Package ld-puppet-plymouth-theme-text🔗
Version |
Arch |
MTime |
Size |
|---|---|---|---|
5.5.6 |
all |
April 22nd, 2024 10:17 |
31.15 KiB |
ld-puppet (5.5.6) trusty; urgency=medium
[Torsten Fohrer]
* 3part/php:
- [REF] php 8.0 support.
* containers/nextcloud:
- [REF] php 8.0 support.
-- SBE network solutions GmbH <info@sbe.de> Fri, 19 Apr 2024 10:59:16 +0200
ld-puppet (5.5.5-1) trusty; urgency=medium
[Torsten Fohrer]
* container/kopano:
- [FIX] Disable webmeetings:
. Purging kopano-webmeetings, kopano-webapp-plugin-meetings.
-- SBE network solutions GmbH <info@sbe.de> Fri, 19 Apr 2024 10:56:48 +0200
ld-puppet (5.5.4-4) xenial; urgency=medium
[Torsten Fohrer]
* hiera/defaults.yaml:
- Trim puppeteer-g3 veth pair name to p3 (avoid conflict w. p2)
-- SBE network solutions GmbH <info@sbe.de> Fri, 07 Jul 2023 09:33:12 +0200
ld-puppet (5.5.4-3) xenial; urgency=medium
[Torsten Fohrer]
* container/nexus:
- [REF] Let nginx delivery choco install ps scripts instead of nexus
* common:
- [FIX] Setting timezone for some exotic programs like java in
/etc/timezone too (without restarting services, container)!
-- SBE network solutions GmbH <info@sbe.de> Tue, 02 May 2023 11:22:23 +0200
ld-puppet (5.5.4) xenial; urgency=medium
[Torsten Fohrer]
* profiles:
- db/pgsql/server:
. Changes to custom hba rules
_ Allow/restrict def. of access type to (host[non-ssl/ssl],hostssl[sslonly]).
_ Allow/restrict def. of auth_method to (scram-sha-256, md5, fails otherwise).
_ Restrict ip access to given IPv4 CIDR, or if ip to this host (/32).
_ Restrict user access to given database, or sameuser (db<=>username).
_ User cannot be all.
_ IP cannot be 0.0.0.0.
* ld_base:
- Add 127.0.0.1 to no_proxy env.
* ld_nexus:
- Workaround bogus service login credentials.
- Workaround switching from puppet managed service file to package managed
file.
* 3part.d:
- postgresql:
. Backport pg_hb_rule.pp auth_methods rules for PostgreSQL 10/defaults.
-- SBE network solutions GmbH <info@sbe.de> Mon, 23 Jan 2023 09:49:10 +0100
ld-puppet (5.5.3-2) trusty; urgency=medium
[Torsten Fohrer]
* ld_legacy
- ldap.ro.[secret|dn] file readable for everyone now
- Allow ldap-ro from localhost access to ld managment attributes
(ldMailQuota,ldDiskQuota,ldAllowVPN,ldAllowWLAN,ldRealHomeDirectory,
ldCreationMethod,ldBirthDay,ldLastModified,ldCreated)
-- SBE network solutions GmbH <info@sbe.de> Wed, 23 Nov 2022 08:21:58 +0100
ld-puppet (5.5.3-1) trusty; urgency=medium
[Torsten Fohrer]
* common
- Control client configuration:
. [REF] Uses control-service tracker implementation
* Container:
- deploy-g1:
. [REF] Disable tracker feature in qBitTorrent.
- ctrl-g1:
. [NEW] Forward http tracker uri to control service.
* ld_nexus:
- [NEW] Recreate admin user with password from nxadmin.
* ld_ssh:
- [FIX] unlock-ssh ensures path to prinicpal unlock file.
* ld_legacy:
- [NEW] Enforce crypted userpassword in logosrv ldap:
. Add new r/w account for services "ldap-rw".
. Let ldap-rw r/w some admin only attributes.
* ld_unifi:
- [REF] Install/upgrade unifi-g2 containers to MongoDB 3.4, which
enables a upgrade path to jammy based container in p7.
-- SBE network solutions GmbH <info@sbe.de> Fri, 11 Nov 2022 12:43:54 +0100
ld-puppet (5.5.2-3) trusty; urgency=medium
[Torsten Fohrer]
* ld_base:
- [FIX] proposed repo activation resource error.
-- SBE network solutions GmbH <info@sbe.de> Fri, 14 Oct 2022 09:16:27 +0200
ld-puppet (5.5.2-2) trusty; urgency=medium
[Torsten Fohrer]
* ld_nexus:
- [NEW] Recreate admin if now .moved marker is found.
- [REF] Change location of .moved marker into data mount point.
-- SBE network solutions GmbH <info@sbe.de> Mon, 26 Sep 2022 16:54:38 +0200
ld-puppet (5.5.2-1) trusty; urgency=medium
[Torsten Fohrer]
* ld_base:
- [NEW] Add option ld_base::ldhost::proposed_repo which enables
a optional repository with newer kernels/firmwares (set to true).
-- SBE network solutions GmbH <info@sbe.de> Tue, 06 Sep 2022 11:52:44 +0200
ld-puppet (5.5.2) trusty; urgency=medium
[Torsten Fohrer]
* common:
- [FIX] ldinfo handles now unset HOME environment.
* hiera.d/nextcloud:
- [FIX] Add libmagickcore-6.q16-2-extra to silence imagick svg support
warning (it's use is disabled!)
* ld_base:
- [NEW] Add date to prompt
* ld_ctrl:
- [FIX] Tighten acl control client properties (o=none), #3134
* ld_nexus:
- [REF] Move to data directory
- [REF] Rename service ld-nexus to nexus.
* ld_nextcloud:
- [REF] Move to data directory
- [FIX] Overwrite installer parameter on-the-fly (using correct values for
db, datadir) reusing only ld_nextcloud::install::params {admin-user}.
- [REF] Moving intermediate config json into private directoy not
accesible theoritically via http server
* ld_nextcloud:
- [NEW] Disable profile access globally (Ticket 3351, mis)
* ld_legacy:
- [NEW] Install clamav/freshclam as default on ldhost
- [NEW] Installing language-pack-[en,de] avoiding warnings about
missing localizations.
- [NEW] Installing ld-samba-vscan-ng if (lxc::clamav enabled)
and changing socket path to /run/clamav/clamd.ctl
- [NEW] Populate logosrv /dev with /dev/mapper from ldhost
- [NEW] Generate different lddeploy option files:
_ lddeploy_snponly.conf, boot via snponly.efi
_ lddeploy_ipxe.conf, boot via ipxe.efi
- [NEW] Linking lddeploy.conf to lddeploy_ipxe.conf (default, compat)
- [NEW] Allow to avoid proxy for given clients via wpad.
- [NEW] Allow to deploy ld-modify-mail without installed kopano.
- [NEW] Let ldap index ou for eq operation too.
- [NEW] Add additional lddeploy option files:
_ lddeploy_undionly.conf, boot via undionly.kpxe
- [REF] Fallback in options lddeploy_(ipxe|snponly).conf to undionly,
if pxeclient arch indicate it.
- [REF] Split lddeploy dhcp option files into two files:
. Traditional option file contains now only a include directive to
seperate option file. Reducing bloat/repeats in dhcpd.conf.logodidact.
. New file under /etc/dhcp3/options/lddeploy.d/xxxxxx.conf containing
lddeploy iPXE variant configuration
* ld_ipxe:
- [REF] Refactor tftpd setup using now remapping instead of copying ipxe
bootfiles, solving manual upgrading/downgrade handling.
- [REF] Removing now unneeded efi files from tftpd root.
* ld_kopano:
- [REF] Disable kopano server survey
* ld_samba:
- [NEW] Enforcing open file limit to samba service (service processes),
not file serving processes.
[Olav Krapp]
* profile.d/deploy:
- [NEW] Deploy/configure winpe updater.
-- SBE network solutions GmbH <info@sbe.de> Mon, 08 Aug 2022 17:12:52 +0200
ld-puppet (5.2.1-8) trusty; urgency=medium
[Torsten Fohrer]
* ld_legacy
- [FIX] fix typo
-- SBE network solutions GmbH <info@sbe.de> Mon, 28 Mar 2022 16:01:53 +0200
ld-puppet (5.2.1-7) trusty; urgency=medium
[Torsten Fohrer]
* ld_legacy
- [FIX] Before chown clamav socket directory check if user exists.
-- SBE network solutions GmbH <info@sbe.de> Mon, 28 Mar 2022 12:39:00 +0200
ld-puppet (5.2.1-6) trusty; urgency=medium
[Torsten Fohrer]
* hiera.d/rev-proxy:
- [FIX] Handling fail2ban on http/https connections.
-- SBE network solutions GmbH <info@sbe.de> Tue, 15 Mar 2022 12:47:18 +0100
ld-puppet (5.2.1-5) trusty; urgency=medium
[Michael Schönbeck]
* site.d/bielefeld:
- [NEW] Install megacli on ldhost
-- SBE network solutions GmbH <info@sbe.de> Tue, 08 Mar 2022 10:38:21 +0100
ld-puppet (5.2.1-4) trusty; urgency=medium
[Torsten Fohrer]
* ld_legacy:
- [FIX] Sync forgotten negative ttl values with
ld-dns-server in domain soa.
* ldmon_net::
- [FIX] gprun enforce pty allocation for correct terminal output.
-- SBE network solutions GmbH <info@sbe.de> Fri, 18 Feb 2022 14:03:01 +0100
ld-puppet (5.2.1-3) trusty; urgency=medium
[Torsten Fohrer]
* ld_rproxy:
- [NEW] Integrate fail2ban reaction to http authentication
failures (Ticket #3052)
. Enable via `ld_rproxy::fail2ban: true` in `rev-proxy.yaml`
* ld_legacy:
- [NEW] Allow sharing clamav daemon socket with host.
. Enable via `ld_legacy::lxc::clamav: true` in `ldhost.yaml`
-- SBE network solutions GmbH <info@sbe.de> Fri, 18 Feb 2022 14:00:16 +0100
ld-puppet (5.2.1-2) xenial; urgency=medium
[Michael Schönbeck]
* ld-site-bielefeld:
- [NEW] Deploy ld-home/ctrl center as default
-- SBE network solutions GmbH <info@sbe.de> Fri, 18 Feb 2022 13:59:58 +0100
ld-puppet (5.2.1-1) xenial; urgency=medium
[Torsten Fohrer]
* package:
- [REF] Add dependency:
. lsb-release
* common:
- cli.rb:
. [NEW] Add private hook dir support:
_ Normalize script name (removing private hook dir prefix).
_ Disable user/local hook scripts if run in private hook mode.
- hiera.d:
. [REF] MySQL/MariaDB containers now uses /backup for their backup
directory.
. [REF] MySQL settings:
_ Increase join_buffer_size from 128K to 2M as default
_ Enforce following values:
* wait_timeout 28800
* connect_timeout 10
* thread_cache_size 128
. All containers:
_ [REF] Redirect postfix syslog output into own logfile under
/var/log/services/postfix/YYYY-mm-dd.log
. collabora-g1:
_ [FIX] Add new location browser to collabora.
. kopano-g1:
_ [REF] Redirect amavisd output into seperate logfile.
_ [REF] kopano-search:
* Logging to standard out/error
* Let journald forward standard out/error to syslog,
with syslog identifier kopano-search.
Allowing now redirecting to own service logfile.
- ldupdate:
. [NEW] ldupdate gains *internal hook support*:
_ [REF] mv uris to hook.d/pre.update.d/uris.json
_ [NEW] hook.d/pre.update.d/distcode
. [FIX] Use correct distro to quick fetch new ld-puppetXX version
informations.
. [REF] Use --no-list-cleanup instead internal apt option
(no effect in xenial/trusty).
. [NEW] Cancel update if package updates fails at recipe update
detection.
. [NEW] In debug mode wait for 5s before showing changelog/release notes
avoiding instant screen clearing.
- sites:
. bielefeld postinst not longer replaces CUSTOMER_NAME_SHORT with
unset/empty LD_CUSTOMER_SHORT.
* 3part.d:
- mysql:
. mysqlbackup.sh ignores now performance and information schema.
* ld_acme:
- [FIX] Removing acmetool cron if not activated.
* ld_base:
- [DEL] Removing deactivated facts:
. pci_devices
. bios_and_system
. apt_extended_states
- [FIX] Deploy a patched update-ca-certificates which:
. Adapting to distro (which command to use rehash ssl store).
. And on fresh store rebuild, cleanly rebuild java keystore too.
- [FIX] Normalize systemd service names for policy-rc.d
- [FIX] Use /usr/bin/vim as selected editor
* ld_collabora:
- [NEW] Migrate/adapt replacment coolwsd (which replaces loolwsd).
