Drive/sunetdrive
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Allow connections from kubeservers to multinode db

Browse source
This commit is contained in:
Micke Nordin 2023-09-28 11:04:47 +02:00
parent 0e5653aa0c
commit a21ea6fdd5
Signed by untrusted user: Micke
GPG key ID: 0DA0A7A5708FE257
1 changed files with 57 additions and 70 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

127
manifests/db_type.pp
View file

@ -7,51 +7,42 @@ define sunetdrive::db_type(
$override_compose = undef, $override_compose = undef,
) )
{ {
# Config from group.yaml # Config from group.yaml
$environment = sunetdrive::get_environment() $environment = sunetdrive::get_environment()
$mariadb_version = hiera("mariadb_version_${environment}") $mariadb_version = hiera("mariadb_version_${environment}")
$is_multinode = (($override_config != undef) and ($override_compose != undef)) $config = hiera_hash($environment)
if $is_multinode { $mysql_root_password = safe_hiera('mysql_root_password')
$config = $override_config $backup_password = safe_hiera('backup_password')
$mysql_root_password = $config['mysql_root_password'] $proxysql_password = safe_hiera('proxysql_password')
$mysql_user_password = $config['mysql_user_password'] $mysql_user_password = safe_hiera('mysql_user_password')
$backup_password = $config['backup_password'] $mariadb_dir = '/etc/mariadb'
$mariadb_dir = $config['mariadb_dir'] $mycnf_path = 'sunetdrive/mariadb/my.cnf.erb'
$mycnf_path = $config['mycnf_path'] $server_id = 1000 + Integer($facts['networking']['hostname'][-1])
$server_id = '1000' ensure_resource('file',$mariadb_dir, { ensure => directory, recurse => true } )
} else { $dirs = ['datadir', 'init', 'conf', 'backups', 'scripts' ]
$config = hiera_hash($environment) $dirs.each |$dir| {
$mysql_root_password = safe_hiera('mysql_root_password') ensure_resource('file',"${mariadb_dir}/${dir}", { ensure => directory, recurse => true } )
$backup_password = safe_hiera('backup_password')
$proxysql_password = safe_hiera('proxysql_password')
$mysql_user_password = safe_hiera('mysql_user_password')
$mariadb_dir = '/etc/mariadb'
$mycnf_path = 'sunetdrive/mariadb/my.cnf.erb'
$server_id = 1000 + Integer($facts['networking']['hostname'][-1])
ensure_resource('file',$mariadb_dir, { ensure => directory, recurse => true } )
$dirs = ['datadir', 'init', 'conf', 'backups', 'scripts' ]
$dirs.each |$dir| {
ensure_resource('file',"${mariadb_dir}/${dir}", { ensure => directory, recurse => true } )
}
} }
$nextcloud_ip = $config['app'] $nextcloud_ip = $config['app']
unless $is_multinode { $db_ip = $config['db']
$db_ip = $config['db'] $db_ipv6 = $config['db_v6']
$db_ipv6 = $config['db_v6'] $backup_ip = $config['backup']
$backup_ip = $config['backup'] $backup_ipv6 = $config['backup_v6']
$backup_ipv6 = $config['backup_v6'] $ports = [3306, 4444, 4567, 4568]
$ports = [3306, 4444, 4567, 4568] if $location =~ /^multinode/ {
$from = $db_ip + $nextcloud_ip + $backup_ip + $backup_ipv6 + $db_ipv6 + $config['kube'] + $config['kube_v6']
sunet::misc::ufw_allow { 'mariadb_ports': } else {
from => $db_ip + $nextcloud_ip + $backup_ip + $backup_ipv6 + $db_ipv6, $from = $db_ip + $nextcloud_ip + $backup_ip + $backup_ipv6 + $db_ipv6
port => $ports,
}
sunet::system_user {'mysql': username => 'mysql', group => 'mysql' }
} }
sunet::misc::ufw_allow { 'mariadb_ports':
from => $from,
port => $ports,
}
sunet::system_user {'mysql': username => 'mysql', group => 'mysql' }
if $location =~ /^lookup/ { if $location =~ /^lookup/ {
$sql_files = ['02-backup_user.sql', '03-proxysql.sql', '05-lookup.sql'] $sql_files = ['02-backup_user.sql', '03-proxysql.sql', '05-lookup.sql']
@ -97,39 +88,35 @@ define sunetdrive::db_type(
ok_criteria => ['exit_status=0','max_age=2d'], ok_criteria => ['exit_status=0','max_age=2d'],
warn_criteria => ['exit_status=1','max_age=3d'], warn_criteria => ['exit_status=1','max_age=3d'],
} }
if $is_multinode { file { '/usr/local/bin/size-test':
$docker_compose = $override_compose ensure => present,
} else { content => template('sunetdrive/mariadb/size-test.erb'),
file { '/usr/local/bin/size-test': mode => '0744',
ensure => present, }
content => template('sunetdrive/mariadb/size-test.erb'), file { '/usr/local/bin/status-test':
mode => '0744', ensure => present,
} content => template('sunetdrive/mariadb/status-test.erb'),
file { '/usr/local/bin/status-test': mode => '0744',
ensure => present, }
content => template('sunetdrive/mariadb/status-test.erb'), file { '/etc/sudoers.d/99-size-test':
mode => '0744', ensure => file,
} content => "script ALL=(root) NOPASSWD: /usr/local/bin/size-test\n",
file { '/etc/sudoers.d/99-size-test': mode => '0440',
ensure => file, owner => 'root',
content => "script ALL=(root) NOPASSWD: /usr/local/bin/size-test\n", group => 'root',
mode => '0440', }
owner => 'root', file { '/etc/sudoers.d/99-status-test':
group => 'root', ensure => file,
} content => "script ALL=(root) NOPASSWD: /usr/local/bin/status-test\n",
file { '/etc/sudoers.d/99-status-test': mode => '0440',
ensure => file, owner => 'root',
content => "script ALL=(root) NOPASSWD: /usr/local/bin/status-test\n", group => 'root',
mode => '0440', }
owner => 'root', $docker_compose = sunet::docker_compose { 'drive_mariadb_docker_compose':
group => 'root', content => template('sunetdrive/mariadb/docker-compose_mariadb.yml.erb'),
} service_name => 'mariadb',
$docker_compose = sunet::docker_compose { 'drive_mariadb_docker_compose': compose_dir => '/opt/',
content => template('sunetdrive/mariadb/docker-compose_mariadb.yml.erb'), compose_filename => 'docker-compose.yml',
service_name => 'mariadb', description => 'Mariadb server',
compose_dir => '/opt/',
compose_filename => 'docker-compose.yml',
description => 'Mariadb server',
}
} }
} }