diff options
Diffstat (limited to 'puppet/modules/site_couchdb/manifests')
| -rw-r--r-- | puppet/modules/site_couchdb/manifests/apache_ssl_proxy.pp | 25 | ||||
| -rw-r--r-- | puppet/modules/site_couchdb/manifests/configure.pp | 27 | ||||
| -rw-r--r-- | puppet/modules/site_couchdb/manifests/init.pp | 64 |
3 files changed, 116 insertions, 0 deletions
diff --git a/puppet/modules/site_couchdb/manifests/apache_ssl_proxy.pp b/puppet/modules/site_couchdb/manifests/apache_ssl_proxy.pp new file mode 100644 index 00000000..7739473e --- /dev/null +++ b/puppet/modules/site_couchdb/manifests/apache_ssl_proxy.pp @@ -0,0 +1,25 @@ +define site_couchdb::apache_ssl_proxy ($key, $cert) { + + $apache_no_default_site = true + include apache + apache::module { + 'proxy': ensure => present; + 'proxy_http': ensure => present; + 'rewrite': ensure => present; + 'ssl': ensure => present; + } + apache::vhost::file { 'couchdb_proxy': } + + x509::key { + 'leap_couchdb': + content => $key, + notify => Service[apache]; + } + + x509::cert { + 'leap_couchdb': + content => $cert, + notify => Service[apache]; + } + +} diff --git a/puppet/modules/site_couchdb/manifests/configure.pp b/puppet/modules/site_couchdb/manifests/configure.pp new file mode 100644 index 00000000..333511b5 --- /dev/null +++ b/puppet/modules/site_couchdb/manifests/configure.pp @@ -0,0 +1,27 @@ +class site_couchdb::configure { + + file { '/etc/init.d/couchdb': + source => 'puppet:///modules/site_couchdb/couchdb', + mode => '0755', + owner => 'root', + group => 'root', + } + + file { '/etc/couchdb/local.d/admin.ini': + content => "[admins] +admin = $site_couchdb::couchdb_admin_pw +", + mode => '0600', + owner => 'couchdb', + group => 'couchdb', + notify => Service[couchdb] + } + + + exec { '/etc/init.d/couchdb restart; sleep 6': + path => ['/bin', '/usr/bin',], + subscribe => File['/etc/couchdb/local.d/admin.ini', + '/etc/couchdb/local.ini'], + refreshonly => true + } +} diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp new file mode 100644 index 00000000..9ecde5e6 --- /dev/null +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -0,0 +1,64 @@ +class site_couchdb { + tag 'leap_service' + include couchdb + + $x509 = hiera('x509') + $key = $x509['key'] + $cert = $x509['cert'] + $couchdb_config = hiera('couch') + $couchdb_users = $couchdb_config['users'] + $couchdb_admin = $couchdb_users['admin'] + $couchdb_admin_user = $couchdb_admin['username'] + $couchdb_admin_pw = $couchdb_admin['password'] + $couchdb_webapp = $couchdb_users['webapp'] + $couchdb_webapp_user = $couchdb_webapp['username'] + $couchdb_webapp_pw = $couchdb_webapp['password'] + $couchdb_ca_daemon = $couchdb_users['ca_daemon'] + $couchdb_ca_daemon_user = $couchdb_ca_daemon['username'] + $couchdb_ca_daemon_pw = $couchdb_ca_daemon['password'] + + Package ['couchdb'] + -> File['/etc/init.d/couchdb'] + -> File['/etc/couchdb/local.ini'] + -> File['/etc/couchdb/local.d/admin.ini'] + -> File['/etc/couchdb/couchdb.netrc'] + -> Couchdb::Create_db['users'] + -> Couchdb::Create_db['client_certificates'] + -> Couchdb::Add_user[$couchdb_webapp_user] + -> Couchdb::Add_user[$couchdb_ca_daemon_user] + -> Site_couchdb::Apache_ssl_proxy['apache_ssl_proxy'] + + include site_couchdb::configure + include couchdb::deploy_config + + site_couchdb::apache_ssl_proxy { 'apache_ssl_proxy': + key => $key, + cert => $cert + } + + couchdb::query::setup { 'localhost': + user => $couchdb_admin_user, + pw => $couchdb_admin_pw + } + + # Populate couchdb + couchdb::add_user { $couchdb_webapp_user: + roles => '["certs"]', + pw => $couchdb_webapp_pw + } + + couchdb::add_user { $couchdb_ca_daemon_user: + roles => '["certs"]', + pw => $couchdb_ca_daemon_pw + } + + couchdb::create_db { 'users': + readers => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }" + } + + couchdb::create_db { 'client_certificates': + readers => "{ \"names\": [], \"roles\": [\"certs\"] }" + } + + include site_shorewall::couchdb +} |