From 3544497599bfd7902b7b1be6661aaf1048af44e3 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Tue, 13 Aug 2013 22:21:44 -0400
Subject: require that the couchdb::query::setup has been run before any
 attempts are made to create databases or add users as these would fail
 otherwise. Closes: #3466

Change-Id: Ifa8b3da5858ce858fd319c4a659e70d20a65d3e0
---
 puppet/modules/site_couchdb/manifests/init.pp | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

(limited to 'puppet/modules/site_couchdb/manifests/init.pp')

diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index 802f3224..75ed87a0 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -59,23 +59,27 @@ class site_couchdb {
 
   # Populate couchdb
   couchdb::add_user { $couchdb_webapp_user:
-    roles => '["auth"]',
-    pw    => $couchdb_webapp_pw,
-    salt  => $couchdb_webapp_salt
+    roles   => '["auth"]',
+    pw      => $couchdb_webapp_pw,
+    salt    => $couchdb_webapp_salt,
+    require => Couchdb::Query::Setup['localhost']
   }
 
   couchdb::add_user { $couchdb_soledad_user:
     roles => '["auth"]',
     pw    => $couchdb_soledad_pw,
-    salt  => $couchdb_soledad_salt
+    salt  => $couchdb_soledad_salt,
+    require => Couchdb::Query::Setup['localhost']
   }
 
   couchdb::create_db { 'users':
-    readers => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }"
+    readers => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }",
+    require => Couchdb::Query::Setup['localhost']
   }
 
   couchdb::create_db { 'tokens':
-    readers => "{ \"names\": [], \"roles\": [\"auth\"] }"
+    readers => "{ \"names\": [], \"roles\": [\"auth\"] }",
+    require => Couchdb::Query::Setup['localhost']
   }
 
   include site_shorewall::couchdb
-- 
cgit v1.2.3


From 778e85c3a163b6343cd545073e4432b882dc888a Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Tue, 27 Aug 2013 19:42:15 -0400
Subject: setup bigcouch logrotation (#3491)

Change-Id: Ia35cf7a9fc1d0fad6a57bbae73968ab6b8f0c847
---
 puppet/modules/site_couchdb/manifests/init.pp | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'puppet/modules/site_couchdb/manifests/init.pp')

diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index 75ed87a0..238b83d9 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -82,6 +82,8 @@ class site_couchdb {
     require => Couchdb::Query::Setup['localhost']
   }
 
+  include site_couchdb::logrotate
+
   include site_shorewall::couchdb
   include site_shorewall::couchdb::bigcouch
 }
-- 
cgit v1.2.3


From f18a47cfcabcc126689b1166464b5f7c3d000b79 Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Fri, 30 Aug 2013 08:54:18 +0200
Subject: create sessions db with puppet (Bug #3597)

---
 puppet/modules/site_couchdb/manifests/init.pp | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'puppet/modules/site_couchdb/manifests/init.pp')

diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index 238b83d9..84f737d7 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -66,9 +66,9 @@ class site_couchdb {
   }
 
   couchdb::add_user { $couchdb_soledad_user:
-    roles => '["auth"]',
-    pw    => $couchdb_soledad_pw,
-    salt  => $couchdb_soledad_salt,
+    roles   => '["auth"]',
+    pw      => $couchdb_soledad_pw,
+    salt    => $couchdb_soledad_salt,
     require => Couchdb::Query::Setup['localhost']
   }
 
@@ -82,6 +82,11 @@ class site_couchdb {
     require => Couchdb::Query::Setup['localhost']
   }
 
+  couchdb::create_db { 'sessions':
+    readers => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }",
+    require => Couchdb::Query::Setup['localhost']
+  }
+
   include site_couchdb::logrotate
 
   include site_shorewall::couchdb
-- 
cgit v1.2.3


From c25c97adeb6c41d9af008ba918dfa6ee192f2fd9 Mon Sep 17 00:00:00 2001
From: Azul <azul@riseup.net>
Date: Mon, 2 Sep 2013 11:57:48 +0200
Subject: create all webapp databases so _security is set (fixes 3517)

---
 puppet/modules/site_couchdb/manifests/init.pp | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'puppet/modules/site_couchdb/manifests/init.pp')

diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index 84f737d7..43abd616 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -87,6 +87,19 @@ class site_couchdb {
     require => Couchdb::Query::Setup['localhost']
   }
 
+  couchdb::create_db { 'tickets':
+    readers => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }",
+    require => Couchdb::Query::Setup['localhost']
+  }
+
+  # leap_mx will want access to this. Granting access to the soledad user
+  # via the auth group for now.
+  # leap_mx could use that for a start.
+  couchdb::create_db { 'identities':
+    readers => "{ \"names\": [], \"roles\": [\"auth\"] }",
+    require => Couchdb::Query::Setup['localhost']
+  }
+
   include site_couchdb::logrotate
 
   include site_shorewall::couchdb
-- 
cgit v1.2.3


From 3e5e685200e9b5c3ac8567100e552929ea55d8e8 Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Fri, 13 Sep 2013 16:20:07 +0200
Subject: setup stunnel config to use default x509 cert,key+ca (#3837)

