gitea-pages/admin-guide/puppet/roles/base.rst

role::base

This role is special in that it cannot be assigned to a system. It is meant to be included by all other roles and provide basic functionality that all roles need anyway.

Parameters

Name	Type	Default
default_target	string	multi-user
enable_afs	bool	hiera('base::enable_afs')
enable_autofs	bool	hiera('base::enable_autofs')
enable_epics	bool	hiera('base::enable_epics')
enable_filecopy	bool	hiera('base::enable_filecopy')
enable_ganglia	bool	hiera('base::enable_ganglia')
enable_icinga	bool	hiera('base::enable_icinga')
enable_kdump_client	bool	hiera('base::enable_kdump_client')
enable_multipath	bool	hiera('base::enable_multipath')
enable_nfs_server	bool	hiera('base::enable_nfs_server')
enable_nomachine	bool	hiera('base::enable_nomachine')
enable_platform	bool	hiera('base::enable_platform')
enable_pmodules	bool	hiera('base::enable_pmodules')
enable_print_client	bool	hiera('base::enable_print_client')
enable_rhgb	bool	hiera('base::enable_rhgb')
enable_ssh_client	bool	hiera('base::enable_ssh_client')
enable_telegraf	bool	hiera('base::enable_telegraf')
enable_updatedb	bool	hiera('base::enable_updatedb')
include_aaa	bool	true
include_log_client	bool	true
include_rpm_repos	bool	true
package_groups	array	hiera_array('base::package_groups', [])
package_excludes	array	hierra_array('base::package_exclude', [])
pkg_group::*	array	hierra_array('base::pkg_group::...', [])
selinux_mode	string	hiera('base::selinux_mode', 'enforcing')

default_target

Specifies the systemd default target to configure. This does not isolate the target (see systemctl(1)), but merely sets it so it will become active after a reboot.

enable_afs

Determines whether to include the afs_client <../profiles/afs_client> profile to enable AFS access. For the workstation and softioc role this is ignored, respectively there are separate workstation::enable_afs and softioc::enable_afs Hiera settings.

enable_autofs

Enable the autofs service. This is not needed for automounts! It is only needed to support the -hosts map as documented in auto.master. The -hosts map is mounted on /net.

enable_epics

Enables the EPICS. TODO: more details...

enable_filecopy

Enable the filecopy profile, which allows deploying arbitrary files from git.psi.ch through Hiera.

enable_ganglia

Determines whether to include the ganglia_client <../profiles/ganglia_client>.

enable_ssh_client

Deploy global SSH client configuration, ie /etc/ssh/ssh_config.

enable_telegraf

Enable the telegraf monitoring agent, which reports various system metrics to InfluxDB servers.

enable_icinga

Determines whether to include the icinga_client <../profiles/icinga_client> profile, which installs the client components necessary for Icinga-based monitoring.

enable_kdump_client

Determines whether to include the kdump_client <../profiles/kdump_client> profile.

enable_multipath

Enable the multipath profile for basic multipath functionality.

enable_nfs_server

Enable the kernel NFS server and configure the exports(5) file. See the nfs_server <../profiles/nfs_server> profile for details.

enable_nomachine

Include the nomachine profile, which can install NoMachine NX in various configurations.

enable_platform

Enable the platform profile, which installs and configures hardware-specific tools and configurations.

enable_pmodules

Determines whether to enable the pmodules <../profiles/pmodules> profile. When true, the necessary configuration is automatically sourced for all normal users (ie UID >= 1000 and no -adm suffix) using bash(1).

Requires AFS to work, as the required configuration files are stored on AFS.

enable_print_client

Enable and configure CUPS as a client. See the print_client <../profiles/print_client> profile for details.

enable_rhgb

Determines whether the graphical boot screen is enabled.

enable_updatedb

Determines whether or not updatedb(8) (aka locate(1)) is enabled or not. When enabled, it is still possible to exclude certain directories for indexing. This is also supported directly by the mounter module.

include_aaa

Determines whether to include the aaa <../profiles/aaa> profile, which configures authentication, authorization, and (partly) auditing.

include_log_client

Include the log_client <../profiles/log_client> profile. This is only meant to allow roles customization of the log_client <../profiles/log_client> profile.

include_rpm_repos

Determines whether to install the default RPM package repositories.

package_groups

The list of package groups to install. Package groups are defined in Hiera using base::pkg_group::NAME.

pkg_group::NAME

An array defining the package group NAME. It contains the package name with optionally one or more tags, separated by :. Following tags are allowed:

Tag	Description
latest	ensure the latest version of the package is installed
absent	ensure the package is not installed
os=redhat7	install it only on this OS
os!redhat7	install on any OS except this one

package_excludes

An array with packages which are not made available on the system.

selinux_mode

The SELinux mode to use, one of enforcing, permissive, and disabled. The configured SELinux mode (ie the setting in /etc/sysconfig/selinux) is changed immediately. The runtime mode is changed as follows, as certain transitions are impossible without a reboot:

Current	Setting	New runtime
Enforcing	Disabled	Permissive
Enforcing	Permissive	Permissive
Permissive	Enforcing	Enforcing
Permissive	Disabled	Permissive
Disabled	Permissive	Disabled
Disabled	Enforcing	Disabled

Examples

The most basic usage is:

class role::some_role () {

  include role::base

  ...
}

Most profiles that are included can be excluded when necessary:

class role::some_role () {

  class {'role::base':
    include_icinga => false,
  }

  ...
}

This can be used to customize some of the basic profiles:

class role::base () {

  class {'role::base':
    include_aaa => false,
  }

  class {'profile::aaa':
    allow_sudoers_d => true,
  }

  ...
}