mirror/dsa-puppet.git
9 years agoauto-restart broken stunnels
Peter Palfrader [Sat, 11 Apr 2015 08:26:25 +0000 (10:26 +0200)]
auto-restart broken stunnels

9 years agoTry to make stunnel4 init script work on wheezy
Peter Palfrader [Fri, 10 Apr 2015 07:28:35 +0000 (09:28 +0200)]
Try to make stunnel4 init script work on wheezy

start-stop-daemon in wheezy does not have a --pid yet.
Instead, it interprets it as --pidfile and things become sad.

9 years agounbound: update debian.org DS
Peter Palfrader [Thu, 9 Apr 2015 07:28:58 +0000 (09:28 +0200)]
unbound: update debian.org DS

9 years agogrnet-node01 is currently not available - remove as entropy provider
Peter Palfrader [Wed, 8 Apr 2015 12:16:07 +0000 (14:16 +0200)]
grnet-node01 is currently not available - remove as entropy provider

9 years agoReload systemd defs if the stunnel4 init script changes
Tollef Fog Heen [Mon, 6 Apr 2015 17:47:33 +0000 (19:47 +0200)]
Reload systemd defs if the stunnel4 init script changes

9 years agoFix syntax
Tollef Fog Heen [Mon, 6 Apr 2015 17:30:26 +0000 (19:30 +0200)]
Fix syntax

9 years agoUse start-stop-daemon for stopping/restarting stunnel4
Tollef Fog Heen [Mon, 6 Apr 2015 17:28:03 +0000 (19:28 +0200)]
Use start-stop-daemon for stopping/restarting stunnel4

9 years agorenew certs
Martin Zobel-Helas [Fri, 3 Apr 2015 20:46:22 +0000 (20:46 +0000)]
renew certs

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
9 years agoRevert "try without that first"
Martin Zobel-Helas [Fri, 3 Apr 2015 11:52:44 +0000 (11:52 +0000)]
Revert "try without that first"

This reverts commit bfc022db0e9eca3c0916e2f1abea84bbc61026a6.

9 years agotry without that first
Martin Zobel-Helas [Fri, 3 Apr 2015 11:51:02 +0000 (11:51 +0000)]
try without that first

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
9 years agoRevert "no class elasticsearch"
Martin Zobel-Helas [Fri, 3 Apr 2015 11:38:09 +0000 (11:38 +0000)]
Revert "no class elasticsearch"

This reverts commit 1a4fc6d887319680dc9504c96a931cf0c0284ecc.

9 years agono class elasticsearch
Martin Zobel-Helas [Fri, 3 Apr 2015 11:37:23 +0000 (11:37 +0000)]
no class elasticsearch

9 years agocorrect modulepath
Martin Zobel-Helas [Fri, 3 Apr 2015 11:33:40 +0000 (11:33 +0000)]
correct modulepath

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
9 years agoAdd new module elasticsearch for listsearch
Martin Zobel-Helas [Thu, 2 Apr 2015 14:02:20 +0000 (14:02 +0000)]
Add new module elasticsearch for listsearch

We do not want write our own puppet module for elasticsearch. Therefor
we use the one from puppetforge.

This commit invents the use of r10k in an extra 3rdparty module
subdirectory. This way we can pull in new modules from puppetforge
without deleting the old ones. Puppetfile allows us to define which
module in which version is pulled in from puppetforge by running:

r10k puppetfile install

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
9 years agowe now use elasticsearch, so adjust ports
Martin Zobel-Helas [Thu, 2 Apr 2015 08:05:16 +0000 (08:05 +0000)]
we now use elasticsearch, so adjust ports

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
9 years agonew $vcs SSL cert
Martin Zobel-Helas [Wed, 1 Apr 2015 11:47:53 +0000 (11:47 +0000)]
new $vcs SSL cert

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
9 years agoUpdate the alioth wildcard certificate
Paul Wise [Tue, 31 Mar 2015 01:52:53 +0000 (09:52 +0800)]
Update the alioth wildcard certificate

9 years agoMove ca-certificates configs to puppet files for maintainability.
Paul Wise [Tue, 31 Mar 2015 01:51:51 +0000 (09:51 +0800)]
Move ca-certificates configs to puppet files for maintainability.

