Julien Cristau [Sun, 22 Sep 2019 14:23:09 +0000 (16:23 +0200)]
ticharich at ubc
Peter Palfrader [Sun, 22 Sep 2019 13:58:19 +0000 (15:58 +0200)]
retire obsolete muninmaster entry from common.yaml
Peter Palfrader [Sun, 22 Sep 2019 13:56:45 +0000 (15:56 +0200)]
mirror_health: this_host_service_name is now optional
Peter Palfrader [Sun, 22 Sep 2019 13:35:04 +0000 (15:35 +0200)]
munin/master_per_node: no longer needs to be backwards compatible
Peter Palfrader [Sun, 22 Sep 2019 13:26:33 +0000 (15:26 +0200)]
munin/master_per_node: try to be backwards compatible
Peter Palfrader [Sun, 22 Sep 2019 13:23:54 +0000 (15:23 +0200)]
muninmaster -> hiera role, new ssh store/collect, no more plain text munin fetching firewall rules (it is all async via ssh these days)
Peter Palfrader [Sun, 22 Sep 2019 13:21:59 +0000 (15:21 +0200)]
All our munin is munin-async these days
Peter Palfrader [Sun, 22 Sep 2019 13:11:13 +0000 (15:11 +0200)]
munin class cleanup
Peter Palfrader [Sun, 22 Sep 2019 13:01:28 +0000 (15:01 +0200)]
All our munin is munin-async these days
Julien Cristau [Sun, 22 Sep 2019 13:21:27 +0000 (15:21 +0200)]
mirror_health: add param description
Julien Cristau [Sun, 22 Sep 2019 12:55:00 +0000 (14:55 +0200)]
add ticharich volumes at ubc
Peter Palfrader [Sun, 22 Sep 2019 12:49:29 +0000 (14:49 +0200)]
Use variable correctly
Peter Palfrader [Sun, 22 Sep 2019 12:48:08 +0000 (14:48 +0200)]
Move debug healthcheck info to hiera
Peter Palfrader [Sun, 22 Sep 2019 12:42:17 +0000 (14:42 +0200)]
Move debug to store/collect health checker
Aurelien Jarno [Sun, 22 Sep 2019 11:42:47 +0000 (13:42 +0200)]
Fix previous commit
Aurelien Jarno [Sun, 22 Sep 2019 11:41:48 +0000 (13:41 +0200)]
The klecker-ftp.d.o address has been moved to new-klecker
Therefore:
- move the corresponding listen addresses to new-klecker
- drop the debian_mirror role from klecker
Julien Cristau [Sun, 22 Sep 2019 11:35:07 +0000 (13:35 +0200)]
As debian.mirrors.d.o gets checked by the health checker, explicitly listen on localhost
Peter Palfrader [Sun, 22 Sep 2019 11:28:14 +0000 (13:28 +0200)]
As debug.mirrors.d.o gets checked by the health checker, explicitly listen on localhost
Peter Palfrader [Sun, 22 Sep 2019 11:19:47 +0000 (13:19 +0200)]
debug_mirror -> hiera role, first step
Peter Palfrader [Sun, 22 Sep 2019 11:15:26 +0000 (13:15 +0200)]
whitespace change
Peter Palfrader [Sun, 22 Sep 2019 11:07:52 +0000 (13:07 +0200)]
remove historical_mirror has_role call for inclusion; no longer needed
Peter Palfrader [Sun, 22 Sep 2019 11:04:43 +0000 (13:04 +0200)]
historical_mirror -> hiera role
Since there are no onion mirrors right now, remove that code from the
role.
