From: Tom Hughes Date: Sat, 19 Jan 2019 16:31:32 +0000 (+0000) Subject: Drop support for older Ubuntu versions X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/bfd0f6bf2cc877667f039f2fc4a1e34e1dd7cd39 Drop support for older Ubuntu versions --- diff --git a/cookbooks/apache/recipes/default.rb b/cookbooks/apache/recipes/default.rb index bc0410fd3..3d83e2ebf 100644 --- a/cookbooks/apache/recipes/default.rb +++ b/cookbooks/apache/recipes/default.rb @@ -36,9 +36,7 @@ apache_module "mpm_#{node[:apache][:mpm]}" do action [:enable] end -if node[:lsb][:release].to_f >= 18.04 - apache_module "http2" -end +apache_module "http2" admins = data_bag_item("apache", "admins") diff --git a/cookbooks/apache/templates/default/httpd.conf.erb b/cookbooks/apache/templates/default/httpd.conf.erb index ded019d93..81c8f6e9f 100644 --- a/cookbooks/apache/templates/default/httpd.conf.erb +++ b/cookbooks/apache/templates/default/httpd.conf.erb @@ -1,10 +1,8 @@ # DO NOT EDIT - This file is being maintained by Chef -<% if node[:lsb][:release].to_f >= 18.04 -%> # Enable HTTP/2 over TLS Protocols h2 http/1.1 -<% end -%> # Set the number of seconds before receives and sends time out Timeout <%= node[:apache][:timeout] %> diff --git a/cookbooks/apache/templates/default/ssl.erb b/cookbooks/apache/templates/default/ssl.erb index 9f20fb632..80735c9cb 100644 --- a/cookbooks/apache/templates/default/ssl.erb +++ b/cookbooks/apache/templates/default/ssl.erb @@ -4,10 +4,6 @@ SSLProtocol All -SSLv2 -SSLv3 SSLHonorCipherOrder On SSLCipherSuite <%= node[:ssl][:openssl_ciphers] %> -<% if node[:lsb][:release].to_f < 16.04 -%> - -SSLCertificateChainFile /etc/ssl/certs/letsencrypt.pem -<% end -%> SSLUseStapling On SSLStaplingResponderTimeout 5 diff --git a/cookbooks/apt/recipes/default.rb b/cookbooks/apt/recipes/default.rb index 15cf58f9a..9f242140a 100644 --- a/cookbooks/apt/recipes/default.rb +++ b/cookbooks/apt/recipes/default.rb @@ -23,10 +23,6 @@ package %w[ update-notifier-common ] -if node[:lsb][:release].to_f < 18.04 - package "gnupg-curl" -end - file "/etc/motd.tail" do action :delete end @@ -87,11 +83,7 @@ end apt_repository "management-component-pack" do action repository_actions["management-component-pack"] uri "https://downloads.linux.hpe.com/SDR/repo/mcp" - if node[:lsb][:release].to_f >= 16.04 - distribution "xenial/current" - else - distribution "#{node[:lsb][:codename]}/current" - end + distribution "#{node[:lsb][:codename]}/current" components ["non-free"] key "C208ADDE26C2B797" end diff --git a/cookbooks/chef/recipes/default.rb b/cookbooks/chef/recipes/default.rb index 32c8a7dc6..ccbc49c6c 100644 --- a/cookbooks/chef/recipes/default.rb +++ b/cookbooks/chef/recipes/default.rb @@ -107,27 +107,16 @@ directory "/var/log/chef" do mode 0o755 end -if node[:lsb][:release].to_f >= 15.10 - systemd_service "chef-client" do - description "Chef client" - after "network.target" - exec_start "/usr/bin/chef-client -i 1800 -s 20" - restart "on-failure" - end -else - template "/etc/init/chef-client.conf" do - source "chef-client.conf.erb" - owner "root" - group "root" - mode 0o644 - end +systemd_service "chef-client" do + description "Chef client" + after "network.target" + exec_start "/usr/bin/chef-client -i 1800 -s 20" + restart "on-failure" end service "chef-client" do action [:enable, :start] - if node[:lsb][:release].to_f >= 15.10 - restart_command "systemctl kill --signal=TERM chef-client.service" - end + restart_command "systemctl kill --signal=TERM chef-client.service" supports :status => true, :restart => true, :reload => true subscribes :restart, "dpkg_package[chef]" subscribes :restart, "template[/etc/init/chef-client.conf]" diff --git a/cookbooks/chef/templates/default/logrotate.erb b/cookbooks/chef/templates/default/logrotate.erb index 21d0eb6aa..ecaf25219 100644 --- a/cookbooks/chef/templates/default/logrotate.erb +++ b/cookbooks/chef/templates/default/logrotate.erb @@ -5,10 +5,6 @@ weekly compress postrotate -<% if node[:lsb][:release].to_f >= 15.10 -%> systemctl try-restart chef-client.service -<% else -%> - restart chef-client > /dev/null -<% end -%> endscript } diff --git a/cookbooks/hardware/attributes/default.rb b/cookbooks/hardware/attributes/default.rb index 2527e1622..414983b84 100644 --- a/cookbooks/hardware/attributes/default.rb +++ b/cookbooks/hardware/attributes/default.rb @@ -1,14 +1,7 @@ -default[:hardware][:modules] = if node[:lsb][:release].to_f >= 16.04 - %w[lp] - else - %w[loop lp rtc] - end - +default[:hardware][:modules] = %w[lp] default[:hardware][:grub][:cmdline] = %w[nomodeset] default[:hardware][:sensors] = {} -default[:hardware][:mcelog][:enabled] = node[:lsb][:release].to_f < 18.04 - if node[:dmi] && node[:dmi][:system] case node[:dmi][:system][:manufacturer] when "HP" diff --git a/cookbooks/hardware/recipes/default.rb b/cookbooks/hardware/recipes/default.rb index 04425a9b0..739901cf0 100644 --- a/cookbooks/hardware/recipes/default.rb +++ b/cookbooks/hardware/recipes/default.rb @@ -94,29 +94,8 @@ when "IBM" end units.sort.uniq.each do |unit| - if node[:lsb][:release].to_f >= 16.04 - service "serial-getty@ttyS#{unit}" do - action [:enable, :start] - end - else - file "/etc/init/ttySttyS#{unit}.conf" do - action :delete - end - - template "/etc/init/ttyS#{unit}.conf" do - source "tty.conf.erb" - owner "root" - group "root" - mode 0o644 - variables :unit => unit - end - - service "ttyS#{unit}" do - provider Chef::Provider::Service::Upstart - action [:enable, :start] - supports :status => true, :restart => true, :reload => false - subscribes :restart, "template[/etc/init/ttyS#{unit}.conf]" - end + service "serial-getty@ttyS#{unit}" do + action [:enable, :start] end end @@ -198,24 +177,6 @@ service "lldpd" do supports :status => true, :restart => true, :reload => true end -if node[:hardware][:mcelog][:enabled] - package "mcelog" - - %w[bus cache dimm iomca page socket-memory unknown].each do |trigger| - template "/etc/mcelog/#{trigger}-error-trigger.local" do - source "mcelog-trigger.erb" - owner "root" - group "root" - mode 0o755 - end - end - - service "mcelog" do - action [:start, :enable] - supports :status => true, :restart => true, :reload => false - end -end - tools_packages = [] status_packages = {} @@ -384,12 +345,6 @@ disks = disks.map do |disk| ] end -smartd_service = if node[:lsb][:release].to_f >= 16.04 - "smartd" - else - "smartmontools" - end - disks = disks.compact if disks.count.positive? @@ -417,7 +372,7 @@ if disks.count.positive? mode 0o644 end - service smartd_service do + service "smartd" do action [:enable, :start] subscribes :reload, "template[/etc/smartd.conf]" subscribes :restart, "template[/etc/default/smartmontools]" @@ -437,7 +392,7 @@ if disks.count.positive? end end else - service smartd_service do + service "smartd" do action [:stop, :disable] end end diff --git a/cookbooks/networking/templates/default/shorewall-conntrack.erb b/cookbooks/networking/templates/default/shorewall-conntrack.erb index 050f88e0a..4d5e726d3 100644 --- a/cookbooks/networking/templates/default/shorewall-conntrack.erb +++ b/cookbooks/networking/templates/default/shorewall-conntrack.erb @@ -3,7 +3,5 @@ ?FORMAT 3 # ACTION SOURCE DEST PROTO DPORT SPORT USER SWITCH -<%- if node[:lsb][:release].to_f >= 16.04 %> NOTRACK:P lo - - - - - - NOTRACK:O - lo - - - - - -<%- end %> diff --git a/cookbooks/networking/templates/default/shorewall-rules.erb b/cookbooks/networking/templates/default/shorewall-rules.erb index 660eec130..c5101bed2 100644 --- a/cookbooks/networking/templates/default/shorewall-rules.erb +++ b/cookbooks/networking/templates/default/shorewall-rules.erb @@ -1,10 +1,6 @@ # DO NOT EDIT - This file is being maintained by Chef -<% if node[:lsb][:release].to_f >= 16.04 -%> ?SECTION NEW -<% else -%> -SECTION NEW -<% end -%> # ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH HELPER # PORTS PORTS DEST LIMIT GROUP diff --git a/cookbooks/networking/templates/default/shorewall.conf.erb b/cookbooks/networking/templates/default/shorewall.conf.erb index 03c7c6fff..8720866d2 100644 --- a/cookbooks/networking/templates/default/shorewall.conf.erb +++ b/cookbooks/networking/templates/default/shorewall.conf.erb @@ -104,20 +104,12 @@ TC= # D E F A U L T A C T I O N S / M A C R O S ############################################################################### -<%- if node[:lsb][:release].to_f <= 16.04 %> -ACCEPT_DEFAULT="none" -DROP_DEFAULT="Drop" -NFQUEUE_DEFAULT="none" -QUEUE_DEFAULT="none" -REJECT_DEFAULT="Reject" -<%- else %> ACCEPT_DEFAULT="none" BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)" NFQUEUE_DEFAULT="none" QUEUE_DEFAULT="none" REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)" -<%- end %> ############################################################################### # R S H / R C P C O M M A N D S @@ -144,11 +136,7 @@ AUTOCOMMENT=Yes AUTOHELPERS=Yes -<%- if node[:lsb][:release].to_f <= 16.04 %> -AUTOMAKE=No -<%- else %> AUTOMAKE=Yes -<%- end %> BALANCE_PROVIDERS=No @@ -211,10 +199,6 @@ MAPOLDACTIONS=No MARK_IN_FORWARD_CHAIN=No MINIUPNPD=No -<%- if node[:lsb][:release].to_f <= 16.04 %> - -MODULE_SUFFIX=ko -<%- end %> MULTICAST=No @@ -222,11 +206,7 @@ MUTEX_TIMEOUT=60 NULL_ROUTE_RFC1918=No -<%- if node[:lsb][:release].to_f <= 14.04 %> -OPTIMIZE=1 -<%- else %> OPTIMIZE=All -<%- end %> OPTIMIZE_ACCOUNTING=No @@ -261,10 +241,8 @@ TRACK_PROVIDERS=Yes TRACK_RULES=No USE_DEFAULT_RT=No -<%- if node[:lsb][:release].to_f >= 18.04 %> USE_NFLOG_SIZE=No -<%- end %> USE_PHYSICAL_NAMES=No diff --git a/cookbooks/networking/templates/default/shorewall6.conf.erb b/cookbooks/networking/templates/default/shorewall6.conf.erb index 275848a23..c6c1104c7 100644 --- a/cookbooks/networking/templates/default/shorewall6.conf.erb +++ b/cookbooks/networking/templates/default/shorewall6.conf.erb @@ -100,20 +100,12 @@ TC= # D E F A U L T A C T I O N S / M A C R O S ############################################################################### -<%- if node[:lsb][:release].to_f <= 16.04 %> -ACCEPT_DEFAULT="none" -DROP_DEFAULT="Drop" -NFQUEUE_DEFAULT="none" -QUEUE_DEFAULT="none" -REJECT_DEFAULT="Reject" -<%- else %> ACCEPT_DEFAULT="none" BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" DROP_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)" NFQUEUE_DEFAULT="none" QUEUE_DEFAULT="none" REJECT_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)" -<%- end %> ############################################################################### # R S H / R C P C O M M A N D S @@ -136,11 +128,7 @@ AUTOCOMMENT=Yes AUTOHELPERS=Yes -<%- if node[:lsb][:release].to_f <= 16.04 %> -AUTOMAKE=No -<%- else %> AUTOMAKE=Yes -<%- end %> BALANCE_PROVIDERS=No @@ -195,18 +183,10 @@ MANGLE_ENABLED=Yes MARK_IN_FORWARD_CHAIN=No MINIUPNPD=No -<%- if node[:lsb][:release].to_f <= 16.04 %> - -MODULE_SUFFIX=ko -<%- end %> MUTEX_TIMEOUT=60 -<%- if node[:lsb][:release].to_f <= 14.04 %> -OPTIMIZE=1 -<%- else %> OPTIMIZE=All -<%- end %> OPTIMIZE_ACCOUNTING=No @@ -235,10 +215,8 @@ TRACK_PROVIDERS=Yes TRACK_RULES=No USE_DEFAULT_RT=Yes -<%- if node[:lsb][:release].to_f >= 18.04 %> USE_NFLOG_SIZE=No -<%- end %> USE_PHYSICAL_NAMES=No diff --git a/cookbooks/ssl/attributes/default.rb b/cookbooks/ssl/attributes/default.rb index e990eed72..55c7ebee5 100644 --- a/cookbooks/ssl/attributes/default.rb +++ b/cookbooks/ssl/attributes/default.rb @@ -1,7 +1,3 @@ default[:ssl][:openssl_ciphers] = "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS" -default[:ssl][:gnutls_ciphers] = if node[:lsb][:release].to_f >= 18.04 - "NONE:+AEAD:+SHA256:+SHA1:+SHA384:+SHA512:+CURVE-X25519:+CURVE-SECP256R1:+CURVE-SECP384R1:+CURVE-SECP521R1:+SIGN-ALL:-SIGN-RSA-MD5:-SIGN-DSA-SHA1:-SIGN-DSA-SHA224:-SIGN-DSA-SHA256:-SIGN-DSA-SHA384:-SIGN-DSA-SHA512:+AES-256-GCM:+AES-256-CCM:+CHACHA20-POLY1305:+CAMELLIA-256-GCM:+AES-256-CBC:+CAMELLIA-256-CBC:+AES-128-GCM:+AES-128-CCM:+CAMELLIA-128-GCM:+AES-128-CBC:+CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-DTLS1.2:+VERS-DTLS1.0:+COMP-NULL:%PROFILE_LOW" - else - "NONE:+AEAD:+SHA256:+SHA1:+SHA384:+SHA512:+CURVE-SECP256R1:+CURVE-SECP384R1:+CURVE-SECP521R1:+SIGN-ALL:-SIGN-RSA-MD5:-SIGN-DSA-SHA1:-SIGN-DSA-SHA224:-SIGN-DSA-SHA256:+AES-256-GCM:+CAMELLIA-256-GCM:+AES-256-CBC:+CAMELLIA-256-CBC:+AES-128-GCM:+CAMELLIA-128-GCM:+AES-128-CBC:+CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-DTLS1.2:+VERS-DTLS1.0:+COMP-NULL" - end +default[:ssl][:gnutls_ciphers] = "NONE:+AEAD:+SHA256:+SHA1:+SHA384:+SHA512:+CURVE-X25519:+CURVE-SECP256R1:+CURVE-SECP384R1:+CURVE-SECP521R1:+SIGN-ALL:-SIGN-RSA-MD5:-SIGN-DSA-SHA1:-SIGN-DSA-SHA224:-SIGN-DSA-SHA256:-SIGN-DSA-SHA384:-SIGN-DSA-SHA512:+AES-256-GCM:+AES-256-CCM:+CHACHA20-POLY1305:+CAMELLIA-256-GCM:+AES-256-CBC:+CAMELLIA-256-CBC:+AES-128-GCM:+AES-128-CCM:+CAMELLIA-128-GCM:+AES-128-CBC:+CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-DTLS1.2:+VERS-DTLS1.0:+COMP-NULL:%PROFILE_LOW" default[:ssl][:strict_transport_security] = "max-age=31536000; includeSubDomains; preload" diff --git a/cookbooks/tools/recipes/default.rb b/cookbooks/tools/recipes/default.rb index a8afec012..a4dc20c30 100644 --- a/cookbooks/tools/recipes/default.rb +++ b/cookbooks/tools/recipes/default.rb @@ -37,10 +37,6 @@ package %w[ rsyslog ] -if node[:lsb][:release].to_f < 18.04 - package "sysv-rc-conf" -end - service "rsyslog" do action [:enable, :start] supports :status => true, :restart => true, :reload => true