Changeset View
Changeset View
Standalone View
Standalone View
site-modules/profile/manifests/postgresql/server.pp
| # Install and configure a postgresql server | # Install and configure a postgresql server | ||||
| class profile::postgresql::server { | class profile::postgresql::server { | ||||
| $swh_base_directory = lookup('swh::base_directory') | $swh_base_directory = lookup('swh::base_directory') | ||||
| $postgres_pass = lookup('swh::deploy::db::postgres::password') | $postgres_pass = lookup('swh::deploy::db::postgres::password') | ||||
| $listen_addresses = lookup('swh::postgresql::listen_addresses').join(',') | $listen_addresses = lookup('swh::postgresql::listen_addresses').join(',') | ||||
| # allow access through credentials | # allow access through credentials | ||||
| $network_accesses = lookup('swh::postgresql::network_accesses').map | $nwk | { | $network_accesses = lookup('swh::postgresql::network_accesses').map | $nwk | { | ||||
| "host all all ${nwk} md5" | "host all all ${nwk} md5" | ||||
| } | } | ||||
| $postgres_version = lookup('swh::postgresql::version') | $postgres_version = lookup('swh::postgresql::version') | ||||
| $postgres_port = lookup('swh::postgresql::port') | $postgres_port = lookup('swh::postgresql::port') | ||||
| $postgres_datadir_base = lookup('swh::postgresql::datadir_base') | $postgres_datadir_base = lookup('swh::postgresql::datadir_base') | ||||
| $postgres_datadir = lookup('swh::postgresql::datadir') | $postgres_datadir = lookup('swh::postgresql::datadir') | ||||
| $postgres_max_connections = lookup('swh::postgresql::max_connections') | |||||
| $ip_mask_allow_all_users = '0.0.0.0/0' | $ip_mask_allow_all_users = '0.0.0.0/0' | ||||
| file { [ "${postgres_datadir_base}", | file { [ $postgres_datadir_base, | ||||
| "${postgres_datadir_base}/${postgres_version}" ] : | "${postgres_datadir_base}/${postgres_version}" ] : | ||||
| ensure => directory, | ensure => directory, | ||||
| owner => 'root', | owner => 'root', | ||||
| group => 'root', | group => 'root', | ||||
| mode => '0655', | mode => '0655', | ||||
| } | } | ||||
| -> class { 'postgresql::server': | -> class { 'postgresql::server': | ||||
| ip_mask_allow_all_users => $ip_mask_allow_all_users, | ip_mask_allow_all_users => $ip_mask_allow_all_users, | ||||
| ipv4acls => $network_accesses, | ipv4acls => $network_accesses, | ||||
| postgres_password => $postgres_pass, | postgres_password => $postgres_pass, | ||||
| port => $postgres_port, | port => $postgres_port, | ||||
| listen_addresses => [$listen_addresses], | listen_addresses => [$listen_addresses], | ||||
| datadir => $postgres_datadir, | datadir => $postgres_datadir, | ||||
| needs_initdb => true, # Needed because managed_repo is false and data_dir is redefined by us ¯\_(ツ)_/¯ | needs_initdb => true, # Needed because managed_repo is false and data_dir is redefined by us ¯\_(ツ)_/¯ | ||||
| require => Class['profile::postgresql::apt_config'], | require => Class['profile::postgresql::apt_config'], | ||||
| pg_hba_conf_defaults => false, # see below for the actual default rules | pg_hba_conf_defaults => false, # see below for the actual default rules | ||||
| pg_hba_rules => { | pg_hba_rules => { | ||||
| # Supersedes the default rules installed by puppetlab-postgres, thus | # Supersedes the default rules installed by puppetlab-postgres, thus | ||||
| # allowing pgbouncer/pgsql connection to the postgres user | # allowing pgbouncer/pgsql connection to the postgres user | ||||
| 'local access as postgres user' => { | 'local access as postgres user' => { | ||||
| database => 'all', | database => 'all', | ||||
