8 files changed, 186 insertions, 93 deletions

diff --git a/puppet/modules/site_couchdb/manifests/bigcouch.pp b/puppet/modules/site_couchdb/manifests/bigcouch.pp
new file mode 100644
index 00000000..97c8cd12
--- /dev/null
+++ b/puppet/modules/site_couchdb/manifests/bigcouch.pp
@@ -0,0 +1,20 @@
+class site_couchdb::bigcouch {
+
+  $config         = $::site_couchdb::couchdb_config['bigcouch']
+  $cookie         = $config['cookie']
+
+  $ednp_port               = $config['ednp_port']
+
+  Class['site_config::default']
+    -> Class['site_couchdb::bigcouch::add_nodes']
+    -> Class['site_couchdb::bigcouch::settle_cluster']
+
+  include site_couchdb::bigcouch::add_nodes
+  include site_couchdb::bigcouch::settle_cluster
+  include site_couchdb::bigcouch::compaction
+  include site_shorewall::couchdb::bigcouch
+
+  file { '/var/log/bigcouch':
+    ensure => directory
+  }
+}
diff --git a/puppet/modules/site_couchdb/manifests/bigcouch/add_nodes.pp b/puppet/modules/site_couchdb/manifests/bigcouch/add_nodes.pp
index 97e85785..c8c43275 100644
--- a/puppet/modules/site_couchdb/manifests/bigcouch/add_nodes.pp
+++ b/puppet/modules/site_couchdb/manifests/bigcouch/add_nodes.pp
@@ -1,6 +1,6 @@
 class site_couchdb::bigcouch::add_nodes {
   # loop through neighbors array and add nodes
-  $nodes = $::site_couchdb::bigcouch_config['neighbors']
+  $nodes = $::site_couchdb::bigcouch::config['neighbors']
 
   couchdb::bigcouch::add_node { $nodes:
     require => Couchdb::Query::Setup['localhost']
diff --git a/puppet/modules/site_couchdb/manifests/bigcouch/stunnel.pp b/puppet/modules/site_couchdb/manifests/bigcouch/stunnel.pp
new file mode 100644
index 00000000..5166ba93
--- /dev/null
+++ b/puppet/modules/site_couchdb/manifests/bigcouch/stunnel.pp
@@ -0,0 +1,89 @@
+class site_couchdb::bigcouch::stunnel {
+
+  $stunnel              = hiera('stunnel')
+
+  include site_config::x509::cert
+  include site_config::x509::key
+  include site_config::x509::ca
+
+  include x509::variables
+  $ca_path   = "${x509::variables::local_CAs}/${site_config::params::ca_name}.crt"
+  $cert_path = "${x509::variables::certs}/${site_config::params::cert_name}.crt"
+  $key_path  = "${x509::variables::keys}/${site_config::params::cert_name}.key"
+
+
+  # Erlang Port Mapper Daemon (epmd) stunnel server/clients
+  $epmd_server          = $stunnel['epmd_server']
+  $epmd_server_accept   = $epmd_server['accept']
+  $epmd_server_connect  = $epmd_server['connect']
+  $epmd_clients         = $stunnel['epmd_clients']
+
+  # Erlang Distributed Node Protocol (ednp) stunnel server/clients
+  $ednp_server          = $stunnel['ednp_server']
+  $ednp_server_accept   = $ednp_server['accept']
+  $ednp_server_connect  = $ednp_server['connect']
+  $ednp_clients         = $stunnel['ednp_clients']
+
+
+  # setup stunnel server for Erlang Port Mapper Daemon (epmd), necessary for
+  # bigcouch clustering between each bigcouchdb node
+  stunnel::service { 'epmd_server':
+    accept     => $epmd_server_accept,
+    connect    => $epmd_server_connect,
+    client     => false,
+    cafile     => $ca_path,
+    key        => $key_path,
+    cert       => $cert_path,
+    verify     => '2',
+    pid        => '/var/run/stunnel4/epmd_server.pid',
+    rndfile    => '/var/lib/stunnel4/.rnd',
+    debuglevel => '4',
+    require    => [
+      Class['Site_config::X509::Key'],
+      Class['Site_config::X509::Cert'],
+      Class['Site_config::X509::Ca'] ];
+  }
+
+  # setup stunnel clients for Erlang Port Mapper Daemon (epmd) to connect
+  # to the above epmd stunnel server.
+  $epmd_client_defaults = {
+    'client'       => true,
+    'cafile'       => $ca_path,
+    'key'          => $key_path,
+    'cert'         => $cert_path,
+  }
+
+  create_resources(site_stunnel::clients, $epmd_clients, $epmd_client_defaults)
+
+  # setup stunnel server for Erlang Distributed Node Protocol (ednp), necessary
+  # for bigcouch clustering between each bigcouchdb node
+  stunnel::service { 'ednp_server':
+    accept     => $ednp_server_accept,
+    connect    => $ednp_server_connect,
+    client     => false,
+    cafile     => $ca_path,
+    key        => $key_path,
+    cert       => $cert_path,
+    verify     => '2',
+    pid        => '/var/run/stunnel4/ednp_server.pid',
+    rndfile    => '/var/lib/stunnel4/.rnd',
+    debuglevel => '4',
+    require    => [
+      Class['Site_config::X509::Key'],
+      Class['Site_config::X509::Cert'],
+      Class['Site_config::X509::Ca'] ];
+  }
+
+  # setup stunnel clients for Erlang Distributed Node Protocol (ednp) to connect
+  # to the above ednp stunnel server.
+  $ednp_client_defaults = {
+    'client'       => true,
+    'cafile'       => $ca_path,
+    'key'          => $key_path,
+    'cert'         => $cert_path,
+  }
+
+  create_resources(site_stunnel::clients, $ednp_clients, $ednp_client_defaults)
+
+  include site_check_mk::agent::stunnel
+}
diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index 3614661d..0b923c9f 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -35,14 +35,10 @@ class site_couchdb {
   $couchdb_webapp_salt     = $couchdb_webapp['salt']
 
