Skip to content
GitLab
Menu
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
Lonlone Lee
base
Commits
c69f4739
Commit
c69f4739
authored
Dec 07, 2016
by
Adam Lewenberg
Browse files
add path attribtues to exec resources in several places
parent
e03c5185
Changes
4
Hide whitespace changes
Inline
Side-by-side
NEWS
View file @
c69f4739
release
/
005.001
(
2016
-
12
-
07
)
Add
"path"
attributes
to
several
exec
resources
.
This
will
be
required
in
the
next
version
of
Puppet
[
adamhl
].
release
/
005.000
(
2016
-
11
-
21
)
This
release
has
a
number
of
breaking
changes
.
[
duo
]
base
::
duo
has
been
completely
reworked
into
a
type
plus
a
common
class
.
Clients
which
use
Duo
for
their
own
purposes
should
create
an
instance
of
base
::
duo
::
config
,
which
will
create
a
Duo
PAM
config
file
for
[
duo
]
base
::
duo
has
been
completely
reworked
into
a
type
plus
a
common
class
.
Clients
which
use
Duo
for
their
own
purposes
should
create
an
instance
of
base
::
duo
::
config
,
which
will
create
a
Duo
PAM
config
file
for
them
to
use
.
See
README
.
duo
for
more
information
.
[
ipmi
]
A
complete
rework
of
base
::
ipmi
.
The
base
::
noipmi
class
no
longer
exists
.
Instead
,
IPMI
support
should
be
disabled
by
setting
base
::
ipmi
::
ensure
to
"absent"
.
IPMI
kernel
modules
,
and
ipmievd
,
should
[
ipmi
]
A
complete
rework
of
base
::
ipmi
.
The
base
::
noipmi
class
no
longer
exists
.
Instead
,
IPMI
support
should
be
disabled
by
setting
base
::
ipmi
::
ensure
to
"absent"
.
IPMI
kernel
modules
,
and
ipmievd
,
should
still
be
automatically
disabled
on
virtual
systems
,
even
when
"ensure => present"
;
in
those
cases
,
the
IPMI
client
tools
will
still
be
"ensure => present"
;
in
those
cases
,
the
IPMI
client
tools
will
still
be
installed
.
Code
has
been
updated
for
Debian
8
and
Ubuntu
16.04
.
[
os
/
debian
]
All
aptitude
operations
are
now
performed
in
a
new
phase
,
called
"aptitude"
.
The
"aptitude"
phase
is
configured
to
run
before
[
os
/
debian
]
All
aptitude
operations
are
now
performed
in
a
new
phase
,
called
"aptitude"
.
The
"aptitude"
phase
is
configured
to
run
before
"main"
.
Clients
which
rely
on
aptitude
being
up
-
to
-
date
must
no
longer
"require => Exec['aptitude update']"
.
The
nature
of
Puppet
phases
will
"require => Exec['aptitude update']"
.
The
nature
of
Puppet
phases
will
ensure
that
aptitude
is
already
updated
.
Clients
installing
their
own
custom
sources
are
advised
to
move
all
of
that
into
separate
classes
,
and
to
put
those
classes
into
a
new
phase
of
their
Clients
installing
their
own
custom
sources
are
advised
to
move
all
of
that
into
separate
classes
,
and
to
put
those
classes
into
a
new
phase
of
their
own
.
This
new
phase
should
"require => Phase['aptitude']"
and
"before => Phase['main']"
,
to
ensure
proper
execution
sequencing
.
[
os
/
debian
]
Add
two
Hiera
-
configurable
parameters
to
base
::
os
::
debian
::
apt
:
*
apt_cache_notin_tmp
.
If
true
,
use
a
different
directory
to
store
package
*
apt_cache_notin_tmp
.
If
true
,
use
a
different
directory
to
store
package
scripts
that
need
to
be
run
during
package
install
/
upgrade
.
*
apt_cache_tmp_dir
.
When
apt_cache_notin_tmp
is
true
,
this
is
the
*
apt_cache_tmp_dir
.
When
apt_cache_notin_tmp
is
true
,
this
is
the
directory
to
use
for
package
scripts
.
[
postfix
/
sender
]
A
new
type
:
base
::
postfix
::
sender
.
This
is
similar
to
base
::
postfix
::
recipient
,
except
it
is
used
to
rewrite
sender
addresses
base
::
postfix
::
recipient
,
except
it
is
used
to
rewrite
sender
addresses
instead
of
recipient
addresses
.
