From ffb88e54c5e4e30fa61ea1009f3eee62f98ab17c Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 27 Feb 2013 23:46:58 -0800 Subject: openvpn -- added support for optional "free" rate-limited service via special client certificates with the FREE prefix in the common name. --- provider_base/services/openvpn.json | 7 ++++++- provider_base/services/webapp.json | 4 +++- 2 files changed, 9 insertions(+), 2 deletions(-) (limited to 'provider_base/services') diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json index 7b67ccb3..e78a02ac 100644 --- a/provider_base/services/openvpn.json +++ b/provider_base/services/openvpn.json @@ -7,10 +7,15 @@ }, "openvpn": { "location": "Location Unknown", + "gateway_address": "REQUIRED", + "free_gateway_address": "= openvpn.allow_free ? 'REQUIRED' : nil", "ports": ["80", "443", "53", "1194"], "protocols": ["tcp", "udp"], "filter_dns": false, "adblock": false, - "user_ips": false + "user_ips": false, + "allow_free": "= global.provider.service_allow_free", + "free_prefix": "= global.provider.ca.client_certificates.free_prefix", + "free_rate_limit": "= openvpn.allow_free ? global.provider.service_levels.detect{|level| level['name'] == 'free'}['bandwidth'] : nil" } } diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index e3055c6f..8ede0ecf 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -8,7 +8,9 @@ "favicon": "= file_path 'branding/favicon.ico'", "tail_scss": "= file_path 'branding/tail.scss'", "head_scss": "= file_path 'branding/head.scss'", - "img_dir": "= file_path 'branding/img'" + "img_dir": "= file_path 'branding/img'", + "client_certificates": "= global.provider.ca.client_certificates", + "allow_free": "= global.provider.service_allow_free" }, "definition_files": { "provider": "= file :provider_json_template", -- cgit v1.2.3 From 08c6032837e2f1c4c504976074c456e04202c64a Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 5 Mar 2013 13:11:10 -0800 Subject: change json comment to '//' --- provider_base/services/webapp.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'provider_base/services') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 8ede0ecf..ea79d7c4 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -2,8 +2,8 @@ "webapp": { "modules": ["user", "billing", "help"], "couchdb_hosts": "= hostnames nodes[:services => :couchdb][:local => local]", - # NOTE: this is bad, but pending a fix to https://leap.se/code/issues/1163 - # before we can use user "webapp" + // NOTE: this is bad, but pending a fix to https://leap.se/code/issues/1163 + // before we can use user "webapp" "couchdb_user": "= global.services[:couchdb].couch.users[:admin]", "favicon": "= file_path 'branding/favicon.ico'", "tail_scss": "= file_path 'branding/tail.scss'", -- cgit v1.2.3 From 402bb92da08b0c0a46be643963a87576e558b589 Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 8 Mar 2013 23:07:13 -0800 Subject: node environment: switch from production=true to environment=production. requires latest leap_cli --- provider_base/services/ca.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base/services') diff --git a/provider_base/services/ca.json b/provider_base/services/ca.json index 3fb8bf6c..64866ddc 100644 --- a/provider_base/services/ca.json +++ b/provider_base/services/ca.json @@ -1,6 +1,6 @@ { "ca_daemon": { - "couchdb_hosts": "= hostnames nodes[:services => :couchdb][:local => local]", + "couchdb_hosts": "= hostnames nodes_like_me[:services => :couchdb]", "couchdb_user": "= global.services[:couchdb].couch.users[:ca_daemon]" }, "service_type": "internal_service", -- cgit v1.2.3 From f76ab4429aeb5db67b384bfa103b13caaaa09900 Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 8 Mar 2013 23:07:29 -0800 Subject: couch - explicitly configure couch port --- provider_base/services/couchdb.json | 1 + 1 file changed, 1 insertion(+) (limited to 'provider_base/services') diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index 1c8005c2..ac84eeb2 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -4,6 +4,7 @@ "use": true }, "couch": { + "port": 5984, "users": { "admin": { "username": "admin", -- cgit v1.2.3 From 9ea188c22774607bd6914334daa3d303c041d9a4 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 10 Mar 2013 17:21:01 +0100 Subject: added bigcouch:cookie to services/couchdb.json --- provider_base/services/couchdb.json | 3 +++ 1 file changed, 3 insertions(+) (limited to 'provider_base/services') diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index 1c8005c2..e7668286 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -4,6 +4,9 @@ "use": true }, "couch": { + "bigcouch": { + "cookie": "= secret :bigcouch_cookie" + }, "users": { "admin": { "username": "admin", -- cgit v1.2.3 From 4ec32a1f773918b2c7a42c117fbad110c07df458 Mon Sep 17 00:00:00 2001 From: elijah Date: Sat, 16 Mar 2013 23:15:14 -0700 Subject: the development tag now specifies an alternative provider domain. this requires that we use domain.full_suffix instead of provider.domain, whenever possible. --- provider_base/services/webapp.