diff --git a/hiera.yaml b/hiera.yaml index a7892a47b..b26b7afbd 100644 --- a/hiera.yaml +++ b/hiera.yaml @@ -12,7 +12,7 @@ hierarchy: path: "private.yaml" - name: "Nodes" - path: "nodes/%{::hostname}.yaml" + path: "nodes/%{::trusted.hostname}.yaml" - name: "Type" path: "type/%{::type}.yaml" @@ -21,16 +21,16 @@ hierarchy: path: "is_virtual/%{::is_virtual}.yaml" - name: "OS version" - path: "os/%{::lsbdistcodename}.yaml" + path: "os/%{::os.distro.codename}.yaml" - name: "Common defaults" path: "common.yaml" - name: "Kubernetes hosts" - path: "kubernetes/hosts/%{::hostname}.yaml" + path: "kubernetes/hosts/%{::trusted.hostname}.yaml" - name: "Kubernetes os" - path: "kubernetes/os/%{::osfamily}.yaml" + path: "kubernetes/os/%{::os.family}.yaml" - name: "Dummy secrets" path: "dummy_secrets.yaml" diff --git a/manifests/site_ssl.pp b/manifests/site_ssl.pp index c0c573a62..7e438e08a 100644 --- a/manifests/site_ssl.pp +++ b/manifests/site_ssl.pp @@ -6,7 +6,7 @@ # https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29 # # This should be updated from time-to-time. -if $::lsbdistcodename == 'bullseye' { +if $::os['distro']['codename'] == 'bullseye' { $ssl_ciphersuite = 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384' $ssl_protocols = 'TLSv1.2 TLSv1.3' } else { diff --git a/modules/ocf/manifests/apt.pp b/modules/ocf/manifests/apt.pp index d4e12f06e..15d4d9ad7 100644 --- a/modules/ocf/manifests/apt.pp +++ b/modules/ocf/manifests/apt.pp @@ -11,12 +11,12 @@ $repos = 'main contrib non-free' - if $::lsbdistid == 'Debian' { + if $::os['distro']['id'] == 'Debian' { if $::operatingsystemmajrelease != '11' { apt::source { 'debian': location => 'http://mirrors/debian/', - release => $::lsbdistcodename, + release => $::os['distro']['codename'], repos => $repos, include => { src => true @@ -24,7 +24,7 @@ 'debian-updates': location => 'http://mirrors/debian/', - release => "${::lsbdistcodename}-updates", + release => "${::os['distro']['codename']}-updates", repos => $repos, include => { src => true @@ -32,7 +32,7 @@ 'debian-security': location => 'http://mirrors/debian-security/', - release => "${::lsbdistcodename}/updates", + release => "${::os['distro']['codename']}/updates", repos => $repos, include => { src => true @@ -40,7 +40,7 @@ 'ocf': location => 'http://apt/', - release => $::lsbdistcodename, + release => $::os['distro']['codename'], repos => 'main', include => { src => true @@ -48,7 +48,7 @@ 'ocf-backports': location => 'http://apt/', - release => "${::lsbdistcodename}-backports", + release => "${::os['distro']['codename']}-backports", repos => 'main', include => { src => true @@ -58,7 +58,7 @@ # Pin anything coming from *-backports to be lower than normal priority apt::pin { 'ocf-backports': priority => 200, - codename => "${::lsbdistcodename}-backports", + codename => "${::os['distro']['codename']}-backports", } # TODO: Submit patch to puppetlabs-apt to enable having includes for @@ -72,7 +72,7 @@ apt::source { 'debian': location => 'http://mirrors/debian/', - release => $::lsbdistcodename, + release => $::os['distro']['codename'], repos => $repos, include => { src => true @@ -80,7 +80,7 @@ 'debian-updates': location => 'http://mirrors/debian/', - release => "${::lsbdistcodename}-updates", + release => "${::os['distro']['codename']}-updates", repos => $repos, include => { src => true @@ -88,7 +88,7 @@ 'debian-security': location => 'http://mirrors/debian-security/', - release => "${::lsbdistcodename}-security", + release => "${::os['distro']['codename']}-security", repos => $repos, include => { src => true @@ -114,7 +114,7 @@ # Pin anything coming from *-backports to be lower than normal priority apt::pin { 'ocf-backports': priority => 200, - codename => "${::lsbdistcodename}-backports", + codename => "${::os['distro']['codename']}-backports", } # TODO: Submit patch to puppetlabs-apt to enable