From b79397f91c2d9309186806e3317248b349b19080 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 29 Sep 2019 22:16:20 +0200
Subject: [PATCH] manage danzi/tracker pg_hba

---
 data/common.yaml                   |  3 +++
 data/nodes/danzi.debian.org.yaml   |  2 ++
 modules/ferm/manifests/per_host.pp |  9 ---------
 modules/roles/manifests/tracker.pp | 17 ++++++++++++++++-
 4 files changed, 21 insertions(+), 10 deletions(-)

diff --git a/data/common.yaml b/data/common.yaml
index a853b5b04..780bedb32 100644
--- a/data/common.yaml
+++ b/data/common.yaml
@@ -51,6 +51,9 @@ bacula::client::storage_server: storace.debian.org
 roles::debsources::db_address: bmdb1.debian.org
 roles::debsources::db_port: 5440
 
+roles::tracker::db_address: danzi.debian.org
+roles::tracker::db_port: 5432
+
 roles::ftp_master::db_port: 5433
 
 roles::postgresql::ftp_master_dak_replica::db_server: fasolo.debian.org
diff --git a/data/nodes/danzi.debian.org.yaml b/data/nodes/danzi.debian.org.yaml
index b640495d6..6f982f36f 100644
--- a/data/nodes/danzi.debian.org.yaml
+++ b/data/nodes/danzi.debian.org.yaml
@@ -1,3 +1,5 @@
 ---
 classes:
   - roles::postgresql::server
+
+roles::postgresql::server::manage_clusters_hba: [5432]
diff --git a/modules/ferm/manifests/per_host.pp b/modules/ferm/manifests/per_host.pp
index 86edbde1d..3f9fdd280 100644
--- a/modules/ferm/manifests/per_host.pp
+++ b/modules/ferm/manifests/per_host.pp
@@ -134,15 +134,6 @@ class ferm::per_host {
       }
     }
     danzi: {
-      ferm::rule { 'dsa-postgres-tracker':
-        description => 'Allow postgress access to cluster: tracker',
-        domain      => '(ip ip6)',
-        rule        => @("EOF"/$)
-          &SERVICE_RANGE(tcp, 5432, (
-            ${ join(getfromhash($deprecated::allnodeinfo, 'ticharich.debian.org', 'ipHostNumber'), " ") }
-          ))
-          | EOF
-      }
       ferm::rule { 'dsa-postgres-main':
         description => 'Allow postgress access to cluster: main',
         domain      => '(ip ip6)',
diff --git a/modules/roles/manifests/tracker.pp b/modules/roles/manifests/tracker.pp
index e2ed25056..962e92cb8 100644
--- a/modules/roles/manifests/tracker.pp
+++ b/modules/roles/manifests/tracker.pp
@@ -1,4 +1,11 @@
-class roles::tracker {
+# tracker.debian.org service
+#
+# @param db_address     hostname of the postgres server for this service
+# @param db_port        port of the postgres server for this service
+class roles::tracker (
+  String  $db_address,
+  Integer $db_port,
+) {
   include apache2
   include roles::sso_rp
 
@@ -17,4 +24,12 @@ class roles::tracker {
     owner => 'qa',
     group => 'qa',
   }
+
+  @@postgres::cluster::hba_entry { "tracker-${::fqdn}":
+    tag      => "postgres::cluster::${db_port}::hba::${db_address}",
+    pg_port  => $db_port,
+    database => ['tracker', 'tracker-test'],
+    user     => 'qa',
+    address  => $base::public_addresses,
+  }
 }
-- 
2.20.1