summaryrefslogtreecommitdiff
path: root/puppet/modules/site_config/manifests
AgeCommit message (Collapse)Author
2016-07-05set domain-secure to internal domain.Micah
Without this set, dnssec will fail validation for internal domains, which should not be validated Change-Id: I8589332598fe97ad5218dd23825ac77af2d8def6
2016-07-05Enable DNSSEC validation in unbound (#8214).Micah
Change-Id: Ibdf39a721162b4a5663ef27c27b2db0261c6e8a5
2016-06-30Make sure bind9 doesn't take over unbound (#8213).Micah
Change-Id: Icaab817870d005b7a854a3fb8c402705d0b2d77f
2016-06-30Remove bigcouch (#8056)Micah
Change-Id: I0c6e27298c63bd37de1410985d054799818c22a4
2016-06-28Make sure bind9 doesn't take over unbound (#8213).Micah
Change-Id: Icaab817870d005b7a854a3fb8c402705d0b2d77f
2016-06-27Fix the permissions on the DOMAIN/provider.json file for static sites.elijah
2016-05-31Disable puppet-agent daemon from running.Micah
The agent wakes up every two minutes and tries to connect to the default server, failing with a certificate warning. We don't use the agent, so we can safely disable it (#8032) Change-Id: I707f42b59205993325431aba283552b1b73a0ad1
2016-05-03migrate from obsolete SSLCertificateChainFile apache option (#8055)Micah
Change-Id: I20a28ae77c98071aefc1933e0ea73e5f3b895acb
2016-04-18[style] more manual linting for custom manifestsvarac
2016-04-18[style] lint some custom manifestsvarac
I used `puppet-lint -f FILE` to fix most issues, while finishing with manual intervention.
2016-04-12Put openvpn logs into leap directory (#8021)Micah
Have openvpn logs go to /var/log/leap/openvpn_$protocol, instead of to /var/log/daemon.log. Change-Id: I1fc33de660648ab0dba1ce98de2864649c104719
2016-04-12Remove duplicate mail logging (#8021)Micah
Add a site_rsyslog config that removes duplicate mail logging. Previously mail logs would be copied to /var/log/syslog, mail.log, mail.err, mail.info, maillog and to the console. This removes those and only puts them in /var/log/mail.log. It also removes other superfluous configurations, either because they are commented out already, or because they are uucp or nntp. Change-Id: Ib05036787d2c818bf8802c22a4b8050f945a6e6d
2016-03-10[jessie] Remove obsolete backports pinningvarac
2016-03-10[bug] Remove stunnel leftovers from bigcouchvarac
- Resolves: #7785
2016-02-23We are rotating the mx logs 5 times, but we originally thought we shouldMicah
only have the following logfiles in that directory ever: mx.log, mx.log.[1-5], with an optional .gz suffix. However, we were wrong about the 'optional' part of the compression, we use the 'compress' option, so the logs will always be compressed. So there should never be the log files mx.log.1, mx.log.2, etc. This change adjusts the clean-up to deal with that. (#7058) https://github.com/leapcode/leap_platform/pull/97 Change-Id: I109d08ac063fe094c54e93be91893a67d7fbb51b
2016-02-23get dkim working, closes #5924elijah
2016-02-16remove pinning of openvpn package to backportselijah
2016-02-11Disable journald in order to resolve IP logging subversion (#7863)Micah
Change-Id: I9cee85c19d86dc7c8d70c4cdeb2e7426191b57a5
2016-02-02Merge branch 'bugfix/mxlog' into developelijah
2016-02-02[bug] Fix bigcouch spoolfile removalvarac
- Resolves: #7641
2016-02-02[refactor] Dont duplicate Package resource overridevarac
`site_apt` aready ensures for installing packages after Exec[update_apt] is run, so we don't need to duplicate this in `site_config::default.pp`.
2016-02-02[refactor] Use Exec[apt_updated] instead of Exec[refresh_apt]varac
Because this is the recommended way of depnending in the apt README.
2016-02-02[bug] Fix duplicate definition error for Class[Apt]varac
We need to include class `site_config::default` in class `site_config::slow` so we don't get this duplicate definition: - [local1.bitmask.local] Error: Duplicate declaration: Class[Apt] is already declared; cannot redeclare at /srv/leap/puppet/modules/site_apt/manifests/init.pp:29 on node local1.bitmask.local To be honest, i didn't figuered out the real cause of this, but it works with this.
2016-02-02[refactor] Remove atomic apt package dependecyvarac
`site_config::default.pp` takes care the all packages are installed before `Exec['refresh_apt']`, so we don't need to add it here for a single package.
2016-02-02finally fix leap-mx logging, for the last time, hopefully.elijah
2016-01-28[feat] Fix fast deploy using 'leap deploy --fast'varac
This worked before, but somehow stopped working. We need to include 'site_config::slow' top-level scope instead of including it in 'site_config::default', because otherwise it would get tagged with 'leap_base', and would be included always. This way 'site_config::slow' gets included by default, but can be excluded by using 'leap deploy --fast'. See https://leap.se/en/docs/platform/details/under-the-hood#tags - Resolves: #7844
2016-01-28[bug] Fix removing of bigcouch logwatch spoolfilesvarac
The problem was that puppet tried to remove them on the couch node, but they need to get removed on monitor node. - Resolves: #7641
2016-01-26[bug] remove bigcouch compaction cronjobvarac
- Resolves: #7629
2016-01-26[feat] Move bigcouch removals to own classvarac
We now include "site_config::remove::bigcouch" in class "site_couchdb::master", which sets up plain couchdb.
