dsa-puppet.git
4 years agoAllow gid videoteam to sudo to local user veyepar on vittoria
Peter Palfrader [Sat, 7 Nov 2015 10:34:48 +0000 (10:34 +0000)]
Allow gid videoteam to sudo to local user veyepar on vittoria

4 years agoAdd jessie-proposed-update repo for all Loongson 3 machines
Aurelien Jarno [Thu, 5 Nov 2015 21:51:02 +0000 (22:51 +0100)]
Add jessie-proposed-update repo for all Loongson 3 machines

So that we can install a fixed kernel wrt FPU.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
4 years agovariable assignment does not clone string...
Peter Palfrader [Thu, 5 Nov 2015 19:29:30 +0000 (20:29 +0100)]
variable assignment does not clone string...

4 years agoGive arrays another try
Peter Palfrader [Thu, 5 Nov 2015 19:27:06 +0000 (20:27 +0100)]
Give arrays another try

4 years agotry this
Peter Palfrader [Thu, 5 Nov 2015 19:23:57 +0000 (20:23 +0100)]
try this

4 years agouse ports in debug output
Peter Palfrader [Thu, 5 Nov 2015 19:21:40 +0000 (20:21 +0100)]
use ports in debug output

4 years agoArrays do not seem to work, use strings for now
Peter Palfrader [Thu, 5 Nov 2015 19:18:06 +0000 (20:18 +0100)]
Arrays do not seem to work, use strings for now

4 years agoWe do not want vogler to create a 443 TLSA for www
Peter Palfrader [Thu, 5 Nov 2015 19:09:25 +0000 (20:09 +0100)]
We do not want vogler to create a 443 TLSA for www

4 years agoFix stomping of certfile
Peter Palfrader [Thu, 5 Nov 2015 19:04:35 +0000 (20:04 +0100)]
Fix stomping of certfile

4 years agosome extra output
Peter Palfrader [Thu, 5 Nov 2015 18:59:36 +0000 (19:59 +0100)]
some extra output

4 years agomaybe TLSA records for XMPP stuff
Peter Palfrader [Thu, 5 Nov 2015 18:55:40 +0000 (19:55 +0100)]
maybe TLSA records for XMPP stuff

4 years agosupport multiple ports in gen tlsa
Peter Palfrader [Thu, 5 Nov 2015 18:54:43 +0000 (19:54 +0100)]
support multiple ports in gen tlsa

4 years agoNo need to make /etc/repro/www.debian.org-chained.crt and /etc/repro/sip-ws.debian...
Peter Palfrader [Thu, 5 Nov 2015 18:45:46 +0000 (19:45 +0100)]
No need to make /etc/repro/debian.org-chained.crt and /etc/repro/sip-ws.debian.org-chained.crt when they exist in /etc/ssl/debian/certs

4 years agogive debvoip sudo to service prosody
Peter Palfrader [Thu, 5 Nov 2015 18:22:36 +0000 (19:22 +0100)]
give debvoip sudo to service prosody

4 years agoFix cgit root title for dgit (RT#6034)
Peter Palfrader [Wed, 4 Nov 2015 14:55:25 +0000 (15:55 +0100)]
Fix cgit root title for dgit (RT#6034)

4 years agoAdd etler
Aurelien Jarno [Tue, 3 Nov 2015 14:55:52 +0000 (15:55 +0100)]
Add etler

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
4 years agoshorten chroot name for kFreeBSD
Christoph Egger [Sun, 1 Nov 2015 12:47:15 +0000 (13:47 +0100)]
shorten chroot name for kFreeBSD

Signed-off-by: Christoph Egger <christoph@debian.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
4 years agoRedirect www.d.o/support/ to /support since base-files used the wrong one.
Paul Wise [Wed, 28 Oct 2015 15:43:20 +0000 (23:43 +0800)]
Redirect d.o/support/ to /support since base-files used the wrong one.

See-also: #800791 #781809

4 years agoAdd debian.fi
Peter Palfrader [Tue, 27 Oct 2015 21:04:51 +0000 (22:04 +0100)]
Add debian.fi

4 years agoEnsure that rtc's monit configuration file is absent
Paul Wise [Fri, 23 Oct 2015 06:32:52 +0000 (14:32 +0800)]
Ensure that rtc's monit configuration file is absent

Signed-off-by: Paul Wise <pabs@debian.org>
4 years agoremove rtc's monit configuration file
Luca Filipozzi [Wed, 21 Oct 2015 08:28:00 +0000 (08:28 +0000)]
remove rtc's monit configuration file

4 years agoRevert "mirror.bytemark is quite slow at sanger. Use ukdebian.mirror.anlx.net instead"
Peter Palfrader [Mon, 19 Oct 2015 17:23:17 +0000 (19:23 +0200)]
Revert "mirror.bytemark is quite slow at sanger.  Use ukdebian.mirror.anlx.net instead"

This reverts commit 1aa04dffe7db9a40570c81fe996b3e93c42c5272.

