summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-06-11use node default {} in site.pp for catalog testvarac
2016-06-07refresh_stunnel sometimes doesn't run (#8168).Micah
It turns out that in some corner-cases, the script is not called: (1) start the deploy, create files in /var/lib/puppet/stunnel4/config (2) halt puppet before apply finishes (3) re-run deploy in this scenario, next time you run deploy, refresh_stunnel will never get called to populate /etc/stunnel, because the files in /var/lib/puppet/stunnel4/config haven't changed. This problem can be really confusing when it happens. To fix this, we just run refresh_stunnel every, it is pretty fast and the script has more complete logic for what to do than puppet, which has only an asymmetrical view on the situation. Change-Id: I9e5fad1d081c2fe07f3ac8f07cfb87d86b88f7c9
2016-06-07push to execute post-receivekwadronaut
2016-06-07push to execute post-receivekwadronaut
2016-06-07push to execute post-receivekwadronaut
2016-06-07Merge remote-tracking branch 'origin/0.8.x' into developvarac
2016-06-07Merge remote-tracking branch 'origin/0.8.x' into developvarac
2016-06-07Merge branch '0.8.x' into '0.8.x' Varac
Fix opendkim milter location (#8163). The unix socket method for connecting to the milter was incorrectly reverted, this puts it back to how it should be. Change-Id: Ifde669c920a249c782f577a112f4d45e60a889a2 See merge request !4
2016-06-06Merge pull request #106 from ↵varac
pixelated/AllowSupplementaryGroups_not_valid_anymore debian packages don't know AllowSupplementaryGroups
2016-06-06debian packages don't know AllowSupplementaryGroupsChristoph Kluenter
if this is set in the config, the deamons do not start anymore. From the debian changelog: clamav (0.99.2+dfsg-0+deb8u1) stable; urgency=medium * Import new Upstream. * Drop AllowSupplementaryGroups option which is default now (Closes: #822444).
2016-06-03auto run bundler when needed for site_staticelijah
2016-06-02Fix opendkim milter location (#8163).Micah
The unix socket method for connecting to the milter was incorrectly reverted, this puts it back to how it should be. Change-Id: Ifde669c920a249c782f577a112f4d45e60a889a2
2016-06-02ensure soledad server has access to x509::variableselijah
2016-06-01ensure soledad server has access to x509::variableselijah
2016-06-01Merge branch 'disable_agent' into '0.8.x' Varac
Disable puppet-agent daemon from running. The agent wakes up every two minutes and tries to connect to the default server, failing with a certificate warning. We don't use the agent, so we can safely disable it (#8032) Change-Id: I707f42b59205993325431aba283552b1b73a0ad1 See merge request !1
2016-06-01Merge branch 'timeout_7807' into '0.8.x' Varac
Reduce check_mk timeouts (#7807). check_mk operations can take a long time (such as when doing a re-inventory using "check_mk -II") when multiple hosts are down. This decreases the connect timeout to 5 seconds. Change-Id: I1eac5f14bad2afc2ffc4cbf8c950c24b052a0d6e See merge request !2
2016-05-31Reduce check_mk timeouts (#7807).Micah
check_mk operations can take a long time (such as when doing a re-inventory using "check_mk -II") when multiple hosts are down. This decreases the connect timeout to 5 seconds. Change-Id: I1eac5f14bad2afc2ffc4cbf8c950c24b052a0d6e
2016-05-31Disable puppet-agent daemon from running.Micah
The agent wakes up every two minutes and tries to connect to the default server, failing with a certificate warning. We don't use the agent, so we can safely disable it (#8032) Change-Id: I707f42b59205993325431aba283552b1b73a0ad1
2016-05-26fix typo that prevented common.ENV.json from being loaded. closes #7697elijah
2016-05-20[feat] Automatic couchdb db compactionvarac
Automatic background couchdb db compaction frees a huge amount of diskspace. - Resolves: #8118
2016-05-18Merge branch 'tests' into developvarac
2016-05-17update submodules so "rake test" doesnt complain anymorevarac
2016-05-17ignore Gemfile.lockvarac
2016-05-17[lint] make future parser happyvarac
2016-05-17Add syntaxcheck and lint rake tasks to platformvarac
`rake test` will run all puppet checks required for CI (syntax , validate, templates, spec, lint). We ignore lint checks for submodules for now because puppet-lint would complain a lot!
