summaryrefslogtreecommitdiff
path: root/puppet
AgeCommit message (Collapse)Author
2013-04-24automatic update of submodule stdlibvarac
2013-04-24automatic update of submodule couchdbvarac
2013-04-24Use pre-salted+hashed user pw for couchdb (Feature #2324)varac
2013-04-23automatic update of submodule couchdbvarac
2013-04-23fix mode for webapp production.log (#2300)Micah Anderson
2013-04-22webapp -- fixed bug in configurationelijah
2013-04-18update apache module to take the 'ssl' parameter, and pass it to the class, thisMicah Anderson
eliminates a potential variable lookup ordering problem (#2273)
2013-04-18webapp: removed "Alias /1" from apache configelijah
2013-04-17update apache module to new 2.7 styleMicah Anderson
2013-04-17rename fallback apt source list so it will be more obvious when it is paired ↵Micah Anderson
with the primary.list
2013-04-16move secret token into the config.yamlMicah Anderson
2013-04-16pass version to haproxy so that the leap package will be installedMicah Anderson
this package is a newer version than the one in debian, and as of this writing haproxy is scheduled to be removed from wheezy, also it has hardened flags enabled
2013-04-16update haproxy submodule to get version parameter possibilityMicah Anderson
2013-04-11webapp: use admin creds for now, until we fixed couchdb user permissionsvarac
2013-04-10clean up ca_daemon things, it is not used any longer because it has been ↵Micah Anderson
included in the web app (#1978) remove site_ca_daemon module and configuration in site.pp as well as the provider_base/services/ca.json
2013-04-09make sure the production environment is used for the migrationsMicah Anderson
2013-04-09add a httpchk line to haproxy to properly test if the couchdb is availableMicah Anderson
add the useful http-server-close option set check option on the servers, with a 3 second interval, a one second fastinter (for flapping) and a one second downinter. Set the number of checks for failure to be one (so it will take 3 seconds for a node to fail out) and 2 checks to come back
2013-04-09update deprecated haproxy configuration options, set values a little lowerMicah Anderson
2013-04-04set permissions on the rails production.log, otherwise passenger complains ↵Micah Anderson
about this in the apache log file
2013-04-04fix typo in x509::variablesMicah Anderson
2013-04-04make sure the couchdb.yml permissions are set properlyMicah Anderson
2013-04-04fix missing commaMicah Anderson
2013-04-04pass $ca_name to stunnel::setup - this eliminates a dynamic scoped variable ↵Micah Anderson
lookup, and warning
2013-04-04update submodule to get fix for syntax errorMicah Anderson
2013-04-04add Erlang Distributed Node Protocol Port json entry under bigcouchMicah Anderson
setup ednp_server and ednp_client stunnels update couchdb puppet submodule to support configurable ednp_port parameter and general module cleanup pass ednp_port to couchdb setup so that it is configured in the vm.args template clarify in comments the difference between the epmd and ednp ports remove hard-coded erlang_vm_port variable and instead setup shorewall to allow for the stunnel connection only setup dnat rules for the ednp client connections
2013-04-04remove the apache_ssl_proxy cleanupMicah Anderson
2013-04-04rename bigcouch.port to more accurate bigcouch.epmd_portMicah Anderson
2013-04-04rename the bigcouch_replication_[server,client] to be the more accurately, andMicah Anderson
shorter named epmd (erlang port mapper daemon)
2013-04-03automatic update to stunnel moduleMicah Anderson
2013-04-03switch stunnel module to our version which has been modified for 2.7 ↵Micah Anderson
parameterized classes and qualified variables update our stunnel class instantiation to be parameterized
2013-04-02shorewall: re-order dnat rule variables to match configuration file orderMicah Anderson
2013-04-02replace hard-coded port number with hiera determined one, manipulated to ↵Micah Anderson
remove the 'ip:' from the beginning in bigcouch replication client stunnels
2013-04-02firewall: remove no longer needed epmd portMicah Anderson
2013-04-02fix variable curly bracesMicah Anderson
2013-04-02shorewall:Micah Anderson
create a macro for the bigcouch replication server stunnel to enable these connections pulling bigcouch_replication_clients, bigcouch_replication_server_port from hiera create site_shorewall::couchdb::dnat and create_resources to properly setup DNAT for bigcouch_replication_clients
2013-04-02switch to using stunnel_client and stunnel_server leap_cli macrosMicah Anderson
add bigcouch_replication_clients to couchdb.json change site_couchdb/manifests/stunnel to use stunnel_client and stunnel_server generated hiera values to setup the stunnels for the couch_server connections, and the bigcouch_replication_server and bigcouch_replication_clients tunnels instead of using hard-coded ips and ports. also change the pid names to be more consistent with what the tunnels are and are named
2013-04-02replace long-form variables with shorter onesMicah Anderson
remove unnecessary bigcouch_replication_client_default values (verify, rndfile, debuglevel)
2013-04-02refactor couch_client stunnel to use new stunnel_client leap_cli macroMicah Anderson
re-order variables to be more consistant
2013-04-02remove unnecessary class inheritanceMicah Anderson
2013-04-02lint so default options are togetherMicah Anderson
2013-04-02shorewall: add couch_server stunnel port to macro.leap_couchdb, this is ↵Micah Anderson
necessary for the stunnel to communicate
2013-04-02remove duplicate 'include site_stunnel'Micah Anderson
this already exists in class site_stunnel::setup which is instantiated in this class
2013-04-02start erlang vm on dedicated port so firewalling is easiervarac
2013-04-02fix bigcouch stunnel pid namevarac
2013-04-02provide stunnel connect_port to site_webapp:couchdbvarac
2013-04-02decrease stunnel debug levelvarac
2013-04-02couchdb hosts include site_shorewall::couchdb::bigcouchvarac
2013-04-02added site_shorewall::couchdb::bigcouchvarac
bigcouch cluster protocol communicate via the fqdn of the neighbor hosts. So we need to bend all requests to <fqdn>:4369 to localhost:400x (which is the entry of an stunnel connection to the other neighbor)
2013-04-02added site_shorewall::dnat to configure DNAT rulesvarac
2013-04-02increase stunnel verbosity until everything is running smoothvarac