Julien Cristau [Fri, 9 Aug 2019 14:03:47 +0000 (16:03 +0200)]
Add sso_rp role on wuiet (RT#7892)
Stefano Rivera [Tue, 30 Jul 2019 14:50:06 +0000 (11:50 -0300)]
debconf20.dc.o vhost
Stefano Rivera [Tue, 30 Jul 2019 00:28:24 +0000 (21:28 -0300)]
Switch wafertest to dc20
Aurelien Jarno [Fri, 26 Jul 2019 15:05:13 +0000 (17:05 +0200)]
samhain: ignore /etc/exim4/conf.d
This directory is removed by puppet
Paul Wise [Tue, 23 Jul 2019 23:46:37 +0000 (07:46 +0800)]
Enable proxy module for wiki.debconf.org pass-thru rewrite
Fixes: commit
f33e5b0b7749df9e3bf60b7b816898f3d07ecc8b
Fixes: commit
f3cf7b1e16b58065689c4ae0ded3e41d6782fb13
Requested-by: tumbleweed on #debian-admin
Paul Wise [Tue, 23 Jul 2019 23:40:11 +0000 (07:40 +0800)]
Enable proxy module for wiki.debconf.org pass-thru rewrite
Fixes: commit
f33e5b0b7749df9e3bf60b7b816898f3d07ecc8b
Requested-by: tumbleweed on #debian-admin
Tollef Fog Heen [Tue, 23 Jul 2019 20:12:25 +0000 (22:12 +0200)]
Merge branch 'pass-through-slash' of https://salsa.debian.org/stefanor/dsa-puppet
Signed-off-by: Tollef Fog Heen <tfheen@err.no>
Stefano Rivera [Tue, 23 Jul 2019 19:44:26 +0000 (16:44 -0300)]
PassThrough / to /wiki/
So that the response has a Content-Type header (via the ForceType on
/wiki/).
Peter Palfrader [Fri, 19 Jul 2019 14:05:22 +0000 (16:05 +0200)]
Block 198.108.67.48 from security mirrors for breaking rsync
Peter Palfrader [Fri, 19 Jul 2019 11:01:39 +0000 (13:01 +0200)]
move pg rule from veyepar to sreview
Peter Palfrader [Fri, 19 Jul 2019 10:06:13 +0000 (12:06 +0200)]
Allow DC19 access to the PG on vittoria, re: RT#7845
Peter Palfrader [Fri, 19 Jul 2019 09:57:41 +0000 (11:57 +0200)]
sreview is sreview.debian.net
Peter Palfrader [Fri, 19 Jul 2019 09:55:53 +0000 (11:55 +0200)]
Move veyepar and sreview into own manifests
Peter Palfrader [Thu, 18 Jul 2019 11:32:26 +0000 (13:32 +0200)]
www.do: stop doing permanent redirects
Permanent redirects may be cached permanently. Don't do that.
Laura Arjona Reina [Thu, 18 Jul 2019 11:10:43 +0000 (13:10 +0200)]
Add redirects for all the /misc section, and group all the redirects related to /misc
Signed-off-by: Peter Palfrader <peter@palfrader.org>
Aurelien Jarno [Mon, 8 Jul 2019 19:28:05 +0000 (21:28 +0200)]
manda: entropykey moved from czerny to manda-node04
Peter Palfrader [Sun, 7 Jul 2019 18:54:16 +0000 (20:54 +0200)]
give keyring the ability to reload bind9
Peter Palfrader [Sun, 7 Jul 2019 18:14:18 +0000 (20:14 +0200)]
Notify on _openpgpkey.debian.org
Peter Palfrader [Sun, 7 Jul 2019 18:12:11 +0000 (20:12 +0200)]
do nsec3 via puppet
Peter Palfrader [Sun, 7 Jul 2019 18:09:38 +0000 (20:09 +0200)]
Sign _openpgpkey.debian.org
Peter Palfrader [Sun, 7 Jul 2019 18:05:49 +0000 (20:05 +0200)]
Add a flag to the dns-helper tooling
Peter Palfrader [Sun, 7 Jul 2019 18:04:05 +0000 (20:04 +0200)]
