Add initial support for handling a DB server

Used to store varnish config etc
2024-11-13 13:27:58 +01:00 · 2024-11-13 13:27:58 +01:00 · 85afb706ed
parent 78894e7500
commit 85afb706ed
4 changed files with 47 additions and 0 deletions
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@ -37,3 +37,6 @@
 '^internal-.+-test-cs-[0-9]+\.cdn\.sunet\.se$':
  sunet::certbot::acmed:
  sunet::certbot::sync::server:
 '^internal-.+-test-db-[0-9]+\.cdn\.sunet\.se$':
  cdn::db:
--- a/global/overlay/etc/puppet/modules/cdn/manifests/db.pp
+++ b/global/overlay/etc/puppet/modules/cdn/manifests/db.pp
@ -0,0 +1,36 @@
 # Configure a SUNET CDN DB server
 class cdn::db(
  String $postgres_version = '17.0-bookworm',
 )
 {
  $db_secrets = lookup({ 'name' => 'cdn::db-secrets', 'default_value' => undef })
  file { '/opt/sunet-cdn':
    ensure => directory,
    owner  => 'root',
    group  => 'root',
    mode   => '0755',
  }
  file { '/opt/sunet-cdn/compose':
    ensure => directory,
    owner  => 'root',
    group  => 'root',
    mode   => '0750',
  }
  sunet::nftables::docker_expose { 'expose postgres-db' :
    allow_clients => '127.0.0.1',
    port          => 5432,
    iif           => $facts['networking']['primary'],
  }
  sunet::docker_compose { 'sunet-cdn-ca':
    content          => template('cdn/db/docker-compose.yml.erb'),
    service_name     => 'cdn-ca',
    compose_dir      => '/opt/sunet-cdn/compose',
    compose_filename => 'docker-compose.yml',
    description      => 'SUNET CDN DB',
  }
 }
--- a/global/overlay/etc/puppet/modules/cdn/templates/db/docker-compose.yml.erb
+++ b/global/overlay/etc/puppet/modules/cdn/templates/db/docker-compose.yml.erb
@ -0,0 +1,5 @@
 services:
  db:
    image: "postgres:<%= @postgres_version %>"
    environment:
      - POSTGRES_PASSWORD=<%= @postgres_password %>
--- a/internal-sto3-test-db-1.cdn.sunet.se/overlay/etc/hiera/data/local.eyaml
+++ b/internal-sto3-test-db-1.cdn.sunet.se/overlay/etc/hiera/data/local.eyaml
@ -0,0 +1,3 @@
 ---
 cdn::db-secrets:
  postgres_password: ENC[PKCS7,MIIDCAYJKoZIhvcNAQcDoIIC+TCCAvUCAQAxggKQMIICjAIBADB0MFwxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxLTArBgNVBAMMJGludGVybmFsLXN0bzMtdGVzdC1kYi0xLmNkbi5zdW5ldC5zZQIUbbUXduFvDLw3OUVWiGrIvFBkkJMwDQYJKoZIhvcNAQEBBQAEggIAGKLk12OT5zsVKd04qsLkFtawdauLYUERXUC3d9FtZNVpwCFDNMnSsruUfasOvyvdaRbm8AUk/nAGuBNjD9HJj8J45KfQUEAPstnZPHndkF51LwU1twFrZvcSnvFANvxh61MzccMz6NVQL5CXsw4IWMDNhUbkhO5cRfxc0SOVugeTZ74BWwpEww9uKVPtfPRKCgJayBq1o/fyQblGsjJbmu/dRCm32gcdZu1lqfDU0DLsnjk14GJpqpP5h6sEfSrdXyFcWzFzdjtLZLL6TfUWYNYX6CnjjRMv1zZ73877DPXt+vvi0Nvqld5CDTXM9ggDWwZKvluVGn7sTyZdwtWLvs1qK4nui7NLfENtBrUi/GOWsxoFa9tmfeeX/cticzzQcUdDNkfaDgmBa/C7lyjlkwyDGvhYdBHycSEJJ8rxncjBGKl79mpWlK0YTsppgD5eXWZSK7gC3PecRqQ7Jri3aBAWymlM7wfJYP8Z5ocEEq7+BLKSk0Z+Npj8PqJkQ0mw96QC5kNY2LfnGTPbBPpyBZRfZh3F2x1fLN+JQN+IgMpzLW2Oce5HWlPn9iTgCiZU/7mRDJKe8wI4gSg+Mf6hWqlC+NIcMOdAcrfvobzx3PVDHletTd0xgdgGEJpOvtpkYCqcdDbFX4kyEntMaMmp32XBcgsUy1b09uHMB2klzncwXAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQereGW4ZbKx3BV6f/PqkgSYAwcqDeq645K3JJOx9su/j9qDcAGxJN1CqIJjkYFBI+/2euykTaCvIqUMhljoDjeJeE]