Page MenuHomeSoftware Heritage
Differential D4375 Diff 15499 site-modules/profile/manifests/postgresql/server.pp

Changeset View

Standalone View

View Options

site-modules/profile/manifests/postgresql/server.pp

# Install and configure a postgresql server # Install and configure a postgresql server
class profile::postgresql::server { class profile::postgresql::server {
$swh_base_directory = lookup('swh::base_directory') $swh_base_directory = lookup('swh::base_directory')
$postgres_pass = lookup('swh::deploy::db::postgres::password') $postgres_pass = lookup('swh::deploy::db::postgres::password')
$swh_admin_pass = lookup('swh::deploy::db::swh_admin::password')
$listen_addresses = lookup('swh::postgresql::listen_addresses').join(',') $listen_addresses = lookup('swh::postgresql::listen_addresses').join(',')
# allow access through credentials # allow access through credentials
$network_accesses = lookup('swh::postgresql::network_accesses').map | $nwk | { $network_accesses = lookup('swh::postgresql::network_accesses').map | $nwk | {
"host all all ${nwk} md5" "host all all ${nwk} md5"
} }
$postgres_version = lookup('swh::postgresql::version') $postgres_version = lookup('swh::postgresql::version')
$postgres_port = lookup('swh::postgresql::port') $postgres_port = lookup('swh::postgresql::port')
Show All 12 Lines -> class { 'postgresql::server':
postgres_password => $postgres_pass, postgres_password => $postgres_pass,
port => $postgres_port, port => $postgres_port,
listen_addresses => [$listen_addresses], listen_addresses => [$listen_addresses],
datadir => $postgres_datadir, datadir => $postgres_datadir,
needs_initdb => true, # Needed because managed_repo is false and data_dir is redefined by us ¯\_(ツ)_/¯ needs_initdb => true, # Needed because managed_repo is false and data_dir is redefined by us ¯\_(ツ)_/¯
require => Class['profile::postgresql::apt_config'] require => Class['profile::postgresql::apt_config']
} }
# read-only user
$guest = 'guest' $guest = 'guest'
postgresql::server::role { $guest: postgresql::server::role { $guest:
password_hash => postgresql_password($guest, 'guest'), password_hash => postgresql_password($guest, 'guest'),
require => Class['postgresql::server'] require => Class['postgresql::server']
} }
# admin user to initialize db
$swh_admin = "swh-admin"
postgresql::server::role { $swh_admin:
password_hash => postgresql_password($swh_admin, $swh_admin_pass),
superuser => true,
require => Class['postgresql::server']
}
$dbs = lookup('swh::dbs') $dbs = lookup('swh::dbs')
each($dbs) | $db_type, $db_config | { each($dbs) | $db_type, $db_config | {
# db_type in {storage, indexer, scheduler, etc...} # db_type in {storage, indexer, scheduler, etc...}
$db_pass = lookup("swh::deploy::${db_type}::db::password") $db_pass = lookup("swh::deploy::${db_type}::db::password")
$db_name = $db_config['name'] $db_name = $db_config['name']
$db_user = $db_config['user'] $db_user = $db_config['user']
postgresql::server::db { $db_name: postgresql::server::db { $db_name:
user => $db_user, user => $db_user,
password => $db_pass, password => $db_pass,
owner => $db_user, owner => $db_user,
require => Class['postgresql::server'] require => Class['postgresql::server']
} }
# guest user has read access on tables # guest user has read access on tables
postgresql::server::database_grant { $db_name: postgresql::server::database_grant { $db_name:
privilege => 'connect', privilege => 'connect',
db => $db_name, db => $db_name,
role => $guest, role => $guest,
require => Postgresql::Server::Db[$db_name] require => Postgresql::Server::Db[$db_name]
} }
} }
} }
ardumontAuthorUnsubmitted
Done
Inline Actions
  1. There is no way to drop the simple blocking rules in the puppetlabs module. So the stand has been to redeclare all rules dropping the blocking one. It works as the octocatalog-diff shows.
  1. Tried to declare it as yaml to no avail so far. That should not be a blocker for now though. We can always try that back at another time (we already spent too much time on this).
ardumont: 1. There is no way to drop the simple blocking rules in the puppetlabs module. So the stand has…
About · Developer information · Legal