innholdet i manifest kommer
This commit is contained in:
parent
0a7983f17c
commit
f5d9b1a06f
45
site-modules/profile/manifests/manifests/base_linux.pp
Normal file
45
site-modules/profile/manifests/manifests/base_linux.pp
Normal file
@ -0,0 +1,45 @@
|
||||
# @summary A short summary of the purpose of this class
|
||||
#
|
||||
# A description of what this class does
|
||||
#
|
||||
# @example
|
||||
# include profile::base_linux
|
||||
#
|
||||
# profile::base:linux
|
||||
#
|
||||
|
||||
|
||||
class profile::base_linux {
|
||||
|
||||
|
||||
|
||||
$root_ssh_key = lookup('base_linux::root_ssh_key')
|
||||
$linux_sw_pkg = lookup('base_linux::linux_sw_pkg')
|
||||
# careful when configuring ntp to avoid misuse (opening for DDOS)
|
||||
class { 'ntp':
|
||||
servers => [ 'ntp.ntnu.no' ],
|
||||
restrict => [
|
||||
'default kod nomodify notrap nopeer noquery',
|
||||
'-6 default kod nomodify notrap nopeer noquery',
|
||||
],
|
||||
}
|
||||
class { 'timezone':
|
||||
timezone => 'Europe/Oslo',
|
||||
}
|
||||
package { $linux_sw_pkg:
|
||||
ensure => latest,
|
||||
}
|
||||
# root@manager should be able to ssh without password to all
|
||||
file { '/root/.ssh':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0700',
|
||||
ensure => 'directory',
|
||||
}
|
||||
ssh_authorized_key { 'root@manager':
|
||||
user => 'root',
|
||||
type => 'ssh-rsa',
|
||||
key => $root_ssh_key,
|
||||
require => File['/root/.ssh'],
|
||||
}
|
||||
}
|
34
site-modules/profile/manifests/manifests/base_windows.pp
Normal file
34
site-modules/profile/manifests/manifests/base_windows.pp
Normal file
@ -0,0 +1,34 @@
|
||||
#
|
||||
# profile::base_windows
|
||||
#
|
||||
class profile::base_windows {
|
||||
$win_sw_pkg = lookup('base_windows::win_sw_pkg')
|
||||
# set default package provider on windows to chocolatey, please read https://chocolatey.org/security in
|
||||
# the future maybe use DSC instead when this is ready:
|
||||
# https://github.com/PowerShell/PackageManagementProviderResource
|
||||
include chocolatey
|
||||
# set chocolatey as default package provider on Windows
|
||||
case $::operatingsystem {
|
||||
'windows':
|
||||
{ Package { provider => chocolatey, } }
|
||||
default:
|
||||
{ Package { provider => windows, } }
|
||||
}
|
||||
package { $win_sw_pkg:
|
||||
ensure => 'latest',
|
||||
}
|
||||
# a specific version of vim I know is trusted
|
||||
package { 'vim':
|
||||
ensure => '8.0.604',
|
||||
}
|
||||
# use PowerShell DSC to set timezone
|
||||
dsc_xtimezone { 'Oslo':
|
||||
dsc_timezone => 'W. Europe Standard Time',
|
||||
dsc_issingleinstance => 'yes',
|
||||
}
|
||||
# use PowerShell DSC protect against wannacry :)
|
||||
dsc_windowsfeature {'FS-SMB1':
|
||||
dsc_ensure => 'absent',
|
||||
dsc_name => 'FS-SMB1',
|
||||
}
|
||||
}
|
16
site-modules/profile/manifests/manifests/consul/client.pp
Normal file
16
site-modules/profile/manifests/manifests/consul/client.pp
Normal file
@ -0,0 +1,16 @@
|
||||
class profile::consul::client {
|
||||
package { 'unzip':
|
||||
ensure => latest,
|
||||
}
|
||||
class { '::consul':
|
||||
version => '1.6.0',
|
||||
config_hash => {
|
||||
'data_dir' => '/opt/consul',
|
||||
'datacenter' => 'NTNU',
|
||||
'log_level' => 'INFO',
|
||||
'node_name' => $facts['hostname'],
|
||||
'retry_join' => [ $::serverip ],
|
||||
},
|
||||
require => Package['unzip'],
|
||||
}
|
||||
}
|
18
site-modules/profile/manifests/manifests/consul/server.pp
Normal file
18
site-modules/profile/manifests/manifests/consul/server.pp
Normal file
@ -0,0 +1,18 @@
|
||||
class profile::consul::server {
|
||||
package { 'unzip':
|
||||
ensure => latest,
|
||||
}
|
||||
class { '::consul':
|
||||
version => '1.6.0',
|
||||
config_hash => {
|
||||
'bootstrap_expect' => 3,
|
||||
'data_dir' => '/opt/consul',
|
||||
'datacenter' => 'NTNU',
|
||||
'log_level' => 'INFO',
|
||||
'node_name' => $facts['hostname'],
|
||||
'server' => true,
|
||||
'retry_join' => [ $::serverip ],
|
||||
},
|
||||
require => Package['unzip'],
|
||||
}
|
||||
}
|
33
site-modules/profile/manifests/manifests/dns/client.pp
Normal file
33
site-modules/profile/manifests/manifests/dns/client.pp
Normal file
@ -0,0 +1,33 @@
|
||||
class profile::dns::client {
|
||||
$dir_ip = lookup( 'Address', undef, undef, '1.1.1.1' )
|
||||
case $facts['os']['name'] {
|
||||
'windows': {
|
||||
dsc_dnsserveraddress { $dir_ip:
|
||||
dsc_address => $dir_ip,
|
||||
dsc_interfacealias => $facts['networking']['primary'],
|
||||
dsc_addressfamily => 'IPv4',
|
||||
dsc_validate => true,
|
||||
}
|
||||
dsc_dnsclientglobalsetting { 'domainname':
|
||||
dsc_issingleinstance => yes,
|
||||
dsc_suffixsearchlist => 'node.consul',
|
||||
}
|
||||
}
|
||||
/^(Debian|Ubuntu)$/: {
|
||||
class { 'netplan':
|
||||
config_file => '/etc/netplan/50-cloud-init.yaml',
|
||||
ethernets => {
|
||||
'ens3' => {
|
||||
'dhcp4' => true,
|
||||
'nameservers' => {
|
||||
'search' => ['node.consul'],
|
||||
'addresses' => [ "$dir_ip" ],
|
||||
}
|
||||
}
|
||||
},
|
||||
netplan_apply => true,
|
||||
}
|
||||
}
|
||||
default: { notify { 'Which OS? What?': } }
|
||||
}
|
||||
}
|
14
site-modules/profile/manifests/manifests/dns/server.pp
Normal file
14
site-modules/profile/manifests/manifests/dns/server.pp
Normal file
@ -0,0 +1,14 @@
|
||||
class profile::dns::server {
|
||||
include dns::server
|
||||
# Forwarders
|
||||
dns::server::options { '/etc/bind/named.conf.options':
|
||||
dnssec_enable => false,
|
||||
dnssec_validation => no,
|
||||
forwarders => [ '129.241.0.201' ],
|
||||
}
|
||||
dns::zone { 'consul':
|
||||
zone_type => forward,
|
||||
forward_policy => only,
|
||||
allow_forwarder => [ '127.0.0.1 port 8600' ],
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user