Changeset View
Changeset View
Standalone View
Standalone View
site-modules/profile/manifests/postgresql/server.pp
# Install and configure a postgresql server | # Install and configure a postgresql server | ||||
class profile::postgresql::server { | class profile::postgresql::server { | ||||
$swh_base_directory = lookup('swh::base_directory') | $swh_base_directory = lookup('swh::base_directory') | ||||
$postgres_pass = lookup('swh::deploy::db::postgres::password') | $postgres_pass = lookup('swh::deploy::db::postgres::password') | ||||
$swh_admin_pass = lookup('swh::deploy::db::swh_admin::password') | |||||
$listen_addresses = lookup('swh::postgresql::listen_addresses').join(',') | $listen_addresses = lookup('swh::postgresql::listen_addresses').join(',') | ||||
# allow access through credentials | # allow access through credentials | ||||
$network_accesses = lookup('swh::postgresql::network_accesses').map | $nwk | { | $network_accesses = lookup('swh::postgresql::network_accesses').map | $nwk | { | ||||
"host all all ${nwk} md5" | "host all all ${nwk} md5" | ||||
} | } | ||||
$postgres_version = lookup('swh::postgresql::version') | $postgres_version = lookup('swh::postgresql::version') | ||||
$postgres_port = lookup('swh::postgresql::port') | $postgres_port = lookup('swh::postgresql::port') | ||||
Show All 12 Lines | -> class { 'postgresql::server': | ||||
postgres_password => $postgres_pass, | postgres_password => $postgres_pass, | ||||
port => $postgres_port, | port => $postgres_port, | ||||
listen_addresses => [$listen_addresses], | listen_addresses => [$listen_addresses], | ||||
datadir => $postgres_datadir, | datadir => $postgres_datadir, | ||||
needs_initdb => true, # Needed because managed_repo is false and data_dir is redefined by us ¯\_(ツ)_/¯ | needs_initdb => true, # Needed because managed_repo is false and data_dir is redefined by us ¯\_(ツ)_/¯ | ||||
require => Class['profile::postgresql::apt_config'] | require => Class['profile::postgresql::apt_config'] | ||||
} | } | ||||
# read-only user | |||||
$guest = 'guest' | $guest = 'guest' | ||||
postgresql::server::role { $guest: | postgresql::server::role { $guest: | ||||
password_hash => postgresql_password($guest, 'guest'), | password_hash => postgresql_password($guest, 'guest'), | ||||
require => Class['postgresql::server'] | require => Class['postgresql::server'] | ||||
} | } | ||||
# admin user to initialize db | |||||
$swh_admin = "swh-admin" | |||||
postgresql::server::role { $swh_admin: | |||||
password_hash => postgresql_password($swh_admin, $swh_admin_pass), | |||||
superuser => true, | |||||
require => Class['postgresql::server'] | |||||
} | |||||
$dbs = lookup('swh::dbs') | $dbs = lookup('swh::dbs') | ||||
each($dbs) | $db_type, $db_config | { | each($dbs) | $db_type, $db_config | { | ||||
# db_type in {storage, indexer, scheduler, etc...} | # db_type in {storage, indexer, scheduler, etc...} | ||||
$db_pass = lookup("swh::deploy::${db_type}::db::password") | $db_pass = lookup("swh::deploy::${db_type}::db::password") | ||||
$db_name = $db_config['name'] | $db_name = $db_config['name'] | ||||
$db_user = $db_config['user'] | $db_user = $db_config['user'] | ||||
postgresql::server::db { $db_name: | postgresql::server::db { $db_name: | ||||
user => $db_user, | user => $db_user, | ||||
password => $db_pass, | password => $db_pass, | ||||
owner => $db_user, | owner => $db_user, | ||||
require => Class['postgresql::server'] | require => Class['postgresql::server'] | ||||
} | } | ||||
# guest user has read access on tables | # guest user has read access on tables | ||||
postgresql::server::database_grant { $db_name: | postgresql::server::database_grant { $db_name: | ||||
privilege => 'connect', | privilege => 'connect', | ||||
db => $db_name, | db => $db_name, | ||||
role => $guest, | role => $guest, | ||||
require => Postgresql::Server::Db[$db_name] | require => Postgresql::Server::Db[$db_name] | ||||
} | } | ||||
} | } | ||||
} | } | ||||
ardumontAuthorUnsubmitted Done Inline Actions
ardumont: 1. There is no way to drop the simple blocking rules in the puppetlabs module. So the stand has… |