summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-09-24added firewall information to nodes (needed for `leap compile firewall`)elijah
2015-09-24fix missing service dependency errorMicah
this tidy should only happen on webapp nodes Change-Id: I56faac4fa28fde9dcad7ce9a6ed0d684630a556e
2015-09-24Remove no longer used vhost for leap_webapp (#7475)Micah
The configuration /etc/apache/sites-enabled/leap_webapp.conf was never removed after 6255e58bf9ff3489bf2707bc2be9759ec5c7db68 made it obsolete, and because it exists on older systems, it is being used instead of the correct common.conf. This removes it and reloads apache. Change-Id: Ic4c9901f4bba869ecb3dfe5362dfd1971570f89a
2015-09-20automatic update of submodule aptkwadronaut
2015-09-15fix vagrant ssh private key pathelijah
2015-09-15Fix server-status availability to tor hidden services (#7456)Micah Anderson
Make the server-status information unavailable by putting the vhost on a port that isn't configured as available to the tor hidden-service. Change-Id: Idd3bfefb5b7fc26fb0a8cf48cdf6afc68a4192bb
2015-09-15Merge branch 'feature/rewrite_openpgp_header_7413' into developMicah Anderson
Change-Id: I42a1ef661dc55fb8110e82e930f67679c3dff1f8
2015-09-15make couchdb.admin.yml only readable by root, make non-admin cron run as ↵elijah
webapp user.
2015-09-15service definition .json files should not refer to properties inherited from ↵elijah
common.json. closes #7423
2015-09-15minor lintingMicah Anderson
Change-Id: If92faee5f877301bf23564d5b6e71c4b1263de54
2015-09-15fix incorrect name for vagrant ssh public key fileelijah
2015-09-14Added help/warning if running tunnel command without TCP forwarding enabled.elijah
2015-09-14Merge remote-tracking branch 'micah/hiera_defaults_7443' into developvarac
2015-09-11Merge branch 'bugfix/mxaliases' into developelijah
2015-09-11switch aliases to use virtual_alias_mapselijah
2015-09-11Merge remote-tracking branch 'elijah/feature/sshconfig' into developMicah Anderson
2015-09-10sshd: let nodes change default AllowTcpForwardingelijah
2015-09-10fix various problems with webapp config generationelijah
2015-09-10Make sure hiera values have valid defaults if they are not specified (#7443)Micah Anderson
Change-Id: Ib701886ad26c5e39ccd669fadca81404b5c0426a
2015-09-10Fix clients being blocked by RBLs (#7431)Micah Anderson
Valid users submitting mail to be delivered should not be blocked by configured RBLs. Settings in main.cf are valid and used globally, unless they are overridden in master.cf for specific Postfix daemons. We have set in main.cf the smtp_client_restrictions parameter to check for configured rbls, so we need to override that and empty it in order to allow valid clients to send mail, even when their IP is listed in an RBL. Note: most users will typically be connecting via VPN, so their IP would typically be replaced by the VPN gateway one, but there are cases where this is still useful. Change-Id: Ie4171113c78ae2814402a1ed9b5343280cbf79d1
2015-09-10Merge branch 'develop' of ssh://code.leap.se/leap_platform into developvarac
2015-09-10Don't exit after failed deployvarac
Sometimes only trivial things fail that doesn't affect basic functionallity. Change-Id: I9d9d1a531a11e6eeee6fd823a51bb02e99771ec2
2015-09-10use vagrant user for configuring provider with leap_cli (new leap_cli ↵varac
version complain when called by root) we don't need to enable ssh pw auth because we're now using the vagrant user that has ssh key-based auth configured already. Change-Id: I5e28e6f5c71724573ff11def5b96142e8eb8b185
2015-09-10moved leap_cli installation to leap modulevarac
Change-Id: I385f7877d0816456e7c57179511604645a4740bc
2015-09-09ensure that the webapp has the service levels config it requires.elijah
2015-09-09updates to zone compile and tags/development.json to be compatible with the ↵elijah
definition of 'domain' in provider.env.json.
