Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- Resolves: #7887
|
|
|
|
|
|
Change-Id: I9c8f9c9c3ee7cd89f013cbb08397377522ed5a4a
|
|
only have the following logfiles in that directory ever:
mx.log, mx.log.[1-5], with an optional .gz suffix.
However, we were wrong about the 'optional' part of the compression, we
use the 'compress' option, so the logs will always be compressed. So
there should never be the log files mx.log.1, mx.log.2, etc.
This change adjusts the clean-up to deal with that. (#7058)
https://github.com/leapcode/leap_platform/pull/97
Change-Id: I109d08ac063fe094c54e93be91893a67d7fbb51b
|
|
|
|
# Conflicts:
# puppet/modules/site_couchdb/manifests/plain.pp
|
|
|
|
|
|
|
|
|
|
|
|
Conflicts:
puppet/modules/site_postfix/manifests/mx.pp
|
|
better key algorithm choices.
Change-Id: I6b9ec83dbfbf15d1b65e14145bf625db6517f6b7
|
|
Change-Id: I9cee85c19d86dc7c8d70c4cdeb2e7426191b57a5
|
|
replacement wasn't being done. (#7890)
This moves that replacement into its own class, clears the old value and
sets it properly in the smtps transport.
Change-Id: I27c02730597df4943761d8bcb61014aeded9dc75
|
|
|
|
CN entries (#7867)
Change-Id: Ie33277a62e90f9dc0602bb963dbb96a61cebed1d
|
|
|
|
smtpd_relay_restrictions was added in postfix 2.10 (jessie
has 2.11 atm). Without this, outbound mails are rejected to
be relayed.
from http://www.postfix.org/SMTPD_ACCESS_README.html:
NOTE: Postfix versions before 2.10 did not have
smtpd_relay_restrictions. They combined the mail relay and spam blocking
policies, under smtpd_recipient_restrictions. This could lead to
unexpected results. For example, a permissive spam blocking policy could
unexpectedly result in a permissive mail relay policy. An example of
this is documented under "Dangerous use of
smtpd_recipient_restrictions".
smtpd_relay_restrictions defaults to
'permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination'
and is configured here to check for a valid client cert.
see http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions
- Resolves: #7856
|
|
- Resolves: #7641
|
|
`site_apt` aready ensures for installing packages after Exec[update_apt]
is run, so we don't need to duplicate this in `site_config::default.pp`.
|
|
Because this is the recommended way of depnending in the apt README.
|
|
We need to include class `site_config::default` in class
`site_config::slow` so we don't get this duplicate definition:
- [local1.bitmask.local] Error: Duplicate declaration: Class[Apt] is
already declared; cannot redeclare at
/srv/leap/puppet/modules/site_apt/manifests/init.pp:29 on node
local1.bitmask.local
To be honest, i didn't figuered out the real cause of this, but it works
with this.
|
|
`site_config::default.pp` takes care the all packages are
installed before `Exec['refresh_apt']`, so we don't need to
add it here for a single package.
|
|
The apt module now takes care of all the dependencies removed
from `site_apt`.
Also, the dependency to install the `lsb` package after
`refresh_apt` is unnesseccary because lsb facts won't work
anyway on the first run if `lsb` is not installed before, so
we can safely remove it.
|
|
|
|
|
|
|
|
This worked before, but somehow stopped working.
We need to include 'site_config::slow' top-level scope instead
of including it in 'site_config::default', because otherwise it
would get tagged with 'leap_base', and would be included always.
This way 'site_config::slow' gets included by default, but can be
excluded by using 'leap deploy --fast'.
See https://leap.se/en/docs/platform/details/under-the-hood#tags
- Resolves: #7844
|
|
The problem was that puppet tried to remove them on the couch node,
but they need to get removed on monitor node.
- Resolves: #7641
|
|
- Resolves: #7853
|
|
- Related: #7853
|
|
- Resolves: #7418
|
|
- Resolves: #7842
|
|
- Resolves: #7629
|
|
We now include "site_config::remove::bigcouch" in class
"site_couchdb::master", which sets up plain couchdb.
|
|
Ruby itself is a parameterized class, and parameters cannot get
overridden (see https://projects.puppetlabs.com/issues/9259).
The webapp node didn't install the ruby-dev package (we never
noticed because our vagrant images as probably other debian images
had ruby-dev preinstalled).
We now use the ruby::devel class to install ruby-dev.
- Tested: [citest-jessie]
- Resolves: #7838
|
|
I merged immerda's changes to the `rubygems` module, which
remove the installation of the `rubygems` package from jessie
on, because it's a dependency of the `ruby2.1` package, which is
a dep of puppet, and therefore installed on every node.
- Tested: [local singlenode]
- Resolves: #7619
|
|
Vagrant uses portmap and nfs-common for mounting shared folders using
nfs.
|
|
In certain node setups, the webapp gems cannot get built
because `build-essential` and dependent packages were not
present.
I refactored the `site_config::packages::build_essential` class,
which now inherits `site_config::packages`. The latter class removes
all unneccessary (development) packages, but when the
`site_config::packages::build_essential` class is included, some
dev packages are overridden to be installed.
- Tested: [local]
- Resolves: #7834
|
|
|
|
After restructuring site.pp to only include site_config::default and
the service-specific classes, we got this:
Duplicate declaration: X509::Cert[undef] is already declared in file
/srv/leap/puppet/modules/site_config/manifests/x509/commercial/cert.pp
at line 8; cannot redeclare at
/srv/leap/puppet/modules/site_config/manifests/x509/cert.pp:8 on node
rewcitestweb1.rewire.org
So i included site_config::params in all site_config::x509 clases.
Change-Id: Ib8387abfdc68b36c73a45fd2dd1f3a159eaec4a5
|