diff options
Diffstat (limited to 'puppet/modules/site_couchdb')
-rw-r--r-- | puppet/modules/site_couchdb/manifests/init.pp | 14 | ||||
-rw-r--r-- | puppet/modules/site_couchdb/manifests/stunnel.pp | 40 |
2 files changed, 24 insertions, 30 deletions
diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 43abd616..f4f93828 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -1,11 +1,6 @@ class site_couchdb { tag 'leap_service' - $x509 = hiera('x509') - $key = $x509['key'] - $cert = $x509['cert'] - $ca = $x509['ca_cert'] - $couchdb_config = hiera('couch') $couchdb_users = $couchdb_config['users'] $couchdb_admin = $couchdb_users['admin'] @@ -36,7 +31,8 @@ class site_couchdb { class { 'couchdb::bigcouch::package::cloudant': } - Class ['couchdb::bigcouch::package::cloudant'] + Class['site_config::default'] + -> Class ['couchdb::bigcouch::package::cloudant'] -> Service ['couchdb'] -> Class ['site_couchdb::bigcouch::add_nodes'] -> Couchdb::Create_db['users'] @@ -44,11 +40,7 @@ class site_couchdb { -> Couchdb::Add_user[$couchdb_webapp_user] -> Couchdb::Add_user[$couchdb_soledad_user] - class { 'site_couchdb::stunnel': - key => $key, - cert => $cert, - ca => $ca - } + class { 'site_couchdb::stunnel': } class { 'site_couchdb::bigcouch::add_nodes': } diff --git a/puppet/modules/site_couchdb/manifests/stunnel.pp b/puppet/modules/site_couchdb/manifests/stunnel.pp index d982013e..7ba303fe 100644 --- a/puppet/modules/site_couchdb/manifests/stunnel.pp +++ b/puppet/modules/site_couchdb/manifests/stunnel.pp @@ -1,4 +1,4 @@ -class site_couchdb::stunnel ($key, $cert, $ca) { +class site_couchdb::stunnel { $stunnel = hiera('stunnel') @@ -18,22 +18,15 @@ class site_couchdb::stunnel ($key, $cert, $ca) { $ednp_server_connect = $ednp_server['connect'] $ednp_clients = $stunnel['ednp_clients'] + + + include site_config::x509::cert_key + include site_config::x509::ca + include x509::variables - $cert_name = 'leap_couchdb' - $ca_name = 'leap_ca' - $ca_path = "${x509::variables::local_CAs}/${ca_name}.crt" - $cert_path = "${x509::variables::certs}/${cert_name}.crt" - $key_path = "${x509::variables::keys}/${cert_name}.key" - - # basic setup: ensure cert, key, ca files are in place, and some generic - # stunnel things are done - class { 'site_stunnel::setup': - cert_name => $cert_name, - key => $key, - cert => $cert, - ca_name => $ca_name, - ca => $ca - } + $ca_path = "${x509::variables::local_CAs}/${site_config::params::ca_name}.crt" + $cert_path = "${x509::variables::certs}/${site_config::params::cert_name}.crt" + $key_path = "${x509::variables::keys}/${site_config::params::cert_name}.key" # setup a stunnel server for the webapp to connect to couchdb stunnel::service { 'couch_server': @@ -46,7 +39,10 @@ class site_couchdb::stunnel ($key, $cert, $ca) { verify => '2', pid => '/var/run/stunnel4/couchserver.pid', rndfile => '/var/lib/stunnel4/.rnd', - debuglevel => '4' + debuglevel => '4', + require => [ + Class['Site_config::X509::Cert_key'], + Class['Site_config::X509::Ca'] ]; } @@ -62,7 +58,10 @@ class site_couchdb::stunnel ($key, $cert, $ca) { verify => '2', pid => '/var/run/stunnel4/epmd_server.pid', rndfile => '/var/lib/stunnel4/.rnd', - debuglevel => '4' + debuglevel => '4', + require => [ + Class['Site_config::X509::Cert_key'], + Class['Site_config::X509::Ca'] ]; } # setup stunnel clients for Erlang Port Mapper Daemon (epmd) to connect @@ -88,7 +87,10 @@ class site_couchdb::stunnel ($key, $cert, $ca) { verify => '2', pid => '/var/run/stunnel4/ednp_server.pid', rndfile => '/var/lib/stunnel4/.rnd', - debuglevel => '4' + debuglevel => '4', + require => [ + Class['Site_config::X509::Cert_key'], + Class['Site_config::X509::Ca'] ]; } # setup stunnel clients for Erlang Distributed Node Protocol (ednp) to connect |