diff options
author | varac <varacanero@zeromail.org> | 2012-11-03 21:44:12 +0100 |
---|---|---|
committer | varac <varacanero@zeromail.org> | 2012-11-03 21:44:12 +0100 |
commit | 8f0ea9039310a348ade5e1e5637aa62fce01579f (patch) | |
tree | 951896c88ec7b41296406ec9babac275f6146191 /puppet | |
parent | 995bde9b3c1c54b70b5884e2d06534a5cf38d654 (diff) |
install apache_ssl_proxy, add users, create DBs + security roles
Diffstat (limited to 'puppet')
-rw-r--r-- | puppet/modules/site_couchdb/manifests/init.pp | 58 |
1 files changed, 30 insertions, 28 deletions
diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 04b46bf6..26e5cdfd 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -1,8 +1,16 @@ class site_couchdb { - $x509 = hiera('x509') - $key = $x509['key'] - $cert = $x509['cert'] + $x509 = hiera('x509') + $key = $x509['key'] + $cert = $x509['cert'] + $adminpw = hiera('couchdb_adminpw') + $couchdb_leap_web_user = hiera('couchdb_leap_web_user') + $couchdb_leap_web_username = $couchdb_leap_web_user['user'] + $couchdb_leap_web_pw = $couchdb_leap_web_user['pw'] + $couchdb_leap_ca_user = hiera('couchdb_leap_ca_user') + $couchdb_leap_ca_username = $couchdb_leap_ca_user['user'] + $couchdb_leap_ca_pw = $couchdb_leap_ca_user['pw'] + $couchdb_host = "admin:$adminpw@127.0.0.1:5984" # install couchdb package first, then configure it Class['site_couchdb::package'] -> Class['site_couchdb::configure'] @@ -11,36 +19,30 @@ class site_couchdb { include site_couchdb::configure include couchdb::deploy_config - include apache::ssl - apache::module { - 'rewrite': ensure => present; - 'proxy': ensure => present; - 'proxy_http': ensure => present; + site_couchdb::apache_ssl_proxy { 'apache_ssl_proxy': + key => $key, + cert => $cert } - apache::vhost::file { 'couchdb_proxy': } - # prevent 0-default.conf and 0-default_ssl.conf from apache module - # from starting on port 80 / 443 - file { '/etc/apache2/ports.conf': - content => '', - mode => '0644', - owner => 'root', - group => 'root', + + couchdb::add_user { $couchdb_leap_web_username: + host => $couchdb_host, + roles => '["certs"]', + pw => $couchdb_leap_web_pw } - file { '/etc/couchdb/server_cert.pem': - mode => '0644', - owner => 'couchdb', - group => 'couchdb', - content => $cert, - notify => Service[apache], + couchdb::add_user { $couchdb_leap_ca_username: + host => $couchdb_host, + roles => '["certs"]', + pw => $couchdb_leap_ca_pw } - file { '/etc/couchdb/server_key.pem': - mode => '0600', - owner => 'couchdb', - group => 'couchdb', - content => $key, - notify => Service[apache], + couchdb::create_db { 'leap_web': + host => $couchdb_host, + readers => "{ \"names\": [\"leap_web\"], \"roles\": [] }" } + couchdb::create_db { 'leap_ca': + host => $couchdb_host, + readers => "{ \"names\": [], \"roles\": [\"certs\"] }" + } } |