mirror/dsa-puppet.git
9 years agoRevert "Enable OCSP stapling on jessie"
Peter Palfrader [Tue, 2 Jun 2015 14:45:24 +0000 (16:45 +0200)]
Revert "Enable OCSP stapling on jessie"

This reverts commit 6b5309cf417a7c629ae1a44c9420fe686804b626.

Apache fails with its mutexes all the time, disable OCSP stapling.

9 years agoMerge the SSL README files into one file in /etc/ssl/
Paul Wise [Tue, 2 Jun 2015 05:17:59 +0000 (13:17 +0800)]
Merge the SSL README files into one file in /etc/ssl/

Having individual README files in the CA dirs upsets wget:

ERROR: Failed to open cert /etc/ssl/ca-debian/README: (0).

9 years agoRevert snapshot memory increase, dropped git http smart stuff instead.
Paul Wise [Mon, 1 Jun 2015 13:29:38 +0000 (21:29 +0800)]
Revert snapshot memory increase, dropped git http smart stuff instead.

9 years agosibelius needs much more RAM for git-http-backend
Paul Wise [Mon, 1 Jun 2015 13:07:44 +0000 (21:07 +0800)]
sibelius needs much more RAM for git-http-backend

9 years agosibelius needs more RAM for git-http-backend
Paul Wise [Mon, 1 Jun 2015 12:58:21 +0000 (20:58 +0800)]
sibelius needs more RAM for git-http-backend

9 years agoEnable OCSP stapling on jessie
Peter Palfrader [Mon, 1 Jun 2015 07:10:52 +0000 (09:10 +0200)]
Enable OCSP stapling on jessie

9 years agoquantz needs more memory for the udd-dehs script
Paul Wise [Mon, 1 Jun 2015 03:47:14 +0000 (11:47 +0800)]
quantz needs more memory for the udd-dehs script

9 years agoclean up ruby-filesystem declaration
Stephen Gran [Sun, 31 May 2015 16:23:55 +0000 (17:23 +0100)]
clean up ruby-filesystem declaration

Signed-off-by: Stephen Gran <steve@lobefin.net>
9 years agodrop missing environments
Stephen Gran [Sun, 31 May 2015 16:21:18 +0000 (17:21 +0100)]
drop missing environments

Signed-off-by: Stephen Gran <steve@lobefin.net>
9 years agoadd block for production
Stephen Gran [Sun, 31 May 2015 16:19:48 +0000 (17:19 +0100)]
add block for production

Signed-off-by: Stephen Gran <steve@lobefin.net>
9 years agoenable old-style storeconfigs for now
Stephen Gran [Sun, 31 May 2015 16:13:38 +0000 (17:13 +0100)]
enable old-style storeconfigs for now

Signed-off-by: Stephen Gran <steve@lobefin.net>
9 years agopackage name has changed
Stephen Gran [Sun, 31 May 2015 15:39:54 +0000 (16:39 +0100)]
package name has changed

Signed-off-by: Stephen Gran <steve@lobefin.net>
9 years agogive better error message
Stephen Gran [Sun, 31 May 2015 15:30:13 +0000 (16:30 +0100)]
give better error message

Signed-off-by: Stephen Gran <steve@lobefin.net>
9 years agoKCODE is gone
Stephen Gran [Sun, 31 May 2015 15:28:15 +0000 (16:28 +0100)]
KCODE is gone

Signed-off-by: Stephen Gran <steve@lobefin.net>
9 years agodo integer comparison
Stephen Gran [Sun, 31 May 2015 14:39:31 +0000 (15:39 +0100)]
do integer comparison

Signed-off-by: Stephen Gran <steve@lobefin.net>
9 years agohiera now passes through nil correctly
Stephen Gran [Sun, 31 May 2015 14:37:03 +0000 (15:37 +0100)]
hiera now passes through nil correctly

Signed-off-by: Stephen Gran <steve@lobefin.net>
9 years agofix ldap.conf for jessie hosts
Stephen Gran [Sun, 31 May 2015 14:33:26 +0000 (15:33 +0100)]
fix ldap.conf for jessie hosts

Signed-off-by: Stephen Gran <steve@lobefin.net>
9 years agotry if downgrading to 1.2.2 solves my problem
Martin Zobel-Helas [Wed, 13 May 2015 19:10:25 +0000 (19:10 +0000)]
try if downgrading to 1.2.2 solves my problem

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
9 years agoupgrade to stdlib 4.6.1
Martin Zobel-Helas [Wed, 13 May 2015 18:11:58 +0000 (18:11 +0000)]
upgrade to stdlib 4.6.1

