From 10ebe0f72181ee334bf9bcc4528c8e9dcd1dd425 Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 5 May 2015 11:23:02 -0700 Subject: pin compatible cli to 1.7.x --- platform.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/platform.rb b/platform.rb index 2f7b36eb..bb77b0d9 100644 --- a/platform.rb +++ b/platform.rb @@ -5,7 +5,7 @@ Leap::Platform.define do self.version = "0.7" - self.compatible_cli = "1.6.3".."1.99" + self.compatible_cli = "1.7.0".."1.7.99" # # the facter facts that should be gathered -- cgit v1.2.3 From 1487952fc2a245e1db7ebe3e3dd80dface183518 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 5 May 2015 12:08:40 -0400 Subject: Change http.debian.net to now official name: httpredir.debian.org (#6932) Change-Id: I1e411ef3ffa2ef7fdcae90081f530f44023a96b6 --- provider_base/common.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/provider_base/common.json b/provider_base/common.json index 4a5406a0..aee9bd41 100644 --- a/provider_base/common.json +++ b/provider_base/common.json @@ -53,9 +53,9 @@ }, "sources": { "apt": { - "basic": "http://http.debian.net/debian/", + "basic": "http://httpredir.debian.org/debian/", "security": "http://security.debian.org/", - "backports": "http://http.debian.net/debian/" + "backports": "http://httpredir.debian.org/debian/" }, "leap-mx": { "type": "apt", -- cgit v1.2.3 From 446da8fc1cdd3749ecb04ffcd7c8c035c051c373 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 6 May 2015 13:06:28 -0400 Subject: update apt submodule to fix unattended-upgrades and account for jessie release Change-Id: I69e6a0f8e676be72bce492af32fef76c9167f5ee --- puppet/modules/apt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/puppet/modules/apt b/puppet/modules/apt index 64fb988c..e8580d1d 160000 --- a/puppet/modules/apt +++ b/puppet/modules/apt @@ -1 +1 @@ -Subproject commit 64fb988c0e37d64fb3e241dc95f156072e43bf2a +Subproject commit e8580d1da21d6f1024376d8bfa4858fe52acda6f -- cgit v1.2.3 From a411deb676412ac3db4293040657228102e9f569 Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 7 May 2015 17:04:07 -0700 Subject: better user db test. --- tests/white-box/webapp.rb | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/tests/white-box/webapp.rb b/tests/white-box/webapp.rb index 1e78c8a5..9956eb35 100644 --- a/tests/white-box/webapp.rb +++ b/tests/white-box/webapp.rb @@ -99,18 +99,33 @@ class Webapp < LeapTest # we try three times, and give up after that. # def assert_user_db_exists(user) + db_name = "user-#{user.id}" + repeatedly_try("/#{db_name}") do |body, response, error| + assert false, "Could not find user db `#{db_name}` for test user `#{user.username}`\nuuid=#{user.id}\nHTTP #{response.code} #{error} #{body}" + end + repeatedly_try("/#{db_name}/_design/docs") do |body, response, error| + assert false, "Could not find design docs for user db `#{db_name}` for test user `#{user.username}`\nuuid=#{user.id}\nHTTP #{response.code} #{error} #{body}" + end + end + + # + # tries the URL repeatedly, giving up and yield the last response if + # no try returned a 200 http status code. + # + def repeatedly_try(url, &block) last_body, last_response, last_error = nil 3.times do sleep 0.2 - get(couchdb_url("/user-#{user.id}/_design/docs")) do |body, response, error| + get(couchdb_url(url)) do |body, response, error| last_body, last_response, last_error = body, response, error if response.code.to_i == 200 return end end - sleep 0.5 + sleep 1 end - assert false, "Could not find user db for test user #{user.username}\nuuid=#{user.id}\nHTTP #{last_response.code} #{last_error} #{last_body}" + yield last_body, last_response, last_error + return end # -- cgit v1.2.3 From b614675485bf01b222acff1299b47cc2242c5f6f Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 14 May 2015 22:17:18 -0700 Subject: use latest puppet_couchdb --- puppet/modules/couchdb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/puppet/modules/couchdb b/puppet/modules/couchdb index 02c2f59d..23b557c6 160000 --- a/puppet/modules/couchdb +++ b/puppet/modules/couchdb @@ -1 +1 @@ -Subproject commit 02c2f59dd1725cc0bd83e346259d54ea46a5ba1f +Subproject commit 23b557c6fb07929a9b04e5fb75375a85a4734370 -- cgit v1.2.3 From 8b74c455efe54c681fe9a18ba30915b284dd58ff Mon Sep 17 00:00:00 2001 From: Christoph Kluenter Date: Tue, 2 Jun 2015 15:19:39 +0200 Subject: ensure the enterhooks directory is present --- puppet/modules/site_config/manifests/dhclient.pp | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/puppet/modules/site_config/manifests/dhclient.pp b/puppet/modules/site_config/manifests/dhclient.pp index dbe2ef1c..7755413b 100644 --- a/puppet/modules/site_config/manifests/dhclient.pp +++ b/puppet/modules/site_config/manifests/dhclient.pp @@ -22,11 +22,19 @@ class site_config::dhclient { require => File['/usr/local/sbin/reload_dhclient'], } + file { '/etc/dhcp/dhclient-enter-hooks.d': + ensure => directory, + mode => '0755', + owner => 'root', + group => 'root', + } + file { '/etc/dhcp/dhclient-enter-hooks.d/disable_resolvconf': content => 'make_resolv_conf() { : ; } ; set_hostname() { : ; }', mode => '0644', owner => 'root', group => 'root', + require => File['/etc/dhcp/dhclient-enter-hooks.d'], notify => Exec['reload_dhclient']; } } -- cgit v1.2.3 From 48ba95b60c76150ade9f2ddbad428e2f4c71b5e0 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 11 Jun 2015 21:28:26 +0200 Subject: updated submodule couchdb (Couchdb >=1.3 uses pbkdf2 as pw hashing algorhythm, #7120) Change-Id: I97560f4134a700579d1523ddd8ba173bfb1f0659 --- puppet/modules/couchdb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/puppet/modules/couchdb b/puppet/modules/couchdb index 23b557c6..c67248cd 