summaryrefslogtreecommitdiff
path: root/puppet/modules/site_webapp
AgeCommit message (Collapse)Author
2013-04-11webapp: use admin creds for now, until we fixed couchdb user permissionsvarac
2013-04-09make sure the production environment is used for the migrationsMicah Anderson
2013-04-09add a httpchk line to haproxy to properly test if the couchdb is availableMicah Anderson
add the useful http-server-close option set check option on the servers, with a 3 second interval, a one second fastinter (for flapping) and a one second downinter. Set the number of checks for failure to be one (so it will take 3 seconds for a node to fail out) and 2 checks to come back
2013-04-04set permissions on the rails production.log, otherwise passenger complains ↵Micah Anderson
about this in the apache log file
2013-04-04fix typo in x509::variablesMicah Anderson
2013-04-04make sure the couchdb.yml permissions are set properlyMicah Anderson
2013-04-04fix missing commaMicah Anderson
2013-04-04pass $ca_name to stunnel::setup - this eliminates a dynamic scoped variable ↵Micah Anderson
lookup, and warning
2013-04-02refactor couch_client stunnel to use new stunnel_client leap_cli macroMicah Anderson
re-order variables to be more consistant
2013-04-02provide stunnel connect_port to site_webapp:couchdbvarac
2013-04-02moving generic stunnel config from site_webapp to site_stunnel now workingvarac
2013-04-02moved generic stunnel config from site_webapp to site_stunnelvarac
2013-03-28added stunnel_serverelijah
2013-03-19add webapp secret token that pulls from hiera a 'secret'Micah Anderson
2013-03-19cp instead of mv for the couchdb configuration fileMicah Anderson
if we move, then we need to re-create the file on the next deploy
2013-03-19create a separate couchdb.yml.admin that contains the couchdb admin ↵Micah Anderson
privileges, putting the unprivileged ones in as user webapp in couchdb.yml. This allows us to migrate the couchdb design docs on deployment, but use an unprivileged user the remainder of the time
2013-03-19fix spelling of 'command' parameterMicah Anderson
2013-03-19fix missing closing curly braceMicah Anderson
2013-03-19configure webapp haproxy couchdb connectionMicah Anderson
2013-03-19configure site_webapp::haproxy to ship a haproxy config::fragment to setup theMicah Anderson
haproxy listener 'bigcouch-in'. This haproxy listener is configured to listen on port 4096 (arbitrarily chosen) and balance across the locally configured stunnels to the bigcouch instances It may be that we will need some additional haproxy options for handling persistence, cookies, or other HTTP headers, I'm unsure as of this moment
2013-03-19Migrate the couchdb design documents during webapp deploy (#1976)Micah Anderson
2013-03-19turn off automatic updates of couchdb design docs (#1979)Micah Anderson
2013-03-18Webapp: Use stunnel localhost:5000 for couchdb connectionvarac
2013-03-17fix webapp/couchdb stunnel certificate authorityMicah Anderson
2013-03-17added support for "limited" service levels (although vpn is not yet actually ↵elijah
rate limited).
2013-03-16Merge branch 'stunnel_switch' into developvarac
2013-03-16pick the first couchdb host for webapp couch configvarac
Until we have a proper load balancing setup (see https://leap.se/code/issues/1994)
2013-03-14add couchdb stunnel clientsMicah Anderson
2013-02-27openvpn -- added support for optional "free" rate-limited service via ↵elijah
special client certificates with the FREE prefix in the common name.
2013-02-12Merge remote-tracking branch 'origin/develop' into bundle-and-precompile-as-userMicah Anderson
2013-02-10set webapp module to use try::file where appropriateelijah
2013-02-09run bundler and rake assets:precompile as normal userAzul
otherwise the generated files will be owned by root and the bundle will be inside roots /home/max
2013-02-06include shorewall config for webapp and couchdbvarac
2013-02-04compile assets for webapp, fixes #1628varac
2013-02-03Increase Exec[bundler_update] timeoutvarac
Exec[bundler_update] can take a really long time, increasing timeout from 300s (default) to 600s fixes Increase command timeout for Exec[bundler_update] (Feature #1643)
2013-01-31update the x509 submodule to get non-root application access to key file ↵Micah Anderson
enhancement put the leap-webapp user in the 'ssl-cert' group pass group => 'leap-webapp' to the leap_client_ca.key so the application can access it
2013-01-31tag 'base' is a bad idea because it invokes apache::base as wellvarac
2013-01-31tag 'service' for all service classesvarac
2013-01-29test the $webapp['img_dir'] variable to see if it is undef or not, the defaultMicah Anderson
in the json is ~ (nil), which ends up being undef in puppet (closes #1575)
2013-01-21client ca -- configure the webapp with the client caelijah
2013-01-13added ability to customize the webapp appearanceelijah
2013-01-11configure webapp with correct domainelijah
2013-01-03using master branch for webapp now.Azul
develop branch is no longer used in webapp dev and will be removed.
2012-12-19webapp api now uses a customizable port (so that we don't try to rely on SNI ↵elijah
for hosting two TLS domains on one IP).
2012-12-11add prefix to couchdb.yamlMicah Anderson
2012-12-11fix couchdb portMicah Anderson
2012-11-29change api CA cert deployment to just symlink to the already deployed fileMicah Anderson
2012-11-29change ensure parameter to explicit 'directory' for /srv/leap-webappMicah Anderson
2012-11-29updated bundler module to accept 'package' to install_method to be a little ↵Micah Anderson
more obvious how it is operating
2012-11-27switch from hiera_array to just hieraMicah Anderson