Page MenuHomeDevCentral
Files F3607324

D2942.id7492.diff
No OneTemporary
Actions

D2942.id7492.diff
View Options

diff --git a/pillar/dbserver/cluster-A.sls b/pillar/dbserver/cluster-A.sls
--- a/pillar/dbserver/cluster-A.sls
+++ b/pillar/dbserver/cluster-A.sls
@@ -1,9 +1,13 @@
dbserver_postgresql:
server:
+ cluster: A
+
# Fantoir database needs the pg_trgm extension
with_contrib: True
+ listen_addresses: "*"
+
users:
# Password paths are relative to ops/secrets/
@@ -33,3 +37,13 @@
owner: fantoir
extensions:
- pg_trgm
+
+ # Network connections allowed in pg_hba.conf
+ connections:
+ - db: airflow
+ user: airflow
+ ips: 172.27.27.0/28
+
+ - db: fantoir
+ user: fantoir
+ ips: 172.27.27.0/28
diff --git a/roles/dbserver-pgsql/server/config.sls b/roles/dbserver-pgsql/server/config.sls
new file mode 100644
--- /dev/null
+++ b/roles/dbserver-pgsql/server/config.sls
@@ -0,0 +1,26 @@
+# -------------------------------------------------------------
+# Salt — Database server — PostgreSQL
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# PostgreSQL general configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/var/db/postgres/data/pg_hba.conf:
+ file.managed:
+ - source: salt://roles/dbserver-pgsql/server/files/pg_hba.conf
+ - mode: 444
+ - template: jinja
+ - context:
+ connections: {{ pillar["dbserver_postgresql"]["connections"] }}
+
+/var/db/postgres/data/postgresql.conf:
+ file.managed:
+ - source: salt://roles/dbserver-pgsql/server/files/postgresql.conf
+ - mode: 444
+ - template: jinja
+ - context:
+ server: {{ pillar["dbserver_postgresql"]["server"] }}
diff --git a/roles/dbserver-pgsql/server/files/pg_hba.conf b/roles/dbserver-pgsql/server/files/pg_hba.conf
new file mode 100644
--- /dev/null
+++ b/roles/dbserver-pgsql/server/files/pg_hba.conf
@@ -0,0 +1,34 @@
+# -------------------------------------------------------------
+# PostgreSQL
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/dbserver-pgsql/server/files/pg_hba.conf
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+# TYPE DATABASE USER ADDRESS METHOD
+
+# "local" is for Unix domain socket connections only
+local all all peer
+
+# Local connections
+host all all 127.0.0.1/32 scram-sha-256
+host all all ::1/128 scram-sha-256
+
+# External connections
+{%- for conn in connections %}
+host {{ "%-15s" | format(conn.db) }} {{ "%-15s" | format(conn.user) }} {{ "%-23s" | format(conn.ips) }} scram-sha-256
+{%- endfor %}
+
+# Allow replication connections from localhost, by a user with the
+# replication privilege.
+local replication all peer
+host replication all 127.0.0.1/32 scram-sha-256
+host replication all ::1/128 scram-sha-256
diff --git a/roles/dbserver-pgsql/server/files/postgresql.conf b/roles/dbserver-pgsql/server/files/postgresql.conf
new file mode 100644
--- /dev/null
+++ b/roles/dbserver-pgsql/server/files/postgresql.conf
@@ -0,0 +1,64 @@
+# -------------------------------------------------------------
+# PostgreSQL
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/dbserver-pgsql/server/files/postgresql.conf
+# Cluster: {{ server.cluster }}
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+# -------------------------------------------------------------
+# CONNECTIONS AND AUTHENTICATION
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+listen_addresses = '{{ server.listen_addresses }}'
+max_connections = 100
+
+# -------------------------------------------------------------
+# RESOURCE USAGE (except WAL)
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+shared_buffers = 128MB
+dynamic_shared_memory_type = posix
+
+# -------------------------------------------------------------
+# WRITE-AHEAD LOG (WAL)
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+min_wal_size = 80MB
+max_wal_size = 1GB
+
+# -------------------------------------------------------------
+# REPORTING AND LOGGING
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+log_destination = 'syslog'
+
+log_timezone = 'UTC'
+
+# -------------------------------------------------------------
+# PROCESS TITLE
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+# On FreeBSD, this is a performance hog, so keep it off if you need speed
+update_process_title = off
+
+# -------------------------------------------------------------
+# CLIENT CONNECTION DEFAULTS
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+datestyle = 'iso, mdy'
+timezone = 'UTC'
+lc_messages = 'C' # locale for system error message
+lc_monetary = 'C' # locale for monetary formatting
+lc_numeric = 'C' # locale for number formatting
+lc_time = 'C' # locale for time formatting
+
+default_text_search_config = 'pg_catalog.english'
diff --git a/roles/dbserver-pgsql/server/init.sls b/roles/dbserver-pgsql/server/init.sls
--- a/roles/dbserver-pgsql/server/init.sls
+++ b/roles/dbserver-pgsql/server/init.sls
@@ -7,6 +7,8 @@
include:
- .software
+ - .config
+ - .service
# Content includes databases, users, privileges
- .content
diff --git a/roles/dbserver-pgsql/server/software.sls b/roles/dbserver-pgsql/server/service.sls
copy from roles/dbserver-pgsql/server/software.sls
copy to roles/dbserver-pgsql/server/service.sls
--- a/roles/dbserver-pgsql/server/software.sls
+++ b/roles/dbserver-pgsql/server/service.sls
@@ -5,20 +5,6 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% from "map.jinja" import packages with context %}
-
-# -------------------------------------------------------------
-# PostgreSQL server
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-postgresql_server_software:
- pkg.installed:
- - pkgs:
- - {{ packages.postgresql }}
- {% if pillar["dbserver_postgresql"]["server"]["with_contrib"] | default(False) %}
- - {{ packages["postgresql-contrib"] }}
- {% endif %}
-
# -------------------------------------------------------------
# PostgreSQL service
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
diff --git a/roles/dbserver-pgsql/server/software.sls b/roles/dbserver-pgsql/server/software.sls
--- a/roles/dbserver-pgsql/server/software.sls
+++ b/roles/dbserver-pgsql/server/software.sls
@@ -18,24 +18,3 @@
{% if pillar["dbserver_postgresql"]["server"]["with_contrib"] | default(False) %}
- {{ packages["postgresql-contrib"] }}
{% endif %}
-
-# -------------------------------------------------------------
-# PostgreSQL service
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-{% if grains['os'] == 'FreeBSD' %}
-
-/etc/rc.conf.d/postgresql:
- file.managed:
- - source: salt://roles/dbserver-pgsql/server/files/postgresql.rc
-
-initialize_postgresql:
- cmd.run:
- - name: /usr/local/etc/rc.d/postgresql initdb
- - creates: /var/db/postgres/data
-
-postgresql_running:
- service.running:
- - name: postgresql
-
-{% endif %}

File Metadata

Mime Type
text/plain
Expires
Tue, Oct 1, 08:29 (20 h, 5 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2168081
Default Alt Text
D2942.id7492.diff (8 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator