Package ld-puppet-plymouth-theme-text🔗
Version |
Arch |
MTime |
Size |
|---|---|---|---|
1.5.6 |
all |
April 22nd, 2024 10:18 |
62.15 KiB |
ld-puppet (1.5.6) trusty; urgency=medium
[Torsten Fohrer]
* 3part/php:
- [REF] php 8.0 support.
* containers/nextcloud:
- [REF] php 8.0 support.
-- SBE network solutions GmbH <info@sbe.de> Fri, 19 Apr 2024 11:01:46 +0200
ld-puppet (1.5.5-1) trusty; urgency=medium
[Torsten Fohrer]
* container/kopano:
- [FIX] Disable webmeetings:
. Purging kopano-webmeetings, kopano-webapp-plugin-meetings.
-- SBE network solutions GmbH <info@sbe.de> Mon, 04 Dec 2023 14:06:05 +0100
ld-puppet (1.5.4-3) trusty; urgency=medium
[Torsten Fohrer]
* container/nexus:
- [REF] Let nginx delivery choco install ps scripts instead of nexus
* common:
- [FIX] Setting timezone for some exotic programs like java in
/etc/timezone too (without restarting services, container)!
-- SBE network solutions GmbH <info@sbe.de> Tue, 02 May 2023 11:24:58 +0200
ld-puppet (1.5.4~1) trusty; urgency=medium
[Torsten Fohrer]
* profiles:
- [FIX] db/pgsql/server Regex matching via puppet type for CIDR not working
in puppet 3, replace type match with regex.
-- SBE network solutions GmbH <info@sbe.de> Mon, 23 Jan 2023 09:48:25 +0100
ld-puppet (1.5.4) trusty; urgency=medium
[Torsten Fohrer]
* profiles:
- db/pgsql/server:
. Changes to custom hba rules
_ Allow/restrict def. of access type to (host[non-ssl/ssl],hostssl[sslonly]).
_ Allow/restrict def. of auth_method to (scram-sha-256, md5, fails otherwise).
_ Restrict ip access to given IPv4 CIDR, or if ip to this host (/32).
_ Restrict user access to given database, or sameuser (db<=>username).
_ User cannot be all.
_ IP cannot be 0.0.0.0.
* ld_base:
- Add 127.0.0.1 to no_proxy env.
* ld_nexus:
- Workaround bogus service login credentials.
- Workaround switching from puppet managed service file to package managed
file.
* 3part.d:
- postgresql:
. Backport pg_hb_rule.pp auth_methods rules for PostgreSQL 10/defaults.
-- SBE network solutions GmbH <info@sbe.de> Mon, 23 Jan 2023 09:48:25 +0100
ld-puppet (1.5.3-2) trusty; urgency=medium
[Torsten Fohrer]
* ld_legacy
- ldap.ro.[secret|dn] file readable for everyone now
- Allow ldap-ro from localhost access to ld managment attributes
(ldMailQuota,ldDiskQuota,ldAllowVPN,ldAllowWLAN,ldRealHomeDirectory,
ldCreationMethod,ldBirthDay,ldLastModified,ldCreated)
-- SBE network solutions GmbH <info@sbe.de> Wed, 23 Nov 2022 08:20:21 +0100
ld-puppet (1.5.3-1) trusty; urgency=medium
[Torsten Fohrer]
* common
- Control client configuration:
. [REF] Uses control-service tracker implementation
* Container:
- deploy-g1:
. [REF] Disable tracker feature in qBitTorrent.
- ctrl-g1:
. [NEW] Forward http tracker uri to control service.
* ld_nexus:
- [NEW] Recreate admin user with password from nxadmin.
* ld_ssh:
- [FIX] unlock-ssh ensures path to prinicpal unlock file.
* ld_legacy:
- [NEW] Enforce crypted userpassword in logosrv ldap:
. Add new r/w account for services "ldap-rw".
. Let ldap-rw r/w some admin only attributes.
* ld_unifi:
- [REF] Install/upgrade unifi-g2 containers to MongoDB 3.4, which
enables a upgrade path to jammy based container in p7.
-- SBE network solutions GmbH <info@sbe.de> Fri, 11 Nov 2022 12:38:02 +0100
ld-puppet (1.5.2-2) trusty; urgency=medium
[Torsten Fohrer]
* ld_nexus:
- [NEW] Recreate admin if now .moved marker is found.
- [REF] Change location of .moved marker into data mount point.
-- SBE network solutions GmbH <info@sbe.de> Mon, 26 Sep 2022 16:45:28 +0200
ld-puppet (1.5.2-1) trusty; urgency=medium
[Torsten Fohrer]
* ld_base:
- [NEW] Add option ld_base::ldhost::proposed_repo which enables
a optional repository with newer kernels/firmwares (set to true).
-- SBE network solutions GmbH <info@sbe.de> Tue, 06 Sep 2022 11:47:30 +0200
ld-puppet (1.5.2) trusty; urgency=medium
[Torsten Fohrer]
* common:
- [FIX] ldinfo handles now unset HOME environment.
* hiera.d/nextcloud:
- [FIX] Add libmagickcore-6.q16-2-extra to silence imagick svg support
warning (it's use is disabled!)
* ld_base:
- [NEW] Add date to prompt
* ld_ctrl:
- [FIX] Tighten acl control client properties (o=none), #3134
* ld_nexus:
- [REF] Move to data directory
- [REF] Rename service ld-nexus to nexus.
* ld_nextcloud:
- [REF] Move to data directory
- [FIX] Overwrite installer parameter on-the-fly (using correct values for
db, datadir) reusing only ld_nextcloud::install::params {admin-user}.
- [REF] Moving intermediate config json into private directoy not
accesible theoritically via http server
* ld_nextcloud:
- [NEW] Install clamav/freshclam as default on ldhost
- [NEW] Disable profile access globally (Ticket 3351, mis)
* ld_legacy:
- [NEW] Installing language-pack-[en,de] avoiding warnings about
missing localizations.
- [NEW] Installing ld-samba-vscan-ng if (lxc::clamav enabled)
and changing socket path to /run/clamav/clamd.ctl
- [NEW] Populate logosrv /dev with /dev/mapper from ldhost
- [NEW] Generate different lddeploy option files:
_ lddeploy_snponly.conf, boot via snponly.efi
_ lddeploy_ipxe.conf, boot via ipxe.efi
- [NEW] Linking lddeploy.conf to lddeploy_ipxe.conf (default, compat)
- [NEW] Allow to avoid proxy for given clients via wpad.
- [NEW] Allow to deploy ld-modify-mail without installed kopano.
- [NEW] Let ldap index ou for eq operation too.
- [NEW] Add additional lddeploy option files:
_ lddeploy_undionly.conf, boot via undionly.kpxe
- [REF] Fallback in options lddeploy_(ipxe|snponly).conf to undionly,
if pxeclient arch indicate it.
- [REF] Split lddeploy dhcp option files into two files:
. Traditional option file contains now only a include directive to
seperate option file. Reducing bloat/repeats in dhcpd.conf.logodidact.
. New file under /etc/dhcp3/options/lddeploy.d/xxxxxx.conf containing
lddeploy iPXE variant configuration
* ld_ipxe:
- [REF] Refactor tftpd setup using now remapping instead of copying ipxe
bootfiles, solving manual upgrading/downgrade handling.
- [REF] Removing now unneeded efi files from tftpd root.
* ld_samba:
- [NEW] Enforcing open file limit to samba service (service processes),
not file serving processes.
* ld_kopano:
- [REF] Disable kopano server survey
[Olav Krapp]
* profile.d/deploy:
- [NEW] Deploy/configure winpe updater.
-- SBE network solutions GmbH <info@sbe.de> Mon, 08 Aug 2022 17:18:52 +0200
ld-puppet (1.5.1-8) trusty; urgency=medium
[Torsten Fohrer]
* ld_legacy
- [FIX] Fix typo
-- SBE network solutions GmbH <info@sbe.de> Mon, 28 Mar 2022 15:56:07 +0200
ld-puppet (1.5.1-7) trusty; urgency=medium
[Torsten Fohrer]
* ld_legacy
- [FIX] Before chown clamav socket directory check if user exists.
-- SBE network solutions GmbH <info@sbe.de> Mon, 28 Mar 2022 12:29:17 +0200
ld-puppet (1.5.1-6) trusty; urgency=medium
[Torsten Fohrer]
* hiera.d/rev-proxy
- [FIX] Handling fail2ban on http/https connections.
-- SBE network solutions GmbH <info@sbe.de> Tue, 15 Mar 2022 12:16:22 +0100
ld-puppet (1.5.1-5) trusty; urgency=medium
[Michael Schönbeck]
* site.d/bielefeld:
- [NEW] Install megacli on ldhost
-- SBE network solutions GmbH <info@sbe.de> Thu, 03 Mar 2022 08:35:24 +0100
ld-puppet (1.5.1-4) trusty; urgency=medium
[Torsten Fohrer]
* ld_legacy:
- [FIX] Sync forgotten negative ttl values with
ld-dns-server in domain soa.
* ldmon_net::
- [FIX] gprun enforce pty allocation for correct terminal output.
-- SBE network solutions GmbH <info@sbe.de> Wed, 23 Feb 2022 10:38:19 +0100
ld-puppet (1.5.1-3) trusty; urgency=medium
[Torsten Fohrer]
* ld_rproxy:
- [NEW] Integrate fail2ban reaction to http authentication
failures (Ticket #3052)
. Enable via `ld_rproxy::fail2ban: true` in `rev-proxy.yaml`
* ld_legacy:
- [NEW] Allow sharing clamav daemon socket with host.
. Enable via `ld_legacy::lxc::clamav: true` in `ldhost.yaml`
-- SBE network solutions GmbH <info@sbe.de> Fri, 18 Feb 2022 14:03:01 +0100
ld-puppet (1.5.1-2) trusty; urgency=medium
[Michael Schönbeck]
* ld-site-bielefeld:
- [NEW] Deploy ld-home/ctrl center as default
-- SBE network solutions GmbH <info@sbe.de> Wed, 02 Feb 2022 16:05:40 +0100
ld-puppet (1.5.1-1) trusty; urgency=medium
[Torsten Fohrer]
* ld_moodle:
- [FIX] Rename profile field setting from field_value to field_map
(mention rk)
-- SBE network solutions GmbH <info@sbe.de> Fri, 28 Jan 2022 11:21:40 +0100
ld-puppet (1.5.1) trusty; urgency=medium
[Torsten Fohrer]
* package:
- [REF] Add dependency:
. lsb-release
* common:
- cli.rb:
. [NEW] Add private hook dir support:
_ Normalize script name (removing private hook dir prefix).
_ Disable user/local hook scripts if run in private hook mode.
- hiera.d:
. [REF] MySQL/MariaDB containers now uses /backup for their backup
directory.
. [REF] MySQL settings:
_ Increase join_buffer_size from 128K to 2M as default
_ Enforce following values:
* wait_timeout 28800
* connect_timeout 10
* thread_cache_size 128
. All containers:
_ [REF] Redirect postfix syslog output into own logfile under
/var/log/services/postfix/YYYY-mm-dd.log
. collabora-g1:
_ [FIX] Add new location browser to collabora.
. kopano-g1:
_ [REF] Redirect amavisd output into seperate logfile.
_ [REF] kopano-search:
* Logging to standard out/error
* Let journald forward standard out/error to syslog,
with syslog identifier kopano-search.
Allowing now redirecting to own service logfile.
- ldupdate:
. [NEW] ldupdate gains *internal hook support*:
_ [REF] mv uris to hook.d/pre.update.d/uris.json
_ [NEW] hook.d/pre.update.d/distcode
. [FIX] Use correct distro to quick fetch new ld-puppetXX version
informations.
. [REF] Use --no-list-cleanup instead internal apt option
(no effect in xenial/trusty).
. [NEW] Cancel update if package updates fails at recipe update
detection.
. [NEW] In debug mode wait for 5s before showing changelog/release notes
avoiding instant screen clearing.
- sites:
. bielefeld postinst not longer replaces CUSTOMER_NAME_SHORT with
unset/empty LD_CUSTOMER_SHORT.
* 3part.d:
- mysql:
. mysqlbackup.sh ignores now performance and information schema.
* ld_acme:
- [FIX] Removing acmetool cron if not activated.
* ld_base:
- [DEL] Removing deactivated facts:
. pci_devices
. bios_and_system
. apt_extended_states
- [FIX] Deploy a patched update-ca-certificates which:
. Adapting to distro (which command to use rehash ssl store).
. And on fresh store rebuild, cleanly rebuild java keystore too.
- [FIX] Normalize systemd service names for policy-rc.d
- [FIX] Use /usr/bin/vim as selected editor
* ld_collabora:
- [NEW] Migrate/adapt replacment coolwsd (which replaces loolwsd).
- [FIX] Module dependencies for p5 fixed.
* ld_moodle:
- [FIX] Deployment/publishing of config.php corrected (updates now).
- [FIX] Remove extra char at end of calendartype setting.
- [REF] Replace registerauth '0' with '' string (gainig compatibilty for
moodle app).
* ld_kopano:
- [FIX] Deploy own createstore script to ensure correct store locale is
used.
- [FIX] Upgrading webapp config.php file configuration to current release,
tuneable parameters via hiera (defaults):
. ld_kopano::config::webapp::enable_direct_booking: true
. ld_kopano::config::webapp::enable_public_contacts: false
. ld_kopano::config::webapp::enable_public_folders: true
. ld_kopano::config::webapp::enable_shared_contacts: true
. ld_kopano::config::webapp::gab: true
. ld_kopano::config::webapp::gab_max_results: 0
. ld_kopano::config::webapp::theme: ''
. ld_kopano::config::webapp::def_lang: 'de_DE.UTF-8'
. ld_kopano::config::webapp::langs: ['en_EN', 'de_DE']
* ld_legacy:
- [FIX] Improve handling of safe port line inserting/auto comment.
* ld_ssh:
- [NEW] Allow to define additional ssh managed logins via
ld_ssh::server::logins: []
- [NEW] Allow finetuning of following settings per login via hiera keys:
. AllowTCPForwarding -> ld_ssh::server::authorize::LOGIN::allowtcpforwarding
. PasswordAuthentication -> ld_ssh::server::authorize::LOGIN::passwordauthentication
. PubKeyAuthentication -> ld_ssh::server::authorize::LOGIN::pubkeyauthentication
. GatewayPorts -> ld_ssh::server::authorize::LOGIN::gatewayports
-- SBE network solutions GmbH <info@sbe.de> Thu, 27 Jan 2022 10:08:10 +0100
ld-puppet (1.5.0-27) trusty; urgency=medium
[Torsten Fohrer]
* common:
- [COSMETIC] Keep version in sync with ld-puppet50 versions.
-- SBE network solutions GmbH <info@sbe.de> Wed, 15 Dec 2021 03:33:49 +0100
ld-puppet (1.5.0-26) trusty; urgency=medium
[Torsten Fohrer]
* common:
- [FIX] ldupdate dist detection.
-- SBE network solutions GmbH <info@sbe.de> Wed, 15 Dec 2021 03:33:49 +0100
ld-puppet (1.5.0-25) trusty; urgency=medium
[Torsten Fohrer]
* ld_unifi:
- [REF] Restrict deployment to unifi 6.5/stable variants.
-- SBE network solutions GmbH <info@sbe.de> Tue, 14 Dec 2021 16:42:28 +0100
ld-puppet (1.5.0-24) trusty; urgency=medium
[Torsten Fohrer]
* common:
- [DEL] Removing graylog infrastructure/enforce disabled graylog
integration across modules.
-- SBE network solutions GmbH <info@sbe.de> Mon, 22 Nov 2021 10:06:18 +0100
ld-puppet (1.5.0-21) trusty; urgency=medium
[Torsten Fohrer]
* common:
- [REF] Using ld_base::epp for following epp templates:
. ld_ssh/templates/etc/ssh/sshd_config
- ldupdate
. [NEW] Display changelog/release uri just before asking to proceed
release upgrade (just in case something goes wrong with browser).
. [NEW] Try to display a ring specific release / changelog uri,
falling back to stable changelog/release uri.
- trimming interface name for rembo5-g2 to r5g2
- map_translate don't touch ssh-ca.yaml.
- hiera.d:
. ctrl-g1:
_ Adding new deployEnvironment endpoint.
- Adapt new repo structur for collabora.
* 3part.d:
- postgresql:
. [FIX] Increase counter in connection check.
* containers:
- [NEW] Add mariadb103, for supporting kopano verified databases.
* ld_audit:
- [FIX] Tune puppet resource ordering.
* ld_ctrl:
- [NEW] Add annoucement url for control-client.
- [NEW] Installs ld-openssh on clients.
- [NEW] Specify local ca chain location.
* ld_legacy:
- [FEAT] If possible removing non-working packages from logosrv.
- [NEW] Some machines reporting that sub index on sambaSID is missing,
so add it (substring search on sambaSID, rly?).
* ld_lxc:
- [FEAT/FIX] Deploy fixup system-generator lxc.
* ld_mobile:
- [NEW] Allow to specify custom short/long name via
ld_mobile::config::[short|long]_name hiera keys.
* ld_moodle:
- [NEW] Ensure php is installed before running installer.
- [NEW] To avoid confusion in installation/upgrade process:
. validate connection information before running install_or_upgrade
script
. Using marker files managed by package preinst script
/usr/share/moodle/.upgrade and .install
. Avoid file permission changes if no install/upgrade is executed.
- [FIX] Downgrade mathjax to version 2.7.9.
* ld_network:
- [FEAT] transform_netmap now traps exceptions and puppet error with
stacktrace.
* ld_nexus:
- [NEW] Install ld-openssh
* ld_puppet:
- [FIX] Check last_run_summary.yaml readable by current user.
- [REF] To spread executing of agent better across invoking interval
implement own splay logic, which delays creating lockfiles.
Invoke prun/agent by following logic now:
. Every 15 delaying run by max 10mins
. Every 30 delaying run by max 20mins
. Hourly, delaying run by max 30mins
. Every 2 hours, delaying run by max 80mins
. Every 4 hours, delaying run by max 180mins
* ld_kopano:
- [REF] kopano group/user handling changed:
. Remove unused kopano home directory.
. If newly deployed use system ids in system range instead of user.
* ld_ssh
- [NEW] Setup fail2ban on ldhost with shorewall support
- [REF] Introduce SSH CA support managed via puppeteer[-g2]/data/ld/ssh-ca
directory:
. Deploy all found *.pub files their as ca masters
. Deploy per (login to root only, for moment) allowed ca/principal/client.
- [REF] Regenerate ldhost ssh private/public key, using now ed25519 keys for post
logosrv containers (using id_xmss to avoid overwriting existing rsa key).
- [NEW] Introduce a ed25519 key pair for use in/from puppeteer[-g2].
- [REF] Enforce managed authorized_keys file:
. To deploy own ssh keys please place them in
puppeteer[-g2]/etc/logodidact/ssh/keys/[USERNAME]/[intern,global,extern]
. Separate internal/external authorized keys, to allow access from WAN
place keys in (root only)
puppeteer[-g2]/etc/logodidact/ssh/keys/[USERNAME]/[extern,global]
- [NEW] Deployment of keys from above can be enabled/disable via hiera
keys:
. ld_ssh::server::authorize::root::extern
. ld_ssh::server::authorize::root::intern
* profile:
- [NEW] ad-sync-g1, adding proxy config support.
- [REF] Ensuring /etc/postgresql/[VERSION]/main directory structure.
- [REF] Let pgbackrest upgrade existing backup stanza (just in case), in
case database has been reinstalled
-- SBE network solutions GmbH <info@sbe.de> Tue, 09 Nov 2021 08:53:40 +0100
ld-puppet (1.4.2-3) trusty; urgency=medium
[Torsten Fohrer]
* ld_nextcloud:
- [FIX] Add REMOTE_ADDR to a way to recognize client ip.
-- SBE network solutions GmbH <info@sbe.de> Tue, 14 Sep 2021 10:14:48 +0200
ld-puppet (1.4.2-2) trusty; urgency=medium
[Torsten Fohrer]
* ld_base:
- [FIX] ldinfo, error collecting qemu machines.
* ld_puppet:
- [NEW] puppet-repo-rebuild enforces now world readable
debian archives.
-- SBE network solutions GmbH <info@sbe.de> Wed, 08 Sep 2021 12:30:18 +0200
ld-puppet (1.4.2-1) trusty; urgency=medium
[Torsten Fohrer]
* ld_base:
- [NEW] ldinfo, add ring information in logoCLOUD installation too
-- SBE network solutions GmbH <info@sbe.de> Tue, 07 Sep 2021 13:58:18 +0200
ld-puppet (1.4.2) trusty; urgency=medium
[Torsten Fohrer]
* common:
- [REF] Avoid install/upgrade passenger on each upgrade.
- [FIX] Use enviroment lock to avoid starting apache2 in
upgrade (passenger install/upgrade) run.
- [REF] Using ld_base::epp for following epp templates:
. ld_kopano/templates/webapp/config-files.php
. ld_kopano/templates/webapp/config-meeting.php
. ld_kopano/templates/webapp/config-spell.php
. ld_kopano/templates/webapp/config.php
. ld_kopano/templates/webmeetings.cfg.epp
* hiera.d:
- ctrl-g1.yaml
. [NEW] Deploy ld-home / nginx setup for that
* profiles:
- db/pgsql/server:
. [FIX] Correct/cleanup postgresql configuration for disabled
online backup.
* ld_base:
- upgrade-packages:
. [FIX] Use correct state file for package state.
. [NEW] Display which critical (managed) packages have update.
- ldinfo
. [NEW] Display which ring is current in use:
_ 0, dev, red
_ 1, testing, tomato
_ 2, beta, violet
_ 3, stable, green
- [FIX] Don't force snmpd installation on hp gen10.
* ld_mobile:
- [REF] Randomize localpart of system admin mail address.
* ld_puppet:
- [NEW] Enforce correct linked hiera.d/custom.d.
* ld_legacy:
- [FIX] Allow authenticated entries at least (fallback) same attribute
access as ldap-ro user.
- [REF] Remove unused ldap-ro.secret file.
-- SBE network solutions GmbH <info@sbe.de> Mon, 06 Sep 2021 14:00:47 +0200
ld-puppet (1.4.1-1) trusty; urgency=medium
[Torsten Fohrer]
* hiera.d:
- ldhost.yaml
. [NEW] Add internal landing page uri for ldmobile.
* ld_base:
- [REF] Lock free implementation of ldinfo lxc/qemu listing.
- policy-rc.d:
. [REF] Additional logging output for debugging problems
. [REF] Try to guess correct puppet paths for agent, lockfile, catalog
* ld_mobile:
- [NEW] Deploy password reset script for internal / system wide admin
account (resets pw to application.yml value).
-- SBE network solutions GmbH <info@sbe.de> Thu, 12 Aug 2021 14:58:58 +0200
ld-puppet (1.4.1) trusty; urgency=medium
[Torsten Fohrer]
* common:
- ldupdate:
. Simplify/consolidate lockfile handling.
. Correct typos.
. Enforce update trigger again short before normal prun at end of update
run.
* ld_acme:
- [FIX] acme.sh respect account mail.
* ld_base:
- [REF] upgrade-retained-packages has replaced with upgrade-system-packages
- update-policy-rc.d:
. [REF] Externalize catalog analyze and timestamp/lockfile creation.
(sharing with upgrade-packages).
- upgrade-packages:
. [REF] Now updates service starting policies itself (sharing logic with
update-policy-rc.d).
. [NEW] Enable output in system upgrade mode (-s param).
. [NEW] If a critical package or debian reboot required file exists,
after upgrade ask user for reboot.
- [NEW] Hook support gained optional timeout (via extra method) support.
- [FIX] Deploy bind-mount-data|backup hooks now correctly.
- [NEW] Coloring unmanaged containers in ldinfo.
* ld_kvm:
- [REF] Use group libvirt for daemon (adapt to new version).
- [FIX] Linking compat efi roms too.
* ld_nextcloud:
- [FIX] Use correct occ parameter for database type.
- [FIX] Disable nextcloud gidnumber ldap assoc.
* ld_ovs:
- [FIX] Delay interface up, waiting for ovs database.
- [FIX] Order ovsdb-server to startup before debian networking.service.
* ld_puppet:
- [DEV] Handling broken debian/changelog for version extract.
- [ENH] ld_puppet::minion::warning add ensure prop+handling
(present/absent).
-- SBE network solutions GmbH <info@sbe.de> Tue, 10 Aug 2021 17:00:40 +0200
ld-puppet (1.4.0-18) trusty; urgency=medium
[Torsten Fohrer]
* ld_mobile:
- [FIX] Multi organization handling corrected.
* 3part.d:
- nexus3_rest:
. [FIX] Broken repo group membership assign.
. [FIX] Remove ruby 2.4 dependencies.
. [UPD] Upgrade to 0.4.3 sources.
-- SBE network solutions GmbH <info@sbe.de> Thu, 05 Aug 2021 12:24:18 +0200
ld-puppet (1.4.0-17) trusty; urgency=medium
[Torsten Fohrer]
* ldmon_net:
- [REF] Prioritize database containers in gprun.
- [FIX] Enforce root owner/group of gprun.
-- SBE network solutions GmbH <info@sbe.de> Wed, 04 Aug 2021 11:27:39 +0200
ld-puppet (1.4.0-16) trusty; urgency=medium
[Torsten Fohrer]
* update:
- [FIX] Add missing servername into update process.
- [FIX] Avoid bash warning in upgrade process.
* env.d:
- [REF] Default manifest add ld_fixed['servername'] by evaluate agent
version, usable in places where shortname is needed.
* profiles:
- [FIX] db/pgsql/server merging and handling of profile options and
shared_preload_libraries.
* ld_legacy
- [FIX] Avoid hardcoded ca copy target.
- [FIX] ld20_hope now runs apt-get update just in case.
-- SBE network solutions GmbH <info@sbe.de> Wed, 04 Aug 2021 00:38:08 +0200
ld-puppet (1.4.0-12) trusty; urgency=high
[Torsten Fohrer]
* 3part.d:
- php:
. [NEW] Allow to disable that a extension is loaded
- cfssl:
. [FIX] Ensure signing.json owner/group.
- apt:
. [QoL] Instead per repo source file, use 1 for all sources.
. [QoL] Allow to disable importing gpg keys for ppa's (default=yes).
- ca_cert:
. [NEW] Add ignore param, allowing to ignore files in ca trust dir.
* common:
- [FEAT] ldupdate:
. now updates git based deployments with new ld-puppet package too.
. Instead of cancelling update/upgrade on uncommitted changes in
/etc/logodidact, invoke a git commit session to checkin changes
directly
. On package change (ld-puppetxx) show online changelog/notes site
and ask if it's ok to run upgrade.
. Allow to disable changelog view via file existence of
/etc/logodidact/update/dont_display_release_notes
. Allow to define which interactive editor ldupdate uses via
/etc/logodidact/update/editor (fullpath to editor executable)
. Rework/sharing code between p5/p1/p7 branch in
installation/update/upgrade process
. If ldupdate detect uncommited changes, it adds them now to staging
area and opens an defined editor to commit them.
. Add a commit message that indicate that ldupdate is opening this
interactive commit session.
. Disable etc/logodidact git commit hooks avoid double execution,
libaries problems in upgrade process.
- [FEAT] Refactor repository usage:
. Using for all used repos a own mirrored package server,
which stages updates to wave out updates.
. Don't deploy repositories keys anymore directly via puppet.
Instead using keys from package ld-archive-keyring on puppeteer.
. Disable apt http pipelining because repo managment has issues
with it.
