Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-11-08 | minor linting, arrow lining up | Micah Anderson | |
Change-Id: Ibd08529b7d1c4fc22bcd0ca36e518afa5b8f6d24 | |||
2014-11-08 | Only enable the tor DirPort options on an exit if the node isn't also a | Micah Anderson | |
webapp node (#6336) Change-Id: Ib70bbd8fe7b94b7a1bfb09390d5dd1c535f2da16 | |||
2014-11-08 | Don't configure the tor DirPort options if the node is not an exit (#6335) | Micah Anderson | |
Change-Id: I4c7fb20b6da6f6a5bb2dd5af70511a28d4581174 | |||
2014-11-07 | Merge remote-tracking branch 'gerrit/develop' into develop | Micah Anderson | |
2014-11-07 | Better check for tor hidden service on a webapp node. | guido | |
Change-Id: I92f69b6fa30aae953243ae19096e2998810c9ac6 | |||
2014-11-04 | revert 5787c97b6f73dacae7f01adeff203287007c381d: | Micah Anderson | |
stop using bad nist curve for ssh host key (#6294) We need to transition smoother (see #6319) Change-Id: I8bee032aef9502a7d4b701b99719fbfb3b7169da | |||
2014-11-04 | Merge remote-tracking branch 'gerrit/develop' into develop | Micah Anderson | |
2014-11-04 | Adds support for Tor hidden service on webapp (Feature #6273) | guido | |
Change-Id: I56250e05e3a933deacd0b6e02192e712d3fd9fd5 | |||
2014-11-04 | tor - to activate hidden service, now set tor.hidden_service.active = true | elijah | |
2014-11-04 | tor - to activate hidden service, now set tor.hidden_service.active = true | elijah | |
2014-11-04 | change ordering hints to use refresh_stunnel exec instead of service (#6287) | Micah Anderson | |
In a multi-node couch deployment, it was observed that the Service['stunnel'] would be activated, and then later a stunnel::client was created which would trigger an Exec['refresh_stunnel']. Because of this, and the ordering hints that were in place, the service would get started, and then the couchdb databases, users, designs, etc. were being put into place and then a stunnel client was created, triggering the refresh_stunnel exec, which would cause an interruption in the connectivity and result in failures. This change replaces the Service['stunnel'] hint with the the Exec['refresh_stunnel'] to make sure that the stunnels are fully setup before attempting couch operations. Change-Id: I33ddd24884b3c23a1df5555ca53ca65cd703da50 | |||
2014-11-02 | add missing TLSv1 sslversion parameter to site_stunnel::serviers | Micah Anderson | |
Change-Id: I48dc8135943393bd11c7181853985f4a5799011e | |||
2014-11-01 | stop using bad nist curve for ssh host key (#6294) | Micah Anderson | |
update port parameter in site_sshd to be an array, otherwise puppet errors about it being a Fixnum with new sshd module Change-Id: I854d042edb98817169eef5e758d04d60d3c71dd5 | |||
2014-10-31 | Merge branch 'develop' of ssh://review.leap.se:29418/Platform into develop | varac | |
2014-10-31 | Fix deprecated dynamic lookups of variables in site_couchdb (#6286) | Micah Anderson | |
Change-Id: I318944a6872a53ff9c533704514da339426d9401 | |||
2014-10-31 | add support for property tor.key | elijah | |
2014-10-29 | added webapp.forbidden_usernames property to allow configuration of ↵ | elijah | |
usernames to block. | |||
2014-10-29 | Merge "upgrade unattended-upgrades on deploy (#6245)" into develop | micah anderson | |
2014-10-28 | upgrade unattended-upgrades on deploy (#6245) | Micah Anderson | |
unattended-upgrades is not able to upgrade itself in certain situations, such as when the conffile prompt is generated due to the config being changed. We want to set this package as latest in the platform so that it is upgraded on every deploy (we deploy the config anyway). Change-Id: I8c99bfb1b001079f0e1a4ffbf048e0e867633335 | |||
2014-10-27 | Change stunnel default sslversion to be TLSv1, instead of the default | Micah Anderson | |
SSLv3 (#6261) Change-Id: I7ab5a6455e434f8359169d31febed8b92f84bbcc | |||
2014-10-22 | Merge "modify the leap repository contents so they pick the correct ↵ | Varac | |
repository, based on the hiera value 'major_version' (#6251)" into develop | |||
