From 3224a73ec6b2f06cf4c43f86d5b7673e442043dd Mon Sep 17 00:00:00 2001 From: ankonym Date: Mon, 28 Sep 2015 15:42:08 +0200 Subject: Create invite code db and design docs --- .../files/designs/invite_codes/InviteCode.json | 22 ++++++++++++++++++++++ .../modules/site_couchdb/manifests/create_dbs.pp | 9 +++++++++ puppet/modules/site_couchdb/manifests/designs.pp | 13 +++++++------ 3 files changed, 38 insertions(+), 6 deletions(-) create mode 100644 puppet/modules/site_couchdb/files/designs/invite_codes/InviteCode.json (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/files/designs/invite_codes/InviteCode.json b/puppet/modules/site_couchdb/files/designs/invite_codes/InviteCode.json new file mode 100644 index 00000000..006c1ea1 --- /dev/null +++ b/puppet/modules/site_couchdb/files/designs/invite_codes/InviteCode.json @@ -0,0 +1,22 @@ +{ + "_id": "_design/InviteCode", + "language": "javascript", + "views": { + "by__id": { + "map": " function(doc) {\n if ((doc['type'] == 'InviteCode') && (doc['_id'] != null)) {\n emit(doc['_id'], 1);\n }\n }\n", + "reduce": "_sum" + }, + "by_invite_code": { + "map": " function(doc) {\n if ((doc['type'] == 'InviteCode') && (doc['invite_code'] != null)) {\n emit(doc['invite_code'], 1);\n }\n }\n", + "reduce": "_sum" + }, + "by_invite_count": { + "map": " function(doc) {\n if ((doc['type'] == 'InviteCode') && (doc['invite_count'] != null)) {\n emit(doc['invite_count'], 1);\n }\n }\n", + "reduce": "_sum" + }, + "all": { + "map": " function(doc) {\n if (doc['type'] == 'InviteCode') {\n emit(doc._id, null);\n }\n }\n" + } + }, + "couchrest-hash": "83fb8f504520b4a9c7ddbb7928cd0ce3" +} \ No newline at end of file diff --git a/puppet/modules/site_couchdb/manifests/create_dbs.pp b/puppet/modules/site_couchdb/manifests/create_dbs.pp index eea4bbf5..a2d1c655 100644 --- a/puppet/modules/site_couchdb/manifests/create_dbs.pp +++ b/puppet/modules/site_couchdb/manifests/create_dbs.pp @@ -90,4 +90,13 @@ class site_couchdb::create_dbs { members => "{ \"names\": [\"${site_couchdb::couchdb_webapp_user}\"], \"roles\": [\"replication\"] }", require => Couchdb::Query::Setup['localhost'] } + + ## invite_codes db + ## store invite codes for new signups + ## r/w: webapp + couchdb::create_db { 'invite_codes': + members => "{ \"names\": [\"${site_couchdb::couchdb_webapp_user}\"], \"roles\": [\"replication\"] }", + require => Couchdb::Query::Setup['localhost'] + } + } diff --git a/puppet/modules/site_couchdb/manifests/designs.pp b/puppet/modules/site_couchdb/manifests/designs.pp index 1ab1c6a1..e5fd94c6 100644 --- a/puppet/modules/site_couchdb/manifests/designs.pp +++ b/puppet/modules/site_couchdb/manifests/designs.pp @@ -12,12 +12,13 @@ class site_couchdb::designs { } site_couchdb::upload_design { - 'customers': design => 'customers/Customer.json'; - 'identities': design => 'identities/Identity.json'; - 'tickets': design => 'tickets/Ticket.json'; - 'messages': design => 'messages/Message.json'; - 'users': design => 'users/User.json'; - 'tmp_users': design => 'users/User.json'; + 'customers': design => 'customers/Customer.json'; + 'identities': design => 'identities/Identity.json'; + 'tickets': design => 'tickets/Ticket.json'; + 'messages': design => 'messages/Message.json'; + 'users': design => 'users/User.json'; + 'tmp_users': design => 'users/User.json'; + 'invite_codes': design => 'invite_codes/InviteCode.json'; 'shared_docs': db => 'shared', design => 'shared/docs.json'; -- cgit v1.2.3 From 4fc7419598a3baf564f063b7330b9cf9115420b5 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 1 Oct 2015 12:06:02 +0200 Subject: [feat] Create-user-db: use couchdb admin rights - create soledad-admin user - deploy netrc file for userdb creation - Move soledad-server.conf from /etc/leap to /etc/soledad - make soledad-server.conf group-accessible for the soledad group, so the soledad-admin user can read it - Resolves: #7502 --- puppet/modules/site_couchdb/manifests/setup.pp | 35 ++++++++++++++++++-------- 1 file changed, 24 insertions(+), 11 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/setup.pp b/puppet/modules/site_couchdb/manifests/setup.pp index 69bd1c6a..fef48505 100644 --- a/puppet/modules/site_couchdb/manifests/setup.pp +++ b/puppet/modules/site_couchdb/manifests/setup.pp @@ -12,27 +12,40 @@ class site_couchdb::setup { $user = $site_couchdb::couchdb_admin_user - # /etc/couchdb/couchdb-admin.netrc is deployed by couchdb::query::setup - # we symlink to couchdb.netrc for puppet commands. - # we symlink this to /root/.netrc for couchdb_scripts (eg. backup) - # and makes life easier for the admin (i.e. using curl/wget without - # passing credentials) + # setup /etc/couchdb/couchdb-admin.netrc for couchdb admin access + couchdb::query::setup { 'localhost': + user => $user, + pw => $site_couchdb::couchdb_admin_pw + } + + # We symlink /etc/couchdb/couchdb-admin.netrc to /etc/couchdb/couchdb.netrc + # for puppet commands, and to to /root/.netrc for couchdb_scripts + # (eg. backup) and to makes life easier for the admin on the command line + # (i.e. using curl/wget without passing credentials) file { '/etc/couchdb/couchdb.netrc': ensure => link, target => "/etc/couchdb/couchdb-${user}.netrc"; - '/root/.netrc': ensure => link, target => '/etc/couchdb/couchdb.netrc'; + } - '/srv/leap/couchdb': - ensure => directory + # setup /etc/couchdb/couchdb-soledad-admin.netrc file for couchdb admin + # access, accessible only for the soledad-admin user to create soledad + # userdbs + file { '/etc/couchdb/couchdb-soledad-admin.netrc': + content => "machine localhost login ${user} password ${site_couchdb::couchdb_admin_pw}", + mode => '0400', + owner => 'soledad-admin', + group => 'root', + require => [ Package['couchdb'], User['soledad-admin'] ]; } - couchdb::query::setup { 'localhost': - user => $user, - pw => $site_couchdb::couchdb_admin_pw, + # Checkout couchdb_scripts repo + file { + '/srv/leap/couchdb': + ensure => directory } vcsrepo { '/srv/leap/couchdb/scripts': -- cgit v1.2.3 From 276b77cdcc0d169b84e046afe8763e2c52ff76fb Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 5 Oct 2015 15:22:25 +0200 Subject: [feat] remove tapicero leftovers Soledad now creates user-dbs, which has been done by tapicero in the past. we need to remove any leftovers from tapicero. --- puppet/modules/site_couchdb/manifests/add_users.pp | 11 +---------- puppet/modules/site_couchdb/manifests/init.pp | 6 ------ 2 files changed, 1 insertion(+), 16 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/add_users.pp b/puppet/modules/site_couchdb/manifests/add_users.pp index 2f734ed4..c905316b 100644 --- a/puppet/modules/site_couchdb/manifests/add_users.pp +++ b/puppet/modules/site_couchdb/manifests/add_users.pp @@ -1,3 +1,4 @@ +# add couchdb users for all services class site_couchdb::add_users { Class['site_couchdb::create_dbs'] @@ -35,16 +36,6 @@ class site_couchdb::add_users { require => Couchdb::Query::Setup['localhost'] } - ### tapicero couchdb user - ### admin: needs to be able to create user- databases - ### read: users - couchdb::add_user { $site_couchdb::couchdb_tapicero_user: - roles => '["users"]', - pw => $site_couchdb::couchdb_tapicero_pw, - salt => $site_couchdb::couchdb_tapicero_salt, - require => Couchdb::Query::Setup['localhost'] - } - ## webapp couchdb user ## read/write: users, tokens, sessions, tickets, identities, customer couchdb::add_user { $site_couchdb::couchdb_webapp_user: diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 6b6ddd3a..1ec15f00 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -26,11 +26,6 @@ class site_couchdb { $couchdb_soledad_pw = $couchdb_soledad['password'] $couchdb_soledad_salt = $couchdb_soledad['salt'] - $couchdb_tapicero = $couchdb_users['tapicero'] - $couchdb_tapicero_user = $couchdb_tapicero['username'] - $couchdb_tapicero_pw = $couchdb_tapicero['password'] - $couchdb_tapicero_salt = $couchdb_tapicero['salt'] - $couchdb_webapp = $couchdb_users['webapp'] $couchdb_webapp_user = $couchdb_webapp['username'] $couchdb_webapp_pw = $couchdb_webapp['password'] @@ -66,6 +61,5 @@ class site_couchdb { if $couchdb_backup { include site_couchdb::backup } include site_check_mk::agent::couchdb - include site_check_mk::agent::tapicero } -- cgit v1.2.3 From 19e5d23e3fe34199265117e033acfabc3cff9109 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 12 Oct 2015 16:30:58 +0200 Subject: [feat] Remove tapicero couchdb user - Resolves: #7514 --- puppet/modules/site_couchdb/manifests/init.pp | 3 +++ 1 file changed, 3 insertions(+) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 1ec15f00..61aa887e 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -62,4 +62,7 @@ class site_couchdb { include site_check_mk::agent::couchdb + # remove tapicero leftovers on couchdb nodes + include site_config::remove::tapicero + } -- cgit v1.2.3 From cfbe272d17a21c4bff088a87865cbcbefc837e39 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 30 Oct 2015 11:23:40 +0100 Subject: [feat] Remove bigcouch nagios leftovers When migrating from bigcouch to couchdb, we need to remove leftover nagios tests for bigcouch. - Added new classes: site_check_mk::agent::couchdb::bigcouch and site_check_mk::agent::couchdb::master - Tested: unstable.pixelated-project.org - Resolves: https://github.com/pixelated/pixelated-platform/issues/126 --- puppet/modules/site_couchdb/manifests/bigcouch.pp | 3 +++ puppet/modules/site_couchdb/manifests/master.pp | 2 ++ 2 files changed, 5 insertions(+) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/bigcouch.pp b/puppet/modules/site_couchdb/manifests/bigcouch.pp index 469a2783..2de3d4d0 100644 --- a/puppet/modules/site_couchdb/manifests/bigcouch.pp +++ b/puppet/modules/site_couchdb/manifests/bigcouch.pp @@ -44,4 +44,7 @@ class site_couchdb::bigcouch { require => Package['couchdb'], notify => Service['couchdb'] } + + include site_check_mk::agent::couchdb::bigcouch + } diff --git a/puppet/modules/site_couchdb/manifests/master.pp b/puppet/modules/site_couchdb/manifests/master.pp index c28eee7d..5dab6325 100644 --- a/puppet/modules/site_couchdb/manifests/master.pp +++ b/puppet/modules/site_couchdb/manifests/master.pp @@ -6,4 +6,6 @@ class site_couchdb::master { chttpd_bind_address => '127.0.0.1', pwhash_alg => $site_couchdb::couchdb_pwhash_alg } + + include site_check_mk::agent::couchdb::master } -- cgit v1.2.3 From 02b1b484ad9a5d065ceac72b8263b7bcc112c923 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 3 Nov 2015 19:12:59 +0100 Subject: [feat] install couchdb from unstable on jessie - Related: #6920 --- puppet/modules/site_couchdb/manifests/master.pp | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/master.pp b/puppet/modules/site_couchdb/manifests/master.pp index 5dab6325..c50ed364 100644 --- a/puppet/modules/site_couchdb/manifests/master.pp +++ b/puppet/modules/site_couchdb/manifests/master.pp @@ -7,5 +7,10 @@ class site_couchdb::master { pwhash_alg => $site_couchdb::couchdb_pwhash_alg } + # couchdb is not available in jessie, and the + # leap deb repo only hosts a wheeyz version. + # we install it therefore from unstable + include site_apt::sid_repo + include site_check_mk::agent::couchdb::master } -- cgit v1.2.3 From a63102f6defab1266b05b3b24f6264a767e0924e Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 18 Nov 2015 12:19:45 +0100 Subject: update design docs for couch from webapp --- .../files/designs/identities/Identity.json | 32 +++++++++++++--------- .../files/designs/messages/Message.json | 12 ++++---- .../site_couchdb/files/designs/tickets/Ticket.json | 24 ++++++++-------- .../site_couchdb/files/designs/users/User.json | 4 +-- 4 files changed, 39 insertions(+), 33 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/files/designs/identities/Identity.json b/puppet/modules/site_couchdb/files/designs/identities/Identity.json index 2ac092ab..b1c567c1 100644 --- a/puppet/modules/site_couchdb/files/designs/identities/Identity.json +++ b/puppet/modules/site_couchdb/files/designs/identities/Identity.json @@ -2,27 +2,33 @@ "_id": "_design/Identity", "language": "javascript", "views": { - "by_user_id": { - "map": " function(doc) {\n if ((doc['type'] == 'Identity') && (doc['user_id'] != null)) {\n emit(doc['user_id'], 1);\n }\n }\n", - "reduce": "_sum" - }, "by_address_and_destination": { "map": " function(doc) {\n if ((doc['type'] == 'Identity') && (doc['address'] != null) && (doc['destination'] != null)) {\n emit([doc['address'], doc['destination']], 1);\n }\n }\n", "reduce": "_sum" }, - "by_address": { - "map": " function(doc) {\n if ((doc['type'] == 'Identity') && (doc['address'] != null)) {\n emit(doc['address'], 1);\n }\n }\n", - "reduce": "_sum" + "all": { + "map": " function(doc) {\n if (doc['type'] == 'Identity') {\n emit(doc._id, null);\n }\n }\n" }, - "pgp_key_by_email": { - "map": " function(doc) {\n if (doc.type != 'Identity') {\n return;\n }\n if (typeof doc.keys === \"object\") {\n emit(doc.address, doc.keys[\"pgp\"]);\n }\n }\n" + "cert_fingerprints_by_expiry": { + "map": "function(doc) {\n if (doc.type != 'Identity') {\n return;\n }\n if (typeof doc.cert_fingerprints === \"object\") {\n for (fp in doc.cert_fingerprints) {\n if (doc.cert_fingerprints.hasOwnProperty(fp)) {\n emit(doc.cert_fingerprints[fp], fp);\n }\n }\n }\n}\n" + }, + "cert_expiry_by_fingerprint": { + "map": "function(doc) {\n if (doc.type != 'Identity') {\n return;\n }\n if (typeof doc.cert_fingerprints === \"object\") {\n for (fp in doc.cert_fingerprints) {\n if (doc.cert_fingerprints.hasOwnProperty(fp)) {\n emit(fp, doc.cert_fingerprints[fp]);\n }\n }\n }\n}\n" }, "disabled": { - "map": " function(doc) {\n if (doc.type != 'Identity') {\n return;\n }\n if (typeof doc.user_id === \"undefined\") {\n emit(doc._id, 1);\n }\n }\n" + "map": "function(doc) {\n if (doc.type != 'Identity') {\n return;\n }\n if (typeof doc.user_id === \"undefined\") {\n emit(doc._id, 1);\n }\n}\n" }, - "all": { - "map": " function(doc) {\n if (doc['type'] == 'Identity') {\n emit(doc._id, null);\n }\n }\n" + "pgp_key_by_email": { + "map": "function(doc) {\n