roles::debsources::db_address: bmdb1.debian.org
roles::debsources::db_port: 5440
+roles::tracker::db_address: danzi.debian.org
+roles::tracker::db_port: 5432
+
roles::ftp_master::db_port: 5433
roles::postgresql::ftp_master_dak_replica::db_server: fasolo.debian.org
---
classes:
- roles::postgresql::server
+
+roles::postgresql::server::manage_clusters_hba: [5432]
}
}
danzi: {
- ferm::rule { 'dsa-postgres-tracker':
- description => 'Allow postgress access to cluster: tracker',
- domain => '(ip ip6)',
- rule => @("EOF"/$)
- &SERVICE_RANGE(tcp, 5432, (
- ${ join(getfromhash($deprecated::allnodeinfo, 'ticharich.debian.org', 'ipHostNumber'), " ") }
- ))
- | EOF
- }
ferm::rule { 'dsa-postgres-main':
description => 'Allow postgress access to cluster: main',
domain => '(ip ip6)',
-class roles::tracker {
+# tracker.debian.org service
+#
+# @param db_address hostname of the postgres server for this service
+# @param db_port port of the postgres server for this service
+class roles::tracker (
+ String $db_address,
+ Integer $db_port,
+) {
include apache2
include roles::sso_rp
owner => 'qa',
group => 'qa',
}
+
+ @@postgres::cluster::hba_entry { "tracker-${::fqdn}":
+ tag => "postgres::cluster::${db_port}::hba::${db_address}",
+ pg_port => $db_port,
+ database => ['tracker', 'tracker-test'],
+ user => 'qa',
+ address => $base::public_addresses,
+ }
}
projects / mirror / dsa-puppet.git / commitdiff