summaryrefslogtreecommitdiff
path: root/puppet
AgeCommit message (Collapse)Author
2014-07-01Address logging for obfsproxy daemonirregulator
Create obfsproxy directory in /var/log, specify log file when obfsproxy is spawned by init script, create a logrotate configuration for obfsproxy's logs.
2014-07-01Line up equal signs, change double to single quotesirregulator
2014-07-01Remove commented lines from obfsproxy puppet module classirregulator
2014-07-01Remove commented lines from init script status sectionirregulator
2014-07-01Change exit status code if config file is missingirregulator
2014-07-01Move obfsproxy_daemon to obfsproxy_initirregulator
2014-07-01Add data directory to save scramblesuit's state.irregulator
Also clean up a little the obfsproxy puppet class, create appropriate directories, restrict permissions.
2014-07-01Make shorewall accept incoming traffic for obfsproxy serverirregulator
2014-07-01Initial commit for obfsproxy server feature in platformirregulator
2014-06-27add a package resource for leap-keymanager to make sure it is also theMicah Anderson
latest version, this is necessary to transition to the python-gnupg-ng package, which will not otherwise be installed Change-Id: I2ea631e15518fd40cb0ea4fe718498bdfba3c599
2014-06-27leap-mx package resource ensure parameter needs to be 'latest' to ensureMicah Anderson
packages will be upgraded Change-Id: Ic94be8b732d9d2202f87c0c2cdd2fd0d16cc9efc
2014-06-27reorder /etc/hostsChristoph
now "hostname -f" results in the correct hostname. Fixes #5835
2014-06-26reorder /etc/hostsChristoph
now "hostname -f" results in the correct hostname. Fixes #5835
2014-06-25lint site_couchdbelijah
2014-06-25update couchdb submoduleelijah
2014-06-25create netrc files for all users with new puppet_couchdbAzul
This only works with the latest patch to puppet_couchdb
2014-06-25hand replication credentials to tapiceroAzul
2014-06-25minor: fix typo in replication user rolesAzul
2014-06-25haproxy: support read only couchdb mirrorselijah
2014-06-25stunnel: make site_mx and site_webapp use new site_stunnelelijah
2014-06-25add replication userAzul
2014-06-25site_couchdb: support auto-stunnel setup, split master, bigcouch, and mirror ↵elijah
out into separate files.
2014-06-25new generic system for stunnel: just `include site_stunnel` and stunnel + ↵elijah
needed shorewall will be automatically set up. requires new leap_cli
2014-06-25first steps towards mirroring couchAzul
2014-06-25set mirror option if we are on a couch mirrorAzul
2014-06-25separate bigcouch specifics from init.ppAzul
2014-06-25split bigcouch stunnel from plain couch stunnelAzul
2014-06-17allow webapp.json to configure what engines are enabledelijah
2014-06-04clean up how /etc/hosts is generated so it doesn't require custom behavior ↵0.5.2elijah
depending on the services.
2014-06-04bugfix: actually apply modules based on $serviceselijah
2014-06-03move hiera from site.pp to site_config::setupChristoph
the problem was following: if a host has the webapp service, the template for /etc/hosts adds some stuff. But setup.pp did not ask hiera about the services so "/srv/leap/bin/puppet_command set_hostname" always resets the hostname. Since that gets triggered every time you run "leap deploy" the hostname changes, some services restart, then the hostname changes back and the services restart again. The solution is to get the hiera data before every run.
2014-06-02static site: better message for wrong location type.elijah
2014-06-02remove superfluous RackBaseURI directiveelijah
2014-06-02work around hiera's inability to escape '%' by using ':percent:'elijah
2014-06-02static site: added rack support, added custom apache configelijah
2014-06-02added templatewlv function (allows passing local variables to templates)elijah
2014-06-02added support for /provider.json served from static site.elijah
2014-06-02fix unbound: configs in /etc/unbound/unbound.conf.d contained a syntax error ↵elijah
and were missing .conf suffix
2014-05-27Add missing scope to top-level sshd class, passing necessary parametersMicah Anderson
for configuration (#3108) Change-Id: I4f94a47d47a40bfc6835359e7781707f96e91db0
2014-05-27Update sshd submodule to get necessary fixes to enable us to change sshd portMicah Anderson
Change-Id: I3b6a87c9d6a2c349392e5bc98a68b800645fde92
2014-05-27Switch away from site_config::sshd and instead just include site_sshdMicah Anderson
The existing site_config::sshd had a non-functioning 'include sshd' line in it that was not doing what was expected (this was supposed to include the sshd module, but due to scoping was including itself). It seemed better to eliminate some of the unused pieces and consolidate into one config location. Change-Id: I79dd904e696ca646180a09abbb03b5361dfc8ab9
2014-05-27clarify comments in site_sshd::authorized_keysMicah Anderson
Change-Id: I679dfe8dff90b7c86ab0ffff43e13958f1ec2c99
2014-05-24Merge remote-tracking branch 'cz8s/feature/allow_webapp_and_mx_on_one_host' ↵Micah Anderson
into develop
2014-05-24move haproxy-template to modules/site_haproxyChristoph
2014-05-24remove unused variable local_portsChristoph
2014-05-22Implement #2328: unbound.conf: content changed on every puppetrunMicah Anderson
This is done by using the include glob capability that is in the wheezy-backports and newer unbound to include the /etc/unbound/unbound.conf.d/* config files. To do this, we need to transition from our /etc/unbound/conf.d directory structure to use the one that the debian package uses. This allows us to clean up the rather ugly way we were configuring the resolver before. Change-Id: I68347922f265bbd0ddf11d59d8574a612a7bd82c
2014-05-22lint cleanup of site_config::caching_resolverMicah Anderson
Change-Id: I3f6a4db26e064a520a08822cf23fc3288b31af62
2014-05-22Install wheezy-backports version of unbound, this is necessary to solve #2328Micah Anderson
Change-Id: Ie28de8d3f7a8c8cf52ce30365379a476d48dc88b
2014-05-22Move rsyslog preferences snippet to site_apt::preferences::rsyslog, toMicah Anderson
group it with the other preferences snippets Change-Id: I83928c6b82cd6218a80c95475729cb57f146ff85
2014-05-22remove old classesChristoph
site_mx::haproxy and site_webapp::haproxy only included site_haproxy. They didn't do anything else. So just include site_haproxy in manifests/init.pp and remove the unused classes