feat: manage database/user/grants for patroni
- add defines for exporting/collecting psql objects for patroni - add generic profile for managing patroni psql databases for an app
This commit is contained in:
@@ -0,0 +1,61 @@
|
||||
class profiles::sql::postgresdb (
|
||||
String $dbname,
|
||||
String $dbuser,
|
||||
String $dbpass,
|
||||
Boolean $create_host_users = false,
|
||||
Boolean $members_lookup = false,
|
||||
String $members_role = undef,
|
||||
Array $servers = [],
|
||||
){
|
||||
|
||||
# if lookup is enabled
|
||||
if $members_lookup {
|
||||
|
||||
# check that the role is also set
|
||||
unless !($members_role == undef) {
|
||||
fail("members_role must be provided for ${title} when members_lookup is True")
|
||||
}
|
||||
|
||||
# if it is, find hosts, sort them so they dont cause changes every run
|
||||
$servers_array = sort(query_nodes("enc_role='${members_role}' and region='${facts['region']}'", 'networking.fqdn'))
|
||||
|
||||
# else use provided array from params
|
||||
}else{
|
||||
$servers_array = $servers
|
||||
}
|
||||
|
||||
$tag = "${facts['country']}-${facts['region']}-${facts['environment']}"
|
||||
|
||||
# only export from the first server in a cluster
|
||||
if $servers_array[0] == $facts['networking']['fqdn'] {
|
||||
|
||||
# manage the postgres db
|
||||
@@profiles::sql::postgres::db { "${facts['networking']['fqdn']}_db_${dbname}":
|
||||
dbname => $dbname,
|
||||
tag => $tag,
|
||||
}
|
||||
|
||||
@@profiles::sql::postgres::user { "${facts['networking']['fqdn']}_role_${dbuser}":
|
||||
username => $dbuser,
|
||||
password => $dbpass,
|
||||
tag => $tag,
|
||||
}
|
||||
|
||||
@@profiles::sql::postgres::grant { "${facts['networking']['fqdn']}_grant_db_${dbuser}_${dbuser}}":
|
||||
dbname => $dbname,
|
||||
username => $dbuser,
|
||||
type => 'DATABASE',
|
||||
privilege => 'ALL PRIVILEGES',
|
||||
tag => $tag,
|
||||
}
|
||||
|
||||
@@profiles::sql::postgres::grant { "${facts['networking']['fqdn']}_grant_schema_${dbuser}_${dbuser}}":
|
||||
dbname => $dbname,
|
||||
username => $dbuser,
|
||||
type => 'SCHEMA',
|
||||
schema => 'public',
|
||||
privilege => 'ALL PRIVILEGES',
|
||||
tag => $tag,
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user