action [:enable]
end
-if node[:lsb][:release].to_f >= 18.04
- apache_module "http2"
-end
+apache_module "http2"
admins = data_bag_item("apache", "admins")
# DO NOT EDIT - This file is being maintained by Chef
-<% if node[:lsb][:release].to_f >= 18.04 -%>
# Enable HTTP/2 over TLS
Protocols h2 http/1.1
-<% end -%>
# Set the number of seconds before receives and sends time out
Timeout <%= node[:apache][:timeout] %>
SSLHonorCipherOrder On
SSLCipherSuite <%= node[:ssl][:openssl_ciphers] %>
-<% if node[:lsb][:release].to_f < 16.04 -%>
-
-SSLCertificateChainFile /etc/ssl/certs/letsencrypt.pem
-<% end -%>
SSLUseStapling On
SSLStaplingResponderTimeout 5
update-notifier-common
]
-if node[:lsb][:release].to_f < 18.04
- package "gnupg-curl"
-end
-
file "/etc/motd.tail" do
action :delete
end
apt_repository "management-component-pack" do
action repository_actions["management-component-pack"]
uri "https://downloads.linux.hpe.com/SDR/repo/mcp"
- if node[:lsb][:release].to_f >= 16.04
- distribution "xenial/current"
- else
- distribution "#{node[:lsb][:codename]}/current"
- end
+ distribution "#{node[:lsb][:codename]}/current"
components ["non-free"]
key "C208ADDE26C2B797"
end
mode 0o755
end
-if node[:lsb][:release].to_f >= 15.10
- systemd_service "chef-client" do
- description "Chef client"
- after "network.target"
- exec_start "/usr/bin/chef-client -i 1800 -s 20"
- restart "on-failure"
- end
-else
- template "/etc/init/chef-client.conf" do
- source "chef-client.conf.erb"
- owner "root"
- group "root"
- mode 0o644
- end
+systemd_service "chef-client" do
+ description "Chef client"
+ after "network.target"
+ exec_start "/usr/bin/chef-client -i 1800 -s 20"
+ restart "on-failure"
end
service "chef-client" do
action [:enable, :start]
- if node[:lsb][:release].to_f >= 15.10
- restart_command "systemctl kill --signal=TERM chef-client.service"
- end
+ restart_command "systemctl kill --signal=TERM chef-client.service"
supports :status => true, :restart => true, :reload => true
subscribes :restart, "dpkg_package[chef]"
subscribes :restart, "template[/etc/init/chef-client.conf]"
weekly
compress
postrotate
-<% if node[:lsb][:release].to_f >= 15.10 -%>
systemctl try-restart chef-client.service
-<% else -%>
- restart chef-client > /dev/null
-<% end -%>
endscript
}
-default[:hardware][:modules] = if node[:lsb][:release].to_f >= 16.04
- %w[lp]
- else
- %w[loop lp rtc]
- end
-
+default[:hardware][:modules] = %w[lp]
default[:hardware][:grub][:cmdline] = %w[nomodeset]
default[:hardware][:sensors] = {}
-default[:hardware][:mcelog][:enabled] = node[:lsb][:release].to_f < 18.04
-
if node[:dmi] && node[:dmi][:system]
case node[:dmi][:system][:manufacturer]
when "HP"
end
units.sort.uniq.each do |unit|
- if node[:lsb][:release].to_f >= 16.04
- service "serial-getty@ttyS#{unit}" do
- action [:enable, :start]
- end
- else
- file "/etc/init/ttySttyS#{unit}.conf" do
- action :delete
- end
-
- template "/etc/init/ttyS#{unit}.conf" do
- source "tty.conf.erb"
- owner "root"
- group "root"
- mode 0o644
- variables :unit => unit
- end
-
- service "ttyS#{unit}" do
- provider Chef::Provider::Service::Upstart
- action [:enable, :start]
- supports :status => true, :restart => true, :reload => false
- subscribes :restart, "template[/etc/init/ttyS#{unit}.conf]"
- end
+ service "serial-getty@ttyS#{unit}" do
+ action [:enable, :start]
end
end
supports :status => true, :restart => true, :reload => true
end
-if node[:hardware][:mcelog][:enabled]
- package "mcelog"
-
- %w[bus cache dimm iomca page socket-memory unknown].each do |trigger|
- template "/etc/mcelog/#{trigger}-error-trigger.local" do
- source "mcelog-trigger.erb"
- owner "root"
- group "root"
- mode 0o755
- end
- end
-
- service "mcelog" do
- action [:start, :enable]
- supports :status => true, :restart => true, :reload => false
- end
-end
-
tools_packages = []
status_packages = {}
]
end
-smartd_service = if node[:lsb][:release].to_f >= 16.04
- "smartd"
- else
- "smartmontools"
- end
-
disks = disks.compact
if disks.count.positive?