* fix stunnel setups for couchdb, mx, webapp services
---
 puppet/modules/site_couchdb/manifests/init.pp | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

(limited to 'puppet/modules/site_couchdb/manifests/init.pp')

diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index 43abd616..6bc4f6a3 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -1,11 +1,6 @@
 class site_couchdb {
   tag 'leap_service'
 
-  $x509                   = hiera('x509')
-  $key                    = $x509['key']
-  $cert                   = $x509['cert']
-  $ca                     = $x509['ca_cert']
-
   $couchdb_config         = hiera('couch')
   $couchdb_users          = $couchdb_config['users']
   $couchdb_admin          = $couchdb_users['admin']
@@ -44,11 +39,7 @@ class site_couchdb {
     -> Couchdb::Add_user[$couchdb_webapp_user]
     -> Couchdb::Add_user[$couchdb_soledad_user]
 
-  class { 'site_couchdb::stunnel':
-    key  => $key,
-    cert => $cert,
-    ca   => $ca
-  }
+  class { 'site_couchdb::stunnel': }
 
   class { 'site_couchdb::bigcouch::add_nodes': }
 
-- 
cgit v1.2.3


From 3388336b57cc59617b6dc8380beeeacfdb2fb5b3 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Wed, 18 Sep 2013 12:05:10 -0400
Subject: Setup a class dependency for every tag 'leap_service' to make sure
 that shorewall is setup before the service is setup. This is necessary due to
 the strict initial firewall that stops various service setup operations from
 happening, but is relaxed once shorewall is setup properly (#3782)

Change-Id: Ia9640c4118aa0053cdb99e7bc11860fed5527501
---
 puppet/modules/site_couchdb/manifests/init.pp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'puppet/modules/site_couchdb/manifests/init.pp')

diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index 6bc4f6a3..f4f93828 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -31,7 +31,8 @@ class site_couchdb {
 
   class { 'couchdb::bigcouch::package::cloudant': }
 
-  Class ['couchdb::bigcouch::package::cloudant']
+  Class['site_config::default']
+    -> Class ['couchdb::bigcouch::package::cloudant']
     -> Service ['couchdb']
     -> Class ['site_couchdb::bigcouch::add_nodes']
     -> Couchdb::Create_db['users']
-- 
cgit v1.2.3


From befa14796567d950f7afa066381070ca7246b1d4 Mon Sep 17 00:00:00 2001
From: Azul <azul@riseup.net>
Date: Fri, 25 Oct 2013 12:50:00 +0200
Subject: Users with access to a db are called members - not readers (#4219)

 ( they can read and write ). I think couch themselves changed the termology at some point but i might just have used the wrong term from the beginning on.
Let's call them members either way because it's more clear that read only members require aditional design docs.
---
 puppet/modules/site_couchdb/manifests/init.pp | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'puppet/modules/site_couchdb/manifests/init.pp')

diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index f4f93828..5d77c994 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -65,22 +65,22 @@ class site_couchdb {
   }
 
   couchdb::create_db { 'users':
-    readers => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }",
+    members => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }",
     require => Couchdb::Query::Setup['localhost']
   }
 
   couchdb::create_db { 'tokens':
-    readers => "{ \"names\": [], \"roles\": [\"auth\"] }",
+    members => "{ \"names\": [], \"roles\": [\"auth\"] }",
     require => Couchdb::Query::Setup['localhost']
   }
 
   couchdb::create_db { 'sessions':
-    readers => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }",
+    members => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }",
     require => Couchdb::Query::Setup['localhost']
   }
 
   couchdb::create_db { 'tickets':
-    readers => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }",
+    members => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }",
     require => Couchdb::Query::Setup['localhost']
   }
 
@@ -88,7 +88,7 @@ class site_couchdb {
   # via the auth group for now.
   # leap_mx could use that for a start.
   couchdb::create_db { 'identities':
-    readers => "{ \"names\": [], \"roles\": [\"auth\"] }",
+    members => "{ \"names\": [], \"roles\": [\"auth\"] }",
     require => Couchdb::Query::Setup['localhost']
   }
 
-- 
cgit v1.2.3


From ce084fbbe5980497b8b3f3e643e6b618c4fa0b0a Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Thu, 31 Oct 2013 00:48:37 +0100
Subject: Automate local backup of couchdb data (Feature #4350)

---
 puppet/modules/site_couchdb/manifests/init.pp | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

(limited to 'puppet/modules/site_couchdb/manifests/init.pp')

diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index 5d77c994..684d3ab7 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -16,6 +16,8 @@ class site_couchdb {
   $couchdb_soledad_pw     = $couchdb_soledad['password']
   $couchdb_soledad_salt   = $couchdb_soledad['salt']
 
