cacert-puppet.git
6 months agoRe-add key grip needed for private key
Jan Dittberner [Fri, 2 Aug 2019 08:27:01 +0000 (10:27 +0200)] 
Re-add key grip needed for private key

6 months agoRemove unused scripts directory
Jan Dittberner [Fri, 2 Aug 2019 08:20:15 +0000 (10:20 +0200)] 
Remove unused scripts directory

6 months agoUpdate trustdb to match signing key
Jan Dittberner [Fri, 2 Aug 2019 08:17:27 +0000 (10:17 +0200)] 
Update trustdb to match signing key

6 months agoRemove passphrase from signing key
Jan Dittberner [Fri, 2 Aug 2019 08:13:02 +0000 (10:13 +0200)] 
Remove passphrase from signing key

6 months agoFix ensure for concat
Jan Dittberner [Fri, 2 Aug 2019 07:24:42 +0000 (09:24 +0200)] 
Fix ensure for concat

6 months agoFix typo s/content::fragment/concat::fragment/
Jan Dittberner [Fri, 2 Aug 2019 07:23:42 +0000 (09:23 +0200)] 
Fix typo s/content::fragment/concat::fragment/

6 months agoFix syntax error in concat::fragment definitions
Jan Dittberner [Fri, 2 Aug 2019 07:22:23 +0000 (09:22 +0200)] 
Fix syntax error in concat::fragment definitions

6 months agoDefine reprepro distributions
Jan Dittberner [Fri, 2 Aug 2019 07:21:12 +0000 (09:21 +0200)] 
Define reprepro distributions

6 months agoFix variable interpolation
Jan Dittberner [Fri, 2 Aug 2019 06:45:26 +0000 (08:45 +0200)] 
Fix variable interpolation

6 months agoRemove duplicate package definition
Jan Dittberner [Fri, 2 Aug 2019 06:44:13 +0000 (08:44 +0200)] 
Remove duplicate package definition

6 months agoUse variables for paths, install reprepro
Jan Dittberner [Fri, 2 Aug 2019 06:37:48 +0000 (08:37 +0200)] 
Use variables for paths, install reprepro

6 months agoClean /etc/passwd in upload chroot
Jan Dittberner [Fri, 2 Aug 2019 06:10:54 +0000 (08:10 +0200)] 
Clean /etc/passwd in upload chroot

6 months agoManage chroot for debarchive uploads
Jan Dittberner [Fri, 2 Aug 2019 06:00:26 +0000 (08:00 +0200)] 
Manage chroot for debarchive uploads

6 months agoUse double quotes to allow newline
Jan Dittberner [Fri, 2 Aug 2019 05:24:00 +0000 (07:24 +0200)] 
Use double quotes to allow newline

6 months agoFix rssh line syntax
Jan Dittberner [Fri, 2 Aug 2019 05:22:04 +0000 (07:22 +0200)] 
Fix rssh line syntax

6 months agoFix source path for rssh.global.conf
Jan Dittberner [Fri, 2 Aug 2019 05:18:48 +0000 (07:18 +0200)] 
Fix source path for rssh.global.conf

6 months agoSetup rssh to restrict uploads to sftp and scp
Jan Dittberner [Fri, 2 Aug 2019 05:16:08 +0000 (07:16 +0200)] 
Setup rssh to restrict uploads to sftp and scp

6 months agoTrash the mini-dinstall setup
Jan Dittberner [Fri, 2 Aug 2019 04:43:49 +0000 (06:43 +0200)] 
Trash the mini-dinstall setup

I decided to replace mini-dinstall with a reprepro based setup to have
support the modern Debian repository format.