2016-01-26[bug] Use ruby::devel to install ruby-dev debvarac
Ruby itself is a parameterized class, and parameters cannot get overridden (see https://projects.puppetlabs.com/issues/9259). The webapp node didn't install the ruby-dev package (we never noticed because our vagrant images as probably other debian images had ruby-dev preinstalled). We now use the ruby::devel class to install ruby-dev. - Tested: [citest-jessie] - Resolves: #7838
2016-01-23[feat] Don't remove portmap on vagrantvarac
Vagrant uses portmap and nfs-common for mounting shared folders using nfs.
2016-01-22[bug] refactor build-essential package installationvarac
In certain node setups, the webapp gems cannot get built because `build-essential` and dependent packages were not present. I refactored the `site_config::packages::build_essential` class, which now inherits `site_config::packages`. The latter class removes all unneccessary (development) packages, but when the `site_config::packages::build_essential` class is included, some dev packages are overridden to be installed. - Tested: [local] - Resolves: #7834
2016-01-22Include site_config::params in all x509 subclasses (#6851)varac
After restructuring site.pp to only include site_config::default and the service-specific classes, we got this: Duplicate declaration: X509::Cert[undef] is already declared in file /srv/leap/puppet/modules/site_config/manifests/x509/commercial/cert.pp at line 8; cannot redeclare at /srv/leap/puppet/modules/site_config/manifests/x509/cert.pp:8 on node rewcitestweb1.rewire.org So i included site_config::params in all site_config::x509 clases. Change-Id: Ib8387abfdc68b36c73a45fd2dd1f3a159eaec4a5
2016-01-22restructured site.pp, now only one class gets included in site.pp per ↵varac
service (Bug #6851) Also, moved global Exec{} defaults to site.pp Change-Id: I9ae91b77afde944d2f1312613b9d9030e32239dd
2016-01-19Swiss privacy foundation nameserver is not responding, switch secondaryMicah
fall-back to an OpenNIC resolver that does not log (#7781) Change-Id: I290321927c8188c82e95e2cd4b93cd01bd2258c2
2016-01-19Merge branch '7802_rsyslog_jessie' into developvarac
2016-01-19Ensure curl is installed before it is called (#7803)Micah
Change-Id: Iedd464a397e9944159991241cd84caad6a2a40d6
2016-01-15[bug] Only pin rsyslog debs to backports on wheezyvarac
- Resolves: #7802
2016-01-15linted site_config::syslogvarac
2016-01-08[bug] Make /etc/leap world-readablevarac
Under jessie, leap-mx is started by systemd now, not as a forked proc by twistd anymore. Therefore leap-mx (the user the mx proc runs as) needs direct access to it's config file under /etc/leap/mx.conf. Before, twistd would start as root, read the config and then fork an mx proc as unprivileged leap-mx user. - Tested: [quetzal] - Resolves: #7782
2015-12-15Merge branch 'dont_remove_nfs_client_on_vagrant' into developvarac
2015-12-15Merge branch 'remove_run_stages' into developvarac
2015-12-15Have leap-mx log with the process name 'leap-mx', but log toMicah
/var/log/leap/mx.log, and clean up the files associated with the previous configuration (#7691) Change-Id: Id08c97980292968e8e89f128afb5fa78bda30069
2015-12-10[feat] Dont remove nfs client on local vagrant nodesvarac
2015-12-09[feat] Remove puppet run stagesvarac
To reduce complexity, let's get rid of run stages. We used them earlier but they seem to have no purpose anymore. There was two stage leftovers: - `site_config::slow` did an `apt-get dist-upgrade` in the `setup` stage - `site_config::setup` did call the `site_config::hosts` class in the `setup` stage I checked for dependencies to to those resources, and it looks good, i tested by triggering a citest. From https://docs.puppetlabs.com/puppet/latest/reference/lang_run_stages.html#limitations-and-known-issues: ``` Due to these limitations, stages should only be used with the simplest of classes, and only when absolutely necessary. Mass dependencies like package repositories are effectively the only valid use case. ```
2015-11-24Switch to syslog for leap_mx (#6942)Micah
In order to switch to syslog for leap_mx, leap_mx needs to change to log to syslog (#6307 and #6937), and we need to clean up the platform pieces that set the non-syslog options, and rotated log files (#6942). Hopefully, this will solve the leap_mx logrotation issue at the same time (#7058) Change-Id: If68f808a65c24c91231b88d15759809c9e379294
2015-11-24Cleanup old leap mx logs that may appear on some nodes due to how thingsMicah
were logged before Change-Id: Ief95f35ea52a189075c2eda28c00bcc567c464b2
2015-11-17[bug] [jessie] Don't specify ruby versionsvarac
because ruby-1.9.3 is not available on jessie. - Related: #6920
2015-11-17[feat] Don't manually install compiler packagesvarac
These packages are a dependency of build-essential and will get installed anyway. - Related: #6920
2015-11-02Add basic DKIM support, this requires changes in leap_cli detailed inMicah
issue #5924 Change-Id: I6aa1e7751633407d441cbc6436d8426d37dbbfa7