bacula::client::director_server: dinis.debian.org
bacula::client::storage_server: storace.debian.org
+roles::buildd_master::params::db_address: danzi.debian.org
+roles::buildd_master::params::db_port: 5436
+
roles::debsources::db_address: bmdb1.debian.org
roles::debsources::db_port: 5440
classes:
- roles::postgresql::server
-roles::postgresql::server::manage_clusters_hba: [5432, 5433, 5434]
+roles::postgresql::server::manage_clusters_hba: true
classes:
- roles::static_source
+ - roles::release
| EOF
}
}
- danzi: {
- ferm::rule { 'dsa-postgres-wannabuild':
- description => 'Allow postgress access to cluster: wannabuild',
- domain => '(ip ip6)',
- rule => @("EOF"/$)
- &SERVICE_RANGE(tcp, 5436, (
- ${ join(getfromhash($deprecated::allnodeinfo, 'respighi.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($deprecated::allnodeinfo, 'wuiet.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($deprecated::allnodeinfo, 'ullmann.debian.org', 'ipHostNumber'), " ") }
- ))
- | EOF
- }
- }
default: {}
}
# vpn fu
-class roles::buildd_master {
+# wanna-build
+#
+# @param db_address hostname of the postgres server for this service
+# @param db_port port of the postgres server for this service
+class roles::buildd_master (
+ String $db_address = $roles::buildd_master::params::db_address,
+ Integer $db_port = $roles::buildd_master::params::db_port,
+) inherits roles::buildd_master::params {
include apache2
include roles::sso_rp
owner => 'wbadm',
group => 'wbadm',
}
+
+ class { 'roles::buildd_master::db_guest_access':
+ database => ['wanna-build', 'wanna-build-test'],
+ }
+
+ @@postgres::cluster::hba_entry { "buildd_master-${::fqdn}":
+ tag => "postgres::cluster::${db_port}::hba::${db_address}",
+ pg_port => $db_port,
+ database => ['wanna-build', 'wanna-build-test'],
+ user => 'all',
+ address => $base::public_addresses,
+ }
}
--- /dev/null
+# wanna-build guest access to DB
+#
+# @param db_address hostname of the postgres server for this service
+# @param db_port port of the postgres server for this service
+# @param database list of databases to give access to
+class roles::buildd_master::db_guest_access (
+ String $db_address = $roles::buildd_master::params::db_address,
+ Integer $db_port = $roles::buildd_master::params::db_port,
+ Array[String] $database = ['wanna-build']
+) inherits roles::buildd_master::params {
+ @@postgres::cluster::hba_entry { "buildd_master-guest-${::fqdn}":
+ tag => "postgres::cluster::${db_port}::hba::${db_address}",
+ pg_port => $db_port,
+ database => $database,
+ user => 'guest',
+ address => $base::public_addresses,
+ method => 'trust',
+ order => '40',
+ }
+}
--- /dev/null
+# wanna-build parameters
+#
+# @param db_address hostname of the postgres server for this service
+# @param db_port port of the postgres server for this service
+class roles::buildd_master::params (
+ String $db_address = $roles::buildd_master::db_address,
+ Integer $db_port = $roles::buildd_master::db_port,
+) {
+}
--- /dev/null
+# release.debian.org role
+#
+class roles::release {
+
+ include roles::buildd_master::db_guest_access
+}
+# UDD
class roles::udd {
class { 'apache2':
rlimitmem => 512 * 1024 * 1024,
notify => Exec['service apache2 reload'],
key => true,
}
+
+ include roles::buildd_master::db_guest_access
}
projects / mirror / dsa-puppet.git / commitdiff