aboutsummaryrefslogtreecommitdiff
path: root/modules/profile
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2018-06-26 00:27:26 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2018-06-26 00:50:56 +0200
commit9313fa2ea3c7b796b448f6249f13a588c6618889 (patch)
treec85aa84d53c6dd66626b38a3b3092dde8c459a5f /modules/profile
parent580bd7fc5d4b078f8dec2fd440e5989b5f963f61 (diff)
downloadPuppet-9313fa2ea3c7b796b448f6249f13a588c6618889.tar.gz
Puppet-9313fa2ea3c7b796b448f6249f13a588c6618889.tar.zst
Puppet-9313fa2ea3c7b796b448f6249f13a588c6618889.zip
Add find_host function to help finding host
Diffstat (limited to 'modules/profile')
-rw-r--r--modules/profile/manifests/postgresql_master.pp51
1 files changed, 25 insertions, 26 deletions
diff --git a/modules/profile/manifests/postgresql_master.pp b/modules/profile/manifests/postgresql_master.pp
index 3f68890..9966f0d 100644
--- a/modules/profile/manifests/postgresql_master.pp
+++ b/modules/profile/manifests/postgresql_master.pp
@@ -52,36 +52,35 @@ define profile::postgresql_master (
52 $backup_hosts.each |$backup_host| { 52 $backup_hosts.each |$backup_host| {
53 ensure_packages(["pam_ldap"]) 53 ensure_packages(["pam_ldap"])
54 54
55 $facts["ldapvar"]["other"].each |$host| { 55 $host = find_host($facts["ldapvar"]["other"], $backup_host)
56 if ($host["cn"][0] == $backup_host) { 56 unless empty($host) {
57 $host["ipHostNumber"].each |$ip| { 57 $host["ipHostNumber"].each |$ip| {
58 $infos = split($ip, "/") 58 $infos = split($ip, "/")
59 $ipaddress = $infos[0] 59 $ipaddress = $infos[0]
60 if (length($infos) == 1 and $ipaddress =~ /:/) { 60 if (length($infos) == 1 and $ipaddress =~ /:/) {
61 $mask = "128" 61 $mask = "128"
62 } elsif (length($infos) == 1) { 62 } elsif (length($infos) == 1) {
63 $mask = "32" 63 $mask = "32"
64 } else { 64 } else {
65 $mask = $infos[1] 65 $mask = $infos[1]
66 }
67
68 postgresql::server::pg_hba_rule { "allow TCP access to replication user from backup for replication from $ipaddress/$mask":
69 type => 'hostssl',
70 database => 'replication',
71 user => $backup_host,
72 address => "$ipaddress/$mask",
73 auth_method => 'pam',
74 order => "06-01",
75 }
76 } 66 }
77 67
78 postgresql::server::role { $backup_host: 68 postgresql::server::pg_hba_rule { "allow TCP access to replication user from backup for replication from $ipaddress/$mask":
79 replication => true, 69 type => 'hostssl',
70 database => 'replication',
71 user => $backup_host,
72 address => "$ipaddress/$mask",
73 auth_method => 'pam',
74 order => "06-01",
80 } 75 }
76 }
81 77
82 postgresql_replication_slot { regsubst($backup_host, '-', "_", "G"): 78 postgresql::server::role { $backup_host:
83 ensure => present 79 replication => true,
84 } 80 }
81
82 postgresql_replication_slot { regsubst($backup_host, '-', "_", "G"):
83 ensure => present
85 } 84 }
86 } 85 }
87 86