160000 --- a/puppet/modules/couchdb +++ b/puppet/modules/couchdb @@ -1 +1 @@ -Subproject commit 23b557c6fb07929a9b04e5fb75375a85a4734370 +Subproject commit c67248cd74eb91854e5841d27572e630efec0f62 -- cgit v1.2.3 From 596277daf9c4db0ced8fdbbda930078f033e0855 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 11 Jun 2015 22:32:27 +0200 Subject: updated submodule couchdb Change-Id: Id5bc16d8466c3407e9f7c4015c1e3a96129daf0a --- puppet/modules/couchdb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/puppet/modules/couchdb b/puppet/modules/couchdb index c67248cd..339ea696 160000 --- a/puppet/modules/couchdb +++ b/puppet/modules/couchdb @@ -1 +1 @@ -Subproject commit c67248cd74eb91854e5841d27572e630efec0f62 +Subproject commit 339ea696c8bb5759a000995de502a6f381abc91c -- cgit v1.2.3 From c2337647f3def5b3b3cd55b5ceaf649299bb7874 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 11 Jun 2015 20:07:01 +0200 Subject: use couch.pwhash_alg hiera variable for hashing couchdb admin pw use this to run a single, plain couchdb node, using couchdb 1.6 from the leap repo: "couch": { "master": true, "pwhash_alg": "pbkdf2" } Change-Id: Ie4f34c2c5cb9feca7a10450bcf0bc260c8aa9d33 --- puppet/modules/site_couchdb/manifests/init.pp | 3 +++ puppet/modules/site_couchdb/manifests/master.pp | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index a11f6309..6b6ddd3a 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -1,3 +1,5 @@ +# entry class for configuring couchdb/bigcouch node +# couchdb node class site_couchdb { tag 'leap_service' @@ -41,6 +43,7 @@ class site_couchdb { $couchdb_backup = $couchdb_config['backup'] $couchdb_mode = $couchdb_config['mode'] + $couchdb_pwhash_alg = $couchdb_config['pwhash_alg'] if $couchdb_mode == 'multimaster' { include site_couchdb::bigcouch } if $couchdb_mode == 'master' { include site_couchdb::master } diff --git a/puppet/modules/site_couchdb/manifests/master.pp b/puppet/modules/site_couchdb/manifests/master.pp index a0a6633d..c28eee7d 100644 --- a/puppet/modules/site_couchdb/manifests/master.pp +++ b/puppet/modules/site_couchdb/manifests/master.pp @@ -1,9 +1,9 @@ +# this class sets up a single, plain couchdb node class site_couchdb::master { - class { 'couchdb': admin_pw => $site_couchdb::couchdb_admin_pw, admin_salt => $site_couchdb::couchdb_admin_salt, - chttpd_bind_address => '127.0.0.1' + chttpd_bind_address => '127.0.0.1', + pwhash_alg => $site_couchdb::couchdb_pwhash_alg } - -} \ No newline at end of file +} -- cgit v1.2.3 From ba0bdf9a29bf52d88c6d9354d0995d7238d17195 Mon Sep 17 00:00:00 2001 From: Caleb Smith Date: Tue, 16 Jun 2015 15:38:48 -0400 Subject: add tags:production to single node email tutorial --- doc/tutorials/single-node-email.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/tutorials/single-node-email.md b/doc/tutorials/single-node-email.md index 872d1da8..b47496b9 100644 --- a/doc/tutorials/single-node-email.md +++ b/doc/tutorials/single-node-email.md @@ -145,7 +145,7 @@ A "node" is a server that is part of your infrastructure. Every node can have on Create a node, with `all the services needed for Email: "couchdb", "mx", "soledad" and "webapp"` - $ leap node add node1 ip_address:x.x.x.w services:couchdb,mx,soledad,webapp + $ leap node add node1 ip_address:x.x.x.w services:couchdb,mx,soledad,webapp tags:production NOTE: replace x.x.x.w with the actual IP address of this node -- cgit v1.2.3 From 3c4c973a44a57a115de2f9a3e8bc67f0b74af3d1 Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 17 Jun 2015 15:11:11 -0700 Subject: bugfix: site_static module was not including ssl_common.inc --- puppet/modules/site_static/manifests/init.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp index ce79c00f..35ecabf8 100644 --- a/puppet/modules/site_static/manifests/init.pp +++ b/puppet/modules/site_static/manifests/init.pp @@ -33,6 +33,7 @@ class site_static { include site_apache::module::expires include site_apache::module::removeip include site_apache::module::rewrite + apache::config::include{ 'ssl_common.inc': } if (member($formats, 'rack')) { include site_apt::preferences::passenger -- cgit v1.2.3 From 8c184d4809b3e618d0d63b4825495787e3ba9255 Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 17 Jun 2015 15:27:59 -0700 Subject: added support for `leap compile provider.json` (platform version now 0.7.1) --- platform.rb | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/platform.rb b/platform.rb index bb77b0d9..82c25f8f 100644 --- a/platform.rb +++ b/platform.rb @@ -4,7 +4,7 @@ # Leap::Platform.define do - self.version = "0.7" + self.version = "0.7.1" self.compatible_cli = "1.7.0".."1.7.99" # @@ -75,8 +75,11 @@ Leap::Platform.define do :commercial_key => 'files/cert/#{arg}.key', :commercial_csr => 'files/cert/#{arg}.csr', :commercial_cert => 'files/cert/#{arg}.crt', - :commercial_ca_cert => 'files/cert/commercial_ca.crt', - :vagrantfile => 'test/Vagrantfile', + :commercial_ca_cert => 'files/cert/commercial_ca.crt', + :vagrantfile => 'test/Vagrantfile', + :static_web_provider_json => 'files/web/bootstrap/#{arg}/provider.json', + :static_web_htaccess => 'files/web/bootstrap/#{arg}/htaccess', + :static_web_readme => 'files/web/bootstrap/README', # node output files :hiera => 'hiera/#{arg}.yaml', -- cgit v1.2.3 From da6916d66cb78c185f068ff60d613dbe98e9f1ca Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 11 Jun 2015 22:45:33 +0200 Subject: linted create_dbs.pp Change-Id: I9e46286c402adc06f3f815f8a1eea11fe82c7c39 --- puppet/modules/site_couchdb/manifests/create_dbs.pp | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/puppet/modules/site_couchdb/manifests/create_dbs.pp b/puppet/modules/site_couchdb/manifests/create_dbs.pp index b743127a..8285a4e3 100644 --- a/puppet/modules/site_couchdb/manifests/create_dbs.pp +++ b/puppet/modules/site_couchdb/manifests/create_dbs.pp @@ -1,3 +1,4 @@ +# creates neccesary databases class site_couchdb::create_dbs { Class['site_couchdb::setup'] @@ -7,7 +8,7 @@ class site_couchdb::create_dbs { ### customer database ### r/w: webapp, couchdb::create_db { 'customers': - members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [\"replication\"] }", + members => "{ \"names\": [\"${site_couchdb::couchdb_webapp_user}\"], \"roles\": [\"replication\"] }", require => Couchdb::Query::Setup['localhost'] } @@ -30,27 +31,27 @@ class site_couchdb::create_dbs { ## r/w: webapp $sessions_db = rotated_db_name('sessions', 'monthly') couchdb::create_db { $sessions_db: - members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [\"replication\"] }", + members => "{ \"names\": [\"${site_couchdb::couchdb_webapp_user}\"], \"roles\": [\"replication\"] }", require => Couchdb::Query::Setup['localhost'] } $sessions_next_db = rotated_db_name('sessions', 'monthly', 'next') couchdb::create_db { $sessions_next_db: - members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [\"replication\"] }", + members => "{ \"names\": [\"${site_couchdb::couchdb_webapp_user}\"], \"roles\": [\"replication\"] }", require => Couchdb::Query::Setup['localhost'] } ## shared database ## r/w: soledad couchdb::create_db { 'shared': - members => "{ \"names\": [\"$site_couchdb::couchdb_soledad_user\"], \"roles\": [\"replication\"] }", + members => "{ \"names\": [\"${site_couchdb::couchdb_soledad_user}\"], \"roles\": [\"replication\"] }", require => Couchdb::Query::Setup['localhost'] } ## tickets database ## r/w: webapp couchdb::create_db { 'tickets': - members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [\"replication\"] }", + members => "{ \"names\": [\"${site_couchdb::couchdb_webapp_user}\"], \"roles\": [\"replication\"] }", require => Couchdb::Query::Setup['localhost'] } @@ -87,7 +88,7 @@ class site_couchdb::create_dbs { ## store messages to the clients such as payment reminders ## r/w: webapp couchdb::create_db { 'messages': - members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [\"replication\"] }", + members => "{ \"names\": [\"${site_couchdb::couchdb_webapp_user}\"], \"roles\": [\"replication\"] }", require => Couchdb::Query::Setup['localhost'] } } -- cgit v1.2.3 From dc2611f2fc2aab1c441d524862af30b349323c7c Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 5 Jun 2015 11:54:02 +0200 Subject: Support plain couchdb (#6067) The bigcouch specific class ordering from site_couchdb::create_dbs needed to move to site_couchdb::bigcouch, otherwise a plain couchdb setup would try to include bigcouch classes and fail. Change-Id: I06742d4a12c5b40c9c9faa90441734e6926d422d --- puppet/modules/site_couchdb/manifests/bigcouch.pp | 2 ++ puppet/modules/site_couchdb/manifests/create_dbs.pp | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/puppet/modules/site_couchdb/manifests/bigcouch.pp b/puppet/modules/site_couchdb/manifests/bigcouch.pp index 82c85b52..469a2783 100644 --- a/puppet/modules/site_couchdb/manifests/bigcouch.pp +++ b/puppet/modules/site_couchdb/manifests/bigcouch.pp @@ -1,3 +1,4 @@ +# sets up bigcouch on couchdb node class site_couchdb::bigcouch { $config = $::site_couchdb::couchdb_config['bigcouch'] @@ -24,6 +25,7 @@ class site_couchdb::bigcouch { -> Class['site_couchdb::setup'] -> Class['site_couchdb::bigcouch::add_nodes'] -> Class['site_couchdb::bigcouch::settle_cluster'] + -> Class['site_couchdb::create_dbs'] include site_couchdb::bigcouch::add_nodes include site_couchdb::bigcouch::settle_cluster diff --git a/puppet/modules/site_couchdb/manifests/create_dbs.pp b/puppet/modules/site_couchdb/manifests/create_dbs.pp index 8285a4e3..eea4bbf5 100644 --- a/puppet/modules/site_couchdb/manifests/create_dbs.pp +++ b/puppet/modules/site_couchdb/manifests/create_dbs.pp @@ -2,7 +2,6 @@ class site_couchdb::create_dbs { Class['site_couchdb::setup'] - -> Class['site_couchdb::bigcouch::settle_cluster'] -> Class['site_couchdb::create_dbs'] ### customer database -- cgit v1.2.3 From 1f57371c70590a14c60c6a12487095d5463e9fa8 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 23 Jun 2015 14:32:59 -0400 Subject: Remove old clean-up, this is no longer necessary Change-Id: I4e8fe3355a2d55193ebf745de1f932a6dcd6121c --- puppet/modules/site_config/manifests/caching_resolver.pp | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/puppet/modules/site_config/manifests/caching_resolver.pp b/puppet/modules/site_config/manifests/caching_resolver.pp index 1b8bd1a2..abcda1d8 100644 --- a/puppet/modules/site_config/manifests/caching_resolver.pp +++ b/puppet/modules/site_config/manifests/caching_resolver.pp @@ -12,16 +12,6 @@ class site_config::caching_resolver { include site_apt::preferences::unbound - file { - # cleanup from how we used to do it - '/etc/unbound/conf.d': - force => true, - ensure => absent; - - '/etc/unbound/conf.d/placeholder': - ensure => absent; - } - class { 'unbound': root_hints => false, anchor => false, -- cgit v1.2.3 From 554b0deed00d7d56eb775a7babf6f8b8b0608f39 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 23 Jun 2015 14:45:06 -0400 Subject: update unbound module to change hasstatus parameter to true (#6885) Change-Id: I532263ffe6679ff6c2249926086098dc8b4877f5 --- puppet/modules/unbound | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/puppet/modules/unbound b/puppet/modules/unbound index ca7eb732..00646b0f 160000 --- a/puppet/modules/unbound +++ b/puppet/modules/unbound @@ -1 +1 @@ -Subproject commit ca7eb732064ce29fc83d4c32a4df7d9512d45802 +Subproject commit 00646b0ffc71a86981b05f983c86ace0979d1b6f -- cgit v1.2.3 From 19258e1f40a783485f6a422a630dbb33b2e2d2c8 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 23 Jun 2015 14:58:48 -0400 Subject: cleanup no longer used unbound conf.d pieces (#7187) Change-Id: Ie0b1f22c49462bd5c4ee3290f100e5d3e14ccb03 --- puppet/modules/site_config/manifests/caching_resolver.pp | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/puppet/modules/site_config/manifests/caching_resolver.pp b/puppet/modules/site_config/manifests/caching_resolver.pp index abcda1d8..cdebbad0 100644 --- a/puppet/modules/site_config/manifests/caching_resolver.pp +++ b/puppet/modules/site_config/manifests/caching_resolver.pp @@ -1,22 +1,12 @@ class site_config::caching_resolver { tag 'leap_base' - # Setup a conf.d directory to place additional unbound configuration files. - # There must be at least one file in the directory, or unbound will not start, - # so create an empty placeholder to ensure this. - - # Note: the version of unbound we are working with does not accept a wildcard - # for an include directive, so we are not able to use this. When we can use - # the newer unbound, then we will add 'include: /etc/unbound.d/*' to the - # configuration file - include site_apt::preferences::unbound class { 'unbound': root_hints => false, anchor => false, ssl => false, - require => File['/etc/unbound/conf.d/placeholder'], settings => { server => { verbosity => '1', -- cgit v1.2.3 From a845c11183a0ee29776c70def63f2d27aaeb653c Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 24 Jun 2015 16:44:34 -0700 Subject: remove static site circular dependency (closes #7145) --- puppet/modules/site_apt/manifests/preferences/passenger.pp | 8 ++++++-- puppet/modules/site_static/manifests/init.pp | 3 ++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/puppet/modules/site_apt/manifests/preferences/passenger.pp b/puppet/modules/site_apt/manifests/preferences/passenger.pp index af501b6b..8cd41f91 100644 --- a/puppet/modules/site_apt/manifests/preferences/passenger.pp +++ b/puppet/modules/site_apt/manifests/preferences/passenger.pp @@ -1,10 +1,14 @@ +# +# currently, this is only used by static_site to get passenger v4. +# +# UPGRADE: this is not needed for jessie. +# class site_apt::preferences::passenger { apt::preferences_snippet { 'passenger': package => 'libapache2-mod-passenger', release => "${::lsbdistcodename}-backports", - priority => 999, - require => [Package['apache'], Class['ruby']]; + priority => 999; } } diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp index 35ecabf8..2a198b57 100644 --- a/puppet/modules/site_static/manifests/init.pp +++ b/puppet/modules/site_static/manifests/init.pp @@ -35,6 +35,8 @@ class site_static { include site_apache::module::rewrite apache::config::include{ 'ssl_common.inc': } + include site_config::ruby::dev + if (member($formats, 'rack')) { include site_apt::preferences::passenger class { 'passenger': @@ -44,7 +46,6 @@ class site_static { } if (member($formats, 'amber')) { - include site_config::ruby::dev rubygems::gem{'amber-0.3.4': } } -- cgit v1.2.3 From e88a89ab97455c58d6b795fbd44ebaf57f03f5c5 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 29 Jun 2015 14:31:20 +0200 Subject: updated submodule couchdb to remove debugging leftover notice() Change-Id: I9c901a21c2ae3cd0164ca9bd3b4aab63d6a239c7 --- puppet/modules/couchdb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/puppet/modules/couchdb b/puppet/modules/couchdb index 339ea696..3c20a316 160000 --- a/puppet/modules/couchdb +++ b/puppet/modules/couchdb @@ -1 +1 @@ -Subproject commit 339ea696c8bb5759a000995de502a6f381abc91c +Subproject commit 3c20a3169e77e5a5f9abc06788c3a7730d5530ca -- cgit v1.2.3 From 660576077eaa189f01122608caccea4d23d3383c Mon Sep 17 00:00:00 2001 From: elijah Date: Mon, 29 Jun 2015 17:02:12 -0700 Subject: added 'root' to the list of platform-reserved usernames. --- platform.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/platform.rb b/platform.rb index 82c25f8f..0c3de2a0 100644 --- a/platform.rb +++ b/platform.rb @@ -105,7 +105,7 @@ Leap::Platform.define do self.monitor_username = 'monitor' - self.reserved_usernames = ['monitor'] + self.reserved_usernames = ['monitor', 'root'] self.default_puppet_tags = ['leap_base','leap_service'] end -- cgit v1.2.3 From 343818aca5a9607b0adeacb8235eb8cdcbca01be Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 30 Jun 2015 00:45:38 -0700 Subject: pin leap_web to 0.7.1 --- provider_base/common.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/provider_base/common.json b/provider_base/common.json index c7be5cf4..3d2965d7 100644 --- a/provider_base/common.json +++ b/provider_base/common.json @@ -80,7 +80,7 @@ "webapp": { "type": "git", "source": "https://leap.se/git/leap_web", - "revision": "origin/version/0.7" + "revision": "origin/version/0.7.1" } } } -- cgit v1.2.3 From 12a07985492c97a2d2ef683ec04ef82fa82d3b82 Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 30 Jun 2015 16:46:32 -0700 Subject: more verbose stunnel test errors --- tests/helpers/network_helper.rb | 2 +- tests/white-box/network.rb | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/tests/helpers/network_helper.rb b/tests/helpers/network_helper.rb index ff92d382..713d57aa 100644 --- a/tests/helpers/network_helper.rb +++ b/tests/helpers/network_helper.rb @@ -70,7 +70,7 @@ class LeapTest #try_tcp_write(socket,1) #try_tcp_read(socket,1) rescue StandardError => exc - fail ["Failed to open socket #{host}:#{port}", exc].join("\n") + fail ["Failed to open socket #{host}:#{port}", exc, msg].compact.join("\n") ensure socket.close if socket end diff --git a/tests/white-box/network.rb b/tests/white-box/network.rb index f2041710..acb5c5e6 100644 --- a/tests/white-box/network.rb +++ b/tests/white-box/network.rb @@ -46,7 +46,10 @@ class Network < LeapTest assert accept_port = stunnel_conf['accept_port'], "Field `accept` must be present in property `stunnel.servers.