From 2a3b4ec1bc522409d4dc8d2e7750344de41acb50 Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 17 Jun 2014 14:48:50 -0700 Subject: allow webapp.json to configure what engines are enabled --- provider_base/services/webapp.json | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'provider_base/services') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index bbb52094..a5b1ed30 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -26,7 +26,10 @@ "nagios_test_user": { "username": "nagios_test", "password": "= secret :nagios_test_password" - } + }, + "engines": [ + "support" + ] }, "stunnel": { "couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)" -- cgit v1.2.3 From fba004bc8cbee0d9556538342ce78ac1c9d1229b Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 25 Jun 2014 12:49:39 -0700 Subject: more friendly error message in `leap compile` when commercial certificate is missing. --- provider_base/services/monitor.json | 6 ++---- provider_base/services/mx.json | 6 ++---- provider_base/services/webapp.json | 8 +++----- 3 files changed, 7 insertions(+), 13 deletions(-) (limited to 'provider_base/services') diff --git a/provider_base/services/monitor.json b/provider_base/services/monitor.json index 03f6c6d1..c24724bf 100644 --- a/provider_base/services/monitor.json +++ b/provider_base/services/monitor.json @@ -12,11 +12,9 @@ }, "x509": { "use": true, + "use_commercial": true, "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'", "client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'", - "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'", - "commercial_cert": "= file [:commercial_cert, domain.full_suffix]", - "commercial_key": "= file [:commercial_key, domain.full_suffix]", - "commercial_ca_cert": "= try_file :commercial_ca_cert" + "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'" } } diff --git a/provider_base/services/mx.json b/provider_base/services/mx.json index 731dee9a..30a19d9a 100644 --- a/provider_base/services/mx.json +++ b/provider_base/services/mx.json @@ -13,12 +13,10 @@ "mynetworks": "= nodes['environment' => '!local'].map{|name, n| [n.ip_address, (global.facts[name]||{})['ec2_public_ipv4']]}.flatten.compact.uniq", "x509": { "use": true, + "use_commercial": true, "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'", "client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'", - "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'", - "commercial_cert": "= file [:commercial_cert, domain.full_suffix]", - "commercial_key": "= file [:commercial_key, domain.full_suffix]", - "commercial_ca_cert": "= try_file :commercial_ca_cert" + "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'" }, "service_type": "user_service" } diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index a5b1ed30..d268a020 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -62,11 +62,9 @@ }, "x509": { "use": true, + "use_commercial": true, "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'", - "client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'", - "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'", - "commercial_cert": "= file [:commercial_cert, webapp.domain]", - "commercial_key": "= file [:commercial_key, webapp.domain]", - "commercial_ca_cert": "= try_file :commercial_ca_cert" + "client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`.'", + "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`.'" } } -- cgit v1.2.3 From db669a6911c55d9a5675fb4b42f4de5728f34c76 Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 19 Jun 2014 00:02:54 -0700 Subject: couchdb: generate hiera files suitable for plain couchdb + read-only mirrors --- provider_base/services/_couchdb_master.json | 8 ++++++++ provider_base/services/_couchdb_mirror.json | 16 ++++++++++++++++ provider_base/services/_couchdb_multimaster.json | 20 ++++++++++++++++++++ provider_base/services/couchdb.json | 17 ++++------------- provider_base/services/couchdb.rb | 18 ++++++++++++++++++ 5 files changed, 66 insertions(+), 13 deletions(-) create mode 100644 provider_base/services/_couchdb_master.json create mode 100644 provider_base/services/_couchdb_mirror.json create mode 100644 provider_base/services/_couchdb_multimaster.json create mode 100644 provider_base/services/couchdb.rb (limited to 'provider_base/services') diff --git a/provider_base/services/_couchdb_master.json b/provider_base/services/_couchdb_master.json new file mode 100644 index 00000000..20c6f99b --- /dev/null +++ b/provider_base/services/_couchdb_master.json @@ -0,0 +1,8 @@ +// +// Applied to master couchdb node when there is a single master +// +{ + "couch": { + "mode": "master" + } +} \ No newline at end of file diff --git a/provider_base/services/_couchdb_mirror.json b/provider_base/services/_couchdb_mirror.json new file mode 100644 index 00000000..67004c70 --- /dev/null +++ b/provider_base/services/_couchdb_mirror.json @@ -0,0 +1,16 @@ +// +// Applied to all non-master couchdb nodes +// +{ + "stunnel": { + "couch_client": "= stunnel_client(nodes[couch.replication.masters.keys], couch.port)" + }, + "couch": { + "mode": "mirror", + "replication": { + // for now, pick the first close one, or the first one. + // in the future, maybe use haproxy to balance among all the masters + "masters": "= try{pick_node(:couch_master,nodes_near_me['services' => 'couchdb']['couch.master' => true]).pick_fields('domain.internal')} || try{pick_node(:couch_master,nodes_like_me['services' => 'couchdb']['couch.master' => true]).pick_fields('domain.internal')}" + } + } +} \ No newline at end of file diff --git a/provider_base/services/_couchdb_multimaster.json b/provider_base/services/_couchdb_multimaster.json new file mode 100644 index 00000000..ff133b9c --- /dev/null +++ b/provider_base/services/_couchdb_multimaster.json @@ -0,0 +1,20 @@ +// +// Only applied to master couchdb nodes when there are multiple masters +// +{ + "stunnel": { + "epmd_server": "= stunnel_server(couch.bigcouch.epmd_port)", + "epmd_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], couch.bigcouch.epmd_port)", + "ednp_server": "= stunnel_server(couch.bigcouch.ednp_port)", + "ednp_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], couch.bigcouch.ednp_port)" + }, + "couch": { + "mode": "multimaster", + "bigcouch": { + "epmd_port": 4369, + "ednp_port": 9002, + "cookie": "= secret :bigcouch_cookie", + "neighbors": "= nodes_like_me['services' => 'couchdb']['couch.master' => true].exclude(self).field('domain.full')" + } + } +} diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index 5f1b5381..d75fd8de 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -3,20 +3,11 @@ "use": true }, "stunnel": { - "couch_server": "= stunnel_server(couch.port)", - "epmd_server": "= stunnel_server(couch.bigcouch.epmd_port)", - "epmd_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.bigcouch.epmd_port)", - "ednp_server": "= stunnel_server(couch.bigcouch.ednp_port)", - "ednp_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.bigcouch.ednp_port)" + "couch_server": "= stunnel_server(couch.port)" }, "couch": { + "master": false, "port": 5984, - "bigcouch": { - "epmd_port": 4369, - "ednp_port": 9002, - "cookie": "= secret :bigcouch_cookie", - "neighbors": "= nodes_like_me[:services => :couchdb].exclude(self).field('domain.full')" - }, "users": { "admin": { "username": "admin", @@ -49,8 +40,8 @@ "salt": "= hex_secret :couch_webapp_password_salt, 128" } }, - "webapp": { - "nagios_test_pw": "= secret :nagios_test_password" + "webapp": { + "nagios_test_pw": "= secret :nagios_test_password" } } } diff --git a/provider_base/services/couchdb.rb b/provider_base/services/couchdb.rb new file mode 100644 index 00000000..c8f5d8a7 --- /dev/null +++ b/provider_base/services/couchdb.rb @@ -0,0 +1,18 @@ +# +# custom logic for couchdb json resolution +# + +unless nodes_like_me['services' => 'couchdb']['couch.master' => true].any? + raise 'node `%s`, environment `%s`: there must be at least one node with couch.master set to `true` for this environment.' % [@node.name, @node.environment] +end + +if couch.master + if nodes_like_me['services' => 'couchdb']['couch.master' => true].size > 1 + apply_partial 'services/_couchdb_multimaster.json' + else + apply_partial 'services/_couchdb_master.json' + end +else + apply_partial 'services/_couchdb_mirror.json' +end + -- cgit v1.2.3 From 49f0c54a05f6b542367f8ef4538316ba2eaac6cd Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 20 Jun 2014 01:58:39 -0700 Subject: new generic system for stunnel: just `include site_stunnel` and stunnel + needed shorewall will be automatically set up. requires new leap_cli --- provider_base/services/_couchdb_mirror.json | 6 ++++-- provider_base/services/_couchdb_multimaster.json | 12 ++++++++---- provider_base/services/couchdb.json | 4 +++- 3 files changed, 15 insertions(+), 7 deletions(-) (limited to 'provider_base/services') diff --git a/provider_base/services/_couchdb_mirror.json b/provider_base/services/_couchdb_mirror.json index 67004c70..a496804d 100644 --- a/provider_base/services/_couchdb_mirror.json +++ b/provider_base/services/_couchdb_mirror.json @@ -3,14 +3,16 @@ // { "stunnel": { - "couch_client": "= stunnel_client(nodes[couch.replication.masters.keys], couch.port)" + "clients": { + "couch_client": "= stunnel_client(nodes[couch.replication.masters.keys], couch.port)" + } }, "couch": { "mode": "mirror", "replication": { // for now, pick the first close one, or the first one. // in the future, maybe use haproxy to balance among all the masters - "masters": "= try{pick_node(:couch_master,nodes_near_me['services' => 'couchdb']['couch.master' => true]).pick_fields('domain.internal')} || try{pick_node(:couch_master,nodes_like_me['services' => 'couchdb']['couch.master' => true]).pick_fields('domain.internal')}" + "masters": "= try{pick_node(:couch_master,nodes_near_me['services' => 'couchdb']['couch.master' => true]).pick_fields('domain.internal', 'couch.port')} || try{pick_node(:couch_master,nodes_like_me['services' => 'couchdb']['couch.master' => true]).pick_fields('domain.internal', 'couch.port')}" } } } \ No newline at end of file diff --git a/provider_base/services/_couchdb_multimaster.json b/provider_base/services/_couchdb_multimaster.json index ff133b9c..8c433188 100644 --- a/provider_base/services/_couchdb_multimaster.json +++ b/provider_base/services/_couchdb_multimaster.json @@ -3,10 +3,14 @@ // { "stunnel": { - "epmd_server": "= stunnel_server(couch.bigcouch.epmd_port)", - "epmd_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], couch.bigcouch.epmd_port)", - "ednp_server": "= stunnel_server(couch.bigcouch.ednp_port)", - "ednp_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], couch.bigcouch.ednp_port)" + "servers": { + "epmd_server": "= stunnel_server(couch.bigcouch.epmd_port)", + "ednp_server": "= stunnel_server(couch.bigcouch.ednp_port)" + }, + "clients": { + "epmd_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], couch.bigcouch.epmd_port)", + "ednp_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], couch.bigcouch.ednp_port)" + } }, "couch": { "mode": "multimaster", diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index d75fd8de..c2482235 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -3,7 +3,9 @@ "use": true }, "stunnel": { - "couch_server": "= stunnel_server(couch.port)" + "servers": { + "couch_server": "= stunnel_server(couch.port)" + } }, "couch": { "master": false, -- cgit v1.2.3 From 0fbb8b1c2ddcabc23c19229ea89a2070964fc7ab Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 20 Jun 2014 01:59:01 -0700 Subject: tmp comment out error if no master nodes defined --- provider_base/services/couchdb.