leap_platform.git - [leap

Age	Commit message (Collapse)	Author
2013-09-04	updated couchdb submodule: bigcouch nodes doesn't get registered as cluster ↵	varac
	members (Bug #3703)
2013-09-04	Merge branch 'bug/3339' into develop	Micah Anderson

2013-09-04	fix soledad-server not being available before the leap repository has been ↵	Micah Anderson
	configured (#3702) Change-Id: I8a86a241c52d88b4b681a800647d7c9c7c574b8e
2013-09-04	make sure that the shorewall package is installed before trying to change ↵	Micah Anderson
	its configuration file (#3701) Change-Id: Ib2dad30d53e5bf7539762eb3683430b10eb875ed
2013-09-04	updated submodule couchdb: don't use couchdb::document for creating ↵	varac
	_security, cause this special doc doesn't have and _id (#3706)
2013-09-03	Work around for shorewall not being available at the site_config stage (#3339)	Micah Anderson
	Change-Id: Id3138cb967f76380b7f4e22ce862a099cb47669e
2013-09-03	use check_helo_access hash:/helo_checks also for $submission_helo_restrictions	varac

2013-09-03	fix $master_cf_tail format	varac

2013-09-03	Sending mail fails when relaying using non-fully-qualified hostname (Feature ↵	varac
	#3667)
2013-09-03	Merge branch 'feature/helo_access' into develop	Micah Anderson
	Conflicts: puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp Change-Id: I51555935f9d9409e45809d6df021b10e926ea520
2013-09-03	add /etc/postfix/checks directory and setup a check_helo_access that allows ↵	Micah Anderson
	admins to have some control over problem clients connecting that present helo patterns that they wish to block (#3694) Change-Id: I159c29b6fe17e3d75b607d1a6fa82856b976c9b4
2013-09-03	require that shorewall has been installed before execs are run (#3339)	Micah Anderson
	Change-Id: Iae2b1cacd64565931cef77194a733aeae681efaf
2013-09-03	Without smtpd_helo_required, the helo restrictions are easily bypassed by ↵	Micah Anderson
	not sending a HELO (#3693) Change-Id: I6a7338136a53e16962a070826493139fa3307df7
2013-09-02	disable postfix debugging by default	varac

2013-09-02	create all webapp databases so _security is set (fixes 3517)	Azul

2013-09-02	specify RAILS_ENV when calling bundle assets-precompile (fixes #3638)	Azul
	We currently disable the billing gem in production while it's on in development and test. Therefore bundler will not install its dependencies - in particular the braintree gem when deploying. Since the RAILS_ENV was not specified rake was called with the default of 'development'. It therefore tried to load the development gems and failed when looking for 'braintree'. Specifying the production RAILS_ENV fixes this. It looks like we'll always need to specify RAILS_ENV when calling rake or we might want to export it to the environment in a separate task or the user config files such as .bashrc
2013-08-31	postfix enable submission port using starttls, so the client can transition ↵	Micah Anderson
	to the more restrictive TLS wrapper mode Change-Id: I2a1728788378d9a1b79155ddb9bb4b0464b16baa
2013-08-31	change the master.cf_tail to pull in -o ↵	Micah Anderson
	smtpd_recipient_restrictions=$smtps_recipient_restrictions from main.cf, allowing us to setup specific restrictions for the smtps port move permit_tls_all_clientcerts from the smtpd_data_restrictions and smtpd_recipient_restrictions to only be in smtps_recipient_restrictions make a note about the permit_tls_all_clientcerts being something that we don't want in the future remove check_sender_access check which was doing an unnecessary lookup Change-Id: If9101512e42f7cd82c0e06543cef696d6063f8dc
2013-08-30	updated submodule couchdb: couchdb: update_user_webapp fails (Bug #3611)	varac

