From 5d66c9ed0c77740a3ab46ec417629652e1e44c4b Mon Sep 17 00:00:00 2001 From: Mike Gabriel Date: Wed, 10 Jan 2018 13:27:35 +0100 Subject: Port site.pp to Puppet 4.x, move into production environment folder. --- code/environments/production/manifests/site.pp | 189 +++++++++++++++++++++++++ manifests/site.pp | 167 ---------------------- 2 files changed, 189 insertions(+), 167 deletions(-) create mode 100644 code/environments/production/manifests/site.pp delete mode 100644 manifests/site.pp diff --git a/code/environments/production/manifests/site.pp b/code/environments/production/manifests/site.pp new file mode 100644 index 0000000..2488b47 --- /dev/null +++ b/code/environments/production/manifests/site.pp @@ -0,0 +1,189 @@ +#include apt + +class ssh_pubkeys_admins { + # Mike Gabriel, IT-Zukunft Schule + ssh_authorized_key { 'mike@minobo': + type => 'ssh-rsa', + key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDn2moKR4u3yJW+/hvwmhUDjiLBxiMPB+46YO9iEo8HXsdulpMi20hi2TTmWA0w3hog1IEnre6C7UGHcZG0HfPg+eROIuuXRcOfg3WP/IBV0KMF4DTa1KDoN/Nw7HMlhWxGxFrdbumAoj/s2ZaA/of1fpaPKOhunF8S9Ch60LYmgnR3tzJW/b0jS9fww8o/rMB3pZy2WSW0uUfpOIbDv+XHhNiC/iu8IgD+M5KkK+qbNZFPoTQkebc0RPRBcOrmEYroofFGg+7jPU++AEKJUKSaGjZRWzACuXiUzTo2F9fT09EMWU4oiYV9zRqjx6ctncwfEB4qOfoRUycfxBSJk7t7', + user => 'root', + } + # Marcel Sandow, IT-Zukunft Schule + ssh_authorized_key { 'marcel@Bigblue': + type => 'ssh-rsa', + key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQD3RPZTCJNjuV2vq8cO6AwPaVcjimg2DgRi2GitC/K4HzQuy0+RswVktyBACKpFogx254S1gjGoueYDfHq+T4hdoBussGln0MEsJKbEPEgWpGUZgurg3eWSAlzAWlhf9Goy5ZA362sOz3NsbY3DE+4CqxQWth+CctpGz1WzAvFy0K7oclfoncbOlftgEUukvKqJtSapxNAb+O+Ijjur/yaXKwk/dK7T+ZTPhZwChlxo50kLuiN8d3TYgFxc19LncJxq6s8BqQs70Z6m1CNHA07t6UD01Pto29TRNZfAnjuAP8FiO9Cu06cUnHrwlG2jgvr5hA0rLFYnVtgGaQX6RCsT', + user => 'root', + } + # Benjamin Schlüter, LOGO EDV-Systeme GmbH + ssh_authorized_key { 'benni@nbbenni': + type => 'ssh-rsa', + key => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQCy2oN7DNtxUXsKUEOsQiUWW9fupzVJAuoaGe3OWxlcZN1je9EpObfHEn5HuYJFcBgHK6PSapPIOJ9QXbLsUYX5vhQwx9oBOg7W8He0kNscO23kjVOLJGaebGX5zNpf96RjZIy/Jhwlb73hCMqTTdp+D3/VDIm7q1UbMn2KOl9ldGwPJCxppeBeHdr89CED1RX/XAXt69qknrC1wm1NXp+UGz9FaG9YWJPNrFXBBvrGCt1oUrB8bXo/poo+doIuVmMqvN0e7lBDOzsRIiorDEk/cFc+ZOUBn4QOeY7J7keX6l2v3AxRXq6ErZrX+ooa83duRGXj2HkNWufmAi0CqzeXqGFIw+9S9vextn/zCp15G737cruJ50nX5jK38I9fnf3rfGveYdGuf3ta3Eihw1QiK/J4DQeTFKscsR4+P/iRcnsFO4/aVgDbOtCeKIaLK0fh9JWa/H2NVaLWvYv7beDoPtZ7I8TW+SsnO6mykmqUg679fcA/ZTIoAfLfK99UDiOhpye0EtWxGMiBBHn0V1RbERNjfHEVcBnlvcnPRIqkfwOEK5bASXpzzPvEuEGkFlHhtuXQ6WoWdA8zCq+lakNLYeq8CemU9Hd20JgILOidP4Yt9yNuusTP/EDg0AN9fggQe/rc1Raui/5/rVgkzqYFp8DMbgFAAcBTqsBCh1GVDQ==', + user => 'root', + } +} + +class ssh_pubkeys_firedadmins { + # Lucian Anderwald, IT-Zukunft