9 files changed, 243 insertions, 224 deletions

diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp
index f9ea7349..2f734ed4 100644
--- a/puppet/modules/site_couchdb/manifests/add_users.pp
+++ b/puppet/modules/site_couchdb/manifests/add_users.pp
@@ -1,5 +1,8 @@
 class site_couchdb::add_users {
 
+  Class['site_couchdb::create_dbs']
+    -> Class['site_couchdb::add_users']
+
   # Couchdb users
 
   ## leap_mx couchdb user
@@ -51,4 +54,13 @@ class site_couchdb::add_users {
     require => Couchdb::Query::Setup['localhost']
   }
 
+  ## replication couchdb user
+  ## read/write: all databases for replication
+  couchdb::add_user { $site_couchdb::couchdb_replication_user:
+    roles   => '["replication"]',
+    pw      => $site_couchdb::couchdb_replication_pw,
+    salt    => $site_couchdb::couchdb_replication_salt,
+    require => Couchdb::Query::Setup['localhost']
+  }
+
 }
diff --git a/puppet/modules/site_couchdb/manifests/bigcouch.pp b/puppet/modules/site_couchdb/manifests/bigcouch.pp
new file mode 100644
index 00000000..f0aab734
--- /dev/null
+++ b/puppet/modules/site_couchdb/manifests/bigcouch.pp
@@ -0,0 +1,34 @@
+class site_couchdb::bigcouch {
+
+  $config         = $couchdb_config['bigcouch']
+  $cookie         = $config['cookie']
+  $ednp_port      = $config['ednp_port']
+
+  class { 'couchdb':
+    admin_pw            => $couchdb_admin_pw,
+    admin_salt          => $couchdb_admin_salt,
+    bigcouch            => true,
+    bigcouch_cookie     => $cookie,
+    ednp_port           => $ednp_port,
+    chttpd_bind_address => '127.0.0.1'
+  }
+
+  #
+  # stunnel must running correctly before bigcouch dbs can be set up.
+  #
+  Class['site_config::default']
+    -> Class['couchdb::bigcouch::package::cloudant']
+    -> Service['shorewall']
+    -> Service['stunnel']
+    -> Class['site_couchdb::setup']
+    -> Class['site_couchdb::bigcouch::add_nodes']
+    -> Class['site_couchdb::bigcouch::settle_cluster']
+
+  include site_couchdb::bigcouch::add_nodes
+  include site_couchdb::bigcouch::settle_cluster
+  include site_couchdb::bigcouch::compaction
+
+  file { '/var/log/bigcouch':
+    ensure => directory
+  }
+}
diff --git a/puppet/modules/site_couchdb/manifests/bigcouch/add_nodes.pp b/puppet/modules/site_couchdb/manifests/bigcouch/add_nodes.pp
index 97e85785..c8c43275 100644
--- a/puppet/modules/site_couchdb/manifests/bigcouch/add_nodes.pp
+++ b/puppet/modules/site_couchdb/manifests/bigcouch/add_nodes.pp
@@ -1,6 +1,6 @@
 class site_couchdb::bigcouch::add_nodes {
   # loop through neighbors array and add nodes
-  $nodes = $::site_couchdb::bigcouch_config['neighbors']
+  $nodes = $::site_couchdb::bigcouch::config['neighbors']
 
   couchdb::bigcouch::add_node { $nodes:
     require => Couchdb::Query::Setup['localhost']
diff --git a/puppet/modules/site_couchdb/manifests/create_dbs.pp b/puppet/modules/site_couchdb/manifests/create_dbs.pp
index 41500d3a..4322f773 100644
--- a/puppet/modules/site_couchdb/manifests/create_dbs.pp
+++ b/puppet/modules/site_couchdb/manifests/create_dbs.pp
@@ -1,11 +1,14 @@
 class site_couchdb::create_dbs {
 
+  Class['site_couchdb::setup']
+    -> Class['site_couchdb::create_dbs']
+
   # Couchdb databases
 
   ### customer database
   ### r/w: webapp,
   couchdb::create_db { 'customers':
-    members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }",
+    members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [\"replication\"] }",
     require => Couchdb::Query::Setup['localhost']
   }
 
