From 4c5f0726d3eee0caa62f509743762968dc4b544b Mon Sep 17 00:00:00 2001 From: varac Date: Sat, 13 Oct 2012 11:00:17 +0200 Subject: use debian unstable for couchdb --- puppet/modules/site_apt/files/unstable.list | 1 + puppet/modules/site_couchdb/manifests/init.pp | 6 ++++++ 2 files changed, 7 insertions(+) create mode 100644 puppet/modules/site_apt/files/unstable.list create mode 100644 puppet/modules/site_couchdb/manifests/init.pp (limited to 'puppet/modules') diff --git a/puppet/modules/site_apt/files/unstable.list b/puppet/modules/site_apt/files/unstable.list new file mode 100644 index 00000000..0e289136 --- /dev/null +++ b/puppet/modules/site_apt/files/unstable.list @@ -0,0 +1 @@ +deb http://http.debian.net/debian unstable main diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp new file mode 100644 index 00000000..4e347567 --- /dev/null +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -0,0 +1,6 @@ +class site_config::couchdb { + apt::sources_list { "unstable.list": + source => [ "puppet:///modules/site_apt/unstable.list"], + } + +} -- cgit v1.2.3 From 01732be30c06919f85e4887a500f7e9b11e56e4f Mon Sep 17 00:00:00 2001 From: varac Date: Sat, 13 Oct 2012 11:08:22 +0200 Subject: use site_couchdb --- puppet/modules/site_couchdb/manifests/init.pp | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'puppet/modules') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 4e347567..bb14595a 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -1,6 +1,11 @@ -class site_config::couchdb { - apt::sources_list { "unstable.list": - source => [ "puppet:///modules/site_apt/unstable.list"], +class site_couchdb { + apt::sources_list { 'unstable.list': + source => [ 'puppet:///modules/site_apt/unstable.list'], + } + + + class { 'couchdb': + #bind => '0.0.0.0' } } -- cgit v1.2.3 From 06a1546a36698dd75fb500ad2a12e9bbf9b43f03 Mon Sep 17 00:00:00 2001 From: varac Date: Sat, 13 Oct 2012 11:30:30 +0200 Subject: install couchdb from unstable, see init.pp --- puppet/modules/site_couchdb/manifests/init.pp | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'puppet/modules') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index bb14595a..06c29181 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -1,8 +1,15 @@ class site_couchdb { + + # for now, we need to install couchdb from unstable, + # because of this bug while installing: + # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681549 + # can be removed when couchdb/1.2.0-2 is integrated into testing apt::sources_list { 'unstable.list': source => [ 'puppet:///modules/site_apt/unstable.list'], } - + apt::preferences_snippet{ + 'couchdb': release => "unstable", priority => 999; + } class { 'couchdb': #bind => '0.0.0.0' -- cgit v1.2.3 From 69ba8553f483d99782775e8ed5ab01cd45a75e72 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 30 Oct 2012 16:01:41 +0100 Subject: configure unstable pinning for couchdb before install --- puppet/modules/site_couchdb/manifests/init.pp | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) (limited to 'puppet/modules') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 06c29181..a9e6343a 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -1,18 +1,5 @@ class site_couchdb { - # for now, we need to install couchdb from unstable, - # because of this bug while installing: - # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681549 - # can be removed when couchdb/1.2.0-2 is integrated into testing - apt::sources_list { 'unstable.list': - source => [ 'puppet:///modules/site_apt/unstable.list'], - } - apt::preferences_snippet{ - 'couchdb': release => "unstable", priority => 999; - } - - class { 'couchdb': - #bind => '0.0.0.0' - } + class {'site_couchdb::package':} -> class {'site_couchdb::configure':} } -- cgit v1.2.3 From 761e87e8ab93bfab4bd81b25125c1c8fb554c8a5 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 30 Oct 2012 16:41:51 +0100 Subject: try explicit class relation --- puppet/modules/site_couchdb/manifests/init.pp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'puppet/modules') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index a9e6343a..57b1d038 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -1,5 +1,10 @@ class site_couchdb { - class {'site_couchdb::package':} -> class {'site_couchdb::configure':} + # install couchdb package first, then configure it + + Class[site_couchdb::package] -> Class[site_couchdb::configure] + + include site_couchdb::package + include site_couchdb::configure } -- cgit v1.2.3 From 139fe307ebc544e95f7c84bc921bbed3d9f20857 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 30 Oct 2012 16:42:00 +0100 Subject: try explicit class relation --- puppet/modules/site_couchdb/manifests/configure.pp | 7 +++++++ puppet/modules/site_couchdb/manifests/package.pp | 13 +++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 puppet/modules/site_couchdb/manifests/configure.pp create mode 100644 puppet/modules/site_couchdb/manifests/package.pp (limited to 'puppet/modules') diff --git a/puppet/modules/site_couchdb/manifests/configure.pp b/puppet/modules/site_couchdb/manifests/configure.pp new file mode 100644 index 00000000..969e2e4d --- /dev/null +++ b/puppet/modules/site_couchdb/manifests/configure.pp @@ -0,0 +1,7 @@ +class site_couchdb::configure { + #Class[site_couchdb::package] -> Class[site_couchdb::configure] + class { 'couchdb': + #bind => '0.0.0.0' + } + +} diff --git a/puppet/modules/site_couchdb/manifests/package.pp b/puppet/modules/site_couchdb/manifests/package.pp new file mode 100644 index 00000000..c091316a --- /dev/null +++ b/puppet/modules/site_couchdb/manifests/package.pp @@ -0,0 +1,13 @@ +class site_couchdb::package { + + # for now, we need to install couchdb from unstable, + # because of this bug while installing: + # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681549 + # can be removed when couchdb/1.2.0-2 is integrated into testing + apt::sources_list { 'unstable.list': + source => [ 'puppet:///modules/site_apt/unstable.list'], + } + apt::preferences_snippet{ + 'couchdb': release => 'unstable', priority => 999; + } +} -- cgit v1.2.3 From ffc0bba5390b30093b0cfdf9f927ba1f7db66ee8 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 1 Nov 2012 09:15:54 +0100 Subject: another try of class relationships --- puppet/modules/site_couchdb/manifests/configure.pp | 4 ++-- puppet/modules/site_couchdb/manifests/init.pp | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'puppet/modules') diff --git a/puppet/modules/site_couchdb/manifests/configure.pp b/puppet/modules/site_couchdb/manifests/configure.pp index 969e2e4d..3ab87e1e 100644 --- a/puppet/modules/site_couchdb/manifests/configure.pp +++ b/puppet/modules/site_couchdb/manifests/configure.pp @@ -1,7 +1,7 @@ class site_couchdb::configure { - #Class[site_couchdb::package] -> Class[site_couchdb::configure] + Class[site_couchdb::package] -> Class[couchdb] class { 'couchdb': + require => Class['site_couchdb::package'] #bind => '0.0.0.0' } - } diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 57b1d038..e27bdd59 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -1,10 +1,10 @@ class site_couchdb { # install couchdb package first, then configure it - - Class[site_couchdb::package] -> Class[site_couchdb::configure] + Class['site_couchdb::package'] -> Class['site_couchdb::configure'] include site_couchdb::package include site_couchdb::configure + include couchdb::deploy_config } -- cgit v1.2.3 From 659f145711fefd0bf1046088ce89aa70448fe6f9 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 1 Nov 2012 09:18:07 +0100 Subject: custom local.ini with ssl support --- puppet/modules/site_couchdb/files/local.ini | 84 +++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 puppet/modules/site_couchdb/files/local.ini (limited to 'puppet/modules') diff --git a/puppet/modules/site_couchdb/files/local.ini b/puppet/modules/site_couchdb/files/local.ini new file mode 100644 index 00000000..0da2fb44 --- /dev/null +++ b/puppet/modules/site_couchdb/files/local.ini @@ -0,0 +1,84 @@ +; CouchDB Configuration Settings + +; Custom settings should be made in this file. They will override settings +; in default.ini, but unlike changes made to default.ini, this file won't be +; overwritten on server upgrade. + +[couchdb] +;max_document_size = 4294967296 ; bytes + +[httpd] +;port = 5984 +;bind_address = 127.0.0.1 +; Options for the MochiWeb HTTP server. +;server_options = [{backlog, 128}, {acceptor_pool_size, 16}] +; For more socket options, consult Erlang's module 'inet' man page. +;socket_options = [{recbuf, 262144}, {sndbuf, 262144}, {nodelay, true}] + +; Uncomment next line to trigger basic-auth popup on unauthorized requests. +;WWW-Authenticate = Basic realm="administrator" + +; Uncomment next line to set the configuration modification whitelist. Only +; whitelisted values may be changed via the /_config URLs. To allow the admin +; to change this value over HTTP, remember to include {httpd,config_whitelist} +; itself. Excluding it from the list would require editing this file to update +; the whitelist. +;config_whitelist = [{httpd,config_whitelist}, {log,level}, {etc,etc}] + +[httpd_global_handlers] +;_google = {couch_httpd_proxy, handle_proxy_req, <<"http://www.google.com">>} + +[couch_httpd_auth] +; If you set this to true, you should also uncomment the WWW-Authenticate line +; above. If you don't configure a WWW-Authenticate header, CouchDB will send +; Basic realm="server" in order to prevent you getting logged out. +; require_valid_user = false + +[log] +;level = debug + +[os_daemons] +; For any commands listed here, CouchDB will attempt to ensure that +; the process remains alive while CouchDB runs as well as shut them +; down when CouchDB exits. +;foo = /path/to/command -with args + +[daemons] +; enable SSL support by uncommenting the following line and supply the PEM's below. +; the default ssl port CouchDB listens on is 6984 +httpsd = {couch_httpd, start_link, [https]} + +[ssl] +cert_file = /etc/couchdb/server_cert.pem +key_file = /etc/couchdb/server_key.pem +;password = somepassword +; set to true to validate peer certificates +verify_ssl_certificates = false +; Path to file containing PEM encoded CA certificates (trusted +; certificates used for verifying a peer certificate). May be omitted if +; you do not want to verify the peer. +;cacert_file = /full/path/to/cacertf +; The verification fun (optionnal) if not specidied, the default +; verification fun will be used. +;verify_fun = {Module, VerifyFun} +ssl_certificate_max_depth = 1 +; To enable Virtual Hosts in CouchDB, add a vhost = path directive. All requests to +; the Virual Host will be redirected to the path. In the example below all requests +; to http://example.com/ are redirected to /database. +; If you run CouchDB on a specific port, include the port number in the vhost: +; example.com:5984 = /database + +[vhosts] +;example.com = /database/ + +[update_notification] +;unique notifier name=/full/path/to/exe -with "cmd line arg" + +; To create an admin account uncomment the '[admins]' section below and add a +; line in the format 'username = password'. When you next start CouchDB, it +; will