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'provider_base/services') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index ea79d7c4..5e7260a6 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -29,8 +29,8 @@ "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'", "client_ca_cert": "= file_path :client_ca_cert", "client_ca_key": "= file_path :client_ca_key", - "commercial_cert": "= file [:commercial_cert, global.provider.domain]", - "commercial_key": "= file [:commercial_key, global.provider.domain]", + "commercial_cert": "= file [:commercial_cert, domain.full_suffix]", + "commercial_key": "= file [:commercial_key, domain.full_suffix]", "commercial_ca_cert": "= try_file :commercial_ca_cert" } } \ No newline at end of file -- cgit v1.2.3 From ad62cfdad04c8f8ed9d6454f716c92e850ac53ba Mon Sep 17 00:00:00 2001 From: elijah Date: Sun, 17 Mar 2013 13:15:51 -0700 Subject: added support for "limited" service levels (although vpn is not yet actually rate limited). --- provider_base/services/openvpn.json | 12 +++++++----- provider_base/services/webapp.json | 4 +++- 2 files changed, 10 insertions(+), 6 deletions(-) (limited to 'provider_base/services') diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json index e78a02ac..5d77f946 100644 --- a/provider_base/services/openvpn.json +++ b/provider_base/services/openvpn.json @@ -5,17 +5,19 @@ "client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'", "dh": "= file :dh_params, :missing => 'Diffie-Hellman parameters. Run `leap cert dh`'" }, + "location": null, "openvpn": { - "location": "Location Unknown", "gateway_address": "REQUIRED", - "free_gateway_address": "= openvpn.allow_free ? 'REQUIRED' : nil", + "second_gateway_address": "= openvpn.allow_limited && openvpn.allow_unlimited ? 'REQUIRED' : nil", "ports": ["80", "443", "53", "1194"], "protocols": ["tcp", "udp"], "filter_dns": false, "adblock": false, "user_ips": false, - "allow_free": "= global.provider.service_allow_free", - "free_prefix": "= global.provider.ca.client_certificates.free_prefix", - "free_rate_limit": "= openvpn.allow_free ? global.provider.service_levels.detect{|level| level['name'] == 'free'}['bandwidth'] : nil" + "allow_limited": "= global.provider.service.allow_limited_bandwidth", + "allow_unlimited": "= global.provider.service.allow_unlimited_bandwidth", + "limited_prefix": "= global.provider.ca.client_certificates.limited_prefix", + "unlimited_prefix": "= global.provider.ca.client_certificates.unlimited_prefix", + "rate_limit": "= openvpn.allow_limited ? global.provider.service.bandwidth_limit : nil" } } diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 5e7260a6..477d5f17 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -10,7 +10,9 @@ "head_scss": "= file_path 'branding/head.scss'", "img_dir": "= file_path 'branding/img'", "client_certificates": "= global.provider.ca.client_certificates", - "allow_free": "= global.provider.service_allow_free" + "allow_limited_certs": "= global.provider.service.allow_limited_bandwidth", + "allow_unlimited_certs": "= global.provider.service.allow_unlimited_bandwidth", + "allow_anonymous_certs": "= global.provider.service.allow_anonymous" }, "definition_files": { "provider": "= file :provider_json_template", -- cgit v1.2.3 From 9c1c74c359f80cf0e61b62befee0ec5cc04ab4c3 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 19 Mar 2013 17:41:37 -0400 Subject: create a separate couchdb.yml.admin that contains the couchdb admin privileges, putting the unprivileged ones in as user webapp in couchdb.yml. This allows us to migrate the couchdb design docs on deployment, but use an unprivileged user the remainder of the time --- provider_base/services/webapp.json | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'provider_base/services') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 477d5f17..0288a0cd 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -2,9 +2,8 @@ "webapp": { "modules": ["user", "billing", "help"], "couchdb_hosts": "= hostnames