summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-09-14Added help/warning if running tunnel command without TCP forwarding enabled.elijah
2015-09-14Merge remote-tracking branch 'micah/hiera_defaults_7443' into developvarac
2015-09-11Merge branch 'bugfix/mxaliases' into developelijah
2015-09-11switch aliases to use virtual_alias_mapselijah
2015-09-11Merge remote-tracking branch 'elijah/feature/sshconfig' into developMicah Anderson
2015-09-10sshd: let nodes change default AllowTcpForwardingelijah
2015-09-10fix various problems with webapp config generationelijah
2015-09-10Make sure hiera values have valid defaults if they are not specified (#7443)Micah Anderson
Change-Id: Ib701886ad26c5e39ccd669fadca81404b5c0426a
2015-09-10Fix clients being blocked by RBLs (#7431)Micah Anderson
Valid users submitting mail to be delivered should not be blocked by configured RBLs. Settings in main.cf are valid and used globally, unless they are overridden in master.cf for specific Postfix daemons. We have set in main.cf the smtp_client_restrictions parameter to check for configured rbls, so we need to override that and empty it in order to allow valid clients to send mail, even when their IP is listed in an RBL. Note: most users will typically be connecting via VPN, so their IP would typically be replaced by the VPN gateway one, but there are cases where this is still useful. Change-Id: Ie4171113c78ae2814402a1ed9b5343280cbf79d1
2015-09-10Merge branch 'develop' of ssh://code.leap.se/leap_platform into developvarac
2015-09-10Don't exit after failed deployvarac
Sometimes only trivial things fail that doesn't affect basic functionallity. Change-Id: I9d9d1a531a11e6eeee6fd823a51bb02e99771ec2
2015-09-10use vagrant user for configuring provider with leap_cli (new leap_cli ↵varac
version complain when called by root) we don't need to enable ssh pw auth because we're now using the vagrant user that has ssh key-based auth configured already. Change-Id: I5e28e6f5c71724573ff11def5b96142e8eb8b185
2015-09-10moved leap_cli installation to leap modulevarac
Change-Id: I385f7877d0816456e7c57179511604645a4740bc
2015-09-09ensure that the webapp has the service levels config it requires.elijah
2015-09-09updates to zone compile and tags/development.json to be compatible with the ↵elijah
definition of 'domain' in provider.env.json.
2015-09-03make couchdb.admin.yml only readable by root, make non-admin cron run as ↵elijah
webapp user.
2015-09-03service definition .json files should not refer to properties inherited from ↵elijah
common.json. closes #7423
2015-08-31Merge branch 'feature/mxalias' into developelijah
2015-08-31mx: added mx.key_lookup_domain propertyelijah
2015-08-27updated nagios submodulevarac
Change-Id: Iae76f9ca03baf459ae8ea044ea6aecfc73a41b3a
2015-08-27Merge branch '6847_improve_nagios_mail_subject' into developvarac
2015-08-27Merge branch '7375_disable_checkmk_logwatch_for_bigcouch' into developvarac
2015-08-21add support for configurable mail alias mapselijah
2015-08-19automatically regenerate certs if the ca changeselijah
2015-08-19allow ca_cert_uri to be configuredelijah
2015-08-19fix vagrant key pathelijah
2015-08-19mv commands and macros to lib/leap_clielijah
2015-08-13Increase readability of nagios notification mail subjects (#6847)varac
Change-Id: Ic9af9ef3602abbb51edf1c9d71d4d264b4ace714
2015-08-12Don't use check_mk logwatch to watch bigcouch logs anymore (#7375)varac
The rationale here is: - bigcouch/its included erlang version is incredibly noisy and spits out warnings/error msgs all the time - it uses the worst logging format i ever saw, multiple lines directly to a file (couch 2.0 uses lager as logging backend which can log to syslog) - trying to sort out the false positives will take too much time, and who knows which of them will be resolved in couch 1.6/2.0 Change-Id: Idbe6b37a19cd65ce31a50d4c28eedb4cf15ba3b5
2015-08-07move 'enabled service' calculation to a macro.elijah