   $couchdb_backup          = $couchdb_config['backup']
-
-  $bigcouch_config         = $couchdb_config['bigcouch']
-  $bigcouch_cookie         = $bigcouch_config['cookie']
-
-  $ednp_port               = $bigcouch_config['ednp_port']
+  $couchdb_mode            = $couchdb_config['mode']
 
   class { 'couchdb':
-    bigcouch            => true,
+    bigcouch            => $couchdb_bigcouch,
     admin_pw            => $couchdb_admin_pw,
     admin_salt          => $couchdb_admin_salt,
     bigcouch_cookie     => $bigcouch_cookie,
@@ -63,8 +59,6 @@ class site_couchdb {
     -> Class['site_couchdb::stunnel']
     -> Service['couchdb']
     -> File['/root/.netrc']
-    -> Class['site_couchdb::bigcouch::add_nodes']
-    -> Class['site_couchdb::bigcouch::settle_cluster']
     -> Class['site_couchdb::create_dbs']
     -> Class['site_couchdb::add_users']
 
@@ -95,24 +89,19 @@ class site_couchdb {
   }
 
   include site_couchdb::stunnel
-  include site_couchdb::bigcouch::add_nodes
-  include site_couchdb::bigcouch::settle_cluster
   include site_couchdb::create_dbs
   include site_couchdb::add_users
   include site_couchdb::designs
   include site_couchdb::logrotate
-  include site_couchdb::bigcouch::compaction
 
