Age | Commit message (Collapse) | Author |
|
Because this is the recommended way of depnending in the apt README.
|
|
We need to include class `site_config::default` in class
`site_config::slow` so we don't get this duplicate definition:
- [local1.bitmask.local] Error: Duplicate declaration: Class[Apt] is
already declared; cannot redeclare at
/srv/leap/puppet/modules/site_apt/manifests/init.pp:29 on node
local1.bitmask.local
To be honest, i didn't figuered out the real cause of this, but it works
with this.
|
|
`site_config::default.pp` takes care the all packages are
installed before `Exec['refresh_apt']`, so we don't need to
add it here for a single package.
|
|
This worked before, but somehow stopped working.
We need to include 'site_config::slow' top-level scope instead
of including it in 'site_config::default', because otherwise it
would get tagged with 'leap_base', and would be included always.
This way 'site_config::slow' gets included by default, but can be
excluded by using 'leap deploy --fast'.
See https://leap.se/en/docs/platform/details/under-the-hood#tags
- Resolves: #7844
|
|
The problem was that puppet tried to remove them on the couch node,
but they need to get removed on monitor node.
- Resolves: #7641
|
|
- Resolves: #7629
|
|
We now include "site_config::remove::bigcouch" in class
"site_couchdb::master", which sets up plain couchdb.
|
|
Ruby itself is a parameterized class, and parameters cannot get
overridden (see https://projects.puppetlabs.com/issues/9259).
The webapp node didn't install the ruby-dev package (we never
noticed because our vagrant images as probably other debian images
had ruby-dev preinstalled).
We now use the ruby::devel class to install ruby-dev.
- Tested: [citest-jessie]
- Resolves: #7838
|
|
Vagrant uses portmap and nfs-common for mounting shared folders using
nfs.
|
|
In certain node setups, the webapp gems cannot get built
because `build-essential` and dependent packages were not
present.
I refactored the `site_config::packages::build_essential` class,
which now inherits `site_config::packages`. The latter class removes
all unneccessary (development) packages, but when the
`site_config::packages::build_essential` class is included, some
dev packages are overridden to be installed.
- Tested: [local]
- Resolves: #7834
|
|
After restructuring site.pp to only include site_config::default and
the service-specific classes, we got this:
Duplicate declaration: X509::Cert[undef] is already declared in file
/srv/leap/puppet/modules/site_config/manifests/x509/commercial/cert.pp
at line 8; cannot redeclare at
/srv/leap/puppet/modules/site_config/manifests/x509/cert.pp:8 on node
rewcitestweb1.rewire.org
So i included site_config::params in all site_config::x509 clases.
Change-Id: Ib8387abfdc68b36c73a45fd2dd1f3a159eaec4a5
|
|
service (Bug #6851)
Also, moved global Exec{} defaults to site.pp
Change-Id: I9ae91b77afde944d2f1312613b9d9030e32239dd
|
|
fall-back to an OpenNIC resolver that does not log (#7781)
Change-Id: I290321927c8188c82e95e2cd4b93cd01bd2258c2
|
|
|
|
Change-Id: Iedd464a397e9944159991241cd84caad6a2a40d6
|
|
- Resolves: #7802
|
|
|
|
Under jessie, leap-mx is started by systemd now, not as a forked
proc by twistd anymore. Therefore leap-mx (the user the mx proc runs
as) needs direct access to it's config file under /etc/leap/mx.conf.
Before, twistd would start as root, read the config and then fork an mx
proc as unprivileged leap-mx user.
- Tested: [quetzal]
- Resolves: #7782
|
|
|
|
|
|
/var/log/leap/mx.log, and clean up the files associated with the
previous configuration (#7691)
Change-Id: Id08c97980292968e8e89f128afb5fa78bda30069
|
|
|
|
To reduce complexity, let's get rid of run stages.
We used them earlier but they seem to have no purpose anymore.
There was two stage leftovers:
- `site_config::slow` did an `apt-get dist-upgrade` in the
`setup` stage
- `site_config::setup` did call the `site_config::hosts` class
in the `setup` stage
I checked for dependencies to to those resources, and it looks good,
i tested by triggering a citest.
From
https://docs.puppetlabs.com/puppet/latest/reference/lang_run_stages.html#limitations-and-known-issues:
```
Due to these limitations, stages should only be used with the simplest
of classes, and only when absolutely necessary. Mass dependencies like
package repositories are effectively the only valid use case.
```
|
|
In order to switch to syslog for leap_mx, leap_mx needs to change to log
to syslog (#6307 and #6937), and we need to clean up the platform pieces
that set the non-syslog options, and rotated log
files (#6942). Hopefully, this will solve the leap_mx logrotation issue
at the same time (#7058)
Change-Id: If68f808a65c24c91231b88d15759809c9e379294
|
|
were logged before
Change-Id: Ief95f35ea52a189075c2eda28c00bcc567c464b2
|
|
because ruby-1.9.3 is not available on jessie.
- Related: #6920
|
|
These packages are a dependency of build-essential and will
get installed anyway.
- Related: #6920
|
|
issue #5924
Change-Id: I6aa1e7751633407d441cbc6436d8426d37dbbfa7
|
|
- Resolves: #7514
|
|
We need to remove local check-mk-agent checks on the tapicero
nodes, and want to notify the monitoring server to re-inventarize the
local checks.
This doesn't work when both services run on different hosts, it will
fail with:
Could not find dependent Exec[check_mk-refresh] for Tidy[checkmk_logwatch_spool]
So i remove the notifies, because we will re-inventarize of local checks
by a daily cronjob anyway, see #6873.
...
- Resolves: #XYZ
- Related: #XYZ
- Documentation: #XYZ
- Releases: XYZ
|
|
Done by including a service-dependend site_config::remove::webapp
class.
|
|
|
|
Remove from:
- platform white-box tests (couchdb user ACLs, tapicero daemon test)
- provider_base/ dir that handles the compilation of the hiera config
file
- Resolves: #7501
|
|
Soledad now creates user-dbs, which has been done by tapicero
in the past. we need to remove any leftovers from tapicero.
|
|
|
|
- create soledad-admin user
- deploy netrc file for userdb creation
- Move soledad-server.conf from /etc/leap to /etc/soledad
- make soledad-server.conf group-accessible for the soledad group, so
the soledad-admin user can read it
- Resolves: #7502
|
|
this tidy should only happen on webapp nodes
Change-Id: I56faac4fa28fde9dcad7ce9a6ed0d684630a556e
|
|
|
|
this tidy should only happen on webapp nodes
Change-Id: I56faac4fa28fde9dcad7ce9a6ed0d684630a556e
|
|
The configuration /etc/apache/sites-enabled/leap_webapp.conf was never
removed after 6255e58bf9ff3489bf2707bc2be9759ec5c7db68 made it obsolete,
and because it exists on older systems, it is being used instead of the
correct common.conf.
This removes it and reloads apache.
Change-Id: Ic4c9901f4bba869ecb3dfe5362dfd1971570f89a
|
|
The rationale here is:
- bigcouch/its included erlang version is incredibly noisy and spits out
warnings/error msgs all the time
- it uses the worst logging format i ever saw, multiple lines directly
to a file (couch 2.0 uses lager as logging backend which can log to
syslog)
- trying to sort out the false positives will take too much time,
and who knows which of them will be resolved in couch 1.6/2.0
Change-Id: Idbe6b37a19cd65ce31a50d4c28eedb4cf15ba3b5
|
|
stop the logrotate cron errors from happening. (#7058)
Change-Id: Iceaeb8c17600fc23d2b1ca075546f8573c145760
|
|
Those packages are needed by libvirt to reboot/shutdown a VM
by the virsh command.
Change-Id: I3eb7b113d11e3034f41d09d51c203b93275ae3c9
|
|
Change-Id: Ie0b1f22c49462bd5c4ee3290f100e5d3e14ccb03
|
|
Change-Id: I4e8fe3355a2d55193ebf745de1f932a6dcd6121c
|
|
|
|
Change-Id: Ic58f9516854f812d46aa3a574628318951f99a95
|
|
file #6964"
This reverts commit 984684f56f15d9d89ea78ffe6ed67dabf3d63208.
Needed because:
Augeas fails after upgrading augeas packages during same puppetrun, but
only on first deploy - https://leap.se/code/issues/6997
|
|
Change-Id: I385c639e5c096deef4f81691a85c1b83cbab9421
|
|
|