From 446da8fc1cdd3749ecb04ffcd7c8c035c051c373 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 6 May 2015 13:06:28 -0400 Subject: update apt submodule to fix unattended-upgrades and account for jessie release Change-Id: I69e6a0f8e676be72bce492af32fef76c9167f5ee --- puppet/modules/apt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet') diff --git a/puppet/modules/apt b/puppet/modules/apt index 64fb988c..e8580d1d 160000 --- a/puppet/modules/apt +++ b/puppet/modules/apt @@ -1 +1 @@ -Subproject commit 64fb988c0e37d64fb3e241dc95f156072e43bf2a +Subproject commit e8580d1da21d6f1024376d8bfa4858fe52acda6f -- cgit v1.2.3 From b614675485bf01b222acff1299b47cc2242c5f6f Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 14 May 2015 22:17:18 -0700 Subject: use latest puppet_couchdb --- puppet/modules/couchdb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet') diff --git a/puppet/modules/couchdb b/puppet/modules/couchdb index 02c2f59d..23b557c6 160000 --- a/puppet/modules/couchdb +++ b/puppet/modules/couchdb @@ -1 +1 @@ -Subproject commit 02c2f59dd1725cc0bd83e346259d54ea46a5ba1f +Subproject commit 23b557c6fb07929a9b04e5fb75375a85a4734370 -- cgit v1.2.3 From 8b74c455efe54c681fe9a18ba30915b284dd58ff Mon Sep 17 00:00:00 2001 From: Christoph Kluenter Date: Tue, 2 Jun 2015 15:19:39 +0200 Subject: ensure the enterhooks directory is present --- puppet/modules/site_config/manifests/dhclient.pp | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'puppet') diff --git a/puppet/modules/site_config/manifests/dhclient.pp b/puppet/modules/site_config/manifests/dhclient.pp index dbe2ef1c..7755413b 100644 --- a/puppet/modules/site_config/manifests/dhclient.pp +++ b/puppet/modules/site_config/manifests/dhclient.pp @@ -22,11 +22,19 @@ class site_config::dhclient { require => File['/usr/local/sbin/reload_dhclient'], } + file { '/etc/dhcp/dhclient-enter-hooks.d': + ensure => directory, + mode => '0755', + owner => 'root', + group => 'root', + } + file { '/etc/dhcp/dhclient-enter-hooks.d/disable_resolvconf': content => 'make_resolv_conf() { : ; } ; set_hostname() { : ; }', mode => '0644', owner => 'root', group => 'root', + require => File['/etc/dhcp/dhclient-enter-hooks.d'], notify => Exec['reload_dhclient']; } } -- cgit v1.2.3 From 48ba95b60c76150ade9f2ddbad428e2f4c71b5e0 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 11 Jun 2015 21:28:26 +0200 Subject: updated submodule couchdb (Couchdb >=1.3 uses pbkdf2 as pw hashing algorhythm, #7120) Change-Id: I97560f4134a700579d1523ddd8ba173bfb1f0659 --- puppet/modules/couchdb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet') diff --git a/puppet/modules/couchdb b/puppet/modules/couchdb index 23b557c6..c67248cd 160000 --- a/puppet/modules/couchdb +++ b/puppet/modules/couchdb @@ -1 +1 @@ -Subproject commit 23b557c6fb07929a9b04e5fb75375a85a4734370 +Subproject commit c67248cd74eb91854e5841d27572e630efec0f62 -- cgit v1.2.3 From 596277daf9c4db0ced8fdbbda930078f033e0855 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 11 Jun 2015 22:32:27 +0200 Subject: updated submodule couchdb Change-Id: Id5bc16d8466c3407e9f7c4015c1e3a96129daf0a --- puppet/modules/couchdb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet') diff --git a/puppet/modules/couchdb b/puppet/modules/couchdb index c67248cd..339ea696 160000 --- a/puppet/modules/couchdb +++ b/puppet/modules/couchdb @@ -1 +1 @@ -Subproject commit c67248cd74eb91854e5841d27572e630efec0f62 +Subproject commit 339ea696c8bb5759a000995de502a6f381abc91c -- cgit v1.2.3 From c2337647f3def5b3b3cd55b5ceaf649299bb7874 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 11 Jun 2015 20:07:01 +0200 Subject: use couch.pwhash_alg hiera variable for hashing couchdb admin pw use this to run a single, plain couchdb node, using couchdb 1.6 from the leap repo: "couch": { "master": true, "pwhash_alg": "pbkdf2" } Change-Id: Ie4f34c2c5cb9feca7a10450bcf0bc260c8aa9d33 --- puppet/modules/site_couchdb/manifests/init.pp | 3 +++ puppet/modules/site_couchdb/manifests/master.pp | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'puppet') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index a11f6309..6b6ddd3a 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -1,3 +1,5 @@ +# entry class for configuring couchdb/bigcouch node +# couchdb node class site_couchdb { tag 'leap_service' @@ -41,6 +43,7 @@ class site_couchdb { $couchdb_backup = $couchdb_config['backup'] $couchdb_mode = $couchdb_config['mode'] + $couchdb_pwhash_alg = $couchdb_config['pwhash_alg'] if $couchdb_mode == 'multimaster' { include site_couchdb::bigcouch } if $couchdb_mode == 'master' { include site_couchdb::master } diff --git a/puppet/modules/site_couchdb/manifests/master.pp b/puppet/modules/site_couchdb/manifests/master.pp index a0a6633d..c28eee7d 100644 --- a/puppet/modules/site_couchdb/manifests/master.pp +++ b/puppet/modules/site_couchdb/manifests/master.pp @@ -1,9 +1,9 @@ +# this class sets up a single, plain couchdb node class site_couchdb::master { - class { 'couchdb': admin_pw => $site_couchdb::couchdb_admin_pw, admin_salt => $site_couchdb::couchdb_admin_salt, - chttpd_bind_address => '127.0.0.1' + chttpd_bind_address => '127.0.0.1', + pwhash_alg => $site_couchdb::couchdb_pwhash_alg } - -} \ No newline at end of file +} -- cgit v1.2.3 From 3c4c973a44a57a115de2f9a3e8bc67f0b74af3d1 Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 17 Jun 2015 15:11:11 -0700 Subject: bugfix: site_static module was not including ssl_common.inc --- puppet/modules/site_static/manifests/init.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet') diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp index ce79c00f..35ecabf8 100644 --- a/puppet/modules/site_static/manifests/init.pp +++ b/puppet/modules/site_static/manifests/init.pp @@ -33,6 +33,7 @@ class site_static { include site_apache::module::expires include site_apache::module::removeip include site_apache::module::rewrite + apache::config::include{ 'ssl_common.inc': } if (member($formats, 'rack')) { include site_apt::preferences::passenger -- cgit v1.2.3 From da6916d66cb78c185f068ff60d613dbe98e9f1ca Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 11 Jun 2015 22:45:33 +0200 Subject: linted create_dbs.pp Change-Id: I9e46286c402adc06f3f815f8a1eea11fe82c7c39 --- puppet/modules/site_couchdb/manifests/create_dbs.pp | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'puppet') diff --git a/puppet/modules/site_couchdb/manifests/create_dbs.pp b/puppet/modules/site_couchdb/manifests/create_dbs.pp index b743127a..8285a4e3 100644 --- a/puppet/modules/site_couchdb/manifests/create_dbs.pp +++ b/puppet/modules/site_couchdb/manifests/create_dbs.pp @@ -1,3 +1,4 @@ +# creates neccesary databases class site_couchdb::create_dbs { Class['site_couchdb::setup'] @@ -7,7 +8,7 @@ class site_couchdb::create_dbs { ### customer database ### r/w: webapp, couchdb::create_db { 'customers': - members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [\"replication\"] }", + members => "{ \"names\": [\"${site_couchdb::couchdb_webapp_user}\"], \"roles\": [\"replication\"] }", require => Couchdb::Query::Setup['localhost'] } @@ -30,27 +31,27 @@ class site_couchdb::create_dbs { ## r/w: webapp $sessions_db = rotated_db_name('sessions', 'monthly') couchdb::create_db { $sessions_db: - members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [\"replication\"] }", + members => "{ \"names\": [\"${site_couchdb::couchdb_webapp_user}\"], \"roles\": [\"replication\"] }", require => Couchdb::Query::Setup['localhost'] } $sessions_next_db = rotated_db_name('sessions', 'monthly', 'next') couchdb::create_db { $sessions_next_db: - members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [\"replication\"] }", + members => "{ \"names\": [\"${site_couchdb::couchdb_webapp_user}\"], \"roles\": [\"replication\"] }", require => Couchdb::Query::Setup['localhost'] } ## shared database ## r/w: soledad couchdb::create_db { 'shared': - members => "{ \"names\": [\"$site_couchdb::couchdb_soledad_user\"], \"roles\": [\"replication\"] }", + members => "{ \"names\": [\"${site_couchdb::couchdb_soledad_user}\"], \"roles\": [\"replication\"] }", require => Couchdb::Query::Setup['localhost'] } ## tickets database ## r/w: webapp couchdb::create_db { 'tickets': - members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [\"replication\"] }", + members => "{ \"names\": [\"${site_couchdb::couchdb_webapp_user}\"], \"roles\": [\"replication\"] }", require => Couchdb::Query::Setup['localhost'] } @@ -87,7 +88,7 @@ class site_couchdb::create_dbs { ## store messages to the clients such as payment reminders ## r/w: webapp couchdb::create_db { 'messages': - members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [\"replication\"] }", + members => "{ \"names\": [\"${site_couchdb::couchdb_webapp_user}\"], \"roles\": [\"replication\"] }", require => Couchdb::Query::Setup['localhost'] } } -- cgit v1.2.3 From dc2611f2fc2aab1c441d524862af30b349323c7c Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 5 Jun 2015 11:54:02 +0200 Subject: Support plain couchdb (#6067) The bigcouch specific class ordering from site_couchdb::create_dbs needed to move to site_couchdb::bigcouch, otherwise a plain couchdb setup would try to include bigcouch classes and fail. Change-Id: I06742d4a12c5b40c9c9faa90441734e6926d422d --- puppet/modules/site_couchdb/manifests/bigcouch.pp | 2 ++ puppet/modules/site_couchdb/manifests/create_dbs.pp | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'puppet') diff --git a/puppet/modules/site_couchdb/manifests/bigcouch.pp b/puppet/modules/site_couchdb/manifests/bigcouch.pp index 82c85b52..469a2783 100644 --- a/puppet/modules/site_couchdb/manifests/bigcouch.pp +++ b/puppet/modules/site_couchdb/manifests/bigcouch.pp @@ -1,3 +1,4 @@ +# sets up bigcouch on couchdb node class site_couchdb::bigcouch { $config = $::site_couchdb::couchdb_config['bigcouch'] @@ -24,6 +25,7 @@ class site_couchdb::bigcouch { -> Class['site_couchdb::setup'] -> Class['site_couchdb::bigcouch::add_nodes'] -> Class['site_couchdb::bigcouch::settle_cluster'] + -> Class['site_couchdb::create_dbs'] include site_couchdb::bigcouch::add_nodes include site_couchdb::bigcouch::settle_cluster diff --git a/puppet/modules/site_couchdb/manifests/create_dbs.pp b/puppet/modules/site_couchdb/manifests/create_dbs.pp index 8285a4e3..eea4bbf5 100644 --- a/puppet/modules/site_couchdb/manifests/create_dbs.pp +++ b/puppet/modules/site_couchdb/manifests/create_dbs.pp @@ -2,7 +2,6 @@ class site_couchdb::create_dbs { Class['site_couchdb::setup'] - -> Class['site_couchdb::bigcouch::settle_cluster'] -> Class['site_couchdb::create_dbs'] ### customer database -- cgit v1.2.3 From 1f57371c70590a14c60c6a12487095d5463e9fa8 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 23 Jun 2015 14:32:59 -0400 Subject: Remove old clean-up, this is no longer necessary Change-Id: I4e8fe3355a2d55193ebf745de1f932a6dcd6121c --- puppet/modules/site_config/manifests/caching_resolver.pp | 10 ---------- 1 file changed, 10 deletions(-) (limited to 'puppet') diff --git a/puppet/modules/site_config/manifests/caching_resolver.pp b/puppet/modules/site_config/manifests/caching_resolver.pp index 1b8bd1a2..abcda1d8 100644 --- a/puppet/modules/site_config/manifests/caching_resolver.pp +++ b/puppet/modules/site_config/manifests/caching_resolver.pp @@ -12,16 +12,6 @@ class site_config::caching_resolver { include site_apt::preferences::unbound - file { - # cleanup from how we used to do it - '/etc/unbound/conf.d': - force => true, - ensure => absent; - - '/etc/unbound/conf.d/placeholder': - ensure => absent; - } - class { 'unbound': root_hints => false, anchor => false, -- cgit v1.2.3 From 554b0deed00d7d56eb775a7babf6f8b8b0608f39 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 23 Jun 2015 14:45:06 -0400 Subject: update unbound module to