summaryrefslogtreecommitdiff
path: root/puppet/modules
AgeCommit message (Collapse)Author
2015-07-07Ignore openvpn logwatch warnings (#6867)varac
These are warnings that might have different origins, each of them we don't want to alarm the admin: - A bitmask client bug (user will poke the client devs if things break, and they will go after it) - A simple network failure, packets might get cut of - Malicious user tries to temper with TLS handshakes - this gets more interesting, but still (like ssh bruteforce attacs) an admin would not want to get annoyed by this by default, but they still have the option to use log analysers of their choice if they want to investigate this. Change-Id: I23ca3b700e41f22f34ad3346ed4e647b86000bb2
2015-07-07moved removal of leap_couch_stats.sh TMPFILE to end of script (#7217)varac
Change-Id: If844b95c44e697f480df8ee2ae6607709b9942f7
2015-07-07remove leap_couch_stats.sh TMPFILE so /tmp/ won't fill with tmp files (#7217)varac
Change-Id: I7b778e1e1af2784bd79840f20453ca8718927e25
2015-07-06Don't monitor disabled nodes (#7235)varac
Change-Id: I51ce8a9e8773d267c270a1725a497f9a43f2e9ff Sidenote: $nagios_hosts was never used
2015-07-05zlib1g-dev needed for amber gem fixes #7231kwadronaut
2015-07-01Don't remove acpid and acpi-support-base packagesvarac
Those packages are needed by libvirt to reboot/shutdown a VM by the virsh command. Change-Id: I3eb7b113d11e3034f41d09d51c203b93275ae3c9
2015-06-29updated submodule couchdb to remove debugging leftover notice()varac
Change-Id: I9c901a21c2ae3cd0164ca9bd3b4aab63d6a239c7
2015-06-24remove static site circular dependency (closes #7145)elijah
2015-06-23cleanup no longer used unbound conf.d pieces (#7187)Micah Anderson
Change-Id: Ie0b1f22c49462bd5c4ee3290f100e5d3e14ccb03
2015-06-23update unbound module to change hasstatus parameter to true (#6885)Micah Anderson
Change-Id: I532263ffe6679ff6c2249926086098dc8b4877f5
2015-06-23Remove old clean-up, this is no longer necessaryMicah Anderson
Change-Id: I4e8fe3355a2d55193ebf745de1f932a6dcd6121c
2015-06-22Merge branch '6067_plain_couchdb' into developvarac
2015-06-22Merge branch 'use_pbkdf2_for_newer_couchdb_versions' into developvarac
2015-06-21Support plain couchdb (#6067)varac
The bigcouch specific class ordering from site_couchdb::create_dbs needed to move to site_couchdb::bigcouch, otherwise a plain couchdb setup would try to include bigcouch classes and fail. Change-Id: I06742d4a12c5b40c9c9faa90441734e6926d422d
2015-06-21linted create_dbs.ppvarac
Change-Id: I9e46286c402adc06f3f815f8a1eea11fe82c7c39
2015-06-17bugfix: site_static module was not including ssl_common.incelijah
2015-06-11use couch.pwhash_alg hiera variable for hashing couchdb admin pwvarac
use this to run a single, plain couchdb node, using couchdb 1.6 from the leap repo: "couch": { "master": true, "pwhash_alg": "pbkdf2" } Change-Id: Ie4f34c2c5cb9feca7a10450bcf0bc260c8aa9d33
2015-06-11updated submodule couchdbvarac
Change-Id: Id5bc16d8466c3407e9f7c4015c1e3a96129daf0a
2015-06-11updated submodule couchdb (Couchdb >=1.3 uses pbkdf2 as pw hashing ↵varac
algorhythm, #7120) Change-Id: I97560f4134a700579d1523ddd8ba173bfb1f0659
2015-06-09Merge branch '0.7.0' into developvarac
2015-06-07deploy check_openvpn_server.pl after nagios-plugins-standard package is ↵0.7.0rc2varac
installed Change-Id: I272b30fd79e89ddf968c0a6e453d53a1f0540397
2015-06-06Configure apt preferences before installing any packagesvarac
Change-Id: Iac4dc8428ff5e663870ed4dd6a2b840e0904e5be
2015-06-04add preferences snippet for leap repository (#7090)Micah Anderson
