Merge branch 'dev'

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2018-06-28 12:17:57 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2018-06-28 12:17:57 +0200
commit: ea29cb9e07cf11278c97b74aab0688b04fd90f83 (patch)
tree: c6e3832098d19917b0ba0bcbe119103c632c7d29 /modules/profile/manifests/postgresql/backup_replication.pp
parent: e122c6b1ca829844247fbe43f63c74f3f589554f (diff)
parent: 0a145a25c0a8cbcd50d515d2a828bd6665836ddb (diff)
download: Puppet-ea29cb9e07cf11278c97b74aab0688b04fd90f83.tar.gz
Puppet-ea29cb9e07cf11278c97b74aab0688b04fd90f83.tar.zst
Puppet-ea29cb9e07cf11278c97b74aab0688b04fd90f83.zip
1 files changed, 135 insertions, 0 deletions
diff --git a/modules/profile/manifests/postgresql/backup_replication.pp b/modules/profile/manifests/postgresql/backup_replication.pp
new file mode 100644
index 0000000..a4edb8f
--- /dev/null
+++ b/modules/profile/manifests/postgresql/backup_replication.pp
@@ -0,0 +1,135 @@
+define profile::postgresql::backup_replication (
+  String $base_path,
+  Hash   $pg_infos,
+  String $pg_user  = "postgres",
+  String $pg_group = "postgres",
+) {
+  $host_cn = $title
+  $host = find_host($facts["ldapvar"]["other"], $host_cn)
+  if empty($host) {
+    $pg_backup_host = $host_cn
+  } elsif has_key($host["vars"], "host") {
+    $pg_backup_host = $host["vars"]["host"][0]
+  } else {
+    $pg_backup_host = $host["vars"]["real_hostname"][0]
+  }
+  $pg_path = "$base_path/$pg_backup_host/postgresql"
+  # Replication folder
+  ensure_resource("file", "$base_path/$pg_backup_host", {
+    ensure => directory,
+  })
+  file { $pg_path:
+    ensure  => directory,
+    owner   => $pg_user,
+    group   => $pg_group,
+    mode    => "0700",
+    require => File["$base_path/$pg_backup_host"],
+  }
+  # pg_hba.conf
+  profile::postgresql::base_pg_hba_rules { $pg_backup_host:
+    pg_path => $pg_path
+  }
+  # postgresql.conf file and ssl
+  concat { "$pg_path/postgresql.conf":
+    owner => $pg_user,
+    group => $pg_group,
+    mode  => '0640',
+    warn  => true,
+  }
+  if !empty($host) and has_key($host["vars"], "postgresql_backup_port") {
+    $pg_listen_port = $host["vars"]["postgresql_backup_port"][0]
+    profile::postgresql::ssl { $pg_path:
+      certname             => $host_cn,
+      handle_concat_config => true,
+      before               => Service["postgresql_backup@$pg_backup_host"]
+    }
+    concat::fragment { "$pg_path/postgresql.conf listen":
+      target  => "$pg_path/postgresql.conf",
+      content => "listen_addresses = '*'\nport = $pg_listen_port\n",
+    }
+    profile::postgresql::replication { $host_cn:
+      target => "$pg_path/pg_hba.conf",
+    }
+  } else {
+    concat::fragment { "$pg_path/postgresql.conf listen":
+      target  => "$pg_path/postgresql.conf",
+      content => "listen_addresses = ''\n",
+    }
+  }
+  concat::fragment { "$pg_path/postgresql.conf paths":
+    target  => "$pg_path/postgresql.conf",
+    content => "unix_socket_directories = '$pg_path'\ndata_directory = '$pg_path'\nwal_level = logical\n",
+  }
+  $password_seed = lookup("base_installation::puppet_pass_seed")
+  $pg_host = $pg_backup_host
+  $pg_port = $pg_infos["dbport"]
+  $ldap_cn = lookup("base_installation::ldap_cn")
+  $ldap_password = generate_password(24, $password_seed, "ldap")