2015-08-07set platform version 0.8, pin to leap_cli 1.8elijah
2015-08-03allow_registration should always be false if enrollment_policy is 'closed'elijah
2015-08-03webapp: add support for customizing localeselijah
2015-07-28Support RBL blocking of incoming mail (#5923)Micah Anderson
Set zen.spamhaus as the default rbl Change-Id: Ic3537d645c80ba42267bab370a1cf77730382158
2015-07-23update CHANGES.md for the latest set of information0.7.1Micah Anderson
Change-Id: I06e29515a28af8688d839fffa01a3dfe7fc8a2fc
2015-07-21Merge remote-tracking branch 'kwadrolab/static-amber-7231' into developMicah Anderson
Conflicts: puppet/modules/site_static/manifests/init.pp Change-Id: I090b1cb3cbe3c4d01a2c640ae3a370b17e722e12
2015-07-21Increase tapicero heatbeat nagios checks (#7275)Micah Anderson
Increase warning/critical thresholds for time between tapicero heartbeat checks so it will emit less false positives Change-Id: I0f97373d88658b7f17b2c4e8c1963198dc3f66ed
2015-07-21Fix leap-mx logrotation to work with twistd (#7058)Micah Anderson
We don't want to try and create the log file, twistd will do that. Don’t rename the log file from mx.log to mx.log.0, instead just copy it to mx.log.1, and then clear out mx.log so it’s empty (this is needed because leap-mx might assume that its file descriptor is still valid and continue trying to write to it, without this, leap-mx might lose data because it’ll assume the original log file is still around and continue to write to it, even though it’s gone)It’s a little dangerous because it’s possible that you might lose some logged data between the time that logrotate copies the new log file and truncates the old file (Caveat administrator). Finally, we don't want logrotate to complain if it finds mx.log, its ok if its there. Change-Id: I9952627f4d47e7a89a2915f6b72d82f9e6ca0d8b
2015-07-21minor lintingMicah Anderson
fix double quotes and indentation Change-Id: I79c28159d17e6256db3094f413d61dcdc9520dc6
2015-07-14bump amber version, taking care of puppet ordering with require.kwadronaut
2015-07-14Merge remote-tracking branch 'yuvipanda/vagrant-fixes' into developvarac
Conflicts: Vagrantfile Change-Id: I0500e0deb7697ff39a7856878c5e6e867c633469
2015-07-14vagrant: Fix variable shadowing in VagrantfileYuviPanda
I'm unsure if the two levels of config are actually required, but making the most minimal changes possible atm.
2015-07-14vagrant: Increase Memory to 1GBYuviPanda
leap_cli running puppet fails from lack of memory with the default amount of RAM
2015-07-12Add emacs/vim modelines to VagrantfileYuviPanda
Makes most editors recognize Vagrantfile as a ruby file and do appropriate syntax highlighting
2015-07-09Merge branch 'develop' of ssh://leap.se/leap_platform into developelijah
2015-07-09use latest amber for static nodes.elijah
2015-07-07Clean up left-over files from old way of leap-mx logging, this shouldMicah Anderson
stop the logrotate cron errors from happening. (#7058) Change-Id: Iceaeb8c17600fc23d2b1ca075546f8573c145760
2015-07-07check_mk should not falsely report multiple instances running (#6866)varac
Change-Id: Ie7943c9a541c3cd2feac7686ed1092aadc5a7c7a
2015-07-07Ignore openvpn logwatch warnings (#6867)varac
These are warnings that might have different origins, each of them we don't want to alarm the admin: - A bitmask client bug (user will poke the client devs if things break, and they will go after it) - A simple network failure, packets might get cut of - Malicious user tries to temper with TLS handshakes - this gets more interesting, but still (like ssh bruteforce attacs) an admin would not want to get annoyed by this by default, but they still have the option to use log analysers of their choice if they want to investigate this. Change-Id: I23ca3b700e41f22f34ad3346ed4e647b86000bb2
2015-07-07moved removal of leap_couch_stats.sh TMPFILE to end of script (#7217)varac
Change-Id: If844b95c44e697f480df8ee2ae6607709b9942f7