2015-09-08rewrite openpgp header to be always correct (#7413)Micah Anderson
The openpgp header added by the client is sometimes incorrect, because the client doesn't actually know what the proper URL is for the webapp. The server knows, however. Change-Id: I2243b19a6337d8e0be97590e2ca9c9c0b0fffdac
2015-09-03make couchdb.admin.yml only readable by root, make non-admin cron run as ↵elijah
webapp user.
2015-09-03service definition .json files should not refer to properties inherited from ↵elijah
common.json. closes #7423
2015-08-31Merge branch 'feature/mxalias' into developelijah
2015-08-31mx: added mx.key_lookup_domain propertyelijah
2015-08-27updated nagios submodulevarac
Change-Id: Iae76f9ca03baf459ae8ea044ea6aecfc73a41b3a
2015-08-27Merge branch '6847_improve_nagios_mail_subject' into developvarac
2015-08-27Merge branch '7375_disable_checkmk_logwatch_for_bigcouch' into developvarac
2015-08-21add support for configurable mail alias mapselijah
2015-08-19automatically regenerate certs if the ca changeselijah
2015-08-19allow ca_cert_uri to be configuredelijah
2015-08-19fix vagrant key pathelijah
2015-08-19mv commands and macros to lib/leap_clielijah
2015-08-13Increase readability of nagios notification mail subjects (#6847)varac
Change-Id: Ic9af9ef3602abbb51edf1c9d71d4d264b4ace714
2015-08-12Don't use check_mk logwatch to watch bigcouch logs anymore (#7375)varac
The rationale here is: - bigcouch/its included erlang version is incredibly noisy and spits out warnings/error msgs all the time - it uses the worst logging format i ever saw, multiple lines directly to a file (couch 2.0 uses lager as logging backend which can log to syslog) - trying to sort out the false positives will take too much time, and who knows which of them will be resolved in couch 1.6/2.0 Change-Id: Idbe6b37a19cd65ce31a50d4c28eedb4cf15ba3b5
2015-08-07move 'enabled service' calculation to a macro.elijah
2015-08-07set platform version 0.8, pin to leap_cli 1.8elijah
2015-08-03allow_registration should always be false if enrollment_policy is 'closed'elijah
2015-08-03webapp: add support for customizing localeselijah
2015-07-28Support RBL blocking of incoming mail (#5923)Micah Anderson
Set zen.spamhaus as the default rbl Change-Id: Ic3537d645c80ba42267bab370a1cf77730382158
2015-07-23update CHANGES.md for the latest set of information0.7.1Micah Anderson
Change-Id: I06e29515a28af8688d839fffa01a3dfe7fc8a2fc
2015-07-21Merge remote-tracking branch 'kwadrolab/static-amber-7231' into developMicah Anderson
Conflicts: puppet/modules/site_static/manifests/init.pp Change-Id: I090b1cb3cbe3c4d01a2c640ae3a370b17e722e12
2015-07-21Increase tapicero heatbeat nagios checks (#7275)Micah Anderson
Increase warning/critical thresholds for time between tapicero heartbeat checks so it will emit less false positives Change-Id: I0f97373d88658b7f17b2c4e8c1963198dc3f66ed
2015-07-21Fix leap-mx logrotation to work with twistd (#7058)Micah Anderson
We don't want to try and create the log file, twistd will do that. Don’t rename the log file from mx.log to mx.log.0, instead just copy it to mx.log.1, and then clear out mx.log so it’s empty (this is needed because leap-mx might assume that its file descriptor is still valid and continue trying to write to it, without this, leap-mx might lose data because it’ll assume the original log file is still around and continue to write to it, even though it’s gone)It’s a little dangerous because it’s possible that you might lose some logged data between the time that logrotate copies the new log file and truncates the old file (Caveat administrator). Finally, we don't want logrotate to complain if it finds mx.log, its ok if its there. Change-Id: I9952627f4d47e7a89a2915f6b72d82f9e6ca0d8b