diff options
-rwxr-xr-x | bin/debug.sh | 25 | ||||
-rw-r--r-- | lib/leap_cli/commands/debug.rb | 15 | ||||
-rw-r--r-- | lib/leap_cli/commands/vagrant.rb | 4 | ||||
m--------- | puppet/modules/apt | 0 | ||||
m--------- | puppet/modules/couchdb | 0 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/files.pp | 7 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/remove.pp | 7 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/remove/jessie.pp | 9 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/remove/tapicero.pp | 5 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/resolvconf.pp | 2 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/syslog.pp | 37 | ||||
-rw-r--r-- | puppet/modules/site_openvpn/manifests/server_config.pp | 17 | ||||
-rw-r--r-- | puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp | 2 | ||||
-rwxr-xr-x | vagrant/configure-leap.sh | 11 |
14 files changed, 114 insertions, 27 deletions
diff --git a/bin/debug.sh b/bin/debug.sh new file mode 100755 index 00000000..2363644c --- /dev/null +++ b/bin/debug.sh @@ -0,0 +1,25 @@ +#!/bin/bash +# debug script to be run on remote servers +# called from leap_cli with the 'leap debug' cmd + +regexp='(leap|pixelated|stunnel|couch|soledad|haproxy)' + +# query facts and filter out private stuff +echo -e '\n\n' +facter | egrep -iv '(^ssh|^uniqueid)' + +# query installed versions +echo -e '\n\n' +dpkg -l | egrep "$regexp" + + +# query running procs +echo -e '\n\n' +ps aux|egrep "$regexp" + +echo -e '\n\n' +echo -e "Last deploy:\n" +tail -2 /var/log/leap/deploy-summary.log + + + diff --git a/lib/leap_cli/commands/debug.rb b/lib/leap_cli/commands/debug.rb new file mode 100644 index 00000000..a969b752 --- /dev/null +++ b/lib/leap_cli/commands/debug.rb @@ -0,0 +1,15 @@ +module LeapCli; module Commands + + desc 'Output debug information.' + long_desc 'The FILTER can be the name of a node, service, or tag.' + arg_name 'FILTER' + command [:debug, :d] do |c| + c.action do |global,options,args| + nodes = manager.filter!(args) + ssh_connect(nodes, connect_options(options)) do |ssh| + ssh.leap.debug + end + end + end + +end; end diff --git a/lib/leap_cli/commands/vagrant.rb b/lib/leap_cli/commands/vagrant.rb index 5168a3c0..9fdd48e3 100644 --- a/lib/leap_cli/commands/vagrant.rb +++ b/lib/leap_cli/commands/vagrant.rb @@ -151,10 +151,10 @@ module LeapCli; module Commands lines << %[ config.vm.provider "virtualbox" do |v|] lines << %[ v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]] lines << %[ v.name = "#{node.name}"] - lines << %[ v.memory = 1024] + lines << %[ v.memory = 1536] lines << %[ end] lines << %[ config.vm.provider "libvirt" do |v|] - lines << %[ v.memory = 1024] + lines << %[ v.memory = 1536] lines << %[ end] lines << %[ #{leapfile.custom_vagrant_vm_line}] if leapfile.custom_vagrant_vm_line lines << %[ end] diff --git a/puppet/modules/apt b/puppet/modules/apt -Subproject e12c5bfd6c9ff5d1dc5e14c227e8c15388ecb04 +Subproject d459567bf246eee85cd101c2e2f17f451e6230b diff --git a/puppet/modules/couchdb b/puppet/modules/couchdb -Subproject 84b1d857b0ea8a9987be0748dab9f6a3ddaba94 +Subproject b2dada713dd3486dec8eaf9bdcd1e223c9297f6 diff --git a/puppet/modules/site_config/manifests/files.pp b/puppet/modules/site_config/manifests/files.pp index 684d3ad0..d2ef8a98 100644 --- a/puppet/modules/site_config/manifests/files.pp +++ b/puppet/modules/site_config/manifests/files.pp @@ -1,3 +1,4 @@ +# set up core leap files and directories class site_config::files { file { @@ -7,15 +8,15 @@ class site_config::files { group => 'root', mode => '0711'; - '/var/lib/leap': + [ '/etc/leap', '/var/lib/leap']: ensure => directory, - owner => root, + owner => 'root', group => 'root', mode => '0755'; '/var/log/leap': ensure => directory, - owner => root, + owner => 'root', group => 'adm', mode => '0750'; } diff --git a/puppet/modules/site_config/manifests/remove.pp b/puppet/modules/site_config/manifests/remove.pp index b1ad1a2b..443df9c2 100644 --- a/puppet/modules/site_config/manifests/remove.pp +++ b/puppet/modules/site_config/manifests/remove.pp @@ -1,4 +1,11 @@ # remove leftovers from previous deploys class site_config::remove { include site_config::remove::files + + case $::operatingsystemrelease { + /^8.*/: { + include site_config::remove::jessie + } + default: { } + } } diff --git a/puppet/modules/site_config/manifests/remove/jessie.pp b/puppet/modules/site_config/manifests/remove/jessie.pp new file mode 100644 index 00000000..cbeaae05 --- /dev/null +++ b/puppet/modules/site_config/manifests/remove/jessie.pp @@ -0,0 +1,9 @@ +# remove possible leftovers after upgrading from wheezy to jessie +class site_config::remove::jessie { + + tidy { + '/etc/apt/preferences.d/rsyslog_anon_depends': + notify => Exec['refresh_apt']; + } + +} diff --git a/puppet/modules/site_config/manifests/remove/tapicero.pp b/puppet/modules/site_config/manifests/remove/tapicero.pp index 4ce972d0..07c3c6c6 100644 --- a/puppet/modules/site_config/manifests/remove/tapicero.pp +++ b/puppet/modules/site_config/manifests/remove/tapicero.pp @@ -1,6 +1,8 @@ # remove tapicero leftovers from previous deploys on couchdb nodes class site_config::remove::tapicero { + ensure_packages('curl') + # remove tapicero couchdb user $couchdb_config = hiera('couch') $couchdb_mode = $couchdb_config['mode'] @@ -14,7 +16,8 @@ class site_config::remove::tapicero { exec { 'remove_couchdb_user': onlyif => "/usr/bin/curl -s 127.0.0.1:${port}/_users/org.couchdb.user:tapicero | grep -qv 'not_found'", - command => "/usr/local/bin/couch-doc-update --host 127.0.0.1:${port} --db _users --id org.couchdb.user:tapicero --delete" + command => "/usr/local/bin/couch-doc-update --host 127.0.0.1:${port} --db _users --id org.couchdb.user:tapicero --delete", + require => Package['curl'] } diff --git a/puppet/modules/site_config/manifests/resolvconf.pp b/puppet/modules/site_config/manifests/resolvconf.pp index 05990c67..09f0b405 100644 --- a/puppet/modules/site_config/manifests/resolvconf.pp +++ b/puppet/modules/site_config/manifests/resolvconf.pp @@ -8,7 +8,7 @@ class site_config::resolvconf { nameservers => [ '127.0.0.1 # local caching-only, unbound', '85.214.20.141 # Digitalcourage, a german privacy organisation: (https://en.wikipedia.org/wiki/Digitalcourage)', - '77.109.138.45 # Swiss privacy Foundation (http://www.privacyfoundation.ch/de/service/server.html)' + '172.81.176.146 # OpenNIC (https://servers.opennicproject.org/edit.php?srv=ns1.tor.ca.dns.opennic.glue)' ] } } diff --git a/puppet/modules/site_config/manifests/syslog.pp b/puppet/modules/site_config/manifests/syslog.pp index 83b49c8e..c397dc15 100644 --- a/puppet/modules/site_config/manifests/syslog.pp +++ b/puppet/modules/site_config/manifests/syslog.pp @@ -1,6 +1,13 @@ +# configure rsyslog on all nodes class site_config::syslog { - include site_apt::preferences::rsyslog + # only pin rsyslog packages to backports on wheezy + case $::operatingsystemrelease { + /^7.