- [FIX] Module dependencies for p5 fixed.
* ld_moodle:
- [FIX] Deployment/publishing of config.php corrected (updates now).
* ld_kopano:
- [FIX] Deploy own createstore script to ensure correct store locale is
used.
- [FIX] Upgrading webapp config.php file configuration to current release,
tuneable parameters via hiera (defaults):
. ld_kopano::config::webapp::enable_direct_booking: true
. ld_kopano::config::webapp::enable_public_contacts: false
. ld_kopano::config::webapp::enable_public_folders: true
. ld_kopano::config::webapp::enable_shared_contacts: true
. ld_kopano::config::webapp::gab: true
. ld_kopano::config::webapp::gab_max_results: 0
. ld_kopano::config::webapp::theme: ''
. ld_kopano::config::webapp::def_lang: 'de_DE.UTF-8'
. ld_kopano::config::webapp::langs: ['en_EN', 'de_DE']
* ld_legacy:
- [FIX] Improve handling of safe port line inserting/auto comment.
* ld_ssh:
- [NEW] Allow to define additional ssh managed logins via
ld_ssh::server::logins: []
- [NEW] Allow finetuning of following settings per login via hiera keys:
. AllowTCPForwarding -> ld_ssh::server::authorize::LOGIN::allowtcpforwarding
. PasswordAuthentication -> ld_ssh::server::authorize::LOGIN::passwordauthentication
. PubKeyAuthentication -> ld_ssh::server::authorize::LOGIN::pubkeyauthentication
. GatewayPorts -> ld_ssh::server::authorize::LOGIN::gatewayports
-- SBE network solutions GmbH <info@sbe.de> Fri, 28 Jan 2022 11:31:36 +0100
ld-puppet (5.2.0-27) xenial; urgency=medium
[Torsten Fohrer]
* ld_unifi:
- [FIX] Correcting metadata allowing access to ld_base functions.
-- SBE network solutions GmbH <info@sbe.de> Thu, 16 Dec 2021 11:18:29 +0100
ld-puppet (5.2.0-26) xenial; urgency=medium
[Torsten Fohrer]
* common:
- [FIX] ldupdate dist detection.
-- SBE network solutions GmbH <info@sbe.de> Wed, 15 Dec 2021 03:46:28 +0100
ld-puppet (5.2.0-25) xenial; urgency=medium
[Torsten Fohrer]
* ld_unifi:
- [REF] Restrict deployment to unifi 6.5/stable variants.
-- SBE network solutions GmbH <info@sbe.de> Tue, 14 Dec 2021 16:43:55 +0100
ld-puppet (5.2.0-24) xenial; urgency=medium
[Torsten Fohrer]
* common:
- [DEL] Removing graylog infrastructure/enforce disabled graylog
integration across modules.
-- SBE network solutions GmbH <info@sbe.de> Mon, 22 Nov 2021 10:06:18 +0100
ld-puppet (5.2.0-23) xenial; urgency=medium
[Torsten Fohrer]
* common:
- [FIX] Enforcing new release to deploy new ld-mobile release >= 5.7.x.
* ld_ctrl:
- [REF] Installed package tweak.
-- SBE network solutions GmbH <info@sbe.de> Mon, 22 Nov 2021 10:06:18 +0100
ld-puppet (5.2.0-21) xenial; urgency=medium
[Torsten Fohrer]
* common:
- [REF] Using ld_base::epp for following epp templates:
. ld_ssh/templates/etc/ssh/sshd_config
- ldupdate
. [NEW] Display changelog/release uri just before asking to proceed
release upgrade (just in case something goes wrong with browser).
. [NEW] Try to display a ring specific release / changelog uri,
falling back to stable changelog/release uri.
- trimming interface name for rembo5-g2 to r5g2
- map_translate don't touch ssh-ca.yaml.
- hiera.d:
. ctrl-g1:
_ Adding new deployEnvironment endpoint.
- Adapt new repo structur for collabora.
* 3part.d:
- postgresql:
. [FIX] Increase counter in connection check.
* containers:
- [NEW] Add mariadb103, for supporting kopano verified databases.
* ld_audit:
- [FIX] Tune puppet resource ordering.
* ld_ctrl:
- [NEW] Add annoucement url for control-client.
- [NEW] Installs ld-openssh on clients.
- [NEW] Specify local ca chain location.
* ld_legacy:
- [FEAT] If possible removing non-working packages from logosrv.
- [NEW] Some machines reporting that sub index on sambaSID is missing,
so add it (substring search on sambaSID, rly?).
* ld_lxc:
- [FEAT/FIX] Deploy fixup system-generator lxc.
* ld_mobile:
- [NEW] Allow to specify custom short/long name via
ld_mobile::config::[short|long]_name hiera keys.
* ld_moodle:
- [NEW] Ensure php is installed before running installer.
- [NEW] To avoid confusion in installation/upgrade process:
. validate connection information before running install_or_upgrade
script
. Using marker files managed by package preinst script
/usr/share/moodle/.upgrade and .install
. Avoid file permission changes if no install/upgrade is executed.
- [FIX] Downgrade mathjax to version 2.7.9.
* ld_network:
- [FEAT] transform_netmap now traps exceptions and puppet error with
stacktrace.
* ld_nexus:
- [NEW] Install ld-openssh
* ld_puppet:
- [FIX] Check last_run_summary.yaml readable by current user.
- [REF] To spread executing of agent better across invoking interval
implement own splay logic, which delays creating lockfiles.
Invoke prun/agent by following logic now:
. Every 15 delaying run by max 10mins
. Every 30 delaying run by max 20mins
. Hourly, delaying run by max 30mins
. Every 2 hours, delaying run by max 80mins
. Every 4 hours, delaying run by max 180mins
* ld_kopano:
- [REF] kopano group/user handling changed:
. Remove unused kopano home directory.
. If newly deployed use system ids in system range instead of user.
* ld_ssh
- [NEW] Setup fail2ban on ldhost with shorewall support
- [REF] Introduce SSH CA support managed via puppeteer[-g2]/data/ld/ssh-ca
directory:
. Deploy all found *.pub files their as ca masters
. Deploy per (login to root only, for moment) allowed ca/principal/client.
- [REF] Regenerate ldhost ssh private/public key, using now ed25519 keys for post
logosrv containers (using id_xmss to avoid overwriting existing rsa key).
- [NEW] Introduce a ed25519 key pair for use in/from puppeteer[-g2].
- [REF] Enforce managed authorized_keys file:
. To deploy own ssh keys please place them in
puppeteer[-g2]/etc/logodidact/ssh/keys/[USERNAME]/[intern,global,extern]
. Separate internal/external authorized keys, to allow access from WAN
place keys in (root only)
puppeteer[-g2]/etc/logodidact/ssh/keys/[USERNAME]/[extern,global]
- [NEW] Deployment of keys from above can be enabled/disable via hiera
keys:
. ld_ssh::server::authorize::root::extern
. ld_ssh::server::authorize::root::intern
* profile:
- [NEW] ad-sync-g1, adding proxy config support.
- [REF] Ensuring /etc/postgresql/[VERSION]/main directory structure.
- [REF] Let pgbackrest upgrade existing backup stanza (just in case), in
case database has been reinstalled
-- SBE network solutions GmbH <info@sbe.de> Tue, 09 Nov 2021 09:10:00 +0100
ld-puppet (5.1.2-3) xenial; urgency=medium
[Torsten Fohrer]
* ld_nextcloud:
- [FIX] Add REMOTE_ADDR to a way to recognize client ip.
-- SBE network solutions GmbH <info@sbe.de> Tue, 14 Sep 2021 10:31:51 +0200
ld-puppet (5.1.2-2) xenial; urgency=medium
[Torsten Fohrer]
* ld_base:
- [FIX] ldinfo, error collecting qemu machines.
* ld_puppet:
- [NEW] puppet-repo-rebuild enforces now world readable
debian archives.
-- SBE network solutions GmbH <info@sbe.de> Wed, 08 Sep 2021 12:33:32 +0200
ld-puppet (5.1.2-1) xenial; urgency=medium
[Torsten Fohrer]
* ld_base:
- [NEW] ldinfo, add ring information in logoCLOUD installation too
-- SBE network solutions GmbH <info@sbe.de> Tue, 07 Sep 2021 14:09:55 +0200
ld-puppet (5.1.2) xenial; urgency=medium
[Torsten Fohrer]
* common:
- [REF] Avoid install/upgrade passenger on each upgrade.
- [FIX] Use enviroment lock to avoid starting apache2 in
upgrade (passenger install/upgrade) run.
- [REF] Using ld_base::epp for following epp templates:
. ld_kopano/templates/webapp/config-files.php
. ld_kopano/templates/webapp/config-meeting.php
. ld_kopano/templates/webapp/config-spell.php
. ld_kopano/templates/webapp/config.php
. ld_kopano/templates/webmeetings.cfg.epp
* hiera.d:
- ctrl-g1.yaml
. [NEW] Deploy ld-home / nginx setup for that
* profiles:
- db/pgsql/server:
. [FIX] Correct/cleanup postgresql configuration for disabled
online backup.
* ld_base:
- upgrade-packages:
. [FIX] Use correct state file for package state.
. [NEW] Display which critical (managed) packages have update.
- ldinfo
. [NEW] Display which ring is current in use:
_ 0, dev, red
_ 1, testing, tomato
_ 2, beta, violet
_ 3, stable, green
- [FIX] Don't force snmpd installation on hp gen10.
* ld_mobile:
- [REF] Randomize localpart of system admin mail address.
* ld_puppet:
- [NEW] Enforce correct linked hiera.d/custom.d.
* ld_legacy:
- [FIX] Allow authenticated entries at least (fallback) same attribute
access as ldap-ro user.
- [REF] Remove unused ldap-ro.secret file.
-- SBE network solutions GmbH <info@sbe.de> Mon, 06 Sep 2021 13:56:17 +0200
ld-puppet (5.1.1-1) xenial; urgency=medium
[Torsten Fohrer]
* hiera.d:
- ldhost.yaml
. [NEW] Add internal landing page uri for ldmobile.
- ldmobile.yaml
. [FIX] Add missing openjdk installation.
* ld_base:
- [REF] Lock free implementation of ldinfo lxc/qemu listing.
- policy-rc.d:
. [REF] Additional logging output for debugging problems
. [REF] Try to guess correct puppet paths for agent, lockfile, catalog
-- SBE network solutions GmbH <info@sbe.de> Thu, 12 Aug 2021 14:50:01 +0200
ld-puppet (5.1.1) xenial; urgency=medium
[Torsten Fohrer]
* common:
- ldupdate:
. Simplify/consolidate lockfile handling.
. Correct typos.
. Enforce update trigger again short before normal prun at end of update
run.
* ld_acme:
- [FIX] acme.sh respect account mail.
* ld_base:
- [REF] upgrade-retained-packages has replaced with upgrade-system-packages
- update-policy-rc.d:
. [REF] Externalize catalog analyze and timestamp/lockfile creation.
(sharing with upgrade-packages).
- upgrade-packages:
. [REF] Now updates service starting policies itself (sharing logic with
update-policy-rc.d).
. [NEW] Enable output in system upgrade mode (-s param).
. [NEW] If a critical package or debian reboot required file exists,
after upgrade ask user for reboot.
- [NEW] Hook support gained optional timeout (via extra method) support.
- [FIX] Deploy bind-mount-data|backup hooks now correctly.
- [NEW] Coloring unmanaged containers in ldinfo.
* ld_kvm:
- [REF] Use group libvirt for daemon (adapt to new version).
* ld_nextcloud:
- [FIX] Use correct occ parameter for database type.
- [FIX] Disable nextcloud gidnumber ldap assoc.
* ld_ovs:
- [FIX] Delay interface up, waiting for ovs database.
- [FIX] Order ovsdb-server to startup before debian networking.service.
* ld_puppet:
- [DEV] Handling broken debian/changelog for version extract.
- [ENH] ld_puppet::minion::warning add ensure prop+handling
(present/absent).
-- SBE network solutions GmbH <info@sbe.de> Tue, 10 Aug 2021 17:20:42 +0200
ld-puppet (5.1.0-18) xenial; urgency=medium
[Torsten Fohrer]
* ld_mobile:
- [FIX] Multi organization handling corrected.
* 3part.d:
- nexus3_rest:
. [FIX] Broken repo group membership assign.
. [FIX] Remove ruby 2.4 dependencies.
. [UPD] Upgrade to 0.4.3 sources.
-- SBE network solutions GmbH <info@sbe.de> Thu, 05 Aug 2021 12:27:09 +0200
ld-puppet (5.1.0-17) xenial; urgency=medium
[Torsten Fohrer]
* ldmon_net:
- [REF] Prioritize database containers in gprun.
- [FIX] Enforce root owner/group of gprun.
