manage bmdb1/dak pg_hba

diff --git a/data/common.yaml b/data/common.yaml
index 6842ec2..af54e2a 100644 (file)
--- a/data/common.yaml
+++ b/data/common.yaml
@@ -71,6 +71,9 @@ roles::nm::db_port: 5433
 roles::pet::params::db_address: bmdb1.debian.org
 roles::pet::params::db_port: 5435
 
+roles::postgresql::ftp_master_dak_replica::db_guest_access::bm:db_address: bmdb1.debian.org
+roles::postgresql::ftp_master_dak_replica::db_guest_access::bm:db_port: 5434
+
 roles::qamaster::db_address: bmdb1.debian.org
 roles::qamaster::db_port: 5435
 

diff --git a/data/nodes/bmdb1.debian.org.yaml b/data/nodes/bmdb1.debian.org.yaml
index 9155331..7113d75 100644 (file)
--- a/data/nodes/bmdb1.debian.org.yaml
+++ b/data/nodes/bmdb1.debian.org.yaml
@@ -4,4 +4,4 @@ classes:
   - roles::postgresql::ftp_master_dak_replica
 
 postgres::backup_server::register_backup_clienthost::allow_read_hosts: ['fasolo']
-roles::postgresql::server::manage_clusters_hba: [5440, 5435]
+roles::postgresql::server::manage_clusters_hba: yes

diff --git a/modules/roles/manifests/api_ftp_master.pp b/modules/roles/manifests/api_ftp_master.pp
index 61b9d37..c303178 100644 (file)
--- a/modules/roles/manifests/api_ftp_master.pp
+++ b/modules/roles/manifests/api_ftp_master.pp
@@ -7,4 +7,5 @@ class roles::api_ftp_master {
 
   # is api_ftp_master the right role to put this in?
   include roles::udd::db_guest_access
+  include roles::postgresql::ftp_master_dak_replica::db_guest_access::bm
 }

diff --git a/modules/roles/manifests/buildd_master.pp b/modules/roles/manifests/buildd_master.pp
index b3e1b96..5e0a4a3 100644 (file)
--- a/modules/roles/manifests/buildd_master.pp
+++ b/modules/roles/manifests/buildd_master.pp
@@ -43,6 +43,8 @@ class roles::buildd_master (
   # The UDD database is used to display FTBFS bugs on the web interface
   include roles::udd::db_guest_access
 
+  include roles::postgresql::ftp_master_dak_replica::db_guest_access::bm
+
   @@postgres::cluster::hba_entry { "qa-buildlogchecks-${::fqdn}":
     tag      => "postgres::cluster::${qa_buildlogchecks_db_port}::hba::${qa_buildlogchecks_db_address}",
     pg_port  => $qa_buildlogchecks_db_port,

diff --git a/modules/roles/manifests/nm.pp b/modules/roles/manifests/nm.pp
index 96ff229..009109e 100644 (file)
--- a/modules/roles/manifests/nm.pp
+++ b/modules/roles/manifests/nm.pp
@@ -26,4 +26,6 @@ class roles::nm (
     user     => ['nm', 'nmweb'],
     address  => $base::public_addresses,
   }
+
+  include roles::postgresql::ftp_master_dak_replica::db_guest_access::bm
 }

diff --git a/modules/roles/manifests/postgresql/ftp_master_dak_replica/db_guest_access/bm.pp b/modules/roles/manifests/postgresql/ftp_master_dak_replica/db_guest_access/bm.pp
new file mode 100644 (file)
index 0000000..b3092a3
--- /dev/null
+++ b/modules/roles/manifests/postgresql/ftp_master_dak_replica/db_guest_access/bm.pp
@@ -0,0 +1,25 @@
+# ftp_master_dak_replica guest access to DB
+#
+# @param db_address       hostname of the postgres server for this service
+# @param db_port          port of the postgres server for this service
+# @param database         list of databases to give access to
+# @param address          hosts to give access
+# @param connection_type  connection type
+class roles::postgresql::ftp_master_dak_replica::db_guest_access::bm (
+  String  $db_address,
+  Integer $db_port,
+  Array[String] $database = ['projectb'],
+  Enum['local', 'host', 'hostssl'] $connection_type = 'hostssl',
+  Optional[Variant[Stdlib::IP::Address, Array[Stdlib::IP::Address]]] $address = $base::public_addresses,
+) {
+  @@postgres::cluster::hba_entry { "dak-projectb-guest-${::fqdn}":
+    tag             => "postgres::cluster::${db_port}::hba::${db_address}",
+    pg_port         => $db_port,
+    database        => $database,
+    user            => 'guest',
+    address         => $address,
+    connection_type => $connection_type,
+    method          => 'trust',
+    order           => '25',
+  }
+}

diff --git a/modules/roles/manifests/qamaster.pp b/modules/roles/manifests/qamaster.pp
index e0c8971..bcebd10 100644 (file)
--- a/modules/roles/manifests/qamaster.pp
+++ b/modules/roles/manifests/qamaster.pp
@@ -21,6 +21,7 @@ class roles::qamaster (
   }
 
   include roles::udd::db_guest_access
+  include roles::postgresql::ftp_master_dak_replica::db_guest_access::bm
 
   @@postgres::cluster::hba_entry { "qa-${::fqdn}":
     tag      => "postgres::cluster::${db_port}::hba::${db_address}",

diff --git a/modules/roles/manifests/release.pp b/modules/roles/manifests/release.pp
index 72b6b99..152cced 100644 (file)
--- a/modules/roles/manifests/release.pp
+++ b/modules/roles/manifests/release.pp
@@ -8,6 +8,7 @@ class roles::release (
 ) {
   include roles::buildd_master::db_guest_access
   include roles::udd::db_guest_access
+  include roles::postgresql::ftp_master_dak_replica::db_guest_access::bm
 
   @@postgres::cluster::hba_entry { "release-${::fqdn}":
     tag      => "postgres::cluster::${db_port}::hba::${db_address}",

diff --git a/modules/roles/manifests/udd.pp b/modules/roles/manifests/udd.pp
index a6f4c2d..ed5a564 100644 (file)
--- a/modules/roles/manifests/udd.pp
+++ b/modules/roles/manifests/udd.pp
@@ -11,6 +11,7 @@ class roles::udd {
 
   include roles::buildd_master::db_guest_access
   include roles::pet::db_guest_access
+  include roles::postgresql::ftp_master_dak_replica::db_guest_access::bm
 
   class { 'roles::udd::db_guest_access':
     database        => ['udd', 'udd-dev'],