#{stunnel_name}`" assert_tcp_socket('localhost', accept_port) assert connect_port = stunnel_conf['connect_port'], "Field `connect` must be present in property `stunnel.servers.#{stunnel_name}`" - assert_tcp_socket('localhost', connect_port) + assert_tcp_socket('localhost', connect_port, + "The local connect endpoint for stunnel `#{stunnel_name}` is unavailable.\n"+ + "This is probably caused by a daemon that died or failed to start on\n"+ + "port `#{connect_port}`, not stunnel itself.") end all_stunnel_pids = pgrep('/usr/bin/stunnel').collect{|process| process[:pid]}.uniq assert_equal good_stunnel_pids.sort, all_stunnel_pids.sort, "There should not be any extra stunnel processes that are not configured in /etc/stunnel" -- cgit v1.2.3 From 2293491a10f622951f034cee28ae20ba2d2f41a0 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 29 Jun 2015 13:50:47 +0200 Subject: Don't remove acpid and acpi-support-base packages Those packages are needed by libvirt to reboot/shutdown a VM by the virsh command. Change-Id: I3eb7b113d11e3034f41d09d51c203b93275ae3c9 --- puppet/modules/site_config/manifests/packages/base.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/puppet/modules/site_config/manifests/packages/base.pp b/puppet/modules/site_config/manifests/packages/base.pp index f20d04a4..c23495fc 100644 --- a/puppet/modules/site_config/manifests/packages/base.pp +++ b/puppet/modules/site_config/manifests/packages/base.pp @@ -1,3 +1,4 @@ +# install default packages and remove unwanted packages class site_config::packages::base { @@ -7,7 +8,7 @@ class site_config::packages::base { } # base set of packages that we want to remove everywhere - package { [ 'acpi', 'acpid', 'acpi-support-base', 'eject', 'ftp', + package { [ 'acpi', 'eject', 'ftp', 'laptop-detect', 'lpr', 'nfs-common', 'nfs-kernel-server', 'portmap', 'pppconfig', 'pppoe', 'pump', 'qstat', 'rpcbind', 'samba-common', 'samba-common-bin', 'smbclient', 'tcl8.5', -- cgit v1.2.3 From 7b9c1068754269046a2dab0015ae0d2935c71817 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 21 Jun 2015 10:12:55 +0100 Subject: use hashicorp atlas for Vagrantbox download Change-Id: Ie7263c9442eb9bf8572d301f88bd38dbcce16846 --- Vagrantfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Vagrantfile b/Vagrantfile index 4a91c459..18590a8f 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -5,8 +5,7 @@ Vagrant.configure("2") do |config| # see https://leap.se/en/docs/platform/details/development#Verify.vagrantbox.download # for details - config.vm.box = "leap-wheezy" - config.vm.box_url = "https://downloads.leap.se/platform/vagrant/virtualbox/leap-wheezy.box" + config.vm.box = "LEAP/wheezy" #config.vm.network :private_network, ip: "10.5.5.102" config.vm.provider "virtualbox" do |v| v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"] -- cgit v1.2.3 From 1109121d575653cb08e807ddcd68b737743d404d Mon Sep 17 00:00:00 2001 From: kwadronaut Date: Sun, 5 Jul 2015 15:21:57 +0200 Subject: zlib1g-dev needed for amber gem fixes #7231 --- puppet/modules/site_static/manifests/init.pp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp index 2a198b57..e37d5ad2 100644 --- a/puppet/modules/site_static/manifests/init.pp +++ b/puppet/modules/site_static/manifests/init.pp @@ -46,6 +46,9 @@ class site_static { } if (member($formats, 'amber')) { + package { 'zlib1g-dev': + ensure => installed + } rubygems::gem{'amber-0.3.4': } } @@ -54,4 +57,4 @@ class site_static { include site_shorewall::defaults include site_shorewall::service::http include site_shorewall::service::https -} \ No newline at end of file +} -- cgit v1.2.3 From 73f83d847540a0f679d23f5dc86660b55959710a Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 6 Jul 2015 14:48:10 +0200 Subject: Don't monitor disabled nodes (#7235) Change-Id: I51ce8a9e8773d267c270a1725a497f9a43f2e9ff Sidenote: $nagios_hosts was never used --- puppet/modules/site_check_mk/manifests/server.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/puppet/modules/site_check_mk/manifests/server.pp b/puppet/modules/site_check_mk/manifests/server.pp index 171f1576..67519513 100644 --- a/puppet/modules/site_check_mk/manifests/server.pp +++ b/puppet/modules/site_check_mk/manifests/server.pp @@ -1,3 +1,4 @@ +# setup check_mk on the monitoring server class site_check_mk::server { $ssh_hash = hiera('ssh') @@ -6,10 +7,9 @@ class site_check_mk::server { $seckey = $ssh_hash['monitor']['private_key'] $nagios_hiera = hiera_hash('nagios') - $nagios_hosts = $nagios_hiera['hosts'] + $hosts = $nagios_hiera['hosts'] - $hosts = hiera_hash('hosts') - $all_hosts = inline_template ('<% @hosts.keys.sort.each do |key| -%>"<%= @hosts[key]["domain_internal"] %>", <% end -%>') + $all_hosts = inline_template ('<% @hosts.keys.sort.each do |key| -%><% if @hosts[key]["environment"] != "disabled" %>"<%= @hosts[key]["domain_internal"] %>", <% end -%><% end -%>') $domains_internal = $nagios_hiera['domains_internal'] $environments = $nagios_hiera['environments'] -- cgit v1.2.3 From 4986f2ba34bbed7748b80f02ab965dd5968217bc Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 7 Jul 2015 14:39:34 +0200 Subject: remove leap_couch_stats.sh TMPFILE so /tmp/ won't fill with tmp files (#7217) Change-Id: I7b778e1e1af2784bd79840f20453ca8718927e25 --- .../site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh b/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh index 95474ccb..285a80f0 100755 --- a/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh +++ b/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh @@ -97,6 +97,7 @@ $CURL -X GET $URL/_all_dbs | json_pp | egrep -v '(\[|\])' > $TMPFILE # get list of dbs to check dbs=$( egrep -v "${DBLIST_EXCLUDE}" $TMPFILE | tr -d '\n"' | sed 's/,/ /g' ) +rm "$TMPFILE" for db in $dbs do -- cgit v1.2.3 From 07e949ad3d3baa132c88e529ab5121c4016eb0be Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 7 Jul 2015 15:15:32 +0200 Subject: moved removal of leap_couch_stats.sh TMPFILE to end of script (#7217) Change-Id: If844b95c44e697f480df8ee2ae6607709b9942f7 --- .../files/agent/local_checks/couchdb/leap_couch_stats.