X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprofile%2Fmanifests%2Fpostgresql_master.pp;h=e28c1b0add6567f79e0dc8feced8c86fe835d176;hb=c53ac3f84852a42aa8b7341ee7fe0a629d2e3579;hp=067345afe282892c16bbf5c4613208375f780761;hpb=f1d583bfdaf881116e5f9ca9e050307e7acdc28e;p=perso%2FImmae%2FProjets%2FPuppet.git

diff --git a/modules/profile/manifests/postgresql_master.pp b/modules/profile/manifests/postgresql_master.pp
index 067345a..e28c1b0 100644
--- a/modules/profile/manifests/postgresql_master.pp
+++ b/modules/profile/manifests/postgresql_master.pp
@@ -2,120 +2,17 @@ define profile::postgresql_master (
   $letsencrypt_host = undef,
   $backup_hosts     = [],
 ) {
-  $password_seed = lookup("base_installation::puppet_pass_seed")
-
-  ensure_resource("file", "/var/lib/postgres/data/certs", {
-    ensure  => directory,
-    mode    => "0700",
-    owner   => $::profile::postgresql::pg_user,
-    group   => $::profile::postgresql::pg_user,
-    require => File["/var/lib/postgres"],
-  })
-
-  ensure_resource("file", "/var/lib/postgres/data/certs/cert.pem", {
-    source  => "file:///etc/letsencrypt/live/$letsencrypt_host/cert.pem",
-    mode    => "0600",
-    links   => "follow",
-    owner   => $::profile::postgresql::pg_user,
-    group   => $::profile::postgresql::pg_user,
-    require => [Letsencrypt::Certonly[$letsencrypt_host], File["/var/lib/postgres/data/certs"]]
-  })
-
-  ensure_resource("file", "/var/lib/postgres/data/certs/privkey.pem", {
-    source  => "file:///etc/letsencrypt/live/$letsencrypt_host/privkey.pem",
-    mode    => "0600",
-    links   => "follow",
-    owner   => $::profile::postgresql::pg_user,
-    group   => $::profile::postgresql::pg_user,
-    require => [Letsencrypt::Certonly[$letsencrypt_host], File["/var/lib/postgres/data/certs"]]
-  })
-
-  ensure_resource("postgresql::server::config_entry", "wal_level", {
-    value => "logical",
-  })
-
-  ensure_resource("postgresql::server::config_entry", "ssl", {
-    value   => "on",
+  profile::postgresql::ssl { "/var/lib/postgres":
+    cert    => "/etc/letsencrypt/live/$letsencrypt_host/cert.pem",
+    key     => "/etc/letsencrypt/live/$letsencrypt_host/privkey.pem",
     require => Letsencrypt::Certonly[$letsencrypt_host],
-  })
-
-  ensure_resource("postgresql::server::config_entry", "ssl_cert_file", {
-    value   => "/var/lib/postgres/data/certs/cert.pem",
-    require => Letsencrypt::Certonly[$letsencrypt_host],
-  })
-
-  ensure_resource("postgresql::server::config_entry", "ssl_key_file", {
-    value   => "/var/lib/postgres/data/certs/privkey.pem",
-    require => Letsencrypt::Certonly[$letsencrypt_host],
-  })
+  }
 
   $backup_hosts.each |$backup_host| {
-    ensure_packages(["pam_ldap"])
-
-    $host = find_host($facts["ldapvar"]["other"], $backup_host)
-    unless empty($host) {
-      $host["ipHostNumber"].each |$ip| {
-        $infos = split($ip, "/")
-        $ipaddress = $infos[0]
-        if (length($infos) == 1 and $ipaddress =~ /:/) {
-          $mask = "128"
-        } elsif (length($infos) == 1) {
-          $mask = "32"
-        } else {
-          $mask = $infos[1]
-        }
-
-        postgresql::server::pg_hba_rule { "allow TCP access to replication user from backup for replication from $ipaddress/$mask":
-          type        => 'hostssl',
-          database    => 'replication',
-          user        => $backup_host,
-          address     => "$ipaddress/$mask",
-          auth_method => 'pam',
-          order       => "06-01",
-        }
-      }
-
-      postgresql::server::role { $backup_host:
-        replication => true,
-      }
-
-      postgresql_replication_slot { regsubst($backup_host, '-', "_", "G"):
-        ensure => present
-      }
+    profile::postgresql::replication { $backup_host:
+      handle_role   => true,
+      handle_slot   => true,
+      add_self_role => true,
     }
   }
-
-  $ldap_server = lookup("base_installation::ldap_server")
-  $ldap_base   = lookup("base_installation::ldap_base")
-  $ldap_dn     = lookup("base_installation::ldap_dn")
-  $ldap_cn     = lookup("base_installation::ldap_cn")
-  $ldap_password = generate_password(24, $password_seed, "ldap")
-  $ldap_attribute = "cn"
-
-  # This is to be replicated to the backup
-  postgresql::server::role { $ldap_cn:
-    replication => true,
-  }
-
-  file { "/etc/pam_ldap.d":
-    ensure => directory,
-    mode   => "0755",
-    owner  => "root",
-    group  => "root",
-  } ->
-  file { "/etc/pam_ldap.d/postgresql.conf":
-    ensure  => "present",
-    mode    => "0600",
-    owner   => $::profile::postgresql::pg_user,
-    group   => "root",
-    content => template("profile/postgresql_master/pam_ldap_postgresql.conf.erb"),
-  } ->
-  file { "/etc/pam.d/postgresql":
-    ensure => "present",
-    mode   => "0644",
-    owner  => "root",
-    group  => "root",
-    source => "puppet:///modules/profile/postgresql_master/pam_postgresql"
-  }
-
 }