From ec24733308676d6822aaeaae6c17b042f7e2bf14 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 7 Jul 2015 16:22:36 -0400 Subject: Clean up left-over files from old way of leap-mx logging, this should stop the logrotate cron errors from happening. (#7058) Change-Id: Iceaeb8c17600fc23d2b1ca075546f8573c145760 --- puppet/modules/site_config/manifests/remove_files.pp | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/remove_files.pp b/puppet/modules/site_config/manifests/remove_files.pp index 3f46659c..b339e6af 100644 --- a/puppet/modules/site_config/manifests/remove_files.pp +++ b/puppet/modules/site_config/manifests/remove_files.pp @@ -27,6 +27,10 @@ class site_config::remove_files { path => '/var/log/', recurse => true, matches => 'leap_mx*'; + 'leap_mx_rotate': + path => '/var/log/leap/', + recurse => true, + matches => [ 'mx.log.[0-9]', 'mx.log.[0-9]?', 'mx.log.[6-9]?gz']; '/srv/leap/webapp/public/provider.json':; '/srv/leap/couchdb/designs/tmp_users': recurse => true, -- cgit v1.2.3 From 5e21bb0d2415de0a40adfaa3b149313c459e7947 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 11 Aug 2015 14:57:58 +0200 Subject: Don't use check_mk logwatch to watch bigcouch logs anymore (#7375) The rationale here is: - bigcouch/its included erlang version is incredibly noisy and spits out warnings/error msgs all the time - it uses the worst logging format i ever saw, multiple lines directly to a file (couch 2.0 uses lager as logging backend which can log to syslog) - trying to sort out the false positives will take too much time, and who knows which of them will be resolved in couch 1.6/2.0 Change-Id: Idbe6b37a19cd65ce31a50d4c28eedb4cf15ba3b5 --- puppet/modules/site_config/manifests/remove_files.pp | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/remove_files.pp b/puppet/modules/site_config/manifests/remove_files.pp index b339e6af..a9a0c8bf 100644 --- a/puppet/modules/site_config/manifests/remove_files.pp +++ b/puppet/modules/site_config/manifests/remove_files.pp @@ -46,5 +46,22 @@ class site_config::remove_files { onlyif => "/bin/grep -qe 'leap_mx.log' /etc/check_mk/logwatch.state" } - + # Don't use check_mk logwatch to watch bigcouch logs anymore + # see https://leap.se/code/issues/7375 for more details + file { '/etc/check_mk/logwatch.d/bigcouch.cfg': + ensure => absent, + notify => [ + Exec['remove_bigcouch_logwatch_spoolfiles'], + Exec['remove_bigcouch_logwatch_stateline'] + ] + } + # remove leftover bigcouch logwatch spool files + exec { 'remove_bigcouch_logwatch_spoolfiles': + command => 'find /var/lib/check_mk/logwatch -name \'\\opt\\bigcouch\\var\\log\\bigcouch.log\' -exec rm {} \;', + refreshonly => true, + } + exec { 'remove_bigcouch_logwatch_stateline': + command => "sed -i '/bigcouch.log/d' /etc/check_mk/logwatch.state", + refreshonly => true, + } } -- cgit v1.2.3 From bbc95640557e200a5a4e463f451ed647692dc0a3 Mon Sep 17 00:00:00 2001 From: Micah Date: Sat, 19 Sep 2015 22:19:44 -0400 Subject: Remove no longer used vhost for leap_webapp (#7475) The configuration /etc/apache/sites-enabled/leap_webapp.conf was never removed after 6255e58bf9ff3489bf2707bc2be9759ec5c7db68 made it obsolete, and because it exists on older systems, it is being used instead of the correct common.conf. This removes it and reloads apache. Change-Id: Ic4c9901f4bba869ecb3dfe5362dfd1971570f89a --- puppet/modules/site_config/manifests/remove_files.pp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/remove_files.pp b/puppet/modules/site_config/manifests/remove_files.pp index a9a0c8bf..e2ab3c2e 100644 --- a/puppet/modules/site_config/manifests/remove_files.pp +++ b/puppet/modules/site_config/manifests/remove_files.pp @@ -23,6 +23,8 @@ class site_config::remove_files { '/etc/logrotate.d/mx':; '/etc/logrotate.d/stunnel':; '/var/log/stunnel4/stunnel.log':; + '/etc/apache/sites-enabled/leap_webapp.conf': + notify => Service['apache']; 'leap_mx': path => '/var/log/', recurse => true, -- cgit v1.2.3 From 4b26c0f30980789844c747e796c12958f51c932c Mon Sep 17 00:00:00 2001 From: Micah Date: Thu, 24 Sep 2015 11:25:48 -0400 Subject: fix missing service dependency error this tidy should only happen on webapp nodes Change-Id: I56faac4fa28fde9dcad7ce9a6ed0d684630a556e --- puppet/modules/site_config/manifests/remove_files.pp | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/remove_files.pp b/puppet/modules/site_config/manifests/remove_files.pp index e2ab3c2e..51d1ea88 100644 --- a/puppet/modules/site_config/manifests/remove_files.pp +++ b/puppet/modules/site_config/manifests/remove_files.pp @@ -23,8 +23,6 @@ class site_config::remove_files { '/etc/logrotate.d/mx':; '/etc/logrotate.d/stunnel':; '/var/log/stunnel4/stunnel.log':; - '/etc/apache/sites-enabled/leap_webapp.conf': - notify => Service['apache']; 'leap_mx': path => '/var/log/', recurse => true, @@ -39,6 +37,13 @@ class site_config::remove_files { rmdirs => true; } + if member($::services, 'webapp') { + tidy { + '/etc/apache/sites-enabled/leap_webapp.conf': + notify => Service['apache']; + } + } + # leax-mx logged to /var/log/leap_mx.log in the past # we need to use a dumb exec here because file_line doesn't # allow removing lines that match a regex in the current version -- cgit v1.2.3 From 14bcd5b08e3059e44e90f080c29fc6e8054cf193 Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 24 Sep 2015 13:34:49 -0700 Subject: do not remove /var/log/leap/mx.log.*, this is where leap_mx is logging. --- puppet/modules/site_config/manifests/remove_files.pp | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/remove_files.pp b/puppet/modules/site_config/manifests/remove_files.pp index e2ab3c2e..776c3731 100644 --- a/puppet/modules/site_config/manifests/remove_files.pp +++ b/puppet/modules/site_config/manifests/remove_files.pp @@ -11,6 +11,16 @@ class site_config::remove_files { + # + # Platform 0.8 removals + # + + tidy { + '/etc/apache/sites-enabled/leap_webapp.conf': + notify => Service['apache']; + } + + # # Platform 0.7 removals # @@ -23,16 +33,10 @@ class site_config::remove_files { '/etc/logrotate.d/mx':; '/etc/logrotate.d/stunnel':; '/var/log/stunnel4/stunnel.log':; - '/etc/apache/sites-enabled/leap_webapp.conf': - notify => Service['apache']; 'leap_mx': path => '/var/log/', recurse => true, matches => 'leap_mx*'; - 'leap_mx_rotate': - path => '/var/log/leap/', - recurse => true, - matches => [ 'mx.log.[0-9]', 'mx.log.[0-9]?', 'mx.log.