summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-02-23use pbkdf2 pwhash for plain couch.elijah
2016-02-23allow legacy plain couchdb nodes to stay couchdb nodes, although issue a ↵elijah
warning.
2016-02-23added templates for `leap node add`, so that new nodes can get default ↵elijah
values set in their initial .json file.
2016-02-23default to plain couchdb, unless otherwise specified.elijah
# Conflicts: # puppet/modules/site_couchdb/manifests/plain.pp
2016-02-23get dkim working, closes #5924elijah
2016-02-23Update submodule vcsrepovarac
2016-02-23[feat] 'leap history --last' shows only last entryvarac
2016-02-23Add hiera.yaml so vagrant provision doesn't complain about it missingvarac
Warning: Config file /etc/puppet/hiera.yaml not found, using Hiera defaults
2016-02-23Remove wheezy vagrant boxvarac
2016-02-23Update submodule postfixvarac
2016-02-16remove pinning of openvpn package to backportselijah
2016-02-16list the expiry time when warning about expiring certselijah
2016-02-16require jessie and created note_init script for node initializationelijah
2016-02-12update postfix submodule for postscreen (Resolves: 2303)0.8.0rc1kwadronaut
2016-02-12add postscreen greeter (Resolves: 2303)kwadronaut
Conflicts: puppet/modules/site_postfix/manifests/mx.pp
2016-02-11started 0.8 CHANGES file.elijah
2016-02-11Allow ecdsa hostkeys (#7642) until we can safely transition providers toMicah
better key algorithm choices. Change-Id: I6b9ec83dbfbf15d1b65e14145bf625db6517f6b7
2016-02-11Disable journald in order to resolve IP logging subversion (#7863)Micah
Change-Id: I9cee85c19d86dc7c8d70c4cdeb2e7426191b57a5
2016-02-11Due to the smtps transport specifying a header_check, the received_anonMicah
replacement wasn't being done. (#7890) This moves that replacement into its own class, clears the old value and sets it properly in the smtps transport. Change-Id: I27c02730597df4943761d8bcb61014aeded9dc75
2016-02-10resolves #7646: leap_cli should fail when soledad and couchdb service are ↵elijah
seperated
2016-02-10add postscreen greeter (Resolves: 2303)kwadronaut
2016-02-09ensure that expired certs are updated *before* hiera compile.elijah
2016-02-04fix postfix Received anonymizing header regexp to properly match ClientMicah
CN entries (#7867) Change-Id: Ie33277a62e90f9dc0602bb963dbb96a61cebed1d
2016-02-03Exec overrides need to be referred by their namevarac
not with their alias. Resolves https://github.com/pixelated/puppet-pixelated/issues/8
2016-02-02Merge branch 'bugfix/mxlog' into developelijah
2016-02-02[bug] Add smtpd_relay_restrictions to postfix confvarac
smtpd_relay_restrictions was added in postfix 2.10 (jessie has 2.11 atm). Without this, outbound mails are rejected to be relayed. from http://www.postfix.org/SMTPD_ACCESS_README.html: NOTE: Postfix versions before 2.10 did not have smtpd_relay_restrictions. They combined the mail relay and spam blocking policies, under smtpd_recipient_restrictions. This could lead to unexpected results. For example, a permissive spam blocking policy could unexpectedly result in a permissive mail relay policy. An example of this is documented under "Dangerous use of smtpd_recipient_restrictions". smtpd_relay_restrictions defaults to 'permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination' and is configured here to check for a valid client cert. see http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions - Resolves: #7856
2016-02-02Merge branch 'develop' of code.leap.se:/leap_platform into developkwadronaut
2016-02-02[bug] Fix bigcouch spoolfile removalvarac
- Resolves: #7641
2016-02-02[refactor] Dont duplicate Package resource overridevarac
`site_apt` aready ensures for installing packages after Exec[update_apt] is run, so we don't need to duplicate this in `site_config::default.pp`.
