From 7515782eb503152dfc3e84fee1260fb10d560df9 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Mon, 2 Sep 2013 16:01:50 +0200
Subject: [PATCH] import

---
 README                                        |  24 ++++++++
 addhost                                       |  45 +++++++++++++++
 apt/bootstrap-cosmos.sh                       |  35 ++++++++++++
 apt/cosmos_1.2-2_all.deb                      | Bin 0 -> 11724 bytes
 cosmos-rules.yaml                             |   1 +
 cosmos.conf                                   |   2 +
 default/README                                |   1 +
 fabfile/__init__.py                           |  53 ++++++++++++++++++
 fabfile/__init__.pyc                          | Bin 0 -> 2999 bytes
 global/overlay/etc/cosmos/keys/.placeholder   |   0
 global/overlay/etc/cron.d/cosmos              |   4 ++
 global/overlay/etc/puppet/cosmos-modules.conf |  11 ++++
 global/overlay/etc/puppet/cosmos-rules.yaml   |   2 +
 global/overlay/etc/puppet/cosmos_enc.py       |  24 ++++++++
 global/overlay/etc/puppet/hiera.yaml          |   0
 .../etc/puppet/manifests/cosmos-site.pp       |  52 +++++++++++++++++
 global/overlay/etc/puppet/puppet.conf         |  14 +++++
 global/post-tasks.d/010fix-ssh-perms          |  23 ++++++++
 global/post-tasks.d/015cosmos-trust           |  16 ++++++
 global/post-tasks.d/020reports                |   4 ++
 global/post-tasks.d/030puppet                 |  13 +++++
 global/post-tasks.d/099autoremove             |   4 ++
 global/post-tasks.d/999reboot                 |   3 +
 global/pre-tasks.d/020common-tools            |  16 ++++++
 global/pre-tasks.d/030puppet                  |  35 ++++++++++++
 25 files changed, 382 insertions(+)
 create mode 100644 README
 create mode 100755 addhost
 create mode 100755 apt/bootstrap-cosmos.sh
 create mode 100644 apt/cosmos_1.2-2_all.deb
 create mode 120000 cosmos-rules.yaml
 create mode 100644 cosmos.conf
 create mode 120000 default/README
 create mode 100644 fabfile/__init__.py
 create mode 100644 fabfile/__init__.pyc
 create mode 100644 global/overlay/etc/cosmos/keys/.placeholder
 create mode 100644 global/overlay/etc/cron.d/cosmos
 create mode 100644 global/overlay/etc/puppet/cosmos-modules.conf
 create mode 100644 global/overlay/etc/puppet/cosmos-rules.yaml
 create mode 100755 global/overlay/etc/puppet/cosmos_enc.py
 create mode 100644 global/overlay/etc/puppet/hiera.yaml
 create mode 100644 global/overlay/etc/puppet/manifests/cosmos-site.pp
 create mode 100644 global/overlay/etc/puppet/puppet.conf
 create mode 100755 global/post-tasks.d/010fix-ssh-perms
 create mode 100755 global/post-tasks.d/015cosmos-trust
 create mode 100755 global/post-tasks.d/020reports
 create mode 100755 global/post-tasks.d/030puppet
 create mode 100755 global/post-tasks.d/099autoremove
 create mode 100755 global/post-tasks.d/999reboot
 create mode 100755 global/pre-tasks.d/020common-tools
 create mode 100755 global/pre-tasks.d/030puppet

diff --git a/README b/README
new file mode 100644
index 0000000..d7ab52d
--- /dev/null
+++ b/README
@@ -0,0 +1,24 @@
+
+Initial setup:
+ 
+  git clone git://github.com/leifj/multiverse.git myproj-cosmos
+  cd myproj-cosmos
+
+  - rename the github upstream
+  
+    git remote rename origin github
+
+  - add a new upstream & ro branch
+
+    git remote add origin git@//yourhost/myproj-cosmos.git
+    git remote add ro git://yourhost/myproj-cosmos.git
+ 
+  - add stuff...
+
+    make bump
+
+To add a new host:
+
+  - Make sure you have root access using an SSH key
+  - ./addhost <fqdn>
+
diff --git a/addhost b/addhost
new file mode 100755
index 0000000..7099020
--- /dev/null
+++ b/addhost
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+cmd_hostname=""
+cmd_do_bootstrap="no"
+
+set -- $(getopt b?h? "$@")
+
+while [ $# -gt 0 ]; do
+   case "$1" in
+      (-h) echo "Usage: $0 [-h] [-b] [--] [<host>]"; exit 0;;
+      (-b) cmd_do_bootstrap="yes" ;;
+      (--) shift; break;;
+      (-*) echo "Unknown option $1\nUsage: $0 [-b] [-h] [--] <host>"; exit 1;;
+      (*) break;;
+   esac
+   shift
+done
+
+if [ ! -z "$1" -a -z "$cmd_hostname" ]; then 
+   cmd_hostname="$1"
+fi
+
+if test -z "$cmd_hostname"; then
+    echo "Usage: $0 [-h] [-b] [--] <host>"
+    exit 1
+fi
+
+test -f cosmos.conf && . ./cosmos.conf
+
+defrepo=`git remote -v | grep ${remote:="ro"} | grep fetch | awk '{print $2}'`
+rrepo=${repo:="$defrepo"}
+
+if [ ! -d $cmd_hostname ]; then
+   cp -pr default $cmd_hostname
+   git add $cmd_hostname
+   git commit -m "$cmd_hostname added" $cmd_hostname
+   ./bump-tag
+fi
+
+if [ "$cmd_do_bootstrap" = "yes" ]; then
+   scp apt/cosmos_1.2-2_all.deb apt/bootstrap-cosmos.sh root@$cmd_hostname:
+   ssh root@$cmd_hostname ./bootstrap-cosmos.sh $cmd_hostname $rrepo
+   ssh root@$cmd_hostname cosmos update 
+   ssh root@$cmd_hostname cosmos apply
+fi
diff --git a/apt/bootstrap-cosmos.sh b/apt/bootstrap-cosmos.sh
new file mode 100755
index 0000000..1e8b751
--- /dev/null
+++ b/apt/bootstrap-cosmos.sh
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+set -e
+
+cmd_hostname="$1"
+if test -z "$cmd_hostname"; then
+    echo "Usage: $0 HOSTNAME REPO"
+    exit 1
+fi
+
+cmd_repo="$2"
+if test -z "$cmd_repo"; then
+   echo "Usage $0 HOSTNAME REPO"
+   exit 2
+fi
+
+set -x
+
+apt-get -y install rsync git-core
+dpkg -i cosmos_1.2-2_all.deb
+
+if ! test -d /var/cache/cosmos/repo; then
+    cosmos clone "$cmd_repo"
+fi
+
+hostname $cmd_hostname
+
+perl -pi -e "s,#COSMOS_REPO_MODELS=.*,COSMOS_REPO_MODELS=\"\\\$COSMOS_REPO/global/:\\\$COSMOS_REPO/$cmd_hostname/\"," /etc/cosmos/cosmos.conf
+perl -pi -e 's,#COSMOS_UPDATE_VERIFY_GIT_TAG_PATTERN=.*,COSMOS_UPDATE_VERIFY_GIT_TAG_PATTERN="eduid-cosmos*",' /etc/cosmos/cosmos.conf
+
+COSMOS_BASE=/var/cache/cosmos /var/cache/cosmos/repo/global/pre-tasks.d/010cosmos-trust
+
+(date; nohup cosmos -v update && nohup cosmos -v apply; date) > /var/log/cosmos.log 2>&1
+
+exit 0
diff --git a/apt/cosmos_1.2-2_all.deb b/apt/cosmos_1.2-2_all.deb
new file mode 100644
index 0000000000000000000000000000000000000000..9fe44341db2cea253a51baf6cada57e99a7e9a16
GIT binary patch
literal 11724
zcmaiabxa-5vnK9N@uJ1u?c(n4?(XgvC{o<r-JRl2aW7Wfio5&0+uy#oFZ<7CCns|x
znR7D9e3Nf-hFrkZ&D=%^$->gi*3^l~%+|@&&6kXfjE#evlbwx&mz$G}jP>9C|7bQ=
zR&LIJXaB~3iwP1tGb@t0vy+FLvjek-sT;Gk-~Zp9kDcd#>`7w~ApRpz(3k1P&Kukq
z1NXJcq7S}pGODGF=J>dbkX?{l(H6jbx;t9;B#DsHjn0!uQYxy;<Ueau$;HsXV5ZO>
z!1nF0#k%_zYj|n;(Ie}>d+sDDp<k$&*-RG$Mi_!3{;VN4K8x~(&F22xqw56fgXMIO
zf1?eqU1i<RP2FjL5RcIBlx5fsNh>~t0nXt)m`n~yt$po6@5H%0UVkW>nYARnuKv!#
zB${3q$DVXu#IcJ15O&e`aP$Kd7SzID27V1ZuZX$^_vGm4uLfm&^8WgE#jjFhe^0Jg
z<?03b4Q0|f={{1_N}J4ahlQgK@#Ns4KY3-4r;_-|JjYNP&#FD_Y$mbSbCe$&P2Xb7
z*2rVceq)$dx*6GY^XOHO<&LUH;Oe4`<G_ru3*dzzPTFewtfbIVi6_p9-HSL*8W1cb
zE<8Os&KU9+i5~%dx%G6QgckwOp($aef&hZ*L{B6q*x}r0*p}{xMzL`nE-_g^P|{yj
z)^qovMF1YGo-Fn)uBb|fOj5tX&2N7fyH@-|9%A9K9EH}auNLXV;vwMj*Q9kD<{WK-
z33Gnd%g*gaU8cd0sKl4cKfwzw_XnbI;fWHb01{s8ruS{o14SP^bZtw^FK{jBIr=s5
zy5Hb)tj8?j448BVj!|*o4qJ+~S5@7VnVHH&8?+T=g+;<2Q9HOBMQO+3ERo}^HpNMD
z5U111Jr9LoC|gmCI=5220ql`!Yi;9f-|qwkeoifWuCV@LU09O9QnQuS)OAiBT7adZ
zS52i^0``3z_-zG^2Xku3XsPR_W@~Zb67u5dIU}%SckvbldHM$39=Wlrxb1q%5+vy?
zN!S}U<HH`dCdJZCE8`~u*jne;yaFNPFo!Lo)u`#piesO+Q#ItwvFbFUGZgG5l(L!+
z2D7~InhB9q#5DNfG)+Z`3}fPss<nEGRW!hy82xgK37dMlDHGqp)!@bZvGb`%;Dai7
zj92j)Of^m(5X1o>627Hpxe?GCp=JcMDcvk-*FwD<oIf@*dy_d|A^vc^Kx+x<y!3I{
zQwlaG>dsR78eh*Y;7NBxTub;P52-dEi@9+Fy@pM0#&B6R%Py%&NPt{|^s1{hMA}k5
zz~c7lNa^`<`y)t$V)}U2?5h+h3Gs(DVh@V4{E|1;JtAoaUs}JH!|`I=+|n@>R+I!q
zk__elHQnOe^E`%K7(viNKp<I|dYJwXu>Ya<|CbxsSh-pMD?gYZ{a@HNgg3yRcphWE
zMcbI0tg@HDq$(AGu$9BBQj@@#N@kR$oETMvQhN}%Aoh2z{4?vueX)Of8nva)cw9wO
zX)U>+-UPC?O2L3a@*~;a0v_M1ns^`0<UCs)y&qjp69MYicJh75_z=TSXk^NT7p?;!
zjdus!cW;Sv2i$3B^1l;MbJj$ZYTCOX4Nuc1F9pyVTV8|9CgSC7BsPJWpjQF-BJ2|I
z*<$|>4F(ymXVMa2UrI^v0`TX#F(pk}SYGD)$fL9K+%(u&1q?;<7WXa5wptVn6(YDJ
z0Tv6H-$prLdjoH%M?P)(WF^<6H|r3yI;*9LO;D<#uB>gqVc)z!F^ZLwrRlJ!DN<H0
zmnJVmTEwJIE@ehjP<^Q%7-&HJB5GpCE}9an9)_GQX2*tE|BF_PQQe+aw?|9dgdH`4
zVZ<PL=u4?idLq<#u(V!TW+7`_>HsH9nToju)Z4HyCDJ`jDoprP6RTs70rgO*1%+4@
zHS5<Ul!D5#F#MQE3lm7;anZ1N=;;I)57)R@jV`k=l%9%4%22iM{cQe$IQ)KX__C0M
zd9J7yIYTlyj8@P-ii3YU%3Dhf!<kqd3-MFvFiq*Ipz4yKLJI>Y*gL<*(6BOL6lggi
z(+2nGc!*fc%~#4yb5O#?JfWaJqeR8J!uoQlVf9cYBV;El6eUkVn9frpY1^qmoCk|E
zI(K+0s|+nNkkOK{!`&pj!b(KENJ*Fk742ox;2sf>5bP4;{3VDFmkf^#mwH(@)q#P`
zq7ZpSALoX&g-1|PuyM&UP;BRet5iqjO^IQn%a?%o8I7QewTnC^QP{6h&mjU0zZeDc
z6XP!v4!H><8KinLp}qntzDJ53Cp{iB4<Fx}Qt{GyQfe4Og>7Xgi5Fvf_PohgsE<UN
z4)o};<uEL5j7%J7j2KBw`rmnuBi1cC6gN=j`hzqMg*doySeX+Ld(7O7_dd}B*t$pc
z^(TA*#pFxD4)nD9#Dth%3E3JGoICI^h=}Bs$M$uOSV_r~lgXfK*I-j*Qz@ySQPq;=
zc%{u6>3=GStI;uM)*JOn(?Cw;;v;R}sW^ra;x*~8lQC-KHMjB?++>FAsgjQZrTnB|
zq#6y2Ol(2I<L0_Ysj?On7WFNea(gOz^I3ZqX!(u0WlSLkC43|?B~&<L5&fq>BHtsz
zN1N6d#n4)xU6;?#ibo(a7ZNksG~0}by4D}<%ra(D$;`9ZPGk0j3*dhah3GY)eYC@m
z_922ckbO`<94~Xb!r#G~!$9c9@@x}C)Z!!jny<0gUnJF-rFK!55D6oLpanu!=&&uY
