summaryrefslogtreecommitdiff
path: root/puppet/modules/site_couchdb/manifests
diff options
context:
space:
mode:
authorMicah <micah@leap.se>2016-05-10 14:48:26 -0400
committerMicah <micah@leap.se>2016-05-10 14:48:26 -0400
commit86c85582065c391aa13c0b9b397dfd1aa2e2ac7b (patch)
tree7c027409a517d862864bf3650f4a8a66f615162d /puppet/modules/site_couchdb/manifests
parent70b1c648b94e6c007b9241a4661f33881e74485f (diff)
parent66b4c6b5ec6fe2f242020845fe92715ae2cdcc1e (diff)
Merge tag '0.8.0'
Release 0.8.0
Diffstat (limited to 'puppet/modules/site_couchdb/manifests')
-rw-r--r--puppet/modules/site_couchdb/manifests/add_users.pp11
-rw-r--r--puppet/modules/site_couchdb/manifests/bigcouch.pp3
-rw-r--r--puppet/modules/site_couchdb/manifests/create_dbs.pp9
-rw-r--r--puppet/modules/site_couchdb/manifests/designs.pp13
-rw-r--r--puppet/modules/site_couchdb/manifests/init.pp30
-rw-r--r--puppet/modules/site_couchdb/manifests/logrotate.pp10
-rw-r--r--puppet/modules/site_couchdb/manifests/master.pp9
-rw-r--r--puppet/modules/site_couchdb/manifests/mirror.pp19
-rw-r--r--puppet/modules/site_couchdb/manifests/plain.pp14
-rw-r--r--puppet/modules/site_couchdb/manifests/setup.pp37
-rw-r--r--puppet/modules/site_couchdb/manifests/upload_design.pp3
11 files changed, 98 insertions, 60 deletions
diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp
index 2f734ed4..c905316b 100644
--- a/puppet/modules/site_couchdb/manifests/add_users.pp
+++ b/puppet/modules/site_couchdb/manifests/add_users.pp
@@ -1,3 +1,4 @@
+# add couchdb users for all services
class site_couchdb::add_users {
Class['site_couchdb::create_dbs']
@@ -35,16 +36,6 @@ class site_couchdb::add_users {
require => Couchdb::Query::Setup['localhost']
}
- ### tapicero couchdb user
- ### admin: needs to be able to create user-<uuid> databases
- ### read: users
- couchdb::add_user { $site_couchdb::couchdb_tapicero_user:
- roles => '["users"]',
- pw => $site_couchdb::couchdb_tapicero_pw,
- salt => $site_couchdb::couchdb_tapicero_salt,
- require => Couchdb::Query::Setup['localhost']
- }
-
## webapp couchdb user
## read/write: users, tokens, sessions, tickets, identities, customer
couchdb::add_user { $site_couchdb::couchdb_webapp_user:
diff --git a/puppet/modules/site_couchdb/manifests/bigcouch.pp b/puppet/modules/site_couchdb/manifests/bigcouch.pp
index 469a2783..2de3d4d0 100644
--- a/puppet/modules/site_couchdb/manifests/bigcouch.pp
+++ b/puppet/modules/site_couchdb/manifests/bigcouch.pp
@@ -44,4 +44,7 @@ class site_couchdb::bigcouch {
require => Package['couchdb'],
notify => Service['couchdb']
}
+
+ include site_check_mk::agent::couchdb::bigcouch
+
}
diff --git a/puppet/modules/site_couchdb/manifests/create_dbs.pp b/puppet/modules/site_couchdb/manifests/create_dbs.pp
index eea4bbf5..a2d1c655 100644
--- a/puppet/modules/site_couchdb/manifests/create_dbs.pp
+++ b/puppet/modules/site_couchdb/manifests/create_dbs.pp
@@ -90,4 +90,13 @@ class site_couchdb::create_dbs {
members => "{ \"names\": [\"${site_couchdb::couchdb_webapp_user}\"], \"roles\": [\"replication\"] }",
require => Couchdb::Query::Setup['localhost']
}
+
+ ## invite_codes db
+ ## store invite codes for new signups
+ ## r/w: webapp
