summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-09-17disable ACL enforcement, because it's a known issue with bigcouchvarac
otherwise it will only confuse the user see https://leap.se/code/issues/6030 for more details
2014-09-15Merge branch 'make_shorewall_optional' into developMicah Anderson
2014-09-15Merge branch 'add_ignore' into developMicah Anderson
2014-09-15tests: make shorewall optionalMicah Anderson
Change-Id: I1703ff7b3dafe5d0562a7c34c1851ebfedc569a8
2014-09-15tests: add 'ignore' command to testsMicah Anderson
Change-Id: I8ac3b6edd6a0cf7eae5486d61d1680765a8fad13
2014-09-15tests: make warnings not produce a non-zero exit codeMicah Anderson
Change-Id: I60d51728128b95c77d52ab4e8c61966cfa59ff2f
2014-09-03Merge branch 'master' into developvarac
Conflicts: platform.rb puppet/modules/site_config/manifests/hosts.pp
2014-09-02tests: make warnings not produce a non-zero exit code, add 'ignore' command ↵elijah
to tests, make shorewall optional.
2014-08-28Merge tag '0.5.4.1'Micah Anderson
Tag 0.5.4.1 hotfix release
2014-08-28update version number for 0.5.4.1 hotfix release0.5.4.1Micah Anderson
Change-Id: I0d629c56b86cd4de5a6560d58715de7ec93dd4e3
2014-08-28syslog logs everything but webapp FIX #6020guido
2014-08-26default to multimaster if no nodes are defined as masterelijah
2014-08-26update version number for 0.5.4 hotfix release0.5.4Micah Anderson
Change-Id: Ia34388c5095301d3a72070737fdb9df758610581
2014-08-26Fix Tapicero not starting after first deploy (#6004)varac
Added a dependency on the couchdb "tapicero" user to get created before starting the tapicero daemon.
2014-08-22FQDN should come first in /etc/hostsvarac
fixes /etc/hosts: wrong order (Bug #5835) (now for real) before, /etc/hosts contained i.e. 127.0.1.1 plain1 plain1.bitmask.net plain1.bitmask.i which resulted in no fqdn reported both by "hostname -f" and "facter fqdn" this fix produces this order which is needed to report a fqdn: 127.0.1.1 plain1.bitmask.net plain1 plain1.bitmask.i
2014-08-21Merge tag '0.5.3'Micah Anderson
Tagging 0.5.3 release
2014-08-21Fix starting tapicero when it is not running (#6004)0.5.3Micah Anderson
Due to how tapicero's initscript is made, it is not possible to check for a valid exit code for the status (it returns a zero when it is not running). So we disable the puppet 'hasstatus' parameter and instead puppet will look in the process table for 'tapicero' Change-Id: I9b017ea8055c0207e43876dd4e3bbc2619c0fd35
2014-08-21Merge remote-tracking branch 'varac/5998_fix_nagios_nodename' into 0.5.3Micah Anderson
2014-08-21Fix "Nagios ssh check is automatically added by the ssh module and cantains ↵varac
a wrong hostname on single node setup (Bug #5998)" before, the ssh module added this check, resulting in a wrong hostname and the port was always '22'. manage_nagios parameter is boolean, so we use false instead of 'no' manually add check_ssh to nagios (#5998)
2014-08-20set the maximum leap cli version for this version of the platformMicah Anderson
Change-Id: I6be37c3c65c47e650c0e67bd43df8e2b1ac40dd6
2014-08-19Update README to make note about known issues so version number does not ↵Micah Anderson
need to be bumped each release Change-Id: I3aabe1a713f4244cbbd607137e5d8e46d992a2bc
2014-08-05Fixes: #5952 Webapp now logs to it's own file instead of syslog and user.logguido
2014-08-01Merge branch 'feature/replication-in-tapicero-security' into developAzul
2014-08-01minor: fix typo in webapp configAzul
@provider -> @webapp
2014-07-30add replication role to user databases with tapiceroAzul
This way the replication has read access on the source and write access on the target.
2014-07-29fix haproxy_servers call with couchdb default portAzul
2014-07-29Merge remote-tracking branch 'fbernitt/issue_5217_allow_registration' into ↵Azul
develop
2014-07-16haproxy connects to a local couch if availableAzul
When running a service that requires couch (webapp or mx) on a node that also had couch running the haproxy was confused because it did not have an stunnel port for the local couch. Emit a more useful error and fixed this for webapp and mx
2014-07-15haproxy default to couch_write, couch_read on GETAzul
METH_POST probably does not catch PUT, DESTROY etc. So instead we now use the master as the default and only use the replications for GET and HEAD requests.
2014-07-15adopt webapp test to new hiera couch clients formatAzul
2014-07-14fix couch tests to use admin credentialsAzul
2014-07-14proper json for tapicero configAzul
2014-07-14update couchdb puppet moduleAzul
2014-07-11Added allow_registration to webapp config.yml.Folker Bernitt
- See issue #5217 - See companion change in leap_web
2014-07-01Merge branch 'obfsproxy' into developelijah
2014-07-01Use new macro pick_node to pick vpn gateway for obfsproxy.jsonirregulator
2014-07-01Check appropriately if obfsproxy is included in servicesirregulator
2014-07-01A vpn node picks its openvpn.gateway as obfsproxy gateway addressirregulator
2014-07-01Add apt preferences requirement for obfsproxy package resourceirregulator
2014-07-01Add User resource requirement for obfsproxy service, log, etc dirirregulator
2014-07-01Remove unneeded newlines from obfsproxy.confirregulator
2014-07-01Explicitly set apt preferences for obfsproxy to wheezy-backportsirregulator
2014-07-01Attach node's name to scramblesuit password and port secretsirregulator
This makes every node with obfsproxy service have unique port and password for scramblesuit pluggable transport.
2014-07-01Make obfsproxy daemon bind to specific address rather than 0.0.0.0irregulator
If obfsproxy is spawned alongside eip service, make it listen to the gateway_adress IP. If obfsproxy is running standalone listen to ip_address.
2014-07-01Include obfsproxy descriptors in openvpn.jsonirregulator
This is needed so as obfsproxy service is automatically deployed along with eip service.
2014-07-01Use the try method to pick vpn gateway address in obfsproxy.jsonirregulator
2014-07-01Remove initscript subscription to conf fileirregulator
2014-07-01Move log files to var/log instead of var/log/obfsproxyirregulator
2014-07-01Subscribe obfsproxy service resource to conf fileirregulator
2014-07-01Simplify init script, let puppet service resource use init statusirregulator