mode 0o644
end
- service smartd_service do
+ service "smartd" do
action [:enable, :start]
subscribes :reload, "template[/etc/smartd.conf]"
subscribes :restart, "template[/etc/default/smartmontools]"
end
end
else
- service smartd_service do
+ service "smartd" do
action [:stop, :disable]
end
end
?FORMAT 3
# ACTION SOURCE DEST PROTO DPORT SPORT USER SWITCH
-<%- if node[:lsb][:release].to_f >= 16.04 %>
NOTRACK:P lo - - - - - -
NOTRACK:O - lo - - - - -
-<%- end %>
# DO NOT EDIT - This file is being maintained by Chef
-<% if node[:lsb][:release].to_f >= 16.04 -%>
?SECTION NEW
-<% else -%>
-SECTION NEW
-<% end -%>
# ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH HELPER
# PORTS PORTS DEST LIMIT GROUP
# D E F A U L T A C T I O N S / M A C R O S
###############################################################################
-<%- if node[:lsb][:release].to_f <= 16.04 %>
-ACCEPT_DEFAULT="none"
-DROP_DEFAULT="Drop"
-NFQUEUE_DEFAULT="none"
-QUEUE_DEFAULT="none"
-REJECT_DEFAULT="Reject"
-<%- else %>
ACCEPT_DEFAULT="none"
BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
NFQUEUE_DEFAULT="none"
QUEUE_DEFAULT="none"
REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)"
-<%- end %>
###############################################################################
# R S H / R C P C O M M A N D S
AUTOHELPERS=Yes
-<%- if node[:lsb][:release].to_f <= 16.04 %>
-AUTOMAKE=No
-<%- else %>
AUTOMAKE=Yes
-<%- end %>
BALANCE_PROVIDERS=No
MARK_IN_FORWARD_CHAIN=No
MINIUPNPD=No
-<%- if node[:lsb][:release].to_f <= 16.04 %>
-
-MODULE_SUFFIX=ko
-<%- end %>
MULTICAST=No
NULL_ROUTE_RFC1918=No
-<%- if node[:lsb][:release].to_f <= 14.04 %>
-OPTIMIZE=1
-<%- else %>
OPTIMIZE=All
-<%- end %>
OPTIMIZE_ACCOUNTING=No
TRACK_RULES=No
USE_DEFAULT_RT=No
-<%- if node[:lsb][:release].to_f >= 18.04 %>
USE_NFLOG_SIZE=No
-<%- end %>
USE_PHYSICAL_NAMES=No
# D E F A U L T A C T I O N S / M A C R O S
###############################################################################
-<%- if node[:lsb][:release].to_f <= 16.04 %>
-ACCEPT_DEFAULT="none"
-DROP_DEFAULT="Drop"
-NFQUEUE_DEFAULT="none"
-QUEUE_DEFAULT="none"
-REJECT_DEFAULT="Reject"
-<%- else %>
ACCEPT_DEFAULT="none"
BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
DROP_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)"
NFQUEUE_DEFAULT="none"
QUEUE_DEFAULT="none"
REJECT_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)"
-<%- end %>
