From 2a3b4ec1bc522409d4dc8d2e7750344de41acb50 Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 17 Jun 2014 14:48:50 -0700 Subject: allow webapp.json to configure what engines are enabled --- provider_base/services/webapp.json | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'provider_base/services/webapp.json') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index bbb52094..a5b1ed30 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -26,7 +26,10 @@ "nagios_test_user": { "username": "nagios_test", "password": "= secret :nagios_test_password" - } + }, + "engines": [ + "support" + ] }, "stunnel": { "couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)" -- cgit v1.2.3 From fba004bc8cbee0d9556538342ce78ac1c9d1229b Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 25 Jun 2014 12:49:39 -0700 Subject: more friendly error message in `leap compile` when commercial certificate is missing. --- provider_base/services/webapp.json | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'provider_base/services/webapp.json') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index a5b1ed30..d268a020 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -62,11 +62,9 @@ }, "x509": { "use": true, + "use_commercial": true, "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'", - "client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'", - "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'", - "commercial_cert": "= file [:commercial_cert, webapp.domain]", - "commercial_key": "= file [:commercial_key, webapp.domain]", - "commercial_ca_cert": "= try_file :commercial_ca_cert" + "client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`.'", + "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`.'" } } -- cgit v1.2.3 From 73674f928756321a6b35f06a62a0ff1cf0ff479b Mon Sep 17 00:00:00 2001 From: elijah Date: Sat, 21 Jun 2014 02:51:51 -0700 Subject: fix stunnel entries in mx.json and webapp.json --- provider_base/services/webapp.json | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'provider_base/services/webapp.json') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index d268a020..1b550af9 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -32,10 +32,15 @@ ] }, "stunnel": { - "couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)" + "clients": { + "couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)" + } }, "haproxy": { - "servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.couch_client, global.services[:couchdb].couch.port)" + "couch": { + "listen_port": 4096, + "servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.clients.couch_client, global.services[:couchdb].couch.port)" + } }, "definition_files": { "provider": "= file :provider_json_template", -- cgit v1.2.3 From 9ab38e0551fe3210f57be2889e70db4aa2b4cc2f Mon Sep 17 00:00:00 2001 From: Folker Bernitt Date: Thu, 10 Jul 2014 17:54:36 +0200 Subject: Added allow_registration to webapp config.yml. - See issue #5217 - See companion change in leap_web --- provider_base/services/webapp.json | 1 + 1 file changed, 1 insertion(+) (limited to 'provider_base/services/webapp.json') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 1b550af9..3af0dade 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -13,6 +13,7 @@ "allow_limited_certs": "= provider.service.allow_limited_bandwidth", "allow_unlimited_certs": "= provider.service.allow_unlimited_bandwidth", "allow_anonymous_certs": "= provider.service.allow_anonymous", + "allow_registration": "= provider.service.allow_registration", "default_service_level": "= provider.service.default_service_level", "service_levels": "= provider.service.levels", "secret_token": "= secret :webapp_secret_token", -- cgit v1.2.3 From d341c90c1493a78ed0ee2e216797651ff0aebfa9 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 16 Jul 2014 10:32:27 +0200 Subject: haproxy connects to a local couch if available When running a service that requires couch (webapp or mx) on a node that also had couch running the haproxy was confused because it did not have an stunnel port for the local couch. Emit a more useful error and fixed this for webapp and mx --- provider_base/services/webapp.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base/services/webapp.json') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 1b550af9..c1e3791f 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -39,7 +39,7 @@ "haproxy": { "couch": { "listen_port": 4096, - "servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.clients.couch_client, global.services[:couchdb].couch.port)" + "servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.clients.couch_client, global.services[:couchdb].couch.port, 5984)" } }, "definition_files": { -- cgit v1.2.3 From f7edf6d31a7ffbbc66ab778edec85f3cad4e6c82 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 29 Jul 2014 14:53:50 +0200 Subject: fix haproxy_servers call with couchdb default port --- provider_base/services/webapp.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base/services/webapp.json') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 1af95022..3af0dade 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -40,7 +40,7 @@ "haproxy": { "couch": { "listen_port": 4096, - "servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.clients.couch_client, global.services[:couchdb].couch.port, 5984)" + "servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.clients.couch_client, global.services[:couchdb].couch.port)" } }, "definition_files": { -- cgit v1.2.3 From d3e24760b33d6ae20f153d3c144d7d443fb0b69e Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 29 Oct 2014 15:20:54 -0700 Subject: added webapp.forbidden_usernames property to allow configuration of usernames to block. --- provider_base/services/webapp.json | 1 + 1 file changed, 1 insertion(+) (limited to 'provider_base/services/webapp.json') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 3af0dade..44b5fa14 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -1,6 +1,7 @@ { "webapp": { "admins": [], + "forbidden_usernames": ["admin", "administrator", "arin-admin", "certmaster", "contact", "info", "maildrop", "postmaster", "ssladmin", "www-data"], "domain": "= domain.full_suffix", "modules": ["user", "billing", "help"], "couchdb_webapp_user": { -- cgit v1.2.3 From de51b83384d97a67cdbdf1992ba9ad771a292c5d Mon Sep 17 00:00:00 2001 From: elijah Date: Mon, 24 Nov 2014 14:17:43 -0800 Subject: bind webapp to version/0.6 branch --- provider_base/services/webapp.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base/services/webapp.json') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 44b5fa14..67744f99 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -22,7 +22,7 @@ "secure": false, "git": { "source": "https://leap.se/git/leap_web", - "revision": "origin/master" + "revision": "origin/version/0.6" }, "client_version": "= provider.client_version", "nagios_test_user": { -- cgit v1.2.3