diff --git a/admin-guide/puppet/roles/base.rst b/admin-guide/puppet/roles/base.rst index 61df7999..2d182257 100644 --- a/admin-guide/puppet/roles/base.rst +++ b/admin-guide/puppet/roles/base.rst @@ -9,35 +9,42 @@ need anyway. Parameters ---------- -====================== ======== ================================================ -**Name** **Type** **Default** ----------------------- -------- ------------------------------------------------ -default_target string ``multi-user`` -enable_afs bool hiera('base::enable_afs') -enable_autofs bool hiera('base::enable_autofs') -enable_epics bool hiera('base::enable_epics') -enable_filecopy bool hiera('base::enable_filecopy') -enable_ganglia bool hiera('base::enable_ganglia') -enable_icinga bool hiera('base::enable_icinga') -enable_kdump_client bool hiera('base::enable_kdump_client') -enable_multipath bool hiera('base::enable_multipath') -enable_nfs_server bool hiera('base::enable_nfs_server') -enable_nomachine bool hiera('base::enable_nomachine') -enable_platform bool hiera('base::enable_platform') -enable_pmodules bool hiera('base::enable_pmodules') -enable_print_client bool hiera('base::enable_print_client') -enable_rhgb bool hiera('base::enable_rhgb') -enable_ssh_client bool hiera('base::enable_ssh_client') -enable_telegraf bool hiera('base::enable_telegraf') -enable_updatedb bool hiera('base::enable_updatedb') -include_aaa bool true -include_log_client bool true -include_rpm_repos bool true -package_groups array hiera_array('base::package_groups', []) -package_excludes array hierra_array('base::package_exclude', []) -pkg_group::* array hierra_array('base::pkg_group::...', []) -selinux_mode string hiera('base::selinux_mode', 'enforcing') -====================== ======== ================================================ +========================= ======== ================================================ +**Name** **Type** **Default** +------------------------- -------- ------------------------------------------------ +default_target string ``multi-user`` +default_enable_afs bool undef +default_enable_pmodules bool undef +default_pmodules_when_afs bool false, +default_local_homes bool undef, +default_enable_mta bool undef, +enable_afs bool hiera('base::enable_afs') +enable_autofs bool hiera('base::enable_autofs') +enable_epics bool hiera('base::enable_epics') +enable_filecopy bool hiera('base::enable_filecopy') +enable_ganglia bool hiera('base::enable_ganglia') +enable_icinga bool hiera('base::enable_icinga') +enable_kdump_client bool hiera('base::enable_kdump_client') +enable_local_homes bool hiera('base::local_homes', undef), +enable_mta bool hiera('base::enable_mta', undef), +enable_multipath bool hiera('base::enable_multipath') +enable_nfs_server bool hiera('base::enable_nfs_server') +enable_nomachine bool hiera('base::enable_nomachine') +enable_platform bool hiera('base::enable_platform') +enable_pmodules bool hiera('base::enable_pmodules') +enable_print_client bool hiera('base::enable_print_client') +enable_rhgb bool hiera('base::enable_rhgb') +enable_ssh_client bool hiera('base::enable_ssh_client') +enable_telegraf bool hiera('base::enable_telegraf') +enable_updatedb bool hiera('base::enable_updatedb') +include_aaa bool true +include_log_client bool true +include_rpm_repos bool true +package_groups array hiera_array('base::package_groups', []) +package_excludes array hierra_array('base::package_exclude', []) +pkg_group::* array hierra_array('base::pkg_group::...', []) +selinux_mode string hiera('base::selinux_mode', 'enforcing') +========================= ======== ================================================ ``default_target`` @@ -47,13 +54,37 @@ Specifies the systemd default target to configure. This does not *isolate* the target (see :manpage:`systemctl(1)`), but merely sets it so it will become active after a reboot. +``default_enable_afs`` +~~~~~~~~~~~~~~~~~~~~~~ +Allows the role programmer to define if AFS should be enabled or not when there is no ``base::enable_afs`` Hiera