mirror/dsa-puppet.git
5 years agoallow the backup hosts to access the salsa pg again
Peter Palfrader [Sun, 29 Sep 2019 14:24:44 +0000 (16:24 +0200)]
allow the backup hosts to access the salsa pg again

5 years agoMerge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet
Julien Cristau [Sun, 29 Sep 2019 14:21:12 +0000 (16:21 +0200)]
Merge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet

5 years agoVariables work better with $
Peter Palfrader [Sun, 29 Sep 2019 14:18:20 +0000 (16:18 +0200)]
Variables work better with $

5 years agofix ferm::rule::chain template
Peter Palfrader [Sun, 29 Sep 2019 14:17:15 +0000 (16:17 +0200)]
fix ferm::rule::chain template

5 years agoWe want variable expansion in this one
Peter Palfrader [Sun, 29 Sep 2019 14:16:23 +0000 (16:16 +0200)]
We want variable expansion in this one

5 years agoCreate an empty pg-nnn chain in case nobody else puts anything there
Peter Palfrader [Sun, 29 Sep 2019 14:14:46 +0000 (16:14 +0200)]
Create an empty pg-nnn chain in case nobody else puts anything there

5 years agopuppet rule to create an empty ferm chain
Peter Palfrader [Sun, 29 Sep 2019 14:13:55 +0000 (16:13 +0200)]
puppet rule to create an empty ferm chain

5 years agoeximconf: fix IPv4-only sending
Adam D. Barratt [Sun, 29 Sep 2019 14:11:20 +0000 (15:11 +0100)]
eximconf: fix IPv4-only sending

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agoDon't hardcode bacula director host name
Julien Cristau [Sun, 29 Sep 2019 14:05:41 +0000 (16:05 +0200)]
Don't hardcode bacula director host name

5 years agobetter instance names for pg clusters
Peter Palfrader [Sun, 29 Sep 2019 14:00:57 +0000 (16:00 +0200)]
better instance names for pg clusters

5 years agoreload ferm when files are removed
Peter Palfrader [Sun, 29 Sep 2019 13:59:29 +0000 (15:59 +0200)]
reload ferm when files are removed

5 years agoroles::postgresql::server now sets up postgres::cluster for all clusters
Peter Palfrader [Sun, 29 Sep 2019 13:53:43 +0000 (15:53 +0200)]
roles::postgresql::server now sets up postgres::cluster for all clusters

Setting up backup moved to postgres::cluster which includes
postgres::backup_cluster if requested.

All the backup firewall access should be done via pg_hba entries now.

5 years agofail2ban: use "host_info" template expression
Adam D. Barratt [Sun, 29 Sep 2019 13:37:08 +0000 (14:37 +0100)]
fail2ban: use "host_info" template expression

This correctly handles items such as the port number that is now
included in log entries

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agofail2ban: fix case-insensitive match in dsa-exim-strict
Adam D. Barratt [Sun, 29 Sep 2019 13:35:07 +0000 (14:35 +0100)]
fail2ban: fix case-insensitive match in dsa-exim-strict

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agofail2ban: set explicit encoding for exim logs
Adam D. Barratt [Sun, 29 Sep 2019 13:34:08 +0000 (14:34 +0100)]
fail2ban: set explicit encoding for exim logs

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agoeximconf: expand comments related to retries
Adam D. Barratt [Sun, 29 Sep 2019 13:33:50 +0000 (14:33 +0100)]
eximconf: expand comments related to retries

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agofix entry name
Peter Palfrader [Sun, 29 Sep 2019 13:29:43 +0000 (15:29 +0200)]
fix entry name

5 years agoMake the bacula director node request DB access from its role
Peter Palfrader [Sun, 29 Sep 2019 13:27:54 +0000 (15:27 +0200)]
Make the bacula director node request DB access from its role

5 years agoMake the bacula storage node request DB access from its role
Peter Palfrader [Sun, 29 Sep 2019 13:24:51 +0000 (15:24 +0200)]
Make the bacula storage node request DB access from its role

5 years agoAlso collect entries that only knew the port
Peter Palfrader [Sun, 29 Sep 2019 13:23:08 +0000 (15:23 +0200)]
Also collect entries that only knew the port

5 years agowe care about the first element of the array
Peter Palfrader [Sun, 29 Sep 2019 13:19:25 +0000 (15:19 +0200)]
we care about the first element of the array

