From d6c19813e59fbea04823d6f5b70a8a85b28222cc Mon Sep 17 00:00:00 2001
From: Linus Nordberg <linus@nordberg.se>
Date: Mon, 13 Apr 2015 10:02:40 +0200
Subject: certification request for linus from ca.sunet.se:infra

---
 .../var/lib/ca/infra/requests/client/linus.csr     | 48 +++++++++++-----------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/ca.sunet.se/overlay/var/lib/ca/infra/requests/client/linus.csr b/ca.sunet.se/overlay/var/lib/ca/infra/requests/client/linus.csr
index 20cea93..2aa4af0 100644
--- a/ca.sunet.se/overlay/var/lib/ca/infra/requests/client/linus.csr
+++ b/ca.sunet.se/overlay/var/lib/ca/infra/requests/client/linus.csr
@@ -1,27 +1,27 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIIElTCCAn0CAQAwLTELMAkGA1UEBhMCU0UxDjAMBgNVBAoMBVNVTkVUMQ4wDAYD
-VQQDDAVsaW51czCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAN3txFTu
-xrZQtqDGZRft9HDZoENOdUlFiUmns//dmpwtzKbCiYFz3xHF/xQRpWg4poAR9dG2
-cMiBxkSlKzqo3sGtJO4awjtcEUQZK+eKybdsn9s3jUnRXsUpN+f6l3qElLvVnhNk
-+I4btSVsHdBrmJJNmQ0WxaDaydd3bRcjkVENz47ZLBY+xsg6/19DZaJsLRWPr3jj
-pSoOWGyG8JEM/ymdVhwh+PYD17V6v0h6BhqM9RH7k23PCJglVCAeDG7h33cjZK1k
-WAm0PMBtvbTpXkQU7sQx4DASlEe75wCX6XD5PEz01z1Z+I9eb2mZ/x+ofy9kRl0c
-aWr8oWiBa9fgYfAa3ASz1mzFpzNL3b8CbPfW4pfvwTAorWRAbU4OUoeETj3adgZj
-4glKq4/ce2/wovXae6O6biyMFdFUuaxIlsqxylJB7dQK8vFAdpwSV8LijI3eR0su
-6xYccFvXtp1y/m3wGgcC7OTV70lnCwaHZw5+3kNcQqwBUKrCjamRuR/pDSxlC58w
-+IGt4iE19ZDYHDYvLKDALOQnWTxyEWqz5F/Z6fFgXzuCWBh3YdGqiHPyq/KK0v4K
-k2iou/uFkg4SZn78kn5I+91TUQPB8d2omUXRZ0tuuTWc+6VmK9hnnMhVzYpjyEt+
-dlYF5XO6yuX92Msrjk5NNQ/l6SC/dkCd9kYLAgMBAAGgIzAhBgkqhkiG9w0BCQ4x
-FDASMBAGA1UdEQQJMAeCBWxpbnVzMA0GCSqGSIb3DQEBCwUAA4ICAQBTQYhmjkOa
-94t4I4iqkCxt6trUxc4uEr46VCxAkCp2zIFubCGzwRq6TpDV4UJffNNZeHTZRYJF
-btr6iINuD/+HOQU+hODI3PAKlMLM9rkTWIesVEQ1p1sRFWfsyEuVb28CPFiMQ3hp
-DHcqXk+0ZzMLc/80xmR3ESrU3irQENRpi4xjaETZNrJ3yXQW/IWUC1IfEuotDV3v
-9ZcvawXo2a93tP+3tr+pv0V/LNkm7QjByzVL2glJlf+yPPH6sgWro8eHszNTC1Po
-uo+na2uxzKz0gmPCh4+hfM8beUkcxKdn4LylAJ268NGMsWiugR9/zGAT4y3nXaZm
-dlWjxXbPnzwnperjh9950Bi2Sw2DC6A/2103JFf6umA1wwY/5sf56PMgYFhglX2/
-er0HQTODtWEu2BoV3mVfKPp3ggjx+nhcOa5GbR8H5bGmFqQ+2+LO1FLxJFXUtloz
-h6adzIHCo5/s9Ioi3hyVovpvFsGbvQSNTFH++vsD+SkQezLzqp3BZfCArjFVIofv
-N04KD4Vvi+Udfa9vY7ay8hwOceKtnzxF2/ID5L7mEFZyUHfuGNTZe0vSBDqvoB1K
-qIcWH1KkKlbcmhexJno2iu+QhZ7EIzyBpTkp+LOTjevZAkCOoBERVaRA3vGpHkN8
-mbHbfb+c9ipx/7Ik+mowZSHolo5gqtnlCw==
+VQQDDAVsaW51czCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOCtDgqQ
+tBY7kPNZFrqpCCVkOBFW83qWBZXc9VTH1d5JH5X4zOvR/KG4tvqhWRrfSRo9SIiG
+lHUv66TKfonmFXtvGMr+XwnQPwMuzMy+InBUiIUuVBRSbP0SN0mZCJchFV9ozA49
++ApuvABOlzBsyn5xyziSfKma2Cv4EkkM+ko1oV7W8pxLPRckBmGfnWDUbUWZI7hp
+Nt+E6+AZX3Qy0oaVL5p8Nu2rT1ewuC1NvJv+ENjl4cBPQ6Nsa2HxMBpRRLVuJTON
+KHmIYz4t3v8pOUJolb44Q/5hfQzrssjbi8qQxtDsx+EULO2SHhj3o++b1Gj+kcL5
+XU2TD14Fm6B6tjehLNldpwiJv1ZsTtXSKpD2uHZjG+IChJbIRXSvZ27lX9gsXyhl
+93Lg54u1baCwVYsN3sm3PThSp+iL622DKDIpuVBYa1zCvSPoyIVHQzjR2GyXqS2f
+GHJagImjcQh5BSkPvLdihE2Hd24yEyQnksacpkegHW9HuHXlDL2gzBZNVsRcNwL3
+qi5HyENn5JHaHhuHQQK/SD+obTj3PXHYs3k0k3Z3zxBjkl19USdXc/0gDGqbHVcW
+3xPd6FuQn9hKqByme/zy25aIF4+xTKP4MTCS4SfO3vswHb5TSzYPB9ZTH/PNorm6
+btg3I1wwCKTmCfkt17dPcGPcrsSkyANMX5TLAgMBAAGgIzAhBgkqhkiG9w0BCQ4x
+FDASMBAGA1UdEQQJMAeCBWxpbnVzMA0GCSqGSIb3DQEBCwUAA4ICAQAlZGeJO8dv
+DJQgnLJq6Y4yMSSqZvyQjKPoFLOQQAEr8Mu1KNcpXRNBPsuc7l97wiy8fnz+yssi
++HylmHbWeTyHEP8t7JDwfoUInsPb31uAvLku0A0Ol+Yg70cgQmqwd2hvtcbIAFLX
+0baRSKGlI4uBbIfVGw3Uqxvomqodbmy7YyANc3ZWSfyBUK/x//NX+0c4E0mpiQXK
+z14uUciYCEgnEW4I4goFnYU98Xy2Qn4Dfmd7TNaEDfaPTVjiY+Sl3/JOMaNdgb+q
+PASrY2funGBnivMO74D7yBoNMEnkCkgswwGty9ZgWyUn2OePO+5vj+fQD5c5g9iZ
+KSP8QqtLNSAwke9kaaLxpcflZOGhPl6WTOtWVWO2orHA0G3eW9ikYNGmmWP7HnbU
+DIL6youcWPuSOLiAT+gCpcbh9edOiA/MIrDPVrby7UVqORuUi6nNquNubliuestz
+MN/p5Sczjs22411IV6LlVdEo34ofZX9zTjz7mFw5GcfCvryK8lDyf7Wv1kNn3Hfe
+qnK0Wq841/ynV+G1k4QUMAwpzQAC4MXWNtOWqWnlZoLA6URRfG50t9+sOGFGDCS8
+SiH3V4oy/4PpWmxOFnuB0u+VxCI13/xgIOBagPr8nVnYpilroOz6n45WLln3Bbvi
+RtcFB7vsTmEpF3j5OBQpQoiUs6fAX9xFjw==
 -----END CERTIFICATE REQUEST-----
-- 
cgit v1.1


From 59c67d4a276c107af82ef52bddc0dc8f5b28f588 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Mon, 13 Apr 2015 10:07:45 +0200
Subject: string mask

---
 scripts/mkreq | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/mkreq b/scripts/mkreq
index 44aaddc..b46d9fe 100755
--- a/scripts/mkreq
+++ b/scripts/mkreq
@@ -88,6 +88,7 @@ default_bits           = 4096
 distinguished_name     = req_distinguished_name
 req_extensions         = req_extensions
 prompt		       = no
+string_mask            = utf8only
 
 [ req_distinguished_name ]
 C			= SE
-- 
cgit v1.1


From 695f3e04ec365b285877eb2732719cd3c6931cff Mon Sep 17 00:00:00 2001
From: Linus Nordberg <linus@nordberg.se>
Date: Mon, 13 Apr 2015 10:11:16 +0200
Subject: certification request for linus from ca.sunet.se:infra

---
 .../var/lib/ca/infra/requests/client/linus.csr     | 48 +++++++++++-----------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/ca.sunet.se/overlay/var/lib/ca/infra/requests/client/linus.csr b/ca.sunet.se/overlay/var/lib/ca/infra/requests/client/linus.csr
index 2aa4af0..7a53b34 100644
--- a/ca.sunet.se/overlay/var/lib/ca/infra/requests/client/linus.csr
+++ b/ca.sunet.se/overlay/var/lib/ca/infra/requests/client/linus.csr
@@ -1,27 +1,27 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIIElTCCAn0CAQAwLTELMAkGA1UEBhMCU0UxDjAMBgNVBAoMBVNVTkVUMQ4wDAYD
-VQQDDAVsaW51czCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOCtDgqQ
-tBY7kPNZFrqpCCVkOBFW83qWBZXc9VTH1d5JH5X4zOvR/KG4tvqhWRrfSRo9SIiG
-lHUv66TKfonmFXtvGMr+XwnQPwMuzMy+InBUiIUuVBRSbP0SN0mZCJchFV9ozA49
-+ApuvABOlzBsyn5xyziSfKma2Cv4EkkM+ko1oV7W8pxLPRckBmGfnWDUbUWZI7hp
-Nt+E6+AZX3Qy0oaVL5p8Nu2rT1ewuC1NvJv+ENjl4cBPQ6Nsa2HxMBpRRLVuJTON
-KHmIYz4t3v8pOUJolb44Q/5hfQzrssjbi8qQxtDsx+EULO2SHhj3o++b1Gj+kcL5
-XU2TD14Fm6B6tjehLNldpwiJv1ZsTtXSKpD2uHZjG+IChJbIRXSvZ27lX9gsXyhl
-93Lg54u1baCwVYsN3sm3PThSp+iL622DKDIpuVBYa1zCvSPoyIVHQzjR2GyXqS2f
-GHJagImjcQh5BSkPvLdihE2Hd24yEyQnksacpkegHW9HuHXlDL2gzBZNVsRcNwL3
-qi5HyENn5JHaHhuHQQK/SD+obTj3PXHYs3k0k3Z3zxBjkl19USdXc/0gDGqbHVcW
-3xPd6FuQn9hKqByme/zy25aIF4+xTKP4MTCS4SfO3vswHb5TSzYPB9ZTH/PNorm6
-btg3I1wwCKTmCfkt17dPcGPcrsSkyANMX5TLAgMBAAGgIzAhBgkqhkiG9w0BCQ4x
-FDASMBAGA1UdEQQJMAeCBWxpbnVzMA0GCSqGSIb3DQEBCwUAA4ICAQAlZGeJO8dv
-DJQgnLJq6Y4yMSSqZvyQjKPoFLOQQAEr8Mu1KNcpXRNBPsuc7l97wiy8fnz+yssi
-+HylmHbWeTyHEP8t7JDwfoUInsPb31uAvLku0A0Ol+Yg70cgQmqwd2hvtcbIAFLX
-0baRSKGlI4uBbIfVGw3Uqxvomqodbmy7YyANc3ZWSfyBUK/x//NX+0c4E0mpiQXK
-z14uUciYCEgnEW4I4goFnYU98Xy2Qn4Dfmd7TNaEDfaPTVjiY+Sl3/JOMaNdgb+q
-PASrY2funGBnivMO74D7yBoNMEnkCkgswwGty9ZgWyUn2OePO+5vj+fQD5c5g9iZ
-KSP8QqtLNSAwke9kaaLxpcflZOGhPl6WTOtWVWO2orHA0G3eW9ikYNGmmWP7HnbU
-DIL6youcWPuSOLiAT+gCpcbh9edOiA/MIrDPVrby7UVqORuUi6nNquNubliuestz
-MN/p5Sczjs22411IV6LlVdEo34ofZX9zTjz7mFw5GcfCvryK8lDyf7Wv1kNn3Hfe
-qnK0Wq841/ynV+G1k4QUMAwpzQAC4MXWNtOWqWnlZoLA6URRfG50t9+sOGFGDCS8
-SiH3V4oy/4PpWmxOFnuB0u+VxCI13/xgIOBagPr8nVnYpilroOz6n45WLln3Bbvi
-RtcFB7vsTmEpF3j5OBQpQoiUs6fAX9xFjw==
+VQQDDAVsaW51czCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMqvs+dV
+bNkgo1+/Dmx96XBfDIme3EOTNOP2rqaOMFrJ6D57loFAGBMHDafPfu84BCRoX2mP
+fLHazPf999qnIKP9eNsmzHmkTPluQQEEt1M+cXrQWNUbCcnoAsNyArkV8nInROre
+BFfJDnEcoXiTAigGnlP/euVuALxvBYOrhRY0JdsZ1d3SWECGMeevrNSxNSd1mIsG
+EbapGU9D7Kz++u+2hh4/e483eBph0f/8KuWl7KsruIjL2VgbMi5e2TIGQ/cxURQF
+1UmlnJonUnNjndf7ucfL/FJV7M3CysC3s9ZQHa3eihAB46UfSqXAWBtMqIWQU2nk
+D8iEfWujgKc5glOBYuITFKqCDQSS4QPgHoBmCFWaSWVkUf3IpUruQst4JopulRC9
+43p0ovCbP5O7I/sNXlRVeRY3cvOeLe2lSFnvmQ5kG+pdZ/N8ViXitGdTlmWvFC0v
+f2zggkuqivUBCMX1htGA+SsneTj19Sr6MCrDWrX5tH7LYEYwEt8+skD/BnOtIPa9
+QmplpxdhBwpnjnLa3dko+c4bkLr4PeAdPtGUpzeBkCNIn0r87mhP1nvQ/rQ0sPv/
+C4gTtROwm8ap6VfAoGD0AK5ACNsgcSnAI6Q8DKmCWU1kv8E9UKLCh3amjlJz64GU
+eNTVFE9OiaLGihEShx8si4ZNvojzIfQ6W1trAgMBAAGgIzAhBgkqhkiG9w0BCQ4x
+FDASMBAGA1UdEQQJMAeCBWxpbnVzMA0GCSqGSIb3DQEBCwUAA4ICAQAphIaF6kmA
+RyH+mSnavztzgYOil7pkkHORxedDyd+vyc232LbVGTNaEzd8TpYIs48f3PUQbR+V
+UXnN9Hvg3RxFRfC6tuCsfmhgqgcqLmEWW6eiR9t6TIvoUOdLgNaweBdorDAVeDHR
+RIOB0zhm0Y3gmoTezM6Vxtkb8paGkRntbo3UQwkw01uKGWkvBtz06UYvyouTAoyQ
+oUUSMZByU+pPb/iQFmwn07JaMEsG9KezFg36wUQOohIzJU4EdXDUbkJepBIKjhHi
+KtlgbmHq5+WbSV66Y1uiovt2xU/l6lon+aJpRdKEsDl5z/Yj1WnyNgkTDwMm+SV4
+2Piw1zOVNAmXaGnCELsbR6MH+LFtsvEETgldYCVckoAyOKPYk+W74CqYwLJKJpTA
+JpJzVyQfi/QEN/kYdpmdjqDTLQxxmDjDSrEVsgaLH/EnEiCO5IuDMb8+MZL39Wuc
+ocxyMZdCB6N0ywRLcplKrUCOFwZrznYHjXU8aZQKZhN+GCAq7mNPxoJ92SyOf8b2
+E9ZUJFwC8xTmLOJI2pE6pdgF2Vj9TXC2ph9G4BAkPnXHGpGzoUdmcoTDSQ4HiG8/
+h7NFvteEhTGesqNXe/kXdR1oanmLkJN1UbTyF5fr7akBCIrPni+3BHfmLBE2i6Ss
+wAzvr5Wken4K9ldBNSG7HCdeO1nLL9D5MQ==
 -----END CERTIFICATE REQUEST-----
-- 
cgit v1.1


From e482a0769cec5035e4973aaa1f6828ee3d7d2168 Mon Sep 17 00:00:00 2001
From: Linus Nordberg <linus@nordberg.se>
Date: Mon, 13 Apr 2015 13:02:58 +0200
Subject: certification request for linus from ca.sunet.se:infra

---
 .../var/lib/ca/infra/requests/client/linus.csr     | 50 +++++++++++-----------
 1 file changed, 25 insertions(+), 25 deletions(-)

diff --git a/ca.sunet.se/overlay/var/lib/ca/infra/requests/client/linus.csr b/ca.sunet.se/overlay/var/lib/ca/infra/requests/client/linus.csr
index 7a53b34..f9021c0 100644
--- a/ca.sunet.se/overlay/var/lib/ca/infra/requests/client/linus.csr
+++ b/ca.sunet.se/overlay/var/lib/ca/infra/requests/client/linus.csr
@@ -1,27 +1,27 @@
 -----BEGIN CERTIFICATE REQUEST-----
-MIIElTCCAn0CAQAwLTELMAkGA1UEBhMCU0UxDjAMBgNVBAoMBVNVTkVUMQ4wDAYD
-VQQDDAVsaW51czCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMqvs+dV
-bNkgo1+/Dmx96XBfDIme3EOTNOP2rqaOMFrJ6D57loFAGBMHDafPfu84BCRoX2mP
-fLHazPf999qnIKP9eNsmzHmkTPluQQEEt1M+cXrQWNUbCcnoAsNyArkV8nInROre
-BFfJDnEcoXiTAigGnlP/euVuALxvBYOrhRY0JdsZ1d3SWECGMeevrNSxNSd1mIsG
-EbapGU9D7Kz++u+2hh4/e483eBph0f/8KuWl7KsruIjL2VgbMi5e2TIGQ/cxURQF
-1UmlnJonUnNjndf7ucfL/FJV7M3CysC3s9ZQHa3eihAB46UfSqXAWBtMqIWQU2nk
-D8iEfWujgKc5glOBYuITFKqCDQSS4QPgHoBmCFWaSWVkUf3IpUruQst4JopulRC9
-43p0ovCbP5O7I/sNXlRVeRY3cvOeLe2lSFnvmQ5kG+pdZ/N8ViXitGdTlmWvFC0v
-f2zggkuqivUBCMX1htGA+SsneTj19Sr6MCrDWrX5tH7LYEYwEt8+skD/BnOtIPa9
-QmplpxdhBwpnjnLa3dko+c4bkLr4PeAdPtGUpzeBkCNIn0r87mhP1nvQ/rQ0sPv/
-C4gTtROwm8ap6VfAoGD0AK5ACNsgcSnAI6Q8DKmCWU1kv8E9UKLCh3amjlJz64GU
-eNTVFE9OiaLGihEShx8si4ZNvojzIfQ6W1trAgMBAAGgIzAhBgkqhkiG9w0BCQ4x
-FDASMBAGA1UdEQQJMAeCBWxpbnVzMA0GCSqGSIb3DQEBCwUAA4ICAQAphIaF6kmA
-RyH+mSnavztzgYOil7pkkHORxedDyd+vyc232LbVGTNaEzd8TpYIs48f3PUQbR+V
-UXnN9Hvg3RxFRfC6tuCsfmhgqgcqLmEWW6eiR9t6TIvoUOdLgNaweBdorDAVeDHR
-RIOB0zhm0Y3gmoTezM6Vxtkb8paGkRntbo3UQwkw01uKGWkvBtz06UYvyouTAoyQ
-oUUSMZByU+pPb/iQFmwn07JaMEsG9KezFg36wUQOohIzJU4EdXDUbkJepBIKjhHi
-KtlgbmHq5+WbSV66Y1uiovt2xU/l6lon+aJpRdKEsDl5z/Yj1WnyNgkTDwMm+SV4
-2Piw1zOVNAmXaGnCELsbR6MH+LFtsvEETgldYCVckoAyOKPYk+W74CqYwLJKJpTA
-JpJzVyQfi/QEN/kYdpmdjqDTLQxxmDjDSrEVsgaLH/EnEiCO5IuDMb8+MZL39Wuc
-ocxyMZdCB6N0ywRLcplKrUCOFwZrznYHjXU8aZQKZhN+GCAq7mNPxoJ92SyOf8b2
-E9ZUJFwC8xTmLOJI2pE6pdgF2Vj9TXC2ph9G4BAkPnXHGpGzoUdmcoTDSQ4HiG8/
-h7NFvteEhTGesqNXe/kXdR1oanmLkJN1UbTyF5fr7akBCIrPni+3BHfmLBE2i6Ss
-wAzvr5Wken4K9ldBNSG7HCdeO1nLL9D5MQ==
+MIIElTCCAn0CAQAwLTELMAkGA1UEBhMCU0UxDjAMBgNVBAoTBVNVTkVUMQ4wDAYD
+VQQDEwVsaW51czCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM9PBNnE
+WqGbbjKH9De2Wg8LCIucAXWdcjgah2Mv6Rt1X+d9JmfNEKNFM//TzaK53iNFR0Re
+eD3MSI+synev1RSge8iPgQGCVl7VdfwRb7blSAW5zToPO/JnmkKwxmc+B2YoypLl
++/czEr7P47HoJo1on5GgLc7GdzELDLu44pmui9OXM3wnzz3hQwZPfbKUy1IQhvbG
+8GvOeHcb0aSCToLAJL+W4ZRjZ+pTl+g/OZ+2+fgU+hDzmidasnMuExHg+adHnaPb
+erzI2ASHbinickGb1PExAM/TPEaDifj44B84PxKhhklFiAgYwfuEZfT2iYaFJVYt
+Jky4IiI5DDhgBLq2ztAjL4DFPby2ti3YpPeTsJFfL3jA+5dPqCKGqFuWzzZOOu7a
+tw21+akRfBkoWdYnTLOufANDteiiYWSmiWNLd/gnU/Z8axu+9ufAof1fMQNKd4jC
+qhwjz4XoLmCA8S4s7xmKIpso8UWq4XF6AUl9/o+V8JTUQ7LOBh+CPqYxk7SgFgXt
+6NABXjlmzWIiqSRMK4N/sylvi5wVRj608Am1avfxoz458Bq1YbGP4irUH5Fi8CV/
+YyhIiaXlvD5B4U+U55Y6cb4+1YQ0c2ALJ2wyEVWmi4dpqmOijARXE1+vFhcTGYBM
+DrSWBmU5HBmP2gy00/3MKy3wYMh6CfWyx9zlAgMBAAGgIzAhBgkqhkiG9w0BCQ4x
+FDASMBAGA1UdEQQJMAeCBWxpbnVzMA0GCSqGSIb3DQEBCwUAA4ICAQA5ol0kydSW
+5ixvJNRJcnTydsH1uiK1H2fDzP4DGzg0Eh7HJuHwxNWWdFZICF54CFc7XktgdV9e
+bxLWmGx2Z8JlQXlEy/tq92AZlRi+K92O1niVynmHC5oh1Am6U3b2lJvXM51Fr8Gm
+FowjIWLs1j3RvGIRsjF6siQt7Rbrc7DMrzMoQhezNJwjviqRcqLedw/CpUCRl/Jy
+ggmxC0ehtLVwx6jEKGjwGDrwTBYRa9U2TdlQ26LYQ2p8/wUUr+JeuTRUFm9NSN0Z
+fszvazuiNACxqqbB0iVwFwRZEKkIuZHofKy7KAD5GyK06cT5HHOd9tAfupFumiTv
+/ucmEG+7DanL9jhOpWzb5tUw6NjXWENvMbsl7CJIA9hL5ZE93Ma1Bpp2o0JTz47x
+9FwR/BbFEmVrCt+V8NkQJVlY1dlkgebIh4r7r/9zlnVeAW0bCKgx7RhKTBlbpsfR
+4qMon8XR4yAeAl0MIk8E59bD7N71aOi5DrWWXZOgjdbtqwa2Kn0mIchXQapL50cZ
+3yXtdAWh5vWN1nkPHKPv5rThsN9niXcq86oV0mBO4h4E3qLzgYTBCZe+RmaL3q3P
+Tls+LniDJz7fhgpL3UcQtl4Z6nHi2U8FCz+uDBYWysPr4amOdsn1RxKRmrJZFiGS
+7jDgGSt9PZgj25JboVXvIr8U3Ni87fD8Yw==
 -----END CERTIFICATE REQUEST-----
-- 
cgit v1.1


From 2242b2bce8db07e86f1c688d4f55f5b59f7f4126 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Mon, 13 Apr 2015 13:10:10 +0200
Subject: string mask

---
 scripts/mkreq | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/mkreq b/scripts/mkreq
index b46d9fe..76b6c4c 100755
--- a/scripts/mkreq
+++ b/scripts/mkreq
@@ -88,7 +88,7 @@ default_bits           = 4096
 distinguished_name     = req_distinguished_name
 req_extensions         = req_extensions
 prompt		       = no
-string_mask            = utf8only
+string_mask            = nombstr
 
 [ req_distinguished_name ]
 C			= SE
-- 
cgit v1.1


From a2f362a0b87c034b3284a37453488c59fdd78837 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Mon, 13 Apr 2015 14:36:39 +0200
Subject: web-db3.sunet.se added

---
 web-db3.sunet.se/README | 1 +
 1 file changed, 1 insertion(+)
 create mode 120000 web-db3.sunet.se/README

diff --git a/web-db3.sunet.se/README b/web-db3.sunet.se/README
new file mode 120000
index 0000000..59a23c4
--- /dev/null
+++ b/web-db3.sunet.se/README
@@ -0,0 +1 @@
+../README
\ No newline at end of file
-- 
cgit v1.1


From fcc750162bc321202392e3f644026b91b4dd08d1 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Mon, 13 Apr 2015 14:44:40 +0200
Subject: backend class

---
 global/overlay/etc/puppet/cosmos-rules.yaml        | 2 ++
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 5 +++++
 2 files changed, 7 insertions(+)

diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index 5035639..cea844e 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -50,3 +50,5 @@ www2.eduid.se:
    webappserver:
 '^web-f[0-9]+\.sunet\.se$':
    webfrontend:
+'^web-db[0-9]+\.sunet\.se$':
+   webbackend:
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 2713ea3..3ab6744 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -857,6 +857,11 @@ class webappserver {
    class { 'webcommon': }
 }
 
+class webbackend {
+   class { 'webcommon': }
+}
+
+
 node 'web-a1.sunet.se' {
    sunet::wordpress {'www_sunet_se': }
 }
-- 
cgit v1.1


From 3e8ea53029e760244a235645ce4741111813c595 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Mon, 13 Apr 2015 14:44:54 +0200
Subject: update db

---
 global/overlay/etc/puppet/cosmos-db.yaml | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml
index a66bc05..53d3200 100644
--- a/global/overlay/etc/puppet/cosmos-db.yaml
+++ b/global/overlay/etc/puppet/cosmos-db.yaml
@@ -116,11 +116,19 @@ classes:
     sshaccess: null
     sunet::dockerhost: null
     sunetops: null
+    webbackend: null
   web-db2.sunet.se:
     mailclient: *id001
     sshaccess: null
     sunet::dockerhost: null
     sunetops: null
+    webbackend: null
+  web-db3.sunet.se:
+    mailclient: *id001
+    sshaccess: null
+    sunet::dockerhost: null
+    sunetops: null
+    webbackend: null
   web-f1.sunet.se:
     mailclient: *id001
     sshaccess: null
@@ -139,7 +147,7 @@ members:
     cdr2.sunet.se, web-db1.sunet.se, web-db2.sunet.se, mdx1.swamid.se, web-f1.sunet.se,
     meta.swamid.se, registry.swamid.se, dane.lab.sunet.se, mdx2.swamid.se, samltest.swamid.se,
     wp.sunet.se, docker.sunet.se, lobo2.lab.sunet.se, sto-tug-kvm-lab1.swamid.se,
-    sto-fre-kvm1.swamid.se, web-a1.sunet.se]
+    sto-fre-kvm1.swamid.se, web-db3.sunet.se, web-a1.sunet.se]
   docker_signer: [mdx2.swamid.se]
   dockerhost: [datasets.sunet.se, reep.tid.isoc.org, www2.eduid.se, mdx1.swamid.se,
     registry.swamid.se, mdx2.swamid.se, docker.sunet.se]
@@ -149,7 +157,7 @@ members:
     web-db1.sunet.se, web-db2.sunet.se, mdx1.swamid.se, web-f1.sunet.se, meta.swamid.se,
     registry.swamid.se, dane.lab.sunet.se, mdx2.swamid.se, samltest.swamid.se, wp.sunet.se,
     docker.sunet.se, lobo2.lab.sunet.se, sto-tug-kvm-lab1.swamid.se, sto-fre-kvm1.swamid.se,
-    web-a1.sunet.se]
+    web-db3.sunet.se, web-a1.sunet.se]
   quantis: [random1.nordu.net, random2.nordu.net]
   signer: [mdx1.swamid.se]
   sshaccess: [cdr1.sunet.se, cdr1.sunet.se, sto-tug-kvm2.swamid.se, sto-tug-kvm2.swamid.se,
@@ -158,21 +166,22 @@ members:
     cdr2.sunet.se, web-db1.sunet.se, web-db2.sunet.se, mdx1.swamid.se, web-f1.sunet.se,
     meta.swamid.se, registry.swamid.se, dane.lab.sunet.se, mdx2.swamid.se, samltest.swamid.se,
     wp.sunet.se, docker.sunet.se, lobo2.lab.sunet.se, sto-tug-kvm-lab1.swamid.se,
-    sto-fre-kvm1.swamid.se, web-a1.sunet.se]
+    sto-fre-kvm1.swamid.se, web-db3.sunet.se, web-a1.sunet.se]
   sunet-cdr: [cdr1.sunet.se, cdr2.sunet.se]
   sunet::dockerhost: [sto-tug-kvm2.swamid.se, web-a2.sunet.se, web-db1.sunet.se, web-db2.sunet.se,
-    web-f1.sunet.se, web-a1.sunet.se]
+    web-f1.sunet.se, web-db3.sunet.se, web-a1.sunet.se]
   sunetops: [cdr1.sunet.se, cdr1.sunet.se, sto-tug-kvm2.swamid.se, datasets.sunet.se,
     sto-tug-kvm-lab2.swamid.se, sto-tug-kvm1.swamid.se, ca.sunet.se, web-a2.sunet.se,
     loke.sunet.se, cdr2.sunet.se, cdr2.sunet.se, web-db1.sunet.se, web-db2.sunet.se,
     mdx1.swamid.se, web-f1.sunet.se, meta.swamid.se, registry.swamid.se, dane.lab.sunet.se,
     mdx2.swamid.se, samltest.swamid.se, wp.sunet.se, docker.sunet.se, lobo2.lab.sunet.se,
-    sto-tug-kvm-lab1.swamid.se, sto-fre-kvm1.swamid.se, web-a1.sunet.se]
+    sto-tug-kvm-lab1.swamid.se, sto-fre-kvm1.swamid.se, web-db3.sunet.se, web-a1.sunet.se]
   swamidops: [sto-tug-kvm2.swamid.se, reep.tid.isoc.org, md-master.reep.refeds.org,
     sto-tug-kvm-lab2.swamid.se, sto-tug-kvm1.swamid.se, mdx1.swamid.se, meta.swamid.se,
     registry.swamid.se, mdx2.swamid.se, samltest.swamid.se, sto-tug-kvm-lab1.swamid.se,
     sto-fre-kvm1.swamid.se]
   webappserver: [web-a2.sunet.se, web-a1.sunet.se]
+  webbackend: [web-db1.sunet.se, web-db2.sunet.se, web-db3.sunet.se]
   webfrontend: [web-f1.sunet.se]
   webserver: [sto-tug-kvm2.swamid.se, datasets.sunet.se, registry.swamid.se, docker.sunet.se]
 
-- 
cgit v1.1


From 1dd12457da668fce782a7608a1644109564293f6 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Mon, 13 Apr 2015 14:46:32 +0200
Subject: certification request for web-db1.sunet.se from ca.sunet.se:infra

---
 .../ca/infra/requests/server/web-db1.sunet.se.csr  | 27 ++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-db1.sunet.se.csr

diff --git a/ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-db1.sunet.se.csr b/ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-db1.sunet.se.csr
new file mode 100644
index 0000000..5d30aef
--- /dev/null
+++ b/ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-db1.sunet.se.csr
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIEqzCCApMCAQAwODELMAkGA1UEBhMCU0UxDjAMBgNVBAoTBVNVTkVUMRkwFwYD
+VQQDExB3ZWItZGIxLnN1bmV0LnNlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEAqdotYGUt23JojRMz77JCKa9SU1uIIN+BPuv/k3xDjjUGNfCXo1J4Hndb
+AbZHnbE53MUNk1o3n6xa8me3B+ORVQeSfMLZMnZiFpGCFV6BLoD0BHMSVN26wef9
+mcXXdR/rpFbKM1fm8DiYOkD978/l+Zy9fIlJa+k6DBqxOXFYeKo6iYs+zejo1puK
+81oUhSY3By7H6lRDM8Ch9G07dT66aAIcIsTULhWMn0aEj3XjreQiIIfqI5rTCcDD
+iRuipbX42hXewXXwHc1WGuQjTgb691tzz3k1lJ8Q5CGRy3+m6Lqjmo0llTJl/9H3
+XgfoQEnlXYrwCsYeSfcU93sA/o0O/Sl3RkswY0bQZ1K2vvpa1its5DzVfMrOMhht
+oKI/de+A/t9i95hGGEQ7yRtvJAOuCTe4t2v8XeyHg0ZvyLQ0pSSRbLv2mpSjN5L/
+TMXBaLB3d3/vm/IwNYU3IbbAU0ZnjnsJCT5vt6Tn3gco2iBp17bcublfuhHI34jb
+owD0S3R46OJphjRIYp/Xvp5PjUQGbQmSpbAW32FbPl67zf0h9a1dIe7MyI0OeoxU
++EWCsaz5vbe5vhOnYpmC2mPUASDR/VVPBmjTmyYO96qHzuCD3Kx+u/e7C4XA9U0t
+G+st9/Wgbd/u1pvCPEsG0gXwJwfPfX8Lx3lPfeBRVt570dI2CQsCAwEAAaAuMCwG
+CSqGSIb3DQEJDjEfMB0wGwYDVR0RBBQwEoIQd2ViLWRiMS5zdW5ldC5zZTANBgkq
+hkiG9w0BAQsFAAOCAgEAB9a1S49oA6HFliQlswNOiIoZ549R52p5X7bz1lFlU/lx
+INGqyjMpB3bvXuTlFkeldFliOM4TNI5TuoC0XcbVIrKxXjpG0g283oRjECJQN6n2
+2aeGgek1VAMwZ4P3mDrJccf4oe/Mixsi+FiASxoyevqzZ6iZ7MC8f/Hs9GKcIhID
+w/adby8J98SvLDgT5zzmQ9eWpbyGJPZsQ3d9oFDsDauf/CdQpe1V9LE+vB/9wn0+
+ec0eylzx0zL2y10Hg/ipdF3NgJ/eQNIk8sQ9mZvwqvAvX6p/7Jp15vB7Mlmn8ORU
+6DRxZEJ090iXAwE/RqgyZhdqoCS7Gg/VIZNDqH3rs9HnjB4n6Xo28VIkAdifrARL
+d5rdVZIGkDcaNbREp6993SCFQcSY2XN9xx9c7zAbJPLUjKF8ha4jO4NFqmyRafuB
+eUdeiTq99P1eXETiK/EcppVOcfXgoXaucCs5GaKWsMfjPQjzK57wHWIgdfj4Z8+1
+U7/FuMozEkD5TwrCep8+CDG4iFO26U1qqSrfwwwDBe1Gy5N+FJNqd+DEyG7c7x2g
+kLTrr4cjr26oB9RoLMG7pVjdiMZIoxz4H174OTm4QtZ1smybABvJUaF+Y7RbYnHa
+oLZr1O8yik9275cPmD3+hVrYTvHrKROj9YRoaadZZadMt778PG+KVjt3hFsl3Kg=
+-----END CERTIFICATE REQUEST-----
-- 
cgit v1.1


From c17e476889412c82744edeb99d78f5bbcb0b8ccd Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Mon, 13 Apr 2015 14:46:38 +0200
Subject: certification request for web-db2.sunet.se from ca.sunet.se:infra