change hasstatus parameter to true (#6885) Change-Id: I532263ffe6679ff6c2249926086098dc8b4877f5 --- puppet/modules/unbound | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet') diff --git a/puppet/modules/unbound b/puppet/modules/unbound index ca7eb732..00646b0f 160000 --- a/puppet/modules/unbound +++ b/puppet/modules/unbound @@ -1 +1 @@ -Subproject commit ca7eb732064ce29fc83d4c32a4df7d9512d45802 +Subproject commit 00646b0ffc71a86981b05f983c86ace0979d1b6f -- cgit v1.2.3 From 19258e1f40a783485f6a422a630dbb33b2e2d2c8 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 23 Jun 2015 14:58:48 -0400 Subject: cleanup no longer used unbound conf.d pieces (#7187) Change-Id: Ie0b1f22c49462bd5c4ee3290f100e5d3e14ccb03 --- puppet/modules/site_config/manifests/caching_resolver.pp | 10 ---------- 1 file changed, 10 deletions(-) (limited to 'puppet') diff --git a/puppet/modules/site_config/manifests/caching_resolver.pp b/puppet/modules/site_config/manifests/caching_resolver.pp index abcda1d8..cdebbad0 100644 --- a/puppet/modules/site_config/manifests/caching_resolver.pp +++ b/puppet/modules/site_config/manifests/caching_resolver.pp @@ -1,22 +1,12 @@ class site_config::caching_resolver { tag 'leap_base' - # Setup a conf.d directory to place additional unbound configuration files. - # There must be at least one file in the directory, or unbound will not start, - # so create an empty placeholder to ensure this. - - # Note: the version of unbound we are working with does not accept a wildcard - # for an include directive, so we are not able to use this. When we can use - # the newer unbound, then we will add 'include: /etc/unbound.d/*' to the - # configuration file - include site_apt::preferences::unbound class { 'unbound': root_hints => false, anchor => false, ssl => false, - require => File['/etc/unbound/conf.d/placeholder'], settings => { server => { verbosity => '1', -- cgit v1.2.3 From a845c11183a0ee29776c70def63f2d27aaeb653c Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 24 Jun 2015 16:44:34 -0700 Subject: remove static site circular dependency (closes #7145) --- puppet/modules/site_apt/manifests/preferences/passenger.pp | 8 ++++++-- puppet/modules/site_static/manifests/init.pp | 3 ++- 2 files changed, 8 insertions(+), 3 deletions(-) (limited to 'puppet') diff --git a/puppet/modules/site_apt/manifests/preferences/passenger.pp b/puppet/modules/site_apt/manifests/preferences/passenger.pp index af501b6b..8cd41f91 100644 --- a/puppet/modules/site_apt/manifests/preferences/passenger.pp +++ b/puppet/modules/site_apt/manifests/preferences/passenger.pp @@ -1,10 +1,14 @@ +# +# currently, this is only used by static_site to get passenger v4. +# +# UPGRADE: this is not needed for jessie. +# class site_apt::preferences::passenger { apt::preferences_snippet { 'passenger': package => 'libapache2-mod-passenger', release => "${::lsbdistcodename}-backports", - priority => 999, - require => [Package['apache'], Class['ruby']]; + priority => 999; } } diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp index 35ecabf8..2a198b57 100644 --- a/puppet/modules/site_static/manifests/init.pp +++ b/puppet/modules/site_static/manifests/init.pp @@ -35,6 +35,8 @@ class site_static { include site_apache::module::rewrite apache::config::include{ 'ssl_common.inc': } + include site_config::ruby::dev + if (member($formats, 'rack')) { include site_apt::preferences::passenger class { 'passenger': @@ -44,7 +46,6 @@ class site_static { } if (member($formats, 'amber')) { - include site_config::ruby::dev rubygems::gem{'amber-0.3.4': } } -- cgit v1.2.3 From e88a89ab97455c58d6b795fbd44ebaf57f03f5c5 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 29 Jun 2015 14:31:20 +0200 Subject: updated submodule couchdb to remove debugging leftover notice() Change-Id: I9c901a21c2ae3cd0164ca9bd3b4aab63d6a239c7 --- puppet/modules/couchdb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet') diff --git