]>
Commit | Line | Data |
---|---|---|
436cae5e | 1 | define profile::postgresql::master ( |
7485fdca IB |
2 | $letsencrypt_host = undef, |
3 | $backup_hosts = [], | |
4 | Optional[String] $pg_user = "postgres", | |
5 | Optional[String] $pg_group = "postgres", | |
f568173a | 6 | ) { |
7485fdca IB |
7 | $pg_path = "/var/lib/postgres" |
8 | $pg_data_path = "$pg_path/data" | |
9 | ||
10 | $postgresql_backup_port = $facts.dig("ldapvar", "self", "vars", "postgresql_backup_port", 0) | |
11 | if ($postgresql_backup_port and !empty($backup_hosts)) { | |
12 | $password_seed = lookup("base_installation::puppet_pass_seed") | |
13 | $ldap_cn = lookup("base_installation::ldap_cn") | |
14 | $ldap_password = generate_password(24, $password_seed, "ldap") | |
15 | ||
16 | $host = find_host($facts["ldapvar"]["other"], $backup_hosts[0]) | |
17 | if empty($host) { | |
18 | fail("No backup host to recover from") | |
19 | } elsif has_key($host["vars"], "host") { | |
20 | $pg_backup_host = $host["vars"]["host"][0] | |
21 | } else { | |
22 | $pg_backup_host = $host["vars"]["real_hostname"][0] | |
23 | } | |
24 | ||
25 | exec { "pg_basebackup $pg_data_path": | |
26 | cwd => $pg_path, | |
27 | user => $pg_user, | |
28 | creates => "$pg_data_path/PG_VERSION", | |
29 | environment => ["PGPASSWORD=$ldap_password"], | |
30 | command => "/usr/bin/pg_basebackup -w -h $pg_backup_host -p $postgresql_backup_port -U $ldap_cn -D $pg_data_path", | |
31 | before => File[$pg_data_path], | |
32 | require => File[$pg_path], | |
33 | notify => Exec["cleanup pg_basebackup $pg_data_path"], | |
34 | } -> file { "$pg_data_path/recovery.conf": | |
35 | before => Concat["$pg_data_path/pg_hba.conf"], | |
36 | ensure => absent, | |
37 | } | |
38 | ||
39 | exec { "cleanup pg_basebackup $pg_data_path": | |
40 | refreshonly => true, | |
41 | cwd => $pg_path, | |
42 | user => $pg_user, | |
43 | before => Class["postgresql::server::config"], | |
44 | command => "/usr/bin/rm -f $pg_data_path/postgresql.conf && touch $pg_data_path/postgresql.conf", | |
45 | } | |
46 | } | |
47 | ||
48 | profile::postgresql::ssl { $pg_data_path: | |
d2f031ec IB |
49 | cert => "/etc/letsencrypt/live/$letsencrypt_host/cert.pem", |
50 | key => "/etc/letsencrypt/live/$letsencrypt_host/privkey.pem", | |
51 | require => Letsencrypt::Certonly[$letsencrypt_host], | |
52 | handle_config_entry => true, | |
c53ac3f8 | 53 | } |
f568173a IB |
54 | |
55 | $backup_hosts.each |$backup_host| { | |
c53ac3f8 | 56 | profile::postgresql::replication { $backup_host: |
d2f031ec | 57 | handle_config => true, |
c53ac3f8 IB |
58 | handle_role => true, |
59 | handle_slot => true, | |
60 | add_self_role => true, | |
f568173a | 61 | } |
b5305b5c IB |
62 | |
63 | @profile::monitoring::local_service { "Postgresql replication for $backup_host is up to date": | |
64 | sudos => { | |
65 | "naemon-postgresql-replication-$backup_host" => "naemon ALL=(postgres) NOPASSWD: /etc/naemon/monitoring-plugins/check_postgres_replication $backup_host /run/postgresql 5432" | |
66 | ||
67 | }, | |
68 | local => { | |
a0df248a | 69 | check_command => "check_postgresql_replication!$backup_host!/run/postgresql!5432", |
b5305b5c IB |
70 | } |
71 | } | |
5feedbb4 | 72 | } |
f568173a | 73 | } |