Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-09-19 | Depend services on deployment of default key, cert and ca (Feature #3838) | varac | |
2013-09-19 | tidy openvpn x509 definitions (#3831) | varac | |
2013-09-19 | only deploy x509 stuff for nodes if it existes in hiera (Feature #3875) | varac | |
2013-09-19 | Merge branch 'develop' of ssh://code.leap.se/leap_platform into develop | varac | |
2013-09-18 | Setup a class dependency for every tag 'leap_service' to make sure that ↵ | Micah Anderson | |
shorewall is setup before the service is setup. This is necessary due to the strict initial firewall that stops various service setup operations from happening, but is relaxed once shorewall is setup properly (#3782) Change-Id: Ia9640c4118aa0053cdb99e7bc11860fed5527501 | |||
2013-09-18 | openvpn should use /usr/local/share/ca-certificates/leap_ca.crt (Feature #3831) | varac | |
2013-09-13 | remove x509::ca for leap_ca in site_openvpn::keys and site_stunnel::stunnel ↵ | varac | |
(#3817) | |||
2013-07-23 | fix linting error | Micah Anderson | |
Change-Id: I975e1bd480d756a85e556b440a0e28e3899c9af8 | |||
2013-07-16 | lint site_openvpn manifests | Micah Anderson | |
Change-Id: I314031d93aa9f4a0f217680870678e39c096d46a | |||
2013-07-09 | use file_line from stdlib instead of line, now both ↵ | varac | |
vpn_unlimited_tcp_resolver and vpn_unlimited_udp_resolver are included | |||
2013-07-04 | more robust openvpn restarting | Micah Anderson | |
this ensures that an actual restart is run on the service when config files are added or removed, instead of relying on the status parameter of the initscript, which can be confused if config files are removed out from under it Change-Id: I1c69fff26933338b707acf7dc4593547f32f92e3 | |||
2013-05-16 | special casing for pistoncloud/openstack/ec2 | Micah Anderson | |
2013-04-30 | setup a site_config::params class that can be used to set some common ↵ | Micah Anderson | |
variables that are used in different places to start with we setup the $interface variable, based on logic as defined in #2213 change the various places that were looking up this value to use site_config::params::interface instead | |||
2013-03-29 | fixed site_openvpn bug with redefined variable. | elijah | |
2013-03-17 | added support for "limited" service levels (although vpn is not yet actually ↵ | elijah | |
rate limited). | |||
2013-02-27 | openvpn -- added support for optional "free" rate-limited service via ↵ | elijah | |
special client certificates with the FREE prefix in the common name. | |||
2013-02-26 | require that the package unbound be installed before trying to write to its | Micah Anderson | |
configuration file, this addresses issue #1853 - [vpn1] err: /Stage[main]/Site_openvpn::Resolver/Line[add_tcp_resolver]/Exec[echo 'server: include: /etc/unbound/conf.d/vpn_tcp_resolver' >> '/etc/unbound/unbound.conf']/returns: change from notrun to 0 failed: echo 'server: include: /etc/unbound/conf.d/vpn_tcp_resolver' >> '/etc/unbound/unbound.conf' returned 2 instead of one of [0] at /srv/leap/puppet/modules/common/manifests/defines/line.pp:45 | |||
2013-02-21 | linted a bit | varac | |
2013-02-21 | linted | varac | |
2013-02-21 | linted | varac | |
2013-01-31 | tag 'base' is a bad idea because it invokes apache::base as well | varac | |
2013-01-31 | Merge branch 'develop' of ssh://leap.se/leap_platform into develop | elijah | |
2013-01-31 | added /etc/openvpn/ca_bundle.pem in order to allow multiple CA certs to be used. | elijah | |
2013-01-31 | tag 'service' for all service classes | varac | |
2013-01-30 | linted | varac | |
2013-01-29 | added support for client ca cert in site openvpn. | elijah | |
2013-01-29 | fix variable name for re-ordered fact | Micah Anderson | |
2013-01-29 | fix variable scoping | Micah Anderson | |
2013-01-29 | fix syntax error from enclosing variables in curly | Micah Anderson | |
2013-01-29 | enclose the variables in curly braces, as recommended by puppet-lint | Micah Anderson | |
2013-01-29 | add a new fact that provides a fact for each configured ip address, telling you | Micah Anderson | |
which interface has it (essentially the inverse of the ipaddress_${interface} fact). Switch the hiera lookups of the $interface, which was pulling from the .json to pull instead from the above fact, see #1547 and #1548 | |||
2013-01-17 | notify unbound when these configuration files change | Micah Anderson | |
2013-01-17 | fix typo in cidr variable name | Micah Anderson | |
2013-01-17 | change to using the CIDR notation for unbound access list | Micah Anderson | |
2013-01-17 | fully qualify the variables that are used in the vpn gateway resolver | Micah Anderson | |
2013-01-17 | unfortunately the version of unbound that is in wheezy does not support wildcard | Micah Anderson | |
include directives, so this commit works around this by doing something less elegant than before. When we have the newer unbound available, we should switch to that method instead. | |||
2013-01-17 | fix unbound access control | Micah Anderson | |
2013-01-16 | setup openvpn gateway resolver to listen on the udp/tcp virtual network ips so | Micah Anderson | |
that queries can be made from clients on the vpn | |||
2013-01-16 | update unbound submodule to fix infinite service restart problem | Micah Anderson | |
2013-01-16 | setup site_unbound with a basic caching-only configuration and include that on | Micah Anderson | |
the openvpn gateway (see #1172) | |||
2013-01-16 | remove unnecessary include that was left over from ↵ | Micah Anderson | |
c2d57624c15dfaff038f9991f04ade46b5ad1d40: | |||
2012-12-10 | openvpn: use x509 module to deploy certs (fixes #1064) | varac | |
2012-11-23 | enable ip_forwarding #1029 | varac | |
2012-11-23 | openvpn -- enforce certain cipher choices on the server | elijah | |
2012-11-22 | clean up openvpn and x509 paths | elijah | |
2012-11-22 | deploy openvpn server.crt and server.key | varac | |
2012-11-21 | move site_config::eip to site_openvpn (Feature #943) | varac | |
2012-11-21 | hiera variable for openvpn dh parameters changed | varac | |
2012-10-30 | prettyfying | varac | |
2012-10-29 | no need for server-up.sh right now | varac | |