-  if $couchdb_backup { include site_couchdb::backup }
+  if $couchdb_mode == "multimaster" { include site_couchdb::bigcouch }
+  if $couchdb_mode == "mirror"      { include site_couchdb::mirror }
+
+  if $couchdb_backup   { include site_couchdb::backup }
 
   include site_shorewall::couchdb
-  include site_shorewall::couchdb::bigcouch
 
   include site_check_mk::agent::couchdb
   include site_check_mk::agent::tapicero
 
-  file { '/var/log/bigcouch':
-    ensure => directory
-  }
-
 }
diff --git a/puppet/modules/site_couchdb/manifests/mirror.pp b/puppet/modules/site_couchdb/manifests/mirror.pp
new file mode 100644
index 00000000..708171e4
--- /dev/null
+++ b/puppet/modules/site_couchdb/manifests/mirror.pp
@@ -0,0 +1,61 @@
+class site_couchdb::mirror {
+
+  # Couchdb databases
+
+  $from = $site_couchdb::couchdb_config['replication']['masters'][0]
+
+  ### customer database
+  couchdb::mirror_db { 'customers':
+    from => $from,
+    require => Couchdb::Query::Setup['localhost']
+  }
+
+  ## identities database
+  couchdb::mirror_db { 'identities':
+    from => $from,
+    require => Couchdb::Query::Setup['localhost']
+  }
+
+  ## keycache database
+  couchdb::mirror_db { 'keycache':
+    from => $from,
+    require => Couchdb::Query::Setup['localhost']
+  }
+
+  ## sessions database
+  couchdb::mirror_db { 'sessions':
+    from => $from,
+    require => Couchdb::Query::Setup['localhost']
+  }
+
+  ## shared database
+  couchdb::mirror_db { 'shared':
+    from => $from,
+    require => Couchdb::Query::Setup['localhost']
+  }
+
+  ## tickets database
+  couchdb::mirror_db { 'tickets':
+    from => $from,
+    require => Couchdb::Query::Setup['localhost']
+  }
+
+  ## tokens database
+  couchdb::mirror_db { 'tokens':
+    from => $from,
+    require => Couchdb::Query::Setup['localhost']
+  }
+
+  ## users database
+  couchdb::mirror_db { 'users':
+    from => $from,
+    require => Couchdb::Query::Setup['localhost']
+  }
+
+  ## messages db
+  couchdb::mirror_db { 'messages':
+    from => $from,
+    require => Couchdb::Query::Setup['localhost']
+  }
+
+}
diff --git a/puppet/modules/site_couchdb/manifests/stunnel.pp b/puppet/modules/site_couchdb/manifests/stunnel.pp
index 91f1e3aa..484a0c00 100644
--- a/puppet/modules/site_couchdb/manifests/stunnel.pp
+++ b/puppet/modules/site_couchdb/manifests/stunnel.pp
@@ -1,29 +1,21 @@
 class site_couchdb::stunnel {
 
   $stunnel              = hiera('stunnel')
+  $couchdb_config       = hiera('couch')
+  $couchdb_bigcouch     = $couchdb_config['mode'] == "multimaster"
 
   $couch_server         = $stunnel['couch_server']
   $couch_server_accept  = $couch_server['accept']
   $couch_server_connect = $couch_server['connect']
 
-  # Erlang Port Mapper Daemon (epmd) stunnel server/clients
-  $epmd_server          = $stunnel['epmd_server']
-  $epmd_server_accept   = $epmd_server['accept']
-  $epmd_server_connect  = $epmd_server['connect']
-  $epmd_clients         = $stunnel['epmd_clients']
-
-  # Erlang Distributed Node Protocol (ednp) stunnel server/clients
-  $ednp_server          = $stunnel['ednp_server']
-  $ednp_server_accept   = $ednp_server['accept']
-  $ednp_server_connect  = $ednp_server['connect']
-  $ednp_clients         = $stunnel['ednp_clients']
-
-
-
   include site_config::x509::cert
   include site_config::x509::key
   include site_config::x509::ca
 
+  if $couchdb_bigcouch {
+    include site_couchdb::bigcouch::stunnel
+  }
+
   include x509::variables
   $ca_path   = "${x509::variables::local_CAs}/${site_config::params::ca_name}.crt"
   $cert_path = "${x509::variables::certs}/${site_config::params::cert_name}.crt"
@@ -47,66 +39,5 @@ class site_couchdb::stunnel {
       Class['Site_config::X509::Ca'] ];
   }
 
