Puppet Class: profile::analytics::postgresql
- Defined in:
- modules/profile/manifests/analytics/postgresql.pp
Overview
SPDX-License-Identifier: Apache-2.0
Class profile::analytics::postgresql
Set up a postgresql cluster for data engineering purposes.
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 |
# File 'modules/profile/manifests/analytics/postgresql.pp', line 6
class profile::analytics::postgresql (
Stdlib::Host $primary = lookup('profile::analytics::postgresql::primary'),
String $replication_password = lookup('profile::analytics::postgresql::replication_password'),
String $dump_interval = lookup('profile::analytics::postgresql::dump_interval'),
Array[Stdlib::Host] $replicas = lookup('profile::analytics::postgresql::replicas'),
Boolean $ipv6_ok = lookup('profile::analytics::postgresql::ipv6_ok', default_value => true),
Boolean $do_backups = lookup('profile::analytics::postgresql::do_backup', default_value => true),
Array[String] $databases = lookup('profile::analytics::postgresql::databases', default_value => []),
Hash[String,String] $users = lookup('profile::analytics::postgresql::users', default_value => {}),
Integer $max_connections = lookup('profile::analytics::postgresql::max_connections', default_value => 100)
)
{
# We continue to use non-inclusive language here until T280268 can be addressed
# Inspired by profile::netbox::db
if $primary == $facts['networking']['fqdn'] {
# We do this for the require in postgres::db
$require_class = 'postgresql::master'
class { 'postgresql::master':
includes => ['tuning.conf'],
root_dir => '/srv/postgres',
use_ssl => true,
}
$on_primary = true
$replicas.each |$secondary| {
$sec_ip4 = ipresolve($secondary, 4)
# Main replication user
postgresql::user { "replication@${secondary}-ipv4":
ensure => present,
user => 'replication',
database => 'replication',
password => $replication_password,
cidr => "${sec_ip4}/32",
master => $on_primary,
attrs => 'REPLICATION',
}
if $ipv6_ok {
$sec_ip6 = ipresolve($secondary, 6)
postgresql::user { "replication@${secondary}-ipv6":
ensure => present,
user => 'replication',
database => 'replication',
password => $replication_password,
cidr => "${sec_ip6}/128",
master => $on_primary,
attrs => 'REPLICATION',
}
}
# On the primary node, do a daily DB dump
class { 'postgresql::backup':
do_backups => $do_backups,
}
}
firewall::service { 'postgres':
proto => 'tcp',
port => 5432,
src_sets => ['ANALYTICS_NETWORKS', 'DSE_KUBEPODS_NETWORKS'],
}
# This is a simplistic method of creating users with an identically named database
$users.each |$user, $pass| {
postgresql::user { "${user}-ipv4" :
ensure => present,
user => $user,
database => $user,
password => $pass,
cidr => '10.0.0.0/8',
master => $on_primary,
}
}
$users.each |$user, $pass| {
postgresql::user { "${user}-ipv6" :
ensure => present,
user => $user,
database => $user,
password => $pass,
cidr => '2620:0:860::/46',
master => $on_primary,
}
}
$databases.each |$database| {
postgresql::db { $database:
owner => $database,
require => Class['postgresql::master'],
}
}
}
# Apply the following resources only to replica servers
else {
$require_class = 'postgresql::slave'
class { 'postgresql::slave':
includes => ['tuning.conf'],
master_server => $primary,
root_dir => '/srv/postgres',
replication_pass => $replication_password,
use_ssl => true,
rep_app => "replication-${::hostname}"
}
# On secondary nodes, do an hourly DB dump, keep 2 days of history
class { 'postgresql::backup':
do_backups => $do_backups,
dump_interval => $dump_interval,
rotate_days => 2,
}
}
# Apply the following resources to both primary and replica nodes
postgresql::user { 'prometheus@localhost':
user => 'prometheus',
database => 'postgres',
type => 'local',
method => 'peer',
}
$pgversion = $::lsbdistcodename ? {
'bullseye' => 13,
'bookworm' => 15,
}
# Tuning
file { "/etc/postgresql/${pgversion}/main/tuning.conf":
ensure => present,
owner => 'root',
group => 'root',
mode => '0444',
content => template('profile/analytics/postgresql/tuning.conf.erb'),
}
if $do_backups {
include profile::backup::host
backup::set { 'data-engineering-postgres':
jobdefaults => 'Daily-productionEqiad', # full backups every day
}
}
}
|