4 years agoUse HTTPS in /etc/motd
Jakub Wilk [Sun, 18 Oct 2015 16:27:47 +0000 (18:27 +0200)]
Use HTTPS in /etc/motd

Signed-off-by: Peter Palfrader <peter@palfrader.org>
4 years agoOnly sync logs once per day since we are only transferring rotated logs
Paul Wise [Sun, 18 Oct 2015 15:52:54 +0000 (23:52 +0800)]
Only sync logs once per day since we are only transferring rotated logs

Signed-off-by: Paul Wise <pabs@debian.org>
4 years agoJust sync existing www.debian.org access logs instead of duplicating logs
Paul Wise [Sun, 18 Oct 2015 15:35:48 +0000 (23:35 +0800)]
Just sync existing debian.org access logs instead of duplicating logs

Signed-off-by: Paul Wise <pabs@debian.org>
4 years agoAlso log to a public access log for www.debian.org mirrors
Paul Wise [Sun, 18 Oct 2015 15:14:30 +0000 (23:14 +0800)]
Also log to a public access log for debian.org mirrors

Signed-off-by: Paul Wise <pabs@debian.org>
4 years agoSet the correct weblogs destination in the weblog provider cron job
Paul Wise [Sun, 18 Oct 2015 14:47:04 +0000 (22:47 +0800)]
Set the correct weblogs destination in the weblog provider cron job

4 years agoEnable shipping www.debian.org logs to www-master.debian.org [RT#5872]
Paul Wise [Sun, 26 Jul 2015 05:18:34 +0000 (13:18 +0800)]
Enable shipping debian.org logs to www-master.debian.org [RT#5872]

This is for prioritising pages in order of popularity for translators.

Signed-off-by: Paul Wise <pabs@debian.org>
4 years agoEnable pam_systemd.so in common-session
Peter Palfrader [Tue, 13 Oct 2015 16:05:55 +0000 (18:05 +0200)]
Enable pam_systemd.so in common-session

4 years agouse full path to /usr/bin/service in monit config
Julien Cristau [Sun, 11 Oct 2015 15:17:25 +0000 (17:17 +0200)]
use full path to /usr/bin/service in monit config

/etc/monit/monit.d/01puppet:9: Warning: Program does not exist: 'service'

Signed-off-by: Julien Cristau <jcristau@debian.org>
4 years agorenew ssl cert for api.ftp-master.d.o
Julien Cristau [Sun, 11 Oct 2015 14:46:27 +0000 (16:46 +0200)]
renew ssl cert for api.ftp-master.d.o

Signed-off-by: Julien Cristau <jcristau@debian.org>
4 years agoUse SSO certs on jenkins
Peter Palfrader [Sun, 11 Oct 2015 11:01:22 +0000 (13:01 +0200)]
Use SSO certs on jenkins

4 years agoAnd ssl module
Peter Palfrader [Sun, 11 Oct 2015 08:24:20 +0000 (10:24 +0200)]
And ssl module

4 years agoAdd jenkins role
Peter Palfrader [Sun, 11 Oct 2015 08:23:42 +0000 (10:23 +0200)]
Add jenkins role

4 years agobackuphost also has postgresql-client-9.1
Peter Palfrader [Thu, 8 Oct 2015 12:27:09 +0000 (14:27 +0200)]
backuphost also has postgresql-client-9.1

4 years agoencode backuphost in label for basebackups
Peter Palfrader [Thu, 8 Oct 2015 12:05:29 +0000 (14:05 +0200)]
encode backuphost in label for basebackups

4 years agoFix another typo...
Aurelien Jarno [Sat, 3 Oct 2015 15:15:48 +0000 (17:15 +0200)]
Fix another typo...