2014-10-22 | Merge "implement custom puppet support (#6201, #6226)" into develop | Varac | |
2014-10-21 | modify the leap repository contents so they pick the correct repository, | Micah Anderson | |
based on the hiera value 'major_version' (#6251) Change-Id: I10532ef83e3aa2d35d9c0be241952a35e366bba4 | |||
2014-10-21 | update platform to take advantage of new platform.rb. requires leap_cli 1.6 | elijah | |
2014-10-21 | implement custom puppet support (#6201, #6226) | Micah Anderson | |
change puppet command to include in the --modulepath /srv/leap/files/puppet/modules If a provider places puppet code under files/puppet it will be sync'd over to all the nodes, once leap cli #6225 is merged. The custom puppet entry point is in class 'custom' which can be put into files/puppet/modules/custom/manifests/init.pp Change-Id: I74879c6ee056b03cd4691aa81a7668b60383bdad | |||
2014-10-20 | bumped default server certificate bit size to 4096 | elijah | |
2014-10-15 | Disable SSLv3, and RC4 ciphers | Micah Anderson | |
Change-Id: I7214aa4334e3d817dd1b6d8dce43523e3d955b5d | |||
2014-10-08 | Merge branch '5216_nagios_hostgroups' into develop | varac | |
2014-10-08 | include different nagios::defaults classes manually (#5216) | varac | |
nagios::defaults will include nagios::defaults::hostgroups which add "all" and "centos_servers" hostgroups which we don't want. Change-Id: If42faa11c167fb7305ebbb21dc358a8813afaa25 | |||
2014-10-08 | every environment is defined as nagios hostsgroup (#5216) | varac | |
Change-Id: I6508ce0d06b37a1c5601a0e981a59f7fda47f76a | |||
2014-10-05 | Merge remote-tracking branch 'cz8s/fix_iptables_proxy_forbidden' into develop | Micah Anderson | |
2014-09-25 | Merge branch 'develop' of ssh://review.leap.se:29418/Platform into develop | varac | |
2014-09-25 | Merge branch 'irregulator/develop' into develop | varac | |
2014-09-25 | allow all outgoing traffic | Christoph Kluenter | |
as discussed on #leap | |||
2014-09-25 | Use member function instead of regexp to check services array | irregulator | |
2014-09-25 | Merge branch '6138_fix_rsyslog-gnutls_install' into develop | varac | |
2014-09-25 | remove /etc/apt/preferences.d/fixed_rsyslog_anon_package (#6138) | varac | |
This was a leftover from earlier versions, where we installed rsyslog from the leap debian package repo. Change-Id: I88a852f08b5aff3bd7b591b6220ac354463a9786 | |||
2014-09-25 | stop logging user-agent in apache, fixes #6129 | Micah Anderson | |
Change-Id: I66384ae4a723be063790362f70e57228a0f1539b | |||
2014-09-23 | couch: for neighbors, use 'couch.mode' instead of 'couch.master' (which ↵ | elijah | |
might be false even for multimaster). closes #6064 | |||
2014-09-22 | stop logging user-agent in apache, fixes #6129 | Micah Anderson | |
Change-Id: I66384ae4a723be063790362f70e57228a0f1539b | |||
2014-09-18 | Merge branch 'bugfix/fqdn' into develop | varac | |
added fact override for domain too | |||
2014-09-17 | override facter fact for fqdn | elijah | |
2014-09-17 | allow outgoing port 3142 for apt-cacher proxy | Christoph | |
2014-09-17 | update rsyslog module to fix #6019 | Micah Anderson | |
Change-Id: I8c64a0c530d44e55963060d52d31a0da1a88615c | |||
2014-09-17 | Increase wait-for-couch timeout (Bug #3735) | varac | |
Site_couchdb::Bigcouch::Settle_cluster/Exec[wait_for_couch_nodes] waits 60s for all nodes to be member of the cluster. Because we deploy to multiple nodes in parallel, not all nodes are ready at the same time, so we increased the timeout from 60s to 120s. | |||
2014-09-17 | disable ACL enforcement, because it's a known issue with bigcouch | varac | |
otherwise it will only confuse the user see https://leap.se/code/issues/6030 for more details | |||
2014-09-15 | Merge branch 'make_shorewall_optional' into develop | Micah Anderson | |
2014-09-15 | Merge branch 'add_ignore' into develop | Micah Anderson | |
2014-09-15 | tests: make shorewall optional | Micah Anderson | |
Change-Id: I1703ff7b3dafe5d0562a7c34c1851ebfedc569a8 | |||
2014-09-15 | tests: add 'ignore' command to tests | Micah Anderson | |
Change-Id: I8ac3b6edd6a0cf7eae5486d61d1680765a8fad13 |