summaryrefslogtreecommitdiff
path: root/puppet
AgeCommit message (Collapse)Author
2015-12-10[feat] Add LEAP experimental apt signing keyvarac
so we can easily use the experimental-0.(8|9) deb repos, which are signed with this key
2015-12-09Use client cert fingerprint lookup to determine if the user is allowedMicah
to relay mail through us (#3634) Change-Id: I46cf3ffbef4261839c376f4c36a50d9c44eb1374
2015-12-09[feat] Remove puppet run stagesvarac
To reduce complexity, let's get rid of run stages. We used them earlier but they seem to have no purpose anymore. There was two stage leftovers: - `site_config::slow` did an `apt-get dist-upgrade` in the `setup` stage - `site_config::setup` did call the `site_config::hosts` class in the `setup` stage I checked for dependencies to to those resources, and it looks good, i tested by triggering a citest. From https://docs.puppetlabs.com/puppet/latest/reference/lang_run_stages.html#limitations-and-known-issues: ``` Due to these limitations, stages should only be used with the simplest of classes, and only when absolutely necessary. Mass dependencies like package repositories are effectively the only valid use case. ```
2015-12-08Manage the /var/mail/leap-mx directory to ensure it exists properly andMicah
has the right permissions (see #6936) Change-Id: Ib7b86d73197fecfd74b72fe5ff06d1a78d9d4432
2015-12-07Update submoule aptvarac
2015-12-03Make sure /etc/default and config file are there before service is triggered ↵Micah
(#7618) Change-Id: Ib9fa598a94e8fd41329b1c9ed4bb52281bf04992
2015-12-02[deprec] use @ in front of erb template tagsvarac
2015-12-02fix nickserver dependency for wheezyvarac
2015-12-02Update submodule postfixvarac
2015-12-01fix missing commaMicah
Change-Id: I6ab266ea4f74277f8262653c43f2b3a5a4254a79
2015-12-01Update submodule postfixvarac
2015-12-01Switch from 'vmail' to leap-mx's user/group (#6936, #7639)Micah
This change will make sure that the user/group for leap-mx exist, and it changes the mail location from /var/mail/vmail to the more helpful name /var/mail/leap-mx. This change requires: https://github.com/leapcode/leap_mx/pull/78 and it would replace merge request: https://github.com/leapcode/leap_mx/pull/65 and fix https://leap.se/code/issues/6936 and https://leap.se/code/issues/7635 Change-Id: Idbe678dc999e394232c2eeef2b2018d39ab7cc3b
2015-12-01stop delivering non-existing local user mail to leap-mx (#5431)Micah
When mail comes in to the system, a lookup is done to see if it is a valid leap user, if it is, leap_mx now returns something of the form: uuid@deliver.local (see #5959). The virtual_mailbox_domains lists deliver.local, so postfix choses to deliver to virtual_mailbox_base (/var/mail/vmail) which has been hardcoded to the 'vmail' maildir and user. We want leap related mail and leap aliases to go through the virtual alias system, all the hard-coded universal aliases we want to go through the local system and we dont want these separate. Known domains that are considered 'virtual' will be forwarded or delivered to the vmail user, the rest rejected as unknown recipient, instead of being handed off to leap-mx. Previously, the way this was done is we leaned (too heavily) on the 'luser_relay' postfix configuration which sent anything that wasn't locally configured right to the leap_mx spool. That meant everything went there, including addresses that didn't exist, and leap-mx would then have to process those and bounce them. This removes the 'luser_relay' option, so any address that doesn't resolve properly to either a local address/alias, or a leap address or alias (through tcp lookups on 2424 and 4242) will get bounced as an unknown user. Change-Id: I3c22e9383861b3794dd9adfd7aa6a0cf0a773a18
2015-12-01Merge branch 'nickserver_jessie' into developvarac
2015-12-01Update submodule postfixvarac
2015-12-01Merge branch 'develop' of ssh://code.leap.se/leap_platform into developvarac
2015-12-01updated submodule couchdbvarac
2015-11-30fix missing apache modules (#7638)Micah
Change-Id: I77fa50990b5ae60074c54738e8c19929b486d1d0
2015-11-30fix missing apache status module (#7638)Micah
Change-Id: I77fa50990b5ae60074c54738e8c19929b486d1d0
2015-11-30fix site_apache module class names that were renamed (#7636)Micah
Change-Id: Iea1242b3c27d92cef7b217006211e57631fd7e62
2015-11-30Revert "[feat] install couchdb from unstable on jessie"varac
This reverts commit 02b1b484ad9a5d065ceac72b8263b7bcc112c923. Now that we have a proper couchdb jessie package we don't need to install it from Debian unstable.