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
4 years agoFix a typo in previous commit
Aurelien Jarno [Sat, 3 Oct 2015 15:14:31 +0000 (17:14 +0200)]
Fix a typo in previous commit

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
4 years agoAdd jessie-proposed-update repo for mips-aql-05 and mipsel-aql-02
Aurelien Jarno [Sat, 3 Oct 2015 15:12:05 +0000 (17:12 +0200)]
Add jessie-proposed-update repo for mips-aql-05 and mipsel-aql-02

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
4 years agoOnly create kfreebsd chroot aliases on kfreebsd-*
Aurelien Jarno [Fri, 2 Oct 2015 11:15:31 +0000 (13:15 +0200)]
Only create kfreebsd chroot aliases on kfreebsd-*

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
4 years agoCreate kfreebsd-security chroots
Christoph Egger [Fri, 2 Oct 2015 10:51:45 +0000 (12:51 +0200)]
Create kfreebsd-security chroots

Signed-off-by: Christoph Egger <christoph@christoph-egger.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
4 years agosoler: decomission rt#5890
Héctor Orón Martínez [Mon, 28 Sep 2015 09:44:42 +0000 (11:44 +0200)]
soler: decomission rt#5890

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
4 years agosudo: repkace press by publicity
Héctor Orón Martínez [Sun, 27 Sep 2015 22:20:20 +0000 (00:20 +0200)]
sudo: repkace press by publicity

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
4 years agosudo: allow pabs to push timeline rt#5979
Héctor Orón Martínez [Sun, 27 Sep 2015 21:30:06 +0000 (23:30 +0200)]
sudo: allow pabs to push timeline rt#5979

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
4 years agosudo: replace debbits by publicity
Héctor Orón Martínez [Sun, 27 Sep 2015 21:26:16 +0000 (23:26 +0200)]
sudo: replace debbits by publicity

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
4 years agohamradio blends relocation on www.d.o
Iain R. Learmonth [Sun, 27 Sep 2015 15:16:30 +0000 (17:16 +0200)]
hamradio blends relocation on www.d.o

4 years agocorelli: decomission
Héctor Orón Martínez [Sat, 26 Sep 2015 19:12:36 +0000 (21:12 +0200)]
corelli: decomission

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
4 years agomake base backups on backuphost at a different time
Peter Palfrader [Sat, 26 Sep 2015 11:22:22 +0000 (13:22 +0200)]
make base backups on backuphost at a different time

4 years agobackuphost will have pg backups also
Peter Palfrader [Sat, 26 Sep 2015 11:13:40 +0000 (13:13 +0200)]
backuphost will have pg backups also

4 years agomultipath: drop brahms, decomissioned
Héctor Orón Martínez [Thu, 24 Sep 2015 08:30:29 +0000 (10:30 +0200)]
multipath: drop brahms, decomissioned

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
4 years agobrahms: decomission
Héctor Orón Martínez [Thu, 24 Sep 2015 07:59:30 +0000 (09:59 +0200)]
brahms: decomission

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
4 years agoarcadelt: drop, decomissioned time ago
Héctor Orón Martínez [Thu, 24 Sep 2015 07:45:13 +0000 (09:45 +0200)]
arcadelt: drop, decomissioned time ago

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
4 years agogabrielli: decomission
Héctor Orón Martínez [Tue, 22 Sep 2015 22:36:45 +0000 (00:36 +0200)]
gabrielli: decomission

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
4 years agoeysler.d.o: decomission
Héctor Orón Martínez [Fri, 18 Sep 2015 19:02:43 +0000 (21:02 +0200)]
eysler.d.o: decomission

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
4 years agodisable proposed repo on zandonai
Peter Palfrader [Fri, 18 Sep 2015 06:01:48 +0000 (08:01 +0200)]
disable proposed repo on zandonai

4 years agoInstall libpam-systemd on systemd hosts
Peter Palfrader [Thu, 17 Sep 2015 15:54:51 +0000 (17:54 +0200)]
Install libpam-systemd on systemd hosts

4 years agoand spell hostname right
Peter Palfrader [Thu, 17 Sep 2015 15:46:58 +0000 (17:46 +0200)]
and spell hostname right

4 years agoremove duplicate entry
Peter Palfrader [Thu, 17 Sep 2015 15:45:07 +0000 (17:45 +0200)]
remove duplicate entry

4 years agoAdd backuphost
Peter Palfrader [Thu, 17 Sep 2015 15:42:37 +0000 (17:42 +0200)]
Add backuphost

4 years agomayer: decomission
Héctor Orón Martínez [Thu, 17 Sep 2015 08:25:20 +0000 (10:25 +0200)]
mayer: decomission