Add a flag to the dns-helper tooling
Peter Palfrader [Sun, 7 Jul 2019 10:16:27 +0000 (12:16 +0200)]
geo ferm
Peter Palfrader [Sun, 7 Jul 2019 10:15:26 +0000 (12:15 +0200)]
geo ferm
Peter Palfrader [Sun, 7 Jul 2019 10:13:50 +0000 (12:13 +0200)]
fw on kaufmann
Peter Palfrader [Sun, 7 Jul 2019 10:09:22 +0000 (12:09 +0200)]
fw on kaufmann
Peter Palfrader [Sun, 7 Jul 2019 10:07:32 +0000 (12:07 +0200)]
fw on kaufmann
Peter Palfrader [Sun, 7 Jul 2019 10:06:39 +0000 (12:06 +0200)]
fw on kaufmann
Peter Palfrader [Sun, 7 Jul 2019 10:04:33 +0000 (12:04 +0200)]
notify bind9
Peter Palfrader [Sun, 7 Jul 2019 10:04:09 +0000 (12:04 +0200)]
Set masters
Peter Palfrader [Sun, 7 Jul 2019 10:01:30 +0000 (12:01 +0200)]
Fetch openpgpkey zone to denis
Peter Palfrader [Sun, 7 Jul 2019 10:01:23 +0000 (12:01 +0200)]
reindent
Peter Palfrader [Sun, 7 Jul 2019 09:56:49 +0000 (11:56 +0200)]
We no longer have secondaries for the debian zones
Peter Palfrader [Sun, 7 Jul 2019 09:42:39 +0000 (11:42 +0200)]
add a ;
Peter Palfrader [Sun, 7 Jul 2019 09:38:16 +0000 (11:38 +0200)]
Try to add openpgpkey zone
Peter Palfrader [Sun, 7 Jul 2019 09:31:36 +0000 (11:31 +0200)]
fix array
Peter Palfrader [Sun, 7 Jul 2019 09:31:15 +0000 (11:31 +0200)]
set up a shared keypair between kaufmann and denis
Peter Palfrader [Sun, 7 Jul 2019 09:29:48 +0000 (11:29 +0200)]
reorder ACLs and shared keys on primary
Peter Palfrader [Sun, 7 Jul 2019 09:26:59 +0000 (11:26 +0200)]
Include local shared keys on primary
Peter Palfrader [Sun, 7 Jul 2019 09:23:19 +0000 (11:23 +0200)]
move ACLs for 3rd party things from the named.conf.options template to named.conf.puppet-misc
Peter Palfrader [Sun, 7 Jul 2019 09:10:42 +0000 (11:10 +0200)]
Add a named.conf.puppet-misc
Peter Palfrader [Sun, 7 Jul 2019 09:10:32 +0000 (11:10 +0200)]
unify query log
Peter Palfrader [Sun, 7 Jul 2019 09:08:30 +0000 (11:08 +0200)]
Move creation of /etc/bind/named.conf.options from ::geodns and ::primary to parent
Peter Palfrader [Sun, 7 Jul 2019 09:00:55 +0000 (11:00 +0200)]
move named.conf.debian-zones.erb from authoritative to primary
Peter Palfrader [Sun, 7 Jul 2019 08:58:05 +0000 (10:58 +0200)]
authoritative bin on keyring host
Peter Palfrader [Sun, 7 Jul 2019 08:56:32 +0000 (10:56 +0200)]
unify v4 and v6 rules in named::primary
Peter Palfrader [Sun, 7 Jul 2019 08:53:16 +0000 (10:53 +0200)]
Move DNS things from named to named::primary and named::geodns
Peter Palfrader [Sun, 7 Jul 2019 08:51:39 +0000 (10:51 +0200)]
Load named::geodns from roles/manifests/init.pp based on hiera instead of from site manifest based on hostname
Aurelien Jarno [Sat, 6 Jul 2019 11:52:41 +0000 (13:52 +0200)]
setup-all-dchroots: add bullseye
Peter Palfrader [Fri, 5 Jul 2019 05:28:23 +0000 (07:28 +0200)]
Permanent redirects mean we can never, ever change them again as they might be cached. Stop doing those.