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base/services') diff --git a/provider_base/services/couchdb.rb b/provider_base/services/couchdb.rb index c8f5d8a7..c63e3a00 100644 --- a/provider_base/services/couchdb.rb +++ b/provider_base/services/couchdb.rb @@ -3,7 +3,7 @@ # unless nodes_like_me['services' => 'couchdb']['couch.master' => true].any? - raise 'node `%s`, environment `%s`: there must be at least one node with couch.master set to `true` for this environment.' % [@node.name, @node.environment] + #raise 'node `%s`, environment `%s`: there must be at least one node with couch.master set to `true` for this environment.' % [@node.name, @node.environment] end if couch.master -- cgit v1.2.3 From a8f6415b0869018fd8d4ac947814529e8e85ace2 Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 20 Jun 2014 19:10:44 +0200 Subject: add replication user --- provider_base/services/couchdb.json | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'provider_base/services') diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index c2482235..8b1386f8 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -40,6 +40,11 @@ "username": "webapp", "password": "= secret :couch_webapp_password", "salt": "= hex_secret :couch_webapp_password_salt, 128" + }, + "replication": { + "username": "replication", + "password": "= secret :couch_replication_password", + "salt": "= hex_secret :couch_replication_password_salt, 128" } }, "webapp": { -- cgit v1.2.3 From 73674f928756321a6b35f06a62a0ff1cf0ff479b Mon Sep 17 00:00:00 2001 From: elijah Date: Sat, 21 Jun 2014 02:51:51 -0700 Subject: fix stunnel entries in mx.json and webapp.json --- provider_base/services/mx.json | 9 +++++++-- provider_base/services/webapp.json | 9 +++++++-- 2 files changed, 14 insertions(+), 4 deletions(-) (limited to 'provider_base/services') diff --git a/provider_base/services/mx.json b/provider_base/services/mx.json index 30a19d9a..1f0e613e 100644 --- a/provider_base/services/mx.json +++ b/provider_base/services/mx.json @@ -1,9 +1,14 @@ { "stunnel": { - "couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)" + "clients": { + "couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)" + } }, "haproxy": { - "servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.couch_client)" + "couch": { + "listen_port": 4096, + "servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.clients.couch_client)" + } }, "couchdb_leap_mx_user": { "username": "= global.services[:couchdb].couch.users[:leap_mx].username", diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index d268a020..1b550af9 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -32,10 +32,15 @@ ] }, "stunnel": { - "couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)" + "clients": { + "couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)" + } }, "haproxy": { - "servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.couch_client, global.services[:couchdb].couch.port)" + "couch": { + "listen_port": 4096, + "servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.clients.couch_client, global.services[:couchdb].couch.port)" + } }, "definition_files": { "provider": "= file :provider_json_template", -- cgit v1.2.3 From 813f840cceb284c38dcedea1577d125e62e280f0 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 23 Jun 2014 21:50:50 +0200 Subject: hand replication credentials to tapicero --- provider_base/services/_couchdb_mirror.json | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'provider_base/services') diff --git a/provider_base/services/_couchdb_mirror.json b/provider_base/services/_couchdb_mirror.json index a496804d..6a3402bd 100644 --- a/provider_base/services/_couchdb_mirror.json +++ b/provider_base/services/_couchdb_mirror.json @@ -12,7 +12,10 @@ "replication": { // for now, pick the first close one, or the first one. // in the future, maybe use haproxy to balance among all the masters - "masters": "= try{pick_node(:couch_master,nodes_near_me['services' => 'couchdb']['couch.master' => true]).pick_fields('domain.internal', 'couch.port')} || try{pick_node(:couch_master,nodes_like_me['services' => 'couchdb']['couch.master' => true]).pick_fields('domain.internal', 'couch.port')}" + "masters": "= try{pick_node(:couch_master,nodes_near_me['services' => 'couchdb']['couch.master' => true]).pick_fields('domain.internal', 'couch.port')} || try{pick_node(:couch_master,nodes_like_me['services' => 'couchdb']['couch.master' => true]).pick_fields('domain.internal', 'couch.port')}", + "username": "replication", + "password": "= secret :couch_replication_password", + "role": "replication" } } -} \ No newline at end of file +} -- cgit v1.2.3 From 15ec7cbcb2b9a4c230c4b8a7f7b720c7dc047c61 Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 27 Jun 2014 23:30:58 -0700 Subject: added error() macro. --- provider_base/services/couchdb.