Age | Commit message (Collapse) | Author |
|
Change-Id: I52e19bbdfcf6576bd9c247d99aace47eb86c8116
|
|
|
|
might communicate with. this includes port and host key algorithm. closes #6432
|
|
Change-Id: Ia1e7009240d61464d7ba45ad07291664f6a3b768
|
|
|
|
Let check_mk put all hosts into the same "admin" contactgroup,
which is defined as default contactgroup by nagios.
Change-Id: I13b434925711ef2037de0cf6e919ce39a8255a94
|
|
descriptor limits to account for bigcouch sync spikes (#4935)
Change-Id: I242fba31f961b6139ec641e1708b170f5c0d009b
|
|
I reformatted the section below for consistency.
Change-Id: I18f5e23850e0c1ab4b1f2ee467d5af54ae9ff303
|
|
Change-Id: I5085247a87018e18e73833119ac73225afbfea1e
|
|
(#6388)
Previously the DNAT rule would redirect the incoming port 443 requests
to openvpn, which was the wrong thing to do on the primary IP (but the
right thing to do on the openvpn gateway IPs). This manifested in the
webapp not being available when it was also configured as a service on
the node.
Change-Id: Ic8c6b6c0389859fab168a7df687351e11263277a
|
|
Change-Id: I6d04cc7e028e86ee0012d96d7ef075fdd7ecef19
|
|
We need to check the openvpn hiera value, which may or may not be set.
If it is not set, then we need to not lookup the $openvpn['ports]'
values or we will get an error because it wont be the correct type.
If we do have it, then $openvpn_ports gets set with the hash, otherwise
it gets set to an empty hash (otherwise puppet will complain when we try
to query the member() later with "member(): Requires array to work
with").
Finally, if it is set to port 80, we don't include the
tor::daemon::directory
Change-Id: Ic366c72e966cae9d611e8fe5aa7ea7943be51241
|
|
|
|
|
|
|
|
Change-Id: Ibd08529b7d1c4fc22bcd0ca36e518afa5b8f6d24
|
|
webapp node (#6336)
Change-Id: Ib70bbd8fe7b94b7a1bfb09390d5dd1c535f2da16
|
|
Change-Id: I4c7fb20b6da6f6a5bb2dd5af70511a28d4581174
|
|
|
|
Change-Id: I92f69b6fa30aae953243ae19096e2998810c9ac6
|
|
stop using bad nist curve for ssh host key (#6294)
We need to transition smoother (see #6319)
Change-Id: I8bee032aef9502a7d4b701b99719fbfb3b7169da
|
|
Change-Id: I56250e05e3a933deacd0b6e02192e712d3fd9fd5
|
|
leap packages (#4425)
Change-Id: I78c00c4410ff9f712206f95854d8803e43acb286
|
|
In a multi-node couch deployment, it was observed that the Service['stunnel']
would be activated, and then later a stunnel::client was created which would
trigger an Exec['refresh_stunnel']. Because of this, and the ordering hints
that were in place, the service would get started, and then the couchdb
databases, users, designs, etc. were being put into place and then a stunnel
client was created, triggering the refresh_stunnel exec, which would cause
an interruption in the connectivity and result in failures.
This change replaces the Service['stunnel'] hint with the the
Exec['refresh_stunnel'] to make sure that the stunnels are fully setup before
attempting couch operations.
Change-Id: I33ddd24884b3c23a1df5555ca53ca65cd703da50
|
|
Change-Id: I48dc8135943393bd11c7181853985f4a5799011e
|
|
update port parameter in site_sshd to be an array, otherwise
puppet errors about it being a Fixnum with new sshd module
Change-Id: I854d042edb98817169eef5e758d04d60d3c71dd5
|
|
Change-Id: I318944a6872a53ff9c533704514da339426d9401
|
|
usernames to block.
|
|
|
|
unattended-upgrades is not able to upgrade itself in certain situations,
such as when the conffile prompt is generated due to the config being
changed. We want to set this package as latest in the platform so that
it is upgraded on every deploy (we deploy the config anyway).
Change-Id: I8c99bfb1b001079f0e1a4ffbf048e0e867633335
|
|
SSLv3 (#6261)
Change-Id: I7ab5a6455e434f8359169d31febed8b92f84bbcc
|
|
repository, based on the hiera value 'major_version' (#6251)" into develop
|
|
based on the hiera value 'major_version' (#6251)
Change-Id: I10532ef83e3aa2d35d9c0be241952a35e366bba4
|
|
change puppet command to include in the --modulepath
/srv/leap/files/puppet/modules
If a provider places puppet code under files/puppet it will
be sync'd over to all the nodes, once leap cli #6225 is merged.
The custom puppet entry point is in class 'custom' which can
be put into files/puppet/modules/custom/manifests/init.pp
Change-Id: I74879c6ee056b03cd4691aa81a7668b60383bdad
|
|
Change-Id: I7214aa4334e3d817dd1b6d8dce43523e3d955b5d
|
|
nagios::defaults will include nagios::defaults::hostgroups which
add "all" and "centos_servers" hostgroups which we don't want.
Change-Id: If42faa11c167fb7305ebbb21dc358a8813afaa25
|
|
Change-Id: I6508ce0d06b37a1c5601a0e981a59f7fda47f76a
|
|
|
|
as discussed on #leap
|
|
|
|
This was a leftover from earlier versions, where we installed rsyslog
from the leap debian package repo.
Change-Id: I88a852f08b5aff3bd7b591b6220ac354463a9786
|
|
Change-Id: I66384ae4a723be063790362f70e57228a0f1539b
|
|
|
|
Change-Id: I8c64a0c530d44e55963060d52d31a0da1a88615c
|
|
Site_couchdb::Bigcouch::Settle_cluster/Exec[wait_for_couch_nodes] waits
60s for all nodes to be member of the cluster. Because we deploy to
multiple nodes in parallel, not all nodes are ready at the same time,
so we increased the timeout from 60s to 120s.
|
|
Conflicts:
platform.rb
puppet/modules/site_config/manifests/hosts.pp
|
|
|
|
Added a dependency on the couchdb "tapicero" user to get
created before starting the tapicero daemon.
|
|
fixes /etc/hosts: wrong order (Bug #5835) (now for real)
before, /etc/hosts contained i.e.
127.0.1.1 plain1 plain1.bitmask.net plain1.bitmask.i
which resulted in no fqdn reported both by "hostname -f"
and "facter fqdn"
this fix produces this order which is needed to report a fqdn:
127.0.1.1 plain1.bitmask.net plain1 plain1.bitmask.i
|
|
Due to how tapicero's initscript is made, it is not possible to check
for a valid exit code for the status (it returns a zero when it is not
running). So we disable the puppet 'hasstatus' parameter and instead
puppet will look in the process table for 'tapicero'
Change-Id: I9b017ea8055c0207e43876dd4e3bbc2619c0fd35
|