define profile::postgresql::replication (
Boolean $handle_role = false,
Boolean $handle_config = false,
Boolean $add_self_role = false,
Boolean $handle_slot = false,
Optional[String] $target = undef,
) {
include "profile::postgresql::pam_ldap"
$host_cn = $title
$host_infos = find_host($facts["ldapvar"]["other"], $host_cn)
if empty($host_infos) {
fail("Unable to find host for replication")
}
if empty($target) {
$pg_version = undef
} else {
$pg_version = "10"
}
$host_infos["ipHostNumber"].each |$ip| {
$infos = split($ip, "/")
$ipaddress = $infos[0]
if (length($infos) == 1 and $ipaddress =~ /:/) {
$mask = "128"
} elsif (length($infos) == 1) {
$mask = "32"
} else {
$mask = $infos[1]
}
postgresql::server::pg_hba_rule { "allow TCP access for replication to user $host_cn from $ipaddress/$mask":
type => 'hostssl',
database => 'replication',
user => $host_cn,
address => "$ipaddress/$mask",
auth_method => 'pam',
order => "06-01",
target => $target,
postgresql_version => $pg_version,
}
}
if $handle_config {
ensure_resource("postgresql::server::config_entry", "wal_level", {
value => "logical",
})
}
if $handle_role {
postgresql::server::role { $host_cn:
replication => true,
}
if $add_self_role {
$ldap_cn = lookup("base_installation::ldap_cn")
# Needed to be replicated to the backup and be able to recover later
ensure_resource("postgresql::server::role", $ldap_cn, {
replication => true,
})
}
}
if $handle_slot {
postgresql_replication_slot { regsubst($host_cn, '-', "_", "G"):
ensure => present
}
}
}