mirror/dsa-puppet.git
9 years agoNew leap second
Peter Palfrader [Fri, 9 Jan 2015 19:00:44 +0000 (20:00 +0100)]
New leap second

9 years agort-mailgate needs the ca-debian workaround too
Paul Wise [Wed, 7 Jan 2015 15:12:58 +0000 (23:12 +0800)]
rt-mailgate needs the ca-debian workaround too

9 years agoThe snakeoil key is handled by puppet also.
Paul Wise [Wed, 7 Jan 2015 07:06:52 +0000 (15:06 +0800)]
The snakeoil key is handled by puppet also.

9 years agoWe still have some debian.org certs signed by SPI and USERFirst
Paul Wise [Wed, 7 Jan 2015 06:43:04 +0000 (14:43 +0800)]
We still have some debian.org certs signed by SPI and USERFirst

9 years agoTrailing line ending characters are sometimes nice
Paul Wise [Wed, 7 Jan 2015 06:11:01 +0000 (14:11 +0800)]
Trailing line ending characters are sometimes nice

9 years agoFix typo
Paul Wise [Wed, 7 Jan 2015 06:09:14 +0000 (14:09 +0800)]
Fix typo

9 years agoEnforce SSL configuration using puppet, add dirs for debian and global CAs
Paul Wise [Wed, 31 Dec 2014 02:32:55 +0000 (10:32 +0800)]
Enforce SSL configuration using puppet, add dirs for debian and global CAs

9 years agoRemove any references to ahbl.org blocklists as they have shut down (re: RT#5684)
Peter Palfrader [Tue, 6 Jan 2015 20:20:04 +0000 (21:20 +0100)]
Remove any references to ahbl.org blocklists as they have shut down (re: RT#5684)

9 years agoFix typo
Paul Wise [Tue, 6 Jan 2015 16:52:49 +0000 (00:52 +0800)]
Fix typo

9 years agoSkip processes that no longer exist
Paul Wise [Tue, 6 Jan 2015 14:53:24 +0000 (22:53 +0800)]
Skip processes that no longer exist

9 years agocdn.debian.net has been deprecated, replace it with http.debian.net
Paul Wise [Sat, 3 Jan 2015 03:46:06 +0000 (11:46 +0800)]
cdn.debian.net has been deprecated, replace it with http.debian.net

https://lists.debian.org/CAG2RKXMdBLL-vSFW6dEu4P0NwT7qqor3PxVQDu-mwrM1J-6opw@mail.gmail.com

9 years agoWork around service(8) not reloading syslog-ng correctly
Tollef Fog Heen [Fri, 2 Jan 2015 17:19:30 +0000 (18:19 +0100)]
Work around service(8) not reloading syslog-ng correctly

It seems systemd fails to mark syslog-ng as reloadable, which in turn
leads to invoke-rc.d failing.  Just call systemctl directly if we're
running systemd to work around this.

10 years agodd-schroot-cmd: Relax session name check
James McCoy [Wed, 31 Dec 2014 03:01:18 +0000 (22:01 -0500)]
dd-schroot-cmd: Relax session name check

As per schroot.conf(5):

  A  number  of characters or words are not permitted in a chroot name,
  session name or configuration filename.  The name may not contain a
  leading period (‘.’).  The characters ‘:’ (colon), ‘,’ (comma) and ‘/’
  (forward slash) are not permitted anywhere in the name.  The name may
  also not contain  a  trailing  tilde  (‘~’).

Relaxing the session name check in get_session_owner to better align
with schroot's actual restrictions reduces the chance that a user will
create a session yet be unable to manipulate it with dd-schroot-cmd.

Signed-off-by: James McCoy <jamessan@debian.org>
Signed-off-by: Paul Wise <pabs@debian.org>
10 years agorun ntp everywhere again
Martin Zobel-Helas [Sun, 28 Dec 2014 09:57:45 +0000 (09:57 +0000)]
run ntp everywhere again

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
10 years agoRevert "disable oyens for now"
Martin Zobel-Helas [Sat, 27 Dec 2014 15:05:58 +0000 (15:05 +0000)]
Revert "disable oyens for now"

This reverts commit 57a38b9f3f9858c0619de09d7b3d01e86c599f9c.