nodes[:services => :couchdb][:local => local]", - // NOTE: this is bad, but pending a fix to https://leap.se/code/issues/1163 - // before we can use user "webapp" - "couchdb_user": "= global.services[:couchdb].couch.users[:admin]", + "couchdb_admin_user": "= global.services[:couchdb].couch.users[:admin]", + "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:webapp]", "favicon": "= file_path 'branding/favicon.ico'", "tail_scss": "= file_path 'branding/tail.scss'", "head_scss": "= file_path 'branding/head.scss'", -- cgit v1.2.3 From 92ea0355de872a502d552d89ed88729b9b4fbaa2 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 19 Mar 2013 18:20:33 -0400 Subject: add webapp secret token that pulls from hiera a 'secret' --- provider_base/services/webapp.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'provider_base/services') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 0288a0cd..69c015a6 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -11,7 +11,8 @@ "client_certificates": "= global.provider.ca.client_certificates", "allow_limited_certs": "= global.provider.service.allow_limited_bandwidth", "allow_unlimited_certs": "= global.provider.service.allow_unlimited_bandwidth", - "allow_anonymous_certs": "= global.provider.service.allow_anonymous" + "allow_anonymous_certs": "= global.provider.service.allow_anonymous", + "secret_token": "= secret :webapp_secret_token" }, "definition_files": { "provider": "= file :provider_json_template", -- cgit v1.2.3 From ffda76a47c7f9d5766325d8cdf13d289430456eb Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 28 Mar 2013 10:01:32 -0700 Subject: added stunnel_server --- provider_base/services/couchdb.json | 3 +++ provider_base/services/webapp.json | 7 ++++++- 2 files changed, 9 insertions(+), 1 deletion(-) (limited to 'provider_base/services') diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index c3502c6b..0c407316 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -3,6 +3,9 @@ "x509": { "use": true }, + "stunnel": { + "couch_server": "= stunnel_server(couch.port)" + }, "couch": { "port": 5984, "bigcouch": { diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 69c015a6..895aa6e3 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -1,7 +1,6 @@ { "webapp": { "modules": ["user", "billing", "help"], - "couchdb_hosts": "= hostnames nodes[:services => :couchdb][:local => local]", "couchdb_admin_user": "= global.services[:couchdb].couch.users[:admin]", "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:webapp]", "favicon": "= file_path 'branding/favicon.ico'", @@ -14,6 +13,12 @@ "allow_anonymous_certs": "= global.provider.service.allow_anonymous", "secret_token": "= secret :webapp_secret_token" }, + "stunnel": { + "couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)" + }, + "haproxy": { + "local_ports": "= stunnel.couch_client.field(:accept_port)" + }, "definition_files": { "provider": "= file :provider_json_template", "eip_service": "= file :eip_service_json_template" -- cgit v1.2.3 From 5bd90fd23c34874fa32880e27105b4bea130ec3b Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 18 Mar 2013 23:25:20 +0100 Subject: added stunnel config for bigcouch communication --- provider_base/services/couchdb.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'provider_base/services') diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index 0c407316..41f9695f 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -4,11 +4,13 @@ "use": true }, "stunnel": { - "couch_server": "= stunnel_server(couch.port)" + "couch_server": "= stunnel_server(couch.port)", + "bigcouch_replication_server": "= stunnel_server(couch.bigcouch.port)" }, "couch": { "port": 5984, "bigcouch": { + "port": 4369, "cookie": "= secret :bigcouch_cookie" }, "users": { -- cgit v1.2.3 From af141e738c8b90a11ff8009e2eed602b168e4fc3 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 20 Mar 2013 19:28:48 +0100 Subject: add stunnel hiera values to provider_base/services/couchdb.json for bigcouch cluster protocol --- provider_base/services/couchdb.json | 1 + 1 file changed, 1 insertion(+) (limited to 'provider_base/services') diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index 41f9695f..7b649da9 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -7,6 +7,7 @@ "couch_server": "= stunnel_server(couch.port)", "bigcouch_replication_server": "= stunnel_server(couch.bigcouch.port)" }, + "stunnel": "= nextport = 4000; nodes_like_me[:services => :couchdb].values.inject({}) {|hsh, node| hsh[node.name + node.couch.bigcouch.port.to_s] = {'accept_port' => nextport.to_s, 'connect' => node.domain.full }; nextport+=1; hsh}", "couch": { "port": 5984, "bigcouch": { -- cgit v1.2.3 From 6f422863966a7e361f1c52be33a50e55bb39b9ff Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 20 Mar 2013 20:28:08 +0100 Subject: updated shorewall dnat hiera values for bigcouch cluster protocol --- provider_base/services/couchdb.json | 1 - 1 file changed, 1 deletion(-) (limited to 'provider_base/services') diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index 7b649da9..41f9695f 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -7,7 +7,6 @@ "couch_server": "= stunnel_server(couch.port)", "bigcouch_replication_server": "= stunnel_server(couch.bigcouch.port)" }, - "stunnel": "= nextport = 4000; nodes_like_me[:services => :couchdb].values.inject({}) {|hsh, node| hsh[node.name + node.couch.bigcouch.port.to_s] = {'accept_port' => nextport.to_s, 'connect' => node.domain.full }; nextport+=1; hsh}", "couch": { "port": 5984, "bigcouch": { -- cgit v1.2.3 From baf3ed5b6db4e8af052564864d8c3e426cf5d9d0 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Sun, 31 Mar 2013 12:32:42 -0400 Subject: switch to using stunnel_client and stunnel_server leap_cli macros add bigcouch_replication_clients to couchdb.json change site_couchdb/manifests/stunnel to use stunnel_client and stunnel_server generated hiera values to setup the stunnels for the couch_server connections, and the bigcouch_replication_server and bigcouch_replication_clients tunnels instead of using hard-coded ips and ports. also change the pid names to be more consistent with what the tunnels are and are named --- provider_base/services/couchdb.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'provider_base/services') diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index 41f9695f..c00f08cd 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -5,7 +5,8 @@ }, "stunnel": { "couch_server": "= stunnel_server(couch.port)", - "bigcouch_replication_server": "= stunnel_server(couch.bigcouch.port)" + "bigcouch_replication_server": "= stunnel_server(couch.bigcouch.port)", + "bigcouch_replication_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.bigcouch.port)" }, "couch": { "port": 5984, -- cgit v1.2.3 From 4ed5d33f33c488a6a6d5f6a5e8f57b74ecd53a7d Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 2 Apr 2013 15:38:44 -0700 Subject: added password salt to services/couchdb.json (requires latest leap_cli) --- provider_base/services/couchdb.json | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'provider_base/services') diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index 0c407316..e60f4e0f 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -14,15 +14,18 @@ "users": { "admin": { "username": "admin", - "password": "= secret :couch_admin_password" + "password": "= secret :couch_admin_password", + "salt": "= hex_secret :couch_admin_password_salt, 128" }, "webapp": { "username": "webapp", - "password": "= secret :couch_webapp_password" + "password": "= secret :couch_webapp_password", + "salt": "= hex_secret :couch_webapp_password_salt, 128" }, "ca_daemon": { "username": "ca_daemon", - "password": "= secret :couch_ca_daemon_password" + "password": "= secret :couch_ca_daemon_password", + "salt": "= hex_secret :couch_ca_daemon_password_salt, 128" } } } -- cgit v1.2.3 From 264e63967d9247e42662182aec771fbfb81e8e8e Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 4 Apr 2013 11:27:59 -0400 Subject: rename the bigcouch_replication_[server,client] to be the more accurately, and shorter named epmd (erlang port mapper daemon) --- provider_base/services/couchdb.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'provider_base/services') diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index ce46e3bb..111baf08 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -5,8 +5,8 @@ }, "stunnel": { "couch_server": "= stunnel_server(couch.port)", - "bigcouch_replication_server": "= stunnel_server(couch.bigcouch.port)", - "bigcouch_replication_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.bigcouch.port)" + "epmd_server": "= stunnel_server(couch.bigcouch.port)", + "epmd_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.bigcouch.port)" }, "couch": { "port": 5984, -- cgit v1.2.3 From e530f0c1d1a0a26bd277b70197b1f26871d92b1b Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 4 Apr 2013 11:40:12 -0400 Subject: rename bigcouch.port to more accurate bigcouch.epmd_port --- provider_base/services/couchdb.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'provider_base/services') diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index 111baf08..3ef4c213 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -5,13 +5,13 @@ }, "stunnel": { "couch_server": "= stunnel_server(couch.port)", - "epmd_server": "= stunnel_server(couch.bigcouch.port)", - "epmd_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.bigcouch.port)" + "epmd_server": "= stunnel_server(couch.bigcouch.epmd_port)", + "epmd_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.bigcouch.epmd_port)", }, "couch": { "port": 5984, "bigcouch": { - "port": 4369, + "epmd_port": 4369, "cookie": "= secret :bigcouch_cookie" }, "users": { -- cgit v1.2.3 From 2c53c5023b925cb596e3f450f194482eade1fbeb Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 4 Apr 2013 12:50:30 -0400 Subject: add Erlang Distributed Node Protocol Port json entry under bigcouch setup ednp_server and ednp_client stunnels update couchdb puppet submodule to support configurable ednp_port parameter and general module cleanup pass ednp_port to couchdb setup so that it is configured in the vm.args template clarify in comments the difference between the epmd and ednp ports remove hard-coded erlang_vm_port variable and instead setup shorewall to allow for the stunnel connection only setup dnat rules for the ednp client connections --- provider_base/services/couchdb.json | 3 +++ 1 file changed, 3 insertions(+) (limited to 'provider_base/services') diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index 3ef4c213..22578a70 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -7,11 +7,14 @@ "couch_server": "= stunnel_server(couch.port)", "epmd_server": "= stunnel_server(couch.bigcouch.epmd_port)", "epmd_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.bigcouch.epmd_port)", + "ednp_server": "= stunnel_server(couch.bigcouch.ednp_port)", + "ednp_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.bigcouch.ednp_port)" }, "couch": { "port": 5984, "bigcouch": { "epmd_port": 4369, + "ednp_port": 9002, "cookie": "= secret :bigcouch_cookie" }, "users": { -- cgit v1.2.3 From 92f565f349266f7c5adfc88b31d0d2902431efa4 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 10 Apr 2013 12:27:39 -0400 Subject: clean up ca_daemon things, it is not used any longer because it has been included in the web app (#1978) remove site_ca_daemon module and configuration in site.pp as well as the provider_base/services/ca.json --- provider_base/services/ca.json | 11 ----------- 1 file changed, 11 deletions(-) delete mode 100644 provider_base/services/ca.json (limited to 'provider_base/services') diff --git a/provider_base/services/ca.json b/provider_base/services/ca.json deleted file mode 100644 index 64866ddc..00000000 --- a/provider_base/services/ca.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "ca_daemon": { - "couchdb_hosts": "= hostnames nodes_like_me[:services => :couchdb]", - "couchdb_user": "= global.services[:couchdb].couch.users[:ca_daemon]" - }, - "service_type": "internal_service", - "x509": { - "use": true, - "ca_key": "= file(:ca_key, :missing => 'CA key. Run `leap cert ca` to create the Certificate Authority.')" - } -} -- cgit v1.2.3 From 0d821e158b78365c59d148267a569f3ce2d82e47 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 23 Apr 2013 12:01:43 -0400 Subject: move generic couchdb host configuration from bitmask into the provider base (#2016) --- provider_base/services/webapp.json | 1 + 1 file changed, 1 insertion(+) (limited to 'provider_base/services') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 895aa6e3..29ed6110 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -1,6 +1,7 @@ { "webapp": { "modules": ["user", "billing", "help"], + "couchdb_hosts": "= hostnames nodes_like_me[:services => :couchdb]", "couchdb_admin_user": "= global.services[:couchdb].couch.users[:admin]", "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:webapp]", "favicon": "= file_path 'branding/favicon.ico'", -- cgit v1.2.3 From 285236312c9e787767b742feb320ff0e7816a985 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 23 Apr 2013 12:08:56 -0400 Subject: remove no longer used json key couchdb_hosts --- provider_base/services/webapp.