summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorElijah Sparrow <elijah@riseup.net>2014-06-23 14:27:31 -0700
committerElijah Sparrow <elijah@riseup.net>2014-06-23 14:27:31 -0700
commitffe760c06b3189bc5d67653e952fd44fdb0f08cf (patch)
treee91ffa4168f5b8e797ffc56d5c0fd997ec738959
parent9b55b9a0feac9ec778db74f250d4bc2bb5831e08 (diff)
parent04d1369ea78c404907dea4aca758e08efe3a9cdd (diff)
Merge pull request #4 from azul/feature/couch
permissions for replication
-rw-r--r--provider_base/services/_couchdb_mirror.json7
-rw-r--r--puppet/modules/site_couchdb/manifests/add_users.pp2
-rw-r--r--puppet/modules/site_couchdb/manifests/mirror.pp2
-rw-r--r--puppet/modules/site_couchdb/manifests/setup.pp11
-rw-r--r--puppet/modules/tapicero/manifests/init.pp3
-rw-r--r--puppet/modules/tapicero/templates/tapicero.yaml.erb3
6 files changed, 19 insertions, 9 deletions
diff --git a/provider_base/services/_couchdb_mirror.json b/provider_base/services/_couchdb_mirror.json
index a496804d..6a3402bd 100644
--- a/provider_base/services/_couchdb_mirror.json
+++ b/provider_base/services/_couchdb_mirror.json
@@ -12,7 +12,10 @@
"replication": {
// for now, pick the first close one, or the first one.
// in the future, maybe use haproxy to balance among all the masters
- "masters": "= try{pick_node(:couch_master,nodes_near_me['services' => 'couchdb']['couch.master' => true]).pick_fields('domain.internal', 'couch.port')} || try{pick_node(:couch_master,nodes_like_me['services' => 'couchdb']['couch.master' => true]).pick_fields('domain.internal', 'couch.port')}"
+ "masters": "= try{pick_node(:couch_master,nodes_near_me['services' => 'couchdb']['couch.master' => true]).pick_fields('domain.internal', 'couch.port')} || try{pick_node(:couch_master,nodes_like_me['services' => 'couchdb']['couch.master' => true]).pick_fields('domain.internal', 'couch.port')}",
+ "username": "replication",
+ "password": "= secret :couch_replication_password",
+ "role": "replication"
}
}
-} \ No newline at end of file
+}
diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp
index 0585da27..2f734ed4 100644
--- a/puppet/modules/site_couchdb/manifests/add_users.pp
+++ b/puppet/modules/site_couchdb/manifests/add_users.pp
@@ -57,7 +57,7 @@ class site_couchdb::add_users {
## replication couchdb user
## read/write: all databases for replication
couchdb::add_user { $site_couchdb::couchdb_replication_user:
- roles => '["repliction"]',
+ roles => '["replication"]',
pw => $site_couchdb::couchdb_replication_pw,
salt => $site_couchdb::couchdb_replication_salt,
require => Couchdb::Query::Setup['localhost']
diff --git a/puppet/modules/site_couchdb/manifests/mirror.pp b/puppet/modules/site_couchdb/manifests/mirror.pp
index df305737..1cbd9bcc 100644
--- a/puppet/modules/site_couchdb/manifests/mirror.pp
+++ b/puppet/modules/site_couchdb/manifests/mirror.pp
@@ -6,8 +6,6 @@ class site_couchdb::mirror {
chttpd_bind_address => '127.0.0.1'
}
- # Couchdb databases
-
$masters = $site_couchdb::couchdb_config['replication']['masters']
$master_node_names = keys($site_couchdb::couchdb_config['replication']['masters'])
$master_node = $masters[$master_node_names[0]]
diff --git a/puppet/modules/site_couchdb/manifests/setup.pp b/puppet/modules/site_couchdb/manifests/setup.pp
index e398356b..69bd1c6a 100644
--- a/puppet/modules/site_couchdb/manifests/setup.pp
+++ b/puppet/modules/site_couchdb/manifests/setup.pp
@@ -10,11 +10,18 @@ class site_couchdb::setup {
ensure => absent
}
- # /etc/couchdb/couchdb.netrc is deployed by couchdb::query::setup
+ $user = $site_couchdb::couchdb_admin_user
+
+ # /etc/couchdb/couchdb-admin.netrc is deployed by couchdb::query::setup
+ # we symlink to couchdb.netrc for puppet commands.
# we symlink this to /root/.netrc for couchdb_scripts (eg. backup)
# and makes life easier for the admin (i.e. using curl/wget without
# passing credentials)
file {
+ '/etc/couchdb/couchdb.netrc':
+ ensure => link,
+ target => "/etc/couchdb/couchdb-${user}.netrc";
+
'/root/.netrc':
ensure => link,
target => '/etc/couchdb/couchdb.netrc';
@@ -24,7 +31,7 @@ class site_couchdb::setup {
}
couchdb::query::setup { 'localhost':
- user => $site_couchdb::couchdb_admin_user,
+ user => $user,
pw => $site_couchdb::couchdb_admin_pw,
}
diff --git a/puppet/modules/tapicero/manifests/init.pp b/puppet/modules/tapicero/manifests/init.pp
index 1db75eb0..fd8c1344 100644
--- a/puppet/modules/tapicero/manifests/init.pp
+++ b/puppet/modules/tapicero/manifests/init.pp
@@ -12,7 +12,8 @@ class tapicero {
$couchdb_soledad_user = $couchdb_users['soledad']['username']
$couchdb_leap_mx_user = $couchdb_users['leap_mx']['username']
- $couchdb_mirror = $couchdb['mode'] == 'mirror'
+ $couchdb_mode = $couchdb['mode']
+ $couchdb_replication = $couchdb['replication']
Class['site_config::default'] -> Class['tapicero']
diff --git a/puppet/modules/tapicero/templates/tapicero.yaml.erb b/puppet/modules/tapicero/templates/tapicero.yaml.erb
index 3a5f821e..182a6aa6 100644
--- a/puppet/modules/tapicero/templates/tapicero.yaml.erb
+++ b/puppet/modules/tapicero/templates/tapicero.yaml.erb
@@ -24,7 +24,8 @@ log_level: info
options:
# prefix for per user databases:
db_prefix: "user-"
- mirror: <%= @couchdb_mirror %>
+ mode: <%= @couchdb_mode %>
+ replication: <%= @couchdb_replication %>
# security settings to be used for the per user databases
security: