- Sep 14, 2015
-
-
Adam Lewenberg authored
-
Adam Lewenberg authored
Add two new parameters. The first is to add a line to the krb5.conf file indicating that we prefer TCP. The other is a parameter stating which kerberos environment we want: prod, test, or uat.
-
- Sep 12, 2015
-
-
Adam Lewenberg authored
-
Adam Lewenberg authored
-
- Aug 19, 2015
-
-
Adam Lewenberg authored
-
- Aug 18, 2015
-
-
Karl Kornel authored
If the system's primary IP address is in one of the two well-known Livermore netblocks, then automatically set the Livermore-based Kerberos server as the primary KDC. base::kerberos::dr is now deprecated.
-
Karl Kornel authored
We know the three large IP address blocks that exist in Livermore, and we now have an ip_in_cidr() function, so we are using that to tell if a system is in Livermore. This code will need updating only if the large network blocks in Livermore are changed.
-
- Jul 27, 2015
-
-
Adam Lewenberg authored
-
- Jul 25, 2015
-
-
Jonathan Lent authored
-
- Jul 24, 2015
-
-
- Jul 23, 2015
-
-
Jonathan Lent authored
-
- Jul 22, 2015
-
-
Adam Lewenberg authored
-
- Jun 23, 2015
-
-
Jonathan Lent authored
-
- Jun 22, 2015
-
-
Karl Kornel authored
-
Karl Kornel authored
We don't have anycast DNS in Livermore, so this adds a parameter to base::dns, a parameter that can be set via Hiera, to put Livermore's DNS server at (or near) the top of the list.
-
Karl Kornel authored
This is important for systems using Puppet and DHCP, because DHCP renewals rewrite resolv.conf, which then gets re-re-written by Puppet.
-
Karl Kornel authored
-
- Jun 16, 2015
-
-
Jonathan Lent authored
-
- Jun 15, 2015
-
-
- Jun 12, 2015
-
-
Jonathan Lent authored
-
- Jun 04, 2015
-
-
Adam Lewenberg authored
-
- Jun 02, 2015
-
-
Jonathan Lent authored
-
- May 15, 2015
-
-
Adam Lewenberg authored
-
- May 04, 2015
-
-
Bill MacAllister authored
The ntp iptables rules date from the days when Unix Systems actually ran ntp servers on Linux hosts. Since the ntp service is now provided by hardware appliances there is no need to allow inbound ntp connections. Remove the iptables rules allow inbound ntp connections at Rob Riepel's suggestion. Similarly remove restrict entries from ntp.conf that point at hosts that are no longer ntp servers. Be a bit more conservative and leave the restrict to the current ntp servers. Remove some iptables fragments that are no longer used to reduce confusion.
-
- Apr 24, 2015
-
-
Jonathan Lent authored
-
Jonathan Lent authored
VMWare does not package vmware-tools-esx-nox for EL7. They instead recommend the use of open-vm-tools. Added a condition and refactored the manifest appropriately.
-
- Apr 21, 2015
-
-
-
Bill MacAllister authored
-
- Apr 20, 2015
-
-
Bill MacAllister authored
wheezy systems.
-
Bill MacAllister authored
-
Bill MacAllister authored
-
Bill MacAllister authored
It turns out the the only special case in the pam configuration was for etch. The files suffixed with .lenny actually was the default configuration and not lenny specific.
-
- Apr 15, 2015
-
-
- Apr 14, 2015
-
-
Jonathan Lent authored
[os][rpm] Support CentOS via its own class, stub an OEL class, small fixes to redhat.pp to be generic enough for use by these RHEL-ish operating systems, edits to allow EL7- specific repository inclusions {and exclusions} (jlent)
-
- Apr 12, 2015
-
-
Bill MacAllister authored
-
Bill MacAllister authored
-
- Apr 08, 2015
-
-
- Mar 31, 2015
-
-
Jonathan Lent authored
-
- Mar 13, 2015
-
-
Adam Lewenberg authored
-
- Mar 12, 2015
-
-
Bill MacAllister authored
It was possible to override the sshd_config file only with a complete file. This change allows the sshd_config file to be specified as a template.
-