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base/services') diff --git a/provider_base/services/couchdb.rb b/provider_base/services/couchdb.rb index c63e3a00..81f366e1 100644 --- a/provider_base/services/couchdb.rb +++ b/provider_base/services/couchdb.rb @@ -3,7 +3,7 @@ # unless nodes_like_me['services' => 'couchdb']['couch.master' => true].any? - #raise 'node `%s`, environment `%s`: there must be at least one node with couch.master set to `true` for this environment.' % [@node.name, @node.environment] + error('there must be at least one node with couch.master set to `true` for environment `%s`.' % @node.environment) end if couch.master -- cgit v1.2.3 From 54fcafe131c411a49e4277cd0d14c6ea20044203 Mon Sep 17 00:00:00 2001 From: irregulator Date: Tue, 20 May 2014 23:20:58 +0300 Subject: Initial commit for obfsproxy server feature in platform --- provider_base/services/obfsproxy.json | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 provider_base/services/obfsproxy.json (limited to 'provider_base/services') diff --git a/provider_base/services/obfsproxy.json b/provider_base/services/obfsproxy.json new file mode 100644 index 00000000..954ae868 --- /dev/null +++ b/provider_base/services/obfsproxy.json @@ -0,0 +1,10 @@ +{ + "obfsproxy": { + "scramblesuit": { + "password": "= base32_secret :scramblesuit_password", + //"port" : "= rand(11..5555)" + "port" : "= obfs_port :scramblesuit_port, 18000..32000" + }, + "gateway_address": "= nodes[:services => 'openvpn'].field('openvpn.gateway_address')[0]" + } +} -- cgit v1.2.3 From cfcc589c6465dab8a4d3923d6c81623ecfbeb8c1 Mon Sep 17 00:00:00 2001 From: irregulator Date: Thu, 22 May 2014 03:57:28 +0300 Subject: Reflect change in leap_cli, use rand_range macro --- provider_base/services/obfsproxy.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'provider_base/services') diff --git a/provider_base/services/obfsproxy.json b/provider_base/services/obfsproxy.json index 954ae868..792a4183 100644 --- a/provider_base/services/obfsproxy.json +++ b/provider_base/services/obfsproxy.json @@ -2,8 +2,7 @@ "obfsproxy": { "scramblesuit": { "password": "= base32_secret :scramblesuit_password", - //"port" : "= rand(11..5555)" - "port" : "= obfs_port :scramblesuit_port, 18000..32000" + "port" : "= rand_range :scramblesuit_port, 18000..32000" }, "gateway_address": "= nodes[:services => 'openvpn'].field('openvpn.gateway_address')[0]" } -- cgit v1.2.3 From 2f318f0be937f0bace467640f4011ba422a736b7 Mon Sep 17 00:00:00 2001 From: irregulator Date: Thu, 22 May 2014 14:34:55 +0300 Subject: Pick gateway address either from self or another openvpn node --- provider_base/services/obfsproxy.json | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'provider_base/services') diff --git a/provider_base/services/obfsproxy.json b/provider_base/services/obfsproxy.json index 792a4183..d6771148 100644 --- a/provider_base/services/obfsproxy.json +++ b/provider_base/services/obfsproxy.json @@ -4,6 +4,11 @@ "password": "= base32_secret :scramblesuit_password", "port" : "= rand_range :scramblesuit_port, 18000..32000" }, - "gateway_address": "= nodes[:services => 'openvpn'].field('openvpn.gateway_address')[0]" + "gateway_address": "= self['openvpn'] ? openvpn.gateway_address : nodes_like_me[:services => 'openvpn'].field('openvpn.gateway_address').shuffle.first" + // Later, if we add a SafeNil class that looks and acts like nil + // but will allow you to call methods on it (each returning another SafeNil) + // without throwing an exception, we could do: + // "gateway_address": "= self['openvpn'] ? openvpn.gateway_address : (nodes_like_me[:services => 'openvpn']['location.name' => location.name].field('openvpn.gateway_address').shuffle.first || nodes_like_me[:services => 'openvpn'].field('openvpn.gateway_address').shuffle.first)" + // Perhaps we should also create a macro. } } -- cgit v1.2.3 From 86035bf6936812f5b01ac7d5e3b6d026124e156e Mon Sep 17 00:00:00 2001 From: irregulator Date: Tue, 27 May 2014 20:20:51 +0300 Subject: Use the try method to pick vpn gateway address in obfsproxy.json --- provider_base/services/obfsproxy.json | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'provider_base/services') diff --git a/provider_base/services/obfsproxy.json b/provider_base/services/obfsproxy.json index d6771148..b14a0db9 100644 --- a/provider_base/services/obfsproxy.json +++ b/provider_base/services/obfsproxy.json @@ -4,11 +4,6 @@ "password": "= base32_secret :scramblesuit_password", "port" : "= rand_range :scramblesuit_port, 18000..32000" }, - "gateway_address": "= self['openvpn'] ? openvpn.gateway_address : nodes_like_me[:services => 'openvpn'].field('openvpn.gateway_address').shuffle.first" - // Later, if we add a SafeNil class that looks and acts like nil - // but will allow you to call methods on it (each returning another SafeNil) - // without throwing an exception, we could do: - // "gateway_address": "= self['openvpn'] ? openvpn.gateway_address : (nodes_like_me[:services => 'openvpn']['location.name' => location.name].field('openvpn.gateway_address').shuffle.first || nodes_like_me[:services => 'openvpn'].field('openvpn.gateway_address').shuffle.first)" - // Perhaps we should also create a macro. + "gateway_address": "= try{openvpn.gateway_address} || try{nodes_like_me[:services => 'openvpn']['location.name' => location.name].field('openvpn.gateway_address').shuffle.first} || try{nodes_like_me[:services => 'openvpn'].field('openvpn.gateway_address').shuffle.first}" } } -- cgit v1.2.3 From 08f4c51cbbf9a4307375278ab42d31aa65d57645 Mon Sep 17 00:00:00 2001 From: irregulator Date: Wed, 28 May 2014 15:25:21 +0300 Subject: Include obfsproxy descriptors in openvpn.json This is needed so as obfsproxy service is automatically deployed along with eip service. --- provider_base/services/openvpn.json | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'provider_base/services') diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json index 090afcd6..1ce397d0 100644 --- a/provider_base/services/openvpn.json +++ b/provider_base/services/openvpn.json @@ -26,5 +26,12 @@ "keepalive": "10 30", "tun-ipv6": true } + }, + "obfsproxy": { + "scramblesuit": { + "password": "= base32_secret :scramblesuit_password", + "port" : "= rand_range :scramblesuit_port, 18000..32000" + }, + "gateway_address": "= try{openvpn.gateway_address} || try{nodes_like_me[:services => 'openvpn']['location.name' => location.name].field('openvpn.gateway_address').shuffle.first} || try{nodes_like_me[:services => 'openvpn'].field('openvpn.gateway_address').shuffle.first}" } } -- cgit v1.2.3 From 02963cea38c916256a6c9c959c58ed5a222f1767 