puppet-prod/site/profiles/manifests/sql/patroni.pp

# profiles::sql::patroni
class profiles::sql::patroni (
  String  $cluster_name,
  String  $superuser_password,
  String  $replication_password,
  String  $superuser_username = 'postgres',
  String  $replication_username = 'repl',
  String  $pgsql_version = '15',
  Stdlib::Absolutepath $pgsql_data_base = '/data/pgsql',
  Stdlib::Absolutepath $pgsql_data_dir = "${pgsql_data_base}/${pgsql_version}/data",
  Boolean $use_consul = true,
  String  $consul_host = 'localhost',
  Stdlib::Port $consul_port = 8500,
  Enum['http','https'] $consul_scheme = 'http',
  Variant[Undef,String] $consul_token = undef,
  Boolean $consul_verify = false,
  Boolean $consul_register_service = true,
  String  $consul_service_check_interval = '5s',
  String  $consul_cacert = '/etc/pki/ca-trust/source/anchors/vaultcaroot.pem',
  Boolean $postgres_exporter_enabled = false,
  Optional[String] $postgres_exporter_user = undef,
  Optional[String] $postgres_exporter_pass = undef,
){

  # disable the postgresql dnf module for el8+
  if $facts['os']['family'] == 'RedHat' and $facts['os']['release']['major'] >= '8' {
    # based on https://github.com/puppetlabs/puppetlabs-postgresql/blob/main/manifests/dnfmodule.pp
    package { 'postgresql dnf module':
        ensure   => 'disabled',
        name     => 'postgresql',
        provider => 'dnfmodule',
        before   => Class['patroni'],
    }
  }

  # prepare data path
  mkdir::p {$pgsql_data_dir:}
  file {$pgsql_data_dir:
    ensure  => 'directory',
    owner   => 'postgres',
    group   => 'postgres',
    mode    => '0700',
    require => Class['patroni'],
  }

  # manage patroni
  class { 'patroni':
    scope                         => $cluster_name,
    use_consul                    => $use_consul,
    consul_host                   => $consul_host,
    consul_port                   => $consul_port,
    consul_scheme                 => $consul_scheme,
    consul_token                  => $consul_token,
    consul_verify                 => $consul_verify,
    consul_register_service       => $consul_register_service,
    consul_service_check_interval => $consul_service_check_interval,
    consul_cacert                 => $consul_cacert,
    manage_python                 => false,
    pgsql_connect_address         => "${facts['networking']['fqdn']}:5432",
    restapi_connect_address       => "${facts['networking']['fqdn']}:8008",
    postgresql_version            => $pgsql_version,
    pgsql_data_dir                => $pgsql_data_dir,
    pgsql_pgpass_path             => '/var/lib/pgsql/pgpass',
    pgsql_parameters              => {
      'max_connections' => 5000,
    },
    bootstrap_pg_hba              => [
      'local all postgres ident',
      'host all all 0.0.0.0/0 md5',
      'host replication repl 0.0.0.0/0 md5',
    ],
    pgsql_pg_hba                  => [
      'local all postgres ident',
      'host all all 0.0.0.0/0 md5',
      'host replication repl 0.0.0.0/0 md5',
    ],
    superuser_username            => $superuser_username,
    superuser_password            => $superuser_password,
    replication_username          => $replication_username,
    replication_password          => $replication_password,
    require                       => [
      Yumrepo["postgresql-${pgsql_version}"],
      Yumrepo['postgresql-common']
    ],
  }

  $connect_settings = {

  }

  # collect exported resources
  $tag = "${facts['country']}-${facts['region']}-${facts['environment']}"
  Profiles::Sql::Postgres::Db <<| tag == $tag |>> {}
  Profiles::Sql::Postgres::User <<| tag == $tag |>> {}
  Profiles::Sql::Postgres::Grant <<| tag == $tag |>> {}

  if $postgres_exporter_enabled {
    class { 'prometheus::postgres_exporter':
      postgres_user     => $postgres_exporter_user,
      postgres_pass     => $postgres_exporter_pass,
      data_source_uri   => "${facts['networking']['ip']}:5432/postgres?sslmode=disable",
      export_scrape_job => true,
    }
  }
}