summaryrefslogtreecommitdiff
path: root/puppet/modules
AgeCommit message (Collapse)Author
2013-03-19create a separate couchdb.yml.admin that contains the couchdb admin ↵Micah Anderson
privileges, putting the unprivileged ones in as user webapp in couchdb.yml. This allows us to migrate the couchdb design docs on deployment, but use an unprivileged user the remainder of the time
2013-03-19fix spelling of 'command' parameterMicah Anderson
2013-03-19fix missing closing curly braceMicah Anderson
2013-03-19configure webapp haproxy couchdb connectionMicah Anderson
2013-03-19configure site_webapp::haproxy to ship a haproxy config::fragment to setup theMicah Anderson
haproxy listener 'bigcouch-in'. This haproxy listener is configured to listen on port 4096 (arbitrarily chosen) and balance across the locally configured stunnels to the bigcouch instances It may be that we will need some additional haproxy options for handling persistence, cookies, or other HTTP headers, I'm unsure as of this moment
2013-03-19add some generic haproxy defaultsMicah Anderson
2013-03-19add haproxy submoduleMicah Anderson
2013-03-19Migrate the couchdb design documents during webapp deploy (#1976)Micah Anderson
2013-03-19turn off automatic updates of couchdb design docs (#1979)Micah Anderson
2013-03-18Webapp: Use stunnel localhost:5000 for couchdb connectionvarac
2013-03-17fix webapp/couchdb stunnel certificate authorityMicah Anderson
2013-03-17added support for "limited" service levels (although vpn is not yet actually ↵elijah
rate limited).
2013-03-16Merge branch 'stunnel_switch' into developvarac
2013-03-16pick the first couchdb host for webapp couch configvarac
Until we have a proper load balancing setup (see https://leap.se/code/issues/1994)
2013-03-15automatic update of submodule couchdbvarac
2013-03-15automatic update of submodule aptvarac
2013-03-15automatic update of submodule couchdbvarac
2013-03-14add couchdb stunnel clientsMicah Anderson
2013-03-14add couchdb stunnel serverMicah Anderson
2013-03-14add a basic site_stunnel that takes care of some generic functionality that ↵Micah Anderson
all stunnel client/servers will need handled (at least in debian and ubuntu)
2013-03-14remove apache ssl proxy in preparation of replacing it with a stunnel setupMicah Anderson
This presents us with an interesting problem of deprecation. We need to manage the removal of something that we previously installed in any released code. How long we carry the puppet code that removes raises some interesting questions: do we require that someone who deployed version 1 (where the apache ssl proxy was deployed) of the platform upgrade first to version 2 (where we remove the apache ssl proxy) before they upgrade to version 3 (where the apache ssl proxy removal is no longer present) -- or do we allow people to skip versions?
2013-03-14add shared stunnel moduleMicah Anderson
2013-03-14automatic update of submodule aptvarac
2013-03-14automatic update of submodule aptvarac
2013-03-14include cloudant package repo for bigcouch servervarac
2013-03-14pass template() to aptvarac
2013-03-14added apt preferences template that includes squeezevarac
2013-03-14use custom preferences for couchdb hostvarac
2013-03-14automatic update of submodule couchdbvarac
2013-03-14added cloudants apt key, FP: BAF9 B315 D438 5FB9 B5DE 334B 59E0 1FBD 15BE 8E26varac
2013-03-13automatic update of submodule couchdbvarac
2013-03-13install apt key before apt-get updatevarac
2013-03-13automatic update of submodule couchdbvarac
2013-03-12enable leap deb package repository and leap apt key on all hostsvarac
2013-03-12automatic update of submodule couchdbvarac
2013-03-12automatic update of submodule couchdbvarac
2013-03-10pass couchdb cookie to class couchdbvarac
2013-03-10automatic update of submodule apachevarac
2013-03-10automatic update of submodule stdlibvarac
2013-03-10use bigcouch in site_couchdbvarac
2013-03-10site_couchdb::configure moved to couchdbvarac
2013-03-10futon is enabled by default on bigcouch in default.inivarac
we need to find another way to disable futon, it won't work disabling it here
2013-03-10increase timeout for initial_apt_update to 6 minvarac
2013-03-09couchdb init file moved to couchdb modulevarac
2013-03-07increase Exec timeout for dist_upgradevarac
2013-03-07automatic update of submodule couchdbvarac
2013-02-27openvpn -- added support for optional "free" rate-limited service via ↵elijah
special client certificates with the FREE prefix in the common name.
2013-02-26require that the package unbound be installed before trying to write to itsMicah Anderson
configuration file, this addresses issue #1853 - [vpn1] err: /Stage[main]/Site_openvpn::Resolver/Line[add_tcp_resolver]/Exec[echo 'server: include: /etc/unbound/conf.d/vpn_tcp_resolver' >> '/etc/unbound/unbound.conf']/returns: change from notrun to 0 failed: echo 'server: include: /etc/unbound/conf.d/vpn_tcp_resolver' >> '/etc/unbound/unbound.conf' returned 2 instead of one of [0] at /srv/leap/puppet/modules/common/manifests/defines/line.pp:45
2013-02-26missed another require => Package['shorewall'] on the file resources in ↵Micah Anderson
site_shorewall
2013-02-23adding angkat familykwadronaut