---
 .../ca/infra/requests/server/web-db2.sunet.se.csr  | 27 ++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-db2.sunet.se.csr

diff --git a/ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-db2.sunet.se.csr b/ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-db2.sunet.se.csr
new file mode 100644
index 0000000..5ba69c4
--- /dev/null
+++ b/ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-db2.sunet.se.csr
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIEqzCCApMCAQAwODELMAkGA1UEBhMCU0UxDjAMBgNVBAoTBVNVTkVUMRkwFwYD
+VQQDExB3ZWItZGIyLnN1bmV0LnNlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEAvDebhuKPwe4ZOHjUf+v2LDqwsMCQMWkGIM7/iy0/qDIYKhbMYC3LKiAd
+jqc8fXifcseOtRjKhswV0KCMNPEaeDlM8qb0qBbLj4/3kXIHOhYEVj7DiKKIkHZd
+hztk5Ryig4pZnB10P0yXSkspe25jGz8YUE7qATUXg2dWMNDwghks5rFSw5UaFhPB
+aG/NkwZgyoUr/a0jJKMOzK3HFB1GgbdXnXr70ye+FOED98IBgJaX+8HHdYhIXAZw
+N0jWdvAzvA6/X6UqvMmPokHkrDh8ExNjxNKevz/U/ajbijt9F8aDDlXquaIoYZnl
+AYcvdg8HskqhK/8tSZ5lz2isrE8ul1b7Y4x8xlZH9ymZQq1/GvvAT/AbUZJrxjhT
+c1FNb7ukFhQzLePQHV4AZZ4DahfcUSTZUMUg2BK2GowdBViLLMKHrweI0JbqILub
+ug7xrWIVtbckXgflBvgkxUe6Y5ykUv4Wac339yFkoQF9/ZqfU5VR1pAkBgbTUnAf
+u3V0ssqRzOleMNwosY6VbPfCT7aZKiLI1PhH9z06HaYp3oHcJR3CtE1PNEu3u15T
+lpG2+ecvlzuxXNTS0lmnkxnEWrYtJesNSa5x7ue36dWmoHEfCtRN/qXGO249SAH/
+rXU9zcw6SmqomWqamvBvyAZvPUdo0r699+jJFvdl6rlP13QcnIcCAwEAAaAuMCwG
+CSqGSIb3DQEJDjEfMB0wGwYDVR0RBBQwEoIQd2ViLWRiMi5zdW5ldC5zZTANBgkq
+hkiG9w0BAQsFAAOCAgEACBpEPHm8Eqd7kkXHLuINStKTDidf2aKy8n9pm/42Uaiu
+8Bia2qn0TNVhl1vgXAxpI54bGdh3rmMmLabM+scnB3m9bK7Pb4tL5tyoSNx5dCKY
+0AcLtw2Ml8d4iGh3u5mbCFjBOgZLHc2af3QF8MSG51yBZ15ojrQ+nqiujzgtZvk2
+LtSxQy1CDOKwSGafXoX1xlX4BVvbNFmk4xT04Im/GUrAMXZr3tZ1HLX9VcRyg8pB
+oV2Bz7Y+BvQuKjxy+RHx6r9gZsTCsOoYGE6sKElvXMJfRmYAg0VTa5BT5IX0WtNz
+LTc1kAthIh/BPIrAzW8i4mwTBhzDyJwoSZoYIJmk4PL+4QR5AeEjOdyRclP5IOMx
+3ycySbPJONCbDBNqE1or1r0lQFUqMUKb6T2pK47WoLIe669mvx6h95I4u5vx2St1
+ryYHudGA5o2HrKSCGWjDYnyhd3QsbID+uO0/8QkM6ujYNQfBIqSXb6bTl+Jo8mJ1
+hDm+eNDRi8Hdd111CyiDwEBMPtvEucG3GOErJ9zD55QaOcZZ7hD1DYcTsey8LDSX
+npmyY8t0GgKGCzC4xneScxVu8+VBk9FxoGnYhsVsSKjhmGGCTGEJfjLagn2uQc/X
+DFQLuFijfnKZiG9kFgxPCQJ6dogNvL4HY++/MOPYxNtCtIyxNEkxeVFMYEJT2Y4=
+-----END CERTIFICATE REQUEST-----
-- 
cgit v1.1


From ee32baf3d26202f3385366dcadb839e2478ae9e4 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Mon, 13 Apr 2015 14:46:47 +0200
Subject: certification request for web-db3.sunet.se from ca.sunet.se:infra

---
 .../ca/infra/requests/server/web-db3.sunet.se.csr  | 27 ++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-db3.sunet.se.csr

diff --git a/ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-db3.sunet.se.csr b/ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-db3.sunet.se.csr
new file mode 100644
index 0000000..1913a23
--- /dev/null
+++ b/ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-db3.sunet.se.csr
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIEqzCCApMCAQAwODELMAkGA1UEBhMCU0UxDjAMBgNVBAoTBVNVTkVUMRkwFwYD
+VQQDExB3ZWItZGIzLnN1bmV0LnNlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEA4zEoc2z4/lZSbMt+jiCIRf+4OBcLP6C9GuPN6fGJqVmjR1Azv1o62J50
+CSkUmGLa+213XXxNlhr9wcWHApE68LWrf03iCo0hrT/o38KavpoX7Gp+5d0V7+Uy
+NyirKvyJAVQ3+uemYtajgRf18sF5xL2cdvIc7D872Of1Qct4fgy9pT7wjAafrjeI
+0w5ZDS3/jUwTTbp77ibVqyQ9zJYWH7I3F/f2/jVvo6s59HivjOo4wfdUBgvz95P/
+N6lKXuKq0HSQOezDlSAPYXcgCkQ0Bn8LYNGgRaLj4zHZ40rIXucB5A94lUUqx0/z
+7nZUz3t1h9odj5WiOEkqY/ugDAt8RNL9e8c/a5Eex/1eHm3VeoLGEAP6zTqusQ97
+I6iDFmuhBdc3VWuEu3EGwLiHVyYTtSW9kuf4l/iN9dp26dNxq52Equd1N39nP59n
+wfSgFTErqBPpBZMCwdoJyYqXAMaUPD6DysmSfgJX1w6aypxRbW1eG/bv2kjGbOai
+fM8arxGZizPXpeBUZhw+dxNHrYqZNV0sW5Kk17ptYHuE4dTxXN8jxuLqn7tUGRtX
+Nk9SOS2rBp6OnxiX/TSBuhkWz1EAWvZu0B4BdM4jVm1NEYIBWHpszbjQifaUUSaL
++nmtAienihH4Rf/Ax1SZ7KlAzdPTGUcv5C9T+rpTVSQv/1P5kFkCAwEAAaAuMCwG
+CSqGSIb3DQEJDjEfMB0wGwYDVR0RBBQwEoIQd2ViLWRiMy5zdW5ldC5zZTANBgkq
+hkiG9w0BAQsFAAOCAgEAIQlSeJHRe1QmhyvKAwV0lJMiRza2DlDBJfNbK8l317lB
+3mI3XCD5oif4l4rPnLfHEbxkhJUIvFFkG3jKJveyD3r+pQvZYUw4WeILjbdI5sWF
+6Ahhs+1xXgwSN/AY3rA87wOBPIMzv4pG+b1p+4sqbwVpR6Jv38uBvXJd76YlUmhW
+5B8r85FflShGFPvAN/D3kqo52c4UAzV+xm652arZumSA0SCT0NdiN0Ca8/Km0aHr
++ibpslyv1ehxRVY0ysBEH75D4Fhirta56B2XIug0BBg0b9sURckdDlgYjUtbytSE
+etusCmbFlAqivhbnZtsaNCm1D4RO38LQe2o3COCTBebzX0k0JMThMt6/vpbbvkeT
+8AgfHx039Cr8/en95+BDzZMM5umYZtbMsmu8x7/ZTCZZ4teFA4qnFCGnKZ63h+2H
+4TvG78N4XFO0VBweTGBDr6kj4lB8Bys7eL1kt6BkozDNKMGQP3W1m9ZPoD2hwRQn
+6B9EjpTHkCIZrj2dw4+2MLoumIJF+q58zTKE+erPJLHDSriYb0zQxDb6cnWRCBKF
+b91gM1NHXdvP4Fgt1woOzTa5bKrMzZMzSn1/LKe23xrhaHqifmp21L/XcsxlCCyU
+z2Q79uHTi39t+iNasItrMrF/3FCk9VfRRcnYM3VsPkN3rmqbhJJPTMQaIb4HQzE=
+-----END CERTIFICATE REQUEST-----
-- 
cgit v1.1


From 24a444d3baa763517e2c842fbdee0085ac0cec08 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 11:20:58 +0200
Subject: etcd

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 23 +++++++++++-----------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 3ab6744..9a21843 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -821,21 +821,17 @@ class fail2ban {
   }
 }
 
-define etcd_node($peers_file=undef,$cluster_name="etcd") {
-   file { ["/data","/data/${cluster_name}","/data/${cluster_name}/${name}"]: ensure => 'directory' }
+define etcd_node($disco_url=undef) {
+   file { ["/data","/data/${name}","/data/${name}/${::hostname}"]: ensure => 'directory' }
    sunet::docker_run { 'etcd_${name}':
       image  => 'quay.io/coreos/etcd',
-      extra_parameters => ["-initial-advertise-peer-urls http://${::ipaddress_eth1}:8001",
-                           "-listen-peer-urls http://${::ipaddress_eth1}:8001",
-                           "-advertise-client-urls http://${::ipaddress_eth1}:5001",
-                           "-listen-client-urls http://${::ipaddress_eth1}:5001",
+      version => 'v2.0.8',
+      extra_parameters => ["-initial-advertise-peer-urls http://${::ipaddress_eth1}:2380",
+                           "-listen-peer-urls http://${::ipaddress_eth1}:2380",
+                           "-discovery ${disco_url}",
                            "-name ${::hostname}",
-                           "-data-dir /data/${cluster_name}/${name}",
-                           "-initial-cluster-token ${cluster_name}",
-                           "-peers-file ${peers_file}"],
-      ports  => ["8001:8001","5001:5001"]
-       
-
+                           "-data-dir /data/${name}/${::hostname}"]
+      ports  => ["2380:2380"]
    } 
 }
 
@@ -858,6 +854,9 @@ class webappserver {
 }
 
 class webbackend {
+   etcd_node {'etcd':
+      disco_url => 'https://discovery.etcd.io/5344f39debed977d90dd72e3a7267bf8'
+   }
    class { 'webcommon': }
 }
 
-- 
cgit v1.1


From f589813f13415405d9f0d52f22e2af882d09696b Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 11:29:06 +0200
Subject: fix comma

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 9a21843..1d17367 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -830,7 +830,7 @@ define etcd_node($disco_url=undef) {
                            "-listen-peer-urls http://${::ipaddress_eth1}:2380",
                            "-discovery ${disco_url}",
                            "-name ${::hostname}",
-                           "-data-dir /data/${name}/${::hostname}"]
+                           "-data-dir /data/${name}/${::hostname}"],
       ports  => ["2380:2380"]
    } 
 }
-- 
cgit v1.1


From e6a171f5c0181c9cac44847f4beb46433b695fa7 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 11:30:01 +0200
Subject: fix comma

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 1d17367..fa46e1d 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -823,7 +823,7 @@ class fail2ban {
 
 define etcd_node($disco_url=undef) {
    file { ["/data","/data/${name}","/data/${name}/${::hostname}"]: ensure => 'directory' }
-   sunet::docker_run { 'etcd_${name}':
+   sunet::docker_run { "etcd_${name}":
       image  => 'quay.io/coreos/etcd',
       version => 'v2.0.8',
       extra_parameters => ["-initial-advertise-peer-urls http://${::ipaddress_eth1}:2380",
-- 
cgit v1.1


From ac6b29edd669e28ed384b76368a76d4b592d15d3 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 12:07:57 +0200
Subject: more etcd work

---
 fabfile/__init__.py                                      |  3 +++
 global/overlay/etc/puppet/manifests/cosmos-site.pp       | 16 +---------------
 .../etc/puppet/modules/sunet/manifests/etcd_node.pp      | 16 ++++++++++++++++
 3 files changed, 20 insertions(+), 15 deletions(-)
 create mode 100644 global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp

diff --git a/fabfile/__init__.py b/fabfile/__init__.py
index 8db5748..0a79308 100644
--- a/fabfile/__init__.py
+++ b/fabfile/__init__.py
@@ -33,3 +33,6 @@ def newvm(fqdn,ip,domain):
 
 def cp(local,remote):
     put(local,remote)
+
+def synci():
+    get("/etc/network/interfaces",local_path="%(host)s/global/overlay/etc/interfaces")
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index fa46e1d..f76d5dd 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -821,20 +821,6 @@ class fail2ban {
   }
 }
 
-define etcd_node($disco_url=undef) {
-   file { ["/data","/data/${name}","/data/${name}/${::hostname}"]: ensure => 'directory' }
-   sunet::docker_run { "etcd_${name}":
-      image  => 'quay.io/coreos/etcd',
-      version => 'v2.0.8',
-      extra_parameters => ["-initial-advertise-peer-urls http://${::ipaddress_eth1}:2380",
-                           "-listen-peer-urls http://${::ipaddress_eth1}:2380",
-                           "-discovery ${disco_url}",
-                           "-name ${::hostname}",
-                           "-data-dir /data/${name}/${::hostname}"],
-      ports  => ["2380:2380"]
-   } 
-}
-
 class quantis {
    apt::ppa {'ppa:ndn/quantispci': }
    package {'quantispci-dkms': }
@@ -854,7 +840,7 @@ class webappserver {
 }
 
 class webbackend {
-   etcd_node {'etcd':
+   sunet::etcd_node {'etcd':
       disco_url => 'https://discovery.etcd.io/5344f39debed977d90dd72e3a7267bf8'
    }
    class { 'webcommon': }
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
new file mode 100644
index 0000000..68df7d2
--- /dev/null
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
@@ -0,0 +1,16 @@
+define etcd_node(
+   $disco_url    =   undef,
+   $etcd_version =   'v2.0.8'
+) {
+   file { ["/data","/data/${name}","/data/${name}/${::hostname}"]: ensure => 'directory' }
+   sunet::docker_run { "etcd_${name}":
+      image  => 'quay.io/coreos/etcd',
+      version => $etcd_version,
+      extra_parameters => ["-initial-advertise-peer-urls http://${::ipaddress_eth1}:2380",
+                           "-listen-peer-urls http://${::ipaddress_eth1}:2380",
+                           "-discovery ${disco_url}",
+                           "-name ${::hostname}",
+                           "-data-dir /data/${name}/${::hostname}"],
+      ports  => ["2380:2380"]
+   }
+}
-- 
cgit v1.1


From ba7258ce70516b1dee8437b57a3e713382699e5f Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 12:09:37 +0200
Subject: more etcd work

---
 global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
index 68df7d2..a6659b2 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
@@ -1,4 +1,4 @@
-define etcd_node(
+define sunet::etcd_node(
    $disco_url    =   undef,
    $etcd_version =   'v2.0.8'
 ) {
-- 
cgit v1.1


From 9881de1ec8952e31b6868a016b579450d3daa069 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 12:10:47 +0200
Subject: more etcd work

---
 global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
index a6659b2..6a61f89 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
@@ -4,13 +4,13 @@ define sunet::etcd_node(
 ) {
    file { ["/data","/data/${name}","/data/${name}/${::hostname}"]: ensure => 'directory' }
    sunet::docker_run { "etcd_${name}":
-      image  => 'quay.io/coreos/etcd',
-      version => $etcd_version,
+      image            => 'quay.io/coreos/etcd',
+      imagetag         => $etcd_version,
       extra_parameters => ["-initial-advertise-peer-urls http://${::ipaddress_eth1}:2380",
                            "-listen-peer-urls http://${::ipaddress_eth1}:2380",
                            "-discovery ${disco_url}",
                            "-name ${::hostname}",
                            "-data-dir /data/${name}/${::hostname}"],
-      ports  => ["2380:2380"]
+      ports            => ["2380:2380"]
    }
 }
-- 
cgit v1.1


From 243597526cde737b2ffe08b031c16d23bd08810a Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 12:14:03 +0200
Subject: certification request for web-a1.sunet.se from ca.sunet.se:infra

---
 .../ca/infra/requests/server/web-a1.sunet.se.csr   | 44 +++++++++++-----------
 1 file changed, 22 insertions(+), 22 deletions(-)

diff --git a/ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-a1.sunet.se.csr b/ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-a1.sunet.se.csr
index 7b54703..fb7e311 100644
--- a/ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-a1.sunet.se.csr
+++ b/ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-a1.sunet.se.csr
@@ -1,27 +1,27 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIIEqTCCApECAQAwNzELMAkGA1UEBhMCU0UxDjAMBgNVBAoTBVNVTkVUMRgwFgYD
 VQQDEw93ZWItYTEuc3VuZXQuc2UwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
-AoICAQC3Sa7MgalFU9YbGwCfR3Bz+a5/Nv4gkuF3vY0fMA5Q7Rh1QfvRoDXLx77z
-6xy57SzAH/lkS0HFfs994zuspzbJT8B3n1PA/BANtJM/frLzZqaq0/BDCvQKWO1b
-8w03IzOR73H/vim7Hrc0cSj1rO49oD/BaM81oW45BeGJBwxniXX/MbknBjC+iSr+
-hlDW05iNOjtcQudS/YpZQ0YVozWBntpCgzPiv+yWDSYWrs3049TH4Uvh6QlrNeN1
-Ji17Al3j/B7Wf16CLCwJ1urTx/jGLUABkVfJDwjE/kipHvryzrRfb/8Qs1jDmxyL
-kCLlCPscv1PXfd2pOKcTVyP7mTVWfeYsW/FwBDSdA3xXkOaeB3GjHmULS3X/2APC
-Sy4crtsvn9mlCXHxKrAq9wI/UBHMaW5MqnZNU5VLJ/EpNju5OBdAtypMmNtYuivS
-e+lKVJJDYl915Licq6k8o5sX0b3y9EEJpwnx9cMRxx37C395cd9FvKheqdS3hXAY
-iEBYsUZ3dZ4RWA3R/IeiTSCUn3xY0OFqWE34owTk9cOYbtpAlIoOb9IU2q+bwTRQ
-UVp7qWE5K/rlR8qf4qsjEdIKb4suXc3poVJfq0em/LWIfmXF1CIU7F0nL0tQf+Tu
-aXjoWco7M3f3X1+OitV6fkx6rkNxVQFBFwUBw1TY3E8LomdR0QIDAQABoC0wKwYJ
+AoICAQDaukzcey9CbAza2icp0YTk2uCSKJjIoW3nf0yyP3d1DCGWlYTce0H1X1+j
+Pc0zoV9v55Wi4JgalNhq07WtsvbAfwHnSF8KMptTIp3dGi0GaXTQbsxZgBQ3cFRi
+2w0sH8ThcPk1Gqw2WZCODFO3H/VK+wWqF36ZI4eofVSggLIGMbV68f2m9Z6NrEH4
+he4LjPj5PUQCSpFIIkaTsxm1MehOT5umhD9A6OHmSNDFOMOoPX4+WP0+Pk8yORKh
+zosnglA/Nf8HJa4lQhphf/w5ss2zpjBoSVXi4CzG8F0PcqSzOSWsmazYTg+j6yJf
+iULjjYGgTzrg0VJ0IR31ygwYscZT31+U3YU+nMCCrYEOeZo+gWzczmrhDUk30+ck
+lOGNMUIXiWZ1i5G7qK0lGziFKwyUDoIEskAseAmlK6DcfXT/c6ZJZh4/IzIGOsQm
+I8ow1aRpcL9nPateg+kP18nQUZh+ht24z0VRNFbeMoRYd3yvPz1JKGV69jGC/Rtz
+zY2wnizwNHS2Pf59D/ilXT74rq2i2RTHa4tUgTAtnDD8hmzESuV/Ay9+sVux0uSI
+55XuHxL8LvErmq9MhuV0ljwwjMQE26plKNVr0OyYtR/AaNnVechM8LJfSvoqmzyg
+wC2l2bR63n1apgRPBcGMdJB/wT9sFAn0HFHZM0bVRp9merULQQIDAQABoC0wKwYJ
 KoZIhvcNAQkOMR4wHDAaBgNVHREEEzARgg93ZWItYTEuc3VuZXQuc2UwDQYJKoZI
-hvcNAQELBQADggIBAI3czCXuI0tTFM3k9wxlRFZmwHTeTPHEBsD5/yjYcmC+FCQP
-tr2wRbkY8Y26vfTByeOvgzr2Hn4DDW16L0WhoL9bM257oq+l7V71kMbKquWTnj8O
-edXF3REWeF+2DSCT1opvsi2LgNAtrNoKn9f8OHW1BiZ7+PRiNy4wxg65TqzUB2fC
-STVdv1blLfg4hijGHNEqQZM3ad3iMAJ8B3kC4Mex5T7ISEv+2+ha1/+yjPgn1P+9
-8KxJfvCu24PEY+EqtKFD4khUWv9zoa+xChQCbbKA00BqD1hJRbomLnM0ANFA4rDs
-xrKE8BVtVYSglt/w/57iWhSUGa0tJvtldHzqFSnPnrPt5SvKEDu631Jey+8w8Zfj
-XkSCbRqZftyPpcMbgbb9AKNL2FNy8sPEnkxVD6NtTiPImUHj5xVJXjm0KA6j8NOf
-hD1ZFVn1h+BRwy3PqvcCV5mMazXyOttupYUuntjrVV/xJRoySMaKNmj1B6YrAIlb
-JXybNKVPT8HIWdi0dn+pzT2r/ymIGEmzpFF0IYOtWGGKKFa9m1qFiYR0iYxBe0GK
-veH6C64JaABZGaIKWAuwAf1TnyF+B9kyiKCu75MDj8P8y28harGXCyy2Iq3MipbC
-kLBg9xC8QT7U9Jyl9TgZxpbM4Bh7qxXeryn0FIIvgfXoPrwIKXqQyrXfa6U8
+hvcNAQELBQADggIBAEIiRXkR1jni08FiISwGGqnXnAWQs1KEKOQEsjwLU8XqDm8s
+6MSPm8Q+pTPhee9WOMDvEhZ5G4qI8xq+rjMvoLAwiaZYnb25izFYCORy/hMC/gBA
+6dgWG5ltDqCVMXHpsAdtKeoTnYG3zHidDNGRaaF/s8aMI7QFNwSV4GKG9LLKZw2C
+JsXBpvm8ffoVFXw4UWNbG/za2+8INjjUgOXrYvu3X+iNjuWAxnnXq1vkYmdM01lB
+QXdG8znkN6yEtaCag06ObwdSVo2FYEBqBbwmNL+Ud0ygIEz0zaisUDC/gnPp0XRZ
+9ugL+1z9sNC/GRp/G+5JOQ7/zEvoxcvd1smYguAXWEnsXdbqOvPxxJS6++Zq2GwS
+eM2Ttwe8wVhkINpT4/AuHR3dYNKt0zxsQbcdWOq1BWFitZf6dZ9NzeCxSLtVyXVY
+X4Vo4e307d02dNw/99/zkBFFEOW4M68YMcRdBh/ASd07fHuWGppZf8/0TsPaWNzN
+qWP2uGU1blyBpBdS8t0Py5f+4RZK+u6l1cKaxD1AVuOvI0qafPyXZOmw9eIW859B
+VwlOOUEcLm8o5TZRJATtP9trKo1whUI4duR/sdpsk81iHR1KAhoKj9/MBiXU4RWn
+0I/UBxnEycup94/3ssesWPH33BpbQ0GJoxixtNgTIbuuCbs8rHptLe26mrIv
 -----END CERTIFICATE REQUEST-----
-- 
cgit v1.1


From 14c3ee9e04d8b9fc5630902ae6891b78e1c3955d Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 12:14:28 +0200
Subject: certification request for web-a2.sunet.se from ca.sunet.se:infra

---
 .../ca/infra/requests/server/web-a2.sunet.se.csr   | 27 ++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-a2.sunet.se.csr

diff --git a/ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-a2.sunet.se.csr b/ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-a2.sunet.se.csr
new file mode 100644
index 0000000..c3337e6
--- /dev/null
+++ b/ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-a2.sunet.se.csr
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIEqTCCApECAQAwNzELMAkGA1UEBhMCU0UxDjAMBgNVBAoTBVNVTkVUMRgwFgYD
+VQQDEw93ZWItYTIuc3VuZXQuc2UwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
+AoICAQDBbNpvBdEzUfeoU/S/P14/6U/Sn0UNWqAGhCwBIi2YnHVxqYKuhnlD/aPt
+cIHkaVZ5EuM/GEd0QDMO0ih3n9Gab8b1lFwqv0JxZGyTxczA74asb5Ct+IJs53h0
+X7naXJ6ka2J7xKoRW4/JlEGbdH9EF0HzDp+49OK23zR55q0ulO2hmxhZVfuepgv/
+/OYChacdo/voiAQmM0DJkTGPlslh1Dn72hIn2wvfujlzI9Dvsd6NZmMbfgxoHY4Y
+LmLATZ24XEztxuOiTOUWpX8MdlQ2TSYQEiAxMbQNjkbYkG9LAV8ipygF/mNOf/cn
+tsu5u76c/iYWoRor4uEpgrtwxFo5X1lv4yJbzO6fuWOJcNANfTNTj4xogXn6ScYb
+GE8/oWzEwokLFfdlDZY05okdzZ3uVZNoGyojMAmmx5gO+3Y9qisJpLeH0xK3jCDi
+a2X8IV3olg3mlx8M9XsHjwYSOh57sfUMA2Nm9RXroWFIPDDmhvQPJiXmM61NKB3p
+6aIwiscbCfwQmjrhxQUr8ND7M0wpJB9gJYdcUP/IN/pwIfsiHUy159Vx7dwNePpL
+qbFndkmdnJAUSKa80/+JV+8Jn5IeUbMCFt0eJPUpI3EC12yv50HFBDjt44GJSpcZ
+5qbswPH5i01dWKlbERss+4p4rd+Ry76esjQaAuqN01erhwASQwIDAQABoC0wKwYJ
+KoZIhvcNAQkOMR4wHDAaBgNVHREEEzARgg93ZWItYTIuc3VuZXQuc2UwDQYJKoZI
+hvcNAQELBQADggIBALR35edYdRVtnB+6XrEf+pBfm2Mn9cDKRF/rBx6vYgYPMlpw
+oporTVJajsMfkQp3aO3gX0w2VmnCXI40xuv5rry8LWLAZ9hgfjQ6cKpIspebSwvy
++MR/lzgUmrgowCGNCky7O8bb7U1jOryR2inOMTR6RlVpg2Gfu+EWgeQTze6LNHJk
+NV+k/NNplfRxxSDO9wthGcoTN3miNOs8YAqjJc8ApcGHcWcPkI80Hv40dlCA4+8o
+8r7BTGkotKWa9pVzQ/oYCBw3b+D6/dj57B3idRe2qkAtAO9Yf3HWhQKDFK7R0FAq
+nFWeu+aw2ZJplu+1KLLZuCXL8l/BeoXlaCiUxxUpDLI1jnNmiw20DeQw+l94EgOF
+xdA9FsHddaaHaltqIsNRBw7PupvxVGpe8y4VcCx0kCpFKETnDgRPRQ21FHOdli2+
+A7V2JdN2cEM/2obUqYrhL3Zi7fuGpZ2QC09hwnux6iKuJ8MKfQZVA8zNQAPQidxc
+UCeC/6wcwpIU4pYLmqrPgIANhq7n4VkDHJaa5nnoP7WcgjlFUNwUP5YAIjxo3XB5
+uCSg4Rx08IVAnMwzOkyO9kwtfYDqq+0SUyY73XgbYJYY5mnExYu2iEqlMdbYj9mr
+YHHHeM1YNjzcCysUlB0VaIQWPPAdgyarOn2sJ3sqEw7wY5rzIIWUD5gF0D8I
+-----END CERTIFICATE REQUEST-----
-- 
cgit v1.1


From 69e3264dded33903e62b9bbac061df2c538d8ea6 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 12:15:01 +0200
Subject: certification request for web-f1.sunet.se from ca.sunet.se:infra

---
 .../ca/infra/requests/server/web-f1.sunet.se.csr   | 27 ++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-f1.sunet.se.csr

diff --git a/ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-f1.sunet.se.csr b/ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-f1.sunet.se.csr
new file mode 100644
index 0000000..07ccc11
--- /dev/null
+++ b/ca.sunet.se/overlay/var/lib/ca/infra/requests/server/web-f1.sunet.se.csr
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIEqTCCApECAQAwNzELMAkGA1UEBhMCU0UxDjAMBgNVBAoTBVNVTkVUMRgwFgYD
+VQQDEw93ZWItZjEuc3VuZXQuc2UwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
+AoICAQC2WVo/PI5wlhDUesyX27Xu0YwwsEb/R+m2+IRFGe14I77nHoY9yfVjakPK
+V3MW0AZXomv/EdcJ2OBsCViJQYmHZ91N3qjFPNHvBc+3Oy3+PLFad4BmD3yLXSmy
+xuYlEJxJB7BNyT0AeZi19pPTSD3QZ23Yhhk2hfzJVRteLQE1hTW68vdEHvMp25qY
+grsbvhqUhFOMpNAfoGNN/cpmLTAeO7jWp1MGwwlMyfFpEa1jZS8xKylfn93a2NY1
+znI22R8XHXuMiwTK/fYTPzp+PP48ga+ABnH8y+p6uy74vni+CfnY0XviiSAlwWoZ
+/BkyRjlXar2RYCSmEwZdV8ptbSeStv+AT8SQqnCItmZ0eeu1pc9gbt9mFwY1pLfn
+GqZ2y5Ew5Y1BJirGjBlHsvjsL2b57EQsc06SmDIDX7zmUVxdfBMD7dnQ0TFIZoP7
+J8o6NdtGvDhQoGIzUgg+Y2PpoQ7ZoC+5UWq/hD2l/3Je8losaxkM2POfpl2ujhuJ
+SaZr0IJnUS56EKVVp1em6On2oD2fUav0VhKyIDnWitm8fx1jUzDIahcQjiRBQulZ
+bDHsJH4K+gYCbjzYfgcJKaXOe8XYOEqHTZyboMGwM84ZGnE539VGoRJDEM9SVnRb
+VZb5s0A8fj6pGoQcmapwNGnVUtpYc8Rz6R/Jn5YgI06INLNZrwIDAQABoC0wKwYJ
+KoZIhvcNAQkOMR4wHDAaBgNVHREEEzARgg93ZWItZjEuc3VuZXQuc2UwDQYJKoZI
+hvcNAQELBQADggIBAGHIyt5tEqWJCFgZilTJywyhXBwG2I+CzUxvyvWiofYJVgCM
+aiZwFb1A0HW8uVHRKm+LkN3urOyRaLw1D7yeHK1UIZFYyFpSfozhmrvx6KFk87gu
+MlEpKkj6iCeC26q1YrK81QUNW63swkcXJDh2B6R094JBq4RHc/ZOR5P0+EYM/fX4
+AaQGXdibwnKowRA23A7N7uX2WxoCMKDLa+ONNlHW0YqUsysTkDCRib2Baxkvovrp
+JKuUDvAFij3dOnjIwIqBX6dWSHc+5pBpROfFOxzDPNYj+ZWCmfA0YXtj0C8S8MWE
+4TuQKXREsQfgjCxFmuvQ6I+2433AQGoxD3mA5FQtVvWQZcMqfRNJdzjO1qROYL1M
+3Idcc6P71C0/uE5uwASg1ufBmiMN6MU0WABJVd/VOTz0xG82P67tDMrH28QKaWkl
+owHgxSK0DHhWT0jXVsQmbM3Le1whDEwXRLPuDAB01nsyx2osNS48gPd1pX/6/nhQ
+sQWukhdi1nmZxD+F1jUrXBh95L5uBOcF9aGWksU/2OxvuMYybrcDX6hFRmWAiPwq
+PMUweg9z0tEqzpmjlr94tznh0ZAPh9lNngJc+lGLZSRx2tBP6Mhq0sDhuTC/NjL9
+zJ57KFweFhyVyS+BXV4vyRTPZS+z2cmummOO08Zcpz5PogHsrYn7XSTxWYtT
+-----END CERTIFICATE REQUEST-----
-- 
cgit v1.1


From b0966eb8093966c341bb92e2ba2c2a7713ec37d0 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 12:22:49 +0200
Subject: network puppet module

---
 global/overlay/etc/puppet/cosmos-modules.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/cosmos-modules.conf b/global/overlay/etc/puppet/cosmos-modules.conf
index 911ebc1..e796979 100644
--- a/global/overlay/etc/puppet/cosmos-modules.conf
+++ b/global/overlay/etc/puppet/cosmos-modules.conf
@@ -13,7 +13,7 @@ pound git://github.com/SUNET/puppet-pound.git yes sunet-*
 augeas git://github.com/SUNET/puppet-augeas.git yes sunet-*
 bastion git://github.com/SUNET/puppet-bastion.git yes sunet-*
 pyff git://github.com/samlbits/puppet-pyff.git yes puppet-pyff-*
-#postgresql git://github.com/SUNET/puppetlabs-postgresql.git yes sunet-*
 dhcp git://github.com/SUNET/puppetlabs-dhcp.git yes sunet-*
 varnish git://github.com/samlbits/puppet-varnish.git yes puppet-varnish-*
 docker git://github.com/SUNET/garethr-docker.git yes sunet-*
+network git://github.com/SUNET/attachmentgenie-network.git yes sunet-*
-- 
cgit v1.1


From 1ab589a2d4567865e9389ba8bc7e656ac5220a44 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 12:33:01 +0200
Subject: etcd work

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp             | 1 -
 global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index f76d5dd..8c0800f 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -846,7 +846,6 @@ class webbackend {
    class { 'webcommon': }
 }
 
-
 node 'web-a1.sunet.se' {
    sunet::wordpress {'www_sunet_se': }
 }
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
index 6a61f89..c114cd2 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
@@ -11,6 +11,6 @@ define sunet::etcd_node(
                            "-discovery ${disco_url}",
                            "-name ${::hostname}",
                            "-data-dir /data/${name}/${::hostname}"],
-      ports            => ["2380:2380"]
+      ports            => ["${::ipaddress_eth1}:2380:2380"]
    }
 }
-- 
cgit v1.1


From 3d1ab0bddf7929b94fafdc8347e96c992c93ffff Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 12:47:11 +0200
Subject: etc foo

---
 global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
index c114cd2..3d17691 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
@@ -1,16 +1,13 @@
 define sunet::etcd_node(
    $disco_url    =   undef,
    $etcd_version =   'v2.0.8'
-) {
+) 
+{
    file { ["/data","/data/${name}","/data/${name}/${::hostname}"]: ensure => 'directory' }
    sunet::docker_run { "etcd_${name}":
       image            => 'quay.io/coreos/etcd',
       imagetag         => $etcd_version,
-      extra_parameters => ["-initial-advertise-peer-urls http://${::ipaddress_eth1}:2380",
-                           "-listen-peer-urls http://${::ipaddress_eth1}:2380",
-                           "-discovery ${disco_url}",
-                           "-name ${::hostname}",
-                           "-data-dir /data/${name}/${::hostname}"],
+      command          => "-initial-advertise-peer-urls http://${::ipaddress_eth1}:2380 -listen-peer-urls http://${::ipaddress_eth1}:2380 -discovery ${disco_url} -name ${::hostname} -data-dir /data/${name}/${::hostname}",
       ports            => ["${::ipaddress_eth1}:2380:2380"]
    }
 }
-- 
cgit v1.1


From 16aa4925923841cecc37d7efa14e63d421569ce9 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 12:52:51 +0200
Subject: support command in docker run

---
 global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp b/global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp
index 8df416b..2552644 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp
@@ -7,6 +7,7 @@ define sunet::docker_run(
   $env                 = [],
   $net                 = 'bridge',
   $extra_parameters    = [],
+  $command             = ""
 ) {
 
   # Make container use unbound resolver on dockerhost
@@ -34,6 +35,7 @@ define sunet::docker_run(
                                    ]),
     dns                => $dns,
     verify_checksum    => false,    # Rely on registry security for now. eduID risk #31.
+    command            => $command,
     pre_start          => 'run-parts /usr/local/etc/docker.d',
     post_start         => 'run-parts /usr/local/etc/docker.d',
     pre_stop           => 'run-parts /usr/local/etc/docker.d',
-- 
cgit v1.1


From ac82f4773ae5a60729697d5b4ef6df15fec8a0d7 Mon Sep 17 00:00:00 2001
From: Johan Lundberg <lundberg@nordu.net>
Date: Tue, 14 Apr 2015 13:01:21 +0200
Subject: Added nrpe to sto-tug-kvm2

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 8c0800f..343db7d 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -698,6 +698,17 @@ node 'cdr1.sunet.se' {
 
 node 'sto-tug-kvm2.swamid.se' {
    #class { 'fail2ban': }
+   package {'nagios-nrpe-server':
+       ensure => 'installed',
+   } ->
+   ufw::allow { "allow-pollen-nrpe-v4":
+       ip   => '109.105.111.111',
+       port => 5666
+   }
+   ufw::allow { "allow-pollen-nrpe-v6":
+       ip   => '2001:948:4:6::111',
+       port => 5666
+   }
    file {'/var/docker':
        ensure => 'directory',
    } ->
-- 
cgit v1.1


From 00c39cd1dd1a81b8a1fad961769e1ef89ad82dc3 Mon Sep 17 00:00:00 2001
From: Johan Lundberg <lundberg@nordu.net>
Date: Tue, 14 Apr 2015 13:04:47 +0200
Subject: Renamed nrpe rules for sto-tug-kvm2

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 343db7d..1a67ca0 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -701,11 +701,11 @@ node 'sto-tug-kvm2.swamid.se' {
    package {'nagios-nrpe-server':
        ensure => 'installed',
    } ->
-   ufw::allow { "allow-pollen-nrpe-v4":
+   ufw::allow { "allow-nrpe-v4":
        ip   => '109.105.111.111',
        port => 5666
    }
-   ufw::allow { "allow-pollen-nrpe-v6":
+   ufw::allow { "allow-nrpe-v6":
        ip   => '2001:948:4:6::111',
        port => 5666
    }
-- 
cgit v1.1


From bcc7edeaeee440877ec976ed3501578477f2728c Mon Sep 17 00:00:00 2001
From: Johan Lundberg <lundberg@nordu.net>
Date: Tue, 14 Apr 2015 13:15:43 +0200
Subject: Changed UFW rules for sto-tug-kvm2

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 1a67ca0..f36c70d 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -702,11 +702,11 @@ node 'sto-tug-kvm2.swamid.se' {
        ensure => 'installed',
    } ->
    ufw::allow { "allow-nrpe-v4":
-       ip   => '109.105.111.111',
+       from => '109.105.111.111',
        port => 5666
    }
    ufw::allow { "allow-nrpe-v6":
-       ip   => '2001:948:4:6::111',
+       from => '2001:948:4:6::111',
        port => 5666
    }
    file {'/var/docker':
-- 
cgit v1.1


From 60b460b309d92c854e681a8178e04476866de330 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 13:18:39 +0200
Subject: infra ca & etc tls config

---
 .../puppet/modules/sunet/manifests/etcd_node.pp    |  3 +-
 global/overlay/etc/ssl/certs/infra.crt             | 34 +++++++++++++++++++++
 web-db1.sunet.se/overlay/etc/network/interfaces    | 17 +++++++++++
 .../etc/ssl/certs/web-db1.sunet.se_infra.crt       | 35 ++++++++++++++++++++++
 web-db2.sunet.se/overlay/etc/network/interfaces    | 18 +++++++++++
 .../etc/ssl/certs/web-db2.sunet.se_infra.crt       | 35 ++++++++++++++++++++++
 web-db3.sunet.se/overlay/etc/network/interfaces    | 17 +++++++++++
 .../etc/ssl/certs/web-db3.sunet.se_infra.crt       | 35 ++++++++++++++++++++++
 8 files changed, 193 insertions(+), 1 deletion(-)
 create mode 100644 global/overlay/etc/ssl/certs/infra.crt
 create mode 100644 web-db1.sunet.se/overlay/etc/network/interfaces
 create mode 100644 web-db1.sunet.se/overlay/etc/ssl/certs/web-db1.sunet.se_infra.crt
 create mode 100644 web-db2.sunet.se/overlay/etc/network/interfaces
 create mode 100644 web-db2.sunet.se/overlay/etc/ssl/certs/web-db2.sunet.se_infra.crt
 create mode 100644 web-db3.sunet.se/overlay/etc/network/interfaces
 create mode 100644 web-db3.sunet.se/overlay/etc/ssl/certs/web-db3.sunet.se_infra.crt

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
index 3d17691..3509114 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
@@ -7,7 +7,8 @@ define sunet::etcd_node(
    sunet::docker_run { "etcd_${name}":
       image            => 'quay.io/coreos/etcd',
       imagetag         => $etcd_version,
-      command          => "-initial-advertise-peer-urls http://${::ipaddress_eth1}:2380 -listen-peer-urls http://${::ipaddress_eth1}:2380 -discovery ${disco_url} -name ${::hostname} -data-dir /data/${name}/${::hostname}",
+      volumes          => ["/data/${name}/${::hostname}:/var/lib/etcd","/etc/ssl:/etc/ssl"]
+      command          => "--initial-advertise-peer-urls http://0.0.0.0:2380 --listen-peer-urls http://0.0.0.0:2380 --discovery ${disco_url} --name ${::hostname} --data-dir /var/lib/etcd --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt",
       ports            => ["${::ipaddress_eth1}:2380:2380"]
    }
 }
diff --git a/global/overlay/etc/ssl/certs/infra.crt b/global/overlay/etc/ssl/certs/infra.crt
new file mode 100644
index 0000000..a34ba57
--- /dev/null
+++ b/global/overlay/etc/ssl/certs/infra.crt
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF8zCCA9ugAwIBAgIBADANBgkqhkiG9w0BAQsFADA/MSAwHgYDVQQDExdTVU5F
+VCBJbmZyYXN0cnVjdHVyZSBDQTEOMAwGA1UEChMFU1VORVQxCzAJBgNVBAYTAlNF
+MB4XDTE1MDMyNDIyMDA0M1oXDTI1MDMyMTIyMDA0M1owPzEgMB4GA1UEAxMXU1VO
+RVQgSW5mcmFzdHJ1Y3R1cmUgQ0ExDjAMBgNVBAoTBVNVTkVUMQswCQYDVQQGEwJT
+RTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANX8E3tAkO2lm7aU18ND
+hJtMARHObom9b+SpwrfgEI6dsnIqsrjzrZ1X+bv3AhlmWMS7aPr0BuvtsKxwcRaD
+TRdfM7ik7L40vXAkBwVWvXJvjdF5d+AZI750S5G1jSh/v8Nz+zHsai1mtdnx7FT6
+Pg1BJbwf0IyIHZClcnO/OmwElNnGVB5uNp3e/67KCqI4IhjAt+4G30mRfIpZ1KoU
+vexZsz++cZErCXEe0eWnhlnCjfobMKmEHhvX6RzvTbB80AL/tfrqnOEwD6y7iUOp
+N9FSTiHvHxRiD80WglLrh2qHzSn3it91RA1OvfY0HoIgdz1F/l07Nlm8a6WrrbRZ
+Pg+HzlZ31iy0/sqduj2fPrDuDDQn87Bu3ohsZPg1t700ZW+YMUWtmh9PHK04a2fI
+f9ET7llJPYzyOQ1apoiAgPRf4pnxOSOgjUhVDBY20ppTKxFJ7WY9JSKRPj92A6Ht
+2/uAfUapKPOPSaASIruVz7sZ7DqiWvq67uvRtwr5yytRoZ82HG1Z36DxSNUcJ2X8
+MmELT/ONQHolu8hiZCLDCienYWZUPBnaI9jblCqvmBrdlJzKdrWzb1zKEQNsducs
+Klwgh5hZ6tJLca3v/sDx7odUK4MF+vuhEyRZyXUQBZ3+m7iII+2mHLyZ2EUpfBjZ
+hlOERIttFErkPP5CsPkf8uvDAgMBAAGjgfkwgfYwHQYDVR0OBBYEFOcsnlEasB0B
+HeZCtCcaNZNwwG3XMB8GA1UdIwQYMBaAFOcsnlEasB0BHeZCtCcaNZNwwG3XMDsG
+CCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAoYfaHR0cDovL2NhLnN1bmV0LnNlL2lu
+ZnJhL2NhLmNydDAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vY2Euc3VuZXQuc2Uv
+aW5mcmEvY3JsLnBlbTAjBgNVHRIEHDAahhhodHRwOi8vY2Euc3VuZXQuc2UvaW5m
+cmEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEL
+BQADggIBAHUlygRL3d5DEBKWVvsuWhWNq5O7QHqWYyRSEMbncHSsZJhryJvmI/4Z
+KI0UpBC6KBJDRGnKWnTfNUsNa6ZC/hPb+9RTdVV7ODq5T1xCp9bueVmf2x/CQEIK
+Rexwlv6+nMdUmFioxtTdKOCSkXu4L+dmIpzsbkUrl0wNSIeTga0StGyJZcbFq/cp
+qur89YaiDSZ490C7UrQSaMRmBYTqmISmtlLzpGEPR3e6xoJbxws3zKeUYfF4Fzzi
+t424jpgd+FHh7eEyNNqNqKP+kr/G4/BnJBzyr1uP+1/LSzJRHj/hNJV7R/8zr9KY
+hZxjP7YKLmRxfEaRIFcjDJOKEYzpN3MNWOWVKMduUEbk65sbTFIlY1wCDzV9rHeY
+81G82FQVmOMYc5RQI5ZcEqEUhOTv85bMF3rVpGR+tA8gfQWs0w8sa9wcEo/HfjXa
+wgu67cJe2grg9iaoh40cOUIbVFaHbkvOG3ZMJPOkye+nBuOJncWhpuxGRxgEvW/O
+gj5WnDwZ4J8hfGchaBSi5ZVEvUWpmx+NPzIp5YhHBRA5zadmd2fGIui/22fmJuDq
+syNaWN5Ncka6Ud5NSnuYJDZauC/3ftdwe5awkuQFon3qg0fiVprM+DOUNgakVGyF
+5G6c17lavZgC3xqdXYbnNkBTeaTgYYUdOxcT7WXARVw9ak5OhSw0
+-----END CERTIFICATE-----
diff --git a/web-db1.sunet.se/overlay/etc/network/interfaces b/web-db1.sunet.se/overlay/etc/network/interfaces
new file mode 100644
index 0000000..b8f4bfa
--- /dev/null
+++ b/web-db1.sunet.se/overlay/etc/network/interfaces
@@ -0,0 +1,17 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# The primary network interface
+auto eth0
+iface eth0 inet static
+	address 192.36.171.68
+	netmask 255.255.255.192
+	network 192.36.171.64
+	broadcast 192.36.171.127
+	gateway 192.36.171.65
+
+	dns-nameservers 130.242.80.14 130.242.80.99
diff --git a/web-db1.sunet.se/overlay/etc/ssl/certs/web-db1.sunet.se_infra.crt b/web-db1.sunet.se/overlay/etc/ssl/certs/web-db1.sunet.se_infra.crt
new file mode 100644
index 0000000..e589716
--- /dev/null
+++ b/web-db1.sunet.se/overlay/etc/ssl/certs/web-db1.sunet.se_infra.crt
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGHzCCBAegAwIBAgIJAIphYRwko2yMMA0GCSqGSIb3DQEBCwUAMD8xIDAeBgNV
+BAMTF1NVTkVUIEluZnJhc3RydWN0dXJlIENBMQ4wDAYDVQQKEwVTVU5FVDELMAkG
+A1UEBhMCU0UwHhcNMTUwNDE0MDkzNTAyWhcNMTUwNTE0MDkzNTAyWjA4MQswCQYD
+VQQGEwJTRTEOMAwGA1UEChMFU1VORVQxGTAXBgNVBAMTEHdlYi1kYjEuc3VuZXQu
+c2UwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCp2i1gZS3bcmiNEzPv
+skIpr1JTW4gg34E+6/+TfEOONQY18JejUnged1sBtkedsTncxQ2TWjefrFryZ7cH
+45FVB5J8wtkydmIWkYIVXoEugPQEcxJU3brB5/2Zxdd1H+ukVsozV+bwOJg6QP3v
+z+X5nL18iUlr6ToMGrE5cVh4qjqJiz7N6OjWm4rzWhSFJjcHLsfqVEMzwKH0bTt1
+PrpoAhwixNQuFYyfRoSPdeOt5CIgh+ojmtMJwMOJG6KltfjaFd7BdfAdzVYa5CNO
+Bvr3W3PPeTWUnxDkIZHLf6bouqOajSWVMmX/0fdeB+hASeVdivAKxh5J9xT3ewD+
+jQ79KXdGSzBjRtBnUra++lrWK2zkPNV8ys4yGG2goj9174D+32L3mEYYRDvJG28k
+A64JN7i3a/xd7IeDRm/ItDSlJJFsu/aalKM3kv9MxcFosHd3f++b8jA1hTchtsBT
+RmeOewkJPm+3pOfeByjaIGnXtty5uV+6EcjfiNujAPRLdHjo4mmGNEhin9e+nk+N
+RAZtCZKlsBbfYVs+XrvN/SH1rV0h7szIjQ56jFT4RYKxrPm9t7m+E6dimYLaY9QB
+INH9VU8GaNObJg73qofO4IPcrH6797sLhcD1TS0b6y339aBt3+7Wm8I8SwbSBfAn
+B899fwvHeU994FFW3nvR0jYJCwIDAQABo4IBIzCCAR8wHQYDVR0OBBYEFOS/ytQU
+7Y0Ot+c/IrfVK25XQqsFMB8GA1UdIwQYMBaAFOcsnlEasB0BHeZCtCcaNZNwwG3X
+MDsGCCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAoYfaHR0cDovL2NhLnN1bmV0LnNl
+L2luZnJhL2NhLmNydDAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vY2Euc3VuZXQu
+c2UvaW5mcmEvY3JsLnBlbTAjBgNVHRIEHDAahhhodHRwOi8vY2Euc3VuZXQuc2Uv
+aW5mcmEwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwEwYDVR0lBAwwCgYIKwYBBQUH
+AwEwGwYDVR0RBBQwEoIQd2ViLWRiMS5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOC
+AgEAbBJO78R7bz+TFh5R4Wc56WSIekLIGS4FTGH/x3hocH6wqwih8Grn7ZgzeVHp
+z/n58izTcL5prKh29v9x0BZC3ED5AK3ydf8Al+VVeyd++FAAjFuf5mqgN7XPKSMS
+1fwPrN+rWR2vDmHG0zK776RiEbboWY/eXPJSS36P2g3CJ4zOpj+u5kS2AKioEcoK
+BGUvwZHjqRRetgeinGWqjaRiUUmVlTtG2Xo+s6WeHbPSp/IdnDQ1xdbq8jgOIhZg
+dqZnFaFU2VW+1hunNoFR+6ssWIKiTSHs2IIiODQjRZ8gDQpD1BcVjayHqG7MqeEi
+JN3I86veakmWDreocebe/99gbQqPy/JkHLZ/dcrGCjWvQ9r2C6L3m/yMqU0HrpHl
+mr2DEldB5Jepb0/BpGV5q5ERj3sSpKveCAjqBZqc+FOaYtuE5bHZQmxmDGHlWEdp
+FZXleTVUIrIw7m87Kfq3kdG7nfX8ev70RVAS0n2Os2yTtOn1+OiDUYXP/Ss85RjG
+qwd53Cc5jDDsmp9dNXNlK+OySBUsCnjQQc15cvueey1VkfTXfwJBGpc3zdoCDIfC
+Fmu9jTL3+5d+C0iFvn3WSwN3doLoJdhce4yAmqwGLiqFQ/K0chw7Ths2H5caF4+g
+/2hIp72NdeScdATdDluoEk130HCWNNWHdrZB/ZP6W8zBvrU=
+-----END CERTIFICATE-----
diff --git a/web-db2.sunet.se/overlay/etc/network/interfaces b/web-db2.sunet.se/overlay/etc/network/interfaces
new file mode 100644
index 0000000..2130d6a
--- /dev/null
+++ b/web-db2.sunet.se/overlay/etc/network/interfaces
@@ -0,0 +1,18 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# The primary network interface
+auto eth0
+iface eth0 inet static
+	address 192.36.171.69
+	netmask 255.255.255.192
+	network 192.36.171.64
+	broadcast 192.36.171.127
+	gateway 192.36.171.65
+
+	dns-nameservers 130.242.80.14 130.242.80.99
+
diff --git a/web-db2.sunet.se/overlay/etc/ssl/certs/web-db2.sunet.se_infra.crt b/web-db2.sunet.se/overlay/etc/ssl/certs/web-db2.sunet.se_infra.crt
new file mode 100644
index 0000000..17d5ce3
--- /dev/null
+++ b/web-db2.sunet.se/overlay/etc/ssl/certs/web-db2.sunet.se_infra.crt
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGHjCCBAagAwIBAgIIKIyvcnAuRyUwDQYJKoZIhvcNAQELBQAwPzEgMB4GA1UE
+AxMXU1VORVQgSW5mcmFzdHJ1Y3R1cmUgQ0ExDjAMBgNVBAoTBVNVTkVUMQswCQYD
+VQQGEwJTRTAeFw0xNTA0MTQwOTM1MDJaFw0xNTA1MTQwOTM1MDJaMDgxCzAJBgNV
+BAYTAlNFMQ4wDAYDVQQKEwVTVU5FVDEZMBcGA1UEAxMQd2ViLWRiMi5zdW5ldC5z
+ZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALw3m4bij8HuGTh41H/r
+9iw6sLDAkDFpBiDO/4stP6gyGCoWzGAtyyogHY6nPH14n3LHjrUYyobMFdCgjDTx
+Gng5TPKm9KgWy4+P95FyBzoWBFY+w4iiiJB2XYc7ZOUcooOKWZwddD9Ml0pLKXtu
+Yxs/GFBO6gE1F4NnVjDQ8IIZLOaxUsOVGhYTwWhvzZMGYMqFK/2tIySjDsytxxQd
+RoG3V516+9MnvhThA/fCAYCWl/vBx3WISFwGcDdI1nbwM7wOv1+lKrzJj6JB5Kw4
+fBMTY8TSnr8/1P2o24o7fRfGgw5V6rmiKGGZ5QGHL3YPB7JKoSv/LUmeZc9orKxP
+LpdW+2OMfMZWR/cpmUKtfxr7wE/wG1GSa8Y4U3NRTW+7pBYUMy3j0B1eAGWeA2oX
+3FEk2VDFINgSthqMHQVYiyzCh68HiNCW6iC7m7oO8a1iFbW3JF4H5Qb4JMVHumOc
+pFL+FmnN9/chZKEBff2an1OVUdaQJAYG01JwH7t1dLLKkczpXjDcKLGOlWz3wk+2
+mSoiyNT4R/c9Oh2mKd6B3CUdwrRNTzRLt7teU5aRtvnnL5c7sVzU0tJZp5MZxFq2
+LSXrDUmuce7nt+nVpqBxHwrUTf6lxjtuPUgB/611Pc3MOkpqqJlqmprwb8gGbz1H
+aNK+vffoyRb3Zeq5T9d0HJyHAgMBAAGjggEjMIIBHzAdBgNVHQ4EFgQUJd5TgQiu
+zD9caUaVhwl4f5/bjjUwHwYDVR0jBBgwFoAU5yyeURqwHQEd5kK0Jxo1k3DAbdcw
+OwYIKwYBBQUHAQEELzAtMCsGCCsGAQUFBzAChh9odHRwOi8vY2Euc3VuZXQuc2Uv
+aW5mcmEvY2EuY3J0MDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jYS5zdW5ldC5z
+ZS9pbmZyYS9jcmwucGVtMCMGA1UdEgQcMBqGGGh0dHA6Ly9jYS5zdW5ldC5zZS9p
+bmZyYTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DATBgNVHSUEDDAKBggrBgEFBQcD
+ATAbBgNVHREEFDASghB3ZWItZGIyLnN1bmV0LnNlMA0GCSqGSIb3DQEBCwUAA4IC
+AQDJjNAF5L8FS/kJpxG66yIEv/3OmcR1PRUQX6hnwWXRdwNkd+PrZtzXUKJrdSlt
+Tg2tcYCRZ1Bz1evuz+IJd+hRGOMxIvnB8uAZUgWsUg26je2yghtSPbdGeZ3Xizv8
+QbHP/WKaD+JZGhtbumUyGdSYOTrDxLCbgtvnByrB0MEv7IbnD/a4PuvjTyFnZ5Jw
+g+Z+JYn3xaMy18Ns/rE1gnIstBLN0ogeXsa3ujk7csRJukpJnTGuGOMS9MYBl4Md
+ujs6DCDvnGo6N0Q6gHDjGWAsV632EdCECHsWo0jHiMCwe2beXpcX05FEB6K4GUdT
+z7K4dKPHSzsHw88SuSFnHQrFJXh89T2O78KOOB4e5o296h/StI+NA+k30O5rkTKe
+g0Q3WdEvdh3zcXMCvbFDv6NxdoEpK/X7IS4tQ0xVAsQ7sY36llrG2Sj2TQo8V/1O
+0xoMLVnaWIjZy7hJyGFmlM9uelgee1l6XcDWfMqRuFj/yne1qiGU8B9hhJ4OW14/
+8yfiHJCOrJRE3/14Gk3cXIb2fdCkfcvB9PGR9IudFhYfMt+Dql7L1W3ULgE5GepU
+9EWpzbxejDbyXNVBV9LJnbaDIRAaSWJiqep/O1vVf00neDGQh4YGn2/Tgjkci+L2
+9V3Xx+yvnilKPoWk8le9UjACRFL66HArVzbE41H1VVKzBw==
+-----END CERTIFICATE-----
diff --git a/web-db3.sunet.se/overlay/etc/network/interfaces b/web-db3.sunet.se/overlay/etc/network/interfaces
new file mode 100644
index 0000000..86c5081
--- /dev/null
+++ b/web-db3.sunet.se/overlay/etc/network/interfaces
@@ -0,0 +1,17 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# The primary network interface
+auto eth0
+iface eth0 inet static
+	address 192.36.171.70
+	netmask 255.255.255.192
+	network 192.36.171.64
+	broadcast 192.36.171.127
+	gateway 192.36.171.65
+
+	dns-nameservers 130.242.80.14 130.242.80.99
diff --git a/web-db3.sunet.se/overlay/etc/ssl/certs/web-db3.sunet.se_infra.crt b/web-db3.sunet.se/overlay/etc/ssl/certs/web-db3.sunet.se_infra.crt
new file mode 100644
index 0000000..60472ff
--- /dev/null
+++ b/web-db3.sunet.se/overlay/etc/ssl/certs/web-db3.sunet.se_infra.crt
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGHzCCBAegAwIBAgIJAP7jYOUsktGuMA0GCSqGSIb3DQEBCwUAMD8xIDAeBgNV
+BAMTF1NVTkVUIEluZnJhc3RydWN0dXJlIENBMQ4wDAYDVQQKEwVTVU5FVDELMAkG
+A1UEBhMCU0UwHhcNMTUwNDE0MDkzNTAyWhcNMTUwNTE0MDkzNTAyWjA4MQswCQYD
+VQQGEwJTRTEOMAwGA1UEChMFU1VORVQxGTAXBgNVBAMTEHdlYi1kYjMuc3VuZXQu
+c2UwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDjMShzbPj+VlJsy36O
+IIhF/7g4Fws/oL0a483p8YmpWaNHUDO/WjrYnnQJKRSYYtr7bXddfE2WGv3BxYcC
+kTrwtat/TeIKjSGtP+jfwpq+mhfsan7l3RXv5TI3KKsq/IkBVDf656Zi1qOBF/Xy
+wXnEvZx28hzsPzvY5/VBy3h+DL2lPvCMBp+uN4jTDlkNLf+NTBNNunvuJtWrJD3M
+lhYfsjcX9/b+NW+jqzn0eK+M6jjB91QGC/P3k/83qUpe4qrQdJA57MOVIA9hdyAK
+RDQGfwtg0aBFouPjMdnjSshe5wHkD3iVRSrHT/PudlTPe3WH2h2PlaI4SSpj+6AM
+C3xE0v17xz9rkR7H/V4ebdV6gsYQA/rNOq6xD3sjqIMWa6EF1zdVa4S7cQbAuIdX
+JhO1Jb2S5/iX+I312nbp03GrnYSq53U3f2c/n2fB9KAVMSuoE+kFkwLB2gnJipcA
+xpQ8PoPKyZJ+AlfXDprKnFFtbV4b9u/aSMZs5qJ8zxqvEZmLM9el4FRmHD53E0et
+ipk1XSxbkqTXum1ge4Th1PFc3yPG4uqfu1QZG1c2T1I5LasGno6fGJf9NIG6GRbP
+UQBa9m7QHgF0ziNWbU0RggFYemzNuNCJ9pRRJov6ea0CJ6eKEfhF/8DHVJnsqUDN
+09MZRy/kL1P6ulNVJC//U/mQWQIDAQABo4IBIzCCAR8wHQYDVR0OBBYEFENC4c7a
+KKYu5OvxW5OufCnj5OjQMB8GA1UdIwQYMBaAFOcsnlEasB0BHeZCtCcaNZNwwG3X
+MDsGCCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAoYfaHR0cDovL2NhLnN1bmV0LnNl
+L2luZnJhL2NhLmNydDAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vY2Euc3VuZXQu
+c2UvaW5mcmEvY3JsLnBlbTAjBgNVHRIEHDAahhhodHRwOi8vY2Euc3VuZXQuc2Uv
+aW5mcmEwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwEwYDVR0lBAwwCgYIKwYBBQUH
+AwEwGwYDVR0RBBQwEoIQd2ViLWRiMy5zdW5ldC5zZTANBgkqhkiG9w0BAQsFAAOC
+AgEAWtZWETvhMvB73HCaY46YSrJ71Lp7nq/Ypz8sInxx16DtaE0WsOqbGMJSAw4w
+6RfH6XyzmTH2u9kH06K72aATLXFBT2fgTj7R7a9J1wM1i43SEgMrhCtOxBpGYsqU
+w/Yg8ZsRewMmq0YhNWbuqF0+zUIyb5H5gUygTGFCSxdiUu6o1B26tMp0Xlm9rGo8
+asvMiXe/yPm9H3oIE8GebthgoTimYX0x7dtP2sb2lOKMg+cgh+3nZHXURXfEmFYm
+JZFEcyAaRP13/P3xkN/inm4RZ89cK4YHPTPU/ptNrPPfV7BLe4+w54O2cxlmroSQ
+wh54ucJ8kgYi9UWhBIpPI/eYtgBXCt2oOCxXvT3JowT5Qv9KCm9x5uEfIzHcMkav
+xOqsPc6Z6iOlEZJjmDb758F2MfeHl0zfiAjjcQs4NYut0u0ffkF6BX3VfU65zC9c
+97x6ftGRXBzHvddjSHWfApuIohDrLx1x3y1EU6cBXnfY8nBJgOiEgh+oJm34GjZ5
+qzHqLiaPc7b7UdH6jGKjbksRr6dti7Llafn+WQ2R6mTv+XIQyd41g5E8fTojY4Bj
+1Ozm2l4szm/R0SQV0BGF3p3faDMMn6Azvyvv4g2WjYiPyIk3D9GKe4zO92k/cl06
+K3/ZuSqXq6KgN7ujslijow3TBif4ZDlILgOIPKsrIxpjVeM=
+-----END CERTIFICATE-----
-- 
cgit v1.1


From ae85c78ff1901412ba960d0aa14b80a6cac22802 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 13:20:22 +0200
Subject: infra ca & etc tls config

---
 global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
index 3509114..ee0966f 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
@@ -7,7 +7,7 @@ define sunet::etcd_node(
    sunet::docker_run { "etcd_${name}":
       image            => 'quay.io/coreos/etcd',
       imagetag         => $etcd_version,
-      volumes          => ["/data/${name}/${::hostname}:/var/lib/etcd","/etc/ssl:/etc/ssl"]
+      volumes          => ["/data/${name}/${::hostname}:/var/lib/etcd","/etc/ssl:/etc/ssl"],
       command          => "--initial-advertise-peer-urls http://0.0.0.0:2380 --listen-peer-urls http://0.0.0.0:2380 --discovery ${disco_url} --name ${::hostname} --data-dir /var/lib/etcd --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt",
       ports            => ["${::ipaddress_eth1}:2380:2380"]
    }
-- 
cgit v1.1


From ef9fdafe6169a98e669291fcfe32a074a46b678f Mon Sep 17 00:00:00 2001
From: Johan Lundberg <lundberg@nordu.net>
Date: Tue, 14 Apr 2015 13:23:39 +0200
Subject: Added any to ipv6 ufw rule

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index f36c70d..df74ac6 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -707,6 +707,7 @@ node 'sto-tug-kvm2.swamid.se' {
    }
    ufw::allow { "allow-nrpe-v6":
        from => '2001:948:4:6::111',
+       ip   => 'any',
        port => 5666
    }
    file {'/var/docker':
-- 
cgit v1.1


From 11c3de86e97aacdc8a33b8fe21484c105a9f5988 Mon Sep 17 00:00:00 2001
From: Johan Lundberg <lundberg@nordu.net>
Date: Tue, 14 Apr 2015 13:28:12 +0200
Subject: Updated ufw rules for sto-tug-kvm2

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index df74ac6..8931d1d 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -702,13 +702,16 @@ node 'sto-tug-kvm2.swamid.se' {
        ensure => 'installed',
    } ->
    ufw::allow { "allow-nrpe-v4":
-       from => '109.105.111.111',
-       port => 5666
+       from  => '109.105.111.111',
+       ip    => 'any',
+       proto => 'tcp',
+       port  => 5666
    }
    ufw::allow { "allow-nrpe-v6":
-       from => '2001:948:4:6::111',
-       ip   => 'any',
-       port => 5666
+       from  => '2001:948:4:6::111',
+       ip    => 'any',
+       proto => 'tcp',
+       port  => 5666
    }
    file {'/var/docker':
        ensure => 'directory',
-- 
cgit v1.1


From 8d537696dc0e044b1c9afc2c5284662d370bcf4f Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 13:30:31 +0200
Subject: infra ca & etc tls config

---
 global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
index ee0966f..1874804 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
@@ -7,8 +7,8 @@ define sunet::etcd_node(
    sunet::docker_run { "etcd_${name}":
       image            => 'quay.io/coreos/etcd',
       imagetag         => $etcd_version,
-      volumes          => ["/data/${name}/${::hostname}:/var/lib/etcd","/etc/ssl:/etc/ssl"],
-      command          => "--initial-advertise-peer-urls http://0.0.0.0:2380 --listen-peer-urls http://0.0.0.0:2380 --discovery ${disco_url} --name ${::hostname} --data-dir /var/lib/etcd --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt",
+      volumes          => ["/data/${name}/${::hostname}:/data","/etc/ssl:/etc/ssl"],
+      command          => "--initial-advertise-peer-urls http://0.0.0.0:2380 --listen-peer-urls http://0.0.0.0:2380 --discovery ${disco_url} --name ${::hostname} --data-dir /data --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt",
       ports            => ["${::ipaddress_eth1}:2380:2380"]
    }
 }
-- 
cgit v1.1


From a014ad4df5932fca5a3221b9cb31f6ca304b248b Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 13:35:49 +0200
Subject: no datadir

---
 global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
index 1874804..2b5438d 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
@@ -7,8 +7,7 @@ define sunet::etcd_node(
    sunet::docker_run { "etcd_${name}":
       image            => 'quay.io/coreos/etcd',
       imagetag         => $etcd_version,
-      volumes          => ["/data/${name}/${::hostname}:/data","/etc/ssl:/etc/ssl"],
-      command          => "--initial-advertise-peer-urls http://0.0.0.0:2380 --listen-peer-urls http://0.0.0.0:2380 --discovery ${disco_url} --name ${::hostname} --data-dir /data --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt",
+      command          => "--initial-advertise-peer-urls http://0.0.0.0:2380 --listen-peer-urls http://0.0.0.0:2380 --discovery ${disco_url} --name ${::hostname} --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt",
       ports            => ["${::ipaddress_eth1}:2380:2380"]
    }
 }
-- 
cgit v1.1


From d22afe6a73cd9514d3ee83737d06a7c8302d591e Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 13:36:25 +0200
Subject: no datadir

---
 global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
index 2b5438d..c4d3e78 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
@@ -7,6 +7,7 @@ define sunet::etcd_node(
    sunet::docker_run { "etcd_${name}":
       image            => 'quay.io/coreos/etcd',
       imagetag         => $etcd_version,
+      volumes          => ["/etc/ssl:/etc/ssl"],
       command          => "--initial-advertise-peer-urls http://0.0.0.0:2380 --listen-peer-urls http://0.0.0.0:2380 --discovery ${disco_url} --name ${::hostname} --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt",
       ports            => ["${::ipaddress_eth1}:2380:2380"]
    }
-- 
cgit v1.1


From 04d799dd38b7bb3cba2b67b71cf2e3532d1ba637 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 13:44:00 +0200
Subject: try to mount th secret datadir

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp             | 2 +-
 global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 8931d1d..f13360d 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -856,7 +856,7 @@ class webappserver {
 
 class webbackend {
    sunet::etcd_node {'etcd':
-      disco_url => 'https://discovery.etcd.io/5344f39debed977d90dd72e3a7267bf8'
+      disco_url => 'https://discovery.etcd.io/8e0e5ad03f32ae85bf0783cb3169099a'
    }
    class { 'webcommon': }
 }
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
index c4d3e78..058dadd 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
@@ -7,7 +7,7 @@ define sunet::etcd_node(
    sunet::docker_run { "etcd_${name}":
       image            => 'quay.io/coreos/etcd',
       imagetag         => $etcd_version,
-      volumes          => ["/etc/ssl:/etc/ssl"],
+      volumes          => ["/data/${name}/${::hostname}:/go/src/app/${::hostname}.etcd","/etc/ssl:/etc/ssl"],
       command          => "--initial-advertise-peer-urls http://0.0.0.0:2380 --listen-peer-urls http://0.0.0.0:2380 --discovery ${disco_url} --name ${::hostname} --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt",
       ports            => ["${::ipaddress_eth1}:2380:2380"]
    }
-- 
cgit v1.1


From 76167d46f33e918ee3848e2b9364a0707ba532e8 Mon Sep 17 00:00:00 2001
From: Johan Lundberg <lundberg@nordu.net>
Date: Tue, 14 Apr 2015 13:49:06 +0200
Subject: Added nrpe configuration for sto-tug-kvm2

---
 sto-tug-kvm2.swamid.se/overlay/etc/nagios/nrpe.cfg | 246 +++++++
 .../overlay/etc/nagios/nrpe.d/cosmos_nrpe.cfg      |  17 +
 .../overlay/usr/lib/nagios/plugins/check_reboot    |  37 ++
 .../overlay/usr/lib/nagios/plugins/check_uptime.pl | 721 +++++++++++++++++++++
 4 files changed, 1021 insertions(+)
 create mode 100644 sto-tug-kvm2.swamid.se/overlay/etc/nagios/nrpe.cfg
 create mode 100644 sto-tug-kvm2.swamid.se/overlay/etc/nagios/nrpe.d/cosmos_nrpe.cfg
 create mode 100755 sto-tug-kvm2.swamid.se/overlay/usr/lib/nagios/plugins/check_reboot
 create mode 100755 sto-tug-kvm2.swamid.se/overlay/usr/lib/nagios/plugins/check_uptime.pl

