-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Loading status checks…
Merge branch 'main' into allow_pam_access_group
Showing
52 changed files
with
1,202 additions
and
935 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,14 +1,2 @@ | ||
--- | ||
profile::freeipa::server::regen_cert_cmd: ipa-getcert list | grep -oP "Request ID '\K[^']+" | xargs -I '{}' ipa-getcert resubmit -i '{}' -w | ||
profile::gpu::install::passthrough::packages: | ||
- kmod-nvidia-latest-dkms # require to be first package, otherwise kmod-nivida is installed | ||
- nvidia-driver-cuda-libs | ||
- nvidia-driver | ||
- nvidia-driver-devel | ||
- nvidia-driver-libs | ||
- nvidia-driver-NVML | ||
- nvidia-modprobe | ||
- nvidia-xconfig | ||
- nvidia-persistenced | ||
|
||
os::redhat::python3::version: 3.6 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,13 +1,2 @@ | ||
--- | ||
os::redhat::python3::version: 3.9 | ||
profile::freeipa::server::regen_cert_cmd: ipa-getcert list | grep -oP "Request ID '\K[^']+" | xargs -I '{}' ipa-getcert resubmit -i '{}' -w | ||
profile::gpu::install::passthrough::packages: | ||
- kmod-nvidia-latest-dkms # require to be first package, otherwise kmod-nivida is installed | ||
- nvidia-driver-cuda-libs | ||
- nvidia-driver | ||
- nvidia-driver-devel | ||
- nvidia-driver-libs | ||
- nvidia-driver-NVML | ||
- nvidia-modprobe | ||
- nvidia-xconfig | ||
- nvidia-persistenced |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
require 'yaml' | ||
|
||
Puppet::Functions.create_function(:terraform_self) do | ||
dispatch :terraform_self do | ||
param 'Hash', :options | ||
param 'Puppet::LookupContext', :context | ||
end | ||
|
||
def terraform_self(options, context) | ||
path = options['path'] | ||
hostname = options['hostname'] | ||
data = context.cached_file_data(path) do |content| | ||
begin | ||
Puppet::Util::Yaml.safe_load(content, [Symbol], path) | ||
end | ||
end | ||
return { 'terraform' => { 'self' => data['terraform']['instances'][hostname] || {} } } | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,6 @@ | ||
#!/bin/bash | ||
|
||
echo "{ '/dev/disk' : {" | ||
echo "---" | ||
echo \"/dev/disk\": | ||
for i in $(find /dev/disk -type l); do | ||
echo \"$i\":\"$(readlink -f $i)\"; | ||
done | paste -sd, | ||
echo '}}' | ||
echo " "\"$i\": \"$(readlink -f $i)\" | ||
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
#!/bin/sh | ||
echo "---" | ||
echo '"ipa":' | ||
echo ' "installed":' $(test -f /etc/ipa/default.conf && echo "true" || echo "false") | ||
echo ' "domain":' $(test -f /etc/ipa/default.conf && grep -oP 'domain\s*=\s*\K(.*)' /etc/ipa/default.conf) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
sources: | ||
in: | ||
type: "stdin" | ||
|
||
sinks: | ||
out: | ||
inputs: | ||
- "in" | ||
type: "console" | ||
encoding: | ||
codec: "text" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,14 +1,21 @@ | ||
function profile::generate_slurm_node_line($name, $attr, $weight) >> String { | ||
function profile::generate_slurm_node_line($name, $attr, $comp_weight) >> String { | ||
if $attr['specs']['gpus'] > 0 { | ||
if $attr['specs']['mig'] and ! $attr['specs']['mig'].empty { | ||
