From ac74640c5f4a65f8f117deeaed8d1cd29a22bc3c Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 14 Nov 2012 23:49:56 -0800 Subject: added provider_base (latest leap_cli required) --- provider_base/README | 9 ++++++++ provider_base/common.json | 25 ++++++++++++++++++++ .../files/service-definitions/provider.json.erb | 20 ++++++++++++++++ provider_base/provider.json | 27 ++++++++++++++++++++++ provider_base/services/ca.json | 6 +++++ provider_base/services/couchdb.json | 22 ++++++++++++++++++ provider_base/services/dns.json | 7 ++++++ provider_base/services/openvpn.json | 14 +++++++++++ provider_base/services/webapp.json | 19 +++++++++++++++ 9 files changed, 149 insertions(+) create mode 100644 provider_base/README create mode 100644 provider_base/common.json create mode 100644 provider_base/files/service-definitions/provider.json.erb create mode 100644 provider_base/provider.json create mode 100644 provider_base/services/ca.json create mode 100644 provider_base/services/couchdb.json create mode 100644 provider_base/services/dns.json create mode 100644 provider_base/services/openvpn.json create mode 100644 provider_base/services/webapp.json (limited to 'provider_base') diff --git a/provider_base/README b/provider_base/README new file mode 100644 index 00000000..bb80df50 --- /dev/null +++ b/provider_base/README @@ -0,0 +1,9 @@ +This directory holds the base provider files that actual providers inherit from. + +For example: + + the file........ myproject/provider/common.json + inherits from... myproject/leap_platform/provider_base/common.json + + + diff --git a/provider_base/common.json b/provider_base/common.json new file mode 100644 index 00000000..f3557800 --- /dev/null +++ b/provider_base/common.json @@ -0,0 +1,25 @@ +{ + "ip_address": "REQUIRED", + "services": [], + "domain": { + "full_suffix": "= global.provider.domain", + "internal_suffix": "= global.provider.internal_domain", + "full": "= node.name + '.' + domain.full_suffix", + "internal": "= node.name + '.' + domain.internal_suffix", + "name": "= node.name + '.' + (dns.public ? domain.full_suffix : domain.internal_suffix)" + }, + "dns": { + "public": "= service_type != 'internal_service'" + }, + "ssh": { + "authorized_keys": "= file :authorized_keys", + "known_hosts": "= file :known_hosts", + "port": 22 + }, + "x509": { + "use": false, + "cert": "= x509.use ? file(:node_x509_cert, :missing => 'x509 certificate for node $node. Run `leap update-cert`') : nil", + "key": "= x509.use ? file(:node_x509_key, :missing => 'x509 key for node $node. Run `leap update-cert`') : nil" + }, + "local": "= self.vagrant?" +} diff --git a/provider_base/files/service-definitions/provider.json.erb b/provider_base/files/service-definitions/provider.json.erb new file mode 100644 index 00000000..76245739 --- /dev/null +++ b/provider_base/files/service-definitions/provider.json.erb @@ -0,0 +1,20 @@ +<%= + hsh = {} + + # grab some fields from provider.json + hsh = global.provider.pick( + :languages, :description, :name, + :enrollment_policy, :default_language, :domain + ) + + # advertise services that are 'user services' + hsh['services'] = global.services[:service_type => :user_service].field(:name) + + hsh['api_version'] = "1" + hsh['api_uri'] = "https://" + api_domain + + hsh['ca_cert_uri'] = 'https://' + global.provider.domain + '/ca.crt' + hsh['ca_cert_fingerprint'] = "" + + generate_json hsh +%> \ No newline at end of file diff --git a/provider_base/provider.json b/provider_base/provider.json new file mode 100644 index 00000000..a144d04e --- /dev/null +++ b/provider_base/provider.json @@ -0,0 +1,27 @@ +{ + "domain": "REQUIRED", + "internal_domain": "= domain.sub(/\\..*$/,'.i')", + "name": { + "en": "REQUIRED" + }, + "description": { + "en": "REQUIRED" + }, + "languages": ["en"], + "default_language": "en", + "enrollment_policy": "open", + "ca": { + "name": "= global.provider.ca.organization + ' Root CA'", + "organization": "= global.provider.name[global.provider.default_language]", + "organizational_unit": "= 'https://' + global.common.domain.full_suffix", + "bit_size": 4096, + "life_span": "10y", + "server_certificates": { + "bit_size": 3248, + "life_span": "1y" + } + }, + "vagrant":{ + "network":"10.5.5.0/24" + } +} \ No newline at end of file diff --git a/provider_base/services/ca.json b/provider_base/services/ca.json new file mode 100644 index 00000000..68f970f7 --- /dev/null +++ b/provider_base/services/ca.json @@ -0,0 +1,6 @@ +{ + "service_type": "internal_service", + "x509": { + "use": true + } +} diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json new file mode 100644 index 00000000..1c8005c2 --- /dev/null +++ b/provider_base/services/couchdb.json @@ -0,0 +1,22 @@ +{ + "service_type": "internal_service", + "x509": { + "use": true + }, + "couch": { + "users": { + "admin": { + "username": "admin", + "password": "= secret :couch_admin_password" + }, + "webapp": { + "username": "webapp", + "password": "= secret :couch_webapp_password" + }, + "ca_daemon": { + "username": "ca_daemon", + "password": "= secret :couch_ca_daemon_password" + } + } + } +} diff --git a/provider_base/services/dns.json b/provider_base/services/dns.json new file mode 100644 index 00000000..677d9b2c --- /dev/null +++ b/provider_base/services/dns.json @@ -0,0 +1,7 @@ +{ + "hosts": { + "public": "= nodes['dns.public' => true].fields('domain.name', 'dns.aliases', 