5 years agoproviding either a port or a version/clustername pair to hba_entry should suffice
Peter Palfrader [Sun, 29 Sep 2019 13:17:17 +0000 (15:17 +0200)]
providing either a port or a version/clustername pair to hba_entry should suffice

5 years agoeximconf: fix typo in comment
Julien Cristau [Sun, 29 Sep 2019 11:50:54 +0000 (13:50 +0200)]
eximconf: fix typo in comment

5 years agoMerge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet
Julien Cristau [Sun, 29 Sep 2019 11:48:50 +0000 (13:48 +0200)]
Merge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet

5 years agounique postgres::cluster::hba_entry names for hosts with more than one cluster
Peter Palfrader [Sun, 29 Sep 2019 10:43:19 +0000 (12:43 +0200)]
unique postgres::cluster::hba_entry names for hosts with more than one cluster

5 years agoMove backup replication hba_entry to backup_cluster
Peter Palfrader [Sun, 29 Sep 2019 10:39:59 +0000 (12:39 +0200)]
Move backup replication hba_entry to backup_cluster

5 years agoRemove manual fw for dinis/storace access to postgresql-manda-01
Peter Palfrader [Sun, 29 Sep 2019 09:02:18 +0000 (11:02 +0200)]
Remove manual fw for dinis/storace access to postgresql-manda-01

5 years agoFirst attempt to configure pg_hba of the bacula cluster
Peter Palfrader [Sun, 29 Sep 2019 09:00:37 +0000 (11:00 +0200)]
First attempt to configure pg_hba of the bacula cluster

We will want to split this and hardcode less in the future.

5 years agoStart with pg cluster configuration
Peter Palfrader [Sun, 29 Sep 2019 08:57:49 +0000 (10:57 +0200)]
Start with pg cluster configuration

5 years agofirwalling for pg basebackup
Peter Palfrader [Sat, 28 Sep 2019 20:18:02 +0000 (22:18 +0200)]
firwalling for pg basebackup

5 years agoFix path in postgres-make-base-backups file redirection
Peter Palfrader [Sat, 28 Sep 2019 20:08:36 +0000 (22:08 +0200)]
Fix path in postgres-make-base-backups file redirection

5 years agoold-style roles are gone
Peter Palfrader [Sat, 28 Sep 2019 19:47:56 +0000 (21:47 +0200)]
old-style roles are gone

5 years agoenable snapshotdb-manda-01.debian.org to read sallinen's backups
Peter Palfrader [Sat, 28 Sep 2019 19:45:14 +0000 (21:45 +0200)]
enable snapshotdb-manda-01.debian.org to read sallinen's backups

5 years agolw07 no longer runs a snapshot pg db
Peter Palfrader [Sat, 28 Sep 2019 19:39:58 +0000 (21:39 +0200)]
lw07 no longer runs a snapshot pg db

5 years agoTry to configure --read-allow via hiera
Peter Palfrader [Sat, 28 Sep 2019 19:30:55 +0000 (21:30 +0200)]
Try to configure --read-allow via hiera

5 years agomove debbackup-ssh-wrap from dsa-misc to puppet
Peter Palfrader [Sat, 28 Sep 2019 19:16:13 +0000 (21:16 +0200)]
move debbackup-ssh-wrap from dsa-misc to puppet

5 years agoTry to modernize pg wal shipping ssh setup, step 2
Peter Palfrader [Sat, 28 Sep 2019 19:13:27 +0000 (21:13 +0200)]
Try to modernize pg wal shipping ssh setup, step 2

5 years agoTry to modernize pg wal shipping ssh setup
Peter Palfrader [Sat, 28 Sep 2019 19:07:28 +0000 (21:07 +0200)]
Try to modernize pg wal shipping ssh setup

5 years agoUse template variable from the correct scope
Peter Palfrader [Sat, 28 Sep 2019 19:01:41 +0000 (21:01 +0200)]
Use template variable from the correct scope

5 years agofix a class name
Peter Palfrader [Sat, 28 Sep 2019 18:59:17 +0000 (20:59 +0200)]
fix a class name

5 years agoReplace debbackup with parameterized username in most places
Peter Palfrader [Sat, 28 Sep 2019 18:58:10 +0000 (20:58 +0200)]
Replace debbackup with parameterized username in most places

5 years agocleanup
Peter Palfrader [Sat, 28 Sep 2019 18:50:49 +0000 (20:50 +0200)]
cleanup

5 years agoTry something else to get a default for postgres::backup_cluster::db_backup_role
Peter Palfrader [Sat, 28 Sep 2019 18:48:16 +0000 (20:48 +0200)]
Try something else to get a default for postgres::backup_cluster::db_backup_role

5 years agowhitespace
Peter Palfrader [Sat, 28 Sep 2019 18:44:46 +0000 (20:44 +0200)]
whitespace

5 years agoMove backup role name to hiera
Peter Palfrader [Sat, 28 Sep 2019 18:30:27 +0000 (20:30 +0200)]
Move backup role name to hiera

5 years agoMove pg-receive-file-from-backup to postgres module
Peter Palfrader [Sat, 28 Sep 2019 18:28:32 +0000 (20:28 +0200)]
Move pg-receive-file-from-backup to postgres module

5 years agofix paths
Peter Palfrader [Sat, 28 Sep 2019 18:27:20 +0000 (20:27 +0200)]
fix paths

5 years agopg-backup-file.conf.erb: Remove obsolete special casing
Peter Palfrader [Sat, 28 Sep 2019 18:26:39 +0000 (20:26 +0200)]
pg-backup-file.conf.erb: Remove obsolete special casing

5 years agoMove files for pg-backup-file from roles to postgres module
Peter Palfrader [Sat, 28 Sep 2019 18:25:07 +0000 (20:25 +0200)]
Move files for pg-backup-file from roles to postgres module

5 years agoMove backup-server specific sudoers entries out of debian-global sudo
Peter Palfrader [Sat, 28 Sep 2019 18:20:37 +0000 (20:20 +0200)]
Move backup-server specific sudoers entries out of debian-global sudo

5 years agoMove $make_base_backups to postgres::backup_server as it is local there; make some...
Peter Palfrader [Sat, 28 Sep 2019 18:14:21 +0000 (20:14 +0200)]
Move $make_base_backups to postgres::backup_server as it is local there; make some strings in postgres::backup_server::globals parameters

5 years agosibelius and chopin no longer run relevant pg instances or even exist
Peter Palfrader [Sat, 28 Sep 2019 17:59:51 +0000 (19:59 +0200)]
sibelius and chopin no longer run relevant pg instances or even exist

5 years agorename dsa-check-backuppg-manual.conf
Peter Palfrader [Sat, 28 Sep 2019 17:58:53 +0000 (19:58 +0200)]
rename dsa-check-backuppg-manual.conf

5 years agomigrate away from old postgres_backup_server role
Peter Palfrader [Sat, 28 Sep 2019 17:53:19 +0000 (19:53 +0200)]
migrate away from old postgres_backup_server role

5 years agonote why lw07 and snapshotdb-manda-01 are still in postgresql_server in data/common...
Peter Palfrader [Sat, 28 Sep 2019 17:47:59 +0000 (19:47 +0200)]
note why lw07 and snapshotdb-manda-01 are still in postgresql_server in data/common.yaml

5 years agoFix crontab entry
Peter Palfrader [Sat, 28 Sep 2019 17:40:43 +0000 (19:40 +0200)]
Fix crontab entry

5 years agopg cluster facter: port is an integer
Peter Palfrader [Sat, 28 Sep 2019 17:37:20 +0000 (19:37 +0200)]
pg cluster facter: port is an integer

5 years agoTypes for params of postgres::backup_cluster
Peter Palfrader [Sat, 28 Sep 2019 17:35:38 +0000 (19:35 +0200)]
Types for params of postgres::backup_cluster

5 years agomodules/postgres/manifests: quoting, spacing, linting
Peter Palfrader [Sat, 28 Sep 2019 17:31:37 +0000 (19:31 +0200)]
modules/postgres/manifests: quoting, spacing, linting

5 years agoMove list of clusters to make a base backup of from the script to a conffile
Peter Palfrader [Sat, 28 Sep 2019 17:28:56 +0000 (19:28 +0200)]
Move list of clusters to make a base backup of from the script to a conffile

5 years agoAnd add sallinen to roles::postgresql::server
Peter Palfrader [Sat, 28 Sep 2019 17:12:23 +0000 (19:12 +0200)]
And add sallinen to roles::postgresql::server

5 years agoswitch sallinen to modern pg backup config fu
Peter Palfrader [Sat, 28 Sep 2019 17:07:18 +0000 (19:07 +0200)]
switch sallinen to modern pg backup config fu

