1 # SPDX-license-identifier: Apache-2.0
2 ##############################################################################
3 # Copyright (c) 2016 RedHat and others.
4 # All rights reserved. This program and the accompanying materials
5 # are made available under the terms of the Apache License, Version 2.0
6 # which accompanies this distribution, and is available at
7 # http://www.apache.org/licenses/LICENSE-2.0
8 ##############################################################################
10 $iptables_public_tcp_ports = [],
11 $iptables_public_udp_ports = [],
12 $iptables_rules4 = [],
13 $iptables_rules6 = [],
15 $enable_unbound = true,
16 $purge_apt_sources = true,
18 ###########################################################
19 # Classes for all hosts
24 public_tcp_ports => $iptables_public_tcp_ports,
25 public_udp_ports => $iptables_public_udp_ports,
26 rules4 => $iptables_rules4,
27 rules6 => $iptables_rules6,
31 timezone => 'Etc/UTC',
34 if ($enable_unbound) {
36 install_resolv_conf => $install_resolv_conf
41 notify { 'rsyslog in chroot':
42 message => 'rsyslog not refreshed, running in chroot',
50 require => Package['rsyslog'],
52 $rsyslog_notify = [ Service['rsyslog'] ]
55 ###########################################################
58 # Increase syslog message size in order to capture
59 # python tracebacks with syslog.
60 file { '/etc/rsyslog.d/99-maxsize.conf':
62 # Note MaxMessageSize is not a puppet variable.
63 content => '$MaxMessageSize 6k',
67 notify => $rsyslog_notify,
68 require => Package['rsyslog'],
72 file { '/etc/profile.d/Z98-byobu.sh':
76 if $::osfamily == 'Debian' {
78 # Ubuntu installs their whoopsie package by default, but it eats through
79 # memory and we don't need it on servers
84 package { 'popularity-contest':
89 ###########################################################
90 # Package resources for all operating systems
122 $packages = ['parted', 'puppet', 'wget', 'iputils']
123 $user_packages = ['emacs-nox', 'vim-enhanced']
124 $update_pkg_list_cmd = ''
127 $packages = ['parted', 'puppet', 'wget', 'iputils-ping']
128 case $::operatingsystemrelease {
129 /^(12|14)\.(04|10)$/: {
130 $user_packages = ['emacs23-nox', 'vim-nox', 'iftop',
134 $user_packages = ['emacs-nox', 'vim-nox']
137 $update_pkg_list_cmd = 'apt-get update >/dev/null 2>&1;'
140 fail("Unsupported osfamily: ${::osfamily} The 'openstack_project' module only supports osfamily Debian or RedHat (slaves only).")
147 ###########################################################
148 # Package resources for specific operating systems
152 # Purge and augment existing /etc/apt/sources.list if requested, and make
153 # sure apt-get update is run before any packages are installed
155 purge => { 'sources.list' => $purge_apt_sources }
158 # Make sure dig is installed
159 package { 'dnsutils':
164 # Make sure dig is installed
165 package { 'bind-utils':
171 ###########################################################
176 if ($::osfamily == "RedHat") {
177 # Utils in ntp-perl are included in Debian's ntp package; we
178 # add it here for consistency. See also
179 # https://tickets.puppetlabs.com/browse/MODULES-3660
180 package { 'ntp-perl':
183 # NOTE(pabelanger): We need to ensure ntpdate service starts on boot for
184 # centos-7. Currently, ntpd explicitly require ntpdate to be running before
185 # the sync process can happen in ntpd. As a result, if ntpdate is not
186 # running, ntpd will start but fail to sync because of DNS is not properly
193 require => Package['ntpdate'],
197 ###########################################################
200 $desired_virtualenv = '13.1.0'
202 optional_settings => {
203 'extra-index-url' => '',
205 manage_pip_conf => true,
208 if (( versioncmp($::virtualenv_version, $desired_virtualenv) < 0 )) {
209 $virtualenv_ensure = $desired_virtualenv
211 $virtualenv_ensure = present
213 package { 'virtualenv':
214 ensure => $virtualenv_ensure,
215 provider => openstack_pip,
216 require => Class['pip'],
220 if ! defined(File['/root/.ssh']) {
227 # ensure that we have non-pass sudo, and
229 file_line { 'sudo_rule_no_pw':
230 path => '/etc/sudoers',
231 line => '%wheel ALL=(ALL) NOPASSWD: ALL',
233 file_line { 'sudo_rule_notty':
234 path => '/etc/sudoers',
235 line => 'Defaults requiretty',
236 match => '.*requiretty.*',
237 match_for_absence => true,
242 # disable selinux in case of RHEL
243 if ($::osfamily == 'RedHat') {
250 create_resources('host', hiera_hash('hosts'))