summaryrefslogtreecommitdiff
path: root/puppet/modules/site_config/manifests
AgeCommit message (Collapse)Author
2016-02-23We are rotating the mx logs 5 times, but we originally thought we shouldMicah
only have the following logfiles in that directory ever: mx.log, mx.log.[1-5], with an optional .gz suffix. However, we were wrong about the 'optional' part of the compression, we use the 'compress' option, so the logs will always be compressed. So there should never be the log files mx.log.1, mx.log.2, etc. This change adjusts the clean-up to deal with that. (#7058) https://github.com/leapcode/leap_platform/pull/97 Change-Id: I109d08ac063fe094c54e93be91893a67d7fbb51b
2016-02-23get dkim working, closes #5924elijah
2016-02-16remove pinning of openvpn package to backportselijah
2016-02-11Disable journald in order to resolve IP logging subversion (#7863)Micah
Change-Id: I9cee85c19d86dc7c8d70c4cdeb2e7426191b57a5
2016-02-02Merge branch 'bugfix/mxlog' into developelijah
2016-02-02[bug] Fix bigcouch spoolfile removalvarac
- Resolves: #7641
2016-02-02[refactor] Dont duplicate Package resource overridevarac
`site_apt` aready ensures for installing packages after Exec[update_apt] is run, so we don't need to duplicate this in `site_config::default.pp`.
2016-02-02[refactor] Use Exec[apt_updated] instead of Exec[refresh_apt]varac
Because this is the recommended way of depnending in the apt README.
2016-02-02[bug] Fix duplicate definition error for Class[Apt]varac
We need to include class `site_config::default` in class `site_config::slow` so we don't get this duplicate definition: - [local1.bitmask.local] Error: Duplicate declaration: Class[Apt] is already declared; cannot redeclare at /srv/leap/puppet/modules/site_apt/manifests/init.pp:29 on node local1.bitmask.local To be honest, i didn't figuered out the real cause of this, but it works with this.
2016-02-02[refactor] Remove atomic apt package dependecyvarac
`site_config::default.pp` takes care the all packages are installed before `Exec['refresh_apt']`, so we don't need to add it here for a single package.
2016-02-02finally fix leap-mx logging, for the last time, hopefully.elijah
2016-01-28[feat] Fix fast deploy using 'leap deploy --fast'varac
This worked before, but somehow stopped working. We need to include 'site_config::slow' top-level scope instead of including it in 'site_config::default', because otherwise it would get tagged with 'leap_base', and would be included always. This way 'site_config::slow' gets included by default, but can be excluded by using 'leap deploy --fast'. See https://leap.se/en/docs/platform/details/under-the-hood#tags - Resolves: #7844
2016-01-28[bug] Fix removing of bigcouch logwatch spoolfilesvarac
The problem was that puppet tried to remove them on the couch node, but they need to get removed on monitor node. - Resolves: #7641
2016-01-26[bug] remove bigcouch compaction cronjobvarac
- Resolves: #7629
2016-01-26[feat] Move bigcouch removals to own classvarac
We now include "site_config::remove::bigcouch" in class "site_couchdb::master", which sets up plain couchdb.
2016-01-26[bug] Use ruby::devel to install ruby-dev debvarac
Ruby itself is a parameterized class, and parameters cannot get overridden (see https://projects.puppetlabs.com/issues/9259). The webapp node didn't install the ruby-dev package (we never noticed because our vagrant images as probably other debian images had ruby-dev preinstalled). We now use the ruby::devel class to install ruby-dev. - Tested: [citest-jessie] - Resolves: #7838
2016-01-23[feat] Don't remove portmap on vagrantvarac
Vagrant uses portmap and nfs-common for mounting shared folders using nfs.
2016-01-22[bug] refactor build-essential package installationvarac
In certain node setups, the webapp gems cannot get built because `build-essential` and dependent packages were not present. I refactored the `site_config::packages::build_essential` class, which now inherits `site_config::packages`. The latter class removes all unneccessary (development) packages, but when the `site_config::packages::build_essential` class is included, some dev packages are overridden to be installed. - Tested: [local] - Resolves: #7834
2016-01-22Include site_config::params in all x509 subclasses (#6851)varac
After restructuring site.pp to only include site_config::default and the service-specific classes, we got this: Duplicate declaration: X509::Cert[undef] is already declared in file /srv/leap/puppet/modules/site_config/manifests/x509/commercial/cert.pp at line 8; cannot redeclare at /srv/leap/puppet/modules/site_config/manifests/x509/cert.pp:8 on node rewcitestweb1.rewire.org So i included site_config::params in all site_config::x509 clases. Change-Id: Ib8387abfdc68b36c73a45fd2dd1f3a159eaec4a5
2016-01-22restructured site.pp, now only one class gets included in site.pp per ↵varac
service (Bug #6851) Also, moved global Exec{} defaults to site.pp Change-Id: I9ae91b77afde944d2f1312613b9d9030e32239dd
2016-01-19Swiss privacy foundation nameserver is not responding, switch secondaryMicah
fall-back to an OpenNIC resolver that does not log (#7781) Change-Id: I290321927c8188c82e95e2cd4b93cd01bd2258c2
2016-01-19Merge branch '7802_rsyslog_jessie' into developvarac
2016-01-19Ensure curl is installed before it is called (#7803)Micah
Change-Id: Iedd464a397e9944159991241cd84caad6a2a40d6
2016-01-15[bug] Only pin rsyslog debs to backports on wheezyvarac
- Resolves: #7802
2016-01-15linted site_config::syslogvarac
2016-01-08[bug] Make /etc/leap world-readablevarac
