Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-04-11 | webapp: use admin creds for now, until we fixed couchdb user permissions | varac | |
2013-04-09 | make sure the production environment is used for the migrations | Micah Anderson | |
2013-04-09 | add a httpchk line to haproxy to properly test if the couchdb is available | Micah Anderson | |
add the useful http-server-close option set check option on the servers, with a 3 second interval, a one second fastinter (for flapping) and a one second downinter. Set the number of checks for failure to be one (so it will take 3 seconds for a node to fail out) and 2 checks to come back | |||
2013-04-04 | set permissions on the rails production.log, otherwise passenger complains ↵ | Micah Anderson | |
about this in the apache log file | |||
2013-04-04 | fix typo in x509::variables | Micah Anderson | |
2013-04-04 | make sure the couchdb.yml permissions are set properly | Micah Anderson | |
2013-04-04 | fix missing comma | Micah Anderson | |
2013-04-04 | pass $ca_name to stunnel::setup - this eliminates a dynamic scoped variable ↵ | Micah Anderson | |
lookup, and warning | |||
2013-04-02 | refactor couch_client stunnel to use new stunnel_client leap_cli macro | Micah Anderson | |
re-order variables to be more consistant | |||
2013-04-02 | provide stunnel connect_port to site_webapp:couchdb | varac | |
2013-04-02 | moving generic stunnel config from site_webapp to site_stunnel now working | varac | |
2013-04-02 | moved generic stunnel config from site_webapp to site_stunnel | varac | |
2013-03-28 | added stunnel_server | elijah | |
2013-03-19 | add webapp secret token that pulls from hiera a 'secret' | Micah Anderson | |
2013-03-19 | cp instead of mv for the couchdb configuration file | Micah Anderson | |
if we move, then we need to re-create the file on the next deploy | |||
2013-03-19 | create a separate couchdb.yml.admin that contains the couchdb admin ↵ | Micah Anderson | |
privileges, putting the unprivileged ones in as user webapp in couchdb.yml. This allows us to migrate the couchdb design docs on deployment, but use an unprivileged user the remainder of the time | |||
2013-03-19 | fix spelling of 'command' parameter | Micah Anderson | |
2013-03-19 | fix missing closing curly brace | Micah Anderson | |
2013-03-19 | configure webapp haproxy couchdb connection | Micah Anderson | |
2013-03-19 | configure site_webapp::haproxy to ship a haproxy config::fragment to setup the | Micah Anderson | |
haproxy listener 'bigcouch-in'. This haproxy listener is configured to listen on port 4096 (arbitrarily chosen) and balance across the locally configured stunnels to the bigcouch instances It may be that we will need some additional haproxy options for handling persistence, cookies, or other HTTP headers, I'm unsure as of this moment | |||
2013-03-19 | Migrate the couchdb design documents during webapp deploy (#1976) | Micah Anderson | |
2013-03-19 | turn off automatic updates of couchdb design docs (#1979) | Micah Anderson | |
2013-03-18 | Webapp: Use stunnel localhost:5000 for couchdb connection | varac | |
2013-03-17 | fix webapp/couchdb stunnel certificate authority | Micah Anderson | |
2013-03-17 | added support for "limited" service levels (although vpn is not yet actually ↵ | elijah | |
rate limited). | |||
2013-03-16 | Merge branch 'stunnel_switch' into develop | varac | |
2013-03-16 | pick the first couchdb host for webapp couch config | varac | |
Until we have a proper load balancing setup (see https://leap.se/code/issues/1994) | |||
2013-03-14 | add couchdb stunnel clients | Micah Anderson | |
2013-02-27 | openvpn -- added support for optional "free" rate-limited service via ↵ | elijah | |
special client certificates with the FREE prefix in the common name. | |||
2013-02-12 | Merge remote-tracking branch 'origin/develop' into bundle-and-precompile-as-user | Micah Anderson | |
2013-02-10 | set webapp module to use try::file where appropriate | elijah | |
2013-02-09 | run bundler and rake assets:precompile as normal user | Azul | |
otherwise the generated files will be owned by root and the bundle will be inside roots /home/max | |||
2013-02-06 | include shorewall config for webapp and couchdb | varac | |
2013-02-04 | compile assets for webapp, fixes #1628 | varac | |
2013-02-03 | Increase Exec[bundler_update] timeout | varac | |
Exec[bundler_update] can take a really long time, increasing timeout from 300s (default) to 600s fixes Increase command timeout for Exec[bundler_update] (Feature #1643) | |||
2013-01-31 | update the x509 submodule to get non-root application access to key file ↵ | Micah Anderson | |
enhancement put the leap-webapp user in the 'ssl-cert' group pass group => 'leap-webapp' to the leap_client_ca.key so the application can access it | |||
2013-01-31 | tag 'base' is a bad idea because it invokes apache::base as well | varac | |
2013-01-31 | tag 'service' for all service classes | varac | |
2013-01-29 | test the $webapp['img_dir'] variable to see if it is undef or not, the default | Micah Anderson | |
in the json is ~ (nil), which ends up being undef in puppet (closes #1575) | |||
2013-01-21 | client ca -- configure the webapp with the client ca | elijah | |
2013-01-13 | added ability to customize the webapp appearance | elijah | |
2013-01-11 | configure webapp with correct domain | elijah | |
2013-01-03 | using master branch for webapp now. | Azul | |
develop branch is no longer used in webapp dev and will be removed. | |||
2012-12-19 | webapp api now uses a customizable port (so that we don't try to rely on SNI ↵ | elijah | |
for hosting two TLS domains on one IP). | |||
2012-12-11 | add prefix to couchdb.yaml | Micah Anderson | |
2012-12-11 | fix couchdb port | Micah Anderson | |
2012-11-29 | change api CA cert deployment to just symlink to the already deployed file | Micah Anderson | |
2012-11-29 | change ensure parameter to explicit 'directory' for /srv/leap-webapp | Micah Anderson | |
2012-11-29 | updated bundler module to accept 'package' to install_method to be a little ↵ | Micah Anderson | |
more obvious how it is operating | |||
2012-11-27 | switch from hiera_array to just hiera | Micah Anderson | |