diff options
| author | varac <varacanero@zeromail.org> | 2016-06-17 09:23:47 +0200 |
|---|---|---|
| committer | varac <varacanero@zeromail.org> | 2016-06-17 09:23:47 +0200 |
| commit | c97e6bc17aceee86b561a15c6055c582e6401d8c (patch) | |
| tree | 3f9557b05e915023b22d8205fa77a09b105bc8d2 /puppet/modules | |
| parent | cb96aa6eaf9dfd0c018d9f0397134c80e6c57b3c (diff) | |
| parent | 7becc465d726a1dbc1733db5c02c343cdac53d15 (diff) | |
Merge tag '0.8.1'
Tagging 0.8.1
Diffstat (limited to 'puppet/modules')
| -rw-r--r-- | puppet/modules/clamav/templates/clamav-milter.conf.erb | 1 | ||||
| -rw-r--r-- | puppet/modules/site_apache/files/conf.d/security | 4 | ||||
| -rw-r--r-- | puppet/modules/site_check_mk/templates/use_ssh.mk | 2 | ||||
| -rw-r--r-- | puppet/modules/site_config/manifests/default.pp | 3 | ||||
| -rw-r--r-- | puppet/modules/site_postfix/manifests/mx.pp | 6 | ||||
| -rw-r--r-- | puppet/modules/site_static/manifests/location.pp | 13 | ||||
| -rw-r--r-- | puppet/modules/site_stunnel/manifests/client.pp | 5 | ||||
| -rw-r--r-- | puppet/modules/site_stunnel/manifests/servers.pp | 5 | ||||
| -rw-r--r-- | puppet/modules/soledad/manifests/server.pp | 1 | ||||
| m--------- | puppet/modules/stunnel | 0 |
10 files changed, 30 insertions, 10 deletions
diff --git a/puppet/modules/clamav/templates/clamav-milter.conf.erb b/puppet/modules/clamav/templates/clamav-milter.conf.erb index 9bf7099e..50b4c620 100644 --- a/puppet/modules/clamav/templates/clamav-milter.conf.erb +++ b/puppet/modules/clamav/templates/clamav-milter.conf.erb @@ -4,7 +4,6 @@ FixStaleSocket true User clamav MilterSocketGroup clamav MilterSocketMode 666 -AllowSupplementaryGroups true ReadTimeout 120 Foreground false PidFile /var/run/clamav/clamav-milter.pid diff --git a/puppet/modules/site_apache/files/conf.d/security b/puppet/modules/site_apache/files/conf.d/security index a5ae5bdc..fdcf6270 100644 --- a/puppet/modules/site_apache/files/conf.d/security +++ b/puppet/modules/site_apache/files/conf.d/security @@ -45,8 +45,8 @@ ServerSignature Off # # Set to one of: On | Off | extended # -#TraceEnable Off -TraceEnable On +TraceEnable Off +#TraceEnable On # Setting this header will prevent other sites from embedding pages from this # site as frames. This defends against clickjacking attacks. diff --git a/puppet/modules/site_check_mk/templates/use_ssh.mk b/puppet/modules/site_check_mk/templates/use_ssh.mk index 55269536..25f951e0 100644 --- a/puppet/modules/site_check_mk/templates/use_ssh.mk +++ b/puppet/modules/site_check_mk/templates/use_ssh.mk @@ -1,6 +1,6 @@ # http://mathias-kettner.de/checkmk_datasource_programs.html datasource_programs = [ <% @nagios_hosts.sort.each do |name,config| %> - ( "ssh -l root -i /etc/check_mk/.ssh/id_rsa -p <%=config['ssh_port']%> <%=config['domain_internal']%> check_mk_agent", [ "<%=config['domain_internal']%>" ], ),<%- end -%> + ( "ssh -o ConnectTimeout=5 -l root -i /etc/check_mk/.ssh/id_rsa -p <%=config['ssh_port']%> <%=config['domain_internal']%> check_mk_agent", [ "<%=config['domain_internal']%>" ], ),<%- end -%> ] diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp index 256de1a1..9bc8c30d 100644 --- a/puppet/modules/site_config/manifests/default.pp +++ b/puppet/modules/site_config/manifests/default.pp @@ -7,8 +7,9 @@ class site_config::default { include site_config::params include site_config::setup - # default class, used by all hosts + service { 'puppet': ensure => stopped } + # default class, used by all hosts include lsb, git # configure sysctl parameters diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index