cacert-puppet.git
7 months agoFix source path for rssh.global.conf
Jan Dittberner [Fri, 2 Aug 2019 05:18:48 +0000 (07:18 +0200)] 
Fix source path for rssh.global.conf

7 months agoSetup rssh to restrict uploads to sftp and scp
Jan Dittberner [Fri, 2 Aug 2019 05:16:08 +0000 (07:16 +0200)] 
Setup rssh to restrict uploads to sftp and scp

7 months agoTrash the mini-dinstall setup
Jan Dittberner [Fri, 2 Aug 2019 04:43:49 +0000 (06:43 +0200)] 
Trash the mini-dinstall setup

I decided to replace mini-dinstall with a reprepro based setup to have
support the modern Debian repository format.

7 months agoLet debarchive run in its own directory
Jan Dittberner [Thu, 1 Aug 2019 20:42:50 +0000 (22:42 +0200)] 
Let debarchive run in its own directory

You need to use a bind mount in /etc/fstab

/srv/debarchive/archive/mini-dinstall/incoming /srv/upload/incoming - bind 0 0

7 months agoFix typo
Jan Dittberner [Thu, 1 Aug 2019 20:10:23 +0000 (22:10 +0200)] 
Fix typo

7 months agoFix dependency declaration for debarchive service
Jan Dittberner [Thu, 1 Aug 2019 20:09:06 +0000 (22:09 +0200)] 
Fix dependency declaration for debarchive service

7 months agoAdd intermediate directory /srv/upload
Jan Dittberner [Thu, 1 Aug 2019 20:07:49 +0000 (22:07 +0200)] 
Add intermediate directory /srv/upload

7 months agoMove uploads to /srv/upload/incoming
Jan Dittberner [Thu, 1 Aug 2019 20:06:04 +0000 (22:06 +0200)] 
Move uploads to /srv/upload/incoming

To make this setup work you should have the following in
/etc/ssh/sshd_config:

  Match User debarchive
      ForceCommand internal-sftp
      ChrootDirectory /srv/upload
      AllowTcpForwarding no

7 months agoMove template to the correct directory
Jan Dittberner [Thu, 1 Aug 2019 19:48:50 +0000 (21:48 +0200)] 
Move template to the correct directory

7 months agoSetup mini-dinstall under debarchive user
Jan Dittberner [Thu, 1 Aug 2019 19:46:50 +0000 (21:46 +0200)] 
Setup mini-dinstall under debarchive user

7 months agoUse gid instead of non-existing group
Jan Dittberner [Thu, 1 Aug 2019 13:50:47 +0000 (15:50 +0200)] 
Use gid instead of non-existing group

7 months agoAdd new profile debarchive for webstatic
Jan Dittberner [Thu, 1 Aug 2019 13:47:54 +0000 (15:47 +0200)] 
Add new profile debarchive for webstatic

8 months agoRe-enable mail alias handling
Jan Dittberner [Tue, 30 Jul 2019 10:24:03 +0000 (12:24 +0200)] 
Re-enable mail alias handling

A fix for https://github.com/puppetlabs/puppet/pull/7632 came with
Puppet 6.7.1.

8 months agoApply base profile to extmon
Jan Dittberner [Tue, 30 Jul 2019 10:17:04 +0000 (12:17 +0200)] 
Apply base profile to extmon

8 months agoFix class name
Jan Dittberner [Tue, 30 Jul 2019 10:07:31 +0000 (12:07 +0200)] 
Fix class name

8 months agoAdd external monitoring host role and config
Jan Dittberner [Tue, 30 Jul 2019 10:04:31 +0000 (12:04 +0200)] 
Add external monitoring host role and config

8 months agoPurge nrpe_agent from icinga2 agent nodes
Jan Dittberner [Mon, 29 Jul 2019 14:35:09 +0000 (16:35 +0200)] 
Purge nrpe_agent from icinga2 agent nodes

8 months agoRemove arbitration from sniproxy
Jan Dittberner [Mon, 29 Jul 2019 11:29:54 +0000 (13:29 +0200)] 
Remove arbitration from sniproxy

8 months agoEnable icinga2 agent on test3
Jan Dittberner [Mon, 29 Jul 2019 09:57:34 +0000 (11:57 +0200)] 
Enable icinga2 agent on test3

