From 98a071604ea9f7569aa0fa0688bc9d35081770c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Tue, 2 Oct 2018 22:53:29 +0200 Subject: Add Flony workstation --- modules/base_installation/manifests/grub.pp | 49 +++++++---- modules/base_installation/manifests/init.pp | 3 + modules/base_installation/manifests/ldap.pp | 102 ++++++++++++----------- modules/base_installation/manifests/locales.pp | 13 ++- modules/base_installation/manifests/params.pp | 5 +- modules/base_installation/manifests/puppet.pp | 110 +++++++++++++------------ 6 files changed, 161 insertions(+), 121 deletions(-) (limited to 'modules/base_installation/manifests') diff --git a/modules/base_installation/manifests/grub.pp b/modules/base_installation/manifests/grub.pp index 208b745..9ced43f 100644 --- a/modules/base_installation/manifests/grub.pp +++ b/modules/base_installation/manifests/grub.pp @@ -1,22 +1,41 @@ class base_installation::grub inherits base_installation { ensure_packages(['grub']) - # unless empty($base_installation::grub_device) { - # exec { 'install GRUB': - # command => "/usr/bin/grub-install --target=i386-pc $base_installation::device", - # subscribe => Package["grub"], - # } - # } + if !empty($base_installation::grub_efi_device) { + ensure_packages(['efibootmgr']) + exec { 'install GRUB UEFI': + command => "/usr/bin/mkdir /boot/efi && /usr/bin/mount ${base_installation::grub_efi_device} /boot/efi && /usr/bin/grub-install --efi-directory=/boot/efi --target=x86_64-efi && /usr/bin/umount /boot/efi && /usr/bin/rmdir /boot/efi", + creates => "/boot/grub/x86_64-efi", + subscribe => Package["grub"], + } + } elsif !empty($base_installation::grub_device) { + exec { 'install GRUB MBR': + command => "/usr/bin/grub-install --target=i386-pc $base_installation::grub_device", + creates => "/boot/grub/i386-pc", + subscribe => Package["grub"], + } + } - file_line { "/etc/default/grub#GRUB_CMDLINE_LINUX": - path => "/etc/default/grub", - line => 'GRUB_CMDLINE_LINUX=" console=tty0 console=ttyS0,115200"', - match => '^GRUB_CMDLINE_LINUX=', - require => Package["grub"], + if ($environment == "workstation" and !empty($base_installation::cryptroot_device)) { + file_line { "/etc/default/grub#GRUB_CMDLINE_LINUX": + path => "/etc/default/grub", + line => "GRUB_CMDLINE_LINUX=\" cryptdevice=UUID=${base_installation::cryptroot_device}:cryptroot\"", + match => '^GRUB_CMDLINE_LINUX=', + require => Package["grub"], + notify => Exec["update GRUB config"], + } + } elsif ($environment != "workstation") { + file_line { "/etc/default/grub#GRUB_CMDLINE_LINUX": + path => "/etc/default/grub", + line => 'GRUB_CMDLINE_LINUX=" console=tty0 console=ttyS0,115200"', + match => '^GRUB_CMDLINE_LINUX=', + require => Package["grub"], + notify => Exec["update GRUB config"], + } } - # exec { 'update GRUB config': - # command => "/usr/bin/grub-mkconfig -o /boot/grub/grub.cfg", - # refreshonly => true - # } + exec { 'update GRUB config': + command => "/usr/bin/grub-mkconfig -o /boot/grub/grub.cfg", + refreshonly => true + } } diff --git a/modules/base_installation/manifests/init.pp b/modules/base_installation/manifests/init.pp index a1b5ca8..5726494 100644 --- a/modules/base_installation/manifests/init.pp +++ b/modules/base_installation/manifests/init.pp @@ -1,5 +1,8 @@ class base_installation ( + Optional[String] $cryptroot_device = $base_installation::params::cryptroot_device, + Optional[String] $grub_efi_device = $base_installation::params::grub_efi_device, Optional[String] $grub_device = $base_installation::params::grub_device, + Optional[Boolean] $ldap_enabled = $base_installation::params::ldap_enabled, Optional[String] $ldap_base = $base_installation::params::ldap_base, Optional[String] $ldap_cert_path = $base_installation::params::ldap_cert_path, Optional[String] $ldap_cn = $base_installation::params::ldap_cn, diff --git a/modules/base_installation/manifests/ldap.pp b/modules/base_installation/manifests/ldap.pp index 9291402..7c48be3 100644 --- a/modules/base_installation/manifests/ldap.pp +++ b/modules/base_installation/manifests/ldap.pp @@ -1,69 +1,71 @@ class base_installation::ldap inherits base_installation { - ensure_packages(["openldap"]) + if ($base_installation::ldap_enabled) { + ensure_packages(["openldap"]) - File { - mode => "0644", - owner => "root", - group => "root", - } - - file { '/etc/openldap': - ensure => directory, - require => Package["openldap"], - recurse => true, - purge => true, - force => true, - } - - file { '/etc/openldap/ldap.conf': - ensure => present, - content => template("base_installation/ldap/ldap.conf.erb"), - require => File['/etc/openldap'], - } + File { + mode => "0644", + owner => "root", + group => "root", + } - $password_seed = lookup("base_installation::puppet_pass_seed") - unless empty(find_file($password_seed)) { - $ldap_server = lookup("base_installation::ldap_server") - $ldap_base = lookup("base_installation::ldap_base") - $ldap_dn = lookup("base_installation::ldap_dn") - $ldap_password = generate_password(24, $password_seed, "ldap") - $ldap_attribute = "uid" + file { '/etc/openldap': + ensure => directory, + require => Package["openldap"], + recurse => true, + purge => true, + force => true, + } - ensure_packages(["pam_ldap", "ruby-augeas"]) - file { "/etc/pam_ldap.conf": - ensure => "present", - mode => "0400", - owner => "root", - group => "root", - content => template("base_installation/ldap/pam_ldap.conf.erb"), + file { '/etc/openldap/ldap.conf': + ensure => present, + content => template("base_installation/ldap/ldap.conf.erb"), + require => File['/etc/openldap'], } - ["system-auth", "passwd"].each |$service| { - pam { "Allow to change ldap password via $service": - ensure => present, - service => $service, - type => "password", - control => "[success=done new_authtok_reqd=ok authinfo_unavail=ignore ignore=ignore default=bad]", - module => "pam_ldap.so", - arguments => ["ignore_unknown_user", "ignore_authinfo_unavail"], - position => 'before *[type="password" and module="pam_unix.so"]', - require => Package["ruby-augeas"], + $password_seed = lookup("base_installation::puppet_pass_seed") + unless empty(find_file($password_seed)) { + $ldap_server = lookup("base_installation::ldap_server") + $ldap_base = lookup("base_installation::ldap_base") + $ldap_dn = lookup("base_installation::ldap_dn") + $ldap_password = generate_password(24, $password_seed, "ldap") + $ldap_attribute = "uid" + + ensure_packages(["pam_ldap", "ruby-augeas"]) + file { "/etc/pam_ldap.conf": + ensure => "present", + mode => "0400", + owner => "root", + group => "root", + content => template("base_installation/ldap/pam_ldap.conf.erb"), } - } - ["system-auth", "su", "su-l"].each |$service| { - ["auth", "account"].each |$type| { - pam { "Allow $service to $type with ldap password": + ["system-auth", "passwd"].each |$service| { + pam { "Allow to change ldap password via $service": ensure => present, service => $service, - type => $type, + type => "password", control => "[success=done new_authtok_reqd=ok authinfo_unavail=ignore ignore=ignore default=bad]", module => "pam_ldap.so", arguments => ["ignore_unknown_user", "ignore_authinfo_unavail"], - position => "before *[type=\"$type\" and module=\"pam_unix.so\"]", + position => 'before *[type="password" and module="pam_unix.so"]', require => Package["ruby-augeas"], } } + + ["system-auth", "su", "su-l"].each |$service| { + ["auth", "account"].each |$type| { + pam { "Allow $service to $type with ldap password": + ensure => present, + service => $service, + type => $type, + control => "[success=done new_authtok_reqd=ok authinfo_unavail=ignore ignore=ignore default=bad]", + module => "pam_ldap.so", + arguments => ["ignore_unknown_user", "ignore_authinfo_unavail"], + position => "before *[type=\"$type\" and module=\"pam_unix.so\"]", + require => Package["ruby-augeas"], + } + } + } } } } diff --git a/modules/base_installation/manifests/locales.pp b/modules/base_installation/manifests/locales.pp index 0f31e0b..90dabee 100644 --- a/modules/base_installation/manifests/locales.pp +++ b/modules/base_installation/manifests/locales.pp @@ -29,9 +29,16 @@ class base_installation::locales inherits base_installation { } - file { "/etc/vconsole.conf": - ensure => "link", - target => "/dev/null", + if ($environment == "workstation") { + file { "/etc/vconsole.conf": + ensure => "file", + content => "KEYMAP=fr", + } + } else { + file { "/etc/vconsole.conf": + ensure => "link", + target => "/dev/null", + } } } diff --git a/modules/base_installation/manifests/params.pp b/modules/base_installation/manifests/params.pp index f336b65..0ceb99c 100644 --- a/modules/base_installation/manifests/params.pp +++ b/modules/base_installation/manifests/params.pp @@ -4,7 +4,10 @@ class base_installation::params { $puppet_notifies_path = "/etc/puppetlabs/notifies" $puppet_pass_seed = "/etc/puppetlabs/puppet/password_seed" $puppet_ssl_path = "/etc/puppetlabs/ssl" - $grub_device = "/dev/sda" + $cryptroot_device = "" + $grub_device = "" + $grub_efi_device = "" + $ldap_enabled = true $ldap_base = "dc=example,dc=com" $ldap_cn = "node" $ldap_dn = "cn=node,ou=hosts,dc=example,dc=com" diff --git a/modules/base_installation/manifests/puppet.pp b/modules/base_installation/manifests/puppet.pp index 603a961..8040017 100644 --- a/modules/base_installation/manifests/puppet.pp +++ b/modules/base_installation/manifests/puppet.pp @@ -52,21 +52,25 @@ class base_installation::puppet ( } unless empty(find_file($password_seed)) { - $ldap_password = generate_password(24, $password_seed, "ldap") - $ssha_ldap_seed = generate_password(5, $password_seed, "ldap_seed") - - package { 'gem:ruby-ldap': - name => "ruby-ldap", - ensure => present, - provider => "gem", - install_options => "--no-user-install" - } + if ($base_installation::ldap_enabled) { + $ldap_password = generate_password(24, $password_seed, "ldap") + $ssha_ldap_seed = generate_password(5, $password_seed, "ldap_seed") + + package { 'gem:ruby-ldap': + name => "ruby-ldap", + ensure => present, + provider => "gem", + install_options => "--no-user-install", + before => File["$base_installation::puppet_conf_path"] + } - package { 'gem:xmpp4r': - name => "xmpp4r", - ensure => present, - provider => "gem", - install_options => "--no-user-install" + package { 'gem:xmpp4r': + name => "xmpp4r", + ensure => present, + provider => "gem", + install_options => "--no-user-install", + before => File["$base_installation::puppet_conf_path"] + } } file { $password_seed: @@ -75,7 +79,7 @@ class base_installation::puppet ( file { $base_installation::puppet_conf_path: ensure => directory, - require => [Package["puppet"], Package["gem:xmpp4r"], Package["gem:ruby-ldap"]], + require => [Package["puppet"]], recurse => true, purge => true, force => true, @@ -103,47 +107,49 @@ class base_installation::puppet ( } } - if file("$base_installation::puppet_notifies_path/host_ldap.info", "/dev/null") != "" and - empty($facts["ldapvar"]) { - fail("LDAP was activated but facts are not available") - } + if ($base_installation::ldap_enabled) { + if file("$base_installation::puppet_notifies_path/host_ldap.info", "/dev/null") != "" and + empty($facts["ldapvar"]) { + fail("LDAP was activated but facts are not available") + } - file { $base_installation::puppet_notifies_path: - ensure => directory, - require => [Package["puppet"], Package["gem:xmpp4r"], Package["gem:ruby-ldap"]], - recurse => true, - purge => true, - force => true, - } + file { $base_installation::puppet_notifies_path: + ensure => directory, + require => [Package["puppet"], Package["gem:xmpp4r"], Package["gem:ruby-ldap"]], + recurse => true, + purge => true, + force => true, + } - $ips = lookup("ips", { 'default_value' => undef }) - concat { "$base_installation::puppet_notifies_path/host_ldap.info": - ensure => "present", - mode => "0600", - require => File[$base_installation::puppet_notifies_path], - ensure_newline => true, - } + $ips = lookup("ips", { 'default_value' => undef }) + concat { "$base_installation::puppet_notifies_path/host_ldap.info": + ensure => "present", + mode => "0600", + require => File[$base_installation::puppet_notifies_path], + ensure_newline => true, + } - concat::fragment { "host_ldap add top": - target => "$base_installation::puppet_notifies_path/host_ldap.info", - content => template("base_installation/puppet/host_ldap_add_top.info.erb"), - order => "00-01", - } - concat::fragment { "host_ldap add bottom": - target => "$base_installation::puppet_notifies_path/host_ldap.info", - content => "EOF", - order => "00-99", - } + concat::fragment { "host_ldap add top": + target => "$base_installation::puppet_notifies_path/host_ldap.info", + content => template("base_installation/puppet/host_ldap_add_top.info.erb"), + order => "00-01", + } + concat::fragment { "host_ldap add bottom": + target => "$base_installation::puppet_notifies_path/host_ldap.info", + content => "EOF", + order => "00-99", + } - concat::fragment { "host_ldap mod top": - target => "$base_installation::puppet_notifies_path/host_ldap.info", - content => template("base_installation/puppet/host_ldap_mod_top.info.erb"), - order => "01-01", - } - concat::fragment { "host_ldap mod bottom": - target => "$base_installation::puppet_notifies_path/host_ldap.info", - content => "EOF", - order => "01-99", + concat::fragment { "host_ldap mod top": + target => "$base_installation::puppet_notifies_path/host_ldap.info", + content => template("base_installation/puppet/host_ldap_mod_top.info.erb"), + order => "01-01", + } + concat::fragment { "host_ldap mod bottom": + target => "$base_installation::puppet_notifies_path/host_ldap.info", + content => "EOF", + order => "01-99", + } } } } -- cgit v1.2.3