diff --git a/Puppetfile b/Puppetfile --- a/Puppetfile +++ b/Puppetfile @@ -119,6 +119,10 @@ :git => 'https://forge.softwareheritage.org/source/puppet-puppetlabs-postgresql', :ref => '5.3.0' +mod 'pgbouncer', + :git => 'https://forge.softwareheritage.org/source/puppet-covermymeds-pgbouncer', + :ref => '0.3.3' + mod 'puppet', :git => 'https://forge.softwareheritage.org/source/puppet-theforeman-puppet', :tag => '8.2.0' diff --git a/data/defaults.yaml b/data/defaults.yaml --- a/data/defaults.yaml +++ b/data/defaults.yaml @@ -1380,6 +1380,55 @@ swh::deploy::db::secondary::port: 5434 swh::deploy::db::hdd::port: 5435 +swh::deploy::db::pgbouncer::user::login: postgres + +pgbouncer::config_params: + listen_port: "%{hiera('swh::deploy::db::pgbouncer::port')}" + listen_addr: + - 127.0.0.1 + - 192.168.100.210 + auth_type: "hba" + auth_hba_file: /etc/postgresql/11/secondary/pg_hba.conf + max_client_conn: 2000 + default_pool_size: 2000 + max_db_connections: 2000 + max_user_connections: 2000 + client_tls_sslmode: allow + client_tls_ca_file: /etc/ssl/certs/ssl-cert-snakeoil.pem + client_tls_key_file: /etc/ssl/private/ssl-cert-snakeoil.key + client_tls_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem + server_tls_sslmode: allow + admin_users: + - "%{hiera('swh::deploy::db::pgbouncer::user::login')}" + - olasd + +# swh::deploy::db::pgbouncer::user::password in private data +pgbouncer::userlist: + - user: "%{hiera('swh::deploy::db::pgbouncer::user::login')}" + password: "%{hiera('swh::deploy::db::pgbouncer::user::password')}" + +pgbouncer::databases: + # swh + - source_db: "%{hiera('swh::deploy::storage::db::dbname')}" + host: prado.internal.softwareheritage.org + dest_db: "%{hiera('swh::deploy::storage::db::dbname')}" + auth_user: "%{hiera('swh::deploy::db::pgbouncer::user::login')}" + # swh-deposit + - source_db: "%{hiera('swh::deploy::deposit::db::dbname')}" + host: "%{hiera('swh::deploy::deposit::db::host')}" + dest_db: "%{hiera('swh::deploy::deposit::db::dbname')}" + auth_user: "%{hiera('swh::deploy::db::pgbouncer::user::login')}" + # swh-scheduler + - source_db: "%{hiera('swh::deploy::scheduler::db::dbname')}" + host: "%{hiera('swh::deploy::scheduler::db::host')}" + dest_db: "%{hiera('swh::deploy::scheduler::db::dbname')}" + auth_user: "%{hiera('swh::deploy::db::pgbouncer::user::login')}" + # swh-scheduler-updater + - source_db: "%{hiera('swh::deploy::scheduler::updater::backend::db::dbname')}" + host: "%{hiera('swh::deploy::scheduler::updater::backend::db::host')}" + dest_db: "%{hiera('swh::deploy::scheduler::updater::backend::db::dbname')}" + auth_user: "%{hiera('swh::deploy::db::pgbouncer::user::login')}" + swh::deploy::directory: "%{hiera('swh::conf_directory')}/deploy" swh::deploy::group: swhdeploy swh::deploy::public_key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWrJX/uUss/EYZaTp2EIsZgg3ZSH8JcNZV5gBdNZ7EHcQcqxYUCqmwv9Ss3xT8n9kIrH6iz/vquqf84XR+keoZK3bsp50tMOY8LJWpcl/JK2XD6ovoJrHPu+iAroLkE59RdTa1Vz+jF67Q2UuG9f0nKwL4rnkeWTyuK/zAbyHyYKFQntkkwMr5/YTU8sjl/4aNF/2Ww8hitdi2GORlCjav2bB0wyPBA2e8sMt8Hp9O4TIWg/RD6vPX+ZvuFaB/Lw/Hv21622QGTHoZiO92/8/W9/t24il6SU4z96ZGfXqdUZkpPYKBGwyIkZkS4dN6jb4CcRlyXTObphyu3dAlABRt swhworker@worker01' diff --git a/manifests/site.pp b/manifests/site.pp --- a/manifests/site.pp +++ b/manifests/site.pp @@ -33,6 +33,7 @@ node 'belvedere.internal.softwareheritage.org' { include role::swh_database + include profile::pgbouncer } node 'banco.softwareheritage.org' { diff --git a/site-modules/profile/manifests/pgbouncer.pp b/site-modules/profile/manifests/pgbouncer.pp new file mode 100644 --- /dev/null +++ b/site-modules/profile/manifests/pgbouncer.pp @@ -0,0 +1,22 @@ +# Manage a pgbouncer server +class profile::pgbouncer { + $config_params = lookup('pgbouncer::config_params') + $userlist = lookup('pgbouncer::userlist') + $databases = lookup('pgbouncer::databases') + + # Need format manipulation (expected format in pgbouncer class is {key, + # value} with no nested data) + $listen_addr = join($config_params['listen_addr'], ',') + $admin_users = join($config_params['admin_users'], ',') + + $expected_config_params = merge($config_params, { + listen_addr => $listen_addr, + admin_users => $admin_users, + }) + + class {'::pgbouncer': + config_params => $expected_config_params, + userlist => $userlist, + databases => $databases, + } +}