[6-9]?gz']; '/srv/leap/webapp/public/provider.json':; '/srv/leap/couchdb/designs/tmp_users': recurse => true, -- cgit v1.2.3 From 5cc27111151083d0a8e5098505a0024c2d2ea201 Mon Sep 17 00:00:00 2001 From: Micah Date: Thu, 24 Sep 2015 11:25:48 -0400 Subject: fix missing service dependency error this tidy should only happen on webapp nodes Change-Id: I56faac4fa28fde9dcad7ce9a6ed0d684630a556e --- puppet/modules/site_config/manifests/remove_files.pp | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/remove_files.pp b/puppet/modules/site_config/manifests/remove_files.pp index 776c3731..8b2f9541 100644 --- a/puppet/modules/site_config/manifests/remove_files.pp +++ b/puppet/modules/site_config/manifests/remove_files.pp @@ -43,6 +43,13 @@ class site_config::remove_files { rmdirs => true; } + if member($::services, 'webapp') { + tidy { + '/etc/apache/sites-enabled/leap_webapp.conf': + notify => Service['apache']; + } + } + # leax-mx logged to /var/log/leap_mx.log in the past # we need to use a dumb exec here because file_line doesn't # allow removing lines that match a regex in the current version -- cgit v1.2.3 From 4fc7419598a3baf564f063b7330b9cf9115420b5 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 1 Oct 2015 12:06:02 +0200 Subject: [feat] Create-user-db: use couchdb admin rights - create soledad-admin user - deploy netrc file for userdb creation - Move soledad-server.conf from /etc/leap to /etc/soledad - make soledad-server.conf group-accessible for the soledad group, so the soledad-admin user can read it - Resolves: #7502 --- puppet/modules/site_config/manifests/remove_files.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/remove_files.pp b/puppet/modules/site_config/manifests/remove_files.pp index 776c3731..3532c0f0 100644 --- a/puppet/modules/site_config/manifests/remove_files.pp +++ b/puppet/modules/site_config/manifests/remove_files.pp @@ -41,6 +41,7 @@ class site_config::remove_files { '/srv/leap/couchdb/designs/tmp_users': recurse => true, rmdirs => true; + '/etc/leap/soledad-server.conf':; } # leax-mx logged to /var/log/leap_mx.log in the past -- cgit v1.2.3 From 276b77cdcc0d169b84e046afe8763e2c52ff76fb Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 5 Oct 2015 15:22:25 +0200 Subject: [feat] remove tapicero leftovers Soledad now creates user-dbs, which has been done by tapicero in the past. we need to remove any leftovers from tapicero. --- puppet/modules/site_config/manifests/default.pp | 7 +- puppet/modules/site_config/manifests/remove.pp | 5 ++ .../modules/site_config/manifests/remove/files.pp | 74 ++++++++++++++++++++ .../site_config/manifests/remove/tapicero.pp | 57 +++++++++++++++ .../modules/site_config/manifests/remove_files.pp | 81 ---------------------- 5 files changed, 141 insertions(+), 83 deletions(-) create mode 100644 puppet/modules/site_config/manifests/remove.pp create mode 100644 puppet/modules/site_config/manifests/remove/files.pp create mode 100644 puppet/modules/site_config/manifests/remove/tapicero.pp delete mode 100644 puppet/modules/site_config/manifests/remove_files.pp (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp index e69e4b7b..6b10dc19 100644 --- a/puppet/modules/site_config/manifests/default.pp +++ b/puppet/modules/site_config/manifests/default.pp @@ -1,3 +1,4 @@ +# common things to set up on every node class site_config::default { tag 'leap_base' @@ -29,7 +30,7 @@ class site_config::default { # i.e. openstack/aws nodes, vagrant nodes # fix dhclient from changing resolver information - if $::dhcp_enabled == 'true' { + if $::dhcp_enabled == 'true' { include site_config::dhclient } @@ -58,7 +59,9 @@ class site_config::default { # set up core leap files and directories include site_config::files - include site_config::remove_files + + # remove