From 3544497599bfd7902b7b1be6661aaf1048af44e3 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 13 Aug 2013 22:21:44 -0400 Subject: require that the couchdb::query::setup has been run before any attempts are made to create databases or add users as these would fail otherwise. Closes: #3466 Change-Id: Ifa8b3da5858ce858fd319c4a659e70d20a65d3e0 --- .../modules/site_couchdb/manifests/bigcouch/add_nodes.pp | 5 ++++- puppet/modules/site_couchdb/manifests/init.pp | 16 ++++++++++------ 2 files changed, 14 insertions(+), 7 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/bigcouch/add_nodes.pp b/puppet/modules/site_couchdb/manifests/bigcouch/add_nodes.pp index 241a4914..97e85785 100644 --- a/puppet/modules/site_couchdb/manifests/bigcouch/add_nodes.pp +++ b/puppet/modules/site_couchdb/manifests/bigcouch/add_nodes.pp @@ -1,5 +1,8 @@ class site_couchdb::bigcouch::add_nodes { # loop through neighbors array and add nodes $nodes = $::site_couchdb::bigcouch_config['neighbors'] - couchdb::bigcouch::add_node { $nodes: } + + couchdb::bigcouch::add_node { $nodes: + require => Couchdb::Query::Setup['localhost'] + } } diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 802f3224..75ed87a0 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -59,23 +59,27 @@ class site_couchdb { # Populate couchdb couchdb::add_user { $couchdb_webapp_user: - roles => '["auth"]', - pw => $couchdb_webapp_pw, - salt => $couchdb_webapp_salt + roles => '["auth"]', + pw => $couchdb_webapp_pw, + salt => $couchdb_webapp_salt, + require => Couchdb::Query::Setup['localhost'] } couchdb::add_user { $couchdb_soledad_user: roles => '["auth"]', pw => $couchdb_soledad_pw, - salt => $couchdb_soledad_salt + salt => $couchdb_soledad_salt, + require => Couchdb::Query::Setup['localhost'] } couchdb::create_db { 'users': - readers => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }" + readers => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }", + require => Couchdb::Query::Setup['localhost'] } couchdb::create_db { 'tokens': - readers => "{ \"names\": [], \"roles\": [\"auth\"] }" + readers => "{ \"names\": [], \"roles\": [\"auth\"] }", + require => Couchdb::Query::Setup['localhost'] } include site_shorewall::couchdb -- cgit v1.2.3 From 778e85c3a163b6343cd545073e4432b882dc888a Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 27 Aug 2013 19:42:15 -0400 Subject: setup bigcouch logrotation (#3491) Change-Id: Ia35cf7a9fc1d0fad6a57bbae73968ab6b8f0c847 --- puppet/modules/site_couchdb/manifests/init.pp | 2 ++ puppet/modules/site_couchdb/manifests/logrotate.pp | 12 ++++++++++++ 2 files changed, 14 insertions(+) create mode 100644 puppet/modules/site_couchdb/manifests/logrotate.pp (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 75ed87a0..238b83d9 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -82,6 +82,8 @@ class site_couchdb { require => Couchdb::Query::Setup['localhost'] } + include site_couchdb::logrotate + include site_shorewall::couchdb include site_shorewall::couchdb::bigcouch } diff --git a/puppet/modules/site_couchdb/manifests/logrotate.pp b/puppet/modules/site_couchdb/manifests/logrotate.pp new file mode 100644 index 00000000..e1039d49 --- /dev/null +++ b/puppet/modules/site_couchdb/manifests/logrotate.pp @@ -0,0 +1,12 @@ +class site_couchdb::logrotate { + + augeas { + 'logrotate_bigcouch': + context => '/files/etc/logrotate.d/bigcouch/rule', + changes => [ 'set file /opt/bigcouch/var/log/*.log', 'set rotate 7', + 'set schedule daily', 'set compress compress', + 'set missingok missingok', 'set ifempty notifempty', + 'set copytruncate copytruncate' ] + } + +} -- cgit v1.2.3 From f18a47cfcabcc126689b1166464b5f7c3d000b79 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 30 Aug 2013 08:54:18 +0200 Subject: create sessions db with puppet (Bug #3597) --- puppet/modules/site_couchdb/manifests/init.pp | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 238b83d9..84f737d7 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -66,9 +66,9 @@ class site_couchdb { } couchdb::add_user { $couchdb_soledad_user: - roles => '["auth"]', - pw => $couchdb_soledad_pw, - salt => $couchdb_soledad_salt, + roles => '["auth"]', + pw => $couchdb_soledad_pw, + salt => $couchdb_soledad_salt, require => Couchdb::Query::Setup['localhost'] } @@ -82,6 +82,11 @@ class site_couchdb { require => Couchdb::Query::Setup['localhost'] } + couchdb::create_db { 'sessions': + readers => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }", + require => Couchdb::Query::Setup['localhost'] + } + include site_couchdb::logrotate include site_shorewall::couchdb -- cgit v1.2.3 From c25c97adeb6c41d9af008ba918dfa6ee192f2fd9 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 2 Sep 2013 11:57:48 +0200 Subject: create all webapp databases so _security is set (fixes 3517) --- puppet/modules/site_couchdb/manifests/init.pp | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 84f737d7..43abd616 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -87,6 +87,19 @@ class site_couchdb { require => Couchdb::Query::Setup['localhost'] } + couchdb::create_db { 'tickets': + readers => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }", + require => Couchdb::Query::Setup['localhost'] + } + + # leap_mx will want access to this. Granting access to the soledad user + # via the auth group for now. + # leap_mx could use that for a start. + couchdb::create_db { 'identities': + readers => "{ \"names\": [], \"roles\": [\"auth\"] }", + require => Couchdb::Query::Setup['localhost'] + } + include site_couchdb::logrotate include site_shorewall::couchdb -- cgit v1.2.3 From fcbf7c0b4df14149269b646b5ac8e66acd63647e Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 6 Sep 2013 17:37:03 +0200 Subject: use define instead of class for site_stunnel::setup (#3817) so it can be called multiple times --- puppet/modules/site_couchdb/manifests/stunnel.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/stunnel.pp b/puppet/modules/site_couchdb/manifests/stunnel.pp index d982013e..481da279 100644 --- a/puppet/modules/site_couchdb/manifests/stunnel.pp +++ b/puppet/modules/site_couchdb/manifests/stunnel.pp @@ -27,7 +27,7 @@ class site_couchdb::stunnel ($key, $cert, $ca) { # basic setup: ensure cert, key, ca files are in place, and some generic # stunnel things are done - class { 'site_stunnel::setup': + site_stunnel::setup { 'couchdb_couchdb': cert_name => $cert_name, key => $key, cert => $cert, -- cgit v1.2.3 From 3e5e685200e9b5c3ac8567100e552929ea55d8e8 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 13 Sep 2013 16:20:07 +0200 Subject: setup stunnel config to use default x509 cert,key+ca (#3837) * fix stunnel setups for couchdb, mx, webapp services --- puppet/modules/site_couchdb/manifests/init.pp | 11 +---------- puppet/modules/site_couchdb/manifests/stunnel.pp | 20 ++++---------------- 2 files changed, 5 insertions(+), 26 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 43abd616..6bc4f6a3 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -1,11 +1,6 @@ class site_couchdb { tag 'leap_service' - $x509 = hiera('x509') - $key = $x509['key'] - $cert = $x509['cert'] - $ca = $x509['ca_cert'] - $couchdb_config = hiera('couch') $couchdb_users = $couchdb_config['users'] $couchdb_admin = $couchdb_users['admin'] @@ -44,11 +39,7 @@ class site_couchdb { -> Couchdb::Add_user[$couchdb_webapp_user] -> Couchdb::Add_user[$couchdb_soledad_user] - class { 'site_couchdb::stunnel': - key => $key, - cert => $cert, - ca => $ca - } + class { 'site_couchdb::stunnel': } class { 'site_couchdb::bigcouch::add_nodes': } diff --git a/puppet/modules/site_couchdb/manifests/stunnel.pp b/puppet/modules/site_couchdb/manifests/stunnel.pp index 481da279..993555cb 100644 --- a/puppet/modules/site_couchdb/manifests/stunnel.pp +++ b/puppet/modules/site_couchdb/manifests/stunnel.pp @@ -1,4 +1,4 @@ -class site_couchdb::stunnel ($key, $cert, $ca) { +class site_couchdb::stunnel { $stunnel = hiera('stunnel') @@ -19,21 +19,9 @@ class site_couchdb::stunnel ($key, $cert, $ca) { $ednp_clients = $stunnel['ednp_clients'] include x509::variables - $cert_name = 'leap_couchdb' - $ca_name = 'leap_ca' - $ca_path = "${x509::variables::local_CAs}/${ca_name}.crt" - $cert_path = "${x509::variables::certs}/${cert_name}.crt" - $key_path = "${x509::variables::keys}/${cert_name}.key" - - # basic setup: ensure cert, key, ca files are in place, and some generic - # stunnel things are done - site_stunnel::setup { 'couchdb_couchdb': - cert_name => $cert_name, - key => $key, - cert => $cert, - ca_name => $ca_name, - ca => $ca - } + $ca_path = "${x509::variables::local_CAs}/${site_config::params::ca_name}.crt" + $cert_path = "${x509::variables::certs}/${site_config::params::cert_name}.crt" + $key_path = "${x509::variables::keys}/${site_config::params::cert_name}.key" # setup a stunnel server for the webapp to connect to couchdb stunnel::service { 'couch_server': -- cgit v1.2.3 From 3388336b57cc59617b6dc8380beeeacfdb2fb5b3 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 18 Sep 2013 12:05:10 -0400 Subject: Setup a class dependency for every tag 'leap_service' to make sure that shorewall is setup before the service is setup. This is necessary due to the strict initial firewall that stops various service setup operations from happening, but is relaxed once shorewall is setup properly (#3782) Change-Id: Ia9640c4118aa0053cdb99e7bc11860fed5527501 --- puppet/modules/site_couchdb/manifests/init.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 6bc4f6a3..f4f93828 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -31,7 +31,8 @@ class site_couchdb { class { 'couchdb::bigcouch::package::cloudant': } - Class ['couchdb::bigcouch::package::cloudant'] + Class['site_config::default'] + -> Class ['couchdb::bigcouch::package::cloudant'] -> Service ['couchdb'] -> Class ['site_couchdb::bigcouch::add_nodes'] -> Couchdb::Create_db['users'] -- cgit v1.2.3 From 1ce6cb5a30c5ee73d6474ac9c1bbd4c7819d9a73 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 19 Sep 2013 12:19:00 +0200 Subject: only deploy x509 stuff for nodes if it existes in hiera (Feature #3875) --- puppet/modules/site_couchdb/manifests/stunnel.pp | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/stunnel.pp b/puppet/modules/site_couchdb/manifests/stunnel.pp index 993555cb..fbb75000 100644 --- a/puppet/modules/site_couchdb/manifests/stunnel.pp +++ b/puppet/modules/site_couchdb/manifests/stunnel.pp @@ -18,6 +18,11 @@ class site_couchdb::stunnel { $ednp_server_connect = $ednp_server['connect'] $ednp_clients = $stunnel['ednp_clients'] + + + include site_config::x509::cert_key + include site_config::x509::ca + include x509::variables $ca_path = "${x509::variables::local_CAs}/${site_config::params::ca_name}.crt" $cert_path = "${x509::variables::certs}/${site_config::params::cert_name}.crt" -- cgit v1.2.3 From d7aca479f254ce4cbe58ee2a2197ea5c6d02de53 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 19 Sep 2013 12:44:30 +0200 Subject: Depend services on deployment of default key, cert and ca (Feature #3838) --- puppet/modules/site_couchdb/manifests/stunnel.pp | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/stunnel.pp b/puppet/modules/site_couchdb/manifests/stunnel.pp index fbb75000..7ba303fe 100644 --- a/puppet/modules/site_couchdb/manifests/stunnel.pp +++ b/puppet/modules/site_couchdb/manifests/stunnel.pp @@ -39,7 +39,10 @@ class site_couchdb::stunnel { verify => '2', pid => '/var/run/stunnel4/couchserver.pid', rndfile => '/var/lib/stunnel4/.rnd', - debuglevel => '4' + debuglevel => '4', + require => [ + Class['Site_config::X509::Cert_key'], + Class['Site_config::X509::Ca'] ]; } @@ -55,7 +58,10 @@ class site_couchdb::stunnel { verify => '2', pid => '/var/run/stunnel4/epmd_server.pid', rndfile => '/var/lib/stunnel4/.rnd', - debuglevel => '4' + debuglevel => '4', + require => [ + Class['Site_config::X509::Cert_key'], + Class['Site_config::X509::Ca'] ]; } # setup stunnel clients for Erlang Port Mapper Daemon (epmd) to connect @@ -81,7 +87,10 @@ class site_couchdb::stunnel { verify => '2', pid => '/var/run/stunnel4/ednp_server.pid', rndfile => '/var/lib/stunnel4/.rnd', - debuglevel => '4' + debuglevel => '4', + require => [ + Class['Site_config::X509::Cert_key'], + Class['Site_config::X509::Ca'] ]; } # setup stunnel clients for Erlang Distributed Node Protocol (ednp) to connect -- cgit v1.2.3 From ffa4504f81c0abecc62b068951ec147741028128 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 24 Sep 2013 09:09:30 +0200 Subject: seperate cert and key deployment (#3918) --- puppet/modules/site_couchdb/manifests/stunnel.pp | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/stunnel.pp b/puppet/modules/site_couchdb/manifests/stunnel.pp index 7ba303fe..87c35f05 100644 --- a/puppet/modules/site_couchdb/manifests/stunnel.pp +++ b/puppet/modules/site_couchdb/manifests/stunnel.pp @@ -20,7 +20,8 @@ class site_couchdb::stunnel { - include site_config::x509::cert_key + include site_config::x509::cert + include site_config::x509::key include site_config::x509::ca include x509::variables @@ -41,7 +42,8 @@ class site_couchdb::stunnel { rndfile => '/var/lib/stunnel4/.rnd', debuglevel => '4', require => [ - Class['Site_config::X509::Cert_key'], + Class['Site_config::X509::Key'], + Class['Site_config::X509::Cert'], Class['Site_config::X509::Ca'] ]; } @@ -60,7 +62,8 @@ class site_couchdb::stunnel { rndfile => '/var/lib/stunnel4/.rnd', debuglevel => '4', require => [ - Class['Site_config::X509::Cert_key'], + Class['Site_config::X509::Key'], + Class['Site_config::X509::Cert'], Class['Site_config::X509::Ca'] ]; } @@ -89,7 +92,8 @@ class site_couchdb::stunnel { rndfile => '/var/lib/stunnel4/.rnd', debuglevel => '4', require => [ - Class['Site_config::X509::Cert_key'], + Class['Site_config::X509::Key'], + Class['Site_config::X509::Cert'], Class['Site_config::X509::Ca'] ]; } -- cgit v1.2.3 From befa14796567d950f7afa066381070ca7246b1d4 Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 25 Oct 2013 12:50:00 +0200 Subject: Users with access to a db are called members - not readers (#4219) ( they can read and write ). I think couch themselves changed the termology at some point but i might just have used the wrong term from the beginning on. Let's call them members either way because it's more clear that read only members require aditional design docs. --- puppet/modules/site_couchdb/manifests/init.pp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index f4f93828..5d77c994 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -65,22 +65,22 @@ class site_couchdb { } couchdb::create_db { 'users': - readers => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }", + members => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }", require => Couchdb::Query::Setup['localhost'] } couchdb::create_db { 'tokens': - readers => "{ \"names\": [], \"roles\": [\"auth\"] }", + members => "{ \"names\": [], \"roles\": [\"auth\"] }", require => Couchdb::Query::Setup['localhost'] } couchdb::create_db { 'sessions': - readers => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }", + members => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }", require => Couchdb::Query::Setup['localhost'] } couchdb::create_db { 'tickets': - readers => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }", + members => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }", require => Couchdb::Query::Setup['localhost'] } @@ -88,7 +88,7 @@ class site_couchdb { # via the auth group for now. # leap_mx could use that for a start. couchdb::create_db { 'identities': - readers => "{ \"names\": [], \"roles\": [\"auth\"] }", + members => "{ \"names\": [], \"roles\": [\"auth\"] }", require => Couchdb::Query::Setup['localhost'] } -- cgit v1.2.3 From ce084fbbe5980497b8b3f3e643e6b618c4fa0b0a Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 31 Oct 2013 00:48:37 +0100 Subject: Automate local backup of couchdb data (Feature #4350) --- puppet/modules/site_couchdb/manifests/backup.pp | 12 ++++++++++++ puppet/modules/site_couchdb/manifests/init.pp | 25 +++++++++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 puppet/modules/site_couchdb/manifests/backup.pp (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/backup.pp b/puppet/modules/site_couchdb/manifests/backup.pp new file mode 100644 index 00000000..ef505693 --- /dev/null +++ b/puppet/modules/site_couchdb/manifests/backup.pp @@ -0,0 +1,12 @@ +class site_couchdb::backup { + + # general backupninja config + backupninja::config { 'backupninja_config': + usecolors => false, + } + + # dump all DBs locally to /var/backups/couchdb once a day + backupninja::sh { 'couchdb_backup': + command_string => "cd /srv/leap/couchdb/scripts \n./couchdb_dumpall.sh" + } +} diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 5d77c994..684d3ab7 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -16,6 +16,8 @@ class site_couchdb { $couchdb_soledad_pw = $couchdb_soledad['password'] $couchdb_soledad_salt = $couchdb_soledad['salt'] + $couchdb_backup = $couchdb_config['backup'] + $bigcouch_config = $couchdb_config['bigcouch'] $bigcouch_cookie = $bigcouch_config['cookie'] @@ -96,4 +98,27 @@ class site_couchdb { include site_shorewall::couchdb include site_shorewall::couchdb::bigcouch + + # /etc/couchdb/couchdb.netrc is deployed by the couchdb module + # needed for couchdb_scripts (backup) and makes life easier + # for the admin (i.e. using curl/wget without passing credentials) + + file { '/root/.netrc': + ensure => link, + target => '/etc/couchdb/couchdb.netrc' + } + + file { '/srv/leap/couchdb': + ensure => directory + } + + vcsrepo { '/srv/leap/couchdb/scripts': + ensure => present, + provider => git, + source => 'https://leap.se/git/couchdb_scripts', + revision => 'origin/master', + require => File['/srv/leap/couchdb'] + } + + if $couchdb_backup { include site_couchdb::backup } } -- cgit v1.2.3 From 1ada62ad64b9664783de875820242fc404f967f2 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 19 Nov 2013 15:15:59 +0100 Subject: initial design documents from the webapp (#3770) --- .../modules/site_couchdb/files/designs/Readme.md | 14 ++++++ .../files/designs/customers/Customer.json | 18 ++++++++ .../files/designs/identities/Identity.json | 28 ++++++++++++ .../files/designs/sessions/Session.json | 8 ++++ .../site_couchdb/files/designs/tickets/Ticket.json | 50 ++++++++++++++++++++++ .../site_couchdb/files/designs/tokens/Token.json | 14 ++++++ .../site_couchdb/files/designs/users/User.json | 26 +++++++++++ 7 files changed, 158 insertions(+) create mode 100644 puppet/modules/site_couchdb/files/designs/Readme.md create mode 100644 puppet/modules/site_couchdb/files/designs/customers/Customer.json create mode 100644 puppet/modules/site_couchdb/files/designs/identities/Identity.json create mode 100644 puppet/modules/site_couchdb/files/designs/sessions/Session.json create mode 100644 puppet/modules/site_couchdb/files/designs/tickets/Ticket.json create mode 100644 puppet/modules/site_couchdb/files/designs/tokens/Token.json create mode 100644 puppet/modules/site_couchdb/files/designs/users/User.json (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/files/designs/Readme.md b/puppet/modules/site_couchdb/files/designs/Readme.md new file mode 100644 index 00000000..983f629f --- /dev/null +++ b/puppet/modules/site_couchdb/files/designs/Readme.md @@ -0,0 +1,14 @@ +This directory contains design documents for the leap platform. + +They need to be uploaded to the couch database in order to query the +database in certain ways. + +Each subdirectory corresponds to a couch database and contains the design +documents that need to be added to that particular database. + +Here's an example of how to upload the users design document: +```bash +HOST="http://localhost:5984" +curl -X PUT $HOST/users/_design/User --data @users/User.json + +``` diff --git a/puppet/modules/site_couchdb/files/designs/customers/Customer.json b/puppet/modules/site_couchdb/files/designs/customers/Customer.json new file mode 100644 index 00000000..1b4bbddd --- /dev/null +++ b/puppet/modules/site_couchdb/files/designs/customers/Customer.json @@ -0,0 +1,18 @@ +{ + "_id": "_design/Customer", + "language": "javascript", + "views": { + "by_user_id": { + "map": " function(doc) {\n if ((doc['type'] == 'Customer') && (doc['user_id'] != null)) {\n emit(doc['user_id'], 1);\n }\n }\n", + "reduce": "_sum" + }, + "by_braintree_customer_id": { + "map": " function(doc) {\n if ((doc['type'] == 'Customer') && (doc['braintree_customer_id'] != null)) {\n emit(doc['braintree_customer_id'], 1);\n }\n }\n", + "reduce": "_sum" + }, + "all": { + "map": " function(doc) {\n if (doc['type'] == 'Customer') {\n emit(doc._id, null);\n }\n }\n" + } + }, + "couchrest-hash": "688c401ec0230b75625c176a88fc4a02" +} \ No newline at end of file diff --git a/puppet/modules/site_couchdb/files/designs/identities/Identity.json b/puppet/modules/site_couchdb/files/designs/identities/Identity.json new file mode 100644 index 00000000..8cf8c39b --- /dev/null +++ b/puppet/modules/site_couchdb/files/designs/identities/Identity.json @@ -0,0 +1,28 @@ +{ + "_id": "_design/Identity", + "language": "javascript", + "views": { + "by_user_id": { + "map": " function(doc) {\n if ((doc['type'] == 'Identity') && (doc['user_id'] != null)) {\n emit(doc['user_id'], 1);\n }\n }\n", + "reduce": "_sum" + }, + "by_address_and_destination": { + "map": " function(doc) {\n if ((doc['type'] == 'Identity') && (doc['address'] != null) && (doc['destination'] != null)) {\n emit([doc['address'], doc['destination']], 1);\n }\n }\n", + "reduce": "_sum" + }, + "by_address": { + "map": " function(doc) {\n if ((doc['type'] == 'Identity') && (doc['address'] != null)) {\n emit(doc['address'], 1);\n }\n }\n", + "reduce": "_sum" + }, + "pgp_key_by_email": { + "map": " function(doc) {\n if (doc.type != 'Identity') {\n return;\n }\n emit(doc.address, doc.keys[\"pgp\"]);\n }\n" + }, + "disabled": { + "map": " function(doc) {\n if (doc.type != 'Identity') {\n return;\n }\n if (typeof doc.user_id === \"undefined\") {\n emit(doc._id, 1);\n }\n }\n" + }, + "all": { + "map": " function(doc) {\n if (doc['type'] == 'Identity') {\n emit(doc._id, null);\n }\n }\n" + } + }, + "couchrest-hash": "5b0ece9d28b3025d18ea71fddf3a532f" +} \ No newline at end of file diff --git a/puppet/modules/site_couchdb/files/designs/sessions/Session.json b/puppet/modules/site_couchdb/files/designs/sessions/Session.json new file mode 100644 index 00000000..70202780 --- /dev/null +++ b/puppet/modules/site_couchdb/files/designs/sessions/Session.json @@ -0,0 +1,8 @@ +{ + "views": { + "by_expires": { + "reduce": "_sum", + "map": "function(doc) {\n if(typeof doc.expires !== \"undefined\") {\n emit(doc.expires, 1);\n }\n}\n" + } + } +} diff --git a/puppet/modules/site_couchdb/files/designs/tickets/Ticket.json b/puppet/modules/site_couchdb/files/designs/tickets/Ticket.json new file mode 100644 index 00000000..2c9408b8 --- /dev/null +++ b/puppet/modules/site_couchdb/files/designs/tickets/Ticket.json @@ -0,0 +1,50 @@ +{ + "_id": "_design/Ticket", + "language": "javascript", + "views": { + "by_updated_at": { + "map": " function(doc) {\n if ((doc['type'] == 'Ticket') && (doc['updated_at'] != null)) {\n emit(doc['updated_at'], 1);\n }\n }\n", + "reduce": "_sum" + }, + "by_created_at": { + "map": " function(doc) {\n if ((doc['type'] == 'Ticket') && (doc['created_at'] != null)) {\n emit(doc['created_at'], 1);\n }\n }\n", + "reduce": "_sum" + }, + "by_created_by": { + "map": " function(doc) {\n if ((doc['type'] == 'Ticket') && (doc['created_by'] != null)) {\n emit(doc['created_by'], 1);\n }\n }\n", + "reduce": "_sum" + }, + "by_is_open_and_created_at": { + "map": " function(doc) {\n if ((doc['type'] == 'Ticket') && (doc['is_open'] != null) && (doc['created_at'] != null)) {\n emit([doc['is_open'], doc['created_at']], 1);\n }\n }\n", + "reduce": "_sum" + }, + "by_is_open_and_updated_at": { + "map": " function(doc) {\n if ((doc['type'] == 'Ticket') && (doc['is_open'] != null) && (doc['updated_at'] != null)) {\n emit([doc['is_open'], doc['updated_at']], 1);\n }\n }\n", + "reduce": "_sum" + }, + "by_includes_post_by_and_is_open_and_created_at": { + "map": "function(doc) {\n var arr = {}\n if (doc['type'] == 'Ticket' && doc.comments) {\n doc.comments.forEach(function(comment){\n if (comment.posted_by && !arr[comment.posted_by]) {\n //don't add duplicates\n arr[comment.posted_by] = true;\n emit([comment.posted_by, doc.is_open, doc.created_at], 1);\n }\n });\n }\n}\n", + "reduce": "function(key, values, rereduce) { return sum(values); }" + }, + "by_includes_post_by_and_is_open_and_updated_at": { + "map": "function(doc) {\n var arr = {}\n if (doc['type'] == 'Ticket' && doc.comments) {\n doc.comments.forEach(function(comment){\n if (comment.posted_by && !arr[comment.posted_by]) {\n //don't add duplicates\n arr[comment.posted_by] = true;\n emit([comment.posted_by, doc.is_open, doc.updated_at], 1);\n }\n });\n }\n}\n", + "reduce": "function(key, values, rereduce) { return sum(values); }" + }, + "by_includes_post_by_and_updated_at": { + "map": "function(doc) {\n var arr = {}\n if (doc['type'] == 'Ticket' && doc.comments) {\n doc.comments.forEach(function(comment){\n if (comment.posted_by && !arr[comment.posted_by]) {\n //don't add duplicates\n arr[comment.posted_by] = true;\n emit([comment.posted_by, doc.updated_at], 1);\n }\n });\n }\n}\n", + "reduce": "function(key, values, rereduce) { return sum(values); }" + }, + "by_includes_post_by": { + "map": "// TODO: This view is only used in tests--should we keep it?\nfunction(doc) {\n var arr = {}\n if (doc['type'] == 'Ticket' && doc.comments) {\n doc.comments.forEach(function(comment){\n if (comment.posted_by && !arr[comment.posted_by]) {\n //don't add duplicates\n arr[comment.posted_by] = true;\n emit(comment.posted_by, 1);\n }\n });\n }\n}\n", + "reduce": "function(key, values, rereduce) { return sum(values); }" + }, + "by_includes_post_by_and_created_at": { + "map": "function(doc) {\n var arr = {}\n if (doc['type'] == 'Ticket' && doc.comments) {\n doc.comments.forEach(function(comment){\n if (comment.posted_by && !arr[comment.posted_by]) {\n //don't add duplicates\n arr[comment.posted_by] = true;\n emit([comment.posted_by, doc.created_at], 1);\n }\n });\n }\n}\n", + "reduce": "function(key, values, rereduce) { return sum(values); }" + }, + "all": { + "map": " function(doc) {\n if (doc['type'] == 'Ticket') {\n emit(doc._id, null);\n }\n }\n" + } + }, + "couchrest-hash": "9978e2cbeacbe8622c2a7f103bf8130f" +} \ No newline at end of file diff --git a/puppet/modules/site_couchdb/files/designs/tokens/Token.json b/puppet/modules/site_couchdb/files/designs/tokens/Token.json new file mode 100644 index 00000000..b9025f15 --- /dev/null +++ b/puppet/modules/site_couchdb/files/designs/tokens/Token.json @@ -0,0 +1,14 @@ +{ + "_id": "_design/Token", + "language": "javascript", + "views": { + "by_last_seen_at": { + "map": " function(doc) {\n if ((doc['type'] == 'Token') && (doc['last_seen_at'] != null)) {\n emit(doc['last_seen_at'], 1);\n }\n }\n", + "reduce": "_sum" + }, + "all": { + "map": " function(doc) {\n if (doc['type'] == 'Token') {\n emit(doc._id, null);\n }\n }\n" + } + }, + "couchrest-hash": "541dd924551c42a2317b345effbe65cc" +} \ No newline at end of file diff --git a/puppet/modules/site_couchdb/files/designs/users/User.json b/puppet/modules/site_couchdb/files/designs/users/User.json new file mode 100644 index 00000000..c500822b --- /dev/null +++ b/puppet/modules/site_couchdb/files/designs/users/User.json @@ -0,0 +1,26 @@ +{ + "_id": "_design/User", + "language": "javascript", + "views": { + "by_login": { + "map": " function(doc) {\n if ((doc['type'] == 'User') && (doc['login'] != null)) {\n emit(doc['login'], 1);\n }\n }\n", + "reduce": "_sum" + }, + "all": { + "map": " function(doc) {\n if (doc['type'] == 'User') {\n emit(doc._id, null);\n }\n }\n" + }, + "by_alias": { + "map": "function(doc) {\n if (doc.type != 'User') {\n return;\n }\n doc.email_aliases.forEach(function(alias){\n emit(alias.username, 1);\n });\n}\n", + "reduce": "function(key, values, rereduce) { return sum(values); }" + }, + "by_login_or_alias": { + "map": "function(doc) {\n if (doc.type != 'User') {\n return;\n }\n emit(doc.login, 1);\n doc.email_aliases.forEach(function(alias){\n emit(alias.username, 1);\n });\n}\n", + "reduce": "function(key, values, rereduce) { return sum(values); }" + }, + "by_created_at": { + "map": " function(doc) {\n if ((doc['type'] == 'User') && (doc['created_at'] != null)) {\n emit(doc['created_at'], 1);\n }\n }\n", + "reduce": "_sum" + } + }, + "couchrest-hash": "26adb5c9480663de3fe60d959b60a7b2" +} \ No newline at end of file -- cgit v1.2.3 From ab278941346cc868aad7a3900a2cd5a1007986ea Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Mon, 25 Nov 2013 12:16:04 -0500 Subject: make some more dependency chains explicit Change-Id: Ib9525c3a933041fa9b378e1869c0a866375bb509 --- puppet/modules/site_couchdb/manifests/init.pp | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 684d3ab7..dcf7f48a 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -34,9 +34,11 @@ class site_couchdb { class { 'couchdb::bigcouch::package::cloudant': } Class['site_config::default'] - -> Class ['couchdb::bigcouch::package::cloudant'] - -> Service ['couchdb'] - -> Class ['site_couchdb::bigcouch::add_nodes'] + -> Class['couchdb::bigcouch::package::cloudant'] + -> Service['couchdb'] + -> Class['site_couchdb::stunnel'] + -> File['/root/.netrc'] + -> Class['site_couchdb::bigcouch::add_nodes'] -> Couchdb::Create_db['users'] -> Couchdb::Create_db['tokens'] -> Couchdb::Add_user[$couchdb_webapp_user] @@ -46,11 +48,21 @@ class site_couchdb { class { 'site_couchdb::bigcouch::add_nodes': } + # /etc/couchdb/couchdb.netrc is deployed by couchdb::query::setup + # we symlink this to /root/.netrc for couchdb_scripts (eg. backup) + # and makes life easier for the admin (i.e. using curl/wget without + # passing credentials) couchdb::query::setup { 'localhost': user => $couchdb_admin_user, pw => $couchdb_admin_pw, } + file { '/root/.netrc': + ensure => link, + target => '/etc/couchdb/couchdb.netrc', + require => Couchdb::Query::Setup['localhost'] + } + # Populate