From 8f0ea9039310a348ade5e1e5637aa62fce01579f Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Sat, 3 Nov 2012 21:44:12 +0100
Subject: install apache_ssl_proxy, add users, create DBs + security roles

---
 puppet/modules/site_couchdb/manifests/init.pp | 58 ++++++++++++++-------------
 1 file changed, 30 insertions(+), 28 deletions(-)

(limited to 'puppet')

diff --git a/puppet/modules/site_couchdb/manifests/init.pp b/puppet/modules/site_couchdb/manifests/init.pp
index 04b46bf6..26e5cdfd 100644
--- a/puppet/modules/site_couchdb/manifests/init.pp
+++ b/puppet/modules/site_couchdb/manifests/init.pp
@@ -1,8 +1,16 @@
 class site_couchdb {
 
-  $x509 = hiera('x509')
-  $key  = $x509['key']
-  $cert = $x509['cert']
+  $x509                       = hiera('x509')
+  $key                        = $x509['key']
+  $cert                       = $x509['cert']
+  $adminpw                    = hiera('couchdb_adminpw')
+  $couchdb_leap_web_user      = hiera('couchdb_leap_web_user')
+  $couchdb_leap_web_username  = $couchdb_leap_web_user['user']
+  $couchdb_leap_web_pw        = $couchdb_leap_web_user['pw']
+  $couchdb_leap_ca_user       = hiera('couchdb_leap_ca_user')
+  $couchdb_leap_ca_username   = $couchdb_leap_ca_user['user']
+  $couchdb_leap_ca_pw         = $couchdb_leap_ca_user['pw']
+  $couchdb_host               = "admin:$adminpw@127.0.0.1:5984"
 
   # install couchdb package first, then configure it
   Class['site_couchdb::package'] -> Class['site_couchdb::configure']
@@ -11,36 +19,30 @@ class site_couchdb {
   include site_couchdb::configure
   include couchdb::deploy_config
 
-  include apache::ssl
-  apache::module {
-    'rewrite':      ensure => present;
-    'proxy':        ensure => present;
-    'proxy_http':   ensure => present;
+  site_couchdb::apache_ssl_proxy { 'apache_ssl_proxy':
+    key   => $key,
+    cert  => $cert
   }
-  apache::vhost::file { 'couchdb_proxy': }
-  # prevent 0-default.conf and 0-default_ssl.conf from apache module
-  # from starting on port 80 / 443
-  file { '/etc/apache2/ports.conf':
-    content => '',
-    mode    => '0644',
-    owner   => 'root',
-    group   => 'root',
+
+  couchdb::add_user { $couchdb_leap_web_username:
+    host  => $couchdb_host,
+    roles => '["certs"]',
+    pw    => $couchdb_leap_web_pw
   }
 
-  file { '/etc/couchdb/server_cert.pem':
-    mode    => '0644',
-    owner   => 'couchdb',
-    group   => 'couchdb',
-    content => $cert,
-    notify  => Service[apache],
+  couchdb::add_user { $couchdb_leap_ca_username:
+    host  => $couchdb_host,
+    roles => '["certs"]',
+    pw    => $couchdb_leap_ca_pw
   }
 
-  file { '/etc/couchdb/server_key.pem':
-    mode    => '0600',
-    owner   => 'couchdb',
-    group   => 'couchdb',
-    content => $key,
-    notify  => Service[apache],
+  couchdb::create_db { 'leap_web':
+    host    => $couchdb_host,
+    readers => "{ \"names\": [\"leap_web\"], \"roles\": [] }"
   }
 
+  couchdb::create_db { 'leap_ca':
+    host    => $couchdb_host,
+    readers => "{ \"names\": [], \"roles\": [\"certs\"] }"
+  }
 }
-- 
cgit v1.2.3