summaryrefslogtreecommitdiff
path: root/provider_base
diff options
context:
space:
mode:
Diffstat (limited to 'provider_base')
-rw-r--r--provider_base/services/couchdb.json3
-rw-r--r--provider_base/services/monitor.json13
-rw-r--r--provider_base/services/mx.json6
-rw-r--r--provider_base/services/soledad.json6
-rw-r--r--provider_base/services/webapp.json18
5 files changed, 39 insertions, 7 deletions
diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json
index 0cb044ef..5f1b5381 100644
--- a/provider_base/services/couchdb.json
+++ b/provider_base/services/couchdb.json
@@ -48,6 +48,9 @@
"password": "= secret :couch_webapp_password",
"salt": "= hex_secret :couch_webapp_password_salt, 128"
}
+ },
+ "webapp": {
+ "nagios_test_pw": "= secret :nagios_test_password"
}
}
}
diff --git a/provider_base/services/monitor.json b/provider_base/services/monitor.json
index 53e6b1f1..03f6c6d1 100644
--- a/provider_base/services/monitor.json
+++ b/provider_base/services/monitor.json
@@ -1,13 +1,22 @@
{
"nagios": {
"nagiosadmin_pw": "= secret :nagios_admin_password",
- "hosts": "= nodes_like_me[:services => '!monitor'].pick_fields('domain.internal', 'ip_address', 'services', 'openvpn.gateway_address')"
+ "hosts": "= (self.environment == 'local' ? nodes_like_me : nodes[:environment => '!local']).pick_fields('domain.internal', 'domain.full_suffix', 'ip_address', 'services', 'openvpn.gateway_address', 'ssh.port')"
},
- "hosts": "= hosts_file(nodes_like_me[:services => '!monitor'])",
+ "hosts": "= self.environment == 'local' ? hosts_file(nodes_like_me) : hosts_file(nodes[:environment => '!local'])",
"ssh": {
"monitor": {
"username": "= Leap::Platform.monitor_username",
"private_key": "= file(:monitor_priv_key)"
}
+ },
+ "x509": {
+ "use": true,
+ "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'",
+ "client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'",
+ "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'",
+ "commercial_cert": "= file [:commercial_cert, domain.full_suffix]",
+ "commercial_key": "= file [:commercial_key, domain.full_suffix]",
+ "commercial_ca_cert": "= try_file :commercial_ca_cert"
}
}
diff --git a/provider_base/services/mx.json b/provider_base/services/mx.json
index d57c3168..7e3f20ba 100644
--- a/provider_base/services/mx.json
+++ b/provider_base/services/mx.json
@@ -5,7 +5,11 @@
"haproxy": {
"servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.couch_client)"
},
- "couchdb_leap_mx_user": "= global.services[:couchdb].couch.users[:leap_mx]",
+ "couchdb_leap_mx_user": {
+ "username": "= global.services[:couchdb].couch.users[:leap_mx].username",
+ "password": "= secret :couch_leap_mx_password",
+ "salt": "= hex_secret :couch_leap_mx_password_salt, 128"
+ },
"mx_nodes": "= nodes['services' => 'mx']['environment' => '!local'].field('ip_address')",
"x509": {
"use": true,
diff --git a/provider_base/services/soledad.json b/provider_base/services/soledad.json
index fc349ce1..ed6fbc9f 100644
--- a/provider_base/services/soledad.json
+++ b/provider_base/services/soledad.json
@@ -2,7 +2,11 @@
"soledad": {
"port": 2323,
"require_couchdb": "=> assert %(services.include? 'couchdb')",
- "couchdb_soledad_user": "= global.services[:couchdb].couch.users[:soledad]"
+ "couchdb_soledad_user": {
+ "username": "= global.services[:couchdb].couch.users[:soledad].username",
+ "password": "= secret :couch_soledad_password",
+ "salt": "= hex_secret :couch_soledad_password_salt, 128"
+ }
},
"service_type": "public_service"
}
diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json
index 08c7c5b0..f7abdffd 100644
--- a/provider_base/services/webapp.json
+++ b/provider_base/services/webapp.json
@@ -2,7 +2,11 @@
"webapp": {
"admins": [],
"modules": ["user", "billing", "help"],
- "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:webapp]",
+ "couchdb_webapp_user": {
+ "username": "= global.services[:couchdb].couch.users[:webapp].username",
+ "password": "= secret :couch_webapp_password",
+ "salt": "= hex_secret :couch_webapp_password_salt, 128"
+ },
"customization_dir": "= file_path 'webapp'",
"client_certificates": "= global.provider.ca.client_certificates",
"allow_limited_certs": "= global.provider.service.allow_limited_bandwidth",
@@ -15,7 +19,11 @@
"source": "https://leap.se/git/leap_web",
"revision": "origin/master"
},
- "client_version": "= global.provider.client_version"
+ "client_version": "= global.provider.client_version",
+ "nagios_test_user": {
+ "username": "nagios_test",
+ "password": "= secret :nagios_test_password"
+ }
},
"stunnel": {
"couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)"
@@ -36,7 +44,11 @@
},
"nickserver": {
"domain": "= 'nicknym.' + domain.full_suffix",
- "couchdb_nickserver_user": "= global.services[:couchdb].couch.users[:nickserver]",
+ "couchdb_nickserver_user": {
+ "username": "= global.services[:couchdb].couch.users[:nickserver].username",
+ "password": "= secret :couch_nickserver_password",
+ "salt": "= hex_secret :couch_nickserver_password_salt, 128"
+ },
"port": 6425
},
"dns": {