[perso/Immae/Projets/Puppet.git] / modules / profile / manifests / postgresql / backup_pgbouncer.pp

define profile::postgresql::backup_pgbouncer (
  String $base_path,
  Hash   $pg_infos,
  String $pg_user  = "postgres",
  String $pg_group = "postgres",
) {
  include "profile::postgresql::pam_ldap_pgbouncer"
  ensure_packages(["pgbouncer"])

  $host_cn = $title

  $host = find_host($facts["ldapvar"]["other"], $host_cn)
  if empty($host) {
    fail("No host found for pgbouncer")
  } elsif has_key($host["vars"], "host") {
    $pg_backup_host = $host["vars"]["host"][0]
  } else {
    $pg_backup_host = $host["vars"]["real_hostname"][0]
  }

  $pg_path = "$base_path/$pg_backup_host/postgresql"

  if has_key($host["vars"], "postgresql_backup_port") {
    $pg_port = " port=${host[vars][postgresql_backup_port][0]}"
  } else {
    $pg_port = ""
  }

  # Config
  ensure_resource("concat", "/etc/pgbouncer/pgbouncer.ini", {
    mode           => "0644",
    owner          => "root",
    group          => "root",
    ensure_newline => true,
    notify         => Service["pgbouncer"],
    before         => Service["pgbouncer"],
  })

  ensure_resource("concat::fragment", "pgbouncer_head", {
    target => "/etc/pgbouncer/pgbouncer.ini",
    order  => 01,
    source => "puppet:///modules/profile/postgresql/pgbouncer_head.ini",
  })

  concat::fragment { "pgbouncer_$pg_backup_host":
    target  => "/etc/pgbouncer/pgbouncer.ini",
    order   => 02,
    content => "${pg_infos[pgbouncer_dbname]} = host=$pg_path$pg_port user=${pg_infos[dbuser]} dbname=${pg_infos[dbname]}",
  }

  # FIXME: current pam configuration requires password for postgres
  # @profile::monitoring::local_service { "Database ${pg_infos[pgbouncer_dbname]} is available in pgbouncer":
  #   sudos => {
  #     "naemon-postgresql-database-public" => "naemon ALL=(postgres) NOPASSWD: /usr/bin/psql -c select\ nspname\ from\ pg_catalog.pg_namespace ${pg_infos[pgbouncer_dbname]}"
  #   },
  #   local => {
  #     check_command => "check_command_output!psql -c 'select nspname from pg_catalog.pg_namespace' ${pg_infos[pgbouncer_dbname]}!public!-r postgres",
  #   }
  # }

  # pg_hba for accessed cluster
  postgresql::server::pg_hba_rule { "$pg_backup_host - local access as ${pg_infos[dbuser]} user":
    description => "Allow local access to ${pg_infos[dbuser]} user",
    type        => 'local',
    database    => $pg_infos["dbname"],
    user        => $pg_infos["dbuser"],
    auth_method => 'trust',
    order       => "01-00",
    target      => "$pg_path/pg_hba.conf",
    postgresql_version => "10",
  }

  # service
  ensure_resource("file", "/etc/systemd/system/pgbouncer.service.d", {
    ensure => "directory",
    mode   => "0644",
    owner  => "root",
    group  => "root",
  })

  ensure_resource("file", "/etc/systemd/system/pgbouncer.service.d/override.conf", {
    ensure  => "present",
    mode    => "0644",
    owner   => "root",
    group   => "root",
    content => "[Service]\nUser=\nUser=$pg_user\n",
    notify  => Service["pgbouncer"],
    before  => Service["pgbouncer"],
  })

  ensure_resource("service", "pgbouncer", {
    ensure  => "running",
    enable  => true,
    require => [
      Package["pgbouncer"],
      File["/etc/systemd/system/pgbouncer.service.d/override.conf"],
      Concat["/etc/pgbouncer/pgbouncer.ini"]
    ],
  })