zm`+Cdd0C{%vHrq9z^}1aV?DtLB5xOw2YHQ-6p0Q*zGzK0y|lPEC_s%9>G17;(aF;*
z2_k*p3ky{c6UV-Rl6GW2v1%0M<UYtumf^0hZT1qGxMw&vk|pF3G2V!ja8MjhiDz0*
zg$8e6io3E(AS@{l>=^Kd@_85mZrVLZP&hJ;=|J8kx5kuI5>Y^5(0zFPQ~Ara$^UlY
zKfV}yemH}xeCWmE#1j)R%BS7(!9o_%P*?|)q7dq;CV9vJIRSj?LQ)7mdX?vQJP4Jn
zS5ob&zjR;}aKB)|Ef~o5dGBkIO#QcD3R0yL+`sv@GdK}42!sO@d|2OrS!%)J;@{%(
zPH^hW1{+5;cug)+GCm5^6AbT&*a*I!9S~`B#)VS<o!c!GS=P+kLUO29w&+lBRZzgP
zTY~#rWU_J!X8iE}n`E+{azM9i21dLHKU@I^2o?OFC;IJP5=<;jY)E%*$mZ~$n@vWR
zXRI8sWm@RfPg45Y&S{7Hg1<+&$l!E;8TGLgHP+3~SIyhQWFy~(799Tk2Ju`5G|8oW
z@}D^ILc>qNRHwU29RBV6d@})0m%8C_W2BV|=S088p*l;8Fn=vqxI`z1Il8x-Dud*g
z#P-^JwrgfN&6|#66KQKZ-NCz2DzNbj!vZCm{-8gx0-Kd4A0h>6@YViEqznYipN9eG
z<$ewSpAaJL1o1%e5Mx33+*}dNkF~RF2a`;lcA|4a*DDucA;1=e5h{^$f;*Kbac2MJ
z*fLEw4U_%V-7|^Don8<&lHxNEaCe!P`C5<#&iaoMw)(`wy^?3K-kf5FKvmDm>&Vq#
zEd5(?*~P7KQ<PSSRKaQIT{Bzxw-6>vE!H)ZRUNJaUmDT~lb(!G=!KZH8k}dO?aE14
z7)b?D`aQ1wYV5${d}oAk+>)03x802oU&zSM)!w*s_OJ5r;wisTnoXMugUHdxKVvdo
zM}ARK=!Gwry&A87k3So(^=s5U>Z-kgG$?tTpO7^wdpxCa4{248NI=qo$a_?$f5A{K
z^kJ)_)B#g}co*LmXxIzIK&tS80NMNfy@_k!k^f)}1qA#Gij<Pja)7`;YJS#-h-fab
zfx@qT@gN!)fHH?+l^Vzx2KuXm8!{8I3HO~hz%v}5pmRzO4A%bw>AwrQz<46n&ZW+p
zTm27TpTSe_@A<DgA<wJS9|>FFgA)^WFo2hz?H=ek3pQb8Ll__%=m)~e%)L_A2>WsS
z&vhj*-`d&>5nBcPy(*}N`FI%+%10B~3j7{u*qCp@zPZIf&4$Jw`fK<vWfi-}x9G%*
zfpEl=2UZot6L`o#HXmmE);>TC6+I19tvU@#oy?`&Y6kz%sgCt8iDnJB^mND|%qxDm
zFY7Xv#A7XRl7}#Q^4Ua$c_z*9kyCA<ohauW2`SwC4Ji5+ag{nPwonhVWFznP=2_59
z<d{QTnW!z8CxI^w008Q98gQ1MY#hMP+k+0iyo4=327Y~cntm-f8w4_Lx<FA7>{5oD
zqHRp2im*a-?;@yuw;jb5$;1_q864<nHYbSV@V*IdBUTx-NEQQO46gvityty|j1&0~
zD>^6)D5*R?QE{F^MRPFlAQVqppb;3C)_vmhlTlbHGN`c109*qGmJhabDwx^Jay%hJ
zew{z8UaM(YD{KZNWJy225Jdt^2#6`T$Rk2=7aZY6c<sc()p<D~$#l8)H&1@RB25IN
zK+z$xe%UL4LJ%pZtX=jnzf80h6}gX~uyIGg=d|nkqF;ekhxCUNhA6Zi<+Svo2ubD}
z4Cg2;WSfybZ8<dBIHW+N-JX~LnaHKzA1THSiWBJ#21tT$eYU?buPo!2+^F2xNiy6G
zCj~T8kmezfPRbQ5;3#Q~sqSQp%k51devs=Cl(i(2Vf&q<C<qcpr%r{?E)Ni5hggY)
zR9a#c<~E}$B&tI2roxOP(L$+5m2%?$g_NgM3vOIOpz|nBsiee@6t`~Xw&A9q9>ZqD
zfZT<78R@7HkqY55+w^<Gf$=f%{Zotv|6O~6EKtlLhS5+E*$#&s%8Mxinq8!Fz(b?h
z;D$I<^N$L|qy!dHONhM3nIts@MlhqO)#fN|9u$sVr&M|9(03{oE7*F>(@WYeifk@~
z>aJVl@xt2qOXLEE2dEJAT2-e3A~V_e8caZ0G|RV)5D?@%-K8+=Gza@{9)VwmtHgXN
zD~$#6T^glkT&-UQ2?rYU<HsbU^l%*6emhBW#;4F_!LdgiWvSsRJUJ~)E@-QAosIL>
z1bgVVLn!hY)G+3~6jp^tlsQSkAgvZ?ht9wr<^52xJu%<8amK7tfe0C*N6`~EOI)zd
zwb?KRV#JUD?!M@kLIlDe($+1cBFEByQ?eCrN|pSy(0&tyR*#|0k}HuSENhomCo56?
z2Ex)Nzut=mjfTF2nyW%mn}=$l1)><i;WGFo`ysgu6#>X;PFdK}G$7UaOE4RM{qZPp
z053q?uR%iu47~#3rKOKPz!{7EB0p|u5AP))>LtMOPx0mN;PCkPSa8BCXxImgf4yTI
z4;~J0+O59Wj^S`ntdy%YK42B6E{O2C7Q8hc?W!j<4`xue#&1mz{*-26Iaym@8E_n#
zhQJAbeMUijVltc=Tm(Z0LJf6_Y||s=NTNti(TdNyg>v;&J-BD@{ROVIfJE%dIIA%p
z8m1>v+i>u{Q>&Y-!zo5G^d|iHc{Av#Xo(s+3134w{2Q$e!DGBS(&)wHQWIqY0^g<m
zj1ep2k;&sMj9{N$9GCB|x=pv84dEmB8_B_qqXH%TxF$6|RaFDN2xP9`=_B1&PJZ3A
z_*A)$DxK7ARy1-#pG-($p&FH%i;(g$0tW&cCL5eoG{xrXu>kVOZNb1^Xh?{8X$N`1
zkHeiNwpk31-6!Xl*qbJ4A5@||69^>~579-Ry+)$q@og1DjEUMwE(BSH0`$ivO1&Ra
z#$2`XJG$br%VU}`@EnLq!S;uQy$#<fPAtD+VBy;ZhY~VAq*2&7Kv+bD5kQo#nN7gN
z8I0db%*ki!eT!feliSsvPq9TZU`zU?X?N%*LZ&AN&1Q(oYNG;dFT;$bSPI7e%LIV}
zp++ylq)U%2TVyFd=grO*A}$6g*M$;{%ET@|S#NDyL&SyWLQBrcUs@iuUc|yxKAg9L
z{&uITndBXGO(LA)WamU?Us@#Bb{tqq`a9UpQ4Hgr7KfYq=Hyp9_j-`FuF+>XKT$~#
zw&(_}$l5^Hya@3D*4H=0!~{G-Mwf`Qc+-426b1PXTFk8c4!FemPU2;LJYo+-BKWE@
zXqev?C%#J77e#!Cw2C1#VsWRrU3TkR@O~(CkxxvQy%NmaOHA@L%2HuT8)&$&<)npB
zp9L<tq8Yf=lG3;#q~%aObX@Fz`DA}j77fB~F`M8(YdPT`!77>!&=vilN!&8Kxj7Y#
zO+;Te{Nab1Cw&|d4hbx329Rl}n5#A77nVu1<8?L2QklwU6y}8FmXv-)z}L7Im(n@6
zD;ueXi4Kn7*(JuJwHGaNrBWVMUvhb_)q^91l1<TzTEf+xWRKfUkfkq5Adv=X3{aUw
zlW>o(A}~61cuK+vHoNQ+$YWrTxghm$q&AuxNTk(+eIFW@n?ZO8zVZL47u3-^X$#1D
z1w8!*7H$SL1ZZO5;(W1ad`tPGsmGK`#}W1kw!|rdctXL??#iXN!O=^@gx7EHt%?m2
znss2V8!lCWU2X!|zw9U`fNk7|cH+Qjhx=f_U3e_`zeyb!`B<1fs<{H)>Us5G-_?WW
zD+BZzy&1jYI^fS(UYwUlYMngkdwdBXZLIvBNC)aLcFQ(NDu})Dcf^#X7}JpEO%N%<
z*nC;Aed#!d==HG5)E9QXdiNjUzEV$Nc0&?+(G;nKd=JMAbzCy0E~zIrYA|<@^Ji($
zNQ9gad!I4E2%CP>m`O+~DJZ@Sr7)X0VQuvgy~!@(O*k(Jut3+M$7woqqtmCNA`~rF
zaHIk{Vbcy!4I2@u<;>I~fb8yOR-AvnkQrHEz?Sg!rT<W{5+5vl4I5nG0xn1#`!8a{
z@d7sP17D{&GeYUquSA#P+<}7Hf5Bfbi<1^ed<iKTe8VJNj+^gnW*K?t3;G;&%KDuN
z?x%1yeAL7iIJgJ0faEoj=Ya2v6&K(yynO7>!hv+3$iBPQTxZ4u?L40#^J^RDxj(?z
z&$0g~ZLarg=Z%d@8JKjOQB@Nq0i!GdQg;Su$KipxSXK%RoDze;kM`<lGsA^<8c#HO
z1=7Uo3w7?9v|02=#HNM^ro|K~7y|us;}EbO*T|>;`HRnc0?l7!g7=2EhlX^h&A%Y`
zhdJ-R0JgUVr_UH!%;$n4;1{gu1u))xzZ2EV;RDOxqQ`%M11^3;zm1D;OeqZ#`UH}J
zkmrn42*GhQB0E4Ifg{kEo$Mv`inOr(ikgDpd<}PhlCtUqOh%M+!uyg_z-b1ge*||>
z8?T59o#>tXyJUXDVr>h%Q?2e3dv%tV*b?u%Qt>uy9Ud{eJL)M17oVr{!&aB{-C3)!
