summaryrefslogtreecommitdiff
path: root/global
diff options
context:
space:
mode:
authorLinus Nordberg <linus@nordu.net>2017-07-28 16:30:41 +0200
committerLinus Nordberg <linus@nordu.net>2017-07-28 16:30:41 +0200
commit02d31e08862e42dc2fa46f16eb4e3e5e15fc05ff (patch)
tree8b519b9cf93742f837af3961117a8ba0ba8856e8 /global
parentb7a6f1cd5bcb8448f3978edadfdeb9f99732db5a (diff)
Update global/overlay/etc/puppet/ from nunoc-ops.ct-ops-2017-07-28-v06
Diffstat (limited to 'global')
-rw-r--r--global/overlay/etc/puppet/cosmos-modules.conf57
-rwxr-xr-xglobal/overlay/etc/puppet/cosmos_config_version11
-rw-r--r--global/overlay/etc/puppet/facter/cosmos.rb22
-rw-r--r--global/overlay/etc/puppet/puppet.conf6
4 files changed, 60 insertions, 36 deletions
diff --git a/global/overlay/etc/puppet/cosmos-modules.conf b/global/overlay/etc/puppet/cosmos-modules.conf
index 991a570..981d765 100644
--- a/global/overlay/etc/puppet/cosmos-modules.conf
+++ b/global/overlay/etc/puppet/cosmos-modules.conf
@@ -1,36 +1,23 @@
+# name source (puppetlabs fq name or git url) upgrade (yes/no)
#
-# name source (puppetlabs fq name or git url) upgrade (yes/no) tag-pattern
-#
-# NOTE that Git packages MUST be tagged with signatures by someone
-# in the Cosmos trust list. That is why all the URLs point to forked
-# versions in the SUNET github organization.
-#
-concat https://github.com/SUNET/puppetlabs-concat.git yes sunet-*
-stdlib https://github.com/SUNET/puppetlabs-stdlib.git yes sunet-*
-cosmos https://github.com/SUNET/puppet-cosmos.git yes sunet-*
-ufw https://github.com/SUNET/puppet-module-ufw.git yes sunet_dev-*
-apt https://github.com/SUNET/puppetlabs-apt.git yes sunet_dev-*
-vcsrepo https://github.com/SUNET/puppetlabs-vcsrepo.git yes sunet-*
-xinetd https://github.com/SUNET/puppetlabs-xinetd.git yes sunet-*
-hiera-gpg https://github.com/SUNET/hiera-gpg.git yes sunet-*
-#
-# Alternate sources you might or might not want to use:
-#concat puppetlabs/concat no
-#stdlib puppetlabs/stdlib no
-#ufw attachmentgenie/ufw no
-#apt puppetlabs/apt no
-#vcsrepo puppetlabs/vcsrepo no
-#xinetd puppetlabs/xinetd no
-#cosmos https://github.com/SUNET/puppet-cosmos.git yes
-#python https://github.com/SUNET/puppet-python.git yes sunet-*
-#erlang https://github.com/SUNET/garethr-erlang.git yes sunet-*
-#rabbitmq https://github.com/SUNET/puppetlabs-rabbitmq.git yes sunet_dev-*
-#pound https://github.com/SUNET/puppet-pound.git yes sunet_dev-*
-#augeas https://github.com/SUNET/puppet-augeas.git yes sunet-*
-#bastion https://github.com/SUNET/puppet-bastion.git yes sunet-*
-#postgresql https://github.com/SUNET/puppetlabs-postgresql.git yes sunet_dev-*
-#munin https://github.com/SUNET/ssm-munin.git yes sunet-*
-#nagios https://github.com/SUNET/puppet-nagios.git yes sunet-*
-#staging https://github.com/SUNET/puppet-staging.git yes sunet-*
-#apparmor https://github.com/SUNET/puppet-apparmor.git yes sunet-*
-#docker https://github.com/SUNET/garethr-docker.git yes sunet_dev-*
+concat git://github.com/SUNET/puppetlabs-concat.git yes sunet_dev-*
+stdlib git://github.com/SUNET/puppetlabs-stdlib.git yes sunet-*
+cosmos git://github.com/SUNET/puppet-cosmos.git yes sunet-*
+ufw git://github.com/SUNET/puppet-module-ufw.git yes sunet-*
