summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-02-02[refactor] Dont duplicate Package resource overridevarac
`site_apt` aready ensures for installing packages after Exec[update_apt] is run, so we don't need to duplicate this in `site_config::default.pp`.
2016-02-02[refactor] Use Exec[apt_updated] instead of Exec[refresh_apt]varac
Because this is the recommended way of depnending in the apt README.
2016-02-02[bug] Fix duplicate definition error for Class[Apt]varac
We need to include class `site_config::default` in class `site_config::slow` so we don't get this duplicate definition: - [local1.bitmask.local] Error: Duplicate declaration: Class[Apt] is already declared; cannot redeclare at /srv/leap/puppet/modules/site_apt/manifests/init.pp:29 on node local1.bitmask.local To be honest, i didn't figuered out the real cause of this, but it works with this.
2016-02-02[refactor] Remove atomic apt package dependecyvarac
`site_config::default.pp` takes care the all packages are installed before `Exec['refresh_apt']`, so we don't need to add it here for a single package.
2016-02-02[refactor] Don't declare dependencies for apt resourcesvarac
The apt module now takes care of all the dependencies removed from `site_apt`. Also, the dependency to install the `lsb` package after `refresh_apt` is unnesseccary because lsb facts won't work anyway on the first run if `lsb` is not installed before, so we can safely remove it.
2016-02-01updated submodule aptvarac
2016-01-28[feat] Fix fast deploy using 'leap deploy --fast'varac
This worked before, but somehow stopped working. We need to include 'site_config::slow' top-level scope instead of including it in 'site_config::default', because otherwise it would get tagged with 'leap_base', and would be included always. This way 'site_config::slow' gets included by default, but can be excluded by using 'leap deploy --fast'. See https://leap.se/en/docs/platform/details/under-the-hood#tags - Resolves: #7844
2016-01-28[bug] Fix removing of bigcouch logwatch spoolfilesvarac
The problem was that puppet tried to remove them on the couch node, but they need to get removed on monitor node. - Resolves: #7641
2016-01-27[bug] [jessie] Fix apache 2.4 auth directivesvarac
- Resolves: #7853
2016-01-27[refactor] Optimize static apache vhost templatesvarac
- Related: #7853
2016-01-27[feat] Cronjob to delete orphaned userdbsvarac
- Resolves: #7418
2016-01-26Merge branch 'develop' of ssh://leap.se/leap_platform into developelijah
2016-01-26set value for platform.hiera_dir, but in a way that will not bomb out if ↵elijah
using older leap_cli.
2016-01-26pin webapp to 0.8elijah
2016-01-26[feat] Whitelist facts to query from debug scriptvarac
- Resolves: #7823
2016-01-26[bug] Fix unattended-upgrades on jessievarac
- Resolves: #7842
2016-01-26[bug] remove bigcouch compaction cronjobvarac
- Resolves: #7629
2016-01-26[feat] Move bigcouch removals to own classvarac
We now include "site_config::remove::bigcouch" in class "site_couchdb::master", which sets up plain couchdb.
2016-01-26[bug] Use ruby::devel to install ruby-dev debvarac
Ruby itself is a parameterized class, and parameters cannot get overridden (see https://projects.puppetlabs.com/issues/9259). The webapp node didn't install the ruby-dev package (we never noticed because our vagrant images as probably other debian images had ruby-dev preinstalled). We now use the ruby::devel class to install ruby-dev. - Tested: [citest-jessie] - Resolves: #7838
2016-01-26[feat] Don't install rubygems package on every runvarac
I merged immerda's changes to the `rubygems` module, which remove the installation of the `rubygems` package from jessie on, because it's a dependency of the `ruby2.1` package, which is a dep of puppet, and therefore installed on every node. - Tested: [local singlenode] - Resolves: #7619
2016-01-26[bug] add errback to log failureKali Kaneko
2016-01-25Also increase ram of Vagrantfileto 1,5gvarac
otherwise, machines will be out-of-mememory on deploy
2016-01-23[feat] Don't remove portmap on vagrantvarac
Vagrant uses portmap and nfs-common for mounting shared folders using nfs.
