From 7ac64237fcb09893ae36b1b2f278e1474df8c49b Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 30 Jul 2013 13:10:52 -0700 Subject: site_webapp - add support for haproxy weights and backup servers (resolves #3278) --- .../site_webapp/templates/haproxy_couchdb.cfg.erb | 25 ++++++++++++++-------- 1 file changed, 16 insertions(+), 9 deletions(-) (limited to 'puppet/modules/site_webapp/templates') diff --git a/puppet/modules/site_webapp/templates/haproxy_couchdb.cfg.erb b/puppet/modules/site_webapp/templates/haproxy_couchdb.cfg.erb index f08161ee..914a964e 100644 --- a/puppet/modules/site_webapp/templates/haproxy_couchdb.cfg.erb +++ b/puppet/modules/site_webapp/templates/haproxy_couchdb.cfg.erb @@ -1,16 +1,23 @@ listen bigcouch-in - mode http + mode http balance roundrobin - option httplog - option dontlognull - option httpchk GET / - option http-server-close - + option httplog + option dontlognull + option httpchk GET / # health check using simple get to root + option http-server-close # use client keep-alive, but close server connection. + option allbackups # balance among all backups, not just one. + bind localhost:4096 -<% for port in @local_ports -%> - server couchdb_<%=port%> localhost:<%=port%> check inter 3000 fastinter 1000 downinter 1000 rise 2 fall 1 -<% end -%> + default-server inter 3000 fastinter 1000 downinter 1000 rise 2 fall 1 + +<%- if @haproxy['servers'] -%> +<%- @haproxy['servers'].each do |name,server| -%> +<%- backup = server['backup'] ? 'backup' : '' -%> + # <%=name%> + server couchdb_<%=server['port']%> <%=server['host']%>:<%=server['port']%> <%=backup%> weight <%=server['weight']%> check +<%- end -%> +<%- end -%> -- cgit v1.2.3 From b87bd57ad010ee6f091f77b8b1f653afafc0e4c7 Mon Sep 17 00:00:00 2001 From: elijah Date: Sun, 28 Jul 2013 18:14:01 -0700 Subject: added webapp.secure flag (turns on secure cookies and HSTS) --- puppet/modules/site_webapp/templates/config.yml.erb | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_webapp/templates') diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb index df562cd9..8b4b3bbe 100644 --- a/puppet/modules/site_webapp/templates/config.yml.erb +++ b/puppet/modules/site_webapp/templates/config.yml.erb @@ -2,6 +2,7 @@ production: admins: [admin] domain: <%= @provider_domain %> + force_ssl: <%= @webapp['secure'] %> client_ca_key: <%= scope.lookupvar('site_webapp::client_ca::key_path') %> client_ca_cert: <%= scope.lookupvar('site_webapp::client_ca::cert_path') %> secret_token: "<%= @secret_token %>" -- cgit v1.2.3 From 95fc96fc7642e389172b02cb8ef7d4b7689cb7df Mon Sep 17 00:00:00 2001 From: elijah Date: Mon, 29 Jul 2013 01:10:33 -0700 Subject: webapp - use hiera config "webapp.admins" for the list of admin usernames, default to empty list. --- puppet/modules/site_webapp/templates/config.yml.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp/templates') diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb index 8b4b3bbe..05d62d41 100644 --- a/puppet/modules/site_webapp/templates/config.yml.erb +++ b/puppet/modules/site_webapp/templates/config.yml.erb @@ -1,6 +1,6 @@ <%- cert_options = @webapp['client_certificates'] -%> production: - admins: [admin] + admins: <%= @webapp['admins'].inspect %> domain: <%= @provider_domain %> force_ssl: <%= @webapp['secure'] %> client_ca_key: <%= scope.lookupvar('site_webapp::client_ca::key_path') %> -- cgit v1.2.3 From 0397643c8c10de21fb67e0de9cd86c323bbbc3da Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 19 Sep 2013 16:49:53 +0200 Subject: fix x509 path in webapp config.yml.erb (#3894) --- puppet/modules/site_webapp/templates/config.yml.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_webapp/templates') diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb index 05d62d41..57e4ccb6 100644 --- a/puppet/modules/site_webapp/templates/config.yml.erb +++ b/puppet/modules/site_webapp/templates/config.yml.erb @@ -3,8 +3,8 @@ production: admins: <%= @webapp['admins'].inspect %> domain: <%= @provider_domain %> force_ssl: <%= @webapp['secure'] %> - client_ca_key: <%= scope.lookupvar('site_webapp::client_ca::key_path') %> - client_ca_cert: <%= scope.lookupvar('site_webapp::client_ca::cert_path') %> + client_ca_key: <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.key + client_ca_cert: <%= scope.lookupvar('x509::variables::certs') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.crt secret_token: "<%= @secret_token %>" client_cert_lifespan: <%= cert_options['life_span'].to_i %> client_cert_bit_size: <%= cert_options['bit_size'].to_i %> -- cgit v1.2.3 From 486a9cd3b7bd8d643a9623fd40db2286cdf52fc8 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 20 Sep 2013 18:58:13 +0200 Subject: fix whitespace issues from https://review.leap.se/r/82 --- puppet/modules/site_webapp/templates/config.yml.