Allow host to replicate the cluster from backup

[perso/Immae/Projets/Puppet.git] / modules / role / manifests / backup / postgresql.pp

diff --git a/modules/role/manifests/backup/postgresql.pp b/modules/role/manifests/backup/postgresql.pp
index b26773c39ed51e69980c1c0bb0ba48bedf48f8d3..9e1c9f706d1c66521d640fe8850b71ff8b938b24 100644 (file)
--- a/modules/role/manifests/backup/postgresql.pp
+++ b/modules/role/manifests/backup/postgresql.pp
@@ -13,7 +13,7 @@ class role::backup::postgresql inherits role::backup {
   $ldap_server = lookup("base_installation::ldap_server")
   $ldap_base   = lookup("base_installation::ldap_base")
   $ldap_dn     = lookup("base_installation::ldap_dn")
-  $ldap_attribute = "uid"
+  $pgbouncer_ldap_attribute = "uid"
 
   $pg_slot = regsubst($ldap_cn, '-', "_", "G")
 
@@ -71,18 +71,13 @@ class role::backup::postgresql inherits role::backup {
         ],
       }
 
-      file { "/etc/pam_ldap.d":
-        ensure => directory,
-        mode   => "0755",
-        owner  => "root",
-        group  => "root",
-      } ->
       file { "/etc/pam_ldap.d/pgbouncer.conf":
         ensure  => "present",
         mode    => "0600",
         owner   => $pg_user,
         group   => "root",
         content => template("role/backup/pam_ldap_pgbouncer.conf.erb"),
+        require => File["/etc/pam_ldap.d"],
       } ->
       file { "/etc/pam.d/pgbouncer":
         ensure => "present",
@@ -94,6 +89,29 @@ class role::backup::postgresql inherits role::backup {
     }
   }
 
+  $ldap_attribute = "cn"
+
+  file { "/etc/pam_ldap.d":
+    ensure => directory,
+    mode   => "0755",
+    owner  => "root",
+    group  => "root",
+  } ->
+  file { "/etc/pam_ldap.d/postgresql.conf":
+    ensure  => "present",
+    mode    => "0600",
+    owner   => $pg_user,
+    group   => "root",
+    content => template("profile/postgresql_master/pam_ldap_postgresql.conf.erb"),
+  } ->
+  file { "/etc/pam.d/postgresql":
+    ensure => "present",
+    mode   => "0644",
+    owner  => "root",
+    group  => "root",
+    source => "puppet:///modules/profile/postgresql_master/pam_postgresql"
+  }
+
   $pg_backup_hosts.each |$backup_host_cn, $pg_infos| {
     $host = find_host($facts["ldapvar"]["other"], $backup_host_cn)
     if empty($host) {
@@ -108,6 +126,31 @@ class role::backup::postgresql inherits role::backup {
     $pg_host = "$pg_backup_host"
     $pg_port = $pg_infos["dbport"]
 
+    unless empty($host) {
+      $host["ipHostNumber"].each |$ip| {
+        $infos = split($ip, "/")
+        $ipaddress = $infos[0]
+        if (length($infos) == 1 and $ipaddress =~ /:/) {
+          $mask = "128"
+        } elsif (length($infos) == 1) {
+          $mask = "32"
+        } else {
+          $mask = $infos[1]
+        }
+
+        postgresql::server::pg_hba_rule { "allow TCP access for initial replication from $ipaddress/$mask":
+          type        => 'hostssl',
+          database    => 'replication',
+          user        => $backup_host_cn,
+          address     => "$ipaddress/$mask",
+          auth_method => 'pam',
+          order       => "06-01",
+          target      => "$pg_path/pg_hba.conf",
+          postgresql_version => "10",
+        }
+      }
+    }
+
     if !empty($ldap_filter) and ($pg_infos["pgbouncer"]) {
       concat::fragment { "pgbouncer_$pg_backup_host":
         target  => "/etc/pgbouncer/pgbouncer.ini",
@@ -292,6 +335,11 @@ class role::backup::postgresql inherits role::backup {
         Concat["$pg_path/pg_hba.conf"],
         Concat["$pg_path/recovery.conf"],
         File["$pg_path/postgresql.conf"],
+      ],
+      subscribe => [
+        Concat["$pg_path/pg_hba.conf"],
+        Concat["$pg_path/recovery.conf"],
+        File["$pg_path/postgresql.conf"],
       ]
     }
   }