$ldap_cn = lookup("base_installation::ldap_cn")
$ldap_password = generate_password(24, $password_seed, "ldap")
+ $ldap_server = lookup("base_installation::ldap_server")
+ $ldap_base = lookup("base_installation::ldap_base")
+ $ldap_dn = lookup("base_installation::ldap_dn")
+ $ldap_attribute = "uid"
+
$pg_slot = regsubst($ldap_cn, '-', "_", "G")
- ensure_packages(["postgresql"])
+ ensure_packages(["postgresql", "pgbouncer", "pam_ldap"])
+
+ $pg_backup_hosts = lookup("role::backup::postgresql::backup_hosts", { "default_value" => {} })
+ $ldap_filter = lookup("role::backup::postgresql::pgbouncer_access_filter", { "default_value" => undef })
+
+ unless empty($pg_backup_hosts) {
+ file { "/etc/systemd/system/postgresql_backup@.service":
+ mode => "0644",
+ owner => "root",
+ group => "root",
+ content => template("role/backup/postgresql_backup@.service.erb"),
+ }
- $pg_backup_hosts = lookup("role::backup::postgresql::backup_hosts", { "default_value" => [] })
+ unless empty($ldap_filter) {
+ concat { "/etc/pgbouncer/pgbouncer.ini":
+ mode => "0644",
+ owner => "root",
+ group => "root",
+ ensure_newline => true,
+ notify => Service["pgbouncer"],
+ }
+
+ concat::fragment { "pgbouncer_head":
+ target => "/etc/pgbouncer/pgbouncer.ini",
+ order => "01",
+ content => template("role/backup/pgbouncer.ini.erb"),
+ }
+
+ file { "/etc/systemd/system/pgbouncer.service.d":
+ ensure => "directory",
+ mode => "0644",
+ owner => "root",
+ group => "root",
+ }
+
+ file { "/etc/systemd/system/pgbouncer.service.d/override.conf":
+ ensure => "present",
+ mode => "0644",
+ owner => "root",
+ group => "root",
+ content => "[Service]\nUser=\nUser=$pg_user\n",
+ notify => Service["pgbouncer"],
+ }
+
+ service { "pgbouncer":
+ ensure => "running",
+ enable => true,
+ require => [
+ Package["pgbouncer"],
+ File["/etc/systemd/system/pgbouncer.service.d/override.conf"],
+ Concat["/etc/pgbouncer/pgbouncer.ini"]
+ ],
+ }
+
+ file { "/etc/pam_ldap.d":
+ ensure => directory,
+ mode => "0755",
+ owner => "root",
+ group => "root",
+ } ->
+ file { "/etc/pam_ldap.d/pgbouncer.conf":
+ ensure => "present",
+ mode => "0600",
+ owner => $pg_user,
+ group => "root",
+ content => template("role/backup/pam_ldap_pgbouncer.conf.erb"),
+ } ->
+ file { "/etc/pam.d/pgbouncer":
+ ensure => "present",
+ mode => "0644",
+ owner => "root",
+ group => "root",
+ source => "puppet:///modules/role/backup/pam_pgbouncer"
+ }
+ }
+ }
- $pg_backup_hosts.each |$pg_backup_host| {
+ $pg_backup_hosts.each |$pg_backup_host, $pg_infos| {
$pg_path = "$mountpoint/$pg_backup_host/postgresql"
$pg_host = "$pg_backup_host"
- $pg_port = "5432"
+ $pg_port = $pg_infos["dbport"]
+
+ if !empty($ldap_filter) and ($pg_infos["pgbouncer"]) {
+ concat::fragment { "pgbouncer_$pg_backup_host":
+ target => "/etc/pgbouncer/pgbouncer.ini",
+ order => 02,
+ content => "${pg_infos[pgbouncer_dbname]} = host=$mountpoint/$pg_backup_host/postgresql user=${pg_infos[dbuser]} dbname=${pg_infos[dbname]}",
+ }
+
+ postgresql::server::pg_hba_rule { "$pg_backup_host - local access as ${pg_infos[dbuser]} user":
+ description => "Allow local access to ${pg_infos[dbuser]} user",
+ type => 'local',
+ database => $pg_infos["dbname"],
+ user => $pg_infos["dbuser"],
+ auth_method => 'trust',
+ order => "01-00",
+ target => "$pg_path/pg_hba.conf",
+ postgresql_version => "10",
+ }
+ }
file { "$mountpoint/$pg_backup_host":
ensure => directory,
}
}
- file { "/etc/systemd/system/postgresql_backup@.service":
- mode => "0644",
- owner => "root",
- group => "root",
- content => template("role/backup/postgresql_backup@.service.erb"),
- }
}
projects / perso / Immae / Projets / Puppet.git / commitdiff