if (doc.type != 'Identity') {\n return;\n }\n if (typeof doc.keys === \"object\") {\n emit(doc.address, doc.keys[\"pgp\"]);\n }\n}\n" + }, + "by_user_id": { + "map": " function(doc) {\n if ((doc['type'] == 'Identity') && (doc['user_id'] != null)) {\n emit(doc['user_id'], 1);\n }\n }\n", + "reduce": "_sum" + }, + "by_address": { + "map": " function(doc) {\n if ((doc['type'] == 'Identity') && (doc['address'] != null)) {\n emit(doc['address'], 1);\n }\n }\n", + "reduce": "_sum" } }, - "couchrest-hash": "e9004d70e26770c621a9667536429a68" + "couchrest-hash": "4a774c3f56122b655a314670403b27e2" } \ No newline at end of file diff --git a/puppet/modules/site_couchdb/files/designs/messages/Message.json b/puppet/modules/site_couchdb/files/designs/messages/Message.json index 7bcd74c7..6a48fc4d 100644 --- a/puppet/modules/site_couchdb/files/designs/messages/Message.json +++ b/puppet/modules/site_couchdb/files/designs/messages/Message.json @@ -2,17 +2,17 @@ "_id": "_design/Message", "language": "javascript", "views": { - "by_user_ids_to_show_and_created_at": { - "map": "// not using at moment\n// call with something like Message.by_user_ids_to_show_and_created_at.startkey([user_id, start_date]).endkey([user_id,end_date])\nfunction (doc) {\n if (doc.type === 'Message' && doc.user_ids_to_show && Array.isArray(doc.user_ids_to_show)) {\n doc.user_ids_to_show.forEach(function (userId) {\n emit([userId, doc.created_at], 1);\n });\n }\n}\n", - "reduce": "function(key, values, rereduce) { return sum(values); }" - }, "by_user_ids_to_show": { "map": "function (doc) {\n if (doc.type === 'Message' && doc.user_ids_to_show && Array.isArray(doc.user_ids_to_show)) {\n doc.user_ids_to_show.forEach(function (userId) {\n emit(userId, 1);\n });\n }\n}\n", - "reduce": "function(key, values, rereduce) { return sum(values); }" + "reduce": " function(key, values, rereduce) {\n return sum(values);\n }\n" + }, + "by_user_ids_to_show_and_created_at": { + "map": "// not using at moment\n// call with something like Message.by_user_ids_to_show_and_created_at.startkey([user_id, start_date]).endkey([user_id,end_date])\nfunction (doc) {\n if (doc.type === 'Message' && doc.user_ids_to_show && Array.isArray(doc.user_ids_to_show)) {\n doc.user_ids_to_show.forEach(function (userId) {\n emit([userId, doc.created_at], 1);\n });\n }\n}\n", + "reduce": " function(key, values, rereduce) {\n return sum(values);\n }\n" }, "all": { "map": " function(doc) {\n if (doc['type'] == 'Message') {\n emit(doc._id, null);\n }\n }\n" } }, - "couchrest-hash": "0967e7cc5bb1e61edc1c085f6f0cecbf" + "couchrest-hash": "ba80168e51015d2678cad88fc6c5b986" } \ No newline at end of file diff --git a/puppet/modules/site_couchdb/files/designs/tickets/Ticket.json b/puppet/modules/site_couchdb/files/designs/tickets/Ticket.json index 2c9408b8..578f632b 100644 --- a/puppet/modules/site_couchdb/files/designs/tickets/Ticket.json +++ b/puppet/modules/site_couchdb/files/designs/tickets/Ticket.json @@ -24,27 +24,27 @@ }, "by_includes_post_by_and_is_open_and_created_at": { "map": "function(doc) {\n var arr = {}\n if (doc['type'] == 'Ticket' && doc.comments) {\n doc.comments.forEach(function(comment){\n if (comment.posted_by && !arr[comment.posted_by]) {\n //don't add duplicates\n arr[comment.posted_by] = true;\n emit([comment.posted_by, doc.is_open, doc.created_at], 1);\n }\n });\n }\n}\n", - "reduce": "function(key, values, rereduce) { return sum(values); }" - }, - "by_includes_post_by_and_is_open_and_updated_at": { - "map": "function(doc) {\n var arr = {}\n if (doc['type'] == 'Ticket' && doc.comments) {\n doc.comments.forEach(function(comment){\n if (comment.posted_by && !arr[comment.posted_by]) {\n //don't add duplicates\n arr[comment.posted_by] = true;\n emit([comment.posted_by, doc.is_open, doc.updated_at], 1);\n }\n });\n }\n}\n", - "reduce": "function(key, values, rereduce) { return sum(values); }" - }, - "by_includes_post_by_and_updated_at": { - "map": "function(doc) {\n var arr = {}\n if (doc['type'] == 'Ticket' && doc.comments) {\n doc.comments.forEach(function(comment){\n if (comment.posted_by && !arr[comment.posted_by]) {\n //don't add duplicates\n arr[comment.posted_by] = true;\n emit([comment.posted_by, doc.updated_at], 1);\n }\n });\n }\n}\n", - "reduce": "function(key, values, rereduce) { return sum(values); }" + "reduce": " function(key, values, rereduce) {\n return sum(values);\n }\n" }, "by_includes_post_by": { "map": "// TODO: This view is only used in tests--should we keep it?