostNumber'), " ") } \$HOST_PGBACKUPHOST )) | EOF @@ -168,8 +168,8 @@ class ferm::per_host { domain => '(ip ip6)', rule => @("EOF"/$) &SERVICE_RANGE(tcp, 5437, ( - ${ join(getfromhash($site::allnodeinfo, 'dinis.debian.org', 'ipHostNumber'), " ") } - ${ join(getfromhash($site::allnodeinfo, 'storace.debian.org', 'ipHostNumber'), " ") } + ${ join(getfromhash($deprecated::allnodeinfo, 'dinis.debian.org', 'ipHostNumber'), " ") } + ${ join(getfromhash($deprecated::allnodeinfo, 'storace.debian.org', 'ipHostNumber'), " ") } \$HOST_PGBACKUPHOST )) | EOF @@ -179,7 +179,7 @@ class ferm::per_host { domain => '(ip ip6)', rule => @("EOF"/$) &SERVICE_RANGE(tcp, 5439, ( - ${ join(getfromhash($site::allnodeinfo, 'delfin.debian.org', 'ipHostNumber'), " ") } + ${ join(getfromhash($deprecated::allnodeinfo, 'delfin.debian.org', 'ipHostNumber'), " ") } )) | EOF } @@ -188,7 +188,7 @@ class ferm::per_host { domain => '(ip ip6)', rule => @("EOF"/$) &SERVICE_RANGE(tcp, 5440, ( - ${ join(getfromhash($site::allnodeinfo, 'sor.debian.org', 'ipHostNumber'), " ") } + ${ join(getfromhash($deprecated::allnodeinfo, 'sor.debian.org', 'ipHostNumber'), " ") } \$HOST_PGBACKUPHOST )) | EOF @@ -233,8 +233,8 @@ class ferm::per_host { domain => '(ip ip6)', rule => @("EOF"/$) &SERVICE_RANGE(tcp, 5473, ( - ${ join(getfromhash($site::allnodeinfo, 'lw07.debian.org', 'ipHostNumber'), " ") } - ${ join(getfromhash($site::allnodeinfo, 'snapshotdb-manda-01.debian.org', 'ipHostNumber'), " ") } + ${ join(getfromhash($deprecated::allnodeinfo, 'lw07.debian.org', 'ipHostNumber'), " ") } + ${ join(getfromhash($deprecated::allnodeinfo, 'snapshotdb-manda-01.debian.org', 'ipHostNumber'), " ") } \$HOST_PGBACKUPHOST )) | EOF diff --git a/modules/ferm/templates/conf.d-munin-interfaces.conf.erb b/modules/ferm/templates/conf.d-munin-interfaces.conf.erb index 3296e54f8..7a4c02610 100644 --- a/modules/ferm/templates/conf.d-munin-interfaces.conf.erb +++ b/modules/ferm/templates/conf.d-munin-interfaces.conf.erb @@ -1,13 +1,13 @@ def $MUNIN_IPS = (<%= begin - scope.lookupvar('site::nodeinfo')['misc']['v4addrs'].join(' ') + scope.lookupvar('deprecated::nodeinfo')['misc']['v4addrs'].join(' ') rescue '' end %>); def $MUNIN_IPS = ($MUNIN_IPS <%= begin - scope.lookupvar('site::nodeinfo')['misc']['v6addrs'].join(' ') + scope.lookupvar('deprecated::nodeinfo')['misc']['v6addrs'].join(' ') rescue '' end diff --git a/modules/ferm/templates/defs.conf.erb b/modules/ferm/templates/defs.conf.erb index 83f7c26d2..e9daf7f0b 100644 --- a/modules/ferm/templates/defs.conf.erb +++ b/modules/ferm/templates/defs.conf.erb @@ -21,8 +21,8 @@ <% rolehost={} - allnodeinfo = scope.lookupvar('site::allnodeinfo') - roles = scope.lookupvar('site::roles') + allnodeinfo = scope.lookupvar('deprecated::allnodeinfo') + roles = scope.lookupvar('deprecated::roles') %w{mailrelay nagiosmaster extranrpeclient muninmaster dbmaster dns_geo postgres_backup_server syncproxy security_master ftp_master historical_master ports_master mirrormaster dns_primary}.each do |role| rolehost[role] = [] diff --git a/modules/ferm/templates/me.conf.erb b/modules/ferm/templates/me.conf.erb index d7360c573..73970da0a 100644 --- a/modules/ferm/templates/me.conf.erb +++ b/modules/ferm/templates/me.conf.erb @@ -4,7 +4,7 @@ ## <%= -nodeinfo = scope.lookupvar('site::nodeinfo') +nodeinfo = scope.lookupvar('deprecated::nodeinfo') out = [] restricted_purposes = ['kvm host', 'ganeti/kvm host', 'central syslog