Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Badges: use a specific user to connect to the datanommer DB

Browse source 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
This commit is contained in:
Aurélien Bompard 2024-04-25 15:11:37 +02:00
parent 1a7c8b7f31
commit 7d6bcdd87d
No known key found for this signature in database
GPG key ID: 31584CFEB9BF64AD
3 changed files with 30 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
inventory/inventory
View file

@ -190,6 +190,12 @@ db-datanommer01.stg.iad2.fedoraproject.org
db-koji01.stg.iad2.fedoraproject.org db-koji01.stg.iad2.fedoraproject.org
#copr-db-stg.aws.fedoraproject.org #copr-db-stg.aws.fedoraproject.org
[datanommer_dbserver]
db-datanommer02.iad2.fedoraproject.org
[datanommer_dbserver_stg]
db-datanommer01.stg.iad2.fedoraproject.org
# clients that talk to the main postgres servers # clients that talk to the main postgres servers
[postgres_clients] [postgres_clients]

23
playbooks/openshift-apps/badges.yml
View file

@ -25,6 +25,29 @@
owner: "{{ tahrirDBUser }}" owner: "{{ tahrirDBUser }}"
encoding: UTF-8 encoding: UTF-8
- name: give access to the datanommer DB
hosts: datanommer_dbserver:datanommer_dbserver_stg
gather_facts: no
become: yes
become_user: postgres
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- /srv/private/ansible/vars.yml
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
- /srv/web/infra/ansible/vars/apps/badges.yml
tasks:
- name: DB user
postgresql_user:
name: "{{ tahrirDBUser }}"
password: "{{ (env == 'production')|ternary(tahrirDBPassword, tahrirstgDBPassword) }}"
- name: grant the db user read only access to datanommer2
postgresql_privs:
database: datanommer2
privs: SELECT
objs: ALL_IN_SCHEMA
roles: "{{ tahrirDBUser }}"
- name: make the app be real - name: make the app be real
hosts: os_control_stg:os_control hosts: os_control_stg:os_control
user: root user: root

2
roles/openshift-apps/badges/templates/fm-fedbadges.toml
View file

@ -58,7 +58,7 @@ consume_delay = 1
database_uri = "postgresql://{{ tahrirDBUser }}:{{ (env == 'production')|ternary(tahrirDBPassword, tahrirstgDBPassword) }}@{{ badges_db_host }}/{{ badges_db_name }}" database_uri = "postgresql://{{ tahrirDBUser }}:{{ (env == 'production')|ternary(tahrirDBPassword, tahrirstgDBPassword) }}@{{ badges_db_host }}/{{ badges_db_name }}"
# Datanommer database URI # Datanommer database URI
datanommer_db_uri = "postgresql://{{ datanommerDBUser }}:{{ (env == 'production')|ternary(datanommerDBPassword, datanommer_stg_db_password) }}@db-datanommer{{ (env == 'production')|ternary('02', '01') }}{{ env_suffix }}/datanommer2" datanommer_db_uri = "postgresql://{{ tahrirDBUser }}:{{ (env == 'production')|ternary(tahrirDBPassword, tahrirstgDBPassword) }}@db-datanommer{{ (env == 'production')|ternary('02', '01') }}{{ env_suffix }}/datanommer2"
datagrepper_url = "https://apps{{ env_suffix }}.fedoraproject.org/datagrepper" datagrepper_url = "https://apps{{ env_suffix }}.fedoraproject.org/datagrepper"
distgit_hostname = "src{{ env_suffix }}.fedoraproject.org" distgit_hostname = "src{{ env_suffix }}.fedoraproject.org"
id_provider_hostname = "id{{ env_suffix }}.fedoraproject.org" id_provider_hostname = "id{{ env_suffix }}.fedoraproject.org"