9 years agoretire lilburn
Peter Palfrader [Sat, 28 Mar 2015 18:05:22 +0000 (19:05 +0100)]
retire lilburn

9 years agoarm-arm-03: new host
Héctor Orón Martínez [Tue, 24 Mar 2015 10:10:06 +0000 (11:10 +0100)]
arm-arm-03: new host

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
9 years agoAdd dinis-lvm
Peter Palfrader [Tue, 24 Mar 2015 08:04:35 +0000 (09:04 +0100)]
Add dinis-lvm

9 years agoAdd plummer to PORTERBOXES
Peter Palfrader [Mon, 23 Mar 2015 17:58:22 +0000 (18:58 +0100)]
Add plummer to PORTERBOXES

9 years agoAdd plummer
Peter Palfrader [Mon, 23 Mar 2015 17:32:25 +0000 (18:32 +0100)]
Add plummer

9 years agoAllow running dsa-check-stunnel-sanity as root from nagios
Peter Palfrader [Mon, 23 Mar 2015 12:38:19 +0000 (13:38 +0100)]
Allow running dsa-check-stunnel-sanity as root from nagios

9 years agoSet SO_KEEPALIVE, maybe it helps
Peter Palfrader [Mon, 23 Mar 2015 10:38:34 +0000 (11:38 +0100)]
Set SO_KEEPALIVE, maybe it helps

9 years agoNew 29.172.in-addr.arpa trust anchor
Peter Palfrader [Mon, 23 Mar 2015 09:53:06 +0000 (10:53 +0100)]
New 29.172.in-addr.arpa trust anchor

9 years agoAdd moszumanska to postgres-make-base-backups
Peter Palfrader [Sat, 21 Mar 2015 08:48:56 +0000 (09:48 +0100)]
Add moszumanska to postgres-make-base-backups

9 years agoporterbox: avoid d-i user removal (used for di-autobuilding)
Héctor Orón Martínez [Thu, 19 Mar 2015 10:11:32 +0000 (11:11 +0100)]
porterbox: avoid d-i user removal (used for di-autobuilding)

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
9 years agoDo not use the apt-get --force-yes option as it is dangerous and insecure.
Paul Wise [Thu, 19 Mar 2015 04:59:06 +0000 (12:59 +0800)]
Do not use the apt-get --force-yes option as it is dangerous and insecure.

This option causes apt's OpenPGP signature checks as well as other errors
to be warned about but ignored.

9 years agoFix blacklist entry
Paul Wise [Wed, 18 Mar 2015 14:46:43 +0000 (22:46 +0800)]
Fix blacklist entry

9 years agoBlacklist paytm.com, no opt-in, no opt-out
Paul Wise [Tue, 17 Mar 2015 09:33:54 +0000 (17:33 +0800)]
Blacklist paytm.com, no opt-in, no opt-out

9 years agoAT LAST, SIR TERRY, WE MUST WALK TOGETHER.
Stephen Gran [Mon, 16 Mar 2015 20:28:20 +0000 (20:28 +0000)]
AT LAST, SIR TERRY, WE MUST WALK TOGETHER.

Signed-off-by: Stephen Gran <steve@lobefin.net>
9 years agono backups for x86-grnet-01
Julien Cristau [Mon, 16 Mar 2015 12:20:18 +0000 (13:20 +0100)]
no backups for x86-grnet-01

Signed-off-by: Julien Cristau <jcristau@debian.org>
9 years agobuildd.d.o: update archive key
Héctor Orón Martínez [Sun, 15 Mar 2015 11:14:37 +0000 (12:14 +0100)]
buildd.d.o: update archive key

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
9 years agogrnet-node01 has ekey now
Martin Zobel-Helas [Sun, 15 Mar 2015 10:19:26 +0000 (10:19 +0000)]
grnet-node01 has ekey now

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
9 years agodi-autobuilding: allow d-i group builds on porterboxes
Héctor Orón Martínez [Sun, 15 Mar 2015 10:18:57 +0000 (11:18 +0100)]
di-autobuilding: allow d-i group builds on porterboxes

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
9 years agoDecommission senfl.debian.org
Paul Wise [Fri, 6 Mar 2015 07:10:20 +0000 (15:10 +0800)]
Decommission senfl.debian.org

9 years agoSSL certificate for search.debian.org
Martin Zobel-Helas [Wed, 4 Mar 2015 09:53:27 +0000 (09:53 +0000)]
SSL certificate for search.debian.org

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
9 years agobuildd: add jessie suite
Héctor Orón Martínez [Wed, 25 Feb 2015 19:33:52 +0000 (20:33 +0100)]
buildd: add jessie suite

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
9 years agono more static-update-component lintian on lilburn
Peter Palfrader [Thu, 19 Feb 2015 20:14:17 +0000 (21:14 +0100)]
no more static-update-component lintian on lilburn

9 years agolintian moved to lindsay. Move its master from bizet to dillon too
Peter Palfrader [Thu, 19 Feb 2015 20:09:32 +0000 (21:09 +0100)]
lintian moved to lindsay.  Move its master from bizet to dillon too

9 years agobm autofs for lindsay
Peter Palfrader [Thu, 19 Feb 2015 19:37:15 +0000 (20:37 +0100)]
bm autofs for lindsay

9 years agomake armhf and armel chroot on arm64
Peter Palfrader [Wed, 18 Feb 2015 13:42:11 +0000 (14:42 +0100)]
make armhf and armel chroot on arm64

9 years agodsa-check-libs: Allow -v for --verbose
Peter Palfrader [Wed, 18 Feb 2015 11:15:15 +0000 (12:15 +0100)]
dsa-check-libs: Allow -v for --verbose

9 years agodsa-check-libs: Ignore deleted directories that we happen to be in
Peter Palfrader [Wed, 18 Feb 2015 11:13:17 +0000 (12:13 +0100)]
dsa-check-libs: Ignore deleted directories that we happen to be in

9 years agospacing
Peter Palfrader [Sun, 15 Feb 2015 18:16:24 +0000 (19:16 +0100)]
spacing

9 years agomore zani swap messing
Peter Palfrader [Sun, 15 Feb 2015 18:16:10 +0000 (19:16 +0100)]
more zani swap messing

9 years agochange order
Peter Palfrader [Sun, 15 Feb 2015 18:14:05 +0000 (19:14 +0100)]
change order

9 years agoRevert "more quoting"
Peter Palfrader [Sun, 15 Feb 2015 18:11:19 +0000 (19:11 +0100)]
Revert "more quoting"

This reverts commit 389d5d780402be55af5779e918bfefefdbc157a7.

9 years agomore quoting
Peter Palfrader [Sun, 15 Feb 2015 18:10:19 +0000 (19:10 +0100)]
more quoting

9 years agoMake rc.local a template, make swap on zani
Peter Palfrader [Sun, 15 Feb 2015 18:09:13 +0000 (19:09 +0100)]
Make rc.local a template, make swap on zani

9 years agomail-big-homedirs: never touch the homedir of the buildd user
Peter Palfrader [Sun, 15 Feb 2015 09:54:42 +0000 (10:54 +0100)]
mail-big-homedirs: never touch the homedir of the buildd user

9 years agoAdd buildd to sbuild
Peter Palfrader [Sat, 14 Feb 2015 21:43:37 +0000 (22:43 +0100)]
Add buildd to sbuild

9 years agowhitespace fix
Peter Palfrader [Sat, 14 Feb 2015 21:39:22 +0000 (22:39 +0100)]
whitespace fix

9 years agobuildd user exists facter
Peter Palfrader [Sat, 14 Feb 2015 21:38:35 +0000 (22:38 +0100)]
buildd user exists facter

9 years agoBut we do want to create a ~buildd/stats
Peter Palfrader [Sat, 14 Feb 2015 21:34:20 +0000 (22:34 +0100)]
But we do want to create a ~buildd/stats

9 years agoget rid of status
Peter Palfrader [Sat, 14 Feb 2015 21:30:13 +0000 (22:30 +0100)]
get rid of status

9 years agoinstall buildd keys
Peter Palfrader [Sat, 14 Feb 2015 21:15:21 +0000 (22:15 +0100)]
install buildd keys

