manage bmdb1/dak pg_hba

[mirror/dsa-puppet.git] / modules / roles / manifests / qamaster.pp

diff --git a/modules/roles/manifests/qamaster.pp b/modules/roles/manifests/qamaster.pp
index d10c1a4..bcebd10 100644 (file)
--- a/modules/roles/manifests/qamaster.pp
+++ b/modules/roles/manifests/qamaster.pp
@@ -1,6 +1,49 @@
-class roles::qamaster {
+# qa.debian.org role
+#
+# @param db_address     hostname of the postgres server for this service
+# @param db_port        port of the postgres server for this service
+# @param qa_buildlogchecks_db_address     hostname of the postgres server for this service
+# @param qa_buildlogchecks_db_port        port of the postgres server for this service
+class roles::qamaster (
+  String  $db_address,
+  Integer $db_port,
+  String  $qa_buildlogchecks_db_address = lookup('roles::buildd_master::qa_buildlogchecks_db_address'),
+  Integer $qa_buildlogchecks_db_port    = lookup('roles::buildd_master::qa_buildlogchecks_db_port'),
+) {
   include apache2
   include roles::sso_rp
 
   ssl::service { 'qa.debian.org': notify  => Exec['service apache2 reload'], key => true, }
+
+  exim::vdomain { 'qa.debian.org':
+    owner => 'qa',
+    group => 'qa',
+  }
+
+  include roles::udd::db_guest_access
+  include roles::postgresql::ftp_master_dak_replica::db_guest_access::bm
+
+  @@postgres::cluster::hba_entry { "qa-${::fqdn}":
+    tag      => "postgres::cluster::${db_port}::hba::${db_address}",
+    pg_port  => $db_port,
+    database => 'qa',
+    user     => ['qa', 'qaweb'],
+    address  => $base::public_addresses,
+  }
+  @@postgres::cluster::hba_entry { "qa-guest-${::fqdn}":
+    tag      => "postgres::cluster::${db_port}::hba::${db_address}",
+    pg_port  => $db_port,
+    database => 'qa',
+    user     => 'guest',
+    address  => $base::public_addresses,
+    method   => 'trust',
+  }
+  @@postgres::cluster::hba_entry { "qa-buildlogchecks-guest-${::fqdn}":
+    tag      => "postgres::cluster::${qa_buildlogchecks_db_port}::hba::${qa_buildlogchecks_db_address}",
+    pg_port  => $qa_buildlogchecks_db_port,
+    database => 'qa-buildlogchecks',
+    user     => 'guest',
+    address  => $base::public_addresses,
+    method   => 'trust',
+  }
 }