Files

Konrad Bucheli bee7c3a9ac improve AFS documentation

2022-06-14 11:11:38 +02:00

6.8 KiB

Raw Blame History

`role::base`

This role is special in that it cannot be assigned to a system. It is meant to be included by all other roles and provide basic functionality that all roles need anyway.

Parameters

Name	Type	Default
default_target	string	`multi-user`
enable_afs	bool	hiera('base::enable_afs')
enable_autofs	bool	hiera('base::enable_autofs')
enable_filecopy	bool	hiera('base::enable_filecopy')
enable_ganglia	bool	hiera('base::enable_ganglia')
enable_icinga	bool	hiera('base::enable_icinga')
enable_kdump_client	bool	hiera('base::enable_kdump_client')
enable_multipath	bool	hiera('base::enable_multipath')
enable_nfs_server	bool	hiera('base::enable_nfs_server')
enable_nomachine	bool	hiera('base::enable_nomachine')
enable_platform	bool	hiera('base::enable_platform')
enable_pmodules	bool	hiera('base::enable_pmodules')
enable_print_client	bool	hiera('base::enable_print_client')
enable_rhgb	bool	hiera('base::enable_rhgb')
enable_ssh_client	bool	hiera('base::enable_ssh_client')
enable_telegraf	bool	hiera('base::enable_telegraf')
enable_updatedb	bool	hiera('base::enable_updatedb')
include_aaa	bool	true
include_log_client	bool	true
include_yum_client	bool	true
package_groups	array	[]
pkg_group::*	array
selinux_mode	string	hiera('base::selinux_mode', 'enforcing')

`default_target`

Specifies the systemd default target to configure. This does not isolate the target (see systemctl(1)), but merely sets it so it will become active after a reboot.

`enable_afs`

Determines whether to include the afs_client <../profiles/afs_client> profile to enable AFS access. For the workstation and softioc role this is ignored, respectively there are separate workstation::enable_afs and softioc::enable_afs Hiera settings.

`enable_autofs`

Enable the autofs service. This is not needed for automounts! It is only needed to support the -hosts map as documented in auto.master. The -hosts map is mounted on /net.

`enable_filecopy`

Enable the filecopy profile, which allows deploying arbitrary files from git.psi.ch through Hiera.

`enable_ganglia`

Determines whether to include the ganglia_client <../profiles/ganglia_client>.

`enable_ssh_client`

Deploy global SSH client configuration, ie /etc/ssh/ssh_config.

`enable_telegraf`

Enable the telegraf monitoring agent, which reports various system metrics to InfluxDB servers.

`enable_icinga`

Determines whether to include the icinga_client <../profiles/icinga_client> profile, which installs the client components necessary for Icinga-based monitoring.

`enable_kdump_client`

Determines whether to include the kdump_client <../profiles/kdump_client> profile.

`enable_multipath`

Enable the multipath profile for basic multipath functionality.

`enable_nfs_server`

Enable the kernel NFS server and configure the exports(5) file. See the nfs_server <../profiles/nfs_server> profile for details.

`enable_nomachine`

Include the nomachine profile, which can install NoMachine NX in various configurations.

`enable_platform`

Enable the platform profile, which installs and configures hardware-specific tools and configurations.

`enable_pmodules`

Determines whether to enable the pmodules <../profiles/pmodules> profile. When true, the necessary configuration is automatically sourced for all normal users (ie UID >= 1000 and no -adm suffix) using bash(1).

Requires AFS to work, as the required configuration files are stored on AFS.

`enable_print_client`

Enable and configure CUPS as a client. See the print_client <../profiles/print_client> profile for details.

`enable_rhgb`

Determines whether the graphical boot screen is enabled.

`enable_updatedb`

Determines whether or not updatedb(8) (aka locate(1)) is enabled or not. When enabled, it is still possible to exclude certain directories for indexing. This is also supported directly by the mounter module.

`include_aaa`

Determines whether to include the aaa <../profiles/aaa> profile, which configures authentication, authorization, and (partly) auditing.

`include_log_client`

Include the log_client <../profiles/log_client> profile. This is only meant to allow roles customization of the log_client <../profiles/log_client> profile.

`include_yum_client`

Determines whether to include the yum_client <../profiles/yum_client> profile.

`package_groups`

The list of package groups to install. Package groups are defined using pkg_group::NAME.

`pkg_group::NAME`

An array defining the package group NAME. Package groups are installed using the package_groups parameter.

`selinux_mode`

The SELinux mode to use, one of enforcing, permissive, and disabled. The configured SELinux mode (ie the setting in /etc/sysconfig/selinux) is changed immediately. The runtime mode is changed as follows, as certain transitions are impossible without a reboot:

Current	Setting	New runtime
Enforcing	Disabled	Permissive
Enforcing	Permissive	Permissive
Permissive	Enforcing	Enforcing
Permissive	Disabled	Permissive
Disabled	Permissive	Disabled
Disabled	Enforcing	Disabled

Examples

The most basic usage is:

class role::some_role () {

  include role::base

  ...
}

Most profiles that are included can be excluded when necessary:

class role::some_role () {

  class {'role::base':
    include_icinga => false,
  }

  ...
}

This can be used to customize some of the basic profiles:

class role::base () {

  class {'role::base':
    include_aaa => false,
  }

  class {'profile::aaa':
    allow_sudoers_d => true,
  }

  ...
}

6.8 KiB Raw Blame History

role::base

Parameters

default_target

enable_afs

enable_autofs

enable_filecopy

enable_ganglia

enable_ssh_client

enable_telegraf

enable_icinga

enable_kdump_client

enable_multipath

enable_nfs_server

enable_nomachine

enable_platform

enable_pmodules

enable_print_client

enable_rhgb

enable_updatedb

include_aaa

include_log_client

include_yum_client

package_groups

pkg_group::NAME

selinux_mode