| Age | Commit message (Collapse) | Author |
|---|
|
change puppet command to include in the --modulepath
/srv/leap/files/puppet/modules
If a provider places puppet code under files/puppet it will
be sync'd over to all the nodes, once leap cli #6225 is merged.
The custom puppet entry point is in class 'custom' which can
be put into files/puppet/modules/custom/manifests/init.pp
Change-Id: I74879c6ee056b03cd4691aa81a7668b60383bdad
|
|
fixes /etc/hosts: wrong order (Bug #5835) (now for real)
before, /etc/hosts contained i.e.
127.0.1.1 plain1 plain1.bitmask.net plain1.bitmask.i
which resulted in no fqdn reported both by "hostname -f"
and "facter fqdn"
this fix produces this order which is needed to report a fqdn:
127.0.1.1 plain1.bitmask.net plain1 plain1.bitmask.i
|
|
now "hostname -f" results in the correct hostname.
Fixes #5835
|
|
depending on the services.
|
|
|
|
the problem was following:
if a host has the webapp service, the template for /etc/hosts adds some stuff.
But setup.pp did not ask hiera about the services so
"/srv/leap/bin/puppet_command set_hostname" always resets the hostname.
Since that gets triggered every time you run "leap deploy" the
hostname changes, some services restart, then the hostname changes back and
the services restart again.
The solution is to get the hiera data before every run.
|
|
The existing site_config::sshd had a non-functioning 'include sshd' line
in it that was not doing what was expected (this was supposed to include
the sshd module, but due to scoping was including itself).
It seemed better to eliminate some of the unused pieces and consolidate
into one config location.
Change-Id: I79dd904e696ca646180a09abbb03b5361dfc8ab9
|
|
This is done by using the include glob capability that is in the
wheezy-backports and newer unbound to include the
/etc/unbound/unbound.conf.d/* config files.
To do this, we need to transition from our /etc/unbound/conf.d directory
structure to use the one that the debian package uses.
This allows us to clean up the rather ugly way we were configuring the
resolver before.
Change-Id: I68347922f265bbd0ddf11d59d8574a612a7bd82c
|
|
Change-Id: I3f6a4db26e064a520a08822cf23fc3288b31af62
|
|
Change-Id: Ie28de8d3f7a8c8cf52ce30365379a476d48dc88b
|
|
group it with the other preferences snippets
Change-Id: I83928c6b82cd6218a80c95475729cb57f146ff85
|
|
virtualbox sends the domain with the dhcp-answer.
If the wrong domain ends up in /etc/resolv.conf bigcouch fails.
|
|
|
|
trigger changes, make the default ipv6 firewall subscribe to shorewall6,
if it exists, and finally reject all outgoing IPv6 packets.
All of this will complete the platform-side of route IPv6 through
OpenVPN gateway, and block it. (Feature #4163)
Change-Id: Icf6d582063ed01d304658b740a565057ee4e6810
|
|
|
|
|
|
https://leap.se/code/issues/5426
|
|
|
|
into elijh-feature/static_site
Conflicts:
puppet/modules/site_config/manifests/packages/base.pp
|
|
|
|
|
|
|
|
webapp log check
|
|
|
|
|
|
|
|
http://www.privacyfoundation.ch/de/service/server.html
|
|
|
|
This change sets the sysctl net.ipv4.ip_nonlocal_bind to allow
applications to bind to an address, even when the link is down. This is
necessary because applications like unbound and openvpn fail to start on
boot in some situations because interfaces are not fully up (due to a
combination of non-deterministic booting because of the likely potential
setting of allow-hotplug in the interfaces file and the LSB boot
dependency on $network not being sufficient.
The only down-side to setting this is a daemon could bind to an
incorrect ip and we wouldn't get an error, but this would be a
configuration mistake, rather than a fatal condition.
Change-Id: I5c03083e8c20bb25afad85a1230f4555808d341c
|
|
Change-Id: I18aa0ee635d7166676e4bb4384e2b517784a68b0
|
|
|
|
|
|
(#4161)
Change-Id: I7eaa35897da3b24833be3b2c14db99cd66b547c0
|
|
(#4161)
Change-Id: I2f0bcc5b4cb5effae57051f04251aeb8b09a4c6d
|
|
it is necessary to install the fixed package from the leap.se repository until it is available in wheezy-backports, so install the apt preferences to pull it from there, and add its necessary library dependency from wheezy-backports
Change-Id: I379ff2ceaac1a978143715d3a7ced0011ca0d747
|
|
from debian
Change-Id: If07ee200e2ae0d9cfaf8e405d6354c80d77330ca
|
|
|
|
* the german privacy foundation has dissolved itself and shut down their
public nameserver. we are now using the public nameserver by Digitalcourage,
a german privacy organisation (https://en.wikipedia.org/wiki/Digitalcourage)
* the IP for the server of the swiss privacy foundation has changed
(http://www.privacyfoundation.ch/de/service/server.html)
|
|
|
|
|
|
they are needed for building gems
|
|
|
|
Change-Id: I844970f1c8f895d5a460d5082bfa1a2a88b32ecd
|
|
site_config::packages::base
add site_config::packages::gnutls for inclusion (#3955)
Change-Id: I9599eb26844503613c16f57ee17d6ea7bd0cf6fb
|
|
site_config::x509::client_ca::key for client_ca deployment (#3917)
|
|
|
|
|
|
|
|
(#3782)
in commit 338833, we established a relationship between all
resources that have a leap_service tag, that are called in site.pp.
But we had some resources as default on every node in site.pp
(apt::update, Package { require => Exec['apt_updated'] },
site_config::slow and stdlib), that were still lacking any
relationship to the leap_service tag.
By moving them into default.pp they automatically are executed
before resources with a leap_service tag.
|
|
#3838)
|
