summaryrefslogtreecommitdiff
path: root/provider_base
AgeCommit message (Collapse)Author
2014-04-05openvpn: allow for configurable keepalive (aka ping & ping-restart) closes ↵elijah
https://leap.se/code/issues/4127
2014-04-04Merge branch '0.5' into developMicah Anderson
Conflicts: provider_base/services/tor.json Change-Id: I826579945a0d93c43384f0fd12c9833762b084cf
2014-04-02Merge pull request #20 from elijh/feature/openvpn-configvarac
allow ability to customize openvpn security options
2014-04-01Fix for Openstack/Amazon special case needing to allow ec2_public_ipv4Micah Anderson
in mynetworks (#5427) Change-Id: Iee954f8cacd852f8c7c598c68a8793a3523c0132
2014-04-01Include all the ips that are allowed to send mail through the relay inMicah Anderson
the mynetworks parameter. Previously we only allowed other mx servers to relay to each other, but this prevents system mail from non-mx nodes from getting out. Fixes "Helo command rejected: You are not in domain bitmask.net (in reply to RCPT TO command))" (#5343) Change-Id: I5e204958cb235808eedc3a1724fb2dc6c7a5b73b
2014-03-26contacts.tor must be an arrayelijah
2014-03-23modules/site_static: part 1 - amberelijah
2014-03-20allow ability to customize openvpn security stuff: tls-cipher, auth, and ↵elijah
cipher config options.
2014-03-14added support for environment specific providers (e.g. ↵elijah
provider.production.json). requires latest leap_cli.
2014-02-27Merge branch 'webapp_check' into 0.6varac
2014-02-27Merge branch 'one_monitornode_rules_them_all' into 0.6varac
2014-02-27fixed more places where passwords were set to the wrong environment.elijah
2014-02-27fixed more places where passwords were set to the wrong environment.elijah
2014-02-27include nagios_test user credentials in webapp hiera filesvarac
2014-02-27provide nagios_test_pw in hiera filesvarac
2014-02-27new monitor hosts rule: local environment monitors just see local machines, ↵elijah
other monitors see the nodes from all environments (except local)
2014-02-27fixed horrible bug that caused all environments to use the same couchdb ↵elijah
soledad password.
2014-02-27fixed horrible bug that caused all environments to use the same couchdb ↵elijah
soledad password.
2014-02-12include monitor node also into nagios hash so check-mk-agent can run on ↵varac
monitor host itself via ssh to localhost (requires latest leap_cli)
2014-02-12include monitor node into hosts hash so check-mk-agent can run on monitor ↵varac
host itself via ssh to localhost (requires latest leap_cli)
2014-02-10Merge remote-tracking branch 'elijah/feature/known_hosts' into 4982_check_mkvarac
Conflicts: platform.rb
2014-02-09deploy a valid /etc/ssh/ssh_known_hosts for all nodes (requires new leap_cli)elijah
2014-02-07Merge remote-tracking branch 'origin/develop' into 4982_check_mkvarac
Conflicts: platform.rb provider_base/services/monitor.json
2014-02-07monitor nodes get all nodes listed in /etc/hostselijah
2014-02-06added support for monitor ssh keys (requires latest leap_cli)elijah
2014-02-06move leap_webapp.conf template to common.conf which is included by the ↵varac
nagios and webapp node (#5096)
2014-01-02added support for minimum client version checkingelijah
2013-12-19Set mynetworks to include any mx server in the provider to allow them to0.5.0rc1Micah Anderson
Helo as the domain (#4495) Change-Id: I6c8ac28faceb8b0c6129a606ede04837efd3d261
2013-12-18set x509 use to true for all nodes, we need a cert for relaying usingMicah Anderson
TLS (#1910) Change-Id: I347178f2a172e4be6af8c0c76d801b3c769235cd
2013-11-28fix soledad couchdb hiera variables, part iiMicah Anderson
Change-Id: Ie0028056767358c4fe6796edd5ba4435e86a0cb3
2013-11-28fix soledad couchdb hiera variablesMicah Anderson
Change-Id: I0882fc993b407eddc40c03838050d42c0443bd3d
2013-11-28remove leap_mx admin user and fix leap_mx couchdb hiera variablesMicah Anderson
Change-Id: I052576279d8a47313cd99412fdd7b715daa73374
2013-11-28remove nickserver admin user, and fix nickserver couchdb hiera variablesMicah Anderson
Change-Id: I5bdb6b946becdc95cadc92651c06e66b826e2698
2013-11-28remove admin access from nickserverMicah Anderson
Change-Id: If7fff4c2b839cef5807ee8cee1355aea4dc719a8
2013-11-28remove admin access from soledadMicah Anderson
Change-Id: I7c516c6a4ba26d2c5cebe19a9bff66eae3bd430f
2013-11-27add the tapicero couchdb user, and appropriate rolesMicah Anderson
Change-Id: I41e9a73c8d04d5a2d74b41c8e32aca9906f3a4cf
2013-11-27add nickserver couchdb user, set it to have 'identities' roleMicah Anderson
Change-Id: I06723ccf2ba040204e9fc5256c99a1faad6abb5f
2013-11-27add leap_mx couchdb user/passwordMicah Anderson
Change-Id: Ice83115e0feabddd40ad74c2a6e98e24da9b4c2f
2013-11-27pretty reformat couchdb.json and site_couchdb/manifests/init.pp, ↵Micah Anderson
alphabetizing couchdb users Change-Id: I88264d32e9381f826652d1631083ba371e2b1b54
2013-11-22improvements to webapp deployment: allow for greater customization, allow ↵elijah
for custom git source, improve apache config.
2013-11-22added custom index.htmlelijah
2013-11-01Change SMTP port to 465 in smtp-service.json (Feature #4339)varac
2013-10-15produce a hash for nagios.hostselijah
2013-10-10added mail.smarthost variable to hieravarac
2013-10-10provide global.provider.contacts.default on every node, no need to add in ↵varac
services/mx.json again
2013-09-21ensure that contacts.default is an array, and is required (requires latest ↵elijah
leap_cli).
2013-09-20use newer haproxy_servers macro in order to allow couchdb and webapp to be ↵elijah
on the same node (requires latest leap_cli)
2013-09-18Include content of client_ca.crt and client_ca.key in hiera (Feature #3874)varac
2013-08-31postfix enable submission port using starttls, so the client can transition ↵Micah Anderson
to the more restrictive TLS wrapper mode Change-Id: I2a1728788378d9a1b79155ddb9bb4b0464b16baa
2013-08-29Make TLS-required smtps (465) be port for sending SMTP. This is preferred ↵Micah Anderson
over 25 because that is typically blocked, and we cannot force TLS on that port due to other MTAs not being configured for this century. We don't use submission (568) because that uses STARTTLS, and the STARTTLS banner can easily be stripped by an adversary. (#3604) . enable smtps (port 465) for client submission over TLS, and require that TLS is enabled . add 465 to the allowed open ports in the firewall . change the smtp-service.json to use 465 instead of 25 note: I did not use the 'use_smtps' parameter that is available in the postfix class because it added some options that we do not want/need. Change-Id: I0040eb2dff6008a1c830d59df9963eb83dc9ea02