From 2c53c5023b925cb596e3f450f194482eade1fbeb Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@riseup.net>
Date: Thu, 4 Apr 2013 12:50:30 -0400
Subject: add Erlang Distributed Node Protocol Port json entry under bigcouch
 setup ednp_server and ednp_client stunnels update couchdb puppet submodule to
 support configurable ednp_port parameter and general module cleanup pass
 ednp_port to couchdb setup so that it is configured in the vm.args template
 clarify in comments the difference between the epmd and ednp ports remove
 hard-coded erlang_vm_port variable and instead setup shorewall to allow for
 the stunnel connection only setup dnat rules for the ednp client connections

---
 puppet/modules/site_couchdb/manifests/init.pp    |  7 ++--
 puppet/modules/site_couchdb/manifests/stunnel.pp | 41 +++++++++++++++++++++---
 2 files changed, 42 insertions(+), 6 deletions(-)

(limited to 'puppet/modules/site_couchdb/manifests')

diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index 0fc951c2..9ffa4122 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -21,10 +21,13 @@ class site_couchdb ( $bigcouch = false ) {
   $bigcouch_config        = $couchdb_config['bigcouch']
   $bigcouch_cookie        = $bigcouch_config['cookie']
 
-  class {'couchdb':
+  $ednp_port              = $bigcouch_config['ednp_port']
+
+  class { 'couchdb':
     bigcouch        => $bigcouch,
     admin_pw        => $couchdb_admin_pw,
-    bigcouch_cookie => $bigcouch_cookie
+    bigcouch_cookie => $bigcouch_cookie,
+    ednp_port       => $ednp_port
   }
   include couchdb::bigcouch::package::cloudant
 
diff --git a/puppet/modules/site_couchdb/manifests/stunnel.pp b/puppet/modules/site_couchdb/manifests/stunnel.pp
index 40b8f450..ebd01e4e 100644
--- a/puppet/modules/site_couchdb/manifests/stunnel.pp
+++ b/puppet/modules/site_couchdb/manifests/stunnel.pp
@@ -6,12 +6,18 @@ class site_couchdb::stunnel ($key, $cert, $ca) {
   $couch_server_accept  = $couch_server['accept']
   $couch_server_connect = $couch_server['connect']
 
+  # Erlang Port Mapper Daemon (epmd) stunnel server/clients
   $epmd_server          = $stunnel['epmd_server']
   $epmd_server_accept   = $epmd_server['accept']
   $epmd_server_connect  = $epmd_server['connect']
-
   $epmd_clients         = $stunnel['epmd_clients']
 
+  # Erlang Distributed Node Protocol (ednp) stunnel server/clients
+  $ednp_server          = $stunnel['ednp_server']
+  $ednp_server_accept   = $ednp_server['accept']
+  $ednp_server_connect  = $ednp_server['connect']
+  $ednp_clients         = $stunnel['ednp_clients']
+
   include x509::variables
   $cert_name = 'leap_couchdb'
   $ca_name   = 'leap_ca'
@@ -43,8 +49,8 @@ class site_couchdb::stunnel ($key, $cert, $ca) {
   }
 
 
-  # setup stunnels for bigcouch clustering between each bigcouchdb node
-  # server
+  # setup stunnel server for Erlang Port Mapper Daemon (epmd), necessary for
+  # bigcouch clustering between each bigcouchdb node
   stunnel::service { 'epmd_server':
     accept     => $epmd_server_accept,
     connect    => $epmd_server_connect,
@@ -58,7 +64,8 @@ class site_couchdb::stunnel ($key, $cert, $ca) {
     debuglevel => '4'
   }
 
-  # clients
+  # setup stunnel clients for Erlang Port Mapper Daemon (epmd) to connect
+  # to the above epmd stunnel server.
   $epmd_client_defaults = {
     'client'       => true,
     'cafile'       => $ca_path,
@@ -67,4 +74,30 @@ class site_couchdb::stunnel ($key, $cert, $ca) {
   }
 
   create_resources(site_stunnel::clients, $epmd_clients, $epmd_client_defaults)
+
+  # setup stunnel server for Erlang Distributed Node Protocol (ednp), necessary
+  # for bigcouch clustering between each bigcouchdb node
+  stunnel::service { 'ednp_server':
+    accept     => $ednp_server_accept,
+    connect    => $ednp_server_connect,
+    client     => false,
+    cafile     => $ca_path,
+    key        => $key_path,
+    cert       => $cert_path,
+    verify     => '2',
+    pid        => '/var/run/stunnel4/ednp_server.pid',
+    rndfile    => '/var/lib/stunnel4/.rnd',
+    debuglevel => '4'
+  }
+
+  # setup stunnel clients for Erlang Distributed Node Protocol (ednp) to connect
+  # to the above ednp stunnel server.
+  $ednp_client_defaults = {
+    'client'       => true,
+    'cafile'       => $ca_path,
+    'key'          => $key_path,
+    'cert'         => $cert_path,
+  }
+
+  create_resources(site_stunnel::clients, $ednp_clients, $ednp_client_defaults)
 }
-- 
cgit v1.2.3