From 0f5e0b0e5102deab700d25ca4fd4845f15db8529 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 10 Mar 2013 16:13:03 +0100 Subject: use bigcouch in site_couchdb --- puppet/modules/site_couchdb/manifests/init.pp | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) (limited to 'puppet/modules/site_couchdb/manifests/init.pp') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 9ecde5e6..35470b5d 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -1,6 +1,5 @@ -class site_couchdb { +class site_couchdb ( $bigcouch = false ) { tag 'leap_service' - include couchdb $x509 = hiera('x509') $key = $x509['key'] @@ -17,20 +16,18 @@ class site_couchdb { $couchdb_ca_daemon_user = $couchdb_ca_daemon['username'] $couchdb_ca_daemon_pw = $couchdb_ca_daemon['password'] - Package ['couchdb'] - -> File['/etc/init.d/couchdb'] - -> File['/etc/couchdb/local.ini'] - -> File['/etc/couchdb/local.d/admin.ini'] - -> File['/etc/couchdb/couchdb.netrc'] + class {'couchdb': + bigcouch => $bigcouch, + admin_pw => $couchdb_admin_pw + } + + Service ['couchdb'] -> Couchdb::Create_db['users'] -> Couchdb::Create_db['client_certificates'] -> Couchdb::Add_user[$couchdb_webapp_user] -> Couchdb::Add_user[$couchdb_ca_daemon_user] -> Site_couchdb::Apache_ssl_proxy['apache_ssl_proxy'] - include site_couchdb::configure - include couchdb::deploy_config - site_couchdb::apache_ssl_proxy { 'apache_ssl_proxy': key => $key, cert => $cert -- cgit v1.2.3 From 01941d905a71a2088ec080703f4e5430dec7a2ec Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 10 Mar 2013 17:29:12 +0100 Subject: pass couchdb cookie to class couchdb --- puppet/modules/site_couchdb/manifests/init.pp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_couchdb/manifests/init.pp') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 35470b5d..419e4122 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -15,10 +15,13 @@ class site_couchdb ( $bigcouch = false ) { $couchdb_ca_daemon = $couchdb_users['ca_daemon'] $couchdb_ca_daemon_user = $couchdb_ca_daemon['username'] $couchdb_ca_daemon_pw = $couchdb_ca_daemon['password'] + $bigcouch_config = $couchdb_config['bigcouch'] + $bigcouch_cookie = $bigcouch_config['cookie'] class {'couchdb': - bigcouch => $bigcouch, - admin_pw => $couchdb_admin_pw + bigcouch => $bigcouch, + admin_pw => $couchdb_admin_pw, + bigcouch_cookie => $bigcouch_cookie } Service ['couchdb'] -- cgit v1.2.3 From cd5394748dd83d3fa5c8a67dc6123e3b02034c2e Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 14 Mar 2013 19:10:49 +0100 Subject: include cloudant package repo for bigcouch server --- puppet/modules/site_couchdb/manifests/init.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_couchdb/manifests/init.pp') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 419e4122..25956938 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -23,6 +23,7 @@ class site_couchdb ( $bigcouch = false ) { admin_pw => $couchdb_admin_pw, bigcouch_cookie => $bigcouch_cookie } + include couchdb::bigcouch::package::cloudant Service ['couchdb'] -> Couchdb::Create_db['users'] -- cgit v1.2.3 From d4b45da9a521a6faf17f9ba7742bcee897a503cc Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 14 Mar 2013 13:58:06 -0400 Subject: remove apache ssl proxy in preparation of replacing it with a stunnel setup This presents us with an interesting problem of deprecation. We need to manage the removal of something that we previously installed in any released code. How long we carry the puppet code that removes raises some interesting questions: do we require that someone who deployed version 1 (where the apache ssl proxy was deployed) of the platform upgrade first to version 2 (where we remove the apache ssl proxy) before they upgrade to version 3 (where the apache ssl proxy removal is no longer present) -- or do we allow people to skip versions? --- puppet/modules/site_couchdb/manifests/init.pp | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'puppet/modules/site_couchdb/manifests/init.pp') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 