leap_platform.git/puppet/modules/site_config/templates, branch 0.5.4 [leap_platform] clean up how /etc/hosts is generated so it doesn't require custom behavior depending on the services. 2014-06-04T21:19:55+00:00 elijah elijah@riseup.net 2014-06-04T21:19:55+00:00 f991e8a4c877cff1d274fd1cac26488f8c3fda84 






Change the initial firewall to subscribe to the rule file to be able to
2014-05-06T20:37:01+00:00

Micah Anderson
micah@leap.se

2014-05-06T20:37:01+00:00

0eff66a4bcf68b51c57493c0a80e0f3813476733

trigger changes, make the default ipv6 firewall subscribe to shorewall6,
if it exists, and finally reject all outgoing IPv6 packets.

All of this will complete the platform-side of route IPv6 through
OpenVPN gateway, and block it. (Feature #4163)

Change-Id: Icf6d582063ed01d304658b740a565057ee4e6810





trigger changes, make the default ipv6 firewall subscribe to shorewall6,
if it exists, and finally reject all outgoing IPv6 packets.

All of this will complete the platform-side of route IPv6 through
OpenVPN gateway, and block it. (Feature #4163)

Change-Id: Icf6d582063ed01d304658b740a565057ee4e6810







initial firewall: allow port 22 by default. This is the most common port
2014-04-24T18:59:33+00:00

Micah Anderson
micah@leap.se

2014-04-24T18:55:46+00:00

640c63ef377abe7a4461ab417c27057313613830

that sshd will be listening to in a default setup. This needs to be
allowed so that you can have a different port configured in the
hiera and not get locked out during deployment (#5119)

Change-Id: Ie101eaaf440415ddb276621c369da7f67f409c2b





that sshd will be listening to in a default setup. This needs to be
allowed so that you can have a different port configured in the
hiera and not get locked out during deployment (#5119)

Change-Id: Ie101eaaf440415ddb276621c369da7f67f409c2b







include "127.0.1.1 @domain_public @api['domain']"  in /etc/hosts for nagios webapp log check
2014-02-27T17:28:54+00:00

varac
varacanero@zeromail.org

2014-02-27T15:41:05+00:00

2887bbbac9f350c0912e3b2bf8fd643994eaee84












fix initial firewall to allow outgoing lo traffic and outgoing port 443 (#3736)
2013-09-05T02:46:56+00:00

Micah Anderson
micah@leap.se

2013-09-05T02:46:56+00:00

f9ee40f2fca2396c1ef7d85a9c44b97fe834671a

this allows nameserver queries to the local resolver to work and clones to the
leap https repository to work

Change-Id: I575d08405a0c28e12c8d201a8dbc79585a5a9a48





this allows nameserver queries to the local resolver to work and clones to the
leap https repository to work

Change-Id: I575d08405a0c28e12c8d201a8dbc79585a5a9a48







install a preliminary firewall that blocks everything, except ssh for the cases when shorewall doesn't properly come up, ensuring that it fails safe (#3339)
2013-08-22T13:43:20+00:00

Micah Anderson
micah@leap.se

2013-08-20T23:45:56+00:00

3cdebf3ebe73cb2859dc852dcc73a8ee2d60e976

Change-Id: Id4f0bf6cf25f420aa2ad67635b37ae95f54e3d38





Change-Id: Id4f0bf6cf25f420aa2ad67635b37ae95f54e3d38







ensure that /etc/hosts is output deterministically, so that content does not change each time you deploy.
2013-07-11T04:45:51+00:00

elijah
elijah@riseup.net

2013-07-11T04:45:51+00:00

0e7b47380edb2af6683a0cdc871eaa60a4101f5c












Fix 'Failed to call refresh: /usr/local/sbin/reload_dhclient returned 2 instead
2013-06-30T23:35:32+00:00

Micah Anderson
micah@riseup.net

2013-06-30T23:35:32+00:00

1d91ef608855059dbb7938dbd59adf2f70220139

of one of [0]' by putting in the missing closing single quote.

Change-Id: I86feb5d06dd25e28ea67da0b5627e7be4174e01e





of one of [0]' by putting in the missing closing single quote.

Change-Id: I86feb5d06dd25e28ea67da0b5627e7be4174e01e







disable dhclient from modifying the /etc/resolv.conf file on openstack/amazon instances
2013-06-19T17:41:23+00:00

Micah Anderson
micah@riseup.net

2013-06-19T17:41:23+00:00

d9614163ed327fc17d27ac623dfd639ce00a43ce

The dhclient in these environments is quite aggressive and overwrites the
nameservers we've deliberately chosen to use with google's nameservers. This
commit attempts to fix that.

The dhclient methodology for altering these things is particularly
unpleasant. We effectively redefine the functions that mess with this file to be
noops in the /etc/dhcp/dhclient-enter-hooks.d directory and then we are forced
to restart dhclient by shipping a script that tries to determine the correct PID
and arguments that it was running as before killing and restarting it with the
same arguments.

See debian bugs #681698, #712796 for further discussion about how to make this
less difficult

Change-Id: I51cf40cf98eaddcefd8180e157b6e3ca824173f0





The dhclient in these environments is quite aggressive and overwrites the
nameservers we've deliberately chosen to use with google's nameservers. This
commit attempts to fix that.

The dhclient methodology for altering these things is particularly
unpleasant. We effectively redefine the functions that mess with this file to be
noops in the /etc/dhcp/dhclient-enter-hooks.d directory and then we are forced
to restart dhclient by shipping a script that tries to determine the correct PID
and arguments that it was running as before killing and restarting it with the
same arguments.

See debian bugs #681698, #712796 for further discussion about how to make this
less difficult

Change-Id: I51cf40cf98eaddcefd8180e157b6e3ca824173f0







/etc/hosts must not have commas!!
2013-06-12T06:22:57+00:00

elijah
elijah@riseup.net

2013-06-12T06:22:57+00:00

722ff7da46de4e656b3a110a65b9ccaa57f82898