+  $couchdb_backup         = $couchdb_config['backup']
+
   $bigcouch_config        = $couchdb_config['bigcouch']
   $bigcouch_cookie        = $bigcouch_config['cookie']
 
@@ -96,4 +98,27 @@ class site_couchdb {
 
   include site_shorewall::couchdb
   include site_shorewall::couchdb::bigcouch
+
+  # /etc/couchdb/couchdb.netrc is deployed by the couchdb module
+  # needed for couchdb_scripts (backup) and makes life easier
+  # for the admin (i.e. using curl/wget without passing credentials)
+
+  file { '/root/.netrc':
+    ensure => link,
+    target => '/etc/couchdb/couchdb.netrc'
+  }
+
+  file { '/srv/leap/couchdb':
+    ensure => directory
+  }
+
+  vcsrepo { '/srv/leap/couchdb/scripts':
+    ensure   => present,
+    provider => git,
+    source   => 'https://leap.se/git/couchdb_scripts',
+    revision => 'origin/master',
+    require  => File['/srv/leap/couchdb']
+  }
+
+  if $couchdb_backup { include site_couchdb::backup }
 }
-- 
cgit v1.2.3


From ab278941346cc868aad7a3900a2cd5a1007986ea Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Mon, 25 Nov 2013 12:16:04 -0500
Subject: make some more dependency chains explicit

Change-Id: Ib9525c3a933041fa9b378e1869c0a866375bb509
---
 puppet/modules/site_couchdb/manifests/init.pp | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

(limited to 'puppet/modules/site_couchdb/manifests/init.pp')

diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index 684d3ab7..dcf7f48a 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -34,9 +34,11 @@ class site_couchdb {
   class { 'couchdb::bigcouch::package::cloudant': }
 
   Class['site_config::default']
-    -> Class ['couchdb::bigcouch::package::cloudant']
-    -> Service ['couchdb']
-    -> Class ['site_couchdb::bigcouch::add_nodes']
+    -> Class['couchdb::bigcouch::package::cloudant']
+    -> Service['couchdb']
+    -> Class['site_couchdb::stunnel']
+    -> File['/root/.netrc']
+    -> Class['site_couchdb::bigcouch::add_nodes']
     -> Couchdb::Create_db['users']
     -> Couchdb::Create_db['tokens']
     -> Couchdb::Add_user[$couchdb_webapp_user]
@@ -46,11 +48,21 @@ class site_couchdb {
 
   class { 'site_couchdb::bigcouch::add_nodes': }
 
+  # /etc/couchdb/couchdb.netrc is deployed by couchdb::query::setup
+  # we symlink this to /root/.netrc for couchdb_scripts (eg. backup)
+  # and makes life easier for the admin (i.e. using curl/wget without
+  # passing credentials)
   couchdb::query::setup { 'localhost':
     user  => $couchdb_admin_user,
     pw    => $couchdb_admin_pw,
   }
 
+  file { '/root/.netrc':
+    ensure  => link,
+    target  => '/etc/couchdb/couchdb.netrc',
+    require => Couchdb::Query::Setup['localhost']
+  }
+
   # Populate couchdb
   couchdb::add_user { $couchdb_webapp_user:
     roles   => '["auth"]',
@@ -99,15 +111,6 @@ class site_couchdb {
   include site_shorewall::couchdb
   include site_shorewall::couchdb::bigcouch
 
-  # /etc/couchdb/couchdb.netrc is deployed by the couchdb module
-  # needed for couchdb_scripts (backup) and makes life easier
-  # for the admin (i.e. using curl/wget without passing credentials)
-
-  file { '/root/.netrc':
-    ensure => link,
-    target => '/etc/couchdb/couchdb.netrc'
-  }
-
   file { '/srv/leap/couchdb':
     ensure => directory
   }
-- 
cgit v1.2.3


From 92d68c912d0de44ec9e88f7327303cc0fce7114b Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Tue, 26 Nov 2013 16:25:14 -0500
Subject: break out the database creation, user creation and design document
 loading into different classes

Change-Id: Idd126d69e1fbe9c9794ad50337307dcc5dd635f4
---
 puppet/modules/site_couchdb/manifests/init.pp | 56 ++++-----------------------
 1 file changed, 8 insertions(+), 48 deletions(-)

(limited to 'puppet/modules/site_couchdb/manifests/init.pp')

diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index dcf7f48a..0f839997 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -52,69 +52,29 @@ class site_couchdb {
   # we symlink this to /root/.netrc for couchdb_scripts (eg. backup)
   # and makes life easier for the admin (i.e. using curl/wget without
   # passing credentials)
-  couchdb::query::setup { 'localhost':
-    user  => $couchdb_admin_user,
-    pw    => $couchdb_admin_pw,
-  }
-
   file { '/root/.netrc':
     ensure  => link,
     target  => '/etc/couchdb/couchdb.netrc',
     require => Couchdb::Query::Setup['localhost']
   }
 
