diff --git a/data/hostname/clearly-defined.internal.staging.swh.network.yaml b/data/hostname/clearly-defined.internal.staging.swh.network.yaml new file mode 100644 index 00000000..7cef17f0 --- /dev/null +++ b/data/hostname/clearly-defined.internal.staging.swh.network.yaml @@ -0,0 +1,13 @@ +--- +swh::postgres::service::users: + - tg1999 + - root + +swh::postgres::service::dbs: + - alias: clearly-defined + name: clearly_defined + host: "%{alias('swh::deploy::storage::db::host')}" + port: "%{alias('swh::deploy::db::pgbouncer::port')}" + user: guest + passwd: "%{alias('swh::deploy::clearly_defined::db::password')}" + diff --git a/data/subnets/vagrant.yaml b/data/subnets/vagrant.yaml index dce3b134..bfe16bae 100644 --- a/data/subnets/vagrant.yaml +++ b/data/subnets/vagrant.yaml @@ -1,127 +1,129 @@ --- # forwarder for : # - swh network # - Inria network # - external network dns::forwarders: - 192.168.100.29 - 192.168.200.22 - 128.93.77.234 - 1.1.1.1 dns::forwarder_insecure: true ntp::servers: - sesi-ntp1.inria.fr - sesi-ntp2.inria.fr networks::manage_interfaces: false internal_network: 10.168.128.0/16 networks::private_routes: {} smtp::relay_hostname: 'none' swh::postgresql::network_accesses: - 10.168.100.0/24 swh::deploy::worker::instances: - checker_deposit - lister - loader_archive - loader_cran - loader_debian - loader_deposit - loader_git - loader_mercurial - loader_nixguix - loader_npm - loader_pypi - loader_svn dns::forward_zones: { } netbox::vhost::letsencrypt_cert: inventory-vagrant netbox::vhost::name: inventory-vagrant.internal.softwareheritage.org netbox::mail::from: inventory+vagrant@softwareheritage.org netbox::admin::email: sysop+vagrant@softwareheritage.org kafka::cluster::public_network: 10.168.130.0/24 static_hostnames: 10.168.100.18: host: banco.internal.softwareheritage.org aliases: - backup.internal.softwareheritage.org - kibana.internal.softwareheritage.org 10.168.100.19: host: logstash0.internal.softwareheritage.org aliases: - logstash.internal.softwareheritage.org 10.168.100.29: host: pergamon.internal.softwareheritage.org aliases: - icinga.internal.softwareheritage.org - grafana.softwareheritage.org - stats.export.softwareheritage 10.168.100.30: host: jenkins.softwareheritage.org 10.168.100.31: host: moma.internal.softwareheritage.org aliases: - archive.internal.softwareheritage.org - deposit.internal.softwareheritage.org 10.168.100.52: host: riverside.internal.softwareheritage.org aliases: - sentry.softwareheritage.org 10.168.100.61: host: esnode1.internal.softwareheritage.org 10.168.100.62: host: esnode2.internal.softwareheritage.org 10.168.100.63: host: esnode3.internal.softwareheritage.org 10.168.100.104: host: saatchi.internal.softwareheritage.org aliases: - rabbitmq.internal.softwareheritage.org 10.168.100.106: host: kelvingrove.internal.softwareheritage.org aliases: - auth.softwareheritage.org 10.168.100.109: host: saam.internal.softwareheritage.org 10.168.100.131: host: zookeeper1.internal.softwareheritage.org 10.168.100.132: host: zookeeper2.internal.softwareheritage.org 10.168.100.133: host: zookeeper3.internal.softwareheritage.org 10.168.100.210: host: belvedere.internal.softwareheritage.org aliases: - db.internal.softwareheritage.org 10.168.100.199: host: bojimans.internal.softwareheritage.org aliases: - inventory.internal.softwareheritage.org 10.168.130.11: host: db1.internal.staging.swh.network 10.168.130.30: host: webapp.internal.staging.swh.network 10.168.130.31: host: deposit.internal.staging.swh.network 10.168.130.41: host: storage1.internal.staging.swh.network 10.168.130.50: host: scheduler0.internal.staging.swh.network 10.168.130.60: host: vault.internal.staging.swh.network 10.168.130.70: host: journal0.internal.staging.swh.network aliases: - broker0.journal.staging.swh.network 10.168.130.80: host: search-esnode0.internal.staging.swh.network 10.168.130.90: host: search0.internal.staging.swh.network + 10.168.130.200: + host: clearly-defined.internal.staging.swh.network diff --git a/manifests/site.pp b/manifests/site.pp index f3337ce3..4ee20e8c 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -1,193 +1,197 @@ node 'louvre.internal.softwareheritage.org' { include role::swh_server } node /^(orsay|beaubourg|hypervisor\d+|branly|pompidou|uffizi)\.(internal\.)?softwareheritage\.org$/ { include role::swh_hypervisor } node 'pergamon.softwareheritage.org' { include role::swh_sysadmin include profile::export_archive_counters } node 'tate.softwareheritage.org' { include role::swh_forge } node 'moma.softwareheritage.org' { include role::swh_rp_webapps } node 'webapp0.softwareheritage.org' { include role::swh_rp_webapp } node 'saatchi.internal.softwareheritage.org' { include role::swh_scheduler } node /^(belvedere|somerset).(internal.)?softwareheritage.org$/ { include role::swh_database include profile::pgbouncer } node 'banco.softwareheritage.org' { include role::swh_backup include role::postgresql_backup } node /^esnode\d+.(internal.)