roles::debconf_wafer::db_address: danzi.debian.org
roles::debconf_wafer::db_port: 5434
+roles::nm::db_address: danzi.debian.org
+roles::nm::db_port: 5433
+
+roles::rtmaster::db_address: danzi.debian.org
+roles::rtmaster::db_port: 5433
+
+roles::sso::db_address: danzi.debian.org
+roles::sso::db_port: 5433
+
roles::ftp_master::db_port: 5433
roles::postgresql::ftp_master_dak_replica::db_server: fasolo.debian.org
classes:
- roles::postgresql::server
-roles::postgresql::server::manage_clusters_hba: [5432, 5434]
+roles::postgresql::server::manage_clusters_hba: [5432, 5433, 5434]
}
}
danzi: {
- ferm::rule { 'dsa-postgres-main':
- description => 'Allow postgress access to cluster: main',
- domain => '(ip ip6)',
- rule => @("EOF"/$)
- &SERVICE_RANGE(tcp, 5433, (
- ${ join(getfromhash($deprecated::allnodeinfo, 'diabelli.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($deprecated::allnodeinfo, 'nono.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($deprecated::allnodeinfo, 'reger.debian.org', 'ipHostNumber'), " ") }
- ))
- | EOF
- }
- ferm::rule { 'dsa-postgres-debconf':
- description => 'Allow postgress access to cluster: debconf',
- domain => '(ip ip6)',
- rule => @("EOF"/$)
- &SERVICE_RANGE(tcp, 5434, (
- ${ join(getfromhash($deprecated::allnodeinfo, 'debussy.debian.org', 'ipHostNumber'), " ") }
- ))
- | EOF
- }
ferm::rule { 'dsa-postgres-wannabuild':
description => 'Allow postgress access to cluster: wannabuild',
domain => '(ip ip6)',
-class roles::nm {
+# nm.debian.org role
+#
+# @param db_address hostname of the postgres server for this service
+# @param db_port port of the postgres server for this service
+class roles::nm (
+ String $db_address,
+ Integer $db_port,
+) {
include apache2
include roles::sso_rp
owner => 'nm',
group => 'nm',
}
+
+ @@postgres::cluster::hba_entry { "nm-${::fqdn}":
+ tag => "postgres::cluster::${db_port}::hba::${db_address}",
+ pg_port => $db_port,
+ database => ['nm', 'contributors'],
+ user => ['nm', 'nmweb'],
+ address => $base::public_addresses,
+ }
}
-class roles::rtmaster {
+# rt.debian.org
+#
+# @param db_address hostname of the postgres server for this service
+# @param db_port port of the postgres server for this service
+class roles::rtmaster (
+ String $db_address,
+ Integer $db_port,
+) {
include apache2
ssl::service { 'rt.debian.org':
notify => Exec['service apache2 reload'],
mail_user => 'rt',
mail_group => 'rt',
}
+
+ @@postgres::cluster::hba_entry { "rt-${::fqdn}":
+ tag => "postgres::cluster::${db_port}::hba::${db_address}",
+ pg_port => $db_port,
+ database => 'rtdb',
+ user => 'rtuser',
+ address => $base::public_addresses,
+ }
}
# Debian SSO class.
#
# This sets up the web service as well as the LDAP backend for ftmg
-class roles::sso {
+#
+# @param db_address hostname of the postgres server for this service
+# @param db_port port of the postgres server for this service
+class roles::sso (
+ String $db_address,
+ Integer $db_port,
+) {
include apache2
include roles::sso_rp
source => 'puppet:///modules/roles/sso/openssh-ldap.schema',
notify => Service['slapd'],
}
+
+ @@postgres::cluster::hba_entry { "debsso-${::fqdn}":
+ tag => "postgres::cluster::${db_port}::hba::${db_address}",
+ pg_port => $db_port,
+ database => 'debsso',
+ user => ['debsso', 'debssoweb'],
+ address => $base::public_addresses,
+ }
}
projects / mirror / dsa-puppet.git / commitdiff