2016-02-02[refactor] Use Exec[apt_updated] instead of Exec[refresh_apt]varac
Because this is the recommended way of depnending in the apt README.
2016-02-02[bug] Fix duplicate definition error for Class[Apt]varac
We need to include class `site_config::default` in class `site_config::slow` so we don't get this duplicate definition: - [local1.bitmask.local] Error: Duplicate declaration: Class[Apt] is already declared; cannot redeclare at /srv/leap/puppet/modules/site_apt/manifests/init.pp:29 on node local1.bitmask.local To be honest, i didn't figuered out the real cause of this, but it works with this.
2016-02-02[refactor] Remove atomic apt package dependecyvarac
`site_config::default.pp` takes care the all packages are installed before `Exec['refresh_apt']`, so we don't need to add it here for a single package.
2016-02-02[refactor] Don't declare dependencies for apt resourcesvarac
The apt module now takes care of all the dependencies removed from `site_apt`. Also, the dependency to install the `lsb` package after `refresh_apt` is unnesseccary because lsb facts won't work anyway on the first run if `lsb` is not installed before, so we can safely remove it.
2016-02-02don't deploy bundler debug to serverskwadronaut
2016-02-02finally fix leap-mx logging, for the last time, hopefully.elijah
2016-02-02[bug] Fix bigcouch spoolfile removalvarac
- Resolves: #7641
2016-02-02Merge branch '7844_fix_deploy_on_plain_node' into developvarac
2016-02-02[refactor] Dont duplicate Package resource overridevarac
`site_apt` aready ensures for installing packages after Exec[update_apt] is run, so we don't need to duplicate this in `site_config::default.pp`.
2016-02-02[refactor] Use Exec[apt_updated] instead of Exec[refresh_apt]varac
Because this is the recommended way of depnending in the apt README.
2016-02-02[bug] Fix duplicate definition error for Class[Apt]varac
We need to include class `site_config::default` in class `site_config::slow` so we don't get this duplicate definition: - [local1.bitmask.local] Error: Duplicate declaration: Class[Apt] is already declared; cannot redeclare at /srv/leap/puppet/modules/site_apt/manifests/init.pp:29 on node local1.bitmask.local To be honest, i didn't figuered out the real cause of this, but it works with this.
2016-02-02[refactor] Remove atomic apt package dependecyvarac
`site_config::default.pp` takes care the all packages are installed before `Exec['refresh_apt']`, so we don't need to add it here for a single package.
2016-02-02[refactor] Don't declare dependencies for apt resourcesvarac
The apt module now takes care of all the dependencies removed from `site_apt`. Also, the dependency to install the `lsb` package after `refresh_apt` is unnesseccary because lsb facts won't work anyway on the first run if `lsb` is not installed before, so we can safely remove it.
2016-02-01tests: added --timeout to run_tests (default 30 seconds). test halts and ↵elijah
fails after timeout is reached. closes #7806
2016-02-01updated submodule aptvarac
2016-01-28[feat] Fix fast deploy using 'leap deploy --fast'varac
This worked before, but somehow stopped working. We need to include 'site_config::slow' top-level scope instead of including it in 'site_config::default', because otherwise it would get tagged with 'leap_base', and would be included always. This way 'site_config::slow' gets included by default, but can be excluded by using 'leap deploy --fast'. See https://leap.se/en/docs/platform/details/under-the-hood#tags - Resolves: #7844
2016-01-28[bug] Fix removing of bigcouch logwatch spoolfilesvarac
The problem was that puppet tried to remove them on the couch node, but they need to get removed on monitor node. - Resolves: #7641
2016-01-27[bug] [jessie] Fix apache 2.4 auth directivesvarac
- Resolves: #7853
2016-01-27[refactor] Optimize static apache vhost templatesvarac
- Related: #7853
2016-01-27[feat] Cronjob to delete orphaned userdbsvarac
- Resolves: #7418
2016-01-26Merge branch 'develop' of ssh://leap.se/leap_platform into developelijah