mirror/dsa-puppet.git
5 years agopuppet rule to create an empty ferm chain
Peter Palfrader [Sun, 29 Sep 2019 14:13:55 +0000 (16:13 +0200)]
puppet rule to create an empty ferm chain

5 years agoDon't hardcode bacula director host name
Julien Cristau [Sun, 29 Sep 2019 14:05:41 +0000 (16:05 +0200)]
Don't hardcode bacula director host name

5 years agobetter instance names for pg clusters
Peter Palfrader [Sun, 29 Sep 2019 14:00:57 +0000 (16:00 +0200)]
better instance names for pg clusters

5 years agoreload ferm when files are removed
Peter Palfrader [Sun, 29 Sep 2019 13:59:29 +0000 (15:59 +0200)]
reload ferm when files are removed

5 years agoroles::postgresql::server now sets up postgres::cluster for all clusters
Peter Palfrader [Sun, 29 Sep 2019 13:53:43 +0000 (15:53 +0200)]
roles::postgresql::server now sets up postgres::cluster for all clusters

Setting up backup moved to postgres::cluster which includes
postgres::backup_cluster if requested.

All the backup firewall access should be done via pg_hba entries now.

5 years agofix entry name
Peter Palfrader [Sun, 29 Sep 2019 13:29:43 +0000 (15:29 +0200)]
fix entry name

5 years agoMake the bacula director node request DB access from its role
Peter Palfrader [Sun, 29 Sep 2019 13:27:54 +0000 (15:27 +0200)]
Make the bacula director node request DB access from its role

5 years agoMake the bacula storage node request DB access from its role
Peter Palfrader [Sun, 29 Sep 2019 13:24:51 +0000 (15:24 +0200)]
Make the bacula storage node request DB access from its role

5 years agoAlso collect entries that only knew the port
Peter Palfrader [Sun, 29 Sep 2019 13:23:08 +0000 (15:23 +0200)]
Also collect entries that only knew the port

5 years agowe care about the first element of the array
Peter Palfrader [Sun, 29 Sep 2019 13:19:25 +0000 (15:19 +0200)]
we care about the first element of the array

5 years agoproviding either a port or a version/clustername pair to hba_entry should suffice
Peter Palfrader [Sun, 29 Sep 2019 13:17:17 +0000 (15:17 +0200)]
providing either a port or a version/clustername pair to hba_entry should suffice

5 years agoeximconf: fix typo in comment
Julien Cristau [Sun, 29 Sep 2019 11:50:54 +0000 (13:50 +0200)]
eximconf: fix typo in comment

5 years agoMerge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet
Julien Cristau [Sun, 29 Sep 2019 11:48:50 +0000 (13:48 +0200)]
Merge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet

5 years agounique postgres::cluster::hba_entry names for hosts with more than one cluster
Peter Palfrader [Sun, 29 Sep 2019 10:43:19 +0000 (12:43 +0200)]
unique postgres::cluster::hba_entry names for hosts with more than one cluster

5 years agoMove backup replication hba_entry to backup_cluster
Peter Palfrader [Sun, 29 Sep 2019 10:39:59 +0000 (12:39 +0200)]
Move backup replication hba_entry to backup_cluster

5 years agoRemove manual fw for dinis/storace access to postgresql-manda-01
Peter Palfrader [Sun, 29 Sep 2019 09:02:18 +0000 (11:02 +0200)]
Remove manual fw for dinis/storace access to postgresql-manda-01

5 years agoFirst attempt to configure pg_hba of the bacula cluster
Peter Palfrader [Sun, 29 Sep 2019 09:00:37 +0000 (11:00 +0200)]
First attempt to configure pg_hba of the bacula cluster

We will want to split this and hardcode less in the future.

5 years agoStart with pg cluster configuration
Peter Palfrader [Sun, 29 Sep 2019 08:57:49 +0000 (10:57 +0200)]
Start with pg cluster configuration

5 years agofirwalling for pg basebackup
Peter Palfrader [Sat, 28 Sep 2019 20:18:02 +0000 (22:18 +0200)]
firwalling for pg basebackup

5 years agoFix path in postgres-make-base-backups file redirection
Peter Palfrader [Sat, 28 Sep 2019 20:08:36 +0000 (22:08 +0200)]
Fix path in postgres-make-base-backups file redirection

5 years agoold-style roles are gone
Peter Palfrader [Sat, 28 Sep 2019 19:47:56 +0000 (21:47 +0200)]
old-style roles are gone