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
4 years agoApply Aurelien's nfs patch to the dsa-check-libs copy in puppet also
Peter Palfrader [Fri, 11 Sep 2015 08:20:10 +0000 (10:20 +0200)]
Apply Aurelien's nfs patch to the dsa-check-libs copy in puppet also

4 years agoFix debian mirror for man-da
Peter Palfrader [Wed, 9 Sep 2015 11:11:25 +0000 (13:11 +0200)]
Fix debian mirror for man-da

4 years agoUse ftp.de.debian.org in manda
Aurelien Jarno [Tue, 8 Sep 2015 09:27:37 +0000 (11:27 +0200)]
Use ftp.de.debian.org in manda

Until issues with debian.netcologne.de are solved.

4 years agoFix whitespace and hyphen
Peter Palfrader [Sun, 6 Sep 2015 12:05:27 +0000 (14:05 +0200)]
Fix whitespace and hyphen

4 years agodupload.conf: drop config for -volatile, -edu and -bpo
Aurelien Jarno [Sat, 5 Sep 2015 21:06:17 +0000 (23:06 +0200)]
dupload.conf: drop config for -volatile, -edu and -bpo

They do no exist anymore.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
4 years agodupload.conf: enable gpg check
Aurelien Jarno [Sat, 5 Sep 2015 21:06:10 +0000 (23:06 +0200)]
dupload.conf: enable gpg check

That way packages without GPG signature (e.g. when the key is out of
date) do not get uploaded.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
4 years agoadd vittoria
Martin Zobel-Helas [Sat, 5 Sep 2015 08:08:32 +0000 (08:08 +0000)]
add vittoria

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
4 years agosudo for gitdoadm
Peter Palfrader [Tue, 1 Sep 2015 16:53:28 +0000 (18:53 +0200)]
sudo for gitdoadm

4 years agoAdd gigault
Peter Palfrader [Tue, 1 Sep 2015 14:12:52 +0000 (16:12 +0200)]
Add gigault

4 years agoAdd a comment
Peter Palfrader [Tue, 1 Sep 2015 09:49:27 +0000 (11:49 +0200)]
Add a comment

4 years agoreload apache2 on sso RP hosts after sso files changed
Peter Palfrader [Tue, 1 Sep 2015 09:48:44 +0000 (09:48 +0000)]
reload apache2 on sso RP hosts after sso files changed

4 years agoCommit fix for iterating over sso nodes
Peter Palfrader [Tue, 1 Sep 2015 09:48:21 +0000 (09:48 +0000)]
Commit fix for iterating over sso nodes

4 years agosudo for %jenkins-adm to jenkins-adm
Peter Palfrader [Mon, 31 Aug 2015 14:52:42 +0000 (16:52 +0200)]
sudo for %jenkins-adm to jenkins-adm

4 years agoRename jenkins to jenko (RT:#5781)
Peter Palfrader [Mon, 31 Aug 2015 11:39:30 +0000 (13:39 +0200)]
Rename jenkins to jenko (RT:#5781)

4 years agoferm: add yet another $work ip
Julien Cristau [Mon, 31 Aug 2015 09:46:51 +0000 (11:46 +0200)]
ferm: add yet another $work ip

4 years agoAdd video.debian.net to static CDN
Julien Cristau [Sat, 29 Aug 2015 17:31:55 +0000 (19:31 +0200)]
Add video.debian.net to static CDN

4 years agoticharich as sso_rp
Peter Palfrader [Fri, 28 Aug 2015 19:38:16 +0000 (21:38 +0200)]
ticharich as sso_rp

4 years agofix one path
Peter Palfrader [Fri, 28 Aug 2015 11:41:24 +0000 (13:41 +0200)]
fix one path

4 years agorsync on lw0[1234]
Peter Palfrader [Fri, 28 Aug 2015 11:39:35 +0000 (13:39 +0200)]
rsync on lw0[1234]

4 years agobuildds: kill aptitude after 10 minutes OR all RAM used
Aurelien Jarno [Fri, 28 Aug 2015 10:17:50 +0000 (12:17 +0200)]
buildds: kill aptitude after 10 minutes OR all RAM used

Instead of 10 minutes AND all RAM used. It takes ages to fill all the
RAM on machines with 8GB or 32GB.