9 years agoupgrade to concat 2.0.0
Martin Zobel-Helas [Wed, 13 May 2015 17:11:44 +0000 (17:11 +0000)]
upgrade to concat 2.0.0

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
9 years agoset a tlsaport for gobby's web service
Peter Palfrader [Sun, 31 May 2015 12:01:53 +0000 (14:01 +0200)]
set a tlsaport for gobby's web service

9 years agosibelius on pg 9.4
Peter Palfrader [Sun, 31 May 2015 07:39:51 +0000 (09:39 +0200)]
sibelius on pg 9.4

9 years agomirror.bytemark is quite slow at sanger. Use ukdebian.mirror.anlx.net instead
Peter Palfrader [Sun, 31 May 2015 07:01:10 +0000 (09:01 +0200)]
mirror.bytemark is quite slow at sanger.  Use ukdebian.mirror.anlx.net instead

9 years agoberlioz has been decommissioned
Peter Palfrader [Sat, 30 May 2015 21:40:19 +0000 (23:40 +0200)]
berlioz has been decommissioned

9 years agoRevert "Revert "Revert "upgrade to elasticsearch/elasticsearch 0.9.6"""
Martin Zobel-Helas [Sat, 30 May 2015 18:21:46 +0000 (18:21 +0000)]
Revert "Revert "Revert "upgrade to elasticsearch/elasticsearch 0.9.6"""

This reverts commit 8cd033a69672196c78cedf2ddf0a3f733ad88d5e.

9 years agoRevert "Revert "upgrade to elasticsearch/elasticsearch 0.9.6""
Martin Zobel-Helas [Sat, 30 May 2015 18:19:46 +0000 (18:19 +0000)]
Revert "Revert "upgrade to elasticsearch/elasticsearch 0.9.6""

This reverts commit b246ebbfa566fda9b4b46616688a45ea17053588.

9 years agoRevert "upgrade to elasticsearch/elasticsearch 0.9.6"
Martin Zobel-Helas [Sat, 30 May 2015 18:13:02 +0000 (18:13 +0000)]
Revert "upgrade to elasticsearch/elasticsearch 0.9.6"

This reverts commit 8efe10c37b152ebbf7fd051ea13ddd2b06d43e77.

9 years agoupgrade to elasticsearch/elasticsearch 0.9.6
Martin Zobel-Helas [Sat, 30 May 2015 17:51:23 +0000 (17:51 +0000)]
upgrade to elasticsearch/elasticsearch 0.9.6

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Conflicts:
3rdparty/Puppetfile

9 years agoAdd nono-lvm
Peter Palfrader [Sat, 30 May 2015 08:34:04 +0000 (10:34 +0200)]
Add nono-lvm

9 years agodanzi main is 9.4
Peter Palfrader [Fri, 29 May 2015 09:01:49 +0000 (11:01 +0200)]
danzi main is 9.4

9 years agoAdd some www.d.o redirects for the newer PowerPC related ports (see #783655)
Paul Wise [Fri, 29 May 2015 03:15:03 +0000 (11:15 +0800)]
Add some d.o redirects for the newer PowerPC related ports (see #783655)

Signed-off-by: Paul Wise <pabs@debian.org>
9 years agoUpdate update-ca-certificates-dsa to the version of update-ca-certificates soon to...
Paul Wise [Fri, 29 May 2015 02:25:31 +0000 (10:25 +0800)]
Update update-ca-certificates-dsa to the version of update-ca-certificates soon to be in stretch

Signed-off-by: Paul Wise <pabs@debian.org>
9 years agosso still needs more
Peter Palfrader [Thu, 28 May 2015 09:24:35 +0000 (11:24 +0200)]
sso still needs more

9 years agomake 192 the new default
Peter Palfrader [Thu, 28 May 2015 09:19:58 +0000 (11:19 +0200)]
make 192 the new default

9 years agotry a larger memlimit on sso
Peter Palfrader [Thu, 28 May 2015 09:18:05 +0000 (11:18 +0200)]
try a larger memlimit on sso

9 years agoDisable global serve-cgi-bin config that hogs /cgi-bin
Peter Palfrader [Thu, 28 May 2015 08:48:36 +0000 (10:48 +0200)]
Disable global serve-cgi-bin config that hogs /cgi-bin

9 years agoapache: change default memory rlimit to 64m
Peter Palfrader [Wed, 27 May 2015 14:53:43 +0000 (16:53 +0200)]
apache: change default memory rlimit to 64m

