diff options
Diffstat (limited to 'puppet/modules/site_couchdb/manifests')
| -rw-r--r-- | puppet/modules/site_couchdb/manifests/apache_ssl_proxy.pp | 35 | ||||
| -rw-r--r-- | puppet/modules/site_couchdb/manifests/configure.pp | 32 | ||||
| -rw-r--r-- | puppet/modules/site_couchdb/manifests/init.pp | 63 | ||||
| -rw-r--r-- | puppet/modules/site_couchdb/manifests/package.pp | 13 |
4 files changed, 143 insertions, 0 deletions
diff --git a/puppet/modules/site_couchdb/manifests/apache_ssl_proxy.pp b/puppet/modules/site_couchdb/manifests/apache_ssl_proxy.pp new file mode 100644 index 00000000..87b21e62 --- /dev/null +++ b/puppet/modules/site_couchdb/manifests/apache_ssl_proxy.pp @@ -0,0 +1,35 @@ +define site_couchdb::apache_ssl_proxy ($key, $cert) { + + include apache::ssl + apache::module { + 'rewrite': ensure => present; + 'proxy': ensure => present; + 'proxy_http': ensure => present; + } + apache::vhost::file { 'couchdb_proxy': } + # prevent 0-default.conf and 0-default_ssl.conf from apache module + # from starting on port 80 / 443 + file { '/etc/apache2/ports.conf': + content => '', + mode => '0644', + owner => 'root', + group => 'root', + } + + file { '/etc/couchdb/server_cert.pem': + mode => '0644', + owner => 'couchdb', + group => 'couchdb', + content => $cert, + notify => Service[apache], + } + + file { '/etc/couchdb/server_key.pem': + mode => '0600', + owner => 'couchdb', + group => 'couchdb', + content => $key, + notify => Service[apache], + } + +} diff --git a/puppet/modules/site_couchdb/manifests/configure.pp b/puppet/modules/site_couchdb/manifests/configure.pp new file mode 100644 index 00000000..25ea7a0b --- /dev/null +++ b/puppet/modules/site_couchdb/manifests/configure.pp @@ -0,0 +1,32 @@ +class site_couchdb::configure { + Class[site_couchdb::package] -> Class[couchdb] + + class { 'couchdb': + require => Class['site_couchdb::package'], } + + + file { '/etc/init.d/couchdb': + source => 'puppet:///modules/site_couchdb/couchdb', + mode => '0755', + owner => 'root', + group => 'root', + } + + file { '/etc/couchdb/local.d/admin.ini': + content => "[admins] +admin = $site_couchdb::couchdb_admin_pw +", + mode => '0600', + owner => 'couchdb', + group => 'couchdb', + notify => Service[couchdb] + } + + + exec { '/etc/init.d/couchdb restart; sleep 6': + path => ['/bin', '/usr/bin',], + subscribe => File['/etc/couchdb/local.d/admin.ini', + '/etc/couchdb/local.ini'], + refreshonly => true + } +} diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp new file mode 100644 index 00000000..30ce7f54 --- /dev/null +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -0,0 +1,63 @@ +class site_couchdb { + + $x509 = hiera('x509') + $key = $x509['key'] + $cert = $x509['cert'] + $couchdb_config = hiera('couch') + $couchdb_users = $couchdb_config['users'] + $couchdb_admin = $couchdb_users['admin'] + $couchdb_admin_user = $couchdb_admin['username'] + $couchdb_admin_pw = $couchdb_admin['password'] + $couchdb_webapp = $couchdb_users['webapp'] + $couchdb_webapp_user = $couchdb_webapp['username'] + $couchdb_webapp_pw = $couchdb_webapp['password'] + $couchdb_ca_daemon = $couchdb_users['ca_daemon'] + $couchdb_ca_daemon_user = $couchdb_ca_daemon['username'] + $couchdb_ca_daemon_pw = $couchdb_ca_daemon['password'] + + Class['site_couchdb::package'] + -> Package ['couchdb'] + -> File['/etc/init.d/couchdb'] + -> File['/etc/couchdb/local.ini'] + -> File['/etc/couchdb/local.d/admin.ini'] + -> File['/etc/couchdb/couchdb.netrc'] + -> Couchdb::Create_db[leap_web] + -> Couchdb::Create_db[leap_ca] + -> Couchdb::Add_user[$couchdb_webapp_user] + -> Couchdb::Add_user[$couchdb_ca_daemon_user] + -> Site_couchdb::Apache_ssl_proxy['apache_ssl_proxy'] + + # Setup couchdb + include site_couchdb::package + include site_couchdb::configure + include couchdb::deploy_config + + site_couchdb::apache_ssl_proxy { 'apache_ssl_proxy': + key => $key, + cert => $cert + } + + couchdb::query::setup { 'localhost': + user => $couchdb_admin_user, + pw => $couchdb_admin_pw + } + + # Populate couchdb + couchdb::add_user { $couchdb_webapp_user: + roles => '["certs"]', + pw => $couchdb_webapp_pw + } + + couchdb::add_user { $couchdb_ca_daemon_user: + roles => '["certs"]', + pw => $couchdb_ca_daemon_pw + } + + couchdb::create_db { 'leap_web': + readers => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }" + } + + couchdb::create_db { 'leap_ca': + readers => "{ \"names\": [], \"roles\": [\"certs\"] }" + } +} diff --git a/puppet/modules/site_couchdb/manifests/package.pp b/puppet/modules/site_couchdb/manifests/package.pp new file mode 100644 index 00000000..c091316a --- /dev/null +++ b/puppet/modules/site_couchdb/manifests/package.pp @@ -0,0 +1,13 @@ +class site_couchdb::package { + + # for now, we need to install couchdb from unstable, + # because of this bug while installing: + # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681549 + # can be removed when couchdb/1.2.0-2 is integrated into testing + apt::sources_list { 'unstable.list': + source => [ 'puppet:///modules/site_apt/unstable.list'], + } + apt::preferences_snippet{ + 'couchdb': release => 'unstable', priority => 999; + } +} |