Héctor Orón Martínez [Sun, 12 Aug 2018 16:03:35 +0000 (18:03 +0200)]
porterbox: install dgit. rt#7366
Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
Julien Cristau [Tue, 7 Aug 2018 08:44:49 +0000 (10:44 +0200)]
Don't manage salsa's /run/redis
Permissions conflicts with the package's
/usr/lib/tmpfiles.d/redis-server.conf so we keep changing them and
restarting the service needlessly.
Peter Palfrader [Tue, 7 Aug 2018 08:18:02 +0000 (10:18 +0200)]
all our hosts still want stretch::network_online though
Peter Palfrader [Tue, 7 Aug 2018 08:17:05 +0000 (10:17 +0200)]
bacula-fd: se ipv6 address from ldap since DNS during boot is icky
Peter Palfrader [Tue, 7 Aug 2018 08:12:31 +0000 (10:12 +0200)]
get our ipv[46] ldap addresses
Peter Palfrader [Tue, 7 Aug 2018 07:35:08 +0000 (09:35 +0200)]
bacula-fd: wait for unbound also
Julien Cristau [Tue, 7 Aug 2018 07:11:57 +0000 (09:11 +0200)]
Revert "allow access to pg on vittoria for dc18"
This reverts commit
21edc51f3c8a84ec014b0f0bffc8ebd972b6b2f2.
Julien Cristau [Tue, 7 Aug 2018 07:11:53 +0000 (09:11 +0200)]
Revert "RT#7368: add additional IP"
This reverts commit
e764ff0ec7eaccac713c15cb4c3fb284649b850b.
Peter Palfrader [Tue, 7 Aug 2018 07:03:15 +0000 (09:03 +0200)]
wait until after network-online.target for bacula-fd
Julien Cristau [Mon, 6 Aug 2018 16:27:22 +0000 (18:27 +0200)]
Decommission powerpc-osuosl-01
Julien Cristau [Mon, 6 Aug 2018 16:03:50 +0000 (18:03 +0200)]
Decommission powerpc-unicamp-01
Luca Filipozzi [Mon, 6 Aug 2018 07:48:00 +0000 (00:48 -0700)]
add 'do not modify' headers
Signed-off-by: Luca Filipozzi <luca.filipozzi@gmail.com>
Luca Filipozzi [Mon, 6 Aug 2018 07:20:52 +0000 (00:20 -0700)]
action RT#7389 - debconf19.debconf.org setup
Signed-off-by: Luca Filipozzi <luca.filipozzi@gmail.com>
Luca Filipozzi [Fri, 3 Aug 2018 15:23:44 +0000 (15:23 +0000)]
action RT#7389 - debconf19.debconf.org setup
Signed-off-by: Luca Filipozzi <lfilipoz@emyr.net>
Luca Filipozzi [Fri, 3 Aug 2018 10:22:24 +0000 (10:22 +0000)]
complete RT#7389
Signed-off-by: Luca Filipozzi <lfilipoz@emyr.net>
Luca Filipozzi [Fri, 3 Aug 2018 10:07:14 +0000 (10:07 +0000)]
re-add vhost after x509 certificate issuance
Signed-off-by: Luca Filipozzi <lfilipoz@emyr.net>
Luca Filipozzi [Fri, 3 Aug 2018 09:43:22 +0000 (09:43 +0000)]
revert vhost until x509 cert deployed
Signed-off-by: Luca Filipozzi <lfilipoz@emyr.net>
Luca Filipozzi [Fri, 3 Aug 2018 09:36:00 +0000 (09:36 +0000)]
action RT#7389 - debconf19.debconf.org setup
Signed-off-by: Luca Filipozzi <lfilipoz@emyr.net>
Peter Palfrader [Fri, 3 Aug 2018 07:59:54 +0000 (09:59 +0200)]
bacula-sd: listen on ipv6
Peter Palfrader [Fri, 3 Aug 2018 07:56:57 +0000 (09:56 +0200)]
allow ipv6 connections to all clients from the bacula director
Peter Palfrader [Fri, 3 Aug 2018 07:56:39 +0000 (09:56 +0200)]
bacula-ferm: we do not need to explicitly allow connections from localhost
Peter Palfrader [Fri, 3 Aug 2018 07:53:12 +0000 (09:53 +0200)]
whitespace fix
Peter Palfrader [Fri, 3 Aug 2018 07:53:05 +0000 (09:53 +0200)]
bacula: reorder a statement (should cause no effective change)
Peter Palfrader [Tue, 31 Jul 2018 11:15:05 +0000 (13:15 +0200)]
add Forwarded-For header
Peter Palfrader [Tue, 31 Jul 2018 11:14:51 +0000 (13:14 +0200)]