9 years agoraise apache's memory rlimit on the udd host to 512m
Peter Palfrader [Wed, 27 May 2015 12:47:36 +0000 (14:47 +0200)]
raise apache's memory rlimit on the udd host to 512m

9 years agosamhain: do not warn on startpar file changes
Héctor Orón Martínez [Wed, 27 May 2015 11:18:16 +0000 (13:18 +0200)]
samhain: do not warn on startpar file changes

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
9 years agoClean up old munin-async files
Peter Palfrader [Tue, 26 May 2015 17:07:04 +0000 (19:07 +0200)]
Clean up old munin-async files

9 years agofix templating fu
Peter Palfrader [Mon, 25 May 2015 17:25:23 +0000 (19:25 +0200)]
fix templating fu

9 years agoDifferent mpm worker config on bugs hosts
Peter Palfrader [Mon, 25 May 2015 17:24:35 +0000 (19:24 +0200)]
Different mpm worker config on bugs hosts

9 years agoMake mpm_worker config into a template
Peter Palfrader [Mon, 25 May 2015 17:19:38 +0000 (19:19 +0200)]
Make mpm_worker config into a template

9 years agoRaise RLimitNPROC to 256
Peter Palfrader [Mon, 25 May 2015 17:17:57 +0000 (19:17 +0200)]
Raise RLimitNPROC to 256

beach (bugs.d.o) was running into that limit, causing perl when it tried
to execute external things to sleep 5 and retry.  Needless to say that
didn't improve the overall situation.

9 years agochopin on postgresql 9.4
Julien Cristau [Sun, 24 May 2015 08:30:36 +0000 (10:30 +0200)]
chopin on postgresql 9.4

Signed-off-by: Julien Cristau <jcristau@debian.org>
9 years agoUpdate builddlist apache config for jessie
Julien Cristau [Sun, 24 May 2015 08:16:33 +0000 (10:16 +0200)]
Update builddlist apache config for jessie

Signed-off-by: Julien Cristau <jcristau@debian.org>
9 years agoDisable DH ciphersuites on wheezy
Peter Palfrader [Sun, 24 May 2015 07:45:18 +0000 (09:45 +0200)]
Disable DH ciphersuites on wheezy

9 years agoMake puppet-config a template
Peter Palfrader [Sun, 24 May 2015 07:44:15 +0000 (09:44 +0200)]
Make puppet-config a template

9 years agobabin is hosted at 1und1
Paul Wise [Sun, 24 May 2015 06:14:11 +0000 (14:14 +0800)]
babin is hosted at 1und1

9 years agoAllow buildd2 users to use the chroots
Aurelien Jarno [Wed, 20 May 2015 04:48:03 +0000 (06:48 +0200)]
Allow buildd2 users to use the chroots

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
9 years agopostgres: bmdb1/main is on 9.4
Julien Cristau [Sun, 17 May 2015 20:14:56 +0000 (22:14 +0200)]
postgres: bmdb1/main is on 9.4

Signed-off-by: Julien Cristau <jcristau@debian.org>
9 years agoMake /etc/init.d/unbound stop wait for it to exit
Julien Cristau [Sun, 17 May 2015 14:47:03 +0000 (16:47 +0200)]
Make /etc/init.d/unbound stop wait for it to exit

Will hopefully make restart more reliable under systemd.

Signed-off-by: Julien Cristau <jcristau@debian.org>
9 years agoShip init script for unbound
Julien Cristau [Sun, 17 May 2015 14:43:36 +0000 (16:43 +0200)]
Ship init script for unbound

Taken from the jessie package for now.

Signed-off-by: Julien Cristau <jcristau@debian.org>
9 years agoMake ntp init script correctly stop the service
Julien Cristau [Sun, 17 May 2015 14:30:56 +0000 (16:30 +0200)]
Make ntp init script correctly stop the service

Tell start-stop-daemon to wait for it to exit, and retry with KILL if
TERM isn't enough.

