265 lines
6.5 KiB
ReStructuredText
265 lines
6.5 KiB
ReStructuredText
``role::base``
|
|
==============
|
|
|
|
This role is special in that **it cannot be assigned to a system**. It is meant
|
|
to be included by all other roles and provide basic functionality that all roles
|
|
need anyway.
|
|
|
|
|
|
Parameters
|
|
----------
|
|
|
|
====================== ======== ================================================
|
|
**Name** **Type** **Default**
|
|
---------------------- -------- ------------------------------------------------
|
|
default_target string ``multi-user``
|
|
enable_afs bool false
|
|
enable_autofs bool false
|
|
enable_filecopy bool hiera('base::enable_filecopy')
|
|
enable_ganglia bool false
|
|
enable_icinga bool true
|
|
enable_kdump_client bool true
|
|
enable_multipath bool hiera('base::enable_multipath')
|
|
enable_nfs_server bool false
|
|
enable_nomachine bool hiera('base::enable_nomachine')
|
|
enable_platform bool hiera('base::enable_platform')
|
|
enable_pmodules bool false
|
|
enable_print_client bool false
|
|
enable_rhgb bool false
|
|
enable_sensu bool hiera('base::enable_sensu')
|
|
enable_ssh_client bool hiera('base::enable_ssh_client')
|
|
enable_telegraf bool hiera('base::enable_telegraf')
|
|
enable_updatedb bool true
|
|
include_aaa bool true
|
|
include_log_client bool true
|
|
include_yum_client bool true
|
|
package_groups array []
|
|
pkg_group::* array -
|
|
selinux_mode string ``enforcing``
|
|
====================== ======== ================================================
|
|
|
|
|
|
``default_target``
|
|
~~~~~~~~~~~~~~~~~~
|
|
|
|
Specifies the systemd default target to configure. This does not *isolate* the
|
|
target (see :manpage:`systemctl(1)`), but merely sets it so it will become
|
|
active after a reboot.
|
|
|
|
|
|
``enable_afs``
|
|
~~~~~~~~~~~~~~
|
|
|
|
Determines whether to include the :doc:`afs_client <../profiles/afs_client>`
|
|
profile.
|
|
|
|
|
|
``enable_autofs``
|
|
~~~~~~~~~~~~~~~~~
|
|
|
|
Enable the ``autofs`` service. This is **not** needed for automounts! It is only
|
|
needed to support the ``-hosts`` map as documented in :manpage:`auto.master`.
|
|
The ``-hosts`` map is mounted on ``/net``.
|
|
|
|
|
|
``enable_filecopy``
|
|
~~~~~~~~~~~~~~~~~~~
|
|
|
|
Enable the ``filecopy`` profile, which allows deploying arbitrary files from
|
|
``git.psi.ch`` through Hiera.
|
|
|
|
|
|
``enable_ganglia``
|
|
~~~~~~~~~~~~~~~~~~
|
|
|
|
Determines whether to include the :doc:`ganglia_client
|
|
<../profiles/ganglia_client>`.
|
|
|
|
|
|
|
|
``enable_sensu``
|
|
~~~~~~~~~~~~~~~~
|
|
|
|
Enable the Sensu client and checks.
|
|
|
|
|
|
``enable_ssh_client``
|
|
~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
Deploy global SSH client configuration, ie ``/etc/ssh/ssh_config``.
|
|
|
|
|
|
``enable_telegraf``
|
|
~~~~~~~~~~~~~~~~~~~
|
|
|
|
Enable the telegraf monitoring agent, which reports various system metrics to
|
|
InfluxDB servers.
|
|
|
|
|
|
``enable_icinga``
|
|
~~~~~~~~~~~~~~~~~
|
|
|
|
Determines whether to include the :doc:`icinga_client
|
|
<../profiles/icinga_client>` profile, which installs the client components
|
|
necessary for Icinga-based monitoring.
|
|
|
|
|
|
``enable_kdump_client``
|
|
~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
Determines whether to include the :doc:`kdump_client <../profiles/kdump_client>`
|
|
profile.
|
|
|
|
|
|
``enable_multipath``
|
|
~~~~~~~~~~~~~~~~~~~~
|
|
|
|
Enable the ``multipath`` profile for basic multipath functionality.
|
|
|
|
|
|
``enable_nfs_server``
|
|
~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
Enable the kernel NFS server and configure the :manpage:`exports(5)` file. See
|
|
the :doc:`nfs_server <../profiles/nfs_server>` profile for details.
