Tollef Fog Heen [Fri, 2 Feb 2018 05:50:41 +0000 (06:50 +0100)]
Revert "Correct hiera function call syntax"
This reverts commit
a6d0545f07cac7f094c6952d57c2580b911aee4b.
Tollef Fog Heen [Fri, 2 Feb 2018 05:49:53 +0000 (06:49 +0100)]
Fix has_role to handle richer data structures properly
Tollef Fog Heen [Fri, 2 Feb 2018 05:46:21 +0000 (06:46 +0100)]
Hard code deb.d.o backend hosts while debugging
Tollef Fog Heen [Fri, 2 Feb 2018 05:34:01 +0000 (06:34 +0100)]
Revert "Debugging"
This reverts commit
199493bc8beb1c63e2459c742cfa891865a1e38f.
Tollef Fog Heen [Fri, 2 Feb 2018 05:27:31 +0000 (06:27 +0100)]
Debugging
Tollef Fog Heen [Fri, 2 Feb 2018 05:24:26 +0000 (06:24 +0100)]
Debugging
Tollef Fog Heen [Fri, 2 Feb 2018 05:22:18 +0000 (06:22 +0100)]
Correct hiera function call syntax
Paul Wise [Fri, 2 Feb 2018 01:29:48 +0000 (09:29 +0800)]
Also redirect mips64el to the mips port family page
Reported-by: sebul <sebuls@gmail.com>
Reported-in: <CANy4eeUSa1mLCASUduCTYzZ4G4egYefBTA7W4TUFWkxeb30CuQ@mail.gmail.com>
Aurelien Jarno [Thu, 1 Feb 2018 23:57:58 +0000 (00:57 +0100)]
Fix a thinko in previous commit
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Thu, 1 Feb 2018 23:51:23 +0000 (00:51 +0100)]
lobos and villa do not have a battery on their raid controller
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Tollef Fog Heen [Thu, 1 Feb 2018 23:28:13 +0000 (00:28 +0100)]
More debugging
Tollef Fog Heen [Thu, 1 Feb 2018 23:12:54 +0000 (00:12 +0100)]
Fix typo
Tollef Fog Heen [Thu, 1 Feb 2018 23:11:39 +0000 (00:11 +0100)]
More gunking around to see if we can make this work
Tollef Fog Heen [Thu, 1 Feb 2018 23:09:30 +0000 (00:09 +0100)]
Make all entries in security_mirror into hashes
Tollef Fog Heen [Thu, 1 Feb 2018 23:08:20 +0000 (00:08 +0100)]
More syntax fixing
Tollef Fog Heen [Thu, 1 Feb 2018 19:26:58 +0000 (20:26 +0100)]
YAML is hard
Tollef Fog Heen [Thu, 1 Feb 2018 19:25:00 +0000 (20:25 +0100)]
Use hiera data for pulling health check data for security hosts
Tollef Fog Heen [Thu, 1 Feb 2018 19:13:10 +0000 (20:13 +0100)]
Typos-r-us
Tollef Fog Heen [Thu, 1 Feb 2018 18:51:03 +0000 (19:51 +0100)]
Pull list of hosts to health check from hiera
Instead of hard coding the set of hosts that Fastly checks, put the
information in hiera.
Aurelien Jarno [Thu, 1 Feb 2018 19:06:20 +0000 (20:06 +0100)]
Remove backup access from franck.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Julien Cristau [Thu, 1 Feb 2018 19:04:00 +0000 (20:04 +0100)]
dsa-check_puppet_agent was renamed to dsa-check-puppet_agent
Julien Cristau [Thu, 1 Feb 2018 18:47:51 +0000 (19:47 +0100)]
get rid of pizzetti
Tollef Fog Heen [Thu, 1 Feb 2018 18:38:26 +0000 (19:38 +0100)]
Move listen-address information out of manifest and into hiera
Tollef Fog Heen [Thu, 1 Feb 2018 18:38:11 +0000 (19:38 +0100)]
Use ensure_packages to avoid problems with puppet redeclaring resources
Martin Zobel-Helas [Thu, 1 Feb 2018 18:35:52 +0000 (19:35 +0100)]
Merge branch 'master' of git+ssh://git2.debian.org/dsa/dsa-puppet
Martin Zobel-Helas [Thu, 1 Feb 2018 18:35:35 +0000 (19:35 +0100)]
remove falla and fischer
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Tollef Fog Heen [Thu, 1 Feb 2018 18:27:21 +0000 (19:27 +0100)]
Pull listen addresses for apache mirrors from hiera
This is slightly crazy with a bit of transitional logic.
