Add find_host function to help finding host

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2018-06-26 00:27:26 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2018-06-26 00:50:56 +0200
commit: 9313fa2ea3c7b796b448f6249f13a588c6618889 (patch)
tree: c85aa84d53c6dd66626b38a3b3092dde8c459a5f /modules
parent: 580bd7fc5d4b078f8dec2fd440e5989b5f963f61 (diff)
download: Puppet-9313fa2ea3c7b796b448f6249f13a588c6618889.tar.gz
Puppet-9313fa2ea3c7b796b448f6249f13a588c6618889.tar.zst
Puppet-9313fa2ea3c7b796b448f6249f13a588c6618889.zip
1 files changed, 25 insertions, 26 deletions
diff --git a/modules/profile/manifests/postgresql_master.pp b/modules/profile/manifests/postgresql_master.pp
index 3f68890..9966f0d 100644
--- a/modules/profile/manifests/postgresql_master.pp
+++ b/modules/profile/manifests/postgresql_master.pp
@@ -52,36 +52,35 @@ define profile::postgresql_master (
  $backup_hosts.each |$backup_host| {
    ensure_packages(["pam_ldap"])
-    $facts["ldapvar"]["other"].each |$host| {
+    $host = find_host($facts["ldapvar"]["other"], $backup_host)
-      if ($host["cn"][0] == $backup_host) {
+    unless empty($host) {
-        $host["ipHostNumber"].each |$ip| {
+      $host["ipHostNumber"].each |$ip| {
-          $infos = split($ip, "/")
+        $infos = split($ip, "/")
-          $ipaddress = $infos[0]
+        $ipaddress = $infos[0]
-          if (length($infos) == 1 and $ipaddress =~ /:/) {
+        if (length($infos) == 1 and $ipaddress =~ /:/) {
-            $mask = "128"
+          $mask = "128"
-          } elsif (length($infos) == 1) {
+        } elsif (length($infos) == 1) {
-            $mask = "32"
+          $mask = "32"
-          } else {
+        } else {
-            $mask = $infos[1]
+          $mask = $infos[1]
-          }
-          postgresql::server::pg_hba_rule { "allow TCP access to replication user from backup for replication from $ipaddress/$mask":
-            type        => 'hostssl',
-            database    => 'replication',
-            user        => $backup_host,
-            address     => "$ipaddress/$mask",
-            auth_method => 'pam',
-            order       => "06-01",
-          }
        }
-        postgresql::server::role { $backup_host:
+        postgresql::server::pg_hba_rule { "allow TCP access to replication user from backup for replication from $ipaddress/$mask":
-          replication => true,
+          type        => 'hostssl',
+          database    => 'replication',
+          user        => $backup_host,
+          address     => "$ipaddress/$mask",
+          auth_method => 'pam',
+          order       => "06-01",
        }
+      }
-        postgresql_replication_slot { regsubst($backup_host, '-', "_", "G"):
+      postgresql::server::role { $backup_host:
-          ensure => present
+        replication => true,
-        }
+      }
+      postgresql_replication_slot { regsubst($backup_host, '-', "_", "G"):
+        ensure => present
      }
    }
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2018-06-26 00:27:26 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2018-06-26 00:50:56 +0200
commit	9313fa2ea3c7b796b448f6249f13a588c6618889 (patch)
tree	c85aa84d53c6dd66626b38a3b3092dde8c459a5f /modules
parent	580bd7fc5d4b078f8dec2fd440e5989b5f963f61 (diff)
download	Puppet-9313fa2ea3c7b796b448f6249f13a588c6618889.tar.gz Puppet-9313fa2ea3c7b796b448f6249f13a588c6618889.tar.zst Puppet-9313fa2ea3c7b796b448f6249f13a588c6618889.zip

diff --git a/modules/profile/manifests/postgresql_master.pp b/modules/profile/manifests/postgresql_master.pp index 3f68890..9966f0d 100644 --- a/modules/profile/manifests/postgresql_master.pp +++ b/modules/profile/manifests/postgresql_master.pp
@@ -52,36 +52,35 @@ define profile::postgresql_master (
52	$backup_hosts.each \|$backup_host\| {	52	$backup_hosts.each \|$backup_host\| {
53	ensure_packages(["pam_ldap"])	53	ensure_packages(["pam_ldap"])
54		54
55	$facts["ldapvar"]["other"].each \|$host\| {	55	$host = find_host($facts["ldapvar"]["other"], $backup_host)
56	if ($host["cn"][0] == $backup_host) {	56	unless empty($host) {
57	$host["ipHostNumber"].each \|$ip\| {	57	$host["ipHostNumber"].each \|$ip\| {
58	$infos = split($ip, "/")	58	$infos = split($ip, "/")
59	$ipaddress = $infos[0]	59	$ipaddress = $infos[0]
60	if (length($infos) == 1 and $ipaddress =~ /:/) {	60	if (length($infos) == 1 and $ipaddress =~ /:/) {
61	$mask = "128"	61	$mask = "128"
62	} elsif (length($infos) == 1) {	62	} elsif (length($infos) == 1) {
63	$mask = "32"	63	$mask = "32"
64	} else {	64	} else {
65	$mask = $infos[1]	65	$mask = $infos[1]
66	}
67
68	postgresql::server::pg_hba_rule { "allow TCP access to replication user from backup for replication from $ipaddress/$mask":
69	type => 'hostssl',
70	database => 'replication',
71	user => $backup_host,
72	address => "$ipaddress/$mask",
73	auth_method => 'pam',
74	order => "06-01",
75	}
76	}	66	}
77		67
78	postgresql::server::role { $backup_host:	68	postgresql::server::pg_hba_rule { "allow TCP access to replication user from backup for replication from $ipaddress/$mask":
79	replication => true,	69	type => 'hostssl',
		70	database => 'replication',
		71	user => $backup_host,
		72	address => "$ipaddress/$mask",
		73	auth_method => 'pam',
		74	order => "06-01",
80	}	75	}
		76	}
81		77
82	postgresql_replication_slot { regsubst($backup_host, '-', "_", "G"):	78	postgresql::server::role { $backup_host:
83	ensure => present	79	replication => true,
84	}	80	}
		81
		82	postgresql_replication_slot { regsubst($backup_host, '-', "_", "G"):
		83	ensure => present
85	}	84	}
86	}	85	}
87		86