whitespace fixup
Peter Palfrader [Tue, 31 Jul 2018 08:30:10 +0000 (10:30 +0200)]
add a ,
Peter Palfrader [Tue, 31 Jul 2018 08:27:18 +0000 (10:27 +0200)]
bacula-fd: listen on both ipv4 and ipv6
Peter Palfrader [Tue, 31 Jul 2018 08:22:15 +0000 (10:22 +0200)]
Add has_v[46]_ldap key to nodeinfo['misc'] to say whether we have a v[46] address in ldap
Peter Palfrader [Tue, 31 Jul 2018 08:21:18 +0000 (10:21 +0200)]
retire old cleanup job for ip6_ munin plugins
Peter Palfrader [Tue, 31 Jul 2018 08:19:37 +0000 (10:19 +0200)]
Make sure nodeinfo['misc']['v[46]addrs'] always exists, possibly empty.
Peter Palfrader [Tue, 31 Jul 2018 08:10:59 +0000 (10:10 +0200)]
ferm/munin: use already split v[46]addrs for munin addresses
Julien Cristau [Tue, 31 Jul 2018 06:34:54 +0000 (08:34 +0200)]
Fix metadata-backend.ftp-master.d.o redirects
Peter Palfrader [Tue, 31 Jul 2018 06:04:18 +0000 (08:04 +0200)]
dsa-bacula-scheduler: one more backup slot
Julien Cristau [Tue, 31 Jul 2018 05:34:50 +0000 (07:34 +0200)]
Make metadata-backend.ftp-master hopefully work
Julien Cristau [Tue, 31 Jul 2018 05:22:48 +0000 (07:22 +0200)]
Make metadata-backend its own vhost and move ssl setup there
Julien Cristau [Tue, 31 Jul 2018 05:10:48 +0000 (07:10 +0200)]
Add metadata-backend.ftp-master.d.o
Julien Cristau [Tue, 31 Jul 2018 04:39:58 +0000 (06:39 +0200)]
Add ssl to metadata.ftp-master.d.o
Julien Cristau [Tue, 31 Jul 2018 04:45:48 +0000 (06:45 +0200)]
Revert "Add ssl to metadata.ftp-master.d.o"
I'll try again while actually shipping the key/cert.
This reverts commit
5fc26dc04d384d4d6fd687efc9c1b82cdbbb7602.
Julien Cristau [Tue, 31 Jul 2018 04:39:58 +0000 (06:39 +0200)]
Add ssl to metadata.ftp-master.d.o
Tollef Fog Heen [Tue, 31 Jul 2018 04:09:20 +0000 (06:09 +0200)]
Allow codesign on ftphosts to update metadata.ftp-debian.org
Martin Zobel-Helas [Sun, 29 Jul 2018 02:40:23 +0000 (04:40 +0200)]
RT#7368: add additional IP
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Julien Cristau [Fri, 27 Jul 2018 10:04:24 +0000 (12:04 +0200)]
allow access to pg on vittoria for dc18
RT#7368
Paul Wise [Wed, 25 Jul 2018 06:31:11 +0000 (14:31 +0800)]
Redirect old DevRef filenames to the new names
Requested-by: Stuart Prescott <stuart@debian.org>
Mapping-by: Stuart Prescott <stuart@debian.org>
Peter Palfrader [Wed, 25 Jul 2018 04:50:46 +0000 (06:50 +0200)]
Also make setting timezone work on debian 9 (stretch)
Paul Wise [Wed, 25 Jul 2018 03:40:15 +0000 (11:40 +0800)]
Do not install the redirect vhosts on www-staging.d.o
Paul Wise [Wed, 25 Jul 2018 03:33:14 +0000 (11:33 +0800)]
Set vhost_listen variables required by apache-debian.org template
Fixes: commit
e9c182207bf901dd7689986fc02e5c4e24c4553a
Paul Wise [Wed, 25 Jul 2018 03:26:34 +0000 (11:26 +0800)]
Add www-staging vhost
It was broken when the website moved to the static.d.o CDN
Paul Wise [Wed, 25 Jul 2018 02:00:06 +0000 (10:00 +0800)]
Debian Policy is moving back to multi-page version, revert redirects
Partially reverts commit
da0b9ba9ce08cd6040aa84513d9f80b611ed8584
Peter Palfrader [Mon, 23 Jul 2018 16:09:27 +0000 (18:09 +0200)]
onionbalance requires a restart whenever tor is retarted
This change causes onionbalance to get restarted when tor does,
and so onion services don't got stale.