Peter Palfrader [Thu, 1 Feb 2018 18:23:22 +0000 (19:23 +0100)]
remove bendel/lists blackhole rules that are probably long obsolete
Tollef Fog Heen [Thu, 1 Feb 2018 18:16:59 +0000 (19:16 +0100)]
Fix yaml syntax
Tollef Fog Heen [Thu, 1 Feb 2018 18:08:38 +0000 (19:08 +0100)]
Add extra metadata for debian_mirror hosts
This might break puppet completely, will pick up the pieces if so.
Martin Zobel-Helas [Thu, 1 Feb 2018 18:07:08 +0000 (19:07 +0100)]
Merge branch 'master' of git+ssh://git2.debian.org/dsa/dsa-puppet
Martin Zobel-Helas [Thu, 1 Feb 2018 18:06:39 +0000 (19:06 +0100)]
remove busoni
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Aurelien Jarno [Thu, 1 Feb 2018 17:45:09 +0000 (18:45 +0100)]
Import cron entries from dsa-nagios-check package
Also randomize dsa-update-apt-status and dsa-update-samhain-status
calls.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Tollef Fog Heen [Thu, 1 Feb 2018 17:34:18 +0000 (18:34 +0100)]
Use the right path to health checks on security hosts
Aurelien Jarno [Thu, 1 Feb 2018 16:44:28 +0000 (17:44 +0100)]
Decommission ubc-bl*.debian.org
Luca will make sure that they won't come back.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Tollef Fog Heen [Thu, 1 Feb 2018 16:41:28 +0000 (17:41 +0100)]
Publish security mirror health on _health
Tollef Fog Heen [Thu, 1 Feb 2018 16:39:10 +0000 (17:39 +0100)]
Fix hiera function call syntax
Tollef Fog Heen [Thu, 1 Feb 2018 16:35:02 +0000 (17:35 +0100)]
Start setting up mirror health checking for security too
Tollef Fog Heen [Thu, 1 Feb 2018 16:34:32 +0000 (17:34 +0100)]
Cut down a tiny bit on exim config distributed everywhere
Tollef Fog Heen [Thu, 1 Feb 2018 16:05:49 +0000 (17:05 +0100)]
Remove obsolete block
Tollef Fog Heen [Thu, 1 Feb 2018 13:31:41 +0000 (14:31 +0100)]
Try harder at handling connection timeouts for mirror-health
Héctor Orón Martínez [Sat, 25 Nov 2017 11:13:03 +0000 (12:13 +0100)]
fasolo, klecker: blacklist acpi power meter. rt#6974
workaround dmesg noisy errors, which are safe to ignore:
```
[
3723410.864219] ACPI Error: SMBus/IPMI/GenericSerialBus write requires Buffer of length 66, found length 32 (
20160831/exfield-427)
[
3723410.890212] ACPI Error: Method parse/execution failed [\_SB.PMI0._PMM] (Node
ffffa0e2fe877280), AE_AML_BUFFER_LIMIT (
20160831/psparse-543)
[
3723410.920171] ACPI Exception: AE_AML_BUFFER_LIMIT, Evaluating _PMM (
20160831/power_meter-338)
```
Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
Héctor Orón Martínez [Wed, 31 Jan 2018 16:55:53 +0000 (17:55 +0100)]
systemd: do not reload journald
systemd journal needs a reboot upon configuration refresh
Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
Héctor Orón Martínez [Wed, 31 Jan 2018 15:16:13 +0000 (16:16 +0100)]
godard: enable persistent journald storage. rt#7049
Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
Julien Cristau [Wed, 31 Jan 2018 08:06:08 +0000 (09:06 +0100)]
wafer: only ask for client certs on the login page
Paul Wise [Tue, 30 Jan 2018 12:52:44 +0000 (20:52 +0800)]
Django sites rely on Referrer headers for XSS protection
Julien Cristau [Tue, 30 Jan 2018 10:25:17 +0000 (11:25 +0100)]
wafer wants to be able to write its log, make it run with the debconf-web gid
Julien Cristau [Tue, 30 Jan 2018 10:14:11 +0000 (11:14 +0100)]
wafer config uses expires apache module
Julien Cristau [Tue, 30 Jan 2018 10:11:15 +0000 (11:11 +0100)]
debussy wants sso_rp for wafer
Julien Cristau [Tue, 30 Jan 2018 10:08:57 +0000 (11:08 +0100)]
fixup debconf_wafer role
Julien Cristau [Tue, 30 Jan 2018 10:05:55 +0000 (11:05 +0100)]
apache config for wafertest.debconf.org
Julien Cristau [Tue, 30 Jan 2018 08:52:17 +0000 (09:52 +0100)]
Use a specific IP address for pages.d.n's vhost
Julien Cristau [Mon, 29 Jan 2018 14:55:58 +0000 (15:55 +0100)]
Add debussy to the insecure_ssl role
It wants to use nodejs, and the nodejs package hardcodes
/etc/ssl/certs/ca-certificates.crt (wtf?)