. On-the-fly creation of a minimal source list for ldupdate (using only
local repo + newest logodidact dist repo).
. Add apt-get update pre invoke hook that deletes all cached
source/package lists, avoiding repo time travels problems.
- [DEL] Remove unused module ld_java.
- [DEL] Remove icinga2 infrastructure:
. hiera profiles/modules/roles
. configuration via recipes/manifests
. container icinga2 and rabbitmq
. 3part puppet modules for rabbitmq
. removing icinga user/sudo on ldhost
. removing nagios user/group in logosrv
. removing monitoring packages from logosrv (nrpe, ld-*monitoring*)
- [REF] Using ld_base::epp for following epp templates:
. ld_acme/templates/var/lib/acme/conf/responses
. ld_acme/templates/var/lib/acme/conf/target
. ld_dns/templates/record
. ld_legacy/templates/etc/bind/named.conf.puppet.d/samba
. ld_legacy/templates/etc/bind/named.conf.puppet.d/tld
. ld_legacy/templates/etc/bind/template/db.domain-rev.head
. ld_legacy/templates/etc/default/slapd
. ld_legacy/templates/etc/ldap/slapd.acl.pre.conf
. ld_legacy/templates/etc/ldap/slapd.puppet.conf
. ld_legacy/templates/etc/ldap/slapd.tail.conf
. ld_legacy/templates/etc/samba/parts/includes
. ld_legacy/templates/etc/samba/smb.conf.shares
. ld_legacy/templates/var/www/proxy.pac
. ld_mobile/templates/opt/relution/application.yaml
. ld_samba4/templates/var/lib/samba/state/sysvol/scripts/logon.bat (auto translate unix->dos encoding)
. ld_unifi/templates/etc/default/unifi
- [REF] Use ld_base::source for
. ld_kopano/files/usr/share/kopano-webapp/.htaccess
- ldinfo:
. [QoL] Tries to display errors from last available puppet agent run.
. [QoL] Add additional unmanaged hook directory for ldinfo ($HOME/.local/puppet-cm/hooks).
. [FIX] Ignore unreadable hooks.
. [REF] Remove 14.04 to 16.04 upgrade note.
- [NEW] Add generic support for other acme clients:
. Creating group le-publish (for cert access) and enlist puppet user.
. Creating /data/le/certs (for cert exchange/access from puppet, acme
clients)
. Adapting acmetool certificates by copying them to /data/le/certs in
package post installation.
. Updating a /.well-known/acme-challenge/working with a timestamp,
so user can easily check connectivity from outside.
. Redirect acme.sh syslog into /var/log/services/acme_sh/YYYY-MM-DD.log.
. Don't deploy acmetool certs to /data/le/certs if acme.sh is in use.
. Certs copied to /data/le/certs are now group writable (keep in sync
with acme.sh fix-perm file right enforcer.
. Rewrite ld_acmetool in custom.d/puppeteer.yaml to ld_acme.
- [FEAT] Script puppet-containers
. Generating a list of active containers with their guessed external
(rev-proxy) and internal uri under
/var/lib/ld-puppet/wwwroot/.well-known/logodidact/containers.json
- [REF] Port internal ruby libraries from p7.
* hiera:
- default.yaml:
. [QoL] Extend content compression in nginx by following:
_ Allow to use pre compressed files (.gz)
_ Allow compression of:
+ application/javascript
+ application/json
. Unify/use version specific mysql/mariadb settings to avoid clashes
and spreading configuration over xyz files.
- Increase sort_buffer_size to 4M (workaround relution)
- mariadb10.5 use pool of threads instead of per connection thread
reducing memory usage of database.
- mariadb10.5 listen additional on 3307 with max 5 connections
(fallback).
. [QoL] Set apache ssl ciphers/suite via mozilla intermediate config
gen.
. [QoL] Let nginx benefit from open file limits (1024 => 4096).
. [FIX] Enforce php openssl.cafile to debian cert bundle.
- nexus-g1.yaml
. [NEW] Install ld-nexus-tools.
- ldmobile.yaml
. [NEW] Using separate dist specific repository for ldmobile package.
- role.d/postgresql:
. [QoL] Instead of stderr log now to syslog.
* ld_audit:
- [REF] Allow to use external postgresql:
. Replacing database update script with own version.
- [REF] Generic cleanup / reduce recipe size.
- [REF] Deploy corrected beans.xml.
- [REF] Cleanup standalone.xml.
- [DEL] Remove unneeded java keystore managment.
* ld_base:
- [FIX] Disable motd-news service/timer.
- [FIX] Repair/improve error-handling ld_install_kind.
- [NEW] Installs rng-tools on physical, vmware and hyperv machines.
- [NEW] Installs open-vm-tools on vmware machines.
- [FIX] Let user provider remove group of suroot account.
- [QoL] Detect git based puppeteer deployment:
. Read out git branch and changelog package version
. Adding branch/version from git to bash prompt
- [QoL] Adding template helper ld_base::[source|epp] that allows to override
content via files in /etc/logodiact/overrides directory:
. epp templates => overrides/templates/[MODULE_NAME/TEMPLATE-NAME]
. files templates => overrides/files/[MODULE_NAME/TEMPLATE-NAME]
. epp function injects following parameters:
- ld_fixed
- template_name
. files function uses puppet module overrides to use puppet source
download of file content instead of resource content.
. example pattern:
_ Concret
Original:
~/p/l.modules.d/ld_legacy/templates/etc/ldap/slapd.puppet.conf.epp
Override:
/etc/logodidact/overrides/templates/ld_legacy/etc/ldap/slapd.puppet.conf.epp
_ Logic
Original:
~/p/l.modules.d/[MODULE_NAME]/[TEMPLATES/FILES]/[FILEPATH]
Override:
/etc/logodidact/overrides/[TEMPLATES/FILES]/[MODULE_NAME]/[FILE_PATH]
- [NEW] Port 7.x ld_base::assert_fqdn
- [NEW] Now supporting wildcard certificates through guessing (cutting of
subdomains)
- [REF] Copying classic acmetool certificates to /date/le/certs
- [QoL] Remove mlocate from lxc containers (reduce cron daily i/o panic)
- [QoL] Disable pdiff download for localrepo.
- [FIX] Avoid starting cron in update process (= blocking cron jobs)..
- [FIX] New post prun hook reset_apt_trust which regenerate
/etc/apt/trusted.gpg if we find backuped keys (files w/~ at end)
in /etc/apt/trusted.gpg.d directory.
* ld_ca:
- [REF] Simplify root/intermediate ca deployment.
* ld_choco:
- [REF] Removed, using now ld_base::packages in nexus-g1 profile.
* ld_ctrl:
- [NEW] Use bind dn for samba ldap connection (ro).
- [NEW] Share lic string with service.
- [REF] Make ld-control-client configuration shareable with others:
. Adding dependencies at runtime (notify/require)
- [REF] Use ld-ctrl-client for authentication in ld-control-client.
- [REF] Use fqdn for ld-control-client hostname settings.
- [REF] Removing historic ansible things
- [FIX] Ordering error cannot deploy a empty application.properties before
containing directory is created.
- [REF] Purging historic /etc/ansible directory.
* ld_deploy:
- [REF] Moving functions into profile::host::deploy and hiera
* ld_dns:
- [NEW] Create list with fqdn form of cnames.
- [REF] Reusing domain $ttl from common snippet.
- [REF] Porting code from puppet 7 branch:
. DNS SRV record support puppet define.
. Creation via hiera ld_dns::srv record.
. Switching to EPP template
. Add puppet-strings documentation
. Simplify usage
* ld_git:
- [QoL] Change default comment comment char to '~' to allow using TFS
ticket references.
- [QoL] git apply ignore whitespaces changes now per default.
- [QoL] Use rebase for git pull merge as default (non-legacy/logosrv
mode).
* ld_legacy:
- [REF] Ordering ca-certificate copying/integration reducing count of runs
to deploy certificates correctly.
- [FIX] Add list of dns records that shouldn't find their way into zone.
- [FIX] Regenerate ca/server certificates to get sha256 signature.
- [FIX] Add local tld zone to avoiding query tld servers for it.
- [REF] Use shareable ld-control-client configuration.
- [FIX] Disable translations and http pipelining in apt.
- [REF] Restrict lxc by using now lxc-container-default-with-mounting
apparmor profile (revert back via ld_legacy::lxc::apparmor_profiel:
'unconfined').
- [FIX] Avoid /dev population from udev template dir (through latest
hardy updates).
- [REF] Use FQDN for ipxe script.
- [FIX] Avoid uninstalling needed packages by setting them to manual or
install them again:
. postfix-ldap
. postfix-pcre
- [FIX] Ensure that a managed list of port for CONNECT is allowed in
squid.
- [NEW] Allow clients to avoid proxy by using port 3129.
- [REF] Replace ld-wpad with puppet managed wpad:
. [NEW] Allow to enable/disable wpad (switch to always DIRECT vs PROXY)
. [NEW] Allow to avoid content filter for:
. specific domains
. SSL/TLS connections (https)
. Avoiding proxy for:
. local and s4 domain
. known internal networks
. [NEW] defined networks
- [FIX] Removing unneeded packages:
. cryptsetup
. memtest86+
. mlocate
. ntfs-3g
. parted
. popularity-contest
. pppoe
. snmp
- [QoL] Avoid deploying bashrc on each run.
- [FIX] Remove/unalias following commands
. poweroff (alias ld-reboot, not available here)
. upgrade-retained-packages (alias upgrade-packages, not available here)
- [QoL] Allow configuration of template parameters via hiera.
- [NEW] Allow to enable/disable samba filename mangling.
- [REF] Use fqdn names for ld-control-client.
- [REF] Deploy a better sysv init script for ld-control-client.
- [REF] Use legacy_config to get servernet address.
- [FIX] Reload ld-nginx on rpc-server conf change.
- [FIX] Remove ldap berkeley DB_CONFIG in case of puppet triggered
restart, to takeover new values from slap configuration.
* ld_lxc:
- [FIX] Add official lxc container gpg key to.
- [REF] Bootstrap helper:
. Copy proxy configuration/scripts into new container
. Copy apt.conf.d config for:
_ Translations
_ HTTP Pipelining
- [REF] Using puppet agent directly in rc.local instead of prun.
- [REM] Remove aliases
. lxc-i (alias lxc-info, not available here)
. lxc-restart (alias lxc-stop, not available here)
. lxc-run (alias lxc-start, not available here)
* ld_mobile:
- [REM] MySQL client configuration.
- [NEW] Using ldinfo warning messages for:
. No public address set.
. No or incorrect database set.
. Migrate to mariadb105.
. Release upgrade notes.
- [NEW] Supports ld-mobile5 package via ld_mobile::config::package_name
- [NEW] Force ordering (purging old package before install new one).
- [NEW] Try to detect if installation is upgradable and if switch to
ld-mobile5 package.
* ld_moodle:
- [NEW] Introduce support for moodle 3.11.
- [NEW] Check dns for remote db server.
- [NEW] Enforcing acl/config.php.
- [REF] Use package for moodle installation instead of own git.
- [REF] Creating MDL_DATA/install.log on install for debugging.
- [FEAT] Assign manager role to ldap admin group members.
- [FEAT] Upgrade mathjax to 3.2.0.
- [FEAT] Settings:
. Avoid language confusing on user creation (autolang, 3.11)
* ld_network:
- [QoL] New function ld_network::normalize:
. Normalize (expand network bitmask) a list of ip address w/o netmask
- [QoL] New function ld_network::is_network:
. Tests if a given addr (w/o netmask) is a correct network
- [QoL] New function ld_network::dns_a:
. Simplifiy usage of dnsquery dns_a function.
- [FIX] Reference usage of modules ld_base, dnsquery
* ld_nextcloud:
- [NEW] Automate mysql db support.
- [NEW] pgsql13 support.
- [REM] Remove unused ld_nextcloud::php_historic_version parameter.
* ld_openjdk:
. [REF] Don't redeploy x root/intermediata ca certs.
* ld_pe:
- [REF] Moving functions into deploy-g1.
* ld_puppet:
- [NEW] Adding support for other lets encrypt acme clients.
- [NEW] Add repo for trusty with a updated nginx version.
- [FIX] Removing unmanaged nginx configuration.
- [REF] Remove ipv6 listen directive.
- [REF] Port/Enhance puppet-repo-build:
. [FIX] Compress/create a repo release file.
. [FEAT] Tidy apt-ftp-archive cache database
(allow simple removal of packages)
. [QoL] Local repository configuration:
_ Add BinCacheDB to improve performance on repo rebuild.
_ Always stat files, don't use cached information.
_ all Architecture for all sections (distro).
- [FIX] Port concept enchances/fixes for local repo from 7.x branch
* ld_rproxy:
- [QoL] Remove unmanaged files from /etc/nginx/ssl.
- [NEW] New proxy template *vhost_fwd*:
. Setting Host header to host name from proxy_url
- [NEW] Class rproxy::client:
. Fine tune nginx installation for use behind additional
reverse proxy.
. Adding nginx maps to switch automatically between
internal and external (via rproxy) access.
. Add var_x_forwarded_origin var enforcing a origin host.
. Allow to define allowed origin values.
. Enforce default origin of fqdn hostname.
. Adding all known cnames in fqdn form as https origin.
. If ld_proxy::client::nginx::servers is set add location
/.well-known/logodidact/rproxy_debug.json with debug informations.
- [QoL] Avoid duplicate fragments when a "public" host is
declared multiply times (tcp/udp socket as example).
- [REF] Merge server defaults into new nginx server host.
- [NEW] Add location /.well-known/logodidact/is-wan location to all http.
based servers to indicate to allowing detecting rev-proxy
(guess that access is via wan).
* ld_samba4:
- [REF] Trigger/create /var/lib/samba/.ld-su-domjoin.adjust by
running domain_join_user_privileges.
* ld_ssh:
- [FIX] Blacklist some ssh keys.
- [QoL] Accept/send env GIT_COMMITTER_(AUTHOR|NAME) too.
* ld_ssp:
- [REF] Use hiera to define apache general settings.
* ld_syslog:
- [REF] Avoid restarting rsyslog because /var/log/services/martians got
removed.
- [REF] Add switch ld_syslog::martians to force writing logfile on every
host (defaults to false, true for lxc::host [ldhost] machines).
* ld_kopano:
- [QoL] Deploy empty /etc/kopano/admin.cfg (#2105).
- [BRK] Don't install kopano key anymore we use own repo with own key.
- [FIX] WebApp 5+ includes now some plugins, so avoid installation
standalone versions.
- [FIX] WebApp, remove php settings from .htaccess file (#2626, by jm@sbe.de)
- [FIX] Use a record for mail instead of cname which is illegal for mx
records.
* ld_unifi:
- [NEW] Allow to specify which release repository container uses:
. stable (allways latest version)
. 5.14
. 6.0
. 6.1
- [NEW] Using /data/unifi for data on generation containers (-g[1-x]).
* ld_zabbix:
- [PRT] Sync psk logic in packages.pp with p7.
* profiles:
- [QoL] Backport from 7.x unattended_upgrades to a profile, allowing
install/purge of unattended_upgrades infrastructure.
- ad-sync-g1:
. Add global::domain to service urls.
. Remove compat enable_sync_id flag (enforce new package versions).
- ctrl-g1:
. [FIX] Hard limit client connections to server (50 per ip).
. [REF] Redirect short hostname to fqdn
. [NEW] Adept front reverse-proxy configuration via rproxy::client:
_ Log real ip of accessing client
_ Forward correct X-Forwarded attributes
. [NEW] Add basic content-security-policy:
_ Enforce https
. [NEW] Add seperate repo with nginx 1.18
. [REF] Don't redirect anything under / to /center
- deploy
. [FIX] Enforce ordering of linpe ssh key deployment.
- nextcloud-g1:
. [NEW] Adding php-mysql.
. [REF] Generalize 3part php settings (move to default.yaml).
. [REF] Avoid reloading duo php mysql extensions.
- db/pgsql/server:
. [REF] Remove unused admin_pw setter
. [REF] Allow to define postgresql::server settings via hiera.
(Close #2596)
. [QoL] Via psql -U postgres let root access databases locally.
. [REF] Use external mount point /backup for postgresql backup
. [NEW] Manage user/group postgres (enforce uid/gid values).
. [NEW] For PostgreSQL >= 10 setup a online backup via pgbackrest
saving data in /backup/pgbackrest.
. disable via profile::db::pgsql::server::online_backup: 'absent'
- puppeteer:
. [QoL] Use updated passenger repo with passenger 6.
- rev-proxy:
. [NEW] Add seperate repo with nginx 1.18
- ssp-g1
. [REF] Generalize 3part php settings (move to default.yaml)
* schema.d:
- [REF] Use ld_acme::{mail, ensure} keys instead of old
ld_acmetool::{ensure, account_mail}.
[Olav Krapp]
* common
- [FEAT] Add pgsql-migrate script.
[Daniela Leitz]
* profiles:
- ctrl-g1:
. [NEW] Extending CORS rules to allow Header:
_ X-LD-AppName
_ X-LD-AppVersion
_ X-Auth-Permission
-- SBE network solutions GmbH <info@sbe.de> Tue, 03 Aug 2021 10:05:25 +0200
ld-puppet (1.3.23-8) trusty; urgency=high
[Torsten Fohrer]
* ld_lxc::
. [FIX] Use own lxc image repository:
. Improve setup performance with preinstalled packages
. Supports trusty/xenial/focal (without danger of removal)
-- SBE network solutions GmbH <info@sbe.de> Fri, 09 Jul 2021 13:27:09 +0200
ld-puppet (1.3.23-6) trusty; urgency=high
[Torsten Fohrer]
* hiera:
. [FIX] Using new staging repos before release of 1.4.0,
for ondrej php ppa (official removed xenial support).
. [FIX] Deploying ld-archive-keyring-php.gpg allowing access to php repo
on staging server.
-- SBE network solutions GmbH <info@sbe.de> Thu, 10 Jun 2021 17:07:46 +0200
ld-puppet (1.3.23-3) trusty; urgency=high
[Torsten Fohrer]
* ld_audit:
. [FIX] Fix wildfly batchlet processing.
* ld_openjdk:
. [FIX] Reenable tls 1.0/1.1 for jre 8 too.
-- SBE network solutions GmbH <info@sbe.de> Tue, 25 May 2021 08:51:11 +0200
ld-puppet (1.3.23-2) trusty; urgency=high
[Torsten Fohrer]
* ld_samba:
. [FIX] Fix masking in logon.bat
-- SBE network solutions GmbH <info@sbe.de> Tue, 11 May 2021 15:43:01 +0200
ld-puppet (1.3.23-1) trusty; urgency=high
[Torsten Fohrer]
* 3part.d:
. [NEW] Add baseurl/release repo attribute to postgresql.
* common:
. [FIX] Upgrade process:
- Streamline process, reducing agent apply calls
- Deploy static hiera.yaml, fileserver.conf, puppet.conf to
get environment up and running
- Ensure postgresql repo is deployed in upgrade process too.
* hiera:
. [NEW] For trusty use apt-archive.postgresql.org instead
of apt.postgresql.org.
* ld_legacy:
. [NEW] Setups/Deploy backup for mysql.
* ld_kopano:
. [NEW] Allow to enable/disable full gab in webapp via
hiera:
- ld_kopano::config::webapp::gab: true/false (gets inverted)
* ld_openjdk:
. [FIX] Purging packages instead of removing them only,
avoiding doing it on each run again.
* ld_puppet:
. [NEW] Add new lookup step "default.d/%{distcode}".
* ld_samba4:
. [FIX] Fix dos encoding of logon.bat (using stdlib::unix2dos).
. [NEW] Allow to set a GPO_ENABLED batch variable to 0/1 via
hiera:
- ld_samba4::ad::logon_gpo: true/false (resulting in 1/0)
* site.d:
. [NEW] ctrl-g1.yaml
- Use bootmethod grub as default
[Markus Wochnik]
* ld_mobile:
. [FIX] Adepting ldmobile configuration for version 4.78+, creating
local admin account again.
-- SBE network solutions GmbH <info@sbe.de> Mon, 10 May 2021 11:13:48 +0200
ld-puppet (1.3.23) trusty; urgency=high
[Torsten Fohrer]
* ld_mobile:
. [NEW] Allow to define store orga
-- SBE network solutions GmbH <info@sbe.de> Mon, 12 Apr 2021 07:51:41 +0000
ld-puppet (1.3.22-14) trusty; urgency=high
[Torsten Fohrer]
* ld_legacy
. [FIX] ! README !
Because slapindex sometimes generate defect indexes which
leads to incorrect ldap searches.
We now regenerating complete ldap database on configuration change!
As safety measure we backup a dump / complete ldap directory in:
/root/.runner/ldap_backup.gz => DUMP
/root/.runner/ldap.tgz => offline backup of /var/lib/ldap
/var/backup/logodidact/root/.runner/ldap.tgz/ => Older backups
/var/backup/logodidact/root/.runner/ldap_backup.gz/ => Older backups
[Michael Schoenbeck]
* ld_mobile:
- [FEAT] Enable auto update of apps (check every 10h for updates).
-- SBE network solutions GmbH <info@sbe.de> Tue, 02 Mar 2021 11:49:23 +0000
ld-puppet (1.3.22-12) trusty; urgency=high
[Torsten Fohrer]
* hiera:
- ldmobile-g1:
. [REF] Restart on ld_openjdk changes.
. [REF] Use java 11, remove 8.
- ctrl-g1:
. [REF] Simplify openjdk restart ld-control-service(-user-sync) logic
* ld_openjdk:
. [FIX] Ensure that tls1.1 is enabled
* ld_ctrl-g1:
. [REF] Simplify service logic
-- SBE network solutions GmbH <info@sbe.de> Tue, 02 Mar 2021 11:49:23 +0000
ld-puppet (1.3.22-9) trusty; urgency=high
[Torsten Fohrer]
* common:
- [REF] Unify output/processing of hiera defined users via pwgen_sys_usrs:
. ld_ctrl
. ld_samba4
. profile:
_ ad-sync-g1
. ld_legacy, ldap users
* ld_kopano:
. [NEW] Allow to define spread webmeeting turn server via configuration.
-- SBE network solutions GmbH <info@sbe.de> Wed, 24 Feb 2021 07:32:39 +0000
ld-puppet (1.3.22-8) trusty; urgency=high
[Torsten Fohrer]
* ld_legacy:
. [FIX] Allow pykota-admin user write all pykota attributes (list by
jm@sbe.de).
-- SBE network solutions GmbH <info@sbe.de> Wed, 17 Feb 2021 15:15:10 +0000
ld-puppet (1.3.22-7) trusty; urgency=high
[Torsten Fohrer]
* ld_pydio:
. [FIX] Use bind dn/pw too.
* ld_kopano:
. [QoL] Reduce log verbosity of kopano components:
_ server to 3 (warning or worse)
_ presence to 3 (warning or worse)
-- SBE network solutions GmbH <info@sbe.de> Thu, 04 Feb 2021 09:48:51 +0000
ld-puppet (1.3.22-6) trusty; urgency=high
[Torsten Fohrer]
* 3part.d:
- nexus3_reset:
. [FIX] Enforce nuget v2 for proxy repos on creation.
-- SBE network solutions GmbH <info@sbe.de> Mon, 01 Feb 2021 13:24:51 +0000
ld-puppet (1.3.22-5) trusty; urgency=high
[Torsten Fohrer]
* xibo17:
- [FIX] Using ldap bind dn and password now.
* common:
- [QoL] A more generalize node name options for feature inclusions:
. Remove following suffixes -[gcln]\d+
-- SBE network solutions GmbH <info@sbe.de> Mon, 01 Feb 2021 13:24:51 +0000
ld-puppet (1.3.22-4) trusty; urgency=high
[Torsten Fohrer]
* profile:
- ad-sync-g1:
. [FIX] Double deep merge dynamic/static configuration.
* ld_mobile:
- [QoL] Improve ldap tester to search for admin, requesting ldObjectype.
and ldrole.
* ld_legacy:
- [FIX] Use currently used openldap uid/gid from logosrv.
- [FIX] Correct acl for ldap-ro (ou=users to ou=services).
- [NEW] Allow to define additional attributs for ldap-ro via
hiera key ld_legacy::ldap::ldap_ro_atts, defaults to
(['ldObjectType','ldRole'])
- [QoL] Allow overwriting of sealed attributes
-- SBE network solutions GmbH <info@sbe.de> Mon, 01 Feb 2021 10:50:51 +0000
ld-puppet (1.3.22-3) trusty; urgency=high
[Torsten Fohrer]
* ld_legacy:
- [QoL] Don't panic if no "intern" interface on ldhost is configured,
avoiding ldap configuration then.
- [QoL] If we can't configure ldap assume a ldinfo message, and let prun execute ldinfo after
puppet agent run.
- [FIX] Fix typo in username of ldap-ro.
- [FIX] Allow access to ld ldap attributes from localhost.
* ld_moodle:
- [FIX] Use ldap bind pw/dn for authentication.
* doc.d:
- [NEW] vmware/phys_for_logosrv_a_ldhost:
. Add sample for vmware configuration variant phys for ldhost/logosrv
instead of switching via openvswitch.
-- SBE network solutions GmbH <info@sbe.de> Wed, 27 Jan 2021 10:13:47 +0000
ld-puppet (1.3.22-2) trusty; urgency=high
[Torsten Fohrer]
* ld_nextcloud:
- Remove now unsupported install parameter database-table-prefix.
-- SBE network solutions GmbH <info@sbe.de> Tue, 26 Jan 2021 16:32:07 +0000
ld-puppet (1.3.22-1) trusty; urgency=high
[Torsten Fohrer]
* ld_nextcloud:
- Workaround non-uniquess of accounts
-- SBE network solutions GmbH <info@sbe.de> Mon, 25 Jan 2021 11:46:51 +0000
ld-puppet (1.3.22) trusty; urgency=high
[Torsten Fohrer]
* common:
_ Removing historic assurance code across:
. ldupdate
. update-licence-info (+ cron job)
. ldinfo
- Dependencies on ld-baselib-utils, ld-bootstrap:
. Removing unneeded historic packages in upgrade process.
- [FIX] Port color format bugfixes from p6.
- [FIX] Rewrite gem inclusion using command puppet-bundler.
- ldinfo shows now who manages this installation (monitoring).
- hiera.d
. kopano-g1
_ Avoid boolify of 'off' value for proxy_redirect setting in webmeeting.
. ctrl-g1
_ Adding autconf nginx location.
- puppet modules:
. add chown_or
- Updating ruby gems for xenial and adding for xenial only:
. new
_ netaddr
_ mixlib-shellout
_ tty-spinner
. updating
_ commander
_ concurrent-ruby
_ excon
_ ffi
_ highline
_ json
_ locale
_ net-ldap
_ rainbow
_ rake
_ redis
_ tty-cursor
- Upgrade process:
. Translating custom configuration for ctrl-g1 into new format
. Removing deprecated unused settings for ansible from ctrl-g1
configuration.
. Pregenerate a azure syncid (saved in deploy.yaml)
- Update process:
. Runs now puppet-extendca too.
- puppet-extendca extends ca now if it expires in/under 365 days.
- [CLEANUP] Remove icinga2 code:
. ld_rproxy
. ld_ctrl
. ld_rembo
. ld_squid
* profile:
- ad_sync:
. Remove AzureRootGroup setting
. Adding:
_ syncid from configuration
_ customer short and long name
. Enable usage of syncid for multi orga/single tenant mode via
custom.d/ad-sync-g1.yaml:
profile::host::ad_sync::enable_sync_id: true
- ssp-g1:
. Explicit state php module versions
* ld_acmetool:
- [FIX] Enforcing acme v2 api (#2399,HDE).
