unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
a9faa098ee
puppet-prod/site/profiles/manifests/sql/patroni.pp

105 lines
3.9 KiB
Puppet
Raw Blame History

# profiles::sql::patroni
class profiles::sql::patroni (
String $cluster_name,
String $superuser_password,
String $replication_password,
String $superuser_username = 'postgres',
String $replication_username = 'repl',
String $pgsql_version = '15',
Stdlib::Absolutepath $pgsql_data_base = '/data/pgsql',
Stdlib::Absolutepath $pgsql_data_dir = "${pgsql_data_base}/${pgsql_version}/data",
Boolean $use_consul = true,
String $consul_host = 'localhost',
Stdlib::Port $consul_port = 8500,
Enum['http','https'] $consul_scheme = 'http',
Variant[Undef,String] $consul_token = undef,
Boolean $consul_verify = false,
Boolean $consul_register_service = true,
String $consul_service_check_interval = '5s',
String $consul_cacert = '/etc/pki/ca-trust/source/anchors/vaultcaroot.pem',
Boolean $postgres_exporter_enabled = false,
Optional[String] $postgres_exporter_user = undef,
Optional[String] $postgres_exporter_pass = undef,
){
# disable the postgresql dnf module for el8+
if $facts['os']['family'] == 'RedHat' and $facts['os']['release']['major'] >= '8' {
# based on https://github.com/puppetlabs/puppetlabs-postgresql/blob/main/manifests/dnfmodule.pp
package { 'postgresql dnf module':
ensure => 'disabled',
name => 'postgresql',
provider => 'dnfmodule',
before => Class['patroni'],
}
}
# prepare data path
mkdir::p {$pgsql_data_dir:}
file {$pgsql_data_dir:
ensure => 'directory',
owner => 'postgres',
group => 'postgres',
mode => '0700',
require => Class['patroni'],
}
# manage patroni
class { 'patroni':
scope => $cluster_name,
use_consul => $use_consul,
consul_host => $consul_host,
consul_port => $consul_port,
consul_scheme => $consul_scheme,
consul_token => $consul_token,
consul_verify => $consul_verify,
consul_register_service => $consul_register_service,
consul_service_check_interval => $consul_service_check_interval,
consul_cacert => $consul_cacert,
manage_python => false,
pgsql_connect_address => "${facts['networking']['fqdn']}:5432",
restapi_connect_address => "${facts['networking']['fqdn']}:8008",
postgresql_version => $pgsql_version,
pgsql_data_dir => $pgsql_data_dir,
pgsql_pgpass_path => '/var/lib/pgsql/pgpass',
pgsql_parameters => {
'max_connections' => 5000,
},
bootstrap_pg_hba => [
'local all postgres ident',
'host all all 0.0.0.0/0 md5',
'host replication repl 0.0.0.0/0 md5',
],
pgsql_pg_hba => [
'local all postgres ident',
'host all all 0.0.0.0/0 md5',
'host replication repl 0.0.0.0/0 md5',
],
superuser_username => $superuser_username,
superuser_password => $superuser_password,
replication_username => $replication_username,
replication_password => $replication_password,
require => [
Yumrepo["postgresql-${pgsql_version}"],
Yumrepo['postgresql-common']
],
}
# only apply changes to DBs/Users/Grants on master
if ! $facts['psql_is_slave'] {
# collect exported resources
$tag = "${cluster_name}-${facts['country']}-${facts['region']}-${facts['environment']}"
Profiles::Sql::Postgres::User <<| tag == $tag |>> {}
Profiles::Sql::Postgres::Db <<| tag == $tag |>> {}
Profiles::Sql::Postgres::Grant <<| tag == $tag |>> {}
}
if $postgres_exporter_enabled {
class { 'prometheus::postgres_exporter':
postgres_user => $postgres_exporter_user,
postgres_pass => $postgres_exporter_pass,
data_source_uri => "${facts['networking']['ip']}:5432/postgres?sslmode=disable",
export_scrape_job => true,
}
}
}
Reference in New Issue View Git Blame Copy Permalink