summaryrefslogtreecommitdiff
path: root/puppet/modules/site_config/manifests
AgeCommit message (Collapse)Author
2013-09-03require that shorewall has been installed before execs are run (#3339)Micah Anderson
Change-Id: Iae2b1cacd64565931cef77194a733aeae681efaf
2013-08-27fix name of initial_firewall.pp file (#3339)Micah Anderson
Change-Id: I341628d0f36225ce49ae301246e7c152553efcae
2013-08-22install a preliminary firewall that blocks everything, except ssh for the ↵Micah Anderson
cases when shorewall doesn't properly come up, ensuring that it fails safe (#3339) Change-Id: Id4f0bf6cf25f420aa2ad67635b37ae95f54e3d38
2013-08-14vagrant: Install squid-deb-proxy on clients (optional) (Feature #3330)varac
squashed commits: site_squid_deb_proxy::client: include shorewall::rules::mdns for avahi discovery added submodule squid_deb_proxy from git://code.leap.se/puppet_squid_deb_proxy updated submodule squid_deb_proxy use squid_deb_proxy::client
2013-07-31Revert "Site_webapp/Try::File: Could not find command 'git' (Bug #3202)"varac
This reverts commit 9e83de3497ec55f4910de099917387d500b8f4b4.
2013-07-31Site_webapp/Try::File: Could not find command 'git' (Bug #3202)varac
2013-07-17default to false for $hostselijah
2013-07-11changes to support restrictive permissions for /etc/leap. this is required ↵elijah
to work with the latest leap_cli.
2013-07-03Merge branch 'bug/1983' into leapMicah Anderson
2013-07-02create a site_config subclass for package installation and removal add ↵Micah Anderson
packages that we want to make sure are installed remove packages that were found on vagrant and PC installations that have no business being there Change-Id: I4887a327ca89eb60945ad817a75ff199859824d3
2013-07-02deleted bind9 purging, it was only needed for the transition from bind to ↵varac
unbound
2013-07-01restart stunnels if /etc/hosts is changed (#3031)Micah Anderson
Due to the fact that /etc/hosts is modified in the early stage setup.pp run and the stunnel service is not deployed on an initial puppet run, we cannot simply override the Service['stunnel'] but instead need to trigger a restart through an exec calling the init script that first tests to see if it is present. Change-Id: I6bf5dfece9ecbdb8319747774185dec50d5a55f6
2013-06-30modularize and standardize site_sshd:Micah Anderson
. move the setting of the xterm title to site_config::shell . change the xterm file resource to use standard source lines, switch to single quotes, quote mode, and line up parameters . move the mosh pieces into a site_ssh::mosh class and only include it if the right mosh variable is enabled, passing into the class the necessary hiera parameters . lint the site_ssh::mosh resources . change the authorized_keys class to accept the key parameter which is passed in from the main ssh class (but allow for out of scope variable lookup when the tag is passed) Change-Id: Ieec5a3932de9bad1b98633032b28f88e91e46604
2013-06-19disable dhclient from modifying the /etc/resolv.conf file on ↵Micah Anderson
openstack/amazon instances The dhclient in these environments is quite aggressive and overwrites the nameservers we've deliberately chosen to use with google's nameservers. This commit attempts to fix that. The dhclient methodology for altering these things is particularly unpleasant. We effectively redefine the functions that mess with this file to be noops in the /etc/dhcp/dhclient-enter-hooks.d directory and then we are forced to restart dhclient by shipping a script that tries to determine the correct PID and arguments that it was running as before killing and restarting it with the same arguments. See debian bugs #681698, #712796 for further discussion about how to make this less difficult Change-Id: I51cf40cf98eaddcefd8180e157b6e3ca824173f0
2013-06-11add a class site_config::shell for shell-related configurationsMicah Anderson
setup a /etc/profile.d configuration snippet to put /srv/leap/bin in the $PATH (#2122) Change-Id: I0afb5232375e6c6d9f692a97243023c710265d54
