Age | Commit message (Collapse) | Author |
|
so we can easily use the experimental-0.(8|9) deb repos, which are
signed with this key
|
|
to relay mail through us (#3634)
Change-Id: I46cf3ffbef4261839c376f4c36a50d9c44eb1374
|
|
To reduce complexity, let's get rid of run stages.
We used them earlier but they seem to have no purpose anymore.
There was two stage leftovers:
- `site_config::slow` did an `apt-get dist-upgrade` in the
`setup` stage
- `site_config::setup` did call the `site_config::hosts` class
in the `setup` stage
I checked for dependencies to to those resources, and it looks good,
i tested by triggering a citest.
From
https://docs.puppetlabs.com/puppet/latest/reference/lang_run_stages.html#limitations-and-known-issues:
```
Due to these limitations, stages should only be used with the simplest
of classes, and only when absolutely necessary. Mass dependencies like
package repositories are effectively the only valid use case.
```
|
|
has the right permissions (see #6936)
Change-Id: Ib7b86d73197fecfd74b72fe5ff06d1a78d9d4432
|
|
|
|
(#7618)
Change-Id: Ib9fa598a94e8fd41329b1c9ed4bb52281bf04992
|
|
|
|
|
|
|
|
Change-Id: I6ab266ea4f74277f8262653c43f2b3a5a4254a79
|
|
|
|
This change will make sure that the user/group for leap-mx exist, and it
changes the mail location from /var/mail/vmail to the more helpful name
/var/mail/leap-mx.
This change requires:
https://github.com/leapcode/leap_mx/pull/78
and it would replace merge request:
https://github.com/leapcode/leap_mx/pull/65
and fix https://leap.se/code/issues/6936 and
https://leap.se/code/issues/7635
Change-Id: Idbe678dc999e394232c2eeef2b2018d39ab7cc3b
|
|
When mail comes in to the system, a lookup is done to see if it is a
valid leap user, if it is, leap_mx now returns something of the form:
uuid@deliver.local (see #5959). The virtual_mailbox_domains lists
deliver.local, so postfix choses to deliver to
virtual_mailbox_base (/var/mail/vmail) which has been hardcoded to the
'vmail' maildir and user.
We want leap related mail and leap aliases to go through the virtual
alias system, all the hard-coded universal aliases we want to go through
the local system and we dont want these separate. Known domains that are
considered 'virtual' will be forwarded or delivered to the vmail user,
the rest rejected as unknown recipient, instead of being handed off to
leap-mx.
Previously, the way this was done is we leaned (too heavily) on the
'luser_relay' postfix configuration which sent anything that wasn't
locally configured right to the leap_mx spool. That meant everything
went there, including addresses that didn't exist, and leap-mx would
then have to process those and bounce them. This removes the
'luser_relay' option, so any address that doesn't resolve properly to
either a local address/alias, or a leap address or alias (through
tcp lookups on 2424 and 4242) will get bounced as an unknown user.
Change-Id: I3c22e9383861b3794dd9adfd7aa6a0cf0a773a18
|
|
|
|
|
|
|
|
|
|
Change-Id: I77fa50990b5ae60074c54738e8c19929b486d1d0
|
|
Change-Id: I77fa50990b5ae60074c54738e8c19929b486d1d0
|
|
Change-Id: Iea1242b3c27d92cef7b217006211e57631fd7e62
|
|
This reverts commit 02b1b484ad9a5d065ceac72b8263b7bcc112c923.
Now that we have a proper couchdb jessie package we don't need to
install it from Debian unstable.
|
|
- Related: #7615
|
|
- resolves #7614
|
|
|
|
|
|
|
|
|
|
In order to switch to syslog for leap_mx, leap_mx needs to change to log
to syslog (#6307 and #6937), and we need to clean up the platform pieces
that set the non-syslog options, and rotated log
files (#6942). Hopefully, this will solve the leap_mx logrotation issue
at the same time (#7058)
Change-Id: If68f808a65c24c91231b88d15759809c9e379294
|
|
were logged before
Change-Id: Ief95f35ea52a189075c2eda28c00bcc567c464b2
|
|
Configure the apt class together with "use_next_release => true", so
pnp4nagios* packages can get installed from strech.
No other package will be upgraded as the apt module pins stretch very
low, so that only packages are installed if there are no other sources
available.
- Resolves: #7604
|
|
- Tested: [unstable.bitmask.net]
|
|
|
|
- #7591 Net::SSH::Exception: could not settle on kex algorithm
We need to disable the ssh hardened mode, because it will not work
together with the net-ssh gem leap_cli is pinned to.
All other options that would be included by this parameter are
included by '$::sshd::tail_additional_options'.
|
|
Puppet 3 shows now deprecation warnings if the "@" is missing.
see https://docs.puppetlabs.com/puppet/latest/reference/lang_template_erb.html#non-printing-tags#[bug|feat|docs|style|refactor|test|pkg|i18n]
|
|
- sshd
- haproxy
- unbound
|
|
Using $::apache_version won't work because the facts are
evaluated before compiling the catalog and with this, before
the installation of apache. so on an install from scratch, this
fact won't contain anything.
|
|
- Related: #6920
|
|
- Resolves: #7580
|
|
- Resolves: #7578
|
|
- Related: #6920
|
|
from https://docs.puppetlabs.com/puppet/latest/reference/lang_template_erb.html#calling-puppet-functions-from-templates:
"The arguments of the function must be provided as an array, even if
there is only one argument."
This is a hard requirement in puppet 3 now.
- Related: #6920
|
|
because ruby-1.9.3 is not available on jessie.
- Related: #6920
|
|
- Related: #6920
|
|
|
|
These packages are a dependency of build-essential and will
get installed anyway.
- Related: #6920
|
|
- Related: #6920
|
|
- Related: #6920
|
|
- sshd
- couchdb
- apache
- Related: #6920
|
|
leap_cli integrates a check for running mx procs already,
which is also integrated into nagios (called "Mx/Are_MX_daemons_running")
|
|
Change-Id: I8756c5c3212a3d7e3c44414fdf6bfff5cd29d70f
|