mirror/dsa-puppet.git
5 years agoFix typo in volume name
Julien Cristau [Fri, 27 Sep 2019 09:36:20 +0000 (11:36 +0200)]
Fix typo in volume name

5 years agomove appstream.debian.org static component to static-master-ubc-01 from dillon, since...
Peter Palfrader [Fri, 27 Sep 2019 07:03:49 +0000 (09:03 +0200)]
move appstream.debian.org static component to static-master-ubc-01 from dillon, since the source (mekeel) moved from bm to ubc

5 years agomekeel now gets the UBC autofs config
Peter Palfrader [Fri, 27 Sep 2019 06:33:08 +0000 (08:33 +0200)]
mekeel now gets the UBC autofs config

5 years agorename BM mekeel volumes to OLD-
Peter Palfrader [Fri, 27 Sep 2019 06:32:26 +0000 (08:32 +0200)]
rename BM mekeel volumes to OLD-

5 years agoAdd volumes for mekeel
Peter Palfrader [Fri, 27 Sep 2019 05:58:05 +0000 (07:58 +0200)]
Add volumes for mekeel

5 years agoeximconf: add debug messages for (remaining) transports
Adam D. Barratt [Fri, 27 Sep 2019 05:10:54 +0000 (06:10 +0100)]
eximconf: add debug messages for (remaining) transports

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agoeximconf: add a debug message for relay_manualroute
Adam D. Barratt [Fri, 27 Sep 2019 05:10:38 +0000 (06:10 +0100)]
eximconf: add a debug message for relay_manualroute

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agofail2ban: make exim "AUTH LOGIN" match case-insensitive
Adam D. Barratt [Thu, 26 Sep 2019 17:29:45 +0000 (18:29 +0100)]
fail2ban: make exim "AUTH LOGIN" match case-insensitive

Apparently people are trying it in lower-case as well

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agofail2ban: add more expressions to the Exim filter
Adam D. Barratt [Thu, 26 Sep 2019 17:28:03 +0000 (18:28 +0100)]
fail2ban: add more expressions to the Exim filter

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agoeximconf: increase log detail
Adam D. Barratt [Thu, 26 Sep 2019 17:24:01 +0000 (18:24 +0100)]
eximconf: increase log detail

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agoeximconf: split log_selector to one item per line
Adam D. Barratt [Thu, 26 Sep 2019 17:20:55 +0000 (18:20 +0100)]
eximconf: split log_selector to one item per line

This makes it easier to add/remove items

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agoeximconf: force mail to Google to be routed via IPv4
Adam D. Barratt [Thu, 26 Sep 2019 17:18:09 +0000 (18:18 +0100)]
eximconf: force mail to Google to be routed via IPv4

Delivering mail to Google over IPv6 is tricky unless the stars align
in precisely the right manner. Doing so over IPv4 can still be
awkard, but is generally much simpler.

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agoeximconf: make NDRs contain only headers, not bodies
Adam D. Barratt [Thu, 26 Sep 2019 17:07:17 +0000 (18:07 +0100)]
eximconf: make NDRs contain only headers, not bodies

This helps avoid us being used as a potential part of redirected
"bounce spam".

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agoeximconf: add an alternative SMTP router for "single domain" domains
Adam D. Barratt [Thu, 26 Sep 2019 17:04:12 +0000 (18:04 +0100)]
eximconf: add an alternative SMTP router for "single domain" domains

These are domains that only allow a single recipient domain per SMTP
connection, in order to allow simple differentiation of filtering
options.

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agoexim: fix syntax error in exim_surbl.pl
Julien Cristau [Thu, 26 Sep 2019 12:57:22 +0000 (14:57 +0200)]
exim: fix syntax error in exim_surbl.pl

5 years agoexim: remove debconf hosts from debianhosts
Julien Cristau [Thu, 26 Sep 2019 12:36:57 +0000 (14:36 +0200)]
exim: remove debconf hosts from debianhosts

debconf.org email goes through the debian MXs now.

