mirror/dsa-puppet.git
9 years agoPush nagios check-libs.conf via puppet
Peter Palfrader [Wed, 28 Jan 2015 13:16:40 +0000 (14:16 +0100)]
Push nagios check-libs.conf via puppet

9 years agoAdd nagios plugins to root's PATH
Peter Palfrader [Wed, 28 Jan 2015 13:09:30 +0000 (14:09 +0100)]
Add nagios plugins to root's PATH

9 years agoAllow nagios to run dsa-check-libs under sudo
Peter Palfrader [Tue, 27 Jan 2015 23:15:52 +0000 (00:15 +0100)]
Allow nagios to run dsa-check-libs under sudo

9 years agoAdd minkus to porterboxes
Peter Palfrader [Mon, 26 Jan 2015 20:37:27 +0000 (21:37 +0100)]
Add minkus to porterboxes

9 years agoBlacklist hatemshaheen21@yahoo.com
Peter Palfrader [Thu, 22 Jan 2015 09:37:49 +0000 (10:37 +0100)]
Blacklist hatemshaheen21@yahoo.com

9 years agoMake buildd-schroot-aptitude-kill work on jessie
Peter Palfrader [Thu, 15 Jan 2015 22:36:56 +0000 (23:36 +0100)]
Make buildd-schroot-aptitude-kill work on jessie

9 years agoI think we want to ignore errors here
Peter Palfrader [Wed, 14 Jan 2015 21:56:32 +0000 (22:56 +0100)]
I think we want to ignore errors here

9 years agoTry porting torproject changes: support excluding mirror for a single static component
Peter Palfrader [Wed, 14 Jan 2015 21:43:28 +0000 (22:43 +0100)]
Try porting torproject changes: support excluding mirror for a single static component

9 years agoAdd root ssh key for jcristau
Julien Cristau [Sat, 10 Jan 2015 15:18:33 +0000 (16:18 +0100)]
Add root ssh key for jcristau

Signed-off-by: Julien Cristau <jcristau@debian.org>
9 years agoNew leap second
Peter Palfrader [Fri, 9 Jan 2015 19:00:44 +0000 (20:00 +0100)]
New leap second

9 years agort-mailgate needs the ca-debian workaround too
Paul Wise [Wed, 7 Jan 2015 15:12:58 +0000 (23:12 +0800)]
rt-mailgate needs the ca-debian workaround too

9 years agoThe snakeoil key is handled by puppet also.
Paul Wise [Wed, 7 Jan 2015 07:06:52 +0000 (15:06 +0800)]
The snakeoil key is handled by puppet also.

9 years agoWe still have some debian.org certs signed by SPI and USERFirst
Paul Wise [Wed, 7 Jan 2015 06:43:04 +0000 (14:43 +0800)]
We still have some debian.org certs signed by SPI and USERFirst

9 years agoTrailing line ending characters are sometimes nice
Paul Wise [Wed, 7 Jan 2015 06:11:01 +0000 (14:11 +0800)]
Trailing line ending characters are sometimes nice

9 years agoFix typo
Paul Wise [Wed, 7 Jan 2015 06:09:14 +0000 (14:09 +0800)]
Fix typo

9 years agoEnforce SSL configuration using puppet, add dirs for debian and global CAs
Paul Wise [Wed, 31 Dec 2014 02:32:55 +0000 (10:32 +0800)]
Enforce SSL configuration using puppet, add dirs for debian and global CAs

9 years agoRemove any references to ahbl.org blocklists as they have shut down (re: RT#5684)
Peter Palfrader [Tue, 6 Jan 2015 20:20:04 +0000 (21:20 +0100)]
Remove any references to ahbl.org blocklists as they have shut down (re: RT#5684)

9 years agoFix typo
Paul Wise [Tue, 6 Jan 2015 16:52:49 +0000 (00:52 +0800)]
Fix typo

9 years agoSkip processes that no longer exist
Paul Wise [Tue, 6 Jan 2015 14:53:24 +0000 (22:53 +0800)]
Skip processes that no longer exist

