]>
Commit | Line | Data |
---|---|---|
1 | define profile::postgresql::master ( | |
2 | $letsencrypt_host = undef, | |
3 | $backup_hosts = [], | |
4 | Optional[String] $pg_user = "postgres", | |
5 | Optional[String] $pg_group = "postgres", | |
6 | ) { | |
7 | $pg_path = "/var/lib/postgres" | |
8 | $pg_data_path = "$pg_path/data" | |
9 | ||
10 | $postgresql_backup_port = $facts.dig("ldapvar", "self", "vars", "postgresql_backup_port", 0) | |
11 | if ($postgresql_backup_port and !empty($backup_hosts)) { | |
12 | $password_seed = lookup("base_installation::puppet_pass_seed") | |
13 | $ldap_cn = lookup("base_installation::ldap_cn") | |
14 | $ldap_password = generate_password(24, $password_seed, "ldap") | |
15 | ||
16 | $host = find_host($facts["ldapvar"]["other"], $backup_hosts[0]) | |
17 | if empty($host) { | |
18 | fail("No backup host to recover from") | |
19 | } elsif has_key($host["vars"], "host") { | |
20 | $pg_backup_host = $host["vars"]["host"][0] | |
21 | } else { | |
22 | $pg_backup_host = $host["vars"]["real_hostname"][0] | |
23 | } | |
24 | ||
25 | exec { "pg_basebackup $pg_data_path": | |
26 | cwd => $pg_path, | |
27 | user => $pg_user, | |
28 | creates => "$pg_data_path/PG_VERSION", | |
29 | environment => ["PGPASSWORD=$ldap_password"], | |
30 | command => "/usr/bin/pg_basebackup -w -h $pg_backup_host -p $postgresql_backup_port -U $ldap_cn -D $pg_data_path", | |
31 | before => File[$pg_data_path], | |
32 | require => File[$pg_path], | |
33 | notify => Exec["cleanup pg_basebackup $pg_data_path"], | |
34 | } -> file { "$pg_data_path/recovery.conf": | |
35 | before => Concat["$pg_data_path/pg_hba.conf"], | |
36 | ensure => absent, | |
37 | } | |
38 | ||
39 | exec { "cleanup pg_basebackup $pg_data_path": | |
40 | refreshonly => true, | |
41 | cwd => $pg_path, | |
42 | user => $pg_user, | |
43 | before => Class["postgresql::server::config"], | |
44 | command => "/usr/bin/rm -f $pg_data_path/postgresql.conf && touch $pg_data_path/postgresql.conf", | |
45 | } | |
46 | } | |
47 | ||
48 | profile::postgresql::ssl { $pg_data_path: | |
49 | cert => "/etc/letsencrypt/live/$letsencrypt_host/cert.pem", | |
50 | key => "/etc/letsencrypt/live/$letsencrypt_host/privkey.pem", | |
51 | require => Letsencrypt::Certonly[$letsencrypt_host], | |
52 | handle_config_entry => true, | |
53 | } | |
54 | ||
55 | $backup_hosts.each |$backup_host| { | |
56 | profile::postgresql::replication { $backup_host: | |
57 | handle_config => true, | |
58 | handle_role => true, | |
59 | handle_slot => true, | |
60 | add_self_role => true, | |
61 | } | |
62 | ||
63 | @profile::monitoring::local_service { "Postgresql replication for $backup_host is up to date": | |
64 | sudos => { | |
65 | "naemon-postgresql-replication-$backup_host" => "naemon ALL=(postgres) NOPASSWD: /etc/naemon/monitoring-plugins/check_postgres_replication $backup_host /run/postgresql 5432" | |
66 | ||
67 | }, | |
68 | local => { | |
69 | check_command => "check_postgresql_replication!$backup_host!/run/postgresql/!5432", | |
70 | } | |
71 | } | |
72 | } | |
73 | } |