-- SBE network solutions GmbH <info@sbe.de> Wed, 04 Aug 2021 11:30:18 +0200
ld-puppet (5.1.0-16) xenial; urgency=medium
[Torsten Fohrer]
* upgrade:
- [FIX] Add missing servername into update process.
- [FIX] Avoid bash warning in upgrade process.
* env.d:
- [REF] Default manifest add ld_fixed['servername'] by evaluate agent
version, usable in places where shortname is needed.
* profiles:
- [FIX] db/pgsql/server merging and handling of profile options and
shared_preload_libraries.
* ld_legacy
- [FIX] Avoid hardcoded ca copy target.
- [FIX] ld20_hope now runs apt-get update just in case.
-- SBE network solutions GmbH <info@sbe.de> Wed, 04 Aug 2021 00:46:53 +0200
ld-puppet (5.1.0-12) xenial; urgency=medium
[Torsten Fohrer]
* 3part.d:
- php:
. [NEW] Allow to disable that a extension is loaded
- cfssl:
. [FIX] Ensure signing.json owner/group.
- apt:
. [QoL] Instead per repo source file, use 1 for all sources.
. [QoL] Allow to disable importing gpg keys for ppa's (default=yes).
- puppet7
. [QoL] Backport puppet7 dig function.
- ca_cert:
. [NEW] Add ignore param, allowing to ignore files in ca trust dir.
* common:
- [NEW] New container pgsql13 (ip suffix 48).
- [FEAT] ldupdate:
. now updates git based deployments with new ld-puppet package too.
. Instead of cancelling update/upgrade on uncommitted changes in
/etc/logodidact, invoke a git commit session to checkin changes
directly
. On package change (ld-puppetxx) show online changelog/notes site
and ask if it's ok to run upgrade.
. Allow to disable changelog view via file existence of
/etc/logodidact/update/dont_display_release_notes
. Allow to define which interactive editor ldupdate uses via
/etc/logodidact/update/editor (fullpath to editor executable)
. Rework/sharing code between p5/p1/p7 branch in
installation/update/upgrade process
. If ldupdate detect uncommited changes, it adds them now to staging
area and opens an defined editor to commit them.
. Add a commit message that indicate that ldupdate is opening this
interactive commit session.
. Disable etc/logodidact git commit hooks avoid double execution,
libaries problems in upgrade process.
- [FEAT] Refactor repository usage:
. Using for all used repos a own mirrored package server,
which stages updates to wave out updates.
. Don't deploy repositories keys anymore directly via puppet.
Instead using keys from package ld-archive-keyring on puppeteer.
. Disable apt http pipelining because repo managment has issues
with it.
. On-the-fly creation of a minimal source list for ldupdate (using only
local repo + newest logodidact dist repo).
. Add apt-get update pre invoke hook that deletes all cached
source/package lists, avoiding repo time travels problems.
- [DEL] Remove unused module ld_java.
- [DEL] Remove icinga2 infrastructure:
. hiera profiles/modules/roles
. configuration via recipes/manifests
. container icinga2 and rabbitmq
. 3part puppet modules for rabbitmq
. removing icinga user/sudo on ldhost
. removing nagios user/group in logosrv
. removing monitoring packages from logosrv (nrpe, ld-*monitoring*)
- [REF] Unify output/processing of hiera defined users via pwgen_sys_usrs:
. ld_ctrl
. ld_samba4
. profile:
_ ad-sync-g1
. ld_legacy, ldap users
- [REF] Use ld_base::epp for
- [REF] Using ld_base::epp for following epp templates:
. ld_acme/templates/var/lib/acme/conf/responses
. ld_acme/templates/var/lib/acme/conf/target
. ld_dns/templates/record
. ld_legacy/templates/etc/bind/named.conf.puppet.d/samba
. ld_legacy/templates/etc/bind/named.conf.puppet.d/tld
. ld_legacy/templates/etc/bind/template/db.domain-rev.head
. ld_legacy/templates/etc/default/slapd
. ld_legacy/templates/etc/ldap/slapd.acl.pre.conf
. ld_legacy/templates/etc/ldap/slapd.puppet.conf
. ld_legacy/templates/etc/ldap/slapd.tail.conf
. ld_legacy/templates/etc/samba/parts/includes
. ld_legacy/templates/etc/samba/smb.conf.shares
. ld_legacy/templates/var/www/proxy.pac
. ld_mobile/templates/opt/relution/application.yaml
. ld_samba4/templates/var/lib/samba/state/sysvol/scripts/logon.bat (auto translate unix->dos encoding)
. ld_ssh/templates/etc/ssh/sshd_config
. ld_unifi/templates/etc/default/unifi
- [REF] Use ld_base::source for
. ld_kopano/files/usr/share/kopano-webapp/.htaccess
- ldinfo:
. [QoL] Tries to display errors from last available puppet agent run.
. [QoL] Add additional unmanaged hook directory for ldinfo ($HOME/.local/puppet-cm/hooks).
. [FIX] Ignore unreadable hooks.
. [REF] Remove 14.04 to 16.04 upgrade note.
- [NEW] Add generic support for other acme clients:
. Creating group le-publish (for cert access) and enlist puppet user.
. Creating /data/le/certs (for cert exchange/access from puppet, acme
clients)
. Adapting acmetool certificates by copying them to /data/le/certs in
package post installation.
. Updating a /.well-known/acme-challenge/working with a timestamp,
so user can easily check connectivity from outside.
. Redirect acme.sh syslog into /var/log/services/acme_sh/YYYY-MM-DD.log.
. Don't deploy acmetool certs to /data/le/certs if acme.sh is in use.
. Certs copied to /data/le/certs are now group writable (keep in sync
with acme.sh fix-perm file right enforcer.
. Rewrite ld_acmetool in custom.d/puppeteer.yaml to ld_acme.
- [FEAT] Script puppet-containers
. Generating a list of active containers with their guessed external
(rev-proxy) and internal uri under
/var/lib/ld-puppet/wwwroot/.well-known/logodidact/containers.json
- [REF] Port internal ruby libraries from p7.
* hiera:
- default.yaml:
. [QoL] Extend content compression in nginx by following:
_ Allow to use pre compressed files (.gz)
_ Allow compression of:
+ application/javascript
+ application/json
. Unify/use version specific mysql/mariadb settings to avoid clashes
and spreading configuration over xyz files.
- Increase sort_buffer_size to 4M (workaround relution)
- mariadb10.5 use pool of threads instead of per connection thread
reducing memory usage of database.
- mariadb10.5 listen additional on 3307 with max 5 connections
(fallback).
. [QoL] Set apache ssl ciphers/suite via mozilla intermediate config
gen.
. [QoL] Let nginx benefit from open file limits (1024 => 4096).
. [FIX] Enforce php openssl.cafile to debian cert bundle.
- nexus-g1.yaml
. [NEW] Install ld-nexus-tools.
- ldmobile.yaml
. [NEW] Using separate dist specific repository for ldmobile package.
- role.d/postgresql:
. [QoL] Instead of stderr log now to syslog.
* ld_audit:
- [REF] Allow to use external postgresql:
. Replacing database update script with own version.
- [REF] Generic cleanup / reduce recipe size.
- [REF] Deploy corrected beans.xml.
- [REF] Cleanup standalone.xml.
- [DEL] Remove unneeded java keystore managment.
* ld_base:
- [FIX] Remove duplicate gpg key file ld-archive-keyring-php.gpg.
- [FIX] Disable motd-news service/timer.
- [FIX] Repair/improve error-handling ld_install_kind.
- [NEW] Installs rng-tools on physical, vmware and hyperv machines.
- [NEW] Installs open-vm-tools on vmware machines.
- [FIX] Let user provider remove group of suroot account.
- [QoL] Detect git based puppeteer deployment:
. Read out git branch and changelog package version
. Adding branch/version from git to bash prompt
- [QoL] Adding template helper ld_base::[source|epp] that allows to override
content via files in /etc/logodiact/overrides directory:
. epp templates => overrides/templates/[MODULE_NAME/TEMPLATE-NAME]
. files templates => overrides/files/[MODULE_NAME/TEMPLATE-NAME]
. epp function injects following parameters:
- ld_fixed
- template_name
. files function uses puppet module overrides to use puppet source
download of file content instead of resource content.
. example pattern:
_ Concret
Original:
~/p/l.modules.d/ld_legacy/templates/etc/ldap/slapd.puppet.conf.epp
Override:
/etc/logodidact/overrides/templates/ld_legacy/etc/ldap/slapd.puppet.conf.epp
_ Logic
Original:
~/p/l.modules.d/[MODULE_NAME]/[TEMPLATES/FILES]/[FILEPATH]
Override:
/etc/logodidact/overrides/[TEMPLATES/FILES]/[MODULE_NAME]/[FILE_PATH]
- [NEW] Port 7.x ld_base::assert_fqdn
- [NEW] Now supporting wildcard certificates through guessing (cutting of
subdomains)
- [REF] Copying classic acmetool certificates to /date/le/certs
- [QoL] Remove mlocate from lxc containers (reduce cron daily i/o panic)
- [QoL] Disable pdiff download for localrepo.
- [FIX] Avoid starting cron in update process (= blocking cron jobs)..
- [FIX] New post prun hook reset_apt_trust which regenerate
/etc/apt/trusted.gpg if we find backuped keys (files w/~ at end)
in /etc/apt/trusted.gpg.d directory.
* ld_ca:
- [REF] Simplify root/intermediate ca deployment.
* ld_choco:
- [REF] Removed, using now ld_base::packages in nexus-g1 profile.
* ld_ctrl:
- [NEW] Use bind dn for samba ldap connection (ro).
- [NEW] Share lic string with service.
- [REF] Make ld-control-client configuration shareable with others:
. Adding dependencies at runtime (notify/require)
- [REF] Use ld-ctrl-client for authentication in ld-control-client.
- [REF] Use fqdn for ld-control-client hostname settings.
- [REF] Removing historic ansible things
- [FIX] Ordering error cannot deploy a empty application.properties before
containing directory is created.
- [REF] Purging historic /etc/ansible directory.
* ld_deploy:
- [REF] Moving functions into profile::host::deploy and hiera
* ld_dns:
- [NEW] Create list with fqdn form of cnames.
- [REF] Reusing domain $ttl from common snippet.
- [REF] Porting code from puppet 7 branch:
. DNS SRV record support puppet define.
. Creation via hiera ld_dns::srv record.
. Switching to EPP template
. Add puppet-strings documentation
. Simplify usage
* ld_git:
- [QoL] Change default comment comment char to '~' to allow using TFS
ticket references.
- [QoL] git apply ignore whitespaces changes now per default.
- [QoL] Use rebase for git pull merge as default (non-legacy/logosrv
mode).
* ld_legacy:
- [REF] Ordering ca-certificate copying/integration reducing count of runs
to deploy certificates correctly.
- [FIX] Add list of dns records that shouldn't find their way into zone.
- [FIX] Regenerate ca/server certificates to get sha256 signature.
- [FIX] Add local tld zone to avoiding query tld servers for it.
- [REF] Use shareable ld-control-client configuration.
- [FIX] Disable translations and http pipelining in apt.
- [REF] Restrict lxc by using now lxc-container-default-with-mounting
apparmor profile (revert back via ld_legacy::lxc::apparmor_profiel:
'unconfined').
- [FIX] Avoid /dev population from udev template dir (through latest
hardy updates).
- [REF] Use FQDN for ipxe script.
- [FIX] Avoid uninstalling needed packages by setting them to manual or
install them again:
. postfix-ldap
. postfix-pcre
- [FIX] Ensure that a managed list of port for CONNECT is allowed in
squid.
- [NEW] Allow clients to avoid proxy by using port 3129.
- [REF] Replace ld-wpad with puppet managed wpad:
. [NEW] Allow to enable/disable wpad (switch to always DIRECT vs PROXY)
. [NEW] Allow to avoid content filter for:
. specific domains
. SSL/TLS connections (https)
. Avoiding proxy for:
. local and s4 domain
. known internal networks
. [NEW] defined networks
- [FIX] Removing unneeded packages:
. cryptsetup
. memtest86+
. mlocate
. ntfs-3g
. parted
. popularity-contest
. pppoe
. snmp
- [QoL] Avoid deploying bashrc on each run.
- [FIX] Remove/unalias following commands
. poweroff (alias ld-reboot, not available here)
. upgrade-retained-packages (alias upgrade-packages, not available here)
- [QoL] Allow configuration of template parameters via hiera.
- [NEW] Allow to enable/disable samba filename mangling.
- [REF] Use fqdn names for ld-control-client.
- [REF] Deploy a better sysv init script for ld-control-client.
- [REF] Use legacy_config to get servernet address.
- [FIX] Reload ld-nginx on rpc-server conf change.
