``role::base``
==============

This role is special in that **it cannot be assigned to a system**. It is meant
to be included by all other roles and provide basic functionality that all roles
need anyway.


Parameters
----------

======================  ========  ================================================
**Name**                **Type**  **Default**
----------------------  --------  ------------------------------------------------
default_target          string    ``multi-user``
enable_afs              bool      hiera('base::enable_afs')
enable_autofs           bool      hiera('base::enable_autofs')
enable_epics            bool      hiera('base::enable_epics')
enable_filecopy         bool      hiera('base::enable_filecopy')
enable_ganglia          bool      hiera('base::enable_ganglia')
enable_icinga           bool      hiera('base::enable_icinga')
enable_kdump_client     bool      hiera('base::enable_kdump_client')
enable_multipath        bool      hiera('base::enable_multipath')
enable_nfs_server       bool      hiera('base::enable_nfs_server')
enable_nomachine        bool      hiera('base::enable_nomachine')
enable_platform         bool      hiera('base::enable_platform')
enable_pmodules         bool      hiera('base::enable_pmodules')
enable_print_client     bool      hiera('base::enable_print_client')
enable_rhgb             bool      hiera('base::enable_rhgb')
enable_ssh_client       bool      hiera('base::enable_ssh_client')
enable_telegraf         bool      hiera('base::enable_telegraf')
enable_updatedb         bool      hiera('base::enable_updatedb')
include_aaa             bool      true
include_log_client      bool      true
include_rpm_repos       bool      true
package_groups          array     hiera_array('base::package_groups', [])
package_excludes        array     hierra_array('base::package_exclude', [])
pkg_group::*            array     hierra_array('base::pkg_group::...', [])
selinux_mode            string    hiera('base::selinux_mode', 'enforcing')
======================  ========  ================================================


``default_target``
~~~~~~~~~~~~~~~~~~

Specifies the systemd default target to configure. This does not *isolate* the
target (see :manpage:`systemctl(1)`), but merely sets it so it will become
active after a reboot.


``enable_afs``
~~~~~~~~~~~~~~

Determines whether to include the :doc:`afs_client <../profiles/afs_client>`
profile to enable AFS access.
For the ``workstation`` and ``softioc`` role this is ignored, respectively there are separate ``workstation::enable_afs`` and ``softioc::enable_afs`` Hiera settings.


``enable_autofs``
~~~~~~~~~~~~~~~~~

Enable the ``autofs`` service. This is **not** needed for automounts! It is only
needed to support the ``-hosts`` map as documented in :manpage:`auto.master`.
The ``-hosts`` map is mounted on ``/net``.


``enable_epics``
~~~~~~~~~~~~~~~~~

Enables the ``EPICS``. TODO: more details...


``enable_filecopy``
~~~~~~~~~~~~~~~~~~~

Enable the ``filecopy`` profile, which allows deploying arbitrary files from
``git.psi.ch`` through Hiera.


``enable_ganglia``
~~~~~~~~~~~~~~~~~~

Determines whether to include the :doc:`ganglia_client
<../profiles/ganglia_client>`.


``enable_ssh_client``
~~~~~~~~~~~~~~~~~~~~~

Deploy global SSH client configuration, ie ``/etc/ssh/ssh_config``.


``enable_telegraf``
~~~~~~~~~~~~~~~~~~~

Enable the telegraf monitoring agent, which reports various system metrics to
InfluxDB servers.


``enable_icinga``
~~~~~~~~~~~~~~~~~

Determines whether to include the :doc:`icinga_client
<../profiles/icinga_client>` profile, which installs the client components
necessary for Icinga-based monitoring.


``enable_kdump_client``
~~~~~~~~~~~~~~~~~~~~~~~

Determines whether to include the :doc:`kdump_client <../profiles/kdump_client>`
profile.


