-
Support LE accounts in mdata variable. [Thomas Merkel]
Store LE accounts in metadata for better account restore for existing machines. Especially on re-provision the account could be restored to generate a new valid certificate by the same account.
- Fix EMAIL handling, wrong variable overwrite parameter. [Thomas Merkel]
- Fix wrong quoting of variables for LE certbot exec. [Thomas Merkel]
- Use ShellCheck to fix issues which are auto-detected. [Thomas Merkel]
-
Switch to pkgsrc 2023Q4 and using Python version 3.11. [Thomas Merkel]
-
Provide new dds (delegate dataset) list script. [Thomas Merkel]
A new script is available which looks for datasets which exists on a system and will be used during zoneinit. It provides a easy support for zones/ and data/ datasets.
-
Revert "Enable delegate dataset (ZFS) for /home" [Thomas Merkel]
Because of bigger issues with re-provision of images and especially with images which depends on core-base we remove this feature. We should and will stay with the useradd-zfs shell script which handle delegate datasets for the users but not for /home directly.
This reverts commit 7708a8029a860afb2c84ae90fb04dc23a06bd5d9.
-
Switch to pkgsrc 2022Q4 and using Python version 3.10. [Thomas Merkel]
-
Enable delegate dataset (ZFS) for /home. [Thomas Merkel]
Enable managed ZFS (delegate dataset) for useradd and user homes. Modify existing users (admin) to use /home/admin dataset.
- Fix pkgin gpg trust database. [Thomas Merkel]
-
Add skylime-extra pkgsrc repository by default to pkgin. [Thomas Merkel]
-
Overwrite nullmailer SMF to support syslog logging. [Thomas Merkel]
Pipe nullmailer stdout/stderr to logger and syslog. Otherwise logging is provided in the svc logfile without datetime information.
-
Provide better smartos-munin-plugin handling. [Thomas Merkel]
Support extra sub-directory for our own plugins which should not overwrite existing plugins. We are sure our additional plugins are overwrite symlink defaults if they exists.
- Switch to fixed znapzend version with correct perl dependencies. [Thomas Merkel]
- Version bump to 2021Q4 [Thomas Merkel]
- Support munin with tls authentication and security [Thomas Merkel]
- Add shell script to generate SSH private, public key pair [Thomas Merkel]
- Add munin nullmailer warning and critical level [Thomas Merkel]
- Provide new mdata variable for znapzend_dst to send remote backups easily [Thomas Merkel]
- Provide workaround for screen close on ctrl+c [Thomas Merkel]
- Additional keys (F5, F6) for screen prev and next session (#3) [sk1ll10]
- Rename script because it's not only for root, support sudo [Thomas Merkel]
- Install v0.18 SmartOS Munin Plugins [Thomas Merkel]
- Switch to py39-certbot because of new default python version [Thomas Merkel]
- Version bump to 2020Q4. [Thomas Merkel]
- Switch to python 3.8 certbot version. [Thomas Merkel]
- Send Email for admin users. [Thomas Merkel]
- Fix ssl-generator hostlist for Lets Encrypt. [Thomas Merkel]
- Reset postinit for re-provision. [Thomas Merkel]
- Update LICENSE date. [Thomas Merkel]
- Check-log: support lines when error should be reported. [Thomas Merkel]
- Version bump to 2020Q3 pkgsrc release. [Thomas Merkel]
- Let's Encrypt use renewal-hooks/deploy as replacement renew-hook parameter. [Thomas Merkel]
- Report znapzend errors after 2 errors a day. [Thomas Merkel]
- Support --debug for ssl-letsencrypt-renew.sh to receive some additional information. [Thomas Merkel]
