madAndroid · August 9, 2013 15:14
diff --git a/init.pp b/init.pp
 class tw_defaults {

    class { 'sfrole_defaults': }
    class { 'tw_users': }

    include tw_defaults::yum_repos
    include tw_defaults::sysctl

    include tw_defaults::packages

 }

 class tw_defaults::packages {

    Package {
        ensure  => installed,
    }

    package { [ 'libuuid-devel',
                'git',
                'Percona-Server-devel-55',
                'libxml2-devel.x86_64',
                'libxslt-devel.x86_64',
                'uuid',
                'uuid-devel',
                'patchutils',
                'patch',
                'e2fsprogs-devel',
                'e2fsprogs',
                'libcom_err-devel',
            ]:
    }

 }

 class tw_defaults::yum_repos {

    file { '/etc/pki/rpm-gpg/IUS-COMMUNITY-GPG-KEY':
        source => 'puppet:///modules/tw_defaults/yum/keys/IUS-COMMUNITY-GPG-KEY',
    }

    file { '/etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag':
        source => 'puppet:///modules/tw_defaults/yum/keys/RPM-GPG-KEY-rpmforge-dag',
    }

    # Repos
    yumrepo { 'ius':
        gpgcheck => '1',
        gpgkey => 'file:///etc/pki/rpm-gpg/IUS-COMMUNITY-GPG-KEY',
        descr => 'IUS Community Packages for Enterprise Linux 6 - $basearch',
        mirrorlist => 'http://dmirr.iuscommunity.org/mirrorlist/?repo=ius-el6&arch=$basearch',
        enabled => '1',
        require => File [ '/etc/pki/rpm-gpg/IUS-COMMUNITY-GPG-KEY' ],
    }

    yumrepo { 'rpmforge':
        gpgcheck => '1',
        gpgkey => 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag',
        descr => 'RHEL $releasever - RPMforge.net - dag',
        mirrorlist => 'http://apt.sw.be/redhat/el6/en/mirrors-rpmforge',
        enabled => '1',
        require => File [ '/etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag' ],
    }