5 years agoMerge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet
Julien Cristau [Thu, 26 Sep 2019 12:14:16 +0000 (14:14 +0200)]
Merge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet

5 years agoFix package name
Peter Palfrader [Thu, 26 Sep 2019 07:38:09 +0000 (09:38 +0200)]
Fix package name

5 years agoAnd remove the file on or after 10.2
Peter Palfrader [Thu, 26 Sep 2019 07:35:38 +0000 (09:35 +0200)]
And remove the file on or after 10.2

5 years agoIgnore local package trapperkeeper-webserver-jetty9-clojure on puppetmaster, cf....
Peter Palfrader [Thu, 26 Sep 2019 07:34:59 +0000 (09:34 +0200)]
Ignore local package trapperkeeper-webserver-jetty9-clojure on puppetmaster, cf. Debian#924005, Debian#930562

5 years agoremove non-standard From header from Bacula emails
Peter Palfrader [Wed, 25 Sep 2019 20:28:07 +0000 (22:28 +0200)]
remove non-standard From header from Bacula emails

re Debian#935886, by anarcat

5 years agosimplify email_error default logic
Peter Palfrader [Wed, 25 Sep 2019 20:27:38 +0000 (22:27 +0200)]
simplify email_error default logic

(by anarcat)

5 years agoFix bacula email logic
Peter Palfrader [Wed, 25 Sep 2019 17:01:35 +0000 (19:01 +0200)]
Fix bacula email logic

5 years agoRevert "Since the conditional does not work for default values for params, fall back...
Peter Palfrader [Wed, 25 Sep 2019 17:01:00 +0000 (19:01 +0200)]
Revert "Since the conditional does not work for default values for params, fall back to sane defaults in code"

This reverts commit 75ce99c03293e2df071bcbb7f56694d192652586.

5 years agoSince the conditional does not work for default values for params, fall back to sane...
Peter Palfrader [Wed, 25 Sep 2019 16:52:36 +0000 (18:52 +0200)]
Since the conditional does not work for default values for params, fall back to sane defaults in code

5 years agoset email_error until we figure out how to fix it properly
Peter Palfrader [Wed, 25 Sep 2019 16:44:00 +0000 (18:44 +0200)]
set email_error until we figure out how to fix it properly

5 years agoOnly realize the director-from-client config if the director-from-client-via-storage...
Peter Palfrader [Wed, 25 Sep 2019 16:37:11 +0000 (18:37 +0200)]
Only realize the director-from-client config if the director-from-client-via-storage config is already there

5 years agoSplit up mail roles
Peter Palfrader [Wed, 25 Sep 2019 16:21:30 +0000 (18:21 +0200)]
Split up mail roles

5 years agoTry to wait for both network-online *and* unbound
Peter Palfrader [Wed, 25 Sep 2019 14:54:18 +0000 (16:54 +0200)]
Try to wait for both network-online *and* unbound

5 years agodefaults for db_address, db_port; move dbsslmode = verify-ca into the case where...
Peter Palfrader [Wed, 25 Sep 2019 12:57:31 +0000 (14:57 +0200)]
defaults for db_address, db_port; move dbsslmode = verify-ca into the case where we have a dbsslca

5 years agoList non-optional params first
Peter Palfrader [Wed, 25 Sep 2019 12:21:32 +0000 (14:21 +0200)]
List non-optional params first

5 years agoMove bacula::bacula_ssl_{server,client}_{cert,key} to hiera
Peter Palfrader [Wed, 25 Sep 2019 12:20:25 +0000 (14:20 +0200)]
Move bacula::bacula_ssl_{server,client}_{cert,key} to hiera

5 years agoMove bacula::bacula_ssl_ca_path to hiera
Peter Palfrader [Wed, 25 Sep 2019 12:09:45 +0000 (14:09 +0200)]
Move bacula::bacula_ssl_ca_path to hiera

5 years agos/bacula_ca_path/bacula_ssl_ca_path/
Peter Palfrader [Wed, 25 Sep 2019 12:01:48 +0000 (14:01 +0200)]
s/bacula_ca_path/bacula_ssl_ca_path/

5 years agoMove operator_email to hiera
Peter Palfrader [Wed, 25 Sep 2019 11:59:57 +0000 (13:59 +0200)]
Move operator_email to hiera

5 years agobacula_dsa_client_list and tag_bacula_dsa_client_list are not parameters
Peter Palfrader [Wed, 25 Sep 2019 11:58:01 +0000 (13:58 +0200)]
bacula_dsa_client_list and tag_bacula_dsa_client_list are not parameters

5 years agoDocument ferm::rule::simple
Peter Palfrader [Wed, 25 Sep 2019 11:41:15 +0000 (13:41 +0200)]
Document ferm::rule::simple

