summaryrefslogtreecommitdiff
path: root/puppet
AgeCommit message (Collapse)Author
2013-07-25added submodule postfix from git://labs.riseup.net/shared-postfixvarac
2013-07-25include site_mxvarac
2013-07-23fix linting errorMicah Anderson
Change-Id: I975e1bd480d756a85e556b440a0e28e3899c9af8
2013-07-19try::file - absolute exec paths.elijah
2013-07-19an entirely different implementation of try::file, using all execs. the ↵elijah
built in file resource of puppet can't be used for what we want, because if you specify $source, it always bombs out if it doesn't exist, regardless of dependencies.
2013-07-17default to false for $hostselijah
2013-07-16lint site_openvpn manifestsMicah Anderson
Change-Id: I314031d93aa9f4a0f217680870678e39c096d46a
2013-07-15lint nickserver classMicah Anderson
Change-Id: I03cdb5a6255d245cb1163a30b221b4c32dc4bef6
2013-07-15Merge branch 'hotfix/issue/3140' into developvarac
2013-07-11changes to support restrictive permissions for /etc/leap. this is required ↵elijah
to work with the latest leap_cli.
2013-07-10ensure that /etc/hosts is output deterministically, so that content does not ↵elijah
change each time you deploy.
2013-07-09use file_line from stdlib instead of line, now both ↵varac
vpn_unlimited_tcp_resolver and vpn_unlimited_udp_resolver are included
2013-07-06site_webapp -- make bundler not install test-only or development-only gems.elijah
2013-07-04more robust openvpn restartingMicah Anderson
this ensures that an actual restart is run on the service when config files are added or removed, instead of relying on the status parameter of the initscript, which can be confused if config files are removed out from under it Change-Id: I1c69fff26933338b707acf7dc4593547f32f92e3
2013-07-03Merge branch 'bug/1983' into leapMicah Anderson
2013-07-02update stunnel submodule to fix refresh bug #3013Micah Anderson
Change-Id: I9ed218d9353c05b34d34c363a6a3f10d54b3a60a
2013-07-02create a site_config subclass for package installation and removal add ↵Micah Anderson
packages that we want to make sure are installed remove packages that were found on vagrant and PC installations that have no business being there Change-Id: I4887a327ca89eb60945ad817a75ff199859824d3
2013-07-02deleted bind9 purging, it was only needed for the transition from bind to ↵varac
unbound
2013-07-01restart stunnels if /etc/hosts is changed (#3031)Micah Anderson
Due to the fact that /etc/hosts is modified in the early stage setup.pp run and the stunnel service is not deployed on an initial puppet run, we cannot simply override the Service['stunnel'] but instead need to trigger a restart through an exec calling the init script that first tests to see if it is present. Change-Id: I6bf5dfece9ecbdb8319747774185dec50d5a55f6
2013-06-30Fix 'Failed to call refresh: /usr/local/sbin/reload_dhclient returned 2 insteadMicah Anderson
of one of [0]' by putting in the missing closing single quote. Change-Id: I86feb5d06dd25e28ea67da0b5627e7be4174e01e
2013-07-01Merge branch 'feature/authorized_keys' of ↵micah
/home/git/repositories/micah/leap_platform into develop
2013-06-30switch to own define for managing ssh keysvarac
The problem with puppet's built-in ssh_authorized_key is that you can purge unmanaged keys in a authorized_keys file. see https://leap.se/code/issues/3010 for details. Conflicts: puppet/modules/site_sshd/manifests/authorized_keys.pp Change-Id: I640bf7ebc0f0f7fb19cc46feb4cb2702d6561a9b
2013-06-30modularize and standardize site_sshd:Micah Anderson
. move the setting of the xterm title to site_config::shell . change the xterm file resource to use standard source lines, switch to single quotes, quote mode, and line up parameters . move the mosh pieces into a site_ssh::mosh class and only include it if the right mosh variable is enabled, passing into the class the necessary hiera parameters . lint the site_ssh::mosh resources . change the authorized_keys class to accept the key parameter which is passed in from the main ssh class (but allow for out of scope variable lookup when the tag is passed) Change-Id: Ieec5a3932de9bad1b98633032b28f88e91e46604
2013-06-28added site_sshd::authorized_keysvarac
2013-06-27Merge branch 'bug/2984' into developMicah Anderson