Schule + ssh_authorized_key { 'lucian@SATELLITE': + ensure => 'absent', + type => 'ssh-rsa', + key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQC71S/LYktwTalKjE6Sb7XlOyV1tr1O+codh4C3g9uVtjqytYj/Lx6hExxegwN2tiTAjb3skEKpdg7uRbmpEZBtyST/UrrJCB0l0KbjJelfh4MANuRF+H9CNAPwaxcLfCWeTFwmQW8mcSHE20ljY7kpJykEoihBVjK49k+kD+sphIG1o4BU8nQii0i5/U2HqHkPZHzCIjIprN9kTx/n/zMmCLwuIW58KJitG/ttBXPq+TMsN/zcUQm7/PL7UmIMlvUtKzApuM36PUyah7/rpOB5mIYrqFcDXSBUpFLT1CIvfH6ZR5umhnwiRXDsVfP8e0WB1JhOZV1LqOez8s7c4a6/', + user => 'root', + } + # Marius Rasch, IT-Zukunft Schule + ssh_authorized_key { 'marius@soledad': + ensure => 'absent', + type => 'ssh-rsa', + key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCuoOfxXovfHlODw7dDlfcLKHaD7fotGT5Kb/HADNQY+GMINKy9Zu71/qpjVZtrckLl92nS7ygCf7+KpyfihdJgKBIeacikD4Y8/slDA2AbBuTZsHOp9HEzopmE1DbJbjeFtnjv8usPx/zB0buEtXy7Fa+bMIu6gIDIK7pO83kqiI/uv1sDyyaElw50Hn8tvZg7OtVHuShxjRCZVDolqUKBDDrQ+lZQG24XeMrQ4cEZ9yLYNAeeLwqqiWqnQ0jrCf2JYI4V7Oo1tvjKJM8HiVFSjsPh8cEu5iLBi08fuKCR7p1efSTOsy06HeraZpWJw5MH+At7sy3qjuuJ0oftrg3n', + user => 'root', + } +} + +#class ssh_pubkeys_backupserver { +# ssh_authorized_key { 'root@backup-01': +# type => 'ssh-rsa', +# key => '', +# user => 'root', +# } +#} + +class anacron_on_battery { + file_line { 'anacron-on-battery': + path => '/etc/default/anacron', + line => 'ANACRON_RUN_ON_BATTERY_POWER=yes', + match => '^ANACRON_RUN_ON_BATTERY_POWER\=.*$', + } +} + +class login_manager { + package { 'lightdm': + ensure => 'installed', + } + package { 'arctica-greeter': + ensure => 'installed', + } +} + +class itzks_systems_common { + package { 'itzks-systems-common': + ensure => 'latest', + } +} + +class itzks_systems_workstation { + package { 'itzks-systems-workstation': + ensure => 'latest', + } +} + +class itzks_systems_mainserver { + package { 'itzks-systems-mainserver': + ensure => 'latest', + } +} + +class itzks_systems_terminalserver { + package { 'itzks-systems-terminalserver': + ensure => 'latest', + } +} + +class fsautoresizetab { + file { '/etc/fsautoresizetab': + ensure => 'present', + path => '/etc/fsautoresizetab', + replace => 'no', + source => '/usr/share/debian-edu-config/fsautoresizetab', + } +} + +class fsautoresizetab_change_usr { + file_line { 'usr': + path => '/etc/fsautoresizetab', + line => '/usr 10% 18g 5%', + match => '^/usr\ .*', + require => File["/etc/fsautoresizetab"], + } +} + +node "tjener.intern" { + + class { 'ssh_pubkeys_admins': } + class { 'ssh_pubkeys_firedadmins': } + class { 'ssh_pubkeys_backupserver': } + class { 'itzks_systems_common': } + + class { 'itzks_systems_mainserver': } + class { 'itzks_systems_terminalserver': } +} +# NOT PRESENT node "filter.intern" inherits "all_servers" {} +# NOT PRESENT node "opsiserver.intern" inherits "all_servers" {} +# NOT PRESENT node "displayserver.intern" inherits "all_servers" {} +# NOT PRESENT node "contentserver.intern" inherits "all_servers" {} +# NOT PRESENT node "devserver.intern" inherits "all_servers" {} +# NOT PRESENT node "bibserv.intern" inherits "all_servers" { + +# Workstations +node /workstation-.