Puppet Class: puppetmaster::puppetdb::database

Defined in:
modules/puppetmaster/manifests/puppetdb/database.pp

Overview

Class puppetmaster::puppetdb::database

Sets up the postgresql database

Parameters

master

is the master server fqdn

pgversion

The postgresql version.

shared_buffers

The size of the postgresql shared buffer to use

replication_pass

The replication password

puppetdb_pass

Password for the puppetdb user,

puppetdb_users

Hash of users to create (if any), additionally to the local ones

Parameters:

  • master (String)
  • pgversion (Enum['9.6', '11'])
  • shared_buffers (String)
  • replication_pass (String)
  • puppetdb_pass (String)
  • ssldir (Optional[String]) (defaults to: undef)
  • puppetdb_users (Hash) (defaults to: {})


18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
# File 'modules/puppetmaster/manifests/puppetdb/database.pp', line 18

class puppetmaster::puppetdb::database(
    String $master,
    Enum['9.6', '11'] $pgversion,
    String $shared_buffers,
    String $replication_pass,
    String $puppetdb_pass,
    Optional[String] $ssldir = undef,
    Hash $puppetdb_users={},
) {
    # Tuning
    file { "/etc/postgresql/${pgversion}/main/tuning.conf":
        ensure  => 'present',
        owner   => 'root',
        group   => 'root',
        mode    => '0444',
        content => template('puppetmaster/puppetdb/tuning.conf.erb'),
        require => Package["postgresql-${pgversion}"]
    }

    sysctl::parameters { 'postgres_shmem':
        values => {
            # That is derived after tuning postgresql, deriving automatically is
            # not the safest idea yet.
            'kernel.shmmax' => 8388608000,
        },
    }

    $on_master = ($master == $::fqdn)
    if $on_master {
        class { '::postgresql::master':
            includes => ['tuning.conf'],
            root_dir => '/srv/postgres',
            use_ssl  => true,
            ssldir   => $ssldir,
        }
    } else {
        class { '::postgresql::slave':
            includes         => ['tuning.conf'],
            master_server    => $master,
            root_dir         => '/srv/postgres',
            replication_pass => $replication_pass,
            use_ssl          => true,
        }
    }

    # Postgres users
    $puppetdb_users.each |$pg_name, $config| {
        # TODO: make this more flexible?
        $pass = $config['attrs'] ? {
            'REPLICATION' => $replication_pass,
            default       => $puppetdb_pass,
        }

        $additional_config = {'master' => $on_master, 'pgversion' => $pgversion, 'password' => $pass}
        $actual_config = merge($config, $additional_config)

        postgresql::user { $pg_name:
            * => $actual_config
        }
    }
    # Create the puppetdb user for localhost
    # This works on every server and is used for read-only db lookups
    postgresql::user { 'puppetdb@localhost':
        ensure    => present,
        user      => 'puppetdb',
        database  => 'puppetdb',
        password  => $puppetdb_pass,
        cidr      => "${::ipaddress}/32",
        pgversion => $pgversion,
        master    => $on_master,
    }

    postgresql::user { 'prometheus@localhost':
        user     => 'prometheus',
        database => 'postgres',
        type     => 'local',
        method   => 'peer',
    }

    # Create the database
    postgresql::db { 'puppetdb':
        owner   => 'puppetdb',
    }

    exec { 'create_tgrm_extension':
        command => '/usr/bin/psql puppetdb -c "create extension pg_trgm"',
        unless  => '/usr/bin/psql puppetdb -c \'\dx\' | /bin/grep -q pg_trgm',
        user    => 'postgres',
        require => Postgresql::Db['puppetdb'],
    }
}