Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-04-24 | make sure concat fragments are put together before the openvpn service | Micah Anderson | |
is run, otherwise the openvpn service is restarted before config files are deployed (#4154) Change-Id: Ide38615714c1978bb90237986baea530c54153c3 | |||
2014-04-24 | update indentation to be standard | Micah Anderson | |
Change-Id: Ic0ac3a7e6c9ce0e5f95bab023dbbf890c31d9e1c | |||
2014-04-23 | update platform version number for 0.5.1 | Micah Anderson | |
Change-Id: I7d13d9395cd70b4de6fa7c6d5a9e5132d995ade1 | |||
2014-04-17 | update couchdb submodule to get fix for timing issue that caused 409 ↵0.5.0 | Micah Anderson | |
Conflicts in certain situations (#5523) Change-Id: I1ca67e317a7eb84f64cb7b79daa2e500f0561707 | |||
2014-04-17 | change class instantiating to be includes and organizing things in the | Micah Anderson | |
class to be more visually logical (#5269, #4590, #3712) Change-Id: I58c28c3bc62e67b25f33da3378e8146110471613 | |||
2014-04-17 | Change couchdb ordering hints (#5269, #4590, #3712): | Micah Anderson | |
. make the couchdb service start after the stunnels have been setup. This may improve the cluster membership coming online faster . replace the two Couchdb::Create_db ordering hints (for the 'users' and 'tokens' databases) with a generic Class['site_config::create_dbs'] hint. This makes it so we get the ordering hint for all databases, which we were not before, without having to individually list them . replace the two Couchdb::Add_user ordering hints (for the $couchdb_webapp_user and the $couchdb_soledad_user) with a generic ordering hint for Class['site_couchdb::add_users'] ordering hint. This makes it so we get the ordering hint for all the users, which we were not before, without having to individually list them Change-Id: Ia63e62d68d24e77a49d4ef928a2a8130ab7bccb9 | |||
2014-04-17 | add exec resources to run the couchdb tests to wait for nodes and | Micah Anderson | |
cluster membership to settle, before attempting any operations (#5269, #4590, #3712) Change-Id: Ic9826dda1c242e705ce85ae218766496bdd8ecbd | |||
2014-04-17 | fix --retry argument, the help listed it correctly, but the code was using ↵ | Micah Anderson | |
--repeat (#5119) Change-Id: I48b0ae8b3d8ab91c4ca363a2bdece46952cce5a9 | |||
2014-04-16 | run_tests: added options --retry and --wait (to keep retrying tests if there ↵ | elijah | |
is any problem). | |||
2014-04-16 | exit codes for run_tests: 0 = success, 1 = warning, 2 = failure, 3 = error. | elijah | |
2014-04-15 | Merge branch '5269_deploy_couch_docs_on_first_deploy' into develop | varac | |
2014-04-15 | configure couchdb after starting shorewall (#53) | varac | |
2014-04-15 | Merge branch 'develop' of ssh://code.leap.se/leap_platform into develop | varac | |
2014-04-15 | fix concat::setup (#5503) | varac | |
2014-04-12 | make the soledad service subscribe to package changes, cert and key changes ↵ | Micah Anderson | |
(#5499) Change-Id: Ia0efb4c129a71504a717c20e2e260a1ed83f2223 | |||
2014-04-10 | #5315 update soledad design docs | Azul | |
2014-04-10 | Merge branch '0.6' into develop | varac | |
2014-04-10 | Merge branch '5272_check_mk_resource_ordering' into develop | varac | |
2014-04-10 | fix check_mk resource dependency deploy errors (Bug #5272) | varac | |
2014-04-08 | minor: allow manual override of 'services' in provider.json | elijah | |
2014-04-06 | better system for optionally uninstalling build-essential package closes ↵ | kwadronaut | |
https://leap.se/code/issues/5426 Merge branch 'bugfix/buildessential' of https://github.com/elijh/leap_platform into elijh-bugfix/buildessential | |||
2014-04-05 | revert openvpn tls-cipher: closes https://leap.se/code/issues/5429 | elijah | |
2014-04-05 | openvpn: allow for configurable keepalive (aka ping & ping-restart) closes ↵ | elijah | |
https://leap.se/code/issues/4127 | |||
2014-04-05 | better system for optionally uninstalling build-essential package. closes ↵ | elijah | |
https://leap.se/code/issues/5426 | |||
2014-04-05 | update site_static to work with new amber and have better tls ciphers | elijah | |
2014-04-04 | Merge branch '0.5' into develop | Micah Anderson | |
