summaryrefslogtreecommitdiff
path: root/puppet/modules/site_config
AgeCommit message (Collapse)Author
2015-10-07Merge branch 'develop' of gitlab.com:leap/platform into developvarac
2015-10-06[feat] Remove tapicero from more placesvarac
Remove from: - platform white-box tests (couchdb user ACLs, tapicero daemon test) - provider_base/ dir that handles the compilation of the hiera config file - Resolves: #7501
2015-10-06[feat] remove tapicero leftoversvarac
Soledad now creates user-dbs, which has been done by tapicero in the past. we need to remove any leftovers from tapicero.
2015-10-05Merge branch 'soledad_userdb_creation' into developvarac
2015-10-05[feat] Create-user-db: use couchdb admin rightsvarac
- create soledad-admin user - deploy netrc file for userdb creation - Move soledad-server.conf from /etc/leap to /etc/soledad - make soledad-server.conf group-accessible for the soledad group, so the soledad-admin user can read it - Resolves: #7502
2015-09-30fix missing service dependency errorMicah
this tidy should only happen on webapp nodes Change-Id: I56faac4fa28fde9dcad7ce9a6ed0d684630a556e
2015-09-24do not remove /var/log/leap/mx.log.*, this is where leap_mx is logging.elijah
2015-09-24fix missing service dependency errorMicah
this tidy should only happen on webapp nodes Change-Id: I56faac4fa28fde9dcad7ce9a6ed0d684630a556e
2015-09-24Remove no longer used vhost for leap_webapp (#7475)Micah
The configuration /etc/apache/sites-enabled/leap_webapp.conf was never removed after 6255e58bf9ff3489bf2707bc2be9759ec5c7db68 made it obsolete, and because it exists on older systems, it is being used instead of the correct common.conf. This removes it and reloads apache. Change-Id: Ic4c9901f4bba869ecb3dfe5362dfd1971570f89a
2015-08-12Don't use check_mk logwatch to watch bigcouch logs anymore (#7375)varac
The rationale here is: - bigcouch/its included erlang version is incredibly noisy and spits out warnings/error msgs all the time - it uses the worst logging format i ever saw, multiple lines directly to a file (couch 2.0 uses lager as logging backend which can log to syslog) - trying to sort out the false positives will take too much time, and who knows which of them will be resolved in couch 1.6/2.0 Change-Id: Idbe6b37a19cd65ce31a50d4c28eedb4cf15ba3b5
2015-07-07Clean up left-over files from old way of leap-mx logging, this shouldMicah Anderson
stop the logrotate cron errors from happening. (#7058) Change-Id: Iceaeb8c17600fc23d2b1ca075546f8573c145760
2015-07-01Don't remove acpid and acpi-support-base packagesvarac
Those packages are needed by libvirt to reboot/shutdown a VM by the virsh command. Change-Id: I3eb7b113d11e3034f41d09d51c203b93275ae3c9
2015-06-23cleanup no longer used unbound conf.d pieces (#7187)Micah Anderson
Change-Id: Ie0b1f22c49462bd5c4ee3290f100e5d3e14ccb03
2015-06-23Remove old clean-up, this is no longer necessaryMicah Anderson
Change-Id: I4e8fe3355a2d55193ebf745de1f932a6dcd6121c
2015-06-02ensure the enterhooks directory is presentChristoph Kluenter
2015-05-26check_mk complains about non-existing logfile (#6964)varac
Change-Id: Ic58f9516854f812d46aa3a574628318951f99a95
2015-05-26Revert "remove old leap_mx logfile location from check_mk logwatch state ↵varac
file #6964" This reverts commit 984684f56f15d9d89ea78ffe6ed67dabf3d63208. Needed because: Augeas fails after upgrading augeas packages during same puppetrun, but only on first deploy - https://leap.se/code/issues/6997
2015-05-14remove old leap_mx logfile location from check_mk logwatch state file #6964varac
Change-Id: I385c639e5c096deef4f81691a85c1b83cbab9421
2015-04-17rename leap-mx logrotate file; minor style change.elijah
2015-04-16properly clean up unused fileselijah
2015-04-08set the 'logoutput' parameter for any exec type to 'on_error'varac
Change-Id: I04c796a502db52f3a594ef4c3cf08c330839bc13
2015-04-07rotate deploy logs by size instead of by date.elijah
2015-02-09logs deploy information to /var/log/leap/deploy.log (full puppet log) and ↵elijah
/var/log/leap/deploy-summary.log (just the start and complete, with platform version, user, leap_cli version, platform branch). downgrading platform require --downgrade (requires new leap_cli)
2015-01-27vcsrepo should depend on git package (Bug #6659)varac
Change-Id: Ibc2ae4697a37af97de625bfc9d8e149306578321
2015-01-22Provide a base-level set of quality entropy by installing haveged onMicah Anderson
systems by default (#6664) Change-Id: Ic2d4416b7c55f00f01d4b2ade78339d653bc8993
2015-01-13don't remove fontconfig-config package cause pnp4nagios depends on it (#6615)varac
Change-Id: If6c0d88e83b52588ee908edfa81451d37794a4b4
2014-12-04Merge remote-tracking branch 'leap/develop' into check_dhcpChristoph Kluenter
2014-10-21implement custom puppet support (#6201, #6226)Micah Anderson
change puppet command to include in the --modulepath /srv/leap/files/puppet/modules If a provider places puppet code under files/puppet it will be sync'd over to all the nodes, once leap cli #6225 is merged. The custom puppet entry point is in class 'custom' which can be put into files/puppet/modules/custom/manifests/init.pp Change-Id: I74879c6ee056b03cd4691aa81a7668b60383bdad
2014-09-29ensure dhclicent and resolv.conf are configured before bigcouchChristoph Kluenter
2014-09-29configure dhclient if its used in /e/network/interfacesChristoph Kluenter
we don't dhclient to to set domain and search in /etc/reslov.conf bigcouch has a strange way to find its hostname. It uses the domain stanza in /etc/resolv.conf to find its domain
2014-09-29new fact to check if dhcp is used;Christoph Kluenter
from https://github.com/gds-operations/puppet-resolvconf/blob/master/lib/facter/dhcp_enabled.rb
2014-09-25allow all outgoing trafficChristoph Kluenter
as discussed on #leap
2014-09-17allow outgoing port 3142 for apt-cacher proxyChristoph
2014-08-22FQDN should come first in /etc/hostsvarac
fixes /etc/hosts: wrong order (Bug #5835) (now for real) before, /etc/hosts contained i.e. 127.0.1.1 plain1 plain1.bitmask.net plain1.bitmask.i which resulted in no fqdn reported both by "hostname -f" and "facter fqdn" this fix produces this order which is needed to report a fqdn: 127.0.1.1 plain1.bitmask.net plain1 plain1.bitmask.i
2014-06-27reorder /etc/hostsChristoph
now "hostname -f" results in the correct hostname. Fixes #5835
2014-06-04clean up how /etc/hosts is generated so it doesn't require custom behavior ↵0.5.2elijah
depending on the services.
2014-06-04bugfix: actually apply modules based on $serviceselijah
2014-06-03move hiera from site.pp to site_config::setupChristoph
the problem was following: if a host has the webapp service, the template for /etc/hosts adds some stuff. But setup.pp did not ask hiera about the services so "/srv/leap/bin/puppet_command set_hostname" always resets the hostname. Since that gets triggered every time you run "leap deploy" the hostname changes, some services restart, then the hostname changes back and the services restart again. The solution is to get the hiera data before every run.
2014-05-27Switch away from site_config::sshd and instead just include site_sshdMicah Anderson
The existing site_config::sshd had a non-functioning 'include sshd' line in it that was not doing what was expected (this was supposed to include the sshd module, but due to scoping was including itself). It seemed better to eliminate some of the unused pieces and consolidate into one config location. Change-Id: I79dd904e696ca646180a09abbb03b5361dfc8ab9
2014-05-22Implement #2328: unbound.conf: content changed on every puppetrunMicah Anderson
This is done by using the include glob capability that is in the wheezy-backports and newer unbound to include the /etc/unbound/unbound.conf.d/* config files. To do this, we need to transition from our /etc/unbound/conf.d directory structure to use the one that the debian package uses. This allows us to clean up the rather ugly way we were configuring the resolver before. Change-Id: I68347922f265bbd0ddf11d59d8574a612a7bd82c
2014-05-22lint cleanup of site_config::caching_resolverMicah Anderson
Change-Id: I3f6a4db26e064a520a08822cf23fc3288b31af62
2014-05-22Install wheezy-backports version of unbound, this is necessary to solve #2328Micah Anderson
Change-Id: Ie28de8d3f7a8c8cf52ce30365379a476d48dc88b
2014-05-22Move rsyslog preferences snippet to site_apt::preferences::rsyslog, toMicah Anderson
group it with the other preferences snippets Change-Id: I83928c6b82cd6218a80c95475729cb57f146ff85
2014-05-21fix resolv.conf on virtualboxChristoph
virtualbox sends the domain with the dhcp-answer. If the wrong domain ends up in /etc/resolv.conf bigcouch fails.
2014-05-17change rsyslog pin from leaps debian repo to backports (fixes #5533)kwadronaut
2014-05-06Change the initial firewall to subscribe to the rule file to be able toMicah Anderson
trigger changes, make the default ipv6 firewall subscribe to shorewall6, if it exists, and finally reject all outgoing IPv6 packets. All of this will complete the platform-side of route IPv6 through OpenVPN gateway, and block it. (Feature #4163) Change-Id: Icf6d582063ed01d304658b740a565057ee4e6810
2014-04-24initial firewall: allow port 22 by default. This is the most common portMicah Anderson
that sshd will be listening to in a default setup. This needs to be allowed so that you can have a different port configured in the hiera and not get locked out during deployment (#5119) Change-Id: Ie101eaaf440415ddb276621c369da7f67f409c2b
2014-04-15fix concat::setup (#5503)varac
2014-04-10Merge branch '0.6' into developvarac
2014-04-05better system for optionally uninstalling build-essential package. closes ↵elijah
https://leap.se/code/issues/5426