summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xbin/debug.sh25
-rw-r--r--lib/leap_cli/commands/debug.rb15
-rw-r--r--lib/leap_cli/commands/vagrant.rb4
m---------puppet/modules/apt0
m---------puppet/modules/couchdb0
-rw-r--r--puppet/modules/site_config/manifests/files.pp7
-rw-r--r--puppet/modules/site_config/manifests/remove.pp7
-rw-r--r--puppet/modules/site_config/manifests/remove/jessie.pp9
-rw-r--r--puppet/modules/site_config/manifests/remove/tapicero.pp5
-rw-r--r--puppet/modules/site_config/manifests/resolvconf.pp2
-rw-r--r--puppet/modules/site_config/manifests/syslog.pp37
-rw-r--r--puppet/modules/site_openvpn/manifests/server_config.pp17
-rw-r--r--puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp2
-rwxr-xr-xvagrant/configure-leap.sh11
14 files changed, 114 insertions, 27 deletions
diff --git a/bin/debug.sh b/bin/debug.sh
new file mode 100755
index 00000000..2363644c
--- /dev/null
+++ b/bin/debug.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+# debug script to be run on remote servers
+# called from leap_cli with the 'leap debug' cmd
+
+regexp='(leap|pixelated|stunnel|couch|soledad|haproxy)'
+
+# query facts and filter out private stuff
+echo -e '\n\n'
+facter | egrep -iv '(^ssh|^uniqueid)'
+
+# query installed versions
+echo -e '\n\n'
+dpkg -l | egrep "$regexp"
+
+
+# query running procs
+echo -e '\n\n'
+ps aux|egrep "$regexp"
+
+echo -e '\n\n'
+echo -e "Last deploy:\n"
+tail -2 /var/log/leap/deploy-summary.log
+
+
+
diff --git a/lib/leap_cli/commands/debug.rb b/lib/leap_cli/commands/debug.rb
new file mode 100644
index 00000000..a969b752
--- /dev/null
+++ b/lib/leap_cli/commands/debug.rb
@@ -0,0 +1,15 @@
+module LeapCli; module Commands
+
+ desc 'Output debug information.'
+ long_desc 'The FILTER can be the name of a node, service, or tag.'
+ arg_name 'FILTER'
+ command [:debug, :d] do |c|
+ c.action do |global,options,args|
+ nodes = manager.filter!(args)
+ ssh_connect(nodes, connect_options(options)) do |ssh|
+ ssh.leap.debug
+ end
+ end
+ end
+
+end; end
diff --git a/lib/leap_cli/commands/vagrant.rb b/lib/leap_cli/commands/vagrant.rb
index 5168a3c0..9fdd48e3 100644
--- a/lib/leap_cli/commands/vagrant.rb
+++ b/lib/leap_cli/commands/vagrant.rb
@@ -151,10 +151,10 @@ module LeapCli; module Commands
lines << %[ config.vm.provider "virtualbox" do |v|]
lines << %[ v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]]
lines << %[ v.name = "#{node.name}"]
- lines << %[ v.memory = 1024]
+ lines << %[ v.memory = 1536]
lines << %[ end]
lines << %[ config.vm.provider "libvirt" do |v|]
- lines << %[ v.memory = 1024]
+ lines << %[ v.memory = 1536]
lines << %[ end]
lines << %[ #{leapfile.custom_vagrant_vm_line}] if leapfile.custom_vagrant_vm_line
lines << %[ end]
diff --git a/puppet/modules/apt b/puppet/modules/apt
-Subproject e12c5bfd6c9ff5d1dc5e14c227e8c15388ecb04
+Subproject d459567bf246eee85cd101c2e2f17f451e6230b
diff --git a/puppet/modules/couchdb b/puppet/modules/couchdb
-Subproject 84b1d857b0ea8a9987be0748dab9f6a3ddaba94
+Subproject b2dada713dd3486dec8eaf9bdcd1e223c9297f6
diff --git a/puppet/modules/site_config/manifests/files.pp b/puppet/modules/site_config/manifests/files.pp
index 684d3ad0..d2ef8a98 100644
--- a/puppet/modules/site_config/manifests/files.pp
+++ b/puppet/modules/site_config/manifests/files.pp
@@ -1,3 +1,4 @@
+# set up core leap files and directories
class site_config::files {
file {
@@ -7,15 +8,15 @@ class site_config::files {
group => 'root',
mode => '0711';
- '/var/lib/leap':