5 years agodsa_systemd::override: cleanup and make sure removal cleans the dir also
Peter Palfrader [Wed, 25 Sep 2019 11:05:06 +0000 (13:05 +0200)]
dsa_systemd::override: cleanup and make sure removal cleans the dir also

5 years agoMake rentention periods configurable with hiera, per client
Peter Palfrader [Wed, 25 Sep 2019 09:50:42 +0000 (11:50 +0200)]
Make rentention periods configurable with hiera, per client

5 years agoGlobally enable Heartbeat Interval
Peter Palfrader [Wed, 25 Sep 2019 09:40:05 +0000 (11:40 +0200)]
Globally enable Heartbeat Interval

5 years agoRemove defaults
Peter Palfrader [Wed, 25 Sep 2019 09:33:50 +0000 (11:33 +0200)]
Remove defaults

5 years agoUnify name of the Messages Resource
Peter Palfrader [Wed, 25 Sep 2019 09:31:24 +0000 (11:31 +0200)]
Unify name of the Messages Resource

5 years agoTry after unbound.service instead of network-online.target
Peter Palfrader [Wed, 25 Sep 2019 09:20:39 +0000 (11:20 +0200)]
Try after unbound.service instead of network-online.target

Doing the after network-online.target was not sufficient.

: Config error: Cannot add hostname(adayevskaya.debian.org) and port(9102) to addrlist (Cannot resolve hostname(adayevskaya.debian.org) Temporary failure in name resolution)
:             : line 23, col 5 of file /etc/bacula/bacula-fd.conf
:     }

5 years agoAll our systems are now at least Debian 9
Peter Palfrader [Wed, 25 Sep 2019 09:19:18 +0000 (11:19 +0200)]
All our systems are now at least Debian 9

5 years agosd and fd look up hostnames, so start them only after the network is online -a
Peter Palfrader [Wed, 25 Sep 2019 09:18:11 +0000 (11:18 +0200)]
sd and fd look up hostnames, so start them only after the network is online -a

5 years agoUse a variable that still exists to define the listen hostname
Peter Palfrader [Wed, 25 Sep 2019 09:13:14 +0000 (11:13 +0200)]
Use a variable that still exists to define the listen hostname

5 years agofd: also use the grep in public_addresses to learn if we support v4/v6
Peter Palfrader [Wed, 25 Sep 2019 09:08:22 +0000 (11:08 +0200)]
fd: also use the grep in public_addresses to learn if we support v4/v6

5 years agoPass pool-name token to volumes-delete-old
Peter Palfrader [Wed, 25 Sep 2019 09:00:15 +0000 (11:00 +0200)]
Pass pool-name token to volumes-delete-old

5 years agoTry to collect directors before we restart fd
Peter Palfrader [Wed, 25 Sep 2019 06:59:48 +0000 (08:59 +0200)]
Try to collect directors before we restart fd

5 years agoOnly restart once we have at least one file in the .d dir
Peter Palfrader [Wed, 25 Sep 2019 06:56:00 +0000 (08:56 +0200)]
Only restart once we have at least one file in the .d dir

5 years agoanother notify
Peter Palfrader [Wed, 25 Sep 2019 06:52:59 +0000 (08:52 +0200)]
another notify

5 years agoUnnecessary requires
Peter Palfrader [Wed, 25 Sep 2019 06:52:12 +0000 (08:52 +0200)]
Unnecessary requires

5 years agoAnd correct location and template for dir snippet on fd
Peter Palfrader [Wed, 25 Sep 2019 06:50:45 +0000 (08:50 +0200)]
And correct location and template for dir snippet on fd

5 years agoCorrect notify for dir snippet on fd
Peter Palfrader [Wed, 25 Sep 2019 06:49:33 +0000 (08:49 +0200)]
Correct notify for dir snippet on fd

5 years agoCorrect empty.conf location for fd
Peter Palfrader [Wed, 25 Sep 2019 06:48:42 +0000 (08:48 +0200)]
Correct empty.conf location for fd

5 years agoNew default dir name
Peter Palfrader [Wed, 25 Sep 2019 06:47:59 +0000 (08:47 +0200)]
New default dir name

5 years agoCreate an empty file in the FD's conf.d dir
Peter Palfrader [Wed, 25 Sep 2019 06:46:35 +0000 (08:46 +0200)]
Create an empty file in the FD's conf.d dir

5 years agoI do not think empty directories need a source => (these days)
Peter Palfrader [Wed, 25 Sep 2019 06:46:07 +0000 (08:46 +0200)]
I do not think empty directories need a source => (these days)

