diff --git a/global/overlay/etc/hiera/data/common.yaml b/global/overlay/etc/hiera/data/common.yaml new file mode 100644 index 0000000..91c5bbb --- /dev/null +++ b/global/overlay/etc/hiera/data/common.yaml @@ -0,0 +1,61 @@ +--- +nrpe_clients: + - 127.0.0.1 # localhost + - 127.0.1.1 # localhost + - 172.16.0.0/12 # docker containers + - 109.105.111.111 # nagiosxi.nordu.net + - 2001:948:4:6::111 # nagiosxi.nordu.net + - 89.47.184.128 # watcher.sunet.se + - 2001:6b0:5a:4020::8e # watcher.sunet.se + +syslog_servers: + - syslog.sunet.se:514 + +mgmt_addresses: + - 130.242.125.68 # hoppjerka.sunet.se + - 2001:6b0:8:4::68 # hoppjerka.sunet.se + - 130.242.121.73 # joppherka.sunet.se + - 2001:6b0:7:6::73 # joppherka.sunet.se + +# Database of SSH keys. Presence of a key in this database does NOT mean it gets +# installed anywhere. Real ACLs refer to keys in this database. +sunet_ssh_keys: + 'mariah+CA747E57': + name : 'mariah+CA747E57@nordu.net' + key : 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDLQfL3uYsqjzkKOxn9nhjDHeWdWQ5SRwcPzq7gINcwJ7omA5c7wJ4RKDqBPihJ9tp2rgM6DKKGxtSyjO6LFhkGNa86uub2PLS0ar+aRobPZ6sOeASqHbO3S1mmvZZWTQ30AFjtY98jjlvfKEI5Xu1+UKyQJqK+/UBVKlPaW6GMSYLr9Z5Uu4XS/sBPdL/ZtR95zDO9OKY8OtTufQi8Zy3pl4Q3xcOsSLZrKiEKMYDCLPlxytHD8FDDYLsgiuPlbF8/uVYYrt/LHHMkD552xC+EjA7Qde1jDU6iHTpttn7j/3FKoxvM8BXUG+QpbqGUESjAlAz/PMNCUZ0kVYh9eeXr' + 'pahol+93F77273': + name : 'pahol+93F77273@sunet.se' + key : 'AAAAB3NzaC1yc2EAAAADAQABAAACAQC1jt8vKEVSX7VjUPRNNKBS9oTldnT3IaZ1Xh8moGKX2ezaoQnuLaaKOkKHMPVYpwJNJcLtOP3btSNYC0e61aHmEO2MimSRvskSsd3foP5wDg9f4Bel0XZla+SdNjHM/FK6MndM5GppYpgAMhVf+6xU9x9OVTcd4jCFKB7o+3YlpRNSS3kUDJcMUPJ41qAg37CQyYCV02M581vYsCe/8qYEeihdLnEXBDiYqZ8CU4BdML83/xv7pqsSs0ZUknul2IcIwpElKMpkb3dYJcKaAac2WyEDAwtFywEPJLGoHuaEmhD421F9YhVZDmGB9r6yGdTlF5MYUFhpHyB9IdNm8Vv8tWjI8qAor19Y27H6kNPmnUx5ZEPOHuBtlldpyXZhixssutPb9+0D0xKzzvR6aOgXsAtpUnqi9WxF3OFZmR6fIk4d0I4nezauX4fnlwrlNyQ7hWAvRDhYNei8ixpsMrp+0pcq987GpXe+KTGSeS4Fd8aXBl/iu6ZGPBQ6zNNwEfuDhVOJGO3mf3MDlIlBPctRyZleYApaDqNXF+bm4bkTSPmFxBSfuPQI34ZEMmXpXuFS0mL6gxwgIL/0VuU9Bqj+tqGmMSi6jtaQCrTDc78+GMmupj3jl3s5FYRcTdASkrSf2RNLm9f96hcwLp8ail3UTmSvVZ4I5QXMbwe4YWVcUw==' + 'jonas-6CB01A0F': + name : 'jonas-6CB01A0F@nordu.net' + key : 