+  $pg_slot = regsubst($ldap_cn, '-', "_", "G")
+  # recovery.conf file
+  $primary_conninfo  = "host=$pg_host port=$pg_port user=$ldap_cn password=$ldap_password sslmode=require"
+  $primary_slot_name = $pg_slot
+  $standby_mode      = "on"
+  file { "$pg_path/recovery.conf":
+    owner   => $pg_user,
+    group   => $pg_group,
+    mode    => '0640',
+    content => template('postgresql/recovery.conf.erb'),
+  }
+  # Initial replication
+  exec { "pg_basebackup $pg_path":
+    cwd         => $pg_path,
+    user        => $pg_user,
+    creates     => "$pg_path/PG_VERSION",
+    environment => ["PGPASSWORD=$ldap_password"],
+    command     => "/usr/bin/pg_basebackup -w -h $pg_host -p $pg_port -U $ldap_cn -D $pg_path -S $pg_slot",
+    before      => [
+      Concat["$pg_path/pg_hba.conf"],
+      File["$pg_path/recovery.conf"],
+      Concat["$pg_path/postgresql.conf"],
+    ]
+  }
+  # Service
+  ensure_resource("file", "/etc/systemd/system/postgresql_backup@.service", {
+    mode    => "0644",
+    owner   => "root",
+    group   => "root",
+    content => template("profile/postgresql/postgresql_backup@.service.erb"),
+  })
+  service { "postgresql_backup@$pg_backup_host":
+    enable  => true,
+    ensure  => "running",
+    require => [
+      File["/etc/systemd/system/postgresql_backup@.service"],
+      Concat["$pg_path/pg_hba.conf"],
+      File["$pg_path/recovery.conf"],
+      Concat["$pg_path/postgresql.conf"],
+    ],
+    subscribe => [
+      Concat["$pg_path/pg_hba.conf"],
+      File["$pg_path/recovery.conf"],
+      Concat["$pg_path/postgresql.conf"],
+    ]
+  }
+  # Dumps
+  profile::postgresql::backup_dump { "$base_path/$pg_backup_host": }
+}
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2018-06-28 12:17:57 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2018-06-28 12:17:57 +0200
commit	ea29cb9e07cf11278c97b74aab0688b04fd90f83 (patch)
tree	c6e3832098d19917b0ba0bcbe119103c632c7d29 /modules/profile/manifests/postgresql/backup_replication.pp
parent	e122c6b1ca829844247fbe43f63c74f3f589554f (diff)
parent	0a145a25c0a8cbcd50d515d2a828bd6665836ddb (diff)
download	Puppet-ea29cb9e07cf11278c97b74aab0688b04fd90f83.tar.gz Puppet-ea29cb9e07cf11278c97b74aab0688b04fd90f83.tar.zst Puppet-ea29cb9e07cf11278c97b74aab0688b04fd90f83.zip

diff --git a/modules/profile/manifests/postgresql/backup_replication.pp b/modules/profile/manifests/postgresql/backup_replication.pp new file mode 100644 index 0000000..a4edb8f --- /dev/null +++ b/modules/profile/manifests/postgresql/backup_replication.pp
@@ -0,0 +1,135 @@
	1	define profile::postgresql::backup_replication (
	2	String $base_path,
	3	Hash $pg_infos,
	4	String $pg_user = "postgres",
	5	String $pg_group = "postgres",
	6	) {
	7	$host_cn = $title
	8
	9	$host = find_host($facts["ldapvar"]["other"], $host_cn)
	10	if empty($host) {
	11	$pg_backup_host = $host_cn
	12	} elsif has_key($host["vars"], "host") {
	13	$pg_backup_host = $host["vars"]["host"][0]
	14	} else {
	15	$pg_backup_host = $host["vars"]["real_hostname"][0]
	16	}
	17
	18	$pg_path = "$base_path/$pg_backup_host/postgresql"
	19
	20	# Replication folder
	21	ensure_resource("file", "$base_path/$pg_backup_host", {
	22	ensure => directory,
	23	})
	24
	25	file { $pg_path:
	26	ensure => directory,
	27	owner => $pg_user,
