diff options
Diffstat (limited to 'puppet/modules/site_couchdb/manifests/stunnel.pp')
-rw-r--r-- | puppet/modules/site_couchdb/manifests/stunnel.pp | 41 |
1 files changed, 37 insertions, 4 deletions
diff --git a/puppet/modules/site_couchdb/manifests/stunnel.pp b/puppet/modules/site_couchdb/manifests/stunnel.pp index 40b8f450..ebd01e4e 100644 --- a/puppet/modules/site_couchdb/manifests/stunnel.pp +++ b/puppet/modules/site_couchdb/manifests/stunnel.pp @@ -6,12 +6,18 @@ class site_couchdb::stunnel ($key, $cert, $ca) { $couch_server_accept = $couch_server['accept'] $couch_server_connect = $couch_server['connect'] + # Erlang Port Mapper Daemon (epmd) stunnel server/clients $epmd_server = $stunnel['epmd_server'] $epmd_server_accept = $epmd_server['accept'] $epmd_server_connect = $epmd_server['connect'] - $epmd_clients = $stunnel['epmd_clients'] + # Erlang Distributed Node Protocol (ednp) stunnel server/clients + $ednp_server = $stunnel['ednp_server'] + $ednp_server_accept = $ednp_server['accept'] + $ednp_server_connect = $ednp_server['connect'] + $ednp_clients = $stunnel['ednp_clients'] + include x509::variables $cert_name = 'leap_couchdb' $ca_name = 'leap_ca' @@ -43,8 +49,8 @@ class site_couchdb::stunnel ($key, $cert, $ca) { } - # setup stunnels for bigcouch clustering between each bigcouchdb node - # server + # setup stunnel server for Erlang Port Mapper Daemon (epmd), necessary for + # bigcouch clustering between each bigcouchdb node stunnel::service { 'epmd_server': accept => $epmd_server_accept, connect => $epmd_server_connect, @@ -58,7 +64,8 @@ class site_couchdb::stunnel ($key, $cert, $ca) { debuglevel => '4' } - # clients + # setup stunnel clients for Erlang Port Mapper Daemon (epmd) to connect + # to the above epmd stunnel server. $epmd_client_defaults = { 'client' => true, 'cafile' => $ca_path, @@ -67,4 +74,30 @@ class site_couchdb::stunnel ($key, $cert, $ca) { } create_resources(site_stunnel::clients, $epmd_clients, $epmd_client_defaults) + + # setup stunnel server for Erlang Distributed Node Protocol (ednp), necessary + # for bigcouch clustering between each bigcouchdb node + stunnel::service { 'ednp_server': + accept => $ednp_server_accept, + connect => $ednp_server_connect, + client => false, + cafile => $ca_path, + key => $key_path, + cert => $cert_path, + verify => '2', + pid => '/var/run/stunnel4/ednp_server.pid', + rndfile => '/var/lib/stunnel4/.rnd', + debuglevel => '4' + } + + # setup stunnel clients for Erlang Distributed Node Protocol (ednp) to connect + # to the above ednp stunnel server. + $ednp_client_defaults = { + 'client' => true, + 'cafile' => $ca_path, + 'key' => $key_path, + 'cert' => $cert_path, + } + + create_resources(site_stunnel::clients, $ednp_clients, $ednp_client_defaults) } |