summaryrefslogtreecommitdiff
path: root/puppet
AgeCommit message (Collapse)Author
2013-04-09make sure the production environment is used for the migrationsMicah Anderson
2013-04-09add a httpchk line to haproxy to properly test if the couchdb is availableMicah Anderson
add the useful http-server-close option set check option on the servers, with a 3 second interval, a one second fastinter (for flapping) and a one second downinter. Set the number of checks for failure to be one (so it will take 3 seconds for a node to fail out) and 2 checks to come back
2013-04-09update deprecated haproxy configuration options, set values a little lowerMicah Anderson
2013-04-04set permissions on the rails production.log, otherwise passenger complains ↵Micah Anderson
about this in the apache log file
2013-04-04fix typo in x509::variablesMicah Anderson
2013-04-04make sure the couchdb.yml permissions are set properlyMicah Anderson
2013-04-04fix missing commaMicah Anderson
2013-04-04pass $ca_name to stunnel::setup - this eliminates a dynamic scoped variable ↵Micah Anderson
lookup, and warning
2013-04-04update submodule to get fix for syntax errorMicah Anderson
2013-04-04add Erlang Distributed Node Protocol Port json entry under bigcouchMicah Anderson
setup ednp_server and ednp_client stunnels update couchdb puppet submodule to support configurable ednp_port parameter and general module cleanup pass ednp_port to couchdb setup so that it is configured in the vm.args template clarify in comments the difference between the epmd and ednp ports remove hard-coded erlang_vm_port variable and instead setup shorewall to allow for the stunnel connection only setup dnat rules for the ednp client connections
2013-04-04remove the apache_ssl_proxy cleanupMicah Anderson
2013-04-04rename bigcouch.port to more accurate bigcouch.epmd_portMicah Anderson
2013-04-04rename the bigcouch_replication_[server,client] to be the more accurately, andMicah Anderson
shorter named epmd (erlang port mapper daemon)
2013-04-03automatic update to stunnel moduleMicah Anderson
2013-04-03switch stunnel module to our version which has been modified for 2.7 ↵Micah Anderson
parameterized classes and qualified variables update our stunnel class instantiation to be parameterized
2013-04-02shorewall: re-order dnat rule variables to match configuration file orderMicah Anderson
2013-04-02replace hard-coded port number with hiera determined one, manipulated to ↵Micah Anderson
remove the 'ip:' from the beginning in bigcouch replication client stunnels
2013-04-02firewall: remove no longer needed epmd portMicah Anderson
2013-04-02fix variable curly bracesMicah Anderson
2013-04-02shorewall:Micah Anderson
create a macro for the bigcouch replication server stunnel to enable these connections pulling bigcouch_replication_clients, bigcouch_replication_server_port from hiera create site_shorewall::couchdb::dnat and create_resources to properly setup DNAT for bigcouch_replication_clients
2013-04-02switch to using stunnel_client and stunnel_server leap_cli macrosMicah Anderson
add bigcouch_replication_clients to couchdb.json change site_couchdb/manifests/stunnel to use stunnel_client and stunnel_server generated hiera values to setup the stunnels for the couch_server connections, and the bigcouch_replication_server and bigcouch_replication_clients tunnels instead of using hard-coded ips and ports. also change the pid names to be more consistent with what the tunnels are and are named
2013-04-02replace long-form variables with shorter onesMicah Anderson
remove unnecessary bigcouch_replication_client_default values (verify, rndfile, debuglevel)
2013-04-02refactor couch_client stunnel to use new stunnel_client leap_cli macroMicah Anderson
re-order variables to be more consistant
2013-04-02remove unnecessary class inheritanceMicah Anderson
2013-04-02lint so default options are togetherMicah Anderson
2013-04-02shorewall: add couch_server stunnel port to macro.leap_couchdb, this is ↵Micah Anderson
necessary for the stunnel to communicate
2013-04-02remove duplicate 'include site_stunnel'Micah Anderson
this already exists in class site_stunnel::setup which is instantiated in this class
2013-04-02start erlang vm on dedicated port so firewalling is easiervarac
2013-04-02fix bigcouch stunnel pid namevarac
2013-04-02provide stunnel connect_port to site_webapp:couchdbvarac
2013-04-02decrease stunnel debug levelvarac
2013-04-02couchdb hosts include site_shorewall::couchdb::bigcouchvarac
2013-04-02added site_shorewall::couchdb::bigcouchvarac
bigcouch cluster protocol communicate via the fqdn of the neighbor hosts. So we need to bend all requests to <fqdn>:4369 to localhost:400x (which is the entry of an stunnel connection to the other neighbor)
2013-04-02added site_shorewall::dnat to configure DNAT rulesvarac
2013-04-02increase stunnel verbosity until everything is running smoothvarac
2013-04-02addded client side of bigcouch cluster protocol stunnel configvarac
2013-04-02make site_stunnel::clients connect_port configurablevarac
2013-04-02added bigcouch.conf as incoming stunnel config for bigcouch clusteringvarac
2013-04-02moving generic stunnel config from site_webapp to site_stunnel now workingvarac
2013-04-02shorewall couchdb config: get open ports rightvarac
2013-04-02moved generic stunnel config from site_webapp to site_stunnelvarac
2013-04-02working on stunnel for bigcouch clusteringvarac
2013-04-01Merge branch 'develop' of ssh://leap.se/leap_platform into developelijah
2013-04-01added setup.ppelijah
2013-03-31automatic update of submodule couchdbMicah Anderson
2013-03-29fixed site_openvpn bug with redefined variable.elijah
2013-03-28added stunnel_serverelijah
2013-03-19add webapp secret token that pulls from hiera a 'secret'Micah Anderson
2013-03-19cp instead of mv for the couchdb configuration fileMicah Anderson
if we move, then we need to re-create the file on the next deploy
2013-03-19create a separate couchdb.yml.admin that contains the couchdb admin ↵Micah Anderson
privileges, putting the unprivileged ones in as user webapp in couchdb.yml. This allows us to migrate the couchdb design docs on deployment, but use an unprivileged user the remainder of the time