paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-10-24 00:23:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
c9141785fd50f34bde5eb6fc474223eac5768f37
zulip/puppet/zulip_ops/manifests/profile/postgresql.pp
Alex Vandiver c9141785fd puppet: Use concat fragments to place port allows next to services. 
This means that services will only open their ports if they are
actually run, without having to clutter rules.v4 with a log of `if`
statements.

This does not go as far as using `puppetlabs/firewall`[1] because that
would represent an additional DSL to learn; raw IPtables sections can
easily be inserted into the generated iptables file via
`concat::fragment` (either inline, or as a separate file), but config
can be centralized next to the appropriate service.

[1] https://forge.puppet.com/modules/puppetlabs/firewall
2021-05-27 21:14:48 -07:00

45 lines
1.4 KiB
Puppet
Raw Blame History

class zulip_ops::profile::postgresql {
include zulip_ops::profile::base
include zulip::profile::postgresql
$common_packages = ['xfsprogs']
package { $common_packages: ensure => 'installed' }
zulip_ops::firewall_allow{ 'postgresql': }
file { '/etc/sysctl.d/40-postgresql.conf':
ensure => file,
owner => 'root',
group => 'root',
mode => '0644',
source => 'puppet:///modules/zulip_ops/postgresql/40-postgresql.conf',
}
exec { 'sysctl_p':
command => '/sbin/sysctl -p /etc/sysctl.d/40-postgresql.conf',
subscribe => File['/etc/sysctl.d/40-postgresql.conf'],
refreshonly => true,
}
file { '/root/setup_disks.sh':
ensure => file,
owner => 'root',
group => 'root',
mode => '0744',
source => 'puppet:///modules/zulip_ops/postgresql/setup_disks.sh',
}
exec { 'setup_disks':
command => '/root/setup_disks.sh',
require => Package["postgresql-${zulip::postgresql_common::version}", 'xfsprogs'],
unless => 'test $(readlink /var/lib/postgresql) = "/srv/postgresql/" -a -d /srv/postgresql',
}
file { "${zulip::postgresql_base::postgresql_confdir}/pg_hba.conf":
ensure => file,
require => Package["postgresql-${zulip::postgresql_common::version}"],
owner => 'postgres',
group => 'postgres',
mode => '0640',
source => 'puppet:///modules/zulip_ops/postgresql/pg_hba.conf',
}
}
Reference in New Issue View Git Blame Copy Permalink