Peter Palfrader [Sun, 22 Sep 2019 10:51:28 +0000 (12:51 +0200)]
historical_master -> hiera role
Peter Palfrader [Sun, 22 Sep 2019 10:47:52 +0000 (12:47 +0200)]
ports_master -> hiera role
Peter Palfrader [Sun, 22 Sep 2019 10:46:24 +0000 (12:46 +0200)]
ftp_master -> hiera role
Peter Palfrader [Sun, 22 Sep 2019 10:45:13 +0000 (12:45 +0200)]
include signing from the ftp_master role
Peter Palfrader [Sun, 22 Sep 2019 10:44:48 +0000 (12:44 +0200)]
whitespace/quoting: modules/roles/manifests/signing (make lint happy)
Peter Palfrader [Sun, 22 Sep 2019 10:44:21 +0000 (12:44 +0200)]
make ftp-master include dakmaster directly
Peter Palfrader [Sun, 22 Sep 2019 10:43:40 +0000 (12:43 +0200)]
whitespace/quoting: modules/roles/manifests/dakmaster (make lint happy)
Peter Palfrader [Sun, 22 Sep 2019 10:42:11 +0000 (12:42 +0200)]
security_master -> hiera role
Peter Palfrader [Sun, 22 Sep 2019 10:33:38 +0000 (12:33 +0200)]
retire old HOST_MAILRELAY ferm variable
Peter Palfrader [Sun, 22 Sep 2019 10:32:09 +0000 (12:32 +0200)]
retire mail_port config from local.yaml
Peter Palfrader [Sun, 22 Sep 2019 10:28:42 +0000 (12:28 +0200)]
Merge virtualdomains setup into exim/init
Peter Palfrader [Sun, 22 Sep 2019 10:26:01 +0000 (12:26 +0200)]
move the remaining virtualdomains to the mailrelay class
Peter Palfrader [Sun, 22 Sep 2019 10:22:36 +0000 (12:22 +0200)]
remove manualroute cleanup; it has run everywhere
Peter Palfrader [Sun, 22 Sep 2019 10:15:00 +0000 (12:15 +0200)]
And fix name in manualroute.pp
Peter Palfrader [Sun, 22 Sep 2019 10:10:49 +0000 (12:10 +0200)]
Use correct variable scope in manualroute.pp
Peter Palfrader [Sun, 22 Sep 2019 10:08:43 +0000 (12:08 +0200)]
Move to collected manualroute
Peter Palfrader [Sun, 22 Sep 2019 10:04:57 +0000 (12:04 +0200)]
Register manualroutes from the service class for the three services that had it hardcoded in the exim class; and make a roles::salsa
Peter Palfrader [Sun, 22 Sep 2019 10:04:15 +0000 (12:04 +0200)]
Create an exim::manualroute define
Peter Palfrader [Sun, 22 Sep 2019 09:51:44 +0000 (11:51 +0200)]
Switch to the hiera optional mail_port
Peter Palfrader [Sun, 22 Sep 2019 09:46:44 +0000 (11:46 +0200)]
remove smtp_sources from ferm's me.conf, retire old-style heavy_{exim,postfix} roles
Peter Palfrader [Sun, 22 Sep 2019 09:43:35 +0000 (11:43 +0200)]
Move TLSA for submission port from exim::mx role to the mailrelay role
Peter Palfrader [Sun, 22 Sep 2019 09:42:28 +0000 (11:42 +0200)]
remove default firewall accept to port submission on the MXes
Peter Palfrader [Sun, 22 Sep 2019 09:40:55 +0000 (11:40 +0200)]
Retire debian_org::mail_incoming_port which did the default firewalling for the mail ports
Peter Palfrader [Sun, 22 Sep 2019 09:39:51 +0000 (11:39 +0200)]
Move tlsa setup from mail_incoming_port to mta role
Peter Palfrader [Sun, 22 Sep 2019 09:39:09 +0000 (11:39 +0200)]
Make the manualroute explicitly send to port 25 by default as that simplifies the logic here
Peter Palfrader [Sun, 22 Sep 2019 09:35:31 +0000 (11:35 +0200)]
Try to add firewalling to enable mail satellites to connect to the submission port on the mail relays
Peter Palfrader [Sun, 22 Sep 2019 09:25:40 +0000 (11:25 +0200)]
bugs_master: allow incoming mail to the submission port from the role
Peter Palfrader [Sun, 22 Sep 2019 09:18:09 +0000 (11:18 +0200)]
Have the nagios-server export an smtp-allow rule to the mail satellites
Peter Palfrader [Sun, 22 Sep 2019 09:17:45 +0000 (11:17 +0200)]
Re-tag the store/collect ferm rule for mailrelays to satelliltes from smtp::server::from::mailrelay to smtp::server::to::mail-satellite
Peter Palfrader [Sun, 22 Sep 2019 09:17:13 +0000 (11:17 +0200)]
On non-satellites, allow smtp from the world
Peter Palfrader [Sun, 22 Sep 2019 09:06:05 +0000 (11:06 +0200)]
Fail if we are not an MX and do not have set MX to the mail relays
Peter Palfrader [Sun, 22 Sep 2019 09:01:30 +0000 (11:01 +0200)]
also remove tye from the old heavy-exim role. that should probably be cleaned up next
Peter Palfrader [Sun, 22 Sep 2019 08:53:57 +0000 (10:53 +0200)]
retire i18n.debian.org mail setup
After discussion on #debian-admin, it seems @i18n.debian.org is not used
these days.