-  # Populate couchdb
-  couchdb::add_user { $couchdb_webapp_user:
-    roles   => '["auth"]',
-    pw      => $couchdb_webapp_pw,
-    salt    => $couchdb_webapp_salt,
-    require => Couchdb::Query::Setup['localhost']
-  }
-
-  couchdb::add_user { $couchdb_soledad_user:
-    roles   => '["auth"]',
-    pw      => $couchdb_soledad_pw,
-    salt    => $couchdb_soledad_salt,
-    require => Couchdb::Query::Setup['localhost']
-  }
-
-  couchdb::create_db { 'users':
-    members => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }",
-    require => Couchdb::Query::Setup['localhost']
-  }
-
-  couchdb::create_db { 'tokens':
-    members => "{ \"names\": [], \"roles\": [\"auth\"] }",
-    require => Couchdb::Query::Setup['localhost']
-  }
-
-  couchdb::create_db { 'sessions':
-    members => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }",
-    require => Couchdb::Query::Setup['localhost']
-  }
-
-  couchdb::create_db { 'tickets':
-    members => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }",
-    require => Couchdb::Query::Setup['localhost']
+  file { '/srv/leap/couchdb':
+    ensure => directory
   }
 
-  # leap_mx will want access to this. Granting access to the soledad user
-  # via the auth group for now.
-  # leap_mx could use that for a start.
-  couchdb::create_db { 'identities':
-    members => "{ \"names\": [], \"roles\": [\"auth\"] }",
-    require => Couchdb::Query::Setup['localhost']
+  couchdb::query::setup { 'localhost':
+    user  => $couchdb_admin_user,
+    pw    => $couchdb_admin_pw,
   }
 
+  include site_couchdb::create_dbs
+  include site_couchdb::add_users
+  include site_couchdb::designs
   include site_couchdb::logrotate
 
   include site_shorewall::couchdb
   include site_shorewall::couchdb::bigcouch
 
-  file { '/srv/leap/couchdb':
-    ensure => directory
-  }
-
   vcsrepo { '/srv/leap/couchdb/scripts':
     ensure   => present,
     provider => git,
-- 
cgit v1.2.3


From 77528b228c6d7ba095a796df4c5cc4c95eb50d9d Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Wed, 27 Nov 2013 14:00:10 -0500
Subject: pretty reformat couchdb.json and site_couchdb/manifests/init.pp,
 alphabetizing couchdb users

Change-Id: I88264d32e9381f826652d1631083ba371e2b1b54
---
 puppet/modules/site_couchdb/manifests/init.pp | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'puppet/modules/site_couchdb/manifests/init.pp')

diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index 0f839997..82f2befb 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -3,19 +3,22 @@ class site_couchdb {
 
   $couchdb_config         = hiera('couch')
   $couchdb_users          = $couchdb_config['users']
+
   $couchdb_admin          = $couchdb_users['admin']
   $couchdb_admin_user     = $couchdb_admin['username']
   $couchdb_admin_pw       = $couchdb_admin['password']
   $couchdb_admin_salt     = $couchdb_admin['salt']
-  $couchdb_webapp         = $couchdb_users['webapp']
-  $couchdb_webapp_user    = $couchdb_webapp['username']
-  $couchdb_webapp_pw      = $couchdb_webapp['password']
-  $couchdb_webapp_salt    = $couchdb_webapp['salt']
+
   $couchdb_soledad        = $couchdb_users['soledad']
   $couchdb_soledad_user   = $couchdb_soledad['username']
   $couchdb_soledad_pw     = $couchdb_soledad['password']
   $couchdb_soledad_salt   = $couchdb_soledad['salt']
 
+  $couchdb_webapp         = $couchdb_users['webapp']
+  $couchdb_webapp_user    = $couchdb_webapp['username']
+  $couchdb_webapp_pw      = $couchdb_webapp['password']
+  $couchdb_webapp_salt    = $couchdb_webapp['salt']
+
   $couchdb_backup         = $couchdb_config['backup']
 
   $bigcouch_config        = $couchdb_config['bigcouch']
-- 
cgit v1.2.3


From fdf028e53cb1efa9d3d6c8ab76c89f98e2fb7498 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Wed, 27 Nov 2013 14:03:03 -0500
Subject: add leap_mx couchdb user/password

Change-Id: Ice83115e0feabddd40ad74c2a6e98e24da9b4c2f
---
 puppet/modules/site_couchdb/manifests/init.pp | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'puppet/modules/site_couchdb/manifests/init.pp')

diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index 82f2befb..b73c23c3 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -9,6 +9,11 @@ class site_couchdb {
   $couchdb_admin_pw       = $couchdb_admin['password']
   $couchdb_admin_salt     = $couchdb_admin['salt']
 
