+ unless empty($host) {
+ $host["ipHostNumber"].each |$ip| {
+ $infos = split($ip, "/")
+ $ipaddress = $infos[0]
+ if (length($infos) == 1 and $ipaddress =~ /:/) {
+ $mask = "128"
+ } elsif (length($infos) == 1) {
+ $mask = "32"
+ } else {
+ $mask = $infos[1]
+ }
+
+ postgresql::server::pg_hba_rule { "allow TCP access for initial replication from $ipaddress/$mask":
+ type => 'hostssl',
+ database => 'replication',
+ user => $backup_host_cn,
+ address => "$ipaddress/$mask",
+ auth_method => 'pam',
+ order => "06-01",
+ target => "$pg_path/pg_hba.conf",
+ postgresql_version => "10",
+ }
+ }
+ }
+