zu8xBjUD1qPzdhhd*QnrU)9uYM&+4jkUlC~LRKU%CtEZ#}S&Iu)Wns2^mCbD!p1{p=
z*uV`Oq~jO%^EhLQPunRVJbWua_F=flPP_#)qdP>!tnnP0y7V3%U&){e336GX@_hj|
z9cC($c)y&Re}1_%*k&@|sM`VA2Mtd@=}0(U7<_L!6&`+hj*Y$`AS6*0JRpVhrw4$D
zb1$;4`<IhFL~~RmD6-U`LFD~})QgpDY#~bZDkqIHwzL|P;g<V2zc!a{L=y(z;O9LL
z25Uj!-UH#y)kT^=&m6iCX|cc}6<XF2pb$3rXV)#zQUP3*&NmaWwashepI4VI2nb+U
zqSvcuwxP}Us@(aUIwH{RS+4VILjQ?$$|o7%t}Bjq4(yXRI=V&&?~tDT*=!HFnyc{U
zO_KX!>0Gnm47!$fy6Wxaow=G5FJW0d<#wbWT%>lA?`H#A$65tDi=HPtexLI-{KM79
zyUlJtd@_Br<`mVIju%$!<gCOLbp?7F{F5R5gqN$E^l;_4yV+w;RL_~)RAbx*Zj!E#
z0qg|qdioqXOl?HR#~eN29U9k<tpN(}2LQb*W~$#xtOe!W@`!ynZpEgMJ@pKyP24$a
z*mcd>l^^oEnzq{c1SK7vxj@VI?hvn6x5IIg&c*`zVtw!Tro;P1Q;a$L)+B;PSQK6b
zmweX4gtwCep2*YnoihTzAJ+y;oXh;t@*i}LU;bJ==`1LvwJiA$r)ed1>#kK4zl~l8
zzO^zPI~=dXuhH!52vt#G_g<_s=DPK*j@EM&8wVA1I#1;czdKgYkh=DAAO4>ClT0kS
zjV>8=+>aj3O6s;&VRIQV1j>{0dUiwZm_;VZ@YZd+JMoo!?UhW45hSfol?uNW7LUyn
zZyndOc9b10$T0wxrR+0=OqC68r94}X)fy6Qn)2Bj>deVY8l`uHSFDN3I;h2YDS3W&
z!EKIi{_*t1GkX@;E)(2!2aNgNhDjT9-PL&)i*DFXpqCS`V+i%V($k2spO0smGgzWc
zbpSm;j&tosum1a2p!{}Q$M4+a?>U|iU2O7y47<#qCc@{;;lSDLAS2UF%rja(n@@o|
zHTeu<JELBown28h_FtlpTgQ_}Z^W*=gG!4+7juYhitA&CSW|&p@o?(cE7lvFI+BhJ
z*k1OR>7#Rfb;p7}`ePeM>T2!0Mu$5rv5LC+tSutH&32PP{t@bPPN|#vKhL~O7f!nu
z4+BZEDjKHkgpOY$WbydZbvh^WpGjNpwjVWC{?-zEt)@RDf7So<-g+pOzodyJ=-Avb
zGUHzp5I&R6gb>tud7ik%Ru?%t+33K2nyqZ)ozbP3!;+nfow#)5W<OWar0S23<|=>o
zbbqI$=-7YHc>9Q6d%y44^7+ol893*>!5_qtcHK==qg1oG0MMB_H);o!2fh_{mhd;?
z;>?h?Y`JN*6TQOYCdWK?^bk2L+c@PHKlY0H1E>FR-xjV=&y*o}Pdg7I${jOho23o3
ztpUo<8(yg%7qv?D9eR&B2QSxt;Cau{Tjp)MMRNcdt2i8FXOM?0{1ccaZFt`mDuT}a
z@@O%iHUk}&&7Pi&vp03K+72#ihNuFA&UpEDTYK$lr>{gVYw`(#MsO{xbk;ZCm6D0#
z`kZ@OMz#sKFUyxb4&o6=a$Jfx4n|#n^5n_^Tf51~T=atiti<~)&pQutF4pjI{oH=-
zGv#~+iV?T1Z@rMS?&ZA2d1nhMUtfGKK3?-&J<Is}0=Ir0$1HItKOTwhr|Ad8dlRia
z4md1~e(NUMX+o9D6)rlx*v3BRB>GXOpQfXp*w4sU;Q7ttxCAw-`5G6@=cqLI`1+jQ
zx3=uE{-G6eJUY#A;adWRwuf)f=8}*{PttE+?ziFgS8Na#G|(lwv*aP1dD!9PV}6OO
zd`K7mh0=$+)$}J$ZmXBg$4V7ksCr&OYMaVw1z|r5^RyZSsUI{`h_oVPyLzPf_D%C_
z<nr<8Yujf~h+_6~QLbpiI}H`X*^4sj&Wf{l%e8>r=+RE)R$E|$o_6ms-!V9KSxvBL
zfDb4qW7ia5&^%S*-t;rSPGOqPEB?*6`*M(uAcv^$p;Jw`Wg}+7>9O<Y>U+iKILnb9
zxYOAOI&Cp8>e%=}r~i(jy*2rLr;~|3+vz}fl-@_b5<JqFWF#5|T)`mLvuiW^v-u5R
zID52d<k=0|zO6Dy7%9~f;p1?{9OZxkC~17!rdy4~HCjtO4LX~wJ$y9wugmN?JeghV
z*A;whpqh*xfmKW|$SJ!>>fB$BKe}9B`rz|!IxP1$JtpLnO(&`KESY-Uk8vd$C)se$
zG%Vg^9GZKSx!5f9k(96to1Ug`^mGW_y_MZbZCF|%`6#9)zK-=<H+Am*5JleMQz&p~
zc)46zw>te<;c{Ew-rtqR6sVH2aj>g50$uB4^mh)Paiy)aFKd2tdt#8^5x^za@jbA2
zVPWIU{glspc8t=Ih^J8Glk@(ic)lQC$=Uu?z}|!?#+<_#`#8m~H*dA4_mbYTmxQG}
zAHn2bRdW-!D|@qW37JiBk8AyO0=Uy<0DoV_KKokF#}{Ae+g~?z&+*u1Y@7bmaw@lK
z%{j>6Hl|X&MN8>XP{1faU6`R>>-t65{1$AO4Y*X40Naj<&qk2s@g~``1wD7xhdTnC
zatOD2tO}~2v9ozdJYD<X+-*n?iJJI?G7OI^`4`QO%KTgES6X#kS$-Mod)KT+q_iIk
z=Y2}oB(>C~5*sKhuVS^QD!zX)Q*Dvv46M62>demZlyA#iW=#-hMqJz6UeKdI>pXs6
z-4>6IZ0%UDTrMg%d_na>N>E6CZ$Vcmu<!HK+)U)b{!KEilk9IB)kXc<3MyMR0-|jD
zpRMAcGN+H{Z%&<(yU}evZqoaK-=rcxwEgP3lNKM2yP=VkoUXY8qz1a#sA}{D?F1&o
z_ohj;t+T8=GiY#ghyDnPK7P%G?GTU5xNJj3?Wy$>2%_ex*RHc{Q08~w749tjOp`U0
