Fix bug cron

modules/enableit/common/data/os/RedHat.yaml

@@ -160,11 +160,9 @@ common::user_management::authentication::pam::password_session_lines:
   - - 99
     - 'optional      pam_sss.so'
 
-common::system::services:
+common::system::disabled_services:
   'dnf-makecache.timer':
-    enable: 'mask'
   'dnf-automatic.timer':
-    enable: 'mask'
 
 common::monitor::prometheus::env_file_path: '/etc/sysconfig'
 common::monitor::exporter::security::enable: true

modules/enableit/common/manifests/backup/borg.pp

@@ -99,22 +99,26 @@
       authorized_keys => $authorized_keys,
     }
   } else {
-    ## services
-    common::services::systemd { 'obmondo-backup-borg@.service':
-      ensure  => false,
+    ## Define the Templated Borg Backup Service
+    $_borg_backup_content = @("EOT"/)
+      [Unit]
+      Description=Obmondo borg backup
+
+      [Service]
+      Type=oneshot
+      ExecStart=/bin/bash ${__dir}/repo_%i.sh run
+      ExecStartPost=/bin/bash ${__dir}/repo_%i.sh check_icinga
+      TimeoutSec=3600
+
+      [Install]
+      WantedBy=default.target
+      | EOT
+
+    systemd::unit_file { 'obmondo-backup-borg@.service':
+      ensure  => 'absent',
       enable  => false,
-      unit    => {
-        'Description' => 'Obmondo borg backup',
-      },
-      service => {
-        'Type'          => 'oneshot',
-        'ExecStart'     => "/bin/bash ${__dir}/repo_%i.sh run",
-        'ExecStartPost' => "/bin/bash ${__dir}/repo_%i.sh check_icinga",
-        'TimeoutSec'    => 3600,
-      },
-      install => {
-        'WantedBy' => 'default.target',
-      },
+      active  => false,
+      content => $_borg_backup_content,
     }
     $repos.each |$k, $v| {
       common::backup::borg::push { $k:

modules/enableit/common/manifests/backup/borg/push.pp

@@ -40,7 +40,7 @@
     env_vars       => {
       'BORG_RSH' => "ssh -i ${_ssh_key_file} -o BatchMode=yes",
     },
-    crontab_define => 'common::services::systemd',
+    crontab_define => 'systemd::unit_file',
     crontabs       => {
       "obmondo-backup-borg@${_reponame}.timer" => {
         ensure  => true, #lint:ignore:ensure_first_param

modules/enableit/common/manifests/backup/db/mysql.pp

@@ -74,38 +74,49 @@
         dump_dir             => $dump_dir,
       }),
     }
-    common::services::systemd { 'mysql-backup.timer':
-      ensure  => true,
-      enable  => true,
-      timer   => {
-        'OnCalendar' => systemd_make_timespec({
-          'year'   => '*',
-          'month'  => '*',
-          'day'    => '*',
-          'hour'   => $backup_hour,
-          'minute' => 0,
-          'second' => 0,
-        }),
-        'Unit'       => 'mysql-backup.service',
-      },
-      unit    => {
-        'Requires'  => 'mysql-backup.service',
-      },
-      install => {
-        'WantedBy' => 'timers.target',
-      },
+    # Define the MySQL Backup Service
+    $_mysql_service_content = @("EOT"/)
+      [Unit]
+      Description=MySQL Backup Service
+      Wants=mysql-backup.timer
+
+      [Service]
+      Type=oneshot
+      ExecStart=/bin/sh -c '/opt/obmondo/bin/mysqlbackup.sh'
+
+      [Install]
+      WantedBy=multi-user.target
+      | EOT
+
+    systemd::unit_file { 'mysql-backup.service':
+      ensure  => 'present',
+      content => $_mysql_service_content,
       require => File['/opt/obmondo/bin/mysqlbackup.sh'],
     }
-    common::services::systemd { 'mysql-backup.service':
+
+    # Define the MySQL Backup Timer
+    $_mysql_timer_content = @("EOT"/)
+      [Unit]
+      Description=Run MySQL Backup daily at ${backup_hour}:00
+      Requires=mysql-backup.service
+
+      [Timer]
+      OnCalendar=*-*-* ${backup_hour}:00:00
+      Unit=mysql-backup.service
+
+      [Install]
+      WantedBy=timers.target
+      | EOT
+
+    systemd::unit_file { 'mysql-backup.timer':
       ensure  => 'present',
-      unit    => {
-        'Wants'    => 'mysql-backup.timer',
-      },
-      service => {
-        'Type'      => 'oneshot',
-        'ExecStart' => "/bin/sh -c '/opt/obmondo/bin/mysqlbackup.sh'",
-      },
-      require => File['/opt/obmondo/bin/mysqlbackup.sh'],
+      enable  => true,
+      active  => true,
+      content => $_mysql_timer_content,
+      require => [
+        File['/opt/obmondo/bin/mysqlbackup.sh'],
+        Systemd::Unit_file['mysql-backup.service'],
+      ],
     }
   }
 }

