From c4fcffcb40aa0e50b867d4734c724e63cd1cca48 Mon Sep 17 00:00:00 2001 From: 12ww1160 Date: Fri, 5 Dec 2025 13:06:10 +0100 Subject: [PATCH] add bouncer --- manifests/bouncer/bouncer.pp | 26 ++++++++++++++++++++++ manifests/bouncer/bouncer_rule.pp | 26 ++++++++++++++++++++++ manifests/bouncer/service.pp | 18 +++++++++++++++ manifests/exporter/dirs.pp | 2 +- manifests/exporter/files.pp | 2 +- manifests/exporter/service.pp | 2 +- manifests/firewall/iptables.pp | 2 +- manifests/init.pp | 2 +- manifests/main/config.pp | 5 ++++- manifests/main/dirs.pp | 2 +- manifests/main/files.pp | 2 +- manifests/main/install.pp | 2 +- manifests/params.pp | 20 ++++++++++++++++- manifests/server/databases/db_df.pp | 2 +- manifests/server/initdb.pp | 2 +- manifests/server/pghba/pg_hba_rule.pp | 4 ++-- manifests/server/roles/role_df.pp | 2 +- manifests/server/service.pp | 2 +- templates/server/bouncer/bouncer_rule.erb | 1 + templates/server/bouncer/pgbouncer.ini.erb | 11 +++++++++ 20 files changed, 119 insertions(+), 16 deletions(-) create mode 100644 manifests/bouncer/bouncer.pp create mode 100644 manifests/bouncer/bouncer_rule.pp create mode 100644 manifests/bouncer/service.pp create mode 100644 templates/server/bouncer/bouncer_rule.erb create mode 100644 templates/server/bouncer/pgbouncer.ini.erb diff --git a/manifests/bouncer/bouncer.pp b/manifests/bouncer/bouncer.pp new file mode 100644 index 0000000..78b0121 --- /dev/null +++ b/manifests/bouncer/bouncer.pp @@ -0,0 +1,26 @@ +## confdroid_postgresql::bouncer::bouncer.pp +# Module name: confdroid_postgresql +# Author: Arne Teuke (12ww1160@confdroid.com) +# @summary Class manages the pgbouncer service +############################################################################### +class confdroid_postgresql::bouncer::bouncer ( + +) inherits confdroid_postgresql::params { + if ($fqdn == $pl_server_fqdn) and ($pl_use_pg_bouncer == true) { + # create the pgbouncer.ini file + + concat { $pl_bouncer_ini_file: + ensure => present, + owner => 'postgres', + mode => '0600', + notify => Service[$pl_service], + } + + # manage file header + concat::fragment { 'header': + target => $pl_bouncer_ini_file, + content => template($pl_bouncer_ini_erb), + order => '000', + } + } +} diff --git a/manifests/bouncer/bouncer_rule.pp b/manifests/bouncer/bouncer_rule.pp new file mode 100644 index 0000000..96d3c69 --- /dev/null +++ b/manifests/bouncer/bouncer_rule.pp @@ -0,0 +1,26 @@ +# confdroid_postgresql::bouncer::rule.pp +# Module name: confdroid_postgresql +# Author: Arne Teuke (12ww1160@confdroid.com) +# @summary define manages rule entries for bouncer rules +# @see https://www.postgresql.org/docs/9.6/static/auth-pg-hba-conf.html +# @param [String] pl_bouncer_db_name db name for the bouncer rule +# @param [String] pl_bouncer_host IP of the db host to bounce to +# @param [String] pl_bouncer_port port of the db host to bounce to +############################################################################## +define confdroid_postgresql::bouncer::rule ( + + String $pl_bouncer_db_name = undef, + String $pl_bouncer_host = '127.0.0.1', + String $pl_bouncer_port = '5432', + String $pl_bounce_order = undef, + +) { + $pl_bouncer_ini_file = $confdroid_postgresql::params::pl_bouncer_ini_file + $pl_bouncer_ini_erb = $confdroid_postgresql::params::pl_bouncer_ini_erb + + concat::fragment { "pl_bouncer_rule_${name}": + target => $pl_bouncer_ini_file, + content => template($pl_bouncer_ini_erb), + order => $pl_bounce_order, + } +} diff --git a/manifests/bouncer/service.pp b/manifests/bouncer/service.pp new file mode 100644 index 0000000..d248732 --- /dev/null +++ b/manifests/bouncer/service.pp @@ -0,0 +1,18 @@ +## confdroid_postgresql::bouncer::service.pp +# Module name: confdroid_postgresql +# Author: Arne Teuke (12ww1160@confdroid.com) +# @summary Class manages the pgbouncer service +############################################################################### +class confdroid_postgresql::bouncer::service ( + +) inherits confdroid_postgresql::params { + if ($fqdn == $pl_server_fqdn) and ($pl_use_pg_bouncer == true) { + require