add replication user

author: Azul <azul@riseup.net> 2014-06-20 19:10:44 +0200
committer: elijah <elijah@riseup.net> 2014-06-25 18:17:31 -0700
commit: a8f6415b0869018fd8d4ac947814529e8e85ace2 (patch)
tree: 950e466b9ef0138cb4a388e686769ea72487f769
parent: 2bd603b9532fac70a25add8661acc94acb8598f8 (diff)
5 files changed, 31 insertions, 10 deletions
diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json
index c2482235..8b1386f8 100644
--- a/provider_base/services/couchdb.json
+++ b/provider_base/services/couchdb.json
@@ -40,6 +40,11 @@
                 "username": "webapp",
                 "password": "= secret :couch_webapp_password",
                 "salt": "= hex_secret :couch_webapp_password_salt, 128"
+            },
+            "replication": {
+                "username": "replication",
+                "password": "= secret :couch_replication_password",
+                "salt": "= hex_secret :couch_replication_password_salt, 128"
             }
         },
         "webapp": {
diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp
index 41930b7b..0585da27 100644
--- a/puppet/modules/site_couchdb/manifests/add_users.pp
+++ b/puppet/modules/site_couchdb/manifests/add_users.pp
@@ -54,4 +54,13 @@ class site_couchdb::add_users {
     require => Couchdb::Query::Setup['localhost']
   }
 
+  ## replication couchdb user
+  ## read/write: all databases for replication
+  couchdb::add_user { $site_couchdb::couchdb_replication_user:
+    roles   => '["repliction"]',
+    pw      => $site_couchdb::couchdb_replication_pw,
+    salt    => $site_couchdb::couchdb_replication_salt,
+    require => Couchdb::Query::Setup['localhost']
+  }
+
 }
diff --git a/puppet/modules/site_couchdb/manifests/create_dbs.pp b/puppet/modules/site_couchdb/manifests/create_dbs.pp
index f8d8098a..4322f773 100644
--- a/puppet/modules/site_couchdb/manifests/create_dbs.pp
+++ b/puppet/modules/site_couchdb/manifests/create_dbs.pp
@@ -8,7 +8,7 @@ class site_couchdb::create_dbs {
   ### customer database
   ### r/w: webapp,
   couchdb::create_db { 'customers':
-    members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }",
+    members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [\"replication\"] }",
     require => Couchdb::Query::Setup['localhost']
   }
 
@@ -16,35 +16,35 @@ class site_couchdb::create_dbs {
   ## r: nickserver, leap_mx - needs to be restrict with design document
   ## r/w: webapp
   couchdb::create_db { 'identities':
-    members => "{ \"names\": [], \"roles\": [\"identities\"] }",
+    members => "{ \"names\": [], \"roles\": [\"replication\", \"identities\"] }",
     require => Couchdb::Query::Setup['localhost']
   }
 
   ## keycache database
   ## r/w: nickserver
   couchdb::create_db { 'keycache':
-    members => "{ \"names\": [], \"roles\": [\"keycache\"] }",
+    members => "{ \"names\": [], \"roles\": [\"replication\", \"keycache\"] }",
     require => Couchdb::Query::Setup['localhost']
   }
 
   ## sessions database
   ## r/w: webapp
   couchdb::create_db { 'sessions':
-    members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }",
+    members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [\"replication\"] }",
     require => Couchdb::Query::Setup['localhost']
   }
 
   ## shared database
   ## r/w: soledad
   couchdb::create_db { 'shared':
-    members => "{ \"names\": [\"$site_couchdb::couchdb_soledad_user\"], \"roles\": [] }",
+    members => "{ \"names\": [\"$site_couchdb::couchdb_soledad_user\"], \"roles\": [\"replication\"] }",
     require => Couchdb::Query::Setup['localhost']
   }
 
   ## tickets database
   ## r/w: webapp
   couchdb::create_db { 'tickets':
-    members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }",
+    members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [\"replication\"] }",
     require => Couchdb::Query::Setup['localhost']
   }
 
@@ -52,14 +52,14 @@ class site_couchdb::create_dbs {
   ## r: soledad - needs to be restricted with a design document
   ## r/w: webapp
   couchdb::create_db { 'tokens':
-    members => "{ \"names\": [], \"roles\": [\"tokens\"] }",
+    members => "{ \"names\": [], \"roles\": [\"replication\", \"tokens\"] }",
     require => Couchdb::Query::Setup['localhost']
   }
 
   ## users database
   ## r/w: webapp
   couchdb::create_db { 'users':
-    members => "{ \"names\": [], \"roles\": [\"users\"] }",
+    members => "{ \"names\": [], \"roles\": [\"replication\", \"users\"] }",
     require => Couchdb::Query::Setup['localhost']
   }
 
@@ -67,7 +67,7 @@ class site_couchdb::create_dbs {
   ## store messages to the clients such as payment reminders
   ## r/w: webapp
   couchdb::create_db { 'messages':
-    members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }",
+    members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [\"replication\"] }",
     require => Couchdb::Query::Setup['localhost']
   }
 }
diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index 4999b611..6f7e974e 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -34,6 +34,11 @@ class site_couchdb {
   $couchdb_webapp_pw       = $couchdb_webapp['password']
   $couchdb_webapp_salt     = $couchdb_webapp['salt']
 
+  $couchdb_replication     = $couchdb_users['replication']
+  $couchdb_replication_user= $couchdb_replication['username']
+  $couchdb_replication_pw  = $couchdb_replication['password']
+  $couchdb_replication_salt= $couchdb_replication['salt']
+
   $couchdb_backup          = $couchdb_config['backup']
   $couchdb_mode            = $couchdb_config['mode']
 
diff --git a/puppet/modules/site_couchdb/manifests/mirror.pp b/puppet/modules/site_couchdb/manifests/mirror.pp
index f3b43cc2..2a44b1e9 100644
--- a/puppet/modules/site_couchdb/manifests/mirror.pp
+++ b/puppet/modules/site_couchdb/manifests/mirror.pp
@@ -14,9 +14,11 @@ class site_couchdb::mirror {
   $masters = $site_couchdb::couchdb_config['replication']['masters']
   $master_node_names = keys($site_couchdb::couchdb_config['replication']['masters'])
   $master_node = $masters[$master_node_names[0]]
+  $user = $site_couchdb::couchdb_replication_user
+  $password = $site_couchdb::couchdb_replication_pw
   $from_host = $master_node['domain_internal']
   $from_port = $master_node['couch_port']
-  $from = "${from_host}:${from_port}"
+  $from = "http://${user}:${password}@${from_host}:${from_port}"
 
   notice("mirror from: ${from}")
author	Azul <azul@riseup.net>	2014-06-20 19:10:44 +0200
committer	elijah <elijah@riseup.net>	2014-06-25 18:17:31 -0700
commit	a8f6415b0869018fd8d4ac947814529e8e85ace2 (patch)
tree	950e466b9ef0138cb4a388e686769ea72487f769
parent	2bd603b9532fac70a25add8661acc94acb8598f8 (diff)