From be10d6057a5f197164454dcb3101122f2eb8073e Mon Sep 17 00:00:00 2001 From: Patrik Holmqvist Date: Thu, 10 Oct 2024 16:46:37 +0200 Subject: [PATCH 01/10] fail2ban: true is already default in puppet-sunet --- global/overlay/etc/puppet/cosmos-rules.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index 040bf92..eec2e82 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -5,7 +5,6 @@ sunet::server: disable_all_local_users: true disable_ipv6_privacy: true - fail2ban: true install_scriptherder: true unattended_upgrades: true ntpd_config: false From f3f94faddeb152ea8300bef37532cb4ae5d0407e Mon Sep 17 00:00:00 2001 From: Patrik Holmqvist Date: Thu, 10 Oct 2024 16:48:13 +0200 Subject: [PATCH 02/10] Try with sshd_config: false. There is some kind of conflict that removes this each time. Subsystem sftp internal-sftp Resulting in ci-worker-2 being unable to publish packages. --- global/overlay/etc/puppet/cosmos-rules.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index eec2e82..eee2680 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -38,6 +38,13 @@ pypi-1.sunet.se: nodename: A8P9U1IAR58I backup_dirs: - '/opt/pypi/packages' + sunet::server: + disable_all_local_users: true + disable_ipv6_privacy: true + install_scriptherder: true + unattended_upgrades: true + ntpd_config: false + sshd_config: false test-das-federator.lab.sunet.se: sunet::certbot::acmed: From 917b5bf028c7c0f00e368e861462fc806bba1e1e Mon Sep 17 00:00:00 2001 From: Patrik Holmqvist Date: Thu, 10 Oct 2024 16:54:27 +0200 Subject: [PATCH 03/10] remove som more settings to see if it helps --- global/overlay/etc/puppet/cosmos-rules.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index eee2680..1414581 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -39,9 +39,7 @@ pypi-1.sunet.se: backup_dirs: - '/opt/pypi/packages' sunet::server: - disable_all_local_users: true disable_ipv6_privacy: true - install_scriptherder: true unattended_upgrades: true ntpd_config: false sshd_config: false From 8848709ab74591a7edeb5e4d7af66b8a8f96a46e Mon Sep 17 00:00:00 2001 From: Patrik Holmqvist Date: Fri, 11 Oct 2024 10:05:35 +0200 Subject: [PATCH 04/10] Remove custom cosmos-modules.conf from pypi-1 --- pypi-1.sunet.se/overlay/etc/puppet/cosmos-modules.conf | 6 ------ 1 file changed, 6 deletions(-) delete mode 100644 pypi-1.sunet.se/overlay/etc/puppet/cosmos-modules.conf diff --git a/pypi-1.sunet.se/overlay/etc/puppet/cosmos-modules.conf b/pypi-1.sunet.se/overlay/etc/puppet/cosmos-modules.conf deleted file mode 100644 index 0bcd935..0000000 --- a/pypi-1.sunet.se/overlay/etc/puppet/cosmos-modules.conf +++ /dev/null @@ -1,6 +0,0 @@ -# name source (puppetlabs fq name or git url) upgrade (yes/no) -# - -augeas https://github.com/SUNET/puppet-augeas.git yes sunet-2* -sunet https://github.com/SUNET/puppet-sunet.git yes stable-2023v1-2* - From 65bffafa6bd39f0a369fbcaba222a239461b3a51 Mon Sep 17 00:00:00 2001 