6 months agoLet debarchive run in its own directory
Jan Dittberner [Thu, 1 Aug 2019 20:42:50 +0000 (22:42 +0200)] 
Let debarchive run in its own directory

You need to use a bind mount in /etc/fstab

/srv/debarchive/archive/mini-dinstall/incoming /srv/upload/incoming - bind 0 0

6 months agoFix typo
Jan Dittberner [Thu, 1 Aug 2019 20:10:23 +0000 (22:10 +0200)] 
Fix typo

6 months agoFix dependency declaration for debarchive service
Jan Dittberner [Thu, 1 Aug 2019 20:09:06 +0000 (22:09 +0200)] 
Fix dependency declaration for debarchive service

6 months agoAdd intermediate directory /srv/upload
Jan Dittberner [Thu, 1 Aug 2019 20:07:49 +0000 (22:07 +0200)] 
Add intermediate directory /srv/upload

6 months agoMove uploads to /srv/upload/incoming
Jan Dittberner [Thu, 1 Aug 2019 20:06:04 +0000 (22:06 +0200)] 
Move uploads to /srv/upload/incoming

To make this setup work you should have the following in
/etc/ssh/sshd_config:

  Match User debarchive
      ForceCommand internal-sftp
      ChrootDirectory /srv/upload
      AllowTcpForwarding no

6 months agoMove template to the correct directory
Jan Dittberner [Thu, 1 Aug 2019 19:48:50 +0000 (21:48 +0200)] 
Move template to the correct directory

6 months agoSetup mini-dinstall under debarchive user
Jan Dittberner [Thu, 1 Aug 2019 19:46:50 +0000 (21:46 +0200)] 
Setup mini-dinstall under debarchive user

6 months agoUse gid instead of non-existing group
Jan Dittberner [Thu, 1 Aug 2019 13:50:47 +0000 (15:50 +0200)] 
Use gid instead of non-existing group

6 months agoAdd new profile debarchive for webstatic
Jan Dittberner [Thu, 1 Aug 2019 13:47:54 +0000 (15:47 +0200)] 
Add new profile debarchive for webstatic

6 months agoRe-enable mail alias handling
Jan Dittberner [Tue, 30 Jul 2019 10:24:03 +0000 (12:24 +0200)] 
Re-enable mail alias handling

A fix for https://github.com/puppetlabs/puppet/pull/7632 came with
Puppet 6.7.1.

6 months agoApply base profile to extmon
Jan Dittberner [Tue, 30 Jul 2019 10:17:04 +0000 (12:17 +0200)] 
Apply base profile to extmon

6 months agoFix class name
Jan Dittberner [Tue, 30 Jul 2019 10:07:31 +0000 (12:07 +0200)] 
Fix class name

6 months agoAdd external monitoring host role and config
Jan Dittberner [Tue, 30 Jul 2019 10:04:31 +0000 (12:04 +0200)] 
Add external monitoring host role and config

6 months agoPurge nrpe_agent from icinga2 agent nodes
Jan Dittberner [Mon, 29 Jul 2019 14:35:09 +0000 (16:35 +0200)] 
Purge nrpe_agent from icinga2 agent nodes

6 months agoRemove arbitration from sniproxy
Jan Dittberner [Mon, 29 Jul 2019 11:29:54 +0000 (13:29 +0200)] 
Remove arbitration from sniproxy

6 months agoEnable icinga2 agent on test3
Jan Dittberner [Mon, 29 Jul 2019 09:57:34 +0000 (11:57 +0200)] 
Enable icinga2 agent on test3

6 months agoEnable icinga2 agent on webstatic
Jan Dittberner [Mon, 29 Jul 2019 09:53:30 +0000 (11:53 +0200)] 
Enable icinga2 agent on webstatic

6 months agoEnable icinga2 agent on translations
Jan Dittberner [Mon, 29 Jul 2019 09:47:32 +0000 (11:47 +0200)] 
Enable icinga2 agent on translations

6 months agoEnable icinga2 agent on svn
Jan Dittberner [Mon, 29 Jul 2019 09:44:57 +0000 (11:44 +0200)] 
Enable icinga2 agent on svn

6 months agoEnable icinga2 agent on proxyout
Jan Dittberner [Mon, 29 Jul 2019 09:41:31 +0000 (11:41 +0200)] 
Enable icinga2 agent on proxyout

6 months agoEnable icinga2 agent on proxyin
Jan Dittberner [Mon, 29 Jul 2019 09:36:48 +0000 (11:36 +0200)] 
Enable icinga2 agent on proxyin