- [FIX] Remove ldap berkeley DB_CONFIG in case of puppet triggered
restart, to takeover new values from slap configuration.
* ld_lxc:
- [FIX] Use new staging repositories.
- [FIX] Add official lxc container gpg key too.
- [REF] Bootstrap helper:
. Copy proxy configuration/scripts into new container
. Copy apt.conf.d config for:
_ Translations
_ HTTP Pipelining
- [REF] Using puppet agent directly in rc.local instead of prun.
- [REM] Remove aliases
. lxc-i (alias lxc-info, not available here)
. lxc-restart (alias lxc-stop, not available here)
. lxc-run (alias lxc-start, not available here)
* ld_mobile:
- [REM] MySQL client configuration.
- [NEW] Using ldinfo warning messages for:
. No public address set.
. No or incorrect database set.
. Migrate to mariadb105.
. Release upgrade notes.
- [NEW] Supports ld-mobile5 package via ld_mobile::config::package_name
- [NEW] Force ordering (purging old package before install new one).
- [NEW] Try to detect if installation is upgradable and if switch to
ld-mobile5 package.
* ld_moodle:
- [NEW] Introduce support for moodle 3.11.
- [NEW] Check dns for remote db server.
- [NEW] Enforcing acl/config.php.
- [REF] Use package for moodle installation instead of own git.
- [REF] Creating MDL_DATA/install.log on install for debugging.
- [FEAT] Assign manager role to ldap admin group members.
- [FEAT] Upgrade mathjax to 3.2.0.
- [FEAT] Settings:
. Avoid language confusing on user creation (autolang, 3.11)
* ld_network:
- [QoL] New function ld_network::normalize:
. Normalize (expand network bitmask) a list of ip address w/o netmask
- [QoL] New function ld_network::is_network:
. Tests if a given addr (w/o netmask) is a correct network
- [QoL] New function ld_network::dns_a:
. Simplifiy usage of dnsquery dns_a function.
- [FIX] Reference usage of modules ld_base, dnsquery
* ld_nextcloud:
- [NEW] Automate mysql db support.
- [NEW] pgsql13 support.
- [REM] Remove unused ld_nextcloud::php_historic_version parameter.
* ld_openjdk:
. [REF] Don't redeploy x root/intermediata ca certs.
* ld_pe:
- [REF] Moving functions into deploy-g1.
* ld_puppet:
- [FIX] Use existing directory for heapdump on oom for puppetdb.
- [FIX] disable update check for puppetdb/puppetserver.
- [FIX] Increase memory from 256m to 1024m for puppetdb 5.x.
- [NEW] Adding support for other lets encrypt acme clients.
- [NEW] Add repo for trusty with a updated nginx version.
- [FIX] Removing unmanaged nginx configuration.
- [REF] Remove ipv6 listen directive.
- [REF] Port/Enhance puppet-repo-build:
. [FIX] Compress/create a repo release file.
. [FEAT] Tidy apt-ftp-archive cache database
(allow simple removal of packages)
. [QoL] Local repository configuration:
_ Add BinCacheDB to improve performance on repo rebuild.
_ Always stat files, don't use cached information.
_ all Architecture for all sections (distro).
- [FIX] Port concept enchances/fixes for local repo from 7.x branch
* ld_rproxy:
- [QoL] Remove unmanaged files from /etc/nginx/ssl.
- [NEW] New proxy template *vhost_fwd*:
. Setting Host header to host name from proxy_url
- [NEW] Class rproxy::client:
. Fine tune nginx installation for use behind additional
reverse proxy.
. Adding nginx maps to switch automatically between
internal and external (via rproxy) access.
. Add var_x_forwarded_origin var enforcing a origin host.
. Allow to define allowed origin values.
. Enforce default origin of fqdn hostname.
. Adding all known cnames in fqdn form as https origin.
. If ld_proxy::client::nginx::servers is set add location
/.well-known/logodidact/rproxy_debug.json with debug informations.
- [QoL] Avoid duplicate fragments when a "public" host is
declared multiply times (tcp/udp socket as example).
- [REF] Merge server defaults into new nginx server host.
- [NEW] Add location /.well-known/logodidact/is-wan location to all http.
based servers to indicate to allowing detecting rev-proxy
(guess that access is via wan).
* ld_samba4:
- [REF] Trigger/create /var/lib/samba/.ld-su-domjoin.adjust by
running domain_join_user_privileges.
* ld_ssh:
- [FIX] Blacklist some ssh keys.
- [QoL] Accept/send env GIT_COMMITTER_(AUTHOR|NAME) too.
* ld_ssp:
- [REF] Use hiera to define apache general settings.
* ld_syslog:
- [REF] Avoid restarting rsyslog because /var/log/services/martians got
removed.
- [REF] Add switch ld_syslog::martians to force writing logfile on every
host (defaults to false, true for lxc::host [ldhost] machines).
* ld_kopano:
- [QoL] Deploy empty /etc/kopano/admin.cfg (#2105).
- [BRK] Don't install kopano key anymore we use own repo with own key.
- [FIX] WebApp 5+ includes now some plugins, so avoid installation
standalone versions.
- [FIX] WebApp, remove php settings from .htaccess file (#2626, by jm@sbe.de)
- [FIX] Use a record for mail instead of cname which is illegal for mx
records.
* ld_unifi:
- [NEW] Allow to specify which release repository container uses:
. stable (allways latest version)
. 5.14
. 6.0
. 6.1
- [NEW] Using /data/unifi for data on generation containers (-g[1-x]).
* ld_zabbix:
- [PRT] Sync psk logic in packages.pp with p7.
* profiles:
- [REF] For better backporting support implement postgresql::server::config_entries
in profile::db::pgsql::server.
- [QoL] Backport from 7.x unattended_upgrades to a profile, allowing
install/purge of unattended_upgrades infrastructure.
- ad-sync-g1:
. Add global::domain to service urls.
- nextcloud-g1:
. [NEW] Adding php-mysql
- ad-sync-g1:
. Add global::domain to service urls.
. Remove compat enable_sync_id flag (enforce new package versions).
- ctrl-g1:
. [FIX] Hard limit client connections to server (50 per ip).
. [REF] Redirect short hostname to fqdn
. [NEW] Adept front reverse-proxy configuration via rproxy::client:
_ Log real ip of accessing client
_ Forward correct X-Forwarded attributes
. [NEW] Add basic content-security-policy:
_ Enforce https
. [NEW] Add seperate repo with nginx 1.18
. [REF] Don't redirect anything under / to /center
- deploy
. [FIX] Enforce ordering of linpe ssh key deployment.
- nextcloud-g1:
. [NEW] Adding php-mysql.
. [REF] Generalize 3part php settings (move to default.yaml).
. [REF] Avoid reloading duo php mysql extensions.
- db/pgsql/server:
. [REF] Remove unused admin_pw setter
. [REF] Allow to define postgresql::server settings via hiera.
(Close #2596)
. [QoL] Via psql -U postgres let root access databases locally.
. [REF] Use external mount point /backup for postgresql backup
. [NEW] Manage user/group postgres (enforce uid/gid values).
. [NEW] For PostgreSQL >= 10 setup a online backup via pgbackrest
saving data in /backup/pgbackrest.
. disable via profile::db::pgsql::server::online_backup: 'absent'
- rev-proxy:
. [NEW] Add seperate repo with nginx 1.18
- ssp-g1
. [REF] Generalize 3part php settings (move to default.yaml)
* schema.d:
- [REF] Use ld_acme::{mail, ensure} keys instead of old
ld_acmetool::{ensure, account_mail}.
[Olav Krapp]
* common
- [FEAT] Add pgsql-migrate script.
[Daniela Leitz]
* profiles:
- ctrl-g1:
. [NEW] Extending CORS rules to allow Header:
_ X-LD-AppName
_ X-LD-AppVersion
_ X-Auth-Permission
-- SBE network solutions GmbH <info@sbe.de> Tue, 03 Aug 2021 10:00:26 +0200
ld-puppet (5.0.57-4) xenial; urgency=high
[Torsten Fohrer]
* ld_lxc::
. [FIX] Use own lxc image repository:
. Improve setup performance with preinstalled packages
. Supports trusty/xenial/focal (without danger of removal)
-- SBE network solutions GmbH <info@sbe.de> Fri, 09 Jul 2021 14:38:17 +0200
ld-puppet (5.0.57-3) xenial; urgency=high
[Torsten Fohrer]
* hiera:
. [FIX] Using new staging repos before release of 1.4.0,
for ondrej php ppa (official removed xenial support).
. [FIX] Deploying ld-archive-keyring-php.gpg allowing access to php repo
on staging server.
-- SBE network solutions GmbH <info@sbe.de> Mon, 14 Jun 2021 12:53:09 +0200
ld-puppet (5.0.57-2) xenial; urgency=high
[Torsten Fohrer]
* ld_audit:
. [FIX] Fix wildfly batchlet processing.
* ld_openjdk:
. [FIX] Reenable tls 1.0/1.1 for jre 8 too.
-- SBE network solutions GmbH <info@sbe.de> Tue, 25 May 2021 12:47:04 +0200
ld-puppet (5.0.57-1) xenial; urgency=high
[Torsten Fohrer]
* ld_samba:
. [FIX] Fix masking in logon.bat
-- SBE network solutions GmbH <info@sbe.de> Tue, 11 May 2021 15:45:37 +0200
ld-puppet (5.0.57) xenial; urgency=high
[Torsten Fohrer]
* 3part.d:
. [NEW] Add baseurl/release repo attribute to postgresql.
* common:
. [FIX] Upgrade process:
- Streamline process, reducing agent apply calls
- Deploy static hiera.yaml, fileserver.conf, puppet.conf to
get environment up and running
- Ensure postgresql repo is deployed in upgrade process too.
* hiera:
. [NEW] For trusty use apt-archive.postgresql.org instead
of apt.postgresql.org.
* ld_legacy:
. [NEW] Setups/Deploy backup for mysql.
* ld_kopano:
. [NEW] Allow to enable/disable full gab in webapp via
hiera:
- ld_kopano::config::webapp::gab: true/false (gets inverted)
* ld_openjdk:
. [FIX] Purging packages instead of removing them only,
avoiding doing it on each run again.
* ld_puppet:
. [NEW] Add new lookup step "default.d/%{distcode}".
* ld_samba4:
. [FIX] Fix dos encoding of logon.bat (using stdlib::unix2dos).
. [NEW] Allow to set a GPO_ENABLED batch variable to 0/1 via
hiera:
- ld_samba4::ad::logon_gpo: true/false (resulting in 1/0)
* ld_mobile:
. [NEW] Allow to define store orga
* site.d:
. [NEW] ctrl-g1.yaml
- Use bootmethod grub as default
[Markus Wochnik]
* ld_mobile:
. [FIX] Adepting ldmobile configuration for version 4.78+, creating
local admin account again.
-- SBE network solutions GmbH <info@sbe.de> Mon, 10 May 2021 16:26:12 +0200
ld-puppet (5.0.56-11) xenial; urgency=high
[Torsten Fohrer]
* ld_legacy
. [FIX] ! README !
Because slapindex sometimes generate defect indexes which
leads to incorrect ldap searches.
We now regenerating complete ldap database on configuration change!
As safety measure we backup a dump / complete ldap directory in:
/root/.runner/ldap_backup.gz => DUMP
/root/.runner/ldap.tgz => offline backup of /var/lib/ldap
/var/backup/logodidact/root/.runner/ldap.tgz/ => Older backups
/var/backup/logodidact/root/.runner/ldap_backup.gz/ => Older backups
[Michael Schoenbeck]
* ld_mobile:
- [FEAT] Enable auto update of apps (check every 10h for updates).
-- SBE network solutions GmbH <info@sbe.de> Fri, 26 Mar 2021 12:34:43 +0000
ld-puppet (5.0.56-9) xenial; urgency=high
[Torsten Fohrer]
* common:
- [REF] Unify output/processing of hiera defined users via pwgen_sys_usrs:
. ld_ctrl
. ld_samba4
. profile:
_ ad-sync-g1
. ld_legacy, ldap users
* hiera:
- ldmobile-g1:
. [REF] Restart on ld_openjdk changes.
. [REF] Use java 11, remove 8.
- ctrl-g1:
. [REF] Simplify openjdk restart ld-control-service(-user-sync) logic
* ld_ctrl-g1:
. [REF] Simplify service logic
* ld_openjdk:
. [FIX] Ensure that tls1.1 is enabled
* ld_kopano:
. [NEW] Allow to define spread webmeeting turn server via configuration.
. [QoL] Reduce log verbosity of kopano components:
_ server to 3 (warning or worse)
_ presence to 3 (warning or worse)
* ld_legacy:
. [FIX] Allow pykota-admin user write all pykota attributes (list by
jm@sbe.de).
