summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-07-01ssh remote command: reraise unknown exceptionselijah
2016-07-01ssh logging: set the correct hostelijah
2016-07-01print both sha1 and sha256 fingerprints for 'leap inspect'elijah
2016-07-01migrate commands to use new ssh system: node init, test, add-userelijah
2016-06-30fix static site apache configelijah
2016-06-30directly call build-platform.sh in build jobvarac
2016-06-30Make sure bind9 doesn't take over unbound (#8213).Micah
Change-Id: Icaab817870d005b7a854a3fb8c402705d0b2d77f
2016-06-30Remove bigcouch (#8056)Micah
Change-Id: I0c6e27298c63bd37de1410985d054799818c22a4
2016-06-28Fix for when tor is not an array.Micah
When tor is not configured, then its possible to get this error on deploy: Error: tor is not a hash or array when accessing it with hidden_service at /srv/leap/puppet/modules/site_static/manifests/init.pp:16 on node rewdevstatic1.rewire.org This commit only accesses the array when its enabled. Change-Id: Ia75ac7a51179da980966adba0cc614b9cd642b0c
2016-06-28added command `leap open monitor` for handy access to nagioselijah
2016-06-28Make static tor hidden services work (#8212).Micah
When tor hidden services were enabled for static sites, only a very basic configuration was setup and it didn't take into account the different location configurations that can be configured for a static site. This commit resolves that by making a site_static::hidden_service class similar to the site_webapp::hidden_service class, and fixes up the apache vhost template to properly create the location blocks for the hidden service vhost. Change-Id: Ice3586f4173bd2d1bd3defca29d21c7403d5a03a
2016-06-28Stop tor from restarting on every deploy (#8211).Micah
We were creating the hidden service name without a newline, and then tor would be restarted and change the hidden service hostname file to have a newline, which would then require that the next deploy would change that file to not have a newline again. This fixes that problem by making the hostname have a newline so it matches what tor wants. Change-Id: I38f450684d557cf943ec94f2f8e19cda3aefdf66
2016-06-28Reload tor if config or key is changed (#8210).Micah
Change-Id: I3d733b6645c804a5fb337ad4b8edc59a66ad50b5
2016-06-28Make sure bind9 doesn't take over unbound (#8213).Micah
Change-Id: Icaab817870d005b7a854a3fb8c402705d0b2d77f
2016-06-28dont run default before_script for build stagevarac
2016-06-27Fix the permissions on the DOMAIN/provider.json file for static sites.elijah
2016-06-28Don't use docker for platform ci buildsvarac
Will try later, but for now it fails with not finding bundle cmd.
2016-06-28use leap_cli:develop gem in Gemfilevarac
2016-06-27Puppet-lint 2.0 releasevarac
2016-06-27Lint and Document site_webapp::hidden_servicevarac
2016-06-22set the platform version to be 0.9, require leap_cli 1.9elijah
2016-06-22leap_cli: removed dependency on gems 'paint' and 'command_line_reporter'elijah
2016-06-21minor ruby lintingelijah
2016-06-21Fix hidden service static template (#8203).Micah
Change-Id: Iab9597f5f0336f66df9b73fea9d79c789cbb8302
2016-06-17tests - default to admin access when testing existence of a dbelijah
2016-06-16New Build Badge from 0xacab.orgvarac
2016-06-16Merge branch '0.8.1' into developMicah
2016-06-16Disable the Trace method (#8195)0.8.1Micah
The Trace method is enabled because of the Apache module, but it is not the default in Debian, and it should not be enabled, for more information see the following: https://www.kb.cert.org/vuls/id/867593 Change-Id: I06a06ae679dbf7049f26a017125b61e5e38f6268
2016-06-16Fix matching for cleanup check.Micah
The onlyif check was incorrectly specified in the original implementation in commit id: 15b83d88dcedab496a19cef57f11c5c8e091dd4a this inverts it so it is properly detected. Change-Id: I531e206fff1ca61780adcd195e1f917011e50fb4
2016-06-16Disable the Trace method (#8195)Micah
