summaryrefslogtreecommitdiff
path: root/provider_base
AgeCommit message (Collapse)Author
2014-06-25new generic system for stunnel: just `include site_stunnel` and stunnel + ↵elijah
needed shorewall will be automatically set up. requires new leap_cli
2014-06-25couchdb: generate hiera files suitable for plain couchdb + read-only mirrorselijah
2014-06-25fix commercial cert usage with mx and monitor nodes.elijah
2014-06-25more friendly error message in `leap compile` when commercial certificate is ↵elijah
missing.
2014-06-17allow webapp.json to configure what engines are enabledelijah
2014-06-02static site: gracefully handle static sites that are not configured.elijah
2014-06-02static site: added rack support, added custom apache configelijah
2014-06-02added support for /provider.json served from static site.elijah
2014-05-20add support for webapp on subdomainelijah
2014-05-20changed the default service levels to be more minimal, because it is ↵elijah
currently impossible to entirely overwrite the service.levels hash.
2014-05-17fix bug with empty tor familieselijah
2014-05-14use hash for provider service levelsAzul
We want to access service levels by means of the id stored in the user record. With a hash we don't have to loop through all elements to find the one with a given id and still can use arbitrary strings and do not rely on the order of the array. Also it's the format the webapp is expecting right now.
2014-05-13Revert "update cipher configuration for openvpn to use the IANA name"Micah Anderson
This reverts commit ae50675e9095750cee9810237fb6b9f60030dae4. Older openssl implementations (wheezy, android, others) aren't able to parse this newer string, so reverting to the deprecated name until we are sure the support is there
2014-05-06update cipher configuration for openvpn to use the IANA name, due toMicah Anderson
deprecation warning: 2014-05-06 18:10:23,594 - INFO - L#826 : leap.openvpn:outReceived() - Tue May 6 18:10:23 2014 Deprecated TLS cipher name 'DHE-RSA-AES128-SHA', please use IANA name 'TLS-DHE-RSA-WITH-AES-128-CBC-SHA' Change-Id: I159b26604993d38806fcb7c2ed8f6de8138999f7
2014-05-06add the tun-ipv6 configuration to the eip-service (#4163)Micah Anderson
Change-Id: I4781f0c3e1c74f5a45217a4d631603fa1a622fd6
2014-04-24bring service_levels into webapp config - #5527Azul
including the default_service_level
2014-04-24tor: provide a default 'nickname' (something likeMicah Anderson
"rabbitLKJYW23695JGLKJ" where rabbit is the node name). Stop shipping a static 'family' and instead provide a comma separated list of node tor nicknames. (#5220) Change-Id: I479f460ab230ad440f72c78dc6362983387ce12a
2014-04-08minor: allow manual override of 'services' in provider.jsonelijah
2014-04-05revert openvpn tls-cipher: closes https://leap.se/code/issues/5429elijah
2014-04-05openvpn: allow for configurable keepalive (aka ping & ping-restart) closes ↵elijah
https://leap.se/code/issues/4127
2014-04-04Merge branch '0.5' into developMicah Anderson
Conflicts: provider_base/services/tor.json Change-Id: I826579945a0d93c43384f0fd12c9833762b084cf
2014-04-02Merge pull request #20 from elijh/feature/openvpn-configvarac
allow ability to customize openvpn security options
2014-04-01Fix for Openstack/Amazon special case needing to allow ec2_public_ipv4Micah Anderson
in mynetworks (#5427) Change-Id: Iee954f8cacd852f8c7c598c68a8793a3523c0132
2014-04-01Include all the ips that are allowed to send mail through the relay inMicah Anderson
the mynetworks parameter. Previously we only allowed other mx servers to relay to each other, but this prevents system mail from non-mx nodes from getting out. Fixes "Helo command rejected: You are not in domain bitmask.net (in reply to RCPT TO command))" (#5343) Change-Id: I5e204958cb235808eedc3a1724fb2dc6c7a5b73b
2014-03-26contacts.tor must be an arrayelijah
2014-03-23modules/site_static: part 1 - amberelijah
2014-03-20allow ability to customize openvpn security stuff: tls-cipher, auth, and ↵elijah
cipher config options.
2014-03-14added support for environment specific providers (e.g. ↵elijah
provider.production.json). requires latest leap_cli.
2014-02-27Merge branch 'webapp_check' into 0.6varac
2014-02-27Merge branch 'one_monitornode_rules_them_all' into 0.6varac
2014-02-27fixed more places where passwords were set to the wrong environment.elijah
2014-02-27fixed more places where passwords were set to the wrong environment.elijah
2014-02-27include nagios_test user credentials in webapp hiera filesvarac
2014-02-27provide nagios_test_pw in hiera filesvarac
2014-02-27new monitor hosts rule: local environment monitors just see local machines, ↵elijah
other monitors see the nodes from all environments (except local)
2014-02-27fixed horrible bug that caused all environments to use the same couchdb ↵elijah
soledad password.
2014-02-27fixed horrible bug that caused all environments to use the same couchdb ↵elijah
soledad password.
2014-02-12include monitor node also into nagios hash so check-mk-agent can run on ↵varac
monitor host itself via ssh to localhost (requires latest leap_cli)
2014-02-12include monitor node into hosts hash so check-mk-agent can run on monitor ↵varac
host itself via ssh to localhost (requires latest leap_cli)
2014-02-10Merge remote-tracking branch 'elijah/feature/known_hosts' into 4982_check_mkvarac
Conflicts: platform.rb
2014-02-09deploy a valid /etc/ssh/ssh_known_hosts for all nodes (requires new leap_cli)elijah
2014-02-07Merge remote-tracking branch 'origin/develop' into 4982_check_mkvarac
Conflicts: platform.rb provider_base/services/monitor.json
2014-02-07monitor nodes get all nodes listed in /etc/hostselijah
2014-02-06added support for monitor ssh keys (requires latest leap_cli)elijah
2014-02-06move leap_webapp.conf template to common.conf which is included by the ↵varac
nagios and webapp node (#5096)
2014-01-02added support for minimum client version checkingelijah
2013-12-19Set mynetworks to include any mx server in the provider to allow them to0.5.0rc1Micah Anderson
Helo as the domain (#4495) Change-Id: I6c8ac28faceb8b0c6129a606ede04837efd3d261
2013-12-18set x509 use to true for all nodes, we need a cert for relaying usingMicah Anderson
TLS (#1910) Change-Id: I347178f2a172e4be6af8c0c76d801b3c769235cd
2013-11-28fix soledad couchdb hiera variables, part iiMicah Anderson
Change-Id: Ie0028056767358c4fe6796edd5ba4435e86a0cb3
2013-11-28fix soledad couchdb hiera variablesMicah Anderson
Change-Id: I0882fc993b407eddc40c03838050d42c0443bd3d