change the password to a hash (so that your passwords don't linger +; around in plain-text files). You can add more admin accounts with more +; 'username = password' lines. Don't forget to restart CouchDB after +; changing this. +[admins] +;admin = mysecretpassword -- cgit v1.2.3 From f94788ce35c564babedb987e2c01d44021898739 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 1 Nov 2012 09:23:55 +0100 Subject: automatic update of submodule puppet_couchdb --- puppet/modules/couchdb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules') diff --git a/puppet/modules/couchdb b/puppet/modules/couchdb index 8daa8625..3fbdba6f 160000 --- a/puppet/modules/couchdb +++ b/puppet/modules/couchdb @@ -1 +1 @@ -Subproject commit 8daa862541facd5207a75760f3656e857faf73fd +Subproject commit 3fbdba6f03758337350f3e43352f993b74ff72a8 -- cgit v1.2.3 From 628b60f3db3f9150ae456f976a44916affd08e20 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 1 Nov 2012 09:33:15 +0100 Subject: automatic update of submodule puppet_couchdb --- puppet/modules/couchdb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules') diff --git a/puppet/modules/couchdb b/puppet/modules/couchdb index 3fbdba6f..8ccd0565 160000 --- a/puppet/modules/couchdb +++ b/puppet/modules/couchdb @@ -1 +1 @@ -Subproject commit 3fbdba6f03758337350f3e43352f993b74ff72a8 +Subproject commit 8ccd0565c9afdee9dd9d916063a98c209940716d -- cgit v1.2.3 From ced30b2e8eb182fa099d407e2d969288bb07b0dd Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 1 Nov 2012 09:39:37 +0100 Subject: deploy ssl certs --- puppet/modules/site_couchdb/manifests/init.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index e27bdd59..8865bde8 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -6,5 +6,6 @@ class site_couchdb { include site_couchdb::package include site_couchdb::configure + include couchdb::ssl::deploy_certs include couchdb::deploy_config } -- cgit v1.2.3 From 4b26a17f6e2e01e7c9fd810cbae2e01be24b8438 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 1 Nov 2012 09:54:15 +0100 Subject: automatic update of submodule puppet_couchdb --- puppet/modules/couchdb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules') diff --git a/puppet/modules/couchdb b/puppet/modules/couchdb index 8ccd0565..293e609c 160000 --- a/puppet/modules/couchdb +++ b/puppet/modules/couchdb @@ -1 +1 @@ -Subproject commit 8ccd0565c9afdee9dd9d916063a98c209940716d +Subproject commit 293e609c70157cbe73e9a7962b6bc9b5393b3778 -- cgit v1.2.3 From 60c9f0ed9cb957efcbd9972512f5a17a5d828651 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 1 Nov 2012 10:05:46 +0100 Subject: automatic update of submodule puppet_couchdb --- puppet/modules/couchdb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules') diff --git a/puppet/modules/couchdb b/puppet/modules/couchdb index 293e609c..fd8c6d94 160000 --- a/puppet/modules/couchdb +++ b/puppet/modules/couchdb @@ -1 +1 @@ -Subproject commit 293e609c70157cbe73e9a7962b6bc9b5393b3778 +Subproject commit fd8c6d9481910d7ee587cbd1098346da868f5068 -- cgit v1.2.3 From 9f7a64ab2813e2c475a776efff4ad9a380ca6cc1 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 1 Nov 2012 10:09:37 +0100 Subject: deploy ssl cert working --- puppet/modules/site_couchdb/manifests/init.pp | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'puppet/modules') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 8865bde8..f1cca46f 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -1,11 +1,19 @@ class site_couchdb { + $couchdb_config = hiera('couchdb') + $key = $couchdb_config['key'] + $cert = $couchdb_config['crt'] + # install couchdb package first, then configure it Class['site_couchdb::package'] -> Class['site_couchdb::configure'] include site_couchdb::package include site_couchdb::configure - include couchdb::ssl::deploy_certs + + couchdb::ssl::deploy_cert { 'cert': + key => $key, + cert => $cert, + } include couchdb::deploy_config } -- cgit v1.2.3 From 6a2453574e45b6778bfc66fc12a47421669d1614 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 1 Nov 2012 15:15:11 +0100 Subject: use couchdb x509 hiera values --- puppet/modules/site_couchdb/manifests/init.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'puppet/modules') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index f1cca46f..e3f5e59f 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -1,8 +1,8 @@ class site_couchdb { - $couchdb_config = hiera('couchdb') - $key = $couchdb_config['key'] - $cert = $couchdb_config['crt'] + $x509 = hiera('x509') + $key = $x509['key'] + $cert = $x509['cert'] # install couchdb package first, then configure it Class['site_couchdb::package'] -> Class['site_couchdb::configure'] -- cgit v1.2.3 From 7a9b7bed9cd8e2f2c02c4ce3627c874350d954f7 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 2 Nov 2012 16:19:04 +0100 Subject: accept all outgoing traffic on eip gw --- puppet/modules/site_shorewall/manifests/eip.pp | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) (limited to 'puppet/modules') diff --git a/puppet/modules/site_shorewall/manifests/eip.pp b/puppet/modules/site_shorewall/manifests/eip.pp index 34268125..e94c7db4 100644 --- a/puppet/modules/site_shorewall/manifests/eip.pp +++ b/puppet/modules/site_shorewall/manifests/eip.pp @@ -7,9 +7,9 @@ class site_shorewall::eip { $interface = hiera('interface') $ssh_config = hiera('ssh') - $ssh_port = $ssh_config['port'] + $ssh_port = $ssh_config['port'] - # define macro + # define macro for incoming services file { '/etc/shorewall/macro.leap_eip': content => "PARAM - - tcp 53,80,443,1194,$ssh_port PARAM - - udp 