summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-12-02Change nagios mail To: Header to contain the actual platform environment's ↵Micah Anderson
contact email (Bug #6466) Change-Id: Ib86ae771e0ac3b6f329a517a8a31c9ec54d33a05
2014-12-02Ignore bigcouch conflict errors, mainly coming from tapicero creating new ↵varac
users (Feature #6481) There are potentially many tapicero daemons running, and they all try to do the same thing at the same time. It is basically designed to create race conditions. All tapicero daemons try to create the user db at the same time. Only one of them wins the race and actually creates it. We need to fix this later (see https://leap.se/code/issues/6480) but for now, we ignore them because conflict errors should be handled by the applictation anyway. Change-Id: I91095b1901d238e3d199954ba3716023d3fd49c1
2014-12-02Merge remote-tracking branch 'gerrit/develop' into developMicah Anderson
Change-Id: I2fa85918af8199fbc41bb4e58dae6c78911ab626
2014-12-02Use include to avoid redeclaration of class { 'tor::daemon': }. Fixes #6479guido
Change-Id: Ibd1b1eef7afca10cf2a2d56a24e703636d6a52c6
2014-12-02Use $hostname to locate tor.key. Fixes #6478guido
Change-Id: Ibbe3687d5a773b444f6e9145bf235aaeea637e1d
2014-12-02minor lintingMicah Anderson
Change-Id: Idf550ed004bcb42d6e19ac0a2c5286f52a390935
2014-12-01Increase the nagios alert thresholds for bigcouch open file descriptors (#6473)Micah Anderson
Change-Id: I2549d781427fffc865c2bdcd1e950d60dad509fd
2014-12-01Increase nagios max_checks_attempts from 1 to 4 so notifications won't be ↵varac
sent out on first failed check_mk check (Bug #6461) Change-Id: I1bd47b3c3d17508488a4db90d74118006d85a03a
2014-12-01ignore ntp check because it's flapping to often (Bug #6407)varac
Change-Id: I52e19bbdfcf6576bd9c247d99aace47eb86c8116
2014-11-30minor: ensure there is only one tapicero processelijah
2014-11-30pin tapicero to version/0.6elijah
2014-11-25Merge remote-tracking branch 'elijah/bugfix/atomictests' into developMicah Anderson
2014-11-25atomic tests for webapp apielijah
2014-11-25include a host information in ssh_config for ever possible host a given node ↵elijah
might communicate with. this includes port and host key algorithm. closes #6432
2014-11-24bind webapp to version/0.6 branchelijah
2014-11-24fixed bug when there is no vpn serviceelijah
2014-11-23Merge remote-tracking branch 'elijah/feature/soledadtest' into developMicah Anderson
2014-11-23fix dependency on x509 ca_bundle class (#6410)Micah Anderson
Change-Id: Ia1e7009240d61464d7ba45ad07291664f6a3b768
2014-11-21Merge "Fix Check_mk notifications (Bug #6403)" into develop0.6.0rc1Varac
2014-11-20Fix Check_mk notifications (Bug #6403)varac
Let check_mk put all hosts into the same "admin" contactgroup, which is defined as default contactgroup by nagios. Change-Id: I13b434925711ef2037de0cf6e919ce39a8255a94
2014-11-20ship a modified runit config for bigcouch that raises the open fileMicah Anderson
descriptor limits to account for bigcouch sync spikes (#4935) Change-Id: I242fba31f961b6139ec641e1708b170f5c0d009b
2014-11-20Make sure openvpn is restarted when cert/key change (#6405)Micah Anderson
I reformatted the section below for consistency. Change-Id: I18f5e23850e0c1ab4b1f2ee467d5af54ae9ff303
2014-11-20Make sure that stunnel restarts when cert/key change (#6181)Micah Anderson
Change-Id: I5085247a87018e18e73833119ac73225afbfea1e
2014-11-20specify the destination IP for DNAT rules for gateway addresses on port 443 ↵Micah Anderson
(#6388) Previously the DNAT rule would redirect the incoming port 443 requests to openvpn, which was the wrong thing to do on the primary IP (but the right thing to do on the openvpn gateway IPs). This manifested in the webapp not being available when it was also configured as a service on the node. Change-Id: Ic8c6b6c0389859fab168a7df687351e11263277a
2014-11-20minor lintingMicah Anderson
Change-Id: I6d04cc7e028e86ee0012d96d7ef075fdd7ecef19
2014-11-19test if soledad daemon is runningelijah
2014-11-15don't enable Tor DirPort if openvpn is running on port 80 (Bug #6377)Micah Anderson
We need to check the openvpn hiera value, which may or may not be set. If it is not set, then we need to not lookup the $openvpn['ports]' values or we will get an error because it wont be the correct type. If we do have it, then $openvpn_ports gets set with the hash, otherwise it gets set to an empty hash (otherwise puppet will complain when we try to query the member() later with "member(): Requires array to work with"). Finally, if it is set to port 80, we don't include the tor::daemon::directory Change-Id: Ic366c72e966cae9d611e8fe5aa7ea7943be51241
2014-11-15Merge remote-tracking branch 'gerrit/develop' into developMicah Anderson
2014-11-16Merge "add local 50unattended-upgrades to fix unattended-upgrades not ↵micah anderson
upgrading leap packages (#4425)" into develop
2014-11-15Merge branch 'feature/4425' into developMicah Anderson
2014-11-13Merge remote-tracking branch 'elijah/bugfix/mtu' into developMicah Anderson
2014-11-11Merge remote-tracking branch 'elijah/newtests' into developMicah Anderson
2014-11-10change default openvpn fragment size back to 1500 so we don't break backward ↵elijah
compatibility with older clients
2014-11-10openvpn - support customizing --fragment, and set default to 1400elijah
2014-11-10tests - added test that creates user, authenticates, deletes userelijah
2014-11-08minor linting, arrow lining upMicah Anderson
Change-Id: Ibd08529b7d1c4fc22bcd0ca36e518afa5b8f6d24
2014-11-08Only enable the tor DirPort options on an exit if the node isn't also aMicah Anderson
webapp node (#6336) Change-Id: Ib70bbd8fe7b94b7a1bfb09390d5dd1c535f2da16
2014-11-08Don't configure the tor DirPort options if the node is not an exit (#6335)Micah Anderson
Change-Id: I4c7fb20b6da6f6a5bb2dd5af70511a28d4581174
2014-11-07Merge remote-tracking branch 'gerrit/develop' into developMicah Anderson
2014-11-07Better check for tor hidden service on a webapp node.guido
Change-Id: I92f69b6fa30aae953243ae19096e2998810c9ac6
2014-11-04revert 5787c97b6f73dacae7f01adeff203287007c381d:Micah Anderson
stop using bad nist curve for ssh host key (#6294) We need to transition smoother (see #6319) Change-Id: I8bee032aef9502a7d4b701b99719fbfb3b7169da
2014-11-04Merge remote-tracking branch 'gerrit/develop' into developMicah Anderson
2014-11-04Adds support for Tor hidden service on webapp (Feature #6273)guido
Change-Id: I56250e05e3a933deacd0b6e02192e712d3fd9fd5
2014-11-04tor - to activate hidden service, now set tor.hidden_service.active = trueelijah
2014-11-04tor - to activate hidden service, now set tor.hidden_service.active = trueelijah
2014-11-04add local 50unattended-upgrades to fix unattended-upgrades not upgradingMicah Anderson
leap packages (#4425) Change-Id: I78c00c4410ff9f712206f95854d8803e43acb286
2014-11-04change ordering hints to use refresh_stunnel exec instead of service (#6287)Micah Anderson
In a multi-node couch deployment, it was observed that the Service['stunnel'] would be activated, and then later a stunnel::client was created which would trigger an Exec['refresh_stunnel']. Because of this, and the ordering hints that were in place, the service would get started, and then the couchdb databases, users, designs, etc. were being put into place and then a stunnel client was created, triggering the refresh_stunnel exec, which would cause an interruption in the connectivity and result in failures. This change replaces the Service['stunnel'] hint with the the Exec['refresh_stunnel'] to make sure that the stunnels are fully setup before attempting couch operations. Change-Id: I33ddd24884b3c23a1df5555ca53ca65cd703da50
2014-11-02add missing TLSv1 sslversion parameter to site_stunnel::serviersMicah Anderson
Change-Id: I48dc8135943393bd11c7181853985f4a5799011e
2014-11-01stop using bad nist curve for ssh host key (#6294)Micah Anderson
update port parameter in site_sshd to be an array, otherwise puppet errors about it being a Fixnum with new sshd module Change-Id: I854d042edb98817169eef5e758d04d60d3c71dd5
2014-10-31Merge branch 'develop' of ssh://review.leap.se:29418/Platform into developvarac