diff options
author | varac <varacanero@zeromail.org> | 2015-10-01 12:06:02 +0200 |
---|---|---|
committer | varac <varacanero@zeromail.org> | 2015-10-05 13:18:44 +0200 |
commit | 4fc7419598a3baf564f063b7330b9cf9115420b5 (patch) | |
tree | 9a98dac96b6133daa3fce13329f25f25a2fc2c70 /puppet/modules/soledad | |
parent | 659587b9a56274d87c8c8deda499ccea85f875b5 (diff) |
[feat] Create-user-db: use couchdb admin rights
- create soledad-admin user
- deploy netrc file for userdb creation
- Move soledad-server.conf from /etc/leap to /etc/soledad
- make soledad-server.conf group-accessible for the soledad group, so
the soledad-admin user can read it
- Resolves: #7502
Diffstat (limited to 'puppet/modules/soledad')
-rw-r--r-- | puppet/modules/soledad/manifests/init.pp | 17 | ||||
-rw-r--r-- | puppet/modules/soledad/manifests/server.pp | 21 | ||||
-rw-r--r-- | puppet/modules/soledad/templates/soledad-server.conf.erb | 5 |
3 files changed, 31 insertions, 12 deletions
diff --git a/puppet/modules/soledad/manifests/init.pp b/puppet/modules/soledad/manifests/init.pp index 7cf0b729..6a2c328e 100644 --- a/puppet/modules/soledad/manifests/init.pp +++ b/puppet/modules/soledad/manifests/init.pp @@ -1,18 +1,29 @@ +# set up users, group and directories for soledad-server +# although the soledad users are already created by the +# soledad-server package class soledad { group { 'soledad': - ensure => present, - allowdupe => false; + ensure => present, + system => true, } user { 'soledad': ensure => present, - allowdupe => false, + system => true, gid => 'soledad', home => '/srv/leap/soledad', require => Group['soledad']; } + user { 'soledad-admin': + ensure => present, + system => true, + gid => 'soledad', + home => '/srv/leap/soledad', + require => Group['soledad']; + } + file { '/srv/leap/soledad': ensure => directory, diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp index b71fab69..e437c8f2 100644 --- a/puppet/modules/soledad/manifests/server.pp +++ b/puppet/modules/soledad/manifests/server.pp @@ -1,3 +1,4 @@ +# setup soledad-server class soledad::server { tag 'leap_service' include soledad @@ -22,13 +23,19 @@ class soledad::server { # SOLEDAD CONFIG # - file { '/etc/leap/soledad-server.conf': - content => template('soledad/soledad-server.conf.erb'), - owner => 'soledad', - group => 'soledad', - mode => '0600', - notify => Service['soledad-server'], - require => Class['soledad']; + file { + '/etc/soledad': + ensure => directory, + owner => 'root', + group => 'root', + mode => '0755'; + '/etc/soledad/soledad-server.conf': + content => template('soledad/soledad-server.conf.erb'), + owner => 'soledad', + group => 'soledad', + mode => '0640', + notify => Service['soledad-server'], + require => Class['soledad']; } package { $sources['soledad']['package']: diff --git a/puppet/modules/soledad/templates/soledad-server.conf.erb b/puppet/modules/soledad/templates/soledad-server.conf.erb index 47d1f6e4..42cf44d8 100644 --- a/puppet/modules/soledad/templates/soledad-server.conf.erb +++ b/puppet/modules/soledad/templates/soledad-server.conf.erb @@ -1,3 +1,4 @@ [soledad-server] -couch_url = http://<%= @couchdb_user %>:<%= @couchdb_password %>@<%= @couchdb_host %>:<%= @couchdb_port %> - +couch_url = http://<%= @couchdb_user %>:<%= @couchdb_password %>@<%= @couchdb_host %>:<%= @couchdb_port %> +create_cmd = sudo -u soledad-admin /usr/bin/create-user-db +admin_netrc = /etc/couchdb/couchdb-soledad-admin.netrc |