8 months agoEnable icinga2 agent on webstatic
Jan Dittberner [Mon, 29 Jul 2019 09:53:30 +0000 (11:53 +0200)] 
Enable icinga2 agent on webstatic

8 months agoEnable icinga2 agent on translations
Jan Dittberner [Mon, 29 Jul 2019 09:47:32 +0000 (11:47 +0200)] 
Enable icinga2 agent on translations

8 months agoEnable icinga2 agent on svn
Jan Dittberner [Mon, 29 Jul 2019 09:44:57 +0000 (11:44 +0200)] 
Enable icinga2 agent on svn

8 months agoEnable icinga2 agent on proxyout
Jan Dittberner [Mon, 29 Jul 2019 09:41:31 +0000 (11:41 +0200)] 
Enable icinga2 agent on proxyout

8 months agoEnable icinga2 agent on proxyin
Jan Dittberner [Mon, 29 Jul 2019 09:36:48 +0000 (11:36 +0200)] 
Enable icinga2 agent on proxyin

8 months agoAdd apt.puppet.com to debpuppet ACL
Jan Dittberner [Sun, 28 Jul 2019 22:01:54 +0000 (00:01 +0200)] 
Add apt.puppet.com to debpuppet ACL

8 months agoFix Apt::Update order for icinga2 packages
Jan Dittberner [Sun, 28 Jul 2019 20:30:14 +0000 (22:30 +0200)] 
Fix Apt::Update order for icinga2 packages

8 months agoAdd icinga2 agent on Jenkins
Jan Dittberner [Sun, 28 Jul 2019 17:50:08 +0000 (19:50 +0200)] 
Add icinga2 agent on Jenkins

8 months agoTry to improve icinga agent profile
Jan Dittberner [Sun, 28 Jul 2019 17:48:59 +0000 (19:48 +0200)] 
Try to improve icinga agent profile

Enforce order of master certificate installation to avoid issues with
certificate enrollment during API activation.

8 months agoAdd Icinga2 agent on ircserver
Jan Dittberner [Sun, 28 Jul 2019 17:10:13 +0000 (19:10 +0200)] 
Add Icinga2 agent on ircserver

8 months agoSetup icinga2 agent on web
Jan Dittberner [Sun, 28 Jul 2019 13:24:14 +0000 (15:24 +0200)] 
Setup icinga2 agent on web

8 months agoAllow access to wordpress domains from blog
Jan Dittberner [Sun, 28 Jul 2019 11:55:21 +0000 (13:55 +0200)] 
Allow access to wordpress domains from blog

8 months agoAdd icinga2_agent on bugs
Jan Dittberner [Wed, 24 Jul 2019 22:11:12 +0000 (00:11 +0200)] 
Add icinga2_agent on bugs

8 months agoAssign correct role to issue
Jan Dittberner [Wed, 24 Jul 2019 21:48:18 +0000 (23:48 +0200)] 
Assign correct role to issue

8 months agoAdd icinga2_agent to issue
Jan Dittberner [Wed, 24 Jul 2019 21:42:57 +0000 (23:42 +0200)] 
Add icinga2_agent to issue

8 months agoUpdate copyright years
Jan Dittberner [Wed, 24 Jul 2019 21:42:51 +0000 (23:42 +0200)] 
Update copyright years

8 months agoInstall icinga2 agent on emailout
Jan Dittberner [Wed, 24 Jul 2019 21:14:01 +0000 (23:14 +0200)] 
Install icinga2 agent on emailout

8 months agoDisable mailalias handling due to Puppet regression
Jan Dittberner [Wed, 24 Jul 2019 21:13:07 +0000 (23:13 +0200)] 
Disable mailalias handling due to Puppet regression

8 months agoEnable icinga2 notifications
Jan Dittberner [Wed, 24 Jul 2019 20:57:00 +0000 (22:57 +0200)] 
Enable icinga2 notifications

8 months agoUse correct ticket for motion.infra.cacert.org
Jan Dittberner [Tue, 23 Jul 2019 20:01:18 +0000 (22:01 +0200)] 
Use correct ticket for motion.infra.cacert.org

