Add cryptoportfolio postgresql backup

[perso/Immae/Projets/Puppet.git] / modules / role / manifests / cryptoportfolio / postgresql.pp
diff --git a/modules/role/manifests/cryptoportfolio/postgresql.pp b/modules/role/manifests/cryptoportfolio/postgresql.pp

index 5db5e25abfac988de45101c97fc97299bb3d579c..d951874241f694fa9815bc5765e7e8032749827a 100644 (file)
--- a/modules/role/manifests/cryptoportfolio/postgresql.pp
+++ b/modules/role/manifests/cryptoportfolio/postgresql.pp
@@ -126,4 +126,70 @@ class role::cryptoportfolio::postgresql inherits role::cryptoportfolio {
      order       => "05-02",
    }
  
+  $backup_host = "backup-1"
+
+  unless empty($backup_host) {
+    ensure_packages(["pam_ldap"])
+
+    $facts["ldapvar"]["other"].each |$host| {
+      if ($host["cn"][0] == $backup_host) {
+        $host["ipHostNumber"].each |$ip| {
+          $infos = split($ip, "/")
+          $ipaddress = $infos[0]
+          if (length($infos) == 1 and $ipaddress =~ /:/) {
+            $mask = "128"
+          } elsif (length($infos) == 1) {
+            $mask = "32"
+          } else {
+            $mask = $infos[1]
+          }
+
+          postgresql::server::pg_hba_rule { "allow TCP access to replication user from backup for replication from $ipaddress/$mask":
+            type        => 'hostssl',
+            database    => 'replication',
+            user        => 'all',
+            address     => "$ipaddress/$mask",
+            auth_method => 'pam',
+            order       => "06-01",
+          }
+        }
+
+        postgresql::server::role { $backup_host:
+          replication => true,
+        }
+
+        postgresql_replication_slot { regsubst($backup_host, '-', "_", "G"):
+          ensure => present
+        }
+      }
+    }
+
+    $ldap_server = lookup("base_installation::ldap_server")
+    $ldap_base   = lookup("base_installation::ldap_base")
+    $ldap_dn     = lookup("base_installation::ldap_dn")
+    $ldap_password = generate_password(24, $password_seed, "ldap")
+    $ldap_attribute = "cn"
+
+    file { "/etc/pam_ldap.d":
+      ensure => directory,
+      mode   => "0755",
+      owner  => "root",
+      group  => "root",
+    } ->
+    file { "/etc/pam_ldap.d/postgresql.conf":
+      ensure  => "present",
+      mode    => "0644",
+      owner   => "root",
+      group   => "root",
+      content => template("role/cryptoportfolio/pam_ldap_postgresql.conf.erb"),
+    } ->
+    file { "/etc/pam.d/postgresql":
+      ensure => "present",
+      mode   => "0644",
+      owner  => "root",
+      group  => "root",
+      source => "puppet:///modules/role/cryptoportfolio/pam_postgresql"
+    }
+  }
+
  }