From d298e3f6870b016a10c5b24bb2d0c29b16265629 Mon Sep 17 00:00:00 2001 From: deepakt7340 Date: Sun, 15 Mar 2026 15:55:06 +0530 Subject: [PATCH 1/2] replace class for profile::cron to profile::system::cron --- .../manifests/system/service/sssd/auth.pp | 2 +- modules/enableit/profile/REFERENCE.md | 16 ++++++++-------- .../manifests/projectmanagement/perforce.pp | 2 +- .../enableit/profile/manifests/storage/nfs.pp | 2 +- .../enableit/profile/manifests/system/cron.pp | 2 +- .../profile/manifests/system/cron/job.pp | 4 ++-- .../profile/manifests/virtualization/docker.pp | 2 +- modules/enableit/profile/types/cron/hour.pp | 2 +- modules/enableit/profile/types/cron/minute.pp | 2 +- 9 files changed, 17 insertions(+), 17 deletions(-) diff --git a/modules/enableit/monitor/manifests/system/service/sssd/auth.pp b/modules/enableit/monitor/manifests/system/service/sssd/auth.pp index 58073daa..e369caf2 100644 --- a/modules/enableit/monitor/manifests/system/service/sssd/auth.pp +++ b/modules/enableit/monitor/manifests/system/service/sssd/auth.pp @@ -27,7 +27,7 @@ TEST_USERS=(${test_users.join(' ')})\n", noop => $noop_value, } - profile::cron::job { 'test sssd user lookup': + profile::system::cron::job { 'test sssd user lookup': enable => $_enable, minute => '*/10', user => 'obmondo-admin', diff --git a/modules/enableit/profile/REFERENCE.md b/modules/enableit/profile/REFERENCE.md index c9f4bf48..40be1013 100644 --- a/modules/enableit/profile/REFERENCE.md +++ b/modules/enableit/profile/REFERENCE.md @@ -19,7 +19,7 @@ * [`profile::computing::slurm::slurmctld`](#profile--computing--slurm--slurmctld): Slurm slurm::slurmctld * [`profile::computing::slurm::slurmd`](#profile--computing--slurm--slurmd): Slurm slurm::slurmd * [`profile::computing::slurm::slurmdbd`](#profile--computing--slurm--slurmdbd): Slurm slurm::slurmctld -* [`profile::cron`](#profile--cron): cron +* [`profile::system::cron`](#profile--cron): cron * [`profile::db::cassandra`](#profile--db--cassandra): Profile for managing Cassandra database * [`profile::db::elasticsearch`](#profile--db--elasticsearch): Elasticsearch profile Puppet module does not support 8.x and Zscaler needs 8.x only Cert Setup NOTE: The cert are automatically setup when * [`profile::db::elasticsearch::cerebro`](#profile--db--elasticsearch--cerebro): Cerebro @@ -152,7 +152,7 @@ * [`profile::certs::ca_cert`](#profile--certs--ca_cert): CA Cert * [`profile::certs::letsencrypt::domain`](#profile--certs--letsencrypt--domain): Certificates NOTE: only haproxy role support letsencrypt for now blackbox will scrape the domains if its given in the role::web::haproxy * [`profile::certs::manual`](#profile--certs--manual): Manual certificate TODO: lets not accept expired cert from users. need to update the underlying module openssl::cert_date_valid($_cert_file) -* [`profile::cron::job`](#profile--cron--job): Wrapper that escapes cron command for easy use +* [`profile::system::cron::job`](#profile--cron--job): Wrapper that escapes cron command for easy use * [`profile::storage::mount`](#profile--storage--mount): regular mount * [`profile::storage::nfs::server::export`](#profile--storage--nfs--server--export): nfs export * [`profile::system::selinux::fcontext`](#profile--system--selinux--fcontext) @@ -1084,13 +1084,13 @@ Data type: `String` Default value: `'127.0.0.1'` -### `profile::cron` +### `profile::system::cron` cron #### Parameters -The following parameters are available in the `profile::cron` class: +The following parameters are available in the `profile::system::cron` class: * [`purge_unmanaged`](#-profile--cron--purge_unmanaged) * [`jobs`](#-profile--cron--jobs) @@ -10476,13 +10476,13 @@ Data type: `Optional[Array[Stdlib::Port]]` Default value: `undef` -### `profile::cron::job` +### `profile::system::cron::job` Wrapper that escapes cron command for easy use #### Parameters -The following parameters are available in the `profile::cron::job` defined type: +The following parameters are available in the `profile::system::cron::job` defined type: * [`command`](#-profile--cron--job--command) * [`enable`](#-profile--cron--job--enable) @@ -10543,7 +10543,7 @@ Default value: `'*'` ##### `hour` -Data type: `Profile::Cron::Hour` +Data type: `Profile::System::Cron::Hour` @@ -10551,7 +10551,7 @@ Default value: `'*'` ##### `minute` -Data type: `Profile::Cron::Minute` +Data type: `Profile::System::Cron::Minute` diff --git a/modules/enableit/profile/manifests/projectmanagement/perforce.pp b/modules/enableit/profile/manifests/projectmanagement/perforce.pp index aab5b9cb..798d5faa 100644 --- a/modules/enableit/profile/manifests/projectmanagement/perforce.pp +++ b/modules/enableit/profile/manifests/projectmanagement/perforce.pp @@ -106,7 +106,7 @@ group => 'root' } - profile::cron::job { 'p4d checkpoint and snapshot': + profile::system::cron::job { 'p4d checkpoint and snapshot': command => "chronic /opt/obmondo/bin/perforce-p4d-backup --log-dir '${log_dir}' --backup-target-dir '${backup_dir}' --all --keep-days ${backup_retention} --delete", # lint:ignore:140chars hour => 3, minute => 0, diff --git a/modules/enableit/profile/manifests/storage/nfs.pp b/modules/enableit/profile/manifests/storage/nfs.pp index e8f1402e..013238eb 100644 --- a/modules/enableit/profile/manifests/storage/nfs.pp +++ b/modules/enableit/profile/manifests/storage/nfs.pp @@ -20,7 +20,7 @@ } # Automatically lazy unmount mounted snapshots from NetApp - profile::cron::job { 'umount netapp snapshots': + profile::system::cron::job { 'umount