a/puppet/modules/couchdb b/puppet/modules/couchdb index 339ea696..3c20a316 160000 --- a/puppet/modules/couchdb +++ b/puppet/modules/couchdb @@ -1 +1 @@ -Subproject commit 339ea696c8bb5759a000995de502a6f381abc91c +Subproject commit 3c20a3169e77e5a5f9abc06788c3a7730d5530ca -- cgit v1.2.3 From 2293491a10f622951f034cee28ae20ba2d2f41a0 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 29 Jun 2015 13:50:47 +0200 Subject: Don't remove acpid and acpi-support-base packages Those packages are needed by libvirt to reboot/shutdown a VM by the virsh command. Change-Id: I3eb7b113d11e3034f41d09d51c203b93275ae3c9 --- puppet/modules/site_config/manifests/packages/base.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'puppet') diff --git a/puppet/modules/site_config/manifests/packages/base.pp b/puppet/modules/site_config/manifests/packages/base.pp index f20d04a4..c23495fc 100644 --- a/puppet/modules/site_config/manifests/packages/base.pp +++ b/puppet/modules/site_config/manifests/packages/base.pp @@ -1,3 +1,4 @@ +# install default packages and remove unwanted packages class site_config::packages::base { @@ -7,7 +8,7 @@ class site_config::packages::base { } # base set of packages that we want to remove everywhere - package { [ 'acpi', 'acpid', 'acpi-support-base', 'eject', 'ftp', + package { [ 'acpi', 'eject', 'ftp', 'laptop-detect', 'lpr', 'nfs-common', 'nfs-kernel-server', 'portmap', 'pppconfig', 'pppoe', 'pump', 'qstat', 'rpcbind', 'samba-common', 'samba-common-bin', 'smbclient', 'tcl8.5', -- cgit v1.2.3 From 1109121d575653cb08e807ddcd68b737743d404d Mon Sep 17 00:00:00 2001 From: kwadronaut Date: Sun, 5 Jul 2015 15:21:57 +0200 Subject: zlib1g-dev needed for amber gem fixes #7231 --- puppet/modules/site_static/manifests/init.pp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'puppet') diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp index 2a198b57..e37d5ad2 100644 --- a/puppet/modules/site_static/manifests/init.pp +++ b/puppet/modules/site_static/manifests/init.pp @@ -46,6 +46,9 @@ class site_static { } if (member($formats, 'amber')) { + package { 'zlib1g-dev': + ensure => installed + } rubygems::gem{'amber-0.3.4': } } @@ -54,4 +57,4 @@ class site_static { include site_shorewall::defaults include site_shorewall::service::http include site_shorewall::service::https -} \ No newline at end of file +} -- cgit v1.2.3 From 73f83d847540a0f679d23f5dc86660b55959710a Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 6 Jul 2015 14:48:10 +0200 Subject: Don't monitor disabled nodes (#7235) Change-Id: I51ce8a9e8773d267c270a1725a497f9a43f2e9ff Sidenote: $nagios_hosts was never used --- puppet/modules/site_check_mk/manifests/server.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'puppet') diff --git a/puppet/modules/site_check_mk/manifests/server.pp b/puppet/modules/site_check_mk/manifests/server.pp index 171f1576..67519513 100644 --- a/puppet/modules/site_check_mk/manifests/server.pp +++ b/puppet/modules/site_check_mk/manifests/server.pp @@ -1,3 +1,4 @@ +# setup check_mk on the monitoring server class site_check_mk::server { $ssh_hash = hiera('ssh') @@ -6,10 +7,9 @@ class site_check_mk::server { $seckey = $ssh_hash['monitor']['private_key'] $nagios_hiera = hiera_hash('nagios') - $nagios_hosts = $nagios_hiera['hosts'] + $hosts = $nagios_hiera['hosts'] - $hosts = hiera_hash('hosts') - $all_hosts = inline_template ('<% @hosts.keys.sort.each do |key| -%>"<%= @hosts[key]["domain_internal"] %>", <% end -%>') + $all_hosts = inline_template ('<% @hosts.keys.sort.each do |key| -%><% if @hosts[key]["environment"] != "disabled" %>"<%= @hosts[key]["domain_internal"] %>", <% end -%><% end -%>') $domains_internal = $nagios_hiera['domains_internal'] $environments = $nagios_hiera['environments'] -- cgit v1.2.3 From 4986f2ba34bbed7748b80f02ab965dd5968217bc Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 7 Jul 2015 14:39:34 +0200 Subject: remove leap_couch_stats.sh TMPFILE so /tmp/ won't fill with tmp files (#7217) Change-Id: I7b778e1e1af2784bd79840f20453ca8718927e25 --- .../site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet') diff --git a/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh b/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh index 95474ccb..285a80f0 100755 --- a/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh +++ b/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh @@ -97,6 +97,7 @@ $CURL -X GET $URL/_all_dbs | json_pp | egrep -v '(\[|\])' > $TMPFILE # get list of dbs to check dbs=$( egrep -v "${DBLIST_EXCLUDE}" $TMPFILE | tr -d '\n"' | sed 's/,/ /g' ) +rm "$TMPFILE" for db in $dbs do -- cgit v1.2.3 From 07e949ad3d3baa132c88e529ab5121c4016eb0be Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 7 Jul 2015 15:15:32 +0200 Subject: moved removal of leap_couch_stats.sh TMPFILE to end of script (#7217) Change-Id: If844b95c44e697f480df8ee2ae6607709b9942f7 --- .../files/agent/local_checks/couchdb/leap_couch_stats.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'puppet') diff --git a/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh b/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh index 285a80f0..83b407e0 100755 --- a/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh +++ b/puppet/modules/site_check_mk/files/agent/local_checks/couchdb/leap_couch_stats.sh @@ -97,7 +97,6 @@ $CURL -X GET $URL/_all_dbs | json_pp | egrep -v '(\[|\])' > $TMPFILE # get list of dbs to check dbs=$( egrep -v "${DBLIST_EXCLUDE}" $TMPFILE | tr -d '\n"' | sed 's/,/ /g' ) -rm "$TMPFILE" for db in $dbs do @@ -118,3 +117,6 @@ end_time=$(date +%s.%N) duration=$( echo "scale = 2; $end_time - $start_time" | bc -l ) printf "${exitcode} ${PREFIX}global_stats ${global_stats_perf}|script_duration=%02.2fs ${STATE[exitcode]}: global couchdb status\n" "$duration" + +rm "$TMPFILE" + -- cgit v1.2.3 From 3cb5ae59d51d85cde704214dcea7c65da2bf6e94 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 7 Jul 2015 16:04:40 +0200 Subject: Ignore openvpn logwatch warnings (#6867) These are warnings that might have different origins, each of them we don't want to alarm the admin: - A bitmask client bug (user will poke the client devs if things break, and they will go after it) - A simple network failure, packets might get cut of - Malicious user tries to temper with TLS handshakes - this gets more interesting, but still (like ssh bruteforce attacs) an admin would not want to get annoyed by this by default, but they still have the option to use log analysers of their choice if they want to investigate this. Change-Id: I23ca3b700e41f22f34ad3346ed4e647b86000bb2 --- puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'puppet') diff --git a/puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg b/puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg index ed50f420..d99dcde9 100644 --- a/puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg +++ b/puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg @@ -8,6 +8,11 @@ I ovpn-.*TLS Error: TLS object -> incoming plaintext read error I ovpn-.*Fatal TLS error \(check_tls_errors_co\), restarting I ovpn-.*TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate + I ovpn-.*TLS_ERROR: BIO read tls_read_plaintext error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate + I ovpn-.*TLS Error: unknown opcode received from + I ovpn-.*Authenticate/Decrypt packet error: packet HMAC authentication failed + I ovpn-.*TLS Error: reading acknowledgement record from packet + I ovpn-.*TLS Error: session-id not found in packet from I ovpn-.*SIGUSR1\[soft,tls-error\] received, client-instance restarting I ovpn-.*VERIFY ERROR: depth=0, error=certificate has expired -- cgit v1.2.3 From 7e6b3939a69f11d23ed1c876060025fbe694704d Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 7 Jul 2015 16:30:42 +0200 Subject: check_mk should not falsely report multiple instances running (#6866) Change-Id: Ie7943c9a541c3cd2feac7686ed1092aadc5a7c7a --- puppet/modules/site_check_mk/manifests/agent/tapicero.