@@ -13,35 +16,35 @@ class site_couchdb::create_dbs {
   ## r: nickserver, leap_mx - needs to be restrict with design document
   ## r/w: webapp
   couchdb::create_db { 'identities':
-    members => "{ \"names\": [], \"roles\": [\"identities\"] }",
+    members => "{ \"names\": [], \"roles\": [\"replication\", \"identities\"] }",
     require => Couchdb::Query::Setup['localhost']
   }
 
   ## keycache database
   ## r/w: nickserver
   couchdb::create_db { 'keycache':
-    members => "{ \"names\": [], \"roles\": [\"keycache\"] }",
+    members => "{ \"names\": [], \"roles\": [\"replication\", \"keycache\"] }",
     require => Couchdb::Query::Setup['localhost']
   }
 
   ## sessions database
   ## r/w: webapp
   couchdb::create_db { 'sessions':
-    members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }",
+    members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [\"replication\"] }",
     require => Couchdb::Query::Setup['localhost']
   }
 
   ## shared database
   ## r/w: soledad
   couchdb::create_db { 'shared':
-    members => "{ \"names\": [\"$site_couchdb::couchdb_soledad_user\"], \"roles\": [] }",
+    members => "{ \"names\": [\"$site_couchdb::couchdb_soledad_user\"], \"roles\": [\"replication\"] }",
     require => Couchdb::Query::Setup['localhost']
   }
 
   ## tickets database
   ## r/w: webapp
   couchdb::create_db { 'tickets':
-    members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }",
+    members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [\"replication\"] }",
     require => Couchdb::Query::Setup['localhost']
   }
 
@@ -49,14 +52,14 @@ class site_couchdb::create_dbs {
   ## r: soledad - needs to be restricted with a design document
   ## r/w: webapp
   couchdb::create_db { 'tokens':
-    members => "{ \"names\": [], \"roles\": [\"tokens\"] }",
+    members => "{ \"names\": [], \"roles\": [\"replication\", \"tokens\"] }",
     require => Couchdb::Query::Setup['localhost']
   }
 
   ## users database
   ## r/w: webapp
   couchdb::create_db { 'users':
-    members => "{ \"names\": [], \"roles\": [\"users\"] }",
+    members => "{ \"names\": [], \"roles\": [\"replication\", \"users\"] }",
     require => Couchdb::Query::Setup['localhost']
   }
 
@@ -64,7 +67,7 @@ class site_couchdb::create_dbs {
   ## store messages to the clients such as payment reminders
   ## r/w: webapp
   couchdb::create_db { 'messages':
-    members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }",
+    members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [\"replication\"] }",
     require => Couchdb::Query::Setup['localhost']
   }
 }
diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index 3614661d..5a4fb936 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -1,118 +1,68 @@
 class site_couchdb {
   tag 'leap_service'
 
-  $couchdb_config          = hiera('couch')
-  $couchdb_users           = $couchdb_config['users']
-
-  $couchdb_admin           = $couchdb_users['admin']
-  $couchdb_admin_user      = $couchdb_admin['username']
-  $couchdb_admin_pw        = $couchdb_admin['password']
-  $couchdb_admin_salt      = $couchdb_admin['salt']
-
-  $couchdb_leap_mx         = $couchdb_users['leap_mx']
-  $couchdb_leap_mx_user    = $couchdb_leap_mx['username']
-  $couchdb_leap_mx_pw      = $couchdb_leap_mx['password']
-  $couchdb_leap_mx_salt    = $couchdb_leap_mx['salt']
-
-  $couchdb_nickserver      = $couchdb_users['nickserver']
-  $couchdb_nickserver_user = $couchdb_nickserver['username']
-  $couchdb_nickserver_pw   = $couchdb_nickserver['password']
-  $couchdb_nickserver_salt = $couchdb_nickserver['salt']
-
-  $couchdb_soledad         = $couchdb_users['soledad']
-  $couchdb_soledad_user    = $couchdb_soledad['username']
-  $couchdb_soledad_pw      = $couchdb_soledad['password']
-  $couchdb_soledad_salt    = $couchdb_soledad['salt']
-
-  $couchdb_tapicero        = $couchdb_users['tapicero']
-  $couchdb_tapicero_user   = $couchdb_tapicero['username']
-  $couchdb_tapicero_pw     = $couchdb_tapicero['password']
-  $couchdb_tapicero_salt   = $couchdb_tapicero['salt']
-
-  $couchdb_webapp          = $couchdb_users['webapp']
-  $couchdb_webapp_user     = $couchdb_webapp['username']
-  $couchdb_webapp_pw       = $couchdb_webapp['password']
-  $couchdb_webapp_salt     = $couchdb_webapp['salt']
-
-  $couchdb_backup          = $couchdb_config['backup']
-
-  $bigcouch_config         = $couchdb_config['bigcouch']
-  $bigcouch_cookie         = $bigcouch_config['cookie']
-
-  $ednp_port               = $bigcouch_config['ednp_port']
-
-  class { 'couchdb':
-    bigcouch            => true,
-    admin_pw            => $couchdb_admin_pw,
-    admin_salt          => $couchdb_admin_salt,
-    bigcouch_cookie     => $bigcouch_cookie,
-    ednp_port           => $ednp_port,
-    chttpd_bind_address => '127.0.0.1'
-  }
-
-  # ensure that we don't have leftovers from previous installations
-  # where we installed the cloudant bigcouch package
-  # https://leap.se/code/issues/4971
-  class { 'couchdb::bigcouch::package::cloudant':
-    ensure => absent
-  }
+  $couchdb_config           = hiera('couch')
+  $couchdb_users            = $couchdb_config['users']
+
+  $couchdb_admin            = $couchdb_users['admin']
+  $couchdb_admin_user       = $couchdb_admin['username']
+  $couchdb_admin_pw         = $couchdb_admin['password']
+  $couchdb_admin_salt       = $couchdb_admin['salt']
+
+  $couchdb_leap_mx          = $couchdb_users['leap_mx']
+  $couchdb_leap_mx_user     = $couchdb_leap_mx['username']
+  $couchdb_leap_mx_pw       = $couchdb_leap_mx['password']
+  $couchdb_leap_mx_salt     = $couchdb_leap_mx['salt']
+
+  $couchdb_nickserver       = $couchdb_users['nickserver']
+  $couchdb_nickserver_user  = $couchdb_nickserver['username']
+  $couchdb_nickserver_pw    = $couchdb_nickserver['password']
+  $couchdb_nickserver_salt  = $couchdb_nickserver['salt']
+
+  $couchdb_soledad          = $couchdb_users['soledad']
+  $couchdb_soledad_user     = $couchdb_soledad['username']
+  $couchdb_soledad_pw       = $couchdb_soledad['password']
+  $couchdb_soledad_salt     = $couchdb_soledad['salt']
+
+  $couchdb_tapicero         = $couchdb_users['tapicero']
+  $couchdb_tapicero_user    = $couchdb_tapicero['username']
+  $couchdb_tapicero_pw      = $couchdb_tapicero['password']
+  $couchdb_tapicero_salt    = $couchdb_tapicero['salt']
+
+  $couchdb_webapp           = $couchdb_users['webapp']
+  $couchdb_webapp_user      = $couchdb_webapp['username']
+  $couchdb_webapp_pw        = $couchdb_webapp['password']
+  $couchdb_webapp_salt      = $couchdb_webapp['salt']
+
+  $couchdb_replication      = $couchdb_users['replication']
+  $couchdb_replication_user = $couchdb_replication['username']
+  $couchdb_replication_pw   = $couchdb_replication['password']
+  $couchdb_replication_salt = $couchdb_replication['salt']
+
+  $couchdb_backup           = $couchdb_config['backup']
+  $couchdb_mode             = $couchdb_config['mode']
+
+  if $couchdb_mode == "multimaster" { include site_couchdb::bigcouch }
+  if $couchdb_mode == "master"      { include site_couchdb::master }
+  if $couchdb_mode == "mirror"      { include site_couchdb::mirror }
 