From: Patrik Holmqvist Date: Fri, 11 Oct 2024 10:28:51 +0200 Subject: [PATCH 05/10] Remove custom tag for pypi-1 --- global/overlay/etc/puppet/setup_cosmos_modules | 2 -- 1 file changed, 2 deletions(-) diff --git a/global/overlay/etc/puppet/setup_cosmos_modules b/global/overlay/etc/puppet/setup_cosmos_modules index f52a2a7..f5113a7 100755 --- a/global/overlay/etc/puppet/setup_cosmos_modules +++ b/global/overlay/etc/puppet/setup_cosmos_modules @@ -120,8 +120,6 @@ def main(): modules["sunet"]["tag"] = "pahol-influx*" if host_info["fqdn"] == "pahol-test1.sunet.se": modules["sunet"]["tag"] = "pahol-baas2-2*" - if host_info["fqdn"] == "pypi-1.sunet.se": - modules["sunet"]["tag"] = "pahol-pypi-dockerhost2*" # Build list of expected file content file_lines = create_file_content(modules) From 388fcdd0f81aac94ba7e1bc1bfd12fc0144958ff Mon Sep 17 00:00:00 2001 From: Patrik Holmqvist Date: Tue, 15 Oct 2024 15:21:50 +0200 Subject: [PATCH 06/10] monitornetops-sto1-prod-1.sunet.se added --- monitornetops-sto1-prod-1.sunet.se/README | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 monitornetops-sto1-prod-1.sunet.se/README diff --git a/monitornetops-sto1-prod-1.sunet.se/README b/monitornetops-sto1-prod-1.sunet.se/README new file mode 100644 index 0000000..a18dac1 --- /dev/null +++ b/monitornetops-sto1-prod-1.sunet.se/README @@ -0,0 +1,3 @@ + +The system documentation is in the docs directory of the multiverse repository. + From 81109a75a859204993046b85fd8e0863001a1bd8 Mon Sep 17 00:00:00 2001 From: Patrik Holmqvist Date: Tue, 15 Oct 2024 15:46:25 +0200 Subject: [PATCH 07/10] Add cosmos rules for monitornetops-sto1-prod-1.sunet.se --- global/overlay/etc/puppet/cosmos-rules.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index 1414581..bc6348a 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -20,6 +20,26 @@ metrics-cd-test-1.sunet.se: - '130.242.121.23/32' # vpn1.sunet.se - '192.36.171.97/32' # graph-internal-1.sunet.se +monitornetops-sto1-prod-1.sunet.se: + sunet::dockerhost2: + sunet::naemon_monitor: + domain: monitornetops.sunet.se + naemon_tag: v2024-03-05-01 + thruk_tag: v2024-02-12-01 + histou_tag: v2023-10-04-02 + nagflux_tag: v2023-10-04-01 + thruk_admins: + - mariah@sunet.se + - pahol@sunet.se + - paulo@sunet.se + - jonas@sunet.se + - salu@sunet.se + - thorslund@sunet.se + thruk_users: + - '*@sunet.se' + default_host_group: sunet::nagios::nrpe + nrpe_group: sunet::nagios::nrpe + pahol-test1.sunet.se: sunet::baas2: version: 8.1.22.0 From 174df0c10172c19abb2124b18ad040002babd034 Mon Sep 17 00:00:00 2001 From: Patrik Holmqvist Date: Tue, 15 Oct 2024 15:51:48 +0200 Subject: [PATCH 08/10] Influx password was required --- .../overlay/etc/hiera/data/local.eyaml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 monitornetops-sto1-prod-1.sunet.se/overlay/etc/hiera/data/local.eyaml diff --git a/monitornetops-sto1-prod-1.sunet.se/overlay/etc/hiera/data/local.eyaml