summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-06-16New Build Badge from 0xacab.orgvarac
2016-06-16Merge branch '0.8.1' into developMicah
2016-06-16Disable the Trace method (#8195)0.8.1Micah
The Trace method is enabled because of the Apache module, but it is not the default in Debian, and it should not be enabled, for more information see the following: https://www.kb.cert.org/vuls/id/867593 Change-Id: I06a06ae679dbf7049f26a017125b61e5e38f6268
2016-06-16Fix matching for cleanup check.Micah
The onlyif check was incorrectly specified in the original implementation in commit id: 15b83d88dcedab496a19cef57f11c5c8e091dd4a this inverts it so it is properly detected. Change-Id: I531e206fff1ca61780adcd195e1f917011e50fb4
2016-06-16Disable the Trace method (#8195)Micah
The Trace method is enabled because of the Apache module, but it is not the default in Debian, and it should not be enabled, for more information see the following: https://www.kb.cert.org/vuls/id/867593 Change-Id: I06a06ae679dbf7049f26a017125b61e5e38f6268
2016-06-16Fix matching for cleanup check.Micah
The onlyif check was incorrectly specified in the original implementation in commit id: 15b83d88dcedab496a19cef57f11c5c8e091dd4a this inverts it so it is properly detected. Change-Id: I531e206fff1ca61780adcd195e1f917011e50fb4
2016-06-16switch to two-space soft tabs to fix lint errorMicah
Change-Id: Ic12b243b195e40482a70dd70219212c3697899ba
2016-06-16make sure required x509 bits are there before stunnel is startedMicah
Change-Id: I772c3b6e489e3c1848c45c6bcaa240324fc88928
2016-06-16Ensure stunnel package, service and default ordering.Micah Anderson
2016-06-16update stunnel module for refresh_stunnel fixesMicah
Change-Id: I7675dbaba4d896a62dab9fcf4817092ea69f1298
2016-06-16refresh_stunnel sometimes doesn't run (#8168).Micah
It turns out that in some corner-cases, the script is not called: (1) start the deploy, create files in /var/lib/puppet/stunnel4/config (2) halt puppet before apply finishes (3) re-run deploy in this scenario, next time you run deploy, refresh_stunnel will never get called to populate /etc/stunnel, because the files in /var/lib/puppet/stunnel4/config haven't changed. This problem can be really confusing when it happens. To fix this, we just run refresh_stunnel every, it is pretty fast and the script has more complete logic for what to do than puppet, which has only an asymmetrical view on the situation. Change-Id: I9e5fad1d081c2fe07f3ac8f07cfb87d86b88f7c9
2016-06-16auto run bundler when needed for site_staticelijah
2016-06-16fix typo that prevented common.ENV.json from being loaded. closes #7697elijah
2016-06-16debian packages don't know AllowSupplementaryGroupsChristoph Kluenter
if this is set in the config, the deamons do not start anymore. From the debian changelog: clamav (0.99.2+dfsg-0+deb8u1) stable; urgency=medium * Import new Upstream. * Drop AllowSupplementaryGroups option which is default now (Closes: #822444).
2016-06-16Fix opendkim milter location (#8163).Micah
The unix socket method for connecting to the milter was incorrectly reverted, this puts it back to how it should be. Change-Id: Ifde669c920a249c782f577a112f4d45e60a889a2
2016-06-16ensure soledad server has access to x509::variableselijah
2016-06-16Disable puppet-agent daemon from running.Micah
The agent wakes up every two minutes and tries to connect to the default server, failing with a certificate warning. We don't use the agent, so we can safely disable it (#8032) Change-Id: I707f42b59205993325431aba283552b1b73a0ad1
2016-06-16Reduce check_mk timeouts (#7807).Micah
check_mk operations can take a long time (such as when doing a re-inventory using "check_mk -II") when multiple hosts are down. This decreases the connect timeout to 5 seconds. Change-Id: I1eac5f14bad2afc2ffc4cbf8c950c24b052a0d6e
2016-06-16disable rspec stage, add build stagevarac
2016-06-16fix tests/puppet/hiera.yaml for catalog testvarac
2016-06-14[bug] Fix site_obfsproxy services variable lookupvarac
After including everything into a `node default` scope in puppet/manifests/site.pp to make puppet-catalog-test happy (see commit 62ea45d47), we get this error: Error: member(): Requires array to work with at /srv/leap/puppet/modules/site_obfsproxy/manifests/init.pp:14 Moving the `services` hiera avaluation out of the node scope back to top level scope will solve this.