couchdb couchdb::add_user { $couchdb_webapp_user: roles => '["auth"]', @@ -99,15 +111,6 @@ class site_couchdb { include site_shorewall::couchdb include site_shorewall::couchdb::bigcouch - # /etc/couchdb/couchdb.netrc is deployed by the couchdb module - # needed for couchdb_scripts (backup) and makes life easier - # for the admin (i.e. using curl/wget without passing credentials) - - file { '/root/.netrc': - ensure => link, - target => '/etc/couchdb/couchdb.netrc' - } - file { '/srv/leap/couchdb': ensure => directory } -- cgit v1.2.3 From dc6c48cbc25216417a02304ec2c23663688cd99d Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 26 Nov 2013 14:49:53 -0500 Subject: enable uploading a document to couch from a file (#4256) deploy design documents during couch deploy (#3771) Change-Id: I4679e066303ac9b02582214c48e2e7dcfe5bd651 --- .../site_couchdb/files/designs/customers.json | 18 ++++++++ .../site_couchdb/files/designs/identities.json | 28 ++++++++++++ .../site_couchdb/files/designs/sessions.json | 8 ++++ .../site_couchdb/files/designs/tickets.json | 50 ++++++++++++++++++++++ .../modules/site_couchdb/files/designs/tokens.json | 14 ++++++ .../modules/site_couchdb/files/designs/users.json | 26 +++++++++++ puppet/modules/site_couchdb/manifests/designs.pp | 20 +++++++++ 7 files changed, 164 insertions(+) create mode 100644 puppet/modules/site_couchdb/files/designs/customers.json create mode 100644 puppet/modules/site_couchdb/files/designs/identities.json create mode 100644 puppet/modules/site_couchdb/files/designs/sessions.json create mode 100644 puppet/modules/site_couchdb/files/designs/tickets.json create mode 100644 puppet/modules/site_couchdb/files/designs/tokens.json create mode 100644 puppet/modules/site_couchdb/files/designs/users.json create mode 100644 puppet/modules/site_couchdb/manifests/designs.pp (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/files/designs/customers.json b/puppet/modules/site_couchdb/files/designs/customers.json new file mode 100644 index 00000000..1b4bbddd --- /dev/null +++ b/puppet/modules/site_couchdb/files/designs/customers.json @@ -0,0 +1,18 @@ +{ + "_id": "_design/Customer", + "language": "javascript", + "views": { + "by_user_id": { + "map": " function(doc) {\n if ((doc['type'] == 'Customer') && (doc['user_id'] != null)) {\n emit(doc['user_id'], 1);\n }\n }\n", + "reduce": "_sum" + }, + "by_braintree_customer_id": { + "map": " function(doc) {\n if ((doc['type'] == 'Customer') && (doc['braintree_customer_id'] != null)) {\n emit(doc['braintree_customer_id'], 1);\n }\n }\n", + "reduce": "_sum" + }, + "all": { + "map": " function(doc) {\n if (doc['type'] == 'Customer') {\n emit(doc._id, null);\n }\n }\n" + } + }, + "couchrest-hash": "688c401ec0230b75625c176a88fc4a02" +} \ No newline at end of file diff --git a/puppet/modules/site_couchdb/files/designs/identities.json b/puppet/modules/site_couchdb/files/designs/identities.json new file mode 100644 index 00000000..8cf8c39b --- /dev/null +++ b/puppet/modules/site_couchdb/files/designs/identities.json @@ -0,0 +1,28 @@ +{ + "_id": "_design/Identity", + "language": "javascript", + "views": { + "by_user_id": { + "map": " function(doc) {\n if ((doc['type'] == 'Identity') && (doc['user_id'] != null)) {\n emit(doc['user_id'], 1);\n }\n }\n", + "reduce": "_sum" + }, + "by_address_and_destination": { + "map": " function(doc) {\n if ((doc['type'] == 'Identity') && (doc['address'] != null) && (doc['destination'] != null)) {\n emit([doc['address'], doc['destination']], 1);\n }\n }\n", + "reduce": "_sum" + }, + "by_address": { + "map": " function(doc) {\n if ((doc['type'] == 'Identity') && (doc['address'] != null)) {\n emit(doc['address'], 1);\n }\n }\n", + "reduce": "_sum" + }, + "pgp_key_by_email": { + "map": " function(doc) {\n if (doc.type != 'Identity') {\n return;\n }\n emit(doc.address, doc.keys[\"pgp\"]);\n }\n" + }, + "disabled": { + "map": " function(doc) {\n if (doc.type != 'Identity') {\n return;\n }\n if (typeof doc.user_id === \"undefined\") {\n emit(doc._id, 1);\n }\n }\n" + }, + "all": { + "map": " function(doc) {\n if (doc['type'] == 'Identity') {\n emit(doc._id, null);\n }\n }\n" + } + }, + "couchrest-hash": "5b0ece9d28b3025d18ea71fddf3a532f" +} \ No newline at end of file diff --git a/puppet/modules/site_couchdb/files/designs/sessions.json b/puppet/modules/site_couchdb/files/designs/sessions.json new file mode 100644 index 00000000..70202780 --- /dev/null +++ b/puppet/modules/site_couchdb/files/designs/sessions.json @@ -0,0 +1,8 @@ +{ + "views": { + "by_expires": { + "reduce": "_sum", + "map": "function(doc) {\n if(typeof doc.expires !== \"undefined\") {\n emit(doc.expires, 1);\n }\n}\n" + } + } +} diff --git a/puppet/modules/site_couchdb/files/designs/tickets.json b/puppet/modules/site_couchdb/files/designs/tickets.json new file mode 100644 index 00000000..2c9408b8 --- /dev/null +++ b/puppet/modules/site_couchdb/files/designs/tickets.json @@ -0,0 +1,50 @@ +{ + "_id": "_design/Ticket", + "language": "javascript", + "views": { + "by_updated_at": { + "map": " function(doc) {\n if ((doc['type'] == 'Ticket') && (doc['updated_at'] != null)) {\n emit(doc['updated_at'], 1);\n }\n }\n", + "reduce": "_sum" + }, + "by_created_at": { + "map": " function(doc) {\n if ((doc['type'] == 'Ticket') && (doc['created_at'] != null)) {\n emit(doc['created_at'], 1);\n }\n }\n", + "reduce": "_sum" + }, + "by_created_by": { + "map": " function(doc) {\n if ((doc['type'] == 'Ticket') && (doc['created_by'] != null)) {\n emit(doc['created_by'], 1);\n }\n }\n", + "reduce": "_sum" + }, + "by_is_open_and_created_at": { + "map": " function(doc) {\n if ((doc['type'] == 'Ticket') && (doc['is_open'] != null) && (doc['created_at'] != null)) {\n emit([doc['is_open'], doc['created_at']], 1);\n }\n }\n", + "reduce": "_sum" + }, + "by_is_open_and_updated_at": { + "map": " function(doc) {\n if ((doc['type'] == 'Ticket') && (doc['is_open'] != null) && (doc['updated_at'] != null)) {\n emit([doc['is_open'], doc['updated_at']], 1);\n }\n }\n", + "reduce": "_sum" + }, + "by_includes_post_by_and_is_open_and_created_at": { + "map": "function(doc) {\n var arr = {}\n if (doc['type'] == 'Ticket' && doc.comments) {\n doc.comments.forEach(function(comment){\n if (comment.posted_by && !arr[comment.posted_by]) {\n //don't add duplicates\n arr[comment.posted_by] = true;\n emit([comment.posted_by, doc.is_open, doc.created_at], 1);\n }\n });\n }\n}\n", + "reduce": "function(key, values, rereduce) { return sum(values); }" + }, + "by_includes_post_by_and_is_open_and_updated_at": { + "map": "function(doc) {\n var arr = {}\n if (doc['type'] == 'Ticket' && doc.comments) {\n doc.comments.forEach(function(comment){\n if (comment.posted_by && !arr[comment.posted_by]) {\n //don't add duplicates\n arr[comment.posted_by] = true;\n emit([comment.posted_by, doc.is_open, doc.updated_at], 1);\n }\n });\n }\n}\n", + "reduce": "function(key, values, rereduce) { return sum(values); }" + }, + "by_includes_post_by_and_updated_at": { + "map": "function(doc) {\n var arr = {}\n if (doc['type'] == 'Ticket' && doc.comments) {\n doc.comments.forEach(function(comment){\n if (comment.posted_by && !arr[comment.posted_by]) {\n //don't add duplicates\n arr[comment.posted_by] = true;\n emit([comment.posted_by, doc.updated_at], 1);\n }\n });\n }\n}\n", + "reduce": "function(key, values, rereduce) { return sum(values); }" + }, + "by_includes_post_by": { + "map": "// TODO: This view is only used in tests--should we keep it?\nfunction(doc) {\n var arr = {}\n if (doc['type'] == 'Ticket' && doc.comments) {\n doc.comments.forEach(function(comment){\n if (comment.posted_by && !arr[comment.posted_by]) {\n //don't add duplicates\n arr[comment.posted_by] = true;\n emit(comment.posted_by, 1);\n }\n });\n }\n}\n", + "reduce": "function(key, values, rereduce) { return sum(values); }" + }, + "by_includes_post_by_and_created_at": { + "map": "function(doc) {\n var arr = {}\n if (doc['type'] == 'Ticket' && doc.comments) {\n doc.comments.forEach(function(comment){\n if (comment.posted_by && !arr[comment.posted_by]) {\n //don't add duplicates\n arr[comment.posted_by] = true;\n emit([comment.posted_by, doc.created_at], 1);\n }\n });\n }\n}\n", + "reduce": "function(key, values, rereduce) { return sum(values); }" + }, + "all": { + "map": " function(doc) {\n if (doc['type'] == 'Ticket') {\n emit(doc._id, null);\n }\n }\n" + } + }, + "couchrest-hash": "9978e2cbeacbe8622c2a7f103bf8130f" +} \ No newline at end of file diff --git a/puppet/modules/site_couchdb/files/designs/tokens.json b/puppet/modules/site_couchdb/files/designs/tokens.json new file mode 100644 index 00000000..b9025f15 --- /dev/null +++ b/puppet/modules/site_couchdb/files/designs/tokens.json @@ -0,0 +1,14 @@ +{ + "_id": "_design/Token", + "language": "javascript", + "views": { + "by_last_seen_at": { + "map": " function(doc) {\n if ((doc['type'] == 'Token') && (doc['last_seen_at'] != null)) {\n emit(doc['last_seen_at'], 1);\n }\n }\n", + "reduce": "_sum" + }, + "all": { + "map": " function(doc) {\n if (doc['type'] == 'Token') {\n emit(doc._id, null);\n }\n }\n" + } + }, + "couchrest-hash": "541dd924551c42a2317b345effbe65cc" +} \ No newline at end of file diff --git a/puppet/modules/site_couchdb/files/designs/users.json b/puppet/modules/site_couchdb/files/designs/users.json new file mode 100644 index 00000000..c500822b --- /dev/null +++ b/puppet/modules/site_couchdb/files/designs/users.json @@ -0,0 +1,26 @@ +{ + "_id": "_design/User", + "language": "javascript", + "views": { + "by_login": { + "map": " function(doc) {\n if ((doc['type'] == 'User') && (doc['login'] != null)) {\n emit(doc['login'], 1);\n }\n }\n", + "reduce": "_sum" + }, + "all": { + "map": " function(doc) {\n if (doc['type'] == 'User') {\n emit(doc._id, null);\n }\n }\n" + }, + "by_alias": { + "map": "function(doc) {\n if (doc.type != 'User') {\n return;\n }\n doc.email_aliases.forEach(function(alias){\n emit(alias.username, 1);\n });\n}\n", + "reduce": "function(key, values, rereduce) { return sum(values); }" + }, + "by_login_or_alias": { + "map": "function(doc) {\n if (doc.type != 'User') {\n return;\n }\n emit(doc.login, 1);\n doc.email_aliases.forEach(function(alias){\n emit(alias.username, 1);\n });\n}\n", + "reduce": "function(key, values, rereduce) { return sum(values); }" + }, + "by_created_at": { + "map": " function(doc) {\n if ((doc['type'] == 'User') && (doc['created_at'] != null)) {\n emit(doc['created_at'], 1);\n }\n }\n", + "reduce": "_sum" + } + }, + "couchrest-hash": "26adb5c9480663de3fe60d959b60a7b2" +} \ No newline at end of file diff --git a/puppet/modules/site_couchdb/manifests/designs.pp b/puppet/modules/site_couchdb/manifests/designs.pp new file mode 100644 index 00000000..2d0a8326 --- /dev/null +++ b/puppet/modules/site_couchdb/manifests/designs.pp @@ -0,0 +1,20 @@ +class site_couchdb::designs { + + Class['site_couchdb::create_dbs'] + -> Class['site_couchdb::designs'] + + file { '/srv/leap/couchdb/designs': + ensure => directory, + source => 'puppet:///modules/site_couchdb/designs', + recurse => true, + mode => '0755' + } + + exec { '/srv/leap/couchdb/scripts/load_design_documents.sh': + subscribe => File['/srv/leap/couchdb/designs'], + refreshonly => true, + require => Vcsrepo['/srv/leap/couchdb/scripts'] + } + +} + -- cgit v1.2.3 From 92d68c912d0de44ec9e88f7327303cc0fce7114b Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 26 Nov 2013 16:25:14 -0500 Subject: break out the database creation, user creation and design document loading into different classes Change-Id: Idd126d69e1fbe9c9794ad50337307dcc5dd635f4 --- puppet/modules/site_couchdb/manifests/add_users.pp | 17 +++++++ .../modules/site_couchdb/manifests/create_dbs.pp | 31 ++++++++++++ puppet/modules/site_couchdb/manifests/init.pp | 56 ++++------------------ 3 files changed, 56 insertions(+), 48 deletions(-) create mode 100644 puppet/modules/site_couchdb/manifests/add_users.pp create mode 100644 puppet/modules/site_couchdb/manifests/create_dbs.pp (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp new file mode 100644 index 00000000..e9d3da78 --- /dev/null +++ b/puppet/modules/site_couchdb/manifests/add_users.pp @@ -0,0 +1,17 @@ +class site_couchdb::add_users { + + # Populate couchdb + couchdb::add_user { $site_couchdb::couchdb_webapp_user: + roles => '["auth"]', + pw => $site_couchdb::couchdb_webapp_pw, + salt => $site_couchdb::couchdb_webapp_salt, + require => Couchdb::Query::Setup['localhost'] + } + + couchdb::add_user { $site_couchdb::couchdb_soledad_user: + roles => '["auth"]', + pw => $site_couchdb::couchdb_soledad_pw, + salt => $site_couchdb::couchdb_soledad_salt, + require => Couchdb::Query::Setup['localhost'] + } +} diff --git a/puppet/modules/site_couchdb/manifests/create_dbs.pp b/puppet/modules/site_couchdb/manifests/create_dbs.pp new file mode 100644 index 00000000..2dca51c1 --- /dev/null +++ b/puppet/modules/site_couchdb/manifests/create_dbs.pp @@ -0,0 +1,31 @@ +class site_couchdb::create_dbs { + + couchdb::create_db { 'users': + members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }", + require => Couchdb::Query::Setup['localhost'] + } + + couchdb::create_db { 'tokens': + members => "{ \"names\": [], \"roles\": [\"auth\"] }", + require => Couchdb::Query::Setup['localhost'] + } + + couchdb::create_db { 'sessions': + members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }", + require => Couchdb::Query::Setup['localhost'] + } + + couchdb::create_db { 'tickets': + members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }", + require => Couchdb::Query::Setup['localhost'] + } + + # leap_mx will want access to this. Granting access to the soledad user + # via the auth group for now. + # leap_mx could use that for a start. + couchdb::create_db { 'identities': + members => "{ \"names\": [], \"roles\": [\"auth\"] }", + require => Couchdb::Query::Setup['localhost'] + } + +} diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index dcf7f48a..0f839997 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -52,69 +52,29 @@ class site_couchdb { # we symlink this to /root/.netrc for couchdb_scripts (eg. backup) # and makes life easier for the admin (i.e. using curl/wget without # passing credentials) - couchdb::query::setup { 'localhost': - user => $couchdb_admin_user, - pw => $couchdb_admin_pw, - } - file { '/root/.netrc': ensure => link, target => '/etc/couchdb/couchdb.netrc', require => Couchdb::Query::Setup['localhost'] } - # Populate couchdb - couchdb::add_user { $couchdb_webapp_user: - roles => '["auth"]', - pw => $couchdb_webapp_pw, - salt => $couchdb_webapp_salt, - require => Couchdb::Query::Setup['localhost'] - } - - couchdb::add_user { $couchdb_soledad_user: - roles => '["auth"]', - pw => $couchdb_soledad_pw, - salt => $couchdb_soledad_salt, - require => Couchdb::Query::Setup['localhost'] - } - - couchdb::create_db { 'users': - members => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }", - require => Couchdb::Query::Setup['localhost'] - } - - couchdb::create_db { 'tokens': - members => "{ \"names\": [], \"roles\": [\"auth\"] }", - require => Couchdb::Query::Setup['localhost'] - } - - couchdb::create_db { 'sessions': - members => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }", - require => Couchdb::Query::Setup['localhost'] - } - - couchdb::create_db { 'tickets': - members => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }", - require => Couchdb::Query::Setup['localhost'] + file { '/srv/leap/couchdb': + ensure => directory } - # leap_mx will want access to this. Granting access to the soledad user - # via the auth group for now. - # leap_mx could use that for a start. - couchdb::create_db { 'identities': - members => "{ \"names\": [], \"roles\": [\"auth\"] }", - require => Couchdb::Query::Setup['localhost'] + couchdb::query::setup { 'localhost': + user => $couchdb_admin_user, + pw => $couchdb_admin_pw, } + include site_couchdb::create_dbs + include site_couchdb::add_users + include site_couchdb::designs include site_couchdb::logrotate include site_shorewall::couchdb include site_shorewall::couchdb::bigcouch - file { '/srv/leap/couchdb': - ensure => directory - } - vcsrepo { '/srv/leap/couchdb/scripts': ensure => present, provider => git, -- cgit v1.2.3 From 77528b228c6d7ba095a796df4c5cc4c95eb50d9d Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 27 Nov 2013 14:00:10 -0500 Subject: pretty reformat couchdb.json and site_couchdb/manifests/init.pp, alphabetizing couchdb users Change-Id: I88264d32e9381f826652d1631083ba371e2b1b54 --- puppet/modules/site_couchdb/manifests/add_users.pp | 14 ++++++++------ puppet/modules/site_couchdb/manifests/create_dbs.pp | 19 +++++++++---------- puppet/modules/site_couchdb/manifests/init.pp | 11 +++++++---- 3 files changed, 24 insertions(+), 20 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp index e9d3da78..b9304a97 100644 --- a/puppet/modules/site_couchdb/manifests/add_users.pp +++ b/puppet/modules/site_couchdb/manifests/add_users.pp @@ -1,12 +1,6 @@ class site_couchdb::add_users { # Populate couchdb - couchdb::add_user { $site_couchdb::couchdb_webapp_user: - roles => '["auth"]', - pw => $site_couchdb::couchdb_webapp_pw, - salt => $site_couchdb::couchdb_webapp_salt, - require => Couchdb::Query::Setup['localhost'] - } couchdb::add_user { $site_couchdb::couchdb_soledad_user: roles => '["auth"]', @@ -14,4 +8,12 @@ class site_couchdb::add_users { salt => $site_couchdb::couchdb_soledad_salt, require => Couchdb::Query::Setup['localhost'] } + + couchdb::add_user { $site_couchdb::couchdb_webapp_user: + roles => '["auth"]', + pw => $site_couchdb::couchdb_webapp_pw, + salt => $site_couchdb::couchdb_webapp_salt, + require => Couchdb::Query::Setup['localhost'] + } + } diff --git a/puppet/modules/site_couchdb/manifests/create_dbs.pp b/puppet/modules/site_couchdb/manifests/create_dbs.pp index 2dca51c1..b5404231 100644 --- a/puppet/modules/site_couchdb/manifests/create_dbs.pp +++ b/puppet/modules/site_couchdb/manifests/create_dbs.pp @@ -1,11 +1,9 @@ class site_couchdb::create_dbs { - couchdb::create_db { 'users': - members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }", - require => Couchdb::Query::Setup['localhost'] - } - - couchdb::create_db { 'tokens': + # leap_mx will want access to this. Granting access to the soledad user + # via the auth group for now. + # leap_mx could use that for a start. + couchdb::create_db { 'identities': members => "{ \"names\": [], \"roles\": [\"auth\"] }", require => Couchdb::Query::Setup['localhost'] } @@ -20,12 +18,13 @@ class site_couchdb::create_dbs { require => Couchdb::Query::Setup['localhost'] } - # leap_mx will want access to this. Granting access to the soledad user - # via the auth group for now. - # leap_mx could use that for a start. - couchdb::create_db { 'identities': + couchdb::create_db { 'tokens': members => "{ \"names\": [], \"roles\": [\"auth\"] }", require => Couchdb::Query::Setup['localhost'] } + couchdb::create_db { 'users': + members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }", + require => Couchdb::Query::Setup['localhost'] + } } diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 0f839997..82f2befb 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -3,19 +3,22 @@ class site_couchdb { $couchdb_config = hiera('couch') $couchdb_users = $couchdb_config['users'] + $couchdb_admin = $couchdb_users['admin'] $couchdb_admin_user = $couchdb_admin['username'] $couchdb_admin_pw = $couchdb_admin['password'] $couchdb_admin_salt = $couchdb_admin['salt'] - $couchdb_webapp = $couchdb_users['webapp'] - $couchdb_webapp_user = $couchdb_webapp['username'] - $couchdb_webapp_pw = $couchdb_webapp['password'] - $couchdb_webapp_salt = $couchdb_webapp['salt'] + $couchdb_soledad = $couchdb_users['soledad'] $couchdb_soledad_user = $couchdb_soledad['username'] $couchdb_soledad_pw = $couchdb_soledad['password'] $couchdb_soledad_salt = $couchdb_soledad['salt'] + $couchdb_webapp = $couchdb_users['webapp'] + $couchdb_webapp_user = $couchdb_webapp['username'] + $couchdb_webapp_pw = $couchdb_webapp['password'] + $couchdb_webapp_salt = $couchdb_webapp['salt'] + $couchdb_backup = $couchdb_config['backup'] $bigcouch_config = $couchdb_config['bigcouch'] -- cgit v1.2.3 From fdf028e53cb1efa9d3d6c8ab76c89f98e2fb7498 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 27 Nov 2013 14:03:03 -0500 Subject: add leap_mx couchdb user/password Change-Id: Ice83115e0feabddd40ad74c2a6e98e24da9b4c2f --- puppet/modules/site_couchdb/manifests/add_users.pp | 7 +++++++ puppet/modules/site_couchdb/manifests/init.pp | 5 +++++ 2 files changed, 12 insertions(+) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp index b9304a97..c83b096d 100644 --- a/puppet/modules/site_couchdb/manifests/add_users.pp +++ b/puppet/modules/site_couchdb/manifests/add_users.pp @@ -2,6 +2,13 @@ class site_couchdb::add_users { # Populate couchdb + couchdb::add_user { $site_couchdb::couchdb_leap_mx_user: + roles => '["identities"]', + pw => $site_couchdb::couchdb_leap_mx_pw, + salt => $site_couchdb::couchdb_leap_mx_salt, + require => Couchdb::Query::Setup['localhost'] + } + couchdb::add_user { $site_couchdb::couchdb_soledad_user: roles => '["auth"]', pw => $site_couchdb::couchdb_soledad_pw, diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 82f2befb..b73c23c3 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -9,6 +9,11 @@ class site_couchdb { $couchdb_admin_pw = $couchdb_admin['password'] $couchdb_admin_salt = $couchdb_admin['salt'] + $couchdb_leap_mx = $couchdb_users['leap_mx'] + $couchdb_leap_mx_user = $couchdb_leap_mx['username'] + $couchdb_leap_mx_pw = $couchdb_leap_mx['password'] + $couchdb_leap_mx_salt = $couchdb_leap_mx['salt'] + $couchdb_soledad = $couchdb_users['soledad'] $couchdb_soledad_user = $couchdb_soledad['username'] $couchdb_soledad_pw = $couchdb_soledad['password'] -- cgit v1.2.3 From e25091395d49d7e10c6266528d4bdfc48c10c886 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 27 Nov 2013 14:08:20 -0500 Subject: add identities roles Change-Id: I483509850bee448bb2ea39863c1e6a796e102c3c --- puppet/modules/site_couchdb/manifests/add_users.pp | 2 +- puppet/modules/site_couchdb/manifests/create_dbs.pp | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp index c83b096d..e525d01a 100644 --- a/puppet/modules/site_couchdb/manifests/add_users.pp +++ b/puppet/modules/site_couchdb/manifests/add_users.pp @@ -17,7 +17,7 @@ class site_couchdb::add_users { } couchdb::add_user { $site_couchdb::couchdb_webapp_user: - roles => '["auth"]', + roles => '["auth","identities"]', pw => $site_couchdb::couchdb_webapp_pw, salt => $site_couchdb::couchdb_webapp_salt, require => Couchdb::Query::Setup['localhost'] diff --git a/puppet/modules/site_couchdb/manifests/create_dbs.pp b/puppet/modules/site_couchdb/manifests/create_dbs.pp index b5404231..a734c870 100644 --- a/puppet/modules/site_couchdb/manifests/create_dbs.pp +++ b/puppet/modules/site_couchdb/manifests/create_dbs.pp @@ -1,10 +1,10 @@ class site_couchdb::create_dbs { - # leap_mx will want access to this. Granting access to the soledad user - # via the auth group for now. - # leap_mx could use that for a start. + # identities database + # r/w: webapp + # r: nickserver, leap_mx - need to restrict with design document couchdb::create_db { 'identities': - members => "{ \"names\": [], \"roles\": [\"auth\"] }", + members => "{ \"names\": [], \"roles\": [\"identities\"] }", require => Couchdb::Query::Setup['localhost'] } -- cgit v1.2.3 From 6bff399fdcdab967a13a27d40dcef4bfb871e046 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 27 Nov 2013 14:12:28 -0500 Subject: add nickserver couchdb user, set it to have 'identities' role Change-Id: I06723ccf2ba040204e9fc5256c99a1faad6abb5f --- puppet/modules/site_couchdb/manifests/add_users.pp | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp index e525d01a..e3b74865 100644 --- a/puppet/modules/site_couchdb/manifests/add_users.pp +++ b/puppet/modules/site_couchdb/manifests/add_users.pp @@ -9,6 +9,16 @@ class site_couchdb::add_users { require => Couchdb::Query::Setup['localhost'] } + # nickserver couchdb user + # read: identities, keycache + # write: keycache (a cache of discovered key, doesn’t exist yet) + couchdb::add_user { $site_couchdb::couchdb_nickserver_user: + roles => '["identities"]', + pw => $site_couchdb::couchdb_nickserver_pw, + salt => $site_couchdb::couchdb_nickserver_salt, + require => Couchdb::Query::Setup['localhost'] + } + couchdb::add_user { $site_couchdb::couchdb_soledad_user: roles => '["auth"]', pw => $site_couchdb::couchdb_soledad_pw, -- cgit v1.2.3 From a9d75259f96e64825ea97eca17cbe6e0c6005d0d Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 27 Nov 2013 14:19:36 -0500 Subject: add comments with access information Change-Id: I058ac1f061bca17736662f14826e99d32472739b --- puppet/modules/site_couchdb/manifests/add_users.pp | 16 ++++++++++++---- puppet/modules/site_couchdb/manifests/create_dbs.pp | 17 ++++++++++++++--- 2 files changed, 26 insertions(+), 7 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp index e3b74865..8af9ea66 100644 --- a/puppet/modules/site_couchdb/manifests/add_users.pp +++ b/puppet/modules/site_couchdb/manifests/add_users.pp @@ -1,7 +1,10 @@ class site_couchdb::add_users { - # Populate couchdb + # Couchdb users + ## leap_mx couchdb user + ## read: identities + ## write access to user- couchdb::add_user { $site_couchdb::couchdb_leap_mx_user: roles => '["identities"]', pw => $site_couchdb::couchdb_leap_mx_pw, @@ -9,9 +12,9 @@ class site_couchdb::add_users { require => Couchdb::Query::Setup['localhost'] } - # nickserver couchdb user - # read: identities, keycache - # write: keycache (a cache of discovered key, doesn’t exist yet) + ## nickserver couchdb user + ## r: identities + ## r/w: keycache couchdb::add_user { $site_couchdb::couchdb_nickserver_user: roles => '["identities"]', pw => $site_couchdb::couchdb_nickserver_pw, @@ -19,6 +22,9 @@ class site_couchdb::add_users { require => Couchdb::Query::Setup['localhost'] } + ## soledad couchdb user + ## read: tokens, user-, shared + ## write: user-, shared couchdb::add_user { $site_couchdb::couchdb_soledad_user: roles => '["auth"]', pw => $site_couchdb::couchdb_soledad_pw, @@ -26,6 +32,8 @@ class site_couchdb::add_users { require => Couchdb::Query::Setup['localhost'] } + ## webapp couchdb user + ## read/write: users, tokens, sessions, tickets, identities couchdb::add_user { $site_couchdb::couchdb_webapp_user: roles => '["auth","identities"]', pw => $site_couchdb::couchdb_webapp_pw, diff --git a/puppet/modules/site_couchdb/manifests/create_dbs.pp b/puppet/modules/site_couchdb/manifests/create_dbs.pp index a734c870..d3125448 100644 --- a/puppet/modules/site_couchdb/manifests/create_dbs.pp +++ b/puppet/modules/site_couchdb/manifests/create_dbs.pp @@ -1,28 +1,39 @@ class site_couchdb::create_dbs { - # identities database - # r/w: webapp - # r: nickserver, leap_mx - need to restrict with design document + # Couchdb databases + + ## identities database + ## r: nickserver, leap_mx - needs to be restrict with design document + ## r/w: webapp couchdb::create_db { 'identities': members => "{ \"names\": [], \"roles\": [\"identities\"] }", require => Couchdb::Query::Setup['localhost'] } + ## sessions database + ## r/w: webapp couchdb::create_db { 'sessions': members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }", require => Couchdb::Query::Setup['localhost'] } + ## tickets database + ## r/w: webapp couchdb::create_db { 'tickets': members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }", require => Couchdb::Query::Setup['localhost'] } + ## tokens database + ## r: soledad - needs to be restricted with a design document + ## r/w: webapp couchdb::create_db { 'tokens': members => "{ \"names\": [], \"roles\": [\"auth\"] }", require => Couchdb::Query::Setup['localhost'] } + ## users database + ## r/w: webapp couchdb::create_db { 'users': members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }", require => Couchdb::Query::Setup['localhost'] -- cgit v1.2.3 From 25ff4895b47ffd937e9f9881747ee8ffb511dacf Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 27 Nov 2013 14:20:51 -0500 Subject: add keycache couchdb database, and set appropriate roles Change-Id: I492a8dfb42e92ced80fb09c2095fa1328e24346b --- puppet/modules/site_couchdb/manifests/add_users.pp | 2 +- puppet/modules/site_couchdb/manifests/create_dbs.pp | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp index 8af9ea66..f5c38cbb 100644 --- a/puppet/modules/site_couchdb/manifests/add_users.pp +++ b/puppet/modules/site_couchdb/manifests/add_users.pp @@ -16,7 +16,7 @@ class site_couchdb::add_users { ## r: identities ## r/w: keycache couchdb::add_user { $site_couchdb::couchdb_nickserver_user: - roles => '["identities"]', + roles => '["identities","keycache"]', pw => $site_couchdb::couchdb_nickserver_pw, salt => $site_couchdb::couchdb_nickserver_salt, require => Couchdb::Query::Setup['localhost'] diff --git a/puppet/modules/site_couchdb/manifests/create_dbs.pp b/puppet/modules/site_couchdb/manifests/create_dbs.pp index d3125448..f8c38987 100644 --- a/puppet/modules/site_couchdb/manifests/create_dbs.pp +++ b/puppet/modules/site_couchdb/manifests/create_dbs.pp @@ -10,6 +10,13 @@ class site_couchdb::create_dbs { require => Couchdb::Query::Setup['localhost'] } + ## keycache database + ## r/w: nickserver + couchdb::create_db { 'keycache': + members => "{ \"names\": [], \"roles\": [\"keycache\"] }", + require => Couchdb::Query::Setup['localhost'] + } + ## sessions database ## r/w: webapp couchdb::create_db { 'sessions': -- cgit v1.2.3 From d0911282e2e201b1f60cd3431018d57cd8321482 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 27 Nov 2013 14:21:49 -0500 Subject: add shared couchdb database, giving soledad access Change-Id: I743538f66e35f0fffaa0d07fb4ee44b810635aa3 --- puppet/modules/site_couchdb/manifests/create_dbs.pp | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/create_dbs.pp b/puppet/modules/site_couchdb/manifests/create_dbs.pp index f8c38987..9e21e33a 100644 --- a/puppet/modules/site_couchdb/manifests/create_dbs.pp +++ b/puppet/modules/site_couchdb/manifests/create_dbs.pp @@ -16,7 +16,7 @@ class site_couchdb::create_dbs { members => "{ \"names\": [], \"roles\": [\"keycache\"] }", require => Couchdb::Query::Setup['localhost'] } - + ## sessions database ## r/w: webapp couchdb::create_db { 'sessions': @@ -24,6 +24,13 @@ class site_couchdb::create_dbs { require => Couchdb::Query::Setup['localhost'] } + ## shared database + ## r/w: soledad + couchdb::create_db { 'shared': + members => "{ \"names\": [\"$site_couchdb::couchdb_soledad_user\"], \"roles\": [] }", + require => Couchdb::Query::Setup['localhost'] + } + ## tickets database ## r/w: webapp couchdb::create_db { 'tickets': -- cgit v1.2.3 From ef0eae6b9ed6294f5c921a73777090142861beba Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 27 Nov 2013 14:22:57 -0500 Subject: setup tokens couchdb role for the tokens database and give soledad and the webapp access Change-Id: Ifc44d5775e37655240573ab01dd2ee2f794bd8f3 --- puppet/modules/site_couchdb/manifests/add_users.pp | 6 +++--- puppet/modules/site_couchdb/manifests/create_dbs.pp | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp index f5c38cbb..03ce12f1 100644 --- a/puppet/modules/site_couchdb/manifests/add_users.pp +++ b/puppet/modules/site_couchdb/manifests/add_users.pp @@ -26,16 +26,16 @@ class site_couchdb::add_users { ## read: tokens, user-, shared ## write: user-, shared couchdb::add_user { $site_couchdb::couchdb_soledad_user: - roles => '["auth"]', + roles => '["tokens"]', pw => $site_couchdb::couchdb_soledad_pw, salt => $site_couchdb::couchdb_soledad_salt, require => Couchdb::Query::Setup['localhost'] } ## webapp couchdb user - ## read/write: users, tokens, sessions, tickets, identities + ## read/write: users, tokens, sessions, tickets, identities, customer couchdb::add_user { $site_couchdb::couchdb_webapp_user: - roles => '["auth","identities"]', + roles => '["tokens","identities"]', pw => $site_couchdb::couchdb_webapp_pw, salt => $site_couchdb::couchdb_webapp_salt, require => Couchdb::Query::Setup['localhost'] diff --git a/puppet/modules/site_couchdb/manifests/create_dbs.pp b/puppet/modules/site_couchdb/manifests/create_dbs.pp index 9e21e33a..a1db9d54 100644 --- a/puppet/modules/site_couchdb/manifests/create_dbs.pp +++ b/puppet/modules/site_couchdb/manifests/create_dbs.pp @@ -42,7 +42,7 @@ class site_couchdb::create_dbs { ## r: soledad - needs to be restricted with a design document ## r/w: webapp couchdb::create_db { 'tokens': - members => "{ \"names\": [], \"roles\": [\"auth\"] }", + members => "{ \"names\": [], \"roles\": [\"tokens\"] }", require => Couchdb::Query::Setup['localhost'] } -- cgit v1.2.3 From 0aed6d16a0303e05462f4c81cda0ced9872773bf Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 27 Nov 2013 14:27:50 -0500 Subject: add the tapicero couchdb user, and appropriate roles Change-Id: I41e9a73c8d04d5a2d74b41c8e32aca9906f3a4cf --- puppet/modules/site_couchdb/manifests/add_users.pp | 16 +++++++++++++--- puppet/modules/site_couchdb/manifests/create_dbs.pp | 2 +- puppet/modules/site_couchdb/manifests/init.pp | 5 +++++ 3 files changed, 19 insertions(+), 4 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp index 03ce12f1..f9ea7349 100644 --- a/puppet/modules/site_couchdb/manifests/add_users.pp +++ b/puppet/modules/site_couchdb/manifests/add_users.pp @@ -23,8 +23,8 @@ class site_couchdb::add_users { } ## soledad couchdb user - ## read: tokens, user-, shared - ## write: user-, shared + ## r/w: user-, shared + ## read: tokens couchdb::add_user { $site_couchdb::couchdb_soledad_user: roles => '["tokens"]', pw => $site_couchdb::couchdb_soledad_pw, @@ -32,10 +32,20 @@ class site_couchdb::add_users { require => Couchdb::Query::Setup['localhost'] } + ### tapicero couchdb user + ### admin: needs to be able to create user- databases + ### read: users + couchdb::add_user { $site_couchdb::couchdb_tapicero_user: + roles => '["users"]', + pw => $site_couchdb::couchdb_tapicero_pw, + salt => $site_couchdb::couchdb_tapicero_salt, + require => Couchdb::Query::Setup['localhost'] + } + ## webapp couchdb user ## read/write: users, tokens, sessions, tickets, identities, customer couchdb::add_user { $site_couchdb::couchdb_webapp_user: - roles => '["tokens","identities"]', + roles => '["tokens","identities","users"]', pw => $site_couchdb::couchdb_webapp_pw, salt => $site_couchdb::couchdb_webapp_salt, require => Couchdb::Query::Setup['localhost'] diff --git a/puppet/modules/site_couchdb/manifests/create_dbs.pp b/puppet/modules/site_couchdb/manifests/create_dbs.pp index a1db9d54..f53597e7 100644 --- a/puppet/modules/site_couchdb/manifests/create_dbs.pp +++ b/puppet/modules/site_couchdb/manifests/create_dbs.pp @@ -49,7 +49,7 @@ class site_couchdb::create_dbs { ## users database ## r/w: webapp couchdb::create_db { 'users': - members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }", + members => "{ \"names\": [], \"roles\": [\"users\"] }", require => Couchdb::Query::Setup['localhost'] } } diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index b73c23c3..bb3fa5d7 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -19,6 +19,11 @@ class site_couchdb { $couchdb_soledad_pw = $couchdb_soledad['password'] $couchdb_soledad_salt = $couchdb_soledad['salt'] + $couchdb_tapicero = $couchdb_users['tapicero'] + $couchdb_tapicero_user = $couchdb_tapicero['username'] + $couchdb_tapicero_pw = $couchdb_tapicero['password'] + $couchdb_tapicero_salt = $couchdb_tapicero['salt'] + $couchdb_webapp = $couchdb_users['webapp'] $couchdb_webapp_user = $couchdb_webapp['username'] $couchdb_webapp_pw = $couchdb_webapp['password'] -- cgit v1.2.3 From 27b084fbb61ea036a45970f1b0c5a8f8175f96e8 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 27 Nov 2013 15:00:10 -0500 Subject: add missing nickserver hiera value lookup Change-Id: I77061054f4768f0677ca9c498e6cd6d5df4ff806 --- puppet/modules/site_couchdb/manifests/init.pp | 49 +++++++++++++++------------ 1 file changed, 27 insertions(+), 22 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index bb3fa5d7..1933f01b 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -1,40 +1,45 @@ class site_couchdb { tag 'leap_service' - $couchdb_config = hiera('couch') - $couchdb_users = $couchdb_config['users'] + $couchdb_config = hiera('couch') + $couchdb_users = $couchdb_config['users'] - $couchdb_admin = $couchdb_users['admin'] - $couchdb_admin_user = $couchdb_admin['username'] - $couchdb_admin_pw = $couchdb_admin['password'] - $couchdb_admin_salt = $couchdb_admin['salt'] + $couchdb_admin = $couchdb_users['admin'] + $couchdb_admin_user = $couchdb_admin['username'] + $couchdb_admin_pw = $couchdb_admin['password'] + $couchdb_admin_salt = $couchdb_admin['salt'] - $couchdb_leap_mx = $couchdb_users['leap_mx'] - $couchdb_leap_mx_user = $couchdb_leap_mx['username'] - $couchdb_leap_mx_pw = $couchdb_leap_mx['password'] - $couchdb_leap_mx_salt = $couchdb_leap_mx['salt'] + $couchdb_leap_mx = $couchdb_users['leap_mx'] + $couchdb_leap_mx_user = $couchdb_leap_mx['username'] + $couchdb_leap_mx_pw = $couchdb_leap_mx['password'] + $couchdb_leap_mx_salt = $couchdb_leap_mx['salt'] - $couchdb_soledad = $couchdb_users['soledad'] - $couchdb_soledad_user = $couchdb_soledad['username'] - $couchdb_soledad_pw = $couchdb_soledad['password'] - $couchdb_soledad_salt = $couchdb_soledad['salt'] + $couchdb_nickserver = $couchdb_users['nickserver'] + $couchdb_nickserver_user = $couchdb_nickserver['username'] + $couchdb_nickserver_pw = $couchdb_nickserver['password'] + $couchdb_nickserver_salt = $couchdb_nickserver['salt'] + + $couchdb_soledad = $couchdb_users['soledad'] + $couchdb_soledad_user = $couchdb_soledad['username'] + $couchdb_soledad_pw = $couchdb_soledad['password'] + $couchdb_soledad_salt = $couchdb_soledad['salt'] $couchdb_tapicero = $couchdb_users['tapicero'] $couchdb_tapicero_user = $couchdb_tapicero['username'] $couchdb_tapicero_pw = $couchdb_tapicero['password'] $couchdb_tapicero_salt = $couchdb_tapicero['salt'] - $couchdb_webapp = $couchdb_users['webapp'] - $couchdb_webapp_user = $couchdb_webapp['username'] - $couchdb_webapp_pw = $couchdb_webapp['password'] - $couchdb_webapp_salt = $couchdb_webapp['salt'] + $couchdb_webapp = $couchdb_users['webapp'] + $couchdb_webapp_user = $couchdb_webapp['username'] + $couchdb_webapp_pw = $couchdb_webapp['password'] + $couchdb_webapp_salt = $couchdb_webapp['salt'] - $couchdb_backup = $couchdb_config['backup'] + $couchdb_backup = $couchdb_config['backup'] - $bigcouch_config = $couchdb_config['bigcouch'] - $bigcouch_cookie = $bigcouch_config['cookie'] + $bigcouch_config = $couchdb_config['bigcouch'] + $bigcouch_cookie = $bigcouch_config['cookie'] - $ednp_port = $bigcouch_config['ednp_port'] + $ednp_port = $bigcouch_config['ednp_port'] class { 'couchdb': bigcouch => true, -- cgit v1.2.3 From bf563b722126c0e6ae1d8f2f830be03e006664a1 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 20 Nov 2013 12:10:52 -0500 Subject: setup customer couchdb database Change-Id: Ic0e9f5f6a1f28d865d7757a9de0d9399a6a9a5e3 Conflicts: puppet/modules/site_couchdb/manifests/init.pp --- puppet/modules/site_couchdb/manifests/create_dbs.pp | 7 +++++++ puppet/modules/site_couchdb/manifests/init.pp | 13 ++++++------- 2 files changed, 13 insertions(+), 7 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/create_dbs.pp b/puppet/modules/site_couchdb/manifests/create_dbs.pp index f53597e7..f206fddb 100644 --- a/puppet/modules/site_couchdb/manifests/create_dbs.pp +++ b/puppet/modules/site_couchdb/manifests/create_dbs.pp @@ -2,6 +2,13 @@ class site_couchdb::create_dbs { # Couchdb databases + ### customer database + ### r/w: webapp, + couchdb::create_db { 'customer': + members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }", + require => Couchdb::Query::Setup['localhost'] + } + ## identities database ## r: nickserver, leap_mx - needs to be restrict with design document ## r/w: webapp diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 1933f01b..ad0c996a 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -70,14 +70,13 @@ class site_couchdb { # we symlink this to /root/.netrc for couchdb_scripts (eg. backup) # and makes life easier for the admin (i.e. using curl/wget without # passing credentials) - file { '/root/.netrc': - ensure => link, - target => '/etc/couchdb/couchdb.netrc', - require => Couchdb::Query::Setup['localhost'] - } + file { + '/root/.netrc': + ensure => link, + target => '/etc/couchdb/couchdb.netrc'; - file { '/srv/leap/couchdb': - ensure => directory + '/srv/leap/couchdb': + ensure => directory } couchdb::query::setup { 'localhost': -- cgit v1.2.3 From 0ee2115516eb8b79ad6ff8711b860d9da60e0f2a Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 28 Nov 2013 11:03:20 -0500 Subject: remove duplicate couchdb design document json files Change-Id: I5b3d073aec0522cf464ff41905be1ee326f13197 --- .../site_couchdb/files/designs/customers.json | 18 -------- .../site_couchdb/files/designs/identities.json | 28 ------------ .../site_couchdb/files/designs/sessions.json | 8 ---- .../site_couchdb/files/designs/tickets.json | 50 ---------------------- .../modules/site_couchdb/files/designs/tokens.json | 14 ------ .../modules/site_couchdb/files/designs/users.json | 26 ----------- 6 files changed, 144 deletions(-) delete mode 100644 puppet/modules/site_couchdb/files/designs/customers.json delete mode 100644 puppet/modules/site_couchdb/files/designs/identities.json delete mode 100644 puppet/modules/site_couchdb/files/designs/sessions.json delete mode 100644 puppet/modules/site_couchdb/files/designs/tickets.json delete mode 100644 puppet/modules/site_couchdb/files/designs/tokens.json delete mode 100644 puppet/modules/site_couchdb/files/designs/users.json (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/files/designs/customers.json b/puppet/modules/site_couchdb/files/designs/customers.json deleted file mode 100644 index 1b4bbddd..00000000 --- a/puppet/modules/site_couchdb/files/designs/customers.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "_id": "_design/Customer", - "language": "javascript", - "views": { - "by_user_id": { - "map": " function(doc) {\n if ((doc['type'] == 'Customer') && (doc['user_id'] != null)) {\n emit(doc['user_id'], 1);\n }\n }\n", - "reduce": "_sum" - }, - "by_braintree_customer_id": { - "map": " function(doc) {\n if ((doc['type'] == 'Customer') && (doc['braintree_customer_id'] != null)) {\n emit(doc['braintree_customer_id'], 1);\n }\n }\n", - "reduce": "_sum" - }, - "all": { - "map": " function(doc) {\n if (doc['type'] == 'Customer') {\n emit(doc._id, null);\n }\n }\n" - } - }, - "couchrest-hash": "688c401ec0230b75625c176a88fc4a02" -} \ No newline at end of file diff --git a/puppet/modules/site_couchdb/files/designs/identities.json b/puppet/modules/site_couchdb/files/designs/identities.json deleted file mode 100644 index 8cf8c39b..00000000 --- a/puppet/modules/site_couchdb/files/designs/identities.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "_id": "_design/Identity", - "language": "javascript", - "views": { - "by_user_id": { - "map": " function(doc) {\n if ((doc['type'] == 'Identity') && (doc['user_id'] != null)) {\n emit(doc['user_id'], 1);\n }\n }\n", - "reduce": "_sum" - }, - "by_address_and_destination": { - "map": " function(doc) {\n if ((doc['type'] == 'Identity') && (doc['address'] != null) && (doc['destination'] != null)) {\n emit([doc['address'], doc['destination']], 1);\n }\n }\n", - "reduce": "_sum" - }, - "by_address": { - "map": " function(doc) {\n if ((doc['type'] == 'Identity') && (doc['address'] != null)) {\n emit(doc['address'], 1);\n }\n }\n", - "reduce": "_sum" - }, - "pgp_key_by_email": { - "map": " function(doc) {\n if (doc.type != 'Identity') {\n return;\n }\n emit(doc.address, doc.keys[\"pgp\"]);\n }\n" - }, - "disabled": { - "map": " function(doc) {\n if (doc.type != 'Identity') {\n return;\n }\n if (typeof doc.user_id === \"undefined\") {\n emit(doc._id, 1);\n }\n }\n" - }, - "all": { - "map": " function(doc) {\n if (doc['type'] == 'Identity') {\n emit(doc._id, null);\n }\n }\n" - } - }, - "couchrest-hash": "5b0ece9d28b3025d18ea71fddf3a532f" -} \ No newline at end of file diff --git a/puppet/modules/site_couchdb/files/designs/sessions.json b/puppet/modules/site_couchdb/files/designs/sessions.json deleted file mode 100644 index 70202780..00000000 --- a/puppet/modules/site_couchdb/files/designs/sessions.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "views": { - "by_expires": { - "reduce": "_sum", - "map": "function(doc) {\n if(typeof doc.expires !