having includes for @@ -124,11 +124,11 @@ } } - } elsif $::lsbdistid == 'Raspbian' { + } elsif $::os['distro']['id'] == 'Raspbian' { apt::source { 'raspbian': location => 'http://mirrors/raspbian/raspbian/', - release => $::lsbdistcodename, + release => $::os['distro']['codename'], repos => 'main contrib non-free rpi', include => { src => true @@ -136,7 +136,7 @@ 'archive-rpi': location => 'http://archive.raspberrypi.org/debian/', - release => $::lsbdistcodename, + release => $::os['distro']['codename'], repos => 'main ui', include => { src => true @@ -147,7 +147,7 @@ apt::source { 'puppetlabs': location => 'http://mirrors/puppetlabs/apt/', - release => $::lsbdistcodename, + release => $::os['distro']['codename'], repos => 'puppet', } diff --git a/modules/ocf/manifests/auth.pp b/modules/ocf/manifests/auth.pp index 4ef829a94..d47eb4faa 100644 --- a/modules/ocf/manifests/auth.pp +++ b/modules/ocf/manifests/auth.pp @@ -171,7 +171,7 @@ if str2bool($::puppetdb_running) { @@sshkey { $::hostname: host_aliases => $ssh_aliases, - key => $::sshecdsakey, + key => $::ssh['ecdsa']['key'], type => ecdsa-sha2-nistp256, } Sshkey <<| |>> diff --git a/modules/ocf/manifests/extrapackages.pp b/modules/ocf/manifests/extrapackages.pp index 9773e343d..1661f43c5 100644 --- a/modules/ocf/manifests/extrapackages.pp +++ b/modules/ocf/manifests/extrapackages.pp @@ -196,7 +196,7 @@ backport_on => ['buster', 'stretch'], } - if $::lsbdistcodename == 'stretch' { + if $::os['distro']['codename'] == 'stretch' { package { [ # php-mcrypt is deprecated since PHP 7.1 in favor of using openssl @@ -210,7 +210,7 @@ 'php7.0-dba', ]:; } - } elsif $::lsbdistcodename == 'buster' { + } elsif $::os['distro']['codename'] == 'buster' { # This isn't available as php-dba unfortunately (that's just a virtual # package for this), and with virtual packages puppet will try to install # them every run, leading to unnecessary noise diff --git a/modules/ocf/manifests/networking.pp b/modules/ocf/manifests/networking.pp index 96c9c8bbb..c7026f4a9 100644 --- a/modules/ocf/manifests/networking.pp +++ b/modules/ocf/manifests/networking.pp @@ -51,7 +51,7 @@ $logical_primary_interface = $first_active_iface } - if $::lsbdistid == 'Raspbian' { + if $::os['distro']['id'] == 'Raspbian' { # The raspberry pi has wifi, so we use that for networking $logical_primary_interface = 'wlan0' } diff --git a/modules/ocf/manifests/node_exporter.pp b/modules/ocf/manifests/node_exporter.pp index accb70494..1e719d4bf 100644 --- a/modules/ocf/manifests/node_exporter.pp +++ b/modules/ocf/manifests/node_exporter.pp @@ -7,7 +7,7 @@ content => template('ocf/environment.prom.erb'), } - if $::lsbdistid != 'Raspbian' { + if $::os['distro']['id'] != 'Raspbian' { # Attributes for this class are defined in hieradata include prometheus::node_exporter } diff --git a/modules/ocf/manifests/packages.pp b/modules/ocf/manifests/packages.pp index 6f0c27933..ec8baf4ac 100644 --- a/modules/ocf/manifests/packages.pp +++ b/modules/ocf/manifests/packages.pp @@ -25,7 +25,7 @@ # kept short, since apt-dater should be used to update almost all packages. # # TODO: Fix with the Raspberry Pi? - if $::lsbdistid == 'Debian' { + if $::os['distro']['id'] == 'Debian' { package { # Ensure ocflib is the latest version to quickly push out changes in lab # hours, etc. We control releases on this, so this should be safe. @@ -146,7 +146,7 @@ } # only install the python3.7 packages on stretch # python3 is python3.7 on buster and python3.9 on bullseye - if $::lsbdistcodename == 'stretch' { + if $::os['distro']['codename'] == 'stretch' { package { [ 'python3.7', @@ -156,7 +156,7 @@ } } # Packages to only install on Debian (not on Raspbian for example) - if $::lsbdistid == 'Debian' { + if $::os['distro']['id'] == 'Debian' { package { [ 'aactivator', diff --git a/modules/ocf/manifests/packages/docker/apt.pp