'ip_address')", + "private": "= nodes['dns.public' => false].fields('domain.name', 'dns.aliases', 'ip_address')" + }, + "service_type": "public_service" +} \ No newline at end of file diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json new file mode 100644 index 00000000..4b7d25ec --- /dev/null +++ b/provider_base/services/openvpn.json @@ -0,0 +1,14 @@ +{ + "service_type": "user_service", + "x509": { + "use": true + }, + "openvpn": { + "ports": ["80", "443", "53", "1194"], + "filter_dns": false, + "nat": true, + "ca_crt": "= file :ca_cert", + "ca_key": "= file :ca_key", + "dh": "= file :dh_params" + } +} diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json new file mode 100644 index 00000000..6e5c029c --- /dev/null +++ b/provider_base/services/webapp.json @@ -0,0 +1,19 @@ +{ + "webapp": { + "modules": ["user", "billing", "help"], + "couchdb_hosts": "= nodes[:services => :couchdb].field('domain.name')", + "couchdb_user": "= global.services[:couchdb].couch.users[:webapp]" + }, + "definition_files": { + "provider": "= file('service-definitions/provider.json.erb')", + "eip_service": "file('service-definitions/eip-service.json.erb')" + }, + "service_type": "public_service", + "api_domain": "= 'api.' + domain.full_suffix", + "dns": { + "aliases": "= [domain.full, api_domain]" + }, + "x509": { + "use": true + } +} \ No newline at end of file -- cgit v1.2.3 From 74047765ad815ae72a1e0eb2355e6fbc68d4db57 Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 15 Nov 2012 01:18:10 -0800 Subject: added eip-service.json --- .../files/service-definitions/eip-service.json.erb | 33 ++++++++++++++++++++++ provider_base/services/openvpn.json | 5 +++- provider_base/services/webapp.json | 4 +-- 3 files changed, 39 insertions(+), 3 deletions(-) create mode 100644 provider_base/files/service-definitions/eip-service.json.erb (limited to 'provider_base') diff --git a/provider_base/files/service-definitions/eip-service.json.erb b/provider_base/files/service-definitions/eip-service.json.erb new file mode 100644 index 00000000..095f3530 --- /dev/null +++ b/provider_base/files/service-definitions/eip-service.json.erb @@ -0,0 +1,33 @@ +<%= + def underscore(words) + words = words.to_s.dup + words.downcase! + words.gsub! /[^a-z]/, '_' + words + end + + hsh = {} + hsh["serial"] = 1 + hsh["version"] = 1 + clusters = {} + gateways = [] + global.services['openvpn'].node_list.each_node do |node| + next if node.vagrant? + gateway = {} + gateway["capabilities"] = node.openvpn.pick( + :ports, :protocols, :user_ips, :adblock, :filter_dns) + gateway["capabilities"]["transport"] = ["openvpn"] + gateway["ip_address"] = node.ip_address + gateway["host"] = node.domain.full + gateway["cluster"] = underscore(node.openvpn.location) + gateways << gateway + clusters[gateway["cluster"]] ||= { + "name" => gateway["cluster"], + "label" => {"en" => node.openvpn.location} + } + end + hsh["gateways"] = gateways + hsh["clusters"] = clusters.values + + generate_json hsh +%> \ No newline at end of file diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json index 4b7d25ec..46dcd50e 100644 --- a/provider_base/services/openvpn.json +++ b/provider_base/services/openvpn.json @@ -4,9 +4,12 @@ "use": true }, "openvpn": { + "location": "Location Unknown", "ports": ["80", "443", "53", "1194"], + "protocols": ["tcp", "udp"], "filter_dns": false, - "nat": true, + "adblock": false, + "user_ips": false, "ca_crt": "= file :ca_cert", "ca_key": "= file :ca_key", "dh": "= file :dh_params" diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 6e5c029c..7e12d26e 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -5,8 +5,8 @@ "couchdb_user": "= global.services[:couchdb].couch.users[:webapp]" }, "definition_files": { - "provider": "= file('service-definitions/provider.json.erb')", - "eip_service": "file('service-definitions/eip-service.json.erb')" + "provider": "= file 'service-definitions/provider.json.erb'", + "eip_service": "= file 'service-definitions/eip-service.json.erb'" }, "service_type": "public_service", "api_domain": "= 'api.' + domain.full_suffix", -- cgit v1.2.3 From a70587080576517716986230a6eb5792aa248e9b Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 16 Nov 2012 14:26:49 -0800 Subject: added digest to provider.ca --- provider_base/provider.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/provider.json b/provider_base/provider.json index a144d04e..de5ad446 100644 --- a/provider_base/provider.json +++ b/provider_base/provider.json @@ -15,13 +15,15 @@ "organization": "= global.provider.name[global.provider.default_language]", "organizational_unit": "= 'https://' + global.common.domain.full_suffix", "bit_size": 4096, + "digest": "SHA256", "life_span": "10y", "server_certificates": { "bit_size": 3248, + "digest": "SHA256", "life_span": "1y" } }, "vagrant":{ "network":"10.5.5.0/24" } -} \ No newline at end of file +} -- cgit v1.2.3 From 0c65e5c1169fa33d08c3ffa02d5cf3060a009892 Mon Sep 17 00:00:00 2001 From: elijah Date: Sat, 17 Nov 2012 01:24:00 -0800 Subject: added commercial_cert to webapp --- provider_base/services/webapp.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 7e12d26e..ca9edf33 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -14,6 +14,8 @@ "aliases": "= [domain.full, api_domain]" }, "x509": { - "use": true + "use": true, + "commercial_cert": "= file [:commercial_cert, global.provider.domain]", + "commercial_key": "= file [:commercial_key, global.provider.domain]" } } \ No newline at end of file -- cgit v1.2.3 From 25bbdd69cd2f2c19e3a183b38388b88db1b412a9 Mon Sep 17 00:00:00 2001 From: elijah Date: Sat, 17 Nov 2012 01:24:19 -0800 Subject: added better warnings to openvpn service when files are missing --- provider_base/services/openvpn.