summaryrefslogtreecommitdiff
path: root/puppet
diff options
context:
space:
mode:
authorMicah Anderson <micah@riseup.net>2013-03-19 17:41:37 -0400
committerMicah Anderson <micah@riseup.net>2013-03-19 17:55:31 -0400
commit9c1c74c359f80cf0e61b62befee0ec5cc04ab4c3 (patch)
tree285f2dc12c2635ba754bccba6822e67f25a29e48 /puppet
parent01434dcd78746f530f218a7ed8ed37b7b1d5ce71 (diff)
create a separate couchdb.yml.admin that contains the couchdb admin privileges, putting the unprivileged ones in as user webapp in couchdb.yml. This allows us to migrate the couchdb design docs on deployment, but use an unprivileged user the remainder of the time
Diffstat (limited to 'puppet')
-rw-r--r--puppet/modules/site_webapp/manifests/couchdb.pp30
-rw-r--r--puppet/modules/site_webapp/templates/couchdb.yml.admin.erb9
-rw-r--r--puppet/modules/site_webapp/templates/couchdb.yml.erb4
3 files changed, 30 insertions, 13 deletions
diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp
index 760706aa..e89880fe 100644
--- a/puppet/modules/site_webapp/manifests/couchdb.pp
+++ b/puppet/modules/site_webapp/manifests/couchdb.pp
@@ -1,19 +1,27 @@
class site_webapp::couchdb {
- $x509 = hiera('x509')
- $key = $x509['key']
- $cert = $x509['cert']
- $ca = $x509['ca_cert']
- $webapp = hiera('webapp')
- $couchdb_hosts = $webapp['couchdb_hosts']
+ $x509 = hiera('x509')
+ $key = $x509['key']
+ $cert = $x509['cert']
+ $ca = $x509['ca_cert']
+ $webapp = hiera('webapp')
+ $couchdb_hosts = $webapp['couchdb_hosts']
# haproxy listener on port localhost:4096, see site_webapp::haproxy
- $couchdb_host = 'localhost'
- $couchdb_port = '4096'
- $couchdb_user = $webapp['couchdb_user']['username']
- $couchdb_password = $webapp['couchdb_user']['password']
+ $couchdb_host = 'localhost'
+ $couchdb_port = '4096'
+ $couchdb_admin_user = $webapp['couchdb_admin_user']['username']
+ $couchdb_admin_password = $webapp['couchdb_admin_user']['password']
+ $couchdb_webapp_user = $webapp['couchdb_webapp_user']['username']
+ $couchdb_webapp_password = $webapp['couchdb_webapp_user']['password']
file {
- '/srv/leap-webapp/config/couchdb.yml':
+ '/srv/leap-webapp/config/couchdb.yml.admin':
+ content => template('site_webapp/couchdb.yml.admin.erb'),
+ owner => leap-webapp,
+ group => leap-webapp,
+ mode => '0600';
+
+ '/srv/leap-webapp/config/couchdb.yml.webapp':
content => template('site_webapp/couchdb.yml.erb'),
owner => leap-webapp,
group => leap-webapp,
diff --git a/puppet/modules/site_webapp/templates/couchdb.yml.admin.erb b/puppet/modules/site_webapp/templates/couchdb.yml.admin.erb
new file mode 100644
index 00000000..a0921add
--- /dev/null
+++ b/puppet/modules/site_webapp/templates/couchdb.yml.admin.erb
@@ -0,0 +1,9 @@
+production:
+ prefix: ""
+ protocol: 'http'
+ host: <%= @couchdb_host %>
+ port: <%= @couchdb_port %>
+ auto_update_design_doc: false
+ username: <%= @couchdb_admin_user %>
+ password: <%= @couchdb_admin_password %>
+
diff --git a/puppet/modules/site_webapp/templates/couchdb.yml.erb b/puppet/modules/site_webapp/templates/couchdb.yml.erb
index 4855abd8..2bef0af5 100644
--- a/puppet/modules/site_webapp/templates/couchdb.yml.erb
+++ b/puppet/modules/site_webapp/templates/couchdb.yml.erb
@@ -4,6 +4,6 @@ production:
host: <%= @couchdb_host %>
port: <%= @couchdb_port %>
auto_update_design_doc: false
- username: <%= @couchdb_user %>
- password: <%= @couchdb_password %>
+ username: <%= @couchdb_webapp_user %>
+ password: <%= @couchdb_webapp_password %>