From 5e21bb0d2415de0a40adfaa3b149313c459e7947 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 11 Aug 2015 14:57:58 +0200 Subject: Don't use check_mk logwatch to watch bigcouch logs anymore (#7375) The rationale here is: - bigcouch/its included erlang version is incredibly noisy and spits out warnings/error msgs all the time - it uses the worst logging format i ever saw, multiple lines directly to a file (couch 2.0 uses lager as logging backend which can log to syslog) - trying to sort out the false positives will take too much time, and who knows which of them will be resolved in couch 1.6/2.0 Change-Id: Idbe6b37a19cd65ce31a50d4c28eedb4cf15ba3b5 --- puppet/modules/site_config/manifests/remove_files.pp | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/remove_files.pp b/puppet/modules/site_config/manifests/remove_files.pp index b339e6af..a9a0c8bf 100644 --- a/puppet/modules/site_config/manifests/remove_files.pp +++ b/puppet/modules/site_config/manifests/remove_files.pp @@ -46,5 +46,22 @@ class site_config::remove_files { onlyif => "/bin/grep -qe 'leap_mx.log' /etc/check_mk/logwatch.state" } - + # Don't use check_mk logwatch to watch bigcouch logs anymore + # see https://leap.se/code/issues/7375 for more details + file { '/etc/check_mk/logwatch.d/bigcouch.cfg': + ensure => absent, + notify => [ + Exec['remove_bigcouch_logwatch_spoolfiles'], + Exec['remove_bigcouch_logwatch_stateline'] + ] + } + # remove leftover bigcouch logwatch spool files + exec { 'remove_bigcouch_logwatch_spoolfiles': + command => 'find /var/lib/check_mk/logwatch -name \'\\opt\\bigcouch\\var\\log\\bigcouch.log\' -exec rm {} \;', + refreshonly => true, + } + exec { 'remove_bigcouch_logwatch_stateline': + command => "sed -i '/bigcouch.log/d' /etc/check_mk/logwatch.state", + refreshonly => true, + } } -- cgit v1.2.3 From bbc95640557e200a5a4e463f451ed647692dc0a3 Mon Sep 17 00:00:00 2001 From: Micah Date: Sat, 19 Sep 2015 22:19:44 -0400 Subject: Remove no longer used vhost for leap_webapp (#7475) The configuration /etc/apache/sites-enabled/leap_webapp.conf was never removed after 6255e58bf9ff3489bf2707bc2be9759ec5c7db68 made it obsolete, and because it exists on older systems, it is being used instead of the correct common.conf. This removes it and reloads apache. Change-Id: Ic4c9901f4bba869ecb3dfe5362dfd1971570f89a --- puppet/modules/site_config/manifests/remove_files.pp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/remove_files.pp b/puppet/modules/site_config/manifests/remove_files.pp index a9a0c8bf..e2ab3c2e 100644 --- a/puppet/modules/site_config/manifests/remove_files.pp +++ b/puppet/modules/site_config/manifests/remove_files.pp @@ -23,6 +23,8 @@ class site_config::remove_files { '/etc/logrotate.d/mx':; '/etc/logrotate.d/stunnel':; '/var/log/stunnel4/stunnel.log':; + '/etc/apache/sites-enabled/leap_webapp.conf': + notify => Service['apache']; 'leap_mx': path => '/var/log/', recurse => true, -- cgit v1.2.3 From 4b26c0f30980789844c747e796c12958f51c932c Mon Sep 17 00:00:00 2001 From: Micah Date: Thu, 24 Sep 2015 11:25:48 -0400 Subject: fix missing service dependency error this tidy should only happen on webapp nodes Change-Id: I56faac4fa28fde9dcad7ce9a6ed0d684630a556e --- puppet/modules/site_config/manifests/remove_files.pp | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/remove_files.pp b/puppet/modules/site_config/manifests/remove_files.pp index e2ab3c2e..51d1ea88 100644 --- a/puppet/modules/site_config/manifests/remove_files.pp +++ b/puppet/modules/site_config/manifests/remove_files.pp @@ -23,8 +23,6 @@ class site_config::remove_files { '/etc/logrotate.d/mx':; '/etc/logrotate.d/stunnel':; '/var/log/stunnel4/stunnel.log':; - '/etc/apache/sites-enabled/leap_webapp.conf': - notify => Service['apache']; 'leap_mx': path => '/var/log/', recurse => true, @@ -39,6 +37,13 @@ class site_config::remove_files { rmdirs => true; } + if member($::services, 'webapp') { + tidy { + '/etc/apache/sites-enabled/leap_webapp.conf': + notify => Service['apache']; + } + } + # leax-mx logged to /var/log/leap_mx.log in the past # we need to use a dumb exec here because file_line doesn't # allow removing lines that match a regex in the current version -- cgit v1.2.3 From 14bcd5b08e3059e44e90f080c29fc6e8054cf193 Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 24 Sep 2015 13:34:49 -0700 Subject: do not remove /var/log/leap/mx.log.*, this is where leap_mx is logging. --- puppet/modules/site_config/manifests/remove_files.pp | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/remove_files.pp b/puppet/modules/site_config/manifests/remove_files.pp index e2ab3c2e..776c3731 100644 --- a/puppet/modules/site_config/manifests/remove_files.pp +++ b/puppet/modules/site_config/manifests/remove_files.pp @@ -11,6 +11,16 @@ class site_config::remove_files { + # + # Platform 0.8 removals + # + + tidy { + '/etc/apache/sites-enabled/leap_webapp.conf': + notify => Service['apache']; + } + + # # Platform 0.7 removals # @@ -23,16 +33,10 @@ class site_config::remove_files { '/etc/logrotate.d/mx':; '/etc/logrotate.d/stunnel':; '/var/log/stunnel4/stunnel.log':; - '/etc/apache/sites-enabled/leap_webapp.conf': - notify => Service['apache']; 'leap_mx': path => '/var/log/', recurse => true, matches => 'leap_mx*'; - 'leap_mx_rotate': - path => '/var/log/leap/', - recurse => true, - matches => [ 'mx.log.[0-9]', 'mx.log.[0-9]?', 'mx.log.[6-9]?gz']; '/srv/leap/webapp/public/provider.json':; '/srv/leap/couchdb/designs/tmp_users': recurse => true, -- cgit v1.2.3 From 5cc27111151083d0a8e5098505a0024c2d2ea201 Mon Sep 17 00:00:00 2001 From: Micah Date: Thu, 24 Sep 2015 11:25:48 -0400 Subject: fix missing service dependency error this tidy should only happen on webapp nodes Change-Id: I56faac4fa28fde9dcad7ce9a6ed0d684630a556e --- puppet/modules/site_config/manifests/remove_files.pp | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/remove_files.pp b/puppet/modules/site_config/manifests/remove_files.pp index 776c3731..8b2f9541 100644 --- a/puppet/modules/site_config/manifests/remove_files.pp +++ b/puppet/modules/site_config/manifests/remove_files.pp @@ -43,6 +43,13 @@ class site_config::remove_files { rmdirs => true; } + if member($::services, 'webapp') { + tidy { + '/etc/apache/sites-enabled/leap_webapp.conf': + notify => Service['apache']; + } + } + # leax-mx logged to /var/log/leap_mx.log in the past # we need to use a dumb exec here because file_line doesn't # allow removing lines that match a regex in the current version -- cgit v1.2.3 From 4fc7419598a3baf564f063b7330b9cf9115420b5 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 1 Oct 2015 12:06:02 +0200 Subject: [feat] Create-user-db: use couchdb admin rights - create soledad-admin user - deploy netrc file for userdb creation - Move soledad-server.conf from /etc/leap to /etc/soledad - make soledad-server.conf group-accessible for the soledad group, so the soledad-admin user can read it - Resolves: #7502 --- puppet/modules/site_config/manifests/remove_files.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/remove_files.pp b/puppet/modules/site_config/manifests/remove_files.pp index 776c3731..3532c0f0 100644 --- a/puppet/modules/site_config/manifests/remove_files.pp +++ b/puppet/modules/site_config/manifests/remove_files.pp @@ -41,6 +41,7 @@ class site_config::remove_files { '/srv/leap/couchdb/designs/tmp_users': recurse => true, rmdirs => true; + '/etc/leap/soledad-server.conf':; } # leax-mx logged to /var/log/leap_mx.log in the past -- cgit v1.2.3 From 276b77cdcc0d169b84e046afe8763e2c52ff76fb Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 5 Oct 2015 15:22:25 +0200 Subject: [feat] remove tapicero leftovers Soledad now creates user-dbs, which has been done by tapicero in the past. we need to remove any leftovers from tapicero. --- puppet/modules/site_config/manifests/default.pp | 7 +- puppet/modules/site_config/manifests/remove.pp | 5 ++ .../modules/site_config/manifests/remove/files.pp | 74 ++++++++++++++++++++ .../site_config/manifests/remove/tapicero.pp | 57 +++++++++++++++ .../modules/site_config/manifests/remove_files.pp | 81 ---------------------- 5 files changed, 141 insertions(+), 83 deletions(-) create mode 100644 puppet/modules/site_config/manifests/remove.pp create mode 100644 puppet/modules/site_config/manifests/remove/files.pp create mode 100644 puppet/modules/site_config/manifests/remove/tapicero.pp delete mode 100644 puppet/modules/site_config/manifests/remove_files.pp (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp index e69e4b7b..6b10dc19 100644 --- a/puppet/modules/site_config/manifests/default.pp +++ b/puppet/modules/site_config/manifests/default.pp @@ -1,3 +1,4 @@ +# common things to set up on every node class site_config::default { tag 'leap_base' @@ -29,7 +30,7 @@ class site_config::default { # i.e. openstack/aws nodes, vagrant nodes # fix dhclient from changing resolver information - if $::dhcp_enabled == 'true' { + if $::dhcp_enabled == 'true' { include site_config::dhclient } @@ -58,7 +59,9 @@ class site_config::default { # set up core leap files and directories include site_config::files - include site_config::remove_files + + # remove leftovers from previous deploys + include site_config::remove if ! member($services, 'mx') { include site_postfix::satellite diff --git a/puppet/modules/site_config/manifests/remove.pp b/puppet/modules/site_config/manifests/remove.pp new file mode 100644 index 00000000..00502c0a --- /dev/null +++ b/puppet/modules/site_config/manifests/remove.pp @@ -0,0 +1,5 @@ +# remove leftovers from previous deploys +class site_config::remove { + include site_config::remove::files + include site_config::remove::tapicero +} diff --git a/puppet/modules/site_config/manifests/remove/files.pp b/puppet/modules/site_config/manifests/remove/files.pp new file mode 100644 index 00000000..feff7c05 --- /dev/null +++ b/puppet/modules/site_config/manifests/remove/files.pp @@ -0,0 +1,74 @@ +# +# Sometimes when we upgrade the platform, we need to ensure that files that +# the platform previously created will get removed. +# +# These file removals don't need to be kept forever: we only need to remove +# files that are present in the prior platform release. +# +# We can assume that the every node is upgraded from the previous platform +# release. +# + +class site_config::remove::files { + + # + # Platform 0.8 removals + # + + tidy { + '/etc/apache/sites-enabled/leap_webapp.conf': + notify => Service['apache']; + } + + + # + # Platform 0.7 removals + # + + tidy { + '/etc/rsyslog.d/99-tapicero.conf':; + '/etc/rsyslog.d/99-leap-mx.conf':; + '/etc/rsyslog.d/01-webapp.conf':; + '/etc/rsyslog.d/50-stunnel.conf':; + '/etc/logrotate.d/mx':; + '/etc/logrotate.d/stunnel':; + '/var/log/stunnel4/stunnel.log':; + 'leap_mx': + path => '/var/log/', + recurse => true, + matches => 'leap_mx*'; + '/srv/leap/webapp/public/provider.json':; + '/srv/leap/couchdb/designs/tmp_users': + recurse => true, + rmdirs => true; + '/etc/leap/soledad-server.conf':; + } + + # leax-mx logged to /var/log/leap_mx.log in the past + # we need to use a dumb exec here because file_line