Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-09-17 | shorewall: #2399 blocks uplink (Bug #2866) | varac | |
2013-09-17 | site_config::params::interface should contain eth1 for vagrant cause it's ↵ | varac | |
the main interface we use (#2399, #2401) | |||
2013-09-17 | update stunnel submodule commit id to correct one for new repository | Micah Anderson | |
Change-Id: I33292b9eb2a5553ac296857c99fdaf350ed52542 | |||
2013-09-17 | Merge branch 'bug/3757' into develop | Micah Anderson | |
2013-09-17 | updated submodule stunnel - include stunnel in stunnel::service ↵ | varac | |
(https://leap.se/code/issues/3861) | |||
2013-09-17 | Merge branch 'feature/3817_3836_3837_Duplicate_declarations' into develop | varac | |
2013-09-14 | ensure site_config::caching_resolver runs with tag leap_base (#3757) | Micah Anderson | |
Change-Id: I593602ff9d3486dee39227673147e137045c55c5 | |||
2013-09-14 | moved openvpn submodule back to 25f1fe8d8, like it was before | kwadronaut | |
2013-09-14 | Merge branch 'vcs_module' into develop | kwadronaut | |
2013-09-13 | change vcsrepo submodule url (bug #3139) | kwadronaut | |
2013-09-13 | change openvpn submodule url (bug #3139) | kwadronaut | |
2013-09-13 | setup stunnel config to use default x509 cert,key+ca (#3837) | varac | |
* fix stunnel setups for couchdb, mx, webapp services | |||
2013-09-13 | Deploy default x509 cert + key that services can use (Feature #3836) | varac | |
2013-09-13 | remove x509::ca for leap_ca in site_openvpn::keys and site_stunnel::stunnel ↵ | varac | |
(#3817) | |||
2013-09-13 | deploy default x509::ca leap_ca in site_config::default (#3817) | varac | |
2013-09-13 | use define instead of class for site_stunnel::setup (#3817) | varac | |
so it can be called multiple times | |||
2013-09-05 | make sure we gather ec2_public_ipv4 fact. REQUIRES latest leap_cli (1.2.2) | elijah | |
2013-09-05 | require that shorewall is up before running bundler commands, it needs to ↵0.3.0rc1 | Micah Anderson | |
pull things from git (#3756) Change-Id: If404452c54dedb7a39a910994dc68309257d351d | |||
2013-09-05 | updated submodule apt: unattended-upgrades package cannot be installed (Bug ↵ | varac | |
#3098) | |||
2013-09-05 | Merge branch 'feature/3747_puppet_fails_if_no_services_are_configured' into ↵ | varac | |
develop | |||
2013-09-05 | Some packages are installed before refresh_apt is called (Bug #2988) | varac | |
2013-09-05 | puppet fails if no services are configured (Bug #3747) | varac | |
2013-09-04 | fix initial firewall to allow outgoing lo traffic and outgoing port 443 (#3736) | Micah Anderson | |
this allows nameserver queries to the local resolver to work and clones to the leap https repository to work Change-Id: I575d08405a0c28e12c8d201a8dbc79585a5a9a48 | |||
2013-09-04 | change git repository clone URIs from git:// to https:// (#3732) | Micah Anderson | |
Change-Id: Ic700fec9cfb8e8474fb65dbdd4a1a537bf586ec9 | |||
2013-09-04 | need to test that /etc/init.d/shorewall exists before attempting to call it, ↵ | Micah Anderson | |
otherwise puppet complains (#3339) Change-Id: I7c8cc235817fe3d898157de4c4fdd8f1fe74f05a | |||
2013-09-04 | updated couchdb submodule: bigcouch nodes doesn't get registered as cluster ↵ | varac | |
members (Bug #3703) | |||
2013-09-04 | Merge branch 'bug/3339' into develop | Micah Anderson | |
2013-09-04 | fix soledad-server not being available before the leap repository has been ↵ | Micah Anderson | |
configured (#3702) Change-Id: I8a86a241c52d88b4b681a800647d7c9c7c574b8e | |||
2013-09-04 | make sure that the shorewall package is installed before trying to change ↵ | Micah Anderson | |
its configuration file (#3701) Change-Id: Ib2dad30d53e5bf7539762eb3683430b10eb875ed | |||
2013-09-04 | updated submodule couchdb: don't use couchdb::document for creating ↵ | varac | |
