diff options
| author | Micah Anderson <micah@riseup.net> | 2013-03-19 17:41:37 -0400 |
|---|---|---|
| committer | Micah Anderson <micah@riseup.net> | 2013-03-19 17:55:31 -0400 |
| commit | 9c1c74c359f80cf0e61b62befee0ec5cc04ab4c3 (patch) | |
| tree | 285f2dc12c2635ba754bccba6822e67f25a29e48 /puppet/modules/site_webapp/manifests/couchdb.pp | |
| parent | 01434dcd78746f530f218a7ed8ed37b7b1d5ce71 (diff) | |
create a separate couchdb.yml.admin that contains the couchdb admin privileges, putting the unprivileged ones in as user webapp in couchdb.yml. This allows us to migrate the couchdb design docs on deployment, but use an unprivileged user the remainder of the time
Diffstat (limited to 'puppet/modules/site_webapp/manifests/couchdb.pp')
| -rw-r--r-- | puppet/modules/site_webapp/manifests/couchdb.pp | 30 |
1 files changed, 19 insertions, 11 deletions
diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 760706aa..e89880fe 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -1,19 +1,27 @@ class site_webapp::couchdb { - $x509 = hiera('x509') - $key = $x509['key'] - $cert = $x509['cert'] - $ca = $x509['ca_cert'] - $webapp = hiera('webapp') - $couchdb_hosts = $webapp['couchdb_hosts'] + $x509 = hiera('x509') + $key = $x509['key'] + $cert = $x509['cert'] + $ca = $x509['ca_cert'] + $webapp = hiera('webapp') + $couchdb_hosts = $webapp['couchdb_hosts'] # haproxy listener on port localhost:4096, see site_webapp::haproxy - $couchdb_host = 'localhost' - $couchdb_port = '4096' - $couchdb_user = $webapp['couchdb_user']['username'] - $couchdb_password = $webapp['couchdb_user']['password'] + $couchdb_host = 'localhost' + $couchdb_port = '4096' + $couchdb_admin_user = $webapp['couchdb_admin_user']['username'] + $couchdb_admin_password = $webapp['couchdb_admin_user']['password'] + $couchdb_webapp_user = $webapp['couchdb_webapp_user']['username'] + $couchdb_webapp_password = $webapp['couchdb_webapp_user']['password'] file { - '/srv/leap-webapp/config/couchdb.yml': + '/srv/leap-webapp/config/couchdb.yml.admin': + content => template('site_webapp/couchdb.yml.admin.erb'), + owner => leap-webapp, + group => leap-webapp, + mode => '0600'; + + '/srv/leap-webapp/config/couchdb.yml.webapp': content => template('site_webapp/couchdb.yml.erb'), owner => leap-webapp, group => leap-webapp, |