swedenconnect/eid-ops
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Do not run bastion for now on ubuntu24, SC-2522

Browse source
This commit is contained in:
Patrik Holmqvist 2024-12-19 15:40:27 +01:00
parent b94a601b37
commit 73e5eb3486
Signed by: pahol
GPG key ID: 5D5B0D4E93F77273
1 changed files with 15 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
global/overlay/etc/puppet/manifests/cosmos-site.pp
View file

@ -838,17 +838,15 @@ class sunetops {
config => safe_hiera('sunetops_ssh_keys', {}) config => safe_hiera('sunetops_ssh_keys', {})
} }
# OS hardening # OS hardening
# For now we skip this on ubuntu24, SC-2522
if ($facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['full'], '22.04') <= 0 ){
if $facts['networking']['hostname'] =~ /kvm/ { if $facts['networking']['hostname'] =~ /kvm/ {
class {'bastion': class {'bastion':
fstab_fix_shm => false, fstab_fix_shm => false,
sysctl_net_hardening => false, sysctl_net_hardening => false,
} }
} elsif $facts['networking']['hostname'] =~ /random/ { # pollen requires exec on /tmp
class {'bastion':
fixperms_enable => false,
fixperms_paranoia => false,
}
} else { } else {
class {'bastion': class {'bastion':
fstab_fix_shm => false, fstab_fix_shm => false,