From 5b52d1ed6e77416412a293be025580261284aa37 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 14 Aug 2013 10:09:46 -0400 Subject: Fix problem where webapp production.log had the wrong permissions - #3471 Change-Id: I20a6ecc43e36fc1e8416c46f7e4d14726995d2f2 --- puppet/modules/site_webapp/manifests/couchdb.pp | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp/manifests/couchdb.pp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index b4ef0980..ac01a5bc 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -39,7 +39,15 @@ class site_webapp::couchdb { mode => '0600', require => Vcsrepo['/srv/leap/webapp']; - '/srv/leap/webapp/logs/production.log': + '/srv/leap/webapp/log': + ensure => directory, + owner => leap-webapp, + group => leap-webapp, + mode => '0755', + require => Vcsrepo['/srv/leap/webapp']; + + '/srv/leap/webapp/log/production.log': + ensure => present, owner => leap-webapp, group => leap-webapp, mode => '0666', -- cgit v1.2.3 From fcbf7c0b4df14149269b646b5ac8e66acd63647e Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 6 Sep 2013 17:37:03 +0200 Subject: use define instead of class for site_stunnel::setup (#3817) so it can be called multiple times --- puppet/modules/site_webapp/manifests/couchdb.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp/manifests/couchdb.pp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index ac01a5bc..4bafc7f3 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -60,7 +60,7 @@ class site_webapp::couchdb { mode => '0744'; } - class { 'site_stunnel::setup': + site_stunnel::setup { 'webapp_couchdb': cert_name => $cert_name, key => $key, cert => $cert, -- cgit v1.2.3 From 3e5e685200e9b5c3ac8567100e552929ea55d8e8 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 13 Sep 2013 16:20:07 +0200 Subject: setup stunnel config to use default x509 cert,key+ca (#3837) * fix stunnel setups for couchdb, mx, webapp services --- puppet/modules/site_webapp/manifests/couchdb.pp | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) (limited to 'puppet/modules/site_webapp/manifests/couchdb.pp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 4bafc7f3..f9a4eb6b 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -60,13 +60,7 @@ class site_webapp::couchdb { mode => '0744'; } - site_stunnel::setup { 'webapp_couchdb': - cert_name => $cert_name, - key => $key, - cert => $cert, - ca_name => $ca_name, - ca => $ca - } + include site_stunnel exec { 'migrate_design_documents': cwd => '/srv/leap/webapp', -- cgit v1.2.3 From 1ce6cb5a30c5ee73d6474ac9c1bbd4c7819d9a73 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 19 Sep 2013 12:19:00 +0200 Subject: only deploy x509 stuff for nodes if it existes in hiera (Feature #3875) --- puppet/modules/site_webapp/manifests/couchdb.pp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'puppet/modules/site_webapp/manifests/couchdb.pp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index f9a4eb6b..24f9279d 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -13,6 +13,8 @@ class site_webapp::couchdb { $couch_client = $stunnel['couch_client'] $couch_client_connect = $couch_client['connect'] + include site_config::x509::cert_key + include site_config::x509::ca include x509::variables $x509 = hiera('x509') $key = $x509['key'] -- cgit v1.2.3 From b798d716e5219d00b5b94ce8b80566e4b3bf0899 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 19 Sep 2013 13:11:24 +0200 Subject: webapp: Depend services on deployment of default key, cert and ca (Feature #3838) --- puppet/modules/site_webapp/manifests/couchdb.pp | 19 ++++--------------- 1 file changed, 4 insertions(+), 15 deletions(-) (limited to 'puppet/modules/site_webapp/manifests/couchdb.pp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 24f9279d..5a5cccad 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -13,18 +13,7 @@ class site_webapp::couchdb { $couch_client = $stunnel['couch_client'] $couch_client_connect = $couch_client['connect'] - include site_config::x509::cert_key - include site_config::x509::ca include x509::variables - $x509 = hiera('x509') - $key = $x509['key'] - $cert = $x509['cert'] - $ca = $x509['ca_cert'] - $cert_name = 'leap_couchdb' - $ca_name = 'leap_ca' - $ca_path = "${x509::variables::local_CAs}/${ca_name}.crt" - $cert_path = "${x509::variables::certs}/${cert_name}.crt" - $key_path = "${x509::variables::keys}/${cert_name}.key" file { '/srv/leap/webapp/config/couchdb.yml.admin': @@ -73,10 +62,10 @@ class site_webapp::couchdb { $couchdb_stunnel_client_defaults = { 'connect_port' => $couch_client_connect, - 'client' => true, - 'cafile' => $ca_path, - 'key' => $key_path, - 'cert' => $cert_path, + 'client' => true, + 'cafile' => "${x509::variables::local_CAs}/${site_config::params::ca_name}.crt", + 'key' => "${x509::variables::keys}/${site_config::params::cert_name}.key", + 'cert' => "${x509::variables::certs}/${site_config::params::cert_name}.crt", } create_resources(site_stunnel::clients, $couch_client, $couchdb_stunnel_client_defaults) -- cgit v1.2.3 From 7f59d8c7f5a41125c17271b1cd55118dafa52151 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 28 Nov 2013 09:54:37 -0500 Subject: remove admin access from webapp Change-Id: Ib2ce0d38a8e4dd30ae6842bfb5579d9c3dd10f18 --- puppet/modules/site_webapp/manifests/couchdb.pp | 22 ---------------------- 1 file changed, 22 deletions(-) (limited to 'puppet/modules/site_webapp/manifests/couchdb.pp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 5a5cccad..7f6ebbc6 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -4,8 +4,6 @@ class site_webapp::couchdb { # haproxy listener on port localhost:4096, see site_webapp::haproxy $couchdb_host = 'localhost' $couchdb_port = '4096' - $couchdb_admin_user = $webapp['couchdb_admin_user']['username'] - $couchdb_admin_password = $webapp['couchdb_admin_user']['password'] $couchdb_webapp_user = $webapp['couchdb_webapp_user']['username'] $couchdb_webapp_password = $webapp['couchdb_webapp_user']['password'] @@ -16,13 +14,6 @@ class site_webapp::couchdb { include x509::variables file { - '/srv/leap/webapp/config/couchdb.yml.admin': - content => template('site_webapp/couchdb.yml.admin.erb'), - owner => leap-webapp, - group => leap-webapp, - mode => '0600', - require => Vcsrepo['/srv/leap/webapp']; - '/srv/leap/webapp/config/couchdb.yml.webapp': content => template('site_webapp/couchdb.yml.erb'), owner => leap-webapp, @@ -43,23 +34,10 @@ class site_webapp::couchdb { group => leap-webapp, mode => '0666', require => Vcsrepo['/srv/leap/webapp']; - - '/usr/local/sbin/migrate_design_documents': - source => 'puppet:///modules/site_webapp/migrate_design_documents', - owner => root, - group => root, - mode => '0744'; } include site_stunnel - exec { 'migrate_design_documents': - cwd => '/srv/leap/webapp', - command => '/usr/local/sbin/migrate_design_documents', - require => Exec['bundler_update'], - notify => Service['apache']; - } - $couchdb_stunnel_client_defaults = { 'connect_port' => $couch_client_connect, 'client' => true, -- cgit v1.2.3 From fe1561855cd7be38190d54913f84bae5ab3c9a4a Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 8 Jan 2014 14:21:38 -0800 Subject: fix webapp couchdb.yml to be couchdb.yml not couchdb.yml.webapp --- puppet/modules/site_webapp/manifests/couchdb.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp/manifests/couchdb.pp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 7f6ebbc6..ff743fba 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -14,7 +14,7 @@ class site_webapp::couchdb { include x509::variables file { - '/srv/leap/webapp/config/couchdb.yml.webapp': + '/srv/leap/webapp/config/couchdb.yml': content => template('site_webapp/couchdb.yml.erb'), owner => leap-webapp, group => leap-webapp, -- cgit v1.2.3