doesn't + # allow removing lines that match a regex in the current version + # of stdlib, see https://tickets.puppetlabs.com/browse/MODULES-1903 + exec { 'rm_old_leap_mx_log_destination': + command => "/bin/sed -i '/leap_mx.log/d' /etc/check_mk/logwatch.state", + onlyif => "/bin/grep -qe 'leap_mx.log' /etc/check_mk/logwatch.state" + } + + # Don't use check_mk logwatch to watch bigcouch logs anymore + # see https://leap.se/code/issues/7375 for more details + file { '/etc/check_mk/logwatch.d/bigcouch.cfg': + ensure => absent, + notify => [ + Exec['remove_bigcouch_logwatch_spoolfiles'], + Exec['remove_bigcouch_logwatch_stateline'] + ] + } + # remove leftover bigcouch logwatch spool files + exec { 'remove_bigcouch_logwatch_spoolfiles': + command => 'find /var/lib/check_mk/logwatch -name \'\\opt\\bigcouch\\var\\log\\bigcouch.log\' -exec rm {} \;', + refreshonly => true, + } + exec { 'remove_bigcouch_logwatch_stateline': + command => "sed -i '/bigcouch.log/d' /etc/check_mk/logwatch.state", + refreshonly => true, + } +} diff --git a/puppet/modules/site_config/manifests/remove/tapicero.pp b/puppet/modules/site_config/manifests/remove/tapicero.pp new file mode 100644 index 00000000..765f7428 --- /dev/null +++ b/puppet/modules/site_config/manifests/remove/tapicero.pp @@ -0,0 +1,57 @@ +# remove tapicero leftovers from previous deploys +class site_config::remove::tapicero { + + exec { 'kill_tapicero': + onlyif => '/usr/bin/test -s /var/run/tapicero.pid', + command => '/usr/bin/pkill --pidfile /var/run/tapicero.pid' + } + + user { 'tapicero': + ensure => absent; + } + + group { 'tapicero': + ensure => absent, + require => User['tapicero']; + } + + tidy { + '/srv/leap/tapicero': + recurse => true, + require => [ Exec['kill_tapicero'] ]; + '/var/lib/leap/tapicero': + require => [ Exec['kill_tapicero'] ]; + '/var/run/tapicero': + require => [ Exec['kill_tapicero'] ]; + '/etc/leap/tapicero.yaml': + require => [ Exec['kill_tapicero'] ]; + '/etc/init.d/tapicero': + require => [ Exec['kill_tapicero'] ]; + 'tapicero_logs': + path => '/var/log/leap', + recurse => true, + matches => 'tapicero*', + require => [ Exec['kill_tapicero'] ]; + '/etc/check_mk/logwatch.d/tapicero.cfg':; + 'checkmk_logwatch_spool': + path => '/var/lib/check_mk/logwatch', + recurse => true, + matches => '*tapicero.log', + require => [ Exec['kill_tapicero'] ]; + } + + # remove local nagios plugin checks via mrpe + augeas { + 'Tapicero_Procs': + incl => '/etc/check_mk/mrpe.cfg', + lens => 'Spacevars.lns', + changes => 'rm /files/etc/check_mk/mrpe.cfg/Tapicero_Procs', + require => File['/etc/check_mk/mrpe.cfg']; + 'Tapicero_Heartbeat': + incl => '/etc/check_mk/mrpe.cfg', + lens => 'Spacevars.lns', + changes => 'rm Tapicero_Heartbeat', + require => File['/etc/check_mk/mrpe.cfg']; + } + +} diff --git a/puppet/modules/site_config/manifests/remove_files.pp b/puppet/modules/site_config/manifests/remove_files.pp deleted file mode 100644 index 07487d6a..00000000 --- a/puppet/modules/site_config/manifests/remove_files.pp +++ /dev/null @@ -1,81 +0,0 @@ -# -# Sometimes when we upgrade the platform, we need to ensure that files that -# the platform previously created will get removed. -# -# These file removals don't need to be kept forever: we only need to remove -# files that are present in the prior platform release. -# -# We can assume that the every node is upgraded from the previous platform -# release. -# - -class site_config::remove_files { - - # - # Platform 0.8 removals - # - - tidy { - '/etc/apache/sites-enabled/leap_webapp.conf': - notify => Service['apache']; - } - - - # - # Platform 0.7 removals - # - - tidy { - '/etc/rsyslog.d/99-tapicero.conf':; - '/etc/rsyslog.d/99-leap-mx.conf':; - '/etc/rsyslog.d/01-webapp.conf':; - '/etc/rsyslog.d/50-stunnel.conf':; - '/etc/logrotate.d/mx':; - '/etc/logrotate.d/stunnel':; - '/var/log/stunnel4/stunnel.log':; - 'leap_mx': - path => '/var/log/', - recurse => true, - matches => 'leap_mx*'; - '/srv/leap/webapp/public/provider.json':; - '/srv/leap/couchdb/designs/tmp_users': - recurse => true, - rmdirs => true; - '/etc/leap/soledad-server.conf':; - } - - if member($::services, 'webapp') { - tidy { - '/etc/apache/sites-enabled/leap_webapp.conf': - notify => Service['apache']; - } - } - - # leax-mx logged to /var/log/leap_mx.log in the past - # we need to use a dumb exec here because file_line doesn't - # allow removing lines that match a regex in the current version - # of stdlib, see https://tickets.puppetlabs.com/browse/MODULES-1903 - exec { 'rm_old_leap_mx_log_destination': - command => "/bin/sed -i '/leap_mx.log/d' /etc/check_mk/logwatch.state", - onlyif => "/bin/grep -qe 'leap_mx.log' /etc/check_mk/logwatch.state" - } - - # Don't use check_mk logwatch to watch bigcouch logs anymore - # see https://leap.se/code/issues/7375 for more details - file { '/etc/check_mk/logwatch.d/bigcouch.cfg': - ensure => absent, - notify => [ - Exec['remove_bigcouch_logwatch_spoolfiles'], - Exec['remove_bigcouch_logwatch_stateline'] - ] - } - # remove leftover bigcouch logwatch spool files - exec { 'remove_bigcouch_logwatch_spoolfiles': - command => 'find /var/lib/check_mk/logwatch -name \'\\opt\\bigcouch\\var\\log\\bigcouch.log\' -exec rm {} \;', - refreshonly => true, - } - exec { 'remove_bigcouch_logwatch_stateline': - command => "sed -i '/bigcouch.log/d' /etc/check_mk/logwatch.state", - refreshonly => true, - } -} -- cgit v1.2.3 From b1e50fc76ddece9944ae253da9bacd485ffea84b Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 6 Oct 2015 13:23:56 +0200 Subject: [feat] Remove tapicero from more places Remove from: - platform white-box tests (couchdb user ACLs, tapicero daemon test) - provider_base/ dir that handles the compilation of the hiera config file - Resolves: #7501 --- puppet/modules/site_config/manifests/remove/tapicero.pp | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/remove/tapicero.pp b/puppet/modules/site_config/manifests/remove/tapicero.pp index 765f7428..497cf8b2 100644 --- a/puppet/modules/site_config/manifests/remove/tapicero.pp +++ b/puppet/modules/site_config/manifests/remove/tapicero.pp @@ -32,12 +32,14 @@ class site_config::remove::tapicero { recurse => true, matches => 'tapicero*', require => [ Exec['kill_tapicero'] ]; - '/etc/check_mk/logwatch.d/tapicero.cfg':; + '/etc/check_mk/logwatch.d/tapicero.cfg': + notify => Exec['check_mk-refresh']; 'checkmk_logwatch_spool': path => '/var/lib/check_mk/logwatch', recurse => true, matches => '*tapicero.log', - require => [ Exec['kill_tapicero'] ]; + require => Exec['kill_tapicero'], + notify => Exec['check_mk-refresh']; } # remove local nagios plugin checks via mrpe @@ -46,12 +48,14 @@ class site_config::remove::tapicero { incl => '/etc/check_mk/mrpe.cfg', lens => 'Spacevars.lns', changes => 'rm /files/etc/check_mk/mrpe.cfg/Tapicero_Procs', - require => File['/etc/check_mk/mrpe.cfg']; + require => File['/etc/check_mk/mrpe.cfg'], + notify => Exec['check_mk-refresh']; 'Tapicero_Heartbeat': incl => '/etc/check_mk/mrpe.cfg', lens => 'Spacevars.lns', changes => 'rm Tapicero_Heartbeat', - require => File['/etc/check_mk/mrpe.cfg']; + require => File['/etc/check_mk/mrpe.cfg'], + notify => Exec['check_mk-refresh']; } } -- cgit v1.2.3 From 2b0386bee6525dda705152031d7125bc30b65269 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 7 Oct 2015 10:57:24 +0200 Subject: [bug] Fix removal of webapp apache config file Done by including a service-dependend site_config::remove::webapp class. --- puppet/modules/site_config/manifests/remove/files.pp | 17 ----------------- puppet/modules/site_config/manifests/remove/webapp.pp | 7 +++++++ 2 files changed, 7 insertions(+), 17 deletions(-) create mode 100644 puppet/modules/site_config/manifests/remove/webapp.pp (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/remove/files.pp b/puppet/modules/site_config/manifests/remove/files.pp index 66647d31..466f50c8 100644 --- a/puppet/modules/site_config/manifests/remove/files.pp +++ b/puppet/modules/site_config/manifests/remove/files.pp @@ -11,16 +11,6 @@ class site_config::remove::files { - # - # Platform 0.8 removals - # - - tidy { - '/etc/apache/sites-enabled/leap_webapp.conf': - notify => Service['apache']; - } - - # # Platform 0.7 removals # @@ -44,13 +34,6 @@ class site_config::remove::files { '/etc/leap/soledad-server.conf':; } - if member($::services, 'webapp') { - tidy { - '/etc/apache/sites-enabled/leap_webapp.conf': - notify => Service['apache']; - } - } - # leax-mx logged to /var/log/leap_mx.log in the past # we need to use a dumb exec here because file_line doesn't # allow removing lines that match a regex in the current version diff --git a/puppet/modules/site_config/manifests/remove/webapp.pp b/puppet/modules/site_config/manifests/remove/webapp.pp new file mode 100644 index 00000000..58f59815 --- /dev/null +++ b/puppet/modules/site_config/manifests/remove/webapp.pp @@ -0,0 +1,7 @@ +# remove leftovers on webapp nodes +class site_config::remove::webapp { + tidy { + '/etc/apache/sites-enabled/leap_webapp.conf': + notify => Service['apache']; + } +} -- cgit v1.2.3 From 89f609c97e43b06403706b81caf7a1c3e116bdf8 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 7 Oct 2015 11:17:11 +0200 Subject: [bug] Fix missing dependency (tapicero leftovers) We need to remove local check-mk-agent checks on the tapicero nodes, and want to notify the monitoring server to re-inventarize the local checks. This doesn't work when both services run on different hosts, it will fail with: Could not find dependent Exec[check_mk-refresh] for Tidy[checkmk_logwatch_spool] So i remove the notifies, because we will re-inventarize of local checks by a daily cronjob anyway, see #6873. ... - Resolves: #XYZ - Related: #XYZ - Documentation: #XYZ - Releases: XYZ --- puppet/modules/site_config/manifests/remove/tapicero.pp | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/remove/tapicero.pp b/puppet/modules/site_config/manifests/remove/tapicero.pp index 497cf8b2..edb4e393 100644 --- a/puppet/modules/site_config/manifests/remove/tapicero.pp +++ b/puppet/modules/site_config/manifests/remove/tapicero.pp @@ -32,14 +32,12 @@ class site_config::remove::tapicero { recurse => true, matches => 'tapicero*', require => [ Exec['kill_tapicero'] ]; - '/etc/check_mk/logwatch.d/tapicero.cfg': - notify => Exec['check_mk-refresh']; + '/etc/check_mk/logwatch.d/tapicero.cfg':; 'checkmk_logwatch_spool': path => '/var/lib/check_mk/logwatch', recurse => true, matches => '*tapicero.log', require => Exec['kill_tapicero'], - notify => Exec['check_mk-refresh']; } # remove local nagios plugin checks via mrpe @@ -48,14 +46,12 @@ class site_config::remove::tapicero { incl => '/etc/check_mk/mrpe.cfg', lens => 'Spacevars.lns', changes => 'rm /files/etc/check_mk/mrpe.cfg/Tapicero_Procs', - require => File['/etc/check_mk/mrpe.cfg'], - notify => Exec['check_mk-refresh']; + require => File['/etc/check_mk/mrpe.cfg']; 'Tapicero_Heartbeat': incl => '/etc/check_mk/mrpe.cfg', lens => 'Spacevars.lns', changes => 'rm Tapicero_Heartbeat', - require => File['/etc/check_mk/mrpe.cfg'], - notify => Exec['check_mk-refresh']; + require => File['/etc/check_mk/mrpe.cfg']; } } -- cgit v1.2.3 From 19e5d23e3fe34199265117e033acfabc3cff9109 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 12 Oct 2015 16:30:58 +0200 Subject: [feat] Remove tapicero couchdb user - Resolves: #7514 --- puppet/modules/site_config/manifests/remove.pp | 1 - .../site_config/manifests/remove/monitoring.pp | 10 +++++++++ .../site_config/manifests/remove/tapicero.pp | 24 ++++++++++++++++------ 3 files changed, 28 insertions(+), 7 deletions(-) create mode 100644 puppet/modules/site_config/manifests/remove/monitoring.pp (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/remove.pp b/puppet/modules/site_config/manifests/remove.pp index 00502c0a..b1ad1a2b 100644 --- a/puppet/modules/site_config/manifests/remove.pp +++ b/puppet/modules/site_config/manifests/remove.pp @@ -1,5 +1,4 @@ # remove leftovers from previous deploys class site_config::remove { include site_config::remove::files - include site_config::remove::tapicero } diff --git a/puppet/modules/site_config/manifests/remove/monitoring.pp b/puppet/modules/site_config/manifests/remove/monitoring.pp new file mode 100644 index 00000000..d7095597 --- /dev/null +++ b/puppet/modules/site_config/manifests/remove/monitoring.pp @@ -0,0 +1,10 @@ +# remove leftovers on monitoring nodes +class site_config::remove::monitoring { + + tidy { + 'checkmk_logwatch_spool': + path => '/var/lib/check_mk/logwatch', + recurse => true, + matches => '*tapicero.log' + } +} diff --git a/puppet/modules/site_config/manifests/remove/tapicero.pp b/puppet/modules/site_config/manifests/remove/tapicero.pp index edb4e393..4ce972d0 100644 --- a/puppet/modules/site_config/manifests/remove/tapicero.pp +++ b/puppet/modules/site_config/manifests/remove/tapicero.pp @@ -1,6 +1,23 @@ -# remove tapicero leftovers from previous deploys +# remove tapicero leftovers from previous deploys on couchdb nodes class site_config::remove::tapicero { + # remove tapicero couchdb user + $couchdb_config = hiera('couch') + $couchdb_mode = $couchdb_config['mode'] + + if $couchdb_mode == 'multimaster' + { + $port = 5986 + } else { + $port = 5984 + } + + exec { 'remove_couchdb_user': + onlyif => "/usr/bin/curl -s 127.0.0.1:${port}/_users/org.couchdb.user:tapicero | grep -qv 'not_found'", + command => "/usr/local/bin/couch-doc-update --host 127.0.0.1:${port} --db _users --id org.couchdb.user:tapicero --delete" + } + + exec { 'kill_tapicero': onlyif => '/usr/bin/test -s /var/run/tapicero.pid', command => '/usr/bin/pkill --pidfile /var/run/tapicero.pid' @@ -33,11 +50,6 @@ class site_config::remove::tapicero { matches => 'tapicero*', require => [ Exec['kill_tapicero'] ]; '/etc/check_mk/logwatch.d/tapicero.cfg':; - 'checkmk_logwatch_spool': - path => '/var/lib/check_mk/logwatch', - recurse => true, - matches => '*tapicero.log', - require => Exec['kill_tapicero'], } # remove local nagios plugin checks via mrpe -- cgit v1.2.3 From e97a9d3800b173375a630e18e4b1aa0894eb96e1 Mon Sep 17 00:00:00 2001 From: Micah Date: Tue, 20 Oct 2015 17:14:21 -0400 Subject: Add basic DKIM support, this requires changes in leap_cli detailed in issue #5924 Change-Id: I6aa1e7751633407d441cbc6436d8426d37dbbfa7 --- puppet/modules/site_config/manifests/x509/dkim/key.pp | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 puppet/modules/site_config/manifests/x509/dkim/key.pp (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/x509/dkim/key.pp b/puppet/modules/site_config/manifests/x509/dkim/key.pp new file mode 100644 index 00000000..c63a7e94 --- /dev/null +++ b/puppet/modules/site_config/manifests/x509/dkim/key.pp @@ -0,0 +1,13 @@ +class site_config::x509::dkim::key { + + ## + ## This is for the DKIM key that is used exclusively for DKIM + ## signing + + $x509 = hiera('x509') + $key = $x509['dkim_key'] + + x509::key { 'dkim': + content => $key + } +} -- cgit v1.2.3 From fe82eaa1b9e9fa0add343ab8f192a88092d676be Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 3 Nov 2015 19:16:18 +0100 Subject: [feat] Don't manually install compiler packages These packages are a dependency of build-essential and will get installed anyway. - Related: #6920 --- puppet/modules/site_config/manifests/packages/build_essential.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/packages/build_essential.pp b/puppet/modules/site_config/manifests/packages/build_essential.pp index 7dfb8b03..8f3b2641 100644 --- a/puppet/modules/site_config/manifests/packages/build_essential.pp +++ b/puppet/modules/site_config/manifests/packages/build_essential.pp @@ -4,8 +4,8 @@ class site_config::packages::build_essential { if !defined(Package['build-essential']) { package { - ['build-essential', 'g++', 'g++-4.7', 'gcc', 'gcc-4.6', 'gcc-4.7', 'cpp', 'cpp-4.6', 'cpp-4.7', 'libc6-dev']: + ['build-essential', 'cpp']: ensure => present } } -} \ No newline at end of file +} -- cgit v1.2.3 From 0307cc047f253a18a36a23cb128b862e113bf414 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 5 Nov 2015 13:36:01 +0100 Subject: [bug] [jessie] Don't specify ruby versions because ruby-1.9.3 is not available on jessie. - Related: #6920 --- puppet/modules/site_config/manifests/ruby.pp | 12 +++--------- puppet/modules/site_config/manifests/ruby/dev.pp | 2 +- 2 files changed, 4 insertions(+), 10 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/ruby.pp b/puppet/modules/site_config/manifests/ruby.pp index 2a720114..5c13233d 100644 --- a/puppet/modules/site_config/manifests/ruby.pp +++ b/puppet/modules/site_config/manifests/ruby.pp @@ -1,14 +1,8 @@ +# install ruby, rubygems and bundler +# configure ruby settings common to all servers class site_config::ruby { Class[Ruby] -> Class[rubygems] -> Class[bundler::install] - class { '::ruby': ruby_version => '1.9.3' } + class { '::ruby': } class { 'bundler::install': install_method => 'package' } include rubygems } - - -# -# Ruby settings common to all servers -# -# Why this way? So that other classes can do 'include site_ruby' without creating redeclaration errors. -# See https://puppetlabs.com/blog/modeling-class-composition-with-parameterized-classes/ -# diff --git a/puppet/modules/site_config/manifests/ruby/dev.pp b/puppet/modules/site_config/manifests/ruby/dev.pp index 3ea6ca96..e6eb2f8a 100644 --- a/puppet/modules/site_config/manifests/ruby/dev.pp +++ b/puppet/modules/site_config/manifests/ruby/dev.pp @@ -1,6 +1,6 @@ +# install ruby dev packages needed for building some gems class site_config::ruby::dev inherits site_config::ruby { Class['::ruby'] { - ruby_version => '1.9.3', install_dev => true } # building gems locally probably requires build-essential and gcc: -- cgit v1.2.3 From 4f858d2e2919f6acea4c1b9de91bd5a594eaa292 Mon Sep 17 00:00:00 2001 From: Micah Date: Thu, 19 Nov 2015 11:52:31 -0500 Subject: Cleanup old leap mx logs that may appear on some nodes due to how things were logged before Change-Id: Ief95f35ea52a189075c2eda28c00bcc567c464b2 --- puppet/modules/site_config/manifests/remove/files.pp | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/remove/files.pp b/puppet/modules/site_config/manifests/remove/files.pp index 466f50c8..06c26772 100644 --- a/puppet/modules/site_config/manifests/remove/files.pp +++ b/puppet/modules/site_config/manifests/remove/files.pp @@ -27,6 +27,13 @@ class site_config::remove::files { path => '/var/log/', recurse => true, matches => 'leap_mx*'; + # We rotate 5 logs, so we should only have mx.log, mx.log.[1-5], with an + # optional .gz suffix. The following will remove any logs that are out + # of this range + 'leap_mx_rotate': + path => '/var/log/leap/', + recurse => true, + matches => [ 'mx.log.[6-9](.gz)?', 'mx.log.[0-9][0-9]']; '/srv/leap/webapp/public/provider.json':; '/srv/leap/couchdb/designs/tmp_users': recurse => true, -- cgit v1.2.3 From 6da164bdd235f81d226714e37d52735f5c4cf1e6 Mon Sep 17 00:00:00 2001 From: Micah Date: Thu, 19 Nov 2015 09:13:08 -0500 Subject: Switch to syslog for leap_mx (#6942) In order to switch to syslog for leap_mx, leap_mx needs to change to log to syslog (#6307 and #6937), and we need to clean up the platform pieces that set the non-syslog options, and rotated log files (#6942). Hopefully, this will solve the leap_mx logrotation issue at the same time (#7058) Change-Id: If68f808a65c24c91231b88d15759809c9e379294 --- puppet/modules/site_config/manifests/remove/files.pp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/remove/files.pp b/puppet/modules/site_config/manifests/remove/files.pp index 06c26772..67171259 100644 --- a/puppet/modules/site_config/manifests/remove/files.pp +++ b/puppet/modules/site_config/manifests/remove/files.pp @@ -11,6 +11,12 @@ class site_config::remove::files { + # Platform 0.8 removals + tidy { + '/etc/default/leap_mx':; + '/etc/logrotate.d/leap-mx':; + } + # # Platform 0.7 removals # @@ -20,7 +26,6 @@ class site_config::remove::files { '/etc/rsyslog.d/99-leap-mx.conf':; '/etc/rsyslog.d/01-webapp.conf':; '/etc/rsyslog.d/50-stunnel.conf':; - '/etc/logrotate.d/mx':; '/etc/logrotate.d/stunnel':; '/var/log/stunnel4/stunnel.log':; 'leap_mx': -- cgit v1.2.3 From b383a34e7ae0f988bf942bd033d8795bd8ea71ac Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 9 Dec 2015 16:43:26 +0100 Subject: [feat] Remove puppet run stages To reduce complexity, let's get rid of run stages. We used them earlier but they seem to have no purpose anymore. There was two stage leftovers: - `site_config::slow` did an `apt-get dist-upgrade` in the `setup` stage - `site_config::setup` did call the `site_config::hosts` class in the `setup` stage I checked for dependencies to to those resources, and it looks good, i tested by triggering a citest. From https://docs.puppetlabs.com/puppet/latest/reference/lang_run_stages.html#limitations-and-known-issues: ``` Due to these limitations, stages should only be used with the simplest of classes, and only when absolutely necessary. Mass dependencies like package repositories are effectively the only valid use case. ``` --- puppet/modules/site_config/manifests/setup.pp | 8 +++++--- puppet/modules/site_config/manifests/slow.pp | 7 ++++--- 2 files changed, 9 insertions(+), 6 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/setup.pp b/puppet/modules/site_config/manifests/setup.pp index b09d0413..dba5fa14 100644 --- a/puppet/modules/site_config/manifests/setup.pp +++ b/puppet/modules/site_config/manifests/setup.pp @@ -1,3 +1,7 @@ +# common things to set up on every node +# leftover from the past, where we did two puppetruns +# after another. We should consolidate this into site_config::default +# in the future. class site_config::setup { tag 'leap_base' @@ -13,9 +17,7 @@ class site_config::setup { include stdlib # configure /etc/hosts - class { 'site_config::hosts': - stage => setup, - } + class { 'site_config::hosts': } include site_config::initial_firewall diff --git a/puppet/modules/site_config/manifests/slow.pp b/puppet/modules/site_config/manifests/slow.pp index 94bac88d..3650eb19 100644 --- a/puppet/modules/site_config/manifests/slow.pp +++ b/puppet/modules/site_config/manifests/slow.pp @@ -1,6 +1,7 @@ +# this class is run by default, but can be excluded +# for testing