server', 'puppet master', 'jumphost', 'buildd', 'static-mirror', 'anycast mirror'] diff --git a/modules/ganeti2/manifests/params.pp b/modules/ganeti2/manifests/params.pp index 56cbd595a..b5df78ce8 100644 --- a/modules/ganeti2/manifests/params.pp +++ b/modules/ganeti2/manifests/params.pp @@ -16,15 +16,15 @@ class ganeti2::params { $drbd = false } 'ganeti2-osuosl.debian.org': { - $ganeti_hosts = getfromhash($site::allnodeinfo, 'pijper.debian.org', 'ipHostNumber') + - getfromhash($site::allnodeinfo, 'pieta.debian.org', 'ipHostNumber') - $ganeti_priv = getfromhash($site::allnodeinfo, 'pijper.debian.org', 'ipHostNumber') + - getfromhash($site::allnodeinfo, 'pieta.debian.org', 'ipHostNumber') + $ganeti_hosts = getfromhash($deprecated::allnodeinfo, 'pijper.debian.org', 'ipHostNumber') + + getfromhash($deprecated::allnodeinfo, 'pieta.debian.org', 'ipHostNumber') + $ganeti_priv = getfromhash($deprecated::allnodeinfo, 'pijper.debian.org', 'ipHostNumber') + + getfromhash($deprecated::allnodeinfo, 'pieta.debian.org', 'ipHostNumber') $drbd = true } 'ganeti.manda.debian.org': { - $ganeti_hosts = getfromhash($site::allnodeinfo, 'manda-node03.debian.org', 'ipHostNumber') + - getfromhash($site::allnodeinfo, 'manda-node04.debian.org', 'ipHostNumber') + $ganeti_hosts = getfromhash($deprecated::allnodeinfo, 'manda-node03.debian.org', 'ipHostNumber') + + getfromhash($deprecated::allnodeinfo, 'manda-node04.debian.org', 'ipHostNumber') $ganeti_priv = ['172.29.182.13', '172.29.182.14'] $drbd = true } @@ -54,9 +54,9 @@ class ganeti2::params { $drbd = true } 'ganeti3.ubc.debian.org': { - $ganeti_hosts = getfromhash($site::allnodeinfo, 'ubc-node-arm01.debian.org', 'ipHostNumber') + - getfromhash($site::allnodeinfo, 'ubc-node-arm02.debian.org', 'ipHostNumber') + - getfromhash($site::allnodeinfo, 'ubc-node-arm03.debian.org', 'ipHostNumber') + $ganeti_hosts = getfromhash($deprecated::allnodeinfo, 'ubc-node-arm01.debian.org', 'ipHostNumber') + + getfromhash($deprecated::allnodeinfo, 'ubc-node-arm02.debian.org', 'ipHostNumber') + + getfromhash($deprecated::allnodeinfo, 'ubc-node-arm03.debian.org', 'ipHostNumber') $ganeti_priv = ['172.29.42.51', '172.29.42.52', '172.29.42.53'] $drbd = true } diff --git a/modules/motd/templates/motd.erb b/modules/motd/templates/motd.erb index 7e6446e05..e0c0b82a3 100644 --- a/modules/motd/templates/motd.erb +++ b/modules/motd/templates/motd.erb @@ -29,22 +29,22 @@ def markup(l) return l end -if scope.lookupvar('site::nodeinfo')['ldap'].has_key?('architecture') - arch = scope.lookupvar('site::nodeinfo')['ldap']['architecture'][0] +if scope.lookupvar('deprecated::nodeinfo')['ldap'].has_key?('architecture') + arch = scope.lookupvar('deprecated::nodeinfo')['ldap']['architecture'][0] else arch = 'unknown' end purp = '' -if scope.lookupvar('site::nodeinfo').has_key?('nameinfo') - purp += " " + wrap(scope.lookupvar('site::nodeinfo')['nameinfo']) + "\n" +if scope.lookupvar('deprecated::nodeinfo').has_key?('nameinfo') + purp += " " + wrap(scope.lookupvar('deprecated::nodeinfo')['nameinfo']) + "\n" end -ninfo = scope.lookupvar('site::nodeinfo') +ninfo = scope.lookupvar('deprecated::nodeinfo') extra = 'Welcome to ' + @fqdn -if (scope.lookupvar('site::nodeinfo')['ldap'].has_key?('purpose')) - p = scope.lookupvar('site::nodeinfo')['ldap']['purpose'].clone() +if (scope.lookupvar('deprecated::nodeinfo')['ldap'].has_key?('purpose')) + p = scope.lookupvar('deprecated::nodeinfo')['ldap']['purpose'].clone() entries = "" if classes.include?