Age | Commit message (Collapse) | Author |
|
|
|
|
|
After including everything into a `node default` scope
in puppet/manifests/site.pp to make puppet-catalog-test happy
(see commit 62ea45d47), we get this error:
Error: member(): Requires array to work with at
/srv/leap/puppet/modules/site_obfsproxy/manifests/init.pp:14
Moving the `services` hiera avaluation out of the node scope back
to top level scope will solve this.
|
|
Change-Id: Ic12b243b195e40482a70dd70219212c3697899ba
|
|
Change-Id: I772c3b6e489e3c1848c45c6bcaa240324fc88928
|
|
|
|
Change-Id: I7675dbaba4d896a62dab9fcf4817092ea69f1298
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
It turns out that in some corner-cases, the script is not called:
(1) start the deploy, create files in /var/lib/puppet/stunnel4/config
(2) halt puppet before apply finishes
(3) re-run deploy
in this scenario, next time you run deploy, refresh_stunnel will never
get called to populate /etc/stunnel, because the files in
/var/lib/puppet/stunnel4/config haven't changed.
This problem can be really confusing when it happens.
To fix this, we just run refresh_stunnel every, it is pretty fast and
the script has more complete logic for what to do than puppet, which has
only an asymmetrical view on the situation.
Change-Id: I9e5fad1d081c2fe07f3ac8f07cfb87d86b88f7c9
|
|
|
|
|
|
|
|
|
|
Fix opendkim milter location (#8163).
The unix socket method for connecting to the milter was incorrectly
reverted, this puts it back to how it should be.
Change-Id: Ifde669c920a249c782f577a112f4d45e60a889a2
See merge request !4
|
|
pixelated/AllowSupplementaryGroups_not_valid_anymore
debian packages don't know AllowSupplementaryGroups
|
|
if this is set in the config, the deamons do not
start anymore. From the debian changelog:
clamav (0.99.2+dfsg-0+deb8u1) stable; urgency=medium
* Import new Upstream.
* Drop AllowSupplementaryGroups option which is default now
(Closes: #822444).
|
|
|
|
The unix socket method for connecting to the milter was incorrectly
reverted, this puts it back to how it should be.
Change-Id: Ifde669c920a249c782f577a112f4d45e60a889a2
|
|
|
|
|
|
Disable puppet-agent daemon from running.
The agent wakes up every two minutes and tries to connect to the default
server, failing with a certificate warning. We don't use the agent, so
we can safely disable it (#8032)
Change-Id: I707f42b59205993325431aba283552b1b73a0ad1
See merge request !1
|
|
Reduce check_mk timeouts (#7807).
check_mk operations can take a long time (such as when doing a
re-inventory using "check_mk -II") when multiple hosts are down. This
decreases the connect timeout to 5 seconds.
Change-Id: I1eac5f14bad2afc2ffc4cbf8c950c24b052a0d6e
See merge request !2
|
|
check_mk operations can take a long time (such as when doing a
re-inventory using "check_mk -II") when multiple hosts are down. This
decreases the connect timeout to 5 seconds.
Change-Id: I1eac5f14bad2afc2ffc4cbf8c950c24b052a0d6e
|
|
The agent wakes up every two minutes and tries to connect to the default
server, failing with a certificate warning. We don't use the agent, so
we can safely disable it (#8032)
Change-Id: I707f42b59205993325431aba283552b1b73a0ad1
|
|
|
|
Automatic background couchdb db compaction frees a huge
amount of diskspace.
- Resolves: #8118
|
|
|
|
|
|
|
|
|
|
`rake test` will run all puppet checks required for CI
(syntax , validate, templates, spec, lint).
We ignore lint checks for submodules for now because puppet-lint
would complain a lot!
|
|
results
|
|
Sometimes a floating point exception or segfault of
a process results in systemd restarting it, we want
to recognize this from the syslog
i.e.:
systemd[1]: pixelated-server.service: main process exited,
code=killed, status=8/FPE
systemd[1]: Unit pixelated-server.service entered failed state.
- Related: https://github.com/pixelated/pixelated-user-agent/issues/683
|
|
Change-Id: I5d5595d2da8770d61cc2328e3e9b7ac482527e89
|
|
Change-Id: I696af649806a7321f92baaf55dc5d404ce5c3d93
|
|
|
|
Otherwise, the nagios config will get regenerated and nagios gets
reloaded before all checks are registered by a check_mk inventory.
- Related: #6873
|
|
After upgrading the platform, there might be old check_mk checks
registered on the monitor hosts. We now run a check_mk inventory
on every run that also purged old non-existng checks.
- Resolves: #6873
|
|
|
|
Change-Id: I20a28ae77c98071aefc1933e0ea73e5f3b895acb
|
|
Shorewall in jessie doesn't come with a proper unit file, and
as a result, it doesn't properly start with systemd.
To solve this, we provide the systemd unit file that comes with stretch,
add a systemd submodule that provides the exec resources needed for when
systemd units or configuration files are changed
Change-Id: I861fa951835928b4741abfbf969adcee4b8f147b
|
|
|