Aurelien Jarno [Fri, 7 Apr 2017 17:14:56 +0000 (19:14 +0200)]
Do not install rng-tools on stretch VMs
Newer kernel version, includng the one in stretch, are able to feel the
entropy pool from a hardware random number generator without the help of
userspace. The quality option determine how much entropy is used from
the hardware random number and defaults to the maximum for virtio-rng.
Therefore we don't need rng-tools anymore on stretch VMs.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Thu, 6 Apr 2017 07:17:29 +0000 (09:17 +0200)]
setup-dchroot: fix root directory permissions
When using stretch, the debootstrap process does not change the
permissions of the root directory of the chroot. As it is created
with mktemp, it ends up not being readable by a normal user like
"buildd". Change the permissions just before creating the tarball
to avoid that.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Paul Wise [Thu, 6 Apr 2017 02:21:30 +0000 (10:21 +0800)]
Typo
Paul Wise [Thu, 6 Apr 2017 01:55:12 +0000 (09:55 +0800)]
Use standard update-ca-certificates on stretch and later
The changes in update-ca-certificates-dsa got merged in stretch ca-certificates.
Paul Wise [Wed, 5 Apr 2017 23:07:52 +0000 (07:07 +0800)]
Switch from psutil.phymem_usage() to psutil.virtual_memory()
The former was deprecated in version 0.6.0 and removed after jessie:
https://github.com/giampaolo/psutil/blob/master/HISTORY.rst
Aurelien Jarno [Wed, 5 Apr 2017 19:22:32 +0000 (21:22 +0200)]
Update ssh upload rsync wrapper for stretch
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Martin Zobel-Helas [Fri, 31 Mar 2017 14:52:42 +0000 (16:52 +0200)]
Merge remote-tracking branch 'waldi/vsftpd-systemd'
* waldi/vsftpd-systemd:
Use vsftpd::site_systemd on ports_master
Add systemd backed vsftpd service
Bastian Blank [Fri, 31 Mar 2017 13:41:22 +0000 (15:41 +0200)]
Use vsftpd::site_systemd on ports_master
Bastian Blank [Fri, 31 Mar 2017 13:38:32 +0000 (15:38 +0200)]
Add systemd backed vsftpd service
Julien Cristau [Fri, 31 Mar 2017 13:14:55 +0000 (15:14 +0200)]
Merge branch 'fix-security' of https://gitlab.com/waldi/dsa-puppet
Signed-off-by: Julien Cristau <jcristau@debian.org>
Bastian Blank [Fri, 31 Mar 2017 13:02:11 +0000 (15:02 +0200)]
Provide expected parameters to vsftp site
Bastian Blank [Fri, 31 Mar 2017 09:19:10 +0000 (11:19 +0200)]
Setup /srv/ftp.root in security_mirror role
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Bastian Blank [Fri, 31 Mar 2017 09:27:09 +0000 (11:27 +0200)]
Disable ftp in security_mirror role
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Bastian Blank [Fri, 31 Mar 2017 09:24:35 +0000 (11:24 +0200)]
Allow ensure absent in vsftp::site
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Bastian Blank [Fri, 31 Mar 2017 09:15:33 +0000 (11:15 +0200)]
Don't need ftp on mirror-accumu
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Thu, 30 Mar 2017 20:36:23 +0000 (22:36 +0200)]
add mirror-accumu to security_mirror
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Julien Cristau [Thu, 30 Mar 2017 08:58:21 +0000 (10:58 +0200)]
update debian.org DS
Peter Palfrader [Tue, 28 Mar 2017 12:00:24 +0000 (14:00 +0200)]
Purge mlocate from fasolo and all other hosts
Peter Palfrader [Tue, 28 Mar 2017 11:57:39 +0000 (13:57 +0200)]
Allow larger volumes
Peter Palfrader [Tue, 28 Mar 2017 11:51:33 +0000 (13:51 +0200)]
and we need python3-psycopg2
Peter Palfrader [Tue, 28 Mar 2017 11:49:43 +0000 (13:49 +0200)]
remove obsolete volumes daily
Peter Palfrader [Tue, 28 Mar 2017 11:43:30 +0000 (13:43 +0200)]
make bacula storage and director roles
Peter Palfrader [Tue, 28 Mar 2017 11:24:13 +0000 (13:24 +0200)]
bacula db access from storace
Peter Palfrader [Tue, 28 Mar 2017 09:03:17 +0000 (11:03 +0200)]
fix accumu netrange, again
Peter Palfrader [Tue, 28 Mar 2017 09:01:22 +0000 (11:01 +0200)]
update accumu netrange
Peter Palfrader [Tue, 28 Mar 2017 09:00:30 +0000 (11:00 +0200)]
update accumu netrange
Peter Palfrader [Sun, 26 Mar 2017 11:47:55 +0000 (13:47 +0200)]
ignore /srv in samhain
Paul Wise [Sat, 25 Mar 2017 07:56:59 +0000 (15:56 +0800)]
Revert "Update configuration for SSL ca-debian cert store"
This reverts commit
f35f47969e10aeeaf6a48ad2a0f4dbde1f2f9de3.