   Class['site_config::default']
-    -> Class['couchdb::bigcouch::package::cloudant']
     -> Service['shorewall']
-    -> Class['site_couchdb::stunnel']
-    -> Service['couchdb']
-    -> File['/root/.netrc']
-    -> Class['site_couchdb::bigcouch::add_nodes']
-    -> Class['site_couchdb::bigcouch::settle_cluster']
-    -> Class['site_couchdb::create_dbs']
-    -> Class['site_couchdb::add_users']
-
-  # /etc/couchdb/couchdb.netrc is deployed by couchdb::query::setup
-  # we symlink this to /root/.netrc for couchdb_scripts (eg. backup)
-  # and makes life easier for the admin (i.e. using curl/wget without
-  # passing credentials)
-  file {
-    '/root/.netrc':
-      ensure  => link,
-      target  => '/etc/couchdb/couchdb.netrc';
-
-    '/srv/leap/couchdb':
-      ensure => directory
-  }
-
-  couchdb::query::setup { 'localhost':
-    user  => $couchdb_admin_user,
-    pw    => $couchdb_admin_pw,
-  }
-
-  vcsrepo { '/srv/leap/couchdb/scripts':
-    ensure   => present,
-    provider => git,
-    source   => 'https://leap.se/git/couchdb_scripts',
-    revision => 'origin/master',
-    require  => File['/srv/leap/couchdb']
-  }
-
-  include site_couchdb::stunnel
-  include site_couchdb::bigcouch::add_nodes
-  include site_couchdb::bigcouch::settle_cluster
+    -> Service['stunnel']
+    -> Class['couchdb']
+    -> Class['site_couchdb::setup']
+
+  include site_stunnel
+
+  include site_couchdb::setup
   include site_couchdb::create_dbs
   include site_couchdb::add_users
   include site_couchdb::designs
   include site_couchdb::logrotate
-  include site_couchdb::bigcouch::compaction
 
-  if $couchdb_backup { include site_couchdb::backup }
-
-  include site_shorewall::couchdb
-  include site_shorewall::couchdb::bigcouch
+  if $couchdb_backup   { include site_couchdb::backup }
 
   include site_check_mk::agent::couchdb
   include site_check_mk::agent::tapicero
 
-  file { '/var/log/bigcouch':
-    ensure => directory
-  }
-
 }
diff --git a/puppet/modules/site_couchdb/manifests/master.pp b/puppet/modules/site_couchdb/manifests/master.pp
new file mode 100644
index 00000000..a0a6633d
--- /dev/null
+++ b/puppet/modules/site_couchdb/manifests/master.pp
@@ -0,0 +1,9 @@
+class site_couchdb::master {
+
+  class { 'couchdb':
+    admin_pw            => $site_couchdb::couchdb_admin_pw,
+    admin_salt          => $site_couchdb::couchdb_admin_salt,
+    chttpd_bind_address => '127.0.0.1'
+  }
+
+}
\ No newline at end of file
diff --git a/puppet/modules/site_couchdb/manifests/mirror.pp b/puppet/modules/site_couchdb/manifests/mirror.pp
new file mode 100644
index 00000000..abe35c4c
--- /dev/null
+++ b/puppet/modules/site_couchdb/manifests/mirror.pp
@@ -0,0 +1,77 @@
+class site_couchdb::mirror {
+
+  Class['site_couchdb::add_users']
+    -> Class['site_couchdb::mirror']
+
+  class { 'couchdb':
+    admin_pw            => $site_couchdb::couchdb_admin_pw,
+    admin_salt          => $site_couchdb::couchdb_admin_salt,
+    chttpd_bind_address => '127.0.0.1'
+  }
+
+  $masters = $site_couchdb::couchdb_config['replication']['masters']
+  $master_node_names = keys($site_couchdb::couchdb_config['replication']['masters'])
+  $master_node = $masters[$master_node_names[0]]
+  $user = $site_couchdb::couchdb_replication_user
+  $password = $site_couchdb::couchdb_replication_pw
+  $from_host = $master_node['domain_internal']
+  $from_port = $master_node['couch_port']
+  $from = "http://${user}:${password}@${from_host}:${from_port}"
+
+  notice("mirror from: ${from}")
+
+  ### customer database
+  couchdb::mirror_db { 'customers':
+    from => $from,
+    require => Couchdb::Query::Setup['localhost']
+  }
+
+  ## identities database
+  couchdb::mirror_db { 'identities':
+    from => $from,
+    require => Couchdb::Query::Setup['localhost']
+  }
+
+  ## keycache database
+  couchdb::mirror_db { 'keycache':
+    from => $from,
+    require => Couchdb::Query::Setup['localhost']
+  }
+
+  ## sessions database
+  couchdb::mirror_db { 'sessions':
+    from => $from,
+    require => Couchdb::Query::Setup['localhost']
+  }
+
+  ## shared database
+  couchdb::mirror_db { 'shared':
+    from => $from,
+    require => Couchdb::Query::Setup['localhost']
+  }
+
+  ## tickets database
+  couchdb::mirror_db { 'tickets':
+    from => $from,
+    require => Couchdb::Query::Setup['localhost']
+  }
+
+  ## tokens database
+  couchdb::mirror_db { 'tokens':
+    from => $from,
+    require => Couchdb::Query::Setup['localhost']
+  }
+
+  ## users database
+  couchdb::mirror_db { 'users':
+    from => $from,
+    require => Couchdb::Query::Setup['localhost']
+  }
+
+  ## messages db
+  couchdb::mirror_db { 'messages':
+    from => $from,
+    require => Couchdb::Query::Setup['localhost']
+  }
+
+}
diff --git a/puppet/modules/site_couchdb/manifests/setup.pp b/puppet/modules/site_couchdb/manifests/setup.pp
new file mode 100644
index 00000000..69bd1c6a
--- /dev/null
+++ b/puppet/modules/site_couchdb/manifests/setup.pp
@@ -0,0 +1,46 @@
+#
+# An initial setup class. All the other classes depend on this
+#
+class site_couchdb::setup {
+
+  # ensure that we don't have leftovers from previous installations
+  # where we installed the cloudant bigcouch package
+  # https://leap.se/code/issues/4971
+  class { 'couchdb::bigcouch::package::cloudant':
+    ensure => absent
+  }
+
+  $user = $site_couchdb::couchdb_admin_user
+
+  # /etc/couchdb/couchdb-admin.netrc is deployed by couchdb::query::setup
+  # we symlink to couchdb.netrc for puppet commands.
+  # we symlink this to /root/.netrc for couchdb_scripts (eg. backup)
+  # and makes life easier for the admin (i.e. using curl/wget without
+  # passing credentials)
+  file {
+    '/etc/couchdb/couchdb.netrc':
+      ensure  => link,
+      target  => "/etc/couchdb/couchdb-${user}.netrc";
+
+    '/root/.netrc':
+      ensure  => link,
+      target  => '/etc/couchdb/couchdb.netrc';
+
+    '/srv/leap/couchdb':
+      ensure => directory
+  }
+
+  couchdb::query::setup { 'localhost':
+    user  => $user,
+    pw    => $site_couchdb::couchdb_admin_pw,
+  }
+
+  vcsrepo { '/srv/leap/couchdb/scripts':
+    ensure   => present,