10 years agodisable oyens for now
Martin Zobel-Helas [Tue, 23 Dec 2014 22:21:10 +0000 (22:21 +0000)]
disable oyens for now

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
10 years agoFix apache2/jessie conf-enabled symlinks
Peter Palfrader [Tue, 23 Dec 2014 12:19:19 +0000 (12:19 +0000)]
Fix apache2/jessie conf-enabled symlinks

10 years agoFirst attempt at making apache conf stuff work on jessie
Peter Palfrader [Tue, 23 Dec 2014 12:11:16 +0000 (13:11 +0100)]
First attempt at making apache conf stuff work on jessie

10 years agoUpdate security.conf to version from jessie, but keep ServerTokens at ProductOnly
Peter Palfrader [Tue, 23 Dec 2014 12:07:04 +0000 (13:07 +0100)]
Update security.conf to version from jessie, but keep ServerTokens at ProductOnly

10 years agos/search-/cgi-/
Peter Palfrader [Tue, 23 Dec 2014 09:26:45 +0000 (10:26 +0100)]
s/search-/cgi-/

10 years agoAdd stunnel for search
Peter Palfrader [Tue, 23 Dec 2014 09:13:24 +0000 (10:13 +0100)]
Add stunnel for search

10 years agoautofs: ensure nfsv4 module is loaded
Héctor Orón Martínez [Mon, 22 Dec 2014 11:21:56 +0000 (12:21 +0100)]
autofs: ensure nfsv4 module is loaded

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
10 years agostable may run ntp again
Peter Palfrader [Sat, 20 Dec 2014 20:45:00 +0000 (21:45 +0100)]
stable may run ntp again

10 years agoUpdate leap-seconds.list. Not that any new ones have been added.
Peter Palfrader [Sat, 20 Dec 2014 20:43:33 +0000 (21:43 +0100)]
Update leap-seconds.list.  Not that any new ones have been added.

10 years agoAnd another loghost-grnet-01 fix
Peter Palfrader [Sat, 20 Dec 2014 17:07:39 +0000 (18:07 +0100)]
And another loghost-grnet-01 fix

10 years agoNew cert for db
Peter Palfrader [Sat, 20 Dec 2014 15:51:20 +0000 (16:51 +0100)]
New cert for db

10 years agoNew cert for piuparts
Peter Palfrader [Sat, 20 Dec 2014 13:58:19 +0000 (14:58 +0100)]
New cert for piuparts

10 years agoNew cert for packages
Peter Palfrader [Sat, 20 Dec 2014 13:57:47 +0000 (14:57 +0100)]
New cert for packages

10 years agoNew cert for bugs-master
Peter Palfrader [Sat, 20 Dec 2014 13:56:52 +0000 (14:56 +0100)]
New cert for bugs-master

10 years agoNew cert for rtc
Peter Palfrader [Sat, 20 Dec 2014 13:56:26 +0000 (14:56 +0100)]
New cert for rtc

10 years agoNew cert for sip-ws
Peter Palfrader [Sat, 20 Dec 2014 13:55:55 +0000 (14:55 +0100)]
New cert for sip-ws

10 years agoNew cert for bugs
Peter Palfrader [Sat, 20 Dec 2014 13:55:17 +0000 (14:55 +0100)]
New cert for bugs

10 years agoDo not run ntpd for now
Peter Palfrader [Sat, 20 Dec 2014 13:30:48 +0000 (13:30 +0000)]
Do not run ntpd for now

10 years agonew vote cert
Peter Palfrader [Wed, 17 Dec 2014 15:59:21 +0000 (16:59 +0100)]
new vote cert

10 years agonew release cert
Peter Palfrader [Wed, 17 Dec 2014 15:57:34 +0000 (16:57 +0100)]
new release cert

10 years agonew nagios cert
Peter Palfrader [Wed, 17 Dec 2014 15:56:42 +0000 (16:56 +0100)]
new nagios cert

10 years agonew munin cert
Peter Palfrader [Wed, 17 Dec 2014 15:55:54 +0000 (16:55 +0100)]
new munin cert

10 years agonew ftp-master cert
Peter Palfrader [Wed, 17 Dec 2014 15:55:21 +0000 (16:55 +0100)]
new ftp-master cert

10 years agonew www cert
Peter Palfrader [Wed, 17 Dec 2014 15:42:08 +0000 (16:42 +0100)]
new www cert

10 years agonew dsa cert
Peter Palfrader [Wed, 17 Dec 2014 15:41:30 +0000 (16:41 +0100)]
new dsa cert

10 years agonew contributors cert
Peter Palfrader [Wed, 17 Dec 2014 14:50:02 +0000 (15:50 +0100)]
new contributors cert

10 years agonew sso cert
Peter Palfrader [Wed, 17 Dec 2014 14:48:52 +0000 (15:48 +0100)]
new sso cert

10 years agonew security-tracker cert
Peter Palfrader [Wed, 17 Dec 2014 14:48:28 +0000 (15:48 +0100)]
new security-tracker cert

10 years agonew rt cert
Peter Palfrader [Wed, 17 Dec 2014 14:47:53 +0000 (15:47 +0100)]
new rt cert

10 years agonew nm cert
Peter Palfrader [Wed, 17 Dec 2014 14:47:14 +0000 (15:47 +0100)]
new nm cert

10 years agoUpdate buildd CA TA to new gandi cert for jessie hosts
Peter Palfrader [Wed, 17 Dec 2014 09:26:23 +0000 (10:26 +0100)]
Update buildd CA TA to new gandi cert for jessie hosts

10 years agoRemove unneeded variable
Peter Palfrader [Wed, 17 Dec 2014 09:25:39 +0000 (10:25 +0100)]
Remove unneeded variable

10 years agonew buildd cert
Peter Palfrader [Tue, 16 Dec 2014 13:57:53 +0000 (14:57 +0100)]
new buildd cert

10 years agonew lists cert
Peter Palfrader [Tue, 16 Dec 2014 13:33:11 +0000 (14:33 +0100)]
new lists cert

10 years agonew udd cert
Peter Palfrader [Tue, 16 Dec 2014 13:31:11 +0000 (14:31 +0100)]
new udd cert

10 years agonew udd cert
Peter Palfrader [Tue, 16 Dec 2014 13:14:11 +0000 (14:14 +0100)]
new udd cert

10 years agonagios needs to be able to run systemctl as root otherwise dbus is needed
Paul Wise [Mon, 15 Dec 2014 22:46:45 +0000 (06:46 +0800)]
nagios needs to be able to run systemctl as root otherwise dbus is needed

10 years agoand different names for v6 rules
Martin Zobel-Helas [Sat, 13 Dec 2014 10:26:36 +0000 (11:26 +0100)]
and different names for v6 rules

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
10 years agoadd IPv6 range (second try)
Martin Zobel-Helas [Sat, 13 Dec 2014 10:24:42 +0000 (11:24 +0100)]
add IPv6 range (second try)

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
10 years agoRevert "add IPv6 range"
Martin Zobel-Helas [Sat, 13 Dec 2014 10:18:06 +0000 (11:18 +0100)]
Revert "add IPv6 range"

This reverts commit fc978e2bb512bf85d82d054d6086b926a3769bd5.

10 years agoadd IPv6 range
Martin Zobel-Helas [Sat, 13 Dec 2014 10:14:47 +0000 (11:14 +0100)]
add IPv6 range

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
10 years agoUse ruby1.9.1 to avoid ruby1.8 + puppetd segfaults on ball
Paul Wise [Thu, 11 Dec 2014 03:54:10 +0000 (11:54 +0800)]
Use ruby1.9.1 to avoid ruby1.8 + puppetd segfaults on ball

More info: https://lists.debian.org/1418271834.28231.36.camel@debian.org

10 years agoBetter with a newline
Peter Palfrader [Wed, 10 Dec 2014 19:54:28 +0000 (20:54 +0100)]
Better with a newline

10 years agoAdd /etc/schroot/buildd/config with CHROOT_FILE_UNPACK_DIR=/srv/buildd/unpack if...
Peter Palfrader [Wed, 10 Dec 2014 19:52:53 +0000 (20:52 +0100)]
Add /etc/schroot/buildd/config with CHROOT_FILE_UNPACK_DIR=/srv/buildd/unpack if /srv/buildd exists

10 years agoenable ud-replicated.service
Peter Palfrader [Tue, 9 Dec 2014 21:11:33 +0000 (22:11 +0100)]
enable ud-replicated.service

10 years agoFix regex in bacula-backup-dirs
Peter Palfrader [Tue, 9 Dec 2014 20:47:56 +0000 (21:47 +0100)]
Fix regex in bacula-backup-dirs