}
Commit	Line	Data
d2f031ec IB	1	define profile::postgresql::backup_pgbouncer (
	2	String $base_path,
	3	Hash $pg_infos,
	4	String $pg_user = "postgres",
	5	String $pg_group = "postgres",
	6	) {
	7	include "profile::postgresql::pam_ldap_pgbouncer"
	8	ensure_packages(["pgbouncer"])
	9
	10	$host_cn = $title
	11
	12	$host = find_host($facts["ldapvar"]["other"], $host_cn)
	13	if empty($host) {
	14	fail("No host found for pgbouncer")
	15	} elsif has_key($host["vars"], "host") {
	16	$pg_backup_host = $host["vars"]["host"][0]
	17	} else {
	18	$pg_backup_host = $host["vars"]["real_hostname"][0]
	19	}
	20
	21	$pg_path = "$base_path/$pg_backup_host/postgresql"
	22
	23	if has_key($host["vars"], "postgresql_backup_port") {
	24	$pg_port = " port=${host[vars][postgresql_backup_port][0]}"
	25	} else {
	26	$pg_port = ""
	27	}
	28
	29	# Config
	30	ensure_resource("concat", "/etc/pgbouncer/pgbouncer.ini", {
	31	mode => "0644",
	32	owner => "root",
	33	group => "root",
	34	ensure_newline => true,
	35	notify => Service["pgbouncer"],
	36	before => Service["pgbouncer"],
	37	})
	38
	39	ensure_resource("concat::fragment", "pgbouncer_head", {
	40	target => "/etc/pgbouncer/pgbouncer.ini",
	41	order => 01,
	42	source => "puppet:///modules/profile/postgresql/pgbouncer_head.ini",
	43	})
	44
	45	concat::fragment { "pgbouncer_$pg_backup_host":
	46	target => "/etc/pgbouncer/pgbouncer.ini",
	47	order => 02,
	48	content => "${pg_infos[pgbouncer_dbname]} = host=$pg_path$pg_port user=${pg_infos[dbuser]} dbname=${pg_infos[dbname]}",
	49	}
	50
b5305b5c IB	51	# FIXME: current pam configuration requires password for postgres
	52	# @profile::monitoring::local_service { "Database ${pg_infos[pgbouncer_dbname]} is available in pgbouncer":
	53	# sudos => {
	54	# "naemon-postgresql-database-public" => "naemon ALL=(postgres) NOPASSWD: /usr/bin/psql -c select\ nspname\ from\ pg_catalog.pg_namespace ${pg_infos[pgbouncer_dbname]}"
	55	# },
	56	# local => {
	57	# check_command => "check_command_output!psql -c 'select nspname from pg_catalog.pg_namespace' ${pg_infos[pgbouncer_dbname]}!public!-r postgres",
	58	# }
	59	# }
	60
d2f031ec IB	61	# pg_hba for accessed cluster
	62	postgresql::server::pg_hba_rule { "$pg_backup_host - local access as ${pg_infos[dbuser]} user":
	63	description => "Allow local access to ${pg_infos[dbuser]} user",
	64	type => 'local',
	65	database => $pg_infos["dbname"],
	66	user => $pg_infos["dbuser"],
	67	auth_method => 'trust',
	68	order => "01-00",
	69	target => "$pg_path/pg_hba.conf",
	70	postgresql_version => "10",
	71	}
	72
	73	# service
	74	ensure_resource("file", "/etc/systemd/system/pgbouncer.service.d", {
	75	ensure => "directory",
	76	mode => "0644",
	77	owner => "root",
	78	group => "root",
	79	})
	80
	81	ensure_resource("file", "/etc/systemd/system/pgbouncer.service.d/override.conf", {
	82	ensure => "present",
	83	mode => "0644",
	84	owner => "root",
	85	group => "root",
	86	content => "[Service]\nUser=\nUser=$pg_user\n",
	87	notify => Service["pgbouncer"],
	88	before => Service["pgbouncer"],
	89	})
	90
	91	ensure_resource("service", "pgbouncer", {
	92	ensure => "running",
	93	enable => true,
	94	require => [
	95	Package["pgbouncer"],
	96	File["/etc/systemd/system/pgbouncer.service.d/override.conf"],
	97	Concat["/etc/pgbouncer/pgbouncer.ini"]
	98	],
	99	})
	100
	101
	102	}