2013-08-30	create sessions db with puppet (Bug #3597)	varac

2013-08-29	Merge branch 'feature/3604' into develop	Micah Anderson

2013-08-29	Merge branch 'bug/3612' into develop	Micah Anderson

2013-08-29	Make TLS-required smtps (465) be port for sending SMTP. This is preferred ↵	Micah Anderson
	over 25 because that is typically blocked, and we cannot force TLS on that port due to other MTAs not being configured for this century. We don't use submission (568) because that uses STARTTLS, and the STARTTLS banner can easily be stripped by an adversary. (#3604) . enable smtps (port 465) for client submission over TLS, and require that TLS is enabled . add 465 to the allowed open ports in the firewall . change the smtp-service.json to use 465 instead of 25 note: I did not use the 'use_smtps' parameter that is available in the postfix class because it added some options that we do not want/need. Change-Id: I0040eb2dff6008a1c830d59df9963eb83dc9ea02
2013-08-29	create individual classes for the apache modules so they can be included ↵	Micah Anderson
	more than once in different locations, depending on what services are configured on a node (#3612) Change-Id: Iff064d3d67baa132fb5198fea741522ab4e71770
2013-08-29	change the name of the couch_database in the nickserver.yaml to the new one	Micah Anderson
	Change-Id: I5fe6912f3774ae87c595ca1dcac60a61e24de9e5
2013-08-29	updated submodule couchdb, fixed merge resolution error from last merge	varac

2013-08-29	updated submodule couchdb, fix puppet couchdb module doesn't create ↵	varac
	necessary databases anymore (Bug #3594)
2013-08-29	fix smtpd mail restrictions (Feature #3166)	varac

2013-08-29	Deploy postfix with an empty main.cf as beginning (Feature #3584)	varac

2013-08-29	re-added submodule postfix from git://code.leap.se/puppet_postfix (#3584)	varac

2013-08-29	removed submodule "puppet/modules/postfix" (url: ↵	varac
	git://labs.riseup.net/shared-postfix)
2013-08-28	SMTP checks (Feature #2304)	varac

2013-08-28	Merge branch 'feature/3579' into develop	Micah Anderson

2013-08-28	Merge branch 'bug/3491' into develop	Micah Anderson

2013-08-28	apache headers module needs to be enabled on the monitor server (#3462)	Micah Anderson
	Change-Id: Ia4e36e9cb2b37172a148c209c5c07b9eca59d89e
2013-08-28	Merge branch 'feature/clean-webapp-deploy' into develop	Azul

2013-08-28	updated submodule stdlib to obtain facts that show netmask in cidr notation	varac

2013-08-28	require VCS repo before git assume-unchanged (feature #1608)	Azul

2013-08-28	integrate manual postfix config changes in puppet (Feature #3538)	varac

2013-08-28	added site_postfix::debug for debugging (#3538)	varac

2013-08-27	setup bigcouch logrotation (#3491)	Micah Anderson
	Change-Id: Ia35cf7a9fc1d0fad6a57bbae73968ab6b8f0c847
2013-08-27	now that soledad has been split we can better organize things (#3579)	Micah Anderson
	. create a soledad::common class . leap-mx now only needs to include soledad-common . move the site_apt::preferences::twisted to a preferences block inside the soledad server class . make sure that the packages are doing 'ensure => latest' instead of installed Change-Id: Ifa978e831cdc8835666b27322a6e068d67251f5d
2013-08-27	fix name of initial_firewall.pp file (#3339)	Micah Anderson
	Change-Id: I341628d0f36225ce49ae301246e7c152553efcae
2013-08-27	Merge branch 'develop' of ssh://code.leap.se/leap_platform into develop	varac

2013-08-27	tor service:obfuscate contact email addr (Feature #3479)	varac

2013-08-27	updated submodule stdlib to obtain 'obfuscate_email' function (#3479)	varac

2013-08-27	move git::changes into git module, whitespace fix	Azul

2013-08-27	specify cwd when using git:changes	Azul

2013-08-27	git:changes expect changes to certain files	Azul
	You can either ensure assume-unchanged or ensure those changes are tracked. Used to keep the git status clean.
2013-08-27	make git forget about the changes due to symlinking files	Azul
	Git normally tracks the dummy files we replace with symlinks. So we tell it to ignore these changes on deploy.