5 years agoenable snapshotdb-manda-01.debian.org to read sallinen's backups
Peter Palfrader [Sat, 28 Sep 2019 19:45:14 +0000 (21:45 +0200)]
enable snapshotdb-manda-01.debian.org to read sallinen's backups

5 years agolw07 no longer runs a snapshot pg db
Peter Palfrader [Sat, 28 Sep 2019 19:39:58 +0000 (21:39 +0200)]
lw07 no longer runs a snapshot pg db

5 years agoTry to configure --read-allow via hiera
Peter Palfrader [Sat, 28 Sep 2019 19:30:55 +0000 (21:30 +0200)]
Try to configure --read-allow via hiera

5 years agomove debbackup-ssh-wrap from dsa-misc to puppet
Peter Palfrader [Sat, 28 Sep 2019 19:16:13 +0000 (21:16 +0200)]
move debbackup-ssh-wrap from dsa-misc to puppet

5 years agoTry to modernize pg wal shipping ssh setup, step 2
Peter Palfrader [Sat, 28 Sep 2019 19:13:27 +0000 (21:13 +0200)]
Try to modernize pg wal shipping ssh setup, step 2

5 years agoTry to modernize pg wal shipping ssh setup
Peter Palfrader [Sat, 28 Sep 2019 19:07:28 +0000 (21:07 +0200)]
Try to modernize pg wal shipping ssh setup

5 years agoUse template variable from the correct scope
Peter Palfrader [Sat, 28 Sep 2019 19:01:41 +0000 (21:01 +0200)]
Use template variable from the correct scope

5 years agofix a class name
Peter Palfrader [Sat, 28 Sep 2019 18:59:17 +0000 (20:59 +0200)]
fix a class name

5 years agoReplace debbackup with parameterized username in most places
Peter Palfrader [Sat, 28 Sep 2019 18:58:10 +0000 (20:58 +0200)]
Replace debbackup with parameterized username in most places

5 years agocleanup
Peter Palfrader [Sat, 28 Sep 2019 18:50:49 +0000 (20:50 +0200)]
cleanup

5 years agoTry something else to get a default for postgres::backup_cluster::db_backup_role
Peter Palfrader [Sat, 28 Sep 2019 18:48:16 +0000 (20:48 +0200)]
Try something else to get a default for postgres::backup_cluster::db_backup_role

5 years agowhitespace
Peter Palfrader [Sat, 28 Sep 2019 18:44:46 +0000 (20:44 +0200)]
whitespace

5 years agoMove backup role name to hiera
Peter Palfrader [Sat, 28 Sep 2019 18:30:27 +0000 (20:30 +0200)]
Move backup role name to hiera

5 years agoMove pg-receive-file-from-backup to postgres module
Peter Palfrader [Sat, 28 Sep 2019 18:28:32 +0000 (20:28 +0200)]
Move pg-receive-file-from-backup to postgres module

5 years agofix paths
Peter Palfrader [Sat, 28 Sep 2019 18:27:20 +0000 (20:27 +0200)]
fix paths

5 years agopg-backup-file.conf.erb: Remove obsolete special casing
Peter Palfrader [Sat, 28 Sep 2019 18:26:39 +0000 (20:26 +0200)]
pg-backup-file.conf.erb: Remove obsolete special casing

5 years agoMove files for pg-backup-file from roles to postgres module
Peter Palfrader [Sat, 28 Sep 2019 18:25:07 +0000 (20:25 +0200)]
Move files for pg-backup-file from roles to postgres module

5 years agoMove backup-server specific sudoers entries out of debian-global sudo
Peter Palfrader [Sat, 28 Sep 2019 18:20:37 +0000 (20:20 +0200)]
Move backup-server specific sudoers entries out of debian-global sudo

5 years agoMove $make_base_backups to postgres::backup_server as it is local there; make some...
Peter Palfrader [Sat, 28 Sep 2019 18:14:21 +0000 (20:14 +0200)]
Move $make_base_backups to postgres::backup_server as it is local there; make some strings in postgres::backup_server::globals parameters

5 years agosibelius and chopin no longer run relevant pg instances or even exist
Peter Palfrader [Sat, 28 Sep 2019 17:59:51 +0000 (19:59 +0200)]
sibelius and chopin no longer run relevant pg instances or even exist

5 years agorename dsa-check-backuppg-manual.conf
Peter Palfrader [Sat, 28 Sep 2019 17:58:53 +0000 (19:58 +0200)]
rename dsa-check-backuppg-manual.conf

