From 659f145711fefd0bf1046088ce89aa70448fe6f9 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 1 Nov 2012 09:18:07 +0100 Subject: custom local.ini with ssl support --- puppet/modules/site_couchdb/files/local.ini | 84 +++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 puppet/modules/site_couchdb/files/local.ini (limited to 'puppet/modules/site_couchdb/files') diff --git a/puppet/modules/site_couchdb/files/local.ini b/puppet/modules/site_couchdb/files/local.ini new file mode 100644 index 00000000..0da2fb44 --- /dev/null +++ b/puppet/modules/site_couchdb/files/local.ini @@ -0,0 +1,84 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[couchdb] +;max_document_size = 4294967296 ; bytes + +[httpd] +;port = 5984 +;bind_address = 127.0.0.1 +; Options for the MochiWeb HTTP server. +;server_options = [{backlog, 128}, {acceptor_pool_size, 16}] +; For more socket options, consult Erlang's module 'inet' man page. +;socket_options = [{recbuf, 262144}, {sndbuf, 262144}, {nodelay, true}] + +; Uncomment next line to trigger basic-auth popup on unauthorized requests. +;WWW-Authenticate = Basic realm="administrator" + +; Uncomment next line to set the configuration modification whitelist. Only +; whitelisted values may be changed via the /_config URLs. To allow the admin +; to change this value over HTTP, remember to include {httpd,config_whitelist} +; itself. Excluding it from the list would require editing this file to update +; the whitelist. +;config_whitelist = [{httpd,config_whitelist}, {log,level}, {etc,etc}] + +[httpd_global_handlers] +;_google = {couch_httpd_proxy, handle_proxy_req, <<"http://www.google.com">>} + +[couch_httpd_auth] +; If you set this to true, you should also uncomment the WWW-Authenticate line +; above. If you don't configure a WWW-Authenticate header, CouchDB will send +; Basic realm="server" in order to prevent you getting logged out. +; require_valid_user = false + +[log] +;level = debug + +[os_daemons] +; For any commands listed here, CouchDB will attempt to ensure that +; the process remains alive while CouchDB runs as well as shut them +; down when CouchDB exits. +;foo = /path/to/command -with args + +[daemons] +; enable SSL support by uncommenting the following line and supply the PEM's below. +; the default ssl port CouchDB listens on is 6984 +httpsd = {couch_httpd, start_link, [https]} + +[ssl] +cert_file = /etc/couchdb/server_cert.pem +key_file = /etc/couchdb/server_key.pem +;password = somepassword +; set to true to validate peer certificates +verify_ssl_certificates = false +; Path to file containing PEM encoded CA certificates (trusted +; certificates used for verifying a peer certificate). May be omitted if +; you do not want to verify the peer. +;cacert_file = /full/path/to/cacertf +; The verification fun (optionnal) if not specidied, the default +; verification fun will be used. +;verify_fun = {Module, VerifyFun} +ssl_certificate_max_depth = 1 +; To enable Virtual Hosts in CouchDB, add a vhost = path directive. All requests to +; the Virual Host will be redirected to the path. In the example below all requests +; to http://example.com/ are redirected to /database. +; If you run CouchDB on a specific port, include the port number in the vhost: +; example.com:5984 = /database + +[vhosts] +;example.com = /database/ + +[update_notification] +;unique notifier name=/full/path/to/exe -with "cmd line arg" + +; To create an admin account uncomment the '[admins]' section below and add a +; line in the format 'username = password'. When you next start CouchDB, it +; will change the password to a hash (so that your passwords don't linger +; around in plain-text files). You can add more admin accounts with more +; 'username = password' lines. Don't forget to restart CouchDB after +; changing this. +[admins] +;admin = mysecretpassword -- cgit v1.2.3 From 5abce06ff562fb508504af4370c0cc8eda266b56 Mon Sep 17 00:00:00 2001 From: varac Date: Sat, 3 Nov 2012 10:19:24 +0100 Subject: [admins] section moved to local.d/admin.ini --- puppet/modules/site_couchdb/files/local.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_couchdb/files') diff --git a/puppet/modules/site_couchdb/files/local.ini b/puppet/modules/site_couchdb/files/local.ini index 0da2fb44..79dd112e 100644 --- a/puppet/modules/site_couchdb/files/local.ini +++ b/puppet/modules/site_couchdb/files/local.ini @@ -80,5 +80,5 @@ ssl_certificate_max_depth = 1 ; around in plain-text files). You can add more admin accounts with more ; 'username = password' lines. Don't forget to restart CouchDB after ; changing this. -[admins] +;[admins] ;admin = mysecretpassword -- cgit v1.2.3 From 5493d362f7b3abd6c8aa9350341a551c53622604 Mon Sep 17 00:00:00 2001 From: varac Date: Sat, 3 Nov 2012 11:33:38 +0100 Subject: configure apache ssl proxy for couchdb --- puppet/modules/site_couchdb/files/local.ini | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'puppet/modules/site_couchdb/files') diff --git a/puppet/modules/site_couchdb/files/local.ini b/puppet/modules/site_couchdb/files/local.ini