*/: { + include site_apt::preferences::rsyslog + } + default: { } + } class { 'rsyslog::client': log_remote => false, @@ -15,12 +22,13 @@ action(type="mmanon" ipv4.bits="32" mode="rewrite")' augeas { 'logrotate_leap_deploy': context => '/files/etc/logrotate.d/leap_deploy/rule', - changes => [ 'set file /var/log/leap/deploy.log', - 'set rotate 5', - 'set size 1M', - 'set compress compress', - 'set missingok missingok', - 'set copytruncate copytruncate' ]; + changes => [ + 'set file /var/log/leap/deploy.log', + 'set rotate 5', + 'set size 1M', + 'set compress compress', + 'set missingok missingok', + 'set copytruncate copytruncate' ]; # NOTE: # the puppet_command script requires the option delaycompress @@ -28,12 +36,13 @@ action(type="mmanon" ipv4.bits="32" mode="rewrite")' 'logrotate_leap_deploy_summary': context => '/files/etc/logrotate.d/leap_deploy_summary/rule', - changes => [ 'set file /var/log/leap/deploy-summary.log', - 'set rotate 5', - 'set size 100k', - 'set delaycompress delaycompress', - 'set compress compress', - 'set missingok missingok', - 'set copytruncate copytruncate' ] + changes => [ + 'set file /var/log/leap/deploy-summary.log', + 'set rotate 5', + 'set size 100k', + 'set delaycompress delaycompress', + 'set compress compress', + 'set missingok missingok', + 'set copytruncate copytruncate' ] } } diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp index 221c79a7..ca9926cc 100644 --- a/puppet/modules/site_openvpn/manifests/server_config.pp +++ b/puppet/modules/site_openvpn/manifests/server_config.pp @@ -204,4 +204,21 @@ define site_openvpn::server_config( value => '3', server => $openvpn_configname; } + + # register openvpn services at systemd on nodes newer than wheezy + # see https://leap.se/code/issues/7798 + case $::operatingsystemrelease { + /^7.*/: { } + default: { + exec { "enable_systemd_${openvpn_configname}": + refreshonly => true, + command => "/bin/systemctl enable openvpn@${openvpn_configname}", + subscribe => File["/etc/openvpn/${openvpn_configname}.conf"], + notify => Service["openvpn@${openvpn_configname}"]; + } + service { "openvpn@${openvpn_configname}": + ensure => running + } + } + } } diff --git a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp index f2bd571b..0ea452ee 100644 --- a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp +++ b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp @@ -6,7 +6,7 @@ class site_postfix::mx::smtpd_checks { 'checks_dir': value => '$config_directory/checks'; 'smtpd_client_restrictions': - value => "${site_postfix::mx::rbls}permit_mynetworks,permit"; + value => "permit_mynetworks,${site_postfix::mx::rbls},permit"; 'smtpd_data_restrictions': value => 'permit_mynetworks, reject_unauth_pipelining, permit'; 'smtpd_delay_reject': diff --git a/vagrant/configure-leap.sh b/vagrant/configure-leap.sh index 00811144..96344400 100755 --- a/vagrant/configure-leap.sh +++ b/vagrant/configure-leap.sh @@ -10,6 +10,7 @@ NODE='node1' SUDO="sudo -u ${USER}" PROVIDERDIR="/home/${USER}/leap/configuration" LEAP="$SUDO /usr/local/bin/leap" +GIT="$SUDO git" echo '===============================================' echo 'configuring leap' @@ -43,9 +44,9 @@ echo '{ "webapp": { "admins": ["testadmin"] } }' > services/webapp.json $LEAP $OPTS compile -git init -git add . -git commit -m'configured provider' +$GIT init +$GIT add . +$GIT commit -m'configured provider' $LEAP $OPTS node init $NODE if [ $? -eq 1 ]; then @@ -61,8 +62,8 @@ gem install rake $LEAP $OPTS -v 2 deploy set +e -git add . -git commit -m'initialized and deployed provider' +$GIT add . +$GIT commit -m'initialized and deployed provider' set -e # Vagrant: leap_mx fails to start on jessie |