Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-12-02 | Use include to avoid redeclaration of class { 'tor::daemon': }. Fixes #6479 | guido | |
Change-Id: Ibd1b1eef7afca10cf2a2d56a24e703636d6a52c6 | |||
2014-12-02 | Use $hostname to locate tor.key. Fixes #6478 | guido | |
Change-Id: Ibbe3687d5a773b444f6e9145bf235aaeea637e1d | |||
2014-12-02 | minor linting | Micah Anderson | |
Change-Id: Idf550ed004bcb42d6e19ac0a2c5286f52a390935 | |||
2014-12-01 | Increase the nagios alert thresholds for bigcouch open file descriptors (#6473) | Micah Anderson | |
Change-Id: I2549d781427fffc865c2bdcd1e950d60dad509fd | |||
2014-12-01 | Increase nagios max_checks_attempts from 1 to 4 so notifications won't be ↵ | varac | |
sent out on first failed check_mk check (Bug #6461) Change-Id: I1bd47b3c3d17508488a4db90d74118006d85a03a | |||
2014-12-01 | ignore ntp check because it's flapping to often (Bug #6407) | varac | |
Change-Id: I52e19bbdfcf6576bd9c247d99aace47eb86c8116 | |||
2014-11-30 | minor: ensure there is only one tapicero process | elijah | |
2014-11-30 | pin tapicero to version/0.6 | elijah | |
2014-11-25 | Merge remote-tracking branch 'elijah/bugfix/atomictests' into develop | Micah Anderson | |
2014-11-25 | atomic tests for webapp api | elijah | |
2014-11-25 | include a host information in ssh_config for ever possible host a given node ↵ | elijah | |
might communicate with. this includes port and host key algorithm. closes #6432 | |||
2014-11-24 | bind webapp to version/0.6 branch | elijah | |
2014-11-24 | fixed bug when there is no vpn service | elijah | |
2014-11-23 | Merge remote-tracking branch 'elijah/feature/soledadtest' into develop | Micah Anderson | |
2014-11-23 | fix dependency on x509 ca_bundle class (#6410) | Micah Anderson | |
Change-Id: Ia1e7009240d61464d7ba45ad07291664f6a3b768 | |||
2014-11-21 | Merge "Fix Check_mk notifications (Bug #6403)" into develop0.6.0rc1 | Varac | |
2014-11-20 | Fix Check_mk notifications (Bug #6403) | varac | |
Let check_mk put all hosts into the same "admin" contactgroup, which is defined as default contactgroup by nagios. Change-Id: I13b434925711ef2037de0cf6e919ce39a8255a94 | |||
2014-11-20 | ship a modified runit config for bigcouch that raises the open file | Micah Anderson | |
descriptor limits to account for bigcouch sync spikes (#4935) Change-Id: I242fba31f961b6139ec641e1708b170f5c0d009b | |||
2014-11-20 | Make sure openvpn is restarted when cert/key change (#6405) | Micah Anderson | |
I reformatted the section below for consistency. Change-Id: I18f5e23850e0c1ab4b1f2ee467d5af54ae9ff303 | |||
2014-11-20 | Make sure that stunnel restarts when cert/key change (#6181) | Micah Anderson | |
Change-Id: I5085247a87018e18e73833119ac73225afbfea1e | |||
2014-11-20 | specify the destination IP for DNAT rules for gateway addresses on port 443 ↵ | Micah Anderson | |
(#6388) Previously the DNAT rule would redirect the incoming port 443 requests to openvpn, which was the wrong thing to do on the primary IP (but the right thing to do on the openvpn gateway IPs). This manifested in the webapp not being available when it was also configured as a service on the node. Change-Id: Ic8c6b6c0389859fab168a7df687351e11263277a | |||
2014-11-20 | minor linting | Micah Anderson | |
Change-Id: I6d04cc7e028e86ee0012d96d7ef075fdd7ecef19 | |||
2014-11-19 | test if soledad daemon is running | elijah | |
2014-11-15 | don't enable Tor DirPort if openvpn is running on port 80 (Bug #6377) | Micah Anderson | |
We need to check the openvpn hiera value, which may or may not be set. If it is not set, then we need to not lookup the $openvpn['ports]' values or we will get an error because it wont be the correct type. If we do have it, then $openvpn_ports gets set with the hash, otherwise it gets set to an empty hash (otherwise puppet will complain when we try to query the member() later with "member(): Requires array to work with"). Finally, if it is set to port 80, we don't include the tor::daemon::directory Change-Id: Ic366c72e966cae9d611e8fe5aa7ea7943be51241 | |||