+ couchdb::create_db { 'invite_codes':
+ members => "{ \"names\": [\"${site_couchdb::couchdb_webapp_user}\"], \"roles\": [\"replication\"] }",
+ require => Couchdb::Query::Setup['localhost']
+ }
+
}
diff --git a/puppet/modules/site_couchdb/manifests/designs.pp b/puppet/modules/site_couchdb/manifests/designs.pp
index 1ab1c6a1..e5fd94c6 100644
--- a/puppet/modules/site_couchdb/manifests/designs.pp
+++ b/puppet/modules/site_couchdb/manifests/designs.pp
@@ -12,12 +12,13 @@ class site_couchdb::designs {
}
site_couchdb::upload_design {
- 'customers': design => 'customers/Customer.json';
- 'identities': design => 'identities/Identity.json';
- 'tickets': design => 'tickets/Ticket.json';
- 'messages': design => 'messages/Message.json';
- 'users': design => 'users/User.json';
- 'tmp_users': design => 'users/User.json';
+ 'customers': design => 'customers/Customer.json';
+ 'identities': design => 'identities/Identity.json';
+ 'tickets': design => 'tickets/Ticket.json';
+ 'messages': design => 'messages/Message.json';
+ 'users': design => 'users/User.json';
+ 'tmp_users': design => 'users/User.json';
+ 'invite_codes': design => 'invite_codes/InviteCode.json';
'shared_docs':
db => 'shared',
design => 'shared/docs.json';
diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index 6b6ddd3a..c4fe6277 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -26,11 +26,6 @@ class site_couchdb {
$couchdb_soledad_pw = $couchdb_soledad['password']
$couchdb_soledad_salt = $couchdb_soledad['salt']
- $couchdb_tapicero = $couchdb_users['tapicero']
- $couchdb_tapicero_user = $couchdb_tapicero['username']
- $couchdb_tapicero_pw = $couchdb_tapicero['password']
- $couchdb_tapicero_salt = $couchdb_tapicero['salt']
-
$couchdb_webapp = $couchdb_users['webapp']
$couchdb_webapp_user = $couchdb_webapp['username']
$couchdb_webapp_pw = $couchdb_webapp['password']
@@ -43,11 +38,14 @@ class site_couchdb {
$couchdb_backup = $couchdb_config['backup']
$couchdb_mode = $couchdb_config['mode']
- $couchdb_pwhash_alg = $couchdb_config['pwhash_alg']
- if $couchdb_mode == 'multimaster' { include site_couchdb::bigcouch }
- if $couchdb_mode == 'master' { include site_couchdb::master }
- if $couchdb_mode == 'mirror' { include site_couchdb::mirror }
+ # ensure bigcouch has been purged from the system:
+ # TODO: remove this check in 0.9 release
+ if file('/opt/bigcouch/bin/bigcouch', '/dev/null') != '' {
+ fail 'ERROR: BigCouch appears to be installed. Make sure you have migrated to CouchDB before proceeding. See https://leap.se/upgrade-0-8'
+ }
+
+ include site_couchdb::plain
Class['site_config::default']
-> Service['shorewall']
@@ -55,6 +53,7 @@ class site_couchdb {
-> Class['couchdb']
-> Class['site_couchdb::setup']
+ include ::site_config::default
include site_stunnel
include site_couchdb::setup
@@ -66,6 +65,17 @@ class site_couchdb {
if $couchdb_backup { include site_couchdb::backup }
include site_check_mk::agent::couchdb
- include site_check_mk::agent::tapicero
+
+ # remove tapicero leftovers on couchdb nodes
+ include site_config::remove::tapicero
+
+ # Destroy every per-user storage database
+ # where the corresponding user record does not exist.
