Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(#2016)
|
|
included in the web app (#1978)
remove site_ca_daemon module and configuration in site.pp as well as the provider_base/services/ca.json
|
|
setup ednp_server and ednp_client stunnels
update couchdb puppet submodule to support configurable ednp_port parameter and general module cleanup
pass ednp_port to couchdb setup so that it is configured in the vm.args template
clarify in comments the difference between the epmd and ednp ports
remove hard-coded erlang_vm_port variable and instead setup shorewall to allow for the stunnel connection only
setup dnat rules for the ednp client connections
|
|
|
|
shorter named epmd (erlang port mapper daemon)
|
|
|
|
|
|
add bigcouch_replication_clients to couchdb.json
change site_couchdb/manifests/stunnel to use stunnel_client and stunnel_server
generated hiera values to setup the stunnels for the couch_server connections,
and the bigcouch_replication_server and bigcouch_replication_clients tunnels
instead of using hard-coded ips and ports.
also change the pid names to be more consistent with what the tunnels are and
are named
|
|
|
|
cluster protocol
|
|
|
|
|
|
|
|
privileges, putting the unprivileged ones in as user webapp in couchdb.yml. This allows us to migrate the couchdb design docs on deployment, but use an unprivileged user the remainder of the time
|
|
rate limited).
|
|
requires that we use domain.full_suffix instead of provider.domain, whenever possible.
|
|
Conflicts:
provider_base/services/couchdb.json
|
|
|
|
|
|
requires latest leap_cli
|
|
|
|
special client certificates with the FREE prefix in the common name.
|
|
https://leap.se/code/issues/1163
|
|
|
|
production or local).
|
|
|
|
|
|
|
|
|
|
|
|
for hosting two TLS domains on one IP).
|
|
|
|
building /etc/hosts. also, now ssh.known_hosts only includes what is necessary.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|