leftovers from previous deploys + include site_config::remove if ! member($services, 'mx') { include site_postfix::satellite diff --git a/puppet/modules/site_config/manifests/remove.pp b/puppet/modules/site_config/manifests/remove.pp new file mode 100644 index 00000000..00502c0a --- /dev/null +++ b/puppet/modules/site_config/manifests/remove.pp @@ -0,0 +1,5 @@ +# remove leftovers from previous deploys +class site_config::remove { + include site_config::remove::files + include site_config::remove::tapicero +} diff --git a/puppet/modules/site_config/manifests/remove/files.pp b/puppet/modules/site_config/manifests/remove/files.pp new file mode 100644 index 00000000..feff7c05 --- /dev/null +++ b/puppet/modules/site_config/manifests/remove/files.pp @@ -0,0 +1,74 @@ +# +# Sometimes when we upgrade the platform, we need to ensure that files that +# the platform previously created will get removed. +# +# These file removals don't need to be kept forever: we only need to remove +# files that are present in the prior platform release. +# +# We can assume that the every node is upgraded from the previous platform +# release. +# + +class site_config::remove::files { + + # + # Platform 0.8 removals + # + + tidy { + '/etc/apache/sites-enabled/leap_webapp.conf': + notify => Service['apache']; + } + + + # + # Platform 0.7 removals + # + + tidy { + '/etc/rsyslog.d/99-tapicero.conf':; + '/etc/rsyslog.d/99-leap-mx.conf':; + '/etc/rsyslog.d/01-webapp.conf':; + '/etc/rsyslog.d/50-stunnel.conf':; + '/etc/logrotate.d/mx':; + '/etc/logrotate.d/stunnel':; + '/var/log/stunnel4/stunnel.log':; + 'leap_mx': + path => '/var/log/', + recurse => true, + matches => 'leap_mx*'; + '/srv/leap/webapp/public/provider.json':; + '/srv/leap/couchdb/designs/tmp_users': + recurse => true, + rmdirs => true; + '/etc/leap/soledad-server.conf':; + } + + # leax-mx logged to /var/log/leap_mx.log in the past + # we need to use a dumb exec here because file_line doesn't + # allow removing lines that match a regex in the current version + # of stdlib, see https://tickets.puppetlabs.com/browse/MODULES-1903 + exec { 'rm_old_leap_mx_log_destination': + command => "/bin/sed -i '/leap_mx.log/d' /etc/check_mk/logwatch.state", + onlyif => "/bin/grep -qe 'leap_mx.log' /etc/check_mk/logwatch.state" + } + + # Don't use check_mk logwatch to watch bigcouch logs anymore + # see https://leap.se/code/issues/7375 for more details + file { '/etc/check_mk/logwatch.d/bigcouch.cfg': + ensure => absent, + notify => [ + Exec['remove_bigcouch_logwatch_spoolfiles'], + Exec['remove_bigcouch_logwatch_stateline'] + ] + } + # remove leftover bigcouch logwatch spool files + exec { 'remove_bigcouch_logwatch_spoolfiles': + command => 'find /var/lib/check_mk/logwatch -name \'\\opt\\bigcouch\\var\\log\\bigcouch.log\' -exec rm {} \;', + refreshonly => true, + } + exec { 'remove_bigcouch_logwatch_stateline': + command => "sed -i '/bigcouch.log/d' /etc/check_mk/logwatch.state", + refreshonly => true, + } +} diff --git a/puppet/modules/site_config/manifests/remove/tapicero.pp b/puppet/modules/site_config/manifests/remove/tapicero.pp new file mode 100644 index 00000000..765f7428 --- /dev/null +++ b/puppet/modules/site_config/manifests/remove/tapicero.pp @@ -0,0 +1,57 @@ +# remove tapicero leftovers from previous deploys +class site_config::remove::tapicero { + + exec { 'kill_tapicero': + onlyif => '/usr/bin/test -s /var/run/tapicero.pid', + command => '/usr/bin/pkill --pidfile /var/run/tapicero.pid' + } + + user { 'tapicero': + ensure => absent; + } + + group { 'tapicero': + ensure => absent, + require => User['tapicero']; + } + + tidy { + '/srv/leap/tapicero': + recurse => true, + require => [ Exec['kill_tapicero'] ]; + '/var/lib/leap/tapicero': + require => [ Exec['kill_tapicero'] ]; + '/var/run/tapicero': + require => [ Exec['kill_tapicero'] ]; + '/etc/leap/tapicero.yaml': + require => [ Exec['kill_tapicero'] ]; + '/etc/init.d/tapicero': + require => [ Exec['kill_tapicero'] ]; + 'tapicero_logs': + path => '/var/log/leap', + recurse => true, + matches => 'tapicero*', + require => [ Exec['kill_tapicero'] ]; + '/etc/check_mk/logwatch.d/tapicero.cfg':; + 'checkmk_logwatch_spool': + path => '/var/lib/check_mk/logwatch', + recurse => true, + matches => '*tapicero.log', + require => [ Exec['kill_tapicero'] ]; + } + + # remove local nagios plugin checks via mrpe + augeas { + 'Tapicero_Procs': + incl => '/etc/check_mk/mrpe.cfg', + lens => 'Spacevars.lns', + changes => 'rm /files/etc/check_mk/mrpe.cfg/Tapicero_Procs', + require => File['/etc/check_mk/mrpe.cfg']; + 'Tapicero_Heartbeat': + incl => '/etc/check_mk/mrpe.cfg', + lens => 'Spacevars.lns', + changes => 'rm Tapicero_Heartbeat', + require => File['/etc/check_mk/mrpe.cfg']; + } + +} diff --git a/puppet/modules/site_config/manifests/remove_files.pp b/puppet/modules/site_config/manifests/remove_files.pp deleted file mode 100644 index 07487d6a..00000000 --- a/puppet/modules/site_config/manifests/remove_files.pp +++ /dev/null @@ -1,81 +0,0 @@ -# -# Sometimes when we upgrade the platform, we need to ensure that files that -# the platform previously created will get removed. -# -# These file removals don't need to be kept forever: we only need to remove -# files that are present in the prior platform release. -# -# We can assume that the every node is upgraded from the previous platform -# release. -# - -class site_config::remove_files { - - # - # Platform 0.8 removals - # - - tidy { - '/etc/apache/sites-enabled/leap_webapp.conf': - notify => Service['apache']; - } - - - # - # Platform 0.7 removals - # - - tidy { - '/etc/rsyslog.d/99-tapicero.conf':; - '/etc/rsyslog.d/99-leap-mx.conf':; - '/etc/rsyslog.d/01-webapp.conf':; - '/etc/rsyslog.d/50-stunnel.conf':; - '/etc/logrotate.d/mx':; - '/etc/logrotate.d/stunnel':; - '/var/log/stunnel4/stunnel.log':; - 'leap_mx': - path => '/var/log/', - recurse => true, - matches => 'leap_mx*'; - '/srv/leap/webapp/public/provider.json':; - '/srv/leap/couchdb/designs/tmp_users': - recurse => true, - rmdirs => true; - '/etc/leap/soledad-server.conf':; - } - - if member($::services, 'webapp') { - tidy { - '/etc/apache/sites-enabled/leap_webapp.conf': - notify => Service['apache']; - } - } - - # leax-mx logged to /var/log/leap_mx.log in the past - # we need to use a dumb exec here because file_line doesn't - # allow removing lines that match a regex in the current version - # of stdlib, see https://tickets.puppetlabs.com/browse/MODULES-1903 - exec { 'rm_old_leap_mx_log_destination': - command => "/bin/sed -i '/leap_mx.log/d' /etc/check_mk/logwatch.state", - onlyif => "/bin/grep -qe 'leap_mx.log' /etc/check_mk/logwatch.state" - } - - # Don't use check_mk logwatch to watch bigcouch logs anymore - # see https://leap.se/code/issues/7375 for more details - file { '/etc/check_mk/logwatch.d/bigcouch.cfg': - ensure => absent, - notify => [ - Exec['remove_bigcouch_logwatch_spoolfiles'], - Exec['remove_bigcouch_logwatch_stateline'] - ] - } - # remove leftover bigcouch logwatch spool files - exec { 'remove_bigcouch_logwatch_spoolfiles': - command => 'find /var/lib/check_mk/logwatch -name \'\\opt\\bigcouch\\var\\log\\bigcouch.log\' -exec rm {} \;', - refreshonly => true, - } - exec { 'remove_bigcouch_logwatch_stateline': - command => "sed -i '/bigcouch.log/d' /etc/check_mk/logwatch.state", - refreshonly => true, - } -} -- cgit v1.2.3 From b1e50fc76ddece9944ae253da9bacd485ffea84b Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 6 Oct 2015 13:23:56 +0200 Subject: [feat] Remove tapicero from more places Remove from: - platform white-box tests (couchdb user ACLs, tapicero daemon test) - provider_base/ dir that handles the compilation of the hiera config file - Resolves: #7501 --- puppet/modules/site_config/manifests/remove/tapicero.pp | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/remove/tapicero.pp b/puppet/modules/site_config/manifests/remove/tapicero.pp index 765f7428..497cf8b2 100644 --- a/puppet/modules/site_config/manifests/remove/tapicero.pp +++ b/puppet/modules/site_config/manifests/remove/tapicero.pp @@ -32,12 +32,14 @@ class site_config::remove::tapicero { recurse => true, matches => 'tapicero*', require => [ Exec['kill_tapicero'] ]; - '/etc/check_mk/logwatch.d/tapicero.cfg':; + '/etc/check_mk/logwatch.d/tapicero.cfg': + notify => Exec['check_mk-refresh']; 'checkmk_logwatch_spool': path => '/var/lib/check_mk/logwatch', recurse => true, matches => '*tapicero.log', - require => [ Exec['kill_tapicero'] ]; + require => Exec['kill_tapicero'], + notify => Exec['check_mk-refresh']; } # remove local nagios plugin checks via mrpe @@ -46,12 +48,14 @@ class site_config::remove::tapicero { incl => '/etc/check_mk/mrpe.cfg', lens => 'Spacevars.lns', changes => 'rm /files/etc/check_mk/mrpe.cfg/Tapicero_Procs', - require => File['/etc/check_mk/mrpe.cfg']; + require => File['/etc/check_mk/mrpe.cfg'], + notify => Exec['check_mk-refresh']; 'Tapicero_Heartbeat': incl => '/etc/check_mk/mrpe.cfg', lens => 'Spacevars.lns', changes => 'rm Tapicero_Heartbeat', - require => File['/etc/check_mk/mrpe.cfg']; + require => File['/etc/check_mk/mrpe.cfg'], + notify => Exec['check_mk-refresh']; } } -- cgit v1.2.3 From 2b0386bee6525dda705152031d7125bc30b65269 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 7 Oct 2015 10:57:24 +0200 Subject: [bug] Fix removal of webapp apache config file Done by including a service-dependend site_config::remove::webapp class. --- puppet/modules/site_config/manifests/remove/files.pp | 17 ----------------- puppet/modules/site_config/manifests/remove/webapp.pp | 7 +++++++ 2 files changed, 7 insertions(+), 17 deletions(-) create mode 100644 puppet/modules/site_config/manifests/remove/webapp.pp (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/remove/files.pp b/puppet/modules/site_config/manifests/remove/files.pp index 66647d31..466f50c8 100644 --- a/puppet/modules/site_config/manifests/remove/files.pp +++ b/puppet/modules/site_config/manifests/remove/files.pp @@ -11,16 +11,6 @@ class site_config::remove::files { - # - # Platform 0.8 removals - # - - tidy { - '/etc/apache/sites-enabled/leap_webapp.conf': - notify => Service['apache']; - } - - # # Platform 0.7 