Puppet Class: puppet_operational_dashboards::profile::postgres_access

Defined in:
manifests/profile/postgres_access.pp

Summary

Allows Telegraf to connect and collect metrics from postgres nodes

Overview

Examples:

Basic usage

include puppet_operational_dashboards::profile::postgres_access

Parameters:

  • telegraf_hosts (Array) (defaults to: puppet_operational_dashboards::hosts_with_profile('Puppet_operational_dashboards::Telegraf::Agent'))

    A list of FQDNs running Telegraf to allow access to



6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'manifests/profile/postgres_access.pp', line 6

class puppet_operational_dashboards::profile::postgres_access (
  Array $telegraf_hosts = puppet_operational_dashboards::hosts_with_profile('Puppet_operational_dashboards::Telegraf::Agent'),
) {
  $ident_file = "/opt/puppetlabs/server/data/postgresql/${facts['pe_postgresql_info']['installed_server_version']}/data/pg_ident.conf"

  pe_postgresql_psql { 'CREATE ROLE telegraf LOGIN':
    db         => 'pe-puppetdb',
    port       => '5432',
    psql_user  => 'pe-postgres',
    psql_group => 'pe-postgres',
    unless     => "SELECT rolname FROM pg_roles WHERE rolname='telegraf'",
    psql_path  => '/opt/puppetlabs/server/bin/psql',
    require    => Class['Pe_postgresql::Server'],
  }

  pe_postgresql::server::database_grant { 'operational_dashboards_telegraf':
    privilege => 'CONNECT',
    db        => 'pe-puppetdb',
    role      => 'telegraf',
    require   => Pe_postgresql_psql['CREATE ROLE telegraf LOGIN'],
  }

  pe_postgresql_psql { 'telegraf_pg_monitor_grant':
    db         => 'pe-puppetdb',
    port       => '5432',
    psql_user  => 'pe-postgres',
    psql_group => 'pe-postgres',
    command    => 'GRANT pg_monitor TO telegraf',
    unless     => "select 1 from pg_roles where pg_has_role( 'telegraf', 'pg_monitor', 'member')",
    psql_path  => '/opt/puppetlabs/server/bin/psql',
    require    => Pe_postgresql_psql['CREATE ROLE telegraf LOGIN'],
  }

  $telegraf_hosts.each |$host| {
    puppet_enterprise::pg::cert_allowlist_entry { "telegraf_${host}":
      user                          => 'telegraf',
      database                      => 'pe-puppetdb',
      allowed_client_certname       => $host,
      pg_ident_conf_path            => $ident_file,
      ip_mask_allow_all_users_ssl   => '0.0.0.0/0',
      ipv6_mask_allow_all_users_ssl => '::/0',
    }
  }
}