Paul Wise [Sat, 25 Mar 2017 07:03:18 +0000 (15:03 +0800)]
Fix typo
Paul Wise [Sat, 25 Mar 2017 06:52:02 +0000 (14:52 +0800)]
Update configuration for SSL ca-debian cert store
Remove AddTrust as it isn't used any more.
Switch from the DST root CA to ISRG on jessie and newer
for Let's Encrypt since it has less intermediate CAs.
The ISRG root isn't available in wheezy ca-certificates.
Document why each CA cert is being used with comments.
Martin Zobel-Helas [Fri, 24 Mar 2017 13:14:13 +0000 (14:14 +0100)]
add mirror-accumu as anycast bgp host
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Peter Palfrader [Mon, 20 Mar 2017 17:42:28 +0000 (17:42 +0000)]
fix storage-per-client.conf template
Peter Palfrader [Mon, 20 Mar 2017 17:39:35 +0000 (17:39 +0000)]
fix per-client.conf template
Peter Palfrader [Mon, 20 Mar 2017 17:26:11 +0000 (17:26 +0000)]
fix munin.conf_per_node template
Peter Palfrader [Mon, 20 Mar 2017 16:03:33 +0000 (17:03 +0100)]
Use the dsa-check-libs from the dsa nagios checks package again
Peter Palfrader [Mon, 20 Mar 2017 15:57:59 +0000 (16:57 +0100)]
remove debian.restricted.list apt source on hosts without proliant raid
Peter Palfrader [Mon, 20 Mar 2017 15:39:12 +0000 (16:39 +0100)]
move munin.conf_per_node.erb to the right place
Julien Cristau [Mon, 20 Mar 2017 14:19:37 +0000 (15:19 +0100)]
Only ignore puppetdb.conf at the root
Peter Palfrader [Mon, 20 Mar 2017 14:17:09 +0000 (14:17 +0000)]
update .gitignore
Peter Palfrader [Mon, 20 Mar 2017 14:15:55 +0000 (14:15 +0000)]
add puppetdb.conf on puppetmaster
Peter Palfrader [Mon, 20 Mar 2017 14:15:29 +0000 (14:15 +0000)]
Do not hardcode "handel" in template - use puppetmaster role instead
Peter Palfrader [Mon, 20 Mar 2017 14:14:33 +0000 (14:14 +0000)]
use puppetdb backend for storeconfigs
Martin Zobel-Helas [Mon, 20 Mar 2017 13:37:05 +0000 (14:37 +0100)]
update puppet.conf.erb
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Peter Palfrader [Mon, 20 Mar 2017 09:25:49 +0000 (10:25 +0100)]
run puppet every 2 instead of every 4 hours
Peter Palfrader [Mon, 20 Mar 2017 09:11:23 +0000 (10:11 +0100)]
samhain ignore /etc/cron.d/puppet-nagios-wraps
Peter Palfrader [Mon, 20 Mar 2017 09:00:00 +0000 (10:00 +0100)]
Add nagios puppet check out of cron
Tollef Fog Heen [Sun, 19 Mar 2017 13:11:05 +0000 (14:11 +0100)]
Prefix variables with the right sigil
Tollef Fog Heen [Sun, 19 Mar 2017 13:09:34 +0000 (14:09 +0100)]
Use underscores rather than hyphens for class names
Aurelien Jarno [Sun, 19 Mar 2017 12:49:25 +0000 (13:49 +0100)]
Fix bconsole.conf template
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Martin Zobel-Helas [Sun, 19 Mar 2017 12:47:02 +0000 (13:47 +0100)]
Merge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet
* 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet:
Fix bacula-dir.conf template
Drop dead bits in ftp_upload
Fix portforwarder inetd config for new puppet
Martin Zobel-Helas [Sun, 19 Mar 2017 12:46:35 +0000 (13:46 +0100)]
fix syntax in modules/named/templates/named.conf.puppet-shared-keys.erb
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Aurelien Jarno [Sun, 19 Mar 2017 12:44:46 +0000 (13:44 +0100)]
Fix bacula-dir.conf template
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Julien Cristau [Sun, 19 Mar 2017 11:57:59 +0000 (12:57 +0100)]
Drop dead bits in ftp_upload
$bind6 was undefined since commit
b0dd1aa9d67bc92d097c1ad23f42bbedd173b756.
