Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-06-25 | new generic system for stunnel: just `include site_stunnel` and stunnel + ↵ | elijah | |
needed shorewall will be automatically set up. requires new leap_cli | |||
2014-06-25 | couchdb: generate hiera files suitable for plain couchdb + read-only mirrors | elijah | |
2014-06-25 | fix commercial cert usage with mx and monitor nodes. | elijah | |
2014-06-25 | more friendly error message in `leap compile` when commercial certificate is ↵ | elijah | |
missing. | |||
2014-06-17 | allow webapp.json to configure what engines are enabled | elijah | |
2014-06-02 | static site: gracefully handle static sites that are not configured. | elijah | |
2014-06-02 | static site: added rack support, added custom apache config | elijah | |
2014-06-02 | added support for /provider.json served from static site. | elijah | |
2014-05-20 | add support for webapp on subdomain | elijah | |
2014-05-20 | changed the default service levels to be more minimal, because it is ↵ | elijah | |
currently impossible to entirely overwrite the service.levels hash. | |||
2014-05-17 | fix bug with empty tor families | elijah | |
2014-05-14 | use hash for provider service levels | Azul | |
We want to access service levels by means of the id stored in the user record. With a hash we don't have to loop through all elements to find the one with a given id and still can use arbitrary strings and do not rely on the order of the array. Also it's the format the webapp is expecting right now. | |||
2014-05-13 | Revert "update cipher configuration for openvpn to use the IANA name" | Micah Anderson | |
This reverts commit ae50675e9095750cee9810237fb6b9f60030dae4. Older openssl implementations (wheezy, android, others) aren't able to parse this newer string, so reverting to the deprecated name until we are sure the support is there | |||
2014-05-06 | update cipher configuration for openvpn to use the IANA name, due to | Micah Anderson | |
deprecation warning: 2014-05-06 18:10:23,594 - INFO - L#826 : leap.openvpn:outReceived() - Tue May 6 18:10:23 2014 Deprecated TLS cipher name 'DHE-RSA-AES128-SHA', please use IANA name 'TLS-DHE-RSA-WITH-AES-128-CBC-SHA' Change-Id: I159b26604993d38806fcb7c2ed8f6de8138999f7 | |||
2014-05-06 | add the tun-ipv6 configuration to the eip-service (#4163) | Micah Anderson | |
Change-Id: I4781f0c3e1c74f5a45217a4d631603fa1a622fd6 | |||
2014-04-24 | bring service_levels into webapp config - #5527 | Azul | |
including the default_service_level | |||
2014-04-24 | tor: provide a default 'nickname' (something like | Micah Anderson | |
"rabbitLKJYW23695JGLKJ" where rabbit is the node name). Stop shipping a static 'family' and instead provide a comma separated list of node tor nicknames. (#5220) Change-Id: I479f460ab230ad440f72c78dc6362983387ce12a | |||
2014-04-08 | minor: allow manual override of 'services' in provider.json | elijah | |
2014-04-05 | revert openvpn tls-cipher: closes https://leap.se/code/issues/5429 | elijah | |
2014-04-05 | openvpn: allow for configurable keepalive (aka ping & ping-restart) closes ↵ | elijah | |
https://leap.se/code/issues/4127 | |||
2014-04-04 | Merge branch '0.5' into develop | Micah Anderson | |
Conflicts: provider_base/services/tor.json Change-Id: I826579945a0d93c43384f0fd12c9833762b084cf | |||
2014-04-02 | Merge pull request #20 from elijh/feature/openvpn-config | varac | |
allow ability to customize openvpn security options | |||
2014-04-01 | Fix for Openstack/Amazon special case needing to allow ec2_public_ipv4 | Micah Anderson | |
in mynetworks (#5427) Change-Id: Iee954f8cacd852f8c7c598c68a8793a3523c0132 | |||
2014-04-01 | Include all the ips that are allowed to send mail through the relay in | Micah Anderson | |
the mynetworks parameter. Previously we only allowed other mx servers to relay to each other, but this prevents system mail from non-mx nodes from getting out. Fixes "Helo command rejected: You are not in domain bitmask.net (in reply to RCPT TO command))" (#5343) Change-Id: I5e204958cb235808eedc3a1724fb2dc6c7a5b73b | |||
2014-03-26 | contacts.tor must be an array | elijah | |
2014-03-23 | modules/site_static: part 1 - amber | elijah | |
2014-03-20 | allow ability to customize openvpn security stuff: tls-cipher, auth, and ↵ | elijah | |
cipher config options. | |||
2014-03-14 | added support for environment specific providers (e.g. ↵ | elijah | |
provider.production.json). requires latest leap_cli. | |||
2014-02-27 | Merge branch 'webapp_check' into 0.6 | varac | |
2014-02-27 | Merge branch 'one_monitornode_rules_them_all' into 0.6 | varac | |
2014-02-27 | fixed more places where passwords were set to the wrong environment. | elijah | |
2014-02-27 | fixed more places where passwords were set to the wrong environment. | elijah | |
2014-02-27 | include nagios_test user credentials in webapp hiera files | varac | |
2014-02-27 | provide nagios_test_pw in hiera files | varac | |
2014-02-27 | new monitor hosts rule: local environment monitors just see local machines, ↵ | elijah | |
other monitors see the nodes from all environments (except local) | |||
2014-02-27 | fixed horrible bug that caused all environments to use the same couchdb ↵ | elijah | |
soledad password. | |||
2014-02-27 | fixed horrible bug that caused all environments to use the same couchdb ↵ | elijah | |
soledad password. | |||
2014-02-12 | include monitor node also into nagios hash so check-mk-agent can run on ↵ | varac | |
monitor host itself via ssh to localhost (requires latest leap_cli) | |||
2014-02-12 | include monitor node into hosts hash so check-mk-agent can run on monitor ↵ | varac | |
host itself via ssh to localhost (requires latest leap_cli) | |||
2014-02-10 | Merge remote-tracking branch 'elijah/feature/known_hosts' into 4982_check_mk | varac | |
Conflicts: platform.rb | |||
2014-02-09 | deploy a valid /etc/ssh/ssh_known_hosts for all nodes (requires new leap_cli) | elijah | |
2014-02-07 | Merge remote-tracking branch 'origin/develop' into 4982_check_mk | varac | |
Conflicts: platform.rb provider_base/services/monitor.json | |||
2014-02-07 | monitor nodes get all nodes listed in /etc/hosts | elijah | |
2014-02-06 | added support for monitor ssh keys (requires latest leap_cli) | elijah | |
2014-02-06 | move leap_webapp.conf template to common.conf which is included by the ↵ | varac | |
nagios and webapp node (#5096) | |||
2014-01-02 | added support for minimum client version checking | elijah | |
2013-12-19 | Set mynetworks to include any mx server in the provider to allow them to0.5.0rc1 | Micah Anderson | |
Helo as the domain (#4495) Change-Id: I6c8ac28faceb8b0c6129a606ede04837efd3d261 | |||
2013-12-18 | set x509 use to true for all nodes, we need a cert for relaying using | Micah Anderson | |
TLS (#1910) Change-Id: I347178f2a172e4be6af8c0c76d801b3c769235cd | |||
2013-11-28 | fix soledad couchdb hiera variables, part ii | Micah Anderson | |
Change-Id: Ie0028056767358c4fe6796edd5ba4435e86a0cb3 | |||
2013-11-28 | fix soledad couchdb hiera variables | Micah Anderson | |
Change-Id: I0882fc993b407eddc40c03838050d42c0443bd3d |