``enable_multipath``
~~~~~~~~~~~~~~~~~~~~

Enable the ``multipath`` profile for basic multipath functionality.


``enable_nfs_server``
~~~~~~~~~~~~~~~~~~~~~

Enable the kernel NFS server and configure the :manpage:`exports(5)` file. See
the :doc:`nfs_server <../profiles/nfs_server>` profile for details.


``enable_nomachine``
~~~~~~~~~~~~~~~~~~~~

Include the ``nomachine`` profile, which can install NoMachine NX in various
configurations.


``enable_platform``
~~~~~~~~~~~~~~~~~~~

Enable the ``platform`` profile, which installs and configures hardware-specific
tools and configurations.


``enable_pmodules``
~~~~~~~~~~~~~~~~~~~

Determines whether to enable the :doc:`pmodules <../profiles/pmodules>` profile.
When true, the necessary configuration is automatically sourced for all normal
users (ie UID >= 1000 and no ``-adm`` suffix) using :manpage:`bash(1)`.

Requires AFS to work, as the required configuration files are stored on AFS.


``enable_print_client``
~~~~~~~~~~~~~~~~~~~~~~~

Enable and configure CUPS as a client. See the :doc:`print_client
<../profiles/print_client>` profile for details.


``enable_rhgb``
~~~~~~~~~~~~~~~

Determines whether the graphical boot screen is enabled.


``enable_updatedb``
~~~~~~~~~~~~~~~~~~~

Determines whether or not :manpage:`updatedb(8)` (aka :manpage:`locate(1)`) is
enabled or not. When enabled, it is still possible to exclude certain
directories for indexing. This is also supported directly by the mounter module.


``include_aaa``
~~~~~~~~~~~~~~~

Determines whether to include the :doc:`aaa <../profiles/aaa>` profile, which
configures authentication, authorization, and (partly) auditing.


``include_log_client``
~~~~~~~~~~~~~~~~~~~~~~

Include the :doc:`log_client <../profiles/log_client>` profile. This is only
meant to allow roles customization of the :doc:`log_client
<../profiles/log_client>` profile.


``include_rpm_repos``
~~~~~~~~~~~~~~~~~~~~~~

Determines whether to install the default RPM package repositories.


``package_groups``
~~~~~~~~~~~~~~~~~~

The list of package groups to install. Package groups are defined in Hiera using
``base::pkg_group::NAME``.


``pkg_group::NAME``
~~~~~~~~~~~~~~~~~~~

An array defining the package group ``NAME``. It contains the package name with optionally
one or more tags, separated by ``:``. Following tags are allowed:

========== =====================================================
Tag        Description
---------- -----------------------------------------------------
latest     ensure the latest version of the package is installed
absent     ensure the package is not installed
os=redhat7 install it only on this OS
os!redhat7 install on any OS except this one
========== =====================================================


``package_excludes``
~~~~~~~~~~~~~~~~~~~~

An array with packages which are not made available on the system.


``selinux_mode``
~~~~~~~~~~~~~~~~

The SELinux mode to use, one of ``enforcing``, ``permissive``, and ``disabled``.
The *configured* SELinux mode (ie the setting in ``/etc/sysconfig/selinux``) is
changed immediately. The runtime mode is changed as follows, as certain
transitions are impossible without a reboot:

==========  ==========  ===========
Current     Setting     New runtime
----------  ----------  -----------
Enforcing   Disabled    Permissive
Enforcing   Permissive  Permissive
Permissive  Enforcing   Enforcing
Permissive  Disabled    Permissive
Disabled    Permissive  Disabled
Disabled    Enforcing   Disabled
==========  ==========  ===========


Examples
--------

The most basic usage is::

  class role::some_role () {

    include role::base

    ...
  }

Most profiles that are included can be excluded when necessary::

  class role::some_role () {

    class {'role::base':
      include_icinga => false,
    }

    ...
  }

This can be used to customize some of the basic profiles::

  class role::base () {

    class {'role::base':
      include_aaa => false,
    }

    class {'profile::aaa':
      allow_sudoers_d => true,
    }

    ...
  }