Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-10-29 | added webapp.forbidden_usernames property to allow configuration of ↵ | elijah | |
usernames to block. | |||
2014-10-29 | Merge "upgrade unattended-upgrades on deploy (#6245)" into develop | micah anderson | |
2014-10-28 | upgrade unattended-upgrades on deploy (#6245) | Micah Anderson | |
unattended-upgrades is not able to upgrade itself in certain situations, such as when the conffile prompt is generated due to the config being changed. We want to set this package as latest in the platform so that it is upgraded on every deploy (we deploy the config anyway). Change-Id: I8c99bfb1b001079f0e1a4ffbf048e0e867633335 | |||
2014-10-27 | Change stunnel default sslversion to be TLSv1, instead of the default | Micah Anderson | |
SSLv3 (#6261) Change-Id: I7ab5a6455e434f8359169d31febed8b92f84bbcc | |||
2014-10-22 | Merge "modify the leap repository contents so they pick the correct ↵ | Varac | |
repository, based on the hiera value 'major_version' (#6251)" into develop | |||
2014-10-21 | modify the leap repository contents so they pick the correct repository, | Micah Anderson | |
based on the hiera value 'major_version' (#6251) Change-Id: I10532ef83e3aa2d35d9c0be241952a35e366bba4 | |||
2014-10-21 | implement custom puppet support (#6201, #6226) | Micah Anderson | |
change puppet command to include in the --modulepath /srv/leap/files/puppet/modules If a provider places puppet code under files/puppet it will be sync'd over to all the nodes, once leap cli #6225 is merged. The custom puppet entry point is in class 'custom' which can be put into files/puppet/modules/custom/manifests/init.pp Change-Id: I74879c6ee056b03cd4691aa81a7668b60383bdad | |||
2014-10-15 | Disable SSLv3, and RC4 ciphers | Micah Anderson | |
Change-Id: I7214aa4334e3d817dd1b6d8dce43523e3d955b5d | |||
2014-10-08 | include different nagios::defaults classes manually (#5216) | varac | |
nagios::defaults will include nagios::defaults::hostgroups which add "all" and "centos_servers" hostgroups which we don't want. Change-Id: If42faa11c167fb7305ebbb21dc358a8813afaa25 | |||
2014-10-08 | every environment is defined as nagios hostsgroup (#5216) | varac | |
Change-Id: I6508ce0d06b37a1c5601a0e981a59f7fda47f76a | |||
2014-10-05 | Merge remote-tracking branch 'cz8s/fix_iptables_proxy_forbidden' into develop | Micah Anderson | |
2014-09-25 | allow all outgoing traffic | Christoph Kluenter | |
as discussed on #leap | |||
2014-09-25 | Use member function instead of regexp to check services array | irregulator | |
2014-09-25 | remove /etc/apt/preferences.d/fixed_rsyslog_anon_package (#6138) | varac | |
This was a leftover from earlier versions, where we installed rsyslog from the leap debian package repo. Change-Id: I88a852f08b5aff3bd7b591b6220ac354463a9786 | |||
2014-09-25 | stop logging user-agent in apache, fixes #6129 | Micah Anderson | |
Change-Id: I66384ae4a723be063790362f70e57228a0f1539b | |||
2014-09-17 | allow outgoing port 3142 for apt-cacher proxy | Christoph | |
2014-09-17 | update rsyslog module to fix #6019 | Micah Anderson | |
Change-Id: I8c64a0c530d44e55963060d52d31a0da1a88615c | |||
2014-09-17 | Increase wait-for-couch timeout (Bug #3735) | varac | |
Site_couchdb::Bigcouch::Settle_cluster/Exec[wait_for_couch_nodes] waits 60s for all nodes to be member of the cluster. Because we deploy to multiple nodes in parallel, not all nodes are ready at the same time, so we increased the timeout from 60s to 120s. | |||
2014-09-03 | Merge branch 'master' into develop | varac | |
Conflicts: platform.rb puppet/modules/site_config/manifests/hosts.pp | |||
2014-08-28 | syslog logs everything but webapp FIX #6020 | guido | |
2014-08-26 | Fix Tapicero not starting after first deploy (#6004) | varac | |
Added a dependency on the couchdb "tapicero" user to get created before starting the tapicero daemon. | |||
2014-08-22 | FQDN should come first in /etc/hosts | varac | |