Mon Sep 17 00:00:00 2001 From: irregulator Date: Fri, 30 May 2014 04:04:24 +0300 Subject: Attach node's name to scramblesuit password and port secrets This makes every node with obfsproxy service have unique port and password for scramblesuit pluggable transport. --- provider_base/services/obfsproxy.json | 4 ++-- provider_base/services/openvpn.json | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'provider_base/services') diff --git a/provider_base/services/obfsproxy.json b/provider_base/services/obfsproxy.json index b14a0db9..ab92c11f 100644 --- a/provider_base/services/obfsproxy.json +++ b/provider_base/services/obfsproxy.json @@ -1,8 +1,8 @@ { "obfsproxy": { "scramblesuit": { - "password": "= base32_secret :scramblesuit_password", - "port" : "= rand_range :scramblesuit_port, 18000..32000" + "password": "= base32_secret('scramblesuit_password_'+name)", + "port" : "= rand_range('scramblesuit_port_'+name, 18000..32000)" }, "gateway_address": "= try{openvpn.gateway_address} || try{nodes_like_me[:services => 'openvpn']['location.name' => location.name].field('openvpn.gateway_address').shuffle.first} || try{nodes_like_me[:services => 'openvpn'].field('openvpn.gateway_address').shuffle.first}" } diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json index 1ce397d0..c62fa04b 100644 --- a/provider_base/services/openvpn.json +++ b/provider_base/services/openvpn.json @@ -29,8 +29,8 @@ }, "obfsproxy": { "scramblesuit": { - "password": "= base32_secret :scramblesuit_password", - "port" : "= rand_range :scramblesuit_port, 18000..32000" + "password": "= base32_secret('scramblesuit_password_'+name)", + "port" : "= rand_range('scramblesuit_port_'+name, 18000..32000)" }, "gateway_address": "= try{openvpn.gateway_address} || try{nodes_like_me[:services => 'openvpn']['location.name' => location.name].field('openvpn.gateway_address').shuffle.first} || try{nodes_like_me[:services => 'openvpn'].field('openvpn.gateway_address').shuffle.first}" } -- cgit v1.2.3 From 87e997658dae6655aa0a3f2da7dc8737ec9041bc Mon Sep 17 00:00:00 2001 From: irregulator Date: Tue, 3 Jun 2014 21:36:09 +0300 Subject: A vpn node picks its openvpn.gateway as obfsproxy gateway address --- provider_base/services/openvpn.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base/services') diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json index c62fa04b..1906244c 100644 --- a/provider_base/services/openvpn.json +++ b/provider_base/services/openvpn.json @@ -32,6 +32,6 @@ "password": "= base32_secret('scramblesuit_password_'+name)", "port" : "= rand_range('scramblesuit_port_'+name, 18000..32000)" }, - "gateway_address": "= try{openvpn.gateway_address} || try{nodes_like_me[:services => 'openvpn']['location.name' => location.name].field('openvpn.gateway_address').shuffle.first} || try{nodes_like_me[:services => 'openvpn'].field('openvpn.gateway_address').shuffle.first}" + "gateway_address": "= openvpn.gateway_address" } } -- cgit v1.2.3 From 7e278f92f34e3809d380be724f0c306430791b10 Mon Sep 17 00:00:00 2001 From: irregulator Date: Tue, 1 Jul 2014 01:49:56 +0300 Subject: Use new macro pick_node to pick vpn gateway for obfsproxy.json --- provider_base/services/obfsproxy.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base/services') diff --git a/provider_base/services/obfsproxy.json b/provider_base/services/obfsproxy.json index ab92c11f..979d0ef9 100644 --- a/provider_base/services/obfsproxy.json +++ b/provider_base/services/obfsproxy.json @@ -4,6 +4,6 @@ "password": "= base32_secret('scramblesuit_password_'+name)", "port" : "= rand_range('scramblesuit_port_'+name, 18000..32000)" }, - "gateway_address": "= try{openvpn.gateway_address} || try{nodes_like_me[:services => 'openvpn']['location.name' => location.name].field('openvpn.gateway_address').shuffle.first} || try{nodes_like_me[:services => 'openvpn'].field('openvpn.gateway_address').shuffle.first}" + "gateway_address": "= try{pick_node(:obfs_gateway,nodes_near_me['services' => 'openvpn']).pick_fields('openvpn.gateway_address')} || try{pick_node(:obfs_gateway,nodes_like_me['services' => 'openvpn']).pick_fields('openvpn.gateway_address')}" } } -- cgit v1.2.3 From 9ab38e0551fe3210f57be2889e70db4aa2b4cc2f Mon Sep 17 00:00:00 2001 From: Folker Bernitt Date: Thu, 10 Jul 2014 17:54:36 +0200 Subject: Added allow_registration to webapp config.yml. - See issue #5217 - See companion change in leap_web --- provider_base/services/webapp.json | 1 + 1 file changed, 1 insertion(+) (limited to 'provider_base/services') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 1b550af9..3af0dade 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -13,6 +13,7 @@ "allow_limited_certs": "= provider.service.allow_limited_bandwidth", "allow_unlimited_certs": "= provider.service.allow_unlimited_bandwidth", "allow_anonymous_certs": "= provider.service.allow_anonymous", + "allow_registration": "= provider.service.allow_registration", "default_service_level": "= provider.service.default_service_level", "service_levels": "= provider.service.levels", "secret_token": "= secret :webapp_secret_token", -- cgit v1.2.3 From d341c90c1493a78ed0ee2e216797651ff0aebfa9 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 16 Jul 2014 10:32:27 +0200 Subject: haproxy connects to a local couch if available When running a service that requires couch (webapp or mx) on a node that also had couch running the haproxy was confused because it did not have an stunnel port for the local couch. Emit a more useful error and fixed this for webapp and mx --- provider_base/services/mx.json | 2 +- provider_base/services/webapp.