_security, cause this special doc doesn't have and _id (#3706) | |||
2013-09-03 | Work around for shorewall not being available at the site_config stage (#3339) | Micah Anderson | |
Change-Id: Id3138cb967f76380b7f4e22ce862a099cb47669e | |||
2013-09-03 | Merge branch ↵ | varac | |
'feature/3667_Sending_mail_fails_when_relaying_using_non-fully-qualified_hostname' into develop | |||
2013-09-03 | use check_helo_access hash:/helo_checks also for $submission_helo_restrictions | varac | |
2013-09-03 | fix $master_cf_tail format | varac | |
2013-09-03 | Sending mail fails when relaying using non-fully-qualified hostname (Feature ↵ | varac | |
#3667) | |||
2013-09-03 | Merge branch 'feature/helo_access' into develop | Micah Anderson | |
Conflicts: puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp Change-Id: I51555935f9d9409e45809d6df021b10e926ea520 | |||
2013-09-03 | Merge branch 'bug/3339' into develop | Micah Anderson | |
Conflicts: puppet/modules/site_config/manifests/initial_firewall.pp Change-Id: I794d057dc5d89133e552dd12939e8b9792cf1611 | |||
2013-09-03 | add /etc/postfix/checks directory and setup a check_helo_access that allows ↵ | Micah Anderson | |
admins to have some control over problem clients connecting that present helo patterns that they wish to block (#3694) Change-Id: I159c29b6fe17e3d75b607d1a6fa82856b976c9b4 | |||
2013-09-03 | require that shorewall has been installed before execs are run (#3339) | Micah Anderson | |
Change-Id: Iae2b1cacd64565931cef77194a733aeae681efaf | |||
2013-09-03 | require that shorewall has been installed before execs are run (#3339) | Micah Anderson | |
Change-Id: Iae2b1cacd64565931cef77194a733aeae681efaf | |||
2013-09-03 | Without smtpd_helo_required, the helo restrictions are easily bypassed by ↵ | Micah Anderson | |
not sending a HELO (#3693) Change-Id: I6a7338136a53e16962a070826493139fa3307df7 | |||
2013-09-02 | disable postfix debugging by default | varac | |
2013-09-02 | create all webapp databases so _security is set (fixes 3517) | Azul | |
2013-09-02 | Merge branch 'develop' of ssh://code.leap.se/leap_platform into develop | kwadronaut | |
2013-09-02 | specify RAILS_ENV when calling bundle assets-precompile (fixes #3638) | Azul | |
We currently disable the billing gem in production while it's on in development and test. Therefore bundler will not install its dependencies - in particular the braintree gem when deploying. Since the RAILS_ENV was not specified rake was called with the default of 'development'. It therefore tried to load the development gems and failed when looking for 'braintree'. Specifying the production RAILS_ENV fixes this. It looks like we'll always need to specify RAILS_ENV when calling rake or we might want to export it to the environment in a separate task or the user config files such as .bashrc | |||
2013-09-02 | changing urls of submodules to https://leap.se (#3252 and #3139 ) | kwadronaut | |
2013-08-31 | postfix enable submission port using starttls, so the client can transition ↵ | Micah Anderson | |
to the more restrictive TLS wrapper mode Change-Id: I2a1728788378d9a1b79155ddb9bb4b0464b16baa | |||
2013-08-31 | change the master.cf_tail to pull in -o ↵ | Micah Anderson | |
smtpd_recipient_restrictions=$smtps_recipient_restrictions from main.cf, allowing us to setup specific restrictions for the smtps port move permit_tls_all_clientcerts from the smtpd_data_restrictions and smtpd_recipient_restrictions to only be in smtps_recipient_restrictions make a note about the permit_tls_all_clientcerts being something that we don't want in the future remove check_sender_access check which was doing an unnecessary lookup Change-Id: If9101512e42f7cd82c0e06543cef696d6063f8dc | |||
2013-08-30 | updated submodule couchdb: couchdb: update_user_webapp fails (Bug #3611) | varac | |
2013-08-30 | create sessions db with puppet (Bug #3597) | varac | |