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'provider_base') diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json index 46dcd50e..71d1d2c7 100644 --- a/provider_base/services/openvpn.json +++ b/provider_base/services/openvpn.json @@ -10,8 +10,8 @@ "filter_dns": false, "adblock": false, "user_ips": false, - "ca_crt": "= file :ca_cert", - "ca_key": "= file :ca_key", - "dh": "= file :dh_params" + "ca_crt": "= file :ca_cert, :missing => 'Certificate Authority. Run `leap init-ca`'", + "ca_key": "= file :ca_key, :missing => 'Certificate Authority. Run `leap init-ca`'", + "dh": "= file :dh_params, :missing => 'Diffie-Hellman parameters. Run `leap init-dh`'" } } -- cgit v1.2.3 From cee55f72a33ca735745045ea304a9b6a78c79e96 Mon Sep 17 00:00:00 2001 From: elijah Date: Sat, 17 Nov 2012 01:24:36 -0800 Subject: added missing fingerprint of ca cert to provider definition --- provider_base/files/service-definitions/provider.json.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/files/service-definitions/provider.json.erb b/provider_base/files/service-definitions/provider.json.erb index 76245739..c19e5538 100644 --- a/provider_base/files/service-definitions/provider.json.erb +++ b/provider_base/files/service-definitions/provider.json.erb @@ -14,7 +14,7 @@ hsh['api_uri'] = "https://" + api_domain hsh['ca_cert_uri'] = 'https://' + global.provider.domain + '/ca.crt' - hsh['ca_cert_fingerprint'] = "" + hsh['ca_cert_fingerprint'] = fingerprint(:ca_cert) generate_json hsh %> \ No newline at end of file -- cgit v1.2.3 From 930eac488f8175fe17e9cb73ed3dff6763895562 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 20 Nov 2012 15:04:46 -0500 Subject: add ca_cert key because we will need to place the cert into the webroot on the webapp --- provider_base/common.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/common.json b/provider_base/common.json index f3557800..4e85c9b0 100644 --- a/provider_base/common.json +++ b/provider_base/common.json @@ -19,7 +19,8 @@ "x509": { "use": false, "cert": "= x509.use ? file(:node_x509_cert, :missing => 'x509 certificate for node $node. Run `leap update-cert`') : nil", - "key": "= x509.use ? file(:node_x509_key, :missing => 'x509 key for node $node. Run `leap update-cert`') : nil" + "key": "= x509.use ? file(:node_x509_key, :missing => 'x509 key for node $node. Run `leap update-cert`') : nil", + "ca_cert": "= file :ca_cert" }, "local": "= self.vagrant?" } -- cgit v1.2.3 From 9491f15a64c13f2424b781d32d5734db3bb4a22f Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 21 Nov 2012 13:47:41 -0800 Subject: added x509.commercial_ca_cert. x509.ca_cert is now optional, except for webapp. --- provider_base/common.json | 2 +- provider_base/services/webapp.json | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'provider_base') diff --git a/provider_base/common.json b/provider_base/common.json index 4e85c9b0..0eeef6e5 100644 --- a/provider_base/common.json +++ b/provider_base/common.json @@ -20,7 +20,7 @@ "use": false, "cert": "= x509.use ? file(:node_x509_cert, :missing => 'x509 certificate for node $node. Run `leap update-cert`') : nil", "key": "= x509.use ? file(:node_x509_key, :missing => 'x509 key for node $node. Run `leap update-cert`') : nil", - "ca_cert": "= file :ca_cert" + "ca_cert": "= try_file :ca_cert" }, "local": "= self.vagrant?" } diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index ca9edf33..bdef5761 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -15,7 +15,9 @@ }, "x509": { "use": true, + "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap init-ca`'", "commercial_cert": "= file [:commercial_cert, global.provider.domain]", - "commercial_key": "= file [:commercial_key, global.provider.domain]" + "commercial_key": "= file [:commercial_key, global.provider.domain]", + "commercial_ca_cert": "= try_file :commercial_ca_cert" } } \ No newline at end of file -- cgit v1.2.3 From f3704fc0ac81ca6ccb7e7d19ae931d9c391f3975 Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 22 Nov 2012 11:43:23 -0800 Subject: clean up openvpn and x509 paths --- provider_base/services/openvpn.json | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'provider_base') diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json index 71d1d2c7..15deab70 100644 --- a/provider_base/services/openvpn.json +++ b/provider_base/services/openvpn.json @@ -1,7 +1,9 @@ { "service_type": "user_service", "x509": { - "use": true + "use": true, + "ca_cert": "= file :ca_cert, :missing => 'Certificate Authority. Run `leap init-ca`'", + "dh": "= file :dh_params, :missing => 'Diffie-Hellman parameters. Run `leap init-dh`'" }, "openvpn": { "location": "Location Unknown", @@ -9,9 +11,6 @@ "protocols": ["tcp", "udp"], "filter_dns": false, "adblock": false, - "user_ips": false, - "ca_crt": "= file :ca_cert, :missing => 'Certificate Authority. Run `leap init-ca`'", - "ca_key": "= file :ca_key, :missing => 'Certificate Authority. Run `leap init-ca`'", - "dh": "= file :dh_params, :missing => 'Diffie-Hellman parameters. Run `leap init-dh`'" + "user_ips": false } } -- cgit v1.2.3 From 3c253f7015540dde8e2402ba084cc48a70403d33 Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 23 Nov 2012 01:53:34 -0800 Subject: fix bugs in eip-service.json template --- provider_base/files/service-definitions/eip-service.json.erb | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'provider_base') diff --git a/provider_base/files/service-definitions/eip-service.json.erb b/provider_base/files/service-definitions/eip-service.json.erb index 095f3530..8dc7211d 100644 --- a/provider_base/files/service-definitions/eip-service.json.erb +++ b/provider_base/files/service-definitions/eip-service.json.erb @@ -17,7 +17,7 @@ gateway["capabilities"] = node.openvpn.pick( :ports, :protocols, :user_ips, :adblock, :filter_dns) gateway["capabilities"]["transport"] = ["openvpn"] - gateway["ip_address"] = node.ip_address + gateway["ip_address"] = node.openvpn.gateway_address gateway["host"] = node.domain.full gateway["cluster"] = underscore(node.openvpn.location) gateways << gateway @@ -28,6 +28,10 @@ end hsh["gateways"] = gateways hsh["clusters"] = clusters.values - + hsh["openvpn_configuration"] = { + "tls-cipher" => "DHE-RSA-AES128-SHA", + "auth" => "SHA1", + "cipher" => "AES-128-CBC" + } generate_json hsh %> \ No newline at end of file -- cgit v1.2.3 From 6dd91a6084521a99789e08f877b359600884ff0d Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 23 Nov 2012 01:54:07 -0800 Subject: added a template that is used to generate a client config file for openvpn (to be used for testing). --- provider_base/test/openvpn/client.ovpn.erb | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 provider_base/test/openvpn/client.ovpn.erb (limited to 'provider_base') diff --git a/provider_base/test/openvpn/client.ovpn.erb b/provider_base/test/openvpn/client.ovpn.erb new file mode 100644 index 00000000..96cb7177 --- /dev/null +++ b/provider_base/test/openvpn/client.ovpn.erb @@ -0,0 +1,28 @@ +client +dev tun +remote-cert-tls server +remote-random +nobind +script-security 2 +verb 3 +auth SHA1 +cipher AES-128-CBC +tls-cipher DHE-RSA-AES128-SHA + +<% manager.services['openvpn'].node_list.each_node do |node| -%> +<% unless node.local -%> +<%= "remote #{node.openvpn.gateway_address} 1194 udp"%> +<% end -%> +<% end -%> + + +<%= read_file! :ca_cert -%> + + + +<%= read_file! :test_client_cert -%> + + + +<%= read_file! :test_client_key -%> + -- cgit v1.2.3 From 3e53ba65fbf1eb48dbe01526342e601a1c10c824 Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 23 Nov 2012 01:54:40 -0800 Subject: get rid of paths in webapp.json, use symbolic filenames instead. --- provider_base/services/webapp.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'provider_base') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index bdef5761..321c26ea 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -5,8 +5,8 @@ "couchdb_user": "= global.services[:couchdb].couch.users[:webapp]" }, "definition_files": { - "provider": "= file 'service-definitions/provider.json.erb'", - "eip_service": "= file 'service-definitions/eip-service.json.erb'" + "provider": "= file :provider_json_template", + "eip_service": "= file :eip_service_json_template" }, "service_type": "public_service", "api_domain": "= 'api.' + domain.full_suffix", -- cgit v1.2.3 From be2300a01a7744986d6ea76b44c663df619aae03 Mon Sep 17 00:00:00 2001 From: elijah Date: Sat, 24 Nov 2012 21:35:40 -0800 Subject: new leap_cli sets local tag automatically. --- provider_base/common.json | 4 ++-- provider_base/tags/local.json | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 provider_base/tags/local.json (limited to 'provider_base') diff --git a/provider_base/common.json b/provider_base/common.json index 0eeef6e5..12b9dab6 100644 --- a/provider_base/common.json +++ b/provider_base/common.json @@ -1,6 +1,7 @@ { "ip_address": "REQUIRED", "services": [], + "tags": [], "domain": { "full_suffix": "= global.provider.domain", "internal_suffix": "= global.provider.internal_domain", @@ -21,6 +22,5 @@ "cert": "= x509.use ? file(:node_x509_cert, :missing => 'x509 certificate for node $node. Run `leap update-cert`') : nil", "key": "= x509.use ? file(:node_x509_key, :missing => 'x509 key for node $node. Run `leap update-cert`') : nil", "ca_cert": "= try_file :ca_cert" - }, - "local": "= self.vagrant?" + } } diff --git a/provider_base/tags/local.json b/provider_base/tags/local.json new file mode 100644 index 00000000..9cb16602 --- /dev/null +++ b/provider_base/tags/local.json @@ -0,0 +1,3 @@ +{ + "local": true +} \ No newline at end of file -- cgit v1.2.3 From 05d3c0903f48e9c0d69145c9e027b70a392c9602 Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 27 Nov 2012 12:27:35 -0800 Subject: fix webapp: only list couchdb hosts that match node's 'local' value. --- provider_base/common.json | 3 ++- provider_base/services/webapp.json | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'provider_base') diff --git a/provider_base/common.json b/provider_base/common.json index 12b9dab6..6d4291c6 100644 --- a/provider_base/common.json +++ b/provider_base/common.json @@ -22,5 +22,6 @@ "cert": "= x509.use ? file(:node_x509_cert, :missing => 'x509 certificate for node $node. Run `leap update-cert`') : nil", "key": "= x509.use ? file(:node_x509_key, :missing => 'x509 key for node $node. Run `leap update-cert`') : nil", "ca_cert": "= try_file :ca_cert" - } + }, + "local": false } diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 321c26ea..afb51ee1 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -1,7 +1,7 @@ { "webapp": { "modules": ["user", "billing", "help"], - "couchdb_hosts": "= nodes[:services => :couchdb].field('domain.name')", + "couchdb_hosts": "= nodes[:services => :couchdb][:local => local].field('domain.name')", "couchdb_user": "= global.services[:couchdb].couch.users[:webapp]" }, "definition_files": { -- cgit v1.2.3 From bef21f7f132438777b2ab92525559ba8ed869fb9 Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 28 Nov 2012 14:09:23 -0800 Subject: updated service templates to reflect new command names --- provider_base/services/openvpn.json | 4 ++-- provider_base/services/webapp.