Age | Commit message (Collapse) | Author |
|
stop using bad nist curve for ssh host key (#6294)
We need to transition smoother (see #6319)
Change-Id: I8bee032aef9502a7d4b701b99719fbfb3b7169da
|
|
Change-Id: I56250e05e3a933deacd0b6e02192e712d3fd9fd5
|
|
leap packages (#4425)
Change-Id: I78c00c4410ff9f712206f95854d8803e43acb286
|
|
In a multi-node couch deployment, it was observed that the Service['stunnel']
would be activated, and then later a stunnel::client was created which would
trigger an Exec['refresh_stunnel']. Because of this, and the ordering hints
that were in place, the service would get started, and then the couchdb
databases, users, designs, etc. were being put into place and then a stunnel
client was created, triggering the refresh_stunnel exec, which would cause
an interruption in the connectivity and result in failures.
This change replaces the Service['stunnel'] hint with the the
Exec['refresh_stunnel'] to make sure that the stunnels are fully setup before
attempting couch operations.
Change-Id: I33ddd24884b3c23a1df5555ca53ca65cd703da50
|
|
Change-Id: I48dc8135943393bd11c7181853985f4a5799011e
|
|
update port parameter in site_sshd to be an array, otherwise
puppet errors about it being a Fixnum with new sshd module
Change-Id: I854d042edb98817169eef5e758d04d60d3c71dd5
|
|
Change-Id: I318944a6872a53ff9c533704514da339426d9401
|
|
usernames to block.
|
|
|
|
unattended-upgrades is not able to upgrade itself in certain situations,
such as when the conffile prompt is generated due to the config being
changed. We want to set this package as latest in the platform so that
it is upgraded on every deploy (we deploy the config anyway).
Change-Id: I8c99bfb1b001079f0e1a4ffbf048e0e867633335
|
|
SSLv3 (#6261)
Change-Id: I7ab5a6455e434f8359169d31febed8b92f84bbcc
|
|
repository, based on the hiera value 'major_version' (#6251)" into develop
|
|
based on the hiera value 'major_version' (#6251)
Change-Id: I10532ef83e3aa2d35d9c0be241952a35e366bba4
|
|
change puppet command to include in the --modulepath
/srv/leap/files/puppet/modules
If a provider places puppet code under files/puppet it will
be sync'd over to all the nodes, once leap cli #6225 is merged.
The custom puppet entry point is in class 'custom' which can
be put into files/puppet/modules/custom/manifests/init.pp
Change-Id: I74879c6ee056b03cd4691aa81a7668b60383bdad
|
|
Change-Id: I7214aa4334e3d817dd1b6d8dce43523e3d955b5d
|
|
nagios::defaults will include nagios::defaults::hostgroups which
add "all" and "centos_servers" hostgroups which we don't want.
Change-Id: If42faa11c167fb7305ebbb21dc358a8813afaa25
|
|
Change-Id: I6508ce0d06b37a1c5601a0e981a59f7fda47f76a
|
|
|
|
|
|
we don't dhclient to to set domain and search in /etc/reslov.conf
bigcouch has a strange way to find its hostname. It uses the domain
stanza in /etc/resolv.conf to find its domain
|
|
from https://github.com/gds-operations/puppet-resolvconf/blob/master/lib/facter/dhcp_enabled.rb
|
|
as discussed on #leap
|
|
|
|
This was a leftover from earlier versions, where we installed rsyslog
from the leap debian package repo.
Change-Id: I88a852f08b5aff3bd7b591b6220ac354463a9786
|
|
Change-Id: I66384ae4a723be063790362f70e57228a0f1539b
|
|
|
|
Change-Id: I8c64a0c530d44e55963060d52d31a0da1a88615c
|
|
Site_couchdb::Bigcouch::Settle_cluster/Exec[wait_for_couch_nodes] waits
60s for all nodes to be member of the cluster. Because we deploy to
multiple nodes in parallel, not all nodes are ready at the same time,
so we increased the timeout from 60s to 120s.
|
|
Conflicts:
platform.rb
puppet/modules/site_config/manifests/hosts.pp
|
|
|
|
Added a dependency on the couchdb "tapicero" user to get
created before starting the tapicero daemon.
|
|
fixes /etc/hosts: wrong order (Bug #5835) (now for real)
before, /etc/hosts contained i.e.
127.0.1.1 plain1 plain1.bitmask.net plain1.bitmask.i
which resulted in no fqdn reported both by "hostname -f"
and "facter fqdn"
this fix produces this order which is needed to report a fqdn:
127.0.1.1 plain1.bitmask.net plain1 plain1.bitmask.i
|
|
Due to how tapicero's initscript is made, it is not possible to check
for a valid exit code for the status (it returns a zero when it is not
running). So we disable the puppet 'hasstatus' parameter and instead
puppet will look in the process table for 'tapicero'
Change-Id: I9b017ea8055c0207e43876dd4e3bbc2619c0fd35
|
|
a wrong hostname on single node setup (Bug #5998)"
before, the ssh module added this check, resulting in a wrong
hostname and the port was always '22'.
manage_nagios parameter is boolean, so we use false instead of 'no'
manually add check_ssh to nagios (#5998)
|
|
|
|
|
|
@provider -> @webapp
|
|
This way the replication has read access on the source and write access on the target.
|
|
develop
|
|
METH_POST probably does not catch PUT, DESTROY etc. So instead we
now use the master as the default and only use the replications
for GET and HEAD requests.
|
|
|
|
|
|
- See issue #5217
- See companion change in leap_web
|
|
|
|
|
|
|
|
|
|
|
|
If obfsproxy is spawned alongside eip service, make it listen to
the gateway_adress IP. If obfsproxy is running standalone listen
to ip_address.
|
|
|