- Add first version of useradd-zfs script, to handle user datasets on reprovision. [Thomas Merkel]
- Add postinit script for personal / admin user init.sh. [Thomas Merkel]
- Add lenght options to generate passwords. [Thomas Merkel]
- Add minimal screenrc. [Thomas Merkel]
-
Switch to usr/bin/env bash, to find always correct bash version. [Thomas Merkel]
Add executable flag, so it's easier to run a script later if needed
- Use tmp in var for check-log script [jfqd]
- Secure nullmailer remotes config file. [Thomas Merkel]
- Add documentation for mdata-create-password. [Thomas Merkel]
- Version bump to 2020Q1 release. [Thomas Merkel]
- Add support to add users to sysadmin group. [Thomas Merkel]
- Add vim from pkgsrc, for newer version and better support. [Thomas Merkel]
- Default SSH port changed from 22 to 10110. [Thomas Merkel]
- Add unzip package. [Thomas Merkel]
- Add Let's Encrypt hostlist support for multiple SANs. [Thomas Merkel]
- Update munin plugins to fix nullmailer script typo. [Thomas Merkel]
- Fix py-certbot dependecy issue, upgrade to latest version in netbsd/2019Q3. [Thomas Merkel]
- Add mtr as default package. [Thomas Merkel]
- Switch from default ssh port 22 to 10110. [Thomas Merkel]
- Update to latest munin plugins (v0.16) and enable nullmailer and ip_version. [Thomas Merkel]
- ssl-selfsigned.sh, create folder if it doesn't exists. [Thomas Merkel]
- Add support for core scripts in admin path. [Thomas Merkel]
- Ignore dh.pem files. [Thomas Merkel]
- Add new LE renew script for cronjob. [Thomas Merkel]
- Add simple motd-cleanup script. [Thomas Merkel]
- Fix LE webroot / http port lookup. [Thomas Merkel]
- Fix script for mdata-create-password, provide other options to be quiet if only check is required. [Thomas Merkel]
- Add script to add secrets to mdata variables. [Thomas Merkel]
- Add the option to echo the variable if it exits. [Thomas Merkel]
- Provide fix for py37-certbot to use correct configuration directory. [Thomas Merkel]
- Version bump to 18.4.0. [Thomas Merkel] Switching to SkyLime munin-node version which is only build with py37.
- Provide new postinit feature to run provision tasks after zoneinit. [Thomas Merkel]
- Version bump to 18.3.0 minimal-64 [Thomas Merkel]
- Remove mdata-setup support and use only existing zoneinit service. [Thomas Merkel]
- Version bump to 18.2.0. [Thomas Merkel]
- Switch to latest smartos-munin-plugins. [Thomas Merkel]
- Switch from bash to ksh93 to use build-in printf as a dateutils replacement. [Thomas Merkel]
-
Version bump to 18.1 with default python version 3.6. [Thomas Merkel]
-
Provide default logadm values for syslog information. [Thomas Merkel] Add default policy for syslog files:
- rotate every day
- delete after 7 days
-
Support webroot with ssl-generate.sh. [Thomas Merkel]
-
Provide an ssl-generator.sh script. [Thomas Merkel]
Provide function to generate ssl certificates easily with mdata or let's encrypt. Restart services if needed and more.
-
Add .bashrc again for root user. [Thomas Merkel]
- Remove support for one PEM file which contains cert and key. [Thomas Merkel]
- Add base64 because its required for spipe config scripts. [Thomas Merkel]
- Fix issue with date on illumos which do not support +14 days. [Thomas Merkel]
-
Version Bump to 17.4.0. [Thomas Merkel]
-
Switch from gnudate to dateutils (for munin-plugins as well) [Thomas Merkel]
Because we removed coreutils we need to switch to default tools and additional packages especially for date / dateconv.
