roles::sso::db_address: danzi.debian.org
roles::sso::db_port: 5433
+roles::udd::params::db_address: ullmann.debian.org
+roles::udd::params::db_port: 5452
+
roles::ftp_master::db_port: 5433
roles::postgresql::ftp_master_dak_replica::db_server: fasolo.debian.org
---
+classes:
+ - roles::master
+
roles::mta::heavy: true
- roles::udd
- roles::postgresql::server
-# roles::postgresql::server::manage_clusters_hba: true
+roles::postgresql::server::manage_clusters_hba: true
roles::postgresql::server::backups: false
# postgres stuff
case $::hostname {
- ullmann: {
- ferm::rule { 'dsa-postgres-udd':
- description => 'Allow postgress access',
- domain => '(ip ip6)',
- # quantz, master, coccia
- rule => @("EOF")
- &SERVICE_RANGE(tcp, 5452, (
- ${ join(getfromhash($deprecated::allnodeinfo, 'quantz.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($deprecated::allnodeinfo, 'master.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($deprecated::allnodeinfo, 'coccia.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($deprecated::allnodeinfo, 'respighi.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($deprecated::allnodeinfo, 'wuiet.debian.org', 'ipHostNumber'), " ") }
- ))
- | EOF
- }
- }
bmdb1: {
ferm::rule { 'dsa-postgres-main':
description => 'Allow postgress access to cluster: main',
notify => Exec['service apache2 reload'],
key => true,
}
+
+ # is api_ftp_master the right role to put this in?
+ include roles::udd::db_guest_access
}
user => 'all',
address => $base::public_addresses,
}
+
+ include roles::udd::db_guest_access
}
--- /dev/null
+# master.debian.org role, generic DD shell stuff
+#
+class roles::master {
+ include roles::udd::db_guest_access
+}
owner => 'qa',
group => 'qa',
}
+
+ include roles::udd::db_guest_access
}
class roles::release {
include roles::buildd_master::db_guest_access
+ include roles::udd::db_guest_access
}
}
include roles::buildd_master::db_guest_access
+
+ class { 'roles::udd::db_guest_access':
+ database => ['udd', 'udd-dev'],
+ }
}
--- /dev/null
+# udd guest access to DB
+#
+# @param db_address hostname of the postgres server for this service
+# @param db_port port of the postgres server for this service
+# @param database list of databases to give access to
+class roles::udd::db_guest_access (
+ String $db_address = $roles::udd::params::db_address,
+ Integer $db_port = $roles::udd::params::db_port,
+ Array[String] $database = ['udd']
+) inherits roles::udd::params {
+ @@postgres::cluster::hba_entry { "udd-guest-${::fqdn}":
+ tag => "postgres::cluster::${db_port}::hba::${db_address}",
+ pg_port => $db_port,
+ database => $database,
+ user => 'guest',
+ address => $base::public_addresses,
+ method => 'trust',
+ order => '40',
+ }
+}
--- /dev/null
+# udd parameters
+#
+# @param db_address hostname of the postgres server for this service
+# @param db_port port of the postgres server for this service
+class roles::udd::params (
+ String $db_address = $roles::udd::db_address,
+ Integer $db_port = $roles::udd::db_port,
+) {
+}
projects / mirror / dsa-puppet.git / commitdiff