First attempt to configure pg_hba of the bacula cluster

We will want to split this and hardcode less in the future.

diff --git a/data/nodes/postgresql-manda-01.debian.org.yaml b/data/nodes/postgresql-manda-01.debian.org.yaml
index b640495..c1b01ac 100644 (file)
--- a/data/nodes/postgresql-manda-01.debian.org.yaml
+++ b/data/nodes/postgresql-manda-01.debian.org.yaml
@@ -1,3 +1,4 @@
 ---
 classes:
   - roles::postgresql::server
+  - roles::postgresql::cluster_bacula

diff --git a/modules/roles/manifests/postgresql/cluster_bacula.pp b/modules/roles/manifests/postgresql/cluster_bacula.pp
new file mode 100644 (file)
index 0000000..af277cc
--- /dev/null
+++ b/modules/roles/manifests/postgresql/cluster_bacula.pp
@@ -0,0 +1,40 @@
+#
+# postgresql bacula cluster
+#
+class roles::postgresql::cluster_bacula {
+  $pg_port = 5432
+  $pg_cluster = 'bacula'
+  $pg_version = '11'
+
+  postgres::cluster { 'bacula':
+    pg_version => $pg_version,
+    pg_cluster => $pg_cluster,
+    pg_port    => $pg_port,
+    manage_hba => true,
+  }
+  postgres::cluster::hba_entry { 'bacula-dir':
+    pg_version => $pg_version,
+    pg_cluster => $pg_cluster,
+    pg_port    => $pg_port,
+    database   => 'bacula',
+    user       => ['bacula', 'bacula-dinis-reader', 'nagios'],
+    address    => ['82.195.75.77', '2001:41b8:202:deb::311:77'],
+  }
+  postgres::cluster::hba_entry { 'bacula-sd':
+    pg_version => $pg_version,
+    pg_cluster => $pg_cluster,
+    pg_port    => $pg_port,
+    database   => 'bacula',
+    user       => 'bacula-storace-reader',
+    address    => ['93.94.130.161', '2a02:158:380:280::161'],
+  }
+
+  postgres::cluster::hba_entry { 'replication':
+    pg_version => $pg_version,
+    pg_cluster => $pg_cluster,
+    pg_port    => $pg_port,
+    database   => 'replication',
+    user       => 'debian-backup',
+    address    => ['5.153.231.12', '2001:41c8:1000:21::21:12', '93.94.130.161', '2a02:158:380:280::161'],
+  }
+}