Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-06-20 | tmp comment out error if no master nodes defined | elijah | |
2014-06-20 | new generic system for stunnel: just `include site_stunnel` and stunnel + ↵ | elijah | |
needed shorewall will be automatically set up. requires new leap_cli | |||
2014-06-19 | Merge branch 'feature/couch' of github.com:elijh/leap_platform into ↵ | elijah | |
feature/couch | |||
2014-06-19 | fix typo in _couchdb_multimaster.json | elijah | |
2014-06-19 | Merge pull request #2 from azul/feature/couch | Elijah Sparrow | |
split out bigcouch and only apply if needed, initial code for replication | |||
2014-06-19 | first steps towards mirroring couch | Azul | |
2014-06-19 | set mirror option if we are on a couch mirror | Azul | |
2014-06-19 | separate bigcouch specifics from init.pp | Azul | |
2014-06-19 | split bigcouch stunnel from plain couch stunnel | Azul | |
2014-06-19 | couchdb: generate hiera files suitable for plain couchdb + read-only mirrors | elijah | |
2014-06-04 | clean up how /etc/hosts is generated so it doesn't require custom behavior ↵0.5.2 | elijah | |
depending on the services. | |||
2014-06-04 | bugfix: actually apply modules based on $services | elijah | |
2014-06-03 | move hiera from site.pp to site_config::setup | Christoph | |
the problem was following: if a host has the webapp service, the template for /etc/hosts adds some stuff. But setup.pp did not ask hiera about the services so "/srv/leap/bin/puppet_command set_hostname" always resets the hostname. Since that gets triggered every time you run "leap deploy" the hostname changes, some services restart, then the hostname changes back and the services restart again. The solution is to get the hiera data before every run. | |||
2014-06-02 | static site: gracefully handle static sites that are not configured. | elijah | |
2014-06-02 | static site: better message for wrong location type. | elijah | |
2014-06-02 | remove superfluous RackBaseURI directive | elijah | |
2014-06-02 | work around hiera's inability to escape '%' by using ':percent:' | elijah | |
2014-06-02 | static site: added rack support, added custom apache config | elijah | |
2014-06-02 | added templatewlv function (allows passing local variables to templates) | elijah | |
2014-06-02 | added support for /provider.json served from static site. | elijah | |
2014-06-02 | fix unbound: configs in /etc/unbound/unbound.conf.d contained a syntax error ↵ | elijah | |
and were missing .conf suffix | |||
2014-05-27 | Add missing scope to top-level sshd class, passing necessary parameters | Micah Anderson | |
for configuration (#3108) Change-Id: I4f94a47d47a40bfc6835359e7781707f96e91db0 | |||
2014-05-27 | Update sshd submodule to get necessary fixes to enable us to change sshd port | Micah Anderson | |
Change-Id: I3b6a87c9d6a2c349392e5bc98a68b800645fde92 | |||
2014-05-27 | Switch away from site_config::sshd and instead just include site_sshd | Micah Anderson | |
The existing site_config::sshd had a non-functioning 'include sshd' line in it that was not doing what was expected (this was supposed to include the sshd module, but due to scoping was including itself). It seemed better to eliminate some of the unused pieces and consolidate into one config location. Change-Id: I79dd904e696ca646180a09abbb03b5361dfc8ab9 | |||
2014-05-27 | clarify comments in site_sshd::authorized_keys | Micah Anderson | |
Change-Id: I679dfe8dff90b7c86ab0ffff43e13958f1ec2c99 | |||
2014-05-24 | Merge remote-tracking branch 'cz8s/feature/allow_webapp_and_mx_on_one_host' ↵ | Micah Anderson | |
into develop | |||
2014-05-24 | move haproxy-template to modules/site_haproxy | Christoph | |
2014-05-24 | remove unused variable local_ports | Christoph | |
2014-05-22 | Implement #2328: unbound.conf: content changed on every puppetrun | Micah Anderson | |