As such, remove tye from the heavy-exim roles and remove the virtual
email domain. the mx stuff on tye will be cleaned up manually.
Peter Palfrader [Sun, 22 Sep 2019 08:49:23 +0000 (10:49 +0200)]
Have the www-master role declare its exim virtualdomain
Peter Palfrader [Sun, 22 Sep 2019 08:46:29 +0000 (10:46 +0200)]
Have the rt role declare its exim virtualdomain
Peter Palfrader [Sun, 22 Sep 2019 08:22:35 +0000 (10:22 +0200)]
Quantz should have the packagesqamaster role
It already did, but that was lost a few days ago in
4dcb0bb6ab00da402d5939588bf5793a917f8b02 when we introduced the
dedicated manifest for the role.
Peter Palfrader [Sun, 22 Sep 2019 08:18:19 +0000 (10:18 +0200)]
Have the qa and packages.qa roles declare their exim virtualdomain
Peter Palfrader [Sun, 22 Sep 2019 08:14:58 +0000 (10:14 +0200)]
Have the popcon role declare its exim virtualdomain
Peter Palfrader [Sun, 22 Sep 2019 08:13:20 +0000 (10:13 +0200)]
note that there is role specific exim config for bugs and packages
Peter Palfrader [Sun, 22 Sep 2019 08:11:20 +0000 (10:11 +0200)]
Have the packages role declare its exim virtualdomain; changing group from Debian to pkg_maint
Peter Palfrader [Sun, 22 Sep 2019 08:06:53 +0000 (10:06 +0200)]
Have the nm role declare its exim virtualdomain
Peter Palfrader [Sun, 22 Sep 2019 08:05:08 +0000 (10:05 +0200)]
Have the buildd_master role declare its exim virtualdomain
Peter Palfrader [Sun, 22 Sep 2019 08:02:46 +0000 (10:02 +0200)]
Have the dbmaster role declare its exim virtualdomain
Peter Palfrader [Sun, 22 Sep 2019 07:59:47 +0000 (09:59 +0200)]
Have the bugs_master role declare its exim virtualdomain
Peter Palfrader [Sun, 22 Sep 2019 07:57:55 +0000 (09:57 +0200)]
vdomain: do not create and/or mess with the modes of basedir
Peter Palfrader [Sun, 22 Sep 2019 07:53:43 +0000 (09:53 +0200)]
Have the tracker role declare its exim virtualdomain
Peter Palfrader [Sun, 22 Sep 2019 07:51:06 +0000 (09:51 +0200)]
Have the vote role declare its exim virtualdomain
Peter Palfrader [Sun, 22 Sep 2019 07:44:14 +0000 (09:44 +0200)]
Document exim::vdomain, make files ownable by somebody other than root, retire alias_file parameter
Peter Palfrader [Sun, 22 Sep 2019 07:43:53 +0000 (09:43 +0200)]
Document exim::vdomain, make files ownable by somebody other than root, retire alias_file parameter
Peter Palfrader [Sun, 22 Sep 2019 07:17:35 +0000 (09:17 +0200)]
Disable manualroute-new and prepare for collecting the new file as manualroute
Peter Palfrader [Sun, 22 Sep 2019 07:15:09 +0000 (09:15 +0200)]
Fix mail_port for zani
Peter Palfrader [Sat, 21 Sep 2019 22:27:05 +0000 (00:27 +0200)]
most of the mta firewalling is not exim specific
Peter Palfrader [Sat, 21 Sep 2019 22:23:58 +0000 (00:23 +0200)]
Set port to 25 explicitly instead of undef if we do not have it overwritten for this host
Peter Palfrader [Sat, 21 Sep 2019 22:21:05 +0000 (00:21 +0200)]
