Merge pull request #4 from azul/feature/couch

permissions for replication

5 files changed, 14 insertions, 7 deletions

diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp
index 0585da27..2f734ed4 100644
--- a/puppet/modules/site_couchdb/manifests/add_users.pp
+++ b/puppet/modules/site_couchdb/manifests/add_users.pp
@@ -57,7 +57,7 @@ class site_couchdb::add_users {
   ## replication couchdb user
   ## read/write: all databases for replication
   couchdb::add_user { $site_couchdb::couchdb_replication_user:
-    roles   => '["repliction"]',
+    roles   => '["replication"]',
     pw      => $site_couchdb::couchdb_replication_pw,
     salt    => $site_couchdb::couchdb_replication_salt,
     require => Couchdb::Query::Setup['localhost']
diff --git a/puppet/modules/site_couchdb/manifests/mirror.pp b/puppet/modules/site_couchdb/manifests/mirror.pp
index df305737..1cbd9bcc 100644
--- a/puppet/modules/site_couchdb/manifests/mirror.pp
+++ b/puppet/modules/site_couchdb/manifests/mirror.pp
@@ -6,8 +6,6 @@ class site_couchdb::mirror {
     chttpd_bind_address => '127.0.0.1'
   }
 
-  # Couchdb databases
-
   $masters = $site_couchdb::couchdb_config['replication']['masters']
   $master_node_names = keys($site_couchdb::couchdb_config['replication']['masters'])
   $master_node = $masters[$master_node_names[0]]
diff --git a/puppet/modules/site_couchdb/manifests/setup.pp b/puppet/modules/site_couchdb/manifests/setup.pp
index e398356b..69bd1c6a 100644
--- a/puppet/modules/site_couchdb/manifests/setup.pp
+++ b/puppet/modules/site_couchdb/manifests/setup.pp
@@ -10,11 +10,18 @@ class site_couchdb::setup {
     ensure => absent
   }
 
-  # /etc/couchdb/couchdb.netrc is deployed by couchdb::query::setup
+  $user = $site_couchdb::couchdb_admin_user
+
+  # /etc/couchdb/couchdb-admin.netrc is deployed by couchdb::query::setup
+  # we symlink to couchdb.netrc for puppet commands.
   # we symlink this to /root/.netrc for couchdb_scripts (eg. backup)
   # and makes life easier for the admin (i.e. using curl/wget without
   # passing credentials)
   file {
+    '/etc/couchdb/couchdb.netrc':
+      ensure  => link,
+      target  => "/etc/couchdb/couchdb-${user}.netrc";
+
     '/root/.netrc':
       ensure  => link,
       target  => '/etc/couchdb/couchdb.netrc';
@@ -24,7 +31,7 @@ class site_couchdb::setup {
   }
 
   couchdb::query::setup { 'localhost':
-    user  => $site_couchdb::couchdb_admin_user,
+    user  => $user,
     pw    => $site_couchdb::couchdb_admin_pw,
   }
 
diff --git a/puppet/modules/tapicero/manifests/init.pp b/puppet/modules/tapicero/manifests/init.pp
index 1db75eb0..fd8c1344 100644
--- a/puppet/modules/tapicero/manifests/init.pp
+++ b/puppet/modules/tapicero/manifests/init.pp
@@ -12,7 +12,8 @@ class tapicero {
   $couchdb_soledad_user    = $couchdb_users['soledad']['username']
   $couchdb_leap_mx_user    = $couchdb_users['leap_mx']['username']
 
-  $couchdb_mirror          = $couchdb['mode'] == 'mirror'
+  $couchdb_mode            = $couchdb['mode']
+  $couchdb_replication     = $couchdb['replication']
 
   Class['site_config::default'] -> Class['tapicero']
 
diff --git a/puppet/modules/tapicero/templates/tapicero.yaml.erb b/puppet/modules/tapicero/templates/tapicero.yaml.erb
index 3a5f821e..182a6aa6 100644
--- a/puppet/modules/tapicero/templates/tapicero.yaml.erb
+++ b/puppet/modules/tapicero/templates/tapicero.yaml.erb
@@ -24,7 +24,8 @@ log_level: info
 options:
   # prefix for per user databases:
   db_prefix: "user-"
-  mirror: <%= @couchdb_mirror %>
+  mode: <%= @couchdb_mode %>
+  replication: <%= @couchdb_replication %>
 
   # security settings to be used for the per user databases
   security: