diff options
| author | varac <varacanero@zeromail.org> | 2015-10-01 12:06:02 +0200 |
|---|---|---|
| committer | varac <varacanero@zeromail.org> | 2015-10-05 13:18:44 +0200 |
| commit | 4fc7419598a3baf564f063b7330b9cf9115420b5 (patch) | |
| tree | 9a98dac96b6133daa3fce13329f25f25a2fc2c70 /puppet/modules/site_couchdb | |
| parent | 659587b9a56274d87c8c8deda499ccea85f875b5 (diff) | |
[feat] Create-user-db: use couchdb admin rights
- create soledad-admin user
- deploy netrc file for userdb creation
- Move soledad-server.conf from /etc/leap to /etc/soledad
- make soledad-server.conf group-accessible for the soledad group, so
the soledad-admin user can read it
- Resolves: #7502
Diffstat (limited to 'puppet/modules/site_couchdb')
| -rw-r--r-- | puppet/modules/site_couchdb/manifests/setup.pp | 35 |
1 files changed, 24 insertions, 11 deletions
diff --git a/puppet/modules/site_couchdb/manifests/setup.pp b/puppet/modules/site_couchdb/manifests/setup.pp index 69bd1c6a..fef48505 100644 --- a/puppet/modules/site_couchdb/manifests/setup.pp +++ b/puppet/modules/site_couchdb/manifests/setup.pp @@ -12,27 +12,40 @@ class site_couchdb::setup { $user = $site_couchdb::couchdb_admin_user - # /etc/couchdb/couchdb-admin.netrc is deployed by couchdb::query::setup - # we symlink to couchdb.netrc for puppet commands. - # we symlink this to /root/.netrc for couchdb_scripts (eg. backup) - # and makes life easier for the admin (i.e. using curl/wget without - # passing credentials) + # setup /etc/couchdb/couchdb-admin.netrc for couchdb admin access + couchdb::query::setup { 'localhost': + user => $user, + pw => $site_couchdb::couchdb_admin_pw + } + + # We symlink /etc/couchdb/couchdb-admin.netrc to /etc/couchdb/couchdb.netrc + # for puppet commands, and to to /root/.netrc for couchdb_scripts + # (eg. backup) and to makes life easier for the admin on the command line + # (i.e. using curl/wget without passing credentials) file { '/etc/couchdb/couchdb.netrc': ensure => link, target => "/etc/couchdb/couchdb-${user}.netrc"; - '/root/.netrc': ensure => link, target => '/etc/couchdb/couchdb.netrc'; + } - '/srv/leap/couchdb': - ensure => directory + # setup /etc/couchdb/couchdb-soledad-admin.netrc file for couchdb admin + # access, accessible only for the soledad-admin user to create soledad + # userdbs + file { '/etc/couchdb/couchdb-soledad-admin.netrc': + content => "machine localhost login ${user} password ${site_couchdb::couchdb_admin_pw}", + mode => '0400', + owner => 'soledad-admin', + group => 'root', + require => [ Package['couchdb'], User['soledad-admin'] ]; } - couchdb::query::setup { 'localhost': - user => $user, - pw => $site_couchdb::couchdb_admin_pw, + # Checkout couchdb_scripts repo + file { + '/srv/leap/couchdb': + ensure => directory } vcsrepo { '/srv/leap/couchdb/scripts': |