2016-05-16[test] added tests that use postmap -q to verify that leap_mx is returning ↵elijah
results
2016-05-12[feat] catch abnormal proc termination in syslogvarac
Sometimes a floating point exception or segfault of a process results in systemd restarting it, we want to recognize this from the syslog i.e.: systemd[1]: pixelated-server.service: main process exited, code=killed, status=8/FPE systemd[1]: Unit pixelated-server.service entered failed state. - Related: https://github.com/pixelated/pixelated-user-agent/issues/683
2016-05-10Merge tag '0.8.0'Micah
Release 0.8.0
2016-05-10Update CHANGES to clarify a few minor things0.8.0Micah
Change-Id: I5d5595d2da8770d61cc2328e3e9b7ac482527e89
2016-05-10update /doc directory with latest from leap docs/platformMicah
Change-Id: I696af649806a7321f92baaf55dc5d404ce5c3d93
2016-05-09update check_mk submodulevarac
2016-05-03[bug] Run check_mk-refresh-inventory-daily after check_mk-refreshvarac
Otherwise, the nagios config will get regenerated and nagios gets reloaded before all checks are registered by a check_mk inventory. - Related: #6873
2016-05-03[bug] run check_mk inventory on every puppetrunvarac
After upgrading the platform, there might be old check_mk checks registered on the monitor hosts. We now run a check_mk inventory on every run that also purged old non-existng checks. - Resolves: #6873
2016-05-03migrate from obsolete SSLCertificateChainFile apache option (#8055)kwadronaut
2016-05-03migrate from obsolete SSLCertificateChainFile apache option (#8055)Micah
Change-Id: I20a28ae77c98071aefc1933e0ea73e5f3b895acb
2016-04-27Fix shorewall not starting with systemd (#8044)Micah
Shorewall in jessie doesn't come with a proper unit file, and as a result, it doesn't properly start with systemd. To solve this, we provide the systemd unit file that comes with stretch, add a systemd submodule that provides the exec resources needed for when systemd units or configuration files are changed Change-Id: I861fa951835928b4741abfbf969adcee4b8f147b
2016-04-25[tests] better error message when identity test cannot contact api. closes #8046elijah
2016-04-25Merge branch 'linting' into developvarac
2016-04-25[style] lint further morevarac
- ignore puppet lint error about inheriting from different namespace
2016-04-18Fix clamd start configuration (#8048)Micah
If clamd is not running, the helpful cronjob tries to start it again, but the way it is being started can only be run as root, and the cronjob is run as the clamav user, so you get an error on each cron run. This fixes that problem Change-Id: I4cdb29dc651bee8a2eef1655ad4748d885afae0f
2016-04-18[style] more manual linting for custom manifestsvarac
2016-04-18[style] lint some custom manifestsvarac
I used `puppet-lint -f FILE` to fix most issues, while finishing with manual intervention.
2016-04-18Only lint custom modules, not submodulesvarac
2016-04-18initial Rakefile and Gemfile for testsvarac
2016-04-13test: ensure that checkmk always gets the same list of testselijah
2016-04-12fix incorrect template nameMicah
Change-Id: I23d7fcea3755e9ecab561ecf69d8a6ecb8bdeca4
2016-04-12Put openvpn logs into leap directory (#8021)Micah
Have openvpn logs go to /var/log/leap/openvpn_$protocol, instead of to /var/log/daemon.log. Change-Id: I1fc33de660648ab0dba1ce98de2864649c104719
2016-04-12Log stunnel server logs same as client (#8021)Micah
stunnel server logs were not going to /var/log/stunnel4/*, but to /var/log/syslog instead. This was different from stunnel client logging, now its the same. Change-Id: I2dc2024b77dbb65554fc7865b0e46aedf930c6d8
2016-04-12Remove duplicate mail logging (#8021)Micah
Add a site_rsyslog config that removes duplicate mail logging. Previously mail logs would be copied to /var/log/syslog, mail.log, mail.err, mail.info, maillog and to the console. This removes those and only puts them in /var/log/mail.log. It also removes other superfluous configurations, either because they are commented out already, or because they are uucp or nntp. Change-Id: Ib05036787d2c818bf8802c22a4b8050f945a6e6d
2016-04-12Fix postfix connection to opendkim milter (#8020)Micah
In order for postfix to access the opendkim milter socket, we need to remove the chroot option for the cleanup service. See e97a9d3800b173375a630e18e4b1aa0894eb96e1 for opendkim implementation. Change-Id: I2742650965e61273fb804ebe9ce3f9bd38796582