modules/enableit/common/manifests/network/tcpshaker.pp

@@ -48,18 +48,27 @@
     noop   => $noop_value,
   }
 
-  common::services::systemd { 'tcpshaker.service':
-    ensure     => $enable,
-    enable     => $enable,
-    noop_value => $noop_value,
-    unit       => {
-      'Description' => 'TCP Shaker Daemon Mode',
-    },
-    service    => {
-      'Type'      => 'simple',
-      'ExecStart' => "/opt/obmondo/bin/tcp_shaker -d -f ${config_location} -n ${requests_per_check} -c ${concurrency}",
-    },
-    require    => [
+  # Define the TCP Shaker Service content
+  $_tcpshaker_content = @("EOT"/)
+    [Unit]
+    Description=TCP Shaker Daemon Mode
+
+    [Service]
+    Type=simple
+    ExecStart=/opt/obmondo/bin/tcp_shaker -d -f ${config_location} -n ${requests_per_check} -c ${concurrency}
+
+    [Install]
+    WantedBy=multi-user.target
+    | EOT
+
+  # Deploy the systemd unit file
+  systemd::unit_file { 'tcpshaker.service':
+    ensure  => $enable ? { true => 'present', default => 'absent' },
+    enable  => $enable,
+    active  => $enable,
+    content => $_tcpshaker_content,
+    noop    => $noop_value,
+    require => [
       Package[$package_name],
       File[$config_location],
     ],

modules/enableit/common/manifests/software.pp

@@ -71,10 +71,10 @@
   }
 
   if lookup('common::software::openvmtools::manage', Boolean, undef, false) {
-    include common::software::opemvmtools
+    include common::software::openvmtools
   }
 
   if lookup('common::software::nivisa::manage', Boolean, undef, false) {
-    include common::software::opemvmtools
+    include common::software::openvmtools
   }
 }

modules/enableit/common/manifests/system/updates.pp

@@ -61,8 +61,10 @@
       },
     ]): ensure => 'absent', }
 
-    common::services::systemd { 'yum-system-upgrade.service':
-      ensure => 'absent',
+    # Ensure the service is stopped and disabled
+    service { 'yum-system-upgrade.service':
+      ensure => 'stopped',
+      enable => false,
     }
 
     package { 'obmondo-system-update':

modules/enableit/common/manifests/user_management/authentication/sssd.pp

@@ -31,6 +31,7 @@
     'pam',
     'ssh',
     'sudo',
+    'pac',
   ],
   Array[Eit_types::Sssd::Service]             $_available_services   = undef,
   Boolean                                     $enable                = false,

modules/enableit/lxd/manifests/init.pp

@@ -135,25 +135,40 @@
   # Make lxd-containers depend on the required filesystems, if any. Filesystems
   # refer to devices instantiated with our own services. These are named
   # `disk@%i.service`.
-  $_service_units = $requires_filesystems.reduce([]) |$acc, $name| {
+  # Generate the list of systemd service names for the dependencies
+  $_dep_list = $requires_filesystems.map |$name| {
     $filesystem = $_filesystems[$name]
-
-    unless $filesystem {
-      fail("Required filesystem '${name}' is not defined.")
-    }
-
-    $_service = "${filesystem['type']}-mount-${name}.service"
-
-    $acc + [
-      {'After' => $_service},
-      {'BindsTo' => $_service},
-    ]
+    if !$filesystem { fail("Required filesystem '${name}' is not defined.") }
+    "${filesystem['type']}-mount-${name}.service"
   }
 
-  common::services::systemd { 'lxd-containers.service':
-    override => true,
-    unit     => flatten($_service_units),
+  # Join them into space-separated strings for the systemd unit file
+  $_after_deps    = join($_dep_list, ' ')
+  $_bindsto_deps  = join($_dep_list, ' ')
+
+  # Define the full service content
+  $_service_content = @("EOT"/)
+    # THIS FILE IS MANAGED BY LINUXAID. CHANGES WILL BE LOST.
+    [Unit]
+    Description=LXD - Container Management Service
+    After=network.target syslog.target ${_after_deps}
+    BindsTo=${_bindsto_deps}
+
+    [Service]
+    Type=simple
+    ExecStart=/usr/bin/lxd --group lxd --debug
+    Restart=on-failure
+    KillMode=process
+
+    [Install]
+    WantedBy=multi-user.target
+    | EOT
+
+  # Use systemd::unit_file to manage the service
+  systemd::unit_file { 'lxd-containers.service':
+    ensure  => 'present',
+    enable  => true,
+    active  => true,
+    content => $_service_content,
   }
-
-
 }