+ cron { 'cleanup_stale_userdbs':
+ command => '(/bin/date; /srv/leap/couchdb/scripts/cleanup-user-dbs) >> /var/log/leap/couchdb-cleanup.log',
+ user => 'root',
+ hour => 4,
+ minute => 7;
+ }
}
diff --git a/puppet/modules/site_couchdb/manifests/logrotate.pp b/puppet/modules/site_couchdb/manifests/logrotate.pp
index e1039d49..bb8843bb 100644
--- a/puppet/modules/site_couchdb/manifests/logrotate.pp
+++ b/puppet/modules/site_couchdb/manifests/logrotate.pp
@@ -1,12 +1,14 @@
+# configure couchdb logrotation
class site_couchdb::logrotate {
augeas {
'logrotate_bigcouch':
context => '/files/etc/logrotate.d/bigcouch/rule',
- changes => [ 'set file /opt/bigcouch/var/log/*.log', 'set rotate 7',
- 'set schedule daily', 'set compress compress',
- 'set missingok missingok', 'set ifempty notifempty',
- 'set copytruncate copytruncate' ]
+ changes => [
+ 'set file /opt/bigcouch/var/log/*.log', 'set rotate 7',
+ 'set schedule daily', 'set compress compress',
+ 'set missingok missingok', 'set ifempty notifempty',
+ 'set copytruncate copytruncate' ]
}
}
diff --git a/puppet/modules/site_couchdb/manifests/master.pp b/puppet/modules/site_couchdb/manifests/master.pp
deleted file mode 100644
index c28eee7d..00000000
--- a/puppet/modules/site_couchdb/manifests/master.pp
+++ /dev/null
@@ -1,9 +0,0 @@
-# this class sets up a single, plain couchdb node
-class site_couchdb::master {
- class { 'couchdb':
- admin_pw => $site_couchdb::couchdb_admin_pw,
- admin_salt => $site_couchdb::couchdb_admin_salt,
- chttpd_bind_address => '127.0.0.1',
- pwhash_alg => $site_couchdb::couchdb_pwhash_alg
- }
-}
diff --git a/puppet/modules/site_couchdb/manifests/mirror.pp b/puppet/modules/site_couchdb/manifests/mirror.pp
index abe35c4c..fb82b897 100644
--- a/puppet/modules/site_couchdb/manifests/mirror.pp
+++ b/puppet/modules/site_couchdb/manifests/mirror.pp
@@ -1,3 +1,4 @@
+# configure mirroring of couch nodes
class site_couchdb::mirror {
Class['site_couchdb::add_users']
@@ -22,55 +23,55 @@ class site_couchdb::mirror {
### customer database
couchdb::mirror_db { 'customers':
- from => $from,
+ from => $from,
require => Couchdb::Query::Setup['localhost']
}
## identities database
couchdb::mirror_db { 'identities':
- from => $from,
+ from => $from,
require => Couchdb::Query::Setup['localhost']
}
## keycache database
couchdb::mirror_db { 'keycache':
- from => $from,
+ from => $from,
require => Couchdb::Query::Setup['localhost']
}
## sessions database
couchdb::mirror_db { 'sessions':
- from => $from,
+ from => $from,
require => Couchdb::Query::Setup['localhost']
}
## shared database
couchdb::mirror_db { 'shared':
- from => $from,
+ from => $from,
require => Couchdb::Query::Setup['localhost']
}
## tickets database
couchdb::mirror_db { 'tickets':
- from => $from,
+ from => $from,
require => Couchdb::Query::Setup['localhost']
}
## tokens database
couchdb::mirror_db { 'tokens':
- from => $from,
+ from => $from,
require => Couchdb::Query::Setup['localhost']
}
## users database
couchdb::mirror_db { 'users':
- from => $from,
+ from => $from,
require => Couchdb::Query::Setup['localhost']
}
## messages db
couchdb::mirror_db { 'messages':
- from => $from,
+ from => $from,
require => Couchdb::Query::Setup['localhost']
}