confdroid_postgresql::bouncer::bouncer + service { $pl_bouncer_service: + ensure => running, + hasstatus => true, + hasrestart => true, + enable => true, + } + } +} diff --git a/manifests/exporter/dirs.pp b/manifests/exporter/dirs.pp index b14389a..b3fe7d2 100644 --- a/manifests/exporter/dirs.pp +++ b/manifests/exporter/dirs.pp @@ -1,6 +1,6 @@ ## confdroid_postgresql::exporter::dirs.pp # Module name: confdroid_postgresql -# Author: Arne Teuke (arne_teuke@confdroid.com) +# Author: Arne Teuke (12ww1160@confdroid.com) # @summary Class manages the postgresql exporter dirs ############################################################################### class confdroid_postgresql::exporter::dirs ( diff --git a/manifests/exporter/files.pp b/manifests/exporter/files.pp index 11b4bdc..07f31a5 100644 --- a/manifests/exporter/files.pp +++ b/manifests/exporter/files.pp @@ -1,6 +1,6 @@ ## confdroid_postgresql::exporter::files.pp # Module name: confdroid_postgresql -# Author: Arne Teuke (arne_teuke@confdroid.com) +# Author: Arne Teuke (12ww1160@confdroid.com) # @summary Class manages the postgresql exporter files ############################################################################### class confdroid_postgresql::exporter::files ( diff --git a/manifests/exporter/service.pp b/manifests/exporter/service.pp index 14a1ba4..58f364d 100644 --- a/manifests/exporter/service.pp +++ b/manifests/exporter/service.pp @@ -1,6 +1,6 @@ ## confdroid_postgresql::exporter::service.pp # Module name: confdroid_postgresql -# Author: Arne Teuke (arne_teuke@confdroid.com) +# Author: Arne Teuke (12ww1160@confdroid.com) # @summary Class manages the postgresql exporter service ############################################################################### class confdroid_postgresql::exporter::service ( diff --git a/manifests/firewall/iptables.pp b/manifests/firewall/iptables.pp index 8d9c6ac..76dca56 100644 --- a/manifests/firewall/iptables.pp +++ b/manifests/firewall/iptables.pp @@ -1,6 +1,6 @@ ## confdroid_postgresql::firewall::iptables.pp # Module name: confdroid_postgresql -# Author: Arne Teuke (arne_teuke@confdroid.com) +# Author: Arne Teuke (12ww1160@confdroid.com) # @summary Class manages the alloy iptables ############################################################################### class confdroid_postgresql::firewall::iptables ( diff --git a/manifests/init.pp b/manifests/init.pp index ea517d5..a1d56cf 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,6 +1,6 @@ ## confdroid_postgresql::init.pp # Module name: confdroid_postgresql -# Author: Arne Teuke (arne_teuke@confdroid.com) +# Author: Arne Teuke (12ww1160@confdroid.com) # @summary Class initializes the confdroid_postgresql module. ############################################################################## class confdroid_postgresql { diff --git a/manifests/main/config.pp b/manifests/main/config.pp index 7653c95..ce47f83 100644 --- a/manifests/main/config.pp +++ b/manifests/main/config.pp @@ -1,6 +1,6 @@ ## confdroid_postgresql::main::config.pp # Module name: confdroid_postgresql -# Author: Arne Teuke (arne_teuke@confdroid.com) +# Author: Arne Teuke (12ww1160@confdroid.com) # @summary Class manages logic for the confdroid_postgresql module. ############################################################################## class confdroid_postgresql::main::config ( @@ -12,6 +12,9 @@ class confdroid_postgresql::main::config ( include confdroid_postgresql::server::service # if $pl_use_exporter == true { # include confdroid_postgresql::exporter::service +# } +# if $pl_use_pg_bouncer == true { +# include confdroid_postgresql::bouncer::service # } } } diff --git a/manifests/main/dirs.pp b/manifests/main/dirs.pp index 54389d3..8ddea72 100644 --- a/manifests/main/dirs.pp +++ b/manifests/main/dirs.pp @@ -1,6 +1,6 @@ ## confdroid_postgresql::main::dirs.pp # Module name: confdroid_postgresql -# Author: Arne Teuke (arne_teuke@confdroid.com) +# Author: Arne Teuke (12ww1160@confdroid.com) # @summary Class manages logic for the confdroid_postgresql module. ############################################################################## class