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'provider_base/services') diff --git a/provider_base/services/mx.json b/provider_base/services/mx.json index 1f0e613e..32a93638 100644 --- a/provider_base/services/mx.json +++ b/provider_base/services/mx.json @@ -7,7 +7,7 @@ "haproxy": { "couch": { "listen_port": 4096, - "servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.clients.couch_client)" + "servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.clients.couch_client, 5984)" } }, "couchdb_leap_mx_user": { diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 1b550af9..c1e3791f 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -39,7 +39,7 @@ "haproxy": { "couch": { "listen_port": 4096, - "servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.clients.couch_client, global.services[:couchdb].couch.port)" + "servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.clients.couch_client, global.services[:couchdb].couch.port, 5984)" } }, "definition_files": { -- cgit v1.2.3 From f7edf6d31a7ffbbc66ab778edec85f3cad4e6c82 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 29 Jul 2014 14:53:50 +0200 Subject: fix haproxy_servers call with couchdb default port --- provider_base/services/mx.json | 2 +- provider_base/services/webapp.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'provider_base/services') diff --git a/provider_base/services/mx.json b/provider_base/services/mx.json index 32a93638..11293ae8 100644 --- a/provider_base/services/mx.json +++ b/provider_base/services/mx.json @@ -7,7 +7,7 @@ "haproxy": { "couch": { "listen_port": 4096, - "servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.clients.couch_client, 5984)" + "servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.clients.couch_client, global.services[:couchdb].couch.port)" } }, "couchdb_leap_mx_user": { diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 1af95022..3af0dade 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -40,7 +40,7 @@ "haproxy": { "couch": { "listen_port": 4096, - "servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.clients.couch_client, global.services[:couchdb].couch.port, 5984)" + "servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.clients.couch_client, global.services[:couchdb].couch.port)" } }, "definition_files": { -- cgit v1.2.3 From a54b82ff7cdae2e44bc3c159473ca03e283f0746 Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 22 Aug 2014 02:20:13 -0700 Subject: default to multimaster if no nodes are defined as master --- provider_base/services/couchdb.rb | 62 ++++++++++++++++++++++++++++++++------- 1 file changed, 52 insertions(+), 10 deletions(-) (limited to 'provider_base/services') diff --git a/provider_base/services/couchdb.rb b/provider_base/services/couchdb.rb index 81f366e1..3bee3a67 100644 --- a/provider_base/services/couchdb.rb +++ b/provider_base/services/couchdb.rb @@ -1,18 +1,60 @@ +####################################################################### +### +### NOTE! +### +### Currently, mirrors do not work! The only thing that works is all +### nodes multimaster or a single master. +### +####################################################################### # # custom logic for couchdb json resolution +# ============================================ +# +# There are three modes for a node: +# +# Multimaster +# ----------- +# +# Multimaster uses bigcouch (soon to use couchdb in replication mode +# similar to bigcouch). +# +# Use "multimaster" mode when: +# +# * multiple nodes are marked couch.master +# * OR no nodes are marked couch.master +# +# Master +# ------ +# +# Master uses plain couchdb that is readable and writable. +# +# Use "master" mode when: +# +# * Exactly one node, this one, is marked as master. +# +# Mirror +# ------ +# +# Mirror creates a read-only copy of the database. It uses plain coucdhb +# with legacy couchdb replication (http based). +# +# This does not currently work, because http replication can't handle +# the number of user databases. +# +# Use "mirror" mode when: +# +# * some nodes are marked couch.master +# * AND this node is not a master # -unless nodes_like_me['services' => 'couchdb']['couch.master' => true].any? - error('there must be at least one node with couch.master set to `true` for environment `%s`.' % @node.environment) -end +master_count = nodes_like_me['services' => 'couchdb']['couch.master' => true].size -if couch.master - if nodes_like_me['services' => 'couchdb']['couch.master' => true].size > 1 - apply_partial 'services/_couchdb_multimaster.json' - else - apply_partial 'services/_couchdb_master.json' - end +if master_count == 0 + apply_partial 'services/_couchdb_multimaster.json' +elsif couch.master && master_count > 1 + apply_partial 'services/_couchdb_multimaster.json' +elsif couch.master && master_count == 1 + apply_partial 'services/_couchdb_master.json' else apply_partial 'services/_couchdb_mirror.json' end - -- cgit v1.2.3 From af606967d39227390f5ef8403c64d693c1dfd76d Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 23 Sep 2014 14:48:48 -0700 Subject: couch: for neighbors, use 'couch.mode' instead of 'couch.master' (which might be false even for multimaster). closes #6064 --- provider_base/services/_couchdb_multimaster.