Peter Palfrader [Thu, 25 Jan 2018 21:53:42 +0000 (22:53 +0100)]
fix pages port once more
Peter Palfrader [Thu, 25 Jan 2018 21:46:29 +0000 (22:46 +0100)]
fix port for pages
Peter Palfrader [Thu, 25 Jan 2018 21:44:48 +0000 (22:44 +0100)]
ssl cert for pages.debian.net
Peter Palfrader [Thu, 25 Jan 2018 21:40:42 +0000 (22:40 +0100)]
do proxypass for pages
Peter Palfrader [Thu, 25 Jan 2018 21:21:56 +0000 (22:21 +0100)]
SSL for pages.debian.org
Peter Palfrader [Thu, 25 Jan 2018 20:49:40 +0000 (21:49 +0100)]
ProxyPass everything so we can set nocanon (re: RT#7057)
Laura Arjona Reina [Tue, 16 Jan 2018 15:54:52 +0000 (16:54 +0100)]
change redirections about policy manual to 302, since a change back to the multi-page format is under consideration
RT#7058
Signed-off-by: Julien Cristau <jcristau@debian.org>
Peter Palfrader [Tue, 23 Jan 2018 09:08:22 +0000 (10:08 +0100)]
79.124.75.18 sends us hotel booking spam
Peter Palfrader [Tue, 16 Jan 2018 11:51:53 +0000 (12:51 +0100)]
update recursors for grnet
Aurelien Jarno [Mon, 15 Jan 2018 20:49:00 +0000 (21:49 +0100)]
Decommission asachi, arm-linaro-01 and arm-linaro-03 (RT#6895)
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Peter Palfrader [Wed, 10 Jan 2018 21:48:42 +0000 (22:48 +0100)]
use ttyS1 for the kernel console on fasolo
Peter Palfrader [Wed, 10 Jan 2018 21:43:01 +0000 (22:43 +0100)]
Try to get ipsec between storace and fasolo
Peter Palfrader [Wed, 10 Jan 2018 17:15:48 +0000 (18:15 +0100)]
And ensure wsgi module gets loaded
Peter Palfrader [Wed, 10 Jan 2018 17:13:32 +0000 (18:13 +0100)]
Switch debtags to wsgi python3
Peter Palfrader [Tue, 9 Jan 2018 06:15:09 +0000 (07:15 +0100)]
lower heartbeat intervals
Peter Palfrader [Tue, 9 Jan 2018 06:14:06 +0000 (07:14 +0100)]
Set Heartbeat Interval in the Director resource instead of each client's Client resource
Peter Palfrader [Mon, 8 Jan 2018 10:49:08 +0000 (11:49 +0100)]
only manage grub if we have it
Peter Palfrader [Mon, 8 Jan 2018 09:55:56 +0000 (10:55 +0100)]
samhain ignore /etc/quagga/bgpd.conf and /etc/quagga/zebra.conf
Peter Palfrader [Mon, 8 Jan 2018 09:52:41 +0000 (10:52 +0100)]
Add zebra and bgpd facters
Aurelien Jarno [Sun, 7 Jan 2018 19:22:13 +0000 (20:22 +0100)]
Fix a typo in previous commit
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sun, 7 Jan 2018 19:19:11 +0000 (20:19 +0100)]
Always enable page table isolation on stretch/amd64
It is disabled by default on AMD, however enabling it provide more
hardening.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Peter Palfrader [Sat, 6 Jan 2018 20:17:51 +0000 (21:17 +0100)]
This sudo is no longer needed
Peter Palfrader [Sat, 6 Jan 2018 13:41:58 +0000 (14:41 +0100)]
Add the pre-commit hook from handel into the repo, so it is easier to use
