79 lines
3.4 KiB
Puppet
79 lines
3.4 KiB
Puppet
# Class: puppetdb::database::postgresql
|
|
#
|
|
# This class manages a postgresql server and database instance suitable for use
|
|
# with puppetdb. It uses the `inkling/postgresql` puppet module for getting
|
|
# the postgres server up and running, and then also for creating the puppetdb
|
|
# database instance and user account.
|
|
#
|
|
# This class is intended as a high-level abstraction to help simplify the process
|
|
# of getting your puppetdb postgres server up and running; for maximum
|
|
# configurability, you may choose not to use this class. You may prefer to
|
|
# use `inkling/postgresql` directly, use a different puppet postgres module,
|
|
# or manage your postgres setup on your own. All of these approaches should
|
|
# be compatible with puppetdb.
|
|
#
|
|
# Parameters:
|
|
# ['listen_addresses'] - A comma-separated list of hostnames or IP addresses
|
|
# on which the postgres server should listen for incoming
|
|
# connections. (Defaults to 'localhost'. This parameter
|
|
# maps directly to postgresql's 'listen_addresses' config
|
|
# option; use a '*' to allow connections on any accessible
|
|
# address.
|
|
# ['database_name'] - The name of the database instance to connect to.
|
|
# (defaults to `puppetdb`)
|
|
# ['database_username'] - The name of the database user to connect as.
|
|
# (defaults to `puppetdb`)
|
|
# ['database_password'] - The password for the database user.
|
|
# (defaults to `puppetdb`)
|
|
# Actions:
|
|
# - Creates and manages a postgres server and database instance for use by
|
|
# puppetdb
|
|
#
|
|
# Requires:
|
|
# - `inkling/postgresql`
|
|
#
|
|
# Sample Usage:
|
|
# class { 'puppetdb::database::postgresql':
|
|
# listen_addresses => 'my.postgres.host.name',
|
|
# }
|
|
#
|
|
class puppetdb::database::postgresql(
|
|
# TODO: expose more of the parameters from `inkling/postgresql`!
|
|
$listen_addresses = $puppetdb::params::database_host,
|
|
$manage_redhat_firewall = $puppetdb::params::open_postgres_port,
|
|
$database_name = $puppetdb::params::database_name,
|
|
$database_username = $puppetdb::params::database_username,
|
|
$database_password = $puppetdb::params::database_password,
|
|
) inherits puppetdb::params {
|
|
|
|
# This technically defaults to 'true', but in order to preserve backwards
|
|
# compatibility with the deprecated 'manage_redhat_firewall' parameter, we
|
|
# had to specify 'undef' as the default so that we could tell whether or
|
|
# not the user explicitly specified a value. Here's where we're resolving
|
|
# that and setting the 'real' default. We should be able to get rid of
|
|
# this block when we remove `manage_redhat_firewall`.
|
|
if ($manage_redhat_firewall != undef) {
|
|
$final_manage_redhat_firewall = $manage_redhat_firewall
|
|
} else {
|
|
$final_manage_redhat_firewall = true
|
|
}
|
|
|
|
|
|
# get the pg server up and running
|
|
class { '::postgresql::server':
|
|
config_hash => {
|
|
# TODO: make this stuff configurable
|
|
'ip_mask_allow_all_users' => '0.0.0.0/0',
|
|
'listen_addresses' => $listen_addresses,
|
|
'manage_redhat_firewall' => $final_manage_redhat_firewall,
|
|
},
|
|
}
|
|
|
|
# create the puppetdb database
|
|
postgresql::db{ $database_name:
|
|
user => $database_username,
|
|
password => $database_password,
|
|
grant => 'all',
|
|
require => Class['::postgresql::server'],
|
|
}
|
|
}
|