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'provider_base/services') diff --git a/provider_base/services/_couchdb_multimaster.json b/provider_base/services/_couchdb_multimaster.json index 8c433188..0f340e00 100644 --- a/provider_base/services/_couchdb_multimaster.json +++ b/provider_base/services/_couchdb_multimaster.json @@ -8,8 +8,8 @@ "ednp_server": "= stunnel_server(couch.bigcouch.ednp_port)" }, "clients": { - "epmd_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], couch.bigcouch.epmd_port)", - "ednp_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], couch.bigcouch.ednp_port)" + "epmd_clients": "= stunnel_client(nodes_like_me['services' => 'couchdb']['couch.mode' => 'multimaster'], couch.bigcouch.epmd_port)", + "ednp_clients": "= stunnel_client(nodes_like_me['services' => 'couchdb']['couch.mode' => 'multimaster'], couch.bigcouch.ednp_port)" } }, "couch": { @@ -18,7 +18,7 @@ "epmd_port": 4369, "ednp_port": 9002, "cookie": "= secret :bigcouch_cookie", - "neighbors": "= nodes_like_me['services' => 'couchdb']['couch.master' => true].exclude(self).field('domain.full')" + "neighbors": "= nodes_like_me['services' => 'couchdb']['couch.mode' => 'multimaster'].exclude(self).field('domain.full')" } } } -- cgit v1.2.3 From 027c20e2b8f779086d1480048152fe06d044b216 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 7 Oct 2014 13:55:58 +0200 Subject: every environment is defined as nagios hostsgroup (#5216) Change-Id: I6508ce0d06b37a1c5601a0e981a59f7fda47f76a --- provider_base/services/monitor.json | 1 + 1 file changed, 1 insertion(+) (limited to 'provider_base/services') diff --git a/provider_base/services/monitor.json b/provider_base/services/monitor.json index c24724bf..56ca015b 100644 --- a/provider_base/services/monitor.json +++ b/provider_base/services/monitor.json @@ -1,6 +1,7 @@ { "nagios": { "nagiosadmin_pw": "= secret :nagios_admin_password", + "domains_internal": "= global.tags.field('domain.internal_suffix').compact.uniq", "hosts": "= (self.environment == 'local' ? nodes_like_me : nodes[:environment => '!local']).pick_fields('domain.internal', 'domain.full_suffix', 'ip_address', 'services', 'openvpn.gateway_address', 'ssh.port')" }, "hosts": "= self.environment == 'local' ? hosts_file(nodes_like_me) : hosts_file(nodes[:environment => '!local'])", -- cgit v1.2.3 From d3e24760b33d6ae20f153d3c144d7d443fb0b69e Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 29 Oct 2014 15:20:54 -0700 Subject: added webapp.forbidden_usernames property to allow configuration of usernames to block. --- provider_base/services/webapp.json | 1 + 1 file changed, 1 insertion(+) (limited to 'provider_base/services') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 3af0dade..44b5fa14 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -1,6 +1,7 @@ { "webapp": { "admins": [], + "forbidden_usernames": ["admin", "administrator", "arin-admin", "certmaster", "contact", "info", "maildrop", "postmaster", "ssladmin", "www-data"], "domain": "= domain.full_suffix", "modules": ["user", "billing", "help"], "couchdb_webapp_user": { -- cgit v1.2.3 From 1d4670f8b9b4c1f3d4cd8017a3f6145ccdd41312 Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 31 Oct 2014 00:01:57 -0700 Subject: add support for property tor.key --- provider_base/services/tor.json | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'provider_base/services') diff --git a/provider_base/services/tor.json b/provider_base/services/tor.json index fc365a19..87fb9682 100644 --- a/provider_base/services/tor.json +++ b/provider_base/services/tor.json @@ -3,6 +3,13 @@ "bandwidth_rate": 6550, "contacts": "= [provider.contacts['tor'] || provider.contacts.default].flatten", "nickname": "= (self.name + secret(:tor_family)).sub('_','')[0..18]", - "family": "= nodes[:services => 'tor'][:environment => '!local'].field('tor.nickname').join(',')" + "family": "= nodes[:services => 'tor'][:environment => '!local'].field('tor.nickname').join(',')", + "hidden_service": null, + "key": { + "type": "RSA", + "public": "= tor_public_key_path(:node_tor_pub_key, tor.key.type) if tor.hidden_service", + "private": "= tor_private_key_path(:node_tor_priv_key, tor.key.type) if tor.hidden_service", + "address": "= onion_address(:node_tor_pub_key) if tor.hidden_service" + } } } -- cgit v1.2.3 From 90b672ed58982b232b1c96febcd9736ae5fc4faf Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 4 Nov 2014 12:25:54 -0800 Subject: tor - to activate hidden service, now set tor.hidden_service.active = true --- provider_base/services/tor.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'provider_base/services') diff --git a/provider_base/services/tor.json b/provider_base/services/tor.json index 87fb9682..55d3d2ee 100644 --- a/provider_base/services/tor.json +++ b/provider_base/services/tor.json @@ -4,12 +4,12 @@ "contacts": "= [provider.contacts['tor'] || provider.contacts.default].flatten", "nickname": "= (self.name + secret(:tor_family)).sub('_','')[0..18]", "family": "= nodes[:services => 'tor'][:environment => '!local'].field('tor.nickname').join(',')", - "hidden_service": null, - "key": { - "type": "RSA", - "public": "= tor_public_key_path(:node_tor_pub_key, tor.key.type) if tor.hidden_service", - "private": "= tor_private_key_path(:node_tor_priv_key, tor.key.type) if tor.hidden_service", - "address": "= onion_address(:node_tor_pub_key) if tor.hidden_service" + "hidden_service": { + "active": null, + "key_type": "RSA", + "public_key": "= tor_public_key_path(:node_tor_pub_key, tor.hidden_service.key_type) if tor.hidden_service.active", + "private_key": "= tor_private_key_path(:node_tor_priv_key, tor.hidden_service.key_type) if tor.hidden_service.active", + "address": "= onion_address(:node_tor_pub_key) if tor.hidden_service.active" } } } -- cgit v1.2.3 From b9d2030beb890e8dccbbe42bfcc430a2c2702a92 Mon Sep 17 00:00:00 2001 From: elijah Date: Mon, 10 Nov 2014 20:43:24 -0800 Subject: openvpn - support customizing --fragment, and set default to 1400 --- provider_base/services/openvpn.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'provider_base/services') diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json index 1906244c..127f5890 100644 --- a/provider_base/services/openvpn.json +++ b/provider_base/services/openvpn.json @@ -24,7 +24,8 @@ "auth": "SHA1", "cipher": "AES-128-CBC", "keepalive": "10 30", - "tun-ipv6": true + "tun-ipv6": true, + "fragment": 1400 } }, "obfsproxy": { -- cgit v1.2.3 From e18853b16969cb164613003edfab9a5b5800e099 Mon Sep 17 00:00:00 2001 From: elijah Date: Mon, 10 Nov 2014 20:56:38 -0800 Subject: change default openvpn fragment size back to 1500 so we don't break backward compatibility with older clients --- provider_base/services/openvpn.