Julien Cristau [Tue, 24 Sep 2019 10:16:10 +0000 (12:16 +0200)]
Fix typo
Julien Cristau [Tue, 24 Sep 2019 10:12:24 +0000 (12:12 +0200)]
move sshd extra ports to class params instead of hardcoded in the template
Aurelien Jarno [Tue, 24 Sep 2019 09:55:44 +0000 (11:55 +0200)]
Move historical mirror from klecker to new-klecker
Julien Cristau [Tue, 24 Sep 2019 09:54:04 +0000 (11:54 +0200)]
Pull in people.d.o apache config
Peter Palfrader [Tue, 24 Sep 2019 09:44:14 +0000 (11:44 +0200)]
Stop doing catalog backups
The bacula catalog backup job is this special snowflake that's unlike
all the other jobs. It only backups one file,
/var/lib/bacula/bacula.sql.gz, that gets created in a RunBeforeJob
and deleted in a RunAfterJob.
We already have a well-thought out and more generic method to backup
databases, and we should use just that.
The RunBefore/After setup makes sense as a default when you don't have
that, but we do.
Peter Palfrader [Tue, 24 Sep 2019 09:31:07 +0000 (11:31 +0200)]
better shell syntax
Peter Palfrader [Tue, 24 Sep 2019 09:10:39 +0000 (11:10 +0200)]
postgres-make-base-backups: resist running as root
Peter Palfrader [Tue, 24 Sep 2019 09:05:15 +0000 (11:05 +0200)]
backup bacula from postgresql-manda-01
Peter Palfrader [Tue, 24 Sep 2019 08:32:20 +0000 (10:32 +0200)]
Fix fd-to-storage tag
Peter Palfrader [Tue, 24 Sep 2019 08:12:59 +0000 (10:12 +0200)]
Drop old WeeklyCycle, rename the daily WeeklyCycleAfterBackup schedule to CatalogSchedule
Peter Palfrader [Tue, 24 Sep 2019 08:12:22 +0000 (10:12 +0200)]
remove some commented out, dead code
Peter Palfrader [Tue, 24 Sep 2019 08:00:01 +0000 (10:00 +0200)]
Enclose variable names in {}
Peter Palfrader [Tue, 24 Sep 2019 07:59:32 +0000 (09:59 +0200)]
And retire old bacula_client_port param in node
Peter Palfrader [Tue, 24 Sep 2019 07:57:09 +0000 (09:57 +0200)]
Set bacula_client_port during the transition
Peter Palfrader [Tue, 24 Sep 2019 07:54:45 +0000 (09:54 +0200)]
Try to move bacula fd port config to the client class
Peter Palfrader [Tue, 24 Sep 2019 07:10:15 +0000 (09:10 +0200)]
Make bacula-idle-restart not be a template anymore. We can just pass all the relevant things on the command line
Julien Cristau [Tue, 24 Sep 2019 07:03:27 +0000 (09:03 +0200)]
paradis at ubc
Peter Palfrader [Tue, 24 Sep 2019 06:46:46 +0000 (08:46 +0200)]
spacing
Peter Palfrader [Tue, 24 Sep 2019 06:43:24 +0000 (08:43 +0200)]
fix quoting
Peter Palfrader [Tue, 24 Sep 2019 06:42:07 +0000 (08:42 +0200)]
And also make database name, user, and ssl ca path parameters
Peter Palfrader [Tue, 24 Sep 2019 06:36:00 +0000 (08:36 +0200)]
spacing nitpick
Peter Palfrader [Tue, 24 Sep 2019 06:34:39 +0000 (08:34 +0200)]
Make bacula DB a parameter and template variable again
Peter Palfrader [Tue, 24 Sep 2019 06:24:48 +0000 (08:24 +0200)]
remove obsolete comment
Peter Palfrader [Tue, 24 Sep 2019 06:22:02 +0000 (08:22 +0200)]
limit -sd access to bacula clients and the director
Peter Palfrader [Tue, 24 Sep 2019 06:15:37 +0000 (08:15 +0200)]
Qualify tags with director name. Maybe we will support more than one in the future