* ld_base
- [FIX] Avoiding uid/gid clash if suroot is activated
- New system packages:
. byobu
. ca-certficates
. ncdu
. tmux
- Removed packages:
. ca-certificates-mono
- new function hexdigest, which generate a base64 md5 digest of a given
string.
- Moving tools/packages for physical machines (hp tools as example) from
ld_icinga2 here.
- Adding any repository (should contain packages for all dists).
- Because puppetserver is now available for focal, use focal for
p6 puppeteer-g2 now.
- [FIX] Deploy a changed addusers.conf/login.defs to avoid clashes with default logosrv
user ids (SYS_UID_MAX=>799, SYS_GID_MAX=>500) [4e5ed6382]
- [FIX] To avoid uid/gid clash with suroot feature:
. Use 800 for uid and gid.
. Enforce /home/suroot (recursive) owned by uid/gid 800/800.
- Implement a basic ldap_entry type/provider to manage entries directly
via puppet.
* ld_ca:
- [FIX] Let anybody read public/chain/intermedia certificates not only
root and cfssl group.
- [REF] Move renew_certificates from /usr/local/bin to /opt/puppet-cm/bin
- [REF] Use /var/backups/cfssl/YYYY-MM-DD_hh-mm-ss instead of dir in root
home.
* ld_ctrl:
- Replace ld-ansible with ld-autoconf package.
- Simplify control service configuration (puppet part) using
_create_ini_settings_ function.
* ld_mobile:
- [CLEANUP] Remove historic helper scripts.
- Add script 'relution-ldap-test' to help testing multi orga
installations configurations.
* ld_network:
- Deploy internal network configuration at /opt/puppet-cm/network.yaml for
debugging.
- Extended get_ip function to return different formats/kinds of ip
information.
- transform_netmap now stringify some results, and add cidr notation to
puppet structures.
* ld_nextcloud:
- Restart/start apache after nextcloud installer has run (JM).
- Protect packaged configuration directory via htaccess too.
- Enforce disabled password change via nextcloud.
- Removing unneeded package version of php packages.
* ld_puppet:
- Remove matching (/var/log/apache2/*.gz) after after 8 week.
* ld_puppet_gems:
- New module containing "extracted" gems needed by our modules.
* ld_samba4:
- Move utility function pwgen_sys_usrs into ld_base.
* ld_ssp:
- Uninstall unsupported/unneeded module version for other php versions.
- Use hiera for php module configuration.
* ld_squid:
- Porting ld_squid::common from 7.x branch.
* ld_kopano:
- Using hiera_hash to lookup packages allowing to un/non-install packages
#2247.
- [FIX] #2273 Install python3-dnspython/flask so that kopano-presence works
again.
* ld_legacy:
- [FIX] Switching customer short/longname in logosrv ldinfo display (CGE).
- [FIX] Disable tty2 event handler.
- [FIX] Don't try to install ld-deploy-windows-tools on each run.
- [FIX] Respect non default servernet networks in rpc-server configuration.
- Move rpc-server.conf definition into ld_legacy, which allows now
sharing code between instances that use this service (rembo5/7,samba,ldhost,logosrv).
- Managing LDAP server in logosrv from puppet now too with following
Effects/Traits:
. Enforce strict acl who, and what everyone, authenticated and
special accounts can view, or even access.
_ Reducing ldap content visibility for normal users to basic
attributes.
_ Hide some dn trees, objects from non eligable accounts/anonymous
_ Restrict write access for ldap-admin coming from logosrv (main ip,
localhost).
_ Hiding attributes and objectclasses.
_ For compat reasons allow anonymous access from logosrv itselfs
reads access to normal attributes and objects.
. Seperate ldap-admin and "Directory Manager"
_ ldap-admin, allowing via acl write access to all normal attributes
_ "Directory Manager", full write/read to everything without even
checking any acl.
. slapd backend:
_ Increase bdb locks (lockers,locks,objects) to 5000 (from 1500).
_ Increase bdb raw page cache to 128M (20M).
. Seperate ldap-admin <=> directory manager (latter doesn't get
anything acl checked).
. Creating a ldap-ro user, and save password in
logosrv/etc/ldap.ro.secret.
. To avoid overlapping with historic logosrv tools lets slapd use
now /etc/ldap/slapd.puppet.conf as configuration (via
etc/default/slapd).
. Creating logins for external services.
. Reindex ldap (making gz backup at root/.runner/ldap_backup) on
configuration change just in case.
* ld_zabbix:
- Add ldinfo information with state of monitoring activation (MW).
[Waldemar Faist]
* ld_zabbix:
- Replace deprecated configuration EnableRemoteCommands.
[Michael Schoenbeck]
* ld_mobile:
- [FEAT] LD Mobile Portal branding activated
-- SBE network solutions GmbH <info@sbe.de> Thu, 21 Jan 2021 08:39:12 +0000
ld-puppet (1.3.21-8) trusty; urgency=high
[Torsten Fohrer]
* ld_base:
- fixes/php now restarts apache service on extensions changes.
-- SBE network solutions GmbH <info@sbe.de> Wed, 20 Jan 2021 10:40:02 +0000
ld-puppet (1.3.21-7) trusty; urgency=high
[Torsten Fohrer]
* hiera:
- ssp-g1:
. Installs php(version)-mbstring.
* ld_ssp:
- Fixate installed php module versions, no cleanup because
self-service package referse generic php-mbstring.
-- SBE network solutions GmbH <info@sbe.de> Wed, 20 Jan 2021 08:40:02 +0000
ld-puppet (1.3.21-6) trusty; urgency=high
[Torsten Fohrer]
* ld_puppet:
- Let prun/agent retrieve ca on each run, instead do any error prove checking
of ca cert.
-- SBE network solutions GmbH <info@sbe.de> Mon, 11 Jan 2021 09:43:50 +0000
ld-puppet (1.3.21-5) trusty; urgency=high
[Torsten Fohrer]
* ld_puppet
- [FIX] prun not panic anymore if it encounter defect puppeteer ca cert.
-- SBE network solutions GmbH <info@sbe.de> Mon, 11 Jan 2021 09:43:50 +0000
ld-puppet (1.3.21-4) trusty; urgency=high
[Torsten Fohrer]
* ld_samba:
- [FIX] Typos
- [FIX] Certificate deployment / service restart.
-- SBE network solutions GmbH <info@sbe.de> Fri, 11 Dec 2020 11:12:24 +0000
ld-puppet (1.3.21-3) trusty; urgency=high
[Torsten Fohrer]
* ld_samba:
- [FIX] Use correct network for rpc-server configuration.
-- SBE network solutions GmbH <info@sbe.de> Fri, 04 Dec 2020 10:38:26 +0000
ld-puppet (1.3.21-2) trusty; urgency=high
[Torsten Fohrer]
* ld_mobile:
- Correcting ldap searchBase for users and groups from absolut to relative
dn (absolute doesn't work, only for new entries).
- Remove icinga2 monitoring configuration.
- Restart service on configuration change.
* ld_zabbix:
- Setup zabbix agent only if we get a psk.
- Use dig44 to avoid deprecation warning.
-- SBE network solutions GmbH <info@sbe.de> Fri, 30 Oct 2020 07:44:50 +0000
ld-puppet (1.3.21-1) trusty; urgency=high
[Torsten Fohrer]
* ld_samba4:
- Configure rpc-server listen address via puppet now (use ip to avoid
dns quirks and dependencies).
-- SBE network solutions GmbH <info@sbe.de> Tue, 27 Oct 2020 20:17:18 +0000
ld-puppet (1.3.21) trusty; urgency=high
[Torsten Fohrer]
* containers:
- new container mariadb105:
. Runs xenial under ld-puppet1/5, focal under ld-puppet6
. Container mounts /var/lib/lxc.data/mariadb105/mysql for mysql
database. The content isn't tied to lifecyle of container.
- unifi:
. Use ubuntu xenial for new installations.
- xibo17:
. Reduce innodb_log_file_size to 5M for compatibility.
* hiera.d:
- fixed.yaml:
. Add lookup/package proxy infos about LogoDIDACT own mirror system.
- default.yaml:
. Merging configuration from mysql/mariadb host/role to simplify
configuration.
* sites:
- bielefeld:
. activate mariadb105 per default.
* ld_base/ld_lxc:
- Allow to specify a shorted veth interface name for containers
(link name is limited to 15 chars).
* ld_ca:
- Correct group of /etc/cfssl directory.
* ld_lxc:
- [REF] Copy apt configuration 70Translations into lxc (bootstrap)
- lxc.hook.network doesn't complain on non configured interface if they
should be go down. (as example removed interfaced from config)
- Add possibility to remount parts of LXC_DATA to directories in
lxc rootfs.
Example:
lxc.data/mariadb10/mysql to (RUNNING LXC)/var/lib/mysql
* ld_mobile:
- Allow to define multiply ldap connectors via configuration.
* ld_samba:
- Place a systemd override for:
. Using /var/run/samba/samba.pid for main process detection.
. Disabling that systemd accepts that service is active when all
processes ends.
. Changing kill (stop) method so that all process in cgroup are
affected (KillMode=control-group).
- Removing automatic reboot.
- Removing non default groups addition to ld-sysgroup.
- Apply acls for ld-su-domjoin in non default fqdn scenarios too.
* ld_squid:
- Using all instead of 0.0.0.0/0 to silence squid warnings on daily
logrotate/reloads/restarts.
* ld_unifi:
- Switch to nginx as reverse proxy:
. Fast restarts on certificate changes (nginx only).
. Restarts only if certificate really changes!
. No patching of sysv / systemd service needed
- Remove not working/and needed patching for correct JAVA_HOME.
- Disable nginx http2 support for now (only supported by 16.04).
[Michael Schönbeck]
* ld_mobile:
- Education classes build from projectgroups too
-- SBE network solutions GmbH <info@sbe.de> Mon, 26 Oct 2020 09:28:24 +0000
ld-puppet (1.3.20-3) trusty; urgency=high
[Torsten Fohrer]
* ld_samba:
- Replace "computer" group addition to ld-sysgroup with "Computer" because:
. first exist only after sync is working.
. latter is a default group, and exists so always.
-- SBE network solutions GmbH <info@sbe.de> Tue, 06 Oct 2020 11:35:17 +0000
ld-puppet (1.3.20-2) trusty; urgency=high
[Torsten Fohrer]
* ld_ctrl:
- Avoid using ipaddress for nexus / graylog containers.
* ld_nextcloud
- Don't use sudo in system timer to switch execute scripts
as www-data (unit runs already under www-data).
* ld_samba:
- Using internal ca root for tls cafile parameter (backport from 6.x
branch).
-- SBE network solutions GmbH <info@sbe.de> Wed, 30 Sep 2020 08:38:09 +0000
ld-puppet (1.3.20-1) trusty; urgency=high
[Torsten Fohrer]
* ld_samba:
- Closing CVE-2020-1472/Zerologon by forcing server schannel usage:
smb.conf/GLOBAL: server schannel = yes
-- SBE network solutions GmbH <info@sbe.de> Fri, 25 Sep 2020 10:02:24 +0000
ld-puppet (1.3.20) trusty; urgency=medium
[Daniel Torkler]
* containers:
- Nginx location for validation javascript added.
[Olav Krapp]
* ld_ad_sync:
- Manage websocket address
* ld_nextcloud:
- Manage all Nextcloud dependencies
- Implement support nextcloud kerberos based sso
- Redirect http to https
- Using fake appstore, because setting not working correctly
- Using php-fpm instead embeddable php interpreter
- Implement quota reset/systemd timer to allow switching between local
/external storage mode.
* profile:
- new function: deep deletion of undefined values
[Sandy Marko Knauer]
* ld_base:
- puppet6migration scripts
- enable bootstrap.success
- download keyserver fallback
- disable container ca-g1
- check deprecated containers
[Torsten Fohrer]
* 3part/ca_cert:
- Patching to use "update-ca-certificates --fresh" for rebuilding
ca cert store
* containers:
- Creating empty puppetserver-g2 now.
- Removing maintenance network interface.
- samba4-ad:
. Remove winbind group/passwd lookup in nsswitch.conf
* consul test implementation removed.
* debian:
- Deploy feature.d directory
* default.pp:
- Using single query to get installed container depends.
* ld_cfssl:
- Combine facts cfssl / collectcerts into collectcerts
- Try to detect defect certificates (0 byte, incomplete file structure)
and regenerate them
* ld_base:
- If current role is bootstrap, don't deploy ld10-ca cert via ca_cert:ca,
avoiding relationship problems.
- Remove forced grub-pc installation
- Backport auto-apt-proxy from puppet6
- Proxy mode now uses logosrv.ld-servernet.servernet instead of proxy to
avoid connection issues (ip routing/selection from certain hosts).
- Using 3part module ca deployment for logosrv cert.
- Removing historic logosrv directory on containers and ca-certificate
config reference (replaced with above, cert in
/usr/local/shares/ca-certificates).
- ldinfo:
. Present different logos/texts on fact data:
_ ld_install_kind.id == 'local'
Logo: LogoDIDACT
_ ld_install_kind.id <> 'local'
Logo: LogoCLOUD
. Use upcase letter L in LogoDIDACT/CLOUD
. Move virtual text location in logo
- upgrade-packages:
. Returing now real exit-code of failed apt(-get) process instead of
generic ruby stacktrace.
. Remove never really used package mail function.
. Set packages as manual installed via package resource tag
'upgrade-packages:manual'
. Adding more line to internal ignore list.
- map_translate:
. now ignores files in hiera subdirectories (default.d/ctrl-g1.d/kerb.yaml, a.e.)
of internal hiera directories.
. Improving handling of translation errors to avoid defect configuration:
_ Extend handling of translation process via call of map_config
_ Break translation if we found a error and propagete defect run via
exit code 1 (which as example breaks executing prun on puppeteer
then).
. Fix handling in case of non existing custom.yaml, cleanup of
directories, and add additional logging.
- Removing facts pci_devices, bios_and_system, apt_extended_state,
because they seems not be used anywhere.
- Add new fact ld_install_kind that tries to detect predefined installation
kinds and allow hiera/fact/recipes now react to it for:
. Display ld_install_kind.provider in bash prompt, examples (symbolic name of setup kind)
. Display ld_install_kind.title in ldinfo Welcome line, examples (Local, Hetzner Cloud)
. React on ld_install_kind.id or 'ld_install_kind_id', examples (local, hetzner) to
- ld_base::cert now fallbacks to ld_ca certs if defined, otherwise use
snakeoil certs.
- ld_install_kind evals metadata['bios_vendor'] as fallback if
bios_vendor fact is nil/non-string/neq to 'Hetzner'
- Don't compress localrepo packages/content files anymore, and delete
existing xz/gz/bz files from /srv/repos on puppet-repo-build run.
* ld_ca:
- Combine facts cfssl / collectcerts into collectcerts
- Try to detect defect certificates (0 byte, incomplete file structure)
and regenerate them
- Deploy predefined dhe group files (ffdhe2048-4096).
- Deploy ld10 now itself, instead of ld_base::certificates:
. Removing bootstrap ca_cert reference (not needed anymore).
. Let ld_base managed ca-certificates package.
* ld_dns:
- Using same class concept to reduce hassle in porting changes across 1.x/5.x/6.x branches.
* ld_git:
- New aliases:
. cpc => cherry-pick --continue
. cpa => cherry-pick --abort
* ld_legacy:
- Removing unused certificates
. from ca-g1 in logosrv:/etc/cfssl
. puppet ca
- Allowing to specify own server-wide/all subnet wide dhcp options via custom files located in
/etc/dhcp3/custom.d:
. global.conf
_ automatically created, empty
_ Place here server wide settings
. subnet_all.conf:
_ automatically created, empty
_ Place here settings for all subnets
- Allow to specify own subnet specific dhcp settings, if enabled via hiera
(__ld_legacy::dhcp: {per_subnet_include: true}__) located in
/etc/dhcp3/custom.d:
. Ensure that for all existing subnets a subnet_NAME_OF_SUBNET_DEVICE.conf exists!
* ld_lxc:
- Change emerg to info logging of container (post-)stop logging.
- Puppet60 upgrade pre depends/presetup backports:
. Porting mount entries for backup, data, metadata/run
. Creating bind-mount state files in data/backup dir to indicate
mounted via ...
- New fact ld_lxc_container that checks for .bind-mount in data/backup
dir.
- Write down bios_vendor to metadata.json host/container too, to work
around broken dmidecode based facts in trusty containers.
- Using now lxc-download for creating containers instead of slower
bootstrap.
- To avoid that lxc.service get killing at shutdown of lxcs after 90s,
increasing timeout of service to 7min and 30s. systemd will kill running processes
of this service after 2x TimeoutStopSec, now 15min.
* ld_nginx:
- Include html 5 boilerplate system file location protection.
* ld_nextcloud:
- Handling php version now via puppet / hiera configuration.
- Using cli installer instead of web installer.
- Because ld_nextcloud::config::system settings are now handled
differently, there some changes:
. Removing "value" encapsulation
. For moment adding a compat layer for trusted_domain subkey,
adapting old variant with "value" encap.
- Directly using a "logodidact.config.php" for base configuration
instead using api calls for them.
- Removing unused apache modules
- Add symlink in root home to nextcloud installation dir.
- Tweaking settings:
. Disable some annoying apps
_ recommendations
_ password_policy
_ serverinfo
_ logreader (use syslog now)
_ nextcloud_announcements
_ support
_ updatenotification
. Settings
_ Disable preview generation globally and per share
_ Disable access to appstore
_ Disable update-check
_ Disable upgrade via web
_ Change user template directory to /var/empty
_ Disable internal integrity check, because we need to patch files
_ Because sAMAccountName isn't perfectly unique using now 'uidNumber'
for nextcloud internal identification (ldap_export_uuid_user_attr).
_ Setting internal username to 'sAMAccountName'
(ldap_export_username_attr).
- Changing ldapGroupMemberAssocAttr from gidNumber to member to allow
correct group mapping.
- Tear down ldap group/users by using ld-sysgroup, ld-sg-exclude,
ld-sg-nextcloud-exclude.
- Using unified plugin config api to set values for user_ldap.
- Removing now unused provder/type nc_ldap.
* ld_puppet:
- Correct syslog identifiert for internal puppet cert autosign.
* ld_rpoxy:
- Adding support to define a ssl endpoint proxy to internal address for
ldap
- Removig random dhparam.
* ld_syslog:
- Avoid syntax warning in newer rsyslog versions.
* ld_squid:
- Clearing intercepted ssl certificates on every squid startup.
- Adding check-proxy scripts that tries to download something from
https://sbe.de via proxy.
- squid config:
. After authentication allow any client
. Using best practice ordering of authentication
* ld_samba:
- Using now ld-su-domjoin user for joining domain for managed samba
instances instead of administrator, if you got strange errors at
joining, pls verify/correct directory rights for ld-su-domjoin
* profile.d:
- Add ca_cert with disabled package installation in bootstrap profile.
- Adding new configuration options gaining in ld-azure-sync 5.4:
. Exchange management:
_ MessageCannotSentToOutside, mail reply when sending outside
_ MessageCannotReceiveFromOutside, mail reply send to sender
_ GroupsThatCannotSendToOutside, list of group cn
_ UserThatCannotSendToOutisde, list of user cn
_ GroupsThatCannotReceiveFromOutside, list of group cn
_ UsersThatCannotReceiveFromOutside, list of user cn
- pgsql/server:
. Allow access from localhost via tcp / md5 auth too
-- SBE network solutions GmbH <info@sbe.de> Mon, 21 Sep 2020 07:22:52 +0000
ld-puppet (1.3.19-1) trusty; urgency=medium
[Olav Krapp]
* ld_nexus
- refactored
[Torsten Fohrer]
* profile:
- Only install postgres-contrib in postgresql versions prior 10.
* containers:
- ad-sync-g1:
- Get's now powershell via new module ld_pwsh installed.
- Increase interval to 5mins (up from 30s).
* 3part.d:
- Removing unneeded testing/building framework from dnsquery module
(50mb).
- puppet_certificate, now removes localcacert file correctly.
* ld_puppet:
- prun:
- Using OpenSSL bindings check ca.pem to avoid openssl invoction.
* ld_pwsh:
- Simple module to setup repositories and install of powershell
-- SBE network solutions GmbH <info@sbe.de> Mon, 18 May 2020 07:56:56 +0000
ld-puppet (1.3.18) trusty; urgency=medium
[Torsten Fohrer]
* Host profile ad-sync-g1 allows now override (hash/deep) of it options
-- SBE network solutions GmbH <info@sbe.de> Thu, 07 May 2020 11:58:17 +0000
ld-puppet (1.3.17) trusty; urgency=medium
[Olav Krapp]
* common
- cleaning up outdated puppet CA
* ld_ctrl
- assume that ld-control-service.service is always available
-- SBE network solutions GmbH <info@sbe.de> Mon, 20 Apr 2020 15:49:17 +0000
ld-puppet (1.3.16) trusty; urgency=medium
[Michael Schönbeck]
* site-bielefeld
- activated ad-sync-g1 and ssp-g1
- added ssp to rev-proxy
-- SBE network solutions GmbH <info@sbe.de> Thu, 09 Apr 2020 08:19:16 +0000
ld-puppet (1.3.15) trusty; urgency=medium
[Olav Krapp]
* common
- fixed regex for CA validation
* ld_ctrl
- only existing services are managed
* ld_samba4
- samba4-ad LXC is rebooted after SSL key changing
-- SBE network solutions GmbH <info@sbe.de> Fri, 03 Apr 2020 19:22:37 +0000
ld-puppet (1.3.14-1) trusty; urgency=medium
[Torsten Fohrer]
* common
- Respect non schule.local domains.
[Olav Krapp]
* common
- symbolic link from usr/share/doc/ld-puppet10 to var/lib/ld-puppet/doc.d
-- SBE network solutions GmbH <info@sbe.de> Thu, 02 Apr 2020 10:30:16 +0000
ld-puppet (1.3.14~1) trusty; urgency=medium
[Michael Schönbeck]
* ld_kopano:
- removed kopano-contacts dependency
-- SBE network solutions GmbH <info@sbe.de> Thu, 26 Mar 2020 13:52:13 +0000
ld-puppet (1.3.13~2) trusty; urgency=medium
[Torsten Fohrer]
* containers:
- new container ad-sync-g1, providing azure/office
connector.
* common:
- Extending puppet ca and regenerate agent certificates on demand.
* ld_puppet:
- New way of handling psk / regenerate certificate.
* ld_lxc:
- Removing csr extensions.
* ld_samba:
- Using logodidact ca certificates for samba now,
(temporary removing possibility to usw own certificates).
* hiera:
- Increasing some postgresql default settings:
. max connections to 256
. shared buffers to 128mb general, 512mb
. slightly increase checkpoint completion target.
[Olav Krapp]
- Implementing deleting of external storage.
-- SBE network solutions GmbH <info@sbe.de> Wed, 19 Mar 2020 09:28:18 +0000
ld-puppet (1.3.12-1) trusty; urgency=medium
[Torsten Fohrer]
* ld_quota:
- Masking quota services on 16.04/systemd hosts too.
[Olav Krapp]
* ld_nextcloud:
- Setup redis server as memcache for operations.
-- SBE network solutions GmbH <info@sbe.de> Wed, 19 Mar 2020 09:28:18 +0000
ld-puppet (1.3.12) trusty; urgency=medium
[Michael Schönbeck]
* ld_nextcloud:
- PHP 7.3 for NC 18
-- SBE network solutions GmbH <info@sbe.de> Fri, 21 Feb 2020 13:07:47 +0000
ld-puppet (1.3.11-2) trusty; urgency=medium
[Torsten Fohrer]
* ld_legacy:
- Moving ipxe option into lddeploy block
-- SBE network solutions GmbH <info@sbe.de> Fri, 21 Feb 2020 13:07:47 +0000
ld-puppet (1.3.11-1) trusty; urgency=medium
[Torsten Fohrer]
* ld_legacy:
- Fix porting typo (forgotten to remove p6 type completly).
-- SBE network solutions GmbH <info@sbe.de> Thu, 20 Feb 2020 15:13:51 +0000
ld-puppet (1.3.11) trusty; urgency=medium
[Torsten Fohrer]
* ld_legacy:
- Backport 0f245bb55 eaf0c6c3a
. LD Deploy is now default for UEFI clients, regardless of rembo.
. Unify internal template file names.
. Regenerate dhcp configuration if templates changes.
. Let ipxe not waiting for proxy-dhcp (official tweak) via dhcp option.
. Removing unused option declaration for PXE.mtftp, arch.
-- SBE network solutions GmbH <info@sbe.de> Wed, 19 Feb 2020 12:58:18 +0000
ld-puppet (1.3.10) trusty; urgency=medium
[Sandy Marko-Knauer]
* ld_base:
- Fix warning about uninitialized/unbound variable.
[Torsten Fohrer]
* Backport:
- [0aad67f19] ldupdate refreshes localrepo too.
- [d84dea871,317bce9eb,8fb87c654] Generate rembo[57].conf too,
with PXEClient option set
- [92800f5db]
. Using systemd timer for nextcloud/prun.
. Running all 15 minutes nextcloud.
- Patching systemd to fact to reconize own systemd1604 provider.
- Removing ld_systemd fact, externalize systemd_systemctl fact
- Run nextcloud cron every 15 mins via systemd timer
- prun now uses systemd.timer if host supports it.
- [1f60c4dd7] Correct prun timer command to use invoked by cron argument.
- [bf5a0b61d] Remove /etc/apt/apt.conf.d/90forceyes
- [6f15d7f46] Backport correct timer
-- SBE network solutions GmbH <info@sbe.de> Tue, 11 Feb 2020 08:45:37 +0000
ld-puppet (1.3.9) trusty; urgency=medium
[Torsten Fohrer]
* ld_base:
- Fix external hookname to fact name conversion.
- Don't stop processing external facts after first empty one.
- ldinfo displays now software assurance data given by ld-license-agent.
