hardware: do not fail if node[:hardware][:pci] is undefined (tests)

[chef.git] / cookbooks / hardware / recipes / default.rb

diff --git a/cookbooks/hardware/recipes/default.rb b/cookbooks/hardware/recipes/default.rb
index 119176cd6327597a9e6a2aca7e43bae9cde737f2..4e676f3879712720e3ac7211c2e47ae6dd187b59 100644 (file)
--- a/cookbooks/hardware/recipes/default.rb
+++ b/cookbooks/hardware/recipes/default.rb
@@ -28,11 +28,17 @@ ohai_plugin "hardware" do
   template "ohai.rb.erb"
 end
 
-case node[:cpu][:"0"][:vendor_id]
-when "GenuineIntel"
-  package "intel-microcode"
-when "AuthenticAMD"
-  package "amd64-microcode"
+if platform?("debian")
+  package "firmware-linux"
+end
+
+if node[:cpu] && node[:cpu][:"0"] && node[:cpu][:"0"][:vendor_id]
+  case node[:cpu][:"0"][:vendor_id]
+  when "GenuineIntel"
+    package "intel-microcode"
+  when "AuthenticAMD"
+    package "amd64-microcode"
+  end
 end
 
 if node[:dmi] && node[:dmi][:system]
@@ -204,9 +210,24 @@ template "/etc/initramfs-tools/conf.d/mdadm" do
   notifies :run, "execute[update-initramfs]"
 end
 
-package "haveged"
-service "haveged" do
-  action [:enable, :start]
+# haveged is only required on older kernels
+# /dev/random is not blocking anymore in 5.15+
+if Chef::Util.compare_versions(node[:kernel][:release], [5, 15]).negative?
+  package "haveged"
+  service "haveged" do
+    action [:enable, :start]
+  end
+else
+  service "haveged" do
+    action [:stop, :disable]
+  end
+  package "haveged" do
+    action :remove
+  end
+end
+
+watchdog_module = %w[hpwdt sp5100_tco].find do |module_name|
+  node[:hardware][:pci]&.any? { |_, pci| pci[:modules]&.any?(module_name) }
 end
 
 if node[:kernel][:modules].include?("ipmi_si")
@@ -229,6 +250,8 @@ if node[:kernel][:modules].include?("ipmi_si")
     options "--config.file=/etc/prometheus/ipmi_local.yml"
     subscribes :restart, "template[/etc/prometheus/ipmi_local.yml]"
   end
+
+  watchdog_module ||= "ipmi_watchdog"
 end
 
 package "irqbalance"
@@ -592,19 +615,30 @@ node[:hardware][:blacklisted_modules].each do |module_name|
   end
 end
 
-if node[:hardware][:watchdog]
-  package "watchdog"
+if watchdog_module
+  kernel_module watchdog_module do
+    action :install
+  end
+
+  execute "systemctl-reload" do
+    action :nothing
+    command "systemctl daemon-reload"
+    user "root"
+    group "root"
+  end
 
-  template "/etc/default/watchdog" do
-    source "watchdog.erb"
+  directory "/etc/systemd/system.conf.d" do
     owner "root"
     group "root"
-    mode "644"
-    variables :module => node[:hardware][:watchdog]
+    mode "755"
   end
 
-  service "watchdog" do
-    action [:enable, :start]
+  template "/etc/systemd/system.conf.d/watchdog.conf" do
+    source "watchdog.conf.erb"
+    owner "root"
+    group "root"
+    mode "644"
+    notifies :run, "execute[systemctl-reload]"
   end
 end