summaryrefslogtreecommitdiff
path: root/puppet/modules/site_webapp
AgeCommit message (Collapse)Author
2013-03-19cp instead of mv for the couchdb configuration fileMicah Anderson
if we move, then we need to re-create the file on the next deploy
2013-03-19create a separate couchdb.yml.admin that contains the couchdb admin ↵Micah Anderson
privileges, putting the unprivileged ones in as user webapp in couchdb.yml. This allows us to migrate the couchdb design docs on deployment, but use an unprivileged user the remainder of the time
2013-03-19fix spelling of 'command' parameterMicah Anderson
2013-03-19fix missing closing curly braceMicah Anderson
2013-03-19configure webapp haproxy couchdb connectionMicah Anderson
2013-03-19configure site_webapp::haproxy to ship a haproxy config::fragment to setup theMicah Anderson
haproxy listener 'bigcouch-in'. This haproxy listener is configured to listen on port 4096 (arbitrarily chosen) and balance across the locally configured stunnels to the bigcouch instances It may be that we will need some additional haproxy options for handling persistence, cookies, or other HTTP headers, I'm unsure as of this moment
2013-03-19Migrate the couchdb design documents during webapp deploy (#1976)Micah Anderson
2013-03-19turn off automatic updates of couchdb design docs (#1979)Micah Anderson
2013-03-18Webapp: Use stunnel localhost:5000 for couchdb connectionvarac
2013-03-17fix webapp/couchdb stunnel certificate authorityMicah Anderson
2013-03-17added support for "limited" service levels (although vpn is not yet actually ↵elijah
rate limited).
2013-03-16Merge branch 'stunnel_switch' into developvarac
2013-03-16pick the first couchdb host for webapp couch configvarac
Until we have a proper load balancing setup (see https://leap.se/code/issues/1994)
2013-03-14add couchdb stunnel clientsMicah Anderson
2013-02-27openvpn -- added support for optional "free" rate-limited service via ↵elijah
special client certificates with the FREE prefix in the common name.
2013-02-12Merge remote-tracking branch 'origin/develop' into bundle-and-precompile-as-userMicah Anderson
2013-02-10set webapp module to use try::file where appropriateelijah
2013-02-09run bundler and rake assets:precompile as normal userAzul
otherwise the generated files will be owned by root and the bundle will be inside roots /home/max
2013-02-06include shorewall config for webapp and couchdbvarac
2013-02-04compile assets for webapp, fixes #1628varac
2013-02-03Increase Exec[bundler_update] timeoutvarac
Exec[bundler_update] can take a really long time, increasing timeout from 300s (default) to 600s fixes Increase command timeout for Exec[bundler_update] (Feature #1643)
2013-01-31update the x509 submodule to get non-root application access to key file ↵Micah Anderson
enhancement put the leap-webapp user in the 'ssl-cert' group pass group => 'leap-webapp' to the leap_client_ca.key so the application can access it
2013-01-31tag 'base' is a bad idea because it invokes apache::base as wellvarac
2013-01-31tag 'service' for all service classesvarac
2013-01-29test the $webapp['img_dir'] variable to see if it is undef or not, the defaultMicah Anderson
in the json is ~ (nil), which ends up being undef in puppet (closes #1575)
2013-01-21client ca -- configure the webapp with the client caelijah
2013-01-13added ability to customize the webapp appearanceelijah
2013-01-11configure webapp with correct domainelijah
2013-01-03using master branch for webapp now.Azul
develop branch is no longer used in webapp dev and will be removed.
2012-12-19webapp api now uses a customizable port (so that we don't try to rely on SNI ↵elijah
for hosting two TLS domains on one IP).
2012-12-11add prefix to couchdb.yamlMicah Anderson
2012-12-11fix couchdb portMicah Anderson
2012-11-29change api CA cert deployment to just symlink to the already deployed fileMicah Anderson
2012-11-29change ensure parameter to explicit 'directory' for /srv/leap-webappMicah Anderson
2012-11-29updated bundler module to accept 'package' to install_method to be a little ↵Micah Anderson
more obvious how it is operating
2012-11-27switch from hiera_array to just hieraMicah Anderson
2012-11-27fix location of couchdb.yml templateMicah Anderson
2012-11-27fix name of eip_serviceMicah Anderson
2012-11-27fix name of couchdb.yml templateMicah Anderson
2012-11-27add the couchdb configuration templateMicah Anderson
2012-11-27setup the couchdb class to provide the couchdb connection parametersMicah Anderson
2012-11-27make sure the webapp/public/config directory exists and the eip-service.json ↵Micah Anderson
is provided there
2012-11-27map /1 -> document rootMicah Anderson
2012-11-27add site_webapp class to install the certs/keys/CAs and virtual host ↵Micah Anderson
configurations
2012-11-27place the provider.json and ca.crt in the webrootMicah Anderson
2012-11-27add hiera keys for providerMicah Anderson
include site_webapp::apache
2012-11-22use origin/develop instead of develop as revisionvarac
2012-11-22switch to the develop branch for the webapp git repository for ↵Micah Anderson
deployment/testing. when released, this should track a stable release
2012-11-22remove escaping double-quotes, it turns out these are passed directly to the ↵Micah Anderson
command causing it to fail
2012-11-20add initial site_webapp moduleMicah Anderson