puppet/modules/site_couchdb/manifests/init.pp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

class site_couchdb ( $bigcouch = false ) {
  tag 'leap_service'

  $x509                   = hiera('x509')
  $key                    = $x509['key']
  $cert                   = $x509['cert']
  $ca                     = $x509['ca_cert']
  $couchdb_config         = hiera('couch')
  $couchdb_users          = $couchdb_config['users']
  $couchdb_admin          = $couchdb_users['admin']
  $couchdb_admin_user     = $couchdb_admin['username']
  $couchdb_admin_pw       = $couchdb_admin['password']
  $couchdb_webapp         = $couchdb_users['webapp']
  $couchdb_webapp_user    = $couchdb_webapp['username']
  $couchdb_webapp_pw      = $couchdb_webapp['password']
  $couchdb_ca_daemon      = $couchdb_users['ca_daemon']
  $couchdb_ca_daemon_user = $couchdb_ca_daemon['username']
  $couchdb_ca_daemon_pw   = $couchdb_ca_daemon['password']
  $bigcouch_config        = $couchdb_config['bigcouch']
  $bigcouch_cookie        = $bigcouch_config['cookie']

  class {'couchdb':
    bigcouch        => $bigcouch,
    admin_pw        => $couchdb_admin_pw,
    bigcouch_cookie => $bigcouch_cookie
  }
  include couchdb::bigcouch::package::cloudant

  Service ['couchdb']
    -> Couchdb::Create_db['users']
    -> Couchdb::Create_db['client_certificates']
    -> Couchdb::Add_user[$couchdb_webapp_user]
    -> Couchdb::Add_user[$couchdb_ca_daemon_user]

  # this is here to disable and remove the proxy
  include site_couchdb::apache_ssl_proxy

  # the above apache_ssl_proxy is replaced by the following stunnel
  class { 'site_couchdb::stunnel':
    key  => $key,
    cert => $cert,
    ca   => $ca
  }

  couchdb::query::setup { 'localhost':
    user  => $couchdb_admin_user,
    pw    => $couchdb_admin_pw
  }

  # Populate couchdb
  couchdb::add_user { $couchdb_webapp_user:
    roles => '["certs"]',
    pw    => $couchdb_webapp_pw
  }

  couchdb::add_user { $couchdb_ca_daemon_user:
    roles => '["certs"]',
    pw    => $couchdb_ca_daemon_pw
  }

  couchdb::create_db { 'users':
    readers => "{ \"names\": [\"$couchdb_webapp_user\"], \"roles\": [] }"
  }

  couchdb::create_db { 'client_certificates':
    readers => "{ \"names\": [], \"roles\": [\"certs\"] }"
  }

  include site_shorewall::couchdb
  include site_shorewall::couchdb::bigcouch
}