Adam D. Barratt [Fri, 27 Sep 2019 05:10:54 +0000 (06:10 +0100)]
eximconf: add debug messages for (remaining) transports
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Fri, 27 Sep 2019 05:10:38 +0000 (06:10 +0100)]
eximconf: add a debug message for relay_manualroute
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Thu, 26 Sep 2019 17:29:45 +0000 (18:29 +0100)]
fail2ban: make exim "AUTH LOGIN" match case-insensitive
Apparently people are trying it in lower-case as well
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Thu, 26 Sep 2019 17:28:03 +0000 (18:28 +0100)]
fail2ban: add more expressions to the Exim filter
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Thu, 26 Sep 2019 17:24:01 +0000 (18:24 +0100)]
eximconf: increase log detail
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Thu, 26 Sep 2019 17:20:55 +0000 (18:20 +0100)]
eximconf: split log_selector to one item per line
This makes it easier to add/remove items
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Thu, 26 Sep 2019 17:18:09 +0000 (18:18 +0100)]
eximconf: force mail to Google to be routed via IPv4
Delivering mail to Google over IPv6 is tricky unless the stars align
in precisely the right manner. Doing so over IPv4 can still be
awkard, but is generally much simpler.
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Thu, 26 Sep 2019 17:07:17 +0000 (18:07 +0100)]
eximconf: make NDRs contain only headers, not bodies
This helps avoid us being used as a potential part of redirected
"bounce spam".
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Thu, 26 Sep 2019 17:04:12 +0000 (18:04 +0100)]
eximconf: add an alternative SMTP router for "single domain" domains
These are domains that only allow a single recipient domain per SMTP
connection, in order to allow simple differentiation of filtering
options.
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Peter Palfrader [Sat, 28 Sep 2019 18:59:17 +0000 (20:59 +0200)]
fix a class name
Peter Palfrader [Sat, 28 Sep 2019 18:58:10 +0000 (20:58 +0200)]
Replace debbackup with parameterized username in most places
Peter Palfrader [Sat, 28 Sep 2019 18:50:49 +0000 (20:50 +0200)]
cleanup
Peter Palfrader [Sat, 28 Sep 2019 18:48:16 +0000 (20:48 +0200)]
Try something else to get a default for postgres::backup_cluster::db_backup_role
Peter Palfrader [Sat, 28 Sep 2019 18:44:46 +0000 (20:44 +0200)]
whitespace
Peter Palfrader [Sat, 28 Sep 2019 18:30:27 +0000 (20:30 +0200)]
Move backup role name to hiera
Peter Palfrader [Sat, 28 Sep 2019 18:28:32 +0000 (20:28 +0200)]
Move pg-receive-file-from-backup to postgres module
Peter Palfrader [Sat, 28 Sep 2019 18:27:20 +0000 (20:27 +0200)]
fix paths
Peter Palfrader [Sat, 28 Sep 2019 18:26:39 +0000 (20:26 +0200)]
pg-backup-file.conf.erb: Remove obsolete special casing
Peter Palfrader [Sat, 28 Sep 2019 18:25:07 +0000 (20:25 +0200)]
Move files for pg-backup-file from roles to postgres module
Peter Palfrader [Sat, 28 Sep 2019 18:20:37 +0000 (20:20 +0200)]
Move backup-server specific sudoers entries out of debian-global sudo
Peter Palfrader [Sat, 28 Sep 2019 18:14:21 +0000 (20:14 +0200)]
Move $make_base_backups to postgres::backup_server as it is local there; make some strings in postgres::backup_server::globals parameters
Peter Palfrader [Sat, 28 Sep 2019 17:59:51 +0000 (19:59 +0200)]
sibelius and chopin no longer run relevant pg instances or even exist
Peter Palfrader [Sat, 28 Sep 2019 17:58:53 +0000 (19:58 +0200)]
rename dsa-check-backuppg-manual.conf
Peter Palfrader [Sat, 28 Sep 2019 17:53:19 +0000 (19:53 +0200)]
migrate away from old postgres_backup_server role
Peter Palfrader [Sat, 28 Sep 2019 17:47:59 +0000 (19:47 +0200)]
note why lw07 and snapshotdb-manda-01 are still in postgresql_server in data/common.yaml
Peter Palfrader [Sat, 28 Sep 2019 17:40:43 +0000 (19:40 +0200)]
Fix crontab entry
Peter Palfrader [Sat, 28 Sep 2019 17:37:20 +0000 (19:37 +0200)]
pg cluster facter: port is an integer
Peter Palfrader [Sat, 28 Sep 2019 17:35:38 +0000 (19:35 +0200)]
Types for params of postgres::backup_cluster
Peter Palfrader [Sat, 28 Sep 2019 17:31:37 +0000 (19:31 +0200)]
modules/postgres/manifests: quoting, spacing, linting
Peter Palfrader [Sat, 28 Sep 2019 17:28:56 +0000 (19:28 +0200)]
Move list of clusters to make a base backup of from the script to a conffile
Peter Palfrader [Sat, 28 Sep 2019 17:12:23 +0000 (19:12 +0200)]
And add sallinen to roles::postgresql::server
Peter Palfrader [Sat, 28 Sep 2019 17:07:18 +0000 (19:07 +0200)]
switch sallinen to modern pg backup config fu
Peter Palfrader [Sat, 28 Sep 2019 17:04:18 +0000 (19:04 +0200)]
switch bmdb1 to modern pg backup config fu
Peter Palfrader [Sat, 28 Sep 2019 16:51:52 +0000 (18:51 +0200)]
Remove buxtehude from old-style pg role
Peter Palfrader [Sat, 28 Sep 2019 16:50:39 +0000 (18:50 +0200)]
switch seger to modern pg backup config fu
Peter Palfrader [Sat, 28 Sep 2019 16:49:38 +0000 (18:49 +0200)]
Remove fasolo from old-style pg role
Peter Palfrader [Sat, 28 Sep 2019 16:48:01 +0000 (18:48 +0200)]
danzi should not be listed in the manual sections of pg backup files
Peter Palfrader [Sat, 28 Sep 2019 16:40:29 +0000 (18:40 +0200)]
remove explicit ferm allow from the pgbackup hosts to fasolo
Peter Palfrader [Sat, 28 Sep 2019 16:36:49 +0000 (18:36 +0200)]
move fasolo pg backup away from manual listing things
Peter Palfrader [Sat, 28 Sep 2019 16:35:50 +0000 (18:35 +0200)]
add danzi hiera file
Peter Palfrader [Sat, 28 Sep 2019 16:32:46 +0000 (18:32 +0200)]
Stop special casing godard in postgres::backup_source
Peter Palfrader [Sat, 28 Sep 2019 16:29:42 +0000 (18:29 +0200)]
Move the backup of the pg instance on danzi to a more hiera and facter based setup
Peter Palfrader [Sat, 28 Sep 2019 16:28:16 +0000 (18:28 +0200)]
Move the backup of the pg instance on postgresql-manda-01 to a more hiera and facter based setup
Peter Palfrader [Sat, 28 Sep 2019 16:26:43 +0000 (18:26 +0200)]
Class instance names need to encode version and clustername, not just hostname, to work on hosts with more than one cluster
Peter Palfrader [Sat, 28 Sep 2019 16:23:48 +0000 (18:23 +0200)]
Move the backup of the pg instance on buxtehude to a more hiera and facter based setup
Peter Palfrader [Sat, 28 Sep 2019 16:22:23 +0000 (18:22 +0200)]
Move the backup of the pg instance on vittoria to a more hiera and facter based setup
Peter Palfrader [Sat, 28 Sep 2019 16:19:35 +0000 (18:19 +0200)]
Move the backup of the pg instance of melartin to a more hiera and facter based setup
Peter Palfrader [Sat, 28 Sep 2019 15:58:09 +0000 (17:58 +0200)]
whitespace/quoting: postgres::backup_source
