summaryrefslogtreecommitdiff
path: root/provider_base/services
AgeCommit message (Collapse)Author
2013-04-30added soledad-service.jsonelijah
2013-04-24provider base - service definitions are now versioned (requires new leap_cli)elijah
2013-04-24updated needed couchdb users and DBsvarac
2013-04-23remove no longer used json key couchdb_hostsMicah Anderson
2013-04-23move generic couchdb host configuration from bitmask into the provider base ↵Micah Anderson
(#2016)
2013-04-10clean up ca_daemon things, it is not used any longer because it has been ↵Micah Anderson
included in the web app (#1978) remove site_ca_daemon module and configuration in site.pp as well as the provider_base/services/ca.json
2013-04-04add Erlang Distributed Node Protocol Port json entry under bigcouchMicah Anderson
setup ednp_server and ednp_client stunnels update couchdb puppet submodule to support configurable ednp_port parameter and general module cleanup pass ednp_port to couchdb setup so that it is configured in the vm.args template clarify in comments the difference between the epmd and ednp ports remove hard-coded erlang_vm_port variable and instead setup shorewall to allow for the stunnel connection only setup dnat rules for the ednp client connections
2013-04-04rename bigcouch.port to more accurate bigcouch.epmd_portMicah Anderson
2013-04-04rename the bigcouch_replication_[server,client] to be the more accurately, andMicah Anderson
shorter named epmd (erlang port mapper daemon)
2013-04-02Merge branch 'develop' of ssh://leap.se/leap_platform into developelijah
2013-04-02added password salt to services/couchdb.json (requires latest leap_cli)elijah
2013-04-02switch to using stunnel_client and stunnel_server leap_cli macrosMicah Anderson
add bigcouch_replication_clients to couchdb.json change site_couchdb/manifests/stunnel to use stunnel_client and stunnel_server generated hiera values to setup the stunnels for the couch_server connections, and the bigcouch_replication_server and bigcouch_replication_clients tunnels instead of using hard-coded ips and ports. also change the pid names to be more consistent with what the tunnels are and are named
2013-04-02updated shorewall dnat hiera values for bigcouch cluster protocolvarac
2013-04-02add stunnel hiera values to provider_base/services/couchdb.json for bigcouch ↵varac
cluster protocol
2013-04-02added stunnel config for bigcouch communicationvarac
2013-03-28added stunnel_serverelijah
2013-03-19add webapp secret token that pulls from hiera a 'secret'Micah Anderson
2013-03-19create a separate couchdb.yml.admin that contains the couchdb admin ↵Micah Anderson
privileges, putting the unprivileged ones in as user webapp in couchdb.yml. This allows us to migrate the couchdb design docs on deployment, but use an unprivileged user the remainder of the time
2013-03-17added support for "limited" service levels (although vpn is not yet actually ↵elijah
rate limited).
2013-03-16the development tag now specifies an alternative provider domain. this ↵elijah
requires that we use domain.full_suffix instead of provider.domain, whenever possible.
2013-03-12Merge branch 'feature/bigcouch' into developvarac
Conflicts: provider_base/services/couchdb.json
2013-03-10added bigcouch:cookie to services/couchdb.jsonvarac
2013-03-08couch - explicitly configure couch portelijah
2013-03-08node environment: switch from production=true to environment=production. ↵elijah
requires latest leap_cli
2013-03-05change json comment to '//'elijah
2013-02-27openvpn -- added support for optional "free" rate-limited service via ↵elijah
special client certificates with the FREE prefix in the common name.
2013-02-12temporarily make the webapp use the admin couchdb user. waiting on ↵elijah
https://leap.se/code/issues/1163
2013-02-08changed contact_email to tor.contactselijah
2013-02-08make monitor service include the nodes that are of a similar type (e.g. ↵elijah
production or local).
2013-02-06tor service defaultsvarac
2013-01-28update services/monitoring.json to include openvpn_gateway_addressvarac
2013-01-28added 'monitor' service to provider_baseelijah
2013-01-21client ca -- configure the webapp with the client caelijah
2013-01-13added ability to customize the webapp appearanceelijah
2012-12-19webapp api now uses a customizable port (so that we don't try to rely on SNI ↵elijah
for hosting two TLS domains on one IP).
2012-12-18ca daemon -- ca daemon needs the x509 cert/key for the CA, not for the server.elijah
2012-12-07added hostname tracking and late evaluation. new key "hosts" added, for ↵elijah
building /etc/hosts. also, now ssh.known_hosts only includes what is necessary.
2012-12-07ca -> ca_daemon in site.pp and services/ca.jsonvarac
2012-12-07added couchdb hiera variables to services/ca.jsonvarac
2012-11-28updated service templates to reflect new command nameselijah
2012-11-27fix webapp: only list couchdb hosts that match node's 'local' value.elijah
2012-11-23get rid of paths in webapp.json, use symbolic filenames instead.elijah
2012-11-22clean up openvpn and x509 pathselijah
2012-11-21added x509.commercial_ca_cert. x509.ca_cert is now optional, except for webapp.elijah
2012-11-17added better warnings to openvpn service when files are missingelijah
2012-11-17added commercial_cert to webappelijah
2012-11-15added eip-service.jsonelijah
2012-11-14added provider_base (latest leap_cli required)elijah