modules/debian-org/manifests/init.pp

   1 define sysctl($key, $value, $ensure=present) {
   2     file { "/etc/sysctl.d/$name.conf":
   3         ensure  => $ensure,
   4         owner   => root,
   5         group   => root,
   6         mode    => 0644,
   7         content => "$key = $value\n",
   8         notify  => Exec["procps restart"],
   9     }
  10 }
  11
  12 class debian-org {
  13    package { "userdir-ldap": ensure => installed;
  14              "zsh": ensure => installed;
  15              "cron": ensure => installed;
  16              "apt-utils": ensure => installed;
  17              "tcsh": ensure => installed;
  18              "pdksh": ensure => installed;
  19              "ksh": ensure => installed;
  20              "csh": ensure => installed;
  21              "ntp": ensure => installed;
  22              "locales-all": ensure => installed;
  23              "libpam-pwdfile": ensure => installed;
  24              "vim": ensure => installed;
  25              "gnupg": ensure => installed;
  26              "bzip2": ensure => installed;
  27              "less": ensure => installed;
  28              "ed": ensure => installed;
  29              "puppet": ensure => installed;
  30              "mtr-tiny": ensure => installed;
  31              "nload": ensure => installed;
  32              "pciutils": ensure => installed;
  33              "dnsutils": ensure => installed;
  34              "bash-completion": ensure => installed;
  35              "libfilesystem-ruby1.8": ensure => installed;
  36              "syslog-ng": ensure => installed;
  37              "sysklogd": ensure => purged;
  38              "klogd": ensure => purged;
  39              "rsyslog": ensure => purged;
  40    }
  41    file {
  42       "/etc/apt/preferences":
  43              source => "puppet:///files/etc/apt/preferences";
  44       "/etc/apt/sources.list.d/backports.org.list":
  45              source => "puppet:///files/etc/apt/sources.list.d/backports.org.list",
  46              notify  => Exec["apt-get update"];
  47       "/etc/apt/sources.list.d/debian.org.list":
  48              source => "puppet:///files/etc/apt/sources.list.d/debian.org.list",
  49              notify  => Exec["apt-get update"];
  50       "/etc/apt/sources.list.d/security.list":
  51              source => "puppet:///files/etc/apt/sources.list.d/security.list",
  52              notify  => Exec["apt-get update"];
  53       "/etc/apt/sources.list.d/volatile.list":
  54              source => "puppet:///files/etc/apt/sources.list.d/volatile.list",
  55              notify  => Exec["apt-get update"];
  56       "/etc/apt/apt.conf.d/local-recommends":
  57              source => "puppet:///files/etc/apt/apt.conf.d/local-recommends";
  58       "/etc/apt/apt.conf.d/local-pdiffs":
  59              source => "puppet:///files/etc/apt/apt.conf.d/local-pdiffs";
  60       "/etc/timezone":
  61              source => "puppet:///files/etc/timezone",
  62              notify => Exec["dpkg-reconfigure tzdata -pcritical -fnoninteractive"];
  63       "/etc/puppet/puppet.conf":
  64              source => "puppet:///files/etc/puppet/puppet.conf"
  65              ;
  66       "/etc/default/puppet":
  67              source => "puppet:///files/etc/default/puppet"
  68              ;
  69
  70       "/etc/syslog-ng/syslog-ng.conf":
  71              source => "puppet:///files/etc/syslog-ng/syslog-ng.conf",
  72              notify  => Exec["syslog-ng reload"],
  73              ;
  74       "/etc/logrotate.d/syslog-ng":
  75              source => "puppet:///files/etc/logrotate.d/syslog-ng",
  76              ;
  77       "/etc/cron.d/dsa-puppet-stuff":
  78              source => "puppet:///files/etc/cron.d/dsa-puppet-stuff",
  79              require => Package["cron"]
  80              ;
  81       "/etc/ldap/ldap.conf":
  82              source => "puppet:///files/etc/ldap/ldap.conf",
  83              ;
  84       "/etc/pam.d/common-session":
  85              source => "puppet:///files/etc/pam.d/common-session",
  86              ;
  87    }
  88    case $hostname {
  89         handel: {
  90             file {
  91                "/etc/puppet/lib":
  92                       ensure  => directory,
  93                       source => "puppet:///files/etc/puppet/lib",
  94                       recurse => true,
  95                       notify  => Exec["puppetmaster restart"];
  96             }
  97         }
  98         default: {}
  99    }
 100
 101    # set mmap_min_addr to 4096 to mitigate
 102    # Linux NULL-pointer dereference exploits
 103    sysctl { "mmap_min_addr" :
 104              key         => "vm.mmap_min_addr",
 105              value       => 4096,
 106    }
 107
 108    exec { "syslog-ng reload":
 109              path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
 110              refreshonly => true,
 111    }
 112    exec { "dpkg-reconfigure tzdata -pcritical -fnoninteractive":
 113            path        => "/usr/bin:/usr/sbin:/bin:/sbin",
 114            refreshonly => true,
 115    }
 116    exec { "apt-get update":
 117              command => 'apt-get update',
 118              path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
 119              refreshonly => true
 120    }
 121    exec { "puppetmaster restart":
 122              path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
 123              refreshonly => true,
 124    }
 125    exec { "procps restart":
 126              path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
 127              refreshonly => true,
 128    }
 129 }
 130
 131 class debian-proliant inherits debian-org {
 132    package {
 133       "hpacucli": ensure => installed;
 134       "cpqarrayd": ensure => installed;
 135       "arrayprobe": ensure => installed;
 136    }
 137    file {
 138       "/etc/apt/sources.list.d/debian.restricted.list":
 139              source => "puppet:///files/etc/apt/sources.list.d/debian.restricted.list",
 140              notify  => Exec["apt-get update"];
 141    }
 142 }