663bed9df6
Add roles for eumdsigner-test-sto3-1, SC-2522
2025-01-15 09:41:15 +01:00
e5861ca24d
Expired keys
2025-01-15 09:22:42 +01:00
0cf532c98c
upgraded natmd-1.komreg.net
...
ref: SC-2613
2025-01-14 16:03:36 +01:00
42a3c4cf8b
upgrade pyff in natmd-2.komreg.net
2025-01-13 18:35:51 +01:00
c1d73f107d
No need for entropy on modern kernels, SC-2522
2024-12-19 15:57:57 +01:00
ecbeee89a3
Add missing '}'
2024-12-19 15:46:16 +01:00
73e5eb3486
Do not run bastion for now on ubuntu24, SC-2522
2024-12-19 15:40:27 +01:00
b94a601b37
Update legacy facts syntax.
2024-12-19 10:59:00 +01:00
37fcac0ba8
Apparmor is included by default in ubuntu24.
2024-12-19 10:56:15 +01:00
b0cc5aa807
Remove more modules for ubuntu24
2024-12-19 10:32:47 +01:00
ed964d3554
Remove legacy config and update syntax for puppet8
2024-12-19 10:30:11 +01:00
e3b3192506
Remove modules not needed in ubuntu24
2024-12-19 10:25:03 +01:00
6dc59a2b19
Fix deprecated syntax for regex
2024-12-19 10:14:48 +01:00
f88bbec6da
upgraded pyff in QA swedish md signer
2024-12-10 10:26:20 +01:00
29a1671163
downgraded pyff in eumd-test-* servers
2024-12-05 18:51:12 +01:00
d5f91f9b1e
pyff upgrade in the rest of test servers
...
ref: SC-2613
2024-12-05 18:37:36 +01:00
d4b24c5c2d
upgraded pyff in natmd-tes-1.komreg.net
...
ref: SC-2613
2024-12-05 18:23:25 +01:00
a5412189d9
added FR in metadata check
2024-12-02 20:42:00 +01:00
c6446202d2
To old puppet sunet
2024-11-25 11:00:11 +01:00
ae472fda10
Try out compose instead
2024-11-25 10:55:55 +01:00
e4ddcec5f2
as.pub nolonger exist
2024-11-22 09:58:45 +01:00
c735a30f82
Remove trailing whitespace
2024-11-21 16:39:52 +01:00
c019dbeef4
Prepare 030puppet for ubuntu-24, SC-2522
2024-11-21 15:01:42 +01:00
7b4de81cbd
Remove some trailing whitespace
2024-11-21 14:33:28 +01:00
04b282c20f
Extend pahol GPG key date
2024-11-05 17:05:03 +01:00
f537508bee
Do not install ntp with cosmos script
...
This is handled with sunet::server
2024-10-17 16:36:45 +02:00
bae489a528
Add new countries for metadata checking
2024-10-11 15:43:52 +02:00
0ba5675049
Test went fine
2024-10-11 08:00:18 +02:00
d1a072aea7
Test new code
2024-10-11 07:49:17 +02:00
8957839798
updated Johan W's key
2024-09-30 19:02:49 +02:00
7a899efb59
allowing new SUNET LB servers in IDM app servers
...
Move backend registration to new SUNET LB servers
ref: SC-2460
2024-09-11 11:13:40 +02:00
75fcceacf9
removed Fredrik Kjellman's GPG key
2024-09-06 15:40:01 +02:00
39fa13b641
delete kjellman's ssh key and berra's GPG key
2024-09-06 15:16:26 +02:00
8bcdf11ceb
migrated to new LBs
2024-09-04 15:24:38 +02:00
43dc9b2b20
Bump proxy service in prod to 3.0.3
...
Ticket ref: SC-2432
2024-09-03 14:44:26 +02:00
86e1af73fe
setup separate tag for puppet-sunet in QA
2024-09-03 14:19:38 +02:00
468b4cf7f6
removed from the list
2024-08-30 17:01:03 +02:00
8c631bde16
removed berra's gpg key
...
SUNETOPS-1891
2024-08-30 16:51:26 +02:00
634e12142c
removed berra's ssh key
2024-08-30 15:50:42 +02:00
27455f937d
upgraded proxy
...
ref: SC-2432
2024-08-27 15:16:10 +02:00
ca702e71e5
upgraded proxy
...
SC-2432
2024-08-27 15:08:37 +02:00
d36aebfceb
upgrade demw in prod to 3.3.0
...
ref: SC-2296
2024-07-10 10:35:32 +02:00
cfbe5f381b
new directory for hsql db
2024-07-10 10:14:52 +02:00
8817d753a3
upgrade demw application to 3.2.0 in prod
...
ref: SC-2047
2024-07-08 11:06:39 +02:00
f05da52d8a
run eidas-test branch in idm servers in Test
2024-07-05 17:59:21 +02:00
aa88795ee0
sunet-fleetlock: also handle ReadTimeout
...
Turns out this was not caught by ConnectionError.
2024-07-03 14:13:22 +02:00
01768129f0
fleetlock: configurable lock/unlock timeout
...
While we already support setting a healthcheck timeout it probably
makes sense to be able to control how long we wait for a
fleetlock_lock() or fleetlock_unlock() call. This becomes important if
only running cosmos once a night or something like that. In that case we
you probably want to give a physical machine more than than 1 minute to
complete a reboot etc.
This can now be controlled by setting fleetlock_lock_timeout and
fleetlock_unlock_timeout in /etc/run-cosmos-fleetlock-conf. Keep in mind
that while it can make sense to increase the time for taking a lock,
releasing a lock should always be fast (either you have it and release
it, or you dont have it and it is a no-op) so setting a long unlock
timeout should probably never be done.
Since we also potentially wait the unlock timeout at boot (if the
fleetlock server is broken etc) that is another reason to keep it
short. The default 1m is probably OK for most uses.
2024-07-03 13:27:52 +02:00
443611dd3f
Merge pull request #49 from SUNET/john-permissions-fix
...
Enforce more strict permissions for files in Cosmos
2024-07-03 11:36:21 +02:00
52a30ae970
upgrade DEMW application in QA to 3.3.0
...
ref: SC-2296
2024-07-02 16:15:41 +02:00
994262fddc
let demw in test environement run eidas-test branch
2024-07-01 18:32:17 +02:00
