Browse files

syslog, ntp, grub, kvm, whatever

  • Loading branch information...
1 parent 56325e3 commit a6eb6929eb3f9f1f82b7a553a171f58e1facba5f @zeha committed Jul 26, 2012
View
1 auto/manifests/detect.pp
@@ -1,4 +1,5 @@
class auto::detect {
include auto::os
include auto::virtual
+ include defaults
}
View
6 auto/manifests/virtual.pp
@@ -1,9 +1,15 @@
class auto::virtual {
case $virtual {
"openvzve": { include auto::virtual::openvzve }
+ "kvm": { include auto::virtual::kvm }
}
}
class auto::virtual::openvzve {
include openvz::container
}
+
+class auto::virtual::kvm {
+ include ntp::client
+ include grub
+}
View
5 defaults/manifests/init.pp
@@ -0,0 +1,5 @@
+class defaults {
+ package { ["locales","acl"]:
+ ensure => installed
+ }
+}
View
32 grub/files/grub.default
@@ -0,0 +1,32 @@
+# If you change this file, run 'update-grub' afterwards to update
+# /boot/grub/grub.cfg.
+
+GRUB_DEFAULT=0
+GRUB_TIMEOUT=5
+GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
+GRUB_CMDLINE_LINUX_DEFAULT="quiet"
+GRUB_CMDLINE_LINUX=""
+
+# Uncomment to enable BadRAM filtering, modify to suit your needs
+# This works with Linux (no patch required) and with any kernel that obtains
+# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...)
+#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef"
+
+# Uncomment to disable graphical terminal (grub-pc only)
+#GRUB_TERMINAL=console
+
+# The resolution used on graphical terminal
+# note that you can use only modes which your graphic card supports via VBE
+# you can see them in real GRUB with the command `vbeinfo'
+GRUB_GFXMODE=1024x768
+
+GRUB_GFXPAYLOAD_LINUX=keep
+
+# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux
+#GRUB_DISABLE_LINUX_UUID=true
+
+# Uncomment to disable generation of recovery mode menu entries
+#GRUB_DISABLE_LINUX_RECOVERY="true"
+
+# Uncomment to get a beep at grub start
+#GRUB_INIT_TUNE="480 440 1"
View
15 grub/manifests/init.pp
@@ -0,0 +1,15 @@
+class grub {
+ package { "grub-pc":
+ ensure => installed
+ }
+ file { "/etc/default/grub":
+ require => Package["grub-pc"],
+ source => "puppet:///modules/grub/grub.default",
+ mode => 0644,
+ notify => Exec["update-grub"],
+ }
+ exec { "update-grub":
+ path => "/usr/sbin:/sbin:/usr/bin:/bin",
+ user => "root",
+ }
+}
View
56 ntp/files/ntp.conf.client
@@ -0,0 +1,56 @@
+################################################################################
+# This file is managed by puppet.
+################################################################################
+
+# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
+
+driftfile /var/lib/ntp/ntp.drift
+
+
+# Enable this if you want statistics to be logged.
+#statsdir /var/log/ntpstats/
+
+statistics loopstats peerstats clockstats
+filegen loopstats file loopstats type day enable
+filegen peerstats file peerstats type day enable
+filegen clockstats file clockstats type day enable
+
+
+# You do need to talk to an NTP server or two (or three).
+#server ntp.your-provider.example
+
+# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will
+# pick a different set every time it starts up. Please consider joining the
+# pool: <http://www.pool.ntp.org/join.html>
+server time.namespace.at iburst
+
+
+# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
+# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
+# might also be helpful.
+#
+# Note that "restrict" applies to both servers and clients, so a configuration
+# that might be intended to block requests from certain clients could also end
+# up blocking replies from your own upstream servers.
+
+# By default, exchange time with everybody, but don't allow configuration.
+restrict -4 default kod notrap nomodify nopeer noquery
+restrict -6 default kod notrap nomodify nopeer noquery
+
+# Local users may interrogate the ntp server more closely.
+restrict 127.0.0.1
+restrict ::1
+
+# Clients from this (example!) subnet have unlimited access, but only if
+# cryptographically authenticated.
+#restrict 192.168.123.0 mask 255.255.255.0 notrust
+
+
+# If you want to provide time to your local subnet, change the next line.
+# (Again, the address is an example only.)
+#broadcast 192.168.123.255
+
+# If you want to listen to time broadcasts on your local subnet, de-comment the
+# next lines. Please do this only if you trust everybody on the network!
+#disable auth
+#broadcastclient
View
14 ntp/manifests/client.pp
@@ -0,0 +1,14 @@
+class ntp::client {
+ package { "ntp":
+ ensure => installed
+ }
+ file { "/etc/ntp.conf":
+ require => Package["ntp"],
+ source => "puppet:///modules/ntp/ntp.conf.client",
+ mode => 0640,
+ notify => Service["ntp"],
+ }
+ service { "ntp":
+ enable => true
+ }
+}
View
2 nullmailer/manifests/init.pp
@@ -5,7 +5,7 @@
ensure => installed,
}
service { "nullmailer":
- ensure => running,
+ enable => true,
require => Package["nullmailer"],
}
File {
View
2 openvz/manifests/vnode.pp
@@ -1,5 +1,7 @@
class openvz::vnode {
+ include grub
+
package { "vzctl":
ensure => installed,
}
View
10 role/manifests/physical.pp
@@ -0,0 +1,10 @@
+# base-only managed physical host
+class role::physical {
+ include auto::detect
+ include puppet::client
+ include resolver
+ include screen
+ include syslog
+ include vim
+ include zsh
+}
View
27 syslog/files/logrotate
@@ -0,0 +1,27 @@
+/var/log/syslog
+/var/log/system.log
+{
+ rotate 7
+ daily
+ missingok
+ notifempty
+ delaycompress
+ compress
+ postrotate
+ invoke-rc.d rsyslog reload > /dev/null
+ endscript
+}
+
+/var/log/auth.log
+{
+ rotate 4
+ weekly
+ missingok
+ notifempty
+ compress
+ delaycompress
+ sharedscripts
+ postrotate
+ invoke-rc.d rsyslog reload > /dev/null
+ endscript
+}
View
2 syslog/files/rsyslog.conf
@@ -53,5 +53,5 @@ auth,authpriv.* /var/log/auth.log
#
# Emergencies are sent to everybody logged in.
#
-*.emerg :omusrmsg:*
+# *.emerg :omusrmsg:*
View
7 syslog/manifests/init.pp
@@ -9,4 +9,11 @@
group => root,
ensure => present,
}
+ file { "/etc/logrotate.d/rsyslog":
+ source => "puppet:///modules/syslog/logrotate",
+ mode => 0644,
+ owner => root,
+ group => root,
+ ensure => present,
+ }
}

0 comments on commit a6eb692

Please sign in to comment.