Peter Palfrader [Tue, 24 Sep 2019 06:10:33 +0000 (08:10 +0200)]
Switch bacula director->storage firewalling to store/collect
Peter Palfrader [Tue, 24 Sep 2019 06:07:02 +0000 (08:07 +0200)]
add a trailing , for form
Julien Cristau [Tue, 24 Sep 2019 06:10:31 +0000 (08:10 +0200)]
add paradis volumes at ubc
Peter Palfrader [Tue, 24 Sep 2019 06:00:00 +0000 (08:00 +0200)]
Switch bacula director->client firewalling to store/collect
Peter Palfrader [Tue, 24 Sep 2019 05:58:59 +0000 (07:58 +0200)]
whitespace/quoting: modules/bacula/manifests/* (make lint happy)
Aurelien Jarno [Mon, 23 Sep 2019 21:40:25 +0000 (23:40 +0200)]
prefix gideon volumes at bm with OLD-
Adam D. Barratt [Mon, 23 Sep 2019 20:20:00 +0000 (21:20 +0100)]
eximconf.erb: simplify bugs.d.o router
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Peter Palfrader [Mon, 23 Sep 2019 17:24:55 +0000 (19:24 +0200)]
director.pp: spacing changes
Julien Cristau [Mon, 23 Sep 2019 18:57:56 +0000 (20:57 +0200)]
stop procps messing with our protected_hardlinks setting on debian-cd hosts
Adam D. Barratt [Mon, 23 Sep 2019 18:43:38 +0000 (19:43 +0100)]
exim: update {two,three}-level-tlds from SURBL
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Mon, 23 Sep 2019 18:24:45 +0000 (19:24 +0100)]
exim: ship new {two,three}-level-tlds files for exim_surbl.pl
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Mon, 23 Sep 2019 18:21:16 +0000 (19:21 +0100)]
exim: update exim_surbl.pl to version 2.3
- re-add Puppet headers
- fix file paths to use Debian's /etc/exim4
- add new {two,three}-level-tlds files
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Peter Palfrader [Mon, 23 Sep 2019 17:00:28 +0000 (19:00 +0200)]
storage.pp: fix spacing
Peter Palfrader [Mon, 23 Sep 2019 16:58:22 +0000 (18:58 +0200)]
Drop explicit 5.153.231.125 and 5.153.231.126 from the bacula-sd firewall allow. If we still need them we should learn that this way
Peter Palfrader [Mon, 23 Sep 2019 16:56:43 +0000 (18:56 +0200)]
merge ipv4 and ipv6 rules to bacula-sd
Peter Palfrader [Mon, 23 Sep 2019 15:43:49 +0000 (17:43 +0200)]
rename jerea (bm) volumes to OLD-
Peter Palfrader [Mon, 23 Sep 2019 15:40:39 +0000 (17:40 +0200)]
there no longer is a system-service called jenkins; update sudoers
Peter Palfrader [Mon, 23 Sep 2019 15:38:39 +0000 (17:38 +0200)]
give the jenkins roles home directories
Peter Palfrader [Mon, 23 Sep 2019 15:36:12 +0000 (17:36 +0200)]
install jenkins metapackage
Peter Palfrader [Mon, 23 Sep 2019 15:23:52 +0000 (17:23 +0200)]
the jenins apache config needs rewrite
Peter Palfrader [Mon, 23 Sep 2019 15:22:34 +0000 (17:22 +0200)]
the jenins apache config needs authn_file
Peter Palfrader [Mon, 23 Sep 2019 15:19:09 +0000 (17:19 +0200)]
the jenins apache config needs auth_digest
Peter Palfrader [Mon, 23 Sep 2019 14:52:45 +0000 (16:52 +0200)]
Add jerea multipath devices
Julien Cristau [Mon, 23 Sep 2019 12:31:39 +0000 (14:31 +0200)]
delete /etc/logrotate.d/puppetdb
puppetdb seems to handle log rotation itself so let's not have two
conflicting mechanisms to do the same thing.