Peter Palfrader [Sat, 28 Sep 2019 14:41:47 +0000 (16:41 +0200)]
add a pg cluster list facter
Peter Palfrader [Sat, 28 Sep 2019 13:03:22 +0000 (15:03 +0200)]
drop old jerea volumes at bm
Peter Palfrader [Sat, 28 Sep 2019 12:36:43 +0000 (14:36 +0200)]
drop old mekeel volumes at bm
Aurelien Jarno [Sat, 28 Sep 2019 11:50:58 +0000 (13:50 +0200)]
rename BM rainier and rapoport volumes to OLD-
Aurelien Jarno [Sat, 28 Sep 2019 11:46:26 +0000 (13:46 +0200)]
Drop the dedup cluster at bytemark
Aurelien Jarno [Sat, 28 Sep 2019 11:22:31 +0000 (13:22 +0200)]
rename BM delfin volumes to OLD-
Aurelien Jarno [Sat, 28 Sep 2019 11:15:28 +0000 (13:15 +0200)]
autofs: delfin at ubc
Aurelien Jarno [Sat, 28 Sep 2019 11:12:38 +0000 (13:12 +0200)]
rename BM pejacevic volumes to OLD-
Aurelien Jarno [Sat, 28 Sep 2019 10:46:56 +0000 (12:46 +0200)]
add multipath volumes for delfin at ubc
Aurelien Jarno [Sat, 28 Sep 2019 09:31:57 +0000 (11:31 +0200)]
Drop HOST_PGBACKUPHOST_V4 and HOST_PGBACKUPHOST_V6
Aurelien Jarno [Sat, 28 Sep 2019 09:27:19 +0000 (11:27 +0200)]
ferm@serger: merge dsa-postgres-backup and dsa-postgres-backup6
Aurelien Jarno [Sat, 28 Sep 2019 09:21:28 +0000 (11:21 +0200)]
Drop HOST_DEBIAN_V4 and HOST_DEBIAN_V6
Peter Palfrader [Sat, 28 Sep 2019 08:23:26 +0000 (10:23 +0200)]
Get pubsub nodes from puppetdb
Peter Palfrader [Sat, 28 Sep 2019 07:41:15 +0000 (09:41 +0200)]
Use export/collect to get the intra-cluster firewall opened for pubsub
Peter Palfrader [Sat, 28 Sep 2019 07:39:52 +0000 (09:39 +0200)]
whitespace/quoting: pubsub
Aurelien Jarno [Fri, 27 Sep 2019 22:57:34 +0000 (00:57 +0200)]
pubsub: do not hardcode IPs
Aurelien Jarno [Fri, 27 Sep 2019 22:32:19 +0000 (00:32 +0200)]
stunnel: merge IPv4 and IPv6 rules in a single rule
Julien Cristau [Fri, 27 Sep 2019 18:35:51 +0000 (20:35 +0200)]
autofs: pejacevic at ubc
Aurelien Jarno [Fri, 27 Sep 2019 22:27:38 +0000 (00:27 +0200)]
pubsub: merge IPv4 and IPv6 rules in a single rule
Aurelien Jarno [Fri, 27 Sep 2019 22:04:53 +0000 (00:04 +0200)]
ferm: do not open PG to backup hosts for clusters defined in backup_source
Aurelien Jarno [Fri, 27 Sep 2019 21:56:45 +0000 (23:56 +0200)]
Correctly add tracker and wanna-build backups @ danzi
Aurelien Jarno [Fri, 27 Sep 2019 21:46:23 +0000 (23:46 +0200)]
pg@danzi: use a list of hosts instead of whitelisting the whole subnet
Julien Cristau [Fri, 27 Sep 2019 18:34:37 +0000 (20:34 +0200)]
add multipath volumes for pejacevic at ubc
Julien Cristau [Fri, 27 Sep 2019 09:36:20 +0000 (11:36 +0200)]
Fix typo in volume name
Peter Palfrader [Fri, 27 Sep 2019 07:03:49 +0000 (09:03 +0200)]
move appstream.debian.org static component to static-master-ubc-01 from dillon, since the source (mekeel) moved from bm to ubc
Peter Palfrader [Fri, 27 Sep 2019 06:33:08 +0000 (08:33 +0200)]
mekeel now gets the UBC autofs config
Peter Palfrader [Fri, 27 Sep 2019 06:32:26 +0000 (08:32 +0200)]
rename BM mekeel volumes to OLD-
Peter Palfrader [Fri, 27 Sep 2019 05:58:05 +0000 (07:58 +0200)]
Add volumes for mekeel
Julien Cristau [Thu, 26 Sep 2019 12:57:22 +0000 (14:57 +0200)]
exim: fix syntax error in exim_surbl.pl
Julien Cristau [Thu, 26 Sep 2019 12:36:57 +0000 (14:36 +0200)]
exim: remove debconf hosts from debianhosts
debconf.org email goes through the debian MXs now.
