Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-04-02 | remove unnecessary class inheritance | Micah Anderson | |
2013-04-02 | lint so default options are together | Micah Anderson | |
2013-04-02 | shorewall: add couch_server stunnel port to macro.leap_couchdb, this is ↵ | Micah Anderson | |
necessary for the stunnel to communicate | |||
2013-04-02 | remove duplicate 'include site_stunnel' | Micah Anderson | |
this already exists in class site_stunnel::setup which is instantiated in this class | |||
2013-04-02 | start erlang vm on dedicated port so firewalling is easier | varac | |
2013-04-02 | fix bigcouch stunnel pid name | varac | |
2013-04-02 | provide stunnel connect_port to site_webapp:couchdb | varac | |
2013-04-02 | decrease stunnel debug level | varac | |
2013-04-02 | couchdb hosts include site_shorewall::couchdb::bigcouch | varac | |
2013-04-02 | added site_shorewall::couchdb::bigcouch | varac | |
bigcouch cluster protocol communicate via the fqdn of the neighbor hosts. So we need to bend all requests to <fqdn>:4369 to localhost:400x (which is the entry of an stunnel connection to the other neighbor) | |||
2013-04-02 | added site_shorewall::dnat to configure DNAT rules | varac | |
2013-04-02 | increase stunnel verbosity until everything is running smooth | varac | |
2013-04-02 | addded client side of bigcouch cluster protocol stunnel config | varac | |
2013-04-02 | make site_stunnel::clients connect_port configurable | varac | |
2013-04-02 | added bigcouch.conf as incoming stunnel config for bigcouch clustering | varac | |
2013-04-02 | moving generic stunnel config from site_webapp to site_stunnel now working | varac | |
2013-04-02 | shorewall couchdb config: get open ports right | varac | |
2013-04-02 | moved generic stunnel config from site_webapp to site_stunnel | varac | |
2013-04-02 | working on stunnel for bigcouch clustering | varac | |
2013-04-01 | Merge branch 'develop' of ssh://leap.se/leap_platform into develop | elijah | |
2013-04-01 | added setup.pp | elijah | |
2013-03-31 | automatic update of submodule couchdb | Micah Anderson | |
2013-03-29 | fixed site_openvpn bug with redefined variable. | elijah | |
2013-03-28 | added stunnel_server | elijah | |
2013-03-19 | add webapp secret token that pulls from hiera a 'secret' | Micah Anderson | |
2013-03-19 | cp instead of mv for the couchdb configuration file | Micah Anderson | |
if we move, then we need to re-create the file on the next deploy | |||
2013-03-19 | create a separate couchdb.yml.admin that contains the couchdb admin ↵ | Micah Anderson | |
privileges, putting the unprivileged ones in as user webapp in couchdb.yml. This allows us to migrate the couchdb design docs on deployment, but use an unprivileged user the remainder of the time | |||
2013-03-19 | fix spelling of 'command' parameter | Micah Anderson | |
2013-03-19 | fix missing closing curly brace | Micah Anderson | |
2013-03-19 | configure webapp haproxy couchdb connection | Micah Anderson | |
2013-03-19 | configure site_webapp::haproxy to ship a haproxy config::fragment to setup the | Micah Anderson | |
haproxy listener 'bigcouch-in'. This haproxy listener is configured to listen on port 4096 (arbitrarily chosen) and balance across the locally configured stunnels to the bigcouch instances It may be that we will need some additional haproxy options for handling persistence, cookies, or other HTTP headers, I'm unsure as of this moment | |||
2013-03-19 | add some generic haproxy defaults | Micah Anderson | |
2013-03-19 | add haproxy submodule | Micah Anderson | |
2013-03-19 | Migrate the couchdb design documents during webapp deploy (#1976) | Micah Anderson | |
2013-03-19 | turn off automatic updates of couchdb design docs (#1979) | Micah Anderson | |
2013-03-18 | Webapp: Use stunnel localhost:5000 for couchdb connection | varac | |
2013-03-17 | fix webapp/couchdb stunnel certificate authority | Micah Anderson | |
2013-03-17 | added support for "limited" service levels (although vpn is not yet actually ↵ | elijah | |
rate limited). | |||
2013-03-16 | Merge branch 'stunnel_switch' into develop | varac | |
2013-03-16 | pick the first couchdb host for webapp couch config | varac | |
Until we have a proper load balancing setup (see https://leap.se/code/issues/1994) | |||
2013-03-15 | automatic update of submodule couchdb | varac | |
2013-03-15 | automatic update of submodule apt | varac | |
2013-03-15 | automatic update of submodule couchdb | varac | |
2013-03-14 | add couchdb stunnel clients | Micah Anderson | |
2013-03-14 | add couchdb stunnel server | Micah Anderson | |
2013-03-14 | add a basic site_stunnel that takes care of some generic functionality that ↵ | Micah Anderson | |
all stunnel client/servers will need handled (at least in debian and ubuntu) | |||
2013-03-14 | remove apache ssl proxy in preparation of replacing it with a stunnel setup | Micah Anderson | |
This presents us with an interesting problem of deprecation. We need to manage the removal of something that we previously installed in any released code. How long we carry the puppet code that removes raises some interesting questions: do we require that someone who deployed version 1 (where the apache ssl proxy was deployed) of the platform upgrade first to version 2 (where we remove the apache ssl proxy) before they upgrade to version 3 (where the apache ssl proxy removal is no longer present) -- or do we allow people to skip versions? | |||
2013-03-14 | add shared stunnel module | Micah Anderson | |
2013-03-14 | automatic update of submodule apt | varac | |
2013-03-14 | automatic update of submodule apt | varac | |