 }


 class tw_defaults::sysctl {

    class { 'sf_sysctl':
        use_defaults    => false,
    }

    sf_sysctl::config::set { 'net.core.rmem_max':
        value   => '8388608',
    }
    sf_sysctl::config::set { 'net.ipv4.tcp_rmem':
        value   => '4096 1048576 8388608',
    }
    sf_sysctl::config::set { 'net.core.wmem_max':
        value   => '8388608',
    }
    sf_sysctl::config::set { 'net.ipv4.tcp_wmem':
        value   => '4096 1048576 8388608',
    }
    sf_sysctl::config::set { 'net.ipv4.tcp_mem':
        value   => '8388608 8388608 8388608',
    }
    sf_sysctl::config::set { 'net.core.optmem_max':
        value   => '40960',
    }
    sf_sysctl::config::set { 'net.ipv4.tcp_max_tw_buckets':
        comment => 'tcp-time-wait buckets pool size from 180000 to 360000',
        value   => '360000',
    }
 ### This appears to be an unknown key in sysctl on CentOS
 #    sf_sysctl::config::set { 'net.core.hot_list_length':
 #        comment => 'Increase the maximum number of skb-heads to be cached from 128',
 #        value   => '256',
 #    }
    sf_sysctl::config::set { 'net.core.netdev_max_backlog':
        comment => 'increase from 300 to 1024',
        value   => '1024',
    }
    sf_sysctl::config::set { 'net.ipv4.tcp_reordering':
        comment => 'increase TCP Re-Ordering value in kernel from 3 to 5',
        value   => '5',
    }
    sf_sysctl::config::set { 'net.ipv4.icmp_echo_ignore_broadcasts':
        comment => 'change from 0 to 1 to Enable ignoring broadcasts request',
        value   => '1',
    }
    sf_sysctl::config::set { 'net.ipv4.tcp_syncookies':
        comment => 'change from 0 to 1 to enable syn cookies protection',
        value   => '1',
    }
    sf_sysctl::config::set { 'net.ipv4.tcp_timestamps':
        comment => 'turn on TCP time stamps',
        value   => '1',
    }
    sf_sysctl::config::set { 'net.ipv4.tcp_sack':
        comment => 'change from 0 to 1 (fack was enabled already)',
        value   => '1',
    }
    sf_sysctl::config::set { 'net.ipv4.tcp_window_scaling':
        comment => 'change from 0 to 1 for TCP window scaling',
        value   => '1',
    }
    sf_sysctl::config::set { 'net.ipv4.tcp_keepalive_time':
        comment => 'decrease from 1400 to 1200 for tcp_keepalive_time connection',
        value   => '1200',
    }
    sf_sysctl::config::set { 'net.ipv4.tcp_fin_timeout':
        comment => 'decrease from 1400 to 25',
        value   => '25',
    }
    sf_sysctl::config::set { 'net.ipv4.conf.default.log_martians':
        comment => 'change from 0 to 1 to Log Spoofed Packets, Source Routed Packets, Redirect Packets',
        value   => '1'
    }
    sf_sysctl::config::set { 'net.ipv4.conf.all.log_martians':
        comment => 'change from 0 to 1 to Log Spoofed Packets, Source Routed Packets, Redirect Packets',
        value   => '1',
    }
    sf_sysctl::config::set { 'net.ipv4.conf.default.accept_redirects':
        comment => 'disable ICMP redirects',
        value   => '0',
    }
 ### This appears to be an unknown key in sysctl on CentOS
 #    sf_sysctl::config::set { 'net.ipv4.conf.all.accept_redirect':
 #        comment => 'disable ICMP redirects',
 #        value   => '0',
 #    }
    sf_sysctl::config::set { 'net.ipv4.conf.default.accept_source_route':
        value   => '0',
    }
    sf_sysctl::config::set { 'net.ipv4.conf.all.accept_source_route':
        value   => '0',
    }
    sf_sysctl::config::set { 'net.ipv4.conf.all.rp_filter':
        comment => 'enable source route verification',
        value   => '1',
    }
    sf_sysctl::config::set { 'net.ipv4.conf.default.rp_filter':
        comment => 'enable source route verification',
        value   => '1',
    }

 }
	class tw_defaults {

	class { 'sfrole_defaults': }
	class { 'tw_users': }

	include tw_defaults::yum_repos
	include tw_defaults::sysctl

	include tw_defaults::packages

	}

	class tw_defaults::packages {

	Package {
	ensure => installed,
	}

	package { [ 'libuuid-devel',
	'git',
	'Percona-Server-devel-55',
	'libxml2-devel.x86_64',
	'libxslt-devel.x86_64',
	'uuid',
	'uuid-devel',
	'patchutils',
	'patch',
	'e2fsprogs-devel',
	'e2fsprogs',
	'libcom_err-devel',
	]:
	}

	}

	class tw_defaults::yum_repos {

	file { '/etc/pki/rpm-gpg/IUS-COMMUNITY-GPG-KEY':
	source => 'puppet:///modules/tw_defaults/yum/keys/IUS-COMMUNITY-GPG-KEY',
	}

	file { '/etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag':
	source => 'puppet:///modules/tw_defaults/yum/keys/RPM-GPG-KEY-rpmforge-dag',
	}

	# Repos
	yumrepo { 'ius':
	gpgcheck => '1',
	gpgkey => 'file:///etc/pki/rpm-gpg/IUS-COMMUNITY-GPG-KEY',
	descr => 'IUS Community Packages for Enterprise Linux 6 - $basearch',
	mirrorlist => 'http://dmirr.iuscommunity.org/mirrorlist/?repo=ius-el6&arch=$basearch',
	enabled => '1',
	require => File [ '/etc/pki/rpm-gpg/IUS-COMMUNITY-GPG-KEY' ],
	}

	yumrepo { 'rpmforge':
	gpgcheck => '1',
	gpgkey => 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag',
	descr => 'RHEL $releasever - RPMforge.net - dag',
	mirrorlist => 'http://apt.sw.be/redhat/el6/en/mirrors-rpmforge',
	enabled => '1',
	require => File [ '/etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag' ],
	}