z*dUFM=jUnMISEUKmfShg5At*{xO&P)j~?+-Z!vy|>CV{N8|WqCxR(-|?sxGY917&y
zx^2iOMo_?0>K5p(n5n&YNbq$B7=74rrV*bI2~}B{G`+47WQe2b8fS0sx{mj<CU9Vf
zK6SMH$Y(b_icNAqeht?hV@4oL0MJ-pV2-&>ysQ8=K3R^=mGX6boMg4$7aD;3IBg6;
zfZMGoZLXE}n)YF<KU+pmod+Y4xXQvy7dO>hy$yZ#>1*df35ewB!udK&*E4Rbxy87A
zBYe$^#O7eUjlf@B!rX%GcIh7coHyCcy0gP2ur*G`fH%r)qUOECdx`hhP-gGu%O3tO
zTMp^JA0pqZ4bSrUIchaa8Vu_<s{>gZr&5Ln1pZOW@B2&4EYr+i8x|fw-}Y9qBl76(
zYTbP_M$d)`p3z8|AM|&M(=~r}2*Ez~wC6kYGj!S?*#A@$yE!LeF@DMmkVzKTebCvk
zuu`*=D}Nsu>N-;1dF}Om+PFF)jTGLwdzyCc?smVT(boZlStrEyoAWj0Xj*MQxlB$b
z+;3WL8Wz1*@vJT~TPWml@6YyCZ4#L8A4g5}e0@T9G(5VJIk@Z$unl$Wo@qEp(0RCD
zV|jhcsF<kf->?zBiUlu{b6jRq(siM&37bn~>;&OsX>vMOSe!M64#*UgR{$jI<B}ry
z!ylioTxU)}F@DA6_2ML7>lcI@bv%0=?Yphr;o<`I5<TbNbsi`i9+=;q>w88h1h|E`
zh2QRTGW!Av(ejeKbp5m!yS?`}TuWw+<&{|YULqEckA(!YS^jX|>$!PtQqA6bQ_1cy
z?<~x$f4(E%6Sd|oG%236xf;nEItOt8_m(V~t_<D29uk}MTUZsO8Ro1C;0Rf7m2XjH
zSskn^qXoIxncm>vX1=`Cb;?tjXEWh>eO~HZ-wqKd+i#XQ#m!zn)s#Bg4EM?-k4FIP
z!z7H20G+2>kvT*&3J2~#w!>GauedqREj|mkbLYS7K2KZe&Jvl{KW+C>T9RtHuN-;S
z;o$^&U%jPyZKX09*<&4D`*N=hT`%7lRej@`-r6XW_)X?5|5Vyr((JCO>&=3U9+(zX
zdWp7oxKke?Ew~s<vakv`k7N*TI(J6OJMj8&`D8#IDyYr)1#+(W#kDxH^O`Ntkapi8
z+>FzY(5*z&*OtSonM&SWx3%1FwW0TUW>k4_HQG!KY-R~ECE}cOQ&+w|DeCS&+cK#+
z80y%#S8w3mabC^gasm3i9pv<1dj)s}iD$qQ!Bw>F9lCztu5I}*&k0#<o(FmEaNf#i
zEm%1yMdGX?_0KBh9cC{Wwc0L7oqe#4?I~aN2Q^z3TQEL@luYMZot2GWIi4pkoaaaa
z_1|yi?7um4`v~0RkRCbsn!U2<gQFe*A=M+`b23gtFdq^=*!d@=Fh0>L?D-J;#i!d~
zkb(N%cEhueuSa))0V}wXEIv>hH`*l`0)4{nM-k!hQ(+_7BC2`^;XN8^3?jm9q<@8t
zbm~vNcELaClKy#<mrd+v4XjtpRe$l@5Xj+7eC$anj3OA=Jfro*X)}FD3)n$r9cp6Z
zvQflLQ~iGts~tXuhlMQ1`cnj3z%5;$!W*-2a4Y*f)z2r(H;7wCAX7Y-*AM1|#)!TW
z^;HzZJ66i$*Z}vvkZwMu68P1u#h#iB*lo4Oev8pH;>f(bhPm@s_4jr3O(kyqzrC_P
z6)%b}0^JZTbgM0^M#85q%tAh=(R(ychd+H~vv_pW!JgR9bwS@_-0*a0owDORlFO9a
z6b-vQo|gOAS$xs8!D%^pO(s1lhj%;Zykq?BWcsuvUMMV0IHa=)+%Y;vEE(B3n#TiZ
zEh9|(?{{Y;Sr)<@XI8Vdc&{z%^#s1_;hgQ8t;In(JdS7)3NpZj2NO5b?8A>EM8}^S
zI=QBKS5bIEr+#;MAqgW~%Ojb#>O{E#haXO=F5NJZ-NKG`?sPU~B?mW(N*a1o;!FTO
zlvV)&zs+jooK22JUjM*0REO<W``%3z8f0{R;io;)<li&VJT1|qD{m}uK-l_^u?ui8
z$oS|T_;^nGap2xx3OfBHg@R1@SEeuaUy+anJqCdH07wegU~Hs|e;-xaEFkQp-sOJ&
zAg+(6(aqK4Ap2x2Rx;aTuZnNvcks8;b&e#PJsZF?2Zs-df<dh?aE-A2M7+Z5vR}_~
z2_Xx~GH;@uzx)*AaZ;H6cdwX@XCli3Zo9MlPpgt_8pBhzt|-<DXQ!bbE65~QU27KN
zqoG#>&r(aB8XW%P^|F{u@5&^tKj$qEu2~8i<UQ!7H?lJTUNhb8y<#LnfG&^e?7^e8
z9<&*4PW;tV9lhV>kkA~249q4OL1+mc4U5IA35(G1yV!GnovpbYAm91qLvic4Cfgeq
zmEq06^MqSCj2E8s1l{GiKj1vWC-dr!m#_-t--a75%3I#uK|AKE6_)SVMwhn^ba}Y0
zR0gB>E&-{_j6IgSszf7&C-oNtfAj(c#Jf=Y_^%90mW3i0S4Nsi^Dw-w`4_xwMP<L=
zd-m#)>brFKmpGnh6BFe=`XAK;dT@DWtc1V5xh$+Y0}X?Enx;ClT)QVupK|;V7teNd
z8ju>tm-D>?bA$r#9;|AVNo=yt=<>2#uYGD6nYPyVhPJFek0^JLQIxKQ_qQgK_F9yg
z3A|_RqCe$BzZwVd+CRa`?PGhsHaAF@zRI22&QX1HDmQ$#<2^fbS{2IUxWD5VLN|UH
z<#L&b*y+s{=xdh$uv1_G&vKx15#O|)?&q`z5uUYpNil=u`xg<jsPMWgJP1849b;-w
zSMf$_a}oufSC8G_^I9mCR&_QPtcS|V#_~Ivd^^2MEXULXS7`FERm5}Q1ceIL-`~0v
zSMWNvq!H(4bU`1_WbUh@$Xpwv{9psH6{+nQk5zQu%p&qfymH`+!Bd?7Tk^uu0X*MM
z-qP$c%Qw)I-fZQtHZ|4)vENQ}*C)H>Rmdj(>Ji#fIBswJPavCPt??Xn8{X4PzF>2v
