Paul Wise [Wed, 31 Dec 2014 02:32:55 +0000 (10:32 +0800)]
Enforce SSL configuration using puppet, add dirs for debian and global CAs
Peter Palfrader [Tue, 6 Jan 2015 20:20:04 +0000 (21:20 +0100)]
Remove any references to ahbl.org blocklists as they have shut down (re: RT#5684)
Paul Wise [Tue, 6 Jan 2015 16:52:49 +0000 (00:52 +0800)]
Fix typo
Paul Wise [Tue, 6 Jan 2015 14:53:24 +0000 (22:53 +0800)]
Skip processes that no longer exist
Paul Wise [Sat, 3 Jan 2015 03:46:06 +0000 (11:46 +0800)]
cdn.debian.net has been deprecated, replace it with http.debian.net
https://lists.debian.org/CAG2RKXMdBLL-vSFW6dEu4P0NwT7qqor3PxVQDu-mwrM1J-6opw@mail.gmail.com
Tollef Fog Heen [Fri, 2 Jan 2015 17:19:30 +0000 (18:19 +0100)]
Work around service(8) not reloading syslog-ng correctly
It seems systemd fails to mark syslog-ng as reloadable, which in turn
leads to invoke-rc.d failing. Just call systemctl directly if we're
running systemd to work around this.
James McCoy [Wed, 31 Dec 2014 03:01:18 +0000 (22:01 -0500)]
dd-schroot-cmd: Relax session name check
As per schroot.conf(5):
A number of characters or words are not permitted in a chroot name,
session name or configuration filename. The name may not contain a
leading period (‘.’). The characters ‘:’ (colon), ‘,’ (comma) and ‘/’
(forward slash) are not permitted anywhere in the name. The name may
also not contain a trailing tilde (‘~’).
Relaxing the session name check in get_session_owner to better align
with schroot's actual restrictions reduces the chance that a user will
create a session yet be unable to manipulate it with dd-schroot-cmd.
Signed-off-by: James McCoy <jamessan@debian.org>
Signed-off-by: Paul Wise <pabs@debian.org>
Martin Zobel-Helas [Sun, 28 Dec 2014 09:57:45 +0000 (09:57 +0000)]
run ntp everywhere again
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sat, 27 Dec 2014 15:05:58 +0000 (15:05 +0000)]
Revert "disable oyens for now"
This reverts commit
57a38b9f3f9858c0619de09d7b3d01e86c599f9c.
Martin Zobel-Helas [Tue, 23 Dec 2014 22:21:10 +0000 (22:21 +0000)]
disable oyens for now
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Peter Palfrader [Tue, 23 Dec 2014 12:19:19 +0000 (12:19 +0000)]
Fix apache2/jessie conf-enabled symlinks
Peter Palfrader [Tue, 23 Dec 2014 12:11:16 +0000 (13:11 +0100)]
First attempt at making apache conf stuff work on jessie
Peter Palfrader [Tue, 23 Dec 2014 12:07:04 +0000 (13:07 +0100)]
Update security.conf to version from jessie, but keep ServerTokens at ProductOnly
Peter Palfrader [Tue, 23 Dec 2014 09:26:45 +0000 (10:26 +0100)]
s/search-/cgi-/
Peter Palfrader [Tue, 23 Dec 2014 09:13:24 +0000 (10:13 +0100)]
Add stunnel for search
Héctor Orón Martínez [Mon, 22 Dec 2014 11:21:56 +0000 (12:21 +0100)]
autofs: ensure nfsv4 module is loaded
Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
Peter Palfrader [Sat, 20 Dec 2014 20:45:00 +0000 (21:45 +0100)]
stable may run ntp again
Peter Palfrader [Sat, 20 Dec 2014 20:43:33 +0000 (21:43 +0100)]
Update leap-seconds.list. Not that any new ones have been added.
