Age | Commit message (Collapse) | Author |
|
Change-Id: I04c796a502db52f3a594ef4c3cf08c330839bc13
|
|
|
|
/var/log/leap/deploy-summary.log (just the start and complete, with platform version, user, leap_cli version, platform branch). downgrading platform require --downgrade (requires new leap_cli)
|
|
Change-Id: Ibc2ae4697a37af97de625bfc9d8e149306578321
|
|
systems by default (#6664)
Change-Id: Ic2d4416b7c55f00f01d4b2ade78339d653bc8993
|
|
Change-Id: If6c0d88e83b52588ee908edfa81451d37794a4b4
|
|
|
|
change puppet command to include in the --modulepath
/srv/leap/files/puppet/modules
If a provider places puppet code under files/puppet it will
be sync'd over to all the nodes, once leap cli #6225 is merged.
The custom puppet entry point is in class 'custom' which can
be put into files/puppet/modules/custom/manifests/init.pp
Change-Id: I74879c6ee056b03cd4691aa81a7668b60383bdad
|
|
|
|
we don't dhclient to to set domain and search in /etc/reslov.conf
bigcouch has a strange way to find its hostname. It uses the domain
stanza in /etc/resolv.conf to find its domain
|
|
from https://github.com/gds-operations/puppet-resolvconf/blob/master/lib/facter/dhcp_enabled.rb
|
|
as discussed on #leap
|
|
|
|
fixes /etc/hosts: wrong order (Bug #5835) (now for real)
before, /etc/hosts contained i.e.
127.0.1.1 plain1 plain1.bitmask.net plain1.bitmask.i
which resulted in no fqdn reported both by "hostname -f"
and "facter fqdn"
this fix produces this order which is needed to report a fqdn:
127.0.1.1 plain1.bitmask.net plain1 plain1.bitmask.i
|
|
now "hostname -f" results in the correct hostname.
Fixes #5835
|
|
depending on the services.
|
|
|
|
the problem was following:
if a host has the webapp service, the template for /etc/hosts adds some stuff.
But setup.pp did not ask hiera about the services so
"/srv/leap/bin/puppet_command set_hostname" always resets the hostname.
Since that gets triggered every time you run "leap deploy" the
hostname changes, some services restart, then the hostname changes back and
the services restart again.
The solution is to get the hiera data before every run.
|
|
The existing site_config::sshd had a non-functioning 'include sshd' line
in it that was not doing what was expected (this was supposed to include
the sshd module, but due to scoping was including itself).
It seemed better to eliminate some of the unused pieces and consolidate
into one config location.
Change-Id: I79dd904e696ca646180a09abbb03b5361dfc8ab9
|
|
This is done by using the include glob capability that is in the
wheezy-backports and newer unbound to include the
/etc/unbound/unbound.conf.d/* config files.
To do this, we need to transition from our /etc/unbound/conf.d directory
structure to use the one that the debian package uses.
This allows us to clean up the rather ugly way we were configuring the
resolver before.
Change-Id: I68347922f265bbd0ddf11d59d8574a612a7bd82c
|
|
Change-Id: I3f6a4db26e064a520a08822cf23fc3288b31af62
|
|
Change-Id: Ie28de8d3f7a8c8cf52ce30365379a476d48dc88b
|
|
group it with the other preferences snippets
Change-Id: I83928c6b82cd6218a80c95475729cb57f146ff85
|
|
virtualbox sends the domain with the dhcp-answer.
If the wrong domain ends up in /etc/resolv.conf bigcouch fails.
|
|
|
|
trigger changes, make the default ipv6 firewall subscribe to shorewall6,
if it exists, and finally reject all outgoing IPv6 packets.
All of this will complete the platform-side of route IPv6 through
OpenVPN gateway, and block it. (Feature #4163)
Change-Id: Icf6d582063ed01d304658b740a565057ee4e6810
|
|
that sshd will be listening to in a default setup. This needs to be
allowed so that you can have a different port configured in the
hiera and not get locked out during deployment (#5119)
Change-Id: Ie101eaaf440415ddb276621c369da7f67f409c2b
|
|
|
|
|
|
https://leap.se/code/issues/5426
|
|
|
|
into elijh-feature/static_site
Conflicts:
puppet/modules/site_config/manifests/packages/base.pp
|
|
|
|
|
|
|
|
webapp log check
|
|
|
|
|
|
|
|
http://www.privacyfoundation.ch/de/service/server.html
|
|
|
|
This change sets the sysctl net.ipv4.ip_nonlocal_bind to allow
applications to bind to an address, even when the link is down. This is
necessary because applications like unbound and openvpn fail to start on
boot in some situations because interfaces are not fully up (due to a
combination of non-deterministic booting because of the likely potential
setting of allow-hotplug in the interfaces file and the LSB boot
dependency on $network not being sufficient.
The only down-side to setting this is a daemon could bind to an
incorrect ip and we wouldn't get an error, but this would be a
configuration mistake, rather than a fatal condition.
Change-Id: I5c03083e8c20bb25afad85a1230f4555808d341c
|
|
Change-Id: I18aa0ee635d7166676e4bb4384e2b517784a68b0
|
|
|
|
|
|
(#4161)
Change-Id: I7eaa35897da3b24833be3b2c14db99cd66b547c0
|
|
(#4161)
Change-Id: I2f0bcc5b4cb5effae57051f04251aeb8b09a4c6d
|
|
it is necessary to install the fixed package from the leap.se repository until it is available in wheezy-backports, so install the apt preferences to pull it from there, and add its necessary library dependency from wheezy-backports
Change-Id: I379ff2ceaac1a978143715d3a7ced0011ca0d747
|
|
from debian
Change-Id: If07ee200e2ae0d9cfaf8e405d6354c80d77330ca
|
|
|