manage danzi/debconf pg_hba

diff --git a/data/common.yaml b/data/common.yaml
index 780bedb..c401386 100644 (file)
--- a/data/common.yaml
+++ b/data/common.yaml
@@ -54,6 +54,9 @@ roles::debsources::db_port: 5440
 roles::tracker::db_address: danzi.debian.org
 roles::tracker::db_port: 5432
 
+roles::debconf_wafer::db_address: danzi.debian.org
+roles::debconf_wafer::db_port: 5434
+
 roles::ftp_master::db_port: 5433
 
 roles::postgresql::ftp_master_dak_replica::db_server: fasolo.debian.org

diff --git a/data/nodes/danzi.debian.org.yaml b/data/nodes/danzi.debian.org.yaml
index 6f982f3..db77305 100644 (file)
--- a/data/nodes/danzi.debian.org.yaml
+++ b/data/nodes/danzi.debian.org.yaml
@@ -2,4 +2,4 @@
 classes:
   - roles::postgresql::server
 
-roles::postgresql::server::manage_clusters_hba: [5432]
+roles::postgresql::server::manage_clusters_hba: [5432, 5434]

diff --git a/modules/roles/manifests/debconf_wafer.pp b/modules/roles/manifests/debconf_wafer.pp
index e799875..b0c2c5e 100644 (file)
--- a/modules/roles/manifests/debconf_wafer.pp
+++ b/modules/roles/manifests/debconf_wafer.pp
@@ -1,4 +1,11 @@
-class roles::debconf_wafer {
+# debconf's wafer role
+
+# @param db_address     hostname of the postgres server for this service
+# @param db_port        port of the postgres server for this service
+class roles::debconf_wafer (
+  String  $db_address,
+  Integer $db_port,
+) {
   include apache2
   include apache2::ssl
   include apache2::expires
@@ -44,5 +51,13 @@ class roles::debconf_wafer {
     site   => 'debconf20.debconf.org',
     source => 'puppet:///modules/roles/debconf_wafer/debconf20.debconf.org',
   }
+
+  @@postgres::cluster::hba_entry { "debconf-wafer-${::fqdn}":
+    tag      => "postgres::cluster::${db_port}::hba::${db_address}",
+    pg_port  => $db_port,
+    user     => ['debconf18', 'debconf19', 'debconf20', 'wafertest'],
+    database => 'sameuser',
+    address  => $base::public_addresses,
+  }
 }