Peter Palfrader [Sat, 20 Dec 2014 17:07:39 +0000 (18:07 +0100)]
And another loghost-grnet-01 fix
Peter Palfrader [Sat, 20 Dec 2014 15:51:20 +0000 (16:51 +0100)]
New cert for db
Peter Palfrader [Sat, 20 Dec 2014 13:58:19 +0000 (14:58 +0100)]
New cert for piuparts
Peter Palfrader [Sat, 20 Dec 2014 13:57:47 +0000 (14:57 +0100)]
New cert for packages
Peter Palfrader [Sat, 20 Dec 2014 13:56:52 +0000 (14:56 +0100)]
New cert for bugs-master
Peter Palfrader [Sat, 20 Dec 2014 13:56:26 +0000 (14:56 +0100)]
New cert for rtc
Peter Palfrader [Sat, 20 Dec 2014 13:55:55 +0000 (14:55 +0100)]
New cert for sip-ws
Peter Palfrader [Sat, 20 Dec 2014 13:55:17 +0000 (14:55 +0100)]
New cert for bugs
Peter Palfrader [Sat, 20 Dec 2014 13:30:48 +0000 (13:30 +0000)]
Do not run ntpd for now
Peter Palfrader [Wed, 17 Dec 2014 15:59:21 +0000 (16:59 +0100)]
new vote cert
Peter Palfrader [Wed, 17 Dec 2014 15:57:34 +0000 (16:57 +0100)]
new release cert
Peter Palfrader [Wed, 17 Dec 2014 15:56:42 +0000 (16:56 +0100)]
new nagios cert
Peter Palfrader [Wed, 17 Dec 2014 15:55:54 +0000 (16:55 +0100)]
new munin cert
Peter Palfrader [Wed, 17 Dec 2014 15:55:21 +0000 (16:55 +0100)]
new ftp-master cert
Peter Palfrader [Wed, 17 Dec 2014 15:42:08 +0000 (16:42 +0100)]
new www cert
Peter Palfrader [Wed, 17 Dec 2014 15:41:30 +0000 (16:41 +0100)]
new dsa cert
Peter Palfrader [Wed, 17 Dec 2014 14:50:02 +0000 (15:50 +0100)]
new contributors cert
Peter Palfrader [Wed, 17 Dec 2014 14:48:52 +0000 (15:48 +0100)]
new sso cert
Peter Palfrader [Wed, 17 Dec 2014 14:48:28 +0000 (15:48 +0100)]
new security-tracker cert
Peter Palfrader [Wed, 17 Dec 2014 14:47:53 +0000 (15:47 +0100)]
new rt cert
Peter Palfrader [Wed, 17 Dec 2014 14:47:14 +0000 (15:47 +0100)]
new nm cert
Peter Palfrader [Wed, 17 Dec 2014 09:26:23 +0000 (10:26 +0100)]
Update buildd CA TA to new gandi cert for jessie hosts
Peter Palfrader [Wed, 17 Dec 2014 09:25:39 +0000 (10:25 +0100)]
Remove unneeded variable
Peter Palfrader [Tue, 16 Dec 2014 13:57:53 +0000 (14:57 +0100)]
new buildd cert
Peter Palfrader [Tue, 16 Dec 2014 13:33:11 +0000 (14:33 +0100)]
new lists cert
Peter Palfrader [Tue, 16 Dec 2014 13:31:11 +0000 (14:31 +0100)]
new udd cert
Peter Palfrader [Tue, 16 Dec 2014 13:14:11 +0000 (14:14 +0100)]
new udd cert
Paul Wise [Mon, 15 Dec 2014 22:46:45 +0000 (06:46 +0800)]
nagios needs to be able to run systemctl as root otherwise dbus is needed
Martin Zobel-Helas [Sat, 13 Dec 2014 10:26:36 +0000 (11:26 +0100)]
and different names for v6 rules
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sat, 13 Dec 2014 10:24:42 +0000 (11:24 +0100)]
add IPv6 range (second try)
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sat, 13 Dec 2014 10:18:06 +0000 (11:18 +0100)]
Revert "add IPv6 range"
This reverts commit
fc978e2bb512bf85d82d054d6086b926a3769bd5.