9 years agocdn.debian.net has been deprecated, replace it with http.debian.net
Paul Wise [Sat, 3 Jan 2015 03:46:06 +0000 (11:46 +0800)]
cdn.debian.net has been deprecated, replace it with http.debian.net

https://lists.debian.org/CAG2RKXMdBLL-vSFW6dEu4P0NwT7qqor3PxVQDu-mwrM1J-6opw@mail.gmail.com

9 years agoWork around service(8) not reloading syslog-ng correctly
Tollef Fog Heen [Fri, 2 Jan 2015 17:19:30 +0000 (18:19 +0100)]
Work around service(8) not reloading syslog-ng correctly

It seems systemd fails to mark syslog-ng as reloadable, which in turn
leads to invoke-rc.d failing.  Just call systemctl directly if we're
running systemd to work around this.

10 years agodd-schroot-cmd: Relax session name check
James McCoy [Wed, 31 Dec 2014 03:01:18 +0000 (22:01 -0500)]
dd-schroot-cmd: Relax session name check

As per schroot.conf(5):

  A  number  of characters or words are not permitted in a chroot name,
  session name or configuration filename.  The name may not contain a
  leading period (‘.’).  The characters ‘:’ (colon), ‘,’ (comma) and ‘/’
  (forward slash) are not permitted anywhere in the name.  The name may
  also not contain  a  trailing  tilde  (‘~’).

Relaxing the session name check in get_session_owner to better align
with schroot's actual restrictions reduces the chance that a user will
create a session yet be unable to manipulate it with dd-schroot-cmd.

Signed-off-by: James McCoy <jamessan@debian.org>
Signed-off-by: Paul Wise <pabs@debian.org>
10 years agorun ntp everywhere again
Martin Zobel-Helas [Sun, 28 Dec 2014 09:57:45 +0000 (09:57 +0000)]
run ntp everywhere again

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
10 years agoRevert "disable oyens for now"
Martin Zobel-Helas [Sat, 27 Dec 2014 15:05:58 +0000 (15:05 +0000)]
Revert "disable oyens for now"

This reverts commit 57a38b9f3f9858c0619de09d7b3d01e86c599f9c.

10 years agodisable oyens for now
Martin Zobel-Helas [Tue, 23 Dec 2014 22:21:10 +0000 (22:21 +0000)]
disable oyens for now

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
10 years agoFix apache2/jessie conf-enabled symlinks
Peter Palfrader [Tue, 23 Dec 2014 12:19:19 +0000 (12:19 +0000)]
Fix apache2/jessie conf-enabled symlinks

10 years agoFirst attempt at making apache conf stuff work on jessie
Peter Palfrader [Tue, 23 Dec 2014 12:11:16 +0000 (13:11 +0100)]
First attempt at making apache conf stuff work on jessie

10 years agoUpdate security.conf to version from jessie, but keep ServerTokens at ProductOnly
Peter Palfrader [Tue, 23 Dec 2014 12:07:04 +0000 (13:07 +0100)]
Update security.conf to version from jessie, but keep ServerTokens at ProductOnly

10 years agos/search-/cgi-/
Peter Palfrader [Tue, 23 Dec 2014 09:26:45 +0000 (10:26 +0100)]
s/search-/cgi-/

10 years agoAdd stunnel for search
Peter Palfrader [Tue, 23 Dec 2014 09:13:24 +0000 (10:13 +0100)]
Add stunnel for search

10 years agoautofs: ensure nfsv4 module is loaded
Héctor Orón Martínez [Mon, 22 Dec 2014 11:21:56 +0000 (12:21 +0100)]
autofs: ensure nfsv4 module is loaded

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
10 years agostable may run ntp again
Peter Palfrader [Sat, 20 Dec 2014 20:45:00 +0000 (21:45 +0100)]
stable may run ntp again

10 years agoUpdate leap-seconds.list. Not that any new ones have been added.
Peter Palfrader [Sat, 20 Dec 2014 20:43:33 +0000 (21:43 +0100)]
Update leap-seconds.list.  Not that any new ones have been added.