netapp snapshots': enable => $_has_nfs_mounts, command => 'findmnt -t nfs,nfs4 -o TARGET --raw | grep /.snapshot/ | xargs --no-run-if-empty umount -l', hour => 2, diff --git a/modules/enableit/profile/manifests/system/cron.pp b/modules/enableit/profile/manifests/system/cron.pp index 119c31e1..8f73af1c 100644 --- a/modules/enableit/profile/manifests/system/cron.pp +++ b/modules/enableit/profile/manifests/system/cron.pp @@ -15,7 +15,7 @@ } $jobs.each |$name, $job| { - profile::cron::job { $name: + profile::system::cron::job { $name: * => $job, } } diff --git a/modules/enableit/profile/manifests/system/cron/job.pp b/modules/enableit/profile/manifests/system/cron/job.pp index 2fbeb9ec..09f1b6ec 100644 --- a/modules/enableit/profile/manifests/system/cron/job.pp +++ b/modules/enableit/profile/manifests/system/cron/job.pp @@ -6,8 +6,8 @@ Variant[Enum['*'], Eit_types::Time::Weekdays] $weekday = '*', Cron::Month $month = '*', Variant[Enum['*'], Eit_types::Time::Monthday] $monthday = '*', - Profile::Cron::Hour $hour = '*', - Profile::Cron::Minute $minute = '*', + Profile::System::Cron::Hour $hour = '*', + Profile::System::Cron::Minute $minute = '*', Hash[String, String] $environment = {}, Eit_types::Noop_Value $noop_value = undef, ) { diff --git a/modules/enableit/profile/manifests/virtualization/docker.pp b/modules/enableit/profile/manifests/virtualization/docker.pp index c84dcbd1..d7b9c9b0 100644 --- a/modules/enableit/profile/manifests/virtualization/docker.pp +++ b/modules/enableit/profile/manifests/virtualization/docker.pp @@ -208,7 +208,7 @@ } } - profile::cron::job { 'regularly prune docker system': + profile::system::cron::job { 'regularly prune docker system': enable => $prune_system, command => "chronic docker system prune --all --force --filter until=$(( ${prune_duration} * 24 ))h", user => 'root', diff --git a/modules/enableit/profile/types/cron/hour.pp b/modules/enableit/profile/types/cron/hour.pp index d0da1a17..87658e9c 100644 --- a/modules/enableit/profile/types/cron/hour.pp +++ b/modules/enableit/profile/types/cron/hour.pp @@ -1,4 +1,4 @@ -type Profile::Cron::Hour = Variant[ +type Profile::System::Cron::Hour = Variant[ Enum['*'], Integer[0,24], Array[Integer[0,24]], diff --git a/modules/enableit/profile/types/cron/minute.pp b/modules/enableit/profile/types/cron/minute.pp index 8e2fb478..5bbdb6ae 100644 --- a/modules/enableit/profile/types/cron/minute.pp +++ b/modules/enableit/profile/types/cron/minute.pp @@ -1,4 +1,4 @@ -type Profile::Cron::Minute = Variant[ +type Profile::System::Cron::Minute = Variant[ Enum['*'], Integer[0,60], Array[Integer[0,60]], From b17b33e768e365d70140e2fb2b83c0b8ff97d436 Mon Sep 17 00:00:00 2001 From: deepakt7340 Date: Sun, 15 Mar 2026 21:20:43 +0530 Subject: [PATCH 2/2] fix the bug for common::service::systemd --- modules/enableit/common/data/os/RedHat.yaml | 4 +- .../enableit/common/manifests/backup/borg.pp | 34 +- .../common/manifests/backup/borg/push.pp | 2 +- .../common/manifests/backup/db/mysql.pp | 69 ++-- .../common/manifests/network/tcpshaker.pp | 33 +- modules/enableit/common/manifests/software.pp | 4 +- .../common/manifests/system/updates.pp | 6 +- .../user_management/authentication/sssd.pp | 1 + modules/enableit/lxd/manifests/init.pp | 49 ++- .../manifests/collector/splunk/forwarder.pp | 9 +- .../manifests/package_management/guix.pp | 51 +-- .../manifests/projectmanagement/gitlab.pp | 300 +++++++++--------- .../projectmanagement/readthedocs.pp | 40 ++- .../profile/manifests/software/teleport.pp | 19 +- .../manifests/software/walinuxagent.pp | 27 +- .../manifests/system/authentication/sssd.pp | 136 ++++---- .../enableit/profile/manifests/system/dns.pp | 53 ++-- .../manifests/system/service_oneshot.pp | 46 ++- .../virtualization/vmware/openvmtools.pp | 4 +- .../enableit/profile/manifests/web/nginx.pp | 26 +- .../profile/types/{ => system}/cron/hour.pp | 0 .../profile/types/{ => system}/cron/minute.pp | 0 22 files changed, 513 insertions(+), 400 deletions(-) rename modules/enableit/profile/types/{ => system}/cron/hour.pp (100%) rename modules/enableit/profile/types/{ => system}/cron/minute.pp (100%) diff --git a/modules/enableit/common/data/os/RedHat.yaml b/modules/enableit/common/data/os/RedHat.yaml index eaad9665..e5458cfc 100644 --- a/modules/enableit/common/data/os/RedHat.yaml +++ b/modules/enableit/common/data/os/RedHat.yaml @@ -160,11 +160,9 @@ common::user_management::authentication::pam::password_session_lines: - - 99 - 'optional pam_sss.so' -common::system::services: +common::system::disabled_services: 'dnf-makecache.timer': - enable: 'mask' 'dnf-automatic.timer': - enable: 'mask' common::monitor::prometheus::env_file_path: '/etc/sysconfig' common::monitor::exporter::security::enable: true diff --git a/modules/enableit/common/manifests/backup/borg.pp b/modules/enableit/common/manifests/backup/borg.pp index 95577fe7..db59e8fe 100644 --- a/modules/enableit/common/manifests/backup/borg.pp +++ b/modules/enableit/common/manifests/backup/borg.pp @@ -99,22 +99,26 @@ authorized_keys => $authorized_keys, } } else { - ## services - common::services::systemd { 'obmondo-backup-borg@.service': - ensure => false, + ## Define the Templated Borg Backup Service + $_borg_backup_content = @("EOT"/) + [Unit] + Description=Obmondo borg backup + + [Service] + Type=oneshot + ExecStart=/bin/bash ${__dir}/repo_%i.sh run + ExecStartPost=/bin/bash ${__dir}/repo_%i.sh check_icinga + TimeoutSec=3600 + + [Install] + WantedBy=default.target + | EOT + + systemd::unit_file { 