5 years agoswitch bmdb1 to modern pg backup config fu
Peter Palfrader [Sat, 28 Sep 2019 17:04:18 +0000 (19:04 +0200)]
switch bmdb1 to modern pg backup config fu

5 years agoRemove buxtehude from old-style pg role
Peter Palfrader [Sat, 28 Sep 2019 16:51:52 +0000 (18:51 +0200)]
Remove buxtehude from old-style pg role

5 years agoswitch seger to modern pg backup config fu
Peter Palfrader [Sat, 28 Sep 2019 16:50:39 +0000 (18:50 +0200)]
switch seger to modern pg backup config fu

5 years agoRemove fasolo from old-style pg role
Peter Palfrader [Sat, 28 Sep 2019 16:49:38 +0000 (18:49 +0200)]
Remove fasolo from old-style pg role

5 years agodanzi should not be listed in the manual sections of pg backup files
Peter Palfrader [Sat, 28 Sep 2019 16:48:01 +0000 (18:48 +0200)]
danzi should not be listed in the manual sections of pg backup files

5 years agoremove explicit ferm allow from the pgbackup hosts to fasolo
Peter Palfrader [Sat, 28 Sep 2019 16:40:29 +0000 (18:40 +0200)]
remove explicit ferm allow from the pgbackup hosts to fasolo

5 years agomove fasolo pg backup away from manual listing things
Peter Palfrader [Sat, 28 Sep 2019 16:36:49 +0000 (18:36 +0200)]
move fasolo pg backup away from manual listing things

5 years agoadd danzi hiera file
Peter Palfrader [Sat, 28 Sep 2019 16:35:50 +0000 (18:35 +0200)]
add danzi hiera file

5 years agoStop special casing godard in postgres::backup_source
Peter Palfrader [Sat, 28 Sep 2019 16:32:46 +0000 (18:32 +0200)]
Stop special casing godard in postgres::backup_source

5 years agoMove the backup of the pg instance on danzi to a more hiera and facter based setup
Peter Palfrader [Sat, 28 Sep 2019 16:29:42 +0000 (18:29 +0200)]
Move the backup of the pg instance on danzi to a more hiera and facter based setup

5 years agoMove the backup of the pg instance on postgresql-manda-01 to a more hiera and facter...
Peter Palfrader [Sat, 28 Sep 2019 16:28:16 +0000 (18:28 +0200)]
Move the backup of the pg instance on postgresql-manda-01 to a more hiera and facter based setup

5 years agoClass instance names need to encode version and clustername, not just hostname, to...
Peter Palfrader [Sat, 28 Sep 2019 16:26:43 +0000 (18:26 +0200)]
Class instance names need to encode version and clustername, not just hostname, to work on hosts with more than one cluster

5 years agoMove the backup of the pg instance on buxtehude to a more hiera and facter based...
Peter Palfrader [Sat, 28 Sep 2019 16:23:48 +0000 (18:23 +0200)]
Move the backup of the pg instance on buxtehude to a more hiera and facter based setup

5 years agoMove the backup of the pg instance on vittoria to a more hiera and facter based setup
Peter Palfrader [Sat, 28 Sep 2019 16:22:23 +0000 (18:22 +0200)]
Move the backup of the pg instance on vittoria to a more hiera and facter based setup

5 years agoMove the backup of the pg instance of melartin to a more hiera and facter based setup
Peter Palfrader [Sat, 28 Sep 2019 16:19:35 +0000 (18:19 +0200)]
Move the backup of the pg instance of melartin to a more hiera and facter based setup

5 years agowhitespace/quoting: postgres::backup_source
Peter Palfrader [Sat, 28 Sep 2019 15:58:09 +0000 (17:58 +0200)]
whitespace/quoting: postgres::backup_source

5 years agoadd a pg cluster list facter
Peter Palfrader [Sat, 28 Sep 2019 14:41:47 +0000 (16:41 +0200)]
add a pg cluster list facter

5 years agoeximconf: drop jessie-specific configuration
Adam D. Barratt [Sat, 28 Sep 2019 14:14:56 +0000 (15:14 +0100)]
eximconf: drop jessie-specific configuration

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agoexim blacklist: add files@wetransfer.com
Adam D. Barratt [Sat, 28 Sep 2019 13:56:43 +0000 (14:56 +0100)]
exim blacklist: add files@wetransfer.com

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
5 years agodrop old jerea volumes at bm
Peter Palfrader [Sat, 28 Sep 2019 13:03:22 +0000 (15:03 +0200)]
drop old jerea volumes at bm

5 years agodrop old mekeel volumes at bm
Peter Palfrader [Sat, 28 Sep 2019 12:36:43 +0000 (14:36 +0200)]
drop old mekeel volumes at bm

5 years agorename BM rainier and rapoport volumes to OLD-
Aurelien Jarno [Sat, 28 Sep 2019 11:50:58 +0000 (13:50 +0200)]
rename BM rainier and rapoport volumes to OLD-

5 years agoDrop the dedup cluster at bytemark
Aurelien Jarno [Sat, 28 Sep 2019 11:46:26 +0000 (13:46 +0200)]
Drop the dedup cluster at bytemark

5 years agorename BM delfin volumes to OLD-
Aurelien Jarno [Sat, 28 Sep 2019 11:22:31 +0000 (13:22 +0200)]
rename BM delfin volumes to OLD-

5 years agoautofs: delfin at ubc
Aurelien Jarno [Sat, 28 Sep 2019 11:15:28 +0000 (13:15 +0200)]
autofs: delfin at ubc

5 years agorename BM pejacevic volumes to OLD-
Aurelien Jarno [Sat, 28 Sep 2019 11:12:38 +0000 (13:12 +0200)]
rename BM pejacevic volumes to OLD-

5 years agoadd multipath volumes for delfin at ubc
Aurelien Jarno [Sat, 28 Sep 2019 10:46:56 +0000 (12:46 +0200)]
add multipath volumes for delfin at ubc

5 years agoDrop HOST_PGBACKUPHOST_V4 and HOST_PGBACKUPHOST_V6
Aurelien Jarno [Sat, 28 Sep 2019 09:31:57 +0000 (11:31 +0200)]
Drop HOST_PGBACKUPHOST_V4 and HOST_PGBACKUPHOST_V6

5 years agoferm@serger: merge dsa-postgres-backup and dsa-postgres-backup6
Aurelien Jarno [Sat, 28 Sep 2019 09:27:19 +0000 (11:27 +0200)]
ferm@serger: merge dsa-postgres-backup and dsa-postgres-backup6

5 years agoDrop HOST_DEBIAN_V4 and HOST_DEBIAN_V6
Aurelien Jarno [Sat, 28 Sep 2019 09:21:28 +0000 (11:21 +0200)]
Drop HOST_DEBIAN_V4 and HOST_DEBIAN_V6

5 years agoGet pubsub nodes from puppetdb
Peter Palfrader [Sat, 28 Sep 2019 08:23:26 +0000 (10:23 +0200)]
Get pubsub nodes from puppetdb

5 years agoUse export/collect to get the intra-cluster firewall opened for pubsub
Peter Palfrader [Sat, 28 Sep 2019 07:41:15 +0000 (09:41 +0200)]
Use export/collect to get the intra-cluster firewall opened for pubsub

5 years agowhitespace/quoting: pubsub
Peter Palfrader [Sat, 28 Sep 2019 07:39:52 +0000 (09:39 +0200)]
whitespace/quoting: pubsub

5 years agopubsub: do not hardcode IPs
Aurelien Jarno [Fri, 27 Sep 2019 22:57:34 +0000 (00:57 +0200)]
pubsub: do not hardcode IPs

5 years agostunnel: merge IPv4 and IPv6 rules in a single rule
Aurelien Jarno [Fri, 27 Sep 2019 22:32:19 +0000 (00:32 +0200)]
stunnel: merge IPv4 and IPv6 rules in a single rule

5 years agoautofs: pejacevic at ubc
Julien Cristau [Fri, 27 Sep 2019 18:35:51 +0000 (20:35 +0200)]
autofs: pejacevic at ubc

5 years agopubsub: merge IPv4 and IPv6 rules in a single rule
Aurelien Jarno [Fri, 27 Sep 2019 22:27:38 +0000 (00:27 +0200)]
pubsub: merge IPv4 and IPv6 rules in a single rule

5 years agoferm: do not open PG to backup hosts for clusters defined in backup_source
Aurelien Jarno [Fri, 27 Sep 2019 22:04:53 +0000 (00:04 +0200)]
ferm: do not open PG to backup hosts for clusters defined in backup_source