5 years agomigrate away from old postgres_backup_server role
Peter Palfrader [Sat, 28 Sep 2019 17:53:19 +0000 (19:53 +0200)]
migrate away from old postgres_backup_server role

5 years agonote why lw07 and snapshotdb-manda-01 are still in postgresql_server in data/common...
Peter Palfrader [Sat, 28 Sep 2019 17:47:59 +0000 (19:47 +0200)]
note why lw07 and snapshotdb-manda-01 are still in postgresql_server in data/common.yaml

5 years agoFix crontab entry
Peter Palfrader [Sat, 28 Sep 2019 17:40:43 +0000 (19:40 +0200)]
Fix crontab entry

5 years agopg cluster facter: port is an integer
Peter Palfrader [Sat, 28 Sep 2019 17:37:20 +0000 (19:37 +0200)]
pg cluster facter: port is an integer

5 years agoTypes for params of postgres::backup_cluster
Peter Palfrader [Sat, 28 Sep 2019 17:35:38 +0000 (19:35 +0200)]
Types for params of postgres::backup_cluster

5 years agomodules/postgres/manifests: quoting, spacing, linting
Peter Palfrader [Sat, 28 Sep 2019 17:31:37 +0000 (19:31 +0200)]
modules/postgres/manifests: quoting, spacing, linting

5 years agoMove list of clusters to make a base backup of from the script to a conffile
Peter Palfrader [Sat, 28 Sep 2019 17:28:56 +0000 (19:28 +0200)]
Move list of clusters to make a base backup of from the script to a conffile

5 years agoAnd add sallinen to roles::postgresql::server
Peter Palfrader [Sat, 28 Sep 2019 17:12:23 +0000 (19:12 +0200)]
And add sallinen to roles::postgresql::server

5 years agoswitch sallinen to modern pg backup config fu
Peter Palfrader [Sat, 28 Sep 2019 17:07:18 +0000 (19:07 +0200)]
switch sallinen to modern pg backup config fu

5 years agoswitch bmdb1 to modern pg backup config fu
Peter Palfrader [Sat, 28 Sep 2019 17:04:18 +0000 (19:04 +0200)]
switch bmdb1 to modern pg backup config fu

5 years agoRemove buxtehude from old-style pg role
Peter Palfrader [Sat, 28 Sep 2019 16:51:52 +0000 (18:51 +0200)]
Remove buxtehude from old-style pg role

5 years agoswitch seger to modern pg backup config fu
Peter Palfrader [Sat, 28 Sep 2019 16:50:39 +0000 (18:50 +0200)]
switch seger to modern pg backup config fu

5 years agoRemove fasolo from old-style pg role
Peter Palfrader [Sat, 28 Sep 2019 16:49:38 +0000 (18:49 +0200)]
Remove fasolo from old-style pg role

5 years agodanzi should not be listed in the manual sections of pg backup files
Peter Palfrader [Sat, 28 Sep 2019 16:48:01 +0000 (18:48 +0200)]
danzi should not be listed in the manual sections of pg backup files

5 years agoremove explicit ferm allow from the pgbackup hosts to fasolo
Peter Palfrader [Sat, 28 Sep 2019 16:40:29 +0000 (18:40 +0200)]
remove explicit ferm allow from the pgbackup hosts to fasolo

5 years agomove fasolo pg backup away from manual listing things
Peter Palfrader [Sat, 28 Sep 2019 16:36:49 +0000 (18:36 +0200)]
move fasolo pg backup away from manual listing things

5 years agoadd danzi hiera file
Peter Palfrader [Sat, 28 Sep 2019 16:35:50 +0000 (18:35 +0200)]
add danzi hiera file

5 years agoStop special casing godard in postgres::backup_source
Peter Palfrader [Sat, 28 Sep 2019 16:32:46 +0000 (18:32 +0200)]
Stop special casing godard in postgres::backup_source

5 years agoMove the backup of the pg instance on danzi to a more hiera and facter based setup
Peter Palfrader [Sat, 28 Sep 2019 16:29:42 +0000 (18:29 +0200)]
Move the backup of the pg instance on danzi to a more hiera and facter based setup

5 years agoMove the backup of the pg instance on postgresql-manda-01 to a more hiera and facter...
Peter Palfrader [Sat, 28 Sep 2019 16:28:16 +0000 (18:28 +0200)]
Move the backup of the pg instance on postgresql-manda-01 to a more hiera and facter based setup