-
Remove coreutils and findutils, because ls and chmod etc. do not support ACLs in gnu-tools. [Thomas Merkel]
- Fix readme because we use nullmailer. [Thomas Merkel]
- Add ssh host keys for ed25519 and ecdsa. [Thomas Merkel]
- Update smartos-munin-plugins, cert_expire. [Thomas Merkel]
- Switch to py35-certbot from the Joyent build. [Thomas Merkel]
- Version Bump to 17.2.0. [Thomas Merkel]
- Switch to py35 version of certbot. [Thomas Merkel]
- Add sshd_config with only valid options for OpenSSH. [Thomas Merkel]
- Munin plugin version bump to 0.11 with new network stats. [Thomas Merkel]
- Nullmailer version bump to 2.0 for 2017Q2. [Thomas Merkel]
- Add our own munin-node package and znapzend to fix known perl issues. [Thomas Merkel]
- Add sm-prepare-image workaround to fix issue on newer SmartOS platform. [Thomas Merkel]
- Provide empty file if addrconf is not set. [Thomas Merkel]
- Update nullmailer to version 2.0 [Thomas Merkel]
- Add znapzend cronjob for error lookups. [Thomas Merkel]
- Switch to grep -E to support simple regex parameters. [Thomas Merkel]
- Update to newest version of smartos munin plugins. [Thomas Merkel]
- Fix permissions for check-log script. [Thomas Merkel]
- Add check-log script. [Thomas Merkel]
- Version bump to 17.1.0. [Thomas Merkel]
- New feature to store root knonw_hosts in mdata variable. [Thomas Merkel]
- Enable cert_expire munin plugin by default. [Thomas Merkel]
- Provide the newest version of ssl-expire.sh. [Thomas Merkel]
- Update munin plugins to v0.9. [Thomas Merkel]
- Provide new version of ssl-letsencrypt.sh which also support webroots. [Thomas Merkel]
- Switch from 31day warning to 14day warning. [Thomas Merkel]
- Update to newest munin-plugins version. [Thomas Merkel]
- Let's encrypt add pre,post and renew hook scripts which could be used later in any other image. [Thomas Merkel]
- Fix parameter issue for ssl-selfsigned.sh. [Thomas Merkel]
- Fix error and return value in let's encrypt script. [Thomas Merkel]
- Remove wrong information from README. [Thomas Merkel]
- Letsencrypt helper scripts. [Thomas Merkel]
- Add grep as default command for all images. [Thomas Merkel]
- Use gsed to replace skylime repository for pkgsrc. [Thomas Merkel]
-
Remove rsyslog from core-base. [Thomas Merkel]
We will disable the support for rsyslog remote logging because it didn't worked that well based on caching and memory issues. We will continue to use the default rsyslog provided from the global zone / base.
- Fix typo and add full path to the cron call. [Thomas Merkel]
- Update readme and manifest for admin ssh keys. [Thomas Merkel]
- Rename 05-delegated-dataset.sh to 04-... because it should not be overwritten from child datasets. [Thomas Merkel]
- Fix pkgsrc version issue on customize script. [Thomas Merkel]
- Update to base-16Q4 release. [Thomas Merkel]
-
Provide support for delegated dataset to the "admin" user. [Thomas Merkel]
This feature automatically configure a delegated dataset to the "admin" user and provides an extra mdata-variable which allow SSH key deployment for the "admin" user. We consider for disabling the login as "root" which is not required anymore because of the "admin"-users sudo privileges.
- Version upgrade to 16.3.1 base64 image from Joyent. [Thomas Merkel]
- Disable in.ndp log spam if addrconf isn't used. [Thomas Merkel]
- Fix issue with wrong naming for root_ssh_rsa.pub mdata. [Thomas Merkel]
- Version bump to 16.2.1. [Thomas Merkel]
- Fix issue with wrong pkgsrc version in base image. [Thomas Merkel]
- Update to new base version 16.2.0. [Thomas Merkel]
- Allowed statless addrconf. [tschaefer]
- Default UTF-8 support for root users shell. [Thomas Merkel]
- Version bump to 16.1.0 minimal64. [Thomas Merkel]
-
Disable fm/smtp-notify because of reboot issue. [Thomas Merkel]
We detected an issue that the server isn't stopped somehow during reboot of the zone. This error happen sometimes and is currenlty not all time reproducible. But the zone will freeze and could only be restarted by restarting the global zone. For that reason we disabled the notificateion service again.
