initial mx couchdb stunnel configuration

2 files changed, 36 insertions, 0 deletions

diff --git a/puppet/modules/site_mx/manifests/couchdb.pp b/puppet/modules/site_mx/manifests/couchdb.pp
new file mode 100644
index 00000000..f842ceab
--- /dev/null
+++ b/puppet/modules/site_mx/manifests/couchdb.pp
@@ -0,0 +1,35 @@
+class site_mx::couchdb {
+
+  $stunnel = hiera('stunnel')
+  $couch_client            = $stunnel['couch_client']
+  $couch_client_connect    = $couch_client['connect']
+
+  include x509::variables
+  $x509                    = hiera('x509')
+  $key                     = $x509['key']
+  $cert                    = $x509['cert']
+  $ca                      = $x509['ca_cert']
+  $cert_name               = 'leap_couchdb'
+  $ca_name                 = 'leap_ca'
+  $ca_path                 = "${x509::variables::local_CAs}/${ca_name}.crt"
+  $cert_path               = "${x509::variables::certs}/${cert_name}.crt"
+  $key_path                = "${x509::variables::keys}/${cert_name}.key"
+
+  class { 'site_stunnel::setup':
+    cert_name => $cert_name,
+    key       => $key,
+    cert      => $cert,
+    ca_name   => $ca_name,
+    ca        => $ca
+  }
+
+  $couchdb_stunnel_client_defaults = {
+    'connect_port' => $couch_client_connect,
+    'client'     => true,
+    'cafile'     => $ca_path,
+    'key'        => $key_path,
+    'cert'       => $cert_path,
+  }
+
+  create_resources(site_stunnel::clients, $couch_client, $couchdb_stunnel_client_defaults)
+}
diff --git a/puppet/modules/site_mx/manifests/init.pp b/puppet/modules/site_mx/manifests/init.pp
index 8c8b8d7e..86ae56e1 100644
--- a/puppet/modules/site_mx/manifests/init.pp
+++ b/puppet/modules/site_mx/manifests/init.pp
@@ -5,4 +5,5 @@ class site_mx {
   include site_mx::haproxy
   include site_shorewall::mx
   include site_shorewall::service::smtp
+  include site_mx::couchdb
 }