summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-12-02Update submodule postfixvarac
2015-12-01fix missing commaMicah
Change-Id: I6ab266ea4f74277f8262653c43f2b3a5a4254a79
2015-12-01Merge branch 'configure_vagrant_basebox' into developvarac
2015-12-01Update submodule postfixvarac
2015-12-01Switch from 'vmail' to leap-mx's user/group (#6936, #7639)Micah
This change will make sure that the user/group for leap-mx exist, and it changes the mail location from /var/mail/vmail to the more helpful name /var/mail/leap-mx. This change requires: https://github.com/leapcode/leap_mx/pull/78 and it would replace merge request: https://github.com/leapcode/leap_mx/pull/65 and fix https://leap.se/code/issues/6936 and https://leap.se/code/issues/7635 Change-Id: Idbe678dc999e394232c2eeef2b2018d39ab7cc3b
2015-12-01stop delivering non-existing local user mail to leap-mx (#5431)Micah
When mail comes in to the system, a lookup is done to see if it is a valid leap user, if it is, leap_mx now returns something of the form: uuid@deliver.local (see #5959). The virtual_mailbox_domains lists deliver.local, so postfix choses to deliver to virtual_mailbox_base (/var/mail/vmail) which has been hardcoded to the 'vmail' maildir and user. We want leap related mail and leap aliases to go through the virtual alias system, all the hard-coded universal aliases we want to go through the local system and we dont want these separate. Known domains that are considered 'virtual' will be forwarded or delivered to the vmail user, the rest rejected as unknown recipient, instead of being handed off to leap-mx. Previously, the way this was done is we leaned (too heavily) on the 'luser_relay' postfix configuration which sent anything that wasn't locally configured right to the leap_mx spool. That meant everything went there, including addresses that didn't exist, and leap-mx would then have to process those and bounce them. This removes the 'luser_relay' option, so any address that doesn't resolve properly to either a local address/alias, or a leap address or alias (through tcp lookups on 2424 and 4242) will get bounced as an unknown user. Change-Id: I3c22e9383861b3794dd9adfd7aa6a0cf0a773a18
2015-12-01Merge pull request #89 from pixelated/webapp_testvarac
Webapp test: don't check in database if user was deleted.
2015-12-01don't check in database if user was deleted.Christoph Kluenter
we already check if the webapp returned success when it deleted the user. If the webapp had failed it would not have returned success. leap_web has tests that prove this. This fixes https://leap.se/code/issues/7625
2015-12-01Check for clamav processes on mx nodes (#7648)Micah
Change-Id: I751985c0537d430b568a670a2f70d1906b0f0f35
2015-12-01Revert "Disable webapp usercreation and soledad sync test"Christoph Kluenter
This reverts commit 58c4e6878561dc9772070e3ca9b666b9e1abdc7a. The test was fine. The assert_tmp_user was testing the database without using credentials. will be fixed in next commit
2015-12-01Merge branch 'nickserver_jessie' into developvarac
2015-12-01Update submodule postfixvarac
2015-12-01[feat] Make vagrant basebox configurablevarac
reads @vagrant_basebox from Leapfile or ~/.leaprc, needs commit baaa21ca2 in leap_cli. - Resolves: #7657
2015-12-01Merge branch 'develop' of ssh://code.leap.se/leap_platform into developvarac
2015-12-01updated submodule couchdbvarac
2015-11-30fix missing apache modules (#7638)Micah
Change-Id: I77fa50990b5ae60074c54738e8c19929b486d1d0
2015-11-30fix missing apache status module (#7638)Micah
Change-Id: I77fa50990b5ae60074c54738e8c19929b486d1d0
2015-11-30fix site_apache module class names that were renamed (#7636)Micah
Change-Id: Iea1242b3c27d92cef7b217006211e57631fd7e62
2015-11-30Revert "[feat] install couchdb from unstable on jessie"varac
This reverts commit 02b1b484ad9a5d065ceac72b8263b7bcc112c923. Now that we have a proper couchdb jessie package we don't need to install it from Debian unstable.
