Age | Commit message (Collapse) | Author | |
---|---|---|---|
2015-09-28 | [feat] Vagrant: forward leap_web ports 443 ad 80 | varac | |
2015-09-24 | add spf to compile zone, closes #5925 | elijah | |
2015-09-24 | do not remove /var/log/leap/mx.log.*, this is where leap_mx is logging. | elijah | |
2015-09-24 | Remove no longer used vhost for leap_webapp (#7475) | Micah | |
The configuration /etc/apache/sites-enabled/leap_webapp.conf was never removed after 6255e58bf9ff3489bf2707bc2be9759ec5c7db68 made it obsolete, and because it exists on older systems, it is being used instead of the correct common.conf. This removes it and reloads apache. Change-Id: Ic4c9901f4bba869ecb3dfe5362dfd1971570f89a | |||
2015-09-20 | automatic update of submodule apt | kwadronaut | |
2015-09-15 | fix vagrant ssh private key path | elijah | |
2015-09-15 | Merge branch 'feature/rewrite_openpgp_header_7413' into develop | Micah Anderson | |
Change-Id: I42a1ef661dc55fb8110e82e930f67679c3dff1f8 | |||
2015-09-15 | make couchdb.admin.yml only readable by root, make non-admin cron run as ↵ | elijah | |
webapp user. | |||
2015-09-15 | service definition .json files should not refer to properties inherited from ↵ | elijah | |
common.json. closes #7423 | |||
2015-09-15 | minor linting | Micah Anderson | |
Change-Id: If92faee5f877301bf23564d5b6e71c4b1263de54 | |||
2015-09-15 | fix incorrect name for vagrant ssh public key file | elijah | |
2015-09-14 | Added help/warning if running tunnel command without TCP forwarding enabled. | elijah | |
2015-09-14 | Merge remote-tracking branch 'micah/hiera_defaults_7443' into develop | varac | |
2015-09-11 | Merge branch 'bugfix/mxaliases' into develop | elijah | |
2015-09-11 | switch aliases to use virtual_alias_maps | elijah | |
2015-09-11 | Merge remote-tracking branch 'elijah/feature/sshconfig' into develop | Micah Anderson | |
2015-09-10 | sshd: let nodes change default AllowTcpForwarding | elijah | |
2015-09-10 | fix various problems with webapp config generation | elijah | |
2015-09-10 | Make sure hiera values have valid defaults if they are not specified (#7443) | Micah Anderson | |
Change-Id: Ib701886ad26c5e39ccd669fadca81404b5c0426a | |||
2015-09-10 | Fix clients being blocked by RBLs (#7431) | Micah Anderson | |
Valid users submitting mail to be delivered should not be blocked by configured RBLs. Settings in main.cf are valid and used globally, unless they are overridden in master.cf for specific Postfix daemons. We have set in main.cf the smtp_client_restrictions parameter to check for configured rbls, so we need to override that and empty it in order to allow valid clients to send mail, even when their IP is listed in an RBL. Note: most users will typically be connecting via VPN, so their IP would typically be replaced by the VPN gateway one, but there are cases where this is still useful. Change-Id: Ie4171113c78ae2814402a1ed9b5343280cbf79d1 | |||
2015-09-10 | Merge branch 'develop' of ssh://code.leap.se/leap_platform into develop | varac | |
2015-09-10 | Don't exit after failed deploy | varac | |
Sometimes only trivial things fail that doesn't affect basic functionallity. Change-Id: I9d9d1a531a11e6eeee6fd823a51bb02e99771ec2 | |||
2015-09-10 | use vagrant user for configuring provider with leap_cli (new leap_cli ↵ | varac | |
version complain when called by root) we don't need to enable ssh pw auth because we're now using the vagrant user that has ssh key-based auth configured already. Change-Id: I5e28e6f5c71724573ff11def5b96142e8eb8b185 | |||
2015-09-10 | moved leap_cli installation to leap module | varac | |
Change-Id: I385f7877d0816456e7c57179511604645a4740bc | |||
2015-09-09 | ensure that the webapp has the service levels config it requires. | elijah | |
2015-09-09 | updates to zone compile and tags/development.json to be compatible with the ↵ | elijah | |
definition of 'domain' in provider.env.json. | |||
2015-09-08 | rewrite openpgp header to be always correct (#7413) | Micah Anderson | |