10 years agoAdd minkus
Peter Palfrader [Tue, 9 Dec 2014 18:17:00 +0000 (19:17 +0100)]
Add minkus

10 years agoFix several dedication lines (format violations)
Peter Palfrader [Tue, 9 Dec 2014 18:16:16 +0000 (19:16 +0100)]
Fix several dedication lines (format violations)

10 years agoMake sure geoip-database is installed on geo nameservers
Peter Palfrader [Sun, 7 Dec 2014 18:43:33 +0000 (19:43 +0100)]
Make sure geoip-database is installed on geo nameservers

10 years agoferm: allow debsources access
Héctor Orón Martínez [Sun, 7 Dec 2014 17:10:41 +0000 (18:10 +0100)]
ferm: allow debsources access

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
10 years agoMake setup-buildd not fail when there is nothing wrong
Peter Palfrader [Sun, 7 Dec 2014 16:46:53 +0000 (17:46 +0100)]
Make setup-buildd not fail when there is nothing wrong

10 years agoautofs: add bm sor
Héctor Orón Martínez [Sun, 7 Dec 2014 16:10:42 +0000 (17:10 +0100)]
autofs: add bm sor

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
10 years agoStop using always-broken http.debian.net
Peter Palfrader [Sun, 7 Dec 2014 10:02:28 +0000 (11:02 +0100)]
Stop using always-broken http.debian.net

10 years agofix variable use
Peter Palfrader [Sun, 7 Dec 2014 09:43:23 +0000 (10:43 +0100)]
fix variable use

10 years agoEnable ssh_host_ed25519_key if it exists
Peter Palfrader [Sun, 7 Dec 2014 09:41:51 +0000 (10:41 +0100)]
Enable ssh_host_ed25519_key if it exists

10 years agoMove ServerKeyBits to 1024, the new default in jessie - this only affects version...
Peter Palfrader [Sun, 7 Dec 2014 09:41:36 +0000 (10:41 +0100)]
Move ServerKeyBits to 1024, the new default in jessie - this only affects version 1 anyhow, but still

10 years agoremove unnecessary (and broken) onlyif
Peter Palfrader [Sun, 7 Dec 2014 09:35:27 +0000 (10:35 +0100)]
remove unnecessary (and broken) onlyif

10 years agoCreate ssh ed25519 hostkeys on jessie
Peter Palfrader [Sun, 7 Dec 2014 09:33:53 +0000 (10:33 +0100)]
Create ssh ed25519 hostkeys on jessie

10 years agoAdd Sakura Internet to the list of hosters
Paul Wise [Sun, 7 Dec 2014 05:42:55 +0000 (13:42 +0800)]
Add Sakura Internet to the list of hosters

10 years agodebian-org: new host dedication - sor.d.o (debsources)
Héctor Orón Martínez [Sat, 6 Dec 2014 01:39:24 +0000 (02:39 +0100)]
debian-org: new host dedication - sor.d.o (debsources)

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
10 years agomultipath: add sor and sor-lvm (debsources service)
Héctor Orón Martínez [Sat, 6 Dec 2014 00:48:38 +0000 (01:48 +0100)]
multipath: add sor and sor-lvm (debsources service)

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
10 years agoAdd our own syslog-ng service file for now
Peter Palfrader [Fri, 5 Dec 2014 21:57:36 +0000 (22:57 +0100)]
Add our own syslog-ng service file for now

10 years agoActuall add a ud-replicated service file
Peter Palfrader [Fri, 5 Dec 2014 21:55:18 +0000 (21:55 +0000)]
Actuall add a ud-replicated service file

10 years agoAdd a ud-replicated service file
Peter Palfrader [Fri, 5 Dec 2014 21:45:54 +0000 (21:45 +0000)]
Add a ud-replicated service file

10 years agoChange factor to one that puppet likes better
Peter Palfrader [Fri, 5 Dec 2014 21:45:44 +0000 (21:45 +0000)]
Change factor to one that puppet likes better

10 years agoAdd systemd factoid
Peter Palfrader [Fri, 5 Dec 2014 21:33:17 +0000 (22:33 +0100)]
Add systemd factoid

10 years agoOn new buildds, re-create schroots weekly
Peter Palfrader [Fri, 5 Dec 2014 18:18:49 +0000 (19:18 +0100)]
On new buildds, re-create schroots weekly