'obmondo-backup-borg@.service': + ensure => 'absent', enable => false, - unit => { - 'Description' => 'Obmondo borg backup', - }, - service => { - 'Type' => 'oneshot', - 'ExecStart' => "/bin/bash ${__dir}/repo_%i.sh run", - 'ExecStartPost' => "/bin/bash ${__dir}/repo_%i.sh check_icinga", - 'TimeoutSec' => 3600, - }, - install => { - 'WantedBy' => 'default.target', - }, + active => false, + content => $_borg_backup_content, } $repos.each |$k, $v| { common::backup::borg::push { $k: diff --git a/modules/enableit/common/manifests/backup/borg/push.pp b/modules/enableit/common/manifests/backup/borg/push.pp index 96de2f5d..fa2d97e1 100644 --- a/modules/enableit/common/manifests/backup/borg/push.pp +++ b/modules/enableit/common/manifests/backup/borg/push.pp @@ -40,7 +40,7 @@ env_vars => { 'BORG_RSH' => "ssh -i ${_ssh_key_file} -o BatchMode=yes", }, - crontab_define => 'common::services::systemd', + crontab_define => 'systemd::unit_file', crontabs => { "obmondo-backup-borg@${_reponame}.timer" => { ensure => true, #lint:ignore:ensure_first_param diff --git a/modules/enableit/common/manifests/backup/db/mysql.pp b/modules/enableit/common/manifests/backup/db/mysql.pp index 8b2af924..760098a5 100644 --- a/modules/enableit/common/manifests/backup/db/mysql.pp +++ b/modules/enableit/common/manifests/backup/db/mysql.pp @@ -74,38 +74,49 @@ dump_dir => $dump_dir, }), } - common::services::systemd { 'mysql-backup.timer': - ensure => true, - enable => true, - timer => { - 'OnCalendar' => systemd_make_timespec({ - 'year' => '*', - 'month' => '*', - 'day' => '*', - 'hour' => $backup_hour, - 'minute' => 0, - 'second' => 0, - }), - 'Unit' => 'mysql-backup.service', - }, - unit => { - 'Requires' => 'mysql-backup.service', - }, - install => { - 'WantedBy' => 'timers.target', - }, + # Define the MySQL Backup Service + $_mysql_service_content = @("EOT"/) + [Unit] + Description=MySQL Backup Service + Wants=mysql-backup.timer + + [Service] + Type=oneshot + ExecStart=/bin/sh -c '/opt/obmondo/bin/mysqlbackup.sh' + + [Install] + WantedBy=multi-user.target + | EOT + + systemd::unit_file { 'mysql-backup.service': + ensure => 'present', + content => $_mysql_service_content, require => File['/opt/obmondo/bin/mysqlbackup.sh'], } - common::services::systemd { 'mysql-backup.service': + + # Define the MySQL Backup Timer + $_mysql_timer_content = @("EOT"/) + [Unit] + Description=Run MySQL Backup daily at ${backup_hour}:00 + Requires=mysql-backup.service + + [Timer] + OnCalendar=*-*-* ${backup_hour}:00:00 + Unit=mysql-backup.service + + [Install] + WantedBy=timers.target + | EOT + + systemd::unit_file { 'mysql-backup.timer': ensure => 'present', - unit => { - 'Wants' => 'mysql-backup.timer', - }, - service => { - 'Type' => 'oneshot', - 'ExecStart' => "/bin/sh -c '/opt/obmondo/bin/mysqlbackup.sh'", - }, - require => File['/opt/obmondo/bin/mysqlbackup.sh'], + enable => true, + active => true, + content => $_mysql_timer_content, + require => [ + File['/opt/obmondo/bin/mysqlbackup.sh'], + Systemd::Unit_file['mysql-backup.service'], + ], } } } diff --git a/modules/enableit/common/manifests/network/tcpshaker.pp b/modules/enableit/common/manifests/network/tcpshaker.pp index 7d8b0460..4495b470 100644 --- a/modules/enableit/common/manifests/network/tcpshaker.pp +++ b/modules/enableit/common/manifests/network/tcpshaker.pp @@ -48,18 +48,27 @@ noop => $noop_value, } - common::services::systemd { 'tcpshaker.service': - ensure => $enable, - enable => $enable, - noop_value => $noop_value, - unit => { - 'Description' => 'TCP Shaker Daemon Mode', - }, - service => { - 'Type' => 'simple', - 'ExecStart' => "/opt/obmondo/bin/tcp_shaker -d -f ${config_location} -n ${requests_per_check} -c ${concurrency}", - }, - require => [ + # Define the TCP Shaker Service content + $_tcpshaker_content = @("EOT"/) + [Unit] + Description=TCP Shaker Daemon Mode + + [Service] + Type=simple + ExecStart=/opt/obmondo/bin/tcp_shaker -d -f ${config_location} -n ${requests_per_check} -c ${concurrency} + + [Install] + WantedBy=multi-user.target + | EOT + + # Deploy the systemd unit file + systemd::unit_file { 'tcpshaker.service': + ensure => $enable ? { true => 'present', default => 'absent' }, + enable => $enable, + active => $enable, + content => $_tcpshaker_content, + noop => $noop_value, + require => [ Package[$package_name], File[$config_location], ], diff --git a/modules/enableit/common/manifests/software.pp b/modules/enableit/common/manifests/software.pp index da756a46..5a1ab9a9 100644 --- a/modules/enableit/common/manifests/software.pp +++ b/modules/enableit/common/manifests/software.pp @@ -71,10 +71,10 @@ } if lookup('common::software::openvmtools::manage', Boolean, undef, false) { - include common::software::opemvmtools + include common::software::openvmtools } if lookup('common::software::nivisa::manage', Boolean, undef, false) { - include common::software::opemvmtools + include common::software::openvmtools } } diff --git a/modules/enableit/common/manifests/system/updates.pp b/modules/enableit/common/manifests/system/updates.pp index 6431fe83..3517542d 100644 --- a/modules/enableit/common/manifests/system/updates.pp +++ b/modules/enableit/common/manifests/system/updates.pp @@ -61,8 +61,10 @@ }, ]): ensure => 'absent', } - common::services::systemd { 'yum-system-upgrade.service': - ensure => 'absent', + # Ensure the service is stopped and disabled + service { 'yum-system-upgrade.service': + ensure => 'stopped', + enable => false, } package { 'obmondo-system-update': diff --git a/modules/enableit/common/manifests/user_management/authentication/sssd.pp b/modules/enableit/common/manifests/user_management/authentication/sssd.pp index 6b9934f9..50c83755 100644 --- a/modules/enableit/common/manifests/user_management/authentication/sssd.pp +++ b/modules/enableit/common/manifests/user_management/authentication/sssd.pp @@ -31,6 +31,7 @@ 'pam', 'ssh', 'sudo', + 'pac', ], Array[Eit_types::Sssd::Service] $_available_services = undef, Boolean $enable = false, diff --git a/modules/enableit/lxd/manifests/init.pp b/modules/enableit/lxd/manifests/init.pp index db257fb3..7fdb1a7e 100644 --- a/modules/enableit/lxd/manifests/init.pp +++ b/modules/enableit/lxd/manifests/init.pp @@ -135,25 +135,40 @@ # Make lxd-containers depend on the required filesystems, if any. Filesystems # refer to devices instantiated with our own services. These are named # `disk@%i.service`. - $_service_units = $requires_filesystems.reduce([]) |$acc, $name| { + # Generate the list of systemd service names for the dependencies + $_dep_list = $requires_filesystems.map |$name| { $filesystem = $_filesystems[$name] - - unless $filesystem { - fail("Required filesystem '${name}' is not defined.") - } - - $_service = "${filesystem['type']}-mount-${name}.service" - - $acc + [ - {'After' => $_service}, - {'BindsTo' => $_service}, - ] + if !$filesystem { fail("Required filesystem '${name}' is not defined.") } + "${filesystem['type']}-mount-${name}.service" } - common::services::systemd { 'lxd-containers.service': - override => true, - unit => flatten($_service_units), + # Join them into space-separated strings for the systemd unit file + $_after_deps = join($_dep_list, ' ') + $_bindsto_deps = join($_dep_list, ' ') + + # Define the full service content + $_service_content = @("EOT"/) + # THIS FILE IS MANAGED BY LINUXAID. CHANGES WILL BE LOST. + [Unit] + Description=LXD - Container Management Service + After=network.target syslog.target ${_after_deps} + BindsTo=${_bindsto_deps} + + [Service] + Type=simple + ExecStart=/usr/bin/lxd --group lxd --debug + Restart=on-failure + KillMode=process + + [Install] + WantedBy=multi-user.target + | EOT + + # Use systemd::unit_file to manage the service + systemd::unit_file { 'lxd-containers.service': + ensure => 'present', + enable => true, + active => true, + content => $_service_content, } - - } diff --git a/modules/enableit/profile/manifests/collector/splunk/forwarder.pp b/modules/enableit/profile/manifests/collector/splunk/forwarder.pp index 88f38904..01ecd90f 100644 --- a/modules/enableit/profile/manifests/collector/splunk/forwarder.pp +++ b/modules/enableit/profile/manifests/collector/splunk/forwarder.pp @@ -83,10 +83,11 @@ } else { if $facts['init_system'] == 'systemd' { - common::services::systemd { 'SplunkForwarder.service': - ensure => 'absent', - enable => false, - noop_value => $noop_value, + # Ensure the SplunkForwarder service is stopped and disabled + service { 'SplunkForwarder.service': + ensure => 'stopped', + enable => false, + noop => $noop_value, } } diff --git a/modules/enableit/profile/manifests/package_management/guix.pp b/modules/enableit/profile/manifests/package_management/guix.pp index 07df48be..b6e3d9b0 100644 --- a/modules/enableit/profile/manifests/package_management/guix.pp +++ b/modules/enableit/profile/manifests/package_management/guix.pp @@ -105,29 +105,34 @@ require => File['/var/guix'], } - common::services::systemd { 'guix-daemon.service': - unit => { - 'Description' => 'Build daemon for GNU Guix', - }, - service => { - 'EnvironmentFile' => '-/etc/default/guix-daemon', - 'Environment' => 'GUIX_LOCPATH=/root/.guix-profile/lib/locale', - 'ExecStart' => '/var/guix/profiles/per-user/root/guix-profile/bin/guix-daemon --build-users-group=guixbuild --listen=0.0.0.0 --listen=/var/guix/daemon-socket/socket', #lint:ignore:140chars - 'RemainAfterExit' => 'yes', - 'StandardOutput' => 'syslog', - 'StandardError' => 'syslog', - 'Restart' => 'always', - 'RestartSec' => '2m', - # See - # . - # Some package builds (for example, go@1.8.1) may require even more than - # 1024 tasks. - 'TasksMax' => '8192', - }, - install => { - 'WantedBy' => 'multi-user.target', - }, + # Define the GNU Guix Build Daemon content + $_guix_daemon_content = @("EOT"/) + [Unit] + Description=Build daemon for GNU Guix + + [Service] + EnvironmentFile=-/etc/default/guix-daemon + Environment=GUIX_LOCPATH=/root/.guix-profile/lib/locale + ExecStart=/var/guix/profiles/per-user/root/guix-profile/bin/guix-daemon --build-users-group=guixbuild --listen=0.0.0.0 --listen=/var/guix/daemon-socket/socket + RemainAfterExit=yes + StandardOutput=syslog + StandardError=syslog + Restart=always + RestartSec=2m + # See . + # Some package builds may require more than 1024 tasks. + TasksMax=8192 + + [Install] + WantedBy=multi-user.target + | EOT + + # Deploy the unit file and manage the service + systemd::unit_file { 'guix-daemon.service': + ensure => 'present', + enable => true, + active => true, + content => $_guix_daemon_content, require => User[$_guix_builder_users], } - } diff --git a/modules/enableit/profile/manifests/projectmanagement/gitlab.pp b/modules/enableit/profile/manifests/projectmanagement/gitlab.pp index d11d3120..ddd2cf08 100644 --- a/modules/enableit/profile/manifests/projectmanagement/gitlab.pp +++ b/modules/enableit/profile/manifests/projectmanagement/gitlab.pp @@ -107,88 +107,81 @@ require => Package['obmondo-gitlab-update-check-collector'], } - common::services::systemd { 'gitlab-update-check.timer': - ensure => true, - enable => true, - timer => { - 'OnCalendar' => systemd_make_timespec({ - 'year' => '*', - 'month' => '*', - 'day' => '*', - 'hour' => 0, - 'minute' => 0, - 'second' => 0, - }), - 'Unit' => 'gitlab-update-check.service', - }, - unit => { - 'Requires' => 'gitlab-update-check.service', - }, - install => { - 'WantedBy' => 'timers.target', - }, - require => [ - Package['obmondo-gitlab-update-check-collector'], - File["${textfile_directory}/gitlab.prom"], - ], - } - - common::services::systemd { 'gitlab-update-check.service': - ensure => 'present', - unit => { - 'Wants' => 'gitlab-update-check.timer', - }, - service => { - 'Type' => 'oneshot', - 'ExecStart' => "sh -c '/opt/obmondo/bin/check_gitlab_update > ${textfile_directory}/gitlab.prom'", - }, - install => { - 'WantedBy' => 'multi-user.target', - }, - require => [ + $_gitlab_update_timer = @("EOT"/) + # THIS FILE IS MANAGED BY OBMONDO. CHANGES WILL BE LOST. + [Unit] + Description=Check for GitLab updates daily + Requires=gitlab-update-check.service + + [Timer] + OnCalendar=*-*-* 00:00:00 + Unit=gitlab-update-check.service + + [Install] + WantedBy=timers.target + | EOT + + $_gitlab_update_service = @("EOT"/) + # THIS FILE IS MANAGED BY OBMONDO. CHANGES WILL BE LOST. + [Unit] + Description=Check for GitLab updates + Wants=gitlab-update-check.timer + + [Service] + Type=oneshot + ExecStart=sh -c '/opt/obmondo/bin/check_gitlab_update > ${textfile_directory}/gitlab.prom' + + [Install] + WantedBy=multi-user.target + | EOT + + systemd::timer { 'gitlab-update-check.timer': + ensure => present, + active => true, + enable => true, + timer_content => $_gitlab_update_timer, + service_content => $_gitlab_update_service, + require => [ Package['obmondo-gitlab-update-check-collector'], File["${textfile_directory}/gitlab.prom"], ], } ## The puma_worker is using high cpu to to restart th puma_worker need to restart the gitlab service - common::services::systemd { 'gitlab-puma-bug.timer': - ensure => $puma_bug, - enable => $puma_bug, - timer => { - 'OnCalendar' => systemd_make_timespec({ - 'year' => '*', - 'month' => '*', - 'weekday' => 'Tue', - 'day' => '*', - 'hour' => 5, - 'minute' => 0, - 'second' => 0, - }), - 'Unit' => 'gitlab-puma-bug.service', - }, - unit => { - 'Requires' => 'gitlab-puma-bug.service', - }, - install => { - 'WantedBy' => 'timers.target', - }, - } - - common::services::systemd { 'gitlab-puma-bug.service': - ensure => 'present', - enable => false, - unit => { - 'Description' => 'Puma worker using high cpu so restarting the gitlab service', - 'Wants' => 'gitlab-puma-bug.timer', - }, - service => { - 'Type' => 'oneshot', - 'ExecStart' => '/usr/bin/gitlab-ctl restart', - }, - install => { - 'WantedBy' => 'multi-user.target', - }, + $_puma_bug_timer = @("EOT"/) + # THIS FILE IS MANAGED BY OBMONDO. CHANGES WILL BE LOST. + [Unit] + Description=Puma worker using high cpu so restarting the gitlab service + Requires=gitlab-puma-bug.service + + [Timer] + OnCalendar=Tue *-*-* 05:00:00 + Unit=gitlab-puma-bug.service + + [Install] + WantedBy=timers.target + | EOT + + $_puma_bug_service = @("EOT"/) + # THIS FILE IS MANAGED BY OBMONDO. CHANGES WILL BE LOST. + [Unit] + Description=Puma worker using high cpu so restarting the gitlab service + Wants=gitlab-puma-bug.timer + + [Service] + Type=oneshot + ExecStart=/usr/bin/gitlab-ctl restart + + [Install] + WantedBy=multi-user.target + | EOT + + systemd::timer { 'gitlab-puma-bug.timer': + ensure => present, + active => true, + enable => true, + timer_content => $_puma_bug_timer, + service_content => $_puma_bug_service, } $bind_ports = [ @@ -588,83 +581,88 @@ group => $gitlab_psql_user, } - common::services::systemd { 'mattermost-db-backup.timer': - ensure => ensure_present($mattermost), - enable => $mattermost, - timer => { - 'OnCalendar' => systemd_make_timespec({ - 'year' => '*', - 'month' => '*', - 'day' => '*', - 'hour' => ( 1 + lookup('gitlab::backup_cron_hour', Eit_types::TimeHour, undef, 3)), - 'minute' => ( 1 + lookup('gitlab::backup_cron_minute', Eit_types::TimeMinute, undef, 0)), - 'second' => 0, - }), - 'Unit' => 'mattermost-db-backup.service', - }, - unit => { - 'Requires' => 'mattermost-db-backup.service', - }, - install => { - 'WantedBy' => 'timers.target', - }, - } - - common::services::systemd { 'mattermost-db-backup.service': - ensure => ensure_present($mattermost), - enable => $mattermost, - unit => { - 'Wants' => 'mattermost-db-backup.timer', - }, - service => { - 'Type' => 'simple', - 'ExecStart' => "sh -c '/opt/gitlab/embedded/bin/pg_dump -h /var/opt/gitlab/postgresql mattermost_production | gzip > ${_backup_path}/mattermost/mattermost_dbdump_\$(date --rfc-3339=date).sql.gz'", #lint:ignore:140chars - 'User' => $gitlab_psql_user, - 'Group' => $gitlab_psql_user, - }, - install => { - 'WantedBy' => 'multi-user.target', - }, - } - - common::services::systemd { 'mattermost-data-backup.timer': - ensure => ensure_present($mattermost), - enable => $mattermost, - timer => { - 'OnCalendar' => systemd_make_timespec({ - 'year' => '*', - 'month' => '*', - 'day' => '*', - 'hour' => ( 2 + lookup('gitlab::backup_cron_hour', Eit_types::TimeHour, undef, 3)), - 'minute' => ( 2 + lookup('gitlab::backup_cron_minute', Eit_types::TimeMinute, undef, 0)), - 'second' => 0, - }), - 'Unit' => 'mattermost-data-backup.service', - }, - unit => { - 'Requires' => 'mattermost-data-backup.service', - }, - install => { - 'WantedBy' => 'timers.target', - }, + # Calculate DB backup time based on GitLab offsets + $_db_hour = 1 + lookup('gitlab::backup_cron_hour', Eit_types::TimeHour, undef, 3) + $_db_minute = 1 + lookup('gitlab::backup_cron_minute', Eit_types::TimeMinute, undef, 0) + + $_mm_db_timer = @("EOT"/) + # THIS FILE IS MANAGED BY OBMONDO. CHANGES WILL BE LOST. + [Unit] + Description=Mattermost DB backup timer + Requires=mattermost-db-backup.service + + [Timer] + OnCalendar=*-*-* ${_db_hour}:${_db_minute}:00 + Unit=mattermost-db-backup.service + + [Install] + WantedBy=timers.target + | EOT + + $_mm_db_service = @("EOT"/) + # THIS FILE IS MANAGED BY OBMONDO. CHANGES WILL BE LOST. + [Unit] + Description=Mattermost DB backup service + Wants=mattermost-db-backup.timer + + [Service] + Type=simple + User=${gitlab_psql_user} + Group=${gitlab_psql_user} + ExecStart=sh -c '/opt/gitlab/embedded/bin/pg_dump -h /var/opt/gitlab/postgresql mattermost_production | gzip > ${_backup_path}/mattermost/mattermost_dbdump_$(date --rfc-3339=date).sql.gz' + + [Install] + WantedBy=multi-user.target + | EOT + + systemd::timer { 'mattermost-db-backup.timer': + ensure => ensure_present($mattermost), + active => $mattermost, + enable => $mattermost, + timer_content => $_mm_db_timer, + service_content => $_mm_db_service, } - common::services::systemd { 'mattermost-data-backup.service': - ensure => ensure_present($mattermost), - enable => $mattermost, - unit => { - 'Wants' => 'mattermost-data-backup.timer', - }, - service => { - 'Type' => 'simple', - 'ExecStart' => "sh -c '/usr/bin/tar -zcvf ${_backup_path}/mattermost_data_\$(date --rfc-3339=date).gz -C /var/opt/gitlab/mattermost data config.json'", #lint:ignore:140chars - 'User' => $backupcron_user, - 'Group' => $backupcron_user, - }, - install => { - 'WantedBy' => 'multi-user.target', - }, + # Calculate Data backup time based on GitLab offsets + $_data_hour = 2 + lookup('gitlab::backup_cron_hour', Eit_types::TimeHour, undef, 3) + $_data_minute = 2 + lookup('gitlab::backup_cron_minute', Eit_types::TimeMinute, undef, 0) + + $_mm_data_timer = @("EOT"/) + # THIS FILE IS MANAGED BY OBMONDO. CHANGES WILL BE LOST. + [Unit] + Description=Mattermost data backup timer + Requires=mattermost-data-backup.service + + [Timer] + OnCalendar=*-*-* ${_data_hour}:${_data_minute}:00 + Unit=mattermost-data-backup.service + + [Install] + WantedBy=timers.target + | EOT + + $_mm_data_service = @("EOT"/) + # THIS FILE IS MANAGED BY OBMONDO. CHANGES WILL BE LOST. + [Unit] + Description=Mattermost data backup service + Wants=mattermost-data-backup.timer + + [Service] + Type=simple + User=${backupcron_user} + Group=${backupcron_user} + ExecStart=sh -c '/usr/bin/tar -zcvf ${_backup_path}/mattermost_data_$(date --rfc-3339=date).gz -C /var/opt/gitlab/mattermost data config.json' + + [Install] + WantedBy=multi-user.target + | EOT + + systemd::timer { 'mattermost-data-backup.timer': + ensure => ensure_present($mattermost), + active => $mattermost, + enable => $mattermost, + timer_content => $_mm_data_timer, + service_content => $_mm_data_service, } } - } diff --git a/modules/enableit/profile/manifests/projectmanagement/readthedocs.pp b/modules/enableit/profile/manifests/projectmanagement/readthedocs.pp index 3d4094cd..2b17cad4 100644 --- a/modules/enableit/profile/manifests/projectmanagement/readthedocs.pp +++ b/modules/enableit/profile/manifests/projectmanagement/readthedocs.pp @@ -137,22 +137,30 @@ before => Service['readthedocs.service'], } - common::services::systemd { 'readthedocs.service': - unit => { - 'Description' => 'Read The Docs server', - 'Requires' => 'network.target', - 'After' => 'network.target', - }, - service => { - 'EnvironmentFile' => '-/etc/default/readthedocs', - 'WorkingDirectory' => $_repo_dir, - 'ExecStart' => "/usr/local/bin/with_virtualenv.sh ${_virtualenv_dir} 'python manage.py runserver ${bind}:${port}'", - 'Restart' => 'always', - 'RestartSec' => '30s', - }, - install => { - 'WantedBy' => 'multi-user.target', - }, + # Define the Read The Docs server service content + $_readthedocs_content = @("EOT"/) + [Unit] + Description=Read The Docs server + Requires=network.target + After=network.target + + [Service] + EnvironmentFile=-/etc/default/readthedocs + WorkingDirectory=${_repo_dir} + ExecStart=/usr/local/bin/with_virtualenv.sh ${_virtualenv_dir} 'python manage.py runserver ${bind}:${port}' + Restart=always + RestartSec=30s + + [Install] + WantedBy=multi-user.target + | EOT + + # Deploy the systemd unit file + systemd::unit_file { 'readthedocs.service': + ensure => 'present', + enable => true, + active => true, + content => $_readthedocs_content, } file { diff --git a/modules/enableit/profile/manifests/software/teleport.pp b/modules/enableit/profile/manifests/software/teleport.pp index 0690fa0b..9091ba6f 100644 --- a/modules/enableit/profile/manifests/software/teleport.pp +++ b/modules/enableit/profile/manifests/software/teleport.pp @@ -21,13 +21,18 @@ subscribe => Package['ca-certificates'], } - common::services::systemd { 'teleport.service' : - ensure => $enable, - override => $enable, - noop_value => $noop_value, - service => { - 'RuntimeDirectory' => 'teleport', - }, + # Define the override content + $_teleport_override = @("EOT"/) + [Service] + RuntimeDirectory=teleport + | EOT + + # Create the drop-in override file + systemd::unit_file { 'teleport.service': + ensure => ensure_present($enable), + path => '/etc/systemd/system/teleport.service.d/override.conf', + content => $_teleport_override, + notify => Service['teleport'], } file { '/etc/teleport.yaml': diff --git