25956938..6f648c51 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -30,12 +30,9 @@ class site_couchdb ( $bigcouch = false ) { -> Couchdb::Create_db['client_certificates'] -> Couchdb::Add_user[$couchdb_webapp_user] -> Couchdb::Add_user[$couchdb_ca_daemon_user] - -> Site_couchdb::Apache_ssl_proxy['apache_ssl_proxy'] - site_couchdb::apache_ssl_proxy { 'apache_ssl_proxy': - key => $key, - cert => $cert - } + # this is here to disable and remove the proxy + include site_couchdb::apache_ssl_proxy couchdb::query::setup { 'localhost': user => $couchdb_admin_user, -- cgit v1.2.3 From 42a040ac79e1c92d12b6bb9661bbf05ace44d622 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 14 Mar 2013 18:22:15 -0400 Subject: add couchdb stunnel server --- puppet/modules/site_couchdb/manifests/init.pp | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'puppet/modules/site_couchdb/manifests/init.pp') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 6f648c51..d317de65 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -4,6 +4,7 @@ class site_couchdb ( $bigcouch = false ) { $x509 = hiera('x509') $key = $x509['key'] $cert = $x509['cert'] + $ca = $x509['ca_cert'] $couchdb_config = hiera('couch') $couchdb_users = $couchdb_config['users'] $couchdb_admin = $couchdb_users['admin'] @@ -34,6 +35,13 @@ class site_couchdb ( $bigcouch = false ) { # this is here to disable and remove the proxy include site_couchdb::apache_ssl_proxy + # the above apache_ssl_proxy is replaced by the following stunnel + class { 'site_couchdb::stunnel': + key => $key, + cert => $cert, + ca => $ca + } + couchdb::query::setup { 'localhost': user => $couchdb_admin_user, pw => $couchdb_admin_pw -- cgit v1.2.3 From 34a44db0de9a7d79ac68e93e79f29dcc32a30c76 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 20 Mar 2013 22:07:25 +0100 Subject: couchdb hosts include site_shorewall::couchdb::bigcouch --- puppet/modules/site_couchdb/manifests/init.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_couchdb/manifests/init.pp') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index d317de65..e0f379cd 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -67,4 +67,5 @@ class site_couchdb ( $bigcouch = false ) { } include site_shorewall::couchdb + include site_shorewall::couchdb::bigcouch } -- cgit v1.2.3 From c228491af3929e07766903c3ce29a06fab86ad63 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 4 Apr 2013 12:08:55 -0400 Subject: remove the apache_ssl_proxy cleanup --- puppet/modules/site_couchdb/manifests/init.pp | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'puppet/modules/site_couchdb/manifests/init.pp') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index e0f379cd..0fc951c2 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -5,6 +5,7 @@ class site_couchdb ( $bigcouch = false ) { $key = $x509['key'] $cert = $x509['cert'] $ca = $x509['ca_cert'] + $couchdb_config = hiera('couch') $couchdb_users = $couchdb_config['users'] $couchdb_admin = $couchdb_users['admin'] @@ -16,6 +17,7 @@ class site_couchdb ( $bigcouch = false ) { $couchdb_ca_daemon = $couchdb_users['ca_daemon'] $couchdb_ca_daemon_user = $couchdb_ca_daemon['username'] $couchdb_ca_daemon_pw = $couchdb_ca_daemon['password'] + $bigcouch_config = $couchdb_config['bigcouch'] $bigcouch_cookie = $bigcouch_config['cookie'] @@ -32,10 +34,6 @@ class site_couchdb ( $bigcouch = false ) { -> Couchdb::Add_user[$couchdb_webapp_user] -> Couchdb::Add_user[$couchdb_ca_daemon_user] - # this is here to disable and remove the proxy - include site_couchdb::apache_ssl_proxy - - # the above apache_ssl_proxy is replaced by the following stunnel class { 'site_couchdb::stunnel': key => $key, cert => $cert, -- cgit v1.2.3 From 2c53c5023b925cb596e3f450f194482eade1fbeb Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 4 Apr 2013 12:50:30 -0400 Subject: add Erlang Distributed Node Protocol Port json entry under bigcouch setup ednp_server and ednp_client stunnels update couchdb