Puppet Class: profile::puppetdb::database

Defined in:
modules/profile/manifests/puppetdb/database.pp

Overview

Class profile::puppetdb::database

Sets up a puppetdb postgresql database.

Parameters:

  • master (Stdlib::Host) (defaults to: lookup('profile::puppetdb::master'))
  • shared_buffers (String) (defaults to: lookup('profile::puppetdb::database::shared_buffers'))
  • replication_password (String) (defaults to: lookup('puppetdb::password::replication'))
  • users (Hash) (defaults to: lookup('profile::puppetdb::database::users'))
  • replication_lag_crit (Integer) (defaults to: lookup('profile::puppetdb::database::replication_lag_crit'))
  • replication_lag_warn (Integer) (defaults to: lookup('profile::puppetdb::database::replication_lag_warn'))
  • log_line_prefix (String) (defaults to: lookup('profile::puppetdb::database::log_line_prefix'))
  • slaves (Array[Stdlib::Host]) (defaults to: lookup('profile::puppetdb::slaves'))
  • ssldir (Optional[Stdlib::Unixpath]) (defaults to: lookup('profile::puppetdb::database::ssldir'))
  • log_min_duration_statement (Optional[Integer[250]]) (defaults to: lookup('profile::puppetdb::database::log_min_duration_statement'))
  • log_autovacuum_min_duration (Optional[Integer]) (defaults to: lookup('profile::puppetdb::database::log_autovacuum_min_duration'))


5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
# File 'modules/profile/manifests/puppetdb/database.pp', line 5

class profile::puppetdb::database(
    Stdlib::Host               $master               = lookup('profile::puppetdb::master'),
    String                     $shared_buffers       = lookup('profile::puppetdb::database::shared_buffers'),
    String                     $replication_password = lookup('puppetdb::password::replication'),
    Hash                       $users                = lookup('profile::puppetdb::database::users'),
    Integer                    $replication_lag_crit = lookup('profile::puppetdb::database::replication_lag_crit'),
    Integer                    $replication_lag_warn = lookup('profile::puppetdb::database::replication_lag_warn'),
    String                     $log_line_prefix      = lookup('profile::puppetdb::database::log_line_prefix'),
    Array[Stdlib::Host]        $slaves               = lookup('profile::puppetdb::slaves'),
    Optional[Stdlib::Unixpath] $ssldir               = lookup('profile::puppetdb::database::ssldir'),
    Optional[Integer[250]] $log_min_duration_statement = lookup('profile::puppetdb::database::log_min_duration_statement'),
    Optional[Integer]      $log_autovacuum_min_duration = lookup('profile::puppetdb::database::log_autovacuum_min_duration'),
) {
    $pgversion = debian::codename() ? {
        'bullseye' => 13,
        'buster'   => 11,
        'stretch'  => 9.6,
    }
    $slave_range = join($slaves, ' ')
    if $master == $facts['networking']['fqdn'] {
        # db_role is only used for the motd in role::puppetdb
        $db_role = 'primary'
        $on_master = true
    } else {
        $db_role = 'replica'
        $on_master = false
    }

    sysctl::parameters { 'postgres_shmem':
        values => {
            # That is derived after tuning postgresql, deriving automatically is
            # not the safest idea yet.
            'kernel.shmmax' => 8388608000,
        },
    }
    if $on_master {
        class { 'postgresql::master':
            includes                    => ['tuning.conf'],
            root_dir                    => '/srv/postgres',
            use_ssl                     => true,
            ssldir                      => $ssldir,
            log_line_prefix             => $log_line_prefix,
            log_min_duration_statement  => $log_min_duration_statement,
            log_autovacuum_min_duration => $log_autovacuum_min_duration,
        }
    } else {
        class { 'postgresql::slave':
            includes         => ['tuning.conf'],
            master_server    => $master,
            root_dir         => '/srv/postgres',
            replication_pass => $replication_password,
            use_ssl          => true,
        }
        class { 'postgresql::slave::monitoring':
            pg_master   => $master,
            pg_user     => 'replication',
            pg_password => $replication_password,
            pg_database => 'puppetdb',
            critical    => $replication_lag_crit,
            warning     => $replication_lag_warn,
        }
    }
    file { "/etc/postgresql/${pgversion}/main/tuning.conf":
        ensure  => 'present',
        owner   => 'root',
        group   => 'root',
        mode    => '0444',
        content => template('puppetmaster/puppetdb/tuning.conf.erb'),
        require => Package["postgresql-${pgversion}"]
    }
    $users.each |$pg_name, $config| {
        postgresql::user { $pg_name:
            * => $config + {'master' => $on_master, 'pgversion' => $pgversion}
        }
    }
    postgresql::db { 'puppetdb':
        owner   => 'puppetdb',
    }
    # Ensure dbs created before grants
    Postgresql::Db<| |> -> Postgresql::Db_grant<| |>

    exec { 'create_tgrm_extension':
        command => '/usr/bin/psql puppetdb -c "create extension pg_trgm"',
        unless  => '/usr/bin/psql puppetdb -c \'\dx\' | /bin/grep -q pg_trgm',
        user    => 'postgres',
        require => Postgresql::Db['puppetdb'],
    }
    # Firewall rules
    # Allow connections from all the slaves
    ferm::service { 'postgresql_puppetdb':
        proto  => 'tcp',
        port   => 5432,
        srange => "@resolve((${slave_range}))",
    }
}