*\.intern$/ { + + class { 'ssh_pubkeys_admins': } + class { 'ssh_pubkeys_firedadmins': } + class { 'login_manager': } + class { 'itzks_systems_common': } + class { 'itzks_systems_workstation': } + +# # settings appropriate for workstation hosts +# class { 'apt::unattended_upgrades': +# origins => [ +# 'o=Debian,n=${distro_codename}', +# 'o=Debian,n=${distro_codename}-updates', +# 'o=Debian,n=${distro_codename},l=Debian-Security', +# 'o=IT-Zukunft Schule,n=${distro_codename},l=IT-Zukunft Schule', +# ], +# update => "1", +# download => "1", +# upgrade => "1", +# autoclean => "7", +# auto_fix => true, +# minimal_steps => true, +# install_on_shutdown => false, +# remove_unused => true, +# auto_reboot => false, +# download_delta => "1", +# } + + class { 'fsautoresizetab': } + class { 'fsautoresizetab_change_usr': } +} + +# Notebooks +node /notebook-.*\.intern$/ { + + class { 'ssh_pubkeys_admins': } + class { 'ssh_pubkeys_firedadmins': } + class { 'login_manager': } + class { 'itzks_systems_common': } + class { 'itzks_systems_workstation': } + +# # settings appropriate for workstation hosts +# class { 'apt::unattended_upgrades': +# origins => [ +# 'o=Debian,n=${distro_codename}', +# 'o=Debian,n=${distro_codename}-updates', +# 'o=Debian,n=${distro_codename},l=Debian-Security', +# 'o=IT-Zukunft Schule,n=${distro_codename},l=IT-Zukunft Schule', +# ], +# update => "1", +# download => "1", +# upgrade => "1", +# autoclean => "7", +# auto_fix => true, +# minimal_steps => true, +# install_on_shutdown => false, +# remove_unused => true, +# auto_reboot => false, +# download_delta => "1", +# } + + class { 'fsautoresizetab': } + class { 'fsautoresizetab_change_usr': } +} diff --git a/manifests/site.pp b/manifests/site.pp deleted file mode 100644 index cbbaba6..0000000 --- a/manifests/site.pp +++ /dev/null @@ -1,167 +0,0 @@ -#include apt - -class ssh_pubkeys_admins { - # Mike Gabriel, IT-Zukunft Schule - ssh_authorized_key { 'mike@minobo': - type => 'ssh-rsa', - key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDn2moKR4u3yJW+/hvwmhUDjiLBxiMPB+46YO9iEo8HXsdulpMi20hi2TTmWA0w3hog1IEnre6C7UGHcZG0HfPg+eROIuuXRcOfg3WP/IBV0KMF4DTa1KDoN/Nw7HMlhWxGxFrdbumAoj/s2ZaA/of1fpaPKOhunF8S9Ch60LYmgnR3tzJW/b0jS9fww8o/rMB3pZy2WSW0uUfpOIbDv+XHhNiC/iu8IgD+M5KkK+qbNZFPoTQkebc0RPRBcOrmEYroofFGg+7jPU++AEKJUKSaGjZRWzACuXiUzTo2F9fT09EMWU4oiYV9zRqjx6ctncwfEB4qOfoRUycfxBSJk7t7', - user => 'root', - } - # Marcel Sandow, IT-Zukunft Schule - ssh_authorized_key { 'marcel@Bigblue': - type => 'ssh-rsa', - key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQD3RPZTCJNjuV2vq8cO6AwPaVcjimg2DgRi2GitC/K4HzQuy0+RswVktyBACKpFogx254S1gjGoueYDfHq+T4hdoBussGln0MEsJKbEPEgWpGUZgurg3eWSAlzAWlhf9Goy5ZA362sOz3NsbY3DE+4CqxQWth+CctpGz1WzAvFy0K7oclfoncbOlftgEUukvKqJtSapxNAb+O+Ijjur/yaXKwk/dK7T+ZTPhZwChlxo50kLuiN8d3TYgFxc19LncJxq6s8BqQs70Z6m1CNHA07t6UD01Pto29TRNZfAnjuAP8FiO9Cu06cUnHrwlG2jgvr5hA0rLFYnVtgGaQX6RCsT', - user => 'root', - } - # Benjamin Schlüter, LOGO EDV-Systeme GmbH - ssh_authorized_key { 'benni@nbbenni': - type => 'ssh-rsa', - key => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQCy2oN7DNtxUXsKUEOsQiUWW9fupzVJAuoaGe3OWxlcZN1je9EpObfHEn5HuYJFcBgHK6PSapPIOJ9QXbLsUYX5vhQwx9oBOg7W8He0kNscO23kjVOLJGaebGX5zNpf96RjZIy/Jhwlb73hCMqTTdp+D3/VDIm7q1UbMn2KOl9ldGwPJCxppeBeHdr89CED1RX/XAXt69qknrC1wm1NXp+UGz9FaG9YWJPNrFXBBvrGCt1oUrB8bXo/poo+doIuVmMqvN0e7lBDOzsRIiorDEk/cFc+ZOUBn4QOeY7J7keX6l2v3AxRXq6ErZrX+ooa83duRGXj2HkNWufmAi0CqzeXqGFIw+9S9vextn/zCp15G737cruJ50nX5jK38I9fnf3rfGveYdGuf3ta3Eihw1QiK/J4DQeTFKscsR4+P/iRcnsFO4/aVgDbOtCeKIaLK0fh9JWa/H2NVaLWvYv7beDoPtZ7I8TW+SsnO6mykmqUg679fcA/ZTIoAfLfK99UDiOhpye0EtWxGMiBBHn0V1RbERNjfHEVcBnlvcnPRIqkfwOEK5bASXpzzPvEuEGkFlHhtuXQ6WoWdA8zCq+lakNLYeq8CemU9Hd20JgILOidP4Yt9yNuusTP/EDg0AN9fggQe/rc1Raui/5/rVgkzqYFp8DMbgFAAcBTqsBCh1GVDQ==', - user => 'root', - } -} - -class ssh_pubkeys_firedadmins { - # Lucian Anderwald, IT-Zukunft Schule - ssh_authorized_key { 'lucian@SATELLITE': - ensure => 'absent', - type => 'ssh-rsa', - key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQC71S/LYktwTalKjE6Sb7XlOyV1tr1O+codh4C3g9uVtjqytYj/Lx6hExxegwN2tiTAjb3skEKpdg7uRbmpEZBtyST/UrrJCB0l0KbjJelfh4MANuRF+H9CNAPwaxcLfCWeTFwmQW8mcSHE20ljY7kpJykEoihBVjK49k+kD+sphIG1o4BU8nQii0i5/U2HqHkPZHzCIjIprN9kTx/n/zMmCLwuIW58KJitG/ttBXPq+TMsN/zcUQm7/PL7UmIMlvUtKzApuM36PUyah7/rpOB5mIYrqFcDXSBUpFLT1CIvfH6ZR5umhnwiRXDsVfP8e0WB1JhOZV1LqOez8s7c4a6/', - user => 'root', - } - # Marius Rasch, IT-Zukunft Schule - ssh_authorized_key { 'marius@soledad': - ensure => 'absent', - type => 'ssh-rsa', - key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCuoOfxXovfHlODw7dDlfcLKHaD7fotGT5Kb/HADNQY+GMINKy9Zu71/qpjVZtrckLl92nS7ygCf7+KpyfihdJgKBIeacikD4Y8/slDA2AbBuTZsHOp9HEzopmE1DbJbjeFtnjv8usPx/zB0buEtXy7Fa+bMIu6gIDIK7pO83kqiI/uv1sDyyaElw50Hn8tvZg7OtVHuShxjRCZVDolqUKBDDrQ+lZQG24XeMrQ4cEZ9yLYNAeeLwqqiWqnQ0jrCf2JYI4V7Oo1tvjKJM8HiVFSjsPh8cEu5iLBi08fuKCR7p1efSTOsy06HeraZpWJw5MH+At7sy3qjuuJ0oftrg3n', - user => 'root', - } -} - -#class ssh_pubkeys_backupserver { -# ssh_authorized_key { 'root@backup-01': -# type => 'ssh-rsa', -# key => '', -# user => 'root', -# } -#} - -class anacron_on_battery { - file_line { 'anacron-on-battery': - path => '/etc/default/anacron', - line => 'ANACRON_RUN_ON_BATTERY_POWER=yes', - match => '^ANACRON_RUN_ON_BATTERY_POWER\=.