The Trace method is enabled because of the Apache module, but it is not the default in Debian, and it should not be enabled, for more information see the following: https://www.kb.cert.org/vuls/id/867593 Change-Id: I06a06ae679dbf7049f26a017125b61e5e38f6268
2016-06-16Fix matching for cleanup check.Micah
The onlyif check was incorrectly specified in the original implementation in commit id: 15b83d88dcedab496a19cef57f11c5c8e091dd4a this inverts it so it is properly detected. Change-Id: I531e206fff1ca61780adcd195e1f917011e50fb4
2016-06-16switch to two-space soft tabs to fix lint errorMicah
Change-Id: Ic12b243b195e40482a70dd70219212c3697899ba
2016-06-16make sure required x509 bits are there before stunnel is startedMicah
Change-Id: I772c3b6e489e3c1848c45c6bcaa240324fc88928
2016-06-16Ensure stunnel package, service and default ordering.Micah Anderson
2016-06-16update stunnel module for refresh_stunnel fixesMicah
Change-Id: I7675dbaba4d896a62dab9fcf4817092ea69f1298
2016-06-16refresh_stunnel sometimes doesn't run (#8168).Micah
It turns out that in some corner-cases, the script is not called: (1) start the deploy, create files in /var/lib/puppet/stunnel4/config (2) halt puppet before apply finishes (3) re-run deploy in this scenario, next time you run deploy, refresh_stunnel will never get called to populate /etc/stunnel, because the files in /var/lib/puppet/stunnel4/config haven't changed. This problem can be really confusing when it happens. To fix this, we just run refresh_stunnel every, it is pretty fast and the script has more complete logic for what to do than puppet, which has only an asymmetrical view on the situation. Change-Id: I9e5fad1d081c2fe07f3ac8f07cfb87d86b88f7c9
2016-06-16auto run bundler when needed for site_staticelijah
2016-06-16fix typo that prevented common.ENV.json from being loaded. closes #7697elijah
2016-06-16debian packages don't know AllowSupplementaryGroupsChristoph Kluenter
if this is set in the config, the deamons do not start anymore. From the debian changelog: clamav (0.99.2+dfsg-0+deb8u1) stable; urgency=medium * Import new Upstream. * Drop AllowSupplementaryGroups option which is default now (Closes: #822444).
2016-06-16Fix opendkim milter location (#8163).Micah
The unix socket method for connecting to the milter was incorrectly reverted, this puts it back to how it should be. Change-Id: Ifde669c920a249c782f577a112f4d45e60a889a2
2016-06-16ensure soledad server has access to x509::variableselijah
2016-06-16Disable puppet-agent daemon from running.Micah
The agent wakes up every two minutes and tries to connect to the default server, failing with a certificate warning. We don't use the agent, so we can safely disable it (#8032) Change-Id: I707f42b59205993325431aba283552b1b73a0ad1
2016-06-16Reduce check_mk timeouts (#7807).Micah
check_mk operations can take a long time (such as when doing a re-inventory using "check_mk -II") when multiple hosts are down. This decreases the connect timeout to 5 seconds. Change-Id: I1eac5f14bad2afc2ffc4cbf8c950c24b052a0d6e
2016-06-16disable rspec stage, add build stagevarac
2016-06-16fix tests/puppet/hiera.yaml for catalog testvarac
2016-06-14[bug] Fix site_obfsproxy services variable lookupvarac
After including everything into a `node default` scope in puppet/manifests/site.pp to make puppet-catalog-test happy (see commit 62ea45d47), we get this error: Error: member(): Requires array to work with at /srv/leap/puppet/modules/site_obfsproxy/manifests/init.pp:14 Moving the `services` hiera avaluation out of the node scope back to top level scope will solve this.
2016-06-14switch to two-space soft tabs to fix lint errorMicah
Change-Id: Ic12b243b195e40482a70dd70219212c3697899ba
2016-06-14make sure required x509 bits are there before stunnel is startedMicah
Change-Id: I772c3b6e489e3c1848c45c6bcaa240324fc88928
2016-06-14Ensure stunnel package, service and default ordering.Micah Anderson
2016-06-14update stunnel module for refresh_stunnel fixesMicah
Change-Id: I7675dbaba4d896a62dab9fcf4817092ea69f1298