+  $couchdb_leap_mx        = $couchdb_users['leap_mx']
+  $couchdb_leap_mx_user   = $couchdb_leap_mx['username']
+  $couchdb_leap_mx_pw     = $couchdb_leap_mx['password']
+  $couchdb_leap_mx_salt   = $couchdb_leap_mx['salt']
+
   $couchdb_soledad        = $couchdb_users['soledad']
   $couchdb_soledad_user   = $couchdb_soledad['username']
   $couchdb_soledad_pw     = $couchdb_soledad['password']
-- 
cgit v1.2.3


From 0aed6d16a0303e05462f4c81cda0ced9872773bf Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Wed, 27 Nov 2013 14:27:50 -0500
Subject: add the tapicero couchdb user, and appropriate roles

Change-Id: I41e9a73c8d04d5a2d74b41c8e32aca9906f3a4cf
---
 puppet/modules/site_couchdb/manifests/init.pp | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'puppet/modules/site_couchdb/manifests/init.pp')

diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index b73c23c3..bb3fa5d7 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -19,6 +19,11 @@ class site_couchdb {
   $couchdb_soledad_pw     = $couchdb_soledad['password']
   $couchdb_soledad_salt   = $couchdb_soledad['salt']
 
+  $couchdb_tapicero        = $couchdb_users['tapicero']
+  $couchdb_tapicero_user   = $couchdb_tapicero['username']
+  $couchdb_tapicero_pw     = $couchdb_tapicero['password']
+  $couchdb_tapicero_salt   = $couchdb_tapicero['salt']
+
   $couchdb_webapp         = $couchdb_users['webapp']
   $couchdb_webapp_user    = $couchdb_webapp['username']
   $couchdb_webapp_pw      = $couchdb_webapp['password']
-- 
cgit v1.2.3


From 27b084fbb61ea036a45970f1b0c5a8f8175f96e8 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Wed, 27 Nov 2013 15:00:10 -0500
Subject: add missing nickserver hiera value lookup

Change-Id: I77061054f4768f0677ca9c498e6cd6d5df4ff806
---
 puppet/modules/site_couchdb/manifests/init.pp | 49 +++++++++++++++------------
 1 file changed, 27 insertions(+), 22 deletions(-)

(limited to 'puppet/modules/site_couchdb/manifests/init.pp')

diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index bb3fa5d7..1933f01b 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -1,40 +1,45 @@
 class site_couchdb {
   tag 'leap_service'
 
-  $couchdb_config         = hiera('couch')
-  $couchdb_users          = $couchdb_config['users']
+  $couchdb_config          = hiera('couch')
+  $couchdb_users           = $couchdb_config['users']
 
-  $couchdb_admin          = $couchdb_users['admin']
-  $couchdb_admin_user     = $couchdb_admin['username']
-  $couchdb_admin_pw       = $couchdb_admin['password']
-  $couchdb_admin_salt     = $couchdb_admin['salt']
+  $couchdb_admin           = $couchdb_users['admin']
+  $couchdb_admin_user      = $couchdb_admin['username']
+  $couchdb_admin_pw        = $couchdb_admin['password']
+  $couchdb_admin_salt      = $couchdb_admin['salt']
 
-  $couchdb_leap_mx        = $couchdb_users['leap_mx']
-  $couchdb_leap_mx_user   = $couchdb_leap_mx['username']
-  $couchdb_leap_mx_pw     = $couchdb_leap_mx['password']
-  $couchdb_leap_mx_salt   = $couchdb_leap_mx['salt']
+  $couchdb_leap_mx         = $couchdb_users['leap_mx']
+  $couchdb_leap_mx_user    = $couchdb_leap_mx['username']
+  $couchdb_leap_mx_pw      = $couchdb_leap_mx['password']
+  $couchdb_leap_mx_salt    = $couchdb_leap_mx['salt']
 
-  $couchdb_soledad        = $couchdb_users['soledad']
-  $couchdb_soledad_user   = $couchdb_soledad['username']
-  $couchdb_soledad_pw     = $couchdb_soledad['password']
-  $couchdb_soledad_salt   = $couchdb_soledad['salt']
+  $couchdb_nickserver      = $couchdb_users['nickserver']
+  $couchdb_nickserver_user = $couchdb_nickserver['username']
+  $couchdb_nickserver_pw   = $couchdb_nickserver['password']
+  $couchdb_nickserver_salt = $couchdb_nickserver['salt']
+
+  $couchdb_soledad         = $couchdb_users['soledad']
+  $couchdb_soledad_user    = $couchdb_soledad['username']
+  $couchdb_soledad_pw      = $couchdb_soledad['password']
+  $couchdb_soledad_salt    = $couchdb_soledad['salt']
 
   $couchdb_tapicero        = $couchdb_users['tapicero']
   $couchdb_tapicero_user   = $couchdb_tapicero['username']
   $couchdb_tapicero_pw     = $couchdb_tapicero['password']
   $couchdb_tapicero_salt   = $couchdb_tapicero['salt']
 
