From 95efb9b2fbd478ed0f9ec8d2c28b9508c9006fa9 Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Thu, 31 Aug 2017 18:55:04 +0000 Subject: [PATCH] salsa: plan to deploy database with puppet, write out credentials to a .yaml file --- modules/salsa/manifests/database.pp | 24 ++++++++++++++++++++++++ modules/salsa/manifests/init.pp | 18 ++++++++++++++++++ modules/salsa/manifests/params.pp | 4 +++- 3 files changed, 45 insertions(+), 1 deletion(-) create mode 100644 modules/salsa/manifests/database.pp diff --git a/modules/salsa/manifests/database.pp b/modules/salsa/manifests/database.pp new file mode 100644 index 000000000..de6d2db7f --- /dev/null +++ b/modules/salsa/manifests/database.pp @@ -0,0 +1,24 @@ +# +class salsa::database inherits salsa { +# XXX does not work just yet. + +# include postgresql::server +# +# postgresql::server::db { $salsa::db_name: +# user => $salsa::db_role, +# password => postgresql_password($salsa::db_role, $salsa::db_password), +# } +# +# postgresql::server::extension { 'pg_trgm': +# database => $salsa::db_name, +# } + +# so do things by hand for now + ensure_packages ( "postgresql", { ensure => 'installed' }) + # create role, create db owned by role, add extension + + # XXX set up backups + file { "/var/lib/postgresql/9.6/main/.nobackup": + content => "" + } +} diff --git a/modules/salsa/manifests/init.pp b/modules/salsa/manifests/init.pp index 95eb0e17f..3e798d029 100644 --- a/modules/salsa/manifests/init.pp +++ b/modules/salsa/manifests/init.pp @@ -3,6 +3,10 @@ class salsa ( $user = $salsa::params::user, $group = $salsa::params::group, $home = $salsa::params::home, + + $db_name = $salsa::params::db_name, + $db_role = $salsa::params::db_role, + $db_password = $salsa::params::db_password, ) inherits salsa::params { # anchor things in correct order @@ -10,6 +14,7 @@ class salsa ( class { '::salsa::mail': } -> class { '::salsa::redis': } -> class { '::salsa::packages': } -> + class { '::salsa::database': } -> anchor { 'salsa::end': } # userdir-ldap users get their home in /home @@ -23,4 +28,17 @@ class salsa ( owner => $salsa::user, group => $salsa::group, } + + file { "${salsa::home}/.credentials.yaml": + mode => '0400', + owner => $salsa::user, + group => $salsa::group, + content => @("EOF"), + --- + database: + name: "${salsa::db_name}" + role: "${salsa::db_role}" + password: "${salsa::db_password}" + | EOF + } } diff --git a/modules/salsa/manifests/params.pp b/modules/salsa/manifests/params.pp index fd37fe385..e647cc240 100644 --- a/modules/salsa/manifests/params.pp +++ b/modules/salsa/manifests/params.pp @@ -4,5 +4,7 @@ class salsa::params { $group = "git" $home = "/srv/salsa.debian.org" - # $salsa_ = hkdf('/etc/puppet/secret', "bacula-dir-${::hostname}") + $db_name = "salsa" + $db_role = "salsa" + $db_password = hkdf('/etc/puppet/secret', "postgresql-${::hostname}-salsa-${db_role}") } -- 2.20.1