Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-09-20 | move all resources that are applied on every node into site_config::default ↵ | varac | |
(#3782) in commit 338833, we established a relationship between all resources that have a leap_service tag, that are called in site.pp. But we had some resources as default on every node in site.pp (apt::update, Package { require => Exec['apt_updated'] }, site_config::slow and stdlib), that were still lacking any relationship to the leap_service tag. By moving them into default.pp they automatically are executed before resources with a leap_service tag. | |||
2013-09-20 | fix whitespace issues from https://review.leap.se/r/82 | varac | |
2013-09-19 | fix x509 path in webapp config.yml.erb (#3894) | varac | |
2013-09-19 | tidy soledad x509 definitions (#3841) | varac | |
2013-09-19 | tidy webapp api x509 definitions (#3840) | varac | |
2013-09-19 | tidy nickserver x509 definitions (#3842) | varac | |
2013-09-19 | webapp: Depend services on deployment of default key, cert and ca (Feature ↵ | varac | |
#3838) | |||
2013-09-19 | Depend services on deployment of default key, cert and ca (Feature #3838) | varac | |
2013-09-19 | soledad should use default key, cert and ca (Feature #3841) | varac | |
2013-09-19 | tidy openvpn x509 definitions (#3831) | varac | |
2013-09-19 | only deploy x509 stuff for nodes if it existes in hiera (Feature #3875) | varac | |
2013-09-19 | Merge branch 'develop' of ssh://code.leap.se/leap_platform into develop | varac | |
2013-09-18 | Setup a class dependency for every tag 'leap_service' to make sure that ↵ | Micah Anderson | |
shorewall is setup before the service is setup. This is necessary due to the strict initial firewall that stops various service setup operations from happening, but is relaxed once shorewall is setup properly (#3782) Change-Id: Ia9640c4118aa0053cdb99e7bc11860fed5527501 | |||
2013-09-18 | use x509 for postfix ca and fix names for cert+key (Feature #3833) | varac | |
2013-09-18 | deploy client_ca (#3833) | varac | |
2013-09-18 | openvpn should use /usr/local/share/ca-certificates/leap_ca.crt (Feature #3831) | varac | |
2013-09-17 | fix stunnel module so that code was not removed accidentally | Micah Anderson | |
Change-Id: Ia236eb5b7609d9f96970230fce4d0051d832e3cb | |||
2013-09-17 | shorewall: #2399 blocks uplink (Bug #2866) | varac | |
2013-09-17 | site_config::params::interface should contain eth1 for vagrant cause it's ↵ | varac | |
the main interface we use (#2399, #2401) | |||
2013-09-17 | update stunnel submodule commit id to correct one for new repository | Micah Anderson | |
Change-Id: I33292b9eb2a5553ac296857c99fdaf350ed52542 | |||
2013-09-17 | Merge branch 'bug/3757' into develop | Micah Anderson | |
2013-09-17 | updated submodule stunnel - include stunnel in stunnel::service ↵ | varac | |
(https://leap.se/code/issues/3861) | |||
2013-09-17 | Merge branch 'feature/3817_3836_3837_Duplicate_declarations' into develop | varac | |
2013-09-14 | ensure site_config::caching_resolver runs with tag leap_base (#3757) | Micah Anderson | |
Change-Id: I593602ff9d3486dee39227673147e137045c55c5 | |||
2013-09-14 | moved openvpn submodule back to 25f1fe8d8, like it was before | kwadronaut | |
2013-09-13 | change vcsrepo submodule url (bug #3139) | kwadronaut | |
2013-09-13 | setup stunnel config to use default x509 cert,key+ca (#3837) | varac | |
* fix stunnel setups for couchdb, mx, webapp services | |||
2013-09-13 | Deploy default x509 cert + key that services can use (Feature #3836) | varac | |
2013-09-13 | remove x509::ca for leap_ca in site_openvpn::keys and site_stunnel::stunnel ↵ | varac | |
(#3817) | |||
2013-09-13 | deploy default x509::ca leap_ca in site_config::default (#3817) | varac | |
2013-09-13 | use define instead of class for site_stunnel::setup (#3817) | varac | |
so it can be called multiple times | |||
2013-09-05 | require that shorewall is up before running bundler commands, it needs to ↵0.3.0rc1 | Micah Anderson | |
pull things from git (#3756) Change-Id: If404452c54dedb7a39a910994dc68309257d351d | |||
2013-09-05 | updated submodule apt: unattended-upgrades package cannot be installed (Bug ↵ | varac | |
#3098) | |||
2013-09-05 | Some packages are installed before refresh_apt is called (Bug #2988) | varac | |
2013-09-04 | fix initial firewall to allow outgoing lo traffic and outgoing port 443 (#3736) | Micah Anderson | |
this allows nameserver queries to the local resolver to work and clones to the leap https repository to work Change-Id: I575d08405a0c28e12c8d201a8dbc79585a5a9a48 | |||
2013-09-04 | change git repository clone URIs from git:// to https:// (#3732) | Micah Anderson | |
Change-Id: Ic700fec9cfb8e8474fb65dbdd4a1a537bf586ec9 | |||
2013-09-04 | need to test that /etc/init.d/shorewall exists before attempting to call it, ↵ | Micah Anderson | |
otherwise puppet complains (#3339) Change-Id: I7c8cc235817fe3d898157de4c4fdd8f1fe74f05a | |||
2013-09-04 | updated couchdb submodule: bigcouch nodes doesn't get registered as cluster ↵ | varac | |
members (Bug #3703) | |||
2013-09-04 | Merge branch 'bug/3339' into develop | Micah Anderson | |
2013-09-04 | fix soledad-server not being available before the leap repository has been ↵ | Micah Anderson | |
configured (#3702) Change-Id: I8a86a241c52d88b4b681a800647d7c9c7c574b8e | |||
2013-09-04 | make sure that the shorewall package is installed before trying to change ↵ | Micah Anderson | |
its configuration file (#3701) Change-Id: Ib2dad30d53e5bf7539762eb3683430b10eb875ed | |||
2013-09-04 | updated submodule couchdb: don't use couchdb::document for creating ↵ | varac | |
_security, cause this special doc doesn't have and _id (#3706) | |||
2013-09-03 | Work around for shorewall not being available at the site_config stage (#3339) | Micah Anderson | |
Change-Id: Id3138cb967f76380b7f4e22ce862a099cb47669e | |||
2013-09-03 | use check_helo_access hash:/helo_checks also for $submission_helo_restrictions | varac | |
2013-09-03 | fix $master_cf_tail format | varac | |
2013-09-03 | Sending mail fails when relaying using non-fully-qualified hostname (Feature ↵ | varac | |
#3667) | |||
2013-09-03 | Merge branch 'feature/helo_access' into develop | Micah Anderson | |
Conflicts: puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp Change-Id: I51555935f9d9409e45809d6df021b10e926ea520 | |||
2013-09-03 | add /etc/postfix/checks directory and setup a check_helo_access that allows ↵ | Micah Anderson | |
admins to have some control over problem clients connecting that present helo patterns that they wish to block (#3694) Change-Id: I159c29b6fe17e3d75b607d1a6fa82856b976c9b4 | |||
2013-09-03 | require that shorewall has been installed before execs are run (#3339) | Micah Anderson | |
Change-Id: Iae2b1cacd64565931cef77194a733aeae681efaf | |||
2013-09-03 | Without smtpd_helo_required, the helo restrictions are easily bypassed by ↵ | Micah Anderson | |
not sending a HELO (#3693) Change-Id: I6a7338136a53e16962a070826493139fa3307df7 |