6 months agoAdd apt.puppet.com to debpuppet ACL
Jan Dittberner [Sun, 28 Jul 2019 22:01:54 +0000 (00:01 +0200)] 
Add apt.puppet.com to debpuppet ACL

6 months agoFix Apt::Update order for icinga2 packages
Jan Dittberner [Sun, 28 Jul 2019 20:30:14 +0000 (22:30 +0200)] 
Fix Apt::Update order for icinga2 packages

6 months agoAdd icinga2 agent on Jenkins
Jan Dittberner [Sun, 28 Jul 2019 17:50:08 +0000 (19:50 +0200)] 
Add icinga2 agent on Jenkins

6 months agoTry to improve icinga agent profile
Jan Dittberner [Sun, 28 Jul 2019 17:48:59 +0000 (19:48 +0200)] 
Try to improve icinga agent profile

Enforce order of master certificate installation to avoid issues with
certificate enrollment during API activation.

6 months agoAdd Icinga2 agent on ircserver
Jan Dittberner [Sun, 28 Jul 2019 17:10:13 +0000 (19:10 +0200)] 
Add Icinga2 agent on ircserver

6 months agoSetup icinga2 agent on web
Jan Dittberner [Sun, 28 Jul 2019 13:24:14 +0000 (15:24 +0200)] 
Setup icinga2 agent on web

6 months agoAllow access to wordpress domains from blog
Jan Dittberner [Sun, 28 Jul 2019 11:55:21 +0000 (13:55 +0200)] 
Allow access to wordpress domains from blog

7 months agoAdd icinga2_agent on bugs
Jan Dittberner [Wed, 24 Jul 2019 22:11:12 +0000 (00:11 +0200)] 
Add icinga2_agent on bugs

7 months agoAssign correct role to issue
Jan Dittberner [Wed, 24 Jul 2019 21:48:18 +0000 (23:48 +0200)] 
Assign correct role to issue

7 months agoAdd icinga2_agent to issue
Jan Dittberner [Wed, 24 Jul 2019 21:42:57 +0000 (23:42 +0200)] 
Add icinga2_agent to issue

7 months agoUpdate copyright years
Jan Dittberner [Wed, 24 Jul 2019 21:42:51 +0000 (23:42 +0200)] 
Update copyright years

7 months agoInstall icinga2 agent on emailout
Jan Dittberner [Wed, 24 Jul 2019 21:14:01 +0000 (23:14 +0200)] 
Install icinga2 agent on emailout

7 months agoDisable mailalias handling due to Puppet regression
Jan Dittberner [Wed, 24 Jul 2019 21:13:07 +0000 (23:13 +0200)] 
Disable mailalias handling due to Puppet regression

7 months agoEnable icinga2 notifications
Jan Dittberner [Wed, 24 Jul 2019 20:57:00 +0000 (22:57 +0200)] 
Enable icinga2 notifications

7 months agoUse correct ticket for motion.infra.cacert.org
Jan Dittberner [Tue, 23 Jul 2019 20:01:18 +0000 (22:01 +0200)] 
Use correct ticket for motion.infra.cacert.org

7 months agoAdd icinga2 agent on motion
Jan Dittberner [Tue, 23 Jul 2019 19:57:35 +0000 (21:57 +0200)] 
Add icinga2 agent on motion

7 months agoRemove target from zone/endpoint definition
Jan Dittberner [Mon, 22 Jul 2019 18:26:03 +0000 (20:26 +0200)] 
Remove target from zone/endpoint definition

7 months agoFix syntax error
Jan Dittberner [Mon, 22 Jul 2019 17:04:51 +0000 (19:04 +0200)] 
Fix syntax error

7 months agoFix resource definition for external auth
Jan Dittberner [Mon, 22 Jul 2019 17:03:16 +0000 (19:03 +0200)] 
Fix resource definition for external auth

7 months agoAdd support for icingaweb2 admins
Jan Dittberner [Mon, 22 Jul 2019 17:01:33 +0000 (19:01 +0200)] 
Add support for icingaweb2 admins

