1 files changed, 37 insertions, 4 deletions

diff --git a/puppet/modules/site_couchdb/manifests/stunnel.pp b/puppet/modules/site_couchdb/manifests/stunnel.pp
index 40b8f450..ebd01e4e 100644
--- a/puppet/modules/site_couchdb/manifests/stunnel.pp
+++ b/puppet/modules/site_couchdb/manifests/stunnel.pp
@@ -6,12 +6,18 @@ class site_couchdb::stunnel ($key, $cert, $ca) {
   $couch_server_accept  = $couch_server['accept']
   $couch_server_connect = $couch_server['connect']
 
+  # Erlang Port Mapper Daemon (epmd) stunnel server/clients
   $epmd_server          = $stunnel['epmd_server']
   $epmd_server_accept   = $epmd_server['accept']
   $epmd_server_connect  = $epmd_server['connect']
-
   $epmd_clients         = $stunnel['epmd_clients']
 
+  # Erlang Distributed Node Protocol (ednp) stunnel server/clients
+  $ednp_server          = $stunnel['ednp_server']
+  $ednp_server_accept   = $ednp_server['accept']
+  $ednp_server_connect  = $ednp_server['connect']
+  $ednp_clients         = $stunnel['ednp_clients']
+
   include x509::variables
   $cert_name = 'leap_couchdb'
   $ca_name   = 'leap_ca'
@@ -43,8 +49,8 @@ class site_couchdb::stunnel ($key, $cert, $ca) {
   }
 
 
-  # setup stunnels for bigcouch clustering between each bigcouchdb node
-  # server
+  # setup stunnel server for Erlang Port Mapper Daemon (epmd), necessary for
+  # bigcouch clustering between each bigcouchdb node
   stunnel::service { 'epmd_server':
     accept     => $epmd_server_accept,
     connect    => $epmd_server_connect,
@@ -58,7 +64,8 @@ class site_couchdb::stunnel ($key, $cert, $ca) {
     debuglevel => '4'
   }
 
-  # clients
+  # setup stunnel clients for Erlang Port Mapper Daemon (epmd) to connect
+  # to the above epmd stunnel server.
   $epmd_client_defaults = {
     'client'       => true,
     'cafile'       => $ca_path,
@@ -67,4 +74,30 @@ class site_couchdb::stunnel ($key, $cert, $ca) {
   }
 
   create_resources(site_stunnel::clients, $epmd_clients, $epmd_client_defaults)
+
+  # setup stunnel server for Erlang Distributed Node Protocol (ednp), necessary
+  # for bigcouch clustering between each bigcouchdb node
+  stunnel::service { 'ednp_server':
+    accept     => $ednp_server_accept,
+    connect    => $ednp_server_connect,
+    client     => false,
+    cafile     => $ca_path,
+    key        => $key_path,
+    cert       => $cert_path,
+    verify     => '2',
+    pid        => '/var/run/stunnel4/ednp_server.pid',
+    rndfile    => '/var/lib/stunnel4/.rnd',
+    debuglevel => '4'
+  }
+
+  # setup stunnel clients for Erlang Distributed Node Protocol (ednp) to connect
+  # to the above ednp stunnel server.
+  $ednp_client_defaults = {
+    'client'       => true,
+    'cafile'       => $ca_path,
+    'key'          => $key_path,
+    'cert'         => $cert_path,
+  }
+
+  create_resources(site_stunnel::clients, $ednp_clients, $ednp_client_defaults)
 }