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh b/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh index 285a80f0..83b407e0 100755 --- a/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh +++ b/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh @@ -97,7 +97,6 @@ $CURL -X GET $URL/_all_dbs | json_pp | egrep -v '(\[|\])' > $TMPFILE # get list of dbs to check dbs=$( egrep -v "${DBLIST_EXCLUDE}" $TMPFILE | tr -d '\n"' | sed 's/,/ /g' ) -rm "$TMPFILE" for db in $dbs do @@ -118,3 +117,6 @@ end_time=$(date +%s.%N) duration=$( echo "scale = 2; $end_time - $start_time" | bc -l ) printf "${exitcode} ${PREFIX}global_stats ${global_stats_perf}|script_duration=%02.2fs ${STATE[exitcode]}: global couchdb status\n" "$duration" + +rm "$TMPFILE" + -- cgit v1.2.3 From 3cb5ae59d51d85cde704214dcea7c65da2bf6e94 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 7 Jul 2015 16:04:40 +0200 Subject: Ignore openvpn logwatch warnings (#6867) These are warnings that might have different origins, each of them we don't want to alarm the admin: - A bitmask client bug (user will poke the client devs if things break, and they will go after it) - A simple network failure, packets might get cut of - Malicious user tries to temper with TLS handshakes - this gets more interesting, but still (like ssh bruteforce attacs) an admin would not want to get annoyed by this by default, but they still have the option to use log analysers of their choice if they want to investigate this. Change-Id: I23ca3b700e41f22f34ad3346ed4e647b86000bb2 --- puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg b/puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg index ed50f420..d99dcde9 100644 --- a/puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg +++ b/puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg @@ -8,6 +8,11 @@ I ovpn-.*TLS Error: TLS object -> incoming plaintext read error I ovpn-.*Fatal TLS error \(check_tls_errors_co\), restarting I ovpn-.*TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate + I ovpn-.*TLS_ERROR: BIO read tls_read_plaintext error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate + I ovpn-.*TLS Error: unknown opcode received from + I ovpn-.*Authenticate/Decrypt packet error: packet HMAC authentication failed + I ovpn-.*TLS Error: reading acknowledgement record from packet + I ovpn-.*TLS Error: session-id not found in packet from I ovpn-.*SIGUSR1\[soft,tls-error\] received, client-instance restarting I ovpn-.*VERIFY ERROR: depth=0, error=certificate has expired -- cgit v1.2.3 From 7e6b3939a69f11d23ed1c876060025fbe694704d Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 7 Jul 2015 16:30:42 +0200 Subject: check_mk should not falsely report multiple instances running (#6866) Change-Id: Ie7943c9a541c3cd2feac7686ed1092aadc5a7c7a --- puppet/modules/site_check_mk/manifests/agent/tapicero.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/puppet/modules/site_check_mk/manifests/agent/tapicero.pp b/puppet/modules/site_check_mk/manifests/agent/tapicero.pp index 4a5ec68e..ad9962d4 100644 --- a/puppet/modules/site_check_mk/manifests/agent/tapicero.pp +++ b/puppet/modules/site_check_mk/manifests/agent/tapicero.pp @@ -1,3 +1,4 @@ +# sets up tapicero monitoring class site_check_mk::agent::tapicero { include ::site_nagios::plugins @@ -14,7 +15,7 @@ class site_check_mk::agent::tapicero { lens => 'Spacevars.lns', changes => [ 'rm /files/etc/check_mk/mrpe.cfg/Tapicero_Procs', - 'set Tapicero_Procs "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -a tapicero"' ], + "set Tapicero_Procs \"/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 --ereg-argument-array='^tapicero$'\"" ], require => File['/etc/check_mk/mrpe.cfg']; 'Tapicero_Heartbeat': incl => '/etc/check_mk/mrpe.cfg', -- cgit v1.2.3 From ec24733308676d6822aaeaae6c17b042f7e2bf14 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 7 Jul 2015 16:22:36 -0400 Subject: Clean up left-over files from old way of leap-mx logging, this should stop the logrotate cron errors from happening. (#7058) Change-Id: Iceaeb8c17600fc23d2b1ca075546f8573c145760 --- puppet/modules/site_config/manifests/remove_files.pp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/puppet/modules/site_config/manifests/remove_files.pp b/puppet/modules/site_config/manifests/remove_files.pp index 3f46659c..b339e6af 100644 --- a/puppet/modules/site_config/manifests/remove_files.pp +++ b/puppet/modules/site_config/manifests/remove_files.pp @@ -27,6 +27,10 @@ class site_config::remove_files { path => '/var/log/', recurse => true, matches => 'leap_mx*'; + 'leap_mx_rotate': + path => '/var/log/leap/', + recurse => true, + matches => [ 'mx.log.[0-9]', 'mx.log.[0-9]?', 'mx.log.