summaryrefslogtreecommitdiff
path: root/puppet/modules
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules')
m---------puppet/modules/couchdb0
-rw-r--r--puppet/modules/leap_mx/manifests/init.pp22
-rw-r--r--puppet/modules/site_apt/manifests/preferences/passenger.pp8
-rwxr-xr-xpuppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh3
-rw-r--r--puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg5
-rw-r--r--puppet/modules/site_check_mk/manifests/agent/tapicero.pp5
-rw-r--r--puppet/modules/site_check_mk/manifests/server.pp6
-rw-r--r--puppet/modules/site_config/manifests/caching_resolver.pp20
-rw-r--r--puppet/modules/site_config/manifests/dhclient.pp8
-rw-r--r--puppet/modules/site_config/manifests/packages/base.pp3
-rw-r--r--puppet/modules/site_config/manifests/remove_files.pp4
-rw-r--r--puppet/modules/site_couchdb/manifests/bigcouch.pp2
-rw-r--r--puppet/modules/site_couchdb/manifests/create_dbs.pp14
-rw-r--r--puppet/modules/site_couchdb/manifests/init.pp3
-rw-r--r--puppet/modules/site_couchdb/manifests/master.pp8
-rw-r--r--puppet/modules/site_static/manifests/init.pp14
m---------puppet/modules/unbound0
17 files changed, 73 insertions, 52 deletions
diff --git a/puppet/modules/couchdb b/puppet/modules/couchdb
-Subproject 23b557c6fb07929a9b04e5fb75375a85a473437
+Subproject 3c20a3169e77e5a5f9abc06788c3a7730d5530c
diff --git a/puppet/modules/leap_mx/manifests/init.pp b/puppet/modules/leap_mx/manifests/init.pp
index 6bcdd19a..284662d2 100644
--- a/puppet/modules/leap_mx/manifests/init.pp
+++ b/puppet/modules/leap_mx/manifests/init.pp
@@ -77,16 +77,18 @@ class leap_mx {
}
augeas {
- "logrotate_mx":
- context => "/files/etc/logrotate.d/leap-mx/rule",
+ 'logrotate_mx':
+ context => '/files/etc/logrotate.d/leap-mx/rule',
changes => [
- "set file /var/log/leap/mx.log",
- 'set rotate 5',
- 'set schedule daily',
- 'set compress compress',
- 'set missingok missingok',
- 'set ifempty notifempty',
- 'set copytruncate copytruncate'
- ]
+ 'set file /var/log/leap/mx.log',
+ 'set rotate 5',
+ 'set schedule daily',
+ 'clear nocreate',
+ 'rm create',
+ 'rm ifempty',
+ 'set compress compress',
+ 'set missingok missingok',
+ 'set copytruncate copytruncate'
+ ]
}
}
diff --git a/puppet/modules/site_apt/manifests/preferences/passenger.pp b/puppet/modules/site_apt/manifests/preferences/passenger.pp
index af501b6b..8cd41f91 100644
--- a/puppet/modules/site_apt/manifests/preferences/passenger.pp
+++ b/puppet/modules/site_apt/manifests/preferences/passenger.pp
@@ -1,10 +1,14 @@
+#
+# currently, this is only used by static_site to get passenger v4.
+#
+# UPGRADE: this is not needed for jessie.