removals # @@ -44,13 +34,6 @@ class site_config::remove::files { '/etc/leap/soledad-server.conf':; } - if member($::services, 'webapp') { - tidy { - '/etc/apache/sites-enabled/leap_webapp.conf': - notify => Service['apache']; - } - } - # leax-mx logged to /var/log/leap_mx.log in the past # we need to use a dumb exec here because file_line doesn't # allow removing lines that match a regex in the current version diff --git a/puppet/modules/site_config/manifests/remove/webapp.pp b/puppet/modules/site_config/manifests/remove/webapp.pp new file mode 100644 index 00000000..58f59815 --- /dev/null +++ b/puppet/modules/site_config/manifests/remove/webapp.pp @@ -0,0 +1,7 @@ +# remove leftovers on webapp nodes +class site_config::remove::webapp { + tidy { + '/etc/apache/sites-enabled/leap_webapp.conf': + notify => Service['apache']; + } +} -- cgit v1.2.3 From 89f609c97e43b06403706b81caf7a1c3e116bdf8 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 7 Oct 2015 11:17:11 +0200 Subject: [bug] Fix missing dependency (tapicero leftovers) We need to remove local check-mk-agent checks on the tapicero nodes, and want to notify the monitoring server to re-inventarize the local checks. This doesn't work when both services run on different hosts, it will fail with: Could not find dependent Exec[check_mk-refresh] for Tidy[checkmk_logwatch_spool] So i remove the notifies, because we will re-inventarize of local checks by a daily cronjob anyway, see #6873. ... - Resolves: #XYZ - Related: #XYZ - Documentation: #XYZ - Releases: XYZ --- puppet/modules/site_config/manifests/remove/tapicero.pp | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/remove/tapicero.pp b/puppet/modules/site_config/manifests/remove/tapicero.pp index 497cf8b2..edb4e393 100644 --- a/puppet/modules/site_config/manifests/remove/tapicero.pp +++ b/puppet/modules/site_config/manifests/remove/tapicero.pp @@ -32,14 +32,12 @@ class site_config::remove::tapicero { recurse => true, matches => 'tapicero*', require => [ Exec['kill_tapicero'] ]; - '/etc/check_mk/logwatch.d/tapicero.cfg': - notify => Exec['check_mk-refresh']; + '/etc/check_mk/logwatch.d/tapicero.cfg':; 'checkmk_logwatch_spool': path => '/var/lib/check_mk/logwatch', recurse => true, matches => '*tapicero.log', require => Exec['kill_tapicero'], - notify => Exec['check_mk-refresh']; } # remove local nagios plugin checks via mrpe @@ -48,14 +46,12 @@ class site_config::remove::tapicero { incl => '/etc/check_mk/mrpe.cfg', lens => 'Spacevars.lns', changes => 'rm /files/etc/check_mk/mrpe.cfg/Tapicero_Procs', - require => File['/etc/check_mk/mrpe.cfg'], - notify => Exec['check_mk-refresh']; + require => File['/etc/check_mk/mrpe.cfg']; 'Tapicero_Heartbeat': incl => '/etc/check_mk/mrpe.cfg', lens => 'Spacevars.lns', changes => 'rm Tapicero_Heartbeat', - require => File['/etc/check_mk/mrpe.cfg'], - notify => Exec['check_mk-refresh']; + require => File['/etc/check_mk/mrpe.cfg']; } } -- cgit v1.2.3 From 19e5d23e3fe34199265117e033acfabc3cff9109 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 12 Oct 2015 16:30:58 +0200 Subject: [feat] Remove tapicero couchdb user - Resolves: #7514 --- puppet/modules/site_config/manifests/remove.pp | 1 - .../site_config/manifests/remove/monitoring.pp | 10 +++++++++ .../site_config/manifests/remove/tapicero.pp | 24 ++++++++++++++++------ 3 files changed, 28 insertions(+), 7 deletions(-) create mode 