Paul Wise [Sun, 3 Apr 2016 13:03:44 +0000 (21:03 +0800)]
Also refresh ca-global when Debian certs change
Paul Wise [Sun, 3 Apr 2016 12:42:27 +0000 (20:42 +0800)]
Fix broken symlinks in /etc/ssl/ca-global (RT#6182)
Paul Wise [Fri, 1 Apr 2016 06:01:40 +0000 (14:01 +0800)]
Fix some issues with the previous change.
Paul Wise [Fri, 1 Apr 2016 05:47:56 +0000 (13:47 +0800)]
Redirect https URLs for www-other sites to debian.org too.
Suggested-in: <CAKiQC487c4kZiTvxUYtM+nmWS9Bh3b7s3tY6jb2=eA69k0-9Ww@mail.gmail.com>
Suggested-by: Adam Cadman <adam.cadman@gmail.com>
Peter Palfrader [Tue, 22 Mar 2016 09:26:48 +0000 (10:26 +0100)]
remove gluck and rietz from puppet config
Peter Palfrader [Tue, 22 Mar 2016 07:50:17 +0000 (08:50 +0100)]
remove alioth's expiring git et al. cert
Peter Palfrader [Tue, 22 Mar 2016 07:11:48 +0000 (08:11 +0100)]
renumber mirror-isc3
Aurelien Jarno [Mon, 21 Mar 2016 15:47:59 +0000 (16:47 +0100)]
99builddsourceslist: get rid of backports.debian.org
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Mon, 21 Mar 2016 15:47:59 +0000 (16:47 +0100)]
99builddsourceslist: drop support for -edu
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Julien Cristau [Mon, 21 Mar 2016 12:48:47 +0000 (13:48 +0100)]
puppetmaster: don't look for puppet-dashboard.d.o cert
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Mon, 21 Mar 2016 12:46:15 +0000 (13:46 +0100)]
Remove puppet-dashboard.d.o cert
It seems unused, and expires soon.
Signed-off-by: Julien Cristau <jcristau@debian.org>
Peter Palfrader [Sun, 20 Mar 2016 15:02:35 +0000 (16:02 +0100)]
Retire portman and pittar (RT#6121, RT#6135)
Tollef Fog Heen [Sun, 20 Mar 2016 08:53:19 +0000 (09:53 +0100)]
Re-enable surbl checks, and set {keep,add}_environment to empty values
Julien Cristau [Sat, 19 Mar 2016 16:39:15 +0000 (17:39 +0100)]
Use letsencrypt cert for packages.d.o
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Sat, 19 Mar 2016 15:19:44 +0000 (16:19 +0100)]
Temporarily disable TLSA for packages.d.o
Signed-off-by: Julien Cristau <jcristau@debian.org>
Peter Palfrader [Sun, 13 Mar 2016 13:08:53 +0000 (14:08 +0100)]
The debian-backports repository is obsolete: stop redirecting backports.org /debian, /backports.org and /debian-backports to the old archive location
Peter Palfrader [Sun, 13 Mar 2016 13:07:08 +0000 (14:07 +0100)]
The debian-backports repository is obsolete. Remove from autofs and rsync/syncproxy config
Julien Cristau [Sat, 12 Mar 2016 16:57:10 +0000 (17:57 +0100)]
Switch piuparts.d.o SSL cert to letsencrypt
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Sat, 12 Mar 2016 15:38:36 +0000 (16:38 +0100)]
remove TLSA record for piuparts.d.o
Signed-off-by: Julien Cristau <jcristau@debian.org>
Peter Palfrader [Fri, 11 Mar 2016 07:08:40 +0000 (08:08 +0100)]
Do not run both puppet clientbucket cleanup job concurrently. sequentially should work better
Peter Palfrader [Thu, 10 Mar 2016 21:48:30 +0000 (22:48 +0100)]
sso-rp for quantz
Tollef Fog Heen [Thu, 10 Mar 2016 10:30:12 +0000 (11:30 +0100)]
Disable surbl/perl check for now
Peter Palfrader [Wed, 9 Mar 2016 21:28:16 +0000 (22:28 +0100)]
