leap_platform.git - [leap

Age	Commit message (Collapse)	Author
2013-04-02	switch to using stunnel_client and stunnel_server leap_cli macros	Micah Anderson
	add bigcouch_replication_clients to couchdb.json change site_couchdb/manifests/stunnel to use stunnel_client and stunnel_server generated hiera values to setup the stunnels for the couch_server connections, and the bigcouch_replication_server and bigcouch_replication_clients tunnels instead of using hard-coded ips and ports. also change the pid names to be more consistent with what the tunnels are and are named
2013-04-02	replace long-form variables with shorter ones	Micah Anderson
	remove unnecessary bigcouch_replication_client_default values (verify, rndfile, debuglevel)
2013-04-02	refactor couch_client stunnel to use new stunnel_client leap_cli macro	Micah Anderson
	re-order variables to be more consistant
2013-04-02	remove unnecessary class inheritance	Micah Anderson

2013-04-02	lint so default options are together	Micah Anderson

2013-04-02	shorewall: add couch_server stunnel port to macro.leap_couchdb, this is ↵	Micah Anderson
	necessary for the stunnel to communicate
2013-04-02	remove duplicate 'include site_stunnel'	Micah Anderson
	this already exists in class site_stunnel::setup which is instantiated in this class
2013-04-02	start erlang vm on dedicated port so firewalling is easier	varac

2013-04-02	fix bigcouch stunnel pid name	varac

2013-04-02	provide stunnel connect_port to site_webapp:couchdb	varac

2013-04-02	decrease stunnel debug level	varac

2013-04-02	couchdb hosts include site_shorewall::couchdb::bigcouch	varac

2013-04-02	added site_shorewall::couchdb::bigcouch	varac
	bigcouch cluster protocol communicate via the fqdn of the neighbor hosts. So we need to bend all requests to <fqdn>:4369 to localhost:400x (which is the entry of an stunnel connection to the other neighbor)
2013-04-02	added site_shorewall::dnat to configure DNAT rules	varac

2013-04-02	increase stunnel verbosity until everything is running smooth	varac

2013-04-02	addded client side of bigcouch cluster protocol stunnel config	varac

2013-04-02	make site_stunnel::clients connect_port configurable	varac

2013-04-02	added bigcouch.conf as incoming stunnel config for bigcouch clustering	varac

2013-04-02	moving generic stunnel config from site_webapp to site_stunnel now working	varac

2013-04-02	shorewall couchdb config: get open ports right	varac

2013-04-02	moved generic stunnel config from site_webapp to site_stunnel	varac

2013-04-02	working on stunnel for bigcouch clustering	varac

2013-04-01	Merge branch 'develop' of ssh://leap.se/leap_platform into develop	elijah

2013-04-01	added setup.pp	elijah

2013-03-31	automatic update of submodule couchdb	Micah Anderson

2013-03-29	fixed site_openvpn bug with redefined variable.	elijah

2013-03-28	added stunnel_server	elijah

2013-03-19	add webapp secret token that pulls from hiera a 'secret'	Micah Anderson

2013-03-19	cp instead of mv for the couchdb configuration file	Micah Anderson
	if we move, then we need to re-create the file on the next deploy
2013-03-19	create a separate couchdb.yml.admin that contains the couchdb admin ↵	Micah Anderson
	privileges, putting the unprivileged ones in as user webapp in couchdb.yml. This allows us to migrate the couchdb design docs on deployment, but use an unprivileged user the remainder of the time
2013-03-19	fix spelling of 'command' parameter	Micah Anderson

2013-03-19	fix missing closing curly brace	Micah Anderson

2013-03-19	configure webapp haproxy couchdb connection	Micah Anderson

2013-03-19	configure site_webapp::haproxy to ship a haproxy config::fragment to setup the	Micah Anderson
	haproxy listener 'bigcouch-in'. This haproxy listener is configured to listen on port 4096 (arbitrarily chosen) and balance across the locally configured stunnels to the bigcouch instances It may be that we will need some additional haproxy options for handling persistence, cookies, or other HTTP headers, I'm unsure as of this moment
2013-03-19	add some generic haproxy defaults	Micah Anderson

2013-03-19	add haproxy submodule	Micah Anderson

2013-03-19	Migrate the couchdb design documents during webapp deploy (#1976)	Micah Anderson

2013-03-19	turn off automatic updates of couchdb design docs (#1979)	Micah Anderson

2013-03-18	Webapp: Use stunnel localhost:5000 for couchdb connection	varac

2013-03-17	fix webapp/couchdb stunnel certificate authority	Micah Anderson

2013-03-17	added support for "limited" service levels (although vpn is not yet actually ↵	elijah
	rate limited).
2013-03-16	Merge branch 'stunnel_switch' into develop	varac

2013-03-16	pick the first couchdb host for webapp couch config	varac
	Until we have a proper load balancing setup (see https://leap.se/code/issues/1994)
2013-03-15	automatic update of submodule couchdb	varac

2013-03-15	automatic update of submodule apt	varac

2013-03-15	automatic update of submodule couchdb	varac

2013-03-14	add couchdb stunnel clients	Micah Anderson

2013-03-14	add couchdb stunnel server	Micah Anderson

2013-03-14	add a basic site_stunnel that takes care of some generic functionality that ↵	Micah Anderson
	all stunnel client/servers will need handled (at least in debian and ubuntu)
2013-03-14	remove apache ssl proxy in preparation of replacing it with a stunnel setup	Micah Anderson
	This presents us with an interesting problem of deprecation. We need to manage the removal of something that we previously installed in any released code. How long we carry the puppet code that removes raises some interesting questions: do we require that someone who deployed version 1 (where the apache ssl proxy was deployed) of the platform upgrade first to version 2 (where we remove the apache ssl proxy) before they upgrade to version 3 (where the apache ssl proxy removal is no longer present) -- or do we allow people to skip versions?