ae256b7c0b
ci/woodpecker/pr/erb-validate Pipeline was successful
ci/woodpecker/pr/ruby-validate Pipeline was successful
ci/woodpecker/pr/puppet-lint Pipeline was successful
ci/woodpecker/pr/yamllint Pipeline was successful
ci/woodpecker/pr/bolt-validate Pipeline was successful
ci/woodpecker/pr/epp-validate Pipeline was successful
ci/woodpecker/pr/puppet-validate Pipeline was successful
ci/woodpecker/pr/ruby-check Pipeline was successful
Replace deprecated dalen-puppetdbquery module with native puppetdb_query function using PQL syntax to resolve URI.escape compatibility issues. This is required to migrated to Puppet 8 (and kubernetes). Changes: - Remove dalen-puppetdbquery dependency from Puppetfile - Replace query_nodes() calls with puppetdb_query() using PQL syntax - Update 27 function calls across 18 Puppet manifests - Maintain equivalent functionality with improved compatibility
73 lines
2.1 KiB
Puppet
73 lines
2.1 KiB
Puppet
class profiles::sql::postgresdb (
|
|
String $dbname,
|
|
String $dbuser,
|
|
String $dbpass,
|
|
String $cluster_name,
|
|
Boolean $create_host_users = false,
|
|
Boolean $members_lookup = true,
|
|
String $members_role = $facts['enc_role'],
|
|
Array $servers = [],
|
|
){
|
|
|
|
# if lookup is enabled
|
|
if $members_lookup {
|
|
|
|
# check that the role is also set
|
|
unless !($members_role == undef) {
|
|
fail("members_role must be provided for ${title} when members_lookup is True")
|
|
}
|
|
|
|
# if it is, find hosts, sort them so they dont cause changes every run
|
|
$servers_array = sort(puppetdb_query(
|
|
"facts[certname] {
|
|
name = 'enc_role' and value = '${members_role}' and
|
|
certname in facts[certname] { name = 'region' and value = '${facts['region']}' }
|
|
}"
|
|
).map |$fact| { $fact['certname'] })
|
|
|
|
# else use provided array from params
|
|
}else{
|
|
$servers_array = $servers
|
|
}
|
|
|
|
$tag = "${cluster_name}-${facts['country']}-${facts['region']}-${facts['environment']}"
|
|
|
|
# only export from the first server in a cluster
|
|
if $servers_array[0] == $facts['networking']['fqdn'] {
|
|
|
|
# manage the postgres db
|
|
@@profiles::sql::postgres::db { "${facts['networking']['fqdn']}_db_${dbname}":
|
|
dbname => $dbname,
|
|
owner => $dbuser,
|
|
tag => $tag,
|
|
}
|
|
|
|
@@profiles::sql::postgres::user { "${facts['networking']['fqdn']}_role_${dbuser}":
|
|
username => $dbuser,
|
|
password => $dbpass,
|
|
tag => $tag,
|
|
}
|
|
|
|
['CONNECT', 'CREATE', 'TEMPORARY'].each |$priv| {
|
|
@@profiles::sql::postgres::grant { "${facts['networking']['fqdn']}_grant_db_${dbname}_${dbuser}_${priv}":
|
|
dbname => $dbname,
|
|
username => $dbuser,
|
|
type => 'DATABASE',
|
|
privilege => $priv,
|
|
tag => $tag,
|
|
}
|
|
}
|
|
|
|
#['USAGE', 'CREATE'].each |$priv| {
|
|
# @@profiles::sql::postgres::grant { "${facts['networking']['fqdn']}_grant_schema_${dbname}_${dbuser}_${priv}":
|
|
# dbname => $dbname,
|
|
# username => $dbuser,
|
|
# type => 'SCHEMA',
|
|
# schema => 'public',
|
|
# privilege => $priv,
|
|
# tag => $tag,
|
|
# }
|
|
#}
|
|
}
|
|
}
|