projects
/
mirror
/
dsa-puppet.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
b2b7beb
)
manage danzi/tracker pg_hba
author
Peter Palfrader
<peter@palfrader.org>
Sun, 29 Sep 2019 20:16:20 +0000
(22:16 +0200)
committer
Peter Palfrader
<peter@palfrader.org>
Sun, 29 Sep 2019 20:16:20 +0000
(22:16 +0200)
data/common.yaml
patch
|
blob
|
history
data/nodes/danzi.debian.org.yaml
patch
|
blob
|
history
modules/ferm/manifests/per_host.pp
patch
|
blob
|
history
modules/roles/manifests/tracker.pp
patch
|
blob
|
history
diff --git
a/data/common.yaml
b/data/common.yaml
index
a853b5b
..
780bedb
100644
(file)
--- a/
data/common.yaml
+++ b/
data/common.yaml
@@
-51,6
+51,9
@@
bacula::client::storage_server: storace.debian.org
roles::debsources::db_address: bmdb1.debian.org
roles::debsources::db_port: 5440
roles::debsources::db_address: bmdb1.debian.org
roles::debsources::db_port: 5440
+roles::tracker::db_address: danzi.debian.org
+roles::tracker::db_port: 5432
+
roles::ftp_master::db_port: 5433
roles::postgresql::ftp_master_dak_replica::db_server: fasolo.debian.org
roles::ftp_master::db_port: 5433
roles::postgresql::ftp_master_dak_replica::db_server: fasolo.debian.org
diff --git
a/data/nodes/danzi.debian.org.yaml
b/data/nodes/danzi.debian.org.yaml
index
b640495
..
6f982f3
100644
(file)
--- a/
data/nodes/danzi.debian.org.yaml
+++ b/
data/nodes/danzi.debian.org.yaml
@@
-1,3
+1,5
@@
---
classes:
- roles::postgresql::server
---
classes:
- roles::postgresql::server
+
+roles::postgresql::server::manage_clusters_hba: [5432]
diff --git
a/modules/ferm/manifests/per_host.pp
b/modules/ferm/manifests/per_host.pp
index
86edbde
..
3f9fdd2
100644
(file)
--- a/
modules/ferm/manifests/per_host.pp
+++ b/
modules/ferm/manifests/per_host.pp
@@
-134,15
+134,6
@@
class ferm::per_host {
}
}
danzi: {
}
}
danzi: {
- ferm::rule { 'dsa-postgres-tracker':
- description => 'Allow postgress access to cluster: tracker',
- domain => '(ip ip6)',
- rule => @("EOF"/$)
- &SERVICE_RANGE(tcp, 5432, (
- ${ join(getfromhash($deprecated::allnodeinfo, 'ticharich.debian.org', 'ipHostNumber'), " ") }
- ))
- | EOF
- }
ferm::rule { 'dsa-postgres-main':
description => 'Allow postgress access to cluster: main',
domain => '(ip ip6)',
ferm::rule { 'dsa-postgres-main':
description => 'Allow postgress access to cluster: main',
domain => '(ip ip6)',
diff --git
a/modules/roles/manifests/tracker.pp
b/modules/roles/manifests/tracker.pp
index
e2ed250
..
962e92c
100644
(file)
--- a/
modules/roles/manifests/tracker.pp
+++ b/
modules/roles/manifests/tracker.pp
@@
-1,4
+1,11
@@
-class roles::tracker {
+# tracker.debian.org service
+#
+# @param db_address hostname of the postgres server for this service
+# @param db_port port of the postgres server for this service
+class roles::tracker (
+ String $db_address,
+ Integer $db_port,
+) {
include apache2
include roles::sso_rp
include apache2
include roles::sso_rp
@@
-17,4
+24,12
@@
class roles::tracker {
owner => 'qa',
group => 'qa',
}
owner => 'qa',
group => 'qa',
}
+
+ @@postgres::cluster::hba_entry { "tracker-${::fqdn}":
+ tag => "postgres::cluster::${db_port}::hba::${db_address}",
+ pg_port => $db_port,
+ database => ['tracker', 'tracker-test'],
+ user => 'qa',
+ address => $base::public_addresses,
+ }
}
}