Julien Cristau [Thu, 26 Sep 2019 12:14:16 +0000 (14:14 +0200)]
Merge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet
Peter Palfrader [Thu, 26 Sep 2019 07:38:09 +0000 (09:38 +0200)]
Fix package name
Peter Palfrader [Thu, 26 Sep 2019 07:35:38 +0000 (09:35 +0200)]
And remove the file on or after 10.2
Peter Palfrader [Thu, 26 Sep 2019 07:34:59 +0000 (09:34 +0200)]
Ignore local package trapperkeeper-webserver-jetty9-clojure on puppetmaster, cf. Debian#924005, Debian#930562
Peter Palfrader [Wed, 25 Sep 2019 20:28:07 +0000 (22:28 +0200)]
remove non-standard From header from Bacula emails
re Debian#935886, by anarcat
Peter Palfrader [Wed, 25 Sep 2019 20:27:38 +0000 (22:27 +0200)]
simplify email_error default logic
(by anarcat)
Peter Palfrader [Wed, 25 Sep 2019 17:01:35 +0000 (19:01 +0200)]
Fix bacula email logic
Peter Palfrader [Wed, 25 Sep 2019 17:01:00 +0000 (19:01 +0200)]
Revert "Since the conditional does not work for default values for params, fall back to sane defaults in code"
This reverts commit
75ce99c03293e2df071bcbb7f56694d192652586.
Peter Palfrader [Wed, 25 Sep 2019 16:52:36 +0000 (18:52 +0200)]
Since the conditional does not work for default values for params, fall back to sane defaults in code
Peter Palfrader [Wed, 25 Sep 2019 16:44:00 +0000 (18:44 +0200)]
set email_error until we figure out how to fix it properly
Peter Palfrader [Wed, 25 Sep 2019 16:37:11 +0000 (18:37 +0200)]
Only realize the director-from-client config if the director-from-client-via-storage config is already there
Peter Palfrader [Wed, 25 Sep 2019 16:21:30 +0000 (18:21 +0200)]
Split up mail roles
Peter Palfrader [Wed, 25 Sep 2019 14:54:18 +0000 (16:54 +0200)]
Try to wait for both network-online *and* unbound
Peter Palfrader [Wed, 25 Sep 2019 12:57:31 +0000 (14:57 +0200)]
defaults for db_address, db_port; move dbsslmode = verify-ca into the case where we have a dbsslca
Peter Palfrader [Wed, 25 Sep 2019 12:21:32 +0000 (14:21 +0200)]
List non-optional params first
Peter Palfrader [Wed, 25 Sep 2019 12:20:25 +0000 (14:20 +0200)]
Move bacula::bacula_ssl_{server,client}_{cert,key} to hiera
Peter Palfrader [Wed, 25 Sep 2019 12:09:45 +0000 (14:09 +0200)]
Move bacula::bacula_ssl_ca_path to hiera
Peter Palfrader [Wed, 25 Sep 2019 12:01:48 +0000 (14:01 +0200)]
s/bacula_ca_path/bacula_ssl_ca_path/
Peter Palfrader [Wed, 25 Sep 2019 11:59:57 +0000 (13:59 +0200)]
Move operator_email to hiera
Peter Palfrader [Wed, 25 Sep 2019 11:58:01 +0000 (13:58 +0200)]
bacula_dsa_client_list and tag_bacula_dsa_client_list are not parameters
Peter Palfrader [Wed, 25 Sep 2019 11:41:15 +0000 (13:41 +0200)]
Document ferm::rule::simple
Peter Palfrader [Wed, 25 Sep 2019 11:05:06 +0000 (13:05 +0200)]
dsa_systemd::override: cleanup and make sure removal cleans the dir also