modules/enableit/monitor/manifests/system/service/sssd/auth.pp

@@ -27,7 +27,7 @@
 TEST_USERS=(${test_users.join(' ')})\n",
     noop    => $noop_value,
   }
-  profile::cron::job { 'test sssd user lookup':
+  profile::system::cron::job { 'test sssd user lookup':
     enable     => $_enable,
     minute     => '*/10',
     user       => 'obmondo-admin',

modules/enableit/profile/REFERENCE.md

@@ -19,7 +19,7 @@
 * [`profile::computing::slurm::slurmctld`](#profile--computing--slurm--slurmctld): Slurm slurm::slurmctld
 * [`profile::computing::slurm::slurmd`](#profile--computing--slurm--slurmd): Slurm slurm::slurmd
 * [`profile::computing::slurm::slurmdbd`](#profile--computing--slurm--slurmdbd): Slurm slurm::slurmctld
-* [`profile::cron`](#profile--cron): cron
+* [`profile::system::cron`](#profile--cron): cron
 * [`profile::db::cassandra`](#profile--db--cassandra): Profile for managing Cassandra database
 * [`profile::db::elasticsearch`](#profile--db--elasticsearch): Elasticsearch profile  Puppet module does not support 8.x and Zscaler needs 8.x only  Cert Setup NOTE: The cert are automatically setup when
 * [`profile::db::elasticsearch::cerebro`](#profile--db--elasticsearch--cerebro): Cerebro
@@ -152,7 +152,7 @@
 * [`profile::certs::ca_cert`](#profile--certs--ca_cert): CA Cert
 * [`profile::certs::letsencrypt::domain`](#profile--certs--letsencrypt--domain): Certificates NOTE: only haproxy role support letsencrypt for now blackbox will scrape the domains if its given in the role::web::haproxy
 * [`profile::certs::manual`](#profile--certs--manual): Manual certificate TODO: lets not accept expired cert from users. need to update the underlying module openssl::cert_date_valid($_cert_file)
-* [`profile::cron::job`](#profile--cron--job): Wrapper that escapes cron command for easy use
+* [`profile::system::cron::job`](#profile--cron--job): Wrapper that escapes cron command for easy use
 * [`profile::storage::mount`](#profile--storage--mount): regular mount
 * [`profile::storage::nfs::server::export`](#profile--storage--nfs--server--export): nfs export
 * [`profile::system::selinux::fcontext`](#profile--system--selinux--fcontext)
@@ -1084,13 +1084,13 @@ Data type: `String`
 
 Default value: `'127.0.0.1'`
 
-### <a name="profile--cron"></a>`profile::cron`
+### <a name="profile--cron"></a>`profile::system::cron`
 
 cron
 
 #### Parameters
 
-The following parameters are available in the `profile::cron` class:
+The following parameters are available in the `profile::system::cron` class:
 
 * [`purge_unmanaged`](#-profile--cron--purge_unmanaged)
 * [`jobs`](#-profile--cron--jobs)
@@ -10476,13 +10476,13 @@ Data type: `Optional[Array[Stdlib::Port]]`
 
 Default value: `undef`
 
-### <a name="profile--cron--job"></a>`profile::cron::job`
+### <a name="profile--cron--job"></a>`profile::system::cron::job`
 
 Wrapper that escapes cron command for easy use
 
 #### Parameters
 
-The following parameters are available in the `profile::cron::job` defined type:
+The following parameters are available in the `profile::system::cron::job` defined type:
 
 * [`command`](#-profile--cron--job--command)
 * [`enable`](#-profile--cron--job--enable)
@@ -10543,15 +10543,15 @@ Default value: `'*'`
 
 ##### <a name="-profile--cron--job--hour"></a>`hour`
 
-Data type: `Profile::Cron::Hour`
+Data type: `Profile::System::Cron::Hour`
 
 
 
 Default value: `'*'`
 
 ##### <a name="-profile--cron--job--minute"></a>`minute`
 
-Data type: `Profile::Cron::Minute`
+Data type: `Profile::System::Cron::Minute`
 
 
 

modules/enableit/profile/manifests/collector/splunk/forwarder.pp

@@ -83,10 +83,11 @@
   } else {
 
     if $facts['init_system'] == 'systemd' {
-      common::services::systemd { 'SplunkForwarder.service':
-        ensure     => 'absent',
-        enable     => false,
-        noop_value => $noop_value,
+      # Ensure the SplunkForwarder service is stopped and disabled
+      service { 'SplunkForwarder.service':
+        ensure => 'stopped',
+        enable => false,
+        noop   => $noop_value,
       }
     }