Commit graph

137 commits

Author SHA1 Message Date
Fredrik Thulin c400bba97d
remove 'make db'
The db-file, essentially providing reverse lookup of classes to host
names, is only used by some Nagios configuration instances and causes
continuing operational headaches in those ops-repos.

It should be kept/refactored to only apply to the monitoring hosts in
the cases where it is used, but we don't want any new ops-repos to use
it hence it should be removed from upstream multiverse.
2023-02-07 14:21:29 +01:00
Fredrik Thulin 12b2412ea7
run cron at boot too, to e.g. get new firewall rules installed 2023-02-06 17:12:01 +01:00
Fredrik Thulin 79606f2a6d
check for /etc/no-automatic-cosmos in the wrapper, and allow arguments to be passed 2023-02-06 16:47:41 +01:00
Fredrik Thulin 3988f5beb0
shellcheck fixes 2023-02-06 16:47:30 +01:00
Patrik Lundin 906edf3caf
Merge pull request #32 from SUNET/feature-ft-install_eyaml
Install eyaml on newer hosts
2023-02-06 12:31:31 +01:00
Fredrik Thulin 708c6c1b64
add set -e, and do some shellcheck cleanup 2023-02-03 16:05:09 +01:00
Fredrik Thulin 25463e6013
respect COSMOS_VERBOSE 2023-02-03 16:04:51 +01:00
Fredrik Thulin f9a286fc05
install eyaml on Ubuntu from 18.04 and Debian from version 10 2023-02-03 15:40:15 +01:00
Fredrik Thulin e08346aa30
cleanup, use stamp-file, only run on old OS versions 2023-02-03 15:39:49 +01:00
Micke Nordin ba1e40ffd3
Merge pull request #31 from theseal/wrap-cosmos
Wrap cosmos
2023-02-02 13:01:02 +01:00
Johan Wassberg 84b29e4eaa
Executable 2023-02-02 11:49:10 +01:00
Johan Wassberg 49ba964897
Wrap cosmos in scriptherder if available
nunoc-ops and others has been doing this for ages by just modifing the cron
file.
2023-02-02 11:45:54 +01:00
Patrik Lundin e212b6f56f
Support master branch being renamed to main
Fixes:
```
70run-post-tasks: invoking /var/cache/cosmos/model/post-tasks.d/018packages
Your configuration specifies to merge with the ref 'refs/heads/master'
from the remote, but no such ref was fetched.
```
2023-01-31 08:52:28 +01:00
Fredrik Thulin 4601e0bf08
make sure we get clean checkouts 2023-01-30 14:56:15 +01:00
Leif Johansson d604d2fab5
set no-protection on the private key 2023-01-30 12:07:33 +01:00
Johan Wassberg bc17ee1354
Don't confuse containers to connect to them self
When the hostname pointed to loopback the containers tried to connect to them
self instead of the host.
2023-01-24 10:01:59 +01:00
Fredrik Thulin 715105aadb
add documentation for dynamically generated cosmos-modules.conf 2023-01-19 17:56:51 +01:00
Fredrik Thulin c3c6171f96
modules, not models 2023-01-19 17:30:18 +01:00
Fredrik Thulin e2e394a9af
generate /etc/puppet/cosmos-modules.conf dynamically 2023-01-19 17:19:42 +01:00
Johan Wassberg fb4849a0df
Use puppet that comes with OS
nunoc-ops does like this since 2018 so I think it will fly.

Also the package `puppet` seems to been around since at-least Ubuntu 14.04.
2023-01-17 13:53:13 +01:00
Patrik Lundin 68d0083557
Make overlay permission script global
This will make sure /root has proper permissions on our machines.
2022-12-05 15:02:37 +01:00
Patrik Lundin 3ef4e47ff6
Handle multiple versions of cosmos .deb
Before this change there was a need to keep addhost and
bootstrap-cosmos.sh in sync regarding what version of the cosmos deb to
scp over and later run.

Now we find the latest version as decided by `sort -V` in both addhost
and bootstrap-cosmos.sh.

Solution discussed with @fredrikt.
2022-11-15 18:26:36 +01:00
Patrik Lundin 020b8fe34c
Enable "set -e" again
Good idea to fail when unexpected things go wrong. Additional fixes
added to the script to not stop where we can expect a non-zero return
code.

