summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--provider_base/services/couchdb.json3
m---------puppet/modules/couchdb0
-rw-r--r--puppet/modules/site_couchdb/manifests/init.pp7
-rw-r--r--puppet/modules/site_couchdb/manifests/stunnel.pp41
-rw-r--r--puppet/modules/site_shorewall/manifests/couchdb.pp5
-rw-r--r--puppet/modules/site_shorewall/manifests/couchdb/bigcouch.pp21
6 files changed, 64 insertions, 13 deletions
diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json
index 3ef4c213..22578a70 100644
--- a/provider_base/services/couchdb.json
+++ b/provider_base/services/couchdb.json
@@ -7,11 +7,14 @@
"couch_server": "= stunnel_server(couch.port)",
"epmd_server": "= stunnel_server(couch.bigcouch.epmd_port)",
"epmd_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.bigcouch.epmd_port)",
+ "ednp_server": "= stunnel_server(couch.bigcouch.ednp_port)",
+ "ednp_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.bigcouch.ednp_port)"
},
"couch": {
"port": 5984,
"bigcouch": {
"epmd_port": 4369,
+ "ednp_port": 9002,
"cookie": "= secret :bigcouch_cookie"
},
"users": {
diff --git a/puppet/modules/couchdb b/puppet/modules/couchdb
-Subproject 66d918ddb6454fd4a30baed9b49baad98e27424
+Subproject b49a787a2961129a969cfecd1eec1df588aaaca
diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index 0fc951c2..9ffa4122 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -21,10 +21,13 @@ class site_couchdb ( $bigcouch = false ) {
$bigcouch_config = $couchdb_config['bigcouch']
$bigcouch_cookie = $bigcouch_config['cookie']
- class {'couchdb':
+ $ednp_port = $bigcouch_config['ednp_port']
+
+ class { 'couchdb':
bigcouch => $bigcouch,
admin_pw => $couchdb_admin_pw,
- bigcouch_cookie => $bigcouch_cookie
+ bigcouch_cookie => $bigcouch_cookie,
+ ednp_port => $ednp_port
}
include couchdb::bigcouch::package::cloudant
diff --git a/puppet/modules/site_couchdb/manifests/stunnel.pp b/puppet/modules/site_couchdb/manifests/stunnel.pp
index 40b8f450..ebd01e4e 100644
--- a/puppet/modules/site_couchdb/manifests/stunnel.pp
+++ b/puppet/modules/site_couchdb/manifests/stunnel.pp
@@ -6,12 +6,18 @@ class site_couchdb::stunnel ($key, $cert, $ca) {
$couch_server_accept = $couch_server['accept']
$couch_server_connect = $couch_server['connect']
+ # Erlang Port Mapper Daemon (epmd) stunnel server/clients
$epmd_server = $stunnel['epmd_server']
$epmd_server_accept = $epmd_server['accept']
$epmd_server_connect = $epmd_server['connect']
-
$epmd_clients = $stunnel['epmd_clients']
+ # Erlang Distributed Node Protocol (ednp) stunnel server/clients
+ $ednp_server = $stunnel['ednp_server']
+ $ednp_server_accept = $ednp_server['accept']
+ $ednp_server_connect = $ednp_server['connect']
+ $ednp_clients = $stunnel['ednp_clients']
+
include x509::variables
$cert_name = 'leap_couchdb'
$ca_name = 'leap_ca'
@@ -43,8 +49,8 @@ class site_couchdb::stunnel ($key, $cert, $ca) {
}
- # setup stunnels for bigcouch clustering between each bigcouchdb node
- # server
+ # setup stunnel server for Erlang Port Mapper Daemon (epmd), necessary for
+ # bigcouch clustering between each bigcouchdb node
stunnel::service { 'epmd_server':
accept => $epmd_server_accept,
connect => $epmd_server_connect,
@@ -58,7 +64,8 @@ class site_couchdb::stunnel ($key, $cert, $ca) {
debuglevel => '4'
}
- # clients
+ # setup stunnel clients for Erlang Port Mapper Daemon (epmd) to connect
+ # to the above epmd stunnel server.