b/modules/ocf/manifests/packages/docker/apt.pp index 51ba2654b..e89055447 100644 --- a/modules/ocf/manifests/packages/docker/apt.pp +++ b/modules/ocf/manifests/packages/docker/apt.pp @@ -8,7 +8,7 @@ apt::source { 'docker': location => '[arch=amd64] https://download.docker.com/linux/debian', - release => $::lsbdistcodename, + release => $::os['distro']['codename'], repos => 'stable', require => [Apt::Key['docker'], Package['apt-transport-https']], } diff --git a/modules/ocf/manifests/packages/element/apt.pp b/modules/ocf/manifests/packages/element/apt.pp index fb1072b7e..a2a615676 100644 --- a/modules/ocf/manifests/packages/element/apt.pp +++ b/modules/ocf/manifests/packages/element/apt.pp @@ -9,7 +9,7 @@ apt::source { 'element': architecture => 'amd64', location => 'https://packages.riot.im/debian', - release => $::lsbdistcodename, + release => $::os['distro']['codename'], repos => 'main', require => Apt::Key['element'], } diff --git a/modules/ocf/manifests/packages/grub.pp b/modules/ocf/manifests/packages/grub.pp index cbd9a390f..da7163c97 100644 --- a/modules/ocf/manifests/packages/grub.pp +++ b/modules/ocf/manifests/packages/grub.pp @@ -10,7 +10,7 @@ # need os-prober anyway to detect other OSes since we don't have other OSes, # and we'd rather not have data corruption in the future: # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788062 - if $::lsbdistid != 'Raspbian' { + if $::os['distro']['id'] != 'Raspbian' { # grub-pc or grub-efi aren't available on Raspbian. if str2bool($::is_efi_host) { ocf::repackage { 'grub-efi': diff --git a/modules/ocf/manifests/packages/memtest.pp b/modules/ocf/manifests/packages/memtest.pp index 10593ec28..031a70056 100644 --- a/modules/ocf/manifests/packages/memtest.pp +++ b/modules/ocf/manifests/packages/memtest.pp @@ -1,5 +1,5 @@ class ocf::packages::memtest { - if $::lsbdistid != 'Raspbian' { + if $::os['distro']['id'] != 'Raspbian' { package { 'memtest86+': } } } diff --git a/modules/ocf/manifests/packages/microcode.pp b/modules/ocf/manifests/packages/microcode.pp index c11b736ce..7bd3284fd 100644 --- a/modules/ocf/manifests/packages/microcode.pp +++ b/modules/ocf/manifests/packages/microcode.pp @@ -1,11 +1,11 @@ class ocf::packages::microcode { - if $::processor0 { - if $::processor0 =~ /\bIntel\b/ { + if $::processors['models'][0] { + if $::processors['models'][0] =~ /\bIntel\b/ { package { 'intel-microcode':; } - } elsif $::processor0 =~ /\bAMD\b/ { + } elsif $::processors['models'][0] =~ /\bAMD\b/ { package { 'amd64-microcode':; } } else { - fail("Don't know how to interpret processor0: ${::processor0}") + fail("Don't know how to interpret processor model: ${::processors['models'][0]}") } } } diff --git a/modules/ocf/manifests/packages/powershell/apt.pp b/modules/ocf/manifests/packages/powershell/apt.pp index 04bf69e85..bacb8cb66 100644 --- a/modules/ocf/manifests/packages/powershell/apt.pp +++ b/modules/ocf/manifests/packages/powershell/apt.pp @@ -4,7 +4,7 @@ id => 'BC528686B50D79E339D3721CEB3E94ADBE1229CF', source => 'https://packages.microsoft.com/keys/microsoft.asc'; } - if $::lsbdistcodename == 'stretch' { + if $::os['distro']['codename'] == 'stretch' { apt::source { 'powershell': architecture => 'amd64', location => 'https://packages.microsoft.com/repos/microsoft-debian-stretch-prod', @@ -16,7 +16,7 @@ apt::source { 'powershell': architecture => 'amd64', location => "https://packages.microsoft.com/debian/${::operatingsystemmajrelease}/prod", - release => $::lsbdistcodename, + release => $::os['distro']['codename'], repos => 'main', require => Apt::Key['powershell repo key'], } diff --git a/modules/ocf/manifests/packages/restic.pp b/modules/ocf/manifests/packages/restic.pp index c69b49bc0..e48558f15 100644 --- a/modules/ocf/manifests/packages/restic.pp +++ b/modules/ocf/manifests/packages/restic.pp @@ -1,6 +1,6 @@ class ocf::packages::restic { - if $::lsbdistcodename == 'buster' { + if $::os['distro']['codename'] == 'buster' { package { 'restic': ensure => 'purged', } diff --git a/modules/ocf/manifests/repackage.pp b/modules/ocf/manifests/repackage.pp index e4887537b..ad07521b2 100644 --- a/modules/ocf/manifests/repackage.pp +++ b/modules/ocf/manifests/repackage.pp @@ -2,14 +2,14 @@ $package = $title, $recommends = true, $backport_on = [], - $dist = "${::lsbdistcodename}-backports", + $dist = "${::os['distro']['codename']}-backports", ) { $install_options = $recommends ? { false => ['--no-install-recommends'], default => [] } - if member(any2array($backport_on), $::lsbdistcodename) { + if member(any2array($backport_on), $::os['distro']['codename']) { # We can't pin packages, because it won't install required dependencies that # way, so we instead upgrade the package once (as long as it isn't a # backport version already), and then future upgrades are done the normal diff --git a/modules/ocf/templates/networking/interface_normal.erb b/modules/ocf/templates/networking/interface_normal.erb index bebae5ef7..3bc499713 100644 --- a/modules/ocf/templates/networking/interface_normal.erb +++ b/modules/ocf/templates/networking/interface_normal.erb @@ -9,7 +9,7 @@ iface <%= @logical_primary_interface %> inet6 static netmask <%= @netmask6 %> gateway <%= @gateway6 %> -<%- if @lsbdistid == 'Raspbian' -%> +<%- if @os['distro']['id'] == 'Raspbian' -%> pre-up wpa_supplicant -B -Dnl80211 -i<%= @logical_primary_interface %> -c /etc/wpa_supplicant/wpa_supplicant.conf -f /var/log/wpa_supplicant.log post-down killall wpa_supplicant <%- end -%> diff --git a/modules/ocf_desktop/manifests/packages.pp b/modules/ocf_desktop/manifests/packages.pp index d39cfaa07..8e61a2748 100644 --- a/modules/ocf_desktop/manifests/packages.pp +++ b/modules/ocf_desktop/manifests/packages.pp @@ -47,7 +47,7 @@ ['xclip', 'xdotool', 'xsel', 'xserver-xorg', 'xscreensaver', 'freerdp2-x11']:; } - if $::lsbdistcodename == 'stretch' { + if $::os['distro']['codename'] == 'stretch' { package { [ # preload hasn't been updated since 2009, and I'm not sure we really @@ -69,7 +69,7 @@ ]:; } } - if $::lsbdistcodename == 'buster' { + if $::os['distro']['codename'] == 'buster' { package { [ # Zenmap depends on Python 2 and is therefore no longer in bullseye @@ -86,7 +86,7 @@ ]:; } } - if $::lsbdistcodename == 'bullseye' { + if $::os['distro']['codename'] == 'bullseye' { package { [ # OpenJDK 17 (LTS) is in bullseye diff --git a/modules/ocf_desktop/manifests/xsession.pp b/modules/ocf_desktop/manifests/xsession.pp index 0309eecdf..97e39b22b 100644 --- a/modules/ocf_desktop/manifests/xsession.pp +++ b/modules/ocf_desktop/manifests/xsession.pp @@ -129,7 +129,7 @@ } # use ocf logo on login screen - if $::lsbdistcodename == 'bullseye' { + if $::os['distro']['codename'] == 'bullseye' { file { ['/usr/share/icons/Adwaita', '/usr/share/icons/Adwaita/512x512', '/usr/share/icons/Adwaita/512x512/status']: ensure => directory; diff --git a/modules/ocf_irc/manifests/ircd.pp b/modules/ocf_irc/manifests/ircd.pp index 7dc5d836f..f0fd81cf3 100644 --- a/modules/ocf_irc/manifests/ircd.pp +++ b/modules/ocf_irc/manifests/ircd.pp @@ -19,7 +19,7 @@ $irc_creds = lookup('irc_creds') - if $::lsbdistcodename == 'buster' { + if $::os['distro']['codename'] == 'buster' { # Disable the AppArmor profile for inspircd, since it prevents us from # accessing the necessary TLS certs file { '/etc/apparmor.d/disable/usr.sbin.inspircd': diff --git a/modules/ocf_www/manifests/mod/php.pp b/modules/ocf_www/manifests/mod/php.pp index 65580923a..5139482d4 100644 --- a/modules/ocf_www/manifests/mod/php.pp +++ b/modules/ocf_www/manifests/mod/php.pp @@ -1,7 +1,7 @@ class ocf_www::mod::php { package { ['php-cgi', 'php-apcu']:; } - $php_version = $::lsbdistcodename ? { + $php_version = $::os['distro']['codename'] ? { 'stretch' => '7.0', 'buster' => '7.3', }