| Age | Commit message (Collapse) | Author |
|---|
|
The agent wakes up every two minutes and tries to connect to the default
server, failing with a certificate warning. We don't use the agent, so
we can safely disable it (#8032)
Change-Id: I707f42b59205993325431aba283552b1b73a0ad1
|
|
`site_apt` aready ensures for installing packages after Exec[update_apt]
is run, so we don't need to duplicate this in `site_config::default.pp`.
|
|
Because this is the recommended way of depnending in the apt README.
|
|
This worked before, but somehow stopped working.
We need to include 'site_config::slow' top-level scope instead
of including it in 'site_config::default', because otherwise it
would get tagged with 'leap_base', and would be included always.
This way 'site_config::slow' gets included by default, but can be
excluded by using 'leap deploy --fast'.
See https://leap.se/en/docs/platform/details/under-the-hood#tags
- Resolves: #7844
|
|
In certain node setups, the webapp gems cannot get built
because `build-essential` and dependent packages were not
present.
I refactored the `site_config::packages::build_essential` class,
which now inherits `site_config::packages`. The latter class removes
all unneccessary (development) packages, but when the
`site_config::packages::build_essential` class is included, some
dev packages are overridden to be installed.
- Tested: [local]
- Resolves: #7834
|
|
service (Bug #6851)
Also, moved global Exec{} defaults to site.pp
Change-Id: I9ae91b77afde944d2f1312613b9d9030e32239dd
|
|
Soledad now creates user-dbs, which has been done by tapicero
in the past. we need to remove any leftovers from tapicero.
|
|
|
|
Change-Id: I04c796a502db52f3a594ef4c3cf08c330839bc13
|
|
/var/log/leap/deploy-summary.log (just the start and complete, with platform version, user, leap_cli version, platform branch). downgrading platform require --downgrade (requires new leap_cli)
|
|
Change-Id: Ibc2ae4697a37af97de625bfc9d8e149306578321
|
|
systems by default (#6664)
Change-Id: Ic2d4416b7c55f00f01d4b2ade78339d653bc8993
|
|
|
|
change puppet command to include in the --modulepath
/srv/leap/files/puppet/modules
If a provider places puppet code under files/puppet it will
be sync'd over to all the nodes, once leap cli #6225 is merged.
The custom puppet entry point is in class 'custom' which can
be put into files/puppet/modules/custom/manifests/init.pp
Change-Id: I74879c6ee056b03cd4691aa81a7668b60383bdad
|
|
we don't dhclient to to set domain and search in /etc/reslov.conf
bigcouch has a strange way to find its hostname. It uses the domain
stanza in /etc/resolv.conf to find its domain
|
|
depending on the services.
|
|
The existing site_config::sshd had a non-functioning 'include sshd' line
in it that was not doing what was expected (this was supposed to include
the sshd module, but due to scoping was including itself).
It seemed better to eliminate some of the unused pieces and consolidate
into one config location.
Change-Id: I79dd904e696ca646180a09abbb03b5361dfc8ab9
|
|
virtualbox sends the domain with the dhcp-answer.
If the wrong domain ends up in /etc/resolv.conf bigcouch fails.
|
|
|
|
|
|
|
|
|
|
This change sets the sysctl net.ipv4.ip_nonlocal_bind to allow
applications to bind to an address, even when the link is down. This is
necessary because applications like unbound and openvpn fail to start on
boot in some situations because interfaces are not fully up (due to a
combination of non-deterministic booting because of the likely potential
setting of allow-hotplug in the interfaces file and the LSB boot
dependency on $network not being sufficient.
The only down-side to setting this is a daemon could bind to an
incorrect ip and we wouldn't get an error, but this would be a
configuration mistake, rather than a fatal condition.
Change-Id: I5c03083e8c20bb25afad85a1230f4555808d341c
|
|
|
|
from debian
Change-Id: If07ee200e2ae0d9cfaf8e405d6354c80d77330ca
|
|
|
|
|
|
site_config::packages::base
add site_config::packages::gnutls for inclusion (#3955)
Change-Id: I9599eb26844503613c16f57ee17d6ea7bd0cf6fb
|
|
|
|
(#3782)
in commit 338833, we established a relationship between all
resources that have a leap_service tag, that are called in site.pp.
But we had some resources as default on every node in site.pp
(apt::update, Package { require => Exec['apt_updated'] },
site_config::slow and stdlib), that were still lacking any
relationship to the leap_service tag.
By moving them into default.pp they automatically are executed
before resources with a leap_service tag.
|
|
|
|
|
|
|
|
|
|
squashed commits:
site_squid_deb_proxy::client: include shorewall::rules::mdns for avahi discovery
added submodule squid_deb_proxy from git://code.leap.se/puppet_squid_deb_proxy
updated submodule squid_deb_proxy
use squid_deb_proxy::client
|
|
to work with the latest leap_cli.
|
|
packages that we want to make sure are installed remove packages that were found on vagrant and PC installations that have no business being there
Change-Id: I4887a327ca89eb60945ad817a75ff199859824d3
|
|
openstack/amazon instances
The dhclient in these environments is quite aggressive and overwrites the
nameservers we've deliberately chosen to use with google's nameservers. This
commit attempts to fix that.
The dhclient methodology for altering these things is particularly
unpleasant. We effectively redefine the functions that mess with this file to be
noops in the /etc/dhcp/dhclient-enter-hooks.d directory and then we are forced
to restart dhclient by shipping a script that tries to determine the correct PID
and arguments that it was running as before killing and restarting it with the
same arguments.
See debian bugs #681698, #712796 for further discussion about how to make this
less difficult
Change-Id: I51cf40cf98eaddcefd8180e157b6e3ca824173f0
|
|
setup a /etc/profile.d configuration snippet to put /srv/leap/bin in the $PATH (#2122)
Change-Id: I0afb5232375e6c6d9f692a97243023c710265d54
|
|
|
|
|
|
|
|
Because in site.pp it didn't get the tag "leap_base"
and would not be declared with leap cli's default puppet
tags.
Fixes: parent directory /var/lib/puppet/concat
does not exist (Feature#1625)
|
|
|
|
|
|
|
|
|