|
|
|
|
|
|
``enable_nomachine``
|
|
~~~~~~~~~~~~~~~~~~~~
|
|
|
|
Include the ``nomachine`` profile, which can install NoMachine NX in various
|
|
configurations.
|
|
|
|
|
|
``enable_platform``
|
|
~~~~~~~~~~~~~~~~~~~
|
|
|
|
Enable the ``platform`` profile, which installs and configures hardware-specific
|
|
tools and configurations.
|
|
|
|
|
|
``enable_pmodules``
|
|
~~~~~~~~~~~~~~~~~~~
|
|
|
|
Determines whether to enable the :doc:`pmodules <../profiles/pmodules>` profile.
|
|
When true, the necessary configuration is automatically sourced for all normal
|
|
users (ie UID >= 1000 and no ``-adm`` suffix) using :manpage:`bash(1)`.
|
|
|
|
Requires AFS to work, as the required configuration files are stored on AFS.
|
|
|
|
|
|
``enable_print_client``
|
|
~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
Enable and configure CUPS as a client. See the :doc:`print_client
|
|
<../profiles/print_client>` profile for details.
|
|
|
|
|
|
``enable_rhgb``
|
|
~~~~~~~~~~~~~~~
|
|
|
|
Determines whether the graphical boot screen is enabled.
|
|
|
|
|
|
``enable_updatedb``
|
|
~~~~~~~~~~~~~~~~~~~
|
|
|
|
Determines whether or not :manpage:`updatedb(8)` (aka :manpage:`locate(1)`) is
|
|
enabled or not. When enabled, it is still possible to exclude certain
|
|
directories for indexing. This is also supported directly by the mounter module.
|
|
|
|
|
|
``include_aaa``
|
|
~~~~~~~~~~~~~~~
|
|
|
|
Determines whether to include the :doc:`aaa <../profiles/aaa>` profile, which
|
|
configures authentication, authorization, and (partly) auditing.
|
|
|
|
|
|
``include_log_client``
|
|
~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
Include the :doc:`log_client <../profiles/log_client>` profile. This is only
|
|
meant to allow roles customization of the :doc:`log_client
|
|
<../profiles/log_client>` profile.
|
|
|
|
|
|
``include_yum_client``
|
|
~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
Determines whether to include the :doc:`yum_client <../profiles/yum_client>`
|
|
profile.
|
|
|
|
|
|
``package_groups``
|
|
~~~~~~~~~~~~~~~~~~
|
|
|
|
The list of package groups to install. Package groups are defined using
|
|
`pkg_group::NAME`_.
|
|
|
|
|
|
``pkg_group::NAME``
|
|
~~~~~~~~~~~~~~~~~~~
|
|
|
|
An array defining the package group ``NAME``. Package groups are installed using
|
|
the `package_groups`_ parameter.
|
|
|
|
|
|
``selinux_mode``
|
|
~~~~~~~~~~~~~~~~
|
|
|
|
The SELinux mode to use, one of ``enforcing``, ``permissive``, and ``disabled``.
|
|
The *configured* SELinux mode (ie the setting in ``/etc/sysconfig/selinux``) is
|
|
changed immediately. The runtime mode is changed as follows, as certain
|
|
transitions are impossible without a reboot:
|
|
|
|
========== ========== ===========
|
|
Current Setting New runtime
|
|
---------- ---------- -----------
|
|
Enforcing Disabled Permissive
|
|
Enforcing Permissive Permissive
|
|
Permissive Enforcing Enforcing
|
|
Permissive Disabled Permissive
|
|
Disabled Permissive Disabled
|
|
Disabled Enforcing Disabled
|
|
========== ========== ===========
|
|
|
|
|
|
Examples
|
|
--------
|
|
|
|
The most basic usage is::
|
|
|
|
class role::some_role () {
|
|
|
|
include role::base
|
|
|
|
...
|
|
}
|
|
|
|
Most profiles that are included can be excluded when necessary::
|
|
|
|
class role::some_role () {
|
|
|
|
class {'role::base':
|
|
include_icinga => false,
|
|
}
|
|
|
|
...
|
|
}
|
|
|
|
This can be used to customize some of the basic profiles::
|
|
|
|
class role::base () {
|
|
|
|
class {'role::base':
|
|
include_aaa => false,
|
|
}
|
|
|
|
class {'profile::aaa':
|
|
allow_sudoers_d => true,
|
|
}
|
|
|
|
...
|
|
}
|