[Waldemar Faist]
* ld_collabora
- 64eccf4c: Merged PR 202: Hotfix: Collabora 4.2 compatibility
-- SBE network solutions GmbH <info@sbe.de> Thu, 09 Jan 2020 11:40:17 +0000
ld-puppet (1.3.8) trusty; urgency=medium
[Sandy Marko Knauer]
* ld_base:
- updated puppet5 migration scripts corrected
-- SBE network solutions GmbH <info@sbe.de> Fri, 06 Dec 2019 12:10:39 +0000
ld-puppet (1.3.7) trusty; urgency=medium
[Olav Krapp]
* ld_zabbix:
- own apt repository is used instead of the official one
[Sandy Marko Knauer]
* ld_base:
- updated puppet5 migration scripts
-- SBE network solutions GmbH <info@sbe.de> Fri, 06 Dec 2019 08:48:39 +0000
ld-puppet (1.3.6) trusty; urgency=medium
[Christian Sommer]
* ld_base:
- updated puppet5 migration scripts
-- SBE network solutions GmbH <info@sbe.de> Mon, 25 Nov 2019 12:53:00 +0000
ld-puppet (1.3.5) trusty; urgency=medium
[Christian Sommer]
* ld_base:
- request letsencrypt certificates from puppeteer in lower case even customer_short has CAPITAL letters
- updated puppet5 migration pre-flight check output
- added and fixed installation of site packages when upgrading puppet
* ld_lxc:
- puppet5 template switched to download
* ld_samba4:
- added optional additional network interfaces for samba via hiera
-- SBE network solutions GmbH <info@sbe.de> Thu, 21 Nov 2019 07:52:00 +0000
ld-puppet (1.3.4) trusty; urgency=medium
[Michael Schönbeck]
* ld_mobile:
- readded user_loginFilterTemplate
-- SBE network solutions GmbH <info@sbe.de> Mon, 04 Nov 2019 09:46:03 +0000
ld-puppet (1.3.3) trusty; urgency=medium
[Michael Schönbeck]
* ld_mobile:
- changed application.yml for ldmobile > 4.54
- former users are beeing deleted
-- SBE network solutions GmbH <info@sbe.de> Tue, 29 Oct 2019 16:28:26 +0000
ld-puppet (1.3.2) trusty; urgency=medium
[Markus Wochnik]
* updated zabbix agent to version 4.4
-- SBE network solutions GmbH <info@sbe.de> Tue, 29 Oct 2019 02:49:00 +0000
ld-puppet (1.3.1) trusty; urgency=medium
[Christian Sommer]
* ld_puppet:
- added ssl certificate management
* ld_zabbix:
- switched repo for ld-zabbix packages
* ld_base:
- install ld-licensting-agent
* ld_squid:
- renew squid ssl database after changing host, root or intermediate certificates
-- SBE network solutions GmbH <info@sbe.de> Thu, 24 Oct 2019 07:17:00 +0000
ld-puppet (1.3.0) trusty; urgency=medium
[Michael Schönbeck]
* ld_mobile:
- added teacher functionality
-- SBE network solutions GmbH <info@sbe.de> Mon, 14 Oct 2019 13:27:18 +0000
ld-puppet (1.2.9) trusty; urgency=medium
[Christian Sommer]
* ld_ca:
- added automatic replacement of certificates on customer name change
* ld_choco:
- added ld_lgpo and ld_nircmd packages to be installed in ld_choco
* ld_base:
- added option to ensure package(s) to latest
* ldmon_net
- removed mon_ctrl_client
- removed icinga2 related files and cron jobs (WIP)
* ld_zabbix:
- install and configure zabbix
* set icinga2 to not available in puppet modules
* ld_ca fixed bug in ld_ca when re-generating certificates
* fixed renewal of certificates on ldhost
* fixed ld-control-client restart in logosrv after renewal of certificates
* restart client services after exchange of root/intermediate certificate(s)
and certificate chain
* restart nginx in ctrl-g1, deploy-g1 and graylog-g1 after exchange
of certificate(s)
[Torsten Fohrer]
* ld_base:
- Managed user profile:
- deploy a .profile (copied from ubuntu)
- allowing adding own fragments to user .bashrc
- move handling user specific profile handling into ld_base::profile
* ld_lxc:
- Remove unused facter import in lxc hook
* ld_qbittorent:
- Introduce openfiles service parameter to allow fine-tuning of
of/connection related setting (from os/system side!).
* ld_samba:
- Don't use 'Domain Guests' for ld-su-domjoin in older samba version
we cannot logon on shares with this.
[Olav Krapp]
* removed icinga2 configuration in site packages
-- SBE network solutions GmbH <info@sbe.de> Tue, 08 Oct 2019 12:37:00 +0000
ld-puppet (1.2.7) trusty; urgency=medium
[Michael Schönbeck]
* site-bielefeld:
- removed icinga2 from ldhost.yaml
- removed icinga2.yaml
* removed site-regioit-sgt (puppet5 only)
-- SBE network solutions GmbH <info@sbe.de> Tue, 24 Sep 2019 22:05:45 +0000
ld-puppet (1.2.6) trusty; urgency=medium
[Michael Schönbeck]
* ld-kopano:
- enable shared user contacts
-- SBE network solutions GmbH <info@sbe.de> Thu, 12 Sep 2019 23:40:18 +0000
ld-puppet (1.2.6.rc2) unstable; urgency=medium
[Torsten Fohrer]
* ld_ctrl:
- To avoid rotating ansible logfiles (already rotated logs!), move them
into a subdir named history (var/log/ansible/hosts/history).
- Enforce max age of keeped rotated logfiles to 15 days (default value).
- Improve/correct logrotate for ansible playbook logs:
- Because ansible doesn't support custom formatting of logplay output,
we need to move files out of log dir to avoid rotating rotated files.
- Use -YYYYMMDD as rotate extension for logrotate
- Don't create empty logfile for rotated logs
- Don't mail about rotating
* ld_puppet:
- ldinfo:
- now reads env facts from .metadata if it exists
- stores .metadata data under metadata fact key ala puppet fact metadata
* ld_base:
- Adjust to changes in facts metadata and ld_virtual (new)
* ld_ansible:
- Activate that ansible retries ssh execution if it detects a ssh connection
failure (ansible.cfg=>ssh_connection->retries), 30 times.
* ld_ssh:
- Accept/send GIT_AUTHOR_NAME/GIT_AUTHOR_EMAIL env vars
[Christian Sommer]
* switched usage of facts['virtual'] to facts['ld_virtual']
-- SBE network solutions GmbH <info@sbe.de> Tue, 10 Sep 2019 05:18:00 +0000
ld-puppet (1.2.6.rc1) trusty; urgency=medium
[Christian Sommer]
* added ld-su-domjoin user creation in samba4-ad
[Olav Krapp]
* install ld-deploy-windows-openssh
[Torsten Fohrer]
* various winrm/ssh settings
[Kai Fieger]
* added nginx locations for ld-control-agent and ld-console
-- SBE network solutions GmbH <info@sbe.de> Wed, 04 Sep 2019 12:31:00 +0000
ld-puppet (1.2.5) trusty; urgency=medium
[Michael Schönbeck]
* site-bielefeld:
- disabled iLO and USB-Backup check
-- SBE network solutions GmbH <info@sbe.de> Wed, 14 Aug 2019 22:58:59 +0000
ld-puppet (1.2.4) trusty; urgency=medium
[Michael Schönbeck]
* ld-kopano:
- removed userscripts from server.cfg to use defaults needed since 8.6.91
-- SBE network solutions GmbH <info@sbe.de> Wed, 07 Aug 2019 17:02:27 +0000
ld-puppet (1.2.3) trusty; urgency=medium
[Christian Sommer]
* Updated deprecated Kopano config settings
* fixed removal of Postgresql DB backups
* Updated nextcloud config settings
* modified nexus default repo configuration
* added option to set custom ntp servers in ldhost via hiera
[Olav Krapp]
* added ld_choco puppet module
[Michael Schönbeck]
* site-regioit-sgt:
- added postinst script
-- SBE network solutions GmbH <info@sbe.de> Mon, 15 Jul 2019 08:51:15 +0000
ld-puppet (1.2.2) trusty; urgency=medium
[Christian Sommer]
* fixed oracle java issue in ldupdate
[Michael Schönbeck]
* site-bielefeld:
- sorted containers alphabeticaly
- activated nexus-g1 and graylog-g1
- disabled usb-backup check
-- SBE network solutions GmbH <info@sbe.de> Wed, 12 Jun 2019 20:31:43 +0000
ld-puppet (1.2.1) trusty; urgency=medium
[Christian Sommer]
* chaged prun cron job to run every 4 hours as default
* switched audit container from oracle java to openjdk
-- SBE network solutions GmbH <info@sbe.de> Thu, 06 Jun 2019 19:34:00 +0000
ld-puppet (1.2.0) trusty; urgency=high
[Michael Schönbeck]
* generalization of site package generator
-- SBE network solutions GmbH <info@sbe.de> Fri, 31 May 2019 12:12:14 +0000
ld-puppet (1.1.50) trusty; urgency=high
[Olav Krapp]
* 3part.d
- rabbitmq module now uses default gpg key settings
-- SBE network solutions GmbH <info@sbe.de> Fri, 31 May 2019 09:57:48 +0000
ld-puppet (1.1.49) trusty; urgency=high
[Olav Krapp]
* 3part.d
- archive module updated from 1.3.0 to 3.2.1
- rabbitmq module updated from 5.6.0 to 9.0.0
- systemd module updated from 0.4.0 to 2.5.1
-- SBE network solutions GmbH <info@sbe.de> Thu, 30 May 2019 21:42:04 +0000
ld-puppet (1.1.48) trusty; urgency=high
[Michael Schönbeck]
* site-bielefeld:
- removed partner repo
* site-regioit-sgt:
- initial release
- automatic update
- defined default containers
-- SBE network solutions GmbH <info@sbe.de> Wed, 29 May 2019 21:17:28 +0000
ld-puppet (1.1.47) trusty; urgency=high
[Christian Sommer]
* Bugfixes
- fixed issue using custom ssh private/public key pairs with comment in public key
- fixed deployment of root/intermediate certificates with CAPITAL letters in
customer shortname
-- SBE network solutions GmbH <info@sbe.de> Wed, 29 May 2019 09:44:00 +0000
ld-puppet (1.1.46) trusty; urgency=high
[Christian Sommer]
* ldhost:
- marked lxc-attach as not-recommended
- added autocompletion script for lxc-ssh
- removed warning messages in lxc-ssh
-- SBE network solutions GmbH <info@sbe.de> Tue, 28 May 2019 11:25:00 +0000
ld-puppet (1.1.45) trusty; urgency=high
[Christian Sommer]
* fixed issues in openJDK switch
-- SBE network solutions GmbH <info@sbe.de> Thu, 23 May 2019 14:15:00 +0000
ld-puppet (1.1.44) trusty; urgency=high
[Christian Sommer]
* logosrv:
- fixed dhcp3-server shutdown issue
* ld_puppet
- fixed removal of old software assurance cron job
* puppeteer
- switched Oracle Java to openJDK
-- SBE network solutions GmbH <info@sbe.de> Tue, 14 May 2019 12:34:00 +0000
ld-puppet (1.1.43) trusty; urgency=high
[Christian Sommer]
* ld_squid:
- squid installation can optionally be disabled via hiera
* ld_ansible:
- remove proxy information from group vars if squid is disabled
* ld_unifi
- switched Oracle Java to openJDK
* ld_mobile
- switched Oracle Java to openJDK
-- SBE network solutions GmbH <info@sbe.de> Wed, 08 May 2019 09:29:00 +0000
ld-puppet (1.1.42) trusty; urgency=high
[Christian Sommer]
* ld_nexus:
- fixed setup issue - give service some time to startup
- switched Oracle Java to openJDK
-- SBE network solutions GmbH <info@sbe.de> Wed, 24 Apr 2019 10:04:00 +0000
ld-puppet (1.1.41) trusty; urgency=high
[Christian Sommer]
* ld_nexus:
- fixed wrong repo type in create_repo template
* ld_qbittorent:
- set priorities for qbittorrent service
-- SBE network solutions GmbH <info@sbe.de> Fri, 05 Apr 2019 10:40:00 +0000
ld-puppet (1.1.40) trusty; urgency=high
[Christian Sommer]
* added nexus-g1 container
* ld_icinga2:
- removed hpasm checks on HPE Gen10 Servers
- fixed HPE Ubuntu repositories
* ld_java:
* ld_postgres:
- enable custom access to Postgres DB
* ld_nextcloud:
- resolve trusted_proxies ip address(es) in nextcloud config
* various ansible fixes
-- SBE network solutions GmbH <info@sbe.de> Thu, 28 Mar 2019 12:00:00 +0000
ld-puppet (1.1.39) trusty; urgency=high
[Waldemar Faist]
* ld_collabora:
- fixed typo
-- SBE network solutions GmbH <info@sbe.de> Thu, 21 Mar 2019 12:45:33 +0000
ld-puppet (1.1.38) trusty; urgency=high
[Waldemar Faist]
* ld_collabora:
- added hunspell
* site-berlin:
- removed pydio
-- SBE network solutions GmbH <info@sbe.de> Thu, 21 Mar 2019 08:46:40 +0000
ld-puppet (1.1.37) trusty; urgency=high
[Michael Schönbeck]
* ld_puppet:
- graylog-g1 unreleased
-- SBE network solutions GmbH <info@sbe.de> Tue, 22 Jan 2019 21:49:06 +0000
ld-puppet (1.1.36) trusty; urgency=high
[Christian Sommer]
* ld_puppet:
- puppetdb query crashed ldupdate process since puppetdb is not running during update
* ld_legacy:
- Restart of dhcp server in logosrv after modification of dhcp config
* ldupdate:
- make sure redisdb is being restarted during ldupdate
-- SBE network solutions GmbH <info@sbe.de> Tue, 22 Jan 2019 09:55:57 +0000
ld-puppet (1.1.35) trusty; urgency=high
[Michael Schönbeck]
* release withdrawn
-- SBE network solutions GmbH <info@sbe.de> Tue, 22 Jan 2019 21:49:06 +0000
ld-puppet (1.1.34) trusty; urgency=high
[Christian Sommer]
* ld_ctrl:
- Oracle JDK with OpenJDK replaced
-- SBE network solutions GmbH <info@sbe.de> Thu, 03 Jan 2019 09:47:08 +0000
ld-puppet (1.1.33) trusty; urgency=high
[Christian Sommer]
* ld_deploy:
- fixed rembo specific dhcp options to dhcpd.conf.logodidact depending on wether a rembo container is present
- only enable rembo dhcp options if deploy container is not present
- added enforce rembo dhcp setting setting
-- SBE network solutions GmbH <info@sbe.de> Thu, 20 Dec 2018 13:45:00 +0000
ld-puppet (1.1.32) trusty; urgency=high
[Christian Sommer]
* ld_graylog:
- added plaintext port and JSON extractor
- graylog/ctrl: added ld-deploy API token to application.properties
* ld_puppet:
- squid-deb-proxy: added support for custom dstdomains
* ld_deploy:
- added linpe debug-ssh-key
- removed dnsmasq, modified dhcp server settings in logosrv
- added rembo specific dhcp options to dhcpd.conf.logodidact depending on wether a rembo container is present
* ld_icinga2:
- modified unifi http(s) login check - changed to new login uri
-- SBE network solutions GmbH <info@sbe.de> Wed, 19 Dec 2018 13:23:36 +0000
ld-puppet (1.1.31) trusty; urgency=high
[Christian Sommer]
* ld_ctrl:
- Fixed openJDK issues. Reinstall Oracle Java in ctrl-g1
-- SBE network solutions GmbH <info@sbe.de> Wed, 12 Dec 2018 13:32:24 +0000
ld-puppet (1.1.30) trusty; urgency=high
[Michael Schönbeck]
* site-bielefeld:
- deploy-g1, ctrl-g1 and builder1604 for kms-tunnel activated
-- SBE network solutions GmbH <info@sbe.de> Tue, 11 Dec 2018 19:57:02 +0000
ld-puppet (1.1.29) trusty; urgency=high
[Christian Sommer]
* ld_host:
- ld-deploy-ipxe will be installed on ldhost when deploy container is enabled.
- Existing files in /usr/lib/ipxe/qemu will be symlinked to corresponding files in /usr/lib/ld-deploy-ipxe/qemu.
-- SBE network solutions GmbH <info@sbe.de> Fri, 23 Nov 2018 17:06:28 +0000
ld-puppet (1.1.28) trusty; urgency=high
[Michael Schönbeck]
* site-bielefeld:
- activated and configured nextcloud-g1 and collabora-g1 including rev-proxy
-- SBE network solutions GmbH <info@sbe.de> Fri, 23 Nov 2018 12:08:29 +0000
ld-puppet (1.1.27) trusty; urgency=high
[Christian Sommer]
* NEW:
- graylog support (Container graylog-g1, https://graylog)
- DNS lookup module added
* FIX:
- resolv.conf on ldhost will no longer be modified by dhclient when running external interface with dhcp
- removed USB backup icinga check in site Berlin
- fixed sendmail issue
- rabbitmq-server version temporarily fixed to v3.8.7-1
[Michael Schönbeck]
* site-bielefeld:
- switched pydio to reserve
- added packages for iscsi support
[Olav Krapp]
* ld_deploy:
- fixed installation of Windows tools
-- SBE network solutions GmbH <info@sbe.de> Tue, 20 Nov 2018 13:58:05 +0000
ld-puppet (1.1.26) trusty; urgency=high
[Michael Schönbeck]
* unifi:
- switched from unifi5 to stable repository for newer version
-- SBE network solutions GmbH <info@sbe.de> Wed, 24 Oct 2018 05:11:15 +0000
ld-puppet (1.1.25) trusty; urgency=high
[Olav Krapp]
* ld_qbittorrent:
- changed settings
* puppetdb:
- increased memory assignment from 192mb to 256mb
-- SBE network solutions GmbH <info@sbe.de> Fri, 12 Oct 2018 14:34:59 +0000
ld-puppet (1.1.24) trusty; urgency=high
[Christian Sommer]
* ld_network:
- changes in dhclient.conf on ldhost - no nameservers and (search)domains will be requested
* ld_base:
- blacklisting of acpi_power_meter kernel module on ldhost when running on HP Proliant hardware
-- SBE network solutions GmbH <info@sbe.de> Tue, 02 Oct 2018 09:32:46 +0000
ld-puppet (1.1.23) trusty; urgency=high
[Michael Schönbeck]
* ld_nextcloud:
- FIX: activated filessystem_check_changes
- FIX: publish rev-proxy for bruteforce detection
-- SBE network solutions GmbH <info@sbe.de> Mon, 01 Oct 2018 12:50:38 +0000
ld-puppet (1.1.22) trusty; urgency=high
[Christian Sommer]
* ld_puppet:
- NEW: module ld_ansible
- NEW: module python
[Olav Krapp]
* ld_qbittorrent:
- NEW: install and configure ld-deploy-windows-qbittorrent
[Michael Schönbeck]
* site-bielefeld:
- NEW: install nfs-common
-- SBE network solutions GmbH <info@sbe.de> Tue, 25 Sep 2018 07:36:41 +0000
ld-puppet (1.1.21) trusty; urgency=high
[Christian Sommer]
* ld_unifi:
- NEW: install Java 8
* ld_icinga:
- downgrade icinga2 to v2.8.4 on icinga2 lxc
-- SBE network solutions GmbH <info@sbe.de> Fri, 14 Sep 2018 15:42:37 +0200
ld-puppet (1.1.20) trusty; urgency=high
[Olav Krapp]
* ld_ctrl:
- NEW: manage ld-control-client on ctrl and deploy container
* ld_legacy:
- NEW: manage authentication for ld-control-client
-- SBE network solutions GmbH <info@sbe.de> Fri, 14 Sep 2018 15:42:37 +0200
ld-puppet (1.1.19) trusty; urgency=high
[Christian Sommer]
* ld_xibo17:
- FIX: https not forced anymore
[Michael Schoenbeck]
* ld_nextcloud:
- FIX: removed leading spaces
-- SBE network solutions GmbH <info@sbe.de> Tue, 11 Sep 2018 12:38:10 +0000
ld-puppet (1.1.18) trusty; urgency=high
[Christian Sommer]
* ldhost:
- FIX: generate forward dns nameserver properly.
* ld_legacy:
- FIX: due to bugs in file_line function syslog-ng.conf file is replaced completely.
* ld_network:
- FIX: generate resolv.conf file before removing resolvconf package.
-- SBE network solutions GmbH <info@sbe.de> Fri, 24 Aug 2018 09:38:22 +0000
ld-puppet (1.1.17) trusty; urgency=medium
[Christian Sommer]
* ld_ctrl:
- NEW: force application.properties management after ld-control-service
package update.
- NEW: redirect from http://ctrl/ to https://ctrl/center/
* ld_legacy:
- NEW: enable receiving of syslog messages over UDP.
* ld_moodle:
- FIX: fix default configuration.
* ld_nextcloud:
- FIX: disable user_saml plugin to fix logon.
[Olav Krapp]
* ld_ctrl:
- NEW: remove kerberos auth.
- NEW: set Xmx to 2GB.
* ld_legacy:
- NEW: manage ld-control-client if ctrl LXC enabled.
-- SBE network solutions GmbH <info@sbe.de> Wed, 22 Aug 2018 15:24:55 +0000
ld-puppet (1.1.16) trusty; urgency=medium
[Christian Sommer]
* ld_network:
- NEW: resolv.conf via puppet
* ld_legacy:
- NEW: install ld-deploy-windows-tools
-- SBE network solutions GmbH <info@sbe.de> Tue, 07 Aug 2018 08:40:51 +0000
ld-puppet (1.1.15) trusty; urgency=medium
[Christian Sommer]
* ld_ca:
- NEW: local webservers use local ca instead of self signed certificates
-- SBE network solutions GmbH <info@sbe.de> Thu, 26 Jul 2018 14:30:55 +0000
ld-puppet (1.1.14) trusty; urgency=medium
[Uwe Hermann]
* ld_icinga2:
- NEW: support for HP ProLiant Gen10 server
-- SBE network solutions GmbH <info@sbe.de> Sun, 15 Jul 2018 21:56:41 +0000
ld-puppet (1.1.13) trusty; urgency=medium
[Christian Sommer]
* ld_puppet:
- NEW: module ld_ansible
- NEW: module python
[Olav Krapp]
* ld_qbittorent:
- NEW: install and configure ld-deploy-windows-qbittorrent
[Michael Schönbeck]
* site-bielefeld:
- install nfs-commin
-- SBE network solutions GmbH <info@sbe.de> Sun, 15 Jul 2018 21:56:41 +0000
ld-puppet (1.1.12) trusty; urgency=medium
[Michael Schönbeck]
* ld_nextcloud:
- NEW: run upgrade via occ, if started via webinterface with commandline chosen
* ld_base:
- NEW: command "wip" to mark server as work in progress
-- SBE network solutions GmbH <info@sbe.de> Thu, 21 Jun 2018 19:00:13 +0000
ld-puppet (1.1.11) trusty; urgency=medium
[Michael Schönbeck]
* ld_puppet:
- FIX: keep redis dumps for 52w instead of 1y
-- SBE network solutions GmbH <info@sbe.de> Tue, 19 Jun 2018 13:50:17 +0000
ld-puppet (1.1.10) trusty; urgency=medium
[Michael Schönbeck]
* ld_puppet:
- CHANGE: keep redis dumps for one year
* squid-deb-proxy:
- ADD: packages.icinga.com
-- SBE network solutions GmbH <info@sbe.de> Tue, 19 Jun 2018 13:20:20 +0000
ld-puppet (1.1.9) trusty; urgency=medium
[Olav Krapp]
* ld_nextcloud:
- CHANGE: disable version plugin to make saving of shared documents working
-- SBE network solutions GmbH <info@sbe.de> Fri, 15 Jun 2018 08:51:37 +0000
ld-puppet (1.1.8) trusty; urgency=medium
[Olav Krapp]
* ld_kopano:
- CHANGE: templates simplified
-- SBE network solutions GmbH <info@sbe.de> Sun, 10 Jun 2018 17:32:24 +0000
ld-puppet (1.1.7) trusty; urgency=medium
[Olav Krapp]
* ld_apcupsd:
- FIX: device configuration
-- SBE network solutions GmbH <info@sbe.de> Wed, 06 Jun 2018 20:13:56 +0000
ld-puppet (1.1.6) trusty; urgency=medium
[Olav Krapp]
* ld_icinga2:
- CHANGE: iLO timeout increased
* ld_kopano:
- CHANGE: switched to openldap instead of samba4-ad to solve performance issues
- FIX: translating local addresses localy
- FIX: othermailbox used wrong by postfix
* ld_acmetool:
- NEW: accept new agreement automaticaly
* ld_ctrl:
- NEW: add kerberos support
-- SBE network solutions GmbH <info@sbe.de> Wed, 06 Jun 2018 12:00:45 +0000
ld-puppet (1.1.5) trusty; urgency=medium
[Olav Krapp]
* ld_legacy:
- FIX: ld20 upgrade logs were not saved properly
-- SBE network solutions GmbH <info@sbe.de> Fri, 18 May 2018 06:54:17 +0000
ld-puppet (1.1.4) trusty; urgency=medium
[Olav Krapp]
* ld_kopano:
- otherMailbox and zarafaAliases are sortet before comparison
* ld_nextcloud:
- logincredentials instead of sessioncredentials to make collabora work on tausch and pgm.
-- SBE network solutions GmbH <info@sbe.de> Wed, 09 May 2018 21:03:04 +0000
ld-puppet (1.1.3) trusty; urgency=medium
[Olav Krapp]
* ld_nextcloud:
- ldap group filter added to allow share with a ldap group.
* ld_samba4:
- Due to performance issues kopano_activate and kopano_admins are replaced
by kopano_sync.
[Michael Schönbeck]
* site-bielefeld:
- enabled automatic reboot
* ldhost:
- install thermald for better heat management
-- SBE network solutions GmbH <info@sbe.de> Fri, 04 May 2018 21:13:45 +0000
ld-puppet (1.1.2) trusty; urgency=medium
[Michael Schönbeck]
* site-bielefeld:
- FIX: disabled automatic reboot because of problem with HP servers, has nothing todo with the "automatic" in reboot
-- SBE network solutions GmbH <info@sbe.de> Thu, 26 Apr 2018 11:20:47 +0000
ld-puppet (1.1.1) trusty; urgency=medium
[Michael Schönbeck]
* site-bielefeld:
- disabled automatic reboot because of problem with HP servers, has nothing todo with the "automatic" in reboot
-- SBE network solutions GmbH <info@sbe.de> Wed, 25 Apr 2018 07:03:51 +0000
ld-puppet (1.1.0) trusty; urgency=medium
[Michael Schönbeck]
* ld_nextcloud:
- switched to "Eigene Dateien" as storage for sharing
- removed skeletondirectory
- set quota to 0B to prevent user from creating false files
-- SBE network solutions GmbH <info@sbe.de> Thu, 19 Apr 2018 16:25:47 +0000
ld-puppet (1.0.99) trusty; urgency=medium
[Michael Schönbeck]
* unattended_upgrades
- if enabled reboot_time is 21:00
-- SBE network solutions GmbH <info@sbe.de> Thu, 19 Apr 2018 07:38:58 +0000
ld-puppet (1.0.98) trusty; urgency=medium
[Michael Schönbeck]
* ld_host:
- RELEASED: postgresql10, nextcloud-g1, collabora-g1 an ca-g1
- UNRELEASED: pydio
* ld-site-bielefeld:
- activated unattended updates
-- SBE network solutions GmbH <info@sbe.de> Wed, 18 Apr 2018 23:28:21 +0000
ld-puppet (1.0.97) trusty; urgency=medium
[Michael Schönbeck]
* ld_kopano:
- ADD: kopano-webapp-plugin-webappmanual and kopano-webapp-plugin-titlecounter
[Olav Krapp]
* ld_nextcloud:
- ADD: map external network drives H: P: (K:) T:
-- SBE network solutions GmbH <info@sbe.de> Wed, 18 Apr 2018 22:06:13 +0000
ld-puppet (1.0.96) trusty; urgency=medium
[Michael Schönbeck]
* ld_puppet:
- REMOVED: update-assurance-info cronjob
-- SBE network solutions GmbH <info@sbe.de> Tue, 17 Apr 2018 10:33:01 +0000
ld-puppet (1.0.95) trusty; urgency=medium
[Olav Krapp]
* ld_samba:
- NEW: AD acts as NTP server.
-- SBE network solutions GmbH <info@sbe.de> Wed, 11 Apr 2018 12:23:27 +0000
ld-puppet (1.0.94) trusty; urgency=medium
[Olav Krapp]
* ld_samba:
- FIX: principals check corrected
-- SBE network solutions GmbH <info@sbe.de> Tue, 10 Apr 2018 09:28:17 +0000
ld-puppet (1.0.93) trusty; urgency=medium
[Michael Schönbeck]
* ld_host:
- FIX: reboot_time corrected
-- SBE network solutions GmbH <info@sbe.de> Mon, 10 Apr 2018 00:51:31 +0000
ld-puppet (1.0.92) trusty; urgency=medium
[Olav Krapp]
* ld_nextcloud:
- For Kerberos Nginx as a proxy has been replaced by Apache.
