summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--puppet/modules/site_couchdb/manifests/add_users.pp17
-rw-r--r--puppet/modules/site_couchdb/manifests/create_dbs.pp31
-rw-r--r--puppet/modules/site_couchdb/manifests/init.pp56
3 files changed, 56 insertions, 48 deletions
diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp
new file mode 100644
index 00000000..e9d3da78
--- /dev/null
+++ b/puppet/modules/site_couchdb/manifests/add_users.pp
@@ -0,0 +1,17 @@
+class site_couchdb::add_users {
+
+ # Populate couchdb
+ couchdb::add_user { $site_couchdb::couchdb_webapp_user:
+ roles => '["auth"]',
+ pw => $site_couchdb::couchdb_webapp_pw,
+ salt => $site_couchdb::couchdb_webapp_salt,
+ require => Couchdb::Query::Setup['localhost']
+ }
+
+ couchdb::add_user { $site_couchdb::couchdb_soledad_user:
+ roles => '["auth"]',
+ pw => $site_couchdb::couchdb_soledad_pw,
+ salt => $site_couchdb::couchdb_soledad_salt,
+ require => Couchdb::Query::Setup['localhost']
+ }
+}
diff --git a/puppet/modules/site_couchdb/manifests/create_dbs.pp b/puppet/modules/site_couchdb/manifests/create_dbs.pp
new file mode 100644
index 00000000..2dca51c1
--- /dev/null
+++ b/puppet/modules/site_couchdb/manifests/create_dbs.pp
@@ -0,0 +1,31 @@
+class site_couchdb::create_dbs {
+
+ couchdb::create_db { 'users':
+ members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }",
+ require => Couchdb::Query::Setup['localhost']
+ }
+
+ couchdb::create_db { 'tokens':
+ members => "{ \"names\": [], \"roles\": [\"auth\"] }",
+ require => Couchdb::Query::Setup['localhost']
+ }
+
+ couchdb::create_db { 'sessions':
+ members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }",
+ require => Couchdb::Query::Setup['localhost']
+ }
+
+ couchdb::create_db { 'tickets':
+ members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }",
+ require => Couchdb::Query::Setup['localhost']
+ }
+
+ # leap_mx will want access to this. Granting access to the soledad user
+ # via the auth group for now.
+ # leap_mx could use that for a start.
+ couchdb::create_db { 'identities':
+ members => "{ \"names\": [], \"roles\": [\"auth\"] }",
+ require => Couchdb::Query::Setup['localhost']
+ }
+
+}
diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index dcf7f48a..0f839997 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -52,69 +52,29 @@ class site_couchdb {
# we symlink this to /root/.netrc for couchdb_scripts (eg. backup)
# and makes life easier for the admin (i.e. using curl/wget without
# passing credentials)
- couchdb::query::setup { 'localhost':
- user => $couchdb_admin_user,
- pw => $couchdb_admin_pw,
- }
-
file { '/root/.netrc':
ensure => link,
target => '/etc/couchdb/couchdb.netrc',
require => Couchdb::Query::Setup['localhost']
}
- # Populate couchdb
- couchdb::add_user { $couchdb_webapp_user:
- roles => '["auth"]',
- pw => $couchdb_webapp_pw,
- salt => $couchdb_webapp_salt,
- require => Couchdb::Query::Setup['localhost']
- }
-
- couchdb::add_user { $couchdb_soledad_user:
- roles => '["auth"]',
- pw => $couchdb_soledad_pw,
- salt => $couchdb_soledad_salt,
- require => Couchdb::Query::Setup['localhost']
- }
-
- couchdb::create_db { 'users':
- members => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }",
- require => Couchdb::Query::Setup['localhost']
- }
-
- couchdb::create_db { 'tokens':
- members => "{ \"names\": [], \"roles\": [\"auth\"] }",
- require => Couchdb::Query::Setup['localhost']
- }
-
- couchdb::create_db { 'sessions':
- members => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }",
- require => Couchdb::Query::Setup['localhost']
- }
-
- couchdb::create_db { 'tickets':
- members => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }",
- require => Couchdb::Query::Setup['localhost']
+ file { '/srv/leap/couchdb':
+ ensure => directory
}
- # leap_mx will want access to this. Granting access to the soledad user
- # via the auth group for now.
- # leap_mx could use that for a start.
- couchdb::create_db { 'identities':
- members => "{ \"names\": [], \"roles\": [\"auth\"] }",
- require => Couchdb::Query::Setup['localhost']
+ couchdb::query::setup { 'localhost':
+ user => $couchdb_admin_user,
+ pw => $couchdb_admin_pw,
}
+ include site_couchdb::create_dbs
+ include site_couchdb::add_users
+ include site_couchdb::designs
include site_couchdb::logrotate
include site_shorewall::couchdb
include site_shorewall::couchdb::bigcouch
- file { '/srv/leap/couchdb':
- ensure => directory
- }
-
vcsrepo { '/srv/leap/couchdb/scripts':
ensure => present,
provider => git,