+apt git://github.com/SUNET/puppetlabs-apt.git yes sunet-*
+vcsrepo git://github.com/SUNET/puppetlabs-vcsrepo.git yes sunet-*
+xinetd git://github.com/SUNET/puppetlabs-xinetd.git yes sunet-*
+python git://github.com/SUNET/puppet-python.git yes sunet-*
+hiera-gpg git://github.com/SUNET/hiera-gpg.git yes sunet-*
+pound git://github.com/SUNET/puppet-pound.git yes sunet-*
+augeas git://github.com/SUNET/puppet-augeas.git yes sunet-*
+bastion git://github.com/SUNET/puppet-bastion.git yes sunet-*
+pyff git://github.com/samlbits/puppet-pyff.git yes puppet-pyff-*
+dhcp git://github.com/SUNET/puppetlabs-dhcp.git yes sunet_dev-*
+varnish git://github.com/samlbits/puppet-varnish.git yes puppet-varnish-*
+apparmor https://github.com/SUNET/puppet-apparmor.git yes sunet-*
+docker git://github.com/SUNET/garethr-docker.git yes sunet-*
+network git://github.com/SUNET/attachmentgenie-network.git yes sunet-*
+sunet git://github.com/SUNET/puppet-sunet.git yes sunet-*
+sysctl git://github.com/SUNET/puppet-sysctl.git yes sunet-*
+nagioscfg git://github.com/SUNET/puppet-nagioscfg.git yes sunet-*
diff --git a/global/overlay/etc/puppet/cosmos_config_version b/global/overlay/etc/puppet/cosmos_config_version
new file mode 100755
index 0000000..57786fd
--- /dev/null
+++ b/global/overlay/etc/puppet/cosmos_config_version
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -e
+
+set -a
+COSMOS_CONF_DIR="/etc/cosmos"
+. /etc/cosmos/cosmos.conf
+COSMOS_VERBOSE="yes"
+set +a
+
+/etc/cosmos/update.d/25verify-git 2>/dev/null | grep ^"tag " | head -1 | cut -b 5-
diff --git a/global/overlay/etc/puppet/facter/cosmos.rb b/global/overlay/etc/puppet/facter/cosmos.rb
new file mode 100644
index 0000000..d810082
--- /dev/null
+++ b/global/overlay/etc/puppet/facter/cosmos.rb
@@ -0,0 +1,22 @@
+#
+# Extract local Cosmos configuration
+#
+require 'facter'
+Facter.add(:cosmos_repo) do
+ setcode do
+ Facter::Util::Resolution.exec("sh -c '. /etc/cosmos/cosmos.conf && echo $COSMOS_REPO'")
+ end
+end
+
+Facter.add(:cosmos_tag_pattern) do
+ setcode do
+ Facter::Util::Resolution.exec("sh -c '. /etc/cosmos/cosmos.conf && echo $COSMOS_UPDATE_VERIFY_GIT_TAG_PATTERN'")
+ end
+end
+
+Facter.add(:cosmos_repo_origin_url) do
+ setcode do
+ Facter::Util::Resolution.exec("sh -c '. /etc/cosmos/cosmos.conf && cd $COSMOS_REPO && git remote show -n origin | grep \"Fetch URL\" | awk \"{print \\$NF }\"'")
+ end
+end
+
diff --git a/global/overlay/etc/puppet/puppet.conf b/global/overlay/etc/puppet/puppet.conf
index 1f834e8..cc9e736 100644
--- a/global/overlay/etc/puppet/puppet.conf
+++ b/global/overlay/etc/puppet/puppet.conf
@@ -3,10 +3,14 @@ logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
-factpath=$vardir/lib/facter
+# factpath is supposed to be colon-delimeted, but that does not appear to work
+# (tested with 'strace -f facter --puppet something' - does not split on colon in Puppet 3.4.2).
+factpath=/etc/puppet/facter
node_terminus = exec
external_nodes = /etc/puppet/cosmos_enc.py
basemodulepath = /etc/puppet/modules:/etc/puppet/cosmos-modules:/usr/share/puppet/modules
+parser = future
+disable_warnings = deprecations
[master]
# These are needed when the puppetmaster is run by passenger