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'provider_base') diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json index 15deab70..0008a2d2 100644 --- a/provider_base/services/openvpn.json +++ b/provider_base/services/openvpn.json @@ -2,8 +2,8 @@ "service_type": "user_service", "x509": { "use": true, - "ca_cert": "= file :ca_cert, :missing => 'Certificate Authority. Run `leap init-ca`'", - "dh": "= file :dh_params, :missing => 'Diffie-Hellman parameters. Run `leap init-dh`'" + "ca_cert": "= file :ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'", + "dh": "= file :dh_params, :missing => 'Diffie-Hellman parameters. Run `leap cert dh`'" }, "openvpn": { "location": "Location Unknown", diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index afb51ee1..b04ed684 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -15,7 +15,7 @@ }, "x509": { "use": true, - "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap init-ca`'", + "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'", "commercial_cert": "= file [:commercial_cert, global.provider.domain]", "commercial_key": "= file [:commercial_key, global.provider.domain]", "commercial_ca_cert": "= try_file :commercial_ca_cert" -- cgit v1.2.3 From 450c3ba29c0e8d3a3c8cf1946aa71160b3c48897 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 7 Dec 2012 14:17:52 +0100 Subject: added couchdb hiera variables to services/ca.json --- provider_base/services/ca.json | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'provider_base') diff --git a/provider_base/services/ca.json b/provider_base/services/ca.json index 68f970f7..f3758ab6 100644 --- a/provider_base/services/ca.json +++ b/provider_base/services/ca.json @@ -1,4 +1,8 @@ { + "ca": { + "couchdb_hosts": "= nodes[:services => :couchdb][:local => local].field('domain.name')", + "couchdb_user": "= global.services[:couchdb].couch.users[:ca_daemon]" + }, "service_type": "internal_service", "x509": { "use": true -- cgit v1.2.3 From 51f37d8132a44e25350db66b7156892980d3e4fa Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 7 Dec 2012 14:48:55 +0100 Subject: ca -> ca_daemon in site.pp and services/ca.json --- provider_base/services/ca.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/services/ca.json b/provider_base/services/ca.json index f3758ab6..800c995d 100644 --- a/provider_base/services/ca.json +++ b/provider_base/services/ca.json @@ -1,5 +1,5 @@ { - "ca": { + "ca_daemon": { "couchdb_hosts": "= nodes[:services => :couchdb][:local => local].field('domain.name')", "couchdb_user": "= global.services[:couchdb].couch.users[:ca_daemon]" }, -- cgit v1.2.3 From 6af460dd3b2e686734df876eff9b621f2162da69 Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 7 Dec 2012 15:52:50 -0800 Subject: added hostname tracking and late evaluation. new key "hosts" added, for building /etc/hosts. also, now ssh.known_hosts only includes what is necessary. --- provider_base/common.json | 3 ++- provider_base/services/ca.json | 2 +- provider_base/services/webapp.json | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) (limited to 'provider_base') diff --git a/provider_base/common.json b/provider_base/common.json index 6d4291c6..42444b1f 100644 --- a/provider_base/common.json +++ b/provider_base/common.json @@ -14,9 +14,10 @@ }, "ssh": { "authorized_keys": "= file :authorized_keys", - "known_hosts": "= file :known_hosts", + "known_hosts": "=> known_hosts_file", "port": 22 }, + "hosts": "=> hosts_file", "x509": { "use": false, "cert": "= x509.use ? file(:node_x509_cert, :missing => 'x509 certificate for node $node. Run `leap update-cert`') : nil", diff --git a/provider_base/services/ca.json b/provider_base/services/ca.json index 800c995d..a4ded72b 100644 --- a/provider_base/services/ca.json +++ b/provider_base/services/ca.json @@ -1,6 +1,6 @@ { "ca_daemon": { - "couchdb_hosts": "= nodes[:services => :couchdb][:local => local].field('domain.name')", + "couchdb_hosts": "= hostnames nodes[:services => :couchdb][:local => local]", "couchdb_user": "= global.services[:couchdb].couch.users[:ca_daemon]" }, "service_type": "internal_service", diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index b04ed684..3eb0ba62 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -1,7 +1,7 @@ { "webapp": { "modules": ["user", "billing", "help"], - "couchdb_hosts": "= nodes[:services => :couchdb][:local => local].field('domain.name')", + "couchdb_hosts": "= hostnames nodes[:services => :couchdb][:local => local]", "couchdb_user": "= global.services[:couchdb].couch.users[:webapp]" }, "definition_files": { -- cgit v1.2.3 From 9c671a9b1e4d13545c511eefd1eac274c16f80de Mon Sep 17 00:00:00 2001 From: elijah Date: Sat, 8 Dec 2012 20:03:00 -0800 Subject: minor - fix hint. --- provider_base/common.