$gres = $attr['specs']['mig'].map|$key,$value| { | ||
$gpu = $attr['specs']['mig'].map|$key,$value| { | ||
['gpu', $key, $value * $attr['specs']['gpus']].join(':') | ||
}.join(',') | ||
} else { | ||
$gres = "gpu:${attr['specs']['gpus']}" | ||
$gpu = "gpu:${attr['specs']['gpus']}" | ||
} | ||
if $attr['specs']['shard'] and ! $attr['specs']['shard'].empty { | ||
$shard = ",shard:${attr['specs']['shard']}" | ||
} else { | ||
$shard = '' | ||
} | ||
$gres = "${gpu}${shard}" | ||
} else { | ||
$gres = 'gpu:0' | ||
} | ||
$weight = pick($attr['specs']['weight'], $comp_weight) | ||
"NodeName=${name} CPUs=${attr['specs']['cpus']} RealMemory=${attr['specs']['ram']} Gres=${gres} Weight=${weight}" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
function profile::gethostnames_with_class($class_name) >> Array[String] { | ||
$instances = lookup('terraform.instances') | ||
$site_all = lookup('magic_castle::site::all') | ||
$site_tags = lookup('magic_castle::site::tags') | ||
|
||
if $class_name in $site_all { | ||
return $instances.keys() | ||
} else { | ||
$tags = keys($site_tags).filter |$tag| { | ||
$class_name in $site_tags[$tag] | ||
} | ||
return keys($instances).filter |$hostname| { | ||
!intersection($tags, $instances[$hostname]['tags']).empty | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,130 +1,133 @@ | ||
type BindMount = Struct[{ | ||
'src' => Stdlib::Unixpath, | ||
'dst' => Stdlib::Unixpath, | ||
'type' => Optional[Enum['file', 'directory']], | ||
}] | ||
|
||
type CephFS = Struct[ | ||
{ | ||
'share_name' => String, | ||
'access_key' => String, | ||
'export_path' => Stdlib::Unixpath, | ||
'bind_mounts' => Optional[Array[BindMount]], | ||
'binds_fcontext_equivalence' => Optional[Stdlib::Unixpath], | ||
} | ||
] | ||
|
||
class profile::ceph::client ( | ||
String $share_name, | ||
String $access_key, | ||
String $export_path, | ||
Array[String] $mon_host, | ||
Array[String] $mount_binds = [], | ||
String $mount_name = 'cephfs01', | ||
String $binds_fcontext_equivalence = '/home', | ||
Hash[String, CephFS] $shares, | ||
) { | ||
class { 'profile::ceph::client::config': | ||
share_name => $share_name, | ||
access_key => $access_key, | ||
export_path => $export_path, | ||
mon_host => $mon_host, | ||
} | ||
|
||
file { "/mnt/${mount_name}": | ||
ensure => directory, | ||
} | ||
require profile::ceph::client::install | ||
|
||
$mon_host_string = join($mon_host, ',') | ||
mount { "/mnt/${mount_name}": | ||
ensure => 'mounted', | ||
fstype => 'ceph', | ||
device => "${mon_host_string}:${export_path}", | ||
options => "name=${share_name},secretfile=/etc/ceph/client.keyonly.${share_name}", | ||
require => Class['profile::ceph::client::config'], | ||
} | ||
|
||
$mount_binds.each |$mount| { | ||
file { "/mnt/${mount_name}/${mount}": | ||
ensure => directory, | ||
require => Class['profile::ceph::client::config'], | ||
} | ||
file { "/${mount}": | ||
ensure => directory, | ||
require => Class['profile::ceph::client::config'], | ||
} | ||
mount { "/${mount}": | ||
ensure => 'mounted', | ||
fstype => 'none', | ||
options => 'rw,bind', | ||
device => "/mnt/${mount_name}/${mount}", | ||
