Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-06-12 | webapp should be available over http so a proper redirect can be done to https | Micah Anderson | |
without this rule, one just gets a 'site is unavailable' result Change-Id: I27b80a0044e9fe4e87e607412c8d0a089d4866a6 | |||
2013-05-16 | special casing for pistoncloud/openstack/ec2 | Micah Anderson | |
2013-05-02 | fixed dnat_rules | elijah | |
2013-04-30 | minor spacing changes | Micah Anderson | |
2013-04-30 | setup a site_config::params class that can be used to set some common ↵ | Micah Anderson | |
variables that are used in different places to start with we setup the $interface variable, based on logic as defined in #2213 change the various places that were looking up this value to use site_config::params::interface instead | |||
2013-04-04 | add Erlang Distributed Node Protocol Port json entry under bigcouch | Micah Anderson | |
setup ednp_server and ednp_client stunnels update couchdb puppet submodule to support configurable ednp_port parameter and general module cleanup pass ednp_port to couchdb setup so that it is configured in the vm.args template clarify in comments the difference between the epmd and ednp ports remove hard-coded erlang_vm_port variable and instead setup shorewall to allow for the stunnel connection only setup dnat rules for the ednp client connections | |||
2013-04-04 | rename bigcouch.port to more accurate bigcouch.epmd_port | Micah Anderson | |
2013-04-02 | shorewall: re-order dnat rule variables to match configuration file order | Micah Anderson | |
2013-04-02 | replace hard-coded port number with hiera determined one, manipulated to ↵ | Micah Anderson | |
remove the 'ip:' from the beginning in bigcouch replication client stunnels | |||
2013-04-02 | firewall: remove no longer needed epmd port | Micah Anderson | |
2013-04-02 | shorewall: | Micah Anderson | |
create a macro for the bigcouch replication server stunnel to enable these connections pulling bigcouch_replication_clients, bigcouch_replication_server_port from hiera create site_shorewall::couchdb::dnat and create_resources to properly setup DNAT for bigcouch_replication_clients | |||
2013-04-02 | remove unnecessary class inheritance | Micah Anderson | |
2013-04-02 | shorewall: add couch_server stunnel port to macro.leap_couchdb, this is ↵ | Micah Anderson | |
necessary for the stunnel to communicate | |||
2013-04-02 | start erlang vm on dedicated port so firewalling is easier | varac | |
2013-04-02 | added site_shorewall::couchdb::bigcouch | varac | |
bigcouch cluster protocol communicate via the fqdn of the neighbor hosts. So we need to bend all requests to <fqdn>:4369 to localhost:400x (which is the entry of an stunnel connection to the other neighbor) | |||
2013-04-02 | added site_shorewall::dnat to configure DNAT rules | varac | |
2013-04-02 | shorewall couchdb config: get open ports right | varac | |
2013-04-02 | working on stunnel for bigcouch clustering | varac | |
2013-03-17 | added support for "limited" service levels (although vpn is not yet actually ↵ | elijah | |
rate limited). | |||
2013-02-27 | openvpn -- added support for optional "free" rate-limited service via ↵ | elijah | |
special client certificates with the FREE prefix in the common name. | |||
2013-02-26 | missed another require => Package['shorewall'] on the file resources in ↵ | Micah Anderson | |
site_shorewall | |||
2013-02-12 | missed one require => Package['shorewall'] on of the file resources in ↵ | Micah Anderson | |
site_shorewall | |||
2013-02-12 | file resources that make changes to shorewall need to make sure that ↵ | Micah Anderson | |
shorewall is installed first (#1741) | |||
2013-02-12 | fixed shorewall is blocking api port (Bug #1735) | varac | |
2013-02-11 | duplicate shortwall service definitions now inclduded from services/* | varac | |
2013-02-09 | site_shorewall::monitor: allow port 80 + 443 | varac | |
2013-02-06 | allow outgoing traffic moved to site_shorewall::defaults | varac | |
2013-02-06 | allow port 80 to tor server | varac | |
2013-02-06 | configure shorewall for couchdb, tor, webapp | varac | |
2013-02-06 | allow all outgoing traffic | varac | |
2013-02-06 | Restructuring site_shorewall | varac | |
site_shorewall::defaults can be used on every host, it configures a basic firewall, which blocks everything from outside except ping + ssh, and allows outgoing traffic for http, git, dns. | |||
2013-01-30 | start shorewall on vagrant nodes too (#1467) | varac | |
2013-01-29 | fix variable name for re-ordered fact | Micah Anderson | |
2013-01-29 | setup special casing for vagrant/virtualbox | Micah Anderson | |
2013-01-29 | fix variable scoping | Micah Anderson | |
2013-01-29 | create a special case for vagrant machines that need to have both interfaces in | Micah Anderson | |
the net zone so we dont lock ourselves out during deploy, but also are able to access the internet | |||
2013-01-29 | enclose the variables in curly braces, as recommended by puppet-lint | Micah Anderson | |
2013-01-29 | add a new fact that provides a fact for each configured ip address, telling you | Micah Anderson | |
which interface has it (essentially the inverse of the ipaddress_${interface} fact). Switch the hiera lookups of the $interface, which was pulling from the .json to pull instead from the above fact, see #1547 and #1548 | |||
2013-01-29 | start shorewall on deploy (fixes #1122) | varac | |
2013-01-17 | require the augeas class before doing any augeas operations (#1215) | Micah Anderson | |
2012-12-14 | no need for sections in shorewall rules | varac | |
from the shorewall-rules manpage: "If no Section Headers appear in the file then all rules are assumed to be in the NEW section." | |||
2012-12-04 | set ip_forwarding using augeas | Micah Anderson | |
2012-11-21 | move site_config::eip to site_openvpn (Feature #943) | varac | |
2012-11-06 | duplicate definition after merge | varac | |
2012-11-06 | fixed unseen merge conflicts | varac | |
2012-11-06 | Merge branch 'feature/couchdb' into develop | varac | |
Conflicts: puppet/modules/site_shorewall/manifests/eip.pp | |||
2012-11-02 | accept all outgoing traffic on eip gw | varac | |
2012-10-30 | add dnat rule to redirect other ports to port 1194 | varac | |
2012-10-30 | start shorewall by default | varac | |
2012-10-29 | differentiate masq definition names | varac | |