summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-09-17shorewall: #2399 blocks uplink (Bug #2866)varac
2013-09-17site_config::params::interface should contain eth1 for vagrant cause it's ↵varac
the main interface we use (#2399, #2401)
2013-09-17update stunnel submodule commit id to correct one for new repositoryMicah Anderson
Change-Id: I33292b9eb2a5553ac296857c99fdaf350ed52542
2013-09-17Merge branch 'bug/3757' into developMicah Anderson
2013-09-17updated submodule stunnel - include stunnel in stunnel::service ↵varac
(https://leap.se/code/issues/3861)
2013-09-17Merge branch 'feature/3817_3836_3837_Duplicate_declarations' into developvarac
2013-09-14ensure site_config::caching_resolver runs with tag leap_base (#3757)Micah Anderson
Change-Id: I593602ff9d3486dee39227673147e137045c55c5
2013-09-14moved openvpn submodule back to 25f1fe8d8, like it was beforekwadronaut
2013-09-14Merge branch 'vcs_module' into developkwadronaut
2013-09-13change vcsrepo submodule url (bug #3139)kwadronaut
2013-09-13change openvpn submodule url (bug #3139)kwadronaut
2013-09-13setup stunnel config to use default x509 cert,key+ca (#3837)varac
* fix stunnel setups for couchdb, mx, webapp services
2013-09-13Deploy default x509 cert + key that services can use (Feature #3836)varac
2013-09-13remove x509::ca for leap_ca in site_openvpn::keys and site_stunnel::stunnel ↵varac
(#3817)
2013-09-13deploy default x509::ca leap_ca in site_config::default (#3817)varac
2013-09-13use define instead of class for site_stunnel::setup (#3817)varac
so it can be called multiple times
2013-09-05make sure we gather ec2_public_ipv4 fact. REQUIRES latest leap_cli (1.2.2)elijah
2013-09-05require that shorewall is up before running bundler commands, it needs to ↵0.3.0rc1Micah Anderson
pull things from git (#3756) Change-Id: If404452c54dedb7a39a910994dc68309257d351d
2013-09-05updated submodule apt: unattended-upgrades package cannot be installed (Bug ↵varac
#3098)
2013-09-05Merge branch 'feature/3747_puppet_fails_if_no_services_are_configured' into ↵varac
develop
2013-09-05Some packages are installed before refresh_apt is called (Bug #2988)varac
2013-09-05puppet fails if no services are configured (Bug #3747)varac
2013-09-04fix initial firewall to allow outgoing lo traffic and outgoing port 443 (#3736)Micah Anderson
this allows nameserver queries to the local resolver to work and clones to the leap https repository to work Change-Id: I575d08405a0c28e12c8d201a8dbc79585a5a9a48
2013-09-04change git repository clone URIs from git:// to https:// (#3732)Micah Anderson
Change-Id: Ic700fec9cfb8e8474fb65dbdd4a1a537bf586ec9
2013-09-04need to test that /etc/init.d/shorewall exists before attempting to call it, ↵Micah Anderson
otherwise puppet complains (#3339) Change-Id: I7c8cc235817fe3d898157de4c4fdd8f1fe74f05a
2013-09-04updated couchdb submodule: bigcouch nodes doesn't get registered as cluster ↵varac
members (Bug #3703)
2013-09-04Merge branch 'bug/3339' into developMicah Anderson
2013-09-04fix soledad-server not being available before the leap repository has been ↵Micah Anderson
configured (#3702) Change-Id: I8a86a241c52d88b4b681a800647d7c9c7c574b8e
2013-09-04make sure that the shorewall package is installed before trying to change ↵Micah Anderson
its configuration file (#3701) Change-Id: Ib2dad30d53e5bf7539762eb3683430b10eb875ed
2013-09-04updated submodule couchdb: don't use couchdb::document for creating ↵varac
_security, cause this special doc doesn't have and _id (#3706)
2013-09-03Work around for shorewall not being available at the site_config stage (#3339)Micah Anderson
Change-Id: Id3138cb967f76380b7f4e22ce862a099cb47669e
2013-09-03Merge branch ↵varac
'feature/3667_Sending_mail_fails_when_relaying_using_non-fully-qualified_hostname' into develop
2013-09-03use check_helo_access hash:/helo_checks also for $submission_helo_restrictionsvarac
2013-09-03fix $master_cf_tail formatvarac
2013-09-03Sending mail fails when relaying using non-fully-qualified hostname (Feature ↵varac
#3667)
2013-09-03Merge branch 'feature/helo_access' into developMicah Anderson
Conflicts: puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp Change-Id: I51555935f9d9409e45809d6df021b10e926ea520
2013-09-03Merge branch 'bug/3339' into developMicah Anderson
Conflicts: puppet/modules/site_config/manifests/initial_firewall.pp Change-Id: I794d057dc5d89133e552dd12939e8b9792cf1611
2013-09-03add /etc/postfix/checks directory and setup a check_helo_access that allows ↵Micah Anderson
admins to have some control over problem clients connecting that present helo patterns that they wish to block (#3694) Change-Id: I159c29b6fe17e3d75b607d1a6fa82856b976c9b4
2013-09-03require that shorewall has been installed before execs are run (#3339)Micah Anderson
Change-Id: Iae2b1cacd64565931cef77194a733aeae681efaf
2013-09-03require that shorewall has been installed before execs are run (#3339)Micah Anderson
Change-Id: Iae2b1cacd64565931cef77194a733aeae681efaf
2013-09-03Without smtpd_helo_required, the helo restrictions are easily bypassed by ↵Micah Anderson
not sending a HELO (#3693) Change-Id: I6a7338136a53e16962a070826493139fa3307df7
2013-09-02disable postfix debugging by defaultvarac
2013-09-02create all webapp databases so _security is set (fixes 3517)Azul
2013-09-02Merge branch 'develop' of ssh://code.leap.se/leap_platform into developkwadronaut
2013-09-02specify RAILS_ENV when calling bundle assets-precompile (fixes #3638)Azul
We currently disable the billing gem in production while it's on in development and test. Therefore bundler will not install its dependencies - in particular the braintree gem when deploying. Since the RAILS_ENV was not specified rake was called with the default of 'development'. It therefore tried to load the development gems and failed when looking for 'braintree'. Specifying the production RAILS_ENV fixes this. It looks like we'll always need to specify RAILS_ENV when calling rake or we might want to export it to the environment in a separate task or the user config files such as .bashrc
2013-09-02changing urls of submodules to https://leap.se (#3252 and #3139 )kwadronaut
2013-08-31postfix enable submission port using starttls, so the client can transition ↵Micah Anderson
to the more restrictive TLS wrapper mode Change-Id: I2a1728788378d9a1b79155ddb9bb4b0464b16baa
2013-08-31change the master.cf_tail to pull in -o ↵Micah Anderson
smtpd_recipient_restrictions=$smtps_recipient_restrictions from main.cf, allowing us to setup specific restrictions for the smtps port move permit_tls_all_clientcerts from the smtpd_data_restrictions and smtpd_recipient_restrictions to only be in smtps_recipient_restrictions make a note about the permit_tls_all_clientcerts being something that we don't want in the future remove check_sender_access check which was doing an unnecessary lookup Change-Id: If9101512e42f7cd82c0e06543cef696d6063f8dc
2013-08-30updated submodule couchdb: couchdb: update_user_webapp fails (Bug #3611)varac
2013-08-30create sessions db with puppet (Bug #3597)varac