summaryrefslogtreecommitdiff
path: root/puppet
diff options
context:
space:
mode:
authorvarac <varacanero@zeromail.org>2012-11-03 21:44:12 +0100
committervarac <varacanero@zeromail.org>2012-11-03 21:44:12 +0100
commit8f0ea9039310a348ade5e1e5637aa62fce01579f (patch)
tree951896c88ec7b41296406ec9babac275f6146191 /puppet
parent995bde9b3c1c54b70b5884e2d06534a5cf38d654 (diff)
install apache_ssl_proxy, add users, create DBs + security roles
Diffstat (limited to 'puppet')
-rw-r--r--puppet/modules/site_couchdb/manifests/init.pp58
1 files changed, 30 insertions, 28 deletions
diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index 04b46bf6..26e5cdfd 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -1,8 +1,16 @@
class site_couchdb {
- $x509 = hiera('x509')
- $key = $x509['key']
- $cert = $x509['cert']
+ $x509 = hiera('x509')
+ $key = $x509['key']
+ $cert = $x509['cert']
+ $adminpw = hiera('couchdb_adminpw')
+ $couchdb_leap_web_user = hiera('couchdb_leap_web_user')
+ $couchdb_leap_web_username = $couchdb_leap_web_user['user']
+ $couchdb_leap_web_pw = $couchdb_leap_web_user['pw']
+ $couchdb_leap_ca_user = hiera('couchdb_leap_ca_user')
+ $couchdb_leap_ca_username = $couchdb_leap_ca_user['user']
+ $couchdb_leap_ca_pw = $couchdb_leap_ca_user['pw']
+ $couchdb_host = "admin:$adminpw@127.0.0.1:5984"
# install couchdb package first, then configure it
Class['site_couchdb::package'] -> Class['site_couchdb::configure']
@@ -11,36 +19,30 @@ class site_couchdb {
include site_couchdb::configure
include couchdb::deploy_config
- include apache::ssl
- apache::module {
- 'rewrite': ensure => present;
- 'proxy': ensure => present;
- 'proxy_http': ensure => present;
+ site_couchdb::apache_ssl_proxy { 'apache_ssl_proxy':
+ key => $key,
+ cert => $cert
}
- apache::vhost::file { 'couchdb_proxy': }
- # prevent 0-default.conf and 0-default_ssl.conf from apache module
- # from starting on port 80 / 443
- file { '/etc/apache2/ports.conf':
- content => '',
- mode => '0644',
- owner => 'root',
- group => 'root',
+
+ couchdb::add_user { $couchdb_leap_web_username:
+ host => $couchdb_host,
+ roles => '["certs"]',
+ pw => $couchdb_leap_web_pw
}
- file { '/etc/couchdb/server_cert.pem':
- mode => '0644',
- owner => 'couchdb',
- group => 'couchdb',
- content => $cert,
- notify => Service[apache],
+ couchdb::add_user { $couchdb_leap_ca_username:
+ host => $couchdb_host,
+ roles => '["certs"]',
+ pw => $couchdb_leap_ca_pw
}
- file { '/etc/couchdb/server_key.pem':
- mode => '0600',
- owner => 'couchdb',
- group => 'couchdb',
- content => $key,
- notify => Service[apache],
+ couchdb::create_db { 'leap_web':
+ host => $couchdb_host,
+ readers => "{ \"names\": [\"leap_web\"], \"roles\": [] }"
}
+ couchdb::create_db { 'leap_ca':
+ host => $couchdb_host,
+ readers => "{ \"names\": [], \"roles\": [\"certs\"] }"
+ }
}