+    provider => git,
+    source   => 'https://leap.se/git/couchdb_scripts',
+    revision => 'origin/master',
+    require  => File['/srv/leap/couchdb']
+  }
+
+}
diff --git a/puppet/modules/site_couchdb/manifests/stunnel.pp b/puppet/modules/site_couchdb/manifests/stunnel.pp
deleted file mode 100644
index 91f1e3aa..00000000
--- a/puppet/modules/site_couchdb/manifests/stunnel.pp
+++ /dev/null
@@ -1,112 +0,0 @@
-class site_couchdb::stunnel {
-
-  $stunnel              = hiera('stunnel')
-
-  $couch_server         = $stunnel['couch_server']
-  $couch_server_accept  = $couch_server['accept']
-  $couch_server_connect = $couch_server['connect']
-
-  # Erlang Port Mapper Daemon (epmd) stunnel server/clients
-  $epmd_server          = $stunnel['epmd_server']
-  $epmd_server_accept   = $epmd_server['accept']
-  $epmd_server_connect  = $epmd_server['connect']
-  $epmd_clients         = $stunnel['epmd_clients']
-
-  # Erlang Distributed Node Protocol (ednp) stunnel server/clients
-  $ednp_server          = $stunnel['ednp_server']
-  $ednp_server_accept   = $ednp_server['accept']
-  $ednp_server_connect  = $ednp_server['connect']
-  $ednp_clients         = $stunnel['ednp_clients']
-
-
-
-  include site_config::x509::cert
-  include site_config::x509::key
-  include site_config::x509::ca
-
-  include x509::variables
-  $ca_path   = "${x509::variables::local_CAs}/${site_config::params::ca_name}.crt"
-  $cert_path = "${x509::variables::certs}/${site_config::params::cert_name}.crt"
-  $key_path  = "${x509::variables::keys}/${site_config::params::cert_name}.key"
-
-  # setup a stunnel server for the webapp to connect to couchdb
-  stunnel::service { 'couch_server':
-    accept     => $couch_server_accept,
-    connect    => $couch_server_connect,
-    client     => false,
-    cafile     => $ca_path,
-    key        => $key_path,
-    cert       => $cert_path,
-    verify     => '2',
-    pid        => '/var/run/stunnel4/couchserver.pid',
-    rndfile    => '/var/lib/stunnel4/.rnd',
-    debuglevel => '4',
-    require    => [
-      Class['Site_config::X509::Key'],
-      Class['Site_config::X509::Cert'],
-      Class['Site_config::X509::Ca'] ];
-  }
-
-
-  # setup stunnel server for Erlang Port Mapper Daemon (epmd), necessary for
-  # bigcouch clustering between each bigcouchdb node
-  stunnel::service { 'epmd_server':
-    accept     => $epmd_server_accept,
-    connect    => $epmd_server_connect,
-    client     => false,
-    cafile     => $ca_path,
-    key        => $key_path,
-    cert       => $cert_path,
-    verify     => '2',
-    pid        => '/var/run/stunnel4/epmd_server.pid',
-    rndfile    => '/var/lib/stunnel4/.rnd',
-    debuglevel => '4',
-    require    => [
-      Class['Site_config::X509::Key'],
-      Class['Site_config::X509::Cert'],
-      Class['Site_config::X509::Ca'] ];
-  }
-
-  # setup stunnel clients for Erlang Port Mapper Daemon (epmd) to connect
-  # to the above epmd stunnel server.
-  $epmd_client_defaults = {
-    'client'       => true,
-    'cafile'       => $ca_path,
-    'key'          => $key_path,
-    'cert'         => $cert_path,
-  }
-
-  create_resources(site_stunnel::clients, $epmd_clients, $epmd_client_defaults)
-
-  # setup stunnel server for Erlang Distributed Node Protocol (ednp), necessary
-  # for bigcouch clustering between each bigcouchdb node
-  stunnel::service { 'ednp_server':
-    accept     => $ednp_server_accept,
-    connect    => $ednp_server_connect,
-    client     => false,
-    cafile     => $ca_path,
-    key        => $key_path,
-    cert       => $cert_path,
-    verify     => '2',
-    pid        => '/var/run/stunnel4/ednp_server.pid',
-    rndfile    => '/var/lib/stunnel4/.rnd',
-    debuglevel => '4',
-    require    => [
-      Class['Site_config::X509::Key'],
-      Class['Site_config::X509::Cert'],
-      Class['Site_config::X509::Ca'] ];
-  }
-
-  # setup stunnel clients for Erlang Distributed Node Protocol (ednp) to connect
-  # to the above ednp stunnel server.
-  $ednp_client_defaults = {
-    'client'       => true,
-    'cafile'       => $ca_path,
-    'key'          => $key_path,
-    'cert'         => $cert_path,
-  }
-
-  create_resources(site_stunnel::clients, $ednp_clients, $ednp_client_defaults)
-
-  include site_check_mk::agent::stunnel
-}