diff options
author | Micah Anderson <micah@riseup.net> | 2016-11-04 10:54:28 -0400 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2016-11-04 10:54:28 -0400 |
commit | 34a381efa8f6295080c843f86bfa07d4e41056af (patch) | |
tree | 9282cf5d4c876688602705a7fa0002bc4a810bde /puppet/modules/site_config/manifests | |
parent | 0a72bc6fd292bf9367b314fcb0347c4d35042f16 (diff) | |
parent | 5821964ff7e16ca7aa9141bd09a77d355db492a9 (diff) |
Merge branch 'develop'
Diffstat (limited to 'puppet/modules/site_config/manifests')
5 files changed, 95 insertions, 9 deletions
diff --git a/puppet/modules/site_config/manifests/caching_resolver.pp b/puppet/modules/site_config/manifests/caching_resolver.pp index 8bf465c1..4da13d9c 100644 --- a/puppet/modules/site_config/manifests/caching_resolver.pp +++ b/puppet/modules/site_config/manifests/caching_resolver.pp @@ -1,20 +1,33 @@ # deploy local caching resolver class site_config::caching_resolver { tag 'leap_base' + $domain = hiera('domain') + $internal_domain = $domain['internal_suffix'] + + # We need to make sure Package['bind9'] isn't installed because when it is, it + # keeps unbound from running. Some base debian installs will install bind9, + # and then start it, so unbound will never get properly started. So this will + # make sure bind9 is removed before. + package { 'bind9': + ensure => purged + } class { 'unbound': root_hints => false, anchor => false, ssl => false, + require => Package['bind9'], settings => { server => { - verbosity => '1', - interface => [ '127.0.0.1', '::1' ], - port => '53', - hide-identity => 'yes', - hide-version => 'yes', - harden-glue => 'yes', - access-control => [ '127.0.0.0/8 allow', '::1 allow' ] + verbosity => '1', + interface => [ '127.0.0.1', '::1' ], + port => '53', + hide-identity => 'yes', + hide-version => 'yes', + harden-glue => 'yes', + access-control => [ '127.0.0.0/8 allow', '::1 allow' ], + module-config => '"validator iterator"', + domain-insecure => $internal_domain } } } diff --git a/puppet/modules/site_config/manifests/remove/bigcouch.pp b/puppet/modules/site_config/manifests/remove/bigcouch.pp index 3535c3c1..9fd3e7ee 100644 --- a/puppet/modules/site_config/manifests/remove/bigcouch.pp +++ b/puppet/modules/site_config/manifests/remove/bigcouch.pp @@ -10,6 +10,33 @@ class site_config::remove::bigcouch { ] } + tidy { + '/etc/logrotate/bigcouch':; + '/srv/leap/nagios/plugins/check_unix_open_fds.pl':; + } + + augeas { + 'Couchdb_open_files': + incl => '/etc/check_mk/mrpe.cfg', + lens => 'Spacevars.lns', + changes => [ + 'rm /files/etc/check_mk/mrpe.cfg/Couchdb_open_files', + 'rm /files/etc/check_mk/mrpe.cfg/Bigcouch_epmd_procs', + 'rm /files/etc/check_mk/mrpe.cfg/Bigcouch_beam_procs', + 'rm /files/etc/check_mk/mrpe.cfg/Bigcouch_open_files' ], + require => File['/etc/check_mk/mrpe.cfg']; + } + + # check syslog msg from: + # - empd + # - /usr/local/bin/couch-doc-update + concat::fragment { 'syslog_bigcouch': + ensure => absent, + source => 'puppet:///modules/site_check_mk/agent/logwatch/syslog/bigcouch.cfg', + target => '/etc/check_mk/logwatch.d/syslog.cfg', + order => '02'; + } + exec { 'remove_bigcouch_logwatch_stateline': command => "sed -i '/bigcouch.log/d' /etc/check_mk/logwatch.state", refreshonly => true, diff --git a/puppet/modules/site_config/manifests/remove/files.pp b/puppet/modules/site_config/manifests/remove/files.pp index 41d6462e..ac2350a0 100644 --- a/puppet/modules/site_config/manifests/remove/files.pp +++ b/puppet/modules/site_config/manifests/remove/files.pp @@ -11,7 +11,35 @@ class site_config::remove::files { + # + # Platform 0.9 removals + # + + tidy { + # moved to /srv/static/public/provider.json + # for permissions reasons. + '/srv/leap/provider.json':; + + # tests are moved to /srv/leap/tests/server-tests + # by rsync is not able to clean up the old location, + # so, we do it here: + '/srv/leap/tests/order.rb':; + '/srv/leap/tests/README.md':; + '/srv/leap/tests/helpers': + recurse => true, + rmdirs => true; + '/srv/leap/tests/puppet': + recurse => true, + rmdirs => true; + '/srv/leap/tests/white-box': + recurse => true, + rmdirs => true; + } + + # # Platform 0.8 removals + # + tidy { '/etc/default/leap_mx':; '/etc/logrotate.d/mx':; diff --git a/puppet/modules/site_config/manifests/remove/soledad.pp b/puppet/modules/site_config/manifests/remove/soledad.pp new file mode 100644 index 00000000..46c23f26 --- /dev/null +++ b/puppet/modules/site_config/manifests/remove/soledad.pp @@ -0,0 +1,12 @@ +# remove possible leftovers on soledad nodes +class site_config::remove::soledad { + + # remove soledad procs check because leap_cli already checks for them + augeas { 'Soledad_Procs': + incl => '/etc/check_mk/mrpe.cfg', + lens => 'Spacevars.lns', + changes => [ 'rm /files/etc/check_mk/mrpe.cfg/Soledad_Procs' ], + require => File['/etc/check_mk/mrpe.cfg']; + } + +} diff --git a/puppet/modules/site_config/manifests/x509/commercial/ca.pp b/puppet/modules/site_config/manifests/x509/commercial/ca.pp index c76a9dbb..21d57445 100644 --- a/puppet/modules/site_config/manifests/x509/commercial/ca.pp +++ b/puppet/modules/site_config/manifests/x509/commercial/ca.pp @@ -5,7 +5,13 @@ class site_config::x509::commercial::ca { $x509 = hiera('x509') $ca = $x509['commercial_ca_cert'] - x509::ca { $site_config::params::commercial_ca_name: - content => $ca + # + # CA cert might be empty, if it was bundled with 'commercial_cert' + # instead of specified separately. + # + if ($ca) { + x509::ca { $site_config::params::commercial_ca_name: + content => $ca + } } } |