7 months agoAdd dependencies for icingaweb2 + external auth
Jan Dittberner [Mon, 22 Jul 2019 16:39:08 +0000 (18:39 +0200)] 
Add dependencies for icingaweb2 + external auth

7 months agoMake db_port an integer
Jan Dittberner [Sun, 21 Jul 2019 15:23:47 +0000 (17:23 +0200)] 
Make db_port an integer

7 months agoFix syntax error in resource declaration
Jan Dittberner [Sun, 21 Jul 2019 15:20:08 +0000 (17:20 +0200)] 
Fix syntax error in resource declaration

7 months agoAdd Icingaweb2
Jan Dittberner [Sun, 21 Jul 2019 15:11:25 +0000 (17:11 +0200)] 
Add Icingaweb2

7 months agoDo not manage conf.d on icinga2 agents
Jan Dittberner [Sun, 21 Jul 2019 14:55:08 +0000 (16:55 +0200)] 
Do not manage conf.d on icinga2 agents

7 months agoAdd missing ca_host parameter
Jan Dittberner [Sun, 21 Jul 2019 14:51:40 +0000 (16:51 +0200)] 
Add missing ca_host parameter

7 months agoUse icinga2 PKI for agent
Jan Dittberner [Sun, 21 Jul 2019 14:48:47 +0000 (16:48 +0200)] 
Use icinga2 PKI for agent

7 months agoFix syntax error
Jan Dittberner [Sun, 21 Jul 2019 14:44:23 +0000 (16:44 +0200)] 
Fix syntax error

7 months agoAdd global zone
Jan Dittberner [Sun, 21 Jul 2019 14:42:45 +0000 (16:42 +0200)] 
Add global zone

7 months agoFix syntax errors
Jan Dittberner [Sun, 21 Jul 2019 14:33:39 +0000 (16:33 +0200)] 
Fix syntax errors

7 months agoModify icinga2 agent setup
Jan Dittberner [Sun, 21 Jul 2019 14:29:15 +0000 (16:29 +0200)] 
Modify icinga2 agent setup

- use ticket generated by icinga2 pki ticket on master
- remove commented code from icinga2_master manifest
- use icinga2 module for icinga2_agent

7 months agoSetup API endpoint with existing certificate
Jan Dittberner [Sun, 21 Jul 2019 14:00:14 +0000 (16:00 +0200)] 
Setup API endpoint with existing certificate

7 months agoMake sure that the CA directory exists
Jan Dittberner [Sun, 21 Jul 2019 13:44:31 +0000 (15:44 +0200)] 
Make sure that the CA directory exists

7 months agoAdd postgresql::server module
Jan Dittberner [Sun, 21 Jul 2019 13:32:11 +0000 (15:32 +0200)] 
Add postgresql::server module

7 months agoDefine target file for API users
Jan Dittberner [Sun, 21 Jul 2019 13:28:14 +0000 (15:28 +0200)] 
Define target file for API users

7 months agoFix parameter type definition for $api_users
Jan Dittberner [Sun, 21 Jul 2019 13:25:40 +0000 (15:25 +0200)] 
Fix parameter type definition for $api_users

7 months agoFix api user resource description
Jan Dittberner [Sun, 21 Jul 2019 13:23:35 +0000 (15:23 +0200)] 
Fix api user resource description

7 months agoRemove unused parameters from icinga2_common
Jan Dittberner [Sun, 21 Jul 2019 13:16:00 +0000 (15:16 +0200)] 
Remove unused parameters from icinga2_common

7 months agoDefine Icinga2 CA on master
Jan Dittberner [Sun, 21 Jul 2019 13:14:00 +0000 (15:14 +0200)] 
Define Icinga2 CA on master

7 months agoDefine ticket salt for icinga2 master
Jan Dittberner [Sun, 21 Jul 2019 13:03:44 +0000 (15:03 +0200)] 
Define ticket salt for icinga2 master

7 months agoUse icinga2 class in icinga2_master manifest
Jan Dittberner [Sun, 21 Jul 2019 12:56:26 +0000 (14:56 +0200)] 
Use icinga2 class in icinga2_master manifest

