define profile::postgresql::master (
$letsencrypt_host = undef,
$backup_hosts = [],
Optional[String] $pg_user = "postgres",
Optional[String] $pg_group = "postgres",
) {
$pg_path = "/var/lib/postgres"
$pg_data_path = "$pg_path/data"
$postgresql_backup_port = $facts.dig("ldapvar", "self", "vars", "postgresql_backup_port", 0)
if ($postgresql_backup_port and !empty($backup_hosts)) {
$password_seed = lookup("base_installation::puppet_pass_seed")
$ldap_cn = lookup("base_installation::ldap_cn")
$ldap_password = generate_password(24, $password_seed, "ldap")
$host = find_host($facts["ldapvar"]["other"], $backup_hosts[0])
if empty($host) {
fail("No backup host to recover from")
} elsif has_key($host["vars"], "host") {
$pg_backup_host = $host["vars"]["host"][0]
} else {
$pg_backup_host = $host["vars"]["real_hostname"][0]
}
exec { "pg_basebackup $pg_data_path":
cwd => $pg_path,
user => $pg_user,
creates => "$pg_data_path/PG_VERSION",
environment => ["PGPASSWORD=$ldap_password"],
command => "/usr/bin/pg_basebackup -w -h $pg_backup_host -p $postgresql_backup_port -U $ldap_cn -D $pg_data_path",
before => File[$pg_data_path],
require => File[$pg_path],
notify => Exec["cleanup pg_basebackup $pg_data_path"],
} -> file { "$pg_data_path/recovery.conf":
before => Concat["$pg_data_path/pg_hba.conf"],
ensure => absent,
}
exec { "cleanup pg_basebackup $pg_data_path":
refreshonly => true,
cwd => $pg_path,
user => $pg_user,
before => Class["postgresql::server::config"],
command => "/usr/bin/rm -f $pg_data_path/postgresql.conf && touch $pg_data_path/postgresql.conf",
}
}
profile::postgresql::ssl { $pg_data_path:
cert => "/etc/letsencrypt/live/$letsencrypt_host/cert.pem",
key => "/etc/letsencrypt/live/$letsencrypt_host/privkey.pem",
require => Letsencrypt::Certonly[$letsencrypt_host],
handle_config_entry => true,
}
$backup_hosts.each |$backup_host| {
profile::postgresql::replication { $backup_host:
handle_config => true,
handle_role => true,
handle_slot => true,
add_self_role => true,
}
@profile::monitoring::local_service { "Postgresql replication for $backup_host is up to date":
sudos => {
"naemon-postgresql-replication-$backup_host" => "naemon ALL=(postgres) NOPASSWD: /etc/naemon/monitoring-plugins/check_postgres_replication $backup_host /run/postgresql 5432"
},
local => {
check_command => "check_postgresql_replication!$backup_host!/run/postgresql!5432",
}
}
}
}