| Age | Commit message (Collapse) | Author |
|---|
|
Change-Id: I10ec569821f329e3bd10ac87242db102e9c82246
|
|
6539 increase time between check mk agent runs
https://leap.se/code/issues/6539
See merge request !11
|
|
right now, check_mk_agent is run every minute on each host.
The soledad sync test depends on tapicero, and in between finishing the
soledad test and removing the testuser db, and the start of another test
there's only 13s
Change-Id: I5b22ba02470cce799a12043d21091c0c9b8e0b5f
|
|
Change-Id: I198c5245c7e73d6dd7a7d9725fac1eb9a8f425a5
|
|
Bug/6511
Update tapicero logwatch ignore error to be before the Critical line. Additionally, enhance it to also capture the "Creating database", "Writing security to" entries.
See merge request !9
|
|
leap_platform was modified so the nagios.internal_domains contain the
domain name (with the tld replaced by an "i" for internal), see
https://leap.se/code/issues/6477#note-11.
in order to achieve this the easy way, each host got added a
domain_internal_suffix value, which can be iterated over to get all
nagios.internal_domains.
Because we use `create_resources ( site_nagios::add_host_services,
$nagios_hosts )` in site_nagios::server to deploy the services, the
site_nagios::add_host_services define needs to have a
domain_internal_suffix parameter added.
Change-Id: I6b83b3f291a1a611b5b92d5ba3ed82597a42bba7
|
|
requirement in logwatch, remove extended regexp character class and also
ignore "Writing security" lines
Change-Id: I7d33725db06a40361a3b04f9591adeb6a025bf77
|
|
Bug/6512
See merge request !5
|
|
Change-Id: I0939070482fad4f99f03e41094a3df42ff5063e4
|
|
Change-Id: I03842b65329aabb012cc2c7514007e174cbd8fc0
|
|
Change-Id: I8a6c27434f548f24d9dba1a969699200ab307477
|
|
the service has been started (#6495)
Change-Id: Id48fedb5731117b68b7386c4ce22516333d94081
|
|
check_mk_objects.cfg (Feature #5142)
Change-Id: Ib0283806b5485a9d15f0aa7e09142989367dae20
|
|
|
|
Change-Id: I029ffabd33299a5b42e5f262e372eafb6272d094
|
|
Change-Id: I0b1eec11a3b3da39d65572b6bee8b3ce892e08ac
|
|
now (Bug #6489)
Change-Id: Iaec748a173b6e11bb3ab3c11ca152809817644f9
|
|
environment's contact email (Bug #6466)" into develop
|
|
contact email (Bug #6466)
Change-Id: Ib86ae771e0ac3b6f329a517a8a31c9ec54d33a05
|
|
users (Feature #6481)
There are potentially many tapicero daemons running, and they all try
to do the same thing at the same time. It is basically designed to
create race conditions. All tapicero daemons try to create the user db
at the same time. Only one of them wins the race and actually creates
it.
We need to fix this later (see https://leap.se/code/issues/6480) but
for now, we ignore them because conflict errors should be handled by the
applictation anyway.
Change-Id: I91095b1901d238e3d199954ba3716023d3fd49c1
|
|
Change-Id: I2fa85918af8199fbc41bb4e58dae6c78911ab626
|
|
Change-Id: Ibd1b1eef7afca10cf2a2d56a24e703636d6a52c6
|
|
Change-Id: Ibbe3687d5a773b444f6e9145bf235aaeea637e1d
|
|
Change-Id: Idf550ed004bcb42d6e19ac0a2c5286f52a390935
|
|
Change-Id: I2549d781427fffc865c2bdcd1e950d60dad509fd
|
|
sent out on first failed check_mk check (Bug #6461)
Change-Id: I1bd47b3c3d17508488a4db90d74118006d85a03a
|
|
Change-Id: I52e19bbdfcf6576bd9c247d99aace47eb86c8116
|
|
|
|
might communicate with. this includes port and host key algorithm. closes #6432
|
|
Change-Id: Ia1e7009240d61464d7ba45ad07291664f6a3b768
|
|
|
|
Let check_mk put all hosts into the same "admin" contactgroup,
which is defined as default contactgroup by nagios.
Change-Id: I13b434925711ef2037de0cf6e919ce39a8255a94
|
|
descriptor limits to account for bigcouch sync spikes (#4935)
Change-Id: I242fba31f961b6139ec641e1708b170f5c0d009b
|
|
I reformatted the section below for consistency.
Change-Id: I18f5e23850e0c1ab4b1f2ee467d5af54ae9ff303
|
|
Change-Id: I5085247a87018e18e73833119ac73225afbfea1e
|
|
(#6388)
Previously the DNAT rule would redirect the incoming port 443 requests
to openvpn, which was the wrong thing to do on the primary IP (but the
right thing to do on the openvpn gateway IPs). This manifested in the
webapp not being available when it was also configured as a service on
the node.
Change-Id: Ic8c6b6c0389859fab168a7df687351e11263277a
|
|
Change-Id: I6d04cc7e028e86ee0012d96d7ef075fdd7ecef19
|
|
We need to check the openvpn hiera value, which may or may not be set.
If it is not set, then we need to not lookup the $openvpn['ports]'
values or we will get an error because it wont be the correct type.
If we do have it, then $openvpn_ports gets set with the hash, otherwise
it gets set to an empty hash (otherwise puppet will complain when we try
to query the member() later with "member(): Requires array to work
with").
Finally, if it is set to port 80, we don't include the
tor::daemon::directory
Change-Id: Ic366c72e966cae9d611e8fe5aa7ea7943be51241
|
|
|
|
|
|
|
|
Change-Id: Ibd08529b7d1c4fc22bcd0ca36e518afa5b8f6d24
|
|
webapp node (#6336)
Change-Id: Ib70bbd8fe7b94b7a1bfb09390d5dd1c535f2da16
|
|
Change-Id: I4c7fb20b6da6f6a5bb2dd5af70511a28d4581174
|
|
|
|
Change-Id: I92f69b6fa30aae953243ae19096e2998810c9ac6
|
|
stop using bad nist curve for ssh host key (#6294)
We need to transition smoother (see #6319)
Change-Id: I8bee032aef9502a7d4b701b99719fbfb3b7169da
|
|
Change-Id: I56250e05e3a933deacd0b6e02192e712d3fd9fd5
|
|
leap packages (#4425)
Change-Id: I78c00c4410ff9f712206f95854d8803e43acb286
|
|
In a multi-node couch deployment, it was observed that the Service['stunnel']
would be activated, and then later a stunnel::client was created which would
trigger an Exec['refresh_stunnel']. Because of this, and the ordering hints
that were in place, the service would get started, and then the couchdb
databases, users, designs, etc. were being put into place and then a stunnel
client was created, triggering the refresh_stunnel exec, which would cause
an interruption in the connectivity and result in failures.
This change replaces the Service['stunnel'] hint with the the
Exec['refresh_stunnel'] to make sure that the stunnels are fully setup before
attempting couch operations.
Change-Id: I33ddd24884b3c23a1df5555ca53ca65cd703da50
|
