summaryrefslogtreecommitdiff
path: root/puppet/modules
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules')
-rw-r--r--puppet/modules/site_config/manifests/remove/tapicero.pp5
-rw-r--r--puppet/modules/site_openvpn/manifests/server_config.pp13
-rw-r--r--puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp2
3 files changed, 18 insertions, 2 deletions
diff --git a/puppet/modules/site_config/manifests/remove/tapicero.pp b/puppet/modules/site_config/manifests/remove/tapicero.pp
index 4ce972d0..07c3c6c6 100644
--- a/puppet/modules/site_config/manifests/remove/tapicero.pp
+++ b/puppet/modules/site_config/manifests/remove/tapicero.pp
@@ -1,6 +1,8 @@
# remove tapicero leftovers from previous deploys on couchdb nodes
class site_config::remove::tapicero {
+ ensure_packages('curl')
+
# remove tapicero couchdb user
$couchdb_config = hiera('couch')
$couchdb_mode = $couchdb_config['mode']
@@ -14,7 +16,8 @@ class site_config::remove::tapicero {
exec { 'remove_couchdb_user':
onlyif => "/usr/bin/curl -s 127.0.0.1:${port}/_users/org.couchdb.user:tapicero | grep -qv 'not_found'",
- command => "/usr/local/bin/couch-doc-update --host 127.0.0.1:${port} --db _users --id org.couchdb.user:tapicero --delete"
+ command => "/usr/local/bin/couch-doc-update --host 127.0.0.1:${port} --db _users --id org.couchdb.user:tapicero --delete",
+ require => Package['curl']
}
diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp
index 221c79a7..d7f6f9eb 100644
--- a/puppet/modules/site_openvpn/manifests/server_config.pp
+++ b/puppet/modules/site_openvpn/manifests/server_config.pp
@@ -204,4 +204,17 @@ define site_openvpn::server_config(
value => '3',
server => $openvpn_configname;
}
+
+ # register openvpn services at systemd on nodes newer than wheezy
+ # see https://leap.se/code/issues/7798
+ case $::operatingsystemrelease {
+ /^7.*/: { }
+ default: {
+ exec { "enable_systemd_${openvpn_configname}":
+ refreshonly => true,
+ command => "/bin/systemctl enable openvpn@${openvpn_configname}",
+ subscribe => File["/etc/openvpn/${openvpn_configname}.conf"];
+ }
+ }
+ }
}
diff --git a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
index f2bd571b..0ea452ee 100644
--- a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
+++ b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
@@ -6,7 +6,7 @@ class site_postfix::mx::smtpd_checks {
'checks_dir':
value => '$config_directory/checks';
'smtpd_client_restrictions':
- value => "${site_postfix::mx::rbls}permit_mynetworks,permit";
+ value => "permit_mynetworks,${site_postfix::mx::rbls},permit";
'smtpd_data_restrictions':
value => 'permit_mynetworks, reject_unauth_pipelining, permit';
'smtpd_delay_reject':