stop using broken dns forwarders
Peter Palfrader [Wed, 9 Mar 2016 18:56:41 +0000 (19:56 +0100)]
include archive_master role too
Peter Palfrader [Wed, 9 Mar 2016 18:53:05 +0000 (19:53 +0100)]
push sibelius archive rsync via puppet, make it ssl
Peter Palfrader [Wed, 9 Mar 2016 15:30:49 +0000 (16:30 +0100)]
retire schein
Peter Palfrader [Wed, 9 Mar 2016 09:27:00 +0000 (10:27 +0100)]
Clean out puppet clientbucket
Peter Palfrader [Wed, 9 Mar 2016 09:25:52 +0000 (10:25 +0100)]
Delete more munin-async files sooner
Peter Palfrader [Tue, 8 Mar 2016 21:00:39 +0000 (22:00 +0100)]
Add boott
Peter Palfrader [Mon, 7 Mar 2016 21:04:50 +0000 (22:04 +0100)]
we want backups of busoni and senfter
Peter Palfrader [Mon, 7 Mar 2016 21:02:23 +0000 (22:02 +0100)]
ftcollins and spohr are history
Peter Palfrader [Mon, 7 Mar 2016 21:01:51 +0000 (22:01 +0100)]
We want backups of wieck
Peter Palfrader [Mon, 7 Mar 2016 20:59:39 +0000 (21:59 +0100)]
rmdir the dir
Peter Palfrader [Mon, 7 Mar 2016 20:56:32 +0000 (21:56 +0100)]
And clean out /etc/ssl/debian/keys
Peter Palfrader [Mon, 7 Mar 2016 20:53:49 +0000 (21:53 +0100)]
install ssl hostkey into /etc/ssl/private instead of /etc/ssl/debian/keys
Peter Palfrader [Mon, 7 Mar 2016 19:26:52 +0000 (20:26 +0100)]
saens is history
Peter Palfrader [Mon, 7 Mar 2016 19:09:48 +0000 (20:09 +0100)]
security-master ssl with key, and ssl for rsync
Luca Filipozzi [Mon, 7 Mar 2016 18:32:33 +0000 (18:32 +0000)]
add luca's home and work IPv4 since they are fixed (effectively)
Peter Palfrader [Sat, 5 Mar 2016 17:01:33 +0000 (18:01 +0100)]
keep volumes for full backups only 3 months instead of 4
Julien Cristau [Sat, 5 Mar 2016 13:42:46 +0000 (14:42 +0100)]
also remove chain for bugs-master ssl cert
The cert is no longer a gandi-issued, so we should use the letsencrypt
chain.
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Sat, 5 Mar 2016 09:07:47 +0000 (10:07 +0100)]
replace bugs-master.d.o SSL certificate
Signed-off-by: Julien Cristau <jcristau@debian.org>
Aurelien Jarno [Fri, 4 Mar 2016 23:21:20 +0000 (00:21 +0100)]
munin-node: partially revert
199cc183
df_abs does not support exclusion based on regex, we still need the
wrapper for it.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Fri, 4 Mar 2016 22:50:39 +0000 (23:50 +0100)]
munin-node: also filter /dev /run/* /sys/*
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Fri, 4 Mar 2016 22:36:40 +0000 (23:36 +0100)]
munin-node: filter piuparts/schroot mounts for df*
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Fri, 4 Mar 2016 22:17:16 +0000 (23:17 +0100)]
munin-node: remove df-wrap
Remove df-wrap as it is not compatible with the jessie scripts. Replace
df, df_abs and df_inode by symlinks to the original scripts.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Julien Cristau [Wed, 2 Mar 2016 22:49:40 +0000 (23:49 +0100)]
unbound: squeeze cleanup
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Wed, 2 Mar 2016 22:49:14 +0000 (23:49 +0100)]
motd: squeeze cleanup
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Wed, 2 Mar 2016 22:48:57 +0000 (23:48 +0100)]
debian-org: squeeze cleanup