purposes by calling "leap deploy" with +# the "--fast" parameter class site_config::slow { tag 'leap_slow' - class { 'site_apt::dist_upgrade': - stage => setup, - } + class { 'site_apt::dist_upgrade': } } -- cgit v1.2.3 From d7ff99a1e8dfc5665f1bb94bc6bf4b369ea3a1ec Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 10 Dec 2015 17:59:54 +0100 Subject: [feat] Dont remove nfs client on local vagrant nodes --- puppet/modules/site_config/manifests/packages/base.pp | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/packages/base.pp b/puppet/modules/site_config/manifests/packages/base.pp index c23495fc..b53a9364 100644 --- a/puppet/modules/site_config/manifests/packages/base.pp +++ b/puppet/modules/site_config/manifests/packages/base.pp @@ -8,12 +8,18 @@ class site_config::packages::base { } # base set of packages that we want to remove everywhere - package { [ 'acpi', 'eject', 'ftp', - 'laptop-detect', 'lpr', 'nfs-common', 'nfs-kernel-server', - 'portmap', 'pppconfig', 'pppoe', 'pump', 'qstat', 'rpcbind', + package { [ 'acpi', 'eject', 'ftp', 'laptop-detect', 'lpr', + 'portmap', 'pppconfig', 'pppoe', 'pump', 'qstat', 'samba-common', 'samba-common-bin', 'smbclient', 'tcl8.5', 'tk8.5', 'os-prober', 'unzip', 'xauth', 'x11-common', 'x11-utils', 'xterm' ]: ensure => absent; } + + notice($::site_config::params::environment) + if $::site_config::params::environment != 'local' { + package { [ 'nfs-common', 'nfs-kernel-server', 'rpcbind' ]: + ensure => purged; + } + } } -- cgit v1.2.3 From 73624f1e87974ab71b5d8e44073347725e492e5c Mon Sep 17 00:00:00 2001 From: Micah Date: Thu, 10 Dec 2015 15:55:57 -0500 Subject: Have leap-mx log with the process name 'leap-mx', but log to /var/log/leap/mx.log, and clean up the files associated with the previous configuration (#7691) Change-Id: Id08c97980292968e8e89f128afb5fa78bda30069 --- puppet/modules/site_config/manifests/remove/files.pp | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/remove/files.pp b/puppet/modules/site_config/manifests/remove/files.pp index 67171259..077381e1 100644 --- a/puppet/modules/site_config/manifests/remove/files.pp +++ b/puppet/modules/site_config/manifests/remove/files.pp @@ -14,7 +14,7 @@ class site_config::remove::files { # Platform 0.8 removals tidy { '/etc/default/leap_mx':; - '/etc/logrotate.d/leap-mx':; + '/etc/logrotate.d/mx':; } # @@ -23,7 +23,6 @@ class site_config::remove::files { tidy { '/etc/rsyslog.d/99-tapicero.conf':; - '/etc/rsyslog.d/99-leap-mx.conf':; '/etc/rsyslog.d/01-webapp.conf':; '/etc/rsyslog.d/50-stunnel.conf':; '/etc/logrotate.d/stunnel':; @@ -32,13 +31,10 @@ class site_config::remove::files { path => '/var/log/', recurse => true, matches => 'leap_mx*'; - # We rotate 5 logs, so we should only have mx.log, mx.log.[1-5], with an - # optional .gz suffix. The following will remove any logs that are out - # of this range - 'leap_mx_rotate': + 'mx': path => '/var/log/leap/', recurse => true, - matches => [ 'mx.log.[6-9](.gz)?', 'mx.log.[0-9][0-9]']; + matches => 'mx.log*'; '/srv/leap/webapp/public/provider.json':; '/srv/leap/couchdb/designs/tmp_users': recurse => true, -- cgit v1.2.3 From 1241fb2f62733b8b8b561f9746505f23cd81e3be Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 8 Jan 2016 12:12:07 +0100 Subject: [bug] Make /etc/leap world-readable Under jessie, leap-mx is started by systemd now, not as a forked proc by twistd anymore. Therefore leap-mx (the user the mx proc runs as) needs direct access to it's config file under /etc/leap/mx.conf. Before, twistd would start as root, read the config and then fork an mx proc as unprivileged leap-mx user. - Tested: [quetzal] - Resolves: #7782 --- puppet/modules/site_config/manifests/files.pp | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/files.pp b/puppet/modules/site_config/manifests/files.pp index 684d3ad0..d2ef8a98 100644 --- a/puppet/modules/site_config/manifests/files.pp +++ b/puppet/modules/site_config/manifests/files.pp @@ -1,3 +1,4 @@ +# set up core leap files and directories class site_config::files { file { @@ -7,15 +8,15 @@ class site_config::files { group => 'root', mode => '0711'; - '/var/lib/leap': + [ '/etc/leap', '/var/lib/leap']: ensure => directory, - owner => root, + owner => 'root', group => 'root', mode => '0755'; '/var/log/leap': ensure => directory, - owner => root, + owner => 'root', group => 'adm', mode => '0750'; } -- cgit v1.2.3 From 596f689adf3fbeea70107de3d73333e3e2bbf86d Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 15 Jan 2016 13:03:23 +0100 Subject: linted site_config::syslog --- puppet/modules/site_config/manifests/syslog.pp | 29 ++++++++++++++------------ 1 file changed, 16 insertions(+), 13 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/syslog.pp b/puppet/modules/site_config/manifests/syslog.pp index 83b49c8e..e94ff62f 100644 --- a/puppet/modules/site_config/manifests/syslog.pp +++ b/puppet/modules/site_config/manifests/syslog.pp @@ -1,3 +1,4 @@ +# configure rsyslog on all nodes class site_config::syslog { include site_apt::preferences::rsyslog @@ -15,12 +16,13 @@ action(type="mmanon" ipv4.bits="32" mode="rewrite")' augeas { 'logrotate_leap_deploy': context => '/files/etc/logrotate.d/leap_deploy/rule', - changes => [ 'set file /var/log/leap/deploy.log', - 'set rotate 5', - 'set size 1M', - 'set compress compress', - 'set missingok missingok', - 'set copytruncate copytruncate' ]; + changes => [ + 'set file /var/log/leap/deploy.log', + 'set rotate 5', + 'set size 1M', + 'set compress compress', + 'set missingok missingok', + 'set copytruncate copytruncate' ]; # NOTE: # the puppet_command script requires the option delaycompress @@ -28,12 +30,13 @@ action(type="mmanon" ipv4.bits="32" mode="rewrite")' 'logrotate_leap_deploy_summary': context => '/files/etc/logrotate.d/leap_deploy_summary/rule', - changes => [ 'set file /var/log/leap/deploy-summary.log', - 'set rotate 5', - 'set size 100k', - 'set delaycompress delaycompress', - 'set compress compress', - 'set missingok missingok', - 'set copytruncate copytruncate' ] + changes => [ + 'set file /var/log/leap/deploy-summary.log', + 'set rotate 5', + 'set size 100k', + 'set delaycompress delaycompress', + 'set compress compress', + 'set missingok missingok', + 'set copytruncate copytruncate' ] } } -- cgit v1.2.3 From 6faf628e191a296777f733e928eb35f573afd648 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 15 Jan 2016 13:28:34 +0100 Subject: [bug] Only pin rsyslog debs to backports on wheezy - Resolves: #7802 --- puppet/modules/site_config/manifests/remove.pp | 7 +++++++ puppet/modules/site_config/manifests/remove/jessie.pp | 9 +++++++++ puppet/modules/site_config/manifests/syslog.pp | 8 +++++++- 3 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 puppet/modules/site_config/manifests/remove/jessie.pp (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/remove.pp b/puppet/modules/site_config/manifests/remove.pp index b1ad1a2b..443df9c2 100644 --- a/puppet/modules/site_config/manifests/remove.pp +++ b/puppet/modules/site_config/manifests/remove.pp @@ -1,4 +1,11 @@ # remove leftovers from previous deploys class site_config::remove { include site_config::remove::files + + case $::operatingsystemrelease { + /^8.*/: { + include site_config::remove::jessie + } + default: { } + } } diff --git a/puppet/modules/site_config/manifests/remove/jessie.pp b/puppet/modules/site_config/manifests/remove/jessie.pp new file mode 100644 index 00000000..cbeaae05 --- /dev/null +++ b/puppet/modules/site_config/manifests/remove/jessie.pp @@ -0,0 +1,9 @@ +# remove possible leftovers after upgrading from wheezy to jessie +class site_config::remove::jessie { + + tidy { + '/etc/apt/preferences.d/rsyslog_anon_depends': + notify => Exec['refresh_apt']; + } + +} diff --git a/puppet/modules/site_config/manifests/syslog.pp b/puppet/modules/site_config/manifests/syslog.pp index e94ff62f..c397dc15 100644 --- a/puppet/modules/site_config/manifests/syslog.pp +++ b/puppet/modules/site_config/manifests/syslog.pp @@ -1,7 +1,13 @@ # configure rsyslog on all nodes class site_config::syslog { - include site_apt::preferences::rsyslog + # only pin rsyslog packages to backports on wheezy + case $::operatingsystemrelease { + /^7.*/: { + include site_apt::preferences::rsyslog + } + default: { } + } class { 'rsyslog::client': log_remote => false, -- cgit v1.2.3 From ed2f050ca4474089bef9ba57d5d91d49ff37add0 Mon Sep 17 00:00:00 2001 From: Micah Date: Tue, 19 Jan 2016 11:09:56 -0500 Subject: Ensure curl is installed before it is called (#7803) Change-Id: Iedd464a397e9944159991241cd84caad6a2a40d6 --- puppet/modules/site_config/manifests/remove/tapicero.pp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/remove/tapicero.pp b/puppet/modules/site_config/manifests/remove/tapicero.pp index 4ce972d0..07c3c6c6 100644 --- a/puppet/modules/site_config/manifests/remove/tapicero.pp +++ b/puppet/modules/site_config/manifests/remove/tapicero.pp @@ -1,6 +1,8 @@ # remove tapicero leftovers from previous deploys on couchdb nodes class site_config::remove::tapicero { + ensure_packages('curl') + # remove tapicero couchdb user $couchdb_config = hiera('couch') $couchdb_mode = $couchdb_config['mode'] @@ -14,7 +16,8 @@ class site_config::remove::tapicero { exec { 'remove_couchdb_user': onlyif => "/usr/bin/curl -s 127.0.0.1:${port}/_users/org.couchdb.user:tapicero | grep -qv 'not_found'", - command => "/usr/local/bin/couch-doc-update --host 127.0.0.1:${port} --db _users --id org.couchdb.user:tapicero --delete" + command => "/usr/local/bin/couch-doc-update --host 127.0.0.1:${port} --db _users --id org.couchdb.user:tapicero --delete", + require => Package['curl'] } -- cgit v1.2.3 From 935a5e884dc468da2b9ec724638f1c55a8f74e85 Mon Sep 17 00:00:00 2001 From: Micah Date: Tue, 19 Jan 2016 15:49:50 -0500 Subject: Swiss privacy foundation nameserver is not responding, switch secondary fall-back to an OpenNIC resolver that does not log (#7781) Change-Id: I290321927c8188c82e95e2cd4b93cd01bd2258c2 --- puppet/modules/site_config/manifests/resolvconf.