summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--provider_base/services/soledad.json3
-rw-r--r--puppet/modules/soledad/manifests/server.pp7
-rw-r--r--puppet/modules/soledad/templates/soledad-server.conf.erb8
3 files changed, 15 insertions, 3 deletions
diff --git a/provider_base/services/soledad.json b/provider_base/services/soledad.json
index 76f7155f..99390d17 100644
--- a/provider_base/services/soledad.json
+++ b/provider_base/services/soledad.json
@@ -6,6 +6,9 @@
"username": "= global.services[:couchdb].couch.users[:soledad].username",
"password": "= secret :couch_soledad_password",
"salt": "= hex_secret :couch_soledad_password_salt, 128"
+ },
+ "couchdb_leap_mx_user": {
+ "username": "= global.services[:couchdb].couch.users[:leap_mx].username"
}
},
"service_type": "public_service",
diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp
index e437c8f2..1113bd86 100644
--- a/puppet/modules/soledad/manifests/server.pp
+++ b/puppet/modules/soledad/manifests/server.pp
@@ -4,9 +4,10 @@ class soledad::server {
include soledad
include site_apt::preferences::twisted
- $soledad = hiera('soledad')
- $couchdb_user = $soledad['couchdb_soledad_user']['username']
- $couchdb_password = $soledad['couchdb_soledad_user']['password']
+ $soledad = hiera('soledad')
+ $couchdb_user = $soledad['couchdb_soledad_user']['username']
+ $couchdb_password = $soledad['couchdb_soledad_user']['password']
+ $couchdb_leap_mx_user = $soledad['couchdb_leap_mx_user']['username']
$couchdb_host = 'localhost'
$couchdb_port = '5984'
diff --git a/puppet/modules/soledad/templates/soledad-server.conf.erb b/puppet/modules/soledad/templates/soledad-server.conf.erb
index 42cf44d8..1c6a0d19 100644
--- a/puppet/modules/soledad/templates/soledad-server.conf.erb
+++ b/puppet/modules/soledad/templates/soledad-server.conf.erb
@@ -2,3 +2,11 @@
couch_url = http://<%= @couchdb_user %>:<%= @couchdb_password %>@<%= @couchdb_host %>:<%= @couchdb_port %>
create_cmd = sudo -u soledad-admin /usr/bin/create-user-db
admin_netrc = /etc/couchdb/couchdb-soledad-admin.netrc
+
+[database-security]
+members = <%= @couchdb_user %>, <%= @couchdb_leap_mx_user %>
+# not needed, but for documentation:
+# members_roles = replication
+# admins = admin
+# admins_roles = replication
+