4 years agodiabelli to sso_rp
Peter Palfrader [Thu, 27 Aug 2015 07:49:49 +0000 (09:49 +0200)]
diabelli to sso_rp

4 years agofix typo
Peter Palfrader [Wed, 26 Aug 2015 18:30:29 +0000 (20:30 +0200)]
fix typo

4 years agogrub on VMs
Peter Palfrader [Wed, 26 Aug 2015 18:27:08 +0000 (20:27 +0200)]
grub on VMs

4 years agoCreate mips64el chroots on Loongson 3 buildds, II
Aurelien Jarno [Wed, 26 Aug 2015 15:48:57 +0000 (17:48 +0200)]
Create mips64el chroots on Loongson 3 buildds, II

4 years agosetup-dchroot: use linux32 personality on mips/mipsel
Aurelien Jarno [Wed, 26 Aug 2015 14:08:03 +0000 (16:08 +0200)]
setup-dchroot: use linux32 personality on mips/mipsel

4 years agoAlways install fakeroot in the chroots
Aurelien Jarno [Wed, 26 Aug 2015 09:11:33 +0000 (11:11 +0200)]
Always install fakeroot in the chroots

- On buildds, sbuild installs it for every build as a first step.
- On porterboxes, one can't build a package without it.

4 years agoca.pem -> ca.crt
Peter Palfrader [Wed, 26 Aug 2015 08:28:18 +0000 (10:28 +0200)]
ca.pem -> ca.crt

4 years agoCreate mips64el chroots on Loongson 3 buildds
Aurelien Jarno [Tue, 25 Aug 2015 19:27:15 +0000 (21:27 +0200)]
Create mips64el chroots on Loongson 3 buildds

4 years agoalso add ca.pem
Peter Palfrader [Tue, 25 Aug 2015 17:54:52 +0000 (19:54 +0200)]
also add ca.pem

4 years agoenable sso_rp
Peter Palfrader [Tue, 25 Aug 2015 17:43:10 +0000 (19:43 +0200)]
enable sso_rp

4 years agoTry shipping SSO CRL
Peter Palfrader [Tue, 25 Aug 2015 17:41:25 +0000 (19:41 +0200)]
Try shipping SSO CRL

4 years agoAdd a factor to load /srv/sso.debian.org/debsso/data/spkac_ca/ca.crl
Peter Palfrader [Tue, 25 Aug 2015 17:22:31 +0000 (19:22 +0200)]
Add a factor to load /srv/sso.debian.org/debsso/data/spkac_ca/ca.crl

4 years agodebsso-web sudo
Peter Palfrader [Tue, 25 Aug 2015 14:45:50 +0000 (16:45 +0200)]
debsso-web sudo

4 years agoRemove /var/run/iptables-ferm.checksum /var/run/ip6tables-ferm.checksum in a pre...
Peter Palfrader [Tue, 25 Aug 2015 08:42:55 +0000 (10:42 +0200)]
Remove /var/run/iptables-ferm.checksum /var/run/ip6tables-ferm.checksum in a pre-hook

4 years agoAdd debian-debug rsync share
Peter Palfrader [Mon, 24 Aug 2015 19:19:20 +0000 (21:19 +0200)]
Add debian-debug rsync share

4 years agoAdd debian-debug rsync share
Peter Palfrader [Mon, 24 Aug 2015 19:13:12 +0000 (21:13 +0200)]
Add debian-debug rsync share

4 years agoRemove commented out, obsolete rsync shares
Peter Palfrader [Mon, 24 Aug 2015 19:12:16 +0000 (21:12 +0200)]
Remove commented out, obsolete rsync shares

4 years agoAdd root ssh key for aurel32
Aurelien Jarno [Mon, 24 Aug 2015 13:56:53 +0000 (15:56 +0200)]
Add root ssh key for aurel32

4 years agoferm: use NFLOG instead of LOG/ULOG on jessie
Aurelien Jarno [Mon, 24 Aug 2015 10:08:09 +0000 (12:08 +0200)]
ferm: use NFLOG instead of LOG/ULOG on jessie

ULOG is deprecated and has been removed from recent kernels. Use the
(not so new) NFLOG module instead. It requires ulogd2 so we can do that
only on jessie hosts.

This fixes logging on jessie hosts as ulogd2 doesn't listen for ULOG
logs by default.

This also allows logging IPv6 the same way than IPv4.

4 years agoferm: change ferm.conf to a template
Aurelien Jarno [Mon, 24 Aug 2015 10:03:33 +0000 (12:03 +0200)]
ferm: change ferm.conf to a template

So we can provide a different version for wheezy and jessie hosts