* ld_openjdk:
. [FIX] Ensure that tls1.1 is enabled
* ld_pydio:
. [FIX] Use bind dn/pw too.
-- SBE network solutions GmbH <info@sbe.de> Thu, 04 Feb 2021 09:48:51 +0000
ld-puppet (5.0.56-8) xenial; urgency=high
[Torsten Fohrer]
* ld_moodle:
- [FIX] Case typo
-- SBE network solutions GmbH <info@sbe.de> Tue, 02 Feb 2021 13:50:27 +0000
ld-puppet (5.0.56-7) xenial; urgency=high
[Torsten Fohrer]
* 3part.d:
- nexus3_reset:
. [FIX] Enforce nuget v2 for proxy repos on creation.
* ld-base:
- [FIX] Correct installation of hp tools on physical machines.
* xibo17:
- [FIX] Using ldap bind dn and password now.
* common:
- [QoL] A more generalize node name options for feature inclusions:
. Remove following suffixes -[gcln]\d+
-- SBE network solutions GmbH <info@sbe.de> Mon, 01 Feb 2021 13:24:37 +0000
ld-puppet (5.0.56-5) xenial; urgency=high
[Torsten Fohrer]
* rev-proxy:
- [FIX] Correct module metadata.
- [FIX] Correct datatype and typo in module hiera.
* ld_legacy:
- [QoL] Allow overwriting of sealed attributes
* ld_mobile:
- [QoL] Improve ldap tester to search for admin, requesting ldObjectype.
-- SBE network solutions GmbH <info@sbe.de> Mon, 01 Feb 2021 10:08:44 +0000
ld-puppet (5.0.56-4) xenial; urgency=high
[Torsten Fohrer]
* profile:
- ad-sync-g1:
. [FIX] Double deep merge dynamic/static configuration.
* site.d:
- regioit-sgt(-vw)
. [FIX] Fix configuration for intern interface on ldhost.
* ld_legacy:
- [FIX] Use currently used openldap uid/gid from logosrv.
- [FIX] Correct acl for ldap-ro (ou=users to ou=services).
- [NEW] Allow to define additional attributs for ldap-ro via
hiera key ld_legacy::ldap::ldap_ro_atts, defaults to
(['ldObjectType','ldRole'])
-- SBE network solutions GmbH <info@sbe.de> Mon, 01 Feb 2021 10:50:51 +0000
ld-puppet (5.0.56-3) xenial; urgency=high
[Torsten Fohrer]
* ld_legacy:
- [QoL] Don't panic if no "intern" interface on ldhost is configured,
avoiding ldap configuration then.
- [QoL] If we can't configure ldap assume a ldinfo message, and let prun execute ldinfo after
puppet agent run.
- [FIX] Fix typo in username of ldap-ro.
- [FIX] Allow access to ld ldap attributes from localhost.
* ld_moodle:
- [FIX] Use ldap bind pw/dn for authentication.
* doc.d:
- [NEW] vmware/phys_for_logosrv_a_ldhost:
. Add sample for vmware configuration variant phys for ldhost/logosrv
instead of switching via openvswitch.
-- SBE network solutions GmbH <info@sbe.de> Wed, 27 Jan 2021 10:13:47 +0000
ld-puppet (5.0.56-2) xenial; urgency=high
[Torsten Fohrer]
* ld_nextcloud:
- Remove now unsupported install parameter database-table-prefix.
-- SBE network solutions GmbH <info@sbe.de> Tue, 26 Jan 2021 16:32:07 +0000
ld-puppet (5.0.56-1) xenial; urgency=medium
[Torsten Fohrer]
* ld_nextcloud:
- Workaround non-uniqueness of accounts
-- SBE network solutions GmbH <info@sbe.de> Mon, 25 Jan 2021 11:43:27 +0000
ld-puppet (5.0.56) xenial; urgency=medium
[Torsten Fohrer]
* common:
- [FIX] Port color format bugfixes from p6.
- [FIX] Rewrite gem inclusion using command puppet-bundler.
- ldinfo shows now who manages this installation (monitoring).
- hiera.d
. kopano-g1
_ Avoid boolify of 'off' value for proxy_redirect setting in webmeeting.
. ctrl-g1
_ Adding autconf nginx location.
- Updating ruby gems for xenial and adding for xenial only:
. new
_ netaddr
_ mixlib-shellout
_ tty-spinner
. updating
_ commander
_ concurrent-ruby
_ excon
_ ffi
_ highline
_ json
_ locale
_ net-ldap
_ rainbow
_ rake
_ redis
_ tty-cursor
_ Upgrade process:
. Translating custom configuration for ctrl-g1 into new format
. Removing deprecated unused settings for ansible from ctrl-g1
configuration.
- Dependencies on ld-baselib-utils, ld-bootstrap:
. Removing unneeded historic packages in upgrade process.
- Use dig44 to avoid deprecation warning.
- puppet modules:
. add chown_or
_ Removing historic assurance code across:
. ldupdate
. update-licence-info (+ cron job)
. ldinfo
* profile:
- ad-sync:
. Manage GroupFilter.yaml via hiera key
'profile::host::ad_sync::groupfilters' too.
. Adding:
_ syncid from configuration
_ customer short and long name
. Enable usage of syncid for multi orga/single tenant mode via
custom.d/ad-sync-g1.yaml:
profile::host::ad_sync::enable_sync_id: true
* ld_acmetool:
- [FIX] Enforcing acme v2 api (#2399,HDE).
* ld_base:
- [FIX] Move rpc-server management into ld_legacy to allow sharing
code between places that use rpc-server (rembo,samba,ldhost,logosrv).
- [FIX] Respect non default servernet networks in rpc-server configuration.
- [FIX] Deploy a changed addusers.conf/login.defs to avoid clashes with default logosrv
user ids (SYS_UID_MAX=>799, SYS_GID_MAX=>500) [4e5ed6382]
- [FIX] To avoid uid/gid clash with suroot feature:
. Use 800 for uid and gid.
. Enforce /home/suroot (recursive) owned by uid/gid 800/800.
- Implement a basic ldap_entry type/provider to manage entries directly
via puppet.
- Packages
. Add
_ byobu
_ ca-certificates
_ ncdu
_ tmux
. Add / Physical
_ edac-utils
. Removed:
_ ca-certificates-mono
- Deploy a changed login.defs to avoid clashes with default logosrv
user ids (SYS_UID_MIN=>900, SYS_GID_MIN=>500) [#2285/921a98995]
- Adding any repository (should contain packages for all dists).
- new function hexdigest, which generate a base64 md5 digest of a given
string.
- Moving tools/packages for physical machines (hp tools as example) from
ld_icinga2 here.
* ld_ca:
- [FIX] Let anybody read public/chain/intermedia certificates not only
root and cfssl group.
- Enforce correct group of /etc/cfssl directory.
- Fix publishing of chain.pem (dashed name).
- [REF] Move renew_certificates from /usr/local/bin to /opt/puppet-cm/bin
- [REF] Use /var/backups/cfssl/YYYY-MM-DD_hh-mm-ss instead of dir in root
home.
* ld_ctrl:
- [CLEANUP] Remove icinga2 code.
- Replace ld-ansible with ld-autoconf package.
- Simplify control service configuration (puppet part) using
_create_ini_settings_ function.
* ld_mobile:
- [CLEANUP] Remove historic helper scripts.
- Correcting ldap searchBase for users and groups from absolut to relative
dn (absolute doesn't work, only for new entries).
- Remove icinga2 monitoring configuration.
- Restart service on configuration change.
- Add script 'relution-ldap-test' to help testing multi orga
installations configurations.
* ld_nextcloud:
- Restart/start apache after nextcloud installer has run (JM).
- Enforce disabled password change via nextcloud.
- Removing unneeded package version of php packages.
* ld_network:
- Deploy internal network configuration at /opt/puppet-cm/network.yaml for
debugging.
- Extended get_ip function to return different formats/kinds of ip
information.
- transform_netmap now stringify some results, and add cidr notation to
puppet structures.
* ld_puppet_gems:
- New module containing "extracted" gems needed by our modules.
* ld_samba4:
- Move utility function pwgen_sys_usrs into ld_base.
- [FIX] Certificate (pub/key) now restarts samba.
* ld_squid:
- Porting ld_squid::common from 7.x branch.
* ld_kopano:
- Using hiera_hash to lookup packages allowing to un/non-install packages
#2247.
- [FIX] #2273 Install python3-dnspython/flask so that kopano-presence works
again.
* ld_legacy:
- [FIX] Switching customer short/longname in logosrv ldinfo display (CGE).
- [FIX] Disable tty2 event handler.
- [FIX] Don't try to install ld-deploy-windows-tools on each run.
- [FIX] Respect non default servernet networks in rpc-server configuration.
- Move rpc-server.conf definition into ld_legacy, which allows now
sharing code between instances that use this service (rembo5/7,samba,ldhost,logosrv).
- Managing LDAP server in logosrv from puppet now too with following
Effects/Traits:
. Enforce strict acl who, and what everyone, authenticated and
special accounts can view, or even access.
_ Reducing ldap content visibility for normal users to basic
attributes.
_ Hide some dn trees, objects from non eligable accounts/anonymous
_ Restrict write access for ldap-admin coming from logosrv (main ip,
localhost).
_ Hiding attributes and objectclasses.
_ For compat reasons allow anonymous access from logosrv itselfs
reads access to normal attributes and objects.
. Seperate ldap-admin and "Directory Manager"
_ ldap-admin, allowing via acl write access to all normal attributes
_ "Directory Manager", full write/read to everything without even
checking any acl.
. slapd backend:
_ Increase bdb locks (lockers,locks,objects) to 5000 (from 1500).
_ Increase bdb raw page cache to 128M (20M).
. Seperate ldap-admin <=> directory manager (latter doesn't get
anything acl checked).
. Creating a ldap-ro user, and save password in
logosrv/etc/ldap.ro.secret.
. To avoid overlapping with historic logosrv tools lets slapd use
now /etc/ldap/slapd.puppet.conf as configuration (via
etc/default/slapd).
. Creating logins for external services.
. Reindex ldap (making gz backup at root/.runner/ldap_backup) on
configuration change just in case.
* ld_zabbix:
- Add ldinfo information with state of monitoring activation (MW).
- Use dig44 to avoid deprecation warning.
- Setup zabbix agent only if we get a psk.
* ld_kopano:
- Using hiera_hash to lookup packages allowing to un/non-install packages
#2247.
- [FIX] #2273 Install python3-dnspython/flask so that kopano-presence works
again.
[Waldemar Faist]
* ld_zabbix:
- Replace deprecated configuration EnableRemoteCommands.
[Michael Schoenbeck]
* ld_mobile:
- [FEAT] LD Mobile Portal branding activated
-- SBE network solutions GmbH <info@sbe.de> Thu, 21 Jan 2021 08:48:38 +0000
ld-puppet (5.0.55-9) xenial; urgency=high
[Torsten Fohrer]
* common:
- [FIX] Correct upgrade-packages upgrade:manual handling/detection.
-- SBE network solutions GmbH <info@sbe.de> Wed, 20 Jan 2021 16:07:53 +0000
ld-puppet (5.0.55-8) xenial; urgency=high
[Torsten Fohrer]
* ld_base:
- [QOL] fixes/php now restarts apache service on extensions changes.
-- SBE network solutions GmbH <info@sbe.de> Wed, 20 Jan 2021 10:07:53 +0000
ld-puppet (5.0.55-7) xenial; urgency=high
[Torsten Fohrer]
* 3part.d:
- php
. [PATCH] Patching to allow specify tag in puppet package resource.
* hiera.d:
- ssp-g1:
. [FIX] Install mbstring and php modules in specific php version
* ld_ssp:
- [FIX] Ensure ordering of php apache config after apache php is installed.
- [FIX] Fixate php module versions.
-- SBE network solutions GmbH <info@sbe.de> Wed, 20 Jan 2021 09:07:53 +0000
ld-puppet (5.0.55-6) xenial; urgency=high
[Torsten Fohrer]
* ld_puppet:
- Let prun/agent retrieve ca on each run, instead do any error prove checking
of ca cert.
-- SBE network solutions GmbH <info@sbe.de> Wed, 13 Jan 2021 10:24:19 +0000
ld-puppet (5.0.55-5) xenial; urgency=high
[Torsten Fohrer]
* ld_puppet:
- [FIX] prun not panic anymore if it encounter defect puppeteer ca cert.
-- SBE network solutions GmbH <info@sbe.de> Mon, 11 Jan 2021 09:58:05 +0000
ld-puppet (5.0.55-4) xenial; urgency=high
[Torsten Fohrer]
* ld_samba4:
- [FIX] Typos.
- [FIX] Restarting samba on cert change / deploy them after provision.