Peter Palfrader [Fri, 5 Jul 2019 05:27:04 +0000 (07:27 +0200)]
Redirect / of openpgpkey to keyring.d.o
Matthieu Caneill [Thu, 4 Jul 2019 13:14:15 +0000 (15:14 +0200)]
add robots.txt to sources.d.o
Signed-off-by: Julien Cristau <jcristau@debian.org>
Peter Palfrader [Wed, 3 Jul 2019 06:09:59 +0000 (08:09 +0200)]
Force HiddenServiceVersion 2 as that is the only thing onionbalance understands, II
Peter Palfrader [Wed, 3 Jul 2019 06:08:08 +0000 (08:08 +0200)]
Force HiddenServiceVersion 2 as that is the only thing onionbalance understands
Peter Palfrader [Tue, 2 Jul 2019 13:51:11 +0000 (15:51 +0200)]
Link https://dev.gnupg.org/T4603 with workaround
Peter Palfrader [Tue, 2 Jul 2019 11:00:13 +0000 (13:00 +0200)]
work around GnuPG being silly with redirects
Peter Palfrader [Tue, 2 Jul 2019 09:39:29 +0000 (11:39 +0200)]
redirect https://debian.org/.well-known/openpgpkey/ to openpgpkey.debian.org (re: RT#7828)
Peter Palfrader [Tue, 2 Jul 2019 09:34:29 +0000 (11:34 +0200)]
Make redirects from the various debian.* and debian.{!org} pages less permanent
Peter Palfrader [Tue, 2 Jul 2019 09:21:29 +0000 (11:21 +0200)]
Fix openpgpkey dir
Peter Palfrader [Tue, 2 Jul 2019 09:18:47 +0000 (11:18 +0200)]
And make content appear under /.well-known/openpgpkey/ openpgpkey (re: #RT7828)
Peter Palfrader [Tue, 2 Jul 2019 09:15:40 +0000 (11:15 +0200)]
disable indexing on openpgpkey (re: #RT7828)
Peter Palfrader [Tue, 2 Jul 2019 09:04:43 +0000 (11:04 +0200)]
static component for openpgpkey (re: #RT7828)
Peter Palfrader [Tue, 2 Jul 2019 09:00:09 +0000 (11:00 +0200)]
kaufmann as saticsource (re: #RT7828)
Aurelien Jarno [Sun, 23 Jun 2019 12:13:08 +0000 (14:13 +0200)]
lvm-osuosl-ganeti2.conf: only look for /dev/sda to workaround multipath issues
multipath doesn't work properly on pieta. Workaround the issue by only
looking at /dev/sda.
Aurelien Jarno [Sat, 22 Jun 2019 19:02:45 +0000 (21:02 +0200)]
010-security.debian.org.conf: explicitly bind to localhost
On hosts having services on different IP addresses, *:80 is not enough
to run the security vhost on localhost, as other services might also
explicitly bind to localhost. This breaks mirror-health check.
For example on schmelzer.d.o:
010-archive.debian.org.conf
<VirtualHost 217.196.149.234:80 [2a02:16a8:dc41:100::234]:80>
010-debug.mirrors.debian.org.conf
<VirtualHost 217.196.149.232:80 [2a02:16a8:dc41:100::232]:80 127.0.0.1:80 [::1]:80 >
010-ftp.debian.org.conf
<VirtualHost 217.196.149.232:80 [2a02:16a8:dc41:100::232]:80 127.0.0.1:80 [::1]:80 >
010-security.debian.org.conf
<VirtualHost *:80>
Without this fix, it means that a request to security.backend.mirrors.d.o
on localhost ends up in the debug.mirrors.d.o vhost, and is thus
answered as 404.
Aurelien Jarno [Sat, 22 Jun 2019 15:39:46 +0000 (17:39 +0200)]
More cleanup following the apt.buildd.debian.org removal
Aurelien Jarno [Sat, 22 Jun 2019 12:24:25 +0000 (14:24 +0200)]
Drop apt.buildd.debian.org
We do not use it since none of our buildds are running jessie
Aurelien Jarno [Sat, 22 Jun 2019 12:19:31 +0000 (14:19 +0200)]
All our buildds are running at least stretch, drop jessie specific code
Aurelien Jarno [Tue, 18 Jun 2019 19:37:52 +0000 (21:37 +0200)]
Decommission binet
Aurelien Jarno [Mon, 17 Jun 2019 20:57:39 +0000 (22:57 +0200)]
Add x86-ubc-02.d.o
Aurelien Jarno [Sun, 16 Jun 2019 19:48:36 +0000 (21:48 +0200)]
decomission x86-bm-01
Aurelien Jarno [Sun, 16 Jun 2019 14:05:50 +0000 (16:05 +0200)]
Add x86-grnet-02.debian.org
Aurelien Jarno [Sat, 15 Jun 2019 20:30:22 +0000 (22:30 +0200)]
Regen manda-node04 NTP key
It needs to be generated with -T
Aurelien Jarno [Sat, 15 Jun 2019 20:22:58 +0000 (22:22 +0200)]
Move timeserver from clementi to manda-node04 (missing part)
Aurelien Jarno [Sat, 15 Jun 2019 20:19:09 +0000 (22:19 +0200)]
Move timeserver from clementi to manda-node04
Aurelien Jarno [Sat, 15 Jun 2019 20:06:21 +0000 (22:06 +0200)]
The ganeti3 cluster (czerny/clementi) has been decomissioned
Aurelien Jarno [Sat, 15 Jun 2019 19:51:42 +0000 (21:51 +0200)]
Move timeserver from czerny to manda-node03
Aurelien Jarno [Sat, 15 Jun 2019 14:13:00 +0000 (16:13 +0200)]
Upgrade qemu-system-aarch64-wrapper for ganeti 2.16
Aurelien Jarno [Sat, 15 Jun 2019 12:49:31 +0000 (14:49 +0200)]
Update lvm-ubc-ganeti3.conf following upgrade to buster
Aurelien Jarno [Sat, 15 Jun 2019 12:49:31 +0000 (14:49 +0200)]
Revert "Ignore qemu-efi-arm on ubc-node-arm0X"
This reverts commit
19be01c1fc6e2c4db1a41df686cd60889c10f179.