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'puppet') diff --git a/puppet/modules/site_check_mk/manifests/agent/tapicero.pp b/puppet/modules/site_check_mk/manifests/agent/tapicero.pp index 4a5ec68e..ad9962d4 100644 --- a/puppet/modules/site_check_mk/manifests/agent/tapicero.pp +++ b/puppet/modules/site_check_mk/manifests/agent/tapicero.pp @@ -1,3 +1,4 @@ +# sets up tapicero monitoring class site_check_mk::agent::tapicero { include ::site_nagios::plugins @@ -14,7 +15,7 @@ class site_check_mk::agent::tapicero { lens => 'Spacevars.lns', changes => [ 'rm /files/etc/check_mk/mrpe.cfg/Tapicero_Procs', - 'set Tapicero_Procs "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -a tapicero"' ], + "set Tapicero_Procs \"/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 --ereg-argument-array='^tapicero$'\"" ], require => File['/etc/check_mk/mrpe.cfg']; 'Tapicero_Heartbeat': incl => '/etc/check_mk/mrpe.cfg', -- cgit v1.2.3 From ec24733308676d6822aaeaae6c17b042f7e2bf14 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 7 Jul 2015 16:22:36 -0400 Subject: Clean up left-over files from old way of leap-mx logging, this should stop the logrotate cron errors from happening. (#7058) Change-Id: Iceaeb8c17600fc23d2b1ca075546f8573c145760 --- puppet/modules/site_config/manifests/remove_files.pp | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'puppet') diff --git a/puppet/modules/site_config/manifests/remove_files.pp b/puppet/modules/site_config/manifests/remove_files.pp index 3f46659c..b339e6af 100644 --- a/puppet/modules/site_config/manifests/remove_files.pp +++ b/puppet/modules/site_config/manifests/remove_files.pp @@ -27,6 +27,10 @@ class site_config::remove_files { path => '/var/log/', recurse => true, matches => 'leap_mx*'; + 'leap_mx_rotate': + path => '/var/log/leap/', + recurse => true, + matches => [ 'mx.log.[0-9]', 'mx.log.[0-9]?', 'mx.log.[6-9]?gz']; '/srv/leap/webapp/public/provider.json':; '/srv/leap/couchdb/designs/tmp_users': recurse => true, -- cgit v1.2.3 From 1e872b71382f94f9c2d63ccbcaa43ca7d6741b42 Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 9 Jul 2015 12:18:03 -0700 Subject: use latest amber for static nodes. --- puppet/modules/site_static/manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet') diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp index 2a198b57..1e7317a0 100644 --- a/puppet/modules/site_static/manifests/init.pp +++ b/puppet/modules/site_static/manifests/init.pp @@ -46,7 +46,7 @@ class site_static { } if (member($formats, 'amber')) { - rubygems::gem{'amber-0.3.4': } + rubygems::gem{'amber-0.3.7': } } create_resources(site_static::domain, $domains) -- cgit v1.2.3 From c5f1790602b2a987f7cfb18b0da8e11e692cdd40 Mon Sep 17 00:00:00 2001 From: kwadronaut Date: Tue, 14 Jul 2015 13:55:49 +0000 Subject: bump amber version, taking care of puppet ordering with require. --- puppet/modules/site_static/manifests/init.pp | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'puppet') diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp index e37d5ad2..a3fd9c1e 100644 --- a/puppet/modules/site_static/manifests/init.pp +++ b/puppet/modules/site_static/manifests/init.pp @@ -46,10 +46,13 @@ class site_static { } if (member($formats, 'amber')) { + rubygems::gem{'amber-0.3.7': + require => Package['zlib1g-dev'] + } + package { 'zlib1g-dev': - ensure => installed + ensure => installed } - rubygems::gem{'amber-0.3.4': } } create_resources(site_static::domain, $domains) @@ -57,4 +60,4 @@ class site_static { include site_shorewall::defaults include site_shorewall::service::http include site_shorewall::service::https -} +} \ No newline at end of file -- cgit v1.2.3 From d609a948520e38feb79892eec6c80f3915940444 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 21 Jul 2015 10:19:23 -0400 Subject: minor linting fix double quotes and