?softwareheritage.org$/ { include role::swh_elasticsearch_broker } node /^zookeeper\d+.(internal.)?softwareheritage.org$/ { include role::swh_zookeeper } node /^kafka\d+\./ { include role::swh_kafka_broker } node /^cassandra\d+\./ { include role::swh_cassandra_node } node 'granet.internal.softwareheritage.org' { include role::swh_graph_backend } node /^(unibo-prod|vangogh).(euwest.azure.)?(internal.)?softwareheritage.org$/ { include role::swh_vault } node /^saam\.(internal\.)?softwareheritage\.org$/ { include role::swh_storage_baremetal } node 'storage01.euwest.azure.internal.softwareheritage.org' { include role::swh_storage_cloud } node 'storage02.euwest.azure.internal.softwareheritage.org' { include role::swh_storage_cassandra } node /^getty.(internal.)?softwareheritage.org$/ { include role::swh_journal_orchestrator } node /^worker\d+\.(internal\.)?softwareheritage\.org$/ { include role::swh_worker_inria } node /^worker\d+\..*\.azure\.internal\.softwareheritage\.org$/ { include role::swh_worker_azure } node /^dbreplica(0|1)\.euwest\.azure\.internal\.softwareheritage\.org$/ { include role::swh_database } node /^ceph-osd\d+\.internal\.softwareheritage\.org$/ { include role::swh_ceph_osd } node /^ceph-mon\d+\.internal\.softwareheritage\.org$/ { include role::swh_ceph_mon } node /^ns\d+\.(.*\.azure\.)?internal\.softwareheritage\.org/ { include role::swh_nameserver_secondary } node 'thyssen.internal.softwareheritage.org' { include role::swh_ci_server } node 'riverside.internal.softwareheritage.org' { include role::swh_sentry } node /^jenkins-debian\d+\.internal\.softwareheritage\.org$/ { include role::swh_ci_agent_debian } node 'logstash0.internal.softwareheritage.org' { include role::swh_logstash_instance } node 'kibana0.internal.softwareheritage.org' { include role::swh_kibana_instance } node 'kelvingrove.internal.softwareheritage.org' { include role::swh_idp_primary } node 'giverny.softwareheritage.org' { include role::swh_desktop } node /^db\d\.internal\.staging\.swh\.network$/ { include role::swh_database include profile::postgresql::server include profile::pgbouncer include profile::postgresql::client } node 'scheduler0.internal.staging.swh.network' { include role::swh_scheduler include profile::postgresql::client } node 'gateway.internal.staging.swh.network' { include role::swh_gateway } node /^storage\d\.internal\.staging\.swh\.network$/ { include role::swh_base_storage include profile::postgresql::client include profile::swh::deploy::journal::backfill } node /^worker\d\.internal\.staging\.swh\.network$/ { include role::swh_worker_inria } node /^search-esnode\d\.internal\.staging\.swh\.network$/ { include role::swh_elasticsearch } node /^search\d\.internal\.staging\.swh\.network$/ { include role::swh_search_with_journal_client } node 'webapp.internal.staging.swh.network' { include role::swh_webapp } node 'deposit.internal.staging.swh.network' { include role::swh_deposit } node 'vault.internal.staging.swh.network' { include role::swh_vault } node /^rp\d\.internal\.staging\.swh\.network$/ { include role::swh_reverse_proxy } node 'journal0.internal.staging.swh.network' { include role::swh_journal_allinone } node 'bojimans.internal.softwareheritage.org' { include role::swh_netbox } +node 'clearly-defined.internal.staging.swh.network' { + include role::swh_db_client +} + node default { include role::swh_base } diff --git a/site-modules/profile/manifests/postgresql/client.pp b/site-modules/profile/manifests/postgresql/client.pp index 8a8cec5a..ec996896 100644 --- a/site-modules/profile/manifests/postgresql/client.pp +++ b/site-modules/profile/manifests/postgresql/client.pp @@ -1,38 +1,38 @@ class profile::postgresql::client { include profile::postgresql::apt_config package { 'postgresql-client': ensure => present, } # This part installs per user the postgresql client files ~/.pg_service.conf # and ~/.pgpass https://intranet.softwareheritage.org/wiki/Databases - $dbs = lookup('swh::postgres::service::dbs', Array, 'deep') + $dbs = lookup('swh::postgres::service::dbs') # Explicitly install the configuration files per user's home # TL;DR the pgpass must be readonly per user so we can't use the global one - $users = lookup('swh::postgres::service::users', Array, 'deep') + $users = lookup('swh::postgres::service::users') each ($users) | $user | { if $user == 'root' { $home = '/root' } else { $home = "/home/${user}" } file {"${home}/.pg_service.conf": ensure => file, content => template('profile/postgres/pg_service.conf.erb'), owner => $user, group => $user, mode => '0400', } file {"${home}/.pgpass": ensure => file, content => template('profile/postgres/pgpass.conf.erb'), owner => $user, group => $user, mode => '0400', } } } diff --git a/site-modules/role/manifests/swh_db_client.pp b/site-modules/role/manifests/swh_db_client.pp new file mode 100644 index 00000000..cb8f641e --- /dev/null +++ b/site-modules/role/manifests/swh_db_client.pp @@ -0,0 +1,3 @@ +class role::swh_db_client inherits role::swh_base { + include profile::postgresql::client +}