summaryrefslogtreecommitdiff
path: root/provider_base
AgeCommit message (Collapse)Author
2014-06-25Merge branch 'develop' into feature/couchelijah
2014-06-25more friendly error message in `leap compile` when commercial certificate is ↵elijah
missing.
2014-06-23hand replication credentials to tapiceroAzul
2014-06-21haproxy: support read only couchdb mirrorselijah
2014-06-21fix stunnel entries in mx.json and webapp.jsonelijah
2014-06-20moved json macros to provider_base/lib/macros. requires new unreleased leap_clielijah
2014-06-20add replication userAzul
2014-06-20tmp comment out error if no master nodes definedelijah
2014-06-20new generic system for stunnel: just `include site_stunnel` and stunnel + ↵elijah
needed shorewall will be automatically set up. requires new leap_cli
2014-06-19fix typo in _couchdb_multimaster.jsonelijah
2014-06-19couchdb: generate hiera files suitable for plain couchdb + read-only mirrorselijah
2014-06-17allow webapp.json to configure what engines are enabledelijah
2014-06-02static site: gracefully handle static sites that are not configured.elijah
2014-06-02static site: added rack support, added custom apache configelijah
2014-06-02added support for /provider.json served from static site.elijah
2014-05-20add support for webapp on subdomainelijah
2014-05-20changed the default service levels to be more minimal, because it is ↵elijah
currently impossible to entirely overwrite the service.levels hash.
2014-05-17fix bug with empty tor familieselijah
2014-05-14use hash for provider service levelsAzul
We want to access service levels by means of the id stored in the user record. With a hash we don't have to loop through all elements to find the one with a given id and still can use arbitrary strings and do not rely on the order of the array. Also it's the format the webapp is expecting right now.
2014-05-13Revert "update cipher configuration for openvpn to use the IANA name"Micah Anderson
This reverts commit ae50675e9095750cee9810237fb6b9f60030dae4. Older openssl implementations (wheezy, android, others) aren't able to parse this newer string, so reverting to the deprecated name until we are sure the support is there
2014-05-06update cipher configuration for openvpn to use the IANA name, due toMicah Anderson
deprecation warning: 2014-05-06 18:10:23,594 - INFO - L#826 : leap.openvpn:outReceived() - Tue May 6 18:10:23 2014 Deprecated TLS cipher name 'DHE-RSA-AES128-SHA', please use IANA name 'TLS-DHE-RSA-WITH-AES-128-CBC-SHA' Change-Id: I159b26604993d38806fcb7c2ed8f6de8138999f7
2014-05-06add the tun-ipv6 configuration to the eip-service (#4163)Micah Anderson
Change-Id: I4781f0c3e1c74f5a45217a4d631603fa1a622fd6
2014-04-24bring service_levels into webapp config - #5527Azul
including the default_service_level
2014-04-24tor: provide a default 'nickname' (something likeMicah Anderson
"rabbitLKJYW23695JGLKJ" where rabbit is the node name). Stop shipping a static 'family' and instead provide a comma separated list of node tor nicknames. (#5220) Change-Id: I479f460ab230ad440f72c78dc6362983387ce12a
2014-04-08minor: allow manual override of 'services' in provider.jsonelijah
2014-04-05revert openvpn tls-cipher: closes https://leap.se/code/issues/5429elijah
2014-04-05openvpn: allow for configurable keepalive (aka ping & ping-restart) closes ↵elijah
https://leap.se/code/issues/4127
2014-04-04Merge branch '0.5' into developMicah Anderson
Conflicts: provider_base/services/tor.json Change-Id: I826579945a0d93c43384f0fd12c9833762b084cf
2014-04-02Merge pull request #20 from elijh/feature/openvpn-configvarac
allow ability to customize openvpn security options
2014-04-01Fix for Openstack/Amazon special case needing to allow ec2_public_ipv4Micah Anderson
in mynetworks (#5427) Change-Id: Iee954f8cacd852f8c7c598c68a8793a3523c0132
2014-04-01Include all the ips that are allowed to send mail through the relay inMicah Anderson
the mynetworks parameter. Previously we only allowed other mx servers to relay to each other, but this prevents system mail from non-mx nodes from getting out. Fixes "Helo command rejected: You are not in domain bitmask.net (in reply to RCPT TO command))" (#5343) Change-Id: I5e204958cb235808eedc3a1724fb2dc6c7a5b73b
2014-03-26contacts.tor must be an arrayelijah
2014-03-23modules/site_static: part 1 - amberelijah
2014-03-20allow ability to customize openvpn security stuff: tls-cipher, auth, and ↵elijah
cipher config options.
2014-03-14added support for environment specific providers (e.g. ↵elijah
provider.production.json). requires latest leap_cli.
2014-02-27Merge branch 'webapp_check' into 0.6varac
2014-02-27Merge branch 'one_monitornode_rules_them_all' into 0.6varac
2014-02-27fixed more places where passwords were set to the wrong environment.elijah
2014-02-27fixed more places where passwords were set to the wrong environment.elijah
2014-02-27include nagios_test user credentials in webapp hiera filesvarac
2014-02-27provide nagios_test_pw in hiera filesvarac
2014-02-27new monitor hosts rule: local environment monitors just see local machines, ↵elijah
other monitors see the nodes from all environments (except local)
2014-02-27fixed horrible bug that caused all environments to use the same couchdb ↵elijah
soledad password.
2014-02-27fixed horrible bug that caused all environments to use the same couchdb ↵elijah
soledad password.
2014-02-12include monitor node also into nagios hash so check-mk-agent can run on ↵varac
monitor host itself via ssh to localhost (requires latest leap_cli)
2014-02-12include monitor node into hosts hash so check-mk-agent can run on monitor ↵varac
host itself via ssh to localhost (requires latest leap_cli)
2014-02-10Merge remote-tracking branch 'elijah/feature/known_hosts' into 4982_check_mkvarac
Conflicts: platform.rb
2014-02-09deploy a valid /etc/ssh/ssh_known_hosts for all nodes (requires new leap_cli)elijah
2014-02-07Merge remote-tracking branch 'origin/develop' into 4982_check_mkvarac
Conflicts: platform.rb provider_base/services/monitor.json
2014-02-07monitor nodes get all nodes listed in /etc/hostselijah