From 00edd627df3a093aaccab05219cb3f814fdf9c7c Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sat, 5 Jul 2025 11:15:59 +1000 Subject: [PATCH] feat: move pg_hba to hieradata - remove hardcoded pg_hba - move pg_hba to hieradata --- hieradata/roles/infra/puppetdb/sql.yaml | 8 ++++++++ hieradata/roles/infra/sql/shared.yaml | 10 ++++++++++ site/profiles/manifests/sql/patroni.pp | 10 ---------- 3 files changed, 18 insertions(+), 10 deletions(-) diff --git a/hieradata/roles/infra/puppetdb/sql.yaml b/hieradata/roles/infra/puppetdb/sql.yaml index e7aacdb..85c69a7 100644 --- a/hieradata/roles/infra/puppetdb/sql.yaml +++ b/hieradata/roles/infra/puppetdb/sql.yaml @@ -15,6 +15,14 @@ profiles::sql::patroni::cluster_name: "patroni-puppetdb-%{facts.environment}" profiles::sql::patroni::postgres_exporter_enabled: true profiles::sql::patroni::postgres_exporter_user: postgres_exporter profiles::sql::patroni::pgsql_version: "17" +patroni::bootstrap_pg_hba: + - 'local all postgres ident' + - 'host all all 0.0.0.0/0 md5' + - 'host replication repl 0.0.0.0/0 md5' +patroni::pgsql_pg_hba: + - 'local all postgres ident' + - 'host all all 0.0.0.0/0 md5' + - 'host replication repl 0.0.0.0/0 md5' # FIXME: puppet-python wants to try manage python-dev, which is required by the ceph package python::manage_dev_package: false diff --git a/hieradata/roles/infra/sql/shared.yaml b/hieradata/roles/infra/sql/shared.yaml index 455d871..7a124be 100644 --- a/hieradata/roles/infra/sql/shared.yaml +++ b/hieradata/roles/infra/sql/shared.yaml @@ -15,6 +15,16 @@ profiles::sql::patroni::cluster_name: "patroni-shared-%{facts.environment}" profiles::sql::patroni::postgres_exporter_enabled: true profiles::sql::patroni::postgres_exporter_user: postgres_exporter profiles::sql::patroni::pgsql_version: "17" +patroni::bootstrap_pg_hba: + - 'local all postgres ident' + - 'host all all 0.0.0.0/0 md5' + - 'host gitea gitea 0.0.0.0/0 scram-sha-256' + - 'host replication repl 0.0.0.0/0 md5' +patroni::pgsql_pg_hba: + - 'local all postgres ident' + - 'host all all 0.0.0.0/0 md5' + - 'host gitea gitea 0.0.0.0/0 scram-sha-256' + - 'host replication repl 0.0.0.0/0 md5' python::manage_dev_package: false diff --git a/site/profiles/manifests/sql/patroni.pp b/site/profiles/manifests/sql/patroni.pp index 07bcfa7..079bd3d 100644 --- a/site/profiles/manifests/sql/patroni.pp +++ b/site/profiles/manifests/sql/patroni.pp @@ -64,16 +64,6 @@ class profiles::sql::patroni ( pgsql_parameters => { 'max_connections' => 5000, }, - bootstrap_pg_hba => [ - 'local all postgres ident', - 'host all all 0.0.0.0/0 md5', - 'host replication repl 0.0.0.0/0 md5', - ], - pgsql_pg_hba => [ - 'local all postgres ident', - 'host all all 0.0.0.0/0 md5', - 'host replication repl 0.0.0.0/0 md5', - ], superuser_username => $superuser_username, superuser_password => $superuser_password, replication_username => $replication_username,