summaryrefslogtreecommitdiff
path: root/provider_base
AgeCommit message (Collapse)Author
2013-04-02switch to using stunnel_client and stunnel_server leap_cli macrosMicah Anderson
add bigcouch_replication_clients to couchdb.json change site_couchdb/manifests/stunnel to use stunnel_client and stunnel_server generated hiera values to setup the stunnels for the couch_server connections, and the bigcouch_replication_server and bigcouch_replication_clients tunnels instead of using hard-coded ips and ports. also change the pid names to be more consistent with what the tunnels are and are named
2013-04-02updated shorewall dnat hiera values for bigcouch cluster protocolvarac
2013-04-02add stunnel hiera values to provider_base/services/couchdb.json for bigcouch ↵varac
cluster protocol
2013-04-02added stunnel config for bigcouch communicationvarac
2013-03-28added stunnel_serverelijah
2013-03-19add webapp secret token that pulls from hiera a 'secret'Micah Anderson
2013-03-19create a separate couchdb.yml.admin that contains the couchdb admin ↵Micah Anderson
privileges, putting the unprivileged ones in as user webapp in couchdb.yml. This allows us to migrate the couchdb design docs on deployment, but use an unprivileged user the remainder of the time
2013-03-17added support for "limited" service levels (although vpn is not yet actually ↵elijah
rate limited).
2013-03-16the development tag now specifies an alternative provider domain. this ↵elijah
requires that we use domain.full_suffix instead of provider.domain, whenever possible.
2013-03-12Merge branch 'feature/bigcouch' into developvarac
Conflicts: provider_base/services/couchdb.json
2013-03-10added bigcouch:cookie to services/couchdb.jsonvarac
2013-03-08couch - explicitly configure couch portelijah
2013-03-08node environment: switch from production=true to environment=production. ↵elijah
requires latest leap_cli
2013-03-05change json comment to '//'elijah
2013-02-27openvpn -- added support for optional "free" rate-limited service via ↵elijah
special client certificates with the FREE prefix in the common name.
2013-02-12temporarily make the webapp use the admin couchdb user. waiting on ↵elijah
https://leap.se/code/issues/1163
2013-02-10vagrant configuration move to Leapfileelijah
2013-02-08changed contact_email to tor.contactselijah
2013-02-08minor changes to default json: give common a name, add contacts.defaultelijah
2013-02-08make monitor service include the nodes that are of a similar type (e.g. ↵elijah
production or local).
2013-02-06tor service defaultsvarac
2013-01-31added /etc/openvpn/ca_bundle.pem in order to allow multiple CA certs to be used.elijah
2013-01-28update services/monitoring.json to include openvpn_gateway_addressvarac
2013-01-28added 'monitor' service to provider_baseelijah
2013-01-27added 'development' hiera hash to exclude certain class for better testingvarac
2013-01-26service_type: internal_service as defaultvarac
2013-01-21client ca -- configure the webapp with the client caelijah
2013-01-13added ability to customize the webapp appearanceelijah
2012-12-19webapp api now uses a customizable port (so that we don't try to rely on SNI ↵elijah
for hosting two TLS domains on one IP).
2012-12-18ca daemon -- ca daemon needs the x509 cert/key for the CA, not for the server.elijah
2012-12-08minor - fix hint.elijah
2012-12-07added hostname tracking and late evaluation. new key "hosts" added, for ↵elijah
building /etc/hosts. also, now ssh.known_hosts only includes what is necessary.
2012-12-07ca -> ca_daemon in site.pp and services/ca.jsonvarac
2012-12-07added couchdb hiera variables to services/ca.jsonvarac
2012-11-28updated service templates to reflect new command nameselijah
2012-11-27fix webapp: only list couchdb hosts that match node's 'local' value.elijah
2012-11-24new leap_cli sets local tag automatically.elijah
2012-11-23get rid of paths in webapp.json, use symbolic filenames instead.elijah
2012-11-23added a template that is used to generate a client config file for openvpn ↵elijah
(to be used for testing).
2012-11-23fix bugs in eip-service.json templateelijah
2012-11-22clean up openvpn and x509 pathselijah
2012-11-21added x509.commercial_ca_cert. x509.ca_cert is now optional, except for webapp.elijah
2012-11-20add ca_cert key because we will need to place the cert into the webroot on ↵Micah Anderson
the webapp
2012-11-17added missing fingerprint of ca cert to provider definitionelijah
2012-11-17added better warnings to openvpn service when files are missingelijah
2012-11-17added commercial_cert to webappelijah
2012-11-16added digest to provider.caelijah
2012-11-15added eip-service.jsonelijah
2012-11-14added provider_base (latest leap_cli required)elijah