Under jessie, leap-mx is started by systemd now, not as a forked proc by twistd anymore. Therefore leap-mx (the user the mx proc runs as) needs direct access to it's config file under /etc/leap/mx.conf. Before, twistd would start as root, read the config and then fork an mx proc as unprivileged leap-mx user. - Tested: [quetzal] - Resolves: #7782
2015-12-15Merge branch 'dont_remove_nfs_client_on_vagrant' into developvarac
2015-12-15Merge branch 'remove_run_stages' into developvarac
2015-12-15Have leap-mx log with the process name 'leap-mx', but log toMicah
/var/log/leap/mx.log, and clean up the files associated with the previous configuration (#7691) Change-Id: Id08c97980292968e8e89f128afb5fa78bda30069
2015-12-10[feat] Dont remove nfs client on local vagrant nodesvarac
2015-12-09[feat] Remove puppet run stagesvarac
To reduce complexity, let's get rid of run stages. We used them earlier but they seem to have no purpose anymore. There was two stage leftovers: - `site_config::slow` did an `apt-get dist-upgrade` in the `setup` stage - `site_config::setup` did call the `site_config::hosts` class in the `setup` stage I checked for dependencies to to those resources, and it looks good, i tested by triggering a citest. From https://docs.puppetlabs.com/puppet/latest/reference/lang_run_stages.html#limitations-and-known-issues: ``` Due to these limitations, stages should only be used with the simplest of classes, and only when absolutely necessary. Mass dependencies like package repositories are effectively the only valid use case. ```
2015-11-24Switch to syslog for leap_mx (#6942)Micah
In order to switch to syslog for leap_mx, leap_mx needs to change to log to syslog (#6307 and #6937), and we need to clean up the platform pieces that set the non-syslog options, and rotated log files (#6942). Hopefully, this will solve the leap_mx logrotation issue at the same time (#7058) Change-Id: If68f808a65c24c91231b88d15759809c9e379294
2015-11-24Cleanup old leap mx logs that may appear on some nodes due to how thingsMicah
were logged before Change-Id: Ief95f35ea52a189075c2eda28c00bcc567c464b2
2015-11-17[bug] [jessie] Don't specify ruby versionsvarac
because ruby-1.9.3 is not available on jessie. - Related: #6920
2015-11-17[feat] Don't manually install compiler packagesvarac
These packages are a dependency of build-essential and will get installed anyway. - Related: #6920
2015-11-02Add basic DKIM support, this requires changes in leap_cli detailed inMicah
issue #5924 Change-Id: I6aa1e7751633407d441cbc6436d8426d37dbbfa7
2015-10-12[feat] Remove tapicero couchdb uservarac
- Resolves: #7514
2015-10-07[bug] Fix missing dependency (tapicero leftovers)varac
We need to remove local check-mk-agent checks on the tapicero nodes, and want to notify the monitoring server to re-inventarize the local checks. This doesn't work when both services run on different hosts, it will fail with: Could not find dependent Exec[check_mk-refresh] for Tidy[checkmk_logwatch_spool] So i remove the notifies, because we will re-inventarize of local checks by a daily cronjob anyway, see #6873. ... - Resolves: #XYZ - Related: #XYZ - Documentation: #XYZ - Releases: XYZ
2015-10-07[bug] Fix removal of webapp apache config filevarac
Done by including a service-dependend site_config::remove::webapp class.
2015-10-07Merge branch 'develop' of gitlab.com:leap/platform into developvarac
2015-10-06[feat] Remove tapicero from more placesvarac
Remove from: - platform white-box tests (couchdb user ACLs, tapicero daemon test) - provider_base/ dir that handles the compilation of the hiera config file - Resolves: #7501
2015-10-06[feat] remove tapicero leftoversvarac
Soledad now creates user-dbs, which has been done by tapicero in the past. we need to remove any leftovers from tapicero.
2015-10-05Merge branch 'soledad_userdb_creation' into developvarac
2015-10-05[feat] Create-user-db: use couchdb admin rightsvarac
- create soledad-admin user - deploy netrc file for userdb creation - Move soledad-server.conf from /etc/leap to /etc/soledad - make soledad-server.conf group-accessible for the soledad group, so the soledad-admin user can read it - Resolves: #7502
2015-09-30fix missing service dependency errorMicah
this tidy should only happen on webapp nodes Change-Id: I56faac4fa28fde9dcad7ce9a6ed0d684630a556e
2015-09-24do not remove /var/log/leap/mx.log.*, this is where leap_mx is logging.elijah
2015-09-24fix missing service dependency errorMicah
this tidy should only happen on webapp nodes Change-Id: I56faac4fa28fde9dcad7ce9a6ed0d684630a556e
2015-09-24Remove no longer used vhost for leap_webapp (#7475)Micah
The configuration /etc/apache/sites-enabled/leap_webapp.conf was never removed after 6255e58bf9ff3489bf2707bc2be9759ec5c7db68 made it obsolete, and because it exists on older systems, it is being used instead of the correct common.conf. This removes it and reloads apache. Change-Id: Ic4c9901f4bba869ecb3dfe5362dfd1971570f89a
2015-08-12Don't use check_mk logwatch to watch bigcouch logs anymore (#7375)varac
The rationale here is: - bigcouch/its included erlang version is incredibly noisy and spits out warnings/error msgs all the time - it uses the worst logging format i ever saw, multiple lines directly to a file (couch 2.0 uses lager as logging backend which can log to syslog) - trying to sort out the false positives will take too much time, and who knows which of them will be resolved in couch 1.6/2.0 Change-Id: Idbe6b37a19cd65ce31a50d4c28eedb4cf15ba3b5
2015-07-07Clean up left-over files from old way of leap-mx logging, this shouldMicah Anderson
stop the logrotate cron errors from happening. (#7058) Change-Id: Iceaeb8c17600fc23d2b1ca075546f8573c145760