+ [ '/etc/leap', '/var/lib/leap']:
ensure => directory,
- owner => root,
+ owner => 'root',
group => 'root',
mode => '0755';
'/var/log/leap':
ensure => directory,
- owner => root,
+ owner => 'root',
group => 'adm',
mode => '0750';
}
diff --git a/puppet/modules/site_config/manifests/remove.pp b/puppet/modules/site_config/manifests/remove.pp
index b1ad1a2b..443df9c2 100644
--- a/puppet/modules/site_config/manifests/remove.pp
+++ b/puppet/modules/site_config/manifests/remove.pp
@@ -1,4 +1,11 @@
# remove leftovers from previous deploys
class site_config::remove {
include site_config::remove::files
+
+ case $::operatingsystemrelease {
+ /^8.*/: {
+ include site_config::remove::jessie
+ }
+ default: { }
+ }
}
diff --git a/puppet/modules/site_config/manifests/remove/jessie.pp b/puppet/modules/site_config/manifests/remove/jessie.pp
new file mode 100644
index 00000000..cbeaae05
--- /dev/null
+++ b/puppet/modules/site_config/manifests/remove/jessie.pp
@@ -0,0 +1,9 @@
+# remove possible leftovers after upgrading from wheezy to jessie
+class site_config::remove::jessie {
+
+ tidy {
+ '/etc/apt/preferences.d/rsyslog_anon_depends':
+ notify => Exec['refresh_apt'];
+ }
+
+}
diff --git a/puppet/modules/site_config/manifests/remove/tapicero.pp b/puppet/modules/site_config/manifests/remove/tapicero.pp
index 4ce972d0..07c3c6c6 100644
--- a/puppet/modules/site_config/manifests/remove/tapicero.pp
+++ b/puppet/modules/site_config/manifests/remove/tapicero.pp
@@ -1,6 +1,8 @@
# remove tapicero leftovers from previous deploys on couchdb nodes
class site_config::remove::tapicero {
+ ensure_packages('curl')
+
# remove tapicero couchdb user
$couchdb_config = hiera('couch')
$couchdb_mode = $couchdb_config['mode']
@@ -14,7 +16,8 @@ class site_config::remove::tapicero {
exec { 'remove_couchdb_user':
onlyif => "/usr/bin/curl -s 127.0.0.1:${port}/_users/org.couchdb.user:tapicero | grep -qv 'not_found'",
- command => "/usr/local/bin/couch-doc-update --host 127.0.0.1:${port} --db _users --id org.couchdb.user:tapicero --delete"
+ command => "/usr/local/bin/couch-doc-update --host 127.0.0.1:${port} --db _users --id org.couchdb.user:tapicero --delete",
+ require => Package['curl']
}
diff --git a/puppet/modules/site_config/manifests/resolvconf.pp b/puppet/modules/site_config/manifests/resolvconf.pp
index 05990c67..09f0b405 100644
--- a/puppet/modules/site_config/manifests/resolvconf.pp
+++ b/puppet/modules/site_config/manifests/resolvconf.pp
@@ -8,7 +8,7 @@ class site_config::resolvconf {
nameservers => [
'127.0.0.1 # local caching-only, unbound',
'85.214.20.141 # Digitalcourage, a german privacy organisation: (https://en.wikipedia.org/wiki/Digitalcourage)',
- '77.109.138.45 # Swiss privacy Foundation (http://www.privacyfoundation.ch/de/service/server.html)'
+ '172.81.176.146 # OpenNIC (https://servers.opennicproject.org/edit.php?srv=ns1.tor.ca.dns.opennic.glue)'
]
}
}
diff --git a/puppet/modules/site_config/manifests/syslog.pp b/puppet/modules/site_config/manifests/syslog.pp
index 83b49c8e..c397dc15 100644
--- a/puppet/modules/site_config/manifests/syslog.pp
+++ b/puppet/modules/site_config/manifests/syslog.pp
@@ -1,6 +1,13 @@
+# configure rsyslog on all nodes
class site_config::syslog {
- include site_apt::preferences::rsyslog
+ # only pin rsyslog packages to backports on wheezy
+ case $::operatingsystemrelease {
+ /^7.*/: {
+ include site_apt::preferences::rsyslog
+ }
+ default: { }
+ }
class { 'rsyslog::client':
log_remote => false,
@@ -15,12 +22,13 @@ action(type="mmanon" ipv4.bits="32" mode="rewrite")'
