opendev/system-config
Code Issues Proposed changes
system-config/modules/openstack_project/manifests/server.pp
Paul Belanger e70d41fb1d Remove snmpd from zuul workers 
We use snmpd for cacti.o.o today, which our workers do no use. As
such, remove so we can reduce our puppet footprint.

Change-Id: Ic26a8e6f2b2fe3d76c36c4ed7bccd8efb7839858
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2017-04-07 18:55:57 -04:00

113 lines
3.6 KiB
Puppet
Raw Blame History

# == Class: openstack_project::server
#
# A server that we expect to run for some time
class openstack_project::server (
$iptables_public_tcp_ports = [],
$iptables_public_udp_ports = [],
$iptables_rules4 = [],
$iptables_rules6 = [],
$sysadmins = [],
$certname = $::fqdn,
$pin_puppet = '3.',
$ca_server = undef,
$enable_unbound = true,
$afs = false,
$afs_cache_size = 500000,
$puppetmaster_server = 'puppetmaster.openstack.org',
$manage_exim = true,
$pypi_index_url = 'https://pypi.python.org/simple',
$purge_apt_sources = true,
) {
include openstack_project::params
if $::osfamily == 'Debian' {
# Purge and augment existing /etc/apt/sources.list if requested, and make
# sure apt-get update is run before any packages are installed
class { '::apt':
purge => { 'sources.list' => $purge_apt_sources }
}
if $purge_apt_sources == true {
file { '/etc/apt/sources.list.d/openstack-infra.list':
ensure => present,
group => 'root',
mode => '0444',
owner => 'root',
source => "puppet:///modules/openstack_project/sources.list.${::lsbdistcodename}",
}
exec { 'update-apt':
command => 'apt-get update',
refreshonly => true,
path => '/bin:/usr/bin',
subscribe => File['/etc/apt/sources.list.d/openstack-infra.list'],
}
Exec['update-apt'] -> Package <| |>
}
}
package { $::openstack_project::params::packages:
ensure => present
}
###########################################################
# Manage ntp
include '::ntp'
if ($::osfamily == "RedHat") {
# Utils in ntp-perl are included in Debian's ntp package; we
# add it here for consistency. See also
# https://tickets.puppetlabs.com/browse/MODULES-3660
package { 'ntp-perl':
ensure => present
}
# NOTE(pabelanger): We need to ensure ntpdate service starts on boot for
# centos-7. Currently, ntpd explicitly require ntpdate to be running before
# the sync process can happen in ntpd. As a result, if ntpdate is not
# running, ntpd will start but fail to sync because of DNS is not properly
# setup.
package { 'ntpdate':
ensure => present,
}
service { 'ntpdate':
enable => true,
require => Package['ntpdate'],
}
}
###########################################################
# Process if ( $high_level_directive ) blocks
if ($enable_unbound) {
class { 'unbound':
install_resolv_conf => $install_resolv_conf
}
}
include snmpd
class { 'openstack_project::template':
iptables_public_tcp_ports => $iptables_public_tcp_ports,
iptables_public_udp_ports => $iptables_public_udp_ports,
iptables_rules4 => $iptables_rules4,
iptables_rules6 => $iptables_rules6,
snmp_v4hosts => [
'104.239.135.208',
'104.130.253.206',
],
snmp_v6hosts => [
'2001:4800:7819:104:be76:4eff:fe05:1d6a',
'2001:4800:7818:103:be76:4eff:fe04:7ed0',
],
certname => $certname,
pin_puppet => $pin_puppet,
ca_server => $ca_server,
puppetmaster_server => $puppetmaster_server,
afs => $afs,
afs_cache_size => $afs_cache_size,
manage_exim => $manage_exim,
sysadmins => $sysadmins,
pypi_index_url => $pypi_index_url,
}
}
View Git Blame Copy Permalink