summaryrefslogtreecommitdiff
path: root/provider_base
AgeCommit message (Collapse)Author
2013-04-18provider.json 'domain' entry should match the domain suffix of the node.elijah
2013-04-10clean up ca_daemon things, it is not used any longer because it has been ↵Micah Anderson
included in the web app (#1978) remove site_ca_daemon module and configuration in site.pp as well as the provider_base/services/ca.json
2013-04-04add Erlang Distributed Node Protocol Port json entry under bigcouchMicah Anderson
setup ednp_server and ednp_client stunnels update couchdb puppet submodule to support configurable ednp_port parameter and general module cleanup pass ednp_port to couchdb setup so that it is configured in the vm.args template clarify in comments the difference between the epmd and ednp ports remove hard-coded erlang_vm_port variable and instead setup shorewall to allow for the stunnel connection only setup dnat rules for the ednp client connections
2013-04-04rename bigcouch.port to more accurate bigcouch.epmd_portMicah Anderson
2013-04-04rename the bigcouch_replication_[server,client] to be the more accurately, andMicah Anderson
shorter named epmd (erlang port mapper daemon)
2013-04-03added contacts.english for when you need a descriptive contact rather than ↵elijah
an email address contact.
2013-04-02Merge branch 'develop' of ssh://leap.se/leap_platform into developelijah
2013-04-02added password salt to services/couchdb.json (requires latest leap_cli)elijah
2013-04-02switch to using stunnel_client and stunnel_server leap_cli macrosMicah Anderson
add bigcouch_replication_clients to couchdb.json change site_couchdb/manifests/stunnel to use stunnel_client and stunnel_server generated hiera values to setup the stunnels for the couch_server connections, and the bigcouch_replication_server and bigcouch_replication_clients tunnels instead of using hard-coded ips and ports. also change the pid names to be more consistent with what the tunnels are and are named
2013-04-02updated shorewall dnat hiera values for bigcouch cluster protocolvarac
2013-04-02add stunnel hiera values to provider_base/services/couchdb.json for bigcouch ↵varac
cluster protocol
2013-04-02added stunnel config for bigcouch communicationvarac
2013-03-28added stunnel_serverelijah
2013-03-19add webapp secret token that pulls from hiera a 'secret'Micah Anderson
2013-03-19create a separate couchdb.yml.admin that contains the couchdb admin ↵Micah Anderson
privileges, putting the unprivileged ones in as user webapp in couchdb.yml. This allows us to migrate the couchdb design docs on deployment, but use an unprivileged user the remainder of the time
2013-03-17added support for "limited" service levels (although vpn is not yet actually ↵elijah
rate limited).
2013-03-16the development tag now specifies an alternative provider domain. this ↵elijah
requires that we use domain.full_suffix instead of provider.domain, whenever possible.
2013-03-12Merge branch 'feature/bigcouch' into developvarac
Conflicts: provider_base/services/couchdb.json
2013-03-10added bigcouch:cookie to services/couchdb.jsonvarac
2013-03-08couch - explicitly configure couch portelijah
2013-03-08node environment: switch from production=true to environment=production. ↵elijah
requires latest leap_cli
2013-03-05change json comment to '//'elijah
2013-02-27openvpn -- added support for optional "free" rate-limited service via ↵elijah
special client certificates with the FREE prefix in the common name.
2013-02-12temporarily make the webapp use the admin couchdb user. waiting on ↵elijah
https://leap.se/code/issues/1163
2013-02-10vagrant configuration move to Leapfileelijah
2013-02-08changed contact_email to tor.contactselijah
2013-02-08minor changes to default json: give common a name, add contacts.defaultelijah
2013-02-08make monitor service include the nodes that are of a similar type (e.g. ↵elijah
production or local).
2013-02-06tor service defaultsvarac
2013-01-31added /etc/openvpn/ca_bundle.pem in order to allow multiple CA certs to be used.elijah
2013-01-28update services/monitoring.json to include openvpn_gateway_addressvarac
2013-01-28added 'monitor' service to provider_baseelijah
2013-01-27added 'development' hiera hash to exclude certain class for better testingvarac
2013-01-26service_type: internal_service as defaultvarac
2013-01-21client ca -- configure the webapp with the client caelijah
2013-01-13added ability to customize the webapp appearanceelijah
2012-12-19webapp api now uses a customizable port (so that we don't try to rely on SNI ↵elijah
for hosting two TLS domains on one IP).
2012-12-18ca daemon -- ca daemon needs the x509 cert/key for the CA, not for the server.elijah
2012-12-08minor - fix hint.elijah
2012-12-07added hostname tracking and late evaluation. new key "hosts" added, for ↵elijah
building /etc/hosts. also, now ssh.known_hosts only includes what is necessary.
2012-12-07ca -> ca_daemon in site.pp and services/ca.jsonvarac
2012-12-07added couchdb hiera variables to services/ca.jsonvarac
2012-11-28updated service templates to reflect new command nameselijah
2012-11-27fix webapp: only list couchdb hosts that match node's 'local' value.elijah
2012-11-24new leap_cli sets local tag automatically.elijah
2012-11-23get rid of paths in webapp.json, use symbolic filenames instead.elijah
2012-11-23added a template that is used to generate a client config file for openvpn ↵elijah
(to be used for testing).
2012-11-23fix bugs in eip-service.json templateelijah
2012-11-22clean up openvpn and x509 pathselijah
2012-11-21added x509.commercial_ca_cert. x509.ca_cert is now optional, except for webapp.elijah