a/modules/enableit/profile/manifests/software/walinuxagent.pp b/modules/enableit/profile/manifests/software/walinuxagent.pp index be65f672..40300225 100644 --- a/modules/enableit/profile/manifests/software/walinuxagent.pp +++ b/modules/enableit/profile/manifests/software/walinuxagent.pp @@ -26,17 +26,22 @@ } if $waagent_memory_limit { - common::services::systemd { 'azure-walinuxagent-logcollector.slice': - ensure => ensure_present($enable), - unit => { - 'Description' => 'Slice for Azure VM Agent Periodic Log Collector', - 'DefaultDependencies' => 'no', - 'Before' => 'slices.target', - }, - slice => { - 'MemoryAccounting' => 'yes', - 'MemoryLimit' => $waagent_memory_limit, - }, + # Define the Azure Log Collector Slice content + $_waagent_slice_content = @("EOT"/) + [Unit] + Description=Slice for Azure VM Agent Periodic Log Collector + DefaultDependencies=no + Before=slices.target + + [Slice] + MemoryAccounting=yes + MemoryLimit=${waagent_memory_limit} + | EOT + + # Deploy the systemd slice unit file + systemd::unit_file { 'azure-walinuxagent-logcollector.slice': + ensure => ensure_present($enable), + content => $_waagent_slice_content, } } diff --git a/modules/enableit/profile/manifests/system/authentication/sssd.pp b/modules/enableit/profile/manifests/system/authentication/sssd.pp index 056833e0..8794a1ba 100644 --- a/modules/enableit/profile/manifests/system/authentication/sssd.pp +++ b/modules/enableit/profile/manifests/system/authentication/sssd.pp @@ -131,46 +131,42 @@ require => Package['obmondo-sssd-status-check'], } - common::services::systemd { 'sssd-status-check.timer': - ensure => $enable, - enable => $enable, - noop_value => $noop_value, - timer => { - 'OnBootSec' => '5min', - 'OnCalendar' => systemd_make_timespec({ - 'year' => '*', - 'month' => '*', - 'day' => '*', - 'hour' => 0, - 'minute' => 0, - 'second' => 0, - }), - 'Unit' => 'sssd-status-check.service', - }, - install => { - 'WantedBy' => 'timers.target', - }, - require => [ - Package['obmondo-sssd-status-check'], - File["${textfile_directory}/sssd.prom"], - ], - } - - common::services::systemd { 'sssd-status-check.service': - ensure => 'stopped', - enable => false, - noop_value => $noop_value, - unit => { - 'Wants' => 'sssd-status-check.timer', - }, - service => { - 'Type' => 'oneshot', - 'ExecStart' => "/bin/sh -c '/opt/obmondo/bin/sssd_status_check > ${textfile_directory}/sssd.prom'", - }, - install => { - 'WantedBy' => 'multi-user.target', - }, - require => [ + $_sssd_timer_content = @("EOT"/) + # THIS FILE IS MANAGED BY OBMONDO. CHANGES WILL BE LOST. + [Unit] + Description=SSSD status check timer + + [Timer] + OnBootSec=5min + OnCalendar=*-*-* 00:00:00 + Unit=sssd-status-check.service + + [Install] + WantedBy=timers.target + | EOT + + $_sssd_service_content = @("EOT"/) + # THIS FILE IS MANAGED BY OBMONDO. CHANGES WILL BE LOST. + [Unit] + Description=SSSD status check service + Wants=sssd-status-check.timer + + [Service] + Type=oneshot + ExecStart=/bin/sh -c '/opt/obmondo/bin/sssd_status_check > ${textfile_directory}/sssd.prom' + + [Install] + WantedBy=multi-user.target + | EOT + + systemd::timer { 'sssd-status-check.timer': + ensure => ensure_present($enable), + active => $enable, + enable => $enable, + noop => $noop_value, + timer_content => $_sssd_timer_content, + service_content => $_sssd_service_content, + require => [ Package['obmondo-sssd-status-check'], File["${textfile_directory}/sssd.prom"], ], @@ -193,13 +189,26 @@ if $_is_systemd { - common::services::systemd { 'sssd.service': - ensure => true, - override => true, - unit => { - 'ConditionPathExists' => '/etc/krb5.keytab', - }, - noop_value => $noop_value, + $_sssd_override_content = @("EOT"/) + # THIS FILE IS MANAGED BY OBMONDO. CHANGES WILL BE LOST. + [Unit] + ConditionPathExists=/etc/krb5.keytab + | EOT + + # Create the drop-in override for sssd + systemd::unit_file { 'sssd.service': + ensure => 'present', + content => $_sssd_override_content, + path => '/etc/systemd/system/sssd.service.d/override.conf', + noop => $noop_value, + notify => Service['sssd'], + } + + # Manage the service state + service { 'sssd': + ensure => 'running', + enable => true, + noop => $noop_value, } if $_sssd_sockets_supported { @@ -226,17 +235,30 @@ # Necessary to set other user as the unit defaults to using sssd:sssd, but # files are owned by root: # https://bugzilla.redhat.com/show_bug.cgi?id=1636002 - common::services::systemd { $_service_unit_names: - ensure => false, - enable => false, - override => true, - service => { - 'User' => 'root', - 'Group' => 'root', - }, - noop_value => $noop_value, + $_service_unit_names.each |$unit_name| { + $_root_override_content = @("EOT"/) + # THIS FILE IS MANAGED BY OBMONDO. CHANGES WILL BE LOST. + [Service] + User=root + Group=root + | EOT + + # Create the drop-in override for each service in the list + systemd::unit_file { "${unit_name}": + ensure => 'absent', # ensure => false in original maps to absent + path => "/etc/systemd/system/${unit_name}.service.d/override.conf", + content => $_root_override_content, + noop => $noop_value, + notify => Service[$unit_name], + } + + # Ensure the service state is managed accordingly + service { $unit_name: + ensure => 'stopped', + enable => false, + noop => $noop_value, + } } - } } diff --git a/modules/enableit/profile/manifests/system/dns.pp b/modules/enableit/profile/manifests/system/dns.pp index 562a6463..5fa44c3e 100644 --- a/modules/enableit/profile/manifests/system/dns.pp +++ b/modules/enableit/profile/manifests/system/dns.pp @@ -82,37 +82,40 @@ ] } - common::services::systemd { 'dnsmasq.service': - ensure => true, - enable => true, - override => true, - noop_value => $noop_value, - service => [ - { - 'Type' => 'simple', - 'ExecStartPre' => '/usr/sbin/dnsmasq --test', - 'ExecStartPost' => '', - 'ExecStop' => '', - }, - # This is required to override `ExecStart`. Debian-based distros have - # dnsmasq running as a forking server, while RHEL-based have it - # running as a foreground service -- we prefer the latter. - { - 'ExecStart' => '', - }, - { - 'ExecStart' => '/usr/sbin/dnsmasq -k', - }, + $_dnsmasq_override_content = @("EOT"/) + # THIS FILE IS MANAGED BY OBMONDO. CHANGES WILL BE LOST. + [Service] + Type=simple + # Reset and override ExecStart for foreground mode + ExecStart= + ExecStart=/usr/sbin/dnsmasq -k + ExecStartPre=/usr/sbin/dnsmasq --test + # Clear existing Post/Stop commands + ExecStartPost= + ExecStop= + | EOT + + # Create the drop-in override for dnsmasq + systemd::unit_file { 'dnsmasq.service': + ensure => 'present', + path => '/etc/systemd/system/dnsmasq.service.d/override.conf', + content => $_dnsmasq_override_content, + noop => $noop_value, + notify => Service['dnsmasq.service'], + } - ], - require => [ + # Manage the service state + service { 'dnsmasq.service': + ensure => 'running', + enable => true, + noop => $noop_value, + require => [ File['/etc/resolv.dnsmasq'], File['/etc/dnsmasq.conf'], Package['dnsmasq'], Service[$_other_resolver_services], - ] + ], } - } 'systemd-resolved': { # NOTE: migrated to profile::system::systemd diff --git a/modules/enableit/profile/manifests/system/service_oneshot.pp b/modules/enableit/profile/manifests/system/service_oneshot.pp index 3e2f3420..2b93ddfa 100644 --- a/modules/enableit/profile/manifests/system/service_oneshot.pp +++ b/modules/enableit/profile/manifests/system/service_oneshot.pp @@ -17,21 +17,35 @@ noop => $noop_value, } - common::services::systemd { "${name}.service": - ensure => ensure_service($enable), - enable => false, - unit => { - 'Description' => "${name} Service", - }, - service => { - 'Type' => 'oneshot', - 'ExecStart' => $file_path, - 'RemainAfterExit' => 'Yes', - }, - install => { - 'WantedBy' => 'multi-user.target' - }, - require => File[$file_path], - noop_value => $noop_value, + # Define the dynamic service content + $_service_content = @("EOT"/) + # THIS FILE IS MANAGED BY OBMONDO. CHANGES WILL BE LOST. + [Unit] + Description=${name} Service + + [Service] + Type=oneshot + ExecStart=${file_path} + RemainAfterExit=Yes + + [Install] + WantedBy=multi-user.target + | EOT + + # Manage the unit file on disk + systemd::unit_file { "${name}.service": + ensure => present, + content => $_service_content, + noop => $noop_value, + require => File[$file_path], + } + + # Manage the service state + # Note: enable is false per original code, state managed by ensure_service + service { "${name}.service": + ensure => ensure_service($enable), + enable => false, + noop => $noop_value, + subscribe => Systemd::Unit_file["${name}.service"], } } diff --git a/modules/enableit/profile/manifests/virtualization/vmware/openvmtools.pp b/modules/enableit/profile/manifests/virtualization/vmware/openvmtools.pp index 43de4cb2..5cdb48ef 100644 --- a/modules/enableit/profile/manifests/virtualization/vmware/openvmtools.pp +++ b/modules/enableit/profile/manifests/virtualization/vmware/openvmtools.pp @@ -1,7 +1,7 @@ # Setup openvmtools on the guest. class profile::virtualization::vmware::openvmtools ( - Boolean $ensure = $common::virtualization::vmware::openvmtools::ensure, - Boolean $autoupgrade = $common::virtualization::vmware::openvmtools::autoupgrade, + Boolean $ensure = $common::software::openvmtools::ensure, + Boolean $autoupgrade = $common::software::openvmtools::autoupgrade, ) { if $ensure { diff --git a/modules/enableit/profile/manifests/web/nginx.pp b/modules/enableit/profile/manifests/web/nginx.pp index e68a01e4..ff993966 100644 --- a/modules/enableit/profile/manifests/web/nginx.pp +++ b/modules/enableit/profile/manifests/web/nginx.pp @@ -31,12 +31,24 @@ } }]) - common::services::systemd { 'nginx.service' : - ensure => true, - override => true, - service => { - 'RuntimeDirectory' => 'nginx', - }, + # Define the Nginx override content + $_nginx_override_content = @("EOT"/) + [Service] + RuntimeDirectory=nginx + | EOT + + # Create the drop-in override for the Nginx service + systemd::unit_file { 'nginx.service': + ensure => 'present', + path => '/etc/systemd/system/nginx.service.d/override.conf', + content => $_nginx_override_content, + notify => Service['nginx'], + } + + # Ensure the Nginx service is managed and refreshed + service { 'nginx': + ensure => 'running', + enable => true, } class { '::nginx': @@ -48,7 +60,7 @@ }, http_format_log => 'custom_access_log', * => $extra_cfg_option, - notify => Common::Services::Systemd['nginx.service'], + notify => Service['nginx'], purge_passenger_repo => false, package_source => $package_source, } diff --git a/modules/enableit/profile/types/cron/hour.pp b/modules/enableit/profile/types/system/cron/hour.pp similarity index 100% rename from modules/enableit/profile/types/cron/hour.pp rename to modules/enableit/profile/types/system/cron/hour.pp diff --git a/modules/enableit/profile/types/cron/minute.pp b/modules/enableit/profile/types/system/cron/minute.pp similarity index 100% rename from modules/enableit/profile/types/cron/minute.pp rename to modules/enableit/profile/types/system/cron/minute.pp