2014-11-15 | Merge remote-tracking branch 'gerrit/develop' into develop | Micah Anderson | |
2014-11-16 | Merge "add local 50unattended-upgrades to fix unattended-upgrades not ↵ | micah anderson | |
upgrading leap packages (#4425)" into develop | |||
2014-11-15 | Merge branch 'feature/4425' into develop | Micah Anderson | |
2014-11-13 | Merge remote-tracking branch 'elijah/bugfix/mtu' into develop | Micah Anderson | |
2014-11-11 | Merge remote-tracking branch 'elijah/newtests' into develop | Micah Anderson | |
2014-11-10 | change default openvpn fragment size back to 1500 so we don't break backward ↵ | elijah | |
compatibility with older clients | |||
2014-11-10 | openvpn - support customizing --fragment, and set default to 1400 | elijah | |
2014-11-10 | tests - added test that creates user, authenticates, deletes user | elijah | |
2014-11-08 | minor linting, arrow lining up | Micah Anderson | |
Change-Id: Ibd08529b7d1c4fc22bcd0ca36e518afa5b8f6d24 | |||
2014-11-08 | Only enable the tor DirPort options on an exit if the node isn't also a | Micah Anderson | |
webapp node (#6336) Change-Id: Ib70bbd8fe7b94b7a1bfb09390d5dd1c535f2da16 | |||
2014-11-08 | Don't configure the tor DirPort options if the node is not an exit (#6335) | Micah Anderson | |
Change-Id: I4c7fb20b6da6f6a5bb2dd5af70511a28d4581174 | |||
2014-11-07 | Merge remote-tracking branch 'gerrit/develop' into develop | Micah Anderson | |
2014-11-07 | Better check for tor hidden service on a webapp node. | guido | |
Change-Id: I92f69b6fa30aae953243ae19096e2998810c9ac6 | |||
2014-11-04 | revert 5787c97b6f73dacae7f01adeff203287007c381d: | Micah Anderson | |
stop using bad nist curve for ssh host key (#6294) We need to transition smoother (see #6319) Change-Id: I8bee032aef9502a7d4b701b99719fbfb3b7169da | |||
2014-11-04 | Merge remote-tracking branch 'gerrit/develop' into develop | Micah Anderson | |
2014-11-04 | Adds support for Tor hidden service on webapp (Feature #6273) | guido | |
Change-Id: I56250e05e3a933deacd0b6e02192e712d3fd9fd5 | |||
2014-11-04 | tor - to activate hidden service, now set tor.hidden_service.active = true | elijah | |
2014-11-04 | tor - to activate hidden service, now set tor.hidden_service.active = true | elijah | |
2014-11-04 | add local 50unattended-upgrades to fix unattended-upgrades not upgrading | Micah Anderson | |
leap packages (#4425) Change-Id: I78c00c4410ff9f712206f95854d8803e43acb286 | |||
2014-11-04 | change ordering hints to use refresh_stunnel exec instead of service (#6287) | Micah Anderson | |
In a multi-node couch deployment, it was observed that the Service['stunnel'] would be activated, and then later a stunnel::client was created which would trigger an Exec['refresh_stunnel']. Because of this, and the ordering hints that were in place, the service would get started, and then the couchdb databases, users, designs, etc. were being put into place and then a stunnel client was created, triggering the refresh_stunnel exec, which would cause an interruption in the connectivity and result in failures. This change replaces the Service['stunnel'] hint with the the Exec['refresh_stunnel'] to make sure that the stunnels are fully setup before attempting couch operations. Change-Id: I33ddd24884b3c23a1df5555ca53ca65cd703da50 | |||
2014-11-02 | add missing TLSv1 sslversion parameter to site_stunnel::serviers | Micah Anderson | |
Change-Id: I48dc8135943393bd11c7181853985f4a5799011e | |||
2014-11-01 | stop using bad nist curve for ssh host key (#6294) | Micah Anderson | |
update port parameter in site_sshd to be an array, otherwise puppet errors about it being a Fixnum with new sshd module Change-Id: I854d042edb98817169eef5e758d04d60d3c71dd5 | |||
2014-10-31 | Merge branch 'develop' of ssh://review.leap.se:29418/Platform into develop | varac | |
2014-10-31 | Fix deprecated dynamic lookups of variables in site_couchdb (#6286) | Micah Anderson | |
Change-Id: I318944a6872a53ff9c533704514da339426d9401 | |||
2014-10-31 | add support for property tor.key | elijah | |
2014-10-29 | added webapp.forbidden_usernames property to allow configuration of ↵ | elijah | |
usernames to block. |