diff options
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/add_user.pp | 16 | ||||
-rw-r--r-- | manifests/conf.pp | 0 | ||||
-rw-r--r-- | manifests/create_db.pp | 20 | ||||
-rw-r--r-- | manifests/deploy_config.pp | 11 | ||||
-rw-r--r-- | manifests/params.pp | 5 | ||||
-rw-r--r-- | manifests/query.pp | 3 | ||||
-rw-r--r-- | manifests/query/setup.pp | 8 | ||||
-rw-r--r-- | manifests/ssl/deploy_cert.pp | 28 | ||||
-rw-r--r-- | manifests/ssl/generate_cert.pp | 26 | ||||
-rw-r--r-- | manifests/update.pp | 3 |
10 files changed, 120 insertions, 0 deletions
diff --git a/manifests/add_user.pp b/manifests/add_user.pp new file mode 100644 index 0000000..560a6a8 --- /dev/null +++ b/manifests/add_user.pp @@ -0,0 +1,16 @@ +define couchdb::add_user ($host='127.0.0.1:5984', $roles, $pw ) { + couchdb::query { "create_user_$name": + cmd => 'PUT', + host => $host, + url => "_users/org.couchdb.user:$name", + data => "{ \"_id\": \"org.couchdb.user:$name\", \"type\": \"user\", \"name\": \"$name\", \"roles\": $roles, \"password\": \"$pw\"}", + } + # + # couchdb::update { "update_user_$name": + # db => "_users", + # id => "org.couchdb.user:$name", + # data => "{\"type\": \"user\", \"name\": \"$name\", \"roles\": $roles, \"password\": \"$pw\"}", + # } + # +} + diff --git a/manifests/conf.pp b/manifests/conf.pp new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/manifests/conf.pp diff --git a/manifests/create_db.pp b/manifests/create_db.pp new file mode 100644 index 0000000..c7832be --- /dev/null +++ b/manifests/create_db.pp @@ -0,0 +1,20 @@ +define couchdb::create_db ($host='127.0.0.1:5984', + $admins="{\"names\": [], \"roles\": [] }", + $readers="{\"names\": [], \"roles\": [] }") { + + Couchdb::Query["create_db_$name"] -> Couchdb::Query["db_security_${name}"] + + couchdb::query { "create_db_$name": + cmd => 'PUT', + host => $host, + url => $name, + } + + couchdb::query { "db_security_${name}": + cmd => 'PUT', + host => $host, + url => "$name/_security", + data => "{ \"admins\": $admins, \"readers\": $readers }" + } + +} diff --git a/manifests/deploy_config.pp b/manifests/deploy_config.pp new file mode 100644 index 0000000..4070221 --- /dev/null +++ b/manifests/deploy_config.pp @@ -0,0 +1,11 @@ +class couchdb::deploy_config { + file { '/etc/couchdb/local.ini': + source => [ "puppet:///modules/site_couchdb/${::fqdn}/local.ini", + 'puppet:///modules/site_couchdb/local.ini', + 'puppet:///modules/couchdb/local.ini' ], + notify => Service[couchdb], + owner => couchdb, + group => couchdb, + mode => '0660' + } +} diff --git a/manifests/params.pp b/manifests/params.pp index 6637547..8993282 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -15,4 +15,9 @@ class couchdb::params { default => $couchdb_backupdir, } + $cert_path = $couchdb_cert_path ? { + "" => "/etc/couchdb", + default => $couchdb_cert_path, + } + } diff --git a/manifests/query.pp b/manifests/query.pp new file mode 100644 index 0000000..b36f290 --- /dev/null +++ b/manifests/query.pp @@ -0,0 +1,3 @@ +define couchdb::query ($host='127.0.0.1:5984', $cmd, $url, $data = '') { + exec { "/usr/bin/curl --netrc-file /etc/couchdb/couchdb.netrc -X $cmd $host/$url --data \'$data\'": } +} diff --git a/manifests/query/setup.pp b/manifests/query/setup.pp new file mode 100644 index 0000000..a5d1657 --- /dev/null +++ b/manifests/query/setup.pp @@ -0,0 +1,8 @@ +define couchdb::query::setup ($host='127.0.0.1', $user, $pw) { + file { '/etc/couchdb/couchdb.netrc': + content => "machine $host login $user password $pw", + mode => '0600', + owner => 'couchdb', + group => 'couchdb', + } +} diff --git a/manifests/ssl/deploy_cert.pp b/manifests/ssl/deploy_cert.pp new file mode 100644 index 0000000..4e9c158 --- /dev/null +++ b/manifests/ssl/deploy_cert.pp @@ -0,0 +1,28 @@ +define couchdb::ssl::deploy_cert ($cert, $key) { +include couchdb::params + file { 'couchdb_cert_directory': + path => "$couchdb::params::cert_path", + ensure => 'directory', + mode => '0600', + owner => 'couchdb', + group => 'couchdb'; + } + + file { 'couchdb_cert"': + path => "$couchdb::params::cert_path/server_cert.pem", + mode => '0644', + owner => 'couchdb', + group => 'couchdb', + content => $cert + } + + file { 'couchdb_key': + path => "$couchdb::params::cert_path/server_key.pem", + mode => '0600', + owner => 'couchdb', + group => 'couchdb', + content => $key + } + + +} diff --git a/manifests/ssl/generate_cert.pp b/manifests/ssl/generate_cert.pp new file mode 100644 index 0000000..dae091c --- /dev/null +++ b/manifests/ssl/generate_cert.pp @@ -0,0 +1,26 @@ +class couchdb::ssl::generate_cert { + + package { ['openssl']: + ensure => 'installed', + } + + file { $couchdb::cert_path: + ensure => 'directory', + mode => '0600', + owner => 'couchdb', + group => 'couchdb'; + } + +exec { 'generate-certs': + command => "/usr/bin/openssl req -new -inform PEM -x509 -nodes -days 150 -subj \ +'/C=ZZ/ST=AutoSign/O=AutoSign/localityName=AutoSign/commonName=${::hostname}/organizationalUnitName=AutoSign/emailAddress=AutoSign/' \ +-newkey rsa:2048 -out ${couchdb::cert_path}/couchdb_cert.pem -keyout ${couchdb::cert_path}/couchdb_key.pem", + unless => "/usr/bin/test -f ${couchdb::cert_path}/couchdb_cert.pem && +/usr/bin/test -f ${couchdb::params::cert_path}/couchdb_key.pem", + require => [ + File[$couchdb::params::cert_path], + Exec['make-install'] + ], + notify => Service['couchdb'], + } +} diff --git a/manifests/update.pp b/manifests/update.pp new file mode 100644 index 0000000..129d875 --- /dev/null +++ b/manifests/update.pp @@ -0,0 +1,3 @@ +define couchdb::update ($db, $id, $data) { + exec { "couch-doc-update --db $db --id $id --data \'$data\'": } +} |