+#
class site_apt::preferences::passenger {
apt::preferences_snippet { 'passenger':
package => 'libapache2-mod-passenger',
release => "${::lsbdistcodename}-backports",
- priority => 999,
- require => [Package['apache'], Class['ruby']];
+ priority => 999;
}
}
diff --git a/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh b/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh
index 95474ccb..83b407e0 100755
--- a/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh
+++ b/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh
@@ -117,3 +117,6 @@ end_time=$(date +%s.%N)
duration=$( echo "scale = 2; $end_time - $start_time" | bc -l )
printf "${exitcode} ${PREFIX}global_stats ${global_stats_perf}|script_duration=%02.2fs ${STATE[exitcode]}: global couchdb status\n" "$duration"
+
+rm "$TMPFILE"
+
diff --git a/puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg b/puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg
index ed50f420..d99dcde9 100644
--- a/puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg
+++ b/puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg
@@ -8,6 +8,11 @@
I ovpn-.*TLS Error: TLS object -> incoming plaintext read error
I ovpn-.*Fatal TLS error \(check_tls_errors_co\), restarting
I ovpn-.*TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate
+ I ovpn-.*TLS_ERROR: BIO read tls_read_plaintext error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
+ I ovpn-.*TLS Error: unknown opcode received from
+ I ovpn-.*Authenticate/Decrypt packet error: packet HMAC authentication failed
+ I ovpn-.*TLS Error: reading acknowledgement record from packet
+ I ovpn-.*TLS Error: session-id not found in packet from
I ovpn-.*SIGUSR1\[soft,tls-error\] received, client-instance restarting
I ovpn-.*VERIFY ERROR: depth=0, error=certificate has expired
diff --git a/puppet/modules/site_check_mk/manifests/agent/tapicero.pp b/puppet/modules/site_check_mk/manifests/agent/tapicero.pp
index 4a5ec68e..8505b34a 100644
--- a/puppet/modules/site_check_mk/manifests/agent/tapicero.pp
+++ b/puppet/modules/site_check_mk/manifests/agent/tapicero.pp
@@ -1,3 +1,4 @@
+# sets up tapicero monitoring
class site_check_mk::agent::tapicero {
include ::site_nagios::plugins
@@ -14,12 +15,12 @@ class site_check_mk::agent::tapicero {
lens => 'Spacevars.lns',
changes => [
'rm /files/etc/check_mk/mrpe.cfg/Tapicero_Procs',
- 'set Tapicero_Procs "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -a tapicero"' ],
+ "set Tapicero_Procs \"/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 --ereg-argument-array='^tapicero$'\"" ],
require => File['/etc/check_mk/mrpe.cfg'];
'Tapicero_Heartbeat':
incl => '/etc/check_mk/mrpe.cfg',
lens => 'Spacevars.lns',
- changes => 'set Tapicero_Heartbeat \'/usr/local/lib/nagios/plugins/check_last_regex_in_log -f /var/log/leap/tapicero.log -r "tapicero" -w 300 -c 600\'',
+ changes => 'set Tapicero_Heartbeat \'/usr/local/lib/nagios/plugins/check_last_regex_in_log -f /var/log/leap/tapicero.log -r "tapicero" -w 1200 -c 2400\'',
require => File['/etc/check_mk/mrpe.cfg'];
}
}
diff --git a/puppet/modules/site_check_mk/manifests/server.pp b/puppet/modules/site_check_mk/manifests/server.pp
index 171f1576..67519513 100644
--- a/puppet/modules/site_check_mk/manifests/server.pp
+++ b/puppet/modules/site_check_mk/manifests/server.pp
@@ -1,3 +1,4 @@
+# setup check_mk on the monitoring server
class site_check_mk::server {
$ssh_hash = hiera('ssh')
@@ -6,10 +7,9 @@ class site_check_mk::server {
$seckey = $ssh_hash['monitor']['private_key']
$nagios_hiera = hiera_hash('nagios')
- $nagios_hosts = $nagios_hiera['hosts']
+ $hosts = $nagios_hiera['hosts']
- $hosts = hiera_hash('hosts')
- $all_hosts = inline_template ('<% @hosts.keys.sort.each do |key| -%>"<%= @hosts[key]["domain_internal"] %>", <% end -%>')
+ $all_hosts = inline_template ('<% @hosts.keys.sort.each do |key| -%><% if @hosts[key]["environment"] != "disabled" %>"<%= @hosts[key]["domain_internal"] %>", <% end -%><% end -%>')
$domains_internal = $nagios_hiera['domains_internal']
$environments = $nagios_hiera['environments']
diff --git a/puppet/modules/site_config/manifests/caching_resolver.pp b/puppet/modules/site_config/manifests/caching_resolver.pp
index 1b8bd1a2..cdebbad0 100644
--- a/puppet/modules/site_config/manifests/caching_resolver.pp
+++ b/puppet/modules/site_config/manifests/caching_resolver.pp
@@ -1,32 +1,12 @@
class site_config::caching_resolver {
tag 'leap_base'
- # Setup a conf.d directory to place additional unbound configuration files.
- # There must be at least one file in the directory, or unbound will not start,
- # so create an empty placeholder to ensure this.
