Age | Commit message (Collapse) | Author |
|
|
|
Remove from:
- platform white-box tests (couchdb user ACLs, tapicero daemon test)
- provider_base/ dir that handles the compilation of the hiera config
file
- Resolves: #7501
|
|
Soledad now creates user-dbs, which has been done by tapicero
in the past. we need to remove any leftovers from tapicero.
|
|
|
|
- create soledad-admin user
- deploy netrc file for userdb creation
- Move soledad-server.conf from /etc/leap to /etc/soledad
- make soledad-server.conf group-accessible for the soledad group, so
the soledad-admin user can read it
- Resolves: #7502
|
|
this tidy should only happen on webapp nodes
Change-Id: I56faac4fa28fde9dcad7ce9a6ed0d684630a556e
|
|
|
|
this tidy should only happen on webapp nodes
Change-Id: I56faac4fa28fde9dcad7ce9a6ed0d684630a556e
|
|
The configuration /etc/apache/sites-enabled/leap_webapp.conf was never
removed after 6255e58bf9ff3489bf2707bc2be9759ec5c7db68 made it obsolete,
and because it exists on older systems, it is being used instead of the
correct common.conf.
This removes it and reloads apache.
Change-Id: Ic4c9901f4bba869ecb3dfe5362dfd1971570f89a
|
|
The rationale here is:
- bigcouch/its included erlang version is incredibly noisy and spits out
warnings/error msgs all the time
- it uses the worst logging format i ever saw, multiple lines directly
to a file (couch 2.0 uses lager as logging backend which can log to
syslog)
- trying to sort out the false positives will take too much time,
and who knows which of them will be resolved in couch 1.6/2.0
Change-Id: Idbe6b37a19cd65ce31a50d4c28eedb4cf15ba3b5
|
|
stop the logrotate cron errors from happening. (#7058)
Change-Id: Iceaeb8c17600fc23d2b1ca075546f8573c145760
|
|
Those packages are needed by libvirt to reboot/shutdown a VM
by the virsh command.
Change-Id: I3eb7b113d11e3034f41d09d51c203b93275ae3c9
|
|
Change-Id: Ie0b1f22c49462bd5c4ee3290f100e5d3e14ccb03
|
|
Change-Id: I4e8fe3355a2d55193ebf745de1f932a6dcd6121c
|
|
|
|
Change-Id: Ic58f9516854f812d46aa3a574628318951f99a95
|
|
file #6964"
This reverts commit 984684f56f15d9d89ea78ffe6ed67dabf3d63208.
Needed because:
Augeas fails after upgrading augeas packages during same puppetrun, but
only on first deploy - https://leap.se/code/issues/6997
|
|
Change-Id: I385c639e5c096deef4f81691a85c1b83cbab9421
|
|
|
|
|
|
Change-Id: I04c796a502db52f3a594ef4c3cf08c330839bc13
|
|
|
|
/var/log/leap/deploy-summary.log (just the start and complete, with platform version, user, leap_cli version, platform branch). downgrading platform require --downgrade (requires new leap_cli)
|
|
Change-Id: Ibc2ae4697a37af97de625bfc9d8e149306578321
|
|
systems by default (#6664)
Change-Id: Ic2d4416b7c55f00f01d4b2ade78339d653bc8993
|
|
Change-Id: If6c0d88e83b52588ee908edfa81451d37794a4b4
|
|
|
|
change puppet command to include in the --modulepath
/srv/leap/files/puppet/modules
If a provider places puppet code under files/puppet it will
be sync'd over to all the nodes, once leap cli #6225 is merged.
The custom puppet entry point is in class 'custom' which can
be put into files/puppet/modules/custom/manifests/init.pp
Change-Id: I74879c6ee056b03cd4691aa81a7668b60383bdad
|
|
|
|
we don't dhclient to to set domain and search in /etc/reslov.conf
bigcouch has a strange way to find its hostname. It uses the domain
stanza in /etc/resolv.conf to find its domain
|
|
from https://github.com/gds-operations/puppet-resolvconf/blob/master/lib/facter/dhcp_enabled.rb
|
|
as discussed on #leap
|
|
|
|
fixes /etc/hosts: wrong order (Bug #5835) (now for real)
before, /etc/hosts contained i.e.
127.0.1.1 plain1 plain1.bitmask.net plain1.bitmask.i
which resulted in no fqdn reported both by "hostname -f"
and "facter fqdn"
this fix produces this order which is needed to report a fqdn:
127.0.1.1 plain1.bitmask.net plain1 plain1.bitmask.i
|
|
now "hostname -f" results in the correct hostname.
Fixes #5835
|
|
depending on the services.
|
|
|
|
the problem was following:
if a host has the webapp service, the template for /etc/hosts adds some stuff.
But setup.pp did not ask hiera about the services so
"/srv/leap/bin/puppet_command set_hostname" always resets the hostname.
Since that gets triggered every time you run "leap deploy" the
hostname changes, some services restart, then the hostname changes back and
the services restart again.
The solution is to get the hiera data before every run.
|
|
The existing site_config::sshd had a non-functioning 'include sshd' line
in it that was not doing what was expected (this was supposed to include
the sshd module, but due to scoping was including itself).
It seemed better to eliminate some of the unused pieces and consolidate
into one config location.
Change-Id: I79dd904e696ca646180a09abbb03b5361dfc8ab9
|
|
This is done by using the include glob capability that is in the
wheezy-backports and newer unbound to include the
/etc/unbound/unbound.conf.d/* config files.
To do this, we need to transition from our /etc/unbound/conf.d directory
structure to use the one that the debian package uses.
This allows us to clean up the rather ugly way we were configuring the
resolver before.
Change-Id: I68347922f265bbd0ddf11d59d8574a612a7bd82c
|
|
Change-Id: I3f6a4db26e064a520a08822cf23fc3288b31af62
|
|
Change-Id: Ie28de8d3f7a8c8cf52ce30365379a476d48dc88b
|
|
group it with the other preferences snippets
Change-Id: I83928c6b82cd6218a80c95475729cb57f146ff85
|
|
virtualbox sends the domain with the dhcp-answer.
If the wrong domain ends up in /etc/resolv.conf bigcouch fails.
|
|
|
|
trigger changes, make the default ipv6 firewall subscribe to shorewall6,
if it exists, and finally reject all outgoing IPv6 packets.
All of this will complete the platform-side of route IPv6 through
OpenVPN gateway, and block it. (Feature #4163)
Change-Id: Icf6d582063ed01d304658b740a565057ee4e6810
|
|
that sshd will be listening to in a default setup. This needs to be
allowed so that you can have a different port configured in the
hiera and not get locked out during deployment (#5119)
Change-Id: Ie101eaaf440415ddb276621c369da7f67f409c2b
|
|
|
|
|
|
https://leap.se/code/issues/5426
|