8 months agoAdd icinga2 agent on motion
Jan Dittberner [Tue, 23 Jul 2019 19:57:35 +0000 (21:57 +0200)] 
Add icinga2 agent on motion

8 months agoRemove target from zone/endpoint definition
Jan Dittberner [Mon, 22 Jul 2019 18:26:03 +0000 (20:26 +0200)] 
Remove target from zone/endpoint definition

8 months agoFix syntax error
Jan Dittberner [Mon, 22 Jul 2019 17:04:51 +0000 (19:04 +0200)] 
Fix syntax error

8 months agoFix resource definition for external auth
Jan Dittberner [Mon, 22 Jul 2019 17:03:16 +0000 (19:03 +0200)] 
Fix resource definition for external auth

8 months agoAdd support for icingaweb2 admins
Jan Dittberner [Mon, 22 Jul 2019 17:01:33 +0000 (19:01 +0200)] 
Add support for icingaweb2 admins

8 months agoAdd dependencies for icingaweb2 + external auth
Jan Dittberner [Mon, 22 Jul 2019 16:39:08 +0000 (18:39 +0200)] 
Add dependencies for icingaweb2 + external auth

8 months agoMake db_port an integer
Jan Dittberner [Sun, 21 Jul 2019 15:23:47 +0000 (17:23 +0200)] 
Make db_port an integer

8 months agoFix syntax error in resource declaration
Jan Dittberner [Sun, 21 Jul 2019 15:20:08 +0000 (17:20 +0200)] 
Fix syntax error in resource declaration

8 months agoAdd Icingaweb2
Jan Dittberner [Sun, 21 Jul 2019 15:11:25 +0000 (17:11 +0200)] 
Add Icingaweb2

8 months agoDo not manage conf.d on icinga2 agents
Jan Dittberner [Sun, 21 Jul 2019 14:55:08 +0000 (16:55 +0200)] 
Do not manage conf.d on icinga2 agents

8 months agoAdd missing ca_host parameter
Jan Dittberner [Sun, 21 Jul 2019 14:51:40 +0000 (16:51 +0200)] 
Add missing ca_host parameter

8 months agoUse icinga2 PKI for agent
Jan Dittberner [Sun, 21 Jul 2019 14:48:47 +0000 (16:48 +0200)] 
Use icinga2 PKI for agent

8 months agoFix syntax error
Jan Dittberner [Sun, 21 Jul 2019 14:44:23 +0000 (16:44 +0200)] 
Fix syntax error

8 months agoAdd global zone
Jan Dittberner [Sun, 21 Jul 2019 14:42:45 +0000 (16:42 +0200)] 
Add global zone

8 months agoFix syntax errors
Jan Dittberner [Sun, 21 Jul 2019 14:33:39 +0000 (16:33 +0200)] 
Fix syntax errors

8 months agoModify icinga2 agent setup
Jan Dittberner [Sun, 21 Jul 2019 14:29:15 +0000 (16:29 +0200)] 
Modify icinga2 agent setup

- use ticket generated by icinga2 pki ticket on master
- remove commented code from icinga2_master manifest
- use icinga2 module for icinga2_agent

8 months agoSetup API endpoint with existing certificate
Jan Dittberner [Sun, 21 Jul 2019 14:00:14 +0000 (16:00 +0200)] 
Setup API endpoint with existing certificate

8 months agoMake sure that the CA directory exists
Jan Dittberner [Sun, 21 Jul 2019 13:44:31 +0000 (15:44 +0200)] 
Make sure that the CA directory exists

8 months agoAdd postgresql::server module
Jan Dittberner [Sun, 21 Jul 2019 13:32:11 +0000 (15:32 +0200)] 
Add postgresql::server module

8 months agoDefine target file for API users
Jan Dittberner [Sun, 21 Jul 2019 13:28:14 +0000 (15:28 +0200)] 
Define target file for API users

8 months agoFix parameter type definition for $api_users
Jan Dittberner [Sun, 21 Jul 2019 13:25:40 +0000 (15:25 +0200)] 
Fix parameter type definition for $api_users

8 months agoFix api user resource description
Jan Dittberner [Sun, 21 Jul 2019 13:23:35 +0000 (15:23 +0200)] 
Fix api user resource description

