summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-09-25allow all outgoing trafficChristoph Kluenter
as discussed on #leap
2014-09-17allow outgoing port 3142 for apt-cacher proxyChristoph
2014-09-17update rsyslog module to fix #6019Micah Anderson
Change-Id: I8c64a0c530d44e55963060d52d31a0da1a88615c
2014-09-17Increase wait-for-couch timeout (Bug #3735)varac
Site_couchdb::Bigcouch::Settle_cluster/Exec[wait_for_couch_nodes] waits 60s for all nodes to be member of the cluster. Because we deploy to multiple nodes in parallel, not all nodes are ready at the same time, so we increased the timeout from 60s to 120s.
2014-09-17disable ACL enforcement, because it's a known issue with bigcouchvarac
otherwise it will only confuse the user see https://leap.se/code/issues/6030 for more details
2014-09-15Merge branch 'make_shorewall_optional' into developMicah Anderson
2014-09-15Merge branch 'add_ignore' into developMicah Anderson
2014-09-15tests: make shorewall optionalMicah Anderson
Change-Id: I1703ff7b3dafe5d0562a7c34c1851ebfedc569a8
2014-09-15tests: add 'ignore' command to testsMicah Anderson
Change-Id: I8ac3b6edd6a0cf7eae5486d61d1680765a8fad13
2014-09-15tests: make warnings not produce a non-zero exit codeMicah Anderson
Change-Id: I60d51728128b95c77d52ab4e8c61966cfa59ff2f
2014-09-03Merge branch 'master' into developvarac
Conflicts: platform.rb puppet/modules/site_config/manifests/hosts.pp
2014-09-02tests: make warnings not produce a non-zero exit code, add 'ignore' command ↵elijah
to tests, make shorewall optional.
2014-08-28Merge tag '0.5.4.1'Micah Anderson
Tag 0.5.4.1 hotfix release
2014-08-28update version number for 0.5.4.1 hotfix release0.5.4.1Micah Anderson
Change-Id: I0d629c56b86cd4de5a6560d58715de7ec93dd4e3
2014-08-28syslog logs everything but webapp FIX #6020guido
2014-08-26default to multimaster if no nodes are defined as masterelijah
2014-08-26update version number for 0.5.4 hotfix release0.5.4Micah Anderson
Change-Id: Ia34388c5095301d3a72070737fdb9df758610581
2014-08-26Fix Tapicero not starting after first deploy (#6004)varac
Added a dependency on the couchdb "tapicero" user to get created before starting the tapicero daemon.
2014-08-22FQDN should come first in /etc/hostsvarac
fixes /etc/hosts: wrong order (Bug #5835) (now for real) before, /etc/hosts contained i.e. 127.0.1.1 plain1 plain1.bitmask.net plain1.bitmask.i which resulted in no fqdn reported both by "hostname -f" and "facter fqdn" this fix produces this order which is needed to report a fqdn: 127.0.1.1 plain1.bitmask.net plain1 plain1.bitmask.i
2014-08-21Merge tag '0.5.3'Micah Anderson
Tagging 0.5.3 release
2014-08-21Fix starting tapicero when it is not running (#6004)0.5.3Micah Anderson
Due to how tapicero's initscript is made, it is not possible to check for a valid exit code for the status (it returns a zero when it is not running). So we disable the puppet 'hasstatus' parameter and instead puppet will look in the process table for 'tapicero' Change-Id: I9b017ea8055c0207e43876dd4e3bbc2619c0fd35
2014-08-21Merge remote-tracking branch 'varac/5998_fix_nagios_nodename' into 0.5.3Micah Anderson
2014-08-21Fix "Nagios ssh check is automatically added by the ssh module and cantains ↵varac
a wrong hostname on single node setup (Bug #5998)" before, the ssh module added this check, resulting in a wrong hostname and the port was always '22'. manage_nagios parameter is boolean, so we use false instead of 'no' manually add check_ssh to nagios (#5998)
2014-08-20set the maximum leap cli version for this version of the platformMicah Anderson
Change-Id: I6be37c3c65c47e650c0e67bd43df8e2b1ac40dd6
2014-08-19Update README to make note about known issues so version number does not ↵Micah Anderson
need to be bumped each release Change-Id: I3aabe1a713f4244cbbd607137e5d8e46d992a2bc
2014-08-05Fixes: #5952 Webapp now logs to it's own file instead of syslog and user.logguido
2014-08-01Merge branch 'feature/replication-in-tapicero-security' into developAzul
2014-08-01minor: fix typo in webapp configAzul
@provider -> @webapp
2014-07-30add replication role to user databases with tapiceroAzul
This way the replication has read access on the source and write access on the target.
2014-07-29fix haproxy_servers call with couchdb default portAzul
2014-07-29Merge remote-tracking branch 'fbernitt/issue_5217_allow_registration' into ↵Azul
develop
2014-07-16haproxy connects to a local couch if availableAzul
When running a service that requires couch (webapp or mx) on a node that also had couch running the haproxy was confused because it did not have an stunnel port for the local couch. Emit a more useful error and fixed this for webapp and mx
2014-07-15haproxy default to couch_write, couch_read on GETAzul
METH_POST probably does not catch PUT, DESTROY etc. So instead we now use the master as the default and only use the replications for GET and HEAD requests.
2014-07-15adopt webapp test to new hiera couch clients formatAzul
2014-07-14fix couch tests to use admin credentialsAzul
2014-07-14proper json for tapicero configAzul
2014-07-14update couchdb puppet moduleAzul
2014-07-11Added allow_registration to webapp config.yml.Folker Bernitt
- See issue #5217 - See companion change in leap_web
2014-07-01Merge branch 'obfsproxy' into developelijah
2014-07-01Use new macro pick_node to pick vpn gateway for obfsproxy.jsonirregulator
2014-07-01Check appropriately if obfsproxy is included in servicesirregulator
2014-07-01A vpn node picks its openvpn.gateway as obfsproxy gateway addressirregulator
2014-07-01Add apt preferences requirement for obfsproxy package resourceirregulator
2014-07-01Add User resource requirement for obfsproxy service, log, etc dirirregulator
2014-07-01Remove unneeded newlines from obfsproxy.confirregulator
2014-07-01Explicitly set apt preferences for obfsproxy to wheezy-backportsirregulator
2014-07-01Attach node's name to scramblesuit password and port secretsirregulator
This makes every node with obfsproxy service have unique port and password for scramblesuit pluggable transport.
2014-07-01Make obfsproxy daemon bind to specific address rather than 0.0.0.0irregulator
If obfsproxy is spawned alongside eip service, make it listen to the gateway_adress IP. If obfsproxy is running standalone listen to ip_address.
2014-07-01Include obfsproxy descriptors in openvpn.jsonirregulator
This is needed so as obfsproxy service is automatically deployed along with eip service.
2014-07-01Use the try method to pick vpn gateway address in obfsproxy.jsonirregulator