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/resolvconf.pp b/puppet/modules/site_config/manifests/resolvconf.pp index 05990c67..09f0b405 100644 --- a/puppet/modules/site_config/manifests/resolvconf.pp +++ b/puppet/modules/site_config/manifests/resolvconf.pp @@ -8,7 +8,7 @@ class site_config::resolvconf { nameservers => [ '127.0.0.1 # local caching-only, unbound', '85.214.20.141 # Digitalcourage, a german privacy organisation: (https://en.wikipedia.org/wiki/Digitalcourage)', - '77.109.138.45 # Swiss privacy Foundation (http://www.privacyfoundation.ch/de/service/server.html)' + '172.81.176.146 # OpenNIC (https://servers.opennicproject.org/edit.php?srv=ns1.tor.ca.dns.opennic.glue)' ] } } -- cgit v1.2.3 From 150579fb14716892cc3e4d7d9c0f81b30d56f03a Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 13 Apr 2015 23:16:00 +0200 Subject: restructured site.pp, now only one class gets included in site.pp per service (Bug #6851) Also, moved global Exec{} defaults to site.pp Change-Id: I9ae91b77afde944d2f1312613b9d9030e32239dd --- puppet/modules/site_config/manifests/default.pp | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp index 6b10dc19..4e297026 100644 --- a/puppet/modules/site_config/manifests/default.pp +++ b/puppet/modules/site_config/manifests/default.pp @@ -2,17 +2,15 @@ class site_config::default { tag 'leap_base' - # the logoutput exec parameter defaults to "on_error" in puppet 3, - # but to "false" in puppet 2.7, so we need to set this globally here - Exec<||> { logoutput => on_failure } - $services = hiera('services', []) $domain_hash = hiera('domain') include site_config::params + include site_config::setup # make sure apt is updated before any packages are installed include apt::update Package { require => Exec['apt_updated'] } + include site_config::packages::uninstall include site_config::slow -- cgit v1.2.3 From 8d8a64348df0dcca044316f85ee1757cfceb13b4 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 14 Apr 2015 15:26:54 +0200 Subject: Include site_config::params in all x509 subclasses (#6851) After restructuring site.pp to only include site_config::default and the service-specific classes, we got this: Duplicate declaration: X509::Cert[undef] is already declared in file /srv/leap/puppet/modules/site_config/manifests/x509/commercial/cert.pp at line 8; cannot redeclare at /srv/leap/puppet/modules/site_config/manifests/x509/cert.pp:8 on node rewcitestweb1.rewire.org So i included site_config::params in all site_config::x509 clases. Change-Id: Ib8387abfdc68b36c73a45fd2dd1f3a159eaec4a5 --- puppet/modules/site_config/manifests/x509/ca.pp | 2 ++ puppet/modules/site_config/manifests/x509/ca_bundle.pp | 1 + puppet/modules/site_config/manifests/x509/cert.pp | 2 ++ puppet/modules/site_config/manifests/x509/client_ca/ca.pp | 2 ++ puppet/modules/site_config/manifests/x509/client_ca/key.pp | 2 ++ puppet/modules/site_config/manifests/x509/commercial/ca.pp | 2 ++ puppet/modules/site_config/manifests/x509/commercial/cert.pp | 2 ++ puppet/modules/site_config/manifests/x509/commercial/key.pp | 2 ++ puppet/modules/site_config/manifests/x509/key.pp | 2 ++ 9 files changed, 17 insertions(+) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/x509/ca.pp b/puppet/modules/site_config/manifests/x509/ca.pp index b16d0eeb..2880ecaf 100644 --- a/puppet/modules/site_config/manifests/x509/ca.pp +++ b/puppet/modules/site_config/manifests/x509/ca.pp @@ -1,5 +1,7 @@ class site_config::x509::ca { + include ::site_config::params + $x509 = hiera('x509') $ca = $x509['ca_cert'] diff --git a/puppet/modules/site_config/manifests/x509/ca_bundle.pp b/puppet/modules/site_config/manifests/x509/ca_bundle.pp index 4cbe574a..5808e29e 100644 --- a/puppet/modules/site_config/manifests/x509/ca_bundle.pp +++ b/puppet/modules/site_config/manifests/x509/ca_bundle.pp @@ -5,6 +5,7 @@ class site_config::x509::ca_bundle { # we will want to be able to smoothly phase out one CA and phase in another. # I tried "--capath" for this, but it did not work. + include ::site_config::params $x509 = hiera('x509') $ca = $x509['ca_cert'] diff --git a/puppet/modules/site_config/manifests/x509/cert.pp b/puppet/modules/site_config/manifests/x509/cert.pp index 7ed42959..7e5a36b9 100644 --- a/puppet/modules/site_config/manifests/x509/cert.pp +++ b/puppet/modules/site_config/manifests/x509/cert.pp @@ -1,5 +1,7 @@ class site_config::x509::cert { + include ::site_config::params + $x509 = hiera('x509') $cert = $x509['cert'] diff --git a/puppet/modules/site_config/manifests/x509/client_ca/ca.pp b/puppet/modules/site_config/manifests/x509/client_ca/ca.pp index 0f313898..3fbafa98 100644 --- a/puppet/modules/site_config/manifests/x509/client_ca/ca.pp +++ b/puppet/modules/site_config/manifests/x509/client_ca/ca.pp @@ -5,6 +5,8 @@ class site_config::x509::client_ca::ca { ## client certificates by the webapp. ## + include ::site_config::params + $x509 = hiera('x509') $cert = $x509['client_ca_cert'] diff --git a/puppet/modules/site_config/manifests/x509/client_ca/key.pp b/puppet/modules/site_config/manifests/x509/client_ca/key.pp index f9ef3f52..0b537e76 100644 --- a/puppet/modules/site_config/manifests/x509/client_ca/key.pp +++ b/puppet/modules/site_config/manifests/x509/client_ca/key.pp @@ -5,6 +5,8 @@ class site_config::x509::client_ca::key { ## client certificates by the webapp. ## + include ::site_config::params + $x509 = hiera('x509') $key = $x509['client_ca_key'] diff --git a/puppet/modules/site_config/manifests/x509/commercial/ca.pp b/puppet/modules/site_config/manifests/x509/commercial/ca.pp index 8f35759f..c76a9dbb 100644 --- a/puppet/modules/site_config/manifests/x509/commercial/ca.pp +++ b/puppet/modules/site_config/manifests/x509/commercial/ca.pp @@ -1,5 +1,7 @@ class site_config::x509::commercial::ca { + include ::site_config::params + $x509 = hiera('x509') $ca = $x509['commercial_ca_cert'] diff --git a/puppet/modules/site_config/manifests/x509/commercial/cert.pp b/puppet/modules/site_config/manifests/x509/commercial/cert.pp index 0c71a705..d71d9838 100644 --- a/puppet/modules/site_config/manifests/x509/commercial/cert.pp +++ b/puppet/modules/site_config/manifests/x509/commercial/cert.pp @@ -1,5 +1,7 @@ class site_config::x509::commercial::cert { + include ::site_config::params + $x509 = hiera('x509') $cert = $x509['commercial_cert'] diff --git a/puppet/modules/site_config/manifests/x509/commercial/key.pp b/puppet/modules/site_config/manifests/x509/commercial/key.pp index d32e85ef..2be439fd 100644 --- a/puppet/modules/site_config/manifests/x509/commercial/key.pp +++ b/puppet/modules/site_config/manifests/x509/commercial/key.pp @@ -1,5 +1,7 @@ class site_config::x509::commercial::key { + include ::site_config::params + $x509 = hiera('x509') $key = $x509['commercial_key'] diff --git a/puppet/modules/site_config/manifests/x509/key.pp b/puppet/modules/site_config/manifests/x509/key.pp index 32b59726..448dc6a6 100644 --- a/puppet/modules/site_config/manifests/x509/key.pp +++ b/puppet/modules/site_config/manifests/x509/key.pp @@ -1,5 +1,7 @@ class site_config::x509::key { + include ::site_config::params + $x509 = hiera('x509') $key = $x509['key'] -- cgit v1.2.3 From 69d2549a8b3b670b10d0efe079bcbc4ba066907d Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 22 Jan 2016 17:05:26 +0100 Subject: [bug] refactor build-essential package installation In certain node setups, the webapp gems cannot get built because `build-essential` and dependent packages were not present. I refactored the `site_config::packages::build_essential` class, which now inherits `site_config::packages`. The latter class removes all unneccessary (development) packages, but when the `site_config::packages::build_essential` class is included, some dev packages are overridden to be installed. - Tested: [local] - Resolves: #7834 --- puppet/modules/site_config/manifests/default.pp | 6 +++-- puppet/modules/site_config/manifests/packages.pp | 31 ++++++++++++++++++++++ .../modules/site_config/manifests/packages/base.pp | 25 ----------------- .../manifests/packages/build_essential.pp | 25 ++++++++++++++--- .../site_config/manifests/packages/uninstall.pp | 16 ----------- 5 files changed, 56 insertions(+), 47 deletions(-) create mode 100644 puppet/modules/site_config/manifests/packages.pp delete mode 100644 puppet/modules/site_config/manifests/packages/base.pp delete mode 100644 puppet/modules/site_config/manifests/packages/uninstall.pp (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp index 4e297026..7a2a0a79 100644 --- a/puppet/modules/site_config/manifests/default.pp +++ b/puppet/modules/site_config/manifests/default.pp @@ -10,7 +10,6 @@ class site_config::default { # make sure apt is updated before any packages are installed include apt::update Package { require => Exec['apt_updated'] } - include site_config::packages::uninstall include site_config::slow @@ -28,7 +27,10 @@ class site_config::default { # i.e. openstack/aws nodes, vagrant nodes # fix dhclient from changing resolver information + # facter returns 'true' as string + # lint:ignore:quoted_booleans if $::dhcp_enabled == 'true' { + # lint:endignore include site_config::dhclient } @@ -45,7 +47,7 @@ class site_config::default { include haveged # install/remove base packages - include site_config::packages::base + include site_config::packages # include basic shorewall config include site_shorewall::defaults diff --git a/puppet/modules/site_config/manifests/packages.pp b/puppet/modules/site_config/manifests/packages.pp new file mode 100644 index 00000000..4cd45bc9 --- /dev/null +++ b/puppet/modules/site_config/manifests/packages.pp @@ -0,0 +1,31 @@ +# install default packages and remove unwanted packages +class site_config::packages { + + + # base set of packages that we want to have installed everywhere + package { [ 'etckeeper', 'screen', 'less', 'ntp' ]: + ensure => installed, + } + + # base set of packages that we want to remove everywhere + package { [ + 'acpi', 'build-essential', + 'cpp', 'cpp-4.6', 'cpp-4.7', 'cpp-4.8', 'cpp-4.9', + 'eject', 'ftp', + 'g++', 'g++-4.6', 'g++-4.7', 'g++-4.8', 'g++-4.9', + 'gcc', 'gcc-4.6', 'gcc-4.7', 'gcc-4.8', 'gcc-4.9', + 'laptop-detect', 'libc6-dev', 'libssl-dev', 'lpr', 'make', 'portmap', + 'pppconfig', 'pppoe', 'pump', 'qstat', + 'samba-common', 'samba-common-bin', 'smbclient', + 'tcl8.5', 'tk8.5', 'os-prober', 'unzip', 'xauth', 'x11-common', + 'x11-utils', 'xterm' ]: + ensure => purged; + } + + notice($::site_config::params::environment) + if $::site_config::params::environment != 'local' { + package { [ 'nfs-common', 'nfs-kernel-server', 'rpcbind' ]: + ensure => purged; + } + } +} diff --git a/puppet/modules/site_config/manifests/packages/base.pp b/puppet/modules/site_config/manifests/packages/base.pp deleted file mode 100644 index b53a9364..00000000 --- a/puppet/modules/site_config/manifests/packages/base.pp +++ /dev/null @@ -1,25 +0,0 @@ -# install default packages and remove unwanted packages -class site_config::packages::base { - - - # base set of packages that we want to have installed everywhere - package { [ 'etckeeper', 'screen', 'less', 'ntp' ]: - ensure => installed, - } - - # base set of packages that we want to remove everywhere - package { [ 'acpi', 'eject', 'ftp', 'laptop-detect', 'lpr', - 'portmap', 'pppconfig', 'pppoe', 'pump', 'qstat', - 'samba-common', 'samba-common-bin', 'smbclient', 'tcl8.5', - 'tk8.5', 'os-prober', 'unzip', 'xauth', 'x11-common', - 'x11-utils', 'xterm' ]: - ensure => absent; - } - - notice($::site_config::params::environment) - if $::site_config::params::environment != 'local' { - package { [ 'nfs-common', 'nfs-kernel-server', 'rpcbind' ]: - ensure => purged; - } - } -} diff --git a/puppet/modules/site_config/manifests/packages/build_essential.pp b/puppet/modules/site_config/manifests/packages/build_essential.pp index 8f3b2641..2b3e13b9 100644 --- a/puppet/modules/site_config/manifests/packages/build_essential.pp +++ b/puppet/modules/site_config/manifests/packages/build_essential.pp @@ -1,11 +1,28 @@ # # include this whenever you want to ensure build-essential package and related compilers are installed. # -class site_config::packages::build_essential { - if !defined(Package['build-essential']) { - package { - ['build-essential', 'cpp']: +class site_config::packages::build_essential inherits ::site_config::packages { + + # NICKSERVER CODE NOTE: in order to support TLS, libssl-dev must be installed + # before EventMachine gem is built/installed. + Package[ 'gcc', 'make', 'g++', 'cpp', 'libssl-dev', 'libc6-dev' ] { + ensure => present + } + + case $::operatingsystemrelease { + /^8.