summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAzul <azul@riseup.net>2014-06-20 19:10:44 +0200
committerelijah <elijah@riseup.net>2014-06-25 18:17:31 -0700
commita8f6415b0869018fd8d4ac947814529e8e85ace2 (patch)
tree950e466b9ef0138cb4a388e686769ea72487f769
parent2bd603b9532fac70a25add8661acc94acb8598f8 (diff)
add replication user
-rw-r--r--provider_base/services/couchdb.json5
-rw-r--r--puppet/modules/site_couchdb/manifests/add_users.pp9
-rw-r--r--puppet/modules/site_couchdb/manifests/create_dbs.pp18
-rw-r--r--puppet/modules/site_couchdb/manifests/init.pp5
-rw-r--r--puppet/modules/site_couchdb/manifests/mirror.pp4
5 files changed, 31 insertions, 10 deletions
diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json
index c2482235..8b1386f8 100644
--- a/provider_base/services/couchdb.json
+++ b/provider_base/services/couchdb.json
@@ -40,6 +40,11 @@
"username": "webapp",
"password": "= secret :couch_webapp_password",
"salt": "= hex_secret :couch_webapp_password_salt, 128"
+ },
+ "replication": {
+ "username": "replication",
+ "password": "= secret :couch_replication_password",
+ "salt": "= hex_secret :couch_replication_password_salt, 128"
}
},
"webapp": {
diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp
index 41930b7b..0585da27 100644
--- a/puppet/modules/site_couchdb/manifests/add_users.pp
+++ b/puppet/modules/site_couchdb/manifests/add_users.pp
@@ -54,4 +54,13 @@ class site_couchdb::add_users {
require => Couchdb::Query::Setup['localhost']
}
+ ## replication couchdb user
+ ## read/write: all databases for replication
+ couchdb::add_user { $site_couchdb::couchdb_replication_user:
+ roles => '["repliction"]',
+ pw => $site_couchdb::couchdb_replication_pw,
+ salt => $site_couchdb::couchdb_replication_salt,
+ require => Couchdb::Query::Setup['localhost']
+ }
+
}
diff --git a/puppet/modules/site_couchdb/manifests/create_dbs.pp b/puppet/modules/site_couchdb/manifests/create_dbs.pp
index f8d8098a..4322f773 100644
--- a/puppet/modules/site_couchdb/manifests/create_dbs.pp
+++ b/puppet/modules/site_couchdb/manifests/create_dbs.pp
@@ -8,7 +8,7 @@ class site_couchdb::create_dbs {
### customer database
### r/w: webapp,
couchdb::create_db { 'customers':
- members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }",
+ members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [\"replication\"] }",
require => Couchdb::Query::Setup['localhost']
}
@@ -16,35 +16,35 @@ class site_couchdb::create_dbs {
## r: nickserver, leap_mx - needs to be restrict with design document
## r/w: webapp
couchdb::create_db { 'identities':
- members => "{ \"names\": [], \"roles\": [\"identities\"] }",
+ members => "{ \"names\": [], \"roles\": [\"replication\", \"identities\"] }",
require => Couchdb::Query::Setup['localhost']
}
## keycache database
## r/w: nickserver
couchdb::create_db { 'keycache':
- members => "{ \"names\": [], \"roles\": [\"keycache\"] }",
+ members => "{ \"names\": [], \"roles\": [\"replication\", \"keycache\"] }",
require => Couchdb::Query::Setup['localhost']
}
## sessions database
## r/w: webapp
couchdb::create_db { 'sessions':
- members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }",
+ members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [\"replication\"] }",
require => Couchdb::Query::Setup['localhost']
}
## shared database
## r/w: soledad
couchdb::create_db { 'shared':
- members => "{ \"names\": [\"$site_couchdb::couchdb_soledad_user\"], \"roles\": [] }",
+ members => "{ \"names\": [\"$site_couchdb::couchdb_soledad_user\"], \"roles\": [\"replication\"] }",
require => Couchdb::Query::Setup['localhost']
}
## tickets database
## r/w: webapp
couchdb::create_db { 'tickets':
- members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }",
+ members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [\"replication\"] }",
require => Couchdb::Query::Setup['localhost']
}
@@ -52,14 +52,14 @@ class site_couchdb::create_dbs {
## r: soledad - needs to be restricted with a design document
## r/w: webapp
couchdb::create_db { 'tokens':
- members => "{ \"names\": [], \"roles\": [\"tokens\"] }",
+ members => "{ \"names\": [], \"roles\": [\"replication\", \"tokens\"] }",
require => Couchdb::Query::Setup['localhost']
}
## users database
## r/w: webapp
couchdb::create_db { 'users':
- members => "{ \"names\": [], \"roles\": [\"users\"] }",
+ members => "{ \"names\": [], \"roles\": [\"replication\", \"users\"] }",
require => Couchdb::Query::Setup['localhost']
}
@@ -67,7 +67,7 @@ class site_couchdb::create_dbs {
## store messages to the clients such as payment reminders
## r/w: webapp
couchdb::create_db { 'messages':
- members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }",
+ members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [\"replication\"] }",
require => Couchdb::Query::Setup['localhost']
}
}
diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index 4999b611..6f7e974e 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -34,6 +34,11 @@ class site_couchdb {
$couchdb_webapp_pw = $couchdb_webapp['password']
$couchdb_webapp_salt = $couchdb_webapp['salt']
+ $couchdb_replication = $couchdb_users['replication']
+ $couchdb_replication_user= $couchdb_replication['username']
+ $couchdb_replication_pw = $couchdb_replication['password']
+ $couchdb_replication_salt= $couchdb_replication['salt']
+
$couchdb_backup = $couchdb_config['backup']
$couchdb_mode = $couchdb_config['mode']
diff --git a/puppet/modules/site_couchdb/manifests/mirror.pp b/puppet/modules/site_couchdb/manifests/mirror.pp
index f3b43cc2..2a44b1e9 100644
--- a/puppet/modules/site_couchdb/manifests/mirror.pp
+++ b/puppet/modules/site_couchdb/manifests/mirror.pp
@@ -14,9 +14,11 @@ class site_couchdb::mirror {
$masters = $site_couchdb::couchdb_config['replication']['masters']
$master_node_names = keys($site_couchdb::couchdb_config['replication']['masters'])
$master_node = $masters[$master_node_names[0]]
+ $user = $site_couchdb::couchdb_replication_user
+ $password = $site_couchdb::couchdb_replication_pw
$from_host = $master_node['domain_internal']
$from_port = $master_node['couch_port']
- $from = "${from_host}:${from_port}"
+ $from = "http://${user}:${password}@${from_host}:${from_port}"
notice("mirror from: ${from}")