Merge pull request #8 from fredrikt/master

merge from eduid

global/overlay/etc/cron.d/cosmos

@@ -1,4 +1,4 @@
 SHELL=/bin/sh
 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 
-*/15 * * * *   root   test -f /etc/no-automatic-cosmos || (cosmos update ; cosmos apply)
+*/15 * * * *   root   test -f /etc/no-automatic-cosmos || /usr/local/bin/run-cosmos

global/overlay/etc/puppet/cosmos-modules.conf

@@ -1,13 +1,36 @@
 #
-# name source (puppetlabs fq name or git url) upgrade (yes/no)
+# name source (puppetlabs fq name or git url) upgrade (yes/no) tag-pattern
 #
-concat puppetlabs/concat no
-stdlib puppetlabs/stdlib no
-cosmos git://github.com/leifj/puppet-cosmos.git yes
-ufw attachmentgenie/ufw no
-apt puppetlabs/apt no
-vcsrepo puppetlabs/vcsrepo no
-xinetd puppetlabs/xinetd no
-#golang elithrar/golang yes
-#python git://github.com/stankevich/puppet-python.git yes
-hiera-gpg git://github.com/SUNET/hiera-gpg.git no
+# NOTE that Git packages MUST be tagged with signatures by someone
+# in the Cosmos trust list. That is why all the URLs point to forked
+# versions in the SUNET github organization.
+#
+concat          git://github.com/SUNET/puppetlabs-concat.git yes sunet-*
+stdlib          git://github.com/SUNET/puppetlabs-stdlib.git yes sunet-*
+cosmos          git://github.com/SUNET/puppet-cosmos.git yes sunet-*
+ufw             git://github.com/SUNET/puppet-module-ufw.git yes sunet_dev-*
+apt             git://github.com/SUNET/puppetlabs-apt.git yes sunet_dev-*
+vcsrepo         git://github.com/SUNET/puppetlabs-vcsrepo.git yes sunet-*
+xinetd          git://github.com/SUNET/puppetlabs-xinetd.git yes sunet-*
+hiera-gpg       git://github.com/SUNET/hiera-gpg.git yes sunet-*
+#
+# Alternate sources you might or might not want to use:
+#concat          puppetlabs/concat no
+#stdlib          puppetlabs/stdlib no
+#ufw             attachmentgenie/ufw no
+#apt             puppetlabs/apt no
+#vcsrepo         puppetlabs/vcsrepo no
+#xinetd          puppetlabs/xinetd no
+#cosmos          git://github.com/leifj/puppet-cosmos.git yes
+#python          git://github.com/SUNET/puppet-python.git yes sunet-*
+#erlang          git://github.com/SUNET/garethr-erlang.git yes sunet-*
+#rabbitmq        git://github.com/SUNET/puppetlabs-rabbitmq.git yes sunet_dev-*
+#pound           git://github.com/SUNET/puppet-pound.git yes sunet_dev-*
+#augeas          git://github.com/SUNET/puppet-augeas.git yes sunet-*
+#bastion         git://github.com/SUNET/puppet-bastion.git yes sunet-*
+#postgresql      git://github.com/SUNET/puppetlabs-postgresql.git yes sunet_dev-*
+#munin           git://github.com/SUNET/ssm-munin.git yes sunet-*
+#nagios          git://github.com/SUNET/puppet-nagios.git yes sunet-*
+#staging         git://github.com/SUNET/puppet-staging.git yes sunet-*
+#apparmor        git://github.com/SUNET/puppet-apparmor.git yes sunet-*
+#docker          git://github.com/SUNET/garethr-docker.git yes sunet_dev-*

global/overlay/etc/puppet/hiera.yaml

@@ -1,13 +1,16 @@
 ---
-:backends: - yaml
-           - gpg
+:backends:
+  - yaml
+  - gpg
 
 :logger: console
 
-:hierarchy: - %{env}/%{location}/%{calling_module}
-            - %{env}/%{calling_module}
-            - secrets.yaml
-            - common
+:hierarchy:
+  - "%{env}/%{location}/%{calling_module}"
+  - "%{env}/%{calling_module}"
+  - local
+  - secrets.yaml
+  - common
 
 
 :yaml:

global/overlay/usr/local/bin/run-cosmos

@@ -0,0 +1,22 @@
+#!/bin/sh
+#
+# Simplify running cosmos, with serialization if flock is available.
+#
+
+set -e
+
+FLOCK=`which flock`
+
+if [ -x "$FLOCK" ]; then
+    ($FLOCK --exclusive --wait 60 9 || exit 1
+	cosmos $* update
+	cosmos $* apply
+    )9>/var/lock/run-cosmos
+else
+    cosmos $* update
+    cosmos $* apply
+fi
+
+touch /var/run/last-cosmos-ok.stamp
+
+find /var/lib/puppet/reports/ -type f -mtime +10 | xargs rm -f