require => [ | ||
File["/mnt/${mount_name}/${mount}"], | ||
File["/${mount}"], | ||
], | ||
} | ||
$ceph_conf = @("EOT") | ||
[client] | ||
client quota = true | ||
mon host = ${mon_host_string} | ||
| EOT | ||
|
||
if ($binds_fcontext_equivalence != '' and "/${mount}" != $binds_fcontext_equivalence) { | ||
selinux::fcontext::equivalence { "/${mount}": | ||
ensure => 'present', | ||
target => $binds_fcontext_equivalence, | ||
require => Mount["/${mount}"], | ||
notify => Selinux::Exec_restorecon["/${mount}"], | ||
} | ||
selinux::exec_restorecon { "/${mount}": } | ||
} | ||
file { '/etc/ceph/ceph.conf': | ||
content => $ceph_conf, | ||
} | ||
|
||
ensure_resources(profile::ceph::client::share, $shares, { 'mon_host' => $mon_host, 'bind_mounts' => [] }) | ||
} | ||
|
||
class profile::ceph::client::install { | ||
class profile::ceph::client::install ( | ||
String $release = 'reef', | ||
Optional[String] $version = undef, | ||
) { | ||
include epel | ||
|
||
if $version != undef and $version != '' { | ||
$repo = "rpm-${version}" | ||
} else { | ||
$repo = "rpm-${release}" | ||
} | ||
|
||
yumrepo { 'ceph-stable': | ||
ensure => present, | ||
enabled => true, | ||
baseurl => "https://download.ceph.com/rpm-nautilus/el${$::facts['os']['release']['major']}/${::facts['architecture']}/", | ||
baseurl => "https://download.ceph.com/${repo}/el${$::facts['os']['release']['major']}/${::facts['architecture']}/", | ||
gpgcheck => 1, | ||
gpgkey => 'https://download.ceph.com/keys/release.asc', | ||
repo_gpgcheck => 0, | ||
} | ||
|
||
if versioncmp($::facts['os']['release']['major'], '8') >= 0 { | ||
$argparse_pkgname = 'python3-ceph-argparse' | ||
} else { | ||
$argparse_pkgname = 'python-ceph-argparse' | ||
} | ||
|
||
package { | ||
[ | ||
'libcephfs2', | ||
'python-cephfs', | ||
'ceph-common', | ||
$argparse_pkgname, | ||
'python3-ceph-argparse', | ||
# 'ceph-fuse', | ||
]: | ||
ensure => installed, | ||
require => [Yumrepo['epel'], Yumrepo['ceph-stable']], | ||
} | ||
} | ||
|
||
class profile::ceph::client::config ( | ||
define profile::ceph::client::share ( | ||
Array[String] $mon_host, | ||
String $share_name, | ||
String $access_key, | ||
String $export_path, | ||
Array[String] $mon_host, | ||
Stdlib::Unixpath $export_path, | ||
Array[BindMount] $bind_mounts, | ||
Optional[Stdlib::Unixpath] $binds_fcontext_equivalence = undef, | ||
) { | ||
require profile::ceph::client::install | ||
|
||
$client_fullkey = @("EOT") | ||
[client.${share_name}] | ||
[client.${name}] | ||
key = ${access_key} | ||
| EOT | ||
|
||
file { "/etc/ceph/client.fullkey.${share_name}": | ||
file { "/etc/ceph/client.fullkey.${name}": | ||
content => $client_fullkey, | ||
mode => '0600', | ||
owner => 'root', | ||
group => 'root', | ||
} | ||
|
||
file { "/etc/ceph/client.keyonly.${share_name}": | ||
file { "/etc/ceph/client.keyonly.${name}": | ||
content => Sensitive($access_key), | ||
mode => '0600', | ||
owner => 'root', | ||
group => 'root', | ||
} | ||
file { "/mnt/${name}": | ||
ensure => directory, | ||
} | ||
|
||
$mon_host_string = join($mon_host, ',') | ||
$ceph_conf = @("EOT") | ||
[client] | ||
client quota = true | ||
mon host = ${mon_host_string} | ||
| EOT | ||
mount { "/mnt/${name}": | ||
ensure => 'mounted', | ||
fstype => 'ceph', | ||
device => "${mon_host_string}:${export_path}", | ||
options => "name=${share_name},secretfile=/etc/ceph/client.keyonly.${name}", | ||
require => File['/etc/ceph/ceph.conf'], | ||
} | ||
|
||
file { '/etc/ceph/ceph.conf': | ||
content => $ceph_conf, | ||
$bind_mounts.each |$mount| { | ||
file { $mount['dst']: | ||
ensure => pick($mount['type'], 'directory'), | ||
} | ||
mount { $mount['dst']: | ||
ensure => 'mounted', | ||
fstype => 'none', | ||
options => 'rw,bind', | ||
device => "/mnt/${name}${mount['src']}", | ||
require => [ | ||
File[$mount['dst']], | ||
Mount["/mnt/${name}"] | ||
], | ||
} | ||
|
||
if ($binds_fcontext_equivalence and $binds_fcontext_equivalence != $mount['dst']) { | ||
selinux::fcontext::equivalence { $mount['dst']: | ||
ensure => 'present', | ||
target => $binds_fcontext_equivalence, | ||
require => Mount[$mount['dst']], | ||
} | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
class profile::vector | ||
( | ||
String $config = file('puppet:///modules/profile/vector/default_config.yaml') | ||
) | ||
{ | ||
yumrepo { 'vector': | ||
ensure => present, | ||
enabled => true, | ||
baseurl => "https://yum.vector.dev/stable/vector-0/${::facts['architecture']}/", | ||
gpgcheck => 1, | ||
gpgkey => [ | ||
'https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public', | ||
'https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public', | ||
'https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public', | ||
], | ||
repo_gpgcheck => 1, | ||
} | ||
|
||
package { 'vector': | ||
ensure => 'installed', | ||
require => [Yumrepo['vector']], | ||
} | ||
|
||
service { 'vector': | ||
ensure => running, | ||
enable => true, | ||
require => [Package['vector']], | ||
} | ||
|
||
file { '/etc/vector/vector.yaml': | ||
notify => Service['vector'], | ||
content => $config, | ||
require => [Package['vector']], | ||
} | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,178 @@ | ||
# lookup_options: | ||
# profile::volumes::devices: | ||
# merge: 'deep' | ||
|
||
## common.yaml | ||
# profile::volumes::devices: %{alias('terraform.self.volumes')} | ||
|
||
## Provided by the user | ||
# profile::volumes::devices: | ||
# nfs: | ||
# home: | ||
# mode: '0600' | ||
# owner: 'root' | ||
# group: 'root' | ||
# quota: '5g' | ||
|
||
class profile::volumes ( | ||
Hash[String, Hash[String, Hash]] $devices, | ||
) { | ||
package { 'lvm2': | ||
ensure => installed, | ||
} | ||
$devices.each | String $volume_tag, $device_map | { | ||
ensure_resource('file', "/mnt/${volume_tag}", { 'ensure' => 'directory' }) | ||
$device_map.each | String $key, $values | { | ||
profile::volumes::volume { "${volume_tag}-${key}": | ||
volume_name => $key, | ||
volume_tag => $volume_tag, | ||
* => $values, | ||
} | ||
} | ||
} | ||
} | ||
|
||
define profile::volumes::volume ( | ||
String[1] $volume_name, | ||
String[1] $volume_tag, | ||
String[1] $glob, | ||
Integer[1] $size, | ||
String[1] $owner = 'root', | ||
String[1] $group = 'root', | ||