Conflicts: provider_base/services/tor.json Change-Id: I826579945a0d93c43384f0fd12c9833762b084cf | |||
2014-04-04 | Merge branch '2993_setup_subclass' into 0.6 | varac | |
2014-04-02 | revert openvpn tls-cipher: closes https://leap.se/code/issues/5429 | elijah | |
2014-04-02 | Force satellite hosts that only speak to relayhost to have a | Micah Anderson | |
smtp_tls_security_level of 'encrypt', so it is not optional (#1902) Change-Id: I61ad0823e3eb8df6c224767d63f0911dcba42a16 | |||
2014-04-02 | Update TLS apache vhost TLS configuration (#5137): | Micah Anderson | |
. We want to allow for TLS1.2 to be enabled (supported in wheezy) . Explicitly disable SSLCompression. This aids in protecting against the BREACH attack: see http://breachattack.com), and SPDY version 3 is vulnerable to the CRIME attack when compression is on . Switch the cipher suites to match https://wiki.mozilla.org/Security/Server_Side_TLS#Apache for these reasons: . Prefer PFS, with ECDHE first then DHE (TLS 1.2, not many implementations support this, and there are no known attacks). . Prefer AES128 to AES256 because the key schedule in AES256 is considered weaker, and maybe AES128 is more resistant to timing attacks . Prefer AES to RC4. BEAST attacks on AES are mitigated in >=TLS1.1, and difficult in TLS1.0. They are not in RC4, and likely to become more dangerous . RC4 is on the path to removal, but still present for backward compatibility Change-Id: I99a7f0ebf2ac438f075835d1cb38f63080321043 | |||
2014-04-02 | Fix for satellite hosts that are unable to contact their relayhost | Micah Anderson | |
because the DNS lookup is either impossible (.local domain), or incorrect (certain openstack/amazon/piston cloud configurations create this setup when the relayhost is in the same cluster as the satellite). Fixes #5225 Change-Id: Ifbc201678f2c0e97ee0e12bbf1c7f71d035d45c1 | |||
2014-04-02 | Merge branch '5359_design_docs' into 0.6 | varac | |
2014-04-02 | Merge remote-tracking branch 'github/0.6' into 0.6 | varac | |
2014-04-02 | Merge pull request #20 from elijh/feature/openvpn-config | varac | |
allow ability to customize openvpn security options | |||
2014-04-02 | couch design docs should be always deployed, not only on update of the ↵ | varac | |
design docs json files (Feature #5359) | |||
2014-04-01 | Fix for Openstack/Amazon special case needing to allow ec2_public_ipv4 | Micah Anderson | |
in mynetworks (#5427) Change-Id: Iee954f8cacd852f8c7c598c68a8793a3523c0132 | |||
2014-04-01 | Include all the ips that are allowed to send mail through the relay in | Micah Anderson | |
the mynetworks parameter. Previously we only allowed other mx servers to relay to each other, but this prevents system mail from non-mx nodes from getting out. Fixes "Helo command rejected: You are not in domain bitmask.net (in reply to RCPT TO command))" (#5343) Change-Id: I5e204958cb235808eedc3a1724fb2dc6c7a5b73b | |||
2014-03-31 | Merge branch 'feature/static_site' of https://github.com/elijh/leap_platform ↵ | kwadronaut | |
into elijh-feature/static_site Conflicts: puppet/modules/site_config/manifests/packages/base.pp | |||
2014-03-26 | minor: fix message on stunnel test. | elijah | |
2014-03-26 | contacts.tor must be an array | elijah | |
2014-03-26 | Merge branch '0.6' of ssh://code.leap.se/leap_platform into 0.6 | varac | |
2014-03-26 | Merge branch '5018_dont_remove_dev_packages_on_couch_node' into 0.6 | varac | |
2014-03-26 | Merge branch '5374_openvpn_logwatch' into 0.6 | varac | |
2014-03-26 | Merge branch 'feature/cleanup-test-names' of ↵ | kwadronaut | |
https://github.com/elijh/leap_platform into elijh-feature/cleanup-test-names | |||
2014-03-25 | Move setup.pp to a subclass (site_config::setup) (Feature #2993) | varac | |
2014-03-25 | couch node: same packages removed on every (second ?) puppetrun (Feature #5018) | varac | |
2014-03-25 | ignore openvpn TLS initialization errors (Feature #5374) | varac | |
2014-03-24 | ensure platform.rb is utf8 | elijah | |
2014-03-24 | modules/site_static: part 2 - apache | elijah | |
2014-03-24 | fixes #5360 adds admin@ as reserved address + linting | kwadronaut | |