summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMicah Anderson <micah@riseup.net>2013-04-17 16:01:19 -0400
committerMicah Anderson <micah@leap.se>2013-07-25 13:45:10 -0400
commit720717e177af576936a7e3e950aec1d208a21fae (patch)
tree72b08bd3c9047c4e445ed299f6ee8341e382abd4
parent972317f752d5d621bd8284d4c00caaabbb447061 (diff)
initial mx couchdb stunnel configuration
-rw-r--r--provider_base/services/mx.json9
-rw-r--r--puppet/modules/site_mx/manifests/couchdb.pp35
-rw-r--r--puppet/modules/site_mx/manifests/init.pp1
3 files changed, 45 insertions, 0 deletions
diff --git a/provider_base/services/mx.json b/provider_base/services/mx.json
index 61ae0db9..949374ad 100644
--- a/provider_base/services/mx.json
+++ b/provider_base/services/mx.json
@@ -4,5 +4,14 @@
},
"haproxy": {
"local_ports": "= stunnel.couch_client.field(:accept_port)"
+ },
+ "x509": {
+ "use": true,
+ "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'",
+ "client_ca_cert": "= file_path :client_ca_cert",
+ "client_ca_key": "= file_path :client_ca_key",
+ "commercial_cert": "= file [:commercial_cert, domain.full_suffix]",
+ "commercial_key": "= file [:commercial_key, domain.full_suffix]",
+ "commercial_ca_cert": "= try_file :commercial_ca_cert"
}
}
diff --git a/puppet/modules/site_mx/manifests/couchdb.pp b/puppet/modules/site_mx/manifests/couchdb.pp
new file mode 100644
index 00000000..f842ceab
--- /dev/null
+++ b/puppet/modules/site_mx/manifests/couchdb.pp
@@ -0,0 +1,35 @@
+class site_mx::couchdb {
+
+ $stunnel = hiera('stunnel')
+ $couch_client = $stunnel['couch_client']
+ $couch_client_connect = $couch_client['connect']
+
+ include x509::variables
+ $x509 = hiera('x509')
+ $key = $x509['key']
+ $cert = $x509['cert']
+ $ca = $x509['ca_cert']
+ $cert_name = 'leap_couchdb'
+ $ca_name = 'leap_ca'
+ $ca_path = "${x509::variables::local_CAs}/${ca_name}.crt"
+ $cert_path = "${x509::variables::certs}/${cert_name}.crt"
+ $key_path = "${x509::variables::keys}/${cert_name}.key"
+
+ class { 'site_stunnel::setup':
+ cert_name => $cert_name,
+ key => $key,
+ cert => $cert,
+ ca_name => $ca_name,
+ ca => $ca
+ }
+
+ $couchdb_stunnel_client_defaults = {
+ 'connect_port' => $couch_client_connect,
+ 'client' => true,
+ 'cafile' => $ca_path,
+ 'key' => $key_path,
+ 'cert' => $cert_path,
+ }
+
+ create_resources(site_stunnel::clients, $couch_client, $couchdb_stunnel_client_defaults)
+}
diff --git a/puppet/modules/site_mx/manifests/init.pp b/puppet/modules/site_mx/manifests/init.pp
index 8c8b8d7e..86ae56e1 100644
--- a/puppet/modules/site_mx/manifests/init.pp
+++ b/puppet/modules/site_mx/manifests/init.pp
@@ -5,4 +5,5 @@ class site_mx {
include site_mx::haproxy
include site_shorewall::mx
include site_shorewall::service::smtp
+ include site_mx::couchdb
}