Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-04-01 | Fix for Openstack/Amazon special case needing to allow ec2_public_ipv4 | Micah Anderson | |
in mynetworks (#5427) Change-Id: Iee954f8cacd852f8c7c598c68a8793a3523c0132 | |||
2014-04-01 | Include all the ips that are allowed to send mail through the relay in | Micah Anderson | |
the mynetworks parameter. Previously we only allowed other mx servers to relay to each other, but this prevents system mail from non-mx nodes from getting out. Fixes "Helo command rejected: You are not in domain bitmask.net (in reply to RCPT TO command))" (#5343) Change-Id: I5e204958cb235808eedc3a1724fb2dc6c7a5b73b | |||
2014-03-26 | contacts.tor must be an array | elijah | |
2014-03-23 | modules/site_static: part 1 - amber | elijah | |
2014-03-20 | allow ability to customize openvpn security stuff: tls-cipher, auth, and ↵ | elijah | |
cipher config options. | |||
2014-03-14 | added support for environment specific providers (e.g. ↵ | elijah | |
provider.production.json). requires latest leap_cli. | |||
2014-02-27 | Merge branch 'webapp_check' into 0.6 | varac | |
2014-02-27 | Merge branch 'one_monitornode_rules_them_all' into 0.6 | varac | |
2014-02-27 | fixed more places where passwords were set to the wrong environment. | elijah | |
2014-02-27 | fixed more places where passwords were set to the wrong environment. | elijah | |
2014-02-27 | include nagios_test user credentials in webapp hiera files | varac | |
2014-02-27 | provide nagios_test_pw in hiera files | varac | |
2014-02-27 | new monitor hosts rule: local environment monitors just see local machines, ↵ | elijah | |
other monitors see the nodes from all environments (except local) | |||
2014-02-27 | fixed horrible bug that caused all environments to use the same couchdb ↵ | elijah | |
soledad password. | |||
2014-02-27 | fixed horrible bug that caused all environments to use the same couchdb ↵ | elijah | |
soledad password. | |||
2014-02-12 | include monitor node also into nagios hash so check-mk-agent can run on ↵ | varac | |
monitor host itself via ssh to localhost (requires latest leap_cli) | |||
2014-02-12 | include monitor node into hosts hash so check-mk-agent can run on monitor ↵ | varac | |
host itself via ssh to localhost (requires latest leap_cli) | |||
2014-02-10 | Merge remote-tracking branch 'elijah/feature/known_hosts' into 4982_check_mk | varac | |
Conflicts: platform.rb | |||
2014-02-09 | deploy a valid /etc/ssh/ssh_known_hosts for all nodes (requires new leap_cli) | elijah | |
2014-02-07 | Merge remote-tracking branch 'origin/develop' into 4982_check_mk | varac | |
Conflicts: platform.rb provider_base/services/monitor.json | |||
2014-02-07 | monitor nodes get all nodes listed in /etc/hosts | elijah | |
2014-02-06 | added support for monitor ssh keys (requires latest leap_cli) | elijah | |
2014-02-06 | move leap_webapp.conf template to common.conf which is included by the ↵ | varac | |
nagios and webapp node (#5096) | |||
2014-01-02 | added support for minimum client version checking | elijah | |
2013-12-19 | Set mynetworks to include any mx server in the provider to allow them to0.5.0rc1 | Micah Anderson | |
Helo as the domain (#4495) Change-Id: I6c8ac28faceb8b0c6129a606ede04837efd3d261 | |||
2013-12-18 | set x509 use to true for all nodes, we need a cert for relaying using | Micah Anderson | |
TLS (#1910) Change-Id: I347178f2a172e4be6af8c0c76d801b3c769235cd | |||
2013-11-28 | fix soledad couchdb hiera variables, part ii | Micah Anderson | |
Change-Id: Ie0028056767358c4fe6796edd5ba4435e86a0cb3 | |||
2013-11-28 | fix soledad couchdb hiera variables | Micah Anderson | |