Julien Cristau [Sun, 19 Mar 2017 11:43:56 +0000 (12:43 +0100)]
Fix portforwarder inetd config for new puppet
Martin Zobel-Helas [Sun, 19 Mar 2017 11:32:15 +0000 (12:32 +0100)]
Merge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet
* 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet:
Fix ensure value for postgres
Update postgres fact
Use absolute includes, not relative ones
Martin Zobel-Helas [Sun, 19 Mar 2017 11:31:50 +0000 (12:31 +0100)]
lint name of function
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Julien Cristau [Sun, 19 Mar 2017 11:30:17 +0000 (12:30 +0100)]
Fix ensure value for postgres
Julien Cristau [Sun, 19 Mar 2017 11:28:13 +0000 (12:28 +0100)]
Update postgres fact
Tollef Fog Heen [Sun, 19 Mar 2017 10:57:06 +0000 (11:57 +0100)]
Use absolute includes, not relative ones
Tollef Fog Heen [Sun, 19 Mar 2017 10:43:35 +0000 (11:43 +0100)]
Look for Numeric in addition to allowing number-strings
foo: 587 in yaml gets us a Numeric, and regex matches only matches
strings in newer puppets, so check for that and use sprintf to get us
a string.
Julien Cristau [Sun, 19 Mar 2017 10:43:26 +0000 (11:43 +0100)]
Fix postgres-make-base-backups for new puppet
Martin Zobel-Helas [Sun, 19 Mar 2017 09:57:08 +0000 (10:57 +0100)]
and add absolute path
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 19 Mar 2017 09:56:04 +0000 (10:56 +0100)]
*cough* this is no executable
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 19 Mar 2017 09:35:29 +0000 (10:35 +0100)]
Merge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet
* 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet: (32 commits)
Do not use sslname empty string for no ssl
Make scores of webserver related templates compile
Fix historical mirror apache template
make order a string
fix torrc-header tempate
fix rsync site module
if we do not have specific binds, we use the empty string to signal that
Fix stunnel template
Attempt to fix version comparisons
Fix munin::conf for new puppet
Fix schroot-buildd/fstab.erb template
Remove wheezy support in schroot files
Remove wheezy support in buildd files
Make concat::fragment order parameter be a string
buildd: fix lsbmajdistrelease calls
fix template
fix two templates
fix two templates
rename nfs-server to nfs_server
remove rng-tools without hwrandom
...
Martin Zobel-Helas [Sun, 19 Mar 2017 09:35:11 +0000 (10:35 +0100)]
add back our git reversion
Peter Palfrader [Sun, 19 Mar 2017 09:02:22 +0000 (09:02 +0000)]
Do not use sslname empty string for no ssl
Peter Palfrader [Sun, 19 Mar 2017 08:56:48 +0000 (08:56 +0000)]
Make scores of webserver related templates compile
Peter Palfrader [Sun, 19 Mar 2017 08:42:50 +0000 (08:42 +0000)]
Fix historical mirror apache template
Peter Palfrader [Sun, 19 Mar 2017 08:35:52 +0000 (08:35 +0000)]
make order a string
Peter Palfrader [Sun, 19 Mar 2017 08:35:22 +0000 (08:35 +0000)]
fix torrc-header tempate
Peter Palfrader [Sun, 19 Mar 2017 08:30:44 +0000 (08:30 +0000)]
fix rsync site module
Peter Palfrader [Sun, 19 Mar 2017 08:30:32 +0000 (08:30 +0000)]
if we do not have specific binds, we use the empty string to signal that
Aurelien Jarno [Sun, 19 Mar 2017 07:36:48 +0000 (08:36 +0100)]
Fix stunnel template
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Julien Cristau [Sat, 18 Mar 2017 22:16:30 +0000 (23:16 +0100)]
Attempt to fix version comparisons
Use versioncmp function instead of string comparison. Thanks olasd.