String[3,4] $mode = '0755', | ||
String[1] $seltype = 'home_root_t', | ||
Boolean $bind_mount = true, | ||
Boolean $enable_resize = false, | ||
Enum['xfs', 'ext4'] $filesystem = 'xfs', | ||
Optional[String[1]] $bind_target = undef, | ||
Optional[String[1]] $type = undef, | ||
Optional[String[1]] $quota = undef, | ||
Optional[String[1]] $mkfs_options = undef, | ||
) { | ||
$regex = Regexp(regsubst($glob, /[?*]/, { '?' => '.', '*' => '.*' })) | ||
$bind_target_ = pick($bind_target, "/${volume_name}") | ||
|
||
file { "/mnt/${volume_tag}/${volume_name}": | ||
ensure => 'directory', | ||
owner => $owner, | ||
group => $group, | ||
mode => $mode, | ||
seltype => $seltype, | ||
} | ||
|
||
$device = (values($::facts['/dev/disk'].filter |$k, $v| { $k =~ $regex }).unique)[0] | ||
$dev_mapper_id = "/dev/mapper/${volume_tag}--${volume_name}_vg-${volume_tag}--${volume_name}" | ||
|
||
exec { "vgchange-${name}_vg": | ||
command => "vgchange -ay ${name}_vg", | ||
onlyif => ["test ! -d /dev/${name}_vg", "vgscan -t | grep -q '${name}_vg'"], | ||
require => [Package['lvm2']], | ||
path => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'], | ||
} | ||
|
||
physical_volume { $device: | ||
ensure => present, | ||
} | ||
|
||
volume_group { "${name}_vg": | ||
ensure => present, | ||
physical_volumes => $device, | ||
createonly => true, | ||
followsymlinks => true, | ||
} | ||
|
||
if $filesystem == 'xfs' { | ||
$options = 'defaults,usrquota' | ||
} else { | ||
$options = 'defaults' | ||
} | ||
|
||
lvm::logical_volume { $name: | ||
ensure => present, | ||
volume_group => "${name}_vg", | ||
fs_type => $filesystem, | ||
mkfs_options => $mkfs_options, | ||
mountpath => "/mnt/${volume_tag}/${volume_name}", | ||
mountpath_require => true, | ||
options => $options, | ||
} | ||
|
||
exec { "chown ${owner}:${group} /mnt/${volume_tag}/${volume_name}": | ||
onlyif => "test \"$(stat -c%U:%G /mnt/${volume_tag}/${volume_name})\" != \"${owner}:${group}\"", | ||
refreshonly => true, | ||
subscribe => Lvm::Logical_volume[$name], | ||
path => ['/bin'], | ||
} | ||
|
||
exec { "chmod ${mode} /mnt/${volume_tag}/${volume_name}": | ||
onlyif => "test \"$(stat -c0%a /mnt/${volume_tag}/${volume_name})\" != \"${mode}\"", | ||
refreshonly => true, | ||
subscribe => Lvm::Logical_volume[$name], | ||
path => ['/bin'], | ||
} | ||
|
||
if $enable_resize { | ||
$logical_volume_size_cmd = "pvs --noheadings -o pv_size ${device} | sed -nr 's/^.*[ <]([0-9]+)\\..*g$/\\1/p'" | ||
$physical_volume_size_cmd = "pvs --noheadings -o dev_size ${device} | sed -nr 's/^ *([0-9]+)\\..*g/\\1/p'" | ||
exec { "pvresize ${device}": | ||
onlyif => "test `${logical_volume_size_cmd}` -lt `${physical_volume_size_cmd}`", | ||
path => ['/usr/bin', '/bin', '/usr/sbin'], | ||
require => Lvm::Logical_volume[$name], | ||
} | ||
|
||
$pv_freespace_cmd = "pvs --noheading -o pv_free ${device} | sed -nr 's/^ *([0-9]*)\\..*g/\\1/p'" | ||
exec { "lvextend -l '+100%FREE' -r /dev/${name}_vg/${name}": | ||
onlyif => "test `${pv_freespace_cmd}` -gt 0", | ||
path => ['/usr/bin', '/bin', '/usr/sbin'], | ||
require => Exec["pvresize ${device}"], | ||
} | ||
} | ||
|
||