10 years agoAnd another loghost-grnet-01 fix
Peter Palfrader [Sat, 20 Dec 2014 17:07:39 +0000 (18:07 +0100)]
And another loghost-grnet-01 fix

10 years agoNew cert for db
Peter Palfrader [Sat, 20 Dec 2014 15:51:20 +0000 (16:51 +0100)]
New cert for db

10 years agoNew cert for piuparts
Peter Palfrader [Sat, 20 Dec 2014 13:58:19 +0000 (14:58 +0100)]
New cert for piuparts

10 years agoNew cert for packages
Peter Palfrader [Sat, 20 Dec 2014 13:57:47 +0000 (14:57 +0100)]
New cert for packages

10 years agoNew cert for bugs-master
Peter Palfrader [Sat, 20 Dec 2014 13:56:52 +0000 (14:56 +0100)]
New cert for bugs-master

10 years agoNew cert for rtc
Peter Palfrader [Sat, 20 Dec 2014 13:56:26 +0000 (14:56 +0100)]
New cert for rtc

10 years agoNew cert for sip-ws
Peter Palfrader [Sat, 20 Dec 2014 13:55:55 +0000 (14:55 +0100)]
New cert for sip-ws

10 years agoNew cert for bugs
Peter Palfrader [Sat, 20 Dec 2014 13:55:17 +0000 (14:55 +0100)]
New cert for bugs

10 years agoDo not run ntpd for now
Peter Palfrader [Sat, 20 Dec 2014 13:30:48 +0000 (13:30 +0000)]
Do not run ntpd for now

10 years agonew vote cert
Peter Palfrader [Wed, 17 Dec 2014 15:59:21 +0000 (16:59 +0100)]
new vote cert

10 years agonew release cert
Peter Palfrader [Wed, 17 Dec 2014 15:57:34 +0000 (16:57 +0100)]
new release cert

10 years agonew nagios cert
Peter Palfrader [Wed, 17 Dec 2014 15:56:42 +0000 (16:56 +0100)]
new nagios cert

10 years agonew munin cert
Peter Palfrader [Wed, 17 Dec 2014 15:55:54 +0000 (16:55 +0100)]
new munin cert

10 years agonew ftp-master cert
Peter Palfrader [Wed, 17 Dec 2014 15:55:21 +0000 (16:55 +0100)]
new ftp-master cert

10 years agonew www cert
Peter Palfrader [Wed, 17 Dec 2014 15:42:08 +0000 (16:42 +0100)]
new www cert

10 years agonew dsa cert
Peter Palfrader [Wed, 17 Dec 2014 15:41:30 +0000 (16:41 +0100)]
new dsa cert

10 years agonew contributors cert
Peter Palfrader [Wed, 17 Dec 2014 14:50:02 +0000 (15:50 +0100)]
new contributors cert

10 years agonew sso cert
Peter Palfrader [Wed, 17 Dec 2014 14:48:52 +0000 (15:48 +0100)]
new sso cert

10 years agonew security-tracker cert
Peter Palfrader [Wed, 17 Dec 2014 14:48:28 +0000 (15:48 +0100)]
new security-tracker cert

10 years agonew rt cert
Peter Palfrader [Wed, 17 Dec 2014 14:47:53 +0000 (15:47 +0100)]
new rt cert

10 years agonew nm cert
Peter Palfrader [Wed, 17 Dec 2014 14:47:14 +0000 (15:47 +0100)]
new nm cert

10 years agoUpdate buildd CA TA to new gandi cert for jessie hosts
Peter Palfrader [Wed, 17 Dec 2014 09:26:23 +0000 (10:26 +0100)]
Update buildd CA TA to new gandi cert for jessie hosts

10 years agoRemove unneeded variable
Peter Palfrader [Wed, 17 Dec 2014 09:25:39 +0000 (10:25 +0100)]
Remove unneeded variable

10 years agonew buildd cert
Peter Palfrader [Tue, 16 Dec 2014 13:57:53 +0000 (14:57 +0100)]
new buildd cert

10 years agonew lists cert
Peter Palfrader [Tue, 16 Dec 2014 13:33:11 +0000 (14:33 +0100)]
new lists cert

10 years agonew udd cert
Peter Palfrader [Tue, 16 Dec 2014 13:31:11 +0000 (14:31 +0100)]
new udd cert

10 years agonew udd cert
Peter Palfrader [Tue, 16 Dec 2014 13:14:11 +0000 (14:14 +0100)]
new udd cert

