salsa: plan to deploy database with puppet, write out credentials to a .yaml file

author Peter Palfrader <peter@palfrader.org>

Thu, 31 Aug 2017 18:55:04 +0000 (18:55 +0000)

committer Peter Palfrader <peter@palfrader.org>

Thu, 31 Aug 2017 18:55:04 +0000 (18:55 +0000)
author Peter Palfrader <peter@palfrader.org>
Thu, 31 Aug 2017 18:55:04 +0000 (18:55 +0000)
committer Peter Palfrader <peter@palfrader.org>
Thu, 31 Aug 2017 18:55:04 +0000 (18:55 +0000)
diff --git a/modules/salsa/manifests/database.pp b/modules/salsa/manifests/database.pp

new file mode 100644 (file)

index 0000000..de6d2db
--- /dev/null
+++ b/modules/salsa/manifests/database.pp
@@ -0,0 +1,24 @@
+#
+class salsa::database inherits salsa {
+# XXX does not work just yet.
+
+#      include postgresql::server
+#
+#      postgresql::server::db { $salsa::db_name:
+#              user     => $salsa::db_role,
+#              password => postgresql_password($salsa::db_role, $salsa::db_password),
+#      }
+#
+#      postgresql::server::extension { 'pg_trgm':
+#              database => $salsa::db_name,
+#      }
+
+# so do things by hand for now
+       ensure_packages ( "postgresql", { ensure => 'installed' })
+       # create role, create db owned by role, add extension
+
+       # XXX set up backups
+       file { "/var/lib/postgresql/9.6/main/.nobackup":
+               content  => ""
+       }
+}
diff --git a/modules/salsa/manifests/init.pp b/modules/salsa/manifests/init.pp

index 95eb0e1..3e798d0 100644 (file)
--- a/modules/salsa/manifests/init.pp
+++ b/modules/salsa/manifests/init.pp
@@ -3,6 +3,10 @@ class salsa (
         $user = $salsa::params::user,
         $group = $salsa::params::group,
         $home = $salsa::params::home,
+
+       $db_name = $salsa::params::db_name,
+       $db_role = $salsa::params::db_role,
+       $db_password = $salsa::params::db_password,
  ) inherits salsa::params {
  
         # anchor things in correct order
@@ -10,6 +14,7 @@ class salsa (
         class { '::salsa::mail': } ->
         class { '::salsa::redis': } ->
         class { '::salsa::packages': } ->
+       class { '::salsa::database': } ->
         anchor { 'salsa::end': }
  
         # userdir-ldap users get their home in /home
@@ -23,4 +28,17 @@ class salsa (
                 owner  => $salsa::user,
                 group  => $salsa::group,
         }
+
+       file { "${salsa::home}/.credentials.yaml":
+               mode => '0400',
+               owner  => $salsa::user,
+               group  => $salsa::group,
+               content  => @("EOF"),
+                               ---
+                               database:
+                                 name: "${salsa::db_name}"
+                                 role: "${salsa::db_role}"
+                                 password: "${salsa::db_password}"
+                               | EOF
+       }
  }
diff --git a/modules/salsa/manifests/params.pp b/modules/salsa/manifests/params.pp

index fd37fe3..e647cc2 100644 (file)
--- a/modules/salsa/manifests/params.pp
+++ b/modules/salsa/manifests/params.pp
@@ -4,5 +4,7 @@ class salsa::params {
         $group = "git"
         $home = "/srv/salsa.debian.org"
  
-       # $salsa_   = hkdf('/etc/puppet/secret', "bacula-dir-${::hostname}")
+       $db_name = "salsa"
+       $db_role = "salsa"
+       $db_password = hkdf('/etc/puppet/secret', "postgresql-${::hostname}-salsa-${db_role}")
  }
author	Peter Palfrader <peter@palfrader.org>
	Thu, 31 Aug 2017 18:55:04 +0000 (18:55 +0000)
committer	Peter Palfrader <peter@palfrader.org>
	Thu, 31 Aug 2017 18:55:04 +0000 (18:55 +0000)
modules/salsa/manifests/database.pp	[new file with mode: 0644]	patch \| blob
modules/salsa/manifests/init.pp		patch \| blob \| history
modules/salsa/manifests/params.pp		patch \| blob \| history