confdroid_postgresql::main::dirs ( diff --git a/manifests/main/files.pp b/manifests/main/files.pp index 5ec8988..0fe5344 100644 --- a/manifests/main/files.pp +++ b/manifests/main/files.pp @@ -1,6 +1,6 @@ ## confdroid_postgresql::main::files.pp # Module name: confdroid_postgresql -# Author: Arne Teuke (arne_teuke@confdroid.com) +# Author: Arne Teuke (12ww1160@confdroid.com) # @summary Class manages logic for the confdroid_postgresql module. ############################################################################## class confdroid_postgresql::main::files ( diff --git a/manifests/main/install.pp b/manifests/main/install.pp index 5d7b59d..3ac89ec 100644 --- a/manifests/main/install.pp +++ b/manifests/main/install.pp @@ -1,6 +1,6 @@ ## confdroid_postgresql::main::install.pp # Module name: confdroid_postgresql -# Author: Arne Teuke (arne_teuke@confdroid.com) +# Author: Arne Teuke (12ww1160@confdroid.com) # @summary Class manages logic for the confdroid_postgresql module. ############################################################################## class confdroid_postgresql::main::install ( diff --git a/manifests/params.pp b/manifests/params.pp index dedbe09..369e396 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -1,12 +1,13 @@ ## confdroid_postgresql::params.pp # Module name: confdroid_postgresql -# Author: Arne Teuke (arne_teuke@confdroid.com) +# Author: Arne Teuke (12ww1160@confdroid.com) # @summary Class contains all parameters for the confdroid_postgresql module. # @param [String] pl_server_fqdn the fqdn of the postgresql server. Any other # system will be configured as client # @param [Array] reqpackages_server the packages for the server # @param [String] reqpackages_extensions the packages for extensions # @param [String] reqpackages_client the packages for the client +# @param [String] reqpackages_bouncer the packages for the bouncer # @param [String] pkg_ensure which version of the packages to install, i.e. # 'latest', 'present' '13.20', # @param [String] pl_fw_rule_order the prefix for the firewall rule @@ -26,6 +27,13 @@ # @param [String] pl_install_dir the path for the postgres-exporter files # @param [String] pl_idle_timeout idle_in_transaction_session_timeout # @param [Boolean] pl_use_pg_bouncer whether to use the pc_bouncer +# @param [String] pl_bouncer_listen_addr bouncer listen address +# @param [String] pl_bouncer_port bouncer listen port +# @param [String] pl_bouncer_auth_file bouncer auth file +# @param [String] pl_bouncer_auth_mode bouncer auth mode +# @param [String] pl_bouncer_pool_mode bouncer pool mode +# @param [String] pl_bouncer_mx_cl_conn bouncer max client connections +# @param [String] pl_bouncer_pool_size bouncer default pool size ############################################################################## class confdroid_postgresql::params ( @@ -62,6 +70,13 @@ class confdroid_postgresql::params ( # pg bouncer Boolean $pl_use_pg_bouncer = false, + String $pl_bouncer_listen_addr = '0.0.0.0', + String $pl_bouncer_port = '6432', + String $pl_bouncer_auth_file = '/etc/pgbouncer/userlist.txt', + String $pl_bouncer_auth_mode = 'md5', + String $pl_bouncer_pool_mode = 'transaction', + String $pl_bouncer_mx_cl_conn = '100', + String $pl_bouncer_pool_size = '20', ) { $fqdn = $facts['networking']['fqdn'] @@ -76,10 +91,13 @@ class confdroid_postgresql::params ( $pl_pg_hba_conf = "${pl_data_dir}/pg_hba.conf" $pl_pg_hba_rule_conf = 'confdroid_postgresql/server/pghba/pg_hba_rule.conf.erb' $pl_pg_hba_conf_erb = 'confdroid_postgresql/server/pghba/pg_hba.conf.erb' + $pl_bouncer_ini_file = '/etc/pgbouncer/pgbouncer.ini', + $pl_bouncer_ini_erb = 'confdroid_postgresql/server/bouncer/pgbouncer.ini.erb' # Service $pl_service = 'postgresql' $pl_exporter_service = 'postgres_exporter' + $pl_bouncer_service = 'pgbouncer' # includes must be last include confdroid_postgresql::main::config diff --git a/manifests/server/databases/db_df.pp b/manifests/server/databases/db_df.pp index f2bea20..8f87c5c 100644 --- a/manifests/server/databases/db_df.pp +++ b/manifests/server/databases/db_df.pp @@ -1,6 +1,6 @@ ## confdroid_postgresql::server::databases::db_df # Module name: confdroid_postgresql -# Author: Arne Teuke (arne_teuke@confdroid.com.com) +# Author: Arne Teuke (12ww1160@confdroid.com.com) # @summary define manages databases # @see https://www.postgresql.org/docs/9.6/static/managing-databases.html # @param [String] pl_db_name the name of the database to be created. diff --git a/manifests/server/initdb.pp b/manifests/server/initdb.pp index e6851b9..e5039f2 100644 --- a/manifests/server/initdb.pp +++ b/manifests/server/initdb.pp @@ -1,6 +1,6 @@ ## confdroid_postgresql::server::initdb.pp # Module name: confdroid_postgresql -# Author: Arne Teuke (arne_teuke@confdroid.com) +# Author: Arne Teuke (12ww1160@confdroid.com) # @summary Class initiates the database ############################################################################### class confdroid_postgresql::server::initdb ( diff --git a/manifests/server/pghba/pg_hba_rule.pp b/manifests/server/pghba/pg_hba_rule.pp index 519be83..d000ead 100644 --- a/manifests/server/pghba/pg_hba_rule.pp +++ b/manifests/server/pghba/pg_hba_rule.pp @@ -1,13 +1,13 @@ ## confdroid_postgresql::server::pghba::pg_hba_rule # Module name: confdroid_postgresql -# Author: Arne Teuke (arne_teuke@confdroid.com) +# Author: Arne Teuke (12ww1160@confdroid.com) # @summary define manages rule entries for pg_hba configuration file # @see https://www.postgresql.org/docs/9.6/static/auth-pg-hba-conf.html # @param [string] pl_auth_type Specify the authentication type, can be # 'local', 'host', 'hostssl' or 'hostnossl'. # @param [string] pl_auth_database Specify the database for the connection # @param [string] pl_auth_user Specify the user for the connection -# @param [string] pl_auth_address SPecify IP address or FQDN for the +# @param [string] pl_auth_address Specify IP address or FQDN for the # connection, i.e. where to connect FROM. # @param [string] pl_auth_method Specify the auth method, can be 'trust', # 'reject', 'md5' , 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', diff --git a/manifests/server/roles/role_df.pp b/manifests/server/roles/role_df.pp index 6258b87..e7592d4 100644 --- a/manifests/server/roles/role_df.pp +++ b/manifests/server/roles/role_df.pp @@ -1,6 +1,6 @@ ## confdroid_postgresql::server::roles::role_df # Module name: confdroid_postgresql -# Author: Arne Teuke (arne_teuke@confdroid.com) +# Author: Arne Teuke (12ww1160@confdroid.com) # @summary define manages databases # @see https://www.postgresql.org/docs/9.6/static/managing-databases.html diff --git a/manifests/server/service.pp b/manifests/server/service.pp index c07ad1b..1043476 100644 --- a/manifests/server/service.pp +++ b/manifests/server/service.pp @@ -1,6 +1,6 @@ ## confdroid_postgresql::server::service.pp # Module name: confdroid_postgresql -# Author: Arne Teuke (arne_teuke@confdroid.com) +# Author: Arne Teuke (12ww1160@confdroid.com) # @summary Class manages the postgresql service ############################################################################### class confdroid_postgresql::server::service ( diff --git a/templates/server/bouncer/bouncer_rule.erb b/templates/server/bouncer/bouncer_rule.erb new file mode 100644 index 0000000..55a4fc3 --- /dev/null +++ b/templates/server/bouncer/bouncer_rule.erb @@ -0,0 +1 @@ +<%= @bouncer_db_name %> = host=<%= @bouncer_host %> port=<%= @db_host_port %> dbname=<%= @bouncer_db_name %> \ No newline at end of file diff --git a/templates/server/bouncer/pgbouncer.ini.erb b/templates/server/bouncer/pgbouncer.ini.erb new file mode 100644 index 0000000..5525fef --- /dev/null +++ b/templates/server/bouncer/pgbouncer.ini.erb @@ -0,0 +1,11 @@ +[pgbouncer] +listen_addr = <%= @pl_bouncer_listen_addr %> +listen_port = <%= @pl_bouncer_port %> +auth_type = <%= @pl_bouncer_auth_mode %> +auth_file = <%= @pl_bouncer_auth_file %> +pool_mode = <%= @pl_bouncer_pool_mode %> +max_client_conn = <%= @pl_bouncer_mx_cl_conn %> +default_pool_size = <%= @pl_bouncer_pool_size %> +ignore_startup_parameters = extra_float_digits + +[databases] \ No newline at end of file