10 years agonagios needs to be able to run systemctl as root otherwise dbus is needed
Paul Wise [Mon, 15 Dec 2014 22:46:45 +0000 (06:46 +0800)]
nagios needs to be able to run systemctl as root otherwise dbus is needed

10 years agoand different names for v6 rules
Martin Zobel-Helas [Sat, 13 Dec 2014 10:26:36 +0000 (11:26 +0100)]
and different names for v6 rules

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
10 years agoadd IPv6 range (second try)
Martin Zobel-Helas [Sat, 13 Dec 2014 10:24:42 +0000 (11:24 +0100)]
add IPv6 range (second try)

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
10 years agoRevert "add IPv6 range"
Martin Zobel-Helas [Sat, 13 Dec 2014 10:18:06 +0000 (11:18 +0100)]
Revert "add IPv6 range"

This reverts commit fc978e2bb512bf85d82d054d6086b926a3769bd5.

10 years agoadd IPv6 range
Martin Zobel-Helas [Sat, 13 Dec 2014 10:14:47 +0000 (11:14 +0100)]
add IPv6 range

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
10 years agoUse ruby1.9.1 to avoid ruby1.8 + puppetd segfaults on ball
Paul Wise [Thu, 11 Dec 2014 03:54:10 +0000 (11:54 +0800)]
Use ruby1.9.1 to avoid ruby1.8 + puppetd segfaults on ball

More info: https://lists.debian.org/1418271834.28231.36.camel@debian.org

10 years agoBetter with a newline
Peter Palfrader [Wed, 10 Dec 2014 19:54:28 +0000 (20:54 +0100)]
Better with a newline

10 years agoAdd /etc/schroot/buildd/config with CHROOT_FILE_UNPACK_DIR=/srv/buildd/unpack if...
Peter Palfrader [Wed, 10 Dec 2014 19:52:53 +0000 (20:52 +0100)]
Add /etc/schroot/buildd/config with CHROOT_FILE_UNPACK_DIR=/srv/buildd/unpack if /srv/buildd exists

10 years agoenable ud-replicated.service
Peter Palfrader [Tue, 9 Dec 2014 21:11:33 +0000 (22:11 +0100)]
enable ud-replicated.service

10 years agoFix regex in bacula-backup-dirs
Peter Palfrader [Tue, 9 Dec 2014 20:47:56 +0000 (21:47 +0100)]
Fix regex in bacula-backup-dirs

10 years agoAdd minkus
Peter Palfrader [Tue, 9 Dec 2014 18:17:00 +0000 (19:17 +0100)]
Add minkus

10 years agoFix several dedication lines (format violations)
Peter Palfrader [Tue, 9 Dec 2014 18:16:16 +0000 (19:16 +0100)]
Fix several dedication lines (format violations)

10 years agoMake sure geoip-database is installed on geo nameservers
Peter Palfrader [Sun, 7 Dec 2014 18:43:33 +0000 (19:43 +0100)]
Make sure geoip-database is installed on geo nameservers

10 years agoferm: allow debsources access
Héctor Orón Martínez [Sun, 7 Dec 2014 17:10:41 +0000 (18:10 +0100)]
ferm: allow debsources access

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
10 years agoMake setup-buildd not fail when there is nothing wrong
Peter Palfrader [Sun, 7 Dec 2014 16:46:53 +0000 (17:46 +0100)]
Make setup-buildd not fail when there is nothing wrong

10 years agoautofs: add bm sor
Héctor Orón Martínez [Sun, 7 Dec 2014 16:10:42 +0000 (17:10 +0100)]
autofs: add bm sor

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
10 years agoStop using always-broken http.debian.net
Peter Palfrader [Sun, 7 Dec 2014 10:02:28 +0000 (11:02 +0100)]
Stop using always-broken http.debian.net

10 years agofix variable use
Peter Palfrader [Sun, 7 Dec 2014 09:43:23 +0000 (10:43 +0100)]
fix variable use

10 years agoEnable ssh_host_ed25519_key if it exists
Peter Palfrader [Sun, 7 Dec 2014 09:41:51 +0000 (10:41 +0100)]
Enable ssh_host_ed25519_key if it exists

