5b2bef346d
Testing how to get facts.
2024-10-30 13:52:27 +01:00
7171dd5a8a
Testing how to get facts.
2024-10-30 13:46:11 +01:00
035581e5b7
more fixes.
2024-10-30 13:41:25 +01:00
806735fefa
Fixing with satosa.
2024-10-30 13:39:04 +01:00
01880222a4
commit commit.
2024-10-30 13:25:26 +01:00
b3ed66c5f6
Setup acme-d.
2024-10-30 13:22:22 +01:00
6cb41f4c3f
Switch to Deb12 ..
2024-10-30 13:12:03 +01:00
1ef208a0a5
Nope, stdlib on 24.04 no good.
2024-10-30 12:34:17 +01:00
e48bff537a
Seems like stdlib is required.
2024-10-30 10:50:59 +01:00
b233cbd6a7
Fix ssh key.
2024-10-29 14:55:30 +01:00
8d2e570477
Added ssh key.
2024-10-29 14:51:27 +01:00
e619ba1683
Set up TLS certificate, fixes.
2024-10-29 14:14:48 +01:00
69d3be88fb
Set up TLS certificate
2024-10-29 14:12:41 +01:00
9ae2fb898e
Testar lite med metadata.
2024-10-29 13:43:43 +01:00
6f7d3600ee
Lite satosa-conf.
2024-10-29 13:00:32 +01:00
678e0b4063
test-sso-proxy1.cert.sunet.se added
2024-10-29 11:08:00 +01:00
4b11e53200
Added a lot of SSO stuff and base for SSO proxy.
2024-10-29 10:59:13 +01:00
0af1dbe562
Fixes for certbot, no certbot script just yet.
2024-10-28 15:55:35 +01:00
1dc0a879db
I love YAML. Fix syntax.
2024-10-28 15:39:53 +01:00
03694c1384
fixing with modules
2024-10-28 15:35:05 +01:00
25bb16852c
Spellcheck class ...
2024-10-28 15:23:49 +01:00
c2df36a32e
Fix path ..
2024-10-28 15:21:56 +01:00
1a62e46d64
Let's see if anything works ... or just bombs
2024-10-28 15:19:24 +01:00
3e383c6d68
Created stub for sso groups
2024-10-28 14:00:55 +01:00
493cb1c1bd
Removed .empty file
2024-10-28 13:36:25 +01:00
f24f201d46
First sekelton for shib-proxy.
2024-10-28 13:32:11 +01:00
f4d620ba4d
Added Valerio's ssh key.
2024-10-28 11:00:11 +01:00
72488b8586
Add soc class, will it work?
2024-10-28 10:34:42 +01:00
69e4bf28cc
Disable fail2ban.
2024-10-25 16:04:10 +02:00
2d6151ced5
Test if I must trust jocar ...
2024-10-25 16:02:19 +02:00
417e257ac8
Fix fix.
2024-10-25 15:06:58 +02:00
4e072df30f
Fixing with modules.
2024-10-25 15:04:04 +02:00
b977058867
Add SUNET pupet modules.
2024-10-25 14:41:54 +02:00
972b577e52
Don't write git repo URL manually, paste it from platform webgui ...
2024-10-25 14:33:22 +02:00
5d903e4d1a
Fixed, for real, git url.
2024-10-25 13:53:55 +02:00
57f2592b03
Fixed repo url
2024-10-25 13:51:36 +02:00
1b2f7f5353
internal-sto1-dev-vulndash-1.cert.sunet.se added
2024-10-25 13:11:19 +02:00
46d8160c07
First try just to deloy ssh keys.
2024-10-25 13:03:34 +02:00
2f82fc55e6
Add repo url to cosmos.conf
2024-10-21 16:01:03 +02:00
adb77b7f94
test
2024-10-21 14:54:58 +02:00
c2d60bd424
initial trust
2024-10-21 14:49:48 +02:00
57dcae2cdf
Merge pull request #57 from SUNET/patlu-no-ntp
...
Do not install ntp with cosmos script
2024-10-21 08:23:46 +02:00
f537508bee
Do not install ntp with cosmos script
...
This is handled with sunet::server
2024-10-17 16:36:45 +02:00
Patrik Holmqvist
028ba3d608
Merge pull request #56 from SUNET/pahol-fix-noble-eyaml
...
patch for broken eyaml in ubuntu24.04.
2024-09-10 13:16:19 +02:00
7941e3f970
Merge the 2 patch functions to 1.
2024-09-09 17:29:31 +02:00
fac9a556ba
Patch for broken eyaml in ubuntu24.04.
2024-09-09 16:52:38 +02:00
770a5ca3cc
Merge pull request #55 from SUNET/patlu-fleetlock-lock-timeouts
...
fleetlock: configurable lock/unlock timeout
2024-07-04 13:07:34 +02:00
aa88795ee0
sunet-fleetlock: also handle ReadTimeout
...
Turns out this was not caught by ConnectionError.
2024-07-03 14:13:22 +02:00
01768129f0
fleetlock: configurable lock/unlock timeout
...
While we already support setting a healthcheck timeout it probably
makes sense to be able to control how long we wait for a
fleetlock_lock() or fleetlock_unlock() call. This becomes important if
only running cosmos once a night or something like that. In that case we
you probably want to give a physical machine more than than 1 minute to
complete a reboot etc.
This can now be controlled by setting fleetlock_lock_timeout and
fleetlock_unlock_timeout in /etc/run-cosmos-fleetlock-conf. Keep in mind
that while it can make sense to increase the time for taking a lock,
releasing a lock should always be fast (either you have it and release
it, or you dont have it and it is a no-op) so setting a long unlock
timeout should probably never be done.
Since we also potentially wait the unlock timeout at boot (if the
fleetlock server is broken etc) that is another reason to keep it
short. The default 1m is probably OK for most uses.
2024-07-03 13:27:52 +02:00
443611dd3f
Merge pull request #49 from SUNET/john-permissions-fix
...
Enforce more strict permissions for files in Cosmos
2024-07-03 11:36:21 +02:00
