whitelisting postgresql address for local installation

9719dd37 · Rajesh · rjshrjndrn · dd65b47b · 9719dd37 · 9719dd37
Commit 9719dd37 authored 5 years ago by Rajesh Committed by rjshrjndrn 5 years ago
Hide whitespace changes
Inline Side-by-side

Showing

with 27 additions and 156 deletions
+27 -156
--- a/ansible/inventory/env/group_vars/all.yml
+++ b/ansible/inventory/env/group_vars/all.yml
@@ -230,11 +230,9 @@ postgresql_hba_entries:
  - { type: local, database: all, user: postgres, auth_method: peer }
  - { type: local, database: all, user: all, auth_method: peer }
  - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
+  - { type: host, database: all, user: all, address: '{{postgres_whitelisted_address_subnet | d("0.0.0.0/0")}}', auth_method: md5 }
  - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
-  - { type: host, database: all, user: "{{ postgres_exporter_user }}", address: '{{ swarm_address_space }}', auth_method: md5 }
  - { type: host, database: replication, user: "{{ postgres_replication_user_name }}", address: '{{ postgres_address_space }}', auth_method: md5 }
-  - { type: host, database: all, user: all, address: '{{ swarm_address_space }}', auth_method: md5 }
-  - { type: host, database: all, user: all, address: '{{ keycloak_address_space }}', auth_method: md5 }


 proxy_prometheus_admin_creds: "{{ core_vault_proxy_prometheus_admin_creds }}"

--- a/private_repo/ansible/inventory/dev/Core/hosts
+++ b/private_repo/ansible/inventory/dev/Core/hosts
-# Alert manager nodes which should be clustered
-# This values should be one of any manager node, if you've multinode cluster
-[alert-manager:children]
-# By default this value can be swarm-manager-1 or 2 or n; but for a single 
-# cluster it should be one value.
-# If you have multiple cluster you can list all ips below one by one
-swarm-manager-1
-
-[swarm-manager-1] 
-18.0.0.15 swarm_master=true
-
-# This host will make sure prometheus for all stateful services 
-# will run on a single node, as it has storage dependancy
-# By default this host is same as docker swarm prometheus
-[swarm-agent-for-prometheus-stateful:children]
-swarm-agent-for-prometheus
-
-[swarm-manager:children]
-swarm-manager-1
-
-[swarm-node-1]
-11.3.0.27
-
-[swarm-worker:children]
-swarm-node-1
-
-[keycloak-1]
-18.0.0.9
-
-[keycloak:children]
-keycloak-1
-
-[log-es-1]
-18.0.0.15 node_name=refactor-log-es-1 es_etc_node_master=true es_etc_node_data=true
-
-[log-es:children]
-log-es-1
-
-[swarm-agent-for-prometheus-1]
-18.0.0.15
-
-[swarm-agent-for-prometheus:children]
-swarm-agent-for-prometheus-1
+[local]
+localhost ansible_connection=local

-[swarm-agent-for-prometheus-stateful:children]
-swarm-agent-for-prometheus
+[env:children]
+local
+cassandra

-[swarm-dashboard-1]
-18.0.0.15
+[kafka]
+11.2.1.15

-[swarm-dashboard:children]
-swarm-dashboard-1
+[processing-cluster-kafka]
+11.2.1.15

-[swarm-agent-dashboard-1]
-18.0.0.15
+[cassandra-1]
+10.1.4.5

-[swarm-agent-dashboard:children]
-swarm-agent-dashboard-1
+[cassandra:children]
+cassandra-1

-[alertmanager_stateful:children]
-swarm-agent-dashboard
+[redis-master]
+10.1.4.5

-[swarm-agent-for-alertmanager-1]
-18.0.0.15
+[redis-cluster:children]
+redis-master

 [es-1]
-18.0.0.9 es_instance_name=es-1 es_etc_node_master=true es_etc_node_data=true
+10.1.4.5 es_instance_name=es-1 es_etc_node_master=true es_etc_node_data=true

-[es-backup:children]
-es-1
+[log-es-2] # Final Upgraded Server with 6.x
+10.1.4.5 node_name=log-es-1 es_instance_name=log-es-1 es_etc_node_master=true es_etc_node_data=true

-[log-es-backup:children]
-log-es-1
+[log-es:children]
+log-es-2

 [es:children]
 es-1

-[cassandra-1]
-18.0.0.9
-
-[cassandra:children]
-cassandra-1
-
-[postgresql-master-1]
-18.0.0.9
-
-[postgresql-master:children]
-postgresql-master-1
-
-[postgresql-slave-1]
-18.0.0.9
-
-[postgresql-slave:children]
-postgresql-slave-1
+[postgresql-master]
+10.1.4.5

 [postgres:children]
-postgresql-slave
-postgresql-master
-
-[kafka-1]
-18.0.0.13 kafka_id=1
-
-[processing-cluster-kafka]
-18.0.0.13
-
-[telemetry-search-cluster]
-18.0.0.13
-
-[kafka:children]
-kafka-1
-
-[processing-cluster-zookeepers]
-18.0.0.50              # Zookeeper IP of processing cluster in Data pipeline
-
-[zookeeper:children]
-processing-cluster-zookeepers
-
-[lp-redis]
-18.0.0.51              # Redis master IP of Knowledge platform
-
-[local]
-localhost
-
-[swarm-agent-for-alertmanager:children]
-swarm-agent-for-alertmanager-1
-
-[kong-api]
-localhost
-
-[swarm-bootstrap-manager:children]
-swarm-manager
-
-[swarm-nodes:children]
-swarm-manager
-swarm-bootstrap-manager
-swarm-agent-for-prometheus
-swarm-agent-for-alertmanager
-
-[node-exporter:children]
-swarm-manager
-
-[log-forwarder:children]
-swarm-manager
-
-[core:children]
-es
-log-es
-cassandra
 postgresql-master
-postgresql-slave
-swarm-nodes
-swarm-manager
-kafka
-keycloak
-swarm-dashboard
-swarm-agent-dashboard
-
-[env:children]
-core
-local
-
-[log-forwarder:children]
-swarm-manager

 [all:vars]
-# If you want to tag your prometheus data with unique cluster ids
-# useful in case of prometheus federation
-#
-# cluster_name=DC1
-#
-ansible_ssh_user=deployer
-ansible_ssh_private_key_file=/var/lib/jenkins/secrets/deployer_ssh_key
-logger_es6_host="{{ groups['log-es-2'][0] }}"
+ansible_ssh_user=ops
+ansible_ssh_private_key_file=/home/ops/deployer.pem