index 79dd112e..485c9a29 100644 --- a/puppet/modules/site_couchdb/files/local.ini +++ b/puppet/modules/site_couchdb/files/local.ini @@ -46,14 +46,14 @@ [daemons] ; enable SSL support by uncommenting the following line and supply the PEM's below. ; the default ssl port CouchDB listens on is 6984 -httpsd = {couch_httpd, start_link, [https]} +;httpsd = {couch_httpd, start_link, [https]} [ssl] -cert_file = /etc/couchdb/server_cert.pem -key_file = /etc/couchdb/server_key.pem +;cert_file = /etc/couchdb/server_cert.pem +;key_file = /etc/couchdb/server_key.pem ;password = somepassword ; set to true to validate peer certificates -verify_ssl_certificates = false +;verify_ssl_certificates = false ; Path to file containing PEM encoded CA certificates (trusted ; certificates used for verifying a peer certificate). May be omitted if ; you do not want to verify the peer. @@ -61,7 +61,7 @@ verify_ssl_certificates = false ; The verification fun (optionnal) if not specidied, the default ; verification fun will be used. ;verify_fun = {Module, VerifyFun} -ssl_certificate_max_depth = 1 +;ssl_certificate_max_depth = 1 ; To enable Virtual Hosts in CouchDB, add a vhost = path directive. All requests to ; the Virual Host will be redirected to the path. In the example below all requests ; to http://example.com/ are redirected to /database. -- cgit v1.2.3 From a58524af8a97d6c2eee8d26ccdf192fecb855fe9 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 4 Nov 2012 18:53:24 +0100 Subject: provide coustom couchdb initscript to ensure stop/restart is working --- puppet/modules/site_couchdb/files/couchdb | 160 ++++++++++++++++++++++++++++++ 1 file changed, 160 insertions(+) create mode 100755 puppet/modules/site_couchdb/files/couchdb (limited to 'puppet/modules/site_couchdb/files') diff --git a/puppet/modules/site_couchdb/files/couchdb b/puppet/modules/site_couchdb/files/couchdb new file mode 100755 index 00000000..ccdfe716 --- /dev/null +++ b/puppet/modules/site_couchdb/files/couchdb @@ -0,0 +1,160 @@ +#!/bin/sh -e + +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +### BEGIN INIT INFO +# Provides: couchdb +# Required-Start: $local_fs $remote_fs +# Required-Stop: $local_fs $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Apache CouchDB init script +# Description: Apache CouchDB init script for the database server. +### END INIT INFO + +SCRIPT_OK=0 +SCRIPT_ERROR=1 + +DESCRIPTION="database server" +NAME=couchdb +SCRIPT_NAME=`basename $0` +COUCHDB=/usr/bin/couchdb +CONFIGURATION_FILE=/etc/default/couchdb +RUN_DIR=/var/run/couchdb +LSB_LIBRARY=/lib/lsb/init-functions + +if test ! -x $COUCHDB; then + exit $SCRIPT_ERROR +fi + +if test -r $CONFIGURATION_FILE; then + . $CONFIGURATION_FILE +fi + +log_daemon_msg () { + # Dummy function to be replaced by LSB library. + + echo $@ +} + +log_end_msg () { + # Dummy function to be replaced by LSB library. + + if test "$1" != "0"; then + echo "Error with $DESCRIPTION: $NAME" + fi + return $1 +} + +if test -r $LSB_LIBRARY; then + . $LSB_LIBRARY +fi + +run_command () { + command="$1" + if test -n "$COUCHDB_OPTIONS"; then + command="$command $COUCHDB_OPTIONS" + fi + if test -n "$COUCHDB_USER"; then + if su $COUCHDB_USER -c "$command"; then + return $SCRIPT_OK + else + return $SCRIPT_ERROR + fi + else + if $command; then + return $SCRIPT_OK + else + return $SCRIPT_ERROR + fi + fi +} + +start_couchdb () { + # Start Apache CouchDB as a background process. + + mkdir -p "$RUN_DIR" + chown -R "$COUCHDB_USER" "$RUN_DIR" + command="$COUCHDB -b" + if test -n "$COUCHDB_STDOUT_FILE"; then + command="$command -o $COUCHDB_STDOUT_FILE" + fi + if test -n "$COUCHDB_STDERR_FILE"; then + command="$command -e $COUCHDB_STDERR_FILE" + fi + if test -n "$COUCHDB_RESPAWN_TIMEOUT"; then + command="$command -r $COUCHDB_RESPAWN_TIMEOUT" + fi + run_command "$command" > /dev/null +} + +stop_couchdb () { + # Stop the running Apache CouchDB process. + + run_command "$COUCHDB -d" > /dev/null + pkill -u couchdb + # always return true even if no remaining couchdb procs got killed + /bin/true +} + +display_status () { + # Display the status of the running Apache CouchDB process. + + run_command "$COUCHDB -s" +} + +parse_script_option_list () { + # Parse arguments passed to the script and take appropriate action. + + case "$1" in + start) + log_daemon_msg "Starting $DESCRIPTION" $NAME + if start_couchdb; then + log_end_msg $SCRIPT_OK + else + log_end_msg $SCRIPT_ERROR + fi + ;; + stop) + log_daemon_msg "Stopping $DESCRIPTION" $NAME + if stop_couchdb; then + log_end_msg $SCRIPT_OK + else + log_end_msg $SCRIPT_ERROR + fi + ;; + restart|force-reload) + log_daemon_msg "Restarting $DESCRIPTION" $NAME + if stop_couchdb; then + if start_couchdb; then + log_end_msg $SCRIPT_OK + else + log_end_msg $SCRIPT_ERROR + fi + else + log_end_msg $SCRIPT_ERROR + fi + ;; + status) + display_status + ;; + *) + cat << EOF >&2 +Usage: $SCRIPT_NAME {start|stop|restart|force-reload|status} +EOF + exit $SCRIPT_ERROR + ;; + esac +} + +parse_script_option_list $@ -- cgit v1.2.3