8 months agoRemove unused parameters from icinga2_common
Jan Dittberner [Sun, 21 Jul 2019 13:16:00 +0000 (15:16 +0200)] 
Remove unused parameters from icinga2_common

8 months agoDefine Icinga2 CA on master
Jan Dittberner [Sun, 21 Jul 2019 13:14:00 +0000 (15:14 +0200)] 
Define Icinga2 CA on master

8 months agoDefine ticket salt for icinga2 master
Jan Dittberner [Sun, 21 Jul 2019 13:03:44 +0000 (15:03 +0200)] 
Define ticket salt for icinga2 master

8 months agoUse icinga2 class in icinga2_master manifest
Jan Dittberner [Sun, 21 Jul 2019 12:56:26 +0000 (14:56 +0200)] 
Use icinga2 class in icinga2_master manifest

8 months agoDo not manage certs in icinga2_common
Jan Dittberner [Sun, 21 Jul 2019 12:52:06 +0000 (14:52 +0200)] 
Do not manage certs in icinga2_common

8 months agoAdd missing changes for icinga2 module
Jan Dittberner [Sun, 21 Jul 2019 12:49:56 +0000 (14:49 +0200)] 
Add missing changes for icinga2 module

8 months agoChange icinga2_master role to use icinga2 module
Jan Dittberner [Sun, 21 Jul 2019 12:47:15 +0000 (14:47 +0200)] 
Change icinga2_master role to use icinga2 module

8 months agoInitialize Icinga2 class
Jan Dittberner [Sun, 21 Jul 2019 12:25:10 +0000 (14:25 +0200)] 
Initialize Icinga2 class

8 months agoAdd puppetlabs/concat module
Jan Dittberner [Sun, 21 Jul 2019 12:19:46 +0000 (14:19 +0200)] 
Add puppetlabs/concat module

8 months agoRealize export Icinga2 zones and endpoints
Jan Dittberner [Sun, 21 Jul 2019 12:17:55 +0000 (14:17 +0200)] 
Realize export Icinga2 zones and endpoints

8 months agoUse latest versions of forge modules
Jan Dittberner [Sun, 21 Jul 2019 12:09:47 +0000 (14:09 +0200)] 
Use latest versions of forge modules

8 months agoFix resource syntax
Jan Dittberner [Sun, 21 Jul 2019 12:01:54 +0000 (14:01 +0200)] 
Fix resource syntax

8 months agoAdd exported zone and endpoint for icinga2 agent
Jan Dittberner [Sun, 21 Jul 2019 11:59:03 +0000 (13:59 +0200)] 
Add exported zone and endpoint for icinga2 agent

8 months agoReplace direct notify with virtual resource
Jan Dittberner [Sun, 21 Jul 2019 11:45:51 +0000 (13:45 +0200)] 
Replace direct notify with virtual resource

8 months agoRe-enable icinga agent setup script
Jan Dittberner [Sun, 21 Jul 2019 11:43:06 +0000 (13:43 +0200)] 
Re-enable icinga agent setup script

8 months agoFix path to CA certificate
Jan Dittberner [Sun, 21 Jul 2019 11:38:55 +0000 (13:38 +0200)] 
Fix path to CA certificate

8 months agoDo not manage constants.conf
Jan Dittberner [Sun, 21 Jul 2019 10:48:18 +0000 (12:48 +0200)] 
Do not manage constants.conf

Let icinga2 node setup handle constants.conf, add global zone
definitions to zones.conf.epp and remove explicit zone and cn parameters
to node setup on master.

8 months agoRemove unfulfillable subscription
Jan Dittberner [Sun, 21 Jul 2019 10:37:06 +0000 (12:37 +0200)] 
Remove unfulfillable subscription

8 months agoAdd master key and certificates
Jan Dittberner [Sun, 21 Jul 2019 10:34:11 +0000 (12:34 +0200)] 
Add master key and certificates

icinga2 node setup on agents requires the master certificate, the CA
certificate is not sufficient.

8 months agoPrepare icinga2_agent installation on puppet
Jan Dittberner [Sun, 21 Jul 2019 10:01:36 +0000 (12:01 +0200)] 
Prepare icinga2_agent installation on puppet

8 months agoSetup icinga2 master node
Jan Dittberner [Sun, 21 Jul 2019 09:55:33 +0000 (11:55 +0200)] 
Setup icinga2 master node

8 months agoDo not manage API listener config
Jan Dittberner [Sun, 21 Jul 2019 09:37:29 +0000 (11:37 +0200)] 
Do not manage API listener config

8 months agoDeclare dependency between icinga2 and ido package
Jan Dittberner [Sun, 21 Jul 2019 09:27:46 +0000 (11:27 +0200)] 
Declare dependency between icinga2 and ido package

8 months agoRemove unused ido_* parameters
Jan Dittberner [Sun, 21 Jul 2019 09:02:34 +0000 (11:02 +0200)] 
Remove unused ido_* parameters

8 months agoLet dbconfig-common take care of the ido database
Jan Dittberner [Sun, 21 Jul 2019 08:56:50 +0000 (10:56 +0200)] 
Let dbconfig-common take care of the ido database

8 months agoFix syntax error in icinga2_master manifest
Jan Dittberner [Sun, 21 Jul 2019 08:40:48 +0000 (10:40 +0200)] 
Fix syntax error in icinga2_master manifest

8 months agoRework of icinga2 master setup
Jan Dittberner [Sun, 21 Jul 2019 08:35:26 +0000 (10:35 +0200)] 
Rework of icinga2 master setup

- replace debconf calls with preseed config for icinga2-ido-pgsql
  package
- remove host key and certificate from monitor (these will be setup
  later)
- disable icinga2_agent installation on puppet

8 months agoFix syntax issues in agent setup script
Jan Dittberner [Sat, 20 Jul 2019 18:46:48 +0000 (20:46 +0200)] 
Fix syntax issues in agent setup script

8 months agoAdd missing json parsing in agent setup script
Jan Dittberner [Sat, 20 Jul 2019 18:42:38 +0000 (20:42 +0200)] 
Add missing json parsing in agent setup script

8 months agoQualify paths in scripts
Jan Dittberner [Sat, 20 Jul 2019 18:36:32 +0000 (20:36 +0200)] 
Qualify paths in scripts

8 months agoAdd icinga2_agent node setup script
Jan Dittberner [Sat, 20 Jul 2019 18:32:56 +0000 (20:32 +0200)] 
Add icinga2_agent node setup script

- generate /var/lib/icinga2/setup_agent.sh from template
- execute script if setup has not been run before

8 months agoMove management of Icinga2 CA certificate
Jan Dittberner [Sat, 20 Jul 2019 18:08:21 +0000 (20:08 +0200)] 
Move management of Icinga2 CA certificate

- move parameter to icinga2_common
- move hiera data from monitor node to common

8 months agoUse virtual resource for dependency
Jan Dittberner [Sat, 20 Jul 2019 13:37:00 +0000 (15:37 +0200)] 
Use virtual resource for dependency

8 months agoAdd icinga2_agent module and apply it to puppet
Jan Dittberner [Sat, 20 Jul 2019 13:31:12 +0000 (15:31 +0200)] 
Add icinga2_agent module and apply it to puppet

8 months agoPrepare for icinga2_agent manifest
Jan Dittberner [Sat, 20 Jul 2019 13:26:11 +0000 (15:26 +0200)] 
Prepare for icinga2_agent manifest

- move installation of Icinga2 and apt-pinnig to profiles::icinga2_common
- define a new API user for getting a PKI ticket

8 months agoFix URL in environment.conf
Jan Dittberner [Sat, 20 Jul 2019 13:06:09 +0000 (15:06 +0200)] 
Fix URL in environment.conf

8 months agoFix hiera syntax for apt::purge parameter
Jan Dittberner [Sat, 20 Jul 2019 13:04:16 +0000 (15:04 +0200)] 
Fix hiera syntax for apt::purge parameter

8 months agoPin dependencies of icinga2 packages
Jan Dittberner [Sat, 20 Jul 2019 12:48:04 +0000 (14:48 +0200)] 
Pin dependencies of icinga2 packages

8 months agoRemove explicit keys from debian repos
Jan Dittberner [Sat, 20 Jul 2019 12:45:09 +0000 (14:45 +0200)] 
Remove explicit keys from debian repos