On hosts that get mail via mailrelays, try to collect the ferm rule that will allow access
Peter Palfrader [Sat, 21 Sep 2019 22:15:33 +0000 (00:15 +0200)]
Even heavy_exim hosts can get their system mail from relays
Peter Palfrader [Sat, 21 Sep 2019 22:07:20 +0000 (00:07 +0200)]
mxRecord is actually an array called mXRecord
Peter Palfrader [Sat, 21 Sep 2019 21:56:08 +0000 (23:56 +0200)]
Try to make the manualroute on the mailrelays using a store/collect pattern
Peter Palfrader [Sat, 21 Sep 2019 21:43:06 +0000 (23:43 +0200)]
split out some exim::mx config into a new exim::mailrelay
Peter Palfrader [Sat, 21 Sep 2019 21:40:54 +0000 (23:40 +0200)]
Add a todo item
Peter Palfrader [Sat, 21 Sep 2019 21:40:43 +0000 (23:40 +0200)]
remove redundance include
Peter Palfrader [Sat, 21 Sep 2019 19:12:37 +0000 (21:12 +0200)]
pass is_mailrelay through exim::mx
Peter Palfrader [Sat, 21 Sep 2019 19:10:55 +0000 (21:10 +0200)]
set exim::is_mailrelay on the mail relays
Peter Palfrader [Sat, 21 Sep 2019 18:33:25 +0000 (20:33 +0200)]
Try to make mail_port really optional
Peter Palfrader [Sat, 21 Sep 2019 18:31:14 +0000 (20:31 +0200)]
Add mail_port to hiera and the exim class. not yet used
Aurelien Jarno [Sat, 21 Sep 2019 18:26:14 +0000 (20:26 +0200)]
prefix pinel volumes with OLD-
Peter Palfrader [Sat, 21 Sep 2019 17:52:07 +0000 (19:52 +0200)]
Also move master.d.o hiera data
Peter Palfrader [Sat, 21 Sep 2019 17:18:32 +0000 (19:18 +0200)]
switch postfix smarthost config to classparams
Peter Palfrader [Sat, 21 Sep 2019 17:17:31 +0000 (19:17 +0200)]
reorder params
Peter Palfrader [Sat, 21 Sep 2019 17:10:52 +0000 (19:10 +0200)]
Merge branch 'mtatest'
* mtatest:
Make an explicit use_smarthost setting
Consider the empty string as no smarthost
Setting to undef does not clear the hiera default :(
undef is the value, Undef the type
eximconf: drop bad quoting
the class to include is roles::mta, not mta
move exim vs. postfix, heavy vs. not, into hiera
Peter Palfrader [Sat, 21 Sep 2019 17:09:31 +0000 (19:09 +0200)]
Make an explicit use_smarthost setting
Peter Palfrader [Sat, 21 Sep 2019 17:06:27 +0000 (19:06 +0200)]
Consider the empty string as no smarthost
Peter Palfrader [Sat, 21 Sep 2019 17:05:06 +0000 (19:05 +0200)]
Setting to undef does not clear the hiera default :(
Peter Palfrader [Sat, 21 Sep 2019 17:03:48 +0000 (19:03 +0200)]
undef is the value, Undef the type
Peter Palfrader [Sat, 21 Sep 2019 17:02:33 +0000 (19:02 +0200)]
eximconf: drop bad quoting
Peter Palfrader [Sat, 21 Sep 2019 16:45:53 +0000 (18:45 +0200)]
the class to include is roles::mta, not mta
Peter Palfrader [Sat, 21 Sep 2019 16:40:18 +0000 (18:40 +0200)]
move exim vs. postfix, heavy vs. not, into hiera
Peter Palfrader [Sat, 21 Sep 2019 16:58:24 +0000 (18:58 +0200)]
Try to move to hiera5
Peter Palfrader [Sat, 21 Sep 2019 16:48:14 +0000 (18:48 +0200)]
move hiera.yaml into repo root