10 years agofix var name
Peter Palfrader [Fri, 5 Dec 2014 18:16:16 +0000 (19:16 +0100)]
fix var name

10 years agoonly include /srv/build-trees in fstab if it exists
Peter Palfrader [Fri, 5 Dec 2014 18:15:03 +0000 (19:15 +0100)]
only include /srv/build-trees in fstab if it exists

10 years agoAdd paths facter
Peter Palfrader [Fri, 5 Dec 2014 18:04:15 +0000 (19:04 +0100)]
Add paths facter

10 years agoMove setup-* from porterbox to schroot module
Peter Palfrader [Fri, 5 Dec 2014 17:59:10 +0000 (18:59 +0100)]
Move setup-* from porterbox to schroot module

10 years agoFurther setup-dchroot tweaks
Peter Palfrader [Fri, 5 Dec 2014 17:58:18 +0000 (18:58 +0100)]
Further setup-dchroot tweaks

10 years agoIgnore some schroot files
Peter Palfrader [Fri, 5 Dec 2014 15:40:07 +0000 (16:40 +0100)]
Ignore some schroot files

10 years agojessie has backports
Peter Palfrader [Thu, 4 Dec 2014 21:10:50 +0000 (22:10 +0100)]
jessie has backports

10 years agoDo not savelog with -d
Peter Palfrader [Thu, 4 Dec 2014 21:09:08 +0000 (22:09 +0100)]
Do not savelog with -d

10 years agoAlso load 99porterbox-extra-apt-options and 99porterbox-extra-sources with profile...
Peter Palfrader [Thu, 4 Dec 2014 21:06:04 +0000 (22:06 +0100)]
Also load 99porterbox-extra-apt-options and 99porterbox-extra-sources with profile buildd-dsa

10 years agoUpdate chroot creation scripts to also build buildd chroots
Peter Palfrader [Thu, 4 Dec 2014 20:36:08 +0000 (21:36 +0100)]
Update chroot creation scripts to also build buildd chroots

10 years agolvm config for prokofiev
Peter Palfrader [Thu, 4 Dec 2014 18:15:29 +0000 (19:15 +0100)]
lvm config for prokofiev

10 years agoHandle the upgrade from ulogd to ulogd2 in jessie and later.
Paul Wise [Thu, 4 Dec 2014 07:43:27 +0000 (15:43 +0800)]
Handle the upgrade from ulogd to ulogd2 in jessie and later.

Use augeas to handle modifying the existing ulogd2 logrotate config.

Remove instead of purge ulogd because it deletes log files on purge.

Remove the puppet installed logrotate config for ulogd.

Eliminates mails like these:

/etc/cron.daily/logrotate:
error: ulogd2:1 duplicate log entry for /var/log/ulog/syslogemu.log

10 years agoPort the v4ips & v6ips Facter functions to Ruby 1.9 from Debian wheezy/jessie
Paul Wise [Wed, 3 Dec 2014 23:19:25 +0000 (07:19 +0800)]
Port the v4ips & v6ips Facter functions to Ruby 1.9 from Debian wheezy/jessie

This fixes these warnings from new hosts and fixes puppet IP address discovery:

Unable to add resolve nil for fact v4ips: undefined method `each' for #<String:0x0001000707f410>
Unable to add resolve nil for fact v6ips: undefined method `each' for #<String:0x0001000707e808>

Thanks-to: zeha & gwolf on the #debian-ruby channel

10 years agoremove from non-bacula
Martin Zobel-Helas [Mon, 1 Dec 2014 09:24:55 +0000 (09:24 +0000)]
remove from non-bacula

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
10 years agono apache2_www_mirror for setoguchi
Martin Zobel-Helas [Mon, 1 Dec 2014 08:59:37 +0000 (08:59 +0000)]
no apache2_www_mirror for setoguchi

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
10 years agoadd setoguchi
Martin Zobel-Helas [Sun, 30 Nov 2014 22:48:13 +0000 (22:48 +0000)]
add setoguchi

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
10 years agoRemove monit on jessie
Peter Palfrader [Sun, 30 Nov 2014 10:05:59 +0000 (10:05 +0000)]
Remove monit on jessie

10 years agoSyntax fix
Peter Palfrader [Sun, 30 Nov 2014 09:46:40 +0000 (10:46 +0100)]
Syntax fix