https://github.com/wiedi/deploy-zone/commit/4ad54bd07ab11933c4d21a55c4e7c794e5a998da
- Enable smtp notify service. [Thomas Merkel]
- Add bashrc for root user from default. [Thomas Merkel]
- Add gsed as default package to base. [Thomas Merkel]
- Find issue with crt lookup. [Thomas Merkel]
- Store FQDN for nullmailer in me file. [Thomas Merkel]
-
Provide SVC log functions from global zone to zones. [Thomas Merkel]
The functions help a lot for debugging and you don't need to know the full command :-)
-
Use FQDN for PS1. [Thomas Merkel]
We use a cloud based environment, so most of the time some servers have the same name but different FQDN.
-
Update to new version 15.3.0 [Tobias Schäfer]
Use new minimal base image from joyent and latest pkgsrc release. Update manifest to new version.
- Complete mdata description in manifest JSON file. [Tobias Schäfer]
- Adapt README. [Tobias Schäfer]
- We also need findutils for gnufind. [Thomas Merkel]
- We require coreutils for many script on our system so we install that by default. [Thomas Merkel]
- Sudo is required on many images. [Thomas Merkel]
- Install base64 as default tool and also add znapzend as default backup tool. [Thomas Merkel]
-
Update to new version 15.1.0. [Thomas Merkel]
Use new minimal base image from joyent. Be sure we're using pkgsrc nullmailer version. Update manifests to new version.
-
Script for ssh host key setup. [Thomas Merkel]
The script only should run once and disable itself. It should also be not enabled by default and should be started by an extra mdata / zoneinit script.
- Version bump because of minimal change. [Thomas Merkel]
- The core smf should be started before other core scripts run. [Thomas Merkel]
- Add own wrapper for our personal SMF scripts which should be included / imported. [Thomas Merkel]
- Add manifest and method for storing ssh keys in mdata variable. [Thomas Merkel]
- We create an extra sshd host key mdata script. [Thomas Merkel]
-
Switch to own rsyslog config for the future. [Thomas Merkel]
-
Rename / copy the rsyslog config from system to pkgsrc. [Thomas Merkel]
-
Disable systemlog and use pkgsrc rsyslog version. [Thomas Merkel]
We would like to have gnutls for rsyslog. So we disable system log which is also rsyslog and install the new rsyslog version including gnutls module.
- We would like to use the minimal version for base image. [Thomas Merkel]
- Update to newest 14.4.1 base. [Thomas Merkel]
-
Version update to 14.4.0 release. [Thomas Merkel]
This patch is created by @wiedi. We switch from postfix to nullmailer. By default the new minimal base image didn't contain any mailing daemon so we remove the postfix configuration scripts and replace them with an nullmailer setup.
-
Our own packages are signed with pkgsrc@skylime.net GPG key. [Thomas Merkel]
We replace the current keyring with a new one which contains the public key from Joyent and from SkyLime
- Set hostname for nullmailer smtp out. [Thomas Merkel]
- Enable nullmailer by default if smarthost exists. [Thomas Merkel]
- update pkgsrc version. [Thomas Merkel]
- Modify to use the new script to generate the munin plugins. [Thomas Merkel]
- remove debug output. [Thomas Merkel]
- Allow also env variables for PLUGINS. [Thomas Merkel]
- Add first version of munin-node-plugins script. [Thomas Merkel]
- release of new munin plugins (support more dovecot logs) [Thomas Merkel]
- add tool ccze for colored log output. [Thomas Merkel]
- update changelog. [Thomas Merkel]
- version update for last patches. [Thomas Merkel]
- version bump. [Thomas Merkel]
- update smartos munin plugins. [Thomas Merkel]
- Enable svc service by email. [Thomas Merkel]
- version update for last patches. [Thomas Merkel]
- Enable svc service by email. [Thomas Merkel]
-
version bump for mibe image. [Thomas Merkel]
-
add ssh private key mdata option for root user. [Thomas Merkel]
We would like to store the public and private ssh key for the root user in mdata. This allow us to have that information after reprovision a zone. The only valid key must be an rsa key and the public key ist mostly not required by the system.