\nfunction(doc) {\n var arr = {}\n if (doc['type'] == 'Ticket' && doc.comments) {\n doc.comments.forEach(function(comment){\n if (comment.posted_by && !arr[comment.posted_by]) {\n //don't add duplicates\n arr[comment.posted_by] = true;\n emit(comment.posted_by, 1);\n }\n });\n }\n}\n", - "reduce": "function(key, values, rereduce) { return sum(values); }" + "reduce": " function(key, values, rereduce) {\n return sum(values);\n }\n" + }, + "by_includes_post_by_and_is_open_and_updated_at": { + "map": "function(doc) {\n var arr = {}\n if (doc['type'] == 'Ticket' && doc.comments) {\n doc.comments.forEach(function(comment){\n if (comment.posted_by && !arr[comment.posted_by]) {\n //don't add duplicates\n arr[comment.posted_by] = true;\n emit([comment.posted_by, doc.is_open, doc.updated_at], 1);\n }\n });\n }\n}\n", + "reduce": " function(key, values, rereduce) {\n return sum(values);\n }\n" }, "by_includes_post_by_and_created_at": { "map": "function(doc) {\n var arr = {}\n if (doc['type'] == 'Ticket' && doc.comments) {\n doc.comments.forEach(function(comment){\n if (comment.posted_by && !arr[comment.posted_by]) {\n //don't add duplicates\n arr[comment.posted_by] = true;\n emit([comment.posted_by, doc.created_at], 1);\n }\n });\n }\n}\n", - "reduce": "function(key, values, rereduce) { return sum(values); }" + "reduce": " function(key, values, rereduce) {\n return sum(values);\n }\n" + }, + "by_includes_post_by_and_updated_at": { + "map": "function(doc) {\n var arr = {}\n if (doc['type'] == 'Ticket' && doc.comments) {\n doc.comments.forEach(function(comment){\n if (comment.posted_by && !arr[comment.posted_by]) {\n //don't add duplicates\n arr[comment.posted_by] = true;\n emit([comment.posted_by, doc.updated_at], 1);\n }\n });\n }\n}\n", + "reduce": " function(key, values, rereduce) {\n return sum(values);\n }\n" }, "all": { "map": " function(doc) {\n if (doc['type'] == 'Ticket') {\n emit(doc._id, null);\n }\n }\n" } }, - "couchrest-hash": "9978e2cbeacbe8622c2a7f103bf8130f" + "couchrest-hash": "b21eaeea8ea66bfda65581b1b7ce06af" } \ No newline at end of file diff --git a/puppet/modules/site_couchdb/files/designs/users/User.json b/puppet/modules/site_couchdb/files/designs/users/User.json index 4089ad97..8a82cf4a 100644 --- a/puppet/modules/site_couchdb/files/designs/users/User.json +++ b/puppet/modules/site_couchdb/files/designs/users/User.json @@ -11,12 +11,12 @@ }, "by_created_at_and_one_month_warning_not_sent": { "map": "function (doc) {\n if ((doc['type'] == 'User') && (doc['created_at'] != null) && (doc['one_month_warning_sent'] == null)) {\n emit(doc['created_at'], 1);\n } \n}\n", - "reduce": "function(key, values, rereduce) { return sum(values); }" + "reduce": " function(key, values, rereduce) {\n return sum(values);\n }\n" }, "by_created_at": { "map": " function(doc) {\n if ((doc['type'] == 'User') && (doc['created_at'] != null)) {\n emit(doc['created_at'], 1);\n }\n }\n", "reduce": "_sum" } }, - "couchrest-hash": "61840ab3ec0f94ef8bbd6dd208db3b70" + "couchrest-hash": "d854607d299887a347e554176cb79e20" } \ No newline at end of file -- cgit v1.2.3 From 20b2b4cc8ee1e85cf1bc8dfaa4db9fb70dcac72b Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 30 Nov 2015 15:36:41 +0100 Subject: Revert "[feat] install couchdb from unstable on jessie" This reverts commit 02b1b484ad9a5d065ceac72b8263b7bcc112c923. Now that we have a proper couchdb jessie package we don't need to install it from Debian unstable. --- puppet/modules/site_couchdb/manifests/master.pp | 5 ----- 1 file changed, 5 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/master.pp b/puppet/modules/site_couchdb/manifests/master.pp index c50ed364..5dab6325 100644 --- a/puppet/modules/site_couchdb/manifests/master.pp +++ b/puppet/modules/site_couchdb/manifests/master.pp @@ -7,10 +7,5 @@ class site_couchdb::master { pwhash_alg => $site_couchdb::couchdb_pwhash_alg } - # couchdb is not available in jessie, and the - # leap deb repo only hosts a wheeyz version. - # we install it therefore from unstable - include site_apt::sid_repo - include site_check_mk::agent::couchdb::master } -- cgit v1.2.3 From 150579fb14716892cc3e4d7d9c0f81b30d56f03a Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 13 Apr 2015 23:16:00 +0200 Subject: restructured site.pp, now only one class gets included in site.pp per service (Bug #6851) Also, moved global Exec{} defaults to site.pp Change-Id: I9ae91b77afde944d2f1312613b9d9030e32239dd --- puppet/modules/site_couchdb/manifests/init.