Martin Zobel-Helas [Sat, 13 Dec 2014 10:14:47 +0000 (11:14 +0100)]
add IPv6 range
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Paul Wise [Thu, 11 Dec 2014 03:54:10 +0000 (11:54 +0800)]
Use ruby1.9.1 to avoid ruby1.8 + puppetd segfaults on ball
More info: https://lists.debian.org/
1418271834.28231.36.camel@debian.org
Peter Palfrader [Wed, 10 Dec 2014 19:54:28 +0000 (20:54 +0100)]
Better with a newline
Peter Palfrader [Wed, 10 Dec 2014 19:52:53 +0000 (20:52 +0100)]
Add /etc/schroot/buildd/config with CHROOT_FILE_UNPACK_DIR=/srv/buildd/unpack if /srv/buildd exists
Peter Palfrader [Tue, 9 Dec 2014 21:11:33 +0000 (22:11 +0100)]
enable ud-replicated.service
Peter Palfrader [Tue, 9 Dec 2014 20:47:56 +0000 (21:47 +0100)]
Fix regex in bacula-backup-dirs
Peter Palfrader [Tue, 9 Dec 2014 18:17:00 +0000 (19:17 +0100)]
Add minkus
Peter Palfrader [Tue, 9 Dec 2014 18:16:16 +0000 (19:16 +0100)]
Fix several dedication lines (format violations)
Peter Palfrader [Sun, 7 Dec 2014 18:43:33 +0000 (19:43 +0100)]
Make sure geoip-database is installed on geo nameservers
Héctor Orón Martínez [Sun, 7 Dec 2014 17:10:41 +0000 (18:10 +0100)]
ferm: allow debsources access
Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
Peter Palfrader [Sun, 7 Dec 2014 16:46:53 +0000 (17:46 +0100)]
Make setup-buildd not fail when there is nothing wrong
Héctor Orón Martínez [Sun, 7 Dec 2014 16:10:42 +0000 (17:10 +0100)]
autofs: add bm sor
Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
Peter Palfrader [Sun, 7 Dec 2014 10:02:28 +0000 (11:02 +0100)]
Stop using always-broken http.debian.net
Peter Palfrader [Sun, 7 Dec 2014 09:43:23 +0000 (10:43 +0100)]
fix variable use
Peter Palfrader [Sun, 7 Dec 2014 09:41:51 +0000 (10:41 +0100)]
Enable ssh_host_ed25519_key if it exists
Peter Palfrader [Sun, 7 Dec 2014 09:41:36 +0000 (10:41 +0100)]
Move ServerKeyBits to 1024, the new default in jessie - this only affects version 1 anyhow, but still
Peter Palfrader [Sun, 7 Dec 2014 09:35:27 +0000 (10:35 +0100)]
remove unnecessary (and broken) onlyif
Peter Palfrader [Sun, 7 Dec 2014 09:33:53 +0000 (10:33 +0100)]
Create ssh
ed25519 hostkeys on jessie
Paul Wise [Sun, 7 Dec 2014 05:42:55 +0000 (13:42 +0800)]
Add Sakura Internet to the list of hosters
Héctor Orón Martínez [Sat, 6 Dec 2014 01:39:24 +0000 (02:39 +0100)]
debian-org: new host dedication - sor.d.o (debsources)
Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
Héctor Orón Martínez [Sat, 6 Dec 2014 00:48:38 +0000 (01:48 +0100)]
multipath: add sor and sor-lvm (debsources service)
Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
Peter Palfrader [Fri, 5 Dec 2014 21:57:36 +0000 (22:57 +0100)]
Add our own syslog-ng service file for now
Peter Palfrader [Fri, 5 Dec 2014 21:55:18 +0000 (21:55 +0000)]
Actuall add a ud-replicated service file
Peter Palfrader [Fri, 5 Dec 2014 21:45:54 +0000 (21:45 +0000)]
Add a ud-replicated service file
Peter Palfrader [Fri, 5 Dec 2014 21:45:44 +0000 (21:45 +0000)]
Change factor to one that puppet likes better
Peter Palfrader [Fri, 5 Dec 2014 21:33:17 +0000 (22:33 +0100)]
Add systemd factoid
Peter Palfrader [Fri, 5 Dec 2014 18:18:49 +0000 (19:18 +0100)]
On new buildds, re-create schroots weekly
