Ben Vincent
d6ccb8aafe
- add pgsql backend capabilities for grafana - create/manage pgsql database for grafana - fix psql_is_slave fact to work on all current patroni clusters - fix extra } in resources - fix unless in psql grant commands - fix add database owner - fix disabled schema permissions, the unless didnt work
68 lines
2.0 KiB
Puppet
68 lines
2.0 KiB
Puppet
class profiles::sql::postgresdb (
|
|
String $dbname,
|
|
String $dbuser,
|
|
String $dbpass,
|
|
String $cluster_name,
|
|
Boolean $create_host_users = false,
|
|
Boolean $members_lookup = true,
|
|
String $members_role = $facts['enc_role'],
|
|
Array $servers = [],
|
|
){
|
|
|
|
# if lookup is enabled
|
|
if $members_lookup {
|
|
|
|
# check that the role is also set
|
|
unless !($members_role == undef) {
|
|
fail("members_role must be provided for ${title} when members_lookup is True")
|
|
}
|
|
|
|
# if it is, find hosts, sort them so they dont cause changes every run
|
|
$servers_array = sort(query_nodes("enc_role='${members_role}' and region='${facts['region']}'", 'networking.fqdn'))
|
|
|
|
# else use provided array from params
|
|
}else{
|
|
$servers_array = $servers
|
|
}
|
|
|
|
$tag = "${cluster_name}-${facts['country']}-${facts['region']}-${facts['environment']}"
|
|
|
|
# only export from the first server in a cluster
|
|
if $servers_array[0] == $facts['networking']['fqdn'] {
|
|
|
|
# manage the postgres db
|
|
@@profiles::sql::postgres::db { "${facts['networking']['fqdn']}_db_${dbname}":
|
|
dbname => $dbname,
|
|
owner => $dbuser,
|
|
tag => $tag,
|
|
}
|
|
|
|
@@profiles::sql::postgres::user { "${facts['networking']['fqdn']}_role_${dbuser}":
|
|
username => $dbuser,
|
|
password => $dbpass,
|
|
tag => $tag,
|
|
}
|
|
|
|
['CONNECT', 'CREATE', 'TEMPORARY'].each |$priv| {
|
|
@@profiles::sql::postgres::grant { "${facts['networking']['fqdn']}_grant_db_${dbname}_${dbuser}_${priv}":
|
|
dbname => $dbname,
|
|
username => $dbuser,
|
|
type => 'DATABASE',
|
|
privilege => $priv,
|
|
tag => $tag,
|
|
}
|
|
}
|
|
|
|
#['USAGE', 'CREATE'].each |$priv| {
|
|
# @@profiles::sql::postgres::grant { "${facts['networking']['fqdn']}_grant_schema_${dbname}_${dbuser}_${priv}":
|
|
# dbname => $dbname,
|
|
# username => $dbuser,
|
|
# type => 'SCHEMA',
|
|
# schema => 'public',
|
|
# privilege => $priv,
|
|
# tag => $tag,
|
|
# }
|
|
#}
|
|
}
|
|
}
|