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 61aa887e..ea02d1f4 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -50,6 +50,7 @@ class site_couchdb { -> Class['couchdb'] -> Class['site_couchdb::setup'] + include ::site_config::default include site_stunnel include site_couchdb::setup -- cgit v1.2.3 From 982f8b6ce9c470366f967f3ad8fece2a673db59d Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 25 Jan 2016 12:07:11 +0100 Subject: [feat] Move bigcouch removals to own class We now include "site_config::remove::bigcouch" in class "site_couchdb::master", which sets up plain couchdb. --- puppet/modules/site_couchdb/manifests/master.pp | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/master.pp b/puppet/modules/site_couchdb/manifests/master.pp index 5dab6325..49d90f2f 100644 --- a/puppet/modules/site_couchdb/manifests/master.pp +++ b/puppet/modules/site_couchdb/manifests/master.pp @@ -8,4 +8,8 @@ class site_couchdb::master { } include site_check_mk::agent::couchdb::master + + # remove bigcouch leftovers from previous installations + include ::site_config::remove::bigcouch + } -- cgit v1.2.3 From 01b05ec8453b44d93780e04dd832b9a0e7b3cd48 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 25 Jan 2016 17:27:48 +0100 Subject: [feat] Cronjob to delete orphaned userdbs - Resolves: #7418 --- puppet/modules/site_couchdb/manifests/init.pp | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index ea02d1f4..8d79ae75 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -66,4 +66,13 @@ class site_couchdb { # remove tapicero leftovers on couchdb nodes include site_config::remove::tapicero + # Destroy every per-user storage database + # where the corresponding user record does not exist. + cron { 'cleanup_stale_userdbs': + command => '(/bin/date; /srv/leap/couchdb/scripts/cleanup-user-dbs) >> /var/log/leap/couchdb-cleanup.log', + user => 'root', + hour => 4, + minute => 7; + } + } -- cgit v1.2.3 From da2c743faaccd26604c4c26fbb1557934688eb4a Mon Sep 17 00:00:00 2001 From: elijah Date: Mon, 1 Feb 2016 15:56:41 -0800 Subject: default to plain couchdb, unless otherwise specified. # Conflicts: # puppet/modules/site_couchdb/manifests/plain.pp --- puppet/modules/site_couchdb/manifests/init.pp | 4 ++-- puppet/modules/site_couchdb/manifests/master.pp | 15 --------------- puppet/modules/site_couchdb/manifests/plain.pp | 15 +++++++++++++++ 3 files changed, 17 insertions(+), 17 deletions(-) delete mode 100644 puppet/modules/site_couchdb/manifests/master.pp create mode 100644 puppet/modules/site_couchdb/manifests/plain.pp (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 8d79ae75..0c126f0c 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -41,8 +41,8 @@ class site_couchdb { $couchdb_pwhash_alg = $couchdb_config['pwhash_alg'] if $couchdb_mode == 'multimaster' { include site_couchdb::bigcouch } - if $couchdb_mode == 'master' { include site_couchdb::master } - if $couchdb_mode == 'mirror' { include site_couchdb::mirror } + if $couchdb_mode == 'plain' { include site_couchdb::plain } + # if $couchdb_mode == 'mirror' { include site_couchdb::mirror } Class['site_config::default'] -> Service['shorewall'] diff --git a/puppet/modules/site_couchdb/manifests/master.pp b/puppet/modules/site_couchdb/manifests/master.pp deleted file mode 100644 index 49d90f2f..00000000 --- a/puppet/modules/site_couchdb/manifests/master.pp +++ /dev/null @@ -1,15 +0,0 @@ -# this class sets up a single, plain couchdb node -class site_couchdb::master { - class { 'couchdb': - admin_pw => $site_couchdb::couchdb_admin_pw, - admin_salt => $site_couchdb::couchdb_admin_salt, - chttpd_bind_address => '127.0.0.1', - pwhash_alg => $site_couchdb::couchdb_pwhash_alg - } - - include site_check_mk::agent::couchdb::master - - # remove bigcouch leftovers from previous installations - include ::site_config::remove::bigcouch - -} diff --git a/puppet/modules/site_couchdb/manifests/plain.pp b/puppet/modules/site_couchdb/manifests/plain.pp new file mode 100644 index 00000000..64209142 --- /dev/null +++ b/puppet/modules/site_couchdb/manifests/plain.pp @@ -0,0 +1,15 @@ +# this class sets up a single, plain couchdb node +class site_couchdb::plain { + class { 'couchdb': + admin_pw => $site_couchdb::couchdb_admin_pw, + admin_salt => $site_couchdb::couchdb_admin_salt, + chttpd_bind_address => '127.0.0.1', + pwhash_alg => $site_couchdb::couchdb_pwhash_alg + } + + include site_check_mk::agent::couchdb::plain + + # remove bigcouch leftovers from previous installations + include ::site_config::remove::bigcouch + +} -- cgit v1.2.3 From e5ecf06ef15637cb52f65424d6d7d889731c68a9 Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 11 Feb 2016 15:35:54 -0800 Subject: use pbkdf2 pwhash for plain couch. --- puppet/modules/site_couchdb/manifests/plain.