fixes /etc/hosts: wrong order (Bug #5835) (now for real) before, /etc/hosts contained i.e. 127.0.1.1 plain1 plain1.bitmask.net plain1.bitmask.i which resulted in no fqdn reported both by "hostname -f" and "facter fqdn" this fix produces this order which is needed to report a fqdn: 127.0.1.1 plain1.bitmask.net plain1 plain1.bitmask.i | |||
2014-08-21 | Fix starting tapicero when it is not running (#6004)0.5.3 | Micah Anderson | |
Due to how tapicero's initscript is made, it is not possible to check for a valid exit code for the status (it returns a zero when it is not running). So we disable the puppet 'hasstatus' parameter and instead puppet will look in the process table for 'tapicero' Change-Id: I9b017ea8055c0207e43876dd4e3bbc2619c0fd35 | |||
2014-08-21 | Fix "Nagios ssh check is automatically added by the ssh module and cantains ↵ | varac | |
a wrong hostname on single node setup (Bug #5998)" before, the ssh module added this check, resulting in a wrong hostname and the port was always '22'. manage_nagios parameter is boolean, so we use false instead of 'no' manually add check_ssh to nagios (#5998) | |||
2014-08-05 | Fixes: #5952 Webapp now logs to it's own file instead of syslog and user.log | guido | |
2014-08-01 | Merge branch 'feature/replication-in-tapicero-security' into develop | Azul | |
2014-08-01 | minor: fix typo in webapp config | Azul | |
@provider -> @webapp | |||
2014-07-30 | add replication role to user databases with tapicero | Azul | |
This way the replication has read access on the source and write access on the target. | |||
2014-07-29 | Merge remote-tracking branch 'fbernitt/issue_5217_allow_registration' into ↵ | Azul | |
develop | |||
2014-07-15 | haproxy default to couch_write, couch_read on GET | Azul | |
METH_POST probably does not catch PUT, DESTROY etc. So instead we now use the master as the default and only use the replications for GET and HEAD requests. | |||
2014-07-14 | proper json for tapicero config | Azul | |
2014-07-14 | update couchdb puppet module | Azul | |
2014-07-11 | Added allow_registration to webapp config.yml. | Folker Bernitt | |
- See issue #5217 - See companion change in leap_web | |||
2014-07-01 | Use new macro pick_node to pick vpn gateway for obfsproxy.json | irregulator | |
2014-07-01 | Check appropriately if obfsproxy is included in services | irregulator | |
2014-07-01 | Add apt preferences requirement for obfsproxy package resource | irregulator | |
2014-07-01 | Add User resource requirement for obfsproxy service, log, etc dir | irregulator | |
2014-07-01 | Remove unneeded newlines from obfsproxy.conf | irregulator | |
2014-07-01 | Explicitly set apt preferences for obfsproxy to wheezy-backports | irregulator | |
2014-07-01 | Make obfsproxy daemon bind to specific address rather than 0.0.0.0 | irregulator | |
If obfsproxy is spawned alongside eip service, make it listen to the gateway_adress IP. If obfsproxy is running standalone listen to ip_address. | |||
2014-07-01 | Remove initscript subscription to conf file | irregulator | |
2014-07-01 | Move log files to var/log instead of var/log/obfsproxy | irregulator | |
2014-07-01 | Subscribe obfsproxy service resource to conf file | irregulator | |
2014-07-01 | Simplify init script, let puppet service resource use init status | irregulator | |
2014-07-01 | Change logrotate's frequency and number of log files to keep | irregulator | |
2014-07-01 | Be able to specify log_level parameter for obfsproxy | irregulator | |
log_level sets minimum logging severity of obfsproxy daemon, can be error, warning, info, debug. Defaults to info. | |||
2014-07-01 | Address logging for obfsproxy daemon | irregulator | |
Create obfsproxy directory in /var/log, specify log file when obfsproxy is spawned by init script, create a logrotate configuration for obfsproxy's logs. | |||
2014-07-01 | Line up equal signs, change double to single quotes | irregulator | |
2014-07-01 | Remove commented lines from obfsproxy puppet module class | irregulator | |
2014-07-01 | Remove commented lines from init script status section | irregulator | |