	}


	class tw_defaults::sysctl {

	class { 'sf_sysctl':
	use_defaults => false,
	}

	sf_sysctl::config::set { 'net.core.rmem_max':
	value => '8388608',
	}
	sf_sysctl::config::set { 'net.ipv4.tcp_rmem':
	value => '4096 1048576 8388608',
	}
	sf_sysctl::config::set { 'net.core.wmem_max':
	value => '8388608',
	}
	sf_sysctl::config::set { 'net.ipv4.tcp_wmem':
	value => '4096 1048576 8388608',
	}
	sf_sysctl::config::set { 'net.ipv4.tcp_mem':
	value => '8388608 8388608 8388608',
	}
	sf_sysctl::config::set { 'net.core.optmem_max':
	value => '40960',
	}
	sf_sysctl::config::set { 'net.ipv4.tcp_max_tw_buckets':
	comment => 'tcp-time-wait buckets pool size from 180000 to 360000',
	value => '360000',
	}
	### This appears to be an unknown key in sysctl on CentOS
	# sf_sysctl::config::set { 'net.core.hot_list_length':
	# comment => 'Increase the maximum number of skb-heads to be cached from 128',
	# value => '256',
	# }
	sf_sysctl::config::set { 'net.core.netdev_max_backlog':
	comment => 'increase from 300 to 1024',
	value => '1024',
	}
	sf_sysctl::config::set { 'net.ipv4.tcp_reordering':
	comment => 'increase TCP Re-Ordering value in kernel from 3 to 5',
	value => '5',
	}
	sf_sysctl::config::set { 'net.ipv4.icmp_echo_ignore_broadcasts':
	comment => 'change from 0 to 1 to Enable ignoring broadcasts request',
	value => '1',
	}
	sf_sysctl::config::set { 'net.ipv4.tcp_syncookies':
	comment => 'change from 0 to 1 to enable syn cookies protection',
	value => '1',
	}
	sf_sysctl::config::set { 'net.ipv4.tcp_timestamps':
	comment => 'turn on TCP time stamps',
	value => '1',
	}
	sf_sysctl::config::set { 'net.ipv4.tcp_sack':
	comment => 'change from 0 to 1 (fack was enabled already)',
	value => '1',
	}
	sf_sysctl::config::set { 'net.ipv4.tcp_window_scaling':
	comment => 'change from 0 to 1 for TCP window scaling',
	value => '1',
	}
	sf_sysctl::config::set { 'net.ipv4.tcp_keepalive_time':
	comment => 'decrease from 1400 to 1200 for tcp_keepalive_time connection',
	value => '1200',
	}
	sf_sysctl::config::set { 'net.ipv4.tcp_fin_timeout':
	comment => 'decrease from 1400 to 25',
	value => '25',
	}
	sf_sysctl::config::set { 'net.ipv4.conf.default.log_martians':
	comment => 'change from 0 to 1 to Log Spoofed Packets, Source Routed Packets, Redirect Packets',
	value => '1'
	}
	sf_sysctl::config::set { 'net.ipv4.conf.all.log_martians':
	comment => 'change from 0 to 1 to Log Spoofed Packets, Source Routed Packets, Redirect Packets',
	value => '1',
	}
	sf_sysctl::config::set { 'net.ipv4.conf.default.accept_redirects':
	comment => 'disable ICMP redirects',
	value => '0',
	}
	### This appears to be an unknown key in sysctl on CentOS
	# sf_sysctl::config::set { 'net.ipv4.conf.all.accept_redirect':
	# comment => 'disable ICMP redirects',
	# value => '0',
	# }
	sf_sysctl::config::set { 'net.ipv4.conf.default.accept_source_route':
	value => '0',
	}
	sf_sysctl::config::set { 'net.ipv4.conf.all.accept_source_route':
	value => '0',
	}
	sf_sysctl::config::set { 'net.ipv4.conf.all.rp_filter':
	comment => 'enable source route verification',
	value => '1',
	}
	sf_sysctl::config::set { 'net.ipv4.conf.default.rp_filter':
	comment => 'enable source route verification',
	value => '1',
	}

	}