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/plain.pp b/puppet/modules/site_couchdb/manifests/plain.pp index 64209142..9338e56a 100644 --- a/puppet/modules/site_couchdb/manifests/plain.pp +++ b/puppet/modules/site_couchdb/manifests/plain.pp @@ -4,7 +4,7 @@ class site_couchdb::plain { admin_pw => $site_couchdb::couchdb_admin_pw, admin_salt => $site_couchdb::couchdb_admin_salt, chttpd_bind_address => '127.0.0.1', - pwhash_alg => $site_couchdb::couchdb_pwhash_alg + pwhash_alg => 'pbkdf2' } include site_check_mk::agent::couchdb::plain -- cgit v1.2.3 From 70df05dce934a3d3803ea78e39200c37215cad04 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 24 Feb 2016 11:22:53 +0100 Subject: Use site_couchdb::plain even when couch.master is set top "master" --- puppet/modules/site_couchdb/manifests/init.pp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 0c126f0c..0c282e1c 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -40,8 +40,9 @@ class site_couchdb { $couchdb_mode = $couchdb_config['mode'] $couchdb_pwhash_alg = $couchdb_config['pwhash_alg'] - if $couchdb_mode == 'multimaster' { include site_couchdb::bigcouch } - if $couchdb_mode == 'plain' { include site_couchdb::plain } + if $couchdb_mode == 'multimaster' { include site_couchdb::bigcouch } + if $couchdb_mode =~ /^(plain|master)$/ { include site_couchdb::plain } + # if $couchdb_mode == 'mirror' { include site_couchdb::mirror } Class['site_config::default'] -- cgit v1.2.3 From a33a7d634ab33f46814bd154882f3b1c9b3b3978 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 25 Feb 2016 15:59:55 +0100 Subject: remove couchdb_pwhash_alg leftover --- puppet/modules/site_couchdb/manifests/init.pp | 1 - 1 file changed, 1 deletion(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 0c282e1c..b3d9fdf0 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -38,7 +38,6 @@ class site_couchdb { $couchdb_backup = $couchdb_config['backup'] $couchdb_mode = $couchdb_config['mode'] - $couchdb_pwhash_alg = $couchdb_config['pwhash_alg'] if $couchdb_mode == 'multimaster' { include site_couchdb::bigcouch } if $couchdb_mode =~ /^(plain|master)$/ { include site_couchdb::plain } -- cgit v1.2.3 From c6e45bc1097ed0a9dc7cb33898ea0b4e60635983 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 25 Feb 2016 16:08:32 +0100 Subject: couchdb module uses pbkdf2 as default pwhash algor. now --- puppet/modules/site_couchdb/manifests/plain.pp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/plain.pp b/puppet/modules/site_couchdb/manifests/plain.pp index 9338e56a..b40fc100 100644 --- a/puppet/modules/site_couchdb/manifests/plain.pp +++ b/puppet/modules/site_couchdb/manifests/plain.pp @@ -3,8 +3,7 @@ class site_couchdb::plain { class { 'couchdb': admin_pw => $site_couchdb::couchdb_admin_pw, admin_salt => $site_couchdb::couchdb_admin_salt, - chttpd_bind_address => '127.0.0.1', - pwhash_alg => 'pbkdf2' + chttpd_bind_address => '127.0.0.1' } include site_check_mk::agent::couchdb::plain -- cgit v1.2.3 From 89a3cd71f50a383a5f85510193087446da0e661f Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 26 Feb 2016 01:44:48 -0800 Subject: plain couchdb now required, bigcouch support disabled. --- puppet/modules/site_couchdb/manifests/init.pp | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 0c282e1c..3f670ed2 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -40,10 +40,13 @@ class site_couchdb { $couchdb_mode = $couchdb_config['mode'] $couchdb_pwhash_alg = $couchdb_config['pwhash_alg'] - if $couchdb_mode == 'multimaster' { include site_couchdb::bigcouch } - if $couchdb_mode =~ /^(plain|master)$/ { include site_couchdb::plain } + # ensure bigcouch has been purged from the system: + # TODO: remove this check in 0.9 release + if file('/opt/bigcouch/bin/bigcouch', '/dev/null') != '' { + fail 'ERROR: BigCouch appears to be installed. Make sure you have migrated to CouchDB before proceeding. See https://leap.se/upgrade-0-8' + } - # if $couchdb_mode == 'mirror' { include site_couchdb::mirror } + include site_couchdb::plain Class['site_config::default'] -> Service['shorewall'] -- cgit v1.2.3 From f73c3d220769faf4dce5e8582fe8cd655f50c996 Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 4 Mar 2016 13:59:13 -0800 Subject: only not create soledad admin .netrc file if soledad is enabled --- puppet/modules/site_couchdb/manifests/setup.pp | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/setup.pp b/puppet/modules/site_couchdb/manifests/setup.pp index fef48505..710d3c1c 100644 --- a/puppet/modules/site_couchdb/manifests/setup.pp +++ b/puppet/modules/site_couchdb/manifests/setup.pp @@ -34,12 +34,14 @@ class site_couchdb::setup { # setup /etc/couchdb/couchdb-soledad-admin.netrc file for couchdb admin # access, accessible only for the soledad-admin user to create soledad # userdbs - file { '/etc/couchdb/couchdb-soledad-admin.netrc': - content => "machine localhost login ${user} password ${site_couchdb::couchdb_admin_pw}", - mode => '0400', - owner => 'soledad-admin', - group => 'root', - require => [ Package['couchdb'], User['soledad-admin'] ]; + if member(hiera('services', []), 'soledad') { + file { '/etc/couchdb/couchdb-soledad-admin.netrc': + content => "machine localhost login ${user} password ${site_couchdb::couchdb_admin_pw}", + mode => '0400', + owner => 'soledad-admin', + group => 'root', + require => [ Package['couchdb'], User['soledad-admin'] ]; + } } # Checkout couchdb_scripts repo -- cgit v1.2.3 From 22b788920defdd42b4abda144afd8ca69d0a9d37 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 18 Apr 2016 18:19:44 +0200 Subject: [style] lint some custom manifests I used `puppet-lint -f FILE` to fix most issues, while finishing with manual intervention. --- puppet/modules/site_couchdb/manifests/mirror.pp | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/mirror.pp b/puppet/modules/site_couchdb/manifests/mirror.pp index abe35c4c..a69f3964 100644 --- a/puppet/modules/site_couchdb/manifests/mirror.pp +++ b/puppet/modules/site_couchdb/manifests/mirror.pp @@ -22,55 +22,55 @@ class site_couchdb::mirror { ### customer database couchdb::mirror_db { 'customers': - from => $from, + from => $from, require => Couchdb::Query::Setup['localhost'] } ## identities database couchdb::mirror_db { 'identities': - from => $from, + from => $from, require => Couchdb::Query::Setup['localhost'] } ## keycache database couchdb::mirror_db { 'keycache': - from => $from, + from => $from, require => Couchdb::Query::Setup['localhost'] } ## sessions database couchdb::mirror_db { 'sessions': - from => $from, + from => $from, require => Couchdb::Query::Setup['localhost'] } ## shared database couchdb::mirror_db { 'shared': - from => $from, + from => $from, require => Couchdb::Query::Setup['localhost'] } ## tickets database couchdb::mirror_db { 'tickets': - from => $from, + from => $from, require => Couchdb::Query::Setup['localhost'] } ## tokens database couchdb::mirror_db { 'tokens': - from => $from, + from => $from, require => Couchdb::Query::Setup['localhost'] } ## users database couchdb::mirror_db { 'users': - from => $from, + from => $from, require => Couchdb::Query::Setup['localhost'] } ## messages db couchdb::mirror_db { 'messages': - from => $from, + from => $from, require => Couchdb::Query::Setup['localhost'] } -- cgit v1.2.3 From 8370875d608ebddae09fcd05741bb77e0e31c122 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 18 Apr 2016 18:28:29 +0200 Subject: [style] more manual linting for custom manifests --- puppet/modules/site_couchdb/manifests/logrotate.pp | 10 ++++++---- puppet/modules/site_couchdb/manifests/mirror.pp | 1 + puppet/modules/site_couchdb/manifests/upload_design.pp | 3 ++- 3 files changed, 9 insertions(+), 5 deletions(-) (limited to 'puppet/modules/site_couchdb') diff --git a/puppet/modules/site_couchdb/manifests/logrotate.pp b/puppet/modules/site_couchdb/manifests/logrotate.pp index e1039d49..bb8843bb 100644 --- a/puppet/modules/site_couchdb/manifests/logrotate.pp +++ b/puppet/modules/site_couchdb/manifests/logrotate.pp @@ -1,12 +1,14 @@ +# configure couchdb logrotation class site_couchdb::logrotate { augeas { 'logrotate_bigcouch': context => '/files/etc/logrotate.d/bigcouch/rule', - changes => [ 'set file /opt/bigcouch/var/log/*.log', 'set rotate 7', - 'set schedule daily', 'set compress compress', - 'set missingok missingok', 'set ifempty notifempty', - 'set copytruncate copytruncate' ] + changes => [ + 'set file /opt/bigcouch/var/log/*.log', 'set rotate 7', + 'set schedule daily', 'set compress compress', + 'set missingok missingok', 'set ifempty notifempty', + 'set copytruncate copytruncate' ] } } diff --git a/puppet/modules/site_couchdb/manifests/mirror.pp b/puppet/modules/site_couchdb/manifests/mirror.pp index a69f3964..fb82b897 100644 --- a/puppet/modules/site_couchdb/manifests/mirror.pp +++ b/puppet/modules/site_couchdb/manifests/mirror.pp @@ -1,3 +1,4 @@ +# configure mirroring of couch nodes class site_couchdb::mirror { Class['site_couchdb::add_users'] diff --git a/puppet/modules/site_couchdb/manifests/upload_design.pp b/puppet/modules/site_couchdb/manifests/upload_design.pp index 7b0cabd7..bd73ebf2 100644 --- a/puppet/modules/site_couchdb/manifests/upload_design.pp +++ b/puppet/modules/site_couchdb/manifests/upload_design.pp @@ -1,4 +1,5 @@ -define site_couchdb::upload_design($db = $title, $design) { +# upload a design doc to a db +define site_couchdb::upload_design($design, $db = $title) { $design_name = regsubst($design, '^.*\/(.*)\.json$', '\1') $id = "_design/${design_name}" $file = "/srv/leap/couchdb/designs/${design}" -- cgit v1.2.3