It
is
suggested
that
clients
use
base
::
postfix
::
sender
to
ensure
that
emails
sent
'from'
"root@stanford.edu"
or
"root@hostname.stanford.edu"
are
instead
being
sent
'from'
either
"noreply@stanford.edu"
or
It
is
suggested
that
clients
use
base
::
postfix
::
sender
to
ensure
that
emails
sent
'from'
"root@stanford.edu"
or
"root@hostname.stanford.edu"
are
instead
being
sent
'from'
either
"noreply@stanford.edu"
or
"shared-mailbox@stanford.edu"
.
[
ssh
]
A
fairly
large
rework
of
SSH
code
.
Support
has
been
added
for
treating
"alternate accounts"
(.
root
,
.
admin
,
root
.,
and
admin
.)
the
same
as
root
.
Code
has
also
been
updated
to
account
for
changes
to
base
::
duo
.
Support
has
also
been
added
to
completely
disable
password
authentication
.
Support
for
Ed25519
keys
is
also
included
(
though
disabled
by
default
).
Finally
,
pam_afs
is
now
configurable
:
It
can
be
disabled
on
systems
that
do
[
ssh
]
A
fairly
large
rework
of
SSH
code
.
Support
has
been
added
for
treating
"alternate accounts"
(.
root
,
.
admin
,
root
.,
and
admin
.)
the
same
as
root
.
Code
has
also
been
updated
to
account
for
changes
to
base
::
duo
.
Support
has
also
been
added
to
completely
disable
password
authentication
.
Support
for
Ed25519
keys
is
also
included
(
though
disabled
by
default
).
Finally
,
pam_afs
is
now
configurable
:
It
can
be
disabled
on
systems
that
do
not
use
AFS
.
See
README
.
ssh
for
more
information
on
how
to
use
the
code
.
[
sudo
]
Complete
rework
of
base
::
sudo
,
including
configurable
support
for
Duo
.
Anyone
in
the
"sudo"
or
"wheel"
group
gets
sudo
access
.
If
Duo
is
enabled
,
anyone
on
a
specified
list
is
able
to
sudo
without
a
password
,
but
with
a
two
-
step
run
.
Fail
-
secure
is
supported
,
as
is
using
the
GECOS
field
[
sudo
]
Complete
rework
of
base
::
sudo
,
including
configurable
support
for
Duo
.
Anyone
in
the
"sudo"
or
"wheel"
group
gets
sudo
access
.
If
Duo
is
enabled
,
anyone
on
a
specified
list
is
able
to
sudo
without
a
password
,
but
with
a
two
-
step
run
.
Fail
-
secure
is
supported
,
as
is
using
the
GECOS
field
to
specify
the
username
that
Puppet
should
actually
use
.
See
README
.
sudo
for
more
information
on
how
to
use
the
code
.
...
...
@@ -71,20 +76,20 @@ release/005.000 (2016-11-21)
release
/
004.063
(
2016
-
10
-
17
)
[
ipmi
]
EL
package
requires
(
like
EL6
,
EL7
only
has
available
OpenIPMI
,
and
not
OpenIPMI
-
tools
.
(
jlent
)
Fix
ipmievd
configuration
for
Ubuntu
.
and
not
OpenIPMI
-
tools
.
(
jlent
)
Fix
ipmievd
configuration
for
Ubuntu
.
(
akkornel
)
[
os
]
Update
the
Ubuntu
-
to
-
Debian
mapping
.
(
akkornel
)
Enable
the
debian
-
stanford
backports
for
Unbuntu
distros
based
on
Wheezy
and
Jessie
.
[
os
]
Update
the
Ubuntu
-
to
-
Debian
mapping
.
(
akkornel
)
Enable
the
debian
-
stanford
backports
for
Unbuntu
distros
based
on
Wheezy
and
Jessie
.
(
akkornel
)
Also
add
additional
Ubuntu
-
specific
backports
.
(
akkornel
)
Also
remove
daemontools
as
a
default
install
on
systemd
Ubuntu
.
(
akkornel
)
[
ntp
]
Add
the
SRCF
time
server
,
make
sure
NTP
is
installed
,
and
disable
[
ntp
]
Add
the
SRCF
time
server
,
make
sure
NTP
is
installed
,
and
disable
systemd
-
timesyncd
on
RHEL
8.
[
xinetd
]
Make
sure
inetd
is
removed
before
xinetd
is
installed
.
(
akkornel
)
[
wallet
]
Make
sure
the
base
::
wallet
::
client
class
is
included
when
[
wallet
]
Make
sure
the
base
::
wallet
::
client
class
is
included
when
required
.
(
akkornel
)
release
/
004.062
(
2016
-
06
-
03
)
...
...
manifests/postfix/map.pp
View file @
c69f4739
...
...
@@ -50,6 +50,7 @@ define base::postfix::map(
# both because a command with a creates stanza won't run even if notified
# if that file already exists.
exec
{
"
${command}
${type}
:
${name}
initial"
:
path
=>
'/bin:/usr/sbin:/usr/bin'
,
command
=>
"
${command}
${type}
:
${name}
"
,
creates
=>
"
${name}
.db"
,
require
=>
[
File
[
$name
],
File
[
'/etc/postfix/main.cf'
],
...
...
@@ -57,6 +58,7 @@ define base::postfix::map(
}
exec
{
"
${command}
${type}
:
${name}
"
:
refreshonly
=>
true
,
path
=>
'/bin:/usr/sbin:/usr/bin'
,
command
=>
"
${command}
${type}
:
${name}
"
,
require
=>
[
File
[
'/etc/postfix/main.cf'
],
Package
[
'postfix'
]
],
}
...
...
manifests/postfix/recipient.pp
View file @
c69f4739
...
...
@@ -25,6 +25,7 @@ define base::postfix::recipient(
case
$ensure
{
'absent'
:
{
exec
{
"rm-recipient-
${name}
"
:
path
=>
'/bin:/usr/sbin:/usr/bin'
,
command
=>
"sed -i -e '/^
${name}
/d'
${file}
"
,
onlyif
=>
"grep
${pattern}
${file}
"
,
notify
=>
Exec
[
"postmap hash:
${file}
"
]
...
...
@@ -33,12 +34,14 @@ define base::postfix::recipient(
default
:
{
$line
=
"
${name}
${ensure}
"
exec
{
"add-recipient-
${name}
"
:
path
=>
'/bin:/usr/sbin:/usr/bin'
,
command
=>
"echo '
${line}
' >>
${file}
"
,
unless
=>
"grep
${pattern}
${file}
"
,
require
=>
Package
[
'postfix'
],
notify
=>
Exec
[
"postmap hash:
${file}
"
],
}
exec
{
"fix-recipient-
${name}
"
:
path
=>
'/bin:/usr/sbin:/usr/bin'
,
command
=>
"sed -i -e 's/^
${name}
..*
\$
/
${line}
/'
${file}
"
,
unless
=>
"grep '^
${line}
\$
'
${file}
"
,
require
=>
Exec
[
"add-recipient-
${name}
"
],
...
...
manifests/sysctl.pp
View file @
c69f4739
...
...
@@ -19,6 +19,7 @@ define base::sysctl($ensure) {
case
$ensure
{
absent
:
{
exec
{
"rm-sysctl-
$name
"
:
path
=>
'/bin:/usr/sbin:/usr/bin'
,
command
=>
"sed -i -e '/^
$name
/d'
$filename
"
,
onlyif
=>
"grep '^[^#]'
$filename
| grep ^
$name
"
}
...
...
@@ -26,11 +27,13 @@ define base::sysctl($ensure) {
default
:
{
$line
=
"
$name
=
$ensure
"
exec
{
"add-sysctl-
$name
"
:
path
=>
'/bin:/usr/sbin:/usr/bin'
,
command
=>
"echo '
$line
' >>
$filename
"
,
unless
=>
"grep '^
$name
'
$filename
"
,
notify
=>
Exec
[
"reload sysctl.conf"
]
}
exec
{
"fix-sysctl-
$name
"
:
path
=>
'/bin:/usr/sbin:/usr/bin'
,
command
=>
"sed -i -e '/^
$name
/d'
$filename
; echo '
$line
' >>
$filename
"
,
unless
=>
"grep '^
$name
[[:space:]]*=[[:space:]]*
$ensure
'
$filename
"
,
require
=>
Exec
[
"add-sysctl-
$name
"
],
...
...
@@ -63,4 +66,4 @@ class base::sysctl::tcp_keepalive {
"net.ipv4.tcp_keepalive_probes"
:
ensure
=>
20
;
"net.ipv4.tcp_keepalive_time"
:
ensure
=>
600
;
}
}
\ No newline at end of file
}
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment