roles::buildd_master::params::db_address: danzi.debian.org
roles::buildd_master::params::db_port: 5436
+roles::buildd_master::qa_buildlogchecks_db_address: bmdb1.debian.org
+roles::buildd_master::qa_buildlogchecks_db_port: 5435
roles::debconf_wafer::db_address: danzi.debian.org
roles::debconf_wafer::db_port: 5434
roles::debsources::db_address: bmdb1.debian.org
roles::debsources::db_port: 5440
+roles::debtags::db_address: bmdb1.debian.org
+roles::debtags::db_port: 5435
+
roles::ftp_master::db_port: 5433
roles::nm::db_address: danzi.debian.org
roles::nm::db_port: 5433
+roles::pet::params::db_address: bmdb1.debian.org
+roles::pet::params::db_port: 5435
+
+roles::qamaster::db_address: bmdb1.debian.org
+roles::qamaster::db_port: 5435
+
+roles::release::db_address: bmdb1.debian.org
+roles::release::db_port: 5435
+
roles::rtmaster::db_address: danzi.debian.org
roles::rtmaster::db_port: 5433
- roles::postgresql::ftp_master_dak_replica
postgres::backup_server::register_backup_clienthost::allow_read_hosts: ['fasolo']
-roles::postgresql::server::manage_clusters_hba: [5440]
+roles::postgresql::server::manage_clusters_hba: [5440, 5435]
# postgres stuff
case $::hostname {
bmdb1: {
- ferm::rule { 'dsa-postgres-main':
- description => 'Allow postgress access to cluster: main',
- domain => '(ip ip6)',
- rule => @("EOF"/$)
- &SERVICE_RANGE(tcp, 5435, (
- ${ join(getfromhash($deprecated::allnodeinfo, 'petrova.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($deprecated::allnodeinfo, 'ullmann.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($deprecated::allnodeinfo, 'wuiet.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($deprecated::allnodeinfo, 'quantz.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($deprecated::allnodeinfo, 'respighi.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($deprecated::allnodeinfo, 'tate.debian.org', 'ipHostNumber'), " ") }
- ))
- | EOF
- }
ferm::rule { 'dsa-postgres-dak':
description => 'Allow postgress access to cluster: dak',
domain => '(ip ip6)',
#
# @param db_address hostname of the postgres server for this service
# @param db_port port of the postgres server for this service
+# @param qa_buildlogchecks_db_address hostname of the postgres server for this service
+# @param qa_buildlogchecks_db_port port of the postgres server for this service
class roles::buildd_master (
+ String $qa_buildlogchecks_db_address,
+ Integer $qa_buildlogchecks_db_port,
String $db_address = $roles::buildd_master::params::db_address,
Integer $db_port = $roles::buildd_master::params::db_port,
) inherits roles::buildd_master::params {
}
include roles::udd::db_guest_access
+
+ @@postgres::cluster::hba_entry { "qa-buildlogchecks-${::fqdn}":
+ tag => "postgres::cluster::${qa_buildlogchecks_db_port}::hba::${qa_buildlogchecks_db_address}",
+ pg_port => $qa_buildlogchecks_db_port,
+ database => 'qa-buildlogchecks',
+ user => 'qa-buildlogchecks',
+ address => $base::public_addresses,
+ }
}
-class roles::debtags {
+# debtags.debian.org role
+#
+# @param db_address hostname of the postgres server for this service
+# @param db_port port of the postgres server for this service
+class roles::debtags (
+ String $db_address,
+ Integer $db_port,
+) {
include apache2
include apache2::ssl
include roles::sso_rp
site => 'debtags.debian.org',
source => 'puppet:///modules/roles/debtags/debtags.debian.org',
}
+
+ @@postgres::cluster::hba_entry { "debtags-${::fqdn}":
+ tag => "postgres::cluster::${db_port}::hba::${db_address}",
+ pg_port => $db_port,
+ database => 'debtags',
+ user => 'debtags',
+ address => $base::public_addresses,
+ }
}
-class roles::pet {
+# pet.debian.org role
+#
+# @param db_address hostname of the postgres server for this service
+# @param db_port port of the postgres server for this service
+class roles::pet (
+ String $db_address = $roles::pet::params::db_address,
+ Integer $db_port = $roles::pet::params::db_port,
+) {
include apache2
ssl::service { 'pet.debian.net': notify => Exec['service apache2 reload'], key => true, }
ssl::service { 'pet-devel.debian.net': notify => Exec['service apache2 reload'], key => true, }
+
+ @@postgres::cluster::hba_entry { "pet-${::fqdn}":
+ tag => "postgres::cluster::${db_port}::hba::${db_address}",
+ pg_port => $db_port,
+ database => ['pet', 'pet-devel'],
+ user => 'pet',
+ address => $base::public_addresses,
+ }
}
-class roles::qamaster {
+# qa.debian.org role
+#
+# @param db_address hostname of the postgres server for this service
+# @param db_port port of the postgres server for this service
+# @param qa_buildlogchecks_db_address hostname of the postgres server for this service
+# @param qa_buildlogchecks_db_port port of the postgres server for this service
+class roles::qamaster (
+ String $db_address,
+ Integer $db_port,
+ String $qa_buildlogchecks_db_address = lookup('roles::buildd_master::qa_buildlogchecks_db_address'),
+ Integer $qa_buildlogchecks_db_port = lookup('roles::buildd_master::qa_buildlogchecks_db_port'),
+) {
include apache2
include roles::sso_rp
}
include roles::udd::db_guest_access
+
+ @@postgres::cluster::hba_entry { "qa-${::fqdn}":
+ tag => "postgres::cluster::${db_port}::hba::${db_address}",
+ pg_port => $db_port,
+ database => 'qa',
+ user => ['qa', 'qaweb'],
+ address => $base::public_addresses,
+ }
+ @@postgres::cluster::hba_entry { "qa-guest-${::fqdn}":
+ tag => "postgres::cluster::${db_port}::hba::${db_address}",
+ pg_port => $db_port,
+ database => 'qa',
+ user => 'guest',
+ address => $base::public_addresses,
+ method => 'trust',
+ }
+ @@postgres::cluster::hba_entry { "qa-buildlogchecks-guest-${::fqdn}":
+ tag => "postgres::cluster::${qa_buildlogchecks_db_port}::hba::${qa_buildlogchecks_db_address}",
+ pg_port => $qa_buildlogchecks_db_port,
+ database => 'qa-buildlogchecks',
+ user => 'guest',
+ address => $base::public_addresses,
+ method => 'trust',
+ }
}
# release.debian.org role
#
-class roles::release {
-
+# @param db_address hostname of the postgres server for this service
+# @param db_port port of the postgres server for this service
+class roles::release (
+ String $db_address,
+ Integer $db_port,
+) {
include roles::buildd_master::db_guest_access
include roles::udd::db_guest_access
+
+ @@postgres::cluster::hba_entry { "release-${::fqdn}":
+ tag => "postgres::cluster::${db_port}::hba::${db_address}",
+ pg_port => $db_port,
+ database => 'release',
+ user => 'release',
+ address => $base::public_addresses,
+ }
}
}
include roles::buildd_master::db_guest_access
+ include roles::pet::db_guest_access
class { 'roles::udd::db_guest_access':
database => ['udd', 'udd-dev'],
projects / mirror / dsa-puppet.git / commitdiff