]>
Commit | Line | Data |
---|---|---|
c53ac3f8 | 1 | define profile::postgresql::replication ( |
d2f031ec IB |
2 | Boolean $handle_role = false, |
3 | Boolean $handle_config = false, | |
4 | Boolean $add_self_role = false, | |
5 | Boolean $handle_slot = false, | |
6 | Optional[String] $target = undef, | |
c53ac3f8 IB |
7 | ) { |
8 | include "profile::postgresql::pam_ldap" | |
9 | ||
10 | $host_cn = $title | |
11 | $host_infos = find_host($facts["ldapvar"]["other"], $host_cn) | |
12 | ||
13 | if empty($host_infos) { | |
14 | fail("Unable to find host for replication") | |
15 | } | |
16 | ||
d2f031ec IB |
17 | if empty($target) { |
18 | $pg_version = undef | |
19 | } else { | |
20 | $pg_version = "10" | |
21 | } | |
c53ac3f8 IB |
22 | |
23 | $host_infos["ipHostNumber"].each |$ip| { | |
24 | $infos = split($ip, "/") | |
25 | $ipaddress = $infos[0] | |
26 | if (length($infos) == 1 and $ipaddress =~ /:/) { | |
27 | $mask = "128" | |
28 | } elsif (length($infos) == 1) { | |
29 | $mask = "32" | |
30 | } else { | |
31 | $mask = $infos[1] | |
32 | } | |
33 | ||
34 | postgresql::server::pg_hba_rule { "allow TCP access for replication to user $host_cn from $ipaddress/$mask": | |
d2f031ec IB |
35 | type => 'hostssl', |
36 | database => 'replication', | |
37 | user => $host_cn, | |
38 | address => "$ipaddress/$mask", | |
39 | auth_method => 'pam', | |
40 | order => "06-01", | |
41 | target => $target, | |
42 | postgresql_version => $pg_version, | |
c53ac3f8 IB |
43 | } |
44 | } | |
45 | ||
d2f031ec IB |
46 | if $handle_config { |
47 | ensure_resource("postgresql::server::config_entry", "wal_level", { | |
48 | value => "logical", | |
49 | }) | |
50 | } | |
51 | ||
c53ac3f8 IB |
52 | if $handle_role { |
53 | postgresql::server::role { $host_cn: | |
54 | replication => true, | |
7485fdca | 55 | require => Service["postgresql"], |
c53ac3f8 IB |
56 | } |
57 | ||
58 | if $add_self_role { | |
59 | $ldap_cn = lookup("base_installation::ldap_cn") | |
60 | ||
61 | # Needed to be replicated to the backup and be able to recover later | |
62 | ensure_resource("postgresql::server::role", $ldap_cn, { | |
63 | replication => true, | |
7485fdca | 64 | require => Service["postgresql"], |
c53ac3f8 IB |
65 | }) |
66 | } | |
67 | } | |
68 | ||
69 | if $handle_slot { | |
70 | postgresql_replication_slot { regsubst($host_cn, '-', "_", "G"): | |
7485fdca IB |
71 | ensure => present, |
72 | require => Service["postgresql"], | |
c53ac3f8 IB |
73 | } |
74 | } | |
75 | } |