Julien Cristau [Mon, 23 Sep 2019 11:53:52 +0000 (13:53 +0200)]
Update bacula db location in bacula-dir config
Julien Cristau [Mon, 23 Sep 2019 11:50:37 +0000 (13:50 +0200)]
bacula cluster moved to postgresql-manda-01
Aurelien Jarno [Mon, 23 Sep 2019 11:06:51 +0000 (13:06 +0200)]
add tracker db @ danzi to backuppg
Peter Palfrader [Mon, 23 Sep 2019 07:24:21 +0000 (09:24 +0200)]
First attempt at a reboot script for the ubc arm cluster
Peter Palfrader [Mon, 23 Sep 2019 06:03:27 +0000 (08:03 +0200)]
No longer configure apache just because it is installed. Instead, fail if it is installed but not pulled in by puppet
Peter Palfrader [Mon, 23 Sep 2019 06:00:23 +0000 (08:00 +0200)]
lw08 runs the derivatives consensus
Aurelien Jarno [Sun, 22 Sep 2019 22:00:05 +0000 (00:00 +0200)]
Ditto for mirror-skroutz.debian.org
Aurelien Jarno [Sun, 22 Sep 2019 21:56:48 +0000 (23:56 +0200)]
Drop roles::debian_mirror::listen_addr for mirror-accumu
That way the ftp.debian.org vhost will listen on: < VirtualHost *:80 >
and will not hide other vhosts.
Peter Palfrader [Sun, 22 Sep 2019 21:36:37 +0000 (23:36 +0200)]
puppetmaster has an apache
Peter Palfrader [Sun, 22 Sep 2019 21:36:22 +0000 (23:36 +0200)]
whitespace change
Peter Palfrader [Sun, 22 Sep 2019 21:35:11 +0000 (23:35 +0200)]
ftpmaster has an apache
Peter Palfrader [Sun, 22 Sep 2019 21:34:36 +0000 (23:34 +0200)]
muninmaster has an apache
Peter Palfrader [Sun, 22 Sep 2019 21:33:59 +0000 (23:33 +0200)]
security_master has an apache
Peter Palfrader [Sun, 22 Sep 2019 21:32:55 +0000 (23:32 +0200)]
static_mirror_web includes apache
Aurelien Jarno [Sun, 22 Sep 2019 21:20:02 +0000 (23:20 +0200)]
update hardcoded ferm IPs
Peter Palfrader [Sun, 22 Sep 2019 21:19:53 +0000 (23:19 +0200)]
remove old mirror-health files in roles
Peter Palfrader [Sun, 22 Sep 2019 21:16:36 +0000 (23:16 +0200)]
security_mirror -> hiera role; part 2; also make security apache bind to the security specific addresses
Peter Palfrader [Sun, 22 Sep 2019 20:58:38 +0000 (22:58 +0200)]
security_mirror -> hiera role; part 1
Adam D. Barratt [Sun, 22 Sep 2019 19:45:31 +0000 (20:45 +0100)]
eximconf.erb: macroize maximum content scanning message size
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Aurelien Jarno [Sun, 22 Sep 2019 19:40:40 +0000 (21:40 +0200)]
prefix donizetti volumes with OLD-
Peter Palfrader [Sun, 22 Sep 2019 19:29:30 +0000 (21:29 +0200)]
whitespace change
Adam D. Barratt [Sun, 22 Sep 2019 19:25:00 +0000 (20:25 +0100)]
eximconf.erb: standardise on style of condition checks
From the Exim documentation:
"If both strings are omitted, the result is the string true if the
condition is true, and the empty string if the condition is false.
This makes it less cumbersome to write custom ACL and router
conditions."
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Peter Palfrader [Sun, 22 Sep 2019 19:23:12 +0000 (21:23 +0200)]
on farmsync target collect ssh keys with the right tag
Peter Palfrader [Sun, 22 Sep 2019 19:19:25 +0000 (21:19 +0200)]
avoid duplicate ssh keygen for snapshot
Peter Palfrader [Sun, 22 Sep 2019 19:18:12 +0000 (21:18 +0200)]
avoid duplicate ssh keygen for snapshot
Peter Palfrader [Sun, 22 Sep 2019 19:12:20 +0000 (21:12 +0200)]
Set up ssh between snapshot nodes
Peter Palfrader [Sun, 22 Sep 2019 19:11:00 +0000 (21:11 +0200)]
make lint happy
Peter Palfrader [Sun, 22 Sep 2019 19:00:53 +0000 (21:00 +0200)]
whitespace change
Peter Palfrader [Sun, 22 Sep 2019 18:59:57 +0000 (20:59 +0200)]
Put lw01,lw02,lw03,lw04,lw09,lw10 into a snapshot_base class and include that also from _web and _shell
Aurelien Jarno [Sun, 22 Sep 2019 19:05:55 +0000 (21:05 +0200)]
danzi: merge dsa-postgres2-danzi and dsa-postgres2-danzi6
Use a single rule for both. Also rename the rule and improve the
description to make it clear that it concerns the debconf cluster. Only
allow access from debussy instead of the whole subnet.
Aurelien Jarno [Sun, 22 Sep 2019 18:59:47 +0000 (20:59 +0200)]
danzi: merge dsa-postgres-danzi and dsa-postgres-danzi6
Use a single rule for both. Also rename the rule and improve the
description to make it clear that it concerns the main cluster. Drop the
old IP addresses of wuiet and the old UBC subnet. Ideally we should have
a least of host there, but that's already an improvement.
Aurelien Jarno [Sun, 22 Sep 2019 18:48:01 +0000 (20:48 +0200)]
Allow access to the tracker db @ danzi from ticharich
Aurelien Jarno [Sun, 22 Sep 2019 16:56:09 +0000 (18:56 +0200)]
donizetti is now at ubc
Peter Palfrader [Sun, 22 Sep 2019 18:53:33 +0000 (20:53 +0200)]
No longer allow nagios to recurse on our binds
Peter Palfrader [Sun, 22 Sep 2019 17:39:20 +0000 (19:39 +0200)]
nagiosmaster -> hiera role; bind acls still not converted
Adam D. Barratt [Sun, 22 Sep 2019 17:39:05 +0000 (18:39 +0100)]
eximconf.erb: typo fix ("seperate" -> "separate")
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sun, 22 Sep 2019 17:38:43 +0000 (18:38 +0100)]
eximconf.erb: consistently capitalise Exim and Debian
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sun, 22 Sep 2019 17:34:30 +0000 (18:34 +0100)]
eximconf.erb: fix typo ("usefull" -> "useful")
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sun, 22 Sep 2019 17:33:29 +0000 (18:33 +0100)]
eximconf.erb: fix address mentioned in postmaster@d.o check
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sun, 22 Sep 2019 17:32:44 +0000 (18:32 +0100)]
eximconf.erb: fix some typoes
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Peter Palfrader [Sun, 22 Sep 2019 17:32:28 +0000 (19:32 +0200)]
merge SSH_SOURCES and SSH_V6_SOURCES
Peter Palfrader [Sun, 22 Sep 2019 17:23:11 +0000 (19:23 +0200)]
Our (DSA) home networks do not need to access rabbitmq services
Adam D. Barratt [Sun, 22 Sep 2019 17:00:52 +0000 (18:00 +0100)]
eximconf: correct obsolete references to "/etc/exim"
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Adam D. Barratt [Sun, 22 Sep 2019 16:56:53 +0000 (17:56 +0100)]
Remove no longer required submission-domains override for busoni
busoni itself no longer exists and the bugs.d.o submission override
is now handled differently.
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Peter Palfrader [Sun, 22 Sep 2019 16:48:40 +0000 (18:48 +0200)]
Move archvsync ferm sshs from the input chain to the new ssh chain
Peter Palfrader [Sun, 22 Sep 2019 16:47:44 +0000 (18:47 +0200)]
Allow nagios to ssh to our hosts
Peter Palfrader [Sun, 22 Sep 2019 16:41:12 +0000 (18:41 +0200)]
avoid top-scope variable being used without an explicit namespace
Peter Palfrader [Sun, 22 Sep 2019 16:40:23 +0000 (18:40 +0200)]
whitespace change
Peter Palfrader [Sun, 22 Sep 2019 16:39:56 +0000 (18:39 +0200)]
Make an explicit iptables ssh chain
Aurelien Jarno [Sun, 22 Sep 2019 16:35:09 +0000 (18:35 +0200)]
add donizetti volumes at ubc
Aurelien Jarno [Sun, 22 Sep 2019 16:19:27 +0000 (18:19 +0200)]
prefix ticharich volumes with OLD-