diff options
author | Elijah Sparrow <elijah@riseup.net> | 2014-06-23 14:27:31 -0700 |
---|---|---|
committer | Elijah Sparrow <elijah@riseup.net> | 2014-06-23 14:27:31 -0700 |
commit | ffe760c06b3189bc5d67653e952fd44fdb0f08cf (patch) | |
tree | e91ffa4168f5b8e797ffc56d5c0fd997ec738959 | |
parent | 9b55b9a0feac9ec778db74f250d4bc2bb5831e08 (diff) | |
parent | 04d1369ea78c404907dea4aca758e08efe3a9cdd (diff) |
Merge pull request #4 from azul/feature/couch
permissions for replication
-rw-r--r-- | provider_base/services/_couchdb_mirror.json | 7 | ||||
-rw-r--r-- | puppet/modules/site_couchdb/manifests/add_users.pp | 2 | ||||
-rw-r--r-- | puppet/modules/site_couchdb/manifests/mirror.pp | 2 | ||||
-rw-r--r-- | puppet/modules/site_couchdb/manifests/setup.pp | 11 | ||||
-rw-r--r-- | puppet/modules/tapicero/manifests/init.pp | 3 | ||||
-rw-r--r-- | puppet/modules/tapicero/templates/tapicero.yaml.erb | 3 |
6 files changed, 19 insertions, 9 deletions
diff --git a/provider_base/services/_couchdb_mirror.json b/provider_base/services/_couchdb_mirror.json index a496804d..6a3402bd 100644 --- a/provider_base/services/_couchdb_mirror.json +++ b/provider_base/services/_couchdb_mirror.json @@ -12,7 +12,10 @@ "replication": { // for now, pick the first close one, or the first one. // in the future, maybe use haproxy to balance among all the masters - "masters": "= try{pick_node(:couch_master,nodes_near_me['services' => 'couchdb']['couch.master' => true]).pick_fields('domain.internal', 'couch.port')} || try{pick_node(:couch_master,nodes_like_me['services' => 'couchdb']['couch.master' => true]).pick_fields('domain.internal', 'couch.port')}" + "masters": "= try{pick_node(:couch_master,nodes_near_me['services' => 'couchdb']['couch.master' => true]).pick_fields('domain.internal', 'couch.port')} || try{pick_node(:couch_master,nodes_like_me['services' => 'couchdb']['couch.master' => true]).pick_fields('domain.internal', 'couch.port')}", + "username": "replication", + "password": "= secret :couch_replication_password", + "role": "replication" } } -}
\ No newline at end of file +} diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp index 0585da27..2f734ed4 100644 --- a/puppet/modules/site_couchdb/manifests/add_users.pp +++ b/puppet/modules/site_couchdb/manifests/add_users.pp @@ -57,7 +57,7 @@ class site_couchdb::add_users { ## replication couchdb user ## read/write: all databases for replication couchdb::add_user { $site_couchdb::couchdb_replication_user: - roles => '["repliction"]', + roles => '["replication"]', pw => $site_couchdb::couchdb_replication_pw, salt => $site_couchdb::couchdb_replication_salt, require => Couchdb::Query::Setup['localhost'] diff --git a/puppet/modules/site_couchdb/manifests/mirror.pp b/puppet/modules/site_couchdb/manifests/mirror.pp index df305737..1cbd9bcc 100644 --- a/puppet/modules/site_couchdb/manifests/mirror.pp +++ b/puppet/modules/site_couchdb/manifests/mirror.pp @@ -6,8 +6,6 @@ class site_couchdb::mirror { chttpd_bind_address => '127.0.0.1' } - # Couchdb databases - $masters = $site_couchdb::couchdb_config['replication']['masters'] $master_node_names = keys($site_couchdb::couchdb_config['replication']['masters']) $master_node = $masters[$master_node_names[0]] diff --git a/puppet/modules/site_couchdb/manifests/setup.pp b/puppet/modules/site_couchdb/manifests/setup.pp index e398356b..69bd1c6a 100644 --- a/puppet/modules/site_couchdb/manifests/setup.pp +++ b/puppet/modules/site_couchdb/manifests/setup.pp @@ -10,11 +10,18 @@ class site_couchdb::setup { ensure => absent } - # /etc/couchdb/couchdb.netrc is deployed by couchdb::query::setup + $user = $site_couchdb::couchdb_admin_user + + # /etc/couchdb/couchdb-admin.netrc is deployed by couchdb::query::setup + # we symlink to couchdb.netrc for puppet commands. # we symlink this to /root/.netrc for couchdb_scripts (eg. backup) # and makes life easier for the admin (i.e. using curl/wget without # passing credentials) file { + '/etc/couchdb/couchdb.netrc': + ensure => link, + target => "/etc/couchdb/couchdb-${user}.netrc"; + '/root/.netrc': ensure => link, target => '/etc/couchdb/couchdb.netrc'; @@ -24,7 +31,7 @@ class site_couchdb::setup { } couchdb::query::setup { 'localhost': - user => $site_couchdb::couchdb_admin_user, + user => $user, pw => $site_couchdb::couchdb_admin_pw, } diff --git a/puppet/modules/tapicero/manifests/init.pp b/puppet/modules/tapicero/manifests/init.pp index 1db75eb0..fd8c1344 100644 --- a/puppet/modules/tapicero/manifests/init.pp +++ b/puppet/modules/tapicero/manifests/init.pp @@ -12,7 +12,8 @@ class tapicero { $couchdb_soledad_user = $couchdb_users['soledad']['username'] $couchdb_leap_mx_user = $couchdb_users['leap_mx']['username'] - $couchdb_mirror = $couchdb['mode'] == 'mirror' + $couchdb_mode = $couchdb['mode'] + $couchdb_replication = $couchdb['replication'] Class['site_config::default'] -> Class['tapicero'] diff --git a/puppet/modules/tapicero/templates/tapicero.yaml.erb b/puppet/modules/tapicero/templates/tapicero.yaml.erb index 3a5f821e..182a6aa6 100644 --- a/puppet/modules/tapicero/templates/tapicero.yaml.erb +++ b/puppet/modules/tapicero/templates/tapicero.yaml.erb @@ -24,7 +24,8 @@ log_level: info options: # prefix for per user databases: db_prefix: "user-" - mirror: <%= @couchdb_mirror %> + mode: <%= @couchdb_mode %> + replication: <%= @couchdb_replication %> # security settings to be used for the per user databases security: |