[perso/Immae/Projets/Puppet.git] / modules / profile / manifests / postgresql / master.pp

define profile::postgresql::master (
  $letsencrypt_host          = undef,
  $backup_hosts              = [],
  Optional[String] $pg_user  = "postgres",
  Optional[String] $pg_group = "postgres",
) {
  $pg_path = "/var/lib/postgres"
  $pg_data_path = "$pg_path/data"

  $postgresql_backup_port = $facts.dig("ldapvar", "self", "vars", "postgresql_backup_port", 0)
  if ($postgresql_backup_port and !empty($backup_hosts)) {
    $password_seed = lookup("base_installation::puppet_pass_seed")
    $ldap_cn = lookup("base_installation::ldap_cn")
    $ldap_password = generate_password(24, $password_seed, "ldap")

    $host = find_host($facts["ldapvar"]["other"], $backup_hosts[0])
    if empty($host) {
      fail("No backup host to recover from")
    } elsif has_key($host["vars"], "host") {
      $pg_backup_host = $host["vars"]["host"][0]
    } else {
      $pg_backup_host = $host["vars"]["real_hostname"][0]
    }

    exec { "pg_basebackup $pg_data_path":
      cwd         => $pg_path,
      user        => $pg_user,
      creates     => "$pg_data_path/PG_VERSION",
      environment => ["PGPASSWORD=$ldap_password"],
      command     => "/usr/bin/pg_basebackup -w -h $pg_backup_host -p $postgresql_backup_port -U $ldap_cn -D $pg_data_path",
      before      => File[$pg_data_path],
      require     => File[$pg_path],
      notify      => Exec["cleanup pg_basebackup $pg_data_path"],
    } -> file { "$pg_data_path/recovery.conf":
      before => Concat["$pg_data_path/pg_hba.conf"],
      ensure => absent,
    }

    exec { "cleanup pg_basebackup $pg_data_path":
      refreshonly => true,
      cwd         => $pg_path,
      user        => $pg_user,
      before      => Class["postgresql::server::config"],
      command     => "/usr/bin/rm -f $pg_data_path/postgresql.conf && touch $pg_data_path/postgresql.conf",
    }
  }

  profile::postgresql::ssl { $pg_data_path:
    cert                => "/etc/letsencrypt/live/$letsencrypt_host/cert.pem",
    key                 => "/etc/letsencrypt/live/$letsencrypt_host/privkey.pem",
    require             => Letsencrypt::Certonly[$letsencrypt_host],
    handle_config_entry => true,
  }

  $backup_hosts.each |$backup_host| {
    profile::postgresql::replication { $backup_host:
      handle_config => true,
      handle_role   => true,
      handle_slot   => true,
      add_self_role => true,
    }

    @profile::monitoring::local_service { "Postgresql replication for $backup_host is up to date":
      sudos => {
        "naemon-postgresql-replication-$backup_host" => "naemon ALL=(postgres) NOPASSWD: /etc/naemon/monitoring-plugins/check_postgres_replication $backup_host /run/postgresql 5432"

      },
      local => {
        check_command => "check_postgresql_replication!$backup_host!/run/postgresql!5432",
      }
    }
  }
}
Commit	Line	Data
436cae5e	1	define profile::postgresql::master (
7485fdca IB	2	$letsencrypt_host = undef,
	3	$backup_hosts = [],
	4	Optional[String] $pg_user = "postgres",
	5	Optional[String] $pg_group = "postgres",
f568173a	6	) {
7485fdca IB	7	$pg_path = "/var/lib/postgres"
	8	$pg_data_path = "$pg_path/data"
	9
	10	$postgresql_backup_port = $facts.dig("ldapvar", "self", "vars", "postgresql_backup_port", 0)
	11	if ($postgresql_backup_port and !empty($backup_hosts)) {
	12	$password_seed = lookup("base_installation::puppet_pass_seed")
	13	$ldap_cn = lookup("base_installation::ldap_cn")
	14	$ldap_password = generate_password(24, $password_seed, "ldap")
	15
	16	$host = find_host($facts["ldapvar"]["other"], $backup_hosts[0])
	17	if empty($host) {
	18	fail("No backup host to recover from")
	19	} elsif has_key($host["vars"], "host") {
	20	$pg_backup_host = $host["vars"]["host"][0]
	21	} else {
	22	$pg_backup_host = $host["vars"]["real_hostname"][0]
	23	}
	24
	25	exec { "pg_basebackup $pg_data_path":
	26	cwd => $pg_path,
	27	user => $pg_user,
	28	creates => "$pg_data_path/PG_VERSION",
	29	environment => ["PGPASSWORD=$ldap_password"],
	30	command => "/usr/bin/pg_basebackup -w -h $pg_backup_host -p $postgresql_backup_port -U $ldap_cn -D $pg_data_path",
	31	before => File[$pg_data_path],
	32	require => File[$pg_path],
	33	notify => Exec["cleanup pg_basebackup $pg_data_path"],
	34	} -> file { "$pg_data_path/recovery.conf":
	35	before => Concat["$pg_data_path/pg_hba.conf"],
	36	ensure => absent,
	37	}
	38
	39	exec { "cleanup pg_basebackup $pg_data_path":
	40	refreshonly => true,
	41	cwd => $pg_path,
	42	user => $pg_user,
	43	before => Class["postgresql::server::config"],
	44	command => "/usr/bin/rm -f $pg_data_path/postgresql.conf && touch $pg_data_path/postgresql.conf",
	45	}
	46	}
	47
	48	profile::postgresql::ssl { $pg_data_path:
d2f031ec IB	49	cert => "/etc/letsencrypt/live/$letsencrypt_host/cert.pem",
	50	key => "/etc/letsencrypt/live/$letsencrypt_host/privkey.pem",
	51	require => Letsencrypt::Certonly[$letsencrypt_host],
	52	handle_config_entry => true,
c53ac3f8	53	}
f568173a IB	54
f568173a IB	55	$backup_hosts.each \|$backup_host\| {
c53ac3f8	56	profile::postgresql::replication { $backup_host:
d2f031ec	57	handle_config => true,
c53ac3f8 IB	58	handle_role => true,
	59	handle_slot => true,
	60	add_self_role => true,
f568173a	61	}
b5305b5c IB	62
	63	@profile::monitoring::local_service { "Postgresql replication for $backup_host is up to date":
	64	sudos => {
	65	"naemon-postgresql-replication-$backup_host" => "naemon ALL=(postgres) NOPASSWD: /etc/naemon/monitoring-plugins/check_postgres_replication $backup_host /run/postgresql 5432"
	66
	67	},
	68	local => {
a0df248a	69	check_command => "check_postgresql_replication!$backup_host!/run/postgresql!5432",
b5305b5c IB	70	}
b5305b5c IB	71	}
5feedbb4	72	}
f568173a	73	}