forked from ISTI-ansible-roles/ansible-roles
d4science-ghn-cluster: Install a single couchdb instance on accounting-d4s.d4science.org.
library/roles/couchdb: Add support for https.
This commit is contained in:
parent
5d01a4315e
commit
cae37fb97c
|
@ -9,10 +9,11 @@
|
|||
#
|
||||
|
||||
# Set it to true if you want the old 1.6 release
|
||||
couchdb_use_old_package: False
|
||||
couchdb_use_old_package: True
|
||||
couchdb_ssl_enabled: False
|
||||
|
||||
couchdb_pkg_state: installed
|
||||
couchdb_pkg_version: 1.6.1
|
||||
couchdb_pkg_version: 1.6.1-0ubuntu5
|
||||
couchdb_ppa: "ppa:couchdb/stable"
|
||||
couchdb_pkgs:
|
||||
- couchdb={{ couchdb_pkg_version }}
|
||||
|
@ -24,6 +25,7 @@ couchdb_https_port: 6984
|
|||
couchdb_bind_address: 127.0.0.1
|
||||
couchdb_local_ini_d: /etc/couchdb
|
||||
couchdb_open_files: 4096
|
||||
couchdb_log_level: info
|
||||
|
||||
couchdb_set_admin: False
|
||||
#couchdb_admin_pwd: Put it in a vault file
|
||||
|
@ -35,6 +37,24 @@ couchdb_default_options:
|
|||
- { section: 'couch_httpd_auth', option: 'require_valid_user', value: 'true', state: 'present' }
|
||||
# - { section: 'httpd', option: 'config_whitelist', value: '"[{httpd,config_whitelist},{log,level}]"', state: 'present' }
|
||||
- { section: 'log', option: 'include_sasl', value: 'true', state: 'present' }
|
||||
- { section: 'log', option: 'level', value: '{{ couchdb_log_level }}', state: 'present' }
|
||||
|
||||
couchdb_ssl_options:
|
||||
- { section: 'daemons', option: 'httpsd', value: '"{couch_httpd, start_link, [https]}"', state: 'present' }
|
||||
- { section: 'daemons', option: 'httpd', value: '"{couch_httpd, start_link, []}"', state: 'absent' }
|
||||
- { section: 'ssl', option: 'cert_file', value: '{{ pki_dir }}/ssl/{{ ansible_fqdn }}.pem', state: 'present' }
|
||||
- { section: 'ssl', option: 'key_file', value: '{{ pki_dir }}/ssl/{{ ansible_fqdn }}.key', state: 'present' }
|
||||
- { section: 'ssl', option: 'cacert_file', value: 'accounting-{{ pki_dir }}/ssl/{{ ansible_fqdn }}.pem', state: 'present' }
|
||||
- { section: 'ssl', option: 'port', value: '{{ couchdb_https_port }}', state: 'present' }
|
||||
- { section: 'ssl', option: 'ssl_certificate_max_depth', value: '3', state: 'present' }
|
||||
- { section: 'ssl', option: 'verify_ssl_certificates', value: 'False', state: 'present' }
|
||||
|
||||
couchdb_ssl_default_remove:
|
||||
- { section: 'daemons', option: 'httpd', value: '"{couch_httpd, start_link, []}"', state: 'absent' }
|
||||
|
||||
couchdb_disable_ssl_options:
|
||||
- { section: 'daemons', option: 'httpsd', value: '"{couch_httpd, start_link, [https]}"', state: 'absent' }
|
||||
- { section: 'daemons', option: 'httpd', value: '"{couch_httpd, start_link, []}"', state: 'present' }
|
||||
|
||||
couchdb_replicator_options:
|
||||
- { section: 'replicator', option: 'db', value: '_replicator', state: 'present' }
|
||||
|
|
|
@ -3,12 +3,12 @@
|
|||
#
|
||||
- name: Add the ppa for couchdb
|
||||
apt_repository: repo='{{ couchdb_ppa }}'
|
||||
register: update_apt_cache
|
||||
register: install_ppa
|
||||
tags: couchdb
|
||||
|
||||
- name: Update the apt cache if needed
|
||||
apt: update_cache=yes
|
||||
when: (update_apt_cache|changed)
|
||||
when: ( install_ppa | changed )
|
||||
tags: couchdb
|
||||
|
||||
- name: Install the couchdb packages
|
||||
|
@ -22,6 +22,7 @@
|
|||
|
||||
#
|
||||
# Couchdb changes the admin password with a hash, so we need to not overwrite the file at each playbook run
|
||||
# Note: we have chosen to distribute the hashed password
|
||||
- name: Create the admin config file, once
|
||||
copy: content="[admins]\n" dest={{ couchdb_local_ini_d }}/local.d/admin.ini force=no
|
||||
when: couchdb_set_admin
|
||||
|
@ -49,6 +50,27 @@
|
|||
notify: Restart couchdb
|
||||
tags: [ 'couchdb', 'couch_opts']
|
||||
|
||||
- name: Activate ssl for couchdb
|
||||
ini_file: dest={{ couchdb_local_ini_d }}/local.ini section={{ item.section }} option={{ item.option }} value={{ item.value }} owner=couchdb group=couchdb mode=0640 state={{ item.state }}
|
||||
with_items: couchdb_ssl_options
|
||||
when: couchdb_ssl_enabled
|
||||
notify: Restart couchdb
|
||||
tags: [ 'couchdb', 'couch_opts']
|
||||
|
||||
- name: Activate ssl for couchdb
|
||||
ini_file: dest={{ couchdb_local_ini_d }}/default.ini section={{ item.section }} option={{ item.option }} value={{ item.value }} owner=couchdb group=couchdb mode=0640 state={{ item.state }}
|
||||
with_items: couchdb_ssl_default_remove
|
||||
when: couchdb_ssl_enabled
|
||||
notify: Restart couchdb
|
||||
tags: [ 'couchdb', 'couch_opts']
|
||||
|
||||
- name: Disable ssl for couchdb
|
||||
ini_file: dest={{ couchdb_local_ini_d }}/local.ini section={{ item.section }} option={{ item.option }} value={{ item.value }} owner=couchdb group=couchdb mode=0640 state={{ item.state }}
|
||||
with_items: couchdb_disable_ssl_options
|
||||
when: not couchdb_ssl_enabled
|
||||
notify: Restart couchdb
|
||||
tags: [ 'couchdb', 'couch_opts']
|
||||
|
||||
- name: Custom couchdb configuration
|
||||
ini_file: dest={{ couchdb_local_ini_d }}/local.ini section={{ item.section }} option={{ item.option }} value={{ item.value }} owner=couchdb group=couchdb mode=0640 state={{ item.state }}
|
||||
with_items: couchdb_custom_options
|
||||
|
|
Loading…
Reference in New Issue