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp/templates') diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb index 57e4ccb6..0ce623fc 100644 --- a/puppet/modules/site_webapp/templates/config.yml.erb +++ b/puppet/modules/site_webapp/templates/config.yml.erb @@ -4,7 +4,7 @@ production: domain: <%= @provider_domain %> force_ssl: <%= @webapp['secure'] %> client_ca_key: <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.key - client_ca_cert: <%= scope.lookupvar('x509::variables::certs') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.crt + client_ca_cert: <%= scope.lookupvar('x509::variables::certs') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.crt secret_token: "<%= @secret_token %>" client_cert_lifespan: <%= cert_options['life_span'].to_i %> client_cert_bit_size: <%= cert_options['bit_size'].to_i %> -- cgit v1.2.3 From 0447e92ab5dcc3d8a07613a765c60db23252f278 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 24 Sep 2013 17:55:22 +0200 Subject: added site_config::x509::client_ca::cert and site_config::x509::client_ca::key for client_ca deployment (#3917) --- puppet/modules/site_webapp/templates/config.yml.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_webapp/templates') diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb index 0ce623fc..6b45abc2 100644 --- a/puppet/modules/site_webapp/templates/config.yml.erb +++ b/puppet/modules/site_webapp/templates/config.yml.erb @@ -3,8 +3,8 @@ production: admins: <%= @webapp['admins'].inspect %> domain: <%= @provider_domain %> force_ssl: <%= @webapp['secure'] %> - client_ca_key: <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.key - client_ca_cert: <%= scope.lookupvar('x509::variables::certs') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.crt + client_ca_key: <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::client_ca_name') %>.key + client_ca_cert: <%= scope.lookupvar('x509::variables::local_CAs') %>/<%= scope.lookupvar('site_config::params::client_ca_name') %>.crt secret_token: "<%= @secret_token %>" client_cert_lifespan: <%= cert_options['life_span'].to_i %> client_cert_bit_size: <%= cert_options['bit_size'].to_i %> -- cgit v1.2.3 From 4a75cd70b50969023c507b5c9ec2e8c36142f706 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 11 Oct 2013 22:32:01 +0200 Subject: /etc/haproxy/haproxy.cfg changed randomly (Feature #4111) --- puppet/modules/site_webapp/templates/haproxy_couchdb.cfg.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp/templates') diff --git a/puppet/modules/site_webapp/templates/haproxy_couchdb.cfg.erb b/puppet/modules/site_webapp/templates/haproxy_couchdb.cfg.erb index 914a964e..1fa01b96 100644 --- a/puppet/modules/site_webapp/templates/haproxy_couchdb.cfg.erb +++ b/puppet/modules/site_webapp/templates/haproxy_couchdb.cfg.erb @@ -13,7 +13,7 @@ listen bigcouch-in default-server inter 3000 fastinter 1000 downinter 1000 rise 2 fall 1 <%- if @haproxy['servers'] -%> -<%- @haproxy['servers'].each do |name,server| -%> +<%- @haproxy['servers'].sort.each do |name,server| -%> <%- backup = server['backup'] ? 'backup' : '' -%> # <%=name%> server couchdb_<%=server['port']%> <%=server['host']%>:<%=server['port']%> <%=backup%> weight <%=server['weight']%> check -- cgit v1.2.3 From 7f59d8c7f5a41125c17271b1cd55118dafa52151 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 28 Nov 2013 09:54:37 -0500 Subject: remove admin access from webapp Change-Id: Ib2ce0d38a8e4dd30ae6842bfb5579d9c3dd10f18 --- puppet/modules/site_webapp/templates/couchdb.yml.admin.erb | 9 --------- 1 file changed, 9 deletions(-) delete mode 100644 puppet/modules/site_webapp/templates/couchdb.yml.admin.erb (limited to 'puppet/modules/site_webapp/templates') diff --git a/puppet/modules/site_webapp/templates/couchdb.yml.admin.erb b/puppet/modules/site_webapp/templates/couchdb.yml.admin.erb deleted file mode 100644 index a0921add..00000000 --- a/puppet/modules/site_webapp/templates/couchdb.yml.admin.erb +++ /dev/null @@ -1,9 +0,0 @@ -production: - prefix: "" - protocol: 'http' - host: <%= @couchdb_host %> - port: <%= @couchdb_port %> - auto_update_design_doc: false - username: <%= @couchdb_admin_user %> - password: <%= @couchdb_admin_password %> - -- cgit v1.2.3 From fefab2386f0fbd9f218dc0b361eb833875c27f56 Mon Sep 17 00:00:00 2001 From: elijah Date: Sun, 29 Dec 2013 22:16:03 -0800 Subject: added support for minimum client version checking --- puppet/modules/site_webapp/templates/config.yml.erb | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_webapp/templates') diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb index 6b45abc2..98f8564e 100644 --- a/puppet/modules/site_webapp/templates/config.yml.erb +++ b/puppet/modules/site_webapp/templates/config.yml.erb @@ -14,3 +14,4 @@ production: allow_anonymous_certs: <%= @webapp['allow_anonymous_certs'].inspect %> limited_cert_prefix: "<%= cert_options['limited_prefix'] %>" unlimited_cert_prefix: "<%= cert_options['unlimited_prefix'] %>" + minimum_client_version: "<%= @webapp['client_version']['min'] %>" -- cgit v1.2.3