Change-Id: Ia7a35c8613350ad75ff1ebbdda0a09efa0960ba6
2015-06-02ensure the enterhooks directory is presentChristoph Kluenter
2015-05-27Merge remote-tracking branch 'gitlab/0.7.0' into 0.7.0Micah Anderson
2015-05-27leap_couch_stats.sh handles rotated dbs (#6987)varac
Change-Id: I115ebdefd7365bf15a30c4a3ce7a4543ad757cec
2015-05-26Implement weakdh recommendations for cipher suites (#7024)Micah Anderson
This is a first step mitigation until we can have a newer apache that will allow us to specify dh parameters other than the default. Change-Id: Ibfcee53b331e8919466027dde1a93117b5210d9d
2015-05-26Merge branch '6964_use_exec_to_remove_matching_fileline' into 0.7.0varac
2015-05-26updated couchdb submodule fix random couch_doc_update errors (#6850)varac
Change-Id: I0d824e3f65ecfc9b6442b39003dacc35009fe10d
2015-05-26check_mk complains about non-existing logfile (#6964)varac
Change-Id: Ic58f9516854f812d46aa3a574628318951f99a95
2015-05-26Revert "remove old leap_mx logfile location from check_mk logwatch state ↵varac
file #6964" This reverts commit 984684f56f15d9d89ea78ffe6ed67dabf3d63208. Needed because: Augeas fails after upgrading augeas packages during same puppetrun, but only on first deploy - https://leap.se/code/issues/6997
2015-05-14remove old leap_mx logfile location from check_mk logwatch state file #6964varac
Change-Id: I385c639e5c096deef4f81691a85c1b83cbab9421
2015-05-06update postfix submodule to contain fix for non-existing fact ↵varac
operatingsystemmajrelease Change-Id: If29f562cb91354151147092b7ea7acc558f504cb
2015-05-06update postfix submodule to latest shared, necessary to fix module_dir problemMicah Anderson
Change-Id: I95e8eb0f4b2299aca0b70806d7aeac0e8714ab19
2015-05-06update common module to the latestMicah Anderson
Change-Id: I0a52033bfafdb5f492fe21b0b33fe790a94212d5
2015-05-06fix unattended-upgrades now that jessie has been releasedMicah Anderson
Change-Id: I69e6a0f8e676be72bce492af32fef76c9167f5ee
2015-04-28Reject inbound mail to local system users that don't appear invarac
/ect/aliases #6829 We began to recieve spam for vmail@DOMAIN. So we want to block inbound mail to local system users. However, users in the /etc/aliases file are still accepted on inbound mail - see https://leap.se/code/issues/6909 for a follow up. Change-Id: I03d3014984c4bd27f90147125fb037b68716624d
2015-04-27Merge branch 'rsyslog_traditional_timestamps' into developvarac
2015-04-26update couchdb submoduleelijah
2015-04-26Use rsyslog traditional timestamp format in custom logfiles #6886varac
Change-Id: I9e033f63e3b387e95f5bf1c3820e456f740d8180
2015-04-26run check_mk_agent every 4 instead of 10 minutes, useful for better graphsvarac
Change-Id: Ibefc6ce08cf714cf79a460a8b6eb32e2851ce22c
2015-04-26Tapicero changed it's error message when uploading design doc fails in race ↵varac
condition with another tapicero instance #6534 Change-Id: Ie194a2983210601bd24aef5e74f8b7fa2b7c433f
2015-04-26updated submodule nagios to improve readability of notification mailsvarac
Change-Id: I518b2291317b81e915f7189f2a48110528e80e18
2015-04-17rename leap-mx logrotate file; minor style change.elijah
2015-04-16keep five log files instead of seven.elijah
2015-04-16stunnel shouldn't use syslog, and leap_mx can't.elijah
2015-04-16properly clean up unused fileselijah
2015-04-16restore tapicero heartbeat.elijah
2015-04-16clean up logging mess: add 'logfile' define, mv openvpn and stunnel logs to ↵elijah
their own files, fix mx logwatch path.
2015-04-15fix tapicero & webapp logs: remove heartbeat log check, move to ↵elijah
/var/log/tapicero, fix webapp logwatch location.