summaryrefslogtreecommitdiff
path: root/puppet
AgeCommit message (Collapse)Author
2015-11-24Switch to syslog for leap_mx (#6942)Micah
In order to switch to syslog for leap_mx, leap_mx needs to change to log to syslog (#6307 and #6937), and we need to clean up the platform pieces that set the non-syslog options, and rotated log files (#6942). Hopefully, this will solve the leap_mx logrotation issue at the same time (#7058) Change-Id: If68f808a65c24c91231b88d15759809c9e379294
2015-11-24Cleanup old leap mx logs that may appear on some nodes due to how thingsMicah
were logged before Change-Id: Ief95f35ea52a189075c2eda28c00bcc567c464b2
2015-11-24[bug] [jessie] Install pnp4nagios deb from stretchvarac
Configure the apt class together with "use_next_release => true", so pnp4nagios* packages can get installed from strech. No other package will be upgraded as the apt module pins stretch very low, so that only packages are installed if there are no other sources available. - Resolves: #7604
2015-11-19[bug] Use right sshd Ciphers and MACs for wheezyvarac
- Tested: [unstable.bitmask.net]
2015-11-18update design docs for couch from webappAzul
2015-11-17[bug] Don't limit sshd KexAlgorithmsvarac
- #7591 Net::SSH::Exception: could not settle on kex algorithm We need to disable the ssh hardened mode, because it will not work together with the net-ssh gem leap_cli is pinned to. All other options that would be included by this parameter are included by '$::sshd::tail_additional_options'.
2015-11-17[deprec] use @ in front of erb template tagsvarac
Puppet 3 shows now deprecation warnings if the "@" is missing. see https://docs.puppetlabs.com/puppet/latest/reference/lang_template_erb.html#non-printing-tags#[bug|feat|docs|style|refactor|test|pkg|i18n]
2015-11-17[deprec] Update subm. for puppet3 deprec warnsvarac
- sshd - haproxy - unbound
2015-11-17[bug] use $lsbdistcodename to query apache versionvarac
Using $::apache_version won't work because the facts are evaluated before compiling the catalog and with this, before the installation of apache. so on an install from scratch, this fact won't contain anything.
2015-11-17[bug] fix check_mk on jessievarac
- Related: #6920
2015-11-17[bug] [jessie] Allow apache to access webapp dirvarac
- Resolves: #7580
2015-11-17[bug] [jessie] Fix webapp config yaml on jessievarac
- Resolves: #7578
2015-11-17[bug] [jessie] Load needed modules for apache 2.4varac
- Related: #6920
2015-11-17[bug] [jessie] template functions need an arrayvarac
from https://docs.puppetlabs.com/puppet/latest/reference/lang_template_erb.html#calling-puppet-functions-from-templates: "The arguments of the function must be provided as an array, even if there is only one argument." This is a hard requirement in puppet 3 now. - Related: #6920
2015-11-17[bug] [jessie] Don't specify ruby versionsvarac
because ruby-1.9.3 is not available on jessie. - Related: #6920
2015-11-17[feat] Query erb variables like puppet 3 needs itvarac
- Related: #6920
2015-11-17[feat] Provide postfix preseed fix also for jessievarac
2015-11-17[feat] Don't manually install compiler packagesvarac
These packages are a dependency of build-essential and will get installed anyway. - Related: #6920
2015-11-17[feat] install couchdb from unstable on jessievarac
- Related: #6920
2015-11-17[feat] Release-specific apt sources file for leapvarac
- Related: #6920
2015-11-17[feat] updated submodules to work with jessievarac
- sshd - couchdb - apache - Related: #6920
2015-11-16[feat] Remove redundant nagios check for mx procsvarac
leap_cli integrates a check for running mx procs already, which is also integrated into nagios (called "Mx/Are_MX_daemons_running")
2015-11-02remove unused postfwd ruleMicah
Change-Id: I8756c5c3212a3d7e3c44414fdf6bfff5cd29d70f
2015-11-02fix postfwd dependency requirementMicah
Change-Id: Ied475dd1d555a2388034012f5a799a202dcc6ee7
2015-11-02Merge branch '7523_new_soledad_test' into developvarac