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'provider_base/services') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 29ed6110..f87b0833 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -1,7 +1,6 @@ { "webapp": { "modules": ["user", "billing", "help"], - "couchdb_hosts": "= hostnames nodes_like_me[:services => :couchdb]", "couchdb_admin_user": "= global.services[:couchdb].couch.users[:admin]", "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:webapp]", "favicon": "= file_path 'branding/favicon.ico'", @@ -41,4 +40,4 @@ "commercial_key": "= file [:commercial_key, domain.full_suffix]", "commercial_ca_cert": "= try_file :commercial_ca_cert" } -} \ No newline at end of file +} -- cgit v1.2.3 From 3ced5ec963311c45cf359803727bd18fe6e23b69 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 24 Apr 2013 15:53:05 +0200 Subject: updated needed couchdb users and DBs --- provider_base/services/couchdb.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'provider_base/services') diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index 22578a70..43a6c650 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -28,10 +28,10 @@ "password": "= secret :couch_webapp_password", "salt": "= hex_secret :couch_webapp_password_salt, 128" }, - "ca_daemon": { - "username": "ca_daemon", - "password": "= secret :couch_ca_daemon_password", - "salt": "= hex_secret :couch_ca_daemon_password_salt, 128" + "soledad": { + "username": "soledad", + "password": "= secret :couch_soledad_password", + "salt": "= hex_secret :couch_soledad_password_salt, 128" } } } -- cgit v1.2.3 From 4ed2bb37ea8283f79aecca8b78e80b141e9eff50 Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 24 Apr 2013 18:04:48 -0700 Subject: provider base - service definitions are now versioned (requires new leap_cli) --- provider_base/services/webapp.json | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'provider_base/services') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index f87b0833..e4926ba7 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -11,7 +11,8 @@ "allow_limited_certs": "= global.provider.service.allow_limited_bandwidth", "allow_unlimited_certs": "= global.provider.service.allow_unlimited_bandwidth", "allow_anonymous_certs": "= global.provider.service.allow_anonymous", - "secret_token": "= secret :webapp_secret_token" + "secret_token": "= secret :webapp_secret_token", + "api_version": 1 }, "stunnel": { "couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)" @@ -21,7 +22,7 @@ }, "definition_files": { "provider": "= file :provider_json_template", - "eip_service": "= file :eip_service_json_template" + "eip_service": "= file [:eip_service_json_template, 'v'+webapp.api_version.to_s]" }, "service_type": "public_service", "api": { -- cgit v1.2.3 From c8e427c39285a0ac8750c1b9bbf247533bbce519 Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 30 Apr 2013 14:25:45 -0700 Subject: added soledad-service.json --- provider_base/services/soledad.json | 6 ++++++ provider_base/services/webapp.json | 3 ++- 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 provider_base/services/soledad.json (limited to 'provider_base/services') diff --git a/provider_base/services/soledad.json b/provider_base/services/soledad.json new file mode 100644 index 00000000..10657563 --- /dev/null +++ b/provider_base/services/soledad.json @@ -0,0 +1,6 @@ +{ + "service_type": "public_service", + "soledad": { + "port": 1111 + } +} \ No newline at end of file diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index e4926ba7..4b2f7c26 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -22,7 +22,8 @@ }, "definition_files": { "provider": "= file :provider_json_template", - "eip_service": "= file [:eip_service_json_template, 'v'+webapp.api_version.to_s]" + "eip_service": "= file [:eip_service_json_template, 'v'+webapp.api_version.to_s]", + "soledad_service": "= file [:soledad_service_json_template, 'v'+webapp.api_version.to_s]" }, "service_type": "public_service", "api": { -- cgit v1.2.3 From b3d1c6c58838b0c4f368bc42493ac3bae280b5af Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 14 May 2013 12:23:20 -0700 Subject: added smtp-service.json, requires latest leap_cli --- provider_base/services/webapp.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'provider_base/services') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 4b2f7c26..1fe5cf7b 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -23,7 +23,8 @@ "definition_files": { "provider": "= file :provider_json_template", "eip_service": "= file [:eip_service_json_template, 'v'+webapp.api_version.to_s]", - "soledad_service": "= file [:soledad_service_json_template, 'v'+webapp.api_version.to_s]" + "soledad_service": "= file [:soledad_service_json_template, 'v'+webapp.api_version.to_s]", + "smtp_service": "= file [:smtp_service_json_template, 'v'+webapp.api_version.to_s]" }, "service_type": "public_service", "api": { -- cgit v1.2.3 From f82d5b5c7004b01565bbeace598d1716f72c1b2f Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 17 May 2013 11:53:10 -0700 Subject: minor - webapp api port should be integer, not string. --- provider_base/services/webapp.