("roles::buildd") @@ -59,7 +59,7 @@ if (scope.lookupvar('site::nodeinfo')['ldap'].has_key?('purpose')) if p.size() > 0 entries += (entries == "") ? ", " : ". Also " entries +="used for the following services:\n" - scope.lookupvar('site::nodeinfo')['ldap']['purpose'].sort.each do |l| + scope.lookupvar('deprecated::nodeinfo')['ldap']['purpose'].sort.each do |l| l = markup(l) entries += "\t#{l}\n" end @@ -72,7 +72,7 @@ else end purp += " " + wrap(extra) + "\n" -if (scope.lookupvar('site::nodeinfo')['ldap'].has_key?('physicalHost')) +if (scope.lookupvar('deprecated::nodeinfo')['ldap'].has_key?('physicalHost')) if ninfo['ldap']['physicalHost'][0] =~ /ganeti/ phys_host = 'cluster' else @@ -81,14 +81,14 @@ if (scope.lookupvar('site::nodeinfo')['ldap'].has_key?('physicalHost')) purp += wrap(" This virtual server runs on the #{phys_host} #{ninfo['ldap']['physicalHost'][0]}, " + "which is hosted at #{ninfo['hoster']['longname']}." ) -elsif scope.lookupvar('site::nodeinfo')['hoster']['name'] +elsif scope.lookupvar('deprecated::nodeinfo')['hoster']['name'] purp += wrap(" This server is hosted at #{ninfo['hoster']['longname']}.") end vms = [] -scope.lookupvar('site::allnodeinfo').keys.sort.each do |node| - if scope.lookupvar('site::allnodeinfo')[node]['physicalHost'] and scope.lookupvar('site::allnodeinfo')[node]['physicalHost'].include?(@fqdn) +scope.lookupvar('deprecated::allnodeinfo').keys.sort.each do |node| + if scope.lookupvar('deprecated::allnodeinfo')[node]['physicalHost'] and scope.lookupvar('site::allnodeinfo')[node]['physicalHost'].include?(@fqdn) vms << node end end @@ -96,9 +96,9 @@ unless vms.empty? purp += "\nThe following virtual machines run on this system:\n" vms.each do |node| purp += "\t- #{node}" - if scope.lookupvar('site::allnodeinfo')[node]['purpose'] + if scope.lookupvar('deprecated::allnodeinfo')[node]['purpose'] purp += ":\n" - scope.lookupvar('site::allnodeinfo')[node]['purpose'].sort.each do |l| + scope.lookupvar('deprecated::allnodeinfo')[node]['purpose'].sort.each do |l| l = markup(l) purp += "\t " + l + "\n" end @@ -122,7 +122,7 @@ if scope.lookupvar('::cluster') #end #nodes.reject{|node| node.eql?(fqdn)}.each do |node| # purp += "\t" + node + "\n" - # scope.lookupvar('site::allnodeinfo')[node]['ipHostNumber'].each do |ip| + # scope.lookupvar('deprecated::allnodeinfo')[node]['ipHostNumber'].each do |ip| # purp += "\t\t" + ip + "\n" # end #end @@ -137,8 +137,8 @@ if classes.include?('bacula::not_a_client') then purp += "\n " + wrap("Note that this host is _NOT_ being backed up. If you care about your data, run your own backups.") end -if scope.lookupvar('site::nodeinfo').has_key?('footer') - purp += "\n" + wrap(scope.lookupvar('site::nodeinfo')['footer']) +if scope.lookupvar('deprecated::nodeinfo').has_key?('footer') + purp += "\n" + wrap(scope.lookupvar('deprecated::nodeinfo')['footer']) end purp diff --git a/modules/munin/templates/munin-node.conf.erb b/modules/munin/templates/munin-node.conf.erb index 7a316a195..b740afe34 100644 --- a/modules/munin/templates/munin-node.conf.erb +++ b/modules/munin/templates/munin-node.conf.erb @@ -41,9 +41,9 @@ ignore_file \.rpm(save|new)$ allow ^127\.0\.0\.1$ <%= str = '' -roles = scope.lookupvar('site::roles') +roles = scope.lookupvar('deprecated::roles') roles['muninmaster'].each do |node| - scope.lookupvar('site::allnodeinfo')[node]['ipHostNumber'].each do |ip| + scope.lookupvar('deprecated::allnodeinfo')[node]['ipHostNumber'].each do |ip| str += "allow ^" + ip.split('.').join('\.') + "$\n" end end diff --git a/modules/nagios/templates/inc-debian.org.erb b/modules/nagios/templates/inc-debian.org.erb index 821786689..8a0babb50 100644 --- a/modules/nagios/templates/inc-debian.org.erb +++ b/modules/nagios/templates/inc-debian.org.erb @@ -5,12 +5,12 @@ <%= nagii = [] -roles = scope.lookupvar('site::roles') +roles = scope.lookupvar('deprecated::roles') roles['nagiosmaster'].each do |nag| - nagii << scope.lookupvar('site::allnodeinfo')[nag]['ipHostNumber'] + nagii << scope.lookupvar('deprecated::allnodeinfo')[nag]['ipHostNumber'] end roles['extranrpeclient'].each do |nag| - nagii << scope.lookupvar('site::allnodeinfo')[nag]['ipHostNumber'] + nagii << scope.lookupvar('deprecated::allnodeinfo')[nag]['ipHostNumber'] end out = "allowed_hosts=" + nagii.flatten.sort.uniq.join(',') diff --git a/modules/named/manifests/primary.pp b/modules/named/manifests/primary.pp index f25681415..40cd6d13e 100644 --- a/modules/named/manifests/primary.pp +++ b/modules/named/manifests/primary.pp @@ -31,7 +31,7 @@ class named::primary inherits named::authoritative { file "db._openpgpkey.debian.org"; allow-query { any; }; masters { - ${ join(getfromhash($site::allnodeinfo, 'kaufmann.debian.org', 'ipHostNumber'), ";") } ; + ${ join(getfromhash($deprecated::allnodeinfo, 'kaufmann.debian.org', 'ipHostNumber'), ";") } ; }; allow-transfer { 127.0.0.1; diff --git a/modules/named/templates/named.conf.options.erb b/modules/named/templates/named.conf.options.erb index 95370b1c9..83f1f638c 100644 --- a/modules/named/templates/named.conf.options.erb +++ b/modules/named/templates/named.conf.options.erb @@ -5,10 +5,10 @@ acl Nagios { <%= - roles = scope.lookupvar('site::roles') + roles = scope.lookupvar('deprecated::roles') str = '' roles['nagiosmaster'].each do |node| - str += scope.lookupvar('site::allnodeinfo')[node]['ipHostNumber'].collect do |ip| + str += scope.lookupvar('deprecated::allnodeinfo')[node]['ipHostNumber'].collect do |ip| if ip =~ /:/ "\t#{ip}/128;\n" else diff --git a/modules/named/templates/named.conf.puppet-shared-keys.erb b/modules/named/templates/named.conf.puppet-shared-keys.erb index 562942773..775878068 100644 --- a/modules/named/templates/named.conf.puppet-shared-keys.erb +++ b/modules/named/templates/named.conf.puppet-shared-keys.erb @@ -25,7 +25,7 @@ pairs.each do |pair| lines << "key #{keyname} { algorithm hmac-sha256; secret \"#{key}\"; };" - remote_ip = scope.lookupvar('site::allnodeinfo')[other]['ipHostNumber'] + remote_ip = scope.lookupvar('deprecated::allnodeinfo')[other]['ipHostNumber'] remote_ip.each do |r| lines << "server #{r} { keys { #{keyname}; }; };" end diff --git a/modules/ntp/manifests/init.pp b/modules/ntp/manifests/init.pp index 7575130b4..018e5fcbc 100644 --- a/modules/ntp/manifests/init.pp +++ b/modules/ntp/manifests/init.pp @@ -45,7 +45,7 @@ class ntp { ]: } - if getfromhash($site::nodeinfo, 'timeserver') { + if getfromhash($deprecated::nodeinfo, 'timeserver') { include ntp::timeserver } else { include ntp::client diff --git a/modules/ntp/templates/ntp.conf b/modules/ntp/templates/ntp.conf index efa1a6462..c5e9fc88e 100644 --- a/modules/ntp/templates/ntp.conf +++ b/modules/ntp/templates/ntp.conf @@ -15,14 +15,14 @@ filegen cryptostats file cryptostats type day enable crypto randfile /dev/urandom keysdir /etc/ntp.keys.d -<% if