###############################################################################
# R S H / R C P C O M M A N D S
AUTOHELPERS=Yes
-<%- if node[:lsb][:release].to_f <= 16.04 %>
-AUTOMAKE=No
-<%- else %>
AUTOMAKE=Yes
-<%- end %>
BALANCE_PROVIDERS=No
MARK_IN_FORWARD_CHAIN=No
MINIUPNPD=No
-<%- if node[:lsb][:release].to_f <= 16.04 %>
-
-MODULE_SUFFIX=ko
-<%- end %>
MUTEX_TIMEOUT=60
-<%- if node[:lsb][:release].to_f <= 14.04 %>
-OPTIMIZE=1
-<%- else %>
OPTIMIZE=All
-<%- end %>
OPTIMIZE_ACCOUNTING=No
TRACK_RULES=No
USE_DEFAULT_RT=Yes
-<%- if node[:lsb][:release].to_f >= 18.04 %>
USE_NFLOG_SIZE=No
-<%- end %>
USE_PHYSICAL_NAMES=No
default[:ssl][:openssl_ciphers] = "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"
-default[:ssl][:gnutls_ciphers] = if node[:lsb][:release].to_f >= 18.04
- "NONE:+AEAD:+SHA256:+SHA1:+SHA384:+SHA512:+CURVE-X25519:+CURVE-SECP256R1:+CURVE-SECP384R1:+CURVE-SECP521R1:+SIGN-ALL:-SIGN-RSA-MD5:-SIGN-DSA-SHA1:-SIGN-DSA-SHA224:-SIGN-DSA-SHA256:-SIGN-DSA-SHA384:-SIGN-DSA-SHA512:+AES-256-GCM:+AES-256-CCM:+CHACHA20-POLY1305:+CAMELLIA-256-GCM:+AES-256-CBC:+CAMELLIA-256-CBC:+AES-128-GCM:+AES-128-CCM:+CAMELLIA-128-GCM:+AES-128-CBC:+CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-DTLS1.2:+VERS-DTLS1.0:+COMP-NULL:%PROFILE_LOW"
- else
- "NONE:+AEAD:+SHA256:+SHA1:+SHA384:+SHA512:+CURVE-SECP256R1:+CURVE-SECP384R1:+CURVE-SECP521R1:+SIGN-ALL:-SIGN-RSA-MD5:-SIGN-DSA-SHA1:-SIGN-DSA-SHA224:-SIGN-DSA-SHA256:+AES-256-GCM:+CAMELLIA-256-GCM:+AES-256-CBC:+CAMELLIA-256-CBC:+AES-128-GCM:+CAMELLIA-128-GCM:+AES-128-CBC:+CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-DTLS1.2:+VERS-DTLS1.0:+COMP-NULL"
- end
+default[:ssl][:gnutls_ciphers] = "NONE:+AEAD:+SHA256:+SHA1:+SHA384:+SHA512:+CURVE-X25519:+CURVE-SECP256R1:+CURVE-SECP384R1:+CURVE-SECP521R1:+SIGN-ALL:-SIGN-RSA-MD5:-SIGN-DSA-SHA1:-SIGN-DSA-SHA224:-SIGN-DSA-SHA256:-SIGN-DSA-SHA384:-SIGN-DSA-SHA512:+AES-256-GCM:+AES-256-CCM:+CHACHA20-POLY1305:+CAMELLIA-256-GCM:+AES-256-CBC:+CAMELLIA-256-CBC:+AES-128-GCM:+AES-128-CCM:+CAMELLIA-128-GCM:+AES-128-CBC:+CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-DTLS1.2:+VERS-DTLS1.0:+COMP-NULL:%PROFILE_LOW"
default[:ssl][:strict_transport_security] = "max-age=31536000; includeSubDomains; preload"
rsyslog
]
-if node[:lsb][:release].to_f < 18.04
- package "sysv-rc-conf"
-end
-
service "rsyslog" do
action [:enable, :start]
supports :status => true, :restart => true, :reload => true
projects / chef.git / commitdiff