5 years agoGet director name from director
Peter Palfrader [Wed, 25 Sep 2019 06:40:28 +0000 (08:40 +0200)]
Get director name from director

5 years agomove director db pw to a more local thing
Peter Palfrader [Tue, 24 Sep 2019 22:40:26 +0000 (00:40 +0200)]
move director db pw to a more local thing

5 years agoGet the ssl variables from bacula:: as we have not inherited them
Peter Palfrader [Tue, 24 Sep 2019 22:35:48 +0000 (00:35 +0200)]
Get the ssl variables from bacula:: as we have not inherited them

5 years agocontinue with moving director address to a more local thing
Peter Palfrader [Tue, 24 Sep 2019 22:32:23 +0000 (00:32 +0200)]
continue with moving director address to a more local thing

5 years agocontinue with moving director name/address to a more local thing
Peter Palfrader [Tue, 24 Sep 2019 22:08:25 +0000 (00:08 +0200)]
continue with moving director name/address to a more local thing

5 years agoretire unused var
Peter Palfrader [Tue, 24 Sep 2019 22:02:28 +0000 (00:02 +0200)]
retire unused var

5 years agoMove ipv[46] check into the manifest
Peter Palfrader [Tue, 24 Sep 2019 22:00:29 +0000 (00:00 +0200)]
Move ipv[46] check into the manifest

5 years agoMake a few Strings be Stdlib::Host
Peter Palfrader [Tue, 24 Sep 2019 21:53:42 +0000 (23:53 +0200)]
Make a few Strings be Stdlib::Host

5 years agoRemove bacula-monitor. This seems unused for now, but we can always bring it back...
Peter Palfrader [Tue, 24 Sep 2019 21:36:14 +0000 (23:36 +0200)]
Remove bacula-monitor.  This seems unused for now, but we can always bring it back if we think it necessary

5 years agostart with moving director name to a more local thing
Peter Palfrader [Tue, 24 Sep 2019 21:31:05 +0000 (23:31 +0200)]
start with moving director name to a more local thing

5 years agoAnd storage name is sd local
Peter Palfrader [Tue, 24 Sep 2019 21:27:23 +0000 (23:27 +0200)]
And storage name is sd local

5 years agoAnd pass the right variable
Peter Palfrader [Tue, 24 Sep 2019 21:20:59 +0000 (23:20 +0200)]
And pass the right variable

5 years agoand use new variable in template
Peter Palfrader [Tue, 24 Sep 2019 21:19:15 +0000 (23:19 +0200)]
and use new variable in template

5 years agoCreate client name and secret in the fd and ship
Peter Palfrader [Tue, 24 Sep 2019 21:15:01 +0000 (23:15 +0200)]
Create client name and secret in the fd and ship

5 years agoand use fqdn in hkdf
Peter Palfrader [Tue, 24 Sep 2019 21:04:55 +0000 (23:04 +0200)]
and use fqdn in hkdf

5 years agoMake director_secret for bconsole something local to the director class
Peter Palfrader [Tue, 24 Sep 2019 21:04:27 +0000 (23:04 +0200)]
Make director_secret for bconsole something local to the director class

5 years agoMake bacula_director_port something local to the director class
Peter Palfrader [Tue, 24 Sep 2019 21:00:28 +0000 (23:00 +0200)]
Make bacula_director_port something local to the director class

5 years agoexplicitly pass client name around
Peter Palfrader [Tue, 24 Sep 2019 20:42:09 +0000 (22:42 +0200)]
explicitly pass client name around

5 years agoGive the RestoreFiles Job needs a pool. any pool.
Peter Palfrader [Tue, 24 Sep 2019 20:36:57 +0000 (22:36 +0200)]
Give the RestoreFiles Job needs a pool.  any pool.

