[perso/Immae/Projets/Puppet.git] / modules / profile / manifests / postgresql / backup_replication.pp

define profile::postgresql::backup_replication (
  String $base_path,
  Hash   $pg_infos,
  String $pg_user  = "postgres",
  String $pg_group = "postgres",
) {
  $host_cn = $title

  $host = find_host($facts["ldapvar"]["other"], $host_cn)
  if empty($host) {
    $pg_backup_host = $host_cn
  } elsif has_key($host["vars"], "host") {
    $pg_backup_host = $host["vars"]["host"][0]
  } else {
    $pg_backup_host = $host["vars"]["real_hostname"][0]
  }

  $pg_path = "$base_path/$pg_backup_host/postgresql"

  # Replication folder
  ensure_resource("file", "$base_path/$pg_backup_host", {
    ensure => directory,
  })

  file { $pg_path:
    ensure  => directory,
    owner   => $pg_user,
    group   => $pg_group,
    mode    => "0700",
    require => File["$base_path/$pg_backup_host"],
  }

  # pg_hba.conf
  profile::postgresql::base_pg_hba_rules { $pg_backup_host:
    pg_path => $pg_path
  }

  # postgresql.conf file and ssl
  concat { "$pg_path/postgresql.conf":
    owner => $pg_user,
    group => $pg_group,
    mode  => '0640',
    warn  => true,
  }

  if !empty($host) and has_key($host["vars"], "postgresql_backup_port") {
    $pg_listen_port = $host["vars"]["postgresql_backup_port"][0]

    profile::postgresql::ssl { $pg_path:
      certname             => $host_cn,
      handle_concat_config => true,
      before               => Service["postgresql_backup@$pg_backup_host"]
    }

    concat::fragment { "$pg_path/postgresql.conf listen":
      target  => "$pg_path/postgresql.conf",
      content => "listen_addresses = '*'\nport = $pg_listen_port\n",
    }

    profile::postgresql::replication { $host_cn:
      target => "$pg_path/pg_hba.conf",
    }
  } else {
    $pg_listen_port = undef

    concat::fragment { "$pg_path/postgresql.conf listen":
      target  => "$pg_path/postgresql.conf",
      content => "listen_addresses = ''\n",
    }
  }

  concat::fragment { "$pg_path/postgresql.conf paths":
    target  => "$pg_path/postgresql.conf",
    content => "unix_socket_directories = '$pg_path'\ndata_directory = '$pg_path'\nwal_level = logical\n",
  }

  $password_seed = lookup("base_installation::puppet_pass_seed")
  $pg_host = $pg_backup_host
  $pg_port = $pg_infos["dbport"]
  $ldap_cn = lookup("base_installation::ldap_cn")
  $ldap_password = generate_password(24, $password_seed, "ldap")
  $pg_slot = regsubst($ldap_cn, '-', "_", "G")

  # recovery.conf file
  $primary_conninfo  = "host=$pg_host port=$pg_port user=$ldap_cn password=$ldap_password sslmode=require"
  $primary_slot_name = $pg_slot
  $standby_mode      = "on"

  file { "$pg_path/recovery.conf":
    owner   => $pg_user,
    group   => $pg_group,
    mode    => '0640',
    content => template('postgresql/recovery.conf.erb'),
  }

  # Initial replication
  exec { "pg_basebackup $pg_path":
    cwd         => $pg_path,
    user        => $pg_user,
    creates     => "$pg_path/PG_VERSION",
    environment => ["PGPASSWORD=$ldap_password"],
    command     => "/usr/bin/pg_basebackup -w -h $pg_host -p $pg_port -U $ldap_cn -D $pg_path -S $pg_slot",
    before      => [
      Concat["$pg_path/pg_hba.conf"],
      File["$pg_path/recovery.conf"],
      Concat["$pg_path/postgresql.conf"],
    ]
  }

  # Service
  ensure_resource("file", "/etc/systemd/system/postgresql_backup@.service", {
    mode    => "0644",
    owner   => "root",
    group   => "root",
    content => template("profile/postgresql/postgresql_backup@.service.erb"),
  })

  service { "postgresql_backup@$pg_backup_host":
    enable  => true,
    ensure  => "running",
    require => [
      File["/etc/systemd/system/postgresql_backup@.service"],
      Concat["$pg_path/pg_hba.conf"],
      File["$pg_path/recovery.conf"],
      Concat["$pg_path/postgresql.conf"],
    ],
    subscribe => [
      Concat["$pg_path/pg_hba.conf"],
      File["$pg_path/recovery.conf"],
      Concat["$pg_path/postgresql.conf"],
    ]
  }

