RHEL 8 updates and improved base role docs

This commit is contained in:
2022-08-30 17:59:35 +02:00
parent 5b4278c334
commit f122618db4
2 changed files with 79 additions and 35 deletions
+77 -30
View File
@@ -9,35 +9,42 @@ need anyway.
Parameters
----------
====================== ======== ================================================
**Name** **Type** **Default**
---------------------- -------- ------------------------------------------------
default_target string ``multi-user``
enable_afs bool hiera('base::enable_afs')
enable_autofs bool hiera('base::enable_autofs')
enable_epics bool hiera('base::enable_epics')
enable_filecopy bool hiera('base::enable_filecopy')
enable_ganglia bool hiera('base::enable_ganglia')
enable_icinga bool hiera('base::enable_icinga')
enable_kdump_client bool hiera('base::enable_kdump_client')
enable_multipath bool hiera('base::enable_multipath')
enable_nfs_server bool hiera('base::enable_nfs_server')
enable_nomachine bool hiera('base::enable_nomachine')
enable_platform bool hiera('base::enable_platform')
enable_pmodules bool hiera('base::enable_pmodules')
enable_print_client bool hiera('base::enable_print_client')
enable_rhgb bool hiera('base::enable_rhgb')
enable_ssh_client bool hiera('base::enable_ssh_client')
enable_telegraf bool hiera('base::enable_telegraf')
enable_updatedb bool hiera('base::enable_updatedb')
include_aaa bool true
include_log_client bool true
include_rpm_repos bool true
package_groups array hiera_array('base::package_groups', [])
package_excludes array hierra_array('base::package_exclude', [])
pkg_group::* array hierra_array('base::pkg_group::...', [])
selinux_mode string hiera('base::selinux_mode', 'enforcing')
====================== ======== ================================================
========================= ======== ================================================
**Name** **Type** **Default**
------------------------- -------- ------------------------------------------------
default_target string ``multi-user``
default_enable_afs bool undef
default_enable_pmodules bool undef
default_pmodules_when_afs bool false,
default_local_homes bool undef,
default_enable_mta bool undef,
enable_afs bool hiera('base::enable_afs')
enable_autofs bool hiera('base::enable_autofs')
enable_epics bool hiera('base::enable_epics')
enable_filecopy bool hiera('base::enable_filecopy')
enable_ganglia bool hiera('base::enable_ganglia')
enable_icinga bool hiera('base::enable_icinga')
enable_kdump_client bool hiera('base::enable_kdump_client')
enable_local_homes bool hiera('base::local_homes', undef),
enable_mta bool hiera('base::enable_mta', undef),
enable_multipath bool hiera('base::enable_multipath')
enable_nfs_server bool hiera('base::enable_nfs_server')
enable_nomachine bool hiera('base::enable_nomachine')
enable_platform bool hiera('base::enable_platform')
enable_pmodules bool hiera('base::enable_pmodules')
enable_print_client bool hiera('base::enable_print_client')
enable_rhgb bool hiera('base::enable_rhgb')
enable_ssh_client bool hiera('base::enable_ssh_client')
enable_telegraf bool hiera('base::enable_telegraf')
enable_updatedb bool hiera('base::enable_updatedb')
include_aaa bool true
include_log_client bool true
include_rpm_repos bool true
package_groups array hiera_array('base::package_groups', [])
package_excludes array hierra_array('base::package_exclude', [])
pkg_group::* array hierra_array('base::pkg_group::...', [])
selinux_mode string hiera('base::selinux_mode', 'enforcing')
========================= ======== ================================================
``default_target``
@@ -47,13 +54,37 @@ Specifies the systemd default target to configure. This does not *isolate* the
target (see :manpage:`systemctl(1)`), but merely sets it so it will become
active after a reboot.
``default_enable_afs``
~~~~~~~~~~~~~~~~~~~~~~
Allows the role programmer to define if AFS should be enabled or not when there is no ``base::enable_afs`` Hiera setting and parameter ``enable_afs`` is undefined (default).