-- SBE network solutions GmbH <info@sbe.de> Fri, 11 Dec 2020 11:19:33 +0000
ld-puppet (5.0.55-3) xenial; urgency=high
[Torsten Fohrer]
* hiera.d:
- [FIX] Use http repo for postgresql on 14.04 containers.
* ld_samba4:
- [FIX] Use correct network for rpc-server.conf.
-- SBE network solutions GmbH <info@sbe.de> Fri, 04 Dec 2020 10:50:16 +0000
ld-puppet (5.0.55-2) xenial; urgency=high
[Torsten Fohrer]
* ld_samba4:
- Use symbolic instead real package name for referencing rpc-server
(ld-com-rpc-server), p5 doesn't check title AND name like p3.
-- SBE network solutions GmbH <info@sbe.de> Sat, 31 Oct 2020 10:33:40 +0000
ld-puppet (5.0.55-1) xenial; urgency=high
[Torsten Fohrer]
* ld_samba4:
- Configure rpc-server listen address via puppet now (use ip to avoid
dns quirks and dependencies).
-- SBE network solutions GmbH <info@sbe.de> Tue, 27 Oct 2020 20:17:18 +0000
ld-puppet (5.0.55) xenial; urgency=high
[Torsten Fohrer]
* containers:
- new container mariadb105:
. Runs xenial under ld-puppet1/5, focal under ld-puppet6
. Container mounts /var/lib/lxc.data/mariadb105/mysql for mysql
database. The content isn't tied to lifecyle of container.
- unifi:
. Use ubuntu xenial for new installations.
- xibo17:
. Reduce innodb_log_file_size to 5M for compatibility.
* hiera.d:
- fixed.yaml:
. Add lookup/package proxy infos about LogoDIDACT own mirror system.
- default.yaml:
. Merging configuration from mysql/mariadb host/role to simplify
configuration.
* sites:
- bielefeld:
. activate mariadb105 per default.
* ld_base/ld_lxc:
- Allow to specify a shorted veth interface name for containers
(link name is limited to 15 chars).
* ld_ca:
- Enforce correct group of /etc/cfssl directory.
- Fix publishing of chain.pem (dashed name).
* ld_lxc:
- [REF] Copy apt configuration 70Translations into lxc (bootstrap)
- lxc.hook.network doesn't complain on non configured interface if they
should be go down. (as example removed interfaced from config)
- Add possibility to remount parts of LXC_DATA to directories in
lxc rootfs.
Example:
lxc.data/mariadb10/mysql to (RUNNING LXC)/var/lib/mysql
* ld_puppet:
- Disabling unused mcollective agents on all managed nodes.
- Use correct rundir to allow saving pid file without problems.
* ld_samba:
- Place a systemd override for:
. Using /var/run/samba/samba.pid for main process detection.
. Disabling that systemd accepts that service is active when all
processes ends.
. Changing kill (stop) method so that all process in cgroup are
affected (KillMode=control-group).
- Removing automatic reboot on certificate change.
- Removing non default groups addition to ld-sysgroup.
- Set acl for ld-su-domjoin in non default fqdn scenarios too.
* ld_squid:
- Using all instead of 0.0.0.0/0 to silence squid warnings on daily
logrotate/reloads/restarts.
* ld_zabbix:
- Correct usage of dig to obtain zabbix psk key.
* ld_unifi:
- Switch to nginx as reverse proxy:
. Fast restarts on certificate changes (nginx only).
. Restarts only if certificate really changes!
. No patching of sysv / systemd service needed
- Remove not working/and needed patching for correct JAVA_HOME.
- Disable nginx http2 support for now (only supported by 16.04).
[Michael Schönbeck]
* ld_mobile:
- Education classes build from projectgroups too
-- SBE network solutions GmbH <info@sbe.de> Mon, 26 Oct 2020 09:22:56 +0000
ld-puppet (5.0.54-3) xenial; urgency=high
[Torsten Fohrer]
* ld_samba:
- Replace "computer" group addition to ld-sysgroup with "Computer" because:
. first exist only after sync is working.
. latter is a default group, and exists so always.
-- SBE network solutions GmbH <info@sbe.de> Tue, 06 Oct 2020 11:41:45 +0000
ld-puppet (5.0.54-2) xenial; urgency=high
[Torsten Fohrer]
* ld_ctrl:
- Avoid using ipaddress for nexus / graylog containers.
* ld_nextcloud
- Don't use sudo in system timer to switch execute scripts
as www-data (unit runs already under www-data).
* ld_samba:
- Using internal ca root for tls cafile parameter (backport from 6.x
branch).
-- SBE network solutions GmbH <info@sbe.de> Wed, 30 Sep 2020 08:38:09 +0000
ld-puppet (5.0.54-1) xenial; urgency=high
[Torsten Fohrer]
* ld_samba:
- Closing CVE-2020-1472/Zerologon by forcing server schannel usage:
smb.conf/GLOBAL: server schannel = yes
-- SBE network solutions GmbH <info@sbe.de> Fri, 25 Sep 2020 10:27:37 +0000
ld-puppet (5.0.54) xenial; urgency=medium
[Daniel Torkler]
* containers:
- Nginx location for validation javascript added.
[Olav Krapp]
* ld_ad_sync:
- Manage websocket address
* ld_nextcloud:
- Manage all Nextcloud dependencies
- Implement support nextcloud kerberos based sso
- Redirect http to https
- Using fake appstore, because setting not working correctly
- Using php-fpm instead embeddable php interpreter
- Implement quota reset/systemd timer to allow switching between local
/external storage mode.
* profile:
- new function: deep deletion of undefined values
[Torsten Fohrer]
* 3part/ca_cert:
- Patching to use "update-ca-certificates --fresh" for rebuilding
ca cert store
* containers:
- Creating empty puppetserver-g2 now.
- Removing maintenance network interface.
- samba4-ad:
. Remove winbind group/passwd lookup in nsswitch.conf
* consul test implementation removed.
* environment:
- Port p6 single puppetdb query for host installed detection
- Port p1 empty ('' value) hiera value workaround
- Add license key to ld_fixed
* hiera:
- default.yaml
. Updating nginx default ciphers to current best practices values.
* debian:
- Deploy feature.d directory
* ld_ca:
- Combine facts cfssl / collectcerts into collectcerts
- Try to detect defect certificates (0 byte, incomplete file structure)
and regenerate them
- Deploy predefined dhe group files (ffdhe2048-4096).
- Deploy ld10 now itself, instead of ld_base::certificates:
. Removing bootstrap ca_cert reference (not needed anymore).
. Let ld_base managed ca-certificates package.
* ld_base:
- Remove forced grub-pc installation
- Backport auto-apt-proxy from puppet6
- Proxy mode now uses logosrv.ld-servernet.servernet instead of proxy to
avoid connection issues (ip routing/selection from certain hosts).
- Using 3part module ca deployment for logosrv cert.
- Removing historic logosrv directory on containers and ca-certificate
config reference (replaced with above, cert in
/usr/local/shares/ca-certificates).
- ldinfo:
. Present different logos/texts on fact data:
_ ld_install_kind.id == 'local'
Logo: LogoDIDACT
_ ld_install_kind.id <> 'local'
Logo: LogoCLOUD
. Use upcase letter L in LogoDIDACT/CLOUD
. Move virtual text location in logo
- upgrade-packages:
. Returing now real exit-code of failed apt(-get) process instead of
generic ruby stacktrace.
. Remove never really used package mail function.
. Set packages as manual installed via package resource tag
'upgrade-packages:manual'
. Adding more line to internal ignore list.
. Add logic to handle different location/catalog formats to reduce
hassle at porting across differrent versions.
_ Guessing catalog location
p5 location >> p6 location >> p3 location
_ If data element exists move catalog root into it (so that
resources element is obtainable from catalog root.
- map_translate:
. now ignores files in hiera subdirectories (default.d/ctrl-g1.d/kerb.yaml, a.e.)
of internal hiera directories.
. Improving handling of translation errors to avoid defect configuration:
_ Extend handling of translation process via call of map_config
_ Break translation if we found a error and propagete defect run via
exit code 1 (which as example breaks executing prun on puppeteer
then).
. Fix handling in case of non existing custom.yaml, cleanup of
directories, and add additional logging.
- Removing facts pci_devices, bios_and_system, apt_extended_state,
because they seems not be used anywhere.
- Add new fact ld_install_kind that tries to detect predefined installation
kinds and allow hiera/fact/recipes now react to it for:
. Display ld_install_kind.provider in bash prompt, examples (symbolic name of setup kind)
. Display ld_install_kind.title in ldinfo Welcome line, examples (Local, Hetzner Cloud)
. React on ld_install_kind.id or 'ld_install_kind_id', examples (local, hetzner) to
- If current role is bootstrap, don't deploy ld10-ca cert via ca_cert:ca,
avoiding relationship problems.
- ld_install_kind evals metadata['bios_vendor'] as fallback if
bios_vendor fact is nil/non-string/neq to 'Hetzner'
- Don't compress localrepo packages/content files anymore, and delete
existing xz/gz/bz files from /srv/repos on puppet-repo-build run.
* ld_ca:
- Combine facts cfssl / collectcerts into collectcerts
- Try to detect defect certificates (0 byte, incomplete file structure)
and regenerate them
- Deploy predefined dhe group files (ffdhe2048-4096).
- Deploy ld10 now itself, instead of ld_base::certificates:
. Removing bootstrap ca_cert reference (not needed anymore).
. Let ld_base managed ca-certificates package.
* ld_dns:
- Using same class concept to reduce hassle in porting changes across 1.x/5.x/6.x branches.
* ld_git:
- New aliases:
. cpc => cherry-pick --continue
. cpa => cherry-pick --abort
* ld_legacy:
- Removing unused certificates
. from ca-g1 in logosrv:/etc/cfssl
. puppet ca
- Allowing to specify own server-wide/all subnet wide dhcp options via custom files located in
/etc/dhcp3/custom.d:
. global.conf
_ automatically created, empty
_ Place here server wide settings
. subnet_all.conf:
_ automatically created, empty
_ Place here settings for all subnets
- Allow to specify own subnet specific dhcp settings, if enabled via hiera
(__ld_legacy::dhcp: {per_subnet_include: true}__) located in
/etc/dhcp3/custom.d:
. Ensure that for all existing subnets a subnet_NAME_OF_SUBNET_DEVICE.conf exists!
* ld_lxc:
- Change emerg to info logging of container (post-)stop logging.
- Puppet60 upgrade pre depends/presetup backports:
. Porting mount entries for backup, data, metadata/run
. Creating bind-mount state files in data/backup dir to indicate
mounted via ...
- New fact ld_lxc_container that checks for .bind-mount in data/backup
dir.
- Write down bios_vendor to metadata.json host/container too, to work
around broken dmidecode based facts in trusty containers.
- Using now lxc-download for creating containers instead of slower
bootstrap.
- To avoid that lxc.service get killing at shutdown of lxcs after 90s,
increasing timeout of service to 7min and 30s. systemd will kill running processes
of this service after 2x TimeoutStopSec, now 15min.
* ld_nginx:
- Include html 5 boilerplate system file location protection.
* ld_nextcloud:
- Handling php version now via puppet / hiera configuration.
- Using cli installer instead of web installer.
- Because ld_nextcloud::config::system settings are now handled
differently, there some changes:
. Removing "value" encapsulation
. For moment adding a compat layer for trusted_domain subkey,
adapting old variant with "value" encap.
- Directly using a "logodidact.config.php" for base configuration
instead using api calls for them.
- Removing unused apache modules
- Add symlink in root home to nextcloud installation dir.
- Tweaking settings:
. Disable some annoying apps
_ recommendations
_ password_policy
_ serverinfo
_ logreader (use syslog now)
_ nextcloud_announcements
_ support
_ updatenotification
. Settings
_ Disable preview generation globally and per share
_ Disable access to appstore
_ Disable update-check
_ Disable upgrade via web
_ Change user template directory to /var/empty
_ Disable internal integrity check, because we need to patch files
_ Because sAMAccountName isn't perfectly unique using now 'uidNumber'
for nextcloud internal identification (ldap_export_uuid_user_attr).
_ Setting internal username to 'sAMAccountName'
(ldap_export_username_attr).
- Changing ldapGroupMemberAssocAttr from gidNumber to member to allow
correct group mapping.
- Tear down ldap group/users by using ld-sysgroup, ld-sg-exclude,
ld-sg-nextcloud-exclude.
- Using unified plugin config api to set values for user_ldap.
- Removing now unused provder/type nc_ldap.
* ld_nginx:
- Include html 5 boilerplate system file location protection.
* ld_puppet:
- prun now uses openssl bindings to check own ca.pem.
- Correct syslog identifiert for internal puppet cert autosign.
* ld_rproxy:
- Adding support to define a ssl endpoint proxy to internal address for
ldap
- Removig random dhparam.
* ld_squid:
- Clearing intercepted ssl certificates on every squid startup.
- Adding check-proxy scripts that tries to download something from
https://sbe.de via proxy.
- squid config:
. After authentication allow any client
. Using best practice ordering of authentication
* ld_syslog:
- Avoid syntax warning in newer rsyslog versions.
* profiles:
- pgsql/server:
. Allow access from localhost via tcp / md5 auth too
* profile.d:
- Add ca_cert with disabled package installation in bootstrap profile.
- Adding new configuration options gaining in ld-azure-sync 5.4:
. Exchange management:
_ MessageCannotSentToOutside, mail reply when sending outside
_ MessageCannotReceiveFromOutside, mail reply send to sender
_ GroupsThatCannotSendToOutside, list of group cn
_ UserThatCannotSendToOutisde, list of user cn
_ GroupsThatCannotReceiveFromOutside, list of group cn
_ UsersThatCannotReceiveFromOutside, list of user cn
-- SBE network solutions GmbH <info@sbe.de> Mon, 21 Sep 2020 07:26:44 +0000
ld-puppet (5.0.51) xenial; urgency=medium
[Olav Krapp]
* ld_nexus
- refactored
[Torsten Fohrer]
* profile:
- Only install postgres-contrib in postgresql versions prior 10.
* containers:
- ad-sync-g1:
- Get's now powershell via new module ld_pwsh installed.
- Increase interval to 5mins (up from 30s).
* 3part.d:
- Removing unneeded testing/building framework from dnsquery module
(50mb).
-- SBE network solutions GmbH <info@sbe.de> Mon, 18 May 2020 08:01:37 +0000
ld-puppet (5.0.50) xenial; urgency=medium
[Olav Krapp]
* common
- cleaning up outdated puppet CA
* ld_ctrl
- assume that ld-control-service.service is always available
-- SBE network solutions GmbH <info@sbe.de> Wed, 22 Apr 2020 07:27:43 +0000
ld-puppet (5.0.49) xenial; urgency=medium
[Michael Schönbeck]
* site-bielefeld
- activated ad-sync-g1 and ssp-g1
- added ssp to rev-proxy
-- SBE network solutions GmbH <info@sbe.de> Thu, 09 Apr 2020 08:26:12 +0000
ld-puppet (5.0.48) xenial; urgency=medium
[Olav Krapp]
* ld_samba4
- samba4-ad LXC is rebooted after SSL key changing
-- SBE network solutions GmbH <info@sbe.de> Fri, 03 Apr 2020 18:45:43 +0000
ld-puppet (5.0.47-2) xenial; urgency=medium
[Olav Krapp]
* ld_ctrl
- only existing services are managed
-- SBE network solutions GmbH <info@sbe.de> Fri, 03 Apr 2020 09:49:45 +0000
ld-puppet (5.0.47-1) xenial; urgency=medium
[Michael Schönbeck]
* ld_kopano:
- removed kopano-contacts dependency
* site-regioit-sgt:
- enable unattended_upgrades
- monitoring enabled
* site-regioit-sgt-vw:
- enable unattended_upgrades
- monitoring enabled
-- SBE network solutions GmbH <info@sbe.de> Thu, 26 Mar 2020 11:03:40 +0000
ld-puppet (5.0.46~3) xenial; urgency=medium
[Torsten Fohrer]
* containers:
- new container ad-sync-g1, providing azure/office
connector.
* common:
- Deployment of ad-sync connector functions across
ctrl-g1, ad-sync containers, setup.
* hiera:
- Increasing some postgresql default settings:
. max connections to 256
. shared buffers to 128mb general, 512mb
. slightly increase checkpoint completion target.
* ld_samba:
- Using logodidact ca certificates for samba now,
(temporary removing possibility to usw own certificates).
[Olav Krapp]
* ld_nextcloud:
- Implementing deleting of external storage.
-- SBE network solutions GmbH <info@sbe.de> Wed, 19 Mar 2020 09:28:18 +0000
ld-puppet (5.0.45-2) xenial; urgency=medium
[Torsten Fohrer]
* ld_quota:
- Force include of systemd::systemctl::daemon_reload
-- SBE network solutions GmbH <info@sbe.de> Wed, 19 Mar 2020 09:28:18 +0000
ld-puppet (5.0.45-1) xenial; urgency=medium
[Torsten Fohrer]
* common:
- Backport global::network lookup handling.
* ld_quota:
- Disable and masking services on 16.04 hosts.
[Olav Krapp]
* ld_nextcloud:
- Setup redis server as memcache for operations.
-- SBE network solutions GmbH <info@sbe.de> Mon, 19 Mar 2020 09:30:57 +0000
ld-puppet (5.0.45) xenial; urgency=medium
[Michael Schönbeck]
* ld_nextcloud
- PHP 7.3 for NC18
-- SBE network solutions GmbH <info@sbe.de> Mon, 16 Mar 2020 17:07:57 +0000
ld-puppet (5.0.44-4) xenial; urgency=medium
[Torsten Fohrer]
* upgrade
- Ensure working hiera.yaml
-- SBE network solutions GmbH <info@sbe.de> Thu, 20 Feb 2020 19:17:51 +0000
ld-puppet (5.0.44-3) xenial; urgency=medium
[Torsten Fohrer]
* ld_legacy:
- No ipxe option for non ld_deploy setups.
-- SBE network solutions GmbH <info@sbe.de> Thu, 20 Feb 2020 19:17:51 +0000
ld-puppet (5.0.44-2) xenial; urgency=medium
[Torsten Fohrer]
* ld_base:
- Fix syntax from backport for p5 (no puppet types supported in p5).
-- SBE network solutions GmbH <info@sbe.de> Thu, 20 Feb 2020 19:17:51 +0000
ld-puppet (5.0.44-1) xenial; urgency=medium
[Torsten Fohrer]
* ld_legacy:
- Fix porting typo (forgotten to remove p6 type completly).
-- SBE network solutions GmbH <info@sbe.de> Thu, 20 Feb 2020 15:13:51 +0000
ld-puppet (5.0.44) xenial; urgency=medium
[Torsten Fohrer]
* ld_legacy:
- Backport 0f245bb55 eaf0c6c3a
. LD Deploy is now default for UEFI clients, regardless of rembo.
. Unify internal template file names.
. Regenerate dhcp configuration if templates changes.
. Let ipxe not waiting for proxy-dhcp (official tweak) via dhcp option.
. Removing unused option declaration for PXE.mtftp, arch.
* upgrade:
- Moving existing etc/logodidact/hosts/puppeteer conf to puppeteer-g2 if this
doesn't exist.
-- SBE network solutions GmbH <info@sbe.de> Wed, 19 Feb 2020 12:58:18 +0000
ld-puppet (5.0.43) xenial; urgency=medium
[Torsten Fohrer]
* debian:
- Add dependency pwgen.
* ld_update:
- Refresh localrepo too [0aad67f19].
- Correct static dns entries [7cf67b152,f2c8bb5f7->59a97fe24,0ba18f5c4]
* ldinfo:
- Upport zabbix monitoring informations.
* ld_puppet/common:
- Removing puppet g1 deployment infrastructure.
- Remove bogus/now duplicated /var/backup file resource from redis.pp (side effect of #1918).
* ld_base
- upgrade-packages:
- Backport upgrade-packages to fix problems with local-repos (#168).
- Ignore more output from apt.
- Backport permission change on /var/backups to allow all users/proccess
access their own backup directories (#1918).
- Backport ld_systemd removal.
- Backport systemd timer creation.
- Backport bf5a0b61d, removing /etc/apt/apt.conf.d/90forceyes
* ld_puppet:
- Using systemd timer for prun on systemd enabled systems.
- [1f60c4dd7] Add invoked by cron argument to systemd timer.
* ld_nextcloud:
- Using systemd timer, and run now every 15 mins.
- [d431f4408] Correcting created timer.
* ld_legacy:
- Backport [8fb87c654], [d84dea871], [317bce9eb] that generates a correct r5.conf and rembo5.conf #1916.
* ld_mobile
- For backward compatible, port md5 rand string generation from p3
and add it to ld-mobile-local-admin.name with reminder which technician
should use (or try :->).
-- SBE network solutions GmbH <info@sbe.de> Tue, 11 Feb 2020 08:53:30 +0000
ld-puppet (5.0.41) xenial; urgency=medium
[Torsten Fohrer]
* ldupdate
- Update xenial source list instead of trusty.
- Move site adapting into update script instead of package postinst (env).
* profile/ntp/server:
- Fix switching from default to custom ntp server list.
* ld_puppet:
- Don't install myself via own server recipe.
-- SBE network solutions GmbH <info@sbe.de> Fri, 17 Jan 2020 13:06:35 +0000
ld-puppet (5.0.40) unstable; urgency=medium
[Torsten Fohrer]
* ldinfo:
- Fix external hookname to fact name conversion.
- Don't stop processing external facts after first empty one.
- Check directory for readable before trying to list them.
[Waldemar Faist]
* ld_collabora
- 64eccf4c: Merged PR 202: Hotfix: Collabora 4.2 compatibility
-- SBE network solutions GmbH <info@sbe.de> Wed, 15 Jan 2020 15:33:55 +0000
ld-puppet (5.0.39) xenial; urgency=medium
[Olav Krapp]
* ld_legacy:
- dns adapted to puppet5
* ld_zabbix:
- own apt repository is used instead of the official one
-- SBE network solutions GmbH <info@sbe.de> Fri, 06 Dec 2019 16:24:36 +0100
ld-puppet (0.0.38) xenial; urgency=medium
[Christian Sommer]
* ld_base:
- switched path of puppet5 migration scripts
[Sandy-Marko Knauer]
* ldinfo:
- updated hostname in update information
-- SBE network solutions GmbH <info@sbe.de> Thu, 28 Nov 2019 08:32:00 +0000
ld-puppet (0.0.37) xenial; urgency=medium
[Michael Schönbeck]
* site-bielefeld:
- moved puppeteer.yaml to puppeteer-g2.yaml
-- SBE network solutions GmbH <info@sbe.de> Mon, 25 Nov 2019 23:19:11 +0000
ld-puppet (0.0.36) xenial; urgency=medium
[Christian Sommer]
* ld_base:
- added some more icinga2 packages to be removed in cleanup.pp
-- SBE network solutions GmbH <info@sbe.de> Thu, 21 Nov 2019 05:11:00 +0000
ld-puppet (0.0.35) xenial; urgency=medium
[Christian Sommer]
* added ld_base::cleanup
* ld_samba4:
- added optional additional network interfaces for samba via hiera
* ld_kvm:
- fixed typo in network template causing network to be unavailable
* ldupdate:
- starting puppetdb before trying to do a puppet run
-- SBE network solutions GmbH <info@sbe.de> Wed, 20 Nov 2019 06:11:00 +0000
ld-puppet (0.0.34) xenial; urgency=medium
[Christian Sommer]
* fixed puppet-passwd
-- SBE network solutions GmbH <info@sbe.de> Tue, 19 Nov 2019 12:08:00 +0000
ld-puppet (0.0.33) xenial; urgency=medium
[Christian Sommer]
* ld_base:
- request letsencrypt certificates from puppeteer in lower case even customer_short has CAPITAL letters
* ld_icinga2:
- removed
* ld_rabbitmq:
- removed
* ld_puppet::master:
- removed
* ldmon_net:
- unconfigure openvpn used for icinga2 monitoring
- moved gprun to ld_base module
- moved ldmon.net to ld_puppet
* profile::maintenance:
- removed
-- SBE network solutions GmbH <info@sbe.de> Thu, 07 Nov 2019 12:25:00 +0000
ld-puppet (0.0.32) xenial; urgency=medium
[Michael Schönbeck]
* ld_mobile:
- readded user_loginFilterTemplate
-- SBE network solutions GmbH <info@sbe.de> Tue, 05 Nov 2019 04:18:03 +0000
ld-puppet (0.0.31) xenial; urgency=medium
[Christian Sommer]
* ldupdate:
- fixed issue with puppetdb and puppetserver not restarting after update
*ld_icinga2:
- remove icinga2 modules and references
-- SBE network solutions GmbH <info@sbe.de> Thu, 31 Oct 2019 07:18:00 +0000
ld-puppet (0.0.30) xenial; urgency=medium
[Michael Schönbeck]
* ld_mobile:
- changed application.yml for ldmobile > 4.54
- former users are beeing deleted
[Markus Wochnik]
* updated zabbix agent to version 4.4
-- SBE network solutions GmbH <info@sbe.de> Wed, 30 Oct 2019 05:57:00 +0000
ld-puppet (0.0.29) xenial; urgency=medium
* ld_squid:
- renew squid ssl database after changing host, root or intermediate certificates
-- SBE network solutions GmbH <info@sbe.de> Thu, 24 Oct 2019 07:17:00 +0000
ld-puppet (0.0.28) xenial; urgency=medium
[Christian Sommer]
* ld_puppet:
- added ssl certificate management
* ld_zabbix:
- switched repo for ld-zabbix packages
* ld_base:
- install ld-licensting-agent
-- SBE network solutions GmbH <info@sbe.de> Wed, 23 Oct 2019 06:54:00 +0000
ld-puppet (0.0.27) xenial; urgency=medium
[Michael Schönbeck]
* ld_mobile:
- added teacher functionality
-- SBE network solutions GmbH <info@sbe.de> Mon, 14 Oct 2019 16:42:49 +0000
ld-puppet (0.0.26) xenial; urgency=high
[Christian Sommer]
* ld_ca:
- added automatic replacement of certificates on customer name change
* ld_choco:
- added ld_lgpo and ld_nircmd packages to be installed in ld_choco
* ld_base:
- added option to ensure package(s) to latest
* ldmon_net
- removed mon_ctrl_client
- removed icinga2 related files and cron jobs (WIP)
* ld_zabbix:
- install and configure zabbix
* set icinga2 to not available in puppet modules
* ld_ca fixed bug in ld_ca when re-generating certificates
* fixed renewal of certificates on ldhost
* fixed ld-control-client restart in logosrv after renewal of certificates
* restart client services after exchange of root/intermediate certificate(s)
and certificate chain
* restart nginx in ctrl-g1, deploy-g1 and graylog-g1 after exchange
of certificate(s)
[Torsten Fohrer]
* ld_base:
- Managed user profile:
- deploy a .profile (copied from ubuntu)
- allowing adding own fragments to user .bashrc
- move handling user specific profile handling into ld_base::profile
* ld_lxc:
- Remove unused facter import in lxc hook
* ld_qbittorent:
- Introduce openfiles service parameter to allow fine-tuning of
of/connection related setting (from os/system side!).
