Puppet Class: puppet_operational_dashboards::profile::foss_postgres_access

Defined in:
manifests/profile/foss_postgres_access.pp

Summary

Allows Telegraf to connect and collect metrics from postgres nodes

Overview

Examples:

Basic usage

include puppet_operational_dashboards::profile::foss_postgres_access

Parameters:

  • telegraf_hosts (Array) (defaults to: puppet_operational_dashboards::hosts_with_profile('Puppet_operational_dashboards::Telegraf::Agent'))

    A list of FQDNs running Telegraf to allow access to

  • telegraf_user (String) (defaults to: 'telegraf')

    Username for the Telegraf client to use in the postgres connection string



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
 
# File 'manifests/profile/foss_postgres_access.pp', line 8

class puppet_operational_dashboards::profile::foss_postgres_access (
  Array $telegraf_hosts = puppet_operational_dashboards::hosts_with_profile('Puppet_operational_dashboards::Telegraf::Agent'),
  String $telegraf_user = 'telegraf',
) {
  postgresql::server::role { $telegraf_user:
    ensure => present,
    db     => 'puppetdb',
  }

  postgresql::server::database_grant { "puppetdb grant connect to ${telegraf_user}":
    privilege => 'CONNECT',
    db        => 'puppetdb',
    role      => $telegraf_user,
    require   => Postgresql::Server::Role[$telegraf_user],
  }

  postgresql::server::grant_role { 'monitoring':
    group   => 'pg_monitor',
    role    => $telegraf_user,
    require => Postgresql::Server::Role[$telegraf_user],
  }

  postgresql::server::pg_hba_rule { "Allow certificate mapped connections to puppetdb as ${telegraf_user} (ipv4)":
    type        => 'hostssl',
    database    => 'puppetdb',
    user        => $telegraf_user,
    address     => '0.0.0.0/0',
    auth_method => 'cert',
    order       => 0,
    auth_option => 'map=puppetdb-telegraf-map clientcert=1',
  }

  postgresql::server::pg_hba_rule { "Allow certificate mapped connections to puppetdb as ${telegraf_user} (ipv6)":
    type        => 'hostssl',
    database    => 'puppetdb',
    user        => $telegraf_user,
    address     => '::0/0',
    auth_method => 'cert',
    order       => 0,
    auth_option => 'map=puppetdb-telegraf-map clientcert=1',
  }
  $telegraf_hosts.each |$host| {
    postgresql::server::pg_ident_rule { "Map the SSL certificate of ${host} as a puppetdb user":
      map_name          => 'puppetdb-telegraf-map',
      system_username   => $host,
      database_username => $telegraf_user,
    }
  }
}