10 years agoMove ServerKeyBits to 1024, the new default in jessie - this only affects version...
Peter Palfrader [Sun, 7 Dec 2014 09:41:36 +0000 (10:41 +0100)]
Move ServerKeyBits to 1024, the new default in jessie - this only affects version 1 anyhow, but still

10 years agoremove unnecessary (and broken) onlyif
Peter Palfrader [Sun, 7 Dec 2014 09:35:27 +0000 (10:35 +0100)]
remove unnecessary (and broken) onlyif

10 years agoCreate ssh ed25519 hostkeys on jessie
Peter Palfrader [Sun, 7 Dec 2014 09:33:53 +0000 (10:33 +0100)]
Create ssh ed25519 hostkeys on jessie

10 years agoAdd Sakura Internet to the list of hosters
Paul Wise [Sun, 7 Dec 2014 05:42:55 +0000 (13:42 +0800)]
Add Sakura Internet to the list of hosters

10 years agodebian-org: new host dedication - sor.d.o (debsources)
Héctor Orón Martínez [Sat, 6 Dec 2014 01:39:24 +0000 (02:39 +0100)]
debian-org: new host dedication - sor.d.o (debsources)

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
10 years agomultipath: add sor and sor-lvm (debsources service)
Héctor Orón Martínez [Sat, 6 Dec 2014 00:48:38 +0000 (01:48 +0100)]
multipath: add sor and sor-lvm (debsources service)

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
10 years agoAdd our own syslog-ng service file for now
Peter Palfrader [Fri, 5 Dec 2014 21:57:36 +0000 (22:57 +0100)]
Add our own syslog-ng service file for now

10 years agoActuall add a ud-replicated service file
Peter Palfrader [Fri, 5 Dec 2014 21:55:18 +0000 (21:55 +0000)]
Actuall add a ud-replicated service file

10 years agoAdd a ud-replicated service file
Peter Palfrader [Fri, 5 Dec 2014 21:45:54 +0000 (21:45 +0000)]
Add a ud-replicated service file

10 years agoChange factor to one that puppet likes better
Peter Palfrader [Fri, 5 Dec 2014 21:45:44 +0000 (21:45 +0000)]
Change factor to one that puppet likes better

10 years agoAdd systemd factoid
Peter Palfrader [Fri, 5 Dec 2014 21:33:17 +0000 (22:33 +0100)]
Add systemd factoid

10 years agoOn new buildds, re-create schroots weekly
Peter Palfrader [Fri, 5 Dec 2014 18:18:49 +0000 (19:18 +0100)]
On new buildds, re-create schroots weekly

10 years agofix var name
Peter Palfrader [Fri, 5 Dec 2014 18:16:16 +0000 (19:16 +0100)]
fix var name

10 years agoonly include /srv/build-trees in fstab if it exists
Peter Palfrader [Fri, 5 Dec 2014 18:15:03 +0000 (19:15 +0100)]
only include /srv/build-trees in fstab if it exists

10 years agoAdd paths facter
Peter Palfrader [Fri, 5 Dec 2014 18:04:15 +0000 (19:04 +0100)]
Add paths facter

10 years agoMove setup-* from porterbox to schroot module
Peter Palfrader [Fri, 5 Dec 2014 17:59:10 +0000 (18:59 +0100)]
Move setup-* from porterbox to schroot module

10 years agoFurther setup-dchroot tweaks
Peter Palfrader [Fri, 5 Dec 2014 17:58:18 +0000 (18:58 +0100)]
Further setup-dchroot tweaks

10 years agoIgnore some schroot files
Peter Palfrader [Fri, 5 Dec 2014 15:40:07 +0000 (16:40 +0100)]
Ignore some schroot files

10 years agojessie has backports
Peter Palfrader [Thu, 4 Dec 2014 21:10:50 +0000 (22:10 +0100)]
jessie has backports

10 years agoDo not savelog with -d
Peter Palfrader [Thu, 4 Dec 2014 21:09:08 +0000 (22:09 +0100)]
Do not savelog with -d

10 years agoAlso load 99porterbox-extra-apt-options and 99porterbox-extra-sources with profile...
Peter Palfrader [Thu, 4 Dec 2014 21:06:04 +0000 (22:06 +0100)]
Also load 99porterbox-extra-apt-options and 99porterbox-extra-sources with profile buildd-dsa