Peter Palfrader [Fri, 5 Dec 2014 18:16:16 +0000 (19:16 +0100)]
fix var name
Peter Palfrader [Fri, 5 Dec 2014 18:15:03 +0000 (19:15 +0100)]
only include /srv/build-trees in fstab if it exists
Peter Palfrader [Fri, 5 Dec 2014 18:04:15 +0000 (19:04 +0100)]
Add paths facter
Peter Palfrader [Fri, 5 Dec 2014 17:59:10 +0000 (18:59 +0100)]
Move setup-* from porterbox to schroot module
Peter Palfrader [Fri, 5 Dec 2014 17:58:18 +0000 (18:58 +0100)]
Further setup-dchroot tweaks
Peter Palfrader [Fri, 5 Dec 2014 15:40:07 +0000 (16:40 +0100)]
Ignore some schroot files
Peter Palfrader [Thu, 4 Dec 2014 21:10:50 +0000 (22:10 +0100)]
jessie has backports
Peter Palfrader [Thu, 4 Dec 2014 21:09:08 +0000 (22:09 +0100)]
Do not savelog with -d
Peter Palfrader [Thu, 4 Dec 2014 21:06:04 +0000 (22:06 +0100)]
Also load 99porterbox-extra-apt-options and 99porterbox-extra-sources with profile buildd-dsa
Peter Palfrader [Thu, 4 Dec 2014 20:36:08 +0000 (21:36 +0100)]
Update chroot creation scripts to also build buildd chroots
Peter Palfrader [Thu, 4 Dec 2014 18:15:29 +0000 (19:15 +0100)]
lvm config for prokofiev
Paul Wise [Thu, 4 Dec 2014 07:43:27 +0000 (15:43 +0800)]
Handle the upgrade from ulogd to ulogd2 in jessie and later.
Use augeas to handle modifying the existing ulogd2 logrotate config.
Remove instead of purge ulogd because it deletes log files on purge.
Remove the puppet installed logrotate config for ulogd.
Eliminates mails like these:
/etc/cron.daily/logrotate:
error: ulogd2:1 duplicate log entry for /var/log/ulog/syslogemu.log
Paul Wise [Wed, 3 Dec 2014 23:19:25 +0000 (07:19 +0800)]
Port the v4ips & v6ips Facter functions to Ruby 1.9 from Debian wheezy/jessie
This fixes these warnings from new hosts and fixes puppet IP address discovery:
Unable to add resolve nil for fact v4ips: undefined method `each' for #<String:0x0001000707f410>
Unable to add resolve nil for fact v6ips: undefined method `each' for #<String:0x0001000707e808>
Thanks-to: zeha & gwolf on the #debian-ruby channel
Martin Zobel-Helas [Mon, 1 Dec 2014 09:24:55 +0000 (09:24 +0000)]
remove from non-bacula
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Mon, 1 Dec 2014 08:59:37 +0000 (08:59 +0000)]
no apache2_www_mirror for setoguchi
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 30 Nov 2014 22:48:13 +0000 (22:48 +0000)]
add setoguchi
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Peter Palfrader [Sun, 30 Nov 2014 10:05:59 +0000 (10:05 +0000)]
Remove monit on jessie
Peter Palfrader [Sun, 30 Nov 2014 09:46:40 +0000 (10:46 +0100)]
Syntax fix
Peter Palfrader [Sun, 30 Nov 2014 09:43:51 +0000 (10:43 +0100)]
Need to use /usr/bin/puppet now that /usr/sbin/puppetd is gone
Paul Wise [Sun, 30 Nov 2014 08:26:58 +0000 (16:26 +0800)]
Use chronic instead of filtering the output of the stunnel4 init script on restart
Peter Palfrader [Sat, 29 Nov 2014 12:21:51 +0000 (13:21 +0100)]
We need to trust an entire CA :(
Peter Palfrader [Sat, 29 Nov 2014 08:44:25 +0000 (09:44 +0100)]
apt/curl is broken in jessie #771404
Peter Palfrader [Sat, 29 Nov 2014 08:02:21 +0000 (09:02 +0100)]
No backups for mipsel-alq-0[12]
Peter Palfrader [Fri, 28 Nov 2014 14:33:44 +0000 (15:33 +0100)]
Remove
BEA7CF10BD2B0EE0 - db.debian.org archive key 2008