diff options
Diffstat (limited to 'puppet/modules')
| m--------- | puppet/modules/couchdb | 0 | ||||
| -rw-r--r-- | puppet/modules/site_couchdb/manifests/init.pp | 7 | ||||
| -rw-r--r-- | puppet/modules/site_couchdb/manifests/stunnel.pp | 41 | ||||
| -rw-r--r-- | puppet/modules/site_shorewall/manifests/couchdb.pp | 5 | ||||
| -rw-r--r-- | puppet/modules/site_shorewall/manifests/couchdb/bigcouch.pp | 21 | 
5 files changed, 61 insertions, 13 deletions
| diff --git a/puppet/modules/couchdb b/puppet/modules/couchdb -Subproject 66d918ddb6454fd4a30baed9b49baad98e27424 +Subproject b49a787a2961129a969cfecd1eec1df588aaaca diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 0fc951c2..9ffa4122 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -21,10 +21,13 @@ class site_couchdb ( $bigcouch = false ) {    $bigcouch_config        = $couchdb_config['bigcouch']    $bigcouch_cookie        = $bigcouch_config['cookie'] -  class {'couchdb': +  $ednp_port              = $bigcouch_config['ednp_port'] + +  class { 'couchdb':      bigcouch        => $bigcouch,      admin_pw        => $couchdb_admin_pw, -    bigcouch_cookie => $bigcouch_cookie +    bigcouch_cookie => $bigcouch_cookie, +    ednp_port       => $ednp_port    }    include couchdb::bigcouch::package::cloudant diff --git a/puppet/modules/site_couchdb/manifests/stunnel.pp b/puppet/modules/site_couchdb/manifests/stunnel.pp index 40b8f450..ebd01e4e 100644 --- a/puppet/modules/site_couchdb/manifests/stunnel.pp +++ b/puppet/modules/site_couchdb/manifests/stunnel.pp @@ -6,12 +6,18 @@ class site_couchdb::stunnel ($key, $cert, $ca) {    $couch_server_accept  = $couch_server['accept']    $couch_server_connect = $couch_server['connect'] +  # Erlang Port Mapper Daemon (epmd) stunnel server/clients    $epmd_server          = $stunnel['epmd_server']    $epmd_server_accept   = $epmd_server['accept']    $epmd_server_connect  = $epmd_server['connect'] -    $epmd_clients         = $stunnel['epmd_clients'] +  # Erlang Distributed Node Protocol (ednp) stunnel server/clients +  $ednp_server          = $stunnel['ednp_server'] +  $ednp_server_accept   = $ednp_server['accept'] +  $ednp_server_connect  = $ednp_server['connect'] +  $ednp_clients         = $stunnel['ednp_clients'] +    include x509::variables    $cert_name = 'leap_couchdb'    $ca_name   = 'leap_ca' @@ -43,8 +49,8 @@ class site_couchdb::stunnel ($key, $cert, $ca) {    } -  # setup stunnels for bigcouch clustering between each bigcouchdb node -  # server +  # setup stunnel server for Erlang Port Mapper Daemon (epmd), necessary for +  # bigcouch clustering between each bigcouchdb node    stunnel::service { 'epmd_server':      accept     => $epmd_server_accept,      connect    => $epmd_server_connect, @@ -58,7 +64,8 @@ class site_couchdb::stunnel ($key, $cert, $ca) {      debuglevel => '4'    } -  # clients +  # setup stunnel clients for Erlang Port Mapper Daemon (epmd) to connect +  # to the above epmd stunnel server.    $epmd_client_defaults = {      'client'       => true,      'cafile'       => $ca_path, @@ -67,4 +74,30 @@ class site_couchdb::stunnel ($key, $cert, $ca) {    }    create_resources(site_stunnel::clients, $epmd_clients, $epmd_client_defaults) + +  # setup stunnel server for Erlang Distributed Node Protocol (ednp), necessary +  # for bigcouch clustering between each bigcouchdb node +  stunnel::service { 'ednp_server': +    accept     => $ednp_server_accept, +    connect    => $ednp_server_connect, +    client     => false, +    cafile     => $ca_path, +    key        => $key_path, +    