Merge pull request 'feat: puppetdb sql updates' (#5) from neoloc/puppetdb_sql into develop

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/5

hieradata/roles/infra/puppetdb/sql.eyaml

@@ -0,0 +1 @@
+profiles::puppet::puppetdb_sql::consul_test_db_pass: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAes6pfgtxctlXpsD+P5bahGP46nbXdPE3EiwdWPSiFP0MKfzFKbhlfOMydhz09fXHEa5mpOY3YHxN9W0tNmbs6mMvHIKKvNog6yowv7JnsQ+D89+c3JEdbi+DPwk6wVnKQEgnSn5uzoOHJVOd7hhtX85n1VTw9iTtSPGZprh11A3VII8dkUaPu6jc35rDGV6tgPvxaYy2vVH/b7wGP+kEe9WjoYU7Qw3odrY2yloGbQ3zXGh7ZXvK9iswKIuCLAMPoaUyJpzVooV7VqD4k/zEHhRgf88RMtww//9P8OHPJ9JPM2q3zHyZzoqRfOP723AP9z2V7OyhEoUNw5npaA6TpzBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBJevTZmH+Qm1mxwNxHdOzHgCAelk9abLhQkUO29O5d2PP04OTTlmK51BxHb203jqZSFQ==]

hieradata/roles/infra/puppetdb/sql.yaml

@@ -2,3 +2,38 @@
 postgresql_config_entries:
   max_connections: 300
   shared_buffers: '256MB'
+
+consul::services:
+  puppetdbsql:
+    service_name: 'puppetdbsql'
+    tags:
+      - 'puppet'
+      - 'puppetdb'
+      - 'database'
+    address: "%{facts.networking.ip}"
+    port: 5432
+    checks:
+      - id: 'psql-check'
+        name: 'PostgreSQL Health Check'
+        args:
+          - '/usr/local/bin/check_consul_postgresql'
+        interval: '10s'
+        timeout: '1s'
+profiles::consul::client::node_rules:
+  - resource: service
+    segment: puppetdbsql
+    disposition: write
+
+profiles::yum::global::repos:
+  postgresql-15:
+    name: postgresql-15
+    descr: postgresql-15 repository
+    target: /etc/yum.repos.d/postgresql.repo
+    baseurl: https://edgecache.query.consul/postgres/yum/15/redhat/rhel-%{facts.os.release.full}-%{facts.os.architecture}
+    gpgkey: https://edgecache.query.consul/postgres/yum/keys/PGDG-RPM-GPG-KEY-RHEL
+  postgresql-common:
+    name: postgresql-common
+    descr: postgresql-common repository
+    target: /etc/yum.repos.d/postgresql.repo
+    baseurl: https://edgecache.query.consul/postgres/yum/common/redhat/rhel-%{facts.os.release.full}-%{facts.os.architecture}
+    gpgkey: https://edgecache.query.consul/postgres/yum/keys/PGDG-RPM-GPG-KEY-RHEL

site/profiles/manifests/consul/client.pp

@@ -36,14 +36,15 @@ class profiles::consul::client (
     # deploy the consul agent
     class { 'consul':
       config_hash => {
-        'data_dir'       => $data_dir,
-        'datacenter'     => $consul_cluster,
-        'log_level'      => 'INFO',
-        'node_name'      => $facts['networking']['fqdn'],
-        'retry_join'     => $servers_array,
-        'bind_addr'      => $::facts['networking']['ip'],
-        'advertise_addr' => $::facts['networking']['ip'],
-        'acl'            => {
+        'data_dir'             => $data_dir,
+        'datacenter'           => $consul_cluster,
+        'log_level'            => 'INFO',
+        'node_name'            => $facts['networking']['fqdn'],
+        'retry_join'           => $servers_array,
+        'bind_addr'            => $::facts['networking']['ip'],
+        'advertise_addr'       => $::facts['networking']['ip'],
+        'enable_script_checks' => true,
+        'acl'                  => {
           tokens => {
             default => fqdn_uuid("${facts['networking']['fqdn']}-${secret_id_salt}")
           }

site/profiles/manifests/puppet/puppetdb_sql.pp

@@ -2,6 +2,7 @@
 class profiles::puppet::puppetdb_sql (
   String $puppetdb_host = lookup('puppetdbsql'),
   String $listen_address = $facts['networking']['ip'],
+  String $consul_test_db_pass = '',
 ) {
 
   # disable the postgresql dnf module for el8+
@@ -17,9 +18,11 @@ class profiles::puppet::puppetdb_sql (
 
   # Install and configure PostgreSQL for PuppetDB
   class { 'puppetdb::database::postgresql':
-    listen_addresses => $listen_address,
-    postgres_version => '15',
-    puppetdb_server  => $puppetdb_host,
+    listen_addresses    => $listen_address,
+    postgres_version    => '15',
+    puppetdb_server     => $puppetdb_host,
+    manage_package_repo => false,
+    require             => [ Yumrepo['postgresql-15'],Yumrepo['postgresql-common'] ],
   }
 
   contain ::puppetdb::database::postgresql
@@ -32,4 +35,19 @@ class profiles::puppet::puppetdb_sql (
       value  => $value,
     }
   }
+
+  # create consul database + user to test the host is responsive
+  postgresql::server::db { 'consul_test_db':
+    user     => 'consul_test_user',
+    password => postgresql::postgresql_password('consul_test_user', Sensitive($consul_test_db_pass) ),
+  }
+
+  file { '/usr/local/bin/check_consul_postgresql':
+    ensure  => 'file',
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0755',
+    content => template('profiles/puppetdb/check_consul_postgresql.erb'),
+    before  => Class['profiles::consul::client'],
+  }
 }

site/profiles/templates/puppetdb/check_consul_postgresql.erb

@@ -0,0 +1,2 @@
+#!/usr/bin/bash
+PGPASSWORD=<%= @consul_test_db_pass %> /usr/bin/psql -U consul_test_user -d consul_test_db -h <%= @facts['networking']['ip'] %> -p 5432 -c "SELECT 1"

site/roles/manifests/infra/puppetdb/sql.pp

@@ -6,6 +6,8 @@ class roles::infra::puppetdb::sql {
   }else{
     include profiles::defaults
     include profiles::base
-    include profiles::puppet::puppetdb_sql
+    if $facts['enc_role'] == 'roles::infra::puppetdb::sql' {
+      include profiles::puppet::puppetdb_sql
+    }
   }
 }