From e8cd9ab2d4480aa7c16d15f5db664fa650d4c655 Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 27 Feb 2014 11:57:54 -0800 Subject: fixed more places where passwords were set to the wrong environment. --- provider_base/services/mx.json | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'provider_base/services/mx.json') diff --git a/provider_base/services/mx.json b/provider_base/services/mx.json index d57c3168..7e3f20ba 100644 --- a/provider_base/services/mx.json +++ b/provider_base/services/mx.json @@ -5,7 +5,11 @@ "haproxy": { "servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.couch_client)" }, - "couchdb_leap_mx_user": "= global.services[:couchdb].couch.users[:leap_mx]", + "couchdb_leap_mx_user": { + "username": "= global.services[:couchdb].couch.users[:leap_mx].username", + "password": "= secret :couch_leap_mx_password", + "salt": "= hex_secret :couch_leap_mx_password_salt, 128" + }, "mx_nodes": "= nodes['services' => 'mx']['environment' => '!local'].field('ip_address')", "x509": { "use": true, -- cgit v1.2.3 From 1906f13a7df02522bcd83a3c25101555870b5279 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 1 Apr 2014 15:28:54 -0400 Subject: Include all the ips that are allowed to send mail through the relay in the mynetworks parameter. Previously we only allowed other mx servers to relay to each other, but this prevents system mail from non-mx nodes from getting out. Fixes "Helo command rejected: You are not in domain bitmask.net (in reply to RCPT TO command))" (#5343) Change-Id: I5e204958cb235808eedc3a1724fb2dc6c7a5b73b --- provider_base/services/mx.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base/services/mx.json') diff --git a/provider_base/services/mx.json b/provider_base/services/mx.json index 7e3f20ba..0d1ec877 100644 --- a/provider_base/services/mx.json +++ b/provider_base/services/mx.json @@ -10,7 +10,7 @@ "password": "= secret :couch_leap_mx_password", "salt": "= hex_secret :couch_leap_mx_password_salt, 128" }, - "mx_nodes": "= nodes['services' => 'mx']['environment' => '!local'].field('ip_address')", + "mynetworks": "= nodes['environment' => '!local'].field('ip_address')", "x509": { "use": true, "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'", -- cgit v1.2.3 From 0e6c5cad63c038c0719ac409bb3cf02b8019f7ad Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 1 Apr 2014 16:40:23 -0400 Subject: Fix for Openstack/Amazon special case needing to allow ec2_public_ipv4 in mynetworks (#5427) Change-Id: Iee954f8cacd852f8c7c598c68a8793a3523c0132 --- provider_base/services/mx.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base/services/mx.json') diff --git a/provider_base/services/mx.json b/provider_base/services/mx.json index 0d1ec877..731dee9a 100644 --- a/provider_base/services/mx.json +++ b/provider_base/services/mx.json @@ -10,7 +10,7 @@ "password": "= secret :couch_leap_mx_password", "salt": "= hex_secret :couch_leap_mx_password_salt, 128" }, - "mynetworks": "= nodes['environment' => '!local'].field('ip_address')", + "mynetworks": "= nodes['environment' => '!local'].map{|name, n| [n.ip_address, (global.facts[name]||{})['ec2_public_ipv4']]}.flatten.compact.uniq", "x509": { "use": true, "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'", -- cgit v1.2.3