-  $couchdb_webapp         = $couchdb_users['webapp']
-  $couchdb_webapp_user    = $couchdb_webapp['username']
-  $couchdb_webapp_pw      = $couchdb_webapp['password']
-  $couchdb_webapp_salt    = $couchdb_webapp['salt']
+  $couchdb_webapp          = $couchdb_users['webapp']
+  $couchdb_webapp_user     = $couchdb_webapp['username']
+  $couchdb_webapp_pw       = $couchdb_webapp['password']
+  $couchdb_webapp_salt     = $couchdb_webapp['salt']
 
-  $couchdb_backup         = $couchdb_config['backup']
+  $couchdb_backup          = $couchdb_config['backup']
 
-  $bigcouch_config        = $couchdb_config['bigcouch']
-  $bigcouch_cookie        = $bigcouch_config['cookie']
+  $bigcouch_config         = $couchdb_config['bigcouch']
+  $bigcouch_cookie         = $bigcouch_config['cookie']
 
-  $ednp_port              = $bigcouch_config['ednp_port']
+  $ednp_port               = $bigcouch_config['ednp_port']
 
   class { 'couchdb':
     bigcouch        => true,
-- 
cgit v1.2.3


From bf563b722126c0e6ae1d8f2f830be03e006664a1 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Wed, 20 Nov 2013 12:10:52 -0500
Subject: setup customer couchdb database

Change-Id: Ic0e9f5f6a1f28d865d7757a9de0d9399a6a9a5e3

Conflicts:
	puppet/modules/site_couchdb/manifests/init.pp
---
 puppet/modules/site_couchdb/manifests/init.pp | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

(limited to 'puppet/modules/site_couchdb/manifests/init.pp')

diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index 1933f01b..ad0c996a 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -70,14 +70,13 @@ class site_couchdb {
   # we symlink this to /root/.netrc for couchdb_scripts (eg. backup)
   # and makes life easier for the admin (i.e. using curl/wget without
   # passing credentials)
-  file { '/root/.netrc':
-    ensure  => link,
-    target  => '/etc/couchdb/couchdb.netrc',
-    require => Couchdb::Query::Setup['localhost']
-  }
+  file {
+    '/root/.netrc':
+      ensure  => link,
+      target  => '/etc/couchdb/couchdb.netrc';
 
-  file { '/srv/leap/couchdb':
-    ensure => directory
+    '/srv/leap/couchdb':
+      ensure => directory
   }
 
   couchdb::query::setup { 'localhost':
-- 
cgit v1.2.3


From f4eca7fba63c5e0cfe695812c11fae10778fd349 Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Tue, 7 Jan 2014 18:06:34 +0100
Subject: restrict bigcouch chttp proc to localhost

---
 puppet/modules/site_couchdb/manifests/init.pp | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

(limited to 'puppet/modules/site_couchdb/manifests/init.pp')

diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index ad0c996a..fd7e67a1 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -42,11 +42,12 @@ class site_couchdb {
   $ednp_port               = $bigcouch_config['ednp_port']
 
   class { 'couchdb':
-    bigcouch        => true,
-    admin_pw        => $couchdb_admin_pw,
-    admin_salt      => $couchdb_admin_salt,
-    bigcouch_cookie => $bigcouch_cookie,
-    ednp_port       => $ednp_port
+    bigcouch            => true,
+    admin_pw            => $couchdb_admin_pw,
+    admin_salt          => $couchdb_admin_salt,
+    bigcouch_cookie     => $bigcouch_cookie,
+    ednp_port           => $ednp_port,
+    chttpd_bind_address => '127.0.0.1'
   }
 
   class { 'couchdb::bigcouch::package::cloudant': }
-- 
cgit v1.2.3


From 0e07e1b20acb844a6c610166c9918a92a093df73 Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Mon, 20 Jan 2014 15:05:19 +0100
Subject: configure leap_platform to install our leap bigcouch package (Feature
 #4971)

---
 puppet/modules/site_couchdb/manifests/init.pp | 2 --
 1 file changed, 2 deletions(-)

(limited to 'puppet/modules/site_couchdb/manifests/init.pp')

diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index ad0c996a..e1414b34 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -49,10 +49,8 @@ class site_couchdb {
     ednp_port       => $ednp_port
   }
 
-  class { 'couchdb::bigcouch::package::cloudant': }
 
   Class['site_config::default']
-    -> Class['couchdb::bigcouch::package::cloudant']
     -> Service['couchdb']
     -> Class['site_couchdb::stunnel']
     -> File['/root/.netrc']
-- 
cgit v1.2.3


From e91d7e016244da48be0a9ea23d3bb43bb3b8e93d Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Tue, 21 Jan 2014 14:41:04 +0100
Subject: properly purge cloudant repository leftovers (#4971)