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base/services') diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json index 127f5890..11cb0dc2 100644 --- a/provider_base/services/openvpn.json +++ b/provider_base/services/openvpn.json @@ -25,7 +25,7 @@ "cipher": "AES-128-CBC", "keepalive": "10 30", "tun-ipv6": true, - "fragment": 1400 + "fragment": 1500 } }, "obfsproxy": { -- cgit v1.2.3 From de51b83384d97a67cdbdf1992ba9ad771a292c5d Mon Sep 17 00:00:00 2001 From: elijah Date: Mon, 24 Nov 2014 14:17:43 -0800 Subject: bind webapp to version/0.6 branch --- provider_base/services/webapp.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base/services') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 44b5fa14..67744f99 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -22,7 +22,7 @@ "secure": false, "git": { "source": "https://leap.se/git/leap_web", - "revision": "origin/master" + "revision": "origin/version/0.6" }, "client_version": "= provider.client_version", "nagios_test_user": { -- cgit v1.2.3 From a84272aa77715a4029ebd06b38b7a5ad05e6acd0 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 2 Dec 2014 11:26:35 -0500 Subject: Change nagios mail To: Header to contain the actual platform environment's contact email (Bug #6466) Change-Id: Ib86ae771e0ac3b6f329a517a8a31c9ec54d33a05 --- provider_base/services/monitor.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'provider_base/services') diff --git a/provider_base/services/monitor.json b/provider_base/services/monitor.json index 56ca015b..a68ee8d8 100644 --- a/provider_base/services/monitor.json +++ b/provider_base/services/monitor.json @@ -2,7 +2,8 @@ "nagios": { "nagiosadmin_pw": "= secret :nagios_admin_password", "domains_internal": "= global.tags.field('domain.internal_suffix').compact.uniq", - "hosts": "= (self.environment == 'local' ? nodes_like_me : nodes[:environment => '!local']).pick_fields('domain.internal', 'domain.full_suffix', 'ip_address', 'services', 'openvpn.gateway_address', 'ssh.port')" + "environments": "= Hash[ global.environment_names.select{|e|e!='local'}.map{|e| [e||'default',{'contact_emails'=>global.env(e).provider.contacts.default}]} ]", + "hosts": "= (self.environment == 'local' ? nodes_like_me : nodes[:environment => '!local']).pick_fields('environment', 'domain.internal', 'domain.full_suffix', 'ip_address', 'services', 'openvpn.gateway_address', 'ssh.port')" }, "hosts": "= self.environment == 'local' ? hosts_file(nodes_like_me) : hosts_file(nodes[:environment => '!local'])", "ssh": { -- cgit v1.2.3 From e517ef53f15d24f22c31ff44eaa37601e4d5ec14 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 9 Dec 2014 09:57:44 +0100 Subject: add 'local' contactgroup to local environmet monitoring node Change-Id: I1618a8c7f2f7c905b354dbe363fc91b690725479 --- provider_base/services/monitor.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base/services') diff --git a/provider_base/services/monitor.json b/provider_base/services/monitor.json index a68ee8d8..ff3a27a3 100644 --- a/provider_base/services/monitor.json +++ b/provider_base/services/monitor.json @@ -2,7 +2,7 @@ "nagios": { "nagiosadmin_pw": "= secret :nagios_admin_password", "domains_internal": "= global.tags.field('domain.internal_suffix').compact.uniq", - "environments": "= Hash[ global.environment_names.select{|e|e!='local'}.map{|e| [e||'default',{'contact_emails'=>global.env(e).provider.contacts.default}]} ]", + "environments": "= Hash[ nagios.hosts.values.map{|h|h['environment']}.uniq.map{|e| [e||'default',{'contact_emails'=>global.env(e).provider.contacts.default}]} ]", "hosts": "= (self.environment == 'local' ? nodes_like_me : nodes[:environment => '!local']).pick_fields('environment', 'domain.internal', 'domain.full_suffix', 'ip_address', 'services', 'openvpn.gateway_address', 'ssh.port')" }, "hosts": "= self.environment == 'local' ? hosts_file(nodes_like_me) : hosts_file(nodes[:environment => '!local'])", -- cgit v1.2.3 From 7871852a39bf59947b25184e6c6df365ba3b5052 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 10 Dec 2014 15:52:50 +0100 Subject: https://leap.se/code/issues/6477#note-11 Change-Id: I3094be3ef60108f4f2cad5239b0b2f288b39620d --- provider_base/services/monitor.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'provider_base/services') diff --git a/provider_base/services/monitor.json b/provider_base/services/monitor.json index ff3a27a3..10d5ac81 100644 --- a/provider_base/services/monitor.json +++ b/provider_base/services/monitor.json @@ -1,9 +1,9 @@ { "nagios": { "nagiosadmin_pw": "= secret :nagios_admin_password", - "domains_internal": "= global.tags.field('domain.internal_suffix').compact.uniq", + "domains_internal": "= nagios.hosts.values.map{|h|h['domain_internal_suffix']}.uniq", "environments": "= Hash[ nagios.hosts.values.map{|h|h['environment']}.uniq.map{|e| [e||'default',{'contact_emails'=>global.env(e).provider.contacts.default}]} ]", - "hosts": "= (self.environment == 'local' ? nodes_like_me : nodes[:environment => '!local']).pick_fields('environment', 'domain.internal', 'domain.full_suffix', 'ip_address', 'services', 'openvpn.gateway_address', 'ssh.port')" + "hosts": "= (self.environment == 'local' ? nodes_like_me : nodes[:environment => '!local']).pick_fields('environment', 'domain.internal', 'domain.internal_suffix', 'domain.full_suffix', 'ip_address', 'services', 'openvpn.gateway_address', 'ssh.port')" }, "hosts": "= self.environment == 'local' ? hosts_file(nodes_like_me) : hosts_file(nodes[:environment => '!local'])", "ssh": { -- cgit v1.2.3