2015-11-30Disable webapp usercreation and soledad sync testvarac
2015-11-29fix typo documentation leap-cli, closes mr88.kwadronaut
2015-11-28[bug] Don't enable storedconfig in sshd classvarac
- Related: #7615
2015-11-28[bug] [jessie] register nickserver at systemdvarac
- resolves #7614
2015-11-28updated submoule apachevarac
2015-11-27Merge remote-tracking branch 'azul/develop' into developvarac
2015-11-27Merge branch 'master' of github.com:leapcode/leap_platform into developvarac
2015-11-26updated submodule couchdbvarac
2015-11-26Merge branch 'postfwd_tests' into developvarac
2015-11-25added submodule couchdbvarac
2015-11-24Switch to syslog for leap_mx (#6942)Micah
In order to switch to syslog for leap_mx, leap_mx needs to change to log to syslog (#6307 and #6937), and we need to clean up the platform pieces that set the non-syslog options, and rotated log files (#6942). Hopefully, this will solve the leap_mx logrotation issue at the same time (#7058) Change-Id: If68f808a65c24c91231b88d15759809c9e379294
2015-11-24Cleanup old leap mx logs that may appear on some nodes due to how thingsMicah
were logged before Change-Id: Ief95f35ea52a189075c2eda28c00bcc567c464b2
2015-11-24[bug] [jessie] Install pnp4nagios deb from stretchvarac
Configure the apt class together with "use_next_release => true", so pnp4nagios* packages can get installed from strech. No other package will be upgraded as the apt module pins stretch very low, so that only packages are installed if there are no other sources available. - Resolves: #7604
2015-11-19[feat] Check for postfwd procs on mx nodesvarac
2015-11-19Merge pull request #88 from kalikaneko/bug-do-not-fail-if-not-requestsvarac
[bug] do not fail if no requests dep present
2015-11-19[bug] do not fail if no requests/srp dependencies presentKali Kaneko
client_side_db helper has some extra functions that can be useful in the future for further tests, but right now it shouldn't depend on requests, since it already get all the relevant soledad info passed as arguments. for the same reason, it doesn't need to depend on srp, since we pass the token.
2015-11-19[bug] Use right sshd Ciphers and MACs for wheezyvarac
- Tested: [unstable.bitmask.net]
2015-11-18update design docs for couch from webappAzul
2015-11-17[bug] Don't limit sshd KexAlgorithmsvarac
- #7591 Net::SSH::Exception: could not settle on kex algorithm We need to disable the ssh hardened mode, because it will not work together with the net-ssh gem leap_cli is pinned to. All other options that would be included by this parameter are included by '$::sshd::tail_additional_options'.
2015-11-17[deprec] use @ in front of erb template tagsvarac
Puppet 3 shows now deprecation warnings if the "@" is missing. see https://docs.puppetlabs.com/puppet/latest/reference/lang_template_erb.html#non-printing-tags#[bug|feat|docs|style|refactor|test|pkg|i18n]
2015-11-17[deprec] Update subm. for puppet3 deprec warnsvarac
- sshd - haproxy - unbound
2015-11-17[bug] [jessie] check for 1 stunnel instance onlyvarac
- Resolves: #7574
2015-11-17[bug] use $lsbdistcodename to query apache versionvarac
Using $::apache_version won't work because the facts are evaluated before compiling the catalog and with this, before the installation of apache. so on an install from scratch, this fact won't contain anything.
2015-11-17Merge pull request #86 from kalikaneko/new-soledad-testvarac
New soledad test
2015-11-17[bug] fix check_mk on jessievarac
- Related: #6920
2015-11-17[bug] [jessie] check for 1 stunnel instance onlyvarac
- Resolves: #7574
2015-11-17[bug] [jessie] Allow apache to access webapp dirvarac
- Resolves: #7580
2015-11-17[bug] [jessie] Fix webapp config yaml on jessievarac
- Resolves: #7578
2015-11-17[bug] [jessie] Load needed modules for apache 2.4varac
- Related: #6920
2015-11-17[bug] [jessie] template functions need an arrayvarac
from https://docs.puppetlabs.com/puppet/latest/reference/lang_template_erb.html#calling-puppet-functions-from-templates: "The arguments of the function must be provided as an array, even if there is only one argument." This is a hard requirement in puppet 3 now. - Related: #6920
2015-11-17[bug] [jessie] Don't specify ruby versionsvarac
because ruby-1.9.3 is not available on jessie. - Related: #6920