summaryrefslogtreecommitdiff
path: root/puppet/modules/site_couchdb/manifests
diff options
context:
space:
mode:
authorMicah Anderson <micah@riseup.net>2013-02-19 15:18:30 -0500
committerMicah Anderson <micah@riseup.net>2013-02-19 15:18:30 -0500
commit4dcc5f884cd22d0673f6493799ace2f03a9e66fe (patch)
tree3f3f5c217c40f3037c1b2a9cd8da3fe91fdd8389 /puppet/modules/site_couchdb/manifests
parent253b765620961bbc9d96e8f3653b0b9693d29811 (diff)
parent2e5eec3856b58aaff0a2049599a6455e6ff91122 (diff)
Merge remote-tracking branch 'origin/release/v0.2.0'0.2.0
Diffstat (limited to 'puppet/modules/site_couchdb/manifests')
-rw-r--r--puppet/modules/site_couchdb/manifests/apache_ssl_proxy.pp25
-rw-r--r--puppet/modules/site_couchdb/manifests/configure.pp27
-rw-r--r--puppet/modules/site_couchdb/manifests/init.pp64
3 files changed, 116 insertions, 0 deletions
diff --git a/puppet/modules/site_couchdb/manifests/apache_ssl_proxy.pp b/puppet/modules/site_couchdb/manifests/apache_ssl_proxy.pp
new file mode 100644
index 00000000..7739473e
--- /dev/null
+++ b/puppet/modules/site_couchdb/manifests/apache_ssl_proxy.pp
@@ -0,0 +1,25 @@
+define site_couchdb::apache_ssl_proxy ($key, $cert) {
+
+ $apache_no_default_site = true
+ include apache
+ apache::module {
+ 'proxy': ensure => present;
+ 'proxy_http': ensure => present;
+ 'rewrite': ensure => present;
+ 'ssl': ensure => present;
+ }
+ apache::vhost::file { 'couchdb_proxy': }
+
+ x509::key {
+ 'leap_couchdb':
+ content => $key,
+ notify => Service[apache];
+ }
+
+ x509::cert {
+ 'leap_couchdb':
+ content => $cert,
+ notify => Service[apache];
+ }
+
+}
diff --git a/puppet/modules/site_couchdb/manifests/configure.pp b/puppet/modules/site_couchdb/manifests/configure.pp
new file mode 100644
index 00000000..333511b5
--- /dev/null
+++ b/puppet/modules/site_couchdb/manifests/configure.pp
@@ -0,0 +1,27 @@
+class site_couchdb::configure {
+
+ file { '/etc/init.d/couchdb':
+ source => 'puppet:///modules/site_couchdb/couchdb',
+ mode => '0755',
+ owner => 'root',
+ group => 'root',
+ }
+
+ file { '/etc/couchdb/local.d/admin.ini':
+ content => "[admins]
+admin = $site_couchdb::couchdb_admin_pw
+",
+ mode => '0600',
+ owner => 'couchdb',
+ group => 'couchdb',
+ notify => Service[couchdb]
+ }
+
+
+ exec { '/etc/init.d/couchdb restart; sleep 6':
+ path => ['/bin', '/usr/bin',],
+ subscribe => File['/etc/couchdb/local.d/admin.ini',
+ '/etc/couchdb/local.ini'],
+ refreshonly => true
+ }
+}
diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
new file mode 100644
index 00000000..9ecde5e6
--- /dev/null
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -0,0 +1,64 @@
+class site_couchdb {
+ tag 'leap_service'
+ include couchdb
+
+ $x509 = hiera('x509')
+ $key = $x509['key']
+ $cert = $x509['cert']
+ $couchdb_config = hiera('couch')
+ $couchdb_users = $couchdb_config['users']
+ $couchdb_admin = $couchdb_users['admin']
+ $couchdb_admin_user = $couchdb_admin['username']
+ $couchdb_admin_pw = $couchdb_admin['password']
+ $couchdb_webapp = $couchdb_users['webapp']
+ $couchdb_webapp_user = $couchdb_webapp['username']
+ $couchdb_webapp_pw = $couchdb_webapp['password']
+ $couchdb_ca_daemon = $couchdb_users['ca_daemon']
+ $couchdb_ca_daemon_user = $couchdb_ca_daemon['username']
+ $couchdb_ca_daemon_pw = $couchdb_ca_daemon['password']
+
+ Package ['couchdb']
+ -> File['/etc/init.d/couchdb']
+ -> File['/etc/couchdb/local.ini']
+ -> File['/etc/couchdb/local.d/admin.ini']
+ -> File['/etc/couchdb/couchdb.netrc']
+ -> Couchdb::Create_db['users']
+ -> Couchdb::Create_db['client_certificates']
+ -> Couchdb::Add_user[$couchdb_webapp_user]
+ -> Couchdb::Add_user[$couchdb_ca_daemon_user]
+ -> Site_couchdb::Apache_ssl_proxy['apache_ssl_proxy']
+
+ include site_couchdb::configure
+ include couchdb::deploy_config
+
+ site_couchdb::apache_ssl_proxy { 'apache_ssl_proxy':
+ key => $key,
+ cert => $cert
+ }
+
+ couchdb::query::setup { 'localhost':
+ user => $couchdb_admin_user,
+ pw => $couchdb_admin_pw
+ }
+
+ # Populate couchdb
+ couchdb::add_user { $couchdb_webapp_user:
+ roles => '["certs"]',
+ pw => $couchdb_webapp_pw
+ }
+
+ couchdb::add_user { $couchdb_ca_daemon_user:
+ roles => '["certs"]',
+ pw => $couchdb_ca_daemon_pw
+ }
+
+ couchdb::create_db { 'users':
+ readers => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }"
+ }
+
+ couchdb::create_db { 'client_certificates':
+ readers => "{ \"names\": [], \"roles\": [\"certs\"] }"
+ }
+
+ include site_shorewall::couchdb
+}