summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-08-31fixed `leap inspect`elijah
2016-08-29Updated (very out of date) docs and README.mdelijah
2016-08-29ssh: Added verbose error message when host key mismatch occurs in net::ssh.elijah
2016-08-29fix add-user typoelijah
2016-08-29command line interface cleanup: harmonize the signatures of different ↵elijah
commands to be more logically consistent. For now, all changes are backwards compatible. DEPRECATED: `leap add-user`. Use `leap user add` instead.
2016-08-29leap vm: added 'ls' as alias for 'status'elijah
2016-08-29fix bug when nodes have bad tagselijah
2016-08-25leap vm: require ip address instead of status running for leap vm bind.elijah
2016-08-24leap vm: fixed bug, added more sanity checking.elijah
2016-08-23added 'leap vm' commandelijah
2016-08-23fix typoelijah
2016-08-23move console table into separate fileelijah
2016-08-23refactor the command for ca and nodeelijah
2016-08-23locale improvements: allow non-english locales in node_init, enforce UTF8 ↵elijah
locale for `puppet apply`.
2016-08-23syslog: remove duplicate messages (#8405).Micah
Change-Id: I90f8d160d2293288066847bcc199f480d06d877d
2016-08-22Merge branch 'bug/fix-soledad-test' into 'develop' Varac
Bug/fix soledad test This should fix #8388 My ruby-fu isn't great, but there are two changes: * remove tests for design docs due: https://0xacab.org/leap/soledad/merge_requests/8 * check for the absence of 404 instead of the presence of 401 (needs review) See merge request !30
2016-08-20Fix rsyslog auth.log entries (#8381).Micah
The auth.log rsyslog entry was accidentally removed in #7863. Change-Id: I4ebffeafedbca5df902041ddd2bcb80d3f68b230
2016-08-20ignore noisy 401 errors from soledad log.Micah
Change-Id: Ia1764cb28e263353856523c11f351a39774bf3b4
2016-08-19leap_cli: better arguments to 'leap run'elijah
2016-08-19minor (spelling)elijah
2016-08-18Merge pull request #108 from rdevries-thoughtworks/developvarac
forward pixelated's api port (4430) from vagrant box
2016-08-18forward pixelated's api port (4430) from vagrant boxRoald de Vries
2016-08-17[bug] check privileges and db access separatelyVictor Shyba
This commit introduces a way to check if db exists and then check if it is properly set in two asserts, so we can have two distinct phrases to avoid confusion. - Resolves: #8388
2016-08-17[test] soledad doesnt have design docs anymoreVictor Shyba
This code was testing for it and should be removed.
2016-08-16ignore noisy 401 errors from soledad log.Micah
Change-Id: Ia1764cb28e263353856523c11f351a39774bf3b4
2016-08-15fix problem with loading .ssh/configelijah
2016-08-08Stricter VPN egress firewall (#8289)Micah
Change-Id: Ie09a6a34dfa8fe3d72568d2de0b208e7d947412f
2016-08-08Disallow intra-client connectivity (#8272).Micah
If you connect to the VPN with a client, you can make direct network connections to the other connected clients. This allows communication to the eip gateways, but disallows any other connections. Change-Id: I73e5bb5715e4d91256cbf95eda8c0ec70aa75f93
2016-08-05Disallow intra-client connectivity (#8272).Micah
If you connect to the VPN with a client, you can make direct network connections to the other connected clients. This allows communication to the eip gateways, but disallows any other connections. Change-Id: I73e5bb5715e4d91256cbf95eda8c0ec70aa75f93
2016-08-04Remove site-apache symlink.Micah
There is no need to keep this symlink around any longer, it was there for older puppet. Change-Id: Ie7a380821d478e5ad69df39f03009d773afb73f3
2016-08-04switch to deb.d.o from httpredir.d.o (#8288).Micah
The deb.debian.org method may be a better one than httpredir: . deb.debian.org is maintained much more reliably than httpredir . httpredir is backed by the mirror network; deb.d.o is by a CDN . httpredir redirects to the mirror network. deb.d.o is a cache that sits in front of ftp.d.o (and security, and debug, and ports) . one potential disadvantage: deb.d.o's CDN is a commercial service (fastly) that donates its traffic to debian . in stretch and later, apt uses the SRV records of deb.d.o to find places instead of HTTP redirects . local peering arrangements of fastly are likely to result in mirror choices that are more local (and thus faster) to the machine Peering arrangements for the deb.d.o CDN can be seen here: https://www.peeringdb.com/asn/54113 Change-Id: I4dee089a3b2f674860bfff21eb25a6e37c491d32
2016-08-02Set TCP_NODELAY option for couchdb (#8264)Micah
Mochiweb in couchdb by default sets the TCP socket option SO_NODELAY to false. This means that small data sent to the TCP socket, like the reply to a document write request (or reading a very small document), will not be sent immediately to the network - TCP will buffer it for a while hoping that it will be asked to send more data through the same socket and then send all the data at once for increased performance. Setting this increases the couchdb speed significantly. Change-Id: Ib493ef061ff62c9bdee501e44ce2b55990fe14b7
2016-07-26[CI] leap info should use tagvarac
2016-07-22Test all services on CIvarac
2016-07-21fix site_static's call to passengerelijah
2016-07-21fix couchdb's backupninjaelijah
2016-07-21fix missing hostname in ssh/scripts.rbelijah
2016-07-21git subrepo clone https://leap.se/git/puppet_openvpn puppet/modules/openvpnelijah
subrepo: subdir: "puppet/modules/openvpn" merged: "ba7ec7a" upstream: origin: "https://leap.se/git/puppet_openvpn" branch: "master" commit: "ba7ec7a" git-subrepo: version: "0.3.0" origin: "https://github.com/ingydotnet/git-subrepo" commit: "cb2995b"
2016-07-21remove openvpn submoduleelijah
2016-07-20minor (improve readability of deploy message by showing correct rsync paths)elijah
2016-07-19Only use the 'main' repository for apt (#8253)Micah
Change-Id: If39222dc9ec68d1786c70c4b82b740e0a06773c4
2016-07-19Block ip-based helo at MTA (#8139).Micah
Numeric helo is a very strong indicator of spam. When this is blocked, a very significant amount of spam stops. Change-Id: Ieb340190faf37638950d1aa60b52268659e0b7f6
2016-07-19Block MTAs that claim they are 'localhost'.Micah
Nobody should be claiming that they are localhost when they are connecting over smtpd Change-Id: Ifb7df855b4e12021c58b89b2053e31fb10806096
2016-07-16Add catalogtest node, remove single nodevarac
2016-07-16Use bin/ci-build.sh as build scriptvarac
- Use dynamic build vm names
2016-07-15destoy VMs after successful buildvarac
2016-07-14Use bundled version of leap_cli for testsvarac
2016-07-14Remove submodule command from .gitlab-ci.ymlMicah
Change-Id: I649b8d951e46d768e1d085d53442c1484bce931e
2016-07-13Newest passenger module dont manage munin by defaultvarac
2016-07-13Notify Exec[shorewall_check] not Service[shorew..]varac
Latest shorewall module does `shorewall check` (executed by `Exec[shorewall_check]`) so every related resource change must notify this Exec instead of `Service[shorewall]` as before.