diff options
-rw-r--r-- | puppet/modules/site_couchdb/manifests/add_users.pp | 17 | ||||
-rw-r--r-- | puppet/modules/site_couchdb/manifests/create_dbs.pp | 31 | ||||
-rw-r--r-- | puppet/modules/site_couchdb/manifests/init.pp | 56 |
3 files changed, 56 insertions, 48 deletions
diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp new file mode 100644 index 00000000..e9d3da78 --- /dev/null +++ b/puppet/modules/site_couchdb/manifests/add_users.pp @@ -0,0 +1,17 @@ +class site_couchdb::add_users { + + # Populate couchdb + couchdb::add_user { $site_couchdb::couchdb_webapp_user: + roles => '["auth"]', + pw => $site_couchdb::couchdb_webapp_pw, + salt => $site_couchdb::couchdb_webapp_salt, + require => Couchdb::Query::Setup['localhost'] + } + + couchdb::add_user { $site_couchdb::couchdb_soledad_user: + roles => '["auth"]', + pw => $site_couchdb::couchdb_soledad_pw, + salt => $site_couchdb::couchdb_soledad_salt, + require => Couchdb::Query::Setup['localhost'] + } +} diff --git a/puppet/modules/site_couchdb/manifests/create_dbs.pp b/puppet/modules/site_couchdb/manifests/create_dbs.pp new file mode 100644 index 00000000..2dca51c1 --- /dev/null +++ b/puppet/modules/site_couchdb/manifests/create_dbs.pp @@ -0,0 +1,31 @@ +class site_couchdb::create_dbs { + + couchdb::create_db { 'users': + members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }", + require => Couchdb::Query::Setup['localhost'] + } + + couchdb::create_db { 'tokens': + members => "{ \"names\": [], \"roles\": [\"auth\"] }", + require => Couchdb::Query::Setup['localhost'] + } + + couchdb::create_db { 'sessions': + members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }", + require => Couchdb::Query::Setup['localhost'] + } + + couchdb::create_db { 'tickets': + members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }", + require => Couchdb::Query::Setup['localhost'] + } + + # leap_mx will want access to this. Granting access to the soledad user + # via the auth group for now. + # leap_mx could use that for a start. + couchdb::create_db { 'identities': + members => "{ \"names\": [], \"roles\": [\"auth\"] }", + require => Couchdb::Query::Setup['localhost'] + } + +} diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index dcf7f48a..0f839997 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -52,69 +52,29 @@ class site_couchdb { # we symlink this to /root/.netrc for couchdb_scripts (eg. backup) # and makes life easier for the admin (i.e. using curl/wget without # passing credentials) - couchdb::query::setup { 'localhost': - user => $couchdb_admin_user, - pw => $couchdb_admin_pw, - } - file { '/root/.netrc': ensure => link, target => '/etc/couchdb/couchdb.netrc', require => Couchdb::Query::Setup['localhost'] } - # Populate couchdb - couchdb::add_user { $couchdb_webapp_user: - roles => '["auth"]', - pw => $couchdb_webapp_pw, - salt => $couchdb_webapp_salt, - require => Couchdb::Query::Setup['localhost'] - } - - couchdb::add_user { $couchdb_soledad_user: - roles => '["auth"]', - pw => $couchdb_soledad_pw, - salt => $couchdb_soledad_salt, - require => Couchdb::Query::Setup['localhost'] - } - - couchdb::create_db { 'users': - members => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }", - require => Couchdb::Query::Setup['localhost'] - } - - couchdb::create_db { 'tokens': - members => "{ \"names\": [], \"roles\": [\"auth\"] }", - require => Couchdb::Query::Setup['localhost'] - } - - couchdb::create_db { 'sessions': - members => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }", - require => Couchdb::Query::Setup['localhost'] - } - - couchdb::create_db { 'tickets': - members => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }", - require => Couchdb::Query::Setup['localhost'] + file { '/srv/leap/couchdb': + ensure => directory } - # leap_mx will want access to this. Granting access to the soledad user - # via the auth group for now. - # leap_mx could use that for a start. - couchdb::create_db { 'identities': - members => "{ \"names\": [], \"roles\": [\"auth\"] }", - require => Couchdb::Query::Setup['localhost'] + couchdb::query::setup { 'localhost': + user => $couchdb_admin_user, + pw => $couchdb_admin_pw, } + include site_couchdb::create_dbs + include site_couchdb::add_users + include site_couchdb::designs include site_couchdb::logrotate include site_shorewall::couchdb include site_shorewall::couchdb::bigcouch - file { '/srv/leap/couchdb': - ensure => directory - } - vcsrepo { '/srv/leap/couchdb/scripts': ensure => present, provider => git, |