-- SBE network solutions GmbH <info@sbe.de> Mon, 09 Apr 2018 15:07:31 +0000
ld-puppet (1.0.91) trusty; urgency=medium
[Michael Schönbeck]
* ld_mobile:
- removal of the ldmobile wizard cronjob
-- SBE network solutions GmbH <info@sbe.de> Sun, 08 Apr 2018 21:48:39 +0000
ld-puppet (1.0.90) trusty; urgency=medium
[Michael Schönbeck]
* ld_mobile:
- new configuration via application.yml instead of wizard.rb and sql.conf for ld-mobile >= 4.0
-- SBE network solutions GmbH <info@sbe.de> Thu, 05 Apr 2018 09:37:34 +0000
ld-puppet (1.0.89) trusty; urgency=medium
[Olav Krapp]
* Added unattended upgrades.
* ld_host:
- NEW: ca-g1 LXC. Closes: 344.
- NEW: collabora-g1 LXC. Closes: 341.
- NEW: nextcloud-g1 LXC. Closes: 68.
- NEW: postgresql10 LXC.
* ld_network:
- NEW: Added option to ignore unmanaged files in shorewall. Closes: 345.
-- SBE network solutions GmbH <info@sbe.de> Wed, 28 Mar 2018 08:04:37 +0000
ld-puppet (1.0.88) trusty; urgency=medium
[Michael Schönbeck]
* ld_samba4:
- FIX: kopano_activate mail is not a multivalue
-- SBE network solutions GmbH <info@sbe.de> Thu, 15 Feb 2018 15:28:26 +0000
ld-puppet (1.0.87) trusty; urgency=medium
[Michael Schönbeck]
* ld_base:
- FIX: missing default editor
- screenrc mousetrack off to enable mouse copy and paste
* ld_host:
- kopano-g1 status reserved
* ld_icinga2:
- replaced hpssacli with ssacli
* ld_legacy:
- ld-reboot alias aus bash.bashrc im logosrv entfernt
-- SBE network solutions GmbH <info@sbe.de> Thu, 08 Feb 2018 15:31:44 +0000
ld-puppet (1.0.86) trusty; urgency=medium
[Michael Schönbeck]
* ld_base:
- made mcedit the default editor of mc
- screenrc mousetrack off to enable mouse copy and paste
* ld_vim:
- modified mouse navigation to enable mouse copy and paste
-- SBE network solutions GmbH <info@sbe.de> Tue, 06 Feb 2018 19:59:59 +0000
ld-puppet (1.0.85) trusty; urgency=medium
[Michael Schönbeck]
* ld_kopano:
- local nginx force ssl set ture
* ld_base:
- install ld-reboot
- set reboot and poweroff aliases to ld-reboot
* ld_quota:
- new module to disable quota services on Ubuntu 16.04
- disable quota only when xenial
-- SBE network solutions GmbH <info@sbe.de> Tue, 06 Feb 2018 11:15:00 +0000
ld-puppet (1.0.84) trusty; urgency=medium
[Olav Krapp]
* ld_kopano:
- Mail templates for multi domain and single mail boxes added.
* ld_samba4:
- Set default maximum password age to 0. Closes: 234.
-- SBE network solutions GmbH <info@sbe.de> Tue, 23 Jan 2018 08:22:11 +0000
ld-puppet (1.0.83) trusty; urgency=medium
[Olav Krapp]
* ld_multidrop:
- Use cname for resource definition. Closes: 201.
* ld_samba:
- kopanoAccount is always synchronized. Closes: 202.
-- SBE network solutions GmbH <info@sbe.de> Tue, 19 Dec 2017 14:08:07 +0000
ld-puppet (1.0.82) trusty; urgency=medium
[Olav Krapp]
* ld_samba:
- Sync group mail attribute. Closes: 200.
-- SBE network solutions GmbH <info@sbe.de> Mon, 18 Dec 2017 14:36:32 +0000
ld-puppet (1.0.81) trusty; urgency=medium
[Olav Krapp]
* doc.d:
- Mail template for kopano-g1 adapted. Closes: 165.
* ld_icinga2:
- Remove mail checks from logosrv if kopano enabled. Closes: 186.
* ld_kopano:
- Default message_size_limit in postfix is 128M now. Closes: 159.
- Default post_max_size in php-fpm is 128M now. Closes: 159.
- Default upload_max_filesize in php-fpm is 32M now. Closes: 159.
- Added servernet ip/netmask to mynetworks.
-- SBE network solutions GmbH <info@sbe.de> Wed, 13 Dec 2017 13:30:43 +0000
ld-puppet (1.0.80) trusty; urgency=medium
[Olav Krapp]
* doc.d:
- Mail template for ldhost adapted.
* ld-kopano:
- Filter groups over mail attribute.
* ld_legacy:
- Added possibility to declare groups as zarafa-group.
* ld_samba4:
- Sync kopanoAccount and otherMailbox for groups.
-- SBE network solutions GmbH <info@sbe.de> Thu, 07 Dec 2017 19:14:57 +0000
ld-puppet (1.0.79) trusty; urgency=medium
[Olav Krapp]
* doc.d:
- Mail templates were made user-friendly.
* ld-multidrop:
- Default dir destination disabled.
-- SBE network solutions GmbH <info@sbe.de> Wed, 06 Dec 2017 12:49:36 +0000
ld-puppet (1.0.78) trusty; urgency=medium
[Olav Krapp]
* ld-rproxy:
- kopano83 template renamed to kopano.
* ld-samba4:
- Provision AD with kopano schema if not already done.
-- SBE network solutions GmbH <info@sbe.de> Tue, 05 Dec 2017 17:49:24 +0000
ld-puppet (1.0.77.1) trusty; urgency=medium
[Daniela Leitz]
* ld-unifi:
- Http port to 8080.
-- SBE network solutions GmbH <info@sbe.de> Wed, 22 Nov 2017 10:17:16 +0000
ld-puppet (1.0.77) trusty; urgency=medium
[Olav Krapp]
* ld_kopano:
- Enable web meeting plugin by default.
- Set kopano as alias for kopano-g1.
- Postfix is default relay host for logoDIDACT.
- Amavis integrated.
- ClamAV integrated.
- SpammAssassin integrated.
- SMTP auth over sasl and imap.
* ld_legacy:
- Configure postfix for kopano if kopano enabled.
- Purge old mail configuration if kopano enabled.
- Install MacOS and Windows DeskApp binaries if kopano enabled.
* ld_multidrop:
- Configure getmail.
* ld_samba4:
- Sync zarafaAliases to otherMailbox.
- Set kopanoAdmin over puppet.
* ld_syslog:
- Fixes wrong logrotate configuration for rsyslog.
-- SBE network solutions GmbH <info@sbe.de> Thu, 21 Sep 2017 12:52:11 +0000
ld-puppet (1.0.76.3) trusty; urgency=medium
[Daniela Leitz]
* ld-unifi:
- Fix Syntax error.
-- SBE network solutions GmbH <info@sbe.de> Fri, 17 Nov 2017 13:51:34 +0000
ld-puppet (1.0.76.2) trusty; urgency=medium
[Daniela Leitz]
* ld-unifi:
- Add notify for file and file_line.
-- SBE network solutions GmbH <info@sbe.de> Fri, 17 Nov 2017 12:08:34 +0000
ld-puppet (1.0.76.1) trusty; urgency=medium
[Daniela Leitz]
* ld-unifi:
- Add nginx again to forward to port 443. Closes: ld-puppet 88
-- SBE network solutions GmbH <info@sbe.de> Fri, 17 Nov 2017 09:58:13 +0000
ld-puppet (1.0.76) trusty; urgency=medium
[Daniela Leitz]
* ld-unifi:
- Remove nginx.
- Add authbind for running as 'unifi' user. Closes: ld-puppet 85
-- SBE network solutions GmbH <info@sbe.de> Thu, 16 Nov 2017 13:18:24 +0000
ld-puppet (1.0.75.1) trusty; urgency=medium
[Olav Krapp]
* ld-base:
- Better trusty or xenial detection.
-- SBE network solutions GmbH <info@sbe.de> Fri, 20 Oct 2017 04:52:34 +0000
ld-puppet (1.0.75) trusty; urgency=medium
[Olav Krapp]
* ld-base:
- Prepare upgrade to Ubuntu 16.04.
- Show hint if other users are logged on.
-- SBE network solutions GmbH <info@sbe.de> Thu, 19 Oct 2017 17:13:02 +0000
ld-puppet (1.0.74) trusty; urgency=medium
[Michael Schoenbeck]
* ld-site-bielefeld:
- string replacement on /var/lib/ld-puppet/hiera.d/site.d/*.yaml
-- SBE network solutions GmbH <info@sbe.de> Tue, 12 Sep 2017 07:11:18 +0000
ld-puppet (1.0.73) trusty; urgency=medium
[Michael Schoenbeck]
* ld-site-bielefeld:
- replace CUSTOMER_NAME_SHORT with LD_CUSTOMER_SHORT via postins
-- SBE network solutions GmbH <info@sbe.de> Tue, 12 Sep 2017 07:11:18 +0000
ld-puppet (1.0.72) trusty; urgency=medium
[Michael Schoenbeck]
* ld-site-bielefeld:
- enabled rev-proxy
- enabled mysql56
- enabled ldmobile
- configured rev-proxy and ldmobile
-- SBE network solutions GmbH <info@sbe.de> Tue, 12 Sep 2017 07:11:18 +0000
ld-puppet (1.0.71) trusty; urgency=medium
[Michael Schoenbeck]
* ld-site-bielefeld:
- enabled samba4-ad
-- SBE network solutions GmbH <info@sbe.de> Tue, 12 Sep 2017 07:11:18 +0000
ld-puppet (1.0.70) trusty; urgency=medium
[Olav Krapp]
* ld_base:
- Local apt repository configured correctly.
* ld_icinga2:
- check_procs adapted for xenial.
* ld_puppet:
- Parent proxy in squid-deb-proxy configured correctly.
* profile/host:
- logoDIDACT(R) RPC services enabled.
-- SBE network solutions GmbH <info@sbe.de> Tue, 12 Sep 2017 07:11:18 +0000
ld-puppet (1.0.69) trusty; urgency=medium
[Olav Krapp]
* ld_puppet:
- Add build.openvpn.net to trusted domains.
-- SBE network solutions GmbH <info@sbe.de> Mon, 21 Aug 2017 20:56:04 +0000
ld-puppet (1.0.68) trusty; urgency=medium
[Olav Krapp]
* ld_vpn:
- Relocate OpenVPN repository.
- Reimport OpenVPN gpg key if expired.
-- SBE network solutions GmbH <info@sbe.de> Mon, 21 Aug 2017 14:38:46 +0000
ld-puppet (1.0.67) trusty; urgency=medium
[Olav Krapp]
* ld_ovs:
- Fix typo in name for openvswitch service unit replacment.
-- SBE network solutions GmbH <info@sbe.de> Wed, 16 Aug 2017 09:08:21 +0000
ld-puppet (1.0.66) trusty; urgency=medium
[Torsten Fohrer]
* common:
- Upgrade process removes puppet 10 upgrade packages now.
* ld_ovs:
- Fix typo in url for openvswitch service unit replacment.
-- SBE network solutions GmbH <info@sbe.de> Mon, 14 Aug 2017 13:01:50 +0000
ld-puppet (1.0.65) trusty; urgency=medium
[Torsten Fohrer]
* common:
- upgrade-packages:
- Use correct http status code for repo condition check.
- update-license-info:
- Use excon http library that respects http_proxy / https_proxy env.
- Use std http format to get license informations.
* debian:
- Correct some lintian errors.
- Allow to specifiy site specific control files.
* site.de:
- berlin:
- Remove etc directory from berlin.
* ld_samba4:
- Ensure 0750 on ntp_signed directory.
* hiera:
- samba4-ad:
- Add missing firewall rule for ntp access thanks olk@sbe.de.
- rembo:
- Redirect smbd,nmbd,winbindd log files into services directroy
- Disallow access to bin, internal state files.
* ld_legacy:
- Deploy ldc repo.
* ld_ovs:
- Using correct filename for ovs init default environment settings.
- Deploy a corrected openvswitch-nonetwork service definition for
ubuntu 16.04 hosts.
* ld_syslog:
- Purge unmanged directories in /var/log/services.
[Olav Krapp]
* ld_icinga2:
- Increase check interval for ilo services to 12h.
-- SBE network solutions GmbH <info@sbe.de> Tue, 4 Jul 2017 12:15:00 +0000
ld-puppet (1.0.64) trusty; urgency=medium
[Torsten Fohrer]
* upgrade:
- Commit changes in etc/logodidact.
* common:
- puppet-fix-permissions ensures now executable bit on pre/post-commit
hook in etc/logodidact git repository.
- Fix quoting in update-license-info thanks to Klaus Roerig.
-- SBE network solutions GmbH <info@sbe.de> Tue, 4 Jul 2017 12:15:00 +0000
ld-puppet (1.0.63) trusty; urgency=medium
[Torsten Fohrer]
* common:
- integrate license before warn about missing license,
check deploy.yaml too
-- SBE network solutions GmbH <info@sbe.de> Tue, 4 Jul 2017 12:15:00 +0000
ld-puppet (1.0.62) trusty; urgency=medium
[Torsten Fohrer]
* preinst
- Tweaking code that moves custom yaml into /etc/logodidact
-- SBE network solutions GmbH <info@sbe.de> Tue, 4 Jul 2017 12:15:00 +0000
ld-puppet (1.0.61) trusty; urgency=medium
[Torsten Fohrer]
* ldupdate:
- Fix package installation detection.
* ld_base:
- Begin to adding real systemd infra support:
- facts to detect systemd/paths to command
- central daemon reload resource (for notfiy).
- Disable apt-daily.timer, let puppet run package list
update.
- define cron service and package requirement.
- screen now uses fixed term name screen-256color
* update scripts:
- update:
- Only remove policy-rc.d lock on error.
- Remove trap handler after package upgrade.
- interface:
- install on err trap handler.
- puppet log level raised to error output.
* ld_kopano:
- meetings:
- Daemon listen now on 0.0.0.0
- setting secrets for presence, webauth code/access token.
* ld_legacy:
- deploy localrepo repository url here too.
- add switch to enable official hardy repos.
- Reusing dns update hook for samba4-ad dns deployment.
- Adding templates for postfix kopano modifications.
* common:
- upgrade-packages now uses exitcode from apt-tools if non zero on.
- update ruby 1.9.1 gems.
- integrate-license:
- Use correct key names for system.conf/logodidact.key
Thanks to cge@sbe.de
- Remove whitespaces and tabs from key.
Thanks to cge@sbe.de
- Print out more information what it does (and what not).
- Warns about differing keys from system.conf/logodidact.key.
- Prefers now key from logodidact.key if it exists.
- Should remove key in system.conf only if:
- No key different with key file.
* ld_rproxy:
- New template for kopano that redirects webmeetings directly to kopano
lxc.
- Synchronize proxy headers across settings.
* ld_samba4:
- kopano:
- Allow only 1 instance of sync script to run.
* ld_puppet:
- Initialize a localrepo directory.
* hiera.d:
- puppeteer:
- nginx now listen on [::]:80 (ipv6) too.
-- SBE network solutions GmbH <info@sbe.de> Tue, 4 Jul 2017 12:15:00 +0000
ld-puppet (1.0.60) trusty; urgency=medium
[Torsten Fohrer]
* ld_samba4_ad:
- Add ldap-utils.
- Remove hook directory in /var/lib/samba.
* 3part.d:
- Move patches/orginals into own subdirectory doc.d/patches/3part,
to avoid deployment of org/patch files (pluginsync)
- rabbitmq:
- rabbitmq_nodename: Fix nil exception.
* ld_legacy:
- Don't same hash key for hook titles.
- Rework upgrade cleanup to use a bash script instead of
a complex puppet resource structure.
* debian:
- Revert architecture change (back to all).
* upgrade/update:
- Deploy hiera.yaml as early as possible.
- Avoid using proxy to connect 127.0.0.1 (puppetdb starting wait).
* common:
- integrate license removes licenseid from system.conf only if a key
file is found.
* ld_lxc:
- Don't deploy phys interfaces to ovs.
* ld_network:
- Allow removal of ovs port configuration of interface with
ovs_type=none.
* ld_puppet:
- update-license-info:
- Deploy file instead of link.
- rename from update-assurance-info.
-- SBE network solutions GmbH <info@sbe.de> Tue, 4 Jul 2017 10:38:00 +0000
ld-puppet (1.0.59) trusty; urgency=medium
[Torsten Fohrer]
* common:
- Use fiddle (ffi module builtin in ruby) to change process title.
* debian:
- Change architecture to amd64
- Remove unneeded rules from rule
- so files shouldn't need executable bit
* ld_puppet:
- update-assurance-info:
- Fix permission on update-assurance-info (a+rx)
- Let it run under root, but dropping user rights.
-- SBE network solutions GmbH <info@sbe.de> Mon, 26 Jun 2017 08:21:37 +0000
ld-puppet (1.0.58) trusty; urgency=medium
[Torsten Fohrer]
* update:
- Build own ruby library path (fixate to 1.9.1 atm) for bundler
* ld_base:
- Correct assurance liquid template.
-- SBE network solutions GmbH <info@sbe.de> Fri, 23 Jun 2017 14:48:41 +0000
ld-puppet (1.0.57) trusty; urgency=medium
[Torsten Fohrer]
* ld_base:
- Integrate dpkg_divert type/provider.
- Generate dangerous lxc tool aliases only in dev environments.
- Extend policy-rc.d:
- Deny all service starts by creating a lockfile.
- Use logger --tag to allow filtering/redirecting into own syslog file.
- Externalize assurance license information retrieval:
- update-assurance-info retrieves lic expiration offline out of process.
- Runs all */4 hours (cronjob).
- Adds new retrieve timestamp.
* ld_lxc:
- Generate dangerous lxc tool aliases only in dev environments.
* update:
- Update package lists from puppeteer directly in upgrade script.
- Repack ruby gems (avoids headaches in dev envs).
* ld_samba:
- Fix include paths in kopano provision.
- Always use current real interface name instead of static "servernet".
* ld_puppet
- Add update-assurance-info
- Avoid changing filemods for puppetrack/tmp | puppet/reports.
* ldupdate:
- Change script names (old ldupdate uses update for upgrade):
- upgrade => Recipe upgrade with integrate package updates
- update => Puppeteer package upgrades
- Add a interface wrapper named interfaces between ldupdate and scripts
that redirect outputs into logfile /var/log/ldupdate.log
- That interface wrapper provides an alias for older ldupdate versions.
* common:
- Try to set process title in some tools (hackish on linux).
-- SBE network solutions GmbH <info@sbe.de> Fri, 23 Jun 2017 13:24:17 +0000
ld-puppet (1.0.56) trusty; urgency=medium
[Torsten Fohrer]
* debian:
- Correct filenames in fix-permission inclusion file.
* ld_base:
- Correct upgrade-retained-packages alias, and use alias
instead upgrade-packages directly in ldinfo output.
- Move ld_bash into ld_base.
* ld_puppet:
- Remove installation of development package.
- Reduce restart triggers of puppetdb.
* hiera:
icinga2:
- Install defect php-dompdf.
fixed:
- Add backports with prio 300.
-- SBE network solutions GmbH <info@sbe.de> Mon, 19 Jun 2017 13:21:50 +0000
ld-puppet (1.0.55) trusty; urgency=medium
[Torsten Fohrer]
* ldupdate:
- Fix error handling in software assurance reporting.
-- SBE network solutions GmbH <info@sbe.de> Tue, 13 Jun 2017 13:39:49 +0000
ld-puppet (1.0.54) trusty; urgency=medium
[Torsten Fohrer]
* hiera.d:
- default:
- Set server names hash bucket size (256) / max size (2048).
- fixed:
- Add proposed repository (pin priority 400) to xenial and trusty.
- Add a lxc20 component repository for trusty that contains fixed
lxc tools.
* update:
- Remove passenger logodidact ppa pin files.
* ld_base:
- Rename apt-uptodate to upgrade-packages.
- Rename bash ldap config include from ldap to ldap.logosrv.
* ld_kopano:
- Transfer additinal kopano attribute: admin.
- Hardcode path to additional-samba-tool.
- Show public contact folders as hard coded default.
- Add location proxy for zpush (non-autodiscover).
- Use displayName attribute instead of cn as user fullname.
* common:
- Allow to specify files with enforced a+rx rights by puppet-fix-permission
via file scripts in puppet root.
* ld_samba4:
- Correcting line feeds again.
- kopano:
- Installs a cronjob that copies settings from logosrv for kopano/zarafa
(atm admin/account) flag.
- Cronjob check for existence of "allow to run" file.
- Fast break on errors in subshells.
* ld_icinga2:
- Use dist specific repository for xenial/trusty.
* ld_ssh:
- Remove duplicate parameter declaration.
- Reduce auto logout time for ssh connections to 12h instead of 7d.
* ld_ovs:
- Hold back openvswitch-common too.
-- SBE network solutions GmbH <info@sbe.de> Tue, 13 Jun 2017 13:39:49 +0000
ld-puppet (1.0.53) trusty; urgency=medium
[Torsten Fohrer]
* containers:
- Rename kopano to kopano-g1.
* ld_samba4:
- Disable echo in logon script.
- Reformat batch file from unix eol to windows eol.
* hiera.d/ldhost.yaml:
- Disable dnssec validation module of unbound.
-- SBE network solutions GmbH <info@sbe.de> Wed, 24 May 2017 11:41:26 +0000
ld-puppet (1.0.52) trusty; urgency=medium
[Torsten Fohrer]
* debian:
- Correct version number in dir_to_symlink conversion
for custom.d directory.
* ld_icinga2:
- Require scratch directory for deployment.
* site/bielefeld:
- Correct legacy ssh port key name.
* ld_mobile:
- Use only public announced lockfile "provision".
-- SBE network solutions GmbH <info@sbe.de> Wed, 24 May 2017 11:41:26 +0000
ld-puppet (1.0.51) trusty; urgency=medium
[Torsten Fohrer]
* ld_kopano:
- Run kopano-webmeetings under group kopano.
- Adding a basic 1.generation kopanoaccount sync script
made by mis@sbe.de.
* debian:
- ldupdate finish smoothly if it detects a git deployment.
- Don't hold puppetdb in update script.
* ld_mobile:
- Correct array expansion type in wizard.
* ld_base:
- apt-uptodate:
- Implement update method ldupdate (ignores packages).
* ld_rproxy:
- Add missing line feed for dns host name fakes in /etc/hosts
* env.d:
- Add global::domain value as domain in ld_fixed common hash
-- SBE network solutions GmbH <info@sbe.de> Mon, 22 May 2017 06:41:32 +0000
ld-puppet (1.0.50) trusty; urgency=medium
[Torsten Fohrer]
* debian:
- Tweak update script:
- Enforce hold on puppetdb.
- Don't upgrade system packages on puppeteer.
- Don't restart apache in postinst script.
-- SBE network solutions GmbH <info@sbe.de> Wed, 17 May 2017 08:56:20 +0000
ld-puppet (1.0.49) trusty; urgency=medium
[Torsten Fohrer]
* debian:
- Don't deploy gem files anymore
-- SBE network solutions GmbH <info@sbe.de> Wed, 17 May 2017 08:24:20 +0000
ld-puppet (1.0.48) trusty; urgency=medium
[Torsten Fohrer]
* debian:
- Fine tune gem library managment via puppet-pack
* common:
- Correct metadata for puppet modules
- ldupdate enforces now language en_US/en_DK.
- Use ruby version specific gemfiles now.
* hiera.d:
- Increase burst syslog messages.
* ld_base:
- policy-rc.d:
- Always log initscript which is cause of policy invocation.
- On reload/restart, fallback to stopping service instead.
- functions:
- att_mapping:
- Add ensure/user mapping.
- Improve error messages.
- Create a etc directory in puppet-cm.
* ld_network:
- Switching between release/dev mode using ld-puppet version
as indicator.
* ld_puppet:
- Let passenger rack directly use vendor gems.
- Removing Bundler setup files from passenger rack environment.
* ld_lxc:
- facts:
- ld_lxc:
- Don't clean point out of lxc properties names.
- ldbootstrap:
- Hack around tty keyboard change by copying host keyboard
file into container for trusty/xenial ones.
* ld_network:
- functions:
- get_ip:
- Rename get_primary_ip to get_ip.
- Add possible to switch between primary ip, first ip
selection.
* ld_consul:
- Manages/install consul agent/server system
- Installs a bash completion for ssh that uses consul for hosts.
-- SBE network solutions GmbH <info@sbe.de> Wed, 17 May 2017 08:01:20 +0000
ld-puppet (1.0.47) trusty; urgency=medium
[Daniela Leitz]
* schema.d:
- Define mapping of audit daysToKeep.
[Lavent Cevat Sofuoglu]
* ld_rembo:
- Allow configuration of rembo binary linking.
[Marcel Petersen]
* ld_legacy:
- Cleanup/removing files from upgrading logoDIDACT 1 to 2,
saving logfiles in /var/log/ld20upgrade.
[Torsten Fohrer]
* 3part.d
- upgrade
- puppetlabs/stdlib (4.12.0 => 4.15.0)
- puppet/nginx (0.5.0 => 0.6.0)
- camptocamp/postfix (1.3.1 => 1.5.0)
- install
- puppetlabs/apache (1.11.0)
* ld_syslog:
- Replace invoke-rc with service for 16.04, avoiding a ugly daily cron
mail about unknown action.
* profiles:
- mysql:
- Use common backup directory /var/backups for mysql backups.
- Use unique tag name for collecting databases via exported resources
instead simple hostname.
* ld_pydio:
- Fix path to service.
* ld_puppet:
- Implement a redis backup solution.
* ld_icinga2:
- Add missing sudo entry for check_packages, thanks to Klaus Roerig.
* ldupdate:
- Removing historic update script support.
- Implement update script handover and update resume process.
(ldupdate handsover processing to update script, which calls at end
ldupdate to finish update).
* ld_vim:
- Enable mouse support handling.
* debian:
- Removing bogus directory in /etc/logodidact/hiera (maintenance.d).
- Removing policy-rc.d in preinst to avoid some errors about missing puppet
configuration files (policy-rc.d invokes puppet).
* ld_legacy:
- Ensure media directory in logosrv rootfs.
- Correct ntp_patch logic to change ntp address only if it differs.
* ld_mobile:
- Replace role mysql::server with mysql::client.
- Avoid deploying mysql::db resource to local instance.
* ld_lxc:
- Using 2.x lxc environment default files
- ld_network now checks for running ovs, otherwise it tries it 10 times
(10s pause)
- Add default hooks for stop, post-stop (atm they only log hook execution).
- Improve syslog output of hook script (hook name, stop phase).
- Try to inform user of current bootstrap process state in containers.
- Linking bootstrap log into root home, cleaning them up after successful
bootstrap.
* ld_ovs:
- To avoid some problems in upstart boot process removing lxc override
file that blocks lxc start.
- On demand start of ovs switch in ifupdown script only on interface start.
- Starting now with a clean database (--delete-bridges) on boot.
- Removing historically needed helper script.
* ld_apt:
- Correct handling of dpkg_divert removal.
* ld_samba4:
- Reintroduce a common samba4 module that should implement samba4
functions, avoiding code replication (see samba4_ad/samba4_share)
- Only listen to interface servernet 127.0.0.1, ::1
- Reduce textual content of samba.secret file.
- On provising a new ad controller the kopano schema is now integrated.