Requested by @fredrikt who also reviewed the patch before going in,
thanks!
2022-10-12 16:47:20 +02:00
Patrik Lundin c55e5535a2
Add gpg to cosmos bootstrap script
Without this Debian 11 fails to bootstrap:
```
/etc/cosmos/gpg.d/50gpg: 36: gpg: not found
```
2022-10-10 17:27:15 +02:00
Linus Nordberg 0692cabba3
Remove that '.novalocal' line in /etc/hosts, added by cloud-init
It messes up `hostname -f` on Debian, even if there's a correct line
further down in /etc/hosts.
2022-10-10 17:26:56 +02:00
John Van de Meulebrouck Brendgard 3b80ba32c7
Set manage_etc_hosts to false for cloudimage based hosts
this is needed so that our changes in /etc/hosts
are not overwritten.
2022-10-10 17:26:45 +02:00
Fredrik Thulin b2272d409f
free-hand updates from eduid-ops 2022-10-10 17:26:18 +02:00
Leif Johansson 19304f2d79
short hostname i /etc/hosts 2022-10-10 17:23:39 +02:00
Leif Johansson 378dfe04fa
try very hard to find git 2022-10-10 17:23:23 +02:00
Leif Johansson 7f0c457a33
try very hard to find git 2022-10-10 17:22:56 +02:00
Leif Johansson 87e49a541f
safe update & upgrade 2022-10-10 17:19:34 +02:00
Fredrik Thulin d033b58909
init, new version with better git update and signature validation 2022-04-14 12:22:44 +02:00
Fredrik Thulin b5d538ece1
init, from eduid-ops 2019-04-04 14:59:36 +02:00
Fredrik Thulin 7c5a063045
gpg import with --no-tty
With recent GPG versions, a TTY seems to be required to import keys.

