Age | Commit message (Collapse) | Author |
|
check_mk_objects.cfg (Feature #5142)
Change-Id: Ib0283806b5485a9d15f0aa7e09142989367dae20
|
|
|
|
Change-Id: I029ffabd33299a5b42e5f262e372eafb6272d094
|
|
Change-Id: I0b1eec11a3b3da39d65572b6bee8b3ce892e08ac
|
|
now (Bug #6489)
Change-Id: Iaec748a173b6e11bb3ab3c11ca152809817644f9
|
|
|
|
environment's contact email (Bug #6466)" into develop
|
|
contact email (Bug #6466)
Change-Id: Ib86ae771e0ac3b6f329a517a8a31c9ec54d33a05
|
|
users (Feature #6481)
There are potentially many tapicero daemons running, and they all try
to do the same thing at the same time. It is basically designed to
create race conditions. All tapicero daemons try to create the user db
at the same time. Only one of them wins the race and actually creates
it.
We need to fix this later (see https://leap.se/code/issues/6480) but
for now, we ignore them because conflict errors should be handled by the
applictation anyway.
Change-Id: I91095b1901d238e3d199954ba3716023d3fd49c1
|
|
Change-Id: I2fa85918af8199fbc41bb4e58dae6c78911ab626
|
|
Change-Id: Ibd1b1eef7afca10cf2a2d56a24e703636d6a52c6
|
|
Change-Id: Ibbe3687d5a773b444f6e9145bf235aaeea637e1d
|
|
Change-Id: Idf550ed004bcb42d6e19ac0a2c5286f52a390935
|
|
Change-Id: I2549d781427fffc865c2bdcd1e950d60dad509fd
|
|
sent out on first failed check_mk check (Bug #6461)
Change-Id: I1bd47b3c3d17508488a4db90d74118006d85a03a
|
|
Change-Id: I52e19bbdfcf6576bd9c247d99aace47eb86c8116
|
|
|
|
might communicate with. this includes port and host key algorithm. closes #6432
|
|
Change-Id: Ia1e7009240d61464d7ba45ad07291664f6a3b768
|
|
|
|
Let check_mk put all hosts into the same "admin" contactgroup,
which is defined as default contactgroup by nagios.
Change-Id: I13b434925711ef2037de0cf6e919ce39a8255a94
|
|
descriptor limits to account for bigcouch sync spikes (#4935)
Change-Id: I242fba31f961b6139ec641e1708b170f5c0d009b
|
|
I reformatted the section below for consistency.
Change-Id: I18f5e23850e0c1ab4b1f2ee467d5af54ae9ff303
|
|
Change-Id: I5085247a87018e18e73833119ac73225afbfea1e
|
|
(#6388)
Previously the DNAT rule would redirect the incoming port 443 requests
to openvpn, which was the wrong thing to do on the primary IP (but the
right thing to do on the openvpn gateway IPs). This manifested in the
webapp not being available when it was also configured as a service on
the node.
Change-Id: Ic8c6b6c0389859fab168a7df687351e11263277a
|
|
Change-Id: I6d04cc7e028e86ee0012d96d7ef075fdd7ecef19
|
|
We need to check the openvpn hiera value, which may or may not be set.
If it is not set, then we need to not lookup the $openvpn['ports]'
values or we will get an error because it wont be the correct type.
If we do have it, then $openvpn_ports gets set with the hash, otherwise
it gets set to an empty hash (otherwise puppet will complain when we try
to query the member() later with "member(): Requires array to work
with").
Finally, if it is set to port 80, we don't include the
tor::daemon::directory
Change-Id: Ic366c72e966cae9d611e8fe5aa7ea7943be51241
|
|
|
|
|
|
|
|
Change-Id: Ibd08529b7d1c4fc22bcd0ca36e518afa5b8f6d24
|
|
webapp node (#6336)
Change-Id: Ib70bbd8fe7b94b7a1bfb09390d5dd1c535f2da16
|
|
Change-Id: I4c7fb20b6da6f6a5bb2dd5af70511a28d4581174
|
|
|
|
Change-Id: I92f69b6fa30aae953243ae19096e2998810c9ac6
|
|
stop using bad nist curve for ssh host key (#6294)
We need to transition smoother (see #6319)
Change-Id: I8bee032aef9502a7d4b701b99719fbfb3b7169da
|
|
Change-Id: I56250e05e3a933deacd0b6e02192e712d3fd9fd5
|
|
leap packages (#4425)
Change-Id: I78c00c4410ff9f712206f95854d8803e43acb286
|
|
In a multi-node couch deployment, it was observed that the Service['stunnel']
would be activated, and then later a stunnel::client was created which would
trigger an Exec['refresh_stunnel']. Because of this, and the ordering hints
that were in place, the service would get started, and then the couchdb
databases, users, designs, etc. were being put into place and then a stunnel
client was created, triggering the refresh_stunnel exec, which would cause
an interruption in the connectivity and result in failures.
This change replaces the Service['stunnel'] hint with the the
Exec['refresh_stunnel'] to make sure that the stunnels are fully setup before
attempting couch operations.
Change-Id: I33ddd24884b3c23a1df5555ca53ca65cd703da50
|
|
Change-Id: I48dc8135943393bd11c7181853985f4a5799011e
|
|
update port parameter in site_sshd to be an array, otherwise
puppet errors about it being a Fixnum with new sshd module
Change-Id: I854d042edb98817169eef5e758d04d60d3c71dd5
|
|
Change-Id: I318944a6872a53ff9c533704514da339426d9401
|
|
usernames to block.
|
|
|
|
unattended-upgrades is not able to upgrade itself in certain situations,
such as when the conffile prompt is generated due to the config being
changed. We want to set this package as latest in the platform so that
it is upgraded on every deploy (we deploy the config anyway).
Change-Id: I8c99bfb1b001079f0e1a4ffbf048e0e867633335
|
|
SSLv3 (#6261)
Change-Id: I7ab5a6455e434f8359169d31febed8b92f84bbcc
|
|
repository, based on the hiera value 'major_version' (#6251)" into develop
|
|
based on the hiera value 'major_version' (#6251)
Change-Id: I10532ef83e3aa2d35d9c0be241952a35e366bba4
|
|
change puppet command to include in the --modulepath
/srv/leap/files/puppet/modules
If a provider places puppet code under files/puppet it will
be sync'd over to all the nodes, once leap cli #6225 is merged.
The custom puppet entry point is in class 'custom' which can
be put into files/puppet/modules/custom/manifests/init.pp
Change-Id: I74879c6ee056b03cd4691aa81a7668b60383bdad
|
|
Change-Id: I7214aa4334e3d817dd1b6d8dce43523e3d955b5d
|