diff --git a/sto-tug-kvm2.swamid.se/overlay/etc/nagios/nrpe.cfg b/sto-tug-kvm2.swamid.se/overlay/etc/nagios/nrpe.cfg
new file mode 100644
index 0000000..043ea90
--- /dev/null
+++ b/sto-tug-kvm2.swamid.se/overlay/etc/nagios/nrpe.cfg
@@ -0,0 +1,246 @@
+#############################################################################
+# Sample NRPE Config File 
+# Written by: Ethan Galstad (nagios@nagios.org)
+# 
+# Last Modified: 11-23-2007
+#
+# NOTES:
+# This is a sample configuration file for the NRPE daemon.  It needs to be
+# located on the remote host that is running the NRPE daemon, not the host
+# from which the check_nrpe client is being executed.
+#############################################################################
+
+
+# LOG FACILITY
+# The syslog facility that should be used for logging purposes.
+
+log_facility=daemon
+
+
+
+# PID FILE
+# The name of the file in which the NRPE daemon should write it's process ID
+# number.  The file is only written if the NRPE daemon is started by the root
+# user and is running in standalone mode.
+
+pid_file=/var/run/nagios/nrpe.pid
+
+
+
+# PORT NUMBER
+# Port number we should wait for connections on.
+# NOTE: This must be a non-priviledged port (i.e. > 1024).
+# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
+
+server_port=5666
+
+
+
+# SERVER ADDRESS
+# Address that nrpe should bind to in case there are more than one interface
+# and you do not want nrpe to bind on all interfaces.
+# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
+
+#server_address=127.0.0.1
+
+
+
+# NRPE USER
+# This determines the effective user that the NRPE daemon should run as.  
+# You can either supply a username or a UID.
+# 
+# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
+
+nrpe_user=nagios
+
+
+
+# NRPE GROUP
+# This determines the effective group that the NRPE daemon should run as.  
+# You can either supply a group name or a GID.
+# 
+# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
+
+nrpe_group=nagios
+
+
+
+# ALLOWED HOST ADDRESSES
+# This is an optional comma-delimited list of IP address or hostnames 
+# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask
+# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently 
+# supported.
+#
+# Note: The daemon only does rudimentary checking of the client's IP
+# address.  I would highly recommend adding entries in your /etc/hosts.allow
+# file to allow only the specified host to connect to the port
+# you are running this daemon on.
+#
+# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
+
+allowed_hosts=109.105.111.111,2001:948:4:6::111
+ 
+
+
+# COMMAND ARGUMENT PROCESSING
+# This option determines whether or not the NRPE daemon will allow clients
+# to specify arguments to commands that are executed.  This option only works
+# if the daemon was configured with the --enable-command-args configure script
+# option.  
+#
+# *** ENABLING THIS OPTION IS A SECURITY RISK! *** 
+# Read the SECURITY file for information on some of the security implications
+# of enabling this variable.
+#
+# Values: 0=do not allow arguments, 1=allow command arguments
+
+dont_blame_nrpe=0
+
+
+
+# BASH COMMAND SUBTITUTION
+# This option determines whether or not the NRPE daemon will allow clients
+# to specify arguments that contain bash command substitutions of the form
+# $(...).  This option only works if the daemon was configured with both 
+# the --enable-command-args and --enable-bash-command-substitution configure 
+# script options.
+#
+# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! *** 
+# Read the SECURITY file for information on some of the security implications
+# of enabling this variable.
+#
+# Values: 0=do not allow bash command substitutions, 
+#         1=allow bash command substitutions
+
+allow_bash_command_substitution=0
+
+
+
+# COMMAND PREFIX
+# This option allows you to prefix all commands with a user-defined string.
+# A space is automatically added between the specified prefix string and the
+# command line from the command definition.
+#
+# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! ***
+# Usage scenario: 
+# Execute restricted commmands using sudo.  For this to work, you need to add
+# the nagios user to your /etc/sudoers.  An example entry for alllowing 
+# execution of the plugins from might be:
+#
+# nagios          ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/
+#
+# This lets the nagios user run all commands in that directory (and only them)
+# without asking for a password.  If you do this, make sure you don't give
+# random users write access to that directory or its contents!
+
+# command_prefix=/usr/bin/sudo 
+
+
+
+# DEBUGGING OPTION
+# This option determines whether or not debugging messages are logged to the
+# syslog facility.
+# Values: 0=debugging off, 1=debugging on
+
+debug=0
+
+
+
+# COMMAND TIMEOUT
+# This specifies the maximum number of seconds that the NRPE daemon will
+# allow plugins to finish executing before killing them off.
+
+command_timeout=60
+
+
+
+# CONNECTION TIMEOUT
+# This specifies the maximum number of seconds that the NRPE daemon will
+# wait for a connection to be established before exiting. This is sometimes
+# seen where a network problem stops the SSL being established even though
+# all network sessions are connected. This causes the nrpe daemons to
+# accumulate, eating system resources. Do not set this too low.
+
+connection_timeout=300
+
+
+
+# WEEK RANDOM SEED OPTION
+# This directive allows you to use SSL even if your system does not have
+# a /dev/random or /dev/urandom (on purpose or because the necessary patches
+# were not applied). The random number generator will be seeded from a file
+# which is either a file pointed to by the environment valiable $RANDFILE
+# or $HOME/.rnd. If neither exists, the pseudo random number generator will
+# be initialized and a warning will be issued.
+# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness
+
+#allow_weak_random_seed=1
+
+
+
+# INCLUDE CONFIG FILE
+# This directive allows you to include definitions from an external config file.
+
+#include=<somefile.cfg>
+
+
+
+# INCLUDE CONFIG DIRECTORY
+# This directive allows you to include definitions from config files (with a
+# .cfg extension) in one or more directories (with recursion).
+
+#include_dir=<somedirectory>
+#include_dir=<someotherdirectory>
+
+
+
+# COMMAND DEFINITIONS
+# Command definitions that this daemon will run.  Definitions
+# are in the following format:
+#
+# command[<command_name>]=<command_line>
+#
+# When the daemon receives a request to return the results of <command_name>
+# it will execute the command specified by the <command_line> argument.
+#
+# Unlike Nagios, the command line cannot contain macros - it must be
+# typed exactly as it should be executed.
+#
+# Note: Any plugins that are used in the command lines must reside
+# on the machine that this daemon is running on!  The examples below
+# assume that you have plugins installed in a /usr/local/nagios/libexec
+# directory.  Also note that you will have to modify the definitions below
+# to match the argument format the plugins expect.  Remember, these are
+# examples only!
+
+
+# The following examples use hardcoded command arguments...
+
+command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10
+command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
+command[check_root]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /
+command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z
+command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200 
+
+
+# The following examples allow user-supplied arguments and can
+# only be used if the NRPE daemon was compiled with support for 
+# command arguments *AND* the dont_blame_nrpe directive in this
+# config file is set to '1'.  This poses a potential security risk, so
+# make sure you read the SECURITY file before doing this.
+
+#command[check_users]=/usr/lib/nagios/plugins/check_users -w $ARG1$ -c $ARG2$
+#command[check_load]=/usr/lib/nagios/plugins/check_load -w $ARG1$ -c $ARG2$
+#command[check_disk]=/usr/lib/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
+#command[check_procs]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
+
+#
+# local configuration:
+#	if you'd prefer, you can instead place directives here
+include=/etc/nagios/nrpe_local.cfg
+
+# 
+# you can place your config snipplets into nrpe.d/
+# only snipplets ending in .cfg will get included
+include_dir=/etc/nagios/nrpe.d/
+
diff --git a/sto-tug-kvm2.swamid.se/overlay/etc/nagios/nrpe.d/cosmos_nrpe.cfg b/sto-tug-kvm2.swamid.se/overlay/etc/nagios/nrpe.d/cosmos_nrpe.cfg
new file mode 100644
index 0000000..40dc7b1
--- /dev/null
+++ b/sto-tug-kvm2.swamid.se/overlay/etc/nagios/nrpe.d/cosmos_nrpe.cfg
@@ -0,0 +1,17 @@
+# ###################################################
+# # This file is maintained in
+# #
+# #    ####    ####    ####   #    #   ####    ####
+# #   #    #  #    #  #       ##  ##  #    #  #
+# #   #       #    #   ####   # ## #  #    #   ####
+# #   #       #    #       #  #    #  #    #       #
+# #   #    #  #    #  #    #  #    #  #    #  #    #
+# #    ####    ####    ####   #    #   ####    ####
+# #
+# # ... so you can't just change it locally.
+# #
+# ###################################################
+
+command[check_uptime]=/usr/lib/nagios/plugins/check_uptime.pl -f
+command[check_reboot]=/usr/lib/nagios/plugins/check_reboot
+command[check_root]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /
diff --git a/sto-tug-kvm2.swamid.se/overlay/usr/lib/nagios/plugins/check_reboot b/sto-tug-kvm2.swamid.se/overlay/usr/lib/nagios/plugins/check_reboot
new file mode 100755
index 0000000..4cb9df3
--- /dev/null
+++ b/sto-tug-kvm2.swamid.se/overlay/usr/lib/nagios/plugins/check_reboot
@@ -0,0 +1,37 @@
+#!/bin/bash
+declare -rx PROGNAME=${0##*/}
+declare -rx PROGPATH=${0%/*}/
+
+function cleanup {
+	#if [ -e "$TMPFILE" ] ; then
+		#rm "$TMPFILE"
+	#fi
+	exit $1
+}
+
+if [ -r "${PROGPATH}utils.sh" ] ; then
+	source "${PROGPATH}utils.sh"
+else
+	echo "Can't find utils.sh."
+	printf "Currently being run from %s\n" "$PROGPATH"
+	# since we couldn't define STATE_UNKNOWN since reading utils.sh failed, we use 3 here but everywhere else after this use cleanup $STATE
+	cleanup 3
+fi
+
+STATE=$STATE_UNKNOWN
+
+
+if [ -f /var/run/reboot-required.pkgs ]
+then
+	pkg=`cat /var/run/reboot-required.pkgs`
+fi
+
+if [ -f /var/run/reboot-required ]
+then
+	echo "Reboot WARNING: System reboot required by package $pkg" 
+        cleanup $STATE_WARNING; 
+fi
+      echo "Reboot OK: No reboot required"
+      cleanup $STATE_OK;
+cleanup $STATE;
+
diff --git a/sto-tug-kvm2.swamid.se/overlay/usr/lib/nagios/plugins/check_uptime.pl b/sto-tug-kvm2.swamid.se/overlay/usr/lib/nagios/plugins/check_uptime.pl
new file mode 100755
index 0000000..dda05e4
--- /dev/null
+++ b/sto-tug-kvm2.swamid.se/overlay/usr/lib/nagios/plugins/check_uptime.pl
@@ -0,0 +1,721 @@
+#!/usr/bin/perl -w
+#
+# ============================== SUMMARY =====================================
+#
+# Program : check_uptime.pl
+# Version : 0.52
+# Date    : June 19, 2012
+# Authors : William Leibzon - william@leibzon.org
+# Licence : GPL - summary below, full text at http://www.fsf.org/licenses/gpl.txt
+#
+# =========================== PROGRAM LICENSE =================================
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+# ===================== INFORMATION ABOUT THIS PLUGIN =========================
+#
+#  This plugin returns uptime of the system returning data in text (readable)
+#  format as well as in minutes for performance graphing. The plugin can either
+#  run on local system unix system (that supports standard 'uptime' command
+#  or check remote system by SNMP. The plugin can report one CRITICAL or
+#  WARNING alert if system has been rebooted since last check.
+#
+# ======================  SETUP AND PLUGIN USE NOTES  =========================
+#
+#  The plugin can either retrieve information from local system (when you
+#  run it through check_nrpe for example) or by SNMP from remote system.
+#
+#  On local system it will execute standard unix 'uptime' and 'uname -a'.
+#
+#  On a remote system it'll retrieve data from sysSystem for system type
+#  and use that to decide if further data should be retrieved from 
+#    sysUptime (OID 1.3.6.1.2.1.1.3.0) for windows or 
+#    hostUptime (OID 1.3.6.1.2.1.25.1.1.0) for unix system or
+#    snmpEngineTime (OID 1.3.6.1.6.3.10.2.1.3) for cisco switches
+#
+#  For information on available options please execute it with --help i.e:
+#    check_uptime.pl --help
+#
+#  As I dont have time for extensive documentation below is all very brief:
+#
+#  1. You can also specify warning and critical thresholds which will
+#     give warning or critical alert if system has been up for lees then
+#     specified number of minutes. Example: 
+#        check_uptime.pl -w 5
+#     Will give warning alert if system has been up for less then 5 minutes
+#
+#  2. For performance data results you can use '-f' option which will give
+#     total number of minutes the system has been up.
+#
+#  3. A special case is use of performance to feed data from previous run
+#     back into the plugin. This is used to cache results about what type
+#     of system it is (you can also directly specify this with -T option)
+#     and also means -w and -c threshold values are ignored and instead
+#     plugin will issue ONE alert (warning or critical) if system uptime
+#     changes from highier value to lower
+#
+# ============================ EXAMPLES =======================================
+#
+# 1. Local server (use with NRPE or on nagios host), warning on < 5 minutes:
+#
+# define command {
+#        command_name check_uptime
+#        command_line $USER1$/check_uptime.pl -f -w 5
+# }
+# 
+# 2. Local server (use with NRPE or on nagios host), 
+#    one critical alert on reboot:
+#
+# define command {
+#        command_name check_uptime
+#        command_line $USER1$/check_uptime.pl -f -c -P "SERVICEPERFDATA$"
+# }
+#
+# 3. Remote server SNMP v2, one warning alert on reboot,
+#    autodetect and cache type of server:
+#
+# define command {
+#        command_name check_snmp_uptime_v2
+#        command_line $USER1$/check_uptime.pl -2 -f -w -H $HOSTADDRESS$ -C $_HOSTSNMP_COMMUNITY$ -P "$SERVICEPERFDATA$"
+# }
+#
+# 4. Remote server SNMP v3, rest as above
+#
+#define command {
+#        command_name check_snmp_uptime_v3
+#        command_line $USER1$/check_uptime.pl -f -w -H $HOSTADDRESS$ -l $_HOSTSNMP_V3_USER$ -x $_HOSTSNMP_V3_AUTH$ -X $_HOSTSNMP_V3_PRIV$ -L sha,aes -P "$SERVICEPERFDATA$"
+# }
+# 
+# 5. Example of service definition using above
+#
+# define service{
+#      use				std-service
+#      hostgroup_name			all_snmp_hosts
+#      service_description		SNMP Uptime
+#      max_check_attempts               1
+#      check_command			check_snmp_uptime
+# }
+#
+# 6. And this is optional dependency definition for above which makes
+#    every SNMP service (service beloning to SNMP servicegroup) on
+#    same host dependent on this SNMP Uptime check. Then if SNMP
+#    daemon goes down you only receive one alert
+#
+# define servicedependency{
+#        service_description SNMP Uptime
+#        dependent_servicegroup_name snmp
+# }
+#
+# ============================= VERSION HISTORY ==============================
+#
+# 0.1 - sometime 2006 : Simple script for tracking local system uptime
+# 0.2 - sometime 2008 : Update to get uptime by SNMP, its now alike my other plugins 
+# 0.3 -  Nov 14, 2009 : Added getting system info line and using that to decide
+#		        format of uptime line and how to process it. Added support
+#			for getting uptime with SNMP from windows systems.
+#			Added documentation header alike my other plugins.
+#			Planned to release it to public, but forgot.
+# 0.4  - Dec 19, 2011 : Update to support SNMP v3, released to public
+# 0.41 - Jan 13, 2012 : Added bug fix by Rom_UA posted as comment on Nagios Exchange
+#			Added version history you're reading right now.
+# 0.42 - Feb 13, 2012 : Bug fix to not report WARNING if uptime is not correct output
+# 0.5  - Feb 29, 2012 : Added support for "netswitch" engine type that retrieves
+#		        snmpEngineTime. Added proper support for sysUpTime interpreting
+#			it as 1/100s of a second and converting to days,hours,minutes
+#			Changed internal processing structure, now reported uptime
+#			info text is based on uptime_minutes and not separate.
+# 0.51 - Jun 05, 2012 : Bug fixed for case when when snmp system info is < 3 words.
+# 0.52 - Jun 19, 2012 : For switches if snmpEngineTime OID is not available,
+#		        the plugin will revert back to checking hostUptime and
+#			then sysUptime. Entire logic has in fact been changed
+#			to support trying more than just two OIDs. Also added
+#			support to specify filename to '-v' option for debug
+#		        output to go to instead of console and for '--debug'
+#			option as an alias to '--verbose'.
+# 
+# TODO:
+#   0) Add '--extra-opts' to allow to read options from a file as specified
+#      at http://nagiosplugins.org/extra-opts. This is TODO for all my plugins
+#   1) Add support for ">", "<" and other threshold qualifiers
+#      as done in check_snmp_temperature.pl or check_mysqld.pl
+#   2) Support for more types, in particular network equipment such as cisco: [DONE]
+#      	     sysUpTime is a 32-bit counter in 1/100 of a second, it rolls over after 496 days
+#            snmpEngineTime (.1.3.6.1.6.3.10.2.1.3) returns the uptime in seconds and will not
+#            roll over, however some cisco switches (29xx) are buggy and it gets reset too.
+#            Routers running 12.0(3)T or higher can use the snmpEngineTime object from
+#            the SNMP-FRAMEWORK-MIB.  This keeps track of seconds since SNMP engine started.
+#   3) Add threshold into perfout as ';warn;crit'
+#
+# ========================== START OF PROGRAM CODE ===========================
+
+use strict;
+use Getopt::Long;
+
+# Nagios specific
+our $TIMEOUT;
+our %ERRORS;
+eval 'use utils qw(%ERRORS $TIMEOUT)';
+if ($@) {
+ $TIMEOUT = 10;
+ %ERRORS = ('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4);
+}
+
+our $no_snmp=0;
+eval 'use Net::SNMP';
+if ($@) {
+  $no_snmp=1;
+}
+
+# Version 
+my $Version='0.52';
+
+# SNMP OID
+my $oid_sysSystem = '1.3.6.1.2.1.1.1.0';	     # windows and some unix
+my $oid_hostUptime = '1.3.6.1.2.1.25.1.1.0';         # hostUptime, usually unix systems
+my $oid_sysUptime = '1.3.6.1.2.1.1.3.0';             # sysUpTime, windows
+my $oid_engineTime = '1.3.6.1.6.3.10.2.1.3';         # SNMP-FRAMEWORK-MIB
+
+my @oid_uptime_types = ( ['', '', ''],		      	      # type 0 is reserved
+	   [ 'local', '', ''],                                # type 1 is local
+           [ 'win', 'sysUpTime', $oid_sysUptime ], 	      # type 2 is windows
+	   [ 'unix-host', 'hostUpTime', $oid_hostUptime ],    # type 3 is unix-host
+	   [ 'unix-sys', 'sysUpTime', $oid_sysUptime ],       # type 4 is unix-sys
+	   [ 'net', 'engineTime', $oid_engineTime ]);         # type 5 is netswitch 
+
+# Not used, but perhaps later
+my $oid_hrLoad = '1.3.6.1.2.1.25.3.3.1.2.1';
+my $oid_sysLoadInt1 = '1.3.6.1.4.1.2021.10.1.5.1';
+my $oid_sysLoadInt5 = '1.3.6.1.4.1.2021.10.1.5.2';
+my $oid_sysLoadInt15 = '1.3.6.1.4.1.2021.10.1.5.3';
+
+# Standard options
+my $o_host = 		undef; 	# hostname
+my $o_timeout=  	undef;  # Timeout (Default 10) 
+my $o_help=		undef; 	# wan't some help ?
+my $o_verb=		undef;	# verbose mode
+my $o_version=		undef;	# print version
+my $o_label=		undef;	# change label instead of printing uptime
+my $o_perf=             undef;  # Output performance data (uptime in minutes)
+my $o_prevperf=		undef;	# performance data given with $SERVICEPERFDATA$ macro
+my $o_warn=             undef;  # WARNING alert if system has been up for < specified number of minutes
+my $o_crit=             undef;  # CRITICAL alert if system has been up for < specified number of minutes
+my $o_type=             undef;  # type of check (local, auto, unix, win)
+
+# Login and other options specific to SNMP
+my $o_port =		161;    # SNMP port
+my $o_community =	undef; 	# community
+my $o_version2	=	undef;	# use snmp v2c
+my $o_login=		undef;	# Login for snmpv3
+my $o_passwd=		undef;	# Pass for snmpv3
+my $v3protocols=	undef;	# V3 protocol list.
+my $o_authproto=	'md5';	# Auth protocol
+my $o_privproto=	'des';	# Priv protocol
+my $o_privpass= 	undef;	# priv password
+
+## Additional global variables
+my %prev_perf=	();     # array that is populated with previous performance data
+my $check_type = 0;
+
+sub p_version { print "check_uptime version : $Version\n"; }
+
+sub print_usage {
+    print "Usage: $0 [-v [debugfilename]] [-T local|unix-host|unix-sys|win|net] [-H <host> (-C <snmp_community>) [-2] | (-l login -x passwd [-X pass -L <authp>,<privp>) [-p <port>]] [-w <warn minutes> -s <crit minutes>] [-f] [-P <previous perf data from nagios \$SERVICEPERFDATA\$>] [-t <timeout>] | [-V] [--label <string>]\n";
+}
+
+sub isnnum { # Return true if arg is not a number
+  my $num = shift;
+  if ( $num =~ /^(\d+\.?\d*)|(^\.\d+)$/ ) { return 0 ;}
+  return 1;
+}
+
+sub div_mod { return int( $_[0]/$_[1]) , ($_[0] % $_[1]); }
+
+sub help {
+   print "\nUptime Plugin for Nagios (check_uptime) v. ",$Version,"\n";
+   print "GPL licence, (c) 2008-2012 William Leibzon\n\n";
+   print_usage();
+   print <<EOT;
+
+Debug & Console Options:
+ -v, --verbose[=FILENAME], --debug[=FILENAME]
+   print extra debugging information.
+   if filename is specified instead of STDOUT the debug data is written to that file
+ -h, --help
+   print this help message
+ -V, --version
+   prints version number
+
+Standard Options:
+ -T, --type=auto|local|unix-host|unis-sys|windows|netswitch
+   Type of system:
+     local           : localhost (executes 'uptime' command), default if no -C or -l
+     unix-host       : SNMP check from hostUptime ($oid_hostUptime) OID
+     unix-sys        : SNMP check from sysUptime ($oid_sysUptime) OID
+     win | windows   : SNMP check from sysUptime ($oid_sysUptime) OID
+     net | netswitch : SNMP check from snmpEngineTime ($oid_engineTime) OID
+     auto            : Autodetect what system by checking sysSystem OID first, default
+ -w, --warning[=minutes]
+   Report nagios WARNING alert if system has been up for less then specified
+   number of minutes. If no minutes are specified but previous preformance
+   data is fed back with -P option then alert is sent ONLY ONCE when
+   uptime changes from greater value to smaller
+ -c, --critical[=minutes]
+   Report nagios CRITICAL alert if system has been up for less then
+   specified number of minutes or ONE ALERT if -P option is used and
+   system's previous uptime is larger then current on
+ -f, --perfparse
+   Perfparse compatible output 
+ -P, --prev_perfdata
+   Previous performance data (normally put '-P \$SERVICEPERFDATA\$' in
+   nagios command definition). This is recommended if you dont specify
+   type of system with -T so that previously checked type of system info
+   is reused. This is also used to decide on warning/critical condition
+   if number of seconds is not specified with -w or -c.
+ --label=[string]
+   Optional custom label before results prefixed to results
+ -t, --timeout=INTEGER
+   timeout for SNMP in seconds (Default: 15)
+ 
+SNMP Access Options:
+ -H, --hostname=HOST
+   name or IP address of host to check (if not localhost)
+ -C, --community=COMMUNITY NAME
+   community name for the SNMP agent (used with v1 or v2c protocols)
+ -2, --v2c
+   use snmp v2c (can not be used with -l, -x)
+ -l, --login=LOGIN ; -x, --passwd=PASSWD
+   Login and auth password for snmpv3 authentication 
+   If no priv password exists, implies AuthNoPriv 
+ -X, --privpass=PASSWD
+   Priv password for snmpv3 (AuthPriv protocol)
+ -L, --protocols=<authproto>,<privproto>
+   <authproto> : Authentication protocol (md5|sha : default md5)
+   <privproto> : Priv protocols (des|aes : default des) 
+ -p, --port=PORT
+   SNMP port (Default 161)
+EOT
+}
+
+# For verbose output (updated 06/06/12 to write to debug file if specified)
+sub verb {
+    my $t=shift;
+    if (defined($o_verb)) {
+        if ($o_verb eq "") {
+                print $t,"\n";
+        }
+        else {
+            if (!open(DEBUGFILE, ">>$o_verb")) {
+                print $t, "\n";
+            }
+            else {
+                print DEBUGFILE $t,"\n";
+                close DEBUGFILE;
+            }
+        }
+    }
+}
+
+# load previous performance data 
+sub process_perf {
+ my %pdh;
+ my ($nm,$dt);
+ foreach (split(' ',$_[0])) {
+   if (/(.*)=(.*)/) {
+        ($nm,$dt)=($1,$2);
+        verb("prev_perf: $nm = $dt");
+	# in some of my plugins time_ is to profile how long execution takes for some part of plugin
+        # $pdh{$nm}=$dt if $nm !~ /^time_/;
+	$pdh{$nm}=$dt;
+   }
+ }
+ return %pdh;
+}
+
+sub type_from_name {
+  my $type=shift;
+  for(my $i=1; $i<scalar(@oid_uptime_types); $i++) {
+      if ($oid_uptime_types[$i][0] eq $type) {
+          return $i;
+      }
+   }
+   return -1;
+}
+
+
+sub check_options {
+    Getopt::Long::Configure ("bundling");
+	GetOptions(
+   	'v:s'	=> \$o_verb,		'verbose:s'	=> \$o_verb,  "debug:s" => \$o_verb,
+        'h'     => \$o_help,    	'help'        	=> \$o_help,
+        'H:s'   => \$o_host,		'hostname:s'	=> \$o_host,
+        'p:i'   => \$o_port,   		'port:i'	=> \$o_port,
+        'C:s'   => \$o_community,	'community:s'	=> \$o_community,
+	 '2'	=> \$o_version2,	'v2c'		=> \$o_version2,
+	'l:s'	=> \$o_login,		'login:s'	=> \$o_login,
+	'x:s'	=> \$o_passwd,		'passwd:s'	=> \$o_passwd,
+	'X:s'	=> \$o_privpass,	'privpass:s'	=> \$o_privpass,
+	'L:s'	=> \$v3protocols,	'protocols:s'	=> \$v3protocols,
+        't:i'   => \$o_timeout,    	'timeout:i'	=> \$o_timeout,
+	'V'	=> \$o_version,		'version'	=> \$o_version,
+        'f'     => \$o_perf,            'perfparse'     => \$o_perf,
+        'w:i'   => \$o_warn,       	'warning:i'   	=> \$o_warn,
+        'c:i'   => \$o_crit,      	'critical:i'   	=> \$o_crit,
+	'label:s'   => \$o_label,
+	'P:s'	=> \$o_prevperf,	'prev_perfdata:s' => \$o_prevperf,
+	'T:s'   => \$o_type,            'type:s'        => \$o_type,
+    );
+    if (defined ($o_help) ) { help(); exit $ERRORS{"UNKNOWN"}};
+    if (defined($o_version)) { p_version(); exit $ERRORS{"UNKNOWN"}};
+
+    $o_type = "win" if defined($o_type) && $o_type eq 'windows';
+    $o_type = "net" if defined($o_type) && $o_type eq 'netswitch';
+    if (defined($o_type) && $o_type ne 'auto' && type_from_name($o_type)==-1) {
+	print "Invalid system type specified\n"; print_usage(); exit $ERRORS{"UNNKNOWN"};
+    }
+
+    if (!defined($o_community) && (!defined($o_login) || !defined($o_passwd)) ) { 
+	 $o_type='local' if !defined($o_type) || $o_type eq 'auto';
+	 if ($o_type ne 'local') {
+            print "Put snmp login info!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}
+         }
+	 if (defined($o_host)) {
+	    print "Why are you specifying hostname without SNMP parameters?\n"; print_usage(); exit $ERRORS{"UNKNOWN"};
+	 }
+    }
+    else {
+         $o_type='auto' if !defined($o_type);
+         if ($o_type eq 'local' ) {
+	     print "Why are you specifying SNMP login for local system???\n"; print_usage(); exit $ERRORS{"UNKNOWN"}
+         }
+         if (!defined($o_host)) {
+             print "Hostname required for SNMP check.\n"; print_usage(); exit $ERRORS{"UNKNOWN"};
+         }
+	 if ($no_snmp) {
+	     print "Can't locate Net/SNMP.pm\n"; print_usage(); exit $ERRORS{"UNKNOWN"};
+	 }
+    }
+
+    # check snmp information
+    if ((defined($o_login) || defined($o_passwd)) && (defined($o_community) || defined($o_version2)) )
+	{ print "Can't mix snmp v1,2c,3 protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
+    if (defined ($v3protocols)) {
+	if (!defined($o_login)) { print "Put snmp V3 login info with protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
+	my @v3proto=split(/,/,$v3protocols);
+	if ((defined ($v3proto[0])) && ($v3proto[0] ne "")) {$o_authproto=$v3proto[0];  }	# Auth protocol
+	if (defined ($v3proto[1])) {$o_privproto=$v3proto[1];	}	# Priv  protocol
+	if ((defined ($v3proto[1])) && (!defined($o_privpass)))
+	  { print "Put snmp V3 priv login info with priv protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
+    }
+
+    if (defined($o_timeout) && (isnnum($o_timeout) || ($o_timeout < 2) || ($o_timeout > 60))) 
+	{ print "Timeout must be >1 and <60 !\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
+    if (!defined($o_timeout)) {$o_timeout=$TIMEOUT+5;}
+
+    if (defined($o_prevperf)) {
+        if (defined($o_perf)) {
+               %prev_perf=process_perf($o_prevperf);
+	       $check_type = $prev_perf{type} if $o_type eq 'auto' && exists($prev_perf{tye}) && exists($oid_uptime_types[$prev_perf{type}][0]);
+	}
+        else {
+               print "need -f option first \n"; print_usage(); exit $ERRORS{"UNKNOWN"};
+        }
+    }
+
+    if ($o_type eq 'auto') {
+        $check_type=0;
+    }
+    else {
+        $check_type = type_from_name($o_type);
+    }
+}
+
+sub create_snmp_session {
+  my ($session,$error);
+
+  if ( defined($o_login) && defined($o_passwd)) {
+    # SNMPv3 login
+    if (!defined ($o_privpass)) {
+     verb("SNMPv3 AuthNoPriv login : $o_login, $o_authproto");
+     ($session, $error) = Net::SNMP->session(
+      -hostname   	=> $o_host,
+      -version		=> '3',
+      -port      	=> $o_port,
+      -username		=> $o_login,
+      -authpassword	=> $o_passwd,
+      -authprotocol	=> $o_authproto,
+      -timeout          => $o_timeout
+     );  
+    } else {
+     verb("SNMPv3 AuthPriv login : $o_login, $o_authproto, $o_privproto");
+     ($session, $error) = Net::SNMP->session(
+      -hostname   	=> $o_host,
+      -version		=> '3',
+      -username		=> $o_login,
+      -port      	=> $o_port,
+      -authpassword	=> $o_passwd,
+      -authprotocol	=> $o_authproto,
+      -privpassword	=> $o_privpass,
+      -privprotocol     => $o_privproto,
+      -timeout          => $o_timeout
+     );
+    }
+  } else {
+    if (defined ($o_version2)) {
+    # SNMPv2c Login
+      verb("SNMP v2c login");
+      ($session, $error) = Net::SNMP->session(
+       -hostname  => $o_host,
+       -version   => 2,
+       -community => $o_community,
+       -port      => $o_port,
+       -timeout   => $o_timeout
+      );
+    } else {
+    # SNMPV1 login
+      verb("SNMP v1 login");
+      ($session, $error) = Net::SNMP->session(
+       -hostname  => $o_host,
+       -community => $o_community,
+       -port      => $o_port,
+       -timeout   => $o_timeout
+      );
+    }
+  }
+  if (!defined($session)) {
+     printf("ERROR opening session: %s.\n", $error);
+     exit $ERRORS{"UNKNOWN"};
+  }
+
+  return $session;
+}
+
+$SIG{'ALRM'} = sub {
+ print "Alarm timeout\n";
+ exit $ERRORS{"UNKNOWN"};
+};
+
+########## MAIN #######
+my $system_info="";
+my $uptime_info=undef;
+my $uptime_minutes=undef;
+my $perf_out="";
+my $status=0;
+my $uptime_output;
+my ($days, $hrs, $mins);
+
+check_options();
+
+# Check gobal timeout if snmp screws up
+if (defined($o_timeout)) {
+  verb("Alarm at $o_timeout + 5");
+  alarm($o_timeout+5);
+}
+
+if ($check_type==1) {  # local
+  # Process unix uptime command output
+  $uptime_output=`uptime`;
+  verb("Local Uptime Result is: $uptime_output");
+  if ($uptime_output =~ /(\d+)\s+days?,\s+(\d+)\:(\d+)/) {
+     ($days, $hrs, $mins) = ($1, $2, $3);
+  }
+  elsif ($uptime_output =~ /up\s+(\d+)\shours?\s+(\d+)/) {
+     ($days, $hrs, $mins) = (0, $1, $2);
+  }
+  elsif ($uptime_output =~ /up\s+(\d+)\:(\d+)/) {
+     ($days, $hrs, $mins) = (0, $1, $2);
+  }
+  elsif ($uptime_output =~ /up\s+(\d+)\s+min/) {
+     ($days, $hrs, $mins) = (0,0,$1);
+  }
+  elsif ($uptime_output =~ /up\s+(d+)s+days?,s+(d+)s+min/) {
+     ($days, $hrs, $mins) = ($1,0,$2);
+  }
+  else {
+     $uptime_info = "up ".$uptime_output;
+  }
+  if (defined($days) && defined($hrs) && defined($mins)) {
+     $uptime_minutes = $days*24*60+$hrs*60+$mins;
+  }
+  my @temp=split(' ',`uname -a`);
+  if (scalar(@temp)<3) {
+        $system_info=`uname -a`;
+  }
+  else {
+        $system_info=join(' ',$temp[0],$temp[1],$temp[2]);
+  }
+}
+else {
+  # SNMP connection
+  my $session=create_snmp_session();
+  my $result=undef;
+  my $oid="";
+  my $guessed_check_type=0;
+
+  if ($check_type==0){
+      $result = $session->get_request(-varbindlist=>[$oid_sysSystem]);
+      if (!defined($result)) {
+            printf("ERROR: Can not retrieve $oid_sysSystem table: %s.\n", $session->error);
+            $session->close;
+            exit $ERRORS{"UNKNOWN"};
+      }
+      verb("$o_host SysInfo Result from OID $oid_sysSystem: $result->{$oid_sysSystem}");
+      if ($result->{$oid_sysSystem} =~ /Windows/) {
+	  $guessed_check_type=2;
+	  verb('Guessing Type: 2 = windows');
+      }
+      if ($result->{$oid_sysSystem} =~ /Cisco/) {
+	  $guessed_check_type=5;
+	  verb('Guessing Type: 5 = netswitch');
+      }
+      if ($guessed_check_type==0) {
+	  $guessed_check_type=3; # will try hostUptime first
+      }
+      $oid=$oid_uptime_types[$guessed_check_type][2];
+  }
+  else {
+      $oid=$oid_uptime_types[$check_type][2];
+  }
+
+  do {
+      $result = $session->get_request(-varbindlist=>[$oid,$oid_sysSystem]);
+      if (!defined($result)) {
+          if ($check_type!=0) {
+              printf("ERROR: Can not retrieve uptime OID table $oid: %s.\n", $session->error);
+              $session->close;
+              exit $ERRORS{"UNKNOWN"};
+          }
+          else {
+              if ($session->error =~ /noSuchName/) {
+		  if ($guessed_check_type==4) {
+                      verb("Received noSuchName error for sysUpTime OID $oid. Giving up.");
+                      $guessed_check_type=0;
+		  } 
+	          if ($guessed_check_type==3) {
+            	      verb("Received noSuchName error for hostUpTime OID $oid, will now try sysUpTime");
+		      $guessed_check_type=4;
+	          }
+	          else {
+		      verb("Received noSuchName error for OID $oid, will now try hostUpTime");
+		      $guessed_check_type=3;
+		  }
+		  if ($guessed_check_type!=0) {
+		      $oid=$oid_uptime_types[$guessed_check_type][2];
+		  }
+	      }
+	      else {
+		  printf("ERROR: Can not retrieve uptime OID table $oid: %s.\n", $session->error);
+         	  $session->close;
+         	  exit $ERRORS{"UNKNOWN"};
+	      }
+	  }
+      }
+      else {
+          if ($check_type==0) {
+	      $check_type=$guessed_check_type;
+	  }
+      }
+  }
+  while (!defined($result) && $guessed_check_type!=0);
+
+  $session->close;
+  if ($check_type==0 && $guessed_check_type==0) {
+        printf("ERROR: Can not autodetermine proper uptime OID table. Giving up.\n");
+        exit $ERRORS{"UNKNOWN"};
+  }
+
+  my ($days, $hrs, $mins);
+  $uptime_output=$result->{$oid};
+  verb("$o_host Uptime Result from OID $oid: $uptime_output");
+
+  if ($uptime_output =~ /(\d+)\s+days?,\s+(\d+)\:(\d+)/) {
+    ($days, $hrs, $mins) = ($1, $2, $3);
+  }
+  elsif ($uptime_output =~ /(\d+)\s+hours?,\s+(\d+)\:(\d+)/) {
+    ($days, $hrs, $mins) = (0, $1, $2);
+  }
+  elsif ($uptime_output =~ /(\d+)\s+min/) {
+    ($days, $hrs, $mins) = (0, 0, $1);
+  }
+  if (defined($days) && defined($hrs) && defined($mins)) {
+    $uptime_minutes = $days*24*60+$hrs*60+$mins;
+  }
+  elsif ($uptime_output =~ /^(\d+)$/) {
+    my $upnum = $1;
+    if ($oid eq $oid_sysUptime) {
+	$uptime_minutes = $upnum/100/60; 
+    }
+    elsif ($oid eq $oid_engineTime) {
+	$uptime_minutes = $upnum/60;
+    }
+  }
+  else {
+    $uptime_info = "up ".$uptime_output;
+  }
+  my @temp=split(' ',$result->{$oid_sysSystem});
+  if (scalar(@temp)<3) {
+	$system_info=$result->{$oid_sysSystem};
+  }
+  else {
+	$system_info=join(' ',$temp[0],$temp[1],$temp[2]);
+  }
+}
+
+if (defined($uptime_minutes) && !defined($uptime_info)) {
+  ($hrs,$mins) = div_mod($uptime_minutes,60);
+  ($days,$hrs) = div_mod($hrs,24);
+  $uptime_info = "up ";
+  $uptime_info .= "$days days " if $days>0;
+  $uptime_info .= "$hrs hours " if $hrs>0;
+  $uptime_info .= "$mins minutes";
+}
+
+verb("System Type: $check_type (".$oid_uptime_types[$check_type][0].")");
+verb("System Info: $system_info") if $system_info;
+verb("Uptime Text: $uptime_info") if defined($uptime_info);
+verb("Uptime Minutes: $uptime_minutes") if defined($uptime_minutes);
+
+if (!defined($uptime_info)) {
+  $uptime_info = "Can not determine uptime";
+  $status = 3;
+}
+
+if (defined($o_perf)) {
+  $perf_out = "type=$check_type";
+  $perf_out .= " uptime_minutes=$uptime_minutes" if defined($uptime_minutes);
+}
+
+if (defined($uptime_minutes)) {
+  if (defined($o_prevperf)) {
+   	$status = 1 if defined($o_warn) && exists($prev_perf{uptime_minutes}) && $prev_perf{uptime_minutes} > $uptime_minutes;
+   	$status = 2 if defined($o_crit) && exists($prev_perf{uptime_minutes}) && $prev_perf{uptime_minutes} > $uptime_minutes;
+  }
+  else {
+   	$status = 1 if defined($o_warn) && !isnnum($o_warn) && $o_warn >= $uptime_minutes;
+   	$status = 2 if defined($o_crit) && !isnnum($o_crit) && $o_crit >= $uptime_minutes;
+  }
+}
+alarm(0);
+
+my $exit_status="UNKNOWN";
+$exit_status="OK" if $status==0;
+$exit_status="WARNING" if $status==1;
+$exit_status="CRITICAL" if $status==2;
+$exit_status="UNKNOWN" if $status==3;
+$exit_status="$o_label $exit_status" if defined($o_label);
+print "$exit_status: $system_info";
+print " - $uptime_info";
+print " | ",$perf_out if $perf_out;
+print "\n";
+exit $status;
-- 
cgit v1.1


From a8a6b9476a886a707d5f9193cec503effc414969 Mon Sep 17 00:00:00 2001
From: Johan Lundberg <lundberg@nordu.net>
Date: Tue, 14 Apr 2015 13:59:51 +0200
Subject: Added fail2ban to sto-tug-kvm2.

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index f13360d..d447b07 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -697,7 +697,7 @@ node 'cdr1.sunet.se' {
 }
 
 node 'sto-tug-kvm2.swamid.se' {
-   #class { 'fail2ban': }
+   class { 'fail2ban': }
    package {'nagios-nrpe-server':
        ensure => 'installed',
    } ->
@@ -827,12 +827,12 @@ class fail2ban {
 
   package {'fail2ban': ensure => 'latest'}
   augeas { "fail2ban_defaults":
-  incl => "/etc/fail2ban/jail.conf",
-  lens => "Shellvars.lns",
-   changes => [
-     'set bantime "604800"',
-    ],
-   notify => Service['fail2ban'],
+      incl => "/etc/fail2ban/jail.conf",
+      lens => "Shellvars.lns",
+      changes => [
+          'set bantime "604800"',
+      ],
+      notify => Service['fail2ban'],
   }
 }
 
-- 
cgit v1.1


From c27fcd33e1ba94220264dc56dc7606aa680e750c Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 14:03:06 +0200
Subject: silly datadir

---
 global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
index 058dadd..22b26a7 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
@@ -7,8 +7,8 @@ define sunet::etcd_node(
    sunet::docker_run { "etcd_${name}":
       image            => 'quay.io/coreos/etcd',
       imagetag         => $etcd_version,
-      volumes          => ["/data/${name}/${::hostname}:/go/src/app/${::hostname}.etcd","/etc/ssl:/etc/ssl"],
-      command          => "--initial-advertise-peer-urls http://0.0.0.0:2380 --listen-peer-urls http://0.0.0.0:2380 --discovery ${disco_url} --name ${::hostname} --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt",
+      volumes          => ["/data/${name}/${::hostname}:/data","/etc/ssl:/etc/ssl"],
+      command          => "--initial-advertise-peer-urls http://0.0.0.0:2380 --listen-peer-urls http://0.0.0.0:2380 --discovery ${disco_url} --data-dir /data --name ${::hostname} --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt",
       ports            => ["${::ipaddress_eth1}:2380:2380"]
    }
 }
-- 
cgit v1.1


From 45bac461f9a66d1e6722d44ee27e9b11df06899f Mon Sep 17 00:00:00 2001
From: Johan Lundberg <lundberg@nordu.net>
Date: Tue, 14 Apr 2015 14:04:42 +0200
Subject: Added service fail2ban

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index d447b07..7e9b6c7 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -825,7 +825,12 @@ class fail2ban {
 
   include augeas
 
-  package {'fail2ban': ensure => 'latest'}
+  package {'fail2ban':
+      ensure => 'latest'
+  } ->
+  service {'fail2ban':
+     ensure => 'running'
+  } ->
   augeas { "fail2ban_defaults":
       incl => "/etc/fail2ban/jail.conf",
       lens => "Shellvars.lns",
-- 
cgit v1.1


From e2b98c236d17bd1d4a324d3707a22e8a6f2e0b1e Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 14:07:35 +0200
Subject: reboot cluster

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index d447b07..eb753f7 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -856,7 +856,7 @@ class webappserver {
 
 class webbackend {
    sunet::etcd_node {'etcd':
-      disco_url => 'https://discovery.etcd.io/8e0e5ad03f32ae85bf0783cb3169099a'
+      disco_url => 'https://discovery.etcd.io/820b592ab0cde8313d390e5715e4d451'
    }
    class { 'webcommon': }
 }
-- 
cgit v1.1


From 5d3f54ded9833a01fb11a700650085fb67161320 Mon Sep 17 00:00:00 2001
From: Johan Lundberg <lundberg@nordu.net>
Date: Tue, 14 Apr 2015 14:07:42 +0200
Subject: Fixed dependency cycle, maybe?