scope.lookupvar('site::nodeinfo')['timeserver'] -%> +<% if scope.lookupvar('deprecated::nodeinfo')['timeserver'] -%> server 0.debian.pool.ntp.org iburst dynamic server 1.debian.pool.ntp.org iburst dynamic server 2.debian.pool.ntp.org iburst dynamic server 3.debian.pool.ntp.org iburst dynamic leapfile /usr/share/zoneinfo/leap-seconds.list -<% elsif scope.lookupvar('site::nodeinfo')['misc']['natted'] -%> +<% elsif scope.lookupvar('deprecated::nodeinfo')['misc']['natted'] -%> # autokey doesn't work behind nat # manda-node03's, and bm-bl2's ipv4 IP, hard coded for the benefit of diff --git a/modules/portforwarder/templates/authorized_keys.erb b/modules/portforwarder/templates/authorized_keys.erb index 755f344b3..f7b56fcd7 100644 --- a/modules/portforwarder/templates/authorized_keys.erb +++ b/modules/portforwarder/templates/authorized_keys.erb @@ -36,7 +36,7 @@ config.each_pair do |sourcehost, services| if allowed_ports.length > 0 sshkey = getportforwarderkey(sourcehost) - remote_ip = scope.lookupvar('site::allnodeinfo')[sourcehost]['ipHostNumber'].join(',') + remote_ip = scope.lookupvar('deprecated::allnodeinfo')[sourcehost]['ipHostNumber'].join(',') local_bind = get_local_ip_addr(sourcehost) lines << "# from #{sourcehost}" diff --git a/modules/postfix/templates/main.cf-header.erb b/modules/postfix/templates/main.cf-header.erb index 4bbeba441..6f6cbe504 100644 --- a/modules/postfix/templates/main.cf-header.erb +++ b/modules/postfix/templates/main.cf-header.erb @@ -4,12 +4,12 @@ mydomain = debian.org compatibility_level = 2 smtp_dns_support_level = dnssec -<%- if scope.lookupvar('site::nodeinfo')['smarthost'].empty? -%> +<%- if scope.lookupvar('deprecated::nodeinfo')['smarthost'].empty? -%> smtp_tls_security_level = dane <%- else -%> smtp_tls_security_level = dane-only # yes, do MX lookups on the relayhost, since those have TLSA records -relayhost = <%= scope.lookupvar('site::nodeinfo')['smarthost'] %>:submission +relayhost = <%= scope.lookupvar('deprecated::nodeinfo')['smarthost'] %>:submission <%- end -%> # tls stuff diff --git a/modules/postgres/manifests/backup_cluster.pp b/modules/postgres/manifests/backup_cluster.pp index 88df3dadb..eef551bf2 100644 --- a/modules/postgres/manifests/backup_cluster.pp +++ b/modules/postgres/manifests/backup_cluster.pp @@ -3,7 +3,7 @@ define postgres::backup_cluster( $pg_version, $pg_cluster = 'main', $pg_port = 5432, - $backup_servers = getfromhash($site::roles, 'postgres_backup_server'), + $backup_servers = getfromhash($deprecated::roles, 'postgres_backup_server'), $db_backup_role = 'debian-backup', $db_backup_role_password = hkdf('/etc/puppet/secret', "postgresql-${::hostname}-${$pg_cluster}-${pg_port}-backup_role}"), $do_role = false, diff --git a/modules/postgres/manifests/backup_server/register_backup_clienthost.pp b/modules/postgres/manifests/backup_server/register_backup_clienthost.pp index 189d3719e..12391a51e 100644 --- a/modules/postgres/manifests/backup_server/register_backup_clienthost.pp +++ b/modules/postgres/manifests/backup_server/register_backup_clienthost.pp @@ -1,7 +1,7 @@ # define postgres::backup_server::register_backup_clienthost ( $sshpubkey = $::postgres_key, - $ipaddrlist = join(getfromhash($site::nodeinfo, 'ldap', 'ipHostNumber'), ","), + $ipaddrlist = join(getfromhash($deprecated::nodeinfo, 'ldap', 'ipHostNumber'), ","), $hostname = $::hostname, ) { include postgres::backup_server::globals diff --git