summaryrefslogtreecommitdiff
path: root/provider_base
AgeCommit message (Collapse)Author
2013-10-10provide global.provider.contacts.default on every node, no need to add in ↵varac
services/mx.json again
2013-09-21ensure that contacts.default is an array, and is required (requires latest ↵elijah
leap_cli).
2013-09-20use newer haproxy_servers macro in order to allow couchdb and webapp to be ↵elijah
on the same node (requires latest leap_cli)
2013-09-18Include content of client_ca.crt and client_ca.key in hiera (Feature #3874)varac
2013-08-31postfix enable submission port using starttls, so the client can transition ↵Micah Anderson
to the more restrictive TLS wrapper mode Change-Id: I2a1728788378d9a1b79155ddb9bb4b0464b16baa
2013-08-29Make TLS-required smtps (465) be port for sending SMTP. This is preferred ↵Micah Anderson
over 25 because that is typically blocked, and we cannot force TLS on that port due to other MTAs not being configured for this century. We don't use submission (568) because that uses STARTTLS, and the STARTTLS banner can easily be stripped by an adversary. (#3604) . enable smtps (port 465) for client submission over TLS, and require that TLS is enabled . add 465 to the allowed open ports in the firewall . change the smtp-service.json to use 465 instead of 25 note: I did not use the 'use_smtps' parameter that is available in the postfix class because it added some options that we do not want/need. Change-Id: I0040eb2dff6008a1c830d59df9963eb83dc9ea02
2013-08-15Revert "temp hack: deploy the webapp as couch user 'admin'"Micah Anderson
This reverts commit 8c038fea91adc87adf9e408c16e2f0ec9838e3d2.
2013-08-01run soledad daemon using the configured port.elijah
2013-08-01add a requirement to soledad.json that soledad service is found on a couchdbMicah Anderson
node, if it is not, it will fail to compile this requires a newer leap_cli, so I've bumped the compatibility requirement Change-Id: Ie1061798d058087126163793b216dd5938eb95a6
2013-08-01fix #3291: set the soledad port properly in the json and as a temporary ↵Micah Anderson
work-around, use the couchdb admin/passwd Change-Id: Ibb1cd8416d00552f8ca1716e42a08137a4b461aa
2013-08-01Merge branch 'feature/issue/3278' into developvarac
2013-07-31add haproxy servers to services/mx.jsonvarac
2013-07-31fix /etc/leap/mx.conf doesn't contain any user credentials (Feature #3347)varac
2013-07-30webapp - use hiera config "webapp.admins" for the list of admin usernames, ↵elijah
default to empty list.
2013-07-30added webapp.secure flag (turns on secure cookies and HSTS)elijah
2013-07-26Merge branch 'feature/mx' into developMicah Anderson
2013-07-26Merge branch 'feature/soledad' into feature/leap_mxMicah Anderson
2013-07-26added haproxy weights to webapp hiera (at haproxy.servers)elijah
2013-07-26fix cert generation bug: was creating 2024 bit keys instead of 2048 bit keys ↵elijah
by default.
2013-07-25initial soledad configurationMicah Anderson
Change-Id: I19e91887c3f8e90764b4baef8c5e29e25658e190
2013-07-25fixed provider_base/services/mx.json syntaxvarac
2013-07-25initial mx couchdb stunnel configurationMicah Anderson
2013-07-25add necessary service type to the mx.jsonMicah Anderson
2013-07-25fixed provider_base/services/mx.json syntaxvarac
2013-07-25initial mx couchdb stunnel configurationMicah Anderson
2013-07-25hiera variable mx.contact -> postfix $root_mail_recipientvarac
2013-07-25initial mx couchdb stunnel configurationMicah Anderson
2013-07-25added provider_base/services/mx.jsonvarac
2013-07-04bugfix - properly generate provider.json file.elijah
2013-07-04make sure webapps have the full domain suffix as an alias (fixes problems ↵elijah
generating zone file).
2013-07-04couchdb.json should not set service_type, since internal_service is the default.elijah
2013-07-04remove stupid bandwidth limit from default provider.jsonelijah
2013-06-25add hash for authorized_keys to common.jsonelijah
2013-06-12temp hack: deploy the webapp as couch user 'admin'elijah
2013-06-04add support for client-side collection of facter facts.elijah
2013-05-30site_sshd -- added xterm title, optional support for moshelijah
2013-05-27common.json - default all nodes to be 'enabled'elijah
2013-05-23added couch.bigcouch.neighbors to provider_base/services/couchdb.jsonvarac
2013-05-21only advertise services that are actually deployed (in public provider.json)elijah
2013-05-18added module site_nickserverelijah
2013-05-17minor - webapp api port should be integer, not string.elijah
2013-05-14added smtp-service.json, requires latest leap_clielijah
2013-04-30added soledad-service.jsonelijah
2013-04-24provider base - service definitions are now versioned (requires new leap_cli)elijah
2013-04-24updated needed couchdb users and DBsvarac
2013-04-23remove no longer used json key couchdb_hostsMicah Anderson
2013-04-23move generic couchdb host configuration from bitmask into the provider base ↵Micah Anderson
(#2016)
2013-04-18provider.json 'domain' entry should match the domain suffix of the node.elijah
2013-04-10clean up ca_daemon things, it is not used any longer because it has been ↵Micah Anderson
included in the web app (#1978) remove site_ca_daemon module and configuration in site.pp as well as the provider_base/services/ca.json
2013-04-04add Erlang Distributed Node Protocol Port json entry under bigcouchMicah Anderson
setup ednp_server and ednp_client stunnels update couchdb puppet submodule to support configurable ednp_port parameter and general module cleanup pass ednp_port to couchdb setup so that it is configured in the vm.args template clarify in comments the difference between the epmd and ednp ports remove hard-coded erlang_vm_port variable and instead setup shorewall to allow for the stunnel connection only setup dnat rules for the ednp client connections