diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-06-26 00:27:26 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-06-26 00:50:56 +0200 |
commit | 9313fa2ea3c7b796b448f6249f13a588c6618889 (patch) | |
tree | c85aa84d53c6dd66626b38a3b3092dde8c459a5f /modules/profile | |
parent | 580bd7fc5d4b078f8dec2fd440e5989b5f963f61 (diff) | |
download | Puppet-9313fa2ea3c7b796b448f6249f13a588c6618889.tar.gz Puppet-9313fa2ea3c7b796b448f6249f13a588c6618889.tar.zst Puppet-9313fa2ea3c7b796b448f6249f13a588c6618889.zip |
Add find_host function to help finding host
Diffstat (limited to 'modules/profile')
-rw-r--r-- | modules/profile/manifests/postgresql_master.pp | 51 |
1 files changed, 25 insertions, 26 deletions
diff --git a/modules/profile/manifests/postgresql_master.pp b/modules/profile/manifests/postgresql_master.pp index 3f68890..9966f0d 100644 --- a/modules/profile/manifests/postgresql_master.pp +++ b/modules/profile/manifests/postgresql_master.pp | |||
@@ -52,36 +52,35 @@ define profile::postgresql_master ( | |||
52 | $backup_hosts.each |$backup_host| { | 52 | $backup_hosts.each |$backup_host| { |
53 | ensure_packages(["pam_ldap"]) | 53 | ensure_packages(["pam_ldap"]) |
54 | 54 | ||
55 | $facts["ldapvar"]["other"].each |$host| { | 55 | $host = find_host($facts["ldapvar"]["other"], $backup_host) |
56 | if ($host["cn"][0] == $backup_host) { | 56 | unless empty($host) { |
57 | $host["ipHostNumber"].each |$ip| { | 57 | $host["ipHostNumber"].each |$ip| { |
58 | $infos = split($ip, "/") | 58 | $infos = split($ip, "/") |
59 | $ipaddress = $infos[0] | 59 | $ipaddress = $infos[0] |
60 | if (length($infos) == 1 and $ipaddress =~ /:/) { | 60 | if (length($infos) == 1 and $ipaddress =~ /:/) { |
61 | $mask = "128" | 61 | $mask = "128" |
62 | } elsif (length($infos) == 1) { | 62 | } elsif (length($infos) == 1) { |
63 | $mask = "32" | 63 | $mask = "32" |
64 | } else { | 64 | } else { |
65 | $mask = $infos[1] | 65 | $mask = $infos[1] |
66 | } | ||
67 | |||
68 | postgresql::server::pg_hba_rule { "allow TCP access to replication user from backup for replication from $ipaddress/$mask": | ||
69 | type => 'hostssl', | ||
70 | database => 'replication', | ||
71 | user => $backup_host, | ||
72 | address => "$ipaddress/$mask", | ||
73 | auth_method => 'pam', | ||
74 | order => "06-01", | ||
75 | } | ||
76 | } | 66 | } |
77 | 67 | ||
78 | postgresql::server::role { $backup_host: | 68 | postgresql::server::pg_hba_rule { "allow TCP access to replication user from backup for replication from $ipaddress/$mask": |
79 | replication => true, | 69 | type => 'hostssl', |
70 | database => 'replication', | ||
71 | user => $backup_host, | ||
72 | address => "$ipaddress/$mask", | ||
73 | auth_method => 'pam', | ||
74 | order => "06-01", | ||
80 | } | 75 | } |
76 | } | ||
81 | 77 | ||
82 | postgresql_replication_slot { regsubst($backup_host, '-', "_", "G"): | 78 | postgresql::server::role { $backup_host: |
83 | ensure => present | 79 | replication => true, |
84 | } | 80 | } |
81 | |||
82 | postgresql_replication_slot { regsubst($backup_host, '-', "_", "G"): | ||
83 | ensure => present | ||
85 | } | 84 | } |
86 | } | 85 | } |
87 | 86 | ||