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 7e9b6c7..257fe45 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -830,7 +830,7 @@ class fail2ban {
   } ->
   service {'fail2ban':
      ensure => 'running'
-  } ->
+  }
   augeas { "fail2ban_defaults":
       incl => "/etc/fail2ban/jail.conf",
       lens => "Shellvars.lns",
-- 
cgit v1.1


From 9610479421abbef0a3db47d5be39287d64f2814d Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 14:15:02 +0200
Subject: silly datadir

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp             | 4 ++--
 global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 3fe5100..76df3d4 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -860,8 +860,8 @@ class webappserver {
 }
 
 class webbackend {
-   sunet::etcd_node {'etcd':
-      disco_url => 'https://discovery.etcd.io/820b592ab0cde8313d390e5715e4d451'
+   sunet::etcd_node {'sunetweb':
+      disco_url => 'https://discovery.etcd.io/53d3ba1275a50941eb30b3f11debb961'
    }
    class { 'webcommon': }
 }
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
index 22b26a7..a01d60b 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
@@ -7,8 +7,8 @@ define sunet::etcd_node(
    sunet::docker_run { "etcd_${name}":
       image            => 'quay.io/coreos/etcd',
       imagetag         => $etcd_version,
-      volumes          => ["/data/${name}/${::hostname}:/data","/etc/ssl:/etc/ssl"],
-      command          => "--initial-advertise-peer-urls http://0.0.0.0:2380 --listen-peer-urls http://0.0.0.0:2380 --discovery ${disco_url} --data-dir /data --name ${::hostname} --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt",
+      volumes          => ["/data/${name}:/var/lib/etcd","/etc/ssl:/etc/ssl"],
+      command          => "--initial-advertise-peer-urls http://0.0.0.0:2380 --listen-peer-urls http://0.0.0.0:2380 --discovery ${disco_url} --name ${::hostname} --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt",
       ports            => ["${::ipaddress_eth1}:2380:2380"]
    }
 }
-- 
cgit v1.1


From e381cc05493964438da47cb65662990e86b34e8d Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 14:44:44 +0200
Subject: flags flags

---
 global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
index a01d60b..d69b1c3 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
@@ -8,7 +8,7 @@ define sunet::etcd_node(
       image            => 'quay.io/coreos/etcd',
       imagetag         => $etcd_version,
       volumes          => ["/data/${name}:/var/lib/etcd","/etc/ssl:/etc/ssl"],
-      command          => "--initial-advertise-peer-urls http://0.0.0.0:2380 --listen-peer-urls http://0.0.0.0:2380 --discovery ${disco_url} --name ${::hostname} --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt",
-      ports            => ["${::ipaddress_eth1}:2380:2380"]
+      command          => "--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380 --advertise-client-urls http://${::ipaddress_eth1}:2379 --listen-peer-urls http://0.0.0.0:2380 --listen-client-urls http://0.0.0.0:2379 --discovery ${disco_url} --name ${::hostname} --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt",
+      ports            => ["${::ipaddress_eth1}:2380:2380","${::ipaddress_eth1}:2379:2379"]
    }
 }
-- 
cgit v1.1


From 320f3560027fc38b5a9eead1054a8358062c3b27 Mon Sep 17 00:00:00 2001
From: Johan Lundberg <lundberg@nordu.net>
Date: Tue, 14 Apr 2015 14:47:10 +0200
Subject: augeas lens removed

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 9c2edd5..6e7fb9c 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -832,10 +832,9 @@ class fail2ban {
      ensure => 'running'
   }
   augeas { "fail2ban_defaults":
-      incl => "/etc/fail2ban/jail.conf",
-      lens => "Shellvars.lns",
+      context => "/etc/fail2ban/jail.conf",
       changes => [
-          'set bantime "604800"',
+          'set bantime "600800"',
       ],
       notify => Service['fail2ban'],
   }
-- 
cgit v1.1


From c772ff2d8ee44415f0e2d1da7bf09b7a73c1cdf0 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 14:49:40 +0200
Subject: ufw for etcd

---
 global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
index d69b1c3..e9ae803 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
@@ -11,4 +11,12 @@ define sunet::etcd_node(
       command          => "--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380 --advertise-client-urls http://${::ipaddress_eth1}:2379 --listen-peer-urls http://0.0.0.0:2380 --listen-client-urls http://0.0.0.0:2379 --discovery ${disco_url} --name ${::hostname} --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt",
       ports            => ["${::ipaddress_eth1}:2380:2380","${::ipaddress_eth1}:2379:2379"]
    }
+   ufw::allow { "allow-etcd-peer":
+      ip   => "${::ipaddress_eth1}",
+      port => 2380
+   }
+   ufw::allow { "allow-etcd-client":
+      ip   => "${::ipaddress_eth1}",
+      port => 2379
+   }
 }
-- 
cgit v1.1


From 8f0f221f0047a3dbea5a17de428f9df66fdb0764 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 15:07:12 +0200
Subject: fail2ban on webcluster

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 6e7fb9c..3aa04c7 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -832,7 +832,8 @@ class fail2ban {
      ensure => 'running'
   }
   augeas { "fail2ban_defaults":
-      context => "/etc/fail2ban/jail.conf",
+      incl => "/etc/fail2ban/jail.conf",
+      lens => "Shellvars.lns",
       changes => [
           'set bantime "600800"',
       ],
@@ -856,11 +857,12 @@ class webfrontend {
 
 class webappserver {
    class { 'webcommon': }
+   class { 'fail2ban': }
 }
 
 class webbackend {
    sunet::etcd_node {'sunetweb':
-      disco_url => 'https://discovery.etcd.io/53d3ba1275a50941eb30b3f11debb961'
+      disco_url => 'https://discovery.etcd.io/18a9395c6190ecf075d419e2c13c199b'
    }
    class { 'webcommon': }
 }
-- 
cgit v1.1


From 087d1b170679346b605d6d4da7c3fced420a6298 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 15:19:46 +0200
Subject: context too

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 3aa04c7..06a43da 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -832,6 +832,7 @@ class fail2ban {
      ensure => 'running'
   }
   augeas { "fail2ban_defaults":
+      context => "/files/etc/fail2ban/jail.conf",
       incl => "/etc/fail2ban/jail.conf",
       lens => "Shellvars.lns",
       changes => [
-- 
cgit v1.1


From 718d1a4d36580cd402f0f108955f5ebf788d38d1 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 15:21:34 +0200
Subject: move fail2ban to separate manifest file

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 25 ++--------------------
 .../etc/puppet/modules/sunet/manifests/fail2ban.pp | 20 +++++++++++++++++
 2 files changed, 22 insertions(+), 23 deletions(-)
 create mode 100644 global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 06a43da..cf0e7c5 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -697,7 +697,7 @@ node 'cdr1.sunet.se' {
 }
 
 node 'sto-tug-kvm2.swamid.se' {
-   class { 'fail2ban': }
+   class { 'sunet::fail2ban': }
    package {'nagios-nrpe-server':
        ensure => 'installed',
    } ->
@@ -821,27 +821,6 @@ class entropyserver {
    }
 }
 
-class fail2ban {
-
-  include augeas
-
-  package {'fail2ban':
-      ensure => 'latest'
-  } ->
-  service {'fail2ban':
-     ensure => 'running'
-  }
-  augeas { "fail2ban_defaults":
-      context => "/files/etc/fail2ban/jail.conf",
-      incl => "/etc/fail2ban/jail.conf",
-      lens => "Shellvars.lns",
-      changes => [
-          'set bantime "600800"',
-      ],
-      notify => Service['fail2ban'],
-  }
-}
-
 class quantis {
    apt::ppa {'ppa:ndn/quantispci': }
    package {'quantispci-dkms': }
@@ -858,7 +837,7 @@ class webfrontend {
 
 class webappserver {
    class { 'webcommon': }
-   class { 'fail2ban': }
+   class { 'sunet::fail2ban': }
 }
 
 class webbackend {
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp b/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp
new file mode 100644
index 0000000..8dc6e31
--- /dev/null
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp
@@ -0,0 +1,20 @@
+class sunet::fail2ban {
+
+  include augeas
+
+  package {'fail2ban':
+      ensure => 'latest'
+  } ->
+  service {'fail2ban':
+     ensure => 'running'
+  }
+  augeas { "fail2ban_defaults":
+      context => "/files/etc/fail2ban/jail.conf",
+      incl => "/etc/fail2ban/jail.conf",
+      lens => "Shellvars.lns",
+      changes => [
+          'set bantime "600800"',
+      ],
+      notify => Service['fail2ban'],
+  }
+}
-- 
cgit v1.1


From 7221ada62e73578c4a56469d506635104cf7aadc Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 15:22:36 +0200
Subject: fail2ban on common

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index cf0e7c5..6621c68 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -827,6 +827,7 @@ class quantis {
 }
 
 class webcommon {
+   class { 'sunet::fail2ban': }
 }
 
 class webfrontend {
@@ -837,7 +838,6 @@ class webfrontend {
 
 class webappserver {
    class { 'webcommon': }
-   class { 'sunet::fail2ban': }
 }
 
 class webbackend {
-- 
cgit v1.1


From f1b1cd5c7991f13f11f1b93851ec01269975c863 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 15:25:45 +0200
Subject: fail2ban is an ini file

---
 global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp b/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp
index 8dc6e31..c63215e 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp
@@ -11,7 +11,7 @@ class sunet::fail2ban {
   augeas { "fail2ban_defaults":
       context => "/files/etc/fail2ban/jail.conf",
       incl => "/etc/fail2ban/jail.conf",
-      lens => "Shellvars.lns",
+      lens => "IniFile.lns",
       changes => [
           'set bantime "600800"',
       ],
-- 
cgit v1.1


From 48d88a05e6b4797de2f28d6edc382e4c5cf101fa Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 15:31:29 +0200
Subject: fail2ban is an ini file

---
 global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp b/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp
index c63215e..a9911da 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp
@@ -11,7 +11,7 @@ class sunet::fail2ban {
   augeas { "fail2ban_defaults":
       context => "/files/etc/fail2ban/jail.conf",
       incl => "/etc/fail2ban/jail.conf",
-      lens => "IniFile.lns",
+      lens => "Puppet.lns",
       changes => [
           'set bantime "600800"',
       ],
-- 
cgit v1.1


From 967476dd7570ad6c9400096bb46d21faf4306117 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 15:39:54 +0200
Subject: client version

---
 .../overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp b/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp
index a9911da..01a9662 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp
@@ -1,20 +1,14 @@
 class sunet::fail2ban {
 
-  include augeas
-
   package {'fail2ban':
       ensure => 'latest'
   } ->
   service {'fail2ban':
      ensure => 'running'
   }
-  augeas { "fail2ban_defaults":
-      context => "/files/etc/fail2ban/jail.conf",
-      incl => "/etc/fail2ban/jail.conf",
-      lens => "Puppet.lns",
-      changes => [
-          'set bantime "600800"',
-      ],
-      notify => Service['fail2ban'],
+  exec {"fail2ban_defaults": 
+     refreshonly => true,
+     subscribe   => Service['fail2ban'],
+     command     => "sleep 5; /usr/bin/fail2ban-client set ssh bantime 600800"
   }
 }
-- 
cgit v1.1


From 5b4a547ac671c0eb2a8b8c3c002352c5ac3be624 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 15:45:47 +0200
Subject: deploy fail2ban

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp          | 2 --
 global/overlay/etc/puppet/modules/sunet/manifests/server.pp | 4 ++++
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 6621c68..c313a0a 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -697,7 +697,6 @@ node 'cdr1.sunet.se' {
 }
 
 node 'sto-tug-kvm2.swamid.se' {
-   class { 'sunet::fail2ban': }
    package {'nagios-nrpe-server':
        ensure => 'installed',
    } ->
@@ -827,7 +826,6 @@ class quantis {
 }
 
 class webcommon {
-   class { 'sunet::fail2ban': }
 }
 
 class webfrontend {
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp b/global/overlay/etc/puppet/modules/sunet/manifests/server.pp
index 14df323..d89302f 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/server.pp
@@ -1,5 +1,8 @@
 define sunet::server() {
 
+  # fail2ban
+  class { 'sunet::fail2ban': }
+
   # Set up encrypted swap
   sunet::encrypted_swap { 'sunet_encrypted_swap': }
 
@@ -84,4 +87,5 @@ define line($file, $line, $ensure = 'present') {
       }
     }
   }
+
 }
-- 
cgit v1.1


From f94d6450abfa20d3e855216eb094abdfedae0b29 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 14 Apr 2015 15:48:05 +0200
Subject: nagios placeholder

---
 global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp
new file mode 100644
index 0000000..58a10bc
--- /dev/null
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp
@@ -0,0 +1,3 @@
+class sunet::nagios {
+
+}
-- 
cgit v1.1


From 924d3cb5a15eb60e729f477f18a597040d17e9b8 Mon Sep 17 00:00:00 2001
From: Johan Lundberg <lundberg@nordu.net>
Date: Wed, 15 Apr 2015 15:20:04 +0200
Subject: Added script ping-check and new pre_start statements for flog_app and
 flog_nginx

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp |  8 +++++---
 global/overlay/usr/local/bin/ping-check            | 19 +++++++++++++++++++
 2 files changed, 24 insertions(+), 3 deletions(-)
 create mode 100755 global/overlay/usr/local/bin/ping-check

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index c313a0a..88696a4 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -764,11 +764,13 @@ node 'sto-tug-kvm2.swamid.se' {
    sunet::docker_run {'flog_app':
       image    => 'docker.sunet.se/flog/flog_app',
       volumes  => ['/opt/flog/dotenv:/opt/flog/.env','/var/log/flog/:/opt/flog/logs/'],
+      pre_start => '/usr/local/bin/ping-check flog_db.docker && run-parts /usr/local/etc/docker.d',
    } ->
    sunet::docker_run {'flog_nginx':
-      image    => 'docker.sunet.se/flog/nginx',
-      ports    => ['80:80', '443:443'],
-      volumes  => ['/opt/flog/nginx/sites-enabled/:/etc/nginx/sites-enabled/','/opt/flog/nginx/certs/:/etc/nginx/certs', '/var/log/flog_nginx/:/var/log/nginx'],
+      image     => 'docker.sunet.se/flog/nginx',
+      ports     => ['80:80', '443:443'],
+      volumes   => ['/opt/flog/nginx/sites-enabled/:/etc/nginx/sites-enabled/','/opt/flog/nginx/certs/:/etc/nginx/certs', '/var/log/flog_nginx/:/var/log/nginx'],
+      pre_start => '/usr/local/bin/ping-check flog_app.docker && run-parts /usr/local/etc/docker.d',
    }
 }
 
diff --git a/global/overlay/usr/local/bin/ping-check b/global/overlay/usr/local/bin/ping-check
new file mode 100755
index 0000000..26c99ed
--- /dev/null
+++ b/global/overlay/usr/local/bin/ping-check
@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+#
+# Ping until reply or MAX_TRIES. One try == 1s.
+#
+
+MAX_TRIES=10
+LOGTAG="sunet_docker_ping_check"
+
+count=0
+until ping -c1 $1 &> /dev/null
+do
+    if [ $count -gt $MAX_TRIES ]
+    then
+        logger -t "$LOGTAG" "No response from $1 after $MAX_TRIES tries."
+        exit 1
+    fi
+    sleep 1
+    count=$[$count+1]
+done
-- 
cgit v1.1


From a441b737ad5b17203123f26034c846af3dca4100 Mon Sep 17 00:00:00 2001
From: Johan Lundberg <lundberg@nordu.net>
Date: Wed, 15 Apr 2015 16:15:33 +0200
Subject: Changed ping-check to be run with run-parts

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp   |  2 --
 .../overlay/usr/local/etc/docker.d/30flog            | 20 ++++++++++++++++++++
 2 files changed, 20 insertions(+), 2 deletions(-)
 create mode 100755 sto-tug-kvm2.swamid.se/overlay/usr/local/etc/docker.d/30flog

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 88696a4..4249f7f 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -764,13 +764,11 @@ node 'sto-tug-kvm2.swamid.se' {
    sunet::docker_run {'flog_app':
       image    => 'docker.sunet.se/flog/flog_app',
       volumes  => ['/opt/flog/dotenv:/opt/flog/.env','/var/log/flog/:/opt/flog/logs/'],
-      pre_start => '/usr/local/bin/ping-check flog_db.docker && run-parts /usr/local/etc/docker.d',
    } ->
    sunet::docker_run {'flog_nginx':
       image     => 'docker.sunet.se/flog/nginx',
       ports     => ['80:80', '443:443'],
       volumes   => ['/opt/flog/nginx/sites-enabled/:/etc/nginx/sites-enabled/','/opt/flog/nginx/certs/:/etc/nginx/certs', '/var/log/flog_nginx/:/var/log/nginx'],
-      pre_start => '/usr/local/bin/ping-check flog_app.docker && run-parts /usr/local/etc/docker.d',
    }
 }
 
diff --git a/sto-tug-kvm2.swamid.se/overlay/usr/local/etc/docker.d/30flog b/sto-tug-kvm2.swamid.se/overlay/usr/local/etc/docker.d/30flog
new file mode 100755
index 0000000..a90610d
--- /dev/null
+++ b/sto-tug-kvm2.swamid.se/overlay/usr/local/etc/docker.d/30flog
@@ -0,0 +1,20 @@
+#!/bin/bash
+#
+# Wait for dependent flog docker containers to be registered in local DNS.
+#
+
+PING_CHECK="/usr/local/bin/ping-check"
+
+logtag="flog_docker_pre-post[$ACTION]"
+logger -t "${logtag}" "$NAME ($IMAGE), CID: '$CID'"
+
+if [ "x$ACTION" = "xpre-start" ]; then
+    if [ "x$NAME" = "xflog_app" ]; then
+       ${PING_CHECK} flog_db.docker
+       exit $?
+    if [ "x$NAME" = "xflog_nginx" ]; then
+       ${PING_CHECK} flog_app.docker
+       exit $?
+    fi
+    exit 0
+fi
-- 
cgit v1.1


From a1f6be0730d25fd6f4ecff0d91bc75a8a250c0fe Mon Sep 17 00:00:00 2001
From: Johan Lundberg <lundberg@nordu.net>
Date: Wed, 15 Apr 2015 16:29:46 +0200
Subject: Bash skillz lacking...

---
 sto-tug-kvm2.swamid.se/overlay/usr/local/etc/docker.d/30flog | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sto-tug-kvm2.swamid.se/overlay/usr/local/etc/docker.d/30flog b/sto-tug-kvm2.swamid.se/overlay/usr/local/etc/docker.d/30flog
index a90610d..2b477a2 100755
--- a/sto-tug-kvm2.swamid.se/overlay/usr/local/etc/docker.d/30flog
+++ b/sto-tug-kvm2.swamid.se/overlay/usr/local/etc/docker.d/30flog
@@ -12,6 +12,7 @@ if [ "x$ACTION" = "xpre-start" ]; then
     if [ "x$NAME" = "xflog_app" ]; then
        ${PING_CHECK} flog_db.docker
        exit $?
+    fi
     if [ "x$NAME" = "xflog_nginx" ]; then
        ${PING_CHECK} flog_app.docker
        exit $?
-- 
cgit v1.1


From 9f64c5737b4c57944bb33d78409cded63d07351a Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Thu, 16 Apr 2015 22:17:39 +0200
Subject: proxy nodes

---
 .../puppet/modules/sunet/manifests/etcd_node.pp    | 42 ++++++++++++++++------
 1 file changed, 32 insertions(+), 10 deletions(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
index e9ae803..4eb9776 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
@@ -1,22 +1,44 @@
 define sunet::etcd_node(
    $disco_url    =   undef,
-   $etcd_version =   'v2.0.8'
-) 
+   $etcd_version =   'v2.0.8',
+   $proxy        =   true
+)
 {
+   include stdlib
+
    file { ["/data","/data/${name}","/data/${name}/${::hostname}"]: ensure => 'directory' }
+   $args = ["--discovery ${disco_url}",
+            "--name ${::hostname}",
+            "--key-file /etc/ssl/private/${::fqdn}_infra.key",
+            "--ca-file /etc/ssl/certs/infra.crt",
+            "--cert-file /etc/ssl/certs/${::fqdn}_infra.crt"]
+   if ($proxy) {
+      $args = concat($args,["--proxy on","--listen-client-urls http://${::ipaddress_docker0}:2379,http://127.0.0.1:4001,http://127.0.0.1:2379"])
+   } else {
+      $args = concat($args,
+            "--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380",
+            "--advertise-client-urls http://${::ipaddress_eth1}:2379",
+            "--listen-peer-urls http://0.0.0.0:2380",
+            "--listen-client-urls http://0.0.0.0:2379,http://${::ipaddress_docker0}:2379",
+            "--peer-key-file /etc/ssl/private/${::fqdn}_infra.key",
+            "--peer-ca-file /etc/ssl/certs/infra.crt",
+            "--peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt"])
+   }
    sunet::docker_run { "etcd_${name}":
       image            => 'quay.io/coreos/etcd',
       imagetag         => $etcd_version,
       volumes          => ["/data/${name}:/var/lib/etcd","/etc/ssl:/etc/ssl"],
-      command          => "--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380 --advertise-client-urls http://${::ipaddress_eth1}:2379 --listen-peer-urls http://0.0.0.0:2380 --listen-client-urls http://0.0.0.0:2379 --discovery ${disco_url} --name ${::hostname} --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt",
+      command          => join($args," "),
       ports            => ["${::ipaddress_eth1}:2380:2380","${::ipaddress_eth1}:2379:2379"]
    }
-   ufw::allow { "allow-etcd-peer":
-      ip   => "${::ipaddress_eth1}",
-      port => 2380
-   }
-   ufw::allow { "allow-etcd-client":
-      ip   => "${::ipaddress_eth1}",
-      port => 2379
+   if (not $proxy) {
+      ufw::allow { "allow-etcd-peer":
+         ip   => "${::ipaddress_eth1}",
+         port => 2380
+      }
+      ufw::allow { "allow-etcd-client":
+         ip   => "${::ipaddress_eth1}",
+         port => 2379
+      }
    }
 }
-- 
cgit v1.1


From 706d7df62b05111997616ee2b9979a89e6e9b0bf Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Thu, 16 Apr 2015 23:45:38 +0200
Subject: proxy

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 4249f7f..380dd6f 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -840,7 +840,8 @@ class webappserver {
 
 class webbackend {
    sunet::etcd_node {'sunetweb':
-      disco_url => 'https://discovery.etcd.io/18a9395c6190ecf075d419e2c13c199b'
+      disco_url => 'https://discovery.etcd.io/18a9395c6190ecf075d419e2c13c199b',
+      proxy => false
    }
    class { 'webcommon': }
 }
-- 
cgit v1.1


From f8586d18a3f069774235044e1145c09a121edb0c Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Thu, 16 Apr 2015 23:46:52 +0200
Subject: proxy

---
 global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
index 4eb9776..429950e 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
@@ -16,7 +16,7 @@ define sunet::etcd_node(
       $args = concat($args,["--proxy on","--listen-client-urls http://${::ipaddress_docker0}:2379,http://127.0.0.1:4001,http://127.0.0.1:2379"])
    } else {
       $args = concat($args,
-            "--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380",
+           ["--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380",
             "--advertise-client-urls http://${::ipaddress_eth1}:2379",
             "--listen-peer-urls http://0.0.0.0:2380",
             "--listen-client-urls http://0.0.0.0:2379,http://${::ipaddress_docker0}:2379",
-- 
cgit v1.1


From fcc7ab131530166ea997a238aac7bf6182f5f6de Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Thu, 16 Apr 2015 23:48:26 +0200
Subject: fix if

---
 global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
index 429950e..97927b4 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
@@ -12,7 +12,7 @@ define sunet::etcd_node(
             "--key-file /etc/ssl/private/${::fqdn}_infra.key",
             "--ca-file /etc/ssl/certs/infra.crt",
             "--cert-file /etc/ssl/certs/${::fqdn}_infra.crt"]
-   if ($proxy) {
+   if $proxy {
       $args = concat($args,["--proxy on","--listen-client-urls http://${::ipaddress_docker0}:2379,http://127.0.0.1:4001,http://127.0.0.1:2379"])
    } else {
       $args = concat($args,
@@ -31,7 +31,7 @@ define sunet::etcd_node(
       command          => join($args," "),
       ports            => ["${::ipaddress_eth1}:2380:2380","${::ipaddress_eth1}:2379:2379"]
    }
-   if (not $proxy) {
+   if !$proxy {
       ufw::allow { "allow-etcd-peer":
          ip   => "${::ipaddress_eth1}",
          port => 2380
-- 
cgit v1.1


From 9df927868a9c66f4ba568dc33ec925eed079baaa Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Thu, 16 Apr 2015 23:50:35 +0200
Subject: concat

---
 global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
index 97927b4..6b3898f 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
@@ -13,16 +13,15 @@ define sunet::etcd_node(
             "--ca-file /etc/ssl/certs/infra.crt",
             "--cert-file /etc/ssl/certs/${::fqdn}_infra.crt"]
    if $proxy {
-      $args = concat($args,["--proxy on","--listen-client-urls http://${::ipaddress_docker0}:2379,http://127.0.0.1:4001,http://127.0.0.1:2379"])
+      $args += ["--proxy on","--listen-client-urls http://${::ipaddress_docker0}:2379,http://127.0.0.1:4001,http://127.0.0.1:2379"]
    } else {
-      $args = concat($args,
-           ["--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380",
+      $args += ["--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380",
             "--advertise-client-urls http://${::ipaddress_eth1}:2379",
             "--listen-peer-urls http://0.0.0.0:2380",
             "--listen-client-urls http://0.0.0.0:2379,http://${::ipaddress_docker0}:2379",
             "--peer-key-file /etc/ssl/private/${::fqdn}_infra.key",
             "--peer-ca-file /etc/ssl/certs/infra.crt",
-            "--peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt"])
+            "--peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt"]
    }
    sunet::docker_run { "etcd_${name}":
       image            => 'quay.io/coreos/etcd',
-- 
cgit v1.1


From 465cfea95609aaf6ea4402c3ac41be3250a37ba7 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Thu, 16 Apr 2015 23:58:29 +0200
Subject: scoping hell part1

---
 global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
index 6b3898f..0a50db6 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
@@ -7,15 +7,15 @@ define sunet::etcd_node(
    include stdlib
 
    file { ["/data","/data/${name}","/data/${name}/${::hostname}"]: ensure => 'directory' }
-   $args = ["--discovery ${disco_url}",
+   $common_args = ["--discovery ${disco_url}",
             "--name ${::hostname}",
             "--key-file /etc/ssl/private/${::fqdn}_infra.key",
             "--ca-file /etc/ssl/certs/infra.crt",
             "--cert-file /etc/ssl/certs/${::fqdn}_infra.crt"]
    if $proxy {
-      $args += ["--proxy on","--listen-client-urls http://${::ipaddress_docker0}:2379,http://127.0.0.1:4001,http://127.0.0.1:2379"]
+      $args = $common_args + ["--proxy on","--listen-client-urls http://${::ipaddress_docker0}:2379,http://127.0.0.1:4001,http://127.0.0.1:2379"]
    } else {
-      $args += ["--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380",
+      $args = $common_args + ["--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380",
             "--advertise-client-urls http://${::ipaddress_eth1}:2379",
             "--listen-peer-urls http://0.0.0.0:2380",
             "--listen-client-urls http://0.0.0.0:2379,http://${::ipaddress_docker0}:2379",
-- 
cgit v1.1


From 18216c529fe3c4ba2e793c948cd901de3a76eed6 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Thu, 16 Apr 2015 23:59:51 +0200
Subject: scoping hell part2

---
 global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
index 0a50db6..96e88cf 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
@@ -13,15 +13,15 @@ define sunet::etcd_node(
             "--ca-file /etc/ssl/certs/infra.crt",
             "--cert-file /etc/ssl/certs/${::fqdn}_infra.crt"]
    if $proxy {
-      $args = $common_args + ["--proxy on","--listen-client-urls http://${::ipaddress_docker0}:2379,http://127.0.0.1:4001,http://127.0.0.1:2379"]
+      $args = concat($common_args,["--proxy on","--listen-client-urls http://${::ipaddress_docker0}:2379,http://127.0.0.1:4001,http://127.0.0.1:2379"])
    } else {
-      $args = $common_args + ["--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380",
+      $args = concat($common_args,["--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380",
             "--advertise-client-urls http://${::ipaddress_eth1}:2379",
             "--listen-peer-urls http://0.0.0.0:2380",
             "--listen-client-urls http://0.0.0.0:2379,http://${::ipaddress_docker0}:2379",
             "--peer-key-file /etc/ssl/private/${::fqdn}_infra.key",
             "--peer-ca-file /etc/ssl/certs/infra.crt",
-            "--peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt"]
+            "--peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt"])
    }
    sunet::docker_run { "etcd_${name}":
       image            => 'quay.io/coreos/etcd',
-- 
cgit v1.1


From cb8a3cc80f6f5d08762fb30108f398bfd25a0eb1 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Fri, 17 Apr 2015 00:10:06 +0200
Subject: ports ports

---
 global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
index 96e88cf..1644d8b 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
@@ -13,12 +13,12 @@ define sunet::etcd_node(
             "--ca-file /etc/ssl/certs/infra.crt",
             "--cert-file /etc/ssl/certs/${::fqdn}_infra.crt"]
    if $proxy {
-      $args = concat($common_args,["--proxy on","--listen-client-urls http://${::ipaddress_docker0}:2379,http://127.0.0.1:4001,http://127.0.0.1:2379"])
+      $args = concat($common_args,["--proxy on","--listen-client-urls http://0.0.0.0:4001,http://0.0.0.0:2379"])
    } else {
       $args = concat($common_args,["--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380",
             "--advertise-client-urls http://${::ipaddress_eth1}:2379",
             "--listen-peer-urls http://0.0.0.0:2380",
-            "--listen-client-urls http://0.0.0.0:2379,http://${::ipaddress_docker0}:2379",
+            "--listen-client-urls http://0.0.0.0:4001,http://0.0.0.0:2379",
             "--peer-key-file /etc/ssl/private/${::fqdn}_infra.key",
             "--peer-ca-file /etc/ssl/certs/infra.crt",
             "--peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt"])
@@ -28,7 +28,7 @@ define sunet::etcd_node(
       imagetag         => $etcd_version,
       volumes          => ["/data/${name}:/var/lib/etcd","/etc/ssl:/etc/ssl"],
       command          => join($args," "),
-      ports            => ["${::ipaddress_eth1}:2380:2380","${::ipaddress_eth1}:2379:2379"]
+      ports            => ["${::ipaddress_eth1}:2380:2380","${::ipaddress_eth1}:2379:2379","${::ipaddress_docker0}:4001:2379"]
    }
    if !$proxy {
       ufw::allow { "allow-etcd-peer":
-- 
cgit v1.1


From 966ecbc1512694ef4ae6c4a794e068a98f4c80e9 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Fri, 17 Apr 2015 00:16:15 +0200
Subject: bump disco

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 380dd6f..49ceed3 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -840,7 +840,7 @@ class webappserver {
 
 class webbackend {
    sunet::etcd_node {'sunetweb':
-      disco_url => 'https://discovery.etcd.io/18a9395c6190ecf075d419e2c13c199b',
+      disco_url => 'https://discovery.etcd.io/b2861eff1e6486a9c06542069ab721c2',
       proxy => false
    }
    class { 'webcommon': }
-- 
cgit v1.1


From de4cd333d5b773c4bcb7908bbe72863433963225 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Fri, 17 Apr 2015 00:43:20 +0200
Subject: datadir part n

---
 global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
index 1644d8b..7ebfd17 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
@@ -9,6 +9,7 @@ define sunet::etcd_node(
    file { ["/data","/data/${name}","/data/${name}/${::hostname}"]: ensure => 'directory' }
    $common_args = ["--discovery ${disco_url}",
             "--name ${::hostname}",
+            "--data-dir /data",
             "--key-file /etc/ssl/private/${::fqdn}_infra.key",
             "--ca-file /etc/ssl/certs/infra.crt",
             "--cert-file /etc/ssl/certs/${::fqdn}_infra.crt"]
@@ -26,7 +27,7 @@ define sunet::etcd_node(
    sunet::docker_run { "etcd_${name}":
       image            => 'quay.io/coreos/etcd',
       imagetag         => $etcd_version,
-      volumes          => ["/data/${name}:/var/lib/etcd","/etc/ssl:/etc/ssl"],
+      volumes          => ["/data/${name}:/data","/etc/ssl:/etc/ssl"],
       command          => join($args," "),
       ports            => ["${::ipaddress_eth1}:2380:2380","${::ipaddress_eth1}:2379:2379","${::ipaddress_docker0}:4001:2379"]
    }
-- 
cgit v1.1


From 35cf686bd4dde533c578221652cf5681a6a1f6e5 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Fri, 17 Apr 2015 00:44:45 +0200
Subject: bump disco

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 49ceed3..55f525f 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -840,7 +840,7 @@ class webappserver {
 
 class webbackend {
    sunet::etcd_node {'sunetweb':
-      disco_url => 'https://discovery.etcd.io/b2861eff1e6486a9c06542069ab721c2',
+      disco_url => 'https://discovery.etcd.io/877f25988ea1e8bb8c9a49f2ad5f5f6a',
       proxy => false
    }
    class { 'webcommon': }
-- 
cgit v1.1


From d1a5657ba9c0143e049a29b46aa55ec769d60a34 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Fri, 17 Apr 2015 00:49:36 +0200
Subject: proxy on appservers

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 55f525f..21aca81 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -835,6 +835,10 @@ class webfrontend {
 }
 
 class webappserver {
+   sunet::etcd_node {'sunetweb':
+      disco_url => 'https://discovery.etcd.io/877f25988ea1e8bb8c9a49f2ad5f5f6a',
+      proxy => true 
+   }
    class { 'webcommon': }
 }
 
-- 
cgit v1.1


From 2fd221bd8ab2f2d0b7353b1b2d90bac1816a086d Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Fri, 17 Apr 2015 00:50:42 +0200
Subject: proxy on appservers

---
 global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
index 7ebfd17..a80d355 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
@@ -6,7 +6,7 @@ define sunet::etcd_node(
 {
    include stdlib
 
-   file { ["/data","/data/${name}","/data/${name}/${::hostname}"]: ensure => 'directory' }
+   file { ["/data/${name}","/data/${name}/${::hostname}"]: ensure => 'directory' }
    $common_args = ["--discovery ${disco_url}",
             "--name ${::hostname}",
             "--data-dir /data",
-- 
cgit v1.1


From eb06e3007ad406e5b79907513f13bd6a2a075f1f Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Fri, 17 Apr 2015 00:55:24 +0200
Subject: certs

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp |  1 +
 .../puppet/modules/sunet/manifests/wordpress.pp    |  1 -
 .../etc/ssl/certs/web-a1.sunet.se_infra.crt        | 35 ++++++++++++++++++++++
 .../etc/ssl/certs/web-a2.sunet.se_infra.crt        | 35 ++++++++++++++++++++++
 4 files changed, 71 insertions(+), 1 deletion(-)
 create mode 100644 web-a1.sunet.se/overlay/etc/ssl/certs/web-a1.sunet.se_infra.crt
 create mode 100644 web-a2.sunet.se/overlay/etc/ssl/certs/web-a2.sunet.se_infra.crt