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base/services') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 1fe5cf7b..5f0bdc9e 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -29,7 +29,7 @@ "service_type": "public_service", "api": { "domain": "= 'api.' + domain.full_suffix", - "port": "4430" + "port": 4430 }, "dns": { "aliases": "= [domain.full, api.domain]" -- cgit v1.2.3 From 450fb19a4df8f4740dcf077b585dbd77c096d133 Mon Sep 17 00:00:00 2001 From: elijah Date: Sat, 18 May 2013 17:13:05 -0700 Subject: added module site_nickserver --- provider_base/services/webapp.json | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'provider_base/services') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 5f0bdc9e..3dd9bebe 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -31,8 +31,13 @@ "domain": "= 'api.' + domain.full_suffix", "port": 4430 }, + "nickserver": { + "domain": "= 'nicknym.' + domain.full_suffix", + "port": 6425, + "couchdb_user": "= global.services[:couchdb].couch.users[:admin]" + }, "dns": { - "aliases": "= [domain.full, api.domain]" + "aliases": "= [domain.full, api.domain, nickserver.domain]" }, "x509": { "use": true, -- cgit v1.2.3 From ddb899b650e63c5557370fb7a3b2c3bfd14b1ce7 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 23 May 2013 18:51:13 +0200 Subject: added couch.bigcouch.neighbors to provider_base/services/couchdb.json --- provider_base/services/couchdb.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'provider_base/services') diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index 43a6c650..ba07733c 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -15,7 +15,8 @@ "bigcouch": { "epmd_port": 4369, "ednp_port": 9002, - "cookie": "= secret :bigcouch_cookie" + "cookie": "= secret :bigcouch_cookie", + "neighbors": "= nodes_like_me[:services => :couchdb].exclude(self).field('domain.full')" }, "users": { "admin": { -- cgit v1.2.3 From 8c038fea91adc87adf9e408c16e2f0ec9838e3d2 Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 12 Jun 2013 11:34:43 -0700 Subject: temp hack: deploy the webapp as couch user 'admin' --- provider_base/services/webapp.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'provider_base/services') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 3dd9bebe..ad32bb61 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -2,7 +2,8 @@ "webapp": { "modules": ["user", "billing", "help"], "couchdb_admin_user": "= global.services[:couchdb].couch.users[:admin]", - "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:webapp]", +// "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:webapp]", + "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:admin]", "favicon": "= file_path 'branding/favicon.ico'", "tail_scss": "= file_path 'branding/tail.scss'", "head_scss": "= file_path 'branding/head.scss'", -- cgit v1.2.3 From 8d71649f1dcfcae30ec278e31bc7fc4d7dede80f Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 4 Jul 2013 12:35:24 -0700 Subject: couchdb.json should not set service_type, since internal_service is the default. --- provider_base/services/couchdb.json | 1 - 1 file changed, 1 deletion(-) (limited to 'provider_base/services') diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index ba07733c..a26579c8 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -1,5 +1,4 @@ { - "service_type": "internal_service", "x509": { "use": true }, -- cgit v1.2.3 From 47dd8cde0316256e0d2d1037787fdf539a3f8975 Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 4 Jul 2013 12:36:22 -0700 Subject: make sure webapps have the full domain suffix as an alias (fixes problems generating zone file). --- provider_base/services/webapp.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base/services') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index ad32bb61..93396ec7 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -38,7 +38,7 @@ "couchdb_user": "= global.services[:couchdb].couch.users[:admin]" }, "dns": { - "aliases": "= [domain.full, api.domain, nickserver.domain]" + "aliases": "= [domain.full_suffix, domain.full, api.domain, nickserver.domain]" }, "x509": { "use": true, -- cgit v1.2.3