sunet-cdn/cdn-ops
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
393 commits 1 branch 203 tags 1.4 MiB
Commit graph

20 commits

Author SHA1 Message Date
Patrik Lundin
443611dd3f
Merge pull request #49 from SUNET/john-permissions-fix 
Enforce more strict permissions for files in Cosmos
 2024-07-03 11:36:21 +02:00
Patrik Holmqvist
bc9d1dc960
Use upstream puppet modules for ubuntu24+. 
This is how we do it in modern debian so it
makes sense to do it on modern ubuntu as well.
 2024-06-19 14:02:24 +02:00
John Van de Meulebrouck Brendgard
8d4ce2d1b7
Make sure that COSMOS_BASE is only readable 
by root since it's possible that the directory
can contain files that after applying the
overlay to / only should be read or writable
by root.
 2023-11-17 15:03:47 +01:00
John Van de Meulebrouck Brendgard
75e566ab61
Make sure that /root in overlay is owned by root 
as well as that /root/.ssh and its content is
only owned and readable by root. This is redundant
if the previous permissions were properly applied
and no other changes have been made by the user
or something else, but is added for good measure
as a layered defense.
 2023-11-17 14:58:51 +01:00
Johan Wassberg
a6a67d355f
Diffable 2023-11-14 15:28:46 +01:00
Johan Wassberg
120c4a5a93
A few more depends for Bookworm 2023-11-14 15:27:45 +01:00
Johan Wassberg
58a9ca7aa9
No need of x11 on our servers 2023-10-02 12:39:44 +02:00
Micke Nordin
3aac1f97d8
Add additional packages for use with debian 12 
This patch will install three packages that is needed for normal operations of puppet using puppet-sunet with multiverse on Debian 12:

cron puppet-module-puppetlabs-cron-core puppet-module-camptocamp-augeas
 2023-07-10 16:32:20 +02:00
Patrik Lundin
906edf3caf
Merge pull request #32 from SUNET/feature-ft-install_eyaml 
Install eyaml on newer hosts
 2023-02-06 12:31:31 +01:00
Fredrik Thulin
25463e6013
respect COSMOS_VERBOSE 2023-02-03 16:04:51 +01:00
Fredrik Thulin
f9a286fc05
install eyaml on Ubuntu from 18.04 and Debian from version 10 2023-02-03 15:40:15 +01:00
Fredrik Thulin
e08346aa30
cleanup, use stamp-file, only run on old OS versions 2023-02-03 15:39:49 +01:00
Leif Johansson
d604d2fab5
set no-protection on the private key 2023-01-30 12:07:33 +01:00
Johan Wassberg
fb4849a0df
Use puppet that comes with OS 
nunoc-ops does like this since 2018 so I think it will fly.

Also the package `puppet` seems to been around since at-least Ubuntu 14.04.
 2023-01-17 13:53:13 +01:00
Patrik Lundin
68d0083557
Make overlay permission script global 
This will make sure /root has proper permissions on our machines.
 2022-12-05 15:02:37 +01:00
Fredrik Thulin
b5d538ece1
init, from eduid-ops 2019-04-04 14:59:36 +02:00
John Van de Meulebrouck Brendgard
2e2cc75029
Do not fetch puppet deb over http, instead do as seen in eduID 2016-08-27 23:51:58 +02:00
Fredrik Thulin
389c04019b Add hiera-gpg for storing secrets used in templates. 2013-12-19 15:11:19 +01:00
Leif Johansson
b71aac9793 move package install to post-tasks before puppet 2013-09-03 11:31:05 +02:00
Leif Johansson
7515782eb5 import 2013-09-02 16:01:50 +02:00