Change-Id: I0882fc993b407eddc40c03838050d42c0443bd3d | |||
2013-11-28 | remove leap_mx admin user and fix leap_mx couchdb hiera variables | Micah Anderson | |
Change-Id: I052576279d8a47313cd99412fdd7b715daa73374 | |||
2013-11-28 | remove nickserver admin user, and fix nickserver couchdb hiera variables | Micah Anderson | |
Change-Id: I5bdb6b946becdc95cadc92651c06e66b826e2698 | |||
2013-11-28 | remove admin access from nickserver | Micah Anderson | |
Change-Id: If7fff4c2b839cef5807ee8cee1355aea4dc719a8 | |||
2013-11-28 | remove admin access from soledad | Micah Anderson | |
Change-Id: I7c516c6a4ba26d2c5cebe19a9bff66eae3bd430f | |||
2013-11-27 | add the tapicero couchdb user, and appropriate roles | Micah Anderson | |
Change-Id: I41e9a73c8d04d5a2d74b41c8e32aca9906f3a4cf | |||
2013-11-27 | add nickserver couchdb user, set it to have 'identities' role | Micah Anderson | |
Change-Id: I06723ccf2ba040204e9fc5256c99a1faad6abb5f | |||
2013-11-27 | add leap_mx couchdb user/password | Micah Anderson | |
Change-Id: Ice83115e0feabddd40ad74c2a6e98e24da9b4c2f | |||
2013-11-27 | pretty reformat couchdb.json and site_couchdb/manifests/init.pp, ↵ | Micah Anderson | |
alphabetizing couchdb users Change-Id: I88264d32e9381f826652d1631083ba371e2b1b54 | |||
2013-11-22 | improvements to webapp deployment: allow for greater customization, allow ↵ | elijah | |
for custom git source, improve apache config. | |||
2013-11-22 | added custom index.html | elijah | |
2013-11-01 | Change SMTP port to 465 in smtp-service.json (Feature #4339) | varac | |
2013-10-15 | produce a hash for nagios.hosts | elijah | |
2013-10-10 | added mail.smarthost variable to hiera | varac | |
2013-10-10 | provide global.provider.contacts.default on every node, no need to add in ↵ | varac | |
services/mx.json again | |||
2013-09-21 | ensure that contacts.default is an array, and is required (requires latest ↵ | elijah | |
leap_cli). | |||
2013-09-20 | use newer haproxy_servers macro in order to allow couchdb and webapp to be ↵ | elijah | |
on the same node (requires latest leap_cli) | |||
2013-09-18 | Include content of client_ca.crt and client_ca.key in hiera (Feature #3874) | varac | |
2013-08-31 | postfix enable submission port using starttls, so the client can transition ↵ | Micah Anderson | |
to the more restrictive TLS wrapper mode Change-Id: I2a1728788378d9a1b79155ddb9bb4b0464b16baa | |||
2013-08-29 | Make TLS-required smtps (465) be port for sending SMTP. This is preferred ↵ | Micah Anderson | |
over 25 because that is typically blocked, and we cannot force TLS on that port due to other MTAs not being configured for this century. We don't use submission (568) because that uses STARTTLS, and the STARTTLS banner can easily be stripped by an adversary. (#3604) . enable smtps (port 465) for client submission over TLS, and require that TLS is enabled . add 465 to the allowed open ports in the firewall . change the smtp-service.json to use 465 instead of 25 note: I did not use the 'use_smtps' parameter that is available in the postfix class because it added some options that we do not want/need. Change-Id: I0040eb2dff6008a1c830d59df9963eb83dc9ea02 | |||
2013-08-15 | Revert "temp hack: deploy the webapp as couch user 'admin'" | Micah Anderson | |
This reverts commit 8c038fea91adc87adf9e408c16e2f0ec9838e3d2. | |||
2013-08-01 | run soledad daemon using the configured port. | elijah | |
2013-08-01 | add a requirement to soledad.json that soledad service is found on a couchdb | Micah Anderson | |
node, if it is not, it will fail to compile this requires a newer leap_cli, so I've bumped the compatibility requirement Change-Id: Ie1061798d058087126163793b216dd5938eb95a6 |