summaryrefslogtreecommitdiff
path: root/puppet/modules/site_config/templates
AgeCommit message (Collapse)Author
2014-09-25allow all outgoing trafficChristoph Kluenter
as discussed on #leap
2014-09-17allow outgoing port 3142 for apt-cacher proxyChristoph
2014-06-04clean up how /etc/hosts is generated so it doesn't require custom behavior ↵0.5.2elijah
depending on the services.
2014-05-06Change the initial firewall to subscribe to the rule file to be able toMicah Anderson
trigger changes, make the default ipv6 firewall subscribe to shorewall6, if it exists, and finally reject all outgoing IPv6 packets. All of this will complete the platform-side of route IPv6 through OpenVPN gateway, and block it. (Feature #4163) Change-Id: Icf6d582063ed01d304658b740a565057ee4e6810
2014-04-24initial firewall: allow port 22 by default. This is the most common portMicah Anderson
that sshd will be listening to in a default setup. This needs to be allowed so that you can have a different port configured in the hiera and not get locked out during deployment (#5119) Change-Id: Ie101eaaf440415ddb276621c369da7f67f409c2b
2014-02-27include "127.0.1.1 @domain_public @api['domain']" in /etc/hosts for nagios ↵varac
webapp log check
2013-09-04fix initial firewall to allow outgoing lo traffic and outgoing port 443 (#3736)Micah Anderson
this allows nameserver queries to the local resolver to work and clones to the leap https repository to work Change-Id: I575d08405a0c28e12c8d201a8dbc79585a5a9a48
2013-08-22install a preliminary firewall that blocks everything, except ssh for the ↵Micah Anderson
cases when shorewall doesn't properly come up, ensuring that it fails safe (#3339) Change-Id: Id4f0bf6cf25f420aa2ad67635b37ae95f54e3d38
2013-07-10ensure that /etc/hosts is output deterministically, so that content does not ↵elijah
change each time you deploy.
2013-06-30Fix 'Failed to call refresh: /usr/local/sbin/reload_dhclient returned 2 insteadMicah Anderson
of one of [0]' by putting in the missing closing single quote. Change-Id: I86feb5d06dd25e28ea67da0b5627e7be4174e01e
2013-06-19disable dhclient from modifying the /etc/resolv.conf file on ↵Micah Anderson
openstack/amazon instances The dhclient in these environments is quite aggressive and overwrites the nameservers we've deliberately chosen to use with google's nameservers. This commit attempts to fix that. The dhclient methodology for altering these things is particularly unpleasant. We effectively redefine the functions that mess with this file to be noops in the /etc/dhcp/dhclient-enter-hooks.d directory and then we are forced to restart dhclient by shipping a script that tries to determine the correct PID and arguments that it was running as before killing and restarting it with the same arguments. See debian bugs #681698, #712796 for further discussion about how to make this less difficult Change-Id: I51cf40cf98eaddcefd8180e157b6e3ca824173f0
2013-06-11/etc/hosts must not have commas!!elijah
2013-06-11use hiera hashes for source data for /etc/hostselijah
2013-01-20configure fqdn for hostvarac
2013-01-20configure fqdn for hostvarac
2012-12-11test to see if the hosts value is empty before trying to reference it in a ↵Micah Anderson
template also set the hostname to what the hiera 'name' is set to
2012-12-11setup /etc/hosts based on a template and the hiera value 'hosts'Micah Anderson
This will replace the existing /etc/hosts, so we will want to make this more smart later