Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-06-27 | leap-mx package resource ensure parameter needs to be 'latest' to ensure | Micah Anderson | |
packages will be upgraded Change-Id: Ic94be8b732d9d2202f87c0c2cdd2fd0d16cc9efc | |||
2014-06-27 | reorder /etc/hosts | Christoph | |
now "hostname -f" results in the correct hostname. Fixes #5835 | |||
2014-06-26 | reorder /etc/hosts | Christoph | |
now "hostname -f" results in the correct hostname. Fixes #5835 | |||
2014-06-25 | lint site_couchdb | elijah | |
2014-06-25 | update couchdb submodule | elijah | |
2014-06-25 | create netrc files for all users with new puppet_couchdb | Azul | |
This only works with the latest patch to puppet_couchdb | |||
2014-06-25 | hand replication credentials to tapicero | Azul | |
2014-06-25 | minor: fix typo in replication user roles | Azul | |
2014-06-25 | haproxy: support read only couchdb mirrors | elijah | |
2014-06-25 | stunnel: make site_mx and site_webapp use new site_stunnel | elijah | |
2014-06-25 | add replication user | Azul | |
2014-06-25 | site_couchdb: support auto-stunnel setup, split master, bigcouch, and mirror ↵ | elijah | |
out into separate files. | |||
2014-06-25 | new generic system for stunnel: just `include site_stunnel` and stunnel + ↵ | elijah | |
needed shorewall will be automatically set up. requires new leap_cli | |||
2014-06-25 | first steps towards mirroring couch | Azul | |
2014-06-25 | set mirror option if we are on a couch mirror | Azul | |
2014-06-25 | separate bigcouch specifics from init.pp | Azul | |
2014-06-25 | split bigcouch stunnel from plain couch stunnel | Azul | |
2014-06-17 | allow webapp.json to configure what engines are enabled | elijah | |
2014-06-04 | clean up how /etc/hosts is generated so it doesn't require custom behavior ↵0.5.2 | elijah | |
depending on the services. | |||
2014-06-04 | bugfix: actually apply modules based on $services | elijah | |
2014-06-03 | move hiera from site.pp to site_config::setup | Christoph | |
the problem was following: if a host has the webapp service, the template for /etc/hosts adds some stuff. But setup.pp did not ask hiera about the services so "/srv/leap/bin/puppet_command set_hostname" always resets the hostname. Since that gets triggered every time you run "leap deploy" the hostname changes, some services restart, then the hostname changes back and the services restart again. The solution is to get the hiera data before every run. | |||
2014-06-02 | static site: better message for wrong location type. | elijah | |
2014-06-02 | remove superfluous RackBaseURI directive | elijah | |
2014-06-02 | work around hiera's inability to escape '%' by using ':percent:' | elijah | |
2014-06-02 | static site: added rack support, added custom apache config | elijah | |
2014-06-02 | added templatewlv function (allows passing local variables to templates) | elijah | |
2014-06-02 | added support for /provider.json served from static site. | elijah | |
2014-06-02 | fix unbound: configs in /etc/unbound/unbound.conf.d contained a syntax error ↵ | elijah | |
and were missing .conf suffix | |||
2014-05-27 | Add missing scope to top-level sshd class, passing necessary parameters | Micah Anderson | |
for configuration (#3108) Change-Id: I4f94a47d47a40bfc6835359e7781707f96e91db0 | |||
2014-05-27 | Update sshd submodule to get necessary fixes to enable us to change sshd port | Micah Anderson | |
Change-Id: I3b6a87c9d6a2c349392e5bc98a68b800645fde92 | |||
2014-05-27 | Switch away from site_config::sshd and instead just include site_sshd | Micah Anderson | |
The existing site_config::sshd had a non-functioning 'include sshd' line in it that was not doing what was expected (this was supposed to include the sshd module, but due to scoping was including itself). It seemed better to eliminate some of the unused pieces and consolidate into one config location. Change-Id: I79dd904e696ca646180a09abbb03b5361dfc8ab9 | |||
