Age | Commit message (Collapse) | Author |
|
In certain node setups, the webapp gems cannot get built
because `build-essential` and dependent packages were not
present.
I refactored the `site_config::packages::build_essential` class,
which now inherits `site_config::packages`. The latter class removes
all unneccessary (development) packages, but when the
`site_config::packages::build_essential` class is included, some
dev packages are overridden to be installed.
- Tested: [local]
- Resolves: #7834
|
|
|
|
After restructuring site.pp to only include site_config::default and
the service-specific classes, we got this:
Duplicate declaration: X509::Cert[undef] is already declared in file
/srv/leap/puppet/modules/site_config/manifests/x509/commercial/cert.pp
at line 8; cannot redeclare at
/srv/leap/puppet/modules/site_config/manifests/x509/cert.pp:8 on node
rewcitestweb1.rewire.org
So i included site_config::params in all site_config::x509 clases.
Change-Id: Ib8387abfdc68b36c73a45fd2dd1f3a159eaec4a5
|
|
service (Bug #6851)
Also, moved global Exec{} defaults to site.pp
Change-Id: I9ae91b77afde944d2f1312613b9d9030e32239dd
|
|
ensuring the satellite hosts are setup properly (#7611)
Change-Id: I9dce57c305a6fd6a39596a941174fe1879af5e4f
|
|
|
|
failed to parse template tor/torrc.exit_policy.erb, undefined method
`each' for "*:*":String
Change-Id: I2b7b444187376dbc2f3cc5095391ae54bf8321b3
|
|
|
|
|
|
fall-back to an OpenNIC resolver that does not log (#7781)
Change-Id: I290321927c8188c82e95e2cd4b93cd01bd2258c2
|
|
|
|
without getting blocked by the rbl (#7819)
Change-Id: Ib7a00f810b6c49528e5f99a1d83296553a81e65e
|
|
Change-Id: Iedd464a397e9944159991241cd84caad6a2a40d6
|
|
- Tested: [unstable.bitmask.net]
- Resolves: #7798
|
|
- Resolves: #7802
|
|
|
|
Under jessie, leap-mx is started by systemd now, not as a forked
proc by twistd anymore. Therefore leap-mx (the user the mx proc runs
as) needs direct access to it's config file under /etc/leap/mx.conf.
Before, twistd would start as root, read the config and then fork an mx
proc as unprivileged leap-mx user.
- Tested: [quetzal]
- Resolves: #7782
|
|
|
|
|
|
|
|
|
|
Change-Id: I101e4c9791102123d4334e1b84a48dacea99ac52
|
|
|
|
|
|
leap_cli could not get installed from source on jessie
|
|
debconf selections, are set correctly (#7478)
Change-Id: I3bd261fd6fe27bbf10b8994ffff9f8b7be5b9de0
|
|
Change-Id: I895c25daca65c19916c47267e61a4f04a6489a84
|
|
|
|
directories are managed by the platform (#6936)
Change-Id: I1836eb728c0379b6175ae6d54231a6f6a7ae1033
|
|
|
|
|
|
/var/log/leap/mx.log, and clean up the files associated with the
previous configuration (#7691)
Change-Id: Id08c97980292968e8e89f128afb5fa78bda30069
|
|
The apache_version() fact only works if apache is
already installed. So we use the guess_apache_version()
function from the apache module to determine which apache
version is to be installed.
- Resolves: #7681
|
|
|
|
Providing a custom sources.platform.apt.basic value worked
with the last commit, but without that the platform would fail.
So we provide a default value now in provider_base/common.json,
which can get overridden.
|
|
So we can use the experimental-0.8 repo instead of 0.8 i.e.
Use this to customize the main LEAP deb url:
"sources": {
"apt": {
"leap": {
"basic": "http://deb.leap.se/experimental-0.9"
}
}
}
|
|
so we can easily use the experimental-0.(8|9) deb repos, which are
signed with this key
|
|
to relay mail through us (#3634)
Change-Id: I46cf3ffbef4261839c376f4c36a50d9c44eb1374
|
|
To reduce complexity, let's get rid of run stages.
We used them earlier but they seem to have no purpose anymore.
There was two stage leftovers:
- `site_config::slow` did an `apt-get dist-upgrade` in the
`setup` stage
- `site_config::setup` did call the `site_config::hosts` class
in the `setup` stage
I checked for dependencies to to those resources, and it looks good,
i tested by triggering a citest.
From
https://docs.puppetlabs.com/puppet/latest/reference/lang_run_stages.html#limitations-and-known-issues:
```
Due to these limitations, stages should only be used with the simplest
of classes, and only when absolutely necessary. Mass dependencies like
package repositories are effectively the only valid use case.
```
|
|
has the right permissions (see #6936)
Change-Id: Ib7b86d73197fecfd74b72fe5ff06d1a78d9d4432
|
|
|
|
(#7618)
Change-Id: Ib9fa598a94e8fd41329b1c9ed4bb52281bf04992
|
|
|
|
|
|
|
|
Change-Id: I6ab266ea4f74277f8262653c43f2b3a5a4254a79
|
|
|
|
This change will make sure that the user/group for leap-mx exist, and it
changes the mail location from /var/mail/vmail to the more helpful name
/var/mail/leap-mx.
This change requires:
https://github.com/leapcode/leap_mx/pull/78
and it would replace merge request:
https://github.com/leapcode/leap_mx/pull/65
and fix https://leap.se/code/issues/6936 and
https://leap.se/code/issues/7635
Change-Id: Idbe678dc999e394232c2eeef2b2018d39ab7cc3b
|
|
When mail comes in to the system, a lookup is done to see if it is a
valid leap user, if it is, leap_mx now returns something of the form:
uuid@deliver.local (see #5959). The virtual_mailbox_domains lists
deliver.local, so postfix choses to deliver to
virtual_mailbox_base (/var/mail/vmail) which has been hardcoded to the
'vmail' maildir and user.
We want leap related mail and leap aliases to go through the virtual
alias system, all the hard-coded universal aliases we want to go through
the local system and we dont want these separate. Known domains that are
considered 'virtual' will be forwarded or delivered to the vmail user,
the rest rejected as unknown recipient, instead of being handed off to
leap-mx.
Previously, the way this was done is we leaned (too heavily) on the
'luser_relay' postfix configuration which sent anything that wasn't
locally configured right to the leap_mx spool. That meant everything
went there, including addresses that didn't exist, and leap-mx would
then have to process those and bounce them. This removes the
'luser_relay' option, so any address that doesn't resolve properly to
either a local address/alias, or a leap address or alias (through
tcp lookups on 2424 and 4242) will get bounced as an unknown user.
Change-Id: I3c22e9383861b3794dd9adfd7aa6a0cf0a773a18
|
|
|