diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-06-28 19:54:40 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-06-28 19:54:40 +0200 |
commit | 3c1e202cf136cb7fae2860d7608cc1d077953d0b (patch) | |
tree | 746054236b28e50787ab8516874c8b5ff5776ad5 /modules/profile/manifests/postgresql/master.pp | |
parent | 58cbf805bef1e0398a9a61249e313beec1c3b73c (diff) | |
parent | 41790868cb155d490975e8e4480ddd2c889a3e75 (diff) | |
download | Puppet-3c1e202cf136cb7fae2860d7608cc1d077953d0b.tar.gz Puppet-3c1e202cf136cb7fae2860d7608cc1d077953d0b.tar.zst Puppet-3c1e202cf136cb7fae2860d7608cc1d077953d0b.zip |
Merge branch 'dev'
Diffstat (limited to 'modules/profile/manifests/postgresql/master.pp')
-rw-r--r-- | modules/profile/manifests/postgresql/master.pp | 49 |
1 files changed, 46 insertions, 3 deletions
diff --git a/modules/profile/manifests/postgresql/master.pp b/modules/profile/manifests/postgresql/master.pp index 969905f..02315a6 100644 --- a/modules/profile/manifests/postgresql/master.pp +++ b/modules/profile/manifests/postgresql/master.pp | |||
@@ -1,8 +1,51 @@ | |||
1 | define profile::postgresql::master ( | 1 | define profile::postgresql::master ( |
2 | $letsencrypt_host = undef, | 2 | $letsencrypt_host = undef, |
3 | $backup_hosts = [], | 3 | $backup_hosts = [], |
4 | Optional[String] $pg_user = "postgres", | ||
5 | Optional[String] $pg_group = "postgres", | ||
4 | ) { | 6 | ) { |
5 | profile::postgresql::ssl { "/var/lib/postgres/data": | 7 | $pg_path = "/var/lib/postgres" |
8 | $pg_data_path = "$pg_path/data" | ||
9 | |||
10 | $postgresql_backup_port = $facts.dig("ldapvar", "self", "vars", "postgresql_backup_port", 0) | ||
11 | if ($postgresql_backup_port and !empty($backup_hosts)) { | ||
12 | $password_seed = lookup("base_installation::puppet_pass_seed") | ||
13 | $ldap_cn = lookup("base_installation::ldap_cn") | ||
14 | $ldap_password = generate_password(24, $password_seed, "ldap") | ||
15 | |||
16 | $host = find_host($facts["ldapvar"]["other"], $backup_hosts[0]) | ||
17 | if empty($host) { | ||
18 | fail("No backup host to recover from") | ||
19 | } elsif has_key($host["vars"], "host") { | ||
20 | $pg_backup_host = $host["vars"]["host"][0] | ||
21 | } else { | ||
22 | $pg_backup_host = $host["vars"]["real_hostname"][0] | ||
23 | } | ||
24 | |||
25 | exec { "pg_basebackup $pg_data_path": | ||
26 | cwd => $pg_path, | ||
27 | user => $pg_user, | ||
28 | creates => "$pg_data_path/PG_VERSION", | ||
29 | environment => ["PGPASSWORD=$ldap_password"], | ||
30 | command => "/usr/bin/pg_basebackup -w -h $pg_backup_host -p $postgresql_backup_port -U $ldap_cn -D $pg_data_path", | ||
31 | before => File[$pg_data_path], | ||
32 | require => File[$pg_path], | ||
33 | notify => Exec["cleanup pg_basebackup $pg_data_path"], | ||
34 | } -> file { "$pg_data_path/recovery.conf": | ||
35 | before => Concat["$pg_data_path/pg_hba.conf"], | ||
36 | ensure => absent, | ||
37 | } | ||
38 | |||
39 | exec { "cleanup pg_basebackup $pg_data_path": | ||
40 | refreshonly => true, | ||
41 | cwd => $pg_path, | ||
42 | user => $pg_user, | ||
43 | before => Class["postgresql::server::config"], | ||
44 | command => "/usr/bin/rm -f $pg_data_path/postgresql.conf && touch $pg_data_path/postgresql.conf", | ||
45 | } | ||
46 | } | ||
47 | |||
48 | profile::postgresql::ssl { $pg_data_path: | ||
6 | cert => "/etc/letsencrypt/live/$letsencrypt_host/cert.pem", | 49 | cert => "/etc/letsencrypt/live/$letsencrypt_host/cert.pem", |
7 | key => "/etc/letsencrypt/live/$letsencrypt_host/privkey.pem", | 50 | key => "/etc/letsencrypt/live/$letsencrypt_host/privkey.pem", |
8 | require => Letsencrypt::Certonly[$letsencrypt_host], | 51 | require => Letsencrypt::Certonly[$letsencrypt_host], |