== \"undefined\") {\n emit(doc.expires, 1);\n }\n}\n" - } - } -} diff --git a/puppet/modules/site_couchdb/files/designs/tickets.json b/puppet/modules/site_couchdb/files/designs/tickets.json deleted file mode 100644 index 2c9408b8..00000000 --- a/puppet/modules/site_couchdb/files/designs/tickets.json +++ /dev/null @@ -1,50 +0,0 @@ -{ - "_id": "_design/Ticket", - "language": "javascript", - "views": { - "by_updated_at": { - "map": " function(doc) {\n if ((doc['type'] == 'Ticket') && (doc['updated_at'] != null)) {\n emit(doc['updated_at'], 1);\n }\n }\n", - "reduce": "_sum" - }, - "by_created_at": { - "map": " function(doc) {\n if ((doc['type'] == 'Ticket') && (doc['created_at'] != null)) {\n emit(doc['created_at'], 1);\n }\n }\n", - "reduce": "_sum" - }, - "by_created_by": { - "map": " function(doc) {\n if ((doc['type'] == 'Ticket') && (doc['created_by'] != null)) {\n emit(doc['created_by'], 1);\n }\n }\n", - "reduce": "_sum" - }, - "by_is_open_and_created_at": { - "map": " function(doc) {\n if ((doc['type'] == 'Ticket') && (doc['is_open'] != null) && (doc['created_at'] != null)) {\n emit([doc['is_open'], doc['created_at']], 1);\n }\n }\n", - "reduce": "_sum" - }, - "by_is_open_and_updated_at": { - "map": " function(doc) {\n if ((doc['type'] == 'Ticket') && (doc['is_open'] != null) && (doc['updated_at'] != null)) {\n emit([doc['is_open'], doc['updated_at']], 1);\n }\n }\n", - "reduce": "_sum" - }, - "by_includes_post_by_and_is_open_and_created_at": { - "map": "function(doc) {\n var arr = {}\n if (doc['type'] == 'Ticket' && doc.comments) {\n doc.comments.forEach(function(comment){\n if (comment.posted_by && !arr[comment.posted_by]) {\n //don't add duplicates\n arr[comment.posted_by] = true;\n emit([comment.posted_by, doc.is_open, doc.created_at], 1);\n }\n });\n }\n}\n", - "reduce": "function(key, values, rereduce) { return sum(values); }" - }, - "by_includes_post_by_and_is_open_and_updated_at": { - "map": "function(doc) {\n var arr = {}\n if (doc['type'] == 'Ticket' && doc.comments) {\n doc.comments.forEach(function(comment){\n if (comment.posted_by && !arr[comment.posted_by]) {\n //don't add duplicates\n arr[comment.posted_by] = true;\n emit([comment.posted_by, doc.is_open, doc.updated_at], 1);\n }\n });\n }\n}\n", - "reduce": "function(key, values, rereduce) { return sum(values); }" - }, - "by_includes_post_by_and_updated_at": { - "map": "function(doc) {\n var arr = {}\n if (doc['type'] == 'Ticket' && doc.comments) {\n doc.comments.forEach(function(comment){\n if (comment.posted_by && !arr[comment.posted_by]) {\n //don't add duplicates\n arr[comment.posted_by] = true;\n emit([comment.posted_by, doc.updated_at], 1);\n }\n });\n }\n}\n", - "reduce": "function(key, values, rereduce) { return sum(values); }" - }, - "by_includes_post_by": { - "map": "// TODO: This view is only used in tests--should we keep it?\nfunction(doc) {\n var arr = {}\n if (doc['type'] == 'Ticket' && doc.comments) {\n doc.comments.forEach(function(comment){\n if (comment.posted_by && !arr[comment.posted_by]) {\n //don't add duplicates\n arr[comment.posted_by] = true;\n emit(comment.posted_by, 1);\n }\n });\n }\n}\n", - "reduce": "function(key, values, rereduce) { return sum(values); }" - }, - "by_includes_post_by_and_created_at": { - "map": "function(doc) {\n var arr = {}\n if (doc['type'] == 'Ticket' && doc.comments) {\n doc.comments.forEach(function(comment){\n if (comment.posted_by && !arr[comment.posted_by]) {\n //don't add duplicates\n arr[comment.posted_by] = true;\n emit([comment.posted_by, doc.created_at], 1);\n }\n });\n }\n}\n", - "reduce": "function(key, values, rereduce) { return sum(values); }" - }, - "all": { - "map": " function(doc) {\n if (doc['type'] == 'Ticket') {\n emit(doc._id, null);\n }\n }\n" - } - }, - "couchrest-hash": "9978e2cbeacbe8622c2a7f103bf8130f" -} \ No newline at end of file diff --git a/puppet/modules/site_couchdb/files/designs/tokens.json b/puppet/modules/site_couchdb/files/designs/tokens.json deleted file mode 100644 index b9025f15..00000000 --- a/puppet/modules/site_couchdb/files/designs/tokens.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "_id": "_design/Token", - "language": "javascript", - "views": { - "by_last_seen_at": { - "map": " function(doc) {\n if ((doc['type'] == 'Token') && (doc['last_seen_at'] != null)) {\n emit(doc['last_seen_at'], 1);\n }\n }\n", - "reduce": "_sum" - }, - "all": { - "map": " function(doc) {\n if (doc['type'] == 'Token') {\n emit(doc._id, null);\n }\n }\n" - } - }, - "couchrest-hash": "541dd924551c42a2317b345effbe65cc" -} \ No newline at end of file diff --git a/puppet/modules/site_couchdb/files/designs/users.json b/puppet/modules/site_couchdb/files/designs/users.json deleted file mode 100644 index c500822b..00000000 --- a/puppet/modules/site_couchdb/files/designs/users.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "_id": "_design/User", - "language": "javascript", - "views": { - "by_login": { - "map": " function(doc) {\n if ((doc['type'] == 'User') && (doc['login'] != null)) {\n emit(doc['login'], 1);\n }\n }\n", - "reduce": "_sum" - }, - "all": { - "map": " function(doc) {\n if (doc['type'] == 'User') {\n emit(doc._id, null);\n }\n }\n" - }, - "by_alias": { - "map": "function(doc) {\n if (doc.type != 'User') {\n return;\n }\n doc.email_aliases.forEach(function(alias){\n emit(alias.username, 1);\n });\n}\n", - "reduce": "function(key, values, rereduce) { return sum(values); }" - }, - "by_login_or_alias": { - "map": "function(doc) {\n if (doc.type != 'User') {\n return;\n }\n emit(doc.login, 1);\n doc.email_aliases.forEach(function(alias){\n emit(alias.username, 1);\n });\n}\n", - "reduce": "function(key, values, rereduce) { return sum(values); }" - }, - "by_created_at": { - "map": " function(doc) {\n if ((doc['type'] == 'User') && (doc['created_at'] != null)) {\n emit(doc['created_at'], 1);\n }\n }\n", - "reduce": "_sum" - } - }, - "couchrest-hash": "26adb5c9480663de3fe60d959b60a7b2" -} \ No newline at end of file -- cgit v1.2.3 From 006a2fec91304f1814deb3c3887b72aa0872a600 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 17 Dec 2013 11:44:50 -0500 Subject: fix name of customers couchdb database (#4787) Change-Id: I704a1d46069f975711323ff8e6a634d06c267157 --- puppet/modules/site_couchdb/manifests/create_dbs.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/create_dbs.pp b/puppet/modules/site_couchdb/manifests/create_dbs.pp index f206fddb..b0ebca4d 100644 --- a/puppet/modules/site_couchdb/manifests/create_dbs.pp +++ b/puppet/modules/site_couchdb/manifests/create_dbs.pp @@ -4,7 +4,7 @@ class site_couchdb::create_dbs { ### customer database ### r/w: webapp, - couchdb::create_db { 'customer': + couchdb::create_db { 'customers': members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }", require => Couchdb::Query::Setup['localhost'] } -- cgit v1.2.3 From e0c07465d14d701da16e47b9c2e3938c80088c4d Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 19 Dec 2013 12:50:17 +0100 Subject: Deploy /etc/leap/couchdb_scripts_defaults.conf so we can exclude some DBs, i.e. sessions + tokens (#4794) --- .../modules/site_couchdb/files/couchdb_scripts_defaults.conf | 4 ++++ puppet/modules/site_couchdb/manifests/backup.pp | 11 +++++++++++ 2 files changed, 15 insertions(+) create mode 100644 puppet/modules/site_couchdb/files/couchdb_scripts_defaults.conf (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/files/couchdb_scripts_defaults.conf b/puppet/modules/site_couchdb/files/couchdb_scripts_defaults.conf new file mode 100644 index 00000000..1565e1a1 --- /dev/null +++ b/puppet/modules/site_couchdb/files/couchdb_scripts_defaults.conf @@ -0,0 +1,4 @@ +# space separated list of excluded DBs for dumping +# sourced by couchdb_dumpall.sh +EXCLUDE_DBS='sessions tokens' + diff --git a/puppet/modules/site_couchdb/manifests/backup.pp b/puppet/modules/site_couchdb/manifests/backup.pp index ef505693..8b5aa6ea 100644 --- a/puppet/modules/site_couchdb/manifests/backup.pp +++ b/puppet/modules/site_couchdb/manifests/backup.pp @@ -9,4 +9,15 @@ class site_couchdb::backup { backupninja::sh { 'couchdb_backup': command_string => "cd /srv/leap/couchdb/scripts \n./couchdb_dumpall.sh" } + + # Deploy /etc/leap/couchdb_scripts_defaults.conf so we can exclude + # some databases + + file { '/etc/leap/couchdb_scripts_defaults.conf': + source => 'puppet:///modules/site_couchdb/couchdb_scripts_defaults.conf', + mode => '0644', + owner => 'root', + group => 'root', + } + } -- cgit v1.2.3 From c07e0f2f5ddd17c7d7bdb6a1afc4748b401f14ae Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 31 Dec 2013 17:09:22 +0100 Subject: add design docs for new soledad version to shared db --- puppet/modules/site_couchdb/files/designs/shared/docs.json | 12 ++++++++++++ puppet/modules/site_couchdb/files/designs/shared/syncs.json | 11 +++++++++++ .../site_couchdb/files/designs/shared/transactions.json | 12 ++++++++++++ 3 files changed, 35 insertions(+) create mode 100644 puppet/modules/site_couchdb/files/designs/shared/docs.json create mode 100644 puppet/modules/site_couchdb/files/designs/shared/syncs.json create mode 100644 puppet/modules/site_couchdb/files/designs/shared/transactions.json (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/files/designs/shared/docs.json b/puppet/modules/site_couchdb/files/designs/shared/docs.json new file mode 100644 index 00000000..4aad02aa --- /dev/null +++ b/puppet/modules/site_couchdb/files/designs/shared/docs.json @@ -0,0 +1,12 @@ +{ + "views" : { + "get" : { + "map" : "function(doc) {\n if (doc.u1db_rev) {\n var is_tombstone = true;\n var has_conflicts = false;\n if (doc._attachments) {\n if (doc._attachments.u1db_content)\n is_tombstone = false;\n if (doc._attachments.u1db_conflicts)\n has_conflicts = true;\n }\n emit(doc._id,\n {\n \"couch_rev\": doc._rev,\n \"u1db_rev\": doc.u1db_rev,\n \"is_tombstone\": is_tombstone,\n \"has_conflicts\": has_conflicts,\n }\n );\n }\n}\n" + } + }, + "_id" : "_design/docs", + "updates" : { + "resolve_doc" : "function(doc, req){\n /* we expect to receive the following in `req.body`:\n * {\n * 'couch_rev': '',\n * 'conflicts': '',\n * }\n */\n var body = JSON.parse(req.body);\n\n // fail if no document was given\n if (!doc) {\n return [null, 'document does not exist']\n } \n\n // fail if couch revisions do not match\n if (body['couch_rev'] != null\n && doc['_rev'] != body['couch_rev']) {\n return [null, 'revision conflict']\n }\n\n // fail if conflicts were not sent\n if (body['conflicts'] == null)\n return [null, 'missing conflicts']\n\n // save conflicts as attachment if they were sent\n if (body['conflicts'] != null) {\n if (!doc._attachments)\n doc._attachments = {};\n doc._attachments.u1db_conflicts = {\n content_type: \"application/octet-stream\",\n data: body['conflicts'] // should be base64 encoded\n }\n }\n // or delete attachment if there are no conflicts\n else if (doc._attachments && doc._attachments.u1db_conflicts)\n delete doc._attachments.u1db_conflicts;\n\n return [doc, 'ok'];\n}\n", + "put" : "function(doc, req){\n /* we expect to receive the following in `req.body`:\n * {\n * 'couch_rev': '',\n * 'u1db_rev': '',\n * 'content': '',\n * 'trans_id': ''\n * 'conflicts': '',\n * 'update_conflicts': \n * }\n */\n var body = JSON.parse(req.body);\n\n // create a new document document\n if (!doc) {\n doc = {}\n doc['_id'] = req['id'];\n }\n // or fail if couch revisions do not match\n else if (doc['_rev'] != body['couch_rev']) {\n // of fail if revisions do not match\n return [null, 'revision conflict']\n }\n\n // store u1db rev\n doc.u1db_rev = body['u1db_rev'];\n\n // save content as attachment\n if (body['content'] != null) {\n // save u1db content as attachment\n if (!doc._attachments)\n doc._attachments = {};\n doc._attachments.u1db_content = {\n content_type: \"application/octet-stream\",\n data: body['content'] // should be base64 encoded\n };\n }\n // or delete the attachment if document is tombstone\n else if (doc._attachments &&\n doc._attachments.u1db_content)\n delete doc._attachments.u1db_content;\n\n // store the transaction id\n if (!doc.u1db_transactions)\n doc.u1db_transactions = [];\n var d = new Date();\n doc.u1db_transactions.push([d.getTime(), body['trans_id']]);\n\n // save conflicts as attachment if they were sent\n if (body['update_conflicts'])\n if (body['conflicts'] != null) {\n if (!doc._attachments)\n doc._attachments = {};\n doc._attachments.u1db_conflicts = {\n content_type: \"application/octet-stream\",\n data: body['conflicts'] // should be base64 encoded\n }\n } else {\n if(doc._attachments && doc._attachments.u1db_conflicts)\n delete doc._attachments.u1db_conflicts\n }\n\n return [doc, 'ok'];\n}\n" + } +} diff --git a/puppet/modules/site_couchdb/files/designs/shared/syncs.json b/puppet/modules/site_couchdb/files/designs/shared/syncs.json new file mode 100644 index 00000000..0df5ff74 --- /dev/null +++ b/puppet/modules/site_couchdb/files/designs/shared/syncs.json @@ -0,0 +1,11 @@ +{ + "views" : { + "log" : { + "map" : "function(doc) {\n if (doc._id == 'u1db_sync_log') {\n if (doc.syncs)\n doc.syncs.forEach(function (entry) {\n emit(entry[0],\n {\n 'known_generation': entry[1],\n 'known_transaction_id': entry[2]\n });\n });\n }\n}\n" + } + }, + "_id" : "_design/syncs", + "updates" : { + "put" : "function(doc, req){\n if (!doc) {\n doc = {}\n doc['_id'] = 'u1db_sync_log';\n doc['syncs'] = [];\n }\n body = JSON.parse(req.body);\n // remove outdated info\n doc['syncs'] = doc['syncs'].filter(\n function (entry) {\n return entry[0] != body['other_replica_uid'];\n }\n );\n // store u1db rev\n doc['syncs'].push([\n body['other_replica_uid'],\n body['other_generation'],\n body['other_transaction_id']\n ]);\n return [doc, 'ok'];\n}\n\n" + } +} diff --git a/puppet/modules/site_couchdb/files/designs/shared/transactions.json b/puppet/modules/site_couchdb/files/designs/shared/transactions.json new file mode 100644 index 00000000..8fcb84d1 --- /dev/null +++ b/puppet/modules/site_couchdb/files/designs/shared/transactions.json @@ -0,0 +1,12 @@ +{ + "lists" : { + "generation" : "function(head, req) {\n var row;\n var rows=[];\n // fetch all rows\n while(row = getRow()) {\n rows.push(row);\n }\n if (rows.length > 0)\n send(JSON.stringify({\n \"generation\": rows.length,\n \"doc_id\": rows[rows.length-1]['id'],\n \"transaction_id\": rows[rows.length-1]['value']\n }));\n else\n send(JSON.stringify({\n \"generation\": 0,\n \"doc_id\": \"\",\n \"transaction_id\": \"\",\n }));\n}\n", + "whats_changed" : "function(head, req) {\n var row;\n var gen = 1;\n var old_gen = 0;\n if (req.query.old_gen)\n old_gen = parseInt(req.query['old_gen']);\n send('{\"transactions\":[\\n');\n // fetch all rows\n while(row = getRow()) {\n if (gen > old_gen) {\n if (gen > old_gen+1)\n send(',\\n');\n send(JSON.stringify({\n \"generation\": gen,\n \"doc_id\": row[\"id\"],\n \"transaction_id\": row[\"value\"]\n }));\n }\n gen++;\n }\n send('\\n]}');\n}\n", + "trans_id_for_gen" : "function(head, req) {\n var row;\n var rows=[];\n var i = 1;\n var gen = 1;\n if (req.query.gen)\n gen = parseInt(req.query['gen']);\n // fetch all rows\n while(row = getRow())\n rows.push(row);\n if (gen <= rows.length)\n send(JSON.stringify({\n \"generation\": gen,\n \"doc_id\": rows[gen-1]['id'],\n \"transaction_id\": rows[gen-1]['value'],\n }));\n else\n send('{}');\n}\n" + }, + "views" : { + "log" : { + "map" : "function(doc) {\n if (doc.u1db_transactions)\n doc.u1db_transactions.forEach(function(t) {\n emit(t[0], // use timestamp as key so the results are ordered\n t[1]); // value is the transaction_id\n });\n}\n" + } + } +} -- cgit v1.2.3 From f4eca7fba63c5e0cfe695812c11fae10778fd349 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 7 Jan 2014 18:06:34 +0100 Subject: restrict bigcouch