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDvuL8XCorTZ1VP5cgbcdN5gNumnZ8RkrS8Hs5b0QKLRwwBNFsl98xMKxzQfBYR610vMnW30iDt3dRnqhfp75yakvt5fvrnk11gSwGoEOeBr5T7jgnJQK/kBIikXfpqsvH/40cSkX3Lx86VzDps/8j5sVYmgWiRk7BKG2/aSVY22RdPliITy2N60BUdZE3blz/I2bpJ1gDzAlJJk/xYHluou7mUuEEMT681hhAC+D32ofTAFSUtvP2PfsOTJxfJ2Iy22cRpR5aA5OCImEmBim4T1vAJUn6xSbeGI4RDHURYveLUT46gE5diWDTmdRKp8P7IpEYhJ1QQtdbsjnt9N6xJUI9ZcujD7yH1Drt0mJH23UhmNtliPeC8nO+58iM9MIgvnqw01wmWG5YnOBJVFWPC90LNGwm29Y6kjxDyVmDXglyx5mBymiEt8l2twi8xVbv6rKAUCUxHpcdsThvyZ75YWpAj0Rpvm5+y76xKqqJ8tK8YUUlD/g/L8gGYsg9GcHdxkUHNF+NMkbzbARM11eALYFdRCM7Kzgf49xMtOcs4s1IcM6u1YX51FvdyWlHHmDTGazz6k/AnF4jqdD4+SBdo7BPdh+FTfNbA1AtOyV1YNLCFrhnSBoUgt+IJ4LZFiRuyak1uxM8zdz5iikzEY+ClEe0GolmG7qtY12DVPy+b+w==' + 'thorslund': + key : 'AAAAB3NzaC1yc2EAAAADAQABAAACAQCWiojMhkPGOG9/7AxTiB+cWv0QI7SZRmRTPl+vvYTk1iLt8StJJVZ6MJzNZEbAqfwthbRJMhUoMHbLV7Lxho4utZHOeNwQp8RFrPoOhAkAvN+tZ+pitnPqiulJjoms3+uaO23JJOWn0c2UyO98XcbYKVMYaWRKz8W4xeuFy6dZupPP+u8MAskRqW5zNFrbyqsPLIYrqnTByiibEV9LP3gUBqwupqbEGPJ2DbofQEfkdKb7eiOns48tw3jCjAP+Xhc9/jFAc/wDDlvC8gm7gPtgmR+1ICPdBEz3t3rDlYr/Fx1XTZXrWlNqgaRmXsWBg+5hYKR2aAStSShFfgLnUAHtsjd2P2ued2LKjnfkTdFTzWEmtZsZsbQbtA3ChmFvGS52vk/nOWuUlHK6d0vDtCrr6y5MD9v0Rb0cSMlhsH3WncMtY1QYq5a5bQluwyM6aA2ANZnRX6Pz8GlqCYdIyZ1EQVW3U8xACs9bebdKX6NLfc1lqSnsR4GSbA7qhzLuyPzoT7UmhpA9dZ+ZGC7qZ4g8R1eQgH+/RcMEFFF6ju22xgAy0CASdgJHPRXEOjKVIc5pQQc0h6RSCH70ctGETMsErBKTSFVigO6Oeec8Y+dR+gWAOmDJgB8vYymz8TWZRSF1lRQGXp3LEbBUNdyQ2Wa5LGFI8eYfp/f1kXuUYMZWGQ==' + name : 'thorslund@sunet.se' + 'kano+0DA0A7A5708FE257': + name : 'kano+0DA0A7A5708FE257' + key : 'AAAAB3NzaC1yc2EAAAADAQABAAACAQC5Llc/yl585Uj1CcJPcImWKFRkLOL1OhHhIHcVgj90eqoYz0vtmaw+MzlAj7DgwdtXb1WRAjjoulLZhEkHQ6iL9VePMJFqxN+YKvl+YZnJuOIAoH0CvS8Ej0TzZV2wuhchrWo5YrhVqi9PfFEt5xSHq/B0EFl797R6bFF75g0OE0EdJxtd1UmKQLJxtn/6gZoa7Z4ZuZqm8lL8cpBdm4qWFUGaz8CpCVwuGK9mdoszU/74tWkEcKnYD2DEIC0B/lZ9BeluRgw3Qf1Grf8G9D44OjbB+QkuiO34ru2hVKjTrfCnDEq+pfPzoNXVVUIlAxvoOqjCAnKZv080cJq3fYwjMkMTfU4JaH9y+Byidft1wcgV0T2aayUBMEuF6FbblUhLfhi5C04IfnCWYarquNfLkGy1LnVcejDG17o77Vz8oLlJ8kThMPdOt8hbOZjrdO7y9+Olk0QPYme8AW0sQTthM4+5mlQ3bHIX40QRoA6xm4+gPISqZQhdEmHR9iialCsx4KV2qpBkeNsvnBuC54Ltwmr5/nNSpKkfPJ8t7wKe42DPhxvg1Tb+GV6YIhDYJaHzbT1OVLO9X9YsjKGxtF6kxo46+0rOx3FDfYfG77qKKc3XmDaJLUcwVHO+PlBAWnfvMuWzSLWFduOHvm9gb49jsxw4rAB8iYLO8YHv4eqkhw== openpgp:0x3AA4721F' + 'kano+D1BCFE917E2DA66AFA6C66AC4A10941FAD116B7E': + key : 'AAAAB3NzaC1yc2EAAAADAQABAAACAQCs/LdyLV3+N4H8eqpPFRPC5CJR7AerACzrcZhF7a8uI4gvJip9HsllT0WuNA0KhiGzLbUEtO9AVAiKh/cfLKHdpZY67H2cROTqBBvI3BbvyuZO/e5MUJ9e/apWPK46XSULZwh1/xh8glBmejQ7ljpv/emAWICk0ZyZedAcVODtYp6Rs8M2ukM6frHPQTz9Q5sktgbpMVh8cFRDmRAE8WoPxfnLT/BKPEAFnrh0peoyQUThIAHS//vOxyyoaXDga+x0ZshUDuCtEQpvrVbp3KLwS4Tm6qjVq3lsyJc5CodX3+8tvgD4r3L4UAxISvZh+knbuFGHcpY57M9B0XFvv0S2vC8+J0uEGTawLHh/7WNIf3zZZOgG/k4s9oZl3ey2mU3bb8BLHcNbU8V4peuV5WW0YAWjKIT7V39LWbDt7wPq/TQ21s0sLMXRfH4/XS5foyBrIumxg56j4pOTLQyAbXyOONnmDWze0FpKNA+3qdrlVL54EjQh5EcKLoalUI2UE1jUT2r/3lmo3ebF2nPgtfD9L08BEHxti0jYRgskWgCcco0JwhjDb6pCRGFrI5Dt1IBei3wpArfhf/p9jdZOUPtiqUaw3s9l35phn7yAEiJQhL9bXde/1ysnNIbyow/rAYbQBC2ktwENUoh/L3g6b0vJRddQt1e6ug/1sdjspK4Ksw==' + name : 'kano+D1BCFE917E2DA66AFA6C66AC4A10941FAD116B7E@sunet.se' + 'benedith+4B4B3EB3': + name : 'benedith+4B4B3EB3' + key : 'AAAAB3NzaC1yc2EAAAADAQABAAACAQCu7Vonudww/tVxrIcIobom8dXZpWMAL/Eel9G+kXtUCpERGqa2XVjUW6rsVRmjS7kS7mwauYDfckEpXBIBk/KGlLtW0drPi4Htpr83H3M8D4ym4RDTN7gN+kozNvqBOWi2zmfobViskWjapyxvAYCDI9iWz56FXPOQWly0XYZaO6mDy1tqBIcsSkuPUcuIl8vshjeMXpgm15uY7uG5Ebkb+O6hiM70ZvCv+xgY+2AOpH2GJmhUALs+rW4v2yqHkyI5IpWAZkSdPLz4mJuqTRrhOEgDfxmUIWhbT1ApbvXlGTMBnuksqpK8Q3YR1XMqh0kQffV5nCXwjSMMd7eKu5EjEGoCpDFm1YGhZA0DVo02STEkc2QXlIV5UAMjFqIrS3t31OTxk53oSzCLqL+0ZZM4bQ1eBjU3wXii107YrPk2MvdvRera1AMSGuQiKHkWn3LOgyR3+FJeerrPvvPj7AaUAIa8rE9kM9EByHIzmQmi/b2FaEnHV9Lk8yc4X9m3Fnwa8OXnZ/NVr7Jrj6Ts+odCu5BTmm3tWnmjZ7R7/xRGJ92+SOAuzCDkbF7mJ3jlQX5gIyK66dY5m5Y0wHmo9Lkv+fGztgYwGj/sjA9c0HjGZiLIYk4DpU9/7BqK/0NmOLEhjLSviU8M9eP/XUk4yeCD8d3ISakTaWlVHywbVci27w==' + 'patlu-2249F294': + name : 'patlu+2249F294' + key : 'AAAAB3NzaC1yc2EAAAADAQABAAACAQCquMY5L5QIVq2QjLpfitlS1dSitYThlYxCxyhUG7Hl5IdM5w+PAm45hb/ensn8e/oWXk/W4NoYTlP22KzFwkEeUNlEq21AdYAcb+MwJdCqF/iLP0qpKsznWio7OU3gBn1XqsdVrpewnXIEH9rkin1YIa+m263lrvLKWOhWiu9dGyZYlbA3fIivBTad6gplWfMwjfbeS2uxPoLdN1lP7UYWefe9iVXvgVi19omA836fLRZKi+znHVdvExXVGfSxhF0OOylbjT9gohiaqhCWaIoskRaVqHHTQlqOwcei7XCrdz94Cmxq1XnkvKA9vNVWyv84i5DTpAcxIA/yEE5BXe3qLgek6H5POx6xjyp7EjOw533Q01iYBDXTiCzoK8zanPNYqlcwb0tYXfxT8HTSgUeHKQL1990yRIuKiwkK2YecFfCvpfz257VAZkVjN8IEfw/WhFxSOwL00pUmTLA/DxVFyHuYvdvEs+FANgXX81v1eniExslCcHp9HiOK3odVM1eE02V6O1Kwxyp7cooUEDZ610x0eePhvx20ssTm3qSXdWS1rgZ+ZTzhkwxm8OpSFGDrCgxdUs4tmTtjwcUDeOfTu77ef5t3XTqP9QoCz9CuSi3ZfKM9G1FXTcgU9ApEgCqeUA/56RgUjFvwt9TTnC6I71/0E2olIrp3O5B8l1kLXQ==' + +sunetops_ssh_keys: + 'root': + - 'jonas-6CB01A0F' + - 'mariah+CA747E57' + - 'pahol+93F77273' + - 'thorslund' + +streamops_ssh_keys: + 'root': + - 'benedith+4B4B3EB3' + - 'kano+0DA0A7A5708FE257' + - 'kano+D1BCFE917E2DA66AFA6C66AC4A10941FAD116B7E' + - 'patlu-2249F294' + diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index f3b0107..393704f 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -1,6 +1,6 @@ .+: sunet::server: - rut: + streams: sunet::invent::client: export_endpoint: https://ni-frontend-test.sunet.se invent_retention_days: 1 diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 1549a00..41b828c 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -1,51 +1,24 @@ # This manifest is managed using cosmos +class streams { + include sunet::motd -Exec { - path => "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + sunet::ssh_keys { 'streamsops': + config => safe_hiera('streams_ssh_keys', {}) + } + + sunet::ssh_keys { 'sunetops': + config => safe_hiera('sunetops_ssh_keys', {}) + } + + include sunet::rsyslog + include sunet::nagios::nrpe } -# include some of this stuff for additional features +Exec { + path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', +} -#include cosmos::tools -#include cosmos::motd -#include cosmos::ntp -#include cosmos::rngtools -#include cosmos::preseed -#include ufw -#include apt -#include cosmos - -# you need a default node node default { } - -# edit and uncomment to manage ssh root keys in a simple way - -#class { 'cosmos::access': -# keys => [ -# "ssh-rsa ..." -# ] -#} - -# example config for the nameserver class which is matched in cosmos-rules.yaml - -#class nameserver { -# package {'bind9': -# ensure => latest -# } -# service {'bind9': -# ensure => running -# } -# ufw::allow { "allow-dns-udp": -# ip => 'any', -# port => 53, -# proto => "udp" -# } -# ufw::allow { "allow-dns-tcp": -# ip => 'any', -# port => 53, -# proto => "tcp" -# } -#}