cert       => $cert_path, +    verify     => '2', +    pid        => '/var/run/stunnel4/ednp_server.pid', +    rndfile    => '/var/lib/stunnel4/.rnd', +    debuglevel => '4' +  } + +  # setup stunnel clients for Erlang Distributed Node Protocol (ednp) to connect +  # to the above ednp stunnel server. +  $ednp_client_defaults = { +    'client'       => true, +    'cafile'       => $ca_path, +    'key'          => $key_path, +    'cert'         => $cert_path, +  } + +  create_resources(site_stunnel::clients, $ednp_clients, $ednp_client_defaults)  } diff --git a/puppet/modules/site_shorewall/manifests/couchdb.pp b/puppet/modules/site_shorewall/manifests/couchdb.pp index 1ef91bb0..73bed62b 100644 --- a/puppet/modules/site_shorewall/manifests/couchdb.pp +++ b/puppet/modules/site_shorewall/manifests/couchdb.pp @@ -6,12 +6,9 @@ class site_shorewall::couchdb {    $couch_server = $stunnel['couch_server']    $couch_stunnel_port = $couch_server['accept'] -  # see http://stackoverflow.com/questions/8459949/bigcouch-cluster-connection-issue#comment10467603_8463814 -  $erlang_vm_port = '9001' -    # define macro for incoming services    file { '/etc/shorewall/macro.leap_couchdb': -    content => "PARAM   -       -       tcp    ${couch_stunnel_port},${erlang_vm_port}", +    content => "PARAM   -       -       tcp    ${couch_stunnel_port}",      notify  => Service['shorewall'],      require => Package['shorewall']    } diff --git a/puppet/modules/site_shorewall/manifests/couchdb/bigcouch.pp b/puppet/modules/site_shorewall/manifests/couchdb/bigcouch.pp index a8320df8..20740650 100644 --- a/puppet/modules/site_shorewall/manifests/couchdb/bigcouch.pp +++ b/puppet/modules/site_shorewall/manifests/couchdb/bigcouch.pp @@ -3,15 +3,22 @@ class site_shorewall::couchdb::bigcouch {    include site_shorewall::defaults    $stunnel = hiera('stunnel') -  $epmd_clients         = $stunnel['epmd_clients'] +  # Erlang Port Mapper Daemon (epmd) stunnel server/clients +  $epmd_clients         = $stunnel['epmd_clients']    $epmd_server          = $stunnel['epmd_server']    $epmd_server_port     = $epmd_server['accept']    $epmd_server_connect  = $epmd_server['connect'] +  # Erlang Distributed Node Protocol (ednp) stunnel server/clients +  $ednp_clients         = $stunnel['ednp_clients'] +  $ednp_server          = $stunnel['ednp_server'] +  $ednp_server_port     = $ednp_server['accept'] +  $ednp_server_connect  = $ednp_server['connect'] +    # define macro for incoming services    file { '/etc/shorewall/macro.leap_bigcouch': -    content => "PARAM   -       -       tcp    ${epmd_server_port}", +    content => "PARAM   -       -       tcp    ${epmd_server_port},${ednp_server_port}",      notify  => Service['shorewall'],      require => Package['shorewall']    } @@ -24,13 +31,21 @@ class site_shorewall::couchdb::bigcouch {          order       => 300;    } +  # setup DNAT rules for each epmd    $epmd_shorewall_dnat_defaults = {      'source'          => '$FW',      'proto'           => 'tcp',      'destinationport' => regsubst($epmd_server_connect, '^([0-9.]+:)([0-9]+)$', '\2')    } -    create_resources(site_shorewall::couchdb::dnat, $epmd_clients, $epmd_shorewall_dnat_defaults) +  # setup DNAT rules for each ednp +  $ednp_shorewall_dnat_defaults = { +    'source'          => '$FW', +    'proto'           => 'tcp', +    'destinationport' => regsubst($ednp_server_connect, '^([0-9.]+:)([0-9]+)$', '\2') +  } +  create_resources(site_shorewall::couchdb::dnat, $ednp_clients, $ednp_shorewall_dnat_defaults) +  } | 