- Adding a group "ld-sysgroup" that can be used for hiding internal ad
specific user and groups from applications.
- Adding a user for ldap authentication named "ld-ldap-read" that
application can use for ldap bind authentication.
* ld_base:
- Removing /var/log/bootstrap.log.
- Migrate away from ruby open4 gem to childprocess gem, because first
has some annoying bugs with handling zombies.
- var/empty should be a directory
- Remove backups directory in puppet-cm.
- Fix false method name "warn" for logging in get_software_assurance.
- Adding a service provider for ubuntu 16.04 to enforce systemd as default
init provider.
- Allow to concat own change trigger information into apt dist-upgrade
trigger:
- puppet version
- datetime (classic variant)
- policy-rc.d:
- now logs it's pid to.
- determines puppet paths from path to puppet executable.
- Using return code 104 instead of 0 (avoid warnings in xenial
containers)
- profiles:
- Expand code for extract role/classes/profiles.
- New function ld_base:random_values
- Unifies redis / password generation handling
- Generate pkdf2 password structure.
* ld_rproxy:
- Adding proxy forwarded-port/host/for environment as default.
* ld_icinga2:
- Improve logging
- Fix a logic condition error in handling arrays and strings
* ld_legacy:
- Remove hvc0 service.
* ld_kopano:
- Rewrote kopano support module from ground up.
- Installing kopano environment with z-push/webapp/server as default.
- Setups autodiscover to automatically use request server name as host for
eas service.
- Using licenses (maintenanced based) repository from SBE network
solutions.
* profile:
- ldhost:
- Removing unbound.conf.d directory.
* hiera.d:
- Deploy puppet 3.8.7 from trusty to xenial using repo hosted by
sbe network solutions.
- Using now official ubuntu mirror for trusty too.
- Own syslog logfiles for:
- systemd
- prun
* ld_network:
- Reorder auto/allow- lines in interfaces output.
- ovs bridges now uses debian option line "auto" to bring them up.
* ld_rembo:
- Installs ld-myhosts.
* 3part.d:
* samba:
- Patch 3part module so that we can specify a own samba-tool
that should be called.
- Disabling command execution timeout on domain provision.
- Extends smb_group type/provider with a member property.
[Olav Krapp]
* ld_lxc:
- xenial ready.
***
* BREAKING CHANGEs
***
- hiera.d
- Increase mysqldump packet size to 1g.
- Use a symbolic link for custom.d/xxx.yaml files instead of doing all
the work to manage symbolic links from/to /etc/logodidact/hiera/custom.d.
- A symlink is managed for custom.yaml from /etc/logodidact/hiera/custom.yaml,
as before by map_translate.
-- SBE network solutions GmbH <info@sbe.de> Mon, 21 Nov 2016 00:50:28 +0000
ld-puppet (1.0.46) trusty; urgency=high
[Torsten Fohrer]
* Port changes from internal ld-puppet version.
* ld_icinga2:
- Add check_package to sudo list.
* ld_mobile:
- New deployment script for ldmobile.
[Olav Krapp]
* ldmon_net:
- Use of proxy has been implemented.
* ld_vpn:
- Use of proxy has been implemented.
-- SBE network solutions GmbH <info@sbe.de> Fri, 10 Feb 2017 12:53:31 +0000
ld-puppet (1.0.43) trusty; urgency=high
[Torsten Fohrer]
* hiera.d:
- unifi, use correct url to download unifi.
-- SBE network solutions GmbH <info@sbe.de> Thu, 15 Dec 2016 10:54:17 +0000
ld-puppet (1.0.42) trusty; urgency=high
[Torsten Fohrer]
* hiera.d:
- Correct typo in netscope / ldhost.yaml
- Fix copy & paste typo in profile::network shorewall provider name in
rev-proxy.
- ldhost unrelease mysql57 container.
* profile.d:
- Correct backport of check_aggregate_producer recipe.
-- SBE network solutions GmbH <info@sbe.de> Mon, 21 Nov 2016 00:50:28 +0000
ld-puppet (1.0.41) trusty; urgency=high
[Torsten Fohrer]
* ld_base:
- apt-uptodate:
- Enforce hold on marked packages even on upgrade run
-- SBE network solutions GmbH <info@sbe.de> Sun, 20 Nov 2016 11:55:07 +0000
ld-puppet (1.0.40) trusty; urgency=high
[Torsten Fohrer]
* package:
- Fix deployment of bundler packages via puppet-bundler
* ld_base:
- Revert defect bundler including
-- SBE network solutions GmbH <info@sbe.de> Sat, 19 Nov 2016 21:55:55 +0000
ld-puppet (1.0.39) trusty; urgency=high
[Torsten Fohrer]
* ld_network:
- Only add defined default gateway
* ld_base:
- apt-uptodate only run hold/unhold action on upgrade not update.
- policy-rc.d now redirect error stream from puppet (where is my catalog)
into dev null.
-- SBE network solutions GmbH <info@sbe.de> Fri, 18 Nov 2016 14:19:57 +0000
ld-puppet (1.0.38) trusty; urgency=high
[Torsten Fohrer]
* ldupdate:
- Use correct parameter handling for long arguments in commander:
- -r/--reboot instead of -ncr/--no-confirm-reboot now.
-- SBE network solutions GmbH <info@sbe.de> Thu, 17 Nov 2016 16:09:42 +0000
ld-puppet (1.0.37) trusty; urgency=high
[Torsten Fohrer]
* hiera.d:
- Fix unifi download repo domain
- Allow repo dl.ubnt.com
* profiles
- Fix password selection for maintenance setup
-- SBE network solutions GmbH <info@sbe.de> Fri, 18 Nov 2016 11:32:47 +0000
ld-puppet (1.0.36) trusty; urgency=high
[Torsten Fohrer]
* debian:
- fix changelog
-- SBE network solutions GmbH <info@sbe.de> Thu, 17 Nov 2016 16:09:42 +0000
ld-puppet (1.0.35) trusty; urgency=high
[Torsten Fohrer]
* debian:
- Debug output for preinst script.
* ld_ovs:
- Use --no-upgrade to avoid overwrite package install.
-- SBE network solutions GmbH <info@sbe.de> Thu, 17 Nov 2016 16:09:42 +0000
ld-puppet (1.0.34) trusty; urgency=high
[Torsten Fohrer]
* ld_base:
- apt-uptodate
- tune handling package upgrade of critical system components.
-- SBE network solutions GmbH <info@sbe.de> Wed, 16 Nov 2016 13:27:24 +0000
ld-puppet (1.0.33) trusty; urgency=high
[Torsten Fohrer]
* ld_base:
- apt
- use correct parameters.
-- SBE network solutions GmbH <info@sbe.de> Wed, 16 Nov 2016 13:27:24 +0000
ld-puppet (1.0.32) trusty; urgency=high
[Torsten Fohrer]
* hiera.d:
- maintenance.yaml and directory integrated.
- Correct bogus hiera.yaml.
- Introduce seperate scope (as s 0.9.x) for maintenance networking.
- Add package cache url:
- swupdate.openvpn.net
* ld_puppet:
- Sort hint output line.
* doc.d:
- Sample for defaultssl host in reverseproxy
* ld_base:
- apt-uptodate:
- Fix handling of command line parameters.
- Don't show info when invoked by apt.
- Don't run apt-update when already invoked by apt.
* General:
- map_translate respect now maintenance settings.
- use correct step ordering in rakefile.
-- SBE network solutions GmbH <info@sbe.de> Wed, 16 Nov 2016 13:27:24 +0000
ld-puppet (1.0.31) trusty; urgency=high
[Torsten Fohrer]
* FIX: Changelog format error
-- SBE network solutions GmbH <info@sbe.de> Wed, 16 Nov 2016 13:27:24 +0000
ld-puppet (1.0.30) trusty; urgency=high
[Torsten Fohrer]
* Fix some lintian errors
-- SBE network solutions GmbH <info@sbe.de> Wed, 16 Nov 2016 13:27:24 +0000
ld-puppet (1.0.29) trusty; urgency=high
[Torsten Fohrer]
* 3part.d
- upgrade
- jfrmnx/nginx to puppet/nginx (0.3.0 => 0.5.0).
- luxflux/openvpn (new, 4.0.1)
- puppetlabs/apt (2.2.2 => 2.3.0)
- puppetlabs/rabbitmq (5.4.0 => 5.6.0)
- puppetlabs/stdlib (4.12.0 => 4.13.1)
- puppetlabs/mysql (3.8.0 => 3.10.0)
- puppetlabs/staging (1.0.7 => 2.0.1)
- puppetlabs/inifile (1.5.0 => 1.6.0)
- kakwa/samba (0.6.2 => 0.7.2)
- saz/rsyslog (3.5.1 => 4.0.3)
- zleslie/unbound (1.3.5 => 1.3.6, 2.0.0 is p4 only)
* ld_rproxy:
- Fix duplicate http case condition, to correct "template" match
- Deploy a ssl default host with snakeoil certificates, that
handles all undefined/unknown hosts.
- Allow to specifiy a default host for ssl (defaultssl ini param,
listen_as_default class parameter).
- Adding a template that can be used as defaultssl host (wwwroot same as
default http host).
- Adding possible to disable hosts via ensure parameter.
* ld_kopano:
- Setups a supported kopano (license required) environment.
- Early adoption stage.
* ruby libraries:
- mail
- mimetype (differnt version for xenial)
* ld_network:
- transform_netmap:
- Fix route inet handling.
* ld_legacy:
- Instead of reusing ld_lxc templates, now using ld_lxc::container resource
directly.
- Disable bogus tty/getty agents.
* ld_rsyslog:
- Discard kernel message in lxc's.
* ld_samba4_share:
- Using correct service to start/stop samba.
* ld_samba4_ad:
- Force stop nmbd/smbd services.
- Restart bind on configuration change (named.conf.options).
- Restart bind if we change krb5.conf.
* ld_ovs:
- Reenable ovs-vsctl --del-bridge on shutdown of ovsbridge interface.
* ld_base:
- policy-rc.d:
- Add more logging output, that explain why policy-rc.d runs
update-policy-rc.d
- apt-uptodate:
- Does now really upgrade packages.
- Avoid update packages when run via apt-get update in a puppet run.
- Adding --info option which prints out a short list of packages
informations.
- New Millenium feature, sends out a mail on failure/success,
with !! HTML !! body, and optional (on success) all output
from invoked commands.
- Ensure hold on critical system packages before running upgrade
- After upgrade and/or on failure try to held critical system packages.
- Print out informations directly if invoked by hand.
- ldinfo:
- Adopt changed output from apt-uptodate (displaying updates).
* ld_rembo:
- License file now requires rembo package.
* ld_lxc:
- container resource now accept all lxc.container.archs (amd64, i686, x86,
x86_64).
- Allow to define mount entries (atm simple complete mount entry line).
- Allow to set autodev lxc property.
- Disable setvtrgb on ubuntu1604 containers.
* ld_puppet:
- prun now safes ruby env and restore it after puppet agent is run.
* profiles:
- mail::satellite:
- Forward root mails to root@your_domain.de.
- lxc::host:
- Restrict available container filtering to running or reserved
containers.
- host::ldhost:
- Handling some special configuration that only applies to main/master
ldhost in a environment (dns resolving, as sample)
- Configuring now a local dns forwarder that forwards internal /domain/
to logosrv (s4 domain atm not).
- To activate him please change dns-nameserver in
/etc/network/interfaces from logosrv ip to 127.0.0.1.
* debian
- ldupdate now runs a external script update in update.d if found instead
of legacy version specific updates (reroll all updates for a specific
version on each update). If we break something we muss fix it in this
moment or switch to a new major package version and fix it in their
update process (detect fix, always reroll and so).
* schema.d:
- system.cscm, system.pmap add ResolveNameserver parameter to allow
specifying a external nameserver.
* General:
- Integrate changes from 0.9.69-0.9.72 (monitoring)
-- SBE network solutions GmbH <info@sbe.de> Thu, 08 Sep 2016 13:10:22 +0200
ld-puppet (1.0.28) trusty; urgency=high
[Torsten Fohrer]
* tools:
- fix puppet-create-metadata to cleanly restart module search.
* profiles:
- lxc::host now manage only running guests, warns about guest
that have no configuration (state reserve, running).
* ld_puppet:
- prun now checks /.metadata/host.shutdown to avoid running on shutdown.
* update:
- seperate fileserver.conf deploy from other things to avoid puppet error
about removing mount without a local directory.
* Adding skeleton lxc kopano80, recipes for kopano
* Adding LXC mysql for sharing mysql instance to reduce memory requirement
with many class b database servers (non-infrastructure, non-system dbs)
-- SBE network solutions GmbH <info@sbe.de> Thu, 08 Sep 2016 13:10:22 +0200
ld-puppet (1.0.27) trusty; urgency=high
[Torsten Fohrer]
* debian:
- Fix syntax error in postinst.
* ldmobile:
- Enforce utf-8 encoding of ruby interpreter.
* ld_rproxy:
- Adding new type template which minimize template
overrides.
* General:
- Readd missing rembo7 yaml.
* profiles:
- lxc::host now manage only running guests, warns about guest
that have no configuration (state reserve, running).
-- SBE network solutions GmbH <info@sbe.de> Tue, 06 Sep 2016 11:01:40 +0200
ld-puppet (1.0.26) trusty; urgency=high
[Torsten Fohrer]
* General:
- map_translate handling bogus dependency histories correctly.
- ldupdate disable update script handling.
- cli.rb:
- Hardening hint reading.
* ld_network:
- Use epp template to generator avahi-daemon.conf before package
avahi-daemon.
* debian:
- Removing legacy upgrade scripts/support, (updating is only supported from
latest 0.9.x release.
- Remove auto update of changelog date.
- Helper scripts break now if some error occurs.
[Aaron Letzguss]
* ld_samba4_ad:
- Remove minpwdage policy.
- created mapping for samba4-ad netbios name.
- samba4-shares fix for empty shares.
- added missing shares for rembo7.
- Backported from 0.9 branch.
-- SBE network solutions GmbH <info@sbe.de> Wed, 31 Aug 2016 11:50:11 +0200
ld-puppet (1.0.25) trusty; urgency=high
[Torsten Fohrer]
* update
- Fix missing profiles array
- Remove legacy 0.9 upgrade files
* ld_base:
- Install ld-hf-001-hide-doreleaseupgrade1404 in trusty containers.
* ld_icinga2:
- After using policy-rc.d helper to avoid starting icinga with bogus
configuration, we don't cleanup var/lib/icinga2 anymore.
* General:
- ldupdate:
- Use ld-puppet10 as package.
- Use ldinfo assurance information instead of querying them self.
-- SBE network solutions GmbH <info@sbe.de> Wed, 31 Aug 2016 11:50:11 +0200
ld-puppet (1.0.24) trusty; urgency=high
[Torsten Fohrer]
* ld_acmetool:
- Fix agreement handling.
- Enforce response file.
- Fix incorrect variable for mail.
* ld_base:
- Deploy a policy-rc.d that will abort autostarts from package install
for managed services.
[Olav Krapp]
* ld_icinga2:
- Fix duplicate command definition.
- Support of 2.5.0 icinga.
-- SBE network solutions GmbH <info@sbe.de> Mon, 08 Aug 2016 03:27:14 +0000
ld-puppet (1.0.23) trusty; urgency=high
[Torsten Fohrer]
* ld_osv
- Hold back auto upgrade of openvswitch
* hiera:
- install lxc-templates on lxc::hosts.
* debian:
- Update last release time stamp automatically.
- Deploy documentation directory again.
- Fix packagename directly.
* ld_rproxy:
- Change resolution of ld_rproxy::hosts from priority (param) to hash
(hiera call) lookup.
- For better site configuration now replaces customer_short with
customer/name/short value.
* site.de:
- Activate letsencrypt acmetool for puppeteer.
- Basic file for rev-proxy setup.
-- SBE network solutions GmbH <info@sbe.de> Mon, 08 Aug 2016 03:27:14 +0000
ld-puppet (1.0.22) trusty; urgency=high
[Torsten Fohrer]
* ld_network
- Deploy avahi config before installing package to avoid some nasty timeout
problems.
* debian:
- Fix packagename directly.
-- SBE network solutions GmbH <info@sbe.de> Mon, 08 Aug 2016 03:27:14 +0000
ld-puppet (1.0.21) trusty; urgency=high
[Torsten Fohrer]
* General:
- More fixes about package name
-- SBE network solutions GmbH <info@sbe.de> Mon, 08 Aug 2016 03:27:14 +0000
ld-puppet (1.0.20) trusty; urgency=high
[Torsten Fohrer]
* debian:
- Fix defect site package maintainer scripts.
- Don't cleanup manifest directories from unwanted content.
-- SBE network solutions GmbH <info@sbe.de> Mon, 08 Aug 2016 03:27:14 +0000
ld-puppet (1.0.19) trusty; urgency=high
[Torsten Fohrer]
* Upgrade:
- Use absolute path for files in puppet update manifest.
* debian:
- Improve package dependencies.
* ld_network:
- rudimental spec suit created.
- Fix sorting bug with multiply addresses.
* General
- Correct metadata for sbe modules.
-- SBE network solutions GmbH <info@sbe.de> Mon, 08 Aug 2016 03:27:14 +0000
ld-puppet (1.0.18) trusty; urgency=high
[Torsten Fohrer]
* General:
- map_translate now reports backuped files (files not linked in custom.d).
- logreporting to a central (logstash) instance is rudimental integrated.
- If a key file under /etc/logodidact/license/logodidact.key exists,
this license id is automatically integrated/updated in a puppet
configuration.
- If license is migrated into deploy.yaml, other license definition are
removed.
* hiera.d:
- Don't deploy anymore puppetlabs key to common trusted key database.
* ld_base:
- Use other puppetlabs keyring file.
* ld_puppet:
- Refactor parameter handling for minion interval setting.
* ld_rproxy:
- Adding monitoring checks (proc,http=401,30x,200,https=401,30x,200)
* ld_mobile:
- Adding monitoring checks (proc,http)
* ld_profile:
- By including sysctl::base allowing to define sysctl values directly in
hiera.
-- SBE network solutions GmbH <info@sbe.de> Mon, 08 Aug 2016 03:27:14 +0000
ld-puppet (1.0.17) trusty; urgency=high
[Torsten Fohrer]
* apt-uptodate
- Allow refresh package list after upgrade.
* map_translate
- Fix error when translate target has no sources.
* Update Script
- Add missing variable _fn_role.
* ld_lxc:
- Fix regex error.
- Only run on none lxc systems.
-- SBE network solutions GmbH <info@sbe.de> Mon, 08 Aug 2016 03:27:14 +0000
ld-puppet (1.0.16) trusty; urgency=high
[Torsten Fohrer]
* ld_lxc:
- Deploy cloud-image-mitaka gpg key.
* ld_syslog:
- Refactor to allow define simple and field conditions
(field op value (and optional same again)?), field is unique!
-- SBE network solutions GmbH <info@sbe.de> Thu, 04 Aug 2016 10:22:00 +0000
ld-puppet (1.0.15) trusty; urgency=high
[Torsten Fohrer]
* Fix bogus release 1.0.14 (missing commits and so)
-- SBE network solutions GmbH <info@sbe.de> Thu, 04 Aug 2016 10:22:00 +0000
ld-puppet (1.0.14) trusty; urgency=high
[Torsten Fohrer]
* 3part.d
- upgrade
- puppetlabs/concat (2.1.0 => 2.2.0)
- puppetlabs/inifile (1.4.2 => 1.5.0)
- puppetlabs/postgresql (4.7.1 => 4.8.0)
- Remove "include apt;" remove path :)
- new:
- zlesie/unbound (1.3.5)
* General
- Add garethr/puppet-module-skeleton template.
- Rework packaging building for site config deployment
- apt-uptodate runs now apt-get autoclean to remove cached packages.
* ld_base:
- Adding a configuration to resource possibility:
- Creating resources only by defined them in yaml on-the-fly.
- Inc. dependency and ordering interformations.
* ld_lxc:
- Add lxc version info.
* hiera.d:
- fixed:
- Package cache allow www.ubnt.com
* profiles:
- Remove dead interfaces code from ntp::server.
* ld_git:
- Deploy gitconfig via a type to switch between normal/ld10 config format.
* ld_legacy:
- Deploy gitconfig in legacy mode.
* ld_apt:
- Adding a new resource type that controls dpkg-divert.
* ld_ovs:
- Deploy a patch ifupdown.sh (original file diverted via dpkg-divert)
- Remove unneed startup helper.
-- SBE network solutions GmbH <info@sbe.de> Fri, 22 Jul 2016 11:59:24 +0000
ld-puppet (1.0.13) trusty; urgency=high
[Torsten Fohrer]
* hiera.d:
- Revert puppet repo for xenial (3.8.7 miss dependencies, ruby2.3 not
offical supported)
* General
- Refactor site.d directories for more features belonging to site packages.
- Add site config package divert support.
-- SBE network solutions GmbH <info@sbe.de> Fri, 22 Jul 2016 11:59:24 +0000
ld-puppet (1.0.12) trusty; urgency=high
[Torsten Fohrer]
* ld_icinga2:
- Fix syntax errors introduce by programmer.
* ld_puppet:
- Tell puppet that apache has a restart command.
- puppet-master-remove-client now calls only core commands
* ld_base:
- Improve apt-uptodate error handling.
- netscope_resolve:
- Supporting all alias
* ld_pydio
- To fight the zombie army, restart php5-fpm nightly.
* ld_apcupsd:
- Use atm 0.0.0.0 for nisip, servernet ip need changes in multiply places.
-- SBE network solutions GmbH <info@sbe.de> Fri, 22 Jul 2016 11:59:24 +0000
ld-puppet (1.0.11) trusty; urgency=high
[Torsten Fohrer]
* ld_base:
- apt-uptodate
- Missing in 1.0.10 notes
- Replaces now apt-upgrade script completly.
- New notes
- Fine tune dist-upgrade not to run on each triggered apt-update.
- Remove incorrect call in dpkg hook.
- Remove trigger file if something goes wrong.
* ld_legacy:
- Fix resource dependency problem with virtual logodidact.key file
resource.
* ld_network:
- Correct mdns domain tld from de to net (Thanks DG).
* ld_icinga2:
- tune handling of sometime defect state directory (/var/lib/icinga2).
-- SBE network solutions GmbH <info@sbe.de> Fri, 22 Jul 2016 11:59:24 +0000
ld-puppet (1.0.10) trusty; urgency=high
[Torsten Fohrer]
* ld_syslog:
- Lookup ld_syslog::services for hiera defined service definitions.
* profile:
- mail/satellite:
- Deploy a syslog configuration.
* ld_icinga:
- Remove unused hiera call.
- Allow overriding ensure for memory_edac.
- Optionally clear/cleanup local icinga2 satellite spool directory.
- Enforce start/stop on service refresh.
* ld_base:
- Deploy new command line tool apt-uptodate:
- Per hook it is automatically called after apt-get update has run.
- It generates a list of removable, upgradable, holded and new packages.
- It can be invoked silently with `update`.
- Handling locked apt situation.
- Add dpkg timestamp to detect changes in system.
* ld_network:
- avahi/deb proxy support
- Setups avahi for local usage in servernet.
- Use mdns.[CUSTOMER-NAME-SHORT].logodidact.de as mdns domain.
- Installs squid-deb-proxy-client here (not best place).
- transform_netmap
- add original interface name in internal structure.
- get_primary_ip
- Extract primary (inet specific) ip of a interface from mapping.
* ld_apcupsd:
- Deploys apcupsd to ldhost.
* ld_legacy:
- Correct ssh sftp server path
* ld_ssh:
- allow to specify sftp server (internal default).
* ld_rembo:
- Deploy myshn.key from /etc/logodidact/license if exists.
* ld_legacy:
- Deploy logodidact.key from /etc/logodidact/license if exists.
* ld_puppet:
- Use gzip for application bundle compression.
- Configure debian package caching solution.
- Remove hardwired syslog service.
- Deploy squid-deb-proxy and tweak some settings:
- Remove store/cache log.
- Takeover xenial refresh_patterns.
- Disable pinger.
- Reduce cache size (40gb default => 4 gb).
- Use "hostname" as squid proxy name.
- ldinfo:
- Add managed by/site name info to ldinfo/ld_base/customer info.
- Resort output to match old version better.
- Output upgradable packages counter.
- Showing site informations if available (site/name atm).
- General:
- Deploy syslog services for prun/apt-uptodate/puppet-agent.
-- SBE network solutions GmbH <info@sbe.de> Fri, 22 Jul 2016 11:59:24 +0000
ld-puppet (1.0.9) trusty; urgency=high
[Torsten Fohrer]
* ld_network:
- Restart shorewall if we change debian startscript default file.
* ld_kvm:
- Correct typo in file source, file path.
-- SBE network solutions GmbH <info@sbe.de> Thu, 14 Jul 2016 15:47:33 +0000
ld-puppet (1.0.8) trusty; urgency=high
[Torsten Fohrer]
* ld_base:
- Don't panic if we can't get assurance license informations from server.
* ld_syslog:
- Detect path and existence of compressing tool.
* ld_network:
- Enable debian start script of shorewall.
* ld_puppet:
- Load bundle in update rakefiles.
- Adding a ldinfo hook with a message that upgrade is not complete (puppeteer
only).
- Command line tools:
- ldinfo:
- Parses now hooks with prefix ldinfo.[ORDER] and inserts valid json
output as fact or messages.
- Hints that puppeteer upgrade is not fully done.
- ldupdate
- Correct color code for assurance time.
- puppet-report
- Deploy ripiennar cli report tool.
* General
- Switch from opensmtpd to postfix as mail satellite mta.
- Patches camptocamp augeas to support xenial.
-- SBE network solutions GmbH <info@sbe.de> Thu, 14 Jul 2016 15:47:33 +0000
ld-puppet (1.0.7) trusty; urgency=high
[Torsten Fohrer]
* ld_puppet:
- Sharing logging code between cli tools (cli.rb)
- Remove puppet-id (monitoring/licensing framework should do this in
future).
- Cleanup some update scripts.
-- SBE network solutions GmbH <info@sbe.de> Thu, 14 Jul 2016 09:05:33 +0000
ld-puppet (1.0.6) trusty; urgency=high
[Torsten Fohrer]
* Merge fixes 0.9.55-0.9.59.
-- SBE network solutions GmbH <info@sbe.de> Thu, 07 Jul 2016 16:23:00 +0000
ld-puppet (1.0.5) trusty; urgency=high
[Torsten Fohrer]
* Packaging fixes.
-- SBE network solutions GmbH <info@sbe.de> Thu, 07 Jul 2016 16:23:00 +0000
ld-puppet (1.0.4) trusty; urgency=high
[Torsten Fohrer]
* Fixing more package handling errors, notes.
-- SBE network solutions GmbH <info@sbe.de> Thu, 07 Jul 2016 12:23:00 +0000
ld-puppet (1.0.3) trusty; urgency=high
[Torsten Fohrer]
* Correct package problems
-- SBE network solutions GmbH <info@sbe.de> Wed, 06 Jul 2016 16:01:00 +0000
ld-puppet (1.0.2) trusty; urgency=high
[Torsten Fohrer]
* ld_puppet:
- map_translate:
- Rename map_translate2 to map_translate.
- Use commander as cli framework.
- Correct program name, descriptions.
- Add new command validate, that only runs validation,
without deployment.
- Use tempfile instead spool directory for temporary files.
- Ensure that spool directory exists.
- Add more debug logging.
- Seperate cleanup task in:
- Removing symlink directly.
- Backup unknown files to [SPOOL]/backup/[FILENAME].YYYYMMDDhhmmss.
- Sync output to print this out.