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Wed, 2 Mar 2016 22:48:35 +0000 (23:48 +0100)]
dacs: squeeze cleanup
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Wed, 2 Mar 2016 22:31:33 +0000 (23:31 +0100)]
ssh: squeeze cleanup
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Wed, 2 Mar 2016 22:29:46 +0000 (23:29 +0100)]
schroot: squeeze cleanup
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Wed, 2 Mar 2016 22:28:13 +0000 (23:28 +0100)]
munin: squeeze cleanup
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Wed, 2 Mar 2016 22:26:57 +0000 (23:26 +0100)]
monit: squeeze cleanup
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Wed, 2 Mar 2016 22:24:16 +0000 (23:24 +0100)]
ferm: squeeze cleanup
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Wed, 2 Mar 2016 22:23:47 +0000 (23:23 +0100)]
buildd: squeeze cleanup
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Wed, 2 Mar 2016 22:23:10 +0000 (23:23 +0100)]
bacula: squeeze cleanup
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Wed, 2 Mar 2016 22:15:08 +0000 (23:15 +0100)]
setup-all-dchroots: goodbye squeeze
Signed-off-by: Julien Cristau <jcristau@debian.org>
Paul Wise [Tue, 23 Feb 2016 08:31:13 +0000 (16:31 +0800)]
Fix race condition cleaning up munin CGI graphs
Avoids mails like these:
From: Cron Daemon <root@menotti.debian.org>
To: root@menotti.debian.org
Subject: Cron <www-data@menotti> find /var/lib/munin/cgi-tmp -mindepth 2 -type d -empty -delete
find: `/var/lib/munin/cgi-tmp/munin-cgi-graph/debian.org/bm-bl9.debian.org/iostat-month.png': No such file or directory
find: `/var/lib/munin/cgi-tmp/munin-cgi-graph/debian.org/bm-bl9.debian.org/df_inode-day.png': No such file or directory
find: `/var/lib/munin/cgi-tmp/munin-cgi-graph/debian.org/bm-bl9.debian.org/ps_exim4-month.png': No such file or directory
find: `/var/lib/munin/cgi-tmp/munin-cgi-graph/debian.org/bm-bl9.debian.org/exim_mailstats-month.png': No such file or directory
...
Peter Palfrader [Mon, 22 Feb 2016 13:55:08 +0000 (14:55 +0100)]
Update for 29.172.in-addr.arpa DS
Peter Palfrader [Mon, 22 Feb 2016 13:40:08 +0000 (14:40 +0100)]
New DS for debian.org
Luca Filipozzi [Thu, 18 Feb 2016 02:19:12 +0000 (02:19 +0000)]
remove linode.emyr.net from ACL for luca
Peter Palfrader [Tue, 16 Feb 2016 23:14:06 +0000 (00:14 +0100)]
A better root prompt
Luca Filipozzi [Mon, 8 Feb 2016 21:55:42 +0000 (21:55 +0000)]
prep for transition away from linode
Peter Palfrader [Mon, 8 Feb 2016 18:22:16 +0000 (19:22 +0100)]
Do not backup /var/lib/munin-async
Peter Palfrader [Mon, 8 Feb 2016 18:11:52 +0000 (19:11 +0100)]
Revert "temporarily cut retention times"
This reverts commit
8d6317345a753cb58144a5744829790abe2804cf.
Peter Palfrader [Mon, 8 Feb 2016 17:52:13 +0000 (18:52 +0100)]
Do not backup /var/lib/apt and /var/log/samhain
Peter Palfrader [Mon, 8 Feb 2016 17:51:52 +0000 (18:51 +0100)]
remove trailing /
Peter Palfrader [Mon, 8 Feb 2016 17:50:52 +0000 (18:50 +0100)]
sort entries
Peter Palfrader [Mon, 8 Feb 2016 17:50:36 +0000 (18:50 +0100)]
Revert "Try to update Exclude list"
This reverts commit
2b213a07466209440b7d628a63a28ab489728889.