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'provider_base') diff --git a/provider_base/common.json b/provider_base/common.json index 42444b1f..b5d37f8e 100644 --- a/provider_base/common.json +++ b/provider_base/common.json @@ -1,5 +1,5 @@ { - "ip_address": "REQUIRED", + "ip_address": null, "services": [], "tags": [], "domain": { @@ -20,8 +20,8 @@ "hosts": "=> hosts_file", "x509": { "use": false, - "cert": "= x509.use ? file(:node_x509_cert, :missing => 'x509 certificate for node $node. Run `leap update-cert`') : nil", - "key": "= x509.use ? file(:node_x509_key, :missing => 'x509 key for node $node. Run `leap update-cert`') : nil", + "cert": "= x509.use ? file(:node_x509_cert, :missing => 'x509 certificate for node $node. Run `leap cert update`') : nil", + "key": "= x509.use ? file(:node_x509_key, :missing => 'x509 key for node $node. Run `leap cert update`') : nil", "ca_cert": "= try_file :ca_cert" }, "local": false -- cgit v1.2.3 From cded90f839871cf6258d7dc28d3ce81cf7f9cf6c Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 18 Dec 2012 10:26:57 -0800 Subject: ca daemon -- ca daemon needs the x509 cert/key for the CA, not for the server. --- provider_base/services/ca.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/services/ca.json b/provider_base/services/ca.json index a4ded72b..3fb8bf6c 100644 --- a/provider_base/services/ca.json +++ b/provider_base/services/ca.json @@ -5,6 +5,7 @@ }, "service_type": "internal_service", "x509": { - "use": true + "use": true, + "ca_key": "= file(:ca_key, :missing => 'CA key. Run `leap cert ca` to create the Certificate Authority.')" } } -- cgit v1.2.3 From c3c23bbc27dee3fdcdf9aec6addcc816ad7b52ba Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 19 Dec 2012 12:12:16 -0800 Subject: webapp api now uses a customizable port (so that we don't try to rely on SNI for hosting two TLS domains on one IP). --- provider_base/files/service-definitions/provider.json.erb | 2 +- provider_base/services/webapp.json | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'provider_base') diff --git a/provider_base/files/service-definitions/provider.json.erb b/provider_base/files/service-definitions/provider.json.erb index c19e5538..f26f25a2 100644 --- a/provider_base/files/service-definitions/provider.json.erb +++ b/provider_base/files/service-definitions/provider.json.erb @@ -11,7 +11,7 @@ hsh['services'] = global.services[:service_type => :user_service].field(:name) hsh['api_version'] = "1" - hsh['api_uri'] = "https://" + api_domain + hsh['api_uri'] = "https://" + api.domain + ':' + api.port hsh['ca_cert_uri'] = 'https://' + global.provider.domain + '/ca.crt' hsh['ca_cert_fingerprint'] = fingerprint(:ca_cert) diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 3eb0ba62..e40ed0ca 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -9,9 +9,12 @@ "eip_service": "= file :eip_service_json_template" }, "service_type": "public_service", - "api_domain": "= 'api.' + domain.full_suffix", + "api": { + "domain": "= 'api.' + domain.full_suffix", + "port": "4430" + }, "dns": { - "aliases": "= [domain.full, api_domain]" + "aliases": "= [domain.full, api.domain]" }, "x509": { "use": true, -- cgit v1.2.3 From ec6c48ab589d4174dc192a01c4b99833227c5942 Mon Sep 17 00:00:00 2001 From: elijah Date: Sun, 13 Jan 2013 20:30:24 -0800 Subject: added ability to customize the webapp appearance --- provider_base/files/branding/head.scss | 1 + provider_base/files/branding/tail.scss | 1 + provider_base/provider.json | 3 ++- provider_base/services/webapp.json | 6 +++++- 4 files changed, 9 insertions(+), 2 deletions(-) create mode 100644 provider_base/files/branding/head.scss create mode 100644 provider_base/files/branding/tail.scss (limited to 'provider_base') diff --git a/provider_base/files/branding/head.scss b/provider_base/files/branding/head.scss new file mode 100644 index 00000000..c100a004 --- /dev/null +++ b/provider_base/files/branding/head.scss @@ -0,0 +1 @@ +// no head.scss set diff --git a/provider_base/files/branding/tail.scss b/provider_base/files/branding/tail.scss new file mode 100644 index 00000000..919aeec6 --- /dev/null +++ b/provider_base/files/branding/tail.scss @@ -0,0 +1 @@ +// no tail.scss set diff --git a/provider_base/provider.json b/provider_base/provider.json index de5ad446..b659d47b 100644 --- a/provider_base/provider.json +++ b/provider_base/provider.json @@ -25,5 +25,6 @@ }, "vagrant":{ "network":"10.5.5.0/24" - } + }, + "hiera_sync_destination": "/etc/leap" } diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index e40ed0ca..311f1284 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -2,7 +2,11 @@ "webapp": { "modules": ["user", "billing", "help"], "couchdb_hosts": "= hostnames nodes[:services => :couchdb][:local => local]", - "couchdb_user": "= global.services[:couchdb].couch.users[:webapp]" + "couchdb_user": "= global.services[:couchdb].couch.users[:webapp]", + "favicon": "= file_path 'branding/favicon.ico'", + "tail_scss": "= file_path 'branding/tail.scss'", + "head_scss": "= file_path 'branding/head.scss'", + "img_dir": "= file_path 'branding/img'" }, "definition_files": { "provider": "= file :provider_json_template", -- cgit v1.2.3 From 306a0e6c21d0e27035ba48530392eede59537516 Mon Sep 17 00:00:00 2001 From: elijah Date: Mon, 21 Jan 2013 22:41:51 -0800 Subject: client ca -- configure the webapp with the client ca --- provider_base/services/openvpn.json | 2 +- provider_base/services/webapp.json | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json index 0008a2d2..7b67ccb3 100644 --- a/provider_base/services/openvpn.json +++ b/provider_base/services/openvpn.json @@ -2,7 +2,7 @@ "service_type": "user_service", "x509": { "use": true, - "ca_cert": "= file :ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'", + "client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'", "dh": "= file :dh_params, :missing => 'Diffie-Hellman parameters. Run `leap cert dh`'" }, "openvpn": { diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 311f1284..c9e4c532 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -23,6 +23,8 @@ "x509": { "use": true, "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'", + "client_ca_cert": "= file_path :client_ca_cert", + "client_ca_key": "= file_path :client_ca_key", "commercial_cert": "= file [:commercial_cert, global.provider.domain]", "commercial_key": "= file [:commercial_key, global.provider.domain]", "commercial_ca_cert": "= try_file :commercial_ca_cert" -- cgit v1.2.3 From ca6347905e4293883b196f6e2120754fb823ae49 Mon Sep 17 00:00:00 2001 From: varac Date: Sat, 26 Jan 2013 20:38:22 +0100 Subject: service_type: internal_service as default --- provider_base/common.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/common.json b/provider_base/common.json index b5d37f8e..74eb494c 100644 --- a/provider_base/common.json +++ b/provider_base/common.json @@ -24,5 +24,6 @@ "key": "= x509.use ? file(:node_x509_key, :missing => 'x509 key for node $node. Run `leap cert update`') : nil", "ca_cert": "= try_file :ca_cert" }, - "local": false + "local": false, + "service_type": "internal_service" } -- cgit v1.2.3 From 078bc9674c247cc2c3ad715eec57903138e481e1 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 27 Jan 2013 11:15:36 +0100 Subject: added 'development' hiera hash to exclude certain class for better testing --- provider_base/common.json | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/common.json b/provider_base/common.json index 74eb494c..8ffe8cd4 100644 --- a/provider_base/common.json +++ b/provider_base/common.json @@ -25,5 +25,8 @@ "ca_cert": "= try_file :ca_cert" }, "local": false, - "service_type": "internal_service" + "service_type": "internal_service", + "development": { + "site_config": true + } } -- cgit v1.2.3 From a5708f899f8330e79ebf9c1d69377b89f1919b1b Mon Sep 17 00:00:00 2001 From: elijah Date: Mon, 28 Jan 2013 03:04:21 -0800 Subject: added 'monitor' service to provider_base --- provider_base/services/monitor.json | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 provider_base/services/monitor.json (limited to 'provider_base') diff --git a/provider_base/services/monitor.json b/provider_base/services/monitor.json new file mode 100644 index 00000000..0a44ded1 --- /dev/null +++ b/provider_base/services/monitor.json @@ -0,0 +1,6 @@ +{ + "nagios": { + "nagiosadmin_pw": "= secret :nagios_admin_password", + "hosts": "= nodes['production' => true].fields('domain.full', 'ip_address', 'services')" + } +} \ No newline at end of file -- cgit v1.2.3 From 349c58f668e419595ff3aff902948e7901e88d55 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 28 Jan 2013 21:45:09 +0100 Subject: update services/monitoring.json to include openvpn_gateway_address --- provider_base/services/monitor.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'provider_base') diff --git a/provider_base/services/monitor.json b/provider_base/services/monitor.json index 0a44ded1..09972308 100644 --- a/provider_base/services/monitor.json +++ b/provider_base/services/monitor.json @@ -1,6 +1,6 @@ { "nagios": { "nagiosadmin_pw": "= secret :nagios_admin_password", - "hosts": "= nodes['production' => true].fields('domain.full', 'ip_address', 'services')" + "hosts": "= nodes['production' => true].fields('domain.internal', 'ip_address', 'services', 'openvpn.gateway_address')" } -} \ No newline at end of file +} -- cgit v1.2.3 From 3c3ed940466eabf9cb56a47614133b5bc90d4ad7 Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 31 Jan 2013 04:31:54 -0800 Subject: added /etc/openvpn/ca_bundle.pem in order to allow multiple CA certs to be used. --- provider_base/test/openvpn/client.ovpn.erb | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'provider_base') diff --git a/provider_base/test/openvpn/client.ovpn.erb b/provider_base/test/openvpn/client.ovpn.erb index 96cb7177..a0bdd307 100644 --- a/provider_base/test/openvpn/client.ovpn.erb +++ b/provider_base/test/openvpn/client.ovpn.erb @@ -9,10 +9,8 @@ auth SHA1 cipher AES-128-CBC tls-cipher DHE-RSA-AES128-SHA -<% manager.services['openvpn'].node_list.each_node do |node| -%> -<% unless node.local -%> -<%= "remote #{node.openvpn.gateway_address} 1194 udp"%> -<% end -%> +<% vpn_nodes.each_node do |node| -%> +<%= "remote #{node.openvpn.gateway_address} 1194 udp"%> <% end -%> -- cgit v1.2.3 From 370476dc632aa8ec87fb4c9c0fa36b030186ebd8 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 6 Feb 2013 23:57:38 +0100 Subject: tor service defaults --- provider_base/services/tor.json | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 provider_base/services/tor.json (limited to 'provider_base') diff --git a/provider_base/services/tor.json b/provider_base/services/tor.json new file mode 100644 index 00000000..10806084 --- /dev/null +++ b/provider_base/services/tor.json @@ -0,0 +1,5 @@ +{ + "tor" : { + "bandwidth_rate" : 6550 + } +} -- cgit