[6-9]?gz']; '/srv/leap/webapp/public/provider.json':; '/srv/leap/couchdb/designs/tmp_users': recurse => true, -- cgit v1.2.3 From 1e872b71382f94f9c2d63ccbcaa43ca7d6741b42 Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 9 Jul 2015 12:18:03 -0700 Subject: use latest amber for static nodes. --- puppet/modules/site_static/manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp index 2a198b57..1e7317a0 100644 --- a/puppet/modules/site_static/manifests/init.pp +++ b/puppet/modules/site_static/manifests/init.pp @@ -46,7 +46,7 @@ class site_static { } if (member($formats, 'amber')) { - rubygems::gem{'amber-0.3.4': } + rubygems::gem{'amber-0.3.7': } } create_resources(site_static::domain, $domains) -- cgit v1.2.3 From 2adbf36f656b68ef09f1d6dafdc9f1b8f99d8080 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Sun, 12 Jul 2015 12:14:11 -0400 Subject: Add emacs/vim modelines to Vagrantfile Makes most editors recognize Vagrantfile as a ruby file and do appropriate syntax highlighting --- Vagrantfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Vagrantfile b/Vagrantfile index 18590a8f..2d9b473e 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -1,3 +1,5 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : Vagrant.configure("2") do |config| config.vm.define :node1 do |config| -- cgit v1.2.3 From f1263dc48510c92366a1203beec84e9fd27e1c46 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Sun, 12 Jul 2015 23:06:38 -0400 Subject: vagrant: Increase Memory to 1GB leap_cli running puppet fails from lack of memory with the default amount of RAM --- Vagrantfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Vagrantfile b/Vagrantfile index 18590a8f..16f973cb 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -8,6 +8,7 @@ Vagrant.configure("2") do |config| config.vm.box = "LEAP/wheezy" #config.vm.network :private_network, ip: "10.5.5.102" config.vm.provider "virtualbox" do |v| + v.memory = 1024 v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"] v.name = "node1" end -- cgit v1.2.3 From 2bb4f3d3c350aaac569f0c6a8c7935f4c35ecfee Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Sun, 12 Jul 2015 23:31:15 -0400 Subject: vagrant: Fix variable shadowing in Vagrantfile I'm unsure if the two levels of config are actually required, but making the most minimal changes possible atm. --- Vagrantfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Vagrantfile b/Vagrantfile index 16f973cb..fdf92020 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -1,5 +1,7 @@ -Vagrant.configure("2") do |config| - config.vm.define :node1 do |config| +# -*- mode: ruby -*- +# vi: set ft=ruby : +Vagrant.configure("2") do |vagrant_config| + vagrant_config.vm.define :node1 do |config| # Please verify the sha512 sum of the downloaded box before importing it into vagrant ! # see https://leap.se/en/docs/platform/details/development#Verify.vagrantbox.download -- cgit v1.2.3 From c5f1790602b2a987f7cfb18b0da8e11e692cdd40 Mon Sep 17 00:00:00 2001 From: kwadronaut Date: Tue, 14 Jul 2015 13:55:49 +0000 Subject: bump amber version, taking care of puppet ordering with require. --- puppet/modules/site_static/manifests/init.pp | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp index e37d5ad2..a3fd9c1e 100644 --- a/puppet/modules/site_static/manifests/init.pp +++ b/puppet/modules/site_static/manifests/init.pp @@ -46,10 +46,13 @@ class site_static { } if (member($formats, 'amber')) { + rubygems::gem{'amber-0.3.7': + require => Package['zlib1g-dev'] + } + package { 'zlib1g-dev': - ensure => installed + ensure => installed } - rubygems::gem{'amber-0.3.4': } } create_resources(site_static::domain, $domains) @@ -57,4 +60,4 @@ class site_static { include site_shorewall::defaults include site_shorewall::service::http include site_shorewall::service::https -} +} \ No newline at end of file -- cgit v1.2.3 From d609a948520e38feb79892eec6c80f3915940444 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 21 Jul 2015 10:19:23 -0400 Subject: minor linting fix double quotes and indentation Change-Id: I79c28159d17e6256db3094f413d61dcdc9520dc6 --- puppet/modules/leap_mx/manifests/init.pp | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/puppet/modules/leap_mx/manifests/init.pp b/puppet/modules/leap_mx/manifests/init.pp index 6bcdd19a..2986f622 100644 --- a/puppet/modules/leap_mx/manifests/init.pp +++ b/puppet/modules/leap_mx/manifests/init.pp @@ -77,16 +77,16 @@ class leap_mx { } augeas { - "logrotate_mx": - context => "/files/etc/logrotate.d/leap-mx/rule", + 'logrotate_mx': + context => '/files/etc/logrotate.d/leap-mx/rule', changes => [ - "set file /var/log/leap/mx.log", - 'set rotate 5', - 'set schedule daily', - 'set compress compress', - 'set missingok missingok', - 'set ifempty notifempty', - 'set copytruncate copytruncate' - ] + 'set file /var/log/leap/mx.log', + 'set rotate 5', + 'set schedule daily', + 'set compress compress', + 'set missingok missingok', + 'set ifempty notifempty', + 'set copytruncate copytruncate' + ] } } -- cgit v1.2.3 From 7c071c8e5953922040175c9bfdb458effb982847 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 21 Jul 2015 11:00:50 -0400 Subject: Fix leap-mx logrotation to work with twistd (#7058) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We don't want to try and create the log file, twistd will do that. Don’t rename the log file from mx.log to mx.log.0, instead just copy it to mx.log.1, and then clear out mx.log so it’s empty (this is needed because leap-mx might assume that its file descriptor is still valid and continue trying to write to it, without this, leap-mx might lose data because it’ll assume the original log file is still around and continue to write to it, even though it’s gone)It’s a little dangerous because it’s possible that you might lose some logged data between the time that logrotate copies the new log file and truncates the old file (Caveat administrator). Finally, we don't want logrotate to complain if it finds mx.log, its ok if its