Puppet Class: profile::analytics::postgresql
- Defined in:
- modules/profile/manifests/analytics/postgresql.pp
Overview
SPDX-License-Identifier: Apache-2.0
Class profile::analytics::postgresql
Set up a postgresql cluster for data engineering purposes.
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 |
# File 'modules/profile/manifests/analytics/postgresql.pp', line 6
class profile::analytics::postgresql (
Stdlib::Host $primary = lookup('profile::analytics::postgresql::primary'),
String $replication_password = lookup('profile::analytics::postgresql::replication_password'),
String $dump_interval = lookup('profile::analytics::postgresql::dump_interval'),
Array[Stdlib::Host] $replicas = lookup('profile::analytics::postgresql::replicas'),
Boolean $ipv6_ok = lookup('profile::analytics::postgresql::ipv6_ok', default_value => true),
Boolean $do_backups = lookup('profile::analytics::postgresql::do_backup', default_value => true),
Array[String] $databases = lookup('profile::analytics::postgresql::databases', default_value => [] ),
Hash[String,String] $users = lookup('profile::analytics::postgresql::users', default_value => {} ),
)
{
# We continue to use non-inclusive language here until T280268 can be addressed
# Inspired by profile::netbox::db
if $primary == $facts['networking']['fqdn'] {
# We do this for the require in postgres::db
$require_class = 'postgresql::master'
class { 'postgresql::master':
root_dir => '/srv/postgres',
use_ssl => true,
}
$on_primary = true
$replicas.each |$secondary| {
$sec_ip4 = ipresolve($secondary, 4)
# Main replication user
postgresql::user { "replication@${secondary}-ipv4":
ensure => present,
user => 'replication',
database => 'replication',
password => $replication_password,
cidr => "${sec_ip4}/32",
master => $on_primary,
attrs => 'REPLICATION',
}
if $ipv6_ok {
$sec_ip6 = ipresolve($secondary, 6)
postgresql::user { "replication@${secondary}-ipv6":
ensure => present,
user => 'replication',
database => 'replication',
password => $replication_password,
cidr => "${sec_ip6}/128",
master => $on_primary,
attrs => 'REPLICATION',
}
}
# On the primary node, do a daily DB dump
class { 'postgresql::backup':
do_backups => $do_backups,
}
}
firewall::service { 'postgres':
proto => 'tcp',
port => 5432,
src_sets => ['ANALYTICS_NETWORKS'],
}
# This is a simplistic method of creating users with an identically named database
$users.each |$user, $pass| {
postgresql::user { "${user}-ipv4" :
ensure => present,
user => $user,
database => $user,
password => $pass,
cidr => '10.0.0.0/8',
master => $on_primary,
}
}
$users.each |$user, $pass| {
postgresql::user { "${user}-ipv6" :
ensure => present,
user => $user,
database => $user,
password => $pass,
cidr => '2620:0:860::/46',
master => $on_primary,
}
}
$databases.each |$database| {
postgresql::db { $database:
owner => $database,
require => Class['postgresql::master'],
}
}
}
# Apply the following resources only to replica servers
else {
$require_class = 'postgresql::slave'
class { 'postgresql::slave':
master_server => $primary,
root_dir => '/srv/postgres',
replication_pass => $replication_password,
use_ssl => true,
rep_app => "replication-${::hostname}"
}
# On secondary nodes, do an hourly DB dump, keep 2 days of history
class { 'postgresql::backup':
do_backups => $do_backups,
dump_interval => $dump_interval,
rotate_days => 2
}
}
# Apply the following resources to both primary and replica nodes
postgresql::user { 'prometheus@localhost':
user => 'prometheus',
database => 'postgres',
type => 'local',
method => 'peer',
}
if $do_backups {
include profile::backup::host
backup::set { 'data-engineering-postgres':
jobdefaults => 'Daily-productionEqiad', # full backups every day
}
}
}
|