53,80,443,1194 @@ -51,6 +51,11 @@ PARAM - - udp 53,80,443,1194 destinationzone => 'all', policy => 'ACCEPT', order => 100; + 'fw-to-all': + sourcezone => '$FW', + destinationzone => 'all', + policy => 'ACCEPT', + order => 100; 'all-to-all': sourcezone => 'all', destinationzone => 'all', @@ -59,12 +64,14 @@ PARAM - - udp 53,80,443,1194 } shorewall::rule { + # ping party 'all2all-ping': source => 'all', destination => 'all', action => 'Ping(ACCEPT)', order => 200; + # outside to server 'net2fw-ssh': source => 'net', destination => '$FW', @@ -76,7 +83,7 @@ PARAM - - udp 53,80,443,1194 action => 'leap_eip(ACCEPT)', order => 200; - # eip gw itself to outside + # server to outside 'fw2all-http': source => '$FW', destination => 'all', @@ -93,10 +100,11 @@ PARAM - - udp 53,80,443,1194 action => 'Git(ACCEPT)', order => 200; - 'eip2fw-https': - source => 'eip', - destination => '$FW', - action => 'HTTPS(ACCEPT)', - order => 200; + # Webfrontend is running on another server + #'eip2fw-https': + # source => 'eip', + # destination => '$FW', + # action => 'HTTPS(ACCEPT)', + # order => 200; } } -- cgit v1.2.3 From 82c21f345c78c4f06e4aa78ab6020f1393816812 Mon Sep 17 00:00:00 2001 From: varac Date: Sat, 3 Nov 2012 10:18:38 +0100 Subject: added local.d/admin.ini to set admin pw --- puppet/modules/site_couchdb/manifests/configure.pp | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) (limited to 'puppet/modules') diff --git a/puppet/modules/site_couchdb/manifests/configure.pp b/puppet/modules/site_couchdb/manifests/configure.pp index 3ab87e1e..0d0eb24f 100644 --- a/puppet/modules/site_couchdb/manifests/configure.pp +++ b/puppet/modules/site_couchdb/manifests/configure.pp @@ -1,7 +1,18 @@ class site_couchdb::configure { - Class[site_couchdb::package] -> Class[couchdb] + Class[site_couchdb::package] -> Class[couchdb] + class { 'couchdb': - require => Class['site_couchdb::package'] - #bind => '0.0.0.0' + require => Class['site_couchdb::package'], + } + + $adminpw = hiera('couchdb_adminpw') + file { '/etc/couchdb/local.d/admin.ini': + content => "[admins] +admin = $adminpw +", + mode => '0600', + owner => 'couchdb', + group => 'couchdb', + notify => Service[couchdb] } } -- cgit v1.2.3 From 5abce06ff562fb508504af4370c0cc8eda266b56 Mon Sep 17 00:00:00 2001 From: varac Date: Sat, 3 Nov 2012 10:19:24 +0100 Subject: [admins] section moved to local.d/admin.ini --- puppet/modules/site_couchdb/files/local.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules') diff --git a/puppet/modules/site_couchdb/files/local.ini b/puppet/modules/site_couchdb/files/local.ini index 0da2fb44..79dd112e 100644 --- a/puppet/modules/site_couchdb/files/local.ini +++ b/puppet/modules/site_couchdb/files/local.ini @@ -80,5 +80,5 @@ ssl_certificate_max_depth = 1 ; around in plain-text files). You can add more admin accounts with more ; 'username = password' lines. Don't forget to restart CouchDB after ; changing this. -[admins] +;[admins] ;admin = mysecretpassword -- cgit v1.2.3 From 16f007c540d56c2e64c1f73bd1ff49674bd0afeb Mon Sep 17 00:00:00 2001 From: varac Date: Sat, 3 Nov 2012 10:21:49 +0100 Subject: added submodule apache from git://labs.riseup.net/shared-apache --- puppet/modules/apache | 1 + 1 file changed, 1 insertion(+) create mode 160000 puppet/modules/apache (limited to 'puppet/modules') diff --git a/puppet/modules/apache b/puppet/modules/apache new file mode 160000 index 00000000..9f12e863 --- /dev/null +++ b/puppet/modules/apache @@ -0,0 +1 @@ +Subproject commit 9f12e8635b4253955e19ed6b18d90142ed27d2f8 -- cgit v1.2.3 From 5493d362f7b3abd6c8aa9350341a551c53622604 Mon Sep 17 00:00:00 2001 From: varac Date: Sat, 3 Nov 2012 11:33:38 +0100 Subject: configure apache ssl proxy for couchdb --- puppet/modules/site-apache | 1 + .../site_apache/files/vhosts.d/couchdb_proxy.conf | 10 ++++++++++ puppet/modules/site_couchdb/files/local.ini | 10 +++++----- puppet/modules/site_couchdb/manifests/init.pp | 18 +++++++++++++----- 4 files changed, 29 insertions(+), 10 deletions(-) create mode 120000 puppet/modules/site-apache create mode 100644 puppet/modules/site_apache/files/vhosts.d/couchdb_proxy.conf (limited to 'puppet/modules') diff --git a/puppet/modules/site-apache b/puppet/modules/site-apache new file mode 120000 index 00000000..f0517fa5 --- /dev/null +++ b/puppet/modules/site-apache @@ -0,0 +1 @@ +site_apache \ No newline at end of file diff --git a/puppet/modules/site_apache/files/vhosts.d/couchdb_proxy.conf b/puppet/modules/site_apache/files/vhosts.d/couchdb_proxy.conf new file mode 100644 index 00000000..79ad931d --- /dev/null +++ b/puppet/modules/site_apache/files/vhosts.d/couchdb_proxy.conf @@ -0,0 +1,10 @@ +Listen 0.0.0.0:6984 + + + SSLEngine On + SSLProxyEngine On + SSLCertificateKeyFile /etc/couchdb/server_key.pem + SSLCertificateFile /etc/couchdb/server_cert.pem + ProxyPass / http://127.0.0.1:5984/ + ProxyPassReverse / http://127.0.0.1:5984/ + diff --git a/puppet/modules/site_couchdb/files/local.ini b/puppet/modules/site_couchdb/files/local.ini index 79dd112e..485c9a29 100644 --- a/puppet/modules/site_couchdb/files/local.ini +++ b/puppet/modules/site_couchdb/files/local.ini @@ -46,14 +46,14 @@ [daemons] ; enable SSL support by uncommenting the following line and supply the PEM's below. ; the default ssl port CouchDB listens on is 6984 -httpsd = {couch_httpd, start_link, [https]} +;httpsd = {couch_httpd, start_link, [https]} [ssl] -cert_file = /etc/couchdb/server_cert.pem -key_file = /etc/couchdb/server_key.pem +;cert_file = /etc/couchdb/server_cert.pem +;key_file = /etc/couchdb/server_key.pem ;password = somepassword ; set to true to validate peer certificates -verify_ssl_certificates = false +;verify_ssl_certificates = false ; Path to file containing PEM encoded CA certificates (trusted ; certificates used for verifying a peer certificate). May be omitted if ; you do not want to verify the peer. @@ -61,7 +61,7 @@ verify_ssl_certificates = false ; The verification fun (optionnal) if not specidied, the default ; verification fun will be used. ;verify_fun = {Module, VerifyFun} -ssl_certificate_max_depth = 1 +;ssl_certificate_max_depth = 1 ; To enable Virtual Hosts in CouchDB, add a vhost = path directive. All requests to ; the Virual Host will be redirected to the path. In the example below all requests ; to http://example.com/ are redirected to /database. diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index e3f5e59f..b296279c 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -9,11 +9,19 @@ class site_couchdb { include site_couchdb::package include site_couchdb::configure + include couchdb::deploy_config - couchdb::ssl::deploy_cert { 'cert': - key => $key, - cert => $cert, - } - include couchdb::deploy_config + #couchdb::ssl::deploy_cert { 'cert': + # key => $key, + # cert => $cert, + #} + + include apache::ssl + apache::module { + 'rewrite': ensure => present; + 'proxy': ensure => present; + 'proxy_http': ensure => present; + } + apache::vhost::file { 'couchdb_proxy': } } -- cgit v1.2.3 From 5981a73edce0a64f26bb8abb799c180b856abbbd Mon Sep 17 00:00:00 2001 From: varac Date: Sat, 3 Nov 2012 11:43:58 +0100 Subject: overwrite /etc/apache2/ports.conf so 0-default.conf and 0-default_ssl.conf don't start on port 80/443 --- puppet/modules/site_couchdb/manifests/init.pp | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) (limited to 'puppet/modules') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index b296279c..4c923b35 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -16,12 +16,20 @@ class site_couchdb { # key => $key, # cert => $cert, #} - + include apache::ssl - apache::module { - 'rewrite': ensure => present; - 'proxy': ensure => present; - 'proxy_http': ensure => present; - } + apache::module { + 'rewrite': ensure => present; + 'proxy': ensure => present; + 'proxy_http': ensure => present; + } apache::vhost::file { 'couchdb_proxy': } + # prevent 0-default.conf and 0-default_ssl.conf from apache module + # from starting on port 80 / 443 + file { '/etc/apache2/ports.conf': + content => '', + mode => '0644', + owner => 'root', + group => 'root', + } } -- cgit v1.2.3 From b7d3bd9c119ce70f1823ffd06567a127c390c4f0 Mon Sep 17 00:00:00 2001 From: varac Date: Sat, 3 Nov 2012 12:16:22 +0100 Subject: deploy server_cert.pem + server_key.pem, notify apache --- puppet/modules/site_couchdb/manifests/init.pp | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) (limited to 'puppet/modules') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 4c923b35..04b46bf6 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -11,12 +11,6 @@ class site_couchdb { include site_couchdb::configure include couchdb::deploy_config - - #couchdb::ssl::deploy_cert { 'cert': - # key => $key, - # cert => $cert, - #} - include apache::ssl apache::module { 'rewrite': ensure => present; @@ -32,4 +26,21 @@ class site_couchdb { owner => 'root', group => 'root', } + + file { '/etc/couchdb/server_cert.pem': + mode => '0644', + owner => 'couchdb', + group => 'couchdb', + content => $cert, + notify => Service[apache], + } + + file { '/etc/couchdb/server_key.pem': + mode => '0600', + owner => 'couchdb', + group => 'couchdb', + content => $key, + notify => Service[apache], + } + } -- cgit v1.2.3 From 995bde9b3c1c54b70b5884e2d06534a5cf38d654 Mon Sep 17 00:00:00 2001 From: varac Date: Sat, 3 Nov 2012 21:34:54 +0100 Subject: query hiera adminpw in site_couchdb --- puppet/modules/site_couchdb/manifests/configure.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules') diff --git a/puppet/modules/site_couchdb/manifests/configure.pp b/puppet/modules/site_couchdb/manifests/configure.pp index 0d0eb24f..3adce785 100644 --- a/puppet/modules/site_couchdb/manifests/configure.pp +++ b/puppet/modules/site_couchdb/manifests/configure.pp @@ -5,7 +5,7 @@ class site_couchdb::configure { require => Class['site_couchdb::package'], } - $adminpw = hiera('couchdb_adminpw') + $adminpw = $site_couchdb::adminpw file { '/etc/couchdb/local.d/admin.ini': content => "[admins] admin = $adminpw -- cgit v1.2.3 From 8f0ea9039310a348ade5e1e5637aa62fce01579f Mon Sep 17 00:00:00 2001 From: varac Date: Sat, 3 Nov 2012 21:44:12 +0100 Subject: install apache_ssl_proxy, add users, create DBs + security roles --- puppet/modules/site_couchdb/manifests/init.pp | 58 ++++++++++++++------------- 1 file changed, 30 insertions(+), 28 deletions(-) (limited to 'puppet/modules') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 04b46bf6..26e5cdfd 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -1,8 +1,16 @@ class site_couchdb { - $x509 = hiera('x509') - $key = $x509['key'] - $cert = $x509['cert'] + $x509 = hiera('x509') + $key = $x509['key'] + $cert = $x509['cert'] + $adminpw = hiera('couchdb_adminpw') + $couchdb_leap_web_user = hiera('couchdb_leap_web_user') + $couchdb_leap_web_username = $couchdb_leap_web_user['user'] + $couchdb_leap_web_pw = $couchdb_leap_web_user['pw'] + $couchdb_leap_ca_user = hiera('couchdb_leap_ca_user') + $couchdb_leap_ca_username = $couchdb_leap_ca_user['user'] + $couchdb_leap_ca_pw = $couchdb_leap_ca_user['pw'] + $couchdb_host = "admin:$adminpw@127.0.0.1:5984" # install couchdb package first, then configure