leap_platform.git - [leap

Age	Commit message (Collapse)	Author
2014-04-05	update site_static to work with new amber and have better tls ciphers	elijah

2014-04-04	Merge branch '0.5' into develop	Micah Anderson
	Conflicts: provider_base/services/tor.json Change-Id: I826579945a0d93c43384f0fd12c9833762b084cf
2014-04-02	Force satellite hosts that only speak to relayhost to have a	Micah Anderson
	smtp_tls_security_level of 'encrypt', so it is not optional (#1902) Change-Id: I61ad0823e3eb8df6c224767d63f0911dcba42a16
2014-04-02	Update TLS apache vhost TLS configuration (#5137):	Micah Anderson
	. We want to allow for TLS1.2 to be enabled (supported in wheezy) . Explicitly disable SSLCompression. This aids in protecting against the BREACH attack: see http://breachattack.com), and SPDY version 3 is vulnerable to the CRIME attack when compression is on . Switch the cipher suites to match https://wiki.mozilla.org/Security/Server_Side_TLS#Apache for these reasons: . Prefer PFS, with ECDHE first then DHE (TLS 1.2, not many implementations support this, and there are no known attacks). . Prefer AES128 to AES256 because the key schedule in AES256 is considered weaker, and maybe AES128 is more resistant to timing attacks . Prefer AES to RC4. BEAST attacks on AES are mitigated in >=TLS1.1, and difficult in TLS1.0. They are not in RC4, and likely to become more dangerous . RC4 is on the path to removal, but still present for backward compatibility Change-Id: I99a7f0ebf2ac438f075835d1cb38f63080321043
2014-04-02	Fix for satellite hosts that are unable to contact their relayhost	Micah Anderson
	because the DNS lookup is either impossible (.local domain), or incorrect (certain openstack/amazon/piston cloud configurations create this setup when the relayhost is in the same cluster as the satellite). Fixes #5225 Change-Id: Ifbc201678f2c0e97ee0e12bbf1c7f71d035d45c1
2014-04-02	Merge branch '5359_design_docs' into 0.6	varac

2014-04-02	Merge remote-tracking branch 'github/0.6' into 0.6	varac

2014-04-02	Merge pull request #20 from elijh/feature/openvpn-config	varac
	allow ability to customize openvpn security options
2014-04-02	couch design docs should be always deployed, not only on update of the ↵	varac
	design docs json files (Feature #5359)
2014-04-01	Fix for Openstack/Amazon special case needing to allow ec2_public_ipv4	Micah Anderson
	in mynetworks (#5427) Change-Id: Iee954f8cacd852f8c7c598c68a8793a3523c0132
2014-04-01	Include all the ips that are allowed to send mail through the relay in	Micah Anderson
	the mynetworks parameter. Previously we only allowed other mx servers to relay to each other, but this prevents system mail from non-mx nodes from getting out. Fixes "Helo command rejected: You are not in domain bitmask.net (in reply to RCPT TO command))" (#5343) Change-Id: I5e204958cb235808eedc3a1724fb2dc6c7a5b73b
2014-03-31	Merge branch 'feature/static_site' of https://github.com/elijh/leap_platform ↵	kwadronaut
	into elijh-feature/static_site Conflicts: puppet/modules/site_config/manifests/packages/base.pp
2014-03-26	minor: fix message on stunnel test.	elijah

2014-03-26	contacts.tor must be an array	elijah

2014-03-26	Merge branch '0.6' of ssh://code.leap.se/leap_platform into 0.6	varac

2014-03-26	Merge branch '5018_dont_remove_dev_packages_on_couch_node' into 0.6	varac

2014-03-26	Merge branch '5374_openvpn_logwatch' into 0.6	varac

2014-03-26	Merge branch 'feature/cleanup-test-names' of ↵	kwadronaut
	https://github.com/elijh/leap_platform into elijh-feature/cleanup-test-names
2014-03-25	couch node: same packages removed on every (second ?) puppetrun (Feature #5018)	varac

2014-03-25	ignore openvpn TLS initialization errors (Feature #5374)	varac

2014-03-24	ensure platform.rb is utf8	elijah

2014-03-24	modules/site_static: part 2 - apache	elijah

2014-03-24	fixes #5360 adds admin@ as reserved address + linting	kwadronaut

2014-03-23	modules/site_static: part 1 - amber	elijah

2014-03-20	allow ability to customize openvpn security stuff: tls-cipher, auth, and ↵	elijah
	cipher config options.
2014-03-19	Merge branch '5306_ignore_tapicero_PreconditionFailed' into 0.6	varac

2014-03-19	Merge branch '4798_automatic_compaction' into 0.6	varac

2014-03-18	clean up the names of tests	elijah

2014-03-15	Merge remote-tracking branch 'elijah/feature/test-order' into 0.6	varac

2014-03-15	Merge remote-tracking branch 'elijah/feature/provider-env' into 0.6	varac

2014-03-14	added support for environment specific providers (e.g. ↵	elijah
	provider.production.json). requires latest leap_cli.
2014-03-13	catch errors when tapicero fails to create a userdb (Feature #5306)	varac

2014-03-13	Merge branch '5324_nagios_logging' into 0.6	varac

2014-03-13	deploy automatic compaction via platform (Feature #4798)	varac

2014-03-13	Merge branch '5239_soledad_check' into 0.6	varac

2014-03-13	Dont't archive nagios logs, use logrotate for it (Feature #5324)	varac

2014-03-13	Dont't archive nagios logs (#5324)	varac

2014-03-13	removed trailing whitespaces in nagios.cfg	varac

2014-03-12	check if soledad is working (Feature #5239)	varac

2014-03-12	Merge remote-tracking branch 'irregulator/bug/5241' into 0.6	Micah Anderson

2014-03-12	Merge branch 'develop' into 0.6	Micah Anderson

2014-03-12	Indentation fix.	irregulator

2014-03-12	DirPortFrontPage serves a static webpage only when Tor node is exit.	irregulator
	See leap.se/code/issues/5241
2014-03-08	allow for (optional) configured node order when running tests. requires ↵	elijah
	latest leap_cli to work, but won't break with older leap_cli
2014-03-05	updated submodule rubygems (#3827)	varac

2014-03-05	updated submodule rubygems (#3827)	varac

2014-03-05	use the right package dependencies for site_check_mk::agent class and subclasses	varac

2014-03-04	Merge branch 'improve_monitoring_even_more' into 0.6	varac

2014-03-04	remove trailing whitespaces from logwatch config files	varac

2014-03-04	updated submodule check_mk	varac