zo2{e1`>)T2F{a!AZ6bDuf4tB>-oS&`2)`yP5InZ8sU08xaN9iAc}hak@RG5J*Vf(p
zt@HUjyeNj}oq4mBt?l|(OUn1|U-i9ny$nf;cB|qhYqzib$0fpYOv&N}HfUU(KuJbm
z7SCfWa4^5U!5Q47c5f}0H1+pH9dZ_WME}#<SIM9|aB*Y0{(U0=aO$$bf8I|rL3C12
z8F@{Tch`Dzxzy`#KYfk!{;0Kj_4+Ey2P@8B{!_)Ma|iq@zWYAINn0RGdyJj8W28@i
zkC>!2u4^+wxOQ;7`-*4BNUJsn$e3{9);@O~c*J7Z)_OIv2?%O<d%0P}(<S~nsXzTQ
zGuYN#%QM!~*x1GIV4qErtH4wH(Dz+>^%Lt}SODtjdHELcy&pDy8U(gm5k`G876B_k
z(ezb)vV38EF=mS515f0FKUi|XOVzH3A)alfWdy_>vF4J4W6W<gTW{eJl5k=FdI#4Y
z$9lxSe-{)FXbkEy<}JI{VJtCBg6XM6my39!Ht*0OR~P$vK$xs%KB0zX*z{vx1zKy+
zy^|3qVic>zr7l8az=yD_`0WPQ!-CPnmx@^~Ea04ZLxM#FPy}x{R{+uyr8UouFRP=D
zuu;wR#}S2`{qhj6$Qdo8hBgU*&<Gx`B;=)97*fpnAy^926}h-dPml7d0$q0FQwtI#
zgQYdak8B>{{mT2^IXorQ^xLB2S_SReC-|}yMLTMUh(M7UL-JQ@o79+6TuLTquTcVi
zb@G9U3e|8^>3OgTZ4n><vJ69z%42pp6RQUmUnTMzYPj;jZ$6Xn3n7|*wPy`u;to`z
zW^XZYvFZfWBHlk}=9kM8;dPXdreqO2kvL?7cPzSUO4?845j1#F#G#O%7BqiQm$|_{
zvRKGfZvVatl`Gj6rA@K;QWaJ`lI$WEVK$JH>o3)QN04eUkDLoP`Sj~|BhN!%WFw7e
zovG9_r1{A#v_WmRK~h=wJx0p#z{AaxIxM6gB$MS$1)=2kgeC0cQ{nT%1|eQza9mjo
zID){i%XZh$I~=OZQynNzXZ58<3<yheQnClbze?PYR%m3jr%fM7n`z3JZq#vjghaeI
z`>@+S_~Heng@d6g?Ee-COSR_hSwu6`NM=4><e^hsusf;fgq60bRINHLsPje^fMY`c
zg~<=an(!eoqVJ)JaeBQ81rsbLhI(UGgFb-HPjSIva-=fON$7W!crYOnyYMBTFbrKG
z+h#1n?L0VK{4?W{U!~iNpHJ({SD6OoVM7e+xve!Re#`R)&tTzLb}g6Eol5Jo1_SB5
zfmR}d&l&nDO4W2(=<f*TF6o_l6aH_C+6Hq6tm`K90Hoc^bU)X5?Xr@|T7HwSQE&$f
z?Ikh0pTiCeLPT)V5<HoU_YCQ14eITtSvfUj%`m7hRo1wv-jQXtXfsoil4|2iCq{~&
z4hiM%*_HJ>M0o6IpAvIMD`oS}oQHqXnB?JA*dx8Ga&m}_!44y<EwP<lggoQD$aZnA
z+oGJvfu`q+Y(81gDq%mf0fi0q2pRT*l~8Ve;}8^TgbR$lWIy*Q9;VTe!ZW}8-Z9qe
z%OrsnDWWV9D|?PfX9+F$Ni>emj$y>SNr{ItN@vf;5SbOCt+*1E^d0mUr0^J^;4GDk
zoSJvT!j##N`lKY8o{lOjvu(;aCD*eoPFB!5s}i|A_js=g481~+kUQm<Cm>(y_z`bc
zJv{ll2wobRt+ZA69Hu-byPn7h2gUAB2)$43IrO#f_b-NnfIOi+R$RJYS1!EGHm=PO
zU$s~dbV3}w%)B}a$;qDmhx1R%>fz<>Wqx%TIJ6|-^vSAlvtHXQU1{ZEHi@2`5sc&D
z9YDxyqA1YO&0|Z4pf7`!BBc*))CT0JAWzKx(>am|J17eG(^HtFLLbb$qGRB{mD0gH
z?8y_3%HB(cvJ5gpJaOa?7BXx0e~%`D*g%>nd~y6il1*#MoGp}tMl0q`WhiXg=ENE$
dt6+welKG30n(hC!Jp2uY94H9{LEJz<{4X-u7fJvC

literal 0
HcmV?d00001

diff --git a/cosmos-rules.yaml b/cosmos-rules.yaml
new file mode 120000
index 0000000..106567c
--- /dev/null
+++ b/cosmos-rules.yaml
@@ -0,0 +1 @@
+global/overlay/etc/puppet/cosmos-rules.yaml
\ No newline at end of file
diff --git a/cosmos.conf b/cosmos.conf
new file mode 100644
index 0000000..32f286a
--- /dev/null
+++ b/cosmos.conf
@@ -0,0 +1,2 @@
+tag="eduid-cosmos"
+#repo=git://override-repo-URL
diff --git a/default/README b/default/README
new file mode 120000
index 0000000..59a23c4
--- /dev/null
+++ b/default/README
@@ -0,0 +1 @@
+../README
\ No newline at end of file
diff --git a/fabfile/__init__.py b/fabfile/__init__.py
new file mode 100644
index 0000000..5574f3a
--- /dev/null
+++ b/fabfile/__init__.py
@@ -0,0 +1,53 @@
+from fabric.api import run,env
+from fabric.operations import get
+import os
+import yaml
+import re
+
+def _all_hosts():
+   return filter(lambda fn: '.' in fn and not fn.startswith('.') and os.path.isdir(fn),os.listdir("."))
