Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-04-16 | move secret token into the config.yaml | Micah Anderson | |
2013-04-16 | pass version to haproxy so that the leap package will be installed | Micah Anderson | |
this package is a newer version than the one in debian, and as of this writing haproxy is scheduled to be removed from wheezy, also it has hardened flags enabled | |||
2013-04-16 | update haproxy submodule to get version parameter possibility | Micah Anderson | |
2013-04-11 | webapp: use admin creds for now, until we fixed couchdb user permissions | varac | |
2013-04-10 | clean up ca_daemon things, it is not used any longer because it has been ↵ | Micah Anderson | |
included in the web app (#1978) remove site_ca_daemon module and configuration in site.pp as well as the provider_base/services/ca.json | |||
2013-04-09 | make sure the production environment is used for the migrations | Micah Anderson | |
2013-04-09 | add a httpchk line to haproxy to properly test if the couchdb is available | Micah Anderson | |
add the useful http-server-close option set check option on the servers, with a 3 second interval, a one second fastinter (for flapping) and a one second downinter. Set the number of checks for failure to be one (so it will take 3 seconds for a node to fail out) and 2 checks to come back | |||
2013-04-09 | update deprecated haproxy configuration options, set values a little lower | Micah Anderson | |
2013-04-04 | set permissions on the rails production.log, otherwise passenger complains ↵ | Micah Anderson | |
about this in the apache log file | |||
2013-04-04 | fix typo in x509::variables | Micah Anderson | |
2013-04-04 | make sure the couchdb.yml permissions are set properly | Micah Anderson | |
2013-04-04 | fix missing comma | Micah Anderson | |
2013-04-04 | pass $ca_name to stunnel::setup - this eliminates a dynamic scoped variable ↵ | Micah Anderson | |
lookup, and warning | |||
2013-04-04 | update submodule to get fix for syntax error | Micah Anderson | |
2013-04-04 | add Erlang Distributed Node Protocol Port json entry under bigcouch | Micah Anderson | |
setup ednp_server and ednp_client stunnels update couchdb puppet submodule to support configurable ednp_port parameter and general module cleanup pass ednp_port to couchdb setup so that it is configured in the vm.args template clarify in comments the difference between the epmd and ednp ports remove hard-coded erlang_vm_port variable and instead setup shorewall to allow for the stunnel connection only setup dnat rules for the ednp client connections | |||
2013-04-04 | remove the apache_ssl_proxy cleanup | Micah Anderson | |
2013-04-04 | rename bigcouch.port to more accurate bigcouch.epmd_port | Micah Anderson | |
2013-04-04 | rename the bigcouch_replication_[server,client] to be the more accurately, and | Micah Anderson | |
shorter named epmd (erlang port mapper daemon) | |||
2013-04-03 | automatic update to stunnel module | Micah Anderson | |
2013-04-03 | minor fix to puppet_command (--verbose no longer required, added default --tags) | elijah | |
2013-04-03 | added contacts.english for when you need a descriptive contact rather than ↵ | elijah | |
an email address contact. | |||
2013-04-03 | switch stunnel module to our version which has been modified for 2.7 ↵ | Micah Anderson | |
parameterized classes and qualified variables update our stunnel class instantiation to be parameterized | |||
2013-04-02 | Merge branch 'develop' of ssh://leap.se/leap_platform into develop | elijah | |
2013-04-02 | added password salt to services/couchdb.json (requires latest leap_cli) | elijah | |
2013-04-02 | shorewall: re-order dnat rule variables to match configuration file order | Micah Anderson | |
2013-04-02 | replace hard-coded port number with hiera determined one, manipulated to ↵ | Micah Anderson | |
remove the 'ip:' from the beginning in bigcouch replication client stunnels | |||
2013-04-02 | firewall: remove no longer needed epmd port | Micah Anderson | |
2013-04-02 | fix variable curly braces | Micah Anderson | |
2013-04-02 | shorewall: | Micah Anderson | |
create a macro for the bigcouch replication server stunnel to enable these connections pulling bigcouch_replication_clients, bigcouch_replication_server_port from hiera create site_shorewall::couchdb::dnat and create_resources to properly setup DNAT for bigcouch_replication_clients | |||
2013-04-02 | switch to using stunnel_client and stunnel_server leap_cli macros | Micah Anderson | |
add bigcouch_replication_clients to couchdb.json change site_couchdb/manifests/stunnel to use stunnel_client and stunnel_server generated hiera values to setup the stunnels for the couch_server connections, and the bigcouch_replication_server and bigcouch_replication_clients tunnels instead of using hard-coded ips and ports. also change the pid names to be more consistent with what the tunnels are and are named | |||
2013-04-02 | replace long-form variables with shorter ones | Micah Anderson | |
remove unnecessary bigcouch_replication_client_default values (verify, rndfile, debuglevel) | |||
2013-04-02 | refactor couch_client stunnel to use new stunnel_client leap_cli macro | Micah Anderson | |
re-order variables to be more consistant | |||
2013-04-02 | remove unnecessary class inheritance | Micah Anderson | |
2013-04-02 | lint so default options are together | Micah Anderson | |
2013-04-02 | shorewall: add couch_server stunnel port to macro.leap_couchdb, this is ↵ | Micah Anderson | |
necessary for the stunnel to communicate | |||
2013-04-02 | remove duplicate 'include site_stunnel' | Micah Anderson | |
this already exists in class site_stunnel::setup which is instantiated in this class | |||
2013-04-02 | start erlang vm on dedicated port so firewalling is easier | varac | |
2013-04-02 | fix bigcouch stunnel pid name | varac | |
2013-04-02 | provide stunnel connect_port to site_webapp:couchdb | varac | |
2013-04-02 | decrease stunnel debug level | varac | |
2013-04-02 | couchdb hosts include site_shorewall::couchdb::bigcouch | varac | |
2013-04-02 | added site_shorewall::couchdb::bigcouch | varac | |
bigcouch cluster protocol communicate via the fqdn of the neighbor hosts. So we need to bend all requests to <fqdn>:4369 to localhost:400x (which is the entry of an stunnel connection to the other neighbor) | |||
2013-04-02 | added site_shorewall::dnat to configure DNAT rules | varac | |
2013-04-02 | updated shorewall dnat hiera values for bigcouch cluster protocol | varac | |
2013-04-02 | increase stunnel verbosity until everything is running smooth | varac | |
2013-04-02 | add stunnel hiera values to provider_base/services/couchdb.json for bigcouch ↵ | varac | |
cluster protocol | |||
2013-04-02 | addded client side of bigcouch cluster protocol stunnel config | varac | |
2013-04-02 | make site_stunnel::clients connect_port configurable | varac | |
2013-04-02 | added bigcouch.conf as incoming stunnel config for bigcouch clustering | varac | |
2013-04-02 | moving generic stunnel config from site_webapp to site_stunnel now working | varac | |