a/modules/profile/manifests/ipsec/fasolo_storace.pp b/modules/profile/manifests/ipsec/fasolo_storace.pp index 9cc83408a..a2b7a816e 100644 --- a/modules/profile/manifests/ipsec/fasolo_storace.pp +++ b/modules/profile/manifests/ipsec/fasolo_storace.pp @@ -5,7 +5,7 @@ class profile::ipsec::fasolo_storace { # Use the first ipv4 address from LDAP, since the puppet fact is not always # the IP address we want to use. For instance, for storace $::facts['ipaddress'] # is 172.29.170.1 (from bond1) instead of 93.94.130.161 from eth0. - $public_ipaddress = getfromhash($site::nodeinfo, 'misc', 'v4_ldap')[0] + $public_ipaddress = getfromhash($deprecated::nodeinfo, 'misc', 'v4_ldap')[0] # we do ipsec on the backend since it traveres over other people's switching infra ipsec::network { "fasolo_storace": diff --git a/modules/puppetmaster/lib/puppet/parser/functions/entropy_provider.rb b/modules/puppetmaster/lib/puppet/parser/functions/entropy_provider.rb index fe7606b40..5c8c6fe02 100644 --- a/modules/puppetmaster/lib/puppet/parser/functions/entropy_provider.rb +++ b/modules/puppetmaster/lib/puppet/parser/functions/entropy_provider.rb @@ -6,8 +6,8 @@ module Puppet::Parser::Functions fqdn = args[0] nodeinfo = args[1] - localinfo = lookupvar('site::localinfo') - allnodeinfo = lookupvar('site::allnodeinfo') + localinfo = lookupvar('deprecated::localinfo') + allnodeinfo = lookupvar('deprecated::allnodeinfo') raise Puppet::ParseError, "entropy_provider: Cannot learn fqdn" unless fqdn raise Puppet::ParseError, "entropy_provider: Cannot learn nodeinfo" unless nodeinfo diff --git a/modules/puppetmaster/lib/puppet/parser/functions/has_role.rb b/modules/puppetmaster/lib/puppet/parser/functions/has_role.rb index 427440fa1..eef31b984 100644 --- a/modules/puppetmaster/lib/puppet/parser/functions/has_role.rb +++ b/modules/puppetmaster/lib/puppet/parser/functions/has_role.rb @@ -1,7 +1,7 @@ module Puppet::Parser::Functions newfunction(:has_role, :type => :rvalue) do |args| role = args[0] - roles = lookupvar('site::roles') + roles = lookupvar('deprecated::roles') fqdn = lookupvar('fqdn') if not roles.include?(role) err "Failed to look up missing role #{role}" diff --git a/modules/roles/manifests/keyring.pp b/modules/roles/manifests/keyring.pp index 25ab9d308..a411ff540 100644 --- a/modules/roles/manifests/keyring.pp +++ b/modules/roles/manifests/keyring.pp @@ -12,7 +12,7 @@ class roles::keyring { include named::authoritative - $notify_address_bind = join(getfromhash($site::allnodeinfo, 'denis.debian.org', 'ipHostNumber'), "; ") + $notify_address_bind = join(getfromhash($deprecated::allnodeinfo, 'denis.debian.org', 'ipHostNumber'), "; ") ferm::rule { '01-dsa-bind': domain => '(ip ip6)', diff --git a/modules/roles/manifests/pubsub/entities.pp b/modules/roles/manifests/pubsub/entities.pp index d0dfd621c..f78ba8502 100644 --- a/modules/roles/manifests/pubsub/entities.pp +++ b/modules/roles/manifests/pubsub/entities.pp @@ -58,7 +58,7 @@ class roles::pubsub::entities { password => $pet_password, } - $do_hosts = keys($site::localinfo) + $do_hosts = keys($deprecated::localinfo) pubsub::autouser { $do_hosts: } diff --git a/modules/roles/templates/conf-debianhostlist.erb b/modules/roles/templates/conf-debianhostlist.erb index e3056c655..6fcda4f57 100644 --- a/modules/roles/templates/conf-debianhostlist.erb +++ b/modules/roles/templates/conf-debianhostlist.erb @@ -8,9 +8,9 @@ <%= lines = [] - scope.lookupvar('site::allnodeinfo').keys.sort.each