Puppet Class: profile::analytics::postgresql

Defined in:
modules/profile/manifests/analytics/postgresql.pp

Overview

SPDX-License-Identifier: Apache-2.0

Class profile::analytics::postgresql

Set up a postgresql cluster for data engineering purposes.

Parameters:

  • primary (Stdlib::Host) (defaults to: lookup('profile::analytics::postgresql::primary'))
  • replication_password (String) (defaults to: lookup('profile::analytics::postgresql::replication_password'))
  • dump_interval (String) (defaults to: lookup('profile::analytics::postgresql::dump_interval'))
  • replicas (Array[Stdlib::Host]) (defaults to: lookup('profile::analytics::postgresql::replicas'))
  • ipv6_ok (Boolean) (defaults to: lookup('profile::analytics::postgresql::ipv6_ok', default_value => true))
  • do_backups (Boolean) (defaults to: lookup('profile::analytics::postgresql::do_backup', default_value => true))
  • databases (Array[String]) (defaults to: lookup('profile::analytics::postgresql::databases', default_value => [] ))
  • users (Hash[String,String]) (defaults to: lookup('profile::analytics::postgresql::users', default_value => {} ))


6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
# File 'modules/profile/manifests/analytics/postgresql.pp', line 6

class profile::analytics::postgresql (
    Stdlib::Host        $primary              = lookup('profile::analytics::postgresql::primary'),
    String              $replication_password = lookup('profile::analytics::postgresql::replication_password'),
    String              $dump_interval        = lookup('profile::analytics::postgresql::dump_interval'),
    Array[Stdlib::Host] $replicas             = lookup('profile::analytics::postgresql::replicas'),
    Boolean             $ipv6_ok              = lookup('profile::analytics::postgresql::ipv6_ok', default_value => true),
    Boolean             $do_backups           = lookup('profile::analytics::postgresql::do_backup', default_value => true),
    Array[String]       $databases            = lookup('profile::analytics::postgresql::databases', default_value => [] ),
    Hash[String,String] $users                = lookup('profile::analytics::postgresql::users', default_value => {} ),
)
{
  # We continue to use non-inclusive language here until T280268 can be addressed
  # Inspired by profile::netbox::db
  if $primary == $facts['networking']['fqdn'] {
      # We do this for the require in postgres::db
      $require_class = 'postgresql::master'
      class { 'postgresql::master':
          root_dir => '/srv/postgres',
          use_ssl  => true,
      }
      $on_primary = true

      $replicas.each |$secondary| {
      $sec_ip4 = ipresolve($secondary, 4)

      # Main replication user
      postgresql::user { "replication@${secondary}-ipv4":
          ensure   => present,
          user     => 'replication',
          database => 'replication',
          password => $replication_password,
          cidr     => "${sec_ip4}/32",
          master   => $on_primary,
          attrs    => 'REPLICATION',
      }

      if $ipv6_ok {
        $sec_ip6 = ipresolve($secondary, 6)
        postgresql::user { "replication@${secondary}-ipv6":
          ensure   => present,
          user     => 'replication',
          database => 'replication',
          password => $replication_password,
          cidr     => "${sec_ip6}/128",
          master   => $on_primary,
          attrs    => 'REPLICATION',
        }
      }
      # On the primary node, do a daily DB dump
      class { 'postgresql::backup':
        do_backups    => $do_backups,
      }
    }
    firewall::service { 'postgres':
        proto    => 'tcp',
        port     => 5432,
        src_sets => ['ANALYTICS_NETWORKS'],
    }
    # This is a simplistic method of creating users with an identically named database
    $users.each |$user, $pass| {
      postgresql::user { "${user}-ipv4" :
        ensure   => present,
        user     => $user,
        database => $user,
        password => $pass,
        cidr     => '10.0.0.0/8',
        master   => $on_primary,
      }
    }
    $users.each |$user, $pass| {
      postgresql::user { "${user}-ipv6" :
        ensure   => present,
        user     => $user,
        database => $user,
        password => $pass,
        cidr     => '2620:0:860::/46',
        master   => $on_primary,
      }
    }
    $databases.each |$database| {
      postgresql::db { $database:
        owner   => $database,
        require => Class['postgresql::master'],
      }
    }
  }
  # Apply the following resources only to replica servers
  else {
      $require_class = 'postgresql::slave'
      class { 'postgresql::slave':
          master_server    => $primary,
          root_dir         => '/srv/postgres',
          replication_pass => $replication_password,
          use_ssl          => true,
          rep_app          => "replication-${::hostname}"
      }

      # On secondary nodes, do an hourly DB dump, keep 2 days of history
      class { 'postgresql::backup':
        do_backups    => $do_backups,
        dump_interval => $dump_interval,
        rotate_days   => 2
      }
    }

  # Apply the following resources to both primary and replica nodes
  postgresql::user { 'prometheus@localhost':
    user     => 'prometheus',
    database => 'postgres',
    type     => 'local',
    method   => 'peer',
  }
  if $do_backups {
    include profile::backup::host
    backup::set { 'data-engineering-postgres':
      jobdefaults => 'Daily-productionEqiad', # full backups every day
    }
  }
}