c269946b..0b760eb4 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -69,10 +69,10 @@ class site_postfix::mx { value => '$alias_maps'; # setup clamav and opendkim on smtpd 'smtpd_milters': - value => 'unix:/run/clamav/milter.ctl,inet:localhost:8891'; + value => 'unix:/run/clamav/milter.ctl,unix:/run/opendkim/opendkim.sock'; # setup opendkim for smtp (non-smtpd) outgoing mail 'non_smtpd_milters': - value => 'inet:localhost:8891'; + value => 'unix:/run/opendkim/opendkim.sock'; 'milter_default_action': value => 'accept'; # Make sure that the right values are set, these could be set to different @@ -96,7 +96,7 @@ class site_postfix::mx { # access the opendkim milter socket (#8020) exec { 'unset_cleanup_chroot': command => '/usr/sbin/postconf -F "cleanup/unix/chroot=n"', - onlyif => '/usr/sbin/postconf -h -F "cleanup/unix/chroot" | egrep -q ^n', + onlyif => '/usr/sbin/postconf -h -F "cleanup/unix/chroot" | egrep -qv ^n', notify => Service['postfix'], require => File['/etc/postfix/master.cf'] } diff --git a/puppet/modules/site_static/manifests/location.pp b/puppet/modules/site_static/manifests/location.pp index d116de2f..ab2b7494 100644 --- a/puppet/modules/site_static/manifests/location.pp +++ b/puppet/modules/site_static/manifests/location.pp @@ -23,6 +23,19 @@ define site_static::location($path, $format, $source) { } } + if ($format == 'rack') { + # Run bundler if there is a Gemfile + exec { 'bundler_update': + cwd => $file_path, + command => '/bin/bash -c "/usr/bin/bundle check --path vendor/bundle || /usr/bin/bundle install --path vendor/bundle --without test development debug"', + unless => '/usr/bin/bundle check --path vendor/bundle', + onlyif => 'test -f Gemfile', + user => 'www-data', + timeout => 600, + require => [Class['bundler::install'], Class['site_config::ruby::dev']]; + } + } + vcsrepo { $file_path: ensure => present, force => true, diff --git a/puppet/modules/site_stunnel/manifests/client.pp b/puppet/modules/site_stunnel/manifests/client.pp index c9e034f1..7c431c50 100644 --- a/puppet/modules/site_stunnel/manifests/client.pp +++ b/puppet/modules/site_stunnel/manifests/client.pp @@ -39,7 +39,10 @@ define site_stunnel::client ( debuglevel => $debuglevel, sslversion => 'TLSv1', syslog => 'no', - output => $logfile; + output => $logfile, + require => [ Class['Site_config::X509::Key'], + Class['Site_config::X509::Cert'], + Class['Site_config::X509::Ca'] ]; } # define the log files so that we can purge the diff --git a/puppet/modules/site_stunnel/manifests/servers.pp b/puppet/modules/site_stunnel/manifests/servers.pp index e76d1e9d..37aaf5a6 100644 --- a/puppet/modules/site_stunnel/manifests/servers.pp +++ b/puppet/modules/site_stunnel/manifests/servers.pp @@ -39,7 +39,10 @@ define site_stunnel::servers ( debuglevel => $debuglevel, sslversion => 'TLSv1', syslog => 'no', - output => $logfile; + output => $logfile, + require => [ Class['Site_config::X509::Key'], + Class['Site_config::X509::Cert'], + Class['Site_config::X509::Ca'] ]; } # allow incoming connections on $accept_port diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp index 8674f421..6cf806d0 100644 --- a/puppet/modules/soledad/manifests/server.pp +++ b/puppet/modules/soledad/manifests/server.pp @@ -17,6 +17,7 @@ class soledad::server { $sources = hiera('sources') + include x509::variables include site_config::x509::cert include site_config::x509::key include site_config::x509::ca diff --git a/puppet/modules/stunnel b/puppet/modules/stunnel -Subproject 79e874c1a86ad5c48c4e726a5d4c68bd879ce45 +Subproject 523612fb6daff51837423619f5014e62dc83555 |