summaryrefslogtreecommitdiff
path: root/puppet
AgeCommit message (Collapse)Author
2014-08-22FQDN should come first in /etc/hostsvarac
fixes /etc/hosts: wrong order (Bug #5835) (now for real) before, /etc/hosts contained i.e. 127.0.1.1 plain1 plain1.bitmask.net plain1.bitmask.i which resulted in no fqdn reported both by "hostname -f" and "facter fqdn" this fix produces this order which is needed to report a fqdn: 127.0.1.1 plain1.bitmask.net plain1 plain1.bitmask.i
2014-08-21Fix starting tapicero when it is not running (#6004)0.5.3Micah Anderson
Due to how tapicero's initscript is made, it is not possible to check for a valid exit code for the status (it returns a zero when it is not running). So we disable the puppet 'hasstatus' parameter and instead puppet will look in the process table for 'tapicero' Change-Id: I9b017ea8055c0207e43876dd4e3bbc2619c0fd35
2014-08-21Fix "Nagios ssh check is automatically added by the ssh module and cantains ↵varac
a wrong hostname on single node setup (Bug #5998)" before, the ssh module added this check, resulting in a wrong hostname and the port was always '22'. manage_nagios parameter is boolean, so we use false instead of 'no' manually add check_ssh to nagios (#5998)
2014-08-05Fixes: #5952 Webapp now logs to it's own file instead of syslog and user.logguido
2014-08-01Merge branch 'feature/replication-in-tapicero-security' into developAzul
2014-08-01minor: fix typo in webapp configAzul
@provider -> @webapp
2014-07-30add replication role to user databases with tapiceroAzul
This way the replication has read access on the source and write access on the target.
2014-07-29Merge remote-tracking branch 'fbernitt/issue_5217_allow_registration' into ↵Azul
develop
2014-07-15haproxy default to couch_write, couch_read on GETAzul
METH_POST probably does not catch PUT, DESTROY etc. So instead we now use the master as the default and only use the replications for GET and HEAD requests.
2014-07-14proper json for tapicero configAzul
2014-07-14update couchdb puppet moduleAzul
2014-07-11Added allow_registration to webapp config.yml.Folker Bernitt
- See issue #5217 - See companion change in leap_web
2014-07-01Use new macro pick_node to pick vpn gateway for obfsproxy.jsonirregulator
2014-07-01Check appropriately if obfsproxy is included in servicesirregulator
2014-07-01Add apt preferences requirement for obfsproxy package resourceirregulator
2014-07-01Add User resource requirement for obfsproxy service, log, etc dirirregulator
2014-07-01Remove unneeded newlines from obfsproxy.confirregulator
2014-07-01Explicitly set apt preferences for obfsproxy to wheezy-backportsirregulator
2014-07-01Make obfsproxy daemon bind to specific address rather than 0.0.0.0irregulator
If obfsproxy is spawned alongside eip service, make it listen to the gateway_adress IP. If obfsproxy is running standalone listen to ip_address.
2014-07-01Remove initscript subscription to conf fileirregulator
2014-07-01Move log files to var/log instead of var/log/obfsproxyirregulator
2014-07-01Subscribe obfsproxy service resource to conf fileirregulator
2014-07-01Simplify init script, let puppet service resource use init statusirregulator
2014-07-01Change logrotate's frequency and number of log files to keepirregulator
2014-07-01Be able to specify log_level parameter for obfsproxyirregulator
log_level sets minimum logging severity of obfsproxy daemon, can be error, warning, info, debug. Defaults to info.
2014-07-01Address logging for obfsproxy daemonirregulator
Create obfsproxy directory in /var/log, specify log file when obfsproxy is spawned by init script, create a logrotate configuration for obfsproxy's logs.
2014-07-01Line up equal signs, change double to single quotesirregulator
2014-07-01Remove commented lines from obfsproxy puppet module classirregulator
2014-07-01Remove commented lines from init script status sectionirregulator
2014-07-01Change exit status code if config file is missingirregulator
2014-07-01Move obfsproxy_daemon to obfsproxy_initirregulator
2014-07-01Add data directory to save scramblesuit's state.irregulator
Also clean up a little the obfsproxy puppet class, create appropriate directories, restrict permissions.
2014-07-01Make shorewall accept incoming traffic for obfsproxy serverirregulator
2014-07-01Initial commit for obfsproxy server feature in platformirregulator
2014-06-27add a package resource for leap-keymanager to make sure it is also theMicah Anderson
latest version, this is necessary to transition to the python-gnupg-ng package, which will not otherwise be installed Change-Id: I2ea631e15518fd40cb0ea4fe718498bdfba3c599
2014-06-27leap-mx package resource ensure parameter needs to be 'latest' to ensureMicah Anderson
packages will be upgraded Change-Id: Ic94be8b732d9d2202f87c0c2cdd2fd0d16cc9efc
2014-06-27reorder /etc/hostsChristoph
now "hostname -f" results in the correct hostname. Fixes #5835
2014-06-26reorder /etc/hostsChristoph
now "hostname -f" results in the correct hostname. Fixes #5835
2014-06-25lint site_couchdbelijah
2014-06-25update couchdb submoduleelijah
2014-06-25create netrc files for all users with new puppet_couchdbAzul
This only works with the latest patch to puppet_couchdb
2014-06-25hand replication credentials to tapiceroAzul
2014-06-25minor: fix typo in replication user rolesAzul
2014-06-25haproxy: support read only couchdb mirrorselijah
2014-06-25stunnel: make site_mx and site_webapp use new site_stunnelelijah
2014-06-25add replication userAzul
2014-06-25site_couchdb: support auto-stunnel setup, split master, bigcouch, and mirror ↵elijah
out into separate files.
2014-06-25new generic system for stunnel: just `include site_stunnel` and stunnel + ↵elijah
needed shorewall will be automatically set up. requires new leap_cli
2014-06-25first steps towards mirroring couchAzul
2014-06-25set mirror option if we are on a couch mirrorAzul