1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
class site_couchdb {
tag 'leap_service'
$x509 = hiera('x509')
$key = $x509['key']
$cert = $x509['cert']
$ca = $x509['ca_cert']
$couchdb_config = hiera('couch')
$couchdb_users = $couchdb_config['users']
$couchdb_admin = $couchdb_users['admin']
$couchdb_admin_user = $couchdb_admin['username']
$couchdb_admin_pw = $couchdb_admin['password']
$couchdb_admin_salt = $couchdb_admin['salt']
$couchdb_webapp = $couchdb_users['webapp']
$couchdb_webapp_user = $couchdb_webapp['username']
$couchdb_webapp_pw = $couchdb_webapp['password']
$couchdb_webapp_salt = $couchdb_webapp['salt']
$couchdb_soledad = $couchdb_users['soledad']
$couchdb_soledad_user = $couchdb_soledad['username']
$couchdb_soledad_pw = $couchdb_soledad['password']
$couchdb_soledad_salt = $couchdb_soledad['salt']
$bigcouch_config = $couchdb_config['bigcouch']
$bigcouch_cookie = $bigcouch_config['cookie']
$ednp_port = $bigcouch_config['ednp_port']
class { 'couchdb':
bigcouch => true,
admin_pw => $couchdb_admin_pw,
admin_salt => $couchdb_admin_salt,
bigcouch_cookie => $bigcouch_cookie,
ednp_port => $ednp_port
}
class { 'couchdb::bigcouch::package::cloudant': }
Class ['couchdb::bigcouch::package::cloudant']
-> Service ['couchdb']
-> Class ['site_couchdb::bigcouch::add_nodes']
-> Couchdb::Create_db['users']
-> Couchdb::Create_db['tokens']
-> Couchdb::Add_user[$couchdb_webapp_user]
-> Couchdb::Add_user[$couchdb_soledad_user]
class { 'site_couchdb::stunnel':
key => $key,
cert => $cert,
ca => $ca
}
class { 'site_couchdb::bigcouch::add_nodes': }
couchdb::query::setup { 'localhost':
user => $couchdb_admin_user,
pw => $couchdb_admin_pw,
}
# Populate couchdb
couchdb::add_user { $couchdb_webapp_user:
roles => '["auth"]',
pw => $couchdb_webapp_pw,
salt => $couchdb_webapp_salt,
require => Couchdb::Query::Setup['localhost']
}
couchdb::add_user { $couchdb_soledad_user:
roles => '["auth"]',
pw => $couchdb_soledad_pw,
salt => $couchdb_soledad_salt,
require => Couchdb::Query::Setup['localhost']
}
couchdb::create_db { 'users':
readers => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }",
require => Couchdb::Query::Setup['localhost']
}
couchdb::create_db { 'tokens':
readers => "{ \"names\": [], \"roles\": [\"auth\"] }",
require => Couchdb::Query::Setup['localhost']
}
couchdb::create_db { 'sessions':
readers => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }",
require => Couchdb::Query::Setup['localhost']
}
couchdb::create_db { 'tickets':
readers => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }",
require => Couchdb::Query::Setup['localhost']
}
# leap_mx will want access to this. Granting access to the soledad user
# via the auth group for now.
# leap_mx could use that for a start.
couchdb::create_db { 'identities':
readers => "{ \"names\": [], \"roles\": [\"auth\"] }",
require => Couchdb::Query::Setup['localhost']
}
include site_couchdb::logrotate
include site_shorewall::couchdb
include site_shorewall::couchdb::bigcouch
}
|