Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-04-24 | make sure concat fragments are put together before the openvpn service | Micah Anderson | |
is run, otherwise the openvpn service is restarted before config files are deployed (#4154) Change-Id: Ide38615714c1978bb90237986baea530c54153c3 | |||
2014-04-24 | update indentation to be standard | Micah Anderson | |
Change-Id: Ic0ac3a7e6c9ce0e5f95bab023dbbf890c31d9e1c | |||
2014-04-17 | update couchdb submodule to get fix for timing issue that caused 409 ↵0.5.0 | Micah Anderson | |
Conflicts in certain situations (#5523) Change-Id: I1ca67e317a7eb84f64cb7b79daa2e500f0561707 | |||
2014-04-17 | change class instantiating to be includes and organizing things in the | Micah Anderson | |
class to be more visually logical (#5269, #4590, #3712) Change-Id: I58c28c3bc62e67b25f33da3378e8146110471613 | |||
2014-04-17 | Change couchdb ordering hints (#5269, #4590, #3712): | Micah Anderson | |
. make the couchdb service start after the stunnels have been setup. This may improve the cluster membership coming online faster . replace the two Couchdb::Create_db ordering hints (for the 'users' and 'tokens' databases) with a generic Class['site_config::create_dbs'] hint. This makes it so we get the ordering hint for all databases, which we were not before, without having to individually list them . replace the two Couchdb::Add_user ordering hints (for the $couchdb_webapp_user and the $couchdb_soledad_user) with a generic ordering hint for Class['site_couchdb::add_users'] ordering hint. This makes it so we get the ordering hint for all the users, which we were not before, without having to individually list them Change-Id: Ia63e62d68d24e77a49d4ef928a2a8130ab7bccb9 | |||
2014-04-17 | add exec resources to run the couchdb tests to wait for nodes and | Micah Anderson | |
cluster membership to settle, before attempting any operations (#5269, #4590, #3712) Change-Id: Ic9826dda1c242e705ce85ae218766496bdd8ecbd | |||
2014-04-15 | configure couchdb after starting shorewall (#53) | varac | |
2014-04-15 | Merge branch 'develop' of ssh://code.leap.se/leap_platform into develop | varac | |
2014-04-15 | fix concat::setup (#5503) | varac | |
2014-04-12 | make the soledad service subscribe to package changes, cert and key changes ↵ | Micah Anderson | |
(#5499) Change-Id: Ia0efb4c129a71504a717c20e2e260a1ed83f2223 | |||
2014-04-10 | #5315 update soledad design docs | Azul | |
2014-04-10 | Merge branch '0.6' into develop | varac | |
2014-04-10 | fix check_mk resource dependency deploy errors (Bug #5272) | varac | |
2014-04-06 | better system for optionally uninstalling build-essential package closes ↵ | kwadronaut | |
https://leap.se/code/issues/5426 Merge branch 'bugfix/buildessential' of https://github.com/elijh/leap_platform into elijh-bugfix/buildessential | |||
2014-04-05 | openvpn: allow for configurable keepalive (aka ping & ping-restart) closes ↵ | elijah | |
https://leap.se/code/issues/4127 | |||
2014-04-05 | better system for optionally uninstalling build-essential package. closes ↵ | elijah | |
https://leap.se/code/issues/5426 | |||
2014-04-05 | update site_static to work with new amber and have better tls ciphers | elijah | |
2014-04-04 | Merge branch '2993_setup_subclass' into 0.6 | varac | |
2014-04-02 | Force satellite hosts that only speak to relayhost to have a | Micah Anderson | |
smtp_tls_security_level of 'encrypt', so it is not optional (#1902) Change-Id: I61ad0823e3eb8df6c224767d63f0911dcba42a16 | |||
2014-04-02 | Update TLS apache vhost TLS configuration (#5137): | Micah Anderson | |
