Skip to content
Snippets Groups Projects
Commit ab4cf8e2 authored by Klas Arvidsson's avatar Klas Arvidsson
Browse files

Adaptions for RHEL9

parent a401cadc
No related branches found
No related tags found
2 merge requests!50Fix: Puppet Defining "data_provider": "hiera" in metadata.json is deprecated....,!40Merge from devel. Commits related to RHEL9 upgrade and pdk cleanup.
Pipeline #105329 passed
......@@ -8,6 +8,54 @@ class aes::aes_sw {
$examadm_group = $examadm_user
$examadm_home = "/home/${examadm_user}"
case fact('os.family') {
'RedHat': {
firewalld_custom_service { 'aes-server':
description => 'Authentic Examination System server',
ports => [
{ port => '23431', protocol => 'tcp' },
{ port => '23816', protocol => 'tcp' },
{ port => '23817', protocol => 'tcp' },
],
}
@firewalld_rich_rule {
default:
service => 'aes-server',
log => false;
'Accept aes-server in LiU networks without logging IPv4':
zone => 'liu',
family => 'ipv4',
action => 'accept';
'Accept aes-server in LiU networks without logging IPv6':
zone => 'liu',
family => 'ipv6',
action => 'accept';
}
}
'CentOS': {
::server_firewall::rules_file { '45-permit_aes_sw.rules':
# lint:ignore:strict_indent heredoc failing...
content => @(EOF),
service sclogin is tcp/23431
service aesmsi is tcp/23816
service aesmso is tcp/23817
policy chain INPUT is
accept service:sclogin from class:liu-nets
accept service:aesmsi from class:liu-nets
accept service:aesmso from class:liu-nets
end policy
|-EOF
# lint:endignore:strict_indent
}
}
default: {
fail("${module_name} - Not supported for family ${fact('os.family')}.")
}
}
package {
[
'enscript', # present in pars_pwd_list.py, but pars_pwd_list.py old and unused?
......@@ -147,9 +195,4 @@ class aes::aes_sw {
owner => $examadm_user,
group => $examadm_group,
}
schedule { 'everyday':
period => daily,
range => '01:00 - 04:00',
}
}
......@@ -11,14 +11,64 @@ class aes::broker {
$broker_home = "/srv/${broker_user}"
$broker_service = 'aes_broker'
# Sadly, it does not seem like we can not only install asio, so we need
# to install the Boost as a whole.
package {
[
'boost169',
'boost169-devel',
]:
ensure => installed,
case fact('os.family') {
'RedHat': {
package {
[
'boost',
'boost-devel',
]:
ensure => installed,
}
firewalld_custom_service { 'aes-broker':
description => 'Authentic Examination System server',
ports => [
{ port => '31337', protocol => 'tcp' },
],
}
@firewalld_rich_rule {
default:
service => 'aes-broker',
log => false;
'Accept aes-broker in LiU networks without logging IPv4':
zone => 'liu',
family => 'ipv4',
action => 'accept';
'Accept aes-broker in LiU networks without logging IPv6':
zone => 'liu',
family => 'ipv6',
action => 'accept';
}
}
'CentOS': {
# Sadly, it does not seem like we can not only install asio, so we need
# to install the Boost as a whole.
package {
[
'boost169',
'boost169-devel',
]:
ensure => installed,
}
::server_firewall::rules_file { '45-permit_aes_broker.rules':
# lint:ignore:strict_indent heredoc failing...
content => @(EOF),
service aesbroker is tcp/31337
policy chain INPUT is
accept service:aesbroker from class:liu-nets
end policy
|-EOF
# lint:endignore:strict_indent
}
}
default: {
fail("${module_name} - Not supported for family ${fact('os.family')}.")
}
}
# Figure out which certificate to use based on the hostname.
......
......@@ -14,18 +14,40 @@ class aes {
include aes::broker
include aes::auth
include aes::auth_keydb
include liurepo::centos_sclo_rh
package {
[
'devtoolset-7',
'gcc',
'gcc-c++',
'libaio',
'python36',
]:
ensure => installed,
require => Class['liurepo::centos_sclo_rh'],
case fact('os.family') {
'RedHat': {
# TODO: Move this to the subclass that actually require it?
package {
[
'gcc-toolset-12',
'gcc',
'gcc-c++',
'libaio',
'python3',
]:
ensure => installed,
require => Class['liurepo::centos_sclo_rh'],
}
}
'CentOS': {
include liurepo::centos_sclo_rh
# TODO: Move this to the subclass that actually require it?
package {
[
'devtoolset-7',
'gcc',
'gcc-c++',
'libaio',
'python36',
]:
ensure => installed,
require => Class['liurepo::centos_sclo_rh'],
}
}
default: {
fail("${module_name} - Not supported for family ${fact('os.family')}.")
}
}
file { '/etc/sudoers.d/aes':
......@@ -111,24 +133,4 @@ class aes {
shell => '/bin/bash',
sshkey => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCsUKr53aCwErzsdhD/5oEQ4gWW51NgXa70Ow20Fnv/pyKAepDsIMCOB6kf1aET8LOlnq8Wyu0/52GGB38mO6cUzi7MLeWj7bg1Npq7b5/Uoaquq/dginoVQDc5RuJfmoy7PwmjKep/J2OIkCs8kD4sKbqN3ArCW555hgBvlGCdHxER1x2c5wGc2iuMCcbsfonOfORIxzCoiF4igfmuA1wpFZgyjBLuHn/SOtp85pD3nR0JSiaJWcMLB7IkWzXxvbpUWhDf7/gE4mwCDkOajY8zdG+aLkAZI0J1TJUGq50zji4OouwxxPW2JhpVl1KbRPqec+pVtdQIZstgUg3YbJGl', # lint:ignore:140chars
}
::server_firewall::rules_file { '45-permit_squid.rules':
# lint:ignore:strict_indent heredoc failing...
content => @(EOF),
service squid is tcp/3128
service sclogin is tcp/23431
service aesmsi is tcp/23816
service aesmso is tcp/23817
service aesbroker is tcp/31337
policy chain INPUT is
accept service:squid from class:liu-nets
accept service:sclogin from class:liu-nets
accept service:aesmsi from class:liu-nets
accept service:aesmso from class:liu-nets
accept service:aesbroker from class:liu-nets
end policy
|-EOF
# lint:endignore:strict_indent
}
}
......@@ -5,6 +5,48 @@
#
#
class aes::squid_filter {
case fact('os.family') {
'RedHat': {
firewalld_custom_service { 'squid':
description => 'Squid proxy for filtered internet access',
ports => [
{ port => '3128', protocol => 'tcp' },
],
}
@firewalld_rich_rule {
default:
service => 'squid',
log => false;
'Accept squid in LiU networks without logging IPv4':
zone => 'liu',
family => 'ipv4',
action => 'accept';
'Accept squid in LiU networks without logging IPv6':
zone => 'liu',
family => 'ipv6',
action => 'accept';
}
}
'CentOS': {
::server_firewall::rules_file { '45-permit_squid.rules':
# lint:ignore:strict_indent heredoc failing...
content => @(EOF),
service squid is tcp/3128
policy chain INPUT is
accept service:squid from class:liu-nets
end policy
|-EOF
# lint:endignore:strict_indent
}
}
default: {
fail("${module_name} - Not supported for family ${fact('os.family')}.")
}
}
package { 'squid' :
ensure => 'present',
}
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment