X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprofile%2Fmanifests%2Fpostgresql%2Fmaster.pp;h=02315a615d7e771edaba1e6828582099bd387142;hb=f84d9190aa7e14ae13256e1d6a47a1be09506674;hp=969905f7f3509cf7a59eea799c4ef4185f8709d6;hpb=0a145a25c0a8cbcd50d515d2a828bd6665836ddb;p=perso%2FImmae%2FProjets%2FPuppet.git

diff --git a/modules/profile/manifests/postgresql/master.pp b/modules/profile/manifests/postgresql/master.pp
index 969905f..02315a6 100644
--- a/modules/profile/manifests/postgresql/master.pp
+++ b/modules/profile/manifests/postgresql/master.pp
@@ -1,8 +1,51 @@
 define profile::postgresql::master (
-  $letsencrypt_host = undef,
-  $backup_hosts     = [],
+  $letsencrypt_host          = undef,
+  $backup_hosts              = [],
+  Optional[String] $pg_user  = "postgres",
+  Optional[String] $pg_group = "postgres",
 ) {
-  profile::postgresql::ssl { "/var/lib/postgres/data":
+  $pg_path = "/var/lib/postgres"
+  $pg_data_path = "$pg_path/data"
+
+  $postgresql_backup_port = $facts.dig("ldapvar", "self", "vars", "postgresql_backup_port", 0)
+  if ($postgresql_backup_port and !empty($backup_hosts)) {
+    $password_seed = lookup("base_installation::puppet_pass_seed")
+    $ldap_cn = lookup("base_installation::ldap_cn")
+    $ldap_password = generate_password(24, $password_seed, "ldap")
+
+    $host = find_host($facts["ldapvar"]["other"], $backup_hosts[0])
+    if empty($host) {
+      fail("No backup host to recover from")
+    } elsif has_key($host["vars"], "host") {
+      $pg_backup_host = $host["vars"]["host"][0]
+    } else {
+      $pg_backup_host = $host["vars"]["real_hostname"][0]
+    }
+
+    exec { "pg_basebackup $pg_data_path":
+      cwd         => $pg_path,
+      user        => $pg_user,
+      creates     => "$pg_data_path/PG_VERSION",
+      environment => ["PGPASSWORD=$ldap_password"],
+      command     => "/usr/bin/pg_basebackup -w -h $pg_backup_host -p $postgresql_backup_port -U $ldap_cn -D $pg_data_path",
+      before      => File[$pg_data_path],
+      require     => File[$pg_path],
+      notify      => Exec["cleanup pg_basebackup $pg_data_path"],
+    } -> file { "$pg_data_path/recovery.conf":
+      before => Concat["$pg_data_path/pg_hba.conf"],
+      ensure => absent,
+    }
+
+    exec { "cleanup pg_basebackup $pg_data_path":
+      refreshonly => true,
+      cwd         => $pg_path,
+      user        => $pg_user,
+      before      => Class["postgresql::server::config"],
+      command     => "/usr/bin/rm -f $pg_data_path/postgresql.conf && touch $pg_data_path/postgresql.conf",
+    }
+  }
+
+  profile::postgresql::ssl { $pg_data_path:
     cert                => "/etc/letsencrypt/live/$letsencrypt_host/cert.pem",
     key                 => "/etc/letsencrypt/live/$letsencrypt_host/privkey.pem",
     require             => Letsencrypt::Certonly[$letsencrypt_host],