chttp proc to localhost --- puppet/modules/site_couchdb/manifests/init.pp | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index ad0c996a..fd7e67a1 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -42,11 +42,12 @@ class site_couchdb { $ednp_port = $bigcouch_config['ednp_port'] class { 'couchdb': - bigcouch => true, - admin_pw => $couchdb_admin_pw, - admin_salt => $couchdb_admin_salt, - bigcouch_cookie => $bigcouch_cookie, - ednp_port => $ednp_port + bigcouch => true, + admin_pw => $couchdb_admin_pw, + admin_salt => $couchdb_admin_salt, + bigcouch_cookie => $bigcouch_cookie, + ednp_port => $ednp_port, + chttpd_bind_address => '127.0.0.1' } class { 'couchdb::bigcouch::package::cloudant': } -- cgit v1.2.3 From 7fbad48e98cb49367041b22f7c94a8d0e001db33 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 7 Jan 2014 12:02:05 +0100 Subject: fix function issues in webapp design documents This change is a result of https://github.com/leapcode/leap_web/pull/133. Both should be deployed at the same time to prevent conflicts. --- .../site_couchdb/files/designs/identities/Identity.json | 4 ++-- puppet/modules/site_couchdb/files/designs/users/User.json | 10 +--------- 2 files changed, 3 insertions(+), 11 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/files/designs/identities/Identity.json b/puppet/modules/site_couchdb/files/designs/identities/Identity.json index 8cf8c39b..2ac092ab 100644 --- a/puppet/modules/site_couchdb/files/designs/identities/Identity.json +++ b/puppet/modules/site_couchdb/files/designs/identities/Identity.json @@ -15,7 +15,7 @@ "reduce": "_sum" }, "pgp_key_by_email": { - "map": " function(doc) {\n if (doc.type != 'Identity') {\n return;\n }\n emit(doc.address, doc.keys[\"pgp\"]);\n }\n" + "map": " function(doc) {\n if (doc.type != 'Identity') {\n return;\n }\n if (typeof doc.keys === \"object\") {\n emit(doc.address, doc.keys[\"pgp\"]);\n }\n }\n" }, "disabled": { "map": " function(doc) {\n if (doc.type != 'Identity') {\n return;\n }\n if (typeof doc.user_id === \"undefined\") {\n emit(doc._id, 1);\n }\n }\n" @@ -24,5 +24,5 @@ "map": " function(doc) {\n if (doc['type'] == 'Identity') {\n emit(doc._id, null);\n }\n }\n" } }, - "couchrest-hash": "5b0ece9d28b3025d18ea71fddf3a532f" + "couchrest-hash": "e9004d70e26770c621a9667536429a68" } \ No newline at end of file diff --git a/puppet/modules/site_couchdb/files/designs/users/User.json b/puppet/modules/site_couchdb/files/designs/users/User.json index c500822b..c99666cb 100644 --- a/puppet/modules/site_couchdb/files/designs/users/User.json +++ b/puppet/modules/site_couchdb/files/designs/users/User.json @@ -9,18 +9,10 @@ "all": { "map": " function(doc) {\n if (doc['type'] == 'User') {\n emit(doc._id, null);\n }\n }\n" }, - "by_alias": { - "map": "function(doc) {\n if (doc.type != 'User') {\n return;\n }\n doc.email_aliases.forEach(function(alias){\n emit(alias.username, 1);\n });\n}\n", - "reduce": "function(key, values, rereduce) { return sum(values); }" - }, - "by_login_or_alias": { - "map": "function(doc) {\n if (doc.type != 'User') {\n return;\n }\n emit(doc.login, 1);\n doc.email_aliases.forEach(function(alias){\n emit(alias.username, 1);\n });\n}\n", - "reduce": "function(key, values, rereduce) { return sum(values); }" - }, "by_created_at": { "map": " function(doc) {\n if ((doc['type'] == 'User') && (doc['created_at'] != null)) {\n emit(doc['created_at'], 1);\n }\n }\n", "reduce": "_sum" } }, - "couchrest-hash": "26adb5c9480663de3fe60d959b60a7b2" + "couchrest-hash": "3bdbcd85b928ad911e0c89a8924e015c" } \ No newline at end of file -- cgit v1.2.3 From dfc1368452a6474cb4582aff0f3505a2b8b4842c Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 13 Jan 2014 12:42:06 +0100 Subject: load_design_documents.sh fails (Bug #4945) --- puppet/modules/site_couchdb/manifests/designs.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/designs.pp b/puppet/modules/site_couchdb/manifests/designs.pp index 2d0a8326..83d6c8cd 100644 --- a/puppet/modules/site_couchdb/manifests/designs.pp +++ b/puppet/modules/site_couchdb/manifests/designs.pp @@ -7,6 +7,7 @@ class site_couchdb::designs { ensure => directory, source => 'puppet:///modules/site_couchdb/designs', recurse => true, + purge => true, mode => '0755' } -- cgit v1.2.3 From 0e07e1b20acb844a6c610166c9918a92a093df73 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 20 Jan 2014 15:05:19 +0100 Subject: configure leap_platform to install our leap bigcouch package (Feature #4971) --- puppet/modules/site_couchdb/manifests/init.pp | 2 -- 1 file changed, 2 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index ad0c996a..e1414b34 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -49,10 +49,8 @@ class site_couchdb { ednp_port => $ednp_port } - class { 'couchdb::bigcouch::package::cloudant': } Class['site_config::default'] - -> Class['couchdb::bigcouch::package::cloudant'] -> Service['couchdb'] -> Class['site_couchdb::stunnel'] -> File['/root/.netrc'] -- cgit v1.2.3 From e91d7e016244da48be0a9ea23d3bb43bb3b8e93d Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 21 Jan 2014 14:41:04 +0100 Subject: properly purge cloudant repository leftovers (#4971) --- puppet/modules/site_couchdb/manifests/init.pp | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index e1414b34..4cd7ce03 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -49,8 +49,15 @@ class site_couchdb { ednp_port => $ednp_port } + # ensure that we don't have leftovers from previous installations + # where we installed the cloudant bigcouch package + # https://leap.se/code/issues/4971 + class { 'couchdb::bigcouch::package::cloudant': + ensure => absent + } Class['site_config::default'] + -> Class['couchdb::bigcouch::package::cloudant'] -> Service['couchdb'] -> Class['site_couchdb::stunnel'] -> File['/root/.netrc'] -- cgit v1.2.3 From 12cea40d5dffe5aa6e269c05773ed49d9f00a9ea Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 13 Feb 2014 00:10:09 +0100 Subject: added site_check_mk::agent::couchdb and site_check_mk::agent::soledad for local checks --- puppet/modules/site_couchdb/manifests/init.pp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 137b661f..a9512577 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -107,4 +107,6 @@ class site_couchdb { } if $couchdb_backup { include site_couchdb::backup } + + include site_check_mk::agent::couchdb } -- cgit v1.2.3 From 20e1830ab70c2f63d240f909ab5622476b095ec9 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 19 Feb 2014 15:39:51 +0100 Subject: add site_check_mk::agent::tapicero, site_check_mk::agent::couchdb --- puppet/modules/site_couchdb/manifests/init.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index a9512577..e4c0211b 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -109,4 +109,5 @@ class site_couchdb { if $couchdb_backup { include site_couchdb::backup } include site_check_mk::agent::couchdb + include site_check_mk::agent::tapicero } -- cgit v1.2.3 From 2c2091cbfbe7a65234e985b3d004b4c3ec73c560 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 26 Feb 2014 15:00:17 +0100 Subject: create 'messages' db to store messages to the clients such as payment reminders reviewed by azul --- puppet/modules/site_couchdb/manifests/create_dbs.pp | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/create_dbs.pp b/puppet/modules/site_couchdb/manifests/create_dbs.pp index b0ebca4d..41500d3a 100644 --- a/puppet/modules/site_couchdb/manifests/create_dbs.pp +++ b/puppet/modules/site_couchdb/manifests/create_dbs.pp @@ -59,4 +59,12 @@ class site_couchdb::create_dbs { members => "{ \"names\": [], \"roles\": [\"users\"] }", require => Couchdb::Query::Setup['localhost'] } + + ## messages db + ## store messages to the clients such as payment reminders + ## r/w: webapp + couchdb::create_db { 'messages': + members => "{ \"names\": [\"$site_couchdb::couchdb_webapp_user\"], \"roles\": [] }", + require => Couchdb::Query::Setup['localhost'] + } } -- cgit v1.2.3 From face1d929175b94e26ca11858e3b055873fdde92 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 26 Feb 2014 14:55:47 +0100 Subject: update design docs, include messages (#5188) --- .../site_couchdb/files/designs/messages/Message.json | 18 ++++++++++++++++++ .../modules/site_couchdb/files/designs/users/User.json | 6 +++++- 2 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 puppet/modules/site_couchdb/files/designs/messages/Message.json (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/files/designs/messages/Message.json b/puppet/modules/site_couchdb/files/designs/messages/Message.json new file mode 100644 index 00000000..7bcd74c7 --- /dev/null +++ b/puppet/modules/site_couchdb/files/designs/messages/Message.json @@ -0,0 +1,18 @@ +{ + "_id": "_design/Message", + "language": "javascript", + "views": { + "by_user_ids_to_show_and_created_at": { + "map": "// not using at moment\n// call with something like Message.by_user_ids_to_show_and_created_at.startkey([user_id, start_date]).endkey([user_id,end_date])\nfunction (doc) {\n if (doc.type === 'Message' && doc.user_ids_to_show && Array.isArray(doc.user_ids_to_show)) {\n doc.user_ids_to_show.forEach(function (userId) {\n emit([userId, doc.created_at], 1);\n });\n }\n}\n", + "reduce": "function(key, values, rereduce) { return sum(values); }" + }, + "by_user_ids_to_show": { + "map": "function (doc) {\n if (doc.type === 'Message' && doc.user_ids_to_show && Array.isArray(doc.user_ids_to_show)) {\n doc.user_ids_to_show.forEach(function (userId) {\n emit(userId, 1);\n });\n }\n}\n", + "reduce": "function(key, values, rereduce) { return sum(values); }" + }, + "all": { + "map": " function(doc) {\n if (doc['type'] == 'Message') {\n emit(doc._id, null);\n }\n }\n" + } + }, + "couchrest-hash": "0967e7cc5bb1e61edc1c085f6f0cecbf" +} \ No newline at end of file diff --git a/puppet/modules/site_couchdb/files/designs/users/User.json b/puppet/modules/site_couchdb/files/designs/users/User.json index c99666cb..4089ad97 100644 --- a/puppet/modules/site_couchdb/files/designs/users/User.json +++ b/puppet/modules/site_couchdb/files/designs/users/User.json @@ -9,10 +9,14 @@ "all": { "map": " function(doc) {\n if (doc['type'] == 'User') {\n emit(doc._id, null);\n }\n }\n" }, + "by_created_at_and_one_month_warning_not_sent": { + "map": "function (doc) {\n if ((doc['type'] == 'User') && (doc['created_at'] != null) && (doc['one_month_warning_sent'] == null)) {\n emit(doc['created_at'], 1);\n } \n}\n", + "reduce": "function(key, values, rereduce) { return sum(values); }" + }, "by_created_at": { "map": " function(doc) {\n if ((doc['type'] == 'User') && (doc['created_at'] != null)) {\n emit(doc['created_at'], 1);\n }\n }\n", "reduce": "_sum" } }, - "couchrest-hash": "3bdbcd85b928ad911e0c89a8924e015c" + "couchrest-hash": "61840ab3ec0f94ef8bbd6dd208db3b70" } \ No newline at end of file -- cgit v1.2.3 From f6c633699adbce362b3101ea3b140083e8698f3a Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 4 Mar 2014 13:43:47 +0100 Subject: watch syslog for stunnel issues on couch nodes --- puppet/modules/site_couchdb/manifests/stunnel.pp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/stunnel.pp b/puppet/modules/site_couchdb/manifests/stunnel.pp index 87c35f05..91f1e3aa 100644 --- a/puppet/modules/site_couchdb/manifests/stunnel.pp +++ b/puppet/modules/site_couchdb/manifests/stunnel.pp @@ -107,4 +107,6 @@ class site_couchdb::stunnel { } create_resources(site_stunnel::clients, $ednp_clients, $ednp_client_defaults) + + include site_check_mk::agent::stunnel } -- cgit v1.2.3 From cb003cfff3002e111eced280b5a664c327a4ab11 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 13 Mar 2014 21:23:57 +0100 Subject: deploy automatic compaction via platform (Feature #4798) --- puppet/modules/site_couchdb/manifests/bigcouch/compaction.pp | 8 ++++++++ puppet/modules/site_couchdb/manifests/init.pp | 6 ++++++ 2 files changed, 14 insertions(+) create mode 100644 puppet/modules/site_couchdb/manifests/bigcouch/compaction.pp (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/bigcouch/compaction.pp b/puppet/modules/site_couchdb/manifests/bigcouch/compaction.pp new file mode 100644 index 00000000..84aab4ef --- /dev/null +++ b/puppet/modules/site_couchdb/manifests/bigcouch/compaction.pp @@ -0,0 +1,8 @@ +class site_couchdb::bigcouch::compaction { + cron { + 'compact_all_shards': + command => '/srv/leap/couchdb/scripts/bigcouch_compact_all_shards.sh >> /var/log/bigcouch/compaction.log', + hour => 3, + minute => 17; + } +} diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index e4c0211b..c67ce8c8 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -94,6 +94,7 @@ class site_couchdb { include site_couchdb::add_users include site_couchdb::designs include site_couchdb::logrotate + include site_couchdb::bigcouch::compaction include site_shorewall::couchdb include site_shorewall::couchdb::bigcouch @@ -110,4 +111,9 @@ class site_couchdb { include site_check_mk::agent::couchdb include site_check_mk::agent::tapicero + + file { '/var/log/bigcouch': + ensure => directory + } + } -- cgit v1.2.3 From 905a5260ec476acd7d49ac47433aeaddb382527f Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 2 Apr 2014 13:29:29 +0200 Subject: couch design docs should be always deployed, not only on update of the design docs json files (Feature #5359) --- puppet/modules/site_couchdb/manifests/designs.pp | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/designs.pp b/puppet/modules/site_couchdb/manifests/designs.pp index 83d6c8cd..9e88de64 100644 --- a/puppet/modules/site_couchdb/manifests/designs.pp +++ b/puppet/modules/site_couchdb/manifests/designs.pp @@ -12,9 +12,8 @@ class site_couchdb::designs { } exec { '/srv/leap/couchdb/scripts/load_design_documents.sh': - subscribe => File['/srv/leap/couchdb/designs'], - refreshonly => true, - require => Vcsrepo['/srv/leap/couchdb/scripts'] + require => Vcsrepo['/srv/leap/couchdb/scripts'], + refreshonly => false } } -- cgit v1.2.3 From 740cb615eae69235a649583359e23d834df0d7b5 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 9 Apr 2014 11:53:26 +0200 Subject: #5315 update soledad design docs --- .../site_couchdb/files/designs/shared/docs.json | 14 +++++--------- .../site_couchdb/files/designs/shared/syncs.json | 16 ++++++++-------- .../files/designs/shared/transactions.json | 19 ++++++++++--------- 3 files changed, 23 insertions(+), 26 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/files/designs/shared/docs.json b/puppet/modules/site_couchdb/files/designs/shared/docs.json index 4aad02aa..004180cd 100644 --- a/puppet/modules/site_couchdb/files/designs/shared/docs.json +++ b/puppet/modules/site_couchdb/files/designs/shared/docs.json @@ -1,12 +1,8 @@ { - "views" : { - "get" : { - "map" : "function(doc) {\n if (doc.u1db_rev) {\n var is_tombstone = true;\n var has_conflicts = false;\n if (doc._attachments) {\n if (doc._attachments.u1db_content)\n is_tombstone = false;\n if (doc._attachments.u1db_conflicts)\n has_conflicts = true;\n }\n emit(doc._id,\n {\n \"couch_rev\": doc._rev,\n \"u1db_rev\": doc.u1db_rev,\n \"is_tombstone\": is_tombstone,\n \"has_conflicts\": has_conflicts,\n }\n );\n }\n}\n" + "_id": "_design/docs", + "views": { + "get": { + "map": "function(doc) {\n if (doc.u1db_rev) {\n var is_tombstone = true;\n var has_conflicts = false;\n if (doc._attachments) {\n if (doc._attachments.u1db_content)\n is_tombstone = false;\n if (doc._attachments.u1db_conflicts)\n has_conflicts = true;\n }\n emit(doc._id,\n {\n \"couch_rev\": doc._rev,\n \"u1db_rev\": doc.u1db_rev,\n \"is_tombstone\": is_tombstone,\n \"has_conflicts\": has_conflicts,\n }\n );\n }\n}\n" } - }, - "_id" : "_design/docs", - "updates" : { - "resolve_doc" : "function(doc, req){\n /* we expect to receive the following in `req.body`:\n * {\n * 'couch_rev': '',\n * 'conflicts': '',\n * }\n */\n var body = JSON.parse(req.body);\n\n // fail if no document was given\n if (!doc) {\n return [null, 'document does not exist']\n } \n\n // fail if couch revisions do not match\n if (body['couch_rev'] != null\n && doc['_rev'] != body['couch_rev']) {\n return [null, 'revision conflict']\n }\n\n // fail if conflicts were not sent\n if (body['conflicts'] == null)\n return [null, 'missing conflicts']\n\n // save conflicts as attachment if they were sent\n if (body['conflicts'] != null) {\n if (!doc._attachments)\n doc._attachments = {};\n doc._attachments.u1db_conflicts = {\n content_type: \"application/octet-stream\",\n data: body['conflicts'] // should be base64 encoded\n }\n }\n // or delete attachment if there are no conflicts\n else if (doc._attachments && doc._attachments.u1db_conflicts)\n delete doc._attachments.u1db_conflicts;\n\n return [doc, 'ok'];\n}\n", - "put" : "function(doc, req){\n /* we expect to receive the following in `req.body`:\n * {\n * 'couch_rev': '',\n * 'u1db_rev': '',\n * 'content': '',\n * 'trans_id': ''\n * 'conflicts': '',\n * 'update_conflicts': \n * }\n */\n var body = JSON.parse(req.body);\n\n // create a new document document\n if (!doc) {\n doc = {}\n doc['_id'] = req['id'];\n }\n // or fail if couch revisions do not match\n else if (doc['_rev'] != body['couch_rev']) {\n // of fail if revisions do not match\n return [null, 'revision conflict']\n }\n\n // store u1db rev\n doc.u1db_rev = body['u1db_rev'];\n\n // save content as attachment\n if (body['content'] != null) {\n // save u1db content as attachment\n if (!doc._attachments)\n doc._attachments = {};\n doc._attachments.u1db_content = {\n content_type: \"application/octet-stream\",\n data: body['content'] // should be base64 encoded\n };\n }\n // or delete the attachment if document is tombstone\n else if (doc._attachments &&\n doc._attachments.u1db_content)\n delete doc._attachments.u1db_content;\n\n // store the transaction id\n if (!doc.u1db_transactions)\n doc.u1db_transactions = [];\n var d = new Date();\n doc.u1db_transactions.push([d.getTime(), body['trans_id']]);\n\n // save conflicts as attachment if they were sent\n if (body['update_conflicts'])\n if (body['conflicts'] != null) {\n if (!doc._attachments)\n doc._attachments = {};\n doc._attachments.u1db_conflicts = {\n content_type: \"application/octet-stream\",\n data: body['conflicts'] // should be base64 encoded\n }\n } else {\n if(doc._attachments && doc._attachments.u1db_conflicts)\n delete doc._attachments.u1db_conflicts\n }\n\n return [doc, 'ok'];\n}\n" } -} +} \ No newline at end of file diff --git a/puppet/modules/site_couchdb/files/designs/shared/syncs.json b/puppet/modules/site_couchdb/files/designs/shared/syncs.json index 0df5ff74..bab5622f 100644 --- a/puppet/modules/site_couchdb/files/designs/shared/syncs.json +++ b/puppet/modules/site_couchdb/files/designs/shared/syncs.json @@ -1,11 +1,11 @@ { - "views" : { - "log" : { - "map" : "function(doc) {\n if (doc._id == 'u1db_sync_log') {\n if (doc.syncs)\n doc.syncs.forEach(function (entry) {\n emit(entry[0],\n {\n 'known_generation': entry[1],\n 'known_transaction_id': entry[2]\n });\n });\n }\n}\n" + "_id": "_design/syncs", + "updates": { + "put": "function(doc, req){\n if (!doc) {\n doc = {}\n doc['_id'] = 'u1db_sync_log';\n doc['syncs'] = [];\n }\n body = JSON.parse(req.body);\n // remove outdated info\n doc['syncs'] = doc['syncs'].filter(\n function (entry) {\n return entry[0] != body['other_replica_uid'];\n }\n );\n // store u1db rev\n doc['syncs'].push([\n body['other_replica_uid'],\n body['other_generation'],\n body['other_transaction_id']\n ]);\n return [doc, 'ok'];\n}\n\n" + }, + "views": { + "log": { + "map": "function(doc) {\n if (doc._id == 'u1db_sync_log') {\n if (doc.syncs)\n doc.syncs.forEach(function (entry) {\n emit(entry[0],\n {\n 'known_generation': entry[1],\n 'known_transaction_id': entry[2]\n });\n });\n }\n}\n" } - }, - "_id" : "_design/syncs", - "updates" : { - "put" : "function(doc, req){\n if (!doc) {\n doc = {}\n doc['_id'] = 'u1db_sync_log';\n doc['syncs'] = [];\n }\n body = JSON.parse(req.body);\n // remove outdated info\n doc['syncs'] = doc['syncs'].filter(\n function (entry) {\n return entry[0] != body['other_replica_uid'];\n }\n );\n // store u1db rev\n doc['syncs'].push([\n body['other_replica_uid'],\n body['other_generation'],\n body['other_transaction_id']\n ]);\n return [doc, 'ok'];\n}\n\n" } -} +} \ No newline at end of file diff --git a/puppet/modules/site_couchdb/files/designs/shared/transactions.json b/puppet/modules/site_couchdb/files/designs/shared/transactions.json index 8fcb84d1..106ad46c 100644 --- a/puppet/modules/site_couchdb/files/designs/shared/transactions.json +++ b/puppet/modules/site_couchdb/files/designs/shared/transactions.json @@ -1,12 +1,13 @@ { - "lists" : { - "generation" : "function(head, req) {\n var row;\n var rows=[];\n // fetch all rows\n while(row = getRow()) {\n rows.push(row);\n }\n if (rows.length > 0)\n send(JSON.stringify({\n \"generation\": rows.length,\n \"doc_id\": rows[rows.length-1]['id'],\n \"transaction_id\": rows[rows.length-1]['value']\n }));\n else\n send(JSON.stringify({\n \"generation\": 0,\n \"doc_id\": \"\",\n \"transaction_id\": \"\",\n }));\n}\n", - "whats_changed" : "function(head, req) {\n var row;\n var gen = 1;\n var old_gen = 0;\n if (req.query.old_gen)\n old_gen = parseInt(req.query['old_gen']);\n send('{\"transactions\":[\\n');\n // fetch all rows\n while(row = getRow()) {\n if (gen > old_gen) {\n if (gen > old_gen+1)\n send(',\\n');\n send(JSON.stringify({\n \"generation\": gen,\n \"doc_id\": row[\"id\"],\n \"transaction_id\": row[\"value\"]\n }));\n }\n gen++;\n }\n send('\\n]}');\n}\n", - "trans_id_for_gen" : "function(head, req) {\n var row;\n var rows=[];\n var i = 1;\n var gen = 1;\n if (req.query.gen)\n gen = parseInt(req.query['gen']);\n // fetch all rows\n while(row = getRow())\n rows.push(row);\n if (gen <= rows.length)\n send(JSON.stringify({\n \"generation\": gen,\n \"doc_id\": rows[gen-1]['id'],\n \"transaction_id\": rows[gen-1]['value'],\n }));\n else\n send('{}');\n}\n" - }, - "views" : { - "log" : { - "map" : "function(doc) {\n if (doc.u1db_transactions)\n doc.u1db_transactions.forEach(function(t) {\n emit(t[0], // use timestamp as key so the results are ordered\n t[1]); // value is the transaction_id\n });\n}\n" + "_id": "_design/transactions", + "lists": { + "generation": "function(head, req) {\n var row;\n var rows=[];\n // fetch all rows\n while(row = getRow()) {\n rows.push(row);\n }\n if (rows.length > 0)\n send(JSON.stringify({\n \"generation\": rows.length,\n \"doc_id\": rows[rows.length-1]['id'],\n \"transaction_id\": rows[rows.length-1]['value']\n }));\n else\n send(JSON.stringify({\n \"generation\": 0,\n \"doc_id\": \"\",\n \"transaction_id\": \"\",\n }));\n}\n", + "trans_id_for_gen": "function(head, req) {\n var row;\n var rows=[];\n var i = 1;\n var gen = 1;\n if (req.query.gen)\n gen = parseInt(req.query['gen']);\n // fetch all rows\n while(row = getRow())\n rows.push(row);\n if (gen <= rows.length)\n send(JSON.stringify({\n \"generation\": gen,\n \"doc_id\": rows[gen-1]['id'],\n \"transaction_id\": rows[gen-1]['value'],\n }));\n else\n send('{}');\n}\n", + "whats_changed": "function(head, req) {\n var row;\n var gen = 1;\n var old_gen = 0;\n if (req.query.old_gen)\n old_gen = parseInt(req.query['old_gen']);\n send('{\"transactions\":[\\n');\n // fetch all rows\n while(row = getRow()) {\n if (gen > old_gen) {\n if (gen > old_gen+1)\n send(',\\n');\n send(JSON.stringify({\n \"generation\": gen,\n \"doc_id\": row[\"id\"],\n \"transaction_id\": row[\"value\"]\n }));\n }\n gen++;\n }\n send('\\n]}');\n}\n" + }, + "views": { + "log": { + "map": "function(doc) {\n if (doc.u1db_transactions)\n doc.u1db_transactions.forEach(function(t) {\n emit(t[0], // use timestamp as key so the results are ordered\n t[1]); // value is the transaction_id\n });\n}\n" } } -} +} \ No newline at end of file -- cgit v1.2.3 From 5d3ece0ac0d02eb501f474bb37a59bb740c57c5d Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 8 Apr 2014 13:03:40 +0200 Subject: configure couchdb after starting shorewall (#53) --- puppet/modules/site_couchdb/manifests/init.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index c67ce8c8..2bcd25dc 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -59,6 +59,7 @@ class site_couchdb { Class['site_config::default'] -> Class['couchdb::bigcouch::package::cloudant'] + -> Service['shorewall'] -> Service['couchdb'] -> Class['site_couchdb::stunnel'] -> File['/root/.netrc'] -- cgit v1.2.3 From 42d93c7a939902ace20ed5602317530473ece364 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 16 Apr 2014 16:58:32 -0400 Subject: add exec resources to run the couchdb tests to wait for nodes and cluster membership to settle, before attempting any operations (#5269, #4590, #3712) Change-Id: Ic9826dda1c242e705ce85ae218766496bdd8ecbd --- .../modules/site_couchdb/manifests/bigcouch/settle_cluster.pp | 11 +++++++++++ puppet/modules/site_couchdb/manifests/init.pp | 3 +++ 2 files changed, 14 insertions(+) create mode 100644 puppet/modules/site_couchdb/manifests/bigcouch/settle_cluster.pp (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/bigcouch/settle_cluster.pp b/puppet/modules/site_couchdb/manifests/bigcouch/settle_cluster.pp new file mode 100644 index 00000000..aa843e2e --- /dev/null +++ b/puppet/modules/site_couchdb/manifests/bigcouch/settle_cluster.pp @@ -0,0 +1,11 @@ +class site_couchdb::bigcouch::settle_cluster { + + exec { 'wait_for_couch_nodes': + command => '/srv/leap/bin/run_tests --test CouchDB/Are_configured_nodes_online? --retry 6 --wait 10' + } + + exec { 'settle_cluster_membership': + command => '/srv/leap/bin/run_tests --test CouchDB/Is_cluster_membership_ok? --retry 6 --wait 10', + require => Exec['wait_for_couch_nodes'] + } +} diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 2bcd25dc..8c790bd2 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -64,6 +64,7 @@ class site_couchdb { -> Class['site_couchdb::stunnel'] -> File['/root/.netrc'] -> Class['site_couchdb::bigcouch::add_nodes'] + -> Class['site_couchdb::bigcouch::settle_cluster'] -> Couchdb::Create_db['users'] -> Couchdb::Create_db['tokens'] -> Couchdb::Add_user[$couchdb_webapp_user] @@ -73,6 +74,8 @@ class site_couchdb { class { 'site_couchdb::bigcouch::add_nodes': } + class { 'site_couchdb::bigcouch::settle_cluster': } + # /etc/couchdb/couchdb.netrc is deployed by couchdb::query::setup # we symlink this to /root/.netrc for couchdb_scripts (eg. backup) # and makes life easier for the admin (i.e. using curl/wget without -- cgit v1.2.3 From af1f6d6fc248b02ef51ceedb3257579f09c8febf Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 17 Apr 2014 09:35:17 -0400 Subject: Change couchdb ordering hints (#5269, #4590, #3712): . make the couchdb service start after the stunnels have been setup. This may improve the cluster membership coming online faster . replace the two Couchdb::Create_db ordering hints (for the 'users' and 'tokens' databases) with a generic Class['site_config::create_dbs'] hint. This makes it so we get the ordering hint for all databases, which we were not before, without having to individually list them . replace the two Couchdb::Add_user ordering hints (for the $couchdb_webapp_user and the $couchdb_soledad_user) with a generic ordering hint for Class['site_couchdb::add_users'] ordering hint. This makes it so we get the ordering hint for all the users, which we were not before, without having to individually list them Change-Id: Ia63e62d68d24e77a49d4ef928a2a8130ab7bccb9 --- puppet/modules/site_couchdb/manifests/init.pp | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 8c790bd2..d8e03e41 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -60,15 +60,13 @@ class site_couchdb { Class['site_config::default'] -> Class['couchdb::bigcouch::package::cloudant'] -> Service['shorewall'] - -> Service['couchdb'] -> Class['site_couchdb::stunnel'] + -> Service['couchdb'] -> File['/root/.netrc'] -> Class['site_couchdb::bigcouch::add_nodes'] -> Class['site_couchdb::bigcouch::settle_cluster'] - -> Couchdb::Create_db['users'] - -> Couchdb::Create_db['tokens'] - -> Couchdb::Add_user[$couchdb_webapp_user] - -> Couchdb::Add_user[$couchdb_soledad_user] + -> Class['site_couchdb::create_dbs'] + -> Class['site_couchdb::add_users'] class { 'site_couchdb::stunnel': } -- cgit v1.2.3 From ca34d880f65f62bf78623c80f6e76d1726f2068c Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 17 Apr 2014 11:56:36 -0400 Subject: change class instantiating to be includes and organizing things in the class to be more visually logical (#5269, #4590, #3712) Change-Id: I58c28c3bc62e67b25f33da3378e8146110471613 --- puppet/modules/site_couchdb/manifests/init.pp | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index d8e03e41..3614661d 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -68,12 +68,6 @@ class site_couchdb { -> Class['site_couchdb::create_dbs'] -> Class['site_couchdb::add_users'] - class { 'site_couchdb::stunnel': } - - class { 'site_couchdb::bigcouch::add_nodes': } - - class { 'site_couchdb::bigcouch::settle_cluster': } - # /etc/couchdb/couchdb.netrc is deployed by couchdb::query::setup # we symlink this to /root/.netrc for couchdb_scripts (eg. backup) # and makes life easier for the admin (i.e. using curl/wget without @@ -92,15 +86,6 @@ class site_couchdb { pw => $couchdb_admin_pw, } - include site_couchdb::create_dbs - include site_couchdb::add_users - include site_couchdb::designs - include site_couchdb::logrotate - include site_couchdb::bigcouch::compaction - - include site_shorewall::couchdb - include site_shorewall::couchdb::bigcouch - vcsrepo { '/srv/leap/couchdb/scripts': ensure => present, provider => git, @@ -109,8 +94,20 @@ class site_couchdb { require => File['/srv/leap/couchdb'] } + include site_couchdb::stunnel + include site_couchdb::bigcouch::add_nodes + include site_couchdb::bigcouch::settle_cluster + include site_couchdb::create_dbs + include site_couchdb::add_users + include site_couchdb::designs + include site_couchdb::logrotate + include site_couchdb::bigcouch::compaction + if $couchdb_backup { include site_couchdb::backup } + include site_shorewall::couchdb + include site_shorewall::couchdb::bigcouch + include site_check_mk::agent::couchdb include site_check_mk::agent::tapicero -- cgit v1.2.3