diff options
| -rw-r--r-- | provider_base/services/webapp.json | 7 | ||||
| l--------- | puppet/modules/site_couchdb/files/designs/tmp_users/User.json | 1 | ||||
| -rw-r--r-- | puppet/modules/site_couchdb/manifests/create_dbs.pp | 7 | ||||
| -rw-r--r-- | puppet/modules/site_webapp/manifests/couchdb.pp | 9 | ||||
| -rw-r--r-- | puppet/modules/site_webapp/manifests/cron.pp | 12 | ||||
| -rw-r--r-- | puppet/modules/site_webapp/manifests/init.pp | 15 | ||||
| -rw-r--r-- | puppet/modules/site_webapp/templates/couchdb.admin.yml.erb | 9 |
7 files changed, 54 insertions, 6 deletions
diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index e80a758a..b0646579 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -4,11 +4,8 @@ "forbidden_usernames": ["admin", "administrator", "arin-admin", "certmaster", "contact", "info", "maildrop", "postmaster", "ssladmin", "www-data"], "domain": "= domain.full_suffix", "modules": ["user", "billing", "help"], - "couchdb_webapp_user": { - "username": "= global.services[:couchdb].couch.users[:webapp].username", - "password": "= secret :couch_webapp_password", - "salt": "= hex_secret :couch_webapp_password_salt, 128" - }, + "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:webapp]", + "couchdb_admin_user": "= global.services[:couchdb].couch.users[:admin]", "customization_dir": "= file_path 'webapp'", "client_certificates": "= provider.ca.client_certificates", "allow_limited_certs": "= provider.service.allow_limited_bandwidth", diff --git a/puppet/modules/site_couchdb/files/designs/tmp_users/User.json b/puppet/modules/site_couchdb/files/designs/tmp_users/User.json new file mode 120000 index 00000000..ed3d0af9 --- /dev/null +++ b/puppet/modules/site_couchdb/files/designs/tmp_users/User.json @@ -0,0 +1 @@ +../users/User.json
\ No newline at end of file diff --git a/puppet/modules/site_couchdb/manifests/create_dbs.pp b/puppet/modules/site_couchdb/manifests/create_dbs.pp index 40148b8e..f9a08807 100644 --- a/puppet/modules/site_couchdb/manifests/create_dbs.pp +++ b/puppet/modules/site_couchdb/manifests/create_dbs.pp @@ -64,6 +64,13 @@ class site_couchdb::create_dbs { require => Couchdb::Query::Setup['localhost'] } + ## tmp_users database + ## r/w: webapp + couchdb::create_db { 'tmp_users': + members => "{ \"names\": [], \"roles\": [\"replication\", \"users\"] }", + require => Couchdb::Query::Setup['localhost'] + } + ## messages db ## store messages to the clients such as payment reminders ## r/w: webapp diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 3ae4d266..1dbc745d 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -6,6 +6,8 @@ class site_webapp::couchdb { $couchdb_port = '4096' $couchdb_webapp_user = $webapp['couchdb_webapp_user']['username'] $couchdb_webapp_password = $webapp['couchdb_webapp_user']['password'] + $couchdb_admin_user = $webapp['couchdb_admin_user']['username'] + $couchdb_admin_password = $webapp['couchdb_admin_user']['password'] include x509::variables @@ -17,6 +19,13 @@ class site_webapp::couchdb { mode => '0600', require => Vcsrepo['/srv/leap/webapp']; + '/srv/leap/webapp/config/couchdb.admin.yml': + content => template('site_webapp/couchdb.admin.yml.erb'), + owner => leap-webapp, + group => leap-webapp, + mode => '0600', + require => Vcsrepo['/srv/leap/webapp']; + '/srv/leap/webapp/log': ensure => directory, owner => leap-webapp, diff --git a/puppet/modules/site_webapp/manifests/cron.pp b/puppet/modules/site_webapp/manifests/cron.pp index 811ad11d..bdf0fb74 100644 --- a/puppet/modules/site_webapp/manifests/cron.pp +++ b/puppet/modules/site_webapp/manifests/cron.pp @@ -2,6 +2,18 @@ class site_webapp::cron { # cron tasks that need to be performed to cleanup the database cron { + 'rotate_databases': + command => 'cd /srv/leap/webapp && bundle exec rake db:rotate', + environment => 'RAILS_ENV=production', + hour => [0,6,12,18], + minute => 0; + + 'delete_tmp_databases': + command => 'cd /srv/leap/webapp && bundle exec rake db:deletetmp', + environment => 'RAILS_ENV=production', + hour => 1, + minute => 1; + 'remove_expired_sessions': command => 'cd /srv/leap/webapp && bundle exec rake cleanup:sessions', environment => 'RAILS_ENV=production', diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index ea64048b..5071d9bc 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -50,7 +50,7 @@ class site_webapp { owner => 'leap-webapp', group => 'leap-webapp', require => [ User['leap-webapp'], Group['leap-webapp'] ], - notify => Exec['bundler_update'] + notify => [ Exec['bundler_update'], Exec['rotate_dbs'] ] } exec { 'bundler_update': @@ -67,6 +67,19 @@ class site_webapp { notify => Service['apache']; } + # this only needs to be called before the first time the web app is run. + # after that, the cron job will take care of running db:rotate regularly. + exec { 'rotate_dbs': + cwd => '/srv/leap/webapp', + command => '/bin/bash -c "RAILS_ENV=production /usr/bin/bundle exec rake db:rotate"', + user => 'leap-webapp', + timeout => 600, + refreshonly => true, + require => [ + Vcsrepo['/srv/leap/webapp'], + Class['site_config::ruby::dev']]; + } + # # NOTE: in order to support a webapp that is running on a subpath and not the # root of the domain assets:precompile needs to be run with diff --git a/puppet/modules/site_webapp/templates/couchdb.admin.yml.erb b/puppet/modules/site_webapp/templates/couchdb.admin.yml.erb new file mode 100644 index 00000000..a0921add --- /dev/null +++ b/puppet/modules/site_webapp/templates/couchdb.admin.yml.erb @@ -0,0 +1,9 @@ +production: + prefix: "" + protocol: 'http' + host: <%= @couchdb_host %> + port: <%= @couchdb_port %> + auto_update_design_doc: false + username: <%= @couchdb_admin_user %> + password: <%= @couchdb_admin_password %> + |