Since importing of keys need to work when running from cron, we
pass --no-tty to those commands. This should mean that -t doesn't
have to be passed to SSH on bootstrapping for new Debian hosts
(tested on Raspbian).
2019-03-17 13:26:54 +01:00
Leif Johansson d8cc0aa331
Merge pull request #5 from pettai/more-puppet-debs
Add more puppet debs
2019-02-18 16:55:21 +01:00
John Van de Meulebrouck Brendgard fba9ddb8f7
Changed example regex
to make it a bit more apparent that the regex is
to be used with re.match and not re.search
2019-02-12 16:21:24 +01:00
Fredrik Thulin f25a6af712
use python3 2019-01-15 13:18:22 +01:00
Fredrik Thulin fc3d3294ed
stage reboots across sites 2019-01-15 13:12:41 +01:00
Fredrik Thulin 5eeaa2e3ff
noninteractive to not block when removing packages 2019-01-15 13:12:07 +01:00
Fredrik Thulin bc027359d1
show which manifest is applied to lessen confusion 2019-01-15 13:11:15 +01:00
Fredrik Thulin e069bd4f06
remove unused reports that take about 2s per run to create 2019-01-15 13:10:46 +01:00
Fredrik Thulin 08979437b5
add support for file:// urls 2019-01-15 13:09:24 +01:00
Fredrik Thulin bf1b476d9a
colors 2019-01-15 13:08:39 +01:00
Fredrik Thulin a2e4c5372f
add support for a second, local puppet module config file 2019-01-15 13:07:47 +01:00
Fredrik Thulin 761963ba2f
add colors, sanity checking and support for Ubuntu 18.04 2019-01-15 13:06:48 +01:00
Fredrik Pettai f096b2274d Add more puppet debs
Add (puppet)support for more deb-based releases.
Add sha1sum + realname for all debs downloaded from apt.puppet.com
2018-02-15 23:48:16 +01:00
Linus Nordberg 56f7f529d9 Merge pull request #4 from Gijutsu/master
Verified puppetlabs-release-xenial.deb for Ubuntu 16.04
2017-07-26 14:49:02 +00:00
John Van de Meulebrouck Brendgard e0505b4100
Uppdated puppetlabs-release-xenial.deb
to version 1.1.0-4 called puppetlabs-release-pc1_1.1.0-4xenial_all.deb
at https://apt.puppetlabs.com.
2017-04-26 16:03:02 +02:00
Leif Johansson 4972eefdcc ny run-cosmos 2017-02-02 15:37:32 +01:00
John Van de Meulebrouck Brendgard 5cd4e5b0cf
Verified puppetlabs-release-xenial.deb for Ubuntu 16.04 2016-09-30 17:58:56 +02:00
Fredrik Thulin 5294261f2c Merge pull request #2 from Gijutsu/pre_and_post-tasks
Updated pre and post tasks
2016-09-01 14:17:23 +02:00
Fredrik Thulin 1f8733559b Merge pull request #1 from Gijutsu/master
Updated documentation and conf ...
2016-09-01 14:16:19 +02:00
John Van de Meulebrouck Brendgard f6fe928590
new upstream release of cosmos that includes ln5 fixes for https remotes
along with a verified version of puppetlabs-release-trusty.deb
2016-08-28 21:22:48 +02:00
John Van de Meulebrouck Brendgard 5fbd6f5b94
Do not run update and autoremove on all machines at the same time as seen in eduID 2016-08-28 00:13:10 +02:00
John Van de Meulebrouck Brendgard b81de45e77
Show diff of puppet changes as seen in eduID 2016-08-28 00:11:33 +02:00
John Van de Meulebrouck Brendgard a94f87c41c
Support fetching of git over https:// as seen in eduID 2016-08-28 00:08:37 +02:00
John Van de Meulebrouck Brendgard b56799bcc6
Added automatic re-import of expired keys as in eduID 2016-08-27 23:52:14 +02:00
John Van de Meulebrouck Brendgard 2e2cc75029
Do not fetch puppet deb over http, instead do as seen in eduID 2016-08-27 23:51:58 +02:00
John Van de Meulebrouck Brendgard b2afd3482e
Changed cosmos-modules.conf to reflect the changes in doc 2016-08-27 17:05:55 +02:00
John Van de Meulebrouck Brendgard f939c526e6
Changed tag from eduid-cosmos to the more generic cosmos-ops 2016-08-27 17:05:11 +02:00
Leif Johansson bc70832f4c logrotate for docker containers 2015-02-24 11:12:06 +01:00
Fredrik Thulin cd2b67ff5a use run-cosmos, for serialization 2015-02-23 16:03:55 +01:00
Fredrik Thulin e69b0f84f8 init 2015-02-23 16:02:43 +01:00
Fredrik Thulin d164fde704 add 'local' source 2015-02-23 16:01:40 +01:00
Fredrik Thulin 3d51588fcf update yaml syntax to work on Ubuntu 14.04 2015-02-23 16:01:24 +01:00
Fredrik Thulin e6e25edc7e Safer default repos, and show tag-name. 2015-02-23 15:58:29 +01:00
Leif Johansson 4f300ca632 simple kvm builder using cloud images 2014-10-22 14:28:05 +02:00
Leif Johansson e8068c2757 another deprecation 2014-09-29 15:13:02 +02:00
Leif Johansson 97f7390eac newer puppet seems to want this 2014-09-29 15:06:28 +02:00
Stefan Wold eda9bcdd45 Update git origin url if changed in cosmos-modules.conf 2014-03-03 18:00:11 +01:00
Leif Johansson 2369e391d7 nag a bit 2014-02-26 00:17:40 +01:00
Leif Johansson 50b037d19f Merge pull request #4 from Ratler/allow-puppet-install
Allow installing puppet modules using the standard method
2014-02-26 00:07:28 +01:00
Stefan Wold 0f44e1679c Opt-in for automatic reboot
Use of && is bad in this context since it will return 1 causing
cosmos to exit with status 1 if a reboot is not required.
2014-02-24 09:55:34 +01:00
Stefan Wold 5c171118c1 Allow installing puppet modules using the standard method 2014-02-24 08:13:53 +01:00
Leif Johansson 31772848b3 merged pull-request 2014-02-22 21:43:18 +01:00
Stefan Wold 9b801d3be8 git tag gpg signature validation of puppet modules
Before staging a puppet module for install the latest git tag is
verified using the available gpg key identities. The git tag pattern
can be overriden using a fourth argument in cosmos-modules.conf.
2014-02-22 18:29:41 +01:00
Stefan Wold aaac847d84 Include the new cosmos-modules dir in module path 2013-12-20 13:10:27 +01:00
Stefan Wold ccacc042e4 Verify git signatures for puppet modules 2013-12-20 13:01:36 +01:00
Fredrik Thulin 389c04019b Add hiera-gpg for storing secrets used in templates. 2013-12-19 15:11:19 +01:00
Leif Johansson 54000987a0 new addhost 2013-10-31 23:26:16 +01:00
Leif Johansson db83b79024 boostrap keys dir 2013-10-31 22:20:33 +01:00
Leif Johansson db0d42a628 boostrap keys dir 2013-10-31 22:04:54 +01:00
Leif Johansson 4937c649d6 always apply 2013-10-15 13:59:14 +02:00
Leif Johansson 3d1b26e762 make exec 2013-09-03 11:34:55 +02:00
Leif Johansson b71aac9793 move package install to post-tasks before puppet 2013-09-03 11:31:05 +02:00
Leif Johansson a50d80367b add cosmos module to puppet install list 2013-09-02 16:04:35 +02:00
Leif Johansson 7515782eb5 import 2013-09-02 16:01:50 +02:00