v1.2.3 From 49fc7e085f635c906b32adfc41a207939be2cf39 Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 8 Feb 2013 19:40:56 -0800 Subject: make monitor service include the nodes that are of a similar type (e.g. production or local). --- provider_base/common.json | 3 ++- provider_base/services/monitor.json | 2 +- provider_base/tags/production.json | 3 +++ 3 files changed, 6 insertions(+), 2 deletions(-) create mode 100644 provider_base/tags/production.json (limited to 'provider_base') diff --git a/provider_base/common.json b/provider_base/common.json index 8ffe8cd4..8e4dc6e7 100644 --- a/provider_base/common.json +++ b/provider_base/common.json @@ -25,8 +25,9 @@ "ca_cert": "= try_file :ca_cert" }, "local": false, + "production": false, "service_type": "internal_service", "development": { - "site_config": true + "site_config": true } } diff --git a/provider_base/services/monitor.json b/provider_base/services/monitor.json index 09972308..f5e4d922 100644 --- a/provider_base/services/monitor.json +++ b/provider_base/services/monitor.json @@ -1,6 +1,6 @@ { "nagios": { "nagiosadmin_pw": "= secret :nagios_admin_password", - "hosts": "= nodes['production' => true].fields('domain.internal', 'ip_address', 'services', 'openvpn.gateway_address')" + "hosts": "= nodes_like_me.fields('domain.internal', 'ip_address', 'services', 'openvpn.gateway_address')" } } diff --git a/provider_base/tags/production.json b/provider_base/tags/production.json new file mode 100644 index 00000000..b35c0650 --- /dev/null +++ b/provider_base/tags/production.json @@ -0,0 +1,3 @@ +{ + "production": true +} \ No newline at end of file -- cgit v1.2.3 From 57adb7f3d527ecd4d3a41b6a1935b93c8266a688 Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 8 Feb 2013 21:50:59 -0800 Subject: minor changes to default json: give common a name, add contacts.default --- provider_base/common.json | 5 +++-- provider_base/provider.json | 5 ++++- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'provider_base') diff --git a/provider_base/common.json b/provider_base/common.json index 8e4dc6e7..e674edb6 100644 --- a/provider_base/common.json +++ b/provider_base/common.json @@ -4,7 +4,7 @@ "tags": [], "domain": { "full_suffix": "= global.provider.domain", - "internal_suffix": "= global.provider.internal_domain", + "internal_suffix": "= global.provider.domain_internal", "full": "= node.name + '.' + domain.full_suffix", "internal": "= node.name + '.' + domain.internal_suffix", "name": "= node.name + '.' + (dns.public ? domain.full_suffix : domain.internal_suffix)" @@ -29,5 +29,6 @@ "service_type": "internal_service", "development": { "site_config": true - } + }, + "name": "common" } diff --git a/provider_base/provider.json b/provider_base/provider.json index b659d47b..0eae1f87 100644 --- a/provider_base/provider.json +++ b/provider_base/provider.json @@ -1,12 +1,15 @@ { "domain": "REQUIRED", - "internal_domain": "= domain.sub(/\\..*$/,'.i')", + "domain_internal": "= domain.sub(/\\..*$/,'.i')", "name": { "en": "REQUIRED" }, "description": { "en": "REQUIRED" }, + "contacts": { + "default": "REQUIRED" + }, "languages": ["en"], "default_language": "en", "enrollment_policy": "open", -- cgit v1.2.3 From 6e3d87d88578447aa4358aabdf270df2082b422d Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 8 Feb 2013 23:11:15 -0800 Subject: changed contact_email to tor.contacts --- provider_base/services/tor.json | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'provider_base') diff --git a/provider_base/services/tor.json b/provider_base/services/tor.json index 10806084..9173b8d4 100644 --- a/provider_base/services/tor.json +++ b/provider_base/services/tor.json @@ -1,5 +1,6 @@ { - "tor" : { - "bandwidth_rate" : 6550 - } + "tor": { + "bandwidth_rate": 6550, + "contacts": "= global.provider.contacts['tor'] || global.provider.contacts.default" + } } -- cgit v1.2.3 From 3cdd7f5f02c237da0f8a3f3eb898982883fd9b97 Mon Sep 17 00:00:00 2001 From: elijah Date: Sun, 10 Feb 2013 12:28:26 -0800 Subject: vagrant configuration move to Leapfile --- provider_base/provider.json | 3 --- 1 file changed, 3 deletions(-) (limited to 'provider_base') diff --git a/provider_base/provider.json b/provider_base/provider.json index 0eae1f87..8ce848f3 100644 --- a/provider_base/provider.json +++ b/provider_base/provider.json @@ -26,8 +26,5 @@ "life_span": "1y" } }, - "vagrant":{ - "network":"10.5.5.0/24" - }, "hiera_sync_destination": "/etc/leap" } -- cgit v1.2.3 From ba2b83b19f951322e85f64bf010764a49ee9f2f4 Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 12 Feb 2013 10:54:04 -0800 Subject: temporarily make the webapp use the admin couchdb user. waiting on https://leap.se/code/issues/1163 --- provider_base/services/webapp.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index c9e4c532..e3055c6f 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -2,7 +2,9 @@ "webapp": { "modules": ["user", "billing", "help"], "couchdb_hosts": "= hostnames nodes[:services => :couchdb][:local => local]", - "couchdb_user": "= global.services[:couchdb].couch.users[:webapp]", + # NOTE: this is bad, but pending a fix to https://leap.se/code/issues/1163 + # before we can use user "webapp" + "couchdb_user": "= global.services[:couchdb].couch.users[:admin]", "favicon": "= file_path 'branding/favicon.ico'", "tail_scss": "= file_path 'branding/tail.scss'", "head_scss": "= file_path 'branding/head.scss'", -- cgit v1.2.3