5 years agoClass instance names need to encode version and clustername, not just hostname, to...
Peter Palfrader [Sat, 28 Sep 2019 16:26:43 +0000 (18:26 +0200)]
Class instance names need to encode version and clustername, not just hostname, to work on hosts with more than one cluster

5 years agoMove the backup of the pg instance on buxtehude to a more hiera and facter based...
Peter Palfrader [Sat, 28 Sep 2019 16:23:48 +0000 (18:23 +0200)]
Move the backup of the pg instance on buxtehude to a more hiera and facter based setup

5 years agoMove the backup of the pg instance on vittoria to a more hiera and facter based setup
Peter Palfrader [Sat, 28 Sep 2019 16:22:23 +0000 (18:22 +0200)]
Move the backup of the pg instance on vittoria to a more hiera and facter based setup

5 years agoMove the backup of the pg instance of melartin to a more hiera and facter based setup
Peter Palfrader [Sat, 28 Sep 2019 16:19:35 +0000 (18:19 +0200)]
Move the backup of the pg instance of melartin to a more hiera and facter based setup

5 years agowhitespace/quoting: postgres::backup_source
Peter Palfrader [Sat, 28 Sep 2019 15:58:09 +0000 (17:58 +0200)]
whitespace/quoting: postgres::backup_source

5 years agoadd a pg cluster list facter
Peter Palfrader [Sat, 28 Sep 2019 14:41:47 +0000 (16:41 +0200)]
add a pg cluster list facter

5 years agoeximconf: drop jessie-specific configuration
Adam D. Barratt [Sat, 28 Sep 2019 14:14:56 +0000 (15:14 +0100)]
eximconf: drop jessie-specific configuration

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agoexim blacklist: add files@wetransfer.com
Adam D. Barratt [Sat, 28 Sep 2019 13:56:43 +0000 (14:56 +0100)]
exim blacklist: add files@wetransfer.com

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agodrop old jerea volumes at bm
Peter Palfrader [Sat, 28 Sep 2019 13:03:22 +0000 (15:03 +0200)]
drop old jerea volumes at bm

5 years agodrop old mekeel volumes at bm
Peter Palfrader [Sat, 28 Sep 2019 12:36:43 +0000 (14:36 +0200)]
drop old mekeel volumes at bm

5 years agorename BM rainier and rapoport volumes to OLD-
Aurelien Jarno [Sat, 28 Sep 2019 11:50:58 +0000 (13:50 +0200)]
rename BM rainier and rapoport volumes to OLD-

5 years agoDrop the dedup cluster at bytemark
Aurelien Jarno [Sat, 28 Sep 2019 11:46:26 +0000 (13:46 +0200)]
Drop the dedup cluster at bytemark

5 years agorename BM delfin volumes to OLD-
Aurelien Jarno [Sat, 28 Sep 2019 11:22:31 +0000 (13:22 +0200)]
rename BM delfin volumes to OLD-

5 years agoautofs: delfin at ubc
Aurelien Jarno [Sat, 28 Sep 2019 11:15:28 +0000 (13:15 +0200)]
autofs: delfin at ubc

5 years agorename BM pejacevic volumes to OLD-
Aurelien Jarno [Sat, 28 Sep 2019 11:12:38 +0000 (13:12 +0200)]
rename BM pejacevic volumes to OLD-

5 years agoadd multipath volumes for delfin at ubc
Aurelien Jarno [Sat, 28 Sep 2019 10:46:56 +0000 (12:46 +0200)]
add multipath volumes for delfin at ubc

5 years agoDrop HOST_PGBACKUPHOST_V4 and HOST_PGBACKUPHOST_V6
Aurelien Jarno [Sat, 28 Sep 2019 09:31:57 +0000 (11:31 +0200)]
Drop HOST_PGBACKUPHOST_V4 and HOST_PGBACKUPHOST_V6

5 years agoferm@serger: merge dsa-postgres-backup and dsa-postgres-backup6
Aurelien Jarno [Sat, 28 Sep 2019 09:27:19 +0000 (11:27 +0200)]
ferm@serger: merge dsa-postgres-backup and dsa-postgres-backup6

5 years agoDrop HOST_DEBIAN_V4 and HOST_DEBIAN_V6
Aurelien Jarno [Sat, 28 Sep 2019 09:21:28 +0000 (11:21 +0200)]
Drop HOST_DEBIAN_V4 and HOST_DEBIAN_V6

5 years agoGet pubsub nodes from puppetdb
Peter Palfrader [Sat, 28 Sep 2019 08:23:26 +0000 (10:23 +0200)]
Get pubsub nodes from puppetdb