*/: { + Package[ 'gcc-4.9','g++-4.9', 'cpp-4.9' ] { + ensure => present + } + } + + /^7.*/: { + Package[ 'gcc-4.7','g++-4.7', 'cpp-4.7' ] { ensure => present + } } + + default: { } } + } diff --git a/puppet/modules/site_config/manifests/packages/uninstall.pp b/puppet/modules/site_config/manifests/packages/uninstall.pp deleted file mode 100644 index 12f527d9..00000000 --- a/puppet/modules/site_config/manifests/packages/uninstall.pp +++ /dev/null @@ -1,16 +0,0 @@ -# -# Uninstall build-essential and compilers, unless they have been explicitly installed elsewhere. -# -class site_config::packages::uninstall { - tag 'leap_base' - - # generally, dev packages are needed for installing ruby gems with native extensions. - # (nickserver, webapp, etc) - - if !defined(Package['build-essential']) { - package { - ['build-essential', 'g++', 'g++-4.7', 'gcc', 'gcc-4.6', 'gcc-4.7', 'cpp', 'cpp-4.6', 'cpp-4.7', 'libc6-dev']: - ensure => purged - } - } -} \ No newline at end of file -- cgit v1.2.3 From 28a369a77e198105b4a892a2d0d92ea43f8046d0 Mon Sep 17 00:00:00 2001 From: varac Date: Sat, 23 Jan 2016 00:31:20 +0100 Subject: [feat] Don't remove portmap on vagrant Vagrant uses portmap and nfs-common for mounting shared folders using nfs. --- puppet/modules/site_config/manifests/packages.pp | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/packages.pp b/puppet/modules/site_config/manifests/packages.pp index 4cd45bc9..140189a4 100644 --- a/puppet/modules/site_config/manifests/packages.pp +++ b/puppet/modules/site_config/manifests/packages.pp @@ -14,7 +14,7 @@ class site_config::packages { 'eject', 'ftp', 'g++', 'g++-4.6', 'g++-4.7', 'g++-4.8', 'g++-4.9', 'gcc', 'gcc-4.6', 'gcc-4.7', 'gcc-4.8', 'gcc-4.9', - 'laptop-detect', 'libc6-dev', 'libssl-dev', 'lpr', 'make', 'portmap', + 'laptop-detect', 'libc6-dev', 'libssl-dev', 'lpr', 'make', 'pppconfig', 'pppoe', 'pump', 'qstat', 'samba-common', 'samba-common-bin', 'smbclient', 'tcl8.5', 'tk8.5', 'os-prober', 'unzip', 'xauth', 'x11-common', @@ -22,9 +22,10 @@ class site_config::packages { ensure => purged; } - notice($::site_config::params::environment) - if $::site_config::params::environment != 'local' { - package { [ 'nfs-common', 'nfs-kernel-server', 'rpcbind' ]: + # leave a few packages installed on local environments + # vagrant i.e. needs them for mounting shared folders + if $::site_config::params::environment != 'local' { + package { [ 'nfs-common', 'nfs-kernel-server', 'rpcbind', 'portmap' ]: ensure => purged; } } -- cgit v1.2.3 From 38e1003186ca194c75b87fdb8898304556d89a7a Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 22 Jan 2016 23:52:58 +0100 Subject: [bug] Use ruby::devel to install ruby-dev deb Ruby itself is a parameterized class, and parameters cannot get overridden (see https://projects.puppetlabs.com/issues/9259). The webapp node didn't install the ruby-dev package (we never noticed because our vagrant images as probably other debian images had ruby-dev preinstalled). We now use the ruby::devel class to install ruby-dev. - Tested: [citest-jessie] - Resolves: #7838 --- puppet/modules/site_config/manifests/ruby/dev.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/ruby/dev.pp b/puppet/modules/site_config/manifests/ruby/dev.pp index e6eb2f8a..2b0b106d 100644 --- a/puppet/modules/site_config/manifests/ruby/dev.pp +++ b/puppet/modules/site_config/manifests/ruby/dev.pp @@ -1,8 +1,8 @@ # install ruby dev packages needed for building some gems -class site_config::ruby::dev inherits site_config::ruby { - Class['::ruby'] { - install_dev => true - } +class site_config::ruby::dev { + include site_config::ruby + include ::ruby::devel + # building gems locally probably requires build-essential and gcc: include site_config::packages::build_essential } -- cgit v1.2.3 From 982f8b6ce9c470366f967f3ad8fece2a673db59d Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 25 Jan 2016 12:07:11 +0100 Subject: [feat] Move bigcouch removals to own class We now include "site_config::remove::bigcouch" in class "site_couchdb::master", which sets up plain couchdb. --- .../site_config/manifests/remove/bigcouch.pp | 22 ++++++++++++++++++++++ .../modules/site_config/manifests/remove/files.pp | 18 ------------------ 2 files changed, 22 insertions(+), 18 deletions(-) create mode 100644 puppet/modules/site_config/manifests/remove/bigcouch.pp (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/remove/bigcouch.pp b/puppet/modules/site_config/manifests/remove/bigcouch.pp new file mode 100644 index 00000000..19d18eb0 --- /dev/null +++ b/puppet/modules/site_config/manifests/remove/bigcouch.pp @@ -0,0 +1,22 @@ +# remove bigcouch leftovers from previous installations +class site_config::remove::bigcouch { + + # Don't use check_mk logwatch to watch bigcouch logs anymore + # see https://leap.se/code/issues/7375 for more details + file { '/etc/check_mk/logwatch.d/bigcouch.cfg': + ensure => absent, + notify => [ + Exec['remove_bigcouch_logwatch_spoolfiles'], + Exec['remove_bigcouch_logwatch_stateline'] + ] + } + # remove leftover bigcouch logwatch spool files + exec { 'remove_bigcouch_logwatch_spoolfiles': + command => 'find /var/lib/check_mk/logwatch -name \'\\opt\\bigcouch\\var\\log\\bigcouch.log\' -exec rm {} \;', + refreshonly => true, + } + exec { 'remove_bigcouch_logwatch_stateline': + command => "sed -i '/bigcouch.log/d' /etc/check_mk/logwatch.state", + refreshonly => true, + } +} diff --git a/puppet/modules/site_config/manifests/remove/files.pp b/puppet/modules/site_config/manifests/remove/files.pp index 077381e1..4f7aa6e6 100644 --- a/puppet/modules/site_config/manifests/remove/files.pp +++ b/puppet/modules/site_config/manifests/remove/files.pp @@ -51,22 +51,4 @@ class site_config::remove::files { onlyif => "/bin/grep -qe 'leap_mx.log' /etc/check_mk/logwatch.state" } - # Don't use check_mk logwatch to watch bigcouch logs anymore - # see https://leap.se/code/issues/7375 for more details - file { '/etc/check_mk/logwatch.d/bigcouch.cfg': - ensure => absent, - notify => [ - Exec['remove_bigcouch_logwatch_spoolfiles'], - Exec['remove_bigcouch_logwatch_stateline'] - ] - } - # remove leftover bigcouch logwatch spool files - exec { 'remove_bigcouch_logwatch_spoolfiles': - command => 'find /var/lib/check_mk/logwatch -name \'\\opt\\bigcouch\\var\\log\\bigcouch.log\' -exec rm {} \;', - refreshonly => true, - } - exec { 'remove_bigcouch_logwatch_stateline': - command => "sed -i '/bigcouch.log/d' /etc/check_mk/logwatch.state", - refreshonly => true, - } } -- cgit v1.2.3 From 742e11902b88d1e135d131ebef7a7d8433f03dfe Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 25 Jan 2016 12:09:55 +0100 Subject: [bug] remove bigcouch compaction cronjob - Resolves: #7629 --- puppet/modules/site_config/manifests/remove/bigcouch.pp | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/remove/bigcouch.pp b/puppet/modules/site_config/manifests/remove/bigcouch.pp index 19d18eb0..0783fe9d 100644 --- a/puppet/modules/site_config/manifests/remove/bigcouch.pp +++ b/puppet/modules/site_config/manifests/remove/bigcouch.pp @@ -19,4 +19,8 @@ class site_config::remove::bigcouch { command => "sed -i '/bigcouch.log/d' /etc/check_mk/logwatch.state", refreshonly => true, } + + cron { 'compact_all_shards': + ensure => absent + } } -- cgit v1.2.3 From 54bd11793c13140651d908db7f88d550712ee85a Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 28 Jan 2016 11:12:59 +0100 Subject: [bug] Fix removing of bigcouch logwatch spoolfiles The problem was that puppet tried to remove them on the couch node, but they need to get removed on monitor node. - Resolves: #7641 --- puppet/modules/site_config/manifests/remove/bigcouch.pp | 6 +----- puppet/modules/site_config/manifests/remove/monitoring.pp | 7 +++++++ 2 files changed, 8 insertions(+), 5 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/remove/bigcouch.pp b/puppet/modules/site_config/manifests/remove/bigcouch.pp index 0783fe9d..f8e0ebe2 100644 --- a/puppet/modules/site_config/manifests/remove/bigcouch.pp +++ b/puppet/modules/site_config/manifests/remove/bigcouch.pp @@ -10,11 +10,7 @@ class site_config::remove::bigcouch { Exec['remove_bigcouch_logwatch_stateline'] ] } - # remove leftover bigcouch logwatch spool files - exec { 'remove_bigcouch_logwatch_spoolfiles': - command => 'find /var/lib/check_mk/logwatch -name \'\\opt\\bigcouch\\var\\log\\bigcouch.log\' -exec rm {} \;', - refreshonly => true, - } + exec { 'remove_bigcouch_logwatch_stateline': command => "sed -i '/bigcouch.log/d' /etc/check_mk/logwatch.state", refreshonly => true, diff --git a/puppet/modules/site_config/manifests/remove/monitoring.pp b/puppet/modules/site_config/manifests/remove/monitoring.pp index d7095597..ab9f7a8f 100644 --- a/puppet/modules/site_config/manifests/remove/monitoring.pp +++ b/puppet/modules/site_config/manifests/remove/monitoring.pp @@ -7,4 +7,11 @@ class site_config::remove::monitoring { recurse => true, matches => '*tapicero.log' } + + # remove leftover bigcouch logwatch spool files + exec { 'remove_bigcouch_logwatch_spoolfiles': + command => 'find /var/lib/check_mk/logwatch -name \'\\opt\\bigcouch\\var\\log\\bigcouch.log\' -exec rm {} \;', + refreshonly => true, + } + } -- cgit v1.2.3 From a8343508a6ced1dcbca621ad4c6f3ac39676326b Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 28 Jan 2016 00:04:10 +0100 Subject: [feat] Fix fast deploy using 'leap deploy --fast' This worked before, but somehow stopped working. We need to include 'site_config::slow' top-level scope instead of including it in 'site_config::default', because otherwise it would get tagged with 'leap_base', and would be included always. This way 'site_config::slow' gets included by default, but can be excluded by using 'leap deploy --fast'. See https://leap.se/en/docs/platform/details/under-the-hood#tags - Resolves: #7844 --- puppet/modules/site_config/manifests/default.pp | 14 ++++++++++---- puppet/modules/site_config/manifests/slow.pp | 2 ++ 2 files changed, 12 insertions(+), 4 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp index 7a2a0a79..96f06e6c 100644 --- a/puppet/modules/site_config/manifests/default.pp +++ b/puppet/modules/site_config/manifests/default.pp @@ -7,11 +7,17 @@ class site_config::default { include site_config::params include site_config::setup - # make sure apt is updated before any packages are installed - include apt::update - Package { require => Exec['apt_updated'] } + # By default, the class 'site_config::slow' is included in site.pp. + # It basically does an 'apt-get update' and 'apt-get dist-upgrade'. + # This class can be excluded by using 'leap deploy --fast', + # see https://leap.se/en/docs/platform/details/under-the-hood#tags for more + # details. + # The following Package resource override makes sure that *if* an + # 'apt-get update' is executed by 'site_config::slow', it should be done + # before any packages are installed. + + Package { require => Exec['refresh_apt'] } - include site_config::slow # default class, used by all hosts diff --git a/puppet/modules/site_config/manifests/slow.pp b/puppet/modules/site_config/manifests/slow.pp index 3650eb19..de276bc3 100644 --- a/puppet/modules/site_config/manifests/slow.pp +++ b/puppet/modules/site_config/manifests/slow.pp @@ -3,5 +3,7 @@ # the "--fast" parameter class site_config::slow { tag 'leap_slow' + + include apt::update class { 'site_apt::dist_upgrade': } } -- cgit v1.2.3 From 45e81ca4abc81600998f11a5e74a565f545e6c84 Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 2 Feb 2016 10:21:49 -0800 Subject: finally fix leap-mx logging, for the last time, hopefully. --- puppet/modules/site_config/manifests/remove/files.pp | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/remove/files.pp b/puppet/modules/site_config/manifests/remove/files.pp index 4f7aa6e6..3efcbf0f 100644 --- a/puppet/modules/site_config/manifests/remove/files.pp +++ b/puppet/modules/site_config/manifests/remove/files.pp @@ -15,6 +15,7 @@ class site_config::remove::files { tidy { '/etc/default/leap_mx':; '/etc/logrotate.d/mx':; + '/etc/rsyslog.d/50-mx.conf':; } # @@ -30,11 +31,7 @@ class site_config::remove::files { 'leap_mx': path => '/var/log/', recurse => true, - matches => 'leap_mx*'; - 'mx': - path => '/var/log/leap/', - recurse => true, - matches => 'mx.log*'; + matches => ['leap_mx*', 'mx.log.