Peter Palfrader [Sat, 6 Jan 2018 13:13:04 +0000 (14:13 +0100)]
Allow adayevskaya to ssh trigger puppetmaster/handel
Peter Palfrader [Sat, 6 Jan 2018 13:10:39 +0000 (14:10 +0100)]
remove obsolete entry from .gitignore
Peter Palfrader [Fri, 5 Jan 2018 16:59:00 +0000 (17:59 +0100)]
Fix ProxyPassReverse
Peter Palfrader [Fri, 5 Jan 2018 16:57:53 +0000 (17:57 +0100)]
Do the same for the git user
Peter Palfrader [Fri, 5 Jan 2018 16:57:19 +0000 (17:57 +0100)]
Fix linger setup to use variable
Peter Palfrader [Fri, 5 Jan 2018 16:55:51 +0000 (17:55 +0100)]
Add webhook things for Ganneff based on his patch
Peter Palfrader [Thu, 4 Jan 2018 15:05:42 +0000 (16:05 +0100)]
let sallinen read sibelius backups
Peter Palfrader [Thu, 4 Jan 2018 15:02:27 +0000 (16:02 +0100)]
add sallinen to pg server group
Peter Palfrader [Thu, 4 Jan 2018 14:55:11 +0000 (15:55 +0100)]
give sallinen pg access to sibelius
Julien Cristau [Thu, 4 Jan 2018 10:44:15 +0000 (11:44 +0100)]
Redirect linux security updates to security-cdn on all mirrors
Expecting an update for KPTI.
Peter Palfrader [Thu, 4 Jan 2018 10:04:32 +0000 (11:04 +0100)]
And a homedir for the webhook user
Peter Palfrader [Thu, 4 Jan 2018 10:00:58 +0000 (11:00 +0100)]
give gitdoadm sudo to salsa-webhook
Julien Cristau [Wed, 3 Jan 2018 17:16:25 +0000 (18:16 +0100)]
Do the linux redirect to security-cdn dance on setoguchi
Julien Cristau [Wed, 3 Jan 2018 16:31:25 +0000 (17:31 +0100)]
Two more packages for salsa
Requested by Joerg in <878tdfpbyw.fsf@delenn.ganneff.de>
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Wed, 3 Jan 2018 11:46:04 +0000 (12:46 +0100)]
Tweak shell quoting per weasel's suggestion
Julien Cristau [Wed, 3 Jan 2018 11:36:53 +0000 (12:36 +0100)]
Delete temp dir in update-fastly-ips script
Julien Cristau [Sun, 31 Dec 2017 12:50:37 +0000 (13:50 +0100)]
Use separate static component for planet.d.n vhost (rt#7018)
Julien Cristau [Sun, 31 Dec 2017 12:34:54 +0000 (13:34 +0100)]
Add planet.d.n static component (rt#7018)
Laura Arjona Reina [Fri, 22 Dec 2017 20:57:33 +0000 (21:57 +0100)]
Add redirections for the Debian Policy manual (now in single page)
Signed-off-by: Julien Cristau <jcristau@debian.org>
Peter Palfrader [Mon, 25 Dec 2017 12:28:34 +0000 (13:28 +0100)]
merge nagios-wraps crontab into dsa-puppet-stuff
Peter Palfrader [Mon, 25 Dec 2017 12:23:51 +0000 (13:23 +0100)]
move absent cron.d files to one-line statements to make grepping easier
Peter Palfrader [Mon, 25 Dec 2017 12:21:31 +0000 (13:21 +0100)]
fix weblog provider fragement
Peter Palfrader [Mon, 25 Dec 2017 12:20:49 +0000 (13:20 +0100)]
Move crontab weblog-provider into dsa-puppet-stuff
Peter Palfrader [Mon, 25 Dec 2017 12:19:06 +0000 (13:19 +0100)]
Move crontab static-mirror into dsa-puppet-stuff
projects / mirror / dsa-puppet.git / log