. We want to allow for TLS1.2 to be enabled (supported in wheezy) . Explicitly disable SSLCompression. This aids in protecting against the BREACH attack: see http://breachattack.com), and SPDY version 3 is vulnerable to the CRIME attack when compression is on . Switch the cipher suites to match https://wiki.mozilla.org/Security/Server_Side_TLS#Apache for these reasons: . Prefer PFS, with ECDHE first then DHE (TLS 1.2, not many implementations support this, and there are no known attacks). . Prefer AES128 to AES256 because the key schedule in AES256 is considered weaker, and maybe AES128 is more resistant to timing attacks . Prefer AES to RC4. BEAST attacks on AES are mitigated in >=TLS1.1, and difficult in TLS1.0. They are not in RC4, and likely to become more dangerous . RC4 is on the path to removal, but still present for backward compatibility Change-Id: I99a7f0ebf2ac438f075835d1cb38f63080321043 | |||
2014-04-02 | Fix for satellite hosts that are unable to contact their relayhost | Micah Anderson | |
because the DNS lookup is either impossible (.local domain), or incorrect (certain openstack/amazon/piston cloud configurations create this setup when the relayhost is in the same cluster as the satellite). Fixes #5225 Change-Id: Ifbc201678f2c0e97ee0e12bbf1c7f71d035d45c1 | |||
2014-04-02 | Merge branch '5359_design_docs' into 0.6 | varac | |
2014-04-02 | Merge pull request #20 from elijh/feature/openvpn-config | varac | |
allow ability to customize openvpn security options | |||
2014-04-02 | couch design docs should be always deployed, not only on update of the ↵ | varac | |
design docs json files (Feature #5359) | |||
2014-04-01 | Include all the ips that are allowed to send mail through the relay in | Micah Anderson | |
the mynetworks parameter. Previously we only allowed other mx servers to relay to each other, but this prevents system mail from non-mx nodes from getting out. Fixes "Helo command rejected: You are not in domain bitmask.net (in reply to RCPT TO command))" (#5343) Change-Id: I5e204958cb235808eedc3a1724fb2dc6c7a5b73b | |||
2014-03-31 | Merge branch 'feature/static_site' of https://github.com/elijh/leap_platform ↵ | kwadronaut | |
into elijh-feature/static_site Conflicts: puppet/modules/site_config/manifests/packages/base.pp | |||
2014-03-26 | Merge branch '0.6' of ssh://code.leap.se/leap_platform into 0.6 | varac | |
2014-03-26 | Merge branch '5018_dont_remove_dev_packages_on_couch_node' into 0.6 | varac | |
2014-03-25 | Move setup.pp to a subclass (site_config::setup) (Feature #2993) | varac | |
2014-03-25 | couch node: same packages removed on every (second ?) puppetrun (Feature #5018) | varac | |
2014-03-25 | ignore openvpn TLS initialization errors (Feature #5374) | varac | |
2014-03-24 | modules/site_static: part 2 - apache | elijah | |
2014-03-24 | fixes #5360 adds admin@ as reserved address + linting | kwadronaut | |
2014-03-23 | modules/site_static: part 1 - amber | elijah | |
2014-03-20 | allow ability to customize openvpn security stuff: tls-cipher, auth, and ↵ | elijah | |
cipher config options. | |||
2014-03-19 | Merge branch '5306_ignore_tapicero_PreconditionFailed' into 0.6 | varac | |
2014-03-19 | Merge branch '4798_automatic_compaction' into 0.6 | varac | |
2014-03-13 | catch errors when tapicero fails to create a userdb (Feature #5306) | varac | |
2014-03-13 | Merge branch '5324_nagios_logging' into 0.6 | varac | |
2014-03-13 | deploy automatic compaction via platform (Feature #4798) | varac | |
2014-03-13 | Dont't archive nagios logs, use logrotate for it (Feature #5324) | varac | |
2014-03-13 | Dont't archive nagios logs (#5324) | varac | |
2014-03-13 | removed trailing whitespaces in nagios.cfg | varac | |
2014-03-12 | check if soledad is working (Feature #5239) | varac | |
2014-03-12 | Merge remote-tracking branch 'irregulator/bug/5241' into 0.6 | Micah Anderson | |
2014-03-12 | Indentation fix. | irregulator | |
2014-03-12 | DirPortFrontPage serves a static webpage only when Tor node is exit. | irregulator | |
See leap.se/code/issues/5241 | |||
2014-03-05 | updated submodule rubygems (#3827) | varac | |
2014-03-05 | updated submodule rubygems (#3827) | varac | |
2014-03-05 | use the right package dependencies for site_check_mk::agent class and subclasses | varac | |