---
 puppet/modules/site_couchdb/manifests/init.pp | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'puppet/modules/site_couchdb/manifests/init.pp')

diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index e1414b34..4cd7ce03 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -49,8 +49,15 @@ class site_couchdb {
     ednp_port       => $ednp_port
   }
 
+  # ensure that we don't have leftovers from previous installations
+  # where we installed the cloudant bigcouch package
+  # https://leap.se/code/issues/4971
+  class { 'couchdb::bigcouch::package::cloudant':
+    ensure => absent
+  }
 
   Class['site_config::default']
+    -> Class['couchdb::bigcouch::package::cloudant']
     -> Service['couchdb']
     -> Class['site_couchdb::stunnel']
     -> File['/root/.netrc']
-- 
cgit v1.2.3


From 12cea40d5dffe5aa6e269c05773ed49d9f00a9ea Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Thu, 13 Feb 2014 00:10:09 +0100
Subject: added site_check_mk::agent::couchdb and site_check_mk::agent::soledad
 for local checks

---
 puppet/modules/site_couchdb/manifests/init.pp | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'puppet/modules/site_couchdb/manifests/init.pp')

diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index 137b661f..a9512577 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -107,4 +107,6 @@ class site_couchdb {
   }
 
   if $couchdb_backup { include site_couchdb::backup }
+
+  include site_check_mk::agent::couchdb
 }
-- 
cgit v1.2.3


From 20e1830ab70c2f63d240f909ab5622476b095ec9 Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Wed, 19 Feb 2014 15:39:51 +0100
Subject: add site_check_mk::agent::tapicero, site_check_mk::agent::couchdb

---
 puppet/modules/site_couchdb/manifests/init.pp | 1 +
 1 file changed, 1 insertion(+)

(limited to 'puppet/modules/site_couchdb/manifests/init.pp')

diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index a9512577..e4c0211b 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -109,4 +109,5 @@ class site_couchdb {
   if $couchdb_backup { include site_couchdb::backup }
 
   include site_check_mk::agent::couchdb
+  include site_check_mk::agent::tapicero
 }
-- 
cgit v1.2.3


From cb003cfff3002e111eced280b5a664c327a4ab11 Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Thu, 13 Mar 2014 21:23:57 +0100
Subject: deploy automatic compaction via platform (Feature #4798)

---
 puppet/modules/site_couchdb/manifests/init.pp | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'puppet/modules/site_couchdb/manifests/init.pp')

diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index e4c0211b..c67ce8c8 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -94,6 +94,7 @@ class site_couchdb {
   include site_couchdb::add_users
   include site_couchdb::designs
   include site_couchdb::logrotate
+  include site_couchdb::bigcouch::compaction
 
   include site_shorewall::couchdb
   include site_shorewall::couchdb::bigcouch
@@ -110,4 +111,9 @@ class site_couchdb {
 
   include site_check_mk::agent::couchdb
   include site_check_mk::agent::tapicero
+
+  file { '/var/log/bigcouch':
+    ensure => directory
+  }
+
 }
-- 
cgit v1.2.3


From 5d3ece0ac0d02eb501f474bb37a59bb740c57c5d Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Tue, 8 Apr 2014 13:03:40 +0200
Subject: configure couchdb after starting shorewall (#53)

---
 puppet/modules/site_couchdb/manifests/init.pp | 1 +
 1 file changed, 1 insertion(+)

(limited to 'puppet/modules/site_couchdb/manifests/init.pp')

diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index c67ce8c8..2bcd25dc 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -59,6 +59,7 @@ class site_couchdb {
 
   Class['site_config::default']
     -> Class['couchdb::bigcouch::package::cloudant']
+    -> Service['shorewall']
     -> Service['couchdb']
     -> Class['site_couchdb::stunnel']
     -> File['/root/.netrc']
-- 
cgit v1.2.3


From 42d93c7a939902ace20ed5602317530473ece364 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Wed, 16 Apr 2014 16:58:32 -0400
Subject: add exec resources to run the couchdb tests to wait for nodes and
 cluster membership to settle, before attempting any operations (#5269, #4590,
 #3712)

Change-Id: Ic9826dda1c242e705ce85ae218766496bdd8ecbd
---
 puppet/modules/site_couchdb/manifests/init.pp | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'puppet/modules/site_couchdb/manifests/init.pp')

diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index 2bcd25dc..8c790bd2 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -64,6 +64,7 @@ class site_couchdb {
     -> Class['site_couchdb::stunnel']
     -> File['/root/.netrc']
     -> Class['site_couchdb::bigcouch::add_nodes']
+    -> Class['site_couchdb::bigcouch::settle_cluster']
     -> Couchdb::Create_db['users']
     -> Couchdb::Create_db['tokens']
     -> Couchdb::Add_user[$couchdb_webapp_user]
@@ -73,6 +74,8 @@ class site_couchdb {
 
   class { 'site_couchdb::bigcouch::add_nodes': }
 
+  class { 'site_couchdb::bigcouch::settle_cluster': }
+
   # /etc/couchdb/couchdb.netrc is deployed by couchdb::query::setup
   # we symlink this to /root/.netrc for couchdb_scripts (eg. backup)
   # and makes life easier for the admin (i.e. using curl/wget without
-- 
cgit v1.2.3


