From 7485fdcabe8746f32b1971665eb208ca84169724 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Isma=C3=ABl=20Bouya?= Date: Thu, 28 Jun 2018 13:51:18 +0200 Subject: [PATCH] Try to restore postgresql backup at initialization --- .../profile/manifests/postgresql/master.pp | 49 +++++++++++++++++-- .../manifests/postgresql/replication.pp | 5 +- modules/role/manifests/etherpad.pp | 2 +- 3 files changed, 51 insertions(+), 5 deletions(-) diff --git a/modules/profile/manifests/postgresql/master.pp b/modules/profile/manifests/postgresql/master.pp index 969905f..02315a6 100644 --- a/modules/profile/manifests/postgresql/master.pp +++ b/modules/profile/manifests/postgresql/master.pp @@ -1,8 +1,51 @@ define profile::postgresql::master ( - $letsencrypt_host = undef, - $backup_hosts = [], + $letsencrypt_host = undef, + $backup_hosts = [], + Optional[String] $pg_user = "postgres", + Optional[String] $pg_group = "postgres", ) { - profile::postgresql::ssl { "/var/lib/postgres/data": + $pg_path = "/var/lib/postgres" + $pg_data_path = "$pg_path/data" + + $postgresql_backup_port = $facts.dig("ldapvar", "self", "vars", "postgresql_backup_port", 0) + if ($postgresql_backup_port and !empty($backup_hosts)) { + $password_seed = lookup("base_installation::puppet_pass_seed") + $ldap_cn = lookup("base_installation::ldap_cn") + $ldap_password = generate_password(24, $password_seed, "ldap") + + $host = find_host($facts["ldapvar"]["other"], $backup_hosts[0]) + if empty($host) { + fail("No backup host to recover from") + } elsif has_key($host["vars"], "host") { + $pg_backup_host = $host["vars"]["host"][0] + } else { + $pg_backup_host = $host["vars"]["real_hostname"][0] + } + + exec { "pg_basebackup $pg_data_path": + cwd => $pg_path, + user => $pg_user, + creates => "$pg_data_path/PG_VERSION", + environment => ["PGPASSWORD=$ldap_password"], + command => "/usr/bin/pg_basebackup -w -h $pg_backup_host -p $postgresql_backup_port -U $ldap_cn -D $pg_data_path", + before => File[$pg_data_path], + require => File[$pg_path], + notify => Exec["cleanup pg_basebackup $pg_data_path"], + } -> file { "$pg_data_path/recovery.conf": + before => Concat["$pg_data_path/pg_hba.conf"], + ensure => absent, + } + + exec { "cleanup pg_basebackup $pg_data_path": + refreshonly => true, + cwd => $pg_path, + user => $pg_user, + before => Class["postgresql::server::config"], + command => "/usr/bin/rm -f $pg_data_path/postgresql.conf && touch $pg_data_path/postgresql.conf", + } + } + + profile::postgresql::ssl { $pg_data_path: cert => "/etc/letsencrypt/live/$letsencrypt_host/cert.pem", key => "/etc/letsencrypt/live/$letsencrypt_host/privkey.pem", require => Letsencrypt::Certonly[$letsencrypt_host], diff --git a/modules/profile/manifests/postgresql/replication.pp b/modules/profile/manifests/postgresql/replication.pp index 2fcb71c..b050058 100644 --- a/modules/profile/manifests/postgresql/replication.pp +++ b/modules/profile/manifests/postgresql/replication.pp @@ -52,6 +52,7 @@ define profile::postgresql::replication ( if $handle_role { postgresql::server::role { $host_cn: replication => true, + require => Service["postgresql"], } if $add_self_role { @@ -60,13 +61,15 @@ define profile::postgresql::replication ( # Needed to be replicated to the backup and be able to recover later ensure_resource("postgresql::server::role", $ldap_cn, { replication => true, + require => Service["postgresql"], }) } } if $handle_slot { postgresql_replication_slot { regsubst($host_cn, '-', "_", "G"): - ensure => present + ensure => present, + require => Service["postgresql"], } } } diff --git a/modules/role/manifests/etherpad.pp b/modules/role/manifests/etherpad.pp index 28b9eb6..1d9a8ff 100644 --- a/modules/role/manifests/etherpad.pp +++ b/modules/role/manifests/etherpad.pp @@ -83,7 +83,7 @@ class role::etherpad ( service { "etherpad-lite": enable => true, ensure => "running", - require => Aur::Package["etherpad-lite"], + require => [Aur::Package["etherpad-lite"], Service["postgresql"]], subscribe => Aur::Package["etherpad-lite"], } -- 2.41.0