Aurelien Jarno [Fri, 14 Jun 2019 15:18:11 +0000 (17:18 +0200)]
Add Add godard-lvm-ssd volume to ganeti2
Aurelien Jarno [Fri, 14 Jun 2019 15:12:07 +0000 (17:12 +0200)]
Remove godard-lvm volume from ganeti2
Aurelien Jarno [Fri, 14 Jun 2019 07:43:48 +0000 (09:43 +0200)]
Add godard-lvm-hdd volume
Aurelien Jarno [Thu, 13 Jun 2019 10:54:59 +0000 (12:54 +0200)]
qemu-system-aarch64-wrapper: only enable gic version 3 with more than 8 vcpus
as gic version 3 is not supported on conova-node01/02
Aurelien Jarno [Wed, 12 Jun 2019 20:07:25 +0000 (22:07 +0200)]
qemu-system-aarch64-wrapper: fix -M ? option following recent changes
Aurelien Jarno [Wed, 12 Jun 2019 19:54:58 +0000 (21:54 +0200)]
qemu-system-aarch64-wrapper: do not force the gvic to version 3 for 32-bit vCPUs
Aurelien Jarno [Wed, 12 Jun 2019 14:01:27 +0000 (16:01 +0200)]
qemu-system-aarch64-wrapper: set the gic version to 3
This enables up to 512 vcpus instead of 8
Aurelien Jarno [Tue, 11 Jun 2019 12:37:32 +0000 (14:37 +0200)]
Add arm-ubc-05 and arm-ubc-06
Aurelien Jarno [Mon, 10 Jun 2019 19:46:24 +0000 (21:46 +0200)]
Ignore qemu-efi-arm on ubc-node-arm0X
The package is not available in stretch, so it has been installed by
hand from buster.
This commit should be reverted once ubc-node-arm0X have been upgraded to
buster.
Aurelien Jarno [Mon, 10 Jun 2019 19:23:24 +0000 (21:23 +0200)]
Add arm-ubc-04.debian.org
Aurelien Jarno [Sun, 9 Jun 2019 20:51:36 +0000 (22:51 +0200)]
Use ttyAMA0 on arm-ubc-0X
Luca Filipozzi [Sun, 9 Jun 2019 20:34:39 +0000 (13:34 -0700)]
allow ssh access to ubc-node-arm* from ubc-bulwark (internal)
Aurelien Jarno [Sun, 9 Jun 2019 11:45:05 +0000 (13:45 +0200)]
Add arm-ubc-02.debian.org and arm-ubc-03.debian.org to buildds
Those are now VMs
Aurelien Jarno [Sat, 8 Jun 2019 19:40:19 +0000 (21:40 +0200)]
Revert "remove arm-ubc-01 reference"
This reverts commit
1ef022b649ef0ae744e18df2b2794c200cbd4f4c.
Luca Filipozzi [Sat, 8 Jun 2019 19:36:56 +0000 (12:36 -0700)]
remove arm-ubc-01 reference
Aurelien Jarno [Sat, 8 Jun 2019 16:26:49 +0000 (18:26 +0200)]
Add arm-ubc-01.debian.org (buildd)
Aurelien Jarno [Sat, 8 Jun 2019 13:38:22 +0000 (15:38 +0200)]
Firewall for ganeti3.ubc.debian.org
Aurelien Jarno [Sat, 8 Jun 2019 12:59:04 +0000 (14:59 +0200)]
LVM config for ganeti3.ubc.debian.org
Aurelien Jarno [Sat, 8 Jun 2019 10:30:48 +0000 (12:30 +0200)]
arm-ubc-0X have been renamed and won't be buildd anymore
We'll setup a ganeti cluster on them.
Luca Filipozzi [Wed, 5 Jun 2019 21:09:44 +0000 (14:09 -0700)]
add arm-ubc to misc/local
projects / mirror / dsa-puppet.git / log