2015-11-28[bug] Don't enable storedconfig in sshd classvarac
- Related: #7615
2015-11-28[bug] [jessie] register nickserver at systemdvarac
- resolves #7614
2015-11-28updated submoule apachevarac
2015-11-27Merge remote-tracking branch 'azul/develop' into developvarac
2015-11-26updated submodule couchdbvarac
2015-11-25added submodule couchdbvarac
2015-11-24Switch to syslog for leap_mx (#6942)Micah
In order to switch to syslog for leap_mx, leap_mx needs to change to log to syslog (#6307 and #6937), and we need to clean up the platform pieces that set the non-syslog options, and rotated log files (#6942). Hopefully, this will solve the leap_mx logrotation issue at the same time (#7058) Change-Id: If68f808a65c24c91231b88d15759809c9e379294
2015-11-24Cleanup old leap mx logs that may appear on some nodes due to how thingsMicah
were logged before Change-Id: Ief95f35ea52a189075c2eda28c00bcc567c464b2
2015-11-24[bug] [jessie] Install pnp4nagios deb from stretchvarac
Configure the apt class together with "use_next_release => true", so pnp4nagios* packages can get installed from strech. No other package will be upgraded as the apt module pins stretch very low, so that only packages are installed if there are no other sources available. - Resolves: #7604
2015-11-19[bug] Use right sshd Ciphers and MACs for wheezyvarac
- Tested: [unstable.bitmask.net]
2015-11-18update design docs for couch from webappAzul
2015-11-17[bug] Don't limit sshd KexAlgorithmsvarac
- #7591 Net::SSH::Exception: could not settle on kex algorithm We need to disable the ssh hardened mode, because it will not work together with the net-ssh gem leap_cli is pinned to. All other options that would be included by this parameter are included by '$::sshd::tail_additional_options'.
2015-11-17[deprec] use @ in front of erb template tagsvarac
Puppet 3 shows now deprecation warnings if the "@" is missing. see https://docs.puppetlabs.com/puppet/latest/reference/lang_template_erb.html#non-printing-tags#[bug|feat|docs|style|refactor|test|pkg|i18n]
2015-11-17[deprec] Update subm. for puppet3 deprec warnsvarac
- sshd - haproxy - unbound
2015-11-17[bug] use $lsbdistcodename to query apache versionvarac
Using $::apache_version won't work because the facts are evaluated before compiling the catalog and with this, before the installation of apache. so on an install from scratch, this fact won't contain anything.
2015-11-17[bug] fix check_mk on jessievarac
- Related: #6920
2015-11-17[bug] [jessie] Allow apache to access webapp dirvarac
- Resolves: #7580
2015-11-17[bug] [jessie] Fix webapp config yaml on jessievarac
- Resolves: #7578
2015-11-17[bug] [jessie] Load needed modules for apache 2.4varac
- Related: #6920
2015-11-17[bug] [jessie] template functions need an arrayvarac
from https://docs.puppetlabs.com/puppet/latest/reference/lang_template_erb.html#calling-puppet-functions-from-templates: "The arguments of the function must be provided as an array, even if there is only one argument." This is a hard requirement in puppet 3 now. - Related: #6920
2015-11-17[bug] [jessie] Don't specify ruby versionsvarac
because ruby-1.9.3 is not available on jessie. - Related: #6920
2015-11-17[feat] Query erb variables like puppet 3 needs itvarac
- Related: #6920
2015-11-17[feat] Provide postfix preseed fix also for jessievarac
2015-11-17[feat] Don't manually install compiler packagesvarac
These packages are a dependency of build-essential and will get installed anyway. - Related: #6920
2015-11-17[feat] install couchdb from unstable on jessievarac
- Related: #6920
2015-11-17[feat] Release-specific apt sources file for leapvarac
- Related: #6920
2015-11-17[feat] updated submodules to work with jessievarac
- sshd - couchdb - apache - Related: #6920
2015-11-16[feat] Remove redundant nagios check for mx procsvarac
leap_cli integrates a check for running mx procs already, which is also integrated into nagios (called "Mx/Are_MX_daemons_running")
2015-11-02remove unused postfwd ruleMicah
Change-Id: I8756c5c3212a3d7e3c44414fdf6bfff5cd29d70f