The openpgp header added by the client is sometimes incorrect, because the client doesn't actually know what the proper URL is for the webapp. The server knows, however. Change-Id: I2243b19a6337d8e0be97590e2ca9c9c0b0fffdac | |||
2015-09-03 | make couchdb.admin.yml only readable by root, make non-admin cron run as ↵ | elijah | |
webapp user. | |||
2015-09-03 | service definition .json files should not refer to properties inherited from ↵ | elijah | |
common.json. closes #7423 | |||
2015-08-31 | Merge branch 'feature/mxalias' into develop | elijah | |
2015-08-31 | mx: added mx.key_lookup_domain property | elijah | |
2015-08-27 | updated nagios submodule | varac | |
Change-Id: Iae76f9ca03baf459ae8ea044ea6aecfc73a41b3a | |||
2015-08-27 | Merge branch '6847_improve_nagios_mail_subject' into develop | varac | |
2015-08-27 | Merge branch '7375_disable_checkmk_logwatch_for_bigcouch' into develop | varac | |
2015-08-21 | add support for configurable mail alias maps | elijah | |
2015-08-19 | automatically regenerate certs if the ca changes | elijah | |
2015-08-19 | allow ca_cert_uri to be configured | elijah | |
2015-08-19 | fix vagrant key path | elijah | |
2015-08-19 | mv commands and macros to lib/leap_cli | elijah | |
2015-08-13 | Increase readability of nagios notification mail subjects (#6847) | varac | |
Change-Id: Ic9af9ef3602abbb51edf1c9d71d4d264b4ace714 | |||
2015-08-12 | Don't use check_mk logwatch to watch bigcouch logs anymore (#7375) | varac | |
The rationale here is: - bigcouch/its included erlang version is incredibly noisy and spits out warnings/error msgs all the time - it uses the worst logging format i ever saw, multiple lines directly to a file (couch 2.0 uses lager as logging backend which can log to syslog) - trying to sort out the false positives will take too much time, and who knows which of them will be resolved in couch 1.6/2.0 Change-Id: Idbe6b37a19cd65ce31a50d4c28eedb4cf15ba3b5 | |||
2015-08-07 | move 'enabled service' calculation to a macro. | elijah | |
2015-08-07 | set platform version 0.8, pin to leap_cli 1.8 | elijah | |
2015-08-03 | allow_registration should always be false if enrollment_policy is 'closed' | elijah | |
2015-08-03 | webapp: add support for customizing locales | elijah | |
2015-07-28 | Support RBL blocking of incoming mail (#5923) | Micah Anderson | |
Set zen.spamhaus as the default rbl Change-Id: Ic3537d645c80ba42267bab370a1cf77730382158 | |||
2015-07-23 | update CHANGES.md for the latest set of information0.7.1 | Micah Anderson | |
Change-Id: I06e29515a28af8688d839fffa01a3dfe7fc8a2fc | |||
2015-07-21 | Merge remote-tracking branch 'kwadrolab/static-amber-7231' into develop | Micah Anderson | |
Conflicts: puppet/modules/site_static/manifests/init.pp Change-Id: I090b1cb3cbe3c4d01a2c640ae3a370b17e722e12 | |||
2015-07-21 | Increase tapicero heatbeat nagios checks (#7275) | Micah Anderson | |
Increase warning/critical thresholds for time between tapicero heartbeat checks so it will emit less false positives Change-Id: I0f97373d88658b7f17b2c4e8c1963198dc3f66ed | |||
2015-07-21 | Fix leap-mx logrotation to work with twistd (#7058) | Micah Anderson | |
We don't want to try and create the log file, twistd will do that. Don’t rename the log file from mx.log to mx.log.0, instead just copy it to mx.log.1, and then clear out mx.log so it’s empty (this is needed because leap-mx might assume that its file descriptor is still valid and continue trying to write to it, without this, leap-mx might lose data because it’ll assume the original log file is still around and continue to write to it, even though it’s gone)It’s a little dangerous because it’s possible that you might lose some logged data between the time that logrotate copies the new log file and truncates the old file (Caveat administrator). Finally, we don't want logrotate to complain if it finds mx.log, its ok if its there. Change-Id: I9952627f4d47e7a89a2915f6b72d82f9e6ca0d8b |