2016-01-22[bug] refactor build-essential package installationvarac
In certain node setups, the webapp gems cannot get built because `build-essential` and dependent packages were not present. I refactored the `site_config::packages::build_essential` class, which now inherits `site_config::packages`. The latter class removes all unneccessary (development) packages, but when the `site_config::packages::build_essential` class is included, some dev packages are overridden to be installed. - Tested: [local] - Resolves: #7834
2016-01-22linted puppet/modules/site_openvpn/manifests/init.ppvarac
2016-01-22Include site_config::params in all x509 subclasses (#6851)varac
After restructuring site.pp to only include site_config::default and the service-specific classes, we got this: Duplicate declaration: X509::Cert[undef] is already declared in file /srv/leap/puppet/modules/site_config/manifests/x509/commercial/cert.pp at line 8; cannot redeclare at /srv/leap/puppet/modules/site_config/manifests/x509/cert.pp:8 on node rewcitestweb1.rewire.org So i included site_config::params in all site_config::x509 clases. Change-Id: Ib8387abfdc68b36c73a45fd2dd1f3a159eaec4a5
2016-01-22restructured site.pp, now only one class gets included in site.pp per ↵varac
service (Bug #6851) Also, moved global Exec{} defaults to site.pp Change-Id: I9ae91b77afde944d2f1312613b9d9030e32239dd
2016-01-21Make sure the certs are installed for all smtp tls clients, thusMicah
ensuring the satellite hosts are setup properly (#7611) Change-Id: I9dce57c305a6fd6a39596a941174fe1879af5e4f
2016-01-21Merge pull request #95 from pixelated/make_pixelate_accessiblevarac
forward port to pixelated
2016-01-21forward port to pixelatedChristoph
pixelated needs to be accessible when running inside vagrant problem is, that we can't add the forwarding anywhere else because vagrant always overwrites virtualbox settings.
2016-01-21Merge pull request #96 from pixelated/remove_port_8080varac
leap redirects port 80 to an invalid url
2016-01-20leap redirects port 80 to an invalid urlChristoph
on vagrant, we use example.org as domain and all requests to http are redirected to https://example.org thats why this does not work on vagrant. we connect to localhost:8080 and get redirected to https://example.org thats why we do not need this port forwarded
2016-01-20Merge remote-tracking branch 'micah/bug/7822' into developvarac
2016-01-19Make the reject parameter an array to fix the following (#7822):Micah
failed to parse template tor/torrc.exit_policy.erb, undefined method `each' for "*:*":String Change-Id: I2b7b444187376dbc2f3cc5095391ae54bf8321b3
2016-01-19Merge branch 'remove_double_apt_get_update' into developvarac
2016-01-19Ensure openvpn services are running on jessievarac
2016-01-19[feat] Add 'leap debug' cmdvarac
This will output node debug information by calling the bin/debug.sh script.
2016-01-19Swiss privacy foundation nameserver is not responding, switch secondaryMicah
fall-back to an OpenNIC resolver that does not log (#7781) Change-Id: I290321927c8188c82e95e2cd4b93cd01bd2258c2
2016-01-19Merge branch '7802_rsyslog_jessie' into developvarac
2016-01-19Make sure machines in mynetworks are able to send mail through us,Micah
without getting blocked by the rbl (#7819) Change-Id: Ib7a00f810b6c49528e5f99a1d83296553a81e65e
2016-01-19Ensure curl is installed before it is called (#7803)Micah
Change-Id: Iedd464a397e9944159991241cd84caad6a2a40d6
2016-01-18increase ram of vagrant nodes to 1,5gvarac
otherwise, machines will be out-of-mememory on deploy
2016-01-16[bug] Enable openvpn services on jessievarac
- Tested: [unstable.bitmask.net] - Resolves: #7798
2016-01-15[bug] Only pin rsyslog debs to backports on wheezyvarac
- Resolves: #7802
2016-01-15linted site_config::syslogvarac
2016-01-12Merge branch '7782_etc_leap_dir_0755' into developvarac
2016-01-12Merge pull request #94 from pixelated/run_git_as_uservarac
Run git as user, not root
2016-01-12Run git as user, not rootFolker Bernitt
2016-01-08[bug] Make /etc/leap world-readablevarac
Under jessie, leap-mx is started by systemd now, not as a forked proc by twistd anymore. Therefore leap-mx (the user the mx proc runs as) needs direct access to it's config file under /etc/leap/mx.conf. Before, twistd would start as root, read the config and then fork an mx proc as unprivileged leap-mx user. - Tested: [quetzal] - Resolves: #7782
2016-01-07updated submodule couchdbvarac