it Class['site_couchdb::package'] -> Class['site_couchdb::configure'] @@ -11,36 +19,30 @@ class site_couchdb { include site_couchdb::configure include couchdb::deploy_config - include apache::ssl - apache::module { - 'rewrite': ensure => present; - 'proxy': ensure => present; - 'proxy_http': ensure => present; + site_couchdb::apache_ssl_proxy { 'apache_ssl_proxy': + key => $key, + cert => $cert } - apache::vhost::file { 'couchdb_proxy': } - # prevent 0-default.conf and 0-default_ssl.conf from apache module - # from starting on port 80 / 443 - file { '/etc/apache2/ports.conf': - content => '', - mode => '0644', - owner => 'root', - group => 'root', + + couchdb::add_user { $couchdb_leap_web_username: + host => $couchdb_host, + roles => '["certs"]', + pw => $couchdb_leap_web_pw } - file { '/etc/couchdb/server_cert.pem': - mode => '0644', - owner => 'couchdb', - group => 'couchdb', - content => $cert, - notify => Service[apache], + couchdb::add_user { $couchdb_leap_ca_username: + host => $couchdb_host, + roles => '["certs"]', + pw => $couchdb_leap_ca_pw } - file { '/etc/couchdb/server_key.pem': - mode => '0600', - owner => 'couchdb', - group => 'couchdb', - content => $key, - notify => Service[apache], + couchdb::create_db { 'leap_web': + host => $couchdb_host, + readers => "{ \"names\": [\"leap_web\"], \"roles\": [] }" } + couchdb::create_db { 'leap_ca': + host => $couchdb_host, + readers => "{ \"names\": [], \"roles\": [\"certs\"] }" + } } -- cgit v1.2.3 From a555f779fb90e5b817319eca478d517696898789 Mon Sep 17 00:00:00 2001 From: varac Date: Sat, 3 Nov 2012 21:47:42 +0100 Subject: automatic update of submodule puppet_couchdb --- puppet/modules/couchdb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules') diff --git a/puppet/modules/couchdb b/puppet/modules/couchdb index fd8c6d94..3ae28de3 160000 --- a/puppet/modules/couchdb +++ b/puppet/modules/couchdb @@ -1 +1 @@ -Subproject commit fd8c6d9481910d7ee587cbd1098346da868f5068 +Subproject commit 3ae28de3ba018d5064122dbceb31af336a090167 -- cgit v1.2.3 From b1a4e8c8b31e7b648b4eb5e7ef0e165a23a3110b Mon Sep 17 00:00:00 2001 From: varac Date: Sat, 3 Nov 2012 21:48:35 +0100 Subject: added apache_ssl_proxy.pp --- .../site_couchdb/manifests/apache_ssl_proxy.pp | 35 ++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 puppet/modules/site_couchdb/manifests/apache_ssl_proxy.pp (limited to 'puppet/modules') diff --git a/puppet/modules/site_couchdb/manifests/apache_ssl_proxy.pp b/puppet/modules/site_couchdb/manifests/apache_ssl_proxy.pp new file mode 100644 index 00000000..87b21e62 --- /dev/null +++ b/puppet/modules/site_couchdb/manifests/apache_ssl_proxy.pp @@ -0,0 +1,35 @@ +define site_couchdb::apache_ssl_proxy ($key, $cert) { + + include apache::ssl + apache::module { + 'rewrite': ensure => present; + 'proxy': ensure => present; + 'proxy_http': ensure => present; + } + apache::vhost::file { 'couchdb_proxy': } + # prevent 0-default.conf and 0-default_ssl.conf from apache module + # from starting on port 80 / 443 + file { '/etc/apache2/ports.conf': + content => '', + mode => '0644', + owner => 'root', + group => 'root', + } + + file { '/etc/couchdb/server_cert.pem': + mode => '0644', + owner => 'couchdb', + group => 'couchdb', + content => $cert, + notify => Service[apache], + } + + file { '/etc/couchdb/server_key.pem': + mode => '0600', + owner => 'couchdb', + group => 'couchdb', + content => $key, + notify => Service[apache], + } + +} -- cgit v1.2.3 From 65dd85c494580170799d3ca0746d5ef6996919f5 Mon Sep 17 00:00:00 2001 From: varac Date: Sat, 3 Nov 2012 21:51:29 +0100 Subject: automatic update of submodule puppet_couchdb --- puppet/modules/couchdb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules') diff --git a/puppet/modules/couchdb b/puppet/modules/couchdb index 3ae28de3..110fed8a 160000 --- a/puppet/modules/couchdb +++ b/puppet/modules/couchdb @@ -1 +1 @@ -Subproject commit 3ae28de3ba018d5064122dbceb31af336a090167 +Subproject commit 110fed8abd8c2d7ef4f73bd1a6d0e0f3665190cf -- cgit v1.2.3 From a58524af8a97d6c2eee8d26ccdf192fecb855fe9 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 4 Nov 2012 18:53:24 +0100 Subject: provide coustom couchdb initscript to ensure stop/restart is working --- puppet/modules/site_couchdb/files/couchdb | 160 ++++++++++++++++++++++++++++++ 1 file changed, 160 insertions(+) create mode 100755 puppet/modules/site_couchdb/files/couchdb (limited to 'puppet/modules') diff --git a/puppet/modules/site_couchdb/files/couchdb b/puppet/modules/site_couchdb/files/couchdb new file mode 100755 index 00000000..ccdfe716 --- /dev/null +++ b/puppet/modules/site_couchdb/files/couchdb @@ -0,0 +1,160 @@ +#!/bin/sh -e + +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +### BEGIN INIT INFO +# Provides: couchdb +# Required-Start: $local_fs $remote_fs +# Required-Stop: $local_fs $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Apache CouchDB init script +# Description: Apache CouchDB init script for the database server. +### END INIT INFO + +SCRIPT_OK=0 +SCRIPT_ERROR=1 + +DESCRIPTION="database server" +NAME=couchdb +SCRIPT_NAME=`basename $0` +COUCHDB=/usr/bin/couchdb +CONFIGURATION_FILE=/etc/default/couchdb +RUN_DIR=/var/run/couchdb +LSB_LIBRARY=/lib/lsb/init-functions + +if test ! -x $COUCHDB; then + exit $SCRIPT_ERROR +fi + +if test -r $CONFIGURATION_FILE; then + . $CONFIGURATION_FILE +fi + +log_daemon_msg () { + # Dummy function to be replaced by LSB library. + + echo $@ +} + +log_end_msg () { + # Dummy function to be replaced by LSB library. + + if test "$1" != "0"; then + echo "Error with $DESCRIPTION: $NAME" + fi + return $1 +} + +if test -r $LSB_LIBRARY; then + . $LSB_LIBRARY +fi + +run_command () { + command="$1" + if test -n "$COUCHDB_OPTIONS"; then + command="$command $COUCHDB_OPTIONS" + fi + if test -n "$COUCHDB_USER"; then + if su $COUCHDB_USER -c "$command"; then + return $SCRIPT_OK + else + return $SCRIPT_ERROR + fi + else + if $command; then + return $SCRIPT_OK + else + return $SCRIPT_ERROR + fi + fi +} + +start_couchdb () { + # Start Apache CouchDB as a background process. + + mkdir -p "$RUN_DIR" + chown -R "$COUCHDB_USER" "$RUN_DIR" + command="$COUCHDB -b" + if test -n "$COUCHDB_STDOUT_FILE"; then + command="$command -o $COUCHDB_STDOUT_FILE" + fi + if test -n "$COUCHDB_STDERR_FILE"; then + command="$command -e $COUCHDB_STDERR_FILE" + fi + if test -n "$COUCHDB_RESPAWN_TIMEOUT"; then + command="$command -r $COUCHDB_RESPAWN_TIMEOUT" + fi + run_command "$command" > /dev/null +} + +stop_couchdb () { + # Stop the running Apache CouchDB process. + + run_command "$COUCHDB -d" > /dev/null + pkill -u couchdb + # always return true even if no remaining couchdb procs got killed + /bin/true +} + +display_status () { + # Display the status of the running Apache CouchDB process. + + run_command "$COUCHDB -s" +} + +parse_script_option_list () { + # Parse arguments passed to the script and take appropriate action. + + case "$1" in + start) + log_daemon_msg "Starting $DESCRIPTION" $NAME + if start_couchdb; then + log_end_msg $SCRIPT_OK + else + log_end_msg $SCRIPT_ERROR + fi + ;; + stop) + log_daemon_msg "Stopping $DESCRIPTION" $NAME + if stop_couchdb; then + log_end_msg $SCRIPT_OK + else + log_end_msg $SCRIPT_ERROR + fi + ;; + restart|force-reload) + log_daemon_msg "Restarting $DESCRIPTION" $NAME + if stop_couchdb; then + if start_couchdb; then + log_end_msg $SCRIPT_OK + else + log_end_msg $SCRIPT_ERROR + fi + else + log_end_msg $SCRIPT_ERROR + fi + ;; + status) + display_status + ;; + *) + cat << EOF >&2 +Usage: $SCRIPT_NAME {start|stop|restart|force-reload|status} +EOF + exit $SCRIPT_ERROR + ;; + esac +} + +parse_script_option_list $@ -- cgit v1.2.3 From 0a3fdfff7bd8c11d6099f23aef505fbd5333ba99 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 4 Nov 2012 20:45:53 +0100 Subject: deploy couchdb initscript, restart couchdb after config file change --- puppet/modules/site_couchdb/manifests/configure.pp | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) (limited to 'puppet/modules') diff --git a/puppet/modules/site_couchdb/manifests/configure.pp b/puppet/modules/site_couchdb/manifests/configure.pp index 3adce785..4343cc2b 100644 --- a/puppet/modules/site_couchdb/manifests/configure.pp +++ b/puppet/modules/site_couchdb/manifests/configure.pp @@ -2,10 +2,17 @@ class site_couchdb::configure { Class[site_couchdb::package] -> Class[couchdb] class { 'couchdb': - require => Class['site_couchdb::package'], + require => Class['site_couchdb::package'], } + + + file { '/etc/init.d/couchdb': + source => 'puppet:///modules/site_couchdb/couchdb', + mode => '0755', + owner => 'root', + group => 'root', } - $adminpw = $site_couchdb::adminpw + $adminpw = $site_couchdb::adminpw file { '/etc/couchdb/local.d/admin.ini': content => "[admins] admin = $adminpw @@ -15,4 +22,12 @@ admin = $adminpw group => 'couchdb', notify => Service[couchdb] } + + + exec { '/etc/init.d/couchdb restart; sleep 3': + path => ['/bin', '/usr/bin',], + subscribe => File['/etc/couchdb/local.d/admin.ini', + '/etc/couchdb/local.ini'], + refreshonly => true + } } -- cgit v1.2.3 From 41a10e2475d056a621964f17757b28581661b053 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 4 Nov 2012 20:47:25 +0100 Subject: working resource relationships for deployment --- puppet/modules/site_couchdb/manifests/init.pp | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'puppet/modules') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index 26e5cdfd..e4d97e34 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -12,8 +12,16 @@ class site_couchdb { $couchdb_leap_ca_pw = $couchdb_leap_ca_user['pw'] $couchdb_host = "admin:$adminpw@127.0.0.1:5984" - # install couchdb package first, then configure it - Class['site_couchdb::package'] -> Class['site_couchdb::configure'] + Class['site_couchdb::package'] + -> Package ['couchdb'] + -> File['/etc/init.d/couchdb'] + -> File['/etc/couchdb/local.ini'] + -> File['/etc/couchdb/local.d/admin.ini'] + -> Couchdb::Create_db[leap_web] + -> Couchdb::Create_db[leap_ca] + -> Couchdb::Add_user[leap_web] + -> Couchdb::Add_user[leap_ca] + -> Site_couchdb::Apache_ssl_proxy['apache_ssl_proxy'] include site_couchdb::package include site_couchdb::configure -- cgit v1.2.3 From a2bd420ac47ac7292204d3b9af191b29ca878e74 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 4 Nov 2012 20:53:43 +0100 Subject: changed submodule remote for apache to use leap one --- puppet/modules/apache | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules') diff --git a/puppet/modules/apache b/puppet/modules/apache index 9f12e863..a2874ab6 160000 --- a/puppet/modules/apache +++ b/puppet/modules/apache @@ -1 +1 @@ -Subproject commit 9f12e8635b4253955e19ed6b18d90142ed27d2f8 +Subproject commit a2874ab6b1bab2c0a75ad9c62a77490d37846e0f -- cgit v1.2.3 From 5bfc45558090fe41085f9db29e32b4515626cc6e Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 4 Nov 2012 21:16:31 +0100 Subject: automatic update of submodule puppet_apache --- puppet/modules/apache | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules') diff --git a/puppet/modules/apache b/puppet/modules/apache index a2874ab6..9eea95a3 160000 --- a/puppet/modules/apache +++ b/puppet/modules/apache @@ -1 +1 @@ -Subproject commit a2874ab6b1bab2c0a75ad9c62a77490d37846e0f +Subproject commit 9eea95a38b9c03d9d769de2f9cc2e2820e3d4cb3 -- cgit v1.2.3 From 0fdf251c78891cee9a95f93954a43876d0399be6 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 4 Nov 2012 21:30:37 +0100 Subject: automatic update of submodule puppet_apache --- puppet/modules/apache | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules') diff --git a/puppet/modules/apache b/puppet/modules/apache index 9eea95a3..104b2e09 160000 --- a/puppet/modules/apache +++ b/puppet/modules/apache @@ -1 +1 @@ -Subproject commit 9eea95a38b9c03d9d769de2f9cc2e2820e3d4cb3 +Subproject commit 104b2e09399e02a8aa9687df0de795644e4b83e0 -- cgit v1.2.3 From 561ea1c6dace320455990b880d8a7da421fcb8bc Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 6 Nov 2012 10:36:18 +0100 Subject: sleep some more after couchdb restart, adopt new hiera creditials --- puppet/modules/site_couchdb/manifests/configure.pp | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'puppet/modules') diff --git a/puppet/modules/site_couchdb/manifests/configure.pp b/puppet/modules/site_couchdb/manifests/configure.pp index 4343cc2b..25ea7a0b 100644 --- a/puppet/modules/site_couchdb/manifests/configure.pp +++ b/puppet/modules/site_couchdb/manifests/configure.pp @@ -12,10 +12,9 @@ class site_couchdb::configure { group => 'root', } - $adminpw = $site_couchdb::adminpw file { '/etc/couchdb/local.d/admin.ini': content => "[admins] -admin = $adminpw +admin = $site_couchdb::couchdb_admin_pw ", mode => '0600', owner => 'couchdb', @@ -24,7 +23,7 @@ admin = $adminpw } - exec { '/etc/init.d/couchdb restart; sleep 3': + exec { '/etc/init.d/couchdb restart; sleep 6': path => ['/bin', '/usr/bin',], subscribe => File['/etc/couchdb/local.d/admin.ini', '/etc/couchdb/local.ini'], -- cgit v1.2.3 From a5b8f30cdb68997e523c0f9fac65d894acddf40f Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 6 Nov 2012 10:36:45 +0100 Subject: adopt new hiera creditials --- puppet/modules/site_couchdb/manifests/init.pp | 51 +++++++++++++++------------ 1 file changed, 29 insertions(+), 22 deletions(-) (limited to 'puppet/modules') diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp index e4d97e34..30ce7f54 100644 --- a/puppet/modules/site_couchdb/manifests/init.pp +++ b/puppet/modules/site_couchdb/manifests/init.pp @@ -1,28 +1,33 @@ class site_couchdb { - $x509 = hiera('x509') - $key = $x509['key'] - $cert = $x509['cert'] - $adminpw = hiera('couchdb_adminpw') - $couchdb_leap_web_user = hiera('couchdb_leap_web_user') - $couchdb_leap_web_username = $couchdb_leap_web_user['user'] - $couchdb_leap_web_pw = $couchdb_leap_web_user['pw'] - $couchdb_leap_ca_user = hiera('couchdb_leap_ca_user') - $couchdb_leap_ca_username = $couchdb_leap_ca_user['user'] - $couchdb_leap_ca_pw = $couchdb_leap_ca_user['pw'] - $couchdb_host = "admin:$adminpw@127.0.0.1:5984" + $x509 = hiera('x509') + $key = $x509['key'] + $cert = $x509['cert'] + $couchdb_config = hiera('couch') + $couchdb_users = $couchdb_config['users'] + $couchdb_admin = $couchdb_users['admin'] + $couchdb_admin_user = $couchdb_admin['username'] + $couchdb_admin_pw = $couchdb_admin['password'] + $couchdb_webapp = $couchdb_users['webapp'] + $couchdb_webapp_user = $couchdb_webapp['username'] + $couchdb_webapp_pw = $couchdb_webapp['password'] + $couchdb_ca_daemon = $couchdb_users['ca_daemon'] + $couchdb_ca_daemon_user = $couchdb_ca_daemon['username'] + $couchdb_ca_daemon_pw = $couchdb_ca_daemon['password'] Class['site_couchdb::package'] -> Package ['couchdb'] -> File['/etc/init.d/couchdb'] -> File['/etc/couchdb/local.ini'] -> File['/etc/couchdb/local.d/admin.ini'] + -> File['/etc/couchdb/couchdb.netrc'] -> Couchdb::Create_db[leap_web] -> Couchdb::Create_db[leap_ca] - -> Couchdb::Add_user[leap_web] - -> Couchdb::Add_user[leap_ca] + -> Couchdb::Add_user[$couchdb_webapp_user] + -> Couchdb::Add_user[$couchdb_ca_daemon_user] -> Site_couchdb::Apache_ssl_proxy['apache_ssl_proxy'] + # Setup couchdb include site_couchdb::package include site_couchdb::configure include couchdb::deploy_config @@ -32,25 +37,27 @@ class site_couchdb { cert => $cert } - couchdb::add_user { $couchdb_leap_web_username: - host => $couchdb_host, + couchdb::query::setup { 'localhost': + user => $couchdb_admin_user, + pw => $couchdb_admin_pw + } + + # Populate couchdb + couchdb::add_user { $couchdb_webapp_user: roles => '["certs"]', - pw => $couchdb_leap_web_pw + pw => $couchdb_webapp_pw } - couchdb::add_user { $couchdb_leap_ca_username: - host => $couchdb_host, + couchdb::add_user { $couchdb_ca_daemon_user: roles => '["certs"]', - pw => $couchdb_leap_ca_pw + pw => $couchdb_ca_daemon_pw } couchdb::create_db { 'leap_web': - host => $couchdb_host, - readers => "{ \"names\": [\"leap_web\"], \"roles\": [] }" + readers => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }" } couchdb::create_db { 'leap_ca': - host => $couchdb_host, readers => "{ \"names\": [], \"roles\": [\"certs\"] }" } } -- cgit v1.2.3 From 7ca4f22e4cd76d986fece61674f487809d1369c6 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 6 Nov 2012 10:39:27 +0100 Subject: automatic update of submodule puppet_couchdb --- puppet/modules/couchdb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules') diff --git a/puppet/modules/couchdb b/puppet/modules/couchdb index 110fed8a..b598e7d2 160000 --- a/puppet/modules/couchdb +++ b/puppet/modules/couchdb @@ -1 +1 @@ -Subproject commit 110fed8abd8c2d7ef4f73bd1a6d0e0f3665190cf +Subproject commit b598e7d2a4be7ee863ae70450a73bfcda381634e -- cgit v1.2.3