selinux::fcontext::equivalence { "/mnt/${volume_tag}/${volume_name}": | ||
ensure => 'present', | ||
target => '/home', | ||
require => Mount["/mnt/${volume_tag}/${volume_name}"], | ||
notify => Selinux::Exec_restorecon["/mnt/${volume_tag}/${volume_name}"], | ||
} | ||
|
||
selinux::exec_restorecon { "/mnt/${volume_tag}/${volume_name}": } | ||
|
||
if $bind_mount { | ||
ensure_resource('file', $bind_target_, { 'ensure' => 'directory', 'seltype' => $seltype }) | ||
mount { $bind_target_: | ||
ensure => mounted, | ||
device => "/mnt/${volume_tag}/${volume_name}", | ||
fstype => none, | ||
options => 'rw,bind', | ||
require => [ | ||
File[$bind_target_], | ||
Lvm::Logical_volume[$name], | ||
], | ||
} | ||
} elsif ( | ||
$facts['mountpoints'][$bind_target_] != undef and | ||
$facts['mountpoints'][$bind_target_]['device'] == $dev_mapper_id | ||
) { | ||
mount { $bind_target_: | ||
ensure => absent, | ||
} | ||
} | ||
|
||
if $quota and $filesystem == 'xfs' { | ||
ensure_resource('file', '/etc/xfs_quota', { 'ensure' => 'directory' }) | ||
# Save the xfs quota setting to avoid applying at every iteration | ||
file { "/etc/xfs_quota/${volume_tag}-${volume_name}": | ||
ensure => 'file', | ||
content => "#FILE TRACKED BY PUPPET DO NOT EDIT MANUALLY\n${quota}", | ||
require => File['/etc/xfs_quota'], | ||
} | ||
|
||
exec { "apply-quota-${name}": | ||
command => "xfs_quota -x -c 'limit bsoft=${quota} bhard=${quota} -d' /mnt/${volume_tag}/${volume_name}", | ||
require => Mount["/mnt/${volume_tag}/${volume_name}"], | ||
path => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'], | ||
refreshonly => true, | ||
subscribe => [File["/etc/xfs_quota/${volume_tag}-${volume_name}"]], | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
#!/bin/bash | ||
# 1. Create a hostgroup for each tag | ||
# 2. Create an automember rule for each hostgroup | ||
# 3. Add a condition to the automember rule for each prefix with that tag | ||
# 4. Rebuild the automember rules | ||
api.Command.batch( | ||
<% $hbac_services.each |$service| { -%> | ||
{ 'method': 'hbacsvc_add', 'params': [['<%= $service %>'], {}] }, | ||
<% } -%> | ||
<% $tags.each |$tag| { -%> | ||
{ 'method': 'hostgroup_add', 'params': [['<%= $tag %>'], {}] }, | ||
{ 'method': 'automember_add', 'params': [['<%= $tag %>'], {'type': 'hostgroup'}] }, | ||
<% $hbac_services.each |$service| { -%> | ||
{ 'method': 'hbacrule_add', 'params': [['<%= $tag %>:<%= $service %>'], {'accessruletype': 'allow'}] }, | ||
{ 'method': 'hbacrule_add_host', 'params': [['<%= $tag %>:<%= $service %>'], {'hostgroup': '<%= $tag %>'}] }, | ||
{ 'method': 'hbacrule_add_service', 'params': [['<%= $tag %>:<%= $service %>'], {'hbacsvc': '<%= $service %>'}] }, | ||
<% }} -%> | ||
<% $prefixes_tags.each |$prefix, $tags| { -%> | ||
<% $tags.each |$tag| { -%> | ||
{ 'method': 'automember_add_condition', 'params': [['<%= $tag %>'], {'type': 'hostgroup', 'key': 'fqdn', 'automemberinclusiveregex': "^<%= $prefix %>\d+.<%= $ipa_domain %>$"}] }, | ||
<% }} -%> | ||
{ 'method': 'automember_rebuild', 'params': [[], {'type': 'hostgroup'}] }, | ||
) |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters