Age | Commit message (Collapse) | Author |
|
this allows nameserver queries to the local resolver to work and clones to the
leap https repository to work
Change-Id: I575d08405a0c28e12c8d201a8dbc79585a5a9a48
|
|
otherwise puppet complains (#3339)
Change-Id: I7c8cc235817fe3d898157de4c4fdd8f1fe74f05a
|
|
Change-Id: Id3138cb967f76380b7f4e22ce862a099cb47669e
|
|
Change-Id: Iae2b1cacd64565931cef77194a733aeae681efaf
|
|
Change-Id: I341628d0f36225ce49ae301246e7c152553efcae
|
|
cases when shorewall doesn't properly come up, ensuring that it fails safe (#3339)
Change-Id: Id4f0bf6cf25f420aa2ad67635b37ae95f54e3d38
|
|
squashed commits:
site_squid_deb_proxy::client: include shorewall::rules::mdns for avahi discovery
added submodule squid_deb_proxy from git://code.leap.se/puppet_squid_deb_proxy
updated submodule squid_deb_proxy
use squid_deb_proxy::client
|
|
This reverts commit 9e83de3497ec55f4910de099917387d500b8f4b4.
|
|
|
|
|
|
to work with the latest leap_cli.
|
|
change each time you deploy.
|
|
|
|
packages that we want to make sure are installed remove packages that were found on vagrant and PC installations that have no business being there
Change-Id: I4887a327ca89eb60945ad817a75ff199859824d3
|
|
unbound
|
|
Due to the fact that /etc/hosts is modified in the early stage setup.pp run and
the stunnel service is not deployed on an initial puppet run, we cannot simply
override the Service['stunnel'] but instead need to trigger a restart through
an exec calling the init script that first tests to see if it is present.
Change-Id: I6bf5dfece9ecbdb8319747774185dec50d5a55f6
|
|
of one of [0]' by putting in the missing closing single quote.
Change-Id: I86feb5d06dd25e28ea67da0b5627e7be4174e01e
|
|
. move the setting of the xterm title to site_config::shell
. change the xterm file resource to use standard source lines, switch to single
quotes, quote mode, and line up parameters
. move the mosh pieces into a site_ssh::mosh class and only include it if the
right mosh variable is enabled, passing into the class the necessary hiera parameters
. lint the site_ssh::mosh resources
. change the authorized_keys class to accept the key parameter which is passed
in from the main ssh class (but allow for out of scope variable lookup when the
tag is passed)
Change-Id: Ieec5a3932de9bad1b98633032b28f88e91e46604
|
|
openstack/amazon instances
The dhclient in these environments is quite aggressive and overwrites the
nameservers we've deliberately chosen to use with google's nameservers. This
commit attempts to fix that.
The dhclient methodology for altering these things is particularly
unpleasant. We effectively redefine the functions that mess with this file to be
noops in the /etc/dhcp/dhclient-enter-hooks.d directory and then we are forced
to restart dhclient by shipping a script that tries to determine the correct PID
and arguments that it was running as before killing and restarting it with the
same arguments.
See debian bugs #681698, #712796 for further discussion about how to make this
less difficult
Change-Id: I51cf40cf98eaddcefd8180e157b6e3ca824173f0
|
|
|
|
|
|
|
|
|
|
setup a /etc/profile.d configuration snippet to put /srv/leap/bin in the $PATH (#2122)
Change-Id: I0afb5232375e6c6d9f692a97243023c710265d54
|
|
Change-Id: If10470978ee31a398e0b88d8d98552c93d4706a2
|
|
|
|
|
|
|
|
variables that are used in different places
to start with we setup the $interface variable, based on logic as defined in #2213
change the various places that were looking up this value to use site_config::params::interface instead
|
|
|
|
|
|
|
|
|
|
Because in site.pp it didn't get the tag "leap_base"
and would not be declared with leap cli's default puppet
tags.
Fixes: parent directory /var/lib/puppet/concat
does not exist (Feature#1625)
|
|
|
|
|
|
|
|
|
|
|
|
which interface has it (essentially the inverse of the ipaddress_${interface}
fact).
Switch the hiera lookups of the $interface, which was pulling from the .json to
pull instead from the above fact, see #1547 and #1548
|
|
|
|
|
|
sub-directories under /etc/unbound (#1412)
|
|
|
|
|
|
|
|
include directives, so this commit works around this by doing something less
elegant than before. When we have the newer unbound available, we should switch
to that method instead.
|
|
to do tor lookups over DNS on servers, if tor services are defined.
To do this, we remove the bind9 configurations from site_config::resolvconf.pp
and replace it with site_config::caching_resolver with a basic unbound
configuration that can be used everywhere. The unbound configuration enables a
/etc/unbound/conf.d directory for additional config snippits that can be dropped
in from other places. This will be used for setting up different interfaces in
the vpn gateway, for example.
There will be a set of transition package/file absent blocks to clean up
providers.
|
|
|
|
|