-
-  # setup stunnel server for Erlang Port Mapper Daemon (epmd), necessary for
-  # bigcouch clustering between each bigcouchdb node
-  stunnel::service { 'epmd_server':
-    accept     => $epmd_server_accept,
-    connect    => $epmd_server_connect,
-    client     => false,
-    cafile     => $ca_path,
-    key        => $key_path,
-    cert       => $cert_path,
-    verify     => '2',
-    pid        => '/var/run/stunnel4/epmd_server.pid',
-    rndfile    => '/var/lib/stunnel4/.rnd',
-    debuglevel => '4',
-    require    => [
-      Class['Site_config::X509::Key'],
-      Class['Site_config::X509::Cert'],
-      Class['Site_config::X509::Ca'] ];
-  }
-
-  # setup stunnel clients for Erlang Port Mapper Daemon (epmd) to connect
-  # to the above epmd stunnel server.
-  $epmd_client_defaults = {
-    'client'       => true,
-    'cafile'       => $ca_path,
-    'key'          => $key_path,
-    'cert'         => $cert_path,
-  }
-
-  create_resources(site_stunnel::clients, $epmd_clients, $epmd_client_defaults)
-
-  # setup stunnel server for Erlang Distributed Node Protocol (ednp), necessary
-  # for bigcouch clustering between each bigcouchdb node
-  stunnel::service { 'ednp_server':
-    accept     => $ednp_server_accept,
-    connect    => $ednp_server_connect,
-    client     => false,
-    cafile     => $ca_path,
-    key        => $key_path,
-    cert       => $cert_path,
-    verify     => '2',
-    pid        => '/var/run/stunnel4/ednp_server.pid',
-    rndfile    => '/var/lib/stunnel4/.rnd',
-    debuglevel => '4',
-    require    => [
-      Class['Site_config::X509::Key'],
-      Class['Site_config::X509::Cert'],
-      Class['Site_config::X509::Ca'] ];
-  }
-
-  # setup stunnel clients for Erlang Distributed Node Protocol (ednp) to connect
-  # to the above ednp stunnel server.
-  $ednp_client_defaults = {
-    'client'       => true,
-    'cafile'       => $ca_path,
-    'key'          => $key_path,
-    'cert'         => $cert_path,
-  }
-
-  create_resources(site_stunnel::clients, $ednp_clients, $ednp_client_defaults)
-
   include site_check_mk::agent::stunnel
 }
diff --git a/puppet/modules/tapicero/manifests/init.pp b/puppet/modules/tapicero/manifests/init.pp
index af1a96ac..1db75eb0 100644
--- a/puppet/modules/tapicero/manifests/init.pp
+++ b/puppet/modules/tapicero/manifests/init.pp
@@ -12,6 +12,7 @@ class tapicero {
   $couchdb_soledad_user    = $couchdb_users['soledad']['username']
   $couchdb_leap_mx_user    = $couchdb_users['leap_mx']['username']
 
+  $couchdb_mirror          = $couchdb['mode'] == 'mirror'
 
   Class['site_config::default'] -> Class['tapicero']
 
diff --git a/puppet/modules/tapicero/templates/tapicero.yaml.erb b/puppet/modules/tapicero/templates/tapicero.yaml.erb
index 8e19b22f..3a5f821e 100644
--- a/puppet/modules/tapicero/templates/tapicero.yaml.erb
+++ b/puppet/modules/tapicero/templates/tapicero.yaml.erb
@@ -24,6 +24,7 @@ log_level: info
 options:
   # prefix for per user databases:
   db_prefix: "user-"
+  mirror: <%= @couchdb_mirror %>
 
   # security settings to be used for the per user databases
   security:
@@ -40,3 +41,4 @@ options:
         - <%= @couchdb_leap_mx_user %>
       roles: []
 
+