| user => 'postgres', | user => 'postgres', | ||||
| type => 'local', | type => 'local', | ||||
| auth_method => 'ident', | auth_method => 'ident', | ||||
| order => 1, | order => 1, | ||||
| }, | }, | ||||
| 'local access to database with same name' => { | 'local access to database with same name' => { | ||||
| database => 'all', | database => 'all', | ||||
| user => 'all', | user => 'all', | ||||
| type => 'local', | type => 'local', | ||||
| auth_method => 'ident', | auth_method => 'ident', | ||||
| order => 2, | order => 2, | ||||
| }, | }, | ||||
| 'allow localhost TCP access to postgresql user' => { | 'allow localhost TCP access to postgresql user' => { | ||||
| database => 'all', | database => 'all', | ||||
| user => 'postgres', | user => 'postgres', | ||||
| type => 'host', | type => 'host', | ||||
| address => '127.0.0.1/32', | address => '127.0.0.1/32', | ||||
| auth_method => 'md5', | auth_method => 'md5', | ||||
| order => 3, | order => 3, | ||||
| }, | }, | ||||
| 'allow access to all users' => { | 'allow access to all users' => { | ||||
| database => 'all', | database => 'all', | ||||
| user => 'all', | user => 'all', | ||||
| type => 'host', | type => 'host', | ||||
| address => $ip_mask_allow_all_users, | address => $ip_mask_allow_all_users, | ||||
| auth_method => 'md5', | auth_method => 'md5', | ||||
| order => 100, | order => 100, | ||||
| }, | }, | ||||
| 'allow access to ipv6 localhost' => { | 'allow access to ipv6 localhost' => { | ||||
| database => 'all', | database => 'all', | ||||
| user => 'all', | user => 'all', | ||||
| type => 'host', | type => 'host', | ||||
| address => '::1/128', | address => '::1/128', | ||||
| auth_method => 'md5', | auth_method => 'md5', | ||||
| order => 101, | order => 101, | ||||
| } | } | ||||
| }, | |||||
| } | } | ||||
| postgresql::server::config_entry{'max_connections': | |||||
| ensure => present, | |||||
| value => $postgres_max_connections, | |||||
| } | } | ||||
| postgresql::server::config_entry{'shared_preload_libraries': | postgresql::server::config_entry{'shared_preload_libraries': | ||||
| ensure => present, | ensure => present, | ||||
| value => "pg_stat_statements", | value => 'pg_stat_statements', | ||||
| } | } | ||||
| # read-only user | # read-only user | ||||
| $guest = 'guest' | $guest = 'guest' | ||||
| postgresql::server::role { $guest: | postgresql::server::role { $guest: | ||||
| password_hash => postgresql_password($guest, 'guest'), | password_hash => postgresql_password($guest, 'guest'), | ||||
| require => Class['postgresql::server'] | require => Class['postgresql::server'] | ||||
| } | } | ||||
| $dbs = lookup('swh::dbs') | $dbs = lookup('swh::dbs') | ||||
| each($dbs) | $db_type, $db_config | { | each($dbs) | $db_type, $db_config | { | ||||
| # db_type in {storage, indexer, scheduler, etc...} | # db_type in {storage, indexer, scheduler, etc...} | ||||
| $db_pass = pick( | $db_pass = pick( | ||||
| $db_config['password'], | $db_config['password'], | ||||
| lookup("swh::deploy::${db_type}::db::password", {"default_value" => undef}) | lookup("swh::deploy::${db_type}::db::password", {'default_value' => undef}) | ||||
| ) | ) | ||||
| $db_name = $db_config['name'] | $db_name = $db_config['name'] | ||||
| $db_user = $db_config['user'] | $db_user = $db_config['user'] | ||||
| postgresql::server::db { $db_name: | postgresql::server::db { $db_name: | ||||
| user => $db_user, | user => $db_user, | ||||
| password => $db_pass, | password => $db_pass, | ||||
| owner => $db_user, | owner => $db_user, | ||||
| Show All 12 Lines | |||||