diff options
author | Micah Anderson <micah@riseup.net> | 2013-03-19 17:41:37 -0400 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2013-03-19 17:55:31 -0400 |
commit | 9c1c74c359f80cf0e61b62befee0ec5cc04ab4c3 (patch) | |
tree | 285f2dc12c2635ba754bccba6822e67f25a29e48 /puppet | |
parent | 01434dcd78746f530f218a7ed8ed37b7b1d5ce71 (diff) |
create a separate couchdb.yml.admin that contains the couchdb admin privileges, putting the unprivileged ones in as user webapp in couchdb.yml. This allows us to migrate the couchdb design docs on deployment, but use an unprivileged user the remainder of the time
Diffstat (limited to 'puppet')
-rw-r--r-- | puppet/modules/site_webapp/manifests/couchdb.pp | 30 | ||||
-rw-r--r-- | puppet/modules/site_webapp/templates/couchdb.yml.admin.erb | 9 | ||||
-rw-r--r-- | puppet/modules/site_webapp/templates/couchdb.yml.erb | 4 |
3 files changed, 30 insertions, 13 deletions
diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 760706aa..e89880fe 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -1,19 +1,27 @@ class site_webapp::couchdb { - $x509 = hiera('x509') - $key = $x509['key'] - $cert = $x509['cert'] - $ca = $x509['ca_cert'] - $webapp = hiera('webapp') - $couchdb_hosts = $webapp['couchdb_hosts'] + $x509 = hiera('x509') + $key = $x509['key'] + $cert = $x509['cert'] + $ca = $x509['ca_cert'] + $webapp = hiera('webapp') + $couchdb_hosts = $webapp['couchdb_hosts'] # haproxy listener on port localhost:4096, see site_webapp::haproxy - $couchdb_host = 'localhost' - $couchdb_port = '4096' - $couchdb_user = $webapp['couchdb_user']['username'] - $couchdb_password = $webapp['couchdb_user']['password'] + $couchdb_host = 'localhost' + $couchdb_port = '4096' + $couchdb_admin_user = $webapp['couchdb_admin_user']['username'] + $couchdb_admin_password = $webapp['couchdb_admin_user']['password'] + $couchdb_webapp_user = $webapp['couchdb_webapp_user']['username'] + $couchdb_webapp_password = $webapp['couchdb_webapp_user']['password'] file { - '/srv/leap-webapp/config/couchdb.yml': + '/srv/leap-webapp/config/couchdb.yml.admin': + content => template('site_webapp/couchdb.yml.admin.erb'), + owner => leap-webapp, + group => leap-webapp, + mode => '0600'; + + '/srv/leap-webapp/config/couchdb.yml.webapp': content => template('site_webapp/couchdb.yml.erb'), owner => leap-webapp, group => leap-webapp, diff --git a/puppet/modules/site_webapp/templates/couchdb.yml.admin.erb b/puppet/modules/site_webapp/templates/couchdb.yml.admin.erb new file mode 100644 index 00000000..a0921add --- /dev/null +++ b/puppet/modules/site_webapp/templates/couchdb.yml.admin.erb @@ -0,0 +1,9 @@ +production: + prefix: "" + protocol: 'http' + host: <%= @couchdb_host %> + port: <%= @couchdb_port %> + auto_update_design_doc: false + username: <%= @couchdb_admin_user %> + password: <%= @couchdb_admin_password %> + diff --git a/puppet/modules/site_webapp/templates/couchdb.yml.erb b/puppet/modules/site_webapp/templates/couchdb.yml.erb index 4855abd8..2bef0af5 100644 --- a/puppet/modules/site_webapp/templates/couchdb.yml.erb +++ b/puppet/modules/site_webapp/templates/couchdb.yml.erb @@ -4,6 +4,6 @@ production: host: <%= @couchdb_host %> port: <%= @couchdb_port %> auto_update_design_doc: false - username: <%= @couchdb_user %> - password: <%= @couchdb_password %> + username: <%= @couchdb_webapp_user %> + password: <%= @couchdb_webapp_password %> |