Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-01-24 | swiss privacy foundation changed their nameserver IPs: ↵ | varac | |
http://www.privacyfoundation.ch/de/service/server.html | |||
2014-01-06 | install ntp on all platform nodes (Feature #4913) | varac | |
2013-12-18 | Fix for openvpn/unbound not starting at boot (#4506) | Micah Anderson | |
This change sets the sysctl net.ipv4.ip_nonlocal_bind to allow applications to bind to an address, even when the link is down. This is necessary because applications like unbound and openvpn fail to start on boot in some situations because interfaces are not fully up (due to a combination of non-deterministic booting because of the likely potential setting of allow-hotplug in the interfaces file and the LSB boot dependency on $network not being sufficient. The only down-side to setting this is a daemon could bind to an incorrect ip and we wouldn't get an error, but this would be a configuration mistake, rather than a fatal condition. Change-Id: I5c03083e8c20bb25afad85a1230f4555808d341c | |||
2013-11-27 | setup some common leap system directories: /var/lib/leap and /var/log/leap | Micah Anderson | |
Change-Id: I18aa0ee635d7166676e4bb4384e2b517784a68b0 | |||
2013-11-25 | fix bug when 'environment' is nil in hiera.yaml | elijah | |
2013-10-20 | Possibility to include local puppet recipes (Feature #3976) | varac | |
2013-10-17 | syslog: fix apt_preferences snippet to glob on both rsyslog and rsyslog-relp ↵ | Micah Anderson | |
(#4161) Change-Id: I7eaa35897da3b24833be3b2c14db99cd66b547c0 | |||
2013-10-16 | fix for rsyslog-relp being installed first, resulting in dependency errors ↵ | Micah Anderson | |
(#4161) Change-Id: I2f0bcc5b4cb5effae57051f04251aeb8b09a4c6d | |||
2013-10-16 | syslog: add rsyslog::snippet to anonymize logs | Micah Anderson | |
it is necessary to install the fixed package from the leap.se repository until it is available in wheezy-backports, so install the apt preferences to pull it from there, and add its necessary library dependency from wheezy-backports Change-Id: I379ff2ceaac1a978143715d3a7ced0011ca0d747 | |||
2013-10-16 | rsyslog: setup default local config that gets us the same config as default ↵ | Micah Anderson | |
from debian Change-Id: If07ee200e2ae0d9cfaf8e405d6354c80d77330ca | |||
2013-10-16 | vagrant: support other providers besides virtualbox (Bug #4158) | varac | |
2013-10-15 | new fallback nameservers (#4113) | varac | |
* the german privacy foundation has dissolved itself and shut down their public nameserver. we are now using the public nameserver by Digitalcourage, a german privacy organisation (https://en.wikipedia.org/wiki/Digitalcourage) * the IP for the server of the swiss privacy foundation has changed (http://www.privacyfoundation.ch/de/service/server.html) | |||
2013-10-11 | fixed issues from https://review.leap.se/r/98/ | varac | |
2013-10-11 | install ruby-dev for nickserver/webapp (#4079 + #4080) | varac | |
2013-10-11 | don't remove dev-packages on webapp node | varac | |
they are needed for building gems | |||
2013-10-11 | deploy postfix satellites on all nodes (Bug #1683) | varac | |
2013-10-03 | fix name of base class file | Micah Anderson | |
Change-Id: I844970f1c8f895d5a460d5082bfa1a2a88b32ecd | |||
2013-09-26 | create a site_config::packages directory, move site_config::base_packages to ↵ | Micah Anderson | |
site_config::packages::base add site_config::packages::gnutls for inclusion (#3955) Change-Id: I9599eb26844503613c16f57ee17d6ea7bd0cf6fb | |||
2013-09-24 | added site_config::x509::client_ca::cert and ↵ | varac | |
site_config::x509::client_ca::key for client_ca deployment (#3917) | |||
2013-09-24 | move commercial x509 deployment to site_x509 (Feature #3889) | varac | |
2013-09-24 | seperate cert and key deployment (#3918) | varac | |
2013-09-20 | Merge branch 'feature/3782_Discuss_run_stages_on_deploy' into develop | varac | |
2013-09-20 | move all resources that are applied on every node into site_config::default ↵ | varac | |
(#3782) in commit 338833, we established a relationship between all resources that have a leap_service tag, that are called in site.pp. But we had some resources as default on every node in site.pp (apt::update, Package { require => Exec['apt_updated'] }, site_config::slow and stdlib), that were still lacking any relationship to the leap_service tag. By moving them into default.pp they automatically are executed before resources with a leap_service tag. | |||
2013-09-19 | webapp: Depend services on deployment of default key, cert and ca (Feature ↵ | varac | |
#3838) | |||
2013-09-19 | tidy openvpn x509 definitions (#3831) | varac | |
2013-09-19 | only deploy x509 stuff for nodes if it existes in hiera (Feature #3875) | varac | |
2013-09-18 | deploy client_ca (#3833) | varac | |
2013-09-18 | openvpn should use /usr/local/share/ca-certificates/leap_ca.crt (Feature #3831) | varac | |
2013-09-17 | shorewall: #2399 blocks uplink (Bug #2866) | varac | |
2013-09-17 | site_config::params::interface should contain eth1 for vagrant cause it's ↵ | varac | |
the main interface we use (#2399, #2401) | |||
2013-09-17 | Merge branch 'bug/3757' into develop | Micah Anderson | |
2013-09-14 | ensure site_config::caching_resolver runs with tag leap_base (#3757) | Micah Anderson | |
Change-Id: I593602ff9d3486dee39227673147e137045c55c5 | |||
2013-09-13 | Deploy default x509 cert + key that services can use (Feature #3836) | varac | |
2013-09-13 | deploy default x509::ca leap_ca in site_config::default (#3817) | varac | |
2013-09-04 | fix initial firewall to allow outgoing lo traffic and outgoing port 443 (#3736) | Micah Anderson | |
this allows nameserver queries to the local resolver to work and clones to the leap https repository to work Change-Id: I575d08405a0c28e12c8d201a8dbc79585a5a9a48 | |||
2013-09-04 | need to test that /etc/init.d/shorewall exists before attempting to call it, ↵ | Micah Anderson | |
otherwise puppet complains (#3339) Change-Id: I7c8cc235817fe3d898157de4c4fdd8f1fe74f05a | |||
2013-09-03 | Work around for shorewall not being available at the site_config stage (#3339) | Micah Anderson | |
Change-Id: Id3138cb967f76380b7f4e22ce862a099cb47669e | |||
2013-09-03 | require that shorewall has been installed before execs are run (#3339) | Micah Anderson | |
Change-Id: Iae2b1cacd64565931cef77194a733aeae681efaf | |||
2013-08-27 | fix name of initial_firewall.pp file (#3339) | Micah Anderson | |
Change-Id: I341628d0f36225ce49ae301246e7c152553efcae | |||
2013-08-22 | install a preliminary firewall that blocks everything, except ssh for the ↵ | Micah Anderson | |
cases when shorewall doesn't properly come up, ensuring that it fails safe (#3339) Change-Id: Id4f0bf6cf25f420aa2ad67635b37ae95f54e3d38 | |||
2013-08-14 | vagrant: Install squid-deb-proxy on clients (optional) (Feature #3330) | varac | |
squashed commits: site_squid_deb_proxy::client: include shorewall::rules::mdns for avahi discovery added submodule squid_deb_proxy from git://code.leap.se/puppet_squid_deb_proxy updated submodule squid_deb_proxy use squid_deb_proxy::client | |||
2013-07-31 | Revert "Site_webapp/Try::File: Could not find command 'git' (Bug #3202)" | varac | |
This reverts commit 9e83de3497ec55f4910de099917387d500b8f4b4. | |||
2013-07-31 | Site_webapp/Try::File: Could not find command 'git' (Bug #3202) | varac | |
2013-07-17 | default to false for $hosts | elijah | |
2013-07-11 | changes to support restrictive permissions for /etc/leap. this is required ↵ | elijah | |
to work with the latest leap_cli. | |||
2013-07-10 | ensure that /etc/hosts is output deterministically, so that content does not ↵ | elijah | |
change each time you deploy. | |||
2013-07-03 | Merge branch 'bug/1983' into leap | Micah Anderson | |
2013-07-02 | create a site_config subclass for package installation and removal add ↵ | Micah Anderson | |
packages that we want to make sure are installed remove packages that were found on vagrant and PC installations that have no business being there Change-Id: I4887a327ca89eb60945ad817a75ff199859824d3 | |||
2013-07-02 | deleted bind9 purging, it was only needed for the transition from bind to ↵ | varac | |
unbound | |||
2013-07-01 | restart stunnels if /etc/hosts is changed (#3031) | Micah Anderson | |
Due to the fact that /etc/hosts is modified in the early stage setup.pp run and the stunnel service is not deployed on an initial puppet run, we cannot simply override the Service['stunnel'] but instead need to trigger a restart through an exec calling the init script that first tests to see if it is present. Change-Id: I6bf5dfece9ecbdb8319747774185dec50d5a55f6 |