-
- # Note: the version of unbound we are working with does not accept a wildcard
- # for an include directive, so we are not able to use this. When we can use
- # the newer unbound, then we will add 'include: /etc/unbound.d/*' to the
- # configuration file
-
include site_apt::preferences::unbound
- file {
- # cleanup from how we used to do it
- '/etc/unbound/conf.d':
- force => true,
- ensure => absent;
-
- '/etc/unbound/conf.d/placeholder':
- ensure => absent;
- }
-
class { 'unbound':
root_hints => false,
anchor => false,
ssl => false,
- require => File['/etc/unbound/conf.d/placeholder'],
settings => {
server => {
verbosity => '1',
diff --git a/puppet/modules/site_config/manifests/dhclient.pp b/puppet/modules/site_config/manifests/dhclient.pp
index dbe2ef1c..7755413b 100644
--- a/puppet/modules/site_config/manifests/dhclient.pp
+++ b/puppet/modules/site_config/manifests/dhclient.pp
@@ -22,11 +22,19 @@ class site_config::dhclient {
require => File['/usr/local/sbin/reload_dhclient'],
}
+ file { '/etc/dhcp/dhclient-enter-hooks.d':
+ ensure => directory,
+ mode => '0755',
+ owner => 'root',
+ group => 'root',
+ }
+
file { '/etc/dhcp/dhclient-enter-hooks.d/disable_resolvconf':
content => 'make_resolv_conf() { : ; } ; set_hostname() { : ; }',
mode => '0644',
owner => 'root',
group => 'root',
+ require => File['/etc/dhcp/dhclient-enter-hooks.d'],
notify => Exec['reload_dhclient'];
}
}
diff --git a/puppet/modules/site_config/manifests/packages/base.pp b/puppet/modules/site_config/manifests/packages/base.pp
index f20d04a4..c23495fc 100644
--- a/puppet/modules/site_config/manifests/packages/base.pp
+++ b/puppet/modules/site_config/manifests/packages/base.pp
@@ -1,3 +1,4 @@
+# install default packages and remove unwanted packages
class site_config::packages::base {
@@ -7,7 +8,7 @@ class site_config::packages::base {
}
# base set of packages that we want to remove everywhere
- package { [ 'acpi', 'acpid', 'acpi-support-base', 'eject', 'ftp',
+ package { [ 'acpi', 'eject', 'ftp',
'laptop-detect', 'lpr', 'nfs-common', 'nfs-kernel-server',
'portmap', 'pppconfig', 'pppoe', 'pump', 'qstat', 'rpcbind',
'samba-common', 'samba-common-bin', 'smbclient', 'tcl8.5',
diff --git a/puppet/modules/site_config/manifests/remove_files.pp b/puppet/modules/site_config/manifests/remove_files.pp
index 3f46659c..b339e6af 100644
--- a/puppet/modules/site_config/manifests/remove_files.pp
+++ b/puppet/modules/site_config/manifests/remove_files.pp
@@ -27,6 +27,10 @@ class site_config::remove_files {
path => '/var/log/',
recurse => true,
matches => 'leap_mx*';
+ 'leap_mx_rotate':
+ path => '/var/log/leap/',
+ recurse => true,
+ matches => [ 'mx.log.[0-9]', 'mx.log.[0-9]?', 'mx.log.[6-9]?gz'];
'/srv/leap/webapp/public/provider.json':;
'/srv/leap/couchdb/designs/tmp_users':
recurse => true,
diff --git a/puppet/modules/site_couchdb/manifests/bigcouch.pp b/puppet/modules/site_couchdb/manifests/bigcouch.pp
index 82c85b52..469a2783 100644
--- a/puppet/modules/site_couchdb/manifests/bigcouch.pp
+++ b/puppet/modules/site_couchdb/manifests/bigcouch.pp
@@ -1,3 +1,4 @@
+# sets up bigcouch on couchdb node
class site_couchdb::bigcouch {
$config = $::site_couchdb::couchdb_config['bigcouch']
@@ -24,6 +25,7 @@ class site_couchdb::bigcouch {
-> Class['site_couchdb::setup']
-> Class['site_couchdb::bigcouch::add_nodes']
-> Class['site_couchdb::bigcouch::settle_cluster']
+ -> Class['site_couchdb::create_dbs']
include site_couchdb::bigcouch::add_nodes
include site_couchdb::bigcouch::settle_cluster
diff --git a/puppet/modules/site_couchdb/manifests/create_dbs.pp b/puppet/modules/site_couchdb/manifests/create_dbs.pp
index b743127a..eea4bbf5 100644
--- a/puppet/modules/site_couchdb/manifests/create_dbs.pp
+++ b/puppet/modules/site_couchdb/manifests/create_dbs.pp
@@ -1,13 +1,13 @@
+# creates neccesary databases
class site_couchdb::create_dbs {
Class['site_couchdb::setup']
- -> Class['site_couchdb::bigcouch::settle_cluster']
-> Class['site_couchdb::create_dbs']
### customer database
### r/w: webapp,
couchdb::create_db { 'customers':
- members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [\"replication\"] }",
+ members => "{ \"names\": [\"${site_couchdb::couchdb_webapp_user}\"], \"roles\": [\"replication\"] }",