+
+def _roledefs():
+   rules = dict()
+
+   rules_file = "cosmos-rules.yaml";
+   if os.path.exists(rules_file):
+      with open(rules_file) as fd:
+         rules.update(yaml.load(fd))
+
+   roles = dict() 
+   for node_name in _all_hosts():
+      for reg,cls in rules.iteritems():
+         if re.search(reg,node_name):
+            for cls_name in cls.keys():
+               h = roles.get(cls_name,[])
+               h.append(node_name)
+               roles[cls_name] = h
+   return roles
+
+env.user = 'root'
+env.timeout = 30
+env.connection_attempts = 3
+env.warn_only = True
+env.skip_bad_hosts = True
+env.roledefs = _roledefs()
+
+print repr(env.roledefs)
+
+def all():
+    env.hosts = _all_hosts()
+
+def cosmos():
+    run("cosmos update && cosmos apply");
+
+def upgrade():
+    run("apt-get -qq update && apt-get -y -q dist-upgrade");
+
+def facts():
+    get("/var/run/facts.yaml",local_path="facts/%(host)s.yaml")
+
+def chassis():
+    run("ipmi-chassis --get-chassis-status")
+
+def newvm(fqdn,ip,domain):
+    run("vmbuilder kvm ubuntu --domain %s --dest /var/lib/libvirt/images/%s.img --arch x86_64 --hostname %s --mem 512 --ip %s --addpkg openssh-server" % (domain,fqdn,fqdn,ip))
diff --git a/fabfile/__init__.pyc b/fabfile/__init__.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..d66ff5d8b1c8bec51b415ccd863f689e8b755737
GIT binary patch
literal 2999
zcmcIm-EJF26h7;}#Ho{}KNKppU?ftxD$Y_=DlV$3QY*n#5H3=XMYURc#`ZY-mz}Yb
zNcL5@MB){A9Ug)kUV#UI@0_ul2ys)Tcs;Xc&dfP;{?Atb+TQwoa<4a})vtp03k>@Q
zCWU`M2~iqQKcKWi{R#z)tx!^>v_}1!UsoxqQ@<`0fE(0rtl<snZ;-0d&qV!AQgs2E
zq#C3v6m5~(5a1fAO#xb@w*}Z)1J_A6>6`?)OZo-_(_K0b=$mg<Q~2E^wI#qUQr85y
zO{yip2c)(IxI=13fDcJk>2>EiG&FzX*I}hy6;nCO<gK%LCs-rL+8w;LPYu|Y81^o2
zi+!M&3uszlt3amn3V1WKgCVov!9=ey?B|$Z(FM^_gYriVOa%kF7S^86w8|Smy%xz1
zfF;`RFc-JQY+PJAdt%(gvE;dRyj8?l*8v!-OzFkv?NQdjOfuQ0fWk?h>M+q}G!0Mk
z@+eF*w{JDSy2IS2xeZ70U}O><Mv=*ki=zGF%x!}7SrVrM6+dU#Vo;A26>VJu5Qv;E
zdn|?9z?2y4SQvm_fGbPE`bTk+L=&iO`3}oUQXn2`0%Dwa=uZIf&^ggkY`hFE*%y8a
zsQiv#x`n{M-lt_n98xFfGToqscV|Gsp(6VJ$LuY;DxIDa3<B1#-kj31MyI)uN|?TS
z6Vp!>TGnaVV24ew(V|X^8b?Msqth3(0RNV!4rz&-sx;lE#RiQbE+{u?u}RY%p~3Z7
z-~_gx9sfp$$1}qJ@OVInz^+2X-hi^+dEIiBXuE$Fr-_8P1cx$1CvNGno5WZ86wdLX
zlNUM@+^kTs(?Y@Y0wj5?dM&16>l*kMBefEGr4}-)<8nBW(?|Nu_Shq`5f|XBI!q{`
zDWXXX3lwpX38Rtn`#D6Hd$L^VD2r3=^HPuHJxr{`A>MwIGh=cQURQ~47BVU!fYKu?
zX?7173YwKha5K0bd{Su!yTM(+w=lK=iNa-`JM%FPnkuFtlkksC@DjuBV)9XlG>%Xt
zPzoeD4<v2GvOQKq3?NZ`q0g1mg=Ipv?6D-5@&wBZ33ssYl?*At)qNdP_p#w)s_g@#
z{op}+g@9+1Gtr~R%-*BO9H9OZX8P_@e*vnva9xz`cK7)BlIU--XV_>fgnxHdjLTT*
z|3wilL@WM}{zDV4*%BeQ0eJhPfuJ*;2Z8qjpE$6$Fo*NF4AGoWn1{~iwq#L~591`_
z$}h)cH{9!R6g^y(01hol$oJ?XuJ2wF0PpUhPeEmh)O3fF*ji)TU3S)b)kS-AGyA`}
zWOeD|OQLg@@ZiuBmvBCNm!Jut7xO=$QH}2WD@A_6!Ff8EnMCQbeKb$ovjM&#W>87x
zX>79g9;>HN)!O33#0)}=xhY*}(s-<GxM%lGI>sq3qV3bKpGHrgV8u@40_ZuUI&FXT
z_)FkT;W4pN#nHIUwcFZB*XnYvecSgL$qGq@8Xc=limWN5D0{&!!r>}KlOrM1C-d|P
zfK?=PKH{6Xg5ooxG{gP4Fd~vKbKI#`8<4$>oyjxbGJJ#L{T}CpFO3{5qQ(pw%14DW
zsm^E4abgVfEYm|~5ycK|saSQiAIh1QK5`P5S(InVnd35Nk4zB_V&%Ucq?N2IzAxsw
zD0`pr-CQwy4|rlj^&axn#dKjdfv#e^O|W~G<_hilIcKTm>+Yb(wD_qstIeCuVEwcz
JJB(R9{{Y*wffE1#

literal 0
HcmV?d00001

diff --git a/global/overlay/etc/cosmos/keys/.placeholder b/global/overlay/etc/cosmos/keys/.placeholder
new file mode 100644
index 0000000..e69de29
diff --git a/global/overlay/etc/cron.d/cosmos b/global/overlay/etc/cron.d/cosmos
new file mode 100644
index 0000000..b157bde
--- /dev/null
+++ b/global/overlay/etc/cron.d/cosmos
@@ -0,0 +1,4 @@
+SHELL=/bin/sh
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+*/15 * * * *   root   test -f /etc/no-automatic-cosmos || (cosmos update && cosmos apply)
diff --git a/global/overlay/etc/puppet/cosmos-modules.conf b/global/overlay/etc/puppet/cosmos-modules.conf
new file mode 100644
index 0000000..d8ad043
--- /dev/null
+++ b/global/overlay/etc/puppet/cosmos-modules.conf
@@ -0,0 +1,11 @@
+#
+# name source (puppetlabs fq name or git url) upgrade (yes/no)
+#
+concat puppetlabs/concat no
+stdlib puppetlabs/stdlib no
+ufw attachmentgenie/ufw no
+apt puppetlabs/apt no
+vcsrepo puppetlabs/vcsrepo no
+xinetd puppetlabs/xinetd no
+#golang elithrar/golang yes
+#python git://github.com/stankevich/puppet-python.git yes
diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
new file mode 100644
index 0000000..d9dc495
--- /dev/null
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -0,0 +1,2 @@
+'ns[0-9]?.mnt.se$':
+   nameserver:
diff --git a/global/overlay/etc/puppet/cosmos_enc.py b/global/overlay/etc/puppet/cosmos_enc.py
new file mode 100755
index 0000000..63c3a66
--- /dev/null
+++ b/global/overlay/etc/puppet/cosmos_enc.py
@@ -0,0 +1,24 @@
+#!/usr/bin/env python
+
+import sys
+import yaml
+import os
+import re
+
+rules_path = os.environ.get("COSMOS_RULES_PATH","/etc/puppet")
+
+node_name = sys.argv[1]
+
+rules = dict()
+for p in rules_path.split(":"):
+   rules_file = os.path.join(p,"cosmos-rules.yaml")
+   if os.path.exists(rules_file):
+      with open(rules_file) as fd:
+         rules.update(yaml.load(fd))
+
+classes = dict()
+for reg,cls in rules.iteritems():
+   if re.search(reg,node_name):
+      classes.update(cls)
+
+print yaml.dump(dict(classes=classes))
diff --git a/global/overlay/etc/puppet/hiera.yaml b/global/overlay/etc/puppet/hiera.yaml
new file mode 100644
index 0000000..e69de29
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
new file mode 100644
index 0000000..c276f84
--- /dev/null
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -0,0 +1,52 @@
+# This manifest is managed using cosmos
+
+Exec {
+  path => "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+}
+
+# include some of this stuff for additional features
+
+#include cosmos::tools
+#include cosmos::motd
+#include cosmos::ntp
+#include cosmos::rngtools
+#include cosmos::preseed
+include ufw
+include apt
+include cosmos
+
+# you need a default node
+
+node default { 
+
+}
+
+# edit and uncomment to manage ssh root keys in a simple way
+
+#class { 'cosmos::access':
+#   keys => [
+#      "ssh-rsa ..."