Signed-off-by: Julien Cristau <jcristau@debian.org>
9 years agoship /etc/init.d/ntp
Julien Cristau [Sun, 17 May 2015 14:30:05 +0000 (16:30 +0200)]
ship /etc/init.d/ntp

Will let us patch it to try and fix restart under systemd

Signed-off-by: Julien Cristau <jcristau@debian.org>
9 years agofix typo
Peter Palfrader [Sun, 17 May 2015 11:14:54 +0000 (13:14 +0200)]
fix typo

9 years agoluchesi -> ubc-bl4
Peter Palfrader [Sun, 17 May 2015 11:14:40 +0000 (13:14 +0200)]
luchesi -> ubc-bl4

9 years agomake bm-bl[26] timeservers
Peter Palfrader [Sun, 17 May 2015 08:27:17 +0000 (10:27 +0200)]
make bm-bl[26] timeservers

9 years agomake bl[268] the ubc recursors
Peter Palfrader [Sun, 17 May 2015 07:46:59 +0000 (09:46 +0200)]
make bl[268] the ubc recursors

9 years agoboito -> ubc-bl6
Peter Palfrader [Sun, 17 May 2015 06:59:48 +0000 (08:59 +0200)]
boito -> ubc-bl6

9 years agopasquini -> ubc-bl7
Peter Palfrader [Sun, 17 May 2015 06:59:26 +0000 (08:59 +0200)]
pasquini -> ubc-bl7

9 years agoubc-bl2 has the ekey
Martin Zobel-Helas [Sat, 16 May 2015 21:55:59 +0000 (21:55 +0000)]
ubc-bl2 has the ekey

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
9 years agotristano -> ubc-bl3
Peter Palfrader [Sat, 16 May 2015 20:23:44 +0000 (22:23 +0200)]
tristano -> ubc-bl3

9 years agodisable chown_upload in vsftpd config
Julien Cristau [Sat, 16 May 2015 14:54:34 +0000 (16:54 +0200)]
disable chown_upload in vsftpd config

vsftpd in jessie seems to explode when this is set, and leave 0-byte
files around.

9 years agoand now use the real bl8
Peter Palfrader [Sat, 16 May 2015 12:47:49 +0000 (14:47 +0200)]
and now use the real bl8

9 years agosalieri is no longer around - replace it as a nameserver with ubc-bl8
Peter Palfrader [Sat, 16 May 2015 12:45:17 +0000 (14:45 +0200)]
salieri is no longer around - replace it as a nameserver with ubc-bl8

9 years agoreplace a few bertali occurrences with ubc-bl2
Peter Palfrader [Sat, 16 May 2015 12:20:10 +0000 (14:20 +0200)]
replace a few bertali occurrences with ubc-bl2

9 years agodak is on postgresql 9.4
Julien Cristau [Sat, 16 May 2015 11:19:16 +0000 (13:19 +0200)]
dak is on postgresql 9.4

Signed-off-by: Julien Cristau <jcristau@debian.org>
9 years agoand 9.4 too
Peter Palfrader [Sat, 16 May 2015 09:54:06 +0000 (11:54 +0200)]
and 9.4 too

9 years agoRevert "Ensure postgresql-client is installed on backup server"
Peter Palfrader [Sat, 16 May 2015 09:53:34 +0000 (11:53 +0200)]
Revert "Ensure postgresql-client is installed on backup server"

This reverts commit 2da31c9188a4e27bf7089a075fb04d93b9c7288f.

We want the exact version.

9 years agowannabuild is on 9.4
Peter Palfrader [Sat, 16 May 2015 09:50:18 +0000 (11:50 +0200)]
wannabuild is on 9.4

9 years agoEnsure postgresql-client is installed on backup server
Peter Palfrader [Sat, 16 May 2015 09:46:06 +0000 (11:46 +0200)]
Ensure postgresql-client is installed on backup server

9 years agoand make more things consistent
Peter Palfrader [Sat, 16 May 2015 09:21:23 +0000 (11:21 +0200)]
and make more things consistent

9 years agoremove obsolete entries
Peter Palfrader [Sat, 16 May 2015 09:21:16 +0000 (11:21 +0200)]
remove obsolete entries

9 years agothe wanna-build cluster was renamed
Peter Palfrader [Sat, 16 May 2015 09:21:05 +0000 (11:21 +0200)]
the wanna-build cluster was renamed

9 years agoMerge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa...
Martin Zobel-Helas [Sat, 16 May 2015 07:26:49 +0000 (07:26 +0000)]
Merge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet

* 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet:
  replace a few dijkstra occurrences with ubc-bl8

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Conflicts:
modules/lvm/manifests/init.pp

9 years agorename dijkstra
Martin Zobel-Helas [Sat, 16 May 2015 07:25:20 +0000 (07:25 +0000)]
rename dijkstra

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
9 years agoreplace a few dijkstra occurrences with ubc-bl8
Peter Palfrader [Sat, 16 May 2015 00:05:27 +0000 (02:05 +0200)]
replace a few dijkstra occurrences with ubc-bl8

9 years agorename dijkstra
Martin Zobel-Helas [Fri, 15 May 2015 23:38:42 +0000 (23:38 +0000)]
rename dijkstra

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
9 years agoremote dijkstra
Martin Zobel-Helas [Fri, 15 May 2015 23:34:43 +0000 (23:34 +0000)]
remote dijkstra

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
9 years agoMore MaxConnectionsPerChild
Peter Palfrader [Fri, 15 May 2015 09:03:27 +0000 (11:03 +0200)]
More MaxConnectionsPerChild

9 years agoHandle multiple keys in ldap correctly
Peter Palfrader [Thu, 14 May 2015 16:04:39 +0000 (18:04 +0200)]
Handle multiple keys in ldap correctly

9 years agoremove blavet (RT#5813)
Peter Palfrader [Thu, 14 May 2015 15:18:46 +0000 (17:18 +0200)]
remove blavet (RT#5813)

9 years agoremove blavet (RT#5813)
Peter Palfrader [Thu, 14 May 2015 15:17:46 +0000 (17:17 +0200)]
remove blavet (RT#5813)

9 years agoretire ravel
Peter Palfrader [Thu, 14 May 2015 10:17:33 +0000 (12:17 +0200)]
retire ravel

9 years agoremove ,bind from schroot fstab on freebsd
Peter Palfrader [Thu, 14 May 2015 09:36:55 +0000 (11:36 +0200)]
remove ,bind from schroot fstab on freebsd

9 years agomaybe staging wants a 3rdparty module path as well...
Martin Zobel-Helas [Wed, 13 May 2015 17:40:54 +0000 (17:40 +0000)]
maybe staging wants a 3rdparty module path as well...

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
9 years agoremove private class use of concat::setup
Martin Zobel-Helas [Wed, 13 May 2015 16:42:33 +0000 (16:42 +0000)]
remove private class use of concat::setup

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
9 years agoremove private class use of concat::setup
Martin Zobel-Helas [Wed, 13 May 2015 16:37:38 +0000 (16:37 +0000)]
remove private class use of concat::setup

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
9 years agoremove include on it as well
Martin Zobel-Helas [Wed, 13 May 2015 16:24:07 +0000 (16:24 +0000)]
remove include on it as well

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
9 years agoremove private class use of concat::setup
Martin Zobel-Helas [Wed, 13 May 2015 16:21:17 +0000 (16:21 +0000)]
remove private class use of concat::setup

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
9 years agothere is a volatile for freebsd after all
Peter Palfrader [Wed, 13 May 2015 09:07:59 +0000 (11:07 +0200)]
there is a volatile for freebsd after all

9 years agokfreebsd jessie apt sources
Peter Palfrader [Wed, 13 May 2015 08:16:42 +0000 (08:16 +0000)]
kfreebsd jessie apt sources

9 years agoUpgrade to 3rdparty version 0.9.5 of elasticsearch/elasticsearch
Martin Zobel-Helas [Tue, 12 May 2015 17:18:04 +0000 (17:18 +0000)]
Upgrade to 3rdparty version 0.9.5 of elasticsearch/elasticsearch

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
9 years agoUpgrade to 3rdparty version 0.9.4 of elasticsearch/elasticsearch
Martin Zobel-Helas [Tue, 12 May 2015 17:16:21 +0000 (17:16 +0000)]
Upgrade to 3rdparty version 0.9.4 of elasticsearch/elasticsearch

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
9 years agoAdd mirror for linaro hoster
Aurelien Jarno [Mon, 11 May 2015 16:46:53 +0000 (18:46 +0200)]
Add mirror for linaro hoster

The machines are in USA, defaulting to a mirror in Europe is suboptimal.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Peter Palfrader <peter@palfrader.org>
9 years agoremove buildd-proposed apt repo on porpora
Julien Cristau [Sun, 10 May 2015 13:27:55 +0000 (15:27 +0200)]
remove buildd-proposed apt repo on porpora

There's no jessie-proposed.

Signed-off-by: Julien Cristau <jcristau@debian.org>
9 years agoremove lobos
Martin Zobel-Helas [Wed, 6 May 2015 21:49:04 +0000 (21:49 +0000)]
remove lobos

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
9 years agoapache2: configure mpm_worker module on jessie hosts
Julien Cristau [Tue, 28 Apr 2015 15:37:56 +0000 (17:37 +0200)]
apache2: configure mpm_worker module on jessie hosts

Signed-off-by: Julien Cristau <jcristau@debian.org>
9 years agoFix comment in HSTS macro
Julien Cristau [Wed, 6 May 2015 18:51:48 +0000 (20:51 +0200)]
Fix comment in HSTS macro