2013-06-11lint hosts.ppMicah Anderson
Change-Id: If10470978ee31a398e0b88d8d98552c93d4706a2
2013-05-30site_sshd -- added xterm title, optional support for moshelijah
2013-05-23Install git before vcsrepo call (Feature #2510)varac
2013-05-18added module site_nickserverelijah
2013-04-30setup a site_config::params class that can be used to set some common ↵Micah Anderson
variables that are used in different places to start with we setup the $interface variable, based on logic as defined in #2213 change the various places that were looking up this value to use site_config::params::interface instead
2013-04-02fix variable curly bracesMicah Anderson
2013-04-01added setup.ppelijah
2013-02-12switch to using stdlib's standard stagesMicah Anderson
2013-02-06site_config::default : include site_shorewall::defaultsvarac
2013-02-01moved concat::setup to site_config::defaultvarac
Because in site.pp it didn't get the tag "leap_base" and would not be declared with leap cli's default puppet tags. Fixes: parent directory /var/lib/puppet/concat does not exist (Feature#1625)
2013-01-31tag 'base' is a bad idea because it invokes apache::base as wellvarac
2013-01-31install etckeeper on all nodesvarac
2013-01-31changed tag default to 'base'varac
2013-01-31puppet tags: site_config::default and site_config::slowvarac
2013-01-29fix deprecation warnings in site_configvarac
2013-01-29run stage declaration moved to site.ppvarac
2013-01-23require that the unbound package is installed before attempting to makeMicah Anderson
sub-directories under /etc/unbound (#1412)
2013-01-20configure fqdn for hostvarac
2013-01-20remove bind9 service stop (#1421)varac
2013-01-17unfortunately the version of unbound that is in wheezy does not support wildcardMicah Anderson
include directives, so this commit works around this by doing something less elegant than before. When we have the newer unbound available, we should switch to that method instead.
2013-01-16Swtich from bind9 as the local caching resolver to unbound. This will enable usMicah Anderson
to do tor lookups over DNS on servers, if tor services are defined. To do this, we remove the bind9 configurations from site_config::resolvconf.pp and replace it with site_config::caching_resolver with a basic unbound configuration that can be used everywhere. The unbound configuration enables a /etc/unbound/conf.d directory for additional config snippits that can be dropped in from other places. This will be used for setting up different interfaces in the vpn gateway, for example. There will be a set of transition package/file absent blocks to clean up providers.
2012-12-19move apt-get upgrade to inital stagevarac
2012-12-16named.options -> named.conf.optionsvarac
2012-12-16bind: use local, ipv4 only name-caching resolver (fixes #1171)varac
2012-12-14moved site_config::apt to site_aptvarac
2012-12-11neglected to add the 'refreshonly' parameter to the exec in previous commitMicah Anderson
2012-12-11change hostname exec to only apply when either the /etc/hostname or ↵Micah Anderson
/etc/hosts files are changed (otherwise it runs on every run)
2012-12-11set up an 'initial' run stage to happen before the 'main' run stage and put theMicah Anderson
site_config::hosts to be in the initial run stage to make sure the hostname is set before anything else.
2012-12-11remove extra space in hostname execMicah Anderson
2012-12-11test to see if the hosts value is empty before trying to reference it in a ↵Micah Anderson
template also set the hostname to what the hiera 'name' is set to
2012-12-11setup /etc/hosts based on a template and the hiera value 'hosts'Micah Anderson
This will replace the existing /etc/hosts, so we will want to make this more smart later
2012-11-29include apt in the site_config/apt classMicah Anderson
2012-11-29disable apt pdiffs, they are slow on fast linksMicah Anderson
2012-11-21move site_config::eip to site_openvpn (Feature #943)varac
2012-10-30no need for configuring authorized_keys as leap_cli cares for thatvarac