setting and parameter ``enable_afs`` is undefined (default). + +``default_enable_pmodules`` +~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Allows the role programmer to define if pmodules should be enabled or not when there is no ``base::enable_pmodules`` Hiera setting and parameter ``enable_pmodules`` is undefined (default). + +``default_pmodules_when_afs`` +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Allows the role programmer to define if pmodules should be automatically enabled together with AFS. should be enabled or not when there is no ``base::enable_pmodules`` Hiera setting and parameter ``enable_pmodules`` is undefined (default). + +This requires the parameters ``default_enable_pmodules`` and ``enable_pmodules`` to be undefined (default) and that there is no ``base::enable_pmodules`` Hiera setting. + +``default_local_homes`` +~~~~~~~~~~~~~~~~~~~~~~~ +Allows the role programmer to define if local homes should be used if not configured differently in Hiera. This is default on RHEL8. + +``default_enable_mta`` +~~~~~~~~~~~~~~~~~~~~~~ +Allows the role programmer to define if postfix should be enabled or not when there is no ``base::enable_mta`` Hiera setting and parameter ``enable_mta`` is undefined (default). ``enable_afs`` ~~~~~~~~~~~~~~ Determines whether to include the :doc:`afs_client <../profiles/afs_client>` profile to enable AFS access. -For the ``workstation`` and ``softioc`` role this is ignored, respectively there are separate ``workstation::enable_afs`` and ``softioc::enable_afs`` Hiera settings. +For the ``softioc`` role this is ignored, respectively there is a separate ``softioc::enable_afs`` Hiera settings. + +Puppet roles should not set this parameter as this overrides ``base::enable_afs`` from Hiera. +Please use ``default_enable_afs`` instead to define the role preference. ``enable_autofs`` @@ -111,6 +142,19 @@ necessary for Icinga-based monitoring. Determines whether to include the :doc:`kdump_client <../profiles/kdump_client>` profile. +``enable_local_homes`` +~~~~~~~~~~~~~~~~~~~~~~ +Configures local homes. + +Puppet roles should not set this parameter as this overrides ``base::enable_local_homes`` from Hiera. +Please use ``default_local_homes`` instead to define the role preference. + +``enable_mta`` +~~~~~~~~~~~~~~ +Enables postfix. + +Puppet roles should not set this parameter as this overrides ``base::enable_mta`` from Hiera. +Please use ``default_enable_mta`` instead to define the role preference. ``enable_multipath`` ~~~~~~~~~~~~~~~~~~~~ @@ -148,6 +192,9 @@ users (ie UID >= 1000 and no ``-adm`` suffix) using :manpage:`bash(1)`. Requires AFS to work, as the required configuration files are stored on AFS. +Puppet roles should not set this parameter as this overrides ``base::enable_pmodules`` from Hiera. +Please use ``default_enable_pmodules`` or even ``default_pmodules_when_afs`` instead to define the role preference. + ``enable_print_client`` ~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/rhel8/index.md b/rhel8/index.md index f6a9b8cb..ccb19659 100644 --- a/rhel8/index.md +++ b/rhel8/index.md @@ -19,12 +19,11 @@ It looks like it works already a lot out of the box, but no guarantee can be giv ## Major Known Issues -- +- sssd_kcm switches Kerberos credential cache midsession [PSILINUX-120](https://jira.psi.ch/browse/PSILINUX-120) ## Major Missing Features -- security patches are automatically installed [PSILINUX-98](https://jira.psi.ch/browse/PSILINUX-98) -- minimal default installation, aka gem, git and postfix is not installed by default [PSILINUX-100](https://jira.psi.ch/browse/PSILINUX-100) +- not all interesting 3rd-party packages available yet [PSILINUX-113](https://jira.psi.ch/browse/PSILINUX-113) ## Caveats @@ -58,8 +57,6 @@ This needs to be fixed manually: - run the complaining command and approve (or use `--yes`) - run `puppet agent -t` to finalize the configuration - - ### "yum/dnf search" Gives Permission Denied as Normal User It works fine beside the below error message: ```