define profile::postgresql::backup_replication (
String $base_path,
Hash $pg_infos,
String $pg_user = "postgres",
String $pg_group = "postgres",
) {
$host_cn = $title
$host = find_host($facts["ldapvar"]["other"], $host_cn)
if empty($host) {
$pg_backup_host = $host_cn
} elsif has_key($host["vars"], "host") {
$pg_backup_host = $host["vars"]["host"][0]
} else {
$pg_backup_host = $host["vars"]["real_hostname"][0]
}
$pg_path = "$base_path/$pg_backup_host/postgresql"
# Replication folder
ensure_resource("file", "$base_path/$pg_backup_host", {
ensure => directory,
})
file { $pg_path:
ensure => directory,
owner => $pg_user,
group => $pg_group,
mode => "0700",
require => File["$base_path/$pg_backup_host"],
}
# pg_hba.conf
profile::postgresql::base_pg_hba_rules { $pg_backup_host:
pg_path => $pg_path
}
# postgresql.conf file and ssl
concat { "$pg_path/postgresql.conf":
owner => $pg_user,
group => $pg_group,
mode => '0640',
warn => true,
}
if !empty($host) and has_key($host["vars"], "postgresql_backup_port") {
$pg_listen_port = $host["vars"]["postgresql_backup_port"][0]
profile::postgresql::ssl { $pg_path:
certname => $host_cn,
handle_concat_config => true,
before => Service["postgresql_backup@$pg_backup_host"]
}
concat::fragment { "$pg_path/postgresql.conf listen":
target => "$pg_path/postgresql.conf",
content => "listen_addresses = '*'\nport = $pg_listen_port\n",
}
profile::postgresql::replication { $host_cn:
target => "$pg_path/pg_hba.conf",
}
} else {
$pg_listen_port = undef
concat::fragment { "$pg_path/postgresql.conf listen":
target => "$pg_path/postgresql.conf",
content => "listen_addresses = ''\n",
}
}
concat::fragment { "$pg_path/postgresql.conf paths":
target => "$pg_path/postgresql.conf",
content => "unix_socket_directories = '$pg_path'\ndata_directory = '$pg_path'\nwal_level = logical\n",
}
$password_seed = lookup("base_installation::puppet_pass_seed")
$pg_host = $pg_backup_host
$pg_port = $pg_infos["dbport"]
$ldap_cn = lookup("base_installation::ldap_cn")
$ldap_password = generate_password(24, $password_seed, "ldap")
$pg_slot = regsubst($ldap_cn, '-', "_", "G")
# recovery.conf file
$primary_conninfo = "host=$pg_host port=$pg_port user=$ldap_cn password=$ldap_password sslmode=require"
$primary_slot_name = $pg_slot
$standby_mode = "on"
file { "$pg_path/recovery.conf":
owner => $pg_user,
group => $pg_group,
mode => '0640',
content => template('postgresql/recovery.conf.erb'),
}
# Initial replication
exec { "pg_basebackup $pg_path":
cwd => $pg_path,
user => $pg_user,
creates => "$pg_path/PG_VERSION",
environment => ["PGPASSWORD=$ldap_password"],
command => "/usr/bin/pg_basebackup -w -h $pg_host -p $pg_port -U $ldap_cn -D $pg_path -S $pg_slot",
before => [
Concat["$pg_path/pg_hba.conf"],
File["$pg_path/recovery.conf"],
Concat["$pg_path/postgresql.conf"],
]
}
# Service
ensure_resource("file", "/etc/systemd/system/postgresql_backup@.service", {
mode => "0644",
owner => "root",
group => "root",
content => template("profile/postgresql/postgresql_backup@.service.erb"),
})
service { "postgresql_backup@$pg_backup_host":
enable => true,
ensure => "running",
require => [
File["/etc/systemd/system/postgresql_backup@.service"],
Concat["$pg_path/pg_hba.conf"],
File["$pg_path/recovery.conf"],
Concat["$pg_path/postgresql.conf"],
],
subscribe => [
Concat["$pg_path/pg_hba.conf"],
File["$pg_path/recovery.conf"],
Concat["$pg_path/postgresql.conf"],
]
}
# Dumps
profile::postgresql::backup_dump { "$base_path/$pg_backup_host":
pg_port => $pg_listen_port,
}
}
