1 define profile::postgresql::master (
2 $letsencrypt_host = undef,
4 Optional[String] $pg_user = "postgres",
5 Optional[String] $pg_group = "postgres",
7 $pg_path = "/var/lib/postgres"
8 $pg_data_path = "$pg_path/data"
10 $postgresql_backup_port = $facts.dig("ldapvar", "self", "vars", "postgresql_backup_port", 0)
11 if ($postgresql_backup_port and !empty($backup_hosts)) {
12 $password_seed = lookup("base_installation::puppet_pass_seed")
13 $ldap_cn = lookup("base_installation::ldap_cn")
14 $ldap_password = generate_password(24, $password_seed, "ldap")
16 $host = find_host($facts["ldapvar"]["other"], $backup_hosts[0])
18 fail("No backup host to recover from")
19 } elsif has_key($host["vars"], "host") {
20 $pg_backup_host = $host["vars"]["host"][0]
22 $pg_backup_host = $host["vars"]["real_hostname"][0]
25 exec { "pg_basebackup $pg_data_path":
28 creates => "$pg_data_path/PG_VERSION",
29 environment => ["PGPASSWORD=$ldap_password"],
30 command => "/usr/bin/pg_basebackup -w -h $pg_backup_host -p $postgresql_backup_port -U $ldap_cn -D $pg_data_path",
31 before => File[$pg_data_path],
32 require => File[$pg_path],
33 notify => Exec["cleanup pg_basebackup $pg_data_path"],
34 } -> file { "$pg_data_path/recovery.conf":
35 before => Concat["$pg_data_path/pg_hba.conf"],
39 exec { "cleanup pg_basebackup $pg_data_path":
43 before => Class["postgresql::server::config"],
44 command => "/usr/bin/rm -f $pg_data_path/postgresql.conf && touch $pg_data_path/postgresql.conf",
48 profile::postgresql::ssl { $pg_data_path:
49 cert => "/etc/letsencrypt/live/$letsencrypt_host/cert.pem",
50 key => "/etc/letsencrypt/live/$letsencrypt_host/privkey.pem",
51 require => Letsencrypt::Certonly[$letsencrypt_host],
52 handle_config_entry => true,
55 $backup_hosts.each |$backup_host| {
56 profile::postgresql::replication { $backup_host:
57 handle_config => true,
60 add_self_role => true,
63 @profile::monitoring::local_service { "Postgresql replication for $backup_host is up to date":
65 "naemon-postgresql-replication-$backup_host" => "naemon ALL=(postgres) NOPASSWD: /etc/naemon/monitoring-plugins/check_postgres_replication $backup_host /run/postgresql 5432"
69 check_command => "check_postgresql_replication!$backup_host!/run/postgresql!5432",