indentation Change-Id: I79c28159d17e6256db3094f413d61dcdc9520dc6 --- puppet/modules/leap_mx/manifests/init.pp | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'puppet') diff --git a/puppet/modules/leap_mx/manifests/init.pp b/puppet/modules/leap_mx/manifests/init.pp index 6bcdd19a..2986f622 100644 --- a/puppet/modules/leap_mx/manifests/init.pp +++ b/puppet/modules/leap_mx/manifests/init.pp @@ -77,16 +77,16 @@ class leap_mx { } augeas { - "logrotate_mx": - context => "/files/etc/logrotate.d/leap-mx/rule", + 'logrotate_mx': + context => '/files/etc/logrotate.d/leap-mx/rule', changes => [ - "set file /var/log/leap/mx.log", - 'set rotate 5', - 'set schedule daily', - 'set compress compress', - 'set missingok missingok', - 'set ifempty notifempty', - 'set copytruncate copytruncate' - ] + 'set file /var/log/leap/mx.log', + 'set rotate 5', + 'set schedule daily', + 'set compress compress', + 'set missingok missingok', + 'set ifempty notifempty', + 'set copytruncate copytruncate' + ] } } -- cgit v1.2.3 From 7c071c8e5953922040175c9bfdb458effb982847 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 21 Jul 2015 11:00:50 -0400 Subject: Fix leap-mx logrotation to work with twistd (#7058) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We don't want to try and create the log file, twistd will do that. Don’t rename the log file from mx.log to mx.log.0, instead just copy it to mx.log.1, and then clear out mx.log so it’s empty (this is needed because leap-mx might assume that its file descriptor is still valid and continue trying to write to it, without this, leap-mx might lose data because it’ll assume the original log file is still around and continue to write to it, even though it’s gone)It’s a little dangerous because it’s possible that you might lose some logged data between the time that logrotate copies the new log file and truncates the old file (Caveat administrator). Finally, we don't want logrotate to complain if it finds mx.log, its ok if its there. Change-Id: I9952627f4d47e7a89a2915f6b72d82f9e6ca0d8b --- puppet/modules/leap_mx/manifests/init.pp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'puppet') diff --git a/puppet/modules/leap_mx/manifests/init.pp b/puppet/modules/leap_mx/manifests/init.pp index 2986f622..284662d2 100644 --- a/puppet/modules/leap_mx/manifests/init.pp +++ b/puppet/modules/leap_mx/manifests/init.pp @@ -83,9 +83,11 @@ class leap_mx { 'set file /var/log/leap/mx.log', 'set rotate 5', 'set schedule daily', + 'clear nocreate', + 'rm create', + 'rm ifempty', 'set compress compress', 'set missingok missingok', - 'set ifempty notifempty', 'set copytruncate copytruncate' ] } -- cgit v1.2.3 From 21af45fd2156e16786e3476c779115662ecb72a7 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 21 Jul 2015 15:47:44 -0400 Subject: Increase tapicero heatbeat nagios checks (#7275) Increase warning/critical thresholds for time between tapicero heartbeat checks so it will emit less false positives Change-Id: I0f97373d88658b7f17b2c4e8c1963198dc3f66ed --- puppet/modules/site_check_mk/manifests/agent/tapicero.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet') diff --git a/puppet/modules/site_check_mk/manifests/agent/tapicero.pp b/puppet/modules/site_check_mk/manifests/agent/tapicero.pp index ad9962d4..8505b34a 100644 --- a/puppet/modules/site_check_mk/manifests/agent/tapicero.pp +++ b/puppet/modules/site_check_mk/manifests/agent/tapicero.pp @@ -20,7 +20,7 @@ class site_check_mk::agent::tapicero { 'Tapicero_Heartbeat': incl => '/etc/check_mk/mrpe.cfg', lens => 'Spacevars.lns', - changes => 'set Tapicero_Heartbeat \'/usr/local/lib/nagios/plugins/check_last_regex_in_log -f /var/log/leap/tapicero.log -r "tapicero" -w 300 -c 600\'', + changes => 'set Tapicero_Heartbeat \'/usr/local/lib/nagios/plugins/check_last_regex_in_log -f /var/log/leap/tapicero.log -r "tapicero" -w 1200 -c 2400\'', require => File['/etc/check_mk/mrpe.cfg']; } } -- cgit v1.2.3