9 years agoonly hostname, not fqdn
Peter Palfrader [Sat, 14 Feb 2015 14:18:21 +0000 (15:18 +0100)]
only hostname, not fqdn

9 years agoremove extra whitespace
Peter Palfrader [Sat, 14 Feb 2015 14:13:08 +0000 (15:13 +0100)]
remove extra whitespace

9 years agofix template
Peter Palfrader [Sat, 14 Feb 2015 14:11:57 +0000 (15:11 +0100)]
fix template

9 years agocreate authorized_keys for wb-buildd
Peter Palfrader [Sat, 14 Feb 2015 14:08:57 +0000 (15:08 +0100)]
create authorized_keys for wb-buildd

9 years agocreate ssh key for buildd
Peter Palfrader [Sat, 14 Feb 2015 14:01:00 +0000 (15:01 +0100)]
create ssh key for buildd

9 years agoowner/group for .forward
Peter Palfrader [Sat, 14 Feb 2015 12:00:26 +0000 (13:00 +0100)]
owner/group for .forward

9 years agoShip 99builddsourceslist on jessie systems
Peter Palfrader [Sat, 14 Feb 2015 11:57:57 +0000 (12:57 +0100)]
Ship 99builddsourceslist on jessie systems

9 years agobuildd directories and files as requested by aurel
Peter Palfrader [Sat, 14 Feb 2015 11:52:28 +0000 (12:52 +0100)]
buildd directories and files as requested by aurel

9 years agostricter regex
Peter Palfrader [Fri, 13 Feb 2015 19:14:01 +0000 (20:14 +0100)]
stricter regex

9 years agoexport ubc multipath config to boito
Peter Palfrader [Fri, 13 Feb 2015 18:57:01 +0000 (19:57 +0100)]
export ubc multipath config to boito

9 years agoremove rossini and salieri
Luca Filipozzi [Fri, 13 Feb 2015 18:48:30 +0000 (18:48 +0000)]
remove rossini and salieri

9 years agoexport ubc multipath config to bertali
Peter Palfrader [Fri, 13 Feb 2015 18:00:42 +0000 (19:00 +0100)]
export ubc multipath config to bertali

9 years agoexport ubc multipath config to tristano
Peter Palfrader [Fri, 13 Feb 2015 17:40:29 +0000 (18:40 +0100)]
export ubc multipath config to tristano

9 years agoubc: Ignore sda on p410 blades
Peter Palfrader [Fri, 13 Feb 2015 16:40:21 +0000 (17:40 +0100)]
ubc: Ignore sda on p410 blades

9 years agoexport ubc multipath config to pasquini
Peter Palfrader [Fri, 13 Feb 2015 16:32:50 +0000 (17:32 +0100)]
export ubc multipath config to pasquini

9 years agomultipath-ubc-ganeti: remove old volumes
Peter Palfrader [Fri, 13 Feb 2015 16:32:14 +0000 (17:32 +0100)]
multipath-ubc-ganeti: remove old volumes

9 years agoMake syslog-ng require the network and unbound to be up before starting
Tollef Fog Heen [Wed, 11 Feb 2015 15:17:10 +0000 (16:17 +0100)]
Make syslog-ng require the network and unbound to be up before starting

9 years agoTurn off forwarding of systemd journal messages to syslog-ng
Tollef Fog Heen [Wed, 11 Feb 2015 14:11:24 +0000 (15:11 +0100)]
Turn off forwarding of systemd journal messages to syslog-ng

Modern syslogs (such as rsyslog and syslog-ng > 3.6) pull from the
systemd journal themselves. Tell systemd to not forward the messages
to syslog.  Also change it so syslog-ng no longer hooks into the
syslog.socket early boot stuff, since that causes headaches when it
tries to connect to loghost and can't resolve names.