This is done by using the include glob capability that is in the wheezy-backports and newer unbound to include the /etc/unbound/unbound.conf.d/* config files. To do this, we need to transition from our /etc/unbound/conf.d directory structure to use the one that the debian package uses. This allows us to clean up the rather ugly way we were configuring the resolver before. Change-Id: I68347922f265bbd0ddf11d59d8574a612a7bd82c | |||
2014-05-22 | lint cleanup of site_config::caching_resolver | Micah Anderson | |
Change-Id: I3f6a4db26e064a520a08822cf23fc3288b31af62 | |||
2014-05-22 | Install wheezy-backports version of unbound, this is necessary to solve #2328 | Micah Anderson | |
Change-Id: Ie28de8d3f7a8c8cf52ce30365379a476d48dc88b | |||
2014-05-22 | Move rsyslog preferences snippet to site_apt::preferences::rsyslog, to | Micah Anderson | |
group it with the other preferences snippets Change-Id: I83928c6b82cd6218a80c95475729cb57f146ff85 | |||
2014-05-22 | remove old classes | Christoph | |
site_mx::haproxy and site_webapp::haproxy only included site_haproxy. They didn't do anything else. So just include site_haproxy in manifests/init.pp and remove the unused classes | |||
2014-05-22 | fix haproxy config if webapp and mx run on the same host | Christoph | |
the problem was, that both site_mx::haproxy and site_webapp::haproxy declared the same resource. I fixed it by moving that resource to site_haproxy. Since that gets included by both classes, everything works like a charm | |||
2014-05-21 | fix resolv.conf on virtualbox | Christoph | |
virtualbox sends the domain with the dhcp-answer. If the wrong domain ends up in /etc/resolv.conf bigcouch fails. | |||
2014-05-20 | added support for environmentally scoped services and tags, when using ↵ | elijah | |
latest leap_cli. | |||
2014-05-20 | add support for webapp on subdomain | elijah | |
2014-05-20 | changed the default service levels to be more minimal, because it is ↵ | elijah | |
currently impossible to entirely overwrite the service.levels hash. | |||
2014-05-17 | fix bug with empty tor families | elijah | |
2014-05-17 | static: pin amber version to 0.3.0 | elijah | |
2014-05-17 | fixes #5533 and updates rsyslog Merge branch 'rsyslog_backport' into develop | kwadronaut | |
2014-05-17 | change rsyslog pin from leaps debian repo to backports (fixes #5533) | kwadronaut | |
2014-05-14 | revert accidental change to webapp config template | Azul | |
2014-05-14 | use hash for provider service levels | Azul | |
We want to access service levels by means of the id stored in the user record. With a hash we don't have to loop through all elements to find the one with a given id and still can use arbitrary strings and do not rely on the order of the array. Also it's the format the webapp is expecting right now. | |||
2014-05-13 | Revert "update cipher configuration for openvpn to use the IANA name" | Micah Anderson | |
This reverts commit ae50675e9095750cee9810237fb6b9f60030dae4. Older openssl implementations (wheezy, android, others) aren't able to parse this newer string, so reverting to the deprecated name until we are sure the support is there | |||
2014-05-13 | openvpn server config: script-security should be "1", since we don't need ↵ | elijah | |
"2"; add tcp-nodelay to tcp servers. | |||
2014-05-13 | added simple shorewall whitebox test (close #5649) | elijah | |
2014-05-08 | add known issues, making this the canonical place, which we will bring | Micah Anderson | |
over to the website, when necessary (#4373) Change-Id: I296dd9d3cee1b84bd141cbf63ccaecea24916cc1 | |||
2014-05-07 | openvpn package resource needs to be ensure => latest to accommodate upgrades | Micah Anderson | |
Change-Id: I8caad9b4ac15dcce8ab74ad6d22dd6ad9f6efb14 | |||
2014-05-06 | update cipher configuration for openvpn to use the IANA name, due to | Micah Anderson | |
deprecation warning: 2014-05-06 18:10:23,594 - INFO - L#826 : leap.openvpn:outReceived() - Tue May 6 18:10:23 2014 Deprecated TLS cipher name 'DHE-RSA-AES128-SHA', please use IANA name 'TLS-DHE-RSA-WITH-AES-128-CBC-SHA' Change-Id: I159b26604993d38806fcb7c2ed8f6de8138999f7 |