2014-05-27 | clarify comments in site_sshd::authorized_keys | Micah Anderson | |
Change-Id: I679dfe8dff90b7c86ab0ffff43e13958f1ec2c99 | |||
2014-05-24 | Merge remote-tracking branch 'cz8s/feature/allow_webapp_and_mx_on_one_host' ↵ | Micah Anderson | |
into develop | |||
2014-05-24 | move haproxy-template to modules/site_haproxy | Christoph | |
2014-05-24 | remove unused variable local_ports | Christoph | |
2014-05-22 | Implement #2328: unbound.conf: content changed on every puppetrun | Micah Anderson | |
This is done by using the include glob capability that is in the wheezy-backports and newer unbound to include the /etc/unbound/unbound.conf.d/* config files. To do this, we need to transition from our /etc/unbound/conf.d directory structure to use the one that the debian package uses. This allows us to clean up the rather ugly way we were configuring the resolver before. Change-Id: I68347922f265bbd0ddf11d59d8574a612a7bd82c | |||
2014-05-22 | lint cleanup of site_config::caching_resolver | Micah Anderson | |
Change-Id: I3f6a4db26e064a520a08822cf23fc3288b31af62 | |||
2014-05-22 | Install wheezy-backports version of unbound, this is necessary to solve #2328 | Micah Anderson | |
Change-Id: Ie28de8d3f7a8c8cf52ce30365379a476d48dc88b | |||
2014-05-22 | Move rsyslog preferences snippet to site_apt::preferences::rsyslog, to | Micah Anderson | |
group it with the other preferences snippets Change-Id: I83928c6b82cd6218a80c95475729cb57f146ff85 | |||
2014-05-22 | remove old classes | Christoph | |
site_mx::haproxy and site_webapp::haproxy only included site_haproxy. They didn't do anything else. So just include site_haproxy in manifests/init.pp and remove the unused classes | |||
2014-05-22 | fix haproxy config if webapp and mx run on the same host | Christoph | |
the problem was, that both site_mx::haproxy and site_webapp::haproxy declared the same resource. I fixed it by moving that resource to site_haproxy. Since that gets included by both classes, everything works like a charm | |||
2014-05-21 | fix resolv.conf on virtualbox | Christoph | |
virtualbox sends the domain with the dhcp-answer. If the wrong domain ends up in /etc/resolv.conf bigcouch fails. | |||
2014-05-17 | static: pin amber version to 0.3.0 | elijah | |
2014-05-17 | fixes #5533 and updates rsyslog Merge branch 'rsyslog_backport' into develop | kwadronaut | |
2014-05-17 | change rsyslog pin from leaps debian repo to backports (fixes #5533) | kwadronaut | |
2014-05-14 | revert accidental change to webapp config template | Azul | |
2014-05-14 | use hash for provider service levels | Azul | |
We want to access service levels by means of the id stored in the user record. With a hash we don't have to loop through all elements to find the one with a given id and still can use arbitrary strings and do not rely on the order of the array. Also it's the format the webapp is expecting right now. | |||
2014-05-13 | openvpn server config: script-security should be "1", since we don't need ↵ | elijah | |
"2"; add tcp-nodelay to tcp servers. | |||
2014-05-07 | openvpn package resource needs to be ensure => latest to accommodate upgrades | Micah Anderson | |
Change-Id: I8caad9b4ac15dcce8ab74ad6d22dd6ad9f6efb14 | |||
2014-05-06 | Change the initial firewall to subscribe to the rule file to be able to | Micah Anderson | |
trigger changes, make the default ipv6 firewall subscribe to shorewall6, if it exists, and finally reject all outgoing IPv6 packets. All of this will complete the platform-side of route IPv6 through OpenVPN gateway, and block it. (Feature #4163) Change-Id: Icf6d582063ed01d304658b740a565057ee4e6810 |