From af1f6d6fc248b02ef51ceedb3257579f09c8febf Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Thu, 17 Apr 2014 09:35:17 -0400
Subject: Change couchdb ordering hints (#5269, #4590, #3712):

       . make the couchdb service start after the stunnels have been
       setup. This may improve the cluster membership coming online
       faster

       . replace the two Couchdb::Create_db ordering hints (for the
       'users' and 'tokens' databases) with a generic
       Class['site_config::create_dbs'] hint. This makes it so we get
       the ordering hint for all databases, which we were not before,
       without having to individually list them

       . replace the two Couchdb::Add_user ordering hints (for the
       $couchdb_webapp_user and the $couchdb_soledad_user) with a
       generic ordering hint for Class['site_couchdb::add_users']
       ordering hint. This makes it so we get the ordering hint for all
       the users, which we were not before, without having to
       individually list them

Change-Id: Ia63e62d68d24e77a49d4ef928a2a8130ab7bccb9
---
 puppet/modules/site_couchdb/manifests/init.pp | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

(limited to 'puppet/modules/site_couchdb/manifests/init.pp')

diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index 8c790bd2..d8e03e41 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -60,15 +60,13 @@ class site_couchdb {
   Class['site_config::default']
     -> Class['couchdb::bigcouch::package::cloudant']
     -> Service['shorewall']
-    -> Service['couchdb']
     -> Class['site_couchdb::stunnel']
+    -> Service['couchdb']
     -> File['/root/.netrc']
     -> Class['site_couchdb::bigcouch::add_nodes']
     -> Class['site_couchdb::bigcouch::settle_cluster']
-    -> Couchdb::Create_db['users']
-    -> Couchdb::Create_db['tokens']
-    -> Couchdb::Add_user[$couchdb_webapp_user]
-    -> Couchdb::Add_user[$couchdb_soledad_user]
+    -> Class['site_couchdb::create_dbs']
+    -> Class['site_couchdb::add_users']
 
   class { 'site_couchdb::stunnel': }
 
-- 
cgit v1.2.3


From ca34d880f65f62bf78623c80f6e76d1726f2068c Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@leap.se>
Date: Thu, 17 Apr 2014 11:56:36 -0400
Subject: change class instantiating to be includes and organizing things in
 the class to be more visually logical (#5269, #4590, #3712)

Change-Id: I58c28c3bc62e67b25f33da3378e8146110471613
---
 puppet/modules/site_couchdb/manifests/init.pp | 27 ++++++++++++---------------
 1 file changed, 12 insertions(+), 15 deletions(-)

(limited to 'puppet/modules/site_couchdb/manifests/init.pp')

diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index d8e03e41..3614661d 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -68,12 +68,6 @@ class site_couchdb {
     -> Class['site_couchdb::create_dbs']
     -> Class['site_couchdb::add_users']
 
-  class { 'site_couchdb::stunnel': }
-
-  class { 'site_couchdb::bigcouch::add_nodes': }
-
-  class { 'site_couchdb::bigcouch::settle_cluster': }
-
   # /etc/couchdb/couchdb.netrc is deployed by couchdb::query::setup
   # we symlink this to /root/.netrc for couchdb_scripts (eg. backup)
   # and makes life easier for the admin (i.e. using curl/wget without
@@ -92,15 +86,6 @@ class site_couchdb {
     pw    => $couchdb_admin_pw,
   }
 
-  include site_couchdb::create_dbs
-  include site_couchdb::add_users
-  include site_couchdb::designs
-  include site_couchdb::logrotate
-  include site_couchdb::bigcouch::compaction
-
-  include site_shorewall::couchdb
-  include site_shorewall::couchdb::bigcouch
-
   vcsrepo { '/srv/leap/couchdb/scripts':
     ensure   => present,
     provider => git,
@@ -109,8 +94,20 @@ class site_couchdb {
     require  => File['/srv/leap/couchdb']
   }
 
+  include site_couchdb::stunnel
+  include site_couchdb::bigcouch::add_nodes
+  include site_couchdb::bigcouch::settle_cluster
+  include site_couchdb::create_dbs
+  include site_couchdb::add_users
+  include site_couchdb::designs
+  include site_couchdb::logrotate
+  include site_couchdb::bigcouch::compaction
+
   if $couchdb_backup { include site_couchdb::backup }
 
+  include site_shorewall::couchdb
+  include site_shorewall::couchdb::bigcouch
+
   include site_check_mk::agent::couchdb
   include site_check_mk::agent::tapicero
 
-- 
cgit v1.2.3