From a3f1849cf44a04b30bedc8952a8e6d160b513467 Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Sun, 29 Sep 2019 21:15:05 +0200 Subject: [PATCH] manage pg_hba on sallinen --- data/nodes/sallinen.debian.org.yaml | 4 ++++ .../nodes/snapshotdb-manda-01.debian.org.yaml | 2 ++ modules/roles/manifests/snapshot_db.pp | 22 +++++++++++++++++-- 3 files changed, 26 insertions(+), 2 deletions(-) diff --git a/data/nodes/sallinen.debian.org.yaml b/data/nodes/sallinen.debian.org.yaml index 6a8f996bd..19343bb09 100644 --- a/data/nodes/sallinen.debian.org.yaml +++ b/data/nodes/sallinen.debian.org.yaml @@ -1,5 +1,9 @@ --- classes: + - roles::snapshot_db - roles::postgresql::server - roles::snapshot_master - roles::snapshot_web + +roles::postgresql::server::manage_clusters_hba: true +roles::snapshot_db::db_port: 5473 diff --git a/data/nodes/snapshotdb-manda-01.debian.org.yaml b/data/nodes/snapshotdb-manda-01.debian.org.yaml index a3bab216b..c43e8fdd4 100644 --- a/data/nodes/snapshotdb-manda-01.debian.org.yaml +++ b/data/nodes/snapshotdb-manda-01.debian.org.yaml @@ -6,3 +6,5 @@ postgres::backup_server::register_backup_clienthost::allow_read_hosts: ['salline roles::postgresql::server::manage_clusters_hba: true roles::snapshot_db::db_port: 5442 roles::snapshot_db::guest_addresses: ['185.17.185.176/28', '2001:1af8:4020:b030::/64'] # leaseweb +roles::snapshot_db::upstream_db_server: sallinen.debian.org +roles::snapshot_db::upstream_db_port: 5473 diff --git a/modules/roles/manifests/snapshot_db.pp b/modules/roles/manifests/snapshot_db.pp index a14df0203..9e6f9f4a4 100644 --- a/modules/roles/manifests/snapshot_db.pp +++ b/modules/roles/manifests/snapshot_db.pp @@ -1,10 +1,16 @@ -# db server providing (secondary) snapshot databases +# db server providing snapshot databases # # @param db_port port of the snapshot cluster # @param guest_addresses addresses to allow for the guest account +# @param upstream_db_server if this node is a replica, name of the upstream db server +# @param upstream_db_port if this node is a replica, port of the upstream db server +# @param upstream_db_role if this node is a replica, replication role on the upstream db server class roles::snapshot_db ( Integer $db_port, Array[Stdlib::IP::Address] $guest_addresses = ['127.0.0.1', '::1'], + Optional[String] $upstream_db_server = undef, + Optional[Integer] $upstream_db_port = undef, + String $upstream_db_role = "repuser-${::hostname}", ) { $now = Timestamp() $date = $now.strftime('%F') @@ -40,7 +46,19 @@ class roles::snapshot_db ( user => 'guest', address => $guest_addresses, method => 'trust', + order => '30', } - + if $upstream_db_server { + if !$upstream_db_port { + fail ('Also need a port if we have a upstream_db_server') + } + @@postgres::cluster::hba_entry { "snapshot-replica-to-${::fqdn}": + tag => "postgres::cluster::${upstream_db_port}::hba::${upstream_db_server}", + pg_port => $upstream_db_port, + database => 'replication', + user => $upstream_db_role, + address => $base::public_addresses, + } + } } -- 2.20.1