do |node| - lines << " # #{scope.lookupvar('site::allnodeinfo')[node]['hostname'][0]}" - scope.lookupvar('site::allnodeinfo')[node]['ipHostNumber'].each do |addr| + scope.lookupvar('deprecated::allnodeinfo').keys.sort.each do |node| + lines << " # #{scope.lookupvar('deprecated::allnodeinfo')[node]['hostname'][0]}" + scope.lookupvar('deprecated::allnodeinfo')[node]['ipHostNumber'].each do |addr| lines << " Require ip #{addr}" end end diff --git a/modules/roles/templates/dakmaster/conf-builddlist.erb b/modules/roles/templates/dakmaster/conf-builddlist.erb index 1a7fd0c82..15b3b8c38 100644 --- a/modules/roles/templates/dakmaster/conf-builddlist.erb +++ b/modules/roles/templates/dakmaster/conf-builddlist.erb @@ -8,11 +8,11 @@ <%= lines = [] - scope.lookupvar('site::allnodeinfo').keys.sort.each do |node| - next unless scope.lookupvar('site::allnodeinfo')[node]['purpose'] - if scope.lookupvar('site::allnodeinfo')[node]['purpose'].include?('buildd') - lines << " # #{scope.lookupvar('site::allnodeinfo')[node]['hostname'][0]}" - scope.lookupvar('site::allnodeinfo')[node]['ipHostNumber'].each do |addr| + scope.lookupvar('deprecated::allnodeinfo').keys.sort.each do |node| + next unless scope.lookupvar('deprecated::allnodeinfo')[node]['purpose'] + if scope.lookupvar('deprecated::allnodeinfo')[node]['purpose'].include?('buildd') + lines << " # #{scope.lookupvar('deprecated::allnodeinfo')[node]['hostname'][0]}" + scope.lookupvar('deprecated::allnodeinfo')[node]['ipHostNumber'].each do |addr| lines << " Require ip #{addr}" end end diff --git a/modules/roles/templates/planet_master/planet-master.debian.org.erb b/modules/roles/templates/planet_master/planet-master.debian.org.erb index 95afcf03d..e8a7d474c 100644 --- a/modules/roles/templates/planet_master/planet-master.debian.org.erb +++ b/modules/roles/templates/planet_master/planet-master.debian.org.erb @@ -25,10 +25,10 @@ Use common-debian-service-https-redirect * planet-master.debian.org Require ip 127.0.0.1 <%= lines = [] - roles = scope.lookupvar('site::roles') + roles = scope.lookupvar('deprecated::roles') roles['planet_master'].each do |node| - lines << "\t\t# #{scope.lookupvar('site::allnodeinfo')[node]['hostname'][0]}" - scope.lookupvar('site::allnodeinfo')[node]['ipHostNumber'].each do |addr| + lines << "\t\t# #{scope.lookupvar('deprecated::allnodeinfo')[node]['hostname'][0]}" + scope.lookupvar('deprecated::allnodeinfo')[node]['ipHostNumber'].each do |addr| lines << "\t\tRequire ip #{addr}" end end diff --git a/modules/roles/templates/sso_rp/ca.crl.erb b/modules/roles/templates/sso_rp/ca.crl.erb index 1427d460d..b246c781d 100644 --- a/modules/roles/templates/sso_rp/ca.crl.erb +++ b/modules/roles/templates/sso_rp/ca.crl.erb @@ -11,7 +11,7 @@ end crl = [] -roles = scope.lookupvar('site::roles') +roles = scope.lookupvar('deprecated::roles') roles['sso'].each do |node| c = getcrl(node) next if c.nil? diff --git a/modules/roles/templates/static-mirroring/static-clients.conf.erb b/modules/roles/templates/static-mirroring/static-clients.conf.erb index 33f9644a9..6d2cd5bfe 100644 --- a/modules/roles/templates/static-mirroring/static-clients.conf.erb +++ b/modules/roles/templates/static-mirroring/static-clients.conf.erb @@ -5,9 +5,9 @@ <%= # do not include mirrors in static_mirror_nopush -static_mirror_nopush = scope.lookupvar('site::roles')['static_mirror_nopush'] +static_mirror_nopush = scope.lookupvar('deprecated::roles')['static_mirror_nopush'] -scope.lookupvar('site::roles')['static_mirror'].reject{ |x| static_mirror_nopush.include?