$epmd_client_defaults = {
'client' => true,
'cafile' => $ca_path,
@@ -67,4 +74,30 @@ class site_couchdb::stunnel ($key, $cert, $ca) {
}
create_resources(site_stunnel::clients, $epmd_clients, $epmd_client_defaults)
+
+ # setup stunnel server for Erlang Distributed Node Protocol (ednp), necessary
+ # for bigcouch clustering between each bigcouchdb node
+ stunnel::service { 'ednp_server':
+ accept => $ednp_server_accept,
+ connect => $ednp_server_connect,
+ client => false,
+ cafile => $ca_path,
+ key => $key_path,
+ cert => $cert_path,
+ verify => '2',
+ pid => '/var/run/stunnel4/ednp_server.pid',
+ rndfile => '/var/lib/stunnel4/.rnd',
+ debuglevel => '4'
+ }
+
+ # setup stunnel clients for Erlang Distributed Node Protocol (ednp) to connect
+ # to the above ednp stunnel server.
+ $ednp_client_defaults = {
+ 'client' => true,
+ 'cafile' => $ca_path,
+ 'key' => $key_path,
+ 'cert' => $cert_path,
+ }
+
+ create_resources(site_stunnel::clients, $ednp_clients, $ednp_client_defaults)
}
diff --git a/puppet/modules/site_shorewall/manifests/couchdb.pp b/puppet/modules/site_shorewall/manifests/couchdb.pp
index 1ef91bb0..73bed62b 100644
--- a/puppet/modules/site_shorewall/manifests/couchdb.pp
+++ b/puppet/modules/site_shorewall/manifests/couchdb.pp
@@ -6,12 +6,9 @@ class site_shorewall::couchdb {
$couch_server = $stunnel['couch_server']
$couch_stunnel_port = $couch_server['accept']
- # see http://stackoverflow.com/questions/8459949/bigcouch-cluster-connection-issue#comment10467603_8463814
- $erlang_vm_port = '9001'
-
# define macro for incoming services
file { '/etc/shorewall/macro.leap_couchdb':
- content => "PARAM - - tcp ${couch_stunnel_port},${erlang_vm_port}",
+ content => "PARAM - - tcp ${couch_stunnel_port}",
notify => Service['shorewall'],
require => Package['shorewall']
}
diff --git a/puppet/modules/site_shorewall/manifests/couchdb/bigcouch.pp b/puppet/modules/site_shorewall/manifests/couchdb/bigcouch.pp
index a8320df8..20740650 100644
--- a/puppet/modules/site_shorewall/manifests/couchdb/bigcouch.pp
+++ b/puppet/modules/site_shorewall/manifests/couchdb/bigcouch.pp
@@ -3,15 +3,22 @@ class site_shorewall::couchdb::bigcouch {
include site_shorewall::defaults
$stunnel = hiera('stunnel')
- $epmd_clients = $stunnel['epmd_clients']
+ # Erlang Port Mapper Daemon (epmd) stunnel server/clients
+ $epmd_clients = $stunnel['epmd_clients']
$epmd_server = $stunnel['epmd_server']
$epmd_server_port = $epmd_server['accept']
$epmd_server_connect = $epmd_server['connect']
+ # Erlang Distributed Node Protocol (ednp) stunnel server/clients
+ $ednp_clients = $stunnel['ednp_clients']
+ $ednp_server = $stunnel['ednp_server']
+ $ednp_server_port = $ednp_server['accept']
+ $ednp_server_connect = $ednp_server['connect']
+
# define macro for incoming services
file { '/etc/shorewall/macro.leap_bigcouch':
- content => "PARAM - - tcp ${epmd_server_port}",
+ content => "PARAM - - tcp ${epmd_server_port},${ednp_server_port}",
notify => Service['shorewall'],
require => Package['shorewall']
}
@@ -24,13 +31,21 @@ class site_shorewall::couchdb::bigcouch {
order => 300;
}
+ # setup DNAT rules for each epmd
$epmd_shorewall_dnat_defaults = {
'source' => '$FW',
'proto' => 'tcp',
'destinationport' => regsubst($epmd_server_connect, '^([0-9.]+:)([0-9]+)$', '\2')
}
-
create_resources(site_shorewall::couchdb::dnat, $epmd_clients, $epmd_shorewall_dnat_defaults)
+ # setup DNAT rules for each ednp
+ $ednp_shorewall_dnat_defaults = {
+ 'source' => '$FW',
+ 'proto' => 'tcp',
+ 'destinationport' => regsubst($ednp_server_connect, '^([0-9.]+:)([0-9]+)$', '\2')
+ }
+ create_resources(site_shorewall::couchdb::dnat, $ednp_clients, $ednp_shorewall_dnat_defaults)
+
}