2015-11-02Add initial rate-limiting for outgoing SMTP, using postfwd (#5972)Micah
Change-Id: I6a6e68908b71d7499eb3ef3c7f0173b3d5b7baa2
2015-11-02Add basic DKIM support, this requires changes in leap_cli detailed inMicah
issue #5924 Change-Id: I6aa1e7751633407d441cbc6436d8426d37dbbfa7
2015-10-31[bug] Add bigcouch syslog snippet for logwatchvarac
2015-10-30[bug] Remove duplicte declarationvarac
Duplicate declaration: File[/srv/leap/nagios/plugins/check_unix_open_fds.pl] is already declared in file /srv/leap/puppet/modules/site_check_mk/manifests/agent/couchdb/bigcouch.pp at line 44; cannot redeclare at /srv/leap/puppet/modules/site_check_mk/manifests/agent/couchdb.pp:23 on node rewdevcouch1.rewire.org
2015-10-30[feat] Remove bigcouch nagios leftoversvarac
When migrating from bigcouch to couchdb, we need to remove leftover nagios tests for bigcouch. - Added new classes: site_check_mk::agent::couchdb::bigcouch and site_check_mk::agent::couchdb::master - Tested: unstable.pixelated-project.org - Resolves: https://github.com/pixelated/pixelated-platform/issues/126
2015-10-30[feat] Add soledad::client class for soledad-syncvarac
- Restructure soledad class - Include soledad::client class on webapp nodes - Tested: [unstable.bitmask.net] - Related: #7523
2015-10-27[bug] Add leap_mx username to soledad.confvarac
- Tested: [unstable.pixelated-project.org] - Related: https://github.com/pixelated/pixelated-platform/issues/127
2015-10-26updated unbound submodulevarac
2015-10-20Provide tor hidden service configuration for static sites (#7546)Micah
Without this configuration, a very basic, and non-functional virtualhost is created, making the hidden service not work Change-Id: Ibe87c6acf5c21cff2388247c4ba320a5b6af7933
2015-10-20Merge branch 'develop' into 'develop' Micah
Redirect to webapp_domain instead of domain This is needed for webapp when running on a subdomain. See merge request !80
2015-10-19change apache header set for HSTS to be always, otherwise it wont be set for ↵Micah
redirects (#7540) Change-Id: Ic77c64c03a99dad951f42633de04c352bed17c1e
2015-10-19Redirect to webapp_domain instead of domainguido
This is needed for webapp when running on a subdomain.
2015-10-17[bug] updated submodule couchdbvarac
- Tested: [local singlenode, citest] - Resolves: #7530
2015-10-17switch to ensure_packages to avoid puppet duplicate package definitions (#7530)Micah
Change-Id: I398b929fc96cf64e46075266ace0d8d1145b3aac
2015-10-14Merge branch 'develop' of ssh://leap.se/leap_platform into developelijah
2015-10-13Fix ordering of clamav resources, by requiring the package installationMicah
as a pre-requisite Change-Id: Ic9c8cc6ccfb31ce5e56937a2d95de7974707c368
2015-10-13Class was renamed, but not properly cared for in the rest of the manifestMicah
Change-Id: Ic9f022dcbb9f2096b933c898ae43023e0bf278c6
2015-10-13updated submodule couchdbvarac
2015-10-13Make syslog stop logging the icmpv6_send: no reply to icmp errorMicah
messages, these are spamming provider's logs and will continue to do so until we have ipv6 working for the VPN (#6540) Change-Id: I80673bb64d8239e478bc042794929640f7a7cc39
2015-10-13Merge branch 'bug/7527' into developMicah
2015-10-13Update resource_file to not include /private/ as this is not usedMicah
anymore by the nagios module, and our config template has drifted. Fixes: #7527 Change-Id: I56c3492056fcb95c499cf78b893249adcf0ae67f
2015-10-13Merge branch '7514_remove_tapicero_couchdb_user' into 'develop' Micah
7514 remove tapicero couchdb user - Resolves: #7514 this depends on this couchdb m.r.: https://gitlab.com/leap/couchdb/merge_requests/2 See merge request !78
2015-10-13add clamav filtering, with sanesecurity signature updating and provider ↵Micah
whitelisting (#3625) Change-Id: I15985ca00ee95bc62855f098a78e364ebbc32616
2015-10-12[feat] Remove tapicero couchdb uservarac
- Resolves: #7514
2015-10-11russian text requires amber 0.3.8elijah