$ldap_server = lookup("base_installation::ldap_server")
$ldap_base = lookup("base_installation::ldap_base")
$ldap_dn = lookup("base_installation::ldap_dn")
- $ldap_attribute = "uid"
+ $pgbouncer_ldap_attribute = "uid"
$pg_slot = regsubst($ldap_cn, '-', "_", "G")
],
}
- file { "/etc/pam_ldap.d":
- ensure => directory,
- mode => "0755",
- owner => "root",
- group => "root",
- } ->
file { "/etc/pam_ldap.d/pgbouncer.conf":
ensure => "present",
mode => "0600",
owner => $pg_user,
group => "root",
content => template("role/backup/pam_ldap_pgbouncer.conf.erb"),
+ require => File["/etc/pam_ldap.d"],
} ->
file { "/etc/pam.d/pgbouncer":
ensure => "present",
}
}
- $pg_backup_hosts.each |$pg_backup_host, $pg_infos| {
+ $ldap_attribute = "cn"
+
+ file { "/etc/pam_ldap.d":
+ ensure => directory,
+ mode => "0755",
+ owner => "root",
+ group => "root",
+ } ->
+ file { "/etc/pam_ldap.d/postgresql.conf":
+ ensure => "present",
+ mode => "0600",
+ owner => $pg_user,
+ group => "root",
+ content => template("profile/postgresql_master/pam_ldap_postgresql.conf.erb"),
+ } ->
+ file { "/etc/pam.d/postgresql":
+ ensure => "present",
+ mode => "0644",
+ owner => "root",
+ group => "root",
+ source => "puppet:///modules/profile/postgresql_master/pam_postgresql"
+ }
+
+ $pg_backup_hosts.each |$backup_host_cn, $pg_infos| {
+ $host = find_host($facts["ldapvar"]["other"], $backup_host_cn)
+ if empty($host) {
+ $pg_backup_host = $backup_host_cn
+ } elsif has_key($host["vars"], "host") {
+ $pg_backup_host = $host["vars"]["host"][0]
+ } else {
+ $pg_backup_host = $host["vars"]["real_hostname"][0]
+ }
$pg_path = "$mountpoint/$pg_backup_host/postgresql"
$pg_backup_path = "$mountpoint/$pg_backup_host/postgresql_backup"
$pg_host = "$pg_backup_host"
$pg_port = $pg_infos["dbport"]
+ unless empty($host) {
+ $host["ipHostNumber"].each |$ip| {
+ $infos = split($ip, "/")
+ $ipaddress = $infos[0]
+ if (length($infos) == 1 and $ipaddress =~ /:/) {
+ $mask = "128"
+ } elsif (length($infos) == 1) {
+ $mask = "32"
+ } else {
+ $mask = $infos[1]
+ }
+
+ postgresql::server::pg_hba_rule { "allow TCP access for initial replication from $ipaddress/$mask":
+ type => 'hostssl',
+ database => 'replication',
+ user => $backup_host_cn,
+ address => "$ipaddress/$mask",
+ auth_method => 'pam',
+ order => "06-01",
+ target => "$pg_path/pg_hba.conf",
+ postgresql_version => "10",
+ }
+ }
+ }
+
if !empty($ldap_filter) and ($pg_infos["pgbouncer"]) {
concat::fragment { "pgbouncer_$pg_backup_host":
target => "/etc/pgbouncer/pgbouncer.ini",
description => "Backup the database",
},
{
- command => "/usr/bin/rm -f $(ls -1 $pg_backup_path/*.sql | sort -r | sed -e '1,16d')",
+ command => "/usr/bin/rm -f $(ls -1 $pg_backup_path/*.sql | grep -v 'T22:' | sort -r | sed -e '1,12d')",
user => $pg_user,
hour => 3,
minute => 0,
description => "Cleanup the database backups",
},
+ {
+ command => "cd $pg_backup_path ; /usr/bin/rm -f $(ls -1 *T22*.sql | log2rotate --skip 7 --fuzz 7 --delete --format='%Y-%m-%dT%H:%M:%S+02:00.sql')",
+ user => $pg_user,
+ hour => 3,
+ minute => 1,
+ description => "Cleanup the database backups exponentially",
+ },
]
}
Concat["$pg_path/pg_hba.conf"],
Concat["$pg_path/recovery.conf"],
File["$pg_path/postgresql.conf"],
+ ],
+ subscribe => [
+ Concat["$pg_path/pg_hba.conf"],
+ Concat["$pg_path/recovery.conf"],
+ File["$pg_path/postgresql.conf"],
]
}
}
projects / perso / Immae / Projets / Puppet.git / blobdiff