5 years agoUse export/collect to get the intra-cluster firewall opened for pubsub
Peter Palfrader [Sat, 28 Sep 2019 07:41:15 +0000 (09:41 +0200)]
Use export/collect to get the intra-cluster firewall opened for pubsub

5 years agowhitespace/quoting: pubsub
Peter Palfrader [Sat, 28 Sep 2019 07:39:52 +0000 (09:39 +0200)]
whitespace/quoting: pubsub

5 years agopubsub: do not hardcode IPs
Aurelien Jarno [Fri, 27 Sep 2019 22:57:34 +0000 (00:57 +0200)]
pubsub: do not hardcode IPs

5 years agostunnel: merge IPv4 and IPv6 rules in a single rule
Aurelien Jarno [Fri, 27 Sep 2019 22:32:19 +0000 (00:32 +0200)]
stunnel: merge IPv4 and IPv6 rules in a single rule

5 years agoautofs: pejacevic at ubc
Julien Cristau [Fri, 27 Sep 2019 18:35:51 +0000 (20:35 +0200)]
autofs: pejacevic at ubc

5 years agopubsub: merge IPv4 and IPv6 rules in a single rule
Aurelien Jarno [Fri, 27 Sep 2019 22:27:38 +0000 (00:27 +0200)]
pubsub: merge IPv4 and IPv6 rules in a single rule

5 years agoferm: do not open PG to backup hosts for clusters defined in backup_source
Aurelien Jarno [Fri, 27 Sep 2019 22:04:53 +0000 (00:04 +0200)]
ferm: do not open PG to backup hosts for clusters defined in backup_source

5 years agoCorrectly add tracker and wanna-build backups @ danzi
Aurelien Jarno [Fri, 27 Sep 2019 21:56:45 +0000 (23:56 +0200)]
Correctly add tracker and wanna-build backups @ danzi

5 years agopg@danzi: use a list of hosts instead of whitelisting the whole subnet
Aurelien Jarno [Fri, 27 Sep 2019 21:46:23 +0000 (23:46 +0200)]
pg@danzi: use a list of hosts instead of whitelisting the whole subnet

5 years agoadd multipath volumes for pejacevic at ubc
Julien Cristau [Fri, 27 Sep 2019 18:34:37 +0000 (20:34 +0200)]
add multipath volumes for pejacevic at ubc

5 years agofail2ban: actually ship the dsa-exim-strict set up
Adam D. Barratt [Fri, 27 Sep 2019 18:31:08 +0000 (19:31 +0100)]
fail2ban: actually ship the dsa-exim-strict set up

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agoexim/files/common/blacklist: update based on current issues
Adam D. Barratt [Fri, 27 Sep 2019 14:56:20 +0000 (15:56 +0100)]
exim/files/common/blacklist: update based on current issues

Each of the additional entries has been seen on d.o mail queues / logs
within the past day

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agoeximconf: log the current rate at which penalised senders are sending
Adam D. Barratt [Fri, 27 Sep 2019 13:37:54 +0000 (14:37 +0100)]
eximconf: log the current rate at which penalised senders are sending

The use of the "strict" modifier ensures that the count is always updated.
The default "leaky" mode stops updating the count once the limit has
been reached.

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agofail2ban: split dsa-exim into strict and not-so-strict checks
Adam D. Barratt [Fri, 27 Sep 2019 13:36:41 +0000 (14:36 +0100)]
fail2ban: split dsa-exim into strict and not-so-strict checks

The not-so-strict checks need more provocation to add a ban

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agoeximconf: simplify a sender domain check by using sender_domains
Adam D. Barratt [Fri, 27 Sep 2019 11:35:10 +0000 (12:35 +0100)]
eximconf: simplify a sender domain check by using sender_domains

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agoeximconf: log a few more details for messages
Adam D. Barratt [Fri, 27 Sep 2019 11:33:39 +0000 (12:33 +0100)]
eximconf: log a few more details for messages

These make it easier to tie up incoming and outbound log entries
for a given mail.

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agoFix typo in volume name
Julien Cristau [Fri, 27 Sep 2019 09:36:20 +0000 (11:36 +0200)]
Fix typo in volume name

5 years agomove appstream.debian.org static component to static-master-ubc-01 from dillon, since...
Peter Palfrader [Fri, 27 Sep 2019 07:03:49 +0000 (09:03 +0200)]
move appstream.debian.org static component to static-master-ubc-01 from dillon, since the source (mekeel) moved from bm to ubc