-
add logtail with the pkg logcheck. [Thomas Merkel]
- update changelog file. [Thomas Merkel]
- update to new munin scripts. [Thomas Merkel]
- add dtracetools for debugging to base update version number. [Thomas Merkel]
- add dtracetools for debugging to base. [Thomas Merkel]
- update changelog. [Thomas Merkel]
- version update. [Thomas Merkel]
- add leading number to the rsyslog remote log config file. [Thomas Merkel]
- add additional default configuration for rsyslog. [Thomas Merkel]
- add new munin plugin version and version update for base image. [Thomas Merkel]
- update changelog file. [Thomas Merkel]
- update changelog. [Thomas Merkel]
- yes we know what we are doing, so please install rsyslog. [Thomas Merkel]
- update changelog. [Thomas Merkel]
- update changelog. [Thomas Merkel]
- update version. [Thomas Merkel]
- install rsyslog via customize script. [Thomas Merkel]
- use new version of rsyslog. [Thomas Merkel]
- version update. [Thomas Merkel]
- version update. [Thomas Merkel]
- update license file. [Thomas Merkel]
- missing rsyslog gnutls. [Thomas Merkel]
-
add changelog. [Thomas Merkel]
-
svcadm refresh is required to have new config enabled. [Thomas Merkel]
-
fix readme. [Thomas Merkel]
-
update readme file. [Thomas Merkel]
-
Expired mozilla root ca's aren't my business so don't warn me for that. [Thomas Merkel]
-
Disable StatelessAddrConf for all interfaces. [Thomas Merkel]
We configure ipv6 manually and ndpd spams to the log file every minute with "in.ndpd[2477]: [ID 102006 daemon.error] prefix_update_k(net1, net1:2, xxxx:xx:xxx:xxx::/64) from to ONLINK AUTO name is already allocated"
-
run postalias. [Thomas Merkel]
-
fix subshell file cat. [Thomas Merkel]
-
add munin plugin pkg_audit. [Thomas Merkel]
-
update to new smartos munin configs. [Thomas Merkel]
-
we will not check for ssl certificates in /etc anymore. [Thomas Merkel]
-
don't graph ramdisk iops. [Sebastian Wiedenroth]
-
be sure we skip the directory on extract. [Thomas Merkel]
-
ups. [Thomas Merkel]
-
move munin plugin configuration to customize. [Thomas Merkel]
-
create cronjob for ssl-expire check. [Thomas Merkel]
-
add script that check ssl expire. [Thomas Merkel]
-
configre ssh host keys via mdata for reprovisioning. [Thomas Merkel]
-
be sure you create an ssh dir. [Thomas Merkel]
-
Add mdata support for ssh root_authorized_keys. [Thomas Merkel]
-
add spiped-configure script. [Thomas Merkel]
-
allow also mail send without authentication. [Thomas Merkel]
-
enable postfix. [Thomas Merkel]
-
configure postfix with smarthost, user authentication and root email. [Thomas Merkel]
-
modify readme for mdata value for postfix. [Thomas Merkel]
-
Add postfix minimal configuration. [Thomas Merkel]
-
use skylime pkgsrc mirror. [Thomas Merkel]
-
fix version information. [Thomas Merkel]
-
support more than one dot. [Thomas Merkel]
-
support munin hostnames. [Thomas Merkel]
-
add mdata information to readme. [Thomas Merkel]
-
Add remote logging server variables. [Thomas Merkel]
-
add description. [Thomas Merkel]
-
Add munin-node as default. [Thomas Merkel]
-
add first idea of metadata extra information. [Thomas Merkel]
-
add default pkgs. [Thomas Merkel]
-
Add mdata setup scripts and zoneinit. [Thomas Merkel]
-
add manifest for base image. [Thomas Merkel]
-
first import basics for base mibe. [Thomas Merkel]