2013-06-27update the apt submodule in order to get the fix for unattended_upgrades ↵Micah Anderson
(#2984) and the custom_key_dir as a class parameter remove the global variable from setup.pp and site.pp and instead pass it into the apt class declaration as a parameter Change-Id: I24806f2fd22b5a066b951c5f76f3dd748481b5b6
2013-06-25fix for #2986 - the services variable is no longer an arrayMicah Anderson
Change-Id: Ia6fc60c0c1fdfa50e1d6d981699c1d8010df63fc
2013-06-25Merge remote-tracking branch 'leap/develop' into developMicah Anderson
2013-06-25fix preferences description for Debian squeezeMicah Anderson
Change-Id: I30ca424bd9b89b3e95532e325828982e8e513fc7
2013-06-25include global variable for apt config, include Exec[] defaultsvarac
2013-06-25updated apt submodule, remove unnecessary before dependency on the ↵varac
/etc/apt/preferences file in unattended_upgrades.pp
2013-06-25Install all packages after refresh_apt (Feature #2971)varac
2013-06-20We need to have a newer facter installed in order to get an updated fact for ↵Micah Anderson
piston cloud This moves the apt configuration into the setup.pp run, so we can get the backport source added early which will enable us to install the latest facter from the backports repository. Change-Id: I8ccf1a0445dea72f1b94be08484f33e648439ec1
2013-06-19disable dhclient from modifying the /etc/resolv.conf file on ↵Micah Anderson
openstack/amazon instances The dhclient in these environments is quite aggressive and overwrites the nameservers we've deliberately chosen to use with google's nameservers. This commit attempts to fix that. The dhclient methodology for altering these things is particularly unpleasant. We effectively redefine the functions that mess with this file to be noops in the /etc/dhcp/dhclient-enter-hooks.d directory and then we are forced to restart dhclient by shipping a script that tries to determine the correct PID and arguments that it was running as before killing and restarting it with the same arguments. See debian bugs #681698, #712796 for further discussion about how to make this less difficult Change-Id: I51cf40cf98eaddcefd8180e157b6e3ca824173f0
2013-06-18The way we were testing if $services had a particular word in it is not veryMicah Anderson
good. If we search for the word 'tor' we will find it when the variable contains "monitor". This commit makes the regular expression more specific based on the word boundaries. Change-Id: I4dcd80db7322cabc3f71b77fabf7eacd83b4d572
2013-06-14Merge branch 'develop' of ssh://code.leap.se/leap_platform into developvarac
2013-06-14automatic update of submodule stunnelvarac
2013-06-14Merge branch 'bug/leap_keyring_2492' into developMicah Anderson
Change-Id: Idda4e0301b3e349581fef36989706a487b05ecd8
2013-06-14Merge branch 'develop' of git.codecoop.org:micah/leap_platform into developMicah Anderson
2013-06-14Merge branch 'feature/enable_webapp_http' of ↵micah
/home/git/repositories/micah/leap_platform into develop
2013-06-14Merge branch 'develop' of git.codecoop.org:micah/leap_platform into developMicah Anderson
2013-06-14Merge branch 'feature/leap_path' of ↵micah
/home/git/repositories/micah/leap_platform into develop
2013-06-13install the leap-keyring package, after the leap apt source has been added ↵Micah Anderson
and apt has been refreshed Change-Id: I485420c4ea50f8c3f6699b9b8073dc6c67b7a353
2013-06-12Merge remote-tracking branch 'leap/develop' into developMicah Anderson
2013-06-12update apache submodule to get ssl no_default_site fix. I previously ↵Micah Anderson
accidentally reverted this change Change-Id: Iebc041cf6fb54b79d75eeabd27410ad953b8e340
2013-06-12webapp should be available over http so a proper redirect can be done to httpsMicah Anderson
without this rule, one just gets a 'site is unavailable' result Change-Id: I27b80a0044e9fe4e87e607412c8d0a089d4866a6
2013-06-11/etc/hosts must not have commas!!elijah
2013-06-11use hiera hashes for source data for /etc/hostselijah
2013-06-11add a class site_config::shell for shell-related configurationsMicah Anderson
setup a /etc/profile.d configuration snippet to put /srv/leap/bin in the $PATH (#2122) Change-Id: I0afb5232375e6c6d9f692a97243023c710265d54
2013-06-11lint hosts.ppMicah Anderson
Change-Id: If10470978ee31a398e0b88d8d98552c93d4706a2