Age | Commit message (Collapse) | Author |
|
Without this set, dnssec will fail validation for internal domains,
which should not be validated
Change-Id: I8589332598fe97ad5218dd23825ac77af2d8def6
|
|
Change-Id: Ibdf39a721162b4a5663ef27c27b2db0261c6e8a5
|
|
Change-Id: Icaab817870d005b7a854a3fb8c402705d0b2d77f
|
|
Change-Id: I0c6e27298c63bd37de1410985d054799818c22a4
|
|
Change-Id: Icaab817870d005b7a854a3fb8c402705d0b2d77f
|
|
|
|
The agent wakes up every two minutes and tries to connect to the default
server, failing with a certificate warning. We don't use the agent, so
we can safely disable it (#8032)
Change-Id: I707f42b59205993325431aba283552b1b73a0ad1
|
|
Change-Id: I20a28ae77c98071aefc1933e0ea73e5f3b895acb
|
|
|
|
I used `puppet-lint -f FILE` to fix most issues, while
finishing with manual intervention.
|
|
Have openvpn logs go to /var/log/leap/openvpn_$protocol, instead of to
/var/log/daemon.log.
Change-Id: I1fc33de660648ab0dba1ce98de2864649c104719
|
|
Add a site_rsyslog config that removes duplicate mail logging.
Previously mail logs would be copied to /var/log/syslog, mail.log,
mail.err, mail.info, maillog and to the console. This removes those and
only puts them in /var/log/mail.log.
It also removes other superfluous configurations, either because they
are commented out already, or because they are uucp or nntp.
Change-Id: Ib05036787d2c818bf8802c22a4b8050f945a6e6d
|
|
|
|
- Resolves: #7785
|
|
only have the following logfiles in that directory ever:
mx.log, mx.log.[1-5], with an optional .gz suffix.
However, we were wrong about the 'optional' part of the compression, we
use the 'compress' option, so the logs will always be compressed. So
there should never be the log files mx.log.1, mx.log.2, etc.
This change adjusts the clean-up to deal with that. (#7058)
https://github.com/leapcode/leap_platform/pull/97
Change-Id: I109d08ac063fe094c54e93be91893a67d7fbb51b
|
|
|
|
|
|
Change-Id: I9cee85c19d86dc7c8d70c4cdeb2e7426191b57a5
|
|
|
|
- Resolves: #7641
|
|
`site_apt` aready ensures for installing packages after Exec[update_apt]
is run, so we don't need to duplicate this in `site_config::default.pp`.
|
|
Because this is the recommended way of depnending in the apt README.
|
|
We need to include class `site_config::default` in class
`site_config::slow` so we don't get this duplicate definition:
- [local1.bitmask.local] Error: Duplicate declaration: Class[Apt] is
already declared; cannot redeclare at
/srv/leap/puppet/modules/site_apt/manifests/init.pp:29 on node
local1.bitmask.local
To be honest, i didn't figuered out the real cause of this, but it works
with this.
|
|
`site_config::default.pp` takes care the all packages are
installed before `Exec['refresh_apt']`, so we don't need to
add it here for a single package.
|
|
|
|
This worked before, but somehow stopped working.
We need to include 'site_config::slow' top-level scope instead
of including it in 'site_config::default', because otherwise it
would get tagged with 'leap_base', and would be included always.
This way 'site_config::slow' gets included by default, but can be
excluded by using 'leap deploy --fast'.
See https://leap.se/en/docs/platform/details/under-the-hood#tags
- Resolves: #7844
|
|
The problem was that puppet tried to remove them on the couch node,
but they need to get removed on monitor node.
- Resolves: #7641
|
|
- Resolves: #7629
|
|
We now include "site_config::remove::bigcouch" in class
"site_couchdb::master", which sets up plain couchdb.
|
|
Ruby itself is a parameterized class, and parameters cannot get
overridden (see https://projects.puppetlabs.com/issues/9259).
The webapp node didn't install the ruby-dev package (we never
noticed because our vagrant images as probably other debian images
had ruby-dev preinstalled).
We now use the ruby::devel class to install ruby-dev.
- Tested: [citest-jessie]
- Resolves: #7838
|
|
Vagrant uses portmap and nfs-common for mounting shared folders using
nfs.
|
|
In certain node setups, the webapp gems cannot get built
because `build-essential` and dependent packages were not
present.
I refactored the `site_config::packages::build_essential` class,
which now inherits `site_config::packages`. The latter class removes
all unneccessary (development) packages, but when the
`site_config::packages::build_essential` class is included, some
dev packages are overridden to be installed.
- Tested: [local]
- Resolves: #7834
|
|
After restructuring site.pp to only include site_config::default and
the service-specific classes, we got this:
Duplicate declaration: X509::Cert[undef] is already declared in file
/srv/leap/puppet/modules/site_config/manifests/x509/commercial/cert.pp
at line 8; cannot redeclare at
/srv/leap/puppet/modules/site_config/manifests/x509/cert.pp:8 on node
rewcitestweb1.rewire.org
So i included site_config::params in all site_config::x509 clases.
Change-Id: Ib8387abfdc68b36c73a45fd2dd1f3a159eaec4a5
|
|
service (Bug #6851)
Also, moved global Exec{} defaults to site.pp
Change-Id: I9ae91b77afde944d2f1312613b9d9030e32239dd
|
|
fall-back to an OpenNIC resolver that does not log (#7781)
Change-Id: I290321927c8188c82e95e2cd4b93cd01bd2258c2
|
|
|
|
Change-Id: Iedd464a397e9944159991241cd84caad6a2a40d6
|
|
- Resolves: #7802
|
|
|
|
Under jessie, leap-mx is started by systemd now, not as a forked
proc by twistd anymore. Therefore leap-mx (the user the mx proc runs
as) needs direct access to it's config file under /etc/leap/mx.conf.
Before, twistd would start as root, read the config and then fork an mx
proc as unprivileged leap-mx user.
- Tested: [quetzal]
- Resolves: #7782
|
|
|
|
|
|
/var/log/leap/mx.log, and clean up the files associated with the
previous configuration (#7691)
Change-Id: Id08c97980292968e8e89f128afb5fa78bda30069
|
|
|
|
To reduce complexity, let's get rid of run stages.
We used them earlier but they seem to have no purpose anymore.
There was two stage leftovers:
- `site_config::slow` did an `apt-get dist-upgrade` in the
`setup` stage
- `site_config::setup` did call the `site_config::hosts` class
in the `setup` stage
I checked for dependencies to to those resources, and it looks good,
i tested by triggering a citest.
From
https://docs.puppetlabs.com/puppet/latest/reference/lang_run_stages.html#limitations-and-known-issues:
```
Due to these limitations, stages should only be used with the simplest
of classes, and only when absolutely necessary. Mass dependencies like
package repositories are effectively the only valid use case.
```
|
|
In order to switch to syslog for leap_mx, leap_mx needs to change to log
to syslog (#6307 and #6937), and we need to clean up the platform pieces
that set the non-syslog options, and rotated log
files (#6942). Hopefully, this will solve the leap_mx logrotation issue
at the same time (#7058)
Change-Id: If68f808a65c24c91231b88d15759809c9e379294
|
|
were logged before
Change-Id: Ief95f35ea52a189075c2eda28c00bcc567c464b2
|
|
because ruby-1.9.3 is not available on jessie.
- Related: #6920
|
|
These packages are a dependency of build-essential and will
get installed anyway.
- Related: #6920
|
|
issue #5924
Change-Id: I6aa1e7751633407d441cbc6436d8426d37dbbfa7
|