100644 puppet/modules/site_config/manifests/remove/monitoring.pp (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/remove.pp b/puppet/modules/site_config/manifests/remove.pp index 00502c0a..b1ad1a2b 100644 --- a/puppet/modules/site_config/manifests/remove.pp +++ b/puppet/modules/site_config/manifests/remove.pp @@ -1,5 +1,4 @@ # remove leftovers from previous deploys class site_config::remove { include site_config::remove::files - include site_config::remove::tapicero } diff --git a/puppet/modules/site_config/manifests/remove/monitoring.pp b/puppet/modules/site_config/manifests/remove/monitoring.pp new file mode 100644 index 00000000..d7095597 --- /dev/null +++ b/puppet/modules/site_config/manifests/remove/monitoring.pp @@ -0,0 +1,10 @@ +# remove leftovers on monitoring nodes +class site_config::remove::monitoring { + + tidy { + 'checkmk_logwatch_spool': + path => '/var/lib/check_mk/logwatch', + recurse => true, + matches => '*tapicero.log' + } +} diff --git a/puppet/modules/site_config/manifests/remove/tapicero.pp b/puppet/modules/site_config/manifests/remove/tapicero.pp index edb4e393..4ce972d0 100644 --- a/puppet/modules/site_config/manifests/remove/tapicero.pp +++ b/puppet/modules/site_config/manifests/remove/tapicero.pp @@ -1,6 +1,23 @@ -# remove tapicero leftovers from previous deploys +# remove tapicero leftovers from previous deploys on couchdb nodes class site_config::remove::tapicero { + # remove tapicero couchdb user + $couchdb_config = hiera('couch') + $couchdb_mode = $couchdb_config['mode'] + + if $couchdb_mode == 'multimaster' + { + $port = 5986 + } else { + $port = 5984 + } + + exec { 'remove_couchdb_user': + onlyif => "/usr/bin/curl -s 127.0.0.1:${port}/_users/org.couchdb.user:tapicero | grep -qv 'not_found'", + command => "/usr/local/bin/couch-doc-update --host 127.0.0.1:${port} --db _users --id org.couchdb.user:tapicero --delete" + } + + exec { 'kill_tapicero': onlyif => '/usr/bin/test -s /var/run/tapicero.pid', command => '/usr/bin/pkill --pidfile /var/run/tapicero.pid' @@ -33,11 +50,6 @@ class site_config::remove::tapicero { matches => 'tapicero*', require => [ Exec['kill_tapicero'] ]; '/etc/check_mk/logwatch.d/tapicero.cfg':; - 'checkmk_logwatch_spool': - path => '/var/lib/check_mk/logwatch', - recurse => true, - matches => '*tapicero.log', - require => Exec['kill_tapicero'], } # remove local nagios plugin checks via mrpe -- cgit v1.2.3 From e97a9d3800b173375a630e18e4b1aa0894eb96e1 Mon Sep 17 00:00:00 2001 From: Micah Date: Tue, 20 Oct 2015 17:14:21 -0400 Subject: Add basic DKIM support, this requires changes in leap_cli detailed in issue #5924 Change-Id: I6aa1e7751633407d441cbc6436d8426d37dbbfa7 --- puppet/modules/site_config/manifests/x509/dkim/key.pp | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 puppet/modules/site_config/manifests/x509/dkim/key.pp (limited to 'puppet/modules/site_config/manifests') diff --git a/puppet/modules/site_config/manifests/x509/dkim/key.pp b/puppet/modules/site_config/manifests/x509/dkim/key.pp new file mode 100644 index 00000000..c63a7e94 --- /dev/null +++ b/puppet/modules/site_config/manifests/x509/dkim/key.pp @@ -0,0 +1,13 @@ +class site_config::x509::dkim::key { + + ## + ## This is for the DKIM key that is used exclusively for DKIM + ## signing + + $x509 = hiera('x509') + $key = $x509['dkim_key'] + + x509::key { 'dkim': + content => $key + } +} -- cgit v1.2.3