]>
Commit | Line | Data |
---|---|---|
d2f031ec IB |
1 | define profile::postgresql::backup_pgbouncer ( |
2 | String $base_path, | |
3 | Hash $pg_infos, | |
4 | String $pg_user = "postgres", | |
5 | String $pg_group = "postgres", | |
6 | ) { | |
7 | include "profile::postgresql::pam_ldap_pgbouncer" | |
8 | ensure_packages(["pgbouncer"]) | |
9 | ||
10 | $host_cn = $title | |
11 | ||
12 | $host = find_host($facts["ldapvar"]["other"], $host_cn) | |
13 | if empty($host) { | |
14 | fail("No host found for pgbouncer") | |
15 | } elsif has_key($host["vars"], "host") { | |
16 | $pg_backup_host = $host["vars"]["host"][0] | |
17 | } else { | |
18 | $pg_backup_host = $host["vars"]["real_hostname"][0] | |
19 | } | |
20 | ||
21 | $pg_path = "$base_path/$pg_backup_host/postgresql" | |
22 | ||
23 | if has_key($host["vars"], "postgresql_backup_port") { | |
24 | $pg_port = " port=${host[vars][postgresql_backup_port][0]}" | |
25 | } else { | |
26 | $pg_port = "" | |
27 | } | |
28 | ||
29 | # Config | |
30 | ensure_resource("concat", "/etc/pgbouncer/pgbouncer.ini", { | |
31 | mode => "0644", | |
32 | owner => "root", | |
33 | group => "root", | |
34 | ensure_newline => true, | |
35 | notify => Service["pgbouncer"], | |
36 | before => Service["pgbouncer"], | |
37 | }) | |
38 | ||
39 | ensure_resource("concat::fragment", "pgbouncer_head", { | |
40 | target => "/etc/pgbouncer/pgbouncer.ini", | |
41 | order => 01, | |
42 | source => "puppet:///modules/profile/postgresql/pgbouncer_head.ini", | |
43 | }) | |
44 | ||
45 | concat::fragment { "pgbouncer_$pg_backup_host": | |
46 | target => "/etc/pgbouncer/pgbouncer.ini", | |
47 | order => 02, | |
48 | content => "${pg_infos[pgbouncer_dbname]} = host=$pg_path$pg_port user=${pg_infos[dbuser]} dbname=${pg_infos[dbname]}", | |
49 | } | |
50 | ||
2742958f | 51 | # Current pam configuration requires password for postgres |
b5305b5c IB |
52 | # @profile::monitoring::local_service { "Database ${pg_infos[pgbouncer_dbname]} is available in pgbouncer": |
53 | # sudos => { | |
54 | # "naemon-postgresql-database-public" => "naemon ALL=(postgres) NOPASSWD: /usr/bin/psql -c select\ nspname\ from\ pg_catalog.pg_namespace ${pg_infos[pgbouncer_dbname]}" | |
55 | # }, | |
56 | # local => { | |
57 | # check_command => "check_command_output!psql -c 'select nspname from pg_catalog.pg_namespace' ${pg_infos[pgbouncer_dbname]}!public!-r postgres", | |
58 | # } | |
59 | # } | |
60 | ||
d2f031ec IB |
61 | # pg_hba for accessed cluster |
62 | postgresql::server::pg_hba_rule { "$pg_backup_host - local access as ${pg_infos[dbuser]} user": | |
63 | description => "Allow local access to ${pg_infos[dbuser]} user", | |
64 | type => 'local', | |
65 | database => $pg_infos["dbname"], | |
66 | user => $pg_infos["dbuser"], | |
67 | auth_method => 'trust', | |
68 | order => "01-00", | |
69 | target => "$pg_path/pg_hba.conf", | |
70 | postgresql_version => "10", | |
71 | } | |
72 | ||
73 | # service | |
74 | ensure_resource("file", "/etc/systemd/system/pgbouncer.service.d", { | |
75 | ensure => "directory", | |
76 | mode => "0644", | |
77 | owner => "root", | |
78 | group => "root", | |
79 | }) | |
80 | ||
81 | ensure_resource("file", "/etc/systemd/system/pgbouncer.service.d/override.conf", { | |
82 | ensure => "present", | |
83 | mode => "0644", | |
84 | owner => "root", | |
85 | group => "root", | |
86 | content => "[Service]\nUser=\nUser=$pg_user\n", | |
87 | notify => Service["pgbouncer"], | |
88 | before => Service["pgbouncer"], | |
89 | }) | |
90 | ||
91 | ensure_resource("service", "pgbouncer", { | |
92 | ensure => "running", | |
93 | enable => true, | |
94 | require => [ | |
95 | Package["pgbouncer"], | |
96 | File["/etc/systemd/system/pgbouncer.service.d/override.conf"], | |
97 | Concat["/etc/pgbouncer/pgbouncer.ini"] | |
98 | ], | |
99 | }) | |
100 | ||
101 | ||
102 | } |