puppet: Add VPC subnets to pg_hba.conf

(imported from commit 633bf08bfe2f3695bd6c9ed8584b78971ebe065f)
2025-11-03 13:33:24 +00:00 · 2013-11-22 18:07:17 -05:00
parent bf8fb3c0df
commit 3454680e4b
1 changed files with 18 additions and 2 deletions
--- a/puppet/zulip_internal/files/postgresql/pg_hba.conf
+++ b/puppet/zulip_internal/files/postgresql/pg_hba.conf
@@ -98,11 +98,27 @@ host    all             all             ::1/128                 md5
 #host    replication     postgres        127.0.0.1/32            md5
 #host    replication     postgres        ::1/128                 md5

-hostssl zulip           zulip           10.252.136.89/32        cert # staging
+# App frontends
+hostssl zulip           zulip           10.0.8.0/24             cert # us-west-2b
+hostssl zulip           zulip           10.0.108.0/24           cert # us-west-2a
+hostssl zulip           zulip           10.0.208.0/24           cert # us-west-2c
+
+# Test servers with DB access
+hostssl zulip           zulip           10.0.28.0/24            cert # us-west-2b
+hostssl zulip           zulip           10.0.128.0/24           cert # us-west-2a
+hostssl zulip           zulip           10.0.228.0/24           cert # us-west-2c
+
+# Databases
+# TODO: use certs
+hostssl replication     replicator      10.0.16.0/24            md5 # us-west-2b
+hostssl replication     replicator      10.0.116.0/24           md5 # us-west-2a
+hostssl replication     replicator      10.0.216.0/24           md5 # us-west-2c
+
+# non-VPC entries
 hostssl zulip           zulip           10.254.4.7/32           cert # prod0
 hostssl zulip           zulip           10.226.168.170/32       cert # test1
 hostssl zulip           zulip           54.201.95.104/32        cert # staging public IP
-hostssl zulip           zulip           54.200.19.65/32        cert # prod0 public IP
+hostssl zulip           zulip           54.200.19.65/32         cert # prod0 public IP


 # TODO: use certs