* ld_samba:
- Don't use 'Domain Guests' for ld-su-domjoin in older samba version
we cannot logon on shares with this.
[Olav Krapp]
* removed icinga2 configuration in site packages
-- SBE network solutions GmbH <info@sbe.de> Tue, 08 Oct 2019 07:50:00 +0000
ld-puppet (0.0.25) xenial; urgency=medium
[Michael Schönbeck]
* fixed site packages
-- SBE network solutions GmbH <info@sbe.de> Tue, 01 Oct 2019 15:20:58 +0000
ld-puppet (0.0.24) xenial; urgency=medium
[Christian Sommer]
* ld_ca:
- added automatic replacement of certificates on customer name change
* ld_choco:
- added ld_lgpo and ld_nircmd packages to be installed in ld_choco
* ld_base:
- added option to ensure package(s) to latest
* ldmon_net
- removed mon_ctrl_client
- removed icinga2 related files and cron jobs (WIP)
* ld_zabbix:
- install and configure zabbix
* set icinga2 to not available in puppet modules
* ld_ca fixed bug in ld_ca when re-generating certificates
[Torsten Fohrer]
* ld_base:
- Managed user profile:
- deploy a .profile (copied from ubuntu)
- allowing adding own fragments to user .bashrc
- move handling user specific profile handling into ld_base::profile
* ld_lxc:
- Remove unused facter import in lxc hook
* ld_qbittorent:
- Introduce openfiles service parameter to allow fine-tuning of
of/connection related setting (from os/system side!).
* ld_samba:
- Don't use 'Domain Guests' for ld-su-domjoin in older samba version
we cannot logon on shares with this.
-- SBE network solutions GmbH <info@sbe.de> Sun, 29 Sep 2019 20:03:31 +0000
ld-puppet (0.0.23) xenial; urgency=medium
[Michael Schönbeck]
* site-bielefeld:
- removed icinga2 from ldhost.yaml
- removed icinga2.yaml
* site-regioit-sgt
- removed icinga2.yaml
* site-regioit-sgt-vw
- removed icinga2.yaml
[Christian Sommer]
* switched usage of facts['virtual'] to facts['ld_virtual']
[Michael Schönbeck]
* site-bielefeld:
- removed icinga2 from ldhost.yaml
- removed icinga2.yaml
* removed site-regioit-sgt (puppet5 only)
* ld-kopano:
- enable shared user contacts
-- SBE network solutions GmbH <info@sbe.de> Tue, 24 Sep 2019 22:05:45 +0000
ld-puppet (0.0.22) xenial; urgency=medium
[Torsten Fohrer]
* ld_ctrl:
- To avoid rotating ansible logfiles (already rotated logs!), move them
into a subdir named history (var/log/ansible/hosts/history).
- Enforce max age of keeped rotated logfiles to 15 days (default value).
- Improve/correct logrotate for ansible playbook logs:
- Because ansible doesn't support custom formatting of logplay output,
we need to move files out of log dir to avoid rotating rotated files.
- Use -YYYYMMDD as rotate extension for logrotate
- Don't create empty logfile for rotated logs
- Don't mail about rotating
* ld_puppet:
- ldinfo:
- now reads env facts from .metadata if it exists
- stores .metadata data under metadata fact key ala puppet fact metadata
* ld_base:
- Adjust to changes in facts metadata and ld_virtual (new)
* ld_ansible:
- Activate that ansible retries ssh execution if it detects a ssh connection
failure (ansible.cfg=>ssh_connection->retries), 30 times.
* ld_ssh:
- Accept/send GIT_AUTHOR_NAME/GIT_AUTHOR_EMAIL env vars
[Christian Sommer]
* added ld-su-domjoin user creation in samba4-ad
[Olav Krapp]
* install ld-deploy-windows-openssh
[Torsten Fohrer]
* various winrm/ssh settings
[Kai Fieger]
* added nginx locations for ld-control-agent and ld-console
-- SBE network solutions GmbH <info@sbe.de> Wed, 04 Sep 2019 12:31:00 +0000
ld-puppet (0.0.21) xenial; urgency=medium
[Michael Schönbeck]
* site-regioit-sgt
- nextcloud-g1 reduced configs after merge fix
- kopano-g1 basic yaml for SMTP delivery and performance
- mysql56 yaml for higher performance
- ldhost open-iscsi installed
- kopano base-config
* site-regioit-sgt-vw
- nextcloud-g1 reduced configs after merge fix
- kopano-g1 basic yaml for SMTP delivery and performance
- mysql56 yaml for higher performance
- ldhost open-iscsi installed
- kopano base-config
-- SBE network solutions GmbH <info@sbe.de> Mon, 02 Sep 2019 11:31:36 +0000
ld-puppet (0.0.20) xenial; urgency=medium
[Christian Sommer]
* removed deprecated hiera lookups and switched to lookup()
-- SBE network solutions GmbH <info@sbe.de> Fri, 23 Aug 2019 06:26:00 +0000
ld-puppet (0.0.19) xenial; urgency=medium
-- SBE network solutions GmbH <info@sbe.de> Wed, 04 Sep 2019 12:31:00 +0000
ld-puppet (0.0.18) xenial; urgency=medium
[Christian Sommer]
* merged puppet3 changes
-- SBE network solutions GmbH <info@sbe.de> Mon, 12 Aug 2019 08:50:10 +0000
ld-puppet (0.0.17) xenial; urgency=medium
[Michael Schönbeck]
* site-regioit-sgt
- container start delay 5 seconds
-- SBE network solutions GmbH <info@sbe.de> Thu, 18 Jul 2019 11:36:02 +0000
ld-puppet (0.0.17) xenial; urgency=medium
[Christian Sommer]
* added some stuff
-- SBE network solutions GmbH <info@sbe.de> Tue, 15 Jul 2019 11:00:00 +0000
ld-puppet (0.0.16) xenial; urgency=medium
[Christian Sommer]
* Updated deprecated Kopano config settings
* fixed removal of Postgresql DB backups
* Updated nextcloud config settings
* modified nexus default repo configuration
* added option to set custom ntp servers in ldhost via hiera
[Olav Krapp]
* added ld_choco puppet module
[Michael Schönbeck]
* site-regioit-sgt:
- added postinst script
-- SBE network solutions GmbH <info@sbe.de> Tue, 25 Jun 2019 11:28:00 +0000
ld-puppet (0.0.15) xenial; urgency=medium
[Christian Sommer]
* fixed oracle java issue in ldupdate
[Michael Schönbeck]
* site-bielefeld:
- sorted containers alphabeticaly
- activated nexus-g1 and graylog-g1
- disabled usb-backup check
-- SBE network solutions GmbH <info@sbe.de> Wed, 19 Jun 2019 06:05:00 +0000
ld-puppet (0.0.14) xenial; urgency=medium
[Christian Sommer]
* chaged prun cron job to run every 4 hours as default
* switched audit container from oracle java to openjdk
* generalization of site package generator
* 3part.d
- rabbitmq module now uses default gpg key settings
- archive module updated from 1.3.0 to 3.2.1
- rabbitmq module updated from 5.6.0 to 9.0.0
- systemd module updated from 0.4.0 to 2.5.1
* site-bielefeld:
- removed partner repo
* site-regioit-sgt:
- initial release
- automatic update
- defined default containers
* Bugfixes
- fixed issue using custom ssh private/public key pairs with comment in public key
- fixed deployment of root/intermediate certificates with CAPITAL letters in
customer shortname
-- SBE network solutions GmbH <info@sbe.de> Wed, 20 May 2019 10:00:00 +0000
ld-pupept (0.0.13) xenial; urgency=high
[Christian Sommer]
* switched Oracle Java to openJDK in most containers
* switched lxc-attach to lxc-ssh
* some more work to do.
ld-puppet (0.0.12) xenial; urgency=high
[Christian Sommer]
* logosrv:
- fixed dhcp3-server shutdown issue
* ld_puppet
- fixed removal of old software assurance cron job
* puppeteer
- switched Oracle Java to openJDK
* ld_squid:
- squid installation can optionally be disabled via hiera
* ld_ansible:
- remove proxy information from group vars if squid is disabled
* ld_unifi
- switched Oracle Java to openJDK
* ld_mobile
- switched Oracle Java to openJDK
* ld_nexus:
- fixed setup issue - give service some time to startup
- switched Oracle Java to openJDK
-- SBE network solutions GmbH <info@sbe.de> Tue, 21 May 2019 12:00:00 +0000
ld-puppet (0.0.11) xenial; urgency=high
[Christian Sommer]
* minor updates
* work in progress
-- SBE network solutions GmbH <info@sbe.de> Thu, 11 Apr 2019 13:15:00 +0000
ld-puppet (0.0.10) xenial; urgency=high
[Christian Sommer]
* minor updates
-- SBE network solutions GmbH <info@sbe.de> Thu, 11 Apr 2019 13:15:00 +0000
ld-puppet (0.0.9) xenial; urgency=high
[Christian Sommer]
* minor updates
-- SBE network solutions GmbH <info@sbe.de> Thu, 08 Ap 2019 10:00:00 +0000
ld-puppet (0.0.8) xenial; urgency=high
[Christian Sommer]
* minor updates
-- SBE network solutions GmbH <info@sbe.de> Thu, 28 Mar 2019 13:20:00 +0000
ld-puppet (0.0.7) xenial; urgency=high
[Christian Sommer]
* minor updates
-- SBE network solutions GmbH <info@sbe.de> Wed, 27 Mar 2019 10:45:00 +0000
ld-puppet (0.0.6) xenial; urgency=high
[Christian Sommer]
* minor updates
-- SBE network solutions GmbH <info@sbe.de> Thu, 21 Mar 2019 15:45:00 +0000
ld-puppet (0.0.5) xenial; urgency=high
[Christian Sommer]
* keeping things up to date
-- SBE network solutions GmbH <info@sbe.de> Thu, 21 Mar 2019 13:30:00 +0000
ld-puppet (0.0.4) xenial; urgency=high
[Christian Sommer]
* keeping things up to date
-- SBE network solutions GmbH <info@sbe.de> Wed, 13 Mar 2019 15:40:00 +0000
ld-puppet (0.0.3) xenial; urgency=high
[Christian Sommer]
* merged ld-puppet10
-- SBE network solutions GmbH <info@sbe.de> Wed, 6 Feb 2019 08:45:00 +0000
ld-puppet (0.0.2) xenial; urgency=high
[Christian Sommer]
* updated 3rd party modules
* fixed dependencies
-- SBE network solutions GmbH <info@sbe.de> Fri, 21 Dec 2018 11:00:00 +0000
ld-puppet (0.0.1) xenial; urgency=high
[Christian Sommer]
* test release:
- testing installation of puppet 5
-- SBE network solutions GmbH <info@sbe.de> Mon, 10 Dec 2018 09:00:00 +0000