- ldinfo:
- Refactoring ldinfo.
- Classic ldinfo only used for container logosrv.
- Supports hint files like prun.
- Use lxc-ls via open4 with timeout to get lxc infos.
- Using liquid as output abstraction.
- Switch to commander as cli framework.
- prun:
- Use shared bundle init code from bundler.rb (same as all server side
commands).
- Sharing more code between cli commands.
- Some/all cli commands now uses bundler to include their gems.
- Deploy own ruby library to client.
* ld_acme:
- Fix ruby warning.
* ld_mobile:
- Adding new default rolegroup ldmobile for device users.
* ld_base:
- Adding 2 new facts:
- pci_devices, which contains a filtered lspci output with storage and
network controller pci ids.
- bios_and_system, adds a system family dmi info.
- Refactoring /opt/puppet-cm managment in own class.
* ld_network:
- Fix missing default gateway generation.
* ld_rproxy:
- host:
- redirect type now uses empty vhost with return 302, instead location
with rewrite statement.
* General
- Create bundler standalone setup via rules file.
- Stage all changes made by package install in /etc/logodidact in
postinst.
- Update script specific for this version:
- Cleanup unneed gems, packages from puppeteer.
- Deploy /opt/puppet-cm contents (prun, bundle, ldinfo).
-- SBE network solutions GmbH <info@sbe.de> Wed, 06 Jul 2016 12:57:56 +0000
ld-puppet (1.0.1) trusty; urgency=high
[Torsten Fohrer]
* ld_base:
- Fix bogus apt pinning construct.
* hiera.d:
- Fix syntax errors
-- SBE network solutions GmbH <info@sbe.de> Thu, 30 Jun 2016 14:38:41 +0000
ld-puppet (1.0.0) trusty; urgency=high
[Torsten Fohrer]
* 3part.d
- upgrade:
- puppetlabs-concat (v1.2.1 -> v2.1.0)
- puppetlabs-firewall (v1.7.1 -> v1.8.1)
- puppetlabs-java_ks (v1.3.1 -> v1.4.1)
- puppetlabs-mysql (v4.8.2 -> v4.8.0)
- puppetlabs-ntp (v4.1.1 -> v4.2.0)
- puppetlabs-postgresql (v4.6.0 -> v4.7.1)
- puppetlabs-rabbitmq (v5.3.1 -> v5.4.0)
- puppetlabs-stdlib (v4.11.0 -> v4.12.0)
- puppetlabs/string (v0.3.1 -> v0.4.0)
- thias/sysctl (v1.0.2 -> v1.0.6)
- new:
- camptocamp/augeas (v1.4.2)
- camptocamp/openssl (v1.7.1)
- camptocamp/postfix (v1.3.1)
- puppet/archive (v0.5.1)
- changed:
- nanliu/staging -> puppet/staging (v1.0.3 -> v1.0.7)
* apt
- Ignore source list backup files.
* ld_lxc:
- Checking containernames against configuration files.
- Improve lxc.hook.pre-start.network:
- Use different exit code per failure.
- Fail if we cannot remove existing bogus veth interface.
- Improve lxc.hool.network:
- Use different exit code per failure.
* ld_mobile:
- Give teachers appstore rights.
- Notice provision step into output.
* ld_base:
- Deploy customer/role.json state files.
- Cleanup default installed package list.
- Move locations paths into fixed.yaml.
- Obtain software assurance time span and save it to the clients.
* ld_legacy:
- Rewrite ntp server to ldhost.
* ld_git:
- Change git c alias from commit -m to commit.
- Add new alias cm as "commit -m".
* hiera.d
- Correcting location names from defaults to default (host, global).
- rev-proxy:
- Create/modify basic configuration.
- builder:
- Use now ip suffix 28.
- renamed to builder1404, to reflect os version.
- fixed
- Remove wheezy mirror setup.
* ld_ssh:
- Filter out link local unicast address by default now.
* ld_puppet:
- Introduce pidfile for deployment script.
- Implementing a simple upgrade lock mecha, to avoid running
agents bevor puppeteer is full upgraded.
- Adding support for deploying certificates:
- From /etc/logodidact/certs
- /etc/logodidact/certs/[CERTNAME]/key.pem -> Private key
- /etc/logodidact/certs/[CERTNAME]/cert.pem -> Public key
- From /var/lib/acme/live (letsencrypt client)
- prun now supports local hooks.
- Directory /opt/puppet-cm/hooks.
- Synchronize logging function with normal version from cli.rb.
- Output some useful informations about current environment.
- Try to get puppet master recipe version and display it.
- hook types:
- prun.pre.[ORDER].[HOOKNAME] -> runs before puppet agent is run.
- prun.after.[ORDER].[HOOKNAME] -> runs after puppet agent has run.
* ld_mobile:
- Upgrade to 3.42.
- Allow teachers to manage appstore.
* ld_network:
- Allow to add own lines to /etc/hosts via concat::fragments on
Concat[ld_network::hosts].
* ld_rproxy:
- Puppet managed reverseproxy.
- Using 3part nginx module.
- Redirecting http to https
- Proxy letsencrypt domain validation to puppeteer.
- Implement simple instruction to define:
- Redirect hosts to another host
- Proxy external url to internal url
- Allow to reuse a template with different, host specific settings:
- moodle
> Add special moodle header for rproxy support
- ldmobile
> Tune/tweak some settings for ldmobile
- Try to get certificates from puppeteer by using external name as default,
or configured CertName.
* profiles:
- Fix maintenance so that password is only created on demand, not always.
* schema.d:
- New mappings:
- rproxy, reverse proxy configuration.
- ldmobile, ldmobile public address configuration.
- letsencrypt, letsencrypt client basic settings.
* doc.d:
- Cleanup/moving files around.
- Add baseline conf doc for ldmobile, revproxy, letsencrypt.
* General:
- ldupdate checks now for deployment script pidfile.
- Enforce package hold via postscript
- Fixes concat_fragment bogus ensure parameter.
- Remove legacy ld_samba module.
- Begin to use bundler deployment for avoiding downloading/install gems via
rubygems.
- Adding bundler location and initialize helper file lib/bundler.rb.
- New configuration directory /etc/logodidact/certs, place here
certificates that should be used by deployed containers.
- Notify user about puppet master upgrade on other nodes (upgrade lock
exists)
- hosts:
- puppeteer:
- Setups a local nginx with support for DV with letsencrypt.
- Adding a nginx served wwwroot.
- builder1604:
- Xenial based build container.
-- SBE network solutions GmbH <info@sbe.de> Wed, 29 Jun 2016 12:05:00 +0000
ld-puppet (0.9.72) trusty; urgency=low
[Olav Krapp]
* General:
- mono repository is always added.
-- SBE network solutions GmbH <info@sbe.de> Mon, 14 Nov 2016 13:52:08 +0100
ld-puppet (0.9.71) trusty; urgency=low
[Olav Krapp]
* ldhost:
- shorewall modification improved.
- maintenance vlan id changed from 25 to 14.
- gprun works now correctly.
-- SBE network solutions GmbH <info@sbe.de> Fri, 11 Nov 2016 10:01:55 +0100
ld-puppet (0.9.70) trusty; urgency=low
[Olav Krapp]
* 3part.d
- upgrade:
- puppetlabs-rabbitmq (v5.6.0)
* rabbitmq:
- Old shovel configuration based on shortName is removed.
- All rotated log files which are greater than 1GB are removed.
-- SBE network solutions GmbH <info@sbe.de> Thu, 03 Nov 2016 16:38:26 +0100
ld-puppet (0.9.69) trusty; urgency=low
[Olav Krapp]
* Maintenance:
- automatic enrolment implemented.
-- SBE network solutions GmbH <info@sbe.de> Sat, 15 Oct 2016 14:57:08 +0200
ld-puppet (0.9.68) trusty; urgency=high
[Torsten Fohrer]
* General:
- ldupdate now only updates packages.logodidact.com sourcelist.
[Aaron Letzguss]
* ld_samba4_ad:
- Remove minpwdage policy
- created mapping for samba4-ad netbios name
- samba4-shares fix for empty shares
- added missing shares for rembo7
-- SBE network solutions GmbH <info@sbe.de> Tue, 6 Sep 2016 16:15:00 +0000
ld-puppet (0.9.67) trusty; urgency=high
[Torsten Fohrer]
* Use root root for stat override instead nagios nagios (not existing
sometimes)
-- SBE network solutions GmbH <info@sbe.de> Tue, 30 Aug 2016 15:13:00 +0000
ld-puppet (0.9.66) trusty; urgency=high
[Torsten Fohrer]
* ld_icinga2
- Enforce dir permissions.
-- SBE network solutions GmbH <info@sbe.de> Tue, 30 Aug 2016 15:13:00 +0000
ld-puppet (0.9.65) trusty; urgency=high
[Torsten Fohrer]
* ld_icinga2
- Deploy bogus directories.
-- SBE network solutions GmbH <info@sbe.de> Tue, 30 Aug 2016 15:13:00 +0000
ld-puppet (0.9.64) trusty; urgency=high
[Torsten Fohrer]
* ld_base:
- Deploy helper update-rc.d too.
-- SBE network solutions GmbH <info@sbe.de> Tue, 30 Aug 2016 15:13:00 +0000
ld-puppet (0.9.63) trusty; urgency=high
[Torsten Fohrer]
* debian:
- Ugly workaround to let icinga2 postinst finish, via preinst script.
-- SBE network solutions GmbH <info@sbe.de> Tue, 30 Aug 2016 15:13:00 +0000
ld-puppet (0.9.62) trusty; urgency=high
[Torsten Fohrer]
* ld_base:
- Installs ld-hf-001 into all trusty containers to hide do-release-upgrade
- Deploy a policy-rc.d implementation that doesn't allow to start services
from package installations within a puppet run.
[Olav Krapp]
* ld_icinga2:
- Updated to icinga 2.5.0.
-- SBE network solutions GmbH <info@sbe.de> Tue, 30 Aug 2016 15:13:00 +0000
ld-puppet (0.9.61) trusty; urgency=high
[Aaron Letzguss]
* ld_legacy:
- Create a compatiblity file to detect "domainname" in ldc/ld1.0
windows domain handling
* ld_rembo:
- Migrate server.db
- If samba4 is active create rembo share.
-- SBE network solutions GmbH <info@sbe.de> Mon, 06 Jun 2016 08:11:24 +0000
ld-puppet (0.9.60) trusty; urgency=high
[Torsten Fohrer]
* ld_puppet:
- Remove md5sum filename from deploy psk for ldhost.
-- SBE network solutions GmbH <info@sbe.de> Tue, 12 Jul 2016 12:12:00 +0000
ld-puppet (0.9.59) trusty; urgency=high
[Torsten Fohrer]
* ld_puppet:
- Fix deployment script ldhost psk generation.
-- SBE network solutions GmbH <info@sbe.de> Tue, 12 Jul 2016 09:26:00 +0000
ld-puppet (0.9.58) trusty; urgency=high
[Torsten Fohrer]
* ld_base:
- Deploy apt:keys.
-- SBE network solutions GmbH <info@sbe.de> Mon, 11 Jul 2016 10:48:38 +0000
ld-puppet (0.9.57) trusty; urgency=high
[Torsten Fohrer]
* ld_base:
- Deploy apt:keys.
-- SBE network solutions GmbH <info@sbe.de> Mon, 11 Jul 2016 09:16:09 +0000
ld-puppet (0.9.56) trusty; urgency=high
[Torsten Fohrer]
* hiera.d:
- Download puppet key from packages.logodidact.com.
* ld_lxc:
- Copies keys from lxc host instead of deploying them statically.
-- SBE network solutions GmbH <info@sbe.de> Mon, 11 Jul 2016 07:41:47 +0000
ld-puppet (0.9.55) trusty; urgency=high
[Aaron Letzguss]
* ld_samba4_ad:
- fix dir permissions in logosrv
-- SBE network solutions GmbH <info@sbe.de> Mon, 16 Jun 2016 10:25:11 +0000
ld-puppet (0.9.54) trusty; urgency=high
[Aaron Letzguss]
* ld_samba4_ad:
- Refactor domain finding, use as default now ad.[ShortName].logodidact.net
instead of [ShortName].logodidact.net.
-- SBE network solutions GmbH <info@sbe.de> Mon, 13 Jun 2016 10:25:11 +0000
ld-puppet (0.9.53) trusty; urgency=high
[Torsten Fohrer]
* ld_lxc:
- ldbootstrap use servernet interface as fallback if no link name is
found in lxc/network.json.
* ld_nginx:
- Fix ordering problem vhost/scratch directory.
* hiera:
- Upgrade to unifi5
-- SBE network solutions GmbH <info@sbe.de> Mon, 13 Jun 2016 10:25:11 +0000
ld-puppet (0.9.52) trusty; urgency=high
[Torsten Fohrer]
* General
- Wording change in update notes.
-- SBE network solutions GmbH <info@sbe.de> Mon, 13 Jun 2016 08:08:18 +0000
ld-puppet (0.9.51) trusty; urgency=high
[Torsten Fohrer]
* General:
- Publish samba4_ad, xibo17 containers.
- Backport xenial lxc support.
- Backport redis connection handling from puppet v4.
- Backport stricter puppet-fix-permissions.
- Backport puppet metadata tool and its datafiles.
* 3part.d
- upgrade:
- puppetlabs-mysql (v3.6.1 -> v3.6.2)
- puppetlabs-stdlib (v4.9.0 -> v4.11.0)
- puppetlabs-apt (v2.2.0 -> v2.2.2, incl xenial hotfix)
* SBE network solution site package updates:
- Bielefeld:
- Reenable ilo monitoring
- Change port to 2220
- Use r.irq0.de for access external interface (real internet ip)
* ld_icinga2:
- Correct bogus syslog configuration.
- New system parameter Icinga2.AptCheck which switches between check_apt
and a new version of check_packages (patched to show correctly security
updates).
* ld_lxc:
- Move reboot out of bootstrapper to allow correct state managment.
- ldbootstraps now extract dhcp link interface from network.json.
- Backport bootstrap from p4 branch.
- Bootstrap containers asynchron from ldhost puppet run.
* hiera.d
* rabbitmq has new gpg keys, so enforce new keys.
* ld_audit:
- Enable reconnect on database failure
* ld_base:
- Backport node_profiles.
- Adding --force-conf-def to apt-get upgrade.
* ld_puppet:
- Avoid gimmick editing puppet.conf.
- Backport autosigning from p4.
- add new alias puppet-module-list.
- puppet-master-create-psk expire keys after 14400s/240m/4h.
- ldupdate now adds --force-conf-def to apt-get upgrade.
* ld_mobile:
- Upgrade to 3.34.
- Using own paths for deployment and file storage.
- Use orga short name instead of fixed string.
- Modify ldap filter for normal users, adding teacher group.
* ld_rsyslog:
- Don't write down dmesg/kern in lxc containers.
* ld_pydio:
- Fix path escapes.
* ld_git:
- Enforce existance of ppa key.
* debian:
- Stopping icinga2 if installed.
[Olav Krapp]
* 3part.d
- new:
- puppetlabs/rabbitmq (5.3.1)
- garathr/erlang (0.3.0)
- stahnma/epel (1.2.2)
* Externalize monitoring support lxc rabbatmq.
[Aaron Letzguss]
* ld_samba_ad:
- Multiply deployment and setup fixes.
* 3part.d
- new:
- kawka/samba (0.6.2)
* ld_samba_ad
- Configures a samba ad dc
-- SBE network solutions GmbH <info@sbe.de> Fri, 10 Jun 2016 11:21:10 +0000
ld-puppet (0.9.50) trusty; urgency=high
[Torsten Fohrer]
* Hide rembo7 container
-- SBE network solutions GmbH <info@sbe.de> Tue, 6 Apr 2016 11:18:00 +0200
ld-puppet (0.9.49) trusty; urgency=high
[Aaron Letzguss]
* nic.cscm:
- Fixed bug in Translate of individual IP for a host
-- SBE network solutions GmbH <info@sbe.de> Tue, 6 Apr 2016 11:18:00 +0200
ld-puppet (0.9.48) trusty; urgency=high
[Aaron Letzguss]
* ld_xibo:
- Fixed typo in init.pp
-- SBE network solutions GmbH <info@sbe.de> Thu, 24 Mar 2016 11:18:00 +0200
ld-puppet (0.9.47) trusty; urgency=high
[Torsten Fohrer]
* ld_base:
- netscope_resolve logic fix
* ld_icinga2:
- icinga2_conditions_check logic fix
* ld_legacy:
- Correct icinga2 support:
- Ensure LC_ALL environment for nagios user
* ld_moodle:
- Handling ssl reverse proxy for moodle30 changed/improved.
[Aaron Letzguss]
* ld_xibo:
- Configures and install a xibo system.
* hiera.d:
- Add new container xibo.
-- SBE network solutions GmbH <info@sbe.de> Thu, 17 Mar 2016 07:50:00 +0200
ld-puppet (0.9.46) trusty; urgency=high
[Torsten Fohrer]
* ld_puppet:
- Add some missing env variables for initial deployment.
-- SBE network solutions GmbH <info@sbe.de> Tue, 8 Mar 2016 09:51:00 +0200
ld-puppet (0.9.45) trusty; urgency=high
[Torsten Fohrer]
* ld_icinga2:
- Ensure that www-data in icinga2 container is in group icingaweb2
-- SBE network solutions GmbH <info@sbe.de> Tue, 8 Mar 2016 10:04:00 +0200
ld-puppet (0.9.44) trusty; urgency=high
[Torsten Fohrer]
* ld_base:
- Conditional deploy suroot ssh match fragment.
-- SBE network solutions GmbH <info@sbe.de> Fri, 4 Mar 2016 11:27:00 +0200
ld-puppet (0.9.43) trusty; urgency=high
[Torsten Fohrer]
* schema.d
- Add new mapping legacy:
- Allow to define additional ports for logosrv ssh daemon.
-- SBE network solutions GmbH <info@sbe.de> Fri, 4 Mar 2016 09:59:00 +0200
ld-puppet (0.9.42) trusty; urgency=high
[Torsten Fohrer]
* ld_ssh
- Readd rsa host keys.
* ld_icinga2
- Tune check retry timings.
-- SBE network solutions GmbH <info@sbe.de> Tue, 1 Mar 2016 09:59:00 +0200
ld-puppet (0.9.41) trusty; urgency=high
[Torsten Fohrer]
* ld_ssh
- Remove empty lines from user match config.
* debian
- Correctly deploy examples to /usr/share/doc/ld-puppet.
* hiera
- Release moodle30.
* ldupdate
- Show info which notes is shown.
-- SBE network solutions GmbH <info@sbe.de> Tue, 24 Feb 2016 08:30:00 +0200
ld-puppet (0.9.40) trusty; urgency=high
[Torsten Fohrer]
* ntp
- Allow overriding ntp options now.
* ld_network
- Convert transform_netmap to puppet 4 function.
* ld_icinga2
- Avoid purging icinga1 system users from ldhost.
-- SBE network solutions GmbH <info@sbe.de> Tue, 23 Feb 2016 06:58:00 +0200
ld-puppet (0.9.39) trusty; urgency=high
[Torsten Fohrer]
* ld_ssh:
- Add a mac that the ssh 4.7 in logosrv can use too.
-- SBE network solutions GmbH <info@sbe.de> Thu, 12 Feb 2016 12:10:00 +0200
ld-puppet (0.9.38) trusty; urgency=high
[Torsten Fohrer]
* ld_icinga2:
- Use same pretext in text mails.
* profile/pgsql/db
- Correct old weekly job name, so that puppet can remove him.
* ld_network:
- Export only default gateway, not all defined.
- Fix deployment of sysctl network settings.
* ld_legacy:
- Ensure user root is in group ssh
- Restart ssh service if ssh(d)_config has changed
* ld_base:
- Allow suroot to login via ssh
- Remove unused functions.
- Refactor password function from v3 to v4 puppet master code.
- Password generates now temporary passwords if no pass is given,
password changes at each run.
* ld_ssh:
- Allow to define a local .custom configuration for server configuration.
- Externalize sshd_config in a own resources.
- Add different ssh_version support to sshd_config (main fragment).
* ldupdate:
- Remembers that upgrade notes has been showed.
-- SBE network solutions GmbH <info@sbe.de> Thu, 18 Feb 2016 13:00:00 +0200
ld-puppet (0.9.37) trusty; urgency=high
[Torsten Fohrer]
* ld_bash:
- Enable checkhash option, to verify command path cache.
* ld_base:
- Optional suroot account (with output/input log) creation.
- ld_base::profile enforces now user rights on deployed files
* ld_icinga:
- Determine edac support via directory in sysfs.
- Rename file from fact usv_services to match fact name.
- Remove user itb (please use your admin account for this).
- Correctly deploy sudo for icinga1 installation.
- Setup syslog for sbe-monitoring-plugins.
- Tweak icinga2 satallite uninstallation.
* ld_lxc:
- Logging failed shutdown, link removal for veth interface.
- Fix detection of bogus interfaces from failed lxc starts.
- Simplify variable names, remove clutter fragments from container
definition.
* ld_legacy:
- Collect and resolve disk label/uuid/partlabel/id/partid via readlink now.
Important for quoata in logosrv.
- Change lookup of ld_legacy::lxc::netscopes from priority to hash
- Allow disabling default scopes of logosrv container now.
- lxc start hook, now uses a seperated boot state directory (/.lxc)
- Improve start hook verbosity (state files, startup time)
- Manage now rembo pxe option file directly via puppet.
- Copy /etc/gitconfig from ldhost into logosrv.
* ld_puppet:
- Reduce priority of site configuration below local configuration.
- Remove duplicate environment_timeout (from logodidact environment).
* ld_moodle:
- Internal app_release field is now a string.
- Adopt current https and http wwwroot for mathjax.
- Allow values with embedded string expansion in configuration.
- Disable E-Mail support link in theme essential.
- moodle30:
- Enforce firstname for itb/admin users
- Setting user profile city value to defaultcity if empty.
- LDAP sync is called by cron now, no extra cronjob for 3.x.
* ld_syslog
- Cleanup logfiles in /var/log/services after 12weeks.
- Allow to define how process_name should be matched (equals,startswith)
via param match.
* ld_icinga2:
- Reduce code duplication.
- Allow to disable, ontime or timely notification setup.
- Use new hp domain for repository.
- Remove api queue directory on satelittes to avoid queue problems.
- Deploy missing HTMLPurifier files (not replacing existing ones).
- Change notification message subject for better sortable
(TYPE/HOST/STATE/Service).
- Tweak icinga1 cleanup/deployment settings.
* ld_php:
- Add new virtual module/package pdo_mysql
* NEW:
- Containers:
- moodle30
- New site:
- demo
-- SBE network solutions GmbH <info@sbe.de> Thu, 12 Feb 2016 12:10:00 +0200
ld-puppet (0.9.36) trusty; urgency=high
[Torsten Fohrer]
* Package repositorty fix
-- SBE network solutions GmbH <info@sbe.de> Thu, 28 Jan 2016 12:41:00 +0200
ld-puppet (0.9.35) trusty; urgency=high
[Torsten Fohrer]
* ld_pydio
- Ensure file rights via find.
-- SBE network solutions GmbH <info@sbe.de> Thu, 28 Jan 2016 12:41:00 +0200
ld-puppet (0.9.34) trusty; urgency=high
[Torsten Fohrer]
* debian
- Add more lintian overrides.
* ld_network:
- Cleanup network.json, remove route element.
* ld_nginx:
- Correct directory structure.
* ld_base:
- Generates a env.json with generic easily parseable env information.
* ld_puppet:
- Move prun from /usr/bin into /usr/sbin.
- Reads env.json to get proxy configuration.
- Deployment scripts uses now a loop that waits for 1-20s to resolve
packages.logodidact.com.
- prun now reads /var/lib/puppet/scratch.d/ld_base/env.json and
uses proxy setting from this for invoking puppet agent.
* ld_lxc
- Bootstrap now uses /usr/sbin/prun in rc.local startup hook
-- SBE network solutions GmbH <info@sbe.de> Tue, 26 Jan 2016 09:44:00 +0200
ld-puppet (0.9.33) trusty; urgency=high
[Torsten Fohrer]
* ld-puppet:
- Remove legacy used puppetexplorer packages.
* ld-pydio:
- Files in auth.serial should have correct file permission,
so puppet doesn't need to correct this.
* ld_icinga2:
- Correct package purge list for icinga1 removal
- Fix fast break logic in conditional activating logic.
* hosts:
- builder:
- Add packages bison, flex
- ldmobile:
- Rename mobile to ldmobile
-- SBE network solutions GmbH <info@sbe.de> Thu, 21 Jan 2016 12:40:00 +0200
ld-puppet (0.9.32) trusty; urgency=high
[Torsten Fohrer]
* ld_puppet:
- Deployment:
- Fix environment for deployment steps (add missing hash fields in
ld_fixed, empty profiles array.
* ld_base:
- Integrate dpkg_divert type and provider, inc rspecs.
* ld_legacy:
- Fix typos in icinga ld_runner fragment.
* debian
- Site packages:
- Add virtual package ld-puppet-site via provides field
- Add conflicts field to avoid installation of multiply site packages.
-- SBE network solutions GmbH <info@sbe.de> Wed, 13 Jan 2016 15:45:00 +0200
ld-puppet (0.9.31) trusty; urgency=high
[Torsten Fohrer]
* Packaging and prepare 0.9.31
-- SBE network solutions GmbH <info@sbe.de> Wed, 13 Jan 2016 15:45:00 +0200
ld-puppet (0.9.30) trusty; urgency=high
[Torsten Fohrer]
* 3part.d
- upgrade:
- puppetlabs-mysql (v3.6.0 => v3.6.1)
- puppetlabs-stdlib (v4.8.0 => v4.9.0)
- puppetlabs-strings (v0.2.0 => v0.3.1)
- puppetlabs-inifile (v1.4.1 -> v1.4.2)
- puppetlabs-firewall (v1.7.0 -> v1.7.1)
- puppetlabs-apt (v2.1.1 -> v2.2.0)
- puppetlabs-postgresql (v4.5.0 -> v4.6.0)
- puppetlabs-ntp (v1.6.0 -> v1.6.1)
* ldupdate:
- Enable tab completion in reboot confirmation.
- Allow y/n additional as answer.
- Searchs for "notes" files in update script directories,
display them and waits for user to read them.
- Onetime displays notes for version 0.9.13 directly via script.
* ld_puppet:
- Remove old puppetqd service handling.
- Create new fact with current ld-puppet version.
- Setup of /etc/puppet/puppet.conf:
- Remove setting cleanup in common manifest.
- Minions rebuilds their configuration sections now completly.
- Specify some options for agent now in configuration too.
- Remove development aliases puppet-master-module-upgrade,
puppet-master-module-upgrade-force.
- puppet minion uses tidy now to cleanup internal file backup directory,
(max age of files 2 weeks).
- puppet-fix-permission sets correct permission for report directory now.
- prun:
- Suppress some run information (debug only now).
- Reduce process priority.
- Add new puppet-id cli for maintaing local deployment identification data
(development version only)
- Add new bash function puppet-yaml to pretty print yaml files on console.
- Tweak puppetmaster configuration:
- Increase passenger pool size to 20.
- Disable access logging for puppetmaster vhost:8140.
- Increase passenger fs stat test time interval.
- Increase maximum request per worker from 10 to 50.
- Decrease idle pool timeout to 1050s.
* ld_network:
- Compress ipv6 addresses.
- Allow ipv6 addresses in interfaces output.
- Improve error handling in transform_netmap in case of invalid ip
address, additional some more debug output is generated.