Nicolas Dandrimont [Mon, 23 Jul 2018 14:30:19 +0000 (22:30 +0800)]
Pass the Authorization header through to the WSGI app for the DebConf websites
Peter Palfrader [Sun, 22 Jul 2018 11:01:44 +0000 (13:01 +0200)]
allow snapshot to reload apache2
Martin Zobel-Helas [Fri, 20 Jul 2018 15:37:41 +0000 (17:37 +0200)]
add archive-debian.org to spec/octocatalog/init-system
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 20 Jul 2018 15:31:57 +0000 (17:31 +0200)]
add registry.salsa.debian.org to spec/octocatalog/init-system
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 20 Jul 2018 15:19:40 +0000 (17:19 +0200)]
add /etc/ssh/ssh_known_hosts to octocatalog/init-system
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 20 Jul 2018 15:11:00 +0000 (17:11 +0200)]
install rugged build dependencies in .gitlab-ci.yml
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 20 Jul 2018 14:09:24 +0000 (16:09 +0200)]
Add facts for sibelius.debian.org to octocatalog
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Julien Cristau [Wed, 18 Jul 2018 09:36:46 +0000 (11:36 +0200)]
Add sallinen to blacklist_acpi_power_meter list
Peter Palfrader [Tue, 17 Jul 2018 15:34:34 +0000 (17:34 +0200)]
We only have puppets >= 3.0 now
Peter Palfrader [Tue, 17 Jul 2018 15:34:08 +0000 (17:34 +0200)]
run puppet every 1.5 hrs instead of every 2
Julien Cristau [Tue, 17 Jul 2018 13:10:35 +0000 (15:10 +0200)]
Remove wheezy-supporting cruft
We're no longer running any wheezy hosts.
Peter Palfrader [Tue, 17 Jul 2018 05:47:23 +0000 (07:47 +0200)]
fix apache version
Peter Palfrader [Tue, 17 Jul 2018 05:46:48 +0000 (07:46 +0200)]
our cipher suite is still the one recommended by mozilla
Peter Palfrader [Mon, 16 Jul 2018 15:14:04 +0000 (17:14 +0200)]
retire smetana
Peter Palfrader [Sun, 15 Jul 2018 08:58:47 +0000 (10:58 +0200)]
Apparently, no quoting
Peter Palfrader [Sun, 15 Jul 2018 08:56:30 +0000 (10:56 +0200)]
and use template after setting var
Peter Palfrader [Sun, 15 Jul 2018 08:55:13 +0000 (10:55 +0200)]
fix template
Peter Palfrader [Sun, 15 Jul 2018 08:54:26 +0000 (10:54 +0200)]
Use update-ca-certificates to update ca-global on stretch and later
Peter Palfrader [Sat, 14 Jul 2018 17:54:31 +0000 (19:54 +0200)]
Give us longer to notice degraded boot
Peter Palfrader [Sat, 14 Jul 2018 13:00:33 +0000 (15:00 +0200)]
only run /usr/local/sbin/update-ca-certificates-dsa if it exists
Tollef Fog Heen [Fri, 13 Jul 2018 20:25:50 +0000 (22:25 +0200)]
Allow debadmin to sudo to codesign
Julien Cristau [Mon, 9 Jul 2018 18:06:59 +0000 (20:06 +0200)]
Make salsa.d.o the default ssl vhost on godard so lame clients can get to it
Apparently bzr still doesn't do SNI
(https://salsa.debian.org/salsa/support/issues/90)
Julien Cristau [Sun, 8 Jul 2018 10:39:29 +0000 (12:39 +0200)]
Comment out rate-limiting of https traffic on security-tracker
Julien Cristau [Sat, 7 Jul 2018 12:34:22 +0000 (14:34 +0200)]
Increase https bandwidth for security-tracker
Julien Cristau [Sat, 7 Jul 2018 08:00:59 +0000 (10:00 +0200)]
Keep things cached for at least 10min
Julien Cristau [Sat, 7 Jul 2018 07:47:11 +0000 (09:47 +0200)]
Fix apache module name
Julien Cristau [Sat, 7 Jul 2018 07:10:54 +0000 (09:10 +0200)]
Use mod_cache_disk on security-tracker
Julien Cristau [Fri, 6 Jul 2018 13:10:28 +0000 (15:10 +0200)]
Fix typo in comment
Peter Palfrader [Fri, 6 Jul 2018 09:38:38 +0000 (11:38 +0200)]
drop things from 66.170.99.[12]
Peter Palfrader [Fri, 6 Jul 2018 09:33:19 +0000 (11:33 +0200)]
fix rule
Peter Palfrader [Fri, 6 Jul 2018 09:28:35 +0000 (11:28 +0200)]
disable deflate on security-tracker. we are cpu bound
Peter Palfrader [Fri, 6 Jul 2018 09:21:18 +0000 (11:21 +0200)]
do some basic traffic shaping on soriano
Peter Palfrader [Fri, 6 Jul 2018 08:56:22 +0000 (10:56 +0200)]
enable expires module for security-tracker
Peter Palfrader [Fri, 6 Jul 2018 08:53:32 +0000 (10:53 +0200)]
move apache config for security-tracker.debian.org.conf to puppet
Julien Cristau [Thu, 5 Jul 2018 12:41:38 +0000 (14:41 +0200)]
Kill planet.debian.net (RT#7019)
Julien Cristau [Thu, 5 Jul 2018 12:10:21 +0000 (14:10 +0200)]
The git user's sudo entries should be NOPASSWD (RT#7316)
Peter Palfrader [Thu, 5 Jul 2018 11:22:46 +0000 (13:22 +0200)]
fix rule name
Peter Palfrader [Thu, 5 Jul 2018 11:09:42 +0000 (13:09 +0200)]
snapshot - drop traffic from 61.69.254.110
Julien Cristau [Thu, 5 Jul 2018 11:11:46 +0000 (13:11 +0200)]
Also give the git user sudo access to salsa-* on godard (RT#7316)
Julien Cristau [Thu, 5 Jul 2018 10:31:21 +0000 (12:31 +0200)]
More users for salsa (RT#7316)
Julien Cristau [Thu, 5 Jul 2018 10:02:37 +0000 (12:02 +0200)]
Add registry.salsa.debian.org vhost config (RT#7316)
Julien Cristau [Fri, 29 Jun 2018 14:43:57 +0000 (16:43 +0200)]
unicamp renumbering
Peter Palfrader [Sun, 24 Jun 2018 21:22:47 +0000 (23:22 +0200)]
remove parth, re: RT#7334
Aurelien Jarno [Sun, 24 Jun 2018 21:15:05 +0000 (23:15 +0200)]
setup-all-dchroots: wheezy is gone, jessie is limited to LTS architectures
Julien Cristau [Thu, 21 Jun 2018 06:44:44 +0000 (08:44 +0200)]
get arm-arm-01 out of broken_rtc set
HW's been replaced
Peter Palfrader [Tue, 19 Jun 2018 15:19:20 +0000 (17:19 +0200)]
Install ganeti-reboot-cluster
Julien Cristau [Mon, 18 Jun 2018 18:45:45 +0000 (20:45 +0200)]
Update my home ip ranges yet again
Peter Palfrader [Thu, 7 Jun 2018 19:43:34 +0000 (21:43 +0200)]
set Expires to 1 week also for .gz files
Julien Cristau [Fri, 1 Jun 2018 19:13:26 +0000 (21:13 +0200)]
Enable HTTP/2 on sources.d.o
Peter Palfrader [Fri, 1 Jun 2018 18:24:15 +0000 (20:24 +0200)]
http rate limiting for dynamic hosts also on v6
Peter Palfrader [Fri, 1 Jun 2018 18:12:06 +0000 (20:12 +0200)]
snapshot: allow 6 requests per minute even to clients that we think are excessive
projects / mirror / dsa-puppet.git / log