From: Ismaël Bouya <ismael.bouya@normalesup.org>
Date: Mon, 25 Jun 2018 23:04:09 +0000 (+0200)
Subject: Allow host to replicate the cluster from backup
X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FProjets%2FPuppet.git;a=commitdiff_plain;h=5feedbb4f3e35cfb63201a360a685127b2608345

Allow host to replicate the cluster from backup
---

diff --git a/modules/profile/manifests/postgresql_master.pp b/modules/profile/manifests/postgresql_master.pp
index 9966f0d..6f8854d 100644
--- a/modules/profile/manifests/postgresql_master.pp
+++ b/modules/profile/manifests/postgresql_master.pp
@@ -83,33 +83,33 @@ define profile::postgresql_master (
         ensure => present
       }
     }
+  }
 
-    $ldap_server = lookup("base_installation::ldap_server")
-    $ldap_base   = lookup("base_installation::ldap_base")
-    $ldap_dn     = lookup("base_installation::ldap_dn")
-    $ldap_password = generate_password(24, $password_seed, "ldap")
-    $ldap_attribute = "cn"
+  $ldap_server = lookup("base_installation::ldap_server")
+  $ldap_base   = lookup("base_installation::ldap_base")
+  $ldap_dn     = lookup("base_installation::ldap_dn")
+  $ldap_password = generate_password(24, $password_seed, "ldap")
+  $ldap_attribute = "cn"
 
-    file { "/etc/pam_ldap.d":
-      ensure => directory,
-      mode   => "0755",
-      owner  => "root",
-      group  => "root",
-    } ->
-    file { "/etc/pam_ldap.d/postgresql.conf":
-      ensure  => "present",
-      mode    => "0600",
-      owner   => $::profile::postgresql::pg_user,
-      group   => "root",
-      content => template("profile/postgresql_master/pam_ldap_postgresql.conf.erb"),
-    } ->
-    file { "/etc/pam.d/postgresql":
-      ensure => "present",
-      mode   => "0644",
-      owner  => "root",
-      group  => "root",
-      source => "puppet:///modules/profile/postgresql_master/pam_postgresql"
-    }
+  file { "/etc/pam_ldap.d":
+    ensure => directory,
+    mode   => "0755",
+    owner  => "root",
+    group  => "root",
+  } ->
+  file { "/etc/pam_ldap.d/postgresql.conf":
+    ensure  => "present",
+    mode    => "0600",
+    owner   => $::profile::postgresql::pg_user,
+    group   => "root",
+    content => template("profile/postgresql_master/pam_ldap_postgresql.conf.erb"),
+  } ->
+  file { "/etc/pam.d/postgresql":
+    ensure => "present",
+    mode   => "0644",
+    owner  => "root",
+    group  => "root",
+    source => "puppet:///modules/profile/postgresql_master/pam_postgresql"
   }
 
 }
diff --git a/modules/role/manifests/backup/postgresql.pp b/modules/role/manifests/backup/postgresql.pp
index b26773c..9e1c9f7 100644
--- a/modules/role/manifests/backup/postgresql.pp
+++ b/modules/role/manifests/backup/postgresql.pp
@@ -13,7 +13,7 @@ class role::backup::postgresql inherits role::backup {
   $ldap_server = lookup("base_installation::ldap_server")
   $ldap_base   = lookup("base_installation::ldap_base")
   $ldap_dn     = lookup("base_installation::ldap_dn")
-  $ldap_attribute = "uid"
+  $pgbouncer_ldap_attribute = "uid"
 
   $pg_slot = regsubst($ldap_cn, '-', "_", "G")
 
@@ -71,18 +71,13 @@ class role::backup::postgresql inherits role::backup {
         ],
       }
 
-      file { "/etc/pam_ldap.d":
-        ensure => directory,
-        mode   => "0755",
-        owner  => "root",
-        group  => "root",
-      } ->
       file { "/etc/pam_ldap.d/pgbouncer.conf":
         ensure  => "present",
         mode    => "0600",
         owner   => $pg_user,
         group   => "root",
         content => template("role/backup/pam_ldap_pgbouncer.conf.erb"),
+        require => File["/etc/pam_ldap.d"],
       } ->
       file { "/etc/pam.d/pgbouncer":
         ensure => "present",
@@ -94,6 +89,29 @@ class role::backup::postgresql inherits role::backup {
     }
   }
 