	28	group => $pg_group,
	29	mode => "0700",
	30	require => File["$base_path/$pg_backup_host"],
	31	}
	32
	33	# pg_hba.conf
	34	profile::postgresql::base_pg_hba_rules { $pg_backup_host:
	35	pg_path => $pg_path
	36	}
	37
	38	# postgresql.conf file and ssl
	39	concat { "$pg_path/postgresql.conf":
	40	owner => $pg_user,
	41	group => $pg_group,
	42	mode => '0640',
	43	warn => true,
	44	}
	45
	46	if !empty($host) and has_key($host["vars"], "postgresql_backup_port") {
	47	$pg_listen_port = $host["vars"]["postgresql_backup_port"][0]
	48
	49	profile::postgresql::ssl { $pg_path:
	50	certname => $host_cn,
	51	handle_concat_config => true,
	52	before => Service["postgresql_backup@$pg_backup_host"]
	53	}
	54
	55	concat::fragment { "$pg_path/postgresql.conf listen":
	56	target => "$pg_path/postgresql.conf",
	57	content => "listen_addresses = '*'\nport = $pg_listen_port\n",
	58	}
	59
	60	profile::postgresql::replication { $host_cn:
	61	target => "$pg_path/pg_hba.conf",
	62	}
	63	} else {
	64	concat::fragment { "$pg_path/postgresql.conf listen":
	65	target => "$pg_path/postgresql.conf",
	66	content => "listen_addresses = ''\n",
	67	}
	68	}
	69
	70	concat::fragment { "$pg_path/postgresql.conf paths":
	71	target => "$pg_path/postgresql.conf",
	72	content => "unix_socket_directories = '$pg_path'\ndata_directory = '$pg_path'\nwal_level = logical\n",
	73	}
	74
	75	$password_seed = lookup("base_installation::puppet_pass_seed")
	76	$pg_host = $pg_backup_host
	77	$pg_port = $pg_infos["dbport"]
	78	$ldap_cn = lookup("base_installation::ldap_cn")
	79	$ldap_password = generate_password(24, $password_seed, "ldap")
	80	$pg_slot = regsubst($ldap_cn, '-', "_", "G")
	81
	82	# recovery.conf file
	83	$primary_conninfo = "host=$pg_host port=$pg_port user=$ldap_cn password=$ldap_password sslmode=require"
	84	$primary_slot_name = $pg_slot
	85	$standby_mode = "on"
	86
	87	file { "$pg_path/recovery.conf":
	88	owner => $pg_user,
	89	group => $pg_group,
	90	mode => '0640',
	91	content => template('postgresql/recovery.conf.erb'),
	92	}
	93
	94	# Initial replication
	95	exec { "pg_basebackup $pg_path":
	96	cwd => $pg_path,
	97	user => $pg_user,
	98	creates => "$pg_path/PG_VERSION",
	99	environment => ["PGPASSWORD=$ldap_password"],
	100	command => "/usr/bin/pg_basebackup -w -h $pg_host -p $pg_port -U $ldap_cn -D $pg_path -S $pg_slot",
	101	before => [
	102	Concat["$pg_path/pg_hba.conf"],
	103	File["$pg_path/recovery.conf"],
	104	Concat["$pg_path/postgresql.conf"],
	105	]
	106	}
	107
	108	# Service
	109	ensure_resource("file", "/etc/systemd/system/postgresql_backup@.service", {
	110	mode => "0644",
	111	owner => "root",
	112	group => "root",
	113	content => template("profile/postgresql/postgresql_backup@.service.erb"),
	114	})
	115
	116	service { "postgresql_backup@$pg_backup_host":
	117	enable => true,
	118	ensure => "running",
	119	require => [
	120	File["/etc/systemd/system/postgresql_backup@.service"],
	121	Concat["$pg_path/pg_hba.conf"],
	122	File["$pg_path/recovery.conf"],
	123	Concat["$pg_path/postgresql.conf"],
	124	],
	125	subscribe => [
	126	Concat["$pg_path/pg_hba.conf"],
	127	File["$pg_path/recovery.conf"],
	128	Concat["$pg_path/postgresql.conf"],
	129	]
	130	}
	131
	132	# Dumps
	133	profile::postgresql::backup_dump { "$base_path/$pg_backup_host": }
	134
	135	}