puppet submodule to support configurable ednp_port parameter and general module cleanup pass ednp_port to couchdb setup so that it is configured in the vm.args template clarify in comments the difference between the epmd and ednp ports remove hard-coded erlang_vm_port variable and instead setup shorewall to allow for the stunnel connection only setup dnat rules for the ednp client connections --- puppet/modules/site_couchdb/manifests/init.pp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_couchdb/manifests/init.pp') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 0fc951c2..9ffa4122 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -21,10 +21,13 @@ class site_couchdb ( $bigcouch = false ) { $bigcouch_config = $couchdb_config['bigcouch'] $bigcouch_cookie = $bigcouch_config['cookie'] - class {'couchdb': + $ednp_port = $bigcouch_config['ednp_port'] + + class { 'couchdb': bigcouch => $bigcouch, admin_pw => $couchdb_admin_pw, - bigcouch_cookie => $bigcouch_cookie + bigcouch_cookie => $bigcouch_cookie, + ednp_port => $ednp_port } include couchdb::bigcouch::package::cloudant -- cgit v1.2.3 From 4d01724ff48a990f70f81779936840824c78ca6e Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 24 Apr 2013 00:32:18 +0200 Subject: Use pre-salted+hashed user pw for couchdb (Feature #2324) --- puppet/modules/site_couchdb/manifests/init.pp | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'puppet/modules/site_couchdb/manifests/init.pp') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 9ffa4122..de9b715c 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -11,12 +11,15 @@ class site_couchdb ( $bigcouch = false ) { $couchdb_admin = $couchdb_users['admin'] $couchdb_admin_user = $couchdb_admin['username'] $couchdb_admin_pw = $couchdb_admin['password'] + $couchdb_admin_salt = $couchdb_admin['salt'] $couchdb_webapp = $couchdb_users['webapp'] $couchdb_webapp_user = $couchdb_webapp['username'] $couchdb_webapp_pw = $couchdb_webapp['password'] + $couchdb_webapp_salt = $couchdb_webapp['salt'] $couchdb_ca_daemon = $couchdb_users['ca_daemon'] $couchdb_ca_daemon_user = $couchdb_ca_daemon['username'] $couchdb_ca_daemon_pw = $couchdb_ca_daemon['password'] + $couchdb_ca_daemon_salt = $couchdb_ca_daemon['salt'] $bigcouch_config = $couchdb_config['bigcouch'] $bigcouch_cookie = $bigcouch_config['cookie'] @@ -45,18 +48,20 @@ class site_couchdb ( $bigcouch = false ) { couchdb::query::setup { 'localhost': user => $couchdb_admin_user, - pw => $couchdb_admin_pw + pw => $couchdb_admin_pw, } # Populate couchdb couchdb::add_user { $couchdb_webapp_user: roles => '["certs"]', - pw => $couchdb_webapp_pw + pw => $couchdb_webapp_pw, + salt => $couchdb_webapp_salt } couchdb::add_user { $couchdb_ca_daemon_user: roles => '["certs"]', - pw => $couchdb_ca_daemon_pw + pw => $couchdb_ca_daemon_pw, + salt => $couchdb_ca_daemon_salt } couchdb::create_db { 'users': -- cgit v1.2.3 From 3ced5ec963311c45cf359803727bd18fe6e23b69 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 24 Apr 2013 15:53:05 +0200 Subject: updated needed couchdb users and DBs --- puppet/modules/site_couchdb/manifests/init.pp | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'puppet/modules/site_couchdb/manifests/init.pp') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index de9b715c..6cf8e209 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -16,10 +16,10 @@ class site_couchdb ( $bigcouch = false ) { $couchdb_webapp_user = $couchdb_webapp['username'] $couchdb_webapp_pw = $couchdb_webapp['password'] $couchdb_webapp_salt = $couchdb_webapp['salt'] - $couchdb_ca_daemon = $couchdb_users['ca_daemon'] - $couchdb_ca_daemon_user = $couchdb_ca_daemon['username'] - $couchdb_ca_daemon_pw = $couchdb_ca_daemon['password'] - $couchdb_ca_daemon_salt = $couchdb_ca_daemon['salt'] + $couchdb_soledad = $couchdb_users['soledad'] + $couchdb_soledad_user = $couchdb_soledad['username'] + $couchdb_soledad_pw = $couchdb_soledad['password'] + $couchdb_soledad_salt = $couchdb_soledad['salt'] $bigcouch_config = $couchdb_config['bigcouch'] $bigcouch_cookie = $bigcouch_config['cookie'] @@ -36,9 +36,9 @@ class site_couchdb ( $bigcouch = false ) { Service ['couchdb'] -> Couchdb::Create_db['users'] - -> Couchdb::Create_db['client_certificates'] + -> Couchdb::Create_db['tokens'] -> Couchdb::Add_user[$couchdb_webapp_user] - -> Couchdb::Add_user[$couchdb_ca_daemon_user] + -> Couchdb::Add_user[$couchdb_soledad_user] class { 'site_couchdb::stunnel': key => $key, @@ -53,23 +53,23 @@ class site_couchdb ( $bigcouch = false ) { # Populate couchdb couchdb::add_user { $couchdb_webapp_user: - roles => '["certs"]', + roles => '["auth"]', pw => $couchdb_webapp_pw, salt => $couchdb_webapp_salt } - couchdb::add_user { $couchdb_ca_daemon_user: - roles => '["certs"]', - pw => $couchdb_ca_daemon_pw, - salt => $couchdb_ca_daemon_salt + couchdb::add_user { $couchdb_soledad_user: + roles => '["auth"]', + pw => $couchdb_soledad_pw, + salt => $couchdb_soledad_salt } couchdb::create_db { 'users': readers => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }" } - couchdb::create_db { 'client_certificates': - readers => "{ \"names\": [], \"roles\": [\"certs\"] }" + couchdb::create_db { 'tokens': + readers => "{ \"names\": [], \"roles\": [\"auth\"] }" } include site_shorewall::couchdb -- cgit v1.2.3 From b3572aed530b0834d58e75c83ef1eb670d1824e3 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 24 Apr 2013 16:50:19 +0200 Subject: Use pre-salted+hashed admin pw for couchdb (Feature #1941) --- puppet/modules/site_couchdb/manifests/init.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_couchdb/manifests/init.pp') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 6cf8e209..5e26b837 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -29,6 +29,7 @@ class site_couchdb ( $bigcouch = false ) { class { 'couchdb': bigcouch => $bigcouch, admin_pw => $couchdb_admin_pw, + admin_salt => $couchdb_admin_salt, bigcouch_cookie => $bigcouch_cookie, ednp_port => $ednp_port } -- cgit v1.2.3 From 2bd18fcad2e1446388948ed0b98232d93564b8ad Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 24 Apr 2013 18:23:41 +0200 Subject: take out plain couchdb setup, always deploy bigcouch (Feature #2176) --- puppet/modules/site_couchdb/manifests/init.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_couchdb/manifests/init.pp') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 5e26b837..9f4824b4 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -1,4 +1,4 @@ -class site_couchdb ( $bigcouch = false ) { +class site_couchdb { tag 'leap_service' $x509 = hiera('x509') @@ -27,7 +27,7 @@ class site_couchdb ( $bigcouch = false ) { $ednp_port = $bigcouch_config['ednp_port'] class { 'couchdb': - bigcouch => $bigcouch, + bigcouch => true, admin_pw => $couchdb_admin_pw, admin_salt => $couchdb_admin_salt, bigcouch_cookie => $bigcouch_cookie, -- cgit v1.2.3 From 064195792e264a125b9bd75ff931552af054ecf9 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 23 May 2013 18:53:17 +0200 Subject: include site_couchdb::bigcouch::add_nodes in site_couchdb/manifests/init.pp --- puppet/modules/site_couchdb/manifests/init.pp | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_couchdb/manifests/init.pp') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 9f4824b4..802f3224 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -33,9 +33,12 @@ class site_couchdb { bigcouch_cookie => $bigcouch_cookie, ednp_port => $ednp_port } - include couchdb::bigcouch::package::cloudant - Service ['couchdb'] + class { 'couchdb::bigcouch::package::cloudant': } + + Class ['couchdb::bigcouch::package::cloudant'] + -> Service ['couchdb'] + -> Class ['site_couchdb::bigcouch::add_nodes'] -> Couchdb::Create_db['users'] -> Couchdb::Create_db['tokens'] -> Couchdb::Add_user[$couchdb_webapp_user] @@ -47,6 +50,8 @@ class site_couchdb { ca => $ca } + class { 'site_couchdb::bigcouch::add_nodes': } + couchdb::query::setup { 'localhost': user => $couchdb_admin_user, pw => $couchdb_admin_pw, -- cgit v1.2.3