From 768ec9a8fc86b187fd460ac8b53f31ab60d35870 Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Tue, 1 Oct 2019 15:19:11 +0200 Subject: [PATCH] manage bmdb1/dak pg_hba --- data/common.yaml | 3 +++ data/nodes/bmdb1.debian.org.yaml | 2 +- modules/roles/manifests/api_ftp_master.pp | 1 + modules/roles/manifests/buildd_master.pp | 2 ++ modules/roles/manifests/nm.pp | 2 ++ .../db_guest_access/bm.pp | 25 +++++++++++++++++++ modules/roles/manifests/qamaster.pp | 1 + modules/roles/manifests/release.pp | 1 + modules/roles/manifests/udd.pp | 1 + 9 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 modules/roles/manifests/postgresql/ftp_master_dak_replica/db_guest_access/bm.pp diff --git a/data/common.yaml b/data/common.yaml index 6842ec253..af54e2abb 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -71,6 +71,9 @@ roles::nm::db_port: 5433 roles::pet::params::db_address: bmdb1.debian.org roles::pet::params::db_port: 5435 +roles::postgresql::ftp_master_dak_replica::db_guest_access::bm:db_address: bmdb1.debian.org +roles::postgresql::ftp_master_dak_replica::db_guest_access::bm:db_port: 5434 + roles::qamaster::db_address: bmdb1.debian.org roles::qamaster::db_port: 5435 diff --git a/data/nodes/bmdb1.debian.org.yaml b/data/nodes/bmdb1.debian.org.yaml index 9155331e7..7113d7579 100644 --- a/data/nodes/bmdb1.debian.org.yaml +++ b/data/nodes/bmdb1.debian.org.yaml @@ -4,4 +4,4 @@ classes: - roles::postgresql::ftp_master_dak_replica postgres::backup_server::register_backup_clienthost::allow_read_hosts: ['fasolo'] -roles::postgresql::server::manage_clusters_hba: [5440, 5435] +roles::postgresql::server::manage_clusters_hba: yes diff --git a/modules/roles/manifests/api_ftp_master.pp b/modules/roles/manifests/api_ftp_master.pp index 61b9d3785..c3031787d 100644 --- a/modules/roles/manifests/api_ftp_master.pp +++ b/modules/roles/manifests/api_ftp_master.pp @@ -7,4 +7,5 @@ class roles::api_ftp_master { # is api_ftp_master the right role to put this in? include roles::udd::db_guest_access + include roles::postgresql::ftp_master_dak_replica::db_guest_access::bm } diff --git a/modules/roles/manifests/buildd_master.pp b/modules/roles/manifests/buildd_master.pp index b3e1b96af..5e0a4a3e7 100644 --- a/modules/roles/manifests/buildd_master.pp +++ b/modules/roles/manifests/buildd_master.pp @@ -43,6 +43,8 @@ class roles::buildd_master ( # The UDD database is used to display FTBFS bugs on the web interface include roles::udd::db_guest_access + include roles::postgresql::ftp_master_dak_replica::db_guest_access::bm + @@postgres::cluster::hba_entry { "qa-buildlogchecks-${::fqdn}": tag => "postgres::cluster::${qa_buildlogchecks_db_port}::hba::${qa_buildlogchecks_db_address}", pg_port => $qa_buildlogchecks_db_port, diff --git a/modules/roles/manifests/nm.pp b/modules/roles/manifests/nm.pp index 96ff2291b..009109e04 100644 --- a/modules/roles/manifests/nm.pp +++ b/modules/roles/manifests/nm.pp @@ -26,4 +26,6 @@ class roles::nm ( user => ['nm', 'nmweb'], address => $base::public_addresses, } + + include roles::postgresql::ftp_master_dak_replica::db_guest_access::bm } diff --git a/modules/roles/manifests/postgresql/ftp_master_dak_replica/db_guest_access/bm.pp b/modules/roles/manifests/postgresql/ftp_master_dak_replica/db_guest_access/bm.pp new file mode 100644 index 000000000..b3092a31c --- /dev/null +++ b/modules/roles/manifests/postgresql/ftp_master_dak_replica/db_guest_access/bm.pp @@ -0,0 +1,25 @@ +# ftp_master_dak_replica guest access to DB +# +# @param db_address hostname of the postgres server for this service +# @param db_port port of the postgres server for this service +# @param database list of databases to give access to +# @param address hosts to give access +# @param connection_type connection type +class roles::postgresql::ftp_master_dak_replica::db_guest_access::bm ( + String $db_address, + Integer $db_port, + Array[String] $database = ['projectb'], + Enum['local', 'host', 'hostssl'] $connection_type = 'hostssl', + Optional[Variant[Stdlib::IP::Address, Array[Stdlib::IP::Address]]] $address = $base::public_addresses, +) { + @@postgres::cluster::hba_entry { "dak-projectb-guest-${::fqdn}": + tag => "postgres::cluster::${db_port}::hba::${db_address}", + pg_port => $db_port, + database => $database, + user => 'guest', + address => $address, + connection_type => $connection_type, + method => 'trust', + order => '25', + } +} diff --git a/modules/roles/manifests/qamaster.pp b/modules/roles/manifests/qamaster.pp index e0c897153..bcebd109a 100644 --- a/modules/roles/manifests/qamaster.pp +++ b/modules/roles/manifests/qamaster.pp @@ -21,6 +21,7 @@ class roles::qamaster ( } include roles::udd::db_guest_access + include roles::postgresql::ftp_master_dak_replica::db_guest_access::bm @@postgres::cluster::hba_entry { "qa-${::fqdn}": tag => "postgres::cluster::${db_port}::hba::${db_address}", diff --git a/modules/roles/manifests/release.pp b/modules/roles/manifests/release.pp index 72b6b9946..152ccedcc 100644 --- a/modules/roles/manifests/release.pp +++ b/modules/roles/manifests/release.pp @@ -8,6 +8,7 @@ class roles::release ( ) { include roles::buildd_master::db_guest_access include roles::udd::db_guest_access + include roles::postgresql::ftp_master_dak_replica::db_guest_access::bm @@postgres::cluster::hba_entry { "release-${::fqdn}": tag => "postgres::cluster::${db_port}::hba::${db_address}", diff --git a/modules/roles/manifests/udd.pp b/modules/roles/manifests/udd.pp index a6f4c2dbe..ed5a56494 100644 --- a/modules/roles/manifests/udd.pp +++ b/modules/roles/manifests/udd.pp @@ -11,6 +11,7 @@ class roles::udd { include roles::buildd_master::db_guest_access include roles::pet::db_guest_access + include roles::postgresql::ftp_master_dak_replica::db_guest_access::bm class { 'roles::udd::db_guest_access': database => ['udd', 'udd-dev'], -- 2.20.1