b/monitornetops-sto1-prod-1.sunet.se/overlay/etc/hiera/data/local.eyaml new file mode 100644 index 0000000..ff097c8 --- /dev/null +++ b/monitornetops-sto1-prod-1.sunet.se/overlay/etc/hiera/data/local.eyaml @@ -0,0 +1,2 @@ +--- +influx_password: ENC[PKCS7,MIIDBgYJKoZIhvcNAQcDoIIC9zCCAvMCAQAxggKOMIICigIBADByMFoxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxKzApBgNVBAMMIm1vbml0b3JuZXRvcHMtc3RvMS1wcm9kLTEuc3VuZXQuc2UCFA4W7XeLtMYRVaoYd2BkEoOfmm/vMA0GCSqGSIb3DQEBAQUABIICAAi7Tj4W5h9+wZQJlzuxNryeZAyzCo0NiTw0jnsqjKPIRdqClFnuuP12zEhgC2Cqn3AQFV9caQLRTubhlVxCOEXveL7/HUKy+Ba2GJXVSGdDQffDex6f6TiCcToNfzNCqlYCYNH4Mt2DrKT+kZLqTafyWvBCzH4oJl+4oTFF/SKcb2uoxf6fa7GlBA8/02zorbuCw5tcvIFCUSTSrAyahoPF3LkJazv8/YuHkWoYOme6q0FjkO44tb20lFCpqsYBFsAM+/UIi0njJa82YqB1tUhY4mKC8sFn7q9NQW+EEgQJhcAW8iBxsQ8/b+qlK+NMGcg9SPwYmCKZ4lnirWISC33pBvGuyJEWb8hiNVHuGWcdmW3v+AOhBIwTbtOuSXU/1wBlQlgLe+0x5qHlSiJDhifVwUWoONgWToI673yIZ82oey3XOHnUPpHUiOPqTZ1xhRfK37nXwxfSo0Q3DfJIqCtedaP87XJbRXZ+tYqvXk8HRKTZ8Ro14muEY+5LZfw143VZyqCsuoEz0v0JjOxvt79ie0oEeGo3a4z6lrIpBrSc8XpzSEb97id1PlsP/0236WIEYiemU3Qm3ViIbEoktLX5YtdP0qCf52bIHjOYkIqaU+Geff5CNcqWE0SbIWAwWH6/efc1VT4hU1xrSlulb1M7GlLDNNtGWT7ovhRhR1utMFwGCSqGSIb3DQEHATAdBglghkgBZQMEASoEEJz3G7QK8XN79OFsyIoiLfOAMJfWSALrqrz5H+IRCslGgMb49pXvrIaE4zgdP7UQS+ZIpjx7JnPOTEPEaCV0TVjLZA==] From 5cd7e9b2f1b60958d90a9b2da05a99c88c09a920 Mon Sep 17 00:00:00 2001 From: Patrik Holmqvist Date: Tue, 15 Oct 2024 15:58:40 +0200 Subject: [PATCH 09/10] Try adding nagioscfg puppet module --- global/overlay/etc/puppet/setup_cosmos_modules | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/global/overlay/etc/puppet/setup_cosmos_modules b/global/overlay/etc/puppet/setup_cosmos_modules index f5113a7..2f6d6a8 100755 --- a/global/overlay/etc/puppet/setup_cosmos_modules +++ b/global/overlay/etc/puppet/setup_cosmos_modules @@ -98,6 +98,11 @@ def main(): modulesfile_tmp: str = modulesfile + ".tmp" modules: dict = { + "nagioscfg": { + "repo": "https://github.com/SUNET/puppet-nagioscfg.git", + "upgrade": "yes", + "tag": "sunet-2*", + }, "sunet": { "repo": "https://github.com/SUNET/puppet-sunet.git", "upgrade": "yes", From 6aecaa80fc2b41e77609a7eed2c3ce5d1b950e6e Mon Sep 17 00:00:00 2001 From: Patrik Holmqvist Date: Wed, 16 Oct 2024 09:17:35 +0200 Subject: [PATCH 10/10] Try feature branch for nagioscfg --- global/overlay/etc/puppet/setup_cosmos_modules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/global/overlay/etc/puppet/setup_cosmos_modules b/global/overlay/etc/puppet/setup_cosmos_modules index 2f6d6a8..183997b 100755 --- a/global/overlay/etc/puppet/setup_cosmos_modules +++ b/global/overlay/etc/puppet/setup_cosmos_modules @@ -101,7 +101,7 @@ def main(): "nagioscfg": { "repo": "https://github.com/SUNET/puppet-nagioscfg.git", "upgrade": "yes", - "tag": "sunet-2*", + "tag": "pahol-puppet8-compatibility-2024*", }, "sunet": { "repo": "https://github.com/SUNET/puppet-sunet.git",