7 months agoDo not manage certs in icinga2_common
Jan Dittberner [Sun, 21 Jul 2019 12:52:06 +0000 (14:52 +0200)] 
Do not manage certs in icinga2_common

7 months agoAdd missing changes for icinga2 module
Jan Dittberner [Sun, 21 Jul 2019 12:49:56 +0000 (14:49 +0200)] 
Add missing changes for icinga2 module

7 months agoChange icinga2_master role to use icinga2 module
Jan Dittberner [Sun, 21 Jul 2019 12:47:15 +0000 (14:47 +0200)] 
Change icinga2_master role to use icinga2 module

7 months agoInitialize Icinga2 class
Jan Dittberner [Sun, 21 Jul 2019 12:25:10 +0000 (14:25 +0200)] 
Initialize Icinga2 class

7 months agoAdd puppetlabs/concat module
Jan Dittberner [Sun, 21 Jul 2019 12:19:46 +0000 (14:19 +0200)] 
Add puppetlabs/concat module

7 months agoRealize export Icinga2 zones and endpoints
Jan Dittberner [Sun, 21 Jul 2019 12:17:55 +0000 (14:17 +0200)] 
Realize export Icinga2 zones and endpoints

7 months agoUse latest versions of forge modules
Jan Dittberner [Sun, 21 Jul 2019 12:09:47 +0000 (14:09 +0200)] 
Use latest versions of forge modules

7 months agoFix resource syntax
Jan Dittberner [Sun, 21 Jul 2019 12:01:54 +0000 (14:01 +0200)] 
Fix resource syntax

7 months agoAdd exported zone and endpoint for icinga2 agent
Jan Dittberner [Sun, 21 Jul 2019 11:59:03 +0000 (13:59 +0200)] 
Add exported zone and endpoint for icinga2 agent

7 months agoReplace direct notify with virtual resource
Jan Dittberner [Sun, 21 Jul 2019 11:45:51 +0000 (13:45 +0200)] 
Replace direct notify with virtual resource

7 months agoRe-enable icinga agent setup script
Jan Dittberner [Sun, 21 Jul 2019 11:43:06 +0000 (13:43 +0200)] 
Re-enable icinga agent setup script

7 months agoFix path to CA certificate
Jan Dittberner [Sun, 21 Jul 2019 11:38:55 +0000 (13:38 +0200)] 
Fix path to CA certificate

7 months agoDo not manage constants.conf
Jan Dittberner [Sun, 21 Jul 2019 10:48:18 +0000 (12:48 +0200)] 
Do not manage constants.conf

Let icinga2 node setup handle constants.conf, add global zone
definitions to zones.conf.epp and remove explicit zone and cn parameters
to node setup on master.

7 months agoRemove unfulfillable subscription
Jan Dittberner [Sun, 21 Jul 2019 10:37:06 +0000 (12:37 +0200)] 
Remove unfulfillable subscription

7 months agoAdd master key and certificates
Jan Dittberner [Sun, 21 Jul 2019 10:34:11 +0000 (12:34 +0200)] 
Add master key and certificates

icinga2 node setup on agents requires the master certificate, the CA
certificate is not sufficient.

7 months agoPrepare icinga2_agent installation on puppet
Jan Dittberner [Sun, 21 Jul 2019 10:01:36 +0000 (12:01 +0200)] 
Prepare icinga2_agent installation on puppet

7 months agoSetup icinga2 master node
Jan Dittberner [Sun, 21 Jul 2019 09:55:33 +0000 (11:55 +0200)] 
Setup icinga2 master node

7 months agoDo not manage API listener config
Jan Dittberner [Sun, 21 Jul 2019 09:37:29 +0000 (11:37 +0200)] 
Do not manage API listener config

7 months agoDeclare dependency between icinga2 and ido package
Jan Dittberner [Sun, 21 Jul 2019 09:27:46 +0000 (11:27 +0200)] 
Declare dependency between icinga2 and ido package

7 months agoRemove unused ido_* parameters
Jan Dittberner [Sun, 21 Jul 2019 09:02:34 +0000 (11:02 +0200)] 
Remove unused ido_* parameters