d4science-ghn-cluster: Install a single couchdb instance on accounting-d4s.d4science.org.

library/roles/couchdb: Add support for https.
This commit is contained in:
Andrea Dell'Amico 2015-07-03 18:58:27 +02:00
parent 5d01a4315e
commit cae37fb97c
2 changed files with 46 additions and 4 deletions

View File

@ -9,10 +9,11 @@
#
# Set it to true if you want the old 1.6 release
couchdb_use_old_package: False
couchdb_use_old_package: True
couchdb_ssl_enabled: False
couchdb_pkg_state: installed
couchdb_pkg_version: 1.6.1
couchdb_pkg_version: 1.6.1-0ubuntu5
couchdb_ppa: "ppa:couchdb/stable"
couchdb_pkgs:
- couchdb={{ couchdb_pkg_version }}
@ -24,6 +25,7 @@ couchdb_https_port: 6984
couchdb_bind_address: 127.0.0.1
couchdb_local_ini_d: /etc/couchdb
couchdb_open_files: 4096
couchdb_log_level: info
couchdb_set_admin: False
#couchdb_admin_pwd: Put it in a vault file
@ -35,6 +37,24 @@ couchdb_default_options:
- { section: 'couch_httpd_auth', option: 'require_valid_user', value: 'true', state: 'present' }
# - { section: 'httpd', option: 'config_whitelist', value: '"[{httpd,config_whitelist},{log,level}]"', state: 'present' }
- { section: 'log', option: 'include_sasl', value: 'true', state: 'present' }
- { section: 'log', option: 'level', value: '{{ couchdb_log_level }}', state: 'present' }
couchdb_ssl_options:
- { section: 'daemons', option: 'httpsd', value: '"{couch_httpd, start_link, [https]}"', state: 'present' }
- { section: 'daemons', option: 'httpd', value: '"{couch_httpd, start_link, []}"', state: 'absent' }
- { section: 'ssl', option: 'cert_file', value: '{{ pki_dir }}/ssl/{{ ansible_fqdn }}.pem', state: 'present' }
- { section: 'ssl', option: 'key_file', value: '{{ pki_dir }}/ssl/{{ ansible_fqdn }}.key', state: 'present' }
- { section: 'ssl', option: 'cacert_file', value: 'accounting-{{ pki_dir }}/ssl/{{ ansible_fqdn }}.pem', state: 'present' }
- { section: 'ssl', option: 'port', value: '{{ couchdb_https_port }}', state: 'present' }
- { section: 'ssl', option: 'ssl_certificate_max_depth', value: '3', state: 'present' }
- { section: 'ssl', option: 'verify_ssl_certificates', value: 'False', state: 'present' }
couchdb_ssl_default_remove:
- { section: 'daemons', option: 'httpd', value: '"{couch_httpd, start_link, []}"', state: 'absent' }
couchdb_disable_ssl_options:
- { section: 'daemons', option: 'httpsd', value: '"{couch_httpd, start_link, [https]}"', state: 'absent' }
- { section: 'daemons', option: 'httpd', value: '"{couch_httpd, start_link, []}"', state: 'present' }
couchdb_replicator_options:
- { section: 'replicator', option: 'db', value: '_replicator', state: 'present' }

View File

@ -3,12 +3,12 @@
#
- name: Add the ppa for couchdb
apt_repository: repo='{{ couchdb_ppa }}'
register: update_apt_cache
register: install_ppa
tags: couchdb
- name: Update the apt cache if needed
apt: update_cache=yes
when: (update_apt_cache|changed)
when: ( install_ppa | changed )
tags: couchdb
- name: Install the couchdb packages
@ -22,6 +22,7 @@
#
# Couchdb changes the admin password with a hash, so we need to not overwrite the file at each playbook run
# Note: we have chosen to distribute the hashed password
- name: Create the admin config file, once
copy: content="[admins]\n" dest={{ couchdb_local_ini_d }}/local.d/admin.ini force=no
when: couchdb_set_admin
@ -49,6 +50,27 @@
notify: Restart couchdb
tags: [ 'couchdb', 'couch_opts']
- name: Activate ssl for couchdb
ini_file: dest={{ couchdb_local_ini_d }}/local.ini section={{ item.section }} option={{ item.option }} value={{ item.value }} owner=couchdb group=couchdb mode=0640 state={{ item.state }}
with_items: couchdb_ssl_options
when: couchdb_ssl_enabled
notify: Restart couchdb
tags: [ 'couchdb', 'couch_opts']
- name: Activate ssl for couchdb
ini_file: dest={{ couchdb_local_ini_d }}/default.ini section={{ item.section }} option={{ item.option }} value={{ item.value }} owner=couchdb group=couchdb mode=0640 state={{ item.state }}
with_items: couchdb_ssl_default_remove
when: couchdb_ssl_enabled
notify: Restart couchdb
tags: [ 'couchdb', 'couch_opts']
- name: Disable ssl for couchdb
ini_file: dest={{ couchdb_local_ini_d }}/local.ini section={{ item.section }} option={{ item.option }} value={{ item.value }} owner=couchdb group=couchdb mode=0640 state={{ item.state }}
with_items: couchdb_disable_ssl_options
when: not couchdb_ssl_enabled
notify: Restart couchdb
tags: [ 'couchdb', 'couch_opts']
- name: Custom couchdb configuration
ini_file: dest={{ couchdb_local_ini_d }}/local.ini section={{ item.section }} option={{ item.option }} value={{ item.value }} owner=couchdb group=couchdb mode=0640 state={{ item.state }}
with_items: couchdb_custom_options