augeas {
'logrotate_leap_deploy':
context => '/files/etc/logrotate.d/leap_deploy/rule',
- changes => [ 'set file /var/log/leap/deploy.log',
- 'set rotate 5',
- 'set size 1M',
- 'set compress compress',
- 'set missingok missingok',
- 'set copytruncate copytruncate' ];
+ changes => [
+ 'set file /var/log/leap/deploy.log',
+ 'set rotate 5',
+ 'set size 1M',
+ 'set compress compress',
+ 'set missingok missingok',
+ 'set copytruncate copytruncate' ];
# NOTE:
# the puppet_command script requires the option delaycompress
@@ -28,12 +36,13 @@ action(type="mmanon" ipv4.bits="32" mode="rewrite")'
'logrotate_leap_deploy_summary':
context => '/files/etc/logrotate.d/leap_deploy_summary/rule',
- changes => [ 'set file /var/log/leap/deploy-summary.log',
- 'set rotate 5',
- 'set size 100k',
- 'set delaycompress delaycompress',
- 'set compress compress',
- 'set missingok missingok',
- 'set copytruncate copytruncate' ]
+ changes => [
+ 'set file /var/log/leap/deploy-summary.log',
+ 'set rotate 5',
+ 'set size 100k',
+ 'set delaycompress delaycompress',
+ 'set compress compress',
+ 'set missingok missingok',
+ 'set copytruncate copytruncate' ]
}
}
diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp
index 221c79a7..ca9926cc 100644
--- a/puppet/modules/site_openvpn/manifests/server_config.pp
+++ b/puppet/modules/site_openvpn/manifests/server_config.pp
@@ -204,4 +204,21 @@ define site_openvpn::server_config(
value => '3',
server => $openvpn_configname;
}
+
+ # register openvpn services at systemd on nodes newer than wheezy
+ # see https://leap.se/code/issues/7798
+ case $::operatingsystemrelease {
+ /^7.*/: { }
+ default: {
+ exec { "enable_systemd_${openvpn_configname}":
+ refreshonly => true,
+ command => "/bin/systemctl enable openvpn@${openvpn_configname}",
+ subscribe => File["/etc/openvpn/${openvpn_configname}.conf"],
+ notify => Service["openvpn@${openvpn_configname}"];
+ }
+ service { "openvpn@${openvpn_configname}":
+ ensure => running
+ }
+ }
+ }
}
diff --git a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
index f2bd571b..0ea452ee 100644
--- a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
+++ b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
@@ -6,7 +6,7 @@ class site_postfix::mx::smtpd_checks {
'checks_dir':
value => '$config_directory/checks';
'smtpd_client_restrictions':
- value => "${site_postfix::mx::rbls}permit_mynetworks,permit";
+ value => "permit_mynetworks,${site_postfix::mx::rbls},permit";
'smtpd_data_restrictions':
value => 'permit_mynetworks, reject_unauth_pipelining, permit';
'smtpd_delay_reject':
diff --git a/vagrant/configure-leap.sh b/vagrant/configure-leap.sh
index 00811144..96344400 100755
--- a/vagrant/configure-leap.sh
+++ b/vagrant/configure-leap.sh
@@ -10,6 +10,7 @@ NODE='node1'
SUDO="sudo -u ${USER}"
PROVIDERDIR="/home/${USER}/leap/configuration"
LEAP="$SUDO /usr/local/bin/leap"
+GIT="$SUDO git"
echo '==============================================='
echo 'configuring leap'
@@ -43,9 +44,9 @@ echo '{ "webapp": { "admins": ["testadmin"] } }' > services/webapp.json
$LEAP $OPTS compile
-git init
-git add .
-git commit -m'configured provider'
+$GIT init
+$GIT add .
+$GIT commit -m'configured provider'
$LEAP $OPTS node init $NODE
if [ $? -eq 1 ]; then
@@ -61,8 +62,8 @@ gem install rake
$LEAP $OPTS -v 2 deploy
set +e
-git add .
-git commit -m'initialized and deployed provider'
+$GIT add .
+$GIT commit -m'initialized and deployed provider'
set -e
# Vagrant: leap_mx fails to start on jessie