Julien Cristau [Sat, 18 Mar 2017 21:53:55 +0000 (22:53 +0100)]
Fix munin::conf for new puppet
Aurelien Jarno [Sat, 18 Mar 2017 21:43:27 +0000 (22:43 +0100)]
Fix schroot-buildd/fstab.erb template
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sat, 18 Mar 2017 21:39:57 +0000 (22:39 +0100)]
Remove wheezy support in schroot files
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sat, 18 Mar 2017 21:36:54 +0000 (22:36 +0100)]
Remove wheezy support in buildd files
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Julien Cristau [Sat, 18 Mar 2017 21:31:52 +0000 (22:31 +0100)]
Make concat::fragment order parameter be a string
Aurelien Jarno [Sat, 18 Mar 2017 21:31:35 +0000 (22:31 +0100)]
buildd: fix lsbmajdistrelease calls
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Peter Palfrader [Sat, 18 Mar 2017 21:05:58 +0000 (21:05 +0000)]
fix template
Peter Palfrader [Sat, 18 Mar 2017 20:39:21 +0000 (20:39 +0000)]
fix two templates
Peter Palfrader [Sat, 18 Mar 2017 20:36:51 +0000 (20:36 +0000)]
fix two templates
Peter Palfrader [Sat, 18 Mar 2017 20:36:43 +0000 (20:36 +0000)]
rename nfs-server to nfs_server
Peter Palfrader [Sat, 18 Mar 2017 19:37:29 +0000 (20:37 +0100)]
remove rng-tools without hwrandom
Peter Palfrader [Sat, 18 Mar 2017 19:33:38 +0000 (20:33 +0100)]
close quote
Peter Palfrader [Sat, 18 Mar 2017 19:31:55 +0000 (20:31 +0100)]
the hook is annoying
Peter Palfrader [Sat, 18 Mar 2017 19:30:57 +0000 (20:30 +0100)]
stringify file modes
Peter Palfrader [Sat, 18 Mar 2017 19:28:21 +0000 (20:28 +0100)]
do check for boolean value of true instead of stringified version
Peter Palfrader [Sat, 18 Mar 2017 19:22:35 +0000 (20:22 +0100)]
make a reverse for hw_can_temp_sensors that removes lm-sensors
Peter Palfrader [Sat, 18 Mar 2017 19:21:27 +0000 (19:21 +0000)]
fix unbound check in resolv.conf template
root [Sat, 18 Mar 2017 19:16:35 +0000 (19:16 +0000)]
Merge branch 'master' of file:///srv/puppet.debian.org/git/dsa-puppet
Peter Palfrader [Sat, 18 Mar 2017 18:48:38 +0000 (19:48 +0100)]
And clean out mptraid things if we do not have mptraid
Peter Palfrader [Sat, 18 Mar 2017 18:46:20 +0000 (19:46 +0100)]
remove postgres things if we do not have postgresql
Peter Palfrader [Sat, 18 Mar 2017 18:42:04 +0000 (19:42 +0100)]
remove portforwarder files if we do not have a portforwarding user
Peter Palfrader [Tue, 14 Mar 2017 11:00:32 +0000 (12:00 +0100)]
set vim modeline
Martin Zobel-Helas [Sat, 18 Mar 2017 19:13:34 +0000 (19:13 +0000)]
Merge branch 'master' of file:///srv/puppet.debian.org/git/dsa-puppet
Martin Zobel-Helas [Sat, 18 Mar 2017 19:13:00 +0000 (20:13 +0100)]
fix syntax
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
root [Sat, 18 Mar 2017 18:46:43 +0000 (18:46 +0000)]
puppet 4 foo
Signed-off-by: root <root@handel.debian.org>
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
root [Sat, 18 Mar 2017 13:30:14 +0000 (13:30 +0000)]
fix munin 1
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
projects / mirror / dsa-puppet.git / log