5 years agoeximconf: add submission-domains to file list
Adam D. Barratt [Tue, 24 Sep 2019 20:33:13 +0000 (21:33 +0100)]
eximconf: add submission-domains to file list

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agoeximconf: remove explicit inclusion of 82.195.75.76
Adam D. Barratt [Tue, 24 Sep 2019 20:24:10 +0000 (21:24 +0100)]
eximconf: remove explicit inclusion of 82.195.75.76

Was apparently once a DebConf host but is now a standard d.o host

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agospell storage better
Peter Palfrader [Tue, 24 Sep 2019 19:58:47 +0000 (21:58 +0200)]
spell storage better

5 years agodifferent name
Peter Palfrader [Tue, 24 Sep 2019 19:43:15 +0000 (21:43 +0200)]
different name

5 years agoSplit the director config coming from each node in two parts: one that comes from...
Peter Palfrader [Tue, 24 Sep 2019 19:12:05 +0000 (21:12 +0200)]
Split the director config coming from each node in two parts:  one that comes from the client directly and one that goes via the storage

5 years agoMove device name, media type name, and archive device construction to the manifest
Peter Palfrader [Tue, 24 Sep 2019 14:29:29 +0000 (16:29 +0200)]
Move device name, media type name, and archive device construction to the manifest

5 years agoeximconf: remove inaccurate comment
Adam D. Barratt [Tue, 24 Sep 2019 19:50:14 +0000 (20:50 +0100)]
eximconf: remove inaccurate comment

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agoeximconf: use a more idiomatic way of "resetting" a variable
Adam D. Barratt [Tue, 24 Sep 2019 19:48:22 +0000 (20:48 +0100)]
eximconf: use a more idiomatic way of "resetting" a variable

An empty string is as valid as any other, so there's no need for hacks.

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agoeximconf: add notes on files sourced from UD
Adam D. Barratt [Tue, 24 Sep 2019 18:07:30 +0000 (19:07 +0100)]
eximconf: add notes on files sourced from UD

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agoexim_surbl: disable DBL lookups
Adam D. Barratt [Tue, 24 Sep 2019 16:59:05 +0000 (17:59 +0100)]
exim_surbl: disable DBL lookups

Probably shouldn't be enabled without some discussion

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agoeximconf: drop etch-specific comment
Adam D. Barratt [Tue, 24 Sep 2019 16:49:20 +0000 (17:49 +0100)]
eximconf: drop etch-specific comment

It's a little obsolete by now

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agoexim/manifests/init.pp: fix typo
Adam D. Barratt [Tue, 24 Sep 2019 16:48:29 +0000 (17:48 +0100)]
exim/manifests/init.pp: fix typo

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agoprefix petrova volume at bm with OLD-
Julien Cristau [Tue, 24 Sep 2019 16:26:10 +0000 (18:26 +0200)]
prefix petrova volume at bm with OLD-

5 years agoticharich no longer needs access to bmdb1
Julien Cristau [Tue, 24 Sep 2019 15:22:01 +0000 (17:22 +0200)]
ticharich no longer needs access to bmdb1

The tracker db was moved to danzi

5 years agoprefix paradis volumes at bm with OLD-
Julien Cristau [Tue, 24 Sep 2019 14:55:22 +0000 (16:55 +0200)]
prefix paradis volumes at bm with OLD-

5 years agoUndo wrong search/replace
Peter Palfrader [Tue, 24 Sep 2019 14:20:15 +0000 (16:20 +0200)]
Undo wrong search/replace

5 years agorename bacula::node to bacula::director::client
Peter Palfrader [Tue, 24 Sep 2019 13:52:20 +0000 (15:52 +0200)]
rename bacula::node to bacula::director::client

5 years agoMove filestore device and media type name to the storage, part I
Peter Palfrader [Tue, 24 Sep 2019 13:31:03 +0000 (15:31 +0200)]
Move filestore device and media type name to the storage, part I

For now for config on the storage node.  Not yet for config
pushed from the client to the director.

Also rename bacula::storage_per_node to bacula::storage::client.

5 years agobackup-path should be something that only the storage system should need to care...
Peter Palfrader [Tue, 24 Sep 2019 12:24:57 +0000 (14:24 +0200)]
backup-path should be something that only the storage system should need to care about

5 years agomove the onion address lookup for people.d.o to the template
Julien Cristau [Tue, 24 Sep 2019 11:32:26 +0000 (13:32 +0200)]
move the onion address lookup for people.d.o to the template

5 years agoRestore an empty line in sshd_config
Julien Cristau [Tue, 24 Sep 2019 10:23:24 +0000 (12:23 +0200)]
Restore an empty line in sshd_config

5 years agoFix typo
Julien Cristau [Tue, 24 Sep 2019 10:16:10 +0000 (12:16 +0200)]
Fix typo

5 years agomove sshd extra ports to class params instead of hardcoded in the template
Julien Cristau [Tue, 24 Sep 2019 10:12:24 +0000 (12:12 +0200)]
move sshd extra ports to class params instead of hardcoded in the template