  # Dumps
  profile::postgresql::backup_dump { "$base_path/$pg_backup_host":
    pg_port => $pg_listen_port,
  }

}
Commit	Line	Data
	1	define profile::postgresql::backup_replication (
	2	String $base_path,
	3	Hash $pg_infos,
	4	String $pg_user = "postgres",
	5	String $pg_group = "postgres",
	6	) {
	7	$host_cn = $title
	8
	9	$host = find_host($facts["ldapvar"]["other"], $host_cn)
	10	if empty($host) {
	11	$pg_backup_host = $host_cn
	12	} elsif has_key($host["vars"], "host") {
	13	$pg_backup_host = $host["vars"]["host"][0]
	14	} else {
	15	$pg_backup_host = $host["vars"]["real_hostname"][0]
	16	}
	17
	18	$pg_path = "$base_path/$pg_backup_host/postgresql"
	19
	20	# Replication folder
	21	ensure_resource("file", "$base_path/$pg_backup_host", {
	22	ensure => directory,
	23	})
	24
	25	file { $pg_path:
	26	ensure => directory,
	27	owner => $pg_user,
	28	group => $pg_group,
	29	mode => "0700",
	30	require => File["$base_path/$pg_backup_host"],
	31	}
	32
	33	# pg_hba.conf
	34	profile::postgresql::base_pg_hba_rules { $pg_backup_host:
	35	pg_path => $pg_path
	36	}
	37
	38	# postgresql.conf file and ssl
	39	concat { "$pg_path/postgresql.conf":
	40	owner => $pg_user,
	41	group => $pg_group,
	42	mode => '0640',
	43	warn => true,
	44	}
	45
	46	if !empty($host) and has_key($host["vars"], "postgresql_backup_port") {
	47	$pg_listen_port = $host["vars"]["postgresql_backup_port"][0]
	48
	49	profile::postgresql::ssl { $pg_path:
	50	certname => $host_cn,
	51	handle_concat_config => true,
	52	before => Service["postgresql_backup@$pg_backup_host"]
	53	}
	54
	55	concat::fragment { "$pg_path/postgresql.conf listen":
	56	target => "$pg_path/postgresql.conf",
	57	content => "listen_addresses = '*'\nport = $pg_listen_port\n",
	58	}
	59
	60	profile::postgresql::replication { $host_cn:
	61	target => "$pg_path/pg_hba.conf",
	62	}
	63	} else {
	64	$pg_listen_port = undef
	65
	66	concat::fragment { "$pg_path/postgresql.conf listen":
	67	target => "$pg_path/postgresql.conf",
	68	content => "listen_addresses = ''\n",
	69	}
	70	}
	71
	72	concat::fragment { "$pg_path/postgresql.conf paths":
	73	target => "$pg_path/postgresql.conf",
	74	content => "unix_socket_directories = '$pg_path'\ndata_directory = '$pg_path'\nwal_level = logical\n",
	75	}
	76
	77	$password_seed = lookup("base_installation::puppet_pass_seed")
	78	$pg_host = $pg_backup_host
	79	$pg_port = $pg_infos["dbport"]
	80	$ldap_cn = lookup("base_installation::ldap_cn")
	81	$ldap_password = generate_password(24, $password_seed, "ldap")
	82	$pg_slot = regsubst($ldap_cn, '-', "_", "G")
	83
	84	# recovery.conf file
	85	$primary_conninfo = "host=$pg_host port=$pg_port user=$ldap_cn password=$ldap_password sslmode=require"
	86	$primary_slot_name = $pg_slot
	87	$standby_mode = "on"
	88
	89	file { "$pg_path/recovery.conf":
	90	owner => $pg_user,
	91	group => $pg_group,
	92	mode => '0640',
	93	content => template('postgresql/recovery.conf.erb'),
	94	}
	95
	96	# Initial replication
	97	exec { "pg_basebackup $pg_path":
	98	cwd => $pg_path,
	99	user => $pg_user,
	100	creates => "$pg_path/PG_VERSION",
	101	environment => ["PGPASSWORD=$ldap_password"],
	102	command => "/usr/bin/pg_basebackup -w -h $pg_host -p $pg_port -U $ldap_cn -D $pg_path -S $pg_slot",
	103	before => [
	104	Concat["$pg_path/pg_hba.conf"],
	105	File["$pg_path/recovery.conf"],
	106	Concat["$pg_path/postgresql.conf"],
	107	]
	108	}
	109
	110	# Service
	111	ensure_resource("file", "/etc/systemd/system/postgresql_backup@.service", {
	112	mode => "0644",
	113	owner => "root",
	114	group => "root",
	115	content => template("profile/postgresql/postgresql_backup@.service.erb"),
	116	})
	117
	118	service { "postgresql_backup@$pg_backup_host":
	119	enable => true,
	120	ensure => "running",
	121	require => [
	122	File["/etc/systemd/system/postgresql_backup@.service"],
	123	Concat["$pg_path/pg_hba.conf"],
	124	File["$pg_path/recovery.conf"],
	125	Concat["$pg_path/postgresql.conf"],
	126	],
	127	subscribe => [
	128	Concat["$pg_path/pg_hba.conf"],
	129	File["$pg_path/recovery.conf"],
	130	Concat["$pg_path/postgresql.conf"],
	131	]
	132	}
	133
	134	# Dumps
	135	profile::postgresql::backup_dump { "$base_path/$pg_backup_host":
	136	pg_port => $pg_listen_port,
	137	}
	138
	139	}