manage pg_hba on snapshotdb-manda-01

diff --git a/data/nodes/snapshotdb-manda-01.debian.org.yaml b/data/nodes/snapshotdb-manda-01.debian.org.yaml
index b756c7b..a3bab21 100644 (file)
--- a/data/nodes/snapshotdb-manda-01.debian.org.yaml
+++ b/data/nodes/snapshotdb-manda-01.debian.org.yaml
@@ -3,3 +3,6 @@ classes:
   - roles::postgresql::server
 
 postgres::backup_server::register_backup_clienthost::allow_read_hosts: ['sallinen']
+roles::postgresql::server::manage_clusters_hba: true
+roles::snapshot_db::db_port: 5442
+roles::snapshot_db::guest_addresses: ['185.17.185.176/28', '2001:1af8:4020:b030::/64'] # leaseweb

diff --git a/modules/roles/manifests/snapshot_db.pp b/modules/roles/manifests/snapshot_db.pp
index 93f71bd..5f045e8 100644 (file)
--- a/modules/roles/manifests/snapshot_db.pp
+++ b/modules/roles/manifests/snapshot_db.pp
@@ -1,5 +1,10 @@
 # db server providing (secondary) snapshot databases
+#
+# @param db_port          port of the snapshot cluster
+# @param guest_addresses  addresses to allow for the guest account
 class roles::snapshot_db (
+  Integer $db_port,
+  Array[Stdlib::IP::Address] $guest_addresses = ['127.0.0.1', '::1'],
 ) {
   $now = Timestamp()
   $date = $now.strftime('%F')
@@ -26,4 +31,14 @@ class roles::snapshot_db (
       | EOF
   }
 
+
+  postgres::cluster::hba_entry { 'snapshot-guest':
+    pg_port  => $db_port,
+    database => 'snapshot',
+    user     => 'guest',
+    address  => $guest_addresses,
+    method   => 'trust',
+  }
+
+
 }