*$', - } -} - -class login_manager { - package { 'lightdm': - ensure => 'installed', - } - package { 'arctica-greeter': - ensure => 'installed', -} - - -class itzks-systems-common { - package { 'itzks-systems-common': - ensure => 'latest', - } -} - -class itzks-systems-workstation { - package { 'itzks-systems-workstations': - ensure => 'latest', - } -} - -class itzks-systems-mainserver { - package { 'itzks-systems-mainserver': - ensure => 'latest', - } -} - -class itzks-systems-terminalserver { - package { 'itzks-systems-terminalserver': - ensure => 'latest', - } -} - -class fsautoresizetab { - file { '/etc/fsautoresizetab': - ensure => 'present', - path => '/etc/fsautoresizetab', - replace => 'no', - source => '/usr/share/debian-edu-config/fsautoresizetab', - } -} - -class fsautoresizetab_change_usr { - file_line { 'usr': - path => '/etc/fsautoresizetab', - line => '/usr 10% 18g 5%', - match => '^/usr\ .*', - before => Exec['fsautoresizetab'], - } -} - - -node "all_hosts" { - class { 'ssh_pubkeys_admins': } - class { 'ssh_pubkeys_firedadmins': } - class { 'login_manager': } - class { 'itzks-systems-common': } - class { 'itzks-systems-workstation': } - -# # settings appropriate for workstation hosts -# class { 'apt::unattended_upgrades': -# origins => [ -# 'o=Debian,n=${distro_codename}', -# 'o=Debian,n=${distro_codename}-updates', -# 'o=Debian,n=${distro_codename},l=Debian-Security', -# 'o=IT-Zukunft Schule,n=${distro_codename},l=IT-Zukunft Schule', -# ], -# update => "1", -# download => "1", -# upgrade => "1", -# autoclean => "7", -# auto_fix => true, -# minimal_steps => true, -# install_on_shutdown => false, -# remove_unused => true, -# auto_reboot => false, -# download_delta => "1", -# } - -} - -node "all_servers" { - class { 'ssh_pubkeys_admins': } - class { 'ssh_pubkeys_firedadmins': } - class { 'ssh_pubkeys_backupserver': } - class { 'itzks-systems-common': } -} - -node "tjener.intern" inherits "all_servers" { - class { 'itzks-systems-mainserver': } - class { 'itzks-systems-terminalserver': } -} -# NOT PRESENT node "filter.intern" inherits "all_servers" {} -# NOT PRESENT node "opsiserver.intern" inherits "all_servers" {} -# NOT PRESENT node "displayserver.intern" inherits "all_servers" {} -# NOT PRESENT node "contentserver.intern" inherits "all_servers" {} -# NOT PRESENT node "devserver.intern" inherits "all_servers" {} -# NOT PRESENT node "bibserv.intern" inherits "all_servers" { -} - -# Workstations -node /workstation-.*\.intern$/ inherits "all_hosts" { - class { 'fsautoresizetab': } - class { 'fsautoresizetab_change_usr': } -} - -# Notebooks -node /notebook-.*\.intern$/ inherits "all_hosts" { - class { 'fsautoresizetab': } - class { 'fsautoresizetab_change_usr': } -} -- cgit v1.2.3