From 85afb706edd4ca8cec9426b37c0e472e9af21fcf Mon Sep 17 00:00:00 2001 From: Patrik Lundin Date: Wed, 13 Nov 2024 13:27:58 +0100 Subject: [PATCH] Add initial support for handling a DB server Used to store varnish config etc --- global/overlay/etc/puppet/cosmos-rules.yaml | 3 ++ .../etc/puppet/modules/cdn/manifests/db.pp | 36 +++++++++++++++++++ .../cdn/templates/db/docker-compose.yml.erb | 5 +++ .../overlay/etc/hiera/data/local.eyaml | 3 ++ 4 files changed, 47 insertions(+) create mode 100644 global/overlay/etc/puppet/modules/cdn/manifests/db.pp create mode 100644 global/overlay/etc/puppet/modules/cdn/templates/db/docker-compose.yml.erb create mode 100644 internal-sto3-test-db-1.cdn.sunet.se/overlay/etc/hiera/data/local.eyaml diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index 461997d..411e834 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -37,3 +37,6 @@ '^internal-.+-test-cs-[0-9]+\.cdn\.sunet\.se$': sunet::certbot::acmed: sunet::certbot::sync::server: + +'^internal-.+-test-db-[0-9]+\.cdn\.sunet\.se$': + cdn::db: diff --git a/global/overlay/etc/puppet/modules/cdn/manifests/db.pp b/global/overlay/etc/puppet/modules/cdn/manifests/db.pp new file mode 100644 index 0000000..2306845 --- /dev/null +++ b/global/overlay/etc/puppet/modules/cdn/manifests/db.pp @@ -0,0 +1,36 @@ +# Configure a SUNET CDN DB server +class cdn::db( + String $postgres_version = '17.0-bookworm', +) +{ + + $db_secrets = lookup({ 'name' => 'cdn::db-secrets', 'default_value' => undef }) + + file { '/opt/sunet-cdn': + ensure => directory, + owner => 'root', + group => 'root', + mode => '0755', + } + + file { '/opt/sunet-cdn/compose': + ensure => directory, + owner => 'root', + group => 'root', + mode => '0750', + } + + sunet::nftables::docker_expose { 'expose postgres-db' : + allow_clients => '127.0.0.1', + port => 5432, + iif => $facts['networking']['primary'], + } + + sunet::docker_compose { 'sunet-cdn-ca': + content => template('cdn/db/docker-compose.yml.erb'), + service_name => 'cdn-ca', + compose_dir => '/opt/sunet-cdn/compose', + compose_filename => 'docker-compose.yml', + description => 'SUNET CDN DB', + } +} diff --git a/global/overlay/etc/puppet/modules/cdn/templates/db/docker-compose.yml.erb b/global/overlay/etc/puppet/modules/cdn/templates/db/docker-compose.yml.erb new file mode 100644 index 0000000..f1876ee --- /dev/null +++ b/global/overlay/etc/puppet/modules/cdn/templates/db/docker-compose.yml.erb @@ -0,0 +1,5 @@ +services: + db: + image: "postgres:<%= @postgres_version %>" + environment: + - POSTGRES_PASSWORD=<%= @postgres_password %> diff --git a/internal-sto3-test-db-1.cdn.sunet.se/overlay/etc/hiera/data/local.eyaml b/internal-sto3-test-db-1.cdn.sunet.se/overlay/etc/hiera/data/local.eyaml new file mode 100644 index 0000000..9a389f4 --- /dev/null +++ b/internal-sto3-test-db-1.cdn.sunet.se/overlay/etc/hiera/data/local.eyaml @@ -0,0 +1,3 @@ +--- +cdn::db-secrets: + postgres_password: ENC[PKCS7,MIIDCAYJKoZIhvcNAQcDoIIC+TCCAvUCAQAxggKQMIICjAIBADB0MFwxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxLTArBgNVBAMMJGludGVybmFsLXN0bzMtdGVzdC1kYi0xLmNkbi5zdW5ldC5zZQIUbbUXduFvDLw3OUVWiGrIvFBkkJMwDQYJKoZIhvcNAQEBBQAEggIAGKLk12OT5zsVKd04qsLkFtawdauLYUERXUC3d9FtZNVpwCFDNMnSsruUfasOvyvdaRbm8AUk/nAGuBNjD9HJj8J45KfQUEAPstnZPHndkF51LwU1twFrZvcSnvFANvxh61MzccMz6NVQL5CXsw4IWMDNhUbkhO5cRfxc0SOVugeTZ74BWwpEww9uKVPtfPRKCgJayBq1o/fyQblGsjJbmu/dRCm32gcdZu1lqfDU0DLsnjk14GJpqpP5h6sEfSrdXyFcWzFzdjtLZLL6TfUWYNYX6CnjjRMv1zZ73877DPXt+vvi0Nvqld5CDTXM9ggDWwZKvluVGn7sTyZdwtWLvs1qK4nui7NLfENtBrUi/GOWsxoFa9tmfeeX/cticzzQcUdDNkfaDgmBa/C7lyjlkwyDGvhYdBHycSEJJ8rxncjBGKl79mpWlK0YTsppgD5eXWZSK7gC3PecRqQ7Jri3aBAWymlM7wfJYP8Z5ocEEq7+BLKSk0Z+Npj8PqJkQ0mw96QC5kNY2LfnGTPbBPpyBZRfZh3F2x1fLN+JQN+IgMpzLW2Oce5HWlPn9iTgCiZU/7mRDJKe8wI4gSg+Mf6hWqlC+NIcMOdAcrfvobzx3PVDHletTd0xgdgGEJpOvtpkYCqcdDbFX4kyEntMaMmp32XBcgsUy1b09uHMB2klzncwXAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQereGW4ZbKx3BV6f/PqkgSYAwcqDeq645K3JJOx9su/j9qDcAGxJN1CqIJjkYFBI+/2euykTaCvIqUMhljoDjeJeE]