require => Couchdb::Query::Setup['localhost']
}
@@ -30,27 +30,27 @@ class site_couchdb::create_dbs {
## r/w: webapp
$sessions_db = rotated_db_name('sessions', 'monthly')
couchdb::create_db { $sessions_db:
- members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [\"replication\"] }",
+ members => "{ \"names\": [\"${site_couchdb::couchdb_webapp_user}\"], \"roles\": [\"replication\"] }",
require => Couchdb::Query::Setup['localhost']
}
$sessions_next_db = rotated_db_name('sessions', 'monthly', 'next')
couchdb::create_db { $sessions_next_db:
- members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [\"replication\"] }",
+ members => "{ \"names\": [\"${site_couchdb::couchdb_webapp_user}\"], \"roles\": [\"replication\"] }",
require => Couchdb::Query::Setup['localhost']
}
## shared database
## r/w: soledad
couchdb::create_db { 'shared':
- members => "{ \"names\": [\"$site_couchdb::couchdb_soledad_user\"], \"roles\": [\"replication\"] }",
+ members => "{ \"names\": [\"${site_couchdb::couchdb_soledad_user}\"], \"roles\": [\"replication\"] }",
require => Couchdb::Query::Setup['localhost']
}
## tickets database
## r/w: webapp
couchdb::create_db { 'tickets':
- members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [\"replication\"] }",
+ members => "{ \"names\": [\"${site_couchdb::couchdb_webapp_user}\"], \"roles\": [\"replication\"] }",
require => Couchdb::Query::Setup['localhost']
}
@@ -87,7 +87,7 @@ class site_couchdb::create_dbs {
## store messages to the clients such as payment reminders
## r/w: webapp
couchdb::create_db { 'messages':
- members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [\"replication\"] }",
+ members => "{ \"names\": [\"${site_couchdb::couchdb_webapp_user}\"], \"roles\": [\"replication\"] }",
require => Couchdb::Query::Setup['localhost']
}
}
diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index a11f6309..6b6ddd3a 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -1,3 +1,5 @@
+# entry class for configuring couchdb/bigcouch node
+# couchdb node
class site_couchdb {
tag 'leap_service'
@@ -41,6 +43,7 @@ class site_couchdb {
$couchdb_backup = $couchdb_config['backup']
$couchdb_mode = $couchdb_config['mode']
+ $couchdb_pwhash_alg = $couchdb_config['pwhash_alg']
if $couchdb_mode == 'multimaster' { include site_couchdb::bigcouch }
if $couchdb_mode == 'master' { include site_couchdb::master }
diff --git a/puppet/modules/site_couchdb/manifests/master.pp b/puppet/modules/site_couchdb/manifests/master.pp
index a0a6633d..c28eee7d 100644
--- a/puppet/modules/site_couchdb/manifests/master.pp
+++ b/puppet/modules/site_couchdb/manifests/master.pp
@@ -1,9 +1,9 @@
+# this class sets up a single, plain couchdb node
class site_couchdb::master {
-
class { 'couchdb':
admin_pw => $site_couchdb::couchdb_admin_pw,
admin_salt => $site_couchdb::couchdb_admin_salt,
- chttpd_bind_address => '127.0.0.1'
+ chttpd_bind_address => '127.0.0.1',
+ pwhash_alg => $site_couchdb::couchdb_pwhash_alg
}
-
-} \ No newline at end of file
+}
diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp
index ce79c00f..1efc510b 100644
--- a/puppet/modules/site_static/manifests/init.pp
+++ b/puppet/modules/site_static/manifests/init.pp
@@ -33,6 +33,9 @@ class site_static {
include site_apache::module::expires
include site_apache::module::removeip
include site_apache::module::rewrite
+ apache::config::include{ 'ssl_common.inc': }
+
+ include site_config::ruby::dev
if (member($formats, 'rack')) {
include site_apt::preferences::passenger
@@ -43,8 +46,13 @@ class site_static {
}
if (member($formats, 'amber')) {
- include site_config::ruby::dev
- rubygems::gem{'amber-0.3.4': }
+ rubygems::gem{'amber-0.3.7':
+ require => Package['zlib1g-dev']
+ }
+
+ package { 'zlib1g-dev':
+ ensure => installed
+ }
}
create_resources(site_static::domain, $domains)
@@ -52,4 +60,4 @@ class site_static {
include site_shorewall::defaults
include site_shorewall::service::http
include site_shorewall::service::https
-} \ No newline at end of file
+}
diff --git a/puppet/modules/unbound b/puppet/modules/unbound
-Subproject ca7eb732064ce29fc83d4c32a4df7d9512d4580
+Subproject 00646b0ffc71a86981b05f983c86ace0979d1b6
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 19:26:44 +0000