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 21aca81..2d60c60 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -826,6 +826,7 @@ class quantis {
 }
 
 class webcommon {
+   file {"/data": ensure => directory }
 }
 
 class webfrontend {
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp
index 8daef2e..196b7fe 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp
@@ -10,7 +10,6 @@ $myqsl_version     = "5.7")
       default => $db_host
    }
    $pwd = hiera("${name}_db_password",'NOT_SET_IN_HIERA')
-   file {"/data": ensure => directory } ->
    file {"/data/${name}": ensure => directory } ->
    file {"/data/${name}/html": ensure => directory } ->
    sunet::docker_run { "${name}_wordpress":
diff --git a/web-a1.sunet.se/overlay/etc/ssl/certs/web-a1.sunet.se_infra.crt b/web-a1.sunet.se/overlay/etc/ssl/certs/web-a1.sunet.se_infra.crt
new file mode 100644
index 0000000..4066236
--- /dev/null
+++ b/web-a1.sunet.se/overlay/etc/ssl/certs/web-a1.sunet.se_infra.crt
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGHTCCBAWgAwIBAgIJAL9FQ4sMNbylMA0GCSqGSIb3DQEBCwUAMD8xIDAeBgNV
+BAMTF1NVTkVUIEluZnJhc3RydWN0dXJlIENBMQ4wDAYDVQQKEwVTVU5FVDELMAkG
+A1UEBhMCU0UwHhcNMTUwNDE0MTA1MDAxWhcNMTUwNTE0MTA1MDAxWjA3MQswCQYD
+VQQGEwJTRTEOMAwGA1UEChMFU1VORVQxGDAWBgNVBAMTD3dlYi1hMS5zdW5ldC5z
+ZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANq6TNx7L0JsDNraJynR
+hOTa4JIomMihbed/TLI/d3UMIZaVhNx7QfVfX6M9zTOhX2/nlaLgmBqU2GrTta2y
+9sB/AedIXwoym1Mind0aLQZpdNBuzFmAFDdwVGLbDSwfxOFw+TUarDZZkI4MU7cf
+9Ur7BaoXfpkjh6h9VKCAsgYxtXrx/ab1no2sQfiF7guM+Pk9RAJKkUgiRpOzGbUx
+6E5Pm6aEP0Do4eZI0MU4w6g9fj5Y/T4+TzI5EqHOiyeCUD81/wclriVCGmF//Dmy
+zbOmMGhJVeLgLMbwXQ9ypLM5JayZrNhOD6PrIl+JQuONgaBPOuDRUnQhHfXKDBix
+xlPfX5TdhT6cwIKtgQ55mj6BbNzOauENSTfT5ySU4Y0xQheJZnWLkbuorSUbOIUr
+DJQOggSyQCx4CaUroNx9dP9zpklmHj8jMgY6xCYjyjDVpGlwv2c9q16D6Q/XydBR
+mH6G3bjPRVE0Vt4yhFh3fK8/PUkoZXr2MYL9G3PNjbCeLPA0dLY9/n0P+KVdPviu
+raLZFMdri1SBMC2cMPyGbMRK5X8DL36xW7HS5Ijnle4fEvwu8Suar0yG5XSWPDCM
+xATbqmUo1WvQ7Ji1H8Bo2dV5yEzwsl9K+iqbPKDALaXZtHrefVqmBE8FwYx0kH/B
+P2wUCfQcUdkzRtVGn2Z6tQtBAgMBAAGjggEiMIIBHjAdBgNVHQ4EFgQU9H+BhwwQ
+zEhGUruehLQzpwrBEYEwHwYDVR0jBBgwFoAU5yyeURqwHQEd5kK0Jxo1k3DAbdcw
+OwYIKwYBBQUHAQEELzAtMCsGCCsGAQUFBzAChh9odHRwOi8vY2Euc3VuZXQuc2Uv
+aW5mcmEvY2EuY3J0MDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jYS5zdW5ldC5z
+ZS9pbmZyYS9jcmwucGVtMCMGA1UdEgQcMBqGGGh0dHA6Ly9jYS5zdW5ldC5zZS9p
+bmZyYTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DATBgNVHSUEDDAKBggrBgEFBQcD
+ATAaBgNVHREEEzARgg93ZWItYTEuc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggIB
+AFJ+FnDa1pHKcQ6wYK2bfKQzxSHChTY6dnQs8S8N2O+Up8xapM8CZV9tBrSH22j4
+bRwXpkhDPVFLo+rqgoQdIcbC37XiEhOHjc8TVay+drvzpnG9Rr174lbFK5IfzSmW
+bwARXwphbx5wDBlEQa/gg/uFChRjdZ47OHu1LNXzCZXcyX3XDvgHoNvQI1ne2uZ4
+GuMKwe1LZaFgksSG+zjmi62QSyX/WeLQUIdesDbOwCGiPgU/y9D+efMta7+pWj+B
+M9YP0lvpGGSNXLoqF8b+CO51Bx39Ng/TKlbV+uFzC3xUmz3Px7hlnvQo3T5H1Y9d
+Mm2HlLbd7MEb8WSIvBQRG4A8NBzCbgYuzwBwvssSu+zqj6Ge7Ge++20rbleyeXbu
+yvcdQ9ybllwin0GjznrJr290ppadVSdEa5WPq0IHYuu+WMFwLnn9wZ2hQx9dQBuZ
+1Ug7OAacKxkdqkqvqgDAedaoFgG/l6XDxV5NYb9OEuwmhWL7lnxA/6KmyQjb2l5b
+bfvTkb7uN6F/Kq2Q3/B1GWeU9bORx3oaml0r9m5PSIBrrsrQyhe3V0c1ATxT87Ru
+Coa1OK1Ru2mEcBeSgmWDma7gPiUqH5ylgfhP/IhdT+WCh2MfE4To1m5cU83LrBXJ
+K6XsN1n0DOJcvfiB9yXjTvTu4GFbOLfL32Fh+BQYL0kj
+-----END CERTIFICATE-----
diff --git a/web-a2.sunet.se/overlay/etc/ssl/certs/web-a2.sunet.se_infra.crt b/web-a2.sunet.se/overlay/etc/ssl/certs/web-a2.sunet.se_infra.crt
new file mode 100644
index 0000000..90eebbd
--- /dev/null
+++ b/web-a2.sunet.se/overlay/etc/ssl/certs/web-a2.sunet.se_infra.crt
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGHTCCBAWgAwIBAgIJAOQrdeNVC7O8MA0GCSqGSIb3DQEBCwUAMD8xIDAeBgNV
+BAMTF1NVTkVUIEluZnJhc3RydWN0dXJlIENBMQ4wDAYDVQQKEwVTVU5FVDELMAkG
+A1UEBhMCU0UwHhcNMTUwNDE0MTA1MDAxWhcNMTUwNTE0MTA1MDAxWjA3MQswCQYD
+VQQGEwJTRTEOMAwGA1UEChMFU1VORVQxGDAWBgNVBAMTD3dlYi1hMi5zdW5ldC5z
+ZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMFs2m8F0TNR96hT9L8/
+Xj/pT9KfRQ1aoAaELAEiLZicdXGpgq6GeUP9o+1wgeRpVnkS4z8YR3RAMw7SKHef
+0ZpvxvWUXCq/QnFkbJPFzMDvhqxvkK34gmzneHRfudpcnqRrYnvEqhFbj8mUQZt0
+f0QXQfMOn7j04rbfNHnmrS6U7aGbGFlV+56mC//85gKFpx2j++iIBCYzQMmRMY+W
+yWHUOfvaEifbC9+6OXMj0O+x3o1mYxt+DGgdjhguYsBNnbhcTO3G46JM5Ralfwx2
+VDZNJhASIDExtA2ORtiQb0sBXyKnKAX+Y05/9ye2y7m7vpz+JhahGivi4SmCu3DE
+WjlfWW/jIlvM7p+5Y4lw0A19M1OPjGiBefpJxhsYTz+hbMTCiQsV92UNljTmiR3N
+ne5Vk2gbKiMwCabHmA77dj2qKwmkt4fTEreMIOJrZfwhXeiWDeaXHwz1ewePBhI6
+Hnux9QwDY2b1FeuhYUg8MOaG9A8mJeYzrU0oHenpojCKxxsJ/BCaOuHFBSvw0Psz
+TCkkH2Alh1xQ/8g3+nAh+yIdTLXn1XHt3A14+kupsWd2SZ2ckBRIprzT/4lX7wmf
+kh5RswIW3R4k9SkjcQLXbK/nQcUEOO3jgYlKlxnmpuzA8fmLTV1YqVsRGyz7init
+35HLvp6yNBoC6o3TV6uHABJDAgMBAAGjggEiMIIBHjAdBgNVHQ4EFgQUe75ZrIFC
+7oqc48jmtMDLtS+V1okwHwYDVR0jBBgwFoAU5yyeURqwHQEd5kK0Jxo1k3DAbdcw
+OwYIKwYBBQUHAQEELzAtMCsGCCsGAQUFBzAChh9odHRwOi8vY2Euc3VuZXQuc2Uv
+aW5mcmEvY2EuY3J0MDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jYS5zdW5ldC5z
+ZS9pbmZyYS9jcmwucGVtMCMGA1UdEgQcMBqGGGh0dHA6Ly9jYS5zdW5ldC5zZS9p
+bmZyYTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DATBgNVHSUEDDAKBggrBgEFBQcD
+ATAaBgNVHREEEzARgg93ZWItYTIuc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggIB
+AJtigUsmB1l/d7DbLLPEKhYZPIfEFci/9+gz+sBeedg4Nv/UYYVdMKwVBnAja5Yu
+gOFQQNw75XlkHyW3euG08//lKxr/JYWUZy8PV9Vfs6STuRq8EgmTn6adJQNVn7XW
+mZ14pOZPBBUyIbn7KCih0V8osvs//9r32YZKSfuNXBnRC9uhZtPpkqcaFYGSDVdA
+7+WKKAhD7ByYiivDPm4JVasssYrsO4LKe5imhP7pynwV231V0NlzszwcHbYciflU
+0Jlz+MHEPfv7BDxHGX3LtMUeOhW39Uunvc+YRBojbu5tK1Ps8qx+NBJNzaBxRoDQ
+pz44vxbwOHCju60Du/Ayp1PFXqfKQqp+kREiT6Mids+kGGiuehPTz3os2obOC12H
+Mjob9jbXWpo223GCwiGu70KZnLlsqBMVbYy92rjkEy9bJzFoQscwkIIqT6om8Jv5
+rYJKqMszQQPVeM/bBMDva9UIi1U1g3i3j/jSgDDtpzEi9U5VcivE94rksVbHMMQA
+y09Av0K5K7/sScIcU+kMrzVDHwoc/0VaBzjBrWqvx1U6Oy40JHyGGstKziiX3u6J
+dAZSYLh2fVLlmxLev9a2m2Ds2fNFVYxyVO2hDuavHeTt9pDHWxHlAPoy/unf/HBA
+0RQLkF65wFSohtKdcU9lcFjiccRHpeyO8D2fjKZU6uQf
+-----END CERTIFICATE-----
-- 
cgit v1.1


From 93b50f3e164495f0ad102108245bc41b1f972edf Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Fri, 17 Apr 2015 01:00:13 +0200
Subject: frontends...

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp |  4 +++
 .../etc/ssl/certs/web-f1.sunet.se_infra.crt        | 35 ++++++++++++++++++++++
 2 files changed, 39 insertions(+)
 create mode 100644 web-f1.sunet.se/overlay/etc/ssl/certs/web-f1.sunet.se_infra.crt

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 2d60c60..04bfde3 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -833,6 +833,10 @@ class webfrontend {
    class { 'webcommon': }
    docker::image {'docker.sunet.se/pound': }
    docker::image {'docker.sunet.se/varnish': }
+   sunet::etcd_node {'sunetweb':
+      disco_url => 'https://discovery.etcd.io/877f25988ea1e8bb8c9a49f2ad5f5f6a',
+      proxy => true
+   }
 }
 
 class webappserver {
diff --git a/web-f1.sunet.se/overlay/etc/ssl/certs/web-f1.sunet.se_infra.crt b/web-f1.sunet.se/overlay/etc/ssl/certs/web-f1.sunet.se_infra.crt
new file mode 100644
index 0000000..17b1b40
--- /dev/null
+++ b/web-f1.sunet.se/overlay/etc/ssl/certs/web-f1.sunet.se_infra.crt
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGHTCCBAWgAwIBAgIJAK32qhI0uUb6MA0GCSqGSIb3DQEBCwUAMD8xIDAeBgNV
+BAMTF1NVTkVUIEluZnJhc3RydWN0dXJlIENBMQ4wDAYDVQQKEwVTVU5FVDELMAkG
+A1UEBhMCU0UwHhcNMTUwNDE0MTA1MDAxWhcNMTUwNTE0MTA1MDAxWjA3MQswCQYD
+VQQGEwJTRTEOMAwGA1UEChMFU1VORVQxGDAWBgNVBAMTD3dlYi1mMS5zdW5ldC5z
+ZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALZZWj88jnCWENR6zJfb
+te7RjDCwRv9H6bb4hEUZ7Xgjvucehj3J9WNqQ8pXcxbQBleia/8R1wnY4GwJWIlB
+iYdn3U3eqMU80e8Fz7c7Lf48sVp3gGYPfItdKbLG5iUQnEkHsE3JPQB5mLX2k9NI
+PdBnbdiGGTaF/MlVG14tATWFNbry90Qe8ynbmpiCuxu+GpSEU4yk0B+gY039ymYt
+MB47uNanUwbDCUzJ8WkRrWNlLzErKV+f3drY1jXOcjbZHxcde4yLBMr99hM/On48
+/jyBr4AGcfzL6nq7Lvi+eL4J+djRe+KJICXBahn8GTJGOVdqvZFgJKYTBl1Xym1t
+J5K2/4BPxJCqcIi2ZnR567Wlz2Bu32YXBjWkt+capnbLkTDljUEmKsaMGUey+Owv
+ZvnsRCxzTpKYMgNfvOZRXF18EwPt2dDRMUhmg/snyjo120a8OFCgYjNSCD5jY+mh
+DtmgL7lRar+EPaX/cl7yWixrGQzY85+mXa6OG4lJpmvQgmdRLnoQpVWnV6bo6fag
+PZ9Rq/RWErIgOdaK2bx/HWNTMMhqFxCOJEFC6VlsMewkfgr6BgJuPNh+Bwkppc57
+xdg4SodNnJugwbAzzhkacTnf1UahEkMQz1JWdFtVlvmzQDx+PqkahByZqnA0adVS
+2lhzxHPpH8mfliAjTog0s1mvAgMBAAGjggEiMIIBHjAdBgNVHQ4EFgQU4GQ8FhVe
+KtZIsgxGWdqnefCjrucwHwYDVR0jBBgwFoAU5yyeURqwHQEd5kK0Jxo1k3DAbdcw
+OwYIKwYBBQUHAQEELzAtMCsGCCsGAQUFBzAChh9odHRwOi8vY2Euc3VuZXQuc2Uv
+aW5mcmEvY2EuY3J0MDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jYS5zdW5ldC5z
+ZS9pbmZyYS9jcmwucGVtMCMGA1UdEgQcMBqGGGh0dHA6Ly9jYS5zdW5ldC5zZS9p
+bmZyYTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DATBgNVHSUEDDAKBggrBgEFBQcD
+ATAaBgNVHREEEzARgg93ZWItZjEuc3VuZXQuc2UwDQYJKoZIhvcNAQELBQADggIB
+ADTn3RRVUivj/cAN07Ri1vHxO6qtIc9/odgQY4vZNAH1QkMO/ZJWknw5kMNsPnaG
+It/zspgSlVpBjIfFwqnrSFQrmneh5PWpP7m1QajJWLtwQtujtXvXcGa9fsuwizcr
+J2HiTFRH0RWPB+brh6r4Y2spxleccv3B9+Dg4hDdbS+f82gbJ959OAD+77kF4PUT
+GF7DpypsuQmmEkDZZF+NS/4hkR1blYUkxqC4otWCalNrPljOfL9PJPkdpkVcVyBG
+5G0CD/X8zkjsHSt6+UoJYT6U3lOc0jVVejhr7bvnv4k4YXJEDLOjPhuF4RljMP4e
+fprC9OXOaWFzE+XYeXIbgd7B/5QhwBaxal2urpXhNIg8eQGvXRdBt/cDqnLFVcN0
+DVbj5WSwPTsK0sIVnwtwQH6qEBuyLrd1rCZLqhex0dBVdNSL8h753TA+mSSQGXj7
+dxygTpGtxCKgWpuwki0ltRf9zHwyUzohLLl99hHos6NYstP63aVthWGZojgNgKJH
+DgNl7/B91q80F5ZHTA+8ajm3A0Z8lKbhGgA3YJrV8OiLKB9XBSQ3qmxJZwTbM76s
+FbkMRsmJXP2nsgP4dnOPm75OcdM+H0lEZyw6u/ndEj0GXtlTv4gtex9/O/m/yBIV
+pghnO57od+5ULt3dPEYEjJ0px0YeVA+E1/nO1dkty/sB
+-----END CERTIFICATE-----
-- 
cgit v1.1


From 731cf78d789dc03d8a61aa0b6f5a648476b713ad Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Fri, 17 Apr 2015 01:08:02 +0200
Subject: registrator

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 04bfde3..a967293 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -827,6 +827,12 @@ class quantis {
 
 class webcommon {
    file {"/data": ensure => directory }
+   sunet::docker_run{"web_registrator":
+       image => "gliderlabs/registrator",
+       imagetag => "latest",
+       volumes => ["/var/run/docker.sock:/tmp/docker.sock"],
+       command => "etcd://${::ipaddress_docker0}:4001/services"
+   }
 }
 
 class webfrontend {
-- 
cgit v1.1


From 8a6e3d41723b3d212a49c895c31bd4d48febfd33 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Fri, 17 Apr 2015 08:44:49 +0200
Subject: registrator hostname

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index a967293..3556031 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -828,10 +828,11 @@ class quantis {
 class webcommon {
    file {"/data": ensure => directory }
    sunet::docker_run{"web_registrator":
-       image => "gliderlabs/registrator",
+       image    => "gliderlabs/registrator",
        imagetag => "latest",
-       volumes => ["/var/run/docker.sock:/tmp/docker.sock"],
-       command => "etcd://${::ipaddress_docker0}:4001/services"
+       hostname => "${::fqdn}",
+       volumes  => ["/var/run/docker.sock:/tmp/docker.sock"],
+       command  => "etcd://${::ipaddress_docker0}:4001/services"
    }
 }
 
-- 
cgit v1.1


From ddc16e894133dc37dafb7a2aaa6ae023db9ffb13 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Fri, 17 Apr 2015 08:52:38 +0200
Subject: hostname

---
 global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp b/global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp
index 2552644..4b56a03 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp
@@ -7,7 +7,8 @@ define sunet::docker_run(
   $env                 = [],
   $net                 = 'bridge',
   $extra_parameters    = [],
-  $command             = ""
+  $command             = "",
+  $hostname            = undef,
 ) {
 
   # Make container use unbound resolver on dockerhost
@@ -27,6 +28,7 @@ define sunet::docker_run(
                            '/etc/passwd:/etc/passwd:ro',  # uid consistency
                            '/etc/group:/etc/group:ro',    # gid consistency
                            ]),
+    hostname           => $hostname,
     ports              => $ports,
     env                => $env,
     net                => $net,
-- 
cgit v1.1


From 158c56e0dcbb1f2321ffa6f1f59fc23dac9e903e Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Fri, 17 Apr 2015 09:23:13 +0200
Subject: etcd localhost

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 3556031..fa6944b 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -832,7 +832,7 @@ class webcommon {
        imagetag => "latest",
        hostname => "${::fqdn}",
        volumes  => ["/var/run/docker.sock:/tmp/docker.sock"],
-       command  => "etcd://${::ipaddress_docker0}:4001/services"
+       command  => "etcd:///services"
    }
 }
 
-- 
cgit v1.1


From dfc0a860c186c0280fb8cc9dffbd20d5dce15f9a Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Fri, 17 Apr 2015 09:24:34 +0200
Subject: etcd localhost

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index fa6944b..b302af3 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -832,7 +832,7 @@ class webcommon {
        imagetag => "latest",
        hostname => "${::fqdn}",
        volumes  => ["/var/run/docker.sock:/tmp/docker.sock"],
-       command  => "etcd:///services"
+       command  => "etcd://127.0.0.1:4001/services"
    }
 }
 
-- 
cgit v1.1


From 1c0ef6e503e0e91c0e99325787d8293d3dcdc341 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Fri, 17 Apr 2015 09:37:35 +0200
Subject: etcd localhost

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index b302af3..8ab4edf 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -832,7 +832,7 @@ class webcommon {
        imagetag => "latest",
        hostname => "${::fqdn}",
        volumes  => ["/var/run/docker.sock:/tmp/docker.sock"],
-       command  => "etcd://127.0.0.1:4001/services"
+       command  => "etcd://etcd_sunetweb.docker:4001/services"
    }
 }
 
-- 
cgit v1.1


From 5d17bfe57b2a51d22eb7ca33438731540bf57399 Mon Sep 17 00:00:00 2001
From: Johan Lundberg <lundberg@nordu.net>
Date: Fri, 17 Apr 2015 10:03:16 +0200
Subject: Updated expire date for lundberg-9303C5DB.pub

---
 .../overlay/etc/cosmos/keys/lundberg-9303C5DB.pub  | 112 +++++++++------------
 1 file changed, 47 insertions(+), 65 deletions(-)

diff --git a/global/overlay/etc/cosmos/keys/lundberg-9303C5DB.pub b/global/overlay/etc/cosmos/keys/lundberg-9303C5DB.pub
index 21bcc24..f08c5bb 100644
--- a/global/overlay/etc/cosmos/keys/lundberg-9303C5DB.pub
+++ b/global/overlay/etc/cosmos/keys/lundberg-9303C5DB.pub
@@ -7,69 +7,51 @@ mQENBFNOlK4BCADXgBIEADujBCe5Tv1aul3IUjQhXNGBjdvgK9xQKaTVrfJTRxr9
 07zFFXrUHzthndt83MZdB8nd/3WUbT6ubSEYO5rtjeWO30c9p16u+ErGADR0bBSz
 UfpREDHlUlJ/CcOi68DQINBOELdt+g76E+rHODeCB+ojpFwjIPyHbuhI4fF/UpWu
 40nU8pnS9w8kS/4cQl72NEhrH7mEsMK0Pma7ABEBAAG0KUpvaGFuIEx1bmRiZXJn
-IDxsdW5kYmVyZy5qb2hhbkBnbWFpbC5jb20+iQE/BBMBAgApBQJTTpU1AhsDBQkB
-4TOABwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQ0b7X3pMDxdsxugf/X6ZR
-qmrZq9sNyF4E3GrCE5dPGdwNKGuLr2H5GLKrBfULmqwXvacanH0qZAsteHEudv+o
-H3pqBmbt4uZoIph/VFpu7YsHSpwjtQXLeN/TJhCRSSQUiIH2gNkLdi2P2nlb6YkW
-euRPJWqL8GVQNvJgH+gaCUCsJ7mEfbcvRhjCIv5S+m9zYqDYJ5Elc6bOKnG1U39w
-FqANX/u1CBOY+fOiNYD0WcYDfvk7omWuWID0kEi4E18pPwzAZEmhOt0LZf1S1AbK
-7VFX9OMlNNEnqlmSsFc3DO8uJzelv+WpfqmKI3rbovncZNWLbiwR/eAYnNbaJujy
-V/QLGTPyB5zmg0bXjYkBHAQQAQoABgUCU2j6+gAKCRAnBzMNQDDMrdXmB/0ayjQi
-Zn4A60TpUkC3mJ6oW0bUUqWr47VuXHYwCRBCc53s27RNL2xsRcbqiQjOfSBQUvdu
-7NNT9qgvmCoPB745D3qutZ2idwJASmFrytTt8gWKiaIBUKg0/wVs8v1CW/S5EOoc
-hkujPmrofeL9K4YTOl3q27Jhdv0eKV2e2lEXeW/GBCuUje1NTcgqFDCHV9SzjBRy
-uiToEfzYyomHEmaJl4vyl+WOCFMbQav3YvjgUH6MwtXSUcerFqqnMr3MOU8ioaIV
-DipMHLSBmMG05cW4xSVo/zdgtjwyfDH5QWuwDPiRCWRmS7N1n+I9WxVhDTkIJZYw
-Ueb5qaWunWXiQWmCtCNKb2hhbiBMdW5kYmVyZyA8bHVuZGJlcmdAbm9yZHUubmV0
-PokBPgQTAQIAKAUCU06UrgIbAwUJAeEzgAYLCQgHAwIGFQgCCQoLBBYCAwECHgEC
-F4AACgkQ0b7X3pMDxds34Qf/XdI9emOcknRsJ7WpYBjjpE+Fd+gNiJfie6Fh1/CA
-gu4keD+Vwn/2IRPLo30dnShIlUxJhdFft60QvDvQSETSoizUqPOV3VomTOA2sXI1
-g+hRNoDvzR/4EgMwX4bxzb9d2CZXt1uPR5Gos1qpuh3VGBy55JhOcp1+fsw0cAax
-lmXeVQwIRoxN+b0ml3JKGLxKsYcZiCGSpzVidrvIRYabbMUOx6KtdXL4AftoXIng
-NMiQJU2NJgTXqsQsjEnhcBLw1l9dFByYfIWMh3GZjzd98JFmvCsInRUmWN/QeuBH
-w0vHrJb3EAqj7ErWss549E6hbDZFGpbgKQlkmKt0wmDy6okBHAQQAQoABgUCU2j6
-+gAKCRAnBzMNQDDMrcYPCACc8s8PQp+QVoNXN3vV6de4i/SJcMRhJEuPxyePdiDV
-sVe+lFduP878zA/qEmBeMT9l9zC1Vxnv1AAakV5j02bfjBZsLvWP+4uG0dp+J0H5
-0BuzDbl0M0Jdbt5pnfQsqc2H26Cz7aZ05lbxAeuFPhTHgBI8DVlRIRuPwW4zo7wp
-uZs8CZXAyKITOL/HA9ZmmaAPNthMsjXc8CK/kK8XvuDr5wGo55KrUGUE6bsiYkxj
-2UGUxmQSegaL8li6uEwDmJjp5y03MEeV33VxibbnAx8F1oK2uXr/DPaZot9gB46h
-Ivy52O2ydr31U+dlaFI+yFaaiFQBA9UnYAjinBQRcqowtCJKb2hhbiBMdW5kYmVy
-ZyA8bHVuZGJlcmdAc3VuZXQuc2U+iQE/BBMBAgApBQJTTpUdAhsDBQkB4TOABwsJ
-CAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQ0b7X3pMDxdthWwf+ISF1EgZuIMWL
-HfhNQrpWDJiTZ03ofehso/W+GkKcWoia/RpTxitmY4Hl8C3v5CfUvHYy2ThVfcvw
-FrhnZS6ln7WGGzkS2ir9NsA2xJzbXzKW+dxa+sXQ1SsgzUkI8K4oMWhzrnffn7cX
-Ze8qEv4ng72ZX5gDfA8T2mPNYyWPycGv2sroWU4T1hwiTvtaVdjGVqBF3jajitTg
-svsY0y9n1n9mTlxjYiFnBeiGn1I/eUNALAUzK/VIuAPsHeDrA8WPLjAAs7dQRD/X
-uCAMddvyHbtC0FNq/sJZHIQfVnyE4Gqo6IoMRxKYZo3eNS4wF3wp3VGJFBkxVccE
-W8k0EZi3VYkBHAQQAQoABgUCU2j6+gAKCRAnBzMNQDDMrSzrB/464DKt30CnEXMM
-8LX0FB5ywMVrTNPd4AtQ4t9LfXoTCaZICgb2VvBhyu+iT/t37jeFg1LzViHvyHcx
-G2fe2zmIDDsaakbq/7Ptn00sisscQrRYbqThFoTZZxT3LtxbJRT7gS6dOPXSpDAO
-2mYnUDylXwLieZ3TBwEOqMAJnqAOOg4rxuHF7oum+FgkcM0i/zyhuM2IXRmEVrvb
-j9qH3EOZmU9q5uymy86QK3tNirDxl4Kc7nnIEsUVH4qxfF0mjuDtGpTYLj0BMI70
-6UzIyYB2w42XNaUwOovOUsfB77UxNHOBnp4TlWc/U6S1SDAdbBOXdHjHKoiyVisA
-ZzqKjUiVuQENBFNOlK4BCADv5oNT5bxMoi2g847SzQEp306Kg5hsKmKdjXp3vFfB
-Fqp1Suj9BphBflyTo9Ci4F5ZyxiH3uVDglzR09ccOo+zgFaJvOU9waP7+PJayBtM
-U8lZ+dYtm5agST8aXzQ5gvJj5uASuHZGQwiBV2MIn70ejIPhL2rkUT3nSj8C+YH6
-8WJgIk5qlN1VbAsoGyAE0dGIRouRYV/JMN9rFB8kcPF4RWZRq9rqk9jAFLec4MNJ
-O4hs7QEijq4Klp2jW+3v9R52lPPeiz0xjBB+v9DHIxN6HG3RNTcGpklLzvzJb+wQ
-AecFCyRizKObMYQpGXJRpiiwYOipo3smiA8XfITY7u9dABEBAAGJASUEGAECAA8F
-AlNOlK4CGwwFCQHhM4AACgkQ0b7X3pMDxdthrwgApS7EHZNMRUd2/JpozhuJlv3k
-Iz5H5cYABSXAox9GZNGdNLgCzEVNsKyJtj55nqk1eN8rTwdyDyu+d/9QX6HrhVgM
-QdURSN87LHlcl4bRnaqu8E9Kh6L6OyWu9zIgY9KahJF83CvileV1ULqmy7qGSb9N
-ejf4leLEUjZvXObYx2rT5OjDObmD9o6HMjwQpNj6FiYz67fhJdx4i6BryAeWk6aO
-nMANPJj31+CkpDa96hkA9B8rYE1uk1W2+IlKeiX2yRmcWZa8HC84swswDFUFqYvQ
-CXEp26vnm/Rm9JyfIAu6SaIhKI3Nn0SCX0fBBXlANnXj8QUL5H56klp7OUlBpLkB
-DQRTTpU7AQgAwBzH5/T0loxhgJDGOq4dcn33WIJ5YaCAuROTVnXOV1JWPaDWFts4
-TKcoXqX6IdWGL+VdUDU7jt39M4Q/mXqj755wO+HwTOMr1lOELbcL9na7BTrFO50W
-xksEHcMPSA4nbcUbgI1uRyfZkzibmKyBQBB4INT7/LGSsxzVrmYs+CN+AjdjW2mT
-ruHmBuqXc7wepH2JeYi/3rH4QWX3oAPu8eKl7zCxxCm+8AkQQAQn1rumMtRNI1HU
-VgRXaqec7I7kJZPJop4fPdptgtbRXMrm+XQloC2LYkEaSI89epTJNXDPn4EvWDOx
-L+tmwaUcp1NsAn4NUKWDKcSKueKv1y5WLwARAQABiQElBBgBAgAPBQJTTpU7Ahsg
-BQkB4TOAAAoJENG+196TA8Xb7sUH/jJWNiUJPWcc0NZHaoCbXrRqHlJR3Zhk3dLr
-1WGQubfkKk4tXZtQzs3q3qCHY6wsz5xd52IQmYZ7zeKm8C4VuNjJcPwsGHF9//Bc
-6/oVqi5fXcjGG3aWPU99QfSlCDBxz9j5+aeAdyyarPfD0i1IDJ/vPncnYB8Tt0PW
-QswGvSnWfhYNM3anoraapv6vbwnrCaBHkPJwdMg6Ru/QIuddxl/aW94yZs8MbyA7
-wKoFpvjXHuxaihF955IPE/TQc37yLV4UZ50osDFRTE26f3HwRNSoxQkGvkvO4hFD
-8wGrZ1izT6q37uTZTDMpxCGLcRzVmYr5gGB16S3bSyWhn7rkzV4=
-=AiT9
+IDxsdW5kYmVyZy5qb2hhbkBnbWFpbC5jb20+iQE/BBMBAgApAhsDBwsJCAcDAgEG
+FQgCCQoLBBYCAwECHgECF4AFAlUv2gwFCQPCeNcACgkQ0b7X3pMDxdtCdwgAgiDc
+YCvC8xyj9I6zcP1i/ZrON5vrwhch+xolRuR2d3hc6ElsgCbkUFhNk+a+Okf7aA6R
+TdxFLEP+bG/eEYXRg7BawM1Hw8XZWPtDzutbmYwa31KgQL0Zr55U45kSQXjlG7vF
+6LkC9RT6tRUb/KXxtubT4nXLa0VnQYo5D8BmEOHsF+vxLJedmW2Mz7SIXRW4rACa
+TOxll8HGI3mu12sT8nq00mRb9fBkBLIsHHK76LYOHC6oR37+wpf0wERxQAM2cXEw
+hIK0xyHQFtbnzBzhFYF3jLWcPWJw34rJjz37DYlsSUtbnHbSVB7oaFBPKSp/GSR/
+RCxNiWIKTPfnhHvDELQjSm9oYW4gTHVuZGJlcmcgPGx1bmRiZXJnQG5vcmR1Lm5l
+dD6JAT4EEwECACgCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJVL9oVBQkD
+wnjXAAoJENG+196TA8XbFyQIAJg02gKy88JZsTv6AqUvyWgeuiU3GJbuthns55uy
+i+sWB/jFCzESd8Mwi/rJg0N/YaJakRD/S46c35FyEQ/iJiSpkwvq8WBmfjCtfA8u
+kh7tlbTLBrexYXiUfXFwpnutuoMaGRYuq7ir3NzQKX4VLdiWFMRkT4ugizs6RR2P
+lRCpXdajTmBha6XQxm3ZetO56TADEo7OBLH0K51XRJH1LeGEaXZv9KLTywJcW8Co
+vfPLSzxFM8JT5VHyV19++Up4gUJbLeAt2D4ya0EX/AkxvVDqn+fcsQse6gQ8OMGy
+9mB8T1mC+nrJ4aWgJLwaxMtQ//vaR56k1GvYFuXBmn+LHie0IkpvaGFuIEx1bmRi
+ZXJnIDxsdW5kYmVyZ0BzdW5ldC5zZT6JAT8EEwECACkCGwMHCwkIBwMCAQYVCAIJ
+CgsEFgIDAQIeAQIXgAUCVS/aHQUJA8J41wAKCRDRvtfekwPF2/DnB/9ULJLwiL1z
+FjA1hCxOZtf+PSoif/unBnyPERoNDO7dyrR4+H4qiPV6LQKoD8pPZz6tXeu+l5L3
+Sps890RD1zqwZwm9PHdT7Xu8YYndcnfUsXpgNDZHS4G0CsuhB+Vc0ir7O9XYsMBx
+T6TiH5G8bOxtFdSQgg1sii12TTtPzuo/C8GxZbXy7I48nc11IrnbiYxxAnCpBIuz
+g6XRuTaxRkEAfg6g90RV+o06XbUju9sW2BSXg51etCYA5MLmbjQYQporArPHL9rv
+y4aTPGCu4vJoLDK5hj2ZK9YzJ6zGFnCMYNFk16uxWc/45SXQrr8FQAgSReMuB0C4
+OzRACdx0UqLvuQENBFNOlK4BCADv5oNT5bxMoi2g847SzQEp306Kg5hsKmKdjXp3
+vFfBFqp1Suj9BphBflyTo9Ci4F5ZyxiH3uVDglzR09ccOo+zgFaJvOU9waP7+PJa
+yBtMU8lZ+dYtm5agST8aXzQ5gvJj5uASuHZGQwiBV2MIn70ejIPhL2rkUT3nSj8C
++YH68WJgIk5qlN1VbAsoGyAE0dGIRouRYV/JMN9rFB8kcPF4RWZRq9rqk9jAFLec
+4MNJO4hs7QEijq4Klp2jW+3v9R52lPPeiz0xjBB+v9DHIxN6HG3RNTcGpklLzvzJ
+b+wQAecFCyRizKObMYQpGXJRpiiwYOipo3smiA8XfITY7u9dABEBAAGJASUEGAEC
+AA8CGwwFAlUv2NIFCQPCd4oACgkQ0b7X3pMDxducewgAxiSllwGR7pGee2auKVDr
+/Gc3gaLNjyRRaQtRByE6tlxXcAYzpUMm/+xvHuLTjr7hMXZYW13ZjhlIoYJ9RYw6
+AzJcc2A8R2kwv5kVpqKeDL2r1ODUWo982QoRoujfosrgIzFmcDw0FOzKwyJ27V7r
+oV/UHJjxzlOPItQ14oeoEX4eXd0cwFzARvHoCQ/j45nyHQJU87ghVThdqcysB4qb
++kd+p8hf21uJ7pyRdI5UhE0r79c+nfXoOLOHJ1865uvgptQFjWeJvS3INPCTYLqK
+O6acXEC6cdBlsNCSzsI1vfVX843io0jGML9KKpKCCn+TknYqo8F8a4GzhaFMT70g
+xLkBDQRTTpU7AQgAwBzH5/T0loxhgJDGOq4dcn33WIJ5YaCAuROTVnXOV1JWPaDW
+Fts4TKcoXqX6IdWGL+VdUDU7jt39M4Q/mXqj755wO+HwTOMr1lOELbcL9na7BTrF
+O50WxksEHcMPSA4nbcUbgI1uRyfZkzibmKyBQBB4INT7/LGSsxzVrmYs+CN+Ajdj
+W2mTruHmBuqXc7wepH2JeYi/3rH4QWX3oAPu8eKl7zCxxCm+8AkQQAQn1rumMtRN
+I1HUVgRXaqec7I7kJZPJop4fPdptgtbRXMrm+XQloC2LYkEaSI89epTJNXDPn4Ev
+WDOxL+tmwaUcp1NsAn4NUKWDKcSKueKv1y5WLwARAQABiQElBBgBAgAPAhsgBQJV
+L9nrBQkDwngsAAoJENG+196TA8XbH3MH/2pUrGZmRJxUKHFcC9gKNa09VjVs/c+j
+2n8VDS9QOnj0iE44zSXTln9CbY7Dmt9zVNAjoZc51U/9gojhDR+KFVgu7sIqr2PM
+6bkcIZ2NO0RJ5ciHWb7cBbrPNmR7GMloXPx4r4b1VjNnssYTKCCBjYLez6NbuZ2R
+QHs0NZWa6gE/Hf77Ml4+ZieydXJx9TLh3KiPuKKjzNL++n/TydjoxhMouNpjJAKc
+Gs+iQeha1xVATpa8c6b6EaSyr95bqfbNTRemd6rIzxwjbkX6VP9c8FmV6E1AWrns
+lQIgDvNHOR2NpiXhO+X6xccA9nQwsrQFZSV5IdopI7cVjqZhCSIZ1CU=
+=PaZi
 -----END PGP PUBLIC KEY BLOCK-----
-- 
cgit v1.1


From f5e307d669f27759dbeaa54d8c49785a64f7e5c5 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Fri, 17 Apr 2015 11:12:45 +0200
Subject: service name

---
 global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp
index 196b7fe..d9eeae4 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp
@@ -17,7 +17,8 @@ $myqsl_version     = "5.7")
       imagetag    => $wordpress_version,
       volumes     => ["/data/${name}/html:/var/www/html"],
       ports       => ["8080:80"],
-      env         => [ "WORDPRESS_DB_HOST=${db_hostname}",
+      env         => [ "SERVICE_NAME=${name}",
+                       "WORDPRESS_DB_HOST=${db_hostname}",
                        "WORDPRESS_DB_USER=${name}",
                        "WORDPRESS_DB_NAME=${name}",
                        "WORDPRESS_DB_PASSWORD=${pwd}" ]
-- 
cgit v1.1


From c30a0dfc551f5082806b08a1225b0800c26f51be Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Fri, 17 Apr 2015 13:15:09 +0200
Subject: varnish autoconf

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 8ab4edf..eabf8d6 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -843,6 +843,13 @@ class webfrontend {
    sunet::etcd_node {'sunetweb':
       disco_url => 'https://discovery.etcd.io/877f25988ea1e8bb8c9a49f2ad5f5f6a',
       proxy => true
+   } ->
+   sunet::docker_run{"varnish":
+      depends  =>
+      image    => "docker.sunet.se/varnish-auto",
+      imagetag => "latest",
+      links    => ["etcd_sunetweb:etcd"],
+      ports    => ["80:80"],
    }
 }
 
-- 
cgit v1.1


From e791167cde0cf9d5bfc79f5f6a39b754b75a8871 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Fri, 17 Apr 2015 13:16:42 +0200
Subject: varnish autoconf

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 2 --
 1 file changed, 2 deletions(-)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index eabf8d6..52dee39 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -839,13 +839,11 @@ class webcommon {
 class webfrontend {
    class { 'webcommon': }
    docker::image {'docker.sunet.se/pound': }
-   docker::image {'docker.sunet.se/varnish': }
    sunet::etcd_node {'sunetweb':
       disco_url => 'https://discovery.etcd.io/877f25988ea1e8bb8c9a49f2ad5f5f6a',
       proxy => true
    } ->
    sunet::docker_run{"varnish":
-      depends  =>
       image    => "docker.sunet.se/varnish-auto",
       imagetag => "latest",
       links    => ["etcd_sunetweb:etcd"],
-- 
cgit v1.1


From 120010e02911902aab51db07f60fcfb554f96d62 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Fri, 17 Apr 2015 13:23:25 +0200
Subject: my version has ETCD_URL

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 52dee39..c5ba195 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -846,7 +846,7 @@ class webfrontend {
    sunet::docker_run{"varnish":
       image    => "docker.sunet.se/varnish-auto",
       imagetag => "latest",
-      links    => ["etcd_sunetweb:etcd"],
+      env      => ["ETCD_URL=http://etcd_sunetweb.docker:4001"],
       ports    => ["80:80"],
    }
 }
-- 
cgit v1.1


From fd1987317642b920286c3088540c8b00cae3bd88 Mon Sep 17 00:00:00 2001
From: Johan Lundberg <lundberg@nordu.net>
Date: Fri, 17 Apr 2015 14:25:38 +0200
Subject: Updated DNS for TUG eduid other

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 8ab4edf..02726d5 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -375,7 +375,7 @@ class sunet-dhcp-hosts {
    dhcp::host { 'mq-tug-3':             mac => "52:54:00:03:00:22", ip => "130.242.130.22"; }
    dhcp::host { 'worker-tug-3':         mac => "52:54:00:03:00:23", ip => "130.242.130.23"; }
    dhcp::host { 'signup-tug-3':         mac => "52:54:00:03:00:24", ip => "130.242.130.24"; }
-   dhcp::host { 'helpdesk-tug-3':       mac => "52:54:00:03:00:25", ip => "130.242.130.25"; }
+   dhcp::host { 'dashboard-tug-3':      mac => "52:54:00:03:00:25", ip => "130.242.130.25"; }
    dhcp::host { 'www-tug-3':            mac => "52:54:00:03:00:26", ip => "130.242.130.26"; }
    dhcp::host { 'monitor-tug-3':        mac => "52:54:00:03:00:27", ip => "130.242.130.27"; }
 
@@ -536,7 +536,6 @@ class sunet-dhcp-hosts {
    dhcp::host { 'registry.swamid':     mac => "52:54:00:52:53:0b", ip => "130.242.125.90" }
    dhcp::host { 'mdx1.swamid':         mac => "52:54:00:fe:bc:09", ip => "130.242.125.91" }
    dhcp::host { 'mdx2.swamid':         mac => "52:54:00:30:be:dd", ip => "130.242.125.92" }
-   
 }
 
 class sshaccess {
-- 
cgit v1.1


From 6e424635df6521d5a1b9c1aa8379fb4c0215c1ca Mon Sep 17 00:00:00 2001
From: Johan Lundberg <lundberg@nordu.net>
Date: Mon, 20 Apr 2015 14:17:06 +0200
Subject: Upped max tries to 60 and corrected off by one error :)

---
 global/overlay/usr/local/bin/ping-check | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/global/overlay/usr/local/bin/ping-check b/global/overlay/usr/local/bin/ping-check
index 26c99ed..57d533c 100755
--- a/global/overlay/usr/local/bin/ping-check
+++ b/global/overlay/usr/local/bin/ping-check
@@ -3,10 +3,10 @@
 # Ping until reply or MAX_TRIES. One try == 1s.
 #
 
-MAX_TRIES=10
+MAX_TRIES=60
 LOGTAG="sunet_docker_ping_check"
 
-count=0
+count=1
 until ping -c1 $1 &> /dev/null
 do
     if [ $count -gt $MAX_TRIES ]
@@ -17,3 +17,5 @@ do
     sleep 1
     count=$[$count+1]
 done
+logger -t "$LOGTAG" "IP lookup of $1 succeeded after $count tries."
+
-- 
cgit v1.1


From 5e239681e344d938ef86eeec35d5755d4f9b2aac Mon Sep 17 00:00:00 2001
From: Johan Lundberg <lundberg@nordu.net>
Date: Mon, 20 Apr 2015 15:25:43 +0200
Subject: Added stop on first error to postgres backup script

---
 sto-tug-kvm2.swamid.se/overlay/usr/local/bin/postgres_backup | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sto-tug-kvm2.swamid.se/overlay/usr/local/bin/postgres_backup b/sto-tug-kvm2.swamid.se/overlay/usr/local/bin/postgres_backup
index ebf052c..a2b4986 100755
--- a/sto-tug-kvm2.swamid.se/overlay/usr/local/bin/postgres_backup
+++ b/sto-tug-kvm2.swamid.se/overlay/usr/local/bin/postgres_backup
@@ -2,6 +2,7 @@
 #
 # Simplistic postgres backup
 #
+set -e
 
 BACKUPROOT="/var/docker/postgresql_data/backup"
 DBCONTAINER="flog_db"
-- 
cgit v1.1


From 4b9cf9c80c5850a7b6dd77759bb73e51e8cbdaa7 Mon Sep 17 00:00:00 2001
From: Johan Lundberg <lundberg@nordu.net>
Date: Wed, 22 Apr 2015 12:57:43 +0200
Subject: Added nagioshost class.

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp |  35 +
 .../sunet/templates/nagioshost/check_uptime.pl.erb | 721 +++++++++++++++++++++
 .../sunet/templates/nagioshost/nrpe.cfg.erb        | 261 ++++++++
 3 files changed, 1017 insertions(+)
 create mode 100755 global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb
 create mode 100644 global/overlay/etc/puppet/modules/sunet/templates/nagioshost/nrpe.cfg.erb

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index a9603a5..e471544 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -50,6 +50,41 @@ class mailclient ($domain) {
    cosmos::preseed::preseed_package {"postfix": ensure => present, domain => $domain}
 }
 
+class nagioshost {
+
+   $nagios_ip_v4 = hiera('nagios_ip_v4', '109.105.111.111'),
+   $nagios_ip_v6 = hiera('nagios_ip_v6', '2001:948:4:6::111'),
+   $allowed_hosts = "${nagios_ip_v4},${nagios_ip_v6}",
+
+   package {'nagios-nrpe-server':
+       ensure => 'installed',
+   } ->
+   file { "/etc/nagios/nrpe.cfg" :
+       ensure  => 'file',
+       mode    => '0640',
+       group   => 'nagios',
+       content => template('sunet/nagioshost/nrpe.cfg.erb'),
+   } ->
+   file { "/usr/lib/nagios/plugins/check_uptime.pl" :
+       ensure  => 'file',
+       mode    => '0640',
+       group   => 'nagios',
+       content => template('sunet/nagioshost/check_uptime.pl.erb'),
+   } ->
+   ufw::allow { "allow-nrpe-v4":
+       from  => "${nagios_ip_v4}",
+       ip    => 'any',
+       proto => 'tcp',
+       port  => 5666
+   } ->
+   ufw::allow { "allow-nrpe-v6":
+       from  => "${nagios_ip_v6}",
+       ip    => 'any',
+       proto => 'tcp',
+       port  => 5666
+   }
+}
+
 node 'sto-tug-kvm1.swamid.se' {
 
    package {'python-vm-builder':
diff --git a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb
new file mode 100755
index 0000000..dda05e4
--- /dev/null
+++ b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb
@@ -0,0 +1,721 @@
+#!/usr/bin/perl -w
+#
+# ============================== SUMMARY =====================================
+#
+# Program : check_uptime.pl
+# Version : 0.52
+# Date    : June 19, 2012
+# Authors : William Leibzon - william@leibzon.org
+# Licence : GPL - summary below, full text at http://www.fsf.org/licenses/gpl.txt
+#
+# =========================== PROGRAM LICENSE =================================
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+# ===================== INFORMATION ABOUT THIS PLUGIN =========================
+#
+#  This plugin returns uptime of the system returning data in text (readable)
+#  format as well as in minutes for performance graphing. The plugin can either
+#  run on local system unix system (that supports standard 'uptime' command
+#  or check remote system by SNMP. The plugin can report one CRITICAL or
+#  WARNING alert if system has been rebooted since last check.
+#
+# ======================  SETUP AND PLUGIN USE NOTES  =========================
+#
+#  The plugin can either retrieve information from local system (when you
+#  run it through check_nrpe for example) or by SNMP from remote system.
+#
+#  On local system it will execute standard unix 'uptime' and 'uname -a'.
+#
+#  On a remote system it'll retrieve data from sysSystem for system type
+#  and use that to decide if further data should be retrieved from 
+#    sysUptime (OID 1.3.6.1.2.1.1.3.0) for windows or 
+#    hostUptime (OID 1.3.6.1.2.1.25.1.1.0) for unix system or
+#    snmpEngineTime (OID 1.3.6.1.6.3.10.2.1.3) for cisco switches
+#
+#  For information on available options please execute it with --help i.e:
+#    check_uptime.pl --help
+#
+#  As I dont have time for extensive documentation below is all very brief:
+#
+#  1. You can also specify warning and critical thresholds which will
+#     give warning or critical alert if system has been up for lees then
+#     specified number of minutes. Example: 
+#        check_uptime.pl -w 5
+#     Will give warning alert if system has been up for less then 5 minutes
+#
+#  2. For performance data results you can use '-f' option which will give
+#     total number of minutes the system has been up.
+#
+#  3. A special case is use of performance to feed data from previous run
+#     back into the plugin. This is used to cache results about what type
+#     of system it is (you can also directly specify this with -T option)
+#     and also means -w and -c threshold values are ignored and instead
+#     plugin will issue ONE alert (warning or critical) if system uptime
+#     changes from highier value to lower
+#
+# ============================ EXAMPLES =======================================
+#
+# 1. Local server (use with NRPE or on nagios host), warning on < 5 minutes:
+#
+# define command {
+#        command_name check_uptime
+#        command_line $USER1$/check_uptime.pl -f -w 5
+# }
+# 
+# 2. Local server (use with NRPE or on nagios host), 
+#    one critical alert on reboot:
+#
+# define command {
+#        command_name check_uptime
+#        command_line $USER1$/check_uptime.pl -f -c -P "SERVICEPERFDATA$"
+# }
+#
+# 3. Remote server SNMP v2, one warning alert on reboot,
+#    autodetect and cache type of server:
+#
+# define command {
+#        command_name check_snmp_uptime_v2
+#        command_line $USER1$/check_uptime.pl -2 -f -w -H $HOSTADDRESS$ -C $_HOSTSNMP_COMMUNITY$ -P "$SERVICEPERFDATA$"
+# }
+#
+# 4. Remote server SNMP v3, rest as above
+#
+#define command {
+#        command_name check_snmp_uptime_v3
+#        command_line $USER1$/check_uptime.pl -f -w -H $HOSTADDRESS$ -l $_HOSTSNMP_V3_USER$ -x $_HOSTSNMP_V3_AUTH$ -X $_HOSTSNMP_V3_PRIV$ -L sha,aes -P "$SERVICEPERFDATA$"
+# }
+# 
+# 5. Example of service definition using above
+#
+# define service{
+#      use				std-service
+#      hostgroup_name			all_snmp_hosts
+#      service_description		SNMP Uptime
+#      max_check_attempts               1
+#      check_command			check_snmp_uptime
+# }
+#
+# 6. And this is optional dependency definition for above which makes
+#    every SNMP service (service beloning to SNMP servicegroup) on
+#    same host dependent on this SNMP Uptime check. Then if SNMP
+#    daemon goes down you only receive one alert
+#
+# define servicedependency{
+#        service_description SNMP Uptime
+#        dependent_servicegroup_name snmp
+# }
+#
+# ============================= VERSION HISTORY ==============================
+#
+# 0.1 - sometime 2006 : Simple script for tracking local system uptime
+# 0.2 - sometime 2008 : Update to get uptime by SNMP, its now alike my other plugins 
+# 0.3 -  Nov 14, 2009 : Added getting system info line and using that to decide
+#		        format of uptime line and how to process it. Added support
+#			for getting uptime with SNMP from windows systems.
+#			Added documentation header alike my other plugins.
+#			Planned to release it to public, but forgot.
+# 0.4  - Dec 19, 2011 : Update to support SNMP v3, released to public
+# 0.41 - Jan 13, 2012 : Added bug fix by Rom_UA posted as comment on Nagios Exchange
+#			Added version history you're reading right now.
+# 0.42 - Feb 13, 2012 : Bug fix to not report WARNING if uptime is not correct output
+# 0.5  - Feb 29, 2012 : Added support for "netswitch" engine type that retrieves
+#		        snmpEngineTime. Added proper support for sysUpTime interpreting
+#			it as 1/100s of a second and converting to days,hours,minutes
+#			Changed internal processing structure, now reported uptime
+#			info text is based on uptime_minutes and not separate.
+# 0.51 - Jun 05, 2012 : Bug fixed for case when when snmp system info is < 3 words.
+# 0.52 - Jun 19, 2012 : For switches if snmpEngineTime OID is not available,
+#		        the plugin will revert back to checking hostUptime and
+#			then sysUptime. Entire logic has in fact been changed
+#			to support trying more than just two OIDs. Also added
+#			support to specify filename to '-v' option for debug
+#		        output to go to instead of console and for '--debug'
+#			option as an alias to '--verbose'.
+# 
+# TODO:
+#   0) Add '--extra-opts' to allow to read options from a file as specified
+#      at http://nagiosplugins.org/extra-opts. This is TODO for all my plugins
+#   1) Add support for ">", "<" and other threshold qualifiers
+#      as done in check_snmp_temperature.pl or check_mysqld.pl
+#   2) Support for more types, in particular network equipment such as cisco: [DONE]
+#      	     sysUpTime is a 32-bit counter in 1/100 of a second, it rolls over after 496 days
+#            snmpEngineTime (.1.3.6.1.6.3.10.2.1.3) returns the uptime in seconds and will not
+#            roll over, however some cisco switches (29xx) are buggy and it gets reset too.
+#            Routers running 12.0(3)T or higher can use the snmpEngineTime object from
+#            the SNMP-FRAMEWORK-MIB.  This keeps track of seconds since SNMP engine started.
+#   3) Add threshold into perfout as ';warn;crit'
+#
+# ========================== START OF PROGRAM CODE ===========================
+
+use strict;
+use Getopt::Long;
+
+# Nagios specific
+our $TIMEOUT;
+our %ERRORS;
+eval 'use utils qw(%ERRORS $TIMEOUT)';
+if ($@) {
+ $TIMEOUT = 10;
+ %ERRORS = ('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4);
+}
+
+our $no_snmp=0;
+eval 'use Net::SNMP';
+if ($@) {
+  $no_snmp=1;
+}
+
+# Version 
+my $Version='0.52';
+
+# SNMP OID
+my $oid_sysSystem = '1.3.6.1.2.1.1.1.0';	     # windows and some unix
+my $oid_hostUptime = '1.3.6.1.2.1.25.1.1.0';         # hostUptime, usually unix systems
+my $oid_sysUptime = '1.3.6.1.2.1.1.3.0';             # sysUpTime, windows
+my $oid_engineTime = '1.3.6.1.6.3.10.2.1.3';         # SNMP-FRAMEWORK-MIB
+
+my @oid_uptime_types = ( ['', '', ''],		      	      # type 0 is reserved
+	   [ 'local', '', ''],                                # type 1 is local
+           [ 'win', 'sysUpTime', $oid_sysUptime ], 	      # type 2 is windows
+	   [ 'unix-host', 'hostUpTime', $oid_hostUptime ],    # type 3 is unix-host
+	   [ 'unix-sys', 'sysUpTime', $oid_sysUptime ],       # type 4 is unix-sys
+	   [ 'net', 'engineTime', $oid_engineTime ]);         # type 5 is netswitch 
+
+# Not used, but perhaps later
+my $oid_hrLoad = '1.3.6.1.2.1.25.3.3.1.2.1';
+my $oid_sysLoadInt1 = '1.3.6.1.4.1.2021.10.1.5.1';
+my $oid_sysLoadInt5 = '1.3.6.1.4.1.2021.10.1.5.2';
+my $oid_sysLoadInt15 = '1.3.6.1.4.1.2021.10.1.5.3';
+
+# Standard options
+my $o_host = 		undef; 	# hostname
+my $o_timeout=  	undef;  # Timeout (Default 10) 
+my $o_help=		undef; 	# wan't some help ?
+my $o_verb=		undef;	# verbose mode
+my $o_version=		undef;	# print version
+my $o_label=		undef;	# change label instead of printing uptime
+my $o_perf=             undef;  # Output performance data (uptime in minutes)
+my $o_prevperf=		undef;	# performance data given with $SERVICEPERFDATA$ macro
+my $o_warn=             undef;  # WARNING alert if system has been up for < specified number of minutes
+my $o_crit=             undef;  # CRITICAL alert if system has been up for < specified number of minutes
+my $o_type=             undef;  # type of check (local, auto, unix, win)
+
+# Login and other options specific to SNMP
+my $o_port =		161;    # SNMP port
+my $o_community =	undef; 	# community
+my $o_version2	=	undef;	# use snmp v2c
+my $o_login=		undef;	# Login for snmpv3
+my $o_passwd=		undef;	# Pass for snmpv3
+my $v3protocols=	undef;	# V3 protocol list.
+my $o_authproto=	'md5';	# Auth protocol
+my $o_privproto=	'des';	# Priv protocol
+my $o_privpass= 	undef;	# priv password
+
+## Additional global variables
+my %prev_perf=	();     # array that is populated with previous performance data
+my $check_type = 0;
+
+sub p_version { print "check_uptime version : $Version\n"; }
+
+sub print_usage {
+    print "Usage: $0 [-v [debugfilename]] [-T local|unix-host|unix-sys|win|net] [-H <host> (-C <snmp_community>) [-2] | (-l login -x passwd [-X pass -L <authp>,<privp>) [-p <port>]] [-w <warn minutes> -s <crit minutes>] [-f] [-P <previous perf data from nagios \$SERVICEPERFDATA\$>] [-t <timeout>] | [-V] [--label <string>]\n";
+}
+
+sub isnnum { # Return true if arg is not a number
+  my $num = shift;
+  if ( $num =~ /^(\d+\.?\d*)|(^\.\d+)$/ ) { return 0 ;}
+  return 1;
+}
+
+sub div_mod { return int( $_[0]/$_[1]) , ($_[0] % $_[1]); }
+
+sub help {
+   print "\nUptime Plugin for Nagios (check_uptime) v. ",$Version,"\n";
+   print "GPL licence, (c) 2008-2012 William Leibzon\n\n";
+   print_usage();
+   print <<EOT;
+
+Debug & Console Options:
+ -v, --verbose[=FILENAME], --debug[=FILENAME]
+   print extra debugging information.
+   if filename is specified instead of STDOUT the debug data is written to that file
+ -h, --help
+   print this help message
+ -V, --version
+   prints version number
+
+Standard Options:
+ -T, --type=auto|local|unix-host|unis-sys|windows|netswitch
+   Type of system:
+     local           : localhost (executes 'uptime' command), default if no -C or -l
+     unix-host       : SNMP check from hostUptime ($oid_hostUptime) OID
+     unix-sys        : SNMP check from sysUptime ($oid_sysUptime) OID
+     win | windows   : SNMP check from sysUptime ($oid_sysUptime) OID
+     net | netswitch : SNMP check from snmpEngineTime ($oid_engineTime) OID
+     auto            : Autodetect what system by checking sysSystem OID first, default
+ -w, --warning[=minutes]
+   Report nagios WARNING alert if system has been up for less then specified
+   number of minutes. If no minutes are specified but previous preformance
+   data is fed back with -P option then alert is sent ONLY ONCE when
+   uptime changes from greater value to smaller
+ -c, --critical[=minutes]
+   Report nagios CRITICAL alert if system has been up for less then
+   specified number of minutes or ONE ALERT if -P option is used and
+   system's previous uptime is larger then current on
+ -f, --perfparse
+   Perfparse compatible output 
+ -P, --prev_perfdata
+   Previous performance data (normally put '-P \$SERVICEPERFDATA\$' in
+   nagios command definition). This is recommended if you dont specify
+   type of system with -T so that previously checked type of system info
+   is reused. This is also used to decide on warning/critical condition
+   if number of seconds is not specified with -w or -c.
+ --label=[string]
+   Optional custom label before results prefixed to results
+ -t, --timeout=INTEGER
+   timeout for SNMP in seconds (Default: 15)
+ 
+SNMP Access Options:
+ -H, --hostname=HOST
+   name or IP address of host to check (if not localhost)
+ -C, --community=COMMUNITY NAME
+   community name for the SNMP agent (used with v1 or v2c protocols)
+ -2, --v2c
+   use snmp v2c (can not be used with -l, -x)
+ -l, --login=LOGIN ; -x, --passwd=PASSWD
+   Login and auth password for snmpv3 authentication 
+   If no priv password exists, implies AuthNoPriv 
+ -X, --privpass=PASSWD
+   Priv password for snmpv3 (AuthPriv protocol)
+ -L, --protocols=<authproto>,<privproto>
+   <authproto> : Authentication protocol (md5|sha : default md5)
+   <privproto> : Priv protocols (des|aes : default des) 
+ -p, --port=PORT
+   SNMP port (Default 161)
+EOT
+}
+
+# For verbose output (updated 06/06/12 to write to debug file if specified)
+sub verb {
+    my $t=shift;
+    if (defined($o_verb)) {
+        if ($o_verb eq "") {
+                print $t,"\n";
+        }
+        else {
+            if (!open(DEBUGFILE, ">>$o_verb")) {
+                print $t, "\n";
+            }
+            else {
+                print DEBUGFILE $t,"\n";
+                close DEBUGFILE;
+            }
+        }
+    }
+}
+
+# load previous performance data 
+sub process_perf {
+ my %pdh;
+ my ($nm,$dt);
+ foreach (split(' ',$_[0])) {
+   if (/(.*)=(.*)/) {
+        ($nm,$dt)=($1,$2);
+        verb("prev_perf: $nm = $dt");
+	# in some of my plugins time_ is to profile how long execution takes for some part of plugin
+        # $pdh{$nm}=$dt if $nm !~ /^time_/;
+	$pdh{$nm}=$dt;
+   }
+ }
+ return %pdh;
+}
+
+sub type_from_name {
+  my $type=shift;
+  for(my $i=1; $i<scalar(@oid_uptime_types); $i++) {
+      if ($oid_uptime_types[$i][0] eq $type) {
+          return $i;
+      }
+   }
+   return -1;
+}
+
+
+sub check_options {
+    Getopt::Long::Configure ("bundling");
+	GetOptions(
+   	'v:s'	=> \$o_verb,		'verbose:s'	=> \$o_verb,  "debug:s" => \$o_verb,
+        'h'     => \$o_help,    	'help'        	=> \$o_help,
+        'H:s'   => \$o_host,		'hostname:s'	=> \$o_host,
+        'p:i'   => \$o_port,   		'port:i'	=> \$o_port,
+        'C:s'   => \$o_community,	'community:s'	=> \$o_community,
+	 '2'	=> \$o_version2,	'v2c'		=> \$o_version2,
+	'l:s'	=> \$o_login,		'login:s'	=> \$o_login,
+	'x:s'	=> \$o_passwd,		'passwd:s'	=> \$o_passwd,
+	'X:s'	=> \$o_privpass,	'privpass:s'	=> \$o_privpass,
+	'L:s'	=> \$v3protocols,	'protocols:s'	=> \$v3protocols,
+        't:i'   => \$o_timeout,    	'timeout:i'	=> \$o_timeout,
+	'V'	=> \$o_version,		'version'	=> \$o_version,
+        'f'     => \$o_perf,            'perfparse'     => \$o_perf,
+        'w:i'   => \$o_warn,       	'warning:i'   	=> \$o_warn,
+        'c:i'   => \$o_crit,      	'critical:i'   	=> \$o_crit,
+	'label:s'   => \$o_label,
+	'P:s'	=> \$o_prevperf,	'prev_perfdata:s' => \$o_prevperf,
+	'T:s'   => \$o_type,            'type:s'        => \$o_type,
+    );
+    if (defined ($o_help) ) { help(); exit $ERRORS{"UNKNOWN"}};
+    if (defined($o_version)) { p_version(); exit $ERRORS{"UNKNOWN"}};
+
+    $o_type = "win" if defined($o_type) && $o_type eq 'windows';
+    $o_type = "net" if defined($o_type) && $o_type eq 'netswitch';
+    if (defined($o_type) && $o_type ne 'auto' && type_from_name($o_type)==-1) {
+	print "Invalid system type specified\n"; print_usage(); exit $ERRORS{"UNNKNOWN"};
+    }
+
+    if (!defined($o_community) && (!defined($o_login) || !defined($o_passwd)) ) { 
+	 $o_type='local' if !defined($o_type) || $o_type eq 'auto';
+	 if ($o_type ne 'local') {
+            print "Put snmp login info!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}
+         }
+	 if (defined($o_host)) {
+	    print "Why are you specifying hostname without SNMP parameters?\n"; print_usage(); exit $ERRORS{"UNKNOWN"};
+	 }
+    }
+    else {
+         $o_type='auto' if !defined($o_type);
+         if ($o_type eq 'local' ) {
+	     print "Why are you specifying SNMP login for local system???\n"; print_usage(); exit $ERRORS{"UNKNOWN"}
+         }
+         if (!defined($o_host)) {
+             print "Hostname required for SNMP check.\n"; print_usage(); exit $ERRORS{"UNKNOWN"};
+         }
+	 if ($no_snmp) {
+	     print "Can't locate Net/SNMP.pm\n"; print_usage(); exit $ERRORS{"UNKNOWN"};
+	 }
+    }
+
+    # check snmp information
+    if ((defined($o_login) || defined($o_passwd)) && (defined($o_community) || defined($o_version2)) )
+	{ print "Can't mix snmp v1,2c,3 protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
+    if (defined ($v3protocols)) {
+	if (!defined($o_login)) { print "Put snmp V3 login info with protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
+	my @v3proto=split(/,/,$v3protocols);
+	if ((defined ($v3proto[0])) && ($v3proto[0] ne "")) {$o_authproto=$v3proto[0];  }	# Auth protocol
+	if (defined ($v3proto[1])) {$o_privproto=$v3proto[1];	}	# Priv  protocol
+	if ((defined ($v3proto[1])) && (!defined($o_privpass)))
+	  { print "Put snmp V3 priv login info with priv protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
+    }
+
+    if (defined($o_timeout) && (isnnum($o_timeout) || ($o_timeout < 2) || ($o_timeout > 60))) 
+	{ print "Timeout must be >1 and <60 !\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
+    if (!defined($o_timeout)) {$o_timeout=$TIMEOUT+5;}
+
+    if (defined($o_prevperf)) {
+        if (defined($o_perf)) {
+               %prev_perf=process_perf($o_prevperf);
+	       $check_type = $prev_perf{type} if $o_type eq 'auto' && exists($prev_perf{tye}) && exists($oid_uptime_types[$prev_perf{type}][0]);
+	}
+        else {
+               print "need -f option first \n"; print_usage(); exit $ERRORS{"UNKNOWN"};
+        }
+    }
+
+    if ($o_type eq 'auto') {
+        $check_type=0;
+    }
+    else {
+        $check_type = type_from_name($o_type);
+    }
+}
+
+sub create_snmp_session {
+  my ($session,$error);
+
+  if ( defined($o_login) && defined($o_passwd)) {
+    # SNMPv3 login
+    if (!defined ($o_privpass)) {
+     verb("SNMPv3 AuthNoPriv login : $o_login, $o_authproto");
+     ($session, $error) = Net::SNMP->session(
+      -hostname   	=> $o_host,
+      -version		=> '3',
+      -port      	=> $o_port,
+      -username		=> $o_login,
+      -authpassword	=> $o_passwd,
+      -authprotocol	=> $o_authproto,
+      -timeout          => $o_timeout
+     );  
+    } else {
+     verb("SNMPv3 AuthPriv login : $o_login, $o_authproto, $o_privproto");
+     ($session, $error) = Net::SNMP->session(
+      -hostname   	=> $o_host,
+      -version		=> '3',
+      -username		=> $o_login,
+      -port      	=> $o_port,
+      -authpassword	=> $o_passwd,
+      -authprotocol	=> $o_authproto,
+      -privpassword	=> $o_privpass,
+      -privprotocol     => $o_privproto,
+      -timeout          => $o_timeout
+     );
+    }
+  } else {
+    if (defined ($o_version2)) {
+    # SNMPv2c Login
+      verb("SNMP v2c login");
+      ($session, $error) = Net::SNMP->session(
+       -hostname  => $o_host,
+       -version   => 2,
+       -community => $o_community,
+       -port      => $o_port,
+       -timeout   => $o_timeout
+      );
+    } else {
+    # SNMPV1 login
+      verb("SNMP v1 login");
+      ($session, $error) = Net::SNMP->session(
+       -hostname  => $o_host,
+       -community => $o_community,
+       -port      => $o_port,
+       -timeout   => $o_timeout
+      );
+    }
+  }
+  if (!defined($session)) {
+     printf("ERROR opening session: %s.\n", $error);
+     exit $ERRORS{"UNKNOWN"};
+  }
+
+  return $session;
+}
+
+$SIG{'ALRM'} = sub {
+ print "Alarm timeout\n";
+ exit $ERRORS{"UNKNOWN"};
+};
+
+########## MAIN #######
+my $system_info="";
+my $uptime_info=undef;
+my $uptime_minutes=undef;
+my $perf_out="";
+my $status=0;
+my $uptime_output;
+my ($days, $hrs, $mins);
+
+check_options();
+
+# Check gobal timeout if snmp screws up
+if (defined($o_timeout)) {
+  verb("Alarm at $o_timeout + 5");
+  alarm($o_timeout+5);
+}
+
+if ($check_type==1) {  # local
+  # Process unix uptime command output
+  $uptime_output=`uptime`;
+  verb("Local Uptime Result is: $uptime_output");
+  if ($uptime_output =~ /(\d+)\s+days?,\s+(\d+)\:(\d+)/) {
+     ($days, $hrs, $mins) = ($1, $2, $3);
+  }
+  elsif ($uptime_output =~ /up\s+(\d+)\shours?\s+(\d+)/) {
+     ($days, $hrs, $mins) = (0, $1, $2);
+  }
+  elsif ($uptime_output =~ /up\s+(\d+)\:(\d+)/) {
+     ($days, $hrs, $mins) = (0, $1, $2);
+  }
+  elsif ($uptime_output =~ /up\s+(\d+)\s+min/) {
+     ($days, $hrs, $mins) = (0,0,$1);
+  }
+  elsif ($uptime_output =~ /up\s+(d+)s+days?,s+(d+)s+min/) {
+     ($days, $hrs, $mins) = ($1,0,$2);
+  }
+  else {
+     $uptime_info = "up ".$uptime_output;
+  }
+  if (defined($days) && defined($hrs) && defined($mins)) {
+     $uptime_minutes = $days*24*60+$hrs*60+$mins;
+  }
+  my @temp=split(' ',`uname -a`);
+  if (scalar(@temp)<3) {
+        $system_info=`uname -a`;
+  }
+  else {
+        $system_info=join(' ',$temp[0],$temp[1],$temp[2]);
+  }
+}
+else {
+  # SNMP connection
+  my $session=create_snmp_session();
+  my $result=undef;
+  my $oid="";
+  my $guessed_check_type=0;
+
+  if ($check_type==0){
+      $result = $session->get_request(-varbindlist=>[$oid_sysSystem]);
+      if (!defined($result)) {
+            printf("ERROR: Can not retrieve $oid_sysSystem table: %s.\n", $session->error);
+            $session->close;
+            exit $ERRORS{"UNKNOWN"};
+      }
+      verb("$o_host SysInfo Result from OID $oid_sysSystem: $result->{$oid_sysSystem}");
+      if ($result->{$oid_sysSystem} =~ /Windows/) {
+	  $guessed_check_type=2;
+	  verb('Guessing Type: 2 = windows');
+      }
+      if ($result->{$oid_sysSystem} =~ /Cisco/) {
+	  $guessed_check_type=5;
+	  verb('Guessing Type: 5 = netswitch');
+      }
+      if ($guessed_check_type==0) {
+	  $guessed_check_type=3; # will try hostUptime first
+      }
+      $oid=$oid_uptime_types[$guessed_check_type][2];
+  }
+  else {
+      $oid=$oid_uptime_types[$check_type][2];
+  }
+
+  do {
+      $result = $session->get_request(-varbindlist=>[$oid,$oid_sysSystem]);
+      if (!defined($result)) {
+          if ($check_type!=0) {
+              printf("ERROR: Can not retrieve uptime OID table $oid: %s.\n", $session->error);
+              $session->close;
+              exit $ERRORS{"UNKNOWN"};
+          }
+          else {
+              if ($session->error =~ /noSuchName/) {
+		  if ($guessed_check_type==4) {
+                      verb("Received noSuchName error for sysUpTime OID $oid. Giving up.");
+                      $guessed_check_type=0;
+		  } 
+	          if ($guessed_check_type==3) {
+            	      verb("Received noSuchName error for hostUpTime OID $oid, will now try sysUpTime");
+		      $guessed_check_type=4;
+	          }
+	          else {
+		      verb("Received noSuchName error for OID $oid, will now try hostUpTime");
+		      $guessed_check_type=3;
+		  }
+		  if ($guessed_check_type!=0) {
+		      $oid=$oid_uptime_types[$guessed_check_type][2];
+		  }
+	      }
+	      else {
+		  printf("ERROR: Can not retrieve uptime OID table $oid: %s.\n", $session->error);
+         	  $session->close;
+         	  exit $ERRORS{"UNKNOWN"};
+	      }
+	  }
+      }
+      else {
+          if ($check_type==0) {
+	      $check_type=$guessed_check_type;
+	  }
+      }
+  }
+  while (!defined($result) && $guessed_check_type!=0);
+
+  $session->close;
+  if ($check_type==0 && $guessed_check_type==0) {
+        printf("ERROR: Can not autodetermine proper uptime OID table. Giving up.\n");
+        exit $ERRORS{"UNKNOWN"};
+  }
+
+  my ($days, $hrs, $mins);
+  $uptime_output=$result->{$oid};
+  verb("$o_host Uptime Result from OID $oid: $uptime_output");
+
+  if ($uptime_output =~ /(\d+)\s+days?,\s+(\d+)\:(\d+)/) {
+    ($days, $hrs, $mins) = ($1, $2, $3);
+  }
+  elsif ($uptime_output =~ /(\d+)\s+hours?,\s+(\d+)\:(\d+)/) {
+    ($days, $hrs, $mins) = (0, $1, $2);
+  }
+  elsif ($uptime_output =~ /(\d+)\s+min/) {
+    ($days, $hrs, $mins) = (0, 0, $1);
+  }
+  if (defined($days) && defined($hrs) && defined($mins)) {
+    $uptime_minutes = $days*24*60+$hrs*60+$mins;
+  }
+  elsif ($uptime_output =~ /^(\d+)$/) {
+    my $upnum = $1;
+    if ($oid eq $oid_sysUptime) {
+	$uptime_minutes = $upnum/100/60; 
+    }
+    elsif ($oid eq $oid_engineTime) {
+	$uptime_minutes = $upnum/60;
+    }
+  }
+  else {
+    $uptime_info = "up ".$uptime_output;
+  }
+  my @temp=split(' ',$result->{$oid_sysSystem});
+  if (scalar(@temp)<3) {
+	$system_info=$result->{$oid_sysSystem};
+  }
+  else {
+	$system_info=join(' ',$temp[0],$temp[1],$temp[2]);
+  }
+}
+
+if (defined($uptime_minutes) && !defined($uptime_info)) {
+  ($hrs,$mins) = div_mod($uptime_minutes,60);
+  ($days,$hrs) = div_mod($hrs,24);
+  $uptime_info = "up ";
+  $uptime_info .= "$days days " if $days>0;
+  $uptime_info .= "$hrs hours " if $hrs>0;
+  $uptime_info .= "$mins minutes";
+}
+
+verb("System Type: $check_type (".$oid_uptime_types[$check_type][0].")");
+verb("System Info: $system_info") if $system_info;
+verb("Uptime Text: $uptime_info") if defined($uptime_info);
+verb("Uptime Minutes: $uptime_minutes") if defined($uptime_minutes);
+
+if (!defined($uptime_info)) {
+  $uptime_info = "Can not determine uptime";
+  $status = 3;
+}
+
+if (defined($o_perf)) {
+  $perf_out = "type=$check_type";
+  $perf_out .= " uptime_minutes=$uptime_minutes" if defined($uptime_minutes);
+}
+
+if (defined($uptime_minutes)) {
+  if (defined($o_prevperf)) {
+   	$status = 1 if defined($o_warn) && exists($prev_perf{uptime_minutes}) && $prev_perf{uptime_minutes} > $uptime_minutes;
+   	$status = 2 if defined($o_crit) && exists($prev_perf{uptime_minutes}) && $prev_perf{uptime_minutes} > $uptime_minutes;
+  }
+  else {
+   	$status = 1 if defined($o_warn) && !isnnum($o_warn) && $o_warn >= $uptime_minutes;
+   	$status = 2 if defined($o_crit) && !isnnum($o_crit) && $o_crit >= $uptime_minutes;
+  }
+}
+alarm(0);
+
+my $exit_status="UNKNOWN";
+$exit_status="OK" if $status==0;
+$exit_status="WARNING" if $status==1;
+$exit_status="CRITICAL" if $status==2;
+$exit_status="UNKNOWN" if $status==3;
+$exit_status="$o_label $exit_status" if defined($o_label);
+print "$exit_status: $system_info";
+print " - $uptime_info";
+print " | ",$perf_out if $perf_out;
+print "\n";
+exit $status;
diff --git a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/nrpe.cfg.erb b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/nrpe.cfg.erb
new file mode 100644
index 0000000..348aa93
--- /dev/null
+++ b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/nrpe.cfg.erb
@@ -0,0 +1,261 @@
+<%# nrpe.cfg %>
+
+# ###################################################
+# # #
+# # # This file is managed with
+# # #
+# # #  #####   #    #  #####   #####   ######   #####
+# # #  #    #  #    #  #    #  #    #  #          #
+# # #  #    #  #    #  #    #  #    #  #####      #
+# # #  #####   #    #  #####   #####   #          #
+# # #  #       #    #  #       #       #          #
+# # #  #        ####   #       #       ######     #
+# # #
+# # # ... so you can't just change it locally.
+# # #
+# # ###################################################
+
+#############################################################################
+# Sample NRPE Config File 
+# Written by: Ethan Galstad (nagios@nagios.org)
+# 
+# Last Modified: 11-23-2007
+#
+# NOTES:
+# This is a sample configuration file for the NRPE daemon.  It needs to be
+# located on the remote host that is running the NRPE daemon, not the host
+# from which the check_nrpe client is being executed.
+#############################################################################
+
+
+# LOG FACILITY
+# The syslog facility that should be used for logging purposes.
+
+log_facility=daemon
+
+
+
+# PID FILE
+# The name of the file in which the NRPE daemon should write it's process ID
+# number.  The file is only written if the NRPE daemon is started by the root
+# user and is running in standalone mode.
+
+pid_file=/var/run/nagios/nrpe.pid
+
+
+
+# PORT NUMBER
+# Port number we should wait for connections on.
+# NOTE: This must be a non-priviledged port (i.e. > 1024).
+# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
+
+server_port=5666
+
+
+
+# SERVER ADDRESS
+# Address that nrpe should bind to in case there are more than one interface
+# and you do not want nrpe to bind on all interfaces.
+# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
+
+#server_address=127.0.0.1
+
+
+
+# NRPE USER
+# This determines the effective user that the NRPE daemon should run as.  
+# You can either supply a username or a UID.
+# 
+# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
+
+nrpe_user=nagios
+
+
+
+# NRPE GROUP
+# This determines the effective group that the NRPE daemon should run as.  
+# You can either supply a group name or a GID.
+# 
+# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
+
+nrpe_group=nagios
+
+
+
+# ALLOWED HOST ADDRESSES
+# This is an optional comma-delimited list of IP address or hostnames 
+# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask
+# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently 
+# supported.
+#
+# Note: The daemon only does rudimentary checking of the client's IP
+# address.  I would highly recommend adding entries in your /etc/hosts.allow
+# file to allow only the specified host to connect to the port
+# you are running this daemon on.
+#
+# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
+
+allowed_hosts= <%= @allowed_hosts %>
+
+# COMMAND ARGUMENT PROCESSING
+# This option determines whether or not the NRPE daemon will allow clients
+# to specify arguments to commands that are executed.  This option only works
+# if the daemon was configured with the --enable-command-args configure script
+# option.  
+#
+# *** ENABLING THIS OPTION IS A SECURITY RISK! *** 
+# Read the SECURITY file for information on some of the security implications
+# of enabling this variable.
+#
+# Values: 0=do not allow arguments, 1=allow command arguments
+
+dont_blame_nrpe=0
+
+
+
+# BASH COMMAND SUBTITUTION
+# This option determines whether or not the NRPE daemon will allow clients
+# to specify arguments that contain bash command substitutions of the form
+# $(...).  This option only works if the daemon was configured with both 
+# the --enable-command-args and --enable-bash-command-substitution configure 
+# script options.
+#
+# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! *** 
+# Read the SECURITY file for information on some of the security implications
+# of enabling this variable.
+#
+# Values: 0=do not allow bash command substitutions, 
+#         1=allow bash command substitutions
+
+allow_bash_command_substitution=0
+
+
+
+# COMMAND PREFIX
+# This option allows you to prefix all commands with a user-defined string.
+# A space is automatically added between the specified prefix string and the
+# command line from the command definition.
+#
+# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! ***
+# Usage scenario: 
+# Execute restricted commmands using sudo.  For this to work, you need to add
+# the nagios user to your /etc/sudoers.  An example entry for alllowing 
+# execution of the plugins from might be:
+#
+# nagios          ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/
+#
+# This lets the nagios user run all commands in that directory (and only them)
+# without asking for a password.  If you do this, make sure you don't give
+# random users write access to that directory or its contents!
+
+# command_prefix=/usr/bin/sudo 
+
+
+
+# DEBUGGING OPTION
+# This option determines whether or not debugging messages are logged to the
+# syslog facility.
+# Values: 0=debugging off, 1=debugging on
+
+debug=0
+
+
+
+# COMMAND TIMEOUT
+# This specifies the maximum number of seconds that the NRPE daemon will
+# allow plugins to finish executing before killing them off.
+
+command_timeout=60
+
+
+
+# CONNECTION TIMEOUT
+# This specifies the maximum number of seconds that the NRPE daemon will
+# wait for a connection to be established before exiting. This is sometimes
+# seen where a network problem stops the SSL being established even though
+# all network sessions are connected. This causes the nrpe daemons to
+# accumulate, eating system resources. Do not set this too low.
+
+connection_timeout=300
+
+
+
+# WEEK RANDOM SEED OPTION
+# This directive allows you to use SSL even if your system does not have
+# a /dev/random or /dev/urandom (on purpose or because the necessary patches
+# were not applied). The random number generator will be seeded from a file
+# which is either a file pointed to by the environment valiable $RANDFILE
+# or $HOME/.rnd. If neither exists, the pseudo random number generator will
+# be initialized and a warning will be issued.
+# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness
+
+#allow_weak_random_seed=1
+
+
+
+# INCLUDE CONFIG FILE
+# This directive allows you to include definitions from an external config file.
+
+#include=<somefile.cfg>
+
+
+
+# INCLUDE CONFIG DIRECTORY
+# This directive allows you to include definitions from config files (with a
+# .cfg extension) in one or more directories (with recursion).
+
+#include_dir=<somedirectory>
+#include_dir=<someotherdirectory>
+
+
+
+# COMMAND DEFINITIONS
+# Command definitions that this daemon will run.  Definitions
+# are in the following format:
+#
+# command[<command_name>]=<command_line>
+#
+# When the daemon receives a request to return the results of <command_name>
+# it will execute the command specified by the <command_line> argument.
+#
+# Unlike Nagios, the command line cannot contain macros - it must be
+# typed exactly as it should be executed.
+#
+# Note: Any plugins that are used in the command lines must reside
+# on the machine that this daemon is running on!  The examples below
+# assume that you have plugins installed in a /usr/local/nagios/libexec
+# directory.  Also note that you will have to modify the definitions below
+# to match the argument format the plugins expect.  Remember, these are
+# examples only!
+
+
+# The following examples use hardcoded command arguments...
+
+command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10
+command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
+command[check_root]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /
+command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z
+command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200 
+
+
+# The following examples allow user-supplied arguments and can
+# only be used if the NRPE daemon was compiled with support for 
+# command arguments *AND* the dont_blame_nrpe directive in this
+# config file is set to '1'.  This poses a potential security risk, so
+# make sure you read the SECURITY file before doing this.
+
+#command[check_users]=/usr/lib/nagios/plugins/check_users -w $ARG1$ -c $ARG2$
+#command[check_load]=/usr/lib/nagios/plugins/check_load -w $ARG1$ -c $ARG2$
+#command[check_disk]=/usr/lib/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
+#command[check_procs]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
+
+#
+# local configuration:
+#	if you'd prefer, you can instead place directives here
+include=/etc/nagios/nrpe_local.cfg
+
+# 
+# you can place your config snipplets into nrpe.d/
+# only snipplets ending in .cfg will get included
+include_dir=/etc/nagios/nrpe.d/
+
-- 
cgit v1.1


From 050911fb11218e3d0ee57fccabbdcb0f9f4690c1 Mon Sep 17 00:00:00 2001
From: Johan Lundberg <lundberg@nordu.net>
Date: Wed, 22 Apr 2015 12:57:54 +0200
Subject: Added shortcut to templates.