2016-06-14switch to two-space soft tabs to fix lint errorMicah
Change-Id: Ic12b243b195e40482a70dd70219212c3697899ba
2016-06-14make sure required x509 bits are there before stunnel is startedMicah
Change-Id: I772c3b6e489e3c1848c45c6bcaa240324fc88928
2016-06-14Ensure stunnel package, service and default ordering.Micah Anderson
2016-06-14update stunnel module for refresh_stunnel fixesMicah
Change-Id: I7675dbaba4d896a62dab9fcf4817092ea69f1298
2016-06-14added catalog test to .gitlab-ci.ymlvarac
2016-06-14squirrel fails on syntax:templatesvarac
2016-06-14Improved Rakefilevarac
2016-06-13Merge branch 'gitlab-ci' into developvarac
2016-06-12add initial .gitlab-ci.ymlvarac
2016-06-11Added rake task catalog:all to test catalog compilevarac
2016-06-11add test provider for catalog compile testvarac
2016-06-11Move custom functions to site_config modulevarac
2016-06-11use node default {} in site.pp for catalog testvarac
2016-06-07refresh_stunnel sometimes doesn't run (#8168).Micah
It turns out that in some corner-cases, the script is not called: (1) start the deploy, create files in /var/lib/puppet/stunnel4/config (2) halt puppet before apply finishes (3) re-run deploy in this scenario, next time you run deploy, refresh_stunnel will never get called to populate /etc/stunnel, because the files in /var/lib/puppet/stunnel4/config haven't changed. This problem can be really confusing when it happens. To fix this, we just run refresh_stunnel every, it is pretty fast and the script has more complete logic for what to do than puppet, which has only an asymmetrical view on the situation. Change-Id: I9e5fad1d081c2fe07f3ac8f07cfb87d86b88f7c9
2016-06-07push to execute post-receivekwadronaut
2016-06-07push to execute post-receivekwadronaut
2016-06-07Merge remote-tracking branch 'origin/0.8.x' into developvarac
2016-06-07Merge remote-tracking branch 'origin/0.8.x' into developvarac
2016-06-07Merge branch '0.8.x' into '0.8.x' Varac
Fix opendkim milter location (#8163). The unix socket method for connecting to the milter was incorrectly reverted, this puts it back to how it should be. Change-Id: Ifde669c920a249c782f577a112f4d45e60a889a2 See merge request !4
2016-06-06Merge pull request #106 from ↵varac
pixelated/AllowSupplementaryGroups_not_valid_anymore debian packages don't know AllowSupplementaryGroups
2016-06-06debian packages don't know AllowSupplementaryGroupsChristoph Kluenter
if this is set in the config, the deamons do not start anymore. From the debian changelog: clamav (0.99.2+dfsg-0+deb8u1) stable; urgency=medium * Import new Upstream. * Drop AllowSupplementaryGroups option which is default now (Closes: #822444).
2016-06-03auto run bundler when needed for site_staticelijah
2016-06-02Fix opendkim milter location (#8163).Micah
The unix socket method for connecting to the milter was incorrectly reverted, this puts it back to how it should be. Change-Id: Ifde669c920a249c782f577a112f4d45e60a889a2
2016-06-02ensure soledad server has access to x509::variableselijah
2016-06-01ensure soledad server has access to x509::variableselijah
2016-06-01Merge branch 'disable_agent' into '0.8.x' Varac
Disable puppet-agent daemon from running. The agent wakes up every two minutes and tries to connect to the default server, failing with a certificate warning. We don't use the agent, so we can safely disable it (#8032) Change-Id: I707f42b59205993325431aba283552b1b73a0ad1 See merge request !1
2016-06-01Merge branch 'timeout_7807' into '0.8.x' Varac
Reduce check_mk timeouts (#7807). check_mk operations can take a long time (such as when doing a re-inventory using "check_mk -II") when multiple hosts are down. This decreases the connect timeout to 5 seconds. Change-Id: I1eac5f14bad2afc2ffc4cbf8c950c24b052a0d6e See merge request !2
2016-05-31Reduce check_mk timeouts (#7807).Micah
check_mk operations can take a long time (such as when doing a re-inventory using "check_mk -II") when multiple hosts are down. This decreases the connect timeout to 5 seconds. Change-Id: I1eac5f14bad2afc2ffc4cbf8c950c24b052a0d6e
2016-05-31Disable puppet-agent daemon from running.Micah
The agent wakes up every two minutes and tries to connect to the default server, failing with a certificate warning. We don't use the agent, so we can safely disable it (#8032) Change-Id: I707f42b59205993325431aba283552b1b73a0ad1