+#   ]
+#}
+
+# example config for the nameserver class which is matched in cosmos-rules.yaml
+
+#class nameserver {
+#   package {'bind9':
+#      ensure => latest 
+#   } 
+#   service {'bind9':
+#      ensure => running
+#   }
+#   ufw::allow { "allow-dns-udp":
+#      ip   => 'any',
+#      port => 53,
+#      proto => "udp"
+#   }
+#   ufw::allow { "allow-dns-tcp":
+#      ip   => 'any',
+#      port => 53,
+#      proto => "tcp"
+#   }
+#}
+
diff --git a/global/overlay/etc/puppet/puppet.conf b/global/overlay/etc/puppet/puppet.conf
new file mode 100644
index 0000000..0ba85f4
--- /dev/null
+++ b/global/overlay/etc/puppet/puppet.conf
@@ -0,0 +1,14 @@
+[main]
+logdir=/var/log/puppet
+vardir=/var/lib/puppet
+ssldir=/var/lib/puppet/ssl
+rundir=/var/run/puppet
+factpath=$vardir/lib/facter
+templatedir=$confdir/templates
+node_terminus = exec
+external_nodes = /etc/puppet/cosmos_enc.py
+
+[master]
+# These are needed when the puppetmaster is run by passenger
+# and can safely be removed if webrick is used.
+ssl_client_header = SSL_CLIENT_S_DN 
diff --git a/global/post-tasks.d/010fix-ssh-perms b/global/post-tasks.d/010fix-ssh-perms
new file mode 100755
index 0000000..87636d7
--- /dev/null
+++ b/global/post-tasks.d/010fix-ssh-perms
@@ -0,0 +1,23 @@
+#!/bin/sh
+#
+# Re-used example from SJD
+#
+
+if test -d /root/.ssh && \
+    test `stat -t /root/.ssh | cut -d\  -f5` != 0; then
+    chown root.root /root/.ssh
+fi
+
+if test -d /root/.ssh && \
+    test `stat -c %a /root/.ssh` != 700; then
+    chmod 700 /root/.ssh
+fi
+
+if test -f /root/.ssh/authorized_keys; then
+    if test `stat -t /root/.ssh/authorized_keys | cut -d\  -f5` != 0; then
+	chown root.root /root/.ssh/authorized_keys
+    fi
+    if test `stat --printf=%a /root/.ssh/authorized_keys` != 600; then
+	chmod 600 /root/.ssh/authorized_keys
+    fi
+fi
diff --git a/global/post-tasks.d/015cosmos-trust b/global/post-tasks.d/015cosmos-trust
new file mode 100755
index 0000000..ad2c066
--- /dev/null
+++ b/global/post-tasks.d/015cosmos-trust
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+for k in /etc/cosmos/keys/*.pub; do
+   fp=`cosmos gpg --with-colons --with-fingerprint < $k| awk -F: '$1 == "pub" {print $5}'`
+   cosmos gpg --with-colons --fingerprint | grep -q ":$fp:" || cosmos gpg --import < $k
+done
+
+for fp in `cosmos gpg --with-colons --fingerprint | awk -F: '$1 == "pub" {print $5}'`; do
+   seen="no"
+   for k in /etc/cosmos/keys/*.pub; do
+      cosmos gpg --with-colons --with-fingerprint < $k | grep -q ":$fp:" && seen="yes"
+   done
+   if [ "x$seen" = "xno" ]; then
+      cosmos gpg --yes --batch --delete-key $fp || true
+   fi
+done
diff --git a/global/post-tasks.d/020reports b/global/post-tasks.d/020reports
new file mode 100755
index 0000000..091a236
--- /dev/null
+++ b/global/post-tasks.d/020reports
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+rm -f /var/run/facts.json
+facter -p -y > /var/run/facts.yaml
diff --git a/global/post-tasks.d/030puppet b/global/post-tasks.d/030puppet
new file mode 100755
index 0000000..6b1d33a
--- /dev/null
+++ b/global/post-tasks.d/030puppet
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+if [ "x$COSMOS_VERBOSE" = "xy" ]; then
+   args="--verbose"
+else
+   args="--logdest=syslog"
+fi
+
+if [ -f /usr/bin/puppet -a -d /etc/puppet/manifests ]; then
+   for m in `find /etc/puppet/manifests -name \*.pp`; do
+      puppet apply $args $m
+   done
+fi
diff --git a/global/post-tasks.d/099autoremove b/global/post-tasks.d/099autoremove
new file mode 100755
index 0000000..2cc6996
--- /dev/null
+++ b/global/post-tasks.d/099autoremove
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+apt-get -qq update
+apt-get -qq -y autoremove
diff --git a/global/post-tasks.d/999reboot b/global/post-tasks.d/999reboot
new file mode 100755
index 0000000..5331446
--- /dev/null
+++ b/global/post-tasks.d/999reboot
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+test -f /var/run/reboot-required -a ! -f /etc/cosmos-manual-reboot && reboot
diff --git a/global/pre-tasks.d/020common-tools b/global/pre-tasks.d/020common-tools
new file mode 100755
index 0000000..eaca6ea
--- /dev/null
+++ b/global/pre-tasks.d/020common-tools
@@ -0,0 +1,16 @@
+#!/bin/sh
+#
+# Re-used example from SJD
+#
+
+set -e
+
+stamp="$COSMOS_BASE/stamps/common-tools-v01.stamp"
+
+if ! test -f $stamp; then
+    apt-get -y install vim traceroute tcpdump molly-guard less rsync git-core unattended-upgrades ntp
+    update-alternatives --set editor /usr/bin/vim.basic
+
+    mkdir -p `dirname $stamp`
+    touch $stamp
+fi
diff --git a/global/pre-tasks.d/030puppet b/global/pre-tasks.d/030puppet
new file mode 100755
index 0000000..2dc0b80
--- /dev/null
+++ b/global/pre-tasks.d/030puppet
@@ -0,0 +1,35 @@
+#!/bin/sh
+#
+# Re-used example from SJD
+#
+
+set -e
+
+stamp="$COSMOS_BASE/stamps/puppet-tools-v01.stamp"
+
+if ! test -f $stamp -a -f /usr/bin/puppet; then
+    codename=`lsb_release -c| awk '{print $2}'`
+    wget -c http://apt.puppetlabs.com/puppetlabs-release-${codename}.deb
+    dpkg -i puppetlabs-release-${codename}.deb
+    rm -f puppetlabs-release-${codename}.deb*
+    apt-get update
+    apt-get -y install puppet-common
+
+    mkdir -p `dirname $stamp`
+    touch $stamp
+fi
+
+python -c "import yaml" 2>/dev/null || apt-get -y install python-yaml
+
+if [ -f /etc/puppet/cosmos-modules.conf ]; then
+   grep -E -v "^#" /etc/puppet/cosmos-modules.conf | (
+   cd /etc/puppet/modules && while read module src update; do
+       if [ ! -d /etc/puppet/modules/$module ]; then
+          echo $src | grep -q "://" && git clone $src $module || puppet module install $src
+       else
+          if [ "x$update" = "xyes" ]; then
+             echo $src | grep -q "://" && (cd /etc/puppet/modules/$module && git pull -q) || puppet module upgrade $src
+          fi
+       fi
+   done)
+fi