diff options
Diffstat (limited to 'provider_base')
-rw-r--r-- | provider_base/common.json | 36 | ||||
-rw-r--r-- | provider_base/files/service-definitions/provider.json.erb | 2 | ||||
-rw-r--r-- | provider_base/lib/macros/nodes.rb | 4 | ||||
-rw-r--r-- | provider_base/lib/macros/secrets.rb | 8 | ||||
-rw-r--r-- | provider_base/provider.json | 8 | ||||
-rw-r--r-- | provider_base/services/webapp.json | 20 |
6 files changed, 55 insertions, 23 deletions
diff --git a/provider_base/common.json b/provider_base/common.json index 649db0d9..c7be5cf4 100644 --- a/provider_base/common.json +++ b/provider_base/common.json @@ -29,8 +29,8 @@ "cert": "= x509.use ? file(:node_x509_cert, :missing => 'x509 certificate for node $node. Run `leap cert update`') : nil", "key": "= x509.use ? file(:node_x509_key, :missing => 'x509 key for node $node. Run `leap cert update`') : nil", "ca_cert": "= try_file :ca_cert", - "commercial_cert": "= x509.use_commercial ? file([:commercial_cert, try{webapp.domain}||domain.full_suffix], :missing => 'commercial x509 certificate for node $node. Add file $file, or run `leap cert csr` to generate a temporary self-signed cert and CSR you can use to purchase a real cert.') : nil", - "commercial_key": "= x509.use_commercial ? file([:commercial_key, try{webapp.domain}||domain.full_suffix], :missing => 'commercial x509 certificate for node $node. Add file $file, or run `leap cert csr` to generate a temporary self-signed cert and CSR you can use to purchase a real cert.') : nil", + "commercial_cert": "= x509.use_commercial ? file([:commercial_cert, try{webapp.domain}||domain.full_suffix], :missing => 'commercial x509 certificate for node $node. Add file $file, or run `leap cert csr --domain %s` to generate a temporary self-signed cert and CSR you can use to purchase a real cert.' % (try{webapp.domain}||domain.full_suffix)) : nil", + "commercial_key": "= x509.use_commercial ? file([:commercial_key, try{webapp.domain}||domain.full_suffix], :missing => 'commercial x509 certificate for node $node. Add file $file, or run `leap cert csr --domain %s` to generate a temporary self-signed cert and CSR you can use to purchase a real cert.' % (try{webapp.domain}||domain.full_suffix)) : nil", "commercial_ca_cert": "= x509.use_commercial ? try_file(:commercial_ca_cert) : nil" }, "service_type": "internal_service", @@ -50,5 +50,37 @@ "platform": { "version": "= Leap::Platform.version.to_s", "major_version": "= Leap::Platform.major_version" + }, + "sources": { + "apt": { + "basic": "http://httpredir.debian.org/debian/", + "security": "http://security.debian.org/", + "backports": "http://httpredir.debian.org/debian/" + }, + "leap-mx": { + "type": "apt", + "package": "leap-mx", + "revision": "latest" + }, + "nickserver": { + "type": "git", + "source": "https://leap.se/git/nickserver", + "revision": "origin/master" + }, + "soledad": { + "type": "apt", + "package": "soledad-server", + "revision": "latest" + }, + "tapicero": { + "type": "git", + "source": "https://leap.se/git/tapicero", + "revision": "origin/version/0.7" + }, + "webapp": { + "type": "git", + "source": "https://leap.se/git/leap_web", + "revision": "origin/version/0.7" + } } } diff --git a/provider_base/files/service-definitions/provider.json.erb b/provider_base/files/service-definitions/provider.json.erb index 2d0a5886..be8ae484 100644 --- a/provider_base/files/service-definitions/provider.json.erb +++ b/provider_base/files/service-definitions/provider.json.erb @@ -7,7 +7,7 @@ hsh['domain'] = domain.full_suffix # advertise services that are 'user services' and for which there are actually nodes - hsh['services'] ||= global.env(environment).services[:service_type => :user_service].field(:name).select do |service| + hsh['services'] ||= global.services[:service_type => :user_service].field(:name).select do |service| nodes_like_me[:services => service].any? end diff --git a/provider_base/lib/macros/nodes.rb b/provider_base/lib/macros/nodes.rb index 0c6668a0..8b961cbc 100644 --- a/provider_base/lib/macros/nodes.rb +++ b/provider_base/lib/macros/nodes.rb @@ -15,10 +15,10 @@ module LeapCli end # - # grab an environment appropriate provider + # simple alias for global.provider # def provider - global.env(@node.environment).provider + global.provider end # diff --git a/provider_base/lib/macros/secrets.rb b/provider_base/lib/macros/secrets.rb index 51bf3971..8d1feb55 100644 --- a/provider_base/lib/macros/secrets.rb +++ b/provider_base/lib/macros/secrets.rb @@ -13,17 +13,17 @@ module LeapCli # +length+ is the character length of the generated password. # def secret(name, length=32) - @manager.secrets.set(name, Util::Secret.generate(length), @node[:environment]) + manager.secrets.set(name, @node.environment) { Util::Secret.generate(length) } end # inserts a base32 encoded secret def base32_secret(name, length=20) - @manager.secrets.set(name, Base32.encode(Util::Secret.generate(length)), @node[:environment]) + manager.secrets.set(name, @node.environment) { Base32.encode(Util::Secret.generate(length)) } end # Picks a random obfsproxy port from given range def rand_range(name, range) - @manager.secrets.set(name, rand(range), @node[:environment]) + manager.secrets.set(name, @node.environment) { rand(range) } end # @@ -32,7 +32,7 @@ module LeapCli # +bit_length+ is the bits in the secret, (ie length of resulting hex string will be bit_length/4) # def hex_secret(name, bit_length=128) - @manager.secrets.set(name, Util::Secret.generate_hex(bit_length), @node[:environment]) + manager.secrets.set(name, @node.environment) { Util::Secret.generate_hex(bit_length) } end end diff --git a/provider_base/provider.json b/provider_base/provider.json index 77437935..60ad2a9e 100644 --- a/provider_base/provider.json +++ b/provider_base/provider.json @@ -42,22 +42,22 @@ "organizational_unit": "= 'https://' + provider.domain", "bit_size": 4096, "digest": "SHA256", - "life_span": "10y", + "life_span": "10 years", "server_certificates": { "bit_size": 4096, "digest": "SHA256", - "life_span": "1y" + "life_span": "1 years" }, "client_certificates": { "bit_size": 2048, "digest": "SHA256", - "life_span": "2m", + "life_span": "2 months", "limited_prefix": "LIMITED", "unlimited_prefix": "UNLIMITED" } }, "client_version": { - "min": "0.5", + "min": "0.7", "max": null } } diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 67744f99..941f4f61 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -1,14 +1,18 @@ { "webapp": { "admins": [], - "forbidden_usernames": ["admin", "administrator", "arin-admin", "certmaster", "contact", "info", "maildrop", "postmaster", "ssladmin", "www-data"], + "forbidden_usernames": [ + "admin", "admins", "administrator", "administrators", "arin-admin", + "certmaster", "contact", "email", "help", "help-desk", "help-ticket", + "help-tickets", "help_desk", "help_ticket", "help_tickets", "helpdesk", + "helpticket", "helptickets", "info", "mail", "maildrop", "noreply", + "owner", "owners", "postmaster", "reply", "robot", "ssladmin", "staff", + "support", "tech-support", "tech_support", "techsupport", "ticket", + "tickets", "vmail", "www-data"], "domain": "= domain.full_suffix", "modules": ["user", "billing", "help"], - "couchdb_webapp_user": { - "username": "= global.services[:couchdb].couch.users[:webapp].username", - "password": "= secret :couch_webapp_password", - "salt": "= hex_secret :couch_webapp_password_salt, 128" - }, + "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:webapp]", + "couchdb_admin_user": "= global.services[:couchdb].couch.users[:admin]", "customization_dir": "= file_path 'webapp'", "client_certificates": "= provider.ca.client_certificates", "allow_limited_certs": "= provider.service.allow_limited_bandwidth", @@ -20,10 +24,6 @@ "secret_token": "= secret :webapp_secret_token", "api_version": 1, "secure": false, - "git": { - "source": "https://leap.se/git/leap_web", - "revision": "origin/version/0.6" - }, "client_version": "= provider.client_version", "nagios_test_user": { "username": "nagios_test", |