define profile::postgresql::master (
- $letsencrypt_host = undef,
- $backup_hosts = [],
+ $letsencrypt_host = undef,
+ $backup_hosts = [],
+ Optional[String] $pg_user = "postgres",
+ Optional[String] $pg_group = "postgres",
) {
- profile::postgresql::ssl { "/var/lib/postgres/data":
+ $pg_path = "/var/lib/postgres"
+ $pg_data_path = "$pg_path/data"
+
+ $postgresql_backup_port = $facts.dig("ldapvar", "self", "vars", "postgresql_backup_port", 0)
+ if ($postgresql_backup_port and !empty($backup_hosts)) {
+ $password_seed = lookup("base_installation::puppet_pass_seed")
+ $ldap_cn = lookup("base_installation::ldap_cn")
+ $ldap_password = generate_password(24, $password_seed, "ldap")
+
+ $host = find_host($facts["ldapvar"]["other"], $backup_hosts[0])
+ if empty($host) {
+ fail("No backup host to recover from")
+ } elsif has_key($host["vars"], "host") {
+ $pg_backup_host = $host["vars"]["host"][0]
+ } else {
+ $pg_backup_host = $host["vars"]["real_hostname"][0]
+ }
+
+ exec { "pg_basebackup $pg_data_path":
+ cwd => $pg_path,
+ user => $pg_user,
+ creates => "$pg_data_path/PG_VERSION",
+ environment => ["PGPASSWORD=$ldap_password"],
+ command => "/usr/bin/pg_basebackup -w -h $pg_backup_host -p $postgresql_backup_port -U $ldap_cn -D $pg_data_path",
+ before => File[$pg_data_path],
+ require => File[$pg_path],
+ notify => Exec["cleanup pg_basebackup $pg_data_path"],
+ } -> file { "$pg_data_path/recovery.conf":
+ before => Concat["$pg_data_path/pg_hba.conf"],
+ ensure => absent,
+ }
+
+ exec { "cleanup pg_basebackup $pg_data_path":
+ refreshonly => true,
+ cwd => $pg_path,
+ user => $pg_user,
+ before => Class["postgresql::server::config"],
+ command => "/usr/bin/rm -f $pg_data_path/postgresql.conf && touch $pg_data_path/postgresql.conf",
+ }
+ }
+
+ profile::postgresql::ssl { $pg_data_path:
cert => "/etc/letsencrypt/live/$letsencrypt_host/cert.pem",
key => "/etc/letsencrypt/live/$letsencrypt_host/privkey.pem",
require => Letsencrypt::Certonly[$letsencrypt_host],
if $handle_role {
postgresql::server::role { $host_cn:
replication => true,
+ require => Service["postgresql"],
}
if $add_self_role {
# Needed to be replicated to the backup and be able to recover later
ensure_resource("postgresql::server::role", $ldap_cn, {
replication => true,
+ require => Service["postgresql"],
})
}
}
if $handle_slot {
postgresql_replication_slot { regsubst($host_cn, '-', "_", "G"):
- ensure => present
+ ensure => present,
+ require => Service["postgresql"],
}
}
}
projects / perso / Immae / Projets / Puppet.git / commitdiff