9 years agosystem shutdown check with systemd
Peter Palfrader [Wed, 11 Feb 2015 13:22:00 +0000 (14:22 +0100)]
system shutdown check with systemd

9 years agoDrop no longer in use office network
Tollef Fog Heen [Wed, 11 Feb 2015 12:51:18 +0000 (13:51 +0100)]
Drop no longer in use office network

9 years agoReplace a tab with spaces in python code
Peter Palfrader [Tue, 10 Feb 2015 10:38:40 +0000 (11:38 +0100)]
Replace a tab with spaces in python code

9 years agoKill evil spaces
Peter Palfrader [Tue, 10 Feb 2015 10:38:20 +0000 (11:38 +0100)]
Kill evil spaces

9 years agoMake ud-replicated depend on syslog.service
Peter Palfrader [Mon, 9 Feb 2015 18:22:01 +0000 (19:22 +0100)]
Make ud-replicated depend on syslog.service

9 years agomake dsa-check-libs +x
Peter Palfrader [Mon, 9 Feb 2015 12:01:14 +0000 (13:01 +0100)]
make dsa-check-libs +x

9 years agoFix path
Peter Palfrader [Mon, 9 Feb 2015 09:30:18 +0000 (10:30 +0100)]
Fix path

9 years agoShip dsa-check-libs via puppet for now
Peter Palfrader [Mon, 9 Feb 2015 09:28:16 +0000 (10:28 +0100)]
Ship dsa-check-libs via puppet for now

9 years agoapache 2.4 config for default vhost
Peter Palfrader [Sun, 8 Feb 2015 13:01:55 +0000 (14:01 +0100)]
apache 2.4 config for default vhost

9 years agorossini out of ekey
Peter Palfrader [Sun, 8 Feb 2015 07:58:55 +0000 (08:58 +0100)]
rossini out of ekey

9 years agoremove villa from no-backup
Peter Palfrader [Sat, 7 Feb 2015 18:58:31 +0000 (19:58 +0100)]
remove villa from no-backup

9 years agoset listen=NO in vsftpd
Peter Palfrader [Sat, 7 Feb 2015 18:31:53 +0000 (19:31 +0100)]
set listen=NO in vsftpd

9 years agoapache 2.4 compatbile security.d.o
Peter Palfrader [Sat, 7 Feb 2015 18:20:42 +0000 (19:20 +0100)]
apache 2.4 compatbile security.d.o

9 years agoMake a template out of the security.d.o apache conf
Peter Palfrader [Sat, 7 Feb 2015 18:19:19 +0000 (19:19 +0100)]
Make a template out of the security.d.o apache conf

9 years agosyntax fix
Peter Palfrader [Sat, 7 Feb 2015 18:12:14 +0000 (19:12 +0100)]
syntax fix

9 years agoapache 2.4 sites stuff
Peter Palfrader [Sat, 7 Feb 2015 18:11:28 +0000 (19:11 +0100)]
apache 2.4 sites stuff

9 years agopostmasterish is not a spam trap, put that after host and sender address blacklist
Tollef Fog Heen [Wed, 4 Feb 2015 19:32:03 +0000 (20:32 +0100)]
postmasterish is not a spam trap, put that after host and sender address blacklist

9 years agomove entropy key from salieri to rossini
Luca Filipozzi [Mon, 2 Feb 2015 03:16:26 +0000 (03:16 +0000)]
move entropy key from salieri to rossini

9 years agoGet rid of always broken http.d.net
Peter Palfrader [Wed, 28 Jan 2015 17:30:31 +0000 (18:30 +0100)]
Get rid of always broken http.d.net

9 years agoIgnore /etc/nagios/check-libs.conf
Peter Palfrader [Wed, 28 Jan 2015 13:24:31 +0000 (14:24 +0100)]
Ignore /etc/nagios/check-libs.conf

9 years agoPush nagios check-libs.conf via puppet
Peter Palfrader [Wed, 28 Jan 2015 13:16:40 +0000 (14:16 +0100)]
Push nagios check-libs.conf via puppet

9 years agoAdd nagios plugins to root's PATH
Peter Palfrader [Wed, 28 Jan 2015 13:09:30 +0000 (14:09 +0100)]
Add nagios plugins to root's PATH

9 years agoAllow nagios to run dsa-check-libs under sudo
Peter Palfrader [Tue, 27 Jan 2015 23:15:52 +0000 (00:15 +0100)]
Allow nagios to run dsa-check-libs under sudo

9 years agoAdd minkus to porterboxes
Peter Palfrader [Mon, 26 Jan 2015 20:37:27 +0000 (21:37 +0100)]
Add minkus to porterboxes