+  $ldap_attribute = "cn"
+
+  file { "/etc/pam_ldap.d":
+    ensure => directory,
+    mode   => "0755",
+    owner  => "root",
+    group  => "root",
+  } ->
+  file { "/etc/pam_ldap.d/postgresql.conf":
+    ensure  => "present",
+    mode    => "0600",
+    owner   => $pg_user,
+    group   => "root",
+    content => template("profile/postgresql_master/pam_ldap_postgresql.conf.erb"),
+  } ->
+  file { "/etc/pam.d/postgresql":
+    ensure => "present",
+    mode   => "0644",
+    owner  => "root",
+    group  => "root",
+    source => "puppet:///modules/profile/postgresql_master/pam_postgresql"
+  }
+
   $pg_backup_hosts.each |$backup_host_cn, $pg_infos| {
     $host = find_host($facts["ldapvar"]["other"], $backup_host_cn)
     if empty($host) {
@@ -108,6 +126,31 @@ class role::backup::postgresql inherits role::backup {
     $pg_host = "$pg_backup_host"
     $pg_port = $pg_infos["dbport"]
 
+    unless empty($host) {
+      $host["ipHostNumber"].each |$ip| {
+        $infos = split($ip, "/")
+        $ipaddress = $infos[0]
+        if (length($infos) == 1 and $ipaddress =~ /:/) {
+          $mask = "128"
+        } elsif (length($infos) == 1) {
+          $mask = "32"
+        } else {
+          $mask = $infos[1]
+        }
+
+        postgresql::server::pg_hba_rule { "allow TCP access for initial replication from $ipaddress/$mask":
+          type        => 'hostssl',
+          database    => 'replication',
+          user        => $backup_host_cn,
+          address     => "$ipaddress/$mask",
+          auth_method => 'pam',
+          order       => "06-01",
+          target      => "$pg_path/pg_hba.conf",
+          postgresql_version => "10",
+        }
+      }
+    }
+
     if !empty($ldap_filter) and ($pg_infos["pgbouncer"]) {
       concat::fragment { "pgbouncer_$pg_backup_host":
         target  => "/etc/pgbouncer/pgbouncer.ini",
@@ -292,6 +335,11 @@ class role::backup::postgresql inherits role::backup {
         Concat["$pg_path/pg_hba.conf"],
         Concat["$pg_path/recovery.conf"],
         File["$pg_path/postgresql.conf"],
+      ],
+      subscribe => [
+        Concat["$pg_path/pg_hba.conf"],
+        Concat["$pg_path/recovery.conf"],
+        File["$pg_path/postgresql.conf"],
       ]
     }
   }
diff --git a/modules/role/templates/backup/pam_ldap_pgbouncer.conf.erb b/modules/role/templates/backup/pam_ldap_pgbouncer.conf.erb
index 12fa9bb..384a418 100644
--- a/modules/role/templates/backup/pam_ldap_pgbouncer.conf.erb
+++ b/modules/role/templates/backup/pam_ldap_pgbouncer.conf.erb
@@ -3,5 +3,5 @@ host <%= @ldap_server %>
 base <%= @ldap_base %>
 binddn <%= @ldap_dn %>
 bindpw <%= @ldap_password %>
-pam_login_attribute <%= @ldap_attribute %>
+pam_login_attribute <%= @pgbouncer_ldap_attribute %>
 pam_filter <%= @ldap_filter %>
diff --git a/python/reboot_ovh_cloud_instance.py b/python/reboot_ovh_cloud_instance.py
index bd70e0b..1e88c89 100644
--- a/python/reboot_ovh_cloud_instance.py
+++ b/python/reboot_ovh_cloud_instance.py
@@ -25,6 +25,9 @@ if netboot_mode is not None:
     result = client.post("/cloud/project/{}/instance/{}/rescueMode".format(project,
         instance["id"]), imageId=instance["imageId"], rescue=(netboot_mode == "rescue"))
     print(result)
+else:
+    result = client.post("/cloud/project/{}/instance/{}/reboot".format(project, instance["id"]), type="soft")
+    print(result)
 
 # reboot normal:
 #result = client.post("/cloud/project/{}/instance/{}/reboot".format(project, instance["id"]), type="soft")