diff --git a/puppet/modules/site_couchdb/manifests/plain.pp b/puppet/modules/site_couchdb/manifests/plain.pp
new file mode 100644
index 00000000..b40fc100
--- /dev/null
+++ b/puppet/modules/site_couchdb/manifests/plain.pp
@@ -0,0 +1,14 @@
+# this class sets up a single, plain couchdb node
+class site_couchdb::plain {
+ class { 'couchdb':
+ admin_pw => $site_couchdb::couchdb_admin_pw,
+ admin_salt => $site_couchdb::couchdb_admin_salt,
+ chttpd_bind_address => '127.0.0.1'
+ }
+
+ include site_check_mk::agent::couchdb::plain
+
+ # remove bigcouch leftovers from previous installations
+ include ::site_config::remove::bigcouch
+
+}
diff --git a/puppet/modules/site_couchdb/manifests/setup.pp b/puppet/modules/site_couchdb/manifests/setup.pp
index 69bd1c6a..710d3c1c 100644
--- a/puppet/modules/site_couchdb/manifests/setup.pp
+++ b/puppet/modules/site_couchdb/manifests/setup.pp
@@ -12,27 +12,42 @@ class site_couchdb::setup {
$user = $site_couchdb::couchdb_admin_user
- # /etc/couchdb/couchdb-admin.netrc is deployed by couchdb::query::setup
- # we symlink to couchdb.netrc for puppet commands.
- # we symlink this to /root/.netrc for couchdb_scripts (eg. backup)
- # and makes life easier for the admin (i.e. using curl/wget without
- # passing credentials)
+ # setup /etc/couchdb/couchdb-admin.netrc for couchdb admin access
+ couchdb::query::setup { 'localhost':
+ user => $user,
+ pw => $site_couchdb::couchdb_admin_pw
+ }
+
+ # We symlink /etc/couchdb/couchdb-admin.netrc to /etc/couchdb/couchdb.netrc
+ # for puppet commands, and to to /root/.netrc for couchdb_scripts
+ # (eg. backup) and to makes life easier for the admin on the command line
+ # (i.e. using curl/wget without passing credentials)
file {
'/etc/couchdb/couchdb.netrc':
ensure => link,
target => "/etc/couchdb/couchdb-${user}.netrc";
-
'/root/.netrc':
ensure => link,
target => '/etc/couchdb/couchdb.netrc';
+ }
- '/srv/leap/couchdb':
- ensure => directory
+ # setup /etc/couchdb/couchdb-soledad-admin.netrc file for couchdb admin
+ # access, accessible only for the soledad-admin user to create soledad
+ # userdbs
+ if member(hiera('services', []), 'soledad') {
+ file { '/etc/couchdb/couchdb-soledad-admin.netrc':
+ content => "machine localhost login ${user} password ${site_couchdb::couchdb_admin_pw}",
+ mode => '0400',
+ owner => 'soledad-admin',
+ group => 'root',
+ require => [ Package['couchdb'], User['soledad-admin'] ];
+ }
}
- couchdb::query::setup { 'localhost':
- user => $user,
- pw => $site_couchdb::couchdb_admin_pw,
+ # Checkout couchdb_scripts repo
+ file {
+ '/srv/leap/couchdb':
+ ensure => directory
}
vcsrepo { '/srv/leap/couchdb/scripts':
diff --git a/puppet/modules/site_couchdb/manifests/upload_design.pp b/puppet/modules/site_couchdb/manifests/upload_design.pp
index 7b0cabd7..bd73ebf2 100644
--- a/puppet/modules/site_couchdb/manifests/upload_design.pp
+++ b/puppet/modules/site_couchdb/manifests/upload_design.pp
@@ -1,4 +1,5 @@
-define site_couchdb::upload_design($db = $title, $design) {
+# upload a design doc to a db
+define site_couchdb::upload_design($design, $db = $title) {
$design_name = regsubst($design, '^.*\/(.*)\.json$', '\1')
$id = "_design/${design_name}"
$file = "/srv/leap/couchdb/designs/${design}"