feat: migrate pupeptdb sql to patroni (#318)

- change puppetdb::sql to using the patroni profile
- change puppetdb::api to use new patroni cluster
- remove references to puppetlabs-puppetdb managed database
- update consul rules to enable sessions

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/318
This commit was merged in pull request #318.
This commit is contained in:
2025-06-19 05:52:32 +10:00
parent 26b908e5e7
commit cb1d562cb0
9 changed files with 100 additions and 53 deletions
+32 -10
View File
@@ -2,10 +2,21 @@
class profiles::puppet::puppetdb_api (
String $private_cert,
String $public_cert,
String $postgres_host = lookup('puppetdbsql'),
String $listen_address = $facts['networking']['ip'],
Stdlib::Absolutepath $java_bin = '/usr/bin/java',
Hash $java_args = {},
Stdlib::Host $read_database_host,
Stdlib::Port $read_database_port,
String[1] $read_database_username,
String[1] $read_database_name,
String[1] $read_database_password,
Boolean $read_database_validate,
Stdlib::Host $database_host,
Stdlib::Port $database_port,
String[1] $database_username,
String[1] $database_name,
String[1] $database_password,
Boolean $database_validate,
String $listen_address = $facts['networking']['ip'],
Stdlib::Absolutepath $java_bin = '/usr/bin/java',
Hash $java_args = {},
) {
# wait for enc_role to match the required role
@@ -16,12 +27,23 @@ class profiles::puppet::puppetdb_api (
}
class { 'puppetdb::server':
database_host => $postgres_host,
manage_firewall => false,
ssl_listen_address => $listen_address,
listen_address => $listen_address,
java_bin => $java_bin,
java_args => $java_args,
manage_firewall => false,
ssl_listen_address => $listen_address,
listen_address => $listen_address,
java_bin => $java_bin,
java_args => $java_args,
read_database_host => $read_database_host,
read_database_port => $read_database_port,
read_database_username => $read_database_username,
read_database_name => $read_database_name,
read_database_password => Sensitive($read_database_password),
read_database_validate => $read_database_validate,
database_host => $database_host,
database_port => $database_port,
database_username => $database_username,
database_name => $database_name,
database_password => Sensitive($database_password),
database_validate => $database_validate,
}
contain ::puppetdb::server
@@ -12,21 +12,9 @@ class profiles::puppet::puppetdb_sql (
ensure => 'disabled',
name => 'postgresql',
provider => 'dnfmodule',
before => Class['puppetdb::database::postgresql'],
}
}
# Install and configure PostgreSQL for PuppetDB
class { 'puppetdb::database::postgresql':
listen_addresses => $listen_address,
postgres_version => '15',
puppetdb_server => $puppetdb_host,
manage_package_repo => false,
require => [ Yumrepo['postgresql-15'],Yumrepo['postgresql-common'] ],
}
contain ::puppetdb::database::postgresql
# create the postgresql::server::config_entry resources
$pg_config_entries = lookup('postgresql_config_entries', Hash[String, Data], 'hash', {})
$pg_config_entries.each |String $key, Data $value| {
+1 -5
View File
@@ -84,14 +84,10 @@ class profiles::sql::patroni (
],
}
$connect_settings = {
}
# only apply changes to DBs/Users/Grants on master
if ! $facts['psql_is_slave'] {
# collect exported resources
$tag = "${facts['country']}-${facts['region']}-${facts['environment']}"
$tag = "${cluster_name}-${facts['country']}-${facts['region']}-${facts['environment']}"
Profiles::Sql::Postgres::Db <<| tag == $tag |>> {}
Profiles::Sql::Postgres::User <<| tag == $tag |>> {}
Profiles::Sql::Postgres::Grant <<| tag == $tag |>> {}
+2 -1
View File
@@ -2,6 +2,7 @@ class profiles::sql::postgresdb (
String $dbname,
String $dbuser,
String $dbpass,
String $cluster_name,
Boolean $create_host_users = false,
Boolean $members_lookup = false,
String $members_role = undef,
@@ -24,7 +25,7 @@ class profiles::sql::postgresdb (
$servers_array = $servers
}
$tag = "${facts['country']}-${facts['region']}-${facts['environment']}"
$tag = "${cluster_name}-${facts['country']}-${facts['region']}-${facts['environment']}"
# only export from the first server in a cluster
if $servers_array[0] == $facts['networking']['fqdn'] {