Peter Palfrader [Mon, 8 Feb 2016 17:48:52 +0000 (18:48 +0100)]
Try to update Exclude list
Peter Palfrader [Mon, 8 Feb 2016 17:13:50 +0000 (18:13 +0100)]
temporarily cut retention times
Julien Cristau [Sun, 7 Feb 2016 15:56:33 +0000 (16:56 +0100)]
update for new debian-ports archive signing key
Signed-off-by: Julien Cristau <jcristau@debian.org>
Peter Palfrader [Sun, 7 Feb 2016 14:20:52 +0000 (15:20 +0100)]
Add {pet,pet-devel} cert for petrova
Peter Palfrader [Sun, 7 Feb 2016 10:07:55 +0000 (10:07 +0000)]
Add dedup.d.n cert
Peter Palfrader [Sun, 7 Feb 2016 10:03:29 +0000 (10:03 +0000)]
TLSA for rsync sites
Peter Palfrader [Sun, 7 Feb 2016 09:55:32 +0000 (09:55 +0000)]
Update .gitignore
Peter Palfrader [Sun, 7 Feb 2016 09:55:22 +0000 (09:55 +0000)]
But remove the etckeeper-* files because they seem unused
Peter Palfrader [Sun, 7 Feb 2016 09:55:05 +0000 (09:55 +0000)]
Add uncommitted etckeeper-* things
Peter Palfrader [Sun, 7 Feb 2016 09:54:03 +0000 (09:54 +0000)]
Allow arrays for tlsaport to be passed to ssl::service
Peter Palfrader [Sun, 7 Feb 2016 09:52:05 +0000 (09:52 +0000)]
Commit local changes to fileserver.conf
Peter Palfrader [Sat, 6 Feb 2016 20:26:53 +0000 (21:26 +0100)]
fix whitespace
Peter Palfrader [Sat, 6 Feb 2016 20:11:04 +0000 (21:11 +0100)]
Ship ssl certs for i18n and l10n.d.o
Peter Palfrader [Sat, 6 Feb 2016 16:46:32 +0000 (17:46 +0100)]
remove www-master rsync
Peter Palfrader [Sat, 6 Feb 2016 16:46:10 +0000 (17:46 +0100)]
Make backups of santoro
Peter Palfrader [Sat, 6 Feb 2016 15:53:12 +0000 (15:53 +0000)]
uninstall static service certs and keys from hosts that do not serve this service
Peter Palfrader [Sat, 6 Feb 2016 15:38:31 +0000 (16:38 +0100)]
static: only install apache::site instances relevant for this mirror
Peter Palfrader [Sat, 6 Feb 2016 15:32:16 +0000 (16:32 +0100)]
static: only install ssl::service instances relevant for this mirror
Peter Palfrader [Sat, 6 Feb 2016 15:09:38 +0000 (16:09 +0100)]
santoro no longer is an old-style www mirror
Peter Palfrader [Sat, 6 Feb 2016 15:01:58 +0000 (16:01 +0100)]
santoro to staticsync (for www)
Peter Palfrader [Sat, 6 Feb 2016 15:01:28 +0000 (16:01 +0100)]
sort entries in hieradata
Julien Cristau [Fri, 5 Feb 2016 17:40:08 +0000 (18:40 +0100)]
move some of www.d.o's redirects to https
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Fri, 5 Feb 2016 17:16:22 +0000 (18:16 +0100)]
switch search.d.o to letsencrypt
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Fri, 5 Feb 2016 15:52:50 +0000 (16:52 +0100)]
remove tlsa for search.debian.org
Let's try to rotate keys without breaking stuff
Signed-off-by: Julien Cristau <jcristau@debian.org>
Peter Palfrader [Thu, 4 Feb 2016 09:16:58 +0000 (10:16 +0100)]
Try different FileSet config
Peter Palfrader [Thu, 4 Feb 2016 09:04:58 +0000 (10:04 +0100)]
bacula: try ignoring /swapfile* instead of just /swapfile. Also set Ignore FileSet Changes to avoid a full backup run everywhere. And set Accurate = yes and enable acl and xattr support
Peter Palfrader [Thu, 4 Feb 2016 08:00:39 +0000 (09:00 +0100)]
Add certs for www-master and cgi.d.o
Peter Palfrader [Tue, 2 Feb 2016 21:19:19 +0000 (22:19 +0100)]
Add planet-search key too
Peter Palfrader [Tue, 2 Feb 2016 21:13:04 +0000 (22:13 +0100)]
Add planet-search role and cert
Peter Palfrader [Tue, 2 Feb 2016 17:34:23 +0000 (18:34 +0100)]
ssl for {10years,es,fr,miniconf10}.debconf.org
Peter Palfrader [Tue, 2 Feb 2016 10:07:56 +0000 (11:07 +0100)]
clean out some buildd.debian-ports.org/portman stuff
projects / mirror / dsa-puppet.git / log