``default_enable_pmodules``
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Allows the role programmer to define if pmodules should be enabled or not when there is no ``base::enable_pmodules`` Hiera setting and parameter ``enable_pmodules`` is undefined (default).
``default_pmodules_when_afs``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Allows the role programmer to define if pmodules should be automatically enabled together with AFS. should be enabled or not when there is no ``base::enable_pmodules`` Hiera setting and parameter ``enable_pmodules`` is undefined (default).
This requires the parameters ``default_enable_pmodules`` and ``enable_pmodules`` to be undefined (default) and that there is no ``base::enable_pmodules`` Hiera setting.
``default_local_homes``
~~~~~~~~~~~~~~~~~~~~~~~
Allows the role programmer to define if local homes should be used if not configured differently in Hiera. This is default on RHEL8.
``default_enable_mta``
~~~~~~~~~~~~~~~~~~~~~~
Allows the role programmer to define if postfix should be enabled or not when there is no ``base::enable_mta`` Hiera setting and parameter ``enable_mta`` is undefined (default).
``enable_afs``
~~~~~~~~~~~~~~
Determines whether to include the :doc:`afs_client <../profiles/afs_client>`
profile to enable AFS access.
For the ``workstation`` and ``softioc`` role this is ignored, respectively there are separate ``workstation::enable_afs`` and ``softioc::enable_afs`` Hiera settings.
For the ``softioc`` role this is ignored, respectively there is a separate ``softioc::enable_afs`` Hiera settings.
Puppet roles should not set this parameter as this overrides ``base::enable_afs`` from Hiera.
Please use ``default_enable_afs`` instead to define the role preference.
``enable_autofs``
@@ -111,6 +142,19 @@ necessary for Icinga-based monitoring.
Determines whether to include the :doc:`kdump_client <../profiles/kdump_client>`
profile.
``enable_local_homes``
~~~~~~~~~~~~~~~~~~~~~~
Configures local homes.
Puppet roles should not set this parameter as this overrides ``base::enable_local_homes`` from Hiera.
Please use ``default_local_homes`` instead to define the role preference.
``enable_mta``
~~~~~~~~~~~~~~
Enables postfix.
Puppet roles should not set this parameter as this overrides ``base::enable_mta`` from Hiera.
Please use ``default_enable_mta`` instead to define the role preference.
``enable_multipath``
~~~~~~~~~~~~~~~~~~~~
@@ -148,6 +192,9 @@ users (ie UID >= 1000 and no ``-adm`` suffix) using :manpage:`bash(1)`.
Requires AFS to work, as the required configuration files are stored on AFS.
Puppet roles should not set this parameter as this overrides ``base::enable_pmodules`` from Hiera.
Please use ``default_enable_pmodules`` or even ``default_pmodules_when_afs`` instead to define the role preference.
``enable_print_client``
~~~~~~~~~~~~~~~~~~~~~~~
+2 -5
View File
@@ -19,12 +19,11 @@ It looks like it works already a lot out of the box, but no guarantee can be giv
## Major Known Issues
-
- sssd_kcm switches Kerberos credential cache midsession [PSILINUX-120](https://jira.psi.ch/browse/PSILINUX-120)
## Major Missing Features
- security patches are automatically installed [PSILINUX-98](https://jira.psi.ch/browse/PSILINUX-98)
- minimal default installation, aka gem, git and postfix is not installed by default [PSILINUX-100](https://jira.psi.ch/browse/PSILINUX-100)
- not all interesting 3rd-party packages available yet [PSILINUX-113](https://jira.psi.ch/browse/PSILINUX-113)
## Caveats
@@ -58,8 +57,6 @@ This needs to be fixed manually:
- run the complaining command and approve (or use `--yes`)
- run `puppet agent -t` to finalize the configuration
### "yum/dnf search" Gives Permission Denied as Normal User
It works fine beside the below error message:
```