(x) }.join("\n") +scope.lookupvar('deprecated::roles')['static_mirror'].reject{ |x| static_mirror_nopush.include?(x) }.join("\n") # vim:set et: # vim:set sts=4 ts=4: diff --git a/modules/samhain/templates/samhainrc.erb b/modules/samhain/templates/samhainrc.erb index f6829e690..a0b1e0a9e 100644 --- a/modules/samhain/templates/samhainrc.erb +++ b/modules/samhain/templates/samhainrc.erb @@ -333,7 +333,7 @@ dir=/etc/bacula/storage-conf.d dir=/etc/bacula/conf.d <%= out="" -if scope.lookupvar('site::nodeinfo')['heavy_exim'] +if scope.lookupvar('deprecated::nodeinfo')['heavy_exim'] out = ' file=/etc/exim4/surbl_whitelist.txt file=/etc/exim4/exim_surbl.pl diff --git a/modules/ssh/templates/authorized_keys.erb b/modules/ssh/templates/authorized_keys.erb index ea1152833..d7c200215 100644 --- a/modules/ssh/templates/authorized_keys.erb +++ b/modules/ssh/templates/authorized_keys.erb @@ -1,6 +1,6 @@ <% - allnodeinfo = scope.lookupvar('site::allnodeinfo') - roles = scope.lookupvar('site::roles') + allnodeinfo = scope.lookupvar('deprecated::allnodeinfo') + roles = scope.lookupvar('deprecated::roles') %> # local admin diff --git a/modules/ssh/templates/sshd_config.erb b/modules/ssh/templates/sshd_config.erb index 04a27e559..870f16fa6 100644 --- a/modules/ssh/templates/sshd_config.erb +++ b/modules/ssh/templates/sshd_config.erb @@ -50,7 +50,7 @@ AuthorizedKeysFile /etc/ssh/userkeys/%u /var/lib/misc/userkeys/%u /etc/ssh/userk PasswordAuthentication no <%= - allnodeinfo = scope.lookupvar('site::allnodeinfo') + allnodeinfo = scope.lookupvar('deprecated::allnodeinfo') out = '' settings = '# Banner "You are coming from a debian.org host."' allnodeinfo.keys.sort.each do |node| diff --git a/modules/systemdtimesyncd/templates/timesyncd.conf.erb b/modules/systemdtimesyncd/templates/timesyncd.conf.erb index 761a570f1..485725e7c 100644 --- a/modules/systemdtimesyncd/templates/timesyncd.conf.erb +++ b/modules/systemdtimesyncd/templates/timesyncd.conf.erb @@ -17,7 +17,7 @@ <%= servers = [] @localtimeservers.each do |node| - scope.lookupvar('site::allnodeinfo')[node]['ipHostNumber'].each do |addr| + scope.lookupvar('deprecated::allnodeinfo')[node]['ipHostNumber'].each do |addr| servers << addr end end diff --git a/modules/time/manifests/init.pp b/modules/time/manifests/init.pp index 13010f2a0..e89210bf2 100644 --- a/modules/time/manifests/init.pp +++ b/modules/time/manifests/init.pp @@ -1,7 +1,7 @@ class time { include stdlib $localtimeservers = hiera('local-timeservers', []) - $physicalHost = $site::allnodeinfo[$fqdn]['physicalHost'] + $physicalHost = $deprecated::allnodeinfo[$fqdn]['physicalHost'] #if ($systemd and $physicalHost and size($localtimeservers) > 0) { if ($systemd and size($localtimeservers) > 0 and $::is_virtual and $::virtual == 'kvm') { diff --git a/modules/unbound/manifests/init.pp b/modules/unbound/manifests/init.pp index 72f9a37ca..840cfff9b 100644 --- a/modules/unbound/manifests/init.pp +++ b/modules/unbound/manifests/init.pp @@ -9,7 +9,7 @@ class unbound { include stdlib - $is_recursor = getfromhash($site::nodeinfo, 'misc', 'resolver-recursive') + $is_recursor = getfromhash($deprecated::nodeinfo, 'misc', 'resolver-recursive') $client_ranges = hiera('allow_dns_query') $firewall_blocks_dns = hiera('firewall_blocks_dns', false) $empty_client_range = empty($client_ranges) -- 2.20.1