[6-9](.gz)?', 'mx.log.[0-9][0-9](.gz)?']; '/srv/leap/webapp/public/provider.json':; '/srv/leap/couchdb/designs/tmp_users': recurse => true, -- cgit v1.2.3 From 5d4642e94c8a1a460988fe11419556753ce0f1aa Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 1 Feb 2016 13:24:53 +0100 Subject: [refactor] Remove atomic apt package dependecy `site_config::default.pp` takes care the all packages are installed before `Exec['refresh_apt']`, so we don't need to add it here for a single package. --- puppet/modules/site_config/manifests/setup.pp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/setup.pp b/puppet/modules/site_config/manifests/setup.pp index dba5fa14..82dfe76d 100644 --- a/puppet/modules/site_config/manifests/setup.pp +++ b/puppet/modules/site_config/manifests/setup.pp @@ -24,8 +24,7 @@ class site_config::setup { include site_apt package { 'facter': - ensure => latest, - require => Exec['refresh_apt'] + ensure => latest } # if squid_deb_proxy_client is set to true, install and configure -- cgit v1.2.3 From 65d1d6da0dc76803f26668e92acda11cfc4bbf16 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 1 Feb 2016 13:54:18 +0100 Subject: [bug] Fix duplicate definition error for Class[Apt] We need to include class `site_config::default` in class `site_config::slow` so we don't get this duplicate definition: - [local1.bitmask.local] Error: Duplicate declaration: Class[Apt] is already declared; cannot redeclare at /srv/leap/puppet/modules/site_apt/manifests/init.pp:29 on node local1.bitmask.local To be honest, i didn't figuered out the real cause of this, but it works with this. --- puppet/modules/site_config/manifests/slow.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/slow.pp b/puppet/modules/site_config/manifests/slow.pp index de276bc3..8e9b7035 100644 --- a/puppet/modules/site_config/manifests/slow.pp +++ b/puppet/modules/site_config/manifests/slow.pp @@ -4,6 +4,7 @@ class site_config::slow { tag 'leap_slow' + include site_config::default include apt::update class { 'site_apt::dist_upgrade': } } -- cgit v1.2.3 From 559b2ccaa71e2c5c459d7a6bea39de975f15cb1c Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 1 Feb 2016 16:53:10 +0100 Subject: [refactor] Use Exec[apt_updated] instead of Exec[refresh_apt] Because this is the recommended way of depnending in the apt README. --- puppet/modules/site_config/manifests/default.pp | 2 +- puppet/modules/site_config/manifests/remove/jessie.pp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp index 96f06e6c..b5d0f32d 100644 --- a/puppet/modules/site_config/manifests/default.pp +++ b/puppet/modules/site_config/manifests/default.pp @@ -16,7 +16,7 @@ class site_config::default { # 'apt-get update' is executed by 'site_config::slow', it should be done # before any packages are installed. - Package { require => Exec['refresh_apt'] } + Package { require => Exec['apt_updated'] } # default class, used by all hosts diff --git a/puppet/modules/site_config/manifests/remove/jessie.pp b/puppet/modules/site_config/manifests/remove/jessie.pp index cbeaae05..c813e46d 100644 --- a/puppet/modules/site_config/manifests/remove/jessie.pp +++ b/puppet/modules/site_config/manifests/remove/jessie.pp @@ -3,7 +3,7 @@ class site_config::remove::jessie { tidy { '/etc/apt/preferences.d/rsyslog_anon_depends': - notify => Exec['refresh_apt']; + notify => Exec['apt_updated']; } } -- cgit v1.2.3 From 5471630d583d21bc21ec1e6a1e17056c2bdecb23 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 1 Feb 2016 17:35:16 +0100 Subject: [refactor] Dont duplicate Package resource override `site_apt` aready ensures for installing packages after Exec[update_apt] is run, so we don't need to duplicate this in `site_config::default.pp`. --- puppet/modules/site_config/manifests/default.pp | 12 ------------ 1 file changed, 12 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp index b5d0f32d..256de1a1 100644 --- a/puppet/modules/site_config/manifests/default.pp +++ b/puppet/modules/site_config/manifests/default.pp @@ -7,18 +7,6 @@ class site_config::default { include site_config::params include site_config::setup - # By default, the class 'site_config::slow' is included in site.pp. - # It basically does an 'apt-get update' and 'apt-get dist-upgrade'. - # This class can be excluded by using 'leap deploy --fast', - # see https://leap.se/en/docs/platform/details/under-the-hood#tags for more - # details. - # The following Package resource override makes sure that *if* an - # 'apt-get update' is executed by 'site_config::slow', it should be done - # before any packages are installed. - - Package { require => Exec['apt_updated'] } - - # default class, used by all hosts include lsb, git -- cgit v1.2.3 From ea2955c73150dc7417b2637acb2b29a955550c29 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 1 Feb 2016 20:51:04 +0100 Subject: [bug] Fix bigcouch spoolfile removal - Resolves: #7641 --- puppet/modules/site_config/manifests/remove/bigcouch.pp | 1 - puppet/modules/site_config/manifests/remove/monitoring.pp | 12 ++++-------- 2 files changed, 4 insertions(+), 9 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/remove/bigcouch.pp b/puppet/modules/site_config/manifests/remove/bigcouch.pp index f8e0ebe2..26ba8d09 100644 --- a/puppet/modules/site_config/manifests/remove/bigcouch.pp +++ b/puppet/modules/site_config/manifests/remove/bigcouch.pp @@ -6,7 +6,6 @@ class site_config::remove::bigcouch { file { '/etc/check_mk/logwatch.d/bigcouch.cfg': ensure => absent, notify => [ - Exec['remove_bigcouch_logwatch_spoolfiles'], Exec['remove_bigcouch_logwatch_stateline'] ] } diff --git a/puppet/modules/site_config/manifests/remove/monitoring.pp b/puppet/modules/site_config/manifests/remove/monitoring.pp index ab9f7a8f..18e2949b 100644 --- a/puppet/modules/site_config/manifests/remove/monitoring.pp +++ b/puppet/modules/site_config/manifests/remove/monitoring.pp @@ -1,17 +1,13 @@ # remove leftovers on monitoring nodes class site_config::remove::monitoring { + # Remove check_mk loggwatch spoolfiles for + # tapicero and bigcouch tidy { - 'checkmk_logwatch_spool': + 'remove_logwatch_spoolfiles': path => '/var/lib/check_mk/logwatch', recurse => true, - matches => '*tapicero.log' - } - - # remove leftover bigcouch logwatch spool files - exec { 'remove_bigcouch_logwatch_spoolfiles': - command => 'find /var/lib/check_mk/logwatch -name \'\\opt\\bigcouch\\var\\log\\bigcouch.log\' -exec rm {} \;', - refreshonly => true, + matches => [ '*tapicero.log', '*bigcouch.log']; } } -- cgit v1.2.3 From b8bca2d764bbf13a92e7ea861ab510db9b18e3bb Mon Sep 17 00:00:00 2001 From: Micah Date: Tue, 2 Feb 2016 11:02:17 -0500 Subject: Disable journald in order to resolve IP logging subversion (#7863) Change-Id: I9cee85c19d86dc7c8d70c4cdeb2e7426191b57a5 --- puppet/modules/site_config/manifests/syslog.pp | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/syslog.pp b/puppet/modules/site_config/manifests/syslog.pp index c397dc15..d1deefcd 100644 --- a/puppet/modules/site_config/manifests/syslog.pp +++ b/puppet/modules/site_config/manifests/syslog.pp @@ -4,12 +4,25 @@ class site_config::syslog { # only pin rsyslog packages to backports on wheezy case $::operatingsystemrelease { /^7.*/: { - include site_apt::preferences::rsyslog + include ::site_apt::preferences::rsyslog + } + # on jessie+ systems, systemd and journald are enabled, + # and journald logs IP addresses, so we need to disable + # it until a solution is found, (#7863): + # https://github.com/systemd/systemd/issues/2447 + default: { + include ::journald + augeas { + 'disable_journald': + incl => '/etc/systemd/journald.conf', + lens => 'Puppet.lns', + changes => 'set /files/etc/systemd/journald.conf/Journal/Storage \'none\'', + notify => Service['systemd-journald']; + } } - default: { } } - class { 'rsyslog::client': + class { '::rsyslog::client': log_remote => false, log_local => true } -- cgit v1.2.3 From ff818d6be896201adf0b1c9ded9316949dc954d2 Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 16 Feb 2016 16:43:54 -0800 Subject: remove pinning of openvpn package to backports --- puppet/modules/site_config/manifests/remove/files.pp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/remove/files.pp b/puppet/modules/site_config/manifests/remove/files.pp index 3efcbf0f..afdd4fce 100644 --- a/puppet/modules/site_config/manifests/remove/files.pp +++ b/puppet/modules/site_config/manifests/remove/files.pp @@ -16,6 +16,8 @@ class site_config::remove::files { '/etc/default/leap_mx':; '/etc/logrotate.d/mx':; '/etc/rsyslog.d/50-mx.conf':; + '/etc/apt/preferences.d/openvpn':; + '/etc/apt/sources.list.d/secondary.list.disabled.list':; } # -- cgit v1.2.3 From 685642e8bfdaff16a4f02bd40b5d2aef15b68d94 Mon Sep 17 00:00:00 2001 From: elijah Date: Sat, 13 Feb 2016 23:48:48 -0800 Subject: get dkim working, closes #5924 --- puppet/modules/site_config/manifests/x509/dkim/key.pp | 13 ------------- 1 file changed, 13 deletions(-) delete mode 100644 puppet/modules/site_config/manifests/x509/dkim/key.pp (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/x509/dkim/key.pp b/puppet/modules/site_config/manifests/x509/dkim/key.pp deleted file mode 100644 index c63a7e94..00000000 --- a/puppet/modules/site_config/manifests/x509/dkim/key.pp +++ /dev/null @@ -1,13 +0,0 @@ -class site_config::x509::dkim::key { - - ## - ## This is for the DKIM key that is used exclusively for DKIM - ## signing - - $x509 = hiera('x509') - $key = $x509['dkim_key'] - - x509::key { 'dkim': - content => $key - } -} -- cgit v1.2.3 From fd599945751a489a638fadace51c871f59346a46 Mon Sep 17 00:00:00 2001 From: Micah Date: Tue, 23 Feb 2016 11:40:14 -0500 Subject: We are rotating the mx logs 5 times, but we originally thought we should only have the following logfiles in that directory ever: mx.log, mx.log.[1-5], with an optional .gz suffix. However, we were wrong about the 'optional' part of the compression, we use the 'compress' option, so the logs will always be compressed. So there should never be the log files mx.log.1, mx.log.2, etc. This change adjusts the clean-up to deal with that. (#7058) https://github.com/leapcode/leap_platform/pull/97 Change-Id: I109d08ac063fe094c54e93be91893a67d7fbb51b --- puppet/modules/site_config/manifests/remove/files.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/remove/files.pp b/puppet/modules/site_config/manifests/remove/files.pp index afdd4fce..5aa07e53 100644 --- a/puppet/modules/site_config/manifests/remove/files.pp +++ b/puppet/modules/site_config/manifests/remove/files.pp @@ -33,7 +33,8 @@ class site_config::remove::files { 'leap_mx': path => '/var/log/', recurse => true, - matches => ['leap_mx*', 'mx.log.[6-9](.gz)?', 'mx.log.[0-9][0-9](.gz)?']; + matches => ['leap_mx*', 'mx.log.[1-5]', 'mx.log.[6-9](.gz)?', + 'mx.log.[0-9][0-9](.gz)?']; '/srv/leap/webapp/public/provider.json':; '/srv/leap/couchdb/designs/tmp_users': recurse => true, -- cgit v1.2.3 From aa2c2590e7b976805402c4c0a2ebe4b554304a85 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 8 Mar 2016 13:51:32 +0100 Subject: [bug] Remove stunnel leftovers from bigcouch - Resolves: #7785 --- .../site_config/manifests/remove/bigcouch.pp | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/remove/bigcouch.pp b/puppet/modules/site_config/manifests/remove/bigcouch.pp index 26ba8d09..3535c3c1 100644 --- a/puppet/modules/site_config/manifests/remove/bigcouch.pp +++ b/puppet/modules/site_config/manifests/remove/bigcouch.pp @@ -18,4 +18,25 @@ class site_config::remove::bigcouch { cron { 'compact_all_shards': ensure => absent } + + + exec { 'kill_bigcouch_stunnel_procs': + refreshonly => true, + command => '/usr/bin/pkill -f "/usr/bin/stunnel4 /etc/stunnel/(ednp|epmd)_server.conf"' + } + + # 'tidy' doesn't notify other resources, so we need to use file here instead + # see https://tickets.puppetlabs.com/browse/PUP-6021 + file { + [ '/etc/stunnel/ednp_server.conf', '/etc/stunnel/epmd_server.conf']: + ensure => absent, + # notifying Service[stunnel] doesn't work here because the config + # files contain the pid of the procs to stop/start. + # If we remove the config, and restart stunnel then it will only + # stop/start the procs for which config files are found and the stale + # service will continue to run. + # So we simply kill them. + notify => Exec['kill_bigcouch_stunnel_procs'] + } + } -- cgit v1.2.3 From 65335becbf8602b65ed385090400088f56293d9b Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 10 Mar 2016 21:12:11 +0100 Subject: [jessie] Remove obsolete backports pinning --- puppet/modules/site_config/manifests/caching_resolver.pp | 2 -- puppet/modules/site_config/manifests/remove/jessie.pp | 5 +++++ 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/caching_resolver.pp b/puppet/modules/site_config/manifests/caching_resolver.pp index cdebbad0..50824fdd 100644 --- a/puppet/modules/site_config/manifests/caching_resolver.pp +++ b/puppet/modules/site_config/manifests/caching_resolver.pp @@ -1,8 +1,6 @@ class site_config::caching_resolver { tag 'leap_base' - include site_apt::preferences::unbound - class { 'unbound': root_hints => false, anchor => false, diff --git a/puppet/modules/site_config/manifests/remove/jessie.pp b/puppet/modules/site_config/manifests/remove/jessie.pp index c813e46d..e9497baf 100644 --- a/puppet/modules/site_config/manifests/remove/jessie.pp +++ b/puppet/modules/site_config/manifests/remove/jessie.pp @@ -6,4 +6,9 @@ class site_config::remove::jessie { notify => Exec['apt_updated']; } + apt::preferences_snippet { + [ 'facter', 'obfsproxy', 'python-twisted', 'unbound' ]: + ensure => absent; + } + } -- cgit v1.2.3 From eac3056c237d523f4786593922fe8f88eb65dff7 Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 29 Mar 2016 13:27:01 -0700 Subject: testing: adds mx delivery tests --- puppet/modules/site_config/templates/hosts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/templates/hosts b/puppet/modules/site_config/templates/hosts index d557f730..d62cbc3f 100644 --- a/puppet/modules/site_config/templates/hosts +++ b/puppet/modules/site_config/templates/hosts @@ -6,7 +6,8 @@ <%- if @hosts then -%> <% @hosts.keys.sort.each do |name| -%> <%- props = @hosts[name] -%> -<%= props["ip_address"] %> <%= props["domain_full"] %> <%= props["domain_internal"] %> <%= name %> +<%- aliases = props["aliases"] ? props["aliases"].join(' ') : nil -%> +<%= [props["ip_address"], props["domain_full"], props["domain_internal"], aliases, name].compact.uniq.join(' ') %> <% end -%> <% end -%> -- cgit v1.2.3 From fead715f94551eb3600e449659ad6df12fffe641 Mon Sep 17 00:00:00 2001 From: Micah Date: Tue, 12 Apr 2016 10:04:48 -0400 Subject: Remove duplicate mail logging (#8021) Add a site_rsyslog config that removes duplicate mail logging. Previously mail logs would be copied to /var/log/syslog, mail.log, mail.err, mail.info, maillog and to the console. This removes those and only puts them in /var/log/mail.log. It also removes other superfluous configurations, either because they are commented out already, or because they are uucp or nntp. Change-Id: Ib05036787d2c818bf8802c22a4b8050f945a6e6d --- puppet/modules/site_config/manifests/syslog.pp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/syslog.pp b/puppet/modules/site_config/manifests/syslog.pp index d1deefcd..591e0601 100644 --- a/puppet/modules/site_config/manifests/syslog.pp +++ b/puppet/modules/site_config/manifests/syslog.pp @@ -23,8 +23,9 @@ class site_config::syslog { } class { '::rsyslog::client': - log_remote => false, - log_local => true + log_remote => false, + log_local => true, + custom_config => 'site_rsyslog/client.conf.erb' } rsyslog::snippet { '00-anonymize_logs': -- cgit v1.2.3 From 0ca80b41060dd8046386f7e49d2ed5ad382948c4 Mon Sep 17 00:00:00 2001 From: Micah Date: Tue, 12 Apr 2016 10:37:56 -0400 Subject: Put openvpn logs into leap directory (#8021) Have openvpn logs go to /var/log/leap/openvpn_$protocol, instead of to /var/log/daemon.log. Change-Id: I1fc33de660648ab0dba1ce98de2864649c104719 --- puppet/modules/site_config/manifests/remove/files.pp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/remove/files.pp b/puppet/modules/site_config/manifests/remove/files.pp index 5aa07e53..41d6462e 100644 --- a/puppet/modules/site_config/manifests/remove/files.pp +++ b/puppet/modules/site_config/manifests/remove/files.pp @@ -40,6 +40,8 @@ class site_config::remove::files { recurse => true, rmdirs => true; '/etc/leap/soledad-server.conf':; + '/var/log/leap/openvpn.log':; + '/etc/rsyslog.d/50-openvpn.conf':; } # leax-mx logged to /var/log/leap_mx.log in the past -- cgit v1.2.3 From 22b788920defdd42b4abda144afd8ca69d0a9d37 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 18 Apr 2016 18:19:44 +0200 Subject: [style] lint some custom manifests I used `puppet-lint -f FILE` to fix most issues, while finishing with manual intervention. --- puppet/modules/site_config/manifests/caching_resolver.pp | 2 +- puppet/modules/site_config/manifests/dhclient.pp | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/caching_resolver.pp b/puppet/modules/site_config/manifests/caching_resolver.pp index 50824fdd..a016627d 100644 --- a/puppet/modules/site_config/manifests/caching_resolver.pp +++ b/puppet/modules/site_config/manifests/caching_resolver.pp @@ -6,7 +6,7 @@ class site_config::caching_resolver { anchor => false, ssl => false, settings => { - server => { + server => { verbosity => '1', interface => [ '127.0.0.1', '::1' ], port => '53', diff --git a/puppet/modules/site_config/manifests/dhclient.pp b/puppet/modules/site_config/manifests/dhclient.pp index 7755413b..eb09fda1 100644 --- a/puppet/modules/site_config/manifests/dhclient.pp +++ b/puppet/modules/site_config/manifests/dhclient.pp @@ -23,10 +23,10 @@ class site_config::dhclient { } file { '/etc/dhcp/dhclient-enter-hooks.d': - ensure => directory, - mode => '0755', - owner => 'root', - group => 'root', + ensure => directory, + mode => '0755', + owner => 'root', + group => 'root', } file { '/etc/dhcp/dhclient-enter-hooks.d/disable_resolvconf': -- cgit v1.2.3 From 8370875d608ebddae09fcd05741bb77e0e31c122 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 18 Apr 2016 18:28:29 +0200 Subject: [style] more manual linting for custom manifests --- puppet/modules/site_config/manifests/caching_resolver.pp | 1 + puppet/modules/site_config/manifests/dhclient.pp | 10 +++++----- 2 files changed, 6 insertions(+), 5 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/caching_resolver.pp b/puppet/modules/site_config/manifests/caching_resolver.pp index a016627d..8bf465c1 100644 --- a/puppet/modules/site_config/manifests/caching_resolver.pp +++ b/puppet/modules/site_config/manifests/caching_resolver.pp @@ -1,3 +1,4 @@ +# deploy local caching resolver class site_config::caching_resolver { tag 'leap_base' diff --git a/puppet/modules/site_config/manifests/dhclient.pp b/puppet/modules/site_config/manifests/dhclient.pp index eb09fda1..a1f87d41 100644 --- a/puppet/modules/site_config/manifests/dhclient.pp +++ b/puppet/modules/site_config/manifests/dhclient.pp @@ -1,10 +1,10 @@ +# Unfortunately, there does not seem to be a way to reload the dhclient.conf +# config file, or a convenient way to disable the modifications to +# /etc/resolv.conf. So the following makes the functions involved noops and +# ships a script to kill and restart dhclient. See the debian bugs: +# #681698, #712796 class site_config::dhclient { - # Unfortunately, there does not seem to be a way to reload the dhclient.conf - # config file, or a convenient way to disable the modifications to - # /etc/resolv.conf. So the following makes the functions involved noops and - # ships a script to kill and restart dhclient. See the debian bugs: - # #681698, #712796 include site_config::params -- cgit v1.2.3 From 3b5ce74f81bb56af0b94a119a85649446a3d6e19 Mon Sep 17 00:00:00 2001 From: Micah Date: Tue, 3 May 2016 13:21:17 -0400 Subject: migrate from obsolete SSLCertificateChainFile apache option (#8055) Change-Id: I20a28ae77c98071aefc1933e0ea73e5f3b895acb --- puppet/modules/site_config/manifests/x509/commercial/cert.pp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/x509/commercial/cert.pp b/puppet/modules/site_config/manifests/x509/commercial/cert.pp index d71d9838..9dd6ffcd 100644 --- a/puppet/modules/site_config/manifests/x509/commercial/cert.pp +++ b/puppet/modules/site_config/manifests/x509/commercial/cert.pp @@ -4,9 +4,12 @@ class site_config::x509::commercial::cert { $x509 = hiera('x509') $cert = $x509['commercial_cert'] + $ca = $x509['commercial_ca_cert'] + + $cafile = "${cert}\n${ca}" x509::cert { $site_config::params::commercial_cert_name: - content => $cert + content => $cafile } } -- cgit v1.2.3