summaryrefslogtreecommitdiff
path: root/puppet/modules/site_config
AgeCommit message (Collapse)Author
2015-04-08set the 'logoutput' parameter for any exec type to 'on_error'varac
Change-Id: I04c796a502db52f3a594ef4c3cf08c330839bc13
2015-04-07rotate deploy logs by size instead of by date.elijah
2015-02-09logs deploy information to /var/log/leap/deploy.log (full puppet log) and ↵elijah
/var/log/leap/deploy-summary.log (just the start and complete, with platform version, user, leap_cli version, platform branch). downgrading platform require --downgrade (requires new leap_cli)
2015-01-27vcsrepo should depend on git package (Bug #6659)varac
Change-Id: Ibc2ae4697a37af97de625bfc9d8e149306578321
2015-01-22Provide a base-level set of quality entropy by installing haveged onMicah Anderson
systems by default (#6664) Change-Id: Ic2d4416b7c55f00f01d4b2ade78339d653bc8993
2015-01-13don't remove fontconfig-config package cause pnp4nagios depends on it (#6615)varac
Change-Id: If6c0d88e83b52588ee908edfa81451d37794a4b4
2014-12-04Merge remote-tracking branch 'leap/develop' into check_dhcpChristoph Kluenter
2014-10-21implement custom puppet support (#6201, #6226)Micah Anderson
change puppet command to include in the --modulepath /srv/leap/files/puppet/modules If a provider places puppet code under files/puppet it will be sync'd over to all the nodes, once leap cli #6225 is merged. The custom puppet entry point is in class 'custom' which can be put into files/puppet/modules/custom/manifests/init.pp Change-Id: I74879c6ee056b03cd4691aa81a7668b60383bdad
2014-09-29ensure dhclicent and resolv.conf are configured before bigcouchChristoph Kluenter
2014-09-29configure dhclient if its used in /e/network/interfacesChristoph Kluenter
we don't dhclient to to set domain and search in /etc/reslov.conf bigcouch has a strange way to find its hostname. It uses the domain stanza in /etc/resolv.conf to find its domain
2014-09-29new fact to check if dhcp is used;Christoph Kluenter
from https://github.com/gds-operations/puppet-resolvconf/blob/master/lib/facter/dhcp_enabled.rb
2014-09-25allow all outgoing trafficChristoph Kluenter
as discussed on #leap
2014-09-17allow outgoing port 3142 for apt-cacher proxyChristoph
2014-08-22FQDN should come first in /etc/hostsvarac
fixes /etc/hosts: wrong order (Bug #5835) (now for real) before, /etc/hosts contained i.e. 127.0.1.1 plain1 plain1.bitmask.net plain1.bitmask.i which resulted in no fqdn reported both by "hostname -f" and "facter fqdn" this fix produces this order which is needed to report a fqdn: 127.0.1.1 plain1.bitmask.net plain1 plain1.bitmask.i
2014-06-27reorder /etc/hostsChristoph
now "hostname -f" results in the correct hostname. Fixes #5835
2014-06-04clean up how /etc/hosts is generated so it doesn't require custom behavior ↵0.5.2elijah
depending on the services.
2014-06-04bugfix: actually apply modules based on $serviceselijah
2014-06-03move hiera from site.pp to site_config::setupChristoph
the problem was following: if a host has the webapp service, the template for /etc/hosts adds some stuff. But setup.pp did not ask hiera about the services so "/srv/leap/bin/puppet_command set_hostname" always resets the hostname. Since that gets triggered every time you run "leap deploy" the hostname changes, some services restart, then the hostname changes back and the services restart again. The solution is to get the hiera data before every run.
2014-05-27Switch away from site_config::sshd and instead just include site_sshdMicah Anderson
The existing site_config::sshd had a non-functioning 'include sshd' line in it that was not doing what was expected (this was supposed to include the sshd module, but due to scoping was including itself). It seemed better to eliminate some of the unused pieces and consolidate into one config location. Change-Id: I79dd904e696ca646180a09abbb03b5361dfc8ab9
2014-05-22Implement #2328: unbound.conf: content changed on every puppetrunMicah Anderson
This is done by using the include glob capability that is in the wheezy-backports and newer unbound to include the /etc/unbound/unbound.conf.d/* config files. To do this, we need to transition from our /etc/unbound/conf.d directory structure to use the one that the debian package uses. This allows us to clean up the rather ugly way we were configuring the resolver before. Change-Id: I68347922f265bbd0ddf11d59d8574a612a7bd82c
2014-05-22lint cleanup of site_config::caching_resolverMicah Anderson
Change-Id: I3f6a4db26e064a520a08822cf23fc3288b31af62
2014-05-22Install wheezy-backports version of unbound, this is necessary to solve #2328Micah Anderson
Change-Id: Ie28de8d3f7a8c8cf52ce30365379a476d48dc88b
2014-05-22Move rsyslog preferences snippet to site_apt::preferences::rsyslog, toMicah Anderson
group it with the other preferences snippets Change-Id: I83928c6b82cd6218a80c95475729cb57f146ff85
2014-05-21fix resolv.conf on virtualboxChristoph
virtualbox sends the domain with the dhcp-answer. If the wrong domain ends up in /etc/resolv.conf bigcouch fails.
2014-05-17change rsyslog pin from leaps debian repo to backports (fixes #5533)kwadronaut
2014-05-06Change the initial firewall to subscribe to the rule file to be able toMicah Anderson
trigger changes, make the default ipv6 firewall subscribe to shorewall6, if it exists, and finally reject all outgoing IPv6 packets. All of this will complete the platform-side of route IPv6 through OpenVPN gateway, and block it. (Feature #4163) Change-Id: Icf6d582063ed01d304658b740a565057ee4e6810
2014-04-24initial firewall: allow port 22 by default. This is the most common portMicah Anderson
that sshd will be listening to in a default setup. This needs to be allowed so that you can have a different port configured in the hiera and not get locked out during deployment (#5119) Change-Id: Ie101eaaf440415ddb276621c369da7f67f409c2b
2014-04-15fix concat::setup (#5503)varac
2014-04-10Merge branch '0.6' into developvarac
2014-04-05better system for optionally uninstalling build-essential package. closes ↵elijah
https://leap.se/code/issues/5426
2014-04-04Merge branch '2993_setup_subclass' into 0.6varac
2014-03-31Merge branch 'feature/static_site' of https://github.com/elijh/leap_platform ↵kwadronaut
into elijh-feature/static_site Conflicts: puppet/modules/site_config/manifests/packages/base.pp
2014-03-25Move setup.pp to a subclass (site_config::setup) (Feature #2993)varac
2014-03-25couch node: same packages removed on every (second ?) puppetrun (Feature #5018)varac
2014-03-23modules/site_static: part 1 - amberelijah
2014-02-27include "127.0.1.1 @domain_public @api['domain']" in /etc/hosts for nagios ↵varac
webapp log check
2014-02-12renamed site_check_mk::client to site_check_mk::agentvarac
2014-02-12moved check_mk server and client class to site_check_mk modulevarac
2014-02-05include site_nagios::client by defaultvarac
2014-01-24swiss privacy foundation changed their nameserver IPs: ↵varac
http://www.privacyfoundation.ch/de/service/server.html
2014-01-06install ntp on all platform nodes (Feature #4913)varac
2013-12-18Fix for openvpn/unbound not starting at boot (#4506)Micah Anderson
This change sets the sysctl net.ipv4.ip_nonlocal_bind to allow applications to bind to an address, even when the link is down. This is necessary because applications like unbound and openvpn fail to start on boot in some situations because interfaces are not fully up (due to a combination of non-deterministic booting because of the likely potential setting of allow-hotplug in the interfaces file and the LSB boot dependency on $network not being sufficient. The only down-side to setting this is a daemon could bind to an incorrect ip and we wouldn't get an error, but this would be a configuration mistake, rather than a fatal condition. Change-Id: I5c03083e8c20bb25afad85a1230f4555808d341c
2013-11-27setup some common leap system directories: /var/lib/leap and /var/log/leapMicah Anderson
Change-Id: I18aa0ee635d7166676e4bb4384e2b517784a68b0
2013-11-25fix bug when 'environment' is nil in hiera.yamlelijah
2013-10-20Possibility to include local puppet recipes (Feature #3976)varac
2013-10-17syslog: fix apt_preferences snippet to glob on both rsyslog and rsyslog-relp ↵Micah Anderson
(#4161) Change-Id: I7eaa35897da3b24833be3b2c14db99cd66b547c0
2013-10-16fix for rsyslog-relp being installed first, resulting in dependency errors ↵Micah Anderson
(#4161) Change-Id: I2f0bcc5b4cb5effae57051f04251aeb8b09a4c6d
2013-10-16syslog: add rsyslog::snippet to anonymize logsMicah Anderson
it is necessary to install the fixed package from the leap.se repository until it is available in wheezy-backports, so install the apt preferences to pull it from there, and add its necessary library dependency from wheezy-backports Change-Id: I379ff2ceaac1a978143715d3a7ced0011ca0d747
2013-10-16rsyslog: setup default local config that gets us the same config as default ↵Micah Anderson
from debian Change-Id: If07ee200e2ae0d9cfaf8e405d6354c80d77330ca
2013-10-16vagrant: support other providers besides virtualbox (Bug #4158)varac