summaryrefslogtreecommitdiff
path: root/puppet/modules/site_couchdb/manifests/init.pp
blob: 43abd616eb86c723c14c677665bc70e430b2d1d2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
class site_couchdb {
  tag 'leap_service'

  $x509                   = hiera('x509')
  $key                    = $x509['key']
  $cert                   = $x509['cert']
  $ca                     = $x509['ca_cert']

  $couchdb_config         = hiera('couch')
  $couchdb_users          = $couchdb_config['users']
  $couchdb_admin          = $couchdb_users['admin']
  $couchdb_admin_user     = $couchdb_admin['username']
  $couchdb_admin_pw       = $couchdb_admin['password']
  $couchdb_admin_salt     = $couchdb_admin['salt']
  $couchdb_webapp         = $couchdb_users['webapp']
  $couchdb_webapp_user    = $couchdb_webapp['username']
  $couchdb_webapp_pw      = $couchdb_webapp['password']
  $couchdb_webapp_salt    = $couchdb_webapp['salt']
  $couchdb_soledad        = $couchdb_users['soledad']
  $couchdb_soledad_user   = $couchdb_soledad['username']
  $couchdb_soledad_pw     = $couchdb_soledad['password']
  $couchdb_soledad_salt   = $couchdb_soledad['salt']

  $bigcouch_config        = $couchdb_config['bigcouch']
  $bigcouch_cookie        = $bigcouch_config['cookie']

  $ednp_port              = $bigcouch_config['ednp_port']

  class { 'couchdb':
    bigcouch        => true,
    admin_pw        => $couchdb_admin_pw,
    admin_salt      => $couchdb_admin_salt,
    bigcouch_cookie => $bigcouch_cookie,
    ednp_port       => $ednp_port
  }

  class { 'couchdb::bigcouch::package::cloudant': }

  Class ['couchdb::bigcouch::package::cloudant']
    -> Service ['couchdb']
    -> Class ['site_couchdb::bigcouch::add_nodes']
    -> Couchdb::Create_db['users']
    -> Couchdb::Create_db['tokens']
    -> Couchdb::Add_user[$couchdb_webapp_user]
    -> Couchdb::Add_user[$couchdb_soledad_user]

  class { 'site_couchdb::stunnel':
    key  => $key,
    cert => $cert,
    ca   => $ca
  }

  class { 'site_couchdb::bigcouch::add_nodes': }

  couchdb::query::setup { 'localhost':
    user  => $couchdb_admin_user,
    pw    => $couchdb_admin_pw,
  }

  # Populate couchdb
  couchdb::add_user { $couchdb_webapp_user:
    roles   => '["auth"]',
    pw      => $couchdb_webapp_pw,
    salt    => $couchdb_webapp_salt,
    require => Couchdb::Query::Setup['localhost']
  }

  couchdb::add_user { $couchdb_soledad_user:
    roles   => '["auth"]',
    pw      => $couchdb_soledad_pw,
    salt    => $couchdb_soledad_salt,
    require => Couchdb::Query::Setup['localhost']
  }

  couchdb::create_db { 'users':
    readers => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }",
    require => Couchdb::Query::Setup['localhost']
  }

  couchdb::create_db { 'tokens':
    readers => "{ \"names\": [], \"roles\": [\"auth\"] }",
    require => Couchdb::Query::Setup['localhost']
  }

  couchdb::create_db { 'sessions':
    readers => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }",
    require => Couchdb::Query::Setup['localhost']
  }

  couchdb::create_db { 'tickets':
    readers => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }",
    require => Couchdb::Query::Setup['localhost']
  }

  # leap_mx will want access to this. Granting access to the soledad user
  # via the auth group for now.
  # leap_mx could use that for a start.
  couchdb::create_db { 'identities':
    readers => "{ \"names\": [], \"roles\": [\"auth\"] }",
    require => Couchdb::Query::Setup['localhost']
  }

  include site_couchdb::logrotate

  include site_shorewall::couchdb
  include site_shorewall::couchdb::bigcouch
}