diff options
Diffstat (limited to 'provider_base')
-rw-r--r-- | provider_base/services/couchdb.json | 3 | ||||
-rw-r--r-- | provider_base/services/monitor.json | 13 | ||||
-rw-r--r-- | provider_base/services/mx.json | 6 | ||||
-rw-r--r-- | provider_base/services/soledad.json | 6 | ||||
-rw-r--r-- | provider_base/services/webapp.json | 18 |
5 files changed, 39 insertions, 7 deletions
diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index 0cb044ef..5f1b5381 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -48,6 +48,9 @@ "password": "= secret :couch_webapp_password", "salt": "= hex_secret :couch_webapp_password_salt, 128" } + }, + "webapp": { + "nagios_test_pw": "= secret :nagios_test_password" } } } diff --git a/provider_base/services/monitor.json b/provider_base/services/monitor.json index 53e6b1f1..03f6c6d1 100644 --- a/provider_base/services/monitor.json +++ b/provider_base/services/monitor.json @@ -1,13 +1,22 @@ { "nagios": { "nagiosadmin_pw": "= secret :nagios_admin_password", - "hosts": "= nodes_like_me[:services => '!monitor'].pick_fields('domain.internal', 'ip_address', 'services', 'openvpn.gateway_address')" + "hosts": "= (self.environment == 'local' ? nodes_like_me : nodes[:environment => '!local']).pick_fields('domain.internal', 'domain.full_suffix', 'ip_address', 'services', 'openvpn.gateway_address', 'ssh.port')" }, - "hosts": "= hosts_file(nodes_like_me[:services => '!monitor'])", + "hosts": "= self.environment == 'local' ? hosts_file(nodes_like_me) : hosts_file(nodes[:environment => '!local'])", "ssh": { "monitor": { "username": "= Leap::Platform.monitor_username", "private_key": "= file(:monitor_priv_key)" } + }, + "x509": { + "use": true, + "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'", + "client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'", + "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'", + "commercial_cert": "= file [:commercial_cert, domain.full_suffix]", + "commercial_key": "= file [:commercial_key, domain.full_suffix]", + "commercial_ca_cert": "= try_file :commercial_ca_cert" } } diff --git a/provider_base/services/mx.json b/provider_base/services/mx.json index d57c3168..7e3f20ba 100644 --- a/provider_base/services/mx.json +++ b/provider_base/services/mx.json @@ -5,7 +5,11 @@ "haproxy": { "servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.couch_client)" }, - "couchdb_leap_mx_user": "= global.services[:couchdb].couch.users[:leap_mx]", + "couchdb_leap_mx_user": { + "username": "= global.services[:couchdb].couch.users[:leap_mx].username", + "password": "= secret :couch_leap_mx_password", + "salt": "= hex_secret :couch_leap_mx_password_salt, 128" + }, "mx_nodes": "= nodes['services' => 'mx']['environment' => '!local'].field('ip_address')", "x509": { "use": true, diff --git a/provider_base/services/soledad.json b/provider_base/services/soledad.json index fc349ce1..ed6fbc9f 100644 --- a/provider_base/services/soledad.json +++ b/provider_base/services/soledad.json @@ -2,7 +2,11 @@ "soledad": { "port": 2323, "require_couchdb": "=> assert %(services.include? 'couchdb')", - "couchdb_soledad_user": "= global.services[:couchdb].couch.users[:soledad]" + "couchdb_soledad_user": { + "username": "= global.services[:couchdb].couch.users[:soledad].username", + "password": "= secret :couch_soledad_password", + "salt": "= hex_secret :couch_soledad_password_salt, 128" + } }, "service_type": "public_service" } diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 08c7c5b0..f7abdffd 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -2,7 +2,11 @@ "webapp": { "admins": [], "modules": ["user", "billing", "help"], - "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:webapp]", + "couchdb_webapp_user": { + "username": "= global.services[:couchdb].couch.users[:webapp].username", + "password": "= secret :couch_webapp_password", + "salt": "= hex_secret :couch_webapp_password_salt, 128" + }, "customization_dir": "= file_path 'webapp'", "client_certificates": "= global.provider.ca.client_certificates", "allow_limited_certs": "= global.provider.service.allow_limited_bandwidth", @@ -15,7 +19,11 @@ "source": "https://leap.se/git/leap_web", "revision": "origin/master" }, - "client_version": "= global.provider.client_version" + "client_version": "= global.provider.client_version", + "nagios_test_user": { + "username": "nagios_test", + "password": "= secret :nagios_test_password" + } }, "stunnel": { "couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)" @@ -36,7 +44,11 @@ }, "nickserver": { "domain": "= 'nicknym.' + domain.full_suffix", - "couchdb_nickserver_user": "= global.services[:couchdb].couch.users[:nickserver]", + "couchdb_nickserver_user": { + "username": "= global.services[:couchdb].couch.users[:nickserver].username", + "password": "= secret :couch_nickserver_password", + "salt": "= hex_secret :couch_nickserver_password_salt, 128" + }, "port": 6425 }, "dns": { |