release/002.001 (2013-08-08)
Add additional ignore patterns for failed ssh logins from IT Services
staff, and ignore new ssh failure patterns seen in Debian wheezy.
Use Openafs 1.6.5 in RHEL5 and RHEL6 yum repository configuration
release/002.000 (2013-07-15)
The deprecated classes base::newsyslog::messages::sa and
base::newsyslog::messages::sa::override have been deleted. Global
overrides for the default base::newsyslog behavior should be put into
the local defaults module instead.
base::cron::filter-user-noise has been deleted. This was specific to
Research Computing systems and should be handled in that local
repository.
base::ssh::rc has been deleted. This isn't part of any base::ssh
inheritance tree and can live only in the Research Computing Puppet
Git repository.
The acceptable runtime for tmpreaper (used by base::tmpclean on Debian
and Ubuntu) has been extended to 20 minutes globally, and the
base::tmpclean::longer class, which existed only to do that, has been
removed as unnecessary. The longer runtime limit should not pose a
problem on any system.
The static crontab files installed by base::cron have been replaced
with a template to handle differences between Red Hat and Debian. The
periodic cron jobs no longer even attempt to use anacron, avoiding any
problems with unpredictable cron run times if anacron is installed on
the system.
Move campus anycast DNS servers to the bottom of the DNS server list
for now. These are not yet considered production DNS servers.
Remove Kerberos filter-syslog rules for eklogind and kshd.
base::daemontools::supervise now uses current coding standards and no
longer special-cases various default options to some of its
parameters.
base::remctl no longer installs remctl-client. This is going to be
handled by the stanford-server-packages metapackage, and is
independent of what's set up by this module.
release/001.002 (2013-07-10)
newsyslog::config now supports a new analyze_logs parameter, which
specifies the list of logs to run through the analyze action (when
different than the list in logs). analyze_logs defaults to logs if
not given.
Restructure the newsyslog::config template so that both the template
and its output is somewhat more readable.
newsyslog no longer sets up a weekly command to tar up
/root/.history-save and removes /etc/newsyslog.weekly/audit if it
exists. We're no longer using per-user history files and we're
letting bash handle managing the length of the history file.
newsyslog now creates btmp and wtmp writable by group utmp, matching
the operating system defaults.
newsyslog no longer attempts to clean up sysklogd cron jobs or remove
the old /etc/newsyslog.daily/syslog file installed by ancient versions
of stanford-server.
Append to the temporary file used for Dell warranty facts instead of
deleting it and recreating it (which defeats some of the point of
using mktemp).
The default out-of-date cron job always uses the host/* principal of
the local host for authentication instead of the first principal in
/etc/krb5.keytab, which may be for some other principal or a host/*
principal for an old hostname.
Remove out-of-date::server. This is only used on a single host, so
all of the files and Puppet manifest have been moved to the Puppet
model for that server.
Change Puppet master server for frankoz servers to jimhenson1 since
jimhenson4 is down with hardware trouble.
Change the base::dns* classes to use a template to generate the
resolv.conf file for a system and add the DNS anycast servers into
the configuration.
release/001.001 (2013-06-25)
Drop installation of stanford-klogin from base::os::debian. We've
switched completely to Kerberized ssh and no longer install Kerberos
rlogin or rsh, so no need for the clients.
release/001.000 (2013-06-22)
Enable the security and updates repositories for wheezy now that
wheezy has been released.
For Red Hat systems, switch to using the VMware tools packages and
install the necessary yum configuration.
Add filter-syslog rules for new remctl error messages and another sshd
error message from terminated network connections.
Add base::portmap.