---
 templates | 1 +
 1 file changed, 1 insertion(+)
 create mode 120000 templates

diff --git a/templates b/templates
new file mode 120000
index 0000000..3365074
--- /dev/null
+++ b/templates
@@ -0,0 +1 @@
+./global/overlay/etc/puppet/modules/sunet/templates/
\ No newline at end of file
-- 
cgit v1.1


From 08fc0687691c7b6a84889c328cd11509b7e8caad Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Wed, 22 Apr 2015 14:16:09 +0200
Subject: autobackup

---
 global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp
index d9eeae4..1d96d4e 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp
@@ -37,5 +37,15 @@ $myqsl_version     = "5.7")
                           "MYSQL_ROOT_PASSWORD=${pwd}",
                           "MYSQL_DATABASE=${name}"]
       }
+      package {'automysqlbackup': require => latest } -> 
+      auges { 'automysqlbackup_settings': 
+         incl    => "/etc/default/automysqlbackup",
+         lens    => "Shellvars.lns",
+         changes => [
+            "set USERNAME=${name}",
+            "set PASSWORD=${pwd}",
+            "set DBHOST=${db_hostname}"
+         ]
+      }
    }
 }
-- 
cgit v1.1


From 92954976486eb2f3e7e6f7df2eba939509284372 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Wed, 22 Apr 2015 14:17:39 +0200
Subject: ,

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index e471544..c2736bd 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -52,9 +52,9 @@ class mailclient ($domain) {
 
 class nagioshost {
 
-   $nagios_ip_v4 = hiera('nagios_ip_v4', '109.105.111.111'),
-   $nagios_ip_v6 = hiera('nagios_ip_v6', '2001:948:4:6::111'),
-   $allowed_hosts = "${nagios_ip_v4},${nagios_ip_v6}",
+   $nagios_ip_v4 = hiera('nagios_ip_v4', '109.105.111.111')
+   $nagios_ip_v6 = hiera('nagios_ip_v6', '2001:948:4:6::111')
+   $allowed_hosts = "${nagios_ip_v4},${nagios_ip_v6}"
 
    package {'nagios-nrpe-server':
        ensure => 'installed',
-- 
cgit v1.1


From 05092b377014dd9907bcea9b7576c23f05110626 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Wed, 22 Apr 2015 14:18:51 +0200
Subject: include

---
 global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp
index 1d96d4e..ac61bc9 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp
@@ -5,6 +5,7 @@ $db_host           = undef,
 $wordpress_version = "4.1.1", 
 $myqsl_version     = "5.7") 
 {
+   include augeas
    $db_hostname = $db_host ? {
       undef   => "${name}_mysql.docker",
       default => $db_host
@@ -38,7 +39,7 @@ $myqsl_version     = "5.7")
                           "MYSQL_DATABASE=${name}"]
       }
       package {'automysqlbackup': require => latest } -> 
-      auges { 'automysqlbackup_settings': 
+      augeas { 'automysqlbackup_settings': 
          incl    => "/etc/default/automysqlbackup",
          lens    => "Shellvars.lns",
          changes => [
-- 
cgit v1.1


From 92f00dba5b869e777d323d844d502a85d93e79cf Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Wed, 22 Apr 2015 14:19:44 +0200
Subject: bad leifj

---
 global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp
index ac61bc9..2335af5 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp
@@ -38,7 +38,7 @@ $myqsl_version     = "5.7")
                           "MYSQL_ROOT_PASSWORD=${pwd}",
                           "MYSQL_DATABASE=${name}"]
       }
-      package {'automysqlbackup': require => latest } -> 
+      package {'automysqlbackup': ensure => latest } -> 
       augeas { 'automysqlbackup_settings': 
          incl    => "/etc/default/automysqlbackup",
          lens    => "Shellvars.lns",
-- 
cgit v1.1


From c6be206b75642eaf63e64bfbc3bad07e9af22b33 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Wed, 22 Apr 2015 14:34:15 +0200
Subject: bad leifj

---
 global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp
index 2335af5..d183032 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp
@@ -43,9 +43,9 @@ $myqsl_version     = "5.7")
          incl    => "/etc/default/automysqlbackup",
          lens    => "Shellvars.lns",
          changes => [
-            "set USERNAME=${name}",
-            "set PASSWORD=${pwd}",
-            "set DBHOST=${db_hostname}"
+            "set USERNAME ${name}",
+            "set PASSWORD ${pwd}",
+            "set DBHOST ${db_hostname}"
          ]
       }
    }
-- 
cgit v1.1


From 0eaf0a1eaa03d972acf3c6ec2c49684687a1d1d0 Mon Sep 17 00:00:00 2001
From: Dennis Wallberg <dennis@nordu.net>
Date: Wed, 22 Apr 2015 14:38:07 +0200
Subject: added template

---
 .../etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb   | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb
index dda05e4..d52eeec 100755
--- a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb
+++ b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb
@@ -1,3 +1,5 @@
+<%# check_uptime.pl %>
+
 #!/usr/bin/perl -w
 #
 # ============================== SUMMARY =====================================
-- 
cgit v1.1


From c06ea0f096b30fdf1b83a0d9b7f72077f067b436 Mon Sep 17 00:00:00 2001
From: Dennis Wallberg <dennis@nordu.net>
Date: Wed, 22 Apr 2015 14:44:14 +0200
Subject: added nagioshost to docker

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index e471544..410b957 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -163,6 +163,7 @@ node 'datasets.sunet.se' {
 }
 
 node 'docker.sunet.se' {
+   class { 'nagioshost': }
    docker::image {'registry': }
    docker::image {'leifj/pound': }
    docker::run {'sunetregistry':
-- 
cgit v1.1


From 9a6c9b342db6b00f2786edca1d974540a766b1cf Mon Sep 17 00:00:00 2001
From: Dennis Wallberg <dennis@nordu.net>
Date: Wed, 22 Apr 2015 14:58:29 +0200
Subject: nagios configuration update

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 37 +---------------------
 .../etc/puppet/modules/sunet/manifests/nagios.pp   | 34 ++++++++++++++++++++
 2 files changed, 35 insertions(+), 36 deletions(-)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 480eacf..c7bc59c 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -50,41 +50,6 @@ class mailclient ($domain) {
    cosmos::preseed::preseed_package {"postfix": ensure => present, domain => $domain}
 }
 
-class nagioshost {
-
-   $nagios_ip_v4 = hiera('nagios_ip_v4', '109.105.111.111')
-   $nagios_ip_v6 = hiera('nagios_ip_v6', '2001:948:4:6::111')
-   $allowed_hosts = "${nagios_ip_v4},${nagios_ip_v6}"
-
-   package {'nagios-nrpe-server':
-       ensure => 'installed',
-   } ->
-   file { "/etc/nagios/nrpe.cfg" :
-       ensure  => 'file',
-       mode    => '0640',
-       group   => 'nagios',
-       content => template('sunet/nagioshost/nrpe.cfg.erb'),
-   } ->
-   file { "/usr/lib/nagios/plugins/check_uptime.pl" :
-       ensure  => 'file',
-       mode    => '0640',
-       group   => 'nagios',
-       content => template('sunet/nagioshost/check_uptime.pl.erb'),
-   } ->
-   ufw::allow { "allow-nrpe-v4":
-       from  => "${nagios_ip_v4}",
-       ip    => 'any',
-       proto => 'tcp',
-       port  => 5666
-   } ->
-   ufw::allow { "allow-nrpe-v6":
-       from  => "${nagios_ip_v6}",
-       ip    => 'any',
-       proto => 'tcp',
-       port  => 5666
-   }
-}
-
 node 'sto-tug-kvm1.swamid.se' {
 
    package {'python-vm-builder':
@@ -163,7 +128,7 @@ node 'datasets.sunet.se' {
 }
 
 node 'docker.sunet.se' {
-   class { 'nagioshost': }
+   class { 'sunet::nagios': }
    docker::image {'registry': }
    docker::image {'leifj/pound': }
    docker::run {'sunetregistry':
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp
index 58a10bc..6b7d836 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp
@@ -1,3 +1,37 @@
 class sunet::nagios {
 
+   $nagios_ip_v4 = hiera('nagios_ip_v4', '109.105.111.111')
+   $nagios_ip_v6 = hiera('nagios_ip_v6', '2001:948:4:6::111')
+   $allowed_hosts = "${nagios_ip_v4},${nagios_ip_v6}"
+
+   package {'nagios-nrpe-server':
+       ensure => 'installed',
+   } ->
+   service {'nagios-nrpe-server':
+       ensure => 'running'
+   } ->
+   file { "/etc/nagios/nrpe.cfg" :
+       ensure  => 'file',
+       mode    => '0640',
+       group   => 'nagios',
+       content => template('sunet/nagioshost/nrpe.cfg.erb'),
+   } ->
+   file { "/usr/lib/nagios/plugins/check_uptime.pl" :
+       ensure  => 'file',
+       mode    => '0640',
+       group   => 'nagios',
+       content => template('sunet/nagioshost/check_uptime.pl.erb'),
+   } ->
+   ufw::allow { "allow-nrpe-v4":
+       from  => "${nagios_ip_v4}",
+       ip    => 'any',
+       proto => 'tcp',
+       port  => 5666
+   } ->
+   ufw::allow { "allow-nrpe-v6":
+       from  => "${nagios_ip_v6}",
+       ip    => 'any',
+       proto => 'tcp',
+       port  => 5666
+   }
 }
-- 
cgit v1.1


From bb0e5333540a0fddc8946cee37fde6f317403dd5 Mon Sep 17 00:00:00 2001
From: Dennis Wallberg <dennis@nordu.net>
Date: Wed, 22 Apr 2015 15:37:31 +0200
Subject: added some default nrpe checks

---
 .../overlay/etc/puppet/modules/sunet/templates/nagioshost/nrpe.cfg.erb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/nrpe.cfg.erb b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/nrpe.cfg.erb
index 348aa93..960dd61 100644
--- a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/nrpe.cfg.erb
+++ b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/nrpe.cfg.erb
@@ -236,7 +236,8 @@ command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
 command[check_root]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /
 command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z
 command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200 
-
+command[check_uptime]=/usr/lib/nagios/plugins/check_uptime.pl -f
+command[check_reboot]=/usr/lib/nagios/plugins/check_reboot
 
 # The following examples allow user-supplied arguments and can
 # only be used if the NRPE daemon was compiled with support for 
-- 
cgit v1.1


From 5a10e87213b5d83209c4f25544fd186bcff9790d Mon Sep 17 00:00:00 2001
From: Dennis Wallberg <dennis@nordu.net>
Date: Wed, 22 Apr 2015 15:49:01 +0200
Subject: nrpe plugin permission + fixes

---
 global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp             | 2 +-
 .../etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb   | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp
index 6b7d836..b05100e 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp
@@ -18,7 +18,7 @@ class sunet::nagios {
    } ->
    file { "/usr/lib/nagios/plugins/check_uptime.pl" :
        ensure  => 'file',
-       mode    => '0640',
+       mode    => '0751',
        group   => 'nagios',
        content => template('sunet/nagioshost/check_uptime.pl.erb'),
    } ->
diff --git a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb
index d52eeec..e599218 100755
--- a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb
+++ b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb
@@ -1,5 +1,4 @@
 <%# check_uptime.pl %>
-
 #!/usr/bin/perl -w
 #
 # ============================== SUMMARY =====================================
-- 
cgit v1.1


From 3aa12a2570f187b179c8631f4eaab0c83d1662b7 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Wed, 22 Apr 2015 15:51:57 +0200
Subject: only backup the one db

---
 global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp
index d183032..6f6abed 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp
@@ -45,7 +45,8 @@ $myqsl_version     = "5.7")
          changes => [
             "set USERNAME ${name}",
             "set PASSWORD ${pwd}",
-            "set DBHOST ${db_hostname}"
+            "set DBHOST ${db_hostname}",
+            "set DBNAMES ${name}"
          ]
       }
    }
-- 
cgit v1.1


From de3da0b361a561a79fcd152c61274f811e1c51ff Mon Sep 17 00:00:00 2001
From: Dennis Wallberg <dennis@nordu.net>
Date: Wed, 22 Apr 2015 15:55:11 +0200
Subject: removed <%# check_uptime.pl %>

global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb
---
 .../etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb    | 1 -
 1 file changed, 1 deletion(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb
index e599218..dda05e4 100755
--- a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb
+++ b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_uptime.pl.erb
@@ -1,4 +1,3 @@
-<%# check_uptime.pl %>
 #!/usr/bin/perl -w
 #
 # ============================== SUMMARY =====================================
-- 
cgit v1.1


From a60382a9ef96e350036c693ddf7b6be3ec5083fd Mon Sep 17 00:00:00 2001
From: Johan Lundberg <lundberg@nordu.net>
Date: Wed, 22 Apr 2015 16:00:50 +0200
Subject: Added notify and dependencies for nagios service and files.

---
 global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp
index b05100e..c09679d 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp
@@ -8,18 +8,23 @@ class sunet::nagios {
        ensure => 'installed',
    } ->
    service {'nagios-nrpe-server':
-       ensure => 'running'
+       ensure  => 'running',
+       enable  => 'true',
+       require => Package['nagios-nrpe-server'],
    } ->
    file { "/etc/nagios/nrpe.cfg" :
+       notify  => Service['nagios-nrpe-server'],
        ensure  => 'file',
        mode    => '0640',
        group   => 'nagios',
+       require => Package['nagios-nrpe-server'],
        content => template('sunet/nagioshost/nrpe.cfg.erb'),
    } ->
    file { "/usr/lib/nagios/plugins/check_uptime.pl" :
        ensure  => 'file',
        mode    => '0751',
        group   => 'nagios',
+       require => Package['nagios-nrpe-server'],
        content => template('sunet/nagioshost/check_uptime.pl.erb'),
    } ->
    ufw::allow { "allow-nrpe-v4":
-- 
cgit v1.1


From 877abf0d9b4f0b05425f82bb648d7f9c2215c3fa Mon Sep 17 00:00:00 2001
From: Dennis Wallberg <dennis@nordu.net>
Date: Wed, 22 Apr 2015 16:13:19 +0200
Subject: typo

---
 .../etc/puppet/modules/sunet/manifests/nagios.pp   |  7 ++++
 .../sunet/templates/nagioshost/check_reboot.erb    | 37 ++++++++++++++++++++++
 2 files changed, 44 insertions(+)
 create mode 100755 global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_reboot.erb

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp
index c09679d..cbd47a0 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp
@@ -27,6 +27,13 @@ class sunet::nagios {
        require => Package['nagios-nrpe-server'],
        content => template('sunet/nagioshost/check_uptime.pl.erb'),
    } ->
+   file { "/usr/lib/nagios/plugins/check_reboot" :
+       ensure  => 'file',
+       mode    => '0751',
+       group   => 'nagios',
+       require => Package['nagios-nrpe-server'],
+       content => template('sunet/nagioshost/check_reboot'),
+   } ->
    ufw::allow { "allow-nrpe-v4":
        from  => "${nagios_ip_v4}",
        ip    => 'any',
diff --git a/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_reboot.erb b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_reboot.erb
new file mode 100755
index 0000000..aa0bd5d
--- /dev/null
+++ b/global/overlay/etc/puppet/modules/sunet/templates/nagioshost/check_reboot.erb
@@ -0,0 +1,37 @@
+#!/bin/bash
+declare -rx PROGNAME=${0##*/}
+declare -rx PROGPATH=${0%/*}/
+
+function cleanup {
+	#if [ -e "$TMPFILE" ] ; then
+		#rm "$TMPFILE"
+	#fi
+	exit $1
+}
+
+if [ -r "${PROGPATH}utils.sh" ] ; then
+	source "${PROGPATH}utils.sh"
+else
+	echo "Can't find utils.sh."
+	printf "Currently being run from %s\n" "$PROGPATH"
+	# since we couldn't define STATE_UNKNOWN since reading utils.sh failed, we use 3 here but everywhere else after this use cleanup $STATE
+	cleanup 3
+fi
+
+STATE=$STATE_UNKNOWN
+
+
+if [ -f /var/run/reboot-required.pkgs ]
+then
+	pkg=`cat /var/run/reboot-required.pkgs`
+fi
+
+if [ -f /var/run/reboot-required ]
+then
+	echo "Reboot WARNING: System reboot required by package $pkg"
+        cleanup $STATE_WARNING;
+fi
+      echo "Reboot OK: No reboot required"
+      cleanup $STATE_OK;
+cleanup $STATE;
+ 
-- 
cgit v1.1


From 7242a1cf051cf6a73e47d9a9fb68ed6c6ae43778 Mon Sep 17 00:00:00 2001
From: Dennis Wallberg <dennis@nordu.net>
Date: Wed, 22 Apr 2015 16:14:24 +0200
Subject: added plugin

---
 global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp
index cbd47a0..48bf5ca 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp
@@ -6,12 +6,12 @@ class sunet::nagios {
 
    package {'nagios-nrpe-server':
        ensure => 'installed',
-   } ->
+   }
    service {'nagios-nrpe-server':
        ensure  => 'running',
        enable  => 'true',
        require => Package['nagios-nrpe-server'],
-   } ->
+   }
    file { "/etc/nagios/nrpe.cfg" :
        notify  => Service['nagios-nrpe-server'],
        ensure  => 'file',
@@ -19,27 +19,27 @@ class sunet::nagios {
        group   => 'nagios',
        require => Package['nagios-nrpe-server'],
        content => template('sunet/nagioshost/nrpe.cfg.erb'),
-   } ->
+   }
    file { "/usr/lib/nagios/plugins/check_uptime.pl" :
        ensure  => 'file',
        mode    => '0751',
        group   => 'nagios',
        require => Package['nagios-nrpe-server'],
        content => template('sunet/nagioshost/check_uptime.pl.erb'),
-   } ->
+   }
    file { "/usr/lib/nagios/plugins/check_reboot" :
        ensure  => 'file',
        mode    => '0751',
        group   => 'nagios',
        require => Package['nagios-nrpe-server'],
        content => template('sunet/nagioshost/check_reboot'),
-   } ->
+   }
    ufw::allow { "allow-nrpe-v4":
        from  => "${nagios_ip_v4}",
        ip    => 'any',
        proto => 'tcp',
        port  => 5666
-   } ->
+   }
    ufw::allow { "allow-nrpe-v6":
        from  => "${nagios_ip_v6}",
        ip    => 'any',
-- 
cgit v1.1


From 0008d057cde159d7039c5f93fe69d5b9f7ee6bfb Mon Sep 17 00:00:00 2001
From: Dennis Wallberg <dennis@nordu.net>
Date: Wed, 22 Apr 2015 16:17:46 +0200
Subject: typo fixed

---
 global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp
index 48bf5ca..91ccf6c 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp
@@ -32,7 +32,7 @@ class sunet::nagios {
        mode    => '0751',
        group   => 'nagios',
        require => Package['nagios-nrpe-server'],
-       content => template('sunet/nagioshost/check_reboot'),
+       content => template('sunet/nagioshost/check_reboot.erb'),
    }
    ufw::allow { "allow-nrpe-v4":
        from  => "${nagios_ip_v4}",
-- 
cgit v1.1


From 72387f9d6457a9c07bfe01bfbc574aa8c66285bf Mon Sep 17 00:00:00 2001
From: Johan Lundberg <lundberg@nordu.net>
Date: Thu, 23 Apr 2015 15:27:04 +0200
Subject: Moving nagios config to class sunet::nagios.

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp |  16 +-
 sto-tug-kvm2.swamid.se/overlay/etc/nagios/nrpe.cfg | 246 ---------------------
 2 files changed, 1 insertion(+), 261 deletions(-)
 delete mode 100644 sto-tug-kvm2.swamid.se/overlay/etc/nagios/nrpe.cfg

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index c7bc59c..5c31b43 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -697,21 +697,7 @@ node 'cdr1.sunet.se' {
 }
 
 node 'sto-tug-kvm2.swamid.se' {
-   package {'nagios-nrpe-server':
-       ensure => 'installed',
-   } ->
-   ufw::allow { "allow-nrpe-v4":
-       from  => '109.105.111.111',
-       ip    => 'any',
-       proto => 'tcp',
-       port  => 5666
-   }
-   ufw::allow { "allow-nrpe-v6":
-       from  => '2001:948:4:6::111',
-       ip    => 'any',
-       proto => 'tcp',
-       port  => 5666
-   }
+   class { 'sunet::nagios': }
    file {'/var/docker':
        ensure => 'directory',
    } ->
diff --git a/sto-tug-kvm2.swamid.se/overlay/etc/nagios/nrpe.cfg b/sto-tug-kvm2.swamid.se/overlay/etc/nagios/nrpe.cfg
deleted file mode 100644
index 043ea90..0000000
--- a/sto-tug-kvm2.swamid.se/overlay/etc/nagios/nrpe.cfg
+++ /dev/null
@@ -1,246 +0,0 @@
-#############################################################################
-# Sample NRPE Config File 
-# Written by: Ethan Galstad (nagios@nagios.org)
-# 
-# Last Modified: 11-23-2007
-#
-# NOTES:
-# This is a sample configuration file for the NRPE daemon.  It needs to be
-# located on the remote host that is running the NRPE daemon, not the host
-# from which the check_nrpe client is being executed.
-#############################################################################
-
-
-# LOG FACILITY
-# The syslog facility that should be used for logging purposes.
-
-log_facility=daemon
-
-
-
-# PID FILE
-# The name of the file in which the NRPE daemon should write it's process ID
-# number.  The file is only written if the NRPE daemon is started by the root
-# user and is running in standalone mode.
-
-pid_file=/var/run/nagios/nrpe.pid
-
-
-
-# PORT NUMBER
-# Port number we should wait for connections on.
-# NOTE: This must be a non-priviledged port (i.e. > 1024).
-# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
-
-server_port=5666
-
-
-
-# SERVER ADDRESS
-# Address that nrpe should bind to in case there are more than one interface
-# and you do not want nrpe to bind on all interfaces.
-# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
-
-#server_address=127.0.0.1
-
-
-
-# NRPE USER
-# This determines the effective user that the NRPE daemon should run as.  
-# You can either supply a username or a UID.
-# 
-# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
-
-nrpe_user=nagios
-
-
-
-# NRPE GROUP
-# This determines the effective group that the NRPE daemon should run as.  
-# You can either supply a group name or a GID.
-# 
-# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
-
-nrpe_group=nagios
-
-
-
-# ALLOWED HOST ADDRESSES
-# This is an optional comma-delimited list of IP address or hostnames 
-# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask
-# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently 
-# supported.
-#
-# Note: The daemon only does rudimentary checking of the client's IP
-# address.  I would highly recommend adding entries in your /etc/hosts.allow
-# file to allow only the specified host to connect to the port
-# you are running this daemon on.
-#
-# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
-
-allowed_hosts=109.105.111.111,2001:948:4:6::111
- 
-
-
-# COMMAND ARGUMENT PROCESSING
-# This option determines whether or not the NRPE daemon will allow clients
-# to specify arguments to commands that are executed.  This option only works
-# if the daemon was configured with the --enable-command-args configure script
-# option.  
-#
-# *** ENABLING THIS OPTION IS A SECURITY RISK! *** 
-# Read the SECURITY file for information on some of the security implications
-# of enabling this variable.
-#
-# Values: 0=do not allow arguments, 1=allow command arguments
-
-dont_blame_nrpe=0
-
-
-
-# BASH COMMAND SUBTITUTION
-# This option determines whether or not the NRPE daemon will allow clients
-# to specify arguments that contain bash command substitutions of the form
-# $(...).  This option only works if the daemon was configured with both 
-# the --enable-command-args and --enable-bash-command-substitution configure 
-# script options.
-#
-# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! *** 
-# Read the SECURITY file for information on some of the security implications
-# of enabling this variable.
-#
-# Values: 0=do not allow bash command substitutions, 
-#         1=allow bash command substitutions
-
-allow_bash_command_substitution=0
-
-
-
-# COMMAND PREFIX
-# This option allows you to prefix all commands with a user-defined string.
-# A space is automatically added between the specified prefix string and the
-# command line from the command definition.
-#
-# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! ***
-# Usage scenario: 
-# Execute restricted commmands using sudo.  For this to work, you need to add
-# the nagios user to your /etc/sudoers.  An example entry for alllowing 
-# execution of the plugins from might be:
-#
-# nagios          ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/
-#
-# This lets the nagios user run all commands in that directory (and only them)
-# without asking for a password.  If you do this, make sure you don't give
-# random users write access to that directory or its contents!
-
-# command_prefix=/usr/bin/sudo 
-
-
-
-# DEBUGGING OPTION
-# This option determines whether or not debugging messages are logged to the
-# syslog facility.
-# Values: 0=debugging off, 1=debugging on
-
-debug=0
-
-
-
-# COMMAND TIMEOUT
-# This specifies the maximum number of seconds that the NRPE daemon will
-# allow plugins to finish executing before killing them off.
-
-command_timeout=60
-
-
-
-# CONNECTION TIMEOUT
-# This specifies the maximum number of seconds that the NRPE daemon will
-# wait for a connection to be established before exiting. This is sometimes
-# seen where a network problem stops the SSL being established even though
-# all network sessions are connected. This causes the nrpe daemons to
-# accumulate, eating system resources. Do not set this too low.
-
-connection_timeout=300
-
-
-
-# WEEK RANDOM SEED OPTION
-# This directive allows you to use SSL even if your system does not have
-# a /dev/random or /dev/urandom (on purpose or because the necessary patches
-# were not applied). The random number generator will be seeded from a file
-# which is either a file pointed to by the environment valiable $RANDFILE
-# or $HOME/.rnd. If neither exists, the pseudo random number generator will
-# be initialized and a warning will be issued.
-# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness
-
-#allow_weak_random_seed=1
-
-
-
-# INCLUDE CONFIG FILE
-# This directive allows you to include definitions from an external config file.
-
-#include=<somefile.cfg>
-
-
-
-# INCLUDE CONFIG DIRECTORY
-# This directive allows you to include definitions from config files (with a
-# .cfg extension) in one or more directories (with recursion).
-
-#include_dir=<somedirectory>
-#include_dir=<someotherdirectory>
-
-
-
-# COMMAND DEFINITIONS
-# Command definitions that this daemon will run.  Definitions
-# are in the following format:
-#
-# command[<command_name>]=<command_line>
-#
-# When the daemon receives a request to return the results of <command_name>
-# it will execute the command specified by the <command_line> argument.
-#
-# Unlike Nagios, the command line cannot contain macros - it must be
-# typed exactly as it should be executed.
-#
-# Note: Any plugins that are used in the command lines must reside
-# on the machine that this daemon is running on!  The examples below
-# assume that you have plugins installed in a /usr/local/nagios/libexec
-# directory.  Also note that you will have to modify the definitions below
-# to match the argument format the plugins expect.  Remember, these are
-# examples only!
-
-
-# The following examples use hardcoded command arguments...
-
-command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10
-command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
-command[check_root]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /
-command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z
-command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200 
-
-
-# The following examples allow user-supplied arguments and can
-# only be used if the NRPE daemon was compiled with support for 
-# command arguments *AND* the dont_blame_nrpe directive in this
-# config file is set to '1'.  This poses a potential security risk, so
-# make sure you read the SECURITY file before doing this.
-
-#command[check_users]=/usr/lib/nagios/plugins/check_users -w $ARG1$ -c $ARG2$
-#command[check_load]=/usr/lib/nagios/plugins/check_load -w $ARG1$ -c $ARG2$
-#command[check_disk]=/usr/lib/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
-#command[check_procs]=/usr/lib/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
-
-#
-# local configuration:
-#	if you'd prefer, you can instead place directives here
-include=/etc/nagios/nrpe_local.cfg
-
-# 
-# you can place your config snipplets into nrpe.d/
-# only snipplets ending in .cfg will get included
-include_dir=/etc/nagios/nrpe.d/
-
-- 
cgit v1.1


From e9f06d2ec17be72874fa30f310f8f41bbd695530 Mon Sep 17 00:00:00 2001
From: Johan Lundberg <lundberg@nordu.net>
Date: Thu, 23 Apr 2015 15:27:30 +0200
Subject: Moving postgres backup script in to container.

---
 .../overlay/etc/cron.d/flog_daily                  |  2 +-
 .../overlay/usr/local/bin/postgres_backup          | 32 ----------------------
 2 files changed, 1 insertion(+), 33 deletions(-)
 delete mode 100755 sto-tug-kvm2.swamid.se/overlay/usr/local/bin/postgres_backup

diff --git a/sto-tug-kvm2.swamid.se/overlay/etc/cron.d/flog_daily b/sto-tug-kvm2.swamid.se/overlay/etc/cron.d/flog_daily
index 0759dca..5878023 100644
--- a/sto-tug-kvm2.swamid.se/overlay/etc/cron.d/flog_daily
+++ b/sto-tug-kvm2.swamid.se/overlay/etc/cron.d/flog_daily
@@ -1,6 +1,6 @@
 # m h dom mon dow user command
 0 23 * * * root     /usr/local/bin/scriptherder --mode wrap --name flog_update_institutions -- /usr/bin/curl https://meta.eduroam.se/institution.xml -so /opt/flog/institution.xml
-1 0  * * * root     /usr/local/bin/scriptherder --mode wrap --syslog --name flog_db_backup -- /usr/local/bin/postgres_backup
+1 0  * * * root     /usr/local/bin/scriptherder --mode wrap --syslog --name flog_db_backup -- docker exec flog_db /usr/local/bin/backup
 # Run aggregation and caching for eduroam data
 20 0 * * * root     /usr/local/bin/scriptherder --mode wrap --name flog_daily_eduroam -- /usr/bin/docker run --rm -it -a stdout -a stderr -v /opt/flog/dotenv:/opt/flog/.env -v /var/log/flog_cron/:/opt/flog/logs/ -v /opt/flog/institution.xml:/opt/flog/institution.xml -v /opt/flog/dotenv:/opt/flog/.env -v /etc/passwd:/etc/passwd:ro -v /etc/group:/etc/group:ro --link flog_db:flog_db.docker docker.sunet.se/flog/flog_app /bin/sh -e /usr/local/bin/daily_eduroam
 # Run aggregation and caching for sso data
diff --git a/sto-tug-kvm2.swamid.se/overlay/usr/local/bin/postgres_backup b/sto-tug-kvm2.swamid.se/overlay/usr/local/bin/postgres_backup
deleted file mode 100755
index a2b4986..0000000
--- a/sto-tug-kvm2.swamid.se/overlay/usr/local/bin/postgres_backup
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/usr/bin/env bash
-#
-# Simplistic postgres backup
-#
-set -e
-
-BACKUPROOT="/var/docker/postgresql_data/backup"
-DBCONTAINER="flog_db"
-
-if [ ! -d ${BACKUPROOT} ]; then
-    echo "$0: Directory ${BACKUPROOT} does not exist - aborting."
-    exit 1
-fi
-
-set -e
-
-# keep seven days worth of dumps
-rm -rf ${BACKUPROOT}/postgres-dumpall-flogdb.gz.7
-test -f ${BACKUPROOT}/postgres-dumpall-flogdb.gz.6 && mv ${BACKUPROOT}/postgres-dumpall-flogdb.gz.6 ${BACKUPROOT}/postgres-dumpall-flogdb.gz.7
-test -f ${BACKUPROOT}/postgres-dumpall-flogdb.gz.5 && mv ${BACKUPROOT}/postgres-dumpall-flogdb.gz.5 ${BACKUPROOT}/postgres-dumpall-flogdb.gz.6
-test -f ${BACKUPROOT}/postgres-dumpall-flogdb.gz.4 && mv ${BACKUPROOT}/postgres-dumpall-flogdb.gz.4 ${BACKUPROOT}/postgres-dumpall-flogdb.gz.5
-test -f ${BACKUPROOT}/postgres-dumpall-flogdb.gz.3 && mv ${BACKUPROOT}/postgres-dumpall-flogdb.gz.3 ${BACKUPROOT}/postgres-dumpall-flogdb.gz.4
-test -f ${BACKUPROOT}/postgres-dumpall-flogdb.gz.2 && mv ${BACKUPROOT}/postgres-dumpall-flogdb.gz.2 ${BACKUPROOT}/postgres-dumpall-flogdb.gz.3
-test -f ${BACKUPROOT}/postgres-dumpall-flogdb.gz.1 && mv ${BACKUPROOT}/postgres-dumpall-flogdb.gz.1 ${BACKUPROOT}/postgres-dumpall-flogdb.gz.2
-
-echo "Running postgres pg_dumpall..."
-
-cd ${BACKUPROOT}
-/usr/bin/docker exec ${DBCONTAINER} sudo -u postgres /usr/bin/pg_dumpall | /bin/gzip > postgres-dumpall-flogdb.gz
-
-mv ${BACKUPROOT}/postgres-dumpall-flogdb.gz ${BACKUPROOT}/postgres-dumpall-flogdb.gz.1
-
-- 
cgit v1.1


From a14190d059fc2e5ac03fbfe5475b0baac1705c43 Mon Sep 17 00:00:00 2001
From: Johan Lundberg <lundberg@nordu.net>
Date: Fri, 24 Apr 2015 10:57:02 +0200
Subject: Add memcached container to sto-tug-kvm2.

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 5c31b43..0414b2c 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -751,6 +751,9 @@ node 'sto-tug-kvm2.swamid.se' {
       image    => 'docker.sunet.se/flog/flog_app',
       volumes  => ['/opt/flog/dotenv:/opt/flog/.env','/var/log/flog/:/opt/flog/logs/'],
    } ->
+   sunet::docker_run {'memcached':
+      image    => 'docker.sunet.se/library/memcached',
+   } ->
    sunet::docker_run {'flog_nginx':
       image     => 'docker.sunet.se/flog/nginx',
       ports     => ['80:80', '443:443'],
-- 
cgit v1.1


From deeb38e36bf12b51535cae4a6e61ab145a0720d6 Mon Sep 17 00:00:00 2001
From: Johan Lundberg <lundberg@nordu.net>
Date: Fri, 24 Apr 2015 11:01:55 +0200
Subject: Added system user memcache to sto-tug-kvm2

---
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 0414b2c..b7b1601 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -713,6 +713,10 @@ node 'sto-tug-kvm2.swamid.se' {
        username => 'www-data',
        group    => 'www-data',
    } ->
+   sunet::system_user {'memcache-system-user':
+       username => 'memcache',
+       group    => 'memcache',
+   } ->
    file {'/var/docker/postgresql_data':
        ensure => 'directory',
        owner  => 'postgres',
-- 
cgit v1.1