there. Change-Id: I9952627f4d47e7a89a2915f6b72d82f9e6ca0d8b --- puppet/modules/leap_mx/manifests/init.pp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/puppet/modules/leap_mx/manifests/init.pp b/puppet/modules/leap_mx/manifests/init.pp index 2986f622..284662d2 100644 --- a/puppet/modules/leap_mx/manifests/init.pp +++ b/puppet/modules/leap_mx/manifests/init.pp @@ -83,9 +83,11 @@ class leap_mx { 'set file /var/log/leap/mx.log', 'set rotate 5', 'set schedule daily', + 'clear nocreate', + 'rm create', + 'rm ifempty', 'set compress compress', 'set missingok missingok', - 'set ifempty notifempty', 'set copytruncate copytruncate' ] } -- cgit v1.2.3 From 21af45fd2156e16786e3476c779115662ecb72a7 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 21 Jul 2015 15:47:44 -0400 Subject: Increase tapicero heatbeat nagios checks (#7275) Increase warning/critical thresholds for time between tapicero heartbeat checks so it will emit less false positives Change-Id: I0f97373d88658b7f17b2c4e8c1963198dc3f66ed --- puppet/modules/site_check_mk/manifests/agent/tapicero.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/puppet/modules/site_check_mk/manifests/agent/tapicero.pp b/puppet/modules/site_check_mk/manifests/agent/tapicero.pp index ad9962d4..8505b34a 100644 --- a/puppet/modules/site_check_mk/manifests/agent/tapicero.pp +++ b/puppet/modules/site_check_mk/manifests/agent/tapicero.pp @@ -20,7 +20,7 @@ class site_check_mk::agent::tapicero { 'Tapicero_Heartbeat': incl => '/etc/check_mk/mrpe.cfg', lens => 'Spacevars.lns', - changes => 'set Tapicero_Heartbeat \'/usr/local/lib/nagios/plugins/check_last_regex_in_log -f /var/log/leap/tapicero.log -r "tapicero" -w 300 -c 600\'', + changes => 'set Tapicero_Heartbeat \'/usr/local/lib/nagios/plugins/check_last_regex_in_log -f /var/log/leap/tapicero.log -r "tapicero" -w 1200 -c 2400\'', require => File['/etc/check_mk/mrpe.cfg']; } } -- cgit v1.2.3 From 2761fa77394d5a2857812de840e49172d0e486fb Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 23 Jul 2015 10:10:05 -0400 Subject: update CHANGES.md for the latest set of information Change-Id: I06e29515a28af8688d839fffa01a3dfe7fc8a2fc --- CHANGES.md | 55 ++++++------------------------------------------------- 1 file changed, 6 insertions(+), 49 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 6540bd0c..67d8edc1 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,9 +1,9 @@ -Platform 0.7.0 +Platform 0.7.1 ----------------------- Compatibility: -* Requires leap_cli version 1.7.2 +* Requires leap_cli version 1.7.4 * Requires bitmask client version >= 0.7 * Previous releases supported cookies when using the provider API. Now, only tokens are supported. @@ -13,55 +13,12 @@ Compatibility: * webapp 0.7 * soledad 0.7 -Commits: https://leap.se/git/leap_platform.git/shortlog/refs/tags/0.7.0 -Issues fixed: https://leap.se/code/versions/168 +Commits: https://leap.se/git/leap_platform.git/shortlog/refs/tags/0.7.1 +Issues fixed: https://leap.se/code/versions/159 Upgrading: -* `gem install leap_cli --version 1.7.2`. -* `cd leap_platform; git pull; git checkout 0.7.0`. +* `gem install leap_cli --version 1.7.4`. +* `cd leap_platform; git pull; git checkout 0.7.1`. * `leap deploy` -* `leap db destroy --db sessions,tokens` You can ignore message about needing to redeploy (since, in this case, we just want to permanently delete those databases). * `leap test` to make sure everything is working - -New features: - -* rotating couchdb databases: CouchDB is not designed to handle ephemeral data, like sessions, because documents are never really deleted (a tombstone document is always kept to record the deletion). To overcome this limitation, we now rotate the `sessions` and `tokens` databases monthly. The new database names are `tokens_XXX` and `sessions_XXX` where XXX is a counter since the epoch that increments every month (not a calendar month, but a month's worth of seconds). Additionally, nagios checks and `leap test run` now will create and destroy test users in the `tmp_users` database, which will get periodically deleted and recreated. -* deployment logging: information on every deploy is logged to `/var/log/leap` on the node, including the user, leap_cli version, and platform version. -* you must now run `leap deploy --downgrade` if you want to deploy an older version over a newer platform version. -* the install source for each custom daemons (e.g. tapicero, etc) can now configured in `common.json`. -* you can configure apt sources in common.json -* improved nagios graphs integration (with pnp4nagios) -* default MTU was reduced to 1400 for better overall compatibility -* install haveged for some minimal entropy on depleted systems -* switch to release branches for webapp, tapicero -* implement weakdh recommendations, and update minimal cipher lists for web TLS connections -* many bug bugfixes, security improvements, and tests - - -Platform 0.6 -------------------------------------- - -Compatibility: - -* Requires leap_cli version 1.6 -* Requires bitmask client version >= 0.5 - -Commits: https://leap.se/git/leap_platform.git/shortlog/refs/tags/0.6.0 - -New features: - -* single node deployment -* include custom puppet modules and manifests -* couch flexibility -* stunnel rework -* new debian repository structure -* dependency pinning -* leap_cli modularization -* improved cert generation -* monitoring improvements such as per-environment tooling and notifications -* tor hidden service support -* switch away from NIST curve and ensure TLSv1 is used -* tests made significantly more robust -* add support for webapp deployment to a subdomain -* many, many bugfixes and stability improvements -- cgit v1.2.3