- DRAFT: Refactor static route configuration:
- Allow named static routes in networkscope.
- Allow profile::network to disable named route via
profile::network: options/routes/<routename>=(ignore|none|disable|rm|delete|remove)
* ld_opensmtpd:
- Deploy now sysvinit script instead of broken upstart.
* schema.d:
- nic.cscm, remove route parameter mapping.
- system.cscm, system.pmap add PurgeIcinga1 parameter.
* ld_ssh:
- Sorting host entries for config/know_hosts
* ld_php:
- Add new php sapi interface apache
- Symlink activated sapi modules instead of copy them
- Remove bogus conf.d/pool.d from cli/apache sapi configuration
directories.
* ld_base:
- configure midnight commander internal editor internal or selected editor
via hiera.
- node_profiles:
- Allows now removal of profiles via remove::[profile name].
- Allows now direct usage of classes via class::[name].
- Use break instead return in ruby function blocks.
- Refactor login greeting to run on interactive shell execute.
- Set more inputrc options, which is not deployed atm.
- ldinfo now prints out:
- lxc containers (green=running, gray=stopped)
- loadavg 1/5/15mins
- additional greeting
- Displays now hints about system failures/notes
- Rewrote system package upgrade handling:
- Use external script that execute package upgrade.
- Script removes trigger file if something goes wrong, to force restart
upgrade on next run.
- Use "utf-8" instead of "utf8" for broken locale aware programs
- Move ubuntu specific locale patch for init scripts into ld_base
- plymouth setup:
- Use now plymouth-disabler for disabling to avoid managing files
manually
- Activate plymouth on non-lxc hosts
- Installs and activate a basic logoDIDACT 2.0 plymouth text theme
- Add some handling for lxc-attach sessions.
* ld_legacy:
- Deploy /etc/bash.bashrc after ldhost bash.bashrc
- Runs exec after logosrv bashrc is deployed
- Deploy /etc/profile from ldhost.
- Improve logging from lxc.autodev hook.
- Reduce lxc-attach/exec calls with using helper script (aulocli,
icinga2).
- Reduce error message on logosrv startup by:
- No unnecessary mounts and unmounts.
- Avoid fsck for already mounted fs.
- Disable hwclockfirst bootscript.
- Recreate /etc/mtab and disable scripts that tries this too.
- Cleanup /tmp on boot.
- Remove unnecessary startscripts.
- Deploy a correct /etc/securetty to allow login from lxc-console
- Remove cdrom#media/cdrom*#media/floppy* symlinks and mount directories
- Disable raid tool sas2ircu
- Cleanup /var/run
- Temporary allow sudo invokation for check in /usr/sbin and
/usr/lib/nagios-plugins/trusty for icinga1 compatiblity
* ld_icinga2:
- Correct legacy check package list to fit current sbe-monitoring-plugins
package.
- Installs smartmontools
* ld_pydio:
- Allow deactivate of repositories
* ld_unifi:
- Externalize package source
- Upgrade to unifi 4.x
* ld_git:
- Add git alias 'aa' as synonym for 'add -A'.
- Use uptodate package source for git => lp:git-core/ppa.
* ld_bash:
- Unset internal env variables.
- Displays now additional ld_puppet package version in prompt.
- Reminds user of connection type on lxc-attach/ssh sessions.
* ld_zsh:
- Add parameter to allow install/uninstall of ld_zsh, default to uninstall
- Cleanup mainly unused zsh installation
* ld_lxc:
- Move ubuntu specific locale patch for init scripts into ld_base
- Network start hooks handling now bogus interface zombies from defect lxc
startups
- Some lxcs now runs with enabled default apparmor profile
- Force is_virtual=true and virtual=lxc fact values in bootstrapping
process of lxc.
- A new lxc container runs now via rc.local after boot puppet agent for
onetime.
- Mounting temporary proc/sys from host, and a empty run for bootstrapping
container.
- Using fixed bootstrap repositories instead of additional defined
repositories for containers bootstrap run.
- Bootstraps now avoid running apt-get upgrade.
- Implement new ensure state unreleased, tagged containers are filtered out
before any setup occurs.
- Newly created managed containers starting now a puppet agent via
rc.local (onetime) on startup directly.
- Enabling delayed puppet run on container startup.
- Mounting temporary proc/sys from host, and a empty /run inside
container bootstrapping environment.
- Avoid using additional repositories in early bootstrapping.
- Avoid running multiply package upgrades in bootstrap process.
* ld_syslog:
- Removes default rsyslog configuration file.
- Deploy a compress logfile script/cronjob.
* debian:
- Tweaking script/directory placement.
- Remove annoying "is a git repository" from post installation script.
- Create site configurations for:
- SBE network solutions GmbH:
- Bielefeld
- Heilbronn
- Berlin
- Build deploymnet file packages for:
- logoDIDACT 2.0 plymouth theme
* NEW:
- Containers:
- builder:
- Machine with enviornment for compiling and packaging software
- mobile:
- Runs a mdm solution, (not public available atm)
[Olav Krapp]
* 3part.d
- new:
- saz/sudo (3.1.0)
- saz/rsyslog (3.5.1)
* Enroll monitoring to all existing modules
* NEW:
- Moduls:
- ld_syslog:
- Setup rsyslog with help of saz/rsyslog.
- Redirect martian packets to own logfile.
- ld_icinga2 which manages local monitoring clients/server setup.
- Containers:
- icinga2:
- Runs local icinga2 server and it's web interface.
-- SBE network solutions GmbH <info@sbe.de> Tue, 12 Jan 2016 15:45:00 +0200
ld-puppet (0.9.24) trusty; urgency=high
[Torsten Fohrer]
* ld_rembo:
- Remove nfs shares and export file
* ld_legacy:
- Remove group writable logosrv rootfs
- lxc.pre-start.hook:
- Cleanup /etc/fstab (remove proc|/dev/hdc|/dev/fd)
- Remove backup and myshn from auto.master
- Zeros out /etc/auto.backup and /etc/auto.myshn
-- SBE network solutions GmbH <info@sbe.de> Tue, 12 Jan 2016 11:45:00 +0200
ld-puppet (0.9.23) trusty; urgency=high
[Torsten Fohrer]
* ld_pydio:
- Fix dashboard
-- SBE network solutions GmbH <info@sbe.de> Mon, 26 Nov 2015 11:01:00 +0200
ld-puppet (0.9.22) trusty; urgency=high
[Torsten Fohrer]
* ld_pydio:
- Use memberof instead of default ldap attribute
- Reenable ssl support of pydio lxc
-- SBE network solutions GmbH <info@sbe.de> Mon, 16 Nov 2015 10:03:00 +0200
ld-puppet (0.9.21) trusty; urgency=high
[Torsten Fohrer]
* ld_moodle:
- Use rfc2307bis/dn schema
- Fix course creator rights for moodle
* ld_puppet:
- Add missing profile::base::common to deployment steps.
-- SBE network solutions GmbH <info@sbe.de> Fri, 5 Nov 2015 11:00:00 +0200
ld-puppet (0.9.20) trusty; urgency=high
[Olav Krapp]
* ld_audit:
- tidy old audit server logfiles.
- rotate logfiles after 100m, maximum 4 old logfiles + 1 current.
[Torsten Fohrer]
* Correct time offset in debian/changelog
-- SBE network solutions GmbH <info@sbe.de> Tue, 20 Oct 2015 12:10:00 +0200
ld-puppet (0.9.19) trusty; urgency=high
[Torsten Fohrer]
* ldupdate:
- Revert to old behiavor of ldupdate full to force package upgrade.
- Add new command "recipe" to ldupdate that triggers package upgrade only
if new recipes exists or if forced with -f option.
- Defaults to "recipe" command, if no other command is given.
- Reduce blinking of reboot message (only seperator now).
- Change working directory to /tmp before doing anything.
- To avoid upgrades on development machines check if /var/lib/ld-puppet is
a git repository.
* ld_base uses now "apt-get dist-upgrade" instead of "apt-get upgrade" to
upgrade packages with new dependencies (kernels, trusty packages as
examples).
* environment enforces now that no backups of concat fragment be done
* update.d
- Disable upgrade scripts for <0.9 (via creation of 0.9/.performed)
-- SBE network solutions GmbH <info@sbe.de> Wed, 1 Oct 2015 10:00:00 +0200
ld-puppet (0.9.18) trusty; urgency=high
[Torsten Fohrer]
* ldupdate:
- Rename option to force package upgrades from -t/--trigger to
-f/--force-packages.
* ld_kvm:
- Fix resource ordering to avoid dependency errors on initial setup
* Use correct domain for ldhost puppet psk generation.
* Fix copying authorized_keys (root) from ld_host to logosrv
* ld_ssh:
- Add new parameter ensure_authorized_keys, which deploy a empty
authorized_keys file if neccessary
* ld_lxc:
- Correct order of /is_managed_by_puppet/ header
- Link overwrites with none removes now values completly
-- SBE network solutions GmbH <info@sbe.de> Wed, 23 Sep 2015 14:27:00 +0200
ld-puppet (0.9.17) trusty; urgency=high
[Torsten Fohrer]
* Disable backup of concat/concat::fragments via node definition
* ld_lxc:
- Add procps package to bootstrap installation
- Use fact ld_lxc to detect container state
- Stop ensure "stopped" from deploying containers
* ld_network:
- Don't deploy sysctl settings in bootstrap mode
* ldupdate:
- If no update is found, don't trigger generic system update anymore.
- Add new option to command full -t/--trigger to force system update.
- Avoid trigger update if no puppet recipes update is found, on full
ldupdate run.
* schema.d:
- nic.cscm, allow multiple values for vlan-tagged.
[Olav Krapp]
* ld_audit:
- Manage aulo db via liquibase.
- Add new setting audit::logon::daysToKeep for aulocli
-- SBE network solutions GmbH <info@sbe.de> Wed, 16 Sep 2015 15:02:00 +0200
ld-puppet (0.9.16) unreleased; urgency=high
[Torsten Fohrer]
* 3part.d
- upgrades:
- puppetlabs-firewall (v1.6.0 -> v1.7.0)
- puppetlabs-inifile (v1.4.0 -> v1.4.1)
- puppetlabs-mysql (v3.4.0 -> v3.6.0)
- puppetlabs-postgresql (v4.4.2 -> v4.5.0)
- puppetlabs-stdlib (4.7.0 -> 4.8.0)
- new:
- puppetlabs-ntp (4.1.0)
- thias-sysctl (1.0.2)
* profile:
- New basic ntp server profile
* hiera.d/defaults.yaml:
- Remove extends::bootstrap from role::base, and copy base roles
from role::bootstrap
- role::lxc::host includes now ntp server profile
* ld_lxc:
- Ensure file permissions on lxc host
- Refactor lxc.group setting generation
- On empty group list no entry is generated
- Use onboot only for system impediant containers (puppeteer, logosrv)
- Group system for puppeteer, logosrv
- Group app as default for all other containers
- Grouping and ordering container startup in general
(defaults.d/ldhost.yaml)
- Tweak start order (after logosrv) and delay (30s) for container puppeteer
- lxc.network.pre-start sets ovsport mac address to vm port mac address
- Add mac for ovsports to network.json
* ld_java installs now unlimited jce extension per default.
* ld_puppet:
- ld_update:
- Hides some log output by changing log level to debug
- New switch -ncr/--no-confirm-reboot to remove confirmation
before restart puppeteer machine, instead wait for 30 second.
- Highlight and improve last resort message before reboot question.
- Facter out puppetmaster file permission ensuring into standalone script
puppet-fix-permissions:
- Ignore some special directories like certs.d, bin and so
- Correct rights/user/group only on mismatched files/directories
- puppet-master-remove-client ensures a argument now.
* ld_legacy:
- Ensure ca public files are readable by everyone after copying them
* ld_base:
- Purge acpid from physical machines, powerbutton is handled by
systemd-logind now
* ld_network:
- Add new option section to profile::network[options[arp=ignore,filter,announce]]
which maps directly to /proc/sys/net/ipv4/conf/all/arp_[ignore,filter,announce]
kernel settings with following defaults:
arp_ignore => 1
arp_filter => 1
arp_announce => 1
- As comment add description/vlan_name/vlan_scope into debian network
configuration file
* Deployment:
- Disable file difference display on ldhost deployment
* Correct indention of 0.9.13/0.9.14 changelog
-- SBE network solutions GmbH <info@sbe.de> Wed, 2 Aug 2015 09:59:00 +0200
ld-puppet (0.9.15) trusty; urgency=high
[Torsten Fohrer]
* ld_base, fix assert_fqdn to assume only internal hostnames.
=> Adds always global::domain, if not found at end of given hostname
-- SBE network solutions GmbH <info@sbe.de> Fri, 24 Aug 2015 10:31:00 +0200
ld-puppet (0.9.14) trusty; urgency=high
[Torsten Fohrer]
* Deploymnet script now enforces holding back updates of ld-puppet (hold
package)
* Fix spelling in ldupdate, ld-puppet.preinst
* Remove pre ldupdate notes in ld-puppet.postinst
-- SBE network solutions GmbH <info@sbe.de> Fri, 07 Aug 2015 09:55:00 +0200
ld-puppet (0.9.13) trusty; urgency=high
[Torsten Fohrer]
* 3part.d/apt use pref extension instead of conf for preferences
* Add a configuration option for removing old/discarded deployed files to ld_base
-- SBE network solutions GmbH <info@sbe.de> Wed, 06 Aug 2015 06:40:00 +0200
ld-puppet (0.9.12) trusty; urgency=high
[Torsten Fohrer]
* Add a NEWS.Debian file
* Update 3part puppet modules
- puppetdbquery 1.5.2 => 1.6.1
- puppetlabs
- apt 1.8.0 => 2.1.0, install software-properties-common via
ld_base::packages parameter
- apt 2.1.0 => 2.1.1
- Fix bogus preferences extension '' to '.conf'
- postgresql 4.3.0 => 4.4.2
- concat 1.2.2 => 1.2.3
- java_ks 1.3.0 => 1.3.1
- inifile 1.2.0 => 1.4.0
- stdlib 4.6.0 => 4.7.0
* Remove tag madness in profile::base:bootstrap, tags always as bootstrap
* Correct changelog for dpkg-parsechangelog, down to 0.9 release
* Use dns_alt_names argument for puppeteer certificate correctly
* NIC driver implementation changed:
- veth to ovsport
- logosrv, intern
- logosrv, servernet
- rembo5, rembo5
- rembo7, rembo7
* Refactor 0.9.11 lxc nic configuration
- Remove option choice 'none'
- Add lxc vlan type
- VLAN type takes interface vlan id as default
- Disallow mac override for vlan and phys devices
- Allow vlan.id lxc option only on vlan nics
* ld_kvm use a more suitable hostname for kvm netscope resolving
* ld_lxc
- Aliases lxc-ssh, lxc-pstree, lxc-debut now accept lxc name via -n
argument
- Don't backup static files
- Refactor lxc-network
- Change interface handling for ovs 2.3.1
- Triggers port/interface rescan via bridge LOCAL port
- Logs now to stderr and syslog
- Refactor lxc.hook.pre-start.network
- Logs now to stderr and syslog
- Remove known relict veth interfaces on lxc startup
* ld_base
- deploys now /etc/iproute2/group. Following nic group are defined:
- default, 0
- lxc, 1
- Removes aged /run/motd.dynamic (1h), enforce building a new on login
* ld_bash
- add ls aliases lla, lh
- add a newline before prompt
- add current hour:time to prompt
- color hostname pwd separator
* ld_nfs Don't backup trigger files
* ld_legacy don't print always addition of logosrv record
* ld_ssh Don't backup dynamic ssh/config file
* ldupdate marks now ld-puppet as holded after installation
* Change package recommend for puppetdb version from 2.3 to 2.3.0
* Installs puppetdb 2.3.6-1puppetlabs-1
* Upgrade script 0.9.12
- Hold package ld-puppet
-- SBE network solutions GmbH <info@sbe.de> Wed, 14 Jul 2015 12:19:00 +0200
ld-puppet (0.9.11) trusty; urgency=high
[Torsten Fohrer]
* ld_legacy don't run aulocli ini_settings if logosrv is not running (avoid dependecy error)
* ld_vim increase textwidth to 500 for text files
* ld_lxc allow to specify lxc network up/down scripts and hwaddr or disable
them via option value 'none'. Setting via container/link/final
nicname/(script_up,script_down/hwaddr)
-- SBE network solutions GmbH <info@sbe.de> Wed, 14 Jul 2015 12:19:00 +0200
ld-puppet (0.9.10) trusty; urgency=high
[Torsten Fohrer]
* Install specific puppetdb version
-- SBE network solutions GmbH <info@sbe.de> Wed, 10 Jul 2015 13:27:00 +0200
ld-puppet (0.9.9) logididact; urgency=high
[Torsten Fohrer]
* Fixate puppetdb to version <= 3, >= 2.3
* Export customer short/long via bash environment variables
-- SBE network solutions GmbH <info@sbe.de> Wed, 10 Jul 2015 13:27:00 +0200
ld-puppet (0.9.8) trusty; urgency=low
[Torsten Fohrer]
* Deploy motd.erb as ldinfo to display some informations
* ldupdate, doesn't run update scripts per se anytime
* map_translate use correct yaml translation sources list
* Add service smtp (host smtp, port 25)
* ld_moodle
- Setup smtp server, theme, frontpage
- Add onetime setup steps triggered by MOODLEDATA/.puppet.moodle.onetime
- Add moodle 2.9 support and new lxc moodle29
-- SBE network solutions GmbH <info@sbe.de> Wed, 01 Jul 2015 12:03:00 +0200
ld-puppet (0.9.7) trusty; urgency=low
[Torsten Fohrer]
* Workaround for package system
-- SBE network solutions GmbH <info@sbe.de> Wed, 25 Jun 2015 10:30:00 +0200
ld-puppet (0.9.6) trusty; urgency=low
[Torsten Fohrer]
* ld_moodle
- Set server names for nginx
* ld_nginx
- Allow to specify server_names
-- SBE network solutions GmbH <info@sbe.de> Wed, 25 Jun 2015 10:30:00 +0200
ld-puppet (0.9.5) trusty; urgency=low
[Torsten Fohrer]
* ld_moodle
- Allow to set wwwroot/SERVER variables via http header
* ld_pydio
- Remove bogus recurselimit to ensure file/directory rights for pydio user
-- SBE network solutions GmbH <info@sbe.de> Wed, 25 Jun 2015 10:30:00 +0200
ld-puppet (0.9.4) trusty; urgency=low
[Torsten Fohrer]
* Deployment
- Fix typo in prepare
* ld_moodle
- Fix syntax error
* ld_base
- correct initial handling of keystore passes in get_java_store_pass function
-- SBE network solutions GmbH <info@sbe.de> Wed, 25 Jun 2015 02:53:00 +0200
ld-puppet (0.9.3) trusty; urgency=low
[Torsten Fohrer]
* Tag 0.9.3
* Reduce file i/o by introduce recourselimit on managed directories
* Update/Upgrade system:
- No timeout for apt-get update/apt-get upgrade for force system upgrade (ld_base)
- Run map_translate after package upgrade directly by ld-update (ldupdate)
- Add commands trigger, scripts to ldupdate inc. description (ldupdate)
- Allow to disable (ignore) update script via .ignore file (ldupdate)
- Force old configs in ld-puppet installation, assume yes to all questions (ldupdate)
- Checks if theire are any uncommited changes in /etc/trusty
* Deployment
- Disable interactive mode in base package installations
- Purge puppet-agent package
- Prepare scripts now install latest repo version of ld-puppet and mark it as hold
* Remove not working changelog alias, add better formatted l alias
* Increase vim textwidth to 500 chars
-- SBE network solutions GmbH <info@sbe.de> Tues, 23 Jun 2015 09:59:51 +0200
ld-puppet (0.9.2) trusty; urgency=low
[Torsten Fohrer]
* Tag 0.9.2
* ld-update run apt-get update
-- SBE network solutions GmbH <info@sbe.de> Tues, 23 Jun 2015 09:59:51 +0200
ld-puppet (0.9.1) trusty; urgency=high
[Torsten Fohrer]
* Tag 0.9.1
* ld-update can't install update (missing package name)
* update.d
- Force map_translate in deploy.rake
- Implement dependancy for map_translate in 0.9 upgrade rake
* ld_base
- motd.erb, set default file encoding to utf-8
* ld_lxc
- Start additional containers after logosrv is started (lxc start.order >= 1, logosrv start.order = 0)
* ld_moodle
- Avoid resource clash with file resource internally used by puppetlabs-concat
-- SBE network solutions GmbH <info@sbe.de> Mon, 8 Jun 2015 09:59:51 +0200
ld-puppet (0.9) trusty; urgency=low
[Torsten Fohrer]
* Prepare 0.9
-- SBE network solutions GmbH <info@sbe.de> Mon, 8 Jun 2015 09:59:51 +0200
ld-puppet (0.8) trusty; urgency=medium
[Torsten Fohrer]
* ld_puppet:
- Don't fail at stopping cron
- Give user/group write right to puppetrack
* ld_lxc:
- Add lxc container app armor attribute
- aa_profile defaults to unconfined
* Use optional parameter default variable, to avoid undefined variable errors
* common:
- Remove environmentpath/basemodulepath
- Reset install_options on packages managed by gem provider
- Remove buildenv hiera.d/fixed.yaml
- Define wheezy paths
- Reboot machine after network config is written
- Extract hiera_fixed function into static module function
- Remove old network bridge/netscope config
- Upgrade 3part modules
- Publish upstart openvswitch, override lxc start
* debian/rules:
- Remove prepare/pack script from package
* ld_vim:
- Tune/solarized vim config
- Fix Typo in solarized configuration
* ld_base:
- Remove debian specific things i
- Move ubuntu specific packages/language_packs into Ubuntu.yaml
- Use lsbdistid/lsbdistcodename to clarify dist specific things
- State backup
* ld_base:
- Force locale-gen ld_os_patches:
- Integrate upstart job to bring up openvswitches
* ld_lxc:
- Fixes in lxc-network
- Use ofport_request to create link interface/port
- Integrate network script
- Add support to supress lxc configuration elements in lxc.config.erb [full,network]
* ld_puppet:
- Ensure that no environmentpath/basemodulepath is defined on a minion only puppet.conf
* ld_network:
- Takeover vlan from scope on "physical" or direct ports
- Use name for scope/vlan detection
- transform_netmap.rb:
- Remove empty addresses
- Add missing ovs bridge option
- Optimize scope/vlan finding (avoid duplicate search/looping)
- Add allow-ovs to ovs bridges :)
- interfaces.erb:
- Format interfaces.erb output (empty lines between interfaces)
- inet6 section only if addresses exists
- Remove lo on files other than /etc/network/interfaces
* ld_legacy::lxc:
- Implement handling of vlan/dynamic interfaces for legacy ld10 container
[ Olav Krapp ]
* ld_zsh:
- made zsh compatible
- ld_zsh profile created
- changed default zsh theme to fino-time
- changed default zsh theme to re5et
-- SBE network solutions GmbH <info@sbe.de> Mon, 09 Feb 2015 13:53:23 +0200
ld-puppet (0.7) trusty; urgency=medium
[Torsten Fohrer]
* ld_puppet:
- Adding new alias prun-debug with full debug enabled
- Remove debuging output from prun
-- SBE network solutions GmbH <info@sbe.de> Wed, 10 Dec 2014 13:51:32 +0200
ld-puppet (0.6) trusty; urgency=medium
[Torsten Fohrer]
* package:
- Sleep 5 seconds before start
- Exclude root .ssh/.vim/.gnupkg directory
* ld_base:
- Force regeneration of cached.kmap.gz, when default/keyboard changes
* deployment/pack:
- Add warning to ensure that no agent is run
- Stopping/Starting cron before archive puppeteer
* hiera.d/defaults.yaml:
- Add missing pydio container
* ld_base:
- Force regeneration of cached.kmap.gz
-- SBE network solutions GmbH <info@sbe.de> Wed, 10 Dec 2014 12:32:38 +0200
ld-puppet (0.5) trusty; urgency=medium
[Torsten Fohrer]
* Stopping service before uninstalling, remove onetime.yaml
-- SBE network solutions GmbH <info@sbe.de> Tue, 09 Dec 2014 14:46:45 +0200
ld-puppet (0.4) trusty; urgency=medium
[Torsten Fohrer]
* package:
- Add prerm hook to remove script files
- Clean out custom/config(.d|.yaml)
- Use force on rm to avoid failure message on non-
existing files
* hiera.d/defaults.yaml
- Add default global::network without any ip
addresses
* deployment:
- Remove ld-puppet without any confirmation
- Simple script to stop and tar puppeteer
* ld_puppet:
- Enforce rx bits on hiera.d / pack / prepare
* trusty/config:
- Use default root password muster unhashed
-- SBE network solutions GmbH <info@sbe.de> Tue, 09 Dec 2014 14:30:41 +0200
ld-puppet (0.3) trusty; urgency=medium
[Torsten Fohrer]
* map_translate:
- Validate existence of host configuration directory
* hiera.d/defaults.yaml:
- For apt trigger use now per default a full timestamp (human readable)
* deployment:
- Don't install recommends on container preperation
(deploy scripts install them)
-- SBE network solutions GmbH <info@sbe.de> Tue, 09 Dec 2014 13:13:17 +0200
ld-puppet (0.2) trusty; urgency=high
[Torsten Fohrer]
* Package:
- Integrate basic debian control files
- Activate meta/full commit logs for debian
- Add hiera as recommendation
- Add recommends setting
- Declare puppet as recommends, instead of depend
- Correct link format
- Remove permission managment, let puppet deploy/server recipe manage
this
- Correct overrides (remove unneeded sections, correct paths)
- Copy dir content instead of dir
- Copy only config to etc/trusty
- Restart puppet master after upgrade...
- Update changelog via git-dch (reformat it)
- Use text wrapper for git-dch commit message import
* map_translate:
- On empty source list, regenerate all files
* ld_base:
- Remove ubuntu help text motd
- Adding LC_ALL/LANGUAGES
- Remove old ld logo motd messages, compact absent block
- Add 2.0, colourize
- Reset term after logo
- Move logoDIDACT 2.0 logo above ubuntu informations
- Use defaultlocale for lc_all, language
* ld_puppet::master:
- Remove unused variable $pathPuppetLD
- Add ::ld_puppet::master::dirs to enforce directory/files permission
(deployed files only!)
- Move directory/file permission enforcment to correct place. Correct
file permission via find (excluding debian/rules file)
* ld_puppet::master::dirs:
- Enforce permssions on some basic files/directories deployed by package system
* ld-puppet.postinst:
- Ensure directory/file permissions on a postinstallation task
* ld-pydio
- Fixate to version 5.2.5
* hiera.d
- Allow authentication via password per logoDIDACT default setup
* Don't use bash variables
* Clean changelog, move back to etc
* Correct rights on hiera
* Move puppet.d to /var/lib/ld-puppet.d
* Deploy etc/trusty
* Rename puppeteer.yaml to puppeteer_paths.yaml. Add default system
configuration example
* Shutdown package infrastructure
* Add more default settings. Correct logodiact to trusty
* Use better message for cleaning out directories. Remove deployment
state file
* Add a script to prepare lxc puppeteer for deployment
* Remove deployment state file
* Remove/install facter. Purge ld-puppet package and reinstall it clean
-- SBE network solutions GmbH <info@sbe.de> Tue, 09 Dec 2014 09:59:51 +0200
ld-puppet (0.1) trusty; urgency=medium
* First release of ld-puppet
-- SBE network solutions GmbH <info@sbe.de> Fri, 05 Dec 2014 16:03:37 +0200