Page MenuHomeDevCentral

D2942.id7490.diff
No OneTemporary

D2942.id7490.diff

diff --git a/pillar/dbserver/cluster-A.sls b/pillar/dbserver/cluster-A.sls
--- a/pillar/dbserver/cluster-A.sls
+++ b/pillar/dbserver/cluster-A.sls
@@ -1,9 +1,13 @@
dbserver_postgresql:
server:
+ cluster: A
+
# Fantoir database needs the pg_trgm extension
with_contrib: True
+ listen_addresses: "0.0.0.0"
+
users:
# Password paths are relative to ops/secrets/
@@ -33,3 +37,13 @@
owner: fantoir
extensions:
- pg_trgm
+
+ # Network connections allowed in pg_hba.conf
+ connections:
+ - db: airflow
+ user: airflow
+ ips: 172.27.27.0/28
+
+ - db: fantoir
+ user: fantoir
+ ips: 172.27.27.0/28
diff --git a/roles/dbserver-pgsql/server/config.sls b/roles/dbserver-pgsql/server/config.sls
new file mode 100644
--- /dev/null
+++ b/roles/dbserver-pgsql/server/config.sls
@@ -0,0 +1,26 @@
+# -------------------------------------------------------------
+# Salt — Database server — PostgreSQL
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# PostgreSQL general configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/var/db/postgres/data/pg_hba.conf:
+ file.managed:
+ - source: salt://roles/dbserver-pgsql/server/files/pg_hba.conf
+ - mode: 444
+ - template: jinja
+ - context:
+ connections: {{ pillar["dbserver_postgresql"]["connections"] }}
+
+/var/db/postgres/data/postgresql.conf:
+ file.managed:
+ - source: salt://roles/dbserver-pgsql/server/files/postgresql.conf
+ - mode: 444
+ - template: jinja
+ - context:
+ server: {{ pillar["dbserver_postgresql"]["server"] }}
diff --git a/roles/dbserver-pgsql/server/files/pg_hba.conf b/roles/dbserver-pgsql/server/files/pg_hba.conf
new file mode 100644
--- /dev/null
+++ b/roles/dbserver-pgsql/server/files/pg_hba.conf
@@ -0,0 +1,34 @@
+# -------------------------------------------------------------
+# PostgreSQL
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/dbserver-pgsql/server/files/pg_hba.conf
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+# TYPE DATABASE USER ADDRESS METHOD
+
+# "local" is for Unix domain socket connections only
+local all all peer
+
+# Local connections
+host all all 127.0.0.1/32 peer
+host all all ::1/128 peer
+
+# External connections
+{%- for conn in connections %}
+host {{ conn.db }} {{ conn.user }} {{ conn.ips }} scram-sha-256
+{% endfor -%}
+
+# Allow replication connections from localhost, by a user with the
+# replication privilege.
+local replication all peer
+host replication all 127.0.0.1/32 peer
+host replication all ::1/128 peer
diff --git a/roles/dbserver-pgsql/server/files/postgresql.conf b/roles/dbserver-pgsql/server/files/postgresql.conf
new file mode 100644
--- /dev/null
+++ b/roles/dbserver-pgsql/server/files/postgresql.conf
@@ -0,0 +1,64 @@
+# -------------------------------------------------------------
+# PostgreSQL
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/dbserver-pgsql/server/files/postgresql.conf
+# Cluster: {{ server.cluster }}
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+# -------------------------------------------------------------
+# CONNECTIONS AND AUTHENTICATION
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+listen_addresses = {{ server.listen_addresses }}
+max_connections = 100
+
+# -------------------------------------------------------------
+# RESOURCE USAGE (except WAL)
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+shared_buffers = 128MB
+dynamic_shared_memory_type = posix
+
+# -------------------------------------------------------------
+# WRITE-AHEAD LOG (WAL)
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+min_wal_size = 80MB
+max_wal_size = 1GB
+
+# -------------------------------------------------------------
+# REPORTING AND LOGGING
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+log_destination = 'syslog'
+
+log_timezone = 'UTC'
+
+# -------------------------------------------------------------
+# PROCESS TITLE
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+# On FreeBSD, this is a performance hog, so keep it off if you need speed
+update_process_title = off
+
+# -------------------------------------------------------------
+# CLIENT CONNECTION DEFAULTS
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+datestyle = 'iso, mdy'
+timezone = 'UTC'
+lc_messages = 'C' # locale for system error message
+lc_monetary = 'C' # locale for monetary formatting
+lc_numeric = 'C' # locale for number formatting
+lc_time = 'C' # locale for time formatting
+
+default_text_search_config = 'pg_catalog.english'
diff --git a/roles/dbserver-pgsql/server/init.sls b/roles/dbserver-pgsql/server/init.sls
--- a/roles/dbserver-pgsql/